/** * Does this request match the saved one (so that it must be the redirect * we signalled after successful authentication? * * @param request The request to be verified */ protected boolean matchRequest(Request request) { // Has a session been created? Session session = request.getSessionInternal(false); if (session == null) return (false); // Is there a saved request? SavedRequest sreq = (SavedRequest) session.getNote(Constants.FORM_REQUEST_NOTE); if (sreq == null) return (false); // Is there a saved principal? if (session.getNote(Constants.FORM_PRINCIPAL_NOTE) == null) return (false); // Does the request URI match? String requestURI = request.getRequestURI(); if (requestURI == null) return (false); return (requestURI.equals(sreq.getRequestURI())); }
/** * Send Cluster Replication Request * @param request current request * @param manager session manager * @param cluster replication cluster */ protected void sendSessionReplicationMessage(Request request, ClusterManager manager, CatalinaCluster cluster) { Session session = request.getSessionInternal(false); if (session != null) { String uri = request.getDecodedRequestURI(); // request without session change if (!isRequestWithoutSessionChange(uri)) { if (log.isDebugEnabled()) log.debug(sm.getString("ReplicationValve.invoke.uri", uri)); sendMessage(session,manager,cluster); } else if(doStatistics()) nrOfFilterRequests++; } }
/** * change session id and send to all cluster nodes * * @param request current request * @param sessionId * original session id * @param newSessionID * new session id for node migration * @param catalinaSession * current session with original session id */ protected void changeSessionID(Request request, String sessionId, String newSessionID, Session catalinaSession) { fireLifecycleEvent("Before session migration", catalinaSession); catalinaSession.setId(newSessionID, false); // FIXME: Why we remove change data from other running request? // setId also trigger resetDeltaRequest!! if (catalinaSession instanceof DeltaSession) ((DeltaSession) catalinaSession).resetDeltaRequest(); changeRequestSessionID(request, sessionId, newSessionID); // now sending the change to all other clusternodes! sendSessionIDClusterBackup(request,sessionId, newSessionID); fireLifecycleEvent("After session migration", catalinaSession); if (log.isDebugEnabled()) { log.debug(sm.getString("jvmRoute.changeSession", sessionId, newSessionID)); } }
/** * Send all changed cross context sessions to backups * * @param containerCluster */ protected void sendCrossContextSession(CatalinaCluster containerCluster) { List<DeltaSession> sessions = crossContextSessions.get(); if (sessions != null && sessions.size() > 0) { for (Iterator<DeltaSession> iter = sessions.iterator(); iter.hasNext();) { Session session = iter.next(); if (log.isDebugEnabled()) log.debug(sm.getString("ReplicationValve.crossContext.sendDelta", session.getManager().getContainer().getName())); sendMessage(session, (ClusterManager) session.getManager(), containerCluster); if (doStatistics()) { nrOfCrossContextSendRequests++; } } } }
/** * Send all changed cross context sessions to backups * @param containerCluster */ protected void sendCrossContextSession(CatalinaCluster containerCluster) { List<DeltaSession> sessions = crossContextSessions.get(); if(sessions != null && sessions.size() >0) { for(Iterator<DeltaSession> iter = sessions.iterator(); iter.hasNext() ;) { Session session = iter.next(); if(log.isDebugEnabled()) log.debug(sm.getString("ReplicationValve.crossContext.sendDelta", session.getManager().getContainer().getName() )); sendMessage(session,(ClusterManager)session.getManager(),containerCluster); if(doStatistics()) { nrOfCrossContextSendRequests++; } } } }
