org.xdi.oxauth.service.SessionIdService クラス

org.xdi.oxauth.service.SessionIdService 連携図

公開メンバ関数
String	getAcr (SessionId session)
SessionId	assertAuthenticatedSessionCorrespondsToNewRequest (SessionId session, String acrValuesStr) throws AcrChangedException
void	reinitLogin (SessionId session, boolean force)
void	resetToStep (SessionId session, int resetToStep)
String	getSessionIdFromCookie (HttpServletRequest request)
String	getUmaSessionIdFromCookie (HttpServletRequest request)
String	getConsentSessionIdFromCookie (HttpServletRequest request)
String	getSessionIdFromCookie (HttpServletRequest request, String cookieName)
String	getSessionIdFromCookie ()
void	createSessionIdCookie (String sessionId, String sessionState, HttpServletResponse httpResponse, String cookieName)
void	createSessionIdCookie (String sessionId, String sessionState, HttpServletResponse httpResponse, boolean isUma)
void	createSessionIdCookie (String sessionId, String sessionState, boolean isUma)
void	createSessionStateCookie (String sessionState, HttpServletResponse httpResponse)
void	removeSessionIdCookie (HttpServletResponse httpResponse)
void	removeUmaSessionIdCookie (HttpServletResponse httpResponse)
void	removeConsentSessionIdCookie (HttpServletResponse httpResponse)
SessionId	getSessionId ()
Map< String, String >	getSessionAttributes (SessionId sessionId)
SessionId	generateAuthenticatedSessionId (HttpServletRequest httpRequest, String userDn)
SessionId	generateAuthenticatedSessionId (HttpServletRequest httpRequest, String userDn, String prompt)
SessionId	generateAuthenticatedSessionId (HttpServletRequest httpRequest, String userDn, Map< String, String > sessionIdAttributes)
SessionId	generateUnauthenticatedSessionId (String userDn)
SessionId	generateUnauthenticatedSessionId (String userDn, Date authenticationDate, SessionIdState state, Map< String, String > sessionIdAttributes, boolean persist)
SessionId	setSessionIdStateAuthenticated (HttpServletRequest httpRequest, SessionId sessionId, String p_userDn)
boolean	persistSessionId (final SessionId sessionId)
boolean	persistSessionId (final SessionId sessionId, boolean forcePersistence)
boolean	updateSessionId (final SessionId sessionId)
boolean	updateSessionId (final SessionId sessionId, boolean updateLastUsedAt)
boolean	updateSessionId (final SessionId sessionId, boolean updateLastUsedAt, boolean forceUpdate, boolean modified)
void	updateSessionIdIfNeeded (SessionId sessionId, boolean modified)
SessionId	getSessionById (String sessionId)
SessionId	getSessionId (String sessionId)
boolean	remove (SessionId sessionId)
void	remove (List< SessionId > list)
boolean	isSessionValid (SessionId sessionId)
boolean	isSessionIdAuthenticated ()
boolean	isSessionIdAuthenticated (SessionId sessionId)
boolean	isNotSessionIdAuthenticated ()
List< String >	acrValuesList (String acrValues)
void	refreshSessionId ()

静的公開変数類
static final String	SESSION_STATE_COOKIE_NAME = "session_state"
static final String	SESSION_ID_COOKIE_NAME = "session_id"
static final String	UMA_SESSION_ID_COOKIE_NAME = "uma_session_id"
static final String	CONSENT_SESSION_ID_COOKIE_NAME = "consent_session_id"
static final String	SESSION_CUSTOM_STATE = "session_custom_state"

非公開メンバ関数
Map< String, String >	getCurrentSessionAttributes (Map< String, String > sessionAttributes)
SessionId	generateAuthenticatedSessionId (HttpServletRequest httpRequest, String userDn, Date authenticationDate, Map< String, String > sessionIdAttributes, boolean persist)
SessionId	generateSessionId (String userDn, Date authenticationDate, SessionIdState state, Map< String, String > sessionIdAttributes, boolean persist)
Jwt	generateJwt (SessionId sessionId, String audience)
void	putInCache (SessionId sessionId)
SessionId	getFromCache (String sessionId)
SessionId	mergeWithRetry (final SessionId sessionId, int maxAttempts)
boolean	isPersisted (List< Prompt > prompts)
String	dn (String p_id)
String	getBaseDn ()
List< Prompt >	getPromptsFromSessionId (final SessionId sessionId)
void	auditLogging (SessionId sessionId)

非公開変数類
Logger	log
ExternalAuthenticationService	externalAuthenticationService
ExternalApplicationSessionService	externalApplicationSessionService
ApplicationAuditLogger	applicationAuditLogger
AppConfiguration	appConfiguration
StaticConfiguration	staticConfiguration
WebKeysConfiguration	webKeysConfiguration
FacesContext	facesContext
ExternalContext	externalContext
CacheService	cacheService
RequestParameterService	requestParameterService

詳解

著者

Yuriy Zabrovarnyy

Yuriy Movchan

Javier Rojas Blum

バージョン

August 9, 2017

関数詳解

acrValuesList()

List<String> org.xdi.oxauth.service.SessionIdService.acrValuesList ( String  acrValues )

inline

By definition we expects space separated acr values as it is defined in spec. But we also try maybe some client sent it to us as json array. So we try both.

