Examples with Session io.undertow.server.session.Session used on opensource projects

Example 6 with Session

use of io.undertow.server.session.Session in project undertow by undertow-io.

the class Sessions method getSession.

private static Session getSession(final HttpServerExchange exchange, boolean create) {
    SessionManager sessionManager = exchange.getAttachment(SessionManager.ATTACHMENT_KEY);
    SessionConfig sessionConfig = exchange.getAttachment(SessionConfig.ATTACHMENT_KEY);
    if (sessionManager == null) {
        throw UndertowMessages.MESSAGES.sessionManagerNotFound();
    }
    Session session = sessionManager.getSession(exchange, sessionConfig);
    if (session == null && create) {
        session = sessionManager.createSession(exchange, sessionConfig);
    }
    return session;
}

Example 7 with Session

use of io.undertow.server.session.Session in project undertow by undertow-io.

the class FormAuthenticationMechanism method storeInitialLocation.

protected void storeInitialLocation(final HttpServerExchange exchange) {
    Session session = Sessions.getOrCreateSession(exchange);
    session.setAttribute(LOCATION_ATTRIBUTE, RedirectBuilder.redirect(exchange, exchange.getRelativePath()));
}

Example 8 with Session

use of io.undertow.server.session.Session in project undertow by undertow-io.

the class SingleSignOnAuthenticationMechanism method authenticate.

@Override
public AuthenticationMechanismOutcome authenticate(HttpServerExchange exchange, SecurityContext securityContext) {
    Cookie cookie = null;
    for (Cookie c : exchange.requestCookies()) {
        if (cookieName.equals(c.getName())) {
            cookie = c;
        }
    }
    if (cookie != null) {
        final String ssoId = cookie.getValue();
        log.tracef("Found SSO cookie %s", ssoId);
        try (SingleSignOn sso = this.singleSignOnManager.findSingleSignOn(ssoId)) {
            if (sso != null) {
                if (log.isTraceEnabled()) {
                    log.tracef("SSO session with ID: %s found.", ssoId);
                }
                Account verified = getIdentityManager(securityContext).verify(sso.getAccount());
                if (verified == null) {
                    if (log.isTraceEnabled()) {
                        log.tracef("Account not found. Returning 'not attempted' here.");
                    }
                    // we return not attempted here to allow other mechanisms to proceed as normal
                    return AuthenticationMechanismOutcome.NOT_ATTEMPTED;
                }
                final Session session = getSession(exchange);
                registerSessionIfRequired(sso, session);
                securityContext.authenticationComplete(verified, sso.getMechanismName(), false);
                securityContext.registerNotificationReceiver(new NotificationReceiver() {

                    @Override
                    public void handleNotification(SecurityNotification notification) {
                        if (notification.getEventType() == SecurityNotification.EventType.LOGGED_OUT) {
                            singleSignOnManager.removeSingleSignOn(sso);
                        }
                    }
                });
                log.tracef("Authenticated account %s using SSO", verified.getPrincipal().getName());
                return AuthenticationMechanismOutcome.AUTHENTICATED;
            }
        }
        clearSsoCookie(exchange);
    }
    exchange.addResponseWrapper(responseListener);
    return AuthenticationMechanismOutcome.NOT_ATTEMPTED;
}

Example 9 with Session

use of io.undertow.server.session.Session in project undertow by undertow-io.

the class SavedRequest method trySaveRequest.

public static void trySaveRequest(final HttpServerExchange exchange, final byte[] buffer, int length) {
    int maxSize = exchange.getConnection().getUndertowOptions().get(UndertowOptions.MAX_BUFFERED_REQUEST_SIZE, UndertowOptions.DEFAULT_MAX_BUFFERED_REQUEST_SIZE);
    if (maxSize > 0) {
        if (length > maxSize) {
            UndertowLogger.REQUEST_LOGGER.debugf("Request to %s was to large to save", exchange.getRequestURI());
            // failed to save the request, we just return
            return;
        }
        // TODO: we should really be used pooled buffers
        // TODO: we should probably limit the number of saved requests at any given time
        HeaderMap headers = new HeaderMap();
        for (HeaderValues entry : exchange.getRequestHeaders()) {
            if (entry.getHeaderName().equals(Headers.CONTENT_LENGTH) || entry.getHeaderName().equals(Headers.TRANSFER_ENCODING) || entry.getHeaderName().equals(Headers.CONNECTION)) {
                continue;
            }
            headers.putAll(entry.getHeaderName(), entry);
        }
        SavedRequest request = new SavedRequest(buffer, length, exchange.getRequestMethod(), exchange.getRelativePath(), exchange.getRequestHeaders());
        final ServletRequestContext sc = exchange.getAttachment(ServletRequestContext.ATTACHMENT_KEY);
        HttpSessionImpl session = sc.getCurrentServletContext().getSession(exchange, true);
        Session underlyingSession;
        if (System.getSecurityManager() == null) {
            underlyingSession = session.getSession();
        } else {
            underlyingSession = AccessController.doPrivileged(new HttpSessionImpl.UnwrapSessionAction(session));
        }
        underlyingSession.setAttribute(SESSION_KEY, request);
    }
}

Example 10 with Session

use of io.undertow.server.session.Session in project undertow by undertow-io.

the class SavedRequest method tryRestoreRequest.

public static void tryRestoreRequest(final HttpServerExchange exchange, HttpSession session) {
    if (session instanceof HttpSessionImpl) {
        Session underlyingSession;
        if (System.getSecurityManager() == null) {
            underlyingSession = ((HttpSessionImpl) session).getSession();
        } else {
            underlyingSession = AccessController.doPrivileged(new HttpSessionImpl.UnwrapSessionAction(session));
        }
        SavedRequest request = (SavedRequest) underlyingSession.getAttribute(SESSION_KEY);
        if (request != null) {
            if (request.requestPath.equals(exchange.getRelativePath()) && exchange.isRequestComplete()) {
                UndertowLogger.REQUEST_LOGGER.debugf("restoring request body for request to %s", request.requestPath);
                exchange.setRequestMethod(request.method);
                Connectors.ungetRequestBytes(exchange, new ImmediatePooledByteBuffer(ByteBuffer.wrap(request.data, 0, request.dataLength)));
                underlyingSession.removeAttribute(SESSION_KEY);
                // clear the existing header map of everything except the connection header
                // TODO: are there other headers we should preserve?
                Iterator<HeaderValues> headerIterator = exchange.getRequestHeaders().iterator();
                while (headerIterator.hasNext()) {
                    HeaderValues header = headerIterator.next();
                    if (!header.getHeaderName().equals(Headers.CONNECTION)) {
                        headerIterator.remove();
                    }
                }
                for (Map.Entry<HttpString, List<String>> header : request.headerMap.entrySet()) {
                    exchange.getRequestHeaders().putAll(header.getKey(), header.getValue());
                }
            }
        }
    }
}