Search in sources :

Example 41 with SSOTokenManager

use of com.iplanet.sso.SSOTokenManager in project OpenAM by OpenRock.

the class RealmResource method queryCollection.

/**
     * Returns names of all realms included in the subtree rooted by the realm indicated
     * in the query url.
     *
     * Names are unsorted and given as full paths.
     *
     * Filtering, sorting, and paging of results is not supported.
     *
     * {@inheritDoc}
     */
@Override
public Promise<QueryResponse, ResourceException> queryCollection(Context context, QueryRequest request, QueryResourceHandler handler) {
    final String principalName = PrincipalRestUtils.getPrincipalNameFromServerContext(context);
    final RealmContext realmContext = context.asContext(RealmContext.class);
    final String realmPath = realmContext.getResolvedRealm();
    try {
        final SSOTokenManager mgr = SSOTokenManager.getInstance();
        final SSOToken ssoToken = mgr.createSSOToken(getCookieFromServerContext(context));
        final OrganizationConfigManager ocm = new OrganizationConfigManager(ssoToken, realmPath);
        final List<String> realmsInSubTree = new ArrayList<String>();
        realmsInSubTree.add(realmPath);
        for (final Object subRealmRelativePath : ocm.getSubOrganizationNames("*", true)) {
            if (realmPath.endsWith("/")) {
                realmsInSubTree.add(realmPath + subRealmRelativePath);
            } else {
                realmsInSubTree.add(realmPath + "/" + subRealmRelativePath);
            }
        }
        debug.message("RealmResource :: QUERY : performed by " + principalName);
        for (final Object realmName : realmsInSubTree) {
            JsonValue val = new JsonValue(realmName);
            ResourceResponse resource = newResourceResponse((String) realmName, "0", val);
            handler.handleResource(resource);
        }
        return newResultPromise(newQueryResponse());
    } catch (SSOException ex) {
        debug.error("RealmResource :: QUERY by " + principalName + " failed : " + ex);
        return new ForbiddenException().asPromise();
    } catch (SMSException ex) {
        debug.error("RealmResource :: QUERY by " + principalName + " failed :" + ex);
        switch(ex.getExceptionCode()) {
            case STATUS_NO_PERMISSION:
                // This exception will be thrown if permission to read realms from SMS has not been delegated
                return new ForbiddenException().asPromise();
            default:
                return new InternalServerErrorException().asPromise();
        }
    }
}
Also used : SSOTokenManager(com.iplanet.sso.SSOTokenManager) ForbiddenException(org.forgerock.json.resource.ForbiddenException) SSOToken(com.iplanet.sso.SSOToken) RealmContext(org.forgerock.openam.rest.RealmContext) SMSException(com.sun.identity.sm.SMSException) ArrayList(java.util.ArrayList) JsonValue(org.forgerock.json.JsonValue) SSOException(com.iplanet.sso.SSOException) Responses.newResourceResponse(org.forgerock.json.resource.Responses.newResourceResponse) ResourceResponse(org.forgerock.json.resource.ResourceResponse) OrganizationConfigManager(com.sun.identity.sm.OrganizationConfigManager) InternalServerErrorException(org.forgerock.json.resource.InternalServerErrorException)

Example 42 with SSOTokenManager

use of com.iplanet.sso.SSOTokenManager in project OpenAM by OpenRock.

the class IdentityResourceV1 method idFromSession.