/** * change session id and send to all cluster nodes * * @param request * current request * @param sessionId * original session id * @param newSessionID * new session id for node migration * @param catalinaSession * current session with original session id */ protected void changeSessionID(Request request, String sessionId, String newSessionID, Session catalinaSession) { fireLifecycleEvent("Before session migration", catalinaSession); catalinaSession.setId(newSessionID, false); // FIXME: Why we remove change data from other running request? // setId also trigger resetDeltaRequest!! if (catalinaSession instanceof DeltaSession) ((DeltaSession) catalinaSession).resetDeltaRequest(); changeRequestSessionID(request, sessionId, newSessionID); // now sending the change to all other clusternodes! sendSessionIDClusterBackup(request, sessionId, newSessionID); fireLifecycleEvent("After session migration", catalinaSession); if (log.isDebugEnabled()) { log.debug(sm.getString("jvmRoute.changeSession", sessionId, newSessionID)); } }
/** * Save all currently active sessions in the appropriate persistence * mechanism, if any. If persistence is not supported, this method * returns without doing anything. * <p> * Note that by default, this method is not called by the MiddleManager * class. In order to use it, a subclass must specifically call it, * for example in the stop() and/or processPersistenceChecks() methods. */ public void unload() { if (store == null) return; Session sessions[] = findSessions(); int n = sessions.length; if (n == 0) return; if (log.isDebugEnabled()) log.debug(sm.getString("persistentManager.unloading", String.valueOf(n))); for (int i = 0; i < n; i++) try { swapOut(sessions[i]); } catch (IOException e) { ; // This is logged in writeSession() } }
/** * Remove a single Session from a SingleSignOn. Called when * a session is timed out and no longer active. * * @param ssoId Single sign on identifier from which to remove the session. * @param session the session to be removed. */ protected void removeSession(String ssoId, Session session) { if (containerLog.isDebugEnabled()) { containerLog.debug(sm.getString("singleSignOn.debug.removeSession", session, ssoId)); } // Get a reference to the SingleSignOn SingleSignOnEntry entry = cache.get(ssoId); if (entry == null) { return; } // Remove the inactive session from SingleSignOnEntry entry.removeSession(session); // If there are not sessions left in the SingleSignOnEntry, // deregister the entry. if (entry.findSessions().size() == 0) { deregister(ssoId); } }
/** * Save all currently active sessions in the appropriate persistence * mechanism, if any. If persistence is not supported, this method * returns without doing anything. * <p> * Note that by default, this method is not called by the MiddleManager * class. In order to use it, a subclass must specifically call it, * for example in the stop() and/or processPersistenceChecks() methods. */ @Override public void unload() { if (store == null) return; Session sessions[] = findSessions(); int n = sessions.length; if (n == 0) return; if (log.isDebugEnabled()) log.debug(sm.getString("persistentManager.unloading", String.valueOf(n))); for (int i = 0; i < n; i++) try { swapOut(sessions[i]); } catch (IOException e) { // This is logged in writeSession() } }
/** * {@inheritDoc} * <p> * Direct call to processExpires and processPersistenceChecks */ @Override public void processExpires() { long timeNow = System.currentTimeMillis(); Session sessions[] = findSessions(); int expireHere = 0 ; if(log.isDebugEnabled()) log.debug("Start expire sessions " + getName() + " at " + timeNow + " sessioncount " + sessions.length); for (int i = 0; i < sessions.length; i++) { if (!sessions[i].isValid()) { expiredSessions.incrementAndGet(); expireHere++; } } processPersistenceChecks(); if ((getStore() != null) && (getStore() instanceof StoreBase)) { ((StoreBase) getStore()).processExpires(); } long timeEnd = System.currentTimeMillis(); if(log.isDebugEnabled()) log.debug("End expire sessions " + getName() + " processingTime " + (timeEnd - timeNow) + " expired sessions: " + expireHere); processingTime += (timeEnd - timeNow); }
/** * Expire all find sessions. */ public void expireAllLocalSessions() { long timeNow = System.currentTimeMillis(); Session sessions[] = findSessions(); int expireDirect = 0 ; int expireIndirect = 0 ; if(log.isDebugEnabled()) log.debug("Start expire all sessions " + getName() + " at " + timeNow + " sessioncount " + sessions.length); for (int i = 0; i < sessions.length; i++) { if (sessions[i] instanceof DeltaSession) { DeltaSession session = (DeltaSession) sessions[i]; if (session.isPrimarySession()) { if (session.isValid()) { session.expire(); expireDirect++; } else { expireIndirect++; }//end if }//end if }//end if }//for long timeEnd = System.currentTimeMillis(); if(log.isDebugEnabled()) log.debug("End expire sessions " + getName() + " expire processingTime " + (timeEnd - timeNow) + " expired direct sessions: " + expireDirect + " expired direct sessions: " + expireIndirect); }
