cleanup, add checks to arguments and responses, add log statements
[java-idp.git] / src / edu / internet2 / middleware / shibboleth / serviceprovider / Session.java
index fd5160f..28ee7e6 100644 (file)
@@ -1,27 +1,31 @@
 /*
+ * Copyright [2005] [University Corporation for Advanced Internet Development, Inc.]
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/*
  * Session.java
  * 
  * Session object holds Principal ID [handle] and Attributes.
- * A generated UUID is used as the object key in the Cache and
+ * A random ID is used as the object key in the Cache and
  * is returned to the Browser as a Cookie value. 
  *
- * External Dependencies: jug.jar to generate UUID
  * Recovery Context: No exceptions expected or generated.
- * 
- * --------------------
- * Copyright 2002, 2004 
- * University Corporation for Advanced Internet Development, Inc. 
- * All rights reserved
- * [Thats all we have to say to protect ourselves]
- * Your permission to use this code is governed by "The Shibboleth License".
- * A copy may be found at http://shibboleth.internet2.edu/license.html
- * [Nothing in copyright law requires license text in every file.]
  */
 package edu.internet2.middleware.shibboleth.serviceprovider;
 
 import java.io.Serializable;
-
-import org.doomdark.uuid.UUIDGenerator;
 import org.opensaml.SAMLAssertion;
 import org.opensaml.SAMLAuthenticationStatement;
 import org.opensaml.SAMLResponse;
@@ -38,14 +42,49 @@ import org.opensaml.SAMLResponse;
  */
 public class Session implements Serializable {
        
-       Session() {
-               // Should only be created by SessionManager.newSession()
+       // Default values from Shibboleth documentation
+       private static final int DEFAULTTIMEOUT = 1800000;
+       public static final int DEFAULTLIFETIME = 3600000;
+       
+       Session(String key) {
+               // Should only be created by SessionManager
+               if (key==null)
+                       throw new IllegalArgumentException();
+           this.key=key;
+           this.timestamp = System.currentTimeMillis();
+       }
+       
+       /**
+        * For testing, create a Session that may already be timed out.
+        */
+       Session(String key, long timestamp) {
+           this.key=key;
+           this.timestamp = timestamp;
        }
        
        // Properties
-       private String key = generateKey();
+       
+       private String key;
+       public String getKey() {
+               return key;
+       }
+       
        private String applicationId = null;
+       public String getApplicationId() {
+               return applicationId;
+       }
+       public void setApplicationId(String applicationId) {
+               this.applicationId = applicationId;
+       }
+       
        private String ipaddr = null;
+       public String getIpaddr() {
+               return ipaddr;
+       }
+       public void setIpaddr(String ipaddr) {
+               this.ipaddr = ipaddr;
+       }
+       
        private String entityId = null; // a.k.a providerId
        public String getEntityId() {
                return entityId;
@@ -53,90 +92,46 @@ public class Session implements Serializable {
        public void setEntityId(String entityId) {
                this.entityId = entityId;
        }
-       private long lifetime;
-       private long timeout;
        
+       private long lifetime = DEFAULTLIFETIME;
        public long getLifetime() {
                return lifetime;
        }
        public void setLifetime(long lifetime) {
                this.lifetime = lifetime;
        }
+       
+       private long timeout=DEFAULTTIMEOUT;
        public long getTimeout() {
                return timeout;
        }
        public void setTimeout(long timeout) {
                this.timeout = timeout;
        }
+       
     // private persisted variable
-       private long timestamp = System.currentTimeMillis();
+       private long timestamp = 0;
+       
+       public boolean isExpired() {
+               long now = System.currentTimeMillis();
+               if (lifetime>0 && lifetime<now)
+                       return true;
+               if (timeout>0 && timestamp+timeout<now)
+                       return true;
+               return false;
+       }
        
        
        // Stuff saved from the POST
        private SAMLAssertion authenticationAssertion = null;
-       private SAMLAuthenticationStatement authenticationStatement=null;
-       
-       // Stuff saved from the Attribute Query
-       private SAMLResponse attributeResponse = null;
-       /*
-        * Internal key generation logic. Designed not to fail.
-        * This is not the place to signal configuration problems.
-        * Sanity check the CLASSPATH long before you call down to here.
-        */
-       private static long terriblefallback = new java.util.Random().nextLong();
-       private static String generateKey() {
-               try {
-                       // Note: performance can be improved by creating a synchonized
-                       // static UUIDGenerator preinitialized. 
-                       return UUIDGenerator.getInstance().generateTimeBasedUUID().toString();
-               } catch (Throwable t) {
-                       // Probably the jug.jar file is missing in WEB-INF/lib
-                       // Generate a unique but easy to guess integer.
-                       return Long.toString(terriblefallback++);
-               }
-       }
-
-       /**
-        * @return Returns the ipaddr.
-        */
-       public String getIpaddr() {
-               return ipaddr;
-       }
-       /**
-        * @param ipaddr The ipaddr to set.
-        */
-       public void setIpaddr(String ipaddr) {
-               this.ipaddr = ipaddr;
-       }
-       /**
-        * @return Returns the applicationId.
-        */
-       public String getApplicationId() {
-               return applicationId;
-       }
-       /**
-        * @param applicationId The applicationId to set.
-        */
-       public void setApplicationId(String applicationId) {
-               this.applicationId = applicationId;
-       }
-       /**
-        * @return Returns the key.
-        */
-       public String getKey() {
-               return key;
-       }
-       public void renew(){
-               timestamp = System.currentTimeMillis();
-       }
-       
-
        public SAMLAssertion getAuthenticationAssertion() {
                return authenticationAssertion;
        }
        public void setAuthenticationAssertion(SAMLAssertion authentication) {
                this.authenticationAssertion = authentication;
        }
+       
+       private SAMLAuthenticationStatement authenticationStatement=null;
        public SAMLAuthenticationStatement getAuthenticationStatement() {
                return authenticationStatement;
        }
@@ -144,10 +139,20 @@ public class Session implements Serializable {
                        SAMLAuthenticationStatement authenticationStatement) {
                this.authenticationStatement = authenticationStatement;
        }
+       
+       // Stuff saved from the Attribute Query
+       private SAMLResponse attributeResponse = null;
        public SAMLResponse getAttributeResponse() {
                return attributeResponse;
        }
        public void setAttributeResponse(SAMLResponse attributeResponse) {
                this.attributeResponse = attributeResponse;
        }
+
+       
+       public void renew(){
+               timestamp = System.currentTimeMillis();
+       }
+       
+
 }