Search in sources :

Example 21 with EncodeAction

use of com.sun.identity.security.EncodeAction in project OpenAM by OpenRock.

the class Adaptive method checkRegisteredClient.

/**
     * Check to see if the client has a cookie with optional value
     *
     * @return score achieved with this test
     */
protected int checkRegisteredClient() {
    int retVal = 0;
    String deviceHash = null;
    if (debug.messageEnabled()) {
        debug.message("{}.checkRegisteredClient:", ADAPTIVE);
    }
    HttpServletRequest req = getHttpServletRequest();
    if (req != null) {
        StringBuilder sb = new StringBuilder(150);
        sb.append(req.getHeader("User-Agent"));
        sb.append("|").append(req.getHeader("accept"));
        sb.append("|").append(req.getHeader("accept-language"));
        sb.append("|").append(req.getHeader("accept-encoding"));
        sb.append("|").append(req.getHeader("accept-charset"));
        sb.append("|").append(userName);
        deviceHash = AccessController.doPrivileged(new EncodeAction(Hash.hash(sb.toString())));
        Cookie cookie = CookieUtils.getCookieFromReq(req, deviceCookieName);
        if (cookie != null) {
            if (debug.messageEnabled()) {
                debug.message("{}.checkRegisteredClient: Found Cookie : {}", ADAPTIVE, deviceCookieName);
            }
            if (deviceHash.equalsIgnoreCase(CookieUtils.getCookieValue(cookie))) {
                retVal = deviceCookieScore;
            }
        }
    }
    if (deviceCookieSave) {
        postAuthNMap.put("DEVICENAME", deviceCookieName);
        postAuthNMap.put("DEVICEVALUE", deviceHash);
    }
    if (!deviceCookieInvert) {
        retVal = deviceCookieScore - retVal;
    }
    return retVal;
}
Also used : HttpServletRequest(javax.servlet.http.HttpServletRequest) Cookie(javax.servlet.http.Cookie) EncodeAction(com.sun.identity.security.EncodeAction)

Example 22 with EncodeAction

use of com.sun.identity.security.EncodeAction in project OpenAM by OpenRock.

the class Adaptive method checkLastLogin.

/**
     * Check to see if the last login is within the allowed range
     * Last login is stored in a cookie in encrypted format
     *
     * @return score achieved with this test
     */
protected int checkLastLogin() {
    DateFormat formatter = new SimpleDateFormat("yyyy.MM.dd.HH.mm.ss");
    Date now = new Date();
    Date loginTime = null;
    String lastLoginEnc = null;
    String lastLogin = null;
    String savedUserName = null;
    int retVal = 0;
    if (timeSinceLastLoginAttribute != null) {
        HttpServletRequest req = getHttpServletRequest();
        if (req != null) {
            Cookie cookie = CookieUtils.getCookieFromReq(req, timeSinceLastLoginAttribute);
            if (cookie != null) {
                if (debug.messageEnabled()) {
                    debug.message("{}.checkLastLogin: Found Cookie : {}", ADAPTIVE, timeSinceLastLoginAttribute);
                }
                lastLoginEnc = CookieUtils.getCookieValue(cookie);
                lastLogin = AccessController.doPrivileged(new DecodeAction(lastLoginEnc));
            }
            if (lastLogin != null) {
                String[] tokens = lastLogin.split("\\|");
                if (tokens.length == 3) {
                    lastLogin = tokens[1];
                    savedUserName = tokens[2];
                }
                if (!userName.equalsIgnoreCase(savedUserName)) {
                    lastLogin = null;
                }
                if (lastLogin != null) {
                    try {
                        // "2002.01.29.08.36.33");
                        loginTime = formatter.parse(lastLogin);
                        if ((now.getTime() - loginTime.getTime()) < timeSinceLastLoginValue * 1000 * 60 * 60 * 24L) {
                            retVal = timeSinceLastLoginScore;
                        }
                    } catch (ParseException pe) {
                        if (debug.messageEnabled()) {
                            debug.message("{}.checkLastLogin: lastLogin '{}' can't be parsed", ADAPTIVE, lastLogin, pe);
                        }
                    }
                }
            }
        }
        if (timeSinceLastLoginSave) {
            postAuthNMap.put("LOGINNAME", timeSinceLastLoginAttribute);
            lastLogin = formatter.format(now);
            lastLogin = Math.random() + "|" + lastLogin + "|" + userName;
            lastLoginEnc = AccessController.doPrivileged(new EncodeAction(lastLogin));
            postAuthNMap.put("LOGINVALUE", lastLoginEnc);
        }
    }
    if (!timeSinceLastLoginInvert) {
        retVal = timeSinceLastLoginScore - retVal;
    }
    return retVal;
}
Also used : HttpServletRequest(javax.servlet.http.HttpServletRequest) Cookie(javax.servlet.http.Cookie) EncodeAction(com.sun.identity.security.EncodeAction) DateFormat(java.text.DateFormat) SimpleDateFormat(java.text.SimpleDateFormat) DecodeAction(com.sun.identity.security.DecodeAction) ParseException(java.text.ParseException) SimpleDateFormat(java.text.SimpleDateFormat) Date(java.util.Date)

