private void sessionDestroyedImpl(HttpSessionEvent se) { //we need to get the current account //there are two options here, we can look for the account in the current request //or we can look for the account that has been saved in the session //for maximum compatibility we do both ServletRequestContext src = ServletRequestContext.current(); Account requestAccount = null; if (src != null) { SecurityContext securityContext = src.getExchange().getSecurityContext(); if(securityContext != null) { requestAccount = securityContext.getAuthenticatedAccount(); if (requestAccount != null) { clearAccount(requestAccount); } } } if (se.getSession() instanceof HttpSessionImpl) { final HttpSessionImpl impl = (HttpSessionImpl) se.getSession(); Session session = impl.getSession(); if (session != null) { AuthenticatedSessionManager.AuthenticatedSession authenticatedSession = (AuthenticatedSessionManager.AuthenticatedSession) session.getAttribute(CachedAuthenticatedSessionHandler.class.getName() + ".AuthenticatedSession"); if(authenticatedSession != null) { Account sessionAccount = authenticatedSession.getAccount(); if (sessionAccount != null && !sessionAccount.equals(requestAccount)) { clearAccount(sessionAccount); } } } } }
@Override public Session run() { return session.getSession(); } }
public Session getSession() { return httpSessionDelegate.getSession(); }
public Session getSession() { return httpSessionDelegate.getSession(); }
protected Session underlyingSession(HttpSessionImpl httpSession) { Session session; if (System.getSecurityManager() == null) { session = httpSession.getSession(); } else { session = AccessController.doPrivileged(new HttpSessionImpl.UnwrapSessionAction(httpSession)); } return session; }
public void updateSessionAccessTime(final HttpServerExchange exchange) { HttpSessionImpl httpSession = getSession(exchange, false); if (httpSession != null) { Session underlyingSession; if (System.getSecurityManager() == null) { underlyingSession = httpSession.getSession(); } else { underlyingSession = AccessController.doPrivileged(new HttpSessionImpl.UnwrapSessionAction(httpSession)); } underlyingSession.requestDone(exchange); } }
@Override protected Session getSession(HttpServerExchange exchange) { ServletRequestContext servletRequestContext = exchange.getAttachment(ServletRequestContext.ATTACHMENT_KEY); final HttpSessionImpl session = servletRequestContext.getCurrentServletContext().getSession(exchange, true); if(System.getSecurityManager() == null) { return session.getSession(); } else { return AccessController.doPrivileged(new HttpSessionImpl.UnwrapSessionAction(session)); } } }
public static void tryRestoreRequest(final HttpServerExchange exchange, HttpSession session) { if(session instanceof HttpSessionImpl) { Session underlyingSession; if(System.getSecurityManager() == null) { underlyingSession = ((HttpSessionImpl) session).getSession(); } else { underlyingSession = AccessController.doPrivileged(new HttpSessionImpl.UnwrapSessionAction(session)); } io.undertow.servlet.util.SavedRequest request = (io.undertow.servlet.util.SavedRequest) underlyingSession.removeAttribute(SESSION_KEY); if (request != null) { underlyingSession.setAttribute(io.undertow.servlet.util.SavedRequest.class.getName(), request); io.undertow.servlet.util.SavedRequest.tryRestoreRequest(exchange, session); } } }
public static void tryRestoreRequest(final HttpServerExchange exchange, HttpSession session) { if(session instanceof HttpSessionImpl) { Session underlyingSession; if(System.getSecurityManager() == null) { underlyingSession = ((HttpSessionImpl) session).getSession(); } else { underlyingSession = AccessController.doPrivileged(new HttpSessionImpl.UnwrapSessionAction(session)); } io.undertow.servlet.util.SavedRequest request = (io.undertow.servlet.util.SavedRequest) underlyingSession.removeAttribute(SESSION_KEY); if (request != null) { underlyingSession.setAttribute(io.undertow.servlet.util.SavedRequest.class.getName(), request); io.undertow.servlet.util.SavedRequest.tryRestoreRequest(exchange, session); } } }
@Override protected void handleRedirectBack(final HttpServerExchange exchange) { final ServletRequestContext servletRequestContext = exchange.getAttachment(ServletRequestContext.ATTACHMENT_KEY); HttpServletResponse resp = (HttpServletResponse) servletRequestContext.getServletResponse(); HttpSessionImpl httpSession = servletRequestContext.getCurrentServletContext().getSession(exchange, false); if (httpSession != null) { Session session; if (System.getSecurityManager() == null) { session = httpSession.getSession(); } else { session = AccessController.doPrivileged(new HttpSessionImpl.UnwrapSessionAction(httpSession)); } String path = (String) session.getAttribute(SESSION_KEY); if (path != null) { try { resp.sendRedirect(path); } catch (IOException e) { throw new RuntimeException(e); } } } }
