Examples with DefaultSessionIdManager org.eclipse.jetty.server.session.DefaultSessionIdManager used on opensource projects

Search in sources :

Example 1 with DefaultSessionIdManager

use of org.eclipse.jetty.server.session.DefaultSessionIdManager in project jetty.project by eclipse.

the class BalancerServletTest method createServer.

private Server createServer(ServletHolder servletHolder, String nodeName) {
    Server server = new Server();
    ServerConnector connector = new ServerConnector(server);
    server.addConnector(connector);
    ServletContextHandler context = new ServletContextHandler(server, CONTEXT_PATH, ServletContextHandler.SESSIONS);
    context.addServlet(servletHolder, SERVLET_PATH + "/*");
    if (nodeName != null) {
        DefaultSessionIdManager sessionIdManager = new DefaultSessionIdManager(server);
        sessionIdManager.setWorkerName(nodeName);
        server.setSessionIdManager(sessionIdManager);
    }
    return server;
}
Also used : ServerConnector(org.eclipse.jetty.server.ServerConnector) DefaultSessionIdManager(org.eclipse.jetty.server.session.DefaultSessionIdManager) Server(org.eclipse.jetty.server.Server) ServletContextHandler(org.eclipse.jetty.servlet.ServletContextHandler)

Example 2 with DefaultSessionIdManager

use of org.eclipse.jetty.server.session.DefaultSessionIdManager in project jetty.project by eclipse.

the class ResponseTest method testEncodeRedirect.

@Test
public void testEncodeRedirect() throws Exception {
    Response response = getResponse();
    Request request = response.getHttpChannel().getRequest();
    request.setAuthority("myhost", 8888);
    request.setContextPath("/path");
    assertEquals("http://myhost:8888/path/info;param?query=0&more=1#target", response.encodeURL("http://myhost:8888/path/info;param?query=0&more=1#target"));
    request.setRequestedSessionId("12345");
    request.setRequestedSessionIdFromCookie(false);
    SessionHandler handler = new SessionHandler();
    DefaultSessionCache ss = new DefaultSessionCache(handler);
    NullSessionDataStore ds = new NullSessionDataStore();
    ss.setSessionDataStore(ds);
    DefaultSessionIdManager idMgr = new DefaultSessionIdManager(_server);
    idMgr.setWorkerName(null);
    handler.setSessionIdManager(idMgr);
    request.setSessionHandler(handler);
    TestSession tsession = new TestSession(handler, "12345");
    tsession.setExtendedId(handler.getSessionIdManager().getExtendedId("12345", null));
    request.setSession(tsession);
    handler.setCheckingRemoteSessionIdEncoding(false);
    assertEquals("http://myhost:8888/path/info;param;jsessionid=12345?query=0&more=1#target", response.encodeURL("http://myhost:8888/path/info;param?query=0&more=1#target"));
    assertEquals("http://other:8888/path/info;param;jsessionid=12345?query=0&more=1#target", response.encodeURL("http://other:8888/path/info;param?query=0&more=1#target"));
    assertEquals("http://myhost/path/info;param;jsessionid=12345?query=0&more=1#target", response.encodeURL("http://myhost/path/info;param?query=0&more=1#target"));
    assertEquals("http://myhost:8888/other/info;param;jsessionid=12345?query=0&more=1#target", response.encodeURL("http://myhost:8888/other/info;param?query=0&more=1#target"));
    handler.setCheckingRemoteSessionIdEncoding(true);
    assertEquals("http://myhost:8888/path/info;param;jsessionid=12345?query=0&more=1#target", response.encodeURL("http://myhost:8888/path/info;param?query=0&more=1#target"));
    assertEquals("http://other:8888/path/info;param?query=0&more=1#target", response.encodeURL("http://other:8888/path/info;param?query=0&more=1#target"));
    assertEquals("http://myhost/path/info;param?query=0&more=1#target", response.encodeURL("http://myhost/path/info;param?query=0&more=1#target"));
    assertEquals("http://myhost:8888/other/info;param?query=0&more=1#target", response.encodeURL("http://myhost:8888/other/info;param?query=0&more=1#target"));
    request.setContextPath("");
    assertEquals("http://myhost:8888/;jsessionid=12345", response.encodeURL("http://myhost:8888"));
    assertEquals("https://myhost:8888/;jsessionid=12345", response.encodeURL("https://myhost:8888"));
    assertEquals("mailto:/foo", response.encodeURL("mailto:/foo"));
    assertEquals("http://myhost:8888/;jsessionid=12345", response.encodeURL("http://myhost:8888/"));
    assertEquals("http://myhost:8888/;jsessionid=12345", response.encodeURL("http://myhost:8888/;jsessionid=7777"));
    assertEquals("http://myhost:8888/;param;jsessionid=12345?query=0&more=1#target", response.encodeURL("http://myhost:8888/;param?query=0&more=1#target"));
    assertEquals("http://other:8888/path/info;param?query=0&more=1#target", response.encodeURL("http://other:8888/path/info;param?query=0&more=1#target"));
    handler.setCheckingRemoteSessionIdEncoding(false);
    assertEquals("/foo;jsessionid=12345", response.encodeURL("/foo"));
    assertEquals("/;jsessionid=12345", response.encodeURL("/"));
    assertEquals("/foo.html;jsessionid=12345#target", response.encodeURL("/foo.html#target"));
    assertEquals(";jsessionid=12345", response.encodeURL(""));
}
Also used : HttpServletResponse(javax.servlet.http.HttpServletResponse) SessionHandler(org.eclipse.jetty.server.session.SessionHandler) DefaultSessionCache(org.eclipse.jetty.server.session.DefaultSessionCache) DefaultSessionIdManager(org.eclipse.jetty.server.session.DefaultSessionIdManager) HttpServletRequest(javax.servlet.http.HttpServletRequest) NullSessionDataStore(org.eclipse.jetty.server.session.NullSessionDataStore) Test(org.junit.Test)

