[Pki-devel] [PATCH] 650 Refactored LDAPSecurityDomainSessionTable.
Endi Sukma Dewata
edewata at redhat.com
Tue Oct 6 22:49:22 UTC 2015
The LDAPSecurityDomainSessionTable has been modified to throw
an exception if there is a failure.
https://fedorahosted.org/pki/ticket/1633
--
Endi S. Dewata
-------------- next part --------------
From 4814dac89057759f929a177141a4658f095dc87c Mon Sep 17 00:00:00 2001
From: "Endi S. Dewata" <edewata at redhat.com>
Date: Fri, 11 Sep 2015 22:54:56 +0200
Subject: [PATCH] Refactored LDAPSecurityDomainSessionTable.
The LDAPSecurityDomainSessionTable has been modified to throw
an exception if there is a failure.
https://fedorahosted.org/pki/ticket/1633
---
.../certsrv/base/ISecurityDomainSessionTable.java | 18 +-
.../com/netscape/cms/servlet/base/CMSServlet.java | 24 +--
.../cms/servlet/csadmin/TokenAuthenticate.java | 5 +-
.../session/LDAPSecurityDomainSessionTable.java | 192 +++++++++++----------
.../session/SecurityDomainSessionTable.java | 4 +-
.../com/netscape/cmscore/session/SessionTimer.java | 12 +-
6 files changed, 134 insertions(+), 121 deletions(-)
diff --git a/base/common/src/com/netscape/certsrv/base/ISecurityDomainSessionTable.java b/base/common/src/com/netscape/certsrv/base/ISecurityDomainSessionTable.java
index 9bf3aa24bb655a146a5c7dedb16960183464f205..1986dc00c0ad0175d15cb70fe22df45acb793d0a 100644
--- a/base/common/src/com/netscape/certsrv/base/ISecurityDomainSessionTable.java
+++ b/base/common/src/com/netscape/certsrv/base/ISecurityDomainSessionTable.java
@@ -26,25 +26,25 @@ public interface ISecurityDomainSessionTable {
public static final int SUCCESS = 0;
public static final int FAILURE = 1;
- public int addEntry(String cookieId, String ip, String uid, String group);
+ public int addEntry(String sessionID, String ip, String uid, String group) throws Exception;
- public int removeEntry(String sessionId);
+ public int removeEntry(String sessionID) throws Exception;
- public boolean isSessionIdExist(String sessionId);
+ public boolean sessionExists(String sessionID) throws Exception;
- public String getIP(String sessionId);
+ public String getIP(String sessionID) throws Exception;
- public String getUID(String sessionId);
+ public String getUID(String sessionID) throws Exception;
- public String getGroup(String sessionId);
+ public String getGroup(String sessionID) throws Exception;
- public long getBeginTime(String sessionId);
+ public long getBeginTime(String sessionID) throws Exception;
- public int getSize();
+ public int getSize() throws Exception;
public long getTimeToLive();
- public Enumeration<String> getSessionIds();
+ public Enumeration<String> getSessionIDs() throws Exception;
public void shutdown();
}
diff --git a/base/server/cms/src/com/netscape/cms/servlet/base/CMSServlet.java b/base/server/cms/src/com/netscape/cms/servlet/base/CMSServlet.java
index 67cc7d163dc1f0623c35b6b4c267f9a35bd82b2a..99b15c77d09d8fec0422403a7ef41e1e8f7b08df 100644
--- a/base/server/cms/src/com/netscape/cms/servlet/base/CMSServlet.java
+++ b/base/server/cms/src/com/netscape/cms/servlet/base/CMSServlet.java
@@ -44,17 +44,6 @@ import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
-import netscape.security.pkcs.ContentInfo;
-import netscape.security.pkcs.PKCS7;
-import netscape.security.pkcs.SignerInfo;
-import netscape.security.x509.AlgorithmId;
-import netscape.security.x509.CRLExtensions;
-import netscape.security.x509.CRLReasonExtension;
-import netscape.security.x509.CertificateChain;
-import netscape.security.x509.RevocationReason;
-import netscape.security.x509.RevokedCertImpl;
-import netscape.security.x509.X509CertImpl;
-
import org.w3c.dom.Node;
import com.netscape.certsrv.apps.CMS;
@@ -100,6 +89,17 @@ import com.netscape.cms.servlet.common.ServletUtils;
import com.netscape.cmsutil.util.Utils;
import com.netscape.cmsutil.xml.XMLObject;
+import netscape.security.pkcs.ContentInfo;
+import netscape.security.pkcs.PKCS7;
+import netscape.security.pkcs.SignerInfo;
+import netscape.security.x509.AlgorithmId;
+import netscape.security.x509.CRLExtensions;
+import netscape.security.x509.CRLReasonExtension;
+import netscape.security.x509.CertificateChain;
+import netscape.security.x509.RevocationReason;
+import netscape.security.x509.RevokedCertImpl;
+import netscape.security.x509.X509CertImpl;
+
/**
* This is the base class of all CS servlet.
