private synchronized ScopeValidator getScopeValidator() throws ServerException {
if (scopeValidator == null) {
try {
final String scopeValidatorClassName =
getStringSettingValue(OAuth2ProviderService.SCOPE_PLUGIN_CLASS);
if (isEmpty(scopeValidatorClassName)) {
logger.message("Scope Validator class not set.");
throw new ServerException("Scope Validator class not set.");
}
final Class<?> scopeValidatorClass = Class.forName(scopeValidatorClassName);
if (Scope.class.isAssignableFrom(scopeValidatorClass)) {
final Scope scopeClass =
InjectorHolder.getInstance(scopeValidatorClass.asSubclass(Scope.class));
return new LegacyScopeValidator(scopeClass);
}
scopeValidator =
InjectorHolder.getInstance(scopeValidatorClass.asSubclass(ScopeValidator.class));
} catch (ClassNotFoundException e) {
logger.error(e.getMessage());
throw new ServerException(e);
}
}
return scopeValidator;
}
private ResponseTypeHandler wrap(String responseTypeName, String responseTypeHandlerClassName)
throws UnsupportedResponseTypeException {
if (responseTypeHandlerClassName == null || responseTypeHandlerClassName.isEmpty()) {
logger.warning(
"Requested a response type that is not configured. response_type=" + responseTypeName);
throw new UnsupportedResponseTypeException("Response type is not supported");
} else if (responseTypeHandlerClassName.equalsIgnoreCase("none")) {
return new NoneResponseTypeHandler();
}
try {
final Class<?> responseTypeHandlerClass = Class.forName(responseTypeHandlerClassName);
if (ResponseType.class.isAssignableFrom(responseTypeHandlerClass)) {
ResponseType responseType =
InjectorHolder.getInstance(responseTypeHandlerClass.asSubclass(ResponseType.class));
return new LegacyResponseTypeHandler(
responseType, realm, getSSOCookieName(), cookieExtractor);
}
return InjectorHolder.getInstance(
responseTypeHandlerClass.asSubclass(ResponseTypeHandler.class));
} catch (ClassNotFoundException e) {
logger.error(e.getMessage());
throw new UnsupportedResponseTypeException("Response type is not supported");
}
}
public class DestroyNextExpiringAction implements QuotaExhaustionAction {
private static Debug debug =
InjectorHolder.getInstance(Key.get(Debug.class, Names.named(SESSION_DEBUG)));
private final SessionCache sessionCache;
public DestroyNextExpiringAction() {
this.sessionCache = InjectorHolder.getInstance(SessionCache.class);
}
@Inject
public DestroyNextExpiringAction(SessionCache sessionCache) {
this.sessionCache = sessionCache;
}
@Override
public boolean action(InternalSession is, Map<String, Long> sessions) {
String nextExpiringSessionID = null;
long smallestExpTime = Long.MAX_VALUE;
for (Map.Entry<String, Long> entry : sessions.entrySet()) {
String sid = entry.getKey();
long expirationTime = entry.getValue();
if (expirationTime < smallestExpTime) {
smallestExpTime = expirationTime;
nextExpiringSessionID = sid;
}
}
if (nextExpiringSessionID != null) {
SessionID sessID = new SessionID(nextExpiringSessionID);
try {
Session s = sessionCache.getSession(sessID);
s.destroySession(s);
} catch (SessionException e) {
if (debug.messageEnabled()) {
debug.message("Failed to destroy the next " + "expiring session.", e);
}
// deny the session activation request
// in this case
return true;
}
}
return false;
}
}
/**
* Returns Session Service URL for a Session ID.
*
* @param sid Session ID
* @return Session Service URL.
* @exception SessionException
*/
public URL getSessionServiceURL(SessionID sid) throws SessionException {
String primaryId;
if (SystemProperties.isServerMode()) {
/**
* Validate that the SessionID contains valid Server and Site references. This check is not
* appropriate for client side code as only the Site reference is exposed to client code.
