public void handleNotification(SecurityNotification notification) {
EventType eventType = notification.getEventType();
switch (eventType) {
case AUTHENTICATED:
if (isCacheable(notification)) {
HttpSessionImpl httpSession = servletContext.getSession(notification.getExchange(), true);
Session session;
if(System.getSecurityManager() == null) {
session = httpSession.getSession();
} else {
session = AccessController.doPrivileged(new HttpSessionImpl.UnwrapSessionAction(httpSession));
}
// It is normal for this notification to be received when using a previously cached session - in that
// case the IDM would have been given an opportunity to re-load the Account so updating here ready for
// the next request is desired.
session.setAttribute(ATTRIBUTE_NAME,
new AuthenticatedSession(notification.getAccount(), notification.getMechanism()));
}
break;
case LOGGED_OUT:
HttpSessionImpl httpSession = servletContext.getSession(notification.getExchange(), false);
if (httpSession != null) {
Session session;
if (System.getSecurityManager() == null) {
session = httpSession.getSession();
} else {
session = AccessController.doPrivileged(new HttpSessionImpl.UnwrapSessionAction(httpSession));
}
session.removeAttribute(ATTRIBUTE_NAME);
}