/* * Check for the AuthContext Exceptions */ private void checkACException(AuthXMLResponse authResponse, AuthContextLocal acl) { AuthLoginException ale = acl.getLoginException(); if (ale == null) { return; } /* * this code does not allow client to remotely select locale. * but this is a problem comes with the AuthContext API, cannot * be simply solved here. */ if ((ale.getL10NMessage(locale) != null) && ((ale.getL10NMessage(locale)).length() > 0)) { authResponse.setErrorMessage(ale.getL10NMessage(locale)); } authResponse.setIsException(true); }
/** * Performs the Login for the given AuthContext * * @param type authentication index type * @param indexName authentication index name * @param principal principal name of the user to be authenticated * @param password password for the user * @param subject authentication subject * @param pCookieMode <code>true</code>persistent Cookie exists, <code>false</code> otherwise * @param envMap Environment map, this is applicable only when the type is <code> * AuthContext.IndexType.RESOURCE</code> * @param locale locale setting * @throws AuthLoginException if error occurs during login */ protected void login( AuthContext.IndexType type, String indexName, Principal principal, char[] password, Subject subject, boolean pCookieMode, Map envMap, String locale) throws AuthLoginException { try { /*if (!getStatus().equals(AuthContext.Status.NOT_STARTED)) { if (authDebug.messageEnabled()) { authDebug.message("AuthContextLocal::login called " + "when the current login status is : " + getStatus()); } throw new AuthLoginException(amAuthContextLocal, "invalidMethod", new Object[]{getStatus()}); }*/ // switch the login status loginStatus = AuthContext.Status.IN_PROGRESS; String redirectUrl = null; // specially processing for resouce/IP/Environement based auth if ((type != null) && type.equals(AuthContext.IndexType.RESOURCE)) { // this is resouce/IP/Env based authentication // call Policy Decision Util to find out the actual auth type // required by policy List result = Collections.EMPTY_LIST; try { result = PolicyDecisionUtils.doResourceIPEnvAuth(indexName, organizationName, envMap); } catch (PolicyException pe) { // ignore, continue to default realm based authentication // may need to revisit this in the future authDebug.warning( "AuthContextLocal.login() policy error " + "indexName=" + indexName, pe); type = null; indexName = null; } if (authDebug.messageEnabled()) { authDebug.message("AuthContextLocal.login: policy decision=" + result); } if (result.size() == 2) { type = (AuthContext.IndexType) result.get(0); indexName = (String) result.get(1); } else if (result.size() == 1) { // this is the redirection case (Policy Redirection Advice) redirectUrl = (String) result.get(0); // append goto parameter for federation case Set tmp = (Set) envMap.get(ISAuthConstants.GOTO_PARAM); if ((tmp != null) && !tmp.isEmpty()) { String gotoParam = (String) tmp.iterator().next(); if ((gotoParam != null) && (gotoParam.length() != 0)) { if ((redirectUrl != null) && (redirectUrl.indexOf("?") != -1)) { redirectUrl = redirectUrl + "&" + ISAuthConstants.GOTO_PARAM + "=" + URLEncDec.encode(gotoParam); } else { redirectUrl = redirectUrl + "?" + ISAuthConstants.GOTO_PARAM + "=" + URLEncDec.encode(gotoParam); } } } type = null; indexName = null; } else { // no policy decision, use default realm login type = null; indexName = null; } } HashMap loginParamsMap = new HashMap(); loginParamsMap.put(INDEX_TYPE, type); loginParamsMap.put(INDEX_NAME, indexName); loginParamsMap.put(PRINCIPAL, principal); loginParamsMap.put(PASSWORD, password); loginParamsMap.put(SUBJECT, subject); loginParamsMap.put(PCOOKIE, Boolean.valueOf(pCookieMode)); loginParamsMap.put(LOCALE, locale); if (redirectUrl != null) { loginParamsMap.put(REDIRECT_URL, redirectUrl); } if (authDebug.messageEnabled()) { authDebug.message("loginParamsMap : " + loginParamsMap.toString()); } authDebug.message("calling AMLoginContext::exceuteLogin : "******"after AMLoginContext::exceuteLogin : "******"Status at the end of login() : " + loginStatus); } } catch (AuthLoginException e) { if (authDebug.messageEnabled()) { authDebug.message("Exception in ac.login : " + e.toString()); } throw e; } }