geode-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From u..@apache.org
Subject [41/50] [abbrv] incubator-geode git commit: GEODE-1728: Recursively checking for wrapped http sessions
Date Wed, 10 Aug 2016 19:41:27 GMT
GEODE-1728: Recursively checking for wrapped http sessions

Our check for wrapped http sessions in the session caching module was
not working if a request was wrapped by our module and then by a third
party filter that also wrapped the request.


Project: http://git-wip-us.apache.org/repos/asf/incubator-geode/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-geode/commit/f3db3e82
Tree: http://git-wip-us.apache.org/repos/asf/incubator-geode/tree/f3db3e82
Diff: http://git-wip-us.apache.org/repos/asf/incubator-geode/diff/f3db3e82

Branch: refs/heads/feature/GEODE-420
Commit: f3db3e82cad98541232d60c344728e2c2c839021
Parents: bc6f5da
Author: Dan Smith <upthewaterspout@apache.org>
Authored: Thu Aug 4 13:39:31 2016 -0700
Committer: Dan Smith <upthewaterspout@apache.org>
Committed: Fri Aug 5 10:59:49 2016 -0700

----------------------------------------------------------------------
 .../session/filter/SessionCachingFilter.java    | 25 +++++++++++-
 .../session/internal/filter/CommonTests.java    | 42 ++++++++++++++++++++
 2 files changed, 65 insertions(+), 2 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/f3db3e82/extensions/geode-modules-session/src/main/java/com/gemstone/gemfire/modules/session/filter/SessionCachingFilter.java
----------------------------------------------------------------------
diff --git a/extensions/geode-modules-session/src/main/java/com/gemstone/gemfire/modules/session/filter/SessionCachingFilter.java
b/extensions/geode-modules-session/src/main/java/com/gemstone/gemfire/modules/session/filter/SessionCachingFilter.java
index 7abc253..c644235 100644
--- a/extensions/geode-modules-session/src/main/java/com/gemstone/gemfire/modules/session/filter/SessionCachingFilter.java
+++ b/extensions/geode-modules-session/src/main/java/com/gemstone/gemfire/modules/session/filter/SessionCachingFilter.java
@@ -423,8 +423,7 @@ public class SessionCachingFilter implements Filter {
      * Early out if this isn't the right kind of request. We might see a
      * RequestWrapper instance during a forward or include request.
      */
-    if (request instanceof RequestWrapper ||
-        !(request instanceof HttpServletRequest)) {
+    if (alreadyWrapped(httpReq)) {
       LOG.debug("Handling already-wrapped request");
       chain.doFilter(request, response);
       return;
@@ -480,6 +479,28 @@ public class SessionCachingFilter implements Filter {
   }
 
   /**
+   * Test if a request has been wrapped with RequestWrapper somewhere
+   * in the chain of wrapped requests.
+   */
+  private boolean alreadyWrapped(final ServletRequest request) {
+    if(request instanceof RequestWrapper) {
+      return true;
+    }
+
+    if(!(request instanceof ServletRequestWrapper)) {
+      return false;
+    }
+
+    final ServletRequest nestedRequest = ((ServletRequestWrapper) request).getRequest();
+
+    if(nestedRequest == request) {
+      return false;
+    }
+
+    return alreadyWrapped(nestedRequest);
+  }
+
+  /**
    * Return the filter configuration object for this filter.
    */
   public FilterConfig getFilterConfig() {

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/f3db3e82/extensions/geode-modules-session/src/test/java/com/gemstone/gemfire/modules/session/internal/filter/CommonTests.java
----------------------------------------------------------------------
diff --git a/extensions/geode-modules-session/src/test/java/com/gemstone/gemfire/modules/session/internal/filter/CommonTests.java
b/extensions/geode-modules-session/src/test/java/com/gemstone/gemfire/modules/session/internal/filter/CommonTests.java
index c341c6f..51c3dec 100644
--- a/extensions/geode-modules-session/src/test/java/com/gemstone/gemfire/modules/session/internal/filter/CommonTests.java
+++ b/extensions/geode-modules-session/src/test/java/com/gemstone/gemfire/modules/session/internal/filter/CommonTests.java
@@ -18,13 +18,22 @@ package com.gemstone.gemfire.modules.session.internal.filter;
 
 import static org.junit.Assert.*;
 
+import java.io.IOException;
 import java.util.concurrent.TimeUnit;
+import javax.servlet.Filter;
+import javax.servlet.FilterChain;
+import javax.servlet.FilterConfig;
+import javax.servlet.ServletException;
+import javax.servlet.ServletRequest;
+import javax.servlet.ServletResponse;
 import javax.servlet.http.Cookie;
 import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletRequestWrapper;
 import javax.servlet.http.HttpServletResponse;
 import javax.servlet.http.HttpSession;
 import javax.servlet.http.HttpSessionAttributeListener;
 
+import com.gemstone.gemfire.modules.session.filter.SessionCachingFilter;
 import com.mockrunner.mock.web.MockHttpServletRequest;
 import com.mockrunner.mock.web.MockHttpServletResponse;
 import com.mockrunner.mock.web.MockHttpSession;
@@ -577,4 +586,37 @@ public abstract class CommonTests extends BasicServletTestCaseAdapter
{
     assertTrue("Session ID should be from URL", request.isRequestedSessionIdFromURL());
   }
 
+  @Test
+  public void testOnlyOneSessionWhenSecondFilterWrapsRequest() throws Exception {
+    createFilter(RequestWrappingFilter.class);
+    createFilter(SessionCachingFilter.class);
+    doFilter();
+    HttpServletRequest request = (HttpServletRequest) getFilteredRequest();
+    HttpSession originalSession = (HttpSession) request.getAttribute("original_session");
+    assertEquals(originalSession, request.getSession());
+  }
+
+  public static class RequestWrappingFilter implements Filter {
+
+    @Override public void init(final FilterConfig filterConfig) throws ServletException {
+
+    }
+
+    @Override
+    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
+      throws IOException, ServletException
+    {
+      final HttpServletRequest httpRequest = (HttpServletRequest) request;
+      httpRequest.getSession();
+      httpRequest.setAttribute("original_session", httpRequest.getSession());
+      request = new HttpServletRequestWrapper(httpRequest);
+      chain.doFilter(request, response);
+
+    }
+
+    @Override public void destroy() {
+
+    }
+  }
+
 }


Mime
View raw message