Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Refactored SessioManager to refresh the UserSession via an Intercepto…

…r. Should still fix some test cases
  • Loading branch information...
commit 1f51c0f25a5c8f438b8e6f119609720143e3896a 1 parent bf2ef1c
Rafael Steil authored
View
41 src/main/java/net/jforum/actions/interceptors/SessionManagerInterceptor.java
@@ -0,0 +1,41 @@
+/*
+ * Copyright (c) JForum Team. All rights reserved.
+ *
+ * The software in this package is published under the terms of the LGPL
+ * license a copy of which has been included with this distribution in the
+ * license.txt file.
+ *
+ * The JForum Project
+ * http://www.jforum.net
+ */
+package net.jforum.actions.interceptors;
+
+import net.jforum.core.SessionManager;
+import net.jforum.entities.UserSession;
+import br.com.caelum.vraptor.InterceptionException;
+import br.com.caelum.vraptor.Intercepts;
+import br.com.caelum.vraptor.core.InterceptorStack;
+import br.com.caelum.vraptor.interceptor.Interceptor;
+import br.com.caelum.vraptor.resource.ResourceMethod;
+
+@Intercepts
+public class SessionManagerInterceptor implements Interceptor {
+ private final UserSession userSession;
+ private final SessionManager sessionManager;
+
+ public SessionManagerInterceptor(UserSession userSession, SessionManager sessionManager) {
+ this.userSession = userSession;
+ this.sessionManager = sessionManager;
+ }
+
+ @Override
+ public void intercept(InterceptorStack stack, ResourceMethod method, Object resourceInstance) throws InterceptionException {
+ sessionManager.refreshSession(userSession);
+ stack.next(method, resourceInstance);
+ }
+
+ @Override
+ public boolean accepts(ResourceMethod method) {
+ return true;
+ }
+}
View
38 src/main/java/net/jforum/core/SessionManager.java
@@ -18,8 +18,6 @@
import java.util.Map;
import javax.servlet.http.Cookie;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
import net.jforum.core.exceptions.ForumException;
import net.jforum.entities.Session;
@@ -233,23 +231,21 @@ public UserSession isUserInSession(int userId) {
* authentication if the session is new or the SSO user has changed
* @throws IOException
*/
- public UserSession refreshSession(HttpServletRequest request, HttpServletResponse response) {
+ public UserSession refreshSession(UserSession userSession) {
boolean isSSOAuthentication = ConfigKeys.TYPE_SSO.equals(this.config.getValue(ConfigKeys.AUTHENTICATION_TYPE));
- request.setAttribute("sso", isSSOAuthentication);
- request.setAttribute("ssoLogout", this.config.getValue(ConfigKeys.SSO_LOGOUT));
+ userSession.getRequest().setAttribute("sso", isSSOAuthentication);
+ userSession.getRequest().setAttribute("ssoLogout", this.config.getValue(ConfigKeys.SSO_LOGOUT));
- UserSession userSession = this.getUserSession(request.getSession().getId());
int anonymousUserId = this.config.getInt(ConfigKeys.ANONYMOUS_USER_ID);
- if (userSession == null) {
- userSession = new UserSession();
- userSession.setSessionId(request.getSession().getId());
+ if (this.getUserSession(userSession.getRequest().getSession().getId()) == null) {
+ userSession.setSessionId(userSession.getRequest().getSession().getId());
userSession.setCreationTime(System.currentTimeMillis());
//if (!JForumExecutionContext.getForumContext().isBot()) {
if (true) {
if (isSSOAuthentication) {
- this.checkSSO(userSession, request);
+ this.checkSSO(userSession);
}
else {
boolean autoLoginEnabled = this.config.getBoolean(ConfigKeys.AUTO_LOGIN_ENABLED);
@@ -264,7 +260,7 @@ public UserSession refreshSession(HttpServletRequest request, HttpServletRespons
this.add(userSession);
- logger.info("Registered new userSession: " + request.getSession().getId());
+ logger.info("Registered new userSession: " + userSession.getSessionId());
}
else if (isSSOAuthentication) {
SSO sso;
@@ -277,15 +273,15 @@ else if (isSSOAuthentication) {
}
// Check if the session is valid
- if (!sso.isSessionValid(userSession, request)) {
+ if (!sso.isSessionValid(userSession)) {
User user = userSession.getUser();
logger.info("sso session is no longer valid. Forcing a refresh. username is " + (user != null ? user.getUsername() : "returned null")
- + ", jforumUserId is " + (user != null ? user.getId() : "returned null") + ". Session ID: " + request.getSession().getId());
