Example 6 with SSOTokenID
use of com.iplanet.sso.SSOTokenID in project OpenAM by OpenRock.
the class PolicySSOTokenListener method ssoTokenChanged.
/**
* Callback for SSOTokenListener
* Cleans up the policy decision cache, subject evaluation cache ,
* user role cache of LDAPRoles and user <code>nsRole</code> attribute
* values cache upon user's token expiration.
* @param evt <code>SSOTokenEvent</code> with details on the change
* which happened to the <code>SSOToken</code>
*/
public void ssoTokenChanged(SSOTokenEvent evt) {
try {
SSOTokenID tokenId = evt.getToken().getTokenID();
String tokenIdStr = tokenId.toString();
if (tokenIdStr == null) {
debug.error("PolicySSOTokenListener: " + "token id string is null");
return;
}
// update the policy decision cache
synchronized (PolicyEvaluator.policyResultsCache) {
if (!(resultsCache.isEmpty())) {
Set svcInCache = resultsCache.keySet();
Iterator svcInCacheIter = svcInCache.iterator();
while (svcInCacheIter.hasNext()) {
String svcName = (String) svcInCacheIter.next();
Map svcValue = (Map) resultsCache.get(svcName);
if ((svcValue != null) && (!(svcValue.isEmpty()))) {
Set rscInCache = svcValue.keySet();
Iterator rscInCacheIter = rscInCache.iterator();
while (rscInCacheIter.hasNext()) {
String rscName = (String) rscInCacheIter.next();
Map rscValues = (Map) svcValue.get(rscName);
if ((rscValues != null) && (!(rscValues.isEmpty()))) {
if ((rscValues.remove(tokenIdStr)) != null) {
if (debug.messageEnabled()) {
debug.message("cleaned up the " + "policy results for an " + "expired token " + tokenIdStr);
}
}
}
}
}
}
}
}
//clean up userNSRoleCache
PolicyEvaluator.userNSRoleCache.remove(tokenIdStr);
if (debug.messageEnabled()) {
debug.message("PolicySSOTokenListener.ssoTokenChanged():" + "cleaned up user nsRole cache for an expired token " + tokenIdStr);
}
// clean up the subject evaluation cache
SubjectEvaluationCache.subjectEvaluationCache.remove(tokenIdStr);
if (debug.messageEnabled()) {
debug.message("PolicySSOTokenListener.ssoTokenChanged():" + "cleaned up subject evaluation cache for an expired token" + " " + tokenIdStr);
}
// clean up the user role cache from LDAPRoles
LDAPRoles.userLDAPRoleCache.remove(tokenIdStr);
if (debug.messageEnabled()) {
debug.message("PolicySSOTokenListener.ssoTokenChanged()cleaned " + "up user role cache of LDAPRoles " + "for an expired token " + tokenIdStr);
}
// clean up subject result cache inside Policy objects
if (evt.getType() == SSOTokenEvent.SSO_TOKEN_PROPERTY_CHANGED) {
if (debug.messageEnabled()) {
debug.message("PolicySSOTokenListener.ssoTokenChanged():" + " receieved sso token property change notification, " + " clearing cached subject result cache " + " for tokenIdStr XXXXXX");
}
PolicyCache.getInstance().clearSubjectResultCache(tokenIdStr);
}
PolicyEvaluator.ssoListenerRegistry.remove(tokenIdStr);
} catch (Exception e) {
debug.error("PolicySSOTokenListener.ssoTokenChanged():policy sso " + "token listener", e);
}
}
Also used :
SSOTokenID(com.iplanet.sso.SSOTokenID)
Set(java.util.Set)
Iterator(java.util.Iterator)
Map(java.util.Map)
Example 7 with SSOTokenID
use of com.iplanet.sso.SSOTokenID in project OpenAM by OpenRock.
the class SessionResourceTest method actionCollectionShouldValidateSessionAndReturnTrueWhenSSOTokenValid.
