dobbs 02/03/29 07:57:04
Modified: src/java/org/apache/turbine Turbine.java
src/java/org/apache/turbine/modules/actions/sessionvalidator
DefaultSessionValidator.java SessionValidator.java
TemplateSecureSessionValidator.java
TemplateSessionValidator.java
Log:
Thanks to Peter Lynch for these patches to remove antiquated redirect
logic. Thanks also to Rodney Schneider for reminding us about these
patches on several occasions.
Here's what Peter had to say about the patches:
"1. Removes the Turbine.java logic of redirection to establish new
sessions which, although reportedly a fix for certain obscure browser
and server combinations, also has the consequence of creating several
problems itself.
2. Removes the abstract requiresNewSession from SessionValidator.java
et all. This method is no longer needed as the only place it was used
was in the above removed code."
There's also a lengthy rationale for the changes here:
<http://www.mail-archive.com/turbine-dev%40jakarta.apache.org/msg03660.html>
Revision Changes Path
1.13 +12 -82 jakarta-turbine-2/src/java/org/apache/turbine/Turbine.java
Index: Turbine.java
===================================================================
RCS file: /home/cvs/jakarta-turbine-2/src/java/org/apache/turbine/Turbine.java,v
retrieving revision 1.12
retrieving revision 1.13
diff -u -r1.12 -r1.13
--- Turbine.java 29 Mar 2002 02:00:02 -0000 1.12
+++ Turbine.java 29 Mar 2002 15:57:03 -0000 1.13
@@ -117,7 +117,7 @@
* @author <a href="mailto:[EMAIL PROTECTED]";>Jason van Zyl</a>
* @author <a href="mailto:[EMAIL PROTECTED]";>Sean Legassick</a>
* @author <a href="mailto:[EMAIL PROTECTED]";>Martin Poeschl</a>
- * @version $Id: Turbine.java,v 1.12 2002/03/29 02:00:02 jmcnally Exp $
+ * @version $Id: Turbine.java,v 1.13 2002/03/29 15:57:03 dobbs Exp $
*/
public class Turbine
extends HttpServlet
@@ -399,95 +399,25 @@
// themselves.
init(data);
- // Get the instance of the Session Validator.
- SessionValidator sessionValidator = (SessionValidator)ActionLoader
- .getInstance().getInstance(TurbineResources.getString(
- "action.sessionvalidator"));
-
- // if this is the redirected stage of the initial request,
- // check that the session is now not new.
- // If it is not, then redirect back to the
- // original URL (i.e. remove the "redirected" pathinfo)
- if (data.getParameters()
- .getString(REDIRECTED_PATHINFO_NAME, "false").startsWith("true"))
- {
- if (data.getSession().isNew())
- {
- String message = "Infinite redirect detected...";
- log(message);
- Log.error(message);
- throw new Exception(message);
- }
- else
- {
- DynamicURI duri = new DynamicURI (data, true);
-
- // Pass on the sent data in pathinfo.
- for (Enumeration e = data.getParameters().keys() ;
- e.hasMoreElements() ;)
- {
- String key = (String) e.nextElement();
- if (!key.equals(REDIRECTED_PATHINFO_NAME))
- {
- String value =
- (String) data.getParameters().getString ( key );
- duri.addPathInfo((String)key, (String)value );
- }
- }
-
- data.getResponse().sendRedirect( duri.toString() );
- return;
- }
- }
- else
+ // set the session timeout if specified in turbine's properties
+ // file if this is a new session
+ if (data.getSession().isNew())
{
- // Insist that the client starts a session before access
- // to data is allowed. this is done by redirecting them to
- // the "screen.homepage" page but you could have them go
- // to any page as a starter (ie: the homepage)
- // "data.getResponse()" represents the HTTP servlet
- // response.
- if ( sessionValidator.requiresNewSession(data) &&
- data.getSession().isNew() )
+ int timeout = TurbineResources.getInt("session.timeout", -1);
+ if (timeout != -1)
{
- DynamicURI duri = new DynamicURI (data, true);
-
- // Pass on the sent data in pathinfo.
- for (Enumeration e = data.getParameters().keys() ;
- e.hasMoreElements() ;)
- {
- String key = (String) e.nextElement();
- String value =
- (String) data.getParameters().getString ( key );
- duri.addPathInfo((String)key, (String)value );
- }
-
- // add a dummy bit of path info to fool browser into
- // thinking this is a new URL
- if (!data.getParameters()
- .containsKey(REDIRECTED_PATHINFO_NAME))
- {
- duri.addPathInfo(REDIRECTED_PATHINFO_NAME, "true");
- }
-
- // as the session is new take this opportunity to
- // set the session timeout if specified in TR.properties
- int timeout =
- TurbineResources.getInt("session.timeout", -1);
-
- if (timeout != -1)
- {
- data.getSession().setMaxInactiveInterval(timeout);
- }
-
- data.getResponse().sendRedirect( duri.toString() );
- return;
+ data.getSession().setMaxInactiveInterval(timeout);
}
}
// Fill in the screen and action variables.
data.setScreen ( data.getParameters().getString("screen") );
data.setAction ( data.getParameters().getString("action") );
+
+ // Get the instance of the Session Validator.
+ SessionValidator sessionValidator = (SessionValidator)ActionLoader
+ .getInstance().getInstance(TurbineResources.getString(
+ "action.sessionvalidator"));
// Special case for login and logout, this must happen before the
// session validator is executed in order either to allow a user to
1.2 +1 -15
jakarta-turbine-2/src/java/org/apache/turbine/modules/actions/sessionvalidator/DefaultSessionValidator.java
Index: DefaultSessionValidator.java
===================================================================
RCS file:
/home/cvs/jakarta-turbine-2/src/java/org/apache/turbine/modules/actions/sessionvalidator/DefaultSessionValidator.java,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- DefaultSessionValidator.java 16 Aug 2001 05:08:32 -0000 1.1
+++ DefaultSessionValidator.java 29 Mar 2002 15:57:04 -0000 1.2
@@ -83,7 +83,7 @@
* Turbine servlet.
