Java Code Examples for io.undertow.server.session.Session#getAttribute()

The following examples show how to use io.undertow.server.session.Session#getAttribute() . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: ServletFormAuthenticationMechanism.java    From quarkus-http with Apache License 2.0 6 votes vote down vote up
@Override
protected void handleRedirectBack(final HttpServerExchange exchange) {
    final ServletRequestContext servletRequestContext = exchange.getAttachment(ServletRequestContext.ATTACHMENT_KEY);
    HttpServletResponse resp = (HttpServletResponse) servletRequestContext.getServletResponse();
    HttpSessionImpl httpSession = servletRequestContext.getCurrentServletContext().getSession(exchange, false);
    if (httpSession != null) {
        Session session;
        if (System.getSecurityManager() == null) {
            session = httpSession.getSession();
        } else {
            session = AccessController.doPrivileged(new HttpSessionImpl.UnwrapSessionAction(httpSession));
        }
        String path = (String) session.getAttribute(SESSION_KEY);
        if (path != null) {
            try {
                resp.sendRedirect(path);
            } catch (IOException e) {
                throw new RuntimeException(e);
            }
        }
    }

}
 
Example 2
Source File: JsrWebSocketFilter.java    From quarkus-http with Apache License 2.0 6 votes vote down vote up
@Override
public void sessionDestroyed(HttpSessionEvent se) {
    HttpSessionImpl session = (HttpSessionImpl) se.getSession();
    final Session underlying;
    if (System.getSecurityManager() == null) {
        underlying = session.getSession();
    } else {
        underlying = AccessController.doPrivileged(new HttpSessionImpl.UnwrapSessionAction(session));
    }
    List<UndertowSession> connections = (List<UndertowSession>) underlying.getAttribute(SESSION_ATTRIBUTE);
    if (connections != null) {
        synchronized (underlying) {
            for (UndertowSession c : connections) {
                try {
                    c.close(new CloseReason(CloseReason.CloseCodes.VIOLATED_POLICY, ""));
                } catch (IOException e) {
                    UndertowLogger.REQUEST_IO_LOGGER.ioException(e);
                }
            }
        }
    }
}
 
Example 3
Source File: SingleSignOnAuthenticationMechanism.java    From quarkus-http with Apache License 2.0 6 votes vote down vote up
private void registerSessionIfRequired(SingleSignOn sso, Session session) {
    if (!sso.contains(session)) {
        if (log.isTraceEnabled()) {
            log.tracef("Session %s added to SSO %s", session.getId(), sso.getId());
        }
        sso.add(session);
    }
    if (session.getAttribute(SSO_SESSION_ATTRIBUTE) == null) {
        if (log.isTraceEnabled()) {
            log.tracef("SSO_SESSION_ATTRIBUTE not found. Creating it with SSO ID %s as value.", sso.getId());
        }
        session.setAttribute(SSO_SESSION_ATTRIBUTE, sso.getId());
    }
    SessionManager manager = session.getSessionManager();
    if (seenSessionManagers.add(manager)) {
        manager.registerSessionListener(listener);
    }
}
 
Example 4
Source File: SingleSignOnAuthenticationMechanism.java    From lams with GNU General Public License v2.0 6 votes vote down vote up
private void registerSessionIfRequired(SingleSignOn sso, Session session) {
    if (!sso.contains(session)) {
        if(log.isTraceEnabled()) {
            log.tracef("Session %s added to SSO %s", session.getId(), sso.getId());
        }
        sso.add(session);
    }
    if(session.getAttribute(SSO_SESSION_ATTRIBUTE) == null) {
        if(log.isTraceEnabled()) {
            log.tracef("SSO_SESSION_ATTRIBUTE not found. Creating it with SSO ID %s as value.", sso.getId());
        }
        session.setAttribute(SSO_SESSION_ATTRIBUTE, sso.getId());
    }
    SessionManager manager = session.getSessionManager();
    if (seenSessionManagers.add(manager)) {
        manager.registerSessionListener(listener);
    }
}
 
