You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by co...@locus.apache.org on 2000/03/21 01:32:40 UTC
cvs commit: jakarta-tomcat/src/share/org/apache/tomcat/request SessionInterceptor.java SimpleMapper.java
costin 00/03/20 16:32:40
Modified: src/examples/WEB-INF/classes SessionExample.java
src/native/apache/jserv jserv_balance.c
src/native/iis_netscape jk_lb_worker.c
src/share/org/apache/tomcat/core
HttpServletResponseFacade.java Request.java
RequestImpl.java
src/share/org/apache/tomcat/request SessionInterceptor.java
SimpleMapper.java
Log:
Partial fix for bug #1.
Note that URL rewriting is not a stable feature - integration with
Apache, NES and IIS needs to be tested and many issues need to be
documented ( like how it works if you have HTML pages, etc).
I checked in a fix for mod_jserv, but it doesn't work yet for rewriting.
The patch was submitted by "G�bor Lipt�k" <ga...@usa.net>.
Submitted by: "G�bor" "Lipt�k" <ga...@usa.net>
Revision Changes Path
1.2 +21 -2 jakarta-tomcat/src/examples/WEB-INF/classes/SessionExample.java
Index: SessionExample.java
===================================================================
RCS file: /home/cvs/jakarta-tomcat/src/examples/WEB-INF/classes/SessionExample.java,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- SessionExample.java 1999/10/09 00:20:00 1.1
+++ SessionExample.java 2000/03/21 00:32:38 1.2
@@ -1,4 +1,4 @@
-/* $Id: SessionExample.java,v 1.1 1999/10/09 00:20:00 duncan Exp $
+/* $Id: SessionExample.java,v 1.2 2000/03/21 00:32:38 costin Exp $
*
*/
@@ -77,7 +77,8 @@
out.println("<P>");
out.print("<form action=\"");
- out.print("SessionExample\" ");
+ out.print(response.encodeURL("SessionExample"));
+ out.print("\" ");
out.println("method=POST>");
out.println(rb.getString("sessions.dataname"));
out.println("<input type=text size=20 name=dataname>");
@@ -88,6 +89,24 @@
out.println("<input type=submit>");
out.println("</form>");
+ out.println("<P>GET based form:<br>");
+ out.print("<form action=\"");
+ out.print(response.encodeURL("SessionExample"));
+ out.print("\" ");
+ out.println("method=GET>");
+ out.println(rb.getString("sessions.dataname"));
+ out.println("<input type=text size=20 name=dataname>");
+ out.println("<br>");
+ out.println(rb.getString("sessions.datavalue"));
+ out.println("<input type=text size=20 name=datavalue>");
+ out.println("<br>");
+ out.println("<input type=submit>");
+ out.println("</form>");
+
+ out.print("<p><a href=\"");
+ out.print(response.encodeURL("SessionExample?dataname=foo&datavalue=bar"));
+ out.println("\" >URL encoded </a>");
+
out.println("</body>");
out.println("</html>");
1.3 +13 -7 jakarta-tomcat/src/native/apache/jserv/jserv_balance.c
Index: jserv_balance.c
===================================================================
RCS file: /home/cvs/jakarta-tomcat/src/native/apache/jserv/jserv_balance.c,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- jserv_balance.c 2000/02/18 09:40:53 1.2
+++ jserv_balance.c 2000/03/21 00:32:39 1.3
@@ -54,7 +54,7 @@
* Author: Bernard Bernstein <be...@corp.talkcity.com> *
* Updated: March 1999 Jean-Luc Rochat <jl...@jnix.com> *
* Description: solved part of fail-over problems & LB improvments *
- * Version: $Revision: 1.2 $
+ * Version: $Revision: 1.3 $
*****************************************************************************/
#include "jserv.h"
@@ -71,6 +71,7 @@
/* or parameter set by the java code */
#define SESSION_IDENTIFIER "JSESSIONID"
+#define SESSION_IDENTIFIER_PARAM "jsessionid"
#define ROUTING_IDENTIFIER "JSERV_ROUTE"
/* ========================================================================= */
