File Source: RollerSession.java
1 /*
2 * Licensed to the Apache Software Foundation (ASF) under one or more
3 * contributor license agreements. The ASF licenses this file to You
4 * under the Apache License, Version 2.0 (the "License"); you may not
5 * use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License. For additional information regarding
15 * copyright in this work, please see the NOTICE file in the top level
16 * directory of this distribution.
17 */
18
19 package org.apache.roller.weblogger.ui.core;
20
21 import java.io.Serializable;
22 import java.security.Principal;
23
24 import javax.servlet.http.HttpServletRequest;
25 import javax.servlet.http.HttpSession;
26 import javax.servlet.http.HttpSessionActivationListener;
27 import javax.servlet.http.HttpSessionEvent;
28 import javax.servlet.http.HttpSessionListener;
29 import org.apache.commons.logging.Log;
30 import org.apache.commons.logging.LogFactory;
31 import org.apache.roller.weblogger.WebloggerException;
32 import org.apache.roller.weblogger.config.WebloggerConfig;
33 import org.apache.roller.weblogger.business.WebloggerFactory;
34 import org.apache.roller.weblogger.business.UserManager;
35 import org.apache.roller.weblogger.pojos.User;
36 import org.apache.roller.weblogger.ui.core.security.AutoProvision;
37
38
39 /**
40 * Roller session handles session startup and shutdown.
41 *
42 * @web.listener
43 */
/*
P/P * Method: void org.apache.roller.weblogger.ui.core.RollerSession()
*
* Postconditions:
* this.userId == null
*/
44 public class RollerSession
45 implements HttpSessionListener, HttpSessionActivationListener, Serializable {
46
47 static final long serialVersionUID = 5890132909166913727L;
48
49 // the id of the user represented by this session
50 private String userId = null;
51
/*
P/P * Method: org.apache.roller.weblogger.ui.core.RollerSession__static_init
*
* Postconditions:
* init'ed(log)
*/
52 private static Log log = LogFactory.getLog(RollerSession.class);
53
54 public static final String ROLLER_SESSION = "org.apache.roller.weblogger.rollersession";
55 public static final String ERROR_MESSAGE = "rollererror_message";
56 public static final String STATUS_MESSAGE = "rollerstatus_message";
57
58
59 /**
60 * Get RollerSession from request (and add user if not already present).
61 */
62 public static RollerSession getRollerSession(HttpServletRequest request) {
/*
P/P * Method: RollerSession getRollerSession(HttpServletRequest)
*
* Preconditions:
* request != null
* (soft) log != null
* (soft) org/apache/roller/weblogger/ui/core/RollerContext.log != null
* (soft) org/apache/roller/weblogger/ui/core/security/BasicUserAutoProvision.log != null
* (soft) init'ed(org/apache/roller/weblogger/ui/core/security/CustomUserRegistry.DEFAULT_EMAIL_LDAP_ATTRIBUTE)
* (soft) init'ed(org/apache/roller/weblogger/ui/core/security/CustomUserRegistry.DEFAULT_LOCALE_LDAP_ATTRIBUTE)
* (soft) init'ed(org/apache/roller/weblogger/ui/core/security/CustomUserRegistry.DEFAULT_NAME_LDAP_ATTRIBUTE)
* (soft) init'ed(org/apache/roller/weblogger/ui/core/security/CustomUserRegistry.DEFAULT_SNAME_LDAP_ATTRIBUTE)
* (soft) init'ed(org/apache/roller/weblogger/ui/core/security/CustomUserRegistry.DEFAULT_TIMEZONE_LDAP_ATTRIBUTE)
* (soft) init'ed(org/apache/roller/weblogger/ui/core/security/CustomUserRegistry.EMAIL_LDAP_PROPERTY)
* ...
*
* Presumptions:
* org.apache.roller.weblogger.business.Weblogger:getUserManager(...)@76 != null
* org.apache.roller.weblogger.business.WebloggerFactory:getWeblogger(...)@76 != null
* org.apache.roller.weblogger.pojos.User:getEnabled(...)@93 != null
*
* Postconditions:
* init'ed(return_value)
* new RollerSession(getRollerSession#1) num objects <= 1
* init'ed(new RollerSession(getRollerSession#1).userId)
*
* Test Vectors:
* java.lang.Boolean:booleanValue(...)@93: {0}, {1}
* javax.servlet.http.HttpServletRequest:getSession(...)@64: Addr_Set{null}, Inverse{null}
* javax.servlet.http.HttpServletRequest:getUserPrincipal(...)@73: Addr_Set{null}, Inverse{null}
* javax.servlet.http.HttpSession:getAttribute(...)@66: Inverse{null}, Addr_Set{null}
* org.apache.roller.weblogger.business.UserManager:getUserByUserName(...)@77: Inverse{null}, Addr_Set{null}
* org.apache.roller.weblogger.config.WebloggerConfig:getBooleanProperty(...)@81: {0}, {1}
*/
63 RollerSession rollerSession = null;
64 HttpSession session = request.getSession(false);
65 if (session != null) {
66 rollerSession = (RollerSession)session.getAttribute(ROLLER_SESSION);
67 if (rollerSession == null) {
68 // HttpSession with no RollerSession?