+ + ", jforumUserId is " + (user != null ? user.getId() : "returned null") + ". Session ID: " + userSession.getSessionId());
// If the session is not valid, create a new one
this.remove(userSession.getSessionId());
- return this.refreshSession(request, response);
+ return this.refreshSession(userSession);
}
else {
if (userSession.getUser().getId() == 0) {
@@ -299,7 +295,7 @@ else if (isSSOAuthentication) {
if (user == null) {
// FIXME: now what? we didn't find the user, so something must be wrong
logger.warn(String.format("refreshSession did not find an user that should be registered. jforumUserId is %d, session ID is %s",
- userSession.getUser().getId(), request.getSession().getId()));
+ userSession.getUser().getId(), userSession.getSessionId()));
}
else {
userSession.setUser(user);
@@ -318,7 +314,7 @@ else if (isSSOAuthentication) {
logger.warn("After userSession.ping() -> userSession.getUser returned null or user.id is zero. " +
"User is null? " + ( userSession.getUser() == null ) + ". user.id is: "
+ (userSession.getUser() == null ? "getUser() returned null" : userSession.getUser().getId())
- + ". As we have a problem, will force the user to become anonymous. Session ID: " + request.getSession().getId());
+ + ". As we have a problem, will force the user to become anonymous. Session ID: " + userSession.getSessionId());
userSession.becomeAnonymous(anonymousUserId);
User anonymousUser = this.userRepository.get(userSession.getUser().getId());
@@ -337,7 +333,7 @@ else if (isSSOAuthentication) {
roleManager.setGroups(userSession.getUser().getGroups());
}
else {
- logger.warn("At last step userSession.getUser() still returned null. Ignoring the roles. Session ID: " + request.getSession().getId());
+ logger.warn("At last step userSession.getUser() still returned null. Ignoring the roles. Session ID: " + userSession.getSessionId());
}
userSession.setRoleManager(roleManager);
@@ -416,16 +412,16 @@ private void configureUserSession(UserSession userSession, User user) {
* @param userSession UserSession
* @param request TODO
*/
- private void checkSSO(UserSession userSession, HttpServletRequest request) {
+ private void checkSSO(UserSession userSession) {
try {
SSO sso = (SSO)Class.forName(this.config.getValue(ConfigKeys.SSO_IMPLEMENTATION)).newInstance();
sso.setConfig(this.config);
- String username = sso.authenticateUser(request);
+ String username = sso.authenticateUser(userSession.getRequest());
- logger.info(String.format("SSO authenticated an user with username %s. Session ID %s", username, request.getSession().getId()));
+ logger.info(String.format("SSO authenticated an user with username %s. Session ID %s", username, userSession.getSessionId()));
if (StringUtils.isEmpty(username)) {
- logger.warn(String.format("checkSSO found an empty / null username. Going anonymous. Session ID %s", request.getSession().getId()));
+ logger.warn(String.format("checkSSO found an empty / null username. Going anonymous. Session ID %s", userSession.getSessionId()));
userSession.becomeAnonymous(this.config.getInt(ConfigKeys.ANONYMOUS_USER_ID));
}
else {
View
25 src/main/java/net/jforum/entities/UserSession.java
@@ -31,7 +31,6 @@
import org.apache.log4j.Logger;
import org.springframework.web.context.request.RequestAttributes;
import org.springframework.web.context.request.RequestContextHolder;
-import org.springframework.web.context.request.ServletRequestAttributes;
import br.com.caelum.vraptor.ioc.Component;
import br.com.caelum.vraptor.ioc.SessionScoped;
@@ -51,6 +50,11 @@
private long creationTime;
private long lastVisit;
private String sessionId;
+ private final HttpServletRequest request;
+
+ public UserSession(HttpServletRequest request) {
+ this.request = request;
+ }
/**
* Flag a specific topic as "read" by the user
@@ -115,13 +119,15 @@ public RoleManager getRoleManager() {
return this.roleManager;
}
+ public HttpServletRequest getRequest() {
+ return request;
+ }
+
public String getIp() {
if(new JForumConfig().getBoolean(ConfigKeys.BLOCK_IP)) {
return null;
}
- HttpServletRequest request = this.getRequest();
-
// We look if the request is forwarded
// If it is not call the older function.
