From 6ef3f56d9797c5da8741d62b32b629b753cbd700 Mon Sep 17 00:00:00 2001
From: Sandeep More <more@apache.org>
Date: Tue, 27 Feb 2018 16:27:06 -0500
Subject: [PATCH] save 1

---
 .../pac4j/filter/Pac4jDispatcherFilter.java        | 18 +++++++-
 .../gateway/pac4j/session/KnoxSessionStore.java    | 48 +++++++++++++++++++++-
 2 files changed, 63 insertions(+), 3 deletions(-)

diff --git a/gateway-provider-security-pac4j/src/main/java/org/apache/knox/gateway/pac4j/filter/Pac4jDispatcherFilter.java b/gateway-provider-security-pac4j/src/main/java/org/apache/knox/gateway/pac4j/filter/Pac4jDispatcherFilter.java
index 0086228f..46186f6f 100644
--- a/gateway-provider-security-pac4j/src/main/java/org/apache/knox/gateway/pac4j/filter/Pac4jDispatcherFilter.java
+++ b/gateway-provider-security-pac4j/src/main/java/org/apache/knox/gateway/pac4j/filter/Pac4jDispatcherFilter.java
@@ -17,6 +17,7 @@
  */
 package org.apache.knox.gateway.pac4j.filter;
 
+import org.apache.commons.lang.StringUtils;
 import org.apache.knox.gateway.i18n.messages.MessagesFactory;
 import org.apache.knox.gateway.pac4j.Pac4jMessages;
 import org.apache.knox.gateway.pac4j.session.KnoxSessionStore;
@@ -29,6 +30,8 @@ import org.apache.knox.gateway.services.security.CryptoService;
 import org.pac4j.config.client.PropertiesConfigFactory;
 import org.pac4j.core.client.Client;
 import org.pac4j.core.config.Config;
+import org.pac4j.core.context.session.J2ESessionStore;
+import org.pac4j.core.context.session.SessionStore;
 import org.pac4j.core.util.CommonHelper;
 import org.pac4j.http.client.indirect.IndirectBasicAuthClient;
 import org.pac4j.http.credentials.authenticator.test.SimpleTestUsernamePasswordAuthenticator;
@@ -71,6 +74,8 @@ public class Pac4jDispatcherFilter implements Filter {
 
   private static final String PAC4J_CONFIG = "pac4j.config";
 
+  private static final String PAC4J_SESSION_STORE = "pac4j.session.store";
+
   private CallbackFilter callbackFilter;
 
   private SecurityFilter securityFilter;
@@ -160,7 +165,18 @@ public class Pac4jDispatcherFilter implements Filter {
     securityFilter.setConfigOnly(config);
 
     final String domainSuffix = filterConfig.getInitParameter(PAC4J_COOKIE_DOMAIN_SUFFIX_PARAM);
-    config.setSessionStore(new KnoxSessionStore(cryptoService, clusterName, domainSuffix));
+    final String sessionStoreVar = filterConfig.getInitParameter(PAC4J_SESSION_STORE);
+
+    SessionStore sessionStore;
+
+    if(!StringUtils.isBlank(sessionStoreVar) && J2ESessionStore.class.getName().contains(sessionStoreVar) ) {
+      sessionStore = new J2ESessionStore();
+    } else {
+      sessionStore = new KnoxSessionStore(cryptoService, clusterName, domainSuffix);
+    }
+
+    config.setSessionStore(sessionStore);
+
   }
 
   private void addDefaultConfig(String clientNameParameter, Map<String, String> properties) {
diff --git a/gateway-provider-security-pac4j/src/main/java/org/apache/knox/gateway/pac4j/session/KnoxSessionStore.java b/gateway-provider-security-pac4j/src/main/java/org/apache/knox/gateway/pac4j/session/KnoxSessionStore.java
index 4ba55eaa..017e8c8d 100644
--- a/gateway-provider-security-pac4j/src/main/java/org/apache/knox/gateway/pac4j/session/KnoxSessionStore.java
+++ b/gateway-provider-security-pac4j/src/main/java/org/apache/knox/gateway/pac4j/session/KnoxSessionStore.java
@@ -23,6 +23,7 @@ import org.apache.knox.gateway.services.security.EncryptionResult;
 import org.apache.knox.gateway.util.Urls;
 import org.pac4j.core.context.ContextHelper;
 import org.pac4j.core.context.Cookie;
+import org.pac4j.core.context.J2EContext;
 import org.pac4j.core.context.WebContext;
 import org.pac4j.core.context.session.SessionStore;
 import org.pac4j.core.exception.TechnicalException;
@@ -30,7 +31,11 @@ import org.pac4j.core.util.JavaSerializationHelper;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpSession;
 import java.io.Serializable;
+import java.util.Collections;
+import java.util.HashMap;
 import java.util.Map;
 
 /**
@@ -138,9 +143,48 @@ public class KnoxSessionStore implements SessionStore {
         return null;
     }
 
+    /**
+     * @since 1.1.0
+     *
+     * @param context
+     * @return
+     */
     @Override
-    public boolean renewSession(WebContext arg0) {
-        // TODO Auto-generated method stub
+    public boolean renewSession(final WebContext context) {
+
+        /*
+        if( !(context instanceof J2EContext) ) {
+            return false;
+        }
+
+        final HttpServletRequest request = ((J2EContext)context).getRequest();
+        final HttpSession session = request.getSession();
+
+        // No existing session found
+        if(session == null) {
+            return false;
+        }
+
+        logger.debug("Discard old session: {}", session.getId());
+
+        final Map<String, Object> attributes = new HashMap<>();
+
+        for( final String attr : Collections.list(session.getAttributeNames()) ) {
+            attributes.put(attr, session.getAttribute(attr));
+        }
+        session.invalidate();
+        final HttpSession newSession = request.getSession(true);
+        logger.debug("And copy all data to the new one: {}", newSession.getId());
+
+        for(Map.Entry<String, Object> e : attributes.entrySet()) {
+            newSession.setAttribute(e.getKey(), e.getValue());
+            set(context, e.getKey(), e.getValue());
+        }
+
+        return true;
+        */
+
         return false;
+
     }
 }
-- 
2.14.3 (Apple Git-98)+GitX