Example 1 with InternalSession
use of com.iplanet.dpro.session.service.InternalSession in project OpenAM by OpenRock.
the class JSONSerialisationTest method basicSessionSerializationWorks.
@Test
public void basicSessionSerializationWorks() throws Exception {
InternalSession is = new InternalSession();
String serialised = serialization.serialise(is);
assertThat(serialised).isNotNull().isEqualTo(getJSON("/json/basic-session.json"));
assertThat(is).isNotNull();
}
Also used :
InternalSession(com.iplanet.dpro.session.service.InternalSession)
Test(org.testng.annotations.Test)
Example 2 with InternalSession
use of com.iplanet.dpro.session.service.InternalSession in project OpenAM by OpenRock.
the class JSONSerialisationTest method internalSessionDeserialisationWorks.
@Test(dataProvider = "complex")
public void internalSessionDeserialisationWorks(String path) throws Exception {
InternalSession is = serialization.deserialise(getJSON(path), InternalSession.class);
assertThat(is).isNotNull();
assertThat(is.getID()).isNotNull();
assertThat(Collections.list(is.getPropertyNames())).hasSize(23);
assertThat(is.getSessionHandle()).isNotNull();
}
Also used :
InternalSession(com.iplanet.dpro.session.service.InternalSession)
Test(org.testng.annotations.Test)
Example 3 with InternalSession
use of com.iplanet.dpro.session.service.InternalSession in project OpenAM by OpenRock.
the class WebServiceAuthenticatorImpl method authenticate.
/**
* Authenticates a web service using its certificates.
*
* @param message a Message object that needs authentication.
* @param request the HttpServletRequest object that comes from the web
* service
* @return a SSOToken Object for the valid certificates after
* successful authentication or null if authentication fails.
*/
public Object authenticate(Message message, Subject subject, Map state, HttpServletRequest request) {
List certs = null;
X509Certificate clientCert = message.getPeerCertificate();
if (clientCert != null) {
// SSL client auth certificate
certs = new ArrayList(2);
certs.add(clientCert);
}
X509Certificate messageCert = message.getMessageCertificate();
if (messageCert != null) {
if (certs == null) {
certs = new ArrayList(1);
}
certs.add(messageCert);
}
String principal = null;
StringBuffer principalsSB = null;
if (certs == null) {
principal = ANONYMOUS_PRINCIPAL;
} else {
Set principalsSet = new HashSet(6);
for (Iterator iter = certs.iterator(); iter.hasNext(); ) {
X509Certificate cert = (X509Certificate) iter.next();
if (debug.messageEnabled()) {
debug.message("WebServiceAuthenticatorImpl.authenticate: cert = " + cert);
}
String subjectDN = CertUtils.getSubjectName(cert);
if (principal == null) {
principal = subjectDN;
} else if (!principal.equals(subjectDN)) {
principalsSet.add(subjectDN);
}
String issuerDN = CertUtils.getIssuerName(cert);
principalsSet.add(issuerDN);
}
principalsSB = new StringBuffer(50);
for (Iterator iter = principalsSet.iterator(); iter.hasNext(); ) {
String str = (String) iter.next();
if (principalsSB.length() == 0) {
principalsSB.append(str);
} else {
principalsSB.append("|").append(str);
}
}
}
if (debug.messageEnabled()) {
debug.message("WebServiceAuthenticatorImpl.authenticate" + ": principal = " + principal + ", principals = " + principalsSB);
}
String authMech = message.getAuthenticationMechanism();
String cacheKey = authMech + " " + principal;
if (debug.messageEnabled()) {
debug.message("WebServiceAuthenticatorImpl.authenticate" + ": cacheKey = " + cacheKey);
}
SSOToken ssoToken = null;
ssoToken = (SSOToken) ssoTokenCache.get(cacheKey);
if (ssoToken != null) {
if (ssoTokenManager.isValidToken(ssoToken)) {
if (debug.messageEnabled()) {
debug.message("WebServiceAuthenticatorImpl." + "authenticate: found ssoToken in cache");
}
return ssoToken;
}
if (debug.messageEnabled()) {
debug.message("WebServiceAuthenticatorImpl." + "authenticate: ssoToken in cache expired");
}
synchronized (ssoTokenCache) {
ssoTokenCache.remove(cacheKey);
}
ssoToken = null;
}
String authInstant = null;
try {
InternalSession is = InjectorHolder.getInstance(SessionService.class).newInternalSession(null, null, false);
is.activate("");
Map attrs = sessionSchema.getAttributeDefaults();
is.setMaxSessionTime(CollectionHelper.getIntMapAttr(attrs, MAX_SESSION_TIME, DEFAULT_MAX_SESSION_TIME, debug));
is.setMaxIdleTime(CollectionHelper.getIntMapAttr(attrs, IDLE_TIME, DEFAULT_IDLE_TIME, debug));
is.setMaxCachingTime(CollectionHelper.getIntMapAttr(attrs, CACHE_TIME, DEFAULT_CACHE_TIME, debug));
is.putProperty(AUTH_TYPE_PROP, message.getAuthenticationMechanism());
