io.undertow.server.session.SessionManager Java Examples

The following examples show how to use io.undertow.server.session.SessionManager. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: CachedAuthenticatedSessionHandler.java    From lams with GNU General Public License v2.0 6 votes vote down vote up
@Override
public void handleRequest(HttpServerExchange exchange) throws Exception {
    SecurityContext securityContext = exchange.getSecurityContext();
    securityContext.registerNotificationReceiver(NOTIFICATION_RECEIVER);
    SessionManager sessionManager = exchange.getAttachment(SessionManager.ATTACHMENT_KEY);
    SessionConfig sessionConfig = exchange.getAttachment(SessionConfig.ATTACHMENT_KEY);
    if (sessionManager == null || sessionConfig == null) {
        next.handleRequest(exchange);
        return;
    }
    Session session = sessionManager.getSession(exchange, sessionConfig);
    // If there was no existing HttpSession then there could not be a cached AuthenticatedSession so don't bother setting
    // the AuthenticatedSessionManager.
    if (session != null) {
        exchange.putAttachment(AuthenticatedSessionManager.ATTACHMENT_KEY, SESSION_MANAGER);
    }

    next.handleRequest(exchange);
}
 
Example #2
Source File: ServletFormAuthenticationMechanism.java    From quarkus-http with Apache License 2.0 6 votes vote down vote up
/**
 * This method doesn't save content of request but instead uses data from parameter.
 * This should be used in case that data from request was already read and therefore it is not possible to save them.
 *
 * @param exchange
 * @param bytes
 * @param contentLength
 */
protected void storeInitialLocation(final HttpServerExchange exchange, byte[] bytes, int contentLength) {
    if(!saveOriginalRequest) {
        return;
    }
    final ServletRequestContext servletRequestContext = exchange.getAttachment(ServletRequestContext.ATTACHMENT_KEY);
    HttpSessionImpl httpSession = servletRequestContext.getCurrentServletContext().getSession(exchange, true);
    Session session;
    if (System.getSecurityManager() == null) {
        session = httpSession.getSession();
    } else {
        session = AccessController.doPrivileged(new HttpSessionImpl.UnwrapSessionAction(httpSession));
    }
    SessionManager manager = session.getSessionManager();
    if (seenSessionManagers.add(manager)) {
        manager.registerSessionListener(LISTENER);
    }
    session.setAttribute(SESSION_KEY, RedirectBuilder.redirect(exchange, exchange.getRelativePath()));
    if(bytes == null) {
        SavedRequest.trySaveRequest(exchange);
    } else {
        SavedRequest.trySaveRequest(exchange, bytes, contentLength);
    }
}
 
Example #3
Source File: ServletFormAuthenticationMechanism.java    From lams with GNU General Public License v2.0 6 votes vote down vote up
/**
 * This method doesn't save content of request but instead uses data from parameter.
 * This should be used in case that data from request was already read and therefore it is not possible to save them.
 *
 * @param exchange
 * @param bytes
 * @param contentLength
 */
protected void storeInitialLocation(final HttpServerExchange exchange, byte[] bytes, int contentLength) {
    if(!saveOriginalRequest) {
        return;
    }
    final ServletRequestContext servletRequestContext = exchange.getAttachment(ServletRequestContext.ATTACHMENT_KEY);
    HttpSessionImpl httpSession = servletRequestContext.getCurrentServletContext().getSession(exchange, true);
    Session session;
    if (System.getSecurityManager() == null) {
        session = httpSession.getSession();
    } else {
        session = AccessController.doPrivileged(new HttpSessionImpl.UnwrapSessionAction(httpSession));
    }
    SessionManager manager = session.getSessionManager();
    if (seenSessionManagers.add(manager)) {
        manager.registerSessionListener(LISTENER);
    }
    session.setAttribute(SESSION_KEY, RedirectBuilder.redirect(exchange, exchange.getRelativePath()));
    if(bytes == null) {
        SavedRequest.trySaveRequest(exchange);
    } else {
        SavedRequest.trySaveRequest(exchange, bytes, contentLength);
    }
}
 
