Search in sources :

Example 6 with SessionState

use of org.xdi.oxauth.model.common.SessionState in project oxAuth by GluuFederation.

the class EndSessionRestWebServiceImpl method auditLogging.

private void auditLogging(HttpServletRequest request, Pair<SessionState, AuthorizationGrant> pair) {
    SessionState sessionState = pair.getFirst();
    AuthorizationGrant authorizationGrant = pair.getSecond();
    OAuth2AuditLog oAuth2AuditLog = new OAuth2AuditLog(ServerUtil.getIpAddress(request), Action.SESSION_DESTROYED);
    oAuth2AuditLog.setSuccess(true);
    if (authorizationGrant != null) {
        oAuth2AuditLog.setClientId(authorizationGrant.getClientId());
        oAuth2AuditLog.setScope(StringUtils.join(authorizationGrant.getScopes(), " "));
        oAuth2AuditLog.setUsername(authorizationGrant.getUserId());
    } else {
        oAuth2AuditLog.setClientId(sessionState.getPermissionGrantedMap().getClientIds(true).toString());
        oAuth2AuditLog.setScope(sessionState.getSessionAttributes().get(AuthorizeRequestParam.SCOPE));
        oAuth2AuditLog.setUsername(sessionState.getUserDn());
    }
    applicationAuditLogger.sendMessage(oAuth2AuditLog);
}
Also used : SessionState(org.xdi.oxauth.model.common.SessionState) OAuth2AuditLog(org.xdi.oxauth.model.audit.OAuth2AuditLog) AuthorizationGrant(org.xdi.oxauth.model.common.AuthorizationGrant)

Example 7 with SessionState

use of org.xdi.oxauth.model.common.SessionState in project oxAuth by GluuFederation.

the class SessionStateServiceTest method statePersistence.

@Parameters({ "userInum" })
@Test
public void statePersistence(String userInum) {
    String userDn = userService.getDnForUser(userInum);
    SessionState newId = m_service.generateAuthenticatedSessionState(userDn);
    Assert.assertEquals(newId.getState(), SessionIdState.AUTHENTICATED);
    Map<String, String> sessionAttributes = new HashMap<String, String>();
    sessionAttributes.put("k1", "v1");
    newId.setSessionAttributes(sessionAttributes);
    m_service.updateSessionState(newId);
    final SessionState fresh = m_service.getSessionById(newId.getId());
    Assert.assertEquals(fresh.getState(), SessionIdState.AUTHENTICATED);
    Assert.assertTrue(fresh.getSessionAttributes().containsKey("k1"));
    Assert.assertTrue(fresh.getSessionAttributes().containsValue("v1"));
}
Also used : SessionState(org.xdi.oxauth.model.common.SessionState) HashMap(java.util.HashMap) Parameters(org.testng.annotations.Parameters) BaseComponentTest(org.xdi.oxauth.BaseComponentTest) Test(org.testng.annotations.Test)

Example 8 with SessionState

use of org.xdi.oxauth.model.common.SessionState in project oxAuth by GluuFederation.

the class SessionStateServiceTest method testUpdateLastUsedDate.

@Parameters({ "userInum" })
@Test
public void testUpdateLastUsedDate(String userInum) {
    SessionState m_sessionState = generateSession(userInum);
    final SessionState fromLdap1 = m_service.getSessionById(m_sessionState.getId());
    final Date createdDate = m_sessionState.getLastUsedAt();
    System.out.println("Created date = " + createdDate);
    Assert.assertEquals(createdDate, fromLdap1.getLastUsedAt());
    sleepSeconds(1);
    m_service.updateSessionState(m_sessionState);
    final SessionState fromLdap2 = m_service.getSessionById(m_sessionState.getId());
    System.out.println("Updated date = " + fromLdap2.getLastUsedAt());
    Assert.assertTrue(createdDate.before(fromLdap2.getLastUsedAt()));
}
Also used : SessionState(org.xdi.oxauth.model.common.SessionState) Date(java.util.Date) Parameters(org.testng.annotations.Parameters) BaseComponentTest(org.xdi.oxauth.BaseComponentTest) Test(org.testng.annotations.Test)

Example 9 with SessionState

use of org.xdi.oxauth.model.common.SessionState in project oxAuth by GluuFederation.

the class ValidationService method isValidSessionState.

public boolean isValidSessionState(String userName, String sessionState) {
    if (sessionState == null) {
        log.error("In two step authentication workflow session_state is mandatory");
        return false;
    }
    SessionState ldapSessionState = sessionStateService.getSessionState(sessionState);
    if (ldapSessionState == null) {
        log.error("Specified session_state '{}' is invalid", sessionState);
        return false;
    }
    String sessionStateUser = ldapSessionState.getSessionAttributes().get(Constants.AUTHENTICATED_USER);
    if (!StringHelper.equalsIgnoreCase(userName, sessionStateUser)) {
        log.error("Username '{}' and session_state '{}' don't match", userName, sessionState);
        return false;
    }
    return true;
}
Also used : SessionState(org.xdi.oxauth.model.common.SessionState)

Example 10 with SessionState

use of org.xdi.oxauth.model.common.SessionState in project oxAuth by GluuFederation.

the class SessionStateService method isSessionStateAuthenticated.

public boolean isSessionStateAuthenticated() {
    SessionState sessionState = getSessionState();
    if (sessionState == null) {
        return false;
    }
    SessionIdState sessionIdState = sessionState.getState();
    if (SessionIdState.AUTHENTICATED.equals(sessionIdState)) {
        return true;
    }
    return false;
}
Also used : SessionState(org.xdi.oxauth.model.common.SessionState) SessionIdState(org.xdi.oxauth.model.common.SessionIdState)

Aggregations

SessionState (org.xdi.oxauth.model.common.SessionState)30 AuthorizationGrant (org.xdi.oxauth.model.common.AuthorizationGrant)5 User (org.xdi.oxauth.model.common.User)5 CustomScriptConfiguration (org.xdi.model.custom.script.conf.CustomScriptConfiguration)4 Date (java.util.Date)3 EntryPersistenceException (org.gluu.site.ldap.persistence.exception.EntryPersistenceException)3 Parameters (org.testng.annotations.Parameters)3 Test (org.testng.annotations.Test)3 BaseComponentTest (org.xdi.oxauth.BaseComponentTest)3 SimpleUser (org.xdi.oxauth.model.common.SimpleUser)3 AcrChangedException (org.xdi.oxauth.model.exception.AcrChangedException)3 Client (org.xdi.oxauth.model.registration.Client)3 IOException (java.io.IOException)2 HashMap (java.util.HashMap)2 OAuth2AuditLog (org.xdi.oxauth.model.audit.OAuth2AuditLog)2 Prompt (org.xdi.oxauth.model.common.Prompt)2 InvalidJwtException (org.xdi.oxauth.model.exception.InvalidJwtException)2 ClientAuthorizations (org.xdi.oxauth.model.ldap.ClientAuthorizations)2 LDAPException (com.unboundid.ldap.sdk.LDAPException)1 ApiOperation (com.wordnik.swagger.annotations.ApiOperation)1