authInstant = DateUtils.toUTCDateFormat(new Date());
is.putProperty(AUTH_INSTANT_PROP, authInstant);
ssoToken = SSOTokenManager.getInstance().createSSOToken(is.getID().toString());
} catch (Exception ex) {
debug.error("WebServiceAuthenticatorImpl.authenticate: " + "Unable to get SSOToken", ex);
}
if (ssoToken == null) {
return null;
}
try {
ssoToken.setProperty(PRINCIPAL_PROP, principal);
if (principalsSB != null) {
ssoToken.setProperty(PRINCIPALS_PROP, principalsSB.toString());
}
if (authInstant != null) {
ssoToken.setProperty(AUTH_INSTANT_PROP, authInstant);
}
ssoToken.setProperty(AUTH_TYPE_PROP, message.getAuthenticationMechanism());
SSOTokenManager.getInstance().refreshSession(ssoToken);
ssoTokenCache.put(cacheKey, ssoToken);
} catch (Exception ex) {
debug.error("WebServiceAuthenticatorImpl.authenticate: " + "Unable to set SSOToken property", ex);
return null;
}
return ssoToken;
}
Also used :
HashSet(java.util.HashSet)
Set(java.util.Set)
SSOToken(com.iplanet.sso.SSOToken)
ArrayList(java.util.ArrayList)
X509Certificate(java.security.cert.X509Certificate)
Date(java.util.Date)
SessionService(com.iplanet.dpro.session.service.SessionService)
InternalSession(com.iplanet.dpro.session.service.InternalSession)
Iterator(java.util.Iterator)
ArrayList(java.util.ArrayList)
List(java.util.List)
Map(java.util.Map)
HashSet(java.util.HashSet)
Example 4 with InternalSession
use of com.iplanet.dpro.session.service.InternalSession in project OpenAM by OpenRock.
the class LoginViewBean method getDisplayURL.
/**
* Returns display url for auth auth Login UI
*
* @return display url for auth auth Login UI
*/
public String getDisplayURL() {
loginDebug.message("In getDisplayURL()");
// and customers want to use login failed url
if ((redirect_url != null) && (redirect_url.length() != 0)) {
jsp_page = "Redirect.jsp";
} else if ((errorTemplate != null) && (errorTemplate.length() != 0)) {
jsp_page = errorTemplate;
} else if ((ErrorMessage != null) && (ErrorMessage.length() != 0)) {
jsp_page = "Message.jsp";
} else if ((pageTemplate != null) && (pageTemplate.length() != 0)) {
if (loginDebug.messageEnabled()) {
loginDebug.message("Using module Template : " + pageTemplate);
}
jsp_page = pageTemplate;
} else {
jsp_page = "Login.jsp";
}
jsp_page = getFileName(jsp_page);
if (ac != null) {
InternalSession oldSession = AuthUtils.getOldSession(ac);
if (loginDebug.messageEnabled()) {
loginDebug.message("Previous Session : " + oldSession);
}
if (ac.getStatus() == AuthContext.Status.SUCCESS) {
response.setHeader("X-AuthErrorCode", "0");
if (ac.getLoginState().getForceFlag()) {
if (loginDebug.messageEnabled()) {
loginDebug.message("Forced Auth Succeed. " + "Restoring updated session");
}
clearCookieAndDestroySession(ac);
if (oldSession != null) {
ac.getLoginState().setSession(oldSession);
}
} else {
if (AuthUtils.isCookieSupported(ac)) {
setCookie();
clearCookie(AuthUtils.getAuthCookieName());
}
try {
if (oldSession != null) {
if (loginDebug.messageEnabled()) {
loginDebug.message("Destroy the " + "original session Successful!");
}
AuthD authD = AuthD.getAuth();
authD.destroySession(oldSession.getID());
}
} catch (Exception e) {
if (loginDebug.messageEnabled()) {
loginDebug.message("Destroy " + "original session Failed! " + e.getMessage());
}
}
}
} else if (ac.getStatus() == AuthContext.Status.FAILED) {
if (loginDebug.messageEnabled()) {
loginDebug.message("Destroy Session! for ac : " + ac);
}
if (AuthUtils.isSessionUpgrade(ac)) {
// clear cookie ,destroy failed session
clearCookieAndDestroySession(ac);
loginDebug.message("Session upgrade - Restoring original Session!");
if (oldSession != null) {
ac.getLoginState().setSession(oldSession);
}
loginDebug.message("Original session restored successful!");
} else {
// clear cookie ,destroy failed session
clearCookieAndDestroySession(ac);
if (oldSession != null) {
loginDebug.message("Destroy existing/old valid session");
AuthD authD = AuthD.getAuth();
authD.destroySession(oldSession.getID());
}
}
loginDebug.message("Login failure, current session destroyed!");
}
}
return AuthUtils.encodeURL(jsp_page, ac, response);
}
Also used :
InternalSession(com.iplanet.dpro.session.service.InternalSession)
AuthD(com.sun.identity.authentication.service.AuthD)
ModelControlException(com.iplanet.jato.model.ModelControlException)
AuthLoginException(com.sun.identity.authentication.spi.AuthLoginException)
SSOException(com.iplanet.sso.SSOException)
IOException(java.io.IOException)
Example 5 with InternalSession
use of com.iplanet.dpro.session.service.InternalSession in project OpenAM by OpenRock.
