FWK-208: Tratamento de uso de sessão com REST

Task-Url: https://demoiselle.atlassian.net/browse/FWK-208

FWK-208: Tratamento de uso de sessão com REST
Task-Url: https://demoiselle.atlassian.net/browse/FWK-208
Cleverson Sacramento
1 parent ae50723c
Showing 4 changed files with 12 additions and 89 deletions Show diff stats
impl/extension/rest/src/main/java/br/gov/frameworkdemoiselle/internal/implementation/SessionNotPermittedListener.java
impl/extension/rest/src/main/java/br/gov/frameworkdemoiselle/security/SessionNotPermittedFilter.java
impl/extension/rest/src/main/resources/META-INF/web-fragment.xml
impl/extension/rest/src/test/java/test/Tests.java
@@ -11,6 +11,7 @@ import javax.servlet.ServletContextListener;
 import javax.servlet.SessionTrackingMode;
 import javax.servlet.annotation.WebListener;
 import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpSession;
 import javax.servlet.http.HttpSessionEvent;
 import javax.servlet.http.HttpSessionListener;
  
@@ -35,20 +36,25 @@ public class SessionNotPermittedListener implements ServletContextListener, Http
  
 	@Override
 	public void sessionCreated(HttpSessionEvent event) {
-		HttpServletRequest request = Beans.getReference(HttpServletRequest.class);
-		request.setAttribute(ATTR_NAME, ATTR_VALUE);
-		event.getSession().invalidate();
+		Beans.getReference(HttpServletRequest.class).setAttribute(ATTR_NAME, ATTR_VALUE);
 	}
  
 	@Override
 	public void sessionDestroyed(HttpSessionEvent event) {
 	}
  
-	public void beforeTransactionComplete(@Observes BeforeTransactionComplete event) {
-		HttpServletRequest request = Beans.getReference(HttpServletRequest.class);
-
+	public void beforeTransactionComplete(@Observes BeforeTransactionComplete event, HttpServletRequest request) {
 		if (ATTR_VALUE.equals(request.getAttribute(ATTR_NAME))) {
+			invalidateSesstion(request);
 			throw new IllegalStateException("Session use is not permitted.");
 		}
 	}
+
+	private void invalidateSesstion(HttpServletRequest request) {
+		HttpSession session = request.getSession(false);
+
+		if (session != null) {
+			session.invalidate();
+		}
+	}
 }
@@ -1,70 +0,0 @@
-/*
- * Demoiselle Framework
- * Copyright (C) 2010 SERPRO
- * ----------------------------------------------------------------------------
- * This file is part of Demoiselle Framework.
- * 
- * Demoiselle Framework is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public License version 3
- * as published by the Free Software Foundation.
- * 
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- * 
- * You should have received a copy of the GNU Lesser General Public License version 3
- * along with this program; if not,  see <http://www.gnu.org/licenses/>
- * or write to the Free Software Foundation, Inc., 51 Franklin Street,
- * Fifth Floor, Boston, MA  02110-1301, USA.
- * ----------------------------------------------------------------------------
- * Este arquivo é parte do Framework Demoiselle.
- * 
- * O Framework Demoiselle é um software livre; você pode redistribuí-lo e/ou
- * modificá-lo dentro dos termos da GNU LGPL versão 3 como publicada pela Fundação
- * do Software Livre (FSF).
- * 
- * Este programa é distribuído na esperança que possa ser útil, mas SEM NENHUMA
- * GARANTIA; sem uma garantia implícita de ADEQUAÇÃO a qualquer MERCADO ou
- * APLICAÇÃO EM PARTICULAR. Veja a Licença Pública Geral GNU/LGPL em português
- * para maiores detalhes.
- * 
- * Você deve ter recebido uma cópia da GNU LGPL versão 3, sob o título
- * "LICENCA.txt", junto com esse programa. Se não, acesse <http://www.gnu.org/licenses/>
- * ou escreva para a Fundação do Software Livre (FSF) Inc.,
- * 51 Franklin St, Fifth Floor, Boston, MA 02111-1301, USA.
- */
-package br.gov.frameworkdemoiselle.security;
-
-import java.io.IOException;
-
-import javax.servlet.Filter;
-import javax.servlet.FilterChain;
-import javax.servlet.FilterConfig;
-import javax.servlet.ServletException;
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
-import javax.servlet.http.HttpServletResponse;
-
-public class SessionNotPermittedFilter implements Filter {
-
-	@Override
-	public void init(FilterConfig filterConfig) throws ServletException {
-	}
-
-	@Override
-	public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException,
-			ServletException {
-
-		chain.doFilter(request, response);
-
-		if ("x".equals(request.getAttribute("x"))) {
-			HttpServletResponse r = (HttpServletResponse) response;
-			r.setStatus(500);
-		}
-	}
-
-	@Override
-	public void destroy() {
-	}
-}
@@ -40,17 +40,6 @@
  
