/* * Check for the AuthContext Exceptions */ private void checkACException(AuthXMLResponse authResponse, AuthContextLocal acl) { AuthLoginException ale = acl.getLoginException(); if (ale == null) { return; } /* * this code does not allow client to remotely select locale. * but this is a problem comes with the AuthContext API, cannot * be simply solved here. */ if ((ale.getL10NMessage(locale) != null) && ((ale.getL10NMessage(locale)).length() > 0)) { authResponse.setErrorMessage(ale.getL10NMessage(locale)); } authResponse.setIsException(true); }
/* * Process the XMLRequest */ private AuthXMLResponse processAuthXMLRequest( String xml, AuthXMLRequest authXMLRequest, HttpServletRequest servletRequest, HttpServletResponse servletResponse) { if (messageEnabled) { debug.message("authXMLRequest is : " + authXMLRequest); } int requestType = authXMLRequest.getRequestType(); String sessionID = authXMLRequest.getAuthIdentifier(); String orgName = authXMLRequest.getOrgName(); AuthContextLocal authContext = authXMLRequest.getAuthContext(); LoginState loginState = AuthUtils.getLoginState(authContext); String params = authXMLRequest.getParams(); List envList = authXMLRequest.getEnvironment(); Map envMap = toEnvMap(envList); AuthXMLResponse authResponse = new AuthXMLResponse(requestType); authResponse.setAuthContext(authContext); authResponse.setAuthIdentifier(sessionID); if (messageEnabled) { debug.message("authContext is : " + authContext); debug.message("requestType : " + requestType); } if (authXMLRequest.getValidSessionNoUpgrade()) { authResponse.setAuthXMLRequest(authXMLRequest); authResponse.setValidSessionNoUpgrade(true); return authResponse; } String securityEnabled = null; try { securityEnabled = AuthUtils.getRemoteSecurityEnabled(); } catch (AuthException auExp) { debug.error("Got Exception", auExp); setErrorCode(authResponse, auExp); return authResponse; } if (debug.messageEnabled()) { debug.message("Security Enabled = " + securityEnabled); } if (requestType != 0) { if ((securityEnabled != null) && (securityEnabled.equals("true"))) { security = true; String indexNameLoc = authXMLRequest.getIndexName(); AuthContext.IndexType indexTypeLoc = authXMLRequest.getIndexType(); if (indexTypeLoc == null) { indexTypeLoc = AuthUtils.getIndexType(authContext); indexNameLoc = AuthUtils.getIndexName(authContext); } if (debug.messageEnabled()) { debug.message("Index Name Local : " + indexNameLoc); debug.message("Index Type Local : " + indexTypeLoc); } if (((indexTypeLoc == null) || (indexNameLoc == null)) || !((indexTypeLoc == AuthContext.IndexType.MODULE_INSTANCE) && indexNameLoc.equals("Application"))) { try { String ssoTokenID = authXMLRequest.getAppSSOTokenID(); if (debug.messageEnabled()) { debug.message("Session ID = : " + ssoTokenID); } SSOTokenManager manager = SSOTokenManager.getInstance(); SSOToken appSSOToken = manager.createSSOToken(ssoTokenID); // if the token isn't valid, let the client know so they // retry if (!manager.isValidToken(appSSOToken)) { if (debug.messageEnabled()) { debug.message("App SSOToken is not valid"); } setErrorCode( authResponse, new AuthException(AMAuthErrorCode.REMOTE_AUTH_INVALID_SSO_TOKEN, null)); return authResponse; } else { debug.message("App SSOToken is VALID"); } } catch (SSOException ssoe) { // token is unknown to OpenAM, let the client know so they // can retry if (debug.messageEnabled()) { debug.message("App SSOToken is not valid: " + ssoe.getMessage()); } setErrorCode( authResponse, new AuthException(AMAuthErrorCode.REMOTE_AUTH_INVALID_SSO_TOKEN, null)); return authResponse; } catch (Exception exp) { debug.error("Got Exception", exp); setErrorCode(authResponse, exp); return authResponse; } } } } else { security = false; } // if index type is level and choice