You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@unomi.apache.org by sh...@apache.org on 2018/04/27 15:29:53 UTC
incubator-unomi git commit: UNOMI-178 Make it possible to pass
sessionId as a body parameter instead of just a URL parameter
Repository: incubator-unomi
Updated Branches:
refs/heads/master 70fe6640c -> 9fcfd4285
UNOMI-178 Make it possible to pass sessionId as a body parameter instead of just a URL parameter
Signed-off-by: Serge Huber <sh...@apache.org>
Project: http://git-wip-us.apache.org/repos/asf/incubator-unomi/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-unomi/commit/9fcfd428
Tree: http://git-wip-us.apache.org/repos/asf/incubator-unomi/tree/9fcfd428
Diff: http://git-wip-us.apache.org/repos/asf/incubator-unomi/diff/9fcfd428
Branch: refs/heads/master
Commit: 9fcfd428547f9422390d773d756fb570f33e1e49
Parents: 70fe664
Author: Serge Huber <sh...@apache.org>
Authored: Fri Apr 27 17:29:45 2018 +0200
Committer: Serge Huber <sh...@apache.org>
Committed: Fri Apr 27 17:29:45 2018 +0200
----------------------------------------------------------------------
.../org/apache/unomi/api/ContextRequest.java | 18 +++++++++
.../unomi/api/EventsCollectorRequest.java | 20 ++++++++++
.../org/apache/unomi/web/ContextServlet.java | 40 +++++++++++++-------
.../unomi/web/EventsCollectorServlet.java | 5 ++-
4 files changed, 68 insertions(+), 15 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-unomi/blob/9fcfd428/api/src/main/java/org/apache/unomi/api/ContextRequest.java
----------------------------------------------------------------------
diff --git a/api/src/main/java/org/apache/unomi/api/ContextRequest.java b/api/src/main/java/org/apache/unomi/api/ContextRequest.java
index 8d9dc99..6a6c79a 100644
--- a/api/src/main/java/org/apache/unomi/api/ContextRequest.java
+++ b/api/src/main/java/org/apache/unomi/api/ContextRequest.java
@@ -63,6 +63,7 @@ public class ContextRequest {
// test different filter results.
private Profile profileOverrides;
private Map<String, Object> sessionPropertiesOverrides;
+ private String sessionId;
/**
* Retrieves the source of the context request.
@@ -224,4 +225,21 @@ public class ContextRequest {
this.sessionPropertiesOverrides = sessionPropertiesOverrides;
}
+ /**
+ * Retrieve the sessionId passed along with the request. All events will be processed with this sessionId as a
+ * default
+ * @return the identifier for the session
+ */
+ public String getSessionId() {
+ return sessionId;
+ }
+
+ /**
+ * Sets the sessionId in the request. This is the preferred method of passing along a session identifier with the
+ * request, as passing it along in the URL can lead to potential security vulnerabilities.
+ * @param sessionId an unique identifier for the session
+ */
+ public void setSessionId(String sessionId) {
+ this.sessionId = sessionId;
+ }
}
http://git-wip-us.apache.org/repos/asf/incubator-unomi/blob/9fcfd428/api/src/main/java/org/apache/unomi/api/EventsCollectorRequest.java
----------------------------------------------------------------------
diff --git a/api/src/main/java/org/apache/unomi/api/EventsCollectorRequest.java b/api/src/main/java/org/apache/unomi/api/EventsCollectorRequest.java
index 2880240..8b478d7 100644
--- a/api/src/main/java/org/apache/unomi/api/EventsCollectorRequest.java
+++ b/api/src/main/java/org/apache/unomi/api/EventsCollectorRequest.java
@@ -24,6 +24,7 @@ import java.util.List;
*/
public class EventsCollectorRequest {
private List<Event> events;
+ private String sessionId;
/**
* Retrieves the events to be processed.
@@ -37,4 +38,23 @@ public class EventsCollectorRequest {
public void setEvents(List<Event> events) {
this.events = events;
}
+
+ /**
+ * Retrieve the sessionId passed along with the request. All events will be processed with this sessionId as a
+ * default
+ * @return the identifier for the session
+ */
+ public String getSessionId() {
+ return sessionId;
+ }
+
+ /**
+ * Sets the sessionId in the request. This is the preferred method of passing along a session identifier with the
+ * request, as passing it along in the URL can lead to potential security vulnerabilities.
