1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19 package org.eclipse.jetty.server.session;
20
21 import java.io.IOException;
22 import java.util.EnumSet;
23 import java.util.EventListener;
24
25 import javax.servlet.DispatcherType;
26 import javax.servlet.ServletException;
27 import javax.servlet.SessionTrackingMode;
28 import javax.servlet.http.Cookie;
29 import javax.servlet.http.HttpServletRequest;
30 import javax.servlet.http.HttpServletResponse;
31 import javax.servlet.http.HttpSession;
32 import javax.servlet.http.HttpSessionAttributeListener;
33 import javax.servlet.http.HttpSessionIdListener;
34 import javax.servlet.http.HttpSessionListener;
35
36 import org.eclipse.jetty.http.HttpCookie;
37 import org.eclipse.jetty.server.Request;
38 import org.eclipse.jetty.server.SessionManager;
39 import org.eclipse.jetty.server.handler.ScopedHandler;
40 import org.eclipse.jetty.util.log.Log;
41 import org.eclipse.jetty.util.log.Logger;
42
43
44
45
46
47 public class SessionHandler extends ScopedHandler
48 {
49 final static Logger LOG = Log.getLogger("org.eclipse.jetty.server.session");
50
51 public final static EnumSet<SessionTrackingMode> DEFAULT_TRACKING = EnumSet.of(SessionTrackingMode.COOKIE,SessionTrackingMode.URL);
52
53 public static final Class[] SESSION_LISTENER_TYPES = new Class[] {HttpSessionAttributeListener.class,
54 HttpSessionIdListener.class,
55 HttpSessionListener.class};
56
57
58
59
60 private SessionManager _sessionManager;
61
62
63
64
65
66 public SessionHandler()
67 {
68 this(new HashSessionManager());
69 }
70
71
72
73
74
75
76 public SessionHandler(SessionManager manager)
77 {
78 setSessionManager(manager);
79 }
80
81
82
83
84
85 public SessionManager getSessionManager()
86 {
87 return _sessionManager;
88 }
89
90
91
92
93
94
95 public void setSessionManager(SessionManager sessionManager)
96 {
97 if (isStarted())
98 throw new IllegalStateException();
99 if (sessionManager != null)
100 sessionManager.setSessionHandler(this);
101 updateBean(_sessionManager,sessionManager);
102 _sessionManager=sessionManager;
103 }
104
105
106
107
108
109 @Override
110 protected void doStart() throws Exception
111 {
112 if (_sessionManager==null)
113 setSessionManager(new HashSessionManager());
114 super.doStart();
115 }
116
117
118
119
120
121 @Override
122 protected void doStop() throws Exception
123 {
124
125 super.doStop();
126 }
127
128
129
130
131
132
133 @Override
134 public void doScope(String target, Request baseRequest, HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException
135 {
136 SessionManager old_session_manager = null;
137 HttpSession old_session = null;
138 HttpSession access = null;
139 try
140 {
141 old_session_manager = baseRequest.getSessionManager();
142 old_session = baseRequest.getSession(false);
143
144 if (old_session_manager != _sessionManager)
145 {
146
147 baseRequest.setSessionManager(_sessionManager);
148 baseRequest.setSession(null);
149 checkRequestedSessionId(baseRequest,request);
150 }
151
152
153 HttpSession session = null;
154 if (_sessionManager != null)
155 {
156 session = baseRequest.getSession(false);
157 if (session != null)
158 {
159 if (session != old_session)
160 {
161 access = session;
162 HttpCookie cookie = _sessionManager.access(session,request.isSecure());
163 if (cookie != null)
164 baseRequest.getResponse().addCookie(cookie);
165 }
166 }
167 else
168 {
169 session = baseRequest.recoverNewSession(_sessionManager);
170 if (session != null)
171 baseRequest.setSession(session);
172 }
173 }
174
175 if (LOG.isDebugEnabled())
176 {
177 LOG.debug("sessionManager=" + _sessionManager);
178 LOG.debug("session=" + session);
179 }
180
181
182 if (_nextScope != null)
183 _nextScope.doScope(target,baseRequest,request,response);
184 else if (_outerScope != null)
185 _outerScope.doHandle(target,baseRequest,request,response);
186 else
187 doHandle(target,baseRequest,request,response);
188
189
190 }
191 finally