Example 23 with EncodeAction

use of com.sun.identity.security.EncodeAction in project OpenAM by OpenRock.

the class SetupClientSDKSamples method promptForServerAnswers.

private void promptForServerAnswers() throws IOException {
    for (Iterator i = questions.iterator(); i.hasNext(); ) {
        String q = (String) i.next();
        String value = "";
        while (value.length() == 0) {
            String defaultValue = null;
            if (q.equals(TAG_NAMING_URL)) {
                defaultValue = properties.get(TAG_SERVER_PROTOCOL) + "://" + properties.get(TAG_SERVER_HOST) + ":" + properties.get(TAG_SERVER_PORT) + "/" + properties.get(TAG_DEPLOY_URI) + "/namingservice";
            }
            String label = (String) labels.get(q);
            if (defaultValue != null) {
                label += " (hit enter to accept default value, " + defaultValue + ")";
            }
            System.out.print(label + ": ");
            value = (new BufferedReader(new InputStreamReader(System.in))).readLine();
            value = value.trim();
            if ((value.length() == 0) && (defaultValue != null)) {
                value = defaultValue;
            }
        }
        if (q.equals(TAG_APPLICATION_PASSWD)) {
            properties.put(q, (String) AccessController.doPrivileged(new EncodeAction(value)));
        } else {
            properties.put(q, value);
        }
    }
}
Also used : InputStreamReader(java.io.InputStreamReader) EncodeAction(com.sun.identity.security.EncodeAction) Iterator(java.util.Iterator) BufferedReader(java.io.BufferedReader)

Aggregations

EncodeAction (com.sun.identity.security.EncodeAction)23 Iterator (java.util.Iterator)8 IOException (java.io.IOException)4 HashSet (java.util.HashSet)4 Set (java.util.Set)4 HashMap (java.util.HashMap)3 NodeList (org.w3c.dom.NodeList)3 DecodeAction (com.sun.identity.security.DecodeAction)2 BufferedReader (java.io.BufferedReader)2 ByteArrayOutputStream (java.io.ByteArrayOutputStream)2 InputStreamReader (java.io.InputStreamReader)2 ObjectOutputStream (java.io.ObjectOutputStream)2 Map (java.util.Map)2 Cookie (javax.servlet.http.Cookie)2 HttpServletRequest (javax.servlet.http.HttpServletRequest)2 Test (org.testng.annotations.Test)2 Document (org.w3c.dom.Document)2 Node (org.w3c.dom.Node)2 SessionException (com.iplanet.dpro.session.SessionException)1 View (com.iplanet.jato.view.View)1