/*
* Licensed to the Apache Software Foundation (ASF) under one or more
* contributor license agreements. See the NOTICE file distributed with
* this work for additional information regarding copyright ownership.
* The ASF licenses this file to You under the Apache License, Version 2.0
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.apache.catalina.manager.util;
import java.lang.reflect.Method;
import java.security.Principal;
import java.util.ArrayList;
import java.util.Enumeration;
import java.util.List;
import java.util.Locale;
import javax.security.auth.Subject;
import javax.servlet.http.HttpSession;
import org.apache.catalina.Session;
/**
* Utility methods on HttpSessions...
* @author Cédrik LIME
*/
public class SessionUtils {
/**
*
*/
private SessionUtils() {
super();
}
/**
* The session attributes key under which the user's selected
* <code>java.util.Locale</code> is stored, if any.
*/
// org.apache.struts.Globals.LOCALE_KEY
private static final String STRUTS_LOCALE_KEY = "org.apache.struts.action.LOCALE";//$NON-NLS-1$
// javax.servlet.jsp.jstl.core.Config.FMT_LOCALE
private static final String JSTL_LOCALE_KEY = "javax.servlet.jsp.jstl.fmt.locale";//$NON-NLS-1$
// org.springframework.web.servlet.i18n.SessionLocaleResolver.LOCALE_SESSION_ATTRIBUTE_NAME
private static final String SPRING_LOCALE_KEY = "org.springframework.web.servlet.i18n.SessionLocaleResolver.LOCALE";//$NON-NLS-1$
/**
* Lower and upper-case strings will be dynamically generated. Put mid-capitalised strings here!
*/
private static final String[] LOCALE_TEST_ATTRIBUTES = new String[] {
STRUTS_LOCALE_KEY, SPRING_LOCALE_KEY, JSTL_LOCALE_KEY, "Locale", "java.util.Locale" };
/**
* For efficient operation, list the attributes here with the typically used
* capitalisation. This will be tried first and then the auto-generated
* upper and lower case versions will be tried.
*/
private static final String[] USER_TEST_ATTRIBUTES = new String[] {
"Login", "User", "userName", "UserName", "Utilisateur",
"SPRING_SECURITY_LAST_USERNAME"};
/**
* Try to get user locale from the session, if possible.
* IMPLEMENTATION NOTE: this method has explicit support for Tapestry 3, Struts 1.x and Spring
* JSF check the browser meta tag "accept languages" to choose what langage to display.
* @param in_session
* @return String
*/
public static Locale guessLocaleFromSession(final Session in_session) {
return guessLocaleFromSession(in_session.getSession());
}
public static Locale guessLocaleFromSession(final HttpSession in_session) {
if (null == in_session) {
return null;
}
try {
Locale locale = null;
// First search "known locations"
for (int i = 0; i < LOCALE_TEST_ATTRIBUTES.length; ++i) {
Object obj = in_session.getAttribute(LOCALE_TEST_ATTRIBUTES[i]);
if (null != obj && obj instanceof Locale) {
locale = (Locale) obj;
break;
}
obj = in_session.getAttribute(LOCALE_TEST_ATTRIBUTES[i].toLowerCase());
if (null != obj && obj instanceof Locale) {
locale = (Locale) obj;
break;
}
obj = in_session.getAttribute(LOCALE_TEST_ATTRIBUTES[i].toUpperCase());
if (null != obj && obj instanceof Locale) {
locale = (Locale) obj;
break;
}
}
if (null != locale) {
return locale;
}
// Tapestry 3.0: Engine stored in session under "org.apache.tapestry.engine:" + config.getServletName()
// TODO: Tapestry 4+
{
final List tapestryArray = new ArrayList();
for (Enumeration enumeration = in_session.getAttributeNames(); enumeration.hasMoreElements();) {
String name = (String) enumeration.nextElement();
if (name.indexOf("tapestry") > -1 && name.indexOf("engine") > -1 && null != in_session.getAttribute(name)) {//$NON-NLS-1$ //$NON-NLS-2$
tapestryArray.add(in_session.getAttribute(name));
}
}
if (tapestryArray.size() == 1) {
// found a potential Engine! Let's call getLocale() on it.
