SessionTimeouts.java
/*
* Copyright 2020 Red Hat, Inc. and/or its affiliates
* and other contributors as indicated by the @author tags.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
*/
package org.keycloak.models.sessions.infinispan.util;
import java.util.concurrent.TimeUnit;
import org.keycloak.common.util.Time;
import org.keycloak.models.ClientModel;
import org.keycloak.models.RealmModel;
import org.keycloak.models.sessions.infinispan.entities.AuthenticatedClientSessionEntity;
import org.keycloak.models.sessions.infinispan.entities.LoginFailureEntity;
import org.keycloak.models.sessions.infinispan.entities.RootAuthenticationSessionEntity;
import org.keycloak.models.sessions.infinispan.entities.UserSessionEntity;
import org.keycloak.models.utils.SessionExpiration;
import org.keycloak.models.utils.SessionExpirationUtils;
/**
* @author <a href="mailto:mposolda@redhat.com">Marek Posolda</a>
*/
public class SessionTimeouts {
/**
* This indicates that entry is already expired and should be removed from the cache
*/
public static final long ENTRY_EXPIRED_FLAG = -2;
private static final long IMMORTAL_FLAG = -1;
/**
* Get the maximum lifespan, which this userSession can remain in the infinispan cache.
* Returned value will be used as "lifespan" when calling put/replace operation in the infinispan cache for this entity
*
* @param realm
* @param client
* @param userSessionEntity
* @return
*/
public static long getUserSessionLifespanMs(RealmModel realm, ClientModel client, UserSessionEntity userSessionEntity) {
return getUserSessionLifespanMs(realm, false, userSessionEntity.isRememberMe(), userSessionEntity.getStarted());
}
public static long getUserSessionLifespanMs(RealmModel realm, boolean offline, boolean rememberMe, int started) {
long lifespan = SessionExpirationUtils.calculateUserSessionMaxLifespanTimestamp(offline, rememberMe,
TimeUnit.SECONDS.toMillis(started), realm);
if (offline && lifespan == IMMORTAL_FLAG) {
return IMMORTAL_FLAG;
}
lifespan = lifespan - Time.currentTimeMillis();
if (lifespan <= 0) {
return ENTRY_EXPIRED_FLAG;
}
return lifespan;
}
/**
* Get the maximum idle time for this userSession.
* Returned value will be used when as "maxIdleTime" when calling put/replace operation in the infinispan cache for this entity
*
* @param realm
* @param client
* @param userSessionEntity
* @return
*/
public static long getUserSessionMaxIdleMs(RealmModel realm, ClientModel client, UserSessionEntity userSessionEntity) {
return getUserSessionMaxIdleMs(realm, false, userSessionEntity.isRememberMe(), userSessionEntity.getLastSessionRefresh());
}
public static long getUserSessionMaxIdleMs(RealmModel realm, boolean offline, boolean rememberMe, int lastSessionRefresh) {
long idle = SessionExpirationUtils.calculateUserSessionIdleTimestamp(offline, rememberMe, TimeUnit.SECONDS.toMillis(lastSessionRefresh), realm);
idle = idle - Time.currentTimeMillis();
if (idle <= 0) {
return ENTRY_EXPIRED_FLAG;
}
return idle;
}
/**
* Get the maximum lifespan, which this clientSession can remain in the infinispan cache.
* Returned value will be used as "lifespan" when calling put/replace operation in the infinispan cache for this entity
*
* @param realm
* @param client
* @param clientSessionEntity
* @return
*/
public static long getClientSessionLifespanMs(RealmModel realm, ClientModel client, AuthenticatedClientSessionEntity clientSessionEntity) {
return getClientSessionLifespanMs(realm, client, false, clientSessionEntity.isUserSessionRememberMe(), clientSessionEntity.getStarted(), clientSessionEntity.getUserSessionStarted());
}
public static long getClientSessionLifespanMs(RealmModel realm, ClientModel client, boolean offline, boolean isUserSessionRememberMe, int started, int userSessionStarted) {
long lifespan = SessionExpirationUtils.calculateClientSessionMaxLifespanTimestamp(offline, isUserSessionRememberMe,
TimeUnit.SECONDS.toMillis(started), TimeUnit.SECONDS.toMillis(userSessionStarted), realm, client);
if (offline && lifespan == IMMORTAL_FLAG) {
return IMMORTAL_FLAG;
}
lifespan = lifespan - Time.currentTimeMillis();
if (lifespan <= 0) {
return ENTRY_EXPIRED_FLAG;
}
return lifespan;
}
/**
* Get the maxIdle, which this clientSession will use.
