2 // ========================================================================
3 // Copyright (c) 1995-2014 Mort Bay Consulting Pty. Ltd.
4 // ------------------------------------------------------------------------
5 // All rights reserved. This program and the accompanying materials
6 // are made available under the terms of the Eclipse Public License v1.0
7 // and Apache License v2.0 which accompanies this distribution.
9 // The Eclipse Public License is available at
10 // http://www.eclipse.org/legal/epl-v10.html
12 // The Apache License v2.0 is available at
13 // http://www.opensource.org/licenses/apache2.0.php
15 // You may elect to redistribute this code under either of these licenses.
16 // ========================================================================
19 package org.eclipse.jetty.server.session;
21 import java.security.SecureRandom;
22 import java.util.Random;
24 import javax.servlet.http.HttpServletRequest;
26 import org.eclipse.jetty.server.SessionIdManager;
27 import org.eclipse.jetty.util.component.AbstractLifeCycle;
28 import org.eclipse.jetty.util.log.Log;
29 import org.eclipse.jetty.util.log.Logger;
31 public abstract class AbstractSessionIdManager extends AbstractLifeCycle implements SessionIdManager
33 private static final Logger LOG = Log.getLogger(AbstractSessionIdManager.class);
35 private final static String __NEW_SESSION_ID="org.eclipse.jetty.server.newSessionId";
37 protected Random _random;
38 protected boolean _weakRandom;
39 protected String _workerName;
40 protected String _workerAttr;
41 protected long _reseed=100000L;
43 /* ------------------------------------------------------------ */
44 public AbstractSessionIdManager()
48 /* ------------------------------------------------------------ */
49 public AbstractSessionIdManager(Random random)
55 /* ------------------------------------------------------------ */
57 * Get the workname. If set, the workername is dot appended to the session
58 * ID and can be used to assist session affinity in a load balancer.
60 * @return String or null
63 public String getWorkerName()
68 /* ------------------------------------------------------------ */
70 * Set the workname. If set, the workername is dot appended to the session
71 * ID and can be used to assist session affinity in a load balancer.
72 * A worker name starting with $ is used as a request attribute name to
73 * lookup the worker name that can be dynamically set by a request
78 public void setWorkerName(String workerName)
81 throw new IllegalStateException(getState());
82 if (workerName.contains("."))
83 throw new IllegalArgumentException("Name cannot contain '.'");
84 _workerName=workerName;
87 /* ------------------------------------------------------------ */
88 public Random getRandom()
93 /* ------------------------------------------------------------ */
94 public synchronized void setRandom(Random random)
100 /* ------------------------------------------------------------ */
102 * @return the reseed probability
104 public long getReseed()
109 /* ------------------------------------------------------------ */
110 /** Set the reseed probability.
111 * @param reseed If non zero then when a random long modulo the reseed value == 1, the {@link SecureRandom} will be reseeded.
113 public void setReseed(long reseed)
118 /* ------------------------------------------------------------ */
120 * Create a new session id if necessary.
122 * @see org.eclipse.jetty.server.SessionIdManager#newSessionId(javax.servlet.http.HttpServletRequest, long)
125 public String newSessionId(HttpServletRequest request, long created)
130 return newSessionId(created);
132 // A requested session ID can only be used if it is in use already.
133 String requested_id=request.getRequestedSessionId();
134 if (requested_id!=null)
136 String cluster_id=getClusterId(requested_id);
137 if (idInUse(cluster_id))
141 // Else reuse any new session ID already defined for this request.
142 String new_id=(String)request.getAttribute(__NEW_SESSION_ID);
143 if (new_id!=null&&idInUse(new_id))
146 // pick a new unique ID!
147 String id = newSessionId(request.hashCode());
149 request.setAttribute(__NEW_SESSION_ID,id);
154 /* ------------------------------------------------------------ */
155 public String newSessionId(long seedTerm)
157 // pick a new unique ID!
159 while (id==null||id.length()==0||idInUse(id))
162 ?(hashCode()^Runtime.getRuntime().freeMemory()^_random.nextInt()^((seedTerm)<<32))
167 // random chance to reseed
168 if (_reseed>0 && (r0%_reseed)== 1L)
170 LOG.debug("Reseeding {}",this);
171 if (_random instanceof SecureRandom)
173 SecureRandom secure = (SecureRandom)_random;
174 secure.setSeed(secure.generateSeed(8));
178 _random.setSeed(_random.nextLong()^System.currentTimeMillis()^seedTerm^Runtime.getRuntime().freeMemory());
183 ?(hashCode()^Runtime.getRuntime().freeMemory()^_random.nextInt()^((seedTerm)<<32))
188 id=Long.toString(r0,36)+Long.toString(r1,36);
190 //add in the id of the node to ensure unique id across cluster
191 //NOTE this is different to the node suffix which denotes which node the request was received on
192 if (_workerName!=null)
200 /* ------------------------------------------------------------ */
202 public abstract void renewSessionId(String oldClusterId, String oldNodeId, HttpServletRequest request);
205 /* ------------------------------------------------------------ */
207 protected void doStart() throws Exception
210 _workerAttr=(_workerName!=null && _workerName.startsWith("$"))?_workerName.substring(1):null;
213 /* ------------------------------------------------------------ */
215 protected void doStop() throws Exception
219 /* ------------------------------------------------------------ */
221 * Set up a random number generator for the sessionids.
223 * By preference, use a SecureRandom but allow to be injected.
225 public void initRandom ()
231 _random=new SecureRandom();
235 LOG.warn("Could not generate SecureRandom for session-id randomness",e);
236 _random=new Random();
241 _random.setSeed(_random.nextLong()^System.currentTimeMillis()^hashCode()^Runtime.getRuntime().freeMemory());
244 /** Get the session ID with any worker ID.
248 * @return sessionId plus any worker ID.
251 public String getNodeId(String clusterId, HttpServletRequest request)
253 if (_workerName!=null)
255 if (_workerAttr==null)
256 return clusterId+'.'+_workerName;
258 String worker=(String)request.getAttribute(_workerAttr);
260 return clusterId+'.'+worker;
266 /** Get the session ID without any worker ID.
268 * @param nodeId the node id
269 * @return sessionId without any worker ID.
272 public String getClusterId(String nodeId)
274 int dot=nodeId.lastIndexOf('.');
275 return (dot>0)?nodeId.substring(0,dot):nodeId;