Examples with SessionException com.iplanet.dpro.session.SessionException used on opensource projects
Example 1 with SessionException
use of com.iplanet.dpro.session.SessionException in project OpenAM by OpenRock.
the class SessionRequestHandler method processSessionRequest.
private SessionResponse processSessionRequest(PLLAuditor auditor, SessionRequest req, HttpServletRequest servletRequest, HttpServletResponse servletResponse) {
SessionResponse res = new SessionResponse(req.getRequestID(), req.getMethodID());
SessionID sid = new SessionID(req.getSessionID());
Session requesterSession = null;
try {
/* common processing by groups of methods */
switch(req.getMethodID()) {
/*
* in this group of methods the request is targeting either all
* LOCAL sessions or a single local session identified by another
* request parameter sid in this case is only used to authenticate
* the operation Session pointed by sid is not expected to be local
* to this server (although it might)
*/
case SessionRequest.GetValidSessions:
case SessionRequest.AddSessionListenerOnAllSessions:
case SessionRequest.GetSessionCount:
/*
* note that the purpose of the following is just to check the
* authentication of the caller (which can also be used as a
* filter for the operation scope!)
*/
requesterSession = sessionCache.getSession(sid);
auditAccessAttempt(auditor, requesterSession);
/*
* also check that sid is not a restricted token
*/
if (requesterSession.getProperty(TOKEN_RESTRICTION_PROP) != null) {
res.setException(sid + " " + SessionBundle.getString("noPrivilege"));
return res;
}
break;
/*
* In this group request is targeting a single session identified by
* sid which is supposed to be hosted by this server instance sid is
* used both as an id of a session and to authenticate the operation
* (performed on own session)
*/
case SessionRequest.GetSession:
case SessionRequest.Logout:
case SessionRequest.AddSessionListener:
case SessionRequest.SetProperty:
case SessionRequest.DestroySession:
if (req.getMethodID() == SessionRequest.DestroySession) {
requesterSession = sessionCache.getSession(sid);
auditAccessAttempt(auditor, requesterSession);
/*
* also check that sid is not a restricted token
*/
if (requesterSession.getProperty(TOKEN_RESTRICTION_PROP) != null) {
res.setException(sid + " " + SessionBundle.getString("noPrivilege"));
return res;
}
sid = new SessionID(req.getDestroySessionID());
} else {
try {
auditAccessAttempt(auditor, sessionCache.getSession(sid));
} catch (SessionException ignored) {
// ignore, we'll log the access attempt without session properties
auditor.auditAccessAttempt();
}
}
if (req.getMethodID() == SessionRequest.SetProperty) {
/*
* This fix is to avoid clients sneaking in to set
* protected properties in server-2 or so through
* server-1. Short circuit this operation without
* forwarding it further.
*/
try {
SessionUtils.checkPermissionToSetProperty(this.clientToken, req.getPropertyName(), req.getPropertyValue());
} catch (SessionException se) {
if (sessionDebug.warningEnabled()) {
sessionDebug.warning("SessionRequestHandler.processRequest:" + "Client does not have permission to set" + " - property key = " + req.getPropertyName() + " : property value = " + req.getPropertyValue());
}
res.setException(sid + " " + SessionBundle.getString("noPrivilege"));
return res;
}
}
if (!serviceConfig.isSessionFailoverEnabled()) {
// TODO check how this behaves in non-session failover case
URL originService = SESSION_SERVICE_URL_SERVICE.getSessionServiceURL(sid);
if (!serverConfig.isLocalSessionService(originService)) {
if (!serverConfig.isSiteEnabled()) {
String siteID = sid.getExtension().getSiteID();
if (siteID != null) {
String primaryID = sid.getExtension().getPrimaryID();
String localServerID = serverConfig.getLocalServerID();
if ((primaryID != null) && (localServerID != null)) {
if (primaryID.equals(localServerID)) {
throw new SessionException("invalid session id");
}
}
}
} else {
return forward(originService, req);
}
}
} else {
if (serviceConfig.isUseInternalRequestRoutingEnabled()) {
// first try
String hostServerID = sessionService.getCurrentHostServer(sid);
