jetty-server/src/main/java/org/eclipse/jetty/server/session/AbstractSessionIdManager.java - gerrit/jetty/org.eclipse.jetty.project - Git at Google

 //
 //  ========================================================================
 //  Copyright (c) 1995-2016 Mort Bay Consulting Pty. Ltd.
 //  ------------------------------------------------------------------------
 //  All rights reserved. This program and the accompanying materials
 //  are made available under the terms of the Eclipse Public License v1.0
 //  and Apache License v2.0 which accompanies this distribution.
 //
 //      The Eclipse Public License is available at
 //      http://www.eclipse.org/legal/epl-v10.html
 //
 //      The Apache License v2.0 is available at
 //      http://www.opensource.org/licenses/apache2.0.php
 //
 //  You may elect to redistribute this code under either of these licenses.
 //  ========================================================================
 //

 package org.eclipse.jetty.server.session;

 import java.security.SecureRandom;
 import java.util.HashSet;
 import java.util.Random;
 import java.util.Set;

 import javax.servlet.http.HttpServletRequest;

 import org.eclipse.jetty.server.Handler;
 import org.eclipse.jetty.server.Server;
 import org.eclipse.jetty.server.SessionIdManager;
 import org.eclipse.jetty.server.handler.ContextHandler;
 import org.eclipse.jetty.util.component.AbstractLifeCycle;
 import org.eclipse.jetty.util.log.Log;
 import org.eclipse.jetty.util.log.Logger;


 /**
  * AbstractSessionIdManager
  *
  * Manages session ids to ensure each session id within a context is unique, and that
  * session ids can be shared across contexts (but not session contents).
  *
  * There is only 1 session id manager per Server instance.
  */
 public abstract class AbstractSessionIdManager extends AbstractLifeCycle implements SessionIdManager
 {
     private  final static Logger LOG = Log.getLogger("org.eclipse.jetty.server.session");

     private final static String __NEW_SESSION_ID="org.eclipse.jetty.server.newSessionId";

     protected Random _random;
     protected boolean _weakRandom;
     protected String _workerName;
     protected String _workerAttr;
     protected long _reseed=100000L;
     protected Server _server;
     protected SessionScavenger _scavenger;

     /* ------------------------------------------------------------ */
     public AbstractSessionIdManager(Server server)
     {
         _server = server;
     }

     /* ------------------------------------------------------------ */
     public AbstractSessionIdManager(Server server, Random random)
     {
         this(server);
         _random=random;
     }

     /* ------------------------------------------------------------ */
     public void setServer (Server server)
     {
         _server = server;
     }


     /* ------------------------------------------------------------ */

     public Server getServer ()
     {
         return _server;
     }


     /* ------------------------------------------------------------ */
     /**
      * @param scavenger
      */
     public void setSessionScavenger (SessionScavenger scavenger)
     {
         _scavenger = scavenger;
         _scavenger.setSessionIdManager(this);
     }


     /* ------------------------------------------------------------ */
     /**
      * Get the workname. If set, the workername is dot appended to the session
      * ID and can be used to assist session affinity in a load balancer.
      *
      * @return String or null
      */
     @Override
     public String getWorkerName()
     {
         return _workerName;
     }


     /* ------------------------------------------------------------ */
     /**
      * Set the workername. If set, the workername is dot appended to the session
      * ID and can be used to assist session affinity in a load balancer.
      * A worker name starting with $ is used as a request attribute name to
      * lookup the worker name that can be dynamically set by a request
      * Customizer.
      *
      * @param workerName the name of the worker
      */
     public void setWorkerName(String workerName)
     {
         if (isRunning())
             throw new IllegalStateException(getState());
         if (workerName.contains("."))
             throw new IllegalArgumentException("Name cannot contain '.'");
         _workerName=workerName;
     }

     /* ------------------------------------------------------------ */
     public Random getRandom()
     {
         return _random;
     }

     /* ------------------------------------------------------------ */
     public synchronized void setRandom(Random random)
     {
         _random=random;
         _weakRandom=false;
     }

     /* ------------------------------------------------------------ */
     /**
      * @return the reseed probability
      */
     public long getReseed()
     {
         return _reseed;
     }

     /* ------------------------------------------------------------ */
     /** Set the reseed probability.
      * @param reseed  If non zero then when a random long modulo the reseed value == 1, the {@link SecureRandom} will be reseeded.
      */
     public void setReseed(long reseed)
     {
         _reseed = reseed;
     }

