Author: taylor
Date: Tue May 29 17:10:22 2007
New Revision: 542699
URL: http://svn.apache.org/viewvc?view=rev&rev=542699
Log:
https://issues.apache.org/jira/browse/JS2-713
Modified:
portals/jetspeed-2/trunk/components/portal/src/java/org/apache/jetspeed/security/impl/AbstractSecurityValve.java
portals/jetspeed-2/trunk/components/portal/src/java/org/apache/jetspeed/security/impl/SecurityValveImpl.java
portals/jetspeed-2/trunk/components/portal/src/java/org/apache/jetspeed/security/impl/ntlm/NtlmSecurityValve.java
portals/jetspeed-2/trunk/src/webapp/WEB-INF/assembly/pipelines.xml
Modified:
portals/jetspeed-2/trunk/components/portal/src/java/org/apache/jetspeed/security/impl/AbstractSecurityValve.java
URL:
http://svn.apache.org/viewvc/portals/jetspeed-2/trunk/components/portal/src/java/org/apache/jetspeed/security/impl/AbstractSecurityValve.java?view=diff&rev=542699&r1=542698&r2=542699
==============================================================================
---
portals/jetspeed-2/trunk/components/portal/src/java/org/apache/jetspeed/security/impl/AbstractSecurityValve.java
(original)
+++
portals/jetspeed-2/trunk/components/portal/src/java/org/apache/jetspeed/security/impl/AbstractSecurityValve.java
Tue May 29 17:10:22 2007
@@ -22,10 +22,12 @@
*/
package org.apache.jetspeed.security.impl;
+import java.io.IOException;
import java.security.Principal;
import java.security.PrivilegedAction;
import javax.security.auth.Subject;
+import javax.servlet.http.HttpSession;
import org.apache.jetspeed.PortalReservedParameters;
import org.apache.jetspeed.pipeline.PipelineException;
@@ -48,6 +50,10 @@
*/
public abstract class AbstractSecurityValve extends AbstractValve implements
SecurityValve
{
+ protected int maxSessionHardLimit = 0;
+ protected long msMaxSessionHardLimit = 1;
+ protected String timeoutRedirectLocation = "";
+
/**
*
* <p>
@@ -71,7 +77,7 @@
* @throws Exception
*/
protected abstract Principal getUserPrincipal(RequestContext request)
throws Exception;
-
+
/**
*
* <p>
@@ -106,45 +112,87 @@
*/
public void invoke( RequestContext request, ValveContext context ) throws
PipelineException
{
- // initialize/validate security subject
- Subject subject;
- try
- {
- subject = getSubject(request);
- }
- catch (Exception e1)
+ if (isSessionExpired(request))
+ {
+ return; // short circuit processing and redirect
+ }
+
+ // initialize/validate security subject
+ Subject subject;
+ try
+ {
+ subject = getSubject(request);
+ }
+ catch (Exception e1)
+ {
+ throw new PipelineException(e1.getMessage(), e1);
+ }
+
request.getRequest().getSession().setAttribute(PortalReservedParameters.SESSION_KEY_SUBJECT,
subject);
+
+ // set request context subject
+ request.setSubject(subject);
+
+ // Pass control to the next Valve in the Pipeline and execute under
+ // the current subject
+ final ValveContext vc = context;
+ final RequestContext rc = request;
+ PipelineException pe = (PipelineException)
JSSubject.doAsPrivileged(subject, new PrivilegedAction()
+ {
+ public Object run()
{
- throw new PipelineException(e1.getMessage(), e1);
+ try
+ {
+ vc.invokeNext(rc);
+ return null;
+ }
+ catch (PipelineException e)
+ {
+ return e;
+ }
}
-
request.getRequest().getSession().setAttribute(PortalReservedParameters.SESSION_KEY_SUBJECT,
subject);
-
- // set request context subject
- request.setSubject(subject);
-
- // Pass control to the next Valve in the Pipeline and execute under
- // the current subject
- final ValveContext vc = context;
- final RequestContext rc = request;
- PipelineException pe = (PipelineException)
JSSubject.doAsPrivileged(subject, new PrivilegedAction()
+ }, null);
+
+ if(pe != null)
+ {
+ throw pe;
+ }
+ }
+
+ /**
+ * Check for hard limit session expiration time out
+ *
+ * @param request
+ * @return
+ * @throws PipelineException
+ */
