@Override public StreamSinkConduit wrap(ConduitFactory<StreamSinkConduit> factory, HttpServerExchange exchange) { SecurityContext sc = exchange.getSecurityContext(); Account account = sc.getAuthenticatedAccount(); if (account != null) { try (SingleSignOn sso = singleSignOnManager.createSingleSignOn(account, sc.getMechanismName())) { Session session = getSession(exchange); registerSessionIfRequired(sso, session); exchange.getResponseCookies().put(cookieName, new CookieImpl(cookieName, sso.getId()).setHttpOnly(httpOnly).setSecure(secure).setDomain(domain).setPath(path)); } } return factory.create(); } }
@Override public void sessionDestroyed(Session session, HttpServerExchange exchange, SessionDestroyedReason reason) { String ssoId = (String) session.getAttribute(SSO_SESSION_ATTRIBUTE); if (ssoId != null) { if(log.isTraceEnabled()) { log.tracef("Removing SSO ID %s from destroyed session %s.", ssoId, session.getId()); } List<Session> sessionsToRemove = new LinkedList<>(); try (SingleSignOn sso = singleSignOnManager.findSingleSignOn(ssoId)) { if (sso != null) { sso.remove(session); if (reason == SessionDestroyedReason.INVALIDATED) { for (Session associatedSession : sso) { sso.remove(associatedSession); sessionsToRemove.add(associatedSession); } } // If there are no more associated sessions, remove the SSO altogether if (!sso.iterator().hasNext()) { singleSignOnManager.removeSingleSignOn(sso); } } } // Any consequential session invalidations will trigger this listener recursively, // so make sure we don't attempt to invalidate session until after the sso is removed. for (Session sessionToRemove : sessionsToRemove) { sessionToRemove.invalidate(null); } } }
@Override public void handleNotification(SecurityNotification notification) { if (notification.getEventType() == SecurityNotification.EventType.LOGGED_OUT) { singleSignOnManager.removeSingleSignOn(sso); } } });
final String ssoId = cookie.getValue(); log.tracef("Found SSO cookie %s", ssoId); try (SingleSignOn sso = this.singleSignOnManager.findSingleSignOn(ssoId)) { if (sso != null) { if(log.isTraceEnabled()) {
@Override public void handleNotification(SecurityNotification notification) { if (notification.getEventType() == SecurityNotification.EventType.LOGGED_OUT) { singleSignOnManager.removeSingleSignOn(sso); } } });
final String ssoId = cookie.getValue(); log.tracef("Found SSO cookie %s", ssoId); try (SingleSignOn sso = this.singleSignOnManager.findSingleSignOn(ssoId)) { if (sso != null) { if(log.isTraceEnabled()) {
@Override public void sessionDestroyed(Session session, HttpServerExchange exchange, SessionDestroyedReason reason) { String ssoId = (String) session.getAttribute(SSO_SESSION_ATTRIBUTE); if (ssoId != null) { if(log.isTraceEnabled()) { log.tracef("Removing SSO ID %s from destroyed session %s.", ssoId, session.getId()); } List<Session> sessionsToRemove = new LinkedList<>(); try (SingleSignOn sso = singleSignOnManager.findSingleSignOn(ssoId)) { if (sso != null) { sso.remove(session); if (reason == SessionDestroyedReason.INVALIDATED) { for (Session associatedSession : sso) { sso.remove(associatedSession); sessionsToRemove.add(associatedSession); } } // If there are no more associated sessions, remove the SSO altogether if (!sso.iterator().hasNext()) { singleSignOnManager.removeSingleSignOn(sso); } } } // Any consequential session invalidations will trigger this listener recursively, // so make sure we don't attempt to invalidate session until after the sso is removed. for (Session sessionToRemove : sessionsToRemove) { sessionToRemove.invalidate(null); } } }
@Override public void handleNotification(SecurityNotification notification) { if (notification.getEventType() == SecurityNotification.EventType.LOGGED_OUT) { singleSignOnManager.removeSingleSignOn(sso); } } });
@Override public StreamSinkConduit wrap(ConduitFactory<StreamSinkConduit> factory, HttpServerExchange exchange) { SecurityContext sc = exchange.getSecurityContext(); Account account = sc.getAuthenticatedAccount(); if (account != null) { try (SingleSignOn sso = singleSignOnManager.createSingleSignOn(account, sc.getMechanismName())) { Session session = getSession(exchange); registerSessionIfRequired(sso, session); exchange.getResponseCookies().put(cookieName, new CookieImpl(cookieName, sso.getId()).setHttpOnly(httpOnly).setSecure(secure).setDomain(domain).setPath(path)); } } return factory.create(); } }
final String ssoId = cookie.getValue(); log.tracef("Found SSO cookie %s", ssoId); try (SingleSignOn sso = this.singleSignOnManager.findSingleSignOn(ssoId)) { if (sso != null) { if(log.isTraceEnabled()) {
@Override public void sessionDestroyed(Session session, HttpServerExchange exchange, SessionDestroyedReason reason) { String ssoId = (String) session.getAttribute(SSO_SESSION_ATTRIBUTE); if (ssoId != null) { if(log.isTraceEnabled()) { log.tracef("Removing SSO ID %s from destroyed session %s.", ssoId, session.getId()); } List<Session> sessionsToRemove = new LinkedList<>(); try (SingleSignOn sso = singleSignOnManager.findSingleSignOn(ssoId)) { if (sso != null) { sso.remove(session); if (reason == SessionDestroyedReason.INVALIDATED) { for (Session associatedSession : sso) { sso.remove(associatedSession); sessionsToRemove.add(associatedSession); } } // If there are no more associated sessions, remove the SSO altogether if (!sso.iterator().hasNext()) { singleSignOnManager.removeSingleSignOn(sso); } } } // Any consequential session invalidations will trigger this listener recursively, // so make sure we don't attempt to invalidate session until after the sso is removed. for (Session sessionToRemove : sessionsToRemove) { sessionToRemove.invalidate(null); } } }
@Override public StreamSinkConduit wrap(ConduitFactory<StreamSinkConduit> factory, HttpServerExchange exchange) { SecurityContext sc = exchange.getSecurityContext(); Account account = sc.getAuthenticatedAccount(); if (account != null) { try (SingleSignOn sso = singleSignOnManager.createSingleSignOn(account, sc.getMechanismName())) { Session session = getSession(exchange); registerSessionIfRequired(sso, session); exchange.getResponseCookies().put(cookieName, new CookieImpl(cookieName, sso.getId()).setHttpOnly(httpOnly).setSecure(secure).setDomain(domain).setPath(path)); } } return factory.create(); } }