Esempio n. 1
0
  @Override
  protected void doPost(HttpServletRequest req, HttpServletResponse resp)
      throws ServletException, IOException {

    resp.setContentType("application/json");
    final PrintWriter out = resp.getWriter();

    HttpSession session = req.getSession(false);

    if (session != null) {
      Subject subject = (Subject) session.getAttribute("subject");
      if (subject == null) {
        LOG.warn("No security subject stored in existing session, invalidating");
        session.invalidate();
        Helpers.doForbidden(resp);
        return;
      }
      sendResponse(session, subject, out);
      return;
    }

    AccessControlContext acc = AccessController.getContext();
    Subject subject = Subject.getSubject(acc);

    if (subject == null) {
      Helpers.doForbidden(resp);
      return;
    }
    Set<Principal> principals = subject.getPrincipals();

    String username = null;

    if (principals != null) {
      for (Principal principal : principals) {
        if (principal.getClass().getSimpleName().equals("UserPrincipal")) {
          username = principal.getName();
          LOG.debug("Authorizing user {}", username);
        }
      }
    }

    session = req.getSession(true);
    session.setAttribute("subject", subject);
    session.setAttribute("user", username);
    session.setAttribute("org.osgi.service.http.authentication.remote.user", username);
    session.setAttribute(
        "org.osgi.service.http.authentication.type", HttpServletRequest.BASIC_AUTH);
    session.setAttribute("loginTime", GregorianCalendar.getInstance().getTimeInMillis());
    if (timeout != null) {
      session.setMaxInactiveInterval(timeout);
    }
    if (LOG.isDebugEnabled()) {
      LOG.debug(
          "Http session timeout for user {} is {} sec.",
          username,
          session.getMaxInactiveInterval());
    }

    sendResponse(session, subject, out);
  }
Esempio n. 2
0
 /**
  * This method manages a request from the user. Here, the decision of moving forward or staying
  * still is made. This depends on the users credentials and whether they check out or not.
  *
  * @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse response)
  */
 protected void doGet(HttpServletRequest request, HttpServletResponse response)
     throws ServletException, IOException {
   // A few details that are relevant to checking.
   Model model = new Model();
   String username = request.getParameter("username");
   String password = request.getParameter("password");
   boolean result = model.login(username, password);
   RequestDispatcher dispatcher;
   HttpSession session = request.getSession();
   // If the user credentials are correct
   if (result) {
     String userIDKey = new String("userID");
     String userID = new String(username);
     // Session management
     session.setAttribute(userIDKey, userID);
     session.setAttribute("model", model);
     session.setAttribute("status", "");
     session.setMaxInactiveInterval(60);
     // Moving on to the next view.
     dispatcher = request.getRequestDispatcher("createMail.jsp");
   }
   // If the user credentials are incorrect
   else {
     model.close();
     // Session management and view control.
     session.setAttribute("statusLog", "Login failed. Could you please try again?");
     dispatcher = request.getRequestDispatcher("index.jsp");
   }
   dispatcher.forward(request, response);
 }
Esempio n. 3
0
  @RequestMapping(value = "/index", method = RequestMethod.POST)
  public org.springframework.web.servlet.ModelAndView checkLogin(
      HttpServletRequest request, Model model) {

    org.springframework.web.servlet.ModelAndView mv =
        new org.springframework.web.servlet.ModelAndView();

    LoginCheck loginCheck =
        new LoginCheck(request.getParameter("username"), request.getParameter("password"));

    if (loginCheck.check()) {
      mv.addObject("message", "Hello World");
      UserBean ub = loginCheck.getUserBean();
      mv.addObject("bean", ub);
      HttpSession session = request.getSession();

      session.setMaxInactiveInterval(60 * 15);

      session.setAttribute("username", request.getParameter("username"));
      session.setAttribute("password", request.getParameter("password"));
      mv.setViewName("admin/index");
    } else {
      mv.addObject("message", "hehehe");
      mv.setViewName("error");
    }

    return mv;
  }
Esempio n. 4
0
  protected void doPost(HttpServletRequest request, HttpServletResponse response)
      throws ServletException, IOException {

