mirrors
/
jgit
mirror of https://github.com/eclipse/jgit.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 204 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
8342 Commits
49 Branches
Tree: 1aa3cf7f41
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '1aa3cf7f41'
${ noResults }
jgit/org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/internal/transport/sshd/JGitClientSession.java

JGitClientSession.java 17KB
Raw Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569 
  1. /*

  2.  * Copyright (C) 2018, 2019 Thomas Wolf <thomas.wolf@paranor.ch> and others

  3.  *

  4.  * This program and the accompanying materials are made available under the

  5.  * terms of the Eclipse Distribution License v. 1.0 which is available at

  6.  * https://www.eclipse.org/org/documents/edl-v10.php.

  7.  *

  8.  * SPDX-License-Identifier: BSD-3-Clause

  9.  */

  10. package org.eclipse.jgit.internal.transport.sshd;

  11. 

  12. import static java.text.MessageFormat.format;

  13. import static org.apache.sshd.core.CoreModuleProperties.MAX_IDENTIFICATION_SIZE;

  14. 

  15. import java.io.IOException;

  16. import java.io.StreamCorruptedException;

  17. import java.net.SocketAddress;

  18. import java.nio.charset.StandardCharsets;

  19. import java.security.GeneralSecurityException;

  20. import java.security.PublicKey;

  21. import java.util.ArrayList;

  22. import java.util.Collection;

  23. import java.util.Collections;

  24. import java.util.HashSet;

  25. import java.util.Iterator;

  26. import java.util.LinkedHashSet;

  27. import java.util.List;

  28. import java.util.Map;

  29. import java.util.Objects;

  30. import java.util.Set;

  31. 

  32. import org.apache.sshd.client.ClientFactoryManager;

  33. import org.apache.sshd.client.config.hosts.HostConfigEntry;

  34. import org.apache.sshd.client.keyverifier.ServerKeyVerifier;

  35. import org.apache.sshd.client.session.ClientSessionImpl;

  36. import org.apache.sshd.common.AttributeRepository;

  37. import org.apache.sshd.common.FactoryManager;

  38. import org.apache.sshd.common.PropertyResolver;

  39. import org.apache.sshd.common.config.keys.KeyUtils;

  40. import org.apache.sshd.common.io.IoSession;

  41. import org.apache.sshd.common.io.IoWriteFuture;

  42. import org.apache.sshd.common.util.Readable;

  43. import org.apache.sshd.common.util.buffer.Buffer;

  44. import org.eclipse.jgit.errors.InvalidPatternException;

  45. import org.eclipse.jgit.fnmatch.FileNameMatcher;

  46. import org.eclipse.jgit.internal.transport.sshd.proxy.StatefulProxyConnector;

  47. import org.eclipse.jgit.transport.CredentialsProvider;

  48. import org.eclipse.jgit.transport.SshConstants;

  49. import org.eclipse.jgit.util.StringUtils;

  50. 

  51. /**

  52.  * A {@link org.apache.sshd.client.session.ClientSession ClientSession} that can

  53.  * be associated with the {@link HostConfigEntry} the session was created for.

  54.  * The {@link JGitSshClient} creates such sessions and sets this association.

  55.  * <p>

  56.  * Also provides for associating a JGit {@link CredentialsProvider} with a

  57.  * session.

  58.  * </p>

  59.  */

  60. public class JGitClientSession extends ClientSessionImpl {

  61. 

  62. 	/**

  63. 	 * Default setting for the maximum number of bytes to read in the initial

  64. 	 * protocol version exchange. 64kb is what OpenSSH < 8.0 read; OpenSSH 8.0

  65. 	 * changed it to 8Mb, but that seems excessive for the purpose stated in RFC

  66. 	 * 4253. The Apache MINA sshd default in

  67. 	 * {@link org.apache.sshd.core.CoreModuleProperties#MAX_IDENTIFICATION_SIZE}

  68. 	 * is 16kb.

  69. 	 */

  70. 	private static final int DEFAULT_MAX_IDENTIFICATION_SIZE = 64 * 1024;

  71. 

  72. 	private HostConfigEntry hostConfig;

  73. 

  74. 	private CredentialsProvider credentialsProvider;

  75. 

