Compare commits

..

No commits in common. "ab9cba9d99dfc9c6d93337e927c991e354ac5f6a" and "9baa804bc24bfd3433322ad3da4278828b765871" have entirely different histories.

42 changed files with 238 additions and 863 deletions

View file

@ -1,3 +1,3 @@
group = org.xbib
name = net-http
version = 4.8.1
version = 4.5.0

Binary file not shown.

View file

@ -1,6 +1,6 @@
distributionBase=GRADLE_USER_HOME
distributionPath=wrapper/dists
distributionUrl=https\://services.gradle.org/distributions/gradle-8.7-bin.zip
distributionUrl=https\://services.gradle.org/distributions/gradle-8.5-all.zip
networkTimeout=10000
validateDistributionUrl=true
zipStoreBase=GRADLE_USER_HOME

20
gradlew.bat vendored
View file

@ -43,11 +43,11 @@ set JAVA_EXE=java.exe
%JAVA_EXE% -version >NUL 2>&1
if %ERRORLEVEL% equ 0 goto execute
echo. 1>&2
echo ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH. 1>&2
echo. 1>&2
echo Please set the JAVA_HOME variable in your environment to match the 1>&2
echo location of your Java installation. 1>&2
echo.
echo ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH.
echo.
echo Please set the JAVA_HOME variable in your environment to match the
echo location of your Java installation.
goto fail
@ -57,11 +57,11 @@ set JAVA_EXE=%JAVA_HOME%/bin/java.exe
if exist "%JAVA_EXE%" goto execute
echo. 1>&2
echo ERROR: JAVA_HOME is set to an invalid directory: %JAVA_HOME% 1>&2
echo. 1>&2
echo Please set the JAVA_HOME variable in your environment to match the 1>&2
echo location of your Java installation. 1>&2
echo.
echo ERROR: JAVA_HOME is set to an invalid directory: %JAVA_HOME%
echo.
echo Please set the JAVA_HOME variable in your environment to match the
echo location of your Java installation.
goto fail

View file

@ -1,41 +0,0 @@
package org.xbib.net.http.j2html;
import org.xbib.net.ParameterException;
import org.xbib.net.Resource;
import org.xbib.net.http.HttpResponseStatus;
import org.xbib.net.http.server.resource.HtmlTemplateResourceHandler;
import org.xbib.net.http.server.route.HttpRouterContext;
import java.io.IOException;
import static org.xbib.j2html.TagCreator.body;
import static org.xbib.j2html.TagCreator.h1;
import static org.xbib.j2html.TagCreator.html;
public class BadRequestHandler extends J2HtmlResourceHandler {
@Override
protected Resource createResource(HttpRouterContext httpRouterContext)
throws IOException, ParameterException {
return new UnauthorizedResource(this, httpRouterContext);
}
protected static class UnauthorizedResource extends J2HtmlResource {
protected UnauthorizedResource(HtmlTemplateResourceHandler templateResourceHandler,
HttpRouterContext httpRouterContext)
throws IOException, ParameterException {
super(templateResourceHandler, httpRouterContext);
}
@Override
protected HttpResponseStatus getResponseStatus() {
return HttpResponseStatus.BAD_REQUEST;
}
@Override
protected String renderHtml(HttpRouterContext httpRouterContext) {
return html(body(h1("Bad request"))).render();
}
}
}

View file

@ -1,7 +1,6 @@
package org.xbib.net.http.j2html;
import org.xbib.net.Attributes;
import org.xbib.net.ParameterException;
import org.xbib.net.Resource;
import org.xbib.net.http.HttpResponseStatus;
import org.xbib.net.http.server.resource.HtmlTemplateResourceHandler;
@ -20,16 +19,14 @@ import static org.xbib.j2html.TagCreator.pre;
public class InternalServerErrorHandler extends J2HtmlResourceHandler {
@Override
protected Resource createResource(HttpRouterContext httpRouterContext)
throws IOException, ParameterException {
protected Resource createResource(HttpRouterContext httpRouterContext) throws IOException {
return new InternalServerErrorResource(this, httpRouterContext);
}
protected static class InternalServerErrorResource extends J2HtmlResource {
protected InternalServerErrorResource(HtmlTemplateResourceHandler templateResourceHandler,
HttpRouterContext httpRouterContext)
throws IOException, ParameterException {
HttpRouterContext httpRouterContext) throws IOException {
super(templateResourceHandler, httpRouterContext);
}

View file

@ -1,8 +1,6 @@
package org.xbib.net.http.j2html;
import org.xbib.net.ParameterException;
import org.xbib.net.buffer.DataBuffer;
import org.xbib.net.http.HttpHeaderValues;
import org.xbib.net.http.HttpResponseStatus;
import org.xbib.net.http.server.HttpRequest;
import org.xbib.net.http.server.resource.HtmlTemplateResource;
@ -13,8 +11,6 @@ import java.io.IOException;
import java.nio.charset.Charset;
import java.nio.charset.StandardCharsets;
import java.util.Objects;
import java.util.logging.Level;
import java.util.logging.Logger;
import static org.xbib.j2html.TagCreator.body;
import static org.xbib.j2html.TagCreator.document;
@ -24,19 +20,15 @@ import static org.xbib.net.http.HttpHeaderNames.CONTENT_TYPE;
public class J2HtmlResource extends HtmlTemplateResource {
private static final Logger logger = Logger.getLogger(J2HtmlResource.class.getName());
protected HttpRequest request;
public J2HtmlResource(HtmlTemplateResourceHandler templateResourceHandler,
HttpRouterContext httpRouterContext) throws IOException, ParameterException {
HttpRouterContext httpRouterContext) throws IOException {
super(templateResourceHandler, httpRouterContext);
}
@Override
public void render(HttpRouterContext context)
throws IOException {
try {
public void render(HttpRouterContext context) throws IOException {
this.request = context.getRequest();
Objects.requireNonNull(responseBuilder);
DataBuffer dataBuffer = context.getDataBufferFactory().allocateBuffer();
@ -51,13 +43,6 @@ public class J2HtmlResource extends HtmlTemplateResource {
.setHeader(CONTENT_TYPE, "text/html; charset=" + getCharset().displayName())
.body(dataBuffer)
.done();
} catch (ParameterException e) {
logger.log(Level.WARNING, e.getMessage(), e);
context.status(HttpResponseStatus.BAD_REQUEST)
.setHeader(CONTENT_TYPE, HttpHeaderValues.TEXT_PLAIN)
.body(e.getMessage())
.done();
}
}
protected HttpResponseStatus getResponseStatus() {
@ -69,14 +54,14 @@ public class J2HtmlResource extends HtmlTemplateResource {
}
/**
* Rendering.
* By subclassing this handler, this method should be overridden by custom j2html code.
* The HTML is here is just a greeting as an example.
*
* @param context the router context
* @return the body string fo the HTTP response
*/
protected String renderHtml(HttpRouterContext context)
throws IOException, ParameterException {
protected String renderHtml(HttpRouterContext context) {
return document(html(body(h1("Hello World"))));
}
}

View file

@ -1,6 +1,5 @@
package org.xbib.net.http.j2html;
import org.xbib.net.ParameterException;
import org.xbib.net.Resource;
import org.xbib.net.http.server.resource.HtmlTemplateResourceHandler;
import org.xbib.net.http.server.route.HttpRouterContext;
@ -8,6 +7,9 @@ import org.xbib.net.http.server.route.HttpRouterContext;
import java.io.IOException;
import java.nio.file.Path;
import static org.xbib.j2html.TagCreator.body;
import static org.xbib.j2html.TagCreator.h1;
public class J2HtmlResourceHandler extends HtmlTemplateResourceHandler {
public J2HtmlResourceHandler() {
@ -19,15 +21,13 @@ public class J2HtmlResourceHandler extends HtmlTemplateResourceHandler {
}
@Override
protected Resource createResource(HttpRouterContext httpRouterContext)
throws IOException, ParameterException {
protected Resource createResource(HttpRouterContext httpRouterContext) throws IOException {
return httpRouterContext.isAuthenticated() ?
new J2HtmlResource(this, httpRouterContext) :
createUnauthenticatedResource(httpRouterContext);
}
protected Resource createUnauthenticatedResource(HttpRouterContext httpRouterContext)
throws IOException, ParameterException {
protected Resource createUnauthenticatedResource(HttpRouterContext httpRouterContext) throws IOException {
return new J2HtmlResource(this, httpRouterContext);
}
}

