javax.servlet.SessionTrackingMode Java Examples

private void populateSessionTrackingModes() {
    // URL re-writing is always enabled by default
    defaultSessionTrackingModes = EnumSet.of(SessionTrackingMode.URL);
    supportedSessionTrackingModes = EnumSet.of(SessionTrackingMode.URL);

    if (context.getCookies()) {
        defaultSessionTrackingModes.add(SessionTrackingMode.COOKIE);
        supportedSessionTrackingModes.add(SessionTrackingMode.COOKIE);
    }

    // SSL not enabled by default as it can only used on its own
    // Context > Host > Engine > Service
    Service s = ((Engine) context.getParent().getParent()).getService();
    Connector[] connectors = s.findConnectors();
    // Need at least one SSL enabled connector to use the SSL session ID.
    for (Connector connector : connectors) {
        if (Boolean.TRUE.equals(connector.getAttribute("SSLEnabled"))) {
            supportedSessionTrackingModes.add(SessionTrackingMode.SSL);
            break;
        }
    }
}
 

private void populateSessionTrackingModes() {
    // URL re-writing is always enabled by default
    defaultSessionTrackingModes = EnumSet.of(SessionTrackingMode.URL);
    supportedSessionTrackingModes = EnumSet.of(SessionTrackingMode.URL);

    if (context.getCookies()) {
        defaultSessionTrackingModes.add(SessionTrackingMode.COOKIE);
        supportedSessionTrackingModes.add(SessionTrackingMode.COOKIE);
    }

    // SSL not enabled by default as it can only used on its own
    // Context > Host > Engine > Service
    Connector[] connectors = service.findConnectors();
    // Need at least one SSL enabled connector to use the SSL session ID.
    for (Connector connector : connectors) {
        if (Boolean.TRUE.equals(connector.getAttribute("SSLEnabled"))) {
            supportedSessionTrackingModes.add(SessionTrackingMode.SSL);
            break;
        }
    }
}
 

/**
 * Change the ID of the session that this request is associated with. There
 * are several things that may trigger an ID change. These include moving
 * between nodes in a cluster and session fixation prevention during the
 * authentication process.
 *
 * @param newSessionId   The session to change the session ID for
 */
public void changeSessionId(String newSessionId) {
    // This should only ever be called if there was an old session ID but
    // double check to be sure
    if (requestedSessionId != null && requestedSessionId.length() > 0) {
        requestedSessionId = newSessionId;
    }

    Context context = getContext();
    if (context != null &&
            !context.getServletContext()
                    .getEffectiveSessionTrackingModes()
                    .contains(SessionTrackingMode.COOKIE)) {
        return;
    }

    if (response != null) {
        Cookie newCookie = ApplicationSessionCookieConfig.createSessionCookie(context,
                newSessionId, isSecure());
        response.addSessionCookieInternal(newCookie);
    }
}
 

/**
 * Change the ID of the session that this request is associated with. There
 * are several things that may trigger an ID change. These include moving
 * between nodes in a cluster and session fixation prevention during the
 * authentication process.
 *
 * @param newSessionId   The session to change the session ID for
 */
public void changeSessionId(String newSessionId) {
    // This should only ever be called if there was an old session ID but
    // double check to be sure
    if (requestedSessionId != null && requestedSessionId.length() > 0) {
        requestedSessionId = newSessionId;
    }

    if (context != null && !context.getServletContext()
            .getEffectiveSessionTrackingModes().contains(
                    SessionTrackingMode.COOKIE)) {
        return;
    }

    if (response != null) {
        Cookie newCookie =
            ApplicationSessionCookieConfig.createSessionCookie(context,
                    newSessionId, secure);
        response.addSessionCookieInternal(newCookie);
    }
}
 

@BeforeClass
public static void setup() {
    DeploymentUtils.setupServlet(new ServletExtension() {
        @Override
        public void handleDeployment(DeploymentInfo deploymentInfo, ServletContext servletContext) {
            deploymentInfo.setServletSessionConfig(new ServletSessionConfig().setSessionTrackingModes(Collections.singleton(SessionTrackingMode.URL)));
        }
    }, Servlets.servlet(URLRewritingServlet.class).addMapping("/foo"));
}
 

@Override
public Set<SessionTrackingMode> getEffectiveSessionTrackingModes() {
    if (sessionTrackingModes != null) {
        return sessionTrackingModes;
    }
    return defaultSessionTrackingModes;
}
 

@Override
@SuppressWarnings("unchecked") // doPrivileged() returns the correct type
public Set<SessionTrackingMode> getEffectiveSessionTrackingModes() {
    if (SecurityUtil.isPackageProtectionEnabled()) {
        return (Set<SessionTrackingMode>)
            doPrivileged("getEffectiveSessionTrackingModes", null);
    } else {
        return context.getEffectiveSessionTrackingModes();
    }
}
 

@Override
public void setSessionTrackingModes(Set<SessionTrackingMode> sessionTrackingModes) {

    if (!context.getState().equals(LifecycleState.STARTING_PREP)) {
        throw new IllegalStateException(
                sm.getString("applicationContext.setSessionTracking.ise",
                        getContextPath()));
    }

