Package net.shibboleth.idp.session

Class AbstractIdPSession

java.lang.Object
net.shibboleth.idp.session.AbstractIdPSession
All Implemented Interfaces:
IdPSession, Component, IdentifiedComponent
Direct Known Subclasses:
StorageBackedIdPSession
@ThreadSafe public abstract class AbstractIdPSession extends Object implements IdPSession
Abstract base for implementations of IdPSession, handles basic management of the instance data without addressing persistence.

Data that can change post-construction can be modified using doSet/doAdd/doRemove methods that maintain the object state. Abstract methods defined here or left unimplemented from the interface should be implemented to call these methods and perform any additional work required to maintain the coherence of the underlying store, if any.

The checkAddress(String) method is implemented by calling into other abstract and defined methods to check session state and update address information as required.

  • Field Details

    • log

      @Nonnull private final org.slf4j.Logger log
      Class logger.

    • id

      @Nonnull @NotEmpty private final String id
      Unique ID of this session.

    • principalName

      @Nonnull @NotEmpty private final String principalName
      A canonical name for the subject of the session.

    • creationInstant

      @Nonnull private final Instant creationInstant
      Time when this session was created.

    • lastActivityInstant

      @Nonnull private Instant lastActivityInstant
      Last activity instant for this session.

    • ipV4Address

      @Nullable private String ipV4Address
      An IPv4 address to which the session is bound.

    • ipV6Address

      @Nullable private String ipV6Address
      An IPv6 address to which the session is bound.

    • unknownAddress

      @Nullable private String unknownAddress
      An "unknown" address to which the session is bound.

    • authenticationResults

      @Nonnull private final ConcurrentMap<String,Optional<AuthenticationResult>> authenticationResults
      Tracks authentication results that have occurred during this session.

    • spSessions

      @Nonnull private final ConcurrentMap<String,Optional<SPSession>> spSessions
      Tracks services which have been issued authentication tokens during this session.

  • Constructor Details

    • AbstractIdPSession

      public AbstractIdPSession(@Nonnull @NotEmpty String sessionId, @Nonnull @NotEmpty String canonicalName, @Nonnull Instant creationTime)
      Constructor.
      Parameters:
      sessionId - identifier for this session
      canonicalName - canonical name of subject
      creationTime - creation time of session

  • Method Details

    • getId

      @Nonnull @NotEmpty public String getId()
      Specified by:
      getId in interface IdentifiedComponent

    • getPrincipalName

      @Nonnull @NotEmpty public String getPrincipalName()
      Get the canonical principal name for the session.
      Specified by:
      getPrincipalName in interface IdPSession
      Returns:
      the principal name

    • getCreationInstant

      @Nonnull public Instant getCreationInstant()
      Get the time when this session was created.
      Specified by:
      getCreationInstant in interface IdPSession
      Returns:
      time this session was created

    • getLastActivityInstant

      @Nonnull public Instant getLastActivityInstant()
      Get the last activity instant for the session.
      Specified by:
      getLastActivityInstant in interface IdPSession
      Returns:
      last activity instant for the session

    • setLastActivityInstant

      public void setLastActivityInstant(@Nonnull Instant instant) throws SessionException
      Set the last activity instant for the session.
      Parameters:
      instant - last activity instant for the session
      Throws:
      SessionException - if an error occurs updating the session

    • doSetLastActivityInstant

      public void doSetLastActivityInstant(@Nonnull Instant instant)
      Set the last activity instant for the session.

      This manipulates only the internal state of the object. The setLastActivityInstant(Instant) method must be overridden to support other persistence requirements.

      Parameters:
      instant - last activity instant for the session

    • checkAddress

      public boolean checkAddress(@Nonnull @NotEmpty String address) throws SessionException
      Test the session's validity based on the supplied client address, possibly binding it to the session if appropriate.
      Specified by:
      checkAddress in interface IdPSession
      Parameters:
      address - client address for validation
      Returns:
      true iff the session is valid for the specified client address
      Throws:
      SessionException - if an error occurs binding the address to the session

    • getAddress

      @Nullable public String getAddress(@Nonnull AbstractIdPSession.AddressFamily family)
      Get an address to which this session is bound.
      Parameters:
      family - the address family to inquire
      Returns:
      bound address or null

    • bindToAddress

      public void bindToAddress(@Nonnull @NotEmpty String address) throws SessionException
      Associate an address with this session.
      Parameters:
      address - the address to associate
      Throws:
      SessionException - if an error occurs binding the address to the session

    • doBindToAddress

      public void doBindToAddress(@Nonnull @NotEmpty String address)
      Associate an address with this session.

      This manipulates only the internal state of the object. The bindToAddress(String) method must be overridden to support other persistence requirements.

