Example 6 with SessionResponse
use of com.iplanet.dpro.session.share.SessionResponse in project OpenAM by OpenRock.
the class SessionRequestHandler method processSessionRequest.
private SessionResponse processSessionRequest(PLLAuditor auditor, SessionRequest req, HttpServletRequest servletRequest, HttpServletResponse servletResponse) {
SessionResponse res = new SessionResponse(req.getRequestID(), req.getMethodID());
SessionID sid = new SessionID(req.getSessionID());
Session requesterSession = null;
try {
/* common processing by groups of methods */
switch(req.getMethodID()) {
/*
* in this group of methods the request is targeting either all
* LOCAL sessions or a single local session identified by another
* request parameter sid in this case is only used to authenticate
* the operation Session pointed by sid is not expected to be local
* to this server (although it might)
*/
case SessionRequest.GetValidSessions:
case SessionRequest.AddSessionListenerOnAllSessions:
case SessionRequest.GetSessionCount:
/*
* note that the purpose of the following is just to check the
* authentication of the caller (which can also be used as a
* filter for the operation scope!)
*/
requesterSession = sessionCache.getSession(sid);
auditAccessAttempt(auditor, requesterSession);
/*
* also check that sid is not a restricted token
*/
if (requesterSession.getProperty(TOKEN_RESTRICTION_PROP) != null) {
res.setException(sid + " " + SessionBundle.getString("noPrivilege"));
return res;
}
break;
/*
* In this group request is targeting a single session identified by
* sid which is supposed to be hosted by this server instance sid is
* used both as an id of a session and to authenticate the operation
* (performed on own session)
*/
case SessionRequest.GetSession:
case SessionRequest.Logout:
case SessionRequest.AddSessionListener:
case SessionRequest.SetProperty:
case SessionRequest.DestroySession:
if (req.getMethodID() == SessionRequest.DestroySession) {
requesterSession = sessionCache.getSession(sid);
auditAccessAttempt(auditor, requesterSession);
/*
* also check that sid is not a restricted token
*/
if (requesterSession.getProperty(TOKEN_RESTRICTION_PROP) != null) {
res.setException(sid + " " + SessionBundle.getString("noPrivilege"));
return res;
}
sid = new SessionID(req.getDestroySessionID());
} else {
try {
auditAccessAttempt(auditor, sessionCache.getSession(sid));
} catch (SessionException ignored) {
// ignore, we'll log the access attempt without session properties
auditor.auditAccessAttempt();
}
}
if (req.getMethodID() == SessionRequest.SetProperty) {
/*
* This fix is to avoid clients sneaking in to set
* protected properties in server-2 or so through
* server-1. Short circuit this operation without
* forwarding it further.
*/
try {
SessionUtils.checkPermissionToSetProperty(this.clientToken, req.getPropertyName(), req.getPropertyValue());
} catch (SessionException se) {
if (sessionDebug.warningEnabled()) {
sessionDebug.warning("SessionRequestHandler.processRequest:" + "Client does not have permission to set" + " - property key = " + req.getPropertyName() + " : property value = " + req.getPropertyValue());
}
res.setException(sid + " " + SessionBundle.getString("noPrivilege"));
return res;
}
}
if (!serviceConfig.isSessionFailoverEnabled()) {
// TODO check how this behaves in non-session failover case
URL originService = SESSION_SERVICE_URL_SERVICE.getSessionServiceURL(sid);
if (!serverConfig.isLocalSessionService(originService)) {
if (!serverConfig.isSiteEnabled()) {
String siteID = sid.getExtension().getSiteID();
if (siteID != null) {
String primaryID = sid.getExtension().getPrimaryID();
String localServerID = serverConfig.getLocalServerID();
if ((primaryID != null) && (localServerID != null)) {
if (primaryID.equals(localServerID)) {
throw new SessionException("invalid session id");
}
}
}
} else {
return forward(originService, req);
}
}
} else {
if (serviceConfig.isUseInternalRequestRoutingEnabled()) {
// first try
String hostServerID = sessionService.getCurrentHostServer(sid);
if (!serverConfig.isLocalServer(hostServerID)) {
try {
return forward(SESSION_SERVICE_URL_SERVICE.getSessionServiceURL(hostServerID), req);
} catch (SessionException se) {
// attempt retry
if (!sessionService.checkServerUp(hostServerID)) {
// proceed with failover
String retryHostServerID = sessionService.getCurrentHostServer(sid);
if (retryHostServerID.equals(hostServerID)) {
throw se;
} else {
// case
if (!serverConfig.isLocalServer(retryHostServerID)) {
return forward(SESSION_SERVICE_URL_SERVICE.getSessionServiceURL(retryHostServerID), req);
}
}
} else {
throw se;
}
}
}
} else {
// iplanet-am-session-sfo-enabled=true (in direct contradiction to SMS property with same name)
throw new AssertionError("Unreachable code");
}
/*
* if session is not already present locally attempt to
* recover session if in failover mode
*/
if (!sessionService.isSessionPresent(sid)) {
if (sessionService.recoverSession(sid) == null) {
/*
* if not in failover mode or recovery was not
* successful return an exception
*/
/*