戻り値

acr value list

                                                        {
        List<String> acrs;
        try {
            acrs = Util.jsonArrayStringAsList(acrValues);
        } catch (JSONException ex) {
            acrs = Util.splittedStringAsList(acrValues, " ");
        }

        return acrs;
    }

assertAuthenticatedSessionCorrespondsToNewRequest()

SessionId org.xdi.oxauth.service.SessionIdService.assertAuthenticatedSessionCorrespondsToNewRequest ( SessionId  session, String  acrValuesStr  ) throws AcrChangedException

inline

                                                                                                                                          {
        if (session != null && !session.getSessionAttributes().isEmpty() && session.getState() == SessionIdState.AUTHENTICATED) {

            final Map<String, String> sessionAttributes = session.getSessionAttributes();

            String sessionAcr = getAcr(session);

            if (StringUtils.isBlank(sessionAcr)) {
                log.error("Failed to fetch acr from session, attributes: " + sessionAttributes);
                return session;
            }

            List<String> acrValuesList = acrValuesList(acrValuesStr);
            boolean isAcrChanged = !acrValuesList.isEmpty() && !acrValuesList.contains(sessionAcr);
            if (isAcrChanged) {
                Map<String, Integer> acrToLevel = externalAuthenticationService.acrToLevelMapping();
                Integer sessionAcrLevel = acrToLevel.get(sessionAcr);

                for (String acrValue : acrValuesList) {
                        Integer currentAcrLevel = acrToLevel.get(acrValue);
        
                        log.info("Acr is changed. Session acr: " + sessionAcr + "(level: " + sessionAcrLevel + "), " +
                                "current acr: " + acrValue + "(level: " + currentAcrLevel + ")");

                        // Requested acr method not enabled
                        if (currentAcrLevel == null) {
                            throw new AcrChangedException(false);
                        }

                        if (sessionAcrLevel < currentAcrLevel) {
                            throw new AcrChangedException();
                        }
                }
                // https://github.com/GluuFederation/oxAuth/issues/291
                return session; // we don't want to reinit login because we have stronger acr (avoid overriding)
            }

            reinitLogin(session, false);
        }

        return session;
    }

auditLogging()

void org.xdi.oxauth.service.SessionIdService.auditLogging ( SessionId  sessionId )

inlineprivate

                                                   {
        HttpServletRequest httpServletRequest = ServerUtil.getRequestOrNull();
        if (httpServletRequest != null) {
            Action action;
            switch (sessionId.getState()) {
                case AUTHENTICATED:
                    action = Action.SESSION_AUTHENTICATED;
                    break;
                case UNAUTHENTICATED:
                    action = Action.SESSION_UNAUTHENTICATED;
                    break;
                default:
                    action = Action.SESSION_UNAUTHENTICATED;
            }
            OAuth2AuditLog oAuth2AuditLog = new OAuth2AuditLog(ServerUtil.getIpAddress(httpServletRequest), action);
            oAuth2AuditLog.setSuccess(true);
            applicationAuditLogger.sendMessage(oAuth2AuditLog);
        }
    }

createSessionIdCookie() [1/3]

void org.xdi.oxauth.service.SessionIdService.createSessionIdCookie ( String  sessionId, String  sessionState, HttpServletResponse  httpResponse, String  cookieName  )

inline

                                                                                                                                   {
        String header = cookieName + "=" + sessionId;
        header += "; Path=/";
        header += "; Secure";
        header += "; HttpOnly";

        Integer sessionStateLifetime = appConfiguration.getSessionIdLifetime();
        if (sessionStateLifetime != null && sessionStateLifetime > 0) {
            DateFormat formatter = new SimpleDateFormat("E, dd MMM yyyy HH:mm:ss Z");
            Calendar expirationDate = Calendar.getInstance();
            expirationDate.add(Calendar.SECOND, sessionStateLifetime);
            header += "; Expires=" + formatter.format(expirationDate.getTime()) + ";";
        }

        httpResponse.addHeader("Set-Cookie", header);

        createSessionStateCookie(sessionState, httpResponse);
    }

createSessionIdCookie() [2/3]

void org.xdi.oxauth.service.SessionIdService.createSessionIdCookie ( String  sessionId, String  sessionState, HttpServletResponse  httpResponse, boolean  isUma  )

inline

                                                                                                                              {
        String cookieName = isUma ? UMA_SESSION_ID_COOKIE_NAME : SESSION_ID_COOKIE_NAME;
        createSessionIdCookie(sessionId, sessionState, httpResponse, cookieName);
    }

createSessionIdCookie() [3/3]

