Example 36 with SessionId
use of org.gluu.oxauth.model.common.SessionId in project oxAuth by GluuFederation.
the class AuthenticationService method configureSessionUser.
public SessionId configureSessionUser(SessionId sessionId, Map<String, String> sessionIdAttributes) {
log.trace("configureSessionUser: credentials: '{}', sessionId: '{}', credentials.userName: '{}', authenticatedUser.userId: '{}'", System.identityHashCode(credentials), sessionId, credentials.getUsername(), getAuthenticatedUserId());
User user = getAuthenticatedUser();
String sessionAuthUser = sessionIdAttributes.get(Constants.AUTHENTICATED_USER);
log.trace("configureSessionUser sessionId: '{}', sessionId.auth_user: '{}'", sessionId, sessionAuthUser);
SessionId newSessionId = sessionIdService.setSessionIdStateAuthenticated(getHttpRequest(), getHttpResponse(), sessionId, user.getDn());
identity.setSessionId(sessionId);
newSessionId.setUser(user);
return newSessionId;
}
Also used :
SimpleUser(org.gluu.oxauth.model.common.SimpleUser)
User(org.gluu.oxauth.model.common.User)
SessionId(org.gluu.oxauth.model.common.SessionId)
Example 37 with SessionId
use of org.gluu.oxauth.model.common.SessionId in project oxAuth by GluuFederation.
the class AuthenticationService method setAuthenticatedUserSessionAttribute.
private void setAuthenticatedUserSessionAttribute(String userName, boolean authenticated) {
SessionId sessionId = sessionIdService.getSessionId();
if (sessionId != null) {
Map<String, String> sessionIdAttributes = sessionId.getSessionAttributes();
if (authenticated) {
sessionIdAttributes.put(Constants.AUTHENTICATED_USER, userName);
}
sessionIdService.updateSessionIdIfNeeded(sessionId, authenticated);
}
}
Also used :
SessionId(org.gluu.oxauth.model.common.SessionId)
Example 38 with SessionId
use of org.gluu.oxauth.model.common.SessionId in project oxAuth by GluuFederation.
the class SessionIdService method generateSessionId.
private SessionId generateSessionId(String userDn, Date authenticationDate, SessionIdState state, Map<String, String> sessionIdAttributes, boolean persist) {
final String internalSid = UUID.randomUUID().toString();
final String outsideSid = UUID.randomUUID().toString();
final String salt = UUID.randomUUID().toString();
final String clientId = sessionIdAttributes.get("client_id");
final String opbs = UUID.randomUUID().toString();
final String redirectUri = sessionIdAttributes.get("redirect_uri");
final String sessionState = computeSessionState(clientId, redirectUri, opbs, salt);
final String dn = buildDn(internalSid);
sessionIdAttributes.put(OP_BROWSER_STATE, opbs);
Preconditions.checkNotNull(dn);
if (SessionIdState.AUTHENTICATED == state && StringUtils.isBlank(userDn) && !sessionIdAttributes.containsKey("uma")) {
return null;
}
final SessionId sessionId = new SessionId();
sessionId.setId(internalSid);
sessionId.setOutsideSid(outsideSid);
sessionId.setDn(dn);
sessionId.setUserDn(userDn);
sessionId.setSessionState(sessionState);
final Pair<Date, Integer> expiration = expirationDate(sessionId.getCreationDate(), state);
sessionId.setExpirationDate(expiration.getFirst());
sessionId.setTtl(expiration.getSecond());
Boolean sessionAsJwt = appConfiguration.getSessionAsJwt();
sessionId.setIsJwt(sessionAsJwt != null && sessionAsJwt);
sessionId.setAuthenticationTime(authenticationDate != null ? authenticationDate : new Date());
if (state != null) {
sessionId.setState(state);
}
sessionId.setSessionAttributes(sessionIdAttributes);
sessionId.setLastUsedAt(new Date());
if (sessionId.getIsJwt()) {
sessionId.setJwt(generateJwt(sessionId, userDn).asString());
}
boolean persisted = false;
if (persist) {
persisted = persistSessionId(sessionId);
}
auditLogging(sessionId);
log.trace("Generated new session, id = '{}', state = '{}', asJwt = '{}', persisted = '{}'", sessionId.getId(), sessionId.getState(), sessionId.getIsJwt(), persisted);
return sessionId;
}
Also used :
SessionId(org.gluu.oxauth.model.common.SessionId)
Example 39 with SessionId
use of org.gluu.oxauth.model.common.SessionId in project oxAuth by GluuFederation.