Example 5
Source File: ServletFormAuthenticationMechanism.java    From lams with GNU General Public License v2.0 6 votes vote down vote up
@Override
protected void handleRedirectBack(final HttpServerExchange exchange) {
    final ServletRequestContext servletRequestContext = exchange.getAttachment(ServletRequestContext.ATTACHMENT_KEY);
    HttpServletResponse resp = (HttpServletResponse) servletRequestContext.getServletResponse();
    HttpSessionImpl httpSession = servletRequestContext.getCurrentServletContext().getSession(exchange, false);
    if (httpSession != null) {
        Session session;
        if (System.getSecurityManager() == null) {
            session = httpSession.getSession();
        } else {
            session = AccessController.doPrivileged(new HttpSessionImpl.UnwrapSessionAction(httpSession));
        }
        String path = (String) session.getAttribute(SESSION_KEY);
        if (path != null) {
            try {
                resp.sendRedirect(path);
            } catch (IOException e) {
                throw new RuntimeException(e);
            }
        }
    }

}
 
Example 6
Source File: IdMapperUpdaterSessionListener.java    From keycloak with Apache License 2.0 5 votes vote down vote up
@Override
public void sessionIdChanged(Session session, String oldSessionId) {
    Object value = session.getAttribute(SamlSession.class.getName());
    if (value != null) {
        unmap(oldSessionId, value);
        map(session.getId(), value);
    }
}
 
Example 7
Source File: ServletFormAuthenticationMechanism.java    From quarkus-http with Apache License 2.0 5 votes vote down vote up
@Override
public void sessionIdChanged(Session session, String oldSessionId) {
    String oldLocation = (String)session.getAttribute(SESSION_KEY);
    if(oldLocation != null) {
        //todo: in theory this could break if there are multiple path parameters
        //but this is such an edge case this is probably fine
        String oldPart = ";jsessionid=" + oldSessionId;
        if (oldLocation.contains(oldPart)) {
            session.setAttribute(ServletFormAuthenticationMechanism.SESSION_KEY, oldLocation.replace(oldPart, ";jsessionid=" + session.getId()));
        }
    }
}
 
Example 8
Source File: SsoCacheSessionIdMapperUpdater.java    From keycloak with Apache License 2.0 5 votes vote down vote up
@Override
public void sessionIdChanged(Session session, String oldSessionId) {
    this.httpSessionToSsoCache.remove(oldSessionId);
    Object value = session.getAttribute(SamlSession.class.getName());
    if (value instanceof SamlSession) {
        SamlSession sess = (SamlSession) value;
        httpSessionToSsoCache.put(session.getId(), new String[] {sess.getSessionIndex(), sess.getPrincipal().getSamlSubject()});
    }
}
 
Example 9
Source File: UndertowSessionTokenStore.java    From keycloak with Apache License 2.0 5 votes vote down vote up
@Override
public void logout() {
    Session session = Sessions.getSession(exchange);
    if (session == null) return;
    KeycloakUndertowAccount account = (KeycloakUndertowAccount)session.getAttribute(KeycloakUndertowAccount.class.getName());
    if (account == null) return;
    session.removeAttribute(KeycloakUndertowAccount.class.getName());
    session.removeAttribute(KeycloakSecurityContext.class.getName());
}
 
Example 10
Source File: UndertowSessionTokenStore.java    From keycloak with Apache License 2.0 5 votes vote down vote up
@Override
public boolean isCached(RequestAuthenticator authenticator) {
    Session session = Sessions.getSession(exchange);
    if (session == null) {
        log.debug("session was null, returning null");
        return false;
    }
    KeycloakUndertowAccount account = (KeycloakUndertowAccount)session.getAttribute(KeycloakUndertowAccount.class.getName());
    if (account == null) {
        log.debug("Account was not in session, returning null");
        return false;
    }

    if (!deployment.getRealm().equals(account.getKeycloakSecurityContext().getRealm())) {
        log.debug("Account in session belongs to a different realm than for this request.");
        return false;
    }

    account.setCurrentRequestInfo(deployment, this);
    if (account.checkActive()) {
        log.debug("Cached account found");
        securityContext.authenticationComplete(account, "KEYCLOAK", false);
        ((AbstractUndertowRequestAuthenticator)authenticator).propagateKeycloakContext(account);
        return true;
    } else {
        log.debug("Account was not active, returning false");
        session.removeAttribute(KeycloakUndertowAccount.class.getName());
        session.removeAttribute(KeycloakSecurityContext.class.getName());
        session.invalidate(exchange);
        return false;
    }
}
 
