Java Code Examples for org.apache.catalina.Session#removeNote()
The following examples show how to use
org.apache.catalina.Session#removeNote() .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
| Source File: TomcatValve.java From flex-blazeds with Apache License 2.0 | 6 votes |
|
public boolean logout(HttpServletRequest servletRequest)
{
if (servletRequestMatches(servletRequest))
{
Session session = getSession(request, false);
if (session != null)
{
session.setPrincipal(null);
session.setAuthType(null);
session.removeNote(Constants.SESS_USERNAME_NOTE);
session.removeNote(Constants.SESS_PASSWORD_NOTE);
}
return true;
}
return false;
}
Example 2
| Source File: TomcatValve4150.java From flex-blazeds with Apache License 2.0 | 6 votes |
|
public boolean logout(HttpServletRequest request)
{
if (this.request != null && this.request.getRequest() == request)
{
Session session = getSession(this.request, false);
if (session != null)
{
session.setPrincipal(null);
session.setAuthType(null);
session.removeNote(Constants.SESS_USERNAME_NOTE);
session.removeNote(Constants.SESS_PASSWORD_NOTE);
}
return true;
}
return false;
}
Example 3
| Source File: Tomcat7Valve.java From flex-blazeds with Apache License 2.0 | 6 votes |
|
public boolean logout(HttpServletRequest servletRequest)
{
if (servletRequestMatches(servletRequest))
{
Session session = getSession(request, false);
if (session != null)
{
session.setPrincipal(null);
session.setAuthType(null);
session.removeNote(Constants.SESS_USERNAME_NOTE);
session.removeNote(Constants.SESS_PASSWORD_NOTE);
}
return true;
}
return false;
}
Example 4
| Source File: FederationAuthenticator.java From cxf-fediz with Apache License 2.0 | 6 votes |
|
protected boolean validateToken(Request request, HttpServletResponse response, FedizContext fedConfig) {
Session session = request.getSessionInternal();
if (session != null) {
FedizResponse wfRes = (FedizResponse)session.getNote(FEDERATION_NOTE);
Instant tokenExpires = wfRes.getTokenExpires();
if (tokenExpires == null) {
LOG.debug("Token doesn't expire");
return true;
}
Instant currentTime = Instant.now();
if (!currentTime.isAfter(tokenExpires)) {
return true;
} else {
LOG.warn("Token already expired. Clean up and redirect");
session.removeNote(FEDERATION_NOTE);
session.setPrincipal(null);
request.getSession().removeAttribute(SECURITY_TOKEN);
}
} else {
LOG.debug("Session should not be null after authentication");
}
return false;
}
Example 5
| Source File: BaseOpenIDConnectAuthenticator.java From tomcat-oidcauth with Apache License 2.0 | 5 votes |
|
/**
* Process original request resubmit after successful authentication.
*
* @param request The request.
* @param response The response.
*
* @return {@code true} if success, {@code false} if failure, in which case
* an HTTP 400 response is sent back by this method.
*
* @throws IOException If an I/O error happens communicating with the
* client.
*/
protected boolean processResubmit(final Request request,
final HttpServletResponse response)
throws IOException {
// get session
final Session session = request.getSessionInternal(true);
final boolean debug = this.log.isDebugEnabled();
if (debug)
this.log.debug("restore request from session "
+ session.getIdInternal());
// if principal is cached, remove authentication info from the session
if (this.cache) {
session.removeNote(Constants.SESS_USERNAME_NOTE);
session.removeNote(Constants.SESS_PASSWORD_NOTE);
session.removeNote(SESS_OIDC_AUTH_NOTE);
}
// try to restore original request
if (!this.restoreRequest(request, session)) {
if (debug)
this.log.debug("restore of original request failed");
response.sendError(HttpServletResponse.SC_BAD_REQUEST);
return false;
}
// all good, no further authentication action is required
if (debug)
this.log.debug("proceed to restored request");
return true;
}
Example 6
| Source File: BaseOpenIDConnectAuthenticator.java From tomcat-oidcauth with Apache License 2.0 | 5 votes |
|
@Override
public void logout(final Request request) {
final Session session = request.getSessionInternal(false);
if (session != null) {
session.removeNote(SESS_STATE_NOTE);
session.removeNote(Constants.SESS_USERNAME_NOTE);
session.removeNote(SESS_OIDC_AUTH_NOTE);
session.removeNote(Constants.FORM_REQUEST_NOTE);
session.getSession().removeAttribute(AUTHORIZATION_ATT);
}
super.logout(request);
}
Example 7
| Source File: TomcatValve.java From flex-blazeds with Apache License 2.0 | 5 votes |
|
public Principal login(String username, String password, HttpServletRequest servletRequest)
{
Realm realm = container.getRealm();
if (realm == null)
return null;
Principal principal = realm.authenticate(username, password);
if (principal == null)
return null;
if (servletRequestMatches(servletRequest))
{
request.setAuthType(AUTH_TYPE);
request.setUserPrincipal(principal);
Session session = getSession(request, true);
// Cache the authentication information in our session.
