public static final String UIDL_SECURITY_HEADER = "com.itmill.seckey";
+ public static final String PARAM_UNLOADBURST = "onunloadburst";
+
private static String uidl_security_key = "init";
private final HashMap<String, String> resourcesMap = new HashMap<String, String>();
// Synchronized call, discarded response
syncSendForce(((HTTPRequestImpl) GWT.create(HTTPRequestImpl.class))
- .createXmlHTTPRequest(), uri, requestData);
+ .createXmlHTTPRequest(), uri + "&" + PARAM_UNLOADBURST
+ + "=1", requestData);
}
}
}
private void endRequest() {
- checkForPendingVariableBursts();
+ if (applicationRunning) {
+ checkForPendingVariableBursts();
+ }
activeRequests--;
// deferring to avoid flickering
DeferredCommand.addCommand(new Command() {
* windows - normally sendPendingVariableChanges() should be used.
*/
public void sendPendingVariableChangesSync() {
- pendingVariableBursts.add(pendingVariables);
- Vector<String> nextBurst = pendingVariableBursts.firstElement();
- pendingVariableBursts.remove(0);
- buildAndSendVariableBurst(nextBurst, true);
+ if (applicationRunning) {
+ pendingVariableBursts.add(pendingVariables);
+ Vector<String> nextBurst = pendingVariableBursts.firstElement();
+ pendingVariableBursts.remove(0);
+ buildAndSendVariableBurst(nextBurst, true);
+ }
}
// Redirect browser, null reloads current page
import com.itmill.toolkit.terminal.Terminal;
import com.itmill.toolkit.terminal.ThemeResource;
import com.itmill.toolkit.terminal.URIHandler;
+import com.itmill.toolkit.terminal.gwt.client.ApplicationConnection;
import com.itmill.toolkit.ui.Window;
/**
// TODO This is session specific not servlet wide data. No need to store
// this here, move it to Session from where it can be queried when required
- protected static HashMap applicationToAjaxAppMgrMap = new HashMap();
+ protected static HashMap<Application, CommunicationManager> applicationToAjaxAppMgrMap = new HashMap<Application, CommunicationManager>();
private static final String RESOURCE_URI = "/RES/";
} catch (final SessionExpired e) {
// Session has expired, notify user
try {
- Application.SystemMessages ci = getSystemMessages();
- if (!UIDLrequest) {
- // 'plain' http req - e.g. browser reload;
- // just go ahead redirect the browser
- response.sendRedirect(ci.getSessionExpiredURL());
- } else {
- // send uidl redirect
- criticalNotification(request, response, ci
- .getSessionExpiredCaption(), ci
- .getSessionExpiredMessage(), ci
- .getSessionExpiredURL());
- // Invalidate session (weird to have session if we're saying
- // that it's expired, and worse: portal integration will
- // fail since the session is not created by the portal.
- request.getSession().invalidate();
+ if (!isOnUnloadRequest(request)) {
+ Application.SystemMessages ci = getSystemMessages();
+ if (!UIDLrequest) {
+ // 'plain' http req - e.g. browser reload;
+ // just go ahead redirect the browser
+ response.sendRedirect(ci.getSessionExpiredURL());
+ } else {
+ // send uidl redirect
+ criticalNotification(request, response, ci
+ .getSessionExpiredCaption(), ci
+ .getSessionExpiredMessage(), ci
+ .getSessionExpiredURL());
+ // Invalidate session (weird to have session if we're
+ // saying
+ // that it's expired, and worse: portal integration will
+ // fail since the session is not created by the portal.
+ request.getSession().invalidate();
+ }
}
} catch (SystemMessageException ee) {
throw new ServletException(ee);
}
} catch (final GeneralSecurityException e) {
- // TODO handle differently?
- // Invalid security key, show session expired message for now.
- try {
- Application.SystemMessages ci = getSystemMessages();
- if (!UIDLrequest) {
- // 'plain' http req - e.g. browser reload;
- // just go ahead redirect the browser
- response.sendRedirect(ci.getSessionExpiredURL());
- } else {
- // send uidl redirect
- criticalNotification(request, response, ci
- .getSessionExpiredCaption(), ci
- .getSessionExpiredMessage(), ci
- .getSessionExpiredURL());
+ if (!isOnUnloadRequest(request)) {
+ // TODO handle differently?
+ // Invalid security key, show session expired message for now.
+ try {
+ Application.SystemMessages ci = getSystemMessages();
+ if (!UIDLrequest) {
+ // 'plain' http req - e.g. browser reload;
+ // just go ahead redirect the browser
+ response.sendRedirect(ci.getSessionExpiredURL());
+ } else {
+ // send uidl redirect
+ criticalNotification(request, response, ci
+ .getSessionExpiredCaption(), ci
+ .getSessionExpiredMessage(), ci
+ .getSessionExpiredURL());
+ }
+ request.getSession().invalidate();
+ } catch (SystemMessageException ee) {
+ throw new ServletException(ee);
}
- request.getSession().invalidate();
- } catch (SystemMessageException ee) {
- throw new ServletException(ee);
}
-
} catch (final Throwable e) {
// if this was an UIDL request, response UIDL back to client
if (UIDLrequest) {
}
}
+ private boolean isOnUnloadRequest(HttpServletRequest request) {
+ return request.getParameter(ApplicationConnection.PARAM_UNLOADBURST) != null;
+ }
+
/** Get system messages from the current application class */
private SystemMessages getSystemMessages() {
try {
* @return CommunicationManager
*/
private CommunicationManager getApplicationManager(Application application) {
- CommunicationManager mgr = (CommunicationManager) applicationToAjaxAppMgrMap
- .get(application);
+ CommunicationManager mgr = applicationToAjaxAppMgrMap.get(application);
if (mgr == null) {
// Creates new manager
// Manage bursts one by one
final String[] bursts = changes.split(VAR_BURST_SEPARATOR);
- // Security: double cookie submission pattern
- boolean nocheck = "true".equals(application2
- .getProperty("disable-xsrf-protection"));
- if (bursts.length == 1 && "init".equals(bursts[0])) {
- // initial request, no variable changes: send key
- String seckey = (String) request.getSession().getAttribute(
- ApplicationConnection.UIDL_SECURITY_HEADER);
- if (seckey == null) {
- seckey = "" + (int) (Math.random() * 1000000);
- }
- /*
- * Cookie c = new Cookie(
- * ApplicationConnection.UIDL_SECURITY_COOKIE_NAME, uuid);
- * response.addCookie(c);
- */
- response.setHeader(ApplicationConnection.UIDL_SECURITY_HEADER,
- seckey);
- request.getSession().setAttribute(
- ApplicationConnection.UIDL_SECURITY_HEADER, seckey);
- return true;
- } else if (!nocheck) {
- // check the key
- String sessId = (String) request.getSession().getAttribute(
- ApplicationConnection.UIDL_SECURITY_HEADER);
- if (sessId == null || !sessId.equals(bursts[0])) {
- throw new InvalidUIDLSecurityKeyException(
- "Security key mismatch");
+ // Security: double cookie submission pattern unless disabled by
+ // property
+ if (!"true".equals(application2
+ .getProperty("disable-xsrf-protection"))) {
+ if (bursts.length == 1 && "init".equals(bursts[0])) {
+ // initial request, no variable changes: send key
+ String seckey = (String) request.getSession().getAttribute(
+ ApplicationConnection.UIDL_SECURITY_HEADER);
+ if (seckey == null) {
+ seckey = "" + (int) (Math.random() * 1000000);
+ }
+ /*
+ * Cookie c = new Cookie(
+ * ApplicationConnection.UIDL_SECURITY_COOKIE_NAME, uuid);
+ * response.addCookie(c);
+ */
+ response.setHeader(
+ ApplicationConnection.UIDL_SECURITY_HEADER, seckey);
+ request.getSession().setAttribute(
+ ApplicationConnection.UIDL_SECURITY_HEADER, seckey);
+ return true;
+ } else {
+ // check the key
+ String sessId = (String) request.getSession().getAttribute(
+ ApplicationConnection.UIDL_SECURITY_HEADER);
+ if (sessId == null || !sessId.equals(bursts[0])) {
+ throw new InvalidUIDLSecurityKeyException(
+ "Security key mismatch");
+ }
}
-
}
for (int bi = 1; bi < bursts.length; bi++) {
projects / vaadin-framework.git / commitdiff