Java Code Examples for io.undertow.server.session.Session#getAttribute()
The following examples show how to use
io.undertow.server.session.Session#getAttribute() .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
| Source File: ServletFormAuthenticationMechanism.java From quarkus-http with Apache License 2.0 | 6 votes |
|
@Override
protected void handleRedirectBack(final HttpServerExchange exchange) {
final ServletRequestContext servletRequestContext = exchange.getAttachment(ServletRequestContext.ATTACHMENT_KEY);
HttpServletResponse resp = (HttpServletResponse) servletRequestContext.getServletResponse();
HttpSessionImpl httpSession = servletRequestContext.getCurrentServletContext().getSession(exchange, false);
if (httpSession != null) {
Session session;
if (System.getSecurityManager() == null) {
session = httpSession.getSession();
} else {
session = AccessController.doPrivileged(new HttpSessionImpl.UnwrapSessionAction(httpSession));
}
String path = (String) session.getAttribute(SESSION_KEY);
if (path != null) {
try {
resp.sendRedirect(path);
} catch (IOException e) {
throw new RuntimeException(e);
}
}
}
}
Example 2
| Source File: JsrWebSocketFilter.java From quarkus-http with Apache License 2.0 | 6 votes |
|
@Override
public void sessionDestroyed(HttpSessionEvent se) {
HttpSessionImpl session = (HttpSessionImpl) se.getSession();
final Session underlying;
if (System.getSecurityManager() == null) {
underlying = session.getSession();
} else {
underlying = AccessController.doPrivileged(new HttpSessionImpl.UnwrapSessionAction(session));
}
List<UndertowSession> connections = (List<UndertowSession>) underlying.getAttribute(SESSION_ATTRIBUTE);
if (connections != null) {
synchronized (underlying) {
for (UndertowSession c : connections) {
try {
c.close(new CloseReason(CloseReason.CloseCodes.VIOLATED_POLICY, ""));
} catch (IOException e) {
UndertowLogger.REQUEST_IO_LOGGER.ioException(e);
}
}
}
}
}
Example 3
| Source File: SingleSignOnAuthenticationMechanism.java From quarkus-http with Apache License 2.0 | 6 votes |
|
private void registerSessionIfRequired(SingleSignOn sso, Session session) {
if (!sso.contains(session)) {
if (log.isTraceEnabled()) {
log.tracef("Session %s added to SSO %s", session.getId(), sso.getId());
}
sso.add(session);
}
if (session.getAttribute(SSO_SESSION_ATTRIBUTE) == null) {
if (log.isTraceEnabled()) {
log.tracef("SSO_SESSION_ATTRIBUTE not found. Creating it with SSO ID %s as value.", sso.getId());
}
session.setAttribute(SSO_SESSION_ATTRIBUTE, sso.getId());
}
SessionManager manager = session.getSessionManager();
if (seenSessionManagers.add(manager)) {
manager.registerSessionListener(listener);
}
}
Example 4
| Source File: SingleSignOnAuthenticationMechanism.java From lams with GNU General Public License v2.0 | 6 votes |
|
private void registerSessionIfRequired(SingleSignOn sso, Session session) {
if (!sso.contains(session)) {
if(log.isTraceEnabled()) {
log.tracef("Session %s added to SSO %s", session.getId(), sso.getId());
}
sso.add(session);
}
if(session.getAttribute(SSO_SESSION_ATTRIBUTE) == null) {
if(log.isTraceEnabled()) {
log.tracef("SSO_SESSION_ATTRIBUTE not found. Creating it with SSO ID %s as value.", sso.getId());
}
session.setAttribute(SSO_SESSION_ATTRIBUTE, sso.getId());
}
SessionManager manager = session.getSessionManager();
if (seenSessionManagers.add(manager)) {
manager.registerSessionListener(listener);
}
}
Example 5
| Source File: ServletFormAuthenticationMechanism.java From lams with GNU General Public License v2.0 | 6 votes |
|
@Override
protected void handleRedirectBack(final HttpServerExchange exchange) {
