import java.io.IOException;
import java.util.Collection;
-import java.util.Hashtable;
-import java.util.Iterator;
import java.util.Map;
import javax.security.auth.Subject;
import org.osgi.framework.FrameworkUtil;
import org.osgi.framework.InvalidSyntaxException;
import org.osgi.framework.ServiceReference;
-import org.osgi.framework.ServiceRegistration;
import org.osgi.service.http.HttpContext;
import org.osgi.service.useradmin.Authorization;
if (request != null) {
authorization = (Authorization) request.getAttribute(HttpContext.AUTHORIZATION);
if (authorization == null) {
- String sessionId = request.getSession().getId();
+ String httpSessionId = request.getSession().getId();
authorization = (Authorization) request.getSession().getAttribute(HttpContext.AUTHORIZATION);
if (authorization == null) {
Collection<ServiceReference<WebCmsSession>> sr;
try {
sr = bc.getServiceReferences(WebCmsSession.class,
- "(" + WebCmsSession.CMS_SESSION_ID + "=" + sessionId + ")");
+ "(" + WebCmsSession.CMS_SESSION_ID + "=" + httpSessionId + ")");
} catch (InvalidSyntaxException e) {
- throw new CmsException("Cannot get CMS session for id " + sessionId, e);
+ throw new CmsException("Cannot get CMS session for id " + httpSessionId, e);
}
if (sr.size() == 1) {
WebCmsSession cmsSession = bc.getService(sr.iterator().next());
authorization = cmsSession.getAuthorization();
if (log.isTraceEnabled())
log.trace("Retrieved authorization from " + cmsSession);
- }
+ } else if (sr.size() == 0)
+ return null;
+ else
+ throw new CmsException(
+ sr.size() + ">1 web sessions detected for http session " + httpSessionId);
}
}
}
return false;
if (request == null)
return false;
- String sessionId = request.getSession().getId();
+ String httpSessionId = request.getSession().getId();
if (authorization.getName() != null) {
request.setAttribute(HttpContext.REMOTE_USER, authorization.getName());
request.setAttribute(HttpContext.AUTHORIZATION, authorization);
Collection<ServiceReference<WebCmsSession>> sr;
try {
sr = bc.getServiceReferences(WebCmsSession.class,
- "(" + WebCmsSession.CMS_SESSION_ID + "=" + sessionId + ")");
+ "(" + WebCmsSession.CMS_SESSION_ID + "=" + httpSessionId + ")");
} catch (InvalidSyntaxException e) {
- throw new CmsException("Cannot get CMS session for id " + sessionId, e);
+ throw new CmsException("Cannot get CMS session for id " + httpSessionId, e);
}
ServiceReference<WebCmsSession> cmsSessionRef;
if (sr.size() == 1) {
cmsSessionRef = sr.iterator().next();
} else if (sr.size() == 0) {
- Hashtable<String, String> props = new Hashtable<>();
- props.put(WebCmsSession.CMS_DN, authorization.getName());
- props.put(WebCmsSession.CMS_SESSION_ID, sessionId);
- WebCmsSessionImpl cmsSessionImpl = new WebCmsSessionImpl(sessionId, authorization);
- ServiceRegistration<WebCmsSession> cmSessionReg = bc.registerService(WebCmsSession.class,
- cmsSessionImpl, props);
- cmsSessionImpl.setServiceRegistration(cmSessionReg);
- cmsSessionRef = cmSessionReg.getReference();
+ WebCmsSessionImpl cmsSessionImpl = new WebCmsSessionImpl(httpSessionId, authorization);
+ cmsSessionRef = cmsSessionImpl.getServiceRegistration().getReference();
if (log.isDebugEnabled())
log.debug("Initialized " + cmsSessionImpl + " for " + authorization.getName());
} else
- throw new CmsException(sr.size() + " CMS sessions registered for " + sessionId);
+ throw new CmsException(sr.size() + " CMS sessions registered for " + httpSessionId);
- WebCmsSession cmsSession = bc.getService(cmsSessionRef);
+ WebCmsSessionImpl cmsSession = (WebCmsSessionImpl) bc.getService(cmsSessionRef);
cmsSession.addHttpSession(request);
if (log.isTraceEnabled())
log.trace("Added " + request.getServletPath() + " to " + cmsSession + " (" + request.getRequestURI()
}
}
if (subject.getPrivateCredentials(HttpSessionId.class).size() == 0)
- subject.getPrivateCredentials().add(new HttpSessionId(sessionId));
+ subject.getPrivateCredentials().add(new HttpSessionId(httpSessionId));
else {
String storedSessionId = subject.getPrivateCredentials(HttpSessionId.class).iterator().next().getValue();
- if (storedSessionId.equals(sessionId))
+ if (storedSessionId.equals(httpSessionId))
throw new LoginException(
- "Subject already logged with session " + storedSessionId + " (not " + sessionId + ")");
+ "Subject already logged with session " + storedSessionId + " (not " + httpSessionId + ")");
