You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@openmeetings.apache.org by so...@apache.org on 2016/05/12 03:19:10 UTC
svn commit: r1743452 - in /openmeetings/application:
branches/3.1.x/openmeetings-web/src/main/java/org/apache/openmeetings/web/app/
branches/3.2.x/openmeetings-web/src/main/java/org/apache/openmeetings/web/app/
trunk/openmeetings-web/src/main/java/org/...
Author: solomax
Date: Thu May 12 03:19:10 2016
New Revision: 1743452
URL: http://svn.apache.org/viewvc?rev=1743452&view=rev
Log:
[OPENMEETINGS-1399] session cookie is being changed after successful login; code clean-up
Modified:
openmeetings/application/branches/3.1.x/openmeetings-web/src/main/java/org/apache/openmeetings/web/app/WebSession.java
openmeetings/application/branches/3.2.x/openmeetings-web/src/main/java/org/apache/openmeetings/web/app/WebSession.java
openmeetings/application/trunk/openmeetings-web/src/main/java/org/apache/openmeetings/web/app/WebSession.java
Modified: openmeetings/application/branches/3.1.x/openmeetings-web/src/main/java/org/apache/openmeetings/web/app/WebSession.java
URL: http://svn.apache.org/viewvc/openmeetings/application/branches/3.1.x/openmeetings-web/src/main/java/org/apache/openmeetings/web/app/WebSession.java?rev=1743452&r1=1743451&r2=1743452&view=diff
==============================================================================
--- openmeetings/application/branches/3.1.x/openmeetings-web/src/main/java/org/apache/openmeetings/web/app/WebSession.java (original)
+++ openmeetings/application/branches/3.1.x/openmeetings-web/src/main/java/org/apache/openmeetings/web/app/WebSession.java Thu May 12 03:19:10 2016
@@ -89,9 +89,12 @@ import ro.fortsoft.wicket.dashboard.web.
public class WebSession extends AbstractAuthenticatedWebSession implements IWebSession {
private static final long serialVersionUID = 1L;
- public static int MILLIS_IN_MINUTE = 60000;
+ public static final int MILLIS_IN_MINUTE = 60000;
public static final String SECURE_HASH = "secureHash";
public static final String INVITATION_HASH = "invitationHash";
+ public static final String ISO8601_FORMAT_STRING = "yyyy-MM-dd'T'HH:mm:ssZ";
+ public static final List<String> AVAILABLE_TIMEZONES = Arrays.asList(TimeZone.getAvailableIDs());
+ public static final Set<String> AVAILABLE_TIMEZONE_SET = new LinkedHashSet<String>(AVAILABLE_TIMEZONES);
private Long userId = null;
private Set<Right> rights = new HashSet<User.Right>(); //TODO renew somehow on user edit !!!!
private long languageId = -1; //TODO renew somehow on user edit !!!!
@@ -99,7 +102,6 @@ public class WebSession extends Abstract
private OmUrlFragment area = null;
private TimeZone tz;
private TimeZone browserTz;
- public final static String ISO8601_FORMAT_STRING = "yyyy-MM-dd'T'HH:mm:ssZ";
private DateFormat ISO8601FORMAT = new SimpleDateFormat(ISO8601_FORMAT_STRING); //FIXME not thread safe
private DateFormat sdf;
private UserDashboard dashboard;
@@ -107,9 +109,7 @@ public class WebSession extends Abstract
private Long recordingId;
private Long loginError = null;
private String externalType;
- public static boolean kickedByAdmin = false;
- public final static List<String> AVAILABLE_TIMEZONES = Arrays.asList(TimeZone.getAvailableIDs());
- public final static Set<String> AVAILABLE_TIMEZONE_SET = new LinkedHashSet<String>(AVAILABLE_TIMEZONES);
+ private boolean kickedByAdmin = false;
public WebSession(Request request) {
super(request);
@@ -239,6 +239,15 @@ public class WebSession extends Abstract
}
private void setUser(User u) {
+ String _sid = SID;
+ Long _recordingId = recordingId;
+ replaceSession(); // required to prevent session fixation
+ if (_sid != null) {
+ SID = _sid;
+ }
+ if (_recordingId != null) {
+ recordingId = _recordingId;
+ }
userId = u.getId();
rights = Collections.unmodifiableSet(u.getRights());
languageId = u.getLanguageId();
@@ -248,9 +257,6 @@ public class WebSession extends Abstract
setLocale(languageId == 3 ? Locale.GERMANY : LabelDao.languages.get(languageId));
//FIXMW locale need to be set by User language first
sdf = DateFormat.getDateTimeInstance(SHORT, SHORT, getLocale());
- if (null == getId()) {
- bind();
- }
}
public boolean signIn(String login, String password, Type type, Long domainId) {
@@ -379,7 +385,7 @@ public class WebSession extends Abstract
}