*/
sid.validate();
SessionService ss = InjectorHolder.getInstance(SessionService.class);
if (ss.isSiteEnabled() && ss.isLocalSite(sid)) {
if (ss.isSessionFailoverEnabled()) {
return getSessionServiceURL(ss.getCurrentHostServer(sid));
} else {
primaryId = sid.getExtension().getPrimaryID();
return getSessionServiceURL(primaryId);
}
}
} else {
primaryId = sid.getExtension().getPrimaryID();
if (primaryId != null) {
String secondarysites = WebtopNaming.getSecondarySites(primaryId);
String serverID = SessionService.getAMServerID();
if ((secondarysites != null) && (serverID != null)) {
if (secondarysites.indexOf(serverID) != -1) {
return getSessionServiceURL(serverID);
}
}
}
}
return getSessionServiceURL(
sid.getSessionServerProtocol(),
sid.getSessionServer(),
sid.getSessionServerPort(),
sid.getSessionServerURI());
}
public DestroyNextExpiringAction() {
this.sessionCache = InjectorHolder.getInstance(SessionCache.class);
}
/**
* Returns the UMA router.
*
* @return The UMA router.
*/
protected Router getRouter() {
return InjectorHolder.getInstance(Key.get(Router.class, Names.named("UMARouter")));
}
/**
* Simple creation of a SessionMonitoringTimingStore, using Guice.
*
* @return a new instance of a SessionMonitoringTimingStore
*/
public SessionMonitoringTimingStore createSessionMonitoringTimingStore() {
return InjectorHolder.getInstance(SessionMonitoringTimingStore.class);
}
/**
* <code>AuthXMLHandler</code> class implements the <code>RequestHandler</code>. It processes the
* authentication request from remote client which comes in as XML document
*/
public class AuthXMLHandler implements RequestHandler {
private String localAuthServerProtocol;
private String localAuthServer;
private String localAuthServerPort;
private Locale locale;
static Debug debug;
private static String serviceURI;
private static boolean messageEnabled = false;
private boolean security = false;
private static final SessionServiceURLService SESSION_SERVICE_URL_SERVICE =
InjectorHolder.getInstance(SessionServiceURLService.class);
static {
debug = com.sun.identity.shared.debug.Debug.getInstance("amXMLHandler");
messageEnabled = debug.messageEnabled();
serviceURI = SystemProperties.get(Constants.AM_SERVICES_DEPLOYMENT_DESCRIPTOR) + "/authservice";
}
/** Creates <code>AuthXMLHandler</code> object */
public AuthXMLHandler() {
localAuthServerProtocol = SystemProperties.get(Constants.AM_SERVER_PROTOCOL);
localAuthServer = SystemProperties.get(Constants.AM_SERVER_HOST);
localAuthServerPort = SystemProperties.get(Constants.AM_SERVER_PORT);
AuthContext.localAuthServiceID =
localAuthServerProtocol + "://" + localAuthServer + ":" + localAuthServerPort;
locale = (new ISLocaleContext()).getLocale();
}
/**
* process the request and return the response
*
* @param requests Vector of <code>com.iplanet.services.comm.server.RequestHandler</code> objects.
* @param servletRequest <code>HttpServletRequest</code>object for this request.
* @param servletResponse <code>HttpServletResponse</code> object for this request.
* @param servletContext <code>servletContext</code> object for this request
* @return <code>ResponseSet</code> object for the processed request.
*/
public ResponseSet process(
List<Request> requests,
HttpServletRequest servletRequest,
HttpServletResponse servletResponse,
ServletContext servletContext) {
ResponseSet rset = new ResponseSet(AuthXMLTags.AUTH_SERVICE);
for (Request req : requests) {
Response res = processRequest(req, servletRequest, servletResponse);
rset.addResponse(res);
}
return rset;
}
/* process the request */
private Response processRequest(
Request req, HttpServletRequest servletReq, HttpServletResponse servletRes) {
// this call is to create a http session so that the JSESSIONID cookie
// is created. The appserver(8.1) load balancer plugin relies on the
// JSESSIONID cookie to set its JROUTE sticky cookie.