void org.xdi.oxauth.service.SessionIdService.createSessionIdCookie ( String  sessionId, String  sessionState, boolean  isUma  )

inline

                                                                                            {
        try {
            final Object response = externalContext.getResponse();
            if (response instanceof HttpServletResponse) {
                final HttpServletResponse httpResponse = (HttpServletResponse) response;

                createSessionIdCookie(sessionId, sessionState, httpResponse, isUma);
            }
        } catch (Exception e) {
            log.error(e.getMessage(), e);
        }
    }

createSessionStateCookie()

void org.xdi.oxauth.service.SessionIdService.createSessionStateCookie ( String  sessionState, HttpServletResponse  httpResponse  )

inline

                                                                                                {
        // Create the special cookie header with secure flag but not HttpOnly because the session_state
        // needs to be read from the OP iframe using JavaScript
        String header = SESSION_STATE_COOKIE_NAME + "=" + sessionState;
        header += "; Path=/";
        header += "; Secure";

        Integer sessionStateLifetime = appConfiguration.getSessionIdLifetime();
        if (sessionStateLifetime != null && sessionStateLifetime > 0) {
            DateFormat formatter = new SimpleDateFormat("E, dd MMM yyyy HH:mm:ss Z");
            Calendar expirationDate = Calendar.getInstance();
            expirationDate.add(Calendar.SECOND, sessionStateLifetime);
            header += "; Expires=" + formatter.format(expirationDate.getTime()) + ";";
        }

        httpResponse.addHeader("Set-Cookie", header);
    }

dn()

String org.xdi.oxauth.service.SessionIdService.dn ( String  p_id )

inlineprivate

                                   {
        final String baseDn = getBaseDn();
        final StringBuilder sb = new StringBuilder();
        if (Util.allNotBlank(p_id, getBaseDn())) {
            sb.append("oxAuthSessionId=").append(p_id).append(",").append(baseDn);
        }
        return sb.toString();
    }

generateAuthenticatedSessionId() [1/4]

SessionId org.xdi.oxauth.service.SessionIdService.generateAuthenticatedSessionId ( HttpServletRequest  httpRequest, String  userDn  )

inline

                                                                                                   {
        return generateAuthenticatedSessionId(httpRequest, userDn, "");
    }

generateAuthenticatedSessionId() [2/4]

SessionId org.xdi.oxauth.service.SessionIdService.generateAuthenticatedSessionId ( HttpServletRequest  httpRequest, String  userDn, String  prompt  )

inline

                                                                                                                  {
        Map<String, String> sessionIdAttributes = new HashMap<String, String>();
        sessionIdAttributes.put("prompt", prompt);

        return generateAuthenticatedSessionId(httpRequest, userDn, new Date(), sessionIdAttributes, true);
    }

generateAuthenticatedSessionId() [3/4]

SessionId org.xdi.oxauth.service.SessionIdService.generateAuthenticatedSessionId ( HttpServletRequest  httpRequest, String  userDn, Map< String, String >  sessionIdAttributes  )

inline

                                                                                                                                            {
        return generateAuthenticatedSessionId(httpRequest, userDn, new Date(), sessionIdAttributes, true);
    }

generateAuthenticatedSessionId() [4/4]

SessionId org.xdi.oxauth.service.SessionIdService.generateAuthenticatedSessionId ( HttpServletRequest  httpRequest, String  userDn, Date  authenticationDate, Map< String, String >  sessionIdAttributes, boolean  persist  )

inlineprivate

                                                                                                                                                                                       {
        SessionId sessionId = generateSessionId(userDn, new Date(), SessionIdState.AUTHENTICATED, sessionIdAttributes, true);

        if (externalApplicationSessionService.isEnabled()) {
            String userName = sessionId.getSessionAttributes().get(Constants.AUTHENTICATED_USER);
            boolean externalResult = externalApplicationSessionService.executeExternalStartSessionMethods(httpRequest, sessionId);
            log.info("Start session result for '{}': '{}'", userName, "start", externalResult);
        }
        
        return sessionId;
    }

generateJwt()

Jwt org.xdi.oxauth.service.SessionIdService.generateJwt ( SessionId  sessionId, String  audience  )

inlineprivate

                                                                  {
        try {
            JwtSigner jwtSigner = new JwtSigner(appConfiguration, webKeysConfiguration, SignatureAlgorithm.RS512, audience);
            Jwt jwt = jwtSigner.newJwt();

            // claims
            jwt.getClaims().setClaim("id", sessionId.getId());
            jwt.getClaims().setClaim("authentication_time", sessionId.getAuthenticationTime());
            jwt.getClaims().setClaim("user_dn", sessionId.getUserDn());
            jwt.getClaims().setClaim("state", sessionId.getState() != null ?
                    sessionId.getState().getValue() : "");

            jwt.getClaims().setClaim("session_attributes", JwtSubClaimObject.fromMap(sessionId.getSessionAttributes()));

            jwt.getClaims().setClaim("last_used_at", sessionId.getLastUsedAt());
            jwt.getClaims().setClaim("permission_granted", sessionId.getPermissionGranted());
            jwt.getClaims().setClaim("permission_granted_map", JwtSubClaimObject.fromBooleanMap(sessionId.getPermissionGrantedMap().getPermissionGranted()));
            jwt.getClaims().setClaim("involved_clients_map", JwtSubClaimObject.fromBooleanMap(sessionId.getInvolvedClients().getPermissionGranted()));

