Examples with SessionException com.iplanet.dpro.session.SessionException used on opensource projects

Example 36 with SessionException

use of com.iplanet.dpro.session.SessionException in project OpenAM by OpenRock.

the class SSOProviderImpl method destroyToken.

/**
     * Destroys a single sign on token.
     *
     * @param destroyer
     *            The single sign on token object used to authorize the
     *            operation
     * @param destroyed
     *            The single sign on token object to be destroyed.
     * @throws SSOException
     *             if the there was an error during communication with session
     *             service.
     *
     * @supported.api
     */
public void destroyToken(SSOToken destroyer, SSOToken destroyed) throws SSOException {
    try {
        Session requester = ((SSOTokenImpl) destroyer).getSession();
        Session target = ((SSOTokenImpl) destroyed).getSession();
        requester.destroySession(target);
    } catch (SessionException e) {
        throw new SSOException(e);
    }
}

Example 37 with SessionException

use of com.iplanet.dpro.session.SessionException in project OpenAM by OpenRock.

the class StatelessSessionFactory method isValidJwt.

/**
     * @param tokenId Possibly null, empty, or timed out JWT.
     * @return True if the TokenID JWT represents a valid SessionInfo which has not timed out.
     */
private boolean isValidJwt(String tokenId) {
    if (StringUtils.isEmpty(tokenId)) {
        return false;
    }
    try {
        StatelessSession statelessSession;
        if (cache.contains(tokenId)) {
            /**
                 * NB: We cannot use the JWTCache to map in the reverse direction (SessionInfo-JWT)
                 * because the SessionInfo object can change contents, but remain the same reference
                 * in the cache. Therefore the only way to maintain consistent state is to generate
                 * the JWT from the SessionInfo each time.
                 *
                 * We can re-evaluate this if it becomes a hot-spot.
                 */
            statelessSession = generate(cache.getSessionInfo(tokenId));
        } else {
            SessionID sessionID = new SessionID(tokenId);
            if (!containsJwt(sessionID)) {
                return false;
            }
            statelessSession = generate(sessionID);
        }
        return statelessSession.getTimeLeft() >= 0;
    } catch (SessionException e) {
        debug.message("Failed to validate JWT {0}", tokenId, e);
        return false;
    }
}

Example 38 with SessionException

use of com.iplanet.dpro.session.SessionException in project OpenAM by OpenRock.

the class SessionCache method removeRemoteSID.

/**
     * Wrapper method for {@link #removeSID} only to be called when receiving notification of session
     * destruction from the home server.
     *
     * This method should only be called when the identified session has another instance
     * of OpenAM as its home server.
     *
     * @param info Current state of session on home server
     */
public void removeRemoteSID(SessionInfo info) {
    SessionID sessionID = new SessionID(info.getSessionID());
    long purgeDelay = getPurgeDelayForReducedCrosstalk();
    if (purgeDelay > 0) {
        Session session = readSession(sessionID);
        if (session == null) {
            /**
                 * Reduced crosstalk protection.
                 *
                 * As the indicated session has not yet been loaded, it will be created and added to the
                 * {@link #sessionTable} so that it can remain there in a DESTROYED state until it is purged.
                 */
            session = new Session(sessionID);
            try {
                session.update(info);
                writeSession(session);
            } catch (SessionException e) {
                debug.error("Exception reading remote SessionInfo", e);
            }
        }
        session.setPurgeAt(System.currentTimeMillis() + (purgeDelay * 60 * 1000));
        session.cancel();
        if (!session.isScheduled()) {
            SystemTimerPool.getTimerPool().schedule(session, new Date(session.getPurgeAt()));
        } else {
            debug.error("Unable to schedule destroyed session for purging");
        }
    }
    removeSID(sessionID);
}

Example 39 with SessionException

use of com.iplanet.dpro.session.SessionException in project OpenAM by OpenRock.

the class SessionCache method getSession.

/**
     * This function will get a session based on the session id.  It will allow invalid sessions to be returned,
     * and allow the caller to specify whether the session can be updated (and therefore have the idle time
     * refreshed).
     *
     * @param sessionID The Session id.
     * @param allowInvalidSessions If true, allow invalid Sessions to be returned.
     * @param possiblyResetIdleTime If true, the idle time of the session can be reset, if false, it is never reset.
     * @return A session object.
     * @throws SessionException If the Session ID object does not contain a
     *         valid session string, or the session string was valid before
     *         but has been destroyed, or there was an error during
     *         communication with session service.
     */
public Session getSession(SessionID sessionID, boolean allowInvalidSessions, boolean possiblyResetIdleTime) throws SessionException {
    if (sessionID.toString() == null || sessionID.toString().length() == 0) {
        throw new SessionException(SessionBundle.rbName, "invalidSessionID", null);
    }
    Session session = readSession(sessionID);
    if (session != null) {
        /**
             * Reduced crosstalk protection.
             *
             * When a user logs out, or the Session is destroyed and crosstalk is reduced, it is possible
             * for a destroyed session to be recovered by accessing it on a remote server. Instead the
             * session will be left in the {@link #sessionTable} until it is purged. This check will
             * detect this condition and indicate to the caller their SessionID is invalid.
             */
        if (session.getState(false) == DESTROYED && getPurgeDelayForReducedCrosstalk() > 0) {
            throw new SessionException("Session is in a destroyed state");
        }
        TokenRestriction restriction = session.getRestriction();
        try {
            if (SystemProperties.isServerMode()) {
                if ((restriction != null) && !restriction.isSatisfied(RestrictedTokenContext.getCurrent())) {
                    throw new SessionException(SessionBundle.rbName, "restrictionViolation", null);
                }
            }
        } catch (Exception e) {
            throw new SessionException(e);
        }
        if (!sessionPollerPool.getCacheBasedPolling() && session.maxCachingTimeReached()) {
            session.refresh(false);
        }
        return session;
    }
    session = new Session(sessionID);
    if (!allowInvalidSessions) {
        session.refresh(possiblyResetIdleTime);
    }
    session.setContext(RestrictedTokenContext.getCurrent());
    writeSession(session);
    if (!sessionPollerPool.isPollingEnabled()) {
        session.addInternalSessionListener();
    }
    return session;
}

Example 40 with SessionException

use of com.iplanet.dpro.session.SessionException in project OpenAM by OpenRock.

the class SessionServiceURLService method getSessionServiceURL.

/**
     * Returns Session Service URL.
     *
     * @param protocol Session Server protocol.
     * @param server Session Server host name.
     * @param port Session Server port.
     * @param uri Session Server URI.
     * @return URL Session Service URL.
     * @exception com.iplanet.dpro.session.SessionException
     */
public URL getSessionServiceURL(String protocol, String server, String port, String uri) throws SessionException {
    String key = protocol + "://" + server + ":" + port + uri;
    URL url = sessionServiceURLTable.get(key);
    if (url == null) {
        try {
            url = WebtopNaming.getServiceURL(SESSION_SERVICE, protocol, server, port, uri);
            sessionServiceURLTable.put(key, url);
            return url;
        } catch (Exception e) {
            throw new SessionException(e);
        }
    }
    return url;
}