View file

@ -1,6 +1,5 @@
package org.xbib.net.http.j2html;
import org.xbib.net.ParameterException;
import org.xbib.net.Resource;
import org.xbib.net.http.HttpResponseStatus;
import org.xbib.net.http.server.resource.HtmlTemplateResourceHandler;
@ -15,16 +14,14 @@ import static org.xbib.j2html.TagCreator.html;
public class NotFoundHandler extends J2HtmlResourceHandler {
@Override
protected Resource createResource(HttpRouterContext httpRouterContext)
throws IOException, ParameterException {
protected Resource createResource(HttpRouterContext httpRouterContext) throws IOException {
return new UnauthorizedResource(this, httpRouterContext);
}
protected static class UnauthorizedResource extends J2HtmlResource {
protected UnauthorizedResource(HtmlTemplateResourceHandler templateResourceHandler,
HttpRouterContext httpRouterContext)
throws IOException, ParameterException {
HttpRouterContext httpRouterContext) throws IOException {
super(templateResourceHandler, httpRouterContext);
}

View file

@ -1,6 +1,5 @@
package org.xbib.net.http.j2html;
import org.xbib.net.ParameterException;
import org.xbib.net.Resource;
import org.xbib.net.http.HttpResponseStatus;
import org.xbib.net.http.server.resource.HtmlTemplateResourceHandler;
@ -15,16 +14,14 @@ import static org.xbib.j2html.TagCreator.html;
public class UnauthorizedHandler extends J2HtmlResourceHandler {
@Override
protected Resource createResource(HttpRouterContext httpRouterContext)
throws IOException, ParameterException {
protected Resource createResource(HttpRouterContext httpRouterContext) throws IOException {
return new UnauthorizedResource(this, httpRouterContext);
}
protected static class UnauthorizedResource extends J2HtmlResource {
protected UnauthorizedResource(HtmlTemplateResourceHandler templateResourceHandler,
HttpRouterContext httpRouterContext)
throws IOException, ParameterException {
HttpRouterContext httpRouterContext) throws IOException {
super(templateResourceHandler, httpRouterContext);
}

View file

@ -3,13 +3,11 @@ package org.xbib.net.http.server.application.web;
import java.nio.file.Paths;
import java.time.Duration;
import org.xbib.net.UserProfile;
import org.xbib.net.http.server.application.BaseApplication;
import org.xbib.net.http.server.route.HttpRouterContext;
import org.xbib.net.http.server.persist.Codec;
import org.xbib.net.http.server.session.Session;
import org.xbib.net.http.server.session.FileJsonSessionCodec;
import org.xbib.net.http.server.auth.FileJsonUserProfileCodec;
import org.xbib.net.http.server.session.file.FileJsonSessionCodec;
public class WebApplication extends BaseApplication {
@ -30,9 +28,4 @@ public class WebApplication extends BaseApplication {
return new FileJsonSessionCodec(sessionName, this, 1024, Duration.ofDays(1),
Paths.get("/var/tmp/session"));
}
@Override
protected Codec<UserProfile> newUserProfileCodec(HttpRouterContext httpRouterContext) {
return new FileJsonUserProfileCodec(Paths.get("/var/tmp/userprofile"));
}
}

View file

@ -5,19 +5,15 @@ import org.xbib.config.ConfigLogger;
import org.xbib.config.ConfigParams;
import org.xbib.config.SystemConfigLogger;
import org.xbib.net.NetworkClass;
import org.xbib.net.ParameterException;
import org.xbib.net.Resource;
import org.xbib.net.http.HttpHeaderNames;
import org.xbib.net.http.HttpHeaderValues;
import org.xbib.net.http.HttpResponseStatus;
import org.xbib.net.http.HttpVersion;
import org.xbib.net.http.j2html.BadRequestHandler;
import org.xbib.net.http.j2html.InternalServerErrorHandler;
import org.xbib.net.http.j2html.J2HtmlResource;
import org.xbib.net.http.j2html.J2HtmlResourceHandler;
import org.xbib.net.http.j2html.J2HtmlService;
import org.xbib.net.http.j2html.NotFoundHandler;
import org.xbib.net.http.j2html.UnauthorizedHandler;
import org.xbib.net.http.server.application.web.WebApplication;
import org.xbib.net.http.server.auth.BasicAuthenticationHandler;
import org.xbib.net.http.server.auth.FormAuthenticationHandler;
@ -145,9 +141,6 @@ public final class Bootstrap {
.build();
HttpRouter httpRouter = BaseHttpRouter.builder()
.setHandler(401, new UnauthorizedHandler())
.setHandler(403, new BadRequestHandler())
.setHandler(404, new NotFoundHandler())
.setHandler(500, new InternalServerErrorHandler())
.addDomain(BaseHttpDomain.builder()
.setHttpAddress(httpsAddress)
@ -213,14 +206,12 @@ public final class Bootstrap {
static class MyResourceHandler extends J2HtmlResourceHandler {
@Override
protected Resource createResource(HttpRouterContext httpRouterContext)
throws IOException, ParameterException {
protected Resource createResource(HttpRouterContext httpRouterContext) throws IOException {
return new DemoResource(this, httpRouterContext);
}
@Override
protected Resource createUnauthenticatedResource(HttpRouterContext httpRouterContext)
throws IOException, ParameterException {
protected Resource createUnauthenticatedResource(HttpRouterContext httpRouterContext) throws IOException {
return new UnauthenticatedDemoResource(this, httpRouterContext);
}
}
@ -228,8 +219,7 @@ public final class Bootstrap {
static class DemoResource extends J2HtmlResource {
public DemoResource(HtmlTemplateResourceHandler templateResourceHandler,
HttpRouterContext httpRouterContext)
throws IOException, ParameterException {
HttpRouterContext httpRouterContext) throws IOException {
super(templateResourceHandler, httpRouterContext);
}
@ -243,8 +233,7 @@ public final class Bootstrap {
static class UnauthenticatedDemoResource extends J2HtmlResource {
public UnauthenticatedDemoResource(HtmlTemplateResourceHandler templateResourceHandler,
HttpRouterContext httpRouterContext)
throws IOException, ParameterException {
HttpRouterContext httpRouterContext) throws IOException {
super(templateResourceHandler, httpRouterContext);
}

View file

@ -27,6 +27,8 @@ module org.xbib.net.http.server {
exports org.xbib.net.http.server.route;
exports org.xbib.net.http.server.service;
exports org.xbib.net.http.server.session;
exports org.xbib.net.http.server.session.file;
exports org.xbib.net.http.server.session.memory;
exports org.xbib.net.http.server.validate;
exports org.xbib.net.http.server.executor;
}

View file

@ -3,8 +3,6 @@ package org.xbib.net.http.server.application;
import java.nio.file.Path;
import java.time.ZoneId;
import java.util.Locale;
import org.xbib.net.http.server.domain.HttpSecurityDomain;
import org.xbib.net.http.server.executor.Executor;
import org.xbib.net.http.server.route.HttpRouter;
import org.xbib.net.mime.MimeTypeService;
@ -17,8 +15,6 @@ public interface ApplicationBuilder {
ApplicationBuilder setSecret(String hexSecret);
ApplicationBuilder setSecurityDomain(HttpSecurityDomain securityDomain);
ApplicationBuilder setSessionsEnabled(boolean sessionsEnabled);
ApplicationBuilder setLocale(Locale locale);

