From 170937d54e9dd5a7269d16ec6b28e67a28187b8b Mon Sep 17 00:00:00 2001 From: "David M. Johnson" Date: Sat, 18 Jan 2025 13:36:56 -0500 Subject: [PATCH 01/11] Roller session improvements. --- .../weblogger/ui/core/RollerSession.java | 64 +++++-------------- .../ui/core/RollerSessionManager.java | 63 ++++++++++++++++++ .../weblogger/ui/struts2/admin/UserEdit.java | 13 ++++ .../util/cache/CacheHandlerAdapter.java | 55 ++++++++++++++++ 4 files changed, 147 insertions(+), 48 deletions(-) create mode 100644 app/src/main/java/org/apache/roller/weblogger/ui/core/RollerSessionManager.java create mode 100644 app/src/main/java/org/apache/roller/weblogger/util/cache/CacheHandlerAdapter.java diff --git a/app/src/main/java/org/apache/roller/weblogger/ui/core/RollerSession.java b/app/src/main/java/org/apache/roller/weblogger/ui/core/RollerSession.java index 864e04e153..ef5d7d5af6 100644 --- a/app/src/main/java/org/apache/roller/weblogger/ui/core/RollerSession.java +++ b/app/src/main/java/org/apache/roller/weblogger/ui/core/RollerSession.java @@ -38,23 +38,19 @@ /** * Roller session handles session startup and shutdown. - * - * @web.listener */ public class RollerSession implements HttpSessionListener, HttpSessionActivationListener, Serializable { - static final long serialVersionUID = 5890132909166913727L; - + private static final long serialVersionUID = 5890132909166913727L; + // the id of the user represented by this session private String userName = null; private static final Log log; public static final String ROLLER_SESSION = "org.apache.roller.weblogger.rollersession"; - public static final String ERROR_MESSAGE = "rollererror_message"; - public static final String STATUS_MESSAGE = "rollerstatus_message"; - + static{ WebloggerConfig.init(); // must be called before calls to logging APIs log = LogFactory.getLog(RollerSession.class); @@ -68,12 +64,17 @@ public static RollerSession getRollerSession(HttpServletRequest request) { HttpSession session = request.getSession(false); if (session != null) { rollerSession = (RollerSession)session.getAttribute(ROLLER_SESSION); - + if (rollerSession == null) { - // HttpSession with no RollerSession? - // Must be a session that was de-serialized from a previous run. rollerSession = new RollerSession(); session.setAttribute(ROLLER_SESSION, rollerSession); + } else if (rollerSession.getAuthenticatedUser() != null) { + RollerSessionManager sessionManager = RollerSessionManager.getInstance(); + if (sessionManager.get(rollerSession.getAuthenticatedUser().getUserName()) == null) { + // session not present in cache means that it is invalid + rollerSession = new RollerSession(); + session.setAttribute(ROLLER_SESSION, rollerSession); + } } Principal principal = request.getUserPrincipal(); @@ -124,47 +125,14 @@ public static RollerSession getRollerSession(HttpServletRequest request) { return rollerSession; } - - - /** Create session's Roller instance */ - @Override - public void sessionCreated(HttpSessionEvent se) { - RollerSession rollerSession = new RollerSession(); - se.getSession().setAttribute(ROLLER_SESSION, rollerSession); - } - - @Override - public void sessionDestroyed(HttpSessionEvent se) { - clearSession(se); - } - - - /** Init session as if it was new */ - @Override - public void sessionDidActivate(HttpSessionEvent se) { - } - - - /** - * Purge session before passivation. Because Roller currently does not - * support session recovery, failover, migration, or whatever you want - * to call it when sessions are saved and then restored at some later - * point in time. - */ - @Override - public void sessionWillPassivate(HttpSessionEvent se) { - clearSession(se); - } - - /** * Authenticated user associated with this session. */ public User getAuthenticatedUser() { User authenticUser = null; - if(userName != null) { + if (userName != null) { try { UserManager mgr = WebloggerFactory.getWeblogger().getUserManager(); authenticUser = mgr.getUserByUserName(userName); @@ -175,16 +143,16 @@ public User getAuthenticatedUser() { return authenticUser; } - - + /** * Authenticated user associated with this session. */ public void setAuthenticatedUser(User authenticatedUser) { this.userName = authenticatedUser.getUserName(); + RollerSessionManager sessionManager = RollerSessionManager.getInstance(); + sessionManager.register(authenticatedUser.getUserName(), this); } - - + private void clearSession(HttpSessionEvent se) { HttpSession session = se.getSession(); try { diff --git a/app/src/main/java/org/apache/roller/weblogger/ui/core/RollerSessionManager.java b/app/src/main/java/org/apache/roller/weblogger/ui/core/RollerSessionManager.java new file mode 100644 index 0000000000..dca4e11c05 --- /dev/null +++ b/app/src/main/java/org/apache/roller/weblogger/ui/core/RollerSessionManager.java @@ -0,0 +1,63 @@ +package org.apache.roller.weblogger.ui.core; + +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; +import org.apache.roller.weblogger.pojos.User; +import org.apache.roller.weblogger.util.cache.Cache; +import org.apache.roller.weblogger.util.cache.CacheHandlerAdapter; +import org.apache.roller.weblogger.util.cache.CacheManager; + +import java.util.HashMap; +import java.util.Map; + +public class RollerSessionManager { + private static final Log log = LogFactory.getLog(RollerSessionManager.class); + private static final String CACHE_ID = "roller.session.cache"; + + private final Cache sessionCache; + + public static RollerSessionManager getInstance() { + return RollerSessionManager.SingletonHolder.INSTANCE; + } + + private static class SingletonHolder { + private static final RollerSessionManager INSTANCE = new RollerSessionManager(); + } + + private class SessionCacheHandler extends CacheHandlerAdapter { + public void invalidateUser(User user) { + if (user != null && user.getUserName() != null) { + sessionCache.remove(user.getUserName()); + } + } + } + + private RollerSessionManager() { + Map cacheProps = new HashMap<>(); + cacheProps.put("id", CACHE_ID); + this.sessionCache = CacheManager.constructCache(null, cacheProps); + SessionCacheHandler cacheHandler = new SessionCacheHandler(); + CacheManager.registerHandler(cacheHandler); + } + + public void register(String userName, RollerSession session) { + if (userName != null && session != null) { + this.sessionCache.put(userName, session); + log.debug("Registered session for user: " + userName); + } + } + + public RollerSession get(String userName) { + if (userName != null) { + return (RollerSession) this.sessionCache.get(userName); + } + return null; + } + + public void invalidate(String userName) { + if (userName != null) { + this.sessionCache.remove(userName); + log.debug("Invalidated session for user: " + userName); + } + } +} diff --git a/app/src/main/java/org/apache/roller/weblogger/ui/struts2/admin/UserEdit.java b/app/src/main/java/org/apache/roller/weblogger/ui/struts2/admin/UserEdit.java index 6284e46b58..e8aea67037 100644 --- a/app/src/main/java/org/apache/roller/weblogger/ui/struts2/admin/UserEdit.java +++ b/app/src/main/java/org/apache/roller/weblogger/ui/struts2/admin/UserEdit.java @@ -37,6 +37,7 @@ import org.apache.roller.weblogger.pojos.GlobalPermission; import org.apache.roller.weblogger.pojos.User; import org.apache.roller.weblogger.pojos.WeblogPermission; +import org.apache.roller.weblogger.ui.core.RollerSessionManager; import org.apache.roller.weblogger.ui.struts2.core.Register; import org.apache.roller.weblogger.ui.struts2.util.UIAction; import org.apache.struts2.interceptor.validation.SkipValidation; @@ -165,6 +166,18 @@ public String save() { // reset password if set if (!StringUtils.isEmpty(getBean().getPassword())) { user.resetPassword(getBean().getPassword()); + + // invalidate user's session if it's not user executing this action + if (!getAuthenticatedUser().getUserName().equals(user.getUserName())) { + RollerSessionManager sessionManager = RollerSessionManager.getInstance(); + sessionManager.invalidate(user.getUserName()); + } + } + + // if user is disabled and not the same as the user executing this action, then invalidate their session + if (!user.getEnabled() && !getAuthenticatedUser().getUserName().equals(user.getUserName())) { + RollerSessionManager sessionManager = RollerSessionManager.getInstance(); + sessionManager.invalidate(user.getUserName()); } try { diff --git a/app/src/main/java/org/apache/roller/weblogger/util/cache/CacheHandlerAdapter.java b/app/src/main/java/org/apache/roller/weblogger/util/cache/CacheHandlerAdapter.java new file mode 100644 index 0000000000..1d8cc5a1b1 --- /dev/null +++ b/app/src/main/java/org/apache/roller/weblogger/util/cache/CacheHandlerAdapter.java @@ -0,0 +1,55 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. The ASF licenses this file to You + * under the Apache License, Version 2.0 (the "License"); you may not + * use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. For additional information regarding + * copyright in this work, please see the NOTICE file in the top level + * directory of this distribution. + */ +package org.apache.roller.weblogger.util.cache; + +import org.apache.roller.weblogger.pojos.*; + +public class CacheHandlerAdapter implements CacheHandler { + + @Override + public void invalidate(WeblogEntry entry) { + } + + @Override + public void invalidate(Weblog website) { + } + + @Override + public void invalidate(WeblogBookmark bookmark) { + } + + @Override + public void invalidate(WeblogBookmarkFolder folder) { + } + + @Override + public void invalidate(WeblogEntryComment comment) { + } + + @Override + public void invalidate(User user) { + } + + @Override + public void invalidate(WeblogCategory category) { + } + + @Override + public void invalidate(WeblogTemplate template) { + } +} From c1786c53cf615b523b3ad7656ce1819f0deb6730 Mon Sep 17 00:00:00 2001 From: "David M. Johnson" Date: Mon, 20 Jan 2025 09:52:01 -0500 Subject: [PATCH 02/11] Use injection for RollerSessionManager. --- .../weblogger/ui/core/RollerSession.java | 51 ++++++++++--------- .../ui/core/RollerSessionManager.java | 30 +++++++---- .../weblogger/ui/core/SessionManager.java | 26 ++++++++++ .../ui/core/filters/LoadSaltFilter.java | 28 +++++----- .../ui/core/filters/ValidateSaltFilter.java | 8 +-- .../ui/struts2/ajax/CommentDataServlet.java | 17 +++++-- .../ui/struts2/util/UIActionInterceptor.java | 19 +++++-- app/src/main/resources/struts.xml | 2 + .../main/webapp/roller-ui/login-redirect.jsp | 19 ++++++- .../ui/core/filters/LoadSaltFilterTest.java | 10 ++-- .../core/filters/ValidateSaltFilterTest.java | 38 +++++--------- 11 files changed, 156 insertions(+), 92 deletions(-) create mode 100644 app/src/main/java/org/apache/roller/weblogger/ui/core/SessionManager.java diff --git a/app/src/main/java/org/apache/roller/weblogger/ui/core/RollerSession.java b/app/src/main/java/org/apache/roller/weblogger/ui/core/RollerSession.java index ef5d7d5af6..a94797a81b 100644 --- a/app/src/main/java/org/apache/roller/weblogger/ui/core/RollerSession.java +++ b/app/src/main/java/org/apache/roller/weblogger/ui/core/RollerSession.java @@ -26,6 +26,8 @@ import javax.servlet.http.HttpSessionActivationListener; import javax.servlet.http.HttpSessionEvent; import javax.servlet.http.HttpSessionListener; + +import com.opensymphony.xwork2.inject.Inject; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.apache.roller.weblogger.WebloggerException; @@ -43,37 +45,39 @@ public class RollerSession implements HttpSessionListener, HttpSessionActivationListener, Serializable { private static final long serialVersionUID = 5890132909166913727L; + private static final Log log; // the id of the user represented by this session private String userName = null; - - private static final Log log; - + private final SessionManager sessionManager; + public static final String ROLLER_SESSION = "org.apache.roller.weblogger.rollersession"; static{ WebloggerConfig.init(); // must be called before calls to logging APIs log = LogFactory.getLog(RollerSession.class); } - - /** - * Get RollerSession from request (and add user if not already present). - */ - public static RollerSession getRollerSession(HttpServletRequest request) { - RollerSession rollerSession = null; + + + @Inject + public RollerSession(SessionManager sessionManager) { + this.sessionManager = sessionManager; + } + + @Inject + public RollerSession(SessionManager sessionManager, HttpServletRequest request) { + this.sessionManager = sessionManager; + HttpSession session = request.getSession(false); if (session != null) { - rollerSession = (RollerSession)session.getAttribute(ROLLER_SESSION); - - if (rollerSession == null) { - rollerSession = new RollerSession(); - session.setAttribute(ROLLER_SESSION, rollerSession); - } else if (rollerSession.getAuthenticatedUser() != null) { - RollerSessionManager sessionManager = RollerSessionManager.getInstance(); - if (sessionManager.get(rollerSession.getAuthenticatedUser().getUserName()) == null) { - // session not present in cache means that it is invalid - rollerSession = new RollerSession(); - session.setAttribute(ROLLER_SESSION, rollerSession); + RollerSession storedSession = (RollerSession)session.getAttribute(ROLLER_SESSION); + + if (storedSession == null) { + session.setAttribute(ROLLER_SESSION, this); + } else if (storedSession.getAuthenticatedUser() != null) { + if (sessionManager.get(storedSession.getAuthenticatedUser().getUserName()) == null) { + // override it with the new session + session.setAttribute(ROLLER_SESSION, this); } } @@ -83,7 +87,7 @@ public static RollerSession getRollerSession(HttpServletRequest request) { // user object from user manager but *only* do this if we have been // bootstrapped because under an SSO scenario we may have a // principal even before we have been bootstrapped. - if (rollerSession.getAuthenticatedUser() == null && principal != null && WebloggerFactory.isBootstrapped()) { + if (getAuthenticatedUser() == null && principal != null && WebloggerFactory.isBootstrapped()) { try { UserManager umgr = WebloggerFactory.getWeblogger().getUserManager(); @@ -114,7 +118,7 @@ public static RollerSession getRollerSession(HttpServletRequest request) { } // only set authenticated user if user is enabled if (user != null && user.getEnabled()) { - rollerSession.setAuthenticatedUser(user); + setAuthenticatedUser(user); } } catch (WebloggerException e) { @@ -122,8 +126,6 @@ public static RollerSession getRollerSession(HttpServletRequest request) { } } } - - return rollerSession; } /** @@ -149,7 +151,6 @@ public User getAuthenticatedUser() { */ public void setAuthenticatedUser(User authenticatedUser) { this.userName = authenticatedUser.getUserName(); - RollerSessionManager sessionManager = RollerSessionManager.getInstance(); sessionManager.register(authenticatedUser.getUserName(), this); } diff --git a/app/src/main/java/org/apache/roller/weblogger/ui/core/RollerSessionManager.java b/app/src/main/java/org/apache/roller/weblogger/ui/core/RollerSessionManager.java index dca4e11c05..1866a1744c 100644 --- a/app/src/main/java/org/apache/roller/weblogger/ui/core/RollerSessionManager.java +++ b/app/src/main/java/org/apache/roller/weblogger/ui/core/RollerSessionManager.java @@ -1,3 +1,21 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. The ASF licenses this file to You + * under the Apache License, Version 2.0 (the "License"); you may not + * use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. For additional information regarding + * copyright in this work, please see the NOTICE file in the top level + * directory of this distribution. + */ + package org.apache.roller.weblogger.ui.core; import org.apache.commons.logging.Log; @@ -10,20 +28,12 @@ import java.util.HashMap; import java.util.Map; -public class RollerSessionManager { +public class RollerSessionManager implements SessionManager { private static final Log log = LogFactory.getLog(RollerSessionManager.class); private static final String CACHE_ID = "roller.session.cache"; private final Cache sessionCache; - public static RollerSessionManager getInstance() { - return RollerSessionManager.SingletonHolder.INSTANCE; - } - - private static class SingletonHolder { - private static final RollerSessionManager INSTANCE = new RollerSessionManager(); - } - private class SessionCacheHandler extends CacheHandlerAdapter { public void invalidateUser(User user) { if (user != null && user.getUserName() != null) { @@ -32,7 +42,7 @@ public void invalidateUser(User user) { } } - private RollerSessionManager() { + public RollerSessionManager() { Map cacheProps = new HashMap<>(); cacheProps.put("id", CACHE_ID); this.sessionCache = CacheManager.constructCache(null, cacheProps); diff --git a/app/src/main/java/org/apache/roller/weblogger/ui/core/SessionManager.java b/app/src/main/java/org/apache/roller/weblogger/ui/core/SessionManager.java new file mode 100644 index 0000000000..e3594bb2e5 --- /dev/null +++ b/app/src/main/java/org/apache/roller/weblogger/ui/core/SessionManager.java @@ -0,0 +1,26 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. The ASF licenses this file to You + * under the Apache License, Version 2.0 (the "License"); you may not + * use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. For additional information regarding + * copyright in this work, please see the NOTICE file in the top level + * directory of this distribution. + */ + +package org.apache.roller.weblogger.ui.core; + +public interface SessionManager { + void register(String userName, RollerSession session); + RollerSession get(String userName); + void invalidate(String userName); +} + diff --git a/app/src/main/java/org/apache/roller/weblogger/ui/core/filters/LoadSaltFilter.java b/app/src/main/java/org/apache/roller/weblogger/ui/core/filters/LoadSaltFilter.java index b2e63915d1..fa161d82c4 100644 --- a/app/src/main/java/org/apache/roller/weblogger/ui/core/filters/LoadSaltFilter.java +++ b/app/src/main/java/org/apache/roller/weblogger/ui/core/filters/LoadSaltFilter.java @@ -23,23 +23,31 @@ import javax.servlet.*; import javax.servlet.http.HttpServletRequest; import org.apache.commons.lang3.RandomStringUtils; +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; import org.apache.roller.weblogger.ui.core.RollerSession; import org.apache.roller.weblogger.ui.rendering.util.cache.SaltCache; +import org.apache.roller.weblogger.ui.struts2.util.UIBeanFactory; -/** - * Filter generates a unique salt value for use in any HTTP form generated by - * Roller. See also: ValidateSalt filter. - */ public class LoadSaltFilter implements Filter { + private static final Log log = LogFactory.getLog(LoadSaltFilter.class); + private RollerSession rollerSession; + + @Override + public void init(FilterConfig filterConfig) throws ServletException { + rollerSession = UIBeanFactory.getBean(RollerSession.class); + } + @Override public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) - throws IOException, ServletException { + throws IOException, ServletException { HttpServletRequest httpReq = (HttpServletRequest) request; - RollerSession rollerSession = RollerSession.getRollerSession(httpReq); + if (rollerSession != null) { - String userId = rollerSession.getAuthenticatedUser() != null ? rollerSession.getAuthenticatedUser().getId() : ""; + String userId = rollerSession.getAuthenticatedUser() != null ? + rollerSession.getAuthenticatedUser().getId() : ""; SaltCache saltCache = SaltCache.getInstance(); String salt = RandomStringUtils.random(20, 0, 0, true, true, null, new SecureRandom()); saltCache.put(salt, userId); @@ -48,11 +56,7 @@ public void doFilter(ServletRequest request, ServletResponse response, FilterCha chain.doFilter(request, response); } - - @Override - public void init(FilterConfig filterConfig) throws ServletException { - } - + @Override public void destroy() { } diff --git a/app/src/main/java/org/apache/roller/weblogger/ui/core/filters/ValidateSaltFilter.java b/app/src/main/java/org/apache/roller/weblogger/ui/core/filters/ValidateSaltFilter.java index 9744551bc8..7b54d2bd0e 100644 --- a/app/src/main/java/org/apache/roller/weblogger/ui/core/filters/ValidateSaltFilter.java +++ b/app/src/main/java/org/apache/roller/weblogger/ui/core/filters/ValidateSaltFilter.java @@ -37,6 +37,7 @@ import org.apache.roller.weblogger.config.WebloggerConfig; import org.apache.roller.weblogger.ui.rendering.util.cache.SaltCache; import org.apache.roller.weblogger.ui.core.RollerSession; +import org.apache.roller.weblogger.ui.struts2.util.UIBeanFactory; /** * Filter checks all POST request for presence of valid salt value and rejects those without @@ -45,6 +46,7 @@ public class ValidateSaltFilter implements Filter { private static final Log log = LogFactory.getLog(ValidateSaltFilter.class); private Set ignored = Collections.emptySet(); + private RollerSession rollerSession; @Override public void doFilter(ServletRequest request, ServletResponse response, @@ -58,9 +60,9 @@ public void doFilter(ServletRequest request, ServletResponse response, } if ("POST".equals(httpReq.getMethod()) && !isIgnoredURL(requestURL)) { - RollerSession rollerSession = RollerSession.getRollerSession(httpReq); if (rollerSession != null) { - String userId = rollerSession.getAuthenticatedUser() != null ? rollerSession.getAuthenticatedUser().getId() : ""; + String userId = rollerSession.getAuthenticatedUser() != null ? + rollerSession.getAuthenticatedUser().getId() : ""; String salt = httpReq.getParameter("salt"); SaltCache saltCache = SaltCache.getInstance(); @@ -71,7 +73,6 @@ public void doFilter(ServletRequest request, ServletResponse response, throw new ServletException("Security Violation"); } - // Remove salt from cache after successful validation saltCache.remove(salt); if (log.isDebugEnabled()) { log.debug("Salt used and invalidated: " + salt); @@ -86,6 +87,7 @@ public void doFilter(ServletRequest request, ServletResponse response, public void init(FilterConfig filterConfig) throws ServletException { String urls = WebloggerConfig.getProperty("salt.ignored.urls"); ignored = Set.of(StringUtils.stripAll(StringUtils.split(urls, ","))); + rollerSession = UIBeanFactory.getBean(RollerSession.class); } @Override diff --git a/app/src/main/java/org/apache/roller/weblogger/ui/struts2/ajax/CommentDataServlet.java b/app/src/main/java/org/apache/roller/weblogger/ui/struts2/ajax/CommentDataServlet.java index 59db62bd7f..7ef5a1527e 100644 --- a/app/src/main/java/org/apache/roller/weblogger/ui/struts2/ajax/CommentDataServlet.java +++ b/app/src/main/java/org/apache/roller/weblogger/ui/struts2/ajax/CommentDataServlet.java @@ -23,6 +23,9 @@ import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; + +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; import org.apache.commons.text.StringEscapeUtils; import org.apache.commons.text.WordUtils; import org.apache.roller.weblogger.business.Weblogger; @@ -32,6 +35,7 @@ import org.apache.roller.weblogger.pojos.WeblogEntryComment; import org.apache.roller.weblogger.pojos.WeblogPermission; import org.apache.roller.weblogger.ui.core.RollerSession; +import org.apache.roller.weblogger.ui.struts2.util.UIBeanFactory; import org.apache.roller.weblogger.util.Utilities; @@ -40,7 +44,12 @@ */ public class CommentDataServlet extends HttpServlet { - public void checkAuth(HttpServletRequest request, Weblog weblog) { + private static final Log log = LogFactory.getLog(CommentDataServlet.class); + private RollerSession rollerSession; + + @Override + public void init() throws ServletException { + rollerSession = UIBeanFactory.getBean(RollerSession.class); } /** @@ -62,9 +71,8 @@ public void doGet(HttpServletRequest request, response.setStatus(HttpServletResponse.SC_NOT_FOUND); } else { // need post permission to view comments - RollerSession rses = RollerSession.getRollerSession(request); Weblog weblog = c.getWeblogEntry().getWebsite(); - if (weblog.hasUserPermission(rses.getAuthenticatedUser(), WeblogPermission.POST)) { + if (weblog.hasUserPermission(rollerSession.getAuthenticatedUser(), WeblogPermission.POST)) { String content = Utilities.escapeHTML(c.getContent()); content = StringEscapeUtils.escapeEcmaScript(content); String json = "{ id: \"" + c.getId() + "\"," + "content: \"" + content + "\" }"; @@ -101,9 +109,8 @@ public void doPut(HttpServletRequest request, response.setStatus(HttpServletResponse.SC_NOT_FOUND); } else { // need post permission to edit comments - RollerSession rses = RollerSession.getRollerSession(request); Weblog weblog = c.getWeblogEntry().getWebsite(); - if (weblog.hasUserPermission(rses.getAuthenticatedUser(), WeblogPermission.POST)) { + if (weblog.hasUserPermission(rollerSession.getAuthenticatedUser(), WeblogPermission.POST)) { String content = Utilities.streamToString(request.getInputStream()); c.setContent(content); // don't update the posttime when updating the comment diff --git a/app/src/main/java/org/apache/roller/weblogger/ui/struts2/util/UIActionInterceptor.java b/app/src/main/java/org/apache/roller/weblogger/ui/struts2/util/UIActionInterceptor.java index 08b65f4bbc..d63f2ad084 100644 --- a/app/src/main/java/org/apache/roller/weblogger/ui/struts2/util/UIActionInterceptor.java +++ b/app/src/main/java/org/apache/roller/weblogger/ui/struts2/util/UIActionInterceptor.java @@ -18,6 +18,7 @@ package org.apache.roller.weblogger.ui.struts2.util; +import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; import org.apache.commons.lang3.StringUtils; @@ -40,6 +41,17 @@ public class UIActionInterceptor extends MethodFilterInterceptor implements private static final long serialVersionUID = -6452966127207525616L; private static Log log = LogFactory.getLog(UIActionInterceptor.class); + private RollerSession rollerSession; + + @Override + public void init() { + try { + rollerSession = UIBeanFactory.getBean(RollerSession.class); + } catch (ServletException e) { + log.error("Failed to initialize UIActionInterceptor", e); + throw new RuntimeException("Failed to initialize UIActionInterceptor", e); + } + } @Override public String doIntercept(ActionInvocation invocation) throws Exception { @@ -63,10 +75,8 @@ public String doIntercept(ActionInvocation invocation) throws Exception { UIAction theAction = (UIAction) action; - // extract the authenticated user and set it - RollerSession rses = RollerSession.getRollerSession(request); - if (rses != null) { - theAction.setAuthenticatedUser(rses.getAuthenticatedUser()); + if (rollerSession != null) { + theAction.setAuthenticatedUser(rollerSession.getAuthenticatedUser()); } // extract the work weblog and set it @@ -88,5 +98,4 @@ public String doIntercept(ActionInvocation invocation) throws Exception { return invocation.invoke(); } - } diff --git a/app/src/main/resources/struts.xml b/app/src/main/resources/struts.xml index cc94ba6588..2d6bf0a8a6 100644 --- a/app/src/main/resources/struts.xml +++ b/app/src/main/resources/struts.xml @@ -21,6 +21,8 @@ "http://struts.apache.org/dtds/struts-2.5.dtd"> + + diff --git a/app/src/main/webapp/roller-ui/login-redirect.jsp b/app/src/main/webapp/roller-ui/login-redirect.jsp index 76b2ab6a5d..6a0f4fcb1c 100644 --- a/app/src/main/webapp/roller-ui/login-redirect.jsp +++ b/app/src/main/webapp/roller-ui/login-redirect.jsp @@ -18,11 +18,26 @@ <%@ page language="java" contentType="text/html; charset=UTF-8" %> <%@ page import="org.apache.roller.weblogger.business.*" %> <%@ page import="org.apache.roller.weblogger.pojos.*" %> +<%@ page import="org.apache.roller.weblogger.ui.struts2.util.UIBeanFactory" %> <%@ page import="org.apache.roller.weblogger.ui.core.RollerSession" %> <%@ page import="java.util.List" %> +<%@ page import="org.apache.roller.weblogger.WebloggerException" %> +<%@ page import="java.util.Collections" %> +<%@ page import="org.apache.commons.logging.Log" %> +<%@ page import="org.apache.commons.logging.LogFactory" %> + <% -User user = RollerSession.getRollerSession(request).getAuthenticatedUser(); -List weblogs = WebloggerFactory.getWeblogger().getWeblogManager().getUserWeblogs(user, true); +Log log = LogFactory.getLog("login-redirect.jsp"); +RollerSession rollerSession = UIBeanFactory.getBean(RollerSession.class); +User user = rollerSession.getAuthenticatedUser(); + +List weblogs; +try { + weblogs = WebloggerFactory.getWeblogger().getWeblogManager().getUserWeblogs(user, true); +} catch (WebloggerException e) { + log.error("Error getting user weblogs for user: " + user.getUserName(), e); + weblogs = Collections.emptyList(); +} if (user == null) { response.sendRedirect(request.getContextPath()+"/roller-ui/register.rol"); diff --git a/app/src/test/java/org/apache/roller/weblogger/ui/core/filters/LoadSaltFilterTest.java b/app/src/test/java/org/apache/roller/weblogger/ui/core/filters/LoadSaltFilterTest.java index 5ace927a27..6501e72b3b 100644 --- a/app/src/test/java/org/apache/roller/weblogger/ui/core/filters/LoadSaltFilterTest.java +++ b/app/src/test/java/org/apache/roller/weblogger/ui/core/filters/LoadSaltFilterTest.java @@ -3,6 +3,7 @@ import org.apache.roller.weblogger.pojos.User; import org.apache.roller.weblogger.ui.core.RollerSession; import org.apache.roller.weblogger.ui.rendering.util.cache.SaltCache; +import org.apache.roller.weblogger.ui.struts2.util.UIBeanFactory; import org.junit.jupiter.api.BeforeEach; import org.junit.jupiter.api.Test; import org.mockito.Mock; @@ -42,10 +43,10 @@ public void setUp() { @Test public void testDoFilterGeneratesSalt() throws Exception { - try (MockedStatic mockedRollerSession = mockStatic(RollerSession.class); + try (MockedStatic mockedUIBeanFactory = mockStatic(UIBeanFactory.class); MockedStatic mockedSaltCache = mockStatic(SaltCache.class)) { - mockedRollerSession.when(() -> RollerSession.getRollerSession(request)).thenReturn(rollerSession); + mockedUIBeanFactory.when(() -> UIBeanFactory.getBean(RollerSession.class)).thenReturn(rollerSession); mockedSaltCache.when(SaltCache::getInstance).thenReturn(saltCache); when(rollerSession.getAuthenticatedUser()).thenReturn(new TestUser("userId")); @@ -57,13 +58,12 @@ public void testDoFilterGeneratesSalt() throws Exception { verify(chain).doFilter(request, response); } } - @Test public void testDoFilterWithNullRollerSession() throws Exception { - try (MockedStatic mockedRollerSession = mockStatic(RollerSession.class); + try (MockedStatic mockedUIBeanFactory = mockStatic(UIBeanFactory.class); MockedStatic mockedSaltCache = mockStatic(SaltCache.class)) { - mockedRollerSession.when(() -> RollerSession.getRollerSession(request)).thenReturn(null); + mockedUIBeanFactory.when(() -> UIBeanFactory.getBean(RollerSession.class)).thenReturn(null); mockedSaltCache.when(SaltCache::getInstance).thenReturn(saltCache); filter.doFilter(request, response, chain); diff --git