Repository: incubator-unomi Updated Branches: refs/heads/master 70fe6640c -> 9fcfd4285
UNOMI-178 Make it possible to pass sessionId as a body parameter instead of just a URL parameter Signed-off-by: Serge Huber <[email protected]> Project: http://git-wip-us.apache.org/repos/asf/incubator-unomi/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-unomi/commit/9fcfd428 Tree: http://git-wip-us.apache.org/repos/asf/incubator-unomi/tree/9fcfd428 Diff: http://git-wip-us.apache.org/repos/asf/incubator-unomi/diff/9fcfd428 Branch: refs/heads/master Commit: 9fcfd428547f9422390d773d756fb570f33e1e49 Parents: 70fe664 Author: Serge Huber <[email protected]> Authored: Fri Apr 27 17:29:45 2018 +0200 Committer: Serge Huber <[email protected]> Committed: Fri Apr 27 17:29:45 2018 +0200 ---------------------------------------------------------------------- .../org/apache/unomi/api/ContextRequest.java | 18 +++++++++ .../unomi/api/EventsCollectorRequest.java | 20 ++++++++++ .../org/apache/unomi/web/ContextServlet.java | 40 +++++++++++++------- .../unomi/web/EventsCollectorServlet.java | 5 ++- 4 files changed, 68 insertions(+), 15 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-unomi/blob/9fcfd428/api/src/main/java/org/apache/unomi/api/ContextRequest.java ---------------------------------------------------------------------- diff --git a/api/src/main/java/org/apache/unomi/api/ContextRequest.java b/api/src/main/java/org/apache/unomi/api/ContextRequest.java index 8d9dc99..6a6c79a 100644 --- a/api/src/main/java/org/apache/unomi/api/ContextRequest.java +++ b/api/src/main/java/org/apache/unomi/api/ContextRequest.java @@ -63,6 +63,7 @@ public class ContextRequest { // test different filter results. private Profile profileOverrides; private Map<String, Object> sessionPropertiesOverrides; + private String sessionId; /** * Retrieves the source of the context request. @@ -224,4 +225,21 @@ public class ContextRequest { this.sessionPropertiesOverrides = sessionPropertiesOverrides; } + /** + * Retrieve the sessionId passed along with the request. All events will be processed with this sessionId as a + * default + * @return the identifier for the session + */ + public String getSessionId() { + return sessionId; + } + + /** + * Sets the sessionId in the request. This is the preferred method of passing along a session identifier with the + * request, as passing it along in the URL can lead to potential security vulnerabilities. + * @param sessionId an unique identifier for the session + */ + public void setSessionId(String sessionId) { + this.sessionId = sessionId; + } } http://git-wip-us.apache.org/repos/asf/incubator-unomi/blob/9fcfd428/api/src/main/java/org/apache/unomi/api/EventsCollectorRequest.java ---------------------------------------------------------------------- diff --git a/api/src/main/java/org/apache/unomi/api/EventsCollectorRequest.java b/api/src/main/java/org/apache/unomi/api/EventsCollectorRequest.java index 2880240..8b478d7 100644 --- a/api/src/main/java/org/apache/unomi/api/EventsCollectorRequest.java +++ b/api/src/main/java/org/apache/unomi/api/EventsCollectorRequest.java @@ -24,6 +24,7 @@ import java.util.List; */ public class EventsCollectorRequest { private List<Event> events; + private String sessionId; /** * Retrieves the events to be processed. @@ -37,4 +38,23 @@ public class EventsCollectorRequest { public void setEvents(List<Event> events) { this.events = events; } + + /** + * Retrieve the sessionId passed along with the request. All events will be processed with this sessionId as a + * default + * @return the identifier for the session + */ + public String getSessionId() { + return sessionId; + } + + /** + * Sets the sessionId in the request. This is the preferred method of passing along a session identifier with the + * request, as passing it along in the URL can lead to potential security vulnerabilities. + * @param sessionId an unique identifier for the session + */ + public void setSessionId(String sessionId) { + this.sessionId = sessionId; + } + } http://git-wip-us.apache.org/repos/asf/incubator-unomi/blob/9fcfd428/wab/src/main/java/org/apache/unomi/web/ContextServlet.java ---------------------------------------------------------------------- diff --git a/wab/src/main/java/org/apache/unomi/web/ContextServlet.java b/wab/src/main/java/org/apache/unomi/web/ContextServlet.java index a507bdd..d978d70 100644 --- a/wab/src/main/java/org/apache/unomi/web/ContextServlet.java +++ b/wab/src/main/java/org/apache/unomi/web/ContextServlet.java @@ -116,21 +116,9 @@ public class ContextServlet extends HttpServlet { } } - String sessionId = request.getParameter("sessionId"); - boolean invalidateSession = request.getParameter("invalidateSession")!