View file

@ -15,11 +15,9 @@ import java.util.logging.Level;
import java.util.logging.Logger;
import org.xbib.net.Attributes;
import org.xbib.net.UserProfile;
import org.xbib.net.http.HttpAddress;
import org.xbib.net.http.cookie.SameSite;
import org.xbib.net.http.server.auth.BaseAttributes;
import org.xbib.net.http.server.auth.PersistUserProfileHandler;
import org.xbib.net.http.server.route.BaseHttpRouterContext;
import org.xbib.net.http.server.HttpHandler;
import org.xbib.net.http.server.HttpRequestBuilder;
@ -36,8 +34,7 @@ import org.xbib.net.http.server.session.IncomingContextHandler;
import org.xbib.net.http.server.session.OutgoingContextHandler;
import org.xbib.net.http.server.session.PersistSessionHandler;
import org.xbib.net.http.server.session.Session;
import org.xbib.net.http.server.session.MemoryPropertiesSessionCodec;
import org.xbib.net.http.server.auth.MemoryPropertiesUserProfileCodec;
import org.xbib.net.http.server.session.memory.MemoryPropertiesSessionCodec;
import org.xbib.net.http.server.validate.HttpRequestValidator;
import org.xbib.net.mime.MimeTypeService;
import org.xbib.net.util.RandomUtil;
@ -171,16 +168,12 @@ public class BaseApplication implements Application {
HttpRouterContext httpRouterContext = new BaseHttpRouterContext(this, domain, requestBuilder, responseBuilder);
httpRouterContext.addOpenHandler(newRequestValidator());
httpRouterContext.addOpenHandler(newIncomingCookieHandler());
Codec<UserProfile> userProfileCodec = newUserProfileCodec(httpRouterContext);
httpRouterContext.getAttributes().put("userprofilecodec", userProfileCodec);
Codec<Session> sessionCodec = builder.sessionsEnabled ? newSessionCodec(httpRouterContext) : null;
if (sessionCodec != null) {
if (builder.sessionsEnabled) {
Codec<Session> sessionCodec = newSessionCodec(httpRouterContext);
httpRouterContext.getAttributes().put("sessioncodec", sessionCodec);
}
httpRouterContext.addOpenHandler(newIncomingContextHandler(userProfileCodec, sessionCodec));
httpRouterContext.addOpenHandler(newIncomingContextHandler(sessionCodec));
httpRouterContext.addCloseHandler(newOutgoingContextHandler());
for (HttpHandler httpHandler : newPersistHandlers(userProfileCodec, sessionCodec)) {
httpRouterContext.addCloseHandler(httpHandler);
httpRouterContext.addCloseHandler(newPersistHandler(sessionCodec));
}
httpRouterContext.addCloseHandler(newOutgoingCookieHandler());
return httpRouterContext;
@ -219,12 +212,8 @@ public class BaseApplication implements Application {
return new MemoryPropertiesSessionCodec(sessionName,this, 1024, Duration.ofDays(1));
}
protected Codec<UserProfile> newUserProfileCodec(HttpRouterContext httpRouterContext) {
return new MemoryPropertiesUserProfileCodec();
}
protected HttpHandler newIncomingContextHandler(Codec<UserProfile> userProfileCodec, Codec<Session> sessionCodec) {
return new IncomingContextHandler(userProfileCodec,
protected HttpHandler newIncomingContextHandler(Codec<Session> sessionCodec) {
return new IncomingContextHandler(
getSecret(),
"HmacSHA1",
sessionName,
@ -246,10 +235,8 @@ public class BaseApplication implements Application {
);
}
protected Collection<HttpHandler> newPersistHandlers(Codec<UserProfile> userProfileCodec,
Codec<Session> sessionCodec) {
return List.of(new PersistSessionHandler(sessionCodec),
new PersistUserProfileHandler(userProfileCodec, builder.securityDomain));
protected HttpHandler newPersistHandler(Codec<Session> sessionCodec) {
return new PersistSessionHandler(sessionCodec);
}
@Override

View file

@ -7,7 +7,6 @@ import java.util.Locale;
import java.util.Objects;
import java.util.Set;
import org.xbib.net.http.server.domain.HttpSecurityDomain;
import org.xbib.net.http.server.executor.BaseExecutor;
import org.xbib.net.http.server.executor.Executor;
import org.xbib.net.http.server.route.HttpRouter;
@ -33,8 +32,6 @@ public class BaseApplicationBuilder implements ApplicationBuilder {
protected String secret;
protected HttpSecurityDomain securityDomain;
protected boolean sessionsEnabled;
protected Locale locale;
@ -90,12 +87,6 @@ public class BaseApplicationBuilder implements ApplicationBuilder {
return this;
}
@Override
public ApplicationBuilder setSecurityDomain(HttpSecurityDomain securityDomain) {
this.securityDomain = securityDomain;
return this;
}
@Override
public ApplicationBuilder setSessionsEnabled(boolean sessionsEnabled) {
this.sessionsEnabled = sessionsEnabled;

View file

@ -26,15 +26,12 @@ public class BaseUserProfile implements UserProfile {
private Collection<String> effectivePermissions;
private boolean refresh;
public BaseUserProfile() {
this.attributes = new BaseAttributes();
this.roles = new ArrayList<>();
this.effectiveRoles = new ArrayList<>();
this.permissions = new ArrayList<>();
this.effectivePermissions = new ArrayList<>();
this.refresh = false;
}
@Override
@ -132,21 +129,6 @@ public class BaseUserProfile implements UserProfile {
this.attributes = attributes;
}
@Override
public void updateAttribute(String key, Object value) {
attributes.put(key, value);
}
@Override
public void triggerRefresh(boolean refresh) {
this.refresh = refresh;
}
@Override
public boolean isRefreshTriggered() {
return refresh;
}
@Override
public Attributes getAttributes() {
return attributes;
@ -155,23 +137,31 @@ public class BaseUserProfile implements UserProfile {
@Override
public Map<String, Object> asMap() {
TinyMap.Builder<String, Object> builder = TinyMap.builder();
builder.putIfNotNull(NAME, getName());
builder.putIfNotNull(USER_ID, getUserId());
builder.putIfNotNull(EFFECTIVE_USER_ID, getEffectiveUserId());
builder.put("name", getName());
String userId = getUserId();
if (userId == null) {
userId = "";
}
builder.put("user_id", userId);
String eUserId = getEffectiveUserId();
if (eUserId == null) {
eUserId = "";
}
builder.put("e_user_id", eUserId);
if (getRoles() != null && !getRoles().isEmpty()) {
builder.put(ROLES, getRoles());
builder.put("roles", getRoles());
}
if (getEffectiveRoles() != null && !getEffectiveRoles().isEmpty()) {
builder.put(EFFECTIVE_ROLES, getEffectiveRoles());
builder.put("e_roles", getEffectiveRoles());
}
if (getPermissions() != null && !getPermissions().isEmpty()) {
builder.put(PERMISSIONS, getPermissions());
builder.put("perms", getPermissions());
}
if (getEffectivePermissions() != null && !getEffectivePermissions().isEmpty()) {
builder.put(EFFECTIVE_PERMISSIONS, getEffectivePermissions());
builder.put("e_perms", getEffectivePermissions());
}
if (getAttributes() != null && !getAttributes().isEmpty()) {
builder.put(ATTRIBUTES, getAttributes());
builder.put("attrs", getAttributes());
}
return builder.build();
}
@ -179,66 +169,39 @@ public class BaseUserProfile implements UserProfile {
@SuppressWarnings("unchecked")
public static UserProfile fromMap(Map<String, Object> map) {
BaseUserProfile userProfile = new BaseUserProfile();
if (map.containsKey(NAME)) {
userProfile.setName((String) map.get(NAME));
if (map.containsKey("name")) {
userProfile.setName((String) map.get("name"));
}
if (map.containsKey("user_id")) {
String userId = (String) map.get("user_id");
// empty user ID for better map transport, change it to null
if (userId != null && userId.isEmpty()) {
userId = null;
}
if (map.containsKey(USER_ID)) {
String userId = (String) map.get(USER_ID);
userProfile.setUserId(userId);
}
if (map.containsKey(EFFECTIVE_USER_ID)) {
String eUserId = (String) map.get(EFFECTIVE_USER_ID);
if (map.containsKey("e_user_id")) {
String eUserId = (String) map.get("e_user_id");
// empty effective user ID for better map transport, change it to null
if (eUserId != null && eUserId.isEmpty()) {
eUserId = null;
}
userProfile.setEffectiveUserId(eUserId);
}
if (map.containsKey(ROLES)) {
userProfile.setRoles((Collection<String>) map.get(ROLES));
if (map.containsKey("roles")) {
userProfile.setRoles((Collection<String>) map.get("roles"));
}
if (map.containsKey(EFFECTIVE_ROLES)) {
userProfile.setEffectiveRoles((Collection<String>) map.get(EFFECTIVE_ROLES));
if (map.containsKey("e_roles")) {
userProfile.setEffectiveRoles((Collection<String>) map.get("e_roles"));
}
if (map.containsKey(PERMISSIONS)) {
userProfile.setPermissions((Collection<String>) map.get(PERMISSIONS));
}
if (map.containsKey(EFFECTIVE_PERMISSIONS)) {
userProfile.setEffectivePermissions((Collection<String>) map.get(EFFECTIVE_PERMISSIONS));
}
if (map.containsKey(ATTRIBUTES)) {
userProfile.setAttributes(new BaseAttributes((Map<String, Object>) map.get(ATTRIBUTES)));
}
return userProfile;
}
@SuppressWarnings("unchecked")
public static UserProfile fromMap(UserProfile userProfile, Map<String, Object> map) {
if (map.containsKey(NAME)) {
userProfile.setName((String) map.get(NAME));
}
if (map.containsKey(USER_ID)) {
userProfile.setUserId((String) map.get(USER_ID));
}
if (map.containsKey(EFFECTIVE_USER_ID)) {
userProfile.setEffectiveUserId((String) map.get(EFFECTIVE_USER_ID));
}
if (map.containsKey(ROLES)) {
userProfile.setRoles((Collection<String>) map.get(ROLES));
}
if (map.containsKey(EFFECTIVE_ROLES)) {
userProfile.setEffectiveRoles((Collection<String>) map.get(EFFECTIVE_ROLES));
}
if (map.containsKey(PERMISSIONS)) {
userProfile.setPermissions((Collection<String>) map.get(PERMISSIONS));
}
if (map.containsKey(EFFECTIVE_PERMISSIONS)) {
userProfile.setEffectivePermissions((Collection<String>) map.get(EFFECTIVE_PERMISSIONS));
}
if (map.containsKey(ATTRIBUTES)) {
if (userProfile.getAttributes() == null || userProfile.getAttributes().isEmpty()) {
userProfile.setAttributes(new BaseAttributes((Map<String, Object>) map.get(ATTRIBUTES)));
} else {
for (Map.Entry<String, Object> entry : ((Map<String, Object>) map.get(ATTRIBUTES)).entrySet()) {
userProfile.updateAttribute(entry.getKey(), entry.getValue());
if (map.containsKey("perms")) {
userProfile.setPermissions((Collection<String>) map.get("perms"));
}
if (map.containsKey("e_perms")) {
userProfile.setEffectivePermissions((Collection<String>) map.get("e_perms"));
}
if (map.containsKey("attrs")) {
userProfile.setAttributes(new BaseAttributes((Map<String, Object>) map.get("attrs")));
}
return userProfile;
}