+ * @param sessionId an unique identifier for the session
+ */
+ public void setSessionId(String sessionId) {
+ this.sessionId = sessionId;
+ }
+
}
http://git-wip-us.apache.org/repos/asf/incubator-unomi/blob/9fcfd428/wab/src/main/java/org/apache/unomi/web/ContextServlet.java
----------------------------------------------------------------------
diff --git a/wab/src/main/java/org/apache/unomi/web/ContextServlet.java b/wab/src/main/java/org/apache/unomi/web/ContextServlet.java
index a507bdd..d978d70 100644
--- a/wab/src/main/java/org/apache/unomi/web/ContextServlet.java
+++ b/wab/src/main/java/org/apache/unomi/web/ContextServlet.java
@@ -116,21 +116,9 @@ public class ContextServlet extends HttpServlet {
}
}
- String sessionId = request.getParameter("sessionId");
- boolean invalidateSession = request.getParameter("invalidateSession")!=null?new Boolean(request.getParameter("invalidateSession")):false;
- boolean invalidateProfile = request.getParameter("invalidateProfile")!=null?new Boolean(request.getParameter("invalidateProfile")):false;
-
- if (cookieProfileId == null && sessionId == null && personaId == null) {
- ((HttpServletResponse)response).sendError(HttpServletResponse.SC_BAD_REQUEST, "Check logs for more details");
- logger.error("Couldn't find cookieProfileId, sessionId or personaId in incoming request! Stopped processing request. See debug level for more information");
- if (logger.isDebugEnabled()) {
- logger.debug("Request dump:" + HttpUtils.dumpRequestInfo(httpServletRequest));
- }
- return;
- }
-
ContextRequest contextRequest = null;
String scope = null;
+ String sessionId = null;
String stringPayload = HttpUtils.getPayload(httpServletRequest);
if (stringPayload != null) {
ObjectMapper mapper = CustomObjectMapper.getObjectMapper();
@@ -142,9 +130,28 @@ public class ContextServlet extends HttpServlet {
logger.error("Cannot read payload " + stringPayload, e);
return;
}
- scope = contextRequest.getSource().getScope();
+ if (contextRequest.getSource() != null) {
+ scope = contextRequest.getSource().getScope();
+ }
+ sessionId = contextRequest.getSessionId();
+ }
+
+ if (sessionId == null) {
+ sessionId = request.getParameter("sessionId");
+ }
+ boolean invalidateSession = request.getParameter("invalidateSession")!=null?new Boolean(request.getParameter("invalidateSession")):false;
+ boolean invalidateProfile = request.getParameter("invalidateProfile")!=null?new Boolean(request.getParameter("invalidateProfile")):false;
+
+ if (cookieProfileId == null && sessionId == null && personaId == null) {
+ ((HttpServletResponse)response).sendError(HttpServletResponse.SC_BAD_REQUEST, "Check logs for more details");
+ logger.error("Couldn't find cookieProfileId, sessionId or personaId in incoming request! Stopped processing request. See debug level for more information");
+ if (logger.isDebugEnabled()) {
+ logger.debug("Request dump:" + HttpUtils.dumpRequestInfo(httpServletRequest));
+ }
+ return;
}
+
int changes = EventService.NO_CHANGE;
if (profile == null) {
@@ -239,6 +246,11 @@ public class ContextServlet extends HttpServlet {
ContextResponse data = new ContextResponse();
data.setProfileId(profile.getItemId());
+ if (session != null) {
+ data.setSessionId(session.getItemId());
+ } else if (sessionId != null) {
+ data.setSessionId(sessionId);
+ }
if (contextRequest != null){
changes |= handleRequest(contextRequest, profile, session, data, request, response, timestamp);
http://git-wip-us.apache.org/repos/asf/incubator-unomi/blob/9fcfd428/wab/src/main/java/org/apache/unomi/web/EventsCollectorServlet.java
----------------------------------------------------------------------
diff --git a/wab/src/main/java/org/apache/unomi/web/EventsCollectorServlet.java b/wab/src/main/java/org/apache/unomi/web/EventsCollectorServlet.java
index e673289..713e1e4 100644
--- a/wab/src/main/java/org/apache/unomi/web/EventsCollectorServlet.java
+++ b/wab/src/main/java/org/apache/unomi/web/EventsCollectorServlet.java
@@ -108,7 +108,10 @@ public class EventsCollectorServlet extends HttpServlet {
return;
}
- String sessionId = request.getParameter("sessionId");
+ String sessionId = events.getSessionId();
+ if (sessionId == null) {
+ sessionId = request.getParameter("sessionId");
+ }
if (sessionId == null) {
logger.error("No sessionId found in incoming request, aborting processing. See debug level for more information");
if (logger.isDebugEnabled()) {