a/app/src/test/java/org/apache/roller/weblogger/ui/core/filters/ValidateSaltFilterTest.java b/app/src/test/java/org/apache/roller/weblogger/ui/core/filters/ValidateSaltFilterTest.java index ab866d080a..f1218f7250 100644 --- a/app/src/test/java/org/apache/roller/weblogger/ui/core/filters/ValidateSaltFilterTest.java +++ b/app/src/test/java/org/apache/roller/weblogger/ui/core/filters/ValidateSaltFilterTest.java @@ -4,6 +4,7 @@ import org.apache.roller.weblogger.pojos.User; import org.apache.roller.weblogger.ui.core.RollerSession; import org.apache.roller.weblogger.ui.rendering.util.cache.SaltCache; +import org.apache.roller.weblogger.ui.struts2.util.UIBeanFactory; import org.junit.jupiter.api.BeforeEach; import org.junit.jupiter.api.Test; import org.mockito.Mock; @@ -39,9 +40,13 @@ public class ValidateSaltFilterTest { private SaltCache saltCache; @BeforeEach - public void setUp() { + public void setUp() throws ServletException { MockitoAnnotations.openMocks(this); filter = new ValidateSaltFilter(); + try (MockedStatic mockedUIBeanFactory = mockStatic(UIBeanFactory.class)) { + mockedUIBeanFactory.when(() -> UIBeanFactory.getBean(RollerSession.class)).thenReturn(rollerSession); + filter.init(mock(FilterConfig.class)); + } } @Test @@ -57,10 +62,7 @@ public void testDoFilterWithGetMethod() throws Exception { @Test public void testDoFilterWithPostMethodAndValidSalt() throws Exception { - try (MockedStatic mockedRollerSession = mockStatic(RollerSession.class); - MockedStatic mockedSaltCache = mockStatic(SaltCache.class)) { - - mockedRollerSession.when(() -> RollerSession.getRollerSession(request)).thenReturn(rollerSession); + try (MockedStatic mockedSaltCache = mockStatic(SaltCache.class)) { mockedSaltCache.when(SaltCache::getInstance).thenReturn(saltCache); when(request.getMethod()).thenReturn("POST"); @@ -79,10 +81,7 @@ public void testDoFilterWithPostMethodAndValidSalt() throws Exception { @Test public void testDoFilterWithPostMethodAndInvalidSalt() throws Exception { - try (MockedStatic mockedRollerSession = mockStatic(RollerSession.class); - MockedStatic mockedSaltCache = mockStatic(SaltCache.class)) { - - mockedRollerSession.when(() -> RollerSession.getRollerSession(request)).thenReturn(rollerSession); + try (MockedStatic mockedSaltCache = mockStatic(SaltCache.class)) { mockedSaltCache.when(SaltCache::getInstance).thenReturn(saltCache); when(request.getMethod()).thenReturn("POST"); @@ -99,10 +98,7 @@ public void testDoFilterWithPostMethodAndInvalidSalt() throws Exception { @Test public void testDoFilterWithPostMethodAndMismatchedUserId() throws Exception { - try (MockedStatic mockedRollerSession = mockStatic(RollerSession.class); - MockedStatic mockedSaltCache = mockStatic(SaltCache.class)) { - - mockedRollerSession.when(() -> RollerSession.getRollerSession(request)).thenReturn(rollerSession); + try (MockedStatic mockedSaltCache = mockStatic(SaltCache.class)) { mockedSaltCache.when(SaltCache::getInstance).thenReturn(saltCache); when(request.getMethod()).thenReturn("POST"); @@ -120,10 +116,7 @@ public void testDoFilterWithPostMethodAndMismatchedUserId() throws Exception { @Test public void testDoFilterWithPostMethodAndNullRollerSession() throws Exception { - try (MockedStatic mockedRollerSession = mockStatic(RollerSession.class); - MockedStatic mockedSaltCache = mockStatic(SaltCache.class)) { - - mockedRollerSession.when(() -> RollerSession.getRollerSession(request)).thenReturn(null); + try (MockedStatic mockedSaltCache = mockStatic(SaltCache.class)) { mockedSaltCache.when(SaltCache::getInstance).thenReturn(saltCache); when(request.getMethod()).thenReturn("POST"); @@ -140,12 +133,7 @@ public void testDoFilterWithPostMethodAndNullRollerSession() throws Exception { @Test public void testDoFilterWithIgnoredURL() throws Exception { - try (MockedStatic mockedRollerSession = mockStatic(RollerSession.class); - MockedStatic mockedSaltCache = mockStatic(SaltCache.class); - MockedStatic mockedWebloggerConfig = mockStatic(WebloggerConfig.class)) { - - mockedRollerSession.when(() -> RollerSession.getRollerSession(request)).thenReturn(rollerSession); - mockedSaltCache.when(SaltCache::getInstance).thenReturn(saltCache); + try (MockedStatic mockedWebloggerConfig = mockStatic(WebloggerConfig.class)) { mockedWebloggerConfig.when(() -> WebloggerConfig.getProperty("salt.ignored.urls")) .thenReturn("https://example.com/app/ignoredurl?param1=value1&m2=value2"); @@ -153,7 +141,7 @@ public void testDoFilterWithIgnoredURL() throws Exception { StringBuffer requestURL = new StringBuffer("https://example.com/app/ignoredurl"); when(request.getRequestURL()).thenReturn(requestURL); when(request.getQueryString()).thenReturn("param1=value1&m2=value2"); - when(request.getParameter("salt")).thenReturn(null); // No salt provided + when(request.getParameter("salt")).thenReturn(null); filter.init(mock(FilterConfig.class)); filter.doFilter(request, response, chain); @@ -176,4 +164,4 @@ public String getId() { return id; } } -} +} \ No newline at end of file From d763c5f3713b889f67f422e7dcf04624427b01b7 Mon Sep 17 00:00:00 2001 From: "David M. Johnson" Date: Mon, 20 Jan 2025 09:53:50 -0500 Subject: [PATCH 03/11] Use injection for RollerSessionManager. --- .../ui/struts2/util/UIBeanFactory.java | 42 +++++++++++++++++ .../struts2/util/UICustomObjectFactory.java | 46 +++++++++++++++++++ 2 files changed, 88 insertions(+) create mode 100644 app/src/main/java/org/apache/roller/weblogger/ui/struts2/util/UIBeanFactory.java create mode 100644 app/src/main/java/org/apache/roller/weblogger/ui/struts2/util/UICustomObjectFactory.java diff --git a/app/src/main/java/org/apache/roller/weblogger/ui/struts2/util/UIBeanFactory.java b/app/src/main/java/org/apache/roller/weblogger/ui/struts2/util/UIBeanFactory.java new file mode 100644 index 0000000000..efbe6cf7dc --- /dev/null +++ b/app/src/main/java/org/apache/roller/weblogger/ui/struts2/util/UIBeanFactory.java @@ -0,0 +1,42 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. The ASF licenses this file to You + * under the Apache License, Version 2.0 (the "License"); you may not + * use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. For additional information regarding + * copyright in this work, please see the NOTICE file in the top level + * directory of this distribution. + */ + +package org.apache.roller.weblogger.ui.struts2.util; + +import com.opensymphony.xwork2.ObjectFactory; +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; +import org.apache.struts2.ServletActionContext; + +import javax.servlet.ServletException; + +public class UIBeanFactory { + private static final Log log = LogFactory.getLog(UIBeanFactory.class); + + public static T getBean(Class beanClass) throws ServletException { + try { + ObjectFactory objectFactory = ServletActionContext.getContext() + .getContainer() + .getInstance(ObjectFactory.class); + return (T) objectFactory.buildBean(beanClass, null); + } catch (Exception e) { + log.error("Failed to create bean of type " + beanClass.getName(), e); + throw new ServletException("Failed to create bean of type " + beanClass.getName(), e); + } + } +} \ No newline at end of file diff --git a/app/src/main/java/org/apache/roller/weblogger/ui/struts2/util/UICustomObjectFactory.java b/app/src/main/java/org/apache/roller/weblogger/ui/struts2/util/UICustomObjectFactory.java new file mode 100644 index 0000000000..029373d9d8 --- /dev/null +++ b/app/src/main/java/org/apache/roller/weblogger/ui/struts2/util/UICustomObjectFactory.java @@ -0,0 +1,46 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. The ASF licenses this file to You + * under the Apache License, Version 2.0 (the "License"); you may not + * use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. For additional information regarding + * copyright in this work, please see the NOTICE file in the top level + * directory of this distribution. + */ + +package org.apache.roller.weblogger.ui.struts2.util; + +import org.apache.roller.weblogger.ui.core.RollerSession; + +import com.opensymphony.xwork2.ObjectFactory; +import org.apache.roller.weblogger.ui.core.RollerSessionManager; + +import java.util.Map; + +public class UICustomObjectFactory extends ObjectFactory { + + @Override + public Class getClassInstance(String className) throws ClassNotFoundException { + if (className.equals(RollerSession.class.getName())) { + // Inject our session manager + return RollerSession.class; + } + return super.getClassInstance(className); + } + + @Override + public Object buildBean(Class clazz, Map extraContext) throws Exception { + if (clazz == RollerSession.class) { + return new RollerSession(new RollerSessionManager()); + } + return super.buildBean(clazz, extraContext); + } +} \ No newline at end of file From 9a755692316c1336bd8d221ee7085ed855b301be Mon Sep 17 00:00:00 2001 From: "David M. Johnson" Date: Mon, 20 Jan 2025 10:01:45 -0500 Subject: [PATCH 04/11] Use injection for RollerSessionManager. --- .../roller/weblogger/ui/struts2/admin/UserEdit.java | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/app/src/main/java/org/apache/roller/weblogger/ui/struts2/admin/UserEdit.java b/app/src/main/java/org/apache/roller/weblogger/ui/struts2/admin/UserEdit.java index e8aea67037..99f28dd668 100644 --- a/app/src/main/java/org/apache/roller/weblogger/ui/struts2/admin/UserEdit.java +++ b/app/src/main/java/org/apache/roller/weblogger/ui/struts2/admin/UserEdit.java @@ -41,6 +41,9 @@ import org.apache.roller.weblogger.ui.struts2.core.Register; import org.apache.roller.weblogger.ui.struts2.util.UIAction; import org.apache.struts2.interceptor.validation.SkipValidation; +import org.apache.roller.weblogger.ui.struts2.util.UIBeanFactory; + +import javax.servlet.ServletException; /** @@ -59,8 +62,16 @@ public class UserEdit extends UIAction { private AuthMethod authMethod = WebloggerConfig.getAuthMethod(); + private RollerSessionManager sessionManager; + public UserEdit() { this.desiredMenu = "admin"; + try { + sessionManager = UIBeanFactory.getBean(RollerSessionManager.class); + } catch (ServletException e) { + log.error("Failed to get RollerSessionManager", e); + throw new RuntimeException("Failed to get RollerSessionManager", e); + } } @Override @@ -169,14 +180,12 @@ public String save() { // invalidate user's session if it's not user executing this action if (!getAuthenticatedUser().getUserName().equals(user.getUserName())) { - RollerSessionManager sessionManager = RollerSessionManager.getInstance(); sessionManager.invalidate(user.getUserName()); } } // if user is disabled and not the same as the user executing this action, then invalidate their session if (!user.getEnabled() && !getAuthenticatedUser().getUserName().equals(user.getUserName())) { - RollerSessionManager sessionManager = RollerSessionManager.getInstance(); sessionManager.invalidate(user.getUserName()); } From 5e5835b51e874151fae85392b44e617e5d99dfa6 Mon Sep 17 00:00:00 2001 From: "David M. Johnson" Date: Mon, 20 Jan 2025 10:10:21 -0500 Subject: [PATCH 05/11] Test fixes. --- .../ui/core/filters/LoadSaltFilterTest.java | 35 ++++++++++--------- .../core/filters/ValidateSaltFilterTest.java | 14 ++++++-- 2 files changed, 29 insertions(+), 20 deletions(-) diff --git a/app/src/test/java/org/apache/roller/weblogger/ui/core/filters/LoadSaltFilterTest.java b/app/src/test/java/org/apache/roller/weblogger/ui/core/filters/LoadSaltFilterTest.java index 6501e72b3b..10079a82be 100644 --- a/app/src/test/java/org/apache/roller/weblogger/ui/core/filters/LoadSaltFilterTest.java +++ b/app/src/test/java/org/apache/roller/weblogger/ui/core/filters/LoadSaltFilterTest.java @@ -11,6 +11,8 @@ import org.mockito.MockitoAnnotations; import javax.servlet.FilterChain; +import javax.servlet.FilterConfig; +import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -36,40 +38,39 @@ public class LoadSaltFilterTest { private SaltCache saltCache; @BeforeEach - public void setUp() { - MockitoAnnotations.initMocks(this); - filter = new LoadSaltFilter(); + public void setUp() throws ServletException { + MockitoAnnotations.openMocks(this); + + try (MockedStatic mockedFactory = mockStatic(UIBeanFactory.class)) { + mockedFactory.when(() -> UIBeanFactory.getBean(RollerSession.class)) + .thenReturn(rollerSession); + + filter = new LoadSaltFilter(); + filter.init(mock(FilterConfig.class)); + } } @Test public void testDoFilterGeneratesSalt() throws Exception { - try (MockedStatic mockedUIBeanFactory = mockStatic(UIBeanFactory.class); - MockedStatic mockedSaltCache = mockStatic(SaltCache.class)) { - - mockedUIBeanFactory.when(() -> UIBeanFactory.getBean(RollerSession.class)).thenReturn(rollerSession); + try (MockedStatic mockedSaltCache = mockStatic(SaltCache.class)) { mockedSaltCache.when(SaltCache::getInstance).thenReturn(saltCache); - when(rollerSession.getAuthenticatedUser()).thenReturn(new TestUser("userId")); - filter.doFilter(request, response, chain); - verify(request).setAttribute(eq("salt"), anyString()); - verify(saltCache).put(anyString(), eq("userId")); verify(chain).doFilter(request, response); } } + @Test public void testDoFilterWithNullRollerSession() throws Exception { - try (MockedStatic mockedUIBeanFactory = mockStatic(UIBeanFactory.class); - MockedStatic mockedSaltCache = mockStatic(SaltCache.class)) { - - mockedUIBeanFactory.when(() -> UIBeanFactory.getBean(RollerSession.class)).thenReturn(null); - mockedSaltCache.when(SaltCache::getInstance).thenReturn(saltCache); + try (MockedStatic mockedUIBeanFactory = mockStatic(UIBeanFactory.class)) { + mockedUIBeanFactory.when(() -> UIBeanFactory.getBean(RollerSession.class)) + .thenReturn(null); + filter.init(mock(FilterConfig.class)); filter.doFilter(request, response, chain); verify(request, never()).setAttribute(eq("salt"), anyString()); - verify(saltCache, never()).put(anyString(), anyString()); verify(chain).doFilter(request, response); } } diff --git a/app/src/test/java/org/apache/roller/weblogger/ui/core/filters/ValidateSaltFilterTest.java b/app/src/test/java/org/apache/roller/weblogger/ui/core/filters/ValidateSaltFilterTest.java index f1218f7250..d8c04871b2 100644 --- a/app/src/test/java/org/apache/roller/weblogger/ui/core/filters/ValidateSaltFilterTest.java +++ b/app/src/test/java/org/apache/roller/weblogger/ui/core/filters/ValidateSaltFilterTest.java @@ -116,8 +116,11 @@ public void testDoFilterWithPostMethodAndMismatchedUserId() throws Exception { @Test public void testDoFilterWithPostMethodAndNullRollerSession() throws Exception { - try (MockedStatic mockedSaltCache = mockStatic(SaltCache.class)) { + try (MockedStatic mockedSaltCache = mockStatic(SaltCache.class); + MockedStatic mockedUIBeanFactory = mockStatic(UIBeanFactory.class)) { + mockedSaltCache.when(SaltCache::getInstance).thenReturn(saltCache); + mockedUIBeanFactory.when(() -> UIBeanFactory.getBean(RollerSession.class)).thenReturn(null); when(request.getMethod()).thenReturn("POST"); when(request.getParameter("salt")).thenReturn("validSalt"); @@ -125,17 +128,22 @@ public void testDoFilterWithPostMethodAndNullRollerSession() throws Exception { StringBuffer requestURL = new StringBuffer("https://example.com/app/ignoredurl"); when(request.getRequestURL()).thenReturn(requestURL); + filter.init(mock(FilterConfig.class)); filter.doFilter(request, response, chain); - verify(saltCache, never()).remove("validSalt"); + verify(chain).doFilter(request, response); + verify(saltCache, never()).remove(anyString()); } } @Test