Example 41 with SessionID
use of com.iplanet.dpro.session.SessionID in project OpenAM by OpenRock.
the class LoginAuthenticator method getLoginProcess.
/**
* Gets the Login Process object using the given Login Configuration.
*
* If it is the first request to initiate a login process then a new AuthContextLocal will be created and given
* to a new Login Process object and startLoginProcess() will be called.
*
* Otherwise the request is a continuation of an existing login process, the exiting AuthContextLocal will
* be retrieved, using the session id set in the Login Configuration, and given to a new Login Process object
* which will continue the login process. startLoginProcess() will not be called.
*
* @param loginConfiguration The LoginConfiguration object to be used to start or continue the login process.
* @return The LoginProcess object.
* @throws AuthException If there is a problem retrieving or creating the underlying AuthContextLocal.
* @throws AuthLoginException If there is a problem retrieving or creating the underlying AuthContextLocal or
* starting the login process.
* @throws SSOException If there is a problem starting the login process.
*/
public LoginProcess getLoginProcess(LoginConfiguration loginConfiguration) throws AuthException, AuthLoginException, SSOException, RestAuthException {
verifyAuthenticationRealm(loginConfiguration.getHttpRequest());
SSOToken ssoToken = coreServicesWrapper.getExistingValidSSOToken(new SessionID(loginConfiguration.getSSOTokenId()));
if (noMoreAuthenticationRequired(ssoToken, loginConfiguration)) {
return new CompletedLoginProcess(this, loginConfiguration, coreServicesWrapper, ssoToken);
}
AuthContextLocalWrapper authContext = getAuthContext(loginConfiguration);
LoginProcess loginProcess = new LoginProcess(this, loginConfiguration, authContext, coreServicesWrapper);
if (coreServicesWrapper.isNewRequest(authContext)) {
startLoginProcess(loginProcess);
}
return loginProcess;
}
Also used :
SSOToken(com.iplanet.sso.SSOToken)
AuthContextLocalWrapper(org.forgerock.openam.core.rest.authn.core.wrappers.AuthContextLocalWrapper)
SessionID(com.iplanet.dpro.session.SessionID)
Example 42 with SessionID
use of com.iplanet.dpro.session.SessionID in project OpenAM by OpenRock.
the class LoginAuthenticator method getAuthContext.
/**
* Either creates or retrieves an existing AuthContextLocal dependent on whether this request is a new
* authentication request or the continuation of an existing one.
*
* This method will also determine whether the request is a new authentication request for session upgrade.
*
* NOTE: A new authentication request, which includes a user's current SSO Token Id, which is not a session upgrade
* request, will result in a new AuthContextLocal object being created and a new login process being started.
* It does not check if the user's current SSO Token Id is valid and return if valid.
*
* @param loginConfiguration The LoginConfiguration object to be used to start or continue the login process.
* @return The AuthContextLocal wrapped as a AuthContextLocalWrapper.
* @throws AuthException If there is a problem creating/retrieving the AuthContextLocal.
* @throws AuthLoginException If there is a problem checking if the authentication request requires session upgrade.
* @throws SSOException If there is a problem checking if the authentication request requires session upgrade.
*/
private AuthContextLocalWrapper getAuthContext(LoginConfiguration loginConfiguration) throws AuthException, AuthLoginException, SSOException {
HttpServletRequest request = loginConfiguration.getHttpRequest();
HttpServletResponse response = loginConfiguration.getHttpResponse();
SessionID sessionID = new SessionID(loginConfiguration.getSessionId());
boolean isSessionUpgrade = false;
if (loginConfiguration.isSessionUpgradeRequest() && sessionID.isNull() || loginConfiguration.isForceAuth()) {
sessionID = new SessionID(loginConfiguration.getSSOTokenId());
SSOToken ssoToken = coreServicesWrapper.getExistingValidSSOToken(sessionID);
isSessionUpgrade = checkSessionUpgrade(ssoToken, loginConfiguration.getIndexType(), loginConfiguration.getIndexValue()) || loginConfiguration.isForceAuth();
}
boolean isBackPost = false;
return coreServicesWrapper.getAuthContext(request, response, sessionID, isSessionUpgrade, isBackPost);
}
Also used :
HttpServletRequest(javax.servlet.http.HttpServletRequest)
SSOToken(com.iplanet.sso.SSOToken)
HttpServletResponse(javax.servlet.http.HttpServletResponse)
SessionID(com.iplanet.dpro.session.SessionID)
Example 43 with SessionID
use of com.iplanet.dpro.session.SessionID in project OpenAM by OpenRock.