    String adminUser = request.getParameter("adminUser");
    String adminPassword = request.getParameter("adminPassword");

    if (Validation.isEmpty(adminUser) && Validation.isEmpty(adminPassword)) {
      request.setAttribute("adminname", adminUser);
      request.setAttribute("adminpassword", adminPassword);
      request.getRequestDispatcher("index.jsp").forward(request, response);
    } else {
      AdminLoginBean alb = new AdminLoginDAO().login(adminUser, adminPassword);
      if (alb != null) {
        System.out.println("here");

        System.out.println(adminUser + "===" + "np");

        session = request.getSession();
        session.setAttribute("admin", adminUser);
        session.setMaxInactiveInterval(6000);
        System.out.println(session.getAttribute("admin"));
        System.out.println("Session Created");
        response.sendRedirect("DashBoardList");
      } else {
        System.out.println("Login Failed");
        request.setAttribute(
            "authentication", "<font color=red>*userName or password is invalid</font>");
        request.getRequestDispatcher("index.jsp").forward(request, response);
      }
    }
  }
Esempio n. 5
0
  protected void doGet(HttpServletRequest request, HttpServletResponse response)
      throws ServletException, IOException {
    response.setContentType("text/html");

    PrintWriter out = response.getWriter();

    out.println("test session attributes<br>");

    HttpSession session = request.getSession();
    session.setMaxInactiveInterval(5 * 60); // configurando timeout da sessao

    out.println("<html><body>");
    out.println(
        "<a href=\"" + response.encodeURL("/beerV1/TestSessionAttributes.do") + "\">click me</a>");
    out.println(
        "<a href=\""
            + response.encodeRedirectURL("/beerV1/TestInitParams.do")
            + "\">click me</a>"); // redirecionando
    out.println("<html><body>");

    if (session.isNew()) {
      out.println("This is a new session!");
    } else {
      out.println("Welcome back!");
    }
  }
Esempio n. 6
0
  private void unjoinChat() {
    if (thisSession.getUserProperties().containsKey("USER")) {
      LOG.debug("unjoinChat(): " + thisSession.getUserProperties().get("USER"));

      sessionService.removeOnSessionDestroyedListener(callback);

      if (isHttpSessionValid) {
        int sessionIdleTime =
            (int) ((System.currentTimeMillis() - httpSession.getLastAccessedTime()) / 1000);
        LOG.debug("Max idle timeout: " + (sessionIdleTime + defaultSessionTimeout));
        httpSession.setMaxInactiveInterval(sessionIdleTime + defaultSessionTimeout);
      }

      int userNb = usersLoggedIn.decrementAndGet();

      Message infoMsg = new Message();

      infoMsg.TYPE = "INFO";
      infoMsg.SUBTYPE = "JOIN";
      infoMsg.INFO_MSG = thisSession.getUserProperties().get("USER") + " has left the building";
      infoMsg.STATS_MSG = userNb + " User" + (userNb > 1 ? "s " : " ") + "online!";
      infoMsg.USER_LIST = buildUserList(false);

      thisSession.getUserProperties().clear();

      broadcastMessage(infoMsg, false);
    }
  }
Esempio n. 7
0
 public MbSLogin() {
   HttpSession miSession =
       (HttpSession) FacesContext.getCurrentInstance().getExternalContext().getSession(true);
   miSession.setMaxInactiveInterval(5000);
   this.mostrarAdmin = false;
   this.mostrarAuxiliar = false;
   this.mostrarRegistrador = false;
 }
Esempio n. 8
0
 private void rollbackDefaultTimeout(HttpServletRequest httpRequest) {
   HttpSession session = httpRequest.getSession();
   Integer attributeInt = (Integer) session.getAttribute(Constants.SESS_ATTR_DEFAULT_TIMEOUT);
   if (attributeInt != null) {
     session.setMaxInactiveInterval(attributeInt.intValue());
     session.removeAttribute(Constants.SESS_ATTR_DEFAULT_TIMEOUT);
   }
 }
Esempio n. 9
0
 public String clearSession() {
   ExternalContext externalContext = FacesContext.getCurrentInstance().getExternalContext();
   HttpSession session = (HttpSession) externalContext.getSession(false);
   if (null != session) {
     session.setMaxInactiveInterval(5);
   }
   return null;
 }
Esempio n. 10
0
 public void storeLoggedAccountAndDefaultProject(
     GPAccount account, Long projectID, HttpServletRequest httpServletRequest) {
   HttpSession session = httpServletRequest.getSession();
   // TODO: Set the right time in seconds before session interrupt
   session.setMaxInactiveInterval(SESSIONE_EXPIRATION);
   session.setAttribute(SessionProperty.LOGGED_ACCOUNT.toString(), account);
   session.setAttribute(SessionProperty.DEFAULT_PROJECT.toString(), projectID);
 }
Esempio n. 11
0
  /** @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse response) */
  protected void doPost(HttpServletRequest request, HttpServletResponse response)
      throws ServletException, IOException {

