Java Code Examples for io.vertx.ext.web.RoutingContext#session()

The following examples show how to use io.vertx.ext.web.RoutingContext#session() . These examples are extracted from open source projects. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source Project: joyqueue   File: AdminLoginHandler.java    License: Apache License 2.0 6 votes vote down vote up
@Override
public void handle(final RoutingContext context) {
    HttpServerRequest request = context.request();
    Session session = context.session();
    if (session == null) {
        context.fail(new HttpStatusException(HTTP_INTERNAL_ERROR, "No session - did you forget to include a SessionHandler?"));
        return;
    }
    String remoteIP = getRemoteIP(request);
    context.put(REMOTE_IP, remoteIP);
    User user = session.get(userSessionKey);
    if (user == null) {
        user = userService.findByCode(DEFAULT_LOGIN_USER_CODE);
    }
    //存放用户上下文信息
    context.put(USER_KEY, user);
    context.next();
}
 
Example 2
Source Project: Summer   File: SummerRouter.java    License: MIT License 6 votes vote down vote up
private Object getContext(RoutingContext routingContext,ArgInfo argInfo){
    Class clz = argInfo.getClazz();
    if (clz ==RoutingContext.class){

        return routingContext;
    }else if (clz == HttpServerRequest.class){
        return routingContext.request();
    }else if (clz == HttpServerResponse.class){
        return routingContext.response();
    }else if (clz == Session.class){
        return routingContext.session();
    }else if (clz == Vertx.class){
        return vertx;
    }
    return null;
}
 
Example 3
@Override
public void parseCredentials(RoutingContext context, Handler<AsyncResult<JsonObject>> handler) {
    Session session = context.session();
    if (session != null) {
        try {
            // Save current request in session - we'll get redirected back here after successful login
            io.vertx.reactivex.core.http.HttpServerRequest request = new io.vertx.reactivex.core.http.HttpServerRequest(context.request());
            Map<String, String> requestParameters = request.params().entries().stream().collect(Collectors.toMap(Map.Entry::getKey, Map.Entry::getValue));

            session.put(returnURLParam, UriBuilderRequest.resolveProxyRequest(request, request.path(), requestParameters));

            // Now redirect to the login url
            String uri = UriBuilderRequest.resolveProxyRequest(request, loginRedirectURL, requestParameters, true);

            handler.handle(Future.failedFuture(new HttpStatusException(302, uri)));
        } catch (Exception e) {
            logger.warn("Failed to decode login redirect url", e);
            handler.handle(Future.failedFuture(new HttpStatusException(302, loginRedirectURL)));
        }
    } else {
        handler.handle(Future.failedFuture("No session - did you forget to include a SessionHandler?"));
    }
}
 
Example 4
Source Project: vertx-web   File: SockJSSession.java    License: Apache License 2.0 6 votes vote down vote up
SockJSSession(Vertx vertx, LocalMap<String, SockJSSession> sessions, RoutingContext rc, String id, long timeout, long heartbeatInterval,
              Handler<SockJSSocket> sockHandler) {
  super(vertx, rc.session(), rc.user());
  this.sessions = sessions;
  this.id = id;
  this.timeout = timeout;
  this.sockHandler = sockHandler;
  context = vertx.getOrCreateContext();
  pendingReads = new InboundBuffer<>(context);

  // Start a heartbeat

  heartbeatID = vertx.setPeriodic(heartbeatInterval, tid -> {
    if (listener != null) {
      listener.sendFrame("h", null);
    }
  });
}
 
Example 5
Source Project: vertx-web   File: DigestAuthHandlerImpl.java    License: Apache License 2.0 6 votes vote down vote up
@Override
public String authenticateHeader(RoutingContext context) {
  final byte[] bytes = new byte[32];
  random.nextBytes(bytes);
  // generate nonce
  String nonce = md5(bytes);
  // save it
  nonces.put(nonce, new Nonce(0));

  // generate opaque
  String opaque = null;
  final Session session = context.session();
  if (session != null) {
    opaque = (String) session.data().get("opaque");
  }

  if (opaque == null) {
    random.nextBytes(bytes);
    // generate random opaque
    opaque = md5(bytes);
  }

  return "Digest realm=\"" + realm + "\", qop=\"auth\", nonce=\"" + nonce + "\", opaque=\"" + opaque + "\"";
}
 
Example 6
Source Project: vertx-web   File: CSRFHandlerImpl.java    License: Apache License 2.0 6 votes vote down vote up
private String getTokenFromSession(RoutingContext ctx) {
  Session session = ctx.session();
  if (session == null) {
    return null;
  }
  // get the token from the session
  String sessionToken = session.get(headerName);
  if (sessionToken != null) {
    // attempt to parse the value
    int idx = sessionToken.indexOf('/');
    if (idx != -1 && session.id() != null && session.id().equals(sessionToken.substring(0, idx))) {
      return sessionToken.substring(idx + 1);
    }
  }
  // fail
  return null;
}
 
