costin 00/11/20 16:31:15
Modified: src/etc server.xml
src/share/org/apache/tomcat/helper SecurityTools.java
src/share/org/apache/tomcat/request SessionInterceptor.java
src/share/org/apache/tomcat/session ServerSession.java
ServerSessionManager.java
StandardSessionInterceptor.java
Added: src/share/org/apache/tomcat/modules/session SessionId.java
SimpleSessionStore.java
Log:
Renamed the 2 interceptors involved in session management, to avoid future
confusions.
I'll integrate the changes from 3.2, using the right file ( i.e.
modules.session.SessionId for cookie/url ID extraction, SessionStore
for managing the HttpSession objects ).
The original files are still there, as a backup - will be removed as soon
as the patches from 3.2 are integrated.
Revision Changes Path
1.51 +2 -2 jakarta-tomcat/src/etc/server.xml
Index: server.xml
===================================================================
RCS file: /home/cvs/jakarta-tomcat/src/etc/server.xml,v
retrieving revision 1.50
retrieving revision 1.51
diff -u -r1.50 -r1.51
--- server.xml 2000/10/08 21:24:17 1.50
+++ server.xml 2000/11/21 00:31:11 1.51
@@ -138,7 +138,7 @@
deal with URL rewriting ( by fixing the URL )
-->
<RequestInterceptor
- className="org.apache.tomcat.request.SessionInterceptor" />
+ className="org.apache.tomcat.modules.session.SessionId" />
<!-- Find the container ( context and prefix/extension map )
for a request.
@@ -181,7 +181,7 @@
modules.
-->
<RequestInterceptor
- className="org.apache.tomcat.session.StandardSessionInterceptor" />
+ className="org.apache.tomcat.modules.session.SimpleSessionStore" />
<!-- Check if the request requires an authenticated role.
-->
1.4 +1 -1
jakarta-tomcat/src/share/org/apache/tomcat/helper/SecurityTools.java
Index: SecurityTools.java
===================================================================
RCS file:
/home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/helper/SecurityTools.java,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- SecurityTools.java 2000/09/25 07:20:30 1.3
+++ SecurityTools.java 2000/11/21 00:31:12 1.4
@@ -59,8 +59,8 @@
package org.apache.tomcat.helper;
import org.apache.tomcat.core.*;
-import org.apache.tomcat.session.*;
import org.apache.tomcat.util.*;
+import org.apache.tomcat.session.ServerSession;
import org.apache.tomcat.util.xml.*;
import java.io.*;
import java.net.*;
1.1
jakarta-tomcat/src/share/org/apache/tomcat/modules/session/SessionId.java
Index: SessionId.java
===================================================================
/*
* ====================================================================
*
* The Apache Software License, Version 1.1
*
* Copyright (c) 1999 The Apache Software Foundation. All rights
* reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. The end-user documentation included with the redistribution, if
* any, must include the following acknowlegement:
* "This product includes software developed by the
* Apache Software Foundation (http://www.apache.org/)."
* Alternately, this acknowlegement may appear in the software itself,
* if and wherever such third-party acknowlegements normally appear.
*
* 4. The names "The Jakarta Project", "Tomcat", and "Apache Software
* Foundation" must not be used to endorse or promote products derived
* from this software without prior written permission. For written
* permission, please contact [EMAIL PROTECTED]
*
* 5. Products derived from this software may not be called "Apache"
* nor may "Apache" appear in their names without prior written
* permission of the Apache Group.
*
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
* WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
* DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
* USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
* ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
* OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
* OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
* ====================================================================
*
* This software consists of voluntary contributions made by many
* individuals on behalf of the Apache Software Foundation. For more
* information on the Apache Software Foundation, please see
* <http://www.apache.org/>.
*
* [Additional notices, if required by prior licensing conditions]
*
*/
package org.apache.tomcat.modules.session;
import org.apache.tomcat.core.*;
import org.apache.tomcat.util.*;
import org.apache.tomcat.helper.*;
import java.io.*;
import java.net.*;
import java.util.*;
/**
* Extract the session ID from the request using cookies and
* session rewriting.
*
* Will process the request and determine the session Id, and set it
* in the Request. It doesn't marks the session as accessed.
*
* This interceptor doesn't deal with any of the Session internals -
* it just works with the sessionID. A pluggable session manager
* ( or user-space manager !) will deal with marking the session
* as accessed or setting the session implementation.
*
* This implementation only handles Cookies and URL rewriting sessions,
* please extend or add new interceptors for other methods.
*
*
*/
public class SessionId extends BaseInterceptor
{
// GS, separates the session id from the jvm route
static final char SESSIONID_ROUTE_SEP = '.';
ContextManager cm;
public SessionId() {
}
public void setContextManager( ContextManager cm ) {
this.cm=cm;
}
/** Extract the session id from the request.
