From cdbb987cd6e896aa618b4d8609bce318535a53b0 Mon Sep 17 00:00:00 2001 From: "Eric J. Bowersox" Date: Fri, 5 Nov 2004 23:48:17 +0000 Subject: [PATCH] detect crawlers and strippers and chop off their sessions --- scripts/session_init.js | 61 ++++++++++++------- .../venice/ui/helpers/SessionKiller.java | 53 ++++++++++++++++ .../venice/ui/script/ScriptLibrary.java | 10 ++- .../venice/ui/servlet/BrowserDatabase.java | 5 ++ 4 files changed, 103 insertions(+), 26 deletions(-) create mode 100644 src/com/silverwrist/venice/ui/helpers/SessionKiller.java diff --git a/scripts/session_init.js b/scripts/session_init.js index bf11574..f5c050d 100644 --- a/scripts/session_init.js +++ b/scripts/session_init.js @@ -23,30 +23,45 @@ importPackage(Packages.com.silverwrist.venice.ui.helpers); rinput = bsf.lookupBean("request"); sess = vlib.castVeniceUISession(bsf.lookupBean("session")); -// Get the login cookie name and the CookieControl service. -cookie_name = rinput.getConfigProperty("login.cookie"); -cctl = vlib.queryCookieControl(rinput); -if (cctl.isCookiePresent(cookie_name)) -{ // get the login cookie value and try to use it to log in - logger.debug("cookie " + cookie_name + " found"); - logged_in = false; - try - { // attempt to log the user in with the cookie - // but don't do it if they're IP-banned - if (rinput.engine.testIPBan(rinput.sourceAddress)==null) - logged_in = sess.user.authenticateWithToken(cctl.getCookie(cookie_name)); +// Is this browser a crawler or stripper? If so, make sure the session is destroyed at +// the end of this request. +binfo = vlib.queryBrowserInformation(rinput); +if (binfo.hasCapability("crawler") || binfo.hasCapability("stripper")) +{ // delete this session after 30 seconds if nothing else happens + logger.debug("this session is a crawler, it will be killed"); + sess.setMaxInactiveInterval(30); - } // end try - catch (e) - { // login failed - logger.error("caught " + vlib.exceptionType(e) + ": " + e.message); - logged_in = false; - - } // end catch - - if (!logged_in) // not logged in - delete the cookie - cctl.deleteCookie(cookie_name); + // the session will be killed at the end of the request anyway + rinput.registerCleanup(new SessionKiller(sess)); } // end if else - logger.debug("cookie " + cookie_name + " not found"); \ No newline at end of file +{ // Get the login cookie name and the CookieControl service. + cookie_name = rinput.getConfigProperty("login.cookie"); + cctl = vlib.queryCookieControl(rinput); + if (cctl.isCookiePresent(cookie_name)) + { // get the login cookie value and try to use it to log in + logger.debug("cookie " + cookie_name + " found"); + logged_in = false; + try + { // attempt to log the user in with the cookie + // but don't do it if they're IP-banned + if (rinput.engine.testIPBan(rinput.sourceAddress)==null) + logged_in = sess.user.authenticateWithToken(cctl.getCookie(cookie_name)); + + } // end try + catch (e) + { // login failed + logger.error("caught " + vlib.exceptionType(e) + ": " + e.message); + logged_in = false; + + } // end catch + + if (!logged_in) // not logged in - delete the cookie + cctl.deleteCookie(cookie_name); + + } // end if + else + logger.debug("cookie " + cookie_name + " not found"); + +} // end else (this is a REAL browser, not a crawler or stripper) diff --git a/src/com/silverwrist/venice/ui/helpers/SessionKiller.java b/src/com/silverwrist/venice/ui/helpers/SessionKiller.java new file mode 100644 index 0000000..501fecb --- /dev/null +++ b/src/com/silverwrist/venice/ui/helpers/SessionKiller.java @@ -0,0 +1,53 @@ +/* + * The contents of this file are subject to the Mozilla Public License Version 1.1 + * (the "License"); you may not use this file except in compliance with the License. + * You may obtain a copy of the License at . + * + * Software distributed under the License is distributed on an "AS IS" basis, WITHOUT + * WARRANTY OF ANY KIND, either express or implied. See the License for the specific + * language governing rights and limitations under the License. + * + * The Original Code is the Venice Web Communities System. + * + * The Initial Developer of the Original Code is Eric J. Bowersox , + * for Silverwrist Design Studios. Portions created by Eric J. Bowersox are + * Copyright (C) 2004 Eric J. Bowersox/Silverwrist Design Studios. All Rights Reserved. + * + * Contributor(s): + */ +package com.silverwrist.venice.ui.helpers; + +import com.silverwrist.venice.ui.*; + +public class SessionKiller implements AutoCleanup +{ + /*-------------------------------------------------------------------------------- + * Attributes + *-------------------------------------------------------------------------------- + */ + + private final VeniceUISession m_sess; + + /*-------------------------------------------------------------------------------- + * Constructor + *-------------------------------------------------------------------------------- + */ + + public SessionKiller(VeniceUISession sess) + { + m_sess = sess; + + } // end constructor + + /*-------------------------------------------------------------------------------- + * Implementations from interface AutoCleanup + *-------------------------------------------------------------------------------- + */ + + public void cleanup() + { + m_sess.invalidate(); + + } // end cleanup + +} // end class SessionKiller diff --git a/src/com/silverwrist/venice/ui/script/ScriptLibrary.java b/src/com/silverwrist/venice/ui/script/ScriptLibrary.java index a628ffc..913c196 100644 --- a/src/com/silverwrist/venice/ui/script/ScriptLibrary.java +++ b/src/com/silverwrist/venice/ui/script/ScriptLibrary.java @@ -24,9 +24,7 @@ import org.w3c.dom.*; import com.silverwrist.util.StringUtil; import com.silverwrist.venice.core.*; import com.silverwrist.venice.ui.VeniceUISession; -import com.silverwrist.venice.ui.helpers.CookieControl; -import com.silverwrist.venice.ui.helpers.HTMLRendering; -import com.silverwrist.venice.ui.helpers.SessionControl; +import com.silverwrist.venice.ui.helpers.*; import com.silverwrist.venice.util.*; public class ScriptLibrary @@ -220,6 +218,12 @@ public class ScriptLibrary } // end join + public final BrowserInformation queryBrowserInformation(ServiceProvider sp) + { + return (BrowserInformation)(sp.queryService(BrowserInformation.class)); + + } // end queryBrowserInformation + public final CookieControl queryCookieControl(ServiceProvider sp) { return (CookieControl)(sp.queryService(CookieControl.class)); diff --git a/src/com/silverwrist/venice/ui/servlet/BrowserDatabase.java b/src/com/silverwrist/venice/ui/servlet/BrowserDatabase.java index 8b5e0e9..75cd73d 100644 --- a/src/com/silverwrist/venice/ui/servlet/BrowserDatabase.java +++ b/src/com/silverwrist/venice/ui/servlet/BrowserDatabase.java @@ -110,6 +110,11 @@ class BrowserDatabase } // end finally + if (m_broken) + logger.info("BrowserDatabase: load broken"); + else + logger.info("BrowserDatabase: loaded " + m_browser_list.size() + " entries"); + } // end constructor /*--------------------------------------------------------------------------------