public void remove(Session session, boolean update) { // super.remove(session); // Remove the session from the region if necessary. // It will have already been removed if it expired implicitly. DeltaSessionInterface ds = (DeltaSessionInterface) session; if (ds.getExpired()) { if (getLogger().isDebugEnabled()) { getLogger().debug(this + ": Expired session " + session.getId() + " from " + getSessionCache().getOperatingRegionName()); } } else { if (getLogger().isDebugEnabled()) { getLogger().debug(this + ": Destroying session " + session.getId() + " from " + getSessionCache().getOperatingRegionName()); } getSessionCache().destroySession(session.getId()); if (getLogger().isDebugEnabled()) { getLogger().debug(this + ": Destroyed session " + session.getId() + " from " + getSessionCache().getOperatingRegionName()); } } }
@Override public void remove(Session session, boolean update) { super.remove(session, update); if (session.getIdInternal() != null) { ((RedissonSession)session).delete(); } }
@Override public void invoke(Request request, Response response) throws IOException, ServletException { String sessionId = request.getRequestedSessionId(); Session session = request.getContext().getManager().findSession(sessionId); if (session != null) { if (!session.isValid()) { session.expire(); request.getContext().getManager().remove(session); } else { manager.add(session); session.access(); session.endAccess(); } } try { getNext().invoke(request, response); } finally { manager.store(request.getSession(false)); } }
/** * Changes the session ID of the session associated with this request. * * @return the old session ID before it was changed * @see javax.servlet.http.HttpSessionIdListener * @since Servlet 3.1 */ @Override public String changeSessionId() { Session session = this.getSessionInternal(false); if (session == null) { throw new IllegalStateException( sm.getString("coyoteRequest.changeSessionId")); } Manager manager = this.getContext().getManager(); manager.changeSessionId(session); String newSessionId = session.getId(); this.changeSessionId(newSessionId); return newSessionId; }
/** * Save the specified Session into this Store. Any previously saved * information for the associated session identifier is replaced. * * @param session Session to be saved * * @exception IOException if an input/output error occurs */ @Override public void save(Session session) throws IOException { // Open an output stream to the specified pathname, if any File file = file(session.getIdInternal()); if (file == null) { return; } if (manager.getContext().getLogger().isDebugEnabled()) { manager.getContext().getLogger().debug(sm.getString(getStoreName() + ".saving", session.getIdInternal(), file.getAbsolutePath())); } try (FileOutputStream fos = new FileOutputStream(file.getAbsolutePath()); ObjectOutputStream oos = new ObjectOutputStream(new BufferedOutputStream(fos))) { ((StandardSession)session).writeObjectData(oos); } }
protected void saveRequest(Request request, String contextId) throws IOException { String uri = request.getDecodedRequestURI(); Session session = request.getSessionInternal(true); if (session != null) { LOG.debug("Save request in session '{}'", session.getIdInternal()); } if (session != null && uri != null) { SavedRequest saved; synchronized (session) { super.saveRequest(request, session); saved = (SavedRequest) session.getNote(Constants.FORM_REQUEST_NOTE); } session.setNote(SESSION_SAVED_REQUEST_PREFIX + uri, saved); StringBuilder sb = new StringBuilder(saved.getRequestURI()); if (saved.getQueryString() != null) { sb.append('?'); sb.append(saved.getQueryString()); } session.setNote(SESSION_SAVED_URI_PREFIX + contextId, sb.toString()); } }
/* */ public String encodeRedirectURL(String url) /* */ { /* 1080 */ if (isEncodeable(toAbsolute(url))) { /* 1081 */ return toEncoded(url, this.request.getSessionInternal().getIdInternal()); /* */ } /* 1083 */ return url; /* */ } /* */
@Override public void saveAccount(SamlSession account) { Session session = request.getSessionInternal(true); session.getSession().setAttribute(SamlSession.class.getName(), account); GenericPrincipal principal = (GenericPrincipal) session.getPrincipal(); // in clustered environment in JBossWeb, principal is not serialized or saved if (principal == null) { principal = principalFactory.createPrincipal(request.getContext().getRealm(), account.getPrincipal(), account.getRoles()); session.setPrincipal(principal); session.setAuthType("KEYCLOAK-SAML"); } request.setUserPrincipal(principal); request.setAuthType("KEYCLOAK-SAML"); String newId = changeSessionId(session); idMapperUpdater.map(idMapper, account.getSessionIndex(), account.getPrincipal().getSamlSubject(), newId); }
private void expire(SingleSignOnSessionKey key) { if (engine == null) { containerLog.warn(sm.getString("singleSignOn.sessionExpire.engineNull", key)); return; containerLog.warn(sm.getString("singleSignOn.sessionExpire.hostNotFound", key)); return; containerLog.warn(sm.getString("singleSignOn.sessionExpire.contextNotFound", key)); return; Manager manager = context.getManager(); if (manager == null) { containerLog.warn(sm.getString("singleSignOn.sessionExpire.managerNotFound", key)); session = manager.findSession(key.getSessionId()); } catch (IOException e) { containerLog.warn(sm.getString("singleSignOn.sessionExpire.managerError", key), e); return; session.expire();
protected boolean restoreRequest(Request request) throws IOException { Session session = request.getSessionInternal(false); String uri = request.getDecodedRequestURI(); if (session != null && uri != null) { SavedRequest saved = (SavedRequest)session.getNote(SESSION_SAVED_REQUEST_PREFIX + uri); if (saved != null) { session.removeNote(SESSION_SAVED_REQUEST_PREFIX + uri); // cleanup session synchronized (session) { session.setNote(Constants.FORM_REQUEST_NOTE, saved); return super.restoreRequest(request, session); } } } return false; }