the class LoginViewBean method getLoginDisplay.
protected void getLoginDisplay() throws Exception {
loginDebug.message("In getLoginDisplay()");
if (!bAuthLevel) {
prepareLoginParams();
}
if (loginDebug.messageEnabled()) {
loginDebug.message("Login Parameters : IndexType = " + indexType + " IndexName = " + indexName);
}
try {
if (indexType != null) {
if (indexType.equals(AuthContext.IndexType.RESOURCE)) {
ac.login(indexType, indexName, envMap, null);
} else {
ac.login(indexType, indexName);
}
} else {
ac.login();
}
} catch (AuthLoginException le) {
loginDebug.message("AuthContext()::login error ", le);
if ((ac.getStatus() == AuthContext.Status.RESET) || (ac.getStatus() == AuthContext.Status.ORG_MISMATCH)) {
loginDebug.message("getLoginDisplay(): Destroying current session!");
InternalSession oldSession = AuthUtils.getOldSession(ac);
if (AuthUtils.isSessionUpgrade(ac)) {
clearCookieAndDestroySession(ac);
loginDebug.message("getLoginDisplay(): Session upgrade - " + " Restoring original Session!");
if (oldSession != null) {
ac.getLoginState().setSession(oldSession);
String redirect_url = AuthUtils.getSuccessURL(request, ac);
if (loginDebug.messageEnabled()) {
loginDebug.message("Session Upgrade - redirect_url : " + redirect_url);
}
response.sendRedirect(redirect_url);
}
forward = false;
} else {
clearCookieAndDestroySession(ac);
if (oldSession != null) {
loginDebug.message("Destroy existing/old valid session");
AuthD authD = AuthD.getAuth();
authD.destroySession(oldSession.getID());
}
ac = null;
handleAuthLoginException(le);
}
} else {
handleAuthLoginException(le);
}
return;
}
try {
// Get the information requested by the respective auth module
if (ac.hasMoreRequirements()) {
loginDebug.message("In getLoginDisplay, has More Requirements");
callbacks = ac.getRequirements();
for (int i = 0; i < callbacks.length; i++) {
if (callbacks[i] instanceof HttpCallback) {
processHttpCallback((HttpCallback) callbacks[i]);
return;
} else if (callbacks[i] instanceof RedirectCallback) {
processRedirectCallback((RedirectCallback) callbacks[i]);
return;
} else if (!bAuthLevel && !newOrgExist) {
// Auth Level login will never do one page login.
if (callbacks[i] instanceof NameCallback) {
if (reqDataHash.get(TOKEN + Integer.toString(i)) != null) {
onePageLogin = true;
break;
} else if (reqDataHash.get(TOKEN_OLD + Integer.toString(i)) != null) {
onePageLogin = true;
break;
}
} else if (callbacks[i] instanceof PasswordCallback) {
if (reqDataHash.get(TOKEN + Integer.toString(i)) != null) {
onePageLogin = true;
break;
} else if (reqDataHash.get(TOKEN_OLD + Integer.toString(i)) != null) {
onePageLogin = true;
break;
}
} else if (callbacks[i] instanceof ChoiceCallback) {
if (reqDataHash.get(TOKEN + Integer.toString(i)) != null) {
onePageLogin = true;
break;
} else if (reqDataHash.get(TOKEN_OLD + Integer.toString(i)) != null) {
onePageLogin = true;
break;
}
} else if (callbacks[i] instanceof ConfirmationCallback) {
if (reqDataHash.get(BUTTON) != null) {
onePageLogin = true;
break;
} else if (reqDataHash.get(BUTTON_OLD) != null) {
onePageLogin = true;
break;
}
}
}
}
if (onePageLogin && AuthUtils.isZeroPageLoginAllowed(ac.getLoginState().getZeroPageLoginConfig(), request)) {
// user input login info in URL
loginDebug.message("User input login information in URL!");
processLoginDisplay();
} else {
addLoginCallbackMessage(callbacks);
if (!LoginFail) {
//if the login already failed, then LoginState is already
//nullified, hence any attempt of calling this method
//the errormessage/code/template should be already set
//so a proper error page is shown.