@Test
public void actionCollectionShouldValidateSessionAndReturnTrueWhenSSOTokenValid() throws SSOException {
//Given
cookieResponse = "SSO_TOKEN_ID";
final SSOTokenContext tokenContext = mock(SSOTokenContext.class);
final Context context = ClientContext.newInternalClientContext(tokenContext);
final ActionRequest request = mock(ActionRequest.class);
final SSOToken ssoToken = mock(SSOToken.class);
final SSOTokenID ssoTokenId = mock(SSOTokenID.class);
given(request.getAction()).willReturn(VALIDATE_ACTION_ID);
given(tokenContext.getCallerSSOToken()).willReturn(ssoToken);
given(ssoTokenManager.isValidToken(ssoToken)).willReturn(true);
given(ssoToken.getTokenID()).willReturn(ssoTokenId);
given(ssoTokenId.toString()).willReturn("SSO_TOKEN_ID");
given(ssoTokenManager.createSSOToken(ssoTokenId.toString())).willReturn(ssoToken);
//When
Promise<ActionResponse, ResourceException> promise = sessionResource.actionCollection(context, request);
//Then
assertThat(promise).succeeded().withContent().booleanAt("valid").isTrue();
assertThat(promise).succeeded().withContent().stringAt("uid").isEqualTo("demo");
assertThat(promise).succeeded().withContent().stringAt("realm").isEqualTo("/");
}
Also used :
RootContext(org.forgerock.services.context.RootContext)
ClientContext(org.forgerock.services.context.ClientContext)
RealmContext(org.forgerock.openam.rest.RealmContext)
SessionContext(org.forgerock.http.session.SessionContext)
SSOTokenContext(org.forgerock.openam.rest.resource.SSOTokenContext)
AttributesContext(org.forgerock.services.context.AttributesContext)
SecurityContext(org.forgerock.services.context.SecurityContext)
Context(org.forgerock.services.context.Context)
SSOTokenID(com.iplanet.sso.SSOTokenID)
SSOToken(com.iplanet.sso.SSOToken)
SSOTokenContext(org.forgerock.openam.rest.resource.SSOTokenContext)
Test(org.testng.annotations.Test)
Example 8 with SSOTokenID
use of com.iplanet.sso.SSOTokenID in project OpenAM by OpenRock.
the class SessionResourceTest method actionCollectionShouldLogoutSessionAndReturnEmptyJsonObjectWhenSSOTokenValid.
@Test
public void actionCollectionShouldLogoutSessionAndReturnEmptyJsonObjectWhenSSOTokenValid() throws SSOException {
//Given
cookieResponse = "SSO_TOKEN_ID";
final AttributesContext attrContext = new AttributesContext(new SessionContext(new RootContext(), mock(Session.class)));
final AdviceContext adviceContext = new AdviceContext(attrContext, Collections.<String>emptySet());
final SecurityContext securityContext = new SecurityContext(adviceContext, null, null);
final Context context = ClientContext.newInternalClientContext(new SSOTokenContext(mock(Debug.class), null, securityContext));
final ActionRequest request = mock(ActionRequest.class);
final SSOTokenID ssoTokenId = mock(SSOTokenID.class);
given(request.getAction()).willReturn(LOGOUT_ACTION_ID);
given(authUtilsWrapper.logout(ssoTokenId.toString(), null, null)).willReturn(true);
//When
Promise<ActionResponse, ResourceException> promise = sessionResource.actionCollection(context, request);
//Then
assertThat(promise).succeeded().withContent().stringAt("result").isEqualTo("Successfully logged out");
}
Also used :
RootContext(org.forgerock.services.context.RootContext)
RootContext(org.forgerock.services.context.RootContext)
ClientContext(org.forgerock.services.context.ClientContext)
RealmContext(org.forgerock.openam.rest.RealmContext)
SessionContext(org.forgerock.http.session.SessionContext)
SSOTokenContext(org.forgerock.openam.rest.resource.SSOTokenContext)
AttributesContext(org.forgerock.services.context.AttributesContext)
SecurityContext(org.forgerock.services.context.SecurityContext)
Context(org.forgerock.services.context.Context)
SSOTokenID(com.iplanet.sso.SSOTokenID)
AttributesContext(org.forgerock.services.context.AttributesContext)
SSOTokenContext(org.forgerock.openam.rest.resource.SSOTokenContext)
SecurityContext(org.forgerock.services.context.SecurityContext)
SessionContext(org.forgerock.http.session.SessionContext)
Test(org.testng.annotations.Test)
Example 9 with SSOTokenID
use of com.iplanet.sso.SSOTokenID in project OpenAM by OpenRock.
the class PersistentCookieAuthModuleTest method shouldStoreClientIPOnLoginSuccess.
@Test
public void shouldStoreClientIPOnLoginSuccess() throws AuthenticationException, SSOException {
//Given
MessageInfo messageInfo = mock(MessageInfo.class);
HttpServletRequest request = mock(HttpServletRequest.class);
HttpServletResponse response = mock(HttpServletResponse.class);
SSOToken ssoToken = mock(SSOToken.class);
Map<String, Object> messageInfoMap = new HashMap<String, Object>();
Map<String, Object> contextMap = new HashMap<String, Object>();
Principal principal = mock(Principal.class);
SSOTokenID ssoTokenID = mock(SSOTokenID.class);
given(messageInfo.getMap()).willReturn(messageInfoMap);
messageInfoMap.put(AuthenticationFramework.ATTRIBUTE_AUTH_CONTEXT, contextMap);
given(ssoToken.getPrincipal()).willReturn(principal);
given(ssoToken.getTokenID()).willReturn(ssoTokenID);
given(request.getRemoteAddr()).willReturn("CLIENT_IP");
//When
persistentCookieAuthModule.onLoginSuccess(messageInfo, Collections.emptyMap(), request, response, ssoToken);
//Then
assertEquals(contextMap.get("openam.clientip"), "CLIENT_IP");
}
Also used :
HttpServletRequest(javax.servlet.http.HttpServletRequest)
SSOTokenID(com.iplanet.sso.SSOTokenID)
SSOToken(com.iplanet.sso.SSOToken)
HashMap(java.util.HashMap)
HttpServletResponse(javax.servlet.http.HttpServletResponse)
Principal(java.security.Principal)
MessageInfo(javax.security.auth.message.MessageInfo)
Test(org.testng.annotations.Test)
Example 10 with SSOTokenID
use of com.iplanet.sso.SSOTokenID in project OpenAM by OpenRock.