Example 3 with DefaultSessionIdManager

use of org.eclipse.jetty.server.session.DefaultSessionIdManager in project calcite-avatica by apache.

the class HttpServer method configureSpnego.

/**
 * Configures the <code>connector</code> given the <code>config</code> for using SPNEGO.
 *
 * @param config The configuration
 */
protected ConstraintSecurityHandler configureSpnego(Server server, AvaticaServerConfiguration config) {
    final String realm = Objects.requireNonNull(config.getKerberosRealm());
    // DefaultSessionIdManager uses SecureRandom, but we can be explicit about that.
    server.setSessionIdManager(new DefaultSessionIdManager(server, new SecureRandom()));
    // We rely on SPNEGO to authenticate the users with valid Kerberos identities. We
    // do not require a _specific_ Kerberos identity in order to authenticate with
    // Avatica. AvaticaUserStore will assign the role "avatica-user" to every SPNEGO-authenticated
    // user, and then ConfigurableSpnegoAuthenticator will check that role.
    // 
    // This setup adds nothing but complexity to Avatica, but Jetty removed the
    // functionality to not have this layer of indirection. It paves the way for
    // flexibility in having "user" centric HTTP endpoints and "admin" centric
    // HTTP endpoints which Avatica can authorize appropriately.
    final AvaticaUserStore userStore = new AvaticaUserStore();
    LOG.info("Instantiating HashLoginService with {}", realm);
    // Passing the Kerberos Realm here was previously important, but is not critical any longer.
    final HashLoginService authz = new HashLoginService(realm);
    authz.setUserStore(userStore);
    // A customization of SpnegoLoginService to explicitly set the server's principal, otherwise
    // we would have to require a custom file to set the server's principal.
    ConfigurableSpnegoLoginService spnegoLoginService = new ConfigurableSpnegoLoginService(realm, AuthorizationService.from(authz, ""));
    // Why? The Jetty unit test does it.
    spnegoLoginService.addBean(authz);
    spnegoLoginService.setServiceName(config.getKerberosServiceName());
    spnegoLoginService.setHostName(config.getKerberosHostName());
    spnegoLoginService.setKeyTabPath(config.getKerberosKeytab().toPath());
    // The Authenticator independently validates what role(s) the authenticated
    // user has and authorizes them to access the HTTP resources. We use "avatica-user"
    // as the role to check.
    final String[] allowedRealms = new String[] { AvaticaUserStore.AVATICA_USER_ROLE };
    final ConfigurableSpnegoAuthenticator spnegoAuthn = new ConfigurableSpnegoAuthenticator();
    spnegoAuthn.setAuthenticationDuration(Duration.ofMinutes(5));
    return configureCommonAuthentication(Constraint.__SPNEGO_AUTH, allowedRealms, spnegoAuthn, realm, spnegoLoginService);
}
Also used : DefaultSessionIdManager(org.eclipse.jetty.server.session.DefaultSessionIdManager) HashLoginService(org.eclipse.jetty.security.HashLoginService) ConfigurableSpnegoLoginService(org.eclipse.jetty.security.ConfigurableSpnegoLoginService) SecureRandom(java.security.SecureRandom) ConfigurableSpnegoAuthenticator(org.eclipse.jetty.security.authentication.ConfigurableSpnegoAuthenticator)

