KickJava   Java API By Example, From Geeks To Geeks.

Java > Open Source Codes > com > sslexplorer > security > SessionInfo


1 /*
2  * SSL-Explorer
3  *
4  * Copyright (C) 2003-2006 3SP LTD. All Rights Reserved
5  *
6  * This program is free software; you can redistribute it and/or
7  * modify it under the terms of the GNU General Public License
8  * as published by the Free Software Foundation; either version 2 of
9  * the License, or (at your option) any later version.
10  * This program is distributed in the hope that it will be useful,
11  * but WITHOUT ANY WARRANTY; without even the implied warranty of
12  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13  * GNU General Public License for more details.
14  *
15  * You should have received a copy of the GNU General Public
16  * License along with this program; if not, write to the Free Software
17  * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
18  */

19             
20 package com.sslexplorer.security;
21
22 import java.io.BufferedReader JavaDoc;
23 import java.io.File JavaDoc;
24 import java.io.FileInputStream JavaDoc;
25 import java.io.IOException JavaDoc;
26 import java.io.InputStreamReader JavaDoc;
27 import java.net.InetAddress JavaDoc;
28 import java.util.ArrayList JavaDoc;
29 import java.util.Calendar JavaDoc;
30 import java.util.GregorianCalendar JavaDoc;
31 import java.util.HashMap JavaDoc;
32 import java.util.Iterator JavaDoc;
33 import java.util.List JavaDoc;
34 import java.util.Map JavaDoc;
35
36 import javax.servlet.http.HttpSession JavaDoc;
37
38 import org.apache.commons.logging.Log;
39 import org.apache.commons.logging.LogFactory;
40 import org.mortbay.jetty.servlet.SessionManager.Session;
41
42 import com.sslexplorer.boot.ContextHolder;
43 import com.sslexplorer.boot.Util;
44 import com.sslexplorer.core.CoreEvent;
45 import com.sslexplorer.core.CoreEventConstants;
46 import com.sslexplorer.core.CoreListener;
47 import com.sslexplorer.core.CoreServlet;
48 import com.sslexplorer.core.CoreUtil;
49 import com.sslexplorer.realms.Realm;
50
51 /**
52  * Encapsulates everything known about an SSL-Explorer session.
53  *
54  *
55  * @author Brett Smith <a HREF="mailto: brett@3sp.com">&lt;brett@3sp.com&gt;</a>
56  */

57 public class SessionInfo implements CoreListener {
58
59     final static Log log = LogFactory.getLog(SessionInfo.class);
60
61     private static List JavaDoc davUserAgents = null;
62
63     /* Logon type */
64
65     /**
66      * Originated from the user interface
67      */

68     public final static int UI = 0;
69
70     /**
71      * Originated from the VPN client
72      */

73     public final static int AGENT = 1;
74
75     /**
76      * Originated from a DAV client
77      */

78     public final static int DAV_CLIENT = 2;
79
80     /* Navigation context */
81
82     /**
83      * User console for normal user.
84      */

85     public static final int USER_CONSOLE_CONTEXT = 1;
86
87     /**
88      * Management console for super user or users that have been delegated
89      * responsibility for management tasks.
90      */

91     public static final int MANAGEMENT_CONSOLE_CONTEXT = 2;
92
93     /**
94      * Setup console that may be accessed from the management console or when
95      * the server has been started in setup mode
96      */

97     public static final int SETUP_CONSOLE_CONTEXT = 4;
98
99     /**
100      * Help context works slighly differently in that the sessions current
101      * context is not actually changed.
102      */

103     public static final int HELP_CONTEXT = 8;
104
105     /**
106      * Convenience mask for all contexts
107      */

108     public static final int ALL_CONTEXTS = 255;
109
110     /* Private instance variables */
111     private User user;
112     private InetAddress JavaDoc address;
113     private Calendar JavaDoc logonTime;
114     private int type;
115     private String JavaDoc logonTicket;
116     private int navigationContext;
117     private HttpSession JavaDoc session;
118     private int id;
119     private String JavaDoc userAgent;
120     private long lastAccessTime;
121     private boolean invalidating;
122     private Map JavaDoc<String JavaDoc, Object JavaDoc> attributes;
123     private List JavaDoc<SessionInfoListener> listeners = new ArrayList JavaDoc<SessionInfoListener>();
124     
125     /* Private static variables */
126
127     private static HashMap JavaDoc sessions = new HashMap JavaDoc();
128     private static int nextId = 1;
129
130     /**
131      * Create a new {@link SessionInfo} object, assiging it the next Id.
132      *
133      * @param session {@link HttpSession} originator of this session
134      * @param logonTicket logon ticket
135      * @param user user object
136      * @param address address
137      * @param type client type
138      * @param userAgent user agent if known
139      * @return session
140      */

