]> WPIA git - gigi.git/blob - lib/jetty/org/eclipse/jetty/server/session/SessionHandler.java
projects / gigi.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
updating jetty to jetty-9.2.16.v2016040
[gigi.git] / lib / jetty / org / eclipse / jetty / server / session / SessionHandler.java
1 //
2 //  ========================================================================
3 //  Copyright (c) 1995-2016 Mort Bay Consulting Pty. Ltd.
4 //  ------------------------------------------------------------------------
5 //  All rights reserved. This program and the accompanying materials
6 //  are made available under the terms of the Eclipse Public License v1.0
7 //  and Apache License v2.0 which accompanies this distribution.
8 //
9 //      The Eclipse Public License is available at
10 //      http://www.eclipse.org/legal/epl-v10.html
11 //
12 //      The Apache License v2.0 is available at
13 //      http://www.opensource.org/licenses/apache2.0.php
14 //
15 //  You may elect to redistribute this code under either of these licenses.
16 //  ========================================================================
17 //
18
19 package org.eclipse.jetty.server.session;
20
21 import java.io.IOException;
22 import java.util.EnumSet;
23 import java.util.EventListener;
24
25 import javax.servlet.DispatcherType;
26 import javax.servlet.ServletException;
27 import javax.servlet.SessionTrackingMode;
28 import javax.servlet.http.Cookie;
29 import javax.servlet.http.HttpServletRequest;
30 import javax.servlet.http.HttpServletResponse;
31 import javax.servlet.http.HttpSession;
32 import javax.servlet.http.HttpSessionAttributeListener;
33 import javax.servlet.http.HttpSessionIdListener;
34 import javax.servlet.http.HttpSessionListener;
35
36 import org.eclipse.jetty.http.HttpCookie;
37 import org.eclipse.jetty.server.Request;
38 import org.eclipse.jetty.server.SessionManager;
39 import org.eclipse.jetty.server.handler.ScopedHandler;
40 import org.eclipse.jetty.util.log.Log;
41 import org.eclipse.jetty.util.log.Logger;
42
43 /* ------------------------------------------------------------ */
44 /**
45  * SessionHandler.
46  */
47 public class SessionHandler extends ScopedHandler
48 {
49     final static Logger LOG = Log.getLogger("org.eclipse.jetty.server.session");
50
51     public final static EnumSet<SessionTrackingMode> DEFAULT_TRACKING = EnumSet.of(SessionTrackingMode.COOKIE,SessionTrackingMode.URL);
52
53     @SuppressWarnings("unchecked")
54     public static final Class<? extends EventListener>[] SESSION_LISTENER_TYPES = 
55         new Class[] {HttpSessionAttributeListener.class,
56                      HttpSessionIdListener.class,
57                      HttpSessionListener.class};
58
59
60
61     /* -------------------------------------------------------------- */
62     private SessionManager _sessionManager;
63
64     /* ------------------------------------------------------------ */
65     /**
66      * Constructor. Construct a SessionHandler witha a HashSessionManager with a standard java.util.Random generator is created.
67      */
68     public SessionHandler()
69     {
70         this(new HashSessionManager());
71     }
72
73     /* ------------------------------------------------------------ */
74     /**
75      * @param manager
76      *            The session manager
77      */
78     public SessionHandler(SessionManager manager)
79     {
80         setSessionManager(manager);
81     }
82
83     /* ------------------------------------------------------------ */
84     /**
85      * @return Returns the sessionManager.
86      */
87     public SessionManager getSessionManager()
88     {
89         return _sessionManager;
90     }
91
92     /* ------------------------------------------------------------ */
93     /**
94      * @param sessionManager
95      *            The sessionManager to set.
96      */
97     public void setSessionManager(SessionManager sessionManager)
98     {
99         if (isStarted())
100             throw new IllegalStateException();
101         if (sessionManager != null)
102             sessionManager.setSessionHandler(this);
103         updateBean(_sessionManager,sessionManager);
104         _sessionManager=sessionManager;
105     }
106
107     /* ------------------------------------------------------------ */
108     /*
109      * @see org.eclipse.thread.AbstractLifeCycle#doStart()
110      */
111     @Override
112     protected void doStart() throws Exception
113     {
114         if (_sessionManager==null)
115             setSessionManager(new HashSessionManager());
116         super.doStart();
117     }
118
119     /* ------------------------------------------------------------ */
120     /*
121      * @see org.eclipse.thread.AbstractLifeCycle#doStop()
122      */
123     @Override
124     protected void doStop() throws Exception
125     {
126         // Destroy sessions before destroying servlets/filters see JETTY-1266
127         super.doStop();
128     }
129
130
131     /* ------------------------------------------------------------ */
132     /*
133      * @see org.eclipse.jetty.server.Handler#handle(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, int)
134      */
135     @Override
136     public void doScope(String target, Request baseRequest, HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException
137     {
138         SessionManager old_session_manager = null;
139         HttpSession old_session = null;
140         HttpSession access = null;
141         try
142         {
143             old_session_manager = baseRequest.getSessionManager();
144             old_session = baseRequest.getSession(false);
145
146             if (old_session_manager != _sessionManager)
147             {
148                 // new session context
149                 baseRequest.setSessionManager(_sessionManager);
150                 baseRequest.setSession(null);
151                 checkRequestedSessionId(baseRequest,request);
152             }
153
154             // access any existing session
155             HttpSession session = null;
156             if (_sessionManager != null)
157             {
158                 session = baseRequest.getSession(false);
159                 if (session != null)
160                 {
161                     if (session != old_session)
162                     {
163                         access = session;
164                         HttpCookie cookie = _sessionManager.access(session,request.isSecure());
165                         if (cookie != null) // Handle changed ID or max-age refresh
166                             baseRequest.getResponse().addCookie(cookie);
167                     }
168                 }
169                 else
170                 {
171                     session = baseRequest.recoverNewSession(_sessionManager);
172                     if (session != null)
173                         baseRequest.setSession(session);
174                 }
175             }
176
177             if (LOG.isDebugEnabled())
178             {
