You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@brooklyn.apache.org by GitBox <gi...@apache.org> on 2019/12/18 16:15:14 UTC
[GitHub] [brooklyn-server] jcabrerizo opened a new pull request #1079:
Adding logic to manage a max session age
jcabrerizo opened a new pull request #1079: Adding logic to manage a max session age
URL: https://github.com/apache/brooklyn-server/pull/1079
Allow set up the max age for the cookies using the propertie
```
org.apache.brooklyn.server.maxSessionAge = XX # in seconds
```
Also another propertie for the max inactive interval has been added instead of keep it hard coded as before. The default value if none is configured is the same as before 3601s
```
org.apache.brooklyn.server.maxInactiveInterval = XX # in seconds
```
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [brooklyn-server] duncangrant commented on issue #1079: Adding
logic to manage a max session age
Posted by GitBox <gi...@apache.org>.
duncangrant commented on issue #1079: Adding logic to manage a max session age
URL: https://github.com/apache/brooklyn-server/pull/1079#issuecomment-573101048
Minor comment - you've misspelt default in the title of one of your commits
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [brooklyn-server] duncangrant commented on a change in pull request
#1079: Adding logic to manage a max session age
Posted by GitBox <gi...@apache.org>.
duncangrant commented on a change in pull request #1079: Adding logic to manage a max session age
URL: https://github.com/apache/brooklyn-server/pull/1079#discussion_r365315647
##########
File path: rest/rest-resources/src/main/java/org/apache/brooklyn/rest/filter/BrooklynSecurityProviderFilterHelper.java
##########
@@ -126,15 +134,24 @@ public void run(HttpServletRequest webRequest, ManagementContext mgmt) throws Se
}
}
- Supplier<HttpSession> sessionSupplier = () -> preferredSession1!=null ? preferredSession1 : MultiSessionAttributeAdapter.of(webRequest, true).getPreferredSession();
- if (provider.authenticate(webRequest, sessionSupplier, user, pass)) {
- HttpSession preferredSession2 = sessionSupplier.get();
- log.trace("{} authentication successful - {}", this, preferredSession2);
- preferredSession2.setAttribute(BrooklynWebConfig.REMOTE_ADDRESS_SESSION_ATTRIBUTE, webRequest.getRemoteAddr());
- if (user != null) {
- preferredSession2.setAttribute(AUTHENTICATED_USER_SESSION_ATTRIBUTE, user);
+ Supplier<HttpSession> sessionSupplier = () -> {
+ return preferredSession1 != null ? preferredSession1 : MultiSessionAttributeAdapter.of(webRequest, true).getPreferredSession();
+ };
+
+ try{
+ if (provider.authenticate(webRequest, sessionSupplier, user, pass)) {
+ // get new created session after authentication
+ Supplier<HttpSession> authenticatedSessionSupplier = () -> MultiSessionAttributeAdapter.of(webRequest, false).getPreferredSession();
Review comment:
Actually - why does this lambda even exist? Can't you just make the call.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [brooklyn-server] duncangrant commented on a change in pull request
#1079: Adding logic to manage a max session age
Posted by GitBox <gi...@apache.org>.
