Refactor getSession and get/set attr calls

Author: at055612

stroom-activity/stroom-activity-impl/src/main/java/stroom/activity/impl/CurrentActivityImpl.java

@@ -19,11 +19,11 @@
 import stroom.activity.api.CurrentActivity;
 import stroom.activity.shared.Activity;
 import stroom.security.api.SecurityContext;
+import stroom.util.servlet.SessionUtil;
 
 import com.google.inject.Inject;
 import jakarta.inject.Provider;
 import jakarta.servlet.http.HttpServletRequest;
-import jakarta.servlet.http.HttpSession;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -49,17 +49,7 @@ public Activity getActivity() {
 
             try {
                 final HttpServletRequest request = httpServletRequestProvider.get();
-                if (request != null) {
-                    final HttpSession session = request.getSession(false);
-                    if (session != null) {
-                        final Object object = session.getAttribute(NAME);
-                        if (object instanceof Activity) {
-                            activity = (Activity) object;
-                        }
-                    } else {
-                        LOGGER.debug("No Session");
-                    }
-                }
+                activity = SessionUtil.getAttribute(request, NAME, Activity.class, false);
             } catch (final RuntimeException e) {
                 LOGGER.debug(e.getMessage(), e);
             }
@@ -72,14 +62,7 @@ public Activity getActivity() {
     public void setActivity(final Activity activity) {
         securityContext.secure(() -> {
             final HttpServletRequest request = httpServletRequestProvider.get();
-            if (request != null) {
-                final HttpSession session = request.getSession(false);
-                if (session != null) {
-                    session.setAttribute(NAME, activity);
-                } else {
-                    LOGGER.debug("No Session");
-                }
-            }
+            SessionUtil.setAttribute(request, NAME, activity, false);
         });
     }
 }

stroom-resource/stroom-resource-impl/src/main/java/stroom/resource/impl/SessionResourceStoreImpl.java

@@ -17,7 +17,11 @@
 package stroom.resource.impl;
 
 import stroom.resource.api.ResourceStore;
+import stroom.util.logging.LambdaLogger;
+import stroom.util.logging.LambdaLoggerFactory;
+import stroom.util.logging.LogUtil;
 import stroom.util.servlet.HttpServletRequestHolder;
+import stroom.util.servlet.SessionUtil;
 import stroom.util.shared.IsServlet;
 import stroom.util.shared.ResourceKey;
 
@@ -39,6 +43,8 @@
  */
 public class SessionResourceStoreImpl extends HttpServlet implements ResourceStore, IsServlet {
 
+    private static final LambdaLogger LOGGER = LambdaLoggerFactory.getLogger(SessionResourceStoreImpl.class);
+
     private static final Set<String> PATH_SPECS = Set.of("/resourcestore/*");
     private static final String UUID_ARG = "uuid";
     private static final String ZIP_EXTENSION = ".zip";
@@ -94,7 +100,9 @@ private ResourceMap getMap() {
         }
 
         final String name = "SESSION_RESOURCE_STORE";
-        final HttpSession session = request.getSession();
+        final HttpSession session = SessionUtil.getOrCreateSession(request, newSession ->
+                LOGGER.debug(() -> LogUtil.message("getMap() - Created session {}",
+                        SessionUtil.getSessionId(newSession))));
         final Object object = session.getAttribute(name);
         if (object == null) {
             resourceMap = new ResourceMap();

stroom-security/stroom-security-common-impl/src/main/java/stroom/security/common/impl/UserIdentitySessionUtil.java

@@ -4,6 +4,7 @@
 import stroom.util.logging.LambdaLogger;
 import stroom.util.logging.LambdaLoggerFactory;
 import stroom.util.logging.LogUtil;
+import stroom.util.servlet.SessionUtil;
 import stroom.util.shared.NullSafe;
 
