Search in sources :

Example 51 with SSOTokenManager

use of com.iplanet.sso.SSOTokenManager in project OpenAM by OpenRock.

the class AuthClientUtils method getExistingValidSSOToken.

// Get Original Redirect URL for Auth to redirect the Login request
public static SSOToken getExistingValidSSOToken(SessionID sessID) {
    SSOToken ssoToken = null;
    try {
        if (sessID != null) {
            String sidString = sessID.toString();
            SSOTokenManager manager = SSOTokenManager.getInstance();
            SSOToken currentToken = manager.createSSOToken(sidString);
            if (manager.isValidToken(currentToken)) {
                ssoToken = currentToken;
            }
        }
    } catch (Exception e) {
        if (utilDebug.messageEnabled()) {
            utilDebug.message("Error in getExistingValidSSOToken", e);
        }
        return ssoToken;
    }
    return ssoToken;
}
Also used : SSOTokenManager(com.iplanet.sso.SSOTokenManager) SSOToken(com.iplanet.sso.SSOToken) PolicyException(com.sun.identity.policy.PolicyException) SSOException(com.iplanet.sso.SSOException) UnsupportedEncodingException(java.io.UnsupportedEncodingException) ServerEntryNotFoundException(com.iplanet.services.naming.ServerEntryNotFoundException) SMSException(com.sun.identity.sm.SMSException) MalformedURLException(java.net.MalformedURLException) IOException(java.io.IOException) AuthException(com.sun.identity.authentication.service.AuthException) SessionException(com.iplanet.dpro.session.SessionException)

Example 52 with SSOTokenManager

use of com.iplanet.sso.SSOTokenManager in project OpenAM by OpenRock.

the class AuthClientUtils method getOrigRedirectURL.

// Get Original Redirect URL for Auth to redirect the Login request
public static String getOrigRedirectURL(HttpServletRequest request, SessionID sessID) {
    try {
        String sidString = null;
        if (sessID != null) {
            sidString = sessID.toString();
        }
        SSOTokenManager manager = SSOTokenManager.getInstance();
        SSOToken ssoToken = manager.createSSOToken(sidString);
        if (manager.isValidToken(ssoToken)) {
            utilDebug.message("Valid SSOToken");
            return REDIRECT_URL_VALIDATOR.getRedirectUrl(ssoToken.getProperty(ISAuthConstants.ORGANIZATION), REDIRECT_URL_VALIDATOR.getAndDecodeParameter(request, RedirectUrlValidator.GOTO), ssoToken.getProperty("successURL"));
        }
    } catch (Exception e) {
        if (utilDebug.messageEnabled()) {
            utilDebug.message("Error in getOrigRedirectURL:", e);
        }
        return null;
    }
    return null;
}
Also used : SSOTokenManager(com.iplanet.sso.SSOTokenManager) SSOToken(com.iplanet.sso.SSOToken) PolicyException(com.sun.identity.policy.PolicyException) SSOException(com.iplanet.sso.SSOException) UnsupportedEncodingException(java.io.UnsupportedEncodingException) ServerEntryNotFoundException(com.iplanet.services.naming.ServerEntryNotFoundException) SMSException(com.sun.identity.sm.SMSException) MalformedURLException(java.net.MalformedURLException) IOException(java.io.IOException) AuthException(com.sun.identity.authentication.service.AuthException) SessionException(com.iplanet.dpro.session.SessionException)

Example 53 with SSOTokenManager

use of com.iplanet.sso.SSOTokenManager in project OpenAM by OpenRock.

the class ISAuthorizer method isAuthorized.

