Be sure to remove LoginContext from StorageService after authentication completes...

Bump patch version number

git-svn-id: https://subversion.switch.ch/svn/shibboleth/java-idp/branches/REL_2@2890 ab3bd59b-922f-494d-bb5f-6f0a3c29deca

diff --git a/doc/RELEASE-NOTES.txt b/doc/RELEASE-NOTES.txt
index b247b78..50c7749 100644 (file)
--- a/doc/RELEASE-NOTES.txt
+++ b/doc/RELEASE-NOTES.txt
@@ -2,6 +2,7 @@ Changes in Release 2.1.4
 =============================================
 [SIDP-340] - Default tc-config.xml causes TCNonPortableObjectError
 [SIDP-348] - Remove Terracotta Configuration from IdP Install
+[SIDP-249] - LoginContext is not removed from StorageService after Authentication Completes
 
 Changes in Release 2.1.3
 =============================================

diff --git a/pom.xml b/pom.xml
index d78ccc1..d6d616d 100644 (file)
--- a/pom.xml
+++ b/pom.xml
@@ -4,7 +4,7 @@
     <modelVersion>4.0.0</modelVersion>
     <groupId>edu.internet2.middleware</groupId>
     <artifactId>shibboleth-identityprovider</artifactId>
-    <version>2.1.3</version>
+    <version>2.1.4</version>
     <!-- We bundle as a jar here, the installer creates the WAR -->
     <packaging>jar</packaging>
 

diff --git a/src/main/java/edu/internet2/middleware/shibboleth/idp/authn/AuthenticationEngine.java b/src/main/java/edu/internet2/middleware/shibboleth/idp/authn/AuthenticationEngine.java
index c241e32..7d57945 100644 (file)
--- a/src/main/java/edu/internet2/middleware/shibboleth/idp/authn/AuthenticationEngine.java
+++ b/src/main/java/edu/internet2/middleware/shibboleth/idp/authn/AuthenticationEngine.java
@@ -126,13 +126,10 @@ public class AuthenticationEngine extends HttpServlet {
         } else {
             retainSubjectsPublicCredentials = false;
         }
-
-        handlerManager = HttpServletHelper.getProfileHandlerManager(config.getServletContext());
-        sessionManager = HttpServletHelper.getSessionManager(config.getServletContext());
-        storageService = (StorageService<String, LoginContextEntry>) HttpServletHelper.getStorageService(config
-                .getServletContext());
-
         context = config.getServletContext();
+        handlerManager = HttpServletHelper.getProfileHandlerManager(context);
+        sessionManager = HttpServletHelper.getSessionManager(context);
+        storageService = (StorageService<String, LoginContextEntry>) HttpServletHelper.getStorageService(context);
     }
 
     /**
@@ -166,6 +163,8 @@ public class AuthenticationEngine extends HttpServlet {
             forwardRequest("/error.jsp", httpRequest, httpResponse);
         }
 
+        // Remove the login context from the replicated store and bind it to the request
+        HttpServletHelper.unbindLoginContext(storageService, context, httpRequest, httpResponse);
         HttpServletHelper.bindLoginContext(loginContext, httpRequest);
         LOG.debug("Returning control to profile handler at: {}", loginContext.getProfileHandlerURL());
         forwardRequest(loginContext.getProfileHandlerURL(), httpRequest, httpResponse);
@@ -453,7 +452,8 @@ public class AuthenticationEngine extends HttpServlet {
             if (actualAuthnMethod != null) {
                 if (!loginContext.getRequestedAuthenticationMethods().isEmpty()
                         && !loginContext.getRequestedAuthenticationMethods().contains(actualAuthnMethod)) {
-                    String msg = MessageFormatter.format(
+                    String msg = MessageFormatter
+                            .format(
                                     "Relying patry required an authentication method of '{}' but the login handler performed '{}'",
                                     loginContext.getRequestedAuthenticationMethods(), actualAuthnMethod);
                     LOG.error(msg);
@@ -704,10 +704,10 @@ public class AuthenticationEngine extends HttpServlet {
         cookieValue.append(Base64.encodeBytes(remoteAddress, Base64.DONT_BREAK_LINES)).append("|");
         cookieValue.append(Base64.encodeBytes(sessionId, Base64.DONT_BREAK_LINES)).append("|");
         cookieValue.append(signature);
-        
+
         Cookie sessionCookie = new Cookie(IDP_SESSION_COOKIE_NAME, HTTPTransportUtils.urlEncode(cookieValue.toString()));
         sessionCookie.setVersion(1);
-        sessionCookie.setPath(httpRequest.getContextPath() == "" ? "/" : httpRequest.getContextPath());
+        sessionCookie.setPath("".equals(httpRequest.getContextPath()) ? "/" : httpRequest.getContextPath());
         sessionCookie.setSecure(httpRequest.isSecure());
         httpResponse.addCookie(sessionCookie);
     }

diff --git a/src/main/java/edu/internet2/middleware/shibboleth/idp/util/HttpServletHelper.java b/src/main/java/edu/internet2/middleware/shibboleth/idp/util/HttpServletHelper.java
index f5cb09c..42a3598 100644 (file)
--- a/src/main/java/edu/internet2/middleware/shibboleth/idp/util/HttpServletHelper.java
+++ b/src/main/java/edu/internet2/middleware/shibboleth/idp/util/HttpServletHelper.java
@@ -165,7 +165,7 @@ public class HttpServletHelper {
 
         Cookie contextKeyCookie = new Cookie(LOGIN_CTX_KEY_NAME, contextKey);
         contextKeyCookie.setVersion(1);
-        contextKeyCookie.setPath(httpRequest.getContextPath() == "" ? "/" : httpRequest.getContextPath());
+        contextKeyCookie.setPath("".equals(httpRequest.getContextPath()) ? "/" : httpRequest.getContextPath());
         contextKeyCookie.setSecure(httpRequest.isSecure());
         httpResponse.addCookie(contextKeyCookie);
     }
@@ -531,6 +531,8 @@ public class HttpServletHelper {
 
         httpRequest.setAttribute(LOGIN_CTX_KEY_NAME, null);
         loginContextKeyCookie.setMaxAge(0);
+        loginContextKeyCookie.setPath("".equals(httpRequest.getContextPath()) ? "/" : httpRequest.getContextPath());
+        loginContextKeyCookie.setVersion(1);
         httpResponse.addCookie(loginContextKeyCookie);
 
         LoginContextEntry entry = (LoginContextEntry) storageService.remove(getContextParam(context,