debug.message("=======================Entering processRequest");
servletReq.getSession(true);
String content = req.getContent();
AuthXMLResponse authResponse = null;
// Check for mis-routed requests
String cookieURL = null;
int index = content.indexOf(AuthXMLTags.AUTH_ID_HANDLE);
if (index != -1) {
// Check for mis-routed requests, get server URL for
// AuthIdentifier
int beginIndex = content.indexOf('"', index);
int endIndex = content.indexOf('"', beginIndex + 1);
String authIdentifier = content.substring(beginIndex + 1, endIndex);
if (debug.messageEnabled()) {
debug.message(
"authIdentifier = "
+ authIdentifier
+ "beginIndex = "
+ beginIndex
+ "endIndex ="
+ endIndex);
}
if (!authIdentifier.equals("0")) {
try {
SessionID sessionID = new SessionID(authIdentifier);
URL sessionServerURL = SESSION_SERVICE_URL_SERVICE.getSessionServiceURL(sessionID);
StringBuilder srtBuff = new StringBuilder(100);
srtBuff
.append(sessionServerURL.getProtocol())
.append("://")
.append(sessionServerURL.getHost())
.append(":")
.append(Integer.toString(sessionServerURL.getPort()))
.append(serviceURI);
cookieURL = srtBuff.toString();
} catch (Exception exp) {
debug.error("Error in getting URL from session", exp);
cookieURL = null;
}
}
}
if ((cookieURL != null)
&& (cookieURL.trim().length() != 0)
&& !(AuthUtils.isLocalServer(cookieURL, serviceURI))) {
// Routing to the correct server, the looks like a mis-routed
// requested.
HashMap cookieTable = new HashMap();
Map headers = new HashMap();
Enumeration headerNames = servletReq.getHeaderNames();
while (headerNames.hasMoreElements()) {
String headerName = (String) headerNames.nextElement();
List headerValues = new ArrayList();
Enumeration enum1 = servletReq.getHeaders(headerName);
while (enum1.hasMoreElements()) {
headerValues.add(enum1.nextElement());
}
headers.put(headerName, headerValues);
}
if (debug.messageEnabled()) {
debug.message("Headers: " + headers);
}
PLLClient.parseCookies(headers, cookieTable);
if (debug.messageEnabled()) {
debug.message("Cookies: " + cookieTable);
}
RequestSet set = new RequestSet(AuthXMLTags.AUTH_SERVICE);
set.addRequest(req);
try {
Vector responses = PLLClient.send(new URL(cookieURL), set, cookieTable);
if (!responses.isEmpty()) {
debug.message("=====================Returning redirected");
return ((Response) responses.elementAt(0));
}
} catch (Exception e) {
debug.error("Error in misrouted ", e);
// Attempt to contact server failed
authResponse = new AuthXMLResponse(AuthXMLRequest.NewAuthContext);
setErrorCode(authResponse, e);
return new Response(authResponse.toXMLString());
}
}
// Either local request or new request, handle it locally
try {
AuthXMLRequest sreq = AuthXMLRequest.parseXML(content, servletReq);
sreq.setHttpServletRequest(servletReq);
authResponse = processAuthXMLRequest(content, sreq, servletReq, servletRes);
} catch (AuthException e) {
debug.error("Got Auth Exception", e);
authResponse = new AuthXMLResponse(AuthXMLRequest.NewAuthContext);
authResponse.setErrorCode(e.getErrorCode());
} catch (Exception ex) {
debug.error("Error while processing xml request", ex);
authResponse = new AuthXMLResponse(AuthXMLRequest.NewAuthContext);
setErrorCode(authResponse, ex);
}
debug.message("=======================Returning");
return new Response(authResponse.toXMLString());
}
/*
* Process the XMLRequest
*/
private AuthXMLResponse processAuthXMLRequest(
String xml,
AuthXMLRequest authXMLRequest,
HttpServletRequest servletRequest,
HttpServletResponse servletResponse) {
if (messageEnabled) {
debug.message("authXMLRequest is : " + authXMLRequest);
}
int requestType = authXMLRequest.getRequestType();
String sessionID = authXMLRequest.getAuthIdentifier();
String orgName = authXMLRequest.getOrgName();
AuthContextLocal authContext = authXMLRequest.getAuthContext();
LoginState loginState = AuthUtils.getLoginState(authContext);
String params = authXMLRequest.getParams();
List envList = authXMLRequest.getEnvironment();
Map envMap = toEnvMap(envList);
AuthXMLResponse authResponse = new AuthXMLResponse(requestType);
authResponse.setAuthContext(authContext);
authResponse.setAuthIdentifier(sessionID);
if (messageEnabled) {
debug.message("authContext is : " + authContext);
debug.message("requestType : " + requestType);
}
if (authXMLRequest.getValidSessionNoUpgrade()) {
authResponse.setAuthXMLRequest(authXMLRequest);
