| 781 |
vikas |
1 |
package in.shop2020.serving.interceptors;
|
|
|
2 |
|
| 3185 |
vikas |
3 |
import in.shop2020.serving.services.UserSessionInfo;
|
|
|
4 |
import in.shop2020.serving.utils.DesEncrypter;
|
|
|
5 |
|
| 781 |
vikas |
6 |
import java.util.HashMap;
|
| 2907 |
rajveer |
7 |
import java.util.List;
|
| 781 |
vikas |
8 |
import java.util.Map;
|
|
|
9 |
|
|
|
10 |
import javax.servlet.http.Cookie;
|
|
|
11 |
import javax.servlet.http.HttpServletRequest;
|
| 837 |
vikas |
12 |
import javax.servlet.http.HttpServletResponse;
|
| 781 |
vikas |
13 |
import javax.servlet.http.HttpSession;
|
|
|
14 |
|
| 1044 |
chandransh |
15 |
import org.apache.log4j.Logger;
|
| 781 |
vikas |
16 |
import org.apache.struts2.ServletActionContext;
|
| 2907 |
rajveer |
17 |
import org.apache.struts2.StrutsStatics;
|
| 781 |
vikas |
18 |
|
| 2907 |
rajveer |
19 |
import com.opensymphony.xwork2.ActionContext;
|
| 781 |
vikas |
20 |
import com.opensymphony.xwork2.ActionInvocation;
|
|
|
21 |
import com.opensymphony.xwork2.interceptor.AbstractInterceptor;
|
| 2907 |
rajveer |
22 |
import com.opensymphony.xwork2.interceptor.PreResultListener;
|
| 781 |
vikas |
23 |
|
| 2907 |
rajveer |
24 |
public class UserInterceptor extends AbstractInterceptor implements PreResultListener{
|
| 781 |
vikas |
25 |
|
| 2907 |
rajveer |
26 |
public static final int SECONDS_IN_YEAR = 60*60*24*365;
|
| 837 |
vikas |
27 |
|
| 781 |
vikas |
28 |
private static final long serialVersionUID = -4125815700236506235L;
|
| 1044 |
chandransh |
29 |
private static Logger log = Logger.getLogger(UserInterceptor.class);
|
| 781 |
vikas |
30 |
|
| 2907 |
rajveer |
31 |
public static final String USER_INFO_COOKIE_NAME = "uic";
|
|
|
32 |
public static final String USER_ID_COOKIE_NAME = "uid";
|
| 2998 |
rajveer |
33 |
public static final String COOKIE_DECRYPTION_STRING = "shop2020";
|
| 781 |
vikas |
34 |
|
| 2998 |
rajveer |
35 |
private DesEncrypter desEncrypter = new DesEncrypter(COOKIE_DECRYPTION_STRING);
|
| 781 |
vikas |
36 |
|
| 1658 |
vikas |
37 |
private String cookieDomain = "";
|
|
|
38 |
|
|
|
39 |
public void setCookieDomain(String cookieDomain) {
|
|
|
40 |
this.cookieDomain = cookieDomain;
|
|
|
41 |
}
|
|
|
42 |
|
| 781 |
vikas |
43 |
@Override
|
|
|
44 |
public String intercept(ActionInvocation invocation) throws Exception {
|
|
|
45 |
final Object action = invocation.getAction();
|
|
|
46 |
|
| 1658 |
vikas |
47 |
log.debug("inside user intercepror");
|
| 4388 |
rajveer |
48 |
|
|
|
49 |
HttpServletRequest request = ServletActionContext.getRequest();
|
| 3185 |
vikas |
50 |
HttpSession session = request.getSession(); // Do not remove it, session id is used for session tracking.
|
| 781 |
vikas |
51 |
|
| 4388 |
rajveer |
52 |
Map<String, Cookie> cookiesMap = createCookiesMap(request);
|
| 781 |
vikas |
53 |
|
| 2973 |
chandransh |
54 |
// CreateUserInterceptor may have set the userinfo object in the request
|
|
|
55 |
// itself. If we can get the userinfo object here, we don't need to
|
|
|
56 |
// parse the cookies that came in with the request.
