diff --git a/core/src/main/java/io/undertow/security/impl/SingleSignOn.java b/core/src/main/java/io/undertow/security/impl/SingleSignOn.java index 54035aafaa..962d890383 100644 --- a/core/src/main/java/io/undertow/security/impl/SingleSignOn.java +++ b/core/src/main/java/io/undertow/security/impl/SingleSignOn.java @@ -18,8 +18,6 @@ package io.undertow.security.impl; -import java.io.Closeable; - import io.undertow.security.idm.Account; import io.undertow.server.session.Session; import io.undertow.server.session.SessionManager; @@ -28,7 +26,7 @@ * @author Stuart Douglas * @author Paul Ferraro */ -public interface SingleSignOn extends Iterable, Closeable { +public interface SingleSignOn extends Iterable, AutoCloseable { /** * Returns the unique identifier for this SSO. diff --git a/core/src/main/java/io/undertow/security/impl/SingleSignOnAuthenticationMechanism.java b/core/src/main/java/io/undertow/security/impl/SingleSignOnAuthenticationMechanism.java index 1c8b66b796..1b59b09261 100644 --- a/core/src/main/java/io/undertow/security/impl/SingleSignOnAuthenticationMechanism.java +++ b/core/src/main/java/io/undertow/security/impl/SingleSignOnAuthenticationMechanism.java @@ -68,9 +68,9 @@ public SingleSignOnAuthenticationMechanism(SingleSignOnManager storage) { public AuthenticationMechanismOutcome authenticate(HttpServerExchange exchange, SecurityContext securityContext) { Cookie cookie = exchange.getRequestCookies().get(cookieName); if (cookie != null) { - final SingleSignOn sso = this.manager.findSingleSignOn(cookie.getValue()); - if (sso != null) { - try { + final String ssoId = cookie.getValue(); + try (SingleSignOn sso = this.manager.findSingleSignOn(ssoId)) { + if (sso != null) { Account verified = securityContext.getIdentityManager().verify(sso.getAccount()); if (verified == null) { //we return not attempted here to allow other mechanisms to proceed as normal @@ -83,21 +83,11 @@ public AuthenticationMechanismOutcome authenticate(HttpServerExchange exchange, @Override public void handleNotification(SecurityNotification notification) { if (notification.getEventType() == SecurityNotification.EventType.LOGGED_OUT) { - try { - sso.remove(session); - for (Session associatedSession : sso) { - associatedSession.invalidate(null); - } - manager.removeSingleSignOn(sso.getId()); - } finally { - sso.close(); - } + manager.removeSingleSignOn(ssoId); } } }); return AuthenticationMechanismOutcome.AUTHENTICATED; - } finally { - sso.close(); } } clearSsoCookie(exchange); @@ -137,14 +127,10 @@ public StreamSinkConduit wrap(ConduitFactory factory, HttpSer SecurityContext sc = exchange.getSecurityContext(); Account account = sc.getAuthenticatedAccount(); if (account != null) { - SingleSignOn sso = manager.createSingleSignOn(account, sc.getMechanismName()); - try { - + try (SingleSignOn sso = manager.createSingleSignOn(account, sc.getMechanismName())) { Session session = getSession(exchange); registerSessionIfRequired(sso, session); exchange.getResponseCookies().put(cookieName, new CookieImpl(cookieName, sso.getId()).setHttpOnly(httpOnly).setSecure(secure).setDomain(domain).setPath(path)); - } finally { - sso.close(); } } return factory.create(); @@ -162,9 +148,8 @@ public void sessionCreated(Session session, HttpServerExchange exchange) { public void sessionDestroyed(Session session, HttpServerExchange exchange, SessionDestroyedReason reason) { String ssoId = (String) session.getAttribute(SSO_SESSION_ATTRIBUTE); if (ssoId != null) { - SingleSignOn sso = manager.findSingleSignOn(ssoId); - if (sso != null) { - try { + try (SingleSignOn sso = manager.findSingleSignOn(ssoId)) { + if (sso != null) { sso.remove(session); if (reason == SessionDestroyedReason.INVALIDATED) { for (Session associatedSession : sso) { @@ -176,8 +161,6 @@ public void sessionDestroyed(Session session, HttpServerExchange exchange, Sessi if (!sso.iterator().hasNext()) { manager.removeSingleSignOn(ssoId); } - } finally { - sso.close(); } } }