}
return true;
}
@Override
public boolean logout() throws LoginException {
- String sessionId;
+ String httpSessionId;
if (subject.getPrivateCredentials(HttpSessionId.class).size() == 1)
- sessionId = subject.getPrivateCredentials(HttpSessionId.class).iterator().next().getValue();
+ httpSessionId = subject.getPrivateCredentials(HttpSessionId.class).iterator().next().getValue();
else
return false;
Collection<ServiceReference<WebCmsSession>> srs;
try {
srs = bc.getServiceReferences(WebCmsSession.class,
- "(" + WebCmsSession.CMS_SESSION_ID + "=" + sessionId + ")");
+ "(" + WebCmsSession.CMS_SESSION_ID + "=" + httpSessionId + ")");
} catch (InvalidSyntaxException e) {
- throw new CmsException("Cannot retrieve CMS session #" + sessionId, e);
+ throw new CmsException("Cannot retrieve CMS session #" + httpSessionId, e);
}
- for (Iterator<ServiceReference<WebCmsSession>> it = srs.iterator(); it.hasNext();) {
- ServiceReference<WebCmsSession> sr = it.next();
- WebCmsSession cmsSession = bc.getService(sr);
- cmsSession.cleanUp();
- if (log.isDebugEnabled())
- log.debug("Cleaned up " + cmsSession);
- }
+ if (srs.size() == 0)
+ throw new CmsException("No CMS web sesison found for http session " + httpSessionId);
+ else if (srs.size() > 1)
+ throw new CmsException(srs.size() + " CMS web sessions found for http session " + httpSessionId);
+
+ WebCmsSessionImpl cmsSession = (WebCmsSessionImpl) bc.getService(srs.iterator().next());
+ cmsSession.cleanUp();
+ subject.getPrivateCredentials().removeAll(subject.getPrivateCredentials(HttpSessionId.class));
+ if (log.isDebugEnabled())
+ log.debug("Cleaned up " + cmsSession);
return true;
}
import java.util.ArrayList;
import java.util.Date;
+import java.util.Hashtable;
import java.util.List;
import javax.servlet.http.HttpServletRequest;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.argeo.cms.auth.WebCmsSession;
+import org.osgi.framework.BundleContext;
+import org.osgi.framework.FrameworkUtil;
import org.osgi.framework.ServiceRegistration;
import org.osgi.service.http.HttpContext;
import org.osgi.service.useradmin.Authorization;
public class WebCmsSessionImpl implements WebCmsSession {
+ private final BundleContext bc = FrameworkUtil.getBundle(getClass()).getBundleContext();
private final static Log log = LogFactory.getLog(WebCmsSessionImpl.class);
private final String id;
private ServiceRegistration<WebCmsSession> serviceRegistration;
- public WebCmsSessionImpl(String id, Authorization authorization) {
- this.id = id;
+ public WebCmsSessionImpl(String sessionId, Authorization authorization) {
+ this.id = sessionId;
this.authorization = authorization;
+ // register as service
+ Hashtable<String, String> props = new Hashtable<>();
+ props.put(WebCmsSession.CMS_DN, authorization.getName());
+ props.put(WebCmsSession.CMS_SESSION_ID, sessionId);
+ serviceRegistration = bc.registerService(WebCmsSession.class, this, props);
}
public void cleanUp() {
return authorization;
}
- @Override
+ public ServiceRegistration<WebCmsSession> getServiceRegistration() {
+ return serviceRegistration;
+ }
+
public void addHttpSession(HttpServletRequest request) {
subHttpSessions.add(new SubHttpSession(request));
}
return id;
}
- public void setServiceRegistration(ServiceRegistration<WebCmsSession> serviceRegistration) {
- this.serviceRegistration = serviceRegistration;
- }
-
public String toString() {
return "CMS Session #" + id;
}
static class SubHttpSession {
private final HttpSession httpSession;
private final String sessionId;
-// private final String originalURI;
-// private final String servletPath;
+ // private final String originalURI;
+ // private final String servletPath;
private final Date start = new Date();
public SubHttpSession(HttpServletRequest request) {
this.httpSession = request.getSession();
this.sessionId = httpSession.getId();
-// this.originalURI = request.getRequestURI();
-// this.servletPath = request.getServletPath();
+ // this.originalURI = request.getRequestURI();
+ // this.servletPath = request.getServletPath();
}
public Date getStart() {
public void cleanUp() {
try {
httpSession.setAttribute(HttpContext.AUTHORIZATION, null);
- //httpSession.setMaxInactiveInterval(1);
+ // httpSession.setMaxInactiveInterval(1);
} catch (Exception e) {
log.warn("Could not clean up " + sessionId, e);
}