duncangrant commented on a change in pull request #1079: Adding logic to manage a max session age
URL: https://github.com/apache/brooklyn-server/pull/1079#discussion_r365317592
##########
File path: rest/rest-resources/src/main/java/org/apache/brooklyn/rest/util/MultiSessionAttributeAdapter.java
##########
@@ -80,36 +95,53 @@
private static final String KEY_PREFERRED_SESSION_HANDLER_INSTANCE = "org.apache.brooklyn.server.PreferredSessionHandlerInstance";
private static final String KEY_IS_PREFERRED = "org.apache.brooklyn.server.IsPreferred";
- private static final int MAX_INACTIVE_INTERVAL = 3601;
+ public final static ConfigKey<Long> MAX_SESSION_AGE = ConfigKeys.newLongConfigKey(
+ "org.apache.brooklyn.server.maxSessionAge", "Max session age in seconds");
- private static final Object PREFERRED_SYMBOLIC_NAME =
+ public final static ConfigKey<Integer> MAX_INACTIVE_INTERVAL = ConfigKeys.newIntegerConfigKey(
+ "org.apache.brooklyn.server.maxInactiveInterval", "Max inactive interval in seconds",
+ 3601);
+
+ private static final Object PREFERRED_SYMBOLIC_NAME =
"org.apache.cxf.cxf-rt-transports-http";
//// our bundle here doesn't have a session handler; sessions to the REST API get the handler from CXF
//"org.apache.brooklyn.rest.rest-resources";
private final HttpSession preferredSession;
private final HttpSession localSession;
+ private final ManagementContext mgmt;
private boolean silentlyAcceptLocalOnlyValues = false;
private boolean setLocalValuesAlso = false;
private boolean setAllKnownSessions = false;
private static final Factory FACTORY = new Factory();
- protected MultiSessionAttributeAdapter(HttpSession preferredSession, HttpSession localSession) {
+ protected MultiSessionAttributeAdapter(HttpSession preferredSession, HttpSession localSession, HttpServletRequest request) {
this.preferredSession = preferredSession;
this.localSession = localSession;
+ ServletContext servletContext = request!=null ? request.getServletContext() : localSession!=null ? localSession.getServletContext() : preferredSession!=null ? preferredSession.getServletContext() : null;
+ if(servletContext != null){
Review comment:
could also use ?: syntax here
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [brooklyn-server] duncangrant commented on a change in pull request
#1079: Adding logic to manage a max session age
Posted by GitBox <gi...@apache.org>.
duncangrant commented on a change in pull request #1079: Adding logic to manage a max session age
URL: https://github.com/apache/brooklyn-server/pull/1079#discussion_r365314524
##########
File path: rest/rest-resources/src/main/java/org/apache/brooklyn/rest/filter/BrooklynSecurityProviderFilterHelper.java
##########
@@ -126,15 +134,24 @@ public void run(HttpServletRequest webRequest, ManagementContext mgmt) throws Se
}
}
- Supplier<HttpSession> sessionSupplier = () -> preferredSession1!=null ? preferredSession1 : MultiSessionAttributeAdapter.of(webRequest, true).getPreferredSession();
- if (provider.authenticate(webRequest, sessionSupplier, user, pass)) {
- HttpSession preferredSession2 = sessionSupplier.get();
- log.trace("{} authentication successful - {}", this, preferredSession2);
- preferredSession2.setAttribute(BrooklynWebConfig.REMOTE_ADDRESS_SESSION_ATTRIBUTE, webRequest.getRemoteAddr());
- if (user != null) {
- preferredSession2.setAttribute(AUTHENTICATED_USER_SESSION_ATTRIBUTE, user);
+ Supplier<HttpSession> sessionSupplier = () -> {
+ return preferredSession1 != null ? preferredSession1 : MultiSessionAttributeAdapter.of(webRequest, true).getPreferredSession();
+ };
+
+ try{
+ if (provider.authenticate(webRequest, sessionSupplier, user, pass)) {
+ // get new created session after authentication
+ Supplier<HttpSession> authenticatedSessionSupplier = () -> MultiSessionAttributeAdapter.of(webRequest, false).getPreferredSession();
Review comment:
inconsistent formatting of lambdas - not sure how I feel about that
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [brooklyn-server] duncangrant commented on a change in pull request
#1079: Adding logic to manage a max session age
Posted by GitBox <gi...@apache.org>.