 	<name>demoiselle_rest</name>
  
-	<!--
-	<filter>
-		<filter-name>Demoiselle Session Not Permitted Filter</filter-name>
-		<filter-class>br.gov.frameworkdemoiselle.security.SessionNotPermittedFilter</filter-class>
-	</filter>
-	<filter-mapping>
-		<filter-name>Demoiselle Session Not Permitted Filter</filter-name>
-		<url-pattern>/*</url-pattern>
-	</filter-mapping>
-	-->
-	
 	<filter>
 		<filter-name>Demoiselle BasicAuth Filter</filter-name>
 		<filter-class>br.gov.frameworkdemoiselle.security.BasicAuthFilter</filter-class>
@@ -57,7 +57,6 @@ import br.gov.frameworkdemoiselle.internal.implementation.ConstraintViolationExc
 import br.gov.frameworkdemoiselle.internal.implementation.DefaultExceptionMapper;
 import br.gov.frameworkdemoiselle.internal.implementation.HttpViolationExceptionMapper;
 import br.gov.frameworkdemoiselle.internal.implementation.IllegalArgumentExceptionMapper;
-import br.gov.frameworkdemoiselle.internal.implementation.SessionNotPermittedAlertListener;
 import br.gov.frameworkdemoiselle.security.AbstractHTTPAuthorizationFilter;
 import br.gov.frameworkdemoiselle.security.BasicAuthFilter;
 import br.gov.frameworkdemoiselle.security.RESTSecurityConfig;
@@ -98,7 +97,6 @@ public final class Tests {
 				.addClass(IllegalArgumentExceptionMapper.class)
 				.addClass(DefaultExceptionMapper.class)
 				.addClass(HttpViolationExceptionMapper.class)
-				.addClass(SessionNotPermittedAlertListener.class)
 				.addClass(AbstractHTTPAuthorizationFilter.class)
 				.addClass(BasicAuthFilter.class)
 				.addClass(RESTSecurityConfig.class)
...	...	@@ -11,6 +11,7 @@ import javax.servlet.ServletContextListener;
11	11	import javax.servlet.SessionTrackingMode;
12	12	import javax.servlet.annotation.WebListener;
13	13	import javax.servlet.http.HttpServletRequest;
	14	+import javax.servlet.http.HttpSession;
14	15	import javax.servlet.http.HttpSessionEvent;
15	16	import javax.servlet.http.HttpSessionListener;
16	17
...	...	@@ -35,20 +36,25 @@ public class SessionNotPermittedListener implements ServletContextListener, Http
35	36
36	37	@Override
37	38	public void sessionCreated(HttpSessionEvent event) {
38		- HttpServletRequest request = Beans.getReference(HttpServletRequest.class);
39		- request.setAttribute(ATTR_NAME, ATTR_VALUE);
40		- event.getSession().invalidate();
	39	+ Beans.getReference(HttpServletRequest.class).setAttribute(ATTR_NAME, ATTR_VALUE);
41	40	}
42	41
43	42	@Override
44	43	public void sessionDestroyed(HttpSessionEvent event) {
45	44	}
46	45
47		- public void beforeTransactionComplete(@Observes BeforeTransactionComplete event) {
48		- HttpServletRequest request = Beans.getReference(HttpServletRequest.class);
49		-
	46	+ public void beforeTransactionComplete(@Observes BeforeTransactionComplete event, HttpServletRequest request) {
50	47	if (ATTR_VALUE.equals(request.getAttribute(ATTR_NAME))) {
	48	+ invalidateSesstion(request);
51	49	throw new IllegalStateException("Session use is not permitted.");
52	50	}
53	51	}
	52	+
	53	+ private void invalidateSesstion(HttpServletRequest request) {
	54	+ HttpSession session = request.getSession(false);
	55	+
	56	+ if (session != null) {
	57	+ session.invalidate();
	58	+ }
	59	+ }
54	60	}
...	...
...	...	@@ -1,70 +0,0 @@
1		-/*
2		- * Demoiselle Framework
3		- * Copyright (C) 2010 SERPRO
4		- * ----------------------------------------------------------------------------
5		- * This file is part of Demoiselle Framework.
6		- *
7		- * Demoiselle Framework is free software; you can redistribute it and/or
8		- * modify it under the terms of the GNU Lesser General Public License version 3
9		- * as published by the Free Software Foundation.
10		- *
11		- * This program is distributed in the hope that it will be useful,
12		- * but WITHOUT ANY WARRANTY; without even the implied warranty of
13		- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14		- * GNU General Public License for more details.
15		- *
