- 浏览: 2477530 次
- 性别:
- 来自: 成都
文章分类
最新评论
-
nation:
你好,在部署Mesos+Spark的运行环境时,出现一个现象, ...
Spark(4)Deal with Mesos -
sillycat:
AMAZON Relatedhttps://www.godad ...
AMAZON API Gateway(2)Client Side SSL with NGINX -
sillycat:
sudo usermod -aG docker ec2-use ...
Docker and VirtualBox(1)Set up Shared Disk for Virtual Box -
sillycat:
Every Half an Hour30 * * * * /u ...
Build Home NAS(3)Data Redundancy -
sillycat:
3 List the Cron Job I Have>c ...
Build Home NAS(3)Data Redundancy
Session Fixation Security Issue(3)Local Cache Improvement
Just learn from others, try to implement this local cache in my demo project.
Just copy the codes from the openfire repository, but I only want to use the local cache. So I remove some codes about CacheFactory.java from DefaultCache class and rename it to LocalCache.
The test case for it is as follow:
package com.sillycat.easywebflow.core.localcache;
import org.junit.Test;
import org.springframework.util.Assert;
public class LocalCacheTest {
@Test
public void dummy() {
Assert.isTrue(true);
}
@Test
public void lifetime() throws InterruptedException {
LocalCache<string string> localCache = new LocalCache<string string>(
"test_name", 1024 * 1024 * 100, 5000);
for (int i = 0; i &gt; sessionLocalCache = new LocalCache<string map object>&gt;(
"localSession", 1024 * 1024 * 100, 10000);
public void init(FilterConfig filterConfig) throws ServletException {
}
public void doFilter(ServletRequest servletRequest,
ServletResponse serlvetResponse, FilterChain chain)
throws IOException, ServletException {
Thread currentThread = Thread.currentThread();
String threadName = currentThread.getName();
if (!(servletRequest instanceof HttpServletRequest)) {
log.error("Can only process HttpServletRequest");
throw new ServletException("Can only process HttpServletRequest");
}
if (!(serlvetResponse instanceof HttpServletResponse)) {
log.error("Can only process HttpServletResponse");
throw new ServletException("Can only process HttpServletResponse");
}
HttpServletRequest request = (HttpServletRequest) servletRequest;
HttpServletResponse response = (HttpServletResponse) serlvetResponse;
// read cookie
Cookie[] cookies_array = request.getCookies();
String sessionId_fromCookie = "";
if (cookies_array != null &amp;&amp; cookies_array.length &gt; 0) {
for (int i = 0; i attributesToMigrate = null;
// get session
HttpSession session = request.getSession(false);
if (session == null &amp;&amp; request.isRequestedSessionIdValid() == false) {
log.debug(threadName
+ " how did this happen, there is no session!!!!!!!!!!!! + sessionId_fromCookie="
+ sessionId_fromCookie);
}
String originalSessionId = "";
if (session != null &amp;&amp; request.isRequestedSessionIdValid() != false) {
originalSessionId = session.getId();
// save the attributes in map
if (migrateSessionAttributes) {
attributesToMigrate = new HashMap<string object>();
Enumeration&gt; enumer = session.getAttributeNames();
while (enumer.hasMoreElements()) {
try {
String key = (String) enumer.nextElement();
if (session != null
&amp;&amp; request.isRequestedSessionIdValid() != false) {
attributesToMigrate.put(key,
session.getAttribute(key));
}
} catch (Exception e) {
log.error(threadName + " error message " + e
+ " sessionId=" + originalSessionId);
}
}
sessionLocalCache.put(originalSessionId, attributesToMigrate);
}
} else {
originalSessionId = sessionId_fromCookie;
}
// kill the old session
if (session != null &amp;&amp; request.isRequestedSessionIdValid() != false) {
if (log.isDebugEnabled()) {
log.debug(threadName + " Invalidating session with Id "
+ originalSessionId + " start!");
}
session.invalidate();
if (log.isDebugEnabled()) {
log.debug(threadName + "Invalidating session with Id "
+ originalSessionId + " end!");
}
// session.setMaxInactiveInterval(10);
}
session = request.getSession(true); // we now have a new session
if (log.isDebugEnabled()) {
log.debug(threadName + "Started new session: " + session.getId());
}
if (sessionLocalCache.containsKey(originalSessionId)) {
log.debug(threadName + "getting session value from map: "
+ originalSessionId);
attributesToMigrate = (HashMap<string object>) sessionLocalCache
.get(originalSessionId);
}
// migrate the attribute to new session
if (attributesToMigrate != null) {
Iterator&gt; iter = attributesToMigrate.entrySet().iterator();
while (iter.hasNext()) {
Map.Entry, ?&gt; entry = (Entry, ?&gt;) iter.next();
try {
session.setAttribute((String) entry.getKey(),
entry.getValue());
} catch (Exception e) {
log.error(threadName + " error message " + e
+ " new SessionId=" + session.getId());
}
}
log.debug(threadName + " merge the data into new session ="
+ session.getId());
}
CookieRequestWrapper wrapperRequest = new CookieRequestWrapper(request);
wrapperRequest.setResponse(response);
chain.doFilter(wrapperRequest, response);
}
public void destroy() {
}
public boolean isMigrateSessionAttributes() {
return migrateSessionAttributes;
}
public void setMigrateSessionAttributes(boolean migrateSessionAttributes) {
this.migrateSessionAttributes = migrateSessionAttributes;
}
}
It is weird to manage session like this. It is not recommended way.
