net.shibboleth.idp.session.impl

Class UpdateSessionWithAuthenticationResult

java.lang.Object

net.shibboleth.utilities.java.support.component.AbstractInitializableComponent

org.opensaml.profile.action.AbstractProfileAction<InboundMessageType,OutboundMessageType>

org.opensaml.profile.action.AbstractConditionalProfileAction<InboundMessageType,OutboundMessageType>

net.shibboleth.idp.profile.AbstractProfileAction<InboundMessageType,OutboundMessageType>

net.shibboleth.idp.authn.AbstractAuthenticationAction

net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult

All Implemented Interfaces:

net.shibboleth.utilities.java.support.component.Component, net.shibboleth.utilities.java.support.component.DestructableComponent, net.shibboleth.utilities.java.support.component.InitializableComponent, org.opensaml.profile.action.ProfileAction, Aware, MessageSource, MessageSourceAware, org.springframework.webflow.execution.Action

public class UpdateSessionWithAuthenticationResult
extends AbstractAuthenticationAction

An authentication action that establishes a record of the AuthenticationResult in an IdPSession for the client, either by updating an existing session or creating a new one.

A new AuthenticationResult may be added to the session, or the last activity time of an existing one updated. A new one will only be added if the authentication context indicates that the result is "cacheable".

An existing session is identified via a SessionContext attached to the ProfileRequestContext. If a new session is created, it will be placed into a SessionContext, creating it if necessary, with the principal name coming from a SubjectContext.

An error interacting with the session layer will result in an EventIds.IO_ERROR event.

Event:

EventIds.PROCEED_EVENT_ID, EventIds.INVALID_PROFILE_CTX, EventIds.IO_ERROR

Precondition:

ProfileRequestContext.getSubcontext(AuthenticationContext.class, false) != null

Postcondition:

If AuthenticationContext.getAuthenticationResult() != null and SubjectContext.getPrincipalName() != null then the steps above are performed, and ProfileRequestContext.getSubcontext(SessionContext.class, false).getIdPSession() != null

Field Summary

Fields

Modifier and Type	Field and Description
private Logger	log Class logger.
private SessionContext	sessionCtx Existing or newly created SessionContext.
private SessionManager	sessionManager SessionManager.
private SubjectContext	subjectCtx Existing SubjectContext.

Constructor Summary

Constructors

Constructor and Description
UpdateSessionWithAuthenticationResult()

Method Summary

Methods

Modifier and Type	Method and Description
private void	createIdPSession(AuthenticationContext authenticationContext) Create a new session and populate the SessionContext.
protected void	doExecute(org.opensaml.profile.context.ProfileRequestContext profileRequestContext, AuthenticationContext authenticationContext)
protected void	doInitialize()
protected boolean	doPreExecute(org.opensaml.profile.context.ProfileRequestContext profileRequestContext, AuthenticationContext authenticationContext)
void	setSessionManager(SessionManager manager) Set the SessionManager to use.
private void	updateIdPSession(AuthenticationContext authenticationContext, IdPSession session) Update an existing session.

Methods inherited from class net.shibboleth.idp.authn.AbstractAuthenticationAction

doExecute, doPreExecute, setLookupStrategy

Methods inherited from class net.shibboleth.idp.profile.AbstractProfileAction

doExecute, execute, getMessage, getMessage, getMessage, getProfileContextLookupStrategy, getResult, setMessageSource, setProfileContextLookupStrategy

Methods inherited from class org.opensaml.profile.action.AbstractConditionalProfileAction

getActivationCondition, setActivationCondition

Methods inherited from class org.opensaml.profile.action.AbstractProfileAction

doPostExecute, doPostExecute, execute, getHttpServletRequest, getHttpServletResponse, getLogPrefix, setHttpServletRequest, setHttpServletResponse

Methods inherited from class net.shibboleth.utilities.java.support.component.AbstractInitializableComponent

destroy, doDestroy, initialize, isDestroyed, isInitialized

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface net.shibboleth.utilities.java.support.component.InitializableComponent

initialize, isInitialized

Field Detail

log

@Nonnull
private final Logger log

Class logger.

sessionManager

@NonnullAfterInit
private SessionManager sessionManager

SessionManager.

sessionCtx

@Nullable
private SessionContext sessionCtx

Existing or newly created SessionContext.

subjectCtx

@Nullable
private SubjectContext subjectCtx

Existing SubjectContext.

Constructor Detail

UpdateSessionWithAuthenticationResult

public UpdateSessionWithAuthenticationResult()

Method Detail

setSessionManager

public void setSessionManager(@Nonnull
                     SessionManager manager)

Set the SessionManager to use.

Parameters:

manager - session manager to use

doInitialize

protected void doInitialize()
                     throws net.shibboleth.utilities.java.support.component.ComponentInitializationException

Overrides:

doInitialize in class net.shibboleth.utilities.java.support.component.AbstractInitializableComponent

Throws:

net.shibboleth.utilities.java.support.component.ComponentInitializationException

doPreExecute

protected boolean doPreExecute(@Nonnull
                   org.opensaml.profile.context.ProfileRequestContext profileRequestContext,
                   @Nonnull
                   AuthenticationContext authenticationContext)

Overrides:

doPreExecute in class AbstractAuthenticationAction

doExecute

protected void doExecute(@Nonnull
             org.opensaml.profile.context.ProfileRequestContext profileRequestContext,
             @Nonnull
             AuthenticationContext authenticationContext)

Overrides:

doExecute in class AbstractAuthenticationAction

updateIdPSession

private void updateIdPSession(@Nonnull
                    AuthenticationContext authenticationContext,
                    @Nonnull
                    IdPSession session)
                       throws SessionException

Update an existing session.

If the result is the product of an attempted flow, then it's added to the session. If reused, its last activity time is updated.

Parameters:

authenticationContext - current authentication context

session - session to update

Throws:

SessionException - if an error occurs updating the session

createIdPSession

private void createIdPSession(@Nonnull
                    AuthenticationContext authenticationContext)
                       throws SessionException

Create a new session and populate the SessionContext.

Parameters:

authenticationContext - current authentication context

Throws:

SessionException - if an error occurs creating the session