if (!serverConfig.isLocalServer(hostServerID)) {
try {
return forward(SESSION_SERVICE_URL_SERVICE.getSessionServiceURL(hostServerID), req);
} catch (SessionException se) {
// attempt retry
if (!sessionService.checkServerUp(hostServerID)) {
// proceed with failover
String retryHostServerID = sessionService.getCurrentHostServer(sid);
if (retryHostServerID.equals(hostServerID)) {
throw se;
} else {
// case
if (!serverConfig.isLocalServer(retryHostServerID)) {
return forward(SESSION_SERVICE_URL_SERVICE.getSessionServiceURL(retryHostServerID), req);
}
}
} else {
throw se;
}
}
}
} else {
// iplanet-am-session-sfo-enabled=true (in direct contradiction to SMS property with same name)
throw new AssertionError("Unreachable code");
}
/*
* if session is not already present locally attempt to
* recover session if in failover mode
*/
if (!sessionService.isSessionPresent(sid)) {
if (sessionService.recoverSession(sid) == null) {
/*
* if not in failover mode or recovery was not
* successful return an exception
*/
/*
* !!!!! IMPORTANT !!!!! DO NOT REMOVE "sid" FROM
* EXCEPTIONMESSAGE Logic kludge in legacy Agent 2.0
* code will break If it can not find SID value in
* the exception message returned by Session
* Service. This dependency should be eventually
* removed once we migrate customers to a newer
* agent code base or switch to a new version of
* Session Service interface
*/
res.setException(sid + " " + SessionBundle.getString("sessionNotObtained"));
return res;
}
}
}
break;
default:
res.setException(sid + " " + SessionBundle.getString("unknownRequestMethod"));
return res;
}
/*
* request method-specific processing
*/
switch(req.getMethodID()) {
case SessionRequest.GetSession:
res.addSessionInfo(sessionService.getSessionInfo(sid, req.getResetFlag()));
break;
case SessionRequest.GetValidSessions:
String pattern = req.getPattern();
List<SessionInfo> infos = null;
int[] status = { 0 };
infos = sessionService.getValidSessions(requesterSession, pattern, status);
res.setStatus(status[0]);
res.setSessionInfo(infos);
break;
case SessionRequest.DestroySession:
sessionService.destroySession(requesterSession, new SessionID(req.getDestroySessionID()));
break;
case SessionRequest.Logout:
sessionService.logout(sid);
break;
case SessionRequest.AddSessionListener:
sessionService.addSessionListener(sid, req.getNotificationURL());
break;
case SessionRequest.AddSessionListenerOnAllSessions:
/**
* Cookie Hijacking fix to disable adding of Notification
* Listener for ALL the sessions over the network to the server
* instance specified by Notification URL This property can be
* added and set in the AMConfig.properties file should there be
* a need to add Notification Listener to ALL the sessions. The
* default value of this property is FALSE
*/
if (getEnableAddListenerOnAllSessions()) {
sessionService.addSessionListenerOnAllSessions(requesterSession, req.getNotificationURL());
}
break;
case SessionRequest.SetProperty:
sessionService.setExternalProperty(this.clientToken, sid, req.getPropertyName(), req.getPropertyValue());
break;
case SessionRequest.GetSessionCount:
String uuid = req.getUUID();
Object sessions = SessionCount.getSessionsFromLocalServer(uuid);
if (sessions != null) {
res.setSessionsForGivenUUID((Map) sessions);
}
break;
default:
res.setException(sid + " " + SessionBundle.getString("unknownRequestMethod"));
break;
}
} catch (SessionException se) {
sessionDebug.message("processSessionRequest caught exception: {}", se.getMessage(), se);
res.setException(sid + " " + se.getMessage());
}
return res;
}
Also used :
SessionException(com.iplanet.dpro.session.SessionException)
SessionInfo(com.iplanet.dpro.session.share.SessionInfo)
SessionResponse(com.iplanet.dpro.session.share.SessionResponse)
SessionID(com.iplanet.dpro.session.SessionID)
URL(java.net.URL)
Session(com.iplanet.dpro.session.Session)
Example 2 with SessionException
use of com.iplanet.dpro.session.SessionException in project OpenAM by OpenRock.
the class SessionService method addSessionListenerOnAllSessions.
/**
* Add a listener to all Internal Sessions.