@@ -85,14 +86,17 @@
pname = ap_pstrcat(r->pool, pname, "=", NULL);
- if (!r->args) {
- return NULL;
- }
-
- value = strstr(r->args, pname);
+ /* if (!r->args) { */
+ /* return NULL; */
+ /* } */
+
+ /* XXX Will not work if ;jsessionid is not a path param for the last
+ path component */
+ value = strstr(r->uri, pname);
if (value) {
value += strlen(pname);
varg = value;
+ /* end of string or & */
while (*varg && *varg != '&') {
varg++;
len++;
@@ -140,7 +144,9 @@
{
char *val;
char sessionid[256];
+ char sessionid_p[256];
strcpy(sessionid, SESSION_IDENTIFIER);
+ strcpy(sessionid_p, SESSION_IDENTIFIER_PARAM);
/*
* Not needed anymore... the route is based on the cookie's
@@ -148,7 +154,7 @@
* strcat(sessionid, zone);
*/
- val = get_param(sessionid, r);
+ val = get_param(sessionid_p, r);
if (val == NULL)
val = get_cookie(sessionid, r);
return val;
1.5 +4 -1 jakarta-tomcat/src/native/iis_netscape/jk_lb_worker.c
Index: jk_lb_worker.c
===================================================================
RCS file: /home/cvs/jakarta-tomcat/src/native/iis_netscape/jk_lb_worker.c,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -r1.4 -r1.5
--- jk_lb_worker.c 2000/03/08 09:37:45 1.4
+++ jk_lb_worker.c 2000/03/21 00:32:39 1.5
@@ -58,7 +58,7 @@
* several workers. *
* Author: Gal Shachor <sh...@il.ibm.com> *
* Based on: *
- * Version: $Revision: 1.4 $ *
+ * Version: $Revision: 1.5 $ *
***************************************************************************/
#include "jk_pool.h"
@@ -115,6 +115,9 @@
static char *get_param(jk_ws_service_t *s,
const char *name)
{
+
+ /* XXX XXX XXX need to fix - jsession id is path param, not query string.
+ Gal, please take a look ! */
if(s->query_string) {
char *id_start = NULL;
for(id_start = strstr(s->query_string, name) ;
1.5 +34 -19 jakarta-tomcat/src/share/org/apache/tomcat/core/HttpServletResponseFacade.java
Index: HttpServletResponseFacade.java
===================================================================
RCS file: /home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/core/HttpServletResponseFacade.java,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -r1.4 -r1.5
--- HttpServletResponseFacade.java 2000/02/17 07:52:19 1.4
+++ HttpServletResponseFacade.java 2000/03/21 00:32:39 1.5
@@ -1,7 +1,7 @@
/*
- * $Header: /home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/core/HttpServletResponseFacade.java,v 1.4 2000/02/17 07:52:19 costin Exp $
- * $Revision: 1.4 $
- * $Date: 2000/02/17 07:52:19 $
+ * $Header: /home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/core/HttpServletResponseFacade.java,v 1.5 2000/03/21 00:32:39 costin Exp $
+ * $Revision: 1.5 $
+ * $Date: 2000/03/21 00:32:39 $
*
* ====================================================================
*
@@ -102,32 +102,47 @@
return response.containsHeader(name);
}
- public String encodeRedirectURL(String url) {
- // XXX
- // we don't support url rewriting yet!
- return url;
+ public String encodeRedirectURL(String location) {
+ // rewrite for the same host
+ // this is really simplistic matching here, any helper functions?
+ if (location.indexOf(response.getRequest().getServerName())!=-1){
+ location=encodeURL(location);
+ }
+ return location;
}
/**
* @deprecated
*/
-
public String encodeRedirectUrl(String location) {
- //try {
- // URL url = new URL(location);
- //} catch (MalformedURLException e) {
- // String msg = sm.getString("hsrf.redirect.iae")
- //
- // throw new IllegalArgumentException(msg);
- //}
-
return encodeRedirectURL(location);
}
public String encodeURL(String url) {
- // XXX
- // we don't support url rewriting yet!