|
| 2907 |
rajveer |
57 |
UserSessionInfo userInfo = (UserSessionInfo) request.getAttribute(USER_INFO_COOKIE_NAME);
|
|
|
58 |
|
| 4388 |
rajveer |
59 |
Cookie userCookie = cookiesMap.get(UserInterceptor.USER_ID_COOKIE_NAME);
|
|
|
60 |
Cookie userinfoCookie = cookiesMap.get(USER_INFO_COOKIE_NAME);
|
| 1354 |
vikas |
61 |
|
| 2907 |
rajveer |
62 |
if(userInfo == null ){
|
| 2973 |
chandransh |
63 |
//Okay, we didn't get the userinfo object from the request. Time to parse the UIC cookie.
|
| 2907 |
rajveer |
64 |
if(userinfoCookie!=null){
|
|
|
65 |
userInfo = UserSessionInfo.getUserSessionInfoFromCookieValue(userinfoCookie.getValue());
|
| 2973 |
chandransh |
66 |
if(userInfo.getUserId() == -1){
|
|
|
67 |
//This means that the cookie couldn't be parsed. So, we should remove the cookie.
|
|
|
68 |
expireUicCookie();
|
|
|
69 |
expireUidCookie();
|
|
|
70 |
}
|
|
|
71 |
} else {
|
|
|
72 |
//No UIC cookie too. Try the old UID cookie. This method is guaranteed to return a userinfo object, cookie or not.
|
| 4388 |
rajveer |
73 |
userInfo = createAndGetSessionFromUIDCookie(session, cookiesMap, userCookie);
|
| 1614 |
rajveer |
74 |
}
|
| 1354 |
vikas |
75 |
}
|
| 2973 |
chandransh |
76 |
|
|
|
77 |
//Set the request attribute for access by other interceptors.
|
| 2907 |
rajveer |
78 |
request.setAttribute(USER_INFO_COOKIE_NAME, userInfo);
|
|
|
79 |
|
| 2973 |
chandransh |
80 |
//Set the userinfo object for use by actions.
|
| 781 |
vikas |
81 |
if (action instanceof UserAware) {
|
|
|
82 |
UserAware sessionAction = (UserAware) action;
|
|
|
83 |
sessionAction.setSession(session);
|
|
|
84 |
sessionAction.setUserSessionInfo(userInfo);
|
|
|
85 |
sessionAction.setCookiesMap(cookiesMap);
|
|
|
86 |
sessionAction.setUserCookie(userCookie);
|
| 1713 |
vikas |
87 |
sessionAction.setCookieDomainName(cookieDomain);
|
| 781 |
vikas |
88 |
}
|
| 2907 |
rajveer |
89 |
|
| 2973 |
chandransh |
90 |
// Ensure that the response of the action is presented to the pre-result
|
|
|
91 |
// listened of this interceptor. We want to add the cookies there.
|
| 2907 |
rajveer |
92 |
invocation.addPreResultListener(this);
|
|
|
93 |
|
| 781 |
vikas |
94 |
return invocation.invoke();
|
|
|
95 |
}
|
|
|
96 |
|
| 1614 |
rajveer |
97 |
|
| 2907 |
rajveer |
98 |
@Override
|
|
|
99 |
public void beforeResult(ActionInvocation invocation, String resultCode) {
|
|
|
100 |
ActionContext ac = invocation.getInvocationContext();
|
|
|
101 |
HttpServletResponse response = (HttpServletResponse) ac.get(StrutsStatics.HTTP_RESPONSE);
|
|
|
102 |
addCookiesToResponse(invocation.getAction(), response);
|
|
|
103 |
}
|
|
|
104 |
|
| 2973 |
chandransh |
105 |
/**
|
|
|
106 |
* Adds cookies to the response object after the action has been executed.