*
* @param session
* @param url
* @throws SessionException
*/
public void addSessionListenerOnAllSessions(Session session, String url) throws SessionException {
if (session.getState(false) != VALID) {
throw new SessionException(SessionBundle.getString("invalidSessionState") + session.getID().toString());
}
if (session.getClientID().equals(dsameAdminTokenProvider.getDsameAdminDN())) {
sessionNotificationSender.addListenerOnAllInternalSessions(url);
return;
}
try {
AMIdentity user = getUser(session);
Set attribute = user.getAttribute("iplanet-am-session-add-session-listener-on-all-sessions");
if (CollectionUtils.getFirstItem(attribute, "false").equals("false")) {
throw new SessionException(SessionBundle.rbName, "noPrivilege", null);
}
sessionNotificationSender.addListenerOnAllInternalSessions(url);
} catch (Exception e) {
throw new SessionException(e);
}
}
Also used :
Set(java.util.Set)
HashSet(java.util.HashSet)
AMIdentity(com.sun.identity.idm.AMIdentity)
SessionException(com.iplanet.dpro.session.SessionException)
DelegationException(com.sun.identity.delegation.DelegationException)
SSOException(com.iplanet.sso.SSOException)
InterruptedIOException(java.io.InterruptedIOException)
IdRepoException(com.sun.identity.idm.IdRepoException)
ConnectException(java.net.ConnectException)
SessionException(com.iplanet.dpro.session.SessionException)
CoreTokenException(org.forgerock.openam.cts.exceptions.CoreTokenException)
Example 3 with SessionException
use of com.iplanet.dpro.session.SessionException in project OpenAM by OpenRock.
the class SessionService method getValidInternalSessions.
/**
* Get all valid Internal Sessions matched with pattern.
*/
private List<InternalSession> getValidInternalSessions(String pattern, int[] status) throws SessionException {
List<InternalSession> sessions = new ArrayList<InternalSession>();
if (pattern == null) {
pattern = "*";
}
try {
long startTime = System.currentTimeMillis();
pattern = pattern.toLowerCase();
List<InternalSession> allValidSessions = getValidInternalSessions();
boolean matchAll = pattern.equals("*");
for (InternalSession sess : allValidSessions) {
if (!matchAll) {
// For application sessions, the client ID
// will not be in the DN format but just uid.
String clientID = (!sess.isAppSession()) ? DNUtils.DNtoName(sess.getClientID()) : sess.getClientID();
if (clientID == null) {
continue;
} else {
clientID = clientID.toLowerCase();
}
if (!matchFilter(clientID, pattern)) {
continue;
}
}
if (sessions.size() == serviceConfig.getMaxSessionListSize()) {
status[0] = IdSearchResults.SIZE_LIMIT_EXCEEDED;
break;
}
sessions.add(sess);
if ((System.currentTimeMillis() - startTime) >= serviceConfig.getSessionRetrievalTimeout()) {
status[0] = IdSearchResults.TIME_LIMIT_EXCEEDED;
break;
}
}
} catch (Exception e) {
sessionDebug.error("SessionService : " + "Unable to get Session Information ", e);
throw new SessionException(e);
}
return sessions;
}
Also used :
ArrayList(java.util.ArrayList)
SessionException(com.iplanet.dpro.session.SessionException)
DelegationException(com.sun.identity.delegation.DelegationException)
SSOException(com.iplanet.sso.SSOException)
InterruptedIOException(java.io.InterruptedIOException)
IdRepoException(com.sun.identity.idm.IdRepoException)
ConnectException(java.net.ConnectException)
SessionException(com.iplanet.dpro.session.SessionException)
CoreTokenException(org.forgerock.openam.cts.exceptions.CoreTokenException)
Example 4 with SessionException
use of com.iplanet.dpro.session.SessionException in project OpenAM by OpenRock.
the class SessionService method checkPermissionToDestroySession.
/**
* Checks if the requester has the necessary permission to destroy the provided session. The user has the necessary
* privileges if one of these conditions is fulfilled:
* <ul>
* <li>The requester attempts to destroy its own session.</li>
* <li>The requester has top level admin role (having read/write access to any service configuration in the top
* level realm).</li>
* <li>The session's client domain is listed in the requester's profile under the
* <code>iplanet-am-session-destroy-sessions service</code> service attribute.</li>
* </ul>
*
* @param requester The requester's session.
* @param sid The session to destroy.
* @throws SessionException If none of the conditions above is fulfilled, i.e. when the requester does not have the
* necessary permissions to destroy the session.
