FWK-208: Tratamento de uso de sessão com REST

Task-Url: https://demoiselle.atlassian.net/browse/FWK-208

FWK-208: Tratamento de uso de sessão com REST
Task-Url: https://demoiselle.atlassian.net/browse/FWK-208
Cleverson Sacramento
1 parent acdef681
Showing 5 changed files with 122 additions and 6 deletions Show diff stats
impl/extension/rest/src/main/java/br/gov/frameworkdemoiselle/internal/implementation/DefaultExceptionMapper.java
impl/extension/rest/src/main/java/br/gov/frameworkdemoiselle/internal/implementation/SessionNotPermittedListener.java
impl/extension/rest/src/main/java/br/gov/frameworkdemoiselle/security/SessionNotPermittedFilter.java
impl/extension/rest/src/main/resources/META-INF/web-fragment.xml
impl/extension/rest/src/test/java/test/Tests.java
@@ -25,7 +25,7 @@ public class DefaultExceptionMapper implements ExceptionMapper&lt;Throwable&gt; {
 		String message = getBundle().getString("internal-server-error");
 		getLogger().log(SEVERE, message, exception);
  
-		return Response.status(INTERNAL_SERVER_ERROR).entity(message).build();
+		return Response.status(INTERNAL_SERVER_ERROR).entity(message).type("text/plain").build();
 	}
  
 	private ResourceBundle getBundle() {
 package br.gov.frameworkdemoiselle.internal.implementation;
  
+import static javax.servlet.SessionTrackingMode.URL;
+
+import java.util.HashSet;
+import java.util.Set;
+
+import javax.enterprise.event.Observes;
+import javax.servlet.ServletContextEvent;
+import javax.servlet.ServletContextListener;
+import javax.servlet.SessionTrackingMode;
 import javax.servlet.annotation.WebListener;
+import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpSessionEvent;
 import javax.servlet.http.HttpSessionListener;
  
+import br.gov.frameworkdemoiselle.transaction.BeforeTransactionComplete;
+import br.gov.frameworkdemoiselle.util.Beans;
+
 @WebListener
-public class SessionNotPermittedListener implements HttpSessionListener {
+public class SessionNotPermittedListener implements ServletContextListener, HttpSessionListener {
+
+	private static final String ATTR_NAME = "br.gov.frameworkdemoiselle.SESSION_NOT_PERMITTED";
+
+	private static final String ATTR_VALUE = "created";
+
+	public void contextInitialized(ServletContextEvent event) {
+		Set<SessionTrackingMode> modes = new HashSet<SessionTrackingMode>();
+		modes.add(URL);
+		event.getServletContext().setSessionTrackingModes(modes);
+	}
+
+	public void contextDestroyed(ServletContextEvent event) {
+	}
  
 	@Override
 	public void sessionCreated(HttpSessionEvent event) {
-		// event.getSession().invalidate();
-		// throw new IllegalStateException("Session use is not permitted.");
+		HttpServletRequest request = Beans.getReference(HttpServletRequest.class);
+		request.setAttribute(ATTR_NAME, ATTR_VALUE);
+		event.getSession().invalidate();
 	}
  