            // sign
            return jwtSigner.sign();
        } catch (Exception e) {
            log.error("Failed to sign session jwt! " + e.getMessage(), e);
            throw new RuntimeException(e);
        }
    }

generateSessionId()

SessionId org.xdi.oxauth.service.SessionIdService.generateSessionId ( String  userDn, Date  authenticationDate, SessionIdState  state, Map< String, String >  sessionIdAttributes, boolean  persist  )

inlineprivate

                                                                                                                                                                {
        final String sid = UUID.randomUUID().toString();
        final String sessionState = UUID.randomUUID().toString();
        final String dn = dn(sid);

        if (StringUtils.isBlank(dn)) {
            return null;
        }

        if (SessionIdState.AUTHENTICATED == state) {
            if (StringUtils.isBlank(userDn)) {
                return null;
            }
        }

        final SessionId sessionId = new SessionId();
        sessionId.setId(sid);
        sessionId.setDn(dn);
        sessionId.setUserDn(userDn);
        sessionId.setSessionState(sessionState);

        Boolean sessionAsJwt = appConfiguration.getSessionAsJwt();
        sessionId.setIsJwt(sessionAsJwt != null && sessionAsJwt);

        if (authenticationDate != null) {
            sessionId.setAuthenticationTime(authenticationDate);
        }

        if (state != null) {
            sessionId.setState(state);
        }

        sessionId.setSessionAttributes(sessionIdAttributes);
        sessionId.setLastUsedAt(new Date());

        if (sessionId.getIsJwt()) {
            sessionId.setJwt(generateJwt(sessionId, userDn).asString());
        }

        boolean persisted = false;
        if (persist) {
            persisted = persistSessionId(sessionId);
        }

        auditLogging(sessionId);

        log.trace("Generated new session, id = '{}', state = '{}', asJwt = '{}', persisted = '{}'", sessionId.getId(), sessionId.getState(), sessionId.getIsJwt(), persisted);
        return sessionId;
    }

generateUnauthenticatedSessionId() [1/2]

SessionId org.xdi.oxauth.service.SessionIdService.generateUnauthenticatedSessionId ( String  userDn )

inline

                                                                     {
        Map<String, String> sessionIdAttributes = new HashMap<String, String>();
        return generateSessionId(userDn, new Date(), SessionIdState.UNAUTHENTICATED, sessionIdAttributes, true);
    }

generateUnauthenticatedSessionId() [2/2]

SessionId org.xdi.oxauth.service.SessionIdService.generateUnauthenticatedSessionId ( String  userDn, Date  authenticationDate, SessionIdState  state, Map< String, String >  sessionIdAttributes, boolean  persist  )

inline

                                                                                                                                                                              {
        return generateSessionId(userDn, authenticationDate, state, sessionIdAttributes, persist);
    }

getAcr()

String org.xdi.oxauth.service.SessionIdService.getAcr ( SessionId  session )

inline

                                            {
        if (session == null || session.getSessionAttributes() == null) {
            return null;
        }

        String acr = session.getSessionAttributes().get(JwtClaimName.AUTHENTICATION_CONTEXT_CLASS_REFERENCE);
        if (StringUtils.isBlank(acr)) {
            acr = session.getSessionAttributes().get("acr_values");
        }
        return acr;
    }

getBaseDn()

String org.xdi.oxauth.service.SessionIdService.getBaseDn ( )

inlineprivate

                               {
        return staticConfiguration.getBaseDn().getSessionId();
    }

getConsentSessionIdFromCookie()

String org.xdi.oxauth.service.SessionIdService.getConsentSessionIdFromCookie ( HttpServletRequest  request )

inline

                                                                            {
        return getSessionIdFromCookie(request, CONSENT_SESSION_ID_COOKIE_NAME);
    }

getCurrentSessionAttributes()

Map<String, String> org.xdi.oxauth.service.SessionIdService.getCurrentSessionAttributes ( Map< String, String >  sessionAttributes )

inlineprivate

                                                                                                   {
        // Update from request
        if (facesContext != null) {
            // Clone before replacing new attributes
            final Map<String, String> currentSessionAttributes = new HashMap<String, String>(sessionAttributes);

            Map<String, String> parameterMap = externalContext.getRequestParameterMap();
            Map<String, String> newRequestParameterMap = requestParameterService.getAllowedParameters(parameterMap);
            for (Entry<String, String> newRequestParameterMapEntry : newRequestParameterMap.entrySet()) {
                String name = newRequestParameterMapEntry.getKey();
                if (!StringHelper.equalsIgnoreCase(name, "auth_step")) {
                    currentSessionAttributes.put(name, newRequestParameterMapEntry.getValue());
                }
            }

            return currentSessionAttributes;
        } else {
            return sessionAttributes;
        }
    }

getFromCache()