authResponse.setValidSessionNoUpgrade(true);
return authResponse;
}
String securityEnabled = null;
try {
securityEnabled = AuthUtils.getRemoteSecurityEnabled();
} catch (AuthException auExp) {
debug.error("Got Exception", auExp);
setErrorCode(authResponse, auExp);
return authResponse;
}
if (debug.messageEnabled()) {
debug.message("Security Enabled = " + securityEnabled);
}
if (requestType != 0) {
if ((securityEnabled != null) && (securityEnabled.equals("true"))) {
security = true;
String indexNameLoc = authXMLRequest.getIndexName();
AuthContext.IndexType indexTypeLoc = authXMLRequest.getIndexType();
if (indexTypeLoc == null) {
indexTypeLoc = AuthUtils.getIndexType(authContext);
indexNameLoc = AuthUtils.getIndexName(authContext);
}
if (debug.messageEnabled()) {
debug.message("Index Name Local : " + indexNameLoc);
debug.message("Index Type Local : " + indexTypeLoc);
}
if (((indexTypeLoc == null) || (indexNameLoc == null))
|| !((indexTypeLoc == AuthContext.IndexType.MODULE_INSTANCE)
&& indexNameLoc.equals("Application"))) {
try {
String ssoTokenID = authXMLRequest.getAppSSOTokenID();
if (debug.messageEnabled()) {
debug.message("Session ID = : " + ssoTokenID);
}
SSOTokenManager manager = SSOTokenManager.getInstance();
SSOToken appSSOToken = manager.createSSOToken(ssoTokenID);
// if the token isn't valid, let the client know so they
// retry
if (!manager.isValidToken(appSSOToken)) {
if (debug.messageEnabled()) {
debug.message("App SSOToken is not valid");
}
setErrorCode(
authResponse,
new AuthException(AMAuthErrorCode.REMOTE_AUTH_INVALID_SSO_TOKEN, null));
return authResponse;
} else {
debug.message("App SSOToken is VALID");
}
} catch (SSOException ssoe) {
// token is unknown to OpenAM, let the client know so they
// can retry
if (debug.messageEnabled()) {
debug.message("App SSOToken is not valid: " + ssoe.getMessage());
}
setErrorCode(
authResponse,
new AuthException(AMAuthErrorCode.REMOTE_AUTH_INVALID_SSO_TOKEN, null));
return authResponse;
} catch (Exception exp) {
debug.error("Got Exception", exp);
setErrorCode(authResponse, exp);
return authResponse;
}
}
}
} else {
security = false;
}
// if index type is level and choice callback has a
// selected choice then start module based authentication.
if ((AuthUtils.getIndexType(authContext) == AuthContext.IndexType.LEVEL)
|| (AuthUtils.getIndexType(authContext) == AuthContext.IndexType.COMPOSITE_ADVICE)) {
Callback[] callbacks = authXMLRequest.getSubmittedCallbacks();
if (messageEnabled) {
debug.message("Callbacks are : " + callbacks);
}
if (callbacks != null) {
if (messageEnabled) {
debug.message("Callback length is : " + callbacks.length);
}
if (callbacks[0] instanceof ChoiceCallback) {
ChoiceCallback cc = (ChoiceCallback) callbacks[0];
int[] selectedIndexes = cc.getSelectedIndexes();
int selected = selectedIndexes[0];
String[] choices = cc.getChoices();
String indexName = choices[selected];
if (messageEnabled) {
debug.message("Selected Index is : " + indexName);
}
authXMLRequest.setIndexType("moduleInstance");
authXMLRequest.setIndexName(indexName);
authXMLRequest.setRequestType(AuthXMLRequest.LoginIndex);
requestType = AuthXMLRequest.LoginIndex;
}
}
}
AuthContext.Status loginStatus = AuthContext.Status.IN_PROGRESS;
HttpServletRequest clientRequest = authXMLRequest.getClientRequest();
if (loginState != null) {
loginState.setHttpServletRequest(clientRequest);
loginState.setHttpServletResponse(authXMLRequest.getClientResponse());
if (clientRequest != null) {
loginState.setParamHash(AuthUtils.parseRequestParameters(clientRequest));
}
}
switch (requestType) {
case AuthXMLRequest.NewAuthContext:
try {
processNewRequest(servletRequest, servletResponse, authResponse, loginState, authContext);
postProcess(loginState, authResponse);
} catch (Exception ex) {
debug.error("Error in NewAuthContext ", ex);
setErrorCode(authResponse, ex);
}
break;
case AuthXMLRequest.Login:
try {
if (sessionID != null && sessionID.equals("0")) {
processNewRequest(
servletRequest, servletResponse, authResponse, loginState, authContext);
}
String clientHost = null;
if (security) {
clientHost = authXMLRequest.getHostName();
if (messageEnabled) {
debug.message("Client Host from Request = " + clientHost);
}
}
if ((clientHost == null) && (servletRequest != null)) {
clientHost = ClientUtils.getClientIPAddress(servletRequest);
}