/**
     * Returns <code>true</code> if a given log record should be published.
     *
     * @param logName Log name on which operation is to be performed.
     * @param operation The log operation to be performed.
     * @param credential The credential to be authorized.
     * @return <code>true</code> if the credential is authorized.
     */
public boolean isAuthorized(String logName, String operation, Object credential) {
    SSOToken ssoToken = null;
    if (credential instanceof SSOToken) {
        ssoToken = (SSOToken) credential;
    }
    if (ssoToken == null) {
        Debug.error("ISAuthorizer.isAuthorized(): SSO Token is null ");
        return false;
    }
    try {
        String tmpID = ssoToken.getPrincipal().getName();
        if (Debug.messageEnabled()) {
            Debug.message("ISAuthorizer.isAuthorized():logName = " + logName + ", op = " + operation + ", uid = " + tmpID);
        }
        String thisSubConfig = "LogWrite";
        if (operation.equalsIgnoreCase("READ")) {
            thisSubConfig = "LogRead";
        }
        SSOTokenManager ssoMgr = SSOTokenManager.getInstance();
        if (ssoMgr.isValidToken(ssoToken)) {
            Map tmap = new HashMap();
            Set actSet;
            actSet = Collections.singleton(operation);
            try {
                String amRealm = ssoToken.getProperty(Constants.ORGANIZATION);
                DelegationPermission dp = new // realm
                DelegationPermission(// realm
                amRealm, // service name
                "iPlanetAMLoggingService", // version
                "1.0", // config type
                "application", // subConfig name
                thisSubConfig, // actions
                actSet, // extensions
                tmap);
                DelegationEvaluator de = new DelegationEvaluatorImpl();
                if (de.isAllowed(ssoToken, dp, null)) {
                    return true;
                } else {
                    Debug.error(logName + ":ISAuthorizer.isAuthorized():log rqt to " + operation + " by " + tmpID + " denied.");
                }
            } catch (DelegationException dex) {
                String loggedByID = ssoToken.getPrincipal().getName();
                Debug.error("ISAuthorizer.isAuthorized():delegation error: " + "user: " + loggedByID + ", logName = " + logName + ", op = " + operation + ", msg = " + dex.getMessage());
            }
        } else {
            String loggedByID = ssoToken.getPrincipal().getName();
            Debug.error("ISAuthorizer.isAuthorized(): access denied " + "for user : " + loggedByID);
        }
    } catch (SSOException ssoe) {
        Debug.error("ISAuthorizer.isAuthorized(): SSOException: ", ssoe);
    }
    return false;
}
Also used : SSOTokenManager(com.iplanet.sso.SSOTokenManager) DelegationEvaluatorImpl(com.sun.identity.delegation.DelegationEvaluatorImpl) SSOToken(com.iplanet.sso.SSOToken) Set(java.util.Set) HashMap(java.util.HashMap) DelegationEvaluator(com.sun.identity.delegation.DelegationEvaluator) DelegationException(com.sun.identity.delegation.DelegationException) SSOException(com.iplanet.sso.SSOException) Map(java.util.Map) HashMap(java.util.HashMap) DelegationPermission(com.sun.identity.delegation.DelegationPermission)

Aggregations

SSOTokenManager (com.iplanet.sso.SSOTokenManager)53 SSOToken (com.iplanet.sso.SSOToken)48 SSOException (com.iplanet.sso.SSOException)39 IdRepoException (com.sun.identity.idm.IdRepoException)11 AMIdentity (com.sun.identity.idm.AMIdentity)9 AuthLoginException (com.sun.identity.authentication.spi.AuthLoginException)8 IOException (java.io.IOException)7 Map (java.util.Map)6 Set (java.util.Set)6 ForbiddenException (org.forgerock.json.resource.ForbiddenException)6 SessionException (com.iplanet.dpro.session.SessionException)5 InternalSession (com.iplanet.dpro.session.service.InternalSession)5 AuthPrincipal (com.sun.identity.authentication.internal.AuthPrincipal)5 AuthException (com.sun.identity.authentication.service.AuthException)5 Iterator (java.util.Iterator)5 AuthContext (com.sun.identity.authentication.AuthContext)4 SMSException (com.sun.identity.sm.SMSException)4 Response (com.iplanet.services.comm.share.Response)3 UnsupportedEncodingException (java.io.UnsupportedEncodingException)3 HashMap (java.util.HashMap)3