/**
* Perform a remote setProperty on the Session using the remote Service URL.
*
* <p>{@inheritDoc}
*/
public void setProperty(Session session, String name, String value) throws SessionException {
if (debug.messageEnabled()) {
debug.message(MessageFormat.format("Remote setProperty {0} {1}={2}", session, name, value));
}
SessionID sessionID = session.getID();
SessionRequest sreq =
new SessionRequest(SessionRequest.SetProperty, sessionID.toString(), false);
sreq.setPropertyName(name);
sreq.setPropertyValue(value);
if (SystemProperties.isServerMode() && InternalSession.isProtectedProperty(name)) {
try {
SSOToken admSSOToken = SessionUtils.getAdminToken();
sreq.setRequester(RestrictedTokenContext.marshal(admSSOToken));
} catch (SSOException e) {
throw new SessionException(e);
} catch (Exception e) {
throw new SessionException(e);
}
if (debug.messageEnabled()) {
debug.message(
"Session.setProperty: "
+ "added admSSOToken in sreq to set "
+ "externalProtectedProperty in remote server");
}
}
requests.sendRequestWithRetry(session.getSessionServiceURL(), sreq, session);
}
private String getContextIdFromSessionId(String sessionId) {
InternalSession session = AuthD.getSession(new SessionID(sessionId));
return session == null ? "" : session.getProperty(Constants.AM_CTX_ID);
}
/**
* Helper method to check if client has taken permission to set value to it. If
*
* @param clientToken Token of the client setting protected property.
* @param key Property key
* @param value Property value.
* @throws SessionException if the key is protected property.
*/
public static void checkPermissionToSetProperty(SSOToken clientToken, String key, String value)
throws SessionException {
if (InternalSession.isProtectedProperty(key)) {
if (clientToken == null) {
// Throw Ex. Client should identify itself.
if (SessionService.sessionDebug.warningEnabled()) {
SessionService.sessionDebug.warning(
"SessionUtils.checkPermissionToSetProperty(): "
+ "Attempt to set protected property without client "
+ "token ["
+ key
+ "="
+ value
+ "]");
}
throw new SessionException(
SessionBundle.getString("protectedPropertyNoClientToken") + " " + key);
}
SSOTokenManager ssoTokenManager = null;
try {
ssoTokenManager = SSOTokenManager.getInstance();
} catch (SSOException ssoEx) {
// Throw Ex. Not able to get SSOTokenManager instance.
SessionService.sessionDebug.error(
"SessionUtils.checkPermissionToSetProperty(): "
+ "Cannot get instance of SSOTokenManager.");
throw new SessionException(
SessionBundle.getString("protectedPropertyNoSSOTokenMgrInstance") + " " + key);
}
if (!ssoTokenManager.isValidToken(clientToken)) {
// Throw Ex. Client should identify itself.
if (SessionService.sessionDebug.warningEnabled()) {
SessionService.sessionDebug.warning(
"SessionUtils.checkPermissionToSetProperty(): "
+ "Attempt to set protected property with invalid client"
+ " token ["
+ key
+ "="
+ value
+ "]");
}
throw new SessionException(
SessionBundle.getString("protectedPropertyInvalidClientToken") + " " + key);
}
SSOToken admToken = null;
try {
admToken = SessionUtils.getAdminToken();
} catch (SSOException ssoEx) {
// Throw Ex. Server not able to get Admin Token.
SessionService.sessionDebug.error(
"SessionUtils.checkPermissionToSetProperty(): "
+ "Cannot get Admin Token for validation to set protected "
+ "property ["
+ key
+ "="
+ value
+ "]");
throw new SessionException(
SessionBundle.getString("protectedPropertyNoAdminToken") + " " + key);
}
if (!SessionUtils.isAdmin(admToken, clientToken)) {
// Throw Ex. Client not authorized to set this property.
SessionService.sessionDebug.error(
"SessionUtils.checkPermissionToSetProperty(): "
+ "Client does not have permission to set protected "
+ "property"
+ key
+ "="
+ value
+ "]");
throw new SessionException(
SessionBundle.getString("protectedPropertyNoPermission") + " " + key);
}
}
}