1 21 22 package org.opensubsystems.core.www; 23 24 import java.io.IOException ; 25 import java.security.Principal ; 26 import java.util.Date ; 27 import java.util.Properties ; 28 import java.util.logging.Logger ; 29 30 import javax.servlet.ServletConfig ; 31 import javax.servlet.ServletContext ; 32 import javax.servlet.ServletException ; 33 import javax.servlet.http.HttpServlet ; 34 import javax.servlet.http.HttpServletRequest ; 35 import javax.servlet.http.HttpServletResponse ; 36 import javax.servlet.http.HttpSession ; 37 38 import org.opensubsystems.core.error.OSSException; 39 import org.opensubsystems.core.util.CallContext; 40 import org.opensubsystems.core.util.ClassUtils; 41 import org.opensubsystems.core.util.Config; 42 import org.opensubsystems.core.util.GlobalConstants; 43 import org.opensubsystems.core.util.Log; 44 import org.opensubsystems.core.util.MyTimer; 45 46 61 public class WebSessionServlet extends HttpServlet 62 { 63 65 73 public static final String WEBSESSION_DISPATCHER_CACHED 74 = "oss.webserver.dispatcher.cached"; 75 76 84 public static final String WEBSESSION_HANDSHAKE_REQUIRED 85 = "oss.webserver.sessionhandshake.required"; 86 87 92 public static final String WEBSESSION_HANDSHAKE_URL = "oss.webserver.sessionhandshake.url"; 93 94 99 public static final String WEBSESSION_LOGIN_REQUIRED 100 = "oss.webserver.login.required"; 101 102 107 public static final String WEBSESSION_LOGIN_URL = "oss.webserver.login.url"; 108 109 114 public static final String SESSION_VALIDATOR_CLASS 115 = "oss.webserver.sessionvalidator.class"; 116 117 123 public static final String LOGIN_SECURE = "oss.login.secure"; 124 125 131 public static final String APPLICATION_SECURE = "oss.application.secure"; 132 133 135 140 public static final boolean WEBSESSION_DISPATCHER_CACHED_DEFAULT = false; 141 142 146 public static final boolean WEBSESSION_HADSHAKE_REQUIRED_DEFAULT = false; 147 148 152 public static final boolean WEBSESSION_LOGIN_REQUIRED_DEFAULT = false; 153 154 157 public static final String LOGIN_FORWARD_SESSION_PARAM = "login.forward"; 158 159 162 public static final String SERVLET_PATH_REQUEST_PARAM = "servletpath"; 163 164 168 public static final String ATTACH_INTERNAL_SESSION_ID_URL_PARAM = "osssessionid"; 169 170 175 public static final boolean DEFAULT_LOGIN_SECURE = false; 176 177 182 public static final boolean DEFAULT_APPLICATION_SECURE = DEFAULT_LOGIN_SECURE; 183 184 186 189 private static Logger s_logger = Log.getInstance(WebSessionServlet.class); 190 191 197 private static boolean s_bRequestDispatcherCached; 198 199 205 private boolean m_bHandhakeRequired; 206 207 210 protected String m_strHandshakeURL; 211 212 217 private boolean m_bLoginRequired; 218 219 222 private String m_strLoginURL; 223 224 227 protected ServletContext m_scServletContext; 228 229 233 protected SessionValidator m_sessionValidator; 234 235 240 protected static boolean s_bLoginSecure; 241 242 247 protected static boolean s_bApplicationSecure; 248 249 251 254 private static final long serialVersionUID = 322547463691937622L; 255 256 258 261 static 262 { 263 Properties prpSettings; 267 268 prpSettings = Config.getInstance().getPropertiesSafely(); 269 s_bRequestDispatcherCached = Config.getBooleanProperty( 270 prpSettings, 271 WEBSESSION_DISPATCHER_CACHED, 272 WEBSESSION_DISPATCHER_CACHED_DEFAULT, 273 "Request dispatcher caching flag"); 274 } 275 276 278 281 public void init( 282 ServletConfig scConfig 283 ) throws ServletException 284 { 285 super.init(scConfig); 286 287 m_scServletContext = scConfig.getServletContext(); 288 