final ServletRequestContext servletRequestContext = exchange.getAttachment(ServletRequestContext.ATTACHMENT_KEY);
HttpServletResponse resp = (HttpServletResponse) servletRequestContext.getServletResponse();
HttpSessionImpl httpSession = servletRequestContext.getCurrentServletContext().getSession(exchange, false);
if (httpSession != null) {
Session session;
if (System.getSecurityManager() == null) {
session = httpSession.getSession();
} else {
session = AccessController.doPrivileged(new HttpSessionImpl.UnwrapSessionAction(httpSession));
}
String path = (String) session.getAttribute(SESSION_KEY);
if (path != null) {
try {
resp.sendRedirect(path);
} catch (IOException e) {
throw new RuntimeException(e);
}
}
}
}
Example 6
| Source File: IdMapperUpdaterSessionListener.java From keycloak with Apache License 2.0 | 5 votes |
|
@Override
public void sessionIdChanged(Session session, String oldSessionId) {
Object value = session.getAttribute(SamlSession.class.getName());
if (value != null) {
unmap(oldSessionId, value);
map(session.getId(), value);
}
}
Example 7
| Source File: ServletFormAuthenticationMechanism.java From quarkus-http with Apache License 2.0 | 5 votes |
|
@Override
public void sessionIdChanged(Session session, String oldSessionId) {
String oldLocation = (String)session.getAttribute(SESSION_KEY);
if(oldLocation != null) {
//todo: in theory this could break if there are multiple path parameters
//but this is such an edge case this is probably fine
String oldPart = ";jsessionid=" + oldSessionId;
if (oldLocation.contains(oldPart)) {
session.setAttribute(ServletFormAuthenticationMechanism.SESSION_KEY, oldLocation.replace(oldPart, ";jsessionid=" + session.getId()));
}
}
}
Example 8
| Source File: SsoCacheSessionIdMapperUpdater.java From keycloak with Apache License 2.0 | 5 votes |
|
@Override
public void sessionIdChanged(Session session, String oldSessionId) {
this.httpSessionToSsoCache.remove(oldSessionId);
Object value = session.getAttribute(SamlSession.class.getName());
if (value instanceof SamlSession) {
SamlSession sess = (SamlSession) value;
httpSessionToSsoCache.put(session.getId(), new String[] {sess.getSessionIndex(), sess.getPrincipal().getSamlSubject()});
}
}
Example 9
| Source File: UndertowSessionTokenStore.java From keycloak with Apache License 2.0 | 5 votes |
|
@Override
public void logout() {
Session session = Sessions.getSession(exchange);
if (session == null) return;
KeycloakUndertowAccount account = (KeycloakUndertowAccount)session.getAttribute(KeycloakUndertowAccount.class.getName());
if (account == null) return;
session.removeAttribute(KeycloakUndertowAccount.class.getName());
session.removeAttribute(KeycloakSecurityContext.class.getName());
}
Example 10
| Source File: UndertowSessionTokenStore.java From keycloak with Apache License 2.0 | 5 votes |
|
@Override
public boolean isCached(RequestAuthenticator authenticator) {
Session session = Sessions.getSession(exchange);
if (session == null) {
log.debug("session was null, returning null");
return false;
}
KeycloakUndertowAccount account = (KeycloakUndertowAccount)session.getAttribute(KeycloakUndertowAccount.class.getName());
if (account == null) {
log.debug("Account was not in session, returning null");
return false;
}
if (!deployment.getRealm().equals(account.getKeycloakSecurityContext().getRealm())) {
log.debug("Account in session belongs to a different realm than for this request.");
return false;
}
account.setCurrentRequestInfo(deployment, this);
if (account.checkActive()) {
log.debug("Cached account found");
securityContext.authenticationComplete(account, "KEYCLOAK", false);
((AbstractUndertowRequestAuthenticator)authenticator).propagateKeycloakContext(account);