/** * Stop this component and implement the requirements of * {@link org.apache.catalina.util.LifecycleBase#stopInternal()}. * * This will disconnect the cluster communication channel and stop the * listener thread. * * @exception LifecycleException * if this component detects a fatal error that prevents this * component from being used */ @Override protected synchronized void stopInternal() throws LifecycleException { if (log.isDebugEnabled()) log.debug(sm.getString("backupManager.stopped", getName())); setState(LifecycleState.STOPPING); if (sessions instanceof LazyReplicatedMap) { LazyReplicatedMap<String, Session> map = (LazyReplicatedMap<String, Session>) sessions; map.breakdown(); } super.stopInternal(); }
@Override public void remove(Session session, boolean update) { // If the session has expired - as opposed to just being removed from // the manager because it is being persisted - update the expired stats if (update) { long timeNow = System.currentTimeMillis(); int timeAlive = (int) (timeNow - session.getCreationTimeInternal())/1000; updateSessionMaxAliveTime(timeAlive); expiredSessions.incrementAndGet(); SessionTiming timing = new SessionTiming(timeNow, timeAlive); synchronized (sessionExpirationTiming) { sessionExpirationTiming.add(timing); sessionExpirationTiming.poll(); } } if (session.getIdInternal() != null) { sessions.remove(session.getIdInternal()); } }
@Override public void sessionEvent(SessionEvent event) { if (!Session.SESSION_DESTROYED_EVENT.equals(event.getType())) { return; } Session session = event.getSession(); Manager manager = session.getManager(); if (manager == null) { return; } Context context = (Context) manager.getContainer(); Authenticator authenticator = context.getAuthenticator(); if (!(authenticator instanceof AuthenticatorBase)) { return; } SingleSignOn sso = ((AuthenticatorBase) authenticator).sso; if (sso == null) { return; } sso.sessionDestroyed(ssoId, session); }
private void doImminentSessionTimeout(Context activeContext) { ManagerBase manager = (ManagerBase) activeContext.getManager(); Session[] sessions = manager.findSessions(); for (int i = 0; i < sessions.length; i++) { if (sessions[i]!=null && sessions[i].isValid()) { sessions[i].setMaxInactiveInterval(EXTRA_DELAY_SECS); // leave it to be expired by the manager } } try { Thread.sleep(REASONABLE_MSECS_TO_EXPIRY); } catch (InterruptedException ie) { // ignored } // paranoid verification that active sessions have now gone sessions = manager.findSessions(); assertTrue(sessions.length == 0); }
@Override public ClusterMessage requestCompleted(String sessionId) { if (!getState().isAvailable()) return null; LazyReplicatedMap<String,Session> map = (LazyReplicatedMap<String,Session>)sessions; map.replicate(sessionId,false); return null; }
public static long getTTLForSession(Session in_session) { try { long diffMilliSeconds = (1000 * in_session.getMaxInactiveInterval()) - (System.currentTimeMillis() - in_session.getThisAccessedTime()); return diffMilliSeconds; } catch (IllegalStateException ise) { // ignore: invalidated session return -1; } }
public static long getUsedTimeForSession(Session in_session) { try { long diffMilliSeconds = in_session.getThisAccessedTime() - in_session.getCreationTime(); return diffMilliSeconds; } catch (IllegalStateException ise) { // ignore: invalidated session return -1; } }