Example #4
Source File: SingleSignOnAuthenticationMechanism.java    From quarkus-http with Apache License 2.0 6 votes vote down vote up
private void registerSessionIfRequired(SingleSignOn sso, Session session) {
    if (!sso.contains(session)) {
        if (log.isTraceEnabled()) {
            log.tracef("Session %s added to SSO %s", session.getId(), sso.getId());
        }
        sso.add(session);
    }
    if (session.getAttribute(SSO_SESSION_ATTRIBUTE) == null) {
        if (log.isTraceEnabled()) {
            log.tracef("SSO_SESSION_ATTRIBUTE not found. Creating it with SSO ID %s as value.", sso.getId());
        }
        session.setAttribute(SSO_SESSION_ATTRIBUTE, sso.getId());
    }
    SessionManager manager = session.getSessionManager();
    if (seenSessionManagers.add(manager)) {
        manager.registerSessionListener(listener);
    }
}
 
Example #5
Source File: CachedAuthenticatedSessionHandler.java    From quarkus-http with Apache License 2.0 6 votes vote down vote up
@Override
public void handleRequest(HttpServerExchange exchange) throws Exception {
    SecurityContext securityContext = exchange.getSecurityContext();
    securityContext.registerNotificationReceiver(NOTIFICATION_RECEIVER);
    SessionManager sessionManager = exchange.getAttachment(SessionManager.ATTACHMENT_KEY);
    SessionConfig sessionConfig = exchange.getAttachment(SessionConfig.ATTACHMENT_KEY);
    if (sessionManager == null || sessionConfig == null) {
        next.handleRequest(exchange);
        return;
    }
    Session session = sessionManager.getSession(exchange, sessionConfig);
    // If there was no existing HttpSession then there could not be a cached AuthenticatedSession so don't bother setting
    // the AuthenticatedSessionManager.
    if (session != null) {
        exchange.putAttachment(AuthenticatedSessionManager.ATTACHMENT_KEY, SESSION_MANAGER);
    }

    next.handleRequest(exchange);
}
 
Example #6
Source File: SingleSignOnAuthenticationMechanism.java    From lams with GNU General Public License v2.0 6 votes vote down vote up
private void registerSessionIfRequired(SingleSignOn sso, Session session) {
    if (!sso.contains(session)) {
        if(log.isTraceEnabled()) {
            log.tracef("Session %s added to SSO %s", session.getId(), sso.getId());
        }
        sso.add(session);
    }
    if(session.getAttribute(SSO_SESSION_ATTRIBUTE) == null) {
        if(log.isTraceEnabled()) {
            log.tracef("SSO_SESSION_ATTRIBUTE not found. Creating it with SSO ID %s as value.", sso.getId());
        }
        session.setAttribute(SSO_SESSION_ATTRIBUTE, sso.getId());
    }
    SessionManager manager = session.getSessionManager();
    if (seenSessionManagers.add(manager)) {
        manager.registerSessionListener(listener);
    }
}
 
Example #7
Source File: Sessions.java    From lams with GNU General Public License v2.0 5 votes vote down vote up
private static Session getSession(final HttpServerExchange exchange, boolean create) {
    SessionManager sessionManager = exchange.getAttachment(SessionManager.ATTACHMENT_KEY);
    SessionConfig sessionConfig = exchange.getAttachment(SessionConfig.ATTACHMENT_KEY);
    if(sessionManager == null) {
        throw UndertowMessages.MESSAGES.sessionManagerNotFound();
    }
    Session session = sessionManager.getSession(exchange, sessionConfig);
    if(session == null && create) {
        session = sessionManager.createSession(exchange, sessionConfig);
    }
    return session;
}
 
