lib/jetty/org/eclipse/jetty/server/session/SessionHandler.java

   1 //
   2 //  ========================================================================
   3 //  Copyright (c) 1995-2014 Mort Bay Consulting Pty. Ltd.
   4 //  ------------------------------------------------------------------------
   5 //  All rights reserved. This program and the accompanying materials
   6 //  are made available under the terms of the Eclipse Public License v1.0
   7 //  and Apache License v2.0 which accompanies this distribution.
   8 //
   9 //      The Eclipse Public License is available at
  10 //      http://www.eclipse.org/legal/epl-v10.html
  11 //
  12 //      The Apache License v2.0 is available at
  13 //      http://www.opensource.org/licenses/apache2.0.php
  14 //
  15 //  You may elect to redistribute this code under either of these licenses.
  16 //  ========================================================================
  17 //
  18
  19 package org.eclipse.jetty.server.session;
  20
  21 import java.io.IOException;
  22 import java.util.EnumSet;
  23 import java.util.EventListener;
  24
  25 import javax.servlet.DispatcherType;
  26 import javax.servlet.ServletException;
  27 import javax.servlet.SessionTrackingMode;
  28 import javax.servlet.http.Cookie;
  29 import javax.servlet.http.HttpServletRequest;
  30 import javax.servlet.http.HttpServletResponse;
  31 import javax.servlet.http.HttpSession;
  32 import javax.servlet.http.HttpSessionAttributeListener;
  33 import javax.servlet.http.HttpSessionIdListener;
  34 import javax.servlet.http.HttpSessionListener;
  35
  36 import org.eclipse.jetty.http.HttpCookie;
  37 import org.eclipse.jetty.server.Request;
  38 import org.eclipse.jetty.server.SessionManager;
  39 import org.eclipse.jetty.server.handler.ScopedHandler;
  40 import org.eclipse.jetty.util.log.Log;
  41 import org.eclipse.jetty.util.log.Logger;
  42
  43 /* ------------------------------------------------------------ */
  44 /**
  45  * SessionHandler.
  46  */
  47 public class SessionHandler extends ScopedHandler
  48 {
  49     final static Logger LOG = Log.getLogger("org.eclipse.jetty.server.session");
  50
  51     public final static EnumSet<SessionTrackingMode> DEFAULT_TRACKING = EnumSet.of(SessionTrackingMode.COOKIE,SessionTrackingMode.URL);
  52
  53     public static final Class[] SESSION_LISTENER_TYPES = new Class[] {HttpSessionAttributeListener.class,
  54                                                                       HttpSessionIdListener.class,
  55                                                                       HttpSessionListener.class};
  56
  57
  58
  59     /* -------------------------------------------------------------- */
  60     private SessionManager _sessionManager;
  61
  62     /* ------------------------------------------------------------ */
  63     /**
  64      * Constructor. Construct a SessionHandler witha a HashSessionManager with a standard java.util.Random generator is created.
  65      */
  66     public SessionHandler()
  67     {
  68         this(new HashSessionManager());
  69     }
  70
  71     /* ------------------------------------------------------------ */
  72     /**
  73      * @param manager
  74      *            The session manager
  75      */
  76     public SessionHandler(SessionManager manager)
  77     {
  78         setSessionManager(manager);
  79     }
  80
  81     /* ------------------------------------------------------------ */
  82     /**
  83      * @return Returns the sessionManager.
  84      */
  85     public SessionManager getSessionManager()
  86     {
  87         return _sessionManager;
  88     }
  89
  90     /* ------------------------------------------------------------ */
  91     /**
  92      * @param sessionManager
  93      *            The sessionManager to set.