public void testDoFilterWithIgnoredURL() throws Exception { - try (MockedStatic mockedWebloggerConfig = mockStatic(WebloggerConfig.class)) { + try (MockedStatic mockedWebloggerConfig = mockStatic(WebloggerConfig.class); + MockedStatic mockedUIBeanFactory = mockStatic(UIBeanFactory.class)) { + mockedWebloggerConfig.when(() -> WebloggerConfig.getProperty("salt.ignored.urls")) .thenReturn("https://example.com/app/ignoredurl?param1=value1&m2=value2"); + mockedUIBeanFactory.when(() -> UIBeanFactory.getBean(RollerSession.class)).thenReturn(rollerSession); when(request.getMethod()).thenReturn("POST"); StringBuffer requestURL = new StringBuffer("https://example.com/app/ignoredurl"); From b5b4d2887154e90101cfeef19431bea180aeb8e4 Mon Sep 17 00:00:00 2001 From: "David M. Johnson" Date: Mon, 20 Jan 2025 10:28:18 -0500 Subject: [PATCH 06/11] Session manager test and fix for problem it revealed. --- .../ui/core/RollerSessionManager.java | 6 +- .../ui/core/RollerSessionManagerTest.java | 124 ++++++++++++++++++ 2 files changed, 128 insertions(+), 2 deletions(-) create mode 100644 app/src/test/java/org/apache/roller/weblogger/ui/core/RollerSessionManagerTest.java diff --git a/app/src/main/java/org/apache/roller/weblogger/ui/core/RollerSessionManager.java b/app/src/main/java/org/apache/roller/weblogger/ui/core/RollerSessionManager.java index 1866a1744c..bcbc45d6f2 100644 --- a/app/src/main/java/org/apache/roller/weblogger/ui/core/RollerSessionManager.java +++ b/app/src/main/java/org/apache/roller/weblogger/ui/core/RollerSessionManager.java @@ -28,14 +28,16 @@ import java.util.HashMap; import java.util.Map; + public class RollerSessionManager implements SessionManager { private static final Log log = LogFactory.getLog(RollerSessionManager.class); private static final String CACHE_ID = "roller.session.cache"; private final Cache sessionCache; - private class SessionCacheHandler extends CacheHandlerAdapter { - public void invalidateUser(User user) { + public class SessionCacheHandler extends CacheHandlerAdapter { + @Override + public void invalidate(User user) { if (user != null && user.getUserName() != null) { sessionCache.remove(user.getUserName()); } diff --git a/app/src/test/java/org/apache/roller/weblogger/ui/core/RollerSessionManagerTest.java b/app/src/test/java/org/apache/roller/weblogger/ui/core/RollerSessionManagerTest.java new file mode 100644 index 0000000000..769ff33b50 --- /dev/null +++ b/app/src/test/java/org/apache/roller/weblogger/ui/core/RollerSessionManagerTest.java @@ -0,0 +1,124 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. The ASF licenses this file to You + * under the Apache License, Version 2.0 (the "License"); you may not + * use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. For additional information regarding + * copyright in this work, please see the NOTICE file in the top level + * directory of this distribution. + */ + +package org.apache.roller.weblogger.ui.core; + +import org.apache.roller.weblogger.pojos.User; +import org.apache.roller.weblogger.pojos.WeblogEntry; +import org.apache.roller.weblogger.util.cache.Cache; +import org.apache.roller.weblogger.util.cache.CacheManager; +import org.junit.jupiter.api.BeforeEach; +import org.junit.jupiter.api.Test; +import org.mockito.Mock; +import org.mockito.MockedStatic; +import org.mockito.MockitoAnnotations; + +import static org.junit.jupiter.api.Assertions.*; +import static org.mockito.Mockito.*; + +class RollerSessionManagerTest { + + private RollerSessionManager sessionManager; + + @Mock + private Cache mockCache; + + @Mock + private RollerSession mockSession; + + @Mock + private User mockUser; + + @BeforeEach + void setUp() { + MockitoAnnotations.openMocks(this); + try (MockedStatic mockedCacheManager = mockStatic(CacheManager.class)) { + mockedCacheManager.when(() -> CacheManager.constructCache(isNull(), any())).thenReturn(mockCache); + mockedCacheManager.when(() -> CacheManager.registerHandler(any())).then(invocation -> null); + sessionManager = new RollerSessionManager(); + } + } + + @Test + void testRegisterSession() { + String userName = "testUser"; + sessionManager.register(userName, mockSession); + verify(mockCache).put(userName, mockSession); + } + + @Test + void testCacheHandlerInvalidateUser() { + String userName = "testUser"; + when(mockUser.getUserName()).thenReturn(userName); + + // Create handler directly from instance + RollerSessionManager.SessionCacheHandler handler = sessionManager.new SessionCacheHandler(); + handler.invalidate(mockUser); + + verify(mockCache).remove(userName); + } + + @Test + void testRegisterNullUserName() { + sessionManager.register(null, mockSession); + verify(mockCache, never()).put(any(), any()); + } + + @Test + void testRegisterNullSession() { + sessionManager.register("testUser", null); + verify(mockCache, never()).put(any(), any()); + } + + @Test + void testGetSession() { + String userName = "testUser"; + when(mockCache.get(userName)).thenReturn(mockSession); + + RollerSession result = sessionManager.get(userName); + assertEquals(mockSession, result); + verify(mockCache).get(userName); + } + + @Test + void testGetSessionNullUserName() { + RollerSession result = sessionManager.get(null); + assertNull(result); + verify(mockCache, never()).get(any()); + } + + @Test + void testInvalidateSession() { + String userName = "testUser"; + sessionManager.invalidate(userName); + verify(mockCache).remove(userName); + } + + @Test + void testInvalidateNullUserName() { + sessionManager.invalidate(null); + verify(mockCache, never()).remove(any()); + } + + @Test + void testCacheHandlerInvalidateUserWithNullUsername() { + when(mockUser.getUserName()).thenReturn(null); + sessionManager.new SessionCacheHandler().invalidate(mockUser); + verify(mockCache, never()).remove(any()); + } +} \ No newline at end of file From fe5dad85f2cf541738df580708106a9cb3c1df65 Mon Sep 17 00:00:00 2001 From: "David M. Johnson" Date: Mon, 20 Jan 2025 10:37:04 -0500 Subject: [PATCH 07/11] Logging improvements --- .../ui/core/RollerSessionManager.java | 51 ++++++++++++------- .../ui/struts2/util/UIBeanFactory.java | 9 +++- 2 files changed, 40 insertions(+), 20 deletions(-) diff --git a/app/src/main/java/org/apache/roller/weblogger/ui/core/RollerSessionManager.java b/app/src/main/java/org/apache/roller/weblogger/ui/core/RollerSessionManager.java index bcbc45d6f2..29703addc6 100644 --- a/app/src/main/java/org/apache/roller/weblogger/ui/core/RollerSessionManager.java +++ b/app/src/main/java/org/apache/roller/weblogger/ui/core/RollerSessionManager.java @@ -28,48 +28,63 @@ import java.util.HashMap; import java.util.Map; - public class RollerSessionManager implements SessionManager { private static final Log log = LogFactory.getLog(RollerSessionManager.class); private static final String CACHE_ID = "roller.session.cache"; private final Cache sessionCache; - public class SessionCacheHandler extends CacheHandlerAdapter { - @Override - public void invalidate(User user) { - if (user != null && user.getUserName() != null) { - sessionCache.remove(user.getUserName()); - } - } - } - public RollerSessionManager() { Map cacheProps = new HashMap<>(); cacheProps.put("id", CACHE_ID); this.sessionCache = CacheManager.constructCache(null, cacheProps); - SessionCacheHandler cacheHandler = new SessionCacheHandler(); - CacheManager.registerHandler(cacheHandler); + CacheManager.registerHandler(new SessionCacheHandler()); } public void register(String userName, RollerSession session) { if (userName != null && session != null) { - this.sessionCache.put(userName, session); - log.debug("Registered session for user: " + userName); + try { + this.sessionCache.put(userName, session); + log.debug("Registered session for user: " + userName); + } catch (Exception e) { + log.error("Failed to register session for user: " + userName, e); + } } } public RollerSession get(String userName) { if (userName != null) { - return (RollerSession) this.sessionCache.get(userName); + try { + return (RollerSession) this.sessionCache.get(userName); + } catch (Exception e) { + log.error("Failed to retrieve session for user: " + userName, e); + } } return null; } public void invalidate(String userName) { if (userName != null) { - this.sessionCache.remove(userName); - log.debug("Invalidated session for user: " + userName); + try { + this.sessionCache.remove(userName); + log.debug("Invalidated session for user: " + userName); + } catch (Exception e) { + log.error("Failed to invalidate session for user: " + userName, e); + } + } + } + + class SessionCacheHandler extends CacheHandlerAdapter { + @Override + public void invalidate(User user) { + if (user != null && user.getUserName() != null) { + try { + sessionCache.remove(user.getUserName()); + log.debug("Cache handler invalidated session for user: " + user.getUserName()); + } catch (Exception e) { + log.error("Cache handler failed to invalidate session for user: " + user.getUserName(), e); + } + } } } -} +} \ No newline at end of file diff --git a/app/src/main/java/org/apache/roller/weblogger/ui/struts2/util/UIBeanFactory.java b/app/src/main/java/org/apache/roller/weblogger/ui/struts2/util/UIBeanFactory.java index efbe6cf7dc..2adebbce58 100644 --- a/app/src/main/java/org/apache/roller/weblogger/ui/struts2/util/UIBeanFactory.java +++ b/app/src/main/java/org/apache/roller/weblogger/ui/struts2/util/UIBeanFactory.java @@ -34,9 +34,14 @@ public static T getBean(Class beanClass) throws ServletException { .getContainer() .getInstance(ObjectFactory.class); return (T) objectFactory.buildBean(beanClass, null); + } catch (NullPointerException e) { + String msg = "Struts context not initialized for bean type: " + beanClass.getName(); + log.error(msg, e); + throw new ServletException(msg, e); } catch (Exception e) { - log.error("Failed to create bean of type " + beanClass.getName(), e); - throw new ServletException("Failed to create bean of type " + beanClass.getName(), e); + String msg = String.format("Failed to create bean of type %s: %s", beanClass.getName(), e.getMessage()); + log.error(msg, e); + throw new ServletException(msg, e); } } } \ No newline at end of file From fff0cc0fecaa4dac8c3fb6d8204095ee3d9f9e7e Mon Sep 17 00:00:00 2001 From: "David M. Johnson" Date: Mon, 20 Jan 2025 11:08:49 -0500 Subject: [PATCH 08/11] Introduce Roller session listener. --- .../weblogger/ui/core/RollerSession.java | 156 +++++++++--------- .../ui/core/RollerSessionListener.java | 51 ++++++ app/src/main/webapp/WEB-INF/web.xml | 2 +- 3 files changed, 127 insertions(+), 82 deletions(-) create mode 100644 app/src/main/java/org/apache/roller/weblogger/ui/core/RollerSessionListener.java diff --git a/app/src/main/java/org/apache/roller/weblogger/ui/core/RollerSession.java b/app/src/main/java/org/apache/roller/weblogger/ui/core/RollerSession.java index a94797a81b..26c9aca971 100644 --- a/app/src/main/java/org/apache/roller/weblogger/ui/core/RollerSession.java +++ b/app/src/main/java/org/apache/roller/weblogger/ui/core/RollerSession.java @@ -18,31 +18,28 @@ package org.apache.roller.weblogger.ui.core; -import java.io.Serializable; -import java.security.Principal; - -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpSession; -import javax.servlet.http.HttpSessionActivationListener; -import javax.servlet.http.HttpSessionEvent; -import javax.servlet.http.HttpSessionListener; - import com.opensymphony.xwork2.inject.Inject; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.apache.roller.weblogger.WebloggerException; -import org.apache.roller.weblogger.config.WebloggerConfig; -import org.apache.roller.weblogger.business.WebloggerFactory; import org.apache.roller.weblogger.business.UserManager; +import org.apache.roller.weblogger.business.WebloggerFactory; +import org.apache.roller.weblogger.config.WebloggerConfig; import org.apache.roller.weblogger.pojos.User; import org.apache.roller.weblogger.ui.core.security.AutoProvision; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpSession; +import javax.servlet.http.HttpSessionActivationListener; +import javax.servlet.http.HttpSessionListener; +import java.io.Serializable; +import java.security.Principal; + /** * Roller session handles session startup and shutdown. */ -public class RollerSession - implements HttpSessionListener, HttpSessionActivationListener, Serializable { +public class RollerSession implements HttpSessionListener, HttpSessionActivationListener, Serializable { private static final long serialVersionUID = 5890132909166913727L; private static final Log log; @@ -58,7 +55,6 @@ public class RollerSession log = LogFactory.getLog(RollerSession.class); } - @Inject public RollerSession(SessionManager sessionManager) { this.sessionManager = sessionManager; @@ -68,66 +64,77 @@ public RollerSession(SessionManager sessionManager) { public RollerSession(SessionManager sessionManager, HttpServletRequest request) { this.sessionManager = sessionManager; + // No session exists yet, nothing to do HttpSession session = request.getSession(false); - if (session != null) { - RollerSession storedSession = (RollerSession)session.getAttribute(ROLLER_SESSION); - - if (storedSession == null) { - session.setAttribute(ROLLER_SESSION, this); - } else if (storedSession.getAuthenticatedUser() != null) { - if (sessionManager.get(storedSession.getAuthenticatedUser().getUserName()) == null) { - // override it with the new session - session.setAttribute(ROLLER_SESSION, this); - } + if (session == null) { + return; + } + + // Get or create roller session in HTTP session + RollerSession storedSession = (RollerSession)session.getAttribute(ROLLER_SESSION); + if (storedSession == null) { + session.setAttribute(ROLLER_SESSION, this); + } + // If stored session exists with authenticated user but not in cache, override it + else if (storedSession.getAuthenticatedUser() != null + && sessionManager.get(storedSession.getAuthenticatedUser().getUserName()) == null) { + session.setAttribute(ROLLER_SESSION, this); + } + + Principal principal = request.getUserPrincipal(); + + // Skip authentication if no principal, user already authenticated, or system not bootstrapped + if (getAuthenticatedUser() != null || principal == null || !WebloggerFactory.isBootstrapped()) { + return; + } + + try { + UserManager userManager = WebloggerFactory.getWeblogger().getUserManager(); + User user = authenticateUser(principal, userManager); + + // Try auto-provisioning if LDAP enabled and user not found + if (user == null && WebloggerConfig.getBooleanProperty("users.ldap.autoProvision.enabled")) { + user = attemptAutoProvision(request, principal, userManager); } - - Principal principal = request.getUserPrincipal(); - - // If we've got a principal but no user object, then attempt to get - // user object from user manager but *only* do this if we have been - // bootstrapped because under an SSO scenario we may have a - // principal even before we have been bootstrapped. - if (getAuthenticatedUser() == null && principal != null && WebloggerFactory.isBootstrapped()) { - try { - - UserManager umgr = WebloggerFactory.getWeblogger().getUserManager(); - User user = umgr.getUserByUserName(principal.getName()); - - // check for OpenID username (in the form of a URL) - if (user == null && principal.getName() != null && principal.getName().startsWith("http://")) { - String