the class SessionRequestHandler method processSessionRequest.
private SessionResponse processSessionRequest(PLLAuditor auditor, SessionRequest req, HttpServletRequest servletRequest, HttpServletResponse servletResponse) {
SessionResponse res = new SessionResponse(req.getRequestID(), req.getMethodID());
SessionID sid = new SessionID(req.getSessionID());
Session requesterSession = null;
try {
/* common processing by groups of methods */
switch(req.getMethodID()) {
/*
* in this group of methods the request is targeting either all
* LOCAL sessions or a single local session identified by another
* request parameter sid in this case is only used to authenticate
* the operation Session pointed by sid is not expected to be local
* to this server (although it might)
*/
case SessionRequest.GetValidSessions:
case SessionRequest.AddSessionListenerOnAllSessions:
case SessionRequest.GetSessionCount:
/*
* note that the purpose of the following is just to check the
* authentication of the caller (which can also be used as a
* filter for the operation scope!)
*/
requesterSession = sessionCache.getSession(sid);
auditAccessAttempt(auditor, requesterSession);
/*
* also check that sid is not a restricted token
*/
if (requesterSession.getProperty(TOKEN_RESTRICTION_PROP) != null) {
res.setException(sid + " " + SessionBundle.getString("noPrivilege"));
return res;
}
break;
/*
* In this group request is targeting a single session identified by
* sid which is supposed to be hosted by this server instance sid is
* used both as an id of a session and to authenticate the operation
* (performed on own session)
*/
case SessionRequest.GetSession:
case SessionRequest.Logout:
case SessionRequest.AddSessionListener:
case SessionRequest.SetProperty:
case SessionRequest.DestroySession:
if (req.getMethodID() == SessionRequest.DestroySession) {
requesterSession = sessionCache.getSession(sid);
auditAccessAttempt(auditor, requesterSession);
/*
* also check that sid is not a restricted token
*/
if (requesterSession.getProperty(TOKEN_RESTRICTION_PROP) != null) {
res.setException(sid + " " + SessionBundle.getString("noPrivilege"));
return res;
}
sid = new SessionID(req.getDestroySessionID());
} else {
try {
auditAccessAttempt(auditor, sessionCache.getSession(sid));
} catch (SessionException ignored) {
// ignore, we'll log the access attempt without session properties
auditor.auditAccessAttempt();
}
}
if (req.getMethodID() == SessionRequest.SetProperty) {
/*
* This fix is to avoid clients sneaking in to set
* protected properties in server-2 or so through
* server-1. Short circuit this operation without
* forwarding it further.
