added session validation on downloads

updated pom at version 6.6.0

git-svn-id: http://svn.d4science-ii.research-infrastructures.eu/gcube/trunk/portlets/user/workspace-tree-widget@90048 82a268e6-3cf1-43bd-a215-b396298e98cf
This commit is contained in:
Francesco Mangiacrapa 2014-01-13 10:54:11 +00:00
parent 35fcf2c995
commit abd0ce80a7
6 changed files with 48 additions and 30 deletions

View File

@ -10,7 +10,7 @@
<groupId>org.gcube.portlets.user</groupId> <groupId>org.gcube.portlets.user</groupId>
<artifactId>workspace-tree-widget</artifactId> <artifactId>workspace-tree-widget</artifactId>
<version>6.5.1-SNAPSHOT</version> <version>6.6.0-SNAPSHOT</version>
<name>gCube Workspace Tree Widget</name> <name>gCube Workspace Tree Widget</name>
<description> <description>
gCube Workspace Tree Widget. gCube Workspace Tree Widget.

View File

@ -3,10 +3,13 @@
*/ */
package org.gcube.portlets.user.workspace.client.util; package org.gcube.portlets.user.workspace.client.util;
import org.gcube.portlets.user.workspace.client.AppControllerExplorer;
import org.gcube.portlets.user.workspace.client.ConstantsExplorer; import org.gcube.portlets.user.workspace.client.ConstantsExplorer;
import org.gcube.portlets.user.workspace.client.event.SessionExpiredEvent;
import org.gcube.portlets.user.workspace.client.view.windows.InfoDisplayMessage; import org.gcube.portlets.user.workspace.client.view.windows.InfoDisplayMessage;
import org.gcube.portlets.user.workspace.client.view.windows.MessageBoxAlert; import org.gcube.portlets.user.workspace.client.view.windows.MessageBoxAlert;
import org.gcube.portlets.user.workspace.client.view.windows.NewBrowserWindow; import org.gcube.portlets.user.workspace.client.view.windows.NewBrowserWindow;
import org.gcube.portlets.user.workspace.shared.SessionExpiredException;
import com.google.gwt.core.client.GWT; import com.google.gwt.core.client.GWT;
import com.google.gwt.http.client.Request; import com.google.gwt.http.client.Request;
@ -92,6 +95,13 @@ public class RequestBuilderWorkspaceValidateItem {
@Override @Override
public void onError(Request request, Throwable exception) { public void onError(Request request, Throwable exception) {
newBrowserWindow.close(); newBrowserWindow.close();
if(exception instanceof SessionExpiredException){
GWT.log("Session expired");
AppControllerExplorer.getEventBus().fireEvent(new SessionExpiredEvent());
return;
}
// System.out.println("exception message is "+exception.getMessage()); // System.out.println("exception message is "+exception.getMessage());
handleError(exception.getMessage()); handleError(exception.getMessage());
} }

View File

@ -16,6 +16,7 @@ import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.apache.commons.io.FilenameUtils; import org.apache.commons.io.FilenameUtils;
import org.apache.commons.io.IOUtils; import org.apache.commons.io.IOUtils;
@ -47,6 +48,7 @@ import org.gcube.portlets.user.workspace.client.ConstantsExplorer;
import org.gcube.portlets.user.workspace.server.property.PortalUrlGroupGatewayProperty; import org.gcube.portlets.user.workspace.server.property.PortalUrlGroupGatewayProperty;
import org.gcube.portlets.user.workspace.server.util.WsUtil; import org.gcube.portlets.user.workspace.server.util.WsUtil;
import org.gcube.portlets.user.workspace.shared.HandlerResultMessage; import org.gcube.portlets.user.workspace.shared.HandlerResultMessage;
import org.gcube.portlets.user.workspace.shared.SessionExpiredException;
/** /**
* @author Federico De Faveri defaveri@isti.cnr.it * @author Federico De Faveri defaveri@isti.cnr.it
@ -89,7 +91,12 @@ public class DownloadServlet extends HttpServlet{
Workspace wa = null; Workspace wa = null;
try { try {
wa = WsUtil.getWorkspace(req.getSession()); //ADDED 13-01-2014 SESSION VALIDATION
HttpSession session = req.getSession();
if(WsUtil.isSessionExpired(session))
throw new SessionExpiredException();
wa = WsUtil.getWorkspace(session);
} catch (Exception e) { } catch (Exception e) {
handleError(urlRedirectOnError, req, resp, itemId, HttpServletResponse.SC_INTERNAL_SERVER_ERROR +": Error during workspace retrieving"); handleError(urlRedirectOnError, req, resp, itemId, HttpServletResponse.SC_INTERNAL_SERVER_ERROR +": Error during workspace retrieving");
// sendError(resp,HttpServletResponse.SC_INTERNAL_SERVER_ERROR +": Error during workspace retrieving"); // sendError(resp,HttpServletResponse.SC_INTERNAL_SERVER_ERROR +": Error during workspace retrieving");

