Sun Java Solaris Communities My SDN Account Join SDN
» search tips 
Sun Developer Network
SDN Home > Products & Technologies > Java Technology > Reference > Technical Articles and Tips > Developer Technical Articles & Tips > Java Developer Connection (JDC):Behind the Scenes >
 
Article

SessionServlet Code

 
  Print-friendly VersionPrint-friendly Version
 

Articles Index

Tony Squier - JDC Tools Engineer
  1. /**
  2. * Copyright (c) 1996 Sun Microsystems, Inc. All Rights Reserved.
  3. *
  4. * Permission to use, copy, modify, and distribute this software
  5. * and its documentation for NON-COMMERCIAL purposes and without
  6. * fee is hereby granted provided that this copyright notice
  7. * appears in all copies. Please refer to the file "copyright.html"
  8. * for further important copyright and licensing information.
  9. *
  10. * The Java source code is the confidential and proprietary information
  11. * of Sun Microsystems, Inc. ("Confidential Information"). You shall
  12. * not disclose such Confidential Information and shall use it only in
  13. * accordance with the terms of the license agreement you entered into
  14. * with Sun.
  15. *
  16. * SUN MAKES NO REPRESENTATIONS OR WARRANTIES ABOUT THE SUITABILITY OF
  17. * THE SOFTWARE, EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED
  18. * TO THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A
  19. * PARTICULAR PURPOSE, OR NON-INFRINGEMENT. SUN SHALL NOT BE LIABLE FOR
  20. * ANY DAMAGES SUFFERED BY LICENSEE AS A RESULT OF USING, MODIFYING OR
  21. * DISTRIBUTING THIS SOFTWARE OR ITS DERIVATIVES.
  22. */
  23. import java.io.*;
  24. import javax.servlet.*;
  25. import javax.servlet.http.*;
  26. import sun.server.http.*;
  27. import sun.misc.*;
  28. import sun.servlet.http.Cookie;
  29. import java.util.*;
  31. /**
  32. *
  33. * On startup, the servlet looks for the following
    34.  parameters:
  34. * flush - how much time to wait before flushing  sessions.
  35. * cookieTimeout - how much time a session  "lives".
  36. *domain - domain used for the cookie.
  37. *home - name of the Home html document you  want users to be directed too after an  initial log in.
  38. *loginFirst - full path/name of the initial  Login page served to the client when first accessing the site.
  39. *loginInvalid - full path/name of the login  page served if the userid/password is invalid.
  40. *authenticator - a Authenicator implementation.
  41. *
  42. * The login must do a POST from a forum/applet  with the following values:
  43. *UserId=<users id>
  44. * Password=<users password>
  45. * action="login"
  46. *
  47. *If a session is valid, the either FileServlet or  SSIncludeServlet is responsible for serving the
  48. * file to the user.
  49. *
  50. * Users are authorized via a abstract method  "isAuthorized" in the  Authenciator interface.
  51. *
  52. * @author Tony Squier
  53. * @version 1.8 97/02/10 13:29:25
  54. */
  57. public class SessionServlet extends HttpServlet  implements Runnable
  58. {
  59. /**
  60. * Servlets context
  61. */
  62. protected ServletContext context;
  64. /**
  65. * Helper servlets: File and SSInlcude
  66. */
  67. protected SSIncludeServlet ssIncludeServlet;
  68. protected FileServlet fileServlet;
  70. /**
  71. * Authenticator
  72. */
  73. private Authenticator auth;
  75. /**
  76. * Restricted domain
  77. */
  78. protected String domain;
  80. /**
  81. * Timeout for sessions
  82. */
  83. protected long sessionTimeout;
  84. protected Thread tid;
  85. protected Hashtable sessionCache;
  86. protected long flush;
  89. /**
  90. * Login Template Name
  91. */
  92. protected String homeHtml;
  94. protected String loginFirstHtml;
  95. protected String loginInvalidHtml;
  98. /**
  99. * Initialize the Servlet and set the html pages.
  100. * @param stub Arguments passed by the Servlet loader
  101. * @return void
  102. */
  103. public void init (ServletConfig config) throws  ServletException
  104. {
  105. super.init(config);
