Search in sources :

Example 81 with SessionID

use of com.iplanet.dpro.session.SessionID in project OpenAM by OpenRock.

the class CTSOperations method destroy.

/**
     * Perform a remote destroy operation on the SessionID, because we know this is a remote session.
     *
     * @param requester {@inheritDoc}
     * @param session {@inheritDoc}
     * @throws SessionException if we somehow passed a local session into this function
     */
@Override
public void destroy(Session requester, Session session) throws SessionException {
    // Comments as for logout.  The check for a local session should be removed if it proves to be a performance
    // bottleneck.
    //
    SessionID sessionID = session.getID();
    if (sessionService.checkSessionLocal(sessionID)) {
        throw new SessionException("CTSOperations received a local session (only remote sessions expected)");
    }
    remote.destroy(requester, session);
}
Also used : SessionException(com.iplanet.dpro.session.SessionException) SessionID(com.iplanet.dpro.session.SessionID)

Example 82 with SessionID

use of com.iplanet.dpro.session.SessionID in project OpenAM by OpenRock.

the class AuthXMLHandler method processRequest.

/* process the request */
private Response processRequest(PLLAuditor auditor, Request req, HttpServletRequest servletReq, HttpServletResponse servletRes) {
    // this call is to create a http session so that the JSESSIONID cookie
    // is created. The appserver(8.1) load balancer plugin relies on the
    // JSESSIONID cookie to set its JROUTE sticky cookie.
    debug.message("=======================Entering processRequest");
    servletReq.getSession(true);
    String content = req.getContent();
    AuthXMLResponse authResponse = null;
    // Check for mis-routed requests
    String cookieURL = null;
    int index = content.indexOf(AuthXMLTags.AUTH_ID_HANDLE);
    if (index != -1) {
        // Check for mis-routed requests, get server URL for
        // AuthIdentifier
        int beginIndex = content.indexOf('"', index);
        int endIndex = content.indexOf('"', beginIndex + 1);
        String authIdentifier = content.substring(beginIndex + 1, endIndex);
        if (debug.messageEnabled()) {
            debug.message("authIdentifier = " + authIdentifier + "beginIndex = " + beginIndex + "endIndex =" + endIndex);
        }
        if (!authIdentifier.equals("0")) {
            try {
                SessionID sessionID = new SessionID(authIdentifier);
                URL sessionServerURL = SESSION_SERVICE_URL_SERVICE.getSessionServiceURL(sessionID);
                StringBuilder srtBuff = new StringBuilder(100);
                srtBuff.append(sessionServerURL.getProtocol()).append("://").append(sessionServerURL.getHost()).append(":").append(Integer.toString(sessionServerURL.getPort())).append(serviceURI);
                cookieURL = srtBuff.toString();
            } catch (Exception exp) {
                debug.error("Error in getting URL from session", exp);
                cookieURL = null;
            }
        }
    }
    if ((cookieURL != null) && (cookieURL.trim().length() != 0) && !(AuthUtils.isLocalServer(cookieURL, serviceURI))) {
        // Routing to the correct server, the looks like a mis-routed 
        // requested.
        HashMap cookieTable = new HashMap();
        Map headers = new HashMap();
        Enumeration headerNames = servletReq.getHeaderNames();
        while (headerNames.hasMoreElements()) {
            String headerName = (String) headerNames.nextElement();
            List headerValues = new ArrayList();
            Enumeration enum1 = servletReq.getHeaders(headerName);
            while (enum1.hasMoreElements()) {
                headerValues.add(enum1.nextElement());
            }
            headers.put(headerName, headerValues);
        }
        if (debug.messageEnabled()) {
            debug.message("Headers: " + headers);
        }
        PLLClient.parseCookies(headers, cookieTable);
        if (debug.messageEnabled()) {
            debug.message("Cookies: " + cookieTable);
        }
        RequestSet set = new RequestSet(AuthXMLTags.AUTH_SERVICE);
        set.addRequest(req);
        try {
            Vector responses = PLLClient.send(new URL(cookieURL), set, cookieTable);
            if (!responses.isEmpty()) {
                auditor.auditAccessAttempt();
                // Just record result as success here to avoid parsing response
                auditor.auditAccessSuccess();
                debug.message("=====================Returning redirected");
                return ((Response) responses.elementAt(0));
            }
        } catch (Exception e) {
            debug.error("Error in misrouted ", e);
            // Attempt to contact server failed
            authResponse = new AuthXMLResponse(AuthXMLRequest.NewAuthContext);
            setErrorCode(authResponse, e);
            auditor.auditAccessAttempt();
            auditor.auditAccessFailure(authResponse.errorCode, authResponse.authErrorMessage);
            return new Response(authResponse.toXMLString());
        }
    }
    // Either local request or new request, handle it locally
    try {
        AuthXMLRequest sreq = AuthXMLRequest.parseXML(content, servletReq);
        sreq.setHttpServletRequest(servletReq);
        authResponse = processAuthXMLRequest(content, auditor, sreq, servletReq, servletRes);
    } catch (AuthException e) {
        debug.error("Got Auth Exception", e);
        authResponse = new AuthXMLResponse(AuthXMLRequest.NewAuthContext);
        authResponse.setErrorCode(e.getErrorCode());
    } catch (Exception ex) {
        debug.error("Error while processing xml request", ex);
        authResponse = new AuthXMLResponse(AuthXMLRequest.NewAuthContext);
        setErrorCode(authResponse, ex);
    }
    debug.message("=======================Returning");
    if (authResponse.isException) {
        auditor.auditAccessFailure(authResponse.errorCode, authResponse.authErrorMessage);
    } else {
        auditor.auditAccessSuccess();
    }
    return new Response(authResponse.toXMLString());
}
Also used : Enumeration(java.util.Enumeration) HashMap(java.util.HashMap) ArrayList(java.util.ArrayList) AuthException(com.sun.identity.authentication.service.AuthException) URL(java.net.URL) AuthLoginException(com.sun.identity.authentication.spi.AuthLoginException) SSOException(com.iplanet.sso.SSOException) AuthException(com.sun.identity.authentication.service.AuthException) HttpServletResponse(javax.servlet.http.HttpServletResponse) Response(com.iplanet.services.comm.share.Response) RequestSet(com.iplanet.services.comm.share.RequestSet) List(java.util.List) ArrayList(java.util.ArrayList) SessionID(com.iplanet.dpro.session.SessionID) Map(java.util.Map) HashMap(java.util.HashMap) Vector(java.util.Vector)

