View Javadoc

1   //========================================================================
2   //Copyright 2006 Mort Bay Consulting Pty. Ltd.
3   //------------------------------------------------------------------------
4   //Licensed under the Apache License, Version 2.0 (the "License");
5   //you may not use this file except in compliance with the License.
6   //You may obtain a copy of the License at 
7   //http://www.apache.org/licenses/LICENSE-2.0
8   //Unless required by applicable law or agreed to in writing, software
9   //distributed under the License is distributed on an "AS IS" BASIS,
10  //WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
11  //See the License for the specific language governing permissions and
12  //limitations under the License.
13  //========================================================================
14  
15  package org.mortbay.jetty.servlet;
16  
17  import java.security.NoSuchAlgorithmException;
18  import java.security.SecureRandom;
19  import java.util.Random;
20  
21  import javax.servlet.http.HttpServletRequest;
22  import javax.servlet.http.HttpSession;
23  
24  import org.mortbay.component.AbstractLifeCycle;
25  import org.mortbay.jetty.SessionIdManager;
26  import org.mortbay.jetty.servlet.AbstractSessionManager.Session;
27  import org.mortbay.log.Log;
28  import org.mortbay.util.MultiMap;
29  
30  /* ------------------------------------------------------------ */
31  /**
32   * HashSessionIdManager. An in-memory implementation of the session ID manager.
33   */
34  public class HashSessionIdManager extends AbstractLifeCycle implements SessionIdManager
35  {
36      private final static String __NEW_SESSION_ID="org.mortbay.jetty.newSessionId";  
37      protected final static String SESSION_ID_RANDOM_ALGORITHM = "SHA1PRNG";
38      protected final static String SESSION_ID_RANDOM_ALGORITHM_ALT = "IBMSecureRandom";
39  
40      MultiMap _sessions;
41      protected Random _random;
42      private boolean _weakRandom;
43      private String _workerName;
44  
45      /* ------------------------------------------------------------ */
46      public HashSessionIdManager()
47      {
48      }
49  
50      /* ------------------------------------------------------------ */
51      public HashSessionIdManager(Random random)
52      {
53          _random=random;
54        
55      }
56  
57      /* ------------------------------------------------------------ */
58      /**
59       * Get the workname. If set, the workername is dot appended to the session
60       * ID and can be used to assist session affinity in a load balancer.
61       * 
62       * @return String or null
63       */
64      public String getWorkerName()
65      {
66          return _workerName;
67      }
68  
69      /* ------------------------------------------------------------ */
70      /**
71       * Set the workname. If set, the workername is dot appended to the session
72       * ID and can be used to assist session affinity in a load balancer.
73       * 
74       * @param workerName
75       */
76      public void setWorkerName(String workerName)
77      {
78          _workerName=workerName;
79      }
80  
81      /* ------------------------------------------------------------ */
82      /** Get the session ID with any worker ID.
83       * 
84       * @param request
85       * @return sessionId plus any worker ID.
86       */
87      public String getNodeId(String clusterId,HttpServletRequest request) 
88      {
89          String worker=request==null?null:(String)request.getAttribute("org.mortbay.http.ajp.JVMRoute");
90          if (worker!=null) 
91              return clusterId+'.'+worker; 
92          
93          if (_workerName!=null) 
94              return clusterId+'.'+_workerName;
95         
96          return clusterId;
97      }
98  
99      /* ------------------------------------------------------------ */
100     /** Get the session ID with any worker ID.
101      * 
102      * @param request
103      * @return sessionId plus any worker ID.
104      */
105     public String getClusterId(String nodeId) 
106     {
107         int dot=nodeId.lastIndexOf('.');
108         return (dot>0)?nodeId.substring(0,dot):nodeId;
109     }
110     
111     /* ------------------------------------------------------------ */
112     protected void doStart()
113     {
114         if (_random==null)
115         {      
116             try 
117             {
118                 //This operation may block on some systems with low entropy. See this page
119                 //for workaround suggestions:
120                 //http://docs.codehaus.org/display/JETTY/Connectors+slow+to+startup
121                 Log.debug("Init SecureRandom."); 
122                 _random=SecureRandom.getInstance(SESSION_ID_RANDOM_ALGORITHM);
123             }
124             catch (NoSuchAlgorithmException e)
125             {
126                 try
127                 {
128                     _random=SecureRandom.getInstance(SESSION_ID_RANDOM_ALGORITHM_ALT);
129                     _weakRandom=false;
130                 }
131                 catch (NoSuchAlgorithmException e_alt)
132                 {
133                     Log.warn("Could not generate SecureRandom for session-id randomness",e);
134                     _random=new Random();
135                     _weakRandom=true;
136                 }
137             }
138         }
139         _random.setSeed(_random.nextLong()^System.currentTimeMillis()^hashCode()^Runtime.getRuntime().freeMemory());
140         _sessions=new MultiMap();
141     }
142 
143     /* ------------------------------------------------------------ */
144     protected void doStop()
145     {
146         if (_sessions!=null)
147             _sessions.clear(); // Maybe invalidate?