  107. context = config.getServletContext();
  108. ssIncludeServlet =  (SSIncludeServlet)context.getServlet (  "ssinclude");
  109. fileServlet = (FileServlet)context.getServlet (  "file");
  111. try
  112. {
  113. auth =  (Authenticator)Class.forName(  config.getInitParameter(  "auth")).newInstance();
  114. }
  115. catch (Exception e)
  116. {
  117. e.printStackTrace();
  118. }
  120. homeHtml = config.getInitParameter ("home");
  121. loginFirstHtml = config.getInitParameter (  "loginFirst");
  122. loginInvalidHtml =  config.getInitParameter ("loginInvalid");
  124. domain = config.getInitParameter ("domain");
  126. flush = Long.parseLong (  config.getInitParameter("flush"));
  127. sessionTimeout =  Long.parseLong (  config.getInitParameter("cookieTimeout"));
  128. sessionCache = new Hashtable();
  130. tid = new Thread(this);
  131. tid.setPriority (Thread.MIN_PRIORITY);
  132. tid.start();
  133. }
  135. /**
  136. * Main service routine for the Servlet. This  method is responsible for checking
  137. * the request and determining the appropriate  action: login or serve pages.
  138. *
  139. * Subclasses shouldn't override this method,  but rather override startSession,
  140. * endSession, and serviceRequest. If this  method is overridden, you must
  141. * invoke it from the extended method or  Session tracking may/may not occur
  142. * correctly
  143. * @param request The Servlet request.
  144. * @param response The Servlet response.
  145. * @return void.
  146. */
  147. public void service (HttpServletRequest request,  HttpServletResponse response) throws  ServletException, IOException
  148. {
  149. // Get the session associated with the request. If
  150. // none exists, session is set to null.
  151. Session session =   _validateSession (request);
  153. // Since we may be chained, we will
  154. // just send the cookie along its way for
  155. // other servlets to consume
  156. if ( session != null )
  157. {
  158. response.setHeader ("Cookie",  "SessionServlet="+session.getId());
  159. }
  161. // Determine what we are being asked to do  by looking
  162. // at the action field first.
  163. // If action is set, then check it, otherwise, simply
  164. // service the request via the serviceRequest method.
  165. String action;
  166. if ( (action=request.getParameter (  "action")) != null )
  167. {
  168. _performAction (action, session, request, response);
  169. }
  170. // No action value, so service the request by
  171. // calling serviceRequest method.
  172. else
  173. {
  174. if ( session != null )
  175. {
  176. serviceRequest (session, request, response);
  177. }
  178. else
  179. {
  180. response.sendRedirect (  "/servlet/SessionServlet?action=showLogin");
  181. }
  182. }
  183. }
  185. /**
  186. * Method called by the service routine if  a valid Session
  187. * exists and a request can be served.
  188. * @param session The session.
  189. * @param request The Original HttpServletRequest.
  190. * @param response The Original HttpServletResponse.
  191. * @throws IOException
  192. * @throws ServletException
  193. * @return void
  194. */
  195. protected void serviceRequest (  Session session, HttpServletRequest  request, HttpServletResponse response)  throws IOException, ServletException
  196. {
  197. /**
  198. * Set the Session's URI path so we know where  this session is going.
  199. * We only track .html and .shtml files
  200. */
  201. if ( context.getMimeType (  request.getRequestURI()).equals  ("text/html") ||
  202. context.getMimeType (request.getRequestURI()).equals ("java-internal/parsed-html") ||
  203. request.getRequestURI().endsWith ("/") )
  204. {
  205. session.setURI (request.getRequestURI());
  206. }
  207. response.setHeader ("Expires",  String.valueOf (session.getExpires()));
  208. if ( request.getRequestURI().lastIndexOf (  ".") == -1 && request.getRequestURI().endsWith (  "/") == false )
  209. {
  210. ((sun.server.http.HttpServiceRequest)request).setPathInfo  (request.getRequestURI()+"/");
  211. }
  212. else