AuthUtils.setCallbacksPerState(ac, pageState, callbacks);
}
}
} else {
if (loginDebug.messageEnabled()) {
loginDebug.message("No more Requirements in getLoginDisplay");
loginDebug.message("Status is : " + ac.getStatus());
}
if (ac.getStatus() == AuthContext.Status.SUCCESS) {
LoginSuccess = true;
ResultVal = rb.getString("authentication.successful");
/*
* redirect to 'goto' parameter or SPI hook or default
* redirect URL.
*/
redirect_url = AuthUtils.getLoginSuccessURL(ac);
if ((redirect_url != null) && (redirect_url.length() != 0)) {
if (loginDebug.messageEnabled()) {
loginDebug.message("LoginSuccessURL in getLoginDisplay " + "(in case of successful auth) : " + redirect_url);
}
}
} else if (ac.getStatus() == AuthContext.Status.FAILED) {
handleAuthLoginException(null);
/*
* redirect to 'goto' parameter or SPI hook or default
* redirect URL.
*/
redirect_url = AuthUtils.getLoginFailedURL(ac);
if ((redirect_url != null) && (redirect_url.length() != 0)) {
if (loginDebug.messageEnabled()) {
loginDebug.message("LoginFailedURL in getLoginDisplay : " + redirect_url);
}
}
} else {
/*
* redirect to 'goto' parameter or SPI hook or default
* redirect URL.
*/
redirect_url = AuthUtils.getLoginFailedURL(ac);
if (loginDebug.warningEnabled()) {
loginDebug.warning("Login Status is " + ac.getStatus() + " - redirect to loginFailedURL : " + redirect_url);
}
setErrorMessage(null);
}
}
} catch (Exception e) {
setErrorMessage(e);
throw new L10NMessageImpl(bundleName, "loginDisplay.get", new Object[] { e.getMessage() });
}
}
Also used :
RedirectCallback(com.sun.identity.authentication.spi.RedirectCallback)
ConfirmationCallback(javax.security.auth.callback.ConfirmationCallback)
L10NMessageImpl(com.sun.identity.shared.locale.L10NMessageImpl)
HttpCallback(com.sun.identity.authentication.spi.HttpCallback)
AuthLoginException(com.sun.identity.authentication.spi.AuthLoginException)
ModelControlException(com.iplanet.jato.model.ModelControlException)
AuthLoginException(com.sun.identity.authentication.spi.AuthLoginException)
SSOException(com.iplanet.sso.SSOException)
IOException(java.io.IOException)
ChoiceCallback(javax.security.auth.callback.ChoiceCallback)
NameCallback(javax.security.auth.callback.NameCallback)
InternalSession(com.iplanet.dpro.session.service.InternalSession)
AuthD(com.sun.identity.authentication.service.AuthD)
PasswordCallback(javax.security.auth.callback.PasswordCallback)
Aggregations
InternalSession (com.iplanet.dpro.session.service.InternalSession)42
SessionID (com.iplanet.dpro.session.SessionID)17
Test (org.testng.annotations.Test)16
SSOException (com.iplanet.sso.SSOException)10
AuthLoginException (com.sun.identity.authentication.spi.AuthLoginException)10
SSOToken (com.iplanet.sso.SSOToken)9
Token (org.forgerock.openam.cts.api.tokens.Token)8
SessionException (com.iplanet.dpro.session.SessionException)6
SSOTokenManager (com.iplanet.sso.SSOTokenManager)5
IOException (java.io.IOException)5
ModelControlException (com.iplanet.jato.model.ModelControlException)4
Map (java.util.Map)4
Session (com.iplanet.dpro.session.Session)3
AuthContextLocal (com.sun.identity.authentication.server.AuthContextLocal)3
AuthD (com.sun.identity.authentication.service.AuthD)3
SessionInfo (com.iplanet.dpro.session.share.SessionInfo)2
AuthException (com.sun.identity.authentication.service.AuthException)2
InvalidPasswordException (com.sun.identity.authentication.spi.InvalidPasswordException)2
ISLocaleContext (com.sun.identity.common.ISLocaleContext)2
SMSException (com.sun.identity.sm.SMSException)2