*
@@ -560,7 +560,7 @@ public abstract class CMSServlet extends HttpServlet {
* process the request
*/
protected void process(CMSRequest cmsRequest)
- throws EBaseException {
+ throws Exception {
}
/**
diff --git a/base/server/cms/src/com/netscape/cms/servlet/csadmin/TokenAuthenticate.java b/base/server/cms/src/com/netscape/cms/servlet/csadmin/TokenAuthenticate.java
index 745962c7226973ff72c7b4e8c2fff58365b5b583..27f478235f4bb63ddd0e496af51bd47f20ada5cc 100644
--- a/base/server/cms/src/com/netscape/cms/servlet/csadmin/TokenAuthenticate.java
+++ b/base/server/cms/src/com/netscape/cms/servlet/csadmin/TokenAuthenticate.java
@@ -28,7 +28,6 @@ import javax.servlet.http.HttpServletResponse;
import org.w3c.dom.Node;
import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.base.EBaseException;
import com.netscape.certsrv.base.IConfigStore;
import com.netscape.certsrv.base.ISecurityDomainSessionTable;
import com.netscape.cms.servlet.base.CMSServlet;
@@ -62,7 +61,7 @@ public class TokenAuthenticate extends CMSServlet {
*
* @param cmsReq the object holding the request and response information
*/
- protected void process(CMSRequest cmsReq) throws EBaseException {
+ protected void process(CMSRequest cmsReq) throws Exception {
HttpServletRequest httpReq = cmsReq.getHttpReq();
HttpServletResponse httpResp = cmsReq.getHttpResp();
IConfigStore config = CMS.getConfigStore();
@@ -82,7 +81,7 @@ public class TokenAuthenticate extends CMSServlet {
String uid = "";
String gid = "";
CMS.debug("TokenAuthentication: checking session in the session table");
- if (table.isSessionIdExist(sessionId)) {
+ if (table.sessionExists(sessionId)) {
CMS.debug("TokenAuthentication: found session");
if (checkIP) {
String hostname = table.getIP(sessionId);
diff --git a/base/server/cmscore/src/com/netscape/cmscore/session/LDAPSecurityDomainSessionTable.java b/base/server/cmscore/src/com/netscape/cmscore/session/LDAPSecurityDomainSessionTable.java
index bbc9f1a7967510295ffb1f7c6cae30f88b0cf41e..913267df215b6005b2632026f3683cfd8490fac1 100644
--- a/base/server/cmscore/src/com/netscape/cmscore/session/LDAPSecurityDomainSessionTable.java
+++ b/base/server/cmscore/src/com/netscape/cmscore/session/LDAPSecurityDomainSessionTable.java
@@ -21,6 +21,14 @@ import java.util.Date;
import java.util.Enumeration;
import java.util.Vector;
+import com.netscape.certsrv.apps.CMS;
+import com.netscape.certsrv.base.EBaseException;
+import com.netscape.certsrv.base.IConfigStore;
+import com.netscape.certsrv.base.ISecurityDomainSessionTable;
+import com.netscape.certsrv.base.PKIException;
+import com.netscape.certsrv.ldap.ELdapException;
+import com.netscape.certsrv.ldap.ILdapConnFactory;
+
import netscape.ldap.LDAPAttribute;
import netscape.ldap.LDAPAttributeSet;
import netscape.ldap.LDAPConnection;
@@ -29,13 +37,6 @@ import netscape.ldap.LDAPException;
import netscape.ldap.LDAPSearchResults;
import netscape.ldap.LDAPv2;
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.base.ISecurityDomainSessionTable;
-import com.netscape.certsrv.ldap.ELdapException;
-import com.netscape.certsrv.ldap.ILdapConnFactory;
-
/**
* This object stores the values for IP, uid and group based on the cookie id in LDAP.
