io.undertow.server.session.SessionManager Java Examples
The following examples show how to use
io.undertow.server.session.SessionManager.
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
| Source File: CachedAuthenticatedSessionHandler.java From lams with GNU General Public License v2.0 | 6 votes |
|
@Override
public void handleRequest(HttpServerExchange exchange) throws Exception {
SecurityContext securityContext = exchange.getSecurityContext();
securityContext.registerNotificationReceiver(NOTIFICATION_RECEIVER);
SessionManager sessionManager = exchange.getAttachment(SessionManager.ATTACHMENT_KEY);
SessionConfig sessionConfig = exchange.getAttachment(SessionConfig.ATTACHMENT_KEY);
if (sessionManager == null || sessionConfig == null) {
next.handleRequest(exchange);
return;
}
Session session = sessionManager.getSession(exchange, sessionConfig);
// If there was no existing HttpSession then there could not be a cached AuthenticatedSession so don't bother setting
// the AuthenticatedSessionManager.
if (session != null) {
exchange.putAttachment(AuthenticatedSessionManager.ATTACHMENT_KEY, SESSION_MANAGER);
}
next.handleRequest(exchange);
}
Example #2
| Source File: ServletFormAuthenticationMechanism.java From quarkus-http with Apache License 2.0 | 6 votes |
|
/**
* This method doesn't save content of request but instead uses data from parameter.
* This should be used in case that data from request was already read and therefore it is not possible to save them.
*
* @param exchange
* @param bytes
* @param contentLength
*/
protected void storeInitialLocation(final HttpServerExchange exchange, byte[] bytes, int contentLength) {
if(!saveOriginalRequest) {
return;
}
final ServletRequestContext servletRequestContext = exchange.getAttachment(ServletRequestContext.ATTACHMENT_KEY);
HttpSessionImpl httpSession = servletRequestContext.getCurrentServletContext().getSession(exchange, true);
Session session;
if (System.getSecurityManager() == null) {
session = httpSession.getSession();
} else {
session = AccessController.doPrivileged(new HttpSessionImpl.UnwrapSessionAction(httpSession));
}
SessionManager manager = session.getSessionManager();
if (seenSessionManagers.add(manager)) {
manager.registerSessionListener(LISTENER);
}
session.setAttribute(SESSION_KEY, RedirectBuilder.redirect(exchange, exchange.getRelativePath()));
if(bytes == null) {
SavedRequest.trySaveRequest(exchange);
} else {
SavedRequest.trySaveRequest(exchange, bytes, contentLength);
}
}
Example #3
| Source File: ServletFormAuthenticationMechanism.java From lams with GNU General Public License v2.0 | 6 votes |
|
/**
* This method doesn't save content of request but instead uses data from parameter.
* This should be used in case that data from request was already read and therefore it is not possible to save them.
*
* @param exchange
* @param bytes
* @param contentLength
*/
protected void storeInitialLocation(final HttpServerExchange exchange, byte[] bytes, int contentLength) {
if(!saveOriginalRequest) {
return;
}
final ServletRequestContext servletRequestContext = exchange.getAttachment(ServletRequestContext.ATTACHMENT_KEY);
HttpSessionImpl httpSession = servletRequestContext.getCurrentServletContext().getSession(exchange, true);
Session session;
if (System.getSecurityManager() == null) {
session = httpSession.getSession();
} else {
session = AccessController.doPrivileged(new HttpSessionImpl.UnwrapSessionAction(httpSession));
}
SessionManager manager = session.getSessionManager();
if (seenSessionManagers.add(manager)) {
manager.registerSessionListener(LISTENER);
}
session.setAttribute(SESSION_KEY, RedirectBuilder.redirect(exchange, exchange.getRelativePath()));
if(bytes == null) {
SavedRequest.trySaveRequest(exchange);
} else {
SavedRequest.trySaveRequest(exchange, bytes, contentLength);
}
}
Example #4
| Source File: SingleSignOnAuthenticationMechanism.java From quarkus-http with Apache License 2.0 | 6 votes |
|
private void registerSessionIfRequired(SingleSignOn sso, Session session) {
if (!sso.contains(session)) {
if (log.isTraceEnabled()) {
log.tracef("Session %s added to SSO %s", session.getId(), sso.getId());
}
sso.add(session);
}
if (session.getAttribute(SSO_SESSION_ATTRIBUTE) == null) {
if (log.isTraceEnabled()) {
log.tracef("SSO_SESSION_ATTRIBUTE not found. Creating it with SSO ID %s as value.", sso.getId());
}
session.setAttribute(SSO_SESSION_ATTRIBUTE, sso.getId());
}
SessionManager manager = session.getSessionManager();
if (seenSessionManagers.add(manager)) {
manager.registerSessionListener(listener);
}
}
Example #5
| Source File: CachedAuthenticatedSessionHandler.java From quarkus-http with Apache License 2.0 | 6 votes |
|
@Override
public void handleRequest(HttpServerExchange exchange) throws Exception {
SecurityContext securityContext = exchange.getSecurityContext();
securityContext.registerNotificationReceiver(NOTIFICATION_RECEIVER);
SessionManager sessionManager = exchange.getAttachment(SessionManager.ATTACHMENT_KEY);
SessionConfig sessionConfig = exchange.getAttachment(SessionConfig.ATTACHMENT_KEY);
if (sessionManager == null || sessionConfig == null) {
next.handleRequest(exchange);
return;
}
Session session = sessionManager.getSession(exchange, sessionConfig);
// If there was no existing HttpSession then there could not be a cached AuthenticatedSession so don't bother setting
// the AuthenticatedSessionManager.