*/
try {
SessionUtils.checkPermissionToSetProperty(this.clientToken, req.getPropertyName(), req.getPropertyValue());
} catch (SessionException se) {
if (sessionDebug.warningEnabled()) {
sessionDebug.warning("SessionRequestHandler.processRequest:" + "Client does not have permission to set" + " - property key = " + req.getPropertyName() + " : property value = " + req.getPropertyValue());
}
res.setException(sid + " " + SessionBundle.getString("noPrivilege"));
return res;
}
}
if (!serviceConfig.isSessionFailoverEnabled()) {
// TODO check how this behaves in non-session failover case
URL originService = SESSION_SERVICE_URL_SERVICE.getSessionServiceURL(sid);
if (!serverConfig.isLocalSessionService(originService)) {
if (!serverConfig.isSiteEnabled()) {
String siteID = sid.getExtension().getSiteID();
if (siteID != null) {
String primaryID = sid.getExtension().getPrimaryID();
String localServerID = serverConfig.getLocalServerID();
if ((primaryID != null) && (localServerID != null)) {
if (primaryID.equals(localServerID)) {
throw new SessionException("invalid session id");
}
}
}
} else {
return forward(originService, req);
}
}
} else {
if (serviceConfig.isUseInternalRequestRoutingEnabled()) {
// first try
String hostServerID = sessionService.getCurrentHostServer(sid);
if (!serverConfig.isLocalServer(hostServerID)) {
try {
return forward(SESSION_SERVICE_URL_SERVICE.getSessionServiceURL(hostServerID), req);
} catch (SessionException se) {
// attempt retry
if (!sessionService.checkServerUp(hostServerID)) {
// proceed with failover
String retryHostServerID = sessionService.getCurrentHostServer(sid);
if (retryHostServerID.equals(hostServerID)) {
throw se;
} else {
// case
if (!serverConfig.isLocalServer(retryHostServerID)) {
return forward(SESSION_SERVICE_URL_SERVICE.getSessionServiceURL(retryHostServerID), req);
}
}
} else {
throw se;
}
}
}
} else {
// iplanet-am-session-sfo-enabled=true (in direct contradiction to SMS property with same name)
throw new AssertionError("Unreachable code");
}
/*
* if session is not already present locally attempt to
* recover session if in failover mode
*/
if (!sessionService.isSessionPresent(sid)) {
if (sessionService.recoverSession(sid) == null) {
/*
* if not in failover mode or recovery was not
* successful return an exception
*/
/*
* !!!!! IMPORTANT !!!!! DO NOT REMOVE "sid" FROM
* EXCEPTIONMESSAGE Logic kludge in legacy Agent 2.0
* code will break If it can not find SID value in
* the exception message returned by Session
* Service. This dependency should be eventually
* removed once we migrate customers to a newer
* agent code base or switch to a new version of
* Session Service interface
*/
res.setException(sid + " " + SessionBundle.getString("sessionNotObtained"));
return res;
}
}
}
break;
default:
res.setException(sid + " " + SessionBundle.getString("unknownRequestMethod"));
return res;
}
/*
* request method-specific processing
*/
switch(req.getMethodID()) {
case SessionRequest.GetSession:
res.addSessionInfo(sessionService.getSessionInfo(sid, req.getResetFlag()));
break;
case SessionRequest.GetValidSessions:
String pattern = req.getPattern();
List<SessionInfo> infos = null;
int[] status = { 0 };
infos = sessionService.getValidSessions(requesterSession, pattern, status);
res.setStatus(status[0]);
res.setSessionInfo(infos);
break;
case SessionRequest.DestroySession:
sessionService.destroySession(requesterSession, new SessionID(req.getDestroySessionID()));
break;
case SessionRequest.Logout:
sessionService.logout(sid);
break;
case SessionRequest.AddSessionListener:
sessionService.addSessionListener(sid, req.getNotificationURL());
break;
case SessionRequest.AddSessionListenerOnAllSessions:
/**
* Cookie Hijacking fix to disable adding of Notification
* Listener for ALL the sessions over the network to the server
* instance specified by Notification URL This property can be
* added and set in the AMConfig.properties file should there be
* a need to add Notification Listener to ALL the sessions. The
* default value of this property is FALSE
*/
if (getEnableAddListenerOnAllSessions()) {
sessionService.addSessionListenerOnAllSessions(requesterSession, req.getNotificationURL());
}
break;
case SessionRequest.SetProperty:
sessionService.setExternalProperty(this.clientToken, sid, req.getPropertyName(), req.getPropertyValue());
break;
case SessionRequest.GetSessionCount:
String uuid = req.getUUID();
Object sessions = SessionCount.getSessionsFromLocalServer(uuid);
if (sessions != null) {
res.setSessionsForGivenUUID((Map) sessions);
}
break;
default:
res.setException(sid + " " + SessionBundle.getString("unknownRequestMethod"));
break;
}
} catch (SessionException se) {
sessionDebug.message("processSessionRequest caught exception: {}", se.getMessage(), se);
res.setException(sid + " " + se.getMessage());
}
return res;
}
Also used :
SessionException(com.iplanet.dpro.session.SessionException)
SessionInfo(com.iplanet.dpro.session.share.SessionInfo)
SessionResponse(com.iplanet.dpro.session.share.SessionResponse)
SessionID(com.iplanet.dpro.session.SessionID)
URL(java.net.URL)
Session(com.iplanet.dpro.session.Session)
Example 44 with SessionID
use of com.iplanet.dpro.session.SessionID in project OpenAM by OpenRock.
