uima-ducc-web/src/main/java/org/apache/uima/ducc/ws/server/DuccWebSessionManager.java - uima-ducc - Git at Google

 /*
  * Licensed to the Apache Software Foundation (ASF) under one
  * or more contributor license agreements.  See the NOTICE file
  * distributed with this work for additional information
  * regarding copyright ownership.  The ASF licenses this file
  * to you under the Apache License, Version 2.0 (the
  * "License"); you may not use this file except in compliance
  * with the License.  You may obtain a copy of the License at
  *
  *      http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing,
  * software distributed under the License is distributed on an
  * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
  * KIND, either express or implied.  See the License for the
  * specific language governing permissions and limitations
  * under the License.
 */
 package org.apache.uima.ducc.ws.server;

 import java.security.SecureRandom;
 import java.util.concurrent.ConcurrentHashMap;

 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpSession;

 import org.apache.uima.ducc.common.utils.DuccLogger;
 import org.apache.uima.ducc.common.utils.DuccLoggerComponents;
 import org.apache.uima.ducc.common.utils.id.DuccId;

 public class DuccWebSessionManager {

 	private static DuccLogger duccLogger = DuccLoggerComponents.getWsLogger(DuccWebSessionManager.class.getName());
 	private static DuccId jobid = null;

 	public static DuccWebSessionManager instance = new DuccWebSessionManager();

 	public static DuccWebSessionManager getInstance() {
 		return instance;
 	}

 	private static SecureRandom sr = new SecureRandom();

 	public static final String ducc_user_id = "ducc.user.id";
 	public static final String ducc_validation_id = "ducc.validation.id";

 	private static final int SEGMENTS = 8;

 	private class IdSet {
 		public String sessionId;
 		public String validationId;
 	}

 	private ConcurrentHashMap<String,IdSet> map = new ConcurrentHashMap<String,IdSet>();

 	private String generateValidationId() {
 		StringBuffer sb = new StringBuffer();
 		sb.append(sr.nextLong());
 		int segments = SEGMENTS;
 		for(int i=0; i<segments; i++) {
 			sb.append(sr.nextLong());
 		}
 		return sb.toString();
 	}

 	private void iRemove(String method, String userId, IdSet idSet) {
 		String location = "iRemove"+"."+method;
 		if(idSet != null) {
 			duccLogger.info(location, jobid, "uid:"+userId);
 			duccLogger.info(location, jobid, "sid:"+idSet.sessionId);
 			duccLogger.info(location, jobid, "vid:"+idSet.validationId);
 		}
 	}

 	private void iPut(String method, String userId, IdSet idSet) {
 		String location = "iPut"+"."+method;
 		if(idSet != null) {
 			duccLogger.info(location, jobid, "uid:"+userId);
 			duccLogger.info(location, jobid, "sid:"+idSet.sessionId);
 			duccLogger.info(location, jobid, "vid:"+idSet.validationId);
 		}
 	}

 	public void login(HttpServletRequest request, String userId) {
 		String location = "login";
 		if(request == null) {
 			duccLogger.debug(location, jobid, "request is null");
 			return;
 		}
 		if(userId == null) {
 			duccLogger.debug(location, jobid, "userId is null");
 			return;
 		}
 		HttpSession session = request.getSession();
 		if(session == null) {
 			duccLogger.debug(location, jobid, "session is null");
 			return;
 		}
 		String sessionId =  session.getId();
 		if(sessionId == null) {
 			duccLogger.debug(location, jobid, "sessionId is null");
 			return;
 		}
 		iRemove(location, userId, map.get(userId));
 		String validationId = generateValidationId();
 		session.setAttribute(ducc_validation_id, validationId);
 		session.setAttribute(ducc_user_id, userId);
 		IdSet idSet = new IdSet();
 		idSet.validationId = validationId;
 		idSet.sessionId = sessionId;
 		map.put(userId, idSet);
 		iPut(location, userId, map.get(userId));
 		return;
 	}

