Spring Security SAML

org.springframework.security.saml.storage
Class HttpSessionStorage

java.lang.Object
  extended by org.springframework.security.saml.storage.HttpSessionStorage
All Implemented Interfaces:
SAMLMessageStorage

public class HttpSessionStorage
extends Object
implements SAMLMessageStorage

Class implements storage of SAML messages and uses HttpSession as underlying dataStore. As the XMLObjects can't be serialized (which could lead to problems during failover), the messages are transformed into SAMLObject which internally marshalls the content into XML during serialization. Messages are populated to a Hashtable and stored inside HttpSession. The Hashtable is lazily initialized during first attempt to create or retrieve a message.

Author:
Vladimir Schäfer

Field Summary
protected  org.slf4j.Logger log
          Class logger.
 
Constructor Summary
HttpSessionStorage(HttpServletRequest request)
          Creates the storage object.
HttpSessionStorage(HttpSession session)
          Creates the storage object.
 
Method Summary
 Set<String> getAllMessages()
           
 org.opensaml.xml.XMLObject retrieveMessage(String messageID)
          Returns previously stored message with the given ID or null, if there is no message stored.
 void storeMessage(String messageID, org.opensaml.xml.XMLObject message)
          Stores a request message into the repository.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

log

protected final org.slf4j.Logger log
Class logger.

Constructor Detail

HttpSessionStorage

public HttpSessionStorage(HttpServletRequest request)
Creates the storage object. The session is manipulated only once caller tries to store or retrieve a message. In case request doesn't already have a started session, it will be created.

Parameters:
request - request to load/store internalMessages from

HttpSessionStorage

public HttpSessionStorage(HttpSession session)
Creates the storage object. The session is manipulated only once caller tries to store or retrieve a message.

Parameters:
session - session to load/store internalMessages from
Method Detail

storeMessage

public void storeMessage(String messageID,
                         org.opensaml.xml.XMLObject message)
Stores a request message into the repository. RequestAbstractType must have an ID set. Any previous message with the same ID will be overwritten.

Specified by:
storeMessage in interface SAMLMessageStorage
Parameters:
messageID - ID of message
message - message to be stored

retrieveMessage

public org.opensaml.xml.XMLObject retrieveMessage(String messageID)
Returns previously stored message with the given ID or null, if there is no message stored.

Message is stored in String format and must be unmarshalled into XMLObject. Call to this method may thus be expensive.

Messages are automatically cleared upon successful reception, as we presume that there are never multiple ongoing SAML exchanges for the same session. This saves memory used by the session.

Specified by:
retrieveMessage in interface SAMLMessageStorage
Parameters:
messageID - ID of message to retrieve
Returns:
message found or null

getAllMessages

public Set<String> getAllMessages()
Returns:
all internalMessages currently stored in the storage

Spring Security SAML