duncangrant commented on a change in pull request #1079: Adding logic to manage a max session age
URL: https://github.com/apache/brooklyn-server/pull/1079#discussion_r365316953
##########
File path: rest/rest-resources/src/main/java/org/apache/brooklyn/rest/util/MultiSessionAttributeAdapter.java
##########
@@ -80,36 +95,53 @@
private static final String KEY_PREFERRED_SESSION_HANDLER_INSTANCE = "org.apache.brooklyn.server.PreferredSessionHandlerInstance";
private static final String KEY_IS_PREFERRED = "org.apache.brooklyn.server.IsPreferred";
- private static final int MAX_INACTIVE_INTERVAL = 3601;
+ public final static ConfigKey<Long> MAX_SESSION_AGE = ConfigKeys.newLongConfigKey(
+ "org.apache.brooklyn.server.maxSessionAge", "Max session age in seconds");
- private static final Object PREFERRED_SYMBOLIC_NAME =
+ public final static ConfigKey<Integer> MAX_INACTIVE_INTERVAL = ConfigKeys.newIntegerConfigKey(
+ "org.apache.brooklyn.server.maxInactiveInterval", "Max inactive interval in seconds",
+ 3601);
+
+ private static final Object PREFERRED_SYMBOLIC_NAME =
"org.apache.cxf.cxf-rt-transports-http";
//// our bundle here doesn't have a session handler; sessions to the REST API get the handler from CXF
//"org.apache.brooklyn.rest.rest-resources";
private final HttpSession preferredSession;
private final HttpSession localSession;
+ private final ManagementContext mgmt;
private boolean silentlyAcceptLocalOnlyValues = false;
private boolean setLocalValuesAlso = false;
private boolean setAllKnownSessions = false;
private static final Factory FACTORY = new Factory();
- protected MultiSessionAttributeAdapter(HttpSession preferredSession, HttpSession localSession) {
+ protected MultiSessionAttributeAdapter(HttpSession preferredSession, HttpSession localSession, HttpServletRequest request) {
this.preferredSession = preferredSession;
this.localSession = localSession;
+ ServletContext servletContext = request!=null ? request.getServletContext() : localSession!=null ? localSession.getServletContext() : preferredSession!=null ? preferredSession.getServletContext() : null;
Review comment:
This line is difficult to comprehend
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [brooklyn-server] jcabrerizo commented on a change in pull request
#1079: Adding logic to manage a max session age
Posted by GitBox <gi...@apache.org>.
jcabrerizo commented on a change in pull request #1079: Adding logic to manage a max session age
URL: https://github.com/apache/brooklyn-server/pull/1079#discussion_r365712588
##########
File path: rest/rest-resources/src/main/java/org/apache/brooklyn/rest/filter/BrooklynSecurityProviderFilterHelper.java
##########
@@ -126,15 +134,24 @@ public void run(HttpServletRequest webRequest, ManagementContext mgmt) throws Se
}
}
- Supplier<HttpSession> sessionSupplier = () -> preferredSession1!=null ? preferredSession1 : MultiSessionAttributeAdapter.of(webRequest, true).getPreferredSession();
- if (provider.authenticate(webRequest, sessionSupplier, user, pass)) {
- HttpSession preferredSession2 = sessionSupplier.get();
- log.trace("{} authentication successful - {}", this, preferredSession2);
- preferredSession2.setAttribute(BrooklynWebConfig.REMOTE_ADDRESS_SESSION_ATTRIBUTE, webRequest.getRemoteAddr());
- if (user != null) {
- preferredSession2.setAttribute(AUTHENTICATED_USER_SESSION_ATTRIBUTE, user);
+ Supplier<HttpSession> sessionSupplier = () -> {
+ return preferredSession1 != null ? preferredSession1 : MultiSessionAttributeAdapter.of(webRequest, true).getPreferredSession();
+ };
+
+ try{
+ if (provider.authenticate(webRequest, sessionSupplier, user, pass)) {
+ // get new created session after authentication
+ Supplier<HttpSession> authenticatedSessionSupplier = () -> MultiSessionAttributeAdapter.of(webRequest, false).getPreferredSession();
+ HttpSession preferredSession2 = authenticatedSessionSupplier.get();
+ log.trace("{} authentication successful - {}", this, preferredSession2);
+ preferredSession2.setAttribute(BrooklynWebConfig.REMOTE_ADDRESS_SESSION_ATTRIBUTE, webRequest.getRemoteAddr());
+ if (user != null) {
+ preferredSession2.setAttribute(AUTHENTICATED_USER_SESSION_ATTRIBUTE, user);
+ }
+ return;
}
- return;
+ } catch (WebApplicationException e) {
+ abort(e.getResponse());
}
throw abort("Authentication failed", provider.requiresUserPass());
Review comment:
This is for sending to the UI the response generated in case of a session expiration. It changes depending on requests the `accept` header
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [brooklyn-server] grkvlt commented on a change in pull request
#1079: Adding logic to manage a max session age
Posted by GitBox <gi...@apache.org>.