references:
http://hi.baidu.com/iburu/item/61b4e5144ff792f8ddeecacd
http://svn.igniterealtime.org/svn/repos/openfire/trunk/src/java/org/jivesoftware/util/cache/DefaultCache.java
http://svn.igniterealtime.org/svn/repos/openfire/trunk/src/java/org/jivesoftware/util/LinkedList.java
http://svn.igniterealtime.org/svn/repos/openfire/trunk/src/java/org/jivesoftware/util/LinkedListNode.java
http://svn.igniterealtime.org/svn/repos/openfire/trunk/src/java/org/jivesoftware/util/cache/Cache.java
http://svn.igniterealtime.org/svn/repos/openfire/trunk/src/java/org/jivesoftware/util/cache/CacheSizes.java
http://svn.igniterealtime.org/svn/repos/openfire/trunk/src/java/org/jivesoftware/util/cache/Cacheable.java
http://svn.igniterealtime.org/svn/repos/openfire/trunk/src/java/org/jivesoftware/util/cache/CannotCalculateSizeException.java
</string></string></string></string></string>
Just learn from others, try to implement this local cache in my demo project.
Just copy the codes from the openfire repository, but I only want to use the local cache. So I remove some codes about CacheFactory.java from DefaultCache class and rename it to LocalCache.
The test case for it is as follow:
package com.sillycat.easywebflow.core.localcache;
import org.junit.Test;
import org.springframework.util.Assert;
public class LocalCacheTest {
@Test
public void dummy() {
Assert.isTrue(true);
}
@Test
public void lifetime() throws InterruptedException {
LocalCache<string string> localCache = new LocalCache<string string>(
"test_name", 1024 * 1024 * 100, 5000);
for (int i = 0; i &gt; sessionLocalCache = new LocalCache<string map object>&gt;(
"localSession", 1024 * 1024 * 100, 10000);
public void init(FilterConfig filterConfig) throws ServletException {
}
public void doFilter(ServletRequest servletRequest,
ServletResponse serlvetResponse, FilterChain chain)
throws IOException, ServletException {
Thread currentThread = Thread.currentThread();
String threadName = currentThread.getName();
if (!(servletRequest instanceof HttpServletRequest)) {
log.error("Can only process HttpServletRequest");
throw new ServletException("Can only process HttpServletRequest");
}
if (!(serlvetResponse instanceof HttpServletResponse)) {
log.error("Can only process HttpServletResponse");
throw new ServletException("Can only process HttpServletResponse");
}
HttpServletRequest request = (HttpServletRequest) servletRequest;
HttpServletResponse response = (HttpServletResponse) serlvetResponse;
// read cookie
Cookie[] cookies_array = request.getCookies();
String sessionId_fromCookie = "";
if (cookies_array != null &amp;&amp; cookies_array.length &gt; 0) {
for (int i = 0; i attributesToMigrate = null;
// get session
HttpSession session = request.getSession(false);
if (session == null &amp;&amp; request.isRequestedSessionIdValid() == false) {
log.debug(threadName
+ " how did this happen, there is no session!!!!!!!!!!!! + sessionId_fromCookie="
+ sessionId_fromCookie);
}
String originalSessionId = "";
if (session != null &amp;&amp; request.isRequestedSessionIdValid() != false) {
originalSessionId = session.getId();
// save the attributes in map
if (migrateSessionAttributes) {
attributesToMigrate = new HashMap<string object>();
Enumeration&gt; enumer = session.getAttributeNames();
while (enumer.hasMoreElements()) {
try {
String key = (String) enumer.nextElement();
if (session != null
&amp;&amp; request.isRequestedSessionIdValid() != false) {
attributesToMigrate.put(key,
session.getAttribute(key));
}
} catch (Exception e) {
log.error(threadName + " error message " + e
+ " sessionId=" + originalSessionId);
}
}
sessionLocalCache.put(originalSessionId, attributesToMigrate);
}
} else {
originalSessionId = sessionId_fromCookie;
}
// kill the old session
if (session != null &amp;&amp; request.isRequestedSessionIdValid() != false) {
if (log.isDebugEnabled()) {
log.debug(threadName + " Invalidating session with Id "
+ originalSessionId + " start!");
}
session.invalidate();
if (log.isDebugEnabled()) {
log.debug(threadName + "Invalidating session with Id "
+ originalSessionId + " end!");
}
// session.setMaxInactiveInterval(10);
}
session = request.getSession(true); // we now have a new session
if (log.isDebugEnabled()) {