+ protected boolean isSessionExpired(RequestContext request) throws
PipelineException
+ {
+ if (maxSessionHardLimit > 0)
+ {
+ HttpSession session = request.getRequest().getSession();
+ long sessionCreationTime = session.getCreationTime();
+ long currentTime = System.currentTimeMillis();
+ if ((currentTime - sessionCreationTime) > msMaxSessionHardLimit)
{
- public Object run()
+ session.invalidate();
+ String redirector = request.getRequest().getContextPath() +
timeoutRedirectLocation;
+ // System.out.println("logging user out " + redirector + ", "
+ (currentTime - sessionCreationTime) + ", " + this.msMaxSessionHardLimit);
+ try
+ {
+ request.getResponse().sendRedirect(redirector);
+ }
+ catch (IOException e)
{
- try
- {
- vc.invokeNext(rc);
- return null;
- }
- catch (PipelineException e)
- {
- return e;
- }
+ throw new PipelineException(e);
}
- }, null);
-
- if(pe != null)
+ return true;
+ }
+ else
{
- throw pe;
- }
-
+ // System.out.println("Not logging user out: " + (currentTime
- sessionCreationTime) + ", " + this.msMaxSessionHardLimit);
+ }
+ }
+ return false;
}
+
}
Modified:
portals/jetspeed-2/trunk/components/portal/src/java/org/apache/jetspeed/security/impl/SecurityValveImpl.java
URL:
http://svn.apache.org/viewvc/portals/jetspeed-2/trunk/components/portal/src/java/org/apache/jetspeed/security/impl/SecurityValveImpl.java?view=diff&rev=542699&r1=542698&r2=542699
==============================================================================
---
portals/jetspeed-2/trunk/components/portal/src/java/org/apache/jetspeed/security/impl/SecurityValveImpl.java
(original)
+++
portals/jetspeed-2/trunk/components/portal/src/java/org/apache/jetspeed/security/impl/SecurityValveImpl.java
Tue May 29 17:10:22 2007
@@ -16,12 +16,15 @@
*/
package org.apache.jetspeed.security.impl;
+import java.io.IOException;
import java.security.Principal;
import java.util.HashSet;
import java.util.Set;
import javax.security.auth.Subject;
+import javax.servlet.http.HttpSession;
+import org.apache.jetspeed.pipeline.PipelineException;
import org.apache.jetspeed.pipeline.valve.SecurityValve;
import org.apache.jetspeed.profiler.Profiler;
import org.apache.jetspeed.request.RequestContext;
@@ -45,6 +48,15 @@
private UserManager userMgr;
private PortalStatistics statistics;
+ public SecurityValveImpl(Profiler profiler, UserManager userMgr,
PortalStatistics statistics, int maxSessionHardLimit, String
timeoutRedirectLocation)
+ {
+ this.userMgr = userMgr;
+ this.statistics = statistics;
+ this.maxSessionHardLimit = maxSessionHardLimit;
+ this.msMaxSessionHardLimit = this.maxSessionHardLimit * 1000;
+ this.timeoutRedirectLocation = timeoutRedirectLocation;
+ }
+
public SecurityValveImpl( Profiler profiler, UserManager userMgr,
PortalStatistics statistics )
{
this.userMgr = userMgr;
@@ -121,12 +133,11 @@
statistics.logUserLogin(request, 0);
}
// put IP address in session for logout
- request.setSessionAttribute(IP_ADDRESS,
request.getRequest().getRemoteAddr());
- }
-
+ request.setSessionAttribute(IP_ADDRESS,
request.getRequest().getRemoteAddr());
+ }
return subject;
}
-
+
/**
*
* <p>
Modified:
portals/jetspeed-2/trunk/components/portal/src/java/org/apache/jetspeed/security/impl/ntlm/NtlmSecurityValve.java
URL:
http://svn.apache.org/viewvc/portals/jetspeed-2/trunk/components/portal/src/java/org/apache/jetspeed/security/impl/ntlm/NtlmSecurityValve.java?view=diff&rev=542699&r1=542698&r2=542699
==============================================================================
---
portals/jetspeed-2/trunk/components/portal/src/java/org/apache/jetspeed/security/impl/ntlm/NtlmSecurityValve.java
(original)
+++
portals/jetspeed-2/trunk/components/portal/src/java/org/apache/jetspeed/security/impl/ntlm/NtlmSecurityValve.java
Tue May 29 17:10:22 2007
@@ -82,19 +82,28 @@
* or the remoteUser cannot be authorized.