289 String strTemp; 290 291 strTemp = WebUtils.readProperty(scConfig, WEBSESSION_HANDSHAKE_REQUIRED, 292 Boolean.toString(WEBSESSION_HADSHAKE_REQUIRED_DEFAULT), 293 false); 294 m_bHandhakeRequired = Boolean.valueOf(strTemp).booleanValue(); 295 s_logger.config(WEBSESSION_HANDSHAKE_REQUIRED + " = " + m_bHandhakeRequired); 296 297 298 m_strHandshakeURL = WebUtils.readProperty(scConfig, WEBSESSION_HANDSHAKE_URL, 300 null, true); 301 s_logger.config(WEBSESSION_HANDSHAKE_URL + " = '" + m_strHandshakeURL + "'"); 302 if ((m_bHandhakeRequired) && (m_strHandshakeURL == null)) 303 { 304 throw new ServletException ("Handshake is required, but handshake URL" + 305 " is not set using property " + WEBSESSION_HANDSHAKE_URL); 306 } 307 308 309 strTemp = WebUtils.readProperty(scConfig, WEBSESSION_LOGIN_REQUIRED, 310 Boolean.toString(WEBSESSION_LOGIN_REQUIRED_DEFAULT), 311 false); 312 m_bLoginRequired = Boolean.valueOf(strTemp).booleanValue(); 313 s_logger.config(WEBSESSION_LOGIN_REQUIRED + " = " + m_bLoginRequired); 314 315 316 m_strLoginURL = WebUtils.readProperty(scConfig, WEBSESSION_LOGIN_URL, 318 null, true); 319 s_logger.config(WEBSESSION_LOGIN_URL + " = '" + m_strLoginURL + "'"); 320 if ((m_bLoginRequired) && (m_strLoginURL == null)) 321 { 322 throw new ServletException ("Login is required, but login URL is not set" + 323 " using property " + WEBSESSION_LOGIN_URL); 324 } 325 326 strTemp = WebUtils.readProperty(scConfig, SESSION_VALIDATOR_CLASS, 328 null, true); 329 s_logger.config(SESSION_VALIDATOR_CLASS + " = " + strTemp); 330 if ((strTemp != null) && (strTemp.length() > 0)) 331 { 332 try 333 { 334 m_sessionValidator = (SessionValidator)ClassUtils.createNewInstance(strTemp); 335 s_logger.finest("Instantiated session validator " + strTemp); 336 } 337 catch (OSSException ossExc) 338 { 339 throw new ServletException ("Unexpected exception.", ossExc); 340 } 341 } 342 343 strTemp = WebUtils.readProperty(scConfig, LOGIN_SECURE, 345 Boolean.toString(DEFAULT_LOGIN_SECURE), false); 346 s_bLoginSecure = Boolean.valueOf(strTemp).booleanValue(); 347 s_logger.config(LOGIN_SECURE + " = " + s_bLoginSecure); 348 349 strTemp = WebUtils.readProperty(scConfig, APPLICATION_SECURE, 351 Boolean.toString(DEFAULT_APPLICATION_SECURE), false); 352 s_bApplicationSecure = Boolean.valueOf(strTemp).booleanValue(); 353 s_logger.config(APPLICATION_SECURE + " = " + s_bApplicationSecure); 354 } 355 356 359 public void destroy( 360 ) 361 { 362 super.destroy(); 363 } 364 365 378 protected final void service( 379 HttpServletRequest hsrqRequest, 380 HttpServletResponse hsrpResponse 381 ) throws ServletException , 382 IOException 383 { 384 MyTimer timer = new MyTimer(); 385 HttpSession hsSession; 388 hsSession = hsrqRequest.getSession(true); 389 try 390 { 391 WebUtils.adjust(hsrqRequest); 394 395 StringBuffer sbBuffer = new StringBuffer (); 399 400 sbBuffer.append(Thread.currentThread().getName()); 401 sbBuffer.append(",in"); 402 sbBuffer.append(","); 403 sbBuffer.append(timer.getStartTime()); 404 sbBuffer.append(","); 405 sbBuffer.append((new Date (timer.getStartTime())).toString()); 406 sbBuffer.append(","); 407 sbBuffer.append(WebSessionUtils.getSessionId(hsSession)); 408 sbBuffer.append(","); 409 sbBuffer.append(hsSession.getId()); 410 sbBuffer.append(","); 411 sbBuffer.append("0"); s_logger.fine(sbBuffer.toString()); 413 414 hsrqRequest.setAttribute(SERVLET_PATH_REQUEST_PARAM, 418 hsrqRequest.getContextPath() 419 + hsrqRequest.getServletPath()); 420 try 421 { 422 if (hsrqRequest.isSecure() != shouldRequestBeSecure()) 424 { 425 String strOriginal; 