42a452a9f1193f232b34e7c22706b8fe44207d3dPhill Cunnington/*
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster *
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Copyright (c) 2005 Sun Microsystems Inc. All Rights Reserved
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster *
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * The contents of this file are subject to the terms
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * of the Common Development and Distribution License
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * (the License). You may not use this file except in
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * compliance with the License.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster *
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * You can obtain a copy of the License at
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * https://opensso.dev.java.net/public/CDDLv1.0.html or
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * opensso/legal/CDDLv1.0.txt
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * See the License for the specific language governing
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * permission and limitations under the License.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster *
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * When distributing Covered Code, include this CDDL
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Header Notice in each file and include the License file
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * at opensso/legal/CDDLv1.0.txt.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * If applicable, add the following below the CDDL Header,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * with the fields enclosed by brackets [] replaced by
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * your own identifying information:
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * "Portions Copyrighted [year] [name of copyright owner]"
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster *
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * $Id: AuthClientUtils.java,v 1.40 2010/01/22 03:31:01 222713 Exp $
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster *
6cf99bcf5206a0fcc9dd9296fc46ac28c3fe8adePeter Major * Portions Copyrighted 2010-2016 ForgeRock AS.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster */
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterpackage com.sun.identity.authentication.client;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
42e6f052c417061bf791b6e04c4579a61bf002d3Craig McDonnellimport static java.util.Arrays.asList;
42e6f052c417061bf791b6e04c4579a61bf002d3Craig McDonnell
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport com.iplanet.am.util.AMClientDetector;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport com.iplanet.am.util.SystemProperties;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport com.iplanet.dpro.session.SessionException;
cd085ff36bed57615d33434450ffc7c44ca016edDavid Lunaimport com.iplanet.dpro.session.SessionID;
cd085ff36bed57615d33434450ffc7c44ca016edDavid Lunaimport com.iplanet.dpro.session.share.SessionEncodeURL;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport com.iplanet.services.cdm.AuthClient;
cd085ff36bed57615d33434450ffc7c44ca016edDavid Lunaimport com.iplanet.services.cdm.Client;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport com.iplanet.services.cdm.ClientsManager;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport com.iplanet.services.naming.ServerEntryNotFoundException;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport com.iplanet.services.naming.WebtopNaming;
cd085ff36bed57615d33434450ffc7c44ca016edDavid Lunaimport com.iplanet.services.util.Crypt;
cd085ff36bed57615d33434450ffc7c44ca016edDavid Lunaimport com.iplanet.sso.SSOException;
cd085ff36bed57615d33434450ffc7c44ca016edDavid Lunaimport com.iplanet.sso.SSOToken;
cd085ff36bed57615d33434450ffc7c44ca016edDavid Lunaimport com.iplanet.sso.SSOTokenManager;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport com.sun.identity.authentication.AuthContext;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport com.sun.identity.authentication.service.AMAuthErrorCode;
cd085ff36bed57615d33434450ffc7c44ca016edDavid Lunaimport com.sun.identity.authentication.service.AuthException;
cd085ff36bed57615d33434450ffc7c44ca016edDavid Lunaimport com.sun.identity.authentication.util.ISAuthConstants;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport com.sun.identity.common.DNUtils;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport com.sun.identity.common.FQDNUtils;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport com.sun.identity.common.HttpURLConnectionManager;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport com.sun.identity.common.ISLocaleContext;
cd085ff36bed57615d33434450ffc7c44ca016edDavid Lunaimport com.sun.identity.common.RequestUtils;
cd085ff36bed57615d33434450ffc7c44ca016edDavid Lunaimport com.sun.identity.common.ResourceLookup;
cd085ff36bed57615d33434450ffc7c44ca016edDavid Lunaimport com.sun.identity.idm.IdUtils;
03e319d6edecb454bdd9f18ad80f545ab4a64a17Peter Majorimport com.sun.identity.policy.PolicyException;
cd085ff36bed57615d33434450ffc7c44ca016edDavid Lunaimport com.sun.identity.policy.PolicyUtils;
cd085ff36bed57615d33434450ffc7c44ca016edDavid Lunaimport com.sun.identity.policy.plugins.AuthSchemeCondition;
cd085ff36bed57615d33434450ffc7c44ca016edDavid Lunaimport com.sun.identity.security.AdminTokenAction;
cd085ff36bed57615d33434450ffc7c44ca016edDavid Lunaimport com.sun.identity.security.EncodeAction;
cd085ff36bed57615d33434450ffc7c44ca016edDavid Lunaimport com.sun.identity.session.util.SessionUtils;
cd085ff36bed57615d33434450ffc7c44ca016edDavid Lunaimport com.sun.identity.shared.Constants;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport com.sun.identity.shared.debug.Debug;
cd085ff36bed57615d33434450ffc7c44ca016edDavid Lunaimport com.sun.identity.shared.encode.Base64;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport com.sun.identity.shared.encode.CookieUtils;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport com.sun.identity.shared.encode.URLEncDec;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport com.sun.identity.shared.locale.Locale;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport com.sun.identity.sm.SMSEntry;
cd085ff36bed57615d33434450ffc7c44ca016edDavid Lunaimport com.sun.identity.sm.SMSException;
cd085ff36bed57615d33434450ffc7c44ca016edDavid Lunaimport com.sun.identity.sm.ServiceSchema;
cd085ff36bed57615d33434450ffc7c44ca016edDavid Lunaimport com.sun.identity.sm.ServiceSchemaManager;
1d407e39b7d8f68d9a2b1e178f35fab037d9835aRobert Wapshottimport org.forgerock.openam.security.whitelist.ValidGotoUrlExtractor;
1d407e39b7d8f68d9a2b1e178f35fab037d9835aRobert Wapshottimport org.forgerock.openam.session.SessionServiceURLService;
1d407e39b7d8f68d9a2b1e178f35fab037d9835aRobert Wapshottimport org.forgerock.openam.shared.security.whitelist.RedirectUrlValidator;
1d407e39b7d8f68d9a2b1e178f35fab037d9835aRobert Wapshottimport org.forgerock.openam.utils.ClientUtils;
0b2aece2c87558d3b244db6f87263f6eb4177170Jon Jonthomasimport org.forgerock.openam.utils.StringUtils;
1d407e39b7d8f68d9a2b1e178f35fab037d9835aRobert Wapshott
1d407e39b7d8f68d9a2b1e178f35fab037d9835aRobert Wapshottimport javax.servlet.ServletContext;
1d407e39b7d8f68d9a2b1e178f35fab037d9835aRobert Wapshottimport javax.servlet.http.Cookie;
1d407e39b7d8f68d9a2b1e178f35fab037d9835aRobert Wapshottimport javax.servlet.http.HttpServletRequest;
1d407e39b7d8f68d9a2b1e178f35fab037d9835aRobert Wapshottimport javax.servlet.http.HttpServletResponse;
cd085ff36bed57615d33434450ffc7c44ca016edDavid Lunaimport java.io.BufferedReader;
cd085ff36bed57615d33434450ffc7c44ca016edDavid Lunaimport java.io.IOException;
cd085ff36bed57615d33434450ffc7c44ca016edDavid Lunaimport java.io.InputStreamReader;
cd085ff36bed57615d33434450ffc7c44ca016edDavid Lunaimport java.io.OutputStream;
cd085ff36bed57615d33434450ffc7c44ca016edDavid Lunaimport java.io.PrintWriter;
03e319d6edecb454bdd9f18ad80f545ab4a64a17Peter Majorimport java.io.UnsupportedEncodingException;
cd085ff36bed57615d33434450ffc7c44ca016edDavid Lunaimport java.net.HttpURLConnection;
cd085ff36bed57615d33434450ffc7c44ca016edDavid Lunaimport java.net.MalformedURLException;
cd085ff36bed57615d33434450ffc7c44ca016edDavid Lunaimport java.net.URL;
cd085ff36bed57615d33434450ffc7c44ca016edDavid Lunaimport java.net.URLDecoder;
cd085ff36bed57615d33434450ffc7c44ca016edDavid Lunaimport java.security.AccessController;
cd085ff36bed57615d33434450ffc7c44ca016edDavid Lunaimport java.util.ArrayList;
cd085ff36bed57615d33434450ffc7c44ca016edDavid Lunaimport java.util.Collections;
cd085ff36bed57615d33434450ffc7c44ca016edDavid Lunaimport java.util.Enumeration;
cd085ff36bed57615d33434450ffc7c44ca016edDavid Lunaimport java.util.HashMap;
cd085ff36bed57615d33434450ffc7c44ca016edDavid Lunaimport java.util.HashSet;
cd085ff36bed57615d33434450ffc7c44ca016edDavid Lunaimport java.util.Hashtable;
cd085ff36bed57615d33434450ffc7c44ca016edDavid Lunaimport java.util.Iterator;
cd085ff36bed57615d33434450ffc7c44ca016edDavid Lunaimport java.util.List;
cd085ff36bed57615d33434450ffc7c44ca016edDavid Lunaimport java.util.Map;
42e6f052c417061bf791b6e04c4579a61bf002d3Craig McDonnellimport java.util.Objects;
cd085ff36bed57615d33434450ffc7c44ca016edDavid Lunaimport java.util.ResourceBundle;
cd085ff36bed57615d33434450ffc7c44ca016edDavid Lunaimport java.util.Set;
cd085ff36bed57615d33434450ffc7c44ca016edDavid Lunaimport java.util.StringTokenizer;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterpublic class AuthClientUtils {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public static final String DEFAULT_CLIENT_TYPE ="genericHTML";
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public static final String COMPOSITE_ADVICE = "sunamcompositeadvice";
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster private static final String DEFAULT_CONTENT_TYPE="text/html";
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster private static final String DEFAULT_FILE_PATH = "html";
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster private static final String DEFAULT_COOKIE_SUPPORT = "true";
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster private static final String DSAME_VERSION="7.0";
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public static final String ERROR_MESSAGE = "Error_Message";
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public static final String ERROR_TEMPLATE = "Error_Template";
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public static final String MSG_DELIMITER= "|";
2cdbc4fc62ed8b9c2c8ef660adc4fe0188b65407Neil Madden public static final String BUNDLE_NAME="amAuth";
2cdbc4fc62ed8b9c2c8ef660adc4fe0188b65407Neil Madden private static final String HTTP_REFERER = "Referer";
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster private static boolean setRequestEncoding = false;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster private static AMClientDetector clientDetector;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster private static Client defaultClient;
3d6aee7121714bbefc14dc1fa93b07f985700eb2David Luna private static volatile ResourceBundle bundle;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster private static final boolean urlRewriteInPath =
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster Boolean.valueOf(SystemProperties.get(
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster Constants.REWRITE_AS_PATH,"")).booleanValue();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public static final String templatePath =
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL new StringBuilder().append(Constants.FILE_SEPARATOR)
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster .append(ISAuthConstants.CONFIG_DIR)
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster .append(Constants.FILE_SEPARATOR)
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster .append(ISAuthConstants.AUTH_DIR).toString();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster private static final String rootSuffix = SMSEntry.getRootSuffix();
cd085ff36bed57615d33434450ffc7c44ca016edDavid Luna protected static final RedirectUrlValidator<String> REDIRECT_URL_VALIDATOR =
cd085ff36bed57615d33434450ffc7c44ca016edDavid Luna new RedirectUrlValidator<String>(ValidGotoUrlExtractor.getInstance());
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
35ab1c5bca11317474fe12bdd8d22c17cdaf2697Robert Wapshott private static SessionServiceURLService sessionServiceURLService = SessionServiceURLService.getInstance();
35ab1c5bca11317474fe12bdd8d22c17cdaf2697Robert Wapshott
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // dsame version
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster private static String dsameVersion =
3d6aee7121714bbefc14dc1fa93b07f985700eb2David Luna SystemProperties.get(Constants.AM_VERSION, DSAME_VERSION);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
fd8e00bb4008ddccf0430ca49ecbdbef27e6a2acMark de Reeper // If true, version header will be added to responses, default is false
fd8e00bb4008ddccf0430ca49ecbdbef27e6a2acMark de Reeper private static final boolean isVersionHeaderEnabled =
fd8e00bb4008ddccf0430ca49ecbdbef27e6a2acMark de Reeper SystemProperties.getAsBoolean(Constants.AM_VERSION_HEADER_ENABLED, false);
fd8e00bb4008ddccf0430ca49ecbdbef27e6a2acMark de Reeper
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster /* Constants.AM_COOKIE_NAME is the AM Cookie which
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * gets set when the user has authenticated
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster */
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster private static String cookieName=
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster SystemProperties.get(Constants.AM_COOKIE_NAME);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster /* Constants.AM_AUTH_COOKIE_NAME is the Auth Cookie which
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * gets set during the authentication process.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster */
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster private static String authCookieName=
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster SystemProperties.get(Constants.AM_AUTH_COOKIE_NAME,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster ISAuthConstants.AUTH_COOKIE_NAME);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster /* Constants.AM_DIST_AUTH_COOKIE_NAME is the Auth Cookie which
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * gets set during the authentication process.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster */
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster private static String distAuthCookieName=
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster SystemProperties.get(Constants.AM_DIST_AUTH_COOKIE_NAME,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster ISAuthConstants.DIST_AUTH_COOKIE_NAME);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster private static String serviceURI = getServiceURI() + "/UI/Login";
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster private static String serverURL = null;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster static Debug utilDebug = Debug.getInstance("amAuthClientUtils");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster private static String[] ignoreList = {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster "IDtoken0", "IDtoken1", "IDtoken2", "IDButton", "AMAuthCookie", "encoded", "IDToken3"
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster };
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster private static boolean useCache = Boolean.getBoolean(SystemProperties.get(
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster Constants.URL_CONNECTION_USE_CACHE, "false"));
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster private static boolean isSessionHijackingEnabled =
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster Boolean.valueOf(SystemProperties.get(
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster Constants.IS_ENABLE_UNIQUE_COOKIE, "false")).booleanValue();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster private static String hostUrlCookieName =
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster SystemProperties.get(Constants.AUTH_UNIQUE_COOKIE_NAME,
3d6aee7121714bbefc14dc1fa93b07f985700eb2David Luna "sunIdentityServerAuthNServer");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster private static String hostUrlCookieDomain =
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster SystemProperties.get(Constants.AUTH_UNIQUE_COOKIE_DOMAIN);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster private static final String distAuthCluster =
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster SystemProperties.get(Constants.DISTAUTH_CLUSTER, "");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster private static ArrayList distAuthClusterList = new ArrayList();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster private static final String distAuthSites =
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster SystemProperties.get(Constants.AM_DISTAUTH_SITES, "");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster private static Map<String, Set<String>> distAuthSitesMap = new HashMap();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster private static final List<String> RETAINED_HTTP_REQUEST_HEADERS = new ArrayList<String>();
9a8a88c1867d7f60df76cdfbf10606db698b63fePeter Major private static final List<String> RETAINED_HTTP_HEADERS = new ArrayList<String>();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster static {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // Initialzing variables
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String installTime =
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster SystemProperties.get(AdminTokenAction.AMADMIN_MODE, "false");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (installTime.equalsIgnoreCase("false")) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster clientDetector = new AMClientDetector();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (isClientDetectionEnabled()) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster defaultClient = ClientsManager.getDefaultInstance();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster bundle = Locale.getInstallResourceBundle(BUNDLE_NAME);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String proto = SystemProperties.get(Constants.DISTAUTH_SERVER_PROTOCOL);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String host = null;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String port = null;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (proto != null && proto.length() != 0 ) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster host = SystemProperties.get(Constants.DISTAUTH_SERVER_HOST);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster port = SystemProperties.get(Constants.DISTAUTH_SERVER_PORT);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster } else {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster proto = SystemProperties.get(Constants.AM_SERVER_PROTOCOL);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster host = SystemProperties.get(Constants.AM_SERVER_HOST);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster port = SystemProperties.get(Constants.AM_SERVER_PORT);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster serverURL = proto + "://" + host + ":" + port;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if(distAuthCluster.length() != 0){
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster try {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (utilDebug.messageEnabled()) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster utilDebug.message(
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster "AuthClientUtils.static(): "
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster + "Cluster List is: " + distAuthCluster);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (distAuthCluster.indexOf(",") != -1) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster StringTokenizer distAuthServersList =
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster new StringTokenizer(distAuthCluster, ",");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster while (distAuthServersList.hasMoreTokens()) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String distAuthServer =
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster distAuthServersList.nextToken().trim();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster distAuthClusterList.add(distAuthServer);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster } else {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster distAuthClusterList.add(distAuthCluster.trim());
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster } catch (Exception e) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster utilDebug.error("AuthClientUtils.static(): " +
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster e.toString());
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (distAuthSites.length() != 0) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster try {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (utilDebug.messageEnabled()) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster utilDebug.message(
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster "AuthClientUtils.static(): "
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster + "Dist Auth Site list is: " + distAuthSites);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (distAuthSites.indexOf(",") != -1) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster StringTokenizer distAuthSitesList =
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster new StringTokenizer(distAuthSites, ",");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster while (distAuthSitesList.hasMoreTokens()) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String distAuthServer =
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster distAuthSitesList.nextToken().trim();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (distAuthServer.indexOf("=") != -1) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String distAuthServerName =
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster distAuthServer.substring(0, distAuthServer.indexOf("="));
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String distAuthSiteName =
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster distAuthServer.substring(distAuthServer.indexOf("=") + 1);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster Set<String> distAuthSet = distAuthSitesMap.get(distAuthSiteName);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (distAuthSet == null) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster distAuthSet = new HashSet<String>();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster distAuthSet.add(distAuthServerName);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster distAuthSitesMap.put(distAuthSiteName, distAuthSet);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster } else {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (utilDebug.messageEnabled()) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster utilDebug.message("AuthClientUtils.static(): " +
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster "invalid dist auth server entry: " + distAuthServer);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster continue;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster } else {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (distAuthSites.indexOf("=") != -1) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String distAuthServerName =
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster distAuthSites.substring(0, distAuthSites.indexOf("="));
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String distAuthSiteName =
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster distAuthSites.substring(distAuthSites.indexOf("=") + 1);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster Set<String> distAuthSet = new HashSet<String>();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster distAuthSet.add(distAuthServerName);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster distAuthSitesMap.put(distAuthSiteName, distAuthSet);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster } else {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (utilDebug.messageEnabled()) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster utilDebug.message("AuthClientUtils.static(): " +
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster "invalid dist auth server entry: " + distAuthSites);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster } catch (Exception ex) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster utilDebug.error("AuthClientUtils.static(): " +
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster ex.toString());
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (utilDebug.messageEnabled()) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster utilDebug.message("AuthClientUtils.static(): " +
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster "dist auth server to site: " + distAuthSitesMap);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
9a8a88c1867d7f60df76cdfbf10606db698b63fePeter Major
9a8a88c1867d7f60df76cdfbf10606db698b63fePeter Major RETAINED_HTTP_REQUEST_HEADERS.addAll(getHeaderNameListForProperty(
9a8a88c1867d7f60df76cdfbf10606db698b63fePeter Major Constants.RETAINED_HTTP_REQUEST_HEADERS_LIST));
9a8a88c1867d7f60df76cdfbf10606db698b63fePeter Major //configuration sanity check
9a8a88c1867d7f60df76cdfbf10606db698b63fePeter Major RETAINED_HTTP_REQUEST_HEADERS.removeAll(getHeaderNameListForProperty(
9a8a88c1867d7f60df76cdfbf10606db698b63fePeter Major Constants.FORBIDDEN_TO_COPY_REQUEST_HEADERS));
9a8a88c1867d7f60df76cdfbf10606db698b63fePeter Major
9a8a88c1867d7f60df76cdfbf10606db698b63fePeter Major RETAINED_HTTP_HEADERS.addAll(getHeaderNameListForProperty(
9a8a88c1867d7f60df76cdfbf10606db698b63fePeter Major Constants.RETAINED_HTTP_HEADERS_LIST));
9a8a88c1867d7f60df76cdfbf10606db698b63fePeter Major //configuration sanity check
9a8a88c1867d7f60df76cdfbf10606db698b63fePeter Major RETAINED_HTTP_HEADERS.removeAll(getHeaderNameListForProperty(
9a8a88c1867d7f60df76cdfbf10606db698b63fePeter Major Constants.FORBIDDEN_TO_COPY_HEADERS));
9a8a88c1867d7f60df76cdfbf10606db698b63fePeter Major //we need to ensure that set-cookie headers are always retained for the response.
