Example 11 with SessionID
use of com.iplanet.dpro.session.SessionID in project OpenAM by OpenRock.
the class StatelessSessionFactoryTest method shouldUndoC66DecodingDamageToJwt.
/**
* OpenAM's C66 encoding/decoding in SessionID is lossy. In particular, c66 decoding changes base64url-encoded JWTs
* into normal Base64 encoding. While this loses no information when decoding the JWT, it does cause any
* signature to fail due to the input bytes changing. Rather than fixing the c66 encoding to be lossless (which
* could break agents and other software that expects to be able to decode session ids), we instead work around
* the problem by undoing the damage. We can always do this losslessly for JWTs.
*/
@Test
public void shouldUndoC66DecodingDamageToJwt() {
// Given
final String fullJwtAlphabet = ".-_abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
// NB: '*' indicates that the sid is c66-encoded, '@' separates the encrypted id from the tail part (no exts).
final SessionID sessionID = new SessionID("*@" + fullJwtAlphabet);
// When
final String result = StatelessSessionFactory.getJWTFromSessionID(sessionID, true);
// Then
assertThat(result).isEqualTo(fullJwtAlphabet);
}Example 12 with SessionID
use of com.iplanet.dpro.session.SessionID in project OpenAM by OpenRock.
the class StatelessSessionFactoryTest method shouldNotUndoC66DecodingIfNotAsked.
@Test
public void shouldNotUndoC66DecodingIfNotAsked() {
// Given
final String fullJwtAlphabet = ".-_abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
// NB: '*' indicates that the sid is c66-encoded, '@' separates the encrypted id from the tail part (no exts).
final SessionID sessionID = new SessionID("*@" + fullJwtAlphabet);
// When
final String result = StatelessSessionFactory.getJWTFromSessionID(sessionID, false);
// Then
assertThat(result).isEqualTo(sessionID.getTail());
}Example 13 with SessionID
use of com.iplanet.dpro.session.SessionID in project OpenAM by OpenRock.
the class StatelessSessionFactoryTest method shouldExtractJWTFromSessionID.
@Test
public void shouldExtractJWTFromSessionID() {
SessionID id = mock(SessionID.class);
given(id.getTail()).willReturn("badger=");
given(id.isC66Encoded()).willReturn(true);
assertThat(StatelessSessionFactory.getJWTFromSessionID(id, true)).isEqualTo("badger.");
}Example 14 with SessionID
use of com.iplanet.dpro.session.SessionID in project OpenAM by OpenRock.
the class AuthClientUtils method getCookieURLForSessionUpgrade.
public static String getCookieURLForSessionUpgrade(HttpServletRequest request) {
String cookieURL = null;
try {
SSOTokenManager tokenManager = SSOTokenManager.getInstance();
SSOToken token = tokenManager.createSSOToken(request);
Hashtable reqDataHash = parseRequestParameters(request);
if (tokenManager.isValidToken(token)) {
cookieURL = getCookieURL(new SessionID(token.getTokenID().toString()));
if (cookieURL != null && !isLocalServer(cookieURL, true) && (forceAuthFlagExists(reqDataHash) || checkSessionUpgrade(token, reqDataHash))) {
return cookieURL;
}
}
} catch (SSOException ssoe) {
if (utilDebug.messageEnabled()) {
utilDebug.message("SSOException occurred while checking session upgrade case", ssoe);
}
}
return null;
}
Also used :
SSOTokenManager(com.iplanet.sso.SSOTokenManager)
SSOToken(com.iplanet.sso.SSOToken)
Hashtable(java.util.Hashtable)
SSOException(com.iplanet.sso.SSOException)
SessionID(com.iplanet.dpro.session.SessionID)
Example 15 with SessionID
use of com.iplanet.dpro.session.SessionID in project OpenAM by OpenRock.
the class AuthClientUtils method getSessionIDFromRequest.
/**
* Returns the Session ID for this request. If Authetnication Cookie and
* Valid AM Cookie are there and request method is GET then use Valid
* AM Cookie else use Auth Cookie. The cookie in the request for invalid
* sessions is in auth cookie, <code>com.iplanet.am.auth.cookie</code>,
* and for active/inactive sessions in <code>com.iplanet.am.cookie</code>.
*
* @param request HTTP Servlet Request.
* @return Session ID for this request.
*/
public static SessionID getSessionIDFromRequest(HttpServletRequest request) {
boolean isGetRequest = (request != null && request.getMethod().equalsIgnoreCase("GET"));
SessionID amCookieSid = new SessionID(request);
SessionID authCookieSid = getSidFromCookie(request);
SessionID sessionID;
if (authCookieSid == null) {
sessionID = amCookieSid;
} else {
if (isGetRequest) {
sessionID = amCookieSid;
} else {
sessionID = authCookieSid;
}
}
if (utilDebug.messageEnabled()) {
utilDebug.message("AuthUtils:returning sessionID:" + sessionID);
}
return sessionID;
}
Also used :
SessionID(com.iplanet.dpro.session.SessionID)
Aggregations
SessionID (com.iplanet.dpro.session.SessionID)105
Test (org.testng.annotations.Test)44
SessionException (com.iplanet.dpro.session.SessionException)31
SSOToken (com.iplanet.sso.SSOToken)23
InternalSession (com.iplanet.dpro.session.service.InternalSession)18
SSOException (com.iplanet.sso.SSOException)18
AuthContextLocalWrapper (org.forgerock.openam.core.rest.authn.core.wrappers.AuthContextLocalWrapper)17
HttpServletResponse (javax.servlet.http.HttpServletResponse)16
HttpServletRequest (javax.servlet.http.HttpServletRequest)15
Session (com.iplanet.dpro.session.Session)14
URL (java.net.URL)9
Map (java.util.Map)9
AuthLoginException (com.sun.identity.authentication.spi.AuthLoginException)8
IOException (java.io.IOException)5
HashMap (java.util.HashMap)5
SMSException (com.sun.identity.sm.SMSException)4
Token (org.forgerock.openam.cts.api.tokens.Token)4
SessionIDExtensions (com.iplanet.dpro.session.SessionIDExtensions)3
TokenRestriction (com.iplanet.dpro.session.TokenRestriction)3
SessionInfo (com.iplanet.dpro.session.share.SessionInfo)3
