Example 41 with SSOTokenManager
use of com.iplanet.sso.SSOTokenManager in project OpenAM by OpenRock.
the class RealmResource method queryCollection.
/**
* Returns names of all realms included in the subtree rooted by the realm indicated
* in the query url.
*
* Names are unsorted and given as full paths.
*
* Filtering, sorting, and paging of results is not supported.
*
* {@inheritDoc}
*/
@Override
public Promise<QueryResponse, ResourceException> queryCollection(Context context, QueryRequest request, QueryResourceHandler handler) {
final String principalName = PrincipalRestUtils.getPrincipalNameFromServerContext(context);
final RealmContext realmContext = context.asContext(RealmContext.class);
final String realmPath = realmContext.getResolvedRealm();
try {
final SSOTokenManager mgr = SSOTokenManager.getInstance();
final SSOToken ssoToken = mgr.createSSOToken(getCookieFromServerContext(context));
final OrganizationConfigManager ocm = new OrganizationConfigManager(ssoToken, realmPath);
final List<String> realmsInSubTree = new ArrayList<String>();
realmsInSubTree.add(realmPath);
for (final Object subRealmRelativePath : ocm.getSubOrganizationNames("*", true)) {
if (realmPath.endsWith("/")) {
realmsInSubTree.add(realmPath + subRealmRelativePath);
} else {
realmsInSubTree.add(realmPath + "/" + subRealmRelativePath);
}
}
debug.message("RealmResource :: QUERY : performed by " + principalName);
for (final Object realmName : realmsInSubTree) {
JsonValue val = new JsonValue(realmName);
ResourceResponse resource = newResourceResponse((String) realmName, "0", val);
handler.handleResource(resource);
}
return newResultPromise(newQueryResponse());
} catch (SSOException ex) {
debug.error("RealmResource :: QUERY by " + principalName + " failed : " + ex);
return new ForbiddenException().asPromise();
} catch (SMSException ex) {
debug.error("RealmResource :: QUERY by " + principalName + " failed :" + ex);
switch(ex.getExceptionCode()) {
case STATUS_NO_PERMISSION:
// This exception will be thrown if permission to read realms from SMS has not been delegated
return new ForbiddenException().asPromise();
default:
return new InternalServerErrorException().asPromise();
}
}
}
Also used :
SSOTokenManager(com.iplanet.sso.SSOTokenManager)
ForbiddenException(org.forgerock.json.resource.ForbiddenException)
SSOToken(com.iplanet.sso.SSOToken)
RealmContext(org.forgerock.openam.rest.RealmContext)
SMSException(com.sun.identity.sm.SMSException)
ArrayList(java.util.ArrayList)
JsonValue(org.forgerock.json.JsonValue)
SSOException(com.iplanet.sso.SSOException)
Responses.newResourceResponse(org.forgerock.json.resource.Responses.newResourceResponse)
ResourceResponse(org.forgerock.json.resource.ResourceResponse)
OrganizationConfigManager(com.sun.identity.sm.OrganizationConfigManager)
InternalServerErrorException(org.forgerock.json.resource.InternalServerErrorException)
Example 42 with SSOTokenManager
use of com.iplanet.sso.SSOTokenManager in project OpenAM by OpenRock.
the class IdentityResourceV1 method idFromSession.
/**
* Gets the user id from the session provided in the server context
*
* @param context Current Server Context
* @param request Request from client to retrieve id
*/
private Promise<ActionResponse, ResourceException> idFromSession(final Context context, final ActionRequest request) {
JsonValue result = new JsonValue(new LinkedHashMap<String, Object>(1));
SSOToken ssotok;
AMIdentity amIdentity;
try {
SSOTokenManager mgr = SSOTokenManager.getInstance();
ssotok = mgr.createSSOToken(getCookieFromServerContext(context));
amIdentity = new AMIdentity(ssotok);
// build resource
result.put("id", amIdentity.getName());
result.put("realm", com.sun.identity.sm.DNMapper.orgNameToRealmName(amIdentity.getRealm()));
result.put("dn", amIdentity.getUniversalId());
result.put("successURL", ssotok.getProperty(ISAuthConstants.SUCCESS_URL, false));
result.put("fullLoginURL", ssotok.getProperty(ISAuthConstants.FULL_LOGIN_URL, false));
if (debug.messageEnabled()) {
debug.message("IdentityResource.idFromSession() :: Retrieved ID for user={}", amIdentity.getName());
}
return newResultPromise(newActionResponse(result));
} catch (SSOException e) {
debug.error("IdentityResource.idFromSession() :: Cannot retrieve SSO Token", e);
return new ForbiddenException("SSO Token cannot be retrieved.", e).asPromise();
} catch (IdRepoException ex) {
debug.error("IdentityResource.idFromSession() :: Cannot retrieve user from IdRepo", ex);
return new ForbiddenException("Cannot retrieve id from session.", ex).asPromise();
}
}
Also used :
SSOTokenManager(com.iplanet.sso.SSOTokenManager)
ForbiddenException(org.forgerock.json.resource.ForbiddenException)
IdentityRestUtils.getSSOToken(org.forgerock.openam.core.rest.IdentityRestUtils.getSSOToken)
SSOToken(com.iplanet.sso.SSOToken)
AMIdentity(com.sun.identity.idm.AMIdentity)
IdentityRestUtils.identityDetailsToJsonValue(org.forgerock.openam.core.rest.IdentityRestUtils.identityDetailsToJsonValue)
JsonValue(org.forgerock.json.JsonValue)
IdRepoException(com.sun.identity.idm.IdRepoException)
SSOException(com.iplanet.sso.SSOException)
Example 43 with SSOTokenManager
use of com.iplanet.sso.SSOTokenManager in project OpenAM by OpenRock.
