IdPSessionFilter (Shibboleth Identity Provider 2.4.2 API)

java.lang.Object
- edu.internet2.middleware.shibboleth.idp.session.IdPSessionFilter

All Implemented Interfaces:

javax.servlet.Filter
```
public class IdPSessionFilter
extends Object
implements javax.servlet.Filter
```
A filter that adds the current users Session the request, if the user has a session.

Field Summary

Fields
Modifier and Type	Field and Description
`private boolean`	`consistentAddress` Whether the client must always come back from the same address.
`private String`	`cookieDomain` Non-default cookie domain, if set.
`private org.slf4j.Logger`	`log` Class Logger.
`private SessionManager<Session>`	`sessionManager` IdP session manager.

Constructor Summary

Constructors
Constructor and Description

IdPSessionFilter()

Constructors
Constructor and Description
`IdPSessionFilter()`

Method Summary

Methods
Modifier and Type	Method and Description
`void`	`destroy()`
`void`	`doFilter(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response, javax.servlet.FilterChain filterChain)`
`protected javax.servlet.http.Cookie`	`getIdPSessionCookie(javax.servlet.http.HttpServletRequest httpRequest)` Gets the IdP session cookie from the current request, if the user currently has a session.
`protected Session`	`getUserSession(javax.servlet.http.Cookie sessionCookie, javax.servlet.http.HttpServletRequest httpRequest, javax.servlet.http.HttpServletResponse httpResponse)` Gets the user session associated with a session cookie.
`void`	`init(javax.servlet.FilterConfig filterConfig)`
`protected boolean`	`isCookieValid(javax.servlet.http.HttpServletRequest httpRequest, javax.servlet.http.HttpServletResponse httpResponse, byte[] v4AddressBytes, byte[] v6AddressBytes, byte[] sessionIdBytes, byte[] signatureBytes, byte[] sessionSecret)` Validates the session cookie.

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

- Field Detail
  - log
```
private final org.slf4j.Logger log
```
    Class Logger.
  - cookieDomain
```
private String cookieDomain
```
    Non-default cookie domain, if set.
  - consistentAddress
```
private boolean consistentAddress
```
    Whether the client must always come back from the same address.
  - sessionManager
```
private SessionManager<Session> sessionManager
```
    IdP session manager.
- Constructor Detail
  - IdPSessionFilter
```
public IdPSessionFilter()
```
- Method Detail
  - destroy
```
public void destroy()
```
    Specified by:
    
    destroy in interface javax.servlet.Filter
  - doFilter
```
public void doFilter(javax.servlet.ServletRequest request,
            javax.servlet.ServletResponse response,
            javax.servlet.FilterChain filterChain)
              throws IOException,
                     javax.servlet.ServletException
```
    Specified by:
    
    doFilter in interface javax.servlet.Filter
    
    Throws:
    
    IOException
    
    javax.servlet.ServletException
  - init
```
public void init(javax.servlet.FilterConfig filterConfig)
          throws javax.servlet.ServletException
```
    Specified by:
    
    init in interface javax.servlet.Filter
    
    Throws:
    
    javax.servlet.ServletException
  - getIdPSessionCookie
```
protected javax.servlet.http.Cookie getIdPSessionCookie(javax.servlet.http.HttpServletRequest httpRequest)
```
    Gets the IdP session cookie from the current request, if the user currently has a session.
    
    Parameters:
    httpRequest - current HTTP request
    
    Returns:
    the user's current IdP session cookie, if they have a current session, otherwise null
  - getUserSession
```
protected Session getUserSession(javax.servlet.http.Cookie sessionCookie,
                     javax.servlet.http.HttpServletRequest httpRequest,
                     javax.servlet.http.HttpServletResponse httpResponse)
```
    Gets the user session associated with a session cookie.
    
    Parameters:
    sessionCookie - the session cookie
    httpRequest - the current HTTP request
    httpResponse - the current HTTP response
    
    Returns:
    the session associated with the cookie or null if there is no currently assoicated session
  - isCookieValid
```
protected boolean isCookieValid(javax.servlet.http.HttpServletRequest httpRequest,
                    javax.servlet.http.HttpServletResponse httpResponse,
                    byte[] v4AddressBytes,
                    byte[] v6AddressBytes,
                    byte[] sessionIdBytes,
                    byte[] signatureBytes,
                    byte[] sessionSecret)
```
    Validates the session cookie. This validates that the cookie came from the same IP address to which it was given, if consistent address checking is enabled, and that cookie data hasn't been changed.
    
    Parameters:
    httpRequest - incoming HTTP request
    httpResponse - outgoing HTTP response
    v4AddressBytes - IPv4 remote address from the cookie value
    v6AddressBytes - IPv6 remote address from the cookie value
    sessionIdBytes - session ID from the cookie value
    signatureBytes - signature from the cookie value
    sessionSecret - secrete associated with the user's session
    
    Returns:
    true if the information in the cookie is valid, false if not

Class IdPSessionFilter

Field Summary

Constructor Summary

Method Summary

Methods inherited from class java.lang.Object

Field Detail

log

cookieDomain

consistentAddress

sessionManager

Constructor Detail

IdPSessionFilter

Method Detail

destroy

doFilter

init

getIdPSessionCookie

getUserSession

isCookieValid