net.shibboleth.idp.session

Class AbstractIdPSession

java.lang.Object

net.shibboleth.idp.session.AbstractIdPSession

All Implemented Interfaces:

IdPSession, Component, IdentifiedComponent

@ThreadSafe
public abstract class AbstractIdPSession
extends Object
implements IdPSession

Abstract base for implementations of IdPSession, handles basic management of the instance data without addressing persistence.

Data that can change post-construction can be modified using doSet/doAdd/doRemove methods that maintain the object state. Abstract methods defined here or left unimplemented from the interface should be implemented to call these methods and perform any additional work required to maintain the coherence of the underlying store, if any.

The checkAddress(String) method is implemented by calling into other abstract and defined methods to check session state and update address information as required.

Nested Class Summary

Nested Classes

Modifier and Type	Class and Description
static class	AbstractIdPSession.AddressFamily Address syntaxes supported for address binding.

Field Summary

Fields

Modifier and Type	Field and Description
private ConcurrentMap<String,com.google.common.base.Optional<AuthenticationResult>>	authenticationResults Tracks authentication results that have occurred during this session.
private long	creationInstant Time, in milliseconds since the epoch, when this session was created.
private String	id Unique ID of this session.
private String	ipV4Address Addresses to which the session is bound.
private String	ipV6Address An IPv6 address to which the session is bound.
private long	lastActivityInstant Last activity instant, in milliseconds since the epoch, for this session.
private org.slf4j.Logger	log Class logger.
private String	principalName A canonical name for the subject of the session.
private ConcurrentMap<String,com.google.common.base.Optional<SPSession>>	spSessions Tracks services which have been issued authentication tokens during this session.

Fields inherited from interface net.shibboleth.idp.session.IdPSession

MDC_ATTRIBUTE

Constructor Summary

Constructors

Constructor and Description
AbstractIdPSession(String sessionId, String canonicalName, long creationTime) Constructor.

Method Summary

Methods

Modifier and Type	Method and Description
AuthenticationResult	addAuthenticationResult(AuthenticationResult result) Add a new AuthenticationResult to this IdP session, replacing any existing result of the same flow ID.
SPSession	addSPSession(SPSession spSession) Add a new SP session to this IdP session, replacing any existing session for the same service.
void	bindToAddress(String address) Associate an address with this session.
boolean	checkAddress(String address) Test the session's validity based on the supplied client address, possibly binding it to the session if appropriate.
boolean	checkTimeout() Test the session's validity based on inactivity, while updating the last activity time.
AuthenticationResult	doAddAuthenticationResult(AuthenticationResult result) Add a new AuthenticationResult to this IdP session, replacing any existing result of the same flow ID.
SPSession	doAddSPSession(SPSession spSession) Add a new SP session to this IdP session, replacing any existing session for the same service.
void	doBindToAddress(String address) Associate an address with this session.
boolean	doRemoveAuthenticationResult(AuthenticationResult result) Disassociate an AuthenticationResult from this IdP session.
boolean	doRemoveSPSession(SPSession spSession) Disassociate the given SP session from this IdP session.
void	doSetLastActivityInstant(long instant) Set the last activity instant, in milliseconds since the epoch, for the session.
boolean	equals(Object obj)
String	getAddress(AbstractIdPSession.AddressFamily family) Get an address to which this session is bound.
protected static AbstractIdPSession.AddressFamily	getAddressFamily(String address) Returns the address family for an input address.
AuthenticationResult	getAuthenticationResult(String flowId) Get an associated AuthenticationResult given its flow ID.
protected Map<String,com.google.common.base.Optional<AuthenticationResult>>	getAuthenticationResultMap() Accessor for the underlying AuthenticationResult map maintained with the IdP session.
Set<AuthenticationResult>	getAuthenticationResults() Get the unmodifiable set of AuthenticationResults associated with this session.
long	getCreationInstant() Get the time, in milliseconds since the epoch, when this session was created.
String	getId()
long	getLastActivityInstant() Get the last activity instant, in milliseconds since the epoch, for the session.
String	getPrincipalName() Get the canonical principal name for the session.
SPSession	getSPSession(String serviceId) Get the SPSession for a given service.
protected Map<String,com.google.common.base.Optional<SPSession>>	getSPSessionMap() Accessor for the underlying SPSession map maintained with the IdP session.
Set<SPSession>	getSPSessions() Gets the unmodifiable collection of service sessions associated with this session.
int	hashCode()
boolean	removeAuthenticationResult(AuthenticationResult result) Disassociate an AuthenticationResult from this IdP session.
boolean	removeSPSession(SPSession spSession) Disassociate the given SP session from this IdP session.
void	setLastActivityInstant(long instant) Set the last activity instant, in milliseconds since the epoch, for the session.
String	toString()

Methods inherited from class java.lang.Object

clone, finalize, getClass, notify, notifyAll, wait, wait, wait

Methods inherited from interface net.shibboleth.idp.session.IdPSession

updateAuthenticationResultActivity

Field Detail

log

@Nonnull
private final org.slf4j.Logger log

Class logger.