     /* ------------------------------------------------------------ */
     /**
      * Create a new session id if necessary.
      *
      * @see org.eclipse.jetty.server.SessionIdManager#newSessionId(javax.servlet.http.HttpServletRequest, long)
      */
     @Override
     public String newSessionId(HttpServletRequest request, long created)
     {
         synchronized (this)
         {
             if (request==null)
                 return newSessionId(created);

             // A requested session ID can only be used if it is in use already.
             String requested_id=request.getRequestedSessionId();
             if (requested_id!=null)
             {
                 String cluster_id=getId(requested_id);
                 if (isIdInUse(cluster_id))
                     return cluster_id;
             }

             // Else reuse any new session ID already defined for this request.
             String new_id=(String)request.getAttribute(__NEW_SESSION_ID);
             if (new_id!=null&&isIdInUse(new_id))
                 return new_id;

             // pick a new unique ID!
             String id = newSessionId(request.hashCode());

             request.setAttribute(__NEW_SESSION_ID,id);
             return id;
         }
     }

     /* ------------------------------------------------------------ */
     public String newSessionId(long seedTerm)
     {
         // pick a new unique ID!
         String id=null;
         while (id==null||id.length()==0||isIdInUse(id))
         {
             long r0=_weakRandom
                     ?(hashCode()^Runtime.getRuntime().freeMemory()^_random.nextInt()^((seedTerm)<<32))
                     :_random.nextLong();
             if (r0<0)
                 r0=-r0;

             // random chance to reseed
             if (_reseed>0 && (r0%_reseed)== 1L)
             {
                 if (LOG.isDebugEnabled())
                     LOG.debug("Reseeding {}",this);
                 if (_random instanceof SecureRandom)
                 {
                     SecureRandom secure = (SecureRandom)_random;
                     secure.setSeed(secure.generateSeed(8));
                 }
                 else
                 {
                     _random.setSeed(_random.nextLong()^System.currentTimeMillis()^seedTerm^Runtime.getRuntime().freeMemory());
                 }
             }

             long r1=_weakRandom
                 ?(hashCode()^Runtime.getRuntime().freeMemory()^_random.nextInt()^((seedTerm)<<32))
                 :_random.nextLong();
             if (r1<0)
                 r1=-r1;

             id=Long.toString(r0,36)+Long.toString(r1,36);

             //add in the id of the node to ensure unique id across cluster
             //NOTE this is different to the node suffix which denotes which node the request was received on
             if (_workerName!=null)
                 id=_workerName + id;

         }
         return id;
     }


     /* ------------------------------------------------------------ */
     @Override
     protected void doStart() throws Exception
     {
         if (_server == null)
             throw new IllegalStateException("No Server for SessionIdManager");
        initRandom();
        _workerAttr=(_workerName!=null && _workerName.startsWith("$"))?_workerName.substring(1):null;

        if (_scavenger == null)
        {
            LOG.warn("No SessionScavenger set, using defaults");
            _scavenger = new SessionScavenger();
            _scavenger.setSessionIdManager(this);
        }

        _scavenger.start();
     }

     /* ------------------------------------------------------------ */
     @Override
     protected void doStop() throws Exception
     {
         _scavenger.stop();
     }

     /* ------------------------------------------------------------ */
     /**
      * Set up a random number generator for the sessionids.
      *
      * By preference, use a SecureRandom but allow to be injected.
      */
     public void initRandom ()
     {
         if (_random==null)
         {
             try
             {
                 _random=new SecureRandom();
             }
             catch (Exception e)
             {
                 LOG.warn("Could not generate SecureRandom for session-id randomness",e);
                 _random=new Random();
                 _weakRandom=true;
             }
         }
         else
             _random.setSeed(_random.nextLong()^System.currentTimeMillis()^hashCode()^Runtime.getRuntime().freeMemory());
     }


     /* ------------------------------------------------------------ */
     /** Get the session ID with any worker ID.
      *
      * @param clusterId the cluster id
      * @param request the request
      * @return sessionId plus any worker ID.
      */
     @Override
     public String getExtendedId(String clusterId, HttpServletRequest request)
     {
         if (_workerName!=null)
         {
             if (_workerAttr==null)
                 return clusterId+'.'+_workerName;

             String worker=(String)request.getAttribute(_workerAttr);
             if (worker!=null)
                 return clusterId+'.'+worker;
         }

         return clusterId;
     }


     /* ------------------------------------------------------------ */
     /** Get the session ID without any worker ID.
      *
      * @param extendedId the session id with the worker extension
      * @return sessionId without any worker ID.
      */
     @Override
     public String getId(String extendedId)
     {
         int dot=extendedId.lastIndexOf('.');
         return (dot>0)?extendedId.substring(0,dot):extendedId;
     }