141     public static SessionInfo nextSession(HttpSession JavaDoc session, String JavaDoc logonTicket, User user, InetAddress JavaDoc address, int type,
142                                           String JavaDoc userAgent) {
143         synchronized (sessions) {
144             SessionInfo info = new SessionInfo(nextId, session, logonTicket, user, address, type, userAgent);
145             if (LogonControllerFactory.getInstance().isAdministrator(user)) {
146                 info.setNavigationContext(SessionInfo.MANAGEMENT_CONSOLE_CONTEXT);
147             }
148             sessions.put(String.valueOf(nextId), info);
149             nextId++;
150             return info;
151         }
152     }
153
154     /**
155      * Get a session given its Id.
156      *
157      * @param id session id
158      * @return session
159      */

160     public static SessionInfo getSession(int id) {
161         return (SessionInfo) sessions.get(String.valueOf(id));
162     }
163
164     /**
165      * Release a session so its ID can be re-used
166      */

167     public void release() {
168         synchronized (sessions) {
169             sessions.remove(String.valueOf(id));
170
171             // TODO implement a more efficient way of getting the next session
172
// id
173

174             Map.Entry JavaDoc e;
175             int next = 1;
176             boolean found;
177             while (true) {
178                 found = false;
179                 for (Iterator JavaDoc i = sessions.entrySet().iterator(); i.hasNext();) {
180                     e = (Map.Entry JavaDoc) i.next();
181                     if (((SessionInfo) e.getValue()).getId() == next) {
182                         found = true;
183                         break;
184                     }
185                 }
186                 if (!found) {
187                     nextId = next;
188                     break;
189                 }
190                 next++;
191
192             }
193         }
194     }
195
196     /* Private constructor to prevent instantiation */
197
198     private SessionInfo(int id, HttpSession JavaDoc session, String JavaDoc logonTicket, User user, InetAddress JavaDoc address, int type, String JavaDoc userAgent) {
199         attributes = new HashMap JavaDoc<String JavaDoc, Object JavaDoc>();
200         this.user = user;
201         this.id = id;
202         this.session = session;
203         this.logonTicket = logonTicket;
204         this.address = address;
205         navigationContext = USER_CONSOLE_CONTEXT;
206         this.type = type;
207         this.userAgent = userAgent;
208         logonTime = new GregorianCalendar JavaDoc();
209         lastAccessTime = System.currentTimeMillis();
210         CoreServlet.getServlet().addCoreListener(this);
211     }
212
213     public Object JavaDoc setAttribute(String JavaDoc key, Object JavaDoc value) {
214         if(value instanceof SessionInfoListener &&
215                         !listeners.contains(value)) {
216             listeners.add((SessionInfoListener)value);
217         }
218         return attributes.put(key, value);
219     }
220
221     public Object JavaDoc getAttribute(String JavaDoc key) {
222         return attributes.get(key);
223     }
224
225     public Object JavaDoc removeAttribute(String JavaDoc key) {
226         Object JavaDoc val = attributes.remove(key);
227         if(val instanceof SessionInfoListener) {
228             listeners.remove((SessionInfoListener)val);
229         }
230         return val;
231     }
232
233     public void access() {
234         // Update the last accessed time on the HTTP session
235
((Session JavaDoc) session).access();
236     }
237
238     /**
239      * Get the sequential ID of this session
240      *
241      * @return Id
242      */

243     public int getId() {
244         return id;
245     }
246
247     /**
248      * Get the {@link HttpSession} that originated this logon session
249      *
250      * @return {@link HttpSession} originator
251      */

252     public HttpSession JavaDoc getHttpSession() {
253         return session;
254     }
255
256     /**
257      * Get the logon ticket for this session
258      *
259      * @return logon ticket
260      */

261     public String JavaDoc getLogonTicket() {
262         return logonTicket;
263     }
264
265     /**
266      * Get the type of session. May be one of {@link #UI}, {@link #AGENT} or
267      * {@link #DAV_CLIENT}.
268      *
269      *
270      * @return session type
271      */

272     public int getType() {
273         return type;
274     }
275
276     /**
277      * Set the type of session. May be one of {@link #UI}, {@link #AGENT} or
278      * {@link #DAV_CLIENT}.
279      *
280      *
281      * @param type session type
282      */

283     public void setType(int type) {
284         this.type = type;
285     }
286
287     /**
288      * Get the internet address that this session originated from
289      *
290      * @return originating internet address
291      */

292     public InetAddress JavaDoc getAddress() {
293         return address;
294     }
295
296     /**
297      * Get the time this session started
298      *
299      * @return logon time
300      */

301     public Calendar JavaDoc getLogonTime() {
302         return logonTime;
303     }
304
305     /**
306      * Get the user that originated this session
307      *
308      * @return user
309      */

310     public User getUser() {
311         return user;
312     }
313
314     /**
315      * Convenience method to get the {@link Realm} of the user that this
316      * originated this session
317      *
318      * @return realm
319      */

320     public Realm getRealm() {
321         return user == null ? null : user.getRealm();
322     }
323
324     /**
325      * Convenience method to get the resource ID of the {@link Realm} of the
326      * user that this originated this session
327      *
328      * @return realm
329      */

330     public int getRealmId() {
331         Realm r = user == null ? null : user.getRealm();
332         return r == null ? 0 : r.getResourceId();
333     }
334
335     /**
336      * Set the {@link HttpSession} that owns or now owns this session.
337      *
338      * @param session session
339      */