9a8a88c1867d7f60df76cdfbf10606db698b63fePeter Major RETAINED_HTTP_HEADERS.add("set-cookie");
87972b3af5f1ec9cbd4710e97f883dfe34b27783Peter Major if (utilDebug.messageEnabled()) {
9a8a88c1867d7f60df76cdfbf10606db698b63fePeter Major utilDebug.message("Retained request headers: " + RETAINED_HTTP_REQUEST_HEADERS);
9a8a88c1867d7f60df76cdfbf10606db698b63fePeter Major utilDebug.message("Retained response headers: " + RETAINED_HTTP_HEADERS);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster /*
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Protected constructor to prevent any instances being created
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Needs to be protected to allow subclass AuthUtils
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster */
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster protected AuthClientUtils() {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
9a8a88c1867d7f60df76cdfbf10606db698b63fePeter Major private static List<String> getHeaderNameListForProperty(String property) {
9a8a88c1867d7f60df76cdfbf10606db698b63fePeter Major String value = SystemProperties.get(property);
9a8a88c1867d7f60df76cdfbf10606db698b63fePeter Major if (value != null) {
42e6f052c417061bf791b6e04c4579a61bf002d3Craig McDonnell return asList(value.toLowerCase().split(","));
9a8a88c1867d7f60df76cdfbf10606db698b63fePeter Major }
9a8a88c1867d7f60df76cdfbf10606db698b63fePeter Major return Collections.EMPTY_LIST;
9a8a88c1867d7f60df76cdfbf10606db698b63fePeter Major }
9a8a88c1867d7f60df76cdfbf10606db698b63fePeter Major
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public static Hashtable parseRequestParameters(
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster HttpServletRequest request) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
5b07ede5c1cb1cec664ceab5734ad882483c1393Gabor Hollosi return (decodeHash(request));
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
5b07ede5c1cb1cec664ceab5734ad882483c1393Gabor Hollosi private static Hashtable decodeHash(HttpServletRequest request) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster Hashtable data = new Hashtable();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String clientEncoding = request.getCharacterEncoding();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String encoding = (clientEncoding != null) ? clientEncoding : "UTF-8";
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (utilDebug.messageEnabled()) {
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL utilDebug.message("AuthUtils::decodeHash: clientEncoding='{}', encoding='{}'", clientEncoding, encoding);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL
5b07ede5c1cb1cec664ceab5734ad882483c1393Gabor Hollosi @SuppressWarnings("unchecked")
5b07ede5c1cb1cec664ceab5734ad882483c1393Gabor Hollosi Enumeration<String> names = request.getParameterNames();
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL boolean base64Encoded = Boolean.parseBoolean(request.getParameter("encoded"));
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster while (names.hasMoreElements()) {
5b07ede5c1cb1cec664ceab5734ad882483c1393Gabor Hollosi String name = names.nextElement();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String value = request.getParameter(name);
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL if (value == null) {
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL if (utilDebug.messageEnabled()) {
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL utilDebug.message("AuthUtils::decodeHash parameter '{}' is null", name);
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL }
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL continue;
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL }
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL if (name.equalsIgnoreCase("SunQueryParamsString")){
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL // This will normally be the case when browser back button is
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // used and the form is posted again with the base64 encoded
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // parameters
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL if (!value.isEmpty()){
20047479f8803c17039bbf35e28b4e232beb9da9Quentin CASTEL String decodedValue = Base64.decodeAsUTF8String(value);
20047479f8803c17039bbf35e28b4e232beb9da9Quentin CASTEL if (decodedValue == null && utilDebug.warningEnabled()) {
20047479f8803c17039bbf35e28b4e232beb9da9Quentin CASTEL utilDebug.warning("Parameter ['{}']='{}' should be base64 encoded", name, value);
20047479f8803c17039bbf35e28b4e232beb9da9Quentin CASTEL }
20047479f8803c17039bbf35e28b4e232beb9da9Quentin CASTEL value = decodedValue;
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL if (utilDebug.messageEnabled()) {
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL utilDebug.message("AuthUtils::decodeHash base 64 decoded '{}'='{}'", name, value);
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster StringTokenizer st = new StringTokenizer(value, "&");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster while (st.hasMoreTokens()) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String str = st.nextToken();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (str.indexOf("=") != -1 ) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster int index = str.indexOf("=");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String parameter = str.substring(0,index);
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL String parameterValue = str.substring(index + 1);
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL putDecodedValue(data, parameter, parameterValue, encoding);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL }
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL }
0b2aece2c87558d3b244db6f87263f6eb4177170Jon Jonthomas } else if (name.equals(RedirectUrlValidator.GOTO) || name.equals(RedirectUrlValidator.GOTO_ON_FAIL)){
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // Again this will be the case when browser back
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // button is used and the form is posted with the
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // base64 encoded parameters including goto
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL if (utilDebug.messageEnabled()) {
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL utilDebug.message("AuthUtils::decodeHash '{}'='{}', encoded='{}'", name, value, base64Encoded);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL if (base64Encoded) {
20047479f8803c17039bbf35e28b4e232beb9da9Quentin CASTEL String decodedValue = Base64.decodeAsUTF8String(value);
20047479f8803c17039bbf35e28b4e232beb9da9Quentin CASTEL if (decodedValue == null && utilDebug.warningEnabled()) {
20047479f8803c17039bbf35e28b4e232beb9da9Quentin CASTEL utilDebug.warning("As parameter 'encoded' is true, parameter ['{}']='{}' should be base64" +
20047479f8803c17039bbf35e28b4e232beb9da9Quentin CASTEL " encoded", name, value);
20047479f8803c17039bbf35e28b4e232beb9da9Quentin CASTEL }
20047479f8803c17039bbf35e28b4e232beb9da9Quentin CASTEL value = decodedValue;
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL if (utilDebug.messageEnabled()) {
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL utilDebug.message("AuthUtils::decodeHash base 64 decoded '{}'='{}'", name, value);
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL }
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL }
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL putDecodedValue(data, name, value, encoding);
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL } else{
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL putDecodedValue(data, name, value, encoding);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }// while
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster return (data);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster /**
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Returns the Logout cookie.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster *
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param sid Session ID.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param cookieDomain Cookie domain.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @return logout cookie string.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster */
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public static Cookie getLogoutCookie(SessionID sid, String cookieDomain) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String logoutCookieString = getLogoutCookieString(sid);
3d6aee7121714bbefc14dc1fa93b07f985700eb2David Luna Cookie logoutCookie = createCookie(logoutCookieString, cookieDomain);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster logoutCookie.setMaxAge(0);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster return (logoutCookie);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster /**
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Returns the encrpted Logout cookie string .
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * The format of this cookie is:
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * <code>LOGOUT@protocol@servername@serverport@sessiondomain</code>.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster *
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param sid the SessionID
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @return encrypted logout cookie string.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster */
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public static String getLogoutCookieString(SessionID sid) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String logout_cookie = null;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster try {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster logout_cookie = (String) AccessController.doPrivileged(
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster new EncodeAction(
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster "LOGOUT" + "@" +
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster sid.getSessionServerProtocol() + "@" +
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster sid.getSessionServer() + "@" +
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster sid.getSessionServerPort() + "@" +
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster sid.getSessionDomain(), Crypt.getHardcodedKeyEncryptor()));
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (utilDebug.messageEnabled()) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster utilDebug.message("Logout cookie : " + logout_cookie);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster } catch (Exception e) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (utilDebug.messageEnabled()) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster utilDebug.message("Error creating cookie : " + e.getMessage());
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster return (logout_cookie );
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster /**
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Returns Cookie to be set in the response.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster *
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param cookieValue value of cookie
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param cookieDomain domain for which cookie will be set.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @return Cookie object.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster */
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public static Cookie createCookie(String cookieValue, String cookieDomain) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String cookieName = getCookieName();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (utilDebug.messageEnabled()) {
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL utilDebug.message("cookieName='{}', cookieValue='{}', cookieDomain='{}'", cookieName, cookieValue,
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL cookieDomain);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster return (createCookie(cookieName,cookieValue,cookieDomain));
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public static String getQueryOrgName(HttpServletRequest request,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String org) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String queryOrg = null;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if ((org != null) && (org.length() != 0)) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster queryOrg = org;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster } else {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (request != null) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster queryOrg = request.getServerName();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (utilDebug.messageEnabled()) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster utilDebug.message("queryOrg is :" + queryOrg);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL return queryOrg;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // print cookies in the request
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // use for debugging purposes
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public static void printCookies(HttpServletRequest req) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster Cookie ck[] = req.getCookies();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (ck == null) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster utilDebug.message("No Cookie in header");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster return;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster for (int i = 0; i < ck.length; ++i) {
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL if (utilDebug.messageEnabled()) {
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL utilDebug.message("Received Cookie: '{}'='{}'", ck[i].getName(), ck[i].getValue());
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public static void printHash(Hashtable reqParameters) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster try {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (utilDebug.messageEnabled()) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster utilDebug.message("AuthRequest: In printHash" + reqParameters);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (reqParameters == null) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster return;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster Enumeration Edata = reqParameters.keys();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster while (Edata.hasMoreElements()) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster Object key = Edata.nextElement();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster Object value = reqParameters.get(key);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster utilDebug.message("printHash Key is : " + key);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (value instanceof String[]) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String tmp[] = (String[])value;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster for (int ii=0; ii < tmp.length; ii++) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (utilDebug.messageEnabled()) {
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL utilDebug.message("printHash : String[] keyname '{}'='{}'", key, tmp[ii]);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster } catch (Exception e) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (utilDebug.messageEnabled()) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster utilDebug.warning("Exception: printHash :" , e);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public static void setlbCookie(HttpServletRequest request,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster HttpServletResponse response) throws AuthException {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String cookieName = getlbCookieName();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (cookieName != null && cookieName.length() != 0) {
6cf99bcf5206a0fcc9dd9296fc46ac28c3fe8adePeter Major Set<String> domains = getCookieDomainsForRequest(request);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (!domains.isEmpty()) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster for (Iterator it = domains.iterator(); it.hasNext(); ) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String domain = (String)it.next();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster Cookie cookie = createlbCookie(domain);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster CookieUtils.addCookieToResponse(response, cookie);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster } else {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster CookieUtils.addCookieToResponse(response, createlbCookie(null));
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster /**
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Creates a Cookie with the <code>cookieName</code>,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * <code>cookieValue</code> for the cookie domains specified.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster *
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param cookieName is the name of the cookie
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param cookieValue is the value fo the cookie
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param cookieDomain Domain for which the cookie is to be set.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @return the cookie object.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster */
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL public static Cookie createCookie(String cookieName, String cookieValue, String cookieDomain) {
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (utilDebug.messageEnabled()) {
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL utilDebug.message("cookieName='{}', cookieValue='{}', cookieDomain='{}'", cookieName, cookieValue,
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL cookieDomain);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster Cookie cookie = null;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster try {
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL // hardcoded need to read from attribute and set cookie for all domains
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL cookie = CookieUtils.newCookie(cookieName, cookieValue, "/", cookieDomain);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster } catch (Exception e) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (utilDebug.messageEnabled()) {
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL utilDebug.message("Error creating cookie. : " + e.getMessage());
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (utilDebug.messageEnabled()) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster utilDebug.message("createCookie Cookie is set : " + cookie);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL return cookie;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public static void clearlbCookie(HttpServletRequest request,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster HttpServletResponse response) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String cookieName = getlbCookieName();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (cookieName != null && cookieName.length() != 0) {
6cf99bcf5206a0fcc9dd9296fc46ac28c3fe8adePeter Major Set<String> domains = getCookieDomainsForRequest(request);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (!domains.isEmpty()) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster for (Iterator it = domains.iterator(); it.hasNext(); ) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String domain = (String)it.next();
42a452a9f1193f232b34e7c22706b8fe44207d3dPhill Cunnington Cookie cookie = createCookie(
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster cookieName, "LOGOUT", 0, domain);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster response.addCookie(cookie);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster } else {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster response.addCookie(
42a452a9f1193f232b34e7c22706b8fe44207d3dPhill Cunnington createCookie(cookieName, "LOGOUT", 0, null));
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster /* return the the error message for the error code */
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public static String getErrorMessage(String errorCode) {
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL return getErrorVal(errorCode, ERROR_MESSAGE);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster /* return the the error template for the error code */
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public static String getErrorTemplate(String errorCode) {
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL return getErrorVal(errorCode,ERROR_TEMPLATE);
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public static boolean checkForCookies(HttpServletRequest req) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // came here if cookie not found , return false
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL return CookieUtils.getCookieValueFromReq(req,getAuthCookieName()) != null
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL || CookieUtils.getCookieValueFromReq(req,getCookieName()) != null;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // Get Original Redirect URL for Auth to redirect the Login request
cd085ff36bed57615d33434450ffc7c44ca016edDavid Luna public static String getOrigRedirectURL(HttpServletRequest request, SessionID sessID) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster try {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String sidString = null;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (sessID != null) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster sidString = sessID.toString();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster SSOTokenManager manager = SSOTokenManager.getInstance();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster SSOToken ssoToken = manager.createSSOToken(sidString);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (manager.isValidToken(ssoToken)) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster utilDebug.message("Valid SSOToken");
cd085ff36bed57615d33434450ffc7c44ca016edDavid Luna
cd085ff36bed57615d33434450ffc7c44ca016edDavid Luna return REDIRECT_URL_VALIDATOR.getRedirectUrl(ssoToken.getProperty(ISAuthConstants.ORGANIZATION),
cd085ff36bed57615d33434450ffc7c44ca016edDavid Luna REDIRECT_URL_VALIDATOR.getAndDecodeParameter(request, RedirectUrlValidator.GOTO),
cd085ff36bed57615d33434450ffc7c44ca016edDavid Luna ssoToken.getProperty("successURL"));
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster } catch (Exception e) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (utilDebug.messageEnabled()) {
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL utilDebug.message("Error in getOrigRedirectURL:", e);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL return null;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL return null;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster /**
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Adds Logout cookie to URL.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster *
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param url is the url to be rewritten with the logout cookie
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param logoutCookie is the logoutCookie String
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param isCookieSupported is a boolean which indicates whether
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * cookie support is true or false
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @return URL with the logout cookie appended to it.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster */
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public static String addLogoutCookieToURL(
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String url,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String logoutCookie,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster boolean isCookieSupported) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String logoutURL = null;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if ((logoutCookie == null) || (isCookieSupported)) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster logoutURL = url;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster } else {
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL StringBuilder cookieString = new StringBuilder();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster cookieString.append(URLEncDec.encode(getCookieName()))
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster .append("=").append(URLEncDec.encode(logoutCookie));
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (url.indexOf("?") != -1) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster cookieString.insert(0,"&amp;");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster } else {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster cookieString.insert(0,"?");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster cookieString.insert(0,url);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster logoutURL = cookieString.toString();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (utilDebug.messageEnabled()) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster utilDebug.message("cookieString is : "+ cookieString);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL return logoutURL;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster /**
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Returns the Session ID for the request.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * The cookie in the request for invalid sessions
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * is in authentication cookie, <code>com.iplanet.am.auth.cookie</code>,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * and for active/inactive sessions in <code>com.iplanet.am.cookie</code>.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster *
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param request HttpServletRequest object.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @return session id for this request.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster */
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster private static SessionID getSidFromCookie(HttpServletRequest request) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster SessionID sessionID = null;
a3ad5b897425a56b9765727e7ccea4679662411ePeter Major //Let's check the URL first in case this is a forwarded request from Federation. URL should have precedence
a3ad5b897425a56b9765727e7ccea4679662411ePeter Major //over the actual cookie value, so this way a new federated auth can always start with a clear auth session.
