private void registerSessionIfRequired(SingleSignOn sso, Session session) { if (!sso.contains(session)) { if(log.isTraceEnabled()) { log.tracef("Session %s added to SSO %s", session.getId(), sso.getId()); } sso.add(session); } if(session.getAttribute(SSO_SESSION_ATTRIBUTE) == null) { if(log.isTraceEnabled()) { log.tracef("SSO_SESSION_ATTRIBUTE not found. Creating it with SSO ID %s as value.", sso.getId()); } session.setAttribute(SSO_SESSION_ATTRIBUTE, sso.getId()); } SessionManager manager = session.getSessionManager(); if (seenSessionManagers.add(manager)) { manager.registerSessionListener(listener); } }
log.tracef("SSO session with ID: %s found.", ssoId); Account verified = getIdentityManager(securityContext).verify(sso.getAccount()); if (verified == null) { if(log.isTraceEnabled()) { securityContext.authenticationComplete(verified, sso.getMechanismName(), false); securityContext.registerNotificationReceiver(new NotificationReceiver() { @Override
@Override public void sessionDestroyed(Session session, HttpServerExchange exchange, SessionDestroyedReason reason) { String ssoId = (String) session.getAttribute(SSO_SESSION_ATTRIBUTE); if (ssoId != null) { if(log.isTraceEnabled()) { log.tracef("Removing SSO ID %s from destroyed session %s.", ssoId, session.getId()); } List<Session> sessionsToRemove = new LinkedList<>(); try (SingleSignOn sso = singleSignOnManager.findSingleSignOn(ssoId)) { if (sso != null) { sso.remove(session); if (reason == SessionDestroyedReason.INVALIDATED) { for (Session associatedSession : sso) { sso.remove(associatedSession); sessionsToRemove.add(associatedSession); } } // If there are no more associated sessions, remove the SSO altogether if (!sso.iterator().hasNext()) { singleSignOnManager.removeSingleSignOn(sso); } } } // Any consequential session invalidations will trigger this listener recursively, // so make sure we don't attempt to invalidate session until after the sso is removed. for (Session sessionToRemove : sessionsToRemove) { sessionToRemove.invalidate(null); } } }
@Override public StreamSinkConduit wrap(ConduitFactory<StreamSinkConduit> factory, HttpServerExchange exchange) { SecurityContext sc = exchange.getSecurityContext(); Account account = sc.getAuthenticatedAccount(); if (account != null) { try (SingleSignOn sso = singleSignOnManager.createSingleSignOn(account, sc.getMechanismName())) { Session session = getSession(exchange); registerSessionIfRequired(sso, session); exchange.getResponseCookies().put(cookieName, new CookieImpl(cookieName, sso.getId()).setHttpOnly(httpOnly).setSecure(secure).setDomain(domain).setPath(path)); } } return factory.create(); } }
private void registerSessionIfRequired(SingleSignOn sso, Session session) { if (!sso.contains(session)) { if(log.isTraceEnabled()) { log.tracef("Session %s added to SSO %s", session.getId(), sso.getId()); } sso.add(session); } if(session.getAttribute(SSO_SESSION_ATTRIBUTE) == null) { if(log.isTraceEnabled()) { log.tracef("SSO_SESSION_ATTRIBUTE not found. Creating it with SSO ID %s as value.", sso.getId()); } session.setAttribute(SSO_SESSION_ATTRIBUTE, sso.getId()); } SessionManager manager = session.getSessionManager(); if (seenSessionManagers.add(manager)) { manager.registerSessionListener(listener); } }
@Override public void sessionDestroyed(Session session, HttpServerExchange exchange, SessionDestroyedReason reason) { String ssoId = (String) session.getAttribute(SSO_SESSION_ATTRIBUTE); if (ssoId != null) { if(log.isTraceEnabled()) { log.tracef("Removing SSO ID %s from destroyed session %s.", ssoId, session.getId()); } List<Session> sessionsToRemove = new LinkedList<>(); try (SingleSignOn sso = singleSignOnManager.findSingleSignOn(ssoId)) { if (sso != null) { sso.remove(session); if (reason == SessionDestroyedReason.INVALIDATED) { for (Session associatedSession : sso) { sso.remove(associatedSession); sessionsToRemove.add(associatedSession); } } // If there are no more associated sessions, remove the SSO altogether if (!sso.iterator().hasNext()) { singleSignOnManager.removeSingleSignOn(sso); } } } // Any consequential session invalidations will trigger this listener recursively, // so make sure we don't attempt to invalidate session until after the sso is removed. for (Session sessionToRemove : sessionsToRemove) { sessionToRemove.invalidate(null); } } }
