Package net.shibboleth.idp.session.impl
Class StorageBackedIdPSession
java.lang.Object
net.shibboleth.idp.session.AbstractIdPSession
net.shibboleth.idp.session.impl.StorageBackedIdPSession
- All Implemented Interfaces:
IdPSession,Component,IdentifiedComponent
Implementation of
IdPSession for use with StorageBackedSessionManager.-
Nested Class Summary
Nested classes/interfaces inherited from class net.shibboleth.idp.session.AbstractIdPSession
AbstractIdPSession.AddressFamily -
Field Summary
FieldsModifier and TypeFieldDescriptionprivate final org.slf4j.LoggerClass logger.private final StorageBackedSessionManagerBack-reference to parent instance.private longStorage version used to synchronize changes.Fields inherited from interface net.shibboleth.idp.session.IdPSession
MDC_ATTRIBUTE -
Constructor Summary
ConstructorsConstructorDescriptionStorageBackedIdPSession(StorageBackedSessionManager manager, String sessionId, String canonicalName, Instant creationTime) Constructor. -
Method Summary
Modifier and TypeMethodDescriptionAdd a newAuthenticationResultto this IdP session, replacing any existing result of the same flow ID.addSPSession(SPSession spSession) Add a new SP session to this IdP session, replacing any existing session for the same service.voidbindToAddress(String address) Associate an address with this session.booleancheckAddress(String address) Test the session's validity based on the supplied client address, possibly binding it to the session if appropriate.booleanTest the session's validity based on inactivity, while updating the last activity time.getAuthenticationResult(String flowId) Get an associatedAuthenticationResultgiven its flow ID.protected Map<String,Optional<AuthenticationResult>> Accessor for the underlyingAuthenticationResultmap maintained with the IdP session.Get the unmodifiable set ofAuthenticationResults associated with this session.getSPSession(String serviceId) Get the SPSession for a given service.Accessor for the underlyingSPSessionmap maintained with the IdP session.Gets the unmodifiable collection of service sessions associated with this session.private StringgetSPSessionStorageKey(String serviceId) Convert a service identifier into a suitable key for the underlying storage service.protected longGet the record version.private AuthenticationResultLoads anAuthenticationResultrecord from storage and deserializes it using the object attached to the correspondingAuthenticationFlowDescriptor.private SPSessionloadSPSessionFromStorage(String serviceId) Loads aSPSessionrecord from storage and deserializes it using the object registered in the attachedSPSessionSerializerRegistry.booleanDisassociate anAuthenticationResultfrom this IdP session.booleanremoveSPSession(SPSession spSession) Disassociate the given SP session from this IdP session.private booleanSaves anAuthenticationResultrecord to storage, serializing it using the object attached to the correspondingAuthenticationFlowDescriptor.private booleansaveSPSessionToStorage(SPSession session) Saves aSPSessionrecord to storage.voidsetLastActivityInstant(Instant instant) Set the last activity instant for the session.protected voidsetVersion(long ver) Set the record version.voidUpdate the recorded activity timestamp for anAuthenticationResultassociated with this session.private booleanUpdate the primary session record based on the current contents of this object.Methods inherited from class net.shibboleth.idp.session.AbstractIdPSession
doAddAuthenticationResult, doAddSPSession, doBindToAddress, doRemoveAuthenticationResult, doRemoveSPSession, doSetLastActivityInstant, equals, getAddress, getAddressFamily, getCreationInstant, getId, getLastActivityInstant, getPrincipalName, hashCode, toString
-
Field Details
-
log
@Nonnull private final org.slf4j.Logger logClass logger. -
sessionManager
Back-reference to parent instance. -
version
private long versionStorage version used to synchronize changes.
-
-
Constructor Details
-
StorageBackedIdPSession
public StorageBackedIdPSession(@Nonnull StorageBackedSessionManager manager, @Nonnull @NotEmpty String sessionId, @Nonnull @NotEmpty String canonicalName, @Nonnull Instant creationTime) Constructor.- Parameters:
manager- parent SessionManager instancesessionId- unique ID of sessioncanonicalName- canonical name of session subjectcreationTime- creation time of session
-
-
Method Details
-
setLastActivityInstant
Set the last activity instant for the session.- Overrides:
setLastActivityInstantin classAbstractIdPSession- Parameters:
instant- last activity instant for the session- Throws:
SessionException- if an error occurs updating the session
-
checkAddress
Test the session's validity based on the supplied client address, possibly binding it to the session if appropriate.- Specified by:
checkAddressin interfaceIdPSession- Overrides:
checkAddressin classAbstractIdPSession- Parameters:
address- client address for validation- Returns:
- true iff the session is valid for the specified client address
- Throws:
SessionException- if an error occurs binding the address to the session
-
bindToAddress
Associate an address with this session.- Overrides:
bindToAddressin classAbstractIdPSession- Parameters:
address- the address to associate- Throws:
SessionException- if an error occurs binding the address to the session
-
getAuthenticationResults
@Nonnull @NonnullElements @NotLive @Unmodifiable public Set<AuthenticationResult> getAuthenticationResults()Get the unmodifiable set ofAuthenticationResults associated with this session.- Specified by:
getAuthenticationResultsin interfaceIdPSession- Overrides:
getAuthenticationResultsin classAbstractIdPSession- Returns:
- unmodifiable set of results
-
getAuthenticationResult
Get an associatedAuthenticationResultgiven its flow ID.- Specified by:
getAuthenticationResultin interfaceIdPSession- Overrides:
getAuthenticationResultin classAbstractIdPSession- Parameters:
flowId- the ID of theAuthenticationResult- Returns:
- the authentication result, or null
-
addAuthenticationResult
