Bind session to request once authentication is complete
authorlajoie <lajoie@ab3bd59b-922f-494d-bb5f-6f0a3c29deca>
Thu, 10 Jan 2008 11:46:27 +0000 (11:46 +0000)
committerlajoie <lajoie@ab3bd59b-922f-494d-bb5f-6f0a3c29deca>
Thu, 10 Jan 2008 11:46:27 +0000 (11:46 +0000)
git-svn-id: https://subversion.switch.ch/svn/shibboleth/java-idp/trunk@2541 ab3bd59b-922f-494d-bb5f-6f0a3c29deca

resources/WEB-INF/web.xml
src/edu/internet2/middleware/shibboleth/idp/authn/AuthenticationEngine.java

index bdbf1e7..058e5a6 100644 (file)
@@ -28,7 +28,7 @@
     
     <filter-mapping>
         <filter-name>IdPSessionFilter</filter-name>
-        <url-pattern>/profile/*</url-pattern>
+        <url-pattern>/*</url-pattern>
     </filter-mapping>
 
     <!-- Profile Request Dispatcher -->
index 65aed43..43c19e9 100644 (file)
@@ -139,7 +139,7 @@ public class AuthenticationEngine extends HttpServlet {
         }
 
         if (!loginContext.getAuthenticationAttempted()) {
-            Session shibSession = (Session) httpSession.getAttribute(Session.HTTP_SESSION_BINDING_ATTRIBUTE);
+            Session shibSession = (Session) httpRequest.getAttribute(Session.HTTP_SESSION_BINDING_ATTRIBUTE);
 
             AuthenticationMethodInformation authenticationMethod = getUsableExistingAuthenticationMethod(loginContext,
                     shibSession);
@@ -173,7 +173,7 @@ public class AuthenticationEngine extends HttpServlet {
             AuthenticationMethodInformation authenticationMethod) {
         HttpSession httpSession = httpRequest.getSession();
 
-        Session shibSession = (Session) httpSession.getAttribute(Session.HTTP_SESSION_BINDING_ATTRIBUTE);
+        Session shibSession = (Session) httpRequest.getAttribute(Session.HTTP_SESSION_BINDING_ATTRIBUTE);
 
         LOG.debug("Populating login context with existing session and authentication method information.");
         LoginContext loginContext = (LoginContext) httpSession.getAttribute(LoginContext.LOGIN_CONTEXT_KEY);
@@ -252,12 +252,12 @@ public class AuthenticationEngine extends HttpServlet {
         loginContext.setPrincipalName(principalName);
         loginContext.setAuthenticationInstant(new DateTime());
 
-        Session shibSession = (Session) httpSession.getAttribute(Session.HTTP_SESSION_BINDING_ATTRIBUTE);
+        Session shibSession = (Session) httpRequest.getAttribute(Session.HTTP_SESSION_BINDING_ATTRIBUTE);
         if (shibSession == null) {
             LOG.debug("Creating shibboleth session for principal {}", principalName);
             shibSession = (Session) getSessionManager().createSession(loginContext.getPrincipalName());
             loginContext.setSessionID(shibSession.getSessionID());
-            httpSession.setAttribute(Session.HTTP_SESSION_BINDING_ATTRIBUTE, shibSession);
+            httpRequest.setAttribute(Session.HTTP_SESSION_BINDING_ATTRIBUTE, shibSession);
         }
 
         LOG.debug("Recording authentication and service information in Shibboleth session for principal: {}",