CLOUDSTACK-8702: Add/refactor sessionkey checking code to HttpUtils

Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com> (cherry picked from commit cb7dd7b27d) Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
2015-08-03 14:34:20 +05:30 · 2015-08-03 14:34:20 +05:30 · 89f47ece3d
parent 5d29b63cfa
commit 89f47ece3d
2 changed files with 17 additions and 7 deletions
--- a/server/src/com/cloud/api/ApiServlet.java
+++ b/server/src/com/cloud/api/ApiServlet.java
@ -245,13 +245,7 @@ public class ApiServlet extends HttpServlet {
                userId = (Long)session.getAttribute("userid");
                final String account = (String) session.getAttribute("account");
                final Object accountObj = session.getAttribute("accountobj");
-                final String sessionKey = (String) session.getAttribute(ApiConstants.SESSIONKEY);
-                final String sessionKeyFromCookie = HttpUtils.findCookie(req.getCookies(), ApiConstants.SESSIONKEY);
-                final String[] sessionKeyFromParams = (String[]) params.get(ApiConstants.SESSIONKEY);
-                if ((sessionKey == null)
-                        || (sessionKeyFromParams == null && sessionKeyFromCookie == null)
-                        || (sessionKeyFromParams != null && !sessionKey.equals(sessionKeyFromParams[0]))
-                        || (sessionKeyFromCookie != null && !sessionKey.equals(sessionKeyFromCookie))) {
+                if (!HttpUtils.validateSessionKey(session, params, req.getCookies(), ApiConstants.SESSIONKEY)) {
                    try {
                        session.invalidate();
                    } catch (final IllegalStateException ise) {
--- a/utils/src/com/cloud/utils/HttpUtils.java
+++ b/utils/src/com/cloud/utils/HttpUtils.java
@ -23,7 +23,9 @@ import org.apache.log4j.Logger;

 import javax.servlet.http.Cookie;
 import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSession;
 import java.io.IOException;
+import java.util.Map;

 public class HttpUtils {

@ -89,4 +91,18 @@ public class HttpUtils {
            }
        }
    }
+
+    public static boolean validateSessionKey(final HttpSession session, final Map<String, Object[]> params, final Cookie[] cookies, final String sessionKeyString) {
+        final String sessionKey = (String) session.getAttribute(sessionKeyString);
+        final String sessionKeyFromCookie = HttpUtils.findCookie(cookies, sessionKeyString);
+        final String[] sessionKeyFromParams = (String[]) params.get(sessionKeyString);
+        if ((sessionKey == null)
+                || (sessionKeyFromParams == null && sessionKeyFromCookie == null)
+                || (sessionKeyFromParams != null && !sessionKey.equals(sessionKeyFromParams[0]))
+                || (sessionKeyFromCookie != null && !sessionKey.equals(sessionKeyFromCookie))) {
+            return false;
+        }
+        return true;
+    }
+
 }