SessionId org.xdi.oxauth.service.SessionIdService.getFromCache ( String  sessionId )

inlineprivate

                                                     {
        return (SessionId) cacheService.get(null, sessionId);
    }

getPromptsFromSessionId()

List<Prompt> org.xdi.oxauth.service.SessionIdService.getPromptsFromSessionId ( final SessionId  sessionId )

inlineprivate

                                                                            {
        String promptParam = sessionId.getSessionAttributes().get("prompt");
        return Prompt.fromString(promptParam, " ");
    }

getSessionAttributes()

Map<String, String> org.xdi.oxauth.service.SessionIdService.getSessionAttributes ( SessionId  sessionId )

inline

                                                                         {
        if (sessionId != null) {
            return sessionId.getSessionAttributes();
        }

        return null;
    }

getSessionById()

SessionId org.xdi.oxauth.service.SessionIdService.getSessionById ( String  sessionId )

inline

                                                      {
        return getFromCache(sessionId);
    }

getSessionId() [1/2]

SessionId org.xdi.oxauth.service.SessionIdService.getSessionId ( )

inline

                                    {
        String sessionId = getSessionIdFromCookie();

        if (StringHelper.isNotEmpty(sessionId)) {
            return getSessionId(sessionId);
        }

        return null;
    }

getSessionId() [2/2]

SessionId org.xdi.oxauth.service.SessionIdService.getSessionId ( String  sessionId )

inline

                                                    {
        if (StringHelper.isEmpty(sessionId)) {
            return null;
        }

        try {
            final SessionId entity = getSessionById(sessionId);
            log.trace("Try to get session by id: {} ...", sessionId);
            if (entity != null) {
                log.trace("Session dn: {}", entity.getDn());

                if (isSessionValid(entity)) {
                    return entity;
                }
            }
        } catch (Exception ex) {
            log.trace(ex.getMessage(), ex);
        }

        log.trace("Failed to get session by id: {}", sessionId);
        return null;
    }

getSessionIdFromCookie() [1/3]

String org.xdi.oxauth.service.SessionIdService.getSessionIdFromCookie ( HttpServletRequest  request )

inline

                                                                     {
        return getSessionIdFromCookie(request, SESSION_ID_COOKIE_NAME);
    }

getSessionIdFromCookie() [2/3]

String org.xdi.oxauth.service.SessionIdService.getSessionIdFromCookie ( HttpServletRequest  request, String  cookieName  )

inline

                                                                                        {
        try {
            final Cookie[] cookies = request.getCookies();
            if (cookies != null) {
                for (Cookie cookie : cookies) {
                    if (cookie.getName().equals(cookieName) /*&& cookie.getSecure()*/) {
                        log.trace("Found session_id cookie: '{}'", cookie.getValue());
                        return cookie.getValue();
                    }
                }
            }
        } catch (Exception e) {
            log.error(e.getMessage(), e);
        }
        return "";
    }

getSessionIdFromCookie() [3/3]

String org.xdi.oxauth.service.SessionIdService.getSessionIdFromCookie ( )

inline

                                           {
        try {
            if (facesContext == null) {
                return null;
            }
            final HttpServletRequest request = (HttpServletRequest) externalContext.getRequest();
            if (request != null) {
                return getSessionIdFromCookie(request);
            } else {
                log.error("Faces context returns null for http request object.");
            }
        } catch (Exception e) {
            log.error(e.getMessage(), e);
        }

        return null;
    }

getUmaSessionIdFromCookie()

String org.xdi.oxauth.service.SessionIdService.getUmaSessionIdFromCookie ( HttpServletRequest  request )

inline

                                                                        {
        return getSessionIdFromCookie(request, UMA_SESSION_ID_COOKIE_NAME);
    }

isNotSessionIdAuthenticated()

boolean org.xdi.oxauth.service.SessionIdService.isNotSessionIdAuthenticated ( )

inline

                                                 {
        return !isSessionIdAuthenticated();
    }

isPersisted()

boolean org.xdi.oxauth.service.SessionIdService.isPersisted ( List< Prompt >  prompts )

inlineprivate

                                                      {
        if (prompts != null && prompts.contains(Prompt.NONE)) {
            final Boolean persistOnPromptNone = appConfiguration.getSessionIdPersistOnPromptNone();
            return persistOnPromptNone != null && persistOnPromptNone;
        }
        return true;
    }

isSessionIdAuthenticated() [1/2]

boolean org.xdi.oxauth.service.SessionIdService.isSessionIdAuthenticated ( )

inline

                                              {
        SessionId sessionId = getSessionId();

        return isSessionIdAuthenticated(sessionId);
    }

isSessionIdAuthenticated() [2/2]

