edu.internet2.middleware.shibboleth.idp.session
Class IdPSessionFilter

java.lang.Object
  extended by edu.internet2.middleware.shibboleth.idp.session.IdPSessionFilter
All Implemented Interfaces:
javax.servlet.Filter

public class IdPSessionFilter
extends Object
implements javax.servlet.Filter

A filter that adds the current users Session the request, if the user has a session.


Constructor Summary
IdPSessionFilter()
           
 
Method Summary
 void destroy()
          
 void doFilter(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response, javax.servlet.FilterChain filterChain)
          
protected  javax.servlet.http.Cookie getIdPSessionCookie(javax.servlet.http.HttpServletRequest httpRequest)
          Gets the IdP session cookie from the current request, if the user currently has a session.
protected  Session getUserSession(javax.servlet.http.Cookie sessionCookie, javax.servlet.http.HttpServletRequest httpRequest)
          Gets the user session associated with a session cookie.
 void init(javax.servlet.FilterConfig filterConfig)
          
protected  boolean isCookieValid(javax.servlet.http.HttpServletRequest httpRequest, byte[] remoteAddressBytes, byte[] sessionIdBytes, byte[] signatureBytes, byte[] sessionSecret)
          Validates the session cookie.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

IdPSessionFilter

public IdPSessionFilter()
Method Detail

destroy

public void destroy()

Specified by:
destroy in interface javax.servlet.Filter

doFilter

public void doFilter(javax.servlet.ServletRequest request,
                     javax.servlet.ServletResponse response,
                     javax.servlet.FilterChain filterChain)
              throws IOException,
                     javax.servlet.ServletException

Specified by:
doFilter in interface javax.servlet.Filter
Throws:
IOException
javax.servlet.ServletException

init

public void init(javax.servlet.FilterConfig filterConfig)
          throws javax.servlet.ServletException

Specified by:
init in interface javax.servlet.Filter
Throws:
javax.servlet.ServletException

getIdPSessionCookie

protected javax.servlet.http.Cookie getIdPSessionCookie(javax.servlet.http.HttpServletRequest httpRequest)
Gets the IdP session cookie from the current request, if the user currently has a session.

Parameters:
httpRequest - current HTTP request
Returns:
the user's current IdP session cookie, if they have a current session, otherwise null

getUserSession

protected Session getUserSession(javax.servlet.http.Cookie sessionCookie,
                                 javax.servlet.http.HttpServletRequest httpRequest)
Gets the user session associated with a session cookie.

Parameters:
sessionCookie - the session cookie
httpRequest - the current HTTP request
Returns:
the session associated with the cookie or null if there is no currently assoicated session

isCookieValid

protected boolean isCookieValid(javax.servlet.http.HttpServletRequest httpRequest,
                                byte[] remoteAddressBytes,
                                byte[] sessionIdBytes,
                                byte[] signatureBytes,
                                byte[] sessionSecret)
Validates the session cookie. This validates that the cookie came from the same IP address to which it was given, if consistent address checking is enabled, and that cookie data hasn't been changed.

Parameters:
httpRequest - incoming HTTP request
remoteAddressBytes - remote address from the cookie value
sessionIdBytes - session ID from the cookie value
signatureBytes - signature from the cookie value
sessionSecret - secrete associated with the user's session
Returns:
true if the information in the cookie is valid, false if not


Copyright © 2006-2009 Internet2. All Rights Reserved.