*/
public void checkPermissionToDestroySession(Session requester, SessionID sid) throws SessionException {
if (requester.getState(false) != VALID) {
throw new SessionException(SessionBundle.getString("invalidSessionState") + sid.toString());
}
try {
// a session can destroy itself or super admin can destroy anyone including another super admin
if (requester.getID().equals(sid) || hasTopLevelAdminRole(requester)) {
return;
}
AMIdentity user = getUser(requester);
Set<String> orgList = user.getAttribute("iplanet-am-session-destroy-sessions");
if (!orgList.contains(requester.getClientDomain())) {
throw new SessionException(SessionBundle.rbName, "noPrivilege", null);
}
} catch (Exception e) {
throw new SessionException(e);
}
}
Also used :
AMIdentity(com.sun.identity.idm.AMIdentity)
SessionException(com.iplanet.dpro.session.SessionException)
DelegationException(com.sun.identity.delegation.DelegationException)
SSOException(com.iplanet.sso.SSOException)
InterruptedIOException(java.io.InterruptedIOException)
IdRepoException(com.sun.identity.idm.IdRepoException)
ConnectException(java.net.ConnectException)
SessionException(com.iplanet.dpro.session.SessionException)
CoreTokenException(org.forgerock.openam.cts.exceptions.CoreTokenException)
Example 5 with SessionException
use of com.iplanet.dpro.session.SessionException in project OpenAM by OpenRock.
the class SessionService method getValidSessions.
/**
* Gets all valid Internal Sessions, depending on the value of the user's
* preferences.
*
* @param s
* @throws SessionException
*/
public List<SessionInfo> getValidSessions(Session s, String pattern, int[] status) throws SessionException {
if (s.getState(false) != VALID) {
throw new SessionException(SessionBundle.getString("invalidSessionState") + s.getID().toString());
}
try {
AMIdentity user = getUser(s);
Set orgList = user.getAttribute("iplanet-am-session-get-valid-sessions");
if (orgList == null) {
orgList = Collections.EMPTY_SET;
}
List<InternalSession> sessions = getValidInternalSessions(pattern, status);
List<SessionInfo> infos = new ArrayList<SessionInfo>(sessions.size());
// top level admin gets all sessions
boolean isTopLevelAdmin = hasTopLevelAdminRole(s);
for (InternalSession sess : sessions) {
if (isTopLevelAdmin || orgList.contains(sess.getClientDomain())) {
SessionInfo info = sess.toSessionInfo();
// replace session id with session handle to prevent from
// impersonation
info.setSessionID(sess.getSessionHandle());
infos.add(info);
}
}
return infos;
} catch (Exception e) {
throw new SessionException(e);
}
}
Also used :
Set(java.util.Set)
HashSet(java.util.HashSet)
AMIdentity(com.sun.identity.idm.AMIdentity)
ArrayList(java.util.ArrayList)
SessionException(com.iplanet.dpro.session.SessionException)
SessionInfo(com.iplanet.dpro.session.share.SessionInfo)
DelegationException(com.sun.identity.delegation.DelegationException)
SSOException(com.iplanet.sso.SSOException)
InterruptedIOException(java.io.InterruptedIOException)
IdRepoException(com.sun.identity.idm.IdRepoException)
ConnectException(java.net.ConnectException)
SessionException(com.iplanet.dpro.session.SessionException)
CoreTokenException(org.forgerock.openam.cts.exceptions.CoreTokenException)
Aggregations
SessionException (com.iplanet.dpro.session.SessionException)60
SessionID (com.iplanet.dpro.session.SessionID)22
Session (com.iplanet.dpro.session.Session)18
SSOException (com.iplanet.sso.SSOException)15
SessionResponse (com.iplanet.dpro.session.share.SessionResponse)9
SessionInfo (com.iplanet.dpro.session.share.SessionInfo)8
URL (java.net.URL)8
Map (java.util.Map)7
Test (org.testng.annotations.Test)7
InternalSession (com.iplanet.dpro.session.service.InternalSession)6
SessionRequest (com.iplanet.dpro.session.share.SessionRequest)6
IdRepoException (com.sun.identity.idm.IdRepoException)6
CoreTokenException (org.forgerock.openam.cts.exceptions.CoreTokenException)6
DelegationException (com.sun.identity.delegation.DelegationException)5
InterruptedIOException (java.io.InterruptedIOException)5
ConnectException (java.net.ConnectException)5
HashSet (java.util.HashSet)5
Set (java.util.Set)5
TokenRestriction (com.iplanet.dpro.session.TokenRestriction)4
SSOToken (com.iplanet.sso.SSOToken)4