boolean org.xdi.oxauth.service.SessionIdService.isSessionIdAuthenticated ( SessionId  sessionId )

inline

                                                                     {
                if (sessionId == null) {
            return false;
        }

        SessionIdState sessionIdState = sessionId.getState();

        if (SessionIdState.AUTHENTICATED.equals(sessionIdState)) {
            return true;
        }

        return false;
        }

isSessionValid()

boolean org.xdi.oxauth.service.SessionIdService.isSessionValid ( SessionId  sessionId )

inline

                                                       {
        if (sessionId == null) {
            return false;
        }

        final long sessionInterval = TimeUnit.SECONDS.toMillis(appConfiguration.getSessionIdUnusedLifetime());
        final long sessionUnauthenticatedInterval = TimeUnit.SECONDS.toMillis(appConfiguration.getSessionIdUnauthenticatedUnusedLifetime());

        final long timeSinceLastAccess = System.currentTimeMillis() - sessionId.getLastUsedAt().getTime();
        if (timeSinceLastAccess > sessionInterval && appConfiguration.getSessionIdUnusedLifetime() != -1) {
            return false;
        }
        if (sessionId.getState() == SessionIdState.UNAUTHENTICATED && timeSinceLastAccess > sessionUnauthenticatedInterval && appConfiguration.getSessionIdUnauthenticatedUnusedLifetime() != -1) {
            return false;
        }

        return true;
    }

mergeWithRetry()

SessionId org.xdi.oxauth.service.SessionIdService.mergeWithRetry ( final SessionId  sessionId, int  maxAttempts  )

inlineprivate

                                                                                 {
        EntryPersistenceException lastException = null;
        for (int i = 1; i <= maxAttempts; i++) {
            try {
                putInCache(sessionId);
                return sessionId;
            } catch (EntryPersistenceException ex) {
                lastException = ex;
                if (ex.getCause() instanceof LDAPException) {
                    LDAPException parentEx = ((LDAPException) ex.getCause());
                    log.debug("LDAP exception resultCode: '{}'", parentEx.getResultCode().intValue());
                    if ((parentEx.getResultCode().intValue() == ResultCode.NO_SUCH_ATTRIBUTE_INT_VALUE) ||
                            (parentEx.getResultCode().intValue() == ResultCode.ATTRIBUTE_OR_VALUE_EXISTS_INT_VALUE)) {
                        log.warn("Session entry update attempt '{}' was unsuccessfull", i);
                        continue;
                    }
                }

                throw ex;
            }
        }

        log.error("Session entry update attempt was unsuccessfull after '{}' attempts", maxAttempts);
        throw lastException;
    }

persistSessionId() [1/2]

boolean org.xdi.oxauth.service.SessionIdService.persistSessionId ( final SessionId  sessionId )

inline

                                                               {
        return persistSessionId(sessionId, false);
    }

persistSessionId() [2/2]

boolean org.xdi.oxauth.service.SessionIdService.persistSessionId ( final SessionId  sessionId, boolean  forcePersistence  )

inline

                                                                                         {
        List<Prompt> prompts = getPromptsFromSessionId(sessionId);

        try {
            final int unusedLifetime = appConfiguration.getSessionIdUnusedLifetime();
            if ((unusedLifetime > 0 && isPersisted(prompts)) || forcePersistence) {
                sessionId.setLastUsedAt(new Date());

                sessionId.setPersisted(true);
                log.trace("sessionIdAttributes: " + sessionId.getPermissionGrantedMap());
                putInCache(sessionId);
                return true;
            }
        } catch (Exception e) {
            log.error(e.getMessage(), e);
        }

        return false;
    }

putInCache()

void org.xdi.oxauth.service.SessionIdService.putInCache ( SessionId  sessionId )

inlineprivate

                                                 {
        int expirationInSeconds = sessionId.getState() == SessionIdState.UNAUTHENTICATED ?
                appConfiguration.getSessionIdUnauthenticatedUnusedLifetime() :
                appConfiguration.getSessionIdLifetime() != null && appConfiguration.getSessionIdLifetime() > 0 ? appConfiguration.getSessionIdLifetime() : Integer.MAX_VALUE; // we don't know for how long we can put it in cache since expiration is not set for session id, so we set it to max integer.
        cacheService.put(Integer.toString(expirationInSeconds), sessionId.getId(), sessionId); // first parameter is expiration instead of region for memcached
    }

refreshSessionId()

void org.xdi.oxauth.service.SessionIdService.refreshSessionId ( )

inline

                                   {
        SessionId sessionId = getSessionId();
        if (sessionId != null) {
            updateSessionId(sessionId, true, true, true);
        }
    }

reinitLogin()

void org.xdi.oxauth.service.SessionIdService.reinitLogin ( SessionId  session, boolean  force  )

inline

                                                              {
        final Map<String, String> sessionAttributes = session.getSessionAttributes();
        final Map<String, String> currentSessionAttributes = getCurrentSessionAttributes(sessionAttributes);
        if (force || !currentSessionAttributes.equals(sessionAttributes)) {
            sessionAttributes.putAll(currentSessionAttributes);