a3ad5b897425a56b9765727e7ccea4679662411ePeter Major String sidValue = SessionEncodeURL.getSidFromURL(request, getAuthCookieName());
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (sidValue == null) {
a3ad5b897425a56b9765727e7ccea4679662411ePeter Major sidValue = CookieUtils.getCookieValueFromReq(request, getAuthCookieName());
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
f8143b41df708513215262ee90734c78495c6538Peter Major if (sidValue != null && !sidValue.isEmpty()) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster sessionID = new SessionID(sidValue);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster utilDebug.message("sidValue from Auth Cookie");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
f8143b41df708513215262ee90734c78495c6538Peter Major return sessionID;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster /**
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Returns the Session ID for this request. If Authetnication Cookie and
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Valid AM Cookie are there and request method is GET then use Valid
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * AM Cookie else use Auth Cookie. The cookie in the request for invalid
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * sessions is in auth cookie, <code>com.iplanet.am.auth.cookie</code>,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * and for active/inactive sessions in <code>com.iplanet.am.cookie</code>.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster *
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param request HTTP Servlet Request.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @return Session ID for this request.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster */
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public static SessionID getSessionIDFromRequest(HttpServletRequest request) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster boolean isGetRequest= (request !=null &&
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster request.getMethod().equalsIgnoreCase("GET"));
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster SessionID amCookieSid = new SessionID(request);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster SessionID authCookieSid = getSidFromCookie(request);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster SessionID sessionID;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (authCookieSid == null) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster sessionID = amCookieSid;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster } else {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (isGetRequest) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster sessionID = amCookieSid;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster } else {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster sessionID = authCookieSid;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (utilDebug.messageEnabled()) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster utilDebug.message("AuthUtils:returning sessionID:" + sessionID);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL return sessionID;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster /**
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Returns <code>true</code> if the request has the
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * <code>arg=newsession</code> query parameter.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster *
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param reqDataHash Request Data Hashtable.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * returns <code>true</code> if this parameter is present.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster */
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public static boolean newSessionArgExists(Hashtable reqDataHash) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String arg = (String) reqDataHash.get("arg");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster boolean newSessionArgExists =
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster (arg != null) && arg.equals("newsession");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (utilDebug.messageEnabled()) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster utilDebug.message("newSessionArgExists : " + newSessionArgExists);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL return newSessionArgExists;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // Get the AuthContext.IndexType given string index type value
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public static AuthContext.IndexType getIndexType(String strIndexType) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster AuthContext.IndexType indexType = null;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (utilDebug.messageEnabled()) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster utilDebug.message("getIndexType : strIndexType = " + strIndexType);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (strIndexType != null) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (strIndexType.equalsIgnoreCase("user")) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster indexType = AuthContext.IndexType.USER;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster } else if (strIndexType.equalsIgnoreCase("role")) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster indexType = AuthContext.IndexType.ROLE;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster } else if (strIndexType.equalsIgnoreCase("service")) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster indexType = AuthContext.IndexType.SERVICE;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster } else if (strIndexType.equalsIgnoreCase("module_instance")) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster indexType = AuthContext.IndexType.MODULE_INSTANCE;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster } else if (strIndexType.equalsIgnoreCase("level")) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster indexType = AuthContext.IndexType.LEVEL;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster } else if (strIndexType.equalsIgnoreCase("composite_advice")) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster indexType = AuthContext.IndexType.COMPOSITE_ADVICE;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (utilDebug.messageEnabled()) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster utilDebug.message("getIndexType : IndexType = " + indexType);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL return indexType;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // Get the index name given index type from the existing valid session
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public static String getIndexName(SSOToken ssoToken,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster AuthContext.IndexType indexType) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String indexName = "";
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster try {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (indexType == AuthContext.IndexType.USER) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster indexName = ssoToken.getProperty("UserToken");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster } else if (indexType == AuthContext.IndexType.ROLE) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster indexName = ssoToken.getProperty("Role");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster } else if (indexType == AuthContext.IndexType.SERVICE) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster indexName = ssoToken.getProperty("Service");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster } else if (indexType == AuthContext.IndexType.MODULE_INSTANCE) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster indexName =
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster getLatestIndexName(ssoToken.getProperty("AuthType"));
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster } else if (indexType == AuthContext.IndexType.LEVEL) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster indexName = ssoToken.getProperty("AuthLevel");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster } catch (Exception e) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (utilDebug.messageEnabled()) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster utilDebug.message("Error in getIndexName :"+ e.toString());
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL return indexName;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (utilDebug.messageEnabled()) {
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL utilDebug.message("getIndexName : IndexType='{}', IndexName='{}'", indexType, indexName);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL return indexName;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // Get the first or latest index name from the string of index names
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // separated by "|".
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster private static String getLatestIndexName(String indexName) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String firstIndexName = indexName;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (indexName != null) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster StringTokenizer st = new StringTokenizer(indexName,"|");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (st.hasMoreTokens()) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster firstIndexName = (String)st.nextToken();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL return firstIndexName;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // search valve in the String
9160e3a1ec0de94808cbc042cf0f9d449430a126Phill Cunnington public static boolean isContain(String value, String key) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (value == null) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster return (false);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster try {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (value.indexOf("|") != -1) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster StringTokenizer st = new StringTokenizer(value, "|");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster while (st.hasMoreTokens()) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if ((st.nextToken()).equals(key)) {
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL return true;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster } else {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (value.trim().equals(key.trim())) {
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL return true;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster } catch (Exception e) {
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL utilDebug.error("AuthClientUtils.isContain: error : ", e);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL return false;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // Method to check if this is Session Upgrade
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public static boolean checkSessionUpgrade(
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster SSOToken ssoToken,Hashtable reqDataHash) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster utilDebug.message("Check Session upgrade!");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String tmp = null;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String value = null;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster boolean upgrade = false;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster try {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (reqDataHash.get("user")!=null) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (utilDebug.messageEnabled()) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster utilDebug.message("AuthClientUtils.checkSessionUpgrade: user");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster tmp = (String) reqDataHash.get("user");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster value = ssoToken.getProperty("UserToken");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (utilDebug.messageEnabled()) {
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL utilDebug.message("user='{}', userToken ='{}'", tmp, value);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (!tmp.equals(value)) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster upgrade = true;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster } else if (reqDataHash.get("role")!=null) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (utilDebug.messageEnabled()) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster utilDebug.message("AuthClientUtils.checkSessionUpgrade: role");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster tmp = (String) reqDataHash.get("role");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster value = ssoToken.getProperty("Role");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (!isContain(value, tmp)) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster upgrade = true;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster } else if (reqDataHash.get("service")!=null &&
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster reqDataHash.get(Constants.COMPOSITE_ADVICE) == null) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if(utilDebug.messageEnabled()) {
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL utilDebug.message("AuthClientUtils.checkSessionUpgrade:service");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster tmp = (String) reqDataHash.get("service");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster value = ssoToken.getProperty("Service");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (!isContain(value, tmp)) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster upgrade = true;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster } else if (reqDataHash.get("module")!=null) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (utilDebug.messageEnabled()) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster utilDebug.message("AuthClientUtils.checkSessionUpgrade:module");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster tmp = (String) reqDataHash.get("module");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster value = ssoToken.getProperty("AuthType");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (!isContain(value, tmp)) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster upgrade = true;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster } else if (reqDataHash.get("authlevel")!=null) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (utilDebug.messageEnabled()) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster utilDebug.message("checksessionUpgrade: authlevel");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster int i = Integer.parseInt((String)reqDataHash.get("authlevel"));
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (i>Integer.parseInt(ssoToken.getProperty("AuthLevel"))) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster upgrade = true;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster } else if ( reqDataHash.get(Constants.COMPOSITE_ADVICE) != null ) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (utilDebug.messageEnabled()) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster utilDebug.message("checksessionUpgrade: composite advice");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster upgrade = true;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster } catch (Exception e) {
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL utilDebug.message("Exception in checkSessionUpgrade : ", e);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (utilDebug.messageEnabled()) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster utilDebug.message("Check session upgrade : " + upgrade);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL return upgrade;
b5d806442d0311234a3612ec0e1a04ed70a4e8e2Peter Major }
b5d806442d0311234a3612ec0e1a04ed70a4e8e2Peter Major
b5d806442d0311234a3612ec0e1a04ed70a4e8e2Peter Major /**
b5d806442d0311234a3612ec0e1a04ed70a4e8e2Peter Major * Tells whether the incoming request corresponds to a session upgrade or ForceAuth.
b5d806442d0311234a3612ec0e1a04ed70a4e8e2Peter Major *
b5d806442d0311234a3612ec0e1a04ed70a4e8e2Peter Major * @param request The incoming HttpServletRequest.
b5d806442d0311234a3612ec0e1a04ed70a4e8e2Peter Major * @return <code>true</code> if the request corresponds to a session upgrade or ForceAuth, <code>false</code>
b5d806442d0311234a3612ec0e1a04ed70a4e8e2Peter Major * otherwise.
b5d806442d0311234a3612ec0e1a04ed70a4e8e2Peter Major */
b5d806442d0311234a3612ec0e1a04ed70a4e8e2Peter Major public static boolean isSessionUpgradeOrForceAuth(HttpServletRequest request) {
b5d806442d0311234a3612ec0e1a04ed70a4e8e2Peter Major Hashtable reqDataHash = parseRequestParameters(request);
b5d806442d0311234a3612ec0e1a04ed70a4e8e2Peter Major boolean isForceAuth = forceAuthFlagExists(reqDataHash);
b5d806442d0311234a3612ec0e1a04ed70a4e8e2Peter Major if (!isForceAuth) {
b5d806442d0311234a3612ec0e1a04ed70a4e8e2Peter Major try {
b5d806442d0311234a3612ec0e1a04ed70a4e8e2Peter Major SSOTokenManager tokenManager = SSOTokenManager.getInstance();
b5d806442d0311234a3612ec0e1a04ed70a4e8e2Peter Major SSOToken token = tokenManager.createSSOToken(request);
b5d806442d0311234a3612ec0e1a04ed70a4e8e2Peter Major return checkSessionUpgrade(token, reqDataHash);
b5d806442d0311234a3612ec0e1a04ed70a4e8e2Peter Major } catch (SSOException ssoe) {
b5d806442d0311234a3612ec0e1a04ed70a4e8e2Peter Major if (utilDebug.messageEnabled()) {
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL utilDebug.message("Unable to create sso token for isSessionUpgrade check: ", ssoe);
b5d806442d0311234a3612ec0e1a04ed70a4e8e2Peter Major }
b5d806442d0311234a3612ec0e1a04ed70a4e8e2Peter Major }
b5d806442d0311234a3612ec0e1a04ed70a4e8e2Peter Major }
b5d806442d0311234a3612ec0e1a04ed70a4e8e2Peter Major
b5d806442d0311234a3612ec0e1a04ed70a4e8e2Peter Major return isForceAuth;
b5d806442d0311234a3612ec0e1a04ed70a4e8e2Peter Major }
b5d806442d0311234a3612ec0e1a04ed70a4e8e2Peter Major
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public static String getCookieURLForSessionUpgrade(HttpServletRequest request) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String cookieURL = null;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster try {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster SSOTokenManager tokenManager = SSOTokenManager.getInstance();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster SSOToken token = tokenManager.createSSOToken(request);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster Hashtable reqDataHash = parseRequestParameters(request);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (tokenManager.isValidToken(token)) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster cookieURL = getCookieURL(new SessionID(token.getTokenID().toString()));
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (cookieURL != null && !isLocalServer(cookieURL, true)
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster && (forceAuthFlagExists(reqDataHash)
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster || checkSessionUpgrade(token, reqDataHash))) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster return cookieURL;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster } catch (SSOException ssoe) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (utilDebug.messageEnabled()) {
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL utilDebug.message("SSOException occurred while checking session upgrade case", ssoe);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster return null;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public static String getCookieURL(SessionID sessionID) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String cookieURL = null;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster try {
35ab1c5bca11317474fe12bdd8d22c17cdaf2697Robert Wapshott URL sessionServerURL = sessionServiceURLService.getSessionServiceURL(sessionID);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster cookieURL = sessionServerURL.getProtocol()
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster + "://" + sessionServerURL.getHost() + ":"
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster + Integer.toString(sessionServerURL.getPort()) + serviceURI;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster } catch (SessionException se) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (utilDebug.messageEnabled()) {
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL utilDebug.message("LoginServlet error in Session : ", se);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster return cookieURL;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public static boolean isClientDetectionEnabled() {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster boolean clientDetectionEnabled = false;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (clientDetector != null) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster clientDetectionEnabled = clientDetector.isDetectionEnabled();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster } else {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster utilDebug.message("getClientDetector,Service does not exist");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (utilDebug.messageEnabled()) {
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL utilDebug.message("clientDetectionEnabled = " + clientDetectionEnabled);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL return clientDetectionEnabled;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster /**
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Returns the client type. If client detection is enabled then
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * client type is determined by the <code>ClientDetector</code> class otherwise
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * <code>defaultClientType</code> set in
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * <code>iplanet-am-client-detection-default-client-type</code>
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * is assumed to be the client type.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster *
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param req HTTP Servlet Request.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @return client type.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster */
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public static String getClientType(HttpServletRequest req) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (isClientDetectionEnabled() && (clientDetector != null)) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (utilDebug.messageEnabled()) {
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL utilDebug.message("clienttype = " + clientDetector.getClientType(req));
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster return (clientDetector.getClientType(req));
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster return (getDefaultClientType());
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster /**
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Get default client
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster */
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public static String getDefaultClientType() {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String defaultClientType = DEFAULT_CLIENT_TYPE;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (defaultClient != null) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster try {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster defaultClientType = defaultClient.getClientType();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // add observer, so auth will be notified if the client changed
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // defClient.addObserver(this);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster } catch (Exception e) {
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL utilDebug.error("getDefaultClientType Error : ", e);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (utilDebug.messageEnabled()) {
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL utilDebug.message("getDefaultClientType, ClientType = " + defaultClientType);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL return defaultClientType;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster /**
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * return the client Object associated with a clientType
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * default instance is returned if the instance could not be found
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster */
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster private static Client getClientInstance(String clientType) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (!clientType.equals(getDefaultClientType())) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster try {
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL return AuthClient.getInstance(clientType, null);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster } catch (Exception ce) {
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL utilDebug.warning("getClientInstance: clientType='{}'", clientType, ce);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL return defaultClient;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster /**
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Returns the requested property from clientData (example fileIdentifer).