    // Check that only supported tracking modes have been requested
    for (SessionTrackingMode sessionTrackingMode : sessionTrackingModes) {
        if (!supportedSessionTrackingModes.contains(sessionTrackingMode)) {
            throw new IllegalArgumentException(sm.getString(
                    "applicationContext.setSessionTracking.iae.invalid",
                    sessionTrackingMode.toString(), getContextPath()));
        }
    }

    // Check SSL has not be configured with anything else
    if (sessionTrackingModes.contains(SessionTrackingMode.SSL)) {
        if (sessionTrackingModes.size() > 1) {
            throw new IllegalArgumentException(sm.getString(
                    "applicationContext.setSessionTracking.iae.ssl",
                    getContextPath()));
        }
    }

    this.sessionTrackingModes = sessionTrackingModes;
}
 

@Override
public void setSessionTrackingModes(
        Set<SessionTrackingMode> sessionTrackingModes) {
    if (SecurityUtil.isPackageProtectionEnabled()) {
        doPrivileged("setSessionTrackingModes",
                new Object[]{sessionTrackingModes});
    } else {
        context.setSessionTrackingModes(sessionTrackingModes);
    }
}
 

@Override
public void setSessionTrackingModes(
        Set<SessionTrackingMode> sessionTrackingModes) {
    if (SecurityUtil.isPackageProtectionEnabled()) {
        doPrivileged("setSessionTrackingModes",
                new Object[]{sessionTrackingModes});
    } else {
        context.setSessionTrackingModes(sessionTrackingModes);
    }
}
 

@Override
@SuppressWarnings("unchecked") // doPrivileged() returns the correct type
public Set<SessionTrackingMode> getEffectiveSessionTrackingModes() {
    if (SecurityUtil.isPackageProtectionEnabled()) {
        return (Set<SessionTrackingMode>)
            doPrivileged("getEffectiveSessionTrackingModes", null);
    } else {
        return context.getEffectiveSessionTrackingModes();
    }
}
 

private void addRootContext(ServletContext container) {
  // Create the application context
  AnnotationConfigWebApplicationContext rootContext = new AnnotationConfigWebApplicationContext();
  rootContext.register(SpringContextConfig.class); 
	 
  // Register application context with ContextLoaderListener
  container.addListener(new ContextLoaderListener(rootContext));
 container.setInitParameter("contextConfigLocation", "org.packt.web.reactor.security.config");
 container.setSessionTrackingModes(EnumSet.of(SessionTrackingMode.COOKIE)); // if URL, enable sessionManagement URL rewriting   
	 
}
 

public TesterRequest(boolean withSession) {
    context = new TesterContext();
    servletContext = new TesterServletContext();
    context.setServletContext(servletContext);
    if (withSession) {
        Set<SessionTrackingMode> modes = new HashSet<>();
        modes.add(SessionTrackingMode.URL);
        modes.add(SessionTrackingMode.COOKIE);
        servletContext.setSessionTrackingModes(modes);
        session = new StandardSession(null);
        session.setId("1234", false);
        session.setValid(true);
    }
}
 

/**
 * Return <code>true</code> if the specified URL should be encoded with
 * a session identifier.  This will be true if all of the following
 * conditions are met:
 * <ul>
 * <li>The request we are responding to asked for a valid session
 * <li>The requested session ID was not received via a cookie
 * <li>The specified URL points back to somewhere within the web
 * application that is responding to this request
 * </ul>
 *
 * @param location Absolute URL to be validated
 */
private boolean isEncodeable(final String location) {

    if (location == null)
        return (false);

    // Is this an intra-document reference?
    if (location.startsWith("#"))
        return (false);

    // Are we in a valid session that is not using cookies?
    final HttpServletRequestImpl hreq = exchange.getAttachment(ServletRequestContext.ATTACHMENT_KEY).getOriginalRequest();

    // Is URL encoding permitted
    if (!originalServletContext.getEffectiveSessionTrackingModes().contains(SessionTrackingMode.URL)) {
        return false;
    }

    final HttpSession session = hreq.getSession(false);
    if (session == null) {
        return false;
    } else if(hreq.isRequestedSessionIdFromCookie()) {
        return false;
    } else if (!hreq.isRequestedSessionIdFromURL() && !session.isNew()) {
        return false;
    }

    return doIsEncodeable(hreq, session, location);
}
 

/**
 * Test getEffectiveSessionTrackingModes method.
 */
@Test
public void testGetEffectiveSessionTrackingModes() {
    DefaultWebApplication webApp = new DefaultWebApplication();
    Set<SessionTrackingMode> trackingModes = EnumSet.of(SessionTrackingMode.URL);
    webApp.setSessionTrackingModes(trackingModes);
    assertTrue(webApp.getEffectiveSessionTrackingModes().contains(SessionTrackingMode.URL));
}
 

/**
 * Return the supplied value if one was previously set, else return the
 * defaults.
 */
@Override
public Set<SessionTrackingMode> getEffectiveSessionTrackingModes() {
    if (sessionTrackingModes != null) {
        return sessionTrackingModes;
    }
    return defaultSessionTrackingModes;
}
 

