com.sun.identity.plugin.session.impl

Class FMSessionProvider

java.lang.Object

com.sun.identity.plugin.session.impl.FMSessionProvider

All Implemented Interfaces:

SessionProvider

public class FMSessionProvider
extends Object
implements SessionProvider

Used for creating sessions, and for accessing session information.

Field Summary

Fields

Modifier and Type	Field and Description
static String	RANDOM_SECRET This constant string is used both in this class and in the Federation Auth Module implementationt to specify the name of the random secret call back.

Fields inherited from interface com.sun.identity.plugin.session.SessionProvider

ATTR_MAP, AUTH_INSTANT, AUTH_LEVEL, AUTH_METHOD, HOST, HOST_NAME, PRINCIPAL_NAME, REALM

Constructor Summary

Constructors

Constructor and Description
FMSessionProvider() Default Constructor

Method Summary

Modifier and Type	Method and Description
void	addListener(Object session, SessionListener listener) Registers a listener for the session.
Object	createSession(Map info, javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, StringBuffer targetApplication) Meaningful only for SP side, the implementation of this method will create a local session for the local user identified by the information in the map.
String	getPrincipalName(Object session) Returns princiapl name, or user name given the session object.
String[]	getProperty(Object session, String name) Retrieves a property from the session object.
Object	getSession(javax.servlet.http.HttpServletRequest request) May be used by both SP and IDP side for getting an existing session given a browser initiated HTTP request.
Object	getSession(String sessionID) May be used by both SP and IDP side for getting an existing session given an session ID.
String	getSessionID(Object session) The returned session ID should be unique and not change during the lifetime of this session.
long	getTimeLeft(Object session) Returns the time left for this session in seconds.
void	invalidateSession(Object session, javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response) May be used by both SP and IDP side to invalidate a session.
boolean	isValid(Object session) Indicates whether the session is still valid.
static boolean	matchSecret(String secret) Indicates whether a secret originally comes from this class or not
String	rewriteURL(Object session, String URL) Returns rewritten URL.
void	setLoadBalancerCookie(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response) Sets a load balancer cookie in the suppled HTTP response.
void	setProperty(Object session, String name, String[] values) Stores a property in the session object.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

RANDOM_SECRET

public static final String RANDOM_SECRET

This constant string is used both in this class and in the Federation Auth Module implementationt to specify the name of the random secret call back.

See Also:

Constant Field Values

Constructor Detail

FMSessionProvider

public FMSessionProvider()

Default Constructor

Method Detail

matchSecret

public static boolean matchSecret(String secret)

Indicates whether a secret originally comes from this class or not

Parameters:

secret - the secret string to be matched

Returns:

true if there is a match, false otherwise

createSession

public Object createSession(Map info,
                            javax.servlet.http.HttpServletRequest request,
                            javax.servlet.http.HttpServletResponse response,
                            StringBuffer targetApplication)
                     throws SessionException

Meaningful only for SP side, the implementation of this method will create a local session for the local user identified by the information in the map. The underline mechanism of the session creation and management is application specific. For example, it could be cookie setting or url rewriting, which is expected to be done by the implementation of this method. Note that only the first input parameter is mandatory. Normally, at least one of the last two parameters should not be null

Specified by:

createSession in interface SessionProvider

Parameters:

info - a Map with keys and values being of type String; The keys will include "principalName" (returned from SPAccountMapper), "realm", "authLevel", and may include "resourceOffering" and/or "idpEntityID"; The implementation of this method could choose to set some of the information contained in the map into the newly created Session by calling setProperty(), later the target application may consume the information.

request - the HttpServletRequest the user made to initiate the SSO.

response - the HttpServletResponse that will be sent to the user (for example it could be used to set a cookie).

targetApplication - the original resource that was requested as the target of the SSO by the end user; If needed, this String could be modified, e.g., by appending query string(s) or by url rewriting, hence this is an in/out parameter.

Returns:

the newly created local user session.

