Start line:  
End line:  

Snippet Preview

Snippet HTML Code

Stack Overflow Questions
  /*
   * JBoss, Home of Professional Open Source.
   * Copyright 2013 Red Hat, Inc., and individual contributors
   * as indicated by the @author tags.
   *
   * Licensed under the Apache License, Version 2.0 (the "License");
   * you may not use this file except in compliance with the License.
   * You may obtain a copy of the License at
   *
  *     http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
 package io.undertow.servlet.handlers.security;
 
 
io.undertow.server.HttpHandler responsible for setting up the io.undertow.security.api.AuthenticatedSessionManager for cached authentications and registering a io.undertow.security.api.NotificationReceiver to receive the security notifications.

Author(s):
Darran Lofthouse
 
 public class CachedAuthenticatedSessionHandler implements HttpHandler {
 
     private static final String ATTRIBUTE_NAME = CachedAuthenticatedSessionHandler.class.getName() + ".AuthenticatedSession";
 
 
     private final HttpHandler next;
     private final ServletContextImpl servletContext;
 
     public CachedAuthenticatedSessionHandler(final HttpHandler nextfinal ServletContextImpl servletContext) {
         this. = next;
         this. = servletContext;
     }
 
     @Override
     public void handleRequest(HttpServerExchange exchangethrows Exception {
         SecurityContext securityContext = exchange.getSecurityContext();
         securityContext.registerNotificationReceiver();
 
         HttpSession session = .getSession(exchangefalse);
         // If there was no existing HttpSession then there could not be a cached AuthenticatedSession so don't bother setting
         // the AuthenticatedSessionManager.
         if (session != null) {
             SavedRequest.tryRestoreRequest(exchangesession); //not sure if this is where it belongs
         }
 
         .handleRequest(exchange);
     }
 
     private class SecurityNotificationReceiver implements NotificationReceiver {
 
         @Override
         public void handleNotification(SecurityNotification notification) {
             EventType eventType = notification.getEventType();
             switch (eventType) {
                 case :
                     if (isCacheable(notification)) {
                         HttpSessionImpl httpSession = .getSession(notification.getExchange(), true);
                         Session session;
                         if(System.getSecurityManager() == null) {
                             session = httpSession.getSession();
                         } else {
                             session = AccessController.doPrivileged(new HttpSessionImpl.UnwrapSessionAction(httpSession));
                         }
                         // It is normal for this notification to be received when using a previously cached session - in that
                         // case the IDM would have been given an opportunity to re-load the Account so updating here ready for
                         // the next request is desired.
                         session.setAttribute(,
                                 new AuthenticatedSession(notification.getAccount(), notification.getMechanism()));
                     }
                     break;
                 case :
                     HttpSessionImpl httpSession = .getSession(notification.getExchange(), false);
                     if (httpSession != null) {
                         Session session;
                         if (System.getSecurityManager() == null) {
                            session = httpSession.getSession();
                        } else {
                            session = AccessController.doPrivileged(new HttpSessionImpl.UnwrapSessionAction(httpSession));
                        }
                        session.removeAttribute();
                    }
                    break;
            }
        }
    }
        @Override
        public AuthenticatedSession lookupSession(HttpServerExchange exchange) {
            HttpSessionImpl httpSession = .getSession(exchangefalse);
            if (httpSession != null) {
                Session session;
                if (System.getSecurityManager() == null) {
                    session = httpSession.getSession();
                } else {
                    session = AccessController.doPrivileged(new HttpSessionImpl.UnwrapSessionAction(httpSession));
                }
                return (AuthenticatedSessionsession.getAttribute();
            }
            return null;
        }
        @Override
        public void clearSession(HttpServerExchange exchange) {
            HttpSessionImpl httpSession = .getSession(exchangefalse);
            if (httpSession != null) {
                Session session;
                if (System.getSecurityManager() == null) {
                    session = httpSession.getSession();
                } else {
                    session = AccessController.doPrivileged(new HttpSessionImpl.UnwrapSessionAction(httpSession));
                }
                session.removeAttribute();
            }
        }
    }
    private boolean isCacheable(final SecurityNotification notification) {
        return notification.isProgramatic() || notification.isCachingRequired();
    }
New to GrepCode? Check out our FAQ X