/** * Does this request match the saved one (so that it must be the redirect * we signalled after successful authentication? * * @param request The request to be verified */ protected boolean matchRequest(Request request) { // Has a session been created? Session session = request.getSessionInternal(false); if (session == null) return (false); // Is there a saved request? SavedRequest sreq = (SavedRequest) session.getNote(Constants.FORM_REQUEST_NOTE); if (sreq == null) return (false); // Is there a saved principal? if (session.getNote(Constants.FORM_PRINCIPAL_NOTE) == null) return (false); // Does the request URI match? String requestURI = request.getRequestURI(); if (requestURI == null) return (false); return (requestURI.equals(sreq.getRequestURI())); }
@Override public void saveAccountInfo(OidcKeycloakAccount account) { RefreshableKeycloakSecurityContext securityContext = (RefreshableKeycloakSecurityContext) account.getKeycloakSecurityContext(); Set<String> roles = account.getRoles(); GenericPrincipal principal = principalFactory.createPrincipal(request.getContext().getRealm(), account.getPrincipal(), roles); SerializableKeycloakAccount sAccount = new SerializableKeycloakAccount(roles, account.getPrincipal(), securityContext); Session session = request.getSessionInternal(true); session.setPrincipal(principal); session.setAuthType("KEYCLOAK"); session.getSession().setAttribute(SerializableKeycloakAccount.class.getName(), sAccount); session.getSession().setAttribute(KeycloakSecurityContext.class.getName(), account.getKeycloakSecurityContext()); String username = securityContext.getToken().getSubject(); log.fine("userSessionManagement.login: " + username); this.sessionManagement.login(session); }
/** * For debugging. * * @param sessionId The ID for the session of interest * @param key The key for the attribute to obtain * * @return The attribute value for the specified session, if found, null * otherwise */ public String getSessionAttribute( String sessionId, String key ) { Session s = sessions.get(sessionId); if (s == null) { if (log.isInfoEnabled()) { log.info(sm.getString("managerBase.sessionNotFound", sessionId)); } return null; } Object o=s.getSession().getAttribute(key); if( o==null ) return null; return o.toString(); }
private boolean dealWithFacebookPrincipal(Request request, Response response, Principal principal) throws IOException { String userName = principal.getName(); request.getSessionInternal().setNote(Constants.SESS_USERNAME_NOTE, userName); request.getSessionInternal().setNote(Constants.SESS_PASSWORD_NOTE, ""); request.setUserPrincipal(principal); if (saveRestoreRequest) { this.restoreRequest(request, request.getSessionInternal()); } registerWithAuthenticatorBase(request, response, principal, userName); request.getSession().setAttribute("STATE", STATES.FINISH.name()); return true; }
public SingleSignOnSessionKey(Session session) { this.sessionId = session.getId(); Context context = session.getManager().getContext(); this.contextName = context.getName(); this.hostName = context.getParent().getName(); }
/** * Does this request match the saved one (so that it must be the redirect * we signalled after successful authentication? * * @param request The request to be verified */ protected boolean matchRequest(Request request) { // Has a session been created? Session session = request.getSessionInternal(false); if (session == null) return (false); // Is there a saved request? SavedRequest sreq = (SavedRequest) session.getNote(Constants.FORM_REQUEST_NOTE); if (sreq == null) return (false); // Is there a saved principal? if (session.getNote(Constants.FORM_PRINCIPAL_NOTE) == null) return (false); // Does the request URI match? String decodedRequestURI = request.getDecodedRequestURI(); if (decodedRequestURI == null) return (false); return (decodedRequestURI.equals(sreq.getDecodedRequestURI())); }
public Principal login(Object credentials, String charset) throws SecurityServiceException { String[] decoded = decodeBase64Credentials(credentials, charset); HttpGraniteContext context = (HttpGraniteContext)GraniteContext.getCurrentInstance(); HttpServletRequest httpRequest = context.getRequest(); Realm realm = getRealm(httpRequest); Principal principal = realm.authenticate(decoded[0], decoded[1]); if (principal == null) throw SecurityServiceException.newInvalidCredentialsException("Wrong username or password"); Request request = getRequest(httpRequest); request.setAuthType(AUTH_TYPE); request.setUserPrincipal(principal); Session session = request.getSessionInternal(true); session.setAuthType(AUTH_TYPE); session.setPrincipal(principal); session.setNote(Constants.SESS_USERNAME_NOTE, decoded[0]); session.setNote(Constants.SESS_PASSWORD_NOTE, decoded[1]); endLogin(credentials, charset); return principal; }
public void logout() throws SecurityServiceException { HttpGraniteContext context = (HttpGraniteContext)GraniteContext.getCurrentInstance(); Session session = getSession(context.getRequest(), false); if (session != null && session.getPrincipal() != null) { session.setAuthType(null); session.setPrincipal(null); session.removeNote(Constants.SESS_USERNAME_NOTE); session.removeNote(Constants.SESS_PASSWORD_NOTE); endLogout(); session.expire(); } }
if (session != null && session.isValid()) { sbean = new ApplicationSession(); sbean.setId(session.getId()); sbean.setCreationTime(new Date(session.getCreationTime())); sbean.setLastAccessTime(new Date(session.getLastAccessedTime())); sbean.setMaxIdleTime(session.getMaxInactiveInterval() * 1000); sbean.setManagerType(session.getManager().getClass().getName()); long size = 0; HttpSession httpSession = session.getSession(); Set<Object> processedObjects = new HashSet<>(1000);
if (store == null || !session.isValid()) { return; throw (IOException) exception; log.error(sm.getString("persistentManager.serializeError", session.getIdInternal(), exception)); log.error(sm.getString("persistentManager.serializeError", session.getIdInternal(), e)); throw e;