* Returned value will be used as "maxIdle" when calling put/replace operation in the infinispan cache for this entity
*
* @param realm
* @param client
* @param clientSessionEntity
* @return
*/
public static long getClientSessionMaxIdleMs(RealmModel realm, ClientModel client, AuthenticatedClientSessionEntity clientSessionEntity) {
return getClientSessionMaxIdleMs(realm, client, false, clientSessionEntity.isUserSessionRememberMe(), clientSessionEntity.getTimestamp());
}
public static long getClientSessionMaxIdleMs(RealmModel realm, ClientModel client, boolean offline, boolean isUserSessionRememberMe, int timestamp) {
long idle = SessionExpirationUtils.calculateClientSessionIdleTimestamp(offline, isUserSessionRememberMe,
TimeUnit.SECONDS.toMillis(timestamp), realm, client);
idle = idle - Time.currentTimeMillis();
if (idle <= 0) {
return ENTRY_EXPIRED_FLAG;
}
return idle;
}
/**
* Get the maximum lifespan, which this offline userSession can remain in the infinispan cache.
* Returned value will be used as "lifespan" when calling put/replace operation in the infinispan cache for this entity
*
* @param realm
* @param client
* @param userSessionEntity
* @return
*/
public static long getOfflineSessionLifespanMs(RealmModel realm, ClientModel client, UserSessionEntity userSessionEntity) {
return getUserSessionLifespanMs(realm, true, userSessionEntity.isRememberMe(), userSessionEntity.getStarted());
}
/**
* Get the maximum idle time for this offline userSession.
* Returned value will be used when as "maxIdleTime" when calling put/replace operation in the infinispan cache for this entity
*
* @param realm
* @param client
* @param userSessionEntity
* @return
*/
public static long getOfflineSessionMaxIdleMs(RealmModel realm, ClientModel client, UserSessionEntity userSessionEntity) {
return getUserSessionMaxIdleMs(realm, true, userSessionEntity.isRememberMe(), userSessionEntity.getLastSessionRefresh());
}
/**
* Get the maximum lifespan, which this offline clientSession can remain in the infinispan cache.
* Returned value will be used as "lifespan" when calling put/replace operation in the infinispan cache for this entity
*
* @param realm
* @param client
* @param authenticatedClientSessionEntity
* @return
*/
public static long getOfflineClientSessionLifespanMs(RealmModel realm, ClientModel client, AuthenticatedClientSessionEntity authenticatedClientSessionEntity) {
return getClientSessionLifespanMs(realm, client, true, authenticatedClientSessionEntity.isUserSessionRememberMe(), authenticatedClientSessionEntity.getStarted(), authenticatedClientSessionEntity.getUserSessionStarted());
}
/**
* Get the maxIdle, which this offline clientSession will use.
* Returned value will be used as "maxIdle" when calling put/replace operation in the infinispan cache for this entity
*
* @param realm
* @param client
* @param authenticatedClientSessionEntity
* @return
*/
public static long getOfflineClientSessionMaxIdleMs(RealmModel realm, ClientModel client, AuthenticatedClientSessionEntity authenticatedClientSessionEntity) {
return getClientSessionMaxIdleMs(realm, client, true, authenticatedClientSessionEntity.isUserSessionRememberMe(), authenticatedClientSessionEntity.getTimestamp());
}
/**
* Not using lifespan for detached login failure (backwards compatibility with the background cleaner threads, which were used for cleanup of detached login failures)
*
* @param realm
* @param client
* @param loginFailureEntity
* @return
*/
public static long getLoginFailuresLifespanMs(RealmModel realm, ClientModel client, LoginFailureEntity loginFailureEntity) {
return IMMORTAL_FLAG;
}
/**
* Not using maxIdle for detached login failure (backwards compatibility with the background cleaner threads, which were used for cleanup of detached login failures)
*
* @param realm
* @param client
* @param loginFailureEntity
* @return
*/
public static long getLoginFailuresMaxIdleMs(RealmModel realm, ClientModel client, LoginFailureEntity loginFailureEntity) {
return IMMORTAL_FLAG;
}
public static long getAuthSessionLifespanMS(RealmModel realm, ClientModel client, RootAuthenticationSessionEntity entity) {
return (entity.getTimestamp() - Time.currentTime() + SessionExpiration.getAuthSessionLifespan(realm)) * 1000L;
}
public static long getAuthSessionMaxIdleMS(RealmModel realm, ClientModel client, RootAuthenticationSessionEntity entity) {
return IMMORTAL_FLAG;
}
}