Search in sources :

Example 6 with SSOTokenID

use of com.iplanet.sso.SSOTokenID in project OpenAM by OpenRock.

the class PolicySSOTokenListener method ssoTokenChanged.

/**
     *  Callback for SSOTokenListener
     *  Cleans up the policy decision cache, subject evaluation cache ,
     *  user role cache of LDAPRoles and user <code>nsRole</code> attribute 
     *  values cache upon user's token expiration.
     *  @param evt <code>SSOTokenEvent</code> with details on the change
     *         which happened to the <code>SSOToken</code>
     */
public void ssoTokenChanged(SSOTokenEvent evt) {
    try {
        SSOTokenID tokenId = evt.getToken().getTokenID();
        String tokenIdStr = tokenId.toString();
        if (tokenIdStr == null) {
            debug.error("PolicySSOTokenListener: " + "token id string is null");
            return;
        }
        // update the policy decision cache
        synchronized (PolicyEvaluator.policyResultsCache) {
            if (!(resultsCache.isEmpty())) {
                Set svcInCache = resultsCache.keySet();
                Iterator svcInCacheIter = svcInCache.iterator();
                while (svcInCacheIter.hasNext()) {
                    String svcName = (String) svcInCacheIter.next();
                    Map svcValue = (Map) resultsCache.get(svcName);
                    if ((svcValue != null) && (!(svcValue.isEmpty()))) {
                        Set rscInCache = svcValue.keySet();
                        Iterator rscInCacheIter = rscInCache.iterator();
                        while (rscInCacheIter.hasNext()) {
                            String rscName = (String) rscInCacheIter.next();
                            Map rscValues = (Map) svcValue.get(rscName);
                            if ((rscValues != null) && (!(rscValues.isEmpty()))) {
                                if ((rscValues.remove(tokenIdStr)) != null) {
                                    if (debug.messageEnabled()) {
                                        debug.message("cleaned up the " + "policy results for an " + "expired token " + tokenIdStr);
                                    }
                                }
                            }
                        }
                    }
                }
            }
        }
        //clean up userNSRoleCache
        PolicyEvaluator.userNSRoleCache.remove(tokenIdStr);
        if (debug.messageEnabled()) {
            debug.message("PolicySSOTokenListener.ssoTokenChanged():" + "cleaned up user nsRole cache for an expired token " + tokenIdStr);
        }
        // clean up the subject evaluation cache
        SubjectEvaluationCache.subjectEvaluationCache.remove(tokenIdStr);
        if (debug.messageEnabled()) {
            debug.message("PolicySSOTokenListener.ssoTokenChanged():" + "cleaned up subject evaluation cache for an expired token" + " " + tokenIdStr);
        }
        // clean up the user role cache from LDAPRoles
        LDAPRoles.userLDAPRoleCache.remove(tokenIdStr);
        if (debug.messageEnabled()) {
            debug.message("PolicySSOTokenListener.ssoTokenChanged()cleaned " + "up user role cache of LDAPRoles " + "for an expired token " + tokenIdStr);
        }
        // clean up subject result cache inside  Policy objects
        if (evt.getType() == SSOTokenEvent.SSO_TOKEN_PROPERTY_CHANGED) {
            if (debug.messageEnabled()) {
                debug.message("PolicySSOTokenListener.ssoTokenChanged():" + " receieved sso token property change notification, " + " clearing cached subject result cache " + " for tokenIdStr XXXXXX");
            }
            PolicyCache.getInstance().clearSubjectResultCache(tokenIdStr);
        }
        PolicyEvaluator.ssoListenerRegistry.remove(tokenIdStr);
    } catch (Exception e) {
        debug.error("PolicySSOTokenListener.ssoTokenChanged():policy sso " + "token listener", e);
    }
}
Also used : SSOTokenID(com.iplanet.sso.SSOTokenID) Set(java.util.Set) Iterator(java.util.Iterator) Map(java.util.Map)

Example 7 with SSOTokenID

use of com.iplanet.sso.SSOTokenID in project OpenAM by OpenRock.

the class SessionResourceTest method actionCollectionShouldValidateSessionAndReturnTrueWhenSSOTokenValid.