View file

@ -1,145 +0,0 @@
package org.xbib.net.http.server.auth;
import org.xbib.net.PercentEncoder;
import org.xbib.net.PercentEncoders;
import org.xbib.net.UserProfile;
import org.xbib.net.http.server.persist.Codec;
import org.xbib.net.util.JsonUtil;
import java.io.IOException;
import java.io.UncheckedIOException;
import java.io.Writer;
import java.nio.charset.StandardCharsets;
import java.nio.file.Files;
import java.nio.file.Path;
import java.nio.file.attribute.FileTime;
import java.time.Duration;
import java.time.Instant;
import java.util.Map;
import java.util.Objects;
import java.util.concurrent.locks.ReentrantReadWriteLock;
import java.util.logging.Level;
import java.util.logging.Logger;
import java.util.stream.Stream;
public class FileJsonUserProfileCodec implements Codec<UserProfile> {
private static final Logger logger = Logger.getLogger(FileJsonUserProfileCodec.class.getName());
private final ReentrantReadWriteLock lock;
private final Path path;
public FileJsonUserProfileCodec(Path path) {
this.path = path;
this.lock = new ReentrantReadWriteLock();
}
@Override
public UserProfile create(String userId) throws IOException {
Objects.requireNonNull(userId, "user id must not be null");
BaseUserProfile baseUserProfile = new BaseUserProfile();
baseUserProfile.setUserId(userId);
return baseUserProfile;
}
@Override
public UserProfile read(String key) throws IOException {
Objects.requireNonNull(key, "key must not be null");
ReentrantReadWriteLock.ReadLock readLock = lock.readLock();
try {
readLock.lock();
PercentEncoder percentEncoder = PercentEncoders.getUnreservedEncoder(StandardCharsets.UTF_8);
Path p = path.resolve(percentEncoder.encode(key));
Map<String, Object> map = JsonUtil.toMap(Files.readString(p));
return BaseUserProfile.fromMap(map);
} finally {
readLock.unlock();
}
}
@Override
public void write(String key, UserProfile userProfile) throws IOException {
Objects.requireNonNull(key, "key must not be null");
ReentrantReadWriteLock.WriteLock writeLock = lock.writeLock();
try {
writeLock.lock();
createPath();
PercentEncoder percentEncoder = PercentEncoders.getUnreservedEncoder(StandardCharsets.UTF_8);
try (Writer writer = Files.newBufferedWriter(path.resolve(percentEncoder.encode(key)))) {
writer.write(JsonUtil.toString(userProfile.asMap()));
}
} finally {
writeLock.unlock();
}
}
@Override
public void remove(String key) {
ReentrantReadWriteLock.WriteLock writeLock = lock.writeLock();
try {
writeLock.lock();
PercentEncoder percentEncoder = PercentEncoders.getUnreservedEncoder(StandardCharsets.UTF_8);
Files.deleteIfExists(path.resolve(percentEncoder.encode(key)));
} catch (IOException e) {
throw new UncheckedIOException(e);
} finally {
writeLock.unlock();
}
}
@Override
public void purge(long expiredAfterSeconds) {
if (path != null && expiredAfterSeconds > 0L) {
Instant instant = Instant.now();
try (Stream<Path> stream = Files.walk(path)) {
stream.forEach(p -> {
try {
FileTime fileTime = Files.getLastModifiedTime(p);
Duration duration = Duration.between(fileTime.toInstant(), instant);
if (duration.toSeconds() > expiredAfterSeconds) {
Files.delete(p);
}
} catch (IOException e) {
logger.log(Level.WARNING, "i/o error while purge: " + e.getMessage(), e);
}
});
} catch (IOException e) {
logger.log(Level.WARNING, "i/o error while purge: " + e.getMessage(), e);
}
}
}
@Override
public void destroy() {
try (Stream<Path> stream = Files.walk(path)) {
stream.forEach(p -> {
try {
if (!path.equals(p)) {
Files.delete(p);
}
} catch (IOException e) {
logger.log(Level.WARNING, "i/o error while destroy: " + e.getMessage(), e);
}
});
} catch (IOException e) {
logger.log(Level.WARNING, "i/o error while destroy: " + e.getMessage(), e);
}
try {
Files.delete(path);
} catch (IOException e) {
logger.log(Level.WARNING, "i/o error while destroy: " + e.getMessage(), e);
}
}
private void createPath() {
try {
if (!Files.exists(path)) {
Files.createDirectories(path);
}
} catch (IOException e) {
logger.log(Level.SEVERE, e.getMessage(), e);
throw new UncheckedIOException(e);
}
}
}

View file

@ -1,9 +1,7 @@
package org.xbib.net.http.server.auth;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Collection;
import java.util.List;
import java.util.Objects;
import java.util.logging.Level;
import java.util.logging.Logger;
@ -56,20 +54,6 @@ public class LoginAuthenticationHandler implements HttpHandler {
logger.log(Level.FINE, "no user profile found in context");
return;
}
if (userProfile.isRefreshTriggered()) {
try {
List<String> roles = new ArrayList<>();
userProfile.setRoles(roles);
List<String> effectiveRoles = new ArrayList<>();
userProfile.setEffectiveRoles(effectiveRoles);
loadRoles(userProfile);
} catch (Exception e) {
logger.log(Level.SEVERE, e.getMessage(), e);
} finally {
userProfile.triggerRefresh(false);
}
return;
}
if (userProfile.getUserId() != null) {
logger.log(Level.FINE, "user id already set");
return;
@ -93,10 +77,7 @@ public class LoginAuthenticationHandler implements HttpHandler {
}
}
protected boolean authenticate(UserProfile userProfile,
String username,
String password,
Request request) {
protected boolean authenticate(UserProfile userProfile, String username, String password, Request request) {
if (username == null) {
logger.log(Level.FINE, "no username given for check, doing nothing");
return false;
@ -108,38 +89,21 @@ public class LoginAuthenticationHandler implements HttpHandler {
Authenticator auth = securityRealm.getAuthenticator();
Authenticator.Context authContext = new Authenticator.Context(username, password, request);
if (auth.authenticate(authContext)) {
logger.log(Level.FINE, "authenticated as " + authContext.getUsername());
logger.log(Level.FINE, "authenticated, augmenting user profile with " + authContext.getUsername());
userProfile.setUserId(authContext.getUsername());
UsersProvider.Context userContext = new UsersProvider.Context(authContext.getUsername(), null);
UsersProvider.Context userContext = new UsersProvider.Context(username, null);
UserDetails userDetails = securityRealm.getUsersProvider().getUserDetails(userContext);
userProfile.setName(userDetails.getName());
if (userDetails.getEffectiveUserId() != null) {
userProfile.setEffectiveUserId(userDetails.getEffectiveUserId());
} else {
userProfile.setEffectiveUserId(authContext.getUsername());
}
loadRoles(userProfile);
return true;
}
logger.log(Level.FINE, "authentication failure for user " + username);
return false;
}
private void loadRoles(UserProfile userProfile) {
GroupsProvider.Context groupContext = new GroupsProvider.Context(userProfile.getUserId(), null);
userProfile.setName(userDetails.getName());
GroupsProvider.Context groupContext = new GroupsProvider.Context(username, null);
Collection<String> groups = securityRealm.getGroupsProvider().getGroups(groupContext);
for (String group : groups) {
userProfile.addRole(group);
}
if (!userProfile.getUserId().equals(userProfile.getEffectiveUserId())) {
GroupsProvider.Context effectiveGroupContext = new GroupsProvider.Context(userProfile.getEffectiveUserId(), null);
for (String group : securityRealm.getGroupsProvider().getGroups(effectiveGroupContext)) {
userProfile.addEffectiveRole(group);
}
} else {
for (String group : groups) {
userProfile.addEffectiveRole(group);
}
logger.log(Level.FINE, "authentication success: userProfile = " + userProfile);
return true;
}
logger.log(Level.FINE, "authentication failure");
return false;
}
}