public static void setKickedByAdmin(boolean kicked) {
- kickedByAdmin = kicked;
+ get().kickedByAdmin = kicked;
}
public boolean isKickedByAdmin() {
Modified: openmeetings/application/branches/3.2.x/openmeetings-web/src/main/java/org/apache/openmeetings/web/app/WebSession.java
URL: http://svn.apache.org/viewvc/openmeetings/application/branches/3.2.x/openmeetings-web/src/main/java/org/apache/openmeetings/web/app/WebSession.java?rev=1743452&r1=1743451&r2=1743452&view=diff
==============================================================================
--- openmeetings/application/branches/3.2.x/openmeetings-web/src/main/java/org/apache/openmeetings/web/app/WebSession.java (original)
+++ openmeetings/application/branches/3.2.x/openmeetings-web/src/main/java/org/apache/openmeetings/web/app/WebSession.java Thu May 12 03:19:10 2016
@@ -89,9 +89,12 @@ import ro.fortsoft.wicket.dashboard.web.
public class WebSession extends AbstractAuthenticatedWebSession implements IWebSession {
private static final long serialVersionUID = 1L;
- public static int MILLIS_IN_MINUTE = 60000;
+ public static final int MILLIS_IN_MINUTE = 60000;
public static final String SECURE_HASH = "secureHash";
public static final String INVITATION_HASH = "invitationHash";
+ public static final String ISO8601_FORMAT_STRING = "yyyy-MM-dd'T'HH:mm:ssZ";
+ public static final List<String> AVAILABLE_TIMEZONES = Arrays.asList(TimeZone.getAvailableIDs());
+ public static final Set<String> AVAILABLE_TIMEZONE_SET = new LinkedHashSet<String>(AVAILABLE_TIMEZONES);
private Long userId = null;
private Set<Right> rights = new HashSet<User.Right>(); //TODO renew somehow on user edit !!!!
private long languageId = -1; //TODO renew somehow on user edit !!!!
@@ -99,7 +102,6 @@ public class WebSession extends Abstract
private OmUrlFragment area = null;
private TimeZone tz;
private TimeZone browserTz;
- public final static String ISO8601_FORMAT_STRING = "yyyy-MM-dd'T'HH:mm:ssZ";
private DateFormat ISO8601FORMAT = new SimpleDateFormat(ISO8601_FORMAT_STRING); //FIXME not thread safe
private DateFormat sdf;
private UserDashboard dashboard;
@@ -107,9 +109,7 @@ public class WebSession extends Abstract
private Long recordingId;
private Long loginError = null;
private String externalType;
- public static boolean kickedByAdmin = false;
- public final static List<String> AVAILABLE_TIMEZONES = Arrays.asList(TimeZone.getAvailableIDs());
- public final static Set<String> AVAILABLE_TIMEZONE_SET = new LinkedHashSet<String>(AVAILABLE_TIMEZONES);
+ private boolean kickedByAdmin = false;
public WebSession(Request request) {
super(request);
@@ -239,6 +239,15 @@ public class WebSession extends Abstract
}
private void setUser(User u) {
+ String _sid = SID;
+ Long _recordingId = recordingId;
+ replaceSession(); // required to prevent session fixation
+ if (_sid != null) {
+ SID = _sid;
+ }
+ if (_recordingId != null) {
+ recordingId = _recordingId;
+ }
userId = u.getId();
rights = Collections.unmodifiableSet(u.getRights());
languageId = u.getLanguageId();
@@ -248,9 +257,6 @@ public class WebSession extends Abstract
setLocale(languageId == 3 ? Locale.GERMANY : LabelDao.languages.get(languageId));
//FIXMW locale need to be set by User language first
sdf = DateFormat.getDateTimeInstance(SHORT, SHORT, getLocale());
- if (null == getId()) {
- bind();
- }
}
public boolean signIn(String login, String password, Type type, Long domainId) {
@@ -379,7 +385,7 @@ public class WebSession extends Abstract
}
public static void setKickedByAdmin(boolean kicked) {
- kickedByAdmin = kicked;
+ get().kickedByAdmin = kicked;
}
public boolean isKickedByAdmin() {
Modified: openmeetings/application/trunk/openmeetings-web/src/main/java/org/apache/openmeetings/web/app/WebSession.java
URL: http://svn.apache.org/viewvc/openmeetings/application/trunk/openmeetings-web/src/main/java/org/apache/openmeetings/web/app/WebSession.java?rev=1743452&r1=1743451&r2=1743452&view=diff
==============================================================================
--- openmeetings/application/trunk/openmeetings-web/src/main/java/org/apache/openmeetings/web/app/WebSession.java (original)
+++ openmeetings/application/trunk/openmeetings-web/src/main/java/org/apache/openmeetings/web/app/WebSession.java Thu May 12 03:19:10 2016
@@ -89,9 +89,12 @@ import ro.fortsoft.wicket.dashboard.web.
