Class ApplicationSessionStateSupport
- java.lang.Object
-
- org.sourceid.saml20.adapter.state.SessionStateSupport
-
- org.sourceid.saml20.adapter.state.ApplicationSessionStateSupport
-
public class ApplicationSessionStateSupport extends SessionStateSupport
Provides functionality similar to using the HTTP Session. You can set, get and remove attributes associated with a user's session. Furthermore, the session is governed by an idle and a maximum timeout. That is, a user can interact with the session if they have had activity in a shorter period than the idle timeout but not passed the max session timeout.
The advantage of using this rather than the HttpSession object is that it uses the PingFederate server's underlying implementation of inter-request state management to replicate or share the data in a clustered environment.
Attributes must be added or updated using thesetAttribute(String, Object, HttpServletRequest, HttpServletResponse, boolean)orSessionStateSupport.removeAttribute(String, HttpServletRequest, HttpServletResponse)methods before the associatedHttpServletResponseresponse is committed.- Since:
- 9.1
-
-
Constructor Summary
Constructors Constructor Description ApplicationSessionStateSupport(String baseApplicationKey, int idleTimeoutInMinutes, int maxTimeoutInMinutes, SessionStateCleanable cleanable)Construct an ApplicationSessionStateSupport for the unique application key.ApplicationSessionStateSupport(String baseApplicationKey, SessionStateCleanable cleanable)Construct an ApplicationSessionStateSupport for the unique application key.
-
Method Summary
All Methods Instance Methods Concrete Methods Deprecated Methods Modifier and Type Method Description ObjectgetAttribute(String name, javax.servlet.http.HttpServletRequest req, javax.servlet.http.HttpServletResponse resp)Retrieves a named attribute from the user session (as determined by the request)voidsetAttribute(String name, Object value, javax.servlet.http.HttpServletRequest req, javax.servlet.http.HttpServletResponse resp)voidsetAttribute(String name, Object value, javax.servlet.http.HttpServletRequest req, javax.servlet.http.HttpServletResponse resp, boolean usedAsLoginCtx)Sets or associates a named attribute with the user session (as determined by the request)-
Methods inherited from class org.sourceid.saml20.adapter.state.SessionStateSupport
removeAttribute
-
-
-
-
Constructor Detail
-
ApplicationSessionStateSupport
public ApplicationSessionStateSupport(String baseApplicationKey, SessionStateCleanable cleanable)
Construct an ApplicationSessionStateSupport for the unique application key. The max and idle timeouts will use the values specified in PingFederate's "Application Sessions" settings in the Sessions management section of the Admin Console.- Parameters:
baseApplicationKey- A unique key that will separate application sessions from each other.cleanable- an instance ofSessionStateCleanableused to clean up an expired session.
-
ApplicationSessionStateSupport
public ApplicationSessionStateSupport(String baseApplicationKey, int idleTimeoutInMinutes, int maxTimeoutInMinutes, SessionStateCleanable cleanable)
Construct an ApplicationSessionStateSupport for the unique application key. But use the max and idle timeouts specified here and not the ones in PingFederate's "Application Sessions" settings.- Parameters:
baseApplicationKey- A unique key that will separate application sessions from each other.idleTimeoutInMinutes- The maximum time that a user can wait in between session interactions. A value of less than zero indicates there is no idle timeout.maxTimeoutInMinutes- The total time a user can interact with the session before it is cleaned. A value of less than zero indicates there is no max timeout.cleanable- an instance ofSessionStateCleanableused to clean up an expired session.
-
-
Method Detail
-
setAttribute
@Deprecated public void setAttribute(String name, Object value, javax.servlet.http.HttpServletRequest req, javax.servlet.http.HttpServletResponse resp)
Deprecated.- Overrides:
setAttributein classSessionStateSupport- Parameters:
name- the name of the attributevalue- the attribute valuereq- HTTP requestresp- HTTP response
-
setAttribute
public void setAttribute(String name, Object value, javax.servlet.http.HttpServletRequest req, javax.servlet.http.HttpServletResponse resp, boolean usedAsLoginCtx)
Sets or associates a named attribute with the user session (as determined by the request). Session activity will be checked before setting the attribute to session state. If either timeout has been exceeded then the session will be cleaned.- Overrides:
setAttributein classSessionStateSupport- Parameters:
name- the name of the attributevalue- the attribute valuereq- HTTP requestresp- HTTP responseusedAsLoginCtx- Instructs the underlying state mechanism (if appropriate) as to if certain mitigation steps against session fixation should be taken. Use true, if the attribute is used to maintain a security or login context, and false otherwise.
-
getAttribute
public Object getAttribute(String name, javax.servlet.http.HttpServletRequest req, javax.servlet.http.HttpServletResponse resp)
Retrieves a named attribute from the user session (as determined by the request). Session activity will be checked before getting the attribute from session state. If either timeout has been exceeded then the session will be cleaned.- Overrides:
getAttributein classSessionStateSupport- Parameters:
name- name the name of the attributereq- HTTP requestresp- HTTP response- Returns:
- the attribute value
-
-