return true;
} else {
log.debug("Account was not active, returning false");
session.removeAttribute(KeycloakUndertowAccount.class.getName());
session.removeAttribute(KeycloakSecurityContext.class.getName());
session.invalidate(exchange);
return false;
}
}
Example 11
| Source File: SessionRestoringHandler.java From lams with GNU General Public License v2.0 | 5 votes |
|
public void stop() {
ClassLoader old = getTccl();
try {
setTccl(servletContext.getClassLoader());
this.started = false;
final Map<String, SessionPersistenceManager.PersistentSession> objectData = new HashMap<>();
for (String sessionId : sessionManager.getTransientSessions()) {
Session session = sessionManager.getSession(sessionId);
if (session != null) {
final HttpSessionEvent event = new HttpSessionEvent(SecurityActions.forSession(session, servletContext, false));
final Map<String, Object> sessionData = new HashMap<>();
for (String attr : session.getAttributeNames()) {
final Object attribute = session.getAttribute(attr);
sessionData.put(attr, attribute);
if (attribute instanceof HttpSessionActivationListener) {
((HttpSessionActivationListener) attribute).sessionWillPassivate(event);
}
}
objectData.put(sessionId, new PersistentSession(new Date(session.getLastAccessedTime() + (session.getMaxInactiveInterval() * 1000)), sessionData));
}
}
sessionPersistenceManager.persistSessions(deploymentName, objectData);
this.data.clear();
} finally {
setTccl(old);
}
}
Example 12
| Source File: CachedAuthenticatedSessionHandler.java From lams with GNU General Public License v2.0 | 5 votes |
|
@Override
public AuthenticatedSession lookupSession(HttpServerExchange exchange) {
HttpSessionImpl httpSession = servletContext.getSession(exchange, false);
if (httpSession != null) {
Session session = underlyingSession(httpSession);
return (AuthenticatedSession) session.getAttribute(ATTRIBUTE_NAME);
}
return null;
}
Example 13
| Source File: ServletFormAuthenticationMechanism.java From lams with GNU General Public License v2.0 | 5 votes |
|
@Override
public void sessionIdChanged(Session session, String oldSessionId) {
String oldLocation = (String)session.getAttribute(SESSION_KEY);
if(oldLocation != null) {
//todo: in theory this could break if there are multiple path parameters
//but this is such an edge case this is probably fine
String oldPart = ";jsessionid=" + oldSessionId;
if (oldLocation.contains(oldPart)) {
session.setAttribute(ServletFormAuthenticationMechanism.SESSION_KEY, oldLocation.replace(oldPart, ";jsessionid=" + session.getId()));
}
}
}
Example 14
| Source File: SingleSignOnAuthenticationMechanism.java From lams with GNU General Public License v2.0 | 5 votes |
|
@Override
public void sessionDestroyed(Session session, HttpServerExchange exchange, SessionDestroyedReason reason) {
String ssoId = (String) session.getAttribute(SSO_SESSION_ATTRIBUTE);
if (ssoId != null) {
if(log.isTraceEnabled()) {
log.tracef("Removing SSO ID %s from destroyed session %s.", ssoId, session.getId());
}
List<Session> sessionsToRemove = new LinkedList<>();
try (SingleSignOn sso = singleSignOnManager.findSingleSignOn(ssoId)) {
if (sso != null) {
sso.remove(session);
if (reason == SessionDestroyedReason.INVALIDATED) {
for (Session associatedSession : sso) {
sso.remove(associatedSession);
sessionsToRemove.add(associatedSession);
}
}
// If there are no more associated sessions, remove the SSO altogether
if (!sso.iterator().hasNext()) {
singleSignOnManager.removeSingleSignOn(sso);
}
}
}
// Any consequential session invalidations will trigger this listener recursively,
// so make sure we don't attempt to invalidate session until after the sso is removed.