Object probableEngine = tapestryArray.get(0);
if (null != probableEngine) {
try {
Method readMethod = probableEngine.getClass().getMethod("getLocale", (Class[])null);//$NON-NLS-1$
if (null != readMethod) {
// Call the property getter and return the value
Object possibleLocale = readMethod.invoke(probableEngine, (Object[])null);
if (null != possibleLocale && possibleLocale instanceof Locale) {
locale = (Locale) possibleLocale;
}
}
} catch (Exception e) {
// stay silent
}
}
}
}
if (null != locale) {
return locale;
}
// Last guess: iterate over all attributes, to find a Locale
// If there is only one, consider it to be /the/ locale
{
final List localeArray = new ArrayList();
for (Enumeration enumeration = in_session.getAttributeNames(); enumeration.hasMoreElements();) {
String name = (String) enumeration.nextElement();
Object obj = in_session.getAttribute(name);
if (null != obj && obj instanceof Locale) {
localeArray.add(obj);
}
}
if (localeArray.size() == 1) {
locale = (Locale) localeArray.get(0);
}
}
return locale;
} catch (IllegalStateException ise) {
//ignore: invalidated session
return null;
}
}
/**
* Try to get user from the session, if possible.
* @param in_session
* @return Object
*/
public static Object guessUserFromSession(final Session in_session) {
if (null == in_session) {
return null;
}
if (in_session.getPrincipal() != null) {
return in_session.getPrincipal().getName();
}
HttpSession httpSession = in_session.getSession();
try {
Object user = null;
// First search "known locations"
for (int i = 0; i < USER_TEST_ATTRIBUTES.length; ++i) {
Object obj = httpSession.getAttribute(USER_TEST_ATTRIBUTES[i]);
if (null != obj) {
user = obj;
break;
}
obj = httpSession.getAttribute(USER_TEST_ATTRIBUTES[i].toLowerCase());
if (null != obj) {
user = obj;
break;
}
obj = httpSession.getAttribute(USER_TEST_ATTRIBUTES[i].toUpperCase());
if (null != obj) {
user = obj;
break;
}
}
if (null != user) {
return user;
}
// Last guess: iterate over all attributes, to find a java.security.Principal or javax.security.auth.Subject
// If there is only one, consider it to be /the/ user
{
final List principalArray = new ArrayList();
for (Enumeration enumeration = httpSession.getAttributeNames(); enumeration.hasMoreElements();) {
String name = (String) enumeration.nextElement();
Object obj = httpSession.getAttribute(name);
if (null != obj && (obj instanceof Principal || obj instanceof Subject)) {
principalArray.add(obj);
}
// This workaround for JDK 1.3 compatibility. For JDK 1.4+, use previous (commented) instanceof.
// try {
// Class subjectClass = Class.forName("javax.security.auth.Subject", true, Thread.currentThread().getContextClassLoader());
// if (subjectClass.isInstance(obj)) {
// principalArray.add(obj);
// }
// } catch (ClassNotFoundException cnfe) {
// // This is JDK 1.3: javax.security.auth.Subject does not exist; do nothing
// }
}
if (principalArray.size() == 1) {
user = principalArray.get(0);
}
}
if (null != user) {
return user;
}
return user;
} catch (IllegalStateException ise) {
//ignore: invalidated session
return null;
}
}
public static long getUsedTimeForSession(Session in_session) {
try {
long diffMilliSeconds = in_session.getLastAccessedTime() - in_session.getCreationTime();
return diffMilliSeconds;
} catch (IllegalStateException ise) {
//ignore: invalidated session
return -1;
}
}
public static long getTTLForSession(Session in_session) {
try {
long diffMilliSeconds = (1000*in_session.getMaxInactiveInterval()) - (System.currentTimeMillis() - in_session.getLastAccessedTime());
return diffMilliSeconds;
} catch (IllegalStateException ise) {
//ignore: invalidated session
return -1;
}
}
public static long getInactiveTimeForSession(Session in_session) {
try {
long diffMilliSeconds = System.currentTimeMillis() - in_session.getLastAccessedTime();
return diffMilliSeconds;
} catch (IllegalStateException ise) {
//ignore: invalidated session
return -1;
}
}
}