use of com.sun.identity.plugin.session.SessionException in project OpenAM by OpenRock.
the class LibertyManager method getUser.
/**
* Returns the user from <code>HttpServletRequest</code>.
*
* @param request HTTP servlet request.
* @return the user from <code>HttpServletRequest</code>.
*/
public static String getUser(HttpServletRequest request) {
Object ssoToken = null;
try {
SessionProvider sessionProvider = SessionManager.getProvider();
ssoToken = sessionProvider.getSession(request);
if (ssoToken != null && sessionProvider.isValid(ssoToken)) {
debug.message("LibertyManager: getUser: token is valid");
return sessionProvider.getPrincipalName(ssoToken);
}
return null;
} catch (SessionException ssoe) {
debug.error("LibertyManager: getUser: SessionException: ", ssoe);
return null;
}
}
use of com.sun.identity.plugin.session.SessionException in project OpenAM by OpenRock.
the class LibertyManagerClient method getDiscoveryResourceOffering.
/**
* Returns the discovery service bootstrap resource offering.
* @param token Single Sign On Token.
* @param hostProviderID Hosted <code>ProviderID</code>.
* @return <code>ResourceOffering</code> Discovery Service bootstrap
* resource offering.
* @exception FSException if any failure.
*/
public ResourceOffering getDiscoveryResourceOffering(Object token, String hostProviderID) throws FSException {
try {
SessionProvider sessionProvider = SessionManager.getProvider();
String tokenID = sessionProvider.getSessionID(token);
String cacheKey = tokenID + DISCO_RO;
ResourceOffering ro = (ResourceOffering) bootStrapCache.get(cacheKey);
if (ro != null) {
return ro;
}
String[] objs = { tokenID, hostProviderID };
String resourceOffering = (String) client.send("getDiscoveryResourceOffering", objs, null, null);
if ((resourceOffering == null) || (resourceOffering.length() == 0)) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("LibertyManagerClient.getDiscovery" + "ResourceOffering: ResouceOffering is null or empty");
}
return null;
}
Document doc = XMLUtils.toDOMDocument(resourceOffering, FSUtils.debug);
ro = new ResourceOffering(doc.getDocumentElement());
sessionProvider.addListener(token, new LibertyClientSSOTokenListener());
bootStrapCache.put(cacheKey, ro);
return ro;
} catch (SessionException se) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("LibertyManagerClient.getDiscovery" + "ResourceOffering: InvalidSessionToken", se);
}
throw new FSException(FSUtils.bundle.getString("invalidSSOToken"));
} catch (DiscoveryException de) {
FSUtils.debug.error("LibertyManagerClient.getDiscovery" + "ResourceOffering: Invalid ResourceOffering", de);
throw new FSException(FSUtils.bundle.getString("invalidResourceOffering"));
} catch (Exception ex) {
FSUtils.debug.error("LibertyManagerClient.getDiscovery" + "ResourceOffering: SOAPClient Exception", ex);
throw new FSException(FSUtils.bundle.getString("soapException"));
}
}
use of com.sun.identity.plugin.session.SessionException in project OpenAM by OpenRock.
the class LibertyManagerImpl method getDiscoveryServiceCredential.
/**
* Returns the discovery service credential.
* @param tokenID Single Sign On Token ID.
* @param hostProviderID Hosted <code>ProviderID</code>.
* @return <code>String</code> Credential to access the discovery service.
* <code>null</code> if the credential does not present.
* @exception RemoteException if any failure.
*/
public String getDiscoveryServiceCredential(String tokenID, String hostProviderID) throws RemoteException {
try {
Object token = SessionManager.getProvider().getSession(tokenID);
FSSession session = FSSessionManager.getInstance(IDFFMetaUtils.getMetaAlias(IFSConstants.ROOT_REALM, hostProviderID, IFSConstants.SP, null)).getSession(token);
if (session == null) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("LibertyManagerImpl.getDiscoveryServiceCredential:" + "ResourceOffering: no FSSession found");
}
return null;
}
List creds = session.getBootStrapCredential();
if (creds == null || creds.size() == 0) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("LibertyManagerImpl.getDiscovery:" + "ServiceCredential: bootstrap credential is null");
}
return null;
}
return ((SecurityAssertion) creds.get(0)).toString();
} catch (SessionException se) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("LibertyManagerImpl.getDiscoveryService" + "Credential: SessionException", se);
}
throw new RemoteException(FSUtils.bundle.getString("invalidSSOToken"));
}
}
use of com.sun.identity.plugin.session.SessionException in project OpenAM by OpenRock.
the class FSProcessLogoutServlet method doGetPost.
/**
* Handles single logout request.
* @param request an <code>HttpServletRequest</code> object that contains
* the request the client has made of the servlet.
* @param response an <code>HttpServletResponse</code> object that contains
* the response the servlet sends to the client.
