1 //========================================================================
2 //Copyright 2006 Mort Bay Consulting Pty. Ltd.
3 //------------------------------------------------------------------------
4 //Licensed under the Apache License, Version 2.0 (the "License");
5 //you may not use this file except in compliance with the License.
6 //You may obtain a copy of the License at
7 //http://www.apache.org/licenses/LICENSE-2.0
8 //Unless required by applicable law or agreed to in writing, software
9 //distributed under the License is distributed on an "AS IS" BASIS,
10 //WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
11 //See the License for the specific language governing permissions and
12 //limitations under the License.
13 //========================================================================
14
15 package org.mortbay.jetty.servlet;
16
17 import java.security.NoSuchAlgorithmException;
18 import java.security.SecureRandom;
19 import java.util.Random;
20
21 import javax.servlet.http.HttpServletRequest;
22 import javax.servlet.http.HttpSession;
23
24 import org.mortbay.component.AbstractLifeCycle;
25 import org.mortbay.jetty.SessionIdManager;
26 import org.mortbay.jetty.servlet.AbstractSessionManager.Session;
27 import org.mortbay.log.Log;
28 import org.mortbay.util.MultiMap;
29
30 /* ------------------------------------------------------------ */
31 /**
32 * HashSessionIdManager. An in-memory implementation of the session ID manager.
33 */
34 public class HashSessionIdManager extends AbstractLifeCycle implements SessionIdManager
35 {
36 private final static String __NEW_SESSION_ID="org.mortbay.jetty.newSessionId";
37 protected final static String SESSION_ID_RANDOM_ALGORITHM = "SHA1PRNG";
38 protected final static String SESSION_ID_RANDOM_ALGORITHM_ALT = "IBMSecureRandom";
39
40 MultiMap _sessions;
41 protected Random _random;
42 private boolean _weakRandom;
43 private String _workerName;
44
45 /* ------------------------------------------------------------ */
46 public HashSessionIdManager()
47 {
48 }
49
50 /* ------------------------------------------------------------ */
51 public HashSessionIdManager(Random random)
52 {
53 _random=random;
54
55 }
56
57 /* ------------------------------------------------------------ */
58 /**
59 * Get the workname. If set, the workername is dot appended to the session
60 * ID and can be used to assist session affinity in a load balancer.
61 *
62 * @return String or null
63 */
64 public String getWorkerName()
65 {
66 return _workerName;
67 }
68
69 /* ------------------------------------------------------------ */
70 /**
71 * Set the workname. If set, the workername is dot appended to the session
72 * ID and can be used to assist session affinity in a load balancer.
73 *
74 * @param workerName
75 */
76 public void setWorkerName(String workerName)
77 {
78 _workerName=workerName;
79 }
80
81 /* ------------------------------------------------------------ */
82 /** Get the session ID with any worker ID.
83 *
84 * @param request
85 * @return sessionId plus any worker ID.
86 */
87 public String getNodeId(String clusterId,HttpServletRequest request)
88 {
89 String worker=request==null?null:(String)request.getAttribute("org.mortbay.http.ajp.JVMRoute");
90 if (worker!=null)
91 return clusterId+'.'+worker;
92
93 if (_workerName!=null)
94 return clusterId+'.'+_workerName;
95
96 return clusterId;
97 }
98
99 /* ------------------------------------------------------------ */
100 /** Get the session ID with any worker ID.
101 *
102 * @param request
103 * @return sessionId plus any worker ID.
104 */
105 public String getClusterId(String nodeId)
106 {
107 int dot=nodeId.lastIndexOf('.');
108 return (dot>0)?nodeId.substring(0,dot):nodeId;
109 }
110
111 /* ------------------------------------------------------------ */
112 protected void doStart()
113 {
114 if (_random==null)
115 {
116 try
117 {
118 //This operation may block on some systems with low entropy. See this page
119 //for workaround suggestions:
120 //http://docs.codehaus.org/display/JETTY/Connectors+slow+to+startup
121 Log.debug("Init SecureRandom.");
122 _random=SecureRandom.getInstance(SESSION_ID_RANDOM_ALGORITHM);
123 }
124 catch (NoSuchAlgorithmException e)
125 {
126 try
127 {
128 _random=SecureRandom.getInstance(SESSION_ID_RANDOM_ALGORITHM_ALT);
129 _weakRandom=false;
130 }
131 catch (NoSuchAlgorithmException e_alt)
132 {
133 Log.warn("Could not generate SecureRandom for session-id randomness",e);
134 _random=new Random();
135 _weakRandom=true;
136 }
137 }
138 }
139 _random.setSeed(_random.nextLong()^System.currentTimeMillis()^hashCode()^Runtime.getRuntime().freeMemory());
140 _sessions=new MultiMap();
141 }
142
143 /* ------------------------------------------------------------ */
144 protected void doStop()
145 {
146 if (_sessions!=null)
147 _sessions.clear(); // Maybe invalidate?