the class Adaptive method process.
@Override
public int process(Callback[] callbacks, int state) throws AuthLoginException {
int currentScore = 0;
debug.message("{}: process called with state = {}", ADAPTIVE, state);
if (state != ISAuthConstants.LOGIN_START) {
throw new AuthLoginException("Authentication failed: Internal Error - NOT LOGIN_START");
}
if (userName == null || userName.length() == 0) {
// session
try {
SSOTokenManager mgr = SSOTokenManager.getInstance();
InternalSession isess = getLoginState(ADAPTIVE).getOldSession();
if (isess == null) {
throw new AuthLoginException(ADAPTIVE, "noInternalSession", null);
}
SSOToken token = mgr.createSSOToken(isess.getID().toString());
userUUID = token.getPrincipal().getName();
userName = token.getProperty("UserToken");
if (debug.messageEnabled()) {
debug.message("{}.process() : UserName '{}' in SSOToken", ADAPTIVE, userName);
}
if (userName == null || userName.length() == 0) {
throw new AuthLoginException("amAuth", "noUserName", null);
}
} catch (SSOException e) {
debug.message("{}: amAuthIdentity NULL ", ADAPTIVE);
throw new AuthLoginException(ADAPTIVE, "noIdentity", null);
}
}
if (debug.messageEnabled()) {
debug.message("{}: Login Attempt Username = {}", ADAPTIVE, userName);
}
amAuthIdentity = getIdentity();
clientIP = ClientUtils.getClientIPAddress(getHttpServletRequest());
if (amAuthIdentity == null) {
throw new AuthLoginException(ADAPTIVE, "noIdentity", null);
}
try {
if (IPRangeCheck) {
int retVal = checkIPRange();
if (debug.messageEnabled()) {
debug.message("{}.checkIPRange: returns {}", ADAPTIVE, retVal);
}
currentScore += retVal;
}
if (IPHistoryCheck) {
int retVal = checkIPHistory();
if (debug.messageEnabled()) {
debug.message("{}.checkIPHistory: returns {}", ADAPTIVE, retVal);
}
currentScore += retVal;
}
if (knownCookieCheck) {
int retVal = checkKnownCookie();
if (debug.messageEnabled()) {
debug.message("{}.checkKnownCookie: returns {}", ADAPTIVE, retVal);
}
currentScore += retVal;
}
if (timeOfDayCheck) {
int retVal = checkTimeDay();
if (debug.messageEnabled()) {
debug.message("{}.checkTimeDay: returns {}", ADAPTIVE, retVal);
}
currentScore += retVal;
}
if (timeSinceLastLoginCheck) {
int retVal = checkLastLogin();
if (debug.messageEnabled()) {
debug.message("{}.checkLastLogin: returns {}", ADAPTIVE, retVal);
}
currentScore += retVal;
}
if (riskAttributeCheck) {
int retVal = checkRiskAttribute();
if (debug.messageEnabled()) {
debug.message("{}.checkRiskAttribute: returns {}", ADAPTIVE, retVal);
}
currentScore += retVal;
}
if (authFailureCheck) {
int retVal = checkAuthFailure();
if (debug.messageEnabled()) {
debug.message("{}.checkAuthFailure: returns {}", ADAPTIVE, retVal);
}
currentScore += retVal;
}
if (deviceCookieCheck) {
int retVal = checkRegisteredClient();
if (debug.messageEnabled()) {
debug.message("{}.checkRegisteredClient: returns {}", ADAPTIVE, retVal);
}
currentScore += retVal;
}
if (geoLocationCheck) {
int retVal = checkGeoLocation();
if (debug.messageEnabled()) {
debug.message("{}.checkGeoLocation: returns {}", ADAPTIVE, retVal);
}
currentScore += retVal;
}
if (reqHeaderCheck) {
int retVal = checkRequestHeader();
if (debug.messageEnabled()) {
debug.message("{}.checkRequestHeader: returns {}", ADAPTIVE, retVal);
}
currentScore += retVal;
}
} catch (Exception ex) {
currentScore = Integer.MAX_VALUE;
debug.error("{}.process() : Unknown exception occurred while executing checks, module will fail.", ADAPTIVE, ex);
}
setPostAuthNParams();
if (currentScore < adaptiveThreshold) {
if (debug.messageEnabled()) {
debug.message("{}: Returning Success. Username='{}'", ADAPTIVE, userName);
}
return ISAuthConstants.LOGIN_SUCCEED;
} else {
if (debug.messageEnabled()) {
debug.message("{}: Returning Fail. Username='{}'", ADAPTIVE, userName);
}
throw new AuthLoginException(ADAPTIVE + " - Risk determined.");
}
}
Also used :
SSOTokenManager(com.iplanet.sso.SSOTokenManager)
SSOToken(com.iplanet.sso.SSOToken)
InternalSession(com.iplanet.dpro.session.service.InternalSession)
AuthLoginException(com.sun.identity.authentication.spi.AuthLoginException)
SSOException(com.iplanet.sso.SSOException)
ParseException(java.text.ParseException)
AuthLoginException(com.sun.identity.authentication.spi.AuthLoginException)
SSOException(com.iplanet.sso.SSOException)
UnsupportedEncodingException(java.io.UnsupportedEncodingException)
IdRepoException(com.sun.identity.idm.IdRepoException)
GeoIp2Exception(com.maxmind.geoip2.exception.GeoIp2Exception)
IOException(java.io.IOException)
AuthenticationException(com.sun.identity.authentication.spi.AuthenticationException)
Example 44 with SSOTokenManager
use of com.iplanet.sso.SSOTokenManager in project OpenAM by OpenRock.
