Skip to content

User session #5102

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 10 commits into from
Sep 18, 2025
Merged

User session #5102

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
10 commits
Select commit Hold shift + click to select a range
6366355
Improve HTTP session creation and usage
stroomdev66 Sep 5, 2025
7c2647e
Fix OIDC code flow to stop session being lost
at055612 Sep 8, 2025
5d38823
Refactor getSession and get/set attr calls
at055612 Sep 9, 2025
9dab64b
Fix accidental session creation, improve logging
at055612 Sep 10, 2025
1a14889
Change resource store to not use sessions
at055612 Sep 12, 2025
d60e172
Fix failing test
at055612 Sep 15, 2025
3abd165
Fix failing test
at055612 Sep 15, 2025
8e17b32
Update javadoc
at055612 Sep 15, 2025
6eff909
Fix compile error
at055612 Sep 15, 2025
b01b1f0
Fix DistributedTaskFetcher ex handling, add debug logging
at055612 Sep 17, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
190 changes: 190 additions & 0 deletions scripts/export_content.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,190 @@
#!/usr/bin/env bash

set -e -o pipefail

showUsage() {
echo -e "Usage: ${BLUE}$0 [OPTION]... [UUID]...${NC}"
echo -e "OPTIONs:"
echo -e " ${GREEN}-d${NC} - The data file to read from (or '-' for stdin)"
echo -e " ${GREEN}-u${NC} - The base URL to use. If not set, uses http://localhost:8080"
echo -e " ${GREEN}-o${NC} - The file path to export to. If not set it will be written to the current directory with the resource name"
echo -e "UUID:"
echo -e " Each UUID is of the form '<UUID>,<Type>', e.g. '18d92d74-a5aa-4a81-83be-46fb6d84a60e,Pipeline'"
echo -e "e.g.: ${BLUE}$0 -d - ${NC} - Exports all UUIDs in std into a file in this directory"
echo
}

setup_echo_colours() {
# Exit the script on any error
set -e

# shellcheck disable=SC2034
if [ "${MONOCHROME}" = true ]; then
RED=''
GREEN=''
YELLOW=''
BLUE=''
BLUE2=''
DGREY=''
NC='' # No Colour
else
RED='\033[1;31m'
GREEN='\033[1;32m'
YELLOW='\033[1;33m'
BLUE='\033[1;34m'
BLUE2='\033[1;34m'
DGREY='\e[90m'
NC='\033[0m' # No Colour
fi
}

debug_value() {
local name="$1"; shift
local value="$1"; shift

if [ "${IS_DEBUG}" = true ]; then
echo -e "${DGREY}DEBUG ${name}: ${value}${NC}"
fi
}

debug() {
local str="$1"; shift

if [ "${IS_DEBUG}" = true ]; then
echo -e "${DGREY}DEBUG ${str}${NC}"
fi
}

main() {
IS_DEBUG=false
#SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null && pwd )"

setup_echo_colours

local uuids_arr=()
local url_base
local data_filename
local output_filename

if [[ -z "${TOKEN}" ]]; then
echo -e "${RED}Environment variable TOKEN must be set with an API key or an OAuth token${NC}" >&2
exit 1
fi

while [ ${OPTIND} -le "$#" ]; do
if getopts d:ho:u: option
then
case ${option} in
h)
showUsage
;;
u)
if [[ -z "${OPTARG}" ]]; then
echo -e "${RED}-u argument requires a base URL to be specified${NC}" >&2
echo
showUsage
exit 1
fi
url_base="${OPTARG}"
;;
d)
if [[ -z "${OPTARG}" ]]; then
echo -e "${RED}-d argument requires a filename or '-' to read from stdin${NC}" >&2
echo
showUsage
exit 1
fi
data_filename="${OPTARG}"
;;
o)
if [[ -z "${OPTARG}" ]]; then
echo -e "${RED}-o argument requires a file path to output to${NC}" >&2
echo
showUsage
exit 1
fi
output_filename="${OPTARG}"
;;
esac
else
uuids_arr+=("${!OPTIND}")
((OPTIND++))
fi
done

# Add all the uuids from file/stdin
if [[ -n "${data_filename}" ]]; then
if [[ "${data_filename}" = "-" ]]; then
data_filename="/dev/stdin"
fi

while read -r line; do
uuids_arr+=( "${line}" )
done < "${data_filename}"
fi

if [[ "${#uuids_arr[@]}" -eq 0 ]]; then
echo "No UUIDs to export" >&2
exit 1
fi


local uuids_str
uuids_str=$( printf "%s\n" "${uuids_arr[@]}" )
local req_json
req_json=$( \
jq -R -s '{
docRefs: [
split("\n")[]
| select(length > 0)
| split(",")
| {uuid: .[0], type: .[1]}
]
}' <<< "${uuids_str}" )