callback has a // selected choice then start module based authentication. if ((AuthUtils.getIndexType(authContext) == AuthContext.IndexType.LEVEL) || (AuthUtils.getIndexType(authContext) == AuthContext.IndexType.COMPOSITE_ADVICE)) { Callback[] callbacks = authXMLRequest.getSubmittedCallbacks(); if (messageEnabled) { debug.message("Callbacks are : " + callbacks); } if (callbacks != null) { if (messageEnabled) { debug.message("Callback length is : " + callbacks.length); } if (callbacks[0] instanceof ChoiceCallback) { ChoiceCallback cc = (ChoiceCallback) callbacks[0]; int[] selectedIndexes = cc.getSelectedIndexes(); int selected = selectedIndexes[0]; String[] choices = cc.getChoices(); String indexName = choices[selected]; if (messageEnabled) { debug.message("Selected Index is : " + indexName); } authXMLRequest.setIndexType("moduleInstance"); authXMLRequest.setIndexName(indexName); authXMLRequest.setRequestType(AuthXMLRequest.LoginIndex); requestType = AuthXMLRequest.LoginIndex; } } } AuthContext.Status loginStatus = AuthContext.Status.IN_PROGRESS; HttpServletRequest clientRequest = authXMLRequest.getClientRequest(); if (loginState != null) { loginState.setHttpServletRequest(clientRequest); loginState.setHttpServletResponse(authXMLRequest.getClientResponse()); if (clientRequest != null) { loginState.setParamHash(AuthUtils.parseRequestParameters(clientRequest)); } } switch (requestType) { case AuthXMLRequest.NewAuthContext: try { processNewRequest(servletRequest, servletResponse, authResponse, loginState, authContext); postProcess(loginState, authResponse); } catch (Exception ex) { debug.error("Error in NewAuthContext ", ex); setErrorCode(authResponse, ex); } break; case AuthXMLRequest.Login: try { if (sessionID != null && sessionID.equals("0")) { processNewRequest( servletRequest, servletResponse, authResponse, loginState, authContext); } String clientHost = null; if (security) { clientHost = authXMLRequest.getHostName(); if (messageEnabled) { debug.message("Client Host from Request = " + clientHost); } } if ((clientHost == null) && (servletRequest != null)) { clientHost = ClientUtils.getClientIPAddress(servletRequest); } loginState.setClient(clientHost); authContext.login(); // setServletRequest(servletRequest,authContext); processRequirements(xml, authContext, authResponse, params, servletRequest); loginStatus = authContext.getStatus(); authResponse.setRemoteRequest(loginState.getHttpServletRequest()); authResponse.setRemoteResponse(loginState.getHttpServletResponse()); postProcess(loginState, authResponse); checkACException(authResponse, authContext); } catch (Exception ex) { debug.error("Error during login ", ex); setErrorCode(authResponse, ex); authResponse.setLoginStatus(authContext.getStatus()); } break; case AuthXMLRequest.LoginIndex: try { AuthContext.IndexType indexType = authXMLRequest.getIndexType(); String indexName = authXMLRequest.getIndexName(); if (messageEnabled) { debug.message("indexName is : " + indexName); debug.message("indexType is : " + indexType); } if (sessionID != null && sessionID.equals("0")) { processNewRequest( servletRequest, servletResponse, authResponse, loginState, authContext); } String clientHost = null; if (security) { clientHost = authXMLRequest.getHostName(); if (messageEnabled) { debug.message("Client Host from Request = " + clientHost); } } if ((clientHost == null) && (servletRequest != null)) { clientHost = ClientUtils.getClientIPAddress(servletRequest); } loginState.setClient(clientHost); String locale = authXMLRequest.getLocale(); if (locale != null && locale.length() > 0) { if (debug.messageEnabled()) { debug.message("locale is : " + locale); } authContext.login(indexType, indexName, envMap, locale); } else { authContext.login(indexType, indexName, envMap, null); } // setServletRequest(servletRequest,authContext); processRequirements(xml, authContext, authResponse, params, servletRequest); loginStatus = authContext.getStatus(); authResponse.setRemoteRequest(loginState.getHttpServletRequest()); authResponse.setRemoteResponse(loginState.getHttpServletResponse()); postProcess(loginState, authResponse); checkACException(authResponse, authContext); } catch (Exception ex) { debug.error("Exception during LoginIndex", ex); setErrorCode(authResponse, ex); } break; case AuthXMLRequest.LoginSubject: try { Subject subject = authXMLRequest.getSubject(); authContext.login(subject); // setServletRequest(servletRequest,authContext); processRequirements(xml, authContext, authResponse, params, servletRequest); postProcess(loginState, authResponse); loginStatus = authContext.getStatus(); checkACException(authResponse, authContext); } catch (AuthLoginException ale) { debug.error("Exception during LoginSubject", ale); setErrorCode(authResponse, ale); } break; case AuthXMLRequest.SubmitRequirements: try { // setServletRequest(servletRequest,authContext); Callback[] submittedCallbacks = authXMLRequest.getSubmittedCallbacks(); authContext.submitRequirements(submittedCallbacks); Callback[] reqdCallbacks = null; if (authContext.hasMoreRequirements()) { reqdCallbacks = authContext.getRequirements(); authResponse.setReqdCallbacks(reqdCallbacks); } authResponse.setRemoteRequest(loginState.getHttpServletRequest()); authResponse.setRemoteResponse(loginState.getHttpServletResponse()); postProcess(loginState, authResponse); loginStatus = authContext.getStatus(); authResponse.setLoginStatus(loginStatus); InternalSession oldSession = loginState.getOldSession(); authResponse.setOldSession(oldSession); checkACException(authResponse, authContext); } catch (Exception ex) { debug.error("Error during submit requirements ", ex); setErrorCode(authResponse, ex); } break; case AuthXMLRequest.QueryInformation: try { if (sessionID != null && sessionID.equals("0")) { processNewRequest( servletRequest, servletResponse, authResponse, loginState, authContext); } Set moduleNames = authContext.getModuleInstanceNames(); authResponse.setModuleNames(moduleNames); authResponse.setAuthContext(authContext); postProcess(loginState, authResponse); checkACException(authResponse, authContext); } catch (Exception ex) { debug.error("Error during Query Information", ex); setErrorCode(authResponse, ex); } break; case AuthXMLRequest.Logout: // Object loginContext = null; // InternalSession intSess = null; // SSOToken token = null; // boolean logoutCalled = false; if (sessionID != null && !sessionID.equals("0")) { /*intSess = AuthD.getSession(sessionID); try { token = SSOTokenManager.getInstance(). createSSOToken(sessionID); if (debug.messageEnabled()) { debug.message("AuthXMLHandler." + "processAuthXMLRequest: Created token " + "during logout = "+token); } } catch (com.iplanet.sso.SSOException ssoExp) { if (debug.messageEnabled()) { debug.message("AuthXMLHandler.processAuthXMLRequest:" + "SSOException checking validity of SSO Token"); } }*/ try { AuthUtils.logout(sessionID, servletRequest, servletResponse); } catch (com.iplanet.sso.SSOException ssoExp) { if (debug.messageEnabled()) { debug.message( "AuthXMLHandler.processAuthXMLRequest:" + "SSOException checking validity of SSO Token"); } } } /*if (intSess != null) { loginContext = intSess.getObject(ISAuthConstants. LOGIN_CONTEXT); } try { if (loginContext != null) { if (loginContext instanceof javax.security.auth.login.LoginContext) { javax.security.auth.login.LoginContext lc = (javax.security.auth.login.LoginContext) loginContext; lc.logout(); } else { com.sun.identity.authentication.jaas.LoginContext jlc = (com.sun.identity.authentication.jaas. LoginContext) loginContext; jlc.logout(); } logoutCalled = true; } } catch (javax.security.auth.login.LoginException loginExp) { debug.error("AuthXMLHandler.processAuthXMLRequest: " + "Cannot Execute module Logout", loginExp); } Set postAuthSet = null; if (intSess != null) { postAuthSet = (Set) intSess.getObject(ISAuthConstants. POSTPROCESS_INSTANCE_SET); } if ((postAuthSet != null) && !