* SessionInterceptor will have to be called _before_ mapper,
* to avoid coding session stuff inside the mapper.
*
* When we fix the interceptors we'll have to specify something
* similar with the priority in apache hooks, right now it's just
* a config issue.
*/
public int contextMap(Request request ) {
if( request.getRequestedSessionId() != null ) {
// probably Apache already did that for us
return 0;
}
// fix URL rewriting
String sig=";jsessionid=";
int foundAt=-1;
String uri=request.requestURI().toString();
String sessionId;
if ((foundAt=uri.indexOf(sig))!=-1){
sessionId=uri.substring(foundAt+sig.length());
// I hope the optimizer does it's job:-)
sessionId = fixSessionId( request, sessionId );
// rewrite URL, do I need to do anything more?
request.requestURI().setString(uri.substring(0, foundAt));
// No validate now - we just note that this is what the user
// requested.
request.setSessionIdSource( Request.SESSIONID_FROM_URL);
request.setRequestedSessionId( sessionId );
}
return 0;
}
/** This happens after context map, so we know the context.
* We can probably do it later too.
*/
public int requestMap(Request request ) {
String sessionId = null;
int count=request.getCookieCount();
// Give priority to cookies. I don't know if that's part
// of the spec - XXX
for( int i=0; i<count; i++ ) {
ServerCookie cookie = request.getCookie(i);
if (cookie.getName().equals("JSESSIONID")) {
sessionId = cookie.getValue().toString();
sessionId = fixSessionId( request, sessionId );
// XXX what if we have multiple session cookies ?
// right now only the first is used
request.setRequestedSessionId( sessionId );
request.setSessionIdSource( Request.SESSIONID_FROM_COOKIE);
break;
}
}
return 0;
}
// private void findSessionCookie( MimeHeaders headers ) {
// int pos=0;
// while( pos>=0 ) {
// pos=headers.findHeader( "Cookie", pos );
// // no more cookie headers headers
// if( pos<0 ) break;
// MessageBytes cookieValue=getValue( pos );
// }
// }
/** Fix the session id. If the session is not valid return null.
* It will also clean up the session from load-balancing strings.
* @return sessionId, or null if not valid
*/
private String fixSessionId(Request request, String sessionId){
// GS, We piggyback the JVM id on top of the session cookie
// Separate them ...
if( debug>0 ) cm.log(" Orig sessionId " + sessionId );
if (null != sessionId) {
int idex = sessionId.lastIndexOf(SESSIONID_ROUTE_SEP);
if(idex > 0) {
sessionId = sessionId.substring(0, idex);
}
}
return sessionId;
}
public int beforeBody( Request rrequest, Response response ) {
String reqSessionId = rrequest.getSessionId();
if( debug>0 ) cm.log("Before Body " + reqSessionId );
if( reqSessionId==null)
return 0;
// GS, set the path attribute to the cookie. This way
// multiple session cookies can be used, one for each
// context.
String sessionPath = rrequest.getContext().getPath();
if(sessionPath.length() == 0) {
sessionPath = "/";
}
// GS, piggyback the jvm route on the session id.
if(!sessionPath.equals("/")) {
String jvmRoute = rrequest.getJvmRoute();
if(null != jvmRoute) {
reqSessionId = reqSessionId + SESSIONID_ROUTE_SEP + jvmRoute;
}
}
// we know reqSessionId doesn't need quoting ( we generate it )
StringBuffer buf = new StringBuffer();
buf.append( "JSESSIONID=" ).append( reqSessionId );
buf.append( ";Version=1" );
buf.append( ";Path=" );
CookieTools.maybeQuote( 1 , buf, sessionPath ); // XXX ugly
buf.append( ";Discard" );
// discard results from: cookie.setMaxAge(-1);
response.addHeader( "Set-Cookie2",
buf.toString() ); // XXX XXX garbage generator
buf = new StringBuffer();
buf.append( "JSESSIONID=" ).append( reqSessionId );
buf.append( ";Path=" ).append( sessionPath );
response.addHeader( "Set-Cookie",
buf.toString());
return 0;
}
}
1.1
jakarta-tomcat/src/share/org/apache/tomcat/modules/session/SimpleSessionStore.java
Index: SimpleSessionStore.java
===================================================================
/*
* ====================================================================
*
* The Apache Software License, Version 1.1
*
* Copyright (c) 1999 The Apache Software Foundation. All rights
* reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. The end-user documentation included with the redistribution, if
* any, must include the following acknowlegement:
* "This product includes software developed by the
* Apache Software Foundation (http://www.apache.org/)."
* Alternately, this acknowlegement may appear in the software itself,
* if and wherever such third-party acknowlegements normally appear.