* @exception ServletException if an input or output error is detected when
* the servlet handles the request
* @exception IOException if the request could not be handled
*/
private void doGetPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
FSUtils.debug.message("FSProcessLogoutServlet doGetPost...");
// Alias processing
String providerAlias = request.getParameter(IFSConstants.META_ALIAS);
if (providerAlias == null || providerAlias.length() == 0) {
providerAlias = FSServiceUtils.getMetaAlias(request);
}
if (providerAlias == null || providerAlias.length() < 1) {
FSUtils.debug.error("Unable to retrieve alias, Hosted Provider. " + "Cannot process request");
response.sendError(response.SC_INTERNAL_SERVER_ERROR, FSUtils.bundle.getString("aliasNotFound"));
return;
}
if (metaManager == null) {
FSUtils.debug.error("Cannot retrieve hosted descriptor. " + "Cannot process request");
response.sendError(response.SC_INTERNAL_SERVER_ERROR, FSUtils.bundle.getString(IFSConstants.FAILED_HOSTED_DESCRIPTOR));
return;
}
String realm = IDFFMetaUtils.getRealmByMetaAlias(providerAlias);
ProviderDescriptorType hostedProviderDesc = null;
BaseConfigType hostedConfig = null;
String hostedRole = null;
String hostedEntityId = null;
try {
hostedRole = metaManager.getProviderRoleByMetaAlias(providerAlias);
hostedEntityId = metaManager.getEntityIDByMetaAlias(providerAlias);
if (hostedRole != null) {
if (hostedRole.equalsIgnoreCase(IFSConstants.IDP)) {
hostedProviderDesc = metaManager.getIDPDescriptor(realm, hostedEntityId);
hostedConfig = metaManager.getIDPDescriptorConfig(realm, hostedEntityId);
} else if (hostedRole.equalsIgnoreCase(IFSConstants.SP)) {
hostedProviderDesc = metaManager.getSPDescriptor(realm, hostedEntityId);
hostedConfig = metaManager.getSPDescriptorConfig(realm, hostedEntityId);
}
}
if (hostedProviderDesc == null) {
throw new IDFFMetaException((String) null);
}
} catch (IDFFMetaException eam) {
FSUtils.debug.error("Unable to find Hosted Provider. " + "not process request", eam);
response.sendError(response.SC_INTERNAL_SERVER_ERROR, FSUtils.bundle.getString(IFSConstants.FAILED_HOSTED_DESCRIPTOR));
return;
}
String logoutDoneURL = FSServiceUtils.getLogoutDonePageURL(request, hostedConfig, providerAlias);
String commonErrorPage = FSServiceUtils.getErrorPageURL(request, hostedConfig, providerAlias);
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("logoutDoneURL : " + logoutDoneURL + "\ncommonErrorPage : " + commonErrorPage);
}
String sourceCheck = (String) request.getAttribute("logoutSource");
if (sourceCheck == null) {
sourceCheck = request.getParameter("logoutSource");
}
Object ssoToken = getValidToken(request);
String userID = null;
if (ssoToken == null) {
if (sourceCheck != null) {
if (sourceCheck.equalsIgnoreCase("local")) {
// status=noSession
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSProcessLogoutServlet, " + "control where Source is local");
}
FSServiceUtils.returnLocallyAfterOperation(response, logoutDoneURL, false, IFSConstants.LOGOUT_SUCCESS, IFSConstants.LOGOUT_NO_SESSION);
return;
} else if (sourceCheck.equalsIgnoreCase("remote")) {
// logout return
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("Control where Source is remote - not from app" + "link but from other provider");
}
FSServiceUtils.returnLocallyAfterOperation(response, logoutDoneURL, true, IFSConstants.LOGOUT_SUCCESS, IFSConstants.LOGOUT_FAILURE);
return;
} else if (sourceCheck.equalsIgnoreCase("logoutGet")) {
// logout Get profile
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("Control where Source is Http Get action - " + "not from app link ");
}
FSServiceUtils.returnLocallyAfterOperation(response, logoutDoneURL, true, IFSConstants.LOGOUT_SUCCESS, IFSConstants.LOGOUT_FAILURE);
return;
}
}
} else {
try {
userID = SessionManager.getProvider().getPrincipalName(ssoToken);
} catch (SessionException ssoExp) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("Couldn't get user object:", ssoExp);
}
}
if (sourceCheck != null) {
if (sourceCheck.equalsIgnoreCase("local")) {
// initiate logout
FSUtils.debug.message("Control where Source is local - from applink");
doLogoutInitiation(request, response, hostedProviderDesc, hostedConfig, realm, hostedEntityId, hostedRole, providerAlias, ssoToken, logoutDoneURL, sourceCheck);
return;
