Java Code Examples for javax.servlet.http.HttpServletRequest#isRequestedSessionIdValid()

@Override
protected String determineUrlToUseForThisRequest(HttpServletRequest request, HttpServletResponse response,
        AuthenticationException exception) {
    val url = super.determineUrlToUseForThisRequest(request, response, exception);

    if (request.getRequestedSessionId() != null && !request.isRequestedSessionIdValid()) {
        if (log.isDebugEnabled()) {
            log.debug("セッションがタイムアウトしました。");
        }

        return this.loginTimeoutUrl;
    }

    return url;
}
 

private void registerSessionIfNeeded(HttpServletRequest httpRequest) {
	// rq: cette session peut-être dors et déjà invalide et c'est pourquoi on vérifie
	// isRequestedSessionIdValid
	if (httpRequest.isRequestedSessionIdValid()) {
		final HttpSession session = httpRequest.getSession(false);
		emulatedSessionListener.registerSessionIfNeeded(session);
	}
}
 

public HttpServletRequestSnapshot(HttpServletRequest request) {
    super(request);
    authType = request.getAuthType();
    characterEncoding = request.getCharacterEncoding();
    contentLength = request.getContentLength();
    contentType = request.getContentType();
    contextPath = request.getContextPath();
    cookies = request.getCookies();
    requestHeaderNames = request.getHeaderNames();
    Enumeration<String> tmp = request.getHeaderNames();
    while (tmp.hasMoreElements()) {
        String key = tmp.nextElement();
        headersMap.put(key, request.getHeaders(key));
    }
    localAddr = request.getLocalAddr();
    local = request.getLocale();
    localName = request.getLocalName();
    localPort = request.getLocalPort();
    method = request.getMethod();
    pathInfo = request.getPathInfo();
    pathTranslated = request.getPathTranslated();
    protocol = request.getProtocol();
    queryString = request.getQueryString();
    remoteAddr = request.getRemoteAddr();
    remoteHost = request.getRemoteHost();
    remotePort = request.getRemotePort();
    remoteUser = request.getRemoteUser();
    requestURI = request.getRequestURI();
    requestURL = request.getRequestURL();
    requestedSessionId = request.getRequestedSessionId();
    schema = request.getScheme();
    serverName = request.getServerName();
    serverPort = request.getServerPort();
    servletPath = request.getServletPath();
    if (request.isRequestedSessionIdValid()) {
        session = request.getSession();
    }
    principal = request.getUserPrincipal();
}
 

public String getUserCode() {
    final HttpServletRequest request = LaRequestUtil.getRequest();

    String userCode = (String) request.getAttribute(Constants.USER_CODE);
    if (StringUtil.isNotBlank(userCode)) {
        return userCode;
    }

    userCode = getUserCodeFromRequest(request);
    if (StringUtil.isNotBlank(userCode)) {
        return userCode;
    }

    if (!request.isRequestedSessionIdValid()) {
        return null;
    }

    userCode = getUserCodeFromCookie(request);
    if (StringUtil.isBlank(userCode)) {
        userCode = getUserCodeFromUserBean(request);
        if (StringUtil.isBlank(userCode)) {
            userCode = getId();
        }
    }

    if (StringUtil.isNotBlank(userCode)) {
        updateUserSessionId(userCode);
    }
    return userCode;
}
 

@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain filterChain) throws IOException, ServletException {
	String loadBalancerActivation = (String) request.getAttribute( LOAD_BALANCER_ACTIVATION_ATTRIBUTE);
	
	// First, check if the request attribute showing the activation state of the node is present
	if( loadBalancerActivation != null) {
		
		// Request attribute is present, so the node is behind a load balancer
		if( logger.isDebugEnabled()) {
			logger.debug( "Load balancer activation is " + loadBalancerActivation);
		}

		// Check, if activation state of current node is "disabled".
		if( "DIS".equals( loadBalancerActivation)) {
			
			// The node is disabled.
			try {
				HttpServletRequest req = (HttpServletRequest) request;

				// Check validity of session ID
				if( !req.isRequestedSessionIdValid()) {
					// Session ID is not valid for the current node, the requests sends a redirect to system URL specified in property "system.url"
					if( logger.isInfoEnabled()) {
						logger.info( "Requested session is invalid.");
					}
					
					HttpServletResponse resp = (HttpServletResponse) response;
					resp.sendRedirect( systemUrl);
				} else {
					
