From abd0ce80a7772eca417971e5bbaf2c411631433d Mon Sep 17 00:00:00 2001 From: Francesco Mangiacrapa Date: Mon, 13 Jan 2014 10:54:11 +0000 Subject: [PATCH] added session validation on downloads updated pom at version 6.6.0 git-svn-id: http://svn.d4science-ii.research-infrastructures.eu/gcube/trunk/portlets/user/workspace-tree-widget@90048 82a268e6-3cf1-43bd-a215-b396298e98cf --- pom.xml | 2 +- .../RequestBuilderWorkspaceValidateItem.java | 10 +++++++ .../workspace/server/DownloadServlet.java | 9 +++++- .../workspace/server/GWTWorkspaceBuilder.java | 3 +- .../server/GWTWorkspaceServiceImpl.java | 28 +------------------ .../user/workspace/server/util/WsUtil.java | 26 +++++++++++++++++ 6 files changed, 48 insertions(+), 30 deletions(-) diff --git a/pom.xml b/pom.xml index 1dc4463..3e19c3c 100644 --- a/pom.xml +++ b/pom.xml @@ -10,7 +10,7 @@ org.gcube.portlets.user workspace-tree-widget - 6.5.1-SNAPSHOT + 6.6.0-SNAPSHOT gCube Workspace Tree Widget gCube Workspace Tree Widget. diff --git a/src/main/java/org/gcube/portlets/user/workspace/client/util/RequestBuilderWorkspaceValidateItem.java b/src/main/java/org/gcube/portlets/user/workspace/client/util/RequestBuilderWorkspaceValidateItem.java index 3f93bda..560459a 100644 --- a/src/main/java/org/gcube/portlets/user/workspace/client/util/RequestBuilderWorkspaceValidateItem.java +++ b/src/main/java/org/gcube/portlets/user/workspace/client/util/RequestBuilderWorkspaceValidateItem.java @@ -3,10 +3,13 @@ */ package org.gcube.portlets.user.workspace.client.util; +import org.gcube.portlets.user.workspace.client.AppControllerExplorer; import org.gcube.portlets.user.workspace.client.ConstantsExplorer; +import org.gcube.portlets.user.workspace.client.event.SessionExpiredEvent; import org.gcube.portlets.user.workspace.client.view.windows.InfoDisplayMessage; import org.gcube.portlets.user.workspace.client.view.windows.MessageBoxAlert; import org.gcube.portlets.user.workspace.client.view.windows.NewBrowserWindow; +import org.gcube.portlets.user.workspace.shared.SessionExpiredException; import com.google.gwt.core.client.GWT; import com.google.gwt.http.client.Request; @@ -92,6 +95,13 @@ public class RequestBuilderWorkspaceValidateItem { @Override public void onError(Request request, Throwable exception) { newBrowserWindow.close(); + + if(exception instanceof SessionExpiredException){ + GWT.log("Session expired"); + AppControllerExplorer.getEventBus().fireEvent(new SessionExpiredEvent()); + return; + } + // System.out.println("exception message is "+exception.getMessage()); handleError(exception.getMessage()); } diff --git a/src/main/java/org/gcube/portlets/user/workspace/server/DownloadServlet.java b/src/main/java/org/gcube/portlets/user/workspace/server/DownloadServlet.java index 00b5c48..90684b6 100644 --- a/src/main/java/org/gcube/portlets/user/workspace/server/DownloadServlet.java +++ b/src/main/java/org/gcube/portlets/user/workspace/server/DownloadServlet.java @@ -16,6 +16,7 @@ import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import javax.servlet.http.HttpSession; import org.apache.commons.io.FilenameUtils; import org.apache.commons.io.IOUtils; @@ -47,6 +48,7 @@ import org.gcube.portlets.user.workspace.client.ConstantsExplorer; import org.gcube.portlets.user.workspace.server.property.PortalUrlGroupGatewayProperty; import org.gcube.portlets.user.workspace.server.util.WsUtil; import org.gcube.portlets.user.workspace.shared.HandlerResultMessage; +import org.gcube.portlets.user.workspace.shared.SessionExpiredException; /** * @author Federico De Faveri defaveri@isti.cnr.it @@ -89,7 +91,12 @@ public class DownloadServlet extends HttpServlet{ Workspace wa = null; try { - wa = WsUtil.getWorkspace(req.getSession()); + //ADDED 13-01-2014 SESSION VALIDATION + HttpSession session = req.getSession(); + if(WsUtil.isSessionExpired(session)) + throw new SessionExpiredException(); + + wa = WsUtil.getWorkspace(session); } catch (Exception