openidurl = principal.getName(); - if (openidurl.endsWith("/")) { - openidurl = openidurl.substring(0, openidurl.length() - 1); - } - user = umgr.getUserByOpenIdUrl(openidurl); - } - - // try one time to auto-provision, only happens if user==null - // which means installation has LDAP enabled in security.xml - if (user == null && WebloggerConfig.getBooleanProperty("users.ldap.autoProvision.enabled")) { - - // provisioning enabled, get provisioner and execute - AutoProvision provisioner = RollerContext.getAutoProvision(); - if(provisioner != null) { - boolean userProvisioned = provisioner.execute(request); - if (userProvisioned) { - // try lookup again real quick - user = umgr.getUserByUserName(principal.getName()); - } - } - } - // only set authenticated user if user is enabled - if (user != null && user.getEnabled()) { - setAuthenticatedUser(user); - } - - } catch (WebloggerException e) { - log.error("ERROR: getting user object",e); - } + + // Set authenticated user if found and enabled + if (user != null && user.getEnabled()) { + setAuthenticatedUser(user); } + } catch (WebloggerException e) { + log.error("Error authenticating user", e); } } + /** + * Attempts to authenticate user via username or OpenID URL + */ + private User authenticateUser(Principal principal, UserManager userManager) throws WebloggerException { + // Try regular username first + User user = userManager.getUserByUserName(principal.getName()); + + // If not found, try OpenID URL + if (user == null && principal.getName() != null && principal.getName().startsWith("http://")) { + String openidUrl = principal.getName(); + if (openidUrl.endsWith("/")) { + openidUrl = openidUrl.substring(0, openidUrl.length() - 1); + } + user = userManager.getUserByOpenIdUrl(openidUrl); + } + return user; + } + + /** + * Attempts to auto-provision user via LDAP if enabled + */ + private User attemptAutoProvision(HttpServletRequest request, Principal principal, + UserManager userManager) throws WebloggerException { + AutoProvision provisioner = RollerContext.getAutoProvision(); + if (provisioner != null && provisioner.execute(request)) { + return userManager.getUserByUserName(principal.getName()); + } + return null; + } /** * Authenticated user associated with this session. */ @@ -153,17 +160,4 @@ public void setAuthenticatedUser(User authenticatedUser) { this.userName = authenticatedUser.getUserName(); sessionManager.register(authenticatedUser.getUserName(), this); } - - private void clearSession(HttpSessionEvent se) { - HttpSession session = se.getSession(); - try { - session.removeAttribute(ROLLER_SESSION); - } catch (Exception e) { - if (log.isDebugEnabled()) { - // ignore purge exceptions - log.debug("EXCEPTION PURGING session attributes",e); - } - } - } - } diff --git a/app/src/main/java/org/apache/roller/weblogger/ui/core/RollerSessionListener.java b/app/src/main/java/org/apache/roller/weblogger/ui/core/RollerSessionListener.java new file mode 100644 index 0000000000..f0e3ea754a --- /dev/null +++ b/app/src/main/java/org/apache/roller/weblogger/ui/core/RollerSessionListener.java @@ -0,0 +1,51 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. The ASF licenses this file to You + * under the Apache License, Version 2.0 (the "License"); you may not + * use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. For additional information regarding + * copyright in this work, please see the NOTICE file in the top level + * directory of this distribution. + */ + +package org.apache.roller.weblogger.ui.core; + +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; + +import javax.servlet.http.HttpSession; +import javax.servlet.http.HttpSessionActivationListener; +import javax.servlet.http.HttpSessionEvent; +import javax.servlet.http.HttpSessionListener; + + +public class RollerSessionListener implements HttpSessionListener, HttpSessionActivationListener { + private static final Log log = LogFactory.getLog(RollerSessionListener.class); + + @Override + public void sessionDestroyed(HttpSessionEvent se) { + clearSession(se); + } + + @Override + public void sessionWillPassivate(HttpSessionEvent se) { + clearSession(se); + } + + private void clearSession(HttpSessionEvent se) { + HttpSession session = se.getSession(); + try { + session.removeAttribute(RollerSession.ROLLER_SESSION); + } catch (Exception e) { + log.debug("Exception purging session attributes", e); + } + } +} \ No newline at end of file diff --git a/app/src/main/webapp/WEB-INF/web.xml b/app/src/main/webapp/WEB-INF/web.xml index 0418832da1..e75cb68693 100644 --- a/app/src/main/webapp/WEB-INF/web.xml +++ b/app/src/main/webapp/WEB-INF/web.xml @@ -174,7 +174,7 @@ - org.apache.roller.weblogger.ui.core.RollerSession + org.apache.roller.weblogger.ui.core.RollerSessionListener From 00f07f1ed7651b72a16d22aabd5b647aeb92c493 Mon Sep 17 00:00:00 2001 From: "David M. Johnson" Date: Mon, 20 Jan 2025 12:53:36 -0500 Subject: [PATCH 09/11] Working out problems in DI. --- .../weblogger/ui/core/RollerSession.java | 8 +-- .../ui/core/RollerSessionManager.java | 2 + .../ui/core/filters/LoadSaltFilter.java | 6 +- .../ui/core/filters/ValidateSaltFilter.java | 4 +- .../weblogger/ui/struts2/admin/UserEdit.java | 28 +++++++--- .../ui/struts2/ajax/CommentDataServlet.java | 14 ++--- .../ui/struts2/util/UIActionInterceptor.java | 30 +++++----- .../ui/struts2/util/UIBeanFactory.java | 56 ++++++++++--------- .../struts2/util/UICustomObjectFactory.java | 29 ++++------ app/src/main/resources/struts.xml | 2 +- .../main/webapp/roller-ui/login-redirect.jsp | 2 +- 11 files changed, 92 insertions(+), 89 deletions(-) diff --git a/app/src/main/java/org/apache/roller/weblogger/ui/core/RollerSession.java b/app/src/main/java/org/apache/roller/weblogger/ui/core/RollerSession.java index 26c9aca971..cb909a7390 100644 --- a/app/src/main/java/org/apache/roller/weblogger/ui/core/RollerSession.java +++ b/app/src/main/java/org/apache/roller/weblogger/ui/core/RollerSession.java @@ -46,7 +46,8 @@ public class RollerSession implements HttpSessionListener, HttpSessionActivation // the id of the user represented by this session private String userName = null; - private final SessionManager sessionManager; + + private SessionManager sessionManager; public static final String ROLLER_SESSION = "org.apache.roller.weblogger.rollersession"; @@ -55,11 +56,6 @@ public class RollerSession implements HttpSessionListener, HttpSessionActivation log = LogFactory.getLog(RollerSession.class); } - @Inject - public RollerSession(SessionManager sessionManager) { - this.sessionManager = sessionManager; - } - @Inject public RollerSession(SessionManager sessionManager, HttpServletRequest request) { this.sessionManager = sessionManager; diff --git a/app/src/main/java/org/apache/roller/weblogger/ui/core/RollerSessionManager.java b/app/src/main/java/org/apache/roller/weblogger/ui/core/RollerSessionManager.java index 29703addc6..4f269da909 100644 --- a/app/src/main/java/org/apache/roller/weblogger/ui/core/RollerSessionManager.java +++ b/app/src/main/java/org/apache/roller/weblogger/ui/core/RollerSessionManager.java @@ -37,6 +37,8 @@ public class RollerSessionManager implements SessionManager { public RollerSessionManager() { Map cacheProps = new HashMap<>(); cacheProps.put("id", CACHE_ID); + cacheProps.put("size", "1000"); // Default cache size + cacheProps.put("timeout", "3600"); // Default timeout in seconds this.sessionCache = CacheManager.constructCache(null, cacheProps); CacheManager.registerHandler(new SessionCacheHandler()); } diff --git a/app/src/main/java/org/apache/roller/weblogger/ui/core/filters/LoadSaltFilter.java b/app/src/main/java/org/apache/roller/weblogger/ui/core/filters/LoadSaltFilter.java index fa161d82c4..4ab2696bec 100644 --- a/app/src/main/java/org/apache/roller/weblogger/ui/core/filters/LoadSaltFilter.java +++ b/app/src/main/java/org/apache/roller/weblogger/ui/core/filters/LoadSaltFilter.java @@ -32,18 +32,16 @@ public class LoadSaltFilter implements Filter { private static final Log log = LogFactory.getLog(LoadSaltFilter.class); - private RollerSession rollerSession; @Override - public void init(FilterConfig filterConfig) throws ServletException { - rollerSession = UIBeanFactory.getBean(RollerSession.class); - } + public void init(FilterConfig filterConfig) throws ServletException {} @Override public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { HttpServletRequest httpReq = (HttpServletRequest) request; + RollerSession rollerSession = UIBeanFactory.getBean(RollerSession.class, httpReq); if (rollerSession != null) { String userId = rollerSession.getAuthenticatedUser() != null ? diff --git a/app/src/main/java/org/apache/roller/weblogger/ui/core/filters/ValidateSaltFilter.java b/app/src/main/java/org/apache/roller/weblogger/ui/core/filters/ValidateSaltFilter.java index 7b54d2bd0e..19250e0618 100644 --- a/app/src/main/java/org/apache/roller/weblogger/ui/core/filters/ValidateSaltFilter.java +++ b/app/src/main/java/org/apache/roller/weblogger/ui/core/filters/ValidateSaltFilter.java @@ -46,12 +46,13 @@ public class ValidateSaltFilter implements Filter { private static final Log log = LogFactory.getLog(ValidateSaltFilter.class); private Set ignored = Collections.emptySet(); - private RollerSession rollerSession; @Override public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { + HttpServletRequest httpReq = (HttpServletRequest) request; + RollerSession rollerSession = UIBeanFactory.getBean(RollerSession.class, httpReq); String requestURL = httpReq.getRequestURL().toString(); String queryString = httpReq.getQueryString(); @@ -87,7 +88,6 @@ public void doFilter(ServletRequest request, ServletResponse response, public void init(FilterConfig filterConfig) throws ServletException { String urls = WebloggerConfig.getProperty("salt.ignored.urls"); ignored = Set.of(StringUtils.stripAll(StringUtils.split(urls, ","))); - rollerSession = UIBeanFactory.getBean(RollerSession.class); } @Override diff --git a/app/src/main/java/org/apache/roller/weblogger/ui/struts2/admin/UserEdit.java b/app/src/main/java/org/apache/roller/weblogger/ui/struts2/admin/UserEdit.java index 99f28dd668..a1b506815d 100644 --- a/app/src/main/java/org/apache/roller/weblogger/ui/struts2/admin/UserEdit.java +++ b/app/src/main/java/org/apache/roller/weblogger/ui/struts2/admin/UserEdit.java @@ -37,20 +37,24 @@ import org.apache.roller.weblogger.pojos.GlobalPermission; import org.apache.roller.weblogger.pojos.User; import org.apache.roller.weblogger.pojos.WeblogPermission; +import org.apache.roller.weblogger.ui.core.RollerSession; import org.apache.roller.weblogger.ui.core.RollerSessionManager; +import org.apache.roller.weblogger.ui.core.SessionManager; import org.apache.roller.weblogger.ui.struts2.core.Register; import org.apache.roller.weblogger.ui.struts2.util.UIAction; +import org.apache.struts2.interceptor.ServletRequestAware; import org.apache.struts2.interceptor.validation.SkipValidation; import org.apache.roller.weblogger.ui.struts2.util.UIBeanFactory; import javax.servlet.ServletException; +import javax.servlet.http.HttpServletRequest; /** * Action that allows an admin to modify a users profile. */ // TODO: make this work @AllowedMethods({"execute","save","firstSave"}) -public class UserEdit extends UIAction { +public class UserEdit extends UIAction implements ServletRequestAware { private static Log log = LogFactory.getLog(UserEdit.class); @@ -62,16 +66,10 @@ public class UserEdit extends UIAction { private AuthMethod authMethod = WebloggerConfig.getAuthMethod(); - private RollerSessionManager sessionManager; + private HttpServletRequest request; public UserEdit() { this.desiredMenu = "admin"; - try { - sessionManager = UIBeanFactory.getBean(RollerSessionManager.class); - } catch (ServletException e) { - log.error("Failed to get RollerSessionManager", e); - throw new RuntimeException("Failed to get RollerSessionManager", e); - } } @Override @@ -149,6 +147,15 @@ public String firstSave() { * Save modified user profile. */ public String save() { + + SessionManager sessionManager; + try { + sessionManager = UIBeanFactory.getBean(RollerSessionManager.class, request); + } catch (ServletException e) { + log.error("Failed to get RollerSessionManager", e); + throw new RuntimeException("Failed to get RollerSessionManager", e); + } + myValidate(); if (!hasActionErrors()) { @@ -305,4 +312,9 @@ public List getPermissions() { public String getAuthMethod() { return authMethod.name(); } + + @Override + public void setServletRequest(HttpServletRequest httpServletRequest) { + this.request = httpServletRequest; + } } diff --git a/app/src/main/java/org/apache/roller/weblogger/ui/struts2/ajax/CommentDataServlet.java b/app/src/main/java/org/apache/roller/weblogger/ui/struts2/ajax/CommentDataServlet.java index 7ef5a1527e..5306af9934 100644 --- a/app/src/main/java/org/apache/roller/weblogger/ui/struts2/ajax/CommentDataServlet.java +++ b/app/src/main/java/org/apache/roller/weblogger/ui/struts2/ajax/CommentDataServlet.java @@ -45,11 +45,9 @@ public class CommentDataServlet extends HttpServlet { private static final Log log = LogFactory.getLog(CommentDataServlet.class); - private RollerSession rollerSession; @Override public void init() throws ServletException { - rollerSession = UIBeanFactory.getBean(RollerSession.class); } /** @@ -59,10 +57,9 @@ public void init() throws ServletException { * {id : "3454545346", content : "hi there"} */ @Override - public void doGet(HttpServletRequest request, - HttpServletResponse response) - throws ServletException, IOException { - + public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { + RollerSession rollerSession = UIBeanFactory.getBean(RollerSession.class, request); + Weblogger roller = WebloggerFactory.getWeblogger(); try { WeblogEntryManager wmgr = roller.getWeblogEntryManager(); @@ -97,9 +94,8 @@ public void doGet(HttpServletRequest request, * comment's content with the content in the request. */ @Override - public void doPut(HttpServletRequest request, - HttpServletResponse response) - throws ServletException, IOException { + public void doPut(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { + RollerSession rollerSession = UIBeanFactory.getBean(RollerSession.class, request); Weblogger roller = WebloggerFactory.getWeblogger(); try { diff --git a/app/src/main/java/org/apache/roller/weblogger/ui/struts2/util/UIActionInterceptor.java b/app/src/main/java/org/apache/roller/weblogger/ui/struts2/util/UIActionInterceptor.java index d63f2ad084..0bbd2e3506 100644 --- a/app/src/main/java/org/apache/roller/weblogger/ui/struts2/util/UIActionInterceptor.java +++ b/app/src/main/java/org/apache/roller/weblogger/ui/struts2/util/UIActionInterceptor.java @@ -36,35 +36,33 @@ /** * A struts2 interceptor for configuring specifics of the weblogger ui. */ -public class UIActionInterceptor extends MethodFilterInterceptor implements - StrutsStatics { +public class UIActionInterceptor extends MethodFilterInterceptor implements StrutsStatics { private static final long serialVersionUID = -6452966127207525616L; private static Log log = LogFactory.getLog(UIActionInterceptor.class); - private RollerSession rollerSession; @Override - public void init() { - try { - rollerSession = UIBeanFactory.getBean(RollerSession.class); - } catch (ServletException e) { - log.error("Failed to