use of jakarta.servlet.http.HttpSession in project spring-security by spring-projects.
the class HttpSessionOAuth2AuthorizedClientRepository method getAuthorizedClients.
@SuppressWarnings("unchecked")
private Map<String, OAuth2AuthorizedClient> getAuthorizedClients(HttpServletRequest request) {
HttpSession session = request.getSession(false);
Map<String, OAuth2AuthorizedClient> authorizedClients = (session != null) ? (Map<String, OAuth2AuthorizedClient>) session.getAttribute(this.sessionAttributeName) : null;
if (authorizedClients == null) {
authorizedClients = new HashMap<>();
}
return authorizedClients;
}
use of jakarta.servlet.http.HttpSession in project spring-security by spring-projects.
the class HttpSessionLogoutRequestRepository method loadLogoutRequest.
/**
* {@inheritDoc}
*/
@Override
public Saml2LogoutRequest loadLogoutRequest(HttpServletRequest request) {
Assert.notNull(request, "request cannot be null");
HttpSession session = request.getSession(false);
if (session == null) {
return null;
}
Saml2LogoutRequest logoutRequest = (Saml2LogoutRequest) session.getAttribute(DEFAULT_LOGOUT_REQUEST_ATTR_NAME);
if (stateParameterEquals(request, logoutRequest)) {
return logoutRequest;
}
return null;
}
use of jakarta.servlet.http.HttpSession in project spring-security by spring-projects.
the class HttpSessionSaml2AuthenticationRequestRepository method saveAuthenticationRequest.
@Override
public void saveAuthenticationRequest(AbstractSaml2AuthenticationRequest authenticationRequest, HttpServletRequest request, HttpServletResponse response) {
if (authenticationRequest == null) {
removeAuthenticationRequest(request, response);
return;
}
HttpSession httpSession = request.getSession();
httpSession.setAttribute(this.saml2AuthnRequestAttributeName, authenticationRequest);
}
use of jakarta.servlet.http.HttpSession in project spring-security by spring-projects.
the class HttpSessionSecurityContextRepository method loadContext.
/**
* Gets the security context for the current request (if available) and returns it.
* <p>
* If the session is null, the context object is null or the context object stored in
* the session is not an instance of {@code SecurityContext}, a new context object
* will be generated and returned.
*/
@Override
public SecurityContext loadContext(HttpRequestResponseHolder requestResponseHolder) {
HttpServletRequest request = requestResponseHolder.getRequest();
HttpServletResponse response = requestResponseHolder.getResponse();
HttpSession httpSession = request.getSession(false);
SecurityContext context = readSecurityContextFromSession(httpSession);
if (context == null) {
context = generateNewContext();
if (this.logger.isTraceEnabled()) {
this.logger.trace(LogMessage.format("Created %s", context));
}
}
SaveToSessionResponseWrapper wrappedResponse = new SaveToSessionResponseWrapper(response, request, httpSession != null, context);
requestResponseHolder.setResponse(wrappedResponse);
requestResponseHolder.setRequest(new SaveToSessionRequestWrapper(request, wrappedResponse));
return context;
}
use of jakarta.servlet.http.HttpSession in project spring-security by spring-projects.
the class HttpSessionCsrfTokenRepository method saveToken.
@Override
public void saveToken(CsrfToken token, HttpServletRequest request, HttpServletResponse response) {
if (token == null) {
HttpSession session = request.getSession(false);
if (session != null) {
session.removeAttribute(this.sessionAttributeName);
}
} else {
HttpSession session = request.getSession();
session.setAttribute(this.sessionAttributeName, token);
}
}
Aggregations