portals-jetspeed-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From a..@apache.org
Subject svn commit: r1058212 - in /portals/jetspeed-2/portal/trunk: applications/jetspeed/src/main/webapp/WEB-INF/ components/jetspeed-portal/src/main/java/org/apache/jetspeed/container/session/ components/jetspeed-portal/src/main/java/org/apache/jetspeed/logi...
Date Wed, 12 Jan 2011 16:07:44 GMT
Author: ate
Date: Wed Jan 12 16:07:44 2011
New Revision: 1058212

URL: http://svn.apache.org/viewvc?rev=1058212&view=rev
Log:
JS2-1231: Ensure expired (portal) sessions are properly invalidated/recreated
See: http://issues.apache.org/jira/browse/JS2-1231

Added:
    portals/jetspeed-2/portal/trunk/components/jetspeed-portal/src/main/java/org/apache/jetspeed/container/session/PortalSessionValidationFilter.java
  (with props)
Modified:
    portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/web.xml
    portals/jetspeed-2/portal/trunk/components/jetspeed-portal/src/main/java/org/apache/jetspeed/login/filter/PortalFilter.java
    portals/jetspeed-2/portal/trunk/components/jetspeed-portal/src/main/java/org/apache/jetspeed/security/impl/shibboleth/ShibbolethPortalFilter.java

Modified: portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/web.xml
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/web.xml?rev=1058212&r1=1058211&r2=1058212&view=diff
==============================================================================
--- portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/web.xml
(original)
+++ portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/web.xml
Wed Jan 12 16:07:44 2011
@@ -43,6 +43,12 @@ limitations under the License.
           <param-value>48</param-value>
       </init-param>
   </filter>
+
+  <filter>
+    <filter-name>PortalSessionValidationFilter</filter-name>
+    <filter-class>org.apache.jetspeed.container.session.PortalSessionValidationFilter</filter-class>
+  </filter>
+  
   <!--  
   <filter>
     <filter-name>PortalFilter</filter-name>
@@ -62,6 +68,11 @@ limitations under the License.
   </filter-mapping>    
   
   <filter-mapping>
+    <filter-name>PortalSessionValidationFilter</filter-name>
+    <url-pattern>/*</url-pattern>
+  </filter-mapping>    
+  
+  <filter-mapping>
       <filter-name>staticResourceCachingFilter</filter-name>
       <servlet-name>default</servlet-name>
   </filter-mapping>

Added: portals/jetspeed-2/portal/trunk/components/jetspeed-portal/src/main/java/org/apache/jetspeed/container/session/PortalSessionValidationFilter.java
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/components/jetspeed-portal/src/main/java/org/apache/jetspeed/container/session/PortalSessionValidationFilter.java?rev=1058212&view=auto
==============================================================================
--- portals/jetspeed-2/portal/trunk/components/jetspeed-portal/src/main/java/org/apache/jetspeed/container/session/PortalSessionValidationFilter.java
(added)
+++ portals/jetspeed-2/portal/trunk/components/jetspeed-portal/src/main/java/org/apache/jetspeed/container/session/PortalSessionValidationFilter.java
Wed Jan 12 16:07:44 2011
@@ -0,0 +1,99 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jetspeed.container.session;
+
+import java.io.IOException;
+
+import javax.servlet.Filter;
+import javax.servlet.FilterChain;
+import javax.servlet.FilterConfig;
+import javax.servlet.ServletException;
+import javax.servlet.ServletRequest;
+import javax.servlet.ServletResponse;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpSession;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+/**
+ * ServletFilter to check if a HttpSession is still valid and if not invalidate it.
+ * 
+ * This code was in part copied from Pluto PortletRequestImpl.getSession(boolean)
+ * 
+ * @version $Id$
+ *
+ */
+public class PortalSessionValidationFilter implements Filter
+{
+	public static final String SESSION_VALIDATED_ATTRIBUTE_NAME = PortalSessionValidationFilter.class.getName()+".validated";
+	
+    private static Logger log = LoggerFactory.getLogger(PortalSessionValidationFilter.class);
+
+    public static HttpSession getValidSession(HttpServletRequest request)
+    {
+        HttpSession httpSession = request.getSession(false);
+        // only (should) need to do this once per servlet request
+    	if (request.getAttribute(SESSION_VALIDATED_ATTRIBUTE_NAME) == null)
+    	{
+    		request.setAttribute(SESSION_VALIDATED_ATTRIBUTE_NAME, Boolean.TRUE);
+            if (httpSession != null)
+            {
+                // HttpSession is not null does NOT mean that it is valid.
+                int maxInactiveInterval = httpSession.getMaxInactiveInterval();
+                long lastAccesstime = httpSession.getLastAccessedTime();
+                if (maxInactiveInterval >= 0 && lastAccesstime > 0)
+                {    // < 0 => Never expires.
+                    long maxInactiveTime = httpSession.getMaxInactiveInterval() * 1000L;
+                    long currentInactiveTime = System.currentTimeMillis() - lastAccesstime;
+                    if (currentInactiveTime > maxInactiveTime)
+                    {
+                        if (log.isDebugEnabled())
+                        {
+                            log.debug("The current HttpSession with ID {} is expired and
will be invalidated.", httpSession.getId());
+                        }
+                        httpSession.invalidate();
+                        httpSession = null;
+                    }                
+                }
+            }
+    	}
+    	
+        return httpSession;
+    }
+    
+	public void init(FilterConfig filterConfig) throws ServletException
+	{
+	}
+
+	public void doFilter(ServletRequest request, ServletResponse response, FilterChain filterChain)
throws IOException, ServletException
+	{
+		if (request instanceof HttpServletRequest)
+		{
+			getValidSession((HttpServletRequest)request);
+		}
+		
+        if (filterChain != null)
+        {
+            filterChain.doFilter(request, response);
+        }
+	}
+
+	public void destroy()
+	{
+	}
+}

