From 7955668710cc71a020881f07b45ed1dc8c1cdc92 Mon Sep 17 00:00:00 2001 From: lingbin Date: Tue, 19 Sep 2017 16:55:59 +0800 Subject: [PATCH] make web session key more versatile --- .../com/baidu/palo/http/HttpAuthManager.java | 5 +--- .../baidu/palo/http/action/WebBaseAction.java | 23 ++++++++----------- 2 files changed, 11 insertions(+), 17 deletions(-) diff --git a/fe/src/com/baidu/palo/http/HttpAuthManager.java b/fe/src/com/baidu/palo/http/HttpAuthManager.java index 6d25db56af269f..8f60c2c92fda57 100755 --- a/fe/src/com/baidu/palo/http/HttpAuthManager.java +++ b/fe/src/com/baidu/palo/http/HttpAuthManager.java @@ -26,7 +26,7 @@ public class HttpAuthManager { private static long SESSION_EXPIRE_TIME = 2; // hour private static long SESSION_MAX_SIZE = 100; // avoid to store too many - private static HttpAuthManager instance = null; + private static HttpAuthManager instance = new HttpAuthManager(); // session_id => username private Cache authSessions = CacheBuilder.newBuilder() @@ -39,9 +39,6 @@ private HttpAuthManager() { } public static HttpAuthManager getInstance() { - if (instance == null) { - instance = new HttpAuthManager(); - } return instance; } diff --git a/fe/src/com/baidu/palo/http/action/WebBaseAction.java b/fe/src/com/baidu/palo/http/action/WebBaseAction.java index 3d963e490ff96d..ccd2b3369529d1 100644 --- a/fe/src/com/baidu/palo/http/action/WebBaseAction.java +++ b/fe/src/com/baidu/palo/http/action/WebBaseAction.java @@ -15,13 +15,6 @@ package com.baidu.palo.http.action; -import java.net.InetSocketAddress; -import java.util.Date; -import java.util.List; - -import org.apache.logging.log4j.LogManager; -import org.apache.logging.log4j.Logger; - import com.baidu.palo.common.AnalysisException; import com.baidu.palo.common.Config; import com.baidu.palo.common.DdlException; @@ -33,13 +26,21 @@ import com.baidu.palo.http.BaseResponse; import com.baidu.palo.http.HttpAuthManager; import com.baidu.palo.http.rest.RestBaseResult; + import com.google.common.base.Strings; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; + import io.netty.handler.codec.http.DefaultCookie; import io.netty.handler.codec.http.HttpHeaders; import io.netty.handler.codec.http.HttpMethod; import io.netty.handler.codec.http.HttpResponseStatus; +import java.net.InetSocketAddress; +import java.util.List; +import java.util.UUID; + public class WebBaseAction extends BaseAction { private static final Logger LOG = LogManager.getLogger(WebBaseAction.class); private static final String ADMIN_USER = "root"; @@ -118,7 +119,6 @@ public void execute(BaseRequest request, BaseResponse response) { } else if (method.equals(HttpMethod.POST)) { executePost(request, response); } else { - response.appendContent(new RestBaseResult("HTTP method is not allowed.").toJson()); writeResponse(request, response, HttpResponseStatus.METHOD_NOT_ALLOWED); } @@ -150,7 +150,7 @@ protected boolean checkAuth(BaseRequest request, BaseResponse response) { return true; } catch (DdlException e) { response.appendContent("Authentication Failed.
" - + "You can only access test '/help' page without login!"); + + "You can only access '/help' page without login!"); writeAuthResponse(request, response); return false; } @@ -196,9 +196,7 @@ protected void addSession(BaseRequest request, BaseResponse response, String val // We use hashcode of client's IP and timestamp, which not only can identify users from // different host machine, but also can improve the difficulty of forging cookie. int clientAddrHashCode = ((InetSocketAddress) request.getContext().channel().remoteAddress()).hashCode(); - String key = String.valueOf(clientAddrHashCode) - + "_" - + String.valueOf(new Date().getTime()); + String key = UUID.randomUUID().toString(); DefaultCookie cookie = new DefaultCookie(PALO_SESSION_ID, key); cookie.setMaxAge(PALO_SESSION_EXPIRED_TIME); response.addCookie(cookie); @@ -333,4 +331,3 @@ public static NotFoundAction getNotFoundAction() { return NOT_FOUND_ACTION; } } -