|
|
|
107 |
*
|
|
|
108 |
* @param action
|
|
|
109 |
* @param response
|
|
|
110 |
*/
|
| 2907 |
rajveer |
111 |
private void addCookiesToResponse(Object action, HttpServletResponse response) {
|
| 2960 |
chandransh |
112 |
log.debug("Setting cookies in response");
|
| 2907 |
rajveer |
113 |
if (action instanceof UserAware) {
|
|
|
114 |
List<Cookie> cookies = ((UserAware) action).getCookies();
|
|
|
115 |
if (cookies != null) {
|
|
|
116 |
for (Cookie cookie : cookies) {
|
| 2960 |
chandransh |
117 |
log.debug("Adding cookie " + cookie.getName() + " to the response");
|
| 2907 |
rajveer |
118 |
response.addCookie(cookie);
|
|
|
119 |
}
|
|
|
120 |
}
|
|
|
121 |
}
|
|
|
122 |
}
|
|
|
123 |
|
| 2973 |
chandransh |
124 |
/**
|
|
|
125 |
* Expires the UID cookie if the domain is not set or is set as the empty
|
|
|
126 |
* domain. Creates a new UID cookie with the cookie domain set.
|
|
|
127 |
*
|
|
|
128 |
* This is mostly to handle legacy issue wherein we were not setting the
|
|
|
129 |
* cookie domain explicitly to .saholic.com and different cookies were set
|
|
|
130 |
* for saholic.com and www.saholic.com.
|
|
|
131 |
*
|
|
|
132 |
* @param request
|
|
|
133 |
*/
|
| 4388 |
rajveer |
134 |
private Map<String, Cookie> createCookiesMap(HttpServletRequest request) {
|
|
|
135 |
Map<String, Cookie> cookiesMap = new HashMap<String, Cookie>();
|
| 781 |
vikas |
136 |
Cookie[] cookies = request.getCookies();
|
|
|
137 |
if(cookies==null)
|
| 4388 |
rajveer |
138 |
return cookiesMap;
|
| 1658 |
vikas |
139 |
for (Cookie cookie : cookies) {
|
| 2907 |
rajveer |
140 |
if (cookie.getName().equals(UserInterceptor.USER_ID_COOKIE_NAME)) {
|
| 1658 |
vikas |
141 |
if (cookie.getDomain() == null || cookie.getDomain().isEmpty()
|
|
|
142 |
|| !cookie.getDomain().equals(this.cookieDomain))
|
|
|
143 |
{
|
|
|
144 |
if (!cookieDomain.isEmpty()) {
|
|
|
145 |
cookie.setMaxAge(0);
|
| 2907 |
rajveer |
146 |
Cookie newUserCookie = new Cookie(UserInterceptor.USER_ID_COOKIE_NAME, cookie.getValue());
|
| 1658 |
vikas |
147 |
newUserCookie.setMaxAge(SECONDS_IN_YEAR); // one year
|
|
|
148 |
newUserCookie.setPath("/");
|
|
|
149 |
newUserCookie.setDomain(cookieDomain);
|
|
|
150 |
|
|
|
151 |
HttpServletResponse response = ServletActionContext.getResponse();
|
|
|
152 |
response.addCookie(newUserCookie);
|
|
|
153 |
response.addCookie(cookie);
|
| 2973 |
chandransh |
154 |
} else {
|
| 1722 |
vikas |
155 |
log.error("cookieDomain not set");
|
|
|
156 |
}
|
| 1658 |
vikas |
157 |
}
|
|
|
158 |
}
|
|
|
159 |
cookiesMap.put(cookie.getName(), cookie);
|
|
|
160 |
}
|
| 4388 |
rajveer |
161 |
return cookiesMap;
|
| 781 |
vikas |
162 |
}
|
| 1614 |
rajveer |
163 |
|
| 2973 |
chandransh |
164 |
/**
|
|
|
165 |
* Creates and gets session information from the UID cookie. This should be
|
|
|
166 |
* called only when the required information couldn't be had from the UIC
|
|
|
167 |
* cookie.