					// The session ID seems to be valid for the current node, so processing will continue.
					if( logger.isInfoEnabled()) {
						logger.info( "Requested session is valid. Proceeding with request.");
					}
					
					filterChain.doFilter( request, response);
				}
					
			} catch( ClassCastException e) {
				// We had some problem with the request. It may be no HTTP request. Processing will continue without further checks.
				logger.warn( "No HttpServletRequest?", e);
				
				filterChain.doFilter( request, response);
			}
		} else {
			// The node is either active or stopped.
			if( logger.isInfoEnabled()) {
				logger.info( "Node not disabled.");
			}

			filterChain.doFilter( request, response);
		}
	} else {
		/*
		 *  We got no information about the activation state of the current node, so we have to assume,
		 *  that the node is not behind a load balancer and is active all the time.
		 */
		
		if( logger.isInfoEnabled()) {
			logger.info( "No information about load balancer activation found.");
		}
		
		filterChain.doFilter( request, response);
	}
}
 

public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) 
  	throws IOException, ServletException {
  	
  	logger.debug("IN");
  	
  	try {
  		
	if (request instanceof HttpServletRequest) {
		HttpServletRequest httpRequest = (HttpServletRequest) request;
		HttpSession session = httpRequest.getSession(false);
		boolean isValidSession = session != null;
		boolean isRequiredNewSession = false; // for those requests that require a new session anyway, 
											  // do not forward to session expired url
		String newSessionRequestAttr = httpRequest.getParameter(NEW_SESSION);
       	isRequiredNewSession = newSessionRequestAttr != null && newSessionRequestAttr.equalsIgnoreCase("TRUE");
       	boolean isRequestedSessionIdValid = httpRequest.isRequestedSessionIdValid();
		if (!isValidSession && !isRequestedSessionIdValid && !isRequiredNewSession) {
			// session has expired
			logger.debug("Session has expired!!");
			String sessionExpiredUrl = EnginConf.getInstance().getSessionExpiredUrl();
			if (sessionExpiredUrl == null) {
				logger.warn("Session expired URL not set!!! check engine-config.xml configuration");
			} else {
				logger.debug("Forwarding to " + sessionExpiredUrl);
				httpRequest.getRequestDispatcher(sessionExpiredUrl).forward(request, response);
				return;
			}
		}
	}
	
	chain.doFilter(request, response);
	
   } catch(Throwable t) {
   	logger.error("--------------------------------------------------------------------------------");
    logger.error("EngineCheckSessionFilter" + ":doFilter ServletException!!",t); 
	logger.error(" msg: [" + t.getMessage() + "]"); 
	Throwable z = t.getCause(); 
	if(z != null) {
		logger.error("-----------------------------");
		logger.error("ROOT CAUSE:");
		logger.error("-----------------------------"); 
		logger.error(" msg: ["+ z.getMessage() + "]"); 
		logger.error(" stacktrace:");
	}
	t.printStackTrace(); 
   	throw new ServletException(t);
} finally {
	logger.debug("OUT");
}
	
  }
 

public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) 
  	throws IOException, ServletException {
  	
  	//logger.debug("IN");
  	
  	try {
  		
	if (request instanceof HttpServletRequest) {
		HttpServletRequest httpRequest = (HttpServletRequest) request;
		HttpSession session = httpRequest.getSession(false);
		boolean isValidSession = session != null;
		boolean isRequiredNewSession = false; // for those requests that require a new session anyway, 
											  // do not forward to session expired url
		String newSessionRequestAttr = httpRequest.getParameter(NEW_SESSION);
       	isRequiredNewSession = newSessionRequestAttr != null && newSessionRequestAttr.equalsIgnoreCase("TRUE");
       	boolean isRequestedSessionIdValid = httpRequest.isRequestedSessionIdValid();
		if (!isValidSession && !isRequestedSessionIdValid && !isRequiredNewSession) {
			// session has expired
			//logger.debug("Session has expired!!");
			String sessionExpiredUrl = getSessionExpiredUrl();
			if (sessionExpiredUrl == null || sessionExpiredUrl.trim().equals("")) {
				logger.warn("Session expired URL not set!!! check engine-config.xml configuration");
			} else {
				//logger.debug("Forwarding to " + sessionExpiredUrl);
				httpRequest.getRequestDispatcher(sessionExpiredUrl).forward(request, response);
				return;
			}
		}
	}
	
	chain.doFilter(request, response);
	
   } catch(Throwable t) {
   	logger.error("--------------------------------------------------------------------------------");
    logger.error("EngineCheckSessionFilter" + ":doFilter ServletException!!",t); 
	logger.error(" msg: [" + t.getMessage() + "]"); 
	Throwable z = t.getCause(); 
	if(z != null) {
		logger.error("-----------------------------");
		logger.error("ROOT CAUSE:");
		logger.error("-----------------------------"); 
		logger.error(" msg: ["+ z.getMessage() + "]"); 
		logger.error(" stacktrace:");
	}
	t.printStackTrace(); 
   	throw new ServletException(t);
} finally {
	//logger.debug("OUT");
}
	
  }
 

public static MCRSession getSession(HttpServletRequest req) {
    boolean reusedSession = req.isRequestedSessionIdValid();
    HttpSession theSession = req.getSession(true);
    if (reusedSession) {
        LOGGER.debug(() -> "Reused HTTP session: " + theSession.getId() + ", created: " + LocalDateTime
            .ofInstant(Instant.ofEpochMilli(theSession.getCreationTime()), ZoneId.systemDefault()));
    } else {
        LOGGER.info(() -> "Created new HTTP session: " + theSession.getId());
    }
    MCRSession session = null;

