View Javadoc
1   /**
2    * This file Copyright (c) 2003-2015 Magnolia International
3    * Ltd.  (http://www.magnolia-cms.com). All rights reserved.
4    *
5    *
6    * This file is dual-licensed under both the Magnolia
7    * Network Agreement and the GNU General Public License.
8    * You may elect to use one or the other of these licenses.
9    *
10   * This file is distributed in the hope that it will be
11   * useful, but AS-IS and WITHOUT ANY WARRANTY; without even the
12   * implied warranty of MERCHANTABILITY or FITNESS FOR A
13   * PARTICULAR PURPOSE, TITLE, or NONINFRINGEMENT.
14   * Redistribution, except as permitted by whichever of the GPL
15   * or MNA you select, is prohibited.
16   *
17   * 1. For the GPL license (GPL), you can redistribute and/or
18   * modify this file under the terms of the GNU General
19   * Public License, Version 3, as published by the Free Software
20   * Foundation.  You should have received a copy of the GNU
21   * General Public License, Version 3 along with this program;
22   * if not, write to the Free Software Foundation, Inc., 51
23   * Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
24   *
25   * 2. For the Magnolia Network Agreement (MNA), this file
26   * and the accompanying materials are made available under the
27   * terms of the MNA which accompanies this distribution, and
28   * is available at http://www.magnolia-cms.com/mna.html
29   *
30   * Any modifications to this file must keep this entire header
31   * intact.
32   *
33   */
34  package info.magnolia.cms.security;
35  
36  import java.util.Date;
37  
38  import javax.servlet.http.HttpServletRequest;
39  import javax.servlet.http.HttpSession;
40  
41  import org.slf4j.Logger;
42  import org.slf4j.LoggerFactory;
43  import info.magnolia.context.MgnlContext;
44  
45  
46  /**
47   * Used to lock a session or the system. Currently checked in the {@link URISecurityFilter}. Should
48   * only be used with care.
49   */
50  public final class Lock {
51  
52      private static Logger log = LoggerFactory.getLogger(Lock.class);
53  
54      /**
55       * Session lock attribute.
56       */
57      private static final String SESSION_LOCK = "mgnlSessionLock";
58  
59      /**
60       * System wide lock.
61       */
62      private static boolean isSystemLocked;
63  
64      /**
65       * System wide lock creation time.
66       */
67      private static Date lockSetDate;
68  
69      /**
70       * Utility class, don't instantiate.
71       */
72      private Lock() {
73          // unused
74      }
75  
76      /**
77       * Set session based lock.
78       */
79      public static void setSessionLock(HttpServletRequest request) {
80          log.info("Session lock enabled for user ( "
81              + MgnlContext.getUser().getName()
82              + " ) on "
83              + (new Date()).toString());
84          // @todo IMPORTANT remove use of http session
85          HttpSession httpsession = request.getSession(true);
86          httpsession.setAttribute(SESSION_LOCK, (new Date()).toString());
87      }
88  
89      /**
90       * Returns true if this session is locked.
91       *
92       * @return a boolean
93       */
94      public static boolean isSessionLocked(HttpServletRequest request) {
95          // @todo IMPORTANT remove use of http session
96          if (request.getSession(true).getAttribute(Lock.SESSION_LOCK) != null) {
97              return true;
98          }
99          return false;
100     }
101 
102     /**
103      * Reset session lock.
104      */
105     public static void resetSessionLock(HttpServletRequest request) {
106         if (!Lock.isSessionLocked(request)) {
107             if (log.isDebugEnabled()) {
108                 log.debug("No Lock found to reset");
109             }
110         }
111         else {
112             if (log.isDebugEnabled()) {
113                 log.debug("Resetting session lock");
114             }
115             Lock.isSystemLocked = false;
116         }
117         // @todo IMPORTANT remove use of http session
118         HttpSession httpsession = request.getSession(true);
119         httpsession.removeAttribute(Lock.SESSION_LOCK);
120     }
121 
122     /**
123      * Set system wide lock.
124      */
125     public static void setSystemLock() {
126         if (Lock.isSystemLocked()) {
127             if (log.isDebugEnabled()) {
128                 log.debug("System lock exist, created on " + Lock.lockSetDate.toString());
129             }
130         }
131         else {
132             Lock.isSystemLocked = true;
133             Lock.lockSetDate = new Date();
134             if (log.isDebugEnabled()) {
135                 log.debug("New System lock created on " + Lock.lockSetDate.toString() + " )");
136             }
137         }
138     }
139 
140     /**
141      * Reset system wide lock.
142      */
143     public static void resetSystemLock() {
144         if (!Lock.isSystemLocked()) {
145             log.debug("No Lock found to reset");
146         }
147         else {
148             if (log.isDebugEnabled()) {
149                 log.debug("Resetting system lock created on " + Lock.lockSetDate.toString());
150             }
151             Lock.isSystemLocked = false;
152         }
153     }
154 
155     /**
156      * Return true if system is locked.
157      * @return a boolean
158      */
159     public static boolean isSystemLocked() {
160         return Lock.isSystemLocked;
161     }
162 }