  76. 	private volatile StatefulProxyConnector proxyHandler;

  77. 

  78. 	/**

  79. 	 * @param manager

  80. 	 * @param session

  81. 	 * @throws Exception

  82. 	 */

  83. 	public JGitClientSession(ClientFactoryManager manager, IoSession session)

  84. 			throws Exception {

  85. 		super(manager, session);

  86. 	}

  87. 

  88. 	/**

  89. 	 * Retrieves the {@link HostConfigEntry} this session was created for.

  90. 	 *

  91. 	 * @return the {@link HostConfigEntry}, or {@code null} if none set

  92. 	 */

  93. 	public HostConfigEntry getHostConfigEntry() {

  94. 		return hostConfig;

  95. 	}

  96. 

  97. 	/**

  98. 	 * Sets the {@link HostConfigEntry} this session was created for.

  99. 	 *

  100. 	 * @param hostConfig

  101. 	 *            the {@link HostConfigEntry}

  102. 	 */

  103. 	public void setHostConfigEntry(HostConfigEntry hostConfig) {

  104. 		this.hostConfig = hostConfig;

  105. 	}

  106. 

  107. 	/**

  108. 	 * Sets the {@link CredentialsProvider} for this session.

  109. 	 *

  110. 	 * @param provider

  111. 	 *            to set

  112. 	 */

  113. 	public void setCredentialsProvider(CredentialsProvider provider) {

  114. 		credentialsProvider = provider;

  115. 	}

  116. 

  117. 	/**

  118. 	 * Retrieves the {@link CredentialsProvider} set for this session.

  119. 	 *

  120. 	 * @return the provider, or {@code null} if none is set.

  121. 	 */

  122. 	public CredentialsProvider getCredentialsProvider() {

  123. 		return credentialsProvider;

  124. 	}

  125. 

  126. 	/**

  127. 	 * Sets a {@link StatefulProxyConnector} to handle proxy connection

  128. 	 * protocols.

  129. 	 *

  130. 	 * @param handler

  131. 	 *            to set

  132. 	 */

  133. 	public void setProxyHandler(StatefulProxyConnector handler) {

  134. 		proxyHandler = handler;

  135. 	}

  136. 

  137. 	@Override

  138. 	protected IoWriteFuture sendIdentification(String ident)

  139. 			throws IOException {

  140. 		StatefulProxyConnector proxy = proxyHandler;

  141. 		if (proxy != null) {

  142. 			try {

  143. 				// We must not block here; the framework starts reading messages

  144. 				// from the peer only once the initial sendKexInit() following

  145. 				// this call to sendIdentification() has returned!

  146. 				proxy.runWhenDone(() -> {

  147. 					JGitClientSession.super.sendIdentification(ident);

  148. 					return null;

  149. 				});

  150. 				// Called only from the ClientSessionImpl constructor, where the

  151. 				// return value is ignored.

  152. 				return null;

  153. 			} catch (IOException e) {

  154. 				throw e;

  155. 			} catch (Exception other) {

  156. 				throw new IOException(other.getLocalizedMessage(), other);

  157. 			}

  158. 		}

  159. 		return super.sendIdentification(ident);

  160. 	}

  161. 

  162. 	@Override

  163. 	protected byte[] sendKexInit()

  164. 			throws IOException, GeneralSecurityException {

  165. 		StatefulProxyConnector proxy = proxyHandler;

  166. 		if (proxy != null) {

  167. 			try {

  168. 				// We must not block here; the framework starts reading messages

  169. 				// from the peer only once the initial sendKexInit() has

  170. 				// returned!

  171. 				proxy.runWhenDone(() -> {

  172. 					JGitClientSession.super.sendKexInit();

  173. 					return null;

  174. 				});

  175. 				// This is called only from the ClientSessionImpl

  176. 				// constructor, where the return value is ignored.

  177. 				return null;

  178. 			} catch (IOException | GeneralSecurityException e) {

  179. 				throw e;

  180. 			} catch (Exception other) {

  181. 				throw new IOException(other.getLocalizedMessage(), other);

  182. 			}

  183. 		}

  184. 		return super.sendKexInit();

  185. 	}

  186. 

  187. 	/**

  188. 	 * {@inheritDoc}

  189. 	 *

  190. 	 * As long as we're still setting up the proxy connection, diverts messages

  191. 	 * to the {@link StatefulProxyConnector}.

  192. 	 */

  193. 	@Override

  194. 	public void messageReceived(Readable buffer) throws Exception {

  195. 		StatefulProxyConnector proxy = proxyHandler;

  196. 		if (proxy != null) {

  197. 			proxy.messageReceived(getIoSession(), buffer);

  198. 		} else {

  199. 			super.messageReceived(buffer);

  200. 		}

  201. 	}

  202. 

  203. 	@Override

  204. 	protected String resolveAvailableSignaturesProposal(

  205. 			FactoryManager manager) {

  206. 		List<String> defaultSignatures = getSignatureFactoriesNames();

  207. 		HostConfigEntry config = resolveAttribute(

  208. 				JGitSshClient.HOST_CONFIG_ENTRY);

  209. 		String algorithms = config

  210. 				.getProperty(SshConstants.HOST_KEY_ALGORITHMS);

  211. 		if (!StringUtils.isEmptyOrNull(algorithms)) {

  212. 			List<String> result = modifyAlgorithmList(defaultSignatures,

  213. 					algorithms, SshConstants.HOST_KEY_ALGORITHMS);

  214. 			if (!result.isEmpty()) {

  215. 				if (log.isDebugEnabled()) {

  216. 					log.debug(SshConstants.HOST_KEY_ALGORITHMS + ' ' + result);

  217. 				}

  218. 				return String.join(",", result); //$NON-NLS-1$

  219. 			}

  220. 			log.warn(format(SshdText.get().configNoKnownAlgorithms,

  221. 					SshConstants.HOST_KEY_ALGORITHMS,

  222. 					algorithms));

  223. 		}

  224. 		// No HostKeyAlgorithms; using default -- change order to put existing

  225. 		// keys first.

  226. 		ServerKeyVerifier verifier = getServerKeyVerifier();

  227. 		if (verifier instanceof ServerKeyLookup) {

  228. 			SocketAddress remoteAddress = resolvePeerAddress(

  229. 					resolveAttribute(JGitSshClient.ORIGINAL_REMOTE_ADDRESS));

  230. 			List<PublicKey> allKnownKeys = ((ServerKeyLookup) verifier)

  231. 					.lookup(this, remoteAddress);

  232. 			Set<String> reordered = new LinkedHashSet<>();

  233. 			for (PublicKey key : allKnownKeys) {

  234. 				if (key != null) {

  235. 					String keyType = KeyUtils.getKeyType(key);

  236. 					if (keyType != null) {

  237. 						reordered.add(keyType);

  238. 					}

  239. 				}

  240. 			}

  241. 			reordered.addAll(defaultSignatures);

  242. 			if (log.isDebugEnabled()) {

  243. 				log.debug(SshConstants.HOST_KEY_ALGORITHMS + ' ' + reordered);

  244. 			}

  245. 			return String.join(",", reordered); //$NON-NLS-1$

  246. 		}

  247. 		if (log.isDebugEnabled()) {

  248. 			log.debug(

  249. 					SshConstants.HOST_KEY_ALGORITHMS + ' ' + defaultSignatures);

  250. 		}

  251. 		return String.join(",", defaultSignatures); //$NON-NLS-1$

  252. 	}

  253. 

  254. 	/**

  255. 	 * Modifies a given algorithm list according to a list from the ssh config,

  256. 	 * including remove ('-') and reordering ('^') operators. Addition ('+') is

  257. 	 * not handled since we have no way of adding dynamically implementations,

  258. 	 * and the defaultList is supposed to contain all known implementations

  259. 	 * already.

  260. 	 *

  261. 	 * @param defaultList

  262. 	 *            to modify

  263. 	 * @param fromConfig

  264. 	 *            telling how to modify the {@code defaultList}, must not be

  265. 	 *            {@code null} or empty

  266. 	 * @param overrideKey

  267. 	 *            ssh config key; used for logging

  268. 	 * @return the modified list or {@code null} if {@code overrideKey} is not

  269. 	 *         set

  270. 	 */

  271. 	public List<String> modifyAlgorithmList(List<String> defaultList,

  272. 			String fromConfig, String overrideKey) {

  273. 		Set<String> defaults = new LinkedHashSet<>();

  274. 		defaults.addAll(defaultList);

  275. 		switch (fromConfig.charAt(0)) {

  276. 		case '+':

  277. 			// Additions make not much sense -- it's either in

  278. 			// defaultList already, or we have no implementation for

  279. 			// it. No point in proposing it.

  280. 			return defaultList;

  281. 		case '-':

  282. 			// This takes wildcard patterns!

  283. 			removeFromList(defaults, overrideKey, fromConfig.substring(1));

  284. 			return new ArrayList<>(defaults);

  285. 		case '^':

  286. 			// Specified entries go to the front of the default list

  287. 			List<String> allSignatures = filteredList(defaults,

  288. 					fromConfig.substring(1));

  289. 			Set<String> atFront = new HashSet<>(allSignatures);

  290. 			for (String sig : defaults) {

  291. 				if (!atFront.contains(sig)) {

  292. 					allSignatures.add(sig);

  293. 				}

  294. 			}

  295. 			return allSignatures;

  296. 		default:

  297. 			// Default is overridden -- only accept the ones for which we do

  298. 			// have an implementation.

  299. 			return filteredList(defaults, fromConfig);

  300. 		}

  301. 	}

  302. 

  303. 	private void removeFromList(Set<String> current, String key,

  304. 			String patterns) {

  305. 		for (String toRemove : patterns.split("\\s*,\\s*")) { //$NON-NLS-1$

  306. 			if (toRemove.indexOf('*') < 0 && toRemove.indexOf('?') < 0) {

  307. 				current.remove(toRemove);

  308. 				continue;

  309. 			}

  310. 			try {

  311. 				FileNameMatcher matcher = new FileNameMatcher(toRemove, null);

  312. 				for (Iterator<String> i = current.iterator(); i.hasNext();) {

  313. 					matcher.reset();

  314. 					matcher.append(i.next());

  315. 					if (matcher.isMatch()) {

  316. 						i.remove();

  317. 					}

  318. 				}

  319. 			} catch (InvalidPatternException e) {

  320. 				log.warn(format(SshdText.get().configInvalidPattern, key,

  321. 						toRemove));

  322. 			}

  323. 		}

  324. 	}

  325. 

  326. 	private List<String> filteredList(Set<String> known, String values) {

  327. 		List<String> newNames = new ArrayList<>();

  328. 		for (String newValue : values.split("\\s*,\\s*")) { //$NON-NLS-1$

  329. 			if (known.contains(newValue)) {

  330. 				newNames.add(newValue);

  331. 			}

  332. 		}

  333. 		return newNames;

  334. 	}

  335. 

  336. 	/**

  337. 	 * Reads the RFC 4253, section 4.2 protocol version identification. The

  338. 	 * Apache MINA sshd default implementation checks for NUL bytes also in any

  339. 	 * preceding lines, whereas RFC 4253 requires such a check only for the

  340. 	 * actual identification string starting with "SSH-". Likewise, the 255

  341. 	 * character limit exists only for the identification string, not for the

  342. 	 * preceding lines. CR-LF handling is also relaxed.

  343. 	 *

  344. 	 * @param buffer

  345. 	 *            to read from

  346. 	 * @param server

  347. 	 *            whether we're an SSH server (should always be {@code false})

  348. 	 * @return the lines read, with the server identification line last, or

  349. 	 *         {@code null} if no identification line was found and more bytes

  350. 	 *         are needed

  351. 	 * @throws StreamCorruptedException

  352. 	 *             if the identification is malformed

  353. 	 * @see <a href="https://tools.ietf.org/html/rfc4253#section-4.2">RFC 4253,

  354. 	 *      section 4.2</a>

  355. 	 */

  356. 	@Override

  357. 	protected List<String> doReadIdentification(Buffer buffer, boolean server)

  358. 			throws StreamCorruptedException {

  359. 		if (server) {

  360. 			// Should never happen. No translation; internal bug.

  361. 			throw new IllegalStateException(

  362. 					"doReadIdentification of client called with server=true"); //$NON-NLS-1$

  363. 		}

  364. 		Integer maxIdentLength = MAX_IDENTIFICATION_SIZE.get(this).orElse(null);

  365. 		int maxIdentSize;

  366. 		if (maxIdentLength == null || maxIdentLength

  367. 				.intValue() < DEFAULT_MAX_IDENTIFICATION_SIZE) {

  368. 			maxIdentSize = DEFAULT_MAX_IDENTIFICATION_SIZE;

  369. 			MAX_IDENTIFICATION_SIZE.set(this, Integer.valueOf(maxIdentSize));

  370. 		} else {

  371. 			maxIdentSize = maxIdentLength.intValue();

  372. 		}

  373. 		int current = buffer.rpos();

  374. 		int end = current + buffer.available();

  375. 		if (current >= end) {

  376. 			return null;

  377. 		}

  378. 		byte[] raw = buffer.array();

  379. 		List<String> ident = new ArrayList<>();

  380. 		int start = current;

  381. 		boolean hasNul = false;

  382. 		for (int i = current; i < end; i++) {

  383. 			switch (raw[i]) {

  384. 			case 0:

  385. 				hasNul = true;

  386. 				break;

  387. 			case '\n':

  388. 				int eol = 1;

  389. 				if (i > start && raw[i - 1] == '\r') {

  390. 					eol++;

  391. 				}

  392. 				String line = new String(raw, start, i + 1 - eol - start,

  393. 						StandardCharsets.UTF_8);

  394. 				start = i + 1;

  395. 				if (log.isDebugEnabled()) {

  396. 					log.debug(format("doReadIdentification({0}) line: ", this) + //$NON-NLS-1$

  397. 							escapeControls(line));

  398. 				}

  399. 				ident.add(line);

  400. 				if (line.startsWith("SSH-")) { //$NON-NLS-1$

  401. 					if (hasNul) {

  402. 						throw new StreamCorruptedException(

  403. 								format(SshdText.get().serverIdWithNul,

  404. 										escapeControls(line)));

  405. 					}

  406. 					if (line.length() + eol > 255) {

  407. 						throw new StreamCorruptedException(

  408. 								format(SshdText.get().serverIdTooLong,

  409. 										escapeControls(line)));

  410. 					}

  411. 					buffer.rpos(start);

  412. 					return ident;

  413. 				}

  414. 				// If this were a server, we could throw an exception here: a

  415. 				// client is not supposed to send any extra lines before its

  416. 				// identification string.

  417. 				hasNul = false;

  418. 				break;

  419. 			default:

  420. 				break;

  421. 			}

  422. 			if (i - current + 1 >= maxIdentSize) {

  423. 				String msg = format(SshdText.get().serverIdNotReceived,

  424. 						Integer.toString(maxIdentSize));

  425. 				if (log.isDebugEnabled()) {

  426. 					log.debug(msg);

  427. 					log.debug(buffer.toHex());

  428. 				}

  429. 				throw new StreamCorruptedException(msg);

  430. 			}

  431. 		}

  432. 		// Need more data

  433. 		return null;

  434. 	}

  435. 

  436. 	private static String escapeControls(String s) {

  437. 		StringBuilder b = new StringBuilder();

  438. 		int l = s.length();

  439. 		for (int i = 0; i < l; i++) {

  440. 			char ch = s.charAt(i);

  441. 			if (Character.isISOControl(ch)) {

  442. 				b.append(ch <= 0xF ? "\\u000" : "\\u00") //$NON-NLS-1$ //$NON-NLS-2$

  443. 						.append(Integer.toHexString(ch));

  444. 			} else {

  445. 				b.append(ch);

  446. 			}

  447. 		}

  448. 		return b.toString();

  449. 	}

  450. 

  451. 	@Override

  452. 	public <T> T getAttribute(AttributeKey<T> key) {

  453. 		T value = super.getAttribute(key);

  454. 		if (value == null) {

  455. 			IoSession ioSession = getIoSession();

  456. 			if (ioSession != null) {

  457. 				Object obj = ioSession.getAttribute(AttributeRepository.class);

  458. 				if (obj instanceof AttributeRepository) {

  459. 					AttributeRepository sessionAttributes = (AttributeRepository) obj;

  460. 					value = sessionAttributes.resolveAttribute(key);

  461. 				}

  462. 			}

  463. 		}

  464. 		return value;

  465. 	}

  466. 

  467. 	@Override

  468. 	public PropertyResolver getParentPropertyResolver() {

  469. 		IoSession ioSession = getIoSession();

  470. 		if (ioSession != null) {

  471. 			Object obj = ioSession.getAttribute(AttributeRepository.class);

  472. 			if (obj instanceof PropertyResolver) {

  473. 				return (PropertyResolver) obj;

  474. 			}

  475. 		}

  476. 		return super.getParentPropertyResolver();

  477. 	}

  478. 

  479. 	/**

  480. 	 * An {@link AttributeRepository} that chains together two other attribute

  481. 	 * sources in a hierarchy.

  482. 	 */

  483. 	public static class ChainingAttributes implements AttributeRepository {

  484. 

  485. 		private final AttributeRepository delegate;

  486. 

  487. 		private final AttributeRepository parent;

  488. 

  489. 		/**

  490. 		 * Create a new {@link ChainingAttributes} attribute source.

  491. 		 *

  492. 		 * @param self

  493. 		 *            to search for attributes first

  494. 		 * @param parent

  495. 		 *            to search for attributes if not found in {@code self}

  496. 		 */

  497. 		public ChainingAttributes(AttributeRepository self,

  498. 				AttributeRepository parent) {

  499. 			this.delegate = self;

  500. 			this.parent = parent;

  501. 		}

  502. 

  503. 		@Override

  504. 		public int getAttributesCount() {

  505. 			return delegate.getAttributesCount();

  506. 		}

  507. 

  508. 		@Override

  509. 		public <T> T getAttribute(AttributeKey<T> key) {

  510. 			return delegate.getAttribute(Objects.requireNonNull(key));

  511. 		}

  512. 

  513. 		@Override

  514. 		public Collection<AttributeKey<?>> attributeKeys() {

  515. 			return delegate.attributeKeys();

  516. 		}

  517. 

  518. 		@Override

  519. 		public <T> T resolveAttribute(AttributeKey<T> key) {

  520. 			T value = getAttribute(Objects.requireNonNull(key));

  521. 			if (value == null) {

  522. 				return parent.getAttribute(key);

  523. 			}

  524. 			return value;

  525. 		}

  526. 	}

  527. 

  528. 	/**

  529. 	 * A {@link ChainingAttributes} repository that doubles as a

  530. 	 * {@link PropertyResolver}. The property map can be set via the attribute

  531. 	 * key {@link SessionAttributes#PROPERTIES}.

  532. 	 */

  533. 	public static class SessionAttributes extends ChainingAttributes

  534. 			implements PropertyResolver {

  535. 

  536. 		/** Key for storing a map of properties in the attributes. */

  537. 		public static final AttributeKey<Map<String, Object>> PROPERTIES = new AttributeKey<>();

  538. 

  539. 		private final PropertyResolver parentProperties;

  540. 

  541. 		/**

  542. 		 * Creates a new {@link SessionAttributes} attribute and property

  543. 		 * source.

  544. 		 *

  545. 		 * @param self

  546. 		 *            to search for attributes first

  547. 		 * @param parent

  548. 		 *            to search for attributes if not found in {@code self}

  549. 		 * @param parentProperties

  550. 		 *            to search for properties if not found in {@code self}

  551. 		 */

  552. 		public SessionAttributes(AttributeRepository self,

  553. 				AttributeRepository parent, PropertyResolver parentProperties) {

  554. 			super(self, parent);

  555. 			this.parentProperties = parentProperties;

  556. 		}

  557. 

  558. 		@Override

  559. 		public PropertyResolver getParentPropertyResolver() {

  560. 			return parentProperties;

  561. 		}

  562. 

  563. 		@Override

  564. 		public Map<String, Object> getProperties() {

  565. 			Map<String, Object> props = getAttribute(PROPERTIES);

  566. 			return props == null ? Collections.emptyMap() : props;

  567. 		}

  568. 	}

  569. }