Package org.apache.catalina

Examples of org.apache.catalina.Session


     
      MockValve mockValve = new MockValve();
     
      jvmRouteValve.setNext(mockValve);
     
      Session session = mgr.createSession(NO_JVMROUTE_ID);
      MockRequest req = new MockRequest();
      req.setSession(session.getSession());
      req.setRequestedSessionId(session.getId());
      req.setRequestedSessionIdFromURL(true);
     
      Response res = new Response();
     
      jvmRouteValve.invoke(req, res);
     
      assertSame(req, mockValve.getInvokedRequest());
      assertSame(res, mockValve.getInvokedResponse());
      assertEquals(NON_FAILOVER_ID, session.getId());
      assertEquals(null, mgr.getNewCookieIdSession());
   }
View Full Code Here


     
      MockValve mockValve = new MockValve();
     
      jvmRouteValve.setNext(mockValve);
     
      Session session = mgr.createSession(NON_FAILOVER_ID);
      MockRequest req = new MockRequest();
      req.setSession(session.getSession());
      req.setRequestedSessionId(NO_JVMROUTE_ID);
     
      Response res = new Response();
     
      jvmRouteValve.invoke(req, res);
     
      assertSame(req, mockValve.getInvokedRequest());
      assertSame(res, mockValve.getInvokedResponse());
      assertEquals(NON_FAILOVER_ID, session.getId());
      assertEquals(NON_FAILOVER_ID, mgr.getNewCookieIdSession());
   }
View Full Code Here

     
      MockValve mockValve = new MockValve();
     
      jvmRouteValve.setNext(mockValve);
     
      Session session = mgr.createSession(NON_FAILOVER_ID);
      MockRequest req = new MockRequest();
      req.setSession(session.getSession());
      req.setRequestedSessionId(NO_JVMROUTE_ID);
      req.setRequestedSessionIdFromURL(true);
     
      Response res = new Response();
     
      jvmRouteValve.invoke(req, res);
     
      assertSame(req, mockValve.getInvokedRequest());
      assertSame(res, mockValve.getInvokedResponse());
      assertEquals(NON_FAILOVER_ID, session.getId());
      assertEquals(null, mgr.getNewCookieIdSession());
   }
View Full Code Here

     
      MockValve mockValve = new MockValve();
     
      jvmRouteValve.setNext(mockValve);
     
      Session session = mgr.createSession(DOMAIN_FAILOVER_ID);
      MockRequest req = new MockRequest();
      req.setSession(session.getSession());
      req.setRequestedSessionId(session.getId());
     
      Response res = new Response();
     
      jvmRouteValve.invoke(req, res);
     
      assertSame(req, mockValve.getInvokedRequest());
      assertSame(res, mockValve.getInvokedResponse());
      assertEquals(DOMAIN_NON_FAILOVER_ID, session.getId());
      assertEquals(DOMAIN_NON_FAILOVER_ID, mgr.getNewCookieIdSession());
     
   }
View Full Code Here

       // Cache the authentication information in our request
       request.setAuthType(authType);
       request.setUserPrincipal(principal);

       Session session = request.getSessionInternal(false);
       // Cache the authentication information in our session, if any
       if (cache) {
           if (session != null) {
               session.setAuthType(authType);
               session.setPrincipal(principal);
               if (username != null)
                   session.setNote(Constants.SESS_USERNAME_NOTE, username);
               else
                   session.removeNote(Constants.SESS_USERNAME_NOTE);
               if (password != null)
                   session.setNote(Constants.SESS_PASSWORD_NOTE, password);
               else
                   session.removeNote(Constants.SESS_PASSWORD_NOTE);
           }
       }

       // Construct a cookie to be returned to the client
       if (sso == null)
View Full Code Here

                                HttpServletResponse response,
                                LoginConfig config)
        throws IOException {

        // References to objects we will need later
        Session session = null;