    try {
      int result = -1;
      response.setContentType("text/html");
      PrintWriter out = response.getWriter();

      HttpSession session = request.getSession();

      // Get request parameters for userID and password
      String userName = request.getParameter("userName");
      String password = request.getParameter("password");

      if ((result = LoginDao.validate(userName, password)) != -1) {

        User userObj = UserDAO.getUser(userName);

        // Set session parameters
        session = request.getSession(true);
        session.setAttribute("user", userName);
        session.setAttribute("userID", result);

        // Setting session to expiry in 30 mins
        session.setMaxInactiveInterval(30 * 60);
        Cookie cookieUserName = new Cookie("user", userName);
        cookieUserName.setMaxAge(30 * 60);
        response.addCookie(cookieUserName);

        RequestDispatcher rd;
        if (userObj.getIsAdmin()) {
          rd = request.getRequestDispatcher("AdminServlet");
        } else {
          // Get all discounted products
          request.setAttribute("discountedProductList", this.getAllDiscoutedProducts(result));

          // Get non-discounted products
          request.setAttribute("nonDiscountedProductList", this.getAllNonDiscoutedProducts(result));

          // Get the user membership
          Map<String, String> userCategory = UserDAO.getUserCategory(result);
          request.setAttribute("userCategoryID", Integer.parseInt(userCategory.get("categoryID")));

          rd = request.getRequestDispatcher("loginSuccess.jsp");
        }
        rd.forward(request, response);

      } else {
        request.setAttribute("error", "Invalid Username or Password. Please try again.");
        RequestDispatcher rd = request.getRequestDispatcher("/login.jsp");
        rd.include(request, response);
      }

    } catch (Exception e) {
      e.printStackTrace();
    }
  }
Esempio n. 12
0
  @Test
  public void testWhenTheyHaveALowDefaultSessionTimeout() {
    httpServletRequest.setRemoteUser("bill");
    HttpSession session = httpServletRequest.getSession(true); // make a session
    session.setMaxInactiveInterval(5);

    botKiller.processRequest(httpServletRequest);

    assertEquals(5, session.getMaxInactiveInterval());
    assertNull(session.getAttribute(BotKiller.class.getName()));
  }
Esempio n. 13
0
  @Test
  public void testRequestHasUserGetsDifferentTimeout() throws Exception {
    httpServletRequest.setRemoteUser("bill");
    HttpSession session = httpServletRequest.getSession(true); // make a session
    session.setMaxInactiveInterval(MAX_INACTIVE_INTERVAL);

    botKiller.processRequest(httpServletRequest);

    assertEquals(USER_LOW_INACTIVE_TIMEOUT, session.getMaxInactiveInterval());
    assertEquals(MAX_INACTIVE_INTERVAL, session.getAttribute(BotKiller.class.getName()));
  }
Esempio n. 14
0
  @RequestMapping(value = "login_index")
  public String login_check(
      HttpServletRequest request, HttpServletResponse response, HttpSession session)
      throws IOException {
    response.setContentType("text/html;charset=utf-8");
    response.setHeader("CONTENT_TYPE", "text/html;charset=utf-8");
    response.setCharacterEncoding("utf-8");
    /*
    String url = (String) session.getAttribute("url");
    response.sendRedirect(url);*/

    String errorInfo = ""; // 错误信息
    String forward = "error"; // 跳转页面,默认跳入错误页
    String username = request.getParameter("username");
    String password = request.getParameter("password");
    String validateC =
        (String) request.getSession().getAttribute("validateCode"); // 拿到存入session的验证码
    String veryCode = request.getParameter("validateCode"); // 表单传入的验证码