/**
     * Gets the user id from the session provided in the server context
     *
     * @param context Current Server Context
     * @param request Request from client to retrieve id
     */
private Promise<ActionResponse, ResourceException> idFromSession(final Context context, final ActionRequest request) {
    JsonValue result = new JsonValue(new LinkedHashMap<String, Object>(1));
    SSOToken ssotok;
    AMIdentity amIdentity;
    try {
        SSOTokenManager mgr = SSOTokenManager.getInstance();
        ssotok = mgr.createSSOToken(getCookieFromServerContext(context));
        amIdentity = new AMIdentity(ssotok);
        // build resource
        result.put("id", amIdentity.getName());
        result.put("realm", com.sun.identity.sm.DNMapper.orgNameToRealmName(amIdentity.getRealm()));
        result.put("dn", amIdentity.getUniversalId());
        result.put("successURL", ssotok.getProperty(ISAuthConstants.SUCCESS_URL, false));
        result.put("fullLoginURL", ssotok.getProperty(ISAuthConstants.FULL_LOGIN_URL, false));
        if (debug.messageEnabled()) {
            debug.message("IdentityResource.idFromSession() :: Retrieved ID for user={}", amIdentity.getName());
        }
        return newResultPromise(newActionResponse(result));
    } catch (SSOException e) {
        debug.error("IdentityResource.idFromSession() :: Cannot retrieve SSO Token", e);
        return new ForbiddenException("SSO Token cannot be retrieved.", e).asPromise();
    } catch (IdRepoException ex) {
        debug.error("IdentityResource.idFromSession() :: Cannot retrieve user from IdRepo", ex);
        return new ForbiddenException("Cannot retrieve id from session.", ex).asPromise();
    }
}
Also used : SSOTokenManager(com.iplanet.sso.SSOTokenManager) ForbiddenException(org.forgerock.json.resource.ForbiddenException) IdentityRestUtils.getSSOToken(org.forgerock.openam.core.rest.IdentityRestUtils.getSSOToken) SSOToken(com.iplanet.sso.SSOToken) AMIdentity(com.sun.identity.idm.AMIdentity) IdentityRestUtils.identityDetailsToJsonValue(org.forgerock.openam.core.rest.IdentityRestUtils.identityDetailsToJsonValue) JsonValue(org.forgerock.json.JsonValue) IdRepoException(com.sun.identity.idm.IdRepoException) SSOException(com.iplanet.sso.SSOException)

Example 43 with SSOTokenManager

use of com.iplanet.sso.SSOTokenManager in project OpenAM by OpenRock.

the class Adaptive method process.

