Java Code Examples for io.undertow.server.session.Session#removeAttribute()

The following examples show how to use io.undertow.server.session.Session#removeAttribute() . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: SavedRequest.java    From keycloak with Apache License 2.0 6 votes vote down vote up
public static void tryRestoreRequest(final HttpServerExchange exchange, HttpSession session) {
    if(session instanceof HttpSessionImpl) {

        Session underlyingSession;
        if(System.getSecurityManager() == null) {
            underlyingSession = ((HttpSessionImpl) session).getSession();
        } else {
            underlyingSession = AccessController.doPrivileged(new HttpSessionImpl.UnwrapSessionAction(session));
        }
        io.undertow.servlet.util.SavedRequest request = (io.undertow.servlet.util.SavedRequest) underlyingSession.removeAttribute(SESSION_KEY);
        if (request != null) {
            underlyingSession.setAttribute(io.undertow.servlet.util.SavedRequest.class.getName(), request);
            io.undertow.servlet.util.SavedRequest.tryRestoreRequest(exchange, session);

        }

     }
}
 
Example 2
Source File: CachedAuthenticatedSessionHandler.java    From quarkus-http with Apache License 2.0 5 votes vote down vote up
@Override
public void clearSession(HttpServerExchange exchange) {
    HttpSessionImpl httpSession = servletContext.getSession(exchange, false);
    if (httpSession != null) {
        Session session = underlyingSession(httpSession);
        session.removeAttribute(ATTRIBUTE_NAME);
    }
}
 
Example 3
Source File: SessionListenerBridge.java    From quarkus-http with Apache License 2.0 5 votes vote down vote up
private void doDestroy(Session session) {
    final HttpSessionImpl httpSession = SecurityActions.forSession(session, servletContext, false);
    applicationListeners.sessionDestroyed(httpSession);
    //we make a defensive copy here, as there is no guarantee that the underlying session map
    //is a concurrent map, and as a result a concurrent modification exception may be thrown
    HashSet<String> names = new HashSet<>(session.getAttributeNames());
    for (String attribute : names) {
        session.removeAttribute(attribute);
    }
}
 
Example 4
Source File: CachedAuthenticatedSessionHandler.java    From quarkus-http with Apache License 2.0 5 votes vote down vote up
@Override
public void handleNotification(SecurityNotification notification) {
    EventType eventType = notification.getEventType();
    HttpServerExchange exchange = notification.getExchange();
    SessionManager sessionManager = exchange.getAttachment(SessionManager.ATTACHMENT_KEY);
    SessionConfig sessionConfig = exchange.getAttachment(SessionConfig.ATTACHMENT_KEY);
    if (sessionManager == null || sessionConfig == null) {
        return;
    }
    Session httpSession = sessionManager.getSession(exchange, sessionConfig);
    switch (eventType) {
        case AUTHENTICATED:
            if (isCacheable(notification)) {
                if (httpSession == null) {
                    httpSession = sessionManager.createSession(exchange, sessionConfig);
                }

                // It is normal for this notification to be received when using a previously cached session - in that
                // case the IDM would have been given an opportunity to re-load the Account so updating here ready for
                // the next request is desired.
                httpSession.setAttribute(ATTRIBUTE_NAME,
                        new AuthenticatedSession(notification.getAccount(), notification.getMechanism()));
            }
            break;
        case LOGGED_OUT:
            if (httpSession != null) {
                httpSession.removeAttribute(ATTRIBUTE_NAME);
                httpSession.removeAttribute(NO_ID_CHANGE_REQUIRED);
            }
            break;
    }
}
 
Example 5
Source File: CachedAuthenticatedSessionHandler.java    From quarkus-http with Apache License 2.0 5 votes vote down vote up
@Override
public void clearSession(HttpServerExchange exchange) {
    SessionManager sessionManager = exchange.getAttachment(SessionManager.ATTACHMENT_KEY);
    SessionConfig sessionConfig = exchange.getAttachment(SessionConfig.ATTACHMENT_KEY);
    if (sessionManager == null || sessionConfig == null) {
        return;
    }
    Session httpSession = sessionManager.getSession(exchange, sessionConfig);
    if (httpSession != null) {
        httpSession.removeAttribute(ATTRIBUTE_NAME);
    }
}
 
Example 6
Source File: CachedAuthenticatedSessionHandler.java    From lams with GNU General Public License v2.0 5 votes vote down vote up
@Override
public void handleNotification(SecurityNotification notification) {
    EventType eventType = notification.getEventType();
    HttpServerExchange exchange = notification.getExchange();
    SessionManager sessionManager = exchange.getAttachment(SessionManager.ATTACHMENT_KEY);
    SessionConfig sessionConfig = exchange.getAttachment(SessionConfig.ATTACHMENT_KEY);
    if (sessionManager == null || sessionConfig == null) {
        return;
    }
    Session httpSession = sessionManager.getSession(exchange, sessionConfig);
    switch (eventType) {
        case AUTHENTICATED:
            if (isCacheable(notification)) {
                if (httpSession == null) {
                    httpSession = sessionManager.createSession(exchange, sessionConfig);
                }

