Examples of org.apache.tomcat.core.ServerSession

• org.apache.tomcat.core.ServerSession
  Server representation of a Session. - recyclable - serializable ( by external components ) Components: - timestamp ( expire ) - id - name/value repository @author Craig R. McClanahan @author Jon S. Stevens @author Costin Manolache

  return 0;
    }

    // Fix for URL rewriting
    private String fixURLRewriting(Request req, String redirectURI ) {
  ServerSession session=req.getSession( false );
  if( session != null &&
      Request.SESSIONID_FROM_URL.equals(req.getSessionIdSource()))  {
      String id=";jsessionid="+req.getSessionId() ;
      redirectURI += id ;
  }

  req.setNote( passwordNote , unencoded.substring(colon + 1));
    }


    private void formCredentials( Request req  ) {
  ServerSession session=(ServerSession)req.getSession( false );

  if( session == null )
      return; // not authenticated

  // XXX The attributes are set on the first access.
  // It is possible for a servlet to set the attributes and
  // bypass the security checking - but that's ok, since
  // everything happens inside a web application and all servlets
  // are in the same domain.
  String username=(String)session.getAttribute("j_username");
  String password=(String)session.getAttribute("j_password");

  if( username!=null && password!=null) {
      req.setNote( userNote , username );
      req.setNote( passwordNote, password);
  }

  SimpleSessionManager sMnew = getManager( newC );

  // remove all non-serializable objects from session
  Enumeration sessionEnum=sM.getSessions();
  while( sessionEnum.hasMoreElements() ) {
      ServerSession session = (ServerSession)sessionEnum.nextElement();
      ServerSession newS = sMnew.cloneSession(req, newC,
                session.getId().toString());
      Enumeration e = session.getAttributeNames();
      while( e.hasMoreElements() ) {
    String key = (String) e.nextElement();
    Object value = session.getAttribute(key);
    newS.setAttribute(key, value);
      }
  }
  newC.getContainer().setNote(SESSIONS_RELOAD, req);
    }

  SimpleSessionManager sM = getManager( ctx );

  // remove all non-serializable objects from session
  Enumeration sessionEnum=sM.getSessions();
  while( sessionEnum.hasMoreElements() ) {
      ServerSession session = (ServerSession)sessionEnum.nextElement();
      processSession(session,  oldLoader, newLoader);
  }
    }

  Context ctx=request.getContext();
  if( ctx==null ) return null;

  SimpleSessionManager sM = getManager( ctx );

  ServerSession sess=sM.findSession( sessionId );
  if( sess!= null ) return sess;

  if( ! create ) return null; // not found, don't create

  if ((maxActiveSessions >= 0) &&
      (sM.getSessionCount() >= maxActiveSessions)) {
      log( "Too many sessions " + maxActiveSessions );
      return null;
  }

  ServerSession newS=sM.getNewSession(request, ctx);
  if( newS==null ) {
      log( "Create session failed " );
      return null;
  }

  SimpleSessionManager sm=getManager(ctx);
  Enumeration ids = sm.getSessionIds();
  while (ids.hasMoreElements()) {
      String id = (String) ids.nextElement();
      ServerSession session = sm.findSession(id);
      if (!session.getTimeStamp().isValid())
    continue;
      if( debug > 0 )
    log( "Shuting down " + id );
      session.setState( ServerSession.STATE_SUSPEND );
      session.setState( ServerSession.STATE_EXPIRED );
      session.setState( ServerSession.STATE_INVALID );
  }
    }

      //      session.removeAllAttributes();
  }

  public ServerSession getNewSession(Request req, Context ctx) {
      // Recycle or create a Session instance
      ServerSession session = (ServerSession)recycled.get();
      if (session == null) {
    session = ctx.getContextManager().createServerSession();
    session.setManager( this );
    session.setDebug( debug );
      }
      session.setContext( ctx );

      session.setState( ServerSession.STATE_NEW, req );

      // The id will be set by one of the modules
      String newId=session.getId().toString();

//XXXXX - the following is a temporary fix only!  Underlying problem
//        is:  Why is the newId==null?

      newId=(newId==null)?"null":newId;

      // What if the newId belongs to an existing session ?
      // This shouldn't happen ( maybe we can try again ? )
      ServerSession oldS=findSession( newId );
      if( oldS!=null) {
    // that's what the original code did
    oldS.setState( ServerSession.STATE_EXPIRED );
    oldS.recycle();
    oldS.setState( ServerSession.STATE_INVALID );
      }
      sessions.put( newId, session );
      return (session);
  }

    public void doService(Request req, Response res)
  throws Exception
    {
  Context ctx=req.getContext();

  ServerSession session=req.getSession( false );
  // we didn't had a session
  boolean noSession= ( session==null );
  if( debug>0 ) log( "Form handler called with no session ");

  String page=ctx.getFormLoginPage();
  String errorPage=ctx.getFormErrorPage();
  // assert errorPage!=null ( AccessInterceptor will check
  // that and enable form login only if everything is ok

  session=(ServerSession)req.getSession( true );
  String username=(String)session.getAttribute( "j_username" );

  if( debug>0) log( "Username = " + username);

  String originalLocation = req.requestURI().toString();

        //XXX is needed to put the JVM route too?
        if (noSession
      || Request.SESSIONID_FROM_URL.equals(req.getSessionIdSource()))  {
      // If new session we have no way to know if cookies are supported
      String id=";jsessionid="+req.getSessionId() ;
            originalLocation += id ;
            page += id ;
  }
  if (req.queryString().toString() != null
                && !req.queryString().toString().equals(""))
      originalLocation += "?" + req.queryString().toString();
  session.setAttribute( "tomcat.auth.originalLocation",
            originalLocation);


  if( username != null ) {
      // 401 with existing j_username - that means wrong credentials.
      // Next time we'll have a fresh start
      session.removeAttribute( "j_username");
      session.removeAttribute( "j_password");
      req.setAttribute("javax.servlet.error.message",
           errorPage );
      if( debug>0) log( "Redirecting to " + errorPage );
      contextM.handleStatus( req, res, 302 ); // redirect
      return;

  // that and enable form login only if everything is ok

  if( debug > 0 )
      log( " user/pass= " + username + " " + password );

  ServerSession session=(ServerSession)req.getSession( false );
  if( session == null ) {
      ctx.log("From login without a session ");
      req.setAttribute("javax.servlet.error.message",
           errorPage );
      contextM.handleStatus( req, res, 302 ); // redirect
      return;
  }
  session.setAttribute( "j_username", username );
  session.setAttribute( "j_password", password );

  String origLocation=(String)session.
      getAttribute( "tomcat.auth.originalLocation");

  if( debug > 0)
      log("Redirect2: " + origLocation);

      sessions.put( newId, session );
      return (session);
  }
  public ServerSession cloneSession(Request req, Context ctx, String oldS) {
      // Recycle or create a Session instance
      ServerSession session = (ServerSession)recycled.get();
      if (session == null) {
    session = ctx.getContextManager().createServerSession();
    session.setManager( this );
    session.setDebug( debug );
      }
      session.setContext( ctx );

      session.setState( ServerSession.STATE_NEW, req );

      session.getId().setString(oldS);

      // The id will be set by one of the modules
      String newId=session.getId().toString();

//XXXXX - the following is a temporary fix only!  Underlying problem
//        is:  Why is the newId==null?

      newId=(newId==null)?"null":newId;