16		- * You should have received a copy of the GNU Lesser General Public License version 3
17		- * along with this program; if not, see <http://www.gnu.org/licenses/>
18		- * or write to the Free Software Foundation, Inc., 51 Franklin Street,
19		- * Fifth Floor, Boston, MA 02110-1301, USA.
20		- * ----------------------------------------------------------------------------
21		- * Este arquivo é parte do Framework Demoiselle.
22		- *
23		- * O Framework Demoiselle é um software livre; você pode redistribuí-lo e/ou
24		- * modificá-lo dentro dos termos da GNU LGPL versão 3 como publicada pela Fundação
25		- * do Software Livre (FSF).
26		- *
27		- * Este programa é distribuído na esperança que possa ser útil, mas SEM NENHUMA
28		- * GARANTIA; sem uma garantia implícita de ADEQUAÇÃO a qualquer MERCADO ou
29		- * APLICAÇÃO EM PARTICULAR. Veja a Licença Pública Geral GNU/LGPL em português
30		- * para maiores detalhes.
31		- *
32		- * Você deve ter recebido uma cópia da GNU LGPL versão 3, sob o título
33		- * "LICENCA.txt", junto com esse programa. Se não, acesse <http://www.gnu.org/licenses/>
34		- * ou escreva para a Fundação do Software Livre (FSF) Inc.,
35		- * 51 Franklin St, Fifth Floor, Boston, MA 02111-1301, USA.
36		- */
37		-package br.gov.frameworkdemoiselle.security;
38		-
39		-import java.io.IOException;
40		-
41		-import javax.servlet.Filter;
42		-import javax.servlet.FilterChain;
43		-import javax.servlet.FilterConfig;
44		-import javax.servlet.ServletException;
45		-import javax.servlet.ServletRequest;
46		-import javax.servlet.ServletResponse;
47		-import javax.servlet.http.HttpServletResponse;
48		-
49		-public class SessionNotPermittedFilter implements Filter {
50		-
51		- @Override
52		- public void init(FilterConfig filterConfig) throws ServletException {
53		- }
54		-
55		- @Override
56		- public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException,
57		- ServletException {
58		-
59		- chain.doFilter(request, response);
60		-
61		- if ("x".equals(request.getAttribute("x"))) {
62		- HttpServletResponse r = (HttpServletResponse) response;
63		- r.setStatus(500);
64		- }
65		- }
66		-
67		- @Override
68		- public void destroy() {
69		- }
70		-}
...	...	@@ -40,17 +40,6 @@
40	40
41	41	<name>demoiselle_rest</name>
42	42
43		- <!--
44		- <filter>
45		- <filter-name>Demoiselle Session Not Permitted Filter</filter-name>
46		- <filter-class>br.gov.frameworkdemoiselle.security.SessionNotPermittedFilter</filter-class>
47		- </filter>
48		- <filter-mapping>
49		- <filter-name>Demoiselle Session Not Permitted Filter</filter-name>
50		- <url-pattern>/*</url-pattern>
51		- </filter-mapping>
52		- -->
53		-
54	43	<filter>
55	44	<filter-name>Demoiselle BasicAuth Filter</filter-name>
56	45	<filter-class>br.gov.frameworkdemoiselle.security.BasicAuthFilter</filter-class>
...	...
...	...	@@ -57,7 +57,6 @@ import br.gov.frameworkdemoiselle.internal.implementation.ConstraintViolationExc
57	57	import br.gov.frameworkdemoiselle.internal.implementation.DefaultExceptionMapper;
58	58	import br.gov.frameworkdemoiselle.internal.implementation.HttpViolationExceptionMapper;
59	59	import br.gov.frameworkdemoiselle.internal.implementation.IllegalArgumentExceptionMapper;
60		-import br.gov.frameworkdemoiselle.internal.implementation.SessionNotPermittedAlertListener;
61	60	import br.gov.frameworkdemoiselle.security.AbstractHTTPAuthorizationFilter;
62	61	import br.gov.frameworkdemoiselle.security.BasicAuthFilter;
63	62	import br.gov.frameworkdemoiselle.security.RESTSecurityConfig;
...	...	@@ -98,7 +97,6 @@ public final class Tests {
98	97	.addClass(IllegalArgumentExceptionMapper.class)
99	98	.addClass(DefaultExceptionMapper.class)
100	99	.addClass(HttpViolationExceptionMapper.class)
101		- .addClass(SessionNotPermittedAlertListener.class)
102	100	.addClass(AbstractHTTPAuthorizationFilter.class)
103	101	.addClass(BasicAuthFilter.class)
104	102	.addClass(RESTSecurityConfig.class)
...	...