for (Session sessionToRemove : sessionsToRemove) {
sessionToRemove.invalidate(null);
}
}
}
Example 15
| Source File: CachedAuthenticatedSessionHandler.java From lams with GNU General Public License v2.0 | 5 votes |
|
@Override
public AuthenticatedSession lookupSession(HttpServerExchange exchange) {
SessionManager sessionManager = exchange.getAttachment(SessionManager.ATTACHMENT_KEY);
SessionConfig sessionConfig = exchange.getAttachment(SessionConfig.ATTACHMENT_KEY);
if (sessionManager == null || sessionConfig == null) {
return null;
}
Session httpSession = sessionManager.getSession(exchange, sessionConfig);
if (httpSession != null) {
return (AuthenticatedSession) httpSession.getAttribute(ATTRIBUTE_NAME);
}
return null;
}
Example 16
| Source File: SingleSignOnAuthenticationMechanism.java From quarkus-http with Apache License 2.0 | 5 votes |
|
@Override
public void sessionDestroyed(Session session, HttpServerExchange exchange, SessionDestroyedReason reason) {
String ssoId = (String) session.getAttribute(SSO_SESSION_ATTRIBUTE);
if (ssoId != null) {
if (log.isTraceEnabled()) {
log.tracef("Removing SSO ID %s from destroyed session %s.", ssoId, session.getId());
}
List<Session> sessionsToRemove = new LinkedList<>();
try (SingleSignOn sso = singleSignOnManager.findSingleSignOn(ssoId)) {
if (sso != null) {
sso.remove(session);
if (reason == SessionDestroyedReason.INVALIDATED) {
for (Session associatedSession : sso) {
sso.remove(associatedSession);
sessionsToRemove.add(associatedSession);
}
}
// If there are no more associated sessions, remove the SSO altogether
if (!sso.iterator().hasNext()) {
singleSignOnManager.removeSingleSignOn(sso);
}
}
}
// Any consequential session invalidations will trigger this listener recursively,
// so make sure we don't attempt to invalidate session until after the sso is removed.
for (Session sessionToRemove : sessionsToRemove) {
sessionToRemove.invalidate(null);
}
}
}
Example 17
| Source File: CachedAuthenticatedSessionHandler.java From quarkus-http with Apache License 2.0 | 5 votes |
|
@Override
public AuthenticatedSession lookupSession(HttpServerExchange exchange) {
SessionManager sessionManager = exchange.getAttachment(SessionManager.ATTACHMENT_KEY);
SessionConfig sessionConfig = exchange.getAttachment(SessionConfig.ATTACHMENT_KEY);
if (sessionManager == null || sessionConfig == null) {
return null;
}
Session httpSession = sessionManager.getSession(exchange, sessionConfig);
if (httpSession != null) {
return (AuthenticatedSession) httpSession.getAttribute(ATTRIBUTE_NAME);
}
return null;
}
Example 18
| Source File: SessionRestoringHandler.java From quarkus-http with Apache License 2.0 | 5 votes |
|
public void stop() {
ClassLoader old = getTccl();
try {
setTccl(servletContext.getClassLoader());
this.started = false;
final Map<String, SessionPersistenceManager.PersistentSession> objectData = new HashMap<>();
for (String sessionId : sessionManager.getTransientSessions()) {
Session session = sessionManager.getSession(sessionId);
if (session != null) {
final HttpSessionEvent event = new HttpSessionEvent(SecurityActions.forSession(session, servletContext, false));
final Map<String, Object> sessionData = new HashMap<>();
for (String attr : session.getAttributeNames()) {
final Object attribute = session.getAttribute(attr);
sessionData.put(attr, attribute);
if (attribute instanceof HttpSessionActivationListener) {
((HttpSessionActivationListener) attribute).sessionWillPassivate(event);
}
}
objectData.put(sessionId, new PersistentSession(new Date(session.getLastAccessedTime() + (session.getMaxInactiveInterval() * 1000)), sessionData));
}
}
sessionPersistenceManager.persistSessions(deploymentName, objectData);
this.data.clear();
} finally {
setTccl(old);
}
}
Example 19
| Source File: CachedAuthenticatedSessionHandler.java From quarkus-http with Apache License 2.0 | 5 votes |
|
@Override
public AuthenticatedSession lookupSession(HttpServerExchange exchange) {
HttpSessionImpl httpSession = servletContext.getSession(exchange, false);
if (httpSession != null) {
Session session = underlyingSession(httpSession);
return (AuthenticatedSession) session.getAttribute(ATTRIBUTE_NAME);
}
return null;
}
Example 20
| Source File: IdMapperUpdaterSessionListener.java From keycloak with Apache License 2.0 | 4 votes |
|
@Override
public void sessionCreated(Session session, HttpServerExchange exchange) {
Object value = session.getAttribute(SamlSession.class.getName());
map(session.getId(), value);
}
