SessionPrx
RegistryI::createSession(const string& user, const string& password, const Current& current)
{
if(!_master)
{
PermissionDeniedException ex;
ex.reason = "client session creation is only allowed with the master registry.";
throw ex;
}
assert(_reaper && _clientSessionFactory);
if(!_clientVerifier)
{
PermissionDeniedException ex;
ex.reason = "no permissions verifier configured, use the property\n";
ex.reason += "`IceGrid.Registry.PermissionsVerifier' to configure\n";
ex.reason += "a permissions verifier.";
throw ex;
}
if(user.empty())
{
PermissionDeniedException ex;
ex.reason = "empty user id";
throw ex;
}
try
{
string reason;
if(!_clientVerifier->checkPermissions(user, password, reason, current.ctx))
{
PermissionDeniedException exc;
exc.reason = reason;
throw exc;
}
}
catch(const LocalException& ex)
{
if(_traceLevels && _traceLevels->session > 0)
{
Trace out(_traceLevels->logger, _traceLevels->sessionCat);
out << "exception while verifying password with client permission verifier:\n" << ex;
}
PermissionDeniedException exc;
exc.reason = "internal server error";
throw exc;
}
SessionIPtr session = _clientSessionFactory->createSessionServant(user, 0);
Ice::ObjectPrx proxy = session->registerWithServantLocator(_sessionServantLocator, current.con);
if(_sessionTimeout > 0)
{
_reaper->add(new SessionReapable<SessionI>(_traceLevels->logger, session), _sessionTimeout);
}
return SessionPrx::uncheckedCast(proxy);
}
SessionPrx
RegistryI::createSessionFromSecureConnection(const Current& current)
{
if(!_master)
{
PermissionDeniedException ex;
ex.reason = "client session creation is only allowed with the master registry.";
throw ex;
}
assert(_reaper && _clientSessionFactory);
if(!_sslClientVerifier)
{
PermissionDeniedException ex;
ex.reason = "no ssl permissions verifier configured, use the property\n";
ex.reason += "`IceGrid.Registry.SSLPermissionsVerifier' to configure\n";
ex.reason += "a permissions verifier.";
throw ex;
}
string userDN;
Glacier2::SSLInfo info = getSSLInfo(current.con, userDN);
if(userDN.empty())
{
PermissionDeniedException ex;
ex.reason = "empty user DN";
throw ex;
}
try
{
string reason;
if(!_sslClientVerifier->authorize(info, reason, current.ctx))
{
PermissionDeniedException exc;
exc.reason = reason;
throw exc;
}
}
catch(const LocalException& ex)
{
if(_traceLevels && _traceLevels->session > 0)
{
Trace out(_traceLevels->logger, _traceLevels->sessionCat);
out << "exception while verifying password with SSL client permission verifier:\n" << ex;
}
PermissionDeniedException exc;
exc.reason = "internal server error";
throw exc;
}
SessionIPtr session = _clientSessionFactory->createSessionServant(userDN, 0);
Ice::ObjectPrx proxy = session->_register(_servantManager, current.con);
_reaper->add(new SessionReapable<SessionI>(_traceLevels->logger, session), _sessionTimeout);
return SessionPrx::uncheckedCast(proxy);
}
Glacier2::SessionPrx
ClientSessionFactory::createGlacier2Session(const string& sessionId, const Glacier2::SessionControlPrx& ctl)
{
assert(_servantManager);
SessionIPtr session = createSessionServant(sessionId, ctl);
Ice::ObjectPrx proxy = session->_register(_servantManager, 0);
int timeout = 0;
if(ctl)
{
try
{
if(_filters)
{
Ice::IdentitySeq ids;
Ice::Identity queryId;
queryId.category = _database->getInstanceName();
queryId.name = "Query";
ids.push_back(queryId);
_servantManager->setSessionControl(session, ctl, ids);
}
timeout = ctl->getSessionTimeout();
}
catch(const Ice::LocalException& e)
{
session->destroy(Ice::Current());
Ice::Warning out(_database->getTraceLevels()->logger);
out << "Failed to callback Glacier2 session control object:\n" << e;
Glacier2::CannotCreateSessionException ex;
ex.reason = "internal server error";
throw ex;
}
}
_reaper->add(new SessionReapable<SessionI>(_database->getTraceLevels()->logger, session), timeout);
return Glacier2::SessionPrx::uncheckedCast(proxy);
}
void
AllocatableObjectEntry::released(const SessionIPtr& session)
{
//
// Remove the object allocation from the session.