Example 11
Source File: SessionRestoringHandler.java    From lams with GNU General Public License v2.0 5 votes vote down vote up
public void stop() {
    ClassLoader old = getTccl();
    try {
        setTccl(servletContext.getClassLoader());
        this.started = false;
        final Map<String, SessionPersistenceManager.PersistentSession> objectData = new HashMap<>();
        for (String sessionId : sessionManager.getTransientSessions()) {
            Session session = sessionManager.getSession(sessionId);
            if (session != null) {
                final HttpSessionEvent event = new HttpSessionEvent(SecurityActions.forSession(session, servletContext, false));
                final Map<String, Object> sessionData = new HashMap<>();
                for (String attr : session.getAttributeNames()) {
                    final Object attribute = session.getAttribute(attr);
                    sessionData.put(attr, attribute);
                    if (attribute instanceof HttpSessionActivationListener) {
                        ((HttpSessionActivationListener) attribute).sessionWillPassivate(event);
                    }
                }
                objectData.put(sessionId, new PersistentSession(new Date(session.getLastAccessedTime() + (session.getMaxInactiveInterval() * 1000)), sessionData));
            }
        }
        sessionPersistenceManager.persistSessions(deploymentName, objectData);
        this.data.clear();
    } finally {
        setTccl(old);
    }
}
 
Example 12
Source File: CachedAuthenticatedSessionHandler.java    From lams with GNU General Public License v2.0 5 votes vote down vote up
@Override
public AuthenticatedSession lookupSession(HttpServerExchange exchange) {
    HttpSessionImpl httpSession = servletContext.getSession(exchange, false);
    if (httpSession != null) {
        Session session = underlyingSession(httpSession);
        return (AuthenticatedSession) session.getAttribute(ATTRIBUTE_NAME);
    }
    return null;
}
 
Example 13
Source File: ServletFormAuthenticationMechanism.java    From lams with GNU General Public License v2.0 5 votes vote down vote up
@Override
public void sessionIdChanged(Session session, String oldSessionId) {
    String oldLocation = (String)session.getAttribute(SESSION_KEY);
    if(oldLocation != null) {
        //todo: in theory this could break if there are multiple path parameters
        //but this is such an edge case this is probably fine
        String oldPart = ";jsessionid=" + oldSessionId;
        if (oldLocation.contains(oldPart)) {
            session.setAttribute(ServletFormAuthenticationMechanism.SESSION_KEY, oldLocation.replace(oldPart, ";jsessionid=" + session.getId()));
        }
    }
}
 
Example 14
Source File: SingleSignOnAuthenticationMechanism.java    From lams with GNU General Public License v2.0 5 votes vote down vote up
@Override
public void sessionDestroyed(Session session, HttpServerExchange exchange, SessionDestroyedReason reason) {
    String ssoId = (String) session.getAttribute(SSO_SESSION_ATTRIBUTE);
    if (ssoId != null) {
        if(log.isTraceEnabled()) {
            log.tracef("Removing SSO ID %s from destroyed session %s.", ssoId, session.getId());
        }
        List<Session> sessionsToRemove = new LinkedList<>();
        try (SingleSignOn sso = singleSignOnManager.findSingleSignOn(ssoId)) {
            if (sso != null) {
                sso.remove(session);
                if (reason == SessionDestroyedReason.INVALIDATED) {
                    for (Session associatedSession : sso) {
                        sso.remove(associatedSession);
                        sessionsToRemove.add(associatedSession);
                    }
                }
                // If there are no more associated sessions, remove the SSO altogether
                if (!sso.iterator().hasNext()) {
                    singleSignOnManager.removeSingleSignOn(sso);
                }
            }
        }
        // Any consequential session invalidations will trigger this listener recursively,
        // so make sure we don't attempt to invalidate session until after the sso is removed.
        for (Session sessionToRemove : sessionsToRemove) {
            sessionToRemove.invalidate(null);
        }
    }
}
 
Example 15
Source File: CachedAuthenticatedSessionHandler.java    From lams with GNU General Public License v2.0 5 votes vote down vote up
@Override
public AuthenticatedSession lookupSession(HttpServerExchange exchange) {

    SessionManager sessionManager = exchange.getAttachment(SessionManager.ATTACHMENT_KEY);
    SessionConfig sessionConfig = exchange.getAttachment(SessionConfig.ATTACHMENT_KEY);
    if (sessionManager == null || sessionConfig == null) {
        return null;
    }
    Session httpSession = sessionManager.getSession(exchange, sessionConfig);
    if (httpSession != null) {
        return (AuthenticatedSession) httpSession.getAttribute(ATTRIBUTE_NAME);
    }
    return null;
}
 