@Test
public void actionCollectionShouldValidateSessionAndReturnTrueWhenSSOTokenValid() throws SSOException {
    //Given
    cookieResponse = "SSO_TOKEN_ID";
    final SSOTokenContext tokenContext = mock(SSOTokenContext.class);
    final Context context = ClientContext.newInternalClientContext(tokenContext);
    final ActionRequest request = mock(ActionRequest.class);
    final SSOToken ssoToken = mock(SSOToken.class);
    final SSOTokenID ssoTokenId = mock(SSOTokenID.class);
    given(request.getAction()).willReturn(VALIDATE_ACTION_ID);
    given(tokenContext.getCallerSSOToken()).willReturn(ssoToken);
    given(ssoTokenManager.isValidToken(ssoToken)).willReturn(true);
    given(ssoToken.getTokenID()).willReturn(ssoTokenId);
    given(ssoTokenId.toString()).willReturn("SSO_TOKEN_ID");
    given(ssoTokenManager.createSSOToken(ssoTokenId.toString())).willReturn(ssoToken);
    //When
    Promise<ActionResponse, ResourceException> promise = sessionResource.actionCollection(context, request);
    //Then
    assertThat(promise).succeeded().withContent().booleanAt("valid").isTrue();
    assertThat(promise).succeeded().withContent().stringAt("uid").isEqualTo("demo");
    assertThat(promise).succeeded().withContent().stringAt("realm").isEqualTo("/");
}
Also used : RootContext(org.forgerock.services.context.RootContext) ClientContext(org.forgerock.services.context.ClientContext) RealmContext(org.forgerock.openam.rest.RealmContext) SessionContext(org.forgerock.http.session.SessionContext) SSOTokenContext(org.forgerock.openam.rest.resource.SSOTokenContext) AttributesContext(org.forgerock.services.context.AttributesContext) SecurityContext(org.forgerock.services.context.SecurityContext) Context(org.forgerock.services.context.Context) SSOTokenID(com.iplanet.sso.SSOTokenID) SSOToken(com.iplanet.sso.SSOToken) SSOTokenContext(org.forgerock.openam.rest.resource.SSOTokenContext) Test(org.testng.annotations.Test)

Example 8 with SSOTokenID

use of com.iplanet.sso.SSOTokenID in project OpenAM by OpenRock.

the class SessionResourceTest method actionCollectionShouldLogoutSessionAndReturnEmptyJsonObjectWhenSSOTokenValid.

@Test
public void actionCollectionShouldLogoutSessionAndReturnEmptyJsonObjectWhenSSOTokenValid() throws SSOException {
    //Given
    cookieResponse = "SSO_TOKEN_ID";
    final AttributesContext attrContext = new AttributesContext(new SessionContext(new RootContext(), mock(Session.class)));
    final AdviceContext adviceContext = new AdviceContext(attrContext, Collections.<String>emptySet());
    final SecurityContext securityContext = new SecurityContext(adviceContext, null, null);
    final Context context = ClientContext.newInternalClientContext(new SSOTokenContext(mock(Debug.class), null, securityContext));
    final ActionRequest request = mock(ActionRequest.class);
    final SSOTokenID ssoTokenId = mock(SSOTokenID.class);
    given(request.getAction()).willReturn(LOGOUT_ACTION_ID);
    given(authUtilsWrapper.logout(ssoTokenId.toString(), null, null)).willReturn(true);
    //When
    Promise<ActionResponse, ResourceException> promise = sessionResource.actionCollection(context, request);
    //Then
    assertThat(promise).succeeded().withContent().stringAt("result").isEqualTo("Successfully logged out");
}
Also used : RootContext(org.forgerock.services.context.RootContext) RootContext(org.forgerock.services.context.RootContext) ClientContext(org.forgerock.services.context.ClientContext) RealmContext(org.forgerock.openam.rest.RealmContext) SessionContext(org.forgerock.http.session.SessionContext) SSOTokenContext(org.forgerock.openam.rest.resource.SSOTokenContext) AttributesContext(org.forgerock.services.context.AttributesContext) SecurityContext(org.forgerock.services.context.SecurityContext) Context(org.forgerock.services.context.Context) SSOTokenID(com.iplanet.sso.SSOTokenID) AttributesContext(org.forgerock.services.context.AttributesContext) SSOTokenContext(org.forgerock.openam.rest.resource.SSOTokenContext) SecurityContext(org.forgerock.services.context.SecurityContext) SessionContext(org.forgerock.http.session.SessionContext) Test(org.testng.annotations.Test)

Example 9 with SSOTokenID

use of com.iplanet.sso.SSOTokenID in project OpenAM by OpenRock.

the class PersistentCookieAuthModuleTest method shouldStoreClientIPOnLoginSuccess.

@Test
public void shouldStoreClientIPOnLoginSuccess() throws AuthenticationException, SSOException {
    //Given
    MessageInfo messageInfo = mock(MessageInfo.class);
    HttpServletRequest request = mock(HttpServletRequest.class);
    HttpServletResponse response = mock(HttpServletResponse.class);
    SSOToken ssoToken = mock(SSOToken.class);
    Map<String, Object> messageInfoMap = new HashMap<String, Object>();
    Map<String, Object> contextMap = new HashMap<String, Object>();
    Principal principal = mock(Principal.class);
    SSOTokenID ssoTokenID = mock(SSOTokenID.class);
    given(messageInfo.getMap()).willReturn(messageInfoMap);
    messageInfoMap.put(AuthenticationFramework.ATTRIBUTE_AUTH_CONTEXT, contextMap);
    given(ssoToken.getPrincipal()).willReturn(principal);
    given(ssoToken.getTokenID()).willReturn(ssoTokenID);
    given(request.getRemoteAddr()).willReturn("CLIENT_IP");
    //When
    persistentCookieAuthModule.onLoginSuccess(messageInfo, Collections.emptyMap(), request, response, ssoToken);
    //Then
    assertEquals(contextMap.get("openam.clientip"), "CLIENT_IP");
}
Also used : HttpServletRequest(javax.servlet.http.HttpServletRequest) SSOTokenID(com.iplanet.sso.SSOTokenID) SSOToken(com.iplanet.sso.SSOToken) HashMap(java.util.HashMap) HttpServletResponse(javax.servlet.http.HttpServletResponse) Principal(java.security.Principal) MessageInfo(javax.security.auth.message.MessageInfo) Test(org.testng.annotations.Test)