 	public boolean logout(HttpServletRequest request) {
 		String location = "logout";
 		boolean retVal = false;
 		if(request == null) {
 			duccLogger.debug(location, jobid, "request is null");
 			return retVal;
 		}
 		HttpSession session = request.getSession();
 		if(session == null) {
 			duccLogger.debug(location, jobid, "session is null");
 			return retVal;
 		}
 		String userId = (String) session.getAttribute(ducc_user_id);
 		if(userId == null) {
 			duccLogger.debug(location, jobid, "userId is null");
 			return retVal;
 		}
 		String validationId = (String) session.getAttribute(ducc_validation_id);
 		if(validationId == null) {
 			duccLogger.debug(location, jobid, "validationId is null");
 			return retVal;
 		}
 		String sessionId =  session.getId();
 		if(sessionId == null) {
 			duccLogger.debug(location, jobid, "sessionId is null");
 			return retVal;
 		}
 		IdSet idSet = map.get(userId);
 		if(idSet == null) {
 			duccLogger.debug(location, jobid, "idSet is null");
 			return retVal;
 		}
 		if(!validationId.equals(idSet.validationId)) {
 			duccLogger.debug(location, jobid, "given:"+validationId);
 			duccLogger.debug(location, jobid, "known:"+idSet.validationId);
 			duccLogger.debug(location, jobid, "validation mismatch!");
 			return retVal;
 		}
 		if(!sessionId.equals(idSet.sessionId)) {
 			duccLogger.debug(location, jobid, "given:"+sessionId);
 			duccLogger.debug(location, jobid, "known:"+idSet.sessionId);
 			duccLogger.debug(location, jobid, "session mismatch!");
 			return retVal;
 		}
 		session.removeAttribute(ducc_validation_id);
 		session.removeAttribute(ducc_user_id);
 		map.remove(userId);
 		iRemove(location, userId, idSet);
 		retVal = true;
 		return retVal;
 	}

 	public boolean isAuthentic(HttpServletRequest request) {
 		String location = "isAuthentic";
 		if(request == null) {
 			duccLogger.debug(location, jobid, "request is null");
 			return false;
 		}
 		HttpSession session = request.getSession();
 		if(session == null) {
 			duccLogger.debug(location, jobid, "session is null");
 			return false;
 		}
 		String userId = (String) session.getAttribute(ducc_user_id);
 		if(userId == null) {
 			duccLogger.debug(location, jobid, "userId is null");
 			return false;
 		}
 		String validationId = (String) session.getAttribute(ducc_validation_id);
 		if(validationId == null) {
 			duccLogger.debug(location, jobid, "validationId is null");
 			return false;
 		}
 		String sessionId =  session.getId();
 		if(sessionId == null) {
 			duccLogger.debug(location, jobid, "sessionId is null");
 			return false;
 		}
 		IdSet idSet = map.get(userId);
 		if(idSet == null) {
 			duccLogger.debug(location, jobid, "idSet is null");
 			return false;
 		}
 		if(!validationId.equals(idSet.validationId)) {
 			duccLogger.debug(location, jobid, "given:"+validationId);
 			duccLogger.debug(location, jobid, "known:"+idSet.validationId);
 			duccLogger.debug(location, jobid, "validation mismatch!");
 			return false;
 		}
 		if(!sessionId.equals(idSet.sessionId)) {
 			duccLogger.debug(location, jobid, "given:"+sessionId);
 			duccLogger.debug(location, jobid, "known:"+idSet.sessionId);
 			duccLogger.debug(location, jobid, "session mismatch!");
 			return false;
 		}
 		return true;
 	}

