AuthenticatedSessionManager.AuthenticatedSession authSession = sessionManager.lookupSession(exchange); if(authSession != null) { cachedAccount = authSession.getAccount();
AuthenticatedSessionManager.AuthenticatedSession authSession = sessionManager.lookupSession(exchange); if(authSession != null) { cachedAccount = authSession.getAccount();
AuthenticatedSessionManager.AuthenticatedSession authSession = sessionManager.lookupSession(exchange); if(authSession != null) { cachedAccount = authSession.getAccount();
new AuthenticatedSession(notification.getAccount(), notification.getMechanism()));
private void sessionDestroyedImpl(HttpSessionEvent se) { //we need to get the current account //there are two options here, we can look for the account in the current request //or we can look for the account that has been saved in the session //for maximum compatibility we do both ServletRequestContext src = ServletRequestContext.current(); Account requestAccount = null; if (src != null) { SecurityContext securityContext = src.getExchange().getSecurityContext(); if(securityContext != null) { requestAccount = securityContext.getAuthenticatedAccount(); if (requestAccount != null) { clearAccount(requestAccount); } } } if (se.getSession() instanceof HttpSessionImpl) { final HttpSessionImpl impl = (HttpSessionImpl) se.getSession(); Session session = impl.getSession(); if (session != null) { AuthenticatedSessionManager.AuthenticatedSession authenticatedSession = (AuthenticatedSessionManager.AuthenticatedSession) session.getAttribute(CachedAuthenticatedSessionHandler.class.getName() + ".AuthenticatedSession"); if(authenticatedSession != null) { Account sessionAccount = authenticatedSession.getAccount(); if (sessionAccount != null && !sessionAccount.equals(requestAccount)) { clearAccount(sessionAccount); } } } } }
private void sessionDestroyedImpl(HttpSessionEvent se) { //we need to get the current account //there are two options here, we can look for the account in the current request //or we can look for the account that has been saved in the session //for maximum compatibility we do both ServletRequestContext src = ServletRequestContext.current(); Account requestAccount = null; if (src != null) { SecurityContext securityContext = src.getExchange().getSecurityContext(); if(securityContext != null) { requestAccount = securityContext.getAuthenticatedAccount(); if (requestAccount != null) { clearAccount(requestAccount); } } } if (se.getSession() instanceof HttpSessionImpl) { final HttpSessionImpl impl = (HttpSessionImpl) se.getSession(); Session session = impl.getSession(); if (session != null) { AuthenticatedSessionManager.AuthenticatedSession authenticatedSession = (AuthenticatedSessionManager.AuthenticatedSession) session.getAttribute(CachedAuthenticatedSessionHandler.class.getName() + ".AuthenticatedSession"); if(authenticatedSession != null) { Account sessionAccount = authenticatedSession.getAccount(); if (sessionAccount != null && !sessionAccount.equals(requestAccount)) { clearAccount(sessionAccount); } } } } }
new AuthenticatedSession(notification.getAccount(), notification.getMechanism()));
new AuthenticatedSession(notification.getAccount(), notification.getMechanism()));
@Override public Object setAttribute(String name, Object value) { if (value == null) { return this.removeAttribute(name); } Session<LocalSessionContext> session = this.entry.getKey(); this.validate(session); try (BatchContext context = this.manager.getSessionManager().getBatcher().resumeBatch(this.batch)) { if (CachedAuthenticatedSessionHandler.ATTRIBUTE_NAME.equals(name)) { AuthenticatedSession auth = (AuthenticatedSession) value; return AUTO_REAUTHENTICATING_MECHANISMS.contains(auth.getMechanism()) ? this.setLocalContext(auth) : session.getAttributes().setAttribute(name, new ImmutableAuthenticatedSession(auth)); } Object old = session.getAttributes().setAttribute(name, value); if (old == null) { this.manager.getSessionListeners().attributeAdded(this, name, value); } else if (old != value) { this.manager.getSessionListeners().attributeUpdated(this, name, value, old); } return old; } }
@Override public SingleSignOn createSingleSignOn(Account account, String mechanism) { String id = this.manager.createIdentifier(); Batcher<Batch> batcher = this.manager.getBatcher(); // Batch will be closed when SSO is closed @SuppressWarnings("resource") Batch batch = batcher.createBatch(); try { AuthenticatedSession session = new AuthenticatedSession(account, mechanism); SSO<AuthenticatedSession, String, String, Void> sso = this.manager.createSSO(id, session); if (log.isTraceEnabled()) { log.tracef("Creating SSO ID %s for Principal %s and Roles %s", id, account.getPrincipal().getName(), account.getRoles().toString()); } return new DistributableSingleSignOn(sso, this.registry, batcher, batcher.suspendBatch()); } catch (RuntimeException | Error e) { batch.discard(); batch.close(); throw e; } }