    User user = new User();
    user.setUsername(username);
    user.setPassword(password);
    try {
      List<User> list = loginService.getUser(user);
      if (list.isEmpty()) {
        errorInfo = "用户名或密码输入错误!";
        request.setAttribute("errorInfo", errorInfo);
        request.setAttribute("username", username); // 若输错用户名或密码,不清空用户名
        forward = "login"; // 跳回原页面
      } else if (!validateC.equalsIgnoreCase(veryCode)) {
        errorInfo = "输入的验证码错误!";
        request.setAttribute("username", username);
        request.setAttribute("password", password); // 若输错验证码,不清空用户名和密码
        request.setAttribute("errorInfo", errorInfo);
        forward = "login";
      } else if (list.size() > 0 && validateC.equalsIgnoreCase(veryCode)) {
        /*forward = index(request, response);*/
        session.setAttribute("username", username); // 将用户名或密码存入session
        session.setAttribute("limitUser", list.get(0).getLimitUser());
        session = request.getSession(true);
        session.setMaxInactiveInterval(600); // 设置会话超期时间 以秒计时
        response.sendRedirect("/bysj_mjh/index/index");

        // request.getRequestDispatcher("/pages/dwz/index.jsp").forward(request, response);
      }

    } catch (Exception e) {
      e.printStackTrace();
    } finally {
      request.getSession().removeAttribute("validateCode"); // 移除session
    }

    return forward;
  }
Esempio n. 15
0
 private void performTask(HttpServletRequest request, HttpServletResponse response)
     throws ServletException {
   // создание сессии и установка времени инвалидации
   HttpSession session = request.getSession();
   int timeLive = 12 * 24 * 60; // в секундах!
   session.setMaxInactiveInterval(timeLive);
   try {
     processRequest(request, response);
   } catch (IOException e) {
     e.printStackTrace();
   }
 }
Esempio n. 16
0
  /**
   * Process incoming requests for information
   *
   * @param request Object that encapsulates the request to the servlet
   * @param response Object that encapsulates the response from the servlet
   */
  public void performTask(
      javax.servlet.http.HttpServletRequest request,
      javax.servlet.http.HttpServletResponse response) {

    dbUSUARIOS usuario = new dbUSUARIOS();
    dbPRIVILEGIOSGRUPO grupo = new dbPRIVILEGIOSGRUPO();
    dbMENUs menus = new dbMENUs();
    Menu menu = new Menu();
    Connection con = null;
    BeanUtil bu = null;
    logger.debug("login");
    try {

      bu = new BeanUtil();
      con = bu.getConn();

      String user = request.getParameter("user").trim();
      String password = request.getParameter("password").trim();
      usuario.setConnection(con);
      grupo.setConnection(con);
      menus.setConnection(con);

      if (usuario.findByUserPassword(user, password, idSistema)) {
        grupo.setIidgrupo(usuario.getIidgrupo());
        grupo.setIidsistema(idSistema);
        grupo.load();
        menu.setOpciones(menus.findByGrupo(usuario.getIidgrupo(), idSistema));
        HttpSession sesion = request.getSession(true);
        sesion.setMaxInactiveInterval(3000); // 5 minutos por default
        sesion.setAttribute("iidusuario", new Integer(usuario.getIidusuario()));
        sesion.setAttribute("username", user);
        sesion.setAttribute("grupo", new Integer(usuario.getIidgrupo()));
        sesion.setAttribute("color", grupo.getVchcolor());

        sesion.setAttribute("menualterno", menu.headerToString());
        // sesion.setAttribute("menu", menu.toString());
        sesion.setAttribute("sistema", new Integer(idSistema));
        response.sendRedirect("main.jsp");
      } else response.sendRedirect("index.html");
    } catch (Throwable e) {
      try {
        response.sendRedirect("index.html");
      } catch (java.io.IOException ioe) {
      }
      e.printStackTrace();
    } finally {
      try {
        bu.finalizeTransaction(con);
      } catch (Exception e) {
        e.printStackTrace();
      }
    }
  }
Esempio n. 17
0
 private void returnError(
     HttpServletRequest request,
     HttpServletResponse response,
     HttpSession session,
     String string) {
   try {
     session.setAttribute("FailMessage", string);
     session.setMaxInactiveInterval(360);
     response.sendRedirect(this.redirectOnFailure);
   } catch (IOException e) {
     e.printStackTrace();
   }
 }
Esempio n. 18
0
  @RequestMapping(value = "/start")
  public String start(String email, String password, HttpSession session) {
    Boolean loginResult = fellowService.verify(email, password);

