use of org.xdi.oxauth.model.common.SessionState in project oxAuth by GluuFederation.
the class EndSessionRestWebServiceImpl method auditLogging.
private void auditLogging(HttpServletRequest request, Pair<SessionState, AuthorizationGrant> pair) {
SessionState sessionState = pair.getFirst();
AuthorizationGrant authorizationGrant = pair.getSecond();
OAuth2AuditLog oAuth2AuditLog = new OAuth2AuditLog(ServerUtil.getIpAddress(request), Action.SESSION_DESTROYED);
oAuth2AuditLog.setSuccess(true);
if (authorizationGrant != null) {
oAuth2AuditLog.setClientId(authorizationGrant.getClientId());
oAuth2AuditLog.setScope(StringUtils.join(authorizationGrant.getScopes(), " "));
oAuth2AuditLog.setUsername(authorizationGrant.getUserId());
} else {
oAuth2AuditLog.setClientId(sessionState.getPermissionGrantedMap().getClientIds(true).toString());
oAuth2AuditLog.setScope(sessionState.getSessionAttributes().get(AuthorizeRequestParam.SCOPE));
oAuth2AuditLog.setUsername(sessionState.getUserDn());
}
applicationAuditLogger.sendMessage(oAuth2AuditLog);
}
use of org.xdi.oxauth.model.common.SessionState in project oxAuth by GluuFederation.
the class SessionStateServiceTest method statePersistence.
@Parameters({ "userInum" })
@Test
public void statePersistence(String userInum) {
String userDn = userService.getDnForUser(userInum);
SessionState newId = m_service.generateAuthenticatedSessionState(userDn);
Assert.assertEquals(newId.getState(), SessionIdState.AUTHENTICATED);
Map<String, String> sessionAttributes = new HashMap<String, String>();
sessionAttributes.put("k1", "v1");
newId.setSessionAttributes(sessionAttributes);
m_service.updateSessionState(newId);
final SessionState fresh = m_service.getSessionById(newId.getId());
Assert.assertEquals(fresh.getState(), SessionIdState.AUTHENTICATED);
Assert.assertTrue(fresh.getSessionAttributes().containsKey("k1"));
Assert.assertTrue(fresh.getSessionAttributes().containsValue("v1"));
}
use of org.xdi.oxauth.model.common.SessionState in project oxAuth by GluuFederation.
the class SessionStateServiceTest method testUpdateLastUsedDate.
@Parameters({ "userInum" })
@Test
public void testUpdateLastUsedDate(String userInum) {
SessionState m_sessionState = generateSession(userInum);
final SessionState fromLdap1 = m_service.getSessionById(m_sessionState.getId());
final Date createdDate = m_sessionState.getLastUsedAt();
System.out.println("Created date = " + createdDate);
Assert.assertEquals(createdDate, fromLdap1.getLastUsedAt());
sleepSeconds(1);
m_service.updateSessionState(m_sessionState);
final SessionState fromLdap2 = m_service.getSessionById(m_sessionState.getId());
System.out.println("Updated date = " + fromLdap2.getLastUsedAt());
Assert.assertTrue(createdDate.before(fromLdap2.getLastUsedAt()));
}
use of org.xdi.oxauth.model.common.SessionState in project oxAuth by GluuFederation.
the class ValidationService method isValidSessionState.
public boolean isValidSessionState(String userName, String sessionState) {
if (sessionState == null) {
log.error("In two step authentication workflow session_state is mandatory");
return false;
}
SessionState ldapSessionState = sessionStateService.getSessionState(sessionState);
if (ldapSessionState == null) {
log.error("Specified session_state '{}' is invalid", sessionState);
return false;
}
String sessionStateUser = ldapSessionState.getSessionAttributes().get(Constants.AUTHENTICATED_USER);
if (!StringHelper.equalsIgnoreCase(userName, sessionStateUser)) {
log.error("Username '{}' and session_state '{}' don't match", userName, sessionState);
return false;
}
return true;
}
use of org.xdi.oxauth.model.common.SessionState in project oxAuth by GluuFederation.
the class SessionStateService method isSessionStateAuthenticated.
public boolean isSessionStateAuthenticated() {
SessionState sessionState = getSessionState();
if (sessionState == null) {
return false;
}
SessionIdState sessionIdState = sessionState.getState();
if (SessionIdState.AUTHENTICATED.equals(sessionIdState)) {
return true;
}
return false;
}
Aggregations