View file

@ -1,92 +0,0 @@
package org.xbib.net.http.server.auth;
import org.xbib.net.UserProfile;
import org.xbib.net.http.server.persist.Codec;
import java.io.IOException;
import java.util.HashMap;
import java.util.LinkedHashMap;
import java.util.Map;
import java.util.Properties;
import java.util.concurrent.locks.ReentrantReadWriteLock;
public class MemoryPropertiesUserProfileCodec implements Codec<UserProfile> {
private static final Map<String, Object> store = new HashMap<>();
private final ReentrantReadWriteLock lock;
public MemoryPropertiesUserProfileCodec() {
this.lock = new ReentrantReadWriteLock();
}
@Override
public UserProfile create(String key) throws IOException {
BaseUserProfile baseUserProfile = new BaseUserProfile();
baseUserProfile.setUserId(key);
return baseUserProfile;
}
@Override
public UserProfile read(String key) throws IOException {
ReentrantReadWriteLock.ReadLock readLock = lock.readLock();
try {
readLock.lock();
Properties properties = new Properties();
if (store.containsKey(key)) {
properties.putAll((Map<?, ?>) store.get(key));
}
return toUserProfile(key, properties);
} finally {
readLock.unlock();
}
}
@Override
public void write(String key, UserProfile userProfile) throws IOException {
ReentrantReadWriteLock.WriteLock writeLock = lock.writeLock();
try {
writeLock.lock();
Properties properties = toProperties(userProfile.asMap());
store.put(key, properties);
} finally {
writeLock.unlock();
}
}
private UserProfile toUserProfile(String key, Properties properties) {
Map<String, Object> map = new LinkedHashMap<>();
properties.forEach((k, v) -> map.put(k.toString(), v));
return BaseUserProfile.fromMap(map);
}
private Properties toProperties(Map<String, Object> map) {
Properties properties = new Properties();
map.forEach((k,v) -> {
// filter non-null keys and values for properties semantics
if (k != null && v != null) {
properties.put(k, v);
}
});
return properties;
}
@Override
public void remove(String key) throws IOException {
store.remove(key);
}
@Override
public void purge(long expiredAfterSeconds) throws IOException {
if (expiredAfterSeconds > 0L) {
for (Map.Entry<String, Object> entry : store.entrySet()) {
remove(entry.getKey());
}
}
}
@Override
public void destroy() {
store.clear();
}
}

View file

@ -1,91 +0,0 @@
package org.xbib.net.http.server.auth;
import org.xbib.net.GroupsProvider;
import org.xbib.net.SecurityRealm;
import org.xbib.net.UserProfile;
import org.xbib.net.http.HttpResponseStatus;
import org.xbib.net.http.server.HttpException;
import org.xbib.net.http.server.HttpHandler;
import org.xbib.net.http.server.domain.HttpSecurityDomain;
import org.xbib.net.http.server.persist.Codec;
import org.xbib.net.http.server.route.HttpRouterContext;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Collection;
import java.util.List;
import java.util.logging.Level;
import java.util.logging.Logger;
public class PersistUserProfileHandler implements HttpHandler {
private static final Logger logger = Logger.getLogger(PersistUserProfileHandler.class.getName());
private final Codec<UserProfile> userProfileCodec;
private final HttpSecurityDomain securityDomain;
public PersistUserProfileHandler(Codec<UserProfile> userProfileCodec,
HttpSecurityDomain securityDomain) {
this.userProfileCodec = userProfileCodec;
this.securityDomain = securityDomain;
}
@Override
public void handle(HttpRouterContext context) throws IOException {
UserProfile userProfile = context.getAttributes().get(UserProfile.class, "userprofile");
if (userProfile != null && userProfile.getUserId() != null) {
if (userProfile.isRefreshTriggered()) {
if (securityDomain == null) {
logger.log(Level.FINE, "unable to refresh, security domain is null");
return;
}
if (securityDomain.getRealm() == null) {
logger.log(Level.FINE, "unable to refresh, security realm is null");
return;
}
try {
// reset roles and load again
List<String> roles = new ArrayList<>();
userProfile.setRoles(roles);
List<String> effectiveRoles = new ArrayList<>();
userProfile.setEffectiveRoles(effectiveRoles);
loadRoles(userProfile, securityDomain.getRealm());
} catch (Exception e) {
logger.log(Level.SEVERE, e.getMessage(), e);
} finally {
userProfile.triggerRefresh(false);
}
}
try {
logger.log(Level.FINEST, "writing user profile id = " + userProfile.getUserId());
userProfileCodec.write(userProfile.getUserId(), userProfile);
} catch (Exception e) {
logger.log(Level.SEVERE, e.getMessage(), e);
throw new HttpException("unable to write user profile data", context, HttpResponseStatus.INTERNAL_SERVER_ERROR);
}
} else {
logger.log(Level.FINEST, "not writing user profile " + userProfile + " user id + " +
(userProfile != null ? userProfile.getUserId() : null));
}
}
private void loadRoles(UserProfile userProfile, SecurityRealm securityRealm) {
String username = userProfile.getUserId();
GroupsProvider.Context groupContext = new GroupsProvider.Context(username, null);
Collection<String> groups = securityRealm.getGroupsProvider().getGroups(groupContext);
for (String group : groups) {
userProfile.addRole(group);
}
if (!userProfile.getUserId().equals(userProfile.getEffectiveUserId())) {
GroupsProvider.Context effectiveGroupContext = new GroupsProvider.Context(userProfile.getEffectiveUserId(), null);
for (String group : securityRealm.getGroupsProvider().getGroups(effectiveGroupContext)) {
userProfile.addEffectiveRole(group);
}
} else {
for (String group : groups) {
userProfile.addEffectiveRole(group);
}
}
}
}

View file

@ -10,6 +10,8 @@ import org.xbib.net.http.server.route.HttpRouterContext;
public class IncomingCookieHandler implements HttpHandler {
private static final Logger logger = Logger.getLogger(IncomingCookieHandler.class.getName());
public IncomingCookieHandler() {
}
@ -28,6 +30,7 @@ public class IncomingCookieHandler implements HttpHandler {
}
if (!cookieBox.isEmpty()) {
context.getAttributes().put("incomingcookies", cookieBox);
}
}
}

View file

@ -2,7 +2,6 @@ package org.xbib.net.http.server.domain;
import java.util.List;
import org.xbib.net.SecurityDomain;
import org.xbib.net.UserProfile;
import org.xbib.net.http.server.HttpHandler;
public interface HttpSecurityDomain extends SecurityDomain {

View file

@ -13,6 +13,4 @@ public interface Codec<D> {
void remove(String key) throws IOException;
void purge(long expiredAfterSeconds) throws IOException;
void destroy();
}

View file

@ -67,11 +67,6 @@ public class FileJsonCodec implements Codec<Map<String, Object>> {
// unable to purge
}
@Override
public void destroy() {
// unable to destroy
}
private Path openOrCreate(String key) throws IOException {
Path path = Paths.get(root);
Files.createDirectories(path);

View file

@ -7,6 +7,10 @@ import org.xbib.net.http.server.persist.Codec;
@SuppressWarnings("serial")
public class FileJsonPersistenceStore extends AbstractPersistenceStore {
public FileJsonPersistenceStore(String name) {
this("/var/tmp/net-http-server-store", name);
}
public FileJsonPersistenceStore(String root, String storeName) {
this(new FileJsonCodec(root), storeName);
}

View file

@ -76,11 +76,6 @@ public class FilePropertiesCodec implements Codec<Map<String, Object>> {
// unable to purge
}
@Override
public void destroy() {
// unable to destroy
}
private Path openOrCreate(String key) throws IOException {
Path path = Paths.get(root);
Files.createDirectories(path);

View file

@ -58,11 +58,6 @@ public class MemoryPropertiesCodec implements Codec<Map<String, Object>> {
// unable to purge
}
@Override
public void destroy() {
store.clear();
}
private Map<String, Object> toMap(Properties properties) {
Map<String, Object> map = new LinkedHashMap<>();
properties.forEach((k, v) -> map.put(k.toString(), v));

