SessionRequestHandler.java revision d79b3a1008170c69ef720163254b78c998d55ee0
/**
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
*
* Copyright (c) 2005 Sun Microsystems Inc. All Rights Reserved
*
* The contents of this file are subject to the terms
* of the Common Development and Distribution License
* (the License). You may not use this file except in
* compliance with the License.
*
* You can obtain a copy of the License at
* See the License for the specific language governing
* permission and limitations under the License.
*
* When distributing Covered Code, include this CDDL
* Header Notice in each file and include the License file
* at opensso/legal/CDDLv1.0.txt.
* If applicable, add the following below the CDDL Header,
* with the fields enclosed by brackets [] replaced by
* your own identifying information:
* "Portions Copyrighted [year] [name of copyright owner]"
*
* $Id: SessionRequestHandler.java,v 1.9 2009/04/02 04:11:44 ericow Exp $
*
*/
/*
* Portions Copyrighted 2011-2015 ForgeRock AS
*/
public class SessionRequestHandler implements RequestHandler {
private final SessionService sessionService;
private final Debug sessionDebug;
private final SessionServerConfig serverConfig;
private final SessionServiceConfig serviceConfig;
/*
* Added this property to block registration of the global notification
* listener (AddListenerOnAllSessions);
*/
private static final SessionServiceURLService SESSION_SERVICE_URL_SERVICE = InjectorHolder.getInstance(SessionServiceURLService.class);
private static final SessionCookies sessionCookies
private static final SessionPLLSender sessionPLLSender = InjectorHolder.getInstance(SessionPLLSender.class);
public SessionRequestHandler() {
}
}
return rset;
}
private Response processRequest(
final PLLAuditor auditor,
final HttpServletRequest servletRequest,
final HttpServletResponse servletResponse) {
try {
// use remote client IP as default RestrictedToken context
this.clientToken = null;
}
try {
}
}
if (sessionDebug.warningEnabled()) {
"SessionRequestHandler.processRequest:"
+ "app token invalid, sending Session response"
+" with Exception");
}
}
}
try {
new RestrictedTokenAction() {
}
});
}
} else {
}
}
}
try {
/*
* Always lookup the Session so that we can extract audit information from it. If sid belongs to a remote
* session, then looking up the session may require further inter-server communication.
* Note, this also acts as a filter since we must have a valid session identifier in order to proceed.
*/
/* common processing by groups of methods */
switch (req.getMethodID()) {
/*
* in this group of methods the request is targeting either all
* LOCAL sessions or a single local session identified by another
* request parameter sid in this case is only used to authenticate
* the operation Session pointed by sid is not expected to be local
* to this server (although it might)
*/
/*
* also check that sid is not a restricted token
*/
return res;
}
break;
/*
* In this group request is targeting a single session identified by
* sid which is supposed to be hosted by this server instance sid is
* used both as an id of a session and to authenticate the operation
* (performed on own session)
*/
case SessionRequest.GetSession:
case SessionRequest.Logout:
case SessionRequest.SetProperty:
case SessionRequest.DestroySession:
/*
* also check that sid is not a restricted token
*/
return res;
}
/*
* This fix is to avoid clients sneaking in to set
* protected properties in server-2 or so through
* server-1. Short circuit this operation without
* forwrading it further.
*/
try {
req.getPropertyValue());
} catch (SessionException se) {
if (sessionDebug.warningEnabled()) {
"SessionRequestHandler.processRequest:"
+ "Client does not have permission to set"
}
return res;
}
}
if (!serviceConfig.isSessionFailoverEnabled()) {
// TODO check how this behaves in non-session failover case
if (!serverConfig.isSiteEnabled()) {
{
throw new SessionException("invalid session id");
}
}
}
} else {
}
}
} else {
// first try
try {
} catch (SessionException se) {
// attempt retry
// proceed with failover
throw se;
} else {
// we have a shot at retrying here
// if it is remote, forward it
// otherwise treat it as a case of local
// case
}
}
} else {
throw se;
}
}
}
} else {
// Likely an unreachable code block [AME-5701]:
// SessionServiceConfig sets useInternalRequestRouting=true if SMS property
// "iplanet-am-session-sfo-enabled" is true
// To enter this block, SMS value "iplanet-am-session-sfo-enabled" must be false
// and the following System Properties must be set:
// com.iplanet.am.session.failover.useInternalRequestRouting=false
// iplanet-am-session-sfo-enabled=true (in direct contradiction to SMS property with same name)
throw new AssertionError("Unreachable code");
}
/*
* We determined that this server is the host and the
* session must be found(or recovered) locally
*/
/*
* if session is not already present locally attempt to
* recover session if in failover mode
*/
/*
* if not in failover mode or recovery was not
* successful return an exception
*/
/*
* !!!!! IMPORTANT !!!!! DO NOT REMOVE "sid" FROM
* EXCEPTIONMESSAGE Logic kludge in legacy Agent 2.0
* code will break If it can not find SID value in
* the exception message returned by Session
* Service. This dependency should be eventually
* removed once we migrate customers to a newer
* agent code base or switch to a new version of
* Session Service interface
*/
return res;
}
}
}
break;
default:
return res;
}
/*
* request method-specific processing
*/
switch (req.getMethodID()) {
case SessionRequest.GetSession:
break;
int status[] = { 0 };
break;
case SessionRequest.DestroySession:
break;
case SessionRequest.Logout:
break;
break;
/**
* Cookie Hijacking fix to disable adding of Notification
* Listener for ALL the sessions over the network to the server
* instance specified by Notification URL This property can be
* added and set in the AMConfig.properties file should there be
* a need to add Notification Listener to ALL the sessions. The
* default value of this property is FALSE
*/
if (getEnableAddListenerOnAllSessions()) {
}
break;
case SessionRequest.SetProperty:
sessionService.setExternalProperty(this.clientToken, sid, req.getPropertyName(), req.getPropertyValue());
break;
}
break;
default:
break;
}
} catch (SessionException se) {
}
return res;
}
throws SessionException {
try {
}
}
return sres;
} catch (SessionException se) {
throw se;
throw new SessionException(ex);
}
}
private static boolean getEnableAddListenerOnAllSessions() {
if (enableAddListenerOnAllSessions == null) {
}
return enableAddListenerOnAllSessions.booleanValue();
}
}