initialize UIActionInterceptor", e); - throw new RuntimeException("Failed to initialize UIActionInterceptor", e); - } - } + public void init() {} @Override public String doIntercept(ActionInvocation invocation) throws Exception { + final Object action = invocation.getAction(); + final ActionContext context = invocation.getInvocationContext(); + HttpServletRequest request = (HttpServletRequest) context.get(HTTP_REQUEST); + + RollerSession rollerSession; + try { + rollerSession = UIBeanFactory.getBean(RollerSession.class, request); + } catch (ServletException e) { + log.error("Failed to instantiate RollerSession", e); + throw new RuntimeException("Failed to instantiate RollerSession", e); + } + if (log.isDebugEnabled()) { log.debug("Entering UIActionInterceptor"); } - final Object action = invocation.getAction(); - final ActionContext context = invocation.getInvocationContext(); - - HttpServletRequest request = (HttpServletRequest) context - .get(HTTP_REQUEST); // is this one of our own UIAction classes? if (action instanceof UIAction) { diff --git a/app/src/main/java/org/apache/roller/weblogger/ui/struts2/util/UIBeanFactory.java b/app/src/main/java/org/apache/roller/weblogger/ui/struts2/util/UIBeanFactory.java index 2adebbce58..64e842ebf3 100644 --- a/app/src/main/java/org/apache/roller/weblogger/ui/struts2/util/UIBeanFactory.java +++ b/app/src/main/java/org/apache/roller/weblogger/ui/struts2/util/UIBeanFactory.java @@ -1,19 +1,6 @@ /* * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. The ASF licenses this file to You - * under the Apache License, Version 2.0 (the "License"); you may not - * use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. For additional information regarding - * copyright in this work, please see the NOTICE file in the top level - * directory of this distribution. + * contributor license agreements. See the NOTICE file for details. */ package org.apache.roller.weblogger.ui.struts2.util; @@ -21,25 +8,44 @@ import com.opensymphony.xwork2.ObjectFactory; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; -import org.apache.struts2.ServletActionContext; +import org.apache.roller.weblogger.ui.core.RollerSession; +import org.apache.roller.weblogger.ui.core.RollerSessionManager; import javax.servlet.ServletException; +import javax.servlet.http.HttpServletRequest; +import java.util.HashMap; +import java.util.Map; -public class UIBeanFactory { +public class UIBeanFactory extends ObjectFactory { private static final Log log = LogFactory.getLog(UIBeanFactory.class); + @Override + public Object buildBean(Class clazz, Map extraContext) throws Exception { + if (clazz == RollerSession.class) { + return createRollerSession(extraContext); + } + return super.buildBean(clazz, extraContext); + } + + private RollerSession createRollerSession(Map extraContext) { + HttpServletRequest request = (HttpServletRequest) extraContext.get("request"); + return new RollerSession(new RollerSessionManager(), request); + } + public static T getBean(Class beanClass) throws ServletException { + return getBean(beanClass, null); + } + + public static T getBean(Class beanClass, HttpServletRequest request) throws ServletException { try { - ObjectFactory objectFactory = ServletActionContext.getContext() - .getContainer() - .getInstance(ObjectFactory.class); - return (T) objectFactory.buildBean(beanClass, null); - } catch (NullPointerException e) { - String msg = "Struts context not initialized for bean type: " + beanClass.getName(); - log.error(msg, e); - throw new ServletException(msg, e); + Map context = new HashMap<>(); + if (request != null) { + context.put("request", request); + } + return (T) new UIBeanFactory().buildBean(beanClass, context); } catch (Exception e) { - String msg = String.format("Failed to create bean of type %s: %s", beanClass.getName(), e.getMessage()); + String msg = String.format("Failed to create bean of type %s: %s", + beanClass.getName(), e.getMessage()); log.error(msg, e); throw new ServletException(msg, e); } diff --git a/app/src/main/java/org/apache/roller/weblogger/ui/struts2/util/UICustomObjectFactory.java b/app/src/main/java/org/apache/roller/weblogger/ui/struts2/util/UICustomObjectFactory.java index 029373d9d8..41169ebc0f 100644 --- a/app/src/main/java/org/apache/roller/weblogger/ui/struts2/util/UICustomObjectFactory.java +++ b/app/src/main/java/org/apache/roller/weblogger/ui/struts2/util/UICustomObjectFactory.java @@ -18,29 +18,24 @@ package org.apache.roller.weblogger.ui.struts2.util; -import org.apache.roller.weblogger.ui.core.RollerSession; - import com.opensymphony.xwork2.ObjectFactory; +import org.apache.roller.weblogger.ui.core.RollerSession; import org.apache.roller.weblogger.ui.core.RollerSessionManager; +import org.apache.roller.weblogger.ui.core.SessionManager; +import org.apache.struts2.ServletActionContext; +import javax.servlet.http.HttpServletRequest; import java.util.Map; public class UICustomObjectFactory extends ObjectFactory { - @Override - public Class getClassInstance(String className) throws ClassNotFoundException { - if (className.equals(RollerSession.class.getName())) { - // Inject our session manager - return RollerSession.class; - } - return super.getClassInstance(className); - } - - @Override - public Object buildBean(Class clazz, Map extraContext) throws Exception { - if (clazz == RollerSession.class) { - return new RollerSession(new RollerSessionManager()); - } - return super.buildBean(clazz, extraContext); +@Override +public Object buildBean(Class clazz, Map extraContext) throws Exception { + if (clazz == RollerSession.class) { + HttpServletRequest request = ServletActionContext.getRequest(); + SessionManager sessionManager = new RollerSessionManager(); + return new RollerSession(sessionManager, request); } + return super.buildBean(clazz, extraContext); +} } \ No newline at end of file diff --git a/app/src/main/resources/struts.xml b/app/src/main/resources/struts.xml index 2d6bf0a8a6..0a00ee5ce4 100644 --- a/app/src/main/resources/struts.xml +++ b/app/src/main/resources/struts.xml @@ -21,7 +21,7 @@ "http://struts.apache.org/dtds/struts-2.5.dtd"> - + diff --git a/app/src/main/webapp/roller-ui/login-redirect.jsp b/app/src/main/webapp/roller-ui/login-redirect.jsp index 6a0f4fcb1c..8457add1c9 100644 --- a/app/src/main/webapp/roller-ui/login-redirect.jsp +++ b/app/src/main/webapp/roller-ui/login-redirect.jsp @@ -28,7 +28,7 @@ <% Log log = LogFactory.getLog("login-redirect.jsp"); -RollerSession rollerSession = UIBeanFactory.getBean(RollerSession.class); +RollerSession rollerSession = UIBeanFactory.getBean(RollerSession.class, request); User user = rollerSession.getAuthenticatedUser(); List weblogs; From 21e844916c28c57aa669bd15b0074499f07aa7bd Mon Sep 17 00:00:00 2001 From: "David M. Johnson" Date: Mon, 20 Jan 2025 13:14:43 -0500 Subject: [PATCH 10/11] Working out problems in DI. --- .../ui/struts2/util/UIBeanFactory.java | 23 ++++++++--- .../struts2/util/UICustomObjectFactory.java | 41 ------------------- .../core/filters/ValidateSaltFilterTest.java | 25 +++++++---- 3 files changed, 35 insertions(+), 54 deletions(-) delete mode 100644 app/src/main/java/org/apache/roller/weblogger/ui/struts2/util/UICustomObjectFactory.java diff --git a/app/src/main/java/org/apache/roller/weblogger/ui/struts2/util/UIBeanFactory.java b/app/src/main/java/org/apache/roller/weblogger/ui/struts2/util/UIBeanFactory.java index 64e842ebf3..58934c85e2 100644 --- a/app/src/main/java/org/apache/roller/weblogger/ui/struts2/util/UIBeanFactory.java +++ b/app/src/main/java/org/apache/roller/weblogger/ui/struts2/util/UIBeanFactory.java @@ -1,8 +1,20 @@ /* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file for details. - */ - +* Licensed to the Apache Software Foundation (ASF) under one or more +* contributor license agreements. The ASF licenses this file to You +* under the Apache License, Version 2.0 (the "License"); you may not +* use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. For additional information regarding +* copyright in this work, please see the NOTICE file in the top level +* directory of this distribution. +*/ package org.apache.roller.weblogger.ui.struts2.util; import com.opensymphony.xwork2.ObjectFactory; @@ -44,8 +56,7 @@ public static T getBean(Class beanClass, HttpServletRequest request) thro } return (T) new UIBeanFactory().buildBean(beanClass, context); } catch (Exception e) { - String msg = String.format("Failed to create bean of type %s: %s", - beanClass.getName(), e.getMessage()); + String msg = String.format("Failed to create bean of type %s: %s", beanClass.getName(), e.getMessage()); log.error(msg, e); throw new ServletException(msg, e); } diff --git a/app/src/main/java/org/apache/roller/weblogger/ui/struts2/util/UICustomObjectFactory.java b/app/src/main/java/org/apache/roller/weblogger/ui/struts2/util/UICustomObjectFactory.java deleted file mode 100644 index 41169ebc0f..0000000000 --- a/app/src/main/java/org/apache/roller/weblogger/ui/struts2/util/UICustomObjectFactory.java +++ /dev/null @@ -1,41 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. The ASF licenses this file to You - * under the Apache License, Version 2.0 (the "License"); you may not - * use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. For additional information regarding - * copyright in this work, please see the NOTICE file in the top level - * directory of this distribution. - */ - -package org.apache.roller.weblogger.ui.struts2.util; - -import com.opensymphony.xwork2.ObjectFactory; -import org.apache.roller.weblogger.ui.core.RollerSession; -import org.apache.roller.weblogger.ui.core.RollerSessionManager; -import org.apache.roller.weblogger.ui.core.SessionManager; -import org.apache.struts2.ServletActionContext; - -import javax.servlet.http.HttpServletRequest; -import java.util.Map; - -public class UICustomObjectFactory extends ObjectFactory { - -@Override -public Object buildBean(Class clazz, Map extraContext) throws Exception { - if (clazz == RollerSession.class) { - HttpServletRequest request = ServletActionContext.getRequest(); - SessionManager sessionManager = new RollerSessionManager(); - return new RollerSession(sessionManager, request); - } - return super.buildBean(clazz, extraContext); -} -} \ No newline at end of file diff --git a/app/src/test/java/org/apache/roller/weblogger/ui/core/filters/ValidateSaltFilterTest.java b/app/src/test/java/org/apache/roller/weblogger/ui/core/filters/ValidateSaltFilterTest.java index d8c04871b2..e8694797b4 100644 --- a/app/src/test/java/org/apache/roller/weblogger/ui/core/filters/ValidateSaltFilterTest.java +++ b/app/src/test/java/org/apache/roller/weblogger/ui/core/filters/ValidateSaltFilterTest.java @@ -59,26 +59,37 @@ public void testDoFilterWithGetMethod() throws Exception { verify(chain).doFilter(request, response); } - @Test public void testDoFilterWithPostMethodAndValidSalt() throws Exception { - try (MockedStatic mockedSaltCache = mockStatic(SaltCache.class)) { + try (MockedStatic mockedSaltCache = mockStatic(SaltCache.class); + MockedStatic mockedUIBeanFactory = mockStatic(UIBeanFactory.class); + MockedStatic mockedConfig = mockStatic(WebloggerConfig.class)) { + mockedSaltCache.when(SaltCache::getInstance).thenReturn(saltCache); + mockedConfig.when(() -> WebloggerConfig.getProperty("salt.ignored.urls")) + .thenReturn("different/url"); + StringBuffer requestURL = new StringBuffer("https://example.com/roller-ui/test"); + when(request.getRequestURL()).thenReturn(requestURL); when(request.getMethod()).thenReturn("POST"); when(request.getParameter("salt")).thenReturn("validSalt"); - when(saltCache.get("validSalt")).thenReturn("userId"); - when(rollerSession.getAuthenticatedUser()).thenReturn(new TestUser("userId")); - StringBuffer requestURL = new StringBuffer("https://example.com/app/ignoredurl"); - when(request.getRequestURL()).thenReturn(requestURL); + when(saltCache.get("validSalt")).thenReturn("testUser"); + + RollerSession rollerSession = mock(RollerSession.class); + User user = mock(User.class); + when(rollerSession.getAuthenticatedUser()).thenReturn(user); + when(user.getId()).thenReturn("testUser"); + mockedUIBeanFactory.when(() -> UIBeanFactory.getBean(any(), any())).thenReturn(rollerSession); + + filter = new ValidateSaltFilter(); + filter.init(mock(FilterConfig.class)); filter.doFilter(request, response, chain); verify(chain).doFilter(request, response); verify(saltCache).remove("validSalt"); } } - @Test public void testDoFilterWithPostMethodAndInvalidSalt() throws Exception { try (MockedStatic mockedSaltCache = mockStatic(SaltCache.class)) { From cdca9c31ed9b148ae56e9767128b8dfcac757ff3 Mon Sep 17 00:00:00 2001 From: "David M. Johnson" Date: Mon, 20 Jan 2025 13:18:38 -0500 Subject: [PATCH 11/11] Make it clear RollerSession is a UI thing. --- ...RollerSession.java => RollerUISession.java} | 16 ++++++++-------- ...tener.java => RollerUISessionListener.java} | 6 +++--- ...anager.java => RollerUISessionManager.java} | 12 ++++++------ ...ssionManager.java => UISessionManager.java} | 6 +++--- .../ui/core/filters/LoadSaltFilter.java | 10 +++++----- .../ui/core/filters/ValidateSaltFilter.java | 10 +++++----- .../weblogger/ui/struts2/admin/UserEdit.java | 13 ++++++------- .../ui/struts2/ajax/CommentDataServlet.java | 10 +++++----- .../weblogger/ui/struts2/core/Register.java | 5 ++--- .../ui/struts2/util/UIActionInterceptor.java | 10 +++++----- .../ui/struts2/util/UIBeanFactory.java | 10 +++++----- app/src/main/webapp/WEB-INF/web.xml | 2 +- .../main/webapp/roller-ui/login-redirect.jsp | 7 ++++--- .../main/webapp/roller-ui/logout-redirect.jsp | 5 +++-- ...st.java => RollerUISessionManagerTest.java} | 15 +++++++-------- .../ui/core/filters/LoadSaltFilterTest.java | 10 +++++----- .../core/filters/ValidateSaltFilterTest.java | 18 +++++++++--------- 17 files changed, 82 insertions(+), 83 deletions(-) rename app/src/main/java/org/apache/roller/weblogger/ui/core/{RollerSession.java => RollerUISession.java} (89%) rename app/src/main/java/org/apache/roller/weblogger/ui/core/{RollerSessionListener.java => RollerUISessionListener.java} (86%) rename app/src/main/java/org/apache/roller/weblogger/ui/core/{RollerSessionManager.java => RollerUISessionManager.java} (89%) rename app/src/main/java/org/apache/roller/weblogger/ui/core/{SessionManager.java => UISessionManager.java} (87%) rename app/src/test/java/org/apache/roller/weblogger/ui/core/{RollerSessionManagerTest.java => RollerUISessionManagerTest.java} (88%) diff --git a/app/src/main/java/org/apache/roller/weblogger/ui/core/RollerSession.java b/app/src/main/java/org/apache/roller/weblogger/ui/core/RollerUISession.java similarity index 89% rename from app/src/main/java/org/apache/roller/weblogger/ui/core/RollerSession.java rename to app/src/main/java/org/apache/roller/weblogger/ui/core/RollerUISession.java index cb909a7390..985e95d158 100644 --- a/app/src/main/java/org/apache/roller/weblogger/ui/core/RollerSession.java +++ b/app/src/main/java/org/apache/roller/weblogger/ui/core/RollerUISession.java @@ -39,7 +39,7 @@ /** * Roller session handles session startup and shutdown. */ -public class RollerSession implements HttpSessionListener, HttpSessionActivationListener, Serializable { +public class RollerUISession implements HttpSessionListener, HttpSessionActivationListener, Serializable { private static