- return url;
+ Request request=response.getRequest();
+ // if I have a session
+ // System.out.println("XXX " + request.isRequestedSessionIdValid() +" " + request.isRequestedSessionIdFromCookie());
+
+ if (request.isRequestedSessionIdValid()){
+ // if first time or cookie not returned
+ // XXX need to add support for SSL or other schemas
+ if (!request.isRequestedSessionIdFromCookie()) {
+ int qidx=url.indexOf( "?" );
+ String path=url;
+ String qry=null;
+ if( qidx >= 0 ) {
+ path=url.substring( 0, qidx );
+ qry=url.substring( qidx+1 );
+ }
+ StringBuffer sb=new StringBuffer(path);
+ sb.append(";jsessionid=").append(request.getRequestedSessionId());
+ if( qry != null )
+ sb.append("?").append( qry);
+ // System.out.println("RW " + url + " " + sb.toString());
+ return sb.toString();
+ }
+ }
+ return url;
}
/**
1.31 +6 -0 jakarta-tomcat/src/share/org/apache/tomcat/core/Request.java
Index: Request.java
===================================================================
RCS file: /home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/core/Request.java,v
retrieving revision 1.30
retrieving revision 1.31
diff -u -r1.30 -r1.31
--- Request.java 2000/02/17 12:15:03 1.30
+++ Request.java 2000/03/21 00:32:39 1.31
@@ -195,9 +195,15 @@
public void setRequestedSessionId(String reqSessionId) ;
+ // XXX It's better to use set/getSessionIdSource, with URL, Cookie, SSL, etc as
+ // source. Next 4 methods will probably be deprecated.
boolean isRequestedSessionIdFromCookie() ;
+ void setRequestedSessionIdFromCookie(boolean newState);
+
boolean isRequestedSessionIdFromURL() ;
+
+ void setRequestedSessionIdFromURL(boolean newState) ;
public void setSession(HttpSession serverSession) ;
1.23 +11 -4 jakarta-tomcat/src/share/org/apache/tomcat/core/RequestImpl.java
Index: RequestImpl.java
===================================================================
RCS file: /home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/core/RequestImpl.java,v
retrieving revision 1.22
retrieving revision 1.23
diff -u -r1.22 -r1.23
--- RequestImpl.java 2000/03/20 19:34:09 1.22
+++ RequestImpl.java 2000/03/21 00:32:39 1.23
@@ -1,7 +1,7 @@
/*
- * $Header: /home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/core/RequestImpl.java,v 1.22 2000/03/20 19:34:09 costin Exp $
- * $Revision: 1.22 $
- * $Date: 2000/03/20 19:34:09 $
+ * $Header: /home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/core/RequestImpl.java,v 1.23 2000/03/21 00:32:39 costin Exp $
+ * $Revision: 1.23 $
+ * $Date: 2000/03/21 00:32:39 $
*
* ====================================================================
*
@@ -124,7 +124,7 @@
// Session
// set by interceptors - the session id
protected String reqSessionId;
- protected boolean sessionIdFromCookie=true;
+ protected boolean sessionIdFromCookie=false;
protected boolean sessionIdFromURL=false;
// cache- avoid calling SessionManager for each getSession()
protected HttpSession serverSession;
@@ -351,6 +351,13 @@
return sessionIdFromURL;
}
+ public void setRequestedSessionIdFromCookie(boolean newState){
+ sessionIdFromCookie=true;
+ }
+
+ public void setRequestedSessionIdFromURL(boolean newState) {
+ sessionIdFromURL=newState;
+ }
public void setContext(Context context) {
this.context = context;
1.14 +61 -36 jakarta-tomcat/src/share/org/apache/tomcat/request/SessionInterceptor.java
Index: SessionInterceptor.java
===================================================================
RCS file: /home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/request/SessionInterceptor.java,v
retrieving revision 1.13
retrieving revision 1.14
diff -u -r1.13 -r1.14
--- SessionInterceptor.java 2000/03/01 20:55:05 1.13
+++ SessionInterceptor.java 2000/03/21 00:32:40 1.14
@@ -85,45 +85,70 @@
}
public int requestMap(Request request ) {
- // look for session id -- cookies only right now
- String sessionId = null;
-
- Cookie cookies[]=request.getCookies(); // assert !=null
-
- for( int i=0; i<cookies.length; i++ ) {
- Cookie cookie = cookies[i];
-
- if (cookie.getName().equals(
- org.apache.tomcat.core.Constants.SESSION_COOKIE_NAME)) {
- sessionId = cookie.getValue();
- // GS, We piggyback the JVM id on top of the session cookie
- // Separate them ...