    if (loginResult) {
      Fellows fellow = fellowService.read(email);
      session.setAttribute("fellowSeq", String.valueOf(fellow.getFellowSeq()));
      session.setAttribute("id", fellow.getId());
      session.setAttribute("nickname", fellow.getNickname());
      session.setMaxInactiveInterval(3600);
      return "redirect:/dashboard/view";
    } else return "redirect:login?result=failure";
  }
Esempio n. 19
0
 /**
  * Processes requests for both HTTP <code>GET</code> and <code>POST</code> methods.
  *
  * @param request servlet request
  * @param response servlet response
  * @throws ServletException if a servlet-specific error occurs
  * @throws IOException if an I/O error occurs
  */
 protected void processRequest(HttpServletRequest request, HttpServletResponse response)
     throws ServletException, IOException {
   response.setContentType("text/html;charset=UTF-8");
   PrintWriter out = response.getWriter();
   try {
     /* TODO output your page here. You may use following sample code. */
     if (bandera) {
       HttpSession session = request.getSession();
       session.setAttribute(
           "mensaje", "" + usuario.getPrimerNombre() + " Tu registro ha sido creado con Exito!");
       session.setMaxInactiveInterval(1);
       response.sendRedirect("vistas/crearProveedores.jsp");
     } else {
       HttpSession session = request.getSession();
       session.setAttribute("error", error);
       session.setMaxInactiveInterval(1);
       response.sendRedirect("vistas/crearProveedores.jsp");
     }
   } finally {
     out.close();
   }
 }
Esempio n. 20
0
	public void loginRoom(HttpServletRequest request, HttpServletResponse response)
            throws ServletException, IOException {
		response.setContentType("text/html;charset=UTF-8");
		HttpSession session = request.getSession();
		String username=request.getParameter("username");	//获得登录用户名
		UserInfo user=UserInfo.getInstance();		//获得UserInfo类的对象
		session.setMaxInactiveInterval(600);		//设置Session的过期时间为10分钟
		Vector vector=user.getList();
		boolean flag=true;		//标记是否登录的变量
		//判断用户是否登录
		System.out.println("vector的size:"+vector.size());
		if(vector!=null&&vector.size()>0){
			for(int i=0;i<vector.size();i++){
				System.out.println("vector"+i+":"+vector.elementAt(i)+" user:"******"<script language='javascript'>alert('该用户已经登录');window.location.href='index.jsp';</script>");
					} catch (IOException e) {
						e.printStackTrace();
					}
					flag=false;
					break;
				}
			}
		}
		//保存用户信息
		if(flag){
			UserListener ul=new UserListener();					//创建UserListener的对象
			ul.setUser(username);								//添加用户
			user.addUser(ul.getUser());							//添加用户到UserInfo类的对象中
			session.setAttribute("user",ul);						//将UserListener对象绑定到Session中
			session.setAttribute("username",username);	//保存当前登录的用户名
			session.setAttribute("loginTime",new Date().toLocaleString());		//保存登录时间
        ServletContext application=getServletContext();

        String sourceMessage="";

        if(null!=application.getAttribute("message")){
            sourceMessage=application.getAttribute("message").toString();
        }
        sourceMessage+="系统公告:<font color='gray'>" + username + "走进了聊天室!</font><br>";
        application.setAttribute("message",sourceMessage);
        try {
            request.getRequestDispatcher("login_ok.jsp").forward(request, response);
        } catch (Exception ex) {
            Logger.getLogger(Messages.class.getName()).log(Level.SEVERE, null, ex);
        }
		}
	}
Esempio n. 21
0
  /** @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse response) */
  protected void doGet(HttpServletRequest request, HttpServletResponse response)
      throws ServletException, IOException {
    // TODO Auto-generated method stub
    request.setCharacterEncoding("UTF-8");

    try {
      // client�뿉�꽌 id,pw 諛쏄린
      String id = request.getParameter("id");
      String pw = request.getParameter("pw");