*
* 4. The names "The Jakarta Project", "Tomcat", and "Apache Software
* Foundation" must not be used to endorse or promote products derived
* from this software without prior written permission. For written
* permission, please contact [EMAIL PROTECTED]
*
* 5. Products derived from this software may not be called "Apache"
* nor may "Apache" appear in their names without prior written
* permission of the Apache Group.
*
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
* WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
* DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
* USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
* ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
* OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
* OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
* ====================================================================
*
* This software consists of voluntary contributions made by many
* individuals on behalf of the Apache Software Foundation. For more
* information on the Apache Software Foundation, please see
* <http://www.apache.org/>.
*
* [Additional notices, if required by prior licensing conditions]
*
*/
package org.apache.tomcat.modules.session;
import java.io.*;
import java.util.Enumeration;
import java.util.Hashtable;
import java.util.Vector;
import org.apache.tomcat.util.*;
import org.apache.tomcat.util.threads.*;
import org.apache.tomcat.core.*;
import org.apache.tomcat.session.*;
/**
* This is the adapter between tomcat and a StandardManager.
* A session manager should not depend on tomcat internals - so you can
* use it in other engines and back. All you need to do is
* create an adapter ( tomcat Interceptor).
*
* You can even have multiple session managers per context - the first that
* recognize the "requestedSessionId" will create it's own HttpSession object.
* By using standard tomcat interceptor mechanisms you can plug in one or
* many session managers per context or context manager ( or even per
* URL - but that's not standard API feature ).
*
* It must be inserted after SessionInterceptor, which does common
* session stuff ( cookie, rewrite, etc)
*
* @author [EMAIL PROTECTED]
*/
public final class SimpleSessionStore extends BaseInterceptor {
int manager_note;
int checkInterval = 60;
int maxActiveSessions = -1;
String randomClass=null;
public SimpleSessionStore() {
}
// -------------------- Configuration properties --------------------
/**
* Set the check interval (in seconds) for this Manager.
*
* @param checkInterval The new check interval
*/
public void setCheckInterval( int secs ) {
checkInterval=secs;
}
public void setMaxActiveSessions( int count ) {
maxActiveSessions=count;
}
public final void setRandomClass(String randomClass) {
this.randomClass=randomClass;
System.setProperty(ContextManager.RANDOM_CLASS_PROPERTY, randomClass);
}
// -------------------- Tomcat request events --------------------
public void engineInit( ContextManager cm ) throws TomcatException {
// set-up a per/container note for StandardManager
manager_note = cm.getNoteId( ContextManager.CONTAINER_NOTE,
"tomcat.standardManager");
}
/**
* StandardManager will set the HttpSession if one is found.
*/
public int requestMap(Request request ) {
String sessionId = null;
Context ctx=request.getContext();
if( ctx==null ) {
log( "Configuration error in StandardSessionInterceptor " +
" - no context " + request );
return 0;
}
// "access" it and set HttpSession if valid
sessionId=request.getRequestedSessionId();
if (sessionId != null && sessionId.length()!=0) {
// GS, We are in a problem here, we may actually get
// multiple Session cookies (one for the root
// context and one for the real context... or old session
// cookie. We must check for validity in the current context.
ServerSessionManager sM = getManager( ctx );
ServerSession sess= sM.findSession( sessionId );
// log("Try to find: " + sessionId );
if(null != sess) {
sess.getTimeStamp().touch( System.currentTimeMillis() );
//log("Session found " + sessionId );
// set it only if nobody else did !
if( null == request.getSession( false ) ) {
request.setSession( sess );
// XXX use MessageBytes!
request.setSessionId( sessionId );
//log("Session set " + sessionId );
}
}
return 0;
}
return 0;
}
public void reload( Request req, Context ctx ) {
ClassLoader newLoader = ctx.getClassLoader();
ServerSessionManager sM = getManager( ctx );
// remove all non-serializable objects from session
Enumeration sessionEnum=sM.getSessions().keys();
while( sessionEnum.hasMoreElements() ) {
ServerSession session = (ServerSession)sessionEnum.nextElement();
Enumeration e = session.getAttributeNames();
while( e.hasMoreElements() ) {
String key = (String) e.nextElement();
Object value = session.getAttribute(key);
// XXX XXX We don't have to change loader for objects loaded
// by the parent loader ?
if (! ( value instanceof Serializable)) {
session.removeAttribute( key );
// XXX notification!!
}
}
}
// XXX We should change the loader for each object, and
// avoid accessing object's internals
// XXX PipeStream !?!
Hashtable orig= sM.getSessions();
Object newS = SessionSerializer.doSerialization( newLoader, orig);
sM.setSessions( (Hashtable)newS );
// Update the request session id
String reqId=req.getRequestedSessionId();
ServerSession sS=sM.findSession( reqId );
if ( sS != null) {
req.setSession(sS);
req.setSessionId( reqId );
}
}
public int newSessionRequest( Request request, Response response) {
Context ctx=request.getContext();
if( ctx==null ) return 0;
ServerSessionManager sM = getManager( ctx );
if( request.getSession( false ) != null )
return 0; // somebody already set the session
ServerSession newS=sM.getNewSession();
request.setSession( newS );
request.setSessionId( newS.getId().toString());
return 0;
}
//-------------------- Tomcat context events --------------------
/** Init session management stuff for this context.