      Parameters:
      address - the address to associate

    • checkTimeout

      public boolean checkTimeout() throws SessionException
      Test the session's validity based on inactivity, while updating the last activity time.
      Specified by:
      checkTimeout in interface IdPSession
      Returns:
      true iff the session is still valid
      Throws:
      SessionException - if an error occurs updating the activity time

    • getAuthenticationResults

      @Nonnull @NotLive @Unmodifiable public Set<AuthenticationResult> getAuthenticationResults()
      Get the unmodifiable set of AuthenticationResults associated with this session.
      Specified by:
      getAuthenticationResults in interface IdPSession
      Returns:
      unmodifiable set of results

    • getAuthenticationResult

      @Nullable public AuthenticationResult getAuthenticationResult(@Nonnull @NotEmpty String flowId)
      Get an associated AuthenticationResult given its flow ID.
      Specified by:
      getAuthenticationResult in interface IdPSession
      Parameters:
      flowId - the ID of the AuthenticationResult
      Returns:
      the authentication result, or null

    • addAuthenticationResult

      @Nullable public AuthenticationResult addAuthenticationResult(@Nonnull AuthenticationResult result) throws SessionException
      Add a new AuthenticationResult to this IdP session, replacing any existing result of the same flow ID.
      Specified by:
      addAuthenticationResult in interface IdPSession
      Parameters:
      result - the result to add
      Returns:
      a previously existing result replaced by the new one, if any
      Throws:
      SessionException - if an error occurs updating the session

    • removeAuthenticationResult

      public boolean removeAuthenticationResult(@Nonnull AuthenticationResult result) throws SessionException
      Disassociate an AuthenticationResult from this IdP session.
      Specified by:
      removeAuthenticationResult in interface IdPSession
      Parameters:
      result - the result to disassociate
      Returns:
      true iff the given result had been associated with this IdP session and now is not
      Throws:
      SessionException - if an error occurs accessing the session

    • doAddAuthenticationResult

      @Nullable public AuthenticationResult doAddAuthenticationResult(@Nonnull AuthenticationResult result)
      Add a new AuthenticationResult to this IdP session, replacing any existing result of the same flow ID.

      This manipulates only the internal state of the object. The addAuthenticationResult(AuthenticationResult) method must be implemented to support other persistence requirements.

      Parameters:
      result - the result to add
      Returns:
      a previously existing result replaced by the new one, if any

    • doRemoveAuthenticationResult

      public boolean doRemoveAuthenticationResult(@Nonnull AuthenticationResult result)
      Disassociate an AuthenticationResult from this IdP session.

      This manipulates only the internal state of the object. The removeAuthenticationResult(AuthenticationResult) method must be implemented to support other persistence requirements.

      Parameters:
      result - the result to disassociate
      Returns:
      true iff the given result had been associated with this IdP session and now is not

    • getSPSessions

      @Nonnull @NotLive @Unmodifiable public Set<SPSession> getSPSessions()
      Gets the unmodifiable collection of service sessions associated with this session.
      Specified by:
      getSPSessions in interface IdPSession
      Returns:
      unmodifiable collection of service sessions associated with this session

    • getSPSession

      @Nullable public SPSession getSPSession(@Nonnull @NotEmpty String serviceId)
      Get the SPSession for a given service.
      Specified by:
      getSPSession in interface IdPSession
      Parameters:
      serviceId - ID of the service
      Returns:
      the session service or null if no session exists for that service, may be null

    • addSPSession

      @Nullable public SPSession addSPSession(@Nonnull SPSession spSession) throws SessionException
      Add a new SP session to this IdP session, replacing any existing session for the same service.
      Specified by:
      addSPSession in interface IdPSession
      Parameters:
      spSession - the SP session
      Returns:
      a previously existing SPSession replaced by the new one, if any
      Throws:
      SessionException - if an error occurs accessing the session

    • removeSPSession

      public boolean removeSPSession(@Nonnull SPSession spSession) throws SessionException
      Disassociate the given SP session from this IdP session.
      Specified by:
      removeSPSession in interface IdPSession
      Parameters:
      spSession - the SP session
      Returns:
      true iff the given SP session had been associated with this IdP session and now is not
      Throws:
      SessionException - if an error occurs accessing the SP session

    • doAddSPSession

      @Nullable public SPSession doAddSPSession(@Nonnull SPSession spSession)
      Add a new SP session to this IdP session, replacing any existing session for the same service.

      This manipulates only the internal state of the object. The addSPSession(SPSession) method must be implemented to support other persistence requirements.

      Parameters:
      spSession - the SP session
      Returns:
      a previously existing SPSession replaced by the new one, if any

    • doRemoveSPSession

      public boolean doRemoveSPSession(@Nonnull SPSession spSession)
      Disassociate the given SP session from this IdP session.

      This manipulates only the internal state of the object. The removeSPSession(SPSession) method must be implemented to support other persistence requirements.

      Parameters:
      spSession - the SP session
      Returns:
      true iff the given SP session had been associated with this IdP session and now is not

    • equals

      public boolean equals(Object obj)
      Overrides:
      equals in class Object

    • hashCode

      public int hashCode()
      Overrides:
      hashCode in class Object

    • toString

      public String toString()
      Overrides:
      toString in class Object

    • getAuthenticationResultMap

      @Nonnull @Live protected Map<String,Optional<AuthenticationResult>> getAuthenticationResultMap()
      Accessor for the underlying AuthenticationResult map maintained with the IdP session.
      Returns:
      direct access to the result map

    • getSPSessionMap

      @Nonnull @Live protected Map<String,Optional<SPSession>> getSPSessionMap()
      Accessor for the underlying SPSession map maintained with the IdP session.
      Returns:
      direct access to the service session map

    • getAddressFamily

      @Nonnull protected static AbstractIdPSession.AddressFamily getAddressFamily(@Nonnull @NotEmpty String address)
      Returns the address family for an input address.
      Parameters:
      address - the string to check
      Returns:
      the address family