[Statelessfilter-commits] SF.net SVN: statelessfilter:[117] trunk
Status: Beta
Brought to you by:
nricheton
Menu
▾
▴
[Statelessfilter-commits] SF.net SVN: statelessfilter:[117] trunk
|
From: <nri...@us...> - 2013-10-24 09:21:42
|
Revision: 117
http://sourceforge.net/p/statelessfilter/code/117
Author: nricheton
Date: 2013-10-24 09:21:39 +0000 (Thu, 24 Oct 2013)
Log Message:
-----------
Cleanup and session max time
Modified Paths:
--------------
trunk/stateless-cookie-aes/src/main/java/net/sourceforge/statelessfilter/backend/aescookie/AESCookieBackend.java
trunk/stateless-cookie-aes/src/test/java/net/sourceforge/statelessfilter/backend/aescookie/AESCookieBackendTest.java
trunk/stateless-core/src/main/java/net/sourceforge/statelessfilter/backend/support/CookieDataSupport.java
Modified: trunk/stateless-cookie-aes/src/main/java/net/sourceforge/statelessfilter/backend/aescookie/AESCookieBackend.java
===================================================================
--- trunk/stateless-cookie-aes/src/main/java/net/sourceforge/statelessfilter/backend/aescookie/AESCookieBackend.java 2013-10-24 09:02:49 UTC (rev 116)
+++ trunk/stateless-cookie-aes/src/main/java/net/sourceforge/statelessfilter/backend/aescookie/AESCookieBackend.java 2013-10-24 09:21:39 UTC (rev 117)
@@ -44,6 +44,7 @@
import org.apache.commons.codec.binary.Base64;
import org.apache.commons.lang.ArrayUtils;
+import org.apache.commons.lang.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -73,11 +74,13 @@
public static final String PARAM_COMPRESS = "compress"; //$NON-NLS-1$
public static final String PARAM_IV = "iv"; //$NON-NLS-1$
public static final String PARAM_KEY = "key"; //$NON-NLS-1$
+ public static final String PARAM_RESTRICT_IP = "restrictIP";
public static final String PARAM_SESSION_MAX_TIME = "sessionMaxTime";
public static final String PARAM_SIGN_SECRET = "secret";
private static final String SEPARATOR = "B"; //$NON-NLS-1$
private boolean compress = true;
private IvParameterSpec iv = null;
+ private boolean restrictIp;
private SecretKeySpec secretKey = null;
private Integer sessionMaxTime; // seconds
private String signSecret;
@@ -118,6 +121,10 @@
return ID;
}
+ public boolean getRestrictIp() {
+ return restrictIp;
+ }
+
public Integer getSessionMaxTime() {
return sessionMaxTime;
}
@@ -136,12 +143,13 @@
public void init(Map<String, String> config) throws Exception {
super.init(config);
this.compress = Boolean.parseBoolean(defaultIfEmpty(config.get(PARAM_COMPRESS), "true"));
+ this.restrictIp = Boolean.parseBoolean(defaultIfEmpty(config.get(PARAM_RESTRICT_IP), "true"));
this.signSecret = defaultIfEmpty(config.get(PARAM_SIGN_SECRET), UUID.randomUUID().toString());
this.sessionMaxTime = isEmpty(config.get(PARAM_SESSION_MAX_TIME)) ? null : Integer.parseInt(config
.get(PARAM_SESSION_MAX_TIME));
if (logger.isInfoEnabled()) {
logger.info(
- "Cookie name: '{}', compression: '{}', session max time: '{}'", new Object[] { this.cookieName, this.compress, this.sessionMaxTime }); //$NON-NLS-1$
+ "Cookie name: '{}', compression: '{}', " + "session max time: '{}', restrict IP: '{}'", new Object[] { this.cookieName, this.compress, this.sessionMaxTime, this.restrictIp }); //$NON-NLS-1$
}
// AES configuration
@@ -187,7 +195,18 @@
ObjectInputStream ois = new ObjectInputStream(inputStream);
CookieDataSupport s = (CookieDataSupport) ois.readObject();
- if (s.isValid() && s.getRemoteAddress().equals(getFullRemoteAddr(request))) {
+ if (restrictIp
+ && (!StringUtils.equals(s.getRemoteAddress(), getFullRemoteAddr(request)) || StringUtils
+ .isEmpty(s.getRemoteAddress()))) {
+ s.setValid(false);
+ }
+
+ if (sessionMaxTime != null
+ && System.currentTimeMillis() > s.getCreationTime() + sessionMaxTime.intValue() * 1000) {
+ s.setValid(false);
+ }
+
+ if (s.isValid()) {
return s;
}
}
Modified: trunk/stateless-cookie-aes/src/test/java/net/sourceforge/statelessfilter/backend/aescookie/AESCookieBackendTest.java
===================================================================
--- trunk/stateless-cookie-aes/src/test/java/net/sourceforge/statelessfilter/backend/aescookie/AESCookieBackendTest.java 2013-10-24 09:02:49 UTC (rev 116)
+++ trunk/stateless-cookie-aes/src/test/java/net/sourceforge/statelessfilter/backend/aescookie/AESCookieBackendTest.java 2013-10-24 09:21:39 UTC (rev 117)
@@ -1,6 +1,7 @@
package net.sourceforge.statelessfilter.backend.aescookie;
import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertFalse;
import java.util.HashMap;
import java.util.Map;
@@ -18,11 +19,15 @@
config.put(AESCookieBackend.PARAM_KEY, "0123456789ABCDEF");
config.put(AESCookieBackend.PARAM_IV, "FEDCBA9876543210");