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster *
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param clientType
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param property
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @return the requested property from clientData.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster */
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster private static String getProperty(String clientType, String property) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (clientDetector == null || !isClientDetectionEnabled()) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster return null;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster try {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster return (getClientInstance(clientType).getProperty(property));
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster } catch (Exception ce) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // which means we did not get the client Property
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL utilDebug.warning("Error retrieving Client Data : property='{}'", property, ce);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // if this was not the default client type then lets
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // try to get the default client Property
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL return getDefaultProperty(property);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster /**
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * return the requested property for default client
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster */
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public static String getDefaultProperty(String property) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster try {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster return (defaultClient.getProperty(property));
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster } catch (Exception ce) {
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL utilDebug.warning("Could not get property='{}'", property, ce);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster return (null);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster /**
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * return the charset associated with the clientType
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster */
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public static String getCharSet(String clientType,java.util.Locale locale) {
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL String charset = Client.CDM_DEFAULT_CHARSET;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (isClientDetectionEnabled()) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster try {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster charset = getClientInstance(clientType).getCharset(locale);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster } catch (Exception ce) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (utilDebug.warningEnabled()) {
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL utilDebug.warning("AuthClientUtils.getCharSet:Client data was not found, setting charset to UTF-8.");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster charset = Constants.CONSOLE_UI_DEFAULT_CHARSET;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (utilDebug.messageEnabled()) {
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL utilDebug.message("AuthClientUtils.getCharSet: Charset from Client is charset='{}'", charset);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster } else {
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL charset = Constants.CONSOLE_UI_DEFAULT_CHARSET;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster return (charset);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster /**
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * return the filePath associated with a clientType
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster */
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public static String getFilePath(String clientType) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String filePath = getProperty(clientType,"filePath");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (filePath == null) {
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL return DEFAULT_FILE_PATH;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL return filePath;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster /**
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * return the contentType associated with a clientType
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * if no contentType found then return the default
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster */
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public static String getContentType(String clientType) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String contentType = getProperty(clientType,"contentType");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (contentType == null) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster return (DEFAULT_CONTENT_TYPE);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL return contentType;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster /**
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * for url rewriting with session id we need to know whether
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * cookies are supported
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * RFE 4412286
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster */
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public static String getCookieSupport(String clientType) {
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL String cookieSup = getProperty(clientType, "cookieSupport");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (cookieSup == null) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster return (DEFAULT_COOKIE_SUPPORT);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL return cookieSup;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster /**
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * determine if this client is an html client
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster */
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public static boolean isGenericHTMLClient(String clientType) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String type = getProperty(clientType,"genericHTML");
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL return type == null || "true".equals(type);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster /* return true if cookiSupport is true or cookieDetection
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * mode has been detected .This is used to determine
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * whether cookie should be set in response or not.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster */
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public static boolean isSetCookie(String clientType) {
3d6aee7121714bbefc14dc1fa93b07f985700eb2David Luna boolean setCookie = setCookieVal(clientType, "true");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (utilDebug.messageEnabled()) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster utilDebug.message("setCookie : " + setCookie);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL return setCookie;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster /* checks the cookieDetect , cookieSupport values to
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * determine if cookie should be rewritten or set.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster */
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public static boolean setCookieVal(String clientType,String value) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String cookieSupport = getCookieSupport(clientType);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster boolean cookieDetect = getCookieDetect(cookieSupport);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster boolean cookieSup = ((cookieSupport !=null) &&
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster (cookieSupport.equalsIgnoreCase(value) ||
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster cookieSupport.equalsIgnoreCase(
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster ISAuthConstants.COOKIE_DETECT_PROPERTY)));
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster boolean setCookie = (cookieSup || cookieDetect) ;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (utilDebug.messageEnabled()) {
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL utilDebug.message("cookieSupport='{}', cookieDetect='{}', setCookie='{}'", cookieSupport, cookieDetect,
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL setCookie);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL return setCookie;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster /** Returns true if cookieDetect mode else false.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param cookieSupport , whether cookie is supported or not.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @return true if cookieDetect mode else false
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster */
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public static boolean getCookieDetect(String cookieSupport) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster boolean cookieDetect
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL = ((cookieSupport == null) ||
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster (cookieSupport.equalsIgnoreCase(
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster ISAuthConstants.COOKIE_DETECT_PROPERTY)));
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (utilDebug.messageEnabled()) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster utilDebug.message("CookieDetect : " + cookieDetect);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL return cookieDetect;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster /**
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Extracts the client URL from the String passed
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * URL passed is in the format clientType | URL
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param urlString is a String , a URL
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param index is the position of delimiter "|"
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @return Returns the client URL.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster */
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public static String getClientURLFromString(String urlString,int index,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster HttpServletRequest request) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String clientURL = null;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (urlString != null) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String clientTypeInUrl = urlString.substring(0,index);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if ((clientTypeInUrl != null) &&
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster (clientTypeInUrl.equals(getClientType(request)))) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (urlString.length() > index) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster clientURL = urlString.substring(index+1);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (utilDebug.messageEnabled()) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster utilDebug.message("Client URL is :" + clientURL);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL return clientURL;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster /* return true if cookieSupport is false and cookie Detect
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * mode (which is rewrite as well as set cookie the first
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * time). This determines whether url should be rewritten
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * or not.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster */
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public static boolean isUrlRewrite(String clientType) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster boolean rewriteURL = setCookieVal(clientType,"false");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (utilDebug.messageEnabled()) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster utilDebug.message("rewriteURL : " + rewriteURL);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL return rewriteURL;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public static String getDSAMEVersion() {
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL return dsameVersion;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
fd8e00bb4008ddccf0430ca49ecbdbef27e6a2acMark de Reeper public static boolean isVersionHeaderEnabled() {
fd8e00bb4008ddccf0430ca49ecbdbef27e6a2acMark de Reeper return isVersionHeaderEnabled;
fd8e00bb4008ddccf0430ca49ecbdbef27e6a2acMark de Reeper }
fd8e00bb4008ddccf0430ca49ecbdbef27e6a2acMark de Reeper
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster /**Returns the Auth Cookie Name.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster *
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @return authCookieName, a String,the auth cookie name.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster */
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public static String getAuthCookieName() {
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL return authCookieName;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster /**Returns the Dist Auth Cookie Name.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster *
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @return authCookieName, a String, the dist auth cookie name.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster */
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public static String getDistAuthCookieName() {
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL return distAuthCookieName;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public static String getCookieName() {
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL return cookieName;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public static String getlbCookieName() {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String loadBalanceCookieName = null;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (SystemProperties.isServerMode()) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster loadBalanceCookieName = SystemProperties.get(
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster Constants.AM_LB_COOKIE_NAME,"amlbcookie");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster } else {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster loadBalanceCookieName = SystemProperties.get(
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster Constants.AM_DISTAUTH_LB_COOKIE_NAME);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if(utilDebug.messageEnabled()){
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL utilDebug.message("AuthClientUtils.getlbCookieName() loadBalanceCookieName is:"
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL + loadBalanceCookieName);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster return loadBalanceCookieName;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public static String getlbCookieValue() {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (SystemProperties.isServerMode()) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster try {
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL return WebtopNaming.getLBCookieValue(WebtopNaming.getAMServerID());
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster } catch (Exception e) {
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL if(utilDebug.messageEnabled()){
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL utilDebug.message("AuthClientUtils.getlbCookieValue(). Can't get the lbCookie value.", e);
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL }
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL return null;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster } else {
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL return SystemProperties.get(Constants.AM_DISTAUTH_LB_COOKIE_VALUE);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
6cf99bcf5206a0fcc9dd9296fc46ac28c3fe8adePeter Major /**
6cf99bcf5206a0fcc9dd9296fc46ac28c3fe8adePeter Major * Return the set of cookie domains configured in Platform settings. Whenever possible, use
6cf99bcf5206a0fcc9dd9296fc46ac28c3fe8adePeter Major * {@link #getCookieDomainsForRequest(HttpServletRequest)} instead.
6cf99bcf5206a0fcc9dd9296fc46ac28c3fe8adePeter Major *
6cf99bcf5206a0fcc9dd9296fc46ac28c3fe8adePeter Major * @return The set of configured cookie domains. May contain null.
6cf99bcf5206a0fcc9dd9296fc46ac28c3fe8adePeter Major */
b1d33c0a07fc2bb7ed7d4712f62492aee8dcc650David Luna public static Set<String> getCookieDomains() {
b1d33c0a07fc2bb7ed7d4712f62492aee8dcc650David Luna Set<String> cookieDomains = Collections.EMPTY_SET;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster try {
b1d33c0a07fc2bb7ed7d4712f62492aee8dcc650David Luna SSOToken token = AccessController.doPrivileged(
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster AdminTokenAction.getInstance());
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster try {
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL ServiceSchemaManager scm = new ServiceSchemaManager("iPlanetAMPlatformService",token);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster ServiceSchema psc = scm.getGlobalSchema();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster Map attrs = psc.getAttributeDefaults();
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL cookieDomains = (Set)attrs.get(ISAuthConstants.PLATFORM_COOKIE_DOMAIN_ATTR);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster } catch (SMSException ex) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // Ignore the exception and leave cookieDomains empty;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster utilDebug.message("getCookieDomains - SMSException ");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (cookieDomains == null) {
449854c2a07b50ea64d9d6a8b03d18d4afeeee43Ken Stubbings cookieDomains = Collections.singleton(null);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster } catch (SSOException ex) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // unable to get SSOToken
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster utilDebug.message("getCookieDomains - SSOException ");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (utilDebug.messageEnabled() && (!cookieDomains.isEmpty())) {
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL StringBuilder message = new StringBuilder("CookieDomains : ");
b1d33c0a07fc2bb7ed7d4712f62492aee8dcc650David Luna for (String cookieDomain : cookieDomains) {
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL message.append(" '").append(cookieDomain).append("'");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL utilDebug.message(message.toString());
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
b1d33c0a07fc2bb7ed7d4712f62492aee8dcc650David Luna return cookieDomains;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster /**
6cf99bcf5206a0fcc9dd9296fc46ac28c3fe8adePeter Major * Find the cookie domains from the cookie domain list based on the hostname of the incoming request.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster *
6cf99bcf5206a0fcc9dd9296fc46ac28c3fe8adePeter Major * @param request HttpServletRequest request.
6cf99bcf5206a0fcc9dd9296fc46ac28c3fe8adePeter Major * @return Set of the matching cookie domains. May contain null.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster */
6cf99bcf5206a0fcc9dd9296fc46ac28c3fe8adePeter Major public static Set<String> getCookieDomainsForRequest(HttpServletRequest request) {
6cf99bcf5206a0fcc9dd9296fc46ac28c3fe8adePeter Major Set<String> domains = getCookieDomains();
6cf99bcf5206a0fcc9dd9296fc46ac28c3fe8adePeter Major if (request == null) {
6cf99bcf5206a0fcc9dd9296fc46ac28c3fe8adePeter Major return domains;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
6cf99bcf5206a0fcc9dd9296fc46ac28c3fe8adePeter Major domains = CookieUtils.getMatchingCookieDomains(request, domains);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (utilDebug.messageEnabled()) {
6cf99bcf5206a0fcc9dd9296fc46ac28c3fe8adePeter Major utilDebug.message("AuthClientUtils:getCookieDomainsForRequest returns " + domains);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
6cf99bcf5206a0fcc9dd9296fc46ac28c3fe8adePeter Major
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster return domains;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster /* This method returns the organization DN.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * The organization DN is deteremined based on
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * the query parameters "org" OR "domain" OR
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * the server host name. For backward compatibility
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * the orgname will be determined from requestURI
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * in the case where either query params OR server host
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * name are not valid and orgDN cannot be found.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * The orgDN is determined based on and in order,by the SDK:
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * 1. OrgDN - organization dn.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * 2. Domain - check if org is a domain by trying to get
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * domain component
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * 3 Org path- check if the orgName passed is a path (eg."/suborg1")
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * 4. URL - check if the orgName passed is a DNS alias (URL).
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * 5. If no orgDN is found null is returned.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param orgParam is the org or domain query param ,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * or the server host name
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param noQueryParam is a boolean indicating that the
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * the request did not have query.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param request is the HttpServletRequest object
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @return A String which is the organization DN
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster */
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public static String getOrganizationDN(String orgParam,boolean noQueryParam,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster HttpServletRequest request) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String orgName = null;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster SSOToken token = (SSOToken) AccessController.doPrivileged(
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster AdminTokenAction.getInstance());
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // try to get the host name if org or domain Param is null
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster try {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster orgName = IdUtils.getOrganization(token,orgParam);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if ((orgName != null) && (orgName.length() != 0)) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster orgName = orgName.toLowerCase();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster } catch (Exception oe) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (utilDebug.messageEnabled()) {
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL utilDebug.message("Could not get orgName", oe);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // if orgName is null then match the DNS Alias Name
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // to the full url ie. proto:/server/amserver/UI/Login
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // This is for backward compatibility
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (((orgName == null) || orgName.length() == 0) && (noQueryParam)) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (request != null) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String url = request.getRequestURL().toString();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster int index = url.indexOf(";");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (index != -1) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster orgParam = stripPort(url.substring(0,index));
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster } else {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster orgParam = stripPort(url);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster try {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster orgName = IdUtils.getOrganization(token,orgParam);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster } catch (Exception e) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (utilDebug.messageEnabled()) {
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL utilDebug.message("Could not get orgName='{}'", orgParam, e);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (utilDebug.messageEnabled()) {
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL utilDebug.message("getOrganizationDN : orgParam.='{}', orgDN='{}'", orgParam, orgName);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL return orgName;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster /** This method determines the org parameter
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * and determines the organization DN based on
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * query parameters.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * The organization DN is determined based on
03e319d6edecb454bdd9f18ad80f545ab4a64a17Peter Major * the policy advice OR
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * the query parameters "org" OR "domain" OR
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * the server host name. For backward compatibility
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * the orgname will be determined from requestURI
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * in the case where either query params OR server host
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * name are not valid and orgDN cannot be found.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * The orgDN is determined based on and in order,by the SDK:
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * 1. OrgDN - organization dn.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * 2. Domain - check if org is a domain by trying to get
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * domain component
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * 3 Org path- check if the orgName passed is a path (eg."/suborg1")
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * 4. URL - check if the orgName passed is a DNS alias (URL).