426 String stsRedirect; 427 428 strOriginal = WebUtils.getFullRequestURL(hsrqRequest); 429 stsRedirect = WebUtils.toggleSecure(hsrqRequest, 430 strOriginal, 431 shouldRequestBeSecure()); 432 s_logger.finer("Redirecting due to HTTP(S) from " + strOriginal 433 + " to " + stsRedirect); 434 hsrpResponse.sendRedirect(stsRedirect); 436 } 437 else 438 { 439 if ((m_bHandhakeRequired) && (hsSession.isNew())) 440 { 441 s_logger.finest("Session " + hsSession.getId() 442 + " is still new and hanshake is required"); 443 handleNewSession(hsSession, hsrqRequest, hsrpResponse); 444 } 445 else 446 { 447 Principal userCredentials; 450 451 userCredentials = verifyLogin(hsSession, hsrqRequest, hsrpResponse); 456 if ((m_bLoginRequired) && (userCredentials == null)) 457 { 458 saveLoginRedirect(hsSession, 462 WebUtils.getFullRequestURL(hsrqRequest)); 463 464 preservice(hsSession, hsrqRequest, hsrpResponse, false); 470 471 redirectToLogin(hsrqRequest, hsrpResponse); 474 } 475 else 476 { 477 if (userCredentials != null) 483 { 484 CallContext.getInstance().setCurrentUserAndSession( 485 userCredentials, WebSessionUtils.getSessionId(hsSession)); 486 } 487 488 preservice(hsSession, hsrqRequest, hsrpResponse, true); 491 492 super.service(hsrqRequest, hsrpResponse); 495 } 496 } 497 } 498 } 499 finally 500 { 501 CallContext.getInstance().reset(); 502 } 503 } 504 finally 505 { 506 StringBuffer sbBuffer = new StringBuffer (); 507 timer.stop(); 508 509 sbBuffer.append(Thread.currentThread().getName()); 510 sbBuffer.append(",out"); 511 sbBuffer.append(","); 512 sbBuffer.append(timer.getStopTime()); 513 sbBuffer.append(","); 514 sbBuffer.append((new Date (timer.getStopTime())).toString()); 515 sbBuffer.append(","); 516 try 517 { 518 sbBuffer.append(WebSessionUtils.getSessionId(hsSession)); 519 sbBuffer.append(","); 520 sbBuffer.append(hsSession.getId()); 521 } 522 catch (IllegalStateException iseExc) 523 { 524 sbBuffer.append("invalidated,invalidated"); 526 } 527 sbBuffer.append(","); 528 sbBuffer.append(timer.getDuration()); 529 sbBuffer.append(","); 530 sbBuffer.append(timer.toString()); 531 s_logger.fine(sbBuffer.toString()); 532 } 533 } 534 535 538 public String getServletInfo( 539 ) 540 { 541 return this.getClass().getName(); 542 } 543 544 546 552 protected boolean isDispatcherCachingEnabled( 553 ) 554 { 555 return s_bRequestDispatcherCached; 556 } 557 558 572 protected void handleNewSession( 573 HttpSession hsSession, 574 HttpServletRequest hsrqRequest, 575 HttpServletResponse hsrpResponse 576 ) throws ServletException , 577 IOException 578 { 579 581 590 saveLoginRedirect(hsSession, WebUtils.getFullRequestURL(hsrqRequest)); 598 599 redirectToLogin(hsrqRequest, hsrpResponse); 602 } 603 604 615 protected Principal verifyLogin( 616 HttpSession hsSession, 617 HttpServletRequest hsrqRequest, 618 HttpServletResponse hsrpResponse 619 ) throws ServletException , 620 IOException 621 { 622 Principal loggedUser; 623 624 loggedUser = WebSessionUtils.getLoggedInUserInfo(hsSession); 625 626 if ((loggedUser != null) && (m_sessionValidator != null)) 627 { 628 String strSessionGenCode; 632 633 strSessionGenCode = WebSessionUtils.getSessionId(hsSession); 634 try 635 { 636 if (!m_sessionValidator.checkSession(strSessionGenCode)) 637 { 638 loggedUser = null; 640 saveLoginRedirect(hsSession, WebUtils.getFullRequestURL(hsrqRequest)); 641 redirectToLogin(hsrqRequest, hsrpResponse); 642 } 643 } 644 catch (OSSException bfeExc) 645 { 646 throw new ServletException (bfeExc); 647 } 648 } 649 650 return loggedUser; 651 } 652 653 661 protected String getLoginRedirect( 