        // Have we already authenticated someone?
        Principal principal = request.getUserPrincipal();
        String ssoId = (String) request.getNote(Constants.REQ_SSOID_NOTE);
        if (principal != null) {
            if (log.isDebugEnabled())
                log.debug("Already authenticated '" +
                    principal.getName() + "'");
            // Associate the session with any existing SSO session
            if (ssoId != null)
                associate(ssoId, request.getSessionInternal(true));
            return (true);
        }

        // Is there an SSO session against which we can try to reauthenticate?
        if (ssoId != null) {
            if (log.isDebugEnabled())
                log.debug("SSO Id " + ssoId + " set; attempting " +
                          "reauthentication");
            // Try to reauthenticate using data cached by SSO.  If this fails,
            // either the original SSO logon was of DIGEST or SSL (which
            // we can't reauthenticate ourselves because there is no
            // cached username and password), or the realm denied
            // the user's reauthentication for some reason.
            // In either case we have to prompt the user for a logon */
            if (reauthenticateFromSSO(ssoId, request))
                return true;
        }

        // Have we authenticated this user before but have caching disabled?
        if (!cache) {
            session = request.getSessionInternal(true);
            if (log.isDebugEnabled())
                log.debug("Checking for reauthenticate in session " + session);
            String username =
                (String) session.getNote(Constants.SESS_USERNAME_NOTE);
            String password =
                (String) session.getNote(Constants.SESS_PASSWORD_NOTE);
            if ((username != null) && (password != null)) {
                if (log.isDebugEnabled())
                    log.debug("Reauthenticating username '" + username + "'");
                principal =
                    context.getRealm().authenticate(username, password);
                if (principal != null) {
                    session.setNote(Constants.FORM_PRINCIPAL_NOTE, principal);
                    if (!matchRequest(request)) {
                        register(request, response, principal,
                                 HttpServletRequest.FORM_AUTH,
                                 username, password);
                        return (true);
                    }
                }
                if (log.isDebugEnabled())
                    log.debug("Reauthentication failed, proceed normally");
            }
        }

        // Is this the re-submit of the original request URI after successful
        // authentication?  If so, forward the *original* request instead.
        if (matchRequest(request)) {
            session = request.getSessionInternal(true);
            if (log.isDebugEnabled())
                log.debug("Restore request from session '" + session.getId()
                          + "'");
            principal = (Principal)
                session.getNote(Constants.FORM_PRINCIPAL_NOTE);
            register(request, response, principal, HttpServletRequest.FORM_AUTH,
                     (String) session.getNote(Constants.SESS_USERNAME_NOTE),
                     (String) session.getNote(Constants.SESS_PASSWORD_NOTE));
            // If we're caching principals we no longer need the username
            // and password in the session, so remove them
            if (cache) {
                session.removeNote(Constants.SESS_USERNAME_NOTE);
                session.removeNote(Constants.SESS_PASSWORD_NOTE);
            }
            if (restoreRequest(request, session)) {
                if (log.isDebugEnabled())
                    log.debug("Proceed to restored request");
                return (true);
            } else {
                if (log.isDebugEnabled())
                    log.debug("Restore of original request failed");
                response.sendError(HttpServletResponse.SC_BAD_REQUEST);
                return (false);
            }
        }

        // Acquire references to objects we will need to evaluate
        MessageBytes uriMB = MessageBytes.newInstance();
        CharChunk uriCC = uriMB.getCharChunk();
        uriCC.setLimit(-1);
        String contextPath = request.getContextPath();
        String requestURI = request.getDecodedRequestURI();

        // Is this the action request from the login page?
        boolean loginAction =
            requestURI.startsWith(contextPath) &&
            requestURI.endsWith(Constants.FORM_ACTION);

        // No -- Save this request and redirect to the form login page
        if (!loginAction) {
            session = request.getSessionInternal(true);
            if (log.isDebugEnabled())
                log.debug("Save request in session '" + session.getId() + "'");
            saveRequest(request, session);
           forwardToLoginPage(request, response, config);
           return (false);
        }