* Entries are stored under ou=Security Domain, ou=sessions, $basedn
@@ -55,48 +56,38 @@ public class LDAPSecurityDomainSessionTable
}
public int addEntry(String sessionId, String ip,
- String uid, String group) {
+ String uid, String group) throws Exception {
IConfigStore cs = CMS.getConfigStore();
LDAPConnection conn = null;
- boolean sessions_exists = true;
int status = FAILURE;
- String basedn = null;
- String sessionsdn = null;
- try {
- basedn = cs.getString("internaldb.basedn");
- sessionsdn = "ou=sessions,ou=Security Domain," + basedn;
- } catch (Exception e) {
- CMS.debug("SecurityDomainSessionTable: addEntry: failed to read basedn" + e);
- return status;
- }
+ String basedn = cs.getString("internaldb.basedn");
+ String sessionsdn = "ou=sessions,ou=Security Domain," + basedn;
try {
// create session entry (if it does not exist)
conn = mLdapConnFactory.getConn();
- LDAPEntry entry = null;
- LDAPAttributeSet attrs = null;
- attrs = new LDAPAttributeSet();
+ LDAPAttributeSet attrs = new LDAPAttributeSet();
attrs.add(new LDAPAttribute("objectclass", "top"));
attrs.add(new LDAPAttribute("objectclass", "organizationalUnit"));
attrs.add(new LDAPAttribute("ou", "sessions"));
- entry = new LDAPEntry(sessionsdn, attrs);
- conn.add(entry);
- } catch (Exception e) {
- if ((e instanceof LDAPException)
- && (((LDAPException) e).getLDAPResultCode() == LDAPException.ENTRY_ALREADY_EXISTS)) {
- // continue
- } else {
- CMS.debug("SecurityDomainSessionTable: unable to create ou=sessions:" + e);
- sessions_exists = false;
+
+ LDAPEntry entry = new LDAPEntry(sessionsdn, attrs);
+
+ try {
+ conn.add(entry);
+
+ } catch (LDAPException e) {
+ if (e.getLDAPResultCode() == LDAPException.ENTRY_ALREADY_EXISTS) {
+ // continue
+ } else {
+ CMS.debug("SecurityDomainSessionTable: Unable to create ou=sessions: " + e);
+ throw new PKIException("Unable to create ou=sessions", e);
+ }
}
- }
- // add new entry
- try {
- LDAPEntry entry = null;
- LDAPAttributeSet attrs = null;
+ // add new entry
String entrydn = "cn=" + sessionId + "," + sessionsdn;
attrs = new LDAPAttributeSet();
attrs.add(new LDAPAttribute("objectclass", "top"));
@@ -108,24 +99,24 @@ public class LDAPSecurityDomainSessionTable
attrs.add(new LDAPAttribute("dateOfCreate", Long.toString((new Date()).getTime())));
entry = new LDAPEntry(entrydn, attrs);
- if (sessions_exists) {
- conn.add(entry);
- CMS.debug("SecurityDomainSessionTable: added session entry" + sessionId);
- status = SUCCESS;
+
+ conn.add(entry);
+
+ CMS.debug("SecurityDomainSessionTable: added session entry" + sessionId);
+ status = SUCCESS;
+
+ } finally {
+ try {
+ mLdapConnFactory.returnConn(conn);
+ } catch (Exception e) {
+ CMS.debug(e);
}
- } catch (Exception e) {
- CMS.debug("SecurityDomainSessionTable: unable to create session entry" + sessionId + ": " + e);
}
- try {
- mLdapConnFactory.returnConn(conn);
- } catch (Exception e) {
- CMS.debug("SecurityDomainSessionTable:addEntry: Error in disconnecting from database: " + e);
- }
return status;
}
- public int removeEntry(String sessionId) {
+ public int removeEntry(String sessionId) throws Exception {
IConfigStore cs = CMS.getConfigStore();
LDAPConnection conn = null;
int status = FAILURE;
@@ -135,26 +126,31 @@ public class LDAPSecurityDomainSessionTable
conn = mLdapConnFactory.getConn();
conn.delete(dn);
status = SUCCESS;
- } catch (Exception e) {
- if ((e instanceof LDAPException)
- && (((LDAPException) e).getLDAPResultCode() == LDAPException.NO_SUCH_OBJECT)) {
+
+ } catch (LDAPException e) {
+ if (e.getLDAPResultCode() == LDAPException.NO_SUCH_OBJECT) {
// continue
} else {
CMS.debug("SecurityDomainSessionTable: unable to delete session " + sessionId + ": " + e);
+ throw new PKIException("Unable to delete session " + sessionId, e);
+ }
+
+ } finally {
+ try {