Example 4 with DefaultSessionIdManager

use of org.eclipse.jetty.server.session.DefaultSessionIdManager in project jetty.project by eclipse.

the class ResponseTest method testSendRedirect.

@Test
public void testSendRedirect() throws Exception {
    String[][] tests = { // No cookie
    { "http://myhost:8888/other/location;jsessionid=12345?name=value", "http://myhost:8888/other/location;jsessionid=12345?name=value" }, { "/other/location;jsessionid=12345?name=value", "http://@HOST@@PORT@/other/location;jsessionid=12345?name=value" }, { "./location;jsessionid=12345?name=value", "http://@HOST@@PORT@/path/location;jsessionid=12345?name=value" }, // From cookie
    { "/other/location", "http://@HOST@@PORT@/other/location" }, { "/other/l%20cation", "http://@HOST@@PORT@/other/l%20cation" }, { "location", "http://@HOST@@PORT@/path/location" }, { "./location", "http://@HOST@@PORT@/path/location" }, { "../location", "http://@HOST@@PORT@/location" }, { "/other/l%20cation", "http://@HOST@@PORT@/other/l%20cation" }, { "l%20cation", "http://@HOST@@PORT@/path/l%20cation" }, { "./l%20cation", "http://@HOST@@PORT@/path/l%20cation" }, { "../l%20cation", "http://@HOST@@PORT@/l%20cation" }, { "../locati%C3%abn", "http://@HOST@@PORT@/locati%C3%abn" }, { "../other%2fplace", "http://@HOST@@PORT@/other%2fplace" }, { "http://somehost.com/other/location", "http://somehost.com/other/location" } };
    int[] ports = new int[] { 8080, 80 };
    String[] hosts = new String[] { null, "myhost", "192.168.0.1", "0::1" };
    for (int port : ports) {
        for (String host : hosts) {
            for (int i = 0; i < tests.length; i++) {
                // System.err.printf("%s %d %s%n",host,port,tests[i][0]);
                Response response = getResponse();
                Request request = response.getHttpChannel().getRequest();
                request.setScheme("http");
                if (host != null)
                    request.setAuthority(host, port);
                request.setURIPathQuery("/path/info;param;jsessionid=12345?query=0&more=1#target");
                request.setContextPath("/path");
                request.setRequestedSessionId("12345");
                request.setRequestedSessionIdFromCookie(i > 2);
                SessionHandler handler = new SessionHandler();
                NullSessionDataStore ds = new NullSessionDataStore();
                DefaultSessionCache ss = new DefaultSessionCache(handler);
                handler.setSessionCache(ss);
                ss.setSessionDataStore(ds);
                DefaultSessionIdManager idMgr = new DefaultSessionIdManager(_server);
                idMgr.setWorkerName(null);
                handler.setSessionIdManager(idMgr);
                request.setSessionHandler(handler);
                request.setSession(new TestSession(handler, "12345"));
                handler.setCheckingRemoteSessionIdEncoding(false);
                response.sendRedirect(tests[i][0]);
                String location = response.getHeader("Location");
                String expected = tests[i][1].replace("@HOST@", host == null ? request.getLocalAddr() : (host.contains(":") ? ("[" + host + "]") : host)).replace("@PORT@", host == null ? ":8888" : (port == 80 ? "" : (":" + port)));
                assertEquals("test-" + i + " " + host + ":" + port, expected, location);
            }
        }
    }
}
Also used : HttpServletResponse(javax.servlet.http.HttpServletResponse) SessionHandler(org.eclipse.jetty.server.session.SessionHandler) DefaultSessionCache(org.eclipse.jetty.server.session.DefaultSessionCache) DefaultSessionIdManager(org.eclipse.jetty.server.session.DefaultSessionIdManager) HttpServletRequest(javax.servlet.http.HttpServletRequest) NullSessionDataStore(org.eclipse.jetty.server.session.NullSessionDataStore) Matchers.containsString(org.hamcrest.Matchers.containsString) ByteArrayEndPoint(org.eclipse.jetty.io.ByteArrayEndPoint) AbstractEndPoint(org.eclipse.jetty.io.AbstractEndPoint) Test(org.junit.Test)

