GEODE-1728: Recursively checking for wrapped http sessions

Our check for wrapped http sessions in the session caching module was
not working if a request was wrapped by our module and then by a third
party filter that also wrapped the request.

extensions/geode-modules-session/src/main/java/com/gemstone/gemfire/modules/session/filter/SessionCachingFilter.java

@@ -423,8 +423,7 @@ public void doFilter(ServletRequest request, ServletResponse response,
      * Early out if this isn't the right kind of request. We might see a
      * RequestWrapper instance during a forward or include request.
      */
-    if (request instanceof RequestWrapper ||
-        !(request instanceof HttpServletRequest)) {
+    if (alreadyWrapped(httpReq)) {
       LOG.debug("Handling already-wrapped request");
       chain.doFilter(request, response);
       return;
@@ -479,6 +478,28 @@ public void doFilter(ServletRequest request, ServletResponse response,
     }
   }
 
+  /**
+   * Test if a request has been wrapped with RequestWrapper somewhere
+   * in the chain of wrapped requests.
+   */
+  private boolean alreadyWrapped(final ServletRequest request) {
+    if(request instanceof RequestWrapper) {
+      return true;
+    }
+
+    if(!(request instanceof ServletRequestWrapper)) {
+      return false;
+    }
+
+    final ServletRequest nestedRequest = ((ServletRequestWrapper) request).getRequest();
+
+    if(nestedRequest == request) {
+      return false;
+    }
+
+    return alreadyWrapped(nestedRequest);
+  }
+
   /**
    * Return the filter configuration object for this filter.
    */

extensions/geode-modules-session/src/test/java/com/gemstone/gemfire/modules/session/internal/filter/CommonTests.java

@@ -18,13 +18,22 @@
 
 import static org.junit.Assert.*;
 
+import java.io.IOException;
 import java.util.concurrent.TimeUnit;
+import javax.servlet.Filter;
+import javax.servlet.FilterChain;
+import javax.servlet.FilterConfig;
+import javax.servlet.ServletException;
+import javax.servlet.ServletRequest;
+import javax.servlet.ServletResponse;
 import javax.servlet.http.Cookie;
 import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletRequestWrapper;
 import javax.servlet.http.HttpServletResponse;
 import javax.servlet.http.HttpSession;
 import javax.servlet.http.HttpSessionAttributeListener;
 
+import com.gemstone.gemfire.modules.session.filter.SessionCachingFilter;
 import com.mockrunner.mock.web.MockHttpServletRequest;
 import com.mockrunner.mock.web.MockHttpServletResponse;
 import com.mockrunner.mock.web.MockHttpSession;
@@ -577,4 +586,37 @@ public void testIsRequestedSessionIdFromURL() {
     assertTrue("Session ID should be from URL", request.isRequestedSessionIdFromURL());
   }
 
+  @Test
+  public void testOnlyOneSessionWhenSecondFilterWrapsRequest() throws Exception {
+    createFilter(RequestWrappingFilter.class);
+    createFilter(SessionCachingFilter.class);
+    doFilter();
+    HttpServletRequest request = (HttpServletRequest) getFilteredRequest();
+    HttpSession originalSession = (HttpSession) request.getAttribute("original_session");
+    assertEquals(originalSession, request.getSession());
+  }
+
+  public static class RequestWrappingFilter implements Filter {
+
+    @Override public void init(final FilterConfig filterConfig) throws ServletException {
+
+    }
+
+    @Override
+    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
+      throws IOException, ServletException
+    {
+      final HttpServletRequest httpRequest = (HttpServletRequest) request;
+      httpRequest.getSession();
+      httpRequest.setAttribute("original_session", httpRequest.getSession());
+      request = new HttpServletRequestWrapper(httpRequest);
+      chain.doFilter(request, response);
+
+    }
+
+    @Override public void destroy() {
+
+    }
+  }
+
 }