      MemberDAO mDAO = new MemberDAO();

      String mpw = mDAO.userCheck(id);
      String mlv = mDAO.getlv(id);

      // db�뿉 ���옣�맂 鍮꾨�踰덊샇�옉 媛숈�吏� �솗�씤

      if (mlv.equals("1") && pw.equals(mpw)) {
        HttpSession sessionL = request.getSession();
        sessionL.setAttribute("mid", id);
        sessionL.setAttribute("sessionId", sessionL.getId());
        sessionL.setAttribute("pw", pw);
        sessionL.setMaxInactiveInterval(10 * 60);
        response.setStatus(200);
        response.sendRedirect("main.jsp");
      } else if (mlv.equals("2") && pw.equals(mpw)) {

        response.setCharacterEncoding("euc-kr");
        PrintWriter writer = response.getWriter();
        writer.println("<script type='text/javascript'>");
        writer.println("alert('관리자 계정이 아닙니다.');");
        writer.println("history.go(-1);");
        writer.println("</script>");
        writer.flush();
        return;
      } else {
        response.setCharacterEncoding("euc-kr");
        PrintWriter writer = response.getWriter();
        writer.println("<script type='text/javascript'>");
        writer.println("alert('입력 정보를 다시 한번 확인해주세요.');");
        writer.println("history.go(-1);");
        writer.println("</script>");
        writer.flush();
        return;
      }

    } catch (Exception e) {
      response.setStatus(404);
      response.sendRedirect("main.jsp");
    }
  }
Esempio n. 22
0
  protected void doPost(HttpServletRequest request, HttpServletResponse response)
      throws ServletException, IOException {
    request.setCharacterEncoding("utf-8");
    response.setCharacterEncoding("utf-8");

    PrintWriter writer = response.getWriter();
    HttpSession session = request.getSession(false);
    if (session == null) {
      writer.write("request.getSession为空!");
      String sessionid = request.getParameter("sessionid");
      session = MySessionContext.getInstance().getSession(sessionid);
      if (session == null) {
        writer.write("MySessionContext.getInstance().getSession为空!");
      } else {
        session.setMaxInactiveInterval(0);
        writer.write("使用MySessionContext注销!");
      }
    } else {
      session.setMaxInactiveInterval(0);
      writer.write("已经成功使用session注销");
    }
    writer.flush();
  }
Esempio n. 23
0
  @RequestMapping(value = "/login", method = RequestMethod.GET)
  public String login(
      HttpServletRequest httpRequest,
      @RequestParam(value = "loginID") String loginId,
      @RequestParam(value = "loginPW") String loginPw) {
    LoginDAO loginRepository = LoginDAO.getInstance();

    int res = loginRepository.checkLogin(loginId, loginPw);
    if (res > 0) {
      HttpSession clientSession = httpRequest.getSession();
      clientSession.setAttribute("client_id", loginId);
      clientSession.setMaxInactiveInterval(60); // 60 Sec
    }

    return "index";
  }
Esempio n. 24
0
  public JSONObject loginUser(
      HttpServletRequest request, HttpServletResponse response, JSONRPC2Request jsonReq)
      throws Exception {
    // define new json for the result
    JSONObject jsonLogin = new JSONObject();
    // get user info
    Map<String, Object> params = jsonReq.getNamedParams();
    NamedParamsRetriever np = new NamedParamsRetriever(params);

    String password = PassEncript.PassHash(np.getString("password"));
    System.out.println("input pass " + password);

    String email = np.getString("email");

    // establish connection

    MySQLDAO dao = new MySQLDAO();