the class SessionIdService method getCurrentSessions.
public Set<SessionId> getCurrentSessions() {
final Set<String> ids = cookieService.getCurrentSessions();
final Set<SessionId> sessions = Sets.newHashSet();
for (String sessionId : ids) {
if (StringUtils.isBlank(sessionId)) {
log.error("Invalid sessionId in current_sessions: " + sessionId);
continue;
}
final SessionId sessionIdObj = getSessionId(sessionId);
if (sessionIdObj == null) {
log.trace("Unable to find session object by id: " + sessionId + " {expired?}");
continue;
}
if (sessionIdObj.getState() != SessionIdState.AUTHENTICATED) {
log.error("Session is not authenticated, id: " + sessionId);
continue;
}
sessions.add(sessionIdObj);
}
return sessions;
}
Also used :
SessionId(org.gluu.oxauth.model.common.SessionId)
Example 40 with SessionId
use of org.gluu.oxauth.model.common.SessionId in project oxAuth by GluuFederation.
the class CookieService method removeOutdatedCurrentSessions.
private void removeOutdatedCurrentSessions(Set<String> currentSessions, SessionId session) {
if (session != null) {
final String oldSessionId = session.getSessionAttributes().get(SessionId.OLD_SESSION_ID_ATTR_KEY);
if (StringUtils.isNotBlank(oldSessionId)) {
currentSessions.remove(oldSessionId);
}
}
if (currentSessions.isEmpty()) {
return;
}
// avoid cycle dependency
SessionIdService sessionIdService = CdiUtil.bean(SessionIdService.class);
Set<String> toRemove = Sets.newHashSet();
for (String sessionId : currentSessions) {
SessionId sessionIdObject = null;
try {
sessionIdObject = sessionIdService.getSessionId(sessionId, true);
} catch (EntryPersistenceException e) {
// ignore - valid case if session is outdated
}
if (sessionIdObject == null) {
toRemove.add(sessionId);
}
}
currentSessions.removeAll(toRemove);
}
Also used :
EntryPersistenceException(org.gluu.persist.exception.EntryPersistenceException)
SessionId(org.gluu.oxauth.model.common.SessionId)
Aggregations
SessionId (org.gluu.oxauth.model.common.SessionId)52
CustomScriptConfiguration (org.gluu.model.custom.script.conf.CustomScriptConfiguration)9
HttpServletRequest (javax.servlet.http.HttpServletRequest)8
User (org.gluu.oxauth.model.common.User)7
Date (java.util.Date)6
HttpServletResponse (javax.servlet.http.HttpServletResponse)6
URISyntaxException (java.net.URISyntaxException)4
HashMap (java.util.HashMap)4
WebApplicationException (javax.ws.rs.WebApplicationException)4
AuthorizationGrant (org.gluu.oxauth.model.common.AuthorizationGrant)4
EntryPersistenceException (org.gluu.persist.exception.EntryPersistenceException)4
UnsupportedEncodingException (java.io.UnsupportedEncodingException)3
BaseComponentTest (org.gluu.oxauth.BaseComponentTest)3
SimpleUser (org.gluu.oxauth.model.common.SimpleUser)3
AcrChangedException (org.gluu.oxauth.model.exception.AcrChangedException)3
InvalidSessionStateException (org.gluu.oxauth.model.exception.InvalidSessionStateException)3
Client (org.gluu.oxauth.model.registration.Client)3
ConsentGatheringContext (org.gluu.oxauth.service.external.context.ConsentGatheringContext)3
UmaGatherContext (org.gluu.oxauth.uma.authorization.UmaGatherContext)3
Parameters (org.testng.annotations.Parameters)3
