@Override
  public boolean action(InternalSession is, Map<String, Long> sessions) {

    String nextExpiringSessionID = null;
    long smallestExpTime = Long.MAX_VALUE;
    for (Map.Entry<String, Long> entry : sessions.entrySet()) {
      String sid = entry.getKey();
      long expirationTime = entry.getValue();
      if (expirationTime < smallestExpTime) {
        smallestExpTime = expirationTime;
        nextExpiringSessionID = sid;
      }
    }
    if (nextExpiringSessionID != null) {
      SessionID sessID = new SessionID(nextExpiringSessionID);
      try {
        Session s = sessionCache.getSession(sessID);
        s.destroySession(s);
      } catch (SessionException e) {
        if (debug.messageEnabled()) {
          debug.message("Failed to destroy the next " + "expiring session.", e);
        }
        // deny the session activation request
        // in this case
        return true;
      }
    }
    return false;
  }
Пример #2
0
  /**
   * Perform a remote setProperty on the Session using the remote Service URL.
   *
   * <p>{@inheritDoc}
   */
  public void setProperty(Session session, String name, String value) throws SessionException {
    if (debug.messageEnabled()) {
      debug.message(MessageFormat.format("Remote setProperty {0} {1}={2}", session, name, value));
    }

    SessionID sessionID = session.getID();
    SessionRequest sreq =
        new SessionRequest(SessionRequest.SetProperty, sessionID.toString(), false);
    sreq.setPropertyName(name);
    sreq.setPropertyValue(value);
    if (SystemProperties.isServerMode() && InternalSession.isProtectedProperty(name)) {
      try {
        SSOToken admSSOToken = SessionUtils.getAdminToken();
        sreq.setRequester(RestrictedTokenContext.marshal(admSSOToken));
      } catch (SSOException e) {
        throw new SessionException(e);
      } catch (Exception e) {
        throw new SessionException(e);
      }

      if (debug.messageEnabled()) {
        debug.message(
            "Session.setProperty: "
                + "added admSSOToken in sreq to set "
                + "externalProtectedProperty in remote server");
      }
    }
    requests.sendRequestWithRetry(session.getSessionServiceURL(), sreq, session);
  }
Пример #3
0
  /**
   * Performs a logout operation by making a remote request based on the Sessions service URL.
   *
   * @param session Session to logout.
   */
  public void logout(Session session) throws SessionException {
    if (debug.messageEnabled()) {
      debug.message(MessageFormat.format("Remote logout {0}", session.getID().toString()));
    }

    SessionRequest sreq =
        new SessionRequest(SessionRequest.Logout, session.getID().toString(), false);
    requests.sendRequestWithRetry(session.getSessionServiceURL(), sreq, session);
  }
Пример #4
0
  /**
   * Destroys the Session via the Session remote service URL.
   *
   * @param requester {@inheritDoc}
   * @param session {@inheritDoc}
   * @throws SessionException {@inheritDoc}
   */
  public void destroy(Session requester, Session session) throws SessionException {
    if (debug.messageEnabled()) {
      debug.message(MessageFormat.format("Remote destroy {0}", session));
    }