Example 7
@Override
protected Object doResolve(Parameter parameter, RoutingContext routingContext) {
    Class<?> parameterType = parameter.getType();

    if (parameterType == RoutingContext.class) {
        return routingContext;
    }
    if (parameterType == HttpServerRequest.class) {
        return routingContext.request();
    }
    if (parameterType == HttpServerResponse.class) {
        return routingContext.response();
    }

    if (parameterType == Session.class) {
        return routingContext.session();
    }

    if (parameterType == MultiMap.class) {
        return resolveParams(routingContext);
    }

    if (parameterType == JsonObject.class) {
        JsonObject jsonObject = routingContext.getBodyAsJson();
        return jsonObject == null ? new JsonObject() : jsonObject;
    }

    return null;
}
 
Example 8
Source Project: rest.vertx   File: TestSessionRest.java    License: Apache License 2.0 5 votes vote down vote up
@GET
@Path("/echo")
@Produces(MediaType.TEXT_HTML)
public String echo(@Context RoutingContext routingContext) {
	Session session = routingContext.session();
	return session.id();
}
 
Example 9
@Override
public void handle(RoutingContext event) {
	Session session = event.session();
	if (session == null) {
		if (!event.response().ended()) {
			event.response().putHeader(HttpHeaderConstant.SERVER, VxApiGatewayAttribute.FULL_NAME)
					.putHeader(HttpHeaderConstant.CONTENT_TYPE, authFailContentType.val()).end(authFailResult);
		}
	} else {
		// session中的token
		String apiToken = session.get(apiTokenName) == null ? null : session.get(apiTokenName).toString();
		// 用户request中的token
		String userTokoen = null;
		if (userTokenScope == ParamPositionEnum.HEADER) {
			userTokoen = event.request().getHeader(userTokenName);
		} else {
			userTokoen = event.request().getParam(userTokenName);
		}
		// 检验请求是否正确如果正确放行反则不通过
		if (!StrUtil.isNullOrEmpty(apiToken) && apiToken.equals(userTokoen)) {
			event.next();
		} else {
			if (!event.response().ended()) {
				event.response().putHeader(HttpHeaderConstant.SERVER, VxApiGatewayAttribute.FULL_NAME)
						.putHeader(HttpHeaderConstant.CONTENT_TYPE, authFailContentType.val()).end(authFailResult);
			}
		}
	}
}
 
Example 10
@Override
public void parseCredentials(RoutingContext context, Handler<AsyncResult<Credentials>> handler) {
  Session session = context.session();
  if (session != null) {
    // Now redirect to the login url - we'll get redirected back here after successful login
    session.put(returnURLParam, context.request().uri());
    handler.handle(Future.failedFuture(new HttpStatusException(302, loginRedirectURL)));
  } else {
    handler.handle(Future.failedFuture("No session - did you forget to include a SessionHandler?"));
  }
}
 
Example 11
@Override
public void handle(RoutingContext context) {
    HttpServerRequest req = context.request();
    if (req.method() != HttpMethod.POST) {
        context.fail(405); // Must be a POST
    } else {
        if (!req.isExpectMultipart()) {
            throw new IllegalStateException("Form body not parsed - do you forget to include a BodyHandler?");
        }
        MultiMap params = req.formAttributes();
        String username = params.get(usernameParam);
        String password = params.get(passwordParam);
        String clientId = params.get(Parameters.CLIENT_ID);
        if (username == null || password == null) {
            log.warn("No username or password provided in form - did you forget to include a BodyHandler?");
            context.fail(400);
        } else if (clientId == null) {
            log.warn("No client id in form - did you forget to include client_id query parameter ?");
            context.fail(400);
        } else {
            Session session = context.session();

            // build authentication object with ip address and user agent
            JsonObject authInfo = new JsonObject()
                    .put("username", username)
                    .put("password", password)
                    .put(Claims.ip_address, remoteAddress(req))
                    .put(Claims.user_agent, userAgent(req))
                    .put(Parameters.CLIENT_ID, clientId);

            authProvider.authenticate(context, authInfo, res -> {
                if (res.succeeded()) {
                    User user = res.result();
                    context.setUser(user);
                    if (session != null) {
                        // the user has upgraded from unauthenticated to authenticated
                        // session should be upgraded as recommended by owasp
                        session.regenerateId();

                        // Note : keep returnURLParam in session in case the user go to previous page
                        // String returnURL = session.remove(returnURLParam);
                        String returnURL = session.get(returnURLParam);
                        if (returnURL != null) {
                            // Now redirect back to the original url
                            doRedirect(req.response(), returnURL);
                            return;
                        }
                    }
                    // Either no session or no return url
                    if (directLoggedInOKURL != null) {
                        // Redirect to the default logged in OK page - this would occur
                        // if the user logged in directly at this URL without being redirected here first from another
                        // url
                        doRedirect(req.response(), directLoggedInOKURL);
                    } else {
                        // Just show a basic page
                        req.response().end(DEFAULT_DIRECT_LOGGED_IN_OK_PAGE);
                    }
                } else {
                    handleException(context);
                }
            });
        }
    }
}
 