Throws:

SessionException - if an error occurred during session creation.

setLoadBalancerCookie

public void setLoadBalancerCookie(javax.servlet.http.HttpServletRequest request,
                                  javax.servlet.http.HttpServletResponse response)

Sets a load balancer cookie in the suppled HTTP response. The load balancer cookie's value is set per server instance and is used to support sticky load balancing.

Specified by:

setLoadBalancerCookie in interface SessionProvider

Parameters:

request - The HTTP request.

response - the HttpServletResponse that will be sent to the user.

getSession

public Object getSession(String sessionID)
                  throws SessionException

May be used by both SP and IDP side for getting an existing session given an session ID.

Specified by:

getSession in interface SessionProvider

Parameters:

sessionID - the unique session handle.

Returns:

the corresponding session object.

Throws:

SessionException - if an error occurred during session retrieval.

getSession

public Object getSession(javax.servlet.http.HttpServletRequest request)
                  throws SessionException

May be used by both SP and IDP side for getting an existing session given a browser initiated HTTP request.

Specified by:

getSession in interface SessionProvider

Parameters:

request - the browser initiated HTTP request.

Returns:

the corresponding session object.

Throws:

SessionException - if an error occurred during session retrieval.

invalidateSession

public void invalidateSession(Object session,
                              javax.servlet.http.HttpServletRequest request,
                              javax.servlet.http.HttpServletResponse response)
                       throws SessionException

May be used by both SP and IDP side to invalidate a session. In case of SLO with SOAP, the last two input parameters would have to be null

Specified by:

invalidateSession in interface SessionProvider

Parameters:

session - the session to be invalidated

request - the browser initiated HTTP request.

response - the HTTP response going back to browser.

Throws:

SessionException - if an error occurred during session retrieval.

isValid

public boolean isValid(Object session)
                throws SessionException

Indicates whether the session is still valid. This is useful for toolkit clean-up thread.

Specified by:

isValid in interface SessionProvider

Parameters:

session - Session object

Returns:

boolean value indicating whether the session is still valid

Throws:

SessionException

getSessionID

public String getSessionID(Object session)

The returned session ID should be unique and not change during the lifetime of this session.

Specified by:

getSessionID in interface SessionProvider

Returns:

session ID.

getPrincipalName

public String getPrincipalName(Object session)
                        throws SessionException

Returns princiapl name, or user name given the session object.

Specified by:

getPrincipalName in interface SessionProvider

Parameters:

session - Session object.

Returns:

principal name, or user name.

Throws:

SessionException - if this operation causes an error.

getTimeLeft

public long getTimeLeft(Object session)
                 throws SessionException

Description copied from interface: SessionProvider

Returns the time left for this session in seconds.

Specified by:

getTimeLeft in interface SessionProvider

Parameters:

session - Session object.

Returns:

The time left for this session.

Throws:

SessionException

setProperty

public void setProperty(Object session,
                        String name,
                        String[] values)
                 throws SessionException

Stores a property in the session object.

Specified by:

setProperty in interface SessionProvider

Parameters:

session - the session object.

name - the property name.

values - the property values.

Throws:

SessionException - if setting the property causes an error.

getProperty

public String[] getProperty(Object session,
                            String name)
                     throws SessionException

Retrieves a property from the session object.

Specified by:

getProperty in interface SessionProvider

Parameters:

session - the session object.

name - the property name.

Returns:

the property values.

Throws:

SessionException - if getting the property causes an error.

rewriteURL

public String rewriteURL(Object session,
                         String URL)
                  throws SessionException

Description copied from interface: SessionProvider

Returns rewritten URL. Rewrites an URL with session information in case cookie setting is not supported.

Specified by:

rewriteURL in interface SessionProvider

Parameters:

session - the session object.

URL - the URL to be rewritten.

Returns:

the rewritten URL.

Throws:

SessionException - if rewritting the URL causes an error.

addListener

public void addListener(Object session,
                        SessionListener listener)
                 throws SessionException

Registers a listener for the session. If the provided session does not support listeners, calling this method will throw SessionException.

Specified by:

addListener in interface SessionProvider

Parameters:

session - the session object.

listener - listener for the session invalidation event.

Throws:

SessionException - if adding the listener caused an error.