 	public String getUserId(HttpServletRequest request) {
 		String retVal = null;
 		String location = "getUserId";
 		if(request == null) {
 			duccLogger.debug(location, jobid, "request is null");
 			return retVal;
 		}
 		HttpSession session = request.getSession();
 		if(session == null) {
 			duccLogger.debug(location, jobid, "session is null");
 			return retVal;
 		}
 		retVal = (String) session.getAttribute(ducc_user_id);
 		return retVal;
 	}
 }
	/*
	* Licensed to the Apache Software Foundation (ASF) under one
	* or more contributor license agreements. See the NOTICE file
	* distributed with this work for additional information
	* regarding copyright ownership. The ASF licenses this file
	* to you under the Apache License, Version 2.0 (the
	* "License"); you may not use this file except in compliance
	* with the License. You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing,
	* software distributed under the License is distributed on an
	* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
	* KIND, either express or implied. See the License for the
	* specific language governing permissions and limitations
	* under the License.
	*/
	package org.apache.uima.ducc.ws.server;

	import java.security.SecureRandom;
	import java.util.concurrent.ConcurrentHashMap;

	import javax.servlet.http.HttpServletRequest;
	import javax.servlet.http.HttpSession;

	import org.apache.uima.ducc.common.utils.DuccLogger;
	import org.apache.uima.ducc.common.utils.DuccLoggerComponents;
	import org.apache.uima.ducc.common.utils.id.DuccId;

	public class DuccWebSessionManager {

	private static DuccLogger duccLogger = DuccLoggerComponents.getWsLogger(DuccWebSessionManager.class.getName());
	private static DuccId jobid = null;

	public static DuccWebSessionManager instance = new DuccWebSessionManager();

	public static DuccWebSessionManager getInstance() {
	return instance;
	}

	private static SecureRandom sr = new SecureRandom();

	public static final String ducc_user_id = "ducc.user.id";
	public static final String ducc_validation_id = "ducc.validation.id";

	private static final int SEGMENTS = 8;

	private class IdSet {
	public String sessionId;
	public String validationId;
	}

	private ConcurrentHashMap<String,IdSet> map = new ConcurrentHashMap<String,IdSet>();

	private String generateValidationId() {
	StringBuffer sb = new StringBuffer();
	sb.append(sr.nextLong());
	int segments = SEGMENTS;
	for(int i=0; i<segments; i++) {
	sb.append(sr.nextLong());
	}
	return sb.toString();
	}

	private void iRemove(String method, String userId, IdSet idSet) {
	String location = "iRemove"+"."+method;
	if(idSet != null) {
	duccLogger.info(location, jobid, "uid:"+userId);
	duccLogger.info(location, jobid, "sid:"+idSet.sessionId);
	duccLogger.info(location, jobid, "vid:"+idSet.validationId);
	}
	}

	private void iPut(String method, String userId, IdSet idSet) {
	String location = "iPut"+"."+method;
	if(idSet != null) {
	duccLogger.info(location, jobid, "uid:"+userId);
	duccLogger.info(location, jobid, "sid:"+idSet.sessionId);
	duccLogger.info(location, jobid, "vid:"+idSet.validationId);
	}
	}

	public void login(HttpServletRequest request, String userId) {
	String location = "login";
	if(request == null) {
	duccLogger.debug(location, jobid, "request is null");
	return;
	}
	if(userId == null) {
	duccLogger.debug(location, jobid, "userId is null");
	return;
	}
	HttpSession session = request.getSession();
	if(session == null) {
	duccLogger.debug(location, jobid, "session is null");
	return;
	}
	String sessionId = session.getId();
	if(sessionId == null) {
	duccLogger.debug(location, jobid, "sessionId is null");
	return;
	}
	iRemove(location, userId, map.get(userId));
	String validationId = generateValidationId();
	session.setAttribute(ducc_validation_id, validationId);
	session.setAttribute(ducc_user_id, userId);
	IdSet idSet = new IdSet();
	idSet.validationId = validationId;
	idSet.sessionId = sessionId;
	map.put(userId, idSet);
	iPut(location, userId, map.get(userId));
	return;
	}

