1 //========================================================================
2 //Copyright 2006 Mort Bay Consulting Pty. Ltd.
3 //------------------------------------------------------------------------
4 //Licensed under the Apache License, Version 2.0 (the "License");
5 //you may not use this file except in compliance with the License.
6 //You may obtain a copy of the License at
7 //http://www.apache.org/licenses/LICENSE-2.0
8 //Unless required by applicable law or agreed to in writing, software
9 //distributed under the License is distributed on an "AS IS" BASIS,
10 //WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
11 //See the License for the specific language governing permissions and
12 //limitations under the License.
13 //========================================================================
14
15 package org.mortbay.jetty.servlet;
16
17 import java.security.NoSuchAlgorithmException;
18 import java.security.SecureRandom;
19 import java.util.Random;
20
21 import javax.servlet.http.HttpServletRequest;
22 import javax.servlet.http.HttpSession;
23
24 import org.mortbay.component.AbstractLifeCycle;
25 import org.mortbay.jetty.SessionIdManager;
26 import org.mortbay.jetty.servlet.AbstractSessionManager.Session;
27 import org.mortbay.log.Log;
28 import org.mortbay.util.MultiMap;
29
30 /* ------------------------------------------------------------ */
31 /**
32 * HashSessionIdManager. An in-memory implementation of the session ID manager.
33 */
34 public class HashSessionIdManager extends AbstractLifeCycle implements SessionIdManager
35 {
36 private final static String __NEW_SESSION_ID="org.mortbay.jetty.newSessionId";
37
38 MultiMap _sessions;
39 protected Random _random;
40 private boolean _weakRandom;
41 private String _workerName;
42
43 /* ------------------------------------------------------------ */
44 public HashSessionIdManager()
45 {
46 }
47
48 /* ------------------------------------------------------------ */
49 public HashSessionIdManager(Random random)
50 {
51 _random=random;
52
53 }
54
55 /* ------------------------------------------------------------ */
56 /**
57 * Get the workname. If set, the workername is dot appended to the session
58 * ID and can be used to assist session affinity in a load balancer.
59 *
60 * @return String or null
61 */
62 public String getWorkerName()
63 {
64 return _workerName;
65 }
66
67 /* ------------------------------------------------------------ */
68 /**
69 * Set the workname. If set, the workername is dot appended to the session
70 * ID and can be used to assist session affinity in a load balancer.
71 *
72 * @param workerName
73 */
74 public void setWorkerName(String workerName)
75 {
76 _workerName=workerName;
77 }
78
79 /* ------------------------------------------------------------ */
80 /** Get the session ID with any worker ID.
81 *
82 * @param request
83 * @return sessionId plus any worker ID.
84 */
85 public String getNodeId(String clusterId,HttpServletRequest request)
86 {
87 String worker=request==null?null:(String)request.getAttribute("org.mortbay.http.ajp.JVMRoute");
88 if (worker!=null)
89 return clusterId+'.'+worker;
90
91 if (_workerName!=null)
92 return clusterId+'.'+_workerName;
93
94 return clusterId;
95 }
96
97 /* ------------------------------------------------------------ */
98 /** Get the session ID with any worker ID.
99 *
100 * @param request
101 * @return sessionId plus any worker ID.
102 */
103 public String getClusterId(String nodeId)
104 {
105 int dot=nodeId.lastIndexOf('.');
106 return (dot>0)?nodeId.substring(0,dot):nodeId;
107 }
108
109 /* ------------------------------------------------------------ */
110 protected void doStart()
111 {
112 if (_random==null)
113 {
114 try
115 {
116 //This operation may block on some systems with low entropy. See this page
117 //for workaround suggestions:
118 //http://docs.codehaus.org/display/JETTY/Connectors+slow+to+startup
119 Log.debug("Init SecureRandom.");
120 _random=new SecureRandom();
121 }
122 catch (Exception e)
123 {
124 Log.warn("Could not generate SecureRandom for session-id randomness",e);
125 _random=new Random();
126 _weakRandom=true;
127 }
128 }
129 _sessions=new MultiMap();
130 }
131
132 /* ------------------------------------------------------------ */
133 protected void doStop()
134 {
135 if (_sessions!=null)
136 _sessions.clear(); // Maybe invalidate?