    SessionRequest sreq =
        new SessionRequest(SessionRequest.DestroySession, requester.getID().toString(), false);
    sreq.setDestroySessionID(session.getID().toString());
    requests.sendRequestWithRetry(session.getSessionServiceURL(), sreq, session);
  }
Пример #5
0
 /**
  * Returns URL encoded with the cookie Value (SSOToken ID) if cookies are not support. Throws an
  * SSOException in case of an error.
  *
  * <p>The cookie Value is written in the URL based on the encodingScheme specified. The Cookie
  * Value could be written as path info separated by either a "/" OR ";" or as a query string.
  *
  * <p>If the encoding scheme is SLASH then the cookie value would be written in the URL as extra
  * path info in the following format:
  *
  * <pre>
  * protocol://server:port/servletpath/&lt;cookieName>=&lt;cookieValue>?
  *     queryString
  * </pre>
  *
  * <p>Note that this format works only if the path is a servlet, if a a jsp file is specified then
  * webcontainers return with "File Not found" error. To rewrite links which are JSP files with
  * cookie value use the SEMICOLON OR QUERY encoding scheme.
  *
  * <p>If the encoding scheme is SEMICOLON then the cookie value would be written in the URL as
  * extra path info in the following format:
  *
  * <pre>
  * protocol://server:port/path;&lt;cookieName=cookieValue>?queryString
  * </pre>
  *
  * Note that this is not supported in the servlet specification and some web containers do not
  * support this.
  *
  * <p>If the encoding scheme is QUERY then the cookie value would be written in the URL in the
  * following format:
  *
  * <pre>
  * protocol://server:port/path?&lt;cookieName>=&lt;cookieValue>
  * protocol://server:port/path?queryString&amp;
  *       &lt;cookieName>=&lt;cookieValue>
  * </pre>
  *
  * <p>This is the default and OpenSSO always encodes in this format unless otherwise specified. If
  * the URL passed in has query parameter then entity escaping of ampersand will be done before
  * appending the cookie if the escape is true.Only the ampersand before appending cookie parameter
  * will be entity escaped.
  *
  * <p>
  *
  * @param ssoToken Single Sign Token which contains the session string.
  * @param url the URL to be encoded
  * @param encodingScheme possible values are <code>QUERY</code>, <code>SLASH</code>, <code>
  *     SEMICOLON</code>.
  * @param escape <code>true</code> to escape ampersand when appending the Single Sign On Token ID
  *     to request query string.
  * @return encoded URL with cookie value (session ID) based on the encoding scheme.
  * @exception SSOException if URL cannot be encoded.
  */
 public static String encodeURL(
     SSOToken ssoToken, String url, short encodingScheme, boolean escape) throws SSOException {
   String encodedURL = url;
   try {
     SSOTokenID ssoTokenId = ssoToken.getTokenID();
     SessionID sessionID = new SessionID(ssoTokenId.toString());
     Session session = Session.getSession(sessionID);
     encodedURL = session.encodeURL(url, encodingScheme, escape);
   } catch (Exception e) {
     debug.message("Exception encoding URL ", e);
     throw new SSOException(e);
   }
   return encodedURL;
 }
Пример #6
0
  /**
   * @param session The Session to update.
   * @param reset If true, then update the last modified timestamp of the Session.
   * @return
   * @throws SessionException
   */
  public SessionInfo refresh(Session session, boolean reset) throws SessionException {
    SessionID sessionID = session.getID();
    if (debug.messageEnabled()) {
      debug.message(
          MessageFormat.format(
              "Remote fetch SessionInfo for {0}\n" + "Reset: {1}", sessionID, reset));
    }

    SessionRequest sreq =
        new SessionRequest(SessionRequest.GetSession, sessionID.toString(), reset);
    SessionResponse sres =
        requests.sendRequestWithRetry(session.getSessionServiceURL(), sreq, session);

    if (sres.getException() != null) {
      throw new SessionException(SessionBundle.rbName, INVALID_SESSION_STATE, null);
    }

    List<SessionInfo> infos = sres.getSessionInfo();
    if (infos.size() != 1) {
      throw new SessionException(SessionBundle.rbName, UNEXPECTED_SESSION, null);
    }
    return infos.get(0);
  }
Пример #7
0
  private void initAuthSessions() throws SSOException, SessionException {
    if (authSession == null) {
      authSession = getSS().getAuthenticationSession(defaultOrg, null);
      if (authSession == null) {
        debug.error("AuthD failed to get auth session");
        throw new SessionException(BUNDLE_NAME, "gettingSessionFailed", null);
      }