	public boolean logout(HttpServletRequest request) {
	String location = "logout";
	boolean retVal = false;
	if(request == null) {
	duccLogger.debug(location, jobid, "request is null");
	return retVal;
	}
	HttpSession session = request.getSession();
	if(session == null) {
	duccLogger.debug(location, jobid, "session is null");
	return retVal;
	}
	String userId = (String) session.getAttribute(ducc_user_id);
	if(userId == null) {
	duccLogger.debug(location, jobid, "userId is null");
	return retVal;
	}
	String validationId = (String) session.getAttribute(ducc_validation_id);
	if(validationId == null) {
	duccLogger.debug(location, jobid, "validationId is null");
	return retVal;
	}
	String sessionId = session.getId();
	if(sessionId == null) {
	duccLogger.debug(location, jobid, "sessionId is null");
	return retVal;
	}
	IdSet idSet = map.get(userId);
	if(idSet == null) {
	duccLogger.debug(location, jobid, "idSet is null");
	return retVal;
	}
	if(!validationId.equals(idSet.validationId)) {
	duccLogger.debug(location, jobid, "given:"+validationId);
	duccLogger.debug(location, jobid, "known:"+idSet.validationId);
	duccLogger.debug(location, jobid, "validation mismatch!");
	return retVal;
	}
	if(!sessionId.equals(idSet.sessionId)) {
	duccLogger.debug(location, jobid, "given:"+sessionId);
	duccLogger.debug(location, jobid, "known:"+idSet.sessionId);
	duccLogger.debug(location, jobid, "session mismatch!");
	return retVal;
	}
	session.removeAttribute(ducc_validation_id);
	session.removeAttribute(ducc_user_id);
	map.remove(userId);
	iRemove(location, userId, idSet);
	retVal = true;
	return retVal;
	}

	public boolean isAuthentic(HttpServletRequest request) {
	String location = "isAuthentic";
	if(request == null) {
	duccLogger.debug(location, jobid, "request is null");
	return false;
	}
	HttpSession session = request.getSession();
	if(session == null) {
	duccLogger.debug(location, jobid, "session is null");
	return false;
	}
	String userId = (String) session.getAttribute(ducc_user_id);
	if(userId == null) {
	duccLogger.debug(location, jobid, "userId is null");
	return false;
	}
	String validationId = (String) session.getAttribute(ducc_validation_id);
	if(validationId == null) {
	duccLogger.debug(location, jobid, "validationId is null");
	return false;
	}
	String sessionId = session.getId();
	if(sessionId == null) {
	duccLogger.debug(location, jobid, "sessionId is null");
	return false;
	}
	IdSet idSet = map.get(userId);
	if(idSet == null) {
	duccLogger.debug(location, jobid, "idSet is null");
	return false;
	}
	if(!validationId.equals(idSet.validationId)) {
	duccLogger.debug(location, jobid, "given:"+validationId);
	duccLogger.debug(location, jobid, "known:"+idSet.validationId);
	duccLogger.debug(location, jobid, "validation mismatch!");
	return false;
	}
	if(!sessionId.equals(idSet.sessionId)) {
	duccLogger.debug(location, jobid, "given:"+sessionId);
	duccLogger.debug(location, jobid, "known:"+idSet.sessionId);
	duccLogger.debug(location, jobid, "session mismatch!");
	return false;
	}
	return true;
	}

	public String getUserId(HttpServletRequest request) {
	String retVal = null;
	String location = "getUserId";
	if(request == null) {
	duccLogger.debug(location, jobid, "request is null");
	return retVal;
	}
	HttpSession session = request.getSession();
	if(session == null) {
	duccLogger.debug(location, jobid, "session is null");
	return retVal;
	}
	retVal = (String) session.getAttribute(ducc_user_id);
	return retVal;
	}
	}