1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
|
/*
@VaadinApache2LicenseForJavaFiles@
*/
package com.vaadin.terminal.gwt.server;
import java.io.File;
import java.util.Enumeration;
import java.util.HashMap;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import javax.servlet.http.HttpSessionBindingEvent;
import javax.servlet.http.HttpSessionBindingListener;
import com.vaadin.Application;
/**
* Web application context for Vaadin applications.
*
* This is automatically added as a {@link HttpSessionBindingListener} when
* added to a {@link HttpSession}.
*
* @author Vaadin Ltd.
* @version
* @VERSION@
* @since 3.1
*/
@SuppressWarnings("serial")
public class WebApplicationContext extends AbstractWebApplicationContext {
protected transient HttpSession session;
private transient boolean reinitializingSession = false;
/**
* Stores a reference to the currentRequest. Null it not inside a request.
*/
private transient Object currentRequest = null;
/**
* Creates a new Web Application Context.
*
*/
protected WebApplicationContext() {
}
@Override
protected void startTransaction(Application application, Object request) {
currentRequest = request;
super.startTransaction(application, request);
}
@Override
protected void endTransaction(Application application, Object request) {
super.endTransaction(application, request);
currentRequest = null;
}
@Override
public void valueUnbound(HttpSessionBindingEvent event) {
if (!reinitializingSession) {
// Avoid closing the application if we are only reinitializing the
// session. Closing the application would cause the state to be lost
// and a new application to be created, which is not what we want.
super.valueUnbound(event);
}
}
/**
* Discards the current session and creates a new session with the same
* contents. The purpose of this is to introduce a new session key in order
* to avoid session fixation attacks.
*/
@SuppressWarnings("unchecked")
public void reinitializeSession() {
HttpSession oldSession = getHttpSession();
// Stores all attributes (security key, reference to this context
// instance) so they can be added to the new session
HashMap<String, Object> attrs = new HashMap<String, Object>();
for (Enumeration<String> e = oldSession.getAttributeNames(); e
.hasMoreElements();) {
String name = e.nextElement();
attrs.put(name, oldSession.getAttribute(name));
}
// Invalidate the current session, set flag to avoid call to
// valueUnbound
reinitializingSession = true;
oldSession.invalidate();
reinitializingSession = false;
// Create a new session
HttpSession newSession = ((HttpServletRequest) currentRequest)
.getSession();
// Restores all attributes (security key, reference to this context
// instance)
for (String name : attrs.keySet()) {
newSession.setAttribute(name, attrs.get(name));
}
// Update the "current session" variable
session = newSession;
}
/**
* Gets the application context base directory.
*
* @see com.vaadin.service.ApplicationContext#getBaseDirectory()
*/
@Override
public File getBaseDirectory() {
final String realPath = ApplicationServlet.getResourcePath(
session.getServletContext(), "/");
if (realPath == null) {
return null;
}
return new File(realPath);
}
/**
* Gets the http-session application is running in.
*
* @return HttpSession this application context resides in.
*/
public HttpSession getHttpSession() {
return session;
}
/**
* Gets the application context for an HttpSession.
*
* @param session
* the HTTP session.
* @return the application context for HttpSession.
*/
static public WebApplicationContext getApplicationContext(
HttpSession session) {
WebApplicationContext cx = (WebApplicationContext) session
.getAttribute(WebApplicationContext.class.getName());
if (cx == null) {
cx = new WebApplicationContext();
session.setAttribute(WebApplicationContext.class.getName(), cx);
}
if (cx.session == null) {
cx.session = session;
}
return cx;
}
protected void addApplication(Application application) {
applications.add(application);
}
/**
* Gets communication manager for an application.
*
* If this application has not been running before, a new manager is
* created.
*
* @param application
* @return CommunicationManager
*/
public CommunicationManager getApplicationManager(Application application,
AbstractApplicationServlet servlet) {
CommunicationManager mgr = (CommunicationManager) applicationToAjaxAppMgrMap
.get(application);
if (mgr == null) {
// Creates new manager
mgr = servlet.createCommunicationManager(application);
applicationToAjaxAppMgrMap.put(application, mgr);
}
return mgr;
}
}
|