/** * Process a session destroyed event by removing references to that session * from the caches and - if the session destruction is the result of a * logout - destroy the associated SSO session. * * @param ssoId * The ID of the SSO session which which the destroyed session * was associated * @param session * The session that has been destroyed */ public void sessionDestroyed(String ssoId, Session session) { if (!getState().isAvailable()) { return; } // Was the session destroyed as the result of a timeout or context stop? // If so, we'll just remove the expired session from the SSO. If the // session was logged out, we'll log out of all session associated with // the SSO. if (((session.getMaxInactiveInterval() > 0) && (System.currentTimeMillis() - session.getThisAccessedTimeInternal() >= session.getMaxInactiveInterval() * 1000)) || (!((Context) session.getManager().getContainer()).getState().isAvailable())) { if (containerLog.isDebugEnabled()) { containerLog.debug(sm.getString("singleSignOn.debug.sessionTimeout", ssoId, session)); } removeSession(ssoId, session); } else { // The session was logged out. // Deregister this single session id, invalidating // associated sessions if (containerLog.isDebugEnabled()) { containerLog.debug(sm.getString("singleSignOn.debug.sessionLogout", ssoId, session)); } // First remove the session that we know has expired / been logged // out since it has already been removed from its Manager and, if // we don't remove it first, deregister() will log a warning that it // can't be found removeSession(ssoId, session); // If the SSO session was only associated with one web app the call // above will have removed the SSO session from the cache if (cache.containsKey(ssoId)) { deregister(ssoId); } } }
/** * Return the session associated with this Request, creating one if * necessary. */ @Override public HttpSession getSession() { Session session = doGetSession(true); if (session == null) { return null; } return session.getSession(); }
/** * {@inheritDoc} * <p> * Direct call to processExpires and processPersistenceChecks */ @Override public void processExpires() { long timeNow = System.currentTimeMillis(); Session sessions[] = findSessions(); int expireHere = 0; if (log.isDebugEnabled()) log.debug("Start expire sessions " + getName() + " at " + timeNow + " sessioncount " + sessions.length); for (int i = 0; i < sessions.length; i++) { if (!sessions[i].isValid()) { expiredSessions.incrementAndGet(); expireHere++; } } processPersistenceChecks(); if ((getStore() != null) && (getStore() instanceof StoreBase)) { ((StoreBase) getStore()).processExpires(); } long timeEnd = System.currentTimeMillis(); if (log.isDebugEnabled()) log.debug("End expire sessions " + getName() + " processingTime " + (timeEnd - timeNow) + " expired sessions: " + expireHere); processingTime += (timeEnd - timeNow); }
/** * Return <code>true</code> if the specified URL should be encoded with * a session identifier. This will be true if all of the following * conditions are met: * <ul> * <li>The request we are responding to asked for a valid session * <li>The requested session ID was not received via a cookie * <li>The specified URL points back to somewhere within the web * application that is responding to this request * </ul> * * @param location Absolute URL to be validated */ protected boolean isEncodeable(final String location) { if (location == null) return (false); // Is this an intra-document reference? if (location.startsWith("#")) return (false); // Are we in a valid session that is not using cookies? final Request hreq = request; final Session session = hreq.getSessionInternal(false); if (session == null) return (false); if (hreq.isRequestedSessionIdFromCookie()) return (false); if (SecurityUtil.isPackageProtectionEnabled()) { return ((Boolean) AccessController.doPrivileged(new PrivilegedAction() { public Object run(){ return new Boolean(doIsEncodeable(hreq, session, location)); } })).booleanValue(); } else { return doIsEncodeable(hreq, session, location); } }
public String getCreationTime( String sessionId ) { Session s=sessions.get(sessionId); if( s==null ) { if(log.isInfoEnabled()) log.info("Session not found " + sessionId); return ""; } return new Date(s.getCreationTime()).toString(); }
/** * Create new session with check maxActiveSessions and send session creation * to other cluster nodes. * * @param distribute * @return The session */ public Session createSession(String sessionId, boolean distribute) { DeltaSession session = (DeltaSession) super.createSession(sessionId); if (distribute) { sendCreateSession(session.getId(), session); } if (log.isDebugEnabled()) log.debug(sm.getString("deltaManager.createSession.newSession", session.getId(), Integer.valueOf(sessions.size()))); return (session); }