loginState.setClient(clientHost);
authContext.login();
// setServletRequest(servletRequest,authContext);
processRequirements(xml, authContext, authResponse, params, servletRequest);
loginStatus = authContext.getStatus();
authResponse.setRemoteRequest(loginState.getHttpServletRequest());
authResponse.setRemoteResponse(loginState.getHttpServletResponse());
postProcess(loginState, authResponse);
checkACException(authResponse, authContext);
} catch (Exception ex) {
debug.error("Error during login ", ex);
setErrorCode(authResponse, ex);
authResponse.setLoginStatus(authContext.getStatus());
}
break;
case AuthXMLRequest.LoginIndex:
try {
AuthContext.IndexType indexType = authXMLRequest.getIndexType();
String indexName = authXMLRequest.getIndexName();
if (messageEnabled) {
debug.message("indexName is : " + indexName);
debug.message("indexType is : " + indexType);
}
if (sessionID != null && sessionID.equals("0")) {
processNewRequest(
servletRequest, servletResponse, authResponse, loginState, authContext);
}
String clientHost = null;
if (security) {
clientHost = authXMLRequest.getHostName();
if (messageEnabled) {
debug.message("Client Host from Request = " + clientHost);
}
}
if ((clientHost == null) && (servletRequest != null)) {
clientHost = ClientUtils.getClientIPAddress(servletRequest);
}
loginState.setClient(clientHost);
String locale = authXMLRequest.getLocale();
if (locale != null && locale.length() > 0) {
if (debug.messageEnabled()) {
debug.message("locale is : " + locale);
}
authContext.login(indexType, indexName, envMap, locale);
} else {
authContext.login(indexType, indexName, envMap, null);
}
// setServletRequest(servletRequest,authContext);
processRequirements(xml, authContext, authResponse, params, servletRequest);
loginStatus = authContext.getStatus();
authResponse.setRemoteRequest(loginState.getHttpServletRequest());
authResponse.setRemoteResponse(loginState.getHttpServletResponse());
postProcess(loginState, authResponse);
checkACException(authResponse, authContext);
} catch (Exception ex) {
debug.error("Exception during LoginIndex", ex);
setErrorCode(authResponse, ex);
}
break;
case AuthXMLRequest.LoginSubject:
try {
Subject subject = authXMLRequest.getSubject();
authContext.login(subject);
// setServletRequest(servletRequest,authContext);
processRequirements(xml, authContext, authResponse, params, servletRequest);
postProcess(loginState, authResponse);
loginStatus = authContext.getStatus();
checkACException(authResponse, authContext);
} catch (AuthLoginException ale) {
debug.error("Exception during LoginSubject", ale);
setErrorCode(authResponse, ale);
}
break;
case AuthXMLRequest.SubmitRequirements:
try {
// setServletRequest(servletRequest,authContext);
Callback[] submittedCallbacks = authXMLRequest.getSubmittedCallbacks();
authContext.submitRequirements(submittedCallbacks);
Callback[] reqdCallbacks = null;
if (authContext.hasMoreRequirements()) {
reqdCallbacks = authContext.getRequirements();
authResponse.setReqdCallbacks(reqdCallbacks);
}
authResponse.setRemoteRequest(loginState.getHttpServletRequest());
authResponse.setRemoteResponse(loginState.getHttpServletResponse());
postProcess(loginState, authResponse);
loginStatus = authContext.getStatus();
authResponse.setLoginStatus(loginStatus);
InternalSession oldSession = loginState.getOldSession();
authResponse.setOldSession(oldSession);
checkACException(authResponse, authContext);
} catch (Exception ex) {
debug.error("Error during submit requirements ", ex);
setErrorCode(authResponse, ex);
}
break;
case AuthXMLRequest.QueryInformation:
try {
if (sessionID != null && sessionID.equals("0")) {
processNewRequest(
servletRequest, servletResponse, authResponse, loginState, authContext);
}
Set moduleNames = authContext.getModuleInstanceNames();
authResponse.setModuleNames(moduleNames);
authResponse.setAuthContext(authContext);
postProcess(loginState, authResponse);
checkACException(authResponse, authContext);
} catch (Exception ex) {
debug.error("Error during Query Information", ex);
setErrorCode(authResponse, ex);
}
break;
case AuthXMLRequest.Logout:
// Object loginContext = null;
// InternalSession intSess = null;
// SSOToken token = null;
// boolean logoutCalled = false;
if (sessionID != null && !sessionID.equals("0")) {
/*intSess = AuthD.getSession(sessionID);
try {
token = SSOTokenManager.getInstance().