 	@Override
 	public void sessionDestroyed(HttpSessionEvent event) {
 	}
+
+	public void beforeTransactionComplete(@Observes BeforeTransactionComplete event) {
+		HttpServletRequest request = Beans.getReference(HttpServletRequest.class);
+
+		if (ATTR_VALUE.equals(request.getAttribute(ATTR_NAME))) {
+			throw new IllegalStateException("Session use is not permitted.");
+		}
+	}
 }
@@ -0,0 +1,70 @@
+/*
+ * Demoiselle Framework
+ * Copyright (C) 2010 SERPRO
+ * ----------------------------------------------------------------------------
+ * This file is part of Demoiselle Framework.
+ * 
+ * Demoiselle Framework is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License version 3
+ * as published by the Free Software Foundation.
+ * 
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public License version 3
+ * along with this program; if not,  see <http://www.gnu.org/licenses/>
+ * or write to the Free Software Foundation, Inc., 51 Franklin Street,
+ * Fifth Floor, Boston, MA  02110-1301, USA.
+ * ----------------------------------------------------------------------------
+ * Este arquivo é parte do Framework Demoiselle.
+ * 
+ * O Framework Demoiselle é um software livre; você pode redistribuí-lo e/ou
+ * modificá-lo dentro dos termos da GNU LGPL versão 3 como publicada pela Fundação
+ * do Software Livre (FSF).
+ * 
+ * Este programa é distribuído na esperança que possa ser útil, mas SEM NENHUMA
+ * GARANTIA; sem uma garantia implícita de ADEQUAÇÃO a qualquer MERCADO ou
+ * APLICAÇÃO EM PARTICULAR. Veja a Licença Pública Geral GNU/LGPL em português
+ * para maiores detalhes.
+ * 
+ * Você deve ter recebido uma cópia da GNU LGPL versão 3, sob o título
+ * "LICENCA.txt", junto com esse programa. Se não, acesse <http://www.gnu.org/licenses/>
+ * ou escreva para a Fundação do Software Livre (FSF) Inc.,
+ * 51 Franklin St, Fifth Floor, Boston, MA 02111-1301, USA.
+ */
+package br.gov.frameworkdemoiselle.security;
+
+import java.io.IOException;
+
+import javax.servlet.Filter;
+import javax.servlet.FilterChain;
+import javax.servlet.FilterConfig;
+import javax.servlet.ServletException;
+import javax.servlet.ServletRequest;
+import javax.servlet.ServletResponse;
+import javax.servlet.http.HttpServletResponse;
+
+public class SessionNotPermittedFilter implements Filter {
+
+	@Override
+	public void init(FilterConfig filterConfig) throws ServletException {
+	}
+
+	@Override
+	public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException,
+			ServletException {
+
+		chain.doFilter(request, response);
+
+		if ("x".equals(request.getAttribute("x"))) {
+			HttpServletResponse r = (HttpServletResponse) response;
+			r.setStatus(500);
+		}
+	}
+
+	@Override
+	public void destroy() {
+	}
+}
@@ -40,6 +40,17 @@
  
