Example 11 with Session
use of com.iplanet.dpro.session.Session in project OpenAM by OpenRock.
the class DestroyOldestAction method action.
@Override
public boolean action(InternalSession is, Map<String, Long> sessions) {
long smallestExpTime = Long.MAX_VALUE;
String oldestSessionID = null;
for (Map.Entry<String, Long> entry : sessions.entrySet()) {
try {
Session session = sessionCache.getSession(new SessionID(entry.getKey()));
session.refresh(false);
long expTime = session.getTimeLeft();
if (expTime < smallestExpTime) {
smallestExpTime = expTime;
oldestSessionID = entry.getKey();
}
} catch (SessionException ssoe) {
if (debug.warningEnabled()) {
debug.warning("Failed to create SSOToken", ssoe);
}
// in this case
return true;
}
}
if (oldestSessionID != null) {
SessionID sessID = new SessionID(oldestSessionID);
try {
Session s = sessionCache.getSession(sessID);
s.destroySession(s);
} catch (SessionException e) {
if (debug.messageEnabled()) {
debug.message("Failed to destroy the next expiring session.", e);
}
// in this case
return true;
}
}
return false;
}
Also used :
SessionException(com.iplanet.dpro.session.SessionException)
Map(java.util.Map)
SessionID(com.iplanet.dpro.session.SessionID)
Session(com.iplanet.dpro.session.Session)
InternalSession(com.iplanet.dpro.session.service.InternalSession)
Example 12 with Session
use of com.iplanet.dpro.session.Session in project OpenAM by OpenRock.
the class SessionCommand method destroySession.
private void destroySession(Session session, SessionData sData) throws CLIException {
try {
Session sess = sData.session;
String[] params = { sData.userId };
writeLog(LogWriter.LOG_ACCESS, Level.INFO, "ATTEMPT_SESSION_DESTROY", params);
session.destroySession(sess);
writeLog(LogWriter.LOG_ACCESS, Level.INFO, "SUCCEED_SESSION_DESTROY", params);
} catch (SessionException se) {
String[] params = { sData.userId, se.getMessage() };
debugError("SessionCommand.destroySession", se);
writeLog(LogWriter.LOG_ERROR, Level.INFO, "FAILED_SESSION_DESTROY", params);
}
}
Also used :
SessionException(com.iplanet.dpro.session.SessionException)
Session(com.iplanet.dpro.session.Session)
Example 13 with Session
use of com.iplanet.dpro.session.Session in project OpenAM by OpenRock.
the class SMSessionCache method retainSessionsWithUserID.
/**
* Returns a map of user ID to session object for session that contains
* user ID.
*/
private Map retainSessionsWithUserID(Collection sessions, SMProfileModelImpl modelImpl) {
Map results = new HashMap(sessions.size() * 2);
for (Iterator iter = sessions.iterator(); iter.hasNext(); ) {
Session sess = (Session) iter.next();
try {
String userId = sess.getProperty(SMProfileModelImpl.USER_ID);
if (userId != null) {
String id = sess.getID().toString();
SMSessionData sData = new SMSessionData();
sData.setUserId(userId);
sData.setId(id);
sData.setTimeRemain(sess.getTimeLeft() / 60);
sData.setMaxSessionTime(sess.getMaxSessionTime());
sData.setIdleTime(sess.getIdleTime() / 60);
sData.setMaxIdleTime(sess.getMaxIdleTime());
results.put(userId + id, sData);
}
} catch (SessionException se) {
debug.warning("SMSessionCache.retainSessionsWithUserID", se);
}
}
return results;
}Example 14 with Session
use of com.iplanet.dpro.session.Session in project OpenAM by OpenRock.
the class SMProfileModelImpl method initSessionsList.
/**
* Initializes sessions list.
*
* @param pattern user id pattern to search for.
* @throws AMConsoleException if unable to initialized the session list.
*/
private void initSessionsList(String pattern) throws AMConsoleException {
pattern = pattern.toLowerCase();
String[] params = { serverName, pattern };
logEvent("ATTEMPT_GET_CURRENT_SESSIONS", params);
try {
Session session = sessionCache.getSession(new SessionID(getUserSSOToken().getTokenID().toString()));
SearchResults result = session.getValidSessions(serverName, pattern);
Map<String, Session> sessions = (Map<String, Session>) result.getResultAttributes();
String errorMessage = AMAdminUtils.getSearchResultWarningMessage(result, this);
smSessionCache = new SMSessionCache(sessions.values(), errorMessage, this);
logEvent("SUCCEED_GET_CURRENT_SESSIONS", params);
} catch (SessionException se) {
String strError = getErrorString(se);
String[] paramsEx = { serverName, pattern, strError };
logEvent("SESSION_EXCEPTION_GET_CURRENT_SESSIONS", paramsEx);
throw new AMConsoleException(strError);
}
}
Also used :
SessionException(com.iplanet.dpro.session.SessionException)
SearchResults(com.sun.identity.common.SearchResults)
AMConsoleException(com.sun.identity.console.base.model.AMConsoleException)
SessionID(com.iplanet.dpro.session.SessionID)
HashMap(java.util.HashMap)
Map(java.util.Map)
Session(com.iplanet.dpro.session.Session)
Example 15 with Session
use of com.iplanet.dpro.session.Session in project OpenAM by OpenRock.