View File

@ -1000,6 +1000,7 @@ public class GWTWorkspaceBuilder {
FileGridModel fileGridModel = null; FileGridModel fileGridModel = null;
switch (item.getType()) { switch (item.getType()) {
case FOLDER: case FOLDER:

View File

@ -2250,32 +2250,6 @@ public class GWTWorkspaceServiceImpl extends RemoteServiceServlet implements GWT
*/ */
@Override @Override
public boolean isSessionExpired() throws Exception { public boolean isSessionExpired() throws Exception {
workspaceLogger.trace("workspace session validating..."); return WsUtil.isSessionExpired(this.getThreadLocalRequest().getSession());
//READING USERNAME FROM ASL SESSION
String userUsername = WsUtil.getAslSession(this.getThreadLocalRequest().getSession()).getUsername();
boolean isTestUser = userUsername.compareTo(WsUtil.TEST_USER)==0;
// //TODO COMMENT THIS FOR DEVELOPMENT
// workspaceLogger.trace("is "+WsUtil.TEST_USER+" user: "+isTestUser + " is test mode: "+isTestMode());
//
// if(isTestUser && !isTestMode()){
// workspaceLogger.error("workspace session is expired! username is: "+WsUtil.TEST_USER);
// return true; //is TEST_USER, session is expired
// }
//TODO UNCOMMENT THIS FOR RELEASE
workspaceLogger.trace("is "+WsUtil.TEST_USER+" user: "+isTestUser);
if(isTestUser){
workspaceLogger.error("workspace session is expired! username is: "+WsUtil.TEST_USER);
return true; //is TEST_USER, session is expired
}
workspaceLogger.trace("workspace session is valid! current username is: "+userUsername);
return false;
} }
} }

View File

@ -112,6 +112,32 @@ public class WsUtil {
return SessionManager.getInstance().getASLSession(sessionID, user); return SessionManager.getInstance().getASLSession(sessionID, user);
} }
/**
*
* @param httpSession
* @return true if current username into ASL session is WsUtil.TEST_USER, false otherwise
* @throws Exception
*/
public static boolean isSessionExpired(HttpSession httpSession) throws Exception {
logger.trace("workspace session validating...");
//READING USERNAME FROM ASL SESSION
String userUsername = getAslSession(httpSession).getUsername();
boolean isTestUser = userUsername.compareTo(WsUtil.TEST_USER)==0;
//TODO UNCOMMENT THIS FOR RELEASE
logger.trace("Is "+WsUtil.TEST_USER+" test user? "+isTestUser);
if(isTestUser){
logger.error("workspace session is expired! username is: "+WsUtil.TEST_USER);
return true; //is TEST_USER, session is expired
}
logger.trace("workspace session is valid! current username is: "+userUsername);
return false;
}
public static Workspace getWorkspace(final HttpSession httpSession) throws InternalErrorException, HomeNotFoundException, WorkspaceFolderNotFoundException public static Workspace getWorkspace(final HttpSession httpSession) throws InternalErrorException, HomeNotFoundException, WorkspaceFolderNotFoundException
{ {