createSSOToken(sessionID);
if (debug.messageEnabled()) {
debug.message("AuthXMLHandler."
+ "processAuthXMLRequest: Created token "
+ "during logout = "+token);
}
} catch (com.iplanet.sso.SSOException ssoExp) {
if (debug.messageEnabled()) {
debug.message("AuthXMLHandler.processAuthXMLRequest:"
+ "SSOException checking validity of SSO Token");
}
}*/
try {
AuthUtils.logout(sessionID, servletRequest, servletResponse);
} catch (com.iplanet.sso.SSOException ssoExp) {
if (debug.messageEnabled()) {
debug.message(
"AuthXMLHandler.processAuthXMLRequest:"
+ "SSOException checking validity of SSO Token");
}
}
}
/*if (intSess != null) {
loginContext = intSess.getObject(ISAuthConstants.
LOGIN_CONTEXT);
}
try {
if (loginContext != null) {
if (loginContext instanceof
javax.security.auth.login.LoginContext) {
javax.security.auth.login.LoginContext lc =
(javax.security.auth.login.LoginContext)
loginContext;
lc.logout();
} else {
com.sun.identity.authentication.jaas.LoginContext
jlc = (com.sun.identity.authentication.jaas.
LoginContext) loginContext;
jlc.logout();
}
logoutCalled = true;
}
} catch (javax.security.auth.login.LoginException loginExp) {
debug.error("AuthXMLHandler.processAuthXMLRequest: "
+ "Cannot Execute module Logout", loginExp);
}
Set postAuthSet = null;
if (intSess != null) {
postAuthSet = (Set) intSess.getObject(ISAuthConstants.
POSTPROCESS_INSTANCE_SET);
}
if ((postAuthSet != null) && !(postAuthSet.isEmpty())) {
AMPostAuthProcessInterface postLoginInstance=null;
for(Iterator iter = postAuthSet.iterator();
iter.hasNext();) {
try {
postLoginInstance =
(AMPostAuthProcessInterface) iter.next();
postLoginInstance.onLogout(servletRequest,
servletResponse, token);
} catch (Exception exp) {
debug.error("AuthXMLHandler.processAuthXMLRequest: "
+ "Failed in post logout.", exp);
}
}
} else {
String plis = null;
if (intSess != null) {
plis = intSess.getProperty(
ISAuthConstants.POST_AUTH_PROCESS_INSTANCE);
}
if (plis != null && plis.length() > 0) {
StringTokenizer st = new StringTokenizer(plis, "|");
if (token != null) {
while (st.hasMoreTokens()) {
String pli = (String)st.nextToken();
try {
AMPostAuthProcessInterface postProcess =
(AMPostAuthProcessInterface)
Thread.currentThread().
getContextClassLoader().
loadClass(pli).newInstance();
postProcess.onLogout(servletRequest,
servletResponse, token);
} catch (Exception e) {
debug.error("AuthXMLHandler."
+ "processAuthXMLRequest:" + pli, e);
}
}
}
}
}
try {
boolean isTokenValid = SSOTokenManager.getInstance().
isValidToken(token);
if ((token != null) && isTokenValid) {
AuthD.getAuth().logLogout(token);
Session session = Session.getSession(
new SessionID(sessionID));
session.logout();
debug.message("logout successful.");
}
} catch (com.iplanet.dpro.session.SessionException
sessExp) {
if (debug.messageEnabled()) {
debug.message("AuthXMLHandler."