    // get user by email
    User u = new User();
    u = dao.loadUser(email);

    if (!(u.getEmail().equals(email))) {
      throw new Exception("incorrect email");
    } else {
      // check if password is correct
      if (u.getPassword().equals(password)) {
        // create sesssion and cookies
        HttpSession session = request.getSession();
        session.setAttribute("pass", TimeEncrpyt.TimeHash());
        System.out.println("session pass: "******"pass").toString());
        session.setAttribute("user", email);
        System.out.println("session user: "******"user").toString());
        session.setMaxInactiveInterval(30 * 60);
        Cookie pass = new Cookie("pass", TimeEncrpyt.TimeHash());
        System.out.println("cookie pass: "******"user", u.toJSONObject());
        return jsonLogin;
      } else {
        throw new Exception("password missmatch");
      }
    }
  }
Esempio n. 25
0
  @Override
  public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
      throws IOException, ServletException {
    HttpServletResponse servletResponse = (HttpServletResponse) response;
    HttpServletRequest servletRequest = (HttpServletRequest) request;

    // 获得userId参数值。
    String userId = request.getParameter(WebConstants.USER_ID_PARAM_NAME);
    if (StringUtils.isEmpty(userId)) {
      logger.warn(SESSIONID_IS_NULL);
      sendError(servletResponse, SESSIONID_IS_NULL);
      return;
    }
    if (!SessionStorage.containsKey(userId)) {
      logger.warn(SESSIONID_IS_NOT_CONTATINS);
      sendError(servletResponse, SESSIONID_IS_NOT_CONTATINS);
      return;
    }
    HttpSession session = SessionStorage.get(userId);
    try {
      // 本地应用已经登录,则进行登出处理。
      if (session != null
          && session.getAttribute(Ki4soClientFilter.USER_STATE_IN_SESSION_KEY) != null) {
        if (session.getAttribute(Ki4soClientFilter.USER_STATE_IN_SESSION_KEY) != null) {
          // 清除session中的值。
          session.setAttribute(Ki4soClientFilter.USER_STATE_IN_SESSION_KEY, null);
        }

        // 若本定应用处理器不为空。
        if (appClientLogoutHandler != null) {
          // 登出本应用。
          appClientLogoutHandler.logoutClient(servletRequest, servletResponse, userId);
        }

        // 将session设置过期
        session.setMaxInactiveInterval(0);
        // 移除session信息
        SessionStorage.remove(userId);
      }
      // 响应登录结果。
      sendResponse(servletResponse);
    } catch (Exception e) {
      // 响应登录结果。
      sendError(servletResponse);
    }
  }
Esempio n. 26
0
    @Override
    public void event(CometEvent event) throws IOException, ServletException {

      HttpServletRequest request = event.getHttpServletRequest();
      HttpServletResponse response = event.getHttpServletResponse();

      HttpSession session = request.getSession(true);
      session.setMaxInactiveInterval(30);

      lastEvent = event.getEventType();

      if (event.getEventType() == EventType.BEGIN) {
        if (failOnBegin) {
          throw new IOException("Fail on begin");
        }
        response.setContentType("text/plain");
        response.getWriter().print("BEGIN" + "\r\n");
      } else if (event.getEventType() == EventType.READ) {
        if (failOnRead) {
          throw new IOException("Fail on read");
        }
        InputStream is = request.getInputStream();
        int count = 0;
        while (is.available() > 0) {
          is.read();
          count++;
        }
        String msg = "READ: " + count + " bytes";
        response.getWriter().print("Client: " + msg + "\r\n");
      } else if (event.getEventType() == EventType.END) {
        endEventOccurred = true;
        if (failOnEnd) {
          throw new IOException("Fail on end");
        }
        String msg = "END";
        response.getWriter().print("Client: " + msg + "\r\n");
        event.close();
      } else {
        String msg = event.getEventType() + ":" + event.getEventSubType() + "\r\n";
        System.out.print(msg);
        response.getWriter().print(msg);
        event.close();
      }
      response.getWriter().flush();
    }
Esempio n. 27
0
  private void testModeAuthenticate(HttpServletRequest request, HttpServletResponse response) {
    HttpSession session = request.getSession(true);

    int expiry = 43200;
    if (expiryStr != null) {
      try {
        expiry = new Integer(expiryStr);
      } catch (NumberFormatException e) {
        // ignore
      }
    }

    long currentDateMS = System.currentTimeMillis();

    session.setAttribute(OOI_ID_KEY, ooi_id);
    String expiryValSecs = "" + (currentDateMS / 1000 + expiry);
    session.setAttribute(EXPIRY_KEY, expiryValSecs);
    session.setMaxInactiveInterval(expiry);
    session.setAttribute(USER_ALREADY_REGISTERED_KEY, true);