 import jakarta.servlet.http.HttpSession;
@@ -24,7 +25,7 @@ private UserIdentitySessionUtil() {
      */
     public static void set(final HttpSession session, final UserIdentity userIdentity) {
         LOGGER.debug(() -> LogUtil.message("Setting userIdentity of type {} in session {}, userIdentity: {}",
-                NullSafe.get(userIdentity, UserIdentity::getClass, Class::getSimpleName),
+                LogUtil.getSimpleClassName(userIdentity),
                 NullSafe.get(session, HttpSession::getId),
                 userIdentity));
         session.setAttribute(SESSION_USER_IDENTITY, userIdentity);
@@ -34,16 +35,16 @@ public static Optional<UserIdentity> get(final HttpSession session) {
         final Optional<UserIdentity> optUserIdentity = Optional.ofNullable(session)
                 .map(session2 ->
                         (UserIdentity) session2.getAttribute(SESSION_USER_IDENTITY));
+
         if (LOGGER.isTraceEnabled()) {
             optUserIdentity.ifPresentOrElse(userIdentity -> {
                 LOGGER.trace(() -> LogUtil.message("Got userIdentity of type {} in session {}, userIdentity: {}",
                         NullSafe.get(userIdentity, UserIdentity::getClass, Class::getSimpleName),
-                        NullSafe.get(session, HttpSession::getId),
+                        SessionUtil.getSessionId(session),
                         userIdentity));
-            }, () -> {
-                LOGGER.trace(() -> LogUtil.message("No userIdentity in session {}",
-                        NullSafe.get(session, HttpSession::getId)));
-            });
+            }, () ->
+                    LOGGER.trace(() ->
+                            LogUtil.message("No userIdentity in session {}", SessionUtil.getSessionId(session))));
         }
         return optUserIdentity;
     }

stroom-security/stroom-security-identity/src/main/java/stroom/security/identity/authenticate/AuthenticationServiceImpl.java

@@ -39,6 +39,7 @@
 import stroom.util.logging.LambdaLogger;
 import stroom.util.logging.LambdaLoggerFactory;
 import stroom.util.logging.LogUtil;
+import stroom.util.servlet.SessionUtil;
 
 import event.logging.AuthenticateOutcomeReason;
 import jakarta.inject.Inject;
@@ -59,7 +60,7 @@ class AuthenticationServiceImpl implements AuthenticationService {
     private static final LambdaLogger LOGGER = LambdaLoggerFactory.getLogger(AuthenticationServiceImpl.class);
 
     private static final long MIN_CREDENTIAL_CONFIRMATION_INTERVAL = 600000;
-    private static final String AUTH_STATE = "AUTH_STATE";
+    private static final String AUTH_STATE_ATTRIBUTE_NAME = "AUTH_STATE";
 
     private final UriFactory uriFactory;
     private final IdentityConfig config;
@@ -93,23 +94,19 @@ public AuthenticationServiceImpl(
         this.certificateExtractor = certificateExtractor;
     }
 
-    private void setAuthState(final HttpSession session, final AuthStateImpl authStateImpl) {
-        if (session != null) {
-            session.setAttribute(AUTH_STATE, authStateImpl);
-        }
+    private void setAuthState(final HttpServletRequest request,
+                              final AuthStateImpl authStateImpl,
+                              final boolean createSession) {
+        SessionUtil.setAttribute(request, AUTH_STATE_ATTRIBUTE_NAME, authStateImpl, createSession);
+
     }
 
     private AuthStateImpl getAuthState(final HttpServletRequest request) {
-        if (request == null) {
-            return null;
-        }
-
-        final HttpSession session = request.getSession(false);
-        if (session == null) {
-            return null;
-        }
-
-        return (AuthStateImpl) session.getAttribute(AUTH_STATE);
+        return SessionUtil.getAttribute(
+                request,
+                AUTH_STATE_ATTRIBUTE_NAME,
+                AuthStateImpl.class,
+                false);
     }
 
     @Override
@@ -183,7 +180,7 @@ private AuthStatus loginWithCertificate(final HttpServletRequest request) {
                             account,
                             false,
                             System.currentTimeMillis());
-                    setAuthState(request.getSession(true), newState);
+                    setAuthState(request, newState, true);
 