if (session != null)
{
session.setAuthType(AUTH_TYPE);
session.setPrincipal(principal);
if (username != null)
session.setNote(Constants.SESS_USERNAME_NOTE, username);
else
session.removeNote(Constants.SESS_USERNAME_NOTE);
if (password != null)
session.setNote(Constants.SESS_PASSWORD_NOTE, password);
else
session.removeNote(Constants.SESS_PASSWORD_NOTE);
}
}
return principal;
}
Example 8
| Source File: TomcatValve4150.java From flex-blazeds with Apache License 2.0 | 5 votes |
|
public Principal login(String username, String password, HttpServletRequest servletRequest)
{
Realm realm = container.getRealm();
if (realm == null)
return null;
Principal principal = realm.authenticate(username, password);
if (principal != null)
{
if (this.request != null && this.request.getRequest() == servletRequest)
{
request.setAuthType("flexmessaging"); //was "flashgateway"
request.setUserPrincipal(principal);
Session session = getSession(request, true);
// Cache the authentication information in our session, if any
if (session != null)
{
session.setAuthType("flexmessaging"); //was "flashgateway"
session.setPrincipal(principal);
if (username != null)
session.setNote(Constants.SESS_USERNAME_NOTE, username);
else
session.removeNote(Constants.SESS_USERNAME_NOTE);
if (password != null)
session.setNote(Constants.SESS_PASSWORD_NOTE, password);
else
session.removeNote(Constants.SESS_PASSWORD_NOTE);
}
}
}
return principal;
}
Example 9
| Source File: Tomcat7Valve.java From flex-blazeds with Apache License 2.0 | 5 votes |
|
public Principal login(String username, String password, HttpServletRequest servletRequest)
{
Realm realm = valve.getContainer().getRealm();
if (realm == null)
return null;
Principal principal = realm.authenticate(username, password);
if (principal == null)
return null;
if (servletRequestMatches(servletRequest))
{
request.setAuthType(AUTH_TYPE);
request.setUserPrincipal(principal);
Session session = getSession(request, true);
// Cache the authentication information in our session.