View file

@ -18,15 +18,12 @@ import java.util.Arrays;
import java.util.List;
import java.util.logging.Level;
import java.util.logging.Logger;
import org.xbib.net.ParameterException;
import org.xbib.net.Resource;
import org.xbib.net.URL;
import org.xbib.net.buffer.DataBuffer;
import org.xbib.net.buffer.DataBufferFactory;
import org.xbib.net.buffer.DataBufferUtil;
import org.xbib.net.http.HttpHeaderNames;
import org.xbib.net.http.HttpHeaderValues;
import org.xbib.net.http.HttpHeaders;
import org.xbib.net.http.HttpMethod;
import org.xbib.net.http.HttpResponseStatus;
@ -47,8 +44,7 @@ public abstract class AbstractResourceHandler implements HttpHandler {
public AbstractResourceHandler() {
}
protected abstract Resource createResource(HttpRouterContext httpRouterContext)
throws IOException, ParameterException;
protected abstract Resource createResource(HttpRouterContext httpRouterContext) throws IOException;
protected abstract boolean isETagEnabled();
@ -60,7 +56,6 @@ public abstract class AbstractResourceHandler implements HttpHandler {
@Override
public void handle(HttpRouterContext context) throws IOException {
try {
logger.log(Level.FINEST, () -> "handle: before creating resource " + this.getClass().getName());
Resource resource = createResource(context);
logger.log(Level.FINEST, () -> "handle: resource = " + (resource != null ? resource.getClass().getName() + " " + resource : null));
@ -95,13 +90,6 @@ public abstract class AbstractResourceHandler implements HttpHandler {
generateCacheableResource(context, resource);
context.done();
}
} catch (ParameterException e) {
logger.log(Level.WARNING, e.getMessage(), e);
context.status(HttpResponseStatus.BAD_REQUEST)
.setHeader(CONTENT_TYPE, HttpHeaderValues.TEXT_PLAIN)
.body(e.getMessage())
.done();
}
}
private void generateCacheableResource(HttpRouterContext context,

View file

@ -2,8 +2,6 @@ package org.xbib.net.http.server.resource;
import java.io.IOException;
import java.nio.file.Path;
import org.xbib.net.ParameterException;
import org.xbib.net.Resource;
import org.xbib.net.http.server.route.HttpRouterContext;
@ -24,8 +22,7 @@ public class HtmlTemplateResourceHandler extends AbstractResourceHandler {
}
@Override
protected Resource createResource(HttpRouterContext httpRouterContext)
throws IOException, ParameterException {
protected Resource createResource(HttpRouterContext httpRouterContext) throws IOException {
return new HtmlTemplateResource(this, httpRouterContext);
}

View file

@ -95,7 +95,9 @@ public class BaseHttpRouter implements HttpRouter {
requestBuilder.getRequestPath(),
true);
builder.httpRouteResolver.resolve(httpRoute, httpRouteResolverResults::add);
HttpRouterContext httpRouterContext = application.createContext(httpDomain, requestBuilder, responseBuilder);
HttpRouterContext httpRouterContext = application.createContext(httpDomain,
requestBuilder, responseBuilder);
// before open: invoke security, incoming cookie/session
httpRouterContext.getOpenHandlers().forEach(h -> {
try {
h.handle(httpRouterContext);
@ -147,10 +149,14 @@ public class BaseHttpRouter implements HttpRouter {
setResolverResult(httpRouterContext, httpRouteResolverResult);
httpService = httpRouteResolverResult.getValue();
httpRequest = httpRouterContext.getRequest();
for (ApplicationModule module : application.getModules()) {
module.onOpen(httpRouterContext, httpService, httpRequest);
}
// second: security check, authentication etc.
if (httpService.getSecurityDomain() != null) {
logger.log(Level.FINEST, "handling security domain service " + httpService);
for (HttpHandler httpHandler : httpService.getSecurityDomain().getHandlers()) {
logger.log(Level.FINEST, () -> "handling security handler " + httpHandler);
logger.log(Level.FINEST, () -> "handling security domain handler " + httpHandler);
httpHandler.handle(httpRouterContext);
}
}
@ -158,9 +164,6 @@ public class BaseHttpRouter implements HttpRouter {
break;
}
// after security checks, accept service, open and execute service
for (ApplicationModule module : application.getModules()) {
module.onOpen(httpRouterContext, httpService, httpRequest);
}
httpRouterContext.getAttributes().put("service", httpService);
logger.log(Level.FINEST, "handling service " + httpService);
httpService.handle(httpRouterContext);

View file

@ -39,8 +39,6 @@ public class BaseHttpRouterContext implements HttpRouterContext {
private final Attributes attributes;
private final List<HttpHandler> securityHandlers;
private final List<HttpHandler> openHandlers;
private final List<HttpHandler> closeHandlers;
@ -68,7 +66,6 @@ public class BaseHttpRouterContext implements HttpRouterContext {
this.application = application;
this.httpRequestBuilder = httpRequestBuilder;
this.httpResponseBuilder = httpResponseBuilder;
this.securityHandlers = new LinkedList<>();
this.openHandlers = new LinkedList<>();
this.closeHandlers = new LinkedList<>();
this.releaseeHandlers = new LinkedList<>();
@ -307,12 +304,6 @@ public class BaseHttpRouterContext implements HttpRouterContext {
@Override
public void close() throws IOException {
for (HttpHandler httpHandler : securityHandlers) {
if (httpHandler instanceof Closeable) {
logger.log(Level.FINE, "closing handler " + httpHandler);
((Closeable) httpHandler).close();
}
}
for (HttpHandler httpHandler : openHandlers) {
if (httpHandler instanceof Closeable) {
logger.log(Level.FINE, "closing handler " + httpHandler);