(postAuthSet.isEmpty())) { AMPostAuthProcessInterface postLoginInstance=null; for(Iterator iter = postAuthSet.iterator(); iter.hasNext();) { try { postLoginInstance = (AMPostAuthProcessInterface) iter.next(); postLoginInstance.onLogout(servletRequest, servletResponse, token); } catch (Exception exp) { debug.error("AuthXMLHandler.processAuthXMLRequest: " + "Failed in post logout.", exp); } } } else { String plis = null; if (intSess != null) { plis = intSess.getProperty( ISAuthConstants.POST_AUTH_PROCESS_INSTANCE); } if (plis != null && plis.length() > 0) { StringTokenizer st = new StringTokenizer(plis, "|"); if (token != null) { while (st.hasMoreTokens()) { String pli = (String)st.nextToken(); try { AMPostAuthProcessInterface postProcess = (AMPostAuthProcessInterface) Thread.currentThread(). getContextClassLoader(). loadClass(pli).newInstance(); postProcess.onLogout(servletRequest, servletResponse, token); } catch (Exception e) { debug.error("AuthXMLHandler." + "processAuthXMLRequest:" + pli, e); } } } } } try { boolean isTokenValid = SSOTokenManager.getInstance(). isValidToken(token); if ((token != null) && isTokenValid) { AuthD.getAuth().logLogout(token); Session session = Session.getSession( new SessionID(sessionID)); session.logout(); debug.message("logout successful."); } } catch (com.iplanet.dpro.session.SessionException sessExp) { if (debug.messageEnabled()) { debug.message("AuthXMLHandler." + "processAuthXMLRequest: SessionException" + " checking validity of SSO Token"); } } catch (com.iplanet.sso.SSOException ssoExp) { if (debug.messageEnabled()) { debug.message("AuthXMLHandler." + "processAuthXMLRequest: SSOException " + "checking validity of SSO Token"); } }*/ authResponse.setLoginStatus(AuthContext.Status.COMPLETED); break; case AuthXMLRequest.Abort: try { authContext.abort(); loginStatus = authContext.getStatus(); authResponse.setLoginStatus(loginStatus); checkACException(authResponse, authContext); } catch (AuthLoginException ale) { debug.error("Error aborting ", ale); setErrorCode(authResponse, ale); } break; } if (messageEnabled) { debug.message("loginStatus: " + loginStatus); if (authContext != null) { debug.message("error Code: " + authContext.getErrorCode()); debug.message("error Template: " + authContext.getErrorTemplate()); } } if (loginStatus == AuthContext.Status.FAILED) { if ((authContext.getErrorMessage() != null) && (authContext .getErrorMessage() .equals( AMResourceBundleCache.getInstance() .getResBundle( "amAuthLDAP", com.sun.identity.shared.locale.Locale.getLocale(loginState.getLocale())) .getString(ISAuthConstants.EXCEED_RETRY_LIMIT)))) { loginState.setErrorCode(AMAuthErrorCode.AUTH_LOGIN_FAILED); } if ((authContext.getErrorCode() != null) && ((authContext.getErrorCode()).length() > 0)) { authResponse.setErrorCode(authContext.getErrorCode()); } checkACException(authResponse, authContext); if ((authContext.getErrorTemplate() != null) && ((authContext.getErrorTemplate()).length() > 0)) { authResponse.setErrorTemplate(authContext.getErrorTemplate()); } // Account Lockout Warning Check if ((authContext.getErrorCode() != null) && (authContext.getErrorCode().equals(AMAuthErrorCode.AUTH_INVALID_PASSWORD))) { String lockWarning = authContext.getLockoutMsg(); if ((lockWarning != null) && (lockWarning.length() > 0)) { authResponse.setErrorMessage(lockWarning); } } } return authResponse; }