 	<name>demoiselle_rest</name>
  
+	<!--
+	<filter>
+		<filter-name>Demoiselle Session Not Permitted Filter</filter-name>
+		<filter-class>br.gov.frameworkdemoiselle.security.SessionNotPermittedFilter</filter-class>
+	</filter>
+	<filter-mapping>
+		<filter-name>Demoiselle Session Not Permitted Filter</filter-name>
+		<url-pattern>/*</url-pattern>
+	</filter-mapping>
+	-->
+	
 	<filter>
 		<filter-name>Demoiselle BasicAuth Filter</filter-name>
 		<filter-class>br.gov.frameworkdemoiselle.security.BasicAuthFilter</filter-class>
@@ -57,7 +57,7 @@ import br.gov.frameworkdemoiselle.internal.implementation.ConstraintViolationExc
 import br.gov.frameworkdemoiselle.internal.implementation.DefaultExceptionMapper;
 import br.gov.frameworkdemoiselle.internal.implementation.HttpViolationExceptionMapper;
 import br.gov.frameworkdemoiselle.internal.implementation.IllegalArgumentExceptionMapper;
-import br.gov.frameworkdemoiselle.internal.implementation.SessionNotPermittedListener;
+import br.gov.frameworkdemoiselle.internal.implementation.SessionNotPermittedAlertListener;
 import br.gov.frameworkdemoiselle.security.AbstractHTTPAuthorizationFilter;
 import br.gov.frameworkdemoiselle.security.BasicAuthFilter;
 import br.gov.frameworkdemoiselle.security.RESTSecurityConfig;
@@ -98,7 +98,7 @@ public final class Tests {
 				.addClass(IllegalArgumentExceptionMapper.class)
 				.addClass(DefaultExceptionMapper.class)
 				.addClass(HttpViolationExceptionMapper.class)
-				.addClass(SessionNotPermittedListener.class)
+				.addClass(SessionNotPermittedAlertListener.class)
 				.addClass(AbstractHTTPAuthorizationFilter.class)
 				.addClass(BasicAuthFilter.class)
 				.addClass(RESTSecurityConfig.class)
...	...	@@ -25,7 +25,7 @@ public class DefaultExceptionMapper implements ExceptionMapper<Throwable> {
25	25	String message = getBundle().getString("internal-server-error");
26	26	getLogger().log(SEVERE, message, exception);
27	27
28		- return Response.status(INTERNAL_SERVER_ERROR).entity(message).build();
	28	+ return Response.status(INTERNAL_SERVER_ERROR).entity(message).type("text/plain").build();
29	29	}
30	30
31	31	private ResourceBundle getBundle() {
...	...
1	1	package br.gov.frameworkdemoiselle.internal.implementation;
2	2
	3	+import static javax.servlet.SessionTrackingMode.URL;
	4	+
	5	+import java.util.HashSet;
	6	+import java.util.Set;
	7	+
	8	+import javax.enterprise.event.Observes;
	9	+import javax.servlet.ServletContextEvent;
	10	+import javax.servlet.ServletContextListener;
	11	+import javax.servlet.SessionTrackingMode;
3	12	import javax.servlet.annotation.WebListener;
	13	+import javax.servlet.http.HttpServletRequest;
4	14	import javax.servlet.http.HttpSessionEvent;
5	15	import javax.servlet.http.HttpSessionListener;
6	16
	17	+import br.gov.frameworkdemoiselle.transaction.BeforeTransactionComplete;
	18	+import br.gov.frameworkdemoiselle.util.Beans;
	19	+
7	20	@WebListener
8		-public class SessionNotPermittedListener implements HttpSessionListener {
	21	+public class SessionNotPermittedListener implements ServletContextListener, HttpSessionListener {
	22	+
	23	+ private static final String ATTR_NAME = "br.gov.frameworkdemoiselle.SESSION_NOT_PERMITTED";
	24	+
	25	+ private static final String ATTR_VALUE = "created";
	26	+
	27	+ public void contextInitialized(ServletContextEvent event) {
	28	+ Set<SessionTrackingMode> modes = new HashSet<SessionTrackingMode>();
	29	+ modes.add(URL);
	30	+ event.getServletContext().setSessionTrackingModes(modes);
	31	+ }
	32	+
	33	+ public void contextDestroyed(ServletContextEvent event) {
	34	+ }
9	35
10	36	@Override
11	37	public void sessionCreated(HttpSessionEvent event) {
12		- // event.getSession().invalidate();
13		- // throw new IllegalStateException("Session use is not permitted.");
	38	+ HttpServletRequest request = Beans.getReference(HttpServletRequest.class);
	39	+ request.setAttribute(ATTR_NAME, ATTR_VALUE);
	40	+ event.getSession().invalidate();
14	41	}
15	42
16	43	@Override
17	44	public void sessionDestroyed(HttpSessionEvent event) {
18	45	}
	46	+
	47	+ public void beforeTransactionComplete(@Observes BeforeTransactionComplete event) {
	48	+ HttpServletRequest request = Beans.getReference(HttpServletRequest.class);
	49	+
	50	+ if (ATTR_VALUE.equals(request.getAttribute(ATTR_NAME))) {
	51	+ throw new IllegalStateException("Session use is not permitted.");
	52	+ }
	53	+ }
19	54	}
...	...
...	...	@@ -0,0 +1,70 @@
	1	+/*
	2	+ * Demoiselle Framework
	3	+ * Copyright (C) 2010 SERPRO
	4	+ * ----------------------------------------------------------------------------
	5	+ * This file is part of Demoiselle Framework.