/** * Send message delta message from request session * @param session current session * @param manager session manager * @param cluster replication cluster */ protected void sendMessage(Session session, ClusterManager manager, CatalinaCluster cluster) { String id = session.getIdInternal(); if (id != null) { send(manager, cluster, id); } }
/** * Callback from the cluster, when a message is received, The cluster will * broadcast it invoking the messageReceived on the receiver. * * @param msg * ClusterMessage - the message received from the cluster */ @Override public void messageReceived(ClusterMessage msg) { if (msg instanceof SessionIDMessage) { SessionIDMessage sessionmsg = (SessionIDMessage) msg; if (log.isDebugEnabled()) log.debug(sm.getString("jvmRoute.receiveMessage.sessionIDChanged", sessionmsg.getOrignalSessionID(), sessionmsg.getBackupSessionID(), sessionmsg.getContextName())); Container container = getCluster().getContainer(); Container host = null; if (container instanceof Engine) { host = container.findChild(sessionmsg.getHost()); } else { host = container; } if (host != null) { Context context = (Context) host.findChild(sessionmsg.getContextName()); if (context != null) { try { Session session = context.getManager().findSession(sessionmsg.getOrignalSessionID()); if (session != null) { session.setId(sessionmsg.getBackupSessionID()); } else if (log.isInfoEnabled()) log.info(sm.getString("jvmRoute.lostSession", sessionmsg.getOrignalSessionID(), sessionmsg.getContextName())); } catch (IOException e) { log.error(e); } } else if (log.isErrorEnabled()) log.error(sm.getString("jvmRoute.contextNotFound", sessionmsg.getContextName(), ((StandardEngine) host.getParent()).getJvmRoute())); } else if (log.isErrorEnabled()) log.error(sm.getString("jvmRoute.hostNotFound", sessionmsg.getContextName())); } return; }
/** * * @param cn Name of the application for which the sessions will be listed * @param req * @param resp * @param smClient StringManager for the client's locale * @throws ServletException * @throws IOException */ protected void displaySessionsListPage(ContextName cn, HttpServletRequest req, HttpServletResponse resp, StringManager smClient) throws ServletException, IOException { List<Session> sessions = getSessionsForName(cn, smClient); String sortBy = req.getParameter("sort"); String orderBy = null; if (null != sortBy && !"".equals(sortBy.trim())) { Comparator<Session> comparator = getComparator(sortBy); if (comparator != null) { orderBy = req.getParameter("order"); if ("DESC".equalsIgnoreCase(orderBy)) { comparator = Collections.reverseOrder(comparator); orderBy = "ASC"; } else { orderBy = "DESC"; } try { Collections.sort(sessions, comparator); } catch (IllegalStateException ise) { // at least 1 of the sessions is invalidated req.setAttribute(APPLICATION_ERROR, "Can't sort session list: one session is invalidated"); } } else { log("WARNING: unknown sort order: " + sortBy); } } // keep sort order req.setAttribute("sort", sortBy); req.setAttribute("order", orderBy); req.setAttribute("activeSessions", sessions); //strong>NOTE</strong> - This header will be overridden // automatically if a <code>RequestDispatcher.forward()</code> call is // ultimately invoked. resp.setHeader("Pragma", "No-cache"); // HTTP 1.0 resp.setHeader("Cache-Control", "no-cache,no-store,max-age=0"); // HTTP 1.1 resp.setDateHeader("Expires", 0); // 0 means now getServletContext().getRequestDispatcher(sessionsListJspPath).include(req, resp); }
/** * * @param req * @param resp * @param smClient StringManager for the client's locale * @throws ServletException * @throws IOException */ protected void displaySessionDetailPage(HttpServletRequest req, HttpServletResponse resp, ContextName cn, String sessionId, StringManager smClient) throws ServletException, IOException { Session session = getSessionForNameAndId(cn, sessionId, smClient); //strong>NOTE</strong> - This header will be overridden // automatically if a <code>RequestDispatcher.forward()</code> call is // ultimately invoked. resp.setHeader("Pragma", "No-cache"); // HTTP 1.0 resp.setHeader("Cache-Control", "no-cache,no-store,max-age=0"); // HTTP 1.1 resp.setDateHeader("Expires", 0); // 0 means now req.setAttribute("currentSession", session); getServletContext().getRequestDispatcher(resp.encodeURL(sessionDetailJspPath)).include(req, resp); }
