From 8b4e13dbeaada1d578358c9ac5f4dd3ae0faa35c Mon Sep 17 00:00:00 2001 From: Greg Wilkins Date: Tue, 20 Aug 2024 15:14:37 +1000 Subject: [PATCH] Jetty 12.1.x 12088 core requested session ID source (#12145) add isRequestedSessionIdFromCookie/URL for core request Co-authored-by: Jan Bartel --- .../server/session/SessionDocs.java | 2 +- .../security/openid/OpenIdAuthenticator.java | 10 +- .../jaas/JAASLdapLoginServiceTest.java | 1 - .../jetty/session/AbstractSessionManager.java | 126 +++++++++++++----- .../eclipse/jetty/session/SessionHandler.java | 20 ++- .../jetty/session/SessionHandlerTest.java | 20 ++- .../org/eclipse/jetty/util/Attributes.java | 9 +- .../jetty/ee10/servlet/ServletApiRequest.java | 14 +- .../ee10/servlet/ServletContextRequest.java | 2 + .../jetty/ee10/servlet/SessionHandler.java | 22 +-- .../jetty/ee11/servlet/ServletApiRequest.java | 14 +- .../ee11/servlet/ServletContextRequest.java | 2 + .../jetty/ee11/servlet/SessionHandler.java | 22 +-- .../jetty/ee9/nested/ContextHandler.java | 14 +- .../org/eclipse/jetty/ee9/nested/Request.java | 12 +- .../jetty/ee9/nested/SessionHandler.java | 2 +- .../jetty/ee9/nested/ResponseTest.java | 8 +- 17 files changed, 205 insertions(+), 95 deletions(-) diff --git a/documentation/jetty/modules/code/examples/src/main/java/org/eclipse/jetty/docs/programming/server/session/SessionDocs.java b/documentation/jetty/modules/code/examples/src/main/java/org/eclipse/jetty/docs/programming/server/session/SessionDocs.java index 5f6da14053d..51264ad1180 100644 --- a/documentation/jetty/modules/code/examples/src/main/java/org/eclipse/jetty/docs/programming/server/session/SessionDocs.java +++ b/documentation/jetty/modules/code/examples/src/main/java/org/eclipse/jetty/docs/programming/server/session/SessionDocs.java @@ -95,7 +95,7 @@ public class SessionDocs org.eclipse.jetty.session.SessionHandler sessionHandler = new org.eclipse.jetty.session.SessionHandler(); sessionHandler.setSessionCookie("SIMPLE"); sessionHandler.setUsingCookies(true); - sessionHandler.setUsingURLs(false); + sessionHandler.setUsingUriParameters(false); sessionHandler.setSessionPath("/"); server.setHandler(sessionHandler); sessionHandler.setHandler(new Handler.Abstract() diff --git a/jetty-core/jetty-openid/src/main/java/org/eclipse/jetty/security/openid/OpenIdAuthenticator.java b/jetty-core/jetty-openid/src/main/java/org/eclipse/jetty/security/openid/OpenIdAuthenticator.java index 16fab5da110..ed9a6026a86 100644 --- a/jetty-core/jetty-openid/src/main/java/org/eclipse/jetty/security/openid/OpenIdAuthenticator.java +++ b/jetty-core/jetty-openid/src/main/java/org/eclipse/jetty/security/openid/OpenIdAuthenticator.java @@ -444,14 +444,12 @@ public class OpenIdAuthenticator extends LoginAuthenticator return AuthenticationState.SEND_FAILURE; } - // TODO: No session API to work this out? - /* - if (request.isRequestedSessionIdFromURL()) + String sessionIdFrom = (String)request.getAttribute("org.eclipse.jetty.session.RequestedSession.sessionIdFrom"); + if (sessionIdFrom != null && !sessionIdFrom.startsWith("cookie")) { - sendError(req, res, cb, "Session ID must be a cookie to support OpenID authentication"); - return Authentication.SEND_FAILURE; + sendError(request, response, cb, "Session ID must be a cookie to support OpenID authentication"); + return AuthenticationState.SEND_FAILURE; } - */ // Handle a request for authentication. if (isJSecurityCheck(uri)) diff --git a/jetty-core/jetty-security/src/test/java/org/eclipse/jetty/security/jaas/JAASLdapLoginServiceTest.java b/jetty-core/jetty-security/src/test/java/org/eclipse/jetty/security/jaas/JAASLdapLoginServiceTest.java index e2692df08b5..78c73152914 100644 --- a/jetty-core/jetty-security/src/test/java/org/eclipse/jetty/security/jaas/JAASLdapLoginServiceTest.java +++ b/jetty-core/jetty-security/src/test/java/org/eclipse/jetty/security/jaas/JAASLdapLoginServiceTest.java @@ -396,5 +396,4 @@ public class JAASLdapLoginServiceTest extends AbstractLdapTestUnit return null; } } - } diff --git a/jetty-core/jetty-session/src/main/java/org/eclipse/jetty/session/AbstractSessionManager.java b/jetty-core/jetty-session/src/main/java/org/eclipse/jetty/session/AbstractSessionManager.java index 7f2834fb285..d4e894c3ea7 100644 --- a/jetty-core/jetty-session/src/main/java/org/eclipse/jetty/session/AbstractSessionManager.java +++ b/jetty-core/jetty-session/src/main/java/org/eclipse/jetty/session/AbstractSessionManager.java @@ -40,6 +40,7 @@ import org.eclipse.jetty.server.Request; import org.eclipse.jetty.server.Server; import org.eclipse.jetty.server.Session; import org.eclipse.jetty.server.handler.ContextHandler; +import org.eclipse.jetty.util.Attributes; import