Package net.ltgt.oidc.servlet

Class InMemoryLoggedOutSessionStore

java.lang.Object

net.ltgt.oidc.servlet.InMemoryLoggedOutSessionStore

All Implemented Interfaces:

LoggedOutSessionStore

public class InMemoryLoggedOutSessionStore
extends Object
implements LoggedOutSessionStore

An implementation of LoggedOutSessionStore that stores session IDs in memory.

A subclass can override doLogout(java.util.Set<java.lang.String>) to effectively invalidate sessions.

Field Summary

Fields inherited from interface net.ltgt.oidc.servlet.LoggedOutSessionStore

CONTEXT_ATTRIBUTE_NAME

Constructor Summary

Constructors

Constructor	Description
InMemoryLoggedOutSessionStore()

Method Summary

Modifier and Type	Method	Description
void	acquire(SessionID sessionID, String sessionId)	Associates the OpenID Provider session ID with a new application's HTTP session.
protected void	doLogout(Set<String> sessionIds)	Can be implemented to effectively invalidate sessions.
boolean	isLoggedOut(SessionID sessionID)	Returns whether the given session ID has been logged out.
void	logout(SessionID sessionID)	Records the given session ID as having been logged out at the OpenID Provider.
void	release(SessionID sessionID, String sessionId)	Dissociates the OpenID Provider session ID from an application's HTTP session.
void	renew(SessionID sessionID, String oldSessionId, String newSessionId)	Notifies the store that the application's HTTP session, associated with a given OpenID Provider session ID, has changed ID.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

InMemoryLoggedOutSessionStore

public InMemoryLoggedOutSessionStore()

Method Details

logout

public void logout(SessionID sessionID)

Description copied from interface: LoggedOutSessionStore

Records the given session ID as having been logged out at the OpenID Provider.

Implementations could also directly invalidate the session if possible, rather than only marking it as logged out to later be invalidated by the UserFilter. In this case, the BackchannelLogoutSessionListener might not be necessary depending on the implementation.

Specified by:

logout in interface LoggedOutSessionStore

See Also:

• BackchannelLogoutServlet

doLogout

@ForOverride
protected void doLogout(Set<String> sessionIds)

Can be implemented to effectively invalidate sessions.

A Jetty implementation could thus use getManagedSession(sessionId).invalidate() on the context's SessionManager, a Tomcat implementation findSession(sessionId).invalidate() on the context's Manager, an Undertow implementation getSession(sessionId).invalidate(null) on the context's SessionManager, etc.

isLoggedOut

public boolean isLoggedOut(SessionID sessionID)

Description copied from interface: LoggedOutSessionStore

Returns whether the given session ID has been logged out.

Called by UserFilter to possibly invalidate sessions as they're being tentatively used.

Specified by:

isLoggedOut in interface LoggedOutSessionStore

See Also:

• LoggedOutSessionStore.logout(com.nimbusds.openid.connect.sdk.claims.SessionID)
• UserFilter

acquire

public void acquire(SessionID sessionID,
 String sessionId)

Description copied from interface: LoggedOutSessionStore

Associates the OpenID Provider session ID with a new application's HTTP session.

Specified by:

acquire in interface LoggedOutSessionStore

See Also:

• BackchannelLogoutSessionListener

release

public void release(SessionID sessionID,
 String sessionId)

Description copied from interface: LoggedOutSessionStore

Dissociates the OpenID Provider session ID from an application's HTTP session.

Specified by:

release in interface LoggedOutSessionStore

See Also:

• BackchannelLogoutSessionListener

renew

public void renew(SessionID sessionID,
 String oldSessionId,
 String newSessionId)

Description copied from interface: LoggedOutSessionStore

Notifies the store that the application's HTTP session, associated with a given OpenID Provider session ID, has changed ID.

Specified by:

renew in interface LoggedOutSessionStore