[jboss-cvs] Picketlink SVN: r1369 - in federation/trunk: picketlink-web/src/main/java/org/picketlink/identity/federation/web/listeners and 4 other directories.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Fri Feb 3 13:20:24 EST 2012
Author: anil.saldhana at jboss.com
Date: 2012-02-03 13:20:23 -0500 (Fri, 03 Feb 2012)
New Revision: 1369
Added:
federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/listeners/
federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/listeners/IDPHttpSessionListener.java
Modified:
federation/trunk/picketlink-webapps/idp-sig-no-val/src/main/webapp/WEB-INF/web.xml
federation/trunk/picketlink-webapps/idp-sig/src/main/webapp/WEB-INF/web.xml
federation/trunk/picketlink-webapps/idp-standalone/src/main/webapp/WEB-INF/web.xml
federation/trunk/picketlink-webapps/idp/src/main/webapp/WEB-INF/web.xml
Log:
PLFED-249: create a IDP http session listener that calls on the sts to expire the token
Added: federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/listeners/IDPHttpSessionListener.java
===================================================================
--- federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/listeners/IDPHttpSessionListener.java (rev 0)
+++ federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/listeners/IDPHttpSessionListener.java 2012-02-03 18:20:23 UTC (rev 1369)
@@ -0,0 +1,83 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.picketlink.identity.federation.web.listeners;
+
+import javax.servlet.http.HttpSession;
+import javax.servlet.http.HttpSessionEvent;
+import javax.servlet.http.HttpSessionListener;
+
+import org.apache.log4j.Logger;
+import org.picketlink.identity.federation.core.ErrorCodes;
+import org.picketlink.identity.federation.core.exceptions.ProcessingException;
+import org.picketlink.identity.federation.core.saml.v2.common.SAMLProtocolContext;
+import org.picketlink.identity.federation.core.sts.PicketLinkCoreSTS;
+import org.picketlink.identity.federation.saml.v2.assertion.AssertionType;
+import org.picketlink.identity.federation.web.constants.GeneralConstants;
+
+/**
+ * An instance of {@link HttpSessionListener} at the IDP
+ * that performs actions when an {@link HttpSession} is created or destroyed.
+ *
+ * @author Anil.Saldhana at redhat.com
+ * @since Feb 3, 2012
+ */
+public class IDPHttpSessionListener implements HttpSessionListener
+{
+ private static Logger log = Logger.getLogger(IDPHttpSessionListener.class);
+
+ private final boolean trace = log.isTraceEnabled();
+
+ public void sessionCreated(HttpSessionEvent se)
+ {
+ }
+
+ public void sessionDestroyed(HttpSessionEvent se)
+ {
+ HttpSession httpSession = se.getSession();
+ if (httpSession == null)
+ throw new RuntimeException(ErrorCodes.NULL_ARGUMENT + ":session");
+ AssertionType assertion = (AssertionType) httpSession.getAttribute(GeneralConstants.ASSERTION);
+
+ //If the user had logged out, then the assertion would not be available in the session.
+ //The case when the user closes the browser and does not logout, the session will time out on the
+ //server. So we know that the token has not been canceled by the STS.
+ if (assertion != null)
+ {
+ if (trace)
+ {
+ log.trace("User has closed the browser. So we proceed to cancel the STS issued token.");
+ }
+ PicketLinkCoreSTS sts = PicketLinkCoreSTS.instance();
+ SAMLProtocolContext samlProtocolContext = new SAMLProtocolContext();
+ samlProtocolContext.setIssuedAssertion(assertion);
+ try
+ {
+ sts.cancelToken(samlProtocolContext);
+ }
+ catch (ProcessingException e)
+ {
+ log.error(ErrorCodes.PROCESSING_EXCEPTION, e);
+ }
+ httpSession.removeAttribute(GeneralConstants.ASSERTION);
+ }
+ }
+}
\ No newline at end of file
Modified: federation/trunk/picketlink-webapps/idp/src/main/webapp/WEB-INF/web.xml
===================================================================
--- federation/trunk/picketlink-webapps/idp/src/main/webapp/WEB-INF/web.xml 2012-02-03 16:47:37 UTC (rev 1368)
+++ federation/trunk/picketlink-webapps/idp/src/main/webapp/WEB-INF/web.xml 2012-02-03 18:20:23 UTC (rev 1369)
@@ -9,6 +9,10 @@
IDP Web Application for the PicketLink project
</description>
+ <listener>
+ <listener-class>org.picketlink.identity.federation.web.listeners.IDPHttpSessionListener</listener-class>
+ </listener>
+
<!-- Define a security constraint that gives unlimted access to images -->
<security-constraint>
<web-resource-collection>
Modified: federation/trunk/picketlink-webapps/idp-sig/src/main/webapp/WEB-INF/web.xml
===================================================================
--- federation/trunk/picketlink-webapps/idp-sig/src/main/webapp/WEB-INF/web.xml 2012-02-03 16:47:37 UTC (rev 1368)
+++ federation/trunk/picketlink-webapps/idp-sig/src/main/webapp/WEB-INF/web.xml 2012-02-03 18:20:23 UTC (rev 1369)
@@ -4,6 +4,11 @@
version="2.5">
<display-name>IDP</display-name>
<description> IDP Web Application for the PicketLink project</description>
+
+ <listener>
+ <listener-class>org.picketlink.identity.federation.web.listeners.IDPHttpSessionListener</listener-class>
+ </listener>
+
<!--
Define a security constraint that gives unlimted access to images
-->
Modified: federation/trunk/picketlink-webapps/idp-sig-no-val/src/main/webapp/WEB-INF/web.xml
===================================================================
--- federation/trunk/picketlink-webapps/idp-sig-no-val/src/main/webapp/WEB-INF/web.xml 2012-02-03 16:47:37 UTC (rev 1368)
+++ federation/trunk/picketlink-webapps/idp-sig-no-val/src/main/webapp/WEB-INF/web.xml 2012-02-03 18:20:23 UTC (rev 1369)
@@ -4,6 +4,11 @@
version="2.5">
<display-name>IDP</display-name>
<description> IDP Web Application for the PicketLink project</description>
+
+ <listener>
+ <listener-class>org.picketlink.identity.federation.web.listeners.IDPHttpSessionListener</listener-class>
+ </listener>
+
<!--
Define a security constraint that gives unlimted access to images
-->
Modified: federation/trunk/picketlink-webapps/idp-standalone/src/main/webapp/WEB-INF/web.xml
===================================================================
--- federation/trunk/picketlink-webapps/idp-standalone/src/main/webapp/WEB-INF/web.xml 2012-02-03 16:47:37 UTC (rev 1368)
+++ federation/trunk/picketlink-webapps/idp-standalone/src/main/webapp/WEB-INF/web.xml 2012-02-03 18:20:23 UTC (rev 1369)
@@ -12,6 +12,10 @@
<!-- Listeners -->
<listener>
<listener-class>org.picketlink.identity.federation.web.core.IdentityServer</listener-class>
+ </listener>
+
+ <listener>
+ <listener-class>org.picketlink.identity.federation.web.listeners.IDPHttpSessionListener</listener-class>
</listener>
More information about the jboss-cvs-commits
mailing list