View file

@ -18,19 +18,16 @@ import org.xbib.net.http.cookie.Cookie;
import org.xbib.net.http.cookie.CookieBox;
import org.xbib.net.http.server.HttpException;
import org.xbib.net.http.server.HttpHandler;
import org.xbib.net.http.server.auth.BaseUserProfile;
import org.xbib.net.http.server.route.HttpRouterContext;
import org.xbib.net.http.server.auth.BaseUserProfile;
import org.xbib.net.http.server.cookie.CookieSignatureException;
import org.xbib.net.http.server.cookie.CookieSignatureUtil;
import org.xbib.net.http.server.persist.Codec;
import org.xbib.net.util.ExceptionFormatter;
public class IncomingContextHandler implements HttpHandler {
private static final Logger logger = Logger.getLogger(IncomingContextHandler.class.getName());
private final Codec<UserProfile> userProfileCodec;
private final String sessionSecret;
private final String sessionCookieAlgorithm;
@ -43,14 +40,12 @@ public class IncomingContextHandler implements HttpHandler {
Supplier<String> sessionIdGenerator;
public IncomingContextHandler(Codec<UserProfile> userProfileCodec,
String sessionSecret,
public IncomingContextHandler(String sessionSecret,
String sessionCookieAlgorithm,
String sessionCookieName,
Codec<Session> sessionCodec,
Set<String> suffixes,
Supplier<String> sessionIdGenerator) {
this.userProfileCodec = userProfileCodec;
this.sessionSecret = sessionSecret;
this.sessionCookieAlgorithm = sessionCookieAlgorithm;
this.sessionCookieName = sessionCookieName;
@ -66,8 +61,8 @@ public class IncomingContextHandler implements HttpHandler {
return;
}
Map<String, Object> payload = null;
UserProfile userProfile = null;
Session session = null;
UserProfile userProfile = null;
CookieBox cookieBox = context.getAttributes().get(CookieBox.class, "incomingcookies");
if (cookieBox != null) {
for (Cookie cookie : cookieBox) {
@ -77,21 +72,20 @@ public class IncomingContextHandler implements HttpHandler {
try {
// extract payload from our cookie, must be not null, otherwise security problem with exception
payload = toPayload(cookie);
logger.log(Level.FINE, payload != null && !payload.isEmpty() ? "payload found" : "no payload found");
// extract session from payload and recover session from persistence store
session = toSession(payload);
// extract user profile from session
userProfile = toUserProfile(session);
// do not log explicit content of payload, session, userprofile to not leak sensitive info into log
logger.log(Level.FINE, session != null && !session.isEmpty() ? "session found" : "no session found");
// extract userprofile from cookie info, use previous auth handler setup, recover attributes only
userProfile = recoverUserProfile(context, session, payload);
logger.log(Level.FINE, userProfile != null ? "user profile found" : "no user profile found");
logger.log(Level.FINE, (payload != null && !payload.isEmpty() ? "payload found" : "no payload") +
(session != null && !session.isEmpty() ? ", session found" : ", no session") +
(userProfile != null && userProfile.getUserId() != null ? ", user profile found (" + userProfile.getUserId() + ")" : ", no user profile"));
} catch (CookieSignatureException e) {
// set exception in context to discard broken cookie later and render exception message
context.getAttributes().put("_throwable", e);
} catch (Exception e) {
logger.log(Level.SEVERE, e.getMessage(), e);
throw new HttpException("unable to create userprofile or session: " + ExceptionFormatter.format(e),
context, HttpResponseStatus.INTERNAL_SERVER_ERROR);
throw new HttpException("unable to create session", context, HttpResponseStatus.INTERNAL_SERVER_ERROR);
}
} else {
logger.log(Level.WARNING, "received extra session cookie of same name, something is wrong, ignoring");
@ -100,14 +94,13 @@ public class IncomingContextHandler implements HttpHandler {
}
}
if (session == null) {
session = createSession(context);
if (session != null) {
session = newSession(context);
logger.log(Level.FINE, "new session created, id = " + session.id());
}
}
context.getAttributes().put("session", session);
if (userProfile == null) {
userProfile = recoverUserProfile(context, session, payload);
userProfile = newUserProfile(payload);
logger.log(Level.FINE, "new user profile created");
}
context.getAttributes().put("userprofile", userProfile);
}
@ -134,11 +127,11 @@ public class IncomingContextHandler implements HttpHandler {
return Map.of("id", id, "payload", payload, "map", CookieSignatureUtil.toMap(payload));
}
protected Session toSession(Map<String, Object> payload) {
if (payload == null) {
protected Session toSession(Map<String, Object> map) {
if (map == null) {
return null;
}
String id = (String) payload.get("id");
String id = (String) map.get("id");
Session session = null;
try {
if (id != null) {
@ -146,7 +139,7 @@ public class IncomingContextHandler implements HttpHandler {
if (session != null) {
logger.log(Level.FINE, "session id " + id + " restored, valid = " + session.isValid() +
", age = " + session.getAge() + ", expired = " + session.isExpired());
session.putAll(payload);
session.putAll(map);
}
}
} catch (Exception e) {
@ -155,7 +148,7 @@ public class IncomingContextHandler implements HttpHandler {
return session;
}
protected Session createSession(HttpRouterContext context) throws HttpException {
protected Session newSession(HttpRouterContext context) throws HttpException {
try {
return sessionCodec.create(sessionIdGenerator.get());
} catch (IOException e) {
@ -165,37 +158,32 @@ public class IncomingContextHandler implements HttpHandler {
}
@SuppressWarnings("unchecked")
protected UserProfile recoverUserProfile(HttpRouterContext context,
Session session,
Map<String, Object> payload) {
// already in context from previous handler?
UserProfile userProfile = context.getAttributes().get(UserProfile.class, "userprofile");
if (userProfile != null) {
try {
return userProfileCodec.read(userProfile.getUserId());
} catch (IOException e) {
// ignore I/O error, leads to empty user profile
}
}
// initialize
Map<String, Object> map = null;
// is user profile present in session?
if (payload == null && session != null) {
// session has stored user profile? this is important for spanning HTTP request/response like in HTTP POST/FORWARD/GET
map = (Map<String, Object>) session.get("userprofile");
} else if (payload != null) {
// is a mini user profile otherwise present in our cookie?
map = (Map<String, Object>) payload.get("map");
}
if (map != null && map.containsKey(UserProfile.USER_ID)) {
try {
return userProfileCodec.read(BaseUserProfile.fromMap(map).getUserId());
} catch (IOException e) {
// ignore I/O error, leads to incomplete user profile
}
} else {
logger.log(Level.FINE, "unable to find info for initialize user profile");
}
protected UserProfile toUserProfile(Session session) {
if (session == null) {
return null;
}
Map<String, Object> map = (Map<String, Object>) session.get("userprofile");
return map != null ? BaseUserProfile.fromMap(map) : null;
}
@SuppressWarnings("unchecked")
protected UserProfile newUserProfile(Map<String, Object> cookieMap) {
UserProfile userProfile = new BaseUserProfile();
// user_id, e_user_id are in cookie map
if (cookieMap != null) {
Map<String, Object> m = (Map<String, Object>) cookieMap.get("map");
if (m == null) {
// nothing found
return userProfile;
}
if (m.containsKey("user_id")) {
userProfile.setUserId((String) m.get("user_id"));
}
if (m.containsKey("e_user_id")) {
userProfile.setEffectiveUserId((String) m.get("e_user_id"));
}
// roles, permissions, attributes must be restored later
}
return userProfile;
}
}

View file

@ -5,11 +5,10 @@ import java.nio.charset.StandardCharsets;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.time.Duration;
import java.util.Map;
import java.util.Set;
import java.util.logging.Level;
import java.util.logging.Logger;
import org.xbib.datastructures.tiny.TinyMap;
import org.xbib.net.PercentEncoder;
import org.xbib.net.PercentEncoders;
import org.xbib.net.UserProfile;
@ -86,10 +85,10 @@ public class OutgoingContextHandler implements HttpHandler {
cookieBox.add(createEmptyCookie(host, path));
return;
}
UserProfile userProfile = context.getAttributes().get(UserProfile.class, "userprofile");
Session session = context.getAttributes().get(Session.class, "session");
if (session != null) {
try {
UserProfile userProfile = context.getAttributes().get(UserProfile.class, "userprofile");
if (userProfile != null) {
session.put("userprofile", userProfile.asMap());
}
@ -128,19 +127,17 @@ public class OutgoingContextHandler implements HttpHandler {
session.invalidate();
return createEmptyCookie(host, path);
}
TinyMap.Builder<String, Object> builder = TinyMap.builder();
if (userProfile != null) {
builder.putIfNotNull(UserProfile.USER_ID, userProfile.getUserId());
builder.putIfNotNull(UserProfile.EFFECTIVE_USER_ID, userProfile.getEffectiveUserId());
}
logger.log(Level.FINEST, "map for cookie payload = " + builder.build());
String payload = CookieSignatureUtil.toString(builder.build());
Map<String, Object> map = userProfile != null ?
Map.of("user_id", userProfile.getUserId() != null ? userProfile.getUserId() :"",
"e_user_id", userProfile.getEffectiveUserId() != null ? userProfile.getEffectiveUserId() : "") :
Map.of();
String payload = CookieSignatureUtil.toString(map);
String sig = CookieSignatureUtil.hmac(payload, sessionSecret, sessionCookieAlgorithm);
String cookieValue = String.join(":", id, payload, sig);
PercentEncoder percentEncoder = PercentEncoders.getCookieEncoder(StandardCharsets.ISO_8859_1);
DefaultCookie cookie = new DefaultCookie(sessionCookieName, percentEncoder.encode(cookieValue));
String domain = extractDomain(host);
if (domain == null || "localhost".equals(domain)) {
if ("localhost".equals(domain)) {
logger.log(Level.WARNING, "localhost not set as a cookie domain");
} else {
cookie.setDomain('.' + domain);
@ -156,7 +153,7 @@ public class OutgoingContextHandler implements HttpHandler {
private Cookie createEmptyCookie(String host, String path) {
DefaultCookie cookie = new DefaultCookie(sessionCookieName);
String domain = extractDomain(host);
if (domain == null || "localhost".equals(domain)) {
if ("localhost".equals(domain)) {
logger.log(Level.WARNING, "localhost not set as a cookie domain");
} else {
cookie.setDomain('.' + domain);
@ -171,9 +168,6 @@ public class OutgoingContextHandler implements HttpHandler {
}
private static String extractDomain(String fqdn) {
if (fqdn == null) {
return null;
}
if ("localhost".equals(fqdn)) {
return fqdn;
}

View file

@ -3,8 +3,6 @@ package org.xbib.net.http.server.session;
import java.io.IOException;
import java.util.logging.Level;
import java.util.logging.Logger;
import org.xbib.net.UserProfile;
import org.xbib.net.http.HttpResponseStatus;
import org.xbib.net.http.server.HttpException;
import org.xbib.net.http.server.HttpHandler;
@ -24,7 +22,7 @@ public class PersistSessionHandler implements HttpHandler {
@Override
public void handle(HttpRouterContext context) throws IOException {
Session session = context.getAttributes().get(Session.class, "session");
if (session != null && session.hasPayload()) {
if (session != null) {
try {
logger.log(Level.FINEST, "writing session id " + session.id() + " keys = " + session.keySet());
sessionCodec.write(session.id(), session);