if (session != null) {
exchange.putAttachment(AuthenticatedSessionManager.ATTACHMENT_KEY, SESSION_MANAGER);
}
next.handleRequest(exchange);
}
Example #6
| Source File: SingleSignOnAuthenticationMechanism.java From lams with GNU General Public License v2.0 | 6 votes |
|
private void registerSessionIfRequired(SingleSignOn sso, Session session) {
if (!sso.contains(session)) {
if(log.isTraceEnabled()) {
log.tracef("Session %s added to SSO %s", session.getId(), sso.getId());
}
sso.add(session);
}
if(session.getAttribute(SSO_SESSION_ATTRIBUTE) == null) {
if(log.isTraceEnabled()) {
log.tracef("SSO_SESSION_ATTRIBUTE not found. Creating it with SSO ID %s as value.", sso.getId());
}
session.setAttribute(SSO_SESSION_ATTRIBUTE, sso.getId());
}
SessionManager manager = session.getSessionManager();
if (seenSessionManagers.add(manager)) {
manager.registerSessionListener(listener);
}
}
Example #7
| Source File: Sessions.java From lams with GNU General Public License v2.0 | 5 votes |
|
private static Session getSession(final HttpServerExchange exchange, boolean create) {
SessionManager sessionManager = exchange.getAttachment(SessionManager.ATTACHMENT_KEY);
SessionConfig sessionConfig = exchange.getAttachment(SessionConfig.ATTACHMENT_KEY);
if(sessionManager == null) {
throw UndertowMessages.MESSAGES.sessionManagerNotFound();
}
Session session = sessionManager.getSession(exchange, sessionConfig);
if(session == null && create) {
session = sessionManager.createSession(exchange, sessionConfig);
}
return session;
}
Example #8
| Source File: URLRewritingSessionTestCase.java From quarkus-http with Apache License 2.0 | 5 votes |
|
@BeforeClass
public static void setup() {
final PathParameterSessionConfig sessionConfig = new PathParameterSessionConfig();
final SessionAttachmentHandler handler = new SessionAttachmentHandler(new InMemorySessionManager(""), sessionConfig);
handler.setNext(new HttpHandler() {
@Override
public void handleRequest(final HttpServerExchange exchange) throws Exception {
final SessionManager manager = exchange.getAttachment(SessionManager.ATTACHMENT_KEY);
Session session = manager.getSession(exchange, sessionConfig);
if (session == null) {
session = manager.createSession(exchange, sessionConfig);
session.setAttribute(COUNT, 0);
} else {
Assert.assertEquals("/notamatchingpath;jsessionid=" + session.getId(), exchange.getRequestURI());
}
Integer count = (Integer) session.getAttribute(COUNT);
exchange.addResponseHeader(COUNT, count.toString());
session.setAttribute(COUNT, ++count);
for (Map.Entry<String, Deque<String>> qp : exchange.getQueryParameters().entrySet()) {
exchange.addResponseHeader(qp.getKey(), qp.getValue().getFirst());
}
if (exchange.getQueryString().isEmpty()) {
exchange.writeAsync(sessionConfig.rewriteUrl(DefaultServer.getDefaultServerURL() + "/notamatchingpath", session.getId()));
} else {
exchange.writeAsync(sessionConfig.rewriteUrl(DefaultServer.getDefaultServerURL() + "/notamatchingpath?" + exchange.getQueryString(), session.getId()));
}
}
});
DefaultServer.setRootHandler(handler);
}
Example #9
| Source File: CachedAuthenticatedSessionHandler.java From lams with GNU General Public License v2.0 | 5 votes |
|
@Override
public void handleNotification(SecurityNotification notification) {
EventType eventType = notification.getEventType();
HttpServerExchange exchange = notification.getExchange();
SessionManager sessionManager = exchange.getAttachment(SessionManager.ATTACHMENT_KEY);
SessionConfig sessionConfig = exchange.getAttachment(SessionConfig.ATTACHMENT_KEY);
if (sessionManager == null || sessionConfig == null) {
return;
}
Session httpSession = sessionManager.getSession(exchange, sessionConfig);
switch (eventType) {
case AUTHENTICATED:
if (isCacheable(notification)) {
if (httpSession == null) {
httpSession = sessionManager.createSession(exchange, sessionConfig);
}
// It is normal for this notification to be received when using a previously cached session - in that
// case the IDM would have been given an opportunity to re-load the Account so updating here ready for
// the next request is desired.
