From do-not-reply at jboss.org Thu Sep 30 11:23:54 2010
Content-Type: multipart/mixed; boundary="===============7445653576557521397=="
MIME-Version: 1.0
From: do-not-reply at jboss.org
To: gatein-commits at lists.jboss.org
Subject: [gatein-commits] gatein SVN: r4445 -
components/pc/trunk/portlet/src/main/java/org/gatein/pc/portlet/aspects.
Date: Thu, 30 Sep 2010 11:23:54 -0400
Message-ID: <201009301523.o8UFNsL2020106@svn01.web.mwc.hst.phx2.redhat.com>
--===============7445653576557521397==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Author: mstruk
Date: 2010-09-30 11:23:54 -0400 (Thu, 30 Sep 2010)
New Revision: 4445
Added:
components/pc/trunk/portlet/src/main/java/org/gatein/pc/portlet/aspects/=
SessionInvalidatorInterceptor.java
Log:
GTNPORTAL-1257: Seam session outlives the GateIn session
Added: components/pc/trunk/portlet/src/main/java/org/gatein/pc/portlet/aspe=
cts/SessionInvalidatorInterceptor.java
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
--- components/pc/trunk/portlet/src/main/java/org/gatein/pc/portlet/aspects=
/SessionInvalidatorInterceptor.java (rev 0)
+++ components/pc/trunk/portlet/src/main/java/org/gatein/pc/portlet/aspects=
/SessionInvalidatorInterceptor.java 2010-09-30 15:23:54 UTC (rev 4445)
@@ -0,0 +1,151 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2010, Red Hat, Inc., and individual contributors
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.gatein.pc.portlet.aspects;
+
+import org.gatein.common.logging.Logger;
+import org.gatein.common.logging.LoggerFactory;
+import org.gatein.pc.api.PortletInvokerException;
+import org.gatein.pc.api.invocation.PortletInvocation;
+import org.gatein.pc.api.invocation.response.PortletInvocationResponse;
+import org.gatein.pc.portlet.PortletInvokerInterceptor;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpSession;
+import java.util.Collections;
+
+/**
+ * This is a port of http://svn.exoplatform.org/projects/portlet-container=
/branches/2.1.x/component/plugins/pc/src/main/java/org/exoplatform/services=
/portletcontainer/plugins/pc/aop/PortletSessionIdentityScopingCommand.java
+ *
+ * @author Marko Strukelj
+ */
+public class SessionInvalidatorInterceptor extends PortletInvokerIntercept=
or
+{
+
+ private static final String IDENTITY_TOKEN =3D "javax.portlet.identity.=
token";
+
+ private final static Logger log =3D LoggerFactory.getLogger(SessionInva=
lidatorInterceptor.class);
+
+ public PortletInvocationResponse invoke(PortletInvocation invocation) t=
hrows IllegalArgumentException, PortletInvokerException
+ {
+ //req =3D RequestContext.getCurrentInstance().=
getRequest();
+ HttpServletRequest req =3D invocation.getDispatchedRequest();
+
+ check(req);
+ try
+ {
+ return super.invoke(invocation);
+ }
+ finally
+ {
+ update(req);
+ }
+ }
+
+ public void update(HttpServletRequest request)
+ {
+ String portalIdentity =3D request.getRemoteUser();
+ boolean trace =3D log.isTraceEnabled();
+ String contextPath =3D request.getContextPath();
+ HttpSession session =3D request.getSession(false);
+ if (session !=3D null)
+ {
+ String id =3D session.getId();
+ String sessionIdentity =3D (String) session.getAttribute(IDENTITY=
_TOKEN);
+ if (portalIdentity !=3D null)
+ {
+ if (!portalIdentity.equals(sessionIdentity))
+ {
+ if (trace)
+ {
+ log.trace("Updating portlet session " + id + " (" + cont=
extPath + ") from " + sessionIdentity + " to " + portalIdentity);
+ }
+
+ //
+ session.setAttribute(IDENTITY_TOKEN, portalIdentity);
+ }
+ }
+ else
+ {
+ if (sessionIdentity !=3D null)
+ {
+ if (trace)
+ {
+ log.trace("Updating portlet session " + id + " (" + cont=
extPath + ") by removing the " + sessionIdentity + " value");
+ }
+
+ //
+ session.removeAttribute(IDENTITY_TOKEN);
+ }
+ }
+ }
+ }
+
+ public void check(HttpServletRequest request)
+ {
+ boolean trace =3D log.isTraceEnabled();
+ String portalIdentity =3D request.getRemoteUser();
+ String contextPath =3D request.getContextPath();
+ HttpSession session =3D request.getSession(false);
+ if (session !=3D null)
+ {
+ String id =3D session.getId();
+ String sessionIdentity =3D (String) session.getAttribute(IDENTITY=
_TOKEN);
+
+ //
+ if (portalIdentity =3D=3D null)
+ {
+ if (sessionIdentity !=3D null)
+ {
+ // It means that user is anonymous and the portlet session =
is still associated to a previous identity
+ if (trace)
+ {
+ log.trace("Detected user logout for session " + id + " (=
" + contextPath + ")");
+ }
+
+ purge(session);
+ }
+ }
+ else
+ {
+ if (sessionIdentity !=3D null && !sessionIdentity.equals(porta=
lIdentity))
+ {
+ // It means that we don't have the same identity in portal =
and portlet session
+ if (trace)
+ {
+ log.trace("Detected different user for session " + id + =
" (" + contextPath + ")");
+ }
+
+ purge(session);
+ }
+ }
+ }
+ }
+
+ @SuppressWarnings("unchecked")
+ private void purge(HttpSession session)
+ {
+ for (String name : (Iterable) Collections.list(session.getAt=
tributeNames()))
+ {
+ session.removeAttribute(name);
+ }
+ }
+}
--===============7445653576557521397==--