grkvlt commented on a change in pull request #1079: Adding logic to manage a max session age
URL: https://github.com/apache/brooklyn-server/pull/1079#discussion_r366851011
##########
File path: rest/rest-resources/src/main/java/org/apache/brooklyn/rest/util/MultiSessionAttributeAdapter.java
##########
@@ -34,6 +37,16 @@
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
+import javax.servlet.ServletContext;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpSession;
+import javax.ws.rs.WebApplicationException;
+import javax.ws.rs.core.HttpHeaders;
+import javax.ws.rs.core.MediaType;
+import javax.ws.rs.core.Response;
+import java.lang.reflect.Field;
+import java.util.*;
Review comment:
No star imports
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [brooklyn-server] jcabrerizo commented on a change in pull request
#1079: Adding logic to manage a max session age
Posted by GitBox <gi...@apache.org>.
jcabrerizo commented on a change in pull request #1079: Adding logic to manage a max session age
URL: https://github.com/apache/brooklyn-server/pull/1079#discussion_r366891890
##########
File path: rest/rest-resources/src/main/java/org/apache/brooklyn/rest/util/MultiSessionAttributeAdapter.java
##########
@@ -34,6 +37,16 @@
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
+import javax.servlet.ServletContext;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpSession;
+import javax.ws.rs.WebApplicationException;
+import javax.ws.rs.core.HttpHeaders;
+import javax.ws.rs.core.MediaType;
+import javax.ws.rs.core.Response;
+import java.lang.reflect.Field;
+import java.util.*;
Review comment:
Replaced. Thanks, I didn't notice there is no other star imports in the project.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [brooklyn-server] tbouron merged pull request #1079: Adding logic
to manage a max session age
Posted by GitBox <gi...@apache.org>.
tbouron merged pull request #1079: Adding logic to manage a max session age
URL: https://github.com/apache/brooklyn-server/pull/1079
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [brooklyn-server] duncangrant commented on a change in pull request
#1079: Adding logic to manage a max session age
Posted by GitBox <gi...@apache.org>.
duncangrant commented on a change in pull request #1079: Adding logic to manage a max session age
URL: https://github.com/apache/brooklyn-server/pull/1079#discussion_r365315964
##########
File path: rest/rest-resources/src/main/java/org/apache/brooklyn/rest/filter/BrooklynSecurityProviderFilterHelper.java
##########
@@ -126,15 +134,24 @@ public void run(HttpServletRequest webRequest, ManagementContext mgmt) throws Se
}
}
- Supplier<HttpSession> sessionSupplier = () -> preferredSession1!=null ? preferredSession1 : MultiSessionAttributeAdapter.of(webRequest, true).getPreferredSession();
- if (provider.authenticate(webRequest, sessionSupplier, user, pass)) {
- HttpSession preferredSession2 = sessionSupplier.get();
- log.trace("{} authentication successful - {}", this, preferredSession2);
- preferredSession2.setAttribute(BrooklynWebConfig.REMOTE_ADDRESS_SESSION_ATTRIBUTE, webRequest.getRemoteAddr());
- if (user != null) {
- preferredSession2.setAttribute(AUTHENTICATED_USER_SESSION_ATTRIBUTE, user);
+ Supplier<HttpSession> sessionSupplier = () -> {
+ return preferredSession1 != null ? preferredSession1 : MultiSessionAttributeAdapter.of(webRequest, true).getPreferredSession();
+ };
+
+ try{
+ if (provider.authenticate(webRequest, sessionSupplier, user, pass)) {
+ // get new created session after authentication
+ Supplier<HttpSession> authenticatedSessionSupplier = () -> MultiSessionAttributeAdapter.of(webRequest, false).getPreferredSession();
+ HttpSession preferredSession2 = authenticatedSessionSupplier.get();
+ log.trace("{} authentication successful - {}", this, preferredSession2);
+ preferredSession2.setAttribute(BrooklynWebConfig.REMOTE_ADDRESS_SESSION_ATTRIBUTE, webRequest.getRemoteAddr());
+ if (user != null) {
+ preferredSession2.setAttribute(AUTHENTICATED_USER_SESSION_ATTRIBUTE, user);
+ }
+ return;
}
- return;
+ } catch (WebApplicationException e) {
+ abort(e.getResponse());
}
throw abort("Authentication failed", provider.requiresUserPass());
Review comment:
can we remove this throw?