httpSession.setAttribute(ATTRIBUTE_NAME,
new AuthenticatedSession(notification.getAccount(), notification.getMechanism()));
}
break;
case LOGGED_OUT:
if (httpSession != null) {
httpSession.removeAttribute(ATTRIBUTE_NAME);
httpSession.removeAttribute(NO_ID_CHANGE_REQUIRED);
}
break;
}
}
Example #10
| Source File: CachedAuthenticatedSessionHandler.java From lams with GNU General Public License v2.0 | 5 votes |
|
@Override
public AuthenticatedSession lookupSession(HttpServerExchange exchange) {
SessionManager sessionManager = exchange.getAttachment(SessionManager.ATTACHMENT_KEY);
SessionConfig sessionConfig = exchange.getAttachment(SessionConfig.ATTACHMENT_KEY);
if (sessionManager == null || sessionConfig == null) {
return null;
}
Session httpSession = sessionManager.getSession(exchange, sessionConfig);
if (httpSession != null) {
return (AuthenticatedSession) httpSession.getAttribute(ATTRIBUTE_NAME);
}
return null;
}
Example #11
| Source File: CachedAuthenticatedSessionHandler.java From lams with GNU General Public License v2.0 | 5 votes |
|
@Override
public void clearSession(HttpServerExchange exchange) {
SessionManager sessionManager = exchange.getAttachment(SessionManager.ATTACHMENT_KEY);
SessionConfig sessionConfig = exchange.getAttachment(SessionConfig.ATTACHMENT_KEY);
if (sessionManager == null || sessionConfig == null) {
return;
}
Session httpSession = sessionManager.getSession(exchange, sessionConfig);
if (httpSession != null) {
httpSession.removeAttribute(ATTRIBUTE_NAME);
}
}
Example #12
| Source File: LearningPushHandler.java From quarkus-http with Apache License 2.0 | 5 votes |
|
protected Session getSession(HttpServerExchange exchange) {
SessionConfig sc = exchange.getAttachment(SessionConfig.ATTACHMENT_KEY);
SessionManager sm = exchange.getAttachment(SessionManager.ATTACHMENT_KEY);
if (sc == null || sm == null) {
return null;
}
Session session = sm.getSession(exchange, sc);
if (session == null) {
return sm.createSession(exchange, sc);
}
return session;
}
Example #13
| Source File: AsyncWebSocketHttpServerExchange.java From lams with GNU General Public License v2.0 | 5 votes |
|
@Override
public Object getSession() {
SessionManager sm = exchange.getAttachment(SessionManager.ATTACHMENT_KEY);
SessionConfig sessionCookieConfig = exchange.getAttachment(SessionConfig.ATTACHMENT_KEY);
if(sm != null && sessionCookieConfig != null) {
return sm.getSession(exchange, sessionCookieConfig);
}
return null;
}
Example #14
| Source File: LearningPushHandler.java From lams with GNU General Public License v2.0 | 5 votes |
|
protected Session getSession(HttpServerExchange exchange) {
SessionConfig sc = exchange.getAttachment(SessionConfig.ATTACHMENT_KEY);
SessionManager sm = exchange.getAttachment(SessionManager.ATTACHMENT_KEY);
if (sc == null || sm == null) {
return null;
}
Session session = sm.getSession(exchange, sc);
if (session == null) {
return sm.createSession(exchange, sc);
}
return session;
}
Example #15
| Source File: ServletContextImpl.java From lams with GNU General Public License v2.0 | 5 votes |
|
/**
* Gets the session with the specified ID if it exists
*
* @param sessionId The session ID
* @return The session
*/
public HttpSessionImpl getSession(final String sessionId) {
final SessionManager sessionManager = deployment.getSessionManager();
Session session = sessionManager.getSession(sessionId);
if (session != null) {
return SecurityActions.forSession(session, this, false);
}
return null;
}
Example #16
| Source File: SessionRestoringHandler.java From lams with GNU General Public License v2.0 | 5 votes |
|
public SessionRestoringHandler(String deploymentName, SessionManager sessionManager, ServletContextImpl servletContext, HttpHandler next, SessionPersistenceManager sessionPersistenceManager) {
this.deploymentName = deploymentName;
this.sessionManager = sessionManager;
this.servletContext = servletContext;
this.next = next;
this.sessionPersistenceManager = sessionPersistenceManager;
this.data = new ConcurrentHashMap<>();
}
Example #17
