Exemplo n.º 1
0
 /* build the trust source set*/
 private static Set getTrustedSourceList() throws SessionException {
   Set result = new HashSet();
   try {
     String rawList = SystemProperties.get(Constants.TRUSTED_SOURCE_LIST);
     if (rawList != null) {
       StringTokenizer stk = new StringTokenizer(rawList, ",");
       while (stk.hasMoreTokens()) {
         result.add(InetAddress.getByName(stk.nextToken()));
       }
     } else {
       // use platform server list as a default fallback
       Vector psl = WebtopNaming.getPlatformServerList();
       if (psl == null) {
         throw new SessionException(SessionBundle.rbName, "emptyTrustedSourceList", null);
       }
       for (Enumeration e = psl.elements(); e.hasMoreElements(); ) {
         try {
           URL url = new URL((String) e.nextElement());
           result.add(InetAddress.getByName(url.getHost()));
         } catch (Exception ex) {
           debug.error("SessionUtils.getTrustedSourceList : " + "Validating Host exception", ex);
         }
       }
     }
   } catch (Exception e) {
     throw new SessionException(e);
   }
   return result;
 }
Exemplo n.º 2
0
  private URL getLogHostURL(String loggedBySID) {
    SessionID sid = new SessionID(loggedBySID);

    String sessionProtocol = sid.getSessionServerProtocol();
    String sessionHost = sid.getSessionServer();
    String sessionPort = sid.getSessionServerPort();
    String sessionURI = sid.getSessionServerURI();

    //
    //  if remote logging service and protocol, host, and port
    //  are null, get them from the logging service url in the
    //  AMConfig.properties file.
    //
    if ((!manager.isLocal)
        && ((sessionProtocol == null)
            || (sessionProtocol.length() <= 0)
            || (sessionHost == null)
            || (sessionHost.length() <= 0))) {
      if (Debug.messageEnabled()) {
        Debug.message("RemoteHandler.getLogHostURL(): remote serv = " + logServURL);
      }
      return (logServURL);
    }

    if (Debug.messageEnabled()) {
      Debug.message(
          "RemoteHandler.getLogHostURL(): "
              + " sessionProtocol: "
              + sessionProtocol
              + " sessionHost: "
              + sessionHost
              + " sessionPort: "
              + sessionPort
              + " sessionURI: "
              + sessionURI);
    }
    URL loggingURL = null;
    try {
      loggingURL =
          WebtopNaming.getServiceURL(
              LogConstants.LOGGING_SERVICE, sessionProtocol, sessionHost, sessionPort, sessionURI);

      if (Debug.messageEnabled()) {
        Debug.message(
            "RemoteHandler.getLogHostURL(): WebtopNaming logging" + "service URL: " + loggingURL);
      }
    } catch (URLNotFoundException unfe) {
      Debug.error("RemoteHandler.getLogHostURL(): URLNotFoundException: ", unfe);
      return null;
    }
    return loggingURL;
  }
  /**
   * Returns Session Service URL for a given server ID.
   *
   * @param serverID server ID from the platform server list.
   * @return Session Service URL.
   * @exception SessionException
   */
  public URL getSessionServiceURL(String serverID) throws SessionException {
    try {
      URL parsedServerURL = new URL(WebtopNaming.getServerFromID(serverID));

      return getSessionServiceURL(
          parsedServerURL.getProtocol(),
          parsedServerURL.getHost(),
          Integer.toString(parsedServerURL.getPort()),
          parsedServerURL.getPath());

    } catch (Exception e) {
      throw new SessionException(e);
    }
  }
 /**
  * Returns Session Service URL.
  *
  * @param protocol Session Server protocol.
  * @param server Session Server host name.
  * @param port Session Server port.
  * @param uri Session Server URI.
  * @return URL Session Service URL.
  * @exception com.iplanet.dpro.session.SessionException
  */
 public URL getSessionServiceURL(String protocol, String server, String port, String uri)
     throws SessionException {
   String key = protocol + "://" + server + ":" + port + uri;
   URL url = sessionServiceURLTable.get(key);
   if (url == null) {
     try {
       url = WebtopNaming.getServiceURL(SESSION_SERVICE, protocol, server, port, uri);
       sessionServiceURLTable.put(key, url);
       return url;
     } catch (Exception e) {
       throw new SessionException(e);
     }
   }
   return url;
 }
  /**
   * Returns Session Service URL for a Session ID.
   *
   * @param sid Session ID
   * @return Session Service URL.
   * @exception SessionException
   */
  public URL getSessionServiceURL(SessionID sid) throws SessionException {
    String primaryId;

    if (SystemProperties.isServerMode()) {

      /**
       * Validate that the SessionID contains valid Server and Site references. This check is not
       * appropriate for client side code as only the Site reference is exposed to client code.
       */
      sid.validate();

      SessionService ss = InjectorHolder.getInstance(SessionService.class);
      if (ss.isSiteEnabled() && ss.isLocalSite(sid)) {
        if (ss.isSessionFailoverEnabled()) {
          return getSessionServiceURL(ss.getCurrentHostServer(sid));
        } else {
          primaryId = sid.getExtension().getPrimaryID();
          return getSessionServiceURL(primaryId);
        }
      }
    } else {
      primaryId = sid.getExtension().getPrimaryID();
      if (primaryId != null) {
        String secondarysites = WebtopNaming.getSecondarySites(primaryId);

        String serverID = SessionService.getAMServerID();
        if ((secondarysites != null) && (serverID != null)) {
          if (secondarysites.indexOf(serverID) != -1) {
            return getSessionServiceURL(serverID);
          }
        }
      }
    }

    return getSessionServiceURL(
        sid.getSessionServerProtocol(),
        sid.getSessionServer(),
        sid.getSessionServerPort(),
        sid.getSessionServerURI());
  }
Exemplo n.º 6
0
  private boolean validateRequest(HttpServletRequest servletRequest) {
    try {
      String encryptedCookie =
          CookieUtils.getCookieValueFromReq(servletRequest, SessionService.securityCookieName);
      if (encryptedCookie == null) {
        SessionService.sessionDebug.error(
            "GetHttpSession.validateRequest: " + "no Security Cookie in the request");
        return false;
      }
      String decryptedCookie =
          (String) AccessController.doPrivileged(new DecodeAction(encryptedCookie));
      StringTokenizer st = new StringTokenizer(decryptedCookie, "@");
      String serverURL = st.nextToken();
      long requestTimeStamp = Long.parseLong(st.nextToken());
      long currentTime = System.currentTimeMillis();
      if (Math.abs(currentTime - requestTimeStamp) > MAX_TIMESTAMP_DIFF) {
        SessionService.sessionDebug.error(
            "GetHttpSession.validateRequest: " + "Max time elapsed for the Request");
        return false;
      }
      Vector platformServerList = WebtopNaming.getPlatformServerList();

      if (!platformServerList.contains(serverURL)) {
        SessionService.sessionDebug.error(
            "GetHttpSession.validateRequest: "
                + "request host :"
                + serverURL
                + "was not part of the platformServerList");
      }
      return true;

    } catch (Exception e) {
      SessionService.sessionDebug.error(
          "GetHttpSession.validateRequest: " + "Exception while validating the request ", e);
      return false;
    }
  }