03e319d6edecb454bdd9f18ad80f545ab4a64a17Peter Major * 5. Policy Advice will be checked for realm advice, or realm component in
03e319d6edecb454bdd9f18ad80f545ab4a64a17Peter Major * the advice
03e319d6edecb454bdd9f18ad80f545ab4a64a17Peter Major * 6. If no orgDN is found null is returned.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster *
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param request HTTP Servlet Request object.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param requestHash Query Hashtable.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @return Organization DN.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster */
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public static String getDomainNameByRequest(
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster HttpServletRequest request,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster Hashtable requestHash) {
03e319d6edecb454bdd9f18ad80f545ab4a64a17Peter Major
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster boolean noQueryParam=false;
03e319d6edecb454bdd9f18ad80f545ab4a64a17Peter Major String realm = getRealmFromPolicyAdvice(requestHash);
0e8c9f52da2a5befd2b6822ee39d3b0dbafc8781Phill Cunnington if (realm == null) {
0e8c9f52da2a5befd2b6822ee39d3b0dbafc8781Phill Cunnington realm = getRealmFromAttribute(request);
0e8c9f52da2a5befd2b6822ee39d3b0dbafc8781Phill Cunnington }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String orgParam = getOrgParam(requestHash);
03e319d6edecb454bdd9f18ad80f545ab4a64a17Peter Major if (realm != null) {
03e319d6edecb454bdd9f18ad80f545ab4a64a17Peter Major //Policy Advice has precedence over GET parameter
03e319d6edecb454bdd9f18ad80f545ab4a64a17Peter Major orgParam = realm;
03e319d6edecb454bdd9f18ad80f545ab4a64a17Peter Major }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (utilDebug.messageEnabled()) {
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL utilDebug.message("orgParam='{}'", orgParam);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // try to get the host name if org or domain Param is null
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if ((orgParam == null) || (orgParam.length() == 0)) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster noQueryParam= true;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster orgParam = request.getServerName();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (utilDebug.messageEnabled()) {
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL utilDebug.message("Hostname='{}'", orgParam);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String orgDN = getOrganizationDN(orgParam,noQueryParam,request);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (utilDebug.messageEnabled()) {
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL utilDebug.message("orgDN='{}'", orgDN);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL return orgDN;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
0e8c9f52da2a5befd2b6822ee39d3b0dbafc8781Phill Cunnington private static String getRealmFromAttribute(HttpServletRequest request) {
0e8c9f52da2a5befd2b6822ee39d3b0dbafc8781Phill Cunnington return (String) request.getAttribute(ISAuthConstants.REALM_PARAM);
0e8c9f52da2a5befd2b6822ee39d3b0dbafc8781Phill Cunnington }
0e8c9f52da2a5befd2b6822ee39d3b0dbafc8781Phill Cunnington
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster /**
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Returns the org or domain parameter passed as a query in the request.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster *
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param requestHash Hashtable containing the query parameters
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @return organization name.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster */
cd11a588d8e6635eef460baf7bd5fd98591aca24Peter Major public static String getOrgParam(Hashtable<String, String> requestHash) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String orgParam = null;
cd11a588d8e6635eef460baf7bd5fd98591aca24Peter Major if (requestHash != null && !requestHash.isEmpty()) {
cd11a588d8e6635eef460baf7bd5fd98591aca24Peter Major orgParam = requestHash.get(ISAuthConstants.DOMAIN_PARAM);
cd11a588d8e6635eef460baf7bd5fd98591aca24Peter Major if (orgParam == null || orgParam.length() == 0) {
cd11a588d8e6635eef460baf7bd5fd98591aca24Peter Major orgParam = requestHash.get(ISAuthConstants.ORG_PARAM);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
cd11a588d8e6635eef460baf7bd5fd98591aca24Peter Major if (orgParam == null || orgParam.length() == 0) {
cd11a588d8e6635eef460baf7bd5fd98591aca24Peter Major orgParam = requestHash.get(ISAuthConstants.REALM_PARAM);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
cd11a588d8e6635eef460baf7bd5fd98591aca24Peter Major return orgParam;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster static String stripPort(String in) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster try {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster URL url = new URL(in);
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL return url.getProtocol() + "://" + url.getHost()+ url.getFile();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster } catch (MalformedURLException ex) {
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL if (utilDebug.messageEnabled()) {
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL utilDebug.message("URL='{}' is mal formed", in, ex);
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL }
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL return in;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster /**
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Returns <code>true</code> if the host name in the URL is valid.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster *
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param hostName Host name.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @return <code>true</code> if the host name in the URL is valid.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster */
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public static boolean isValidFQDNRequest(String hostName) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (utilDebug.messageEnabled()) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster utilDebug.message("hostName is : " + hostName);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster boolean retVal = FQDNUtils.getInstance().isHostnameValid(hostName);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (utilDebug.messageEnabled()) {
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL if (retVal) {
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL utilDebug.message("hostname and fqdnDefault match returning true");
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL } else {
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL utilDebug.message("hostname and fqdnDefault don't match");
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster utilDebug.message("retVal is : " + retVal);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL return retVal;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster /**
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Returns the valid hostname from the fqdn map and constructs the correct
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * URL. The request will be forwarded to the new URL.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster *
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param partialHostName Partial host name.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param servletRequest HTTP Servlet Request.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster */
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL public static String getValidFQDNResource(String partialHostName, HttpServletRequest servletRequest) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (utilDebug.messageEnabled()) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster utilDebug.message("Get mapping for " + partialHostName);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // get mapping from table
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String validHostName =
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster FQDNUtils.getInstance().getFullyQualifiedHostName(partialHostName);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (validHostName == null) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster validHostName = partialHostName;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (utilDebug.messageEnabled()) {
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL utilDebug.message("fully qualified hostname :" + validHostName);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String requestURL = constructURL(validHostName,servletRequest);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (utilDebug.messageEnabled()) {
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL utilDebug.message("Request URL :" + requestURL);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL return requestURL;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster /* get the host name from the servlet request's host header or
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * get it using servletRequest:getServerName() in the case
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * where host header is not found
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster */
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public static String getHostName(HttpServletRequest servletRequest) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // get the host header
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String hostname = servletRequest.getHeader("host");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (hostname != null) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster int i = hostname.indexOf(":");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (i != -1) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster hostname = hostname.substring(0,i);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster } else {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster hostname = servletRequest.getServerName();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (utilDebug.messageEnabled()) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster utilDebug.message("Returning host name : " + hostname);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL return hostname;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster /* construct the url */
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster static String constructURL(String validHostName,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster HttpServletRequest servletRequest) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String scheme =
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster RequestUtils.getRedirectProtocol(
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster servletRequest.getScheme(),validHostName);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster int port = servletRequest.getServerPort();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String requestURI = servletRequest.getRequestURI();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String queryString = servletRequest.getQueryString();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster StringBuilder urlBuffer = new StringBuilder();
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL urlBuffer.append(scheme)
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL .append("://")
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL .append(validHostName)
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL .append(":")
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL .append(port)
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL .append(requestURI);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (queryString != null) {
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL urlBuffer.append("?").append(queryString);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String urlString = urlBuffer.toString();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (utilDebug.messageEnabled()) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster utilDebug.message("returning new url : " + urlString);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL return urlString;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster private static boolean ignoreParameter(String parameter) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster boolean ignore = false;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster for (int i = 0; i < ignoreList.length; i++) {
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL if (parameter.equalsIgnoreCase(ignoreList[i])) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster ignore = true;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster break;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster return ignore;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public static String constructLoginURL(HttpServletRequest request) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster StringBuilder loginURL = new StringBuilder(serviceURI);
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL StringBuilder queryString = new StringBuilder();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String clientEncoding = request.getCharacterEncoding();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String encoding = (clientEncoding != null) ? clientEncoding : "UTF-8";
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL boolean encoded = Boolean.parseBoolean(request.getParameter("encoded"));
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL
e08748a19c208005b9fccd4d4ca8281519eeec3dPeter Major if (request.getAttribute("javax.servlet.forward.servlet_path") != null) {
e08748a19c208005b9fccd4d4ca8281519eeec3dPeter Major //this is a forwarded request, we should only save the forwarded URL.
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL queryString.append(request.getQueryString());
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL if (queryString.length() > 0) {
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL loginURL.append('?')
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL .append(queryString);
e08748a19c208005b9fccd4d4ca8281519eeec3dPeter Major }
e08748a19c208005b9fccd4d4ca8281519eeec3dPeter Major
e08748a19c208005b9fccd4d4ca8281519eeec3dPeter Major if (utilDebug.messageEnabled()) {
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL utilDebug.message("constructLoginURL: Returning login url for forwarded request: " + loginURL);
e08748a19c208005b9fccd4d4ca8281519eeec3dPeter Major }
e08748a19c208005b9fccd4d4ca8281519eeec3dPeter Major return loginURL.toString();
e08748a19c208005b9fccd4d4ca8281519eeec3dPeter Major }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster Enumeration parameters = request.getParameterNames();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster for ( ; parameters.hasMoreElements() ;) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String parameter = (String)parameters.nextElement();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if(utilDebug.messageEnabled()) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster utilDebug.message("constructLoginURL:parameter: "+parameter);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if(!ignoreParameter(parameter)){
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // This will nornally be the case when browser back button is
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // used and the form is posted again with the base64 encoded
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // parameters
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (parameter.equalsIgnoreCase("SunQueryParamsString")) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String queryParams = request.getParameter(parameter);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if ((queryParams != null) && (queryParams.length()>0)){
20047479f8803c17039bbf35e28b4e232beb9da9Quentin CASTEL String decodedQueryParams = Base64.decodeAsUTF8String(queryParams);
20047479f8803c17039bbf35e28b4e232beb9da9Quentin CASTEL if (decodedQueryParams == null && utilDebug.warningEnabled()) {
20047479f8803c17039bbf35e28b4e232beb9da9Quentin CASTEL utilDebug.warning("Parameter ['{}']='{}' should be base64 encoded", parameter, queryParams);
20047479f8803c17039bbf35e28b4e232beb9da9Quentin CASTEL }
20047479f8803c17039bbf35e28b4e232beb9da9Quentin CASTEL queryParams = decodedQueryParams;
cd085ff36bed57615d33434450ffc7c44ca016edDavid Luna }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if ((queryParams != null) &&
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster (queryParams.length()>0)) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if(utilDebug.messageEnabled()) {
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL utilDebug.message("constructLoginURL: value: " + queryParams);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // This function will encode all the parameters in
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // SunQueryParamsString
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster queryParams = URLencodedSunQueryParamsString(queryParams,encoding);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL queryString.append(queryParams);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster } else {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String value = request.getParameter(parameter);
0b2aece2c87558d3b244db6f87263f6eb4177170Jon Jonthomas if (StringUtils.isNotEmpty(value)) {
0b2aece2c87558d3b244db6f87263f6eb4177170Jon Jonthomas if ((RedirectUrlValidator.GOTO.equals(parameter) ||
0b2aece2c87558d3b244db6f87263f6eb4177170Jon Jonthomas RedirectUrlValidator.GOTO_ON_FAIL.equals(parameter)) && encoded) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // Again this will be the case when browser back
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // button is used and the form is posted with the
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // base64 encoded parameters including goto
20047479f8803c17039bbf35e28b4e232beb9da9Quentin CASTEL String decodedValue = Base64.decodeAsUTF8String(value);
20047479f8803c17039bbf35e28b4e232beb9da9Quentin CASTEL if (decodedValue == null && utilDebug.warningEnabled()) {
20047479f8803c17039bbf35e28b4e232beb9da9Quentin CASTEL utilDebug.warning("As parameter 'encoded' is true, parameter ['{}']='{}' should be base64" +
20047479f8803c17039bbf35e28b4e232beb9da9Quentin CASTEL " encoded", parameter, value);
20047479f8803c17039bbf35e28b4e232beb9da9Quentin CASTEL }
20047479f8803c17039bbf35e28b4e232beb9da9Quentin CASTEL value = decodedValue;
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL if(utilDebug.messageEnabled()) {
0b2aece2c87558d3b244db6f87263f6eb4177170Jon Jonthomas utilDebug.message("constructLoginURL: Base64 decoded "+parameter+"='{}'", value);
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL queryString.append(URLEncDec.encode(parameter)).append("=")
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL .append(URLEncDec.encode(getCharDecodedField(value, encoding)));
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (parameters.hasMoreElements()) {
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL queryString.append("&");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if(queryString.length() > 0){
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL loginURL.append("?")
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL .append(queryString);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (utilDebug.messageEnabled()) {
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL utilDebug.message("AuthClientUtils.constructLoginURL()returning URLEncoded login url : " + loginURL);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster return loginURL.toString();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster /**
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * This method takes in a String representing query parameters, and
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * URL encodes "sunamcompositeadvice" parameter out of it.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster */
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster private static String URLencodedCompositeAdvice(String queryParams) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster StringBuilder sb = new StringBuilder(400);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster StringTokenizer st = new StringTokenizer(queryParams, "&");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String adviceString = null;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster while (st.hasMoreTokens()) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String str = st.nextToken();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (str.indexOf(COMPOSITE_ADVICE) != -1 ) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster adviceString = str;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster } else {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster sb.append(str).append("&");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster int index = adviceString.indexOf("=");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String value = adviceString.substring(index+1);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster sb.append(COMPOSITE_ADVICE).append("=");
41202e15f589286770cacca433bbee5df379d00bAllan Foster sb.append(URLEncDec.encode(value));
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster return sb.toString();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster /**
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * This method takes in a String representing base64 decoded
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * SunQueryParamsString and URL encodes all the parameters
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * included in its value
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster */
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster protected static String URLencodedSunQueryParamsString(String queryParams,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String encoding){
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster StringBuilder sb = new StringBuilder(400);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster StringTokenizer st = new StringTokenizer(queryParams, "&");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster while (st.hasMoreTokens()) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String str = st.nextToken();
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL if (str.indexOf("=") != -1) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster int index = str.indexOf("=");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String parameter = str.substring(0,index);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String value = str.substring(index+1);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if(parameter.equalsIgnoreCase("realm")||
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster parameter.equalsIgnoreCase("org")||
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster parameter.equalsIgnoreCase("module")){
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL value = getCharDecodedField(value, encoding);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
41202e15f589286770cacca433bbee5df379d00bAllan Foster sb.append(URLEncDec.encode(parameter));
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster sb.append("=");
41202e15f589286770cacca433bbee5df379d00bAllan Foster sb.append(URLEncDec.encode(value));
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if(st.hasMoreTokens()){
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster sb.append("&");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster return sb.toString();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // Get Original Redirect URL for Auth to redirect the Login request
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public static SSOToken getExistingValidSSOToken(SessionID sessID) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster SSOToken ssoToken = null;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster try {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (sessID != null) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String sidString = sessID.toString();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster SSOTokenManager manager = SSOTokenManager.getInstance();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster SSOToken currentToken = manager.createSSOToken(sidString);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (manager.isValidToken(currentToken)) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster ssoToken = currentToken;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster } catch (Exception e) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (utilDebug.messageEnabled()) {
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL utilDebug.message("Error in getExistingValidSSOToken", e);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL return ssoToken;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL return ssoToken;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // Check for Session Timed Out
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // If Session is Timed Out Exception is thrown
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public static boolean isTimedOut(SessionID sessID) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster boolean isTimedOut = false;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster try {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (sessID != null) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String sidString = sessID.toString();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster SSOTokenManager manager = SSOTokenManager.getInstance();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster SSOToken currentToken = manager.createSSOToken(sidString);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (manager.isValidToken(currentToken)) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster isTimedOut = false;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster } catch (Exception e) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (e.getMessage().indexOf("Session timed out") != -1) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster isTimedOut = true;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (utilDebug.messageEnabled()) {
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL utilDebug.message("Session Timed Out :" + isTimedOut);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster return isTimedOut;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public static String getErrorVal(String errorCode,String type) {
3d6aee7121714bbefc14dc1fa93b07f985700eb2David Luna
3d6aee7121714bbefc14dc1fa93b07f985700eb2David Luna if (Locale.getDefaultLocale() != bundle.getLocale()) {
3d6aee7121714bbefc14dc1fa93b07f985700eb2David Luna bundle = Locale.getInstallResourceBundle(BUNDLE_NAME);
3d6aee7121714bbefc14dc1fa93b07f985700eb2David Luna }
3d6aee7121714bbefc14dc1fa93b07f985700eb2David Luna
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String errorMsg=null;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String templateName=null;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String resProperty = bundle.getString(errorCode);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (utilDebug.messageEnabled()) {
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL utilDebug.message("errorCod='{}', resProperty='{}'", errorCode, resProperty);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if ((resProperty != null) && (resProperty.length() != 0)) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster int commaIndex = resProperty.indexOf(MSG_DELIMITER);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (commaIndex != -1) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster templateName =
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster resProperty.substring(commaIndex+1,resProperty.length());
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster errorMsg = resProperty.substring(0,commaIndex);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster } else {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster errorMsg = resProperty;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL if (ERROR_MESSAGE.equals(type)) {