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [brooklyn-server] jcabrerizo commented on a change in pull request
#1079: Adding logic to manage a max session age
Posted by GitBox <gi...@apache.org>.
jcabrerizo commented on a change in pull request #1079: Adding logic to manage a max session age
URL: https://github.com/apache/brooklyn-server/pull/1079#discussion_r365734620
##########
File path: rest/rest-resources/src/main/java/org/apache/brooklyn/rest/util/MultiSessionAttributeAdapter.java
##########
@@ -80,36 +95,53 @@
private static final String KEY_PREFERRED_SESSION_HANDLER_INSTANCE = "org.apache.brooklyn.server.PreferredSessionHandlerInstance";
private static final String KEY_IS_PREFERRED = "org.apache.brooklyn.server.IsPreferred";
- private static final int MAX_INACTIVE_INTERVAL = 3601;
+ public final static ConfigKey<Long> MAX_SESSION_AGE = ConfigKeys.newLongConfigKey(
+ "org.apache.brooklyn.server.maxSessionAge", "Max session age in seconds");
- private static final Object PREFERRED_SYMBOLIC_NAME =
+ public final static ConfigKey<Integer> MAX_INACTIVE_INTERVAL = ConfigKeys.newIntegerConfigKey(
+ "org.apache.brooklyn.server.maxInactiveInterval", "Max inactive interval in seconds",
+ 3601);
+
+ private static final Object PREFERRED_SYMBOLIC_NAME =
"org.apache.cxf.cxf-rt-transports-http";
//// our bundle here doesn't have a session handler; sessions to the REST API get the handler from CXF
//"org.apache.brooklyn.rest.rest-resources";
private final HttpSession preferredSession;
private final HttpSession localSession;
+ private final ManagementContext mgmt;
private boolean silentlyAcceptLocalOnlyValues = false;
private boolean setLocalValuesAlso = false;
private boolean setAllKnownSessions = false;
private static final Factory FACTORY = new Factory();
- protected MultiSessionAttributeAdapter(HttpSession preferredSession, HttpSession localSession) {
+ protected MultiSessionAttributeAdapter(HttpSession preferredSession, HttpSession localSession, HttpServletRequest request) {
this.preferredSession = preferredSession;
this.localSession = localSession;
+ ServletContext servletContext = request!=null ? request.getServletContext() : localSession!=null ? localSession.getServletContext() : preferredSession!=null ? preferredSession.getServletContext() : null;
Review comment:
Yes it is, but replace with if or wrapping it on a method with three parameters seems to be unclear too. I'll separate in different lines to emphasize the different possible values
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [brooklyn-server] tbouron commented on issue #1079: Adding logic to
manage a max session age
Posted by GitBox <gi...@apache.org>.
tbouron commented on issue #1079: Adding logic to manage a max session age
URL: https://github.com/apache/brooklyn-server/pull/1079#issuecomment-573741024
Looks like your changes break some test. Could you look into it @jcabrerizo ?
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services