Require AuthN engine to set session cookie when it creates a session
authorlajoie <lajoie@ab3bd59b-922f-494d-bb5f-6f0a3c29deca>
Thu, 10 Jan 2008 12:33:49 +0000 (12:33 +0000)
committerlajoie <lajoie@ab3bd59b-922f-494d-bb5f-6f0a3c29deca>
Thu, 10 Jan 2008 12:33:49 +0000 (12:33 +0000)
git-svn-id: https://subversion.switch.ch/svn/shibboleth/java-idp/trunk@2547 ab3bd59b-922f-494d-bb5f-6f0a3c29deca

src/edu/internet2/middleware/shibboleth/idp/authn/AuthenticationEngine.java
src/edu/internet2/middleware/shibboleth/idp/session/IdPSessionFilter.java

index d4737a6..5148da6 100644 (file)
@@ -22,6 +22,7 @@ import java.util.List;
 import javax.security.auth.Subject;
 import javax.servlet.RequestDispatcher;
 import javax.servlet.ServletException;
+import javax.servlet.http.Cookie;
 import javax.servlet.http.HttpServlet;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
@@ -47,6 +48,9 @@ import edu.internet2.middleware.shibboleth.idp.session.impl.ServiceInformationIm
  */
 public class AuthenticationEngine extends HttpServlet {
 
+    /** Name of the IdP Cookie containing the IdP session ID. */
+    public static final String IDP_SESSION_COOKIE_NAME = "_idp_session";
+
     /** Serial version UID. */
     private static final long serialVersionUID = 8494202791991613148L;
 
@@ -257,7 +261,7 @@ public class AuthenticationEngine extends HttpServlet {
             LOG.debug("Creating shibboleth session for principal {}", principalName);
             shibSession = (Session) getSessionManager().createSession(loginContext.getPrincipalName());
             loginContext.setSessionID(shibSession.getSessionID());
-            httpRequest.getSession().setAttribute(Session.HTTP_SESSION_BINDING_ATTRIBUTE, shibSession);
+            addSessionCookie(httpRequest, httpResponse, shibSession);
         }
 
         LOG.debug("Recording authentication and service information in Shibboleth session for principal: {}",
@@ -326,4 +330,27 @@ public class AuthenticationEngine extends HttpServlet {
 
         return authnMethodInformation;
     }
+
+    /**
+     * Adds an IdP session cookie to the outbound response.
+     * 
+     * @param httpRequest current request
+     * @param httpResponse current response
+     * @param userSession user's session
+     */
+    protected void addSessionCookie(HttpServletRequest httpRequest, HttpServletResponse httpResponse,
+            Session userSession) {
+        httpRequest.setAttribute(Session.HTTP_SESSION_BINDING_ATTRIBUTE, userSession);
+
+        LOG.debug("Adding IdP session cookie to HTTP response");
+        Cookie sessionCookie = new Cookie(IDP_SESSION_COOKIE_NAME, userSession.getSessionID());
+        sessionCookie.setDomain(httpRequest.getLocalName());
+        sessionCookie.setPath(httpRequest.getContextPath());
+        sessionCookie.setSecure(false);
+
+        int maxAge = (int) (userSession.getInactivityTimeout() / 1000);
+        sessionCookie.setMaxAge(maxAge);
+
+        httpResponse.addCookie(sessionCookie);
+    }
 }
\ No newline at end of file
index 4353448..f380851 100644 (file)
@@ -34,18 +34,16 @@ import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
 import edu.internet2.middleware.shibboleth.common.session.SessionManager;
+import edu.internet2.middleware.shibboleth.idp.authn.AuthenticationEngine;
 
 /**
  * A filter that adds the current users {@link Session} the request, if the user has a session.
  */
 public class IdPSessionFilter implements Filter {
 
-    /** Name of the IdP Cookie containing the IdP session ID. */
-    public static final String IDP_SESSION_COOKIE_NAME = "_idp_session";
-
     /** Class Logger. */
     private final Logger log = LoggerFactory.getLogger(IdPSessionFilter.class);
-    
+
     /** IdP session manager. */
     private SessionManager<Session> sessionManager;
 
@@ -70,8 +68,6 @@ public class IdPSessionFilter implements Filter {
             }
         }
 
-        addIdPSessionCookieToResponse(httpRequest, httpResponse, idpSession);
-
         filterChain.doFilter(request, response);
     }
 
@@ -95,7 +91,7 @@ public class IdPSessionFilter implements Filter {
             for (Cookie requestCookie : requestCookies) {
                 if (DatatypeHelper.safeEquals(requestCookie.getDomain(), request.getLocalName())
                         && DatatypeHelper.safeEquals(requestCookie.getPath(), request.getContextPath())
-                        && DatatypeHelper.safeEquals(requestCookie.getName(), IDP_SESSION_COOKIE_NAME)) {
+                        && DatatypeHelper.safeEquals(requestCookie.getName(), AuthenticationEngine.IDP_SESSION_COOKIE_NAME)) {
                     log.debug("Found IdP session cookie.");
                     return requestCookie;
                 }
@@ -105,38 +101,4 @@ public class IdPSessionFilter implements Filter {
         log.debug("No IdP session cookie sent by the client.");
         return null;
     }
-
-    /**
-     * Adds a cookie, containing the user's IdP session ID, to the response.
-     * 
-     * @param request current HTTP request
-     * @param response current HTTP response
-     * @param userSession user's currentSession
-     */
-    protected void addIdPSessionCookieToResponse(HttpServletRequest request, HttpServletResponse response,
-            Session userSession) {
-        log.debug("Adding session cookie to HTTP response.");
-        Session currentSession = userSession;
-        if (currentSession == null) {
-            log.debug("Retrieving IdP session from HTTP request");
-            currentSession = (Session) request.getAttribute(Session.HTTP_SESSION_BINDING_ATTRIBUTE);
-            if (currentSession == null) {
-                log.debug("Retrieving IdP session from HTTP session");
-                currentSession = (Session) request.getSession().getAttribute(Session.HTTP_SESSION_BINDING_ATTRIBUTE);
-            }
-        }
-
-        if (currentSession != null) {
-            Cookie sessionCookie = new Cookie(IDP_SESSION_COOKIE_NAME, userSession.getSessionID());
-            sessionCookie.setDomain(request.getLocalName());
-            sessionCookie.setPath(request.getContextPath());
-            sessionCookie.setSecure(false);
-
-            int maxAge = (int) (userSession.getInactivityTimeout() / 1000);
-            sessionCookie.setMaxAge(maxAge);
-
-            response.addCookie(sessionCookie);
-            log.debug("Added IdP session cookie to HTTP response");
-        }
-    }
 }
\ No newline at end of file