Example 83 with SessionID

use of com.iplanet.dpro.session.SessionID in project OpenAM by OpenRock.

the class NoSessionActivatorTest method shouldDestroyAuthSession.

@Test
public void shouldDestroyAuthSession() throws AuthException {
    // Given
    final SessionID sid = new SessionID();
    given(mockSession.getID()).willReturn(sid);
    // When
    NoSessionActivator.INSTANCE.activateSession(null, mockSessionService, mockSession, null, null);
    // Then
    verify(mockSessionService).destroyInternalSession(sid);
}
Also used : SessionID(com.iplanet.dpro.session.SessionID) Test(org.testng.annotations.Test)

Example 84 with SessionID

use of com.iplanet.dpro.session.SessionID in project OpenAM by OpenRock.

the class StatelessSessionActivatorTest method shouldGenerateStatelessSessionId.

@Test
public void shouldGenerateStatelessSessionId() throws Exception {
    // Given
    InternalSession mockSession = mock(InternalSession.class);
    String userDn = "fred";
    given(mockLoginState.getUserDN()).willReturn(userDn);
    given(mockSession.activate(userDn, true)).willReturn(true);
    StatelessSession mockStatelessSession = mock(StatelessSession.class);
    given(mockSessionFactory.generate(mockSession)).willReturn(mockStatelessSession);
    SessionID statelessSessionId = new SessionID("stateless");
    given(mockStatelessSession.getID()).willReturn(statelessSessionId);
    // When
    testActivator.activateSession(mockSession, mockLoginState);
    // Then
    verify(mockSessionFactory).generate(mockSession);
    verify(mockLoginState).setSessionID(statelessSessionId);
}
Also used : StatelessSession(org.forgerock.openam.sso.providers.stateless.StatelessSession) InternalSession(com.iplanet.dpro.session.service.InternalSession) SessionID(com.iplanet.dpro.session.SessionID) Test(org.testng.annotations.Test)

Example 85 with SessionID

use of com.iplanet.dpro.session.SessionID in project OpenAM by OpenRock.

the class KeyConversionTest method shouldNotFailToEncryptKey.

@Test
public void shouldNotFailToEncryptKey() {
    // Given
    SessionID key = mock(SessionID.class);
    SessionIDExtensions extensions = mock(SessionIDExtensions.class);
    given(key.getExtension()).willReturn(extensions);
    given(extensions.getStorageKey()).willReturn("badger");
    KeyConversion conversion = new KeyConversion();
    // When
    String result = conversion.encryptKey(key);
    // Then
    assertNotNull(result);
}
Also used : SessionIDExtensions(com.iplanet.dpro.session.SessionIDExtensions) SessionID(com.iplanet.dpro.session.SessionID) Test(org.testng.annotations.Test)

Aggregations

SessionID (com.iplanet.dpro.session.SessionID)105 Test (org.testng.annotations.Test)44 SessionException (com.iplanet.dpro.session.SessionException)31 SSOToken (com.iplanet.sso.SSOToken)23 InternalSession (com.iplanet.dpro.session.service.InternalSession)18 SSOException (com.iplanet.sso.SSOException)18 AuthContextLocalWrapper (org.forgerock.openam.core.rest.authn.core.wrappers.AuthContextLocalWrapper)17 HttpServletResponse (javax.servlet.http.HttpServletResponse)16 HttpServletRequest (javax.servlet.http.HttpServletRequest)15 Session (com.iplanet.dpro.session.Session)14 URL (java.net.URL)9 Map (java.util.Map)9 AuthLoginException (com.sun.identity.authentication.spi.AuthLoginException)8 IOException (java.io.IOException)5 HashMap (java.util.HashMap)5 SMSException (com.sun.identity.sm.SMSException)4 Token (org.forgerock.openam.cts.api.tokens.Token)4 SessionIDExtensions (com.iplanet.dpro.session.SessionIDExtensions)3 TokenRestriction (com.iplanet.dpro.session.TokenRestriction)3 SessionInfo (com.iplanet.dpro.session.share.SessionInfo)3