  94      */
  95     public void setSessionManager(SessionManager sessionManager)
  96     {
  97         if (isStarted())
  98             throw new IllegalStateException();
  99         if (sessionManager != null)
 100             sessionManager.setSessionHandler(this);
 101         updateBean(_sessionManager,sessionManager);
 102         _sessionManager=sessionManager;
 103     }
 104
 105     /* ------------------------------------------------------------ */
 106     /*
 107      * @see org.eclipse.thread.AbstractLifeCycle#doStart()
 108      */
 109     @Override
 110     protected void doStart() throws Exception
 111     {
 112         if (_sessionManager==null)
 113             setSessionManager(new HashSessionManager());
 114         super.doStart();
 115     }
 116
 117     /* ------------------------------------------------------------ */
 118     /*
 119      * @see org.eclipse.thread.AbstractLifeCycle#doStop()
 120      */
 121     @Override
 122     protected void doStop() throws Exception
 123     {
 124         // Destroy sessions before destroying servlets/filters see JETTY-1266
 125         super.doStop();
 126     }
 127
 128
 129     /* ------------------------------------------------------------ */
 130     /*
 131      * @see org.eclipse.jetty.server.Handler#handle(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, int)
 132      */
 133     @Override
 134     public void doScope(String target, Request baseRequest, HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException
 135     {
 136         SessionManager old_session_manager = null;
 137         HttpSession old_session = null;
 138         HttpSession access = null;
 139         try
 140         {
 141             old_session_manager = baseRequest.getSessionManager();
 142             old_session = baseRequest.getSession(false);
 143
 144             if (old_session_manager != _sessionManager)
 145             {
 146                 // new session context
 147                 baseRequest.setSessionManager(_sessionManager);
 148                 baseRequest.setSession(null);
 149                 checkRequestedSessionId(baseRequest,request);
 150             }
 151
 152             // access any existing session
 153             HttpSession session = null;
 154             if (_sessionManager != null)
 155             {
 156                 session = baseRequest.getSession(false);
 157                 if (session != null)
 158                 {
 159                     if (session != old_session)
 160                     {
 161                         access = session;
 162                         HttpCookie cookie = _sessionManager.access(session,request.isSecure());
 163                         if (cookie != null) // Handle changed ID or max-age refresh
 164                             baseRequest.getResponse().addCookie(cookie);
 165                     }
 166                 }
 167                 else
 168                 {
 169                     session = baseRequest.recoverNewSession(_sessionManager);
 170                     if (session != null)
 171                         baseRequest.setSession(session);
 172                 }
 173             }
 174
 175             if (LOG.isDebugEnabled())
 176             {
 177                 LOG.debug("sessionManager=" + _sessionManager);
 178                 LOG.debug("session=" + session);
 179             }
 180
 181             // start manual inline of nextScope(target,baseRequest,request,response);
 182             if (_nextScope != null)
 183                 _nextScope.doScope(target,baseRequest,request,response);
 184             else if (_outerScope != null)
 185                 _outerScope.doHandle(target,baseRequest,request,response);
 186             else
 187                 doHandle(target,baseRequest,request,response);
 188             // end manual inline (pathentic attempt to reduce stack depth)
 189
 190         }
 191         finally
 192         {
 193             if (access != null)
 194                 _sessionManager.complete(access);
 195
 196             HttpSession session = baseRequest.getSession(false);
 197             if (session != null && old_session == null && session != access)
 198                 _sessionManager.complete(session);
 199
 200             if (old_session_manager != null && old_session_manager != _sessionManager)
 201             {
 202                 baseRequest.setSessionManager(old_session_manager);
 203                 baseRequest.setSession(old_session);
 204             }
 205         }
 206     }
 207
 208     /* ------------------------------------------------------------ */
 209     /*
 210      * @see org.eclipse.jetty.server.Handler#handle(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, int)
 211      */
 212     @Override
 213     public void doHandle(String target, Request baseRequest, HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException
 214     {
 215         // start manual inline of nextHandle(target,baseRequest,request,response);
 216         if (never())
 217             nextHandle(target,baseRequest,request,response);
 218         else if (_nextScope != null && _nextScope == _handler)