String ip = request.getHeader("X-Pounded-For");
@@ -278,7 +284,7 @@ public boolean isLogged() {
* @return The <code>Cookie</code> object if found, or <code>null</code> oterwhise
*/
public Cookie getCookie(String name) {
- Cookie[] cookies = this.getRequest().getCookies();
+ Cookie[] cookies = request.getCookies();
if (cookies != null) {
for (Cookie c : cookies) {
@@ -321,15 +327,15 @@ public void removeCookie(String name) {
}
public void setAttribute(String name, Object value) {
- this.getRequest().getSession().setAttribute(name, value);
+ request.getSession().setAttribute(name, value);
}
public Object getAttribute(String name) {
- return this.getRequest().getSession().getAttribute(name);
+ return request.getSession().getAttribute(name);
}
public void clearAllAttributes() {
- HttpSession session = this.getRequest().getSession();
+ HttpSession session = request.getSession();
for (Enumeration<?> e = session.getAttributeNames(); e.hasMoreElements(); ) {
String key = (String)e.nextElement();
@@ -353,11 +359,6 @@ public Session asSession() {
return session;
}
- private HttpServletRequest getRequest() {
- RequestAttributes attributes = RequestContextHolder.currentRequestAttributes();
- return ((ServletRequestAttributes)attributes).getRequest();
- }
-
private HttpServletResponse getResponse() {
RequestAttributes attributes = RequestContextHolder.currentRequestAttributes();
return (HttpServletResponse)attributes.getAttribute(ConfigKeys.HTTP_SERVLET_RESPONSE, RequestAttributes.SCOPE_REQUEST);
View
7 src/main/java/net/jforum/sso/RemoteUserSSO.java
@@ -28,12 +28,14 @@
* @see net.jforum.sso.SSO#authenticateUser(net.jforum.context.RequestContext)
* @param request AWebContextRequest * @return String
*/
+ @Override
public String authenticateUser(HttpServletRequest request) {
return request.getRemoteUser();
}
- public boolean isSessionValid(UserSession userSession, HttpServletRequest request) {
- String remoteUser = request.getRemoteUser();
+ @Override
+ public boolean isSessionValid(UserSession userSession) {
+ String remoteUser = userSession.getRequest().getRemoteUser();
// user has since logged out
if (remoteUser == null && userSession.getUser().getId() != this.config.getInt(ConfigKeys.ANONYMOUS_USER_ID)) {
@@ -54,6 +56,7 @@ else if (remoteUser != null && !remoteUser.equals(userSession.getUser().getUsern
/**
* @see net.jforum.sso.SSO#setConfig(net.jforum.util.JForumConfig)
*/
+ @Override
public void setConfig(JForumConfig config) {
this.config = config;
}
View
3  src/main/java/net/jforum/sso/SSO.java
@@ -38,8 +38,7 @@
* Check to see if the user for the current {@link UserSession} is the same user by single sign on mechanisim.