public AuthenticationMechanismOutcome runCached(final HttpServerExchange exchange, final SecurityContext securityContext, final AuthenticatedSessionManager sessionManager) { AuthenticatedSession authSession = sessionManager.lookupSession(exchange); if (authSession != null) { Account account = getIdentityManager(securityContext).verify(authSession.getAccount()); if (account != null) { securityContext.authenticationComplete(account, authSession.getMechanism(), false); return AuthenticationMechanismOutcome.AUTHENTICATED; } else { sessionManager.clearSession(exchange); // We know we had a previously authenticated account but for some reason the IdentityManager is no longer // accepting it, we now return AuthenticationMechanismOutcome.NOT_ATTEMPTED; } } else { // It is possible an AuthenticatedSessionManager could have been available even if there was no chance of it // loading a session. return AuthenticationMechanismOutcome.NOT_ATTEMPTED; } }
public AuthenticationMechanismOutcome runCached(final HttpServerExchange exchange, final SecurityContext securityContext, final AuthenticatedSessionManager sessionManager) { AuthenticatedSession authSession = sessionManager.lookupSession(exchange); if (authSession != null) { Account account = getIdentityManager(securityContext).verify(authSession.getAccount()); if (account != null) { securityContext.authenticationComplete(account, authSession.getMechanism(), false); return AuthenticationMechanismOutcome.AUTHENTICATED; } else { sessionManager.clearSession(exchange); // We know we had a previously authenticated account but for some reason the IdentityManager is no longer // accepting it, we now return AuthenticationMechanismOutcome.NOT_ATTEMPTED; } } else { // It is possible an AuthenticatedSessionManager could have been available even if there was no chance of it // loading a session. return AuthenticationMechanismOutcome.NOT_ATTEMPTED; } }
@Override public Account getAccount() { try (BatchContext context = this.batcher.resumeBatch(this.batch)) { return this.sso.getAuthentication().getAccount(); } }
public ImmutableAuthenticatedSession(AuthenticatedSession auth) { super(auth.getAccount(), auth.getMechanism()); } }
@Override public String getMechanismName() { try (BatchContext context = this.batcher.resumeBatch(this.batch)) { return this.sso.getAuthentication().getMechanism(); } }
private void sessionDestroyedImpl(HttpSessionEvent se) { //we need to get the current account //there are two options here, we can look for the account in the current request //or we can look for the account that has been saved in the session //for maximum compatibility we do both ServletRequestContext src = ServletRequestContext.current(); Account requestAccount = null; if (src != null) { SecurityContext securityContext = src.getExchange().getSecurityContext(); if(securityContext != null) { requestAccount = securityContext.getAuthenticatedAccount(); if (requestAccount != null) { clearAccount(requestAccount); } } } if (se.getSession() instanceof HttpSessionImpl) { final HttpSessionImpl impl = (HttpSessionImpl) se.getSession(); Session session = impl.getSession(); if (session != null) { AuthenticatedSessionManager.AuthenticatedSession authenticatedSession = (AuthenticatedSessionManager.AuthenticatedSession) session.getAttribute(CachedAuthenticatedSessionHandler.class.getName() + ".AuthenticatedSession"); if(authenticatedSession != null) { Account sessionAccount = authenticatedSession.getAccount(); if (sessionAccount != null && !sessionAccount.equals(requestAccount)) { clearAccount(sessionAccount); } } } } }
new AuthenticatedSession(notification.getAccount(), notification.getMechanism()));
public AuthenticationMechanismOutcome runCached(final HttpServerExchange exchange, final SecurityContext securityContext, final AuthenticatedSessionManager sessionManager) { AuthenticatedSession authSession = sessionManager.lookupSession(exchange); if (authSession != null) { Account account = getIdentityManager(securityContext).verify(authSession.getAccount()); if (account != null) { securityContext.authenticationComplete(account, authSession.getMechanism(), false); return AuthenticationMechanismOutcome.AUTHENTICATED; } else { sessionManager.clearSession(exchange); // We know we had a previously authenticated account but for some reason the IdentityManager is no longer // accepting it, we now return AuthenticationMechanismOutcome.NOT_ATTEMPTED; } } else { // It is possible an AuthenticatedSessionManager could have been available even if there was no chance of it // loading a session. return AuthenticationMechanismOutcome.NOT_ATTEMPTED; } }