     /* ------------------------------------------------------------ */
     /**
      * Remove an id from use by telling all contexts to remove a session with this id.
      *
      * @see org.eclipse.jetty.server.SessionIdManager#expireAll(java.lang.String)
      */
     @Override
     public void expireAll(String id)
     {
         //take the id out of the list of known sessionids for this node
         if (removeId(id))
         {
             //tell all contexts that may have a session object with this id to
             //get rid of them
             for (SessionManager manager:getSessionManagers())
             {
                 manager.invalidate(id);
             }
         }
     }

     /* ------------------------------------------------------------ */
     /**
      * @param id
      */
     public void invalidateAll (String id)
     {
         //take the id out of the list of known sessionids for this node
         if (removeId(id))
         {
             //tell all contexts that may have a session object with this id to
             //get rid of them
             for (SessionManager manager:getSessionManagers())
             {
                 manager.invalidate(id);
             }
         }
     }


     /* ------------------------------------------------------------ */
     /** Generate a new id for a session and update across
      * all SessionManagers.
      *
      * @see org.eclipse.jetty.server.SessionIdManager#renewSessionId(java.lang.String, java.lang.String, javax.servlet.http.HttpServletRequest)
      */
     @Override
     public void renewSessionId (String oldClusterId, String oldNodeId, HttpServletRequest request)
     {
         //generate a new id
         String newClusterId = newSessionId(request.hashCode());

         removeId(oldClusterId);//remove the old one from the list

         //tell all contexts to update the id
         for (SessionManager manager:getSessionManagers())
         {
             manager.renewSessionId(oldClusterId, oldNodeId, newClusterId, getExtendedId(newClusterId, request));
         }
     }


     /* ------------------------------------------------------------ */
     /** Get SessionManager for every context.
      *
      * @return
      */
     protected Set<SessionManager> getSessionManagers()
     {
         Set<SessionManager> managers = new HashSet<>();

         Handler[] contexts = _server.getChildHandlersByClass(ContextHandler.class);
         for (int i=0; contexts!=null && i<contexts.length; i++)
         {
             SessionHandler sessionHandler = ((ContextHandler)contexts[i]).getChildHandlerByClass(SessionHandler.class);
             if (sessionHandler != null)
             {
                 SessionManager manager = (SessionManager)sessionHandler.getSessionManager();

                 if (manager != null)
                     managers.add(manager);
             }
         }
         return managers;
     }
 }
	//
	// ========================================================================
	// Copyright (c) 1995-2016 Mort Bay Consulting Pty. Ltd.
	// ------------------------------------------------------------------------
	// All rights reserved. This program and the accompanying materials
	// are made available under the terms of the Eclipse Public License v1.0
	// and Apache License v2.0 which accompanies this distribution.
	//
	// The Eclipse Public License is available at
	// http://www.eclipse.org/legal/epl-v10.html
	//
	// The Apache License v2.0 is available at
	// http://www.opensource.org/licenses/apache2.0.php
	//
	// You may elect to redistribute this code under either of these licenses.
	// ========================================================================
	//

	package org.eclipse.jetty.server.session;

	import java.security.SecureRandom;
	import java.util.HashSet;
	import java.util.Random;
	import java.util.Set;

	import javax.servlet.http.HttpServletRequest;

	import org.eclipse.jetty.server.Handler;
	import org.eclipse.jetty.server.Server;
	import org.eclipse.jetty.server.SessionIdManager;
	import org.eclipse.jetty.server.handler.ContextHandler;
	import org.eclipse.jetty.util.component.AbstractLifeCycle;
	import org.eclipse.jetty.util.log.Log;
	import org.eclipse.jetty.util.log.Logger;



	/**
	* AbstractSessionIdManager
	*
	* Manages session ids to ensure each session id within a context is unique, and that
	* session ids can be shared across contexts (but not session contents).
	*
	* There is only 1 session id manager per Server instance.
	*/
	public abstract class AbstractSessionIdManager extends AbstractLifeCycle implements SessionIdManager
	{
	private final static Logger LOG = Log.getLogger("org.eclipse.jetty.server.session");

	private final static String __NEW_SESSION_ID="org.eclipse.jetty.server.newSessionId";

	protected Random _random;
	protected boolean _weakRandom;
	protected String _workerName;
	protected String _workerAttr;
	protected long _reseed=100000L;
	protected Server _server;
	protected SessionScavenger _scavenger;

	/* ------------------------------------------------------------ */
	public AbstractSessionIdManager(Server server)
	{
	_server = server;
	}