Example #8
Source File: URLRewritingSessionTestCase.java    From quarkus-http with Apache License 2.0 5 votes vote down vote up
@BeforeClass
public static void setup() {
    final PathParameterSessionConfig sessionConfig = new PathParameterSessionConfig();
    final SessionAttachmentHandler handler = new SessionAttachmentHandler(new InMemorySessionManager(""), sessionConfig);
    handler.setNext(new HttpHandler() {
        @Override
        public void handleRequest(final HttpServerExchange exchange) throws Exception {
            final SessionManager manager = exchange.getAttachment(SessionManager.ATTACHMENT_KEY);
            Session session = manager.getSession(exchange, sessionConfig);
            if (session == null) {
                session = manager.createSession(exchange, sessionConfig);
                session.setAttribute(COUNT, 0);
            } else {
                Assert.assertEquals("/notamatchingpath;jsessionid=" + session.getId(), exchange.getRequestURI());
            }
            Integer count = (Integer) session.getAttribute(COUNT);
            exchange.addResponseHeader(COUNT, count.toString());
            session.setAttribute(COUNT, ++count);

            for (Map.Entry<String, Deque<String>> qp : exchange.getQueryParameters().entrySet()) {
                exchange.addResponseHeader(qp.getKey(), qp.getValue().getFirst());
            }
            if (exchange.getQueryString().isEmpty()) {
                exchange.writeAsync(sessionConfig.rewriteUrl(DefaultServer.getDefaultServerURL() + "/notamatchingpath", session.getId()));
            } else {
                exchange.writeAsync(sessionConfig.rewriteUrl(DefaultServer.getDefaultServerURL() + "/notamatchingpath?" + exchange.getQueryString(), session.getId()));
            }
        }
    });
    DefaultServer.setRootHandler(handler);
}
 
Example #9
Source File: CachedAuthenticatedSessionHandler.java    From lams with GNU General Public License v2.0 5 votes vote down vote up
@Override
public void handleNotification(SecurityNotification notification) {
    EventType eventType = notification.getEventType();
    HttpServerExchange exchange = notification.getExchange();
    SessionManager sessionManager = exchange.getAttachment(SessionManager.ATTACHMENT_KEY);
    SessionConfig sessionConfig = exchange.getAttachment(SessionConfig.ATTACHMENT_KEY);
    if (sessionManager == null || sessionConfig == null) {
        return;
    }
    Session httpSession = sessionManager.getSession(exchange, sessionConfig);
    switch (eventType) {
        case AUTHENTICATED:
            if (isCacheable(notification)) {
                if (httpSession == null) {
                    httpSession = sessionManager.createSession(exchange, sessionConfig);
                }

                // It is normal for this notification to be received when using a previously cached session - in that
                // case the IDM would have been given an opportunity to re-load the Account so updating here ready for
                // the next request is desired.
                httpSession.setAttribute(ATTRIBUTE_NAME,
                        new AuthenticatedSession(notification.getAccount(), notification.getMechanism()));
            }
            break;
        case LOGGED_OUT:
            if (httpSession != null) {
                httpSession.removeAttribute(ATTRIBUTE_NAME);
                httpSession.removeAttribute(NO_ID_CHANGE_REQUIRED);
            }
            break;
    }
}
 
Example #10
Source File: CachedAuthenticatedSessionHandler.java    From lams with GNU General Public License v2.0 5 votes vote down vote up
@Override
public AuthenticatedSession lookupSession(HttpServerExchange exchange) {

    SessionManager sessionManager = exchange.getAttachment(SessionManager.ATTACHMENT_KEY);
    SessionConfig sessionConfig = exchange.getAttachment(SessionConfig.ATTACHMENT_KEY);
    if (sessionManager == null || sessionConfig == null) {
        return null;
    }
    Session httpSession = sessionManager.getSession(exchange, sessionConfig);
    if (httpSession != null) {
        return (AuthenticatedSession) httpSession.getAttribute(ATTRIBUTE_NAME);
    }
    return null;
}
 
Example #11
Source File: CachedAuthenticatedSessionHandler.java    From lams with GNU General Public License v2.0 5 votes vote down vote up
@Override
public void clearSession(HttpServerExchange exchange) {
    SessionManager sessionManager = exchange.getAttachment(SessionManager.ATTACHMENT_KEY);
    SessionConfig sessionConfig = exchange.getAttachment(SessionConfig.ATTACHMENT_KEY);
    if (sessionManager == null || sessionConfig == null) {
        return;
    }
    Session httpSession = sessionManager.getSession(exchange, sessionConfig);
    if (httpSession != null) {
        httpSession.removeAttribute(ATTRIBUTE_NAME);
    }
}
 