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL return errorMsg;
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL } else if (ERROR_TEMPLATE.equals(type)) {
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL return templateName;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster } else {
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL return null;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public static boolean isCookieSupported(HttpServletRequest req) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster boolean cookieSupported = true;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String cookieSupport = getCookieSupport(getClientType(req));
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL if ((cookieSupport != null) && "false".equals(cookieSupport)) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster cookieSupported = false;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL return cookieSupported;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public static boolean isCookieSet(HttpServletRequest req) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster boolean cookieSet = false;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String cookieSupport = getCookieSupport(getClientType(req));
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster boolean cookieDetect = getCookieDetect(cookieSupport);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (isClientDetectionEnabled() && cookieDetect) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster cookieSet = true;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL return cookieSet;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL public static Cookie createCookie(String name, String value, int maxAge, String cookieDomain) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster Cookie pCookie = CookieUtils.newCookie(name, value, "/", cookieDomain);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (maxAge >= 0) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster pCookie.setMaxAge(maxAge);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (utilDebug.messageEnabled()) {
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL utilDebug.message("pCookie='{}'", pCookie);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL return pCookie;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public static Cookie createlbCookie(String cookieDomain) throws AuthException {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster Cookie lbCookie = null;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster try {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (utilDebug.messageEnabled()) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster utilDebug.message("cookieDomain : " + cookieDomain);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String cookieName = getlbCookieName();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String cookieValue = getlbCookieValue();
42a452a9f1193f232b34e7c22706b8fe44207d3dPhill Cunnington lbCookie =
42a452a9f1193f232b34e7c22706b8fe44207d3dPhill Cunnington createCookie(
42a452a9f1193f232b34e7c22706b8fe44207d3dPhill Cunnington cookieName, cookieValue, -1, cookieDomain);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster return (lbCookie);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster } catch (Exception e) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster utilDebug.message("Unable to create Load Balance Cookie");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster throw new AuthException(AMAuthErrorCode.AUTH_ERROR, null);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster /**
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Returns the Cookie object created based on the <code>cookieName</code>,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Session ID and <code>cookieDomain</code>.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * If <code>AuthContext,/code> status is not <code>SUCCESS</code> then
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * cookie is created with authentication cookie Name, else AM Cookie Name
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * will be used to create cookie.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster *
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param ac the AuthContext object
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param cookieDomain the cookie domain for creating cookie.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @return Cookie object.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster */
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public static Cookie getCookieString(AuthContext ac, String cookieDomain) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster Cookie cookie = null;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String cookieName = getAuthCookieName();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String cookieValue = serverURL + serviceURI;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster try {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (ac.getStatus() == AuthContext.Status.SUCCESS) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster cookieName = getCookieName();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster cookieValue = ac.getAuthIdentifier();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster utilDebug.message("Create AM cookie");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster cookie = createCookie(cookieName,cookieValue,cookieDomain);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (CookieUtils.isCookieSecure()) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster cookie.setSecure(true);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster } catch (Exception e) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (utilDebug.messageEnabled()) {
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL utilDebug.message("Error getCookieString : ", e);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (utilDebug.messageEnabled()) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster utilDebug.message("Cookie is : " + cookie);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL return cookie;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster /**
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster ( Returns URL with the cookie value in the URL. The cookie in the
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * re-written URL will have the AM cookie if session is active/inactive
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * and authentication cookie if session is invalid.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster *
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param url URL to be encoded.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param request HTTP Servlet Request.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param ac Authentication Context.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @return the encoded URL.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster */
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public static String encodeURL(
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String url,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster HttpServletRequest request,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster AuthContext ac) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (isCookieSupported(request)) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster return (url);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String cookieName = getAuthCookieName();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (ac.getStatus() == AuthContext.Status.SUCCESS) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster cookieName = getCookieName();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String encodedURL = url;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (urlRewriteInPath) {
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL encodedURL = encodeURL(url,SessionUtils.SEMICOLON,false, cookieName,ac.getAuthIdentifier());
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster } else {
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL encodedURL = encodeURL(url,SessionUtils.QUERY,true, cookieName,ac.getAuthIdentifier());
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (utilDebug.messageEnabled()) {
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL utilDebug.message("encodeURL : URL='{}', \nRewritten URL='{}'", url, encodedURL);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL return encodedURL;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL private static String encodeURL(String url, short encodingScheme,boolean escape,
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL String cookieName, String strSessionID) {
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL String cookieStr = SessionEncodeURL.createCookieString(cookieName,strSessionID);
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL return SessionEncodeURL.encodeURL(cookieStr,url, encodingScheme,escape);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster /**
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Returns the resource based on the default values.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster *
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param request HTTP Servlet Request.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param fileName name of the file
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param locale Locale used for the search.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param servletContext Servlet Context for server
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @return Path to the resource.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster */
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public static String getDefaultFileName(
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster HttpServletRequest request,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String fileName,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster java.util.Locale locale,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster ServletContext servletContext) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String strlocale = "";
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (locale != null) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster strlocale = locale.toString();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String filePath = getFilePath(getClientType(request));
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String fileRoot = getFileRoot();
03e319d6edecb454bdd9f18ad80f545ab4a64a17Peter Major String orgDN;
03e319d6edecb454bdd9f18ad80f545ab4a64a17Peter Major try {
03e319d6edecb454bdd9f18ad80f545ab4a64a17Peter Major orgDN = getDomainNameByRequest(request, parseRequestParameters(request));
03e319d6edecb454bdd9f18ad80f545ab4a64a17Peter Major } catch (Exception ex) {
03e319d6edecb454bdd9f18ad80f545ab4a64a17Peter Major //in case we are unable to determine the realm from the incoming
03e319d6edecb454bdd9f18ad80f545ab4a64a17Peter Major //requests, let's fallback to top level realm
03e319d6edecb454bdd9f18ad80f545ab4a64a17Peter Major orgDN = getOrganizationDN("/", false, request);
03e319d6edecb454bdd9f18ad80f545ab4a64a17Peter Major }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String orgFilePath = getOrgFilePath(orgDN);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String templateFile = null;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster try {
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL templateFile = ResourceLookup.getFirstExisting(servletContext, fileRoot, strlocale, orgFilePath, filePath,
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL fileName, templatePath);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster } catch (Exception e) {
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL templateFile = new StringBuilder()
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL .append(templatePath)
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL .append(fileRoot)
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL .append(Constants.FILE_SEPARATOR)
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL .append(fileName).toString();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (utilDebug.messageEnabled()) {
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL utilDebug.message("getDefaultFileName:templateFile is :" + templateFile);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL return templateFile;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster /* get the root suffix , eg. o= isp */
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public static String getRootSuffix() {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // rootSuffix is already normalized in SMSEntry
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL return rootSuffix;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster /* get the root dir to start lookup from./<default org>
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * default is /default
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster */
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster protected static String getFileRoot() {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String fileRoot = ISAuthConstants.DEFAULT_DIR;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String rootOrgName = DNUtils.DNtoName(rootSuffix);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (utilDebug.messageEnabled()) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster utilDebug.message("rootOrgName is : " + rootOrgName);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (rootOrgName != null) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster fileRoot = rootOrgName;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster return (fileRoot);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster /* insert chartset in the filename */
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster private static String getCharsetFileName(String fileName) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster ISLocaleContext localeContext = new ISLocaleContext();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String charset = localeContext.getMIMECharset();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (fileName == null) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster return (null);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster int i = fileName.indexOf(".");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String charsetFilename = null;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (i != -1) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster charsetFilename = fileName.substring(0, i) + "_" + charset +
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster fileName.substring(i);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster } else {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster charsetFilename = fileName + "_" + charset;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (utilDebug.messageEnabled()) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster utilDebug.message("charsetFilename is : "+ charsetFilename);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL return charsetFilename;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster /* retrieve the resource (file) using resource lookup */
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public static String getResourceLocation(String fileRoot, String localeName,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String orgFilePath,String filePath,String filename,String templatePath,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster ServletContext servletContext,HttpServletRequest request) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String resourceName = null;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String clientType = getClientType(request);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if ((clientType != null) &&
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster (!clientType.equals(getDefaultClientType()))) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // non-HTML client
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String charsetFileName = getCharsetFileName(filename);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster resourceName =
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster ResourceLookup.getFirstExisting(servletContext,fileRoot,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster localeName,orgFilePath,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster filePath,charsetFileName,
4bafaa489ef7ef4a41a4bae8aa1dc28ebfecc13cPeter Major templatePath);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (resourceName == null) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster resourceName = ResourceLookup.getFirstExisting(servletContext,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster fileRoot,localeName,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster orgFilePath,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster filePath,filename,
4bafaa489ef7ef4a41a4bae8aa1dc28ebfecc13cPeter Major templatePath);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (utilDebug.messageEnabled()) {
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL utilDebug.message("resourceName='{}'", resourceName);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL return resourceName;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster /* constructs the filePath parameter for FileLookUp
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * filePath = indexName (service name) + clientPath (eg. html).
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster */
8664d1ad0030edb76938df2352bf8fb0dd64bff6Mark de Reeper public static String getFilePath(HttpServletRequest request, AuthContext.IndexType indexType, String indexName) {
8664d1ad0030edb76938df2352bf8fb0dd64bff6Mark de Reeper
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String filePath = getFilePath(getClientType(request));
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String serviceName = null;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster StringBuilder filePathBuffer = new StringBuilder();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // only if index name is service type then need it
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // as part of the filePath since service can have
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // have different auth template
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8664d1ad0030edb76938df2352bf8fb0dd64bff6Mark de Reeper if (AuthContext.IndexType.SERVICE.equals(indexType)) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster serviceName = indexName;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8664d1ad0030edb76938df2352bf8fb0dd64bff6Mark de Reeper if (filePath == null && serviceName == null) {
8664d1ad0030edb76938df2352bf8fb0dd64bff6Mark de Reeper return null;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8664d1ad0030edb76938df2352bf8fb0dd64bff6Mark de Reeper if (filePath != null && !filePath.isEmpty()) {
8664d1ad0030edb76938df2352bf8fb0dd64bff6Mark de Reeper filePathBuffer.append(Constants.FILE_SEPARATOR).append(filePath);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8664d1ad0030edb76938df2352bf8fb0dd64bff6Mark de Reeper if (serviceName != null && !serviceName.isEmpty()) {
8664d1ad0030edb76938df2352bf8fb0dd64bff6Mark de Reeper // To avoid issues with case-sensitive filesystems, always use the lowercase version of the serviceName
8664d1ad0030edb76938df2352bf8fb0dd64bff6Mark de Reeper filePathBuffer.append(Constants.FILE_SEPARATOR).append(serviceName.toLowerCase());
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String newFilePath = filePathBuffer.toString();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (utilDebug.messageEnabled()) {
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL utilDebug.message("FilePath='{}'", newFilePath);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8664d1ad0030edb76938df2352bf8fb0dd64bff6Mark de Reeper return newFilePath;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster /* retrieves the org path to search resource
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * eg. if orgDN = o=org1,o=org11,o=org12,dc=iplanet,dc=com
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * then orgFilePath will be org12/org11/org1
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster */
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public static String getOrgFilePath(String orgDN) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (utilDebug.messageEnabled()) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster utilDebug.message("getOrgFilePath : orgDN is: " + orgDN);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String normOrgDN = DNUtils.normalizeDN(orgDN);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String orgPath = null;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (normOrgDN != null) {
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL StringBuilder orgFilePath = new StringBuilder();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String remOrgDN = normOrgDN;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String orgName = null;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster while ((remOrgDN != null) && (remOrgDN.length() != 0)
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster && !remOrgDN.equals(getRootSuffix())) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster orgName = DNUtils.DNtoName(remOrgDN);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster orgFilePath = orgFilePath.insert(0,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster Constants.FILE_SEPARATOR+
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster orgName);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster int i = remOrgDN.indexOf(",");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (i != -1) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster remOrgDN = remOrgDN.substring(i+1);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster } else {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster break;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (utilDebug.messageEnabled()) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster utilDebug.message("remOrgDN is : "+ remOrgDN);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster orgPath = orgFilePath.toString();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (utilDebug.messageEnabled()) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster utilDebug.message("getOrgFilePath: orgPath is : " + orgPath);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL return orgPath;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster /**
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Returns the File name based on the given input values.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster *
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param fileName Name of the file.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param localeName Locale name.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param orgDN Organization distinguished name.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param servletRequest HTTP Servlet Request.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param servletContext Servlet Context for server.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param indexType AuthContext Index Type.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param indexName index name associated with the index type.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @return File name of the resource.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster */
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public static String getFileName(
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String fileName,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String localeName,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String orgDN,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster HttpServletRequest servletRequest,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster ServletContext servletContext,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster AuthContext.IndexType indexType,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String indexName
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster ) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String fileRoot = getFileRoot();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String templateFile = null;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster try {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // get the filePath Client filePath + serviceName
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String filePath = getFilePath(servletRequest,indexType,indexName);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String orgFilePath = getOrgFilePath(orgDN);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (utilDebug.messageEnabled()) {
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL utilDebug.message("Calling ResourceLookup: filename='{}', defaultOrg='{}'," +
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL " locale='{}', filePath='{}', orgPath='{}'",
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL fileName, fileRoot, localeName, filePath, orgFilePath);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster templateFile = getResourceLocation(fileRoot,localeName,orgFilePath,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster filePath,fileName,templatePath,servletContext,servletRequest);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster } catch (Exception e) {
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL utilDebug.message("Error getting File : ", e);
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL templateFile = new StringBuilder()
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL .append(templatePath)
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL .append(Constants.FILE_SEPARATOR)
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL .append(ISAuthConstants.DEFAULT_DIR)
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL .append(Constants.FILE_SEPARATOR)
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL .append(fileName)
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL .toString();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (utilDebug.messageEnabled()) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster utilDebug.message("File/Resource is : " + templateFile);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster return (templateFile);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
113e50bd437492c1b2bd4a5681359eae56b084dfPeter Major public static String getAuthCookieValue(HttpServletRequest request) {
113e50bd437492c1b2bd4a5681359eae56b084dfPeter Major //Let's check the URL first in case this is a forwarded request from Federation. URL should have precedence
113e50bd437492c1b2bd4a5681359eae56b084dfPeter Major //over the actual cookie value, so this way a new federated auth can always start with a clear auth session.
113e50bd437492c1b2bd4a5681359eae56b084dfPeter Major String isForward = (String) request.getAttribute(Constants.FORWARD_PARAM);
113e50bd437492c1b2bd4a5681359eae56b084dfPeter Major if (utilDebug.messageEnabled()) {
113e50bd437492c1b2bd4a5681359eae56b084dfPeter Major utilDebug.message("AuthClientUtils.getAuthCookieValue: is forward = " + isForward);
113e50bd437492c1b2bd4a5681359eae56b084dfPeter Major }
113e50bd437492c1b2bd4a5681359eae56b084dfPeter Major String ret = null;
113e50bd437492c1b2bd4a5681359eae56b084dfPeter Major if (Constants.FORWARD_YES_VALUE.equals(isForward)) {
113e50bd437492c1b2bd4a5681359eae56b084dfPeter Major ret = SessionEncodeURL.getSidFromURL(request, getAuthCookieName());
113e50bd437492c1b2bd4a5681359eae56b084dfPeter Major }
113e50bd437492c1b2bd4a5681359eae56b084dfPeter Major
113e50bd437492c1b2bd4a5681359eae56b084dfPeter Major return ret == null ? CookieUtils.getCookieValueFromReq(request, getAuthCookieName()) : ret;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
03e319d6edecb454bdd9f18ad80f545ab4a64a17Peter Major /**
03e319d6edecb454bdd9f18ad80f545ab4a64a17Peter Major * @deprecated use {@link #getDomainNameByRequest(
03e319d6edecb454bdd9f18ad80f545ab4a64a17Peter Major * javax.servlet.http.HttpServletRequest, java.util.Hashtable)} instead.