| Source File: DeploymentManagerImpl.java From lams with GNU General Public License v2.0 | 5 votes |
|
private HttpHandler handleDevelopmentModePersistentSessions(HttpHandler next, final DeploymentInfo deploymentInfo, final SessionManager sessionManager, final ServletContextImpl servletContext) {
final SessionPersistenceManager sessionPersistenceManager = deploymentInfo.getSessionPersistenceManager();
if (sessionPersistenceManager != null) {
SessionRestoringHandler handler = new SessionRestoringHandler(deployment.getDeploymentInfo().getDeploymentName(), sessionManager, servletContext, next, sessionPersistenceManager);
deployment.addLifecycleObjects(handler);
return handler;
}
return next;
}
Example #18
| Source File: Sessions.java From quarkus-http with Apache License 2.0 | 5 votes |
|
private static Session getSession(final HttpServerExchange exchange, boolean create) {
SessionManager sessionManager = exchange.getAttachment(SessionManager.ATTACHMENT_KEY);
SessionConfig sessionConfig = exchange.getAttachment(SessionConfig.ATTACHMENT_KEY);
if(sessionManager == null) {
throw UndertowMessages.MESSAGES.sessionManagerNotFound();
}
Session session = sessionManager.getSession(exchange, sessionConfig);
if(session == null && create) {
session = sessionManager.createSession(exchange, sessionConfig);
}
return session;
}
Example #19
| Source File: UndertowPreAuthActionsHandler.java From keycloak with Apache License 2.0 | 5 votes |
|
public UndertowPreAuthActionsHandler(AdapterDeploymentContext deploymentContext,
UndertowUserSessionManagement userSessionManagement,
SessionManager sessionManager,
HttpHandler next) {
this.next = next;
this.deploymentContext = deploymentContext;
this.sessionManager = sessionManager;
this.userSessionManagement = userSessionManagement;
}
Example #20
| Source File: CachedAuthenticatedSessionHandler.java From quarkus-http with Apache License 2.0 | 5 votes |
|
@Override
public void clearSession(HttpServerExchange exchange) {
SessionManager sessionManager = exchange.getAttachment(SessionManager.ATTACHMENT_KEY);
SessionConfig sessionConfig = exchange.getAttachment(SessionConfig.ATTACHMENT_KEY);
if (sessionManager == null || sessionConfig == null) {
return;
}
Session httpSession = sessionManager.getSession(exchange, sessionConfig);
if (httpSession != null) {
httpSession.removeAttribute(ATTRIBUTE_NAME);
}
}
Example #21
| Source File: CachedAuthenticatedSessionHandler.java From quarkus-http with Apache License 2.0 | 5 votes |
|
@Override
public AuthenticatedSession lookupSession(HttpServerExchange exchange) {
SessionManager sessionManager = exchange.getAttachment(SessionManager.ATTACHMENT_KEY);
SessionConfig sessionConfig = exchange.getAttachment(SessionConfig.ATTACHMENT_KEY);
if (sessionManager == null || sessionConfig == null) {
return null;
}
Session httpSession = sessionManager.getSession(exchange, sessionConfig);
if (httpSession != null) {
return (AuthenticatedSession) httpSession.getAttribute(ATTRIBUTE_NAME);
}
return null;
}
Example #22
| Source File: CachedAuthenticatedSessionHandler.java From quarkus-http with Apache License 2.0 | 5 votes |
|
@Override
public void handleNotification(SecurityNotification notification) {
EventType eventType = notification.getEventType();
HttpServerExchange exchange = notification.getExchange();
SessionManager sessionManager = exchange.getAttachment(SessionManager.ATTACHMENT_KEY);
SessionConfig sessionConfig = exchange.getAttachment(SessionConfig.ATTACHMENT_KEY);
if (sessionManager == null || sessionConfig == null) {
return;
}
Session httpSession = sessionManager.getSession(exchange, sessionConfig);
switch (eventType) {
case AUTHENTICATED:
if (isCacheable(notification)) {
if (httpSession == null) {
httpSession = sessionManager.createSession(exchange, sessionConfig);
}
// It is normal for this notification to be received when using a previously cached session - in that
// case the IDM would have been given an opportunity to re-load the Account so updating here ready for
// the next request is desired.