Example #12
Source File: LearningPushHandler.java    From quarkus-http with Apache License 2.0 5 votes vote down vote up
protected Session getSession(HttpServerExchange exchange) {
    SessionConfig sc = exchange.getAttachment(SessionConfig.ATTACHMENT_KEY);
    SessionManager sm = exchange.getAttachment(SessionManager.ATTACHMENT_KEY);
    if (sc == null || sm == null) {
        return null;
    }
    Session session = sm.getSession(exchange, sc);
    if (session == null) {
        return sm.createSession(exchange, sc);
    }
    return session;
}
 
Example #13
Source File: AsyncWebSocketHttpServerExchange.java    From lams with GNU General Public License v2.0 5 votes vote down vote up
@Override
public Object getSession() {
    SessionManager sm = exchange.getAttachment(SessionManager.ATTACHMENT_KEY);
    SessionConfig sessionCookieConfig = exchange.getAttachment(SessionConfig.ATTACHMENT_KEY);
    if(sm != null && sessionCookieConfig != null) {
        return sm.getSession(exchange, sessionCookieConfig);
    }
    return null;
}
 
Example #14
Source File: LearningPushHandler.java    From lams with GNU General Public License v2.0 5 votes vote down vote up
protected Session getSession(HttpServerExchange exchange) {
    SessionConfig sc = exchange.getAttachment(SessionConfig.ATTACHMENT_KEY);
    SessionManager sm = exchange.getAttachment(SessionManager.ATTACHMENT_KEY);
    if (sc == null || sm == null) {
        return null;
    }
    Session session = sm.getSession(exchange, sc);
    if (session == null) {
        return sm.createSession(exchange, sc);
    }
    return session;
}
 
Example #15
Source File: ServletContextImpl.java    From lams with GNU General Public License v2.0 5 votes vote down vote up
/**
 * Gets the session with the specified ID if it exists
 *
 * @param sessionId The session ID
 * @return The session
 */
public HttpSessionImpl getSession(final String sessionId) {
    final SessionManager sessionManager = deployment.getSessionManager();
    Session session = sessionManager.getSession(sessionId);
    if (session != null) {
        return SecurityActions.forSession(session, this, false);
    }
    return null;
}
 
Example #16
Source File: SessionRestoringHandler.java    From lams with GNU General Public License v2.0 5 votes vote down vote up
public SessionRestoringHandler(String deploymentName, SessionManager sessionManager, ServletContextImpl servletContext, HttpHandler next, SessionPersistenceManager sessionPersistenceManager) {
    this.deploymentName = deploymentName;
    this.sessionManager = sessionManager;
    this.servletContext = servletContext;
    this.next = next;
    this.sessionPersistenceManager = sessionPersistenceManager;
    this.data = new ConcurrentHashMap<>();
}
 
Example #17
Source File: DeploymentManagerImpl.java    From lams with GNU General Public License v2.0 5 votes vote down vote up
private HttpHandler handleDevelopmentModePersistentSessions(HttpHandler next, final DeploymentInfo deploymentInfo, final SessionManager sessionManager, final ServletContextImpl servletContext) {
    final SessionPersistenceManager sessionPersistenceManager = deploymentInfo.getSessionPersistenceManager();
    if (sessionPersistenceManager != null) {
        SessionRestoringHandler handler = new SessionRestoringHandler(deployment.getDeploymentInfo().getDeploymentName(), sessionManager, servletContext, next, sessionPersistenceManager);
        deployment.addLifecycleObjects(handler);
        return handler;
    }
    return next;
}
 