@Override public void handleRequest(HttpServerExchange exchange) throws Exception { final String incomingSessionId = servletContext.getSessionConfig().findSessionId(exchange); if (incomingSessionId == null || !data.containsKey(incomingSessionId)) { next.handleRequest(exchange); return; } //we have some old data PersistentSession result = data.remove(incomingSessionId); if (result != null) { long time = System.currentTimeMillis(); if (time < result.getExpiration().getTime()) { final HttpSessionImpl session = servletContext.getSession(exchange, true); final HttpSessionEvent event = new HttpSessionEvent(session); for (Map.Entry<String, Object> entry : result.getSessionData().entrySet()) { if (entry.getValue() instanceof HttpSessionActivationListener) { ((HttpSessionActivationListener) entry.getValue()).sessionDidActivate(event); } if(entry.getKey().startsWith(HttpSessionImpl.IO_UNDERTOW)) { session.getSession().setAttribute(entry.getKey(), entry.getValue()); } else { session.setAttribute(entry.getKey(), entry.getValue()); } } } } next.handleRequest(exchange); }
public static void trySaveRequest(final HttpServerExchange exchange) { io.undertow.servlet.util.SavedRequest.trySaveRequest(exchange); final ServletRequestContext sc = exchange.getAttachment(ServletRequestContext.ATTACHMENT_KEY); HttpSessionImpl session = sc.getCurrentServletContext().getSession(exchange, true); Session underlyingSession; if(System.getSecurityManager() == null) { underlyingSession = session.getSession(); } else { underlyingSession = AccessController.doPrivileged(new HttpSessionImpl.UnwrapSessionAction(session)); } io.undertow.servlet.util.SavedRequest request = (io.undertow.servlet.util.SavedRequest) underlyingSession.removeAttribute(io.undertow.servlet.util.SavedRequest.class.getName()); if (request != null) underlyingSession.setAttribute(SESSION_KEY, request); }
public static void trySaveRequest(final HttpServerExchange exchange) { io.undertow.servlet.util.SavedRequest.trySaveRequest(exchange); final ServletRequestContext sc = exchange.getAttachment(ServletRequestContext.ATTACHMENT_KEY); HttpSessionImpl session = sc.getCurrentServletContext().getSession(exchange, true); Session underlyingSession; if(System.getSecurityManager() == null) { underlyingSession = session.getSession(); } else { underlyingSession = AccessController.doPrivileged(new HttpSessionImpl.UnwrapSessionAction(session)); } io.undertow.servlet.util.SavedRequest request = (io.undertow.servlet.util.SavedRequest) underlyingSession.removeAttribute(io.undertow.servlet.util.SavedRequest.class.getName()); if (request != null) underlyingSession.setAttribute(SESSION_KEY, request); }
public static String changeSessionId(HttpServerExchange exchange, boolean create) { final ServletRequestContext sc = exchange.getAttachment(ServletRequestContext.ATTACHMENT_KEY); ServletContextImpl currentServletContext = sc.getCurrentServletContext(); HttpSessionImpl session = currentServletContext.getSession(exchange, create); if (session == null) { return null; } Session underlyingSession; if(System.getSecurityManager() == null) { underlyingSession = session.getSession(); } else { underlyingSession = AccessController.doPrivileged(new HttpSessionImpl.UnwrapSessionAction(session)); } return underlyingSession.changeSessionId(exchange, currentServletContext.getSessionConfig()); } }
public static String changeSessionId(HttpServerExchange exchange, boolean create) { final ServletRequestContext sc = exchange.getAttachment(ServletRequestContext.ATTACHMENT_KEY); ServletContextImpl currentServletContext = sc.getCurrentServletContext(); HttpSessionImpl session = currentServletContext.getSession(exchange, create); if (session == null) { return null; } Session underlyingSession; if(System.getSecurityManager() == null) { underlyingSession = session.getSession(); } else { underlyingSession = AccessController.doPrivileged(new HttpSessionImpl.UnwrapSessionAction(session)); } return underlyingSession.changeSessionId(exchange, currentServletContext.getSessionConfig()); } }
@Override public void sessionDestroyed(final Session session, final HttpServerExchange exchange, final SessionDestroyedReason reason) { if (reason == SessionDestroyedReason.TIMEOUT) { try { //we need to perform thread setup actions destroyedAction.call(exchange, session); } catch (Exception e) { throw new RuntimeException(e); } } else { doDestroy(session); } ServletRequestContext current = SecurityActions.currentServletRequestContext(); Session underlying = null; if (current != null && current.getSession() != null) { if (System.getSecurityManager() == null) { underlying = current.getSession().getSession(); } else { underlying = AccessController.doPrivileged(new HttpSessionImpl.UnwrapSessionAction(current.getSession())); } } if (current != null && underlying == session) { current.setSession(null); } }