View file

@ -1,4 +1,4 @@
package org.xbib.net.http.server.session;
package org.xbib.net.http.server.session.file;
import java.io.IOException;
import java.io.UncheckedIOException;
@ -17,6 +17,9 @@ import java.util.stream.Stream;
import org.xbib.net.PercentEncoder;
import org.xbib.net.PercentEncoders;
import org.xbib.net.http.server.persist.Codec;
import org.xbib.net.http.server.session.BaseSession;
import org.xbib.net.http.server.session.Session;
import org.xbib.net.http.server.session.SessionListener;
import org.xbib.net.util.JsonUtil;
public class FileJsonSessionCodec implements Codec<Session> {
@ -46,6 +49,12 @@ public class FileJsonSessionCodec implements Codec<Session> {
this.sessionCacheSize = sessionCacheSize;
this.sessionDuration = sessionDuration;
this.lock = new ReentrantReadWriteLock();
try {
Files.createDirectories(path);
} catch (IOException e) {
logger.log(Level.SEVERE, e.getMessage(), e);
throw new UncheckedIOException(e);
}
}
@Override
@ -74,7 +83,6 @@ public class FileJsonSessionCodec implements Codec<Session> {
ReentrantReadWriteLock.WriteLock writeLock = lock.writeLock();
try {
writeLock.lock();
createPath();
PercentEncoder percentEncoder = PercentEncoders.getUnreservedEncoder(StandardCharsets.UTF_8);
try (Writer writer = Files.newBufferedWriter(path.resolve(percentEncoder.encode(key)))) {
writer.write(JsonUtil.toString(session));
@ -119,37 +127,4 @@ public class FileJsonSessionCodec implements Codec<Session> {
}
}
}
@Override
public void destroy() {
try (Stream<Path> stream = Files.walk(path)) {
stream.forEach(p -> {
try {
if (!path.equals(p)) {
Files.delete(p);
}
} catch (IOException e) {
logger.log(Level.WARNING, "i/o error while destroy: " + e.getMessage(), e);
}
});
} catch (IOException e) {
logger.log(Level.WARNING, "i/o error while destroy: " + e.getMessage(), e);
}
try {
Files.delete(path);
} catch (IOException e) {
logger.log(Level.WARNING, "i/o error while destroy: " + e.getMessage(), e);
}
}
private void createPath() {
try {
if (!Files.exists(path)) {
Files.createDirectories(path);
}
} catch (IOException e) {
logger.log(Level.SEVERE, e.getMessage(), e);
throw new UncheckedIOException(e);
}
}
}

View file

@ -1,4 +1,4 @@
package org.xbib.net.http.server.session;
package org.xbib.net.http.server.session.jdbc;
import java.io.IOException;
import java.io.UncheckedIOException;
@ -14,6 +14,9 @@ import java.util.List;
import java.util.Map;
import javax.sql.DataSource;
import org.xbib.net.http.server.persist.Codec;
import org.xbib.net.http.server.session.BaseSession;
import org.xbib.net.http.server.session.Session;
import org.xbib.net.http.server.session.SessionListener;
import org.xbib.net.util.JsonUtil;
public class JdbcSessionCodec implements Codec<Session> {
@ -129,11 +132,6 @@ public class JdbcSessionCodec implements Codec<Session> {
}
}
@Override
public void destroy() {
// TODO
}
private String readString(String key) throws SQLException {
List<String> list = new ArrayList<>();
Connection connection = dataSource.getConnection();

View file

@ -1,4 +1,4 @@
package org.xbib.net.http.server.session;
package org.xbib.net.http.server.session.memory;
import java.io.IOException;
import java.time.Duration;
@ -7,6 +7,9 @@ import java.util.Map;
import java.util.Properties;
import java.util.concurrent.locks.ReentrantReadWriteLock;
import org.xbib.net.http.server.persist.Codec;
import org.xbib.net.http.server.session.BaseSession;
import org.xbib.net.http.server.session.Session;
import org.xbib.net.http.server.session.SessionListener;
public class MemoryPropertiesSessionCodec implements Codec<Session> {
@ -98,10 +101,4 @@ public class MemoryPropertiesSessionCodec implements Codec<Session> {
}
}
}
@Override
public void destroy() {
store.clear();
}
}

View file

@ -6,9 +6,7 @@ module org.xbib.net.http.server.test {
exports org.xbib.net.http.server.test.base;
exports org.xbib.net.http.server.test.ldap;
exports org.xbib.net.http.server.test.session;
exports org.xbib.net.http.server.test.userprofile;
opens org.xbib.net.http.server.test.base;
opens org.xbib.net.http.server.test.ldap;
opens org.xbib.net.http.server.test.session;
opens org.xbib.net.http.server.test.userprofile;
}

View file

@ -4,17 +4,18 @@ import java.io.IOException;
import java.nio.file.Paths;
import java.time.Duration;
import java.util.function.Supplier;
import java.util.logging.Level;
import java.util.logging.Logger;
import org.junit.jupiter.api.Test;
import org.xbib.net.http.server.persist.Codec;
import org.xbib.net.http.server.session.Session;
import org.xbib.net.http.server.session.FileJsonSessionCodec;
import org.xbib.net.http.server.session.file.FileJsonSessionCodec;
import org.xbib.net.util.RandomUtil;
import static org.junit.jupiter.api.Assertions.assertEquals;
public class JsonSessionTest {
private static final Logger logger = Logger.getLogger(JsonSessionTest.class.getName());
@Test
void testJsonSession() throws IOException {
Codec<Session> sessionCodec = newSessionCodec();
@ -22,13 +23,12 @@ public class JsonSessionTest {
session.put("a", "b");
sessionCodec.write(session.id(), session);
Session session1 = sessionCodec.read(session.id());
assertEquals("b", session1.get("a").toString());
sessionCodec.destroy();
logger.log(Level.INFO, session1.get("a").toString());
}
private Codec<Session> newSessionCodec() {
return new FileJsonSessionCodec("SESSION-TEST", null, 1024,
Duration.ofDays(1), Paths.get("build/session-test"));
Duration.ofDays(1), Paths.get("/var/tmp/session-test"));
}
private Session create(Codec<Session> sessionCodec, Supplier<String> sessionIdGenerator) throws IOException {

View file

@ -1,34 +0,0 @@
package org.xbib.net.http.server.test.userprofile;
import org.junit.jupiter.api.Test;
import org.xbib.net.UserProfile;
import org.xbib.net.http.server.persist.Codec;
import org.xbib.net.http.server.auth.FileJsonUserProfileCodec;
import java.io.IOException;
import java.nio.file.Paths;
import static org.junit.jupiter.api.Assertions.assertEquals;
public class JsonUserProfileTest {
@Test
void testJsonUserProfile() throws IOException {
Codec<UserProfile> userProfileCodec = newUserProfileCodec();
UserProfile userProfile = create(userProfileCodec);
userProfile.getAttributes().put("a", "b");
userProfileCodec.write(userProfile.getUserId(), userProfile);
UserProfile userProfile1 = userProfileCodec.read(userProfile.getUserId());
assertEquals("b", userProfile1.getAttributes().get("a").toString());
userProfileCodec.destroy();
}
private Codec<UserProfile> newUserProfileCodec() {
return new FileJsonUserProfileCodec(Paths.get("build/userprofile-test"));
}
private UserProfile create(Codec<UserProfile> userProfileCodec) throws IOException {
return userProfileCodec.create("1");
}
}

View file

@ -1,12 +1,12 @@
dependencyResolutionManagement {
versionCatalogs {
libs {
version('gradle', '8.7')
version('groovy', '4.0.21')
version('netty', '4.1.111.Final')
version('gradle', '8.5')
version('groovy', '4.0.20')
version('netty', '4.1.109.Final')
version('netty-tcnative', '2.0.65.Final')
version('datastructures', '5.1.1')
version('net', '4.8.0')
version('datastructures', '5.0.7')
version('net', '4.4.0')
library('netty-codec-http2', 'io.netty', 'netty-codec-http2').versionRef('netty')
library('netty-handler', 'io.netty', 'netty-handler').versionRef('netty')
library('netty-handler-proxy', 'io.netty', 'netty-handler-proxy').versionRef('netty')
@ -14,7 +14,8 @@ dependencyResolutionManagement {
library('netty-kqueue', 'io.netty', 'netty-transport-native-kqueue').versionRef('netty')
library('netty-boringssl', 'io.netty', 'netty-tcnative-boringssl-static').versionRef('netty-tcnative')
library('conscrypt', 'org.conscrypt', 'conscrypt-openjdk-uber').version('2.5.2')
library('jackson', 'com.fasterxml.jackson.core', 'jackson-databind').version('2.17.1')
library('jackson', 'com.fasterxml.jackson.core', 'jackson-databind').version('2.16.0')
library('jna', 'net.java.dev.jna', 'jna').version('5.14.0')
library('groovy-templates', 'org.apache.groovy', 'groovy-templates').versionRef('groovy')
library('j2html', 'org.xbib', 'j2html').version('2.0.0')
library('webjars-bootstrap', 'org.webjars', 'bootstrap').version('5.1.0')