org.eclipse.jetty.util.Callback; import org.eclipse.jetty.util.StringUtil; import org.eclipse.jetty.util.URIUtil; @@ -981,24 +982,6 @@ public abstract class AbstractSessionManager extends ContainerLifeCycle implemen _usingUriParameters = usingUriParameters; } - /** - * @deprecated use {@link #isUsingUriParameters()} instead, will be removed in Jetty 12.1.0 - */ - @Deprecated(since = "12.0.1", forRemoval = true) - public boolean isUsingURLs() - { - return isUsingUriParameters(); - } - - /** - * @deprecated use {@link #setUsingUriParameters(boolean)} instead, will be removed in Jetty 12.1.0 - */ - @Deprecated(since = "12.0.1", forRemoval = true) - public void setUsingURLs(boolean usingURLs) - { - setUsingUriParameters(usingURLs); - } - /** * Create a new Session, using the requested session id if possible. * @param request the inbound request @@ -1229,7 +1212,7 @@ public abstract class AbstractSessionManager extends ContainerLifeCycle implemen { //Cookie[] cookies = request.getCookies(); List cookies = Request.getCookies(request); - if (cookies != null && cookies.size() > 0) + if (!cookies.isEmpty()) { final String sessionCookie = getSessionCookie(); for (HttpCookie cookie : cookies) @@ -1279,7 +1262,7 @@ public abstract class AbstractSessionManager extends ContainerLifeCycle implemen } if (ids == null) - return NO_REQUESTED_SESSION; + return RequestedSession.NO_REQUESTED_SESSION; if (LOG.isDebugEnabled()) LOG.debug("Got Session IDs {} from cookies {}", ids, cookieIds); @@ -1319,8 +1302,7 @@ public abstract class AbstractSessionManager extends ContainerLifeCycle implemen { //we already have a valid session and now have a duplicate ID for it if (LOG.isDebugEnabled()) - LOG.debug(duplicateSession( - requestedSessionId, true, requestedSessionIdFromCookie, + LOG.debug(duplicateSession(requestedSessionId, requestedSessionIdFromCookie, id, false, i < cookieIds)); } else @@ -1350,26 +1332,27 @@ public abstract class AbstractSessionManager extends ContainerLifeCycle implemen } throw new BadMessageException(duplicateSession( - requestedSessionId, true, requestedSessionIdFromCookie, + requestedSessionId, requestedSessionIdFromCookie, id, true, i < cookieIds)); } else if (LOG.isDebugEnabled()) { LOG.debug(duplicateSession( - requestedSessionId, true, requestedSessionIdFromCookie, + requestedSessionId, requestedSessionIdFromCookie, id, false, i < cookieIds)); } } } - return new RequestedSession((session != null && session.isValid()) ? session : null, requestedSessionId, requestedSessionIdFromCookie); + return new RequestedSession((session != null && session.isValid()) ? session : null, requestedSessionId, + requestedSessionIdFromCookie ? RequestedSession.ID_FROM_COOKIE : RequestedSession.ID_FROM_URI_PARAMETER); } - private static String duplicateSession(String id0, boolean valid0, boolean cookie0, String id1, boolean valid1, boolean cookie1) + private static String duplicateSession(String id0, boolean fromCookie0, String id1, boolean valid1, boolean fromCookie1) { return "Duplicate sessions: %s[%s,%s] & %s[%s,%s]".formatted( - id0, valid0 ? "valid" : "unknown", cookie0 ? "cookie" : "param", - id1, valid1 ? "valid" : "unknown", cookie1 ? "cookie" : "param"); + id0, "valid", fromCookie0 ? RequestedSession.ID_FROM_COOKIE : RequestedSession.ID_FROM_URI_PARAMETER, + id1, valid1 ? "valid" : "unknown", fromCookie1 ? RequestedSession.ID_FROM_COOKIE : RequestedSession.ID_FROM_URI_PARAMETER); } /** @@ -1379,12 +1362,89 @@ public abstract class AbstractSessionManager extends ContainerLifeCycle implemen { _sessionCache.shutdown(); } - - public record RequestedSession(ManagedSession session, String sessionId, boolean sessionIdFromCookie) - { - } - private static final RequestedSession NO_REQUESTED_SESSION = new RequestedSession(null, null, false); + /** + * Details of the requested session. + * Session implementations should make an instance of this record available as a hidden (not in name set) request + * attribute for the name "org.eclipse.jetty.session.AbstractSessionManager$RequestedSession" + * @param session The {@link Session} associated with the ID, which may have been invalidated or changed ID since the + * request was received; or {@code null} if no session existed matching the requested ID. + * @param sessionId The requested session ID. + * @param sessionIdFrom A {@link String} representing the source of the session ID. Common values include: + * {@link #ID_FROM_COOKIE} or {@link #ID_FROM_URI_PARAMETER} if there is no ID. + */ + public record RequestedSession(ManagedSession session, String sessionId, String sessionIdFrom) + { + public static final RequestedSession NO_REQUESTED_SESSION = new RequestedSession(null, null, null); + public