*
* @param userSession the current user session
- * @param request the current request
* @return if the UserSession is valid
*/
- public boolean isSessionValid(UserSession userSession, HttpServletRequest request);
+ public boolean isSessionValid(UserSession userSession);
}
View
8 src/test/java/net/jforum/core/SessionManagerTestCase.java
@@ -105,7 +105,7 @@ public void storeSessionExpectSuccess() {
one(sessionRepository).add(with(aNonNull(Session.class)));
}});
- UserSession us = new UserSession();
+ UserSession us = new UserSession(null);
us.setSessionId("123");
us.getUser().setId(2);
@@ -120,7 +120,7 @@ public void storeSessionIsAnonymousShouldIgnore() {
allowing(httpSession).getId(); will(returnValue("123"));
}});
- UserSession us = new UserSession();
+ UserSession us = new UserSession(null);
us.setSessionId("123");
us.getUser().setId(1);
@@ -463,7 +463,7 @@ public void removeModeratorShouldDecrementModeratorsOnline() {
@Test
public void addBotShouldIgnore() {
- UserSession us = new UserSession() {
+ UserSession us = new UserSession(null) {
@Override
public boolean isBot() { return true; }
@@ -532,7 +532,7 @@ private void commonAutoLoginExpectations() {
}
private UserSession newUserSession(String sessionId) {
- UserSession us = new UserSession();
+ UserSession us = new UserSession(null);
us.setSessionId(sessionId);
us.getUser().setId(1);
View
5 src/test/java/net/jforum/entities/UserSessionTestCase.java
@@ -33,7 +33,6 @@
public class UserSessionTestCase {
private Mockery context = TestCaseUtils.newMockery();
private HttpServletRequest request = context.mock(HttpServletRequest.class);
-// private HttpServletResponse response = context.mock(HttpServletResponse.class);
private HttpSession httpSession = context.mock(HttpSession.class);
private States state = context.states("userSessionState");
private Map<Integer, Long> topicsReadTime;
@@ -41,7 +40,7 @@
@Before
public void setup() {
- userSession = new UserSession();
+ userSession = new UserSession(null);
context.checking(new Expectations() {{
allowing(request).getSession(); will(returnValue(httpSession));
@@ -51,7 +50,7 @@ public void setup() {
this.loadTopicsReadTime();
}
-
+
@Test
public void isForumReadLastPostTimeNewerThanLastVisitTopicTrackingSmallerThanLastPostExpectFalse() {
state.become("logged");
View
8 src/test/java/net/jforum/sso/RemoteUserSSOTestCase.java
@@ -30,7 +30,7 @@
private Mockery context = TestCaseUtils.newMockery();
private JForumConfig config = context.mock(JForumConfig.class);
private HttpServletRequest request = context.mock(HttpServletRequest.class);
- private UserSession us = new UserSession();
+ private UserSession us = new UserSession(null);
private SSO sso;
@Test
@@ -41,7 +41,7 @@ public void remoteUserNotNullSessionUserNameDoesNotMatchExpectFalse() {
us.getUser().setUsername("another user");
- Assert.assertFalse(sso.isSessionValid(us, request));
+ Assert.assertFalse(sso.isSessionValid(us));
}
@Test
@@ -52,7 +52,7 @@ public void remoteUserNotNullAnonymousUserExpectFalse() {
us.getUser().setId(1);
- Assert.assertFalse(sso.isSessionValid(us, request));
+ Assert.assertFalse(sso.isSessionValid(us));
}
@Test
@@ -61,7 +61,7 @@ public void remoteUserNullExpectFalse() {
one(request).getRemoteUser(); will(returnValue(null));
}});
- Assert.assertFalse(sso.isSessionValid(us, request));
+ Assert.assertFalse(sso.isSessionValid(us));
}
@Before
View
6 src/test/java/net/jforum/util/GroupInteractionFilterTestCase.java
@@ -48,9 +48,9 @@ public void filterForumListing() {
u2.addGroup(g1); u2.addGroup(g2);
u3.addGroup(g3);
- final UserSession us1 = new UserSession(); us1.setSessionId("1"); us1.setUser(u1);
- final UserSession us2 = new UserSession(); us2.setSessionId("2"); us2.setUser(u2);
- final UserSession us3 = new UserSession(); us3.setSessionId("3"); us3.setUser(u3);
+ final UserSession us1 = new UserSession(null); us1.setSessionId("1"); us1.setUser(u1);
+ final UserSession us2 = new UserSession(null); us2.setSessionId("2"); us2.setUser(u2);
+ final UserSession us3 = new UserSession(null); us3.setSessionId("3"); us3.setUser(u3);
one(userSession).getUser(); will(returnValue(u1));
View
1  src/test/resources/hibernate-tests.cfg.xml
@@ -47,6 +47,5 @@
<mapping class="net.jforum.entities.PollOption" />
<mapping class="net.jforum.entities.Attachment" />
<mapping class="net.jforum.plugins.post.ForumLimitedTime" />
- <mapping class="net.jforum.plugins.tagging.Tag" />
</session-factory>
</hibernate-configuration>
Please sign in to comment.
Something went wrong with that request. Please try again.