03e319d6edecb454bdd9f18ad80f545ab4a64a17Peter Major */
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public static String getDomainNameByRequest(Hashtable requestHash) {
03e319d6edecb454bdd9f18ad80f545ab4a64a17Peter Major String realm = getRealmFromPolicyAdvice(requestHash);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String orgParam = getOrgParam(requestHash);
03e319d6edecb454bdd9f18ad80f545ab4a64a17Peter Major if (realm != null) {
03e319d6edecb454bdd9f18ad80f545ab4a64a17Peter Major //Policy Advice has precedence over GET parameter
03e319d6edecb454bdd9f18ad80f545ab4a64a17Peter Major orgParam = realm;
03e319d6edecb454bdd9f18ad80f545ab4a64a17Peter Major }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (utilDebug.messageEnabled()) {
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL utilDebug.message("orgParam='{}'", orgParam);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // try to get the host name if org or domain Param is null
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if ((orgParam == null) || (orgParam.length() == 0)) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster orgParam = "/";
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (utilDebug.messageEnabled()) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster utilDebug.message("defaultOrg : " + orgParam);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String orgDN = getOrganizationDN(orgParam,false,null);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (utilDebug.messageEnabled()) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster utilDebug.message("orgDN is " + orgDN);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
03e319d6edecb454bdd9f18ad80f545ab4a64a17Peter Major return orgDN;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
03e319d6edecb454bdd9f18ad80f545ab4a64a17Peter Major /**
03e319d6edecb454bdd9f18ad80f545ab4a64a17Peter Major * Parses the policy condition advice and checks for realm advices
03e319d6edecb454bdd9f18ad80f545ab4a64a17Peter Major * @param requestHash Request parameters
03e319d6edecb454bdd9f18ad80f545ab4a64a17Peter Major * @return realm defined in the policy advice, if defined - or nullđ
03e319d6edecb454bdd9f18ad80f545ab4a64a17Peter Major * @throws IllegalArgumentException if more than one realm is defined within
03e319d6edecb454bdd9f18ad80f545ab4a64a17Peter Major * the advice
03e319d6edecb454bdd9f18ad80f545ab4a64a17Peter Major * @see com.sun.identity.authentication.util.AMAuthUtils
03e319d6edecb454bdd9f18ad80f545ab4a64a17Peter Major */
03e319d6edecb454bdd9f18ad80f545ab4a64a17Peter Major private static String getRealmFromPolicyAdvice(Hashtable<String, String> requestHash) {
03e319d6edecb454bdd9f18ad80f545ab4a64a17Peter Major String advice = requestHash.get(COMPOSITE_ADVICE);
03e319d6edecb454bdd9f18ad80f545ab4a64a17Peter Major if (advice == null) {
03e319d6edecb454bdd9f18ad80f545ab4a64a17Peter Major return null;
03e319d6edecb454bdd9f18ad80f545ab4a64a17Peter Major }
03e319d6edecb454bdd9f18ad80f545ab4a64a17Peter Major
03e319d6edecb454bdd9f18ad80f545ab4a64a17Peter Major try {
03e319d6edecb454bdd9f18ad80f545ab4a64a17Peter Major String decodedXml = URLDecoder.decode(advice, "UTF-8");
03e319d6edecb454bdd9f18ad80f545ab4a64a17Peter Major return getRealmFromPolicyAdvice(decodedXml);
03e319d6edecb454bdd9f18ad80f545ab4a64a17Peter Major } catch (UnsupportedEncodingException uee) {
03e319d6edecb454bdd9f18ad80f545ab4a64a17Peter Major utilDebug.error("Unable to URLdecode condition advice using UTF-8");
03e319d6edecb454bdd9f18ad80f545ab4a64a17Peter Major }
03e319d6edecb454bdd9f18ad80f545ab4a64a17Peter Major return null;
03e319d6edecb454bdd9f18ad80f545ab4a64a17Peter Major }
03e319d6edecb454bdd9f18ad80f545ab4a64a17Peter Major
03e319d6edecb454bdd9f18ad80f545ab4a64a17Peter Major /**
03e319d6edecb454bdd9f18ad80f545ab4a64a17Peter Major * Parses the policy condition advice and checks for realm advices
03e319d6edecb454bdd9f18ad80f545ab4a64a17Peter Major * @param advice The policy advice XML
03e319d6edecb454bdd9f18ad80f545ab4a64a17Peter Major * @return realm defined in the policy advice, if defined - or nullđ
03e319d6edecb454bdd9f18ad80f545ab4a64a17Peter Major * @throws IllegalArgumentException if more than one realm is defined within
03e319d6edecb454bdd9f18ad80f545ab4a64a17Peter Major * the advice
03e319d6edecb454bdd9f18ad80f545ab4a64a17Peter Major * @see com.sun.identity.authentication.util.AMAuthUtils
03e319d6edecb454bdd9f18ad80f545ab4a64a17Peter Major */
03e319d6edecb454bdd9f18ad80f545ab4a64a17Peter Major public static String getRealmFromPolicyAdvice(String advice) {
03e319d6edecb454bdd9f18ad80f545ab4a64a17Peter Major String realm = null;
03e319d6edecb454bdd9f18ad80f545ab4a64a17Peter Major try {
03e319d6edecb454bdd9f18ad80f545ab4a64a17Peter Major Map<String, Set<String>> adviceMap = PolicyUtils.parseAdvicesXML(advice);
03e319d6edecb454bdd9f18ad80f545ab4a64a17Peter Major if (adviceMap != null) {
03e319d6edecb454bdd9f18ad80f545ab4a64a17Peter Major for (Map.Entry<String, Set<String>> entry : adviceMap.entrySet()) {
03e319d6edecb454bdd9f18ad80f545ab4a64a17Peter Major String key = entry.getKey();
03e319d6edecb454bdd9f18ad80f545ab4a64a17Peter Major Set<String> value = entry.getValue();
03e319d6edecb454bdd9f18ad80f545ab4a64a17Peter Major for (String adv : value) {
03e319d6edecb454bdd9f18ad80f545ab4a64a17Peter Major String tmpRealm = null;
03e319d6edecb454bdd9f18ad80f545ab4a64a17Peter Major if (key.equals(AuthSchemeCondition.AUTHENTICATE_TO_REALM_CONDITION_ADVICE)) {
03e319d6edecb454bdd9f18ad80f545ab4a64a17Peter Major tmpRealm = adv;
03e319d6edecb454bdd9f18ad80f545ab4a64a17Peter Major } else {
03e319d6edecb454bdd9f18ad80f545ab4a64a17Peter Major //AMAuthUtils is not present at DAS, so let's parse
03e319d6edecb454bdd9f18ad80f545ab4a64a17Peter Major //the advice manually
03e319d6edecb454bdd9f18ad80f545ab4a64a17Peter Major int idx = adv.indexOf(':');
03e319d6edecb454bdd9f18ad80f545ab4a64a17Peter Major if (idx != -1) {
03e319d6edecb454bdd9f18ad80f545ab4a64a17Peter Major tmpRealm = adv.substring(0, idx);
03e319d6edecb454bdd9f18ad80f545ab4a64a17Peter Major }
03e319d6edecb454bdd9f18ad80f545ab4a64a17Peter Major }
03e319d6edecb454bdd9f18ad80f545ab4a64a17Peter Major if (realm == null) {
03e319d6edecb454bdd9f18ad80f545ab4a64a17Peter Major realm = tmpRealm;
03e319d6edecb454bdd9f18ad80f545ab4a64a17Peter Major } else if (tmpRealm != null && !realm.equalsIgnoreCase(tmpRealm)) {
03e319d6edecb454bdd9f18ad80f545ab4a64a17Peter Major //NB: this method is also used when the engine wants
03e319d6edecb454bdd9f18ad80f545ab4a64a17Peter Major //to show the error page from the correct realm, hence
03e319d6edecb454bdd9f18ad80f545ab4a64a17Peter Major //this will fail twice, resulting in a generic error
03e319d6edecb454bdd9f18ad80f545ab4a64a17Peter Major //page
03e319d6edecb454bdd9f18ad80f545ab4a64a17Peter Major throw new IllegalArgumentException("More than one realm defined in the Policy Advice");
03e319d6edecb454bdd9f18ad80f545ab4a64a17Peter Major }
03e319d6edecb454bdd9f18ad80f545ab4a64a17Peter Major }
03e319d6edecb454bdd9f18ad80f545ab4a64a17Peter Major }
03e319d6edecb454bdd9f18ad80f545ab4a64a17Peter Major }
03e319d6edecb454bdd9f18ad80f545ab4a64a17Peter Major } catch (PolicyException pe) {
03e319d6edecb454bdd9f18ad80f545ab4a64a17Peter Major utilDebug.error("Unable to parse policy condition advices", pe);
03e319d6edecb454bdd9f18ad80f545ab4a64a17Peter Major }
03e319d6edecb454bdd9f18ad80f545ab4a64a17Peter Major
03e319d6edecb454bdd9f18ad80f545ab4a64a17Peter Major return realm;
03e319d6edecb454bdd9f18ad80f545ab4a64a17Peter Major }
03e319d6edecb454bdd9f18ad80f545ab4a64a17Peter Major
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // Check whether the request is coming to the server who created the
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // original Auth request or session
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public static boolean isLocalServer(String cookieURL, boolean isServer) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster boolean local = false;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster try {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String urlStr = serverURL + serviceURI;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (utilDebug.messageEnabled()) {
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL utilDebug.message("This server URL='{}', Server URL from cookie='{}'", urlStr, cookieURL);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if ((urlStr != null) && (cookieURL != null) &&
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster (cookieURL.equalsIgnoreCase(urlStr))) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster local = true;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (!local && isServer && (cookieURL != null)) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster int uriIndex = cookieURL.indexOf(serviceURI);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String tmpCookieURL = cookieURL;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (uriIndex != -1) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster tmpCookieURL = cookieURL.substring(0,uriIndex) +
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster SystemProperties.get(Constants.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster AM_SERVICES_DEPLOYMENT_DESCRIPTOR);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
1d407e39b7d8f68d9a2b1e178f35fab037d9835aRobert Wapshott Set<String> platformList = WebtopNaming.getPlatformServerList();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (utilDebug.messageEnabled()) {
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL utilDebug.message("search CookieURL='{}', platform server List='{}' ", tmpCookieURL, platformList);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // if cookie URL is not in the Platform server list then
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // consider as new authentication for that local server
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (!platformList.contains(tmpCookieURL)) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster local = true;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster } catch (Exception e) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (utilDebug.messageEnabled()) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster utilDebug.message("Error isLocalServer : " + e.getMessage());
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL return local;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // Check whether the request is coming to the server who created the
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // original Auth request or session
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // This method needs to be merged with the one above.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public static boolean isLocalServer(String cookieURL, String inputURI) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster int uriIndex = cookieURL.indexOf(inputURI);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String tmpCookieURL = cookieURL;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (uriIndex != -1) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster tmpCookieURL = cookieURL.substring(0,uriIndex);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL return isLocalServer(tmpCookieURL + serviceURI, true);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public static boolean isServerMemberOfLocalSite(String cookieURL) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster boolean isSiteMember = false;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster try {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (!distAuthSitesMap.isEmpty()) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String localSiteID = WebtopNaming.getSiteID(WebtopNaming.getAMServerID());
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (localSiteID == null) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (utilDebug.warningEnabled()) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster utilDebug.warning("AuthClientUtils::isServerMemberOfLocalSite:" +
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster "unable to determine local site id: " + WebtopNaming.getAMServerID());
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster return false;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String localSiteName = WebtopNaming.getSiteNameById(localSiteID);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (localSiteName != null) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster Set distAuthForSite = distAuthSitesMap.get(localSiteName);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (distAuthForSite == null) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (utilDebug.warningEnabled()) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster utilDebug.warning("AuthClientUtils::isServerMemberOfLocalSite:" +
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster "unable to determine distAuthForSite: " + localSiteName);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster return false;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (distAuthForSite.contains(cookieURL)) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster isSiteMember = true;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (utilDebug.messageEnabled()) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster utilDebug.message("AuthClientUtils::isServerMemberOfLocalSite:" +
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster "local URL " + cookieURL + " found in local site " +
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster distAuthForSite);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster } else {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster isSiteMember = true;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster } else {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster isSiteMember = true;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster } catch (Exception ex) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster utilDebug.error("AuthClientUtils::isServerMemberOfLocalSite: ", ex);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster return isSiteMember;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster /**
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Sends the request to the original Auth server and receives the result
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * data.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster *
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param request HttpServletRequest to be sent
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param response HttpServletResponse to be received
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param cookieURL URL of the original authentication server to be
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * connected
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster *
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @return HashMap of the result data from the original server's response
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster *
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster */
9a8a88c1867d7f60df76cdfbf10606db698b63fePeter Major public static Map<String, Object> sendAuthRequestToOrigServer(HttpServletRequest request,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster HttpServletResponse response, String cookieURL) {
9a8a88c1867d7f60df76cdfbf10606db698b63fePeter Major Map<String, Object> origRequestData = new HashMap<String, Object>();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // Print request Headers
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (utilDebug.messageEnabled()) {
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL StringBuilder message = new StringBuilder();
9a8a88c1867d7f60df76cdfbf10606db698b63fePeter Major Enumeration<String> requestHeaders = request.getHeaderNames();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster while (requestHeaders.hasMoreElements()) {
9a8a88c1867d7f60df76cdfbf10606db698b63fePeter Major String name = requestHeaders.nextElement();
9a8a88c1867d7f60df76cdfbf10606db698b63fePeter Major Enumeration value = (Enumeration) request.getHeaders(name);
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL message.append("Header name='").append(name).append("', Value='").append(value).append("'\n");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL utilDebug.message(message.toString());
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // Open URL connection
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster HttpURLConnection conn = null;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster OutputStream out = null;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String strCookies = null;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster URL authURL = null;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster try {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String queryString = request.getQueryString();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (queryString != null) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster authURL = new URL(cookieURL + "?" + queryString);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster } else {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster authURL = new URL(cookieURL);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (utilDebug.messageEnabled()) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster utilDebug.message("Connecting to : " + authURL);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster conn = HttpURLConnectionManager.getConnection(authURL);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster conn.setUseCaches(useCache);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster conn.setFollowRedirects(false);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster conn.setInstanceFollowRedirects(false);
9a8a88c1867d7f60df76cdfbf10606db698b63fePeter Major conn.setRequestProperty(ISAuthConstants.ACCEPT_LANG_HEADER,
9a8a88c1867d7f60df76cdfbf10606db698b63fePeter Major request.getHeader(ISAuthConstants.ACCEPT_LANG_HEADER));
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // We should preserve the original host, so the target server will also see the accessed URL
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // If we don't do this the server might going to deny the request because of invalid domain access.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster conn.setRequestProperty("Host", request.getHeader("host"));
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
42e6f052c417061bf791b6e04c4579a61bf002d3Craig McDonnell List<Cookie> cookies = removeLocalLoadBalancingCookie(asList(request.getCookies()));
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // replay cookies
42e6f052c417061bf791b6e04c4579a61bf002d3Craig McDonnell strCookies = getCookiesString(cookies);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (strCookies != null) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (utilDebug.messageEnabled()) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster utilDebug.message("Sending cookies : " + strCookies);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster conn.setRequestProperty("Cookie", strCookies);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // Sending Output to Original Auth server...
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster utilDebug.message("SENDING DATA ... ");
87972b3af5f1ec9cbd4710e97f883dfe34b27783Peter Major copyRequestHeaders(request, conn);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (request.getMethod().equals("GET")) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster conn.connect();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster } else {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster //First we should find out what GET parameters do we have.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster Map<String, Set<String>> queryParams = new HashMap<String, Set<String>>();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (queryString != null) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster for (String param : queryString.split("&")) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster int idx = param.indexOf('=');
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (idx != -1) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String paramName = param.substring(0, idx);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String paramValue = param.substring(idx + 1);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster Set<String> values = queryParams.get(paramName);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (values == null) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster values = new HashSet<String>();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster queryParams.put(paramName, values);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster values.add(paramValue);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster conn.setRequestProperty(
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster "Content-Type", "application/x-www-form-urlencoded");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // merged parameter list containing both GET and POST parameters
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster Map<String, String[]> params = request.getParameterMap();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster Map<String, Set<String>> postParams = new HashMap<String, Set<String>>();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster for (Map.Entry<String, String[]> entry : params.entrySet()) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (queryParams.containsKey(entry.getKey())) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // TODO: do we need to care about params that can be both in GET and POST?
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster } else {
42e6f052c417061bf791b6e04c4579a61bf002d3Craig McDonnell postParams.put(entry.getKey(), new HashSet<String>(asList(entry.getValue())));
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String postData = getFormData(postParams);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (utilDebug.messageEnabled()) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster utilDebug.message("Request data : " + postData);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (postData.trim().length() > 0) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster conn.setDoOutput(true);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster conn.setRequestMethod("POST");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster out = conn.getOutputStream();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster PrintWriter pw = new PrintWriter(out);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster pw.print(postData); // here we "send" the request body
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster pw.flush();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster pw.close();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // Receiving input from Original Auth server...
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster utilDebug.message("RECEIVING DATA ... ");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (utilDebug.messageEnabled()) {
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL utilDebug.message("Response Code='{}', Response Message='{}' ", conn.getResponseCode(),
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL conn.getResponseMessage());
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // Check response code
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (conn.getResponseCode() == HttpURLConnection.HTTP_OK) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // Input from Original servlet...