*
*/
- public NtlmSecurityValve(UserManager userMgr, String networkDomain,
boolean omitDomain, boolean ntlmAuthRequired, PortalStatistics statistics)
+ public NtlmSecurityValve(UserManager userMgr, String networkDomain,
boolean omitDomain, boolean ntlmAuthRequired,
+ PortalStatistics statistics, int maxSessionHardLimit, String
timeoutRedirectLocation)
{
this.userMgr = userMgr;
this.statistics = statistics;
this.networkDomain = networkDomain;
this.ntlmAuthRequired = ntlmAuthRequired;
this.omitDomain = omitDomain;
+ this.maxSessionHardLimit = maxSessionHardLimit;
+ this.timeoutRedirectLocation = timeoutRedirectLocation;
}
- public NtlmSecurityValve(UserManager userMgr, String networkDomain,
boolean omitDomain, boolean ntlmAuthRequired){
- this(userMgr, networkDomain, omitDomain, ntlmAuthRequired, null);
+ public NtlmSecurityValve(UserManager userMgr, String networkDomain,
boolean omitDomain, boolean ntlmAuthRequired, PortalStatistics statistics)
+ {
+ this(userMgr, networkDomain, omitDomain, ntlmAuthRequired, statistics,
0, "");
}
+ public NtlmSecurityValve(UserManager userMgr, String networkDomain,
boolean omitDomain, boolean ntlmAuthRequired)
+ {
+ this(userMgr, networkDomain, omitDomain, ntlmAuthRequired, null);
+ }
+
public String toString()
{
return "NtlmSecurityValve";
Modified: portals/jetspeed-2/trunk/src/webapp/WEB-INF/assembly/pipelines.xml
URL:
http://svn.apache.org/viewvc/portals/jetspeed-2/trunk/src/webapp/WEB-INF/assembly/pipelines.xml?view=diff&rev=542699&r1=542698&r2=542699
==============================================================================
--- portals/jetspeed-2/trunk/src/webapp/WEB-INF/assembly/pipelines.xml
(original)
+++ portals/jetspeed-2/trunk/src/webapp/WEB-INF/assembly/pipelines.xml Tue May
29 17:10:22 2007
@@ -48,15 +48,23 @@
class="org.apache.jetspeed.security.impl.SecurityValveImpl"
init-method="initialize"
>
- <constructor-arg>
+ <constructor-arg index='0'>
<ref bean="org.apache.jetspeed.profiler.Profiler" />
</constructor-arg>
- <constructor-arg>
+ <constructor-arg index='1'>
<ref bean="org.apache.jetspeed.security.UserManager" />
</constructor-arg>
- <constructor-arg>
+ <constructor-arg index='2'>
<ref bean="PortalStatistics" />
- </constructor-arg>
+ </constructor-arg>
+ <!-- hard session timeout limit in seconds, regardless of (in)activity,
setting to 0 turns off this feature -->
+ <constructor-arg index='3'>
+ <value>0</value>
+ </constructor-arg>
+ <!-- redirect location for hard session expiration -->
+ <constructor-arg index='4'>
+ <value>/login/logout</value>
+ </constructor-arg>
</bean>
<bean id="passwordCredentialValve"
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
