avoid unnecessary CTS call when using noSession authentication

maximthomas · Feb 16, 2024 · 54a6e56 · 54a6e56
1 parent e44a691
commit 54a6e56
Showing 1 changed file with 11 additions and 5 deletions.
diff --git a/openam-core/src/main/java/com/sun/identity/authentication/service/LoginState.java b/openam-core/src/main/java/com/sun/identity/authentication/service/LoginState.java
@@ -352,6 +352,8 @@ private static class LazyConfig {
     // Enable Module based Auth
     private boolean enableModuleBasedAuth = true;
     private ISLocaleContext localeContext = new ISLocaleContext();
+
+    private boolean noSessionAttributeSet = false;
 
     /**
      * The sharedState Map of the {@link AMLoginModule} and subclasses.
@@ -433,6 +435,8 @@ public HttpServletRequest getHttpServletRequest() {
      */
     public void setHttpServletRequest(HttpServletRequest servletRequest) {
         this.servletRequest = servletRequest;
+        this.noSessionAttributeSet = servletRequest != null && Boolean.parseBoolean(
+                (String) servletRequest.getAttribute(ISAuthConstants.NO_SESSION_REQUEST_ATTR));
     }
 
     /**
@@ -1749,7 +1753,7 @@ AuthContextLocal createAuthContext(
         }
         AuthContextLocal authContext = new AuthContextLocal(this.userOrg);
         newRequest = true;
-        servletRequest = request;
+        this.setHttpServletRequest(request);
         servletResponse = response;
         setParamHash(requestHash);
         client = getClient();
@@ -3839,8 +3843,7 @@ synchronized void setPrevCallback(Callback[] prevCallback) {
      */
     public boolean isNoSession() {
         return Boolean.parseBoolean(requestMap.get(NO_SESSION_QUERY_PARAM))
-                || (servletRequest != null && Boolean.parseBoolean(
-                (String) servletRequest.getAttribute(ISAuthConstants.NO_SESSION_REQUEST_ATTR)));
+                || noSessionAttributeSet;
     }
 
     /**
@@ -4079,7 +4082,7 @@ AuthContextLocal createAuthContext(
         }
         AuthContextLocal authContext = new AuthContextLocal(this.userOrg);
         newRequest = true;
-        servletRequest = req;
+        this.setHttpServletRequest(req);
         this.finalSessionId = sid;
         if (DEBUG.messageEnabled()) {
             DEBUG.message("requestType : " + newRequest);
@@ -4461,7 +4464,10 @@ void logLogout() {
             if (authMethName != null) {
                 props.put(LogConstants.MODULE_NAME, authMethName);
             }
-            InternalSession session = getReferencedSession();
+            InternalSession session = null;
+            if(!isNoSession()) {
+                session = getReferencedSession();
+            }
             if (session != null) {
                 props.put(LogConstants.LOGIN_ID_SID, finalSessionId.toString());
             }