SessionServiceConfig.java revision 9def6ecfb0264336724a6523b01bed2059b8ddb6
/**
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
*
* Copyright (c) 2005 Sun Microsystems Inc. All Rights Reserved
*
* The contents of this file are subject to the terms
* of the Common Development and Distribution License
* (the License). You may not use this file except in
* compliance with the License.
*
* You can obtain a copy of the License at
* See the License for the specific language governing
* permission and limitations under the License.
*
* When distributing Covered Code, include this CDDL
* Header Notice in each file and include the License file
* at opensso/legal/CDDLv1.0.txt.
* If applicable, add the following below the CDDL Header,
* with the fields enclosed by brackets [] replaced by
* your own identifying information:
* "Portions Copyrighted [year] [name of copyright owner]"
*
* $Id: SessionService.java,v 1.37 2010/02/03 03:52:54 bina Exp $
*
* Portions Copyrighted 2010-2016 ForgeRock AS.
* Portions Copyrighted 2016 Nomura Research Institute, Ltd.
*/
/**
* Responsible for collating System Properties and amSession.xml configuration state relating to the Session Service.
*
* @since 13.0.0
*/
public class SessionServiceConfig {
private final Debug sessionDebug;
/*
* Constant Properties
*/
/*
* System Properties
*/
private static final int DEFAULT_MAX_SESSION_CACHE_SIZE = 5000;
private final boolean logStatus;
private final String httpSessionTrackingCookieName;
private static final boolean DEFAULT_COOKIE_ENCODING = false;
private final boolean cookieEncoding;
private static final int DEFAULT_NOTIFICATION_THEAD_POOL_SIZE = 10;
private final int notificationThreadPoolSize;
private static final int DEFAULT_NOTIFICATION_THEAD_POOL_THRESHOLD = DEFAULT_NOTIFICATION_THEAD_POOL_SIZE * 10;
private final int notificationThreadPoolThreshold;
private final long applicationMaxCachingTime;
private static final boolean DEFAULT_RETURN_APP_SESSION = false;
private final boolean returnAppSession;
private final int sessionFailoverClusterStateCheckTimeout;
private final long sessionFailoverClusterStateCheckPeriod;
/*
* amSession.xml (SMS) Properties
*/
private volatile HotSwappableSessionServiceConfig hotSwappableSessionServiceConfig;
/**
* Private value object for storing snapshot state of amSession.xml config settings.
*
* This allows immutable value objects to be published as an atomic operation.
*/
private class HotSwappableSessionServiceConfig {
private static final long DEFAULT_SESSION_RETRIEVAL_TIMEOUT = 5;
private static final int DEFAULT_MAX_SESSION_LIST_SIZE = 200;
private static final int DEFAULT_MAX_WAIT_TIME_FOR_CONSTRAINT = 6000;
private final JwtSessionMapperConfig jwtSessionMapperConfig;
private final boolean sessionConstraintEnabled;
private final boolean denyLoginIfDBIsDown;
private final String constraintHandler;
private final boolean propertyNotificationEnabled;
private final Set notificationProperties;
private final long sessionRetrievalTimeout; // in seconds
private final int maxSessionListSize;
private final int maxWaitTimeForConstraint; // in milli-seconds
private final boolean sessionBlacklistEnabled;
private final int sessionBlacklistCacheSize;
private final long sessionBlacklistPollIntervalSeconds;
private final long sessionBlacklistPurgeDelayMinutes;
sessionBlacklistEnabled = CollectionHelper.getBooleanMapAttr(attrs, SESSION_BLACKLIST_ENABLED_ATTR, false);
sessionBlacklistCacheSize = CollectionHelper.getIntMapAttr(attrs, SESSION_BLACKLIST_CACHE_SIZE_ATTR, 0,
}
}
attrs, AM_SESSION_SESSION_LIST_RETRIEVAL_TIMEOUT, DEFAULT_SESSION_RETRIEVAL_TIMEOUT, sessionDebug));
if (sessionDebug.messageEnabled()) {
}
return value;
}
if (sessionDebug.messageEnabled()) {
}
return value;
}
if (sessionDebug.messageEnabled()) {
}
return value;
}
if (propertyNotificationEnabled) {
}
if (sessionDebug.messageEnabled()) {
}
return value;
}
} else {
// Only copy non-empty String values to avoid triggering a ClassNotFoundException on empty values when
// SessionService iterates over the list to call the handlers.