Example 12
Source Project: nubes   File: SessionParamInjector.java    License: Apache License 2.0 4 votes vote down vote up
@Override
public Session resolve(RoutingContext context) {
  return context.session();
}
 
Example 13
Source Project: vertx-web   File: FormLoginHandlerImpl.java    License: Apache License 2.0 4 votes vote down vote up
@Override
public void handle(RoutingContext context) {
  HttpServerRequest req = context.request();
  if (req.method() != HttpMethod.POST) {
    context.fail(405); // Must be a POST
  } else {
    if (!req.isExpectMultipart()) {
      throw new IllegalStateException("HttpServerRequest should have setExpectMultipart set to true, but it is currently set to false.");
    }
    MultiMap params = req.formAttributes();
    String username = params.get(usernameParam);
    String password = params.get(passwordParam);
    if (username == null || password == null) {
      log.warn("No username or password provided in form - did you forget to include a BodyHandler?");
      context.fail(400);
    } else {
      Session session = context.session();
      UsernamePasswordCredentials authInfo = new UsernamePasswordCredentials(username, password);

      authProvider.authenticate(authInfo, res -> {
        if (res.succeeded()) {
          User user = res.result();
          context.setUser(user);
          if (session != null) {
            // the user has upgraded from unauthenticated to authenticated
            // session should be upgraded as recommended by owasp
            session.regenerateId();

            String returnURL = session.remove(returnURLParam);
            if (returnURL != null) {
              // Now redirect back to the original url
              doRedirect(req.response(), returnURL);
              return;
            }
          }
          // Either no session or no return url
          if (directLoggedInOKURL != null) {
            // Redirect to the default logged in OK page - this would occur
            // if the user logged in directly at this URL without being redirected here first from another
            // url
            doRedirect(req.response(), directLoggedInOKURL);
          } else {
            // Just show a basic page
            req.response().end(DEFAULT_DIRECT_LOGGED_IN_OK_PAGE);
          }
        } else {
          context.fail(401);  // Failed login
        }
      });
    }
  }
}
 
Example 14
Source Project: vertx-web   File: CSRFHandlerImpl.java    License: Apache License 2.0 4 votes vote down vote up
@Override
public void handle(RoutingContext ctx) {

  if (nagHttps) {
    String uri = ctx.request().absoluteURI();
    if (uri != null && !uri.startsWith("https:")) {
      log.trace("Using session cookies without https could make you susceptible to session hijacking: " + uri);
    }
  }

  HttpMethod method = ctx.request().method();
  Session session = ctx.session();

  // if we're being strict with the origin
  // ensure that they are always valid
  if (!isValidOrigin(ctx)) {
    ctx.fail(403);
    return;
  }

  switch (method.name()) {
    case "GET":
      final String token;

      if (session == null) {
        // if there's no session to store values, tokens are issued on every request
        token = generateAndStoreToken(ctx);
      } else {
        // get the token from the session, this also considers the fact
        // that the token might be invalid as it was issued for a previous session id
        // session id's change on session upgrades (unauthenticated -> authenticated; role change; etc...)
        String sessionToken = getTokenFromSession(ctx);
        // when there's no token in the session, then we behave just like when there is no session
        // create a new token, but we also store it in the session for the next runs
        if (sessionToken == null) {
          token = generateAndStoreToken(ctx);
          // storing will include the session id too. The reason is that if a session is upgraded
          // we don't want to allow the token to be valid anymore
          session.put(headerName, session.id() + "/" + token);
        } else {
          String[] parts = sessionToken.split("\\.");
          final long ts = parseLong(parts[1]);

          if (ts == -1) {
            // fallback as the token is expired
            token = generateAndStoreToken(ctx);
          } else {
            if (!(System.currentTimeMillis() > ts + timeout)) {
              // we're still on the same session, no need to regenerate the token
              // also note that the token isn't expired, so it can be reused
              token = sessionToken;
              // in this case specifically we don't issue the token as it is unchanged
              // the user agent still has it from the previous interaction.
            } else {
              // fallback as the token is expired
              token = generateAndStoreToken(ctx);
            }
          }
        }
      }
      // put the token in the context for users who prefer to render the token directly on the HTML
      ctx.put(headerName, token);
      ctx.next();
      break;
    case "POST":
    case "PUT":
    case "DELETE":
    case "PATCH":
      if (isValidRequest(ctx)) {
        // it matches, so refresh the token to avoid replay attacks
        token = generateAndStoreToken(ctx);
        // put the token in the context for users who prefer to
        // render the token directly on the HTML
        ctx.put(headerName, token);
        ctx.next();
      } else {
        ctx.fail(403);
      }
      break;
    default:
      // ignore other methods
      ctx.next();
      break;
  }
}