portals-jetspeed-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From tay...@apache.org
Subject svn commit: r542699 - in /portals/jetspeed-2/trunk: components/portal/src/java/org/apache/jetspeed/security/impl/ components/portal/src/java/org/apache/jetspeed/security/impl/ntlm/ src/webapp/WEB-INF/assembly/
Date Wed, 30 May 2007 00:10:24 GMT
Author: taylor
Date: Tue May 29 17:10:22 2007
New Revision: 542699

URL: http://svn.apache.org/viewvc?view=rev&rev=542699
Log:
https://issues.apache.org/jira/browse/JS2-713

Modified:
    portals/jetspeed-2/trunk/components/portal/src/java/org/apache/jetspeed/security/impl/AbstractSecurityValve.java
    portals/jetspeed-2/trunk/components/portal/src/java/org/apache/jetspeed/security/impl/SecurityValveImpl.java
    portals/jetspeed-2/trunk/components/portal/src/java/org/apache/jetspeed/security/impl/ntlm/NtlmSecurityValve.java
    portals/jetspeed-2/trunk/src/webapp/WEB-INF/assembly/pipelines.xml

Modified: portals/jetspeed-2/trunk/components/portal/src/java/org/apache/jetspeed/security/impl/AbstractSecurityValve.java
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/trunk/components/portal/src/java/org/apache/jetspeed/security/impl/AbstractSecurityValve.java?view=diff&rev=542699&r1=542698&r2=542699
==============================================================================
--- portals/jetspeed-2/trunk/components/portal/src/java/org/apache/jetspeed/security/impl/AbstractSecurityValve.java
(original)
+++ portals/jetspeed-2/trunk/components/portal/src/java/org/apache/jetspeed/security/impl/AbstractSecurityValve.java
Tue May 29 17:10:22 2007
@@ -22,10 +22,12 @@
  */
 package org.apache.jetspeed.security.impl;
 
+import java.io.IOException;
 import java.security.Principal;
 import java.security.PrivilegedAction;
 
 import javax.security.auth.Subject;
+import javax.servlet.http.HttpSession;
 
 import org.apache.jetspeed.PortalReservedParameters;
 import org.apache.jetspeed.pipeline.PipelineException;
@@ -48,6 +50,10 @@
  */
 public abstract class AbstractSecurityValve extends AbstractValve implements SecurityValve
 {
+    protected int maxSessionHardLimit = 0;
+    protected long msMaxSessionHardLimit = 1;
+    protected String timeoutRedirectLocation = "";
+    
     /**
      * 
      * <p>
@@ -71,7 +77,7 @@
      * @throws Exception
      */
     protected abstract Principal getUserPrincipal(RequestContext request) throws Exception;
-    
+        
     /**
      * 
      * <p>
@@ -106,45 +112,87 @@
      */
     public void invoke( RequestContext request, ValveContext context ) throws PipelineException
     {
-            // initialize/validate security subject
-            Subject subject;
-            try
-            {
-                subject = getSubject(request);
-            }
-            catch (Exception e1)
+        if (isSessionExpired(request))
+        {
+            return; // short circuit processing and redirect
+        }
+    
+        // initialize/validate security subject
+        Subject subject;
+        try
+        {
+            subject = getSubject(request);
+        }
+        catch (Exception e1)
+        {
+           throw new PipelineException(e1.getMessage(), e1);
+        }
+        request.getRequest().getSession().setAttribute(PortalReservedParameters.SESSION_KEY_SUBJECT,
subject);            
+        
+        // set request context subject
+        request.setSubject(subject);
+        
+        // Pass control to the next Valve in the Pipeline and execute under
+        // the current subject
+        final ValveContext vc = context;
+        final RequestContext rc = request;            
+        PipelineException pe = (PipelineException) JSSubject.doAsPrivileged(subject, new
PrivilegedAction()
+        {
+            public Object run() 
             {
-               throw new PipelineException(e1.getMessage(), e1);
+                 try
+                {
+                    vc.invokeNext(rc);                 
+                    return null;
+                }
+                catch (PipelineException e)
+                {
+                    return e;
+                }                    
             }
-            request.getRequest().getSession().setAttribute(PortalReservedParameters.SESSION_KEY_SUBJECT,
subject);            
-            
-            // set request context subject
-            request.setSubject(subject);
-            
-            // Pass control to the next Valve in the Pipeline and execute under
-            // the current subject
-            final ValveContext vc = context;
-            final RequestContext rc = request;            
-            PipelineException pe = (PipelineException) JSSubject.doAsPrivileged(subject,
new PrivilegedAction()
+        }, null);
+        
+        if(pe != null)
+        {
+            throw pe;
+        }           
+    }
+    
+    /**
+     * Check for hard limit session expiration time out
+     * 
+     * @param request
+     * @return
+     * @throws PipelineException
+     */
+    protected boolean isSessionExpired(RequestContext request) throws PipelineException 
  