            // Reinit login
            sessionAttributes.put("c", "1");

            for (Iterator<Entry<String, String>> it = currentSessionAttributes.entrySet().iterator(); it.hasNext(); ) {
                Entry<String, String> currentSessionAttributesEntry = it.next();
                String name = currentSessionAttributesEntry.getKey();
                if (name.startsWith("auth_step_passed_")) {
                    it.remove();
                }
            }

            session.setSessionAttributes(currentSessionAttributes);

            boolean updateResult = updateSessionId(session, true, true, true);
            if (!updateResult) {
                log.debug("Failed to update session entry: '{}'", session.getId());
            }
        }
    }

remove() [1/2]

boolean org.xdi.oxauth.service.SessionIdService.remove ( SessionId  sessionId )

inline

                                               {
        try {
            cacheService.remove(null, sessionId.getId());
        } catch (Exception e) {
            log.error(e.getMessage(), e);

            return false;
        }
        return true;
    }

remove() [2/2]

void org.xdi.oxauth.service.SessionIdService.remove ( List< SessionId >  list )

inline

                                             {
        for (SessionId id : list) {
            try {
                remove(id);
            } catch (Exception e) {
                log.error("Failed to remove entry", e);
            }
        }
    }

removeConsentSessionIdCookie()

void org.xdi.oxauth.service.SessionIdService.removeConsentSessionIdCookie ( HttpServletResponse  httpResponse )

inline

                                                                               {
        final Cookie cookie = new Cookie(CONSENT_SESSION_ID_COOKIE_NAME, null); // Not necessary, but saves bandwidth.
        cookie.setPath("/");
        cookie.setMaxAge(0); // Don't set to -1 or it will become a session cookie!
        httpResponse.addCookie(cookie);
    }

removeSessionIdCookie()

void org.xdi.oxauth.service.SessionIdService.removeSessionIdCookie ( HttpServletResponse  httpResponse )

inline

                                                                        {
        final Cookie cookie = new Cookie(SESSION_ID_COOKIE_NAME, null); // Not necessary, but saves bandwidth.
        cookie.setPath("/");
        cookie.setMaxAge(0); // Don't set to -1 or it will become a session cookie!
        httpResponse.addCookie(cookie);
    }

removeUmaSessionIdCookie()

void org.xdi.oxauth.service.SessionIdService.removeUmaSessionIdCookie ( HttpServletResponse  httpResponse )

inline

                                                                           {
        final Cookie cookie = new Cookie(UMA_SESSION_ID_COOKIE_NAME, null); // Not necessary, but saves bandwidth.
        cookie.setPath("/");
        cookie.setMaxAge(0); // Don't set to -1 or it will become a session cookie!
        httpResponse.addCookie(cookie);
    }

resetToStep()

void org.xdi.oxauth.service.SessionIdService.resetToStep ( SessionId  session, int  resetToStep  )

inline

                                                                {
        final Map<String, String> sessionAttributes = session.getSessionAttributes();

        int currentStep = 1;
        if (sessionAttributes.containsKey("auth_step")) {
            currentStep = StringHelper.toInteger(sessionAttributes.get("auth_step"), currentStep);
        }

        for (int i = resetToStep; i <= currentStep; i++) {
            String key = String.format("auth_step_passed_%d", i);
            sessionAttributes.remove(key);
        }

        sessionAttributes.put("auth_step", String.valueOf(resetToStep));

        boolean updateResult = updateSessionId(session, true, true, true);
        if (!updateResult) {
            log.debug("Failed to update session entry: '{}'", session.getId());
        }
    }

setSessionIdStateAuthenticated()

SessionId org.xdi.oxauth.service.SessionIdService.setSessionIdStateAuthenticated ( HttpServletRequest  httpRequest, SessionId  sessionId, String  p_userDn  )

inline

                                                                                                                          {
        sessionId.setUserDn(p_userDn);
        sessionId.setAuthenticationTime(new Date());
        sessionId.setState(SessionIdState.AUTHENTICATED);

        boolean persisted = updateSessionId(sessionId, true, true, true);

        auditLogging(sessionId);
        log.trace("Authenticated session, id = '{}', state = '{}', persisted = '{}'", sessionId.getId(), sessionId.getState(), persisted);

        if (externalApplicationSessionService.isEnabled()) {
            String userName = sessionId.getSessionAttributes().get(Constants.AUTHENTICATED_USER);
            boolean externalResult = externalApplicationSessionService.executeExternalStartSessionMethods(httpRequest, sessionId);
            log.info("Start session result for '{}': '{}'", userName, "start", externalResult);
        }
        
        return sessionId;
    }

updateSessionId() [1/3]

boolean org.xdi.oxauth.service.SessionIdService.updateSessionId ( final SessionId  sessionId )