69 // Must be a session that was de-serialized from a previous run.
70 rollerSession = new RollerSession();
71 session.setAttribute(ROLLER_SESSION, rollerSession);
72 }
73 Principal principal = request.getUserPrincipal();
74 if (rollerSession.getAuthenticatedUser() == null && principal != null) {
75 try {
76 UserManager umgr = WebloggerFactory.getWeblogger().getUserManager();
77 User user = umgr.getUserByUserName(principal.getName());
78
79 // try one time to auto-provision, only happens if user==null
80 // which means installation has SSO-enabled in security.xml
81 if(user == null && WebloggerConfig.getBooleanProperty("users.sso.autoProvision.enabled")) {
82 // provisioning enabled, get provisioner and execute
83 AutoProvision provisioner = RollerContext.getAutoProvision();
84 if(provisioner != null) {
85 boolean userProvisioned = provisioner.execute();
+ 86 if(userProvisioned) {
87 // try lookup again real quick
88 user = umgr.getUserByUserName(principal.getName());
89 }
90 }
91 }
92 // only set authenticated user if user is enabled
93 if(user != null && user.getEnabled().booleanValue()) {
94 rollerSession.setAuthenticatedUser(user);
95 }
96 } catch (WebloggerException e) {
97 log.error("ERROR: getting user object",e);
98 }
99 }
100 }
101
102 return rollerSession;
103 }
104
105
106 /** Create session's Roller instance */
107 public void sessionCreated(HttpSessionEvent se) {
/*
P/P * Method: void sessionCreated(HttpSessionEvent)
*
* Preconditions:
* se != null
*
* Presumptions:
* javax.servlet.http.HttpSessionEvent:getSession(...)@109 != null
*/
108 RollerSession rollerSession = new RollerSession();
109 se.getSession().setAttribute(ROLLER_SESSION, rollerSession);
110 }
111
112
113 public void sessionDestroyed(HttpSessionEvent se) {
/*
P/P * Method: void sessionDestroyed(HttpSessionEvent)
*
* Preconditions:
* se != null
* (soft) log != null
*/
114 clearSession(se);
115 }
116
117
118 /** Init session as if it was new */
119 public void sessionDidActivate(HttpSessionEvent se) {
/*
P/P * Method: void sessionDidActivate(HttpSessionEvent)
*/
120 }
121
122
123 /**
124 * Purge session before passivation. Because Roller currently does not
125 * support session recovery, failover, migration, or whatever you want
126 * to call it when sessions are saved and then restored at some later
127 * point in time.
128 */
129 public void sessionWillPassivate(HttpSessionEvent se) {
/*
P/P * Method: void sessionWillPassivate(HttpSessionEvent)
*
* Preconditions:
* se != null
* (soft) log != null
*/
130 clearSession(se);
131 }
132
133
134 /**
135 * Authenticated user associated with this session.
136 */
137 public User getAuthenticatedUser() {
138
/*
P/P * Method: User getAuthenticatedUser()
*
* Preconditions:
* init'ed(this.userId)
* (soft) log != null
*
* Presumptions:
* org.apache.roller.weblogger.business.Weblogger:getUserManager(...)@142 != null
* org.apache.roller.weblogger.business.WebloggerFactory:getWeblogger(...)@142 != null
*
* Postconditions:
* init'ed(return_value)
*
* Test Vectors:
* this.userId: Addr_Set{null}, Inverse{null}
*/
139 User authenticUser = null;
140 if(userId != null) {
141 try {
142 UserManager mgr = WebloggerFactory.getWeblogger().getUserManager();
143 authenticUser = mgr.getUser(userId);
144 } catch (WebloggerException ex) {
145 log.warn("Error looking up authenticated user "+userId, ex);
146 }
147 }
148
149 return authenticUser;
150 }
151
152
153 /**
154 * Authenticated user associated with this session.
155 */
156 public void setAuthenticatedUser(User authenticatedUser) {
/*
P/P * Method: void setAuthenticatedUser(User)
*
* Preconditions:
* authenticatedUser != null
*
* Postconditions:
* init'ed(this.userId)
*/
157 this.userId = authenticatedUser.getId();
158 }
159
160
161 private void clearSession(HttpSessionEvent se) {
/*
P/P * Method: void clearSession(HttpSessionEvent)
*
* Preconditions:
* se != null
* (soft) log != null
*
* Presumptions:
* javax.servlet.http.HttpSessionEvent:getSession(...)@162 != null
*/
162 HttpSession session = se.getSession();
163 try {
164 session.removeAttribute(ROLLER_SESSION);
165 } catch (Throwable e) {
166 if (log.isDebugEnabled()) {
167 // ignore purge exceptions
168 log.debug("EXCEPTION PURGING session attributes",e);
169 }
170 }
171 }
172
173 }
SofCheck Inspector Build Version : 2.18479
| RollerSession.java |
2009-Jan-02 14:25:12 |
| RollerSession.class |
2009-Sep-04 03:12:44 |