        // Yes -- Validate the specified credentials and redirect
        // to the error page if they are not correct
        Realm realm = context.getRealm();
        if (characterEncoding != null) {
            request.setCharacterEncoding(characterEncoding);
        }
        String username = request.getParameter(Constants.FORM_USERNAME);
        String password = request.getParameter(Constants.FORM_PASSWORD);
        if (log.isDebugEnabled())
            log.debug("Authenticating username '" + username + "'");
        principal = realm.authenticate(username, password);
        if (principal == null) {
           forwardToErrorPage(request, response, config);
           return (false);
        }

        if (log.isDebugEnabled())
            log.debug("Authentication of '" + username + "' was successful");

        if (session == null)
            session = request.getSessionInternal(false);
        if (session == null) {
            if (containerLog.isDebugEnabled())
                containerLog.debug("User took so long to log on the session expired");
            response.sendError(HttpServletResponse.SC_REQUEST_TIMEOUT,
                               sm.getString("authenticator.sessionExpired"));
            return (false);
        }

        // Save the authenticated Principal in our session
        session.setNote(Constants.FORM_PRINCIPAL_NOTE, principal);

        // Save the username and password as well
        session.setNote(Constants.SESS_USERNAME_NOTE, username);
        session.setNote(Constants.SESS_PASSWORD_NOTE, password);

        // Redirect the user to the original request URI (which will cause
        // the original request to be restored)
        requestURI = savedRequestURL(session);
        if (log.isDebugEnabled())
View Full Code Here

     * @param request The request to be verified
     */
    protected boolean matchRequest(Request request) {

      // Has a session been created?
      Session session = request.getSessionInternal(false);
      if (session == null)
          return (false);

      // Is there a saved request?
      SavedRequest sreq = (SavedRequest)
          session.getNote(Constants.FORM_REQUEST_NOTE);
      if (sreq == null)
          return (false);

      // Is there a saved principal?
      if (session.getNote(Constants.FORM_PRINCIPAL_NOTE) == null)
          return (false);

      // Does the request URI match?
      String requestURI = request.getRequestURI();
      if (requestURI == null)
View Full Code Here

            log.trace("Already authenticated '" + principal.getName() + "'");
         return true;
      }

      Realm realm = context.getRealm();
      Session session = request.getSessionInternal(true);

      String username = getUserId(request);
      String password = getSessionCookie(request);

      //Check if there is sso id as well as sessionkey
      if (username == null || password == null)
      {
         log.trace("Username is null or password(sessionkey) is null:fallback to form auth");
         return super.authenticate(request, response, config);
      }
      principal = realm.authenticate(username, password);

      if (principal == null)
      {
         forwardToErrorPage(request, response, config);
         return false;
      }

      session.setNote(Constants.SESS_USERNAME_NOTE, username);
      session.setNote(Constants.SESS_PASSWORD_NOTE, password);
      request.setUserPrincipal(principal);

      register(request, response, principal, HttpServletRequest.FORM_AUTH, username, password);
      return true;
   }
View Full Code Here

   // Satisfy the Manager interface.  Internally we use
   // createEmptyClusteredSession to avoid a cast
   public Session createEmptySession()
   {
      Session session = null;
      try
      {
         // [JBAS-7123] Make sure we're either in the call stack where LockingValve has
         // a lock, or that we acquire one ourselves
         boolean inLockingValve = SessionReplicationContext.isLocallyActive();
View Full Code Here

   /**
    * {@inheritDoc}
    */
   public Session createSession(String sessionId)
   { 
      Session session = null;
      try
      {
         // [JBAS-7123] Make sure we're either in the call stack where LockingValve has
         // a lock, or that we acquire one ourselves
         boolean inLockingValve = SessionReplicationContext.isLocallyActive();
View Full Code Here

TOP

Related Classes of org.apache.catalina.Session

Copyright © 2018 www.massapicom. All rights reserved.
All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.