                     // Reset last access, login failures, etc...
                     accountDao.recordSuccessfulLogin(userId);
@@ -253,10 +250,9 @@ public ConfirmPasswordResponse confirmPassword(final HttpServletRequest request,
         final String message = result.toString();
         if (result.isAllOk()) {
             // Update tha last credential confirmation time.
-            setAuthState(request.getSession(true),
-                    new AuthStateImpl(authState.getAccount(),
-                            authState.isRequirePasswordChange(),
-                            System.currentTimeMillis()));
+
+            final AuthStateImpl newAuthState = authState.withLastCredentialCheckMs(System.currentTimeMillis());
+            setAuthState(request, newAuthState, true);
             return new ConfirmPasswordResponse(true, message);
         }
 
@@ -302,8 +298,11 @@ public ChangePasswordResponse changePassword(final HttpServletRequest request,
         accountDao.changePassword(userId, changePasswordRequest.getNewPassword());
 
         if (authState.getSubject().equals(userId)) {
-            setAuthState(request.getSession(true),
-                    new AuthStateImpl(authState.getAccount(), false, System.currentTimeMillis()));
+            final AuthStateImpl newAuthState = new AuthStateImpl(
+                    authState.getAccount(),
+                    false,
+                    System.currentTimeMillis());
+            setAuthState(request, newAuthState, true);
         }
 
         return new ChangePasswordResponse(true, null, false);
@@ -344,8 +343,11 @@ private LoginResponse processSuccessfulLogin(final HttpServletRequest request,
 
         // Reset last access, login failures, etc...
         accountDao.recordSuccessfulLogin(userId);
-        setAuthState(request.getSession(true),
-                new AuthStateImpl(account, userNeedsToChangePassword, System.currentTimeMillis()));
+        final AuthStateImpl newAuthState = new AuthStateImpl(
+                account,
+                userNeedsToChangePassword,
+                System.currentTimeMillis());
+        setAuthState(request, newAuthState, true);
 
         return new LoginResponse(true, message, userNeedsToChangePassword);
     }
@@ -392,7 +394,7 @@ private Optional<String> getIdFromCertificate(final String cn) {
     }
 
     private void clearSession(final HttpServletRequest request) {
-        setAuthState(request.getSession(false), null);
+        setAuthState(request, null, false);
     }
 
     public PasswordPolicyConfig getPasswordPolicy() {
@@ -466,8 +468,16 @@ public boolean isRequirePasswordChange() {
         public long getLastCredentialCheckMs() {
             return lastCredentialCheckMs;
         }
+
+        public AuthStateImpl withLastCredentialCheckMs(final long lastCredentialCheckMs) {
+            return new AuthStateImpl(account, requirePasswordChange, lastCredentialCheckMs);
+        }
     }
 
+
+    // --------------------------------------------------------------------------------
+
+
     private static class AuthStatusImpl implements AuthStatus {
 
         private final AuthState state;

stroom-security/stroom-security-impl/src/main/java/stroom/security/impl/OpenIdManager.java

@@ -125,7 +125,6 @@ private RedirectUrl backChannelOIDC(final HttpServletRequest request,
             if (optionalUserIdentity.isPresent()) {
                 // Set the token in the session so that when we re-direct to the initiating page (i.e. '/')
                 // we will have the identity in session so won't go back round the code flow loop
-//                UserIdentitySessionUtil.set(request.getSession(true), optionalUserIdentity.get());
 
                 // Successful login, so redirect to the original URL held in the state.
                 final String uri = state.getInitiatingUri();

stroom-security/stroom-security-impl/src/main/java/stroom/security/impl/SecurityFilter.java

@@ -143,9 +143,7 @@ private void filter(final HttpServletRequest request,
             chain.doFilter(request, response);
         } else {
             LOGGER.debug(() -> LogUtil.message("Session ID {}, request URI {}",
-                    Optional.ofNullable(request.getSession(false))
-                            .map(HttpSession::getId)
-                            .orElse("-"),
+                    SessionUtil.getSessionId(request),
                     request.getRequestURI() + Optional.ofNullable(request.getQueryString())
                             .map(str -> "/" + str)
                             .orElse("")));
@@ -174,7 +172,7 @@ private void filter(final HttpServletRequest request,
 
