search

OpenNTF / org.openntf.domino

Open replacement for lotus.domino package in HCL Domino
Apache License 2.0
65 stars 34 forks source link

Improvement on DasCurrentSessionFactory when used by 'com.ibm.pvc.webcontainer.application' servlet class #159

Closed shillem closed 4 years ago

shillem commented 7 years ago

When using org.eclipse.equinox.http.registry.servlets servlet class request.getRemoteUser() (or request.getUserPrincipal().getName()) is correctly set (authentication is handled by Domino). I set the Domino Session Factory like this:

Factory.setSessionFactory(new DasCurrentSessionFactory(req), SessionType.CURRENT);

When DasCurrentSessionFactory.createSession code in the } else { block is good and won't fail:

    @Override
    public Session createSession() {
        if (request_ == null) {
            lotus.domino.Session rawSession = ContextInfo.getUserSession();
            try {
                lotus.domino.Database rawDb = rawSession.getCurrentDatabase();
                if (rawDb != null) {
                    if (StringUtil.isEmpty(rawDb.getServer())) {
                        currentApiPath_ = rawDb.getFilePath();
                    } else {
                        currentApiPath_ = rawDb.getServer() + "!!" + rawDb.getFilePath();
                    }
                }
            } catch (NotesException e) {
                DominoUtils.handleException(e);
            }
            return wrapSession(ContextInfo.getUserSession(), false);
        } else {
            String name = request_.getUserPrincipal().getName();
            //          System.out.println("TEMP DEBUG getting session for " + name);
            Session session = createSession(name);
            Factory.setCurrentToSession(session);
            return session;
        }
    }

When using com.ibm.pvc.webcontainer.application (slide 69 onward) servlet class request.getRemoteUser() isn't set unless it's taken care of. Whether I'm authenticated in Domino or not request.getRemoteUser() always returns null. At this point the above code will:

fail with: Factory.setSessionFactory(new DasCurrentSessionFactory(req), SessionType.CURRENT); because createSession will execute the else block (request is not null) but request_.getUserPrincipal() won't be set and it will cause a NullPointerException

succeed with: Factory.setSessionFactory(new DasCurrentSessionFactory(null), SessionType.CURRENT); because createSession will execute the first block (request is null)

My suggestion would be that of changing the code as follows:

public class DasCurrentSessionFactory extends AbstractXPageSessionFactory {

    private static final long serialVersionUID = 1L;
    private HttpServletRequest request_;

    //this to be restored
    public DasCurrentSessionFactory() {
        super();
    }

    public DasCurrentSessionFactory(final HttpServletRequest request) {
        super();
        request_ = request;
    }

    /**
     * returns the current Das-Session
     * 
     * @throws
     */
    @Override
    public Session createSession() {
        // I inverted the blocks for convenience
        if (request_ != null && request_.getRemoteUser() != null) {
            Session session = createSession(request_.getRemoteUser());
            Factory.setCurrentToSession(session);
            return session;
        } else {
            lotus.domino.Session rawSession = ContextInfo.getUserSession();
            try {
                lotus.domino.Database rawDb = rawSession.getCurrentDatabase();
                if (rawDb != null) {
                    if (StringUtil.isEmpty(rawDb.getServer())) {
                        currentApiPath_ = rawDb.getFilePath();
                    } else {
                        currentApiPath_ = rawDb.getServer() + "!!" + rawDb.getFilePath();
                    }
                }
            } catch (NotesException e) {
                DominoUtils.handleException(e);
            }
            return wrapSession(ContextInfo.getUserSession(), false);
        }
    }