the class SessionRequestHandler method processSessionRequest.
private SessionResponse processSessionRequest(PLLAuditor auditor, SessionRequest req, HttpServletRequest servletRequest, HttpServletResponse servletResponse) {
SessionResponse res = new SessionResponse(req.getRequestID(), req.getMethodID());
SessionID sid = new SessionID(req.getSessionID());
Session requesterSession = null;
try {
/* common processing by groups of methods */
switch(req.getMethodID()) {
/*
* in this group of methods the request is targeting either all
* LOCAL sessions or a single local session identified by another
* request parameter sid in this case is only used to authenticate
* the operation Session pointed by sid is not expected to be local
* to this server (although it might)
*/
case SessionRequest.GetValidSessions:
case SessionRequest.AddSessionListenerOnAllSessions:
case SessionRequest.GetSessionCount:
/*
* note that the purpose of the following is just to check the
* authentication of the caller (which can also be used as a
* filter for the operation scope!)
*/
requesterSession = sessionCache.getSession(sid);
auditAccessAttempt(auditor, requesterSession);
/*
* also check that sid is not a restricted token
*/
if (requesterSession.getProperty(TOKEN_RESTRICTION_PROP) != null) {
res.setException(sid + " " + SessionBundle.getString("noPrivilege"));
return res;
}
break;
/*
* In this group request is targeting a single session identified by
* sid which is supposed to be hosted by this server instance sid is
* used both as an id of a session and to authenticate the operation
* (performed on own session)
*/
case SessionRequest.GetSession:
case SessionRequest.Logout:
case SessionRequest.AddSessionListener:
case SessionRequest.SetProperty:
case SessionRequest.DestroySession:
if (req.getMethodID() == SessionRequest.DestroySession) {
requesterSession = sessionCache.getSession(sid);
auditAccessAttempt(auditor, requesterSession);
/*
* also check that sid is not a restricted token
*/
if (requesterSession.getProperty(TOKEN_RESTRICTION_PROP) != null) {
res.setException(sid + " " + SessionBundle.getString("noPrivilege"));
return res;
}
sid = new SessionID(req.getDestroySessionID());
} else {
try {
auditAccessAttempt(auditor, sessionCache.getSession(sid));
} catch (SessionException ignored) {
// ignore, we'll log the access attempt without session properties
auditor.auditAccessAttempt();
}
}
if (req.getMethodID() == SessionRequest.SetProperty) {
/*
* This fix is to avoid clients sneaking in to set
* protected properties in server-2 or so through
* server-1. Short circuit this operation without
* forwarding it further.
*/
try {
SessionUtils.checkPermissionToSetProperty(this.clientToken, req.getPropertyName(), req.getPropertyValue());
} catch (SessionException se) {
if (sessionDebug.warningEnabled()) {
sessionDebug.warning("SessionRequestHandler.processRequest:" + "Client does not have permission to set" + " - property key = " + req.getPropertyName() + " : property value = " + req.getPropertyValue());
}
res.setException(sid + " " + SessionBundle.getString("noPrivilege"));
return res;
}
}
if (!serviceConfig.isSessionFailoverEnabled()) {
// TODO check how this behaves in non-session failover case
URL originService = SESSION_SERVICE_URL_SERVICE.getSessionServiceURL(sid);
if (!serverConfig.isLocalSessionService(originService)) {
if (!serverConfig.isSiteEnabled()) {
String siteID = sid.getExtension().getSiteID();
if (siteID != null) {
String primaryID = sid.getExtension().getPrimaryID();
String localServerID = serverConfig.getLocalServerID();
if ((primaryID != null) && (localServerID != null)) {
if (primaryID.equals(localServerID)) {
throw new SessionException("invalid session id");
}
}
}
} else {
return forward(originService, req);
}
}
} else {
if (serviceConfig.isUseInternalRequestRoutingEnabled()) {
// first try
String hostServerID = sessionService.getCurrentHostServer(sid);
if (!serverConfig.isLocalServer(hostServerID)) {
try {
return forward(SESSION_SERVICE_URL_SERVICE.getSessionServiceURL(hostServerID), req);
} catch (SessionException se) {
// attempt retry
if (!sessionService.checkServerUp(hostServerID)) {
// proceed with failover
String retryHostServerID = sessionService.getCurrentHostServer(sid);
if (retryHostServerID.equals(hostServerID)) {
throw se;
} else {
// case
if (!serverConfig.isLocalServer(retryHostServerID)) {