*/
public void contextInit(Context ctx) throws TomcatException {
// Defaults !!
ServerSessionManager sm= getManager( ctx );
if( sm == null ) {
sm=new ServerSessionManager();
ctx.getContainer().setNote( manager_note, sm );
sm.setMaxInactiveInterval( (long)ctx.getSessionTimeOut() *
60 * 1000 );
}
sm.setMaxActiveSessions( maxActiveSessions );
Expirer expirer=new Expirer();
expirer.setCheckInterval( checkInterval );
expirer.setExpireCallback( new Expirer.ExpireCallback() {
public void expired(TimeStamp o ) {
ServerSession sses=(ServerSession)o.getParent();
ServerSessionManager ssm=sses.getSessionManager();
ssm.removeSession( sses );
}
});
expirer.start();
sm.setExpirer(expirer);
}
/** Notification of context shutdown.
* We should clean up any resources that are used by our
* session management code.
*/
public void contextShutdown( Context ctx )
throws TomcatException
{
if( debug > 0 ) ctx.log("Removing sessions from " + ctx );
ServerSessionManager sm=getManager(ctx);
sm.getExpirer().stop();
sm.removeAllSessions();
}
// -------------------- Internal methods --------------------
private ServerSessionManager getManager( Context ctx ) {
return (ServerSessionManager)ctx.getContainer().getNote(manager_note);
}
}
1.30 +5 -0
jakarta-tomcat/src/share/org/apache/tomcat/request/SessionInterceptor.java
Index: SessionInterceptor.java
===================================================================
RCS file:
/home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/request/SessionInterceptor.java,v
retrieving revision 1.29
retrieving revision 1.30
diff -u -r1.29 -r1.30
--- SessionInterceptor.java 2000/11/02 21:44:50 1.29
+++ SessionInterceptor.java 2000/11/21 00:31:13 1.30
@@ -67,6 +67,11 @@
import java.net.*;
import java.util.*;
+// XXX
+// DEPRECATED
+// REPLACED BY org.apache.tomcat.modules.session.SessionId
+
+
/**
* Will process the request and determine the session Id, and set it
* in the Request. It doesn't marks the session as accessed.
1.7 +5 -0
jakarta-tomcat/src/share/org/apache/tomcat/session/ServerSession.java
Index: ServerSession.java
===================================================================
RCS file:
/home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/session/ServerSession.java,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- ServerSession.java 2000/09/25 06:10:48 1.6
+++ ServerSession.java 2000/11/21 00:31:14 1.7
@@ -74,6 +74,11 @@
* - recyclable
* - serializable ( by external components )
*
+ * Components:
+ * - timestamp ( expire )
+ * - id
+ * - name/value repository
+ *
* @author Craig R. McClanahan
* @author <a href="mailto:[EMAIL PROTECTED]">Jon S. Stevens</a>
* @author Costin Manolache
1.12 +2 -2
jakarta-tomcat/src/share/org/apache/tomcat/session/ServerSessionManager.java
Index: ServerSessionManager.java
===================================================================
RCS file:
/home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/session/ServerSessionManager.java,v
retrieving revision 1.11
retrieving revision 1.12
diff -u -r1.11 -r1.12
--- ServerSessionManager.java 2000/11/02 21:45:02 1.11
+++ ServerSessionManager.java 2000/11/21 00:31:14 1.12
@@ -141,11 +141,11 @@
}
- Hashtable getSessions() {
+ public Hashtable getSessions() {
return sessions;
}
- void setSessions(Hashtable s) {
+ public void setSessions(Hashtable s) {
sessions=s;
}
1.15 +4 -0
jakarta-tomcat/src/share/org/apache/tomcat/session/StandardSessionInterceptor.java
Index: StandardSessionInterceptor.java
===================================================================
RCS file:
/home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/session/StandardSessionInterceptor.java,v
retrieving revision 1.14
retrieving revision 1.15
diff -u -r1.14 -r1.15
--- StandardSessionInterceptor.java 2000/11/01 23:36:16 1.14
+++ StandardSessionInterceptor.java 2000/11/21 00:31:14 1.15
@@ -66,6 +66,10 @@
import org.apache.tomcat.util.threads.*;
import org.apache.tomcat.core.*;
+// XXX
+// DEPRECATED
+// REPLACED BY org.apache.tomcat.modules.session.SimpleSessionStore
+
/**
* This is the adapter between tomcat and a StandardManager.