    // Programmatically add credential for principal (OOI_ID)
    for (int i = 0; i < roles.length; i++) {
      if (roles[i].equals("admin")) {
        session.setAttribute(USER_IS_ADMIN_KEY, true);
        continue;
      }

      if (roles[i].equals("earlyadopter")) {
        session.setAttribute(USER_IS_EARY_ADOPTER_KEY, true);
        continue;
      }

      if (roles[i].equals("dataprovider")) {
        session.setAttribute(USER_IS_DATA_PROVIDER_KEY, true);
        continue;
      }

      if (roles[i].equals("marineoperator")) {
        session.setAttribute(USER_IS_MARINE_OPERATOR_KEY, true);
        continue;
      }
    }

    session.setAttribute(USER_ALREADY_REGISTERED_KEY, true);
  }
Esempio n. 28
0
  private void joinChat() {
    String userColor;

    sessionService.addOnSessionDestroyedListener(callback);

    defaultSessionTimeout = httpSession.getMaxInactiveInterval();
    httpSession.setMaxInactiveInterval(0);
    lastActivityTime = System.currentTimeMillis();

    String username = ((User) authToken.getPrincipal()).getUsername();
    LOG.debug("joinChat() user: "******"USER", username);

    int userNb = usersLoggedIn.incrementAndGet();
    // If a user is active more than once, give him the same color:
    if (userColorMap.containsKey(username)) {
      userColor = userColorMap.get(username);
    } else {
      userColor = PEER_COLORS[userNb % PEER_COLOR_NB];
      userColorMap.put(username, userColor);
    }

    thisSession.getUserProperties().put("COLOR", userColor);

    Message joinMsg = new Message();
    joinMsg.TYPE = "JOIN";
    joinMsg.SUBTYPE = "JOIN";
    joinMsg.USER_LIST = buildUserList(true);
    joinMsg.STATS_MSG = userNb + " User" + (userNb > 1 ? "s " : " ") + "online!";

    sendMessage(joinMsg);

    Message infoMsg = new Message();
    infoMsg.TYPE = "INFO";
    infoMsg.SUBTYPE = "JOIN";
    infoMsg.INFO_MSG = username + " has entered the building";
    infoMsg.STATS_MSG = userNb + " User" + (userNb > 1 ? "s " : " ") + "online!";
    infoMsg.USER_LIST = buildUserList(true);

    broadcastMessage(infoMsg, false);
  }
Esempio n. 29
0
  public ModelAndView handleRequest(HttpServletRequest request, HttpServletResponse response)
      throws Exception {

    String attrName = "film";
    if (request.getParameter("name") != null && request.getParameter("name") != "") {
      HttpSession session = request.getSession(true);
      Object attribute = session.getAttribute(attrName);
      LOGGER.info("attribute film : value: " + attribute);

      Map<String, String> map = new HashMap<String, String>();
      map.put("sessionFilm", (String) attribute);
      return new ModelAndView("session2", map);
    }

    HttpSession session = request.getSession(true);
    session.setMaxInactiveInterval(10);
    session.setAttribute(attrName, "good film");
    return new ModelAndView("session1");
  }
Esempio n. 30
0
  @Test
  public void testErrorWhenCheckingUsernameDoesNotKillBotKiller() {
    botKiller =
        new BotKiller(
            new MockUserManager(null) {
              @Override
              public String getRemoteUsername(HttpServletRequest request) {
                throw new RuntimeException("a most unexpected error");
              }
            });

    httpServletRequest.setRemoteUser("bill");
    HttpSession session = httpServletRequest.getSession(true); // make a session
    session.setMaxInactiveInterval(MAX_INACTIVE_INTERVAL);

    botKiller.processRequest(httpServletRequest);

    assertEquals(LOW_INACTIVE_TIMEOUT, session.getMaxInactiveInterval());
    assertEquals(MAX_INACTIVE_INTERVAL, session.getAttribute(BotKiller.class.getName()));
  }