Search in sources :

Example 1 with PwmSessionBean

use of password.pwm.http.bean.PwmSessionBean in project pwm by pwm-project.

the class AbstractPwmServlet method setLastError.

protected void setLastError(final PwmRequest pwmRequest, final ErrorInformation errorInformation) throws PwmUnrecoverableException {
    final Class<? extends PwmSessionBean> beanClass = this.getServletDefinition().getPwmSessionBeanClass();
    if (beanClass != null) {
        final PwmSessionBean pwmSessionBean = pwmRequest.getPwmApplication().getSessionStateService().getBean(pwmRequest, beanClass);
        pwmSessionBean.setLastError(errorInformation);
    }
    pwmRequest.setAttribute(PwmRequestAttribute.PwmErrorInfo, errorInformation);
}
Also used : PwmSessionBean(password.pwm.http.bean.PwmSessionBean)

Example 2 with PwmSessionBean

use of password.pwm.http.bean.PwmSessionBean in project pwm by pwm-project.

the class AbstractPwmServlet method examineLastError.

protected void examineLastError(final PwmRequest pwmRequest) throws PwmUnrecoverableException {
    final Class<? extends PwmSessionBean> beanClass = this.getServletDefinition().getPwmSessionBeanClass();
    final PwmSessionBean pwmSessionBean = pwmRequest.getPwmApplication().getSessionStateService().getBean(pwmRequest, beanClass);
    if (pwmSessionBean != null && pwmSessionBean.getLastError() != null) {
        pwmRequest.setAttribute(PwmRequestAttribute.PwmErrorInfo, pwmSessionBean.getLastError());
        pwmSessionBean.setLastError(null);
    }
}
Also used : PwmSessionBean(password.pwm.http.bean.PwmSessionBean)

Example 3 with PwmSessionBean

use of password.pwm.http.bean.PwmSessionBean in project pwm by pwm-project.

the class LocalSessionBeanImpl method getSessionBeanMap.

private Map<Class<? extends PwmSessionBean>, PwmSessionBean> getSessionBeanMap(final PwmRequest pwmRequest) {
    final String attributeName = "SessionBeans";
    final HttpSession httpSession = pwmRequest.getHttpServletRequest().getSession();
    Map<Class<? extends PwmSessionBean>, PwmSessionBean> sessionBeans = (Map<Class<? extends PwmSessionBean>, PwmSessionBean>) httpSession.getAttribute(PwmConstants.SESSION_ATTR_BEANS);
    if (sessionBeans == null) {
        sessionBeans = new HashMap<>();
        httpSession.setAttribute(attributeName, sessionBeans);
    }
    return sessionBeans;
}
Also used : PwmSessionBean(password.pwm.http.bean.PwmSessionBean) HttpSession(javax.servlet.http.HttpSession) Map(java.util.Map) HashMap(java.util.HashMap)

Example 4 with PwmSessionBean

use of password.pwm.http.bean.PwmSessionBean in project pwm by pwm-project.

the class CryptoCookieBeanImpl method getSessionBean.

@Override
public <E extends PwmSessionBean> E getSessionBean(final PwmRequest pwmRequest, final Class<E> theClass) throws PwmUnrecoverableException {
    final Map<Class<? extends PwmSessionBean>, PwmSessionBean> sessionBeans = getRequestBeanMap(pwmRequest);
    if (sessionBeans.containsKey(theClass) && sessionBeans.get(theClass) != null) {
        return (E) sessionBeans.get(theClass);
    }
    final String sessionGuid = pwmRequest.getPwmSession().getLoginInfoBean().getGuid();
    final String cookieName = nameForClass(theClass);
    try {
        final String rawValue = pwmRequest.readCookie(cookieName);
        final PwmSecurityKey key = keyForSession(pwmRequest);
        final E cookieBean = pwmRequest.getPwmApplication().getSecureService().decryptObject(rawValue, key, theClass);
        if (validateCookie(pwmRequest, cookieName, cookieBean)) {
            sessionBeans.put(theClass, cookieBean);
            return cookieBean;
        }
    } catch (PwmException e) {
        LOGGER.debug(pwmRequest, "ignoring existing existing " + cookieName + " cookie bean due to error: " + e.getMessage());
    }
    final E newBean = SessionStateService.newBean(sessionGuid, theClass);
    sessionBeans.put(theClass, newBean);
    return newBean;
}
Also used : PwmException(password.pwm.error.PwmException) PwmSecurityKey(password.pwm.util.secure.PwmSecurityKey) PwmSessionBean(password.pwm.http.bean.PwmSessionBean)

Example 5 with PwmSessionBean

use of password.pwm.http.bean.PwmSessionBean in project pwm by pwm-project.

the class CryptoCookieBeanImpl method saveSessionBeans.

public void saveSessionBeans(final PwmRequest pwmRequest) {
    if (pwmRequest == null || pwmRequest.getPwmResponse().isCommitted()) {
        return;
    }
    try {
        if (pwmRequest != null && pwmRequest.getPwmResponse() != null) {
            final Map<Class<? extends PwmSessionBean>, PwmSessionBean> beansInRequest = getRequestBeanMap(pwmRequest);
            if (beansInRequest != null) {
                for (final Map.Entry<Class<? extends PwmSessionBean>, PwmSessionBean> entry : beansInRequest.entrySet()) {
                    final Class<? extends PwmSessionBean> theClass = entry.getKey();
                    final String cookieName = nameForClass(theClass);
                    final PwmSessionBean bean = entry.getValue();
                    if (bean == null) {
                        pwmRequest.getPwmResponse().removeCookie(cookieName, COOKIE_PATH);
                    } else {
                        final PwmSecurityKey key = keyForSession(pwmRequest);
                        final String encrytedValue = pwmRequest.getPwmApplication().getSecureService().encryptObjectToString(entry.getValue(), key);
                        pwmRequest.getPwmResponse().writeCookie(cookieName, encrytedValue, -1, COOKIE_PATH);
                    }
                }
            }
        }
    } catch (PwmUnrecoverableException e) {
        LOGGER.error(pwmRequest, "error writing cookie bean to response: " + e.getMessage(), e);
    }
}
Also used : PwmSecurityKey(password.pwm.util.secure.PwmSecurityKey) PwmSessionBean(password.pwm.http.bean.PwmSessionBean) PwmUnrecoverableException(password.pwm.error.PwmUnrecoverableException) HashMap(java.util.HashMap) Map(java.util.Map)

Aggregations

PwmSessionBean (password.pwm.http.bean.PwmSessionBean)6 HashMap (java.util.HashMap)3 Map (java.util.Map)3 PwmSecurityKey (password.pwm.util.secure.PwmSecurityKey)2 HttpSession (javax.servlet.http.HttpSession)1 PwmException (password.pwm.error.PwmException)1 PwmUnrecoverableException (password.pwm.error.PwmUnrecoverableException)1 SecureService (password.pwm.util.secure.SecureService)1