      String clientID = authSession.getClientID();
      authSession.setProperty("Principal", clientID);
      authSession.setProperty("Organization", defaultOrg);
      authSession.setProperty("Host", authSession.getID().getSessionServer());
      DN dn = new DN(clientID);
      if (dn.isDN()) {
        String[] tokens = dn.explodeDN(true);
        String id = "id=" + tokens[0] + ",ou=user," + ServiceManager.getBaseDN();
        authSession.setProperty(Constants.UNIVERSAL_IDENTIFIER, id);
      }
      SSOTokenManager ssoManager = SSOTokenManager.getInstance();
      ssoAuthSession = ssoManager.createSSOToken(authSession.getID().toString());
    }
  }
Пример #8
0
  /**
   * This the main method of this servlet which takes in the request opens a URLConnection to the
   * CDCServlet endpoint in the OpenAM, and tunnels the request content to it. It parses the
   * Response received and if the HTTP_STATUS is "HTTP_OK" or "HTTP_MOVED_TEMP" POSTs the received
   * Liberty Authn Response to the goto URL specified in the original request.
   */
  private void sendAuthnRequest(
      HttpServletRequest request, HttpServletResponse response, SSOToken token)
      throws ServletException, IOException {
    SessionID sessid = new SessionID(request);
    URL CDCServletURL = null;
    URL sessionServiceURL = null;
    try {
      sessionServiceURL = Session.getSessionServiceURL(sessid);
    } catch (SessionException se) {
      debug.error(
          "CDCClientServlet.sendAuthnRequest: Cannot locate" + " OpenAM instance to forward to.",
          se);
      showError(response, "Cannot locate OpenAM instance to forward to");
    }
    if (sessionServiceURL == null) {
      showError(response, "Cannot locate OpenAM instance to forward to");
    }
    // replace "sessionservice" by cdcservlet in obtained URL
    // we use naming so that we get the URL of the exact server
    // where the session is located and get the right deployment
    // descriptor.
    String sessionServiceURLString = sessionServiceURL.toString();
    int serviceNameIndex =
        sessionServiceURLString.lastIndexOf(
            "/", sessionServiceURLString.length() - 2); // avoiding trailing "/"
    // if any
    StringBuilder buffer = new StringBuilder(150);
    buffer
        .append(sessionServiceURLString.substring(0, serviceNameIndex))
        .append(CDCURI)
        .append(QUESTION_MARK)
        .append(request.getQueryString()); // add query string to
    // CDCServletURL

    CDCServletURL = new URL(buffer.toString());

    // save the go to URL of the agent side to ultimately
    // POST to.
    try {
      HttpURLConnection connection = HttpURLConnectionManager.getConnection(CDCServletURL);
      connection.setRequestMethod("GET");
      connection.setRequestProperty("Content-Type", "text/html;charset=UTF-8");
      connection.setDoOutput(true);
      connection.setUseCaches(false);
      // replay cookies
      String strCookies = getCookiesFromRequest(request);
      if (strCookies != null) {
        if (debug.messageEnabled()) {
          debug.message("CDCClientServlet.sendAuthnRequest:Setting " + "cookies = " + strCookies);
        }
        connection.setRequestProperty("Cookie", strCookies);
      }
      // dont wish to follow redirect to agent, since
      // the response needs to go via the CDCClientServlet.
      HttpURLConnection.setFollowRedirects(false);

      // Receiving input from CDCServlet on the AM server instance
      if (debug.messageEnabled()) {
        debug.message(
            "CDCClientServlet.sendAuthnRequest:Getting " + "response back from  " + CDCServletURL);
        debug.message(
            "CDCClientServlet.sendAuthnRequest:Response " + "Code " + connection.getResponseCode());
        debug.message(
            "CDCClientServlet.sendAuthnRequest:Response "
                + "Message= "
                + connection.getResponseMessage());
      }

      // Check response code
      if ((connection.getResponseCode() == HttpURLConnection.HTTP_OK)
          || (connection.getResponseCode() == HttpURLConnection.HTTP_MOVED_TEMP)) {
        /**
         * Read the response back from CDCServlet, got a redirect since this response contains the
         * "LARES" ( Liberty authn response, which needs to be posted back to the dest url (agent).
         */
        StringBuilder inBuf = new StringBuilder();
        BufferedReader in =
            new BufferedReader(new InputStreamReader(connection.getInputStream(), "UTF-8"));
        int len;
        char[] buf = new char[1024];
        while ((len = in.read(buf, 0, buf.length)) != -1) {
          inBuf.append(buf, 0, len);
        }
        String inString = inBuf.toString();
        if (debug.messageEnabled()) {
          debug.message(
              "CDCClientServlet.sendAuthnRequest:" + "Received response data = " + inString);
        }
        // put the received Liberty Auth Response
        // in the servlet's response.
        sendAuthnResponse(request, response, inString);
      } else {
        debug.error("CDCClientServlet.sendAuthnRequest: Response " + "code NOT OK/MOVED_TEMP ");
        showError(
            response,
            "ERROR: Received HTTP error code "
                + connection.getResponseCode()
                + " from "
                + CDCServletURL);
      }
    } catch (ConnectException ce) {
      // Debug the exception
      if (debug.warningEnabled()) {
        debug.warning(
            "CDCClientServlet.sendAuthnRequest: " + "Connection Exception to " + CDCServletURL, ce);
      }
      showError(
          response, "Could not connect to CDCServlet at " + CDCServletURL + ":" + ce.getMessage());
    }
  }