View Javadoc
1   /*
2    * Licensed under the GPL License. You may not use this file except in compliance with the License.
3    * You may obtain a copy of the License at
4    *
5    *   https://www.gnu.org/licenses/old-licenses/gpl-2.0.html
6    *
7    * THIS PACKAGE IS PROVIDED "AS IS" AND WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING,
8    * WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR
9    * PURPOSE.
10   */
11  package psiprobe.controllers.sessions;
12  
13  import jakarta.servlet.http.HttpServletRequest;
14  import jakarta.servlet.http.HttpServletResponse;
15  import jakarta.servlet.http.HttpSession;
16  
17  import java.util.ArrayList;
18  import java.util.Iterator;
19  import java.util.List;
20  import java.util.regex.Pattern;
21  
22  import org.apache.catalina.Context;
23  import org.apache.catalina.Session;
24  import org.apache.commons.lang3.StringUtils;
25  import org.springframework.beans.factory.annotation.Value;
26  import org.springframework.context.support.MessageSourceAccessor;
27  import org.springframework.stereotype.Controller;
28  import org.springframework.web.bind.ServletRequestUtils;
29  import org.springframework.web.bind.annotation.RequestMapping;
30  import org.springframework.web.servlet.ModelAndView;
31  
32  import psiprobe.controllers.AbstractContextHandlerController;
33  import psiprobe.model.ApplicationSession;
34  import psiprobe.model.Attribute;
35  import psiprobe.model.SessionSearchInfo;
36  import psiprobe.tools.ApplicationUtils;
37  import psiprobe.tools.SecurityUtils;
38  
39  /**
40   * Creates the list of sessions for a particular web application or all web applications if a webapp
41   * request parameter is not set.
42   */
43  @Controller
44  public class ListSessionsController extends AbstractContextHandlerController {
45  
46    @RequestMapping(path = "/sessions.htm")
47    @Override
48    public ModelAndView handleRequest(HttpServletRequest request, HttpServletResponse response)
49        throws Exception {
50      return super.handleRequest(request, response);
51    }
52  
53    @Override
54    protected ModelAndView handleContext(String contextName, Context context,
55        HttpServletRequest request, HttpServletResponse response) throws Exception {
56  
57      boolean calcSize = ServletRequestUtils.getBooleanParameter(request, "size", false)
58          && SecurityUtils.hasAttributeValueRole(getServletContext());
59  
60      SessionSearchInfo searchInfo = new SessionSearchInfo();
61      searchInfo.setSearchAction(StringUtils.trimToNull(ServletRequestUtils
62          .getStringParameter(request, "searchAction", SessionSearchInfo.ACTION_NONE)));
63      HttpSession sess = request.getSession(false);
64  
65      if (searchInfo.isApply()) {
66        searchInfo.setSessionId(StringUtils
67            .trimToNull(ServletRequestUtils.getStringParameter(request, "searchSessionId")));
68        searchInfo.setLastIp(
69            StringUtils.trimToNull(ServletRequestUtils.getStringParameter(request, "searchLastIP")));
70  
71        searchInfo.setAgeFrom(
72            StringUtils.trimToNull(ServletRequestUtils.getStringParameter(request, "searchAgeFrom")));
73        searchInfo.setAgeTo(
74            StringUtils.trimToNull(ServletRequestUtils.getStringParameter(request, "searchAgeTo")));
75        searchInfo.setIdleTimeFrom(StringUtils
76            .trimToNull(ServletRequestUtils.getStringParameter(request, "searchIdleTimeFrom")));
77        searchInfo.setIdleTimeTo(StringUtils
78            .trimToNull(ServletRequestUtils.getStringParameter(request, "searchIdleTimeTo")));
79        searchInfo.setAttrName(StringUtils
80            .trimToNull(ServletRequestUtils.getStringParameter(request, "searchAttrName")));
81        if (sess != null) {
82          sess.setAttribute(SessionSearchInfo.SESS_ATTR_NAME, searchInfo);
83        }
84      } else if (sess != null) {
85        if (searchInfo.isClear()) {
86          sess.removeAttribute(SessionSearchInfo.SESS_ATTR_NAME);
87        } else {
88          SessionSearchInfo ss =
89              (SessionSearchInfo) sess.getAttribute(SessionSearchInfo.SESS_ATTR_NAME);
90          if (ss != null) {
91            searchInfo = ss;
92          }
93        }
94      }
95  
96      // context is not specified we'll retrieve all sessions of the container
97  
98      List<Context> ctxs;
99      if (context == null) {
100       ctxs = getContainerWrapper().getTomcatContainer().findContexts();
101     } else {
102       ctxs = new ArrayList<>();
103       ctxs.add(context);
104     }
105 
106     List<ApplicationSession> sessionList = new ArrayList<>();
107     for (Context ctx : ctxs) {
108       if (ctx != null && ctx.getManager() != null
109           && (!searchInfo.isApply() || searchInfo.isUseSearch())) {
110         Session[] sessions = ctx.getManager().findSessions();
111         for (Session session : sessions) {
112           ApplicationSession appSession =
113               ApplicationUtils.getApplicationSession(session, calcSize, searchInfo.isUseAttr());
114           if (appSession != null && matchSession(appSession, searchInfo)) {
115             if (ctx.getName() != null) {
116               appSession.setApplicationName(ctx.getName().length() > 0 ? ctx.getName() : "/");
117             }
118             sessionList.add(appSession);
119           }
120         }
121       }
122     }
123 
124     if (sessionList.isEmpty() && searchInfo.isApply()) {
125       synchronized (sess) {
126         populateSearchMessages(searchInfo);
127       }
128     }
129 
130     ModelAndView modelAndView = new ModelAndView(getViewName(), "sessions", sessionList);
131     modelAndView.addObject("searchInfo", searchInfo);
132 
133     return modelAndView;
134   }
135 
136   /**
137    * Populate search messages.