	/* ------------------------------------------------------------ */
	public AbstractSessionIdManager(Server server, Random random)
	{
	this(server);
	_random=random;
	}

	/* ------------------------------------------------------------ */
	public void setServer (Server server)
	{
	_server = server;
	}


	/* ------------------------------------------------------------ */

	public Server getServer ()
	{
	return _server;
	}



	/* ------------------------------------------------------------ */
	/**
	* @param scavenger
	*/
	public void setSessionScavenger (SessionScavenger scavenger)
	{
	_scavenger = scavenger;
	_scavenger.setSessionIdManager(this);
	}



	/* ------------------------------------------------------------ */
	/**
	* Get the workname. If set, the workername is dot appended to the session
	* ID and can be used to assist session affinity in a load balancer.
	*
	* @return String or null
	*/
	@Override
	public String getWorkerName()
	{
	return _workerName;
	}



	/* ------------------------------------------------------------ */
	/**
	* Set the workername. If set, the workername is dot appended to the session
	* ID and can be used to assist session affinity in a load balancer.
	* A worker name starting with $ is used as a request attribute name to
	* lookup the worker name that can be dynamically set by a request
	* Customizer.
	*
	* @param workerName the name of the worker
	*/
	public void setWorkerName(String workerName)
	{
	if (isRunning())
	throw new IllegalStateException(getState());
	if (workerName.contains("."))
	throw new IllegalArgumentException("Name cannot contain '.'");
	_workerName=workerName;
	}

	/* ------------------------------------------------------------ */
	public Random getRandom()
	{
	return _random;
	}

	/* ------------------------------------------------------------ */
	public synchronized void setRandom(Random random)
	{
	_random=random;
	_weakRandom=false;
	}

	/* ------------------------------------------------------------ */
	/**
	* @return the reseed probability
	*/
	public long getReseed()
	{
	return _reseed;
	}

	/* ------------------------------------------------------------ */
	/** Set the reseed probability.
	* @param reseed If non zero then when a random long modulo the reseed value == 1, the {@link SecureRandom} will be reseeded.
	*/
	public void setReseed(long reseed)
	{
	_reseed = reseed;
	}

	/* ------------------------------------------------------------ */
	/**
	* Create a new session id if necessary.
	*
	* @see org.eclipse.jetty.server.SessionIdManager#newSessionId(javax.servlet.http.HttpServletRequest, long)
	*/
	@Override
	public String newSessionId(HttpServletRequest request, long created)
	{
	synchronized (this)
	{
	if (request==null)
	return newSessionId(created);

	// A requested session ID can only be used if it is in use already.
	String requested_id=request.getRequestedSessionId();
	if (requested_id!=null)
	{
	String cluster_id=getId(requested_id);
	if (isIdInUse(cluster_id))
	return cluster_id;
	}

	// Else reuse any new session ID already defined for this request.
	String new_id=(String)request.getAttribute(__NEW_SESSION_ID);
	if (new_id!=null&&isIdInUse(new_id))
	return new_id;

	// pick a new unique ID!
	String id = newSessionId(request.hashCode());

	request.setAttribute(__NEW_SESSION_ID,id);
	return id;
	}
	}

	/* ------------------------------------------------------------ */
	public String newSessionId(long seedTerm)
	{
	// pick a new unique ID!
	String id=null;
	while (id==null\|\|id.length()==0\|\|isIdInUse(id))
	{
	long r0=_weakRandom
	?(hashCode()^Runtime.getRuntime().freeMemory()^_random.nextInt()^((seedTerm)<<32))
	:_random.nextLong();
	if (r0<0)
	r0=-r0;

	// random chance to reseed
	if (_reseed>0 && (r0%_reseed)== 1L)
	{
	if (LOG.isDebugEnabled())
	LOG.debug("Reseeding {}",this);
	if (_random instanceof SecureRandom)
	{
	SecureRandom secure = (SecureRandom)_random;
	secure.setSeed(secure.generateSeed(8));
	}
	else
	{
	_random.setSeed(_random.nextLong()^System.currentTimeMillis()^seedTerm^Runtime.getRuntime().freeMemory());
	}
	}

	long r1=_weakRandom
	?(hashCode()^Runtime.getRuntime().freeMemory()^_random.nextInt()^((seedTerm)<<32))
	:_random.nextLong();
	if (r1<0)
	r1=-r1;

	id=Long.toString(r0,36)+Long.toString(r1,36);

	//add in the id of the node to ensure unique id across cluster
	//NOTE this is different to the node suffix which denotes which node the request was received on
	if (_workerName!=null)
	id=_workerName + id;