inline

                                                              {
        return updateSessionId(sessionId, true);
    }

updateSessionId() [2/3]

boolean org.xdi.oxauth.service.SessionIdService.updateSessionId ( final SessionId  sessionId, boolean  updateLastUsedAt  )

inline

                                                                                        {
        return updateSessionId(sessionId, updateLastUsedAt, false, true);
    }

updateSessionId() [3/3]

boolean org.xdi.oxauth.service.SessionIdService.updateSessionId ( final SessionId  sessionId, boolean  updateLastUsedAt, boolean  forceUpdate, boolean  modified  )

inline

                                                                                                                               {
        List<Prompt> prompts = getPromptsFromSessionId(sessionId);

        try {
            final int unusedLifetime = appConfiguration.getSessionIdUnusedLifetime();
            if ((unusedLifetime > 0 && isPersisted(prompts)) || forceUpdate) {
                boolean update = modified;

                if (updateLastUsedAt) {
                    Date lastUsedAt = new Date();
                    if (sessionId.getLastUsedAt() != null) {
                        long diff = lastUsedAt.getTime() - sessionId.getLastUsedAt().getTime();
                        if (diff > 500) { // update only if diff is more than 500ms
                            update = true;
                            sessionId.setLastUsedAt(lastUsedAt);
                        }
                    } else {
                        update = true;
                        sessionId.setLastUsedAt(lastUsedAt);
                    }
                }

                if (!sessionId.isPersisted()) {
                    update = true;
                    sessionId.setPersisted(true);
                }

                if (sessionId.getAuthenticationTime() != null) {
                    final long currentLifetimeInSeconds = (System.currentTimeMillis() - sessionId.getAuthenticationTime().getTime()) / 1000;
                    if (appConfiguration.getSessionIdLifetime() != null && appConfiguration.getSessionIdLifetime() > 0) {
                        if (currentLifetimeInSeconds > appConfiguration.getSessionIdLifetime()) {
                            log.debug("Session id expired: {}, remove it.", sessionId.getId());
                            remove(sessionId); // expired
                            update = false;
                        }
                    } else {
                        log.debug("Session id lifetime configuration is null.");
                    }
                }

                if (update) {
                    mergeWithRetry(sessionId, 3);
                }
            }
        } catch (Exception e) {
            log.error(e.getMessage(), e);
            return false;
        }

        return true;
    }

updateSessionIdIfNeeded()

void org.xdi.oxauth.service.SessionIdService.updateSessionIdIfNeeded ( SessionId  sessionId, boolean  modified  )

inline

                                                                               {
        updateSessionId(sessionId, true, false, modified);
    }

メンバ詳解

appConfiguration

AppConfiguration org.xdi.oxauth.service.SessionIdService.appConfiguration

private

applicationAuditLogger

ApplicationAuditLogger org.xdi.oxauth.service.SessionIdService.applicationAuditLogger

private

cacheService

CacheService org.xdi.oxauth.service.SessionIdService.cacheService

private

CONSENT_SESSION_ID_COOKIE_NAME

final String org.xdi.oxauth.service.SessionIdService.CONSENT_SESSION_ID_COOKIE_NAME = "consent_session_id"

static

externalApplicationSessionService

ExternalApplicationSessionService org.xdi.oxauth.service.SessionIdService.externalApplicationSessionService

private

externalAuthenticationService

ExternalAuthenticationService org.xdi.oxauth.service.SessionIdService.externalAuthenticationService

private

externalContext

ExternalContext org.xdi.oxauth.service.SessionIdService.externalContext

private

facesContext

FacesContext org.xdi.oxauth.service.SessionIdService.facesContext

private

log

Logger org.xdi.oxauth.service.SessionIdService.log

private

requestParameterService

RequestParameterService org.xdi.oxauth.service.SessionIdService.requestParameterService

private

SESSION_CUSTOM_STATE

final String org.xdi.oxauth.service.SessionIdService.SESSION_CUSTOM_STATE = "session_custom_state"

static

SESSION_ID_COOKIE_NAME

final String org.xdi.oxauth.service.SessionIdService.SESSION_ID_COOKIE_NAME = "session_id"

static

SESSION_STATE_COOKIE_NAME

final String org.xdi.oxauth.service.SessionIdService.SESSION_STATE_COOKIE_NAME = "session_state"

static

staticConfiguration

StaticConfiguration org.xdi.oxauth.service.SessionIdService.staticConfiguration

private

UMA_SESSION_ID_COOKIE_NAME

final String org.xdi.oxauth.service.SessionIdService.UMA_SESSION_ID_COOKIE_NAME = "uma_session_id"

static

webKeysConfiguration

WebKeysConfiguration org.xdi.oxauth.service.SessionIdService.webKeysConfiguration

private

---

このクラス詳解は次のファイルから抽出されました:

• D:/AppData/OpenId/gluu/src/oxAuth/Server/src/main/java/org/xdi/oxauth/service/SessionIdService.java