  213. {
  214. ((sun.server.http.HttpServiceRequest)request).setPathInfo  (request.getRequestURI());
  215. }
  216. if ( context.getMimeType (  request.getRequestURI()).equals ("java-internal/parsed-html") )
  217. {
  218. ssIncludeServlet.service (request, response);
  219. }
  220. else
  221. {
  222. fileServlet.service (request, response);
  223. }
  224. }
  226. /**
  227. * Starts a new Session. A new Session is  started by first
  228. * creating a new Session instance, putting  it into the SessionCache
  229. * and setting the Cookie with the SessionId
  230. * @param userId The user Id.
  231. * @param password The Password.
  232. * @param response The HttpServletResponse  used for setting the Cookie
  233. * @throws IOException
  234. * @throws ServletException
  235. * @return Session Null if authentication failed
  236. */
  237. protected Session startSession (String userId,  String password, HttpServletResponse response)
  238. {
  239. Session session = null;
  240. if ( auth.isAuthorized (userId, password) )
  241. {
  242. // Create a session
  243. session = new Session (userId);
  244. session.setExpires (  sessionTimeout+System.currentTimeMillis());
  245. sessionCache.put (session.key(), session);
  247. // Create a client cookie
  248. Cookie c = new Cookie("SessionServlet", String.valueOf (session.getId()));
  249. c.setPath ("/");
  250. c.setMaxAge (-1);
  251. c.setDomain (domain);
  253. response.setHeader ("Set-Cookie", "SessionServlet=" +
  254. c.getValue() +
  255. "; Domain=" +
  256. c.getDomain() +
  257. "; Path=" + c.getPath());
  259. }
  260. return session;
  261. }
  263. /**
  264. * Method invoked to terminate a Session
  265. * @param session The Session to terminate
  266. * @return void
  267. */
  268. protected void endSession (Session session)
  269. {
  270. synchronized (sessionCache)
  271. {
  272. sessionCache.remove (session.key());
  273. }
  274. }
  277. /**
  278. * Default page servicing routine. A InputStream  contains the page that is
  279. * written to the Servlet's output stream.  Neither the in or out Streams
  280. * are closed when finished!
  281. * @param in Contents are read from.
  282. * @param out Contents are copied into
  283. * @return void
  284. * @throws IOException
  285. */
  286. protected void copyInToOut (BufferedInputStream in, BufferedOutputStream out) throws IOException
  287. {
  288. int length;
  289. byte data[] = new byte[8192];
  290. while ( (length=in.read(data)) != -1 )
  291. {
  292. out.write (data, 0, length);
  293. }
  294. }
  296. /**
  297. * Retrives and Validates Session
  298. * @param request HttpServletRequest
  299. * @return Session Session or null
  300. */
  301. private  Session _validateSession  (HttpServletRequest request)
  302. {
  303. Cookie c[] = Cookie.getCookies (request);
  304. Session session;
  305. if ( c != null && c.length == 1 )
  306. {
  307. String key = String.valueOf (c[0].getValue());
  308. session = (Session)sessionCache.get (key);
  309. }
  310. else
  311. {
  312. session = null;
  313. }
  314. return session;
  315. }
  317. /**
  318. * Convience method to handle posts which set  the action hidden field
  319. * This is the main routine the does most  of the work. See comments
  320. * in service method.
  321. * @param action The value of action
  322. * @param session The session.
  323. * @param request The HttpServletRequest.
  324. * @param response The HttpServletResponse.
  325. * @return void
  326. * @throws IOException
  327. * @throws ServletException
  328. */
  329. private void _performAction (  String action, Session session,  HttpServletRequest request, HttpServletResponse  response) throws IOException, ServletException
  330. {
  331. response.setHeader ("Pragma",  "no-cache");
  333. // Invoke startSession method.
  334. if ( action.equals ("login") )
  335. {
  336. // Start a new Session and redirect to  client's original destination if
  337. // true is returned.
  338. Session s;