|
|
|
168 |
*
|
|
|
169 |
* It also expires the UID cookie if it can't parse the cookie value.
|
|
|
170 |
*
|
|
|
171 |
* @param session
|
|
|
172 |
* @return A user session info object.
|
|
|
173 |
*/
|
| 4388 |
rajveer |
174 |
private UserSessionInfo createAndGetSessionFromUIDCookie(HttpSession session, Map<String, Cookie> cookiesMap, Cookie userCookie) {
|
| 781 |
vikas |
175 |
UserSessionInfo userInfo = null;
|
|
|
176 |
if(userCookie != null){
|
|
|
177 |
String uidString = userCookie.getValue();
|
|
|
178 |
if(uidString != null){
|
|
|
179 |
try {
|
|
|
180 |
Long receivedUID = Long.parseLong(desEncrypter.decrypt(uidString));
|
| 828 |
rajveer |
181 |
log.info("Invalid session with user cookie : " + receivedUID);
|
| 781 |
vikas |
182 |
userInfo = new UserSessionInfo(receivedUID, session.getId());
|
| 2935 |
chandransh |
183 |
if(userInfo.getUserId() == -1){
|
|
|
184 |
log.error("The User for the UID cookie has been deleted in our database. So cleaning up the UID cookie.");
|
|
|
185 |
expireUidCookie();
|
|
|
186 |
}
|
| 781 |
vikas |
187 |
} catch (NumberFormatException nfe) {
|
|
|
188 |
log.error("The UID cookie contains an unparseable userID");
|
| 2935 |
chandransh |
189 |
expireUidCookie();
|
| 2473 |
chandransh |
190 |
userInfo = new UserSessionInfo();
|
| 781 |
vikas |
191 |
}
|
|
|
192 |
}
|
| 2973 |
chandransh |
193 |
} else{
|
|
|
194 |
log.info("Invalid session without user cookie.");
|
|
|
195 |
userInfo = new UserSessionInfo();
|
| 830 |
vikas |
196 |
}
|
| 781 |
vikas |
197 |
return userInfo;
|
|
|
198 |
}
|
| 2907 |
rajveer |
199 |
|
| 2973 |
chandransh |
200 |
/**
|
|
|
201 |
* Expires the UIC cookie.
|
|
|
202 |
*/
|
|
|
203 |
private void expireUicCookie() {
|
|
|
204 |
Cookie newUserCookie = new Cookie(UserInterceptor.USER_INFO_COOKIE_NAME, "-1"); //The value here is immaterial
|
|
|
205 |
newUserCookie.setMaxAge(0); // Expire this cookie now
|
|
|
206 |
newUserCookie.setPath("/");
|
|
|
207 |
newUserCookie.setDomain(cookieDomain);
|
|
|
208 |
|
|
|
209 |
HttpServletResponse response = ServletActionContext.getResponse();
|
|
|
210 |
response.addCookie(newUserCookie);
|
|
|
211 |
}
|
|
|
212 |
|
|
|
213 |
/**
|
|
|
214 |
* Expires the UID cookie.
|
|
|
215 |
*/
|
| 2935 |
chandransh |
216 |
private void expireUidCookie() {
|
|
|
217 |
Cookie newUserCookie = new Cookie(UserInterceptor.USER_ID_COOKIE_NAME, "-1"); //The value here is immaterial
|
|
|
218 |
newUserCookie.setMaxAge(0); // Expire this cookie now
|
|
|
219 |
newUserCookie.setPath("/");
|
|
|
220 |
newUserCookie.setDomain(cookieDomain);
|
|
|
221 |
|
|
|
222 |
HttpServletResponse response = ServletActionContext.getResponse();
|
|
|
223 |
response.addCookie(newUserCookie);
|
|
|
224 |
}
|
|
|
225 |
|
| 781 |
vikas |
226 |
}
|