id

@Nonnull
@NotEmpty
private final String id

Unique ID of this session.

principalName

@Nonnull
@NotEmpty
private final String principalName

A canonical name for the subject of the session.

creationInstant

@Duration
private final long creationInstant

Time, in milliseconds since the epoch, when this session was created.

lastActivityInstant

@Duration
private long lastActivityInstant

Last activity instant, in milliseconds since the epoch, for this session.

ipV4Address

@Nullable
private String ipV4Address

Addresses to which the session is bound.

ipV6Address

@Nullable
private String ipV6Address

An IPv6 address to which the session is bound.

authenticationResults

@Nonnull
private final ConcurrentMap<String,com.google.common.base.Optional<AuthenticationResult>> authenticationResults

Tracks authentication results that have occurred during this session.

spSessions

@Nonnull
private final ConcurrentMap<String,com.google.common.base.Optional<SPSession>> spSessions

Tracks services which have been issued authentication tokens during this session.

Constructor Detail

AbstractIdPSession

public AbstractIdPSession(@Nonnull@NotEmpty
                  String sessionId,
                  @Nonnull@NotEmpty
                  String canonicalName,
                  @Positive
                  long creationTime)

Constructor.

Parameters:

sessionId - identifier for this session

canonicalName - canonical name of subject

creationTime - creation time of session in milliseconds

Method Detail

getId

@Nonnull
@NotEmpty
public String getId()

Specified by:

getId in interface IdentifiedComponent

getPrincipalName

@Nonnull
@NotEmpty
public String getPrincipalName()

Get the canonical principal name for the session.

Specified by:

getPrincipalName in interface IdPSession

Returns:

the principal name

getCreationInstant

public long getCreationInstant()

Get the time, in milliseconds since the epoch, when this session was created.

Specified by:

getCreationInstant in interface IdPSession

Returns:

time this session was created, never less than 0

getLastActivityInstant

@Duration
public long getLastActivityInstant()

Get the last activity instant, in milliseconds since the epoch, for the session.

Specified by:

getLastActivityInstant in interface IdPSession

Returns:

last activity instant, in milliseconds since the epoch, for the session, never less than 0

setLastActivityInstant

@Duration
public void setLastActivityInstant(@Duration@Positive
                                   long instant)
                            throws SessionException

Set the last activity instant, in milliseconds since the epoch, for the session.

Parameters:

instant - last activity instant, in milliseconds since the epoch, for the session, must be greater than 0

Throws:

SessionException - if an error occurs updating the session

doSetLastActivityInstant

@Duration
public void doSetLastActivityInstant(@Duration@Positive
                                     long instant)

Set the last activity instant, in milliseconds since the epoch, for the session.

This manipulates only the internal state of the object. The setLastActivityInstant(long) method must be overridden to support other persistence requirements.

Parameters:

instant - last activity instant, in milliseconds since the epoch, for the session, must be greater than 0

getAddress

@Nullable
public String getAddress(@Nonnull
                         AbstractIdPSession.AddressFamily family)

Get an address to which this session is bound.

Parameters:

family - the address family to inquire

Returns:

bound address or null

bindToAddress

public void bindToAddress(@Nonnull@NotEmpty
                 String address)
                   throws SessionException

Associate an address with this session.

Parameters:

address - the address to associate

Throws:

SessionException - if an error occurs binding the address to the session

doBindToAddress

public void doBindToAddress(@Nonnull@NotEmpty
                   String address)

Associate an address with this session.

This manipulates only the internal state of the object. The bindToAddress(String) method must be overridden to support other persistence requirements.

Parameters:

address - the address to associate

getAuthenticationResults

@Nonnull
@NonnullElements
@NotLive
@Unmodifiable
public Set<AuthenticationResult> getAuthenticationResults()

Get the unmodifiable set of AuthenticationResults associated with this session.

Specified by:

getAuthenticationResults in interface IdPSession

Returns:

unmodifiable set of results

getAuthenticationResult

@Nullable
public AuthenticationResult getAuthenticationResult(@Nonnull@NotEmpty
                                                    String flowId)

Get an associated AuthenticationResult given its flow ID.

Specified by:

getAuthenticationResult in interface IdPSession

Parameters:

flowId - the ID of the AuthenticationResult

Returns:

the authentication result, or null

addAuthenticationResult

@Nullable
public AuthenticationResult addAuthenticationResult(@Nonnull
                                                    AuthenticationResult result)
                                             throws SessionException

Add a new AuthenticationResult to this IdP session, replacing any existing result of the same flow ID.

Specified by:

addAuthenticationResult in interface IdPSession

Parameters:

result - the result to add

Returns:

a previously existing result replaced by the new one, if any

Throws:

SessionException - if an error occurs updating the session

removeAuthenticationResult

public boolean removeAuthenticationResult(@Nonnull
                                 AuthenticationResult result)
                                   throws SessionException

Disassociate an AuthenticationResult from this IdP session.

