edu.internet2.middleware.shibboleth.idp.session
Class IdPSessionFilter

java.lang.Object
  extended by edu.internet2.middleware.shibboleth.idp.session.IdPSessionFilter
All Implemented Interfaces:
javax.servlet.Filter

public class IdPSessionFilter
extends Object
implements javax.servlet.Filter

A filter that adds the current users Session the request, if the user has a session.


Field Summary
private  boolean consistentAddress
          Whether the client must always come back from the same address.
private  String cookieDomain
          Non-default cookie domain, if set.
private  org.slf4j.Logger log
          Class Logger.
private  SessionManager<Session> sessionManager
          IdP session manager.
 
Constructor Summary
IdPSessionFilter()
           
 
Method Summary
 void destroy()
          
 void doFilter(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response, javax.servlet.FilterChain filterChain)
          
protected  javax.servlet.http.Cookie getIdPSessionCookie(javax.servlet.http.HttpServletRequest httpRequest)
          Gets the IdP session cookie from the current request, if the user currently has a session.
protected  Session getUserSession(javax.servlet.http.Cookie sessionCookie, javax.servlet.http.HttpServletRequest httpRequest, javax.servlet.http.HttpServletResponse httpResponse)
          Gets the user session associated with a session cookie.
 void init(javax.servlet.FilterConfig filterConfig)
          
protected  boolean isCookieValid(javax.servlet.http.HttpServletRequest httpRequest, javax.servlet.http.HttpServletResponse httpResponse, byte[] v4AddressBytes, byte[] v6AddressBytes, byte[] sessionIdBytes, byte[] signatureBytes, byte[] sessionSecret)
          Validates the session cookie.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

log

private final org.slf4j.Logger log
Class Logger.


cookieDomain

private String cookieDomain
Non-default cookie domain, if set.


consistentAddress

private boolean consistentAddress
Whether the client must always come back from the same address.


sessionManager

private SessionManager<Session> sessionManager
IdP session manager.

Constructor Detail

IdPSessionFilter

public IdPSessionFilter()
Method Detail

destroy

public void destroy()

Specified by:
destroy in interface javax.servlet.Filter

doFilter

public void doFilter(javax.servlet.ServletRequest request,
                     javax.servlet.ServletResponse response,
                     javax.servlet.FilterChain filterChain)
              throws IOException,
                     javax.servlet.ServletException

Specified by:
doFilter in interface javax.servlet.Filter
Throws:
IOException
javax.servlet.ServletException

init

public void init(javax.servlet.FilterConfig filterConfig)
          throws javax.servlet.ServletException

Specified by:
init in interface javax.servlet.Filter
Throws:
javax.servlet.ServletException

getIdPSessionCookie

protected javax.servlet.http.Cookie getIdPSessionCookie(javax.servlet.http.HttpServletRequest httpRequest)
Gets the IdP session cookie from the current request, if the user currently has a session.

Parameters:
httpRequest - current HTTP request
Returns:
the user's current IdP session cookie, if they have a current session, otherwise null

getUserSession

protected Session getUserSession(javax.servlet.http.Cookie sessionCookie,
                                 javax.servlet.http.HttpServletRequest httpRequest,
                                 javax.servlet.http.HttpServletResponse httpResponse)
Gets the user session associated with a session cookie.

Parameters:
sessionCookie - the session cookie
httpRequest - the current HTTP request
httpResponse - the current HTTP response
Returns:
the session associated with the cookie or null if there is no currently assoicated session

isCookieValid

protected boolean isCookieValid(javax.servlet.http.HttpServletRequest httpRequest,
                                javax.servlet.http.HttpServletResponse httpResponse,
                                byte[] v4AddressBytes,
                                byte[] v6AddressBytes,
                                byte[] sessionIdBytes,
                                byte[] signatureBytes,
                                byte[] sessionSecret)
Validates the session cookie. This validates that the cookie came from the same IP address to which it was given, if consistent address checking is enabled, and that cookie data hasn't been changed.

Parameters:
httpRequest - incoming HTTP request
httpResponse - outgoing HTTP response
v4AddressBytes - IPv4 remote address from the cookie value
v6AddressBytes - IPv6 remote address from the cookie value
sessionIdBytes - session ID from the cookie value
signatureBytes - signature from the cookie value
sessionSecret - secrete associated with the user's session
Returns:
true if the information in the cookie is valid, false if not


Copyright © 1999-2013. All Rights Reserved.