public class WebSession extends AbstractAuthenticatedWebSession implements IWebSession {
private static final long serialVersionUID = 1L;
- public static int MILLIS_IN_MINUTE = 60000;
+ public static final int MILLIS_IN_MINUTE = 60000;
public static final String SECURE_HASH = "secureHash";
public static final String INVITATION_HASH = "invitationHash";
+ public static final String ISO8601_FORMAT_STRING = "yyyy-MM-dd'T'HH:mm:ssZ";
+ public static final List<String> AVAILABLE_TIMEZONES = Arrays.asList(TimeZone.getAvailableIDs());
+ public static final Set<String> AVAILABLE_TIMEZONE_SET = new LinkedHashSet<String>(AVAILABLE_TIMEZONES);
private Long userId = null;
private Set<Right> rights = new HashSet<User.Right>(); //TODO renew somehow on user edit !!!!
private long languageId = -1; //TODO renew somehow on user edit !!!!
@@ -99,7 +102,6 @@ public class WebSession extends Abstract
private OmUrlFragment area = null;
private TimeZone tz;
private TimeZone browserTz;
- public final static String ISO8601_FORMAT_STRING = "yyyy-MM-dd'T'HH:mm:ssZ";
private DateFormat ISO8601FORMAT = new SimpleDateFormat(ISO8601_FORMAT_STRING); //FIXME not thread safe
private DateFormat sdf;
private UserDashboard dashboard;
@@ -107,9 +109,7 @@ public class WebSession extends Abstract
private Long recordingId;
private Long loginError = null;
private String externalType;
- public static boolean kickedByAdmin = false;
- public final static List<String> AVAILABLE_TIMEZONES = Arrays.asList(TimeZone.getAvailableIDs());
- public final static Set<String> AVAILABLE_TIMEZONE_SET = new LinkedHashSet<String>(AVAILABLE_TIMEZONES);
+ private boolean kickedByAdmin = false;
public WebSession(Request request) {
super(request);
@@ -239,6 +239,15 @@ public class WebSession extends Abstract
}
private void setUser(User u) {
+ String _sid = SID;
+ Long _recordingId = recordingId;
+ replaceSession(); // required to prevent session fixation
+ if (_sid != null) {
+ SID = _sid;
+ }
+ if (_recordingId != null) {
+ recordingId = _recordingId;
+ }
userId = u.getId();
rights = Collections.unmodifiableSet(u.getRights());
languageId = u.getLanguageId();
@@ -248,9 +257,6 @@ public class WebSession extends Abstract
setLocale(languageId == 3 ? Locale.GERMANY : LabelDao.languages.get(languageId));
//FIXMW locale need to be set by User language first
sdf = DateFormat.getDateTimeInstance(SHORT, SHORT, getLocale());
- if (null == getId()) {
- bind();
- }
}
public boolean signIn(String login, String password, Type type, Long domainId) {
@@ -379,7 +385,7 @@ public class WebSession extends Abstract
}
public static void setKickedByAdmin(boolean kicked) {
- kickedByAdmin = kicked;
+ get().kickedByAdmin = kicked;
}
public boolean isKickedByAdmin() {