    MCRSession fromHttpSession = Optional
        .ofNullable((MCRSessionResolver) theSession.getAttribute(ATTR_MYCORE_SESSION))
        .flatMap(MCRSessionResolver::resolveSession)
        .orElse(null);

    MCRSessionMgr.unlock();
    if (fromHttpSession != null && fromHttpSession.getID() != null) {
        // Take session from HttpSession with servlets
        session = fromHttpSession;

        String lastIP = session.getCurrentIP();
        String newIP = MCRFrontendUtil.getRemoteAddr(req);

        try {
            if (!MCRFrontendUtil.isIPAddrAllowed(lastIP, newIP)) {
                LOGGER.warn("Session steal attempt from IP {}, previous IP was {}. Session: {}", newIP, lastIP,
                    session);
                MCRSessionMgr.releaseCurrentSession();
                session.close(); //MCR-1409 do not leak old session
                MCRSessionMgr.unlock();//due to release above
                session = MCRSessionMgr.getCurrentSession();
                session.setCurrentIP(newIP);
            }
        } catch (UnknownHostException e) {
            throw new MCRException("Wrong transformation of IP address for this session.", e);
        }
    } else {
        // Create a new session
        session = MCRSessionMgr.getCurrentSession();
    }

    // Store current session in HttpSession
    theSession.setAttribute(ATTR_MYCORE_SESSION, new MCRSessionResolver(session));
    // store the HttpSession ID in MCRSession
    if (session.put("http.session", theSession.getId()) == null) {
        //first request
        session.beginTransaction(); //for MCRTranslation.getAvailableLanguages()
        try {
            String acceptLanguage = req.getHeader("Accept-Language");
            if (acceptLanguage != null) {
                List<Locale.LanguageRange> languageRanges = Locale.LanguageRange.parse(acceptLanguage);
                LOGGER.debug("accept languages: {}", languageRanges);
                MCRSession finalSession = session;
                Optional
                    .ofNullable(Locale.lookupTag(languageRanges, MCRTranslation.getAvailableLanguages()))
                    .ifPresent(selectedLanguage -> {
                        LOGGER.debug("selected language: {}", selectedLanguage);
                        finalSession.setCurrentLanguage(selectedLanguage);
                    });
            }
        } finally {
            if (session.transactionRequiresRollback()) {
                session.rollbackTransaction();
            }
            session.commitTransaction();
        }
    }
    // Forward MCRSessionID to XSL Stylesheets
    req.setAttribute("XSL.MCRSessionID", session.getID());

    return session;
}
 

private boolean isInvalidSession(HttpServletRequest httpServletRequest) {
	return (httpServletRequest.getRequestedSessionId() != null) &&
               !httpServletRequest.isRequestedSessionIdValid();
}
 

private boolean isInvalidSession(HttpServletRequest httpServletRequest) {
    return (httpServletRequest.getRequestedSessionId() != null) &&
           !httpServletRequest.isRequestedSessionIdValid();
}
 

private boolean isInvalidSession(HttpServletRequest httpServletRequest) {
    return (httpServletRequest.getRequestedSessionId() != null) &&
           !httpServletRequest.isRequestedSessionIdValid();
}
 

protected void processTCKReq(HttpServletRequest request, HttpServletResponse response)
    throws ServletException, IOException {

  PortletRequest portletReq = (PortletRequest) request.getAttribute("javax.portlet.request");
  PortletResponse portletResp = (PortletResponse) request.getAttribute("javax.portlet.response");
  PortletSession portletSession = portletReq.getPortletSession();
  

  PrintWriter writer = ((MimeResponse) portletResp).getWriter();

  JSR286SpecTestCaseDetails tcd = new JSR286SpecTestCaseDetails();

  /* TestCase: V2AddlEnvironmentTests_SPEC2_18_Sessions_httpSession5 */
  /* Details: "If the PortletSession object is invalidated by a */
  /* portlet, the portlet container must invalidate the associated */
  /* HttpSession object" */
  {
     String tcid = portletReq.getParameter(BUTTON_PARAM_NAME);
     if (tcid == null || !tcid.equals(V2ADDLENVIRONMENTTESTS_SPEC2_18_SESSIONS_HTTPSESSION5)) {
        
        // generate test link 
        
        PortletURL rurl = ((MimeResponse)portletResp).createRenderURL();
        rurl.setParameter(BUTTON_PARAM_NAME, V2ADDLENVIRONMENTTESTS_SPEC2_18_SESSIONS_HTTPSESSION5);
        TestLink tl = new TestLink(V2ADDLENVIRONMENTTESTS_SPEC2_18_SESSIONS_HTTPSESSION5, rurl);
        tl.writeTo(writer);
     } else {
        
        // perform test
        
        TestResult result = tcd.getTestResultFailed(V2ADDLENVIRONMENTTESTS_SPEC2_18_SESSIONS_HTTPSESSION5);
        portletSession.invalidate();
        if (!request.isRequestedSessionIdValid()) {
          result.setTcSuccess(true);
        } else {
          result.appendTcDetail("Failed because session is not invalidated.");
        }
        result.writeTo(writer);
     }
  }
  
}