Specified by:

removeAuthenticationResult in interface IdPSession

Parameters:

result - the result to disassociate

Returns:

true iff the given result had been associated with this IdP session and now is not

Throws:

SessionException - if an error occurs accessing the session

doAddAuthenticationResult

@Nullable
public AuthenticationResult doAddAuthenticationResult(@Nonnull
                                                      AuthenticationResult result)

Add a new AuthenticationResult to this IdP session, replacing any existing result of the same flow ID.

This manipulates only the internal state of the object. The addAuthenticationResult(AuthenticationResult) method must be implemented to support other persistence requirements.

Parameters:

result - the result to add

Returns:

a previously existing result replaced by the new one, if any

doRemoveAuthenticationResult

public boolean doRemoveAuthenticationResult(@Nonnull
                                   AuthenticationResult result)

Disassociate an AuthenticationResult from this IdP session.

This manipulates only the internal state of the object. The removeAuthenticationResult(AuthenticationResult) method must be implemented to support other persistence requirements.

Parameters:

result - the result to disassociate

Returns:

true iff the given result had been associated with this IdP session and now is not

getSPSessions

@Nonnull
@NonnullElements
@NotLive
@Unmodifiable
public Set<SPSession> getSPSessions()

Gets the unmodifiable collection of service sessions associated with this session.

Specified by:

getSPSessions in interface IdPSession

Returns:

unmodifiable collection of service sessions associated with this session

getSPSession

@Nullable
public SPSession getSPSession(@Nonnull@NotEmpty
                              String serviceId)

Get the SPSession for a given service.

Specified by:

getSPSession in interface IdPSession

Parameters:

serviceId - ID of the service

Returns:

the session service or null if no session exists for that service, may be null

addSPSession

@Nullable
public SPSession addSPSession(@Nonnull
                              SPSession spSession)
                       throws SessionException

Add a new SP session to this IdP session, replacing any existing session for the same service.

Specified by:

addSPSession in interface IdPSession

Parameters:

spSession - the SP session

Returns:

a previously existing SPSession replaced by the new one, if any

Throws:

SessionException - if an error occurs accessing the session

removeSPSession

public boolean removeSPSession(@Nonnull
                      SPSession spSession)
                        throws SessionException

Disassociate the given SP session from this IdP session.

Specified by:

removeSPSession in interface IdPSession

Parameters:

spSession - the SP session

Returns:

true iff the given SP session had been associated with this IdP session and now is not

Throws:

SessionException - if an error occurs accessing the SP session

doAddSPSession

@Nullable
public SPSession doAddSPSession(@Nonnull
                                SPSession spSession)

Add a new SP session to this IdP session, replacing any existing session for the same service.

This manipulates only the internal state of the object. The addSPSession(SPSession) method must be implemented to support other persistence requirements.

Parameters:

spSession - the SP session

Returns:

a previously existing SPSession replaced by the new one, if any

doRemoveSPSession

public boolean doRemoveSPSession(@Nonnull
                        SPSession spSession)

Disassociate the given SP session from this IdP session.

This manipulates only the internal state of the object. The removeSPSession(SPSession) method must be implemented to support other persistence requirements.

Parameters:

spSession - the SP session

Returns:

true iff the given SP session had been associated with this IdP session and now is not

checkAddress

public boolean checkAddress(@Nonnull@NotEmpty
                   String address)
                     throws SessionException

Test the session's validity based on the supplied client address, possibly binding it to the session if appropriate.

Specified by:

checkAddress in interface IdPSession

Parameters:

address - client address for validation

Returns:

true iff the session is valid for the specified client address

Throws:

SessionException - if an error occurs binding the address to the session

checkTimeout

public boolean checkTimeout()
                     throws SessionException

Test the session's validity based on inactivity, while updating the last activity time.

Specified by:

checkTimeout in interface IdPSession

Returns:

true iff the session is still valid

Throws:

SessionException - if an error occurs updating the activity time

equals

public boolean equals(Object obj)

Overrides:

equals in class Object

hashCode

public int hashCode()

Overrides:

hashCode in class Object

toString

public String toString()

Overrides:

toString in class Object

getAuthenticationResultMap

@Nonnull
@NonnullElements
@Live
protected Map<String,com.google.common.base.Optional<AuthenticationResult>> getAuthenticationResultMap()

Accessor for the underlying AuthenticationResult map maintained with the IdP session.

Returns:

direct access to the result map

getSPSessionMap

@Nonnull
@NonnullElements
@Live
protected Map<String,com.google.common.base.Optional<SPSession>> getSPSessionMap()

Accessor for the underlying SPSession map maintained with the IdP session.

Returns:

direct access to the service session map

getAddressFamily

@Nonnull
protected static AbstractIdPSession.AddressFamily getAddressFamily(@Nonnull@NotEmpty
                                                        String address)

Returns the address family for an input address.

Parameters:

address - the string to check

Returns:

the address family