	6	+ *
	7	+ * Demoiselle Framework is free software; you can redistribute it and/or
	8	+ * modify it under the terms of the GNU Lesser General Public License version 3
	9	+ * as published by the Free Software Foundation.
	10	+ *
	11	+ * This program is distributed in the hope that it will be useful,
	12	+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
	13	+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	14	+ * GNU General Public License for more details.
	15	+ *
	16	+ * You should have received a copy of the GNU Lesser General Public License version 3
	17	+ * along with this program; if not, see <http://www.gnu.org/licenses/>
	18	+ * or write to the Free Software Foundation, Inc., 51 Franklin Street,
	19	+ * Fifth Floor, Boston, MA 02110-1301, USA.
	20	+ * ----------------------------------------------------------------------------
	21	+ * Este arquivo é parte do Framework Demoiselle.
	22	+ *
	23	+ * O Framework Demoiselle é um software livre; você pode redistribuí-lo e/ou
	24	+ * modificá-lo dentro dos termos da GNU LGPL versão 3 como publicada pela Fundação
	25	+ * do Software Livre (FSF).
	26	+ *
	27	+ * Este programa é distribuído na esperança que possa ser útil, mas SEM NENHUMA
	28	+ * GARANTIA; sem uma garantia implícita de ADEQUAÇÃO a qualquer MERCADO ou
	29	+ * APLICAÇÃO EM PARTICULAR. Veja a Licença Pública Geral GNU/LGPL em português
	30	+ * para maiores detalhes.
	31	+ *
	32	+ * Você deve ter recebido uma cópia da GNU LGPL versão 3, sob o título
	33	+ * "LICENCA.txt", junto com esse programa. Se não, acesse <http://www.gnu.org/licenses/>
	34	+ * ou escreva para a Fundação do Software Livre (FSF) Inc.,
	35	+ * 51 Franklin St, Fifth Floor, Boston, MA 02111-1301, USA.
	36	+ */
	37	+package br.gov.frameworkdemoiselle.security;
	38	+
	39	+import java.io.IOException;
	40	+
	41	+import javax.servlet.Filter;
	42	+import javax.servlet.FilterChain;
	43	+import javax.servlet.FilterConfig;
	44	+import javax.servlet.ServletException;
	45	+import javax.servlet.ServletRequest;
	46	+import javax.servlet.ServletResponse;
	47	+import javax.servlet.http.HttpServletResponse;
	48	+
	49	+public class SessionNotPermittedFilter implements Filter {
	50	+
	51	+ @Override
	52	+ public void init(FilterConfig filterConfig) throws ServletException {
	53	+ }
	54	+
	55	+ @Override
	56	+ public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException,
	57	+ ServletException {
	58	+
	59	+ chain.doFilter(request, response);
	60	+
	61	+ if ("x".equals(request.getAttribute("x"))) {
	62	+ HttpServletResponse r = (HttpServletResponse) response;
	63	+ r.setStatus(500);
	64	+ }
	65	+ }
	66	+
	67	+ @Override
	68	+ public void destroy() {
	69	+ }
	70	+}
...	...
...	...	@@ -40,6 +40,17 @@
40	40
41	41	<name>demoiselle_rest</name>
42	42
	43	+ <!--
	44	+ <filter>
	45	+ <filter-name>Demoiselle Session Not Permitted Filter</filter-name>
	46	+ <filter-class>br.gov.frameworkdemoiselle.security.SessionNotPermittedFilter</filter-class>
	47	+ </filter>
	48	+ <filter-mapping>
	49	+ <filter-name>Demoiselle Session Not Permitted Filter</filter-name>
	50	+ <url-pattern>/*</url-pattern>
	51	+ </filter-mapping>
	52	+ -->
	53	+
43	54	<filter>
44	55	<filter-name>Demoiselle BasicAuth Filter</filter-name>
45	56	<filter-class>br.gov.frameworkdemoiselle.security.BasicAuthFilter</filter-class>
...	...
...	...	@@ -57,7 +57,7 @@ import br.gov.frameworkdemoiselle.internal.implementation.ConstraintViolationExc
57	57	import br.gov.frameworkdemoiselle.internal.implementation.DefaultExceptionMapper;
58	58	import br.gov.frameworkdemoiselle.internal.implementation.HttpViolationExceptionMapper;
59	59	import br.gov.frameworkdemoiselle.internal.implementation.IllegalArgumentExceptionMapper;
60		-import br.gov.frameworkdemoiselle.internal.implementation.SessionNotPermittedListener;
	60	+import br.gov.frameworkdemoiselle.internal.implementation.SessionNotPermittedAlertListener;
61	61	import br.gov.frameworkdemoiselle.security.AbstractHTTPAuthorizationFilter;
62	62	import br.gov.frameworkdemoiselle.security.BasicAuthFilter;
63	63	import br.gov.frameworkdemoiselle.security.RESTSecurityConfig;
...	...	@@ -98,7 +98,7 @@ public final class Tests {
98	98	.addClass(IllegalArgumentExceptionMapper.class)
99	99	.addClass(DefaultExceptionMapper.class)
100	100	.addClass(HttpViolationExceptionMapper.class)
101		- .addClass(SessionNotPermittedListener.class)
	101	+ .addClass(SessionNotPermittedAlertListener.class)
102	102	.addClass(AbstractHTTPAuthorizationFilter.class)
103	103	.addClass(BasicAuthFilter.class)
104	104	.addClass(RESTSecurityConfig.class)
...	...