From 04b1bc7d4c39d52819537d518a5b3b196c247e9d Mon Sep 17 00:00:00 2001 From: Cleverson Sacramento Date: Mon, 1 Dec 2014 15:32:06 -0200 Subject: [PATCH] FWK-208: Tratamento de uso de sessão com REST --- impl/extension/rest/src/main/java/br/gov/frameworkdemoiselle/internal/implementation/SessionNotPermittedListener.java | 18 ++++++++++++------ impl/extension/rest/src/main/java/br/gov/frameworkdemoiselle/security/SessionNotPermittedFilter.java | 70 ---------------------------------------------------------------------- impl/extension/rest/src/main/resources/META-INF/web-fragment.xml | 11 ----------- impl/extension/rest/src/test/java/test/Tests.java | 2 -- 4 files changed, 12 insertions(+), 89 deletions(-) delete mode 100644 impl/extension/rest/src/main/java/br/gov/frameworkdemoiselle/security/SessionNotPermittedFilter.java diff --git a/impl/extension/rest/src/main/java/br/gov/frameworkdemoiselle/internal/implementation/SessionNotPermittedListener.java b/impl/extension/rest/src/main/java/br/gov/frameworkdemoiselle/internal/implementation/SessionNotPermittedListener.java index 3ac8738..1a066f4 100644 --- a/impl/extension/rest/src/main/java/br/gov/frameworkdemoiselle/internal/implementation/SessionNotPermittedListener.java +++ b/impl/extension/rest/src/main/java/br/gov/frameworkdemoiselle/internal/implementation/SessionNotPermittedListener.java @@ -11,6 +11,7 @@ import javax.servlet.ServletContextListener; import javax.servlet.SessionTrackingMode; import javax.servlet.annotation.WebListener; import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpSession; import javax.servlet.http.HttpSessionEvent; import javax.servlet.http.HttpSessionListener; @@ -35,20 +36,25 @@ public class SessionNotPermittedListener implements ServletContextListener, Http @Override public void sessionCreated(HttpSessionEvent event) { - HttpServletRequest request = Beans.getReference(HttpServletRequest.class); - request.setAttribute(ATTR_NAME, ATTR_VALUE); - event.getSession().invalidate(); + Beans.getReference(HttpServletRequest.class).setAttribute(ATTR_NAME, ATTR_VALUE); } @Override public void sessionDestroyed(HttpSessionEvent event) { } - public void beforeTransactionComplete(@Observes BeforeTransactionComplete event) { - HttpServletRequest request = Beans.getReference(HttpServletRequest.class); - + public void beforeTransactionComplete(@Observes BeforeTransactionComplete event, HttpServletRequest request) { if (ATTR_VALUE.equals(request.getAttribute(ATTR_NAME))) { + invalidateSesstion(request); throw new IllegalStateException("Session use is not permitted."); } } + + private void invalidateSesstion(HttpServletRequest request) { + HttpSession session = request.getSession(false); + + if (session != null) { + session.invalidate(); + } + } } diff --git a/impl/extension/rest/src/main/java/br/gov/frameworkdemoiselle/security/SessionNotPermittedFilter.java b/impl/extension/rest/src/main/java/br/gov/frameworkdemoiselle/security/SessionNotPermittedFilter.java deleted file mode 100644 index 96c939b..0000000 --- a/impl/extension/rest/src/main/java/br/gov/frameworkdemoiselle/security/SessionNotPermittedFilter.java +++ /dev/null @@ -1,70 +0,0 @@ -/* - * Demoiselle Framework - * Copyright (C) 2010 SERPRO - * ---------------------------------------------------------------------------- - * This file is part of Demoiselle Framework. - * - * Demoiselle Framework is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public License version 3 - * as published by the Free Software Foundation. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public License version 3 - * along with this program; if not, see - * or write to the Free Software Foundation, Inc., 51 Franklin Street, - * Fifth Floor, Boston, MA 02110-1301, USA. - * ---------------------------------------------------------------------------- - * Este arquivo é parte do Framework Demoiselle. - * - * O Framework Demoiselle é um software livre; você pode redistribuí-lo e/ou - * modificá-lo dentro dos termos da GNU LGPL versão 3 como publicada pela Fundação - * do Software Livre (FSF). - * - * Este programa é distribuído na esperança que possa ser útil, mas SEM NENHUMA - * GARANTIA; sem uma garantia implícita de ADEQUAÇÃO a qualquer MERCADO ou - * APLICAÇÃO EM PARTICULAR. Veja a Licença Pública Geral GNU/LGPL em português - * para maiores detalhes. - * - * Você deve ter recebido uma cópia da GNU LGPL versão 3, sob o título - * "LICENCA.txt", junto com esse programa. Se não, acesse - * ou escreva para a Fundação do Software Livre (FSF) Inc., - * 51 Franklin St, Fifth Floor, Boston, MA 02111-1301, USA. - */ -package br.gov.frameworkdemoiselle.security; - -import java.io.IOException; - -import javax.servlet.Filter; -import javax.servlet.FilterChain; -import javax.servlet.FilterConfig; -import javax.servlet.ServletException; -import javax.servlet.ServletRequest; -import javax.servlet.ServletResponse; -import javax.servlet.http.HttpServletResponse; - -public class SessionNotPermittedFilter implements Filter { - - @Override - public void init(FilterConfig filterConfig) throws ServletException { - } - - @Override - public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, - ServletException { - - chain.doFilter(request, response); - - if ("x".equals(request.getAttribute("x"))) { - HttpServletResponse r = (HttpServletResponse) response; - r.setStatus(500); - } - } - - @Override - public void destroy() { - } -} diff --git a/impl/extension/rest/src/main/resources/META-INF/web-fragment.xml b/impl/extension/rest/src/main/resources/META-INF/web-fragment.xml index 65e95cd..f419b17 100644 --- a/impl/extension/rest/src/main/resources/META-INF/web-fragment.xml +++ b/impl/extension/rest/src/main/resources/META-INF/web-fragment.xml @@ -40,17 +40,6 @@ demoiselle_rest - - Demoiselle BasicAuth Filter br.gov.frameworkdemoiselle.security.BasicAuthFilter diff --git a/impl/extension/rest/src/test/java/test/Tests.java b/impl/extension/rest/src/test/java/test/Tests.java index e40d635..69679b8 100644 --- a/impl/extension/rest/src/test/java/test/Tests.java +++ b/impl/extension/rest/src/test/java/test/Tests.java @@ -57,7 +57,6 @@ import br.gov.frameworkdemoiselle.internal.implementation.ConstraintViolationExc import br.gov.frameworkdemoiselle.internal.implementation.DefaultExceptionMapper; import br.gov.frameworkdemoiselle.internal.implementation.HttpViolationExceptionMapper; import br.gov.frameworkdemoiselle.internal.implementation.IllegalArgumentExceptionMapper; -import br.gov.frameworkdemoiselle.internal.implementation.SessionNotPermittedAlertListener; import br.gov.frameworkdemoiselle.security.AbstractHTTPAuthorizationFilter; import br.gov.frameworkdemoiselle.security.BasicAuthFilter; import br.gov.frameworkdemoiselle.security.RESTSecurityConfig; @@ -98,7 +97,6 @@ public final class Tests { .addClass(IllegalArgumentExceptionMapper.class) .addClass(DefaultExceptionMapper.class) .addClass(HttpViolationExceptionMapper.class) - .addClass(SessionNotPermittedAlertListener.class) .addClass(AbstractHTTPAuthorizationFilter.class) .addClass(BasicAuthFilter.class) .addClass(RESTSecurityConfig.class) -- libgit2 0.21.2