Class AuthenticationUtil


  • public class AuthenticationUtil
    extends Object
    • Constructor Detail

      • AuthenticationUtil

        public AuthenticationUtil()
    • Method Detail

      • getAuthsFromSession

        public static Authentications getAuthsFromSession​(javax.servlet.http.HttpSession session)
        Allows obtaining an Authentications object from the HttpSession. If no such object exists in the session, a new instance is created and returned.
        Parameters:
        session - the HttpSession instance from which to retrieve the Authentications.
      • revalidateSession

        public static void revalidateSession​(javax.servlet.http.HttpServletRequest request,
                                             UserAuthentication authentication)
        Invalidates the old HttpSession of the current request and creates a new one. Additionally, transfers the existing authentications to the new session and adds a new one.
        Parameters:
        request - the HttpServletRequest instance from which the session is obtained and a new HttpSession created.
        authentication - the new Authentication instance that is created through user login. It is added to the existing authentications.
      • updateSession

        public static void updateSession​(javax.servlet.http.HttpSession session,
                                         Authentications authentications)
        Store authentications in current session.
      • updateCache

        public static void updateCache​(Authentications authentications,
                                       javax.servlet.http.HttpSession session,
                                       long cacheTimeToLive)

        Update/remove authentications when cache validation time (= x + TTL) is due.

        The following information is updated:

        • groupIds
        • tenantIds
        • authorizedApps

          An authorization is only removed if the user doesn't exist anymore (user was deleted).

      • getSessionMutex

        protected static Object getSessionMutex​(javax.servlet.http.HttpSession session)

        Returns the session mutex to synchronize on.

        Avoids updating the auth cache by multiple HTTP requests in parallel.