192 {
193 if (access != null)
194 _sessionManager.complete(access);
195
196 HttpSession session = baseRequest.getSession(false);
197 if (session != null && old_session == null && session != access)
198 _sessionManager.complete(session);
199
200 if (old_session_manager != null && old_session_manager != _sessionManager)
201 {
202 baseRequest.setSessionManager(old_session_manager);
203 baseRequest.setSession(old_session);
204 }
205 }
206 }
207
208
209
210
211
212 @Override
213 public void doHandle(String target, Request baseRequest, HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException
214 {
215
216 if (never())
217 nextHandle(target,baseRequest,request,response);
218 else if (_nextScope != null && _nextScope == _handler)
219 _nextScope.doHandle(target,baseRequest,request,response);
220 else if (_handler != null)
221 _handler.handle(target,baseRequest,request,response);
222
223 }
224
225
226
227
228
229
230
231
232 protected void checkRequestedSessionId(Request baseRequest, HttpServletRequest request)
233 {
234 String requested_session_id = request.getRequestedSessionId();
235
236 SessionManager sessionManager = getSessionManager();
237
238 if (requested_session_id != null && sessionManager != null)
239 {
240 HttpSession session = sessionManager.getHttpSession(requested_session_id);
241 if (session != null && sessionManager.isValid(session))
242 baseRequest.setSession(session);
243 return;
244 }
245 else if (!DispatcherType.REQUEST.equals(baseRequest.getDispatcherType()))
246 return;
247
248 boolean requested_session_id_from_cookie = false;
249 HttpSession session = null;
250
251
252 if (_sessionManager.isUsingCookies())
253 {
254 Cookie[] cookies = request.getCookies();
255 if (cookies != null && cookies.length > 0)
256 {
257 final String sessionCookie=sessionManager.getSessionCookieConfig().getName();
258 for (int i = 0; i < cookies.length; i++)
259 {
260 if (sessionCookie.equalsIgnoreCase(cookies[i].getName()))
261 {
262 requested_session_id = cookies[i].getValue();
263 requested_session_id_from_cookie = true;
264
265 LOG.debug("Got Session ID {} from cookie",requested_session_id);
266
267 if (requested_session_id != null)
268 {
269 session = sessionManager.getHttpSession(requested_session_id);
270
271 if (session != null && sessionManager.isValid(session))
272 {
273 break;
274 }
275 }
276 else
277 {
278 LOG.warn("null session id from cookie");
279 }
280 }
281 }
282 }
283 }
284
285 if (requested_session_id == null || session == null)
286 {
287 String uri = request.getRequestURI();
288
289 String prefix = sessionManager.getSessionIdPathParameterNamePrefix();
290 if (prefix != null)
291 {
292 int s = uri.indexOf(prefix);
293 if (s >= 0)
294 {
295 s += prefix.length();
296 int i = s;
297 while (i < uri.length())
298 {
299 char c = uri.charAt(i);
300 if (c == ';' || c == '#' || c == '?' || c == '/')
301 break;
302 i++;
303 }
304
305 requested_session_id = uri.substring(s,i);
306 requested_session_id_from_cookie = false;
307 session = sessionManager.getHttpSession(requested_session_id);
308 if (LOG.isDebugEnabled())
309 LOG.debug("Got Session ID {} from URL",requested_session_id);
310 }
311 }
312 }
313
314 baseRequest.setRequestedSessionId(requested_session_id);
315 baseRequest.setRequestedSessionIdFromCookie(requested_session_id!=null && requested_session_id_from_cookie);
316 if (session != null && sessionManager.isValid(session))
317 baseRequest.setSession(session);
318 }
319
320
321
322
323
324 public void addEventListener(EventListener listener)
325 {
326 if (_sessionManager != null)
327 _sessionManager.addEventListener(listener);
328 }
329
330
331
332
333
334 public void removeEventListener(EventListener listener)
335 {
336 if (_sessionManager != null)
337 _sessionManager.removeEventListener(listener);
338 }
339
340
341 public void clearEventListeners()
342 {
343 if (_sessionManager != null)
344 _sessionManager.clearEventListeners();
345 }
346 }