+    {
+        if (maxSessionHardLimit > 0)
+        {
+            HttpSession session = request.getRequest().getSession();
+            long sessionCreationTime = session.getCreationTime();
+            long currentTime = System.currentTimeMillis();
+            if ((currentTime - sessionCreationTime) > msMaxSessionHardLimit)
             {
-                public Object run() 
+                session.invalidate();
+                String redirector = request.getRequest().getContextPath() + timeoutRedirectLocation;
+                // System.out.println("logging user out " + redirector + ", " + (currentTime
- sessionCreationTime) + ", " + this.msMaxSessionHardLimit);
+                try
+                {
+                    request.getResponse().sendRedirect(redirector);
+                }
+                catch (IOException e)
                 {
-                     try
-                    {
-                        vc.invokeNext(rc);                 
-                        return null;
-                    }
-                    catch (PipelineException e)
-                    {
-                        return e;
-                    }                    
+                    throw new PipelineException(e);
                 }
-            }, null);
-            
-            if(pe != null)
+                return true;
+            }
+            else
             {
-                throw pe;
-            }       
-    
+                // System.out.println("Not logging user out: " + (currentTime - sessionCreationTime)
+ ", " + this.msMaxSessionHardLimit);
+            }
+        }
+        return false;        
     }
+    
 }

Modified: portals/jetspeed-2/trunk/components/portal/src/java/org/apache/jetspeed/security/impl/SecurityValveImpl.java
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/trunk/components/portal/src/java/org/apache/jetspeed/security/impl/SecurityValveImpl.java?view=diff&rev=542699&r1=542698&r2=542699
==============================================================================
--- portals/jetspeed-2/trunk/components/portal/src/java/org/apache/jetspeed/security/impl/SecurityValveImpl.java
(original)
+++ portals/jetspeed-2/trunk/components/portal/src/java/org/apache/jetspeed/security/impl/SecurityValveImpl.java
Tue May 29 17:10:22 2007
@@ -16,12 +16,15 @@
  */
 package org.apache.jetspeed.security.impl;
 
+import java.io.IOException;
 import java.security.Principal;
 import java.util.HashSet;
 import java.util.Set;
 
 import javax.security.auth.Subject;
+import javax.servlet.http.HttpSession;
 
+import org.apache.jetspeed.pipeline.PipelineException;
 import org.apache.jetspeed.pipeline.valve.SecurityValve;
 import org.apache.jetspeed.profiler.Profiler;
 import org.apache.jetspeed.request.RequestContext;
@@ -45,6 +48,15 @@
     private UserManager userMgr;
     private PortalStatistics statistics;
 
+    public SecurityValveImpl(Profiler profiler, UserManager userMgr, PortalStatistics statistics,
int maxSessionHardLimit, String timeoutRedirectLocation)
+    {
+        this.userMgr = userMgr;
+        this.statistics = statistics;
+        this.maxSessionHardLimit = maxSessionHardLimit;
+        this.msMaxSessionHardLimit = this.maxSessionHardLimit * 1000;
+        this.timeoutRedirectLocation = timeoutRedirectLocation;
+    }
+    
     public SecurityValveImpl( Profiler profiler, UserManager userMgr, PortalStatistics statistics
)
     {
         this.userMgr = userMgr;
@@ -121,12 +133,11 @@
                 statistics.logUserLogin(request, 0);
             }
             // put IP address in session for logout
-            request.setSessionAttribute(IP_ADDRESS, request.getRequest().getRemoteAddr());
-        }
-        
+            request.setSessionAttribute(IP_ADDRESS, request.getRequest().getRemoteAddr());
           