Propchange: portals/jetspeed-2/portal/trunk/components/jetspeed-portal/src/main/java/org/apache/jetspeed/container/session/PortalSessionValidationFilter.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: portals/jetspeed-2/portal/trunk/components/jetspeed-portal/src/main/java/org/apache/jetspeed/container/session/PortalSessionValidationFilter.java
------------------------------------------------------------------------------
    svn:keywords = Id

Propchange: portals/jetspeed-2/portal/trunk/components/jetspeed-portal/src/main/java/org/apache/jetspeed/container/session/PortalSessionValidationFilter.java
------------------------------------------------------------------------------
    svn:mime-type = text/plain

Modified: portals/jetspeed-2/portal/trunk/components/jetspeed-portal/src/main/java/org/apache/jetspeed/login/filter/PortalFilter.java
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/components/jetspeed-portal/src/main/java/org/apache/jetspeed/login/filter/PortalFilter.java?rev=1058212&r1=1058211&r2=1058212&view=diff
==============================================================================
--- portals/jetspeed-2/portal/trunk/components/jetspeed-portal/src/main/java/org/apache/jetspeed/login/filter/PortalFilter.java
(original)
+++ portals/jetspeed-2/portal/trunk/components/jetspeed-portal/src/main/java/org/apache/jetspeed/login/filter/PortalFilter.java
Wed Jan 12 16:07:44 2011
@@ -36,6 +36,7 @@ import org.apache.jetspeed.administratio
 import org.apache.jetspeed.audit.AuditActivity;
 import org.apache.jetspeed.cache.UserContentCacheManager;
 import org.apache.jetspeed.components.ComponentManager;
+import org.apache.jetspeed.container.session.PortalSessionValidationFilter;
 import org.apache.jetspeed.login.LoginConstants;
 import org.apache.jetspeed.security.AuthenticatedUser;
 import org.apache.jetspeed.security.AuthenticatedUserImpl;
@@ -65,6 +66,7 @@ public class PortalFilter implements Fil
             HttpServletRequest request = (HttpServletRequest)sRequest;
             String username = request.getParameter(LoginConstants.USERNAME);
             String password = request.getParameter(LoginConstants.PASSWORD);            
+            HttpSession httpSession = PortalSessionValidationFilter.getValidSession(request);
             if (username != null)
             {
                 ComponentManager cm = Jetspeed.getComponentManager();

Modified: portals/jetspeed-2/portal/trunk/components/jetspeed-portal/src/main/java/org/apache/jetspeed/security/impl/shibboleth/ShibbolethPortalFilter.java
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/components/jetspeed-portal/src/main/java/org/apache/jetspeed/security/impl/shibboleth/ShibbolethPortalFilter.java?rev=1058212&r1=1058211&r2=1058212&view=diff
==============================================================================
--- portals/jetspeed-2/portal/trunk/components/jetspeed-portal/src/main/java/org/apache/jetspeed/security/impl/shibboleth/ShibbolethPortalFilter.java
(original)
+++ portals/jetspeed-2/portal/trunk/components/jetspeed-portal/src/main/java/org/apache/jetspeed/security/impl/shibboleth/ShibbolethPortalFilter.java
Wed Jan 12 16:07:44 2011
@@ -35,6 +35,7 @@ import org.apache.jetspeed.administratio
 import org.apache.jetspeed.audit.AuditActivity;
 import org.apache.jetspeed.cache.UserContentCacheManager;
 import org.apache.jetspeed.components.ComponentManager;
+import org.apache.jetspeed.container.session.PortalSessionValidationFilter;
 import org.apache.jetspeed.login.LoginConstants;
 import org.apache.jetspeed.login.filter.PortalRequestWrapper;
 import org.apache.jetspeed.security.AuthenticationProvider;
@@ -60,6 +61,7 @@ public class ShibbolethPortalFilter impl
 		if (sRequest instanceof HttpServletRequest)
 		{
 			HttpServletRequest request = (HttpServletRequest) sRequest;
+            HttpSession httpSession = PortalSessionValidationFilter.getValidSession(request);
 			if (userNameHeader == null)
 			{
 				synchronized (sem)



---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-dev-help@portals.apache.org


Mime
View raw message