static final String ATTRIBUTE = "org.eclipse.jetty.session.RequestedSession"; + public static final String ID_FROM_COOKIE = "cookie"; + public static final String ID_FROM_URI_PARAMETER = "uri"; + + /** + * Get the {@code RequestedSession} by attribute + * @param request The attributes to query + * @return The found {@code RequestedSession} or {@link #NO_REQUESTED_SESSION} if none found. Never {@code null}. + */ + public static RequestedSession byAttribute(Attributes request) + { + RequestedSession requestedSession = (RequestedSession)request.getAttribute(ATTRIBUTE); + return requestedSession == null ? NO_REQUESTED_SESSION : requestedSession; + } + + /** + * @param name An attribute name + * @return {@code true} if the attribute name is applicable to a requested session. + * @see #getAttribute(String) + */ + public static boolean isApplicableAttribute(String name) + { + return name != null && name.startsWith(ATTRIBUTE); + } + + /** + * Get attributes asssociated with this requested session: + *
    + *
  • `org.eclipse.jetty.session.RequestedSession` this instance.
  • + *
  • `org.eclipse.jetty.session.RequestedSession.session` the {@link #session()}.
  • + *
  • `org.eclipse.jetty.session.RequestedSession.sessionId` the {@link #sessionId()}.
  • + *
  • `org.eclipse.jetty.session.RequestedSession.sessionIdFrom` the {@link #sessionIdFrom()}.
  • + *
+ * @param name An attributed name + * @return the attribute value or {@code null} + */ + public Object getAttribute(String name) + { + if (name == null || name.length() < ATTRIBUTE.length()) + return null; + + if (ATTRIBUTE.equals(name)) + return this; + + if (name.startsWith(ATTRIBUTE) && name.charAt(ATTRIBUTE.length()) == '.') + { + return switch (name.substring(ATTRIBUTE.length() + 1)) + { + case "session" -> session(); + case "sessionId" -> sessionId(); + case "sessionIdFrom" -> sessionIdFrom(); + default -> null; + }; + } + + return null; + } + + /** + * Test if this {@code RequestedSession} ID is from a particular session source + * @param source A {@link String} representing the source of the session ID. Common values include: + * {@link #ID_FROM_COOKIE} or {@link #ID_FROM_URI_PARAMETER} if there is no ID. + * @return {@code True} iff this {@code RequestedSession} ID is from the source. + */ + public boolean isSessionIdFrom(String source) + { + return source != null && source.equals(sessionIdFrom); + } + } /** * A session cookie is marked as secure IFF any of the following conditions are true: diff --git a/jetty-core/jetty-session/src/main/java/org/eclipse/jetty/session/SessionHandler.java b/jetty-core/jetty-session/src/main/java/org/eclipse/jetty/session/SessionHandler.java index c847d7c9474..3e71cc1f05f 100644 --- a/jetty-core/jetty-session/src/main/java/org/eclipse/jetty/session/SessionHandler.java +++ b/jetty-core/jetty-session/src/main/java/org/eclipse/jetty/session/SessionHandler.java @@ -82,10 +82,10 @@ public class SessionHandler extends AbstractSessionManager implements Handler.Si return null; } - private class SessionRequest extends Request.Wrapper + public class SessionRequest extends Request.Wrapper { private final AtomicReference _session = new AtomicReference<>(); - private String _requestedSessionId; + RequestedSession _requestedSession; private Response _response; public SessionRequest(Request request) @@ -103,6 +103,14 @@ public class SessionHandler extends AbstractSessionManager implements Handler.Si return _session.get(); } + @Override + public Object getAttribute(String name) + { + if (RequestedSession.isApplicableAttribute(name)) + return _requestedSession.getAttribute(name); + return super.getAttribute(name); + } + @Override public Session getSession(boolean create) { @@ -113,7 +121,7 @@ public class SessionHandler extends AbstractSessionManager implements Handler.Si if (session == null && create) { - newSession(this, _requestedSessionId, this::setManagedSession); + newSession(this, _requestedSession.sessionId(), this::setManagedSession); session = _session.get(); HttpCookie cookie = getSessionCookie(session, getConnectionMetaData().isSecure()); if (cookie != null) @@ -126,10 +134,8 @@ public class SessionHandler extends AbstractSessionManager implements Handler.Si public boolean process(Handler handler, Response response, Callback callback) throws Exception { _response = response; - - RequestedSession requestedSession = resolveRequestedSessionId(this); - _requestedSessionId = requestedSession.sessionId(); - ManagedSession session = requestedSession.session(); + _requestedSession = resolveRequestedSessionId(this); + ManagedSession session = _requestedSession.session(); if (session != null) { diff --git