SessionPrx RegistryI::createSession(const string& user, const string& password, const Current& current) { if(!_master) { PermissionDeniedException ex; ex.reason = "client session creation is only allowed with the master registry."; throw ex; } assert(_reaper && _clientSessionFactory); if(!_clientVerifier) { PermissionDeniedException ex; ex.reason = "no permissions verifier configured, use the property\n"; ex.reason += "`IceGrid.Registry.PermissionsVerifier' to configure\n"; ex.reason += "a permissions verifier."; throw ex; } if(user.empty()) { PermissionDeniedException ex; ex.reason = "empty user id"; throw ex; } try { string reason; if(!_clientVerifier->checkPermissions(user, password, reason, current.ctx)) { PermissionDeniedException exc; exc.reason = reason; throw exc; } } catch(const LocalException& ex) { if(_traceLevels && _traceLevels->session > 0) { Trace out(_traceLevels->logger, _traceLevels->sessionCat); out << "exception while verifying password with client permission verifier:\n" << ex; } PermissionDeniedException exc; exc.reason = "internal server error"; throw exc; } SessionIPtr session = _clientSessionFactory->createSessionServant(user, 0); Ice::ObjectPrx proxy = session->registerWithServantLocator(_sessionServantLocator, current.con); if(_sessionTimeout > 0) { _reaper->add(new SessionReapable<SessionI>(_traceLevels->logger, session), _sessionTimeout); } return SessionPrx::uncheckedCast(proxy); }
SessionPrx RegistryI::createSessionFromSecureConnection(const Current& current) { if(!_master) { PermissionDeniedException ex; ex.reason = "client session creation is only allowed with the master registry."; throw ex; } assert(_reaper && _clientSessionFactory); if(!_sslClientVerifier) { PermissionDeniedException ex; ex.reason = "no ssl permissions verifier configured, use the property\n"; ex.reason += "`IceGrid.Registry.SSLPermissionsVerifier' to configure\n"; ex.reason += "a permissions verifier."; throw ex; } string userDN; Glacier2::SSLInfo info = getSSLInfo(current.con, userDN); if(userDN.empty()) { PermissionDeniedException ex; ex.reason = "empty user DN"; throw ex; } try { string reason; if(!_sslClientVerifier->authorize(info, reason, current.ctx)) { PermissionDeniedException exc; exc.reason = reason; throw exc; } } catch(const LocalException& ex) { if(_traceLevels && _traceLevels->session > 0) { Trace out(_traceLevels->logger, _traceLevels->sessionCat); out << "exception while verifying password with SSL client permission verifier:\n" << ex; } PermissionDeniedException exc; exc.reason = "internal server error"; throw exc; } SessionIPtr session = _clientSessionFactory->createSessionServant(userDN, 0); Ice::ObjectPrx proxy = session->_register(_servantManager, current.con); _reaper->add(new SessionReapable<SessionI>(_traceLevels->logger, session), _sessionTimeout); return SessionPrx::uncheckedCast(proxy); }
Glacier2::SessionPrx ClientSessionFactory::createGlacier2Session(const string& sessionId, const Glacier2::SessionControlPrx& ctl) { assert(_servantManager); SessionIPtr session = createSessionServant(sessionId, ctl); Ice::ObjectPrx proxy = session->_register(_servantManager, 0); int timeout = 0; if(ctl) { try { if(_filters) { Ice::IdentitySeq ids; Ice::Identity queryId; queryId.category = _database->getInstanceName(); queryId.name = "Query"; ids.push_back(queryId); _servantManager->setSessionControl(session, ctl, ids); } timeout = ctl->getSessionTimeout(); } catch(const Ice::LocalException& e) { session->destroy(Ice::Current()); Ice::Warning out(_database->getTraceLevels()->logger); out << "Failed to callback Glacier2 session control object:\n" << e; Glacier2::CannotCreateSessionException ex; ex.reason = "internal server error"; throw ex; } } _reaper->add(new SessionReapable<SessionI>(_database->getTraceLevels()->logger, session), timeout); return Glacier2::SessionPrx::uncheckedCast(proxy); }
void AllocatableObjectEntry::released(const SessionIPtr& session) { // // Remove the object allocation from the session. // session->removeAllocation(this); TraceLevelsPtr traceLevels = _cache.getTraceLevels(); Glacier2::IdentitySetPrx identities = session->getGlacier2IdentitySet(); if(identities) { try { Ice::IdentitySeq seq(1); seq.push_back(_info.proxy->ice_getIdentity()); identities->remove(seq); } catch(const Ice::LocalException& ex) { if(traceLevels && traceLevels->object > 0) { Ice::Trace out(traceLevels->logger, traceLevels->objectCat); out << "couldn't remove Glacier2 filter for object `" << _info.proxy->ice_toString(); out << "' allocated by `" << session->getId() << "':\n" << ex; } } } if(traceLevels && traceLevels->object > 1) { Ice::Trace out(traceLevels->logger, traceLevels->objectCat); out << "object `" << _info.proxy->ice_toString() << "' released by `" << session->getId() << "' (" << _count << ")"; } }
void ServerEntry::released(const SessionIPtr& session) { if(!_loaded.get() && !_load.get()) { return; } ServerDescriptorPtr desc = _loaded.get() ? _loaded->descriptor : _load->descriptor; // // If the server has the session activation mode, we re-load the // server on the node as its deployment might have changed (it's // possible to use ${session.*} variable with server with the // session activation mode. Synchronizing the server will also // shutdown the server on the node. // if(desc->activation == "session") { _updated = true; if(!_load.get()) { _load.reset(_loaded.release()); } _load->sessionId = ""; _session = 0; } TraceLevelsPtr traceLevels = _cache.getTraceLevels(); Glacier2::IdentitySetPrx identitySet = session->getGlacier2IdentitySet(); Glacier2::StringSetPrx adapterIdSet = session->getGlacier2AdapterIdSet(); if(identitySet && adapterIdSet) { ServerHelperPtr helper = createHelper(desc); multiset<string> adapterIds; multiset<Ice::Identity> identities; helper->getIds(adapterIds, identities); try { // // SunCC won't accept the following: // // ctl->adapterIds()->remove(Ice::StringSeq(adapterIds.begin(), adapterIds.end())); // ctl->identities()->remove(Ice::IdentitySeq(identities.begin(), identities.end())); // Ice::StringSeq adapterIdSeq; for(multiset<string>::iterator p = adapterIds.begin(); p != adapterIds.end(); ++p) { adapterIdSeq.push_back(*p); } Ice::IdentitySeq identitySeq; for(multiset<Ice::Identity>::iterator q = identities.begin(); q != identities.end(); ++q) { identitySeq.push_back(*q); } adapterIdSet->remove(adapterIdSeq); identitySet->remove(identitySeq); } catch(const Ice::LocalException& ex) { if(traceLevels && traceLevels->server > 0) { Ice::Trace out(traceLevels->logger, traceLevels->serverCat); out << "couldn't remove Glacier2 filters for server `" << _id << "' allocated by `"; out << session->getId() << ":\n" << ex; } } } if(traceLevels && traceLevels->server > 1) { Ice::Trace out(traceLevels->logger, traceLevels->serverCat); out << "server `" << _id << "' released by `" << session->getId() << "' (" << _count << ")"; } }