148         _sessions=null;
149     }
150 
151     /* ------------------------------------------------------------ */
152     /*
153      * @see org.mortbay.jetty.SessionManager.MetaManager#idInUse(java.lang.String)
154      */
155     public boolean idInUse(String id)
156     {
157         return _sessions.containsKey(id);
158     }
159 
160     /* ------------------------------------------------------------ */
161     /*
162      * @see org.mortbay.jetty.SessionManager.MetaManager#addSession(javax.servlet.http.HttpSession)
163      */
164     public void addSession(HttpSession session)
165     {
166         synchronized (this)
167         {
168             _sessions.add(getClusterId(session.getId()),session);
169         }
170     }
171 
172     /* ------------------------------------------------------------ */
173     /*
174      * @see org.mortbay.jetty.SessionManager.MetaManager#addSession(javax.servlet.http.HttpSession)
175      */
176     public void removeSession(HttpSession session)
177     {
178         synchronized (this)
179         {
180             _sessions.removeValue(getClusterId(session.getId()),session);
181         }
182     }
183 
184     /* ------------------------------------------------------------ */
185     /*
186      * @see org.mortbay.jetty.SessionManager.MetaManager#invalidateAll(java.lang.String)
187      */
188     public void invalidateAll(String id)
189     {
190         synchronized (this)
191         {
192             // Do not use interators as this method tends to be called recursively 
193             // by the invalidate calls.
194             while (_sessions.containsKey(id))
195             {
196                 Session session=(Session)_sessions.getValue(id,0);
197                 if (session.isValid())
198                     session.invalidate();
199                 else
200                     _sessions.removeValue(id,session);
201             }
202         }
203     }
204 
205     /* ------------------------------------------------------------ */
206     /*
207      * new Session ID. If the request has a requestedSessionID which is unique,
208      * that is used. The session ID is created as a unique random long XORed with
209      * connection specific information, base 36.
210      * @param request 
211      * @param created 
212      * @return Session ID.
213      */
214     public String newSessionId(HttpServletRequest request, long created)
215     {
216         synchronized (this)
217         {
218             // A requested session ID can only be used if it is in use already.
219             String requested_id=request.getRequestedSessionId();
220 
221             if (requested_id!=null)
222             {
223                 String cluster_id=getClusterId(requested_id);
224                 if (idInUse(cluster_id))
225                     return cluster_id;
226             }
227 
228             // Else reuse any new session ID already defined for this request.
229             String new_id=(String)request.getAttribute(__NEW_SESSION_ID);
230             if (new_id!=null&&idInUse(new_id))
231                 return new_id;
232 
233             // pick a new unique ID!
234             String id=null;
235             while (id==null||id.length()==0||idInUse(id))
236             {
237                 long r=_weakRandom
238                 ?(hashCode()^Runtime.getRuntime().freeMemory()^_random.nextInt()^(((long)request.hashCode())<<32))
239                 :_random.nextLong();
240                 r^=created;
241                 if (request!=null && request.getRemoteAddr()!=null)
242                     r^=request.getRemoteAddr().hashCode();
243                 if (r<0)
244                     r=-r;
245                 id=Long.toString(r,36);
246             }
247 
248             request.setAttribute(__NEW_SESSION_ID,id);
249             return id;
250         }
251     }
252 
253     /* ------------------------------------------------------------ */
254     public Random getRandom()
255     {
256         return _random;
257     }
258 
259     /* ------------------------------------------------------------ */
260     public void setRandom(Random random)
261     {
262         _random=random;
263         _weakRandom=false;
264     }
265 
266 }