log.debug(threadName + "Started new session: " + session.getId());
}
if (sessionLocalCache.containsKey(originalSessionId)) {
log.debug(threadName + "getting session value from map: "
+ originalSessionId);
attributesToMigrate = (HashMap<string object>) sessionLocalCache
.get(originalSessionId);
}
// migrate the attribute to new session
if (attributesToMigrate != null) {
Iterator&gt; iter = attributesToMigrate.entrySet().iterator();
while (iter.hasNext()) {
Map.Entry, ?&gt; entry = (Entry, ?&gt;) iter.next();
try {
session.setAttribute((String) entry.getKey(),
entry.getValue());
} catch (Exception e) {
log.error(threadName + " error message " + e
+ " new SessionId=" + session.getId());
}
}
log.debug(threadName + " merge the data into new session ="
+ session.getId());
}
CookieRequestWrapper wrapperRequest = new CookieRequestWrapper(request);
wrapperRequest.setResponse(response);
chain.doFilter(wrapperRequest, response);
}
public void destroy() {
}
public boolean isMigrateSessionAttributes() {
return migrateSessionAttributes;
}
public void setMigrateSessionAttributes(boolean migrateSessionAttributes) {
this.migrateSessionAttributes = migrateSessionAttributes;
}
}
It is weird to manage session like this. It is not recommended way.
references:
http://hi.baidu.com/iburu/item/61b4e5144ff792f8ddeecacd
http://svn.igniterealtime.org/svn/repos/openfire/trunk/src/java/org/jivesoftware/util/cache/DefaultCache.java
http://svn.igniterealtime.org/svn/repos/openfire/trunk/src/java/org/jivesoftware/util/LinkedList.java
http://svn.igniterealtime.org/svn/repos/openfire/trunk/src/java/org/jivesoftware/util/LinkedListNode.java
http://svn.igniterealtime.org/svn/repos/openfire/trunk/src/java/org/jivesoftware/util/cache/Cache.java
http://svn.igniterealtime.org/svn/repos/openfire/trunk/src/java/org/jivesoftware/util/cache/CacheSizes.java
http://svn.igniterealtime.org/svn/repos/openfire/trunk/src/java/org/jivesoftware/util/cache/Cacheable.java
http://svn.igniterealtime.org/svn/repos/openfire/trunk/src/java/org/jivesoftware/util/cache/CannotCalculateSizeException.java
</string></string></string></string></string>
发表评论
-
Update Site will come soon
2021-06-02 04:10 1605I am still keep notes my tech n ... -
Portainer 2020(4)Deploy Nginx and Others
2020-03-20 12:06 374Portainer 2020(4)Deploy Nginx a ... -
Private Registry 2020(1)No auth in registry Nginx AUTH for UI
2020-03-18 00:56 368Private Registry 2020(1)No auth ... -
Docker Compose 2020(1)Installation and Basic
2020-03-15 08:10 318Docker Compose 2020(1)Installat ... -
VPN Server 2020(2)Docker on CentOS in Ubuntu
2020-03-02 08:04 393VPN Server 2020(2)Docker on Cen ... -
Nginx Deal with OPTIONS in HTTP Protocol
2020-02-15 01:33 293Nginx Deal with OPTIONS in HTTP ... -
PDF to HTML 2020(1)pdftohtml Linux tool or PDFBox
2020-01-29 07:37 328PDF to HTML 2020(1)pdftohtml Li ... -
Elasticsearch Cluster 2019(2)Kibana Issue or Upgrade
2020-01-12 03:25 581Elasticsearch Cluster 2019(2)Ki ... -
Spark Streaming 2020(1)Investigation
2020-01-08 07:19 226Spark Streaming 2020(1)Investig ... -
Hadoop Docker 2019 Version 3.2.1
2019-12-10 07:39 248Hadoop Docker 2019 Version 3.2. ... -
MongoDB 2019(3)Security and Auth
2019-11-16 06:48 194MongoDB 2019(3)Security and Aut ... -
MongoDB 2019(1)Install 4.2.1 Single and Cluster
2019-11-11 05:07 239MongoDB 2019(1) Follow this ht ... -
Monitor Tool 2019(1)Monit Installation and Usage
2019-10-17 08:22 278Monitor Tool 2019(1)Monit Insta ... -
Ansible 2019(1)Introduction and Installation on Ubuntu and CentOS
2019-10-12 06:15 263Ansible 2019(1)Introduction and ... -
Timezone and Time on All Servers and Docker Containers
2019-10-10 11:18 285Timezone and Time on All Server ... -
Kafka Cluster 2019(6) 3 Nodes Cluster on CentOS7
2019-10-05 23:28 232Kafka Cluster 2019(6) 3 Nodes C ... -
K8S Helm(1)Understand YAML and Kubectl Pod and Deployment
2019-10-01 01:21 284K8S Helm(1)Understand YAML and ... -
Rancher and k8s 2019(5)Private Registry
2019-09-27 03:25 315Rancher and k8s 2019(5)Private ... -
Jenkins 2019 Cluster(1)Version 2.194
2019-09-12 02:53 395Jenkins 2019 Cluster(1)Version ... -
Redis Cluster 2019(3)Redis Cluster on CentOS
2019-08-17 04:07 330Redis Cluster 2019(3)Redis Clus ...