* !!!!! IMPORTANT !!!!! DO NOT REMOVE "sid" FROM
* EXCEPTIONMESSAGE Logic kludge in legacy Agent 2.0
* code will break If it can not find SID value in
* the exception message returned by Session
* Service. This dependency should be eventually
* removed once we migrate customers to a newer
* agent code base or switch to a new version of
* Session Service interface
*/
res.setException(sid + " " + SessionBundle.getString("sessionNotObtained"));
return res;
}
}
}
break;
default:
res.setException(sid + " " + SessionBundle.getString("unknownRequestMethod"));
return res;
}
/*
* request method-specific processing
*/
switch(req.getMethodID()) {
case SessionRequest.GetSession:
res.addSessionInfo(sessionService.getSessionInfo(sid, req.getResetFlag()));
break;
case SessionRequest.GetValidSessions:
String pattern = req.getPattern();
List<SessionInfo> infos = null;
int[] status = { 0 };
infos = sessionService.getValidSessions(requesterSession, pattern, status);
res.setStatus(status[0]);
res.setSessionInfo(infos);
break;
case SessionRequest.DestroySession:
sessionService.destroySession(requesterSession, new SessionID(req.getDestroySessionID()));
break;
case SessionRequest.Logout:
sessionService.logout(sid);
break;
case SessionRequest.AddSessionListener:
sessionService.addSessionListener(sid, req.getNotificationURL());
break;
case SessionRequest.AddSessionListenerOnAllSessions:
/**
* Cookie Hijacking fix to disable adding of Notification
* Listener for ALL the sessions over the network to the server
* instance specified by Notification URL This property can be
* added and set in the AMConfig.properties file should there be
* a need to add Notification Listener to ALL the sessions. The
* default value of this property is FALSE
*/
if (getEnableAddListenerOnAllSessions()) {
sessionService.addSessionListenerOnAllSessions(requesterSession, req.getNotificationURL());
}
break;
case SessionRequest.SetProperty:
sessionService.setExternalProperty(this.clientToken, sid, req.getPropertyName(), req.getPropertyValue());
break;
case SessionRequest.GetSessionCount:
String uuid = req.getUUID();
Object sessions = SessionCount.getSessionsFromLocalServer(uuid);
if (sessions != null) {
res.setSessionsForGivenUUID((Map) sessions);
}
break;
default:
res.setException(sid + " " + SessionBundle.getString("unknownRequestMethod"));
break;
}
} catch (SessionException se) {
sessionDebug.message("processSessionRequest caught exception: {}", se.getMessage(), se);
res.setException(sid + " " + se.getMessage());
}
return res;
}
Also used :
SessionException(com.iplanet.dpro.session.SessionException)
SessionInfo(com.iplanet.dpro.session.share.SessionInfo)
SessionResponse(com.iplanet.dpro.session.share.SessionResponse)
SessionID(com.iplanet.dpro.session.SessionID)
URL(java.net.URL)
Session(com.iplanet.dpro.session.Session)
Example 7 with SessionResponse
use of com.iplanet.dpro.session.share.SessionResponse in project OpenAM by OpenRock.
the class SessionCount method getSessionResponse.
private static SessionResponse getSessionResponse(URL svcurl, SessionRequest sreq) throws SessionException {
try {
Object context = RestrictedTokenContext.getCurrent();
if (context != null) {
sreq.setRequester(RestrictedTokenContext.marshal(context));
}
SessionResponse sres = sessionPLLSender.sendPLLRequest(svcurl, sreq);
if (sres.getException() != null) {
throw new SessionException(sres.getException());
}
return sres;
} catch (SessionException se) {
throw se;
} catch (Exception e) {
throw new SessionException(e);
}
}
Also used :
SessionException(com.iplanet.dpro.session.SessionException)
SessionResponse(com.iplanet.dpro.session.share.SessionResponse)
SessionException(com.iplanet.dpro.session.SessionException)
Example 8 with SessionResponse
use of com.iplanet.dpro.session.share.SessionResponse in project OpenAM by OpenRock.
the class RemoteSessionQuery method getSessionResponse.
/**
* Performs the Session Request and waits for the response.
*
* @param svcurl URL Non null to perform the request against.
*
* @param sreq Non null Session Request.
*
* @return A SessionResponse containing the response from the remote server.
*
* @throws SessionException
*/
private SessionResponse getSessionResponse(URL svcurl, SessionRequest sreq) throws SessionException {
try {
Object context = RestrictedTokenContext.getCurrent();
if (context != null) {
sreq.setRequester(RestrictedTokenContext.marshal(context));
}
SessionResponse sres = sessionPllSender.sendPLLRequest(svcurl, sreq);
if (sres.getException() != null) {
throw new SessionException(sres.getException());
}
return sres;
} catch (SessionException se) {
throw se;
} catch (Exception e) {
throw new SessionException(e);
}
}
Also used :
SessionException(com.iplanet.dpro.session.SessionException)
SessionResponse(com.iplanet.dpro.session.share.SessionResponse)
SessionException(com.iplanet.dpro.session.SessionException)
Example 9 with SessionResponse
use of com.iplanet.dpro.session.share.SessionResponse in project OpenAM by OpenRock.
the class RemoteSessionQuery method getAllSessions.