//
session->removeAllocation(this);
TraceLevelsPtr traceLevels = _cache.getTraceLevels();
Glacier2::IdentitySetPrx identities = session->getGlacier2IdentitySet();
if(identities)
{
try
{
Ice::IdentitySeq seq(1);
seq.push_back(_info.proxy->ice_getIdentity());
identities->remove(seq);
}
catch(const Ice::LocalException& ex)
{
if(traceLevels && traceLevels->object > 0)
{
Ice::Trace out(traceLevels->logger, traceLevels->objectCat);
out << "couldn't remove Glacier2 filter for object `" << _info.proxy->ice_toString();
out << "' allocated by `" << session->getId() << "':\n" << ex;
}
}
}
if(traceLevels && traceLevels->object > 1)
{
Ice::Trace out(traceLevels->logger, traceLevels->objectCat);
out << "object `" << _info.proxy->ice_toString() << "' released by `" << session->getId() << "' (" << _count
<< ")";
}
}
void
ServerEntry::released(const SessionIPtr& session)
{
if(!_loaded.get() && !_load.get())
{
return;
}
ServerDescriptorPtr desc = _loaded.get() ? _loaded->descriptor : _load->descriptor;
//
// If the server has the session activation mode, we re-load the
// server on the node as its deployment might have changed (it's
// possible to use ${session.*} variable with server with the
// session activation mode. Synchronizing the server will also
// shutdown the server on the node.
//
if(desc->activation == "session")
{
_updated = true;
if(!_load.get())
{
_load.reset(_loaded.release());
}
_load->sessionId = "";
_session = 0;
}
TraceLevelsPtr traceLevels = _cache.getTraceLevels();
Glacier2::IdentitySetPrx identitySet = session->getGlacier2IdentitySet();
Glacier2::StringSetPrx adapterIdSet = session->getGlacier2AdapterIdSet();
if(identitySet && adapterIdSet)
{
ServerHelperPtr helper = createHelper(desc);
multiset<string> adapterIds;
multiset<Ice::Identity> identities;
helper->getIds(adapterIds, identities);
try
{
//
// SunCC won't accept the following:
//
// ctl->adapterIds()->remove(Ice::StringSeq(adapterIds.begin(), adapterIds.end()));
// ctl->identities()->remove(Ice::IdentitySeq(identities.begin(), identities.end()));
//
Ice::StringSeq adapterIdSeq;
for(multiset<string>::iterator p = adapterIds.begin(); p != adapterIds.end(); ++p)
{
adapterIdSeq.push_back(*p);
}
Ice::IdentitySeq identitySeq;
for(multiset<Ice::Identity>::iterator q = identities.begin(); q != identities.end(); ++q)
{
identitySeq.push_back(*q);
}
adapterIdSet->remove(adapterIdSeq);
identitySet->remove(identitySeq);
}
catch(const Ice::LocalException& ex)
{
if(traceLevels && traceLevels->server > 0)
{
Ice::Trace out(traceLevels->logger, traceLevels->serverCat);
out << "couldn't remove Glacier2 filters for server `" << _id << "' allocated by `";
out << session->getId() << ":\n" << ex;
}
}
}
if(traceLevels && traceLevels->server > 1)
{
Ice::Trace out(traceLevels->logger, traceLevels->serverCat);
out << "server `" << _id << "' released by `" << session->getId() << "' (" << _count << ")";
}
}