the class SessionService method cleanUpRemoteSessions.
/**
* function to remove remote sessions when primary server is up
*/
public void cleanUpRemoteSessions() {
if (serviceConfig.isUseInternalRequestRoutingEnabled()) {
synchronized (remoteSessionSet) {
for (Iterator iter = remoteSessionSet.iterator(); iter.hasNext(); ) {
SessionID sid = (SessionID) iter.next();
// getCurrentHostServer automatically releases local
// session replica if it does not belong locally
String hostServer = null;
try {
hostServer = getCurrentHostServer(sid);
} catch (Exception ex) {
}
// if session does not belong locally remove it
if (!serverConfig.isLocalServer(hostServer)) {
iter.remove();
}
}
}
}
}
Also used :
Iterator(java.util.Iterator)
SessionID(com.iplanet.dpro.session.SessionID)
DelegationException(com.sun.identity.delegation.DelegationException)
SSOException(com.iplanet.sso.SSOException)
InterruptedIOException(java.io.InterruptedIOException)
IdRepoException(com.sun.identity.idm.IdRepoException)
ConnectException(java.net.ConnectException)
SessionException(com.iplanet.dpro.session.SessionException)
CoreTokenException(org.forgerock.openam.cts.exceptions.CoreTokenException)
Example 45 with SessionID
use of com.iplanet.dpro.session.SessionID in project OpenAM by OpenRock.
the class SessionCount method getSessionsFromLocalServer.
/*
* Get user sessions from local server
*/
static Map<String, Long> getSessionsFromLocalServer(String uuid) {
Set<SessionID> sessions = (Set<SessionID>) uuidSessionMap.get(uuid);
Map<String, Long> retSessions = new HashMap<String, Long>();
if (sessions != null) {
synchronized (sessions) {
for (SessionID sid : sessions) {
InternalSession is = sessionService.getInternalSession(sid);
if (is != null) {
retSessions.put(sid.toString(), new Long(is.getExpirationTime()));
}
}
}
}
return retSessions;
}Aggregations
SessionID (com.iplanet.dpro.session.SessionID)105
Test (org.testng.annotations.Test)44
SessionException (com.iplanet.dpro.session.SessionException)31
SSOToken (com.iplanet.sso.SSOToken)23
InternalSession (com.iplanet.dpro.session.service.InternalSession)18
SSOException (com.iplanet.sso.SSOException)18
AuthContextLocalWrapper (org.forgerock.openam.core.rest.authn.core.wrappers.AuthContextLocalWrapper)17
HttpServletResponse (javax.servlet.http.HttpServletResponse)16
HttpServletRequest (javax.servlet.http.HttpServletRequest)15
Session (com.iplanet.dpro.session.Session)14
URL (java.net.URL)9
Map (java.util.Map)9
AuthLoginException (com.sun.identity.authentication.spi.AuthLoginException)8
IOException (java.io.IOException)5
HashMap (java.util.HashMap)5
SMSException (com.sun.identity.sm.SMSException)4
Token (org.forgerock.openam.cts.api.tokens.Token)4
SessionIDExtensions (com.iplanet.dpro.session.SessionIDExtensions)3
TokenRestriction (com.iplanet.dpro.session.TokenRestriction)3
SessionInfo (com.iplanet.dpro.session.share.SessionInfo)3