log.tracef("SSO session with ID: %s found.", ssoId); Account verified = getIdentityManager(securityContext).verify(sso.getAccount()); if (verified == null) { if(log.isTraceEnabled()) { securityContext.authenticationComplete(verified, sso.getMechanismName(), false); securityContext.registerNotificationReceiver(new NotificationReceiver() { @Override
private void registerSessionIfRequired(SingleSignOn sso, Session session) { if (!sso.contains(session)) { if(log.isTraceEnabled()) { log.tracef("Session %s added to SSO %s", session.getId(), sso.getId()); } sso.add(session); } if(session.getAttribute(SSO_SESSION_ATTRIBUTE) == null) { if(log.isTraceEnabled()) { log.tracef("SSO_SESSION_ATTRIBUTE not found. Creating it with SSO ID %s as value.", sso.getId()); } session.setAttribute(SSO_SESSION_ATTRIBUTE, sso.getId()); } SessionManager manager = session.getSessionManager(); if (seenSessionManagers.add(manager)) { manager.registerSessionListener(listener); } }
@Override public void sessionDestroyed(Session session, HttpServerExchange exchange, SessionDestroyedReason reason) { String ssoId = (String) session.getAttribute(SSO_SESSION_ATTRIBUTE); if (ssoId != null) { if(log.isTraceEnabled()) { log.tracef("Removing SSO ID %s from destroyed session %s.", ssoId, session.getId()); } List<Session> sessionsToRemove = new LinkedList<>(); try (SingleSignOn sso = singleSignOnManager.findSingleSignOn(ssoId)) { if (sso != null) { sso.remove(session); if (reason == SessionDestroyedReason.INVALIDATED) { for (Session associatedSession : sso) { sso.remove(associatedSession); sessionsToRemove.add(associatedSession); } } // If there are no more associated sessions, remove the SSO altogether if (!sso.iterator().hasNext()) { singleSignOnManager.removeSingleSignOn(sso); } } } // Any consequential session invalidations will trigger this listener recursively, // so make sure we don't attempt to invalidate session until after the sso is removed. for (Session sessionToRemove : sessionsToRemove) { sessionToRemove.invalidate(null); } } }
log.tracef("SSO session with ID: %s found.", ssoId); Account verified = getIdentityManager(securityContext).verify(sso.getAccount()); if (verified == null) { if(log.isTraceEnabled()) { securityContext.authenticationComplete(verified, sso.getMechanismName(), false); securityContext.registerNotificationReceiver(new NotificationReceiver() { @Override
@Override public void removeSingleSignOn(SingleSignOn sso) { if (sso instanceof InvalidatableSingleSignOn) { if(log.isTraceEnabled()) { log.tracef("Removing SSO ID %s", sso.getId()); } ((InvalidatableSingleSignOn) sso).invalidate(); } } }
@Override public StreamSinkConduit wrap(ConduitFactory<StreamSinkConduit> factory, HttpServerExchange exchange) { SecurityContext sc = exchange.getSecurityContext(); Account account = sc.getAuthenticatedAccount(); if (account != null) { try (SingleSignOn sso = singleSignOnManager.createSingleSignOn(account, sc.getMechanismName())) { Session session = getSession(exchange); registerSessionIfRequired(sso, session); exchange.getResponseCookies().put(cookieName, new CookieImpl(cookieName, sso.getId()).setHttpOnly(httpOnly).setSecure(secure).setDomain(domain).setPath(path)); } } return factory.create(); } }
@Override public StreamSinkConduit wrap(ConduitFactory<StreamSinkConduit> factory, HttpServerExchange exchange) { SecurityContext sc = exchange.getSecurityContext(); Account account = sc.getAuthenticatedAccount(); if (account != null) { try (SingleSignOn sso = singleSignOnManager.createSingleSignOn(account, sc.getMechanismName())) { Session session = getSession(exchange); registerSessionIfRequired(sso, session); exchange.getResponseCookies().put(cookieName, new CookieImpl(cookieName, sso.getId()).setHttpOnly(httpOnly).setSecure(secure).setDomain(domain).setPath(path)); } } return factory.create(); } }