a/jetty-core/jetty-session/src/test/java/org/eclipse/jetty/session/SessionHandlerTest.java b/jetty-core/jetty-session/src/test/java/org/eclipse/jetty/session/SessionHandlerTest.java index b4ebae94116..9092c64630c 100644 --- a/jetty-core/jetty-session/src/test/java/org/eclipse/jetty/session/SessionHandlerTest.java +++ b/jetty-core/jetty-session/src/test/java/org/eclipse/jetty/session/SessionHandlerTest.java @@ -25,6 +25,7 @@ import org.eclipse.jetty.server.Request; import org.eclipse.jetty.server.Response; import org.eclipse.jetty.server.Server; import org.eclipse.jetty.server.Session; +import org.eclipse.jetty.session.AbstractSessionManager.RequestedSession; import org.eclipse.jetty.util.Callback; import org.junit.jupiter.api.AfterEach; import org.junit.jupiter.api.BeforeEach; @@ -148,8 +149,21 @@ public class SessionHandlerTest { if (session.isNew()) out.append("New\n"); + + RequestedSession requestedSession = RequestedSession.byAttribute(request); + + out.append("RequestedSessionIdFromCookie: ") + .append(requestedSession.isSessionIdFrom(RequestedSession.ID_FROM_COOKIE)) + .append('\n'); + out.append("RequestedSessionIdFromURL: ") + .append(requestedSession.isSessionIdFrom(RequestedSession.ID_FROM_URI_PARAMETER)) + .append('\n'); for (String name : session.getAttributeNameSet()) - out.append("Attribute ").append(name).append(" = ").append(session.getAttribute(name)).append('\n'); + out.append("Attribute ") + .append(name) + .append(" = ") + .append(session.getAttribute(name)) + .append('\n'); out.append("URI [") .append(session.encodeURI(request, "/some/path", request.getHeaders().contains(HttpHeader.COOKIE))) .append("]"); @@ -499,6 +513,8 @@ public class SessionHandlerTest assertThat(response.getStatus(), equalTo(200)); content = response.getContent(); assertThat(content, containsString("Session=" + id.substring(0, id.indexOf(".node0")))); + assertThat(content, containsString("RequestedSessionIdFromCookie: true")); + assertThat(content, containsString("RequestedSessionIdFromURL: false")); assertThat(content, containsString("URI [/some/path]")); // Cookies known to be in use // Get with parameter @@ -513,6 +529,8 @@ public class SessionHandlerTest assertThat(response.getStatus(), equalTo(200)); content = response.getContent(); assertThat(content, containsString("Session=" + id.substring(0, id.indexOf(".node0")))); + assertThat(content, containsString("RequestedSessionIdFromCookie: false")); + assertThat(content, containsString("RequestedSessionIdFromURL: true")); assertThat(content, containsString("URI [/some/path;session_id=%s]".formatted(id))); // Cookies not in use // Get with both, but param wrong diff --git a/jetty-core/jetty-util/src/main/java/org/eclipse/jetty/util/Attributes.java b/jetty-core/jetty-util/src/main/java/org/eclipse/jetty/util/Attributes.java index ba5c7f8db6a..6db7c90e614 100644 --- a/jetty-core/jetty-util/src/main/java/org/eclipse/jetty/util/Attributes.java +++ b/jetty-core/jetty-util/src/main/java/org/eclipse/jetty/util/Attributes.java @@ -32,6 +32,10 @@ import org.eclipse.jetty.util.component.Dumpable; /** * Attributes. * Interface commonly used for storing attributes. + *

+ * Some attributes may be "hidden" attributes, in that they are only found by an explicit call to + * {@link #getAttribute(String)} and they do not otherwise appear in {@link #getAttributeNameSet()} + * or {@link #asAttributeMap()}. */ public interface Attributes { @@ -51,7 +55,10 @@ public interface Attributes Object setAttribute(String name, Object attribute); /** - * Get an attribute + * Get an attribute by name. + * Some attributes may be "hidden" attributes, in that they are only found by an explicit call to + * {@code getAttribute(String)} and they do not otherwise appear in {@link #getAttributeNameSet()} + * or {@link #asAttributeMap()}. * @param name the attribute to get * @return the value of the attribute, or {@code null} if no such attribute exists */ diff --git a/jetty-ee10/jetty-ee10-servlet/src/main/java/org/eclipse/jetty/ee10/servlet/ServletApiRequest.java b/jetty-ee10/jetty-ee10-servlet/src/main/java/org/eclipse/jetty/ee10/servlet/ServletApiRequest.java index 24b387879ca..38e93d25c1d 100644 --- a/jetty-ee10/jetty-ee10-servlet/src/main/java/org/eclipse/jetty/ee10/servlet/ServletApiRequest.java +++ b/jetty-ee10/jetty-ee10-servlet/src/main/java/org/eclipse/jetty/ee10/servlet/ServletApiRequest.java @@ -83,7 +83,7 @@ import org.eclipse.jetty.server.HttpCookieUtils; import org.eclipse.jetty.server.Request; import org.eclipse.jetty.server.Response; import org.eclipse.jetty.server.Session; -import org.eclipse.jetty.session.AbstractSessionManager; +import org.eclipse.jetty.session.AbstractSessionManager.RequestedSession; import