if (session != null)
{
session.setAuthType(AUTH_TYPE);
session.setPrincipal(principal);
if (username != null)
session.setNote(Constants.SESS_USERNAME_NOTE, username);
else
session.removeNote(Constants.SESS_USERNAME_NOTE);
if (password != null)
session.setNote(Constants.SESS_PASSWORD_NOTE, password);
else
session.removeNote(Constants.SESS_PASSWORD_NOTE);
}
}
return principal;
}
Example 10
| Source File: FederationAuthenticator.java From cxf-fediz with Apache License 2.0 | 5 votes |
|
protected void resumeRequest(String contextId, HttpServletRequest request,
HttpServletResponse response) throws IOException {
if (contextId == null) {
LOG.warn("The context parameter has not been provided back with signin request.");
response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
} else {
Session session = ((Request)request).getSessionInternal();
String originalURL = (String)session.getNote(FederationAuthenticator.SESSION_SAVED_URI_PREFIX + contextId);
session.removeNote(FederationAuthenticator.SESSION_SAVED_URI_PREFIX + contextId); // Cleanup session
try {
if (originalURL != null) {
LOG.debug("Restore request to {}", originalURL);
response.sendRedirect(response.encodeRedirectURL(originalURL));
} else {
LOG.debug("User took so long to log on the session expired");
if (landingPage == null) {
response.sendError(HttpServletResponse.SC_REQUEST_TIMEOUT, sm
.getString("authenticator.sessionExpired"));
} else {
// Redirect to landing page
String uri = request.getContextPath() + landingPage;
response.sendRedirect(response.encodeRedirectURL(uri));
}
}
} catch (IOException e) {
LOG.error("Cannot resume with request. {}", e.getMessage());
}
}
}
Example 11
| Source File: FederationAuthenticator.java From cxf-fediz with Apache License 2.0 | 5 votes |
|
protected boolean restoreRequest(Request request) throws IOException {
Session session = request.getSessionInternal(false);
String uri = request.getDecodedRequestURI();
if (session != null && uri != null) {
SavedRequest saved = (SavedRequest)session.getNote(SESSION_SAVED_REQUEST_PREFIX + uri);
if (saved != null) {
session.removeNote(SESSION_SAVED_REQUEST_PREFIX + uri); // cleanup session
synchronized (session) {
session.setNote(Constants.FORM_REQUEST_NOTE, saved);
return super.restoreRequest(request, session);
}
}
}
return false;
}
Example 12
| Source File: TomcatLogoutHandler.java From cxf-fediz with Apache License 2.0 | 5 votes |
|
@Override
protected boolean signoutCleanup(HttpServletRequest req, HttpServletResponse resp) {
// Cleanup session internal
Session session = request.getSessionInternal();
session.removeNote(FederationAuthenticator.FEDERATION_NOTE);
session.setPrincipal(null);
super.signoutCleanup(req, resp);
request.clearCookies();
return true;
}
Example 13
| Source File: TomcatLogoutHandler.java From cxf-fediz with Apache License 2.0 | 5 votes |
|
@Override
protected boolean signout(HttpServletRequest req, HttpServletResponse resp) {
// Direct Logout
Session session = request.getSessionInternal();
session.removeNote(FederationAuthenticator.FEDERATION_NOTE);
session.setPrincipal(null);
return super.signout(req, resp);
}
Example 14
| Source File: FormAuthenticator.java From Tomcat7.0.67 with Apache License 2.0 | 4 votes |
|
/**
* Restore the original request from information stored in our session.
* If the original request is no longer present (because the session
* timed out), return <code>false</code>; otherwise, return
* <code>true</code>.
*
* @param request The request to be restored
* @param session The session containing the saved information
*/
protected boolean restoreRequest(Request request, Session session)
throws IOException {
// Retrieve and remove the SavedRequest object from our session
SavedRequest saved = (SavedRequest)
session.getNote(Constants.FORM_REQUEST_NOTE);
session.removeNote(Constants.FORM_REQUEST_NOTE);
session.removeNote(Constants.FORM_PRINCIPAL_NOTE);
if (saved == null) {
return (false);
}
// Swallow any request body since we will be replacing it
// Need to do this before headers are restored as AJP connector uses
// content length header to determine how much data needs to be read for
// request body
byte[] buffer = new byte[4096];
InputStream is = request.createInputStream();
while (is.read(buffer) >= 0) {
// Ignore request body
}
// Modify our current request to reflect the original one
request.clearCookies();
Iterator<Cookie> cookies = saved.getCookies();
while (cookies.hasNext()) {
request.addCookie(cookies.next());
}
String method = saved.getMethod();
MimeHeaders rmh = request.getCoyoteRequest().getMimeHeaders();
rmh.recycle();
boolean cachable = "GET".equalsIgnoreCase(method) ||
"HEAD".equalsIgnoreCase(method);
Iterator<String> names = saved.getHeaderNames();
while (names.hasNext()) {
String name = names.next();
// The browser isn't expecting this conditional response now.
// Assuming that it can quietly recover from an unexpected 412.