Example 5 with DefaultSessionIdManager

use of org.eclipse.jetty.server.session.DefaultSessionIdManager in project jetty.project by eclipse.

the class GCloudSessionTester method main.

public static void main(String[] args) throws Exception {
    if (args.length < 4)
        System.err.println("Usage: GCloudSessionTester projectid p12file password serviceaccount");
    System.setProperty("org.eclipse.jetty.server.session.LEVEL", "DEBUG");
    Server server = new Server(8080);
    HashLoginService loginService = new HashLoginService();
    loginService.setName("Test Realm");
    loginService.setConfig("../../jetty-distribution/target/distribution/demo-base/resources/realm.properties");
    server.addBean(loginService);
    DefaultSessionIdManager idmgr = new DefaultSessionIdManager(server);
    idmgr.setWorkerName("w1");
    server.setSessionIdManager(idmgr);
    WebAppContext webapp = new WebAppContext();
    webapp.setContextPath("/");
    webapp.setWar("../../jetty-distribution/target/distribution/demo-base/webapps/test.war");
    webapp.addAliasCheck(new AllowSymLinkAliasChecker());
    GCloudSessionDataStore ds = new GCloudSessionDataStore();
    DefaultSessionCache ss = new DefaultSessionCache(webapp.getSessionHandler());
    webapp.getSessionHandler().setSessionCache(ss);
    ss.setSessionDataStore(ds);
    webapp.getSessionHandler().setSessionIdManager(idmgr);
    // A WebAppContext is a ContextHandler as well so it needs to be set to
    // the server so it is aware of where to send the appropriate requests.
    server.setHandler(webapp);
    // Start things up! 
    server.start();
    server.join();
}
Also used : WebAppContext(org.eclipse.jetty.webapp.WebAppContext) DefaultSessionCache(org.eclipse.jetty.server.session.DefaultSessionCache) HashLoginService(org.eclipse.jetty.security.HashLoginService) DefaultSessionIdManager(org.eclipse.jetty.server.session.DefaultSessionIdManager) AllowSymLinkAliasChecker(org.eclipse.jetty.server.handler.AllowSymLinkAliasChecker) Server(org.eclipse.jetty.server.Server)

Aggregations

DefaultSessionIdManager (org.eclipse.jetty.server.session.DefaultSessionIdManager)9 Server (org.eclipse.jetty.server.Server)5 SessionHandler (org.eclipse.jetty.server.session.SessionHandler)5 DefaultSessionCache (org.eclipse.jetty.server.session.DefaultSessionCache)4 ServletContextHandler (org.eclipse.jetty.servlet.ServletContextHandler)4 HttpServletRequest (javax.servlet.http.HttpServletRequest)2 HttpServletResponse (javax.servlet.http.HttpServletResponse)2 HashLoginService (org.eclipse.jetty.security.HashLoginService)2 ServerConnector (org.eclipse.jetty.server.ServerConnector)2 FilterHolder (org.eclipse.jetty.servlet.FilterHolder)2 ServletHolder (org.eclipse.jetty.servlet.ServletHolder)2 RequestLogImpl (ch.qos.logback.access.jetty.RequestLogImpl)1 File (java.io.File)1 IOException (java.io.IOException)1 Path (java.nio.file.Path)1 SecureRandom (java.security.SecureRandom)1 ArrayList (java.util.ArrayList)1 LinkedHashMap (java.util.LinkedHashMap)1 LinkedList (java.util.LinkedList)1 Map (java.util.Map)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial