mirrors
/
jgit
mirror of https://github.com/eclipse/jgit.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 204 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
8423 Commits
49 Branches
Tree: 66c9c7bf87
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '66c9c7bf87'
${ noResults }
jgit/org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/internal/transport/sshd/JGitClientSession.java

JGitClientSession.java 18KB
Raw Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588 
  1. /*

  2.  * Copyright (C) 2018, 2019 Thomas Wolf <thomas.wolf@paranor.ch> and others

  3.  *

  4.  * This program and the accompanying materials are made available under the

  5.  * terms of the Eclipse Distribution License v. 1.0 which is available at

  6.  * https://www.eclipse.org/org/documents/edl-v10.php.

  7.  *

  8.  * SPDX-License-Identifier: BSD-3-Clause

  9.  */

  10. package org.eclipse.jgit.internal.transport.sshd;

  11. 

  12. import static java.text.MessageFormat.format;

  13. import static org.apache.sshd.core.CoreModuleProperties.MAX_IDENTIFICATION_SIZE;

  14. 

  15. import java.io.IOException;

  16. import java.io.StreamCorruptedException;

  17. import java.net.SocketAddress;

  18. import java.nio.charset.StandardCharsets;

  19. import java.security.GeneralSecurityException;

  20. import java.security.PublicKey;

  21. import java.util.ArrayList;

  22. import java.util.Collection;

  23. import java.util.Collections;

  24. import java.util.HashSet;

  25. import java.util.Iterator;

  26. import java.util.LinkedHashSet;

  27. import java.util.List;

  28. import java.util.Map;

  29. import java.util.Objects;

  30. import java.util.Set;

  31. 

  32. import org.apache.sshd.client.ClientFactoryManager;

  33. import org.apache.sshd.client.config.hosts.HostConfigEntry;

  34. import org.apache.sshd.client.keyverifier.ServerKeyVerifier;

  35. import org.apache.sshd.client.session.ClientSessionImpl;

  36. import org.apache.sshd.common.AttributeRepository;

  37. import org.apache.sshd.common.FactoryManager;

  38. import org.apache.sshd.common.PropertyResolver;

  39. import org.apache.sshd.common.config.keys.KeyUtils;

  40. import org.apache.sshd.common.io.IoSession;

  41. import org.apache.sshd.common.io.IoWriteFuture;

  42. import org.apache.sshd.common.kex.KexProposalOption;

  43. import org.apache.sshd.common.util.Readable;

  44. import org.apache.sshd.common.util.buffer.Buffer;

  45. import org.eclipse.jgit.errors.InvalidPatternException;

  46. import org.eclipse.jgit.fnmatch.FileNameMatcher;

  47. import org.eclipse.jgit.internal.transport.sshd.proxy.StatefulProxyConnector;

  48. import org.eclipse.jgit.transport.CredentialsProvider;

  49. import org.eclipse.jgit.transport.SshConstants;

  50. import org.eclipse.jgit.util.StringUtils;

  51. 

  52. /**

  53.  * A {@link org.apache.sshd.client.session.ClientSession ClientSession} that can

  54.  * be associated with the {@link HostConfigEntry} the session was created for.

  55.  * The {@link JGitSshClient} creates such sessions and sets this association.

  56.  * <p>

  57.  * Also provides for associating a JGit {@link CredentialsProvider} with a

  58.  * session.

  59.  * </p>

  60.  */

  61. public class JGitClientSession extends ClientSessionImpl {

  62. 

  63. 	/**

  64. 	 * Default setting for the maximum number of bytes to read in the initial

  65. 	 * protocol version exchange. 64kb is what OpenSSH < 8.0 read; OpenSSH 8.0

  66. 	 * changed it to 8Mb, but that seems excessive for the purpose stated in RFC

  67. 	 * 4253. The Apache MINA sshd default in

  68. 	 * {@link org.apache.sshd.core.CoreModuleProperties#MAX_IDENTIFICATION_SIZE}

  69. 	 * is 16kb.

  70. 	 */

  71. 	private static final int DEFAULT_MAX_IDENTIFICATION_SIZE = 64 * 1024;

  72. 

  73. 	private HostConfigEntry hostConfig;

  74. 

  75. 	private CredentialsProvider credentialsProvider;

  76. 

  77. 	private volatile StatefulProxyConnector proxyHandler;

  78. 

  79. 	/**

  80. 	 * @param manager

  81. 	 * @param session

  82. 	 * @throws Exception

  83. 	 */

  84. 	public JGitClientSession(ClientFactoryManager manager, IoSession session)

  85. 			throws Exception {

  86. 		super(manager, session);

  87. 	}

  88. 

  89. 	/**

  90. 	 * Retrieves the {@link HostConfigEntry} this session was created for.

  91. 	 *

  92. 	 * @return the {@link HostConfigEntry}, or {@code null} if none set

  93. 	 */

  94. 	public HostConfigEntry getHostConfigEntry() {

  95. 		return hostConfig;

  96. 	}

  97. 

  98. 	/**

  99. 	 * Sets the {@link HostConfigEntry} this session was created for.

  100. 	 *

  101. 	 * @param hostConfig

  102. 	 *            the {@link HostConfigEntry}

  103. 	 */

  104. 	public void setHostConfigEntry(HostConfigEntry hostConfig) {

  105. 		this.hostConfig = hostConfig;

  106. 	}

  107. 

  108. 	/**

  109. 	 * Sets the {@link CredentialsProvider} for this session.

  110. 	 *

  111. 	 * @param provider

  112. 	 *            to set

  113. 	 */

  114. 	public void setCredentialsProvider(CredentialsProvider provider) {

  115. 		credentialsProvider = provider;

  116. 	}

  117. 

  118. 	/**

  119. 	 * Retrieves the {@link CredentialsProvider} set for this session.

  120. 	 *

  121. 	 * @return the provider, or {@code null} if none is set.

  122. 	 */

  123. 	public CredentialsProvider getCredentialsProvider() {

  124. 		return credentialsProvider;

  125. 	}

  126. 

  127. 	/**

  128. 	 * Sets a {@link StatefulProxyConnector} to handle proxy connection

  129. 	 * protocols.

  130. 	 *

  131. 	 * @param handler

  132. 	 *            to set

  133. 	 */

  134. 	public void setProxyHandler(StatefulProxyConnector handler) {

  135. 		proxyHandler = handler;

  136. 	}

  137. 

  138. 	@Override

  139. 	protected IoWriteFuture sendIdentification(String ident,

  140. 			List<String> extraLines) throws Exception {

  141. 		StatefulProxyConnector proxy = proxyHandler;

  142. 		if (proxy != null) {

  143. 			try {

  144. 				// We must not block here; the framework starts reading messages

  145. 				// from the peer only once the initial sendKexInit() following

  146. 				// this call to sendIdentification() has returned!

  147. 				proxy.runWhenDone(() -> {

  148. 					JGitClientSession.super.sendIdentification(ident,

  149. 							extraLines);

  150. 					return null;

  151. 				});

  152. 				// Called only from the ClientSessionImpl constructor, where the

  153. 				// return value is ignored.

  154. 				return null;

  155. 			} catch (IOException e) {

  156. 				throw e;

  157. 			} catch (Exception other) {

  158. 				throw new IOException(other.getLocalizedMessage(), other);

  159. 			}

  160. 		}

  161. 		return super.sendIdentification(ident, extraLines);

  162. 	}

  163. 

  164. 	@Override

  165. 	protected byte[] sendKexInit() throws Exception {

  166. 		StatefulProxyConnector proxy = proxyHandler;

  167. 		if (proxy != null) {

  168. 			try {

  169. 				// We must not block here; the framework starts reading messages

  170. 				// from the peer only once the initial sendKexInit() has

  171. 				// returned!

  172. 				proxy.runWhenDone(() -> {

  173. 					JGitClientSession.super.sendKexInit();

  174. 					return null;

  175. 				});

  176. 				// This is called only from the ClientSessionImpl

  177. 				// constructor, where the return value is ignored.

  178. 				return null;

  179. 			} catch (IOException | GeneralSecurityException e) {

  180. 				throw e;

  181. 			} catch (Exception other) {

  182. 				throw new IOException(other.getLocalizedMessage(), other);

  183. 			}

  184. 		}

  185. 		return super.sendKexInit();

  186. 	}

  187. 

  188. 	/**

  189. 	 * {@inheritDoc}

  190. 	 *

  191. 	 * As long as we're still setting up the proxy connection, diverts messages

  192. 	 * to the {@link StatefulProxyConnector}.

  193. 	 */

  194. 	@Override

  195. 	public void messageReceived(Readable buffer) throws Exception {

  196. 		StatefulProxyConnector proxy = proxyHandler;

  197. 		if (proxy != null) {

  198. 			proxy.messageReceived(getIoSession(), buffer);

  199. 		} else {

  200. 			super.messageReceived(buffer);

  201. 		}

  202. 	}

  203. 

  204. 	@Override

  205. 	protected Map<KexProposalOption, String> setNegotiationResult(

  206. 			Map<KexProposalOption, String> guess) {

  207. 		Map<KexProposalOption, String> result = super.setNegotiationResult(

  208. 				guess);

  209. 		// This should be doable with a SessionListener, too, but I don't see

  210. 		// how to add a listener in time to catch the negotiation end for sure

  211. 		// given that the super-constructor already starts KEX.

  212. 		//

  213. 		// TODO: This override can be removed once we use sshd 2.8.0.

  214. 		if (log.isDebugEnabled()) {

  215. 			result.forEach((option, value) -> log.debug(

  216. 					"setNegotiationResult({}) Kex: {} = {}", this, //$NON-NLS-1$

  217. 					option.getDescription(), value));

  218. 		}

  219. 		return result;

  220. 	}

  221. 

  222. 	@Override

  223. 	protected String resolveAvailableSignaturesProposal(

  224. 			FactoryManager manager) {

  225. 		List<String> defaultSignatures = getSignatureFactoriesNames();

  226. 		HostConfigEntry config = resolveAttribute(

  227. 				JGitSshClient.HOST_CONFIG_ENTRY);

  228. 		String algorithms = config

  229. 				.getProperty(SshConstants.HOST_KEY_ALGORITHMS);

  230. 		if (!StringUtils.isEmptyOrNull(algorithms)) {

  231. 			List<String> result = modifyAlgorithmList(defaultSignatures,

  232. 					algorithms, SshConstants.HOST_KEY_ALGORITHMS);

  233. 			if (!result.isEmpty()) {

  234. 				if (log.isDebugEnabled()) {

  235. 					log.debug(SshConstants.HOST_KEY_ALGORITHMS + ' ' + result);

  236. 				}

  237. 				return String.join(",", result); //$NON-NLS-1$

  238. 			}

  239. 			log.warn(format(SshdText.get().configNoKnownAlgorithms,

  240. 					SshConstants.HOST_KEY_ALGORITHMS,

  241. 					algorithms));

  242. 		}

  243. 		// No HostKeyAlgorithms; using default -- change order to put existing

  244. 		// keys first.

  245. 		ServerKeyVerifier verifier = getServerKeyVerifier();

  246. 		if (verifier instanceof ServerKeyLookup) {

  247. 			SocketAddress remoteAddress = resolvePeerAddress(

  248. 					resolveAttribute(JGitSshClient.ORIGINAL_REMOTE_ADDRESS));

  249. 			List<PublicKey> allKnownKeys = ((ServerKeyLookup) verifier)

  250. 					.lookup(this, remoteAddress);

  251. 			Set<String> reordered = new LinkedHashSet<>();

  252. 			for (PublicKey key : allKnownKeys) {

  253. 				if (key != null) {

  254. 					String keyType = KeyUtils.getKeyType(key);

  255. 					if (keyType != null) {

  256. 						reordered.add(keyType);

  257. 					}

  258. 				}

  259. 			}

  260. 			reordered.addAll(defaultSignatures);

  261. 			if (log.isDebugEnabled()) {

  262. 				log.debug(SshConstants.HOST_KEY_ALGORITHMS + ' ' + reordered);

  263. 			}

  264. 			return String.join(",", reordered); //$NON-NLS-1$

  265. 		}

  266. 		if (log.isDebugEnabled()) {

  267. 			log.debug(

  268. 					SshConstants.HOST_KEY_ALGORITHMS + ' ' + defaultSignatures);

  269. 		}

  270. 		return String.join(",", defaultSignatures); //$NON-NLS-1$

  271. 	}

  272. 

  273. 	/**

  274. 	 * Modifies a given algorithm list according to a list from the ssh config,

  275. 	 * including remove ('-') and reordering ('^') operators. Addition ('+') is

  276. 	 * not handled since we have no way of adding dynamically implementations,

  277. 	 * and the defaultList is supposed to contain all known implementations

  278. 	 * already.

  279. 	 *

  280. 	 * @param defaultList

  281. 	 *            to modify

  282. 	 * @param fromConfig

  283. 	 *            telling how to modify the {@code defaultList}, must not be

  284. 	 *            {@code null} or empty

  285. 	 * @param overrideKey

  286. 	 *            ssh config key; used for logging

  287. 	 * @return the modified list or {@code null} if {@code overrideKey} is not

  288. 	 *         set

  289. 	 */

  290. 	public List<String> modifyAlgorithmList(List<String> defaultList,

  291. 			String fromConfig, String overrideKey) {

  292. 		Set<String> defaults = new LinkedHashSet<>();

  293. 		defaults.addAll(defaultList);

  294. 		switch (fromConfig.charAt(0)) {

  295. 		case '+':

  296. 			// Additions make not much sense -- it's either in

  297. 			// defaultList already, or we have no implementation for

  298. 			// it. No point in proposing it.

  299. 			return defaultList;

  300. 		case '-':

  301. 			// This takes wildcard patterns!

  302. 			removeFromList(defaults, overrideKey, fromConfig.substring(1));

  303. 			return new ArrayList<>(defaults);

  304. 		case '^':

  305. 			// Specified entries go to the front of the default list

  306. 			List<String> allSignatures = filteredList(defaults,

  307. 					fromConfig.substring(1));

  308. 			Set<String> atFront = new HashSet<>(allSignatures);

  309. 			for (String sig : defaults) {

  310. 				if (!atFront.contains(sig)) {

  311. 					allSignatures.add(sig);

  312. 				}

  313. 			}

  314. 			return allSignatures;

  315. 		default:

  316. 			// Default is overridden -- only accept the ones for which we do

  317. 			// have an implementation.

  318. 			return filteredList(defaults, fromConfig);

  319. 		}

  320. 	}

  321. 

  322. 	private void removeFromList(Set<String> current, String key,

  323. 			String patterns) {

  324. 		for (String toRemove : patterns.split("\\s*,\\s*")) { //$NON-NLS-1$

  325. 			if (toRemove.indexOf('*') < 0 && toRemove.indexOf('?') < 0) {

  326. 				current.remove(toRemove);

  327. 				continue;

  328. 			}

  329. 			try {

  330. 				FileNameMatcher matcher = new FileNameMatcher(toRemove, null);

  331. 				for (Iterator<String> i = current.iterator(); i.hasNext();) {

  332. 					matcher.reset();

  333. 					matcher.append(i.next());

  334. 					if (matcher.isMatch()) {

  335. 						i.remove();

  336. 					}

  337. 				}

  338. 			} catch (InvalidPatternException e) {

  339. 				log.warn(format(SshdText.get().configInvalidPattern, key,

  340. 						toRemove));

  341. 			}

  342. 		}

  343. 	}

  344. 

  345. 	private List<String> filteredList(Set<String> known, String values) {

  346. 		List<String> newNames = new ArrayList<>();

  347. 		for (String newValue : values.split("\\s*,\\s*")) { //$NON-NLS-1$

  348. 			if (known.contains(newValue)) {

  349. 				newNames.add(newValue);

  350. 			}

  351. 		}

  352. 		return newNames;

  353. 	}

  354. 

  355. 	/**

  356. 	 * Reads the RFC 4253, section 4.2 protocol version identification. The

  357. 	 * Apache MINA sshd default implementation checks for NUL bytes also in any

  358. 	 * preceding lines, whereas RFC 4253 requires such a check only for the

  359. 	 * actual identification string starting with "SSH-". Likewise, the 255

  360. 	 * character limit exists only for the identification string, not for the

  361. 	 * preceding lines. CR-LF handling is also relaxed.

  362. 	 *

  363. 	 * @param buffer

  364. 	 *            to read from

  365. 	 * @param server

  366. 	 *            whether we're an SSH server (should always be {@code false})

  367. 	 * @return the lines read, with the server identification line last, or

  368. 	 *         {@code null} if no identification line was found and more bytes

  369. 	 *         are needed

  370. 	 * @throws StreamCorruptedException

  371. 	 *             if the identification is malformed

  372. 	 * @see <a href="https://tools.ietf.org/html/rfc4253#section-4.2">RFC 4253,

  373. 	 *      section 4.2</a>

  374. 	 */

  375. 	@Override

  376. 	protected List<String> doReadIdentification(Buffer buffer, boolean server)

  377. 			throws StreamCorruptedException {

  378. 		if (server) {

  379. 			// Should never happen. No translation; internal bug.

  380. 			throw new IllegalStateException(

  381. 					"doReadIdentification of client called with server=true"); //$NON-NLS-1$

  382. 		}

  383. 		Integer maxIdentLength = MAX_IDENTIFICATION_SIZE.get(this).orElse(null);

  384. 		int maxIdentSize;

  385. 		if (maxIdentLength == null || maxIdentLength

  386. 				.intValue() < DEFAULT_MAX_IDENTIFICATION_SIZE) {

  387. 			maxIdentSize = DEFAULT_MAX_IDENTIFICATION_SIZE;

  388. 			MAX_IDENTIFICATION_SIZE.set(this, Integer.valueOf(maxIdentSize));

  389. 		} else {

  390. 			maxIdentSize = maxIdentLength.intValue();

  391. 		}

  392. 		int current = buffer.rpos();

  393. 		int end = current + buffer.available();

  394. 		if (current >= end) {

  395. 			return null;

  396. 		}

  397. 		byte[] raw = buffer.array();

  398. 		List<String> ident = new ArrayList<>();

  399. 		int start = current;

  400. 		boolean hasNul = false;

  401. 		for (int i = current; i < end; i++) {

  402. 			switch (raw[i]) {

  403. 			case 0:

  404. 				hasNul = true;

  405. 				break;

  406. 			case '\n':

  407. 				int eol = 1;

  408. 				if (i > start && raw[i - 1] == '\r') {

  409. 					eol++;

  410. 				}

  411. 				String line = new String(raw, start, i + 1 - eol - start,

  412. 						StandardCharsets.UTF_8);

  413. 				start = i + 1;

  414. 				if (log.isDebugEnabled()) {

  415. 					log.debug(format("doReadIdentification({0}) line: ", this) + //$NON-NLS-1$

  416. 							escapeControls(line));

  417. 				}

  418. 				ident.add(line);

  419. 				if (line.startsWith("SSH-")) { //$NON-NLS-1$

  420. 					if (hasNul) {

  421. 						throw new StreamCorruptedException(

  422. 								format(SshdText.get().serverIdWithNul,

  423. 										escapeControls(line)));

  424. 					}

  425. 					if (line.length() + eol > 255) {

  426. 						throw new StreamCorruptedException(

  427. 								format(SshdText.get().serverIdTooLong,

  428. 										escapeControls(line)));

  429. 					}

  430. 					buffer.rpos(start);

  431. 					return ident;

  432. 				}

  433. 				// If this were a server, we could throw an exception here: a

  434. 				// client is not supposed to send any extra lines before its

  435. 				// identification string.

  436. 				hasNul = false;

  437. 				break;

  438. 			default:

  439. 				break;

  440. 			}

  441. 			if (i - current + 1 >= maxIdentSize) {

  442. 				String msg = format(SshdText.get().serverIdNotReceived,

  443. 						Integer.toString(maxIdentSize));

  444. 				if (log.isDebugEnabled()) {

  445. 					log.debug(msg);

  446. 					log.debug(buffer.toHex());

  447. 				}

  448. 				throw new StreamCorruptedException(msg);

  449. 			}

  450. 		}

  451. 		// Need more data

  452. 		return null;

  453. 	}

  454. 

  455. 	private static String escapeControls(String s) {

  456. 		StringBuilder b = new StringBuilder();

  457. 		int l = s.length();

  458. 		for (int i = 0; i < l; i++) {

  459. 			char ch = s.charAt(i);

  460. 			if (Character.isISOControl(ch)) {

  461. 				b.append(ch <= 0xF ? "\\u000" : "\\u00") //$NON-NLS-1$ //$NON-NLS-2$

  462. 						.append(Integer.toHexString(ch));

  463. 			} else {

  464. 				b.append(ch);

  465. 			}

  466. 		}

  467. 		return b.toString();

  468. 	}

  469. 

  470. 	@Override

  471. 	public <T> T getAttribute(AttributeKey<T> key) {

  472. 		T value = super.getAttribute(key);

  473. 		if (value == null) {

  474. 			IoSession ioSession = getIoSession();

  475. 			if (ioSession != null) {

  476. 				Object obj = ioSession.getAttribute(AttributeRepository.class);

  477. 				if (obj instanceof AttributeRepository) {

  478. 					AttributeRepository sessionAttributes = (AttributeRepository) obj;

  479. 					value = sessionAttributes.resolveAttribute(key);

  480. 				}

  481. 			}

  482. 		}

  483. 		return value;

  484. 	}

  485. 

  486. 	@Override

  487. 	public PropertyResolver getParentPropertyResolver() {

  488. 		IoSession ioSession = getIoSession();

  489. 		if (ioSession != null) {

  490. 			Object obj = ioSession.getAttribute(AttributeRepository.class);

  491. 			if (obj instanceof PropertyResolver) {

  492. 				return (PropertyResolver) obj;

  493. 			}

  494. 		}

  495. 		return super.getParentPropertyResolver();

  496. 	}

  497. 

  498. 	/**

  499. 	 * An {@link AttributeRepository} that chains together two other attribute

  500. 	 * sources in a hierarchy.

  501. 	 */

  502. 	public static class ChainingAttributes implements AttributeRepository {

  503. 

  504. 		private final AttributeRepository delegate;

  505. 

  506. 		private final AttributeRepository parent;

  507. 

  508. 		/**

  509. 		 * Create a new {@link ChainingAttributes} attribute source.

  510. 		 *

  511. 		 * @param self

  512. 		 *            to search for attributes first

  513. 		 * @param parent

  514. 		 *            to search for attributes if not found in {@code self}

  515. 		 */

  516. 		public ChainingAttributes(AttributeRepository self,

  517. 				AttributeRepository parent) {

  518. 			this.delegate = self;

  519. 			this.parent = parent;

  520. 		}

  521. 

  522. 		@Override

  523. 		public int getAttributesCount() {

  524. 			return delegate.getAttributesCount();

  525. 		}

  526. 

  527. 		@Override

  528. 		public <T> T getAttribute(AttributeKey<T> key) {

  529. 			return delegate.getAttribute(Objects.requireNonNull(key));

  530. 		}

  531. 

  532. 		@Override

  533. 		public Collection<AttributeKey<?>> attributeKeys() {

  534. 			return delegate.attributeKeys();

  535. 		}

  536. 

  537. 		@Override

  538. 		public <T> T resolveAttribute(AttributeKey<T> key) {

  539. 			T value = getAttribute(Objects.requireNonNull(key));

  540. 			if (value == null) {

  541. 				return parent.getAttribute(key);

  542. 			}

  543. 			return value;

  544. 		}

  545. 	}

  546. 

  547. 	/**

  548. 	 * A {@link ChainingAttributes} repository that doubles as a

  549. 	 * {@link PropertyResolver}. The property map can be set via the attribute

  550. 	 * key {@link SessionAttributes#PROPERTIES}.

  551. 	 */

  552. 	public static class SessionAttributes extends ChainingAttributes

  553. 			implements PropertyResolver {

  554. 

  555. 		/** Key for storing a map of properties in the attributes. */

  556. 		public static final AttributeKey<Map<String, Object>> PROPERTIES = new AttributeKey<>();

  557. 

  558. 		private final PropertyResolver parentProperties;

  559. 

  560. 		/**

  561. 		 * Creates a new {@link SessionAttributes} attribute and property

  562. 		 * source.

  563. 		 *

  564. 		 * @param self

  565. 		 *            to search for attributes first

  566. 		 * @param parent

  567. 		 *            to search for attributes if not found in {@code self}

  568. 		 * @param parentProperties

  569. 		 *            to search for properties if not found in {@code self}

  570. 		 */

  571. 		public SessionAttributes(AttributeRepository self,

  572. 				AttributeRepository parent, PropertyResolver parentProperties) {

  573. 			super(self, parent);

  574. 			this.parentProperties = parentProperties;

  575. 		}

  576. 

  577. 		@Override

  578. 		public PropertyResolver getParentPropertyResolver() {

  579. 			return parentProperties;

  580. 		}

  581. 

  582. 		@Override

  583. 		public Map<String, Object> getProperties() {

  584. 			Map<String, Object> props = getAttribute(PROPERTIES);

  585. 			return props == null ? Collections.emptyMap() : props;

  586. 		}

  587. 	}

  588. }