/** * Remove this Session from the active Sessions for this Manager. * * @param session Session to be removed */ public void remove(Session session) { synchronized (sessions) { sessions.remove(session.getId()); } }
public static long getUsedTimeForSession(Session in_session) { try { long diffMilliSeconds = in_session.getLastAccessedTime() - in_session.getCreationTime(); return diffMilliSeconds; } catch (IllegalStateException ise) { //ignore: invalidated session return -1; } }
/** * Removes the given <code>Session</code> from the list of those * associated with this SSO. * * @param session the <code>Session</code> to remove. */ public synchronized void removeSession(Session session) { Session[] nsessions = new Session[sessions.length - 1]; for (int i = 0, j = 0; i < sessions.length; i++) { if (session == sessions[i]) continue; nsessions[j++] = sessions[i]; } sessions = nsessions; }
public static String getDisplayLastAccessedTimeForSession(Session in_session) { try { if (in_session.getLastAccessedTime() == 0) { return ""; } DateFormat formatter = new SimpleDateFormat(DATE_TIME_FORMAT); return formatter.format(new Date(in_session.getLastAccessedTime())); } catch (IllegalStateException ise) { //ignore: invalidated session return ""; } }
public static String getDisplayTTLForSession(Session in_session) { try { if (in_session.getCreationTime() == 0) { return ""; } } catch (IllegalStateException ise) { //ignore: invalidated session return ""; } return secondsToTimeString(SessionUtils.getTTLForSession(in_session)/1000); }
private void expire(SingleSignOnSessionKey key) { if (engine == null) { containerLog.warn(sm.getString("singleSignOn.sessionExpire.engineNull", key)); return; } Container host = engine.findChild(key.getHostName()); if (host == null) { containerLog.warn(sm.getString("singleSignOn.sessionExpire.hostNotFound", key)); return; } Context context = (Context) host.findChild(key.getContextName()); if (context == null) { containerLog.warn(sm.getString("singleSignOn.sessionExpire.contextNotFound", key)); return; } Manager manager = context.getManager(); if (manager == null) { containerLog.warn(sm.getString("singleSignOn.sessionExpire.managerNotFound", key)); return; } Session session = null; try { session = manager.findSession(key.getSessionId()); } catch (IOException e) { containerLog.warn(sm.getString("singleSignOn.sessionExpire.managerError", key), e); return; } if (session == null) { containerLog.warn(sm.getString("singleSignOn.sessionExpire.sessionNotFound", key)); return; } session.expire(); }
/** * Remove this Session from the active Sessions for this Manager, * and from the Store. * * @param session Session to be removed */ public void remove(Session session) { super.remove (session); if (store != null) try { store.remove(session.getId()); } catch (IOException e) { log("Exception removing session " + e.getMessage()); e.printStackTrace(); } }
/** * {@inheritDoc} * <p> * Remove this Session from the Store. */ @Override public void remove(Session session, boolean update) { super.remove (session, update); if (store != null){ removeSession(session.getIdInternal()); } }
public static String getDisplayCreationTimeForSession(Session in_session) { try { if (in_session.getCreationTime() == 0) { return ""; } DateFormat formatter = new SimpleDateFormat(DATE_TIME_FORMAT); return formatter.format(new Date(in_session.getCreationTime())); } catch (IllegalStateException ise) { //ignore: invalidated session return ""; } }
public static long getInactiveTimeForSession(Session in_session) { try { long diffMilliSeconds = System.currentTimeMillis() - in_session.getThisAccessedTime(); return diffMilliSeconds; } catch (IllegalStateException ise) { // ignore: invalidated session return -1; } }
@Override public Set<String> getSessionIdsFull() { Set<String> sessionIds = new HashSet<String>(); LazyReplicatedMap<String, Session> map = (LazyReplicatedMap<String, Session>) sessions; Iterator<String> keys = map.keySetFull().iterator(); while (keys.hasNext()) { sessionIds.add(keys.next()); } return sessionIds; }
