Class AmSessionIdleTimeoutFilter

java.lang.Object
org.forgerock.openig.openam.session.AmSessionIdleTimeoutFilter
All Implemented Interfaces:
Filter

public class AmSessionIdleTimeoutFilter extends Object implements Filter
This filter will track the AM sessions (stateless or stateful) and will revoke them if their idle timeout goes over a defined limit.

Configuration options:

 
         "amService":          AmService           [REQUIRED]
         "idleTimeout":        duration            [REQUIRED - The maximum duration after a session is considered
                                                               as timed out.]
         "sessionToken":       expression<string>  [OPTIONAL - Where to find the user's session token.
                                                               Defaults to the AM session cookie.]
         "removeAmSessionFilter": Filter           [OPTIONAL - A filter to remove the AM session details from the
                                                               request when the session is no longer valid.
                                                               Defaults to a filter that removes the AM Session
                                                               cookie based on the AM session cookie name.]
         "idleTimeoutUpdate":  enum                [OPTIONAL - The strategy to use to update the idle timeout:
                                                               - ALWAYS (default)
                                                               - NEVER
                                                               - INCREASE_ONLY
                                                               - DECREASE_ONLY ]
         "secretsProvider":    SecretsProvider     [OPTIONAL - The secrets provider used to obtain secrets.
                                                               If missing, a random key will be generated.]
         "encryptionSecretId": SecretId            [OPTIONAL - The secret ID of the encryption key
                                                               used to perform authenticated encryption on the JWT.]
         "encryptionMethod":   enum                [OPTIONAL - The standard name of the encryption method
                                                               to use with Authenticated Encryption.
                                                               See RFC 7518#section-5.1 See (1).
                                                               Defaults to A256GCM.]
         "cookie": {         object                [OPTIONAL - The structure describing the properties of the
                                                               activity tracking cookie: ]
           "name":             string       [OPTIONAL - Name of cookie containing the activity marker.
                                                        Defaults to "x-ig-activity-tracker".]
           "domain":           string       [OPTIONAL - Domain that cookie is applicable to. If not set,
                                                        the cookie will be treated as a host-based cookie]
           "path":             string       [OPTIONAL - Path to apply to the cookie.
                                                        Defaults to {@literal "/" }]
           "secure":           boolean      [OPTIONAL - Determines if the cookie should be set to be
                                                        secure. Defaults to {@code false}.]
           "httpOnly":         boolean      [OPTIONAL - httpOnly flag. Defaults to {@code true}.]
           "sameSite":         enum         [OPTIONAL - STRICT, NONE or LAX. Defaults to {@code null}.]
         }
 
 
See Also:
  • Method Details

    • filter

      public Promise<Response,NeverThrowsException> filter(Context context, Request request, Handler next)
      Description copied from interface: Filter
      Filters the request and/or response of an exchange. To pass the request to the next filter or handler in the chain, the filter calls next.handle(context, request).

      This method may elect not to pass the request to the next filter or handler, and instead handle the request itself. It can achieve this by merely avoiding a call to next.handle(context, request) and creating its own response object. The filter is also at liberty to replace a response with another of its own by intercepting the response returned by the next handler.

      Specified by:
      filter in interface Filter
      Parameters:
      context - The request context.
      request - The request.
      next - The next filter or handler in the chain to handle the request.
      Returns:
      A Promise representing the response to be returned to the client.