- if(null != sessionId) {
- int idex = sessionId.lastIndexOf(SESSIONID_ROUTE_SEP);
- if(idex > 0) {
- sessionId = sessionId.substring(0, idex);
- }
- }
-
- if (sessionId != null) {
- // GS, We are in a problem here, we may actually get
- // multiple Session cookies (one for the root
- // context and one for the real context... or old session
- // cookie. We must check for validity in the current context.
- Context ctx = request.getContext();
- SessionManager sM = ctx.getSessionManager();
-
- if(null != sM.findSession(ctx, sessionId)) {
- sM.accessed(ctx, request, sessionId );
-
- request.setRequestedSessionId(sessionId);
- }
- }
- }
+ String sessionId = null;
+
+ Cookie cookies[]=request.getCookies(); // assert !=null
+
+ for( int i=0; i<cookies.length; i++ ) {
+ Cookie cookie = cookies[i];
+
+ if (cookie.getName().equals("JSESSIONID")) {
+ sessionId = cookie.getValue();
+ sessionId=validateSessionId(request, sessionId);
+ if (sessionId!=null){
+ request.setRequestedSessionIdFromCookie(true);
+ }
}
+ }
+
+ String sig=";jsessionid=";
+ int foundAt=-1;
+ if ((foundAt=request.getRequestURI().indexOf(sig))!=-1){
+ sessionId=request.getRequestURI().substring(foundAt+sig.length());
+ // rewrite URL, do I need to do anything more?
+ request.setRequestURI(request.getRequestURI().substring(0, foundAt));
+ sessionId=validateSessionId(request, sessionId);
+ if (sessionId!=null){
+ request.setRequestedSessionIdFromURL(true);
+ }
+ }
+ return 0;
+ }
- return 0;
+ // XXX what is the correct behavior if the session is invalid ?
+ // We may still set it and just return session invalid.
+
+ /** Validate and fix the session id. If the session is not valid return null.
+ * It will also clean up the session from load-balancing strings.
+ * @return sessionId, or null if not valid
+ */
+ private String validateSessionId(Request request, String sessionId){
+ // GS, We piggyback the JVM id on top of the session cookie
+ // Separate them ...
+ if (null != sessionId) {
+ int idex = sessionId.lastIndexOf(SESSIONID_ROUTE_SEP);
+ if(idex > 0) {
+ sessionId = sessionId.substring(0, idex);
+ }
+ }
+
+ if (sessionId != null && sessionId.length()!=0) {
+ // GS, We are in a problem here, we may actually get
+ // multiple Session cookies (one for the root
+ // context and one for the real context... or old session
+ // cookie. We must check for validity in the current context.
+ Context ctx=request.getContext();
+ SessionManager sM = ctx.getSessionManager();
+ if(null != sM.findSession(ctx, sessionId)) {
+ sM.accessed(ctx, request, sessionId );
+ request.setRequestedSessionId(sessionId);
+ return sessionId;
+ }
+ }
+ return null;
}
+
+
public int beforeBody( Request rrequest, Response response ) {
String reqSessionId = response.getSessionId();
1.15 +9 -0 jakarta-tomcat/src/share/org/apache/tomcat/request/SimpleMapper.java
Index: SimpleMapper.java
===================================================================
RCS file: /home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/request/SimpleMapper.java,v
retrieving revision 1.14
retrieving revision 1.15
diff -u -r1.14 -r1.15
--- SimpleMapper.java 2000/02/17 21:19:02 1.14
+++ SimpleMapper.java 2000/03/21 00:32:40 1.15
@@ -131,6 +131,15 @@
// resolve the server that we are for
String path = rrequest.getRequestURI();
+
+ // strip session URL rewrite part which interferes processing
+ // XXX works only if ;jsessionid= is path param for the last component
+ // of the path!
+ String sig=";jsessionid=";
+ int foundAt=-1;
+ if ((foundAt=path.indexOf(sig))!=-1){
+ path=path.substring(0, foundAt);
+ }
Context ctx= this.getContextByPath(path);
rrequest.setContext(ctx);