Package org.apache.guacamole.net.auth

Class AuthenticationSessionManager<T extends AuthenticationSession>

java.lang.Object
org.apache.guacamole.net.auth.AuthenticationSessionManager<T>
Type Parameters:
T - The type of sessions managed by this session manager.
public abstract class AuthenticationSessionManager<T extends AuthenticationSession> extends Object
Manager service that temporarily stores a user's authentication status while the authentication flow is underway. Authentication attempts are represented as temporary authentication sessions, allowing authentication attempts to span multiple requests, redirects, etc. Invalid or stale authentication sessions are automatically purged from storage.

  • Constructor Summary

    Constructors
    Constructor
    Description
    AuthenticationSessionManager()
    Creates a new AuthenticationSessionManager that manages in-progress authentication attempts.

  • Method Summary

    Modifier and Type
    Method
    Description
    String
    defer(T session)
    Defers the Guacamole side of authentication for the user having the given authentication session such that it may be later resumed through a call to resume().
    void
    defer(T session, String identifier)
    Defers the Guacamole side of authentication for the user having the given authentication session such that it may be later resumed through a call to resume().
    String
    generateInvalid()
    Generates a cryptographically-secure value identical in form to the session tokens generated by defer(org.apache.guacamole.auth.sso.AuthenticationSession) but invalid.
    void
    invalidateSession(String identifier)
    Remove the session associated with the given identifier, if any, from the map of sessions, and the set of pending sessions.
    void
    reactivateSession(String identifier)
    Reactivate (remove from pending) the session associated with the given session identifier, if any.
    T
    resume(String identifier)
    Resumes the Guacamole side of the authentication process that was previously deferred through a call to defer().
    void
    shutdown()
    Shuts down the executor service that periodically removes all invalid authentication sessions.

    Methods inherited from class java.lang.Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

  • Constructor Details

    • AuthenticationSessionManager

      public AuthenticationSessionManager()
      Creates a new AuthenticationSessionManager that manages in-progress authentication attempts. Invalid, stale sessions are automatically cleaned up.

  • Method Details

    • generateInvalid

      public String generateInvalid()
      Generates a cryptographically-secure value identical in form to the session tokens generated by defer(org.apache.guacamole.auth.sso.AuthenticationSession) but invalid. The returned value is indistinguishable from a valid token, but is not a valid token.
      Returns:
      An invalid token value that is indistinguishable from a valid token.

    • invalidateSession

      public void invalidateSession(String identifier)
      Remove the session associated with the given identifier, if any, from the map of sessions, and the set of pending sessions.
      Parameters:
      identifier - The identifier of the session to remove, if one exists.

    • reactivateSession

      public void reactivateSession(String identifier)
      Reactivate (remove from pending) the session associated with the given session identifier, if any. After calling this method, any session with the given identifier will be ready to be resumed again.
      Parameters:
      identifier - The identifier of the session to reactivate, if one exists.

    • resume

      public T resume(String identifier)
      Resumes the Guacamole side of the authentication process that was previously deferred through a call to defer(). Once invoked, the provided value ceases to be valid for future calls to resume().
      Parameters:
      identifier - The unique string returned by the call to defer(). For convenience, this value may safely be null.
      Returns:
      The AuthenticationSession originally provided when defer() was invoked, or null if the session is no longer valid or no such value was returned by defer().

    • defer

      public String defer(T session)
      Defers the Guacamole side of authentication for the user having the given authentication session such that it may be later resumed through a call to resume(). If authentication is never resumed, the session will automatically be cleaned up after it ceases to be valid. This method will automatically generate a new identifier.
      Parameters:
      session - The AuthenticationSession representing the in-progress authentication attempt.
      Returns:
      A unique and unpredictable string that may be used to represent the given session when calling resume().

    • defer

      public void defer(T session, String identifier)
      Defers the Guacamole side of authentication for the user having the given authentication session such that it may be later resumed through a call to resume(). If authentication is never resumed, the session will automatically be cleaned up after it ceases to be valid. This method accepts an externally generated ID, which should be a UUID or similar unique identifier.
      Parameters:
      session - The AuthenticationSession representing the in-progress authentication attempt.
      identifier - A unique and unpredictable string that may be used to represent the given session when calling resume().

    • shutdown

      public void shutdown()
      Shuts down the executor service that periodically removes all invalid authentication sessions. This must be invoked when the auth extension is shut down in order to avoid resource leaks.