@Override
public int process(Callback[] callbacks, int state) throws AuthLoginException {
    int currentScore = 0;
    debug.message("{}: process called with state = {}", ADAPTIVE, state);
    if (state != ISAuthConstants.LOGIN_START) {
        throw new AuthLoginException("Authentication failed: Internal Error - NOT LOGIN_START");
    }
    if (userName == null || userName.length() == 0) {
        // session
        try {
            SSOTokenManager mgr = SSOTokenManager.getInstance();
            InternalSession isess = getLoginState(ADAPTIVE).getOldSession();
            if (isess == null) {
                throw new AuthLoginException(ADAPTIVE, "noInternalSession", null);
            }
            SSOToken token = mgr.createSSOToken(isess.getID().toString());
            userUUID = token.getPrincipal().getName();
            userName = token.getProperty("UserToken");
            if (debug.messageEnabled()) {
                debug.message("{}.process() : UserName '{}' in SSOToken", ADAPTIVE, userName);
            }
            if (userName == null || userName.length() == 0) {
                throw new AuthLoginException("amAuth", "noUserName", null);
            }
        } catch (SSOException e) {
            debug.message("{}: amAuthIdentity NULL ", ADAPTIVE);
            throw new AuthLoginException(ADAPTIVE, "noIdentity", null);
        }
    }
    if (debug.messageEnabled()) {
        debug.message("{}: Login Attempt Username = {}", ADAPTIVE, userName);
    }
    amAuthIdentity = getIdentity();
    clientIP = ClientUtils.getClientIPAddress(getHttpServletRequest());
    if (amAuthIdentity == null) {
        throw new AuthLoginException(ADAPTIVE, "noIdentity", null);
    }
    try {
        if (IPRangeCheck) {
            int retVal = checkIPRange();
            if (debug.messageEnabled()) {
                debug.message("{}.checkIPRange: returns {}", ADAPTIVE, retVal);
            }
            currentScore += retVal;
        }
        if (IPHistoryCheck) {
            int retVal = checkIPHistory();
            if (debug.messageEnabled()) {
                debug.message("{}.checkIPHistory: returns {}", ADAPTIVE, retVal);
            }
            currentScore += retVal;
        }
        if (knownCookieCheck) {
            int retVal = checkKnownCookie();
            if (debug.messageEnabled()) {
                debug.message("{}.checkKnownCookie: returns {}", ADAPTIVE, retVal);
            }
            currentScore += retVal;
        }
        if (timeOfDayCheck) {
            int retVal = checkTimeDay();
            if (debug.messageEnabled()) {
                debug.message("{}.checkTimeDay: returns {}", ADAPTIVE, retVal);
            }
            currentScore += retVal;
        }
        if (timeSinceLastLoginCheck) {
            int retVal = checkLastLogin();
            if (debug.messageEnabled()) {
                debug.message("{}.checkLastLogin: returns {}", ADAPTIVE, retVal);
            }
            currentScore += retVal;
        }
        if (riskAttributeCheck) {
            int retVal = checkRiskAttribute();
            if (debug.messageEnabled()) {
                debug.message("{}.checkRiskAttribute: returns {}", ADAPTIVE, retVal);
            }
            currentScore += retVal;
        }
        if (authFailureCheck) {
            int retVal = checkAuthFailure();
            if (debug.messageEnabled()) {
                debug.message("{}.checkAuthFailure: returns {}", ADAPTIVE, retVal);
            }
            currentScore += retVal;
        }
        if (deviceCookieCheck) {
            int retVal = checkRegisteredClient();
            if (debug.messageEnabled()) {
                debug.message("{}.checkRegisteredClient: returns {}", ADAPTIVE, retVal);
            }
            currentScore += retVal;
        }
        if (geoLocationCheck) {
            int retVal = checkGeoLocation();
            if (debug.messageEnabled()) {
                debug.message("{}.checkGeoLocation: returns {}", ADAPTIVE, retVal);
            }
            currentScore += retVal;
        }
        if (reqHeaderCheck) {
            int retVal = checkRequestHeader();
            if (debug.messageEnabled()) {
                debug.message("{}.checkRequestHeader: returns {}", ADAPTIVE, retVal);
            }
            currentScore += retVal;
        }
    } catch (Exception ex) {
        currentScore = Integer.MAX_VALUE;
        debug.error("{}.process() : Unknown exception occurred while executing checks, module will fail.", ADAPTIVE, ex);
    }
    setPostAuthNParams();
    if (currentScore < adaptiveThreshold) {
        if (debug.messageEnabled()) {
            debug.message("{}: Returning Success. Username='{}'", ADAPTIVE, userName);
        }
        return ISAuthConstants.LOGIN_SUCCEED;
    } else {
        if (debug.messageEnabled()) {
            debug.message("{}: Returning Fail. Username='{}'", ADAPTIVE, userName);
        }
        throw new AuthLoginException(ADAPTIVE + " - Risk determined.");
    }
}
Also used : SSOTokenManager(com.iplanet.sso.SSOTokenManager) SSOToken(com.iplanet.sso.SSOToken) InternalSession(com.iplanet.dpro.session.service.InternalSession) AuthLoginException(com.sun.identity.authentication.spi.AuthLoginException) SSOException(com.iplanet.sso.SSOException) ParseException(java.text.ParseException) AuthLoginException(com.sun.identity.authentication.spi.AuthLoginException) SSOException(com.iplanet.sso.SSOException) UnsupportedEncodingException(java.io.UnsupportedEncodingException) IdRepoException(com.sun.identity.idm.IdRepoException) GeoIp2Exception(com.maxmind.geoip2.exception.GeoIp2Exception) IOException(java.io.IOException) AuthenticationException(com.sun.identity.authentication.spi.AuthenticationException)