340     public void setSession(HttpSession JavaDoc session) {
341         this.session = session;
342     }
343
344     /**
345      * Get the navigation context the user is currently in. May be one of
346      * {@link #USER_CONSOLE_CONTEXT} or {@link #MANAGEMENT_CONSOLE_CONTEXT}.
347      *
348      * @return navigation context
349      */

350     public int getNavigationContext() {
351         return navigationContext;
352     }
353
354     /**
355      * Set the navigation context the user is currently in. May be one of
356      * {@link #USER_CONSOLE_CONTEXT} or {@link #MANAGEMENT_CONSOLE_CONTEXT}.
357      *
358      * @param navigationContext new navigation context
359      */

360     public void setNavigationContext(int navigationContext) {
361         this.navigationContext = navigationContext;
362     }
363
364     /**
365      * Get the scheme that was used to logon.
366      *
367      * @return logon scheme
368      */

369     public AuthenticationScheme getCredentials() {
370         return (AuthenticationScheme) session.getAttribute(Constants.AUTH_SESSION);
371     }
372
373     /**
374      * Get the user agent.
375      *
376      * @return user agent
377      */

378     public String JavaDoc getUserAgent() {
379         return userAgent;
380     }
381
382     /**
383      * Set the user for this session
384      *
385      * @param user user
386      */

387     public void setUser(User user) {
388         this.user = user;
389     }
390
391     /**
392      * Try to determine what type of client is connecting based on the user
393      * agent. If <code>null</code> is supplied then the type will just be
394      * returned as {@link SessionInfo#UI}.
395      * <p>
396      * When not null, first the user agent is tested to see if it is the VPN
397      * client (agent). If so then {@link SessionInfo#AGENT} will be returned.
398      * <p>
399      * If not the VPN client, then the file <i>conf/dav.agents</i> will be
400      * examined to see if any of the patterns it contains match the supplied
401      * agent string. If so, the the session is of type
402      * {@link SessionInfo#DAV_CLIENT}.
403      * <p>
404      * If none of the conditions are met, then the default of
405      * {@link SessionInfo#UI} is returned.
406      *
407      * @param userAgent user agent string
408      * @return session type
409      * @see SessionInfo#UI
410      * @see SessionInfo#DAV_CLIENT
411      * @see SessionInfo#AGENT
412      */

413     public static int getSessionTypeForUserAgent(String JavaDoc userAgent) {
414         if (userAgent == null) {
415             return UI;
416         }
417         if (userAgent.equals("SSL-Explorer/Agent")) {
418             return AGENT;
419         }
420         if (davUserAgents == null) {
421             davUserAgents = new ArrayList JavaDoc();
422             File JavaDoc f = new File JavaDoc(ContextHolder.getContext().getConfDirectory(), "dav.agents");
423             FileInputStream JavaDoc fin = null;
424             try {
425                 fin = new FileInputStream JavaDoc(f);
426                 BufferedReader JavaDoc br = new BufferedReader JavaDoc(new InputStreamReader JavaDoc(fin));
427                 String JavaDoc line = null;
428                 while ((line = br.readLine()) != null) {
429                     line = Util.trimBoth(line);
430                     if (!line.startsWith("#")) {
431                         davUserAgents.add(line);
432                     }
433                 }
434             } catch (IOException JavaDoc ioe) {
435                 log.warn("Failed to read " + f.getAbsolutePath() + ". Will not be able to identify DAV clients.");
436             } finally {
437                 Util.closeStream(fin);
438             }
439         }
440         for (Iterator JavaDoc i = davUserAgents.iterator(); i.hasNext();) {
441             String JavaDoc us = (String JavaDoc) i.next();
442             if (userAgent.matches(us)) {
443                 return SessionInfo.DAV_CLIENT;
444             }
445         }
446         return SessionInfo.UI;
447     }
448
449     public String JavaDoc toString() {
450         return session.getId() + "/" + user.getPrincipalName();
451     }
452
453     public boolean isInvalidating() {
454         return invalidating;
455     }
456
457     public void invalidate() {
458         if (session != null) {
459             invalidating = true;
460             session.invalidate();
461             invalidating = false;
462         }
463         for(SessionInfoListener l : listeners) {
464             l.invalidated();
465         }
466         CoreServlet.getServlet().removeCoreListener(this);
467     }
468
469     public void coreEvent(CoreEvent evt) {
470         if (evt.getId() == CoreEventConstants.GRANT_POLICY_TO_PRINCIPAL
471                         || evt.getId() == CoreEventConstants.REVOKE_POLICY_FROM_PRINCIPAL
472                         || evt.getId() == CoreEventConstants.RESOURCE_DETACHED_FROM_POLICY
473                         || evt.getId() == CoreEventConstants.RESOURCE_ATTACHED_TO_POLICY) {
474             if (session != null) {
475                 synchronized (session) {
476                     CoreUtil.resetMainNavigation(getHttpSession());
477                 }
478             }
479         }
480     }
481
482 }
Popular Tags