+ mLdapConnFactory.returnConn(conn);
+ } catch (Exception e) {
+ CMS.debug(e);
}
}
- try {
- mLdapConnFactory.returnConn(conn);
- } catch (Exception e) {
- CMS.debug("SecurityDomainSessionTable: removeEntry: Error in disconnecting from database: " + e);
- }
+
return status;
}
- public boolean isSessionIdExist(String sessionId) {
+ public boolean sessionExists(String sessionId) throws Exception {
IConfigStore cs = CMS.getConfigStore();
LDAPConnection conn = null;
boolean ret = false;
+
try {
String basedn = cs.getString("internaldb.basedn");
String sessionsdn = "ou=sessions,ou=Security Domain," + basedn;
@@ -165,19 +161,22 @@ public class LDAPSecurityDomainSessionTable
LDAPSearchResults res = conn.search(sessionsdn, LDAPv2.SCOPE_SUB, filter, attrs, false);
if (res.getCount() > 0)
ret = true;
- } catch (Exception e) {
- CMS.debug("SecurityDomainSessionTable: unable to query session " + sessionId + ": " + e);
- }
- try {
- mLdapConnFactory.returnConn(conn);
- } catch (Exception e) {
- CMS.debug("SecurityDomainSessionTable: isSessionIdExist: Error in disconnecting from database: " + e);
+ } finally {
+ try {
+ mLdapConnFactory.returnConn(conn);
+ } catch (Exception e) {
+ CMS.debug(e);
+ }
}
+
return ret;
}
- public Enumeration<String> getSessionIds() {
+ public Enumeration<String> getSessionIDs() throws Exception {
+
+ CMS.debug("LDAPSecurityDomainSessionTable: getSessionIds() ");
+
IConfigStore cs = CMS.getConfigStore();
LDAPConnection conn = null;
Vector<String> ret = new Vector<String>();
@@ -188,38 +187,42 @@ public class LDAPSecurityDomainSessionTable
String filter = "(objectclass=securityDomainSessionEntry)";
String[] attrs = { "cn" };
+ CMS.debug("LDAPSecurityDomainSessionTable: searching " + sessionsdn);
+
conn = mLdapConnFactory.getConn();
LDAPSearchResults res = conn.search(sessionsdn, LDAPv2.SCOPE_SUB, filter, attrs, false);
while (res.hasMoreElements()) {
LDAPEntry entry = res.next();
LDAPAttribute sid = entry.getAttribute("cn");
if (sid == null) {
- throw new Exception("Invalid LDAP Entry." + entry.getDN() + " No session id(cn).");
+ CMS.debug("LDAPSecurityDomainSessionTable: Missing session ID: " + entry.getDN());
+ throw new Exception("Missing session ID: " + entry.getDN());
}
ret.add(sid.getStringValueArray()[0]);
}
+
} catch (LDAPException e) {
switch (e.getLDAPResultCode()) {
case LDAPException.NO_SUCH_OBJECT:
- CMS.debug("SecurityDomainSessionTable: getSessionIds(): no sessions have been created");
+ CMS.debug("SecurityDomainSessionTable: No active sessions.");
break;
default:
- CMS.debug("SecurityDomainSessionTable: unable to query sessionIds due to ldap exception: " + e);
+ CMS.debug("SecurityDomainSessionTable: RC: " + e.getLDAPResultCode());
+ throw e;
}
- } catch (Exception e) {
- CMS.debug("SecurityDomainSessionTable: unable to query sessionIds: " + e);
- }
- try {
- mLdapConnFactory.returnConn(conn);
- } catch (Exception e) {
- CMS.debug("SecurityDomainSessionTable: getSessionIds: Error in disconnecting from database: " + e);
+ } finally {
+ try {
+ mLdapConnFactory.returnConn(conn);
+ } catch (Exception e) {
+ CMS.debug(e);
+ }
}
return ret.elements();
}
- private String getStringValue(String sessionId, String attr) {
+ private String getStringValue(String sessionId, String attr) throws Exception {
IConfigStore cs = CMS.getConfigStore();
LDAPConnection conn = null;
String ret = null;
@@ -228,6 +231,7 @@ public class LDAPSecurityDomainSessionTable
String sessionsdn = "ou=sessions,ou=Security Domain," + basedn;
String filter = "(cn=" + sessionId + ")";
String[] attrs = { attr };
+
conn = mLdapConnFactory.getConn();
LDAPSearchResults res = conn.search(sessionsdn, LDAPv2.SCOPE_SUB, filter, attrs, false);
if (res.getCount() > 0) {
@@ -238,31 +242,31 @@ public class LDAPSecurityDomainSessionTable