 219             _nextScope.doHandle(target,baseRequest,request,response);
 220         else if (_handler != null)
 221             _handler.handle(target,baseRequest,request,response);
 222         // end manual inline
 223     }
 224
 225     /* ------------------------------------------------------------ */
 226     /**
 227      * Look for a requested session ID in cookies and URI parameters
 228      *
 229      * @param baseRequest
 230      * @param request
 231      */
 232     protected void checkRequestedSessionId(Request baseRequest, HttpServletRequest request)
 233     {
 234         String requested_session_id = request.getRequestedSessionId();
 235
 236         SessionManager sessionManager = getSessionManager();
 237
 238         if (requested_session_id != null && sessionManager != null)
 239         {
 240             HttpSession session = sessionManager.getHttpSession(requested_session_id);
 241             if (session != null && sessionManager.isValid(session))
 242                 baseRequest.setSession(session);
 243             return;
 244         }
 245         else if (!DispatcherType.REQUEST.equals(baseRequest.getDispatcherType()))
 246             return;
 247
 248         boolean requested_session_id_from_cookie = false;
 249         HttpSession session = null;
 250
 251         // Look for session id cookie
 252         if (_sessionManager.isUsingCookies())
 253         {
 254             Cookie[] cookies = request.getCookies();
 255             if (cookies != null && cookies.length > 0)
 256             {
 257                 final String sessionCookie=sessionManager.getSessionCookieConfig().getName();
 258                 for (int i = 0; i < cookies.length; i++)
 259                 {
 260                     if (sessionCookie.equalsIgnoreCase(cookies[i].getName()))
 261                     {
 262                         requested_session_id = cookies[i].getValue();
 263                         requested_session_id_from_cookie = true;
 264
 265                         LOG.debug("Got Session ID {} from cookie",requested_session_id);
 266
 267                         if (requested_session_id != null)
 268                         {
 269                             session = sessionManager.getHttpSession(requested_session_id);
 270
 271                             if (session != null && sessionManager.isValid(session))
 272                             {
 273                                 break;
 274                             }
 275                         }
 276                         else
 277                         {
 278                             LOG.warn("null session id from cookie");
 279                         }
 280                     }
 281                 }
 282             }
 283         }
 284
 285         if (requested_session_id == null || session == null)
 286         {
 287             String uri = request.getRequestURI();
 288
 289             String prefix = sessionManager.getSessionIdPathParameterNamePrefix();
 290             if (prefix != null)
 291             {
 292                 int s = uri.indexOf(prefix);
 293                 if (s >= 0)
 294                 {
 295                     s += prefix.length();
 296                     int i = s;
 297                     while (i < uri.length())
 298                     {
 299                         char c = uri.charAt(i);
 300                         if (c == ';' || c == '#' || c == '?' || c == '/')
 301                             break;
 302                         i++;
 303                     }
 304
 305                     requested_session_id = uri.substring(s,i);
 306                     requested_session_id_from_cookie = false;
 307                     session = sessionManager.getHttpSession(requested_session_id);
 308                     if (LOG.isDebugEnabled())
 309                         LOG.debug("Got Session ID {} from URL",requested_session_id);
 310                 }
 311             }
 312         }
 313
 314         baseRequest.setRequestedSessionId(requested_session_id);
 315         baseRequest.setRequestedSessionIdFromCookie(requested_session_id!=null && requested_session_id_from_cookie);
 316         if (session != null && sessionManager.isValid(session))
 317             baseRequest.setSession(session);
 318     }
 319
 320     /* ------------------------------------------------------------ */
 321     /**
 322      * @param listener
 323      */
 324     public void addEventListener(EventListener listener)
 325     {
 326         if (_sessionManager != null)
 327             _sessionManager.addEventListener(listener);
 328     }
 329
 330     /* ------------------------------------------------------------ */
 331     /**
 332      * @param listener
 333      */
 334     public void removeEventListener(EventListener listener)
 335     {
 336         if (_sessionManager != null)
 337             _sessionManager.removeEventListener(listener);
 338     }
 339
 340     /* ------------------------------------------------------------ */
 341     public void clearEventListeners()
 342     {
 343         if (_sessionManager != null)
 344             _sessionManager.clearEventListeners();
 345     }
 346 }