+ "processAuthXMLRequest: SessionException"
+ " checking validity of SSO Token");
}
} catch (com.iplanet.sso.SSOException ssoExp) {
if (debug.messageEnabled()) {
debug.message("AuthXMLHandler."
+ "processAuthXMLRequest: SSOException "
+ "checking validity of SSO Token");
}
}*/
authResponse.setLoginStatus(AuthContext.Status.COMPLETED);
break;
case AuthXMLRequest.Abort:
try {
authContext.abort();
loginStatus = authContext.getStatus();
authResponse.setLoginStatus(loginStatus);
checkACException(authResponse, authContext);
} catch (AuthLoginException ale) {
debug.error("Error aborting ", ale);
setErrorCode(authResponse, ale);
}
break;
}
if (messageEnabled) {
debug.message("loginStatus: " + loginStatus);
if (authContext != null) {
debug.message("error Code: " + authContext.getErrorCode());
debug.message("error Template: " + authContext.getErrorTemplate());
}
}
if (loginStatus == AuthContext.Status.FAILED) {
if ((authContext.getErrorMessage() != null)
&& (authContext
.getErrorMessage()
.equals(
AMResourceBundleCache.getInstance()
.getResBundle(
"amAuthLDAP",
com.sun.identity.shared.locale.Locale.getLocale(loginState.getLocale()))
.getString(ISAuthConstants.EXCEED_RETRY_LIMIT)))) {
loginState.setErrorCode(AMAuthErrorCode.AUTH_LOGIN_FAILED);
}
if ((authContext.getErrorCode() != null) && ((authContext.getErrorCode()).length() > 0)) {
authResponse.setErrorCode(authContext.getErrorCode());
}
checkACException(authResponse, authContext);
if ((authContext.getErrorTemplate() != null)
&& ((authContext.getErrorTemplate()).length() > 0)) {
authResponse.setErrorTemplate(authContext.getErrorTemplate());
}
// Account Lockout Warning Check
if ((authContext.getErrorCode() != null)
&& (authContext.getErrorCode().equals(AMAuthErrorCode.AUTH_INVALID_PASSWORD))) {
String lockWarning = authContext.getLockoutMsg();
if ((lockWarning != null) && (lockWarning.length() > 0)) {
authResponse.setErrorMessage(lockWarning);
}
}
}
return authResponse;
}
/*
* Process the new http request
*/
private void processNewRequest(
HttpServletRequest servletRequest,
HttpServletResponse servletResponse,
AuthXMLResponse authResponse,
LoginState loginState,
AuthContextLocal authContext)
throws AuthException {
if (authContext == null) {
throw new AuthException(AMAuthErrorCode.AUTH_INVALID_DOMAIN, null);
}
InternalSession oldSession = loginState.getOldSession();
authResponse.setOldSession(oldSession);
authResponse.setLoginStatus(AuthContext.Status.IN_PROGRESS);
AuthUtils.setlbCookie(authContext, servletRequest, servletResponse);
}
/*
* reset the auth identifier, in case a status change(auth succeeds)
* will cause sid change from that of HttpSession to InternalSession.