*
* @author <a href="mailto:[EMAIL PROTECTED]";>Dave Bryson</a>
- * @version $Id: DefaultSessionValidator.java,v 1.1 2001/08/16 05:08:32 jvanzyl Exp
$
+ * @version $Id: DefaultSessionValidator.java,v 1.2 2002/03/29 15:57:04 dobbs Exp $
*/
public class DefaultSessionValidator extends SessionValidator
{
@@ -139,19 +139,5 @@
data.setAction( "" );
}
}
- }
-
- /**
- * By default, this is true. It says that we require a new session
- * in order to allow people to access the system. We accomplish
- * this by doing a redirect and using the HttpSession spec.
- *
- * @param data Turbine information.
- * @return True if we require a new session in order to allow
- * people to access the system.
- */
- public boolean requiresNewSession(RunData data)
- {
- return true;
}
}
1.2 +1 -11
jakarta-turbine-2/src/java/org/apache/turbine/modules/actions/sessionvalidator/SessionValidator.java
Index: SessionValidator.java
===================================================================
RCS file:
/home/cvs/jakarta-turbine-2/src/java/org/apache/turbine/modules/actions/sessionvalidator/SessionValidator.java,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- SessionValidator.java 16 Aug 2001 05:08:33 -0000 1.1
+++ SessionValidator.java 29 Mar 2002 15:57:04 -0000 1.2
@@ -81,18 +81,8 @@
* Turbine servlet.
*
* @author <a href="mailto:[EMAIL PROTECTED]";>Dave Bryson</a>
- * @version $Id: SessionValidator.java,v 1.1 2001/08/16 05:08:33 jvanzyl Exp $
+ * @version $Id: SessionValidator.java,v 1.2 2002/03/29 15:57:04 dobbs Exp $
*/
public abstract class SessionValidator extends Action
{
- /**
- * Inform whether we require a new session in order to allow
- * people to access the system. We accomplish this by doing a
- * redirect and using the HttpSession spec.
- *
- * @param data Turbine information.
- * @return True if we require a new session in order to allow
- * people to access the system.
- */
- public abstract boolean requiresNewSession(RunData data);
}
1.4 +1 -15
jakarta-turbine-2/src/java/org/apache/turbine/modules/actions/sessionvalidator/TemplateSecureSessionValidator.java
Index: TemplateSecureSessionValidator.java
===================================================================
RCS file:
/home/cvs/jakarta-turbine-2/src/java/org/apache/turbine/modules/actions/sessionvalidator/TemplateSecureSessionValidator.java,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- TemplateSecureSessionValidator.java 16 Nov 2001 03:38:35 -0000 1.3
+++ TemplateSecureSessionValidator.java 29 Mar 2002 15:57:04 -0000 1.4
@@ -79,7 +79,7 @@
*
* @author <a href="mailto:[EMAIL PROTECTED]";>John D. McNally</a>
* @author <a href="mailto:[EMAIL PROTECTED]";>Dave Bryson</a>
- * @version $Id: TemplateSecureSessionValidator.java,v 1.3 2001/11/16 03:38:35
jvanzyl Exp $
+ * @version $Id: TemplateSecureSessionValidator.java,v 1.4 2002/03/29 15:57:04
dobbs Exp $
*/
public class TemplateSecureSessionValidator extends SessionValidator
{
@@ -192,19 +192,5 @@
{
data.setScreen(null);
}
- }
-
- /**
- * By default, this is true. It says that we require a new session
- * in order to allow people to access the system. We accomplish
- * this by doing a redirect and using the HttpSession spec.
- *
- * @param data Turbine information.
- * @return True if we require a new session in order to allow
- * people to access the system.
- */
- public boolean requiresNewSession(RunData data)
- {
- return true;
}
}
1.4 +1 -15
jakarta-turbine-2/src/java/org/apache/turbine/modules/actions/sessionvalidator/TemplateSessionValidator.java
Index: TemplateSessionValidator.java
===================================================================
RCS file:
/home/cvs/jakarta-turbine-2/src/java/org/apache/turbine/modules/actions/sessionvalidator/TemplateSessionValidator.java,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- TemplateSessionValidator.java 16 Nov 2001 03:38:35 -0000 1.3
+++ TemplateSessionValidator.java 29 Mar 2002 15:57:04 -0000 1.4
@@ -72,7 +72,7 @@
* @see TemplateSecureSessionValidator
* @author <a href="mailto:[EMAIL PROTECTED]";>John D. McNally</a>
* @author <a href="mailto:[EMAIL PROTECTED]";>Dave Bryson</a>
- * @version $Id: TemplateSessionValidator.java,v 1.3 2001/11/16 03:38:35 jvanzyl
Exp $
+ * @version $Id: TemplateSessionValidator.java,v 1.4 2002/03/29 15:57:04 dobbs Exp $
*/
public class TemplateSessionValidator extends SessionValidator
{
@@ -150,19 +150,5 @@
{
data.setScreen(null);
}
- }
-
- /**
- * By default, this is true. It says that we require a new session
- * in order to allow people to access the system. We accomplish
- * this by doing a redirect and using the HttpSession spec.
- *
- * @param data Turbine information.
- * @return True if we require a new session in order to allow
- * people to access the system.
- */
- public boolean requiresNewSession(RunData data)
- {
- return true;
}
}
--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