             // If no user from header token, see if we have one in session already.
             if (optUserIdentity.isEmpty()) {
-                optUserIdentity = UserIdentitySessionUtil.get(request.getSession(false));
+                optUserIdentity = UserIdentitySessionUtil.get(SessionUtil.getExistingSession(request));
                 if (LOGGER.isDebugEnabled()) {
                     logUserIdentityToDebug(optUserIdentity, fullPath, "from session");
                 }
@@ -363,7 +361,10 @@ public void destroy() {
 
     private Optional<HttpSession> ensureSessionIfCookiePresent(final HttpServletRequest request) {
         if (SessionUtil.requestHasSessionCookie(request)) {
-            return Optional.of(request.getSession(true));
+            final HttpSession session = SessionUtil.getOrCreateSession(request, newSession ->
+                    LOGGER.debug(() -> LogUtil.message("ensureSessionIfCookiePresent() - Created new session {}",
+                            SessionUtil.getSessionId(newSession))));
+            return Optional.of(session);
         }
         return Optional.empty();
     }

stroom-security/stroom-security-impl/src/main/java/stroom/security/impl/StroomUserIdentityFactory.java

@@ -36,6 +36,7 @@
 import stroom.util.logging.LambdaLogger;
 import stroom.util.logging.LambdaLoggerFactory;
 import stroom.util.logging.LogUtil;
+import stroom.util.servlet.SessionUtil;
 import stroom.util.shared.Clearable;
 import stroom.util.shared.NullSafe;
 import stroom.util.shared.PermissionException;
@@ -322,7 +323,10 @@ private UserIdentity createAuthFlowUserIdentity(final JwtClaims jwtClaims,
         // At this point we have authenticated the User so need to ensure
         // we have a session as that gets attached to the userIdentity object to
         // allow us to refresh it's token.
-        final HttpSession session = request.getSession(true);
+        final HttpSession session = SessionUtil.getOrCreateSession(request, newSession -> {
+            LOGGER.debug(() -> LogUtil.message("createAuthFlowUserIdentity() - Created new session {}",
+                    newSession.getId()));
+        });
 
         // Make a token object that we can update as/when we do a token refresh
         final UpdatableToken updatableToken = new UpdatableToken(
@@ -348,11 +352,11 @@ private UserIdentity createAuthFlowUserIdentity(final JwtClaims jwtClaims,
 
         LOGGER.debug(() -> LogUtil.message(
                 "createAuthFlowUserIdentity() - Authenticated user - session: {}, userIdentity: {}",
-                NullSafe.get(session, HttpSession::getId),
+                SessionUtil.getSessionId(session),
                 userIdentity));
 
         LOGGER.info(() -> "createAuthFlowUserIdentity() - Authenticated user " + userIdentity
-                          + " for sessionId " + NullSafe.get(session, HttpSession::getId));
+                          + " for sessionId " + SessionUtil.getSessionId(session));
         return userIdentity;
     }
 
@@ -403,15 +407,11 @@ private static ApiUserIdentity createApiUserIdentity(final JwtContext jwtContext
                                                          final String displayName,
                                                          final String userUuid,
                                                          final HttpServletRequest request) {
-        Objects.requireNonNull(userId);
-
-        final HttpSession session = request.getSession(false);
-
         return new ApiUserIdentity(
                 userUuid,
-                userId,
+                Objects.requireNonNull(userId),
                 displayName,
-                NullSafe.get(session, HttpSession::getId),
+                SessionUtil.getSessionId(request),
                 jwtContext);
     }
 
@@ -431,6 +431,7 @@ private Optional<UserIdentity> getProcessingUser(final JwtContext jwtContext) {
     public boolean isServiceUser(final String subject,
                                  final String issuer,
                                  final UserIdentity serviceUser) {
+
         if (serviceUser instanceof final HasJwtClaims hasJwtClaims) {
             return Optional.ofNullable(hasJwtClaims.getJwtClaims())
                     .map(ThrowingFunction.unchecked(jwtClaims -> {

stroom-util/src/main/java/stroom/util/logging/LogUtil.java

@@ -492,4 +492,12 @@ public static DurationTimer startTimerIfTraceEnabled(final Logger logger) {
                 ? DurationTimer.start()
                 : null;
     }
+
+    public static String getSimpleClassName(final Object obj) {
+        return NullSafe.get(obj, Object::getClass, Class::getSimpleName);
+    }
+
+    public static String getClassName(final Object obj) {
+        return NullSafe.get(obj, Object::getClass, Class::getName);
+    }
 }