View Javadoc

1   //========================================================================
2   //Copyright 2006 Mort Bay Consulting Pty. Ltd.
3   //------------------------------------------------------------------------
4   //Licensed under the Apache License, Version 2.0 (the "License");
5   //you may not use this file except in compliance with the License.
6   //You may obtain a copy of the License at 
7   //http://www.apache.org/licenses/LICENSE-2.0
8   //Unless required by applicable law or agreed to in writing, software
9   //distributed under the License is distributed on an "AS IS" BASIS,
10  //WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
11  //See the License for the specific language governing permissions and
12  //limitations under the License.
13  //========================================================================
14  
15  package org.mortbay.jetty.servlet;
16  
17  import java.security.NoSuchAlgorithmException;
18  import java.security.SecureRandom;
19  import java.util.Random;
20  
21  import javax.servlet.http.HttpServletRequest;
22  import javax.servlet.http.HttpSession;
23  
24  import org.mortbay.component.AbstractLifeCycle;
25  import org.mortbay.jetty.SessionIdManager;
26  import org.mortbay.jetty.servlet.AbstractSessionManager.Session;
27  import org.mortbay.log.Log;
28  import org.mortbay.util.MultiMap;
29  
30  /* ------------------------------------------------------------ */
31  /**
32   * HashSessionIdManager. An in-memory implementation of the session ID manager.
33   */
34  public class HashSessionIdManager extends AbstractLifeCycle implements SessionIdManager
35  {
36      private final static String __NEW_SESSION_ID="org.mortbay.jetty.newSessionId";  
37  
38      MultiMap _sessions;
39      protected Random _random;
40      private boolean _weakRandom;
41      private String _workerName;
42  
43      /* ------------------------------------------------------------ */
44      public HashSessionIdManager()
45      {
46      }
47  
48      /* ------------------------------------------------------------ */
49      public HashSessionIdManager(Random random)
50      {
51          _random=random;
52        
53      }
54  
55      /* ------------------------------------------------------------ */
56      /**
57       * Get the workname. If set, the workername is dot appended to the session
58       * ID and can be used to assist session affinity in a load balancer.
59       * 
60       * @return String or null
61       */
62      public String getWorkerName()
63      {
64          return _workerName;
65      }
66  
67      /* ------------------------------------------------------------ */
68      /**
69       * Set the workname. If set, the workername is dot appended to the session
70       * ID and can be used to assist session affinity in a load balancer.
71       * 
72       * @param workerName
73       */
74      public void setWorkerName(String workerName)
75      {
76          _workerName=workerName;
77      }
78  
79      /* ------------------------------------------------------------ */
80      /** Get the session ID with any worker ID.
81       * 
82       * @param request
83       * @return sessionId plus any worker ID.
84       */
85      public String getNodeId(String clusterId,HttpServletRequest request) 
86      {
87          String worker=request==null?null:(String)request.getAttribute("org.mortbay.http.ajp.JVMRoute");
88          if (worker!=null) 
89              return clusterId+'.'+worker; 
90          
91          if (_workerName!=null) 
92              return clusterId+'.'+_workerName;
93         
94          return clusterId;
95      }
96  
97      /* ------------------------------------------------------------ */
98      /** Get the session ID with any worker ID.
99       * 
100      * @param request
101      * @return sessionId plus any worker ID.
102      */
103     public String getClusterId(String nodeId) 
104     {
105         int dot=nodeId.lastIndexOf('.');
106         return (dot>0)?nodeId.substring(0,dot):nodeId;
107     }
108     
109     /* ------------------------------------------------------------ */
110     protected void doStart()
111     {
112         if (_random==null)
113         {      
114             try 
115             {
116                 //This operation may block on some systems with low entropy. See this page
117                 //for workaround suggestions:
118                 //http://docs.codehaus.org/display/JETTY/Connectors+slow+to+startup
119                 Log.debug("Init SecureRandom."); 
120                 _random=new SecureRandom();
121             }
122             catch (Exception e)
123             {
124 		Log.warn("Could not generate SecureRandom for session-id randomness",e);
125 		_random=new Random();
126 		_weakRandom=true;
127             }
128         }
129         _sessions=new MultiMap();
130     }
131 
132     /* ------------------------------------------------------------ */
133     protected void doStop()
134     {
135         if (_sessions!=null)
136             _sessions.clear(); // Maybe invalidate?