#echo -e "${req_json}"

if [[ -z "${url_base}" ]]; then
url_base="http://localhost:8080"
fi

local export_url="${url_base}/api/content/v1/export"
local resource_url="${url_base}/resourcestore/"

local resource_key_json
resource_key_json=$( \
echo -e "${req_json}" | curl \
-s \
--request POST \
-H "Content-Type:application/json" \
-H "Authorization:Bearer ${TOKEN}" \
-d @- \
"${export_url}" )

#echo -e "${resource_key_json}"

local key
local name
key=$( jq -r '.resourceKey.key' <<< "${resource_key_json}" )
name=$( jq -r '.resourceKey.name' <<< "${resource_key_json}" )
if [[ -z "${output_filename}" ]]; then
output_filename="${name}"
fi

echo -e "${GREEN}Downloading resource ${YELLOW}${key}${GREEN} to file ${BLUE}${output_filename}${NC}"
resource_url="${resource_url}?uuid=${key}"
#echo -e "${resource_url}"

curl \
-s \
--output "${name}" \
-H "Authorization: Bearer $TOKEN" \
"${resource_url}"


#http POST http://localhost:8080/api/content/v1/export "Authorization:Bearer ${TOKEN}"
#| jq -r '.resourceKey.key') && curl --output content.zip -H "Authorization: Bearer $TOKEN" http://localhost:8080/resourcestore/\?uuid\=$key

}

main "$@"
117 changes: 117 additions & 0 deletions scripts/import_content.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,117 @@
#!/usr/bin/env bash

# Script to import a single Stroom content pack ZIP file into Stroom.
# Requires that the environment variable TOKEN is set with either a
# valid API Key or an OAuth token.
# Usage:
# import_content.sh CONTENT_ZIP_FILE [URL_BASE]
# e.g. import_content.sh /some/path/StroomConfig.zip
# e.g. import_content.sh /some/path/StroomConfig.zip https://stroom.some.domain

set -e -o pipefail

showUsage() {
echo -e "Usage: ${BLUE}$0 [OPTION]... FILE${NC}"
echo -e "OPTIONs:"
echo -e " ${GREEN}-d${NC} - The data file to read from (or '-' for stdin)"
echo -e " ${GREEN}-u${NC} - The base URL to use. If not set, uses http://localhost:8080"
echo -e " ${GREEN}-o${NC} - The file path to export to. If not set it will be written to the current directory with the resource name"
echo -e "FILE: The file to import"
echo -e "e.g.: ${BLUE}$0 content.zip${NC}"
echo -e "e.g.: ${BLUE}$0 -u content.zip${NC}"
echo
}

main() {
if [[ -z "${TOKEN}" ]]; then
echo -e "${RED}Environment variable TOKEN must be set with an API key or an OAuth token${NC}" >&2
exit 1
fi

while getopts hu: option; do
case ${option} in
h)
showUsage
;;
u)
if [[ -z "${OPTARG}" ]]; then
echo -e "${RED}-u argument requires a base URL to be specified${NC}" >&2
echo
showUsage
exit 1
fi
url_base="${OPTARG}"
;;
esac
done

# shellcheck disable=SC2124
local content_zip_file="${@:$OPTIND:1}"; shift
if [[ -z "${content_zip_file}" ]]; then
echo -e "${RED}content_zip_file argument must be provided${NC}" >&2
exit 1
fi

if [[ -z "${url_base}" ]]; then
url_base="http://localhost:8080"
fi

echo -e "${GREEN}Uploading file '${BLUE}${content_zip_file}${GREEN}' to a temporary file${NC}"

local response1
response1="$( \
curl \
--silent \
--header "Authorization: Bearer ${TOKEN}" \
--form "encoding=multipart/form-data" \
--form fileUpload="@${content_zip_file}" \
--request POST \
"${url_base}/importfile.rpc" \
)"

echo -e "${GREEN}File uploaded${NC}"

echo -e "${response1}"
# response1 looks like
# '#PM#success=true name=StroomConfig.zip key=e015e5d4-8a6a-4454-8d81-913e6c13cca5#PM#'

local key
key="$( \
grep \
--only-matching \
--perl-regexp \
'(?<=key=)[^ #]+' \
<<< "${response1}"
)"