148 _sessions=null;
149 }
150
151 /* ------------------------------------------------------------ */
152 /*
153 * @see org.mortbay.jetty.SessionManager.MetaManager#idInUse(java.lang.String)
154 */
155 public boolean idInUse(String id)
156 {
157 return _sessions.containsKey(id);
158 }
159
160 /* ------------------------------------------------------------ */
161 /*
162 * @see org.mortbay.jetty.SessionManager.MetaManager#addSession(javax.servlet.http.HttpSession)
163 */
164 public void addSession(HttpSession session)
165 {
166 synchronized (this)
167 {
168 _sessions.add(getClusterId(session.getId()),session);
169 }
170 }
171
172 /* ------------------------------------------------------------ */
173 /*
174 * @see org.mortbay.jetty.SessionManager.MetaManager#addSession(javax.servlet.http.HttpSession)
175 */
176 public void removeSession(HttpSession session)
177 {
178 synchronized (this)
179 {
180 _sessions.removeValue(getClusterId(session.getId()),session);
181 }
182 }
183
184 /* ------------------------------------------------------------ */
185 /*
186 * @see org.mortbay.jetty.SessionManager.MetaManager#invalidateAll(java.lang.String)
187 */
188 public void invalidateAll(String id)
189 {
190 synchronized (this)
191 {
192 // Do not use interators as this method tends to be called recursively
193 // by the invalidate calls.
194 while (_sessions.containsKey(id))
195 {
196 Session session=(Session)_sessions.getValue(id,0);
197 if (session.isValid())
198 session.invalidate();
199 else
200 _sessions.removeValue(id,session);
201 }
202 }
203 }
204
205 /* ------------------------------------------------------------ */
206 /*
207 * new Session ID. If the request has a requestedSessionID which is unique,
208 * that is used. The session ID is created as a unique random long XORed with
209 * connection specific information, base 36.
210 * @param request
211 * @param created
212 * @return Session ID.
213 */
214 public String newSessionId(HttpServletRequest request, long created)
215 {
216 synchronized (this)
217 {
218 // A requested session ID can only be used if it is in use already.
219 String requested_id=request.getRequestedSessionId();
220
221 if (requested_id!=null)
222 {
223 String cluster_id=getClusterId(requested_id);
224 if (idInUse(cluster_id))
225 return cluster_id;
226 }
227
228 // Else reuse any new session ID already defined for this request.
229 String new_id=(String)request.getAttribute(__NEW_SESSION_ID);
230 if (new_id!=null&&idInUse(new_id))
231 return new_id;
232
233 // pick a new unique ID!
234 String id=null;
235 while (id==null||id.length()==0||idInUse(id))
236 {
237 long r=_weakRandom
238 ?(hashCode()^Runtime.getRuntime().freeMemory()^_random.nextInt()^(((long)request.hashCode())<<32))
239 :_random.nextLong();
240 r^=created;
241 if (request!=null && request.getRemoteAddr()!=null)
242 r^=request.getRemoteAddr().hashCode();
243 if (r<0)
244 r=-r;
245 id=Long.toString(r,36);
246 }
247
248 request.setAttribute(__NEW_SESSION_ID,id);
249 return id;
250 }
251 }
252
253 /* ------------------------------------------------------------ */
254 public Random getRandom()
255 {
256 return _random;
257 }
258
259 /* ------------------------------------------------------------ */
260 public void setRandom(Random random)
261 {
262 _random=random;
263 _weakRandom=false;
264 }
265
266 }