From: Scott Cantor Date: Mon, 22 Jan 2007 02:06:06 +0000 (+0000) Subject: First draft of session cache API X-Git-Tag: 2.0-alpha1~154 X-Git-Url: http://www.project-moonshot.org/gitweb/?p=shibboleth%2Fcpp-sp.git;a=commitdiff_plain;h=88e8978687b867795a356ba22999d0a9004d32ff First draft of session cache API --- diff --git a/.cdtproject b/.cdtproject index be8b1cf..8738fc7 100644 --- a/.cdtproject +++ b/.cdtproject @@ -10,7 +10,8 @@ - + + diff --git a/Shibboleth.sln b/Shibboleth.sln index 8b121dc..2262a09 100644 --- a/Shibboleth.sln +++ b/Shibboleth.sln @@ -46,12 +46,6 @@ Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "shar", "shar\shar.vcproj", EndProject Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "shib", "shib\shib.vcproj", "{E6CAB6C8-1D73-4410-970A-52BF9EC57810}" EndProject -Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "shib_mysql_ccache", "shib-mysql-ccache\shib_mysql_ccache.vcproj", "{54671467-CA4D-4BA3-9A27-15ED5576143D}" - ProjectSection(ProjectDependencies) = postProject - {84890110-2190-4AAE-9BDC-58F90DF71E4F} = {84890110-2190-4AAE-9BDC-58F90DF71E4F} - {81F0F7A6-DC36-46EF-957F-F9E81D4403F6} = {81F0F7A6-DC36-46EF-957F-F9E81D4403F6} - EndProjectSection -EndProject Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "shibtarget", "shib-target\shibtarget.vcproj", "{84890110-2190-4AAE-9BDC-58F90DF71E4F}" ProjectSection(ProjectDependencies) = postProject {81F0F7A6-DC36-46EF-957F-F9E81D4403F6} = {81F0F7A6-DC36-46EF-957F-F9E81D4403F6} @@ -81,12 +75,6 @@ Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "xmlproviders", "xmlprovider {E6CAB6C8-1D73-4410-970A-52BF9EC57810} = {E6CAB6C8-1D73-4410-970A-52BF9EC57810} EndProjectSection EndProject -Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "odbc_ccache", "odbc_ccache\odbc_ccache.vcproj", "{DAC7FB99-038A-45C9-A27C-21B6C8D4CD1E}" - ProjectSection(ProjectDependencies) = postProject - {84890110-2190-4AAE-9BDC-58F90DF71E4F} = {84890110-2190-4AAE-9BDC-58F90DF71E4F} - {81F0F7A6-DC36-46EF-957F-F9E81D4403F6} = {81F0F7A6-DC36-46EF-957F-F9E81D4403F6} - EndProjectSection -EndProject Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "mod_shib22", "apache\mod_shib22.vcproj", "{B44C0852-83B8-4FB2-A86E-097C9C8256D0}" ProjectSection(ProjectDependencies) = postProject {E6CAB6C8-1D73-4410-970A-52BF9EC57810} = {E6CAB6C8-1D73-4410-970A-52BF9EC57810} @@ -142,10 +130,6 @@ Global {E6CAB6C8-1D73-4410-970A-52BF9EC57810}.Debug|Win32.Build.0 = Debug|Win32 {E6CAB6C8-1D73-4410-970A-52BF9EC57810}.Release|Win32.ActiveCfg = Release|Win32 {E6CAB6C8-1D73-4410-970A-52BF9EC57810}.Release|Win32.Build.0 = Release|Win32 - {54671467-CA4D-4BA3-9A27-15ED5576143D}.Debug|Win32.ActiveCfg = Debug|Win32 - {54671467-CA4D-4BA3-9A27-15ED5576143D}.Debug|Win32.Build.0 = Debug|Win32 - {54671467-CA4D-4BA3-9A27-15ED5576143D}.Release|Win32.ActiveCfg = Release|Win32 - {54671467-CA4D-4BA3-9A27-15ED5576143D}.Release|Win32.Build.0 = Release|Win32 {84890110-2190-4AAE-9BDC-58F90DF71E4F}.Debug|Win32.ActiveCfg = Debug|Win32 {84890110-2190-4AAE-9BDC-58F90DF71E4F}.Debug|Win32.Build.0 = Debug|Win32 {84890110-2190-4AAE-9BDC-58F90DF71E4F}.Release|Win32.ActiveCfg = Release|Win32 @@ -166,10 +150,6 @@ Global {68E46D06-6B91-4C59-A700-78DD4D4C420B}.Debug|Win32.Build.0 = Debug|Win32 {68E46D06-6B91-4C59-A700-78DD4D4C420B}.Release|Win32.ActiveCfg = Release|Win32 {68E46D06-6B91-4C59-A700-78DD4D4C420B}.Release|Win32.Build.0 = Release|Win32 - {DAC7FB99-038A-45C9-A27C-21B6C8D4CD1E}.Debug|Win32.ActiveCfg = Debug|Win32 - {DAC7FB99-038A-45C9-A27C-21B6C8D4CD1E}.Debug|Win32.Build.0 = Debug|Win32 - {DAC7FB99-038A-45C9-A27C-21B6C8D4CD1E}.Release|Win32.ActiveCfg = Release|Win32 - {DAC7FB99-038A-45C9-A27C-21B6C8D4CD1E}.Release|Win32.Build.0 = Release|Win32 {B44C0852-83B8-4FB2-A86E-097C9C8256D0}.Debug|Win32.ActiveCfg = Debug|Win32 {B44C0852-83B8-4FB2-A86E-097C9C8256D0}.Debug|Win32.Build.0 = Debug|Win32 {B44C0852-83B8-4FB2-A86E-097C9C8256D0}.Release|Win32.ActiveCfg = Release|Win32 @@ -192,9 +172,7 @@ Global {1396D80A-8672-4224-9B02-95F3F4207CDB} = {26BA8F84-6E42-41FA-9B13-5D3F4B5B2050} {B44C0852-83B8-4FB2-A86E-097C9C8256D0} = {26BA8F84-6E42-41FA-9B13-5D3F4B5B2050} {87C25D4E-8D19-4513-B0BA-BC668BC2DEE3} = {26BA8F84-6E42-41FA-9B13-5D3F4B5B2050} - {54671467-CA4D-4BA3-9A27-15ED5576143D} = {96AE4FC9-45EF-4C18-9F3B-EDA439E26E4C} {68E46D06-6B91-4C59-A700-78DD4D4C420B} = {96AE4FC9-45EF-4C18-9F3B-EDA439E26E4C} - {DAC7FB99-038A-45C9-A27C-21B6C8D4CD1E} = {96AE4FC9-45EF-4C18-9F3B-EDA439E26E4C} {D341DCD8-7DCD-43A2-8559-C07DAB838711} = {96AE4FC9-45EF-4C18-9F3B-EDA439E26E4C} {666A63A7-983F-4C19-8411-207F24305197} = {96AE4FC9-45EF-4C18-9F3B-EDA439E26E4C} {67AF22A3-C26E-40BE-B0CA-2ABEE5123763} = {FED80230-119E-4B2F-9F53-D2660A5F022B} diff --git a/shib-target/shib-config.cpp b/shib-target/shib-config.cpp index 064c61a..8d57ebf 100644 --- a/shib-target/shib-config.cpp +++ b/shib-target/shib-config.cpp @@ -50,7 +50,6 @@ PlugManager::Factory UnixListenerFactory; PlugManager::Factory TCPListenerFactory; //PlugManager::Factory MemoryListenerFactory; -PluginManager::Factory MemoryCacheFactory; PluginManager::Factory ShibSessionInitiatorFactory; PluginManager::Factory SAML1POSTFactory; PluginManager::Factory SAML1ArtifactFactory; @@ -106,8 +105,6 @@ bool STConfig::init(const char* schemadir) conf.AssertionConsumerServiceManager.registerFactory(samlconstants::SAML1_PROFILE_BROWSER_ARTIFACT,&SAML1ArtifactFactory); conf.SingleLogoutServiceManager.registerFactory(shibspconstants::SHIB1_LOGOUT_PROFILE_URI,&ShibLogoutFactory); - conf.SessionCacheManager.registerFactory(MEMORY_SESSIONCACHE,&MemoryCacheFactory); - log.info("finished initializing"); return true; } diff --git a/shib-target/shib-ini.cpp b/shib-target/shib-ini.cpp index 4fdbc4e..cedeea4 100644 --- a/shib-target/shib-ini.cpp +++ b/shib-target/shib-ini.cpp @@ -584,7 +584,7 @@ short XMLApplication::acceptNode(const DOMNode* node) const { if (XMLHelper::isNodeNamed(node,samlconstants::SAML1_NS,AttributeDesignator::LOCAL_NAME)) return FILTER_REJECT; - else if (XMLHelper::isNodeNamed(node,samlconstants::SAML20_NS,Attribute::LOCAL_NAME)) + else if (XMLHelper::isNodeNamed(node,samlconstants::SAML20_NS,opensaml::saml1::Attribute::LOCAL_NAME)) return FILTER_REJECT; else if (XMLHelper::isNodeNamed(node,samlconstants::SAML1_NS,Audience::LOCAL_NAME)) return FILTER_REJECT; @@ -962,8 +962,8 @@ XMLConfigImpl::XMLConfigImpl(const DOMElement* e, bool first, const XMLConfig* o const DOMElement* container=conf.isEnabled(SPConfig::OutOfProcess) ? SHAR : SHIRE; child=XMLHelper::getFirstChildElement(container,MemorySessionCache); if (child) { - log.info("building Session Cache of type %s...",MEMORY_SESSIONCACHE); - m_outer->m_sessionCache=conf.SessionCacheManager.newPlugin(MEMORY_SESSIONCACHE,child); + log.info("building Session Cache of type %s...",STORAGESERVICE_SESSION_CACHE); + m_outer->m_sessionCache=conf.SessionCacheManager.newPlugin(STORAGESERVICE_SESSION_CACHE,child); } else { child=XMLHelper::getFirstChildElement(container,SessionCache); @@ -973,8 +973,8 @@ XMLConfigImpl::XMLConfigImpl(const DOMElement* e, bool first, const XMLConfig* o m_outer->m_sessionCache=conf.SessionCacheManager.newPlugin(type.get(),child); } else { - log.info("custom SessionCache unspecified or no longer supported, building SessionCache of type %s...",MEMORY_SESSIONCACHE); - m_outer->m_sessionCache=conf.SessionCacheManager.newPlugin(MEMORY_SESSIONCACHE,child); + log.info("custom SessionCache unspecified or no longer supported, building SessionCache of type %s...",STORAGESERVICE_SESSION_CACHE); + m_outer->m_sessionCache=conf.SessionCacheManager.newPlugin(STORAGESERVICE_SESSION_CACHE,child); } } @@ -1064,7 +1064,7 @@ XMLConfigImpl::XMLConfigImpl(const DOMElement* e, bool first, const XMLConfig* o if (fact) { m_attrFactories.push_back(fact); ShibConfig::getConfig().regAttributeMapping( - child->getAttributeNS(NULL,Attribute::ATTRIBUTENAME_ATTRIB_NAME), fact + child->getAttributeNS(NULL,opensaml::saml1::Attribute::ATTRIBUTENAME_ATTRIB_NAME), fact ); } else { diff --git a/shib-target/shibtarget.vcproj b/shib-target/shibtarget.vcproj index 49d8d83..4a6d6eb 100644 --- a/shib-target/shibtarget.vcproj +++ b/shib-target/shibtarget.vcproj @@ -230,10 +230,6 @@ > - - diff --git a/shibsp/SessionCache.h b/shibsp/SessionCache.h index e28b0fe..ac531cf 100644 --- a/shibsp/SessionCache.h +++ b/shibsp/SessionCache.h @@ -23,12 +23,15 @@ #ifndef __shibsp_sessioncache_h__ #define __shibsp_sessioncache_h__ +#include +#include +#include #include -#include namespace shibsp { class SHIBSP_API Application; + class SHIBSP_API Attribute; class SHIBSP_API Session : public virtual xmltooling::Lockable { @@ -37,14 +40,124 @@ namespace shibsp { Session() {} virtual ~Session() {} public: - /* TODO: design new interface, probably with version-specific subinterfaces + /** + * Returns the address of the client associated with the session. + * + * @return the client's network address + */ virtual const char* getClientAddress() const=0; - virtual const char* getProviderId() const=0; - virtual std::pair getSubject(bool xml=true, bool obj=false) const=0; - virtual const char* getAuthnContext() const=0; - virtual std::pair getTokens(bool xml=true, bool obj=false) const=0; - virtual std::pair getFilteredTokens(bool xml=true, bool obj=false) const=0; - */ + + /** + * Returns the entityID of the IdP that initiated the session. + * + * @return the IdP's entityID + */ + virtual const char* getEntityID() const=0; + + /** + * Returns the timestamp on the authentication event at the IdP. + * + * @return the authentication timestamp + */ + virtual time_t getAuthnInstant() const=0; + + /** + * Returns the set of resolved attributes associated with the session. + * + * @return an immutable array of attributes + */ + virtual const std::vector& getAttributes() const=0; + + /** + * Adds additional attributes to the session. + * + * @param attributes reference to an array of Attributes to cache (will be freed by cache) + */ + virtual void addAttributes(const std::vector& attributes)=0; + + /** + * Returns the identifiers of the assertion(s) cached by the session. + * + *

The SSO assertion is guaranteed to be first in the set. + * + * @return an immutable array of AssertionID values + */ + virtual const std::vector& getAssertionIDs() const=0; + + /** + * Returns an assertion cached by the session. + * + * @param id identifier of the assertion to retrieve + * @return pointer to assertion, or NULL + */ + virtual const opensaml::RootObject* getAssertion(const char* id) const=0; + + /** + * Stores an assertion in the session. + * + * @param assertion pointer to an assertion to cache (will be freed by cache) + */ + virtual void addAssertion(opensaml::RootObject* assertion)=0; + }; + + class SHIBSP_API SAML1Session : public virtual Session + { + protected: + SAML1Session() {} + virtual ~SAML1Session() {} + + public: + /** + * Returns the NameIdentifier associated with a SAML 1.x session. + * + * @return reference to a SAML 1.x NameIdentifier + */ + virtual const opensaml::saml1::NameIdentifier& getNameIdentifier() const=0; + + /** + * Returns a URI containing the AuthenticationMethod. + * + * @return a URI identifying the authentication method + */ + virtual const char* getAuthenticationMethod() const=0; + + }; + + class SHIBSP_API SAML2Session : public virtual Session + { + protected: + SAML2Session() {} + virtual ~SAML2Session() {} + + public: + /** + * Returns the NameID associated with a SAML 2.0 session. + * + * @return reference to a SAML 2.0 NameID + */ + virtual const opensaml::saml2::NameID& getNameID() const=0; + + /** + * Returns the SessionIndex provided with the session. + * + * @return the SessionIndex from the original SSO assertion, if any + */ + virtual const char* getSessionIndex() const=0; + + /** + * Returns a URI containing an AuthnContextClassRef provided with the session. + * + * @return a URI identifying the authentication context class + */ + virtual const char* getAuthnContextClassRef() const=0; + + /** + * Returns a URI containing an AuthnContextDeclRef provided with the session. + * + * @return a URI identifying the authentication context declaration + */ + virtual const char* getAuthnContextDeclRef() const=0; + }; /** @@ -60,11 +173,73 @@ namespace shibsp { { MAKE_NONCOPYABLE(SessionCache); protected: - SessionCache() {} + + /** + * Constructor + * + *

The following XML content is supported to configure the cache: + *

+ *
cacheTimeout
+ *
attribute containing maximum lifetime in seconds for sessions in cache
+ *
cleanupInterval
+ *
attribute containing interval in seconds between attempts to purge expired sessions
+ *
strictValidity
+ *
boolean attribute indicating whether to honor SessionNotOnOrAfter information
+ *
writeThrough
+ *
boolean attribute indicating that every access to a session should update persistent storage
+ *
+ * + * @param e root of DOM tree to configure the cache + */ + SessionCache(const DOMElement* e); + public: virtual ~SessionCache() {} + + /** + * Inserts a new session into the cache. + * + *

The SSO token remains owned by the caller and must be copied by the + * cache. Any Attributes supplied become the property of the cache. + * + * @param application reference to Application that owns the Session + * @param client_addr network address of client + * @param ssoToken reference to SSO assertion initiating the session + * @param issuer issuing metadata role of assertion issuer, if known + * @param attributes optional set of resolved Attributes to cache with session + * @return pointer to newly created (and locked) Session + */ + virtual Session* insert( + const Application& application, + const char* client_addr, + const opensaml::RootObject& ssoToken, + const opensaml::saml2md::RoleDescriptor* issuer=NULL, + const std::vector* attributes=NULL + )=0; + + /** + * Locates an existing session. + * + * @param key session key + * @param application reference to Application that owns the Session + * @param client_addr network address of client (if known) + * @return pointer to locked Session, or NULL + */ + virtual Session* find(const char* key, const Application& application, const char* client_addr)=0; + + /** + * Deletes an existing session. + * + * @param key session key + * @param application reference to Application that owns the Session + * @param client_addr network address of client (if known) + */ + virtual void remove(const char* key, const Application& application, const char* client_addr)=0; }; + /** Remoting-aware SessionCache implementation backed by a StorageService. */ + #define STORAGESERVICE_SESSION_CACHE "edu.internet2.middleware.shibboleth.sp.provider.StorageServiceSessionCache" + /** * Registers SessionCache classes into the runtime. */ diff --git a/shibsp/impl/StorageServiceSessionCache.cpp b/shibsp/impl/StorageServiceSessionCache.cpp index 060af66..5b305d4 100644 --- a/shibsp/impl/StorageServiceSessionCache.cpp +++ b/shibsp/impl/StorageServiceSessionCache.cpp @@ -32,17 +32,17 @@ using namespace shibsp; using namespace xmltooling; using namespace log4cpp; using namespace std; -/* + namespace shibsp { - SessionCache* SHIBSP_DLLLOCAL XMLRequestMapperFactory(const DOMElement* const & e) + SessionCache* SHIBSP_DLLLOCAL StorageServiceCacheFactory(const DOMElement* const & e) { - return new XMLRequestMapper(e); + return NULL; } } -*/ + void SHIBSP_API shibsp::registerSessionCaches() { - //SPConfig::getConfig().SessionCacheManager.registerFactory(XML_REQUEST_MAPPER, XMLRequestMapperFactory); + SPConfig::getConfig().SessionCacheManager.registerFactory(STORAGESERVICE_SESSION_CACHE, StorageServiceCacheFactory); }