1
2
3
4
5
6
7
8
9
10
11
12
13
14
15 package org.mortbay.jetty.servlet;
16
17 import java.security.NoSuchAlgorithmException;
18 import java.security.SecureRandom;
19 import java.util.Random;
20
21 import javax.servlet.http.HttpServletRequest;
22 import javax.servlet.http.HttpSession;
23
24 import org.mortbay.component.AbstractLifeCycle;
25 import org.mortbay.jetty.SessionIdManager;
26 import org.mortbay.jetty.servlet.AbstractSessionManager.Session;
27 import org.mortbay.log.Log;
28 import org.mortbay.util.MultiMap;
29
30
31
32
33
34 public class HashSessionIdManager extends AbstractLifeCycle implements SessionIdManager
35 {
36 private final static String __NEW_SESSION_ID="org.mortbay.jetty.newSessionId";
37 protected final static String SESSION_ID_RANDOM_ALGORITHM = "SHA1PRNG";
38 protected final static String SESSION_ID_RANDOM_ALGORITHM_ALT = "IBMSecureRandom";
39
40 MultiMap<String> _sessions;
41 protected Random _random;
42 private boolean _weakRandom;
43 private String _workerName;
44
45
46 public HashSessionIdManager()
47 {
48 }
49
50
51 public HashSessionIdManager(Random random)
52 {
53 _random=random;
54
55 }
56
57
58
59
60
61
62
63
64 public String getWorkerName()
65 {
66 return _workerName;
67 }
68
69
70
71
72
73
74
75
76 public void setWorkerName(String workerName)
77 {
78 _workerName=workerName;
79 }
80
81
82
83
84
85
86
87 public String getNodeId(String clusterId,HttpServletRequest request)
88 {
89 String worker=request==null?null:(String)request.getAttribute("org.mortbay.http.ajp.JVMRoute");
90 if (worker!=null)
91 return clusterId+'.'+worker;
92
93 if (_workerName!=null)
94 return clusterId+'.'+_workerName;
95
96 return clusterId;
97 }
98
99
100
101
102
103
104
105 public String getClusterId(String nodeId)
106 {
107 int dot=nodeId.lastIndexOf('.');
108 return (dot>0)?nodeId.substring(0,dot):nodeId;
109 }
110
111
112 protected void doStart()
113 {
114 if (_random==null)
115 {
116 try
117 {
118
119
120
121 Log.debug("Init SecureRandom.");
122 _random=SecureRandom.getInstance(SESSION_ID_RANDOM_ALGORITHM);
123 }
124 catch (NoSuchAlgorithmException e)
125 {
126 try
127 {
128 _random=SecureRandom.getInstance(SESSION_ID_RANDOM_ALGORITHM_ALT);
129 _weakRandom=false;
130 }
131 catch (NoSuchAlgorithmException e_alt)
132 {
133 Log.warn("Could not generate SecureRandom for session-id randomness",e);
134 _random=new Random();
135 _weakRandom=true;
136 }
137 }
138 }
139 _random.setSeed(_random.nextLong()^System.currentTimeMillis()^hashCode()^Runtime.getRuntime().freeMemory());
140 _sessions=new MultiMap<String>(true);
141 }
142
143
144 protected void doStop()
145 {
146 if (_sessions!=null)
147 _sessions.clear();
148 _sessions=null;
149 }
150
151
152
153
154
155 public boolean idInUse(String id)
156 {
157 return _sessions.containsKey(id);
158 }
159
160
161
162
163
164 public void addSession(HttpSession session)
165 {
166 _sessions.add(getClusterId(session.getId()),session);
167 }
168
169
170
171
172
173 public void removeSession(HttpSession session)
174 {
175 _sessions.removeValue(getClusterId(session.getId()),session);
176 }
177
178
179
180
181
182 public void invalidateAll(String id)
183 {
184
185
186 while (_sessions.containsKey(id))
187 {
188 Session session=(Session)_sessions.getValue(id,0);
189 if (session.isValid())
190 session.invalidate();
191 else
192 _sessions.removeValue(id,session);
193 }
194 }
195
196
197
198
199
200
201
202
203
204
205 public String newSessionId(HttpServletRequest request, long created)
206 {
207 synchronized (this)
208 {
209
210 String requested_id=request.getRequestedSessionId();
211
212 if (requested_id!=null)
213 {
214 String cluster_id=getClusterId(requested_id);
215 if (idInUse(cluster_id))
216 return cluster_id;
217 }
218
219
220 String new_id=(String)request.getAttribute(__NEW_SESSION_ID);
221 if (new_id!=null&&idInUse(new_id))
222 return new_id;
223
224
225 String id=null;
226 while (id==null||id.length()==0||idInUse(id))
227 {
228 long r=_weakRandom
229 ?(hashCode()^Runtime.getRuntime().freeMemory()^_random.nextInt()^(((long)request.hashCode())<<32))
230 :_random.nextLong();
231 r^=created;
232 if (request!=null && request.getRemoteAddr()!=null)
233 r^=request.getRemoteAddr().hashCode();
234 if (r<0)
235 r=-r;
236 id=Long.toString(r,36);
237 }
238
239 request.setAttribute(__NEW_SESSION_ID,id);
240 return id;
241 }
242 }
243
244
245 public Random getRandom()
246 {
247 return _random;
248 }
249
250
251 public void setRandom(Random random)
252 {
253 _random=random;
254 _weakRandom=false;
255 }
256
257 }