# name is only really used for logging purposes in stroom, but provide
# it anyway
local name
name="$( \
grep \
--only-matching \
--perl-regexp \
'(?<=name=)[^ #]+' \
<<< "${response1}"
)"

local import_request
import_request="{ \"confirmList\": [], \"importSettings\": { \"importMode\": \"IGNORE_CONFIRMATION\" }, \"resourceKey\": { \"key\": \"${key}\", \"name\": \"${name}\" } }"

echo "Importing content"

# Not interested in the response
curl \
--silent \
--request POST \
--header "Authorization:Bearer ${TOKEN}" \
--header 'Content-Type: application/json' \
--data "${import_request}" \
"${url_base}/api/content/v1/import" \
> /dev/null

echo "Content imported successfully"
echo "Done!"
}

main "$@"
23 changes: 3 additions & 20 deletions ...activity/stroom-activity-impl/src/main/java/stroom/activity/impl/CurrentActivityImpl.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,11 +19,11 @@
import stroom.activity.api.CurrentActivity;
import stroom.activity.shared.Activity;
import stroom.security.api.SecurityContext;
import stroom.util.servlet.SessionUtil;

import com.google.inject.Inject;
import jakarta.inject.Provider;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpSession;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

Expand All @@ -49,17 +49,7 @@ public Activity getActivity() {

try {
final HttpServletRequest request = httpServletRequestProvider.get();
if (request != null) {
final HttpSession session = request.getSession(false);
if (session != null) {
final Object object = session.getAttribute(NAME);
if (object instanceof Activity) {
activity = (Activity) object;
}
} else {
LOGGER.debug("No Session");
}
}
activity = SessionUtil.getAttribute(request, NAME, Activity.class, false);
} catch (final RuntimeException e) {
LOGGER.debug(e.getMessage(), e);
}
Expand All @@ -72,14 +62,7 @@ public Activity getActivity() {
public void setActivity(final Activity activity) {
securityContext.secure(() -> {
final HttpServletRequest request = httpServletRequestProvider.get();
if (request != null) {
final HttpSession session = request.getSession(false);
if (session != null) {
session.setAttribute(NAME, activity);
} else {
LOGGER.debug("No Session");
}
}
SessionUtil.setAttribute(request, NAME, activity, false);
});
}
}
Expand Down
10 changes: 6 additions & 4 deletions stroom-app/src/main/java/stroom/app/App.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -54,6 +54,7 @@
import stroom.util.logging.LambdaLogger;
import stroom.util.logging.LambdaLoggerFactory;
import stroom.util.logging.LogUtil;
import stroom.util.servlet.SessionUtil;
import stroom.util.shared.AbstractConfig;
import stroom.util.shared.ModelStringUtil;
import stroom.util.shared.NullSafe;
Expand Down Expand Up @@ -88,7 +89,6 @@ public class App extends Application<Config> {
private static final LambdaLogger LOGGER = LambdaLoggerFactory.getLogger(App.class);

private static final String APP_NAME = "Stroom";
public static final String SESSION_COOKIE_NAME = "STROOM_SESSION_ID";

@Inject
private HealthChecks healthChecks;
Expand Down Expand Up @@ -158,10 +158,10 @@ public void initialize(final Bootstrap<Config> bootstrap) {

// Add the GWT UI assets.
bootstrap.addBundle(new DynamicAssetsBundle(
"/ui",
ResourcePaths.UI_PATH,
ResourcePaths.UI_PATH,
"index.html",
"ui"));
ResourcePaths.UI_SERVLET_NAME));

addCliCommands(bootstrap);

Expand Down Expand Up @@ -358,7 +358,9 @@ private void configureSessionHandling(final Environment environment,
final SessionHandler sessionHandler = new SessionHandler();
// We need to give our session cookie a name other than JSESSIONID, otherwise it might
// clash with other services running on the same domain.
sessionHandler.setSessionCookie(SESSION_COOKIE_NAME);
sessionHandler.setSessionCookie(SessionUtil.STROOM_SESSION_COOKIE_NAME);
// In case we use URL encoding of the session ID, which we currently don't
sessionHandler.setSessionIdPathParameterName(SessionUtil.STROOM_SESSION_COOKIE_NAME);
long maxInactiveIntervalSecs = NullSafe.getOrElse(
sessionConfig.getMaxInactiveInterval(),
StroomDuration::getDuration,
Expand Down
Loading