FWK-208: Tratamento de uso de sessão com REST

Task-Url: https://demoiselle.atlassian.net/browse/FWK-208

FWK-208: Tratamento de uso de sessão com REST
Task-Url: https://demoiselle.atlassian.net/browse/FWK-208
Cleverson Sacramento
1 parent ae50723c
Showing 4 changed files with 12 additions and 89 deletions Show diff stats
impl/extension/rest/src/main/java/br/gov/frameworkdemoiselle/internal/implementation/SessionNotPermittedListener.java
impl/extension/rest/src/main/java/br/gov/frameworkdemoiselle/security/SessionNotPermittedFilter.java
impl/extension/rest/src/main/resources/META-INF/web-fragment.xml
impl/extension/rest/src/test/java/test/Tests.java
@@ -11,6 +11,7 @@ import javax.servlet.ServletContextListener;
 import javax.servlet.SessionTrackingMode;
 import javax.servlet.annotation.WebListener;
 import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpSession;
 import javax.servlet.http.HttpSessionEvent;
 import javax.servlet.http.HttpSessionListener;
@@ -35,20 +36,25 @@ public class SessionNotPermittedListener implements ServletContextListener, Http
 	@Override
 	public void sessionCreated(HttpSessionEvent event) {
-		HttpServletRequest request = Beans.getReference(HttpServletRequest.class);
-		request.setAttribute(ATTR_NAME, ATTR_VALUE);
-		event.getSession().invalidate();
+		Beans.getReference(HttpServletRequest.class).setAttribute(ATTR_NAME, ATTR_VALUE);
 	}
 	@Override
 	public void sessionDestroyed(HttpSessionEvent event) {
 	}
-	public void beforeTransactionComplete(@Observes BeforeTransactionComplete event) {
-		HttpServletRequest request = Beans.getReference(HttpServletRequest.class);
-
+	public void beforeTransactionComplete(@Observes BeforeTransactionComplete event, HttpServletRequest request) {
 		if (ATTR_VALUE.equals(request.getAttribute(ATTR_NAME))) {
+			invalidateSesstion(request);
 			throw new IllegalStateException("Session use is not permitted.");
 		}
 	}
+
+	private void invalidateSesstion(HttpServletRequest request) {
+		HttpSession session = request.getSession(false);
+
+		if (session != null) {
+			session.invalidate();
+		}
+	}
 }
@@ -1,70 +0,0 @@
-/*
- * Demoiselle Framework
- * Copyright (C) 2010 SERPRO
- * ----------------------------------------------------------------------------
- * This file is part of Demoiselle Framework.
- * 
- * Demoiselle Framework is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public License version 3
- * as published by the Free Software Foundation.
- * 
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- * 
- * You should have received a copy of the GNU Lesser General Public License version 3
- * along with this program; if not,  see <http://www.gnu.org/licenses/>
- * or write to the Free Software Foundation, Inc., 51 Franklin Street,
- * Fifth Floor, Boston, MA  02110-1301, USA.
- * ----------------------------------------------------------------------------
- * Este arquivo é parte do Framework Demoiselle.
- * 
- * O Framework Demoiselle é um software livre; você pode redistribuí-lo e/ou
- * modificá-lo dentro dos termos da GNU LGPL versão 3 como publicada pela Fundação
- * do Software Livre (FSF).
- * 
- * Este programa é distribuído na esperança que possa ser útil, mas SEM NENHUMA
- * GARANTIA; sem uma garantia implícita de ADEQUAÇÃO a qualquer MERCADO ou
- * APLICAÇÃO EM PARTICULAR. Veja a Licença Pública Geral GNU/LGPL em português
- * para maiores detalhes.
- * 
- * Você deve ter recebido uma cópia da GNU LGPL versão 3, sob o título
- * "LICENCA.txt", junto com esse programa. Se não, acesse <http://www.gnu.org/licenses/>
- * ou escreva para a Fundação do Software Livre (FSF) Inc.,
- * 51 Franklin St, Fifth Floor, Boston, MA 02111-1301, USA.
