Skip to content

Commit

Permalink
Don't invalidate other sessions on logout - just remove the SSO.
Browse files Browse the repository at this point in the history 
Now that undertow is on Java 1.7, use AutoCloseable for SignleSignOn.
  • Loading branch information
@pferraro @stuartwdouglas
pferraro authored and stuartwdouglas committed Jun 26, 2014
1 parent 4f6f18c commit edf51dc
Show file tree
Hide file tree
Showing 2 changed files with 8 additions and 27 deletions.
4 changes: 1 addition & 3 deletions core/src/main/java/io/undertow/security/impl/SingleSignOn.java
View file
Expand Up @@ -18,8 +18,6 @@

package io.undertow.security.impl;

import java.io.Closeable;

import io.undertow.security.idm.Account;
import io.undertow.server.session.Session;
import io.undertow.server.session.SessionManager;
Expand All @@ -28,7 +26,7 @@
* @author Stuart Douglas
* @author Paul Ferraro
*/
public interface SingleSignOn extends Iterable<Session>, Closeable {
public interface SingleSignOn extends Iterable<Session>, AutoCloseable {

/**
* Returns the unique identifier for this SSO.
Expand Down
31 changes: 7 additions & 24 deletions core/src/main/java/io/undertow/security/impl/SingleSignOnAuthenticationMechanism.java
View file
Expand Up @@ -68,9 +68,9 @@ public SingleSignOnAuthenticationMechanism(SingleSignOnManager storage) {
public AuthenticationMechanismOutcome authenticate(HttpServerExchange exchange, SecurityContext securityContext) {
Cookie cookie = exchange.getRequestCookies().get(cookieName);
if (cookie != null) {
final SingleSignOn sso = this.manager.findSingleSignOn(cookie.getValue());
if (sso != null) {
try {
final String ssoId = cookie.getValue();
try (SingleSignOn sso = this.manager.findSingleSignOn(ssoId)) {
if (sso != null) {
Account verified = securityContext.getIdentityManager().verify(sso.getAccount());
if (verified == null) {
//we return not attempted here to allow other mechanisms to proceed as normal
Expand All @@ -83,21 +83,11 @@ public AuthenticationMechanismOutcome authenticate(HttpServerExchange exchange,
@Override
public void handleNotification(SecurityNotification notification) {
if (notification.getEventType() == SecurityNotification.EventType.LOGGED_OUT) {
try {
sso.remove(session);
for (Session associatedSession : sso) {
associatedSession.invalidate(null);
}
manager.removeSingleSignOn(sso.getId());
} finally {
sso.close();
}
manager.removeSingleSignOn(ssoId);
}
}
});
return AuthenticationMechanismOutcome.AUTHENTICATED;
} finally {
sso.close();
}
}
clearSsoCookie(exchange);
Expand Down Expand Up @@ -137,14 +127,10 @@ public StreamSinkConduit wrap(ConduitFactory<StreamSinkConduit> factory, HttpSer
SecurityContext sc = exchange.getSecurityContext();
Account account = sc.getAuthenticatedAccount();
if (account != null) {
SingleSignOn sso = manager.createSingleSignOn(account, sc.getMechanismName());
try {

try (SingleSignOn sso = manager.createSingleSignOn(account, sc.getMechanismName())) {
Session session = getSession(exchange);
registerSessionIfRequired(sso, session);
exchange.getResponseCookies().put(cookieName, new CookieImpl(cookieName, sso.getId()).setHttpOnly(httpOnly).setSecure(secure).setDomain(domain).setPath(path));
} finally {
sso.close();
}
}
return factory.create();
Expand All @@ -162,9 +148,8 @@ public void sessionCreated(Session session, HttpServerExchange exchange) {
public void sessionDestroyed(Session session, HttpServerExchange exchange, SessionDestroyedReason reason) {
String ssoId = (String) session.getAttribute(SSO_SESSION_ATTRIBUTE);
if (ssoId != null) {
SingleSignOn sso = manager.findSingleSignOn(ssoId);
if (sso != null) {
try {
try (SingleSignOn sso = manager.findSingleSignOn(ssoId)) {
if (sso != null) {
sso.remove(session);
if (reason == SessionDestroyedReason.INVALIDATED) {
for (Session associatedSession : sso) {
Expand All @@ -176,8 +161,6 @@ public void sessionDestroyed(Session session, HttpServerExchange exchange, Sessi
if (!sso.iterator().hasNext()) {
manager.removeSingleSignOn(ssoId);
}
} finally {
sso.close();
}
}
}
Expand Down

0 comments on commit edf51dc

Please sign in to comment.