/**
* Session object holds Authentication and Attribute Assertions for one
- * remote Browser/User.<br>
- * Each session generates its own random key.<br>
+ * remote Browser/User for one ApplicationId.<br>
* The collection of Session objects may be checkpointed to disk using
* any attractive persistence framework, Object Relational mapping,
* or, hell, just serialize the objects to a flat file if you like.
long defaultAttributeLifetime) {
if (key==null)
throw new IllegalArgumentException();
- this.key=key;
+ this.sessionId=key;
this.lastused = System.currentTimeMillis();
this.created = this.lastused;
this.maxSessionLife=maxSessionLife*1000;
// Properties
- private String key;
- public String getKey() {
- return key;
+ /*
+ * The large random SessionId string generated for this Session.
+ * It is used as the key of the SessionManager cache, so this
+ * field is only actually needed if serialized/persisted Sessions
+ * need to be reloaded after a crash.
+ */
+ private String sessionId;
+ public String getSessionId() {
+ return sessionId;
}
+ /*
+ * The ApplicationId associated with this Session. A remote User
+ * may have different Sessions with different ApplicationIds that
+ * associate to different IdPs or Attributre Release policies.
+ */
private String applicationId = null;
public String getApplicationId() {
return applicationId;
this.applicationId = applicationId;
}
+ /*
+ * Remote IP address of Browser. Might be used as extra validity check.
+ */
private String ipaddr = null;
public String getIpaddr() {
return ipaddr;
this.ipaddr = ipaddr;
}
- private String entityId = null; // a.k.a providerId
+ /*
+ * IdP entity
+ */
+ private String entityId = null;
public String getEntityId() {
return entityId;
}
private long lastused = 0;
private long created = 0;
+ /**
+ * Determines if the Session has timed out.
+ * @return true if timed out
+ */
public boolean isExpired() {
long now = System.currentTimeMillis();
if (maxSessionLife>0 &&
return true;
return false;
}
+
+ /**
+ * Is this an empty Session object reserved by an RM that has not yet
+ * received Assertions.
+ * @return true or false
+ */
+ public boolean isInitialized() {
+ return (null!=getAuthenticationStatement());
+ }
// Stuff saved from the POST
+
+ /*
+ * The SAML Authentication Assertion from the POST or Artifact
+ */
private SAMLAssertion authenticationAssertion = null;
public SAMLAssertion getAuthenticationAssertion() {
return authenticationAssertion;
this.authenticationAssertion = authentication;
}
+ /*
+ * The saved Authentication Statement containing the Assertion
+ * referenced above. There are extra fields at this level that
+ * are useful to build the Attribute Query.
+ */
private SAMLAuthenticationStatement authenticationStatement=null;
public SAMLAuthenticationStatement getAuthenticationStatement() {
return authenticationStatement;
this.authenticationStatement = authenticationStatement;
}
- // Stuff saved from the Attribute Query
+ /*
+ * The SAMLResponse containing the Attribute Assertions. Note that
+ * in Attribute Push or Artifact situations, this Response will
+ * also contain the Authentication elements separately referenced
+ * above. Otherwise, this Response will have been returned from
+ * a Query.
+ */
private SAMLResponse attributeResponse = null;
public SAMLResponse getAttributeResponse() {
return attributeResponse;
lastused = System.currentTimeMillis();
}
+ /**
+ * Return the default lifetime of an Attribute Assertion if the
+ * Assertion itself doesn't specify the limit.
+ */
public long getDefaultAttributeLifetime() {
return defaultAttributeLifetime;
}
public void setUnusedSessionTimeout(long unusedSessionTimeout) {
this.unusedSessionTimeout = unusedSessionTimeout*1000;
}
+
+ /*
+ * The FormalURL references the RM itself instead of any
+ * individual resource.
+ */
+ private String formalURL;
+ public String getFormalURL() {
+ return formalURL;
+ }
+ public void setFormalURL(String formalURL) {
+ this.formalURL = formalURL;
+ }
+
+ /*
+ * The SavedTarget URL is meaningful only in an uninitialized but
+ * preallocate Session object. It holds the original Resource
+ * URL to which the Browser will be redirected after the
+ * Session is actually established. This frees the TARGET=
+ * sent to the WAYF to be the key of this object rather than
+ * a real URL.
+ */
+ private String savedTargetURL;
+ public String getSavedTargetURL() {
+ return savedTargetURL;
+ }
+ public void setSavedTargetURL(String savedResourceURL) {
+ this.savedTargetURL = savedResourceURL;
+ }
}
log.warn("Session not found with ID "+sessionId);
return null;
}
- if (null==s.getAuthenticationAssertion()) {
+ if (!s.isInitialized()) {
log.warn("Uninitialized (reserved) Session has ID "+sessionId);
return null;
}
* @param sessionId
* @return Session block (uninitialized).
*/
- private synchronized Session findEmptySession(String sessionId) {
+ synchronized Session findEmptySession(String sessionId) {
if (sessionId==null)
throw new IllegalArgumentException();
Session s = (Session) sessions.get(sessionId);
log.warn("Session not found with ID "+sessionId);
return null;
}
- if (null!=s.getAuthenticationAssertion()){
+ if (s.isInitialized()){
log.error("Active Session found when looking for reserved ID:"+sessionId);
return null;
}
protected synchronized void add(Session s) {
if (s==null)
throw new IllegalArgumentException();
- log.debug("Session added: "+s.getKey());
- sessions.put(s.getKey(), s);
+ log.debug("Session added: "+s.getSessionId());
+ sessions.put(s.getSessionId(), s);
if (cache!=null)
cache.add(s);
}
if (s==null)
throw new IllegalArgumentException();
s.renew();
- log.debug("Session updated: "+s.getKey());
- sessions.put(s.getKey(), s);
+ log.debug("Session updated: "+s.getSessionId());
+ sessions.put(s.getSessionId(), s);
if (cache!=null)
cache.update(s);
}
protected synchronized void remove(Session s) {
if (s==null)
throw new IllegalArgumentException();
- log.debug("Session removed: "+s.getKey());
- sessions.remove(s.getKey());
+ log.debug("Session removed: "+s.getSessionId());
+ sessions.remove(s.getSessionId());
if (cache!=null)
cache.remove(s);
}
Map.Entry entry = (Map.Entry) iterator.next();
Session session = (Session) entry.getValue();
if (session.isExpired()) {
- log.info("Session " + session.getKey() + " has expired.");
+ log.info("Session " + session.getSessionId() + " has expired.");
iterator.remove();
}
}
session.setAuthenticationAssertion(assertion);
session.setAuthenticationStatement(authenticationStatement); // may be null
- sessionId = session.getKey();
+ sessionId = session.getSessionId();
if (isUpdate)
update(session);
public
String
reserveSession(
- String applicationId
+ String applicationId,
+ String url
){
if (applicationId==null)
throw new IllegalArgumentException("applicationId null");
appinfo.getUnusedSessionTimeout(),
config.getDefaultAttributeLifetime());
session.setApplicationId(applicationId);
+ session.setSavedTargetURL(url);
- sessionId = session.getKey();
+ sessionId = session.getSessionId();
add(session);
SAMLAttribute attribute =
(SAMLAttribute) attributes.next();
String name = attribute.getName();
- String namespace = attribute.getNamespace();
ArrayList list = new ArrayList();
Iterator values = attribute.getValues();
String val="";
projects / java-idp.git / commitdiff