the class PersistentCookieAuthModuleTest method shouldCallOnLoginSuccessWhenJwtNotValidated.
@Test
public void shouldCallOnLoginSuccessWhenJwtNotValidated() throws AuthenticationException, SSOException {
//Given
persistentCookieAuthModule = new PersistentCookieAuthModule(new ServletJwtSessionModule(), amKeyProvider, coreWrapper) {
@Override
protected String getKeyAlias(String orgName) throws SSOException, SMSException {
return "KEY_ALIAS";
}
};
MessageInfo messageInfo = mock(MessageInfo.class);
Map requestParamsMap = new HashMap();
HttpServletRequest request = mock(HttpServletRequest.class);
HttpServletResponse response = mock(HttpServletResponse.class);
SSOToken ssoToken = mock(SSOToken.class);
Map<String, Object> map = new HashMap<String, Object>();
given(messageInfo.getMap()).willReturn(map);
Principal principal = mock(Principal.class);
given(principal.getName()).willReturn("PRINCIPAL_NAME");
SSOTokenID ssoTokenId = mock(SSOTokenID.class);
given(ssoTokenId.toString()).willReturn("SSO_TOKEN_ID");
given(ssoToken.getPrincipal()).willReturn(principal);
given(ssoToken.getAuthType()).willReturn("AUTH_TYPE");
given(ssoToken.getTokenID()).willReturn(ssoTokenId);
given(ssoToken.getProperty("Organization")).willReturn("ORGANISATION");
//When
persistentCookieAuthModule.onLoginSuccess(messageInfo, requestParamsMap, request, response, ssoToken);
//Then
assertEquals(map.size(), 1);
Map<String, Object> contextMap = (Map<String, Object>) map.get("org.forgerock.authentication.context");
assertEquals(contextMap.get("openam.usr"), "PRINCIPAL_NAME");
assertEquals(contextMap.get("openam.aty"), "AUTH_TYPE");
assertEquals(contextMap.get("openam.sid"), "SSO_TOKEN_ID");
assertEquals(contextMap.get("openam.rlm"), "ORGANISATION");
assertEquals(contextMap.get("openam.clientip"), null);
}
Also used :
SSOTokenID(com.iplanet.sso.SSOTokenID)
SSOToken(com.iplanet.sso.SSOToken)
SMSException(com.sun.identity.sm.SMSException)
HashMap(java.util.HashMap)
HttpServletResponse(javax.servlet.http.HttpServletResponse)
SSOException(com.iplanet.sso.SSOException)
MessageInfo(javax.security.auth.message.MessageInfo)
HttpServletRequest(javax.servlet.http.HttpServletRequest)
ServletJwtSessionModule(org.forgerock.jaspi.modules.session.jwt.ServletJwtSessionModule)
HashMap(java.util.HashMap)
Map(java.util.Map)
Principal(java.security.Principal)
Test(org.testng.annotations.Test)
Aggregations
SSOTokenID (com.iplanet.sso.SSOTokenID)16
Test (org.testng.annotations.Test)11
SSOToken (com.iplanet.sso.SSOToken)9
HttpServletRequest (javax.servlet.http.HttpServletRequest)7
HttpServletResponse (javax.servlet.http.HttpServletResponse)7
Map (java.util.Map)5
SSOException (com.iplanet.sso.SSOException)4
HashMap (java.util.HashMap)4
Principal (java.security.Principal)3
MessageInfo (javax.security.auth.message.MessageInfo)3
JsonValue (org.forgerock.json.JsonValue)3
LoginProcess (org.forgerock.openam.core.rest.authn.core.LoginProcess)3
AuthContextLocalWrapper (org.forgerock.openam.core.rest.authn.core.wrappers.AuthContextLocalWrapper)3
AttributesContext (org.forgerock.services.context.AttributesContext)3
Context (org.forgerock.services.context.Context)3
RootContext (org.forgerock.services.context.RootContext)3
SecurityContext (org.forgerock.services.context.SecurityContext)3
SessionID (com.iplanet.dpro.session.SessionID)2
SMSException (com.sun.identity.sm.SMSException)2
Iterator (java.util.Iterator)2