+        }               
         return subject;
     }
-        
+            
     /**
      * 
      * <p>

Modified: portals/jetspeed-2/trunk/components/portal/src/java/org/apache/jetspeed/security/impl/ntlm/NtlmSecurityValve.java
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/trunk/components/portal/src/java/org/apache/jetspeed/security/impl/ntlm/NtlmSecurityValve.java?view=diff&rev=542699&r1=542698&r2=542699
==============================================================================
--- portals/jetspeed-2/trunk/components/portal/src/java/org/apache/jetspeed/security/impl/ntlm/NtlmSecurityValve.java
(original)
+++ portals/jetspeed-2/trunk/components/portal/src/java/org/apache/jetspeed/security/impl/ntlm/NtlmSecurityValve.java
Tue May 29 17:10:22 2007
@@ -82,19 +82,28 @@
      * or the remoteUser cannot be authorized.
      * 
      */
-    public NtlmSecurityValve(UserManager userMgr, String networkDomain, boolean omitDomain,
boolean ntlmAuthRequired, PortalStatistics statistics) 
+    public NtlmSecurityValve(UserManager userMgr, String networkDomain, boolean omitDomain,
boolean ntlmAuthRequired, 
+            PortalStatistics statistics, int maxSessionHardLimit, String timeoutRedirectLocation)

     {
         this.userMgr = userMgr;
         this.statistics = statistics;
         this.networkDomain = networkDomain;
         this.ntlmAuthRequired = ntlmAuthRequired;
         this.omitDomain = omitDomain;
+        this.maxSessionHardLimit = maxSessionHardLimit;
+        this.timeoutRedirectLocation = timeoutRedirectLocation;
     }
 
-    public NtlmSecurityValve(UserManager userMgr, String networkDomain, boolean omitDomain,
boolean ntlmAuthRequired){
-        this(userMgr, networkDomain, omitDomain, ntlmAuthRequired, null);
+    public NtlmSecurityValve(UserManager userMgr, String networkDomain, boolean omitDomain,
boolean ntlmAuthRequired, PortalStatistics statistics)
+    {
+        this(userMgr, networkDomain, omitDomain, ntlmAuthRequired, statistics, 0, "");  
     
     }
     
+    public NtlmSecurityValve(UserManager userMgr, String networkDomain, boolean omitDomain,
boolean ntlmAuthRequired)
+    {
+        this(userMgr, networkDomain, omitDomain, ntlmAuthRequired, null);
+    }
+
     public String toString()
     {
         return "NtlmSecurityValve";

Modified: portals/jetspeed-2/trunk/src/webapp/WEB-INF/assembly/pipelines.xml
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/trunk/src/webapp/WEB-INF/assembly/pipelines.xml?view=diff&rev=542699&r1=542698&r2=542699
==============================================================================
--- portals/jetspeed-2/trunk/src/webapp/WEB-INF/assembly/pipelines.xml (original)
+++ portals/jetspeed-2/trunk/src/webapp/WEB-INF/assembly/pipelines.xml Tue May 29 17:10:22
2007
@@ -48,15 +48,23 @@
         class="org.apache.jetspeed.security.impl.SecurityValveImpl"
         init-method="initialize"
   >
-   <constructor-arg>
+   <constructor-arg index='0'>
        <ref bean="org.apache.jetspeed.profiler.Profiler" />
    </constructor-arg>
-   <constructor-arg>
+   <constructor-arg index='1'>
        <ref bean="org.apache.jetspeed.security.UserManager" />
    </constructor-arg>
-   <constructor-arg>
+   <constructor-arg index='2'>
        <ref bean="PortalStatistics" />
-   </constructor-arg>   
+   </constructor-arg>
+   <!--  hard session timeout limit in seconds, regardless of (in)activity, setting to
0 turns off this feature -->   
+   <constructor-arg index='3'>
+   		<value>0</value>
+   </constructor-arg>
+   <!--  redirect location for hard session expiration -->   
+   <constructor-arg index='4'>
+   		<value>/login/logout</value>
+   </constructor-arg>
   </bean> 
   
   <bean id="passwordCredentialValve"



---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-dev-help@portals.apache.org


Mime
View raw message