138    *
139    * @param searchInfo the search info
140    */
141   private void populateSearchMessages(SessionSearchInfo searchInfo) {
142     MessageSourceAccessor msa = getMessageSourceAccessor();
143 
144     searchInfo.getErrorMessages().clear();
145 
146     if (searchInfo.isEmpty()) {
147       searchInfo.addErrorMessage(msa.getMessage("probe.src.sessions.search.empty"));
148     } else if (searchInfo.isValid()) {
149       searchInfo.setInfoMessage(msa.getMessage("probe.src.sessions.search.results.empty"));
150     } else {
151       if (!searchInfo.isSessionIdValid()) {
152         searchInfo.addErrorMessage(msa.getMessage("probe.src.sessions.search.invalid.sessionId",
153             new Object[] {searchInfo.getSessionIdMsg()}));
154       }
155       if (!searchInfo.isAttrNameValid()) {
156         for (String message : searchInfo.getAttrNameMsgs()) {
157           searchInfo.addErrorMessage(
158               msa.getMessage("probe.src.sessions.search.invalid.attrName", new Object[] {message}));
159         }
160       }
161       if (!searchInfo.isAgeFromValid()) {
162         searchInfo.addErrorMessage(msa.getMessage("probe.src.sessions.search.invalid.ageFrom"));
163       }
164       if (!searchInfo.isAgeToValid()) {
165         searchInfo.addErrorMessage(msa.getMessage("probe.src.sessions.search.invalid.ageTo"));
166       }
167       if (!searchInfo.isIdleTimeFromValid()) {
168         searchInfo
169             .addErrorMessage(msa.getMessage("probe.src.sessions.search.invalid.idleTimeFrom"));
170       }
171       if (!searchInfo.isIdleTimeToValid()) {
172         searchInfo.addErrorMessage(msa.getMessage("probe.src.sessions.search.invalid.idleTimeTo"));
173       }
174       if (searchInfo.getErrorMessages().isEmpty()) {
175         searchInfo.addErrorMessage(msa.getMessage("probe.src.sessions.search.invalid"));
176       }
177     }
178   }
179 
180   /**
181    * Match session.
182    *
183    * @param appSession the app session
184    * @param searchInfo the search info
185    *
186    * @return true, if successful
187    */
188   private boolean matchSession(ApplicationSession appSession, SessionSearchInfo searchInfo) {
189     boolean sessionMatches = true;
190     if (searchInfo.isUseSearch()) {
191       if (searchInfo.isUseSessionId() && appSession.getId() != null) {
192         sessionMatches = searchInfo.getSessionIdPattern().matcher(appSession.getId()).matches();
193       }
194       if (sessionMatches && searchInfo.isUseAgeFrom()) {
195         sessionMatches = appSession.getAge() >= searchInfo.getAgeFromSec().longValue() * 1000;
196       }
197       if (sessionMatches && searchInfo.isUseAgeTo()) {
198         sessionMatches = appSession.getAge() <= searchInfo.getAgeToSec().longValue() * 1000;
199       }
200       if (sessionMatches && searchInfo.isUseIdleTimeFrom()) {
201         sessionMatches =
202             appSession.getIdleTime() >= searchInfo.getIdleTimeFromSec().longValue() * 1000;
203       }
204       if (sessionMatches && searchInfo.isUseIdleTimeTo()) {
205         sessionMatches =
206             appSession.getIdleTime() <= searchInfo.getIdleTimeToSec().longValue() * 1000;
207       }
208       if (searchInfo.isUseLastIp() && appSession.getLastAccessedIp() != null) {
209         sessionMatches = appSession.getLastAccessedIp().contains(searchInfo.getLastIp());
210       }
211 
212       if (sessionMatches && searchInfo.isUseAttrName()) {
213         boolean attrMatches = false;
214         List<Pattern> namePatterns = new ArrayList<>(searchInfo.getAttrNamePatterns());
215         for (Attribute attr : appSession.getAttributes()) {
216           String attrName = attr.getName();
217 
218           if (attrName != null) {
219             for (Iterator<Pattern> it = namePatterns.iterator(); it.hasNext();) {
220               if (it.next().matcher(attrName).matches()) {
221                 it.remove();
222               }
223             }
224 
225             if (namePatterns.isEmpty()) {
226               attrMatches = true;
227               break;
228             }
229           }
230         }
231 
232         sessionMatches = attrMatches;
233       }
234     }
235 
236     return sessionMatches;
237   }
238 
239   @Override
240   protected boolean isContextOptional() {
241     return true;
242   }
243 
244   @Value("sessions")
245   @Override
246   public void setViewName(String viewName) {
247     super.setViewName(viewName);
248   }
249 
250 }