Author: ate
Date: Wed Jan 12 16:07:44 2011
New Revision: 1058212
URL: http://svn.apache.org/viewvc?rev=1058212&view=rev
Log:
JS2-1231: Ensure expired (portal) sessions are properly invalidated/recreated
See: http://issues.apache.org/jira/browse/JS2-1231
Added:
portals/jetspeed-2/portal/trunk/components/jetspeed-portal/src/main/java/org/apache/jetspeed/container/session/PortalSessionValidationFilter.java
(with props)
Modified:
portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/web.xml
portals/jetspeed-2/portal/trunk/components/jetspeed-portal/src/main/java/org/apache/jetspeed/login/filter/PortalFilter.java
portals/jetspeed-2/portal/trunk/components/jetspeed-portal/src/main/java/org/apache/jetspeed/security/impl/shibboleth/ShibbolethPortalFilter.java
Modified:
portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/web.xml
URL:
http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/web.xml?rev=1058212&r1=1058211&r2=1058212&view=diff
==============================================================================
---
portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/web.xml
(original)
+++
portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/web.xml
Wed Jan 12 16:07:44 2011
@@ -43,6 +43,12 @@ limitations under the License.
<param-value>48</param-value>
</init-param>
</filter>
+
+ <filter>
+ <filter-name>PortalSessionValidationFilter</filter-name>
+
<filter-class>org.apache.jetspeed.container.session.PortalSessionValidationFilter</filter-class>
+ </filter>
+
<!--
<filter>
<filter-name>PortalFilter</filter-name>
@@ -62,6 +68,11 @@ limitations under the License.
</filter-mapping>
<filter-mapping>
+ <filter-name>PortalSessionValidationFilter</filter-name>
+ <url-pattern>/*</url-pattern>
+ </filter-mapping>
+
+ <filter-mapping>
<filter-name>staticResourceCachingFilter</filter-name>
<servlet-name>default</servlet-name>
</filter-mapping>
Added:
portals/jetspeed-2/portal/trunk/components/jetspeed-portal/src/main/java/org/apache/jetspeed/container/session/PortalSessionValidationFilter.java
URL:
http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/components/jetspeed-portal/src/main/java/org/apache/jetspeed/container/session/PortalSessionValidationFilter.java?rev=1058212&view=auto
==============================================================================
---
portals/jetspeed-2/portal/trunk/components/jetspeed-portal/src/main/java/org/apache/jetspeed/container/session/PortalSessionValidationFilter.java
(added)
+++
portals/jetspeed-2/portal/trunk/components/jetspeed-portal/src/main/java/org/apache/jetspeed/container/session/PortalSessionValidationFilter.java
Wed Jan 12 16:07:44 2011
@@ -0,0 +1,99 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jetspeed.container.session;
+
+import java.io.IOException;
+
+import javax.servlet.Filter;
+import javax.servlet.FilterChain;
+import javax.servlet.FilterConfig;
+import javax.servlet.ServletException;
+import javax.servlet.ServletRequest;
+import javax.servlet.ServletResponse;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpSession;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+/**
+ * ServletFilter to check if a HttpSession is still valid and if not
invalidate it.
+ *
+ * This code was in part copied from Pluto
PortletRequestImpl.getSession(boolean)
+ *
+ * @version $Id$
+ *
+ */
+public class PortalSessionValidationFilter implements Filter
+{
+ public static final String SESSION_VALIDATED_ATTRIBUTE_NAME =
PortalSessionValidationFilter.class.getName()+".validated";
+
+ private static Logger log =
LoggerFactory.getLogger(PortalSessionValidationFilter.class);
+
+ public static HttpSession getValidSession(HttpServletRequest request)
+ {
+ HttpSession httpSession = request.getSession(false);
+ // only (should) need to do this once per servlet request
+ if (request.getAttribute(SESSION_VALIDATED_ATTRIBUTE_NAME) == null)
+ {
+ request.setAttribute(SESSION_VALIDATED_ATTRIBUTE_NAME,
Boolean.TRUE);
+ if (httpSession != null)
+ {
+ // HttpSession is not null does NOT mean that it is valid.
+ int maxInactiveInterval = httpSession.getMaxInactiveInterval();
+ long lastAccesstime = httpSession.getLastAccessedTime();
+ if (maxInactiveInterval >= 0 && lastAccesstime > 0)
+ { // < 0 => Never expires.