=null?new Boolean(request.getParameter("invalidateSession")):false; - boolean invalidateProfile = request.getParameter("invalidateProfile")!=null?new Boolean(request.getParameter("invalidateProfile")):false; - - if (cookieProfileId == null && sessionId == null && personaId == null) { - ((HttpServletResponse)response).sendError(HttpServletResponse.SC_BAD_REQUEST, "Check logs for more details"); - logger.error("Couldn't find cookieProfileId, sessionId or personaId in incoming request! Stopped processing request. See debug level for more information"); - if (logger.isDebugEnabled()) { - logger.debug("Request dump:" + HttpUtils.dumpRequestInfo(httpServletRequest)); - } - return; - } - ContextRequest contextRequest = null; String scope = null; + String sessionId = null; String stringPayload = HttpUtils.getPayload(httpServletRequest); if (stringPayload != null) { ObjectMapper mapper = CustomObjectMapper.getObjectMapper(); @@ -142,9 +130,28 @@ public class ContextServlet extends HttpServlet { logger.error("Cannot read payload " + stringPayload, e); return; } - scope = contextRequest.getSource().getScope(); + if (contextRequest.getSource() != null) { + scope = contextRequest.getSource().getScope(); + } + sessionId = contextRequest.getSessionId(); + } + + if (sessionId == null) { + sessionId = request.getParameter("sessionId"); + } + boolean invalidateSession = request.getParameter("invalidateSession")!=null?new Boolean(request.getParameter("invalidateSession")):false; + boolean invalidateProfile = request.getParameter("invalidateProfile")!=null?new Boolean(request.getParameter("invalidateProfile")):false; + + if (cookieProfileId == null && sessionId == null && personaId == null) { + ((HttpServletResponse)response).sendError(HttpServletResponse.SC_BAD_REQUEST, "Check logs for more details"); + logger.error("Couldn't find cookieProfileId, sessionId or personaId in incoming request! Stopped processing request. See debug level for more information"); + if (logger.isDebugEnabled()) { + logger.debug("Request dump:" + HttpUtils.dumpRequestInfo(httpServletRequest)); + } + return; } + int changes = EventService.NO_CHANGE; if (profile == null) { @@ -239,6 +246,11 @@ public class ContextServlet extends HttpServlet { ContextResponse data = new ContextResponse(); data.setProfileId(profile.getItemId()); + if (session != null) { + data.setSessionId(session.getItemId()); + } else if (sessionId != null) { + data.setSessionId(sessionId); + } if (contextRequest != null){ changes |= handleRequest(contextRequest, profile, session, data, request, response, timestamp); http://git-wip-us.apache.org/repos/asf/incubator-unomi/blob/9fcfd428/wab/src/main/java/org/apache/unomi/web/EventsCollectorServlet.java ---------------------------------------------------------------------- diff --git a/wab/src/main/java/org/apache/unomi/web/EventsCollectorServlet.java b/wab/src/main/java/org/apache/unomi/web/EventsCollectorServlet.java index e673289..713e1e4 100644 --- a/wab/src/main/java/org/apache/unomi/web/EventsCollectorServlet.java +++ b/wab/src/main/java/org/apache/unomi/web/EventsCollectorServlet.java @@ -108,7 +108,10 @@ public class EventsCollectorServlet extends HttpServlet { return; } - String sessionId = request.getParameter("sessionId"); + String sessionId = events.getSessionId(); + if (sessionId == null) { + sessionId = request.getParameter("sessionId"); + } if (sessionId == null) { logger.error("No sessionId found in incoming request, aborting processing. See debug level for more information"); if (logger.isDebugEnabled()) {