/**
* Generates a SessionRequest and uses this to query the remote server.
*
* @return Non null but possibly empty collection of Sessions. If the server is down, then this will
* also return no sessions.
*/
public Collection<SessionInfo> getAllSessions() {
List<SessionInfo> sessions = new LinkedList<SessionInfo>();
try {
URL svcurl = sessionServiceUrlService.getSessionServiceURL(serverId);
SSOToken adminToken = getAdminToken();
String sid = adminToken.getTokenID().toString();
SessionRequest sreq = new SessionRequest(SessionRequest.GetValidSessions, sid, false);
SessionResponse sres = getSessionResponse(svcurl, sreq);
List<SessionInfo> infoList = sres.getSessionInfo();
if (debug.messageEnabled()) {
debug.message(MessageFormat.format("Query returned {0} SessionInfos.", infoList.size()));
}
sessions.addAll(infoList);
} catch (SessionException e) {
debug.warning("Failed to fetch sessions from " + serverId, e);
}
return sessions;
}
Also used :
SSOToken(com.iplanet.sso.SSOToken)
SessionInfo(com.iplanet.dpro.session.share.SessionInfo)
SessionException(com.iplanet.dpro.session.SessionException)
SessionResponse(com.iplanet.dpro.session.share.SessionResponse)
LinkedList(java.util.LinkedList)
URL(java.net.URL)
SessionRequest(com.iplanet.dpro.session.share.SessionRequest)
Example 10 with SessionResponse
use of com.iplanet.dpro.session.share.SessionResponse in project OpenAM by OpenRock.
the class Session method getValidSessions.
/**
* Returns all the valid sessions for a particular Session Service URL. If a
* user is not allowed to access the Sessions of the input Session Server,
* it will return null.
*
* @param svcurl Session Service URL.
* @exception SessionException
*/
private SearchResults getValidSessions(URL svcurl, String pattern) throws SessionException {
try {
int[] status = { 0 };
List<SessionInfo> infos = null;
boolean isLocal = false;
if (sessionService != null && sessionService.isLocalSessionService(svcurl)) {
infos = sessionService.getValidSessions(this, pattern, status);
isLocal = true;
} else {
SessionRequest sreq = new SessionRequest(SessionRequest.GetValidSessions, sessionID.toString(), false);
if (pattern != null) {
sreq.setPattern(pattern);
}
SessionResponse sres = requests.getSessionResponseWithRetry(svcurl, sreq, this);
infos = sres.getSessionInfo();
status[0] = sres.getStatus();
}
Map<String, Session> sessions = new HashMap<String, Session>();
Session session = null;
for (SessionInfo info : infos) {
SessionID sid = new SessionID(info.getSessionID());
session = new Session(sid, isLocal);
session.sessionServiceURL = svcurl;
session.update(info);
sessions.put(info.getSessionID(), session);
}
return new SearchResults(sessions.size(), sessions.keySet(), status[0], sessions);
} catch (Exception ex) {
sessionDebug.error("Session:getValidSession : ", ex);
throw new SessionException(SessionBundle.rbName, "getValidSessionsError", null);
}
}
Also used :
HashMap(java.util.HashMap)
SessionInfo(com.iplanet.dpro.session.share.SessionInfo)
SearchResults(com.sun.identity.common.SearchResults)
SessionRequest(com.iplanet.dpro.session.share.SessionRequest)
ThreadPoolException(com.iplanet.am.util.ThreadPoolException)
SSOException(com.iplanet.sso.SSOException)
SessionResponse(com.iplanet.dpro.session.share.SessionResponse)
Aggregations
SessionResponse (com.iplanet.dpro.session.share.SessionResponse)12
SessionException (com.iplanet.dpro.session.SessionException)10
SessionRequest (com.iplanet.dpro.session.share.SessionRequest)7
SessionInfo (com.iplanet.dpro.session.share.SessionInfo)5
SessionID (com.iplanet.dpro.session.SessionID)3
SSOToken (com.iplanet.sso.SSOToken)3
URL (java.net.URL)3
Response (com.iplanet.services.comm.share.Response)2
HashMap (java.util.HashMap)2
ThreadPoolException (com.iplanet.am.util.ThreadPoolException)1
Session (com.iplanet.dpro.session.Session)1
Request (com.iplanet.services.comm.share.Request)1
RequestSet (com.iplanet.services.comm.share.RequestSet)1
SSOException (com.iplanet.sso.SSOException)1
SSOTokenManager (com.iplanet.sso.SSOTokenManager)1
SearchResults (com.sun.identity.common.SearchResults)1
RestrictedTokenAction (com.sun.identity.session.util.RestrictedTokenAction)1
HashSet (java.util.HashSet)1
Iterator (java.util.Iterator)1
LinkedList (java.util.LinkedList)1