// BZ 43687
if(!("If-Modified-Since".equalsIgnoreCase(name) ||
(cachable && "If-None-Match".equalsIgnoreCase(name)))) {
Iterator<String> values = saved.getHeaderValues(name);
while (values.hasNext()) {
rmh.addValue(name).setString(values.next());
}
}
}
request.clearLocales();
Iterator<Locale> locales = saved.getLocales();
while (locales.hasNext()) {
request.addLocale(locales.next());
}
request.getCoyoteRequest().getParameters().recycle();
request.getCoyoteRequest().getParameters().setQueryStringEncoding(
request.getConnector().getURIEncoding());
ByteChunk body = saved.getBody();
if (body != null) {
request.getCoyoteRequest().action
(ActionCode.REQ_SET_BODY_REPLAY, body);
// Set content type
MessageBytes contentType = MessageBytes.newInstance();
// If no content type specified, use default for POST
String savedContentType = saved.getContentType();
if (savedContentType == null && "POST".equalsIgnoreCase(method)) {
savedContentType = "application/x-www-form-urlencoded";
}
contentType.setString(savedContentType);
request.getCoyoteRequest().setContentType(contentType);
}
request.getCoyoteRequest().method().setString(method);
request.getCoyoteRequest().queryString().setString
(saved.getQueryString());
request.getCoyoteRequest().requestURI().setString
(saved.getRequestURI());
return (true);
}
Example 15
| Source File: FormAuthenticator.java From tomcatsrc with Apache License 2.0 | 4 votes |
|
/**
* Restore the original request from information stored in our session.
* If the original request is no longer present (because the session
* timed out), return <code>false</code>; otherwise, return
* <code>true</code>.
*
* @param request The request to be restored
* @param session The session containing the saved information
*/
protected boolean restoreRequest(Request request, Session session)
throws IOException {
// Retrieve and remove the SavedRequest object from our session
SavedRequest saved = (SavedRequest)
session.getNote(Constants.FORM_REQUEST_NOTE);
session.removeNote(Constants.FORM_REQUEST_NOTE);
session.removeNote(Constants.FORM_PRINCIPAL_NOTE);
if (saved == null) {
return (false);
}
// Swallow any request body since we will be replacing it
// Need to do this before headers are restored as AJP connector uses
// content length header to determine how much data needs to be read for
// request body
byte[] buffer = new byte[4096];
InputStream is = request.createInputStream();
while (is.read(buffer) >= 0) {
// Ignore request body
}
// Modify our current request to reflect the original one
request.clearCookies();
Iterator<Cookie> cookies = saved.getCookies();
while (cookies.hasNext()) {
request.addCookie(cookies.next());
}
String method = saved.getMethod();
MimeHeaders rmh = request.getCoyoteRequest().getMimeHeaders();
rmh.recycle();
boolean cachable = "GET".equalsIgnoreCase(method) ||
"HEAD".equalsIgnoreCase(method);
Iterator<String> names = saved.getHeaderNames();
while (names.hasNext()) {
String name = names.next();
// The browser isn't expecting this conditional response now.
// Assuming that it can quietly recover from an unexpected 412.
// BZ 43687
if(!("If-Modified-Since".equalsIgnoreCase(name) ||
(cachable && "If-None-Match".equalsIgnoreCase(name)))) {
Iterator<String> values = saved.getHeaderValues(name);
while (values.hasNext()) {
rmh.addValue(name).setString(values.next());
}
}
}
request.clearLocales();
Iterator<Locale> locales = saved.getLocales();
while (locales.hasNext()) {
request.addLocale(locales.next());
}
request.getCoyoteRequest().getParameters().recycle();
request.getCoyoteRequest().getParameters().setQueryStringEncoding(
request.getConnector().getURIEncoding());
ByteChunk body = saved.getBody();
if (body != null) {
request.getCoyoteRequest().action
(ActionCode.REQ_SET_BODY_REPLAY, body);
// Set content type
MessageBytes contentType = MessageBytes.newInstance();
// If no content type specified, use default for POST
String savedContentType = saved.getContentType();
if (savedContentType == null && "POST".equalsIgnoreCase(method)) {
savedContentType = "application/x-www-form-urlencoded";
}
contentType.setString(savedContentType);
request.getCoyoteRequest().setContentType(contentType);
}
request.getCoyoteRequest().method().setString(method);
request.getCoyoteRequest().queryString().setString
(saved.getQueryString());
request.getCoyoteRequest().requestURI().setString
(saved.getRequestURI());
return (true);
}