  339. if ( (s=startSession (request.getParameter ("UserId"), request.getParameter (  "Password"), response))!= null )
  340. {
  341. response.sendRedirect (homeHtml);
  342. }
  343. // Authenticator failed, so return the client  the showInvalid page.
  344. else
  345. {
  346. response.setContentType ("text/html");
  347. response.sendRedirect (  "/servlet/SessionServlet?action=  showInvalid");
  348. }
  349. }
  350. // Remove session, if one exists, from session cache.
  351. // Send the client back to the loginFirstHtml page.
  352. else if ( action.equals ("logout") )
  353. {
  354. if ( session != null )
  355. {
  356. endSession (session);
  357. }
  358. response.sendRedirect (  "/servlet/SessionServlet?action=showLogin");
  359. }
  360. // If show request, determine which page
  361. // and show it. We only allow this if the
  362. // user isn't logged into the SessionServlet.
  363. else if ( action.startsWith ("show") )
  364. {
  365. if ( session == null )
  366. {
  367. String page;
  368. if ( action.equals ("showInvalid") )
  369. {
  370. page = loginInvalidHtml;
  371. }
  372. else
  373. {
  374. page = loginFirstHtml;
  375. }
  377. // If we are not logged in, i.e. no Session, then
  378. // show the login page. Otherwise, if a valid  Session exists,
  379. // we don't want to un-necessarly show the  login page, so
  380. // re-send back to the homeHtml page. This way  we don't
  381. // get multiple Sessions for a single client because
  382. // they continually logged in multiple times.
  383. //
  384. // This is the only time we explictly serve  up a file, so
  385. // we write to the output stream for the  response and
  386. // close it when we are done.
  387. BufferedInputStream inputStream =  new BufferedInputStream (new FileInputStream (page));
  388. response.setContentType ("text/html");
  389. copyInToOut (inputStream,  new BufferedOutputStream  (response.getOutputStream()));
  390. response.getOutputStream().flush();
  391. response.getOutputStream().close();
  392. inputStream.close();
  393. }
  394. else
  395. {
  396. response.sendRedirect (homeHtml);
  397. }
  398. }
  399. // Show the currently cached sessions
  400. else if ( action.equals ("cache-peek") )
  401. {
  402. PrintStream print =  new PrintStream (response.getOutputStream());
  403. Thread.currentThread().setPriority (  Thread.MIN_PRIORITY);
  404. Enumeration sessions;
  405. synchronized (sessionCache)
  406. {
  407. sessions = sessionCache.elements();
  408. }
  409. while ( sessions.hasMoreElements() )
  410. {
  411. Session s = (Session)sessions.nextElement();
  412. print.println (s.getId()+":"+s.getURI());
  413. Thread.yield();
  414. }
  415. print.flush();
  416. sessions = null;
  417. }
  418. // Otherwise, no valid action value is set, so
  419. // send them to the login page.
  420. else
  421. {
  422. response.sendRedirect (  "/servlet/SessionServlet?action=showLogin");
  423. }
  424. }
  426. /**
  427. * Expires sessions
  428. * @return void
  429. */
  430. public void run()
  431. {
  432. while ( true )
  433. {
  434. try
  435. {
  436. Thread.sleep (flush);
  437. Enumeration sessions;
  438. Session s;
  439. long expire;
  440. expire = System.currentTimeMillis();
  442. synchronized (sessionCache)
  443. {
  444. sessions = sessionCache.elements();
  445. }
  446. while ( sessions.hasMoreElements() )
  447. {
  448. s = (Session)sessions.nextElement();
  449. if ( expire >= s.getExpires() )
  450. {
  451. synchronized (sessionCache)
  452. {
  453. sessionCache.remove (s.key());
  454. }
  455. }
  456. }
  457. }
  458. catch (Exception e)
  459. {
  460. return;
  461. }
  462. }
  463. }
  465. }
 


About Sun  |  About This Site  |  Newsletters  |  Contact Us  |  Employment
How to Buy  |  Licensing  |  Terms of Use  |  Privacy  |  Trademarks
 

 
Copyright Sun Microsystems, Inc.
A Sun Developer Network Site

Unless otherwise licensed, code in all technical manuals herein (including articles, FAQs, samples) is provided under this License.
 
XML Sun Developer RSS Feeds