final long serialVersionUID = 5890132909166913727L; private static final Log log; @@ -47,18 +47,18 @@ public class RollerSession implements HttpSessionListener, HttpSessionActivation // the id of the user represented by this session private String userName = null; - private SessionManager sessionManager; + private UISessionManager UISessionManager; public static final String ROLLER_SESSION = "org.apache.roller.weblogger.rollersession"; static{ WebloggerConfig.init(); // must be called before calls to logging APIs - log = LogFactory.getLog(RollerSession.class); + log = LogFactory.getLog(RollerUISession.class); } @Inject - public RollerSession(SessionManager sessionManager, HttpServletRequest request) { - this.sessionManager = sessionManager; + public RollerUISession(UISessionManager UISessionManager, HttpServletRequest request) { + this.UISessionManager = UISessionManager; // No session exists yet, nothing to do HttpSession session = request.getSession(false); @@ -67,13 +67,13 @@ public RollerSession(SessionManager sessionManager, HttpServletRequest request) } // Get or create roller session in HTTP session - RollerSession storedSession = (RollerSession)session.getAttribute(ROLLER_SESSION); + RollerUISession storedSession = (RollerUISession)session.getAttribute(ROLLER_SESSION); if (storedSession == null) { session.setAttribute(ROLLER_SESSION, this); } // If stored session exists with authenticated user but not in cache, override it else if (storedSession.getAuthenticatedUser() != null - && sessionManager.get(storedSession.getAuthenticatedUser().getUserName()) == null) { + && UISessionManager.get(storedSession.getAuthenticatedUser().getUserName()) == null) { session.setAttribute(ROLLER_SESSION, this); } @@ -154,6 +154,6 @@ public User getAuthenticatedUser() { */ public void setAuthenticatedUser(User authenticatedUser) { this.userName = authenticatedUser.getUserName(); - sessionManager.register(authenticatedUser.getUserName(), this); + UISessionManager.register(authenticatedUser.getUserName(), this); } } diff --git a/app/src/main/java/org/apache/roller/weblogger/ui/core/RollerSessionListener.java b/app/src/main/java/org/apache/roller/weblogger/ui/core/RollerUISessionListener.java similarity index 86% rename from app/src/main/java/org/apache/roller/weblogger/ui/core/RollerSessionListener.java rename to app/src/main/java/org/apache/roller/weblogger/ui/core/RollerUISessionListener.java index f0e3ea754a..2d3a791fae 100644 --- a/app/src/main/java/org/apache/roller/weblogger/ui/core/RollerSessionListener.java +++ b/app/src/main/java/org/apache/roller/weblogger/ui/core/RollerUISessionListener.java @@ -27,8 +27,8 @@ import javax.servlet.http.HttpSessionListener; -public class RollerSessionListener implements HttpSessionListener, HttpSessionActivationListener { - private static final Log log = LogFactory.getLog(RollerSessionListener.class); +public class RollerUISessionListener implements HttpSessionListener, HttpSessionActivationListener { + private static final Log log = LogFactory.getLog(RollerUISessionListener.class); @Override public void sessionDestroyed(HttpSessionEvent se) { @@ -43,7 +43,7 @@ public void sessionWillPassivate(HttpSessionEvent se) { private void clearSession(HttpSessionEvent se) { HttpSession session = se.getSession(); try { - session.removeAttribute(RollerSession.ROLLER_SESSION); + session.removeAttribute(RollerUISession.ROLLER_SESSION); } catch (Exception e) { log.debug("Exception purging session attributes", e); } diff --git a/app/src/main/java/org/apache/roller/weblogger/ui/core/RollerSessionManager.java b/app/src/main/java/org/apache/roller/weblogger/ui/core/RollerUISessionManager.java similarity index 89% rename from app/src/main/java/org/apache/roller/weblogger/ui/core/RollerSessionManager.java rename to app/src/main/java/org/apache/roller/weblogger/ui/core/RollerUISessionManager.java index 4f269da909..c2e0079667 100644 --- a/app/src/main/java/org/apache/roller/weblogger/ui/core/RollerSessionManager.java +++ b/app/src/main/java/org/apache/roller/weblogger/ui/core/RollerUISessionManager.java @@ -28,13 +28,13 @@ import java.util.HashMap; import java.util.Map; -public class RollerSessionManager implements SessionManager { - private static final Log log = LogFactory.getLog(RollerSessionManager.class); +public class RollerUISessionManager implements UISessionManager { + private static final Log log = LogFactory.getLog(RollerUISessionManager.class); private static final String CACHE_ID = "roller.session.cache"; private final Cache sessionCache; - public RollerSessionManager() { + public RollerUISessionManager() { Map cacheProps = new HashMap<>(); cacheProps.put("id", CACHE_ID); cacheProps.put("size", "1000"); // Default cache size @@ -43,7 +43,7 @@ public RollerSessionManager() { CacheManager.registerHandler(new SessionCacheHandler()); } - public void register(String userName, RollerSession session) { + public void register(String userName, RollerUISession session) { if (userName != null && session != null) { try { this.sessionCache.put(userName, session); @@ -54,10 +54,10 @@ public void register(String userName, RollerSession session) { } } - public RollerSession get(String userName) { + public RollerUISession get(String userName) { if (userName != null) { try { - return (RollerSession) this.sessionCache.get(userName); + return (RollerUISession) this.sessionCache.get(userName); } catch (Exception e) { log.error("Failed to retrieve session for user: " + userName, e); } diff --git a/app/src/main/java/org/apache/roller/weblogger/ui/core/SessionManager.java b/app/src/main/java/org/apache/roller/weblogger/ui/core/UISessionManager.java similarity index 87% rename from app/src/main/java/org/apache/roller/weblogger/ui/core/SessionManager.java rename to app/src/main/java/org/apache/roller/weblogger/ui/core/UISessionManager.java index e3594bb2e5..288547fda6 100644 --- a/app/src/main/java/org/apache/roller/weblogger/ui/core/SessionManager.java +++ b/app/src/main/java/org/apache/roller/weblogger/ui/core/UISessionManager.java @@ -18,9 +18,9 @@ package org.apache.roller.weblogger.ui.core; -public interface SessionManager { - void register(String userName, RollerSession session); - RollerSession get(String userName); +public interface UISessionManager { + void register(String userName, RollerUISession session); + RollerUISession get(String userName); void invalidate(String userName); } diff --git a/app/src/main/java/org/apache/roller/weblogger/ui/core/filters/LoadSaltFilter.java b/app/src/main/java/org/apache/roller/weblogger/ui/core/filters/LoadSaltFilter.java index 4ab2696bec..92d88d23ca 100644 --- a/app/src/main/java/org/apache/roller/weblogger/ui/core/filters/LoadSaltFilter.java +++ b/app/src/main/java/org/apache/roller/weblogger/ui/core/filters/LoadSaltFilter.java @@ -25,7 +25,7 @@ import org.apache.commons.lang3.RandomStringUtils; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; -import org.apache.roller.weblogger.ui.core.RollerSession; +import org.apache.roller.weblogger.ui.core.RollerUISession; import org.apache.roller.weblogger.ui.rendering.util.cache.SaltCache; import org.apache.roller.weblogger.ui.struts2.util.UIBeanFactory; @@ -41,11 +41,11 @@ public void doFilter(ServletRequest request, ServletResponse response, FilterCha throws IOException, ServletException { HttpServletRequest httpReq = (HttpServletRequest) request; - RollerSession rollerSession = UIBeanFactory.getBean(RollerSession.class, httpReq); + RollerUISession rollerUISession = UIBeanFactory.getBean(RollerUISession.class, httpReq); - if (rollerSession != null) { - String userId = rollerSession.getAuthenticatedUser() != null ? - rollerSession.getAuthenticatedUser().getId() : ""; + if (rollerUISession != null) { + String userId = rollerUISession.getAuthenticatedUser() != null ? + rollerUISession.getAuthenticatedUser().getId() : ""; SaltCache saltCache = SaltCache.getInstance(); String salt = RandomStringUtils.random(20, 0, 0, true, true, null, new SecureRandom()); saltCache.put(salt, userId); diff --git a/app/src/main/java/org/apache/roller/weblogger/ui/core/filters/ValidateSaltFilter.java b/app/src/main/java/org/apache/roller/weblogger/ui/core/filters/ValidateSaltFilter.java index 19250e0618..37c1714b6e 100644 --- a/app/src/main/java/org/apache/roller/weblogger/ui/core/filters/ValidateSaltFilter.java +++ b/app/src/main/java/org/apache/roller/weblogger/ui/core/filters/ValidateSaltFilter.java @@ -36,7 +36,7 @@ import org.apache.commons.logging.LogFactory; import org.apache.roller.weblogger.config.WebloggerConfig; import org.apache.roller.weblogger.ui.rendering.util.cache.SaltCache; -import org.apache.roller.weblogger.ui.core.RollerSession; +import org.apache.roller.weblogger.ui.core.RollerUISession; import org.apache.roller.weblogger.ui.struts2.util.UIBeanFactory; /** @@ -52,7 +52,7 @@ public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { HttpServletRequest httpReq = (HttpServletRequest) request; - RollerSession rollerSession = UIBeanFactory.getBean(RollerSession.class, httpReq); + RollerUISession rollerUISession = UIBeanFactory.getBean(RollerUISession.class, httpReq); String requestURL = httpReq.getRequestURL().toString(); String queryString = httpReq.getQueryString(); @@ -61,9 +61,9 @@ public void doFilter(ServletRequest request, ServletResponse response, } if ("POST".equals(httpReq.getMethod()) && !isIgnoredURL(requestURL)) { - if (rollerSession != null) { - String userId = rollerSession.getAuthenticatedUser() != null ? - rollerSession.getAuthenticatedUser().getId() : ""; + if (rollerUISession != null) { + String userId = rollerUISession.getAuthenticatedUser() != null ? + rollerUISession.getAuthenticatedUser().getId() : ""; String salt = httpReq.getParameter("salt"); SaltCache saltCache = SaltCache.getInstance(); diff --git a/app/src/main/java/org/apache/roller/weblogger/ui/struts2/admin/UserEdit.java b/app/src/main/java/org/apache/roller/weblogger/ui/struts2/admin/UserEdit.java index a1b506815d..33fa0ca116 100644 --- a/app/src/main/java/org/apache/roller/weblogger/ui/struts2/admin/UserEdit.java +++ b/app/src/main/java/org/apache/roller/weblogger/ui/struts2/admin/UserEdit.java @@ -37,9 +37,8 @@ import org.apache.roller.weblogger.pojos.GlobalPermission; import org.apache.roller.weblogger.pojos.User; import org.apache.roller.weblogger.pojos.WeblogPermission; -import org.apache.roller.weblogger.ui.core.RollerSession; -import org.apache.roller.weblogger.ui.core.RollerSessionManager; -import org.apache.roller.weblogger.ui.core.SessionManager; +import org.apache.roller.weblogger.ui.core.RollerUISessionManager; +import org.apache.roller.weblogger.ui.core.UISessionManager; import org.apache.roller.weblogger.ui.struts2.core.Register; import org.apache.roller.weblogger.ui.struts2.util.UIAction; import org.apache.struts2.interceptor.ServletRequestAware; @@ -148,9 +147,9 @@ public String firstSave() { */ public String save() { - SessionManager sessionManager; + UISessionManager UISessionManager; try { - sessionManager = UIBeanFactory.getBean(RollerSessionManager.class, request); + UISessionManager = UIBeanFactory.getBean(RollerUISessionManager.class, request); } catch (ServletException e) { log.error("Failed to get RollerSessionManager", e); throw new RuntimeException("Failed to get RollerSessionManager", e); @@ -187,13 +186,13 @@ public String save() { // invalidate user's session if it's not user executing this action if (!getAuthenticatedUser().getUserName().equals(user.getUserName())) { - sessionManager.invalidate(user.getUserName()); + UISessionManager.invalidate(user.getUserName()); } } // if user is disabled and not the same as the user executing this action, then invalidate their session if (!user.getEnabled() && !getAuthenticatedUser().getUserName().equals(user.getUserName())) { - sessionManager.invalidate(user.getUserName()); + UISessionManager.invalidate(user.getUserName()); } try { diff --git a/app/src/main/java/org/apache/roller/weblogger/ui/struts2/ajax/CommentDataServlet.java b/app/src/main/java/org/apache/roller/weblogger/ui/struts2/ajax/CommentDataServlet.java index 5306af9934..97dc1c8ac0 100644 --- a/app/src/main/java/org/apache/roller/weblogger/ui/struts2/ajax/CommentDataServlet.java +++ b/app/src/main/java/org/apache/roller/weblogger/ui/struts2/ajax/CommentDataServlet.java @@ -34,7 +34,7 @@ import org.apache.roller.weblogger.pojos.Weblog; import org.apache.roller.weblogger.pojos.WeblogEntryComment; import org.apache.roller.weblogger.pojos.WeblogPermission; -import org.apache.roller.weblogger.ui.core.RollerSession; +import org.apache.roller.weblogger.ui.core.RollerUISession; import org.apache.roller.weblogger.ui.struts2.util.UIBeanFactory; import org.apache.roller.weblogger.util.Utilities; @@ -58,7 +58,7 @@ public void init() throws ServletException { */ @Override public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { - RollerSession rollerSession = UIBeanFactory.getBean(RollerSession.class, request); + RollerUISession rollerUISession = UIBeanFactory.getBean(RollerUISession.class, request); Weblogger roller = WebloggerFactory.getWeblogger(); try { @@ -69,7 +69,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response) thro } else { // need post permission to view comments Weblog weblog = c.getWeblogEntry().getWebsite(); - if (weblog.hasUserPermission(rollerSession.getAuthenticatedUser(), WeblogPermission.POST)) { + if (weblog.hasUserPermission(rollerUISession.getAuthenticatedUser(), WeblogPermission.POST)) { String content = Utilities.escapeHTML(c.getContent()); content = StringEscapeUtils.escapeEcmaScript(content); String json = "{ id: \"" + c.getId() + "\"," + "content: \"" + content + "\" }"; @@ -95,7 +95,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response) thro */ @Override public void doPut(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { - RollerSession rollerSession = UIBeanFactory.getBean(RollerSession.class, request); + RollerUISession rollerUISession = UIBeanFactory.getBean(RollerUISession.class, request); Weblogger roller = WebloggerFactory.getWeblogger(); try { @@ -106,7 +106,7 @@ public void doPut(HttpServletRequest request, HttpServletResponse response) thro } else { // need post permission to edit comments Weblog weblog = c.getWeblogEntry().getWebsite(); - if (weblog.hasUserPermission(rollerSession.getAuthenticatedUser(), WeblogPermission.POST)) { + if (weblog.hasUserPermission(rollerUISession.getAuthenticatedUser(), WeblogPermission.POST)) { String content = Utilities.streamToString(request.getInputStream()); c.setContent(content); // don't update the posttime when updating the comment diff --git a/app/src/main/java/org/apache/roller/weblogger/ui/struts2/core/Register.java b/app/src/main/java/org/apache/roller/weblogger/ui/struts2/core/Register.java index 1d8f6628ae..278fbc9674 100644 --- a/app/src/main/java/org/apache/roller/weblogger/ui/struts2/core/Register.java +++ b/app/src/main/java/org/apache/roller/weblogger/ui/struts2/core/Register.java @@ -33,11 +33,10 @@ import org.apache.roller.weblogger.config.WebloggerConfig; import org.apache.roller.weblogger.config.WebloggerRuntimeConfig; import org.apache.roller.weblogger.pojos.User; -import org.apache.roller.weblogger.ui.core.RollerSession; +import org.apache.roller.weblogger.ui.core.RollerUISession; import