137 _sessions=null;
138 }
139
140 /* ------------------------------------------------------------ */
141 /*
142 * @see org.mortbay.jetty.SessionManager.MetaManager#idInUse(java.lang.String)
143 */
144 public boolean idInUse(String id)
145 {
146 return _sessions.containsKey(id);
147 }
148
149 /* ------------------------------------------------------------ */
150 /*
151 * @see org.mortbay.jetty.SessionManager.MetaManager#addSession(javax.servlet.http.HttpSession)
152 */
153 public void addSession(HttpSession session)
154 {
155 synchronized (this)
156 {
157 _sessions.add(getClusterId(session.getId()),session);
158 }
159 }
160
161 /* ------------------------------------------------------------ */
162 /*
163 * @see org.mortbay.jetty.SessionManager.MetaManager#addSession(javax.servlet.http.HttpSession)
164 */
165 public void removeSession(HttpSession session)
166 {
167 synchronized (this)
168 {
169 _sessions.removeValue(getClusterId(session.getId()),session);
170 }
171 }
172
173 /* ------------------------------------------------------------ */
174 /*
175 * @see org.mortbay.jetty.SessionManager.MetaManager#invalidateAll(java.lang.String)
176 */
177 public void invalidateAll(String id)
178 {
179 while (true)
180 {
181 Session session=null;
182 synchronized (this)
183 {
184 if (_sessions.containsKey(id))
185 {
186 session=(Session)_sessions.getValue(id,0);
187 _sessions.removeValue(id,session);
188 }
189 else
190 return;
191 }
192 if (session.isValid())
193 session.invalidate();
194 }
195 }
196
197 /* ------------------------------------------------------------ */
198 /*
199 * new Session ID. If the request has a requestedSessionID which is unique,
200 * that is used. The session ID is created as a unique random long XORed with
201 * connection specific information, base 36.
202 * @param request
203 * @param created
204 * @return Session ID.
205 */
206 public String newSessionId(HttpServletRequest request, long created)
207 {
208 synchronized (this)
209 {
210 // A requested session ID can only be used if it is in use already.
211 String requested_id=request.getRequestedSessionId();
212
213 if (requested_id!=null)
214 {
215 String cluster_id=getClusterId(requested_id);
216 if (idInUse(cluster_id))
217 return cluster_id;
218 }
219
220 // Else reuse any new session ID already defined for this request.
221 String new_id=(String)request.getAttribute(__NEW_SESSION_ID);
222 if (new_id!=null&&idInUse(new_id))
223 return new_id;
224
225 // pick a new unique ID!
226 String id=null;
227 while (id==null||id.length()==0||idInUse(id))
228 {
229 long r0=_weakRandom
230 ?(hashCode()^Runtime.getRuntime().freeMemory()^_random.nextInt()^(((long)request.hashCode())<<32))
231 :_random.nextLong();
232 long r1=_random.nextLong();
233 if (r0<0)
234 r0=-r0;
235 if (r1<0)
236 r1=-r1;
237 id=Long.toString(r0,36)+Long.toString(r1,36);
238 }
239
240 // make the id unique to generating node
241 if (_workerName!=null)
242 id=_workerName+id;
243
244 request.setAttribute(__NEW_SESSION_ID,id);
245 return id;
246 }
247 }
248
249 /* ------------------------------------------------------------ */
250 public Random getRandom()
251 {
252 return _random;
253 }
254
255 /* ------------------------------------------------------------ */
256 public void setRandom(Random random)
257 {
258 _random=random;
259 _weakRandom=false;
260 }
261
262 }