                // It is normal for this notification to be received when using a previously cached session - in that
                // case the IDM would have been given an opportunity to re-load the Account so updating here ready for
                // the next request is desired.
                httpSession.setAttribute(ATTRIBUTE_NAME,
                        new AuthenticatedSession(notification.getAccount(), notification.getMechanism()));
            }
            break;
        case LOGGED_OUT:
            if (httpSession != null) {
                httpSession.removeAttribute(ATTRIBUTE_NAME);
                httpSession.removeAttribute(NO_ID_CHANGE_REQUIRED);
            }
            break;
    }
}
 
Example 7
Source File: CachedAuthenticatedSessionHandler.java    From lams with GNU General Public License v2.0 5 votes vote down vote up
@Override
public void clearSession(HttpServerExchange exchange) {
    SessionManager sessionManager = exchange.getAttachment(SessionManager.ATTACHMENT_KEY);
    SessionConfig sessionConfig = exchange.getAttachment(SessionConfig.ATTACHMENT_KEY);
    if (sessionManager == null || sessionConfig == null) {
        return;
    }
    Session httpSession = sessionManager.getSession(exchange, sessionConfig);
    if (httpSession != null) {
        httpSession.removeAttribute(ATTRIBUTE_NAME);
    }
}
 
Example 8
Source File: CachedAuthenticatedSessionHandler.java    From lams with GNU General Public License v2.0 5 votes vote down vote up
@Override
public void clearSession(HttpServerExchange exchange) {
    HttpSessionImpl httpSession = servletContext.getSession(exchange, false);
    if (httpSession != null) {
        Session session = underlyingSession(httpSession);
        session.removeAttribute(ATTRIBUTE_NAME);
    }
}
 
Example 9
Source File: SessionListenerBridge.java    From lams with GNU General Public License v2.0 5 votes vote down vote up
private void doDestroy(Session session) {
    final HttpSessionImpl httpSession = SecurityActions.forSession(session, servletContext, false);
    applicationListeners.sessionDestroyed(httpSession);
    //we make a defensive copy here, as there is no guarantee that the underlying session map
    //is a concurrent map, and as a result a concurrent modification exception may be thrown
    HashSet<String> names = new HashSet<>(session.getAttributeNames());
    for (String attribute : names) {
        session.removeAttribute(attribute);
    }
}
 
Example 10
Source File: UndertowSessionTokenStore.java    From keycloak with Apache License 2.0 5 votes vote down vote up
@Override
public boolean isCached(RequestAuthenticator authenticator) {
    Session session = Sessions.getSession(exchange);
    if (session == null) {
        log.debug("session was null, returning null");
        return false;
    }
    KeycloakUndertowAccount account = (KeycloakUndertowAccount)session.getAttribute(KeycloakUndertowAccount.class.getName());
    if (account == null) {
        log.debug("Account was not in session, returning null");
        return false;
    }

    if (!deployment.getRealm().equals(account.getKeycloakSecurityContext().getRealm())) {
        log.debug("Account in session belongs to a different realm than for this request.");
        return false;
    }

    account.setCurrentRequestInfo(deployment, this);
    if (account.checkActive()) {
        log.debug("Cached account found");
        securityContext.authenticationComplete(account, "KEYCLOAK", false);
        ((AbstractUndertowRequestAuthenticator)authenticator).propagateKeycloakContext(account);
        return true;
    } else {
        log.debug("Account was not active, returning false");
        session.removeAttribute(KeycloakUndertowAccount.class.getName());
        session.removeAttribute(KeycloakSecurityContext.class.getName());
        session.invalidate(exchange);
        return false;
    }
}
 
Example 11
Source File: UndertowSessionTokenStore.java    From keycloak with Apache License 2.0 5 votes vote down vote up
@Override
public void logout() {
    Session session = Sessions.getSession(exchange);
    if (session == null) return;
    KeycloakUndertowAccount account = (KeycloakUndertowAccount)session.getAttribute(KeycloakUndertowAccount.class.getName());
    if (account == null) return;
    session.removeAttribute(KeycloakUndertowAccount.class.getName());
    session.removeAttribute(KeycloakSecurityContext.class.getName());
}
 
Example 12
Source File: SavedRequest.java    From keycloak with Apache License 2.0 5 votes vote down vote up
public static void trySaveRequest(final HttpServerExchange exchange) {
    io.undertow.servlet.util.SavedRequest.trySaveRequest(exchange);
    final ServletRequestContext sc = exchange.getAttachment(ServletRequestContext.ATTACHMENT_KEY);
    HttpSessionImpl session = sc.getCurrentServletContext().getSession(exchange, true);
    Session underlyingSession;
    if(System.getSecurityManager() == null) {
        underlyingSession = session.getSession();
    } else {
        underlyingSession = AccessController.doPrivileged(new HttpSessionImpl.UnwrapSessionAction(session));
    }
    io.undertow.servlet.util.SavedRequest request = (io.undertow.servlet.util.SavedRequest) underlyingSession.removeAttribute(io.undertow.servlet.util.SavedRequest.class.getName());
    if (request != null) underlyingSession.setAttribute(SESSION_KEY, request);


}