相关推荐
安全会话固定测试是一个用于通过注入cookie来验证会话被盗的系统,可让您控制并提高其网站的安全性。
J2EE的13种核心技术,很是用的,初步入门级别
session-fixation-protection B.1.9. <concurrent-control> 元素 B.1.9.1. max-sessions 属性 B.1.9.2. expired-url 属性 B.1.9.3. error-if-maximum-exceeded 属性 B.1.9.4. session-registry-alias ...
session-fixation-protection B.1.9. 元素 B.1.9.1. max-sessions属性 B.1.9.2. expired-url属性 B.1.9.3. error-if-maximum-exceeded属性 B.1.9.4. session-registry-alias和session-registry-ref属性 B....
judd fixation low resolution
8、Session 固定攻击(Session Fixation) 9、HTTP响应拆分攻击(HTTP Response Splitting) 10、文件上传漏洞(File Upload Attack) 11、目录穿越漏洞(Directory Traversal) 12、远程文件包含攻击(Remote Inclusion)...
8、Session固定攻击(SessionFixation) 9、HTTP响应拆分攻击(HTTPResponseSplitting) 10、文件上传漏洞(FileUploadAttack) 11、目录穿越漏洞(DirectoryTraversal) 12、远程文件包含攻击(RemoteInclusion) 13、动态...
session-fixation-protection B.1.9. <concurrent-control> 元素 B.1.9.1. max-sessions 属性 B.1.9.2. expired-url 属性 B.1.9.3. error-if-maximum-exceeded 属性 B.1.9.4. session-registry-alias 和...
8.Session 固定攻击(Session Fixation) 9.HTTP响应拆分攻击(HTTP Response Splitting) 10.文件上传漏洞(File Upload Attack) 11.目录穿越漏洞(Directory Traversal) 12.远程文件包含攻击(Remote Inclusion...
Session Fixation 130 Session Hijacking 131 Session Poisoning 133 Patching the Application to Secure the Session 133 Wrapping It Up 136 Chapter 10 Cross-Site Scripting 137 What Is XSS? 137 Reflected ...
Unorthodox internal fixation of bone lesions in myelomatosis.
arr /= fix_arr.max()fix_arr[:,0] *= Wfix_arr[:,1] *= H数据形状必须number of participate x 3(x, y, fixation) 固定可以是1演示版该图像未使用实际的人眼跟踪数据:这使用了玩具数据其他实施 :易于使用的基于...
第一注视点的位置影响面孔识别的种族效应:一个眼动研究,钟念曾,王哲,运用新旧任务和跟动技术,我们探索了亚洲被试识别本族面孔和他族面孔时的眼动模式和行为绩效。在研究一中,我们考察了亚洲被试在
ANSYS仿真案例Workbench有限元计算实例结果源文件流体fluent模型_fixation-analysis
Nitrogen fixation of faba bean interacting with a non-legume in two contrasting intercropping systems,范分良,余常兵,A field experiment was carried out to quantify biological nitrogen fixation (BNF)...
归功于 )电报用户名: : ( ) 如果看到tdata,请不要登录电报,也许您尝试为其他人制作有效令牌:) #根据我们对( 或 )的研究,发现了一个Session Fixation错误,该错误可能导致帐户被完全劫持,以及绕过两步验证...
The vertx-pac4j project is an easy and powerful security library for Vert.x 3 web applications and web services which supports authentication and authorization, but also application logout and ...
pac4j project is an easy and powerful security library for JEE web applications and web services which supports authentication and authorization, but also logout and advanced features like session ...
<p xss=removed>In the process of eye tracking , a subject may focus on a point for a longer time, we call it fixation points, the</p><p xss=removed>process between fixation points is a saccade....