Example #18
Source File: Sessions.java    From quarkus-http with Apache License 2.0 5 votes vote down vote up
private static Session getSession(final HttpServerExchange exchange, boolean create) {
    SessionManager sessionManager = exchange.getAttachment(SessionManager.ATTACHMENT_KEY);
    SessionConfig sessionConfig = exchange.getAttachment(SessionConfig.ATTACHMENT_KEY);
    if(sessionManager == null) {
        throw UndertowMessages.MESSAGES.sessionManagerNotFound();
    }
    Session session = sessionManager.getSession(exchange, sessionConfig);
    if(session == null && create) {
        session = sessionManager.createSession(exchange, sessionConfig);
    }
    return session;
}
 
Example #19
Source File: UndertowPreAuthActionsHandler.java    From keycloak with Apache License 2.0 5 votes vote down vote up
public UndertowPreAuthActionsHandler(AdapterDeploymentContext deploymentContext,
                                        UndertowUserSessionManagement userSessionManagement,
                                        SessionManager sessionManager,
                                        HttpHandler next) {
    this.next = next;
    this.deploymentContext = deploymentContext;
    this.sessionManager = sessionManager;
    this.userSessionManagement = userSessionManagement;
}
 
Example #20
Source File: CachedAuthenticatedSessionHandler.java    From quarkus-http with Apache License 2.0 5 votes vote down vote up
@Override
public void clearSession(HttpServerExchange exchange) {
    SessionManager sessionManager = exchange.getAttachment(SessionManager.ATTACHMENT_KEY);
    SessionConfig sessionConfig = exchange.getAttachment(SessionConfig.ATTACHMENT_KEY);
    if (sessionManager == null || sessionConfig == null) {
        return;
    }
    Session httpSession = sessionManager.getSession(exchange, sessionConfig);
    if (httpSession != null) {
        httpSession.removeAttribute(ATTRIBUTE_NAME);
    }
}
 
Example #21
Source File: CachedAuthenticatedSessionHandler.java    From quarkus-http with Apache License 2.0 5 votes vote down vote up
@Override
public AuthenticatedSession lookupSession(HttpServerExchange exchange) {

    SessionManager sessionManager = exchange.getAttachment(SessionManager.ATTACHMENT_KEY);
    SessionConfig sessionConfig = exchange.getAttachment(SessionConfig.ATTACHMENT_KEY);
    if (sessionManager == null || sessionConfig == null) {
        return null;
    }
    Session httpSession = sessionManager.getSession(exchange, sessionConfig);
    if (httpSession != null) {
        return (AuthenticatedSession) httpSession.getAttribute(ATTRIBUTE_NAME);
    }
    return null;
}
 
Example #22
Source File: CachedAuthenticatedSessionHandler.java    From quarkus-http with Apache License 2.0 5 votes vote down vote up
@Override
public void handleNotification(SecurityNotification notification) {
    EventType eventType = notification.getEventType();
    HttpServerExchange exchange = notification.getExchange();
    SessionManager sessionManager = exchange.getAttachment(SessionManager.ATTACHMENT_KEY);
    SessionConfig sessionConfig = exchange.getAttachment(SessionConfig.ATTACHMENT_KEY);
    if (sessionManager == null || sessionConfig == null) {
        return;
    }
    Session httpSession = sessionManager.getSession(exchange, sessionConfig);
    switch (eventType) {
        case AUTHENTICATED:
            if (isCacheable(notification)) {
                if (httpSession == null) {
                    httpSession = sessionManager.createSession(exchange, sessionConfig);
                }

                // It is normal for this notification to be received when using a previously cached session - in that
                // case the IDM would have been given an opportunity to re-load the Account so updating here ready for
                // the next request is desired.
                httpSession.setAttribute(ATTRIBUTE_NAME,
                        new AuthenticatedSession(notification.getAccount(), notification.getMechanism()));
            }
            break;
        case LOGGED_OUT:
            if (httpSession != null) {
                httpSession.removeAttribute(ATTRIBUTE_NAME);
                httpSession.removeAttribute(NO_ID_CHANGE_REQUIRED);
            }
            break;
    }
}
 