}
ret = searchAttribute.getStringValueArray()[0];
}
- } catch (Exception e) {
- CMS.debug("SecurityDomainSessionTable: unable to query session " + sessionId + ": " + e.getMessage());
- }
- try {
- mLdapConnFactory.returnConn(conn);
- } catch (Exception e) {
- CMS.debug("SecurityDomainSessionTable: isSessionIdExist: Error in disconnecting from database: " + e);
+ } finally {
+ try {
+ mLdapConnFactory.returnConn(conn);
+ } catch (Exception e) {
+ CMS.debug(e);
+ }
}
+
return ret;
}
- public String getIP(String sessionId) {
+ public String getIP(String sessionId) throws Exception {
return getStringValue(sessionId, "host");
}
- public String getUID(String sessionId) {
+ public String getUID(String sessionId) throws Exception {
return getStringValue(sessionId, "uid");
}
- public String getGroup(String sessionId) {
+ public String getGroup(String sessionId) throws Exception {
return getStringValue(sessionId, "cmsUserGroup");
}
- public long getBeginTime(String sessionId) {
+ public long getBeginTime(String sessionId) throws Exception {
String beginStr = getStringValue(sessionId, "dateOfCreate");
if (beginStr != null) {
return Long.parseLong(beginStr);
@@ -274,7 +278,7 @@ public class LDAPSecurityDomainSessionTable
return m_timeToLive;
}
- public int getSize() {
+ public int getSize() throws Exception {
IConfigStore cs = CMS.getConfigStore();
LDAPConnection conn = null;
int ret = 0;
@@ -288,16 +292,16 @@ public class LDAPSecurityDomainSessionTable
conn = mLdapConnFactory.getConn();
LDAPSearchResults res = conn.search(sessionsdn, LDAPv2.SCOPE_SUB, filter, attrs, false);
ret = res.getCount();
- } catch (Exception e) {
- CMS.debug("SecurityDomainSessionTable: unable to query sessionIds: " + e);
- }
- try {
- mLdapConnFactory.returnConn(conn);
- } catch (Exception e) {
- CMS.debug("SecurityDomainSessionTable: getSessionIds: Error in disconnecting from database: " + e);
+ } finally {
+ try {
+ mLdapConnFactory.returnConn(conn);
+ } catch (Exception e) {
+ CMS.debug(e);
+ }
}
+
return ret;
}
diff --git a/base/server/cmscore/src/com/netscape/cmscore/session/SecurityDomainSessionTable.java b/base/server/cmscore/src/com/netscape/cmscore/session/SecurityDomainSessionTable.java
index c7fe25599bd07c8d2db5b4529976e873ebe9ea5a..e408a87c959e0661fab0735db8f202da68aef332 100644
--- a/base/server/cmscore/src/com/netscape/cmscore/session/SecurityDomainSessionTable.java
+++ b/base/server/cmscore/src/com/netscape/cmscore/session/SecurityDomainSessionTable.java
@@ -56,11 +56,11 @@ public class SecurityDomainSessionTable
return SUCCESS;
}
- public boolean isSessionIdExist(String sessionId) {
+ public boolean sessionExists(String sessionId) {
return m_sessions.containsKey(sessionId);
}
- public Enumeration<String> getSessionIds() {
+ public Enumeration<String> getSessionIDs() {
return m_sessions.keys();
}
diff --git a/base/server/cmscore/src/com/netscape/cmscore/session/SessionTimer.java b/base/server/cmscore/src/com/netscape/cmscore/session/SessionTimer.java
index 28c06de329997afe83df210653dcadf6bf80e607..0f79fc485daec98af99a2d9f76dd3baadc260672 100644
--- a/base/server/cmscore/src/com/netscape/cmscore/session/SessionTimer.java
+++ b/base/server/cmscore/src/com/netscape/cmscore/session/SessionTimer.java
@@ -37,7 +37,17 @@ public class SessionTimer extends TimerTask {
}
public void run() {
- Enumeration<String> keys = m_sessiontable.getSessionIds();
+ CMS.debug("SessionTimer: run()");
+ try {
+ runImpl();
+ } catch (Exception e) {
+ CMS.debug(e);
+ }
+ }
+
+ public void runImpl() throws Exception {
+
+ Enumeration<String> keys = m_sessiontable.getSessionIDs();
while (keys.hasMoreElements()) {
String sessionId = keys.nextElement();
long beginTime = m_sessiontable.getBeginTime(sessionId);
--
2.4.3
More information about the Pki-devel
mailing list