/**
 * @throws IllegalStateException if the context has already been initialised
 * @throws IllegalArgumentException If SSL is requested in combination with
 *                                  anything else or if an unsupported
 *                                  tracking mode is requested
 */
@Override
public void setSessionTrackingModes(
        Set<SessionTrackingMode> sessionTrackingModes) {

    if (!context.getState().equals(LifecycleState.STARTING_PREP)) {
        throw new IllegalStateException(
                sm.getString("applicationContext.setSessionTracking.ise",
                        getContextPath()));
    }

    // Check that only supported tracking modes have been requested
    for (SessionTrackingMode sessionTrackingMode : sessionTrackingModes) {
        if (!supportedSessionTrackingModes.contains(sessionTrackingMode)) {
            throw new IllegalArgumentException(sm.getString(
                    "applicationContext.setSessionTracking.iae.invalid",
                    sessionTrackingMode.toString(), getContextPath()));
        }
    }

    // Check SSL has not be configured with anything else
    if (sessionTrackingModes.contains(SessionTrackingMode.SSL)) {
        if (sessionTrackingModes.size() > 1) {
            throw new IllegalArgumentException(sm.getString(
                    "applicationContext.setSessionTracking.iae.ssl",
                    getContextPath()));
        }
    }

    this.sessionTrackingModes = sessionTrackingModes;
}
 

@Override
public void setSessionTrackingModes(final Set<SessionTrackingMode> sessionTrackingModes) {
    ensureNotProgramaticListener();
    ensureNotInitialized();
    if (sessionTrackingModes.size() > 1 && sessionTrackingModes.contains(SessionTrackingMode.SSL)) {
        throw UndertowServletMessages.MESSAGES.sslCannotBeCombinedWithAnyOtherMethod();
    }
    this.sessionTrackingModes = new HashSet<>(sessionTrackingModes);
    //TODO: actually make this work
}
 

/**
 * Constructor.
 */
public DefaultHttpSessionManager() {
    attributeListeners = new ArrayList<>(1);
    defaultSessionTrackingModes = EnumSet.of(SessionTrackingMode.COOKIE);
    idListeners = new ArrayList<>(1);
    name = "JSESSIONID";
    sessionListeners = new ArrayList<>(1);
    sessionTimeout = 10;
    sessions = new ConcurrentHashMap<>();
}
 

@Override
public void setSessionTrackingModes(final Set<SessionTrackingMode> sessionTrackingModes) {
    ensureNotProgramaticListener();
    ensureNotInitialized();
    if (sessionTrackingModes.size() > 1 && sessionTrackingModes.contains(SessionTrackingMode.SSL)) {
        throw UndertowServletMessages.MESSAGES.sslCannotBeCombinedWithAnyOtherMethod();
    }
    this.sessionTrackingModes = new HashSet<>(sessionTrackingModes);
    //TODO: actually make this work
}
 

@Override
@SuppressWarnings("unchecked") // doPrivileged() returns the correct type
public Set<SessionTrackingMode> getDefaultSessionTrackingModes() {
    if (SecurityUtil.isPackageProtectionEnabled()) {
        return (Set<SessionTrackingMode>)
            doPrivileged("getDefaultSessionTrackingModes", null);
    } else {
        return context.getDefaultSessionTrackingModes();
    }
}
 

private void addRootContext(ServletContext container) {
  // Create the application context
  AnnotationConfigWebApplicationContext rootContext = new AnnotationConfigWebApplicationContext();
  rootContext.register(SpringContextConfig.class); 
	 
  // Register application context with ContextLoaderListener
  container.addListener(new ContextLoaderListener(rootContext));
  container.addListener(new AppSessionListener());
  container.setInitParameter("contextConfigLocation", "org.packt.secured.mvc.core");
  container.setSessionTrackingModes(EnumSet.of(SessionTrackingMode.COOKIE)); // if URL, enable sessionManagement URL rewriting   
}
 

@Override
public Set<SessionTrackingMode> getDefaultSessionTrackingModes() {
  return null;
}
 

@Override
public void setSessionTrackingModes(Set<SessionTrackingMode> set) {
    throw new UnsupportedOperationException("Not supported yet.");
}
 

@Override
public Set<SessionTrackingMode> getDefaultSessionTrackingModes() {
    return null;
}
 

@Override
public Set<SessionTrackingMode> getEffectiveSessionTrackingModes() {
    ensureNotProgramaticListener();
    return Collections.unmodifiableSet(sessionTrackingModes);
}
 

@Override
public Set<SessionTrackingMode> getEffectiveSessionTrackingModes() {
    return EnumSet.noneOf(SessionTrackingMode.class);
}
 

@Override
public Set<SessionTrackingMode> getEffectiveSessionTrackingModes() {
  return null;
}
 

@Override
public void setSessionTrackingModes(
    Set<SessionTrackingMode> sessionTrackingModes) {
}
 

public void setDefaultSessionTrackingModes(HashSet<SessionTrackingMode> sessionTrackingModes) {
    this.defaultSessionTrackingModes = sessionTrackingModes;
    this.sessionTrackingModes = sessionTrackingModes;
}