137         _sessions=null;
138     }
139 
140     /* ------------------------------------------------------------ */
141     /*
142      * @see org.mortbay.jetty.SessionManager.MetaManager#idInUse(java.lang.String)
143      */
144     public boolean idInUse(String id)
145     {
146         return _sessions.containsKey(id);
147     }
148 
149     /* ------------------------------------------------------------ */
150     /*
151      * @see org.mortbay.jetty.SessionManager.MetaManager#addSession(javax.servlet.http.HttpSession)
152      */
153     public void addSession(HttpSession session)
154     {
155         synchronized (this)
156         {
157             _sessions.add(getClusterId(session.getId()),session);
158         }
159     }
160 
161     /* ------------------------------------------------------------ */
162     /*
163      * @see org.mortbay.jetty.SessionManager.MetaManager#addSession(javax.servlet.http.HttpSession)
164      */
165     public void removeSession(HttpSession session)
166     {
167         synchronized (this)
168         {
169             _sessions.removeValue(getClusterId(session.getId()),session);
170         }
171     }
172 
173     /* ------------------------------------------------------------ */
174     /*
175      * @see org.mortbay.jetty.SessionManager.MetaManager#invalidateAll(java.lang.String)
176      */
177     public void invalidateAll(String id)
178     {
179         while (true)
180         {
181             Session session=null;
182             synchronized (this)
183             {
184                 if (_sessions.containsKey(id))
185                 {
186                     session=(Session)_sessions.getValue(id,0);
187                     _sessions.removeValue(id,session);
188                 }
189                 else
190                     return;
191             }
192             if (session.isValid())
193                 session.invalidate();
194         }
195     }
196 
197     /* ------------------------------------------------------------ */
198     /*
199      * new Session ID. If the request has a requestedSessionID which is unique,
200      * that is used. The session ID is created as a unique random long XORed with
201      * connection specific information, base 36.
202      * @param request 
203      * @param created 
204      * @return Session ID.
205      */
206     public String newSessionId(HttpServletRequest request, long created)
207     {
208         synchronized (this)
209         {
210             // A requested session ID can only be used if it is in use already.
211             String requested_id=request.getRequestedSessionId();
212 
213             if (requested_id!=null)
214             {
215                 String cluster_id=getClusterId(requested_id);
216                 if (idInUse(cluster_id))
217                     return cluster_id;
218             }
219 
220             // Else reuse any new session ID already defined for this request.
221             String new_id=(String)request.getAttribute(__NEW_SESSION_ID);
222             if (new_id!=null&&idInUse(new_id))
223                 return new_id;
224 
225             // pick a new unique ID!
226             String id=null;
227             while (id==null||id.length()==0||idInUse(id))
228             {
229                 long r0=_weakRandom
230                 ?(hashCode()^Runtime.getRuntime().freeMemory()^_random.nextInt()^(((long)request.hashCode())<<32))
231                 :_random.nextLong();
232 		long r1=_random.nextLong();
233                 if (r0<0)
234                     r0=-r0;
235                 if (r1<0)
236                     r1=-r1;
237                 id=Long.toString(r0,36)+Long.toString(r1,36);
238             }
239 
240             // make the id unique to generating node
241             if (_workerName!=null)
242                 id=_workerName+id;
243             
244             request.setAttribute(__NEW_SESSION_ID,id);
245             return id;
246         }
247     }
248 
249     /* ------------------------------------------------------------ */
250     public Random getRandom()
251     {
252         return _random;
253     }
254 
255     /* ------------------------------------------------------------ */
256     public void setRandom(Random random)
257     {
258         _random=random;
259         _weakRandom=false;
260     }
261 
262 }