Example 10 with SSOTokenID

use of com.iplanet.sso.SSOTokenID in project OpenAM by OpenRock.

the class PersistentCookieAuthModuleTest method shouldCallOnLoginSuccessWhenJwtNotValidated.

@Test
public void shouldCallOnLoginSuccessWhenJwtNotValidated() throws AuthenticationException, SSOException {
    //Given
    persistentCookieAuthModule = new PersistentCookieAuthModule(new ServletJwtSessionModule(), amKeyProvider, coreWrapper) {

        @Override
        protected String getKeyAlias(String orgName) throws SSOException, SMSException {
            return "KEY_ALIAS";
        }
    };
    MessageInfo messageInfo = mock(MessageInfo.class);
    Map requestParamsMap = new HashMap();
    HttpServletRequest request = mock(HttpServletRequest.class);
    HttpServletResponse response = mock(HttpServletResponse.class);
    SSOToken ssoToken = mock(SSOToken.class);
    Map<String, Object> map = new HashMap<String, Object>();
    given(messageInfo.getMap()).willReturn(map);
    Principal principal = mock(Principal.class);
    given(principal.getName()).willReturn("PRINCIPAL_NAME");
    SSOTokenID ssoTokenId = mock(SSOTokenID.class);
    given(ssoTokenId.toString()).willReturn("SSO_TOKEN_ID");
    given(ssoToken.getPrincipal()).willReturn(principal);
    given(ssoToken.getAuthType()).willReturn("AUTH_TYPE");
    given(ssoToken.getTokenID()).willReturn(ssoTokenId);
    given(ssoToken.getProperty("Organization")).willReturn("ORGANISATION");
    //When
    persistentCookieAuthModule.onLoginSuccess(messageInfo, requestParamsMap, request, response, ssoToken);
    //Then
    assertEquals(map.size(), 1);
    Map<String, Object> contextMap = (Map<String, Object>) map.get("org.forgerock.authentication.context");
    assertEquals(contextMap.get("openam.usr"), "PRINCIPAL_NAME");
    assertEquals(contextMap.get("openam.aty"), "AUTH_TYPE");
    assertEquals(contextMap.get("openam.sid"), "SSO_TOKEN_ID");
    assertEquals(contextMap.get("openam.rlm"), "ORGANISATION");
    assertEquals(contextMap.get("openam.clientip"), null);
}
Also used : SSOTokenID(com.iplanet.sso.SSOTokenID) SSOToken(com.iplanet.sso.SSOToken) SMSException(com.sun.identity.sm.SMSException) HashMap(java.util.HashMap) HttpServletResponse(javax.servlet.http.HttpServletResponse) SSOException(com.iplanet.sso.SSOException) MessageInfo(javax.security.auth.message.MessageInfo) HttpServletRequest(javax.servlet.http.HttpServletRequest) ServletJwtSessionModule(org.forgerock.jaspi.modules.session.jwt.ServletJwtSessionModule) HashMap(java.util.HashMap) Map(java.util.Map) Principal(java.security.Principal) Test(org.testng.annotations.Test)

Aggregations

SSOTokenID (com.iplanet.sso.SSOTokenID)16 Test (org.testng.annotations.Test)11 SSOToken (com.iplanet.sso.SSOToken)9 HttpServletRequest (javax.servlet.http.HttpServletRequest)7 HttpServletResponse (javax.servlet.http.HttpServletResponse)7 Map (java.util.Map)5 SSOException (com.iplanet.sso.SSOException)4 HashMap (java.util.HashMap)4 Principal (java.security.Principal)3 MessageInfo (javax.security.auth.message.MessageInfo)3 JsonValue (org.forgerock.json.JsonValue)3 LoginProcess (org.forgerock.openam.core.rest.authn.core.LoginProcess)3 AuthContextLocalWrapper (org.forgerock.openam.core.rest.authn.core.wrappers.AuthContextLocalWrapper)3 AttributesContext (org.forgerock.services.context.AttributesContext)3 Context (org.forgerock.services.context.Context)3 RootContext (org.forgerock.services.context.RootContext)3 SecurityContext (org.forgerock.services.context.SecurityContext)3 SessionID (com.iplanet.dpro.session.SessionID)2 SMSException (com.sun.identity.sm.SMSException)2 Iterator (java.util.Iterator)2