} else if (sourceCheck.equalsIgnoreCase("remote")) {
// logout return
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("Control where Source is remote - not from app" + "link but from other provider. Token valid");
}
doLogoutInitiation(request, response, hostedProviderDesc, hostedConfig, realm, hostedEntityId, hostedRole, providerAlias, ssoToken, logoutDoneURL, sourceCheck);
return;
} else if (sourceCheck.equalsIgnoreCase("logoutGet")) {
// logout Get profile
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("Control where Source is Http Get action - not from" + " applink. Initiation will take care in " + "preLogouthandler ");
}
doLogoutInitiation(request, response, hostedProviderDesc, hostedConfig, realm, hostedEntityId, hostedRole, providerAlias, ssoToken, logoutDoneURL, sourceCheck);
return;
}
}
}
// received logout request from remote provider
FSLogoutNotification logoutObj = null;
try {
logoutObj = FSLogoutNotification.parseURLEncodedRequest(request);
} catch (FSMsgException e) {
// FSMsgException would mean that the request does not have the
// FSLogoutNotification message, so show error page
FSUtils.debug.message("Bad Logout request. calling showErrorPage");
FSServiceUtils.showErrorPage(response, commonErrorPage, IFSConstants.LOGOUT_REQUEST_IMPROPER, IFSConstants.LOGOUT_FAILED);
return;
}
if (logoutObj == null) {
FSUtils.debug.message("Bad Logout request. calling showErrorPage");
FSServiceUtils.showErrorPage(response, commonErrorPage, IFSConstants.LOGOUT_REQUEST_IMPROPER, IFSConstants.LOGOUT_FAILED);
} else {
doRequestProcessing(request, response, hostedProviderDesc, hostedConfig, hostedRole, realm, hostedEntityId, providerAlias, logoutObj, commonErrorPage, userID, ssoToken);
}
return;
}
use of com.sun.identity.plugin.session.SessionException in project OpenAM by OpenRock.
the class FSReturnLogoutServlet method doGetPost.
/**
* Processes logout response.
* @param request an <code>HttpServletRequest</code> object that contains
* the request the client has made of the servlet.
* @param response an <code>HttpServletResponse</code> object that contains
* the response the servlet sends to the client.
* @exception ServletException if an input or output error is detected when
* the servlet handles the request
* @exception IOException if the request could not be handled
*/
private void doGetPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
FSUtils.debug.message("FSReturnLogoutServlet doGetPost...");
// Alias processing
String providerAlias = request.getParameter(IFSConstants.META_ALIAS);
if (providerAlias == null || providerAlias.length() < 1) {
providerAlias = FSServiceUtils.getMetaAlias(request);
}
if (providerAlias == null || providerAlias.length() < 1) {
FSUtils.debug.message("Unable to retrieve alias, Hosted" + " Provider. Cannot process request");
response.sendError(response.SC_INTERNAL_SERVER_ERROR, FSUtils.bundle.getString("aliasNotFound"));
return;
}
Object ssoToken = null;
try {
SessionProvider sessionProvider = SessionManager.getProvider();
ssoToken = sessionProvider.getSession(request);
if ((ssoToken == null) || (!sessionProvider.isValid(ssoToken))) {
FSUtils.debug.message("FSReturnLogoutRequest: Unable to get principal");
response.sendError(response.SC_INTERNAL_SERVER_ERROR, FSUtils.bundle.getString("nullSSOToken"));
return;
}
univId = sessionProvider.getPrincipalName(ssoToken);
} catch (SessionException ssoExp) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSReturnLogoutRequest: Unable to get principal", ssoExp);
}
response.sendError(response.SC_INTERNAL_SERVER_ERROR, FSUtils.bundle.getString("nullSSOToken"));
return;
}
if (metaManager == null) {
FSUtils.debug.error("Failed to get meta manager");
response.sendError(response.SC_INTERNAL_SERVER_ERROR, FSUtils.bundle.getString(IFSConstants.FEDERATION_FAILED_META_INSTANCE));
return;
}
String realm = IDFFMetaUtils.getRealmByMetaAlias(providerAlias);
String hostedRole = null;
String hostedEntityId = null;
BaseConfigType hostedConfig = null;
try {
hostedRole = metaManager.getProviderRoleByMetaAlias(providerAlias);
hostedEntityId = metaManager.getEntityIDByMetaAlias(providerAlias);
if (hostedRole != null) {
if (hostedRole.equalsIgnoreCase(IFSConstants.IDP)) {
hostedConfig = metaManager.getIDPDescriptorConfig(realm, hostedEntityId);