httpSession.setAttribute(ATTRIBUTE_NAME,
new AuthenticatedSession(notification.getAccount(), notification.getMechanism()));
}
break;
case LOGGED_OUT:
if (httpSession != null) {
httpSession.removeAttribute(ATTRIBUTE_NAME);
httpSession.removeAttribute(NO_ID_CHANGE_REQUIRED);
}
break;
}
}
Example #23
| Source File: DeploymentManagerImpl.java From quarkus-http with Apache License 2.0 | 5 votes |
|
private HttpHandler handleDevelopmentModePersistentSessions(HttpHandler next, final DeploymentInfo deploymentInfo, final SessionManager sessionManager, final ServletContextImpl servletContext) {
final SessionPersistenceManager sessionPersistenceManager = deploymentInfo.getSessionPersistenceManager();
if (sessionPersistenceManager != null) {
SessionRestoringHandler handler = new SessionRestoringHandler(deployment.getDeploymentInfo().getDeploymentName(), sessionManager, servletContext, next, sessionPersistenceManager);
deployment.addLifecycleObjects(handler);
return handler;
}
return next;
}
Example #24
| Source File: UndertowUserSessionManagement.java From keycloak with Apache License 2.0 | 5 votes |
|
public void logoutAll(final SessionManager manager) {
final Set<String> allSessions = manager.getAllSessions();
workaroundIspnDeadlock(manager, new Runnable() {
@Override
public void run() {
for (String sessionId : allSessions) logoutSession(manager, sessionId);
}
});
}
Example #25
| Source File: UndertowUserSessionManagement.java From keycloak with Apache License 2.0 | 5 votes |
|
public void logoutHttpSessions(final SessionManager manager, final List<String> sessionIds) {
log.debugf("logoutHttpSessions: %s", sessionIds);
workaroundIspnDeadlock(manager, new Runnable() {
@Override
public void run() {
for (String sessionId : sessionIds) {
logoutSession(manager, sessionId);
}
}
});
}
Example #26
| Source File: SessionRestoringHandler.java From quarkus-http with Apache License 2.0 | 5 votes |
|
public SessionRestoringHandler(String deploymentName, SessionManager sessionManager, ServletContextImpl servletContext, HttpHandler next, SessionPersistenceManager sessionPersistenceManager) {
this.deploymentName = deploymentName;
this.sessionManager = sessionManager;
this.servletContext = servletContext;
this.next = next;
this.sessionPersistenceManager = sessionPersistenceManager;
this.data = new ConcurrentHashMap<>();
}
Example #27
| Source File: ServletContextImpl.java From quarkus-http with Apache License 2.0 | 5 votes |
|
/**
* Gets the session with the specified ID if it exists
*
* @param sessionId The session ID
* @return The session
*/
public HttpSessionImpl getSession(final String sessionId) {
final SessionManager sessionManager = deployment.getSessionManager();
Session session = sessionManager.getSession(sessionId);
if (session != null) {
return SecurityActions.forSession(session, this, false);
}
return null;
}
Example #28
| Source File: UndertowUserSessionManagement.java From keycloak with Apache License 2.0 | 5 votes |
|
protected void logoutSession(SessionManager manager, String httpSessionId) {
log.debugf("logoutHttpSession: %s", httpSessionId);
Session session = getSessionById(manager, httpSessionId);
try {
if (session != null) session.invalidate(null);
} catch (Exception e) {
log.warnf("Session %s not present or already invalidated.", httpSessionId);
}
}
Example #29
| Source File: ServletSamlSessionStore.java From keycloak with Apache License 2.0 | 4 votes |
|
protected void logoutSessionIds(List<String> sessionIds) {
if (sessionIds == null || sessionIds.isEmpty()) return;
final ServletRequestContext servletRequestContext = exchange.getAttachment(ServletRequestContext.ATTACHMENT_KEY);
SessionManager sessionManager = servletRequestContext.getDeployment().getSessionManager();
sessionManagement.logoutHttpSessions(sessionManager, sessionIds);
}
Example #30
| Source File: SessionManagementBridge.java From keycloak with Apache License 2.0 | 4 votes |
|
public SessionManagementBridge(UndertowUserSessionManagement userSessionManagement, SessionManager sessionManager) {
this.userSessionManagement = userSessionManagement;
this.sessionManager = sessionManager;
}