org.eclipse.jetty.session.ManagedSession; import org.eclipse.jetty.session.SessionManager; import org.eclipse.jetty.util.Callback; @@ -492,7 +492,7 @@ public class ServletApiRequest implements HttpServletRequest @Override public String getRequestedSessionId() { - AbstractSessionManager.RequestedSession requestedSession = getServletRequestInfo().getRequestedSession(); + RequestedSession requestedSession = getServletRequestInfo().getRequestedSession(); return requestedSession == null ? null : requestedSession.sessionId(); } @@ -551,7 +551,7 @@ public class ServletApiRequest implements HttpServletRequest @Override public boolean isRequestedSessionIdValid() { - AbstractSessionManager.RequestedSession requestedSession = getServletRequestInfo().getRequestedSession(); + RequestedSession requestedSession = getServletRequestInfo().getRequestedSession(); HttpSession session = getSession(false); SessionManager manager = getServletRequestInfo().getSessionManager(); return requestedSession != null && @@ -565,15 +565,15 @@ public class ServletApiRequest implements HttpServletRequest @Override public boolean isRequestedSessionIdFromCookie() { - AbstractSessionManager.RequestedSession requestedSession = getServletRequestInfo().getRequestedSession(); - return requestedSession != null && requestedSession.sessionId() != null && requestedSession.sessionIdFromCookie(); + RequestedSession requestedSession = getServletRequestInfo().getRequestedSession(); + return requestedSession != null && requestedSession.sessionId() != null && requestedSession.isSessionIdFrom(RequestedSession.ID_FROM_COOKIE); } @Override public boolean isRequestedSessionIdFromURL() { - AbstractSessionManager.RequestedSession requestedSession = getServletRequestInfo().getRequestedSession(); - return requestedSession != null && requestedSession.sessionId() != null && !requestedSession.sessionIdFromCookie(); + RequestedSession requestedSession = getServletRequestInfo().getRequestedSession(); + return requestedSession != null && requestedSession.sessionId() != null && requestedSession.isSessionIdFrom(RequestedSession.ID_FROM_URI_PARAMETER); } @Override diff --git a/jetty-ee10/jetty-ee10-servlet/src/main/java/org/eclipse/jetty/ee10/servlet/ServletContextRequest.java b/jetty-ee10/jetty-ee10-servlet/src/main/java/org/eclipse/jetty/ee10/servlet/ServletContextRequest.java index 48161215412..f1d170e347c 100644 --- a/jetty-ee10/jetty-ee10-servlet/src/main/java/org/eclipse/jetty/ee10/servlet/ServletContextRequest.java +++ b/jetty-ee10/jetty-ee10-servlet/src/main/java/org/eclipse/jetty/ee10/servlet/ServletContextRequest.java @@ -330,6 +330,8 @@ public class ServletContextRequest extends ContextRequest implements ServletCont @Override public Object getAttribute(String name) { + if (AbstractSessionManager.RequestedSession.isApplicableAttribute(name)) + return _requestedSession.getAttribute(name); return _attributes.getAttribute(name); } diff --git a/jetty-ee10/jetty-ee10-servlet/src/main/java/org/eclipse/jetty/ee10/servlet/SessionHandler.java b/jetty-ee10/jetty-ee10-servlet/src/main/java/org/eclipse/jetty/ee10/servlet/SessionHandler.java index 9ed963d9c85..788f24f68c3 100644 --- a/jetty-ee10/jetty-ee10-servlet/src/main/java/org/eclipse/jetty/ee10/servlet/SessionHandler.java +++ b/jetty-ee10/jetty-ee10-servlet/src/main/java/org/eclipse/jetty/ee10/servlet/SessionHandler.java @@ -708,27 +708,33 @@ public class SessionHandler extends AbstractSessionManager implements Handler.Si private class NonServletSessionRequest extends Request.Wrapper { private final Response _response; - private RequestedSession _session; + private RequestedSession _requestedSession; public NonServletSessionRequest(Request request, Response response, RequestedSession requestedSession) { super(request); _response = response; - _session = requestedSession; + _requestedSession = requestedSession; + } + + @Override + public Object getAttribute(String name) + { + if (AbstractSessionManager.RequestedSession.isApplicableAttribute(name)) + return _requestedSession.getAttribute(name); + return super.getAttribute(name); } @Override public Session getSession(boolean create) { - ManagedSession session = _session.session(); + ManagedSession session = _requestedSession.session(); if (session != null || !create) return session; - newSession(getWrapped(), _session.sessionId(), ms -> - _session = new RequestedSession(ms, _session.sessionId(), true)); - - session = _session.session(); + newSession(getWrapped(), _requestedSession.sessionId(), ms -> _requestedSession = new RequestedSession(ms, _requestedSession.sessionId(), _requestedSession.sessionIdFrom())); + session = _requestedSession.session(); if (session == null) throw new IllegalStateException("Create session failed"); @@ -740,7 +746,7 @@ public class SessionHandler extends AbstractSessionManager implements Handler.Si ManagedSession getManagedSession() { - return _session.session(); + return _requestedSession.session(); } } } diff --git a/jetty-ee11/jetty-ee11-servlet/src/main/java/org/eclipse/jetty/ee11/servlet/ServletApiRequest.java b/jetty-ee11/jetty-ee11-servlet/src/main/java/org/eclipse/jetty/ee11/servlet/ServletApiRequest.java index 770d5fa5900..1981b89a874 100644 --- a/jetty-ee11/jetty-ee11-servlet/src/main/java/org/eclipse/jetty/ee11/servlet/ServletApiRequest.java +++ b/jetty-ee11/jetty-ee11-servlet/src/main/java/org/eclipse/jetty/ee11/servlet/ServletApiRequest.java @@ -83,7 +83,7 @@ import org.eclipse.jetty.server.HttpCookieUtils; import org.eclipse.jetty.server.Request; import org.eclipse.jetty.server.Response; import org.eclipse.jetty.server.Session; -import org.eclipse.jetty.session.AbstractSessionManager; +import org.eclipse.jetty.session.AbstractSessionManager.RequestedSession; import org.eclipse.jetty.session.ManagedSession; import org.eclipse.jetty.session.SessionManager; import org.eclipse.jetty.util.Callback; @@ -492,7 +492,7 @@ public class ServletApiRequest implements HttpServletRequest @Override public String getRequestedSessionId() { - AbstractSessionManager.RequestedSession requestedSession = getServletRequestInfo().getRequestedSession(); + RequestedSession requestedSession = getServletRequestInfo().getRequestedSession(); return requestedSession == null ? null : requestedSession.sessionId(); } @@ -551,7 +551,7 @@ public class ServletApiRequest implements HttpServletRequest @Override public boolean isRequestedSessionIdValid() { - AbstractSessionManager.RequestedSession requestedSession = getServletRequestInfo().getRequestedSession(); + RequestedSession requestedSession = getServletRequestInfo().getRequestedSession(); HttpSession session = getSession(false); SessionManager manager = getServletRequestInfo().getSessionManager(); return requestedSession != null && @@ -565,15 +565,15 @@ public class ServletApiRequest implements HttpServletRequest @Override public boolean isRequestedSessionIdFromCookie() { - AbstractSessionManager.RequestedSession requestedSession = getServletRequestInfo().getRequestedSession(); - return requestedSession != null && requestedSession.sessionId() != null && requestedSession.sessionIdFromCookie(); + RequestedSession requestedSession = getServletRequestInfo().getRequestedSession(); + return requestedSession != null && requestedSession.sessionId() != null && requestedSession.isSessionIdFrom(RequestedSession.ID_FROM_COOKIE); } @Override public boolean isRequestedSessionIdFromURL() { - AbstractSessionManager.RequestedSession requestedSession = getServletRequestInfo().getRequestedSession(); - return requestedSession != null && requestedSession.sessionId() != null && !requestedSession.sessionIdFromCookie(); + RequestedSession requestedSession = getServletRequestInfo().getRequestedSession(); + return requestedSession != null && requestedSession.sessionId() != null && requestedSession.isSessionIdFrom(RequestedSession.ID_FROM_URI_PARAMETER); } @Override diff --git a/jetty-ee11/jetty-ee11-servlet/src/main/java/org/eclipse/jetty/ee11/servlet/ServletContextRequest.java b/jetty-ee11/jetty-ee11-servlet/src/main/java/org/eclipse/jetty/ee11/servlet/ServletContextRequest.java index 047d975fb75..b910fa67e4e 100644 --- a/jetty-ee11/jetty-ee11-servlet/src/main/java/org/eclipse/jetty/ee11/servlet/ServletContextRequest.java +++ b/jetty-ee11/jetty-ee11-servlet/src/main/java/org/eclipse/jetty/ee11/servlet/ServletContextRequest.java @@ -330,6 +330,8 @@ public class ServletContextRequest extends ContextRequest implements ServletCont @Override public Object getAttribute(String name) { + if (AbstractSessionManager.RequestedSession.class.getName().equals(name)) + return _requestedSession; return _attributes.getAttribute(name); } diff --git a/jetty-ee11/jetty-ee11-servlet/src/main/java/org/eclipse/jetty/ee11/servlet/SessionHandler.java b/jetty-ee11/jetty-ee11-servlet/src/main/java/org/eclipse/jetty/ee11/servlet/SessionHandler.java index 40b36dcacfa..9c887e97bc7 100644 --- a/jetty-ee11/jetty-ee11-servlet/src/main/java/org/eclipse/jetty/ee11/servlet/SessionHandler.java +++ b/jetty-ee11/jetty-ee11-servlet/src/main/java/org/eclipse/jetty/ee11/servlet/SessionHandler.java @@ -752,27 +752,33 @@ public class SessionHandler extends AbstractSessionManager implements Handler.Si private class NonServletSessionRequest extends Request.Wrapper { private final Response _response; - private RequestedSession _session; + private RequestedSession _requestedSession; public NonServletSessionRequest(Request request, Response response, RequestedSession requestedSession) { super(request); _response = response; - _session = requestedSession; + _requestedSession = requestedSession; + } + + @Override + public Object getAttribute(String name) + { + if (AbstractSessionManager.RequestedSession.isApplicableAttribute(name)) + return _requestedSession.getAttribute(name); + return super.getAttribute(name); } @Override public Session getSession(boolean create) { - ManagedSession session = _session.session(); + ManagedSession session = _requestedSession.session(); if (session != null || !create) return session; - newSession(getWrapped(), _session.sessionId(), ms -> - _session = new RequestedSession(ms, _session.sessionId(), true)); - - session = _session.session(); + newSession(getWrapped(), _requestedSession.sessionId(), ms -> _requestedSession = new RequestedSession(ms, _requestedSession.sessionId(), _requestedSession.sessionIdFrom())); + session = _requestedSession.session(); if (session == null) throw new IllegalStateException("Create session failed"); @@ -784,7 +790,7 @@ public class SessionHandler extends AbstractSessionManager implements Handler.Si ManagedSession getManagedSession() { - return _session.session(); + return _requestedSession.session(); } } } diff --git a/jetty-ee9/jetty-ee9-nested/src/main/java/org/eclipse/jetty/ee9/nested/ContextHandler.java b/jetty-ee9/jetty-ee9-nested/src/main/java/org/eclipse/jetty/ee9/nested/ContextHandler.java index e01ad6a661b..dfe73d44112 100644 --- a/jetty-ee9/jetty-ee9-nested/src/main/java/org/eclipse/jetty/ee9/nested/ContextHandler.java +++ b/jetty-ee9/jetty-ee9-nested/src/main/java/org/eclipse/jetty/ee9/nested/ContextHandler.java @@ -2466,7 +2466,7 @@ public class ContextHandler extends ScopedHandler implements Attributes, Supplie private ManagedSession _managedSession; private List _managedSessions; - AbstractSessionManager.RequestedSession _requestedSession; + AbstractSessionManager.RequestedSession _requestedSession = AbstractSessionManager.RequestedSession.NO_REQUESTED_SESSION; protected CoreContextRequest(org.eclipse.jetty.server.Request wrapped, ScopedContext context, @@ -2566,7 +2566,15 @@ public class ContextHandler extends ScopedHandler implements Attributes, Supplie */ public void setRequestedSession(AbstractSessionManager.RequestedSession requestedSession) { - _requestedSession = requestedSession; + _requestedSession = requestedSession == null ? AbstractSessionManager.RequestedSession.NO_REQUESTED_SESSION : requestedSession; + } + + @Override + public Object getAttribute(String name) + { + if (AbstractSessionManager.RequestedSession.class.getName().equals(name)) + return _requestedSession; + return super.getAttribute(name); } /** @@ -2653,7 +2661,7 @@ public class ContextHandler extends ScopedHandler implements Attributes, Supplie if (_sessionManager == null) throw new IllegalStateException("No SessionManager"); - _sessionManager.newSession(this, _requestedSession == null ? null : _requestedSession.sessionId(), this::setManagedSession); + _sessionManager.newSession(this, _requestedSession.sessionId(), this::setManagedSession); if (_managedSession == null) throw new IllegalStateException("Create session failed"); diff --git a/jetty-ee9/jetty-ee9-nested/src/main/java/org/eclipse/jetty/ee9/nested/Request.java b/jetty-ee9/jetty-ee9-nested/src/main/java/org/eclipse/jetty/ee9/nested/Request.java index dbfd90c7f4a..cd87e996279 100644 --- a/jetty-ee9/jetty-ee9-nested/src/main/java/org/eclipse/jetty/ee9/nested/Request.java +++ b/jetty-ee9/jetty-ee9-nested/src/main/java/org/eclipse/jetty/ee9/nested/Request.java @@ -85,7 +85,7 @@ import org.eclipse.jetty.server.FormFields; import org.eclipse.jetty.server.HttpCookieUtils; import org.eclipse.jetty.server.Server; import org.eclipse.jetty.server.Session; -import org.eclipse.jetty.session.AbstractSessionManager; +import org.eclipse.jetty.session.AbstractSessionManager.RequestedSession; import org.eclipse.jetty.session.ManagedSession; import org.eclipse.jetty.session.SessionManager; import org.eclipse.jetty.util.Attributes; @@ -1245,7 +1245,7 @@ public class Request implements HttpServletRequest @Override public String getRequestedSessionId() { - AbstractSessionManager.RequestedSession requestedSession = _coreRequest.getRequestedSession(); + RequestedSession requestedSession = _coreRequest.getRequestedSession(); return requestedSession == null ? null : requestedSession.sessionId(); } @@ -1522,8 +1522,7 @@ public class Request implements HttpServletRequest @Override public boolean isRequestedSessionIdFromCookie() { - AbstractSessionManager.RequestedSession