/*
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
*
* Copyright (c) 2005 Sun Microsystems Inc. All Rights Reserved
*
* The contents of this file are subject to the terms
* of the Common Development and Distribution License
* (the License). You may not use this file except in
* compliance with the License.
*
* You can obtain a copy of the License at
* See the License for the specific language governing
* permission and limitations under the License.
*
* When distributing Covered Code, include this CDDL
* Header Notice in each file and include the License file
* at opensso/legal/CDDLv1.0.txt.
* If applicable, add the following below the CDDL Header,
* with the fields enclosed by brackets [] replaced by
* your own identifying information:
* "Portions Copyrighted [year] [name of copyright owner]"
*
* $Id: SSOTokenImpl.java,v 1.6 2009/04/10 17:57:07 manish_rustagi Exp $
*
* Portions Copyright 2011-2015 ForgeRock AS.
*/
/**
* This class <code>SSOTokenImpl</code> implements the interface
* <code>SSOToken</code> represents the sso token created for the given
* <code>Session</code> or through a ldap bind
*
* @see com.iplanet.sso.SSOToken
*/
/** session */
/** regular LDAP connection for SSOToken, false by default */
private boolean ldapConnect = false;
/** ldapbind ssotoken */
/** ldapbind */
/** HashMap for the ldap token property*/
/**
*
* Creates <code>SSOTokenImpl</code> for a given <code>Session</code>
* @param session
* @see com.iplanet.dpro.session.Session
*
*/
ldapConnect = false;
}
/**
* Creates a <code>SSOTokenImpl</code> with regular LDAP authentication
* service
* @param principal representing a Principal object
* @param password password string.
* @exception SSOException if the single sign on token cannot be created.
*/
throws SSOException {
try {
// using AuthContext to authentication against local
// LDAP server
.toCharArray());
// Authentication Failed
}
"ldapauthfail", null);
}
/* initialize token variables after successful ldap connection */
ldapConnect = true;
try {
} catch (NoSuchProviderException e) {
}
} catch (LoginException e) {
} catch (InvalidAuthContextException e) {
} catch (Exception e) {
SSOProviderImpl.debug.error("Failed to create the context id for this token " + principal.getName(), e);
}
}
/**
* Returns the principal name of the SSOToken
*
* @return The Principal name
* @throws SSOException if the SSOToken is not VALID or if
* there are errors in getting the Principal.
*/
try {
if (ldapConnect) {
return ldapBindDN;
}
return principal;
} catch (Exception e) {
throw new SSOException(e);
}
}
/**
* Returns the authentication method used for the authentication.
*
* @return The authentication method.
* @throws SSOException if the SSOToken is not VALID or if
* there are errors in getting the authentication method.
*/
try {
if (ldapConnect) {
return ("LDAP");
}
// auth type may be a list of auth types separated by "|". This can
// happen because of session upgrade. The list is assumed to have
// a format like "Ldap|Cert|Radius" with no space between separator.
// this method simply returns the first auth method in that list.
if (index != -1) {
} else {
return (types);
}
} catch (Exception e) {
throw new SSOException(e);
}
}
/**
* Returns the authentication level of the authentication method used for
* for authentication.
*
* @return The authentication level.
* @throws SSOException if the SSOToken is not VALID or if
* there are errors in getting the authentication level.
*/
checkTokenType("getAuthLevel");
try {
// The property AuthLevel may contain realm information, e.g. "/:10". If so, strip this out.
} catch (Exception e) {
throw new SSOException(e);
}
}
/**
* Returns the IP Address of the client(browser) which sent the request.
*
* @return The IP Address of the client
* @throws SSOException if the SSOToken is not VALID or if
* there are errors in getting the IP Address of the client.
*/
try {
if (ldapConnect == true) {
return InetAddress.getLocalHost();
}
"ipaddressnull", null);
}
} catch (Exception e) {
throw new SSOException(e);
}
}
/**
* Returns the host name of the client(browser) which sent the request.
*
* @return The host name of the client
* @throws SSOException if the SSOToken is not VALID or if
* there are errors in getting the host name of the client.
*/
try {
if (ldapConnect) {
}
null);
}
return hostName;
} catch (Exception e) {
throw new SSOException(e);
}
}
/**
* Returns the time left for this session based on max session time
*
* @return The time left for this session
* @throws SSOException if the SSOToken is not VALID or if there are errors in getting the maximum session time.
*/
checkTokenType("getTimeLeft");
try {
return session.getTimeLeft();
} catch (Exception e) {
throw new SSOException(e);
}
}
/**
* Returns the maximum session time in minutes.
*
* @return The maximum session time.
* @throws SSOException if the SSOToken is not VALID or if
* there are errors in getting the maximum session time.
*/
checkTokenType("getMaxSessionTime");
try {
return session.getMaxSessionTime();
} catch (Exception e) {
throw new SSOException(e);
}
}
/**
* Returns the session idle time in seconds.
*
* @return The session idle time.
* @throws SSOException if the SSOToken is not VALID or if
* there are errors in getting the idle time.