+ long maxInactiveTime =
httpSession.getMaxInactiveInterval() * 1000L;
+ long currentInactiveTime = System.currentTimeMillis() -
lastAccesstime;
+ if (currentInactiveTime > maxInactiveTime)
+ {
+ if (log.isDebugEnabled())
+ {
+ log.debug("The current HttpSession with ID {} is
expired and will be invalidated.", httpSession.getId());
+ }
+ httpSession.invalidate();
+ httpSession = null;
+ }
+ }
+ }
+ }
+
+ return httpSession;
+ }
+
+ public void init(FilterConfig filterConfig) throws ServletException
+ {
+ }
+
+ public void doFilter(ServletRequest request, ServletResponse response,
FilterChain filterChain) throws IOException, ServletException
+ {
+ if (request instanceof HttpServletRequest)
+ {
+ getValidSession((HttpServletRequest)request);
+ }
+
+ if (filterChain != null)
+ {
+ filterChain.doFilter(request, response);
+ }
+ }
+
+ public void destroy()
+ {
+ }
+}
Propchange:
portals/jetspeed-2/portal/trunk/components/jetspeed-portal/src/main/java/org/apache/jetspeed/container/session/PortalSessionValidationFilter.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange:
portals/jetspeed-2/portal/trunk/components/jetspeed-portal/src/main/java/org/apache/jetspeed/container/session/PortalSessionValidationFilter.java
------------------------------------------------------------------------------
svn:keywords = Id
Propchange:
portals/jetspeed-2/portal/trunk/components/jetspeed-portal/src/main/java/org/apache/jetspeed/container/session/PortalSessionValidationFilter.java
------------------------------------------------------------------------------
svn:mime-type = text/plain
Modified:
portals/jetspeed-2/portal/trunk/components/jetspeed-portal/src/main/java/org/apache/jetspeed/login/filter/PortalFilter.java
URL:
http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/components/jetspeed-portal/src/main/java/org/apache/jetspeed/login/filter/PortalFilter.java?rev=1058212&r1=1058211&r2=1058212&view=diff
==============================================================================
---
portals/jetspeed-2/portal/trunk/components/jetspeed-portal/src/main/java/org/apache/jetspeed/login/filter/PortalFilter.java
(original)
+++
portals/jetspeed-2/portal/trunk/components/jetspeed-portal/src/main/java/org/apache/jetspeed/login/filter/PortalFilter.java
Wed Jan 12 16:07:44 2011
@@ -36,6 +36,7 @@ import org.apache.jetspeed.administratio
import org.apache.jetspeed.audit.AuditActivity;
import org.apache.jetspeed.cache.UserContentCacheManager;
import org.apache.jetspeed.components.ComponentManager;
+import org.apache.jetspeed.container.session.PortalSessionValidationFilter;
import org.apache.jetspeed.login.LoginConstants;
import org.apache.jetspeed.security.AuthenticatedUser;
import org.apache.jetspeed.security.AuthenticatedUserImpl;
@@ -65,6 +66,7 @@ public class PortalFilter implements Fil
HttpServletRequest request = (HttpServletRequest)sRequest;
String username = request.getParameter(LoginConstants.USERNAME);
String password = request.getParameter(LoginConstants.PASSWORD);
+ HttpSession httpSession =
PortalSessionValidationFilter.getValidSession(request);
if (username != null)
{
ComponentManager cm = Jetspeed.getComponentManager();
Modified:
portals/jetspeed-2/portal/trunk/components/jetspeed-portal/src/main/java/org/apache/jetspeed/security/impl/shibboleth/ShibbolethPortalFilter.java
URL:
http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/components/jetspeed-portal/src/main/java/org/apache/jetspeed/security/impl/shibboleth/ShibbolethPortalFilter.java?rev=1058212&r1=1058211&r2=1058212&view=diff
==============================================================================
---
portals/jetspeed-2/portal/trunk/components/jetspeed-portal/src/main/java/org/apache/jetspeed/security/impl/shibboleth/ShibbolethPortalFilter.java
(original)
+++
portals/jetspeed-2/portal/trunk/components/jetspeed-portal/src/main/java/org/apache/jetspeed/security/impl/shibboleth/ShibbolethPortalFilter.java
Wed Jan 12 16:07:44 2011
@@ -35,6 +35,7 @@ import org.apache.jetspeed.administratio
import org.apache.jetspeed.audit.AuditActivity;
import org.apache.jetspeed.cache.UserContentCacheManager;
import org.apache.jetspeed.components.ComponentManager;
+import org.apache.jetspeed.container.session.PortalSessionValidationFilter;
import org.apache.jetspeed.login.LoginConstants;
import org.apache.jetspeed.login.filter.PortalRequestWrapper;
import org.apache.jetspeed.security.AuthenticationProvider;
@@ -60,6 +61,7 @@ public class ShibbolethPortalFilter impl
if (sRequest instanceof HttpServletRequest)
{
HttpServletRequest request = (HttpServletRequest)
sRequest;
+ HttpSession httpSession =
PortalSessionValidationFilter.getValidSession(request);
if (userNameHeader == null)
{
synchronized (sem)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
