Search in sources :

Example 6 with HttpSession

use of jakarta.servlet.http.HttpSession in project spring-security by spring-projects.

the class HttpSessionOAuth2AuthorizedClientRepository method getAuthorizedClients.

@SuppressWarnings("unchecked")
private Map<String, OAuth2AuthorizedClient> getAuthorizedClients(HttpServletRequest request) {
    HttpSession session = request.getSession(false);
    Map<String, OAuth2AuthorizedClient> authorizedClients = (session != null) ? (Map<String, OAuth2AuthorizedClient>) session.getAttribute(this.sessionAttributeName) : null;
    if (authorizedClients == null) {
        authorizedClients = new HashMap<>();
    }
    return authorizedClients;
}
Also used : HttpSession(jakarta.servlet.http.HttpSession) OAuth2AuthorizedClient(org.springframework.security.oauth2.client.OAuth2AuthorizedClient)

Example 7 with HttpSession

use of jakarta.servlet.http.HttpSession in project spring-security by spring-projects.

the class HttpSessionLogoutRequestRepository method loadLogoutRequest.

/**
 * {@inheritDoc}
 */
@Override
public Saml2LogoutRequest loadLogoutRequest(HttpServletRequest request) {
    Assert.notNull(request, "request cannot be null");
    HttpSession session = request.getSession(false);
    if (session == null) {
        return null;
    }
    Saml2LogoutRequest logoutRequest = (Saml2LogoutRequest) session.getAttribute(DEFAULT_LOGOUT_REQUEST_ATTR_NAME);
    if (stateParameterEquals(request, logoutRequest)) {
        return logoutRequest;
    }
    return null;
}
Also used : HttpSession(jakarta.servlet.http.HttpSession) Saml2LogoutRequest(org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutRequest)

Example 8 with HttpSession

use of jakarta.servlet.http.HttpSession in project spring-security by spring-projects.

the class HttpSessionSaml2AuthenticationRequestRepository method saveAuthenticationRequest.

@Override
public void saveAuthenticationRequest(AbstractSaml2AuthenticationRequest authenticationRequest, HttpServletRequest request, HttpServletResponse response) {
    if (authenticationRequest == null) {
        removeAuthenticationRequest(request, response);
        return;
    }
    HttpSession httpSession = request.getSession();
    httpSession.setAttribute(this.saml2AuthnRequestAttributeName, authenticationRequest);
}
Also used : HttpSession(jakarta.servlet.http.HttpSession)

Example 9 with HttpSession

use of jakarta.servlet.http.HttpSession in project spring-security by spring-projects.

the class HttpSessionSecurityContextRepository method loadContext.

/**
 * Gets the security context for the current request (if available) and returns it.
 * <p>
 * If the session is null, the context object is null or the context object stored in
 * the session is not an instance of {@code SecurityContext}, a new context object
 * will be generated and returned.
 */
@Override
public SecurityContext loadContext(HttpRequestResponseHolder requestResponseHolder) {
    HttpServletRequest request = requestResponseHolder.getRequest();
    HttpServletResponse response = requestResponseHolder.getResponse();
    HttpSession httpSession = request.getSession(false);
    SecurityContext context = readSecurityContextFromSession(httpSession);
    if (context == null) {
        context = generateNewContext();
        if (this.logger.isTraceEnabled()) {
            this.logger.trace(LogMessage.format("Created %s", context));
        }
    }
    SaveToSessionResponseWrapper wrappedResponse = new SaveToSessionResponseWrapper(response, request, httpSession != null, context);
    requestResponseHolder.setResponse(wrappedResponse);
    requestResponseHolder.setRequest(new SaveToSessionRequestWrapper(request, wrappedResponse));
    return context;
}
Also used : HttpServletRequest(jakarta.servlet.http.HttpServletRequest) HttpSession(jakarta.servlet.http.HttpSession) SecurityContext(org.springframework.security.core.context.SecurityContext) HttpServletResponse(jakarta.servlet.http.HttpServletResponse)

Example 10 with HttpSession

use of jakarta.servlet.http.HttpSession in project spring-security by spring-projects.

the class HttpSessionCsrfTokenRepository method saveToken.

@Override
public void saveToken(CsrfToken token, HttpServletRequest request, HttpServletResponse response) {
    if (token == null) {
        HttpSession session = request.getSession(false);
        if (session != null) {
            session.removeAttribute(this.sessionAttributeName);
        }
    } else {
        HttpSession session = request.getSession();
        session.setAttribute(this.sessionAttributeName, token);
    }
}
Also used : HttpSession(jakarta.servlet.http.HttpSession)

Aggregations

HttpSession (jakarta.servlet.http.HttpSession)98 Test (org.junit.jupiter.api.Test)38 MockHttpServletRequest (org.springframework.mock.web.MockHttpServletRequest)17 MvcResult (org.springframework.test.web.servlet.MvcResult)16 HttpServletRequest (jakarta.servlet.http.HttpServletRequest)12 MockHttpServletResponse (org.springframework.mock.web.MockHttpServletResponse)12 MockHttpSession (org.springframework.mock.web.MockHttpSession)12 MockHttpServletRequest (org.springframework.web.testfixture.servlet.MockHttpServletRequest)11 Map (java.util.Map)10 MockHttpServletResponse (org.springframework.web.testfixture.servlet.MockHttpServletResponse)9 SecurityContext (org.springframework.security.core.context.SecurityContext)7 PathPatternsParameterizedTest (org.springframework.web.servlet.handler.PathPatternsParameterizedTest)7 Authentication (org.springframework.security.core.Authentication)6 Cookie (jakarta.servlet.http.Cookie)5 Request (org.apache.catalina.connector.Request)5 OAuth2AuthorizedClient (org.springframework.security.oauth2.client.OAuth2AuthorizedClient)5 SessionFixationProtectionStrategy (org.springframework.security.web.authentication.session.SessionFixationProtectionStrategy)5 Response (org.apache.catalina.connector.Response)4 RootBeanDefinition (org.springframework.beans.factory.support.RootBeanDefinition)4 PrintWriter (java.io.PrintWriter)3