1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19 package org.eclipse.jetty.server.session;
20
21 import java.security.SecureRandom;
22 import java.util.Random;
23
24 import javax.servlet.http.HttpServletRequest;
25
26 import org.eclipse.jetty.server.SessionIdManager;
27 import org.eclipse.jetty.util.component.AbstractLifeCycle;
28 import org.eclipse.jetty.util.log.Log;
29 import org.eclipse.jetty.util.log.Logger;
30
31 public abstract class AbstractSessionIdManager extends AbstractLifeCycle implements SessionIdManager
32 {
33 private static final Logger LOG = Log.getLogger(AbstractSessionIdManager.class);
34
35 private final static String __NEW_SESSION_ID="org.eclipse.jetty.server.newSessionId";
36
37 protected Random _random;
38 protected boolean _weakRandom;
39 protected String _workerName;
40 protected String _workerAttr;
41 protected long _reseed=100000L;
42
43
44 public AbstractSessionIdManager()
45 {
46 }
47
48
49 public AbstractSessionIdManager(Random random)
50 {
51 _random=random;
52 }
53
54
55
56
57
58
59
60
61
62 @Override
63 public String getWorkerName()
64 {
65 return _workerName;
66 }
67
68
69
70
71
72
73
74
75
76
77
78 public void setWorkerName(String workerName)
79 {
80 if (isRunning())
81 throw new IllegalStateException(getState());
82 if (workerName.contains("."))
83 throw new IllegalArgumentException("Name cannot contain '.'");
84 _workerName=workerName;
85 }
86
87
88 public Random getRandom()
89 {
90 return _random;
91 }
92
93
94 public synchronized void setRandom(Random random)
95 {
96 _random=random;
97 _weakRandom=false;
98 }
99
100
101
102
103
104 public long getReseed()
105 {
106 return _reseed;
107 }
108
109
110
111
112
113 public void setReseed(long reseed)
114 {
115 _reseed = reseed;
116 }
117
118
119
120
121
122
123
124 @Override
125 public String newSessionId(HttpServletRequest request, long created)
126 {
127 synchronized (this)
128 {
129 if (request==null)
130 return newSessionId(created);
131
132
133 String requested_id=request.getRequestedSessionId();
134 if (requested_id!=null)
135 {
136 String cluster_id=getClusterId(requested_id);
137 if (idInUse(cluster_id))
138 return cluster_id;
139 }
140
141
142 String new_id=(String)request.getAttribute(__NEW_SESSION_ID);
143 if (new_id!=null&&idInUse(new_id))
144 return new_id;
145
146
147 String id = newSessionId(request.hashCode());
148
149 request.setAttribute(__NEW_SESSION_ID,id);
150 return id;
151 }
152 }
153
154
155 public String newSessionId(long seedTerm)
156 {
157
158 String id=null;
159 while (id==null||id.length()==0||idInUse(id))
160 {
161 long r0=_weakRandom
162 ?(hashCode()^Runtime.getRuntime().freeMemory()^_random.nextInt()^((seedTerm)<<32))
163 :_random.nextLong();
164 if (r0<0)
165 r0=-r0;
166
167
168 if (_reseed>0 && (r0%_reseed)== 1L)
169 {
170 if (LOG.isDebugEnabled())
171 LOG.debug("Reseeding {}",this);
172 if (_random instanceof SecureRandom)
173 {
174 SecureRandom secure = (SecureRandom)_random;
175 secure.setSeed(secure.generateSeed(8));
176 }
177 else
178 {
179 _random.setSeed(_random.nextLong()^System.currentTimeMillis()^seedTerm^Runtime.getRuntime().freeMemory());
180 }
181 }
182
183 long r1=_weakRandom
184 ?(hashCode()^Runtime.getRuntime().freeMemory()^_random.nextInt()^((seedTerm)<<32))
185 :_random.nextLong();
186 if (r1<0)
187 r1=-r1;
188
189 id=Long.toString(r0,36)+Long.toString(r1,36);
190
191
192
193 if (_workerName!=null)
194 id=_workerName + id;
195
196 }
197 return id;
198 }
199
200
201
202 @Override
203 public abstract void renewSessionId(String oldClusterId, String oldNodeId, HttpServletRequest request);
204
205
206
207 @Override
208 protected void doStart() throws Exception
209 {
210 initRandom();
211 _workerAttr=(_workerName!=null && _workerName.startsWith("$"))?_workerName.substring(1):null;
212 }
213
214
215 @Override
216 protected void doStop() throws Exception
217 {
218 }
219
220
221
222
223
224
225
226 public void initRandom ()
227 {
228 if (_random==null)
229 {
230 try
231 {
232 _random=new SecureRandom();
233 }
234 catch (Exception e)
235 {
236 LOG.warn("Could not generate SecureRandom for session-id randomness",e);
237 _random=new Random();
238 _weakRandom=true;
239 }
240 }
241 else
242 _random.setSeed(_random.nextLong()^System.currentTimeMillis()^hashCode()^Runtime.getRuntime().freeMemory());
243 }
244
245
246
247
248
249
250
251 @Override
252 public String getNodeId(String clusterId, HttpServletRequest request)
253 {
254 if (_workerName!=null)
255 {
256 if (_workerAttr==null)
257 return clusterId+'.'+_workerName;
258
259 String worker=(String)request.getAttribute(_workerAttr);
260 if (worker!=null)
261 return clusterId+'.'+worker;
262 }
263
264 return clusterId;
265 }
266
267
268
269
270
271
272 @Override
273 public String getClusterId(String nodeId)
274 {
275 int dot=nodeId.lastIndexOf('.');
276 return (dot>0)?nodeId.substring(0,dot):nodeId;
277 }
278
279
280 }