config.put(AESCookieBackend.PARAM_SIGN_SECRET, "secret");
+ config.put(AESCookieBackend.PARAM_RESTRICT_IP, "false"); // default is true
+ config.put(AESCookieBackend.PARAM_COMPRESS, "false"); // default is true;
backend.init(config);
assertEquals(3600, backend.getSessionMaxTime().intValue());
assertEquals(3600, backend.getSessionMaxTime().intValue());
assertEquals("secret", backend.getSignSecret());
+ assertFalse( backend.getCompress());
+ assertFalse( backend.getRestrictIp());
}
@Test(expected = IllegalArgumentException.class)
Modified: trunk/stateless-core/src/main/java/net/sourceforge/statelessfilter/backend/support/CookieDataSupport.java
===================================================================
--- trunk/stateless-core/src/main/java/net/sourceforge/statelessfilter/backend/support/CookieDataSupport.java 2013-10-24 09:02:49 UTC (rev 116)
+++ trunk/stateless-core/src/main/java/net/sourceforge/statelessfilter/backend/support/CookieDataSupport.java 2013-10-24 09:21:39 UTC (rev 117)
@@ -26,87 +26,87 @@
* @author Nicolas Richeton - Capgemini
*/
public class CookieDataSupport implements ISessionData {
- private static final long serialVersionUID = -8150387390531508793L;
- private Map<String, Object> content;
- private long creationTime;
- private String id;
- private String remoteAddress;
- private boolean valid;
+ private static final long serialVersionUID = -8150387390531508793L;
+ private Map<String, Object> content;
+ private long creationTime;
+ private String id;
+ private String remoteAddress;
+ private boolean valid;
- /**
- * Defaut constructor. Returns an uninitialized object.
- */
- public CookieDataSupport() {
- // Required for deserialization.
- }
+ /**
+ * Defaut constructor. Returns an uninitialized object.
+ */
+ public CookieDataSupport() {
+ // Required for deserialization.
+ }
- /**
- * Create from an existing session object.
- *
- * @param session
- * session id or null session id is not tracked by backend.
- */
- public CookieDataSupport(ISessionData session) {
- content = new ConcurrentHashMap<String, Object>();
- content.putAll(session.getContent());
+ /**
+ * Create from an existing session object.
+ *
+ * @param session
+ * session id or null session id is not tracked by backend.
+ */
+ public CookieDataSupport(ISessionData session) {
+ content = new ConcurrentHashMap<String, Object>();
+ content.putAll(session.getContent());
- creationTime = session.getCreationTime();
- id = session.getId();
+ creationTime = session.getCreationTime();
+ id = session.getId();
- valid = session.isValid();
- }
+ valid = session.isValid();
+ }
- /**
- * Create with a session id.
- *
- * @param sessionId
- */
- public CookieDataSupport(String sessionId) {
- this.id = sessionId;
- creationTime = System.currentTimeMillis();
- content = new ConcurrentHashMap<String, Object>();
- valid = true;
- }
+ /**
+ * Create with a session id.
+ *
+ * @param sessionId
+ */
+ public CookieDataSupport(String sessionId) {
+ this.id = sessionId;
+ creationTime = System.currentTimeMillis();
+ content = new ConcurrentHashMap<String, Object>();
+ valid = true;
+ }
- public Map<String, Object> getContent() {
- return content;
- }
+ public Map<String, Object> getContent() {
+ return content;
+ }
- public long getCreationTime() {
+ public long getCreationTime() {
- return creationTime;
- }
+ return creationTime;
+ }
- public String getId() {
- return id;
- }
+ public String getId() {
+ return id;
+ }
- public String getRemoteAddress() {
- return remoteAddress;
- }
+ public String getRemoteAddress() {
+ return remoteAddress;
+ }
- public boolean isValid() {
- return valid;
- }
+ public boolean isValid() {
+ return valid;
+ }
- public void setContent(Map<String, Object> content) {
- this.content = new ConcurrentHashMap<String, Object>(content);
- }
+ public void setContent(Map<String, Object> content) {
+ this.content = new ConcurrentHashMap<String, Object>(content);
+ }
- public void setCreationTime(long creationTime) {
- this.creationTime = creationTime;
- }
+ public void setCreationTime(long creationTime) {
+ this.creationTime = creationTime;
+ }
- public void setId(String id) {
- this.id = id;
- }
+ public void setId(String id) {
+ this.id = id;
+ }
- public void setRemoteAddress(String remoteAddress) {
- this.remoteAddress = remoteAddress;
- }
+ public void setRemoteAddress(String remoteAddress) {
+ this.remoteAddress = remoteAddress;
+ }
- public void setValid(boolean valid) {
- this.valid = valid;
- }
+ public void setValid(boolean valid) {
+ this.valid = valid;
+ }
}
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