*/
private void postProcess(LoginState loginState, AuthXMLResponse authResponse) {
SessionID sid = loginState.getSid();
String sidString = null;
if (sid != null) {
sidString = sid.toString();
}
if (messageEnabled) {
debug.message("sidString is.. : " + sidString);
}
authResponse.setAuthIdentifier(sidString);
}
/*
* Gets the next http request parameter
*/
private String getNextParam(StringTokenizer st) {
String retStr = null;
if (st != null) {
if (st.hasMoreTokens()) {
retStr = st.nextToken();
}
}
return retStr;
}
/*
* process callbacks
*/
private void processRequirements(
String xml,
AuthContextLocal authContext,
AuthXMLResponse authResponse,
String params,
HttpServletRequest servletRequest) {
String[] paramArray = null;
StringTokenizer paramsSet = null;
if (params != null) {
paramsSet = new StringTokenizer(params, ISAuthConstants.PIPE_SEPARATOR);
}
boolean allCallbacksAreSet = true;
String param;
while (authContext.hasMoreRequirements()) {
Callback[] reqdCallbacks = authContext.getRequirements();
for (int i = 0; i < reqdCallbacks.length; i++) {
if (reqdCallbacks[i] instanceof X509CertificateCallback) {
X509CertificateCallback certCallback = (X509CertificateCallback) reqdCallbacks[i];
LoginState loginState = AuthUtils.getLoginState(authContext);
if (loginState != null) {
X509Certificate cert = loginState.getX509Certificate(servletRequest);
if (cert != null) {
certCallback.setCertificate(cert);
certCallback.setReqSignature(false);
} else {
allCallbacksAreSet = false;
}
}
} else {
param = null;
if (reqdCallbacks[i] instanceof NameCallback) {
param = getNextParam(paramsSet);
if (param != null) {
NameCallback nc = (NameCallback) reqdCallbacks[i];
nc.setName(param);
if (messageEnabled) {
debug.message("Name callback set to " + param);
}
} else {
allCallbacksAreSet = false;
break;
}
} else if (reqdCallbacks[i] instanceof PasswordCallback) {
param = getNextParam(paramsSet);
if (param != null) {
PasswordCallback pc = (PasswordCallback) reqdCallbacks[i];
pc.setPassword(param.toCharArray());
if (messageEnabled) {
debug.message("Password callback is set");
}
} else {
allCallbacksAreSet = false;
break;
}
} else {
if (params == null) {
allCallbacksAreSet = false;
}
}
// add more callbacks if required
}
}
if (getNextParam(paramsSet) != null) {
allCallbacksAreSet = false;
}
if (allCallbacksAreSet) {
if (messageEnabled) {
debug.message("submit callbacks with passed in params");
}
authContext.submitRequirements(reqdCallbacks);
} else {
authResponse.setReqdCallbacks(reqdCallbacks);
break;
}
}
if (!authContext.hasMoreRequirements()) {
AuthContext.Status loginStatus = authContext.getStatus();
if (messageEnabled) {
debug.message(" Status: " + loginStatus);
}
authResponse.setLoginStatus(loginStatus);
}
}
/*
* Check for the AuthContext Exceptions
*/
private void checkACException(AuthXMLResponse authResponse, AuthContextLocal acl) {
AuthLoginException ale = acl.getLoginException();
if (ale == null) {
return;
}
/*
* this code does not allow client to remotely select locale.
* but this is a problem comes with the AuthContext API, cannot
* be simply solved here.
*/
if ((ale.getL10NMessage(locale) != null) && ((ale.getL10NMessage(locale)).length() > 0)) {
authResponse.setErrorMessage(ale.getL10NMessage(locale));
}
authResponse.setIsException(true);
}
/*
* Set the error code
*/
private void setErrorCode(AuthXMLResponse authResponse, Exception e) {
if (e == null) {
return;
}
if (e instanceof L10NMessage) {
authResponse.setErrorCode(getAuthErrorCode((L10NMessage) e));
} else {
authResponse.setErrorCode(e.getMessage());
}
authResponse.setIsException(true);
}
/*
* Get the error code
*/
private String getAuthErrorCode(L10NMessage le) {
String errorCode = le.getErrorCode();
if (errorCode == null) {
errorCode = le.getMessage();
}
return errorCode;
}
private void setServletRequest(HttpServletRequest servletRequest, AuthContextLocal authContext) {
LoginState theLoginState = AuthUtils.getLoginState(authContext);
theLoginState.setHttpServletRequest(servletRequest);
if (debug.messageEnabled()) {
debug.message("AuthXMLHandler.setServletRequest(): Setting servlet request.");
}
}
// Returns environment Map based on input environment List values
// each value takes following format:
// env-name|value1|value2|....
private Map toEnvMap(List envList) {
if (envList == null) {
return null;
}
Map map = new HashMap();
int size = envList.size();
for (int i = 0; i < size; i++) {
String value = (String) envList.get(i);
StringTokenizer tokens = new StringTokenizer(value, ISAuthConstants.PIPE_SEPARATOR);
String envName = null;
if (tokens.hasMoreTokens()) {
envName = (String) tokens.nextToken();
}
Set envValues = new HashSet();
while (tokens.hasMoreTokens()) {
envValues.add(AuthClientUtils.unescapePipe(tokens.nextToken()));
}
if ((envName != null) && !envValues.isEmpty()) {
map.put(envName, envValues);
}
}
return map;
}
} // end class
private Restlet getRestlet(String name) {
return InjectorHolder.getInstance(Key.get(Restlet.class, Names.named(name)));
}