e) { handleError(urlRedirectOnError, req, resp, itemId, HttpServletResponse.SC_INTERNAL_SERVER_ERROR +": Error during workspace retrieving"); // sendError(resp,HttpServletResponse.SC_INTERNAL_SERVER_ERROR +": Error during workspace retrieving"); diff --git a/src/main/java/org/gcube/portlets/user/workspace/server/GWTWorkspaceBuilder.java b/src/main/java/org/gcube/portlets/user/workspace/server/GWTWorkspaceBuilder.java index 4333a03..9b245ee 100644 --- a/src/main/java/org/gcube/portlets/user/workspace/server/GWTWorkspaceBuilder.java +++ b/src/main/java/org/gcube/portlets/user/workspace/server/GWTWorkspaceBuilder.java @@ -999,7 +999,8 @@ public class GWTWorkspaceBuilder { private FileGridModel buildGXTFileGridModelItemForSearch(SearchItem item, FileModel parentFileModel) throws InternalErrorException{ FileGridModel fileGridModel = null; - + + switch (item.getType()) { case FOLDER: diff --git a/src/main/java/org/gcube/portlets/user/workspace/server/GWTWorkspaceServiceImpl.java b/src/main/java/org/gcube/portlets/user/workspace/server/GWTWorkspaceServiceImpl.java index b7eaf35..e8a31f3 100644 --- a/src/main/java/org/gcube/portlets/user/workspace/server/GWTWorkspaceServiceImpl.java +++ b/src/main/java/org/gcube/portlets/user/workspace/server/GWTWorkspaceServiceImpl.java @@ -2250,32 +2250,6 @@ public class GWTWorkspaceServiceImpl extends RemoteServiceServlet implements GWT */ @Override public boolean isSessionExpired() throws Exception { - workspaceLogger.trace("workspace session validating..."); - //READING USERNAME FROM ASL SESSION - String userUsername = WsUtil.getAslSession(this.getThreadLocalRequest().getSession()).getUsername(); - boolean isTestUser = userUsername.compareTo(WsUtil.TEST_USER)==0; - -// //TODO COMMENT THIS FOR DEVELOPMENT -// workspaceLogger.trace("is "+WsUtil.TEST_USER+" user: "+isTestUser + " is test mode: "+isTestMode()); -// -// if(isTestUser && !isTestMode()){ -// workspaceLogger.error("workspace session is expired! username is: "+WsUtil.TEST_USER); -// return true; //is TEST_USER, session is expired -// } - - - //TODO UNCOMMENT THIS FOR RELEASE - workspaceLogger.trace("is "+WsUtil.TEST_USER+" user: "+isTestUser); - - if(isTestUser){ - workspaceLogger.error("workspace session is expired! username is: "+WsUtil.TEST_USER); - return true; //is TEST_USER, session is expired - } - - - workspaceLogger.trace("workspace session is valid! current username is: "+userUsername); - - return false; - + return WsUtil.isSessionExpired(this.getThreadLocalRequest().getSession()); } } diff --git a/src/main/java/org/gcube/portlets/user/workspace/server/util/WsUtil.java b/src/main/java/org/gcube/portlets/user/workspace/server/util/WsUtil.java index 361aec3..1d80e86 100644 --- a/src/main/java/org/gcube/portlets/user/workspace/server/util/WsUtil.java +++ b/src/main/java/org/gcube/portlets/user/workspace/server/util/WsUtil.java @@ -112,6 +112,32 @@ public class WsUtil { return SessionManager.getInstance().getASLSession(sessionID, user); } + /** + * + * @param httpSession + * @return true if current username into ASL session is WsUtil.TEST_USER, false otherwise + * @throws Exception + */ + public static boolean isSessionExpired(HttpSession httpSession) throws Exception { + logger.trace("workspace session validating..."); + //READING USERNAME FROM ASL SESSION + String userUsername = getAslSession(httpSession).getUsername(); + boolean isTestUser = userUsername.compareTo(WsUtil.TEST_USER)==0; + + //TODO UNCOMMENT THIS FOR RELEASE + logger.trace("Is "+WsUtil.TEST_USER+" test user? "+isTestUser); + + if(isTestUser){ + logger.error("workspace session is expired! username is: "+WsUtil.TEST_USER); + return true; //is TEST_USER, session is expired + } + + logger.trace("workspace session is valid! current username is: "+userUsername); + + return false; + + } + public static Workspace getWorkspace(final HttpSession httpSession) throws InternalErrorException, HomeNotFoundException, WorkspaceFolderNotFoundException {