requestedSession = _coreRequest.getRequestedSession(); - return requestedSession != null && requestedSession.sessionId() != null && requestedSession.sessionIdFromCookie(); + return _coreRequest.getRequestedSession().isSessionIdFrom(RequestedSession.ID_FROM_COOKIE); } @Override @@ -1536,14 +1535,13 @@ public class Request implements HttpServletRequest @Override public boolean isRequestedSessionIdFromURL() { - AbstractSessionManager.RequestedSession requestedSession = _coreRequest.getRequestedSession(); - return requestedSession != null && requestedSession.sessionId() != null && !requestedSession.sessionIdFromCookie(); + return _coreRequest.getRequestedSession().isSessionIdFrom(RequestedSession.ID_FROM_URI_PARAMETER); } @Override public boolean isRequestedSessionIdValid() { - AbstractSessionManager.RequestedSession requestedSession = _coreRequest.getRequestedSession(); + RequestedSession requestedSession = _coreRequest.getRequestedSession(); SessionManager sessionManager = _coreRequest.getSessionManager(); ManagedSession managedSession = _coreRequest.getManagedSession(); return requestedSession != null && diff --git a/jetty-ee9/jetty-ee9-nested/src/main/java/org/eclipse/jetty/ee9/nested/SessionHandler.java b/jetty-ee9/jetty-ee9-nested/src/main/java/org/eclipse/jetty/ee9/nested/SessionHandler.java index aae6b5596b6..c178d0bc9e0 100644 --- a/jetty-ee9/jetty-ee9-nested/src/main/java/org/eclipse/jetty/ee9/nested/SessionHandler.java +++ b/jetty-ee9/jetty-ee9-nested/src/main/java/org/eclipse/jetty/ee9/nested/SessionHandler.java @@ -556,7 +556,7 @@ public class SessionHandler extends ScopedHandler implements SessionConfig.Mutab currentSession = currentRequestedSession.session(); } else - currentRequestedSession = new AbstractSessionManager.RequestedSession(currentSession, currentSession.getId(), false /*TODO!!!*/); + currentRequestedSession = new AbstractSessionManager.RequestedSession(currentSession, currentSession.getId(), null /*TODO!!!*/); coreRequest.setManagedSession(currentSession); coreRequest.setRequestedSession(currentRequestedSession); diff --git a/jetty-ee9/jetty-ee9-nested/src/test/java/org/eclipse/jetty/ee9/nested/ResponseTest.java b/jetty-ee9/jetty-ee9-nested/src/test/java/org/eclipse/jetty/ee9/nested/ResponseTest.java index ea48630b44d..927a10d67aa 100644 --- a/jetty-ee9/jetty-ee9-nested/src/test/java/org/eclipse/jetty/ee9/nested/ResponseTest.java +++ b/jetty-ee9/jetty-ee9-nested/src/test/java/org/eclipse/jetty/ee9/nested/ResponseTest.java @@ -67,7 +67,7 @@ import org.eclipse.jetty.server.NetworkConnector; import org.eclipse.jetty.server.Server; import org.eclipse.jetty.server.Session; import org.eclipse.jetty.server.TunnelSupport; -import org.eclipse.jetty.session.AbstractSessionManager; +import org.eclipse.jetty.session.AbstractSessionManager.RequestedSession; import org.eclipse.jetty.session.DefaultSessionCache; import org.eclipse.jetty.session.DefaultSessionIdManager; import org.eclipse.jetty.session.ManagedSession; @@ -1613,7 +1613,7 @@ public class ResponseTest ContextHandler.CoreContextRequest coreRequest = response.getHttpChannel().getCoreRequest(); coreRequest.setSessionManager(sessionHandler.getSessionManager()); - coreRequest.setRequestedSession(new AbstractSessionManager.RequestedSession(null, "12345", false)); + coreRequest.setRequestedSession(new RequestedSession(null, "12345", RequestedSession.ID_FROM_URI_PARAMETER)); assertNotNull(request.getSession(true)); assertThat(request.getSession(false).getId(), is("12345")); @@ -1724,7 +1724,7 @@ public class ResponseTest ContextHandler.CoreContextRequest coreRequest = response.getHttpChannel().getCoreRequest(); coreRequest.setSessionManager(sessionHandler.getSessionManager()); ManagedSession session = sessionHandler.getSessionManager().getManagedSession("12345"); - coreRequest.setRequestedSession(new AbstractSessionManager.RequestedSession(session, "12345", cookie)); + coreRequest.setRequestedSession(new RequestedSession(session, "12345", cookie ? RequestedSession.ID_FROM_COOKIE : RequestedSession.ID_FROM_URI_PARAMETER)); if (session == null) request.getSession(true); @@ -1793,7 +1793,7 @@ public class ResponseTest request.setContext(_context._apiContext, "/info"); ContextHandler.CoreContextRequest coreRequest = response.getHttpChannel().getCoreRequest(); - coreRequest.setRequestedSession(new AbstractSessionManager.RequestedSession(null, "12345", i > 2)); + coreRequest.setRequestedSession(new RequestedSession(null, "12345", i > 2 ? RequestedSession.ID_FROM_COOKIE : RequestedSession.ID_FROM_URI_PARAMETER)); SessionHandler handler = new SessionHandler(); NullSessionDataStore dataStore = new NullSessionDataStore();