Example 16
Source File: SingleSignOnAuthenticationMechanism.java    From quarkus-http with Apache License 2.0 5 votes vote down vote up
@Override
public void sessionDestroyed(Session session, HttpServerExchange exchange, SessionDestroyedReason reason) {
    String ssoId = (String) session.getAttribute(SSO_SESSION_ATTRIBUTE);
    if (ssoId != null) {
        if (log.isTraceEnabled()) {
            log.tracef("Removing SSO ID %s from destroyed session %s.", ssoId, session.getId());
        }
        List<Session> sessionsToRemove = new LinkedList<>();
        try (SingleSignOn sso = singleSignOnManager.findSingleSignOn(ssoId)) {
            if (sso != null) {
                sso.remove(session);
                if (reason == SessionDestroyedReason.INVALIDATED) {
                    for (Session associatedSession : sso) {
                        sso.remove(associatedSession);
                        sessionsToRemove.add(associatedSession);
                    }
                }
                // If there are no more associated sessions, remove the SSO altogether
                if (!sso.iterator().hasNext()) {
                    singleSignOnManager.removeSingleSignOn(sso);
                }
            }
        }
        // Any consequential session invalidations will trigger this listener recursively,
        // so make sure we don't attempt to invalidate session until after the sso is removed.
        for (Session sessionToRemove : sessionsToRemove) {
            sessionToRemove.invalidate(null);
        }
    }
}
 
Example 17
Source File: CachedAuthenticatedSessionHandler.java    From quarkus-http with Apache License 2.0 5 votes vote down vote up
@Override
public AuthenticatedSession lookupSession(HttpServerExchange exchange) {

    SessionManager sessionManager = exchange.getAttachment(SessionManager.ATTACHMENT_KEY);
    SessionConfig sessionConfig = exchange.getAttachment(SessionConfig.ATTACHMENT_KEY);
    if (sessionManager == null || sessionConfig == null) {
        return null;
    }
    Session httpSession = sessionManager.getSession(exchange, sessionConfig);
    if (httpSession != null) {
        return (AuthenticatedSession) httpSession.getAttribute(ATTRIBUTE_NAME);
    }
    return null;
}
 
Example 18
Source File: SessionRestoringHandler.java    From quarkus-http with Apache License 2.0 5 votes vote down vote up
public void stop() {
    ClassLoader old = getTccl();
    try {
        setTccl(servletContext.getClassLoader());
        this.started = false;
        final Map<String, SessionPersistenceManager.PersistentSession> objectData = new HashMap<>();
        for (String sessionId : sessionManager.getTransientSessions()) {
            Session session = sessionManager.getSession(sessionId);
            if (session != null) {
                final HttpSessionEvent event = new HttpSessionEvent(SecurityActions.forSession(session, servletContext, false));
                final Map<String, Object> sessionData = new HashMap<>();
                for (String attr : session.getAttributeNames()) {
                    final Object attribute = session.getAttribute(attr);
                    sessionData.put(attr, attribute);
                    if (attribute instanceof HttpSessionActivationListener) {
                        ((HttpSessionActivationListener) attribute).sessionWillPassivate(event);
                    }
                }
                objectData.put(sessionId, new PersistentSession(new Date(session.getLastAccessedTime() + (session.getMaxInactiveInterval() * 1000)), sessionData));
            }
        }
        sessionPersistenceManager.persistSessions(deploymentName, objectData);
        this.data.clear();
    } finally {
        setTccl(old);
    }
}
 
Example 19
Source File: CachedAuthenticatedSessionHandler.java    From quarkus-http with Apache License 2.0 5 votes vote down vote up
@Override
public AuthenticatedSession lookupSession(HttpServerExchange exchange) {
    HttpSessionImpl httpSession = servletContext.getSession(exchange, false);
    if (httpSession != null) {
        Session session = underlyingSession(httpSession);
        return (AuthenticatedSession) session.getAttribute(ATTRIBUTE_NAME);
    }
    return null;
}
 
Example 20
Source File: IdMapperUpdaterSessionListener.java    From keycloak with Apache License 2.0 4 votes vote down vote up
@Override
public void sessionCreated(Session session, HttpServerExchange exchange) {
    Object value = session.getAttribute(SamlSession.class.getName());
    map(session.getId(), value);
}