in hawtio-system/src/main/java/io/hawt/web/auth/SessionExpiryFilter.java [79:167]
private void process(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws IOException, ServletException {
if (context.getAttribute(AuthenticationConfiguration.AUTHENTICATION_ENABLED) == null) {
// most likely the authentication filter hasn't been started up yet, let this request through and it can be dealt with by the authentication filter
chain.doFilter(request, response);
return;
}
HttpSession session = request.getSession(false);
boolean enabled = (boolean) context.getAttribute(AuthenticationConfiguration.AUTHENTICATION_ENABLED);
final RelativeRequestUri uri = new RelativeRequestUri(request, pathIndex);
LOG.debug("Accessing [{}], hawtio path is [{}]", request.getRequestURI(), uri.getUri());
// pass along if it's the top-level context
if (uri.getComponents().length == 0) {
if (session != null) {
long now = System.currentTimeMillis();
updateLastAccess(session, now);
}
chain.doFilter(request, response);
return;
}
String subContext = uri.getComponents()[0];
if (session == null || session.getMaxInactiveInterval() < 0) {
if (subContext.equals("refresh") && !enabled) {
LOG.debug("Authentication disabled, received refresh response, responding with ok");
writeOk(response);
} else {
chain.doFilter(request, response);
/*
if (!enabled) {
LOG.debug("Authentication disabled, allowing request");
chain.doFilter(request, response);
} else if (request.getHeader(Authenticator.HEADER_AUTHORIZATION) != null) {
// there's no session, but we have request with authentication attempt
// let's pass it further the filter chain - if authentication will fail, user will get 403 anyway
chain.doFilter(request, response);
} else {
if (noCredentials401 && subContext.equals("jolokia")) {
LOG.debug("Authentication enabled, noCredentials401 is true, allowing request for {}",
subContext);
chain.doFilter(request, response);
} else if (subContext.equals("jolokia") ||
subContext.equals("proxy") ||
subContext.equals("user") ||
subContext.equals("exportContext") ||
subContext.equals("contextFormatter") ||
subContext.equals("upload")) {
LOG.debug("Authentication enabled, denying request for {}", subContext);
ServletHelpers.doForbidden(response);
} else {
LOG.debug("Authentication enabled, but allowing request for {}", subContext);
chain.doFilter(request, response);
}
}
*/
}
return;
}
int maxInactiveInterval = session.getMaxInactiveInterval();
long now = System.currentTimeMillis();
if (session.getAttribute(ATTRIBUTE_LAST_ACCESS) != null) {
long lastAccess = (long) session.getAttribute(ATTRIBUTE_LAST_ACCESS);
long remainder = (now - lastAccess) / 1000;
LOG.debug("Session expiry: {}s, duration since last access: {}s", maxInactiveInterval, remainder);
if (remainder > maxInactiveInterval) {
LOG.info("Expiring session due to inactivity");
session.invalidate();
ServletHelpers.doForbidden(response);
return;
}
}
if (subContext.equals("refresh")) {
updateLastAccess(session, now);
writeOk(response);
return;
}
LOG.debug("SubContext: {}", subContext);
if (IGNORED_PATHS.contains(subContext) && session.getAttribute(ATTRIBUTE_LAST_ACCESS) != null) {
LOG.debug("Not updating LastAccess");
} else {
updateLastAccess(session, now);
}
chain.doFilter(request, response);
}