Source code

001/*******************************************************************************
002 * Copyright 2017 The MIT Internet Trust Consortium
003 *
004 * Portions copyright 2011-2013 The MITRE Corporation
005 *
006 * Licensed under the Apache License, Version 2.0 (the "License");
007 * you may not use this file except in compliance with the License.
008 * You may obtain a copy of the License at
009 *
010 *   http://www.apache.org/licenses/LICENSE-2.0
011 *
012 * Unless required by applicable law or agreed to in writing, software
013 * distributed under the License is distributed on an "AS IS" BASIS,
014 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
015 * See the License for the specific language governing permissions and
016 * limitations under the License.
017 *******************************************************************************/
018/**
019 *
020 */
021package org.mitre.openid.connect.web;
022
023import java.io.IOException;
024import java.util.Date;
025
026import javax.servlet.ServletException;
027import javax.servlet.http.HttpServletRequest;
028import javax.servlet.http.HttpServletResponse;
029import javax.servlet.http.HttpSession;
030
031import org.mitre.openid.connect.filter.AuthorizationRequestFilter;
032import org.slf4j.Logger;
033import org.slf4j.LoggerFactory;
034import org.springframework.security.core.Authentication;
035import org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler;
036import org.springframework.stereotype.Component;
037
038/**
039 * This class sets a timestamp on the current HttpSession
040 * when someone successfully authenticates.
041 *
042 * @author jricher
043 *
044 */
045@Component("authenticationTimeStamper")
046public class AuthenticationTimeStamper extends SavedRequestAwareAuthenticationSuccessHandler {
047
048        /**
049         * Logger for this class
050         */
051        private static final Logger logger = LoggerFactory.getLogger(AuthenticationTimeStamper.class);
052
053        public static final String AUTH_TIMESTAMP = "AUTH_TIMESTAMP";
054
055        /**
056         * Set the timestamp on the session to mark when the authentication happened,
057         * useful for calculating authentication age. This gets stored in the sesion
058         * and can get pulled out by other components.
059         */
060        @Override
061        public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IOException, ServletException {
062
063                Date authTimestamp = new Date();
064
065                HttpSession session = request.getSession();
066
067                session.setAttribute(AUTH_TIMESTAMP, authTimestamp);
068
069                if (session.getAttribute(AuthorizationRequestFilter.PROMPT_REQUESTED) != null) {
070                        session.setAttribute(AuthorizationRequestFilter.PROMPTED, Boolean.TRUE);
071                        session.removeAttribute(AuthorizationRequestFilter.PROMPT_REQUESTED);
072                }
073
074                logger.info("Successful Authentication of " + authentication.getName() + " at " + authTimestamp.toString());
075
076                super.onAuthenticationSuccess(request, response, authentication);
077
078        }
079
080}