- */
-package br.gov.frameworkdemoiselle.security;
-
-import java.io.IOException;
-
-import javax.servlet.Filter;
-import javax.servlet.FilterChain;
-import javax.servlet.FilterConfig;
-import javax.servlet.ServletException;
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
-import javax.servlet.http.HttpServletResponse;
-
-public class SessionNotPermittedFilter implements Filter {
-
-	@Override
-	public void init(FilterConfig filterConfig) throws ServletException {
-	}
-
-	@Override
-	public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException,
-			ServletException {
-
-		chain.doFilter(request, response);
-
-		if ("x".equals(request.getAttribute("x"))) {
-			HttpServletResponse r = (HttpServletResponse) response;
-			r.setStatus(500);
-		}
-	}
-
-	@Override
-	public void destroy() {
-	}
-}
@@ -40,17 +40,6 @@
 	<name>demoiselle_rest</name>
-	<!--
-	<filter>
-		<filter-name>Demoiselle Session Not Permitted Filter</filter-name>
-		<filter-class>br.gov.frameworkdemoiselle.security.SessionNotPermittedFilter</filter-class>
-	</filter>
-	<filter-mapping>
-		<filter-name>Demoiselle Session Not Permitted Filter</filter-name>
-		<url-pattern>/*</url-pattern>
-	</filter-mapping>
-	-->
-	
 	<filter>
 		<filter-name>Demoiselle BasicAuth Filter</filter-name>
 		<filter-class>br.gov.frameworkdemoiselle.security.BasicAuthFilter</filter-class>
@@ -57,7 +57,6 @@ import br.gov.frameworkdemoiselle.internal.implementation.ConstraintViolationExc
 import br.gov.frameworkdemoiselle.internal.implementation.DefaultExceptionMapper;
 import br.gov.frameworkdemoiselle.internal.implementation.HttpViolationExceptionMapper;
 import br.gov.frameworkdemoiselle.internal.implementation.IllegalArgumentExceptionMapper;
-import br.gov.frameworkdemoiselle.internal.implementation.SessionNotPermittedAlertListener;
 import br.gov.frameworkdemoiselle.security.AbstractHTTPAuthorizationFilter;
 import br.gov.frameworkdemoiselle.security.BasicAuthFilter;
 import br.gov.frameworkdemoiselle.security.RESTSecurityConfig;
@@ -98,7 +97,6 @@ public final class Tests {
 				.addClass(IllegalArgumentExceptionMapper.class)
 				.addClass(DefaultExceptionMapper.class)
 				.addClass(HttpViolationExceptionMapper.class)
-				.addClass(SessionNotPermittedAlertListener.class)
 				.addClass(AbstractHTTPAuthorizationFilter.class)
 				.addClass(BasicAuthFilter.class)
 				.addClass(RESTSecurityConfig.class)
	@@ -1,70 +0,0 @@	@@ -1,70 +0,0 @@
1	-/*
2	- * Demoiselle Framework
3	- * Copyright (C) 2010 SERPRO
4	- * ----------------------------------------------------------------------------
5	- * This file is part of Demoiselle Framework.
6	- *
7	- * Demoiselle Framework is free software; you can redistribute it and/or
8	- * modify it under the terms of the GNU Lesser General Public License version 3
9	- * as published by the Free Software Foundation.
10	- *
11	- * This program is distributed in the hope that it will be useful,
12	- * but WITHOUT ANY WARRANTY; without even the implied warranty of
13	- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14	- * GNU General Public License for more details.
15	- *
16	- * You should have received a copy of the GNU Lesser General Public License version 3
17	- * along with this program; if not, see <http://www.gnu.org/licenses/>
18	- * or write to the Free Software Foundation, Inc., 51 Franklin Street,
19	- * Fifth Floor, Boston, MA 02110-1301, USA.
20	- * ----------------------------------------------------------------------------
21	- * Este arquivo é parte do Framework Demoiselle.
22	- *
23	- * O Framework Demoiselle é um software livre; você pode redistribuí-lo e/ou
24	- * modificá-lo dentro dos termos da GNU LGPL versão 3 como publicada pela Fundação
25	- * do Software Livre (FSF).
26	- *
27	- * Este programa é distribuído na esperança que possa ser útil, mas SEM NENHUMA
28	- * GARANTIA; sem uma garantia implícita de ADEQUAÇÃO a qualquer MERCADO ou
29	- * APLICAÇÃO EM PARTICULAR. Veja a Licença Pública Geral GNU/LGPL em português
30	- * para maiores detalhes.
31	- *
32	- * Você deve ter recebido uma cópia da GNU LGPL versão 3, sob o título
33	- * "LICENCA.txt", junto com esse programa. Se não, acesse <http://www.gnu.org/licenses/>
34	- * ou escreva para a Fundação do Software Livre (FSF) Inc.,
35	- * 51 Franklin St, Fifth Floor, Boston, MA 02111-1301, USA.
36	- */
37	-package br.gov.frameworkdemoiselle.security;
38	-
39	-import java.io.IOException;
40	-
41	-import javax.servlet.Filter;
42	-import javax.servlet.FilterChain;
43	-import javax.servlet.FilterConfig;
44	-import javax.servlet.ServletException;
45	-import javax.servlet.ServletRequest;
46	-import javax.servlet.ServletResponse;
47	-import javax.servlet.http.HttpServletResponse;
48	-
49	-public class SessionNotPermittedFilter implements Filter {
50	-
51	- @Override
52	- public void init(FilterConfig filterConfig) throws ServletException {
53	- }
54	-
55	- @Override
56	- public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException,
57	- ServletException {
58	-
59	- chain.doFilter(request, response);
60	-
61	- if ("x".equals(request.getAttribute("x"))) {
62	- HttpServletResponse r = (HttpServletResponse) response;
63	- r.setStatus(500);
64	- }
65	- }
66	-
67	- @Override
68	- public void destroy() {
69	- }
70	-}
	@@ -40,17 +40,6 @@		@@ -40,17 +40,6 @@
40		40
41	<name>demoiselle_rest</name>	41	<name>demoiselle_rest</name>
42		42
43	- <!--
44	- <filter>
45	- <filter-name>Demoiselle Session Not Permitted Filter</filter-name>
46	- <filter-class>br.gov.frameworkdemoiselle.security.SessionNotPermittedFilter</filter-class>
47	- </filter>
48	- <filter-mapping>
49	- <filter-name>Demoiselle Session Not Permitted Filter</filter-name>
50	- <url-pattern>/*</url-pattern>
51	- </filter-mapping>
52	- -->
53	-
54	<filter>	43	<filter>
55	<filter-name>Demoiselle BasicAuth Filter</filter-name>	44	<filter-name>Demoiselle BasicAuth Filter</filter-name>
56	<filter-class>br.gov.frameworkdemoiselle.security.BasicAuthFilter</filter-class>	45	<filter-class>br.gov.frameworkdemoiselle.security.BasicAuthFilter</filter-class>