Example #23
Source File: DeploymentManagerImpl.java    From quarkus-http with Apache License 2.0 5 votes vote down vote up
private HttpHandler handleDevelopmentModePersistentSessions(HttpHandler next, final DeploymentInfo deploymentInfo, final SessionManager sessionManager, final ServletContextImpl servletContext) {
    final SessionPersistenceManager sessionPersistenceManager = deploymentInfo.getSessionPersistenceManager();
    if (sessionPersistenceManager != null) {
        SessionRestoringHandler handler = new SessionRestoringHandler(deployment.getDeploymentInfo().getDeploymentName(), sessionManager, servletContext, next, sessionPersistenceManager);
        deployment.addLifecycleObjects(handler);
        return handler;
    }
    return next;
}
 
Example #24
Source File: UndertowUserSessionManagement.java    From keycloak with Apache License 2.0 5 votes vote down vote up
public void logoutAll(final SessionManager manager) {
    final Set<String> allSessions = manager.getAllSessions();
    workaroundIspnDeadlock(manager, new Runnable() {
        @Override
        public void run() {
            for (String sessionId : allSessions) logoutSession(manager, sessionId);
        }
    });
}
 
Example #25
Source File: UndertowUserSessionManagement.java    From keycloak with Apache License 2.0 5 votes vote down vote up
public void logoutHttpSessions(final SessionManager manager, final List<String> sessionIds) {
    log.debugf("logoutHttpSessions: %s", sessionIds);

    workaroundIspnDeadlock(manager, new Runnable() {
        @Override
        public void run() {
            for (String sessionId : sessionIds) {
                logoutSession(manager, sessionId);
            }
        }
    });
}
 
Example #26
Source File: SessionRestoringHandler.java    From quarkus-http with Apache License 2.0 5 votes vote down vote up
public SessionRestoringHandler(String deploymentName, SessionManager sessionManager, ServletContextImpl servletContext, HttpHandler next, SessionPersistenceManager sessionPersistenceManager) {
    this.deploymentName = deploymentName;
    this.sessionManager = sessionManager;
    this.servletContext = servletContext;
    this.next = next;
    this.sessionPersistenceManager = sessionPersistenceManager;
    this.data = new ConcurrentHashMap<>();
}
 
Example #27
Source File: ServletContextImpl.java    From quarkus-http with Apache License 2.0 5 votes vote down vote up
/**
 * Gets the session with the specified ID if it exists
 *
 * @param sessionId The session ID
 * @return The session
 */
public HttpSessionImpl getSession(final String sessionId) {
    final SessionManager sessionManager = deployment.getSessionManager();
    Session session = sessionManager.getSession(sessionId);
    if (session != null) {
        return SecurityActions.forSession(session, this, false);
    }
    return null;
}
 
Example #28
Source File: UndertowUserSessionManagement.java    From keycloak with Apache License 2.0 5 votes vote down vote up
protected void logoutSession(SessionManager manager, String httpSessionId) {
    log.debugf("logoutHttpSession: %s", httpSessionId);
    Session session = getSessionById(manager, httpSessionId);
    try {
        if (session != null) session.invalidate(null);
    } catch (Exception e) {
        log.warnf("Session %s not present or already invalidated.", httpSessionId);
    }
}
 
Example #29
Source File: ServletSamlSessionStore.java    From keycloak with Apache License 2.0 4 votes vote down vote up
protected void logoutSessionIds(List<String> sessionIds) {
    if (sessionIds == null || sessionIds.isEmpty()) return;
    final ServletRequestContext servletRequestContext = exchange.getAttachment(ServletRequestContext.ATTACHMENT_KEY);
    SessionManager sessionManager = servletRequestContext.getDeployment().getSessionManager();
    sessionManagement.logoutHttpSessions(sessionManager, sessionIds);
}
 
Example #30
Source File: SessionManagementBridge.java    From keycloak with Apache License 2.0 4 votes vote down vote up
public SessionManagementBridge(UndertowUserSessionManagement userSessionManagement, SessionManager sessionManager) {
    this.userSessionManagement = userSessionManagement;
    this.sessionManager = sessionManager;
}