*/
checkTokenType("getIdleTime");
try {
return session.getIdleTime();
} catch (Exception e) {
throw new SSOException(e);
}
}
/**
* Returns the maximum session idle time in minutes.
*
* @return The maximum session idle time.
* @throws SSOException if the SSOToken is not VALID or if
* there are errors in getting the maximum idle time.
*/
checkTokenType("getMaxIdleTime");
try {
return session.getMaxIdleTime();
} catch (Exception e) {
throw new SSOException(e);
}
}
/**
* Returns SSOToken ID object
*
* @return SSOTokenID
*/
if (ldapConnect) {
return (ssoToken.getTokenID());
}
return null;
}
}
/**
* Sets a property for this token.
*
* @param name
* The property name.
* @param value
* The property value.
* @throws SSOException if the SSOToken is not VALID or if
* there are errors in setting the property name and value.
*/
if (ldapConnect) {
return;
}
try {
} catch (Exception e) {
+ value);
throw new SSOException(e);
}
}
}
if (ldapConnect) {
} else {
try {
} catch (Exception e) {
if(logError){
}else{
}
}
throw new SSOException(e);
}
}
}
return property;
}
/**
* Returns the property stored in this token.
*
* @param name
* The property name.
* @return The property value in String format.
* @throws SSOException if the SSOToken is not VALID or if
* there are errors in getting the property value.
*/
return getPropertyInternal(name, true);
}
/**
* Returns the property stored in this token.
*
* @param name
* The property name.
* @param ignoreState
* ignoreState flag.
* @return The property value in String format.
* @throws SSOException if the SSOToken is not VALID and if
* ignoreState is set to false.
*/
try {
" Calling getProperty(name)");
}
} catch (SSOException e) {
if(ignoreState) {
e.getMessage());
+ " Falling back to getPropertyWithoutValidation()");
}
}
} else {
throw e;
}
}
return property;
}
/**
* Adds a sso token listener for the token change events.
*
* @param listener
* A reference to a SSOTokenListener object.
* @throws SSOException if the SSOToken is not VALID or if
* there are errors in adding the sso token listener.
*/
throws SSOException {
if (!ldapConnect) {
try {
} catch (Exception e) {
+ getTokenID().toString());
throw new SSOException(e);
}
}
}
/**
* Returns true if the SSOToken is valid, allowing the token to be refreshed if necessary.
*
* @return true if the SSOToken is valid.
*/
public boolean isValid() {
return isValid(true);
}
/**
* Returns true if the SSOToken is valid, allowing the idle time to be reset only if the flag is true.
*
* @param possiblyResetIdleTime possibly reset the idle time if true, never reset it if false
* @return true if the SSOToken is valid, false otherwise.
*/
try {
if (ldapConnect) {
return true;
}
} catch (Exception e) {
return false;
}
}
/**
* Checks if the SSOTOken is valid
*
* @throws SSOException is thrown if the SSOToken is not valid
* @deprecated THIS METHOD WILL BE REMOVED ON 3/15/01. INSTEAD USE
* SSOTokenManager.getInstance().validateToken(SSOToken)
*/
try {
if (ldapConnect) {
return;
}
}
} catch (Exception e) {
throw new SSOException(e);
}
}
/**
* Returns true if the token is for ldap connection.
*
* @return true if the token is for ldap connection.
*/
public boolean isLdapConnection() {
return ldapConnect;
}
/**
* Sets the value of ldapConnect. It is used to destroy this token.
*
* @param status LDAP Connection status.
*/
}
/**
* Returns the encoded URL , rewritten to include the session id.
*
* @param url
* the URL to be encoded
* @return the encoded URL if cookies are not supported or the url if
* cookies are supported.
*/
checkTokenType("encodeURL");
}
/**
* Check if the token is created by direct ldap connection. If yes then
* throw unsupported exception
*
* @param methodName Name of the method calling this check.
*/
if (ldapConnect) {
+ "is an unsupported operation for tokens created"
+ "by direct ldap connection";
throw new UnsupportedOperationException(str);
}
}
/**
* Returns the Session Object.
*
* @return Session object.
*/
return session;
}
/**
* Returns true if the SSOTokenID associated with this SSOToken is a
* restricted token, false otherwise.
*
* @return true if the token is restricted
* @throws SSOException If we are unable to determine if the session is
* restricted
*/
try {
return session.isRestricted();
} catch (SessionException se) {
throw new SSOException(se);
}
}
/**
* Given a restricted token, returns the SSOTokenID of the master token
* can only be used if the requester is an app token
*
* @param requester Must be an app token
* @param restrictedId The SSOTokenID of the restricted token
* @return The SSOTokenID string of the master token
* @throws SSOException If the master token cannot be dereferenced
*/
public String dereferenceRestrictedTokenID(SSOToken requester, String restrictedId) throws SSOException {
try {
masterSID = session.dereferenceRestrictedTokenID(((SSOTokenImpl)requester).getSession(), restrictedId);
} catch (Exception e) {
throw new SSOException(e);
}
return masterSID;
}
}