return forward(SESSION_SERVICE_URL_SERVICE.getSessionServiceURL(retryHostServerID), req);
}
}
} else {
throw se;
}
}
}
} else {
// iplanet-am-session-sfo-enabled=true (in direct contradiction to SMS property with same name)
throw new AssertionError("Unreachable code");
}
/*
* if session is not already present locally attempt to
* recover session if in failover mode
*/
if (!sessionService.isSessionPresent(sid)) {
if (sessionService.recoverSession(sid) == null) {
/*
* if not in failover mode or recovery was not
* successful return an exception
*/
/*
* !!!!! IMPORTANT !!!!! DO NOT REMOVE "sid" FROM
* EXCEPTIONMESSAGE Logic kludge in legacy Agent 2.0
* code will break If it can not find SID value in
* the exception message returned by Session
* Service. This dependency should be eventually
* removed once we migrate customers to a newer
* agent code base or switch to a new version of
* Session Service interface
*/
res.setException(sid + " " + SessionBundle.getString("sessionNotObtained"));
return res;
}
}
}
break;
default:
res.setException(sid + " " + SessionBundle.getString("unknownRequestMethod"));
return res;
}
/*
* request method-specific processing
*/
switch(req.getMethodID()) {
case SessionRequest.GetSession:
res.addSessionInfo(sessionService.getSessionInfo(sid, req.getResetFlag()));
break;
case SessionRequest.GetValidSessions:
String pattern = req.getPattern();
List<SessionInfo> infos = null;
int[] status = { 0 };
infos = sessionService.getValidSessions(requesterSession, pattern, status);
res.setStatus(status[0]);
res.setSessionInfo(infos);
break;
case SessionRequest.DestroySession:
sessionService.destroySession(requesterSession, new SessionID(req.getDestroySessionID()));
break;
case SessionRequest.Logout:
sessionService.logout(sid);
break;
case SessionRequest.AddSessionListener:
sessionService.addSessionListener(sid, req.getNotificationURL());
break;
case SessionRequest.AddSessionListenerOnAllSessions:
/**
* Cookie Hijacking fix to disable adding of Notification
* Listener for ALL the sessions over the network to the server
* instance specified by Notification URL This property can be
* added and set in the AMConfig.properties file should there be
* a need to add Notification Listener to ALL the sessions. The
* default value of this property is FALSE
*/
if (getEnableAddListenerOnAllSessions()) {
sessionService.addSessionListenerOnAllSessions(requesterSession, req.getNotificationURL());
}
break;
case SessionRequest.SetProperty:
sessionService.setExternalProperty(this.clientToken, sid, req.getPropertyName(), req.getPropertyValue());
break;
case SessionRequest.GetSessionCount:
String uuid = req.getUUID();
Object sessions = SessionCount.getSessionsFromLocalServer(uuid);
if (sessions != null) {
res.setSessionsForGivenUUID((Map) sessions);
}
break;
default:
res.setException(sid + " " + SessionBundle.getString("unknownRequestMethod"));
break;
}
} catch (SessionException se) {
sessionDebug.message("processSessionRequest caught exception: {}", se.getMessage(), se);
res.setException(sid + " " + se.getMessage());
}
return res;
}
Also used :
SessionException(com.iplanet.dpro.session.SessionException)
SessionInfo(com.iplanet.dpro.session.share.SessionInfo)
SessionResponse(com.iplanet.dpro.session.share.SessionResponse)
SessionID(com.iplanet.dpro.session.SessionID)
URL(java.net.URL)
Session(com.iplanet.dpro.session.Session)
Aggregations
Session (com.iplanet.dpro.session.Session)31
SessionException (com.iplanet.dpro.session.SessionException)22
SessionID (com.iplanet.dpro.session.SessionID)13
SSOException (com.iplanet.sso.SSOException)7
Test (org.testng.annotations.Test)7
Map (java.util.Map)5
InternalSession (com.iplanet.dpro.session.service.InternalSession)4
BeforeTest (org.testng.annotations.BeforeTest)4
SSOToken (com.iplanet.sso.SSOToken)3
SearchResults (com.sun.identity.common.SearchResults)3
AMConsoleException (com.sun.identity.console.base.model.AMConsoleException)3
HashMap (java.util.HashMap)3
StatelessSession (org.forgerock.openam.sso.providers.stateless.StatelessSession)3
URL (java.net.URL)2
Iterator (java.util.Iterator)2
SessionEvent (com.iplanet.dpro.session.SessionEvent)1
TokenRestriction (com.iplanet.dpro.session.TokenRestriction)1
SessionService (com.iplanet.dpro.session.service.SessionService)1
SessionInfo (com.iplanet.dpro.session.share.SessionInfo)1
SessionResponse (com.iplanet.dpro.session.share.SessionResponse)1