@Nullable public AuthenticationResult addAuthenticationResult(@Nonnull AuthenticationResult result) throws SessionException Add a newAuthenticationResultto this IdP session, replacing any existing result of the same flow ID.- Specified by:
addAuthenticationResultin interfaceIdPSession- Overrides:
addAuthenticationResultin classAbstractIdPSession- Parameters:
result- the result to add- Returns:
- a previously existing result replaced by the new one, if any
- Throws:
SessionException- if an error occurs updating the session
-
updateAuthenticationResultActivity
public void updateAuthenticationResultActivity(@Nonnull AuthenticationResult result) throws SessionException Update the recorded activity timestamp for anAuthenticationResultassociated with this session.- Parameters:
result- the result to update- Throws:
SessionException- if an error occurs updating the session
-
removeAuthenticationResult
public boolean removeAuthenticationResult(@Nonnull AuthenticationResult result) throws SessionException Disassociate anAuthenticationResultfrom this IdP session.- Specified by:
removeAuthenticationResultin interfaceIdPSession- Overrides:
removeAuthenticationResultin classAbstractIdPSession- Parameters:
result- the result to disassociate- Returns:
- true iff the given result had been associated with this IdP session and now is not
- Throws:
SessionException- if an error occurs accessing the session
-
getSPSessions
Gets the unmodifiable collection of service sessions associated with this session.- Specified by:
getSPSessionsin interfaceIdPSession- Overrides:
getSPSessionsin classAbstractIdPSession- Returns:
- unmodifiable collection of service sessions associated with this session
-
getSPSession
Get the SPSession for a given service.- Specified by:
getSPSessionin interfaceIdPSession- Overrides:
getSPSessionin classAbstractIdPSession- Parameters:
serviceId- ID of the service- Returns:
- the session service or null if no session exists for that service, may be null
-
addSPSession
Add a new SP session to this IdP session, replacing any existing session for the same service.- Specified by:
addSPSessionin interfaceIdPSession- Overrides:
addSPSessionin classAbstractIdPSession- Parameters:
spSession- the SP session- Returns:
- a previously existing SPSession replaced by the new one, if any
- Throws:
SessionException- if an error occurs accessing the session
-
removeSPSession
Disassociate the given SP session from this IdP session.- Specified by:
removeSPSessionin interfaceIdPSession- Overrides:
removeSPSessionin classAbstractIdPSession- Parameters:
spSession- the SP session- Returns:
- true iff the given SP session had been associated with this IdP session and now is not
- Throws:
SessionException- if an error occurs accessing the SP session
-
checkTimeout
Test the session's validity based on inactivity, while updating the last activity time.- Specified by:
checkTimeoutin interfaceIdPSession- Overrides:
checkTimeoutin classAbstractIdPSession- Returns:
- true iff the session is still valid
- Throws:
SessionException- if an error occurs updating the activity time
-
getVersion
protected long getVersion()Get the record version.- Returns:
- current version of the storage record
-
setVersion
protected void setVersion(long ver) Set the record version.- Parameters:
ver- version to set
-
getAuthenticationResultMap
@Nonnull @NonnullElements @Live protected Map<String,Optional<AuthenticationResult>> getAuthenticationResultMap()Accessor for the underlyingAuthenticationResultmap maintained with the IdP session.- Overrides:
getAuthenticationResultMapin classAbstractIdPSession- Returns:
- direct access to the result map
-
getSPSessionMap
Accessor for the underlyingSPSessionmap maintained with the IdP session.- Overrides:
getSPSessionMapin classAbstractIdPSession- Returns:
- direct access to the service session map
-
loadAuthenticationResultFromStorage
@Nullable private AuthenticationResult loadAuthenticationResultFromStorage(@Nonnull @NotEmpty String flowId) throws IOException Loads anAuthenticationResultrecord from storage and deserializes it using the object attached to the correspondingAuthenticationFlowDescriptor.- Parameters:
flowId- ID of result/flow to load- Returns:
- the stored result, or null if the record is missing or unusable
- Throws:
IOException- if a possibly transitory storage-related error occurs
-
saveAuthenticationResultToStorage
private boolean saveAuthenticationResultToStorage(@Nonnull AuthenticationResult result) throws IOException Saves anAuthenticationResultrecord to storage, serializing it using the object attached to the correspondingAuthenticationFlowDescriptor.- Parameters:
result- the object to store- Returns:
- true iff the record was successfully saved
- Throws:
IOException- if a possibly transitory storage-related error occurs
-
loadSPSessionFromStorage
@Nullable private SPSession loadSPSessionFromStorage(@Nonnull @NotEmpty String serviceId) throws IOException Loads aSPSessionrecord from storage and deserializes it using the object registered in the attachedSPSessionSerializerRegistry.- Parameters:
serviceId- ID of service for session to load- Returns:
- the stored session, or null if the record is missing or unusable
- Throws:
IOException- if a possibly transitory storage-related error occurs
-
saveSPSessionToStorage
Saves aSPSessionrecord to storage.- Parameters:
session- the object to store- Returns:
- true iff the record was successfully saved
- Throws:
IOException- if a possibly transitory storage-related error occurs
-
getSPSessionStorageKey
Convert a service identifier into a suitable key for the underlying storage service.- Parameters:
serviceId- the service identifier- Returns:
- an appropriately sized storage key
-
writeToStorage
Update the primary session record based on the current contents of this object.- Returns:
- true iff the update succeeds, false iff a version mismatch resulted in overwrite of this object
- Throws:
IOException- if an error occurs trying to perform an update
-