@Override public String changeSessionId() { HttpSessionImpl session = servletContext.getSession(originalServletContext, exchange, false); if (session == null) { throw UndertowServletMessages.MESSAGES.noSession(); } String oldId = session.getId(); Session underlyingSession; if(System.getSecurityManager() == null) { underlyingSession = session.getSession(); } else { underlyingSession = AccessController.doPrivileged(new HttpSessionImpl.UnwrapSessionAction(session)); } String newId = underlyingSession.changeSessionId(exchange, originalServletContext.getSessionConfig()); servletContext.getDeployment().getApplicationListeners().httpSessionIdChanged(session, oldId); return newId; }
public static HttpSession forConvergedSession(final Session session, final ServletContext servletContext, final boolean newSession, SessionManager manager) { // forSession is called by privileged actions only so no need to do it again ServletRequestContext current = ServletRequestContext.current(); if (current == null) { return new ConvergedHttpSessionFacade(HttpSessionImpl.forSession(session, servletContext, newSession), manager); } else { HttpSessionImpl httpSession = current.getSession(); if (httpSession == null) { httpSession = HttpSessionImpl.forSession(session, servletContext, newSession); current.setSession(httpSession); } else { if(httpSession.getSession() != session) { //in some rare cases it may be that there are two different service contexts involved in the one request //in this case we just return a new session rather than using the thread local version httpSession = HttpSessionImpl.forSession(session, servletContext, newSession); } } return new ConvergedHttpSessionFacade(httpSession, manager); } }
public static HttpSession forConvergedSession(final Session session, final ServletContext servletContext, final boolean newSession, SessionManager manager) { // forSession is called by privileged actions only so no need to do it again ServletRequestContext current = ServletRequestContext.current(); if (current == null) { return new ConvergedHttpSessionFacade(HttpSessionImpl.forSession(session, servletContext, newSession), manager); } else { HttpSessionImpl httpSession = current.getSession(); if (httpSession == null) { httpSession = HttpSessionImpl.forSession(session, servletContext, newSession); current.setSession(httpSession); } else { if(httpSession.getSession() != session) { //in some rare cases it may be that there are two different service contexts involved in the one request //in this case we just return a new session rather than using the thread local version httpSession = HttpSessionImpl.forSession(session, servletContext, newSession); } } return new ConvergedHttpSessionFacade(httpSession, manager); } }
public static void trySaveRequest(final HttpServerExchange exchange, final byte[] buffer, int length) { int maxSize = exchange.getConnection().getUndertowOptions().get(UndertowOptions.MAX_BUFFERED_REQUEST_SIZE, UndertowOptions.DEFAULT_MAX_BUFFERED_REQUEST_SIZE); if (maxSize > 0) { if (length > maxSize) { UndertowLogger.REQUEST_LOGGER.debugf("Request to %s was to large to save", exchange.getRequestURI()); return;//failed to save the request, we just return } //TODO: we should really be used pooled buffers //TODO: we should probably limit the number of saved requests at any given time HeaderMap headers = new HeaderMap(); for (HeaderValues entry : exchange.getRequestHeaders()) { if (entry.getHeaderName().equals(Headers.CONTENT_LENGTH) || entry.getHeaderName().equals(Headers.TRANSFER_ENCODING) || entry.getHeaderName().equals(Headers.CONNECTION)) { continue; } headers.putAll(entry.getHeaderName(), entry); } SavedRequest request = new SavedRequest(buffer, length, exchange.getRequestMethod(), exchange.getRelativePath(), exchange.getRequestHeaders()); final ServletRequestContext sc = exchange.getAttachment(ServletRequestContext.ATTACHMENT_KEY); HttpSessionImpl session = sc.getCurrentServletContext().getSession(exchange, true); Session underlyingSession; if (System.getSecurityManager() == null) { underlyingSession = session.getSession(); } else { underlyingSession = AccessController.doPrivileged(new HttpSessionImpl.UnwrapSessionAction(session)); } underlyingSession.setAttribute(SESSION_KEY, request); } }