}
}
values = valuesCopy;
}
if (sessionDebug.messageEnabled()) {
}
return values;
}
if (sessionDebug.messageEnabled()) {
}
return value;
}
if (sessionDebug.messageEnabled()) {
}
return value;
}
if (sessionDebug.messageEnabled()) {
}
return value;
}
if (sessionDebug.messageEnabled()) {
}
return value;
}
}
final ServiceListeners serviceListeners) {
this.sessionDebug = sessionDebug;
// Initialize values set from System properties
SystemProperties.get(AM_SESSION_HTTP_SESSION_TRACKING_COOKIE_NAME, DEFAULT_HTTP_SESSION_TRACKING_COOKIE_NAME);
SystemProperties.getAsLong(APPLICATION_SESSION_MAX_CACHING_TIME, DEFAULT_APPLICATION_MAX_CACHING_TIME);
try {
// Initialize settings from SMS
new ServiceSchemaManager(AM_SESSION_SERVICE_NAME, AccessController.doPrivileged(adminTokenProvider));
public void performUpdate() {
try {
} catch (SMSException e) {
throw new IllegalStateException(e);
}
}
};
// Rethrow exception rather than hobbling on with invalid configuration state
}
}
private int loadNotificationThreadPoolSizeSystemProperty() {
try {
return SystemProperties.getAsInt(NOTIFICATION_THREADPOOL_SIZE, DEFAULT_NOTIFICATION_THEAD_POOL_SIZE);
} catch (NumberFormatException e) {
"Invalid value for " + NOTIFICATION_THREADPOOL_SIZE +
" defaulting to " + DEFAULT_NOTIFICATION_THEAD_POOL_SIZE);
}
}
private int loadNotificationThreadPoolThresholdSystemProperty() {
try {
} catch (NumberFormatException e) {
"Invalid value for " + NOTIFICATION_THREADPOOL_THRESHOLD +
" defaulting to " + DEFAULT_NOTIFICATION_THEAD_POOL_THRESHOLD);
}
}
private int loadSessionFailoverClusterStateCheckTimeout() {
try {
} catch (Exception e) {
return ClusterStateService.DEFAULT_TIMEOUT;
}
}
private long loadSessionFailoverClusterStateCheckPeriod() {
try {
} catch (Exception e) {
return ClusterStateService.DEFAULT_PERIOD;
}
}
/**
* Returns amSession.xml property "iplanet-am-session-constraint-handler".
*
* This should be the fully qualified name of a class implementing
* {@link com.iplanet.dpro.session.service.QuotaExhaustionAction}.
*
* Defaults to {@link org.forgerock.openam.session.service.DestroyOldestAction}.
*
* @see com.iplanet.dpro.session.service.QuotaExhaustionAction
* @see org.forgerock.openam.session.service.DestroyOldestAction
*/
public String getConstraintHandler() {
}
/**
* Returns true if amSession.xml property "iplanet-am-session-deny-login-if-db-is-down" is "YES" (case insensitive).
*
* Defaults to false.
*/
public boolean isDenyLoginIfDBIsDown() {
}
/**
* Returns true if amSession.xml property "iplanet-am-session-enable-session-constraint" is "ON" (case insensitive).
*
* Defaults to false.
*/
public boolean isSessionConstraintEnabled() {
}
public String getHttpSessionPropertyName() {
return HTTP_SESSION_PROPERTY_NAME;
}
public String getHttpSessionOwnerListPropertyName() {
}
public String getSecurityCookieName() {
return SECURITY_COOKIE_NAME;
}
/**
* The maximum number of sessions to cache in the internal session cache.
*
* @return SystemProperty "org.forgerock.openam.session.service.access.persistence.caching.maxsize". Default 5000.
*/
public int getMaxSessionCacheSize() {
}
/**
* Returns true if SystemProperty "com.iplanet.am.logstatus" is "ACTIVE" (case insensitive).
*
* Defaults to false.