Example 44 with SSOTokenManager

use of com.iplanet.sso.SSOTokenManager in project OpenAM by OpenRock.

the class SSOTokenAuthZ method validateTokenId.

private int validateTokenId(HttpServletRequest request) throws ServletException, IOException {
    String tokenId = request.getHeader(RestServiceManager.SUBJECT_HEADER_NAME);
    String hashed = request.getParameter(RestServiceManager.HASHED_SUBJECT_QUERY);
    if (((tokenId == null) || (tokenId.trim().length() == 0)) && ((hashed == null) || (hashed.trim().length() == 0))) {
        // by pass the check
        return HttpServletResponse.SC_OK;
    }
    if ((tokenId == null) || (tokenId.trim().length() == 0)) {
        try {
            SSOTokenManager mgr = SSOTokenManager.getInstance();
            SSOToken token = mgr.createSSOToken(request);
            tokenId = token.getTokenID().toString();
        } catch (SSOException e) {
            return HttpServletResponse.SC_UNAUTHORIZED;
        }
    }
    if (!Boolean.parseBoolean(SystemProperties.get(RestServiceManager.DISABLE_HASHED_SUBJECT_CHECK, "false"))) {
        if ((hashed == null) || (hashed.trim().length() == 0)) {
            return HttpServletResponse.SC_UNAUTHORIZED;
        } else {
            int idx = tokenId.indexOf(':');
            if (idx != -1) {
                tokenId = tokenId.substring(idx + 1);
            }
            if (!Hash.hash(tokenId).equals(hashed)) {
                return HttpServletResponse.SC_UNAUTHORIZED;
            }
        }
    }
    return HttpServletResponse.SC_OK;
}
Also used : SSOTokenManager(com.iplanet.sso.SSOTokenManager) SSOToken(com.iplanet.sso.SSOToken) SSOException(com.iplanet.sso.SSOException)

Example 45 with SSOTokenManager

use of com.iplanet.sso.SSOTokenManager in project OpenAM by OpenRock.

the class OAuth2AuditSSOTokenContextProvider method getSSOToken.

private SSOToken getSSOToken(Request request) {
    SSOToken token;
    try {
        SSOTokenManager mgr = SSOTokenManager.getInstance();
        token = mgr.createSSOToken(ServletUtils.getRequest(request));
    } catch (Exception e) {
        return null;
    }
    return token;
}
Also used : SSOTokenManager(com.iplanet.sso.SSOTokenManager) SSOToken(com.iplanet.sso.SSOToken) SSOException(com.iplanet.sso.SSOException)

Aggregations

SSOTokenManager (com.iplanet.sso.SSOTokenManager)53 SSOToken (com.iplanet.sso.SSOToken)48 SSOException (com.iplanet.sso.SSOException)39 IdRepoException (com.sun.identity.idm.IdRepoException)11 AMIdentity (com.sun.identity.idm.AMIdentity)9 AuthLoginException (com.sun.identity.authentication.spi.AuthLoginException)8 IOException (java.io.IOException)7 Map (java.util.Map)6 Set (java.util.Set)6 ForbiddenException (org.forgerock.json.resource.ForbiddenException)6 SessionException (com.iplanet.dpro.session.SessionException)5 InternalSession (com.iplanet.dpro.session.service.InternalSession)5 AuthPrincipal (com.sun.identity.authentication.internal.AuthPrincipal)5 AuthException (com.sun.identity.authentication.service.AuthException)5 Iterator (java.util.Iterator)5 AuthContext (com.sun.identity.authentication.AuthContext)4 SMSException (com.sun.identity.sm.SMSException)4 Response (com.iplanet.services.comm.share.Response)3 UnsupportedEncodingException (java.io.UnsupportedEncodingException)3 HashMap (java.util.HashMap)3