	}
	return id;
	}




	/* ------------------------------------------------------------ */
	@Override
	protected void doStart() throws Exception
	{
	if (_server == null)
	throw new IllegalStateException("No Server for SessionIdManager");
	initRandom();
	_workerAttr=(_workerName!=null && _workerName.startsWith("$"))?_workerName.substring(1):null;

	if (_scavenger == null)
	{
	LOG.warn("No SessionScavenger set, using defaults");
	_scavenger = new SessionScavenger();
	_scavenger.setSessionIdManager(this);
	}

	_scavenger.start();
	}

	/* ------------------------------------------------------------ */
	@Override
	protected void doStop() throws Exception
	{
	_scavenger.stop();
	}

	/* ------------------------------------------------------------ */
	/**
	* Set up a random number generator for the sessionids.
	*
	* By preference, use a SecureRandom but allow to be injected.
	*/
	public void initRandom ()
	{
	if (_random==null)
	{
	try
	{
	_random=new SecureRandom();
	}
	catch (Exception e)
	{
	LOG.warn("Could not generate SecureRandom for session-id randomness",e);
	_random=new Random();
	_weakRandom=true;
	}
	}
	else
	_random.setSeed(_random.nextLong()^System.currentTimeMillis()^hashCode()^Runtime.getRuntime().freeMemory());
	}


	/* ------------------------------------------------------------ */
	/** Get the session ID with any worker ID.
	*
	* @param clusterId the cluster id
	* @param request the request
	* @return sessionId plus any worker ID.
	*/
	@Override
	public String getExtendedId(String clusterId, HttpServletRequest request)
	{
	if (_workerName!=null)
	{
	if (_workerAttr==null)
	return clusterId+'.'+_workerName;

	String worker=(String)request.getAttribute(_workerAttr);
	if (worker!=null)
	return clusterId+'.'+worker;
	}

	return clusterId;
	}


	/* ------------------------------------------------------------ */
	/** Get the session ID without any worker ID.
	*
	* @param extendedId the session id with the worker extension
	* @return sessionId without any worker ID.
	*/
	@Override
	public String getId(String extendedId)
	{
	int dot=extendedId.lastIndexOf('.');
	return (dot>0)?extendedId.substring(0,dot):extendedId;
	}



	/* ------------------------------------------------------------ */
	/**
	* Remove an id from use by telling all contexts to remove a session with this id.
	*
	* @see org.eclipse.jetty.server.SessionIdManager#expireAll(java.lang.String)
	*/
	@Override
	public void expireAll(String id)
	{
	//take the id out of the list of known sessionids for this node
	if (removeId(id))
	{
	//tell all contexts that may have a session object with this id to
	//get rid of them
	for (SessionManager manager:getSessionManagers())
	{
	manager.invalidate(id);
	}
	}
	}

	/* ------------------------------------------------------------ */
	/**
	* @param id
	*/
	public void invalidateAll (String id)
	{
	//take the id out of the list of known sessionids for this node
	if (removeId(id))
	{
	//tell all contexts that may have a session object with this id to
	//get rid of them
	for (SessionManager manager:getSessionManagers())
	{
	manager.invalidate(id);
	}
	}
	}


	/* ------------------------------------------------------------ */
	/** Generate a new id for a session and update across
	* all SessionManagers.
	*
	* @see org.eclipse.jetty.server.SessionIdManager#renewSessionId(java.lang.String, java.lang.String, javax.servlet.http.HttpServletRequest)
	*/
	@Override
	public void renewSessionId (String oldClusterId, String oldNodeId, HttpServletRequest request)
	{
	//generate a new id
	String newClusterId = newSessionId(request.hashCode());

	removeId(oldClusterId);//remove the old one from the list

	//tell all contexts to update the id
	for (SessionManager manager:getSessionManagers())
	{
	manager.renewSessionId(oldClusterId, oldNodeId, newClusterId, getExtendedId(newClusterId, request));
	}
	}



	/* ------------------------------------------------------------ */
	/** Get SessionManager for every context.
	*
	* @return
	*/
	protected Set<SessionManager> getSessionManagers()
	{
	Set<SessionManager> managers = new HashSet<>();

	Handler[] contexts = _server.getChildHandlersByClass(ContextHandler.class);
	for (int i=0; contexts!=null && i<contexts.length; i++)
	{
	SessionHandler sessionHandler = ((ContextHandler)contexts[i]).getChildHandlerByClass(SessionHandler.class);
	if (sessionHandler != null)
	{
	SessionManager manager = (SessionManager)sessionHandler.getSessionManager();

	if (manager != null)
	managers.add(manager);
	}
	}
	return managers;
	}
	}