662 HttpSession hsSession, 663 HttpServletRequest hsrqRequest 664 ) 665 { 666 if (GlobalConstants.ERROR_CHECKING) 667 { 668 assert hsSession != null : "Session cannot be null here"; 669 } 670 671 String strLoginRedirect = null; 672 673 strLoginRedirect = (String )hsSession.getAttribute(LOGIN_FORWARD_SESSION_PARAM); 674 s_logger.finest("Retrieved login redirect to " + strLoginRedirect); 675 676 if (strLoginRedirect != null) 677 { 678 strLoginRedirect = WebUtils.toggleSecure(hsrqRequest, 681 strLoginRedirect, 682 isApplicationSecure()); 683 } 684 685 return strLoginRedirect; 686 } 687 688 697 protected boolean saveLoginRedirect( 698 HttpSession hsSession, 699 String strFullRedirectURL 700 ) 701 { 702 if (GlobalConstants.ERROR_CHECKING) 703 { 704 assert hsSession != null : "Session cannot be null here"; 705 } 706 707 boolean bReturn = false; 708 709 if (hsSession.getAttribute(LOGIN_FORWARD_SESSION_PARAM) == null) 710 { 711 hsSession.setAttribute(LOGIN_FORWARD_SESSION_PARAM, strFullRedirectURL); 713 s_logger.finest("Saved login redirect " + strFullRedirectURL); 714 bReturn = true; 715 } 716 717 return bReturn; 718 } 719 720 726 protected void resetLoginRedirect( 727 HttpSession hsSession 728 ) 729 { 730 if (GlobalConstants.ERROR_CHECKING) 731 { 732 assert hsSession != null : "Session cannot be null here"; 733 } 734 735 hsSession.removeAttribute(LOGIN_FORWARD_SESSION_PARAM); 736 s_logger.finest("Reseted login redirect"); 737 } 738 739 748 protected void redirectToLogin( 749 HttpServletRequest hsrqRequest, 750 HttpServletResponse hsrpResponse 751 ) throws ServletException , 752 IOException 753 { 754 s_logger.finest("Redirecting to login " + hsrqRequest.getContextPath() 757 + m_strLoginURL); 758 redirect(m_strLoginURL, hsrqRequest, hsrpResponse); 759 } 760 761 770 protected void redirectToHandshake( 771 HttpServletRequest hsrqRequest, 772 HttpServletResponse hsrpResponse 773 ) throws ServletException , 774 IOException 775 { 776 s_logger.finest("Redirecting to handshake " + hsrqRequest.getContextPath() 779 + m_strLoginURL); 780 redirect(m_strHandshakeURL, hsrqRequest, hsrpResponse); 781 } 782 783 794 protected void redirect( 795 String strUrl, 796 HttpServletRequest hsrqRequest, 797 HttpServletResponse hsrpResponse 798 ) throws ServletException , 799 IOException 800 { 801 804 String strAttachSessionId; 810 StringBuffer sbUrl = new StringBuffer (); 811 812 sbUrl.append(hsrqRequest.getContextPath()); 813 sbUrl.append(strUrl); 814 if (sbUrl.indexOf(ATTACH_INTERNAL_SESSION_ID_URL_PARAM) == -1) 815 { 816 strAttachSessionId = hsrqRequest.getParameter( 817 ATTACH_INTERNAL_SESSION_ID_URL_PARAM); 818 if ((strAttachSessionId != null) && (strAttachSessionId.length() > 0)) 819 { 820 if (sbUrl.indexOf("?") == -1) 822 { 823 sbUrl.append("?"); 825 } 826 else 827 { 828 sbUrl.append("&"); 830 } 831 sbUrl.append(ATTACH_INTERNAL_SESSION_ID_URL_PARAM); 832 sbUrl.append("="); 833 sbUrl.append(strAttachSessionId); 834 } 835 } 836 837 hsrpResponse.sendRedirect(sbUrl.toString()); 838 } 839 840 856 protected void preservice( 857 HttpSession hsSession, 858 HttpServletRequest hsrqRequest, 859 HttpServletResponse hsrpResponse, 860 boolean bLoginVerified 861 ) throws ServletException , 862 IOException 863 { 864 } 866 867 875 protected boolean shouldRequestBeSecure( 876 ) 877 { 878 return isApplicationSecure(); 879 } 880 881 887 protected boolean isApplicationSecure( 888 ) 889 { 890 return s_bApplicationSecure; 891 } 892 893 899 protected boolean isLoginSecure( 900 ) 901 { 902 return s_bLoginSecure; 903 } 904 } 905 | Popular Tags |