*/
public boolean isLoggingEnabled() {
return logStatus;
}
/**
* session tracking (currently hardcoded to "JSESSIONID")
*/
public String getHttpSessionTrackingCookieName() {
return httpSessionTrackingCookieName;
}
/**
* Returns true if SystemProperty "com.iplanet.am.cookie.encode" is true.
*
* Defaults to false.
*/
public boolean isCookieEncodingEnabled() {
return cookieEncoding;
}
/**
* Returns value of SystemProperty "com.iplanet.am.notification.threadpool.size".
*
* Defaults to 10 if not specified.
*/
public int getNotificationThreadPoolSize() {
return notificationThreadPoolSize;
}
/**
* Returns value of SystemProperty "com.iplanet.am.notification.threadpool.threshold".
*
* Defaults to 100 if not specified.
*/
public int getNotificationThreadPoolThreshold() {
return notificationThreadPoolThreshold;
}
/**
* Returns value of SystemProperty "com.sun.identity.session.returnAppSession".
*
* Defaults to false.
*/
public boolean isReturnAppSessionEnabled() {
return returnAppSession;
}
/**
* Returns values of amSession.xml property "openam-session-timeout-handler-list".
*
* Each value should be the fully qualified name of a class implementing
* {@link org.forgerock.openam.session.service.SessionTimeoutHandler}.
*
* @see org.forgerock.openam.session.service.SessionTimeoutHandler
*/
}
/**
* Returns value of SystemProperty "com.sun.identity.session.application.maxCacheTime" (minutes).
*
* Defaults to Long.MAX_VALUE / 60 (i.e. essentially forever).
*/
public long getApplicationMaxCachingTime() {
return applicationMaxCachingTime;
}
/**
* Returns value of amSession.xml property "iplanet-am-session-session-list-retrieval-timeout" (seconds).
*
* Defaults to 5.
*/
public long getSessionRetrievalTimeout() {
}
/**
* Returns value of amSession.xml property "iplanet-am-session-max-session-list-size".
*
* Defaults to 200.
*/
public int getMaxSessionListSize() {
}
/**
* Returns true if property change notifications are enabled for the specified property.
*
* Property change notifications are activated by setting the amSession.xml property
* "iplanet-am-session-property-change-notification" to "ON" (case-insensitive); defaults to false.
*
* Properties for which notifications should be sent are then specified vis the amSession.xml property
* "iplanet-am-session-notification-property-list"; no properties are selected by default.
*
* @param key Name of the property to check
*/
}
/**
* @return JwtSessionMapper configured according to hot-swappable SMS settings.
*/
public JwtSessionMapper getJwtSessionMapper() {
}
/**
* Returns value of amSession.xml property "com.iplanet.am.session.failover.cluster.stateCheck.timeout" (milliseconds).
*
* Defaults to 1000.
*/
public int getSessionFailoverClusterStateCheckTimeout() {
}
/**
* Returns value of amSession.xml property "com.iplanet.am.session.failover.cluster.stateCheck.period" (milliseconds).
*
* Defaults to 1000.
*/
public long getSessionFailoverClusterStateCheckPeriod() {
}
/**
* Whether session blacklisting is enabled for stateless session logout.
*
* Defaults to false.
*/
public boolean isSessionBlacklistingEnabled() {
}
/**
* Maximum number of blacklisted sessions to cache in memory on each server. Beyond this number, sessions will be
* evicted from memory (but kept in the CTS) in a least-recently used (LRU) strategy.
*
* Defaults to 10000.
*/
public int getSessionBlacklistCacheSize() {
}
/**
* The interval at which to poll for changes to the session blacklist. May be 0 to indicate polling is disabled.
*
* @param unit the desired time unit for the poll interval.
*/
return unit.convert(hotSwappableSessionServiceConfig.sessionBlacklistPollIntervalSeconds, TimeUnit.SECONDS);
}
/**
* Amount of time to keep sessions in the blacklist beyond their expiry time to account for clock skew.
*
* @param unit the desired time unit for the purge delay.
*/
return unit.convert(hotSwappableSessionServiceConfig.sessionBlacklistPurgeDelayMinutes, TimeUnit.MINUTES);
}
/**
* Register a listener to be notified when {@link SessionServiceConfig} changes.
*
* @param listener the event listener to call when {@link SessionServiceConfig} changes.
*/
}
private void notifyListeners() {
}
}
}