179                 LOG.debug("sessionManager=" + _sessionManager);
180                 LOG.debug("session=" + session);
181             }
182
183             // start manual inline of nextScope(target,baseRequest,request,response);
184             if (_nextScope != null)
185                 _nextScope.doScope(target,baseRequest,request,response);
186             else if (_outerScope != null)
187                 _outerScope.doHandle(target,baseRequest,request,response);
188             else
189                 doHandle(target,baseRequest,request,response);
190             // end manual inline (pathentic attempt to reduce stack depth)
191
192         }
193         finally
194         {
195             if (access != null)
196                 _sessionManager.complete(access);
197
198             HttpSession session = baseRequest.getSession(false);
199             if (session != null && old_session == null && session != access)
200                 _sessionManager.complete(session);
201
202             if (old_session_manager != null && old_session_manager != _sessionManager)
203             {
204                 baseRequest.setSessionManager(old_session_manager);
205                 baseRequest.setSession(old_session);
206             }
207         }
208     }
209
210     /* ------------------------------------------------------------ */
211     /*
212      * @see org.eclipse.jetty.server.Handler#handle(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, int)
213      */
214     @Override
215     public void doHandle(String target, Request baseRequest, HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException
216     {
217         // start manual inline of nextHandle(target,baseRequest,request,response);
218         if (never())
219             nextHandle(target,baseRequest,request,response);
220         else if (_nextScope != null && _nextScope == _handler)
221             _nextScope.doHandle(target,baseRequest,request,response);
222         else if (_handler != null)
223             _handler.handle(target,baseRequest,request,response);
224         // end manual inline
225     }
226
227     /* ------------------------------------------------------------ */
228     /**
229      * Look for a requested session ID in cookies and URI parameters
230      *
231      * @param baseRequest
232      * @param request
233      */
234     protected void checkRequestedSessionId(Request baseRequest, HttpServletRequest request)
235     {
236         String requested_session_id = request.getRequestedSessionId();
237
238         SessionManager sessionManager = getSessionManager();
239
240         if (requested_session_id != null && sessionManager != null)
241         {
242             HttpSession session = sessionManager.getHttpSession(requested_session_id);
243             if (session != null && sessionManager.isValid(session))
244                 baseRequest.setSession(session);
245             return;
246         }
247         else if (!DispatcherType.REQUEST.equals(baseRequest.getDispatcherType()))
248             return;
249
250         boolean requested_session_id_from_cookie = false;
251         HttpSession session = null;
252
253         // Look for session id cookie
254         if (_sessionManager.isUsingCookies())
255         {
256             Cookie[] cookies = request.getCookies();
257             if (cookies != null && cookies.length > 0)
258             {
259                 final String sessionCookie=sessionManager.getSessionCookieConfig().getName();
260                 for (int i = 0; i < cookies.length; i++)
261                 {
262                     if (sessionCookie.equalsIgnoreCase(cookies[i].getName()))
263                     {
264                         requested_session_id = cookies[i].getValue();
265                         requested_session_id_from_cookie = true;
266
267                         if (LOG.isDebugEnabled())
268                             LOG.debug("Got Session ID {} from cookie",requested_session_id);
269
270                         if (requested_session_id != null)
271                         {
272                             session = sessionManager.getHttpSession(requested_session_id);
273
274                             if (session != null && sessionManager.isValid(session))
275                             {
276                                 break;
277                             }
278                         }
279                         else
280                         {
281                             LOG.warn("null session id from cookie");
282                         }
283                     }
284                 }
285             }
286         }
287
288         if (requested_session_id == null || session == null)
289         {
290             String uri = request.getRequestURI();
291
292             String prefix = sessionManager.getSessionIdPathParameterNamePrefix();
293             if (prefix != null)
294             {
295                 int s = uri.indexOf(prefix);
296                 if (s >= 0)
297                 {
298                     s += prefix.length();
299                     int i = s;
300                     while (i < uri.length())
301                     {
302                         char c = uri.charAt(i);
303                         if (c == ';' || c == '#' || c == '?' || c == '/')
304                             break;
305                         i++;
306                     }
307
308                     requested_session_id = uri.substring(s,i);
309                     requested_session_id_from_cookie = false;
310                     session = sessionManager.getHttpSession(requested_session_id);
311                     if (LOG.isDebugEnabled())
312                         LOG.debug("Got Session ID {} from URL",requested_session_id);
313                 }
314             }
315         }
316
317         baseRequest.setRequestedSessionId(requested_session_id);
318         baseRequest.setRequestedSessionIdFromCookie(requested_session_id!=null && requested_session_id_from_cookie);
319         if (session != null && sessionManager.isValid(session))
320             baseRequest.setSession(session);
321     }
322
323     /* ------------------------------------------------------------ */
324     /**
325      * @param listener
326      */
327     public void addEventListener(EventListener listener)
328     {
329         if (_sessionManager != null)
330             _sessionManager.addEventListener(listener);
331     }
332     
333     /* ------------------------------------------------------------ */
334     /**
335      * @param listener
336      */
337     public void removeEventListener(EventListener listener)
338     {
339         if (_sessionManager != null)
340             _sessionManager.removeEventListener(listener);
341     }
342
343     /* ------------------------------------------------------------ */
344     public void clearEventListeners()
345     {
346         if (_sessionManager != null)
347             _sessionManager.clearEventListeners();
348     }
349 }
WPIA Certificate Web Issuance Platform