Examples with SessionState org.xdi.oxauth.model.common.SessionState used on opensource projects

Example 21 with SessionState

use of org.xdi.oxauth.model.common.SessionState in project oxAuth by GluuFederation.

the class AuthenticationService method getAuthenticatedUser.

public User getAuthenticatedUser() {
    if (identity.getUser() != null) {
        return identity.getUser();
    } else {
        SessionState sessionState = sessionStateService.getSessionState();
        if (sessionState != null) {
            Map<String, String> sessionIdAttributes = sessionState.getSessionAttributes();
            String userId = sessionIdAttributes.get(Constants.AUTHENTICATED_USER);
            if (StringHelper.isNotEmpty(userId)) {
                User user = userService.getUser(userId);
                identity.setUser(user);
                return user;
            }
        }
    }
    return null;
}

Example 22 with SessionState

use of org.xdi.oxauth.model.common.SessionState in project oxAuth by GluuFederation.

the class AuthenticationService method setAuthenticatedUserSessionAttribute.

private void setAuthenticatedUserSessionAttribute(String userName, boolean authenticated) {
    SessionState sessionState = sessionStateService.getSessionState();
    if (sessionState != null) {
        Map<String, String> sessionIdAttributes = sessionState.getSessionAttributes();
        if (authenticated) {
            sessionIdAttributes.put(Constants.AUTHENTICATED_USER, userName);
        }
        sessionStateService.updateSessionStateIfNeeded(sessionState, authenticated);
    }
}

Example 23 with SessionState

use of org.xdi.oxauth.model.common.SessionState in project oxAuth by GluuFederation.

the class AuthenticationService method configureSessionUser.

public SessionState configureSessionUser(SessionState sessionState, Map<String, String> sessionIdAttributes) {
    log.trace("configureSessionUser: credentials: '{}', sessionState: '{}', credentials.userName: '{}', authenticatedUser.userId: '{}'", System.identityHashCode(credentials), sessionState, credentials.getUsername(), getAuthenticatedUserId());
    User user = getAuthenticatedUser();
    SessionState newSessionState;
    if (sessionState == null) {
        newSessionState = sessionStateService.generateAuthenticatedSessionState(user.getDn(), sessionIdAttributes);
    } else {
        // TODO: Remove after 2.4.5
        String sessionAuthUser = sessionIdAttributes.get(Constants.AUTHENTICATED_USER);
        log.trace("configureSessionUser sessionState: '{}', sessionState.auth_user: '{}'", sessionState, sessionAuthUser);
        newSessionState = sessionStateService.setSessionStateAuthenticated(sessionState, user.getDn());
    }
    configureEventUserContext(newSessionState);
    return newSessionState;
}

Example 24 with SessionState

use of org.xdi.oxauth.model.common.SessionState in project oxAuth by GluuFederation.

the class SessionStateServiceTest method testUpdateAttributes.

@Parameters({ "userInum" })
@Test
public void testUpdateAttributes(String userInum) {
    SessionState m_sessionState = generateSession(userInum);
    final String clientId = "testClientId";
    final SessionState fromLdap1 = m_service.getSessionById(m_sessionState.getId());
    final Date createdDate = m_sessionState.getLastUsedAt();
    assertEquals(createdDate, fromLdap1.getLastUsedAt());
    assertFalse(fromLdap1.isPermissionGrantedForClient(clientId));
    sleepSeconds(1);
    m_sessionState.setAuthenticationTime(new Date());
    m_sessionState.addPermission(clientId, true);
    m_service.updateSessionState(m_sessionState);
    final SessionState fromLdap2 = m_service.getSessionById(m_sessionState.getId());
    assertTrue(createdDate.before(fromLdap2.getLastUsedAt()));
    assertNotNull(fromLdap2.getAuthenticationTime());
    assertTrue(fromLdap2.isPermissionGrantedForClient(clientId));
}

Example 25 with SessionState

use of org.xdi.oxauth.model.common.SessionState in project oxAuth by GluuFederation.

the class AuthorizeRestWebServiceImpl method overrideUnauthenticatedSessionParameters.

/**
     * 1) https://ce-dev.gluu.org/oxauth/authorize -> session created with parameter list 1
     * 2) https://ce-dev.gluu.org/oxauth/seam/resource/restv1/oxauth/authorize -> with parameter list 2
     * <p/>
     * Second call will try to reuse session data from call 1 (parameter list1). Here we overriding them.
     *
     * @param httpRequest http request
     * @param prompts     prompts
     */
private void overrideUnauthenticatedSessionParameters(HttpServletRequest httpRequest, List<Prompt> prompts) {
    SessionState sessionUser = identity.getSessionState();
    if (sessionUser != null && sessionUser.getState() != SessionIdState.AUTHENTICATED) {
        Map<String, String> genericRequestMap = getGenericRequestMap(httpRequest);
        Map<String, String> parameterMap = Maps.newHashMap(genericRequestMap);
        Map<String, String> requestParameterMap = authenticationService.getAllowedParameters(parameterMap);
        sessionUser.setUserDn(null);
        sessionUser.setSessionAttributes(requestParameterMap);
        boolean persisted = sessionStateService.persistSessionState(sessionUser, !prompts.contains(Prompt.NONE));
        if (persisted) {
            if (log.isTraceEnabled()) {
                log.trace("Session '{}' persisted to LDAP", sessionUser.getId());
            }
        } else {
            log.error("Failed to persisted session: {}", sessionUser.getId());
        }
    }
}