the class SSOTokenAuthZ method validateTokenId.
private int validateTokenId(HttpServletRequest request) throws ServletException, IOException {
String tokenId = request.getHeader(RestServiceManager.SUBJECT_HEADER_NAME);
String hashed = request.getParameter(RestServiceManager.HASHED_SUBJECT_QUERY);
if (((tokenId == null) || (tokenId.trim().length() == 0)) && ((hashed == null) || (hashed.trim().length() == 0))) {
// by pass the check
return HttpServletResponse.SC_OK;
}
if ((tokenId == null) || (tokenId.trim().length() == 0)) {
try {
SSOTokenManager mgr = SSOTokenManager.getInstance();
SSOToken token = mgr.createSSOToken(request);
tokenId = token.getTokenID().toString();
} catch (SSOException e) {
return HttpServletResponse.SC_UNAUTHORIZED;
}
}
if (!Boolean.parseBoolean(SystemProperties.get(RestServiceManager.DISABLE_HASHED_SUBJECT_CHECK, "false"))) {
if ((hashed == null) || (hashed.trim().length() == 0)) {
return HttpServletResponse.SC_UNAUTHORIZED;
} else {
int idx = tokenId.indexOf(':');
if (idx != -1) {
tokenId = tokenId.substring(idx + 1);
}
if (!Hash.hash(tokenId).equals(hashed)) {
return HttpServletResponse.SC_UNAUTHORIZED;
}
}
}
return HttpServletResponse.SC_OK;
}
Also used :
SSOTokenManager(com.iplanet.sso.SSOTokenManager)
SSOToken(com.iplanet.sso.SSOToken)
SSOException(com.iplanet.sso.SSOException)
Example 45 with SSOTokenManager
use of com.iplanet.sso.SSOTokenManager in project OpenAM by OpenRock.
the class OAuth2AuditSSOTokenContextProvider method getSSOToken.
private SSOToken getSSOToken(Request request) {
SSOToken token;
try {
SSOTokenManager mgr = SSOTokenManager.getInstance();
token = mgr.createSSOToken(ServletUtils.getRequest(request));
} catch (Exception e) {
return null;
}
return token;
}
Also used :
SSOTokenManager(com.iplanet.sso.SSOTokenManager)
SSOToken(com.iplanet.sso.SSOToken)
SSOException(com.iplanet.sso.SSOException)
Aggregations
SSOTokenManager (com.iplanet.sso.SSOTokenManager)53
SSOToken (com.iplanet.sso.SSOToken)48
SSOException (com.iplanet.sso.SSOException)39
IdRepoException (com.sun.identity.idm.IdRepoException)11
AMIdentity (com.sun.identity.idm.AMIdentity)9
AuthLoginException (com.sun.identity.authentication.spi.AuthLoginException)8
IOException (java.io.IOException)7
Map (java.util.Map)6
Set (java.util.Set)6
ForbiddenException (org.forgerock.json.resource.ForbiddenException)6
SessionException (com.iplanet.dpro.session.SessionException)5
InternalSession (com.iplanet.dpro.session.service.InternalSession)5
AuthPrincipal (com.sun.identity.authentication.internal.AuthPrincipal)5
AuthException (com.sun.identity.authentication.service.AuthException)5
Iterator (java.util.Iterator)5
AuthContext (com.sun.identity.authentication.AuthContext)4
SMSException (com.sun.identity.sm.SMSException)4
Response (com.iplanet.services.comm.share.Response)3
UnsupportedEncodingException (java.io.UnsupportedEncodingException)3
HashMap (java.util.HashMap)3
