Examples of OHttpSession

• com.orientechnologies.orient.server.network.protocol.http.OHttpSession
  Handles session information. @author Luca Garulli

Examples of com.orientechnologies.orient.server.network.protocol.http.OHttpSession

     iRequest.databaseName = urlParts[1];
     final List<String> authenticationParts = iRequest.authorization != null ? OStringSerializerHelper.split(iRequest.authorization,
         ':') : null;

     OHttpSession currentSession;
     if (iRequest.sessionId != null && iRequest.sessionId.length() > 1) {
       currentSession = OHttpSessionManager.getInstance().getSession(iRequest.sessionId);
       if (currentSession != null && authenticationParts != null) {
         if (!currentSession.getUserName().equals(authenticationParts.get(0))) {
           // CHANGED USER, INVALIDATE THE SESSION
           currentSession = null;
         }
       }
     } else
       currentSession = null;

     if (currentSession == null) {
       // NO SESSION
       if (iRequest.authorization == null || SESSIONID_LOGOUT.equals(iRequest.sessionId)) {
         iResponse.setSessionId(SESSIONID_UNAUTHORIZED);
         sendAuthorizationRequest(iRequest, iResponse, iRequest.databaseName);
         return false;
       } else
         return authenticate(iRequest, iResponse, authenticationParts, iRequest.databaseName);

     } else {
       // CHECK THE SESSION VALIDITY
       if (!currentSession.getDatabaseName().equals(iRequest.databaseName)) {

         // SECURITY PROBLEM: CROSS DATABASE REQUEST!
         OLogManager.instance().warn(this,
             "Session %s is trying to access to the database '%s', but has been authenticated against the database '%s'",
             iRequest.sessionId, iRequest.databaseName, currentSession.getDatabaseName());
         OHttpSessionManager.getInstance().removeSession(iRequest.sessionId);
         sendAuthorizationRequest(iRequest, iResponse, iRequest.databaseName);
         return false;

       } else if (authenticationParts != null && !currentSession.getUserName().equals(authenticationParts.get(0))) {

         // SECURITY PROBLEM: CROSS DATABASE REQUEST!
         OLogManager.instance().warn(this,
             "Session %s is trying to access to the database '%s' with user '%s', but has been authenticated with user '%s'",
             iRequest.sessionId, iRequest.databaseName, authenticationParts.get(0), currentSession.getUserName());
         OHttpSessionManager.getInstance().removeSession(iRequest.sessionId);
         sendAuthorizationRequest(iRequest, iResponse, iRequest.databaseName);
         return false;
       }

Examples of com.orientechnologies.orient.server.network.protocol.http.OHttpSession

     iResponse.send(OHttpUtils.STATUS_AUTH_CODE, OHttpUtils.STATUS_AUTH_DESCRIPTION, OHttpUtils.CONTENT_TEXT_PLAIN,
         "401 Unauthorized.", header, false);
   }

   protected ODatabaseDocumentTx getProfiledDatabaseInstance(final OHttpRequest iRequest) throws InterruptedException {
     final OHttpSession session = OHttpSessionManager.getInstance().getSession(iRequest.sessionId);

     if (session == null)
       throw new OSecurityAccessException(iRequest.databaseName, "No session active");

     // after authentication, if current login user is different compare with current DB user, reset DB user to login user
     ODatabaseRecordInternal localDatabase = ODatabaseRecordThreadLocal.INSTANCE.getIfDefined();

     if (localDatabase == null) {
       localDatabase = (ODatabaseDocumentTx) server.openDatabase("document", iRequest.databaseName, session.getUserName(),
           session.getUserPassword());
     } else {

       String currentUserId = iRequest.data.currentUserId;
       if (currentUserId != null && currentUserId.length() > 0 && localDatabase != null && localDatabase.getUser() != null) {
         if (!currentUserId.equals(localDatabase.getUser().getDocument().getIdentity().toString())) {