org.apache.roller.weblogger.ui.core.security.CustomUserRegistry; import org.apache.roller.weblogger.ui.struts2.util.UIAction; import org.apache.roller.weblogger.util.MailUtil; -import org.apache.struts2.convention.annotation.AllowedMethods; import org.apache.struts2.interceptor.ServletRequestAware; import org.apache.struts2.interceptor.validation.SkipValidation; @@ -237,7 +236,7 @@ public String save() { // Invalidate session, otherwise new user who was originally // authenticated via LDAP/SSO will remain logged in but // without a valid Roller role. - getServletRequest().getSession().removeAttribute(RollerSession.ROLLER_SESSION); + getServletRequest().getSession().removeAttribute(RollerUISession.ROLLER_SESSION); getServletRequest().getSession().invalidate(); // set a special page title diff --git a/app/src/main/java/org/apache/roller/weblogger/ui/struts2/util/UIActionInterceptor.java b/app/src/main/java/org/apache/roller/weblogger/ui/struts2/util/UIActionInterceptor.java index 0bbd2e3506..3b90edb262 100644 --- a/app/src/main/java/org/apache/roller/weblogger/ui/struts2/util/UIActionInterceptor.java +++ b/app/src/main/java/org/apache/roller/weblogger/ui/struts2/util/UIActionInterceptor.java @@ -26,7 +26,7 @@ import org.apache.commons.logging.LogFactory; import org.apache.roller.weblogger.business.WebloggerFactory; import org.apache.roller.weblogger.pojos.Weblog; -import org.apache.roller.weblogger.ui.core.RollerSession; +import org.apache.roller.weblogger.ui.core.RollerUISession; import org.apache.struts2.StrutsStatics; import com.opensymphony.xwork2.ActionContext; @@ -51,9 +51,9 @@ public String doIntercept(ActionInvocation invocation) throws Exception { final ActionContext context = invocation.getInvocationContext(); HttpServletRequest request = (HttpServletRequest) context.get(HTTP_REQUEST); - RollerSession rollerSession; + RollerUISession rollerUISession; try { - rollerSession = UIBeanFactory.getBean(RollerSession.class, request); + rollerUISession = UIBeanFactory.getBean(RollerUISession.class, request); } catch (ServletException e) { log.error("Failed to instantiate RollerSession", e); throw new RuntimeException("Failed to instantiate RollerSession", e); @@ -73,8 +73,8 @@ public String doIntercept(ActionInvocation invocation) throws Exception { UIAction theAction = (UIAction) action; - if (rollerSession != null) { - theAction.setAuthenticatedUser(rollerSession.getAuthenticatedUser()); + if (rollerUISession != null) { + theAction.setAuthenticatedUser(rollerUISession.getAuthenticatedUser()); } // extract the work weblog and set it diff --git a/app/src/main/java/org/apache/roller/weblogger/ui/struts2/util/UIBeanFactory.java b/app/src/main/java/org/apache/roller/weblogger/ui/struts2/util/UIBeanFactory.java index 58934c85e2..64063fa548 100644 --- a/app/src/main/java/org/apache/roller/weblogger/ui/struts2/util/UIBeanFactory.java +++ b/app/src/main/java/org/apache/roller/weblogger/ui/struts2/util/UIBeanFactory.java @@ -20,8 +20,8 @@ import com.opensymphony.xwork2.ObjectFactory; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; -import org.apache.roller.weblogger.ui.core.RollerSession; -import org.apache.roller.weblogger.ui.core.RollerSessionManager; +import org.apache.roller.weblogger.ui.core.RollerUISession; +import org.apache.roller.weblogger.ui.core.RollerUISessionManager; import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; @@ -33,15 +33,15 @@ public class UIBeanFactory extends ObjectFactory { @Override public Object buildBean(Class clazz, Map extraContext) throws Exception { - if (clazz == RollerSession.class) { + if (clazz == RollerUISession.class) { return createRollerSession(extraContext); } return super.buildBean(clazz, extraContext); } - private RollerSession createRollerSession(Map extraContext) { + private RollerUISession createRollerSession(Map extraContext) { HttpServletRequest request = (HttpServletRequest) extraContext.get("request"); - return new RollerSession(new RollerSessionManager(), request); + return new RollerUISession(new RollerUISessionManager(), request); } public static T getBean(Class beanClass) throws ServletException { diff --git a/app/src/main/webapp/WEB-INF/web.xml b/app/src/main/webapp/WEB-INF/web.xml index e75cb68693..03bc26845f 100644 --- a/app/src/main/webapp/WEB-INF/web.xml +++ b/app/src/main/webapp/WEB-INF/web.xml @@ -174,7 +174,7 @@ - org.apache.roller.weblogger.ui.core.RollerSessionListener + org.apache.roller.weblogger.ui.core.RollerUISessionListener diff --git a/app/src/main/webapp/roller-ui/login-redirect.jsp b/app/src/main/webapp/roller-ui/login-redirect.jsp index 8457add1c9..63936b1106 100644 --- a/app/src/main/webapp/roller-ui/login-redirect.jsp +++ b/app/src/main/webapp/roller-ui/login-redirect.jsp @@ -19,17 +19,18 @@ <%@ page import="org.apache.roller.weblogger.business.*" %> <%@ page import="org.apache.roller.weblogger.pojos.*" %> <%@ page import="org.apache.roller.weblogger.ui.struts2.util.UIBeanFactory" %> -<%@ page import="org.apache.roller.weblogger.ui.core.RollerSession" %> +<%@ page import="org.apache.roller.weblogger.ui.core.RollerUISession" %> <%@ page import="java.util.List" %> <%@ page import="org.apache.roller.weblogger.WebloggerException" %> <%@ page import="java.util.Collections" %> <%@ page import="org.apache.commons.logging.Log" %> <%@ page import="org.apache.commons.logging.LogFactory" %> +<%@ page import="org.apache.roller.weblogger.ui.core.RollerUISession" %> <% Log log = LogFactory.getLog("login-redirect.jsp"); -RollerSession rollerSession = UIBeanFactory.getBean(RollerSession.class, request); -User user = rollerSession.getAuthenticatedUser(); +RollerUISession rollerUISession = UIBeanFactory.getBean(RollerUISession.class, request); +User user = rollerUISession.getAuthenticatedUser(); List weblogs; try { diff --git a/app/src/main/webapp/roller-ui/logout-redirect.jsp b/app/src/main/webapp/roller-ui/logout-redirect.jsp index 45211b9eb6..4dc1319aac 100644 --- a/app/src/main/webapp/roller-ui/logout-redirect.jsp +++ b/app/src/main/webapp/roller-ui/logout-redirect.jsp @@ -16,12 +16,13 @@ directory of this distribution. --%> <%@ page language="java" contentType="text/html; charset=UTF-8" %> -<%@ page import="org.apache.roller.weblogger.ui.core.RollerSession" %> +<%@ page import="org.apache.roller.weblogger.ui.core.RollerUISession" %> <%@ page import="javax.servlet.http.Cookie" %> <%@ page import="org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices" %> +<%@ page import="org.apache.roller.weblogger.ui.core.RollerUISession" %> <% -request.getSession().removeAttribute(RollerSession.ROLLER_SESSION); +request.getSession().removeAttribute(RollerUISession.ROLLER_SESSION); request.getSession().invalidate(); // Mimic exactly TokenBasedRememberMeServices.makeCancelCookie() diff --git a/app/src/test/java/org/apache/roller/weblogger/ui/core/RollerSessionManagerTest.java b/app/src/test/java/org/apache/roller/weblogger/ui/core/RollerUISessionManagerTest.java similarity index 88% rename from app/src/test/java/org/apache/roller/weblogger/ui/core/RollerSessionManagerTest.java rename to app/src/test/java/org/apache/roller/weblogger/ui/core/RollerUISessionManagerTest.java index 769ff33b50..bdb4659da8 100644 --- a/app/src/test/java/org/apache/roller/weblogger/ui/core/RollerSessionManagerTest.java +++ b/app/src/test/java/org/apache/roller/weblogger/ui/core/RollerUISessionManagerTest.java @@ -19,7 +19,6 @@ package org.apache.roller.weblogger.ui.core; import org.apache.roller.weblogger.pojos.User; -import org.apache.roller.weblogger.pojos.WeblogEntry; import org.apache.roller.weblogger.util.cache.Cache; import org.apache.roller.weblogger.util.cache.CacheManager; import org.junit.jupiter.api.BeforeEach; @@ -31,15 +30,15 @@ import static org.junit.jupiter.api.Assertions.*; import static org.mockito.Mockito.*; -class RollerSessionManagerTest { +class RollerUISessionManagerTest { - private RollerSessionManager sessionManager; + private RollerUISessionManager sessionManager; @Mock private Cache mockCache; @Mock - private RollerSession mockSession; + private RollerUISession mockSession; @Mock private User mockUser; @@ -50,7 +49,7 @@ void setUp() { try (MockedStatic mockedCacheManager = mockStatic(CacheManager.class)) { mockedCacheManager.when(() -> CacheManager.constructCache(isNull(), any())).thenReturn(mockCache); mockedCacheManager.when(() -> CacheManager.registerHandler(any())).then(invocation -> null); - sessionManager = new RollerSessionManager(); + sessionManager = new RollerUISessionManager(); } } @@ -67,7 +66,7 @@ void testCacheHandlerInvalidateUser() { when(mockUser.getUserName()).thenReturn(userName); // Create handler directly from instance - RollerSessionManager.SessionCacheHandler handler = sessionManager.new SessionCacheHandler(); + RollerUISessionManager.SessionCacheHandler handler = sessionManager.new SessionCacheHandler(); handler.invalidate(mockUser); verify(mockCache).remove(userName); @@ -90,14 +89,14 @@ void testGetSession() { String userName = "testUser"; when(mockCache.get(userName)).thenReturn(mockSession); - RollerSession result = sessionManager.get(userName); + RollerUISession result = sessionManager.get(userName); assertEquals(mockSession, result); verify(mockCache).get(userName); } @Test void testGetSessionNullUserName() { - RollerSession result = sessionManager.get(null); + RollerUISession result = sessionManager.get(null); assertNull(result); verify(mockCache, never()).get(any()); } diff --git a/app/src/test/java/org/apache/roller/weblogger/ui/core/filters/LoadSaltFilterTest.java b/app/src/test/java/org/apache/roller/weblogger/ui/core/filters/LoadSaltFilterTest.java index 10079a82be..2d3884fe81 100644 --- a/app/src/test/java/org/apache/roller/weblogger/ui/core/filters/LoadSaltFilterTest.java +++ b/app/src/test/java/org/apache/roller/weblogger/ui/core/filters/LoadSaltFilterTest.java @@ -1,7 +1,7 @@ package org.apache.roller.weblogger.ui.core.filters; import org.apache.roller.weblogger.pojos.User; -import org.apache.roller.weblogger.ui.core.RollerSession; +import org.apache.roller.weblogger.ui.core.RollerUISession; import org.apache.roller.weblogger.ui.rendering.util.cache.SaltCache; import org.apache.roller.weblogger.ui.struts2.util.UIBeanFactory; import org.junit.jupiter.api.BeforeEach; @@ -32,7 +32,7 @@ public class LoadSaltFilterTest { private FilterChain chain; @Mock - private RollerSession rollerSession; + private RollerUISession rollerUISession; @Mock private SaltCache saltCache; @@ -42,8 +42,8 @@ public void setUp() throws ServletException { MockitoAnnotations.openMocks(this); try (MockedStatic mockedFactory = mockStatic(UIBeanFactory.class)) { - mockedFactory.when(() -> UIBeanFactory.getBean(RollerSession.class)) - .thenReturn(rollerSession); + mockedFactory.when(() -> UIBeanFactory.getBean(RollerUISession.class)) + .thenReturn(rollerUISession); filter = new LoadSaltFilter(); filter.init(mock(FilterConfig.class)); @@ -64,7 +64,7 @@ public void testDoFilterGeneratesSalt() throws Exception { @Test public void testDoFilterWithNullRollerSession() throws Exception { try (MockedStatic mockedUIBeanFactory = mockStatic(UIBeanFactory.class)) { - mockedUIBeanFactory.when(() -> UIBeanFactory.getBean(RollerSession.class)) + mockedUIBeanFactory.when(() -> UIBeanFactory.getBean(RollerUISession.class)) .thenReturn(null); filter.init(mock(FilterConfig.class)); diff --git a/app/src/test/java/org/apache/roller/weblogger/ui/core/filters/ValidateSaltFilterTest.java b/app/src/test/java/org/apache/roller/weblogger/ui/core/filters/ValidateSaltFilterTest.java index e8694797b4..b423a93fae 100644 --- a/app/src/test/java/org/apache/roller/weblogger/ui/core/filters/ValidateSaltFilterTest.java +++ b/app/src/test/java/org/apache/roller/weblogger/ui/core/filters/ValidateSaltFilterTest.java @@ -2,7 +2,7 @@ import org.apache.roller.weblogger.config.WebloggerConfig; import org.apache.roller.weblogger.pojos.User; -import org.apache.roller.weblogger.ui.core.RollerSession; +import org.apache.roller.weblogger.ui.core.RollerUISession; import org.apache.roller.weblogger.ui.rendering.util.cache.SaltCache; import org.apache.roller.weblogger.ui.struts2.util.UIBeanFactory; import org.junit.jupiter.api.BeforeEach; @@ -34,7 +34,7 @@ public class ValidateSaltFilterTest { private FilterChain chain; @Mock - private RollerSession rollerSession; + private RollerUISession rollerUISession; @Mock private SaltCache saltCache; @@ -44,7 +44,7 @@ public void setUp() throws ServletException { MockitoAnnotations.openMocks(this); filter = new ValidateSaltFilter(); try (MockedStatic mockedUIBeanFactory = mockStatic(UIBeanFactory.class)) { - mockedUIBeanFactory.when(() -> UIBeanFactory.getBean(RollerSession.class)).thenReturn(rollerSession); + mockedUIBeanFactory.when(() -> UIBeanFactory.getBean(RollerUISession.class)).thenReturn(rollerUISession); filter.init(mock(FilterConfig.class)); } } @@ -75,12 +75,12 @@ public void testDoFilterWithPostMethodAndValidSalt() throws Exception { when(request.getParameter("salt")).thenReturn("validSalt"); when(saltCache.get("validSalt")).thenReturn("testUser"); - RollerSession rollerSession = mock(RollerSession.class); + RollerUISession rollerUISession = mock(RollerUISession.class); User user = mock(User.class); - when(rollerSession.getAuthenticatedUser()).thenReturn(user); + when(rollerUISession.getAuthenticatedUser()).thenReturn(user); when(user.getId()).thenReturn("testUser"); - mockedUIBeanFactory.when(() -> UIBeanFactory.getBean(any(), any())).thenReturn(rollerSession); + mockedUIBeanFactory.when(() -> UIBeanFactory.getBean(any(), any())).thenReturn(rollerUISession); filter = new ValidateSaltFilter(); filter.init(mock(FilterConfig.class)); @@ -115,7 +115,7 @@ public void testDoFilterWithPostMethodAndMismatchedUserId() throws Exception { when(request.getMethod()).thenReturn("POST"); when(request.getParameter("salt")).thenReturn("validSalt"); when(saltCache.get("validSalt")).thenReturn("differentUserId"); - when(rollerSession.getAuthenticatedUser()).thenReturn(new TestUser("userId")); + when(rollerUISession.getAuthenticatedUser()).thenReturn(new TestUser("userId")); StringBuffer requestURL = new StringBuffer("https://example.com/app/ignoredurl"); when(request.getRequestURL()).thenReturn(requestURL); @@ -131,7 +131,7 @@ public void testDoFilterWithPostMethodAndNullRollerSession() throws Exception { MockedStatic mockedUIBeanFactory = mockStatic(UIBeanFactory.class)) { mockedSaltCache.when(SaltCache::getInstance).thenReturn(saltCache); - mockedUIBeanFactory.when(() -> UIBeanFactory.getBean(RollerSession.class)).thenReturn(null); + mockedUIBeanFactory.when(() -> UIBeanFactory.getBean(RollerUISession.class)).thenReturn(null); when(request.getMethod()).thenReturn("POST"); when(request.getParameter("salt")).thenReturn("validSalt"); @@ -154,7 +154,7 @@ public void testDoFilterWithIgnoredURL() throws Exception { mockedWebloggerConfig.when(() -> WebloggerConfig.getProperty("salt.ignored.urls")) .thenReturn("https://example.com/app/ignoredurl?param1=value1&m2=value2"); - mockedUIBeanFactory.when(() -> UIBeanFactory.getBean(RollerSession.class)).thenReturn(rollerSession); + mockedUIBeanFactory.when(() -> UIBeanFactory.getBean(RollerUISession.class)).thenReturn(rollerUISession); when(request.getMethod()).thenReturn("POST"); StringBuffer requestURL = new StringBuffer("https://example.com/app/ignoredurl");