} else if (hostedRole.equalsIgnoreCase(IFSConstants.SP)) {
hostedConfig = metaManager.getSPDescriptorConfig(realm, hostedEntityId);
}
}
if (hostedConfig == null) {
throw new IDFFMetaException((String) null);
}
} catch (IDFFMetaException e) {
FSUtils.debug.error("Failed to get Hosted Provider");
response.sendError(response.SC_INTERNAL_SERVER_ERROR, FSUtils.bundle.getString(IFSConstants.FAILED_HOSTED_DESCRIPTOR));
return;
}
setLogoutURL(request, hostedConfig, providerAlias);
// Here we will need to
// 1. verify response signature
// 2. verify response status
// 3. retrieve registration request Id from Map
// 4. if status success then do locally else not do locally and
// 5. show status page or LRURL if found in MAP (eg intersiteTransfer)
FSLogoutResponse logoutResponse = null;
try {
logoutResponse = FSLogoutResponse.parseURLEncodedRequest(request);
} catch (FSMsgException e) {
FSServiceUtils.showErrorPage(response, COMMON_ERROR_PAGE, IFSConstants.LOGOUT_REQUEST_IMPROPER, IFSConstants.LOGOUT_FAILED);
return;
} catch (SAMLException e) {
FSServiceUtils.showErrorPage(response, COMMON_ERROR_PAGE, IFSConstants.LOGOUT_REQUEST_IMPROPER, IFSConstants.LOGOUT_FAILED);
return;
}
String remoteEntityId = logoutResponse.getProviderId();
ProviderDescriptorType remoteDesc = null;
boolean isRemoteIDP = false;
try {
if (hostedRole.equalsIgnoreCase(IFSConstants.IDP)) {
remoteDesc = metaManager.getSPDescriptor(realm, remoteEntityId);
} else if (hostedRole.equalsIgnoreCase(IFSConstants.SP)) {
remoteDesc = metaManager.getIDPDescriptor(realm, remoteEntityId);
isRemoteIDP = true;
}
} catch (IDFFMetaException e) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSLogoutReturnServlet.doGetPost:", e);
}
}
if (remoteDesc == null) {
FSServiceUtils.showErrorPage(response, COMMON_ERROR_PAGE, IFSConstants.LOGOUT_REQUEST_IMPROPER, IFSConstants.LOGOUT_FAILED);
return;
}
boolean bVerify = true;
if (FSServiceUtils.isSigningOn()) {
try {
bVerify = verifyResponseSignature(request, remoteDesc, remoteEntityId, isRemoteIDP);
} catch (SAMLException e) {
bVerify = false;
} catch (FSException e) {
bVerify = false;
}
}
Status status = logoutResponse.getStatus();
String logoutStatus = status.getStatusCode().getValue();
// remove session partner in case of logout success or this is IDP
if (logoutStatus.equalsIgnoreCase(IFSConstants.SAML_SUCCESS) || !isRemoteIDP) {
FSLogoutUtil.removeCurrentSessionPartner(providerAlias, remoteEntityId, ssoToken, univId);
}
if (bVerify) {
// in ReturnSessionManager only if it is failure
if (!logoutStatus.equalsIgnoreCase(IFSConstants.SAML_SUCCESS)) {
FSReturnSessionManager localManager = FSReturnSessionManager.getInstance(providerAlias);
if (localManager != null) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("update status of logout to failure " + " in session manager");
}
localManager.setLogoutStatus(logoutStatus, univId);
} else {
FSUtils.debug.message("Cannot get FSReturnSessionManager");
}
FSUtils.debug.error("FSReturnLogoutServlet, failed logout response " + logoutStatus);
String[] data = { univId };
LogUtil.error(Level.INFO, LogUtil.LOGOUT_FAILED, data, ssoToken);
FSLogoutUtil.sendErrorPage(request, response, providerAlias);
return;
}
} else {
FSUtils.debug.error("FSReturnLogoutServlet " + "Signature on logout response is invalid" + "Cannot proceed logout");
String[] data = { univId };
LogUtil.error(Level.INFO, LogUtil.INVALID_SIGNATURE, data, ssoToken);
FSServiceUtils.showErrorPage(response, COMMON_ERROR_PAGE, IFSConstants.LOGOUT_REQUEST_IMPROPER, IFSConstants.LOGOUT_FAILED);
return;
}
StringBuffer processLogout = new StringBuffer();
request.setAttribute("logoutSource", "remote");
processLogout.append(IFSConstants.SLO_VALUE).append("/").append(IFSConstants.META_ALIAS).append(providerAlias);
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("About to get RequestDispatcher for " + processLogout.toString());
}
RequestDispatcher dispatcher = getServletConfig().getServletContext().getRequestDispatcher(processLogout.toString());
if (dispatcher == null) {
FSUtils.debug.message("RequestDispatcher is null");
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("Unable to find " + processLogout + "\ncalling sendErrorPage ");
}
FSLogoutUtil.sendErrorPage(request, response, providerAlias);
return;
}
dispatcher.forward(request, response);
return;
}
Aggregations