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster StringBuilder in_buf = new StringBuilder();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster BufferedReader in = new BufferedReader(
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster new InputStreamReader(conn.getInputStream(), "UTF-8"));
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster int len;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster char[] buf = new char[1024];
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster while ((len = in.read(buf,0,buf.length)) != -1) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster in_buf.append(buf,0,len);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String in_string = in_buf.toString();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (utilDebug.messageEnabled()) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster utilDebug.message("Received response data : " + in_string);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster origRequestData.put("OUTPUT_DATA",in_string);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster } else {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster utilDebug.warning("Response code for proxied auth is NOT OK");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String client_type = conn.getHeaderField("AM_CLIENT_TYPE");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (client_type != null) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster origRequestData.put("AM_CLIENT_TYPE", client_type);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String redirect_url = conn.getHeaderField("Location");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (redirect_url != null) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster try {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster URL gotoURL = new URL(redirect_url);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (isSameServer(authURL, gotoURL)) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (utilDebug.messageEnabled()) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster utilDebug.message("Relative redirect detected");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster //relative redirect happened
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String path = gotoURL.getPath();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String query = gotoURL.getQuery();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster redirect_url = (path != null ? path : "") + (query != null ? "?" + gotoURL.getQuery() : "");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (utilDebug.messageEnabled()) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster utilDebug.message("sendAuthRequestToOrigServer(): Setting redirect URL to: " + redirect_url);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster origRequestData.put("AM_REDIRECT_URL", redirect_url);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster } catch (MalformedURLException murle) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster //fallback to original handling
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster origRequestData.put("AM_REDIRECT_URL", redirect_url);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String content_type = conn.getHeaderField("Content-Type");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (content_type != null) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster origRequestData.put("CONTENT_TYPE", content_type);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster origRequestData.put("RESPONSE_CODE", conn.getResponseCode());
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
9a8a88c1867d7f60df76cdfbf10606db698b63fePeter Major //replay received headers to the original response
9a8a88c1867d7f60df76cdfbf10606db698b63fePeter Major copyResponseHeaders(conn.getHeaderFields(), response);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster } catch (IOException ioe) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster //the catcher will log the exception
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster origRequestData.put("EXCEPTION", ioe);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster } catch (Exception e) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (utilDebug.warningEnabled()) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster utilDebug.warning("send exception : " , e);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster } finally {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (out != null) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster try {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster out.close();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster } catch (IOException ioe) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (utilDebug.messageEnabled()) {
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL utilDebug.message("send IOException : ", ioe);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL return origRequestData;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
42e6f052c417061bf791b6e04c4579a61bf002d3Craig McDonnell /**
42e6f052c417061bf791b6e04c4579a61bf002d3Craig McDonnell * Filter the load balancing cookie if it points to this server to avoid potential infinite redirect loop.
42e6f052c417061bf791b6e04c4579a61bf002d3Craig McDonnell */
42e6f052c417061bf791b6e04c4579a61bf002d3Craig McDonnell private static List<Cookie> removeLocalLoadBalancingCookie(final List<Cookie> cookies) {
42e6f052c417061bf791b6e04c4579a61bf002d3Craig McDonnell final String lblCookieName = getlbCookieName();
42e6f052c417061bf791b6e04c4579a61bf002d3Craig McDonnell final String lblCookieValue = getlbCookieValue();
42e6f052c417061bf791b6e04c4579a61bf002d3Craig McDonnell final List<Cookie> filteredCookies = new ArrayList<>();
42e6f052c417061bf791b6e04c4579a61bf002d3Craig McDonnell for (final Cookie cookie : cookies) {
42e6f052c417061bf791b6e04c4579a61bf002d3Craig McDonnell if (!Objects.equals(cookie.getName(), lblCookieName)
42e6f052c417061bf791b6e04c4579a61bf002d3Craig McDonnell && !Objects.equals(cookie.getValue(), lblCookieValue)) {
42e6f052c417061bf791b6e04c4579a61bf002d3Craig McDonnell filteredCookies.add(cookie);
42e6f052c417061bf791b6e04c4579a61bf002d3Craig McDonnell }
42e6f052c417061bf791b6e04c4579a61bf002d3Craig McDonnell }
42e6f052c417061bf791b6e04c4579a61bf002d3Craig McDonnell return filteredCookies;
42e6f052c417061bf791b6e04c4579a61bf002d3Craig McDonnell }
42e6f052c417061bf791b6e04c4579a61bf002d3Craig McDonnell
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster private static boolean isSameServer(URL url1, URL url2) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster int port1 = url1.getPort() != -1 ? url1.getPort() : url1.getDefaultPort();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster int port2 = url2.getPort() != -1 ? url2.getPort() : url2.getDefaultPort();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster return url1.getProtocol().equals(url2.getProtocol())
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster && url1.getHost().equalsIgnoreCase(url2.getHost())
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster && port1 == port2;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster private static void copyRequestHeaders(HttpServletRequest request, HttpURLConnection conn) {
87972b3af5f1ec9cbd4710e97f883dfe34b27783Peter Major utilDebug.message("AuthClientUtils.copyRequestHeaders: starting to copy request headers");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster Enumeration<String> headerNames = request.getHeaderNames();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster while (headerNames.hasMoreElements()) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String headerName = headerNames.nextElement();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (headerName != null && RETAINED_HTTP_REQUEST_HEADERS.contains(headerName.toLowerCase())) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster Enumeration<String> values = request.getHeaders(headerName);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster while (values.hasMoreElements()) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String value = values.nextElement();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (utilDebug.messageEnabled()) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster utilDebug.message("Copying header for proxied request: " + headerName + ": " + value);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster conn.addRequestProperty(headerName, value);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
9a8a88c1867d7f60df76cdfbf10606db698b63fePeter Major private static void copyResponseHeaders(Map<String, List<String>> headers, HttpServletResponse response) {
9a8a88c1867d7f60df76cdfbf10606db698b63fePeter Major for (Map.Entry<String, List<String>> entry : headers.entrySet()) {
9a8a88c1867d7f60df76cdfbf10606db698b63fePeter Major String headerName = entry.getKey();
9a8a88c1867d7f60df76cdfbf10606db698b63fePeter Major if (headerName != null && RETAINED_HTTP_HEADERS.contains(headerName.toLowerCase())) {
9a8a88c1867d7f60df76cdfbf10606db698b63fePeter Major List<String> headerValues = entry.getValue();
9a8a88c1867d7f60df76cdfbf10606db698b63fePeter Major if (headerValues != null) {
9a8a88c1867d7f60df76cdfbf10606db698b63fePeter Major for (String headerValue : headerValues) {
9a8a88c1867d7f60df76cdfbf10606db698b63fePeter Major response.addHeader(headerName, headerValue);
9a8a88c1867d7f60df76cdfbf10606db698b63fePeter Major }
9a8a88c1867d7f60df76cdfbf10606db698b63fePeter Major }
9a8a88c1867d7f60df76cdfbf10606db698b63fePeter Major }
9a8a88c1867d7f60df76cdfbf10606db698b63fePeter Major }
9a8a88c1867d7f60df76cdfbf10606db698b63fePeter Major }
9a8a88c1867d7f60df76cdfbf10606db698b63fePeter Major
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // Gets the request form data in the form of string
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster private static String getFormData(Map<String, Set<String>> params) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster StringBuilder sb = new StringBuilder();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster for (Map.Entry<String, Set<String>> entry : params.entrySet()) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String key = entry.getKey();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster for (String value : entry.getValue()) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster sb.append(URLEncDec.encode(key));
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster sb.append('=');
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster sb.append(URLEncDec.encode(value));
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster sb.append('&');
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster sb.deleteCharAt(sb.length() -1);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster return(sb.toString());
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // Get cookies string from HTTP request object
42e6f052c417061bf791b6e04c4579a61bf002d3Craig McDonnell private static String getCookiesString(List<Cookie> cookies) {
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL StringBuilder cookieStr = null;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String strCookies = null;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // Process Cookies
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (cookies != null) {
42e6f052c417061bf791b6e04c4579a61bf002d3Craig McDonnell for (final Cookie cookie : cookies) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (utilDebug.messageEnabled()) {
42e6f052c417061bf791b6e04c4579a61bf002d3Craig McDonnell utilDebug.message("Cookie name='{}', value='{}'", cookie.getName(), cookie.getValue());
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (cookieStr == null) {
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL cookieStr = new StringBuilder();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster } else {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster cookieStr.append(";");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
42e6f052c417061bf791b6e04c4579a61bf002d3Craig McDonnell cookieStr.append(cookie.getName()).append("=").append(cookie.getValue());
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (cookieStr != null) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster strCookies = cookieStr.toString();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster return (strCookies);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster /**
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Sets server cookie to <code>HttpServletResponse</code> object
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param aCookie auth context associated with lb cookie
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param response <code>true</code> if it is persistent
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @throws AuthException if it fails to create pcookie
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster */
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public static void setServerCookie(Cookie aCookie,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster HttpServletRequest request, HttpServletResponse response)
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster throws AuthException {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String cookieName = aCookie.getName();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String cookieValue = aCookie.getValue();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (cookieName != null && cookieName.length() != 0) {
6cf99bcf5206a0fcc9dd9296fc46ac28c3fe8adePeter Major Set<String> domains = getCookieDomainsForRequest(request);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (!domains.isEmpty()) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster for (Iterator it = domains.iterator(); it.hasNext(); ) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String domain = (String)it.next();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster Cookie cookie = createCookie(cookieName, cookieValue,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster domain);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster CookieUtils.addCookieToResponse(response, cookie);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster } else {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster CookieUtils.addCookieToResponse(response,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster createCookie(cookieName,cookieValue,null));
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster /**
8d3140b524c0e28c0a49dc7c7d481123ef3cfe11Chris Lee * Sets the redirectBackUrlCookie to be set as OpenAM
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * server URL when redirecting to external web site during authentication
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * process.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param cookieName auth context associated with lb cookie
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param cookieValue auth context associated with lb cookie
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param response <code>true</code> if it is persistent
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @throws AuthException if it fails to create this cookie
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster */
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public static void setRedirectBackServerCookie(String cookieName,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String cookieValue, HttpServletRequest request,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster HttpServletResponse response) throws AuthException {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (cookieName != null && cookieName.length() != 0) {
6cf99bcf5206a0fcc9dd9296fc46ac28c3fe8adePeter Major Set<String> domains = getCookieDomainsForRequest(request);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (!domains.isEmpty()) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster for (Iterator it = domains.iterator(); it.hasNext(); ) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String domain = (String)it.next();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster Cookie cookie = createCookie(cookieName, cookieValue,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster domain);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster CookieUtils.addCookieToResponse(response, cookie);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster } else {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster CookieUtils.addCookieToResponse(response,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster createCookie(cookieName,cookieValue,null));
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster /**
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Clears server cookie.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster *
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param cookieName Cookie Name.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param response HTTP Servlet Response.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster */
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public static void clearServerCookie(String cookieName,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster HttpServletRequest request, HttpServletResponse response) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (utilDebug.messageEnabled()) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster utilDebug.message("In clear server Cookie = " + cookieName);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (cookieName != null && cookieName.length() != 0) {
6cf99bcf5206a0fcc9dd9296fc46ac28c3fe8adePeter Major Set<String> domains = getCookieDomainsForRequest(request);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (!domains.isEmpty()) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster for (Iterator it = domains.iterator(); it.hasNext(); ) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String domain = (String)it.next();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster Cookie cookie =
42a452a9f1193f232b34e7c22706b8fe44207d3dPhill Cunnington createCookie(cookieName, "LOGOUT", 0, domain);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster response.addCookie(cookie);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster utilDebug.message("In clear server Cookie added cookie");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster } else {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster response.addCookie(
42a452a9f1193f232b34e7c22706b8fe44207d3dPhill Cunnington createCookie(cookieName, "LOGOUT", 0, null));
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster utilDebug.message("In clear server added cookie no domain");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // Returns Query String from request parameters Map
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public static String getQueryStrFromParameters(Map paramMap) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster StringBuilder buff = new StringBuilder();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster boolean first = true;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (paramMap != null && !paramMap.isEmpty()) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster for (Iterator i = paramMap.entrySet().iterator(); i.hasNext(); ) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster Map.Entry me = (Map.Entry)i.next();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String key = (String)me.getKey();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String value = (String)me.getValue();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (first) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster buff.append("?");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster first = false;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster } else {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster buff.append("&");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster buff.append(key).append("=").append(value);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster return (buff.toString());
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster /**
8d3140b524c0e28c0a49dc7c7d481123ef3cfe11Chris Lee * Checks whether OpenAM session cookie has to be made
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * persistent.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster *
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Only if value of <code>true</code> is providued for HTTP query
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * parameter <code>Constants.PERSIST_AM_COOKIE</code> and this property is
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * enabled or if persistent cookies are set globally.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster *
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * If either of these are true, AM session cookie will be made persistent
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster *
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param reqDataHash http request parameters and values
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @return <code>true</code> if AM session cookie has to be made persistent,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * otherwise returns <code>false</code>
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster */
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public static boolean persistAMCookie(Hashtable reqDataHash) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String globalPersistCookieString = SystemProperties.get(
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster Constants.PERSIST_AM_COOKIE);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster boolean globalPersist =
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster Boolean.valueOf(globalPersistCookieString).booleanValue();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (globalPersist) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (utilDebug.messageEnabled()) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster utilDebug.message("AuthUtils.persistAMCookie(): Set globally ");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster return true;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster boolean persistCookie = false;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String persistCookieString
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster = (String)reqDataHash.get(Constants.PERSIST_AM_COOKIE);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String allowRequestPersistString = SystemProperties.get(
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster Constants.ALLOW_PERSIST_AM_COOKIE);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster boolean allowRequestPersist =
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster Boolean.valueOf(allowRequestPersistString).booleanValue();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (allowRequestPersist && (persistCookieString != null)) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster persistCookie
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster = (Boolean.valueOf(persistCookieString)).booleanValue();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (utilDebug.messageEnabled()) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster utilDebug.message("AuthUtils.persistAMCookie(): " + persistCookie);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster return persistCookie;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster /**
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Returns true if the request has the ForceAuth=<code>true</code>
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * query parameter or composite advise.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster *
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @return true if this parameter is present otherwise false.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster */
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public static boolean forceAuthFlagExists(Hashtable reqDataHash) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String force = (String) reqDataHash.get("ForceAuth");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster boolean forceFlag = (Boolean.valueOf(force)).booleanValue();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (utilDebug.messageEnabled()) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster utilDebug.message("AuthUtils.forceFlagExists : " + forceFlag);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (forceFlag == false) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if ( reqDataHash.get(Constants.COMPOSITE_ADVICE) != null ) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String tmp = (String)reqDataHash.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster get(Constants.COMPOSITE_ADVICE);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster forceFlag =
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster checkForForcedAuth(tmp);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster return forceFlag;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster /**
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Returns true if the composite Advice has the ForceAuth element
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster *
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @return true if this parameter is present otherwise false.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster */
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public static boolean checkForForcedAuth(String xmlCompositeAdvice) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster boolean returnForcedAuth = false;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster try {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String decodedAdviceXML = URLDecoder.decode(xmlCompositeAdvice);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster Map adviceMap = PolicyUtils.parseAdvicesXML(decodedAdviceXML);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (utilDebug.messageEnabled()) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster utilDebug.message("AuthUtils.checkForForcedAuth : decoded XML "
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL + "= " + decodedAdviceXML);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster utilDebug.message("AuthUtils.checkForForcedAuth : result Map = "
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster + adviceMap);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (adviceMap != null) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (adviceMap.containsKey(AuthSchemeCondition.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster FORCE_AUTH_ADVICE)) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster returnForcedAuth = true;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster } catch (com.sun.identity.policy.PolicyException polExp) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster utilDebug.error("AuthUtils.checkForForcedAuth : Error in "
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster + "Policy XML parsing ",polExp );
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (utilDebug.messageEnabled()) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster utilDebug.message("AuthUtils.checkForForcedAuth: returnForcedAuth"+
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster "= " + returnForcedAuth);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster return returnForcedAuth;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster /**
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Returns the service URI
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @return a String the Service URI
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster */
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public static String getServiceURI() {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (SystemProperties.isServerMode()) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster return SystemProperties.get(Constants.AM_SERVICES_DEPLOYMENT_DESCRIPTOR);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster } else {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster return SystemProperties.get(Constants.AM_DISTAUTH_DEPLOYMENT_DESCRIPTOR);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public static void setHostUrlCookie(HttpServletResponse response) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (isSessionHijackingEnabled) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String hostUrlCookieValue = null;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster try {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String siteID = WebtopNaming.getSiteID(
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster WebtopNaming.getAMServerID());
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster hostUrlCookieValue = WebtopNaming.getServerFromID(siteID);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String uri = SystemProperties.get(
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster Constants.AM_SERVICES_DEPLOYMENT_DESCRIPTOR);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster hostUrlCookieValue = hostUrlCookieValue.substring(0,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster (hostUrlCookieValue.length() - uri.length()));
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster } catch(ServerEntryNotFoundException e) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster utilDebug.message("AuthClientUtils.setHostUrlCookie:", e);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (hostUrlCookieValue == null ||
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster hostUrlCookieValue.length() == 0) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String authServerProtocol = SystemProperties.get(
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster Constants.AM_SERVER_PROTOCOL);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String authServer = SystemProperties.get(
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster Constants.AM_SERVER_HOST);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String authServerPort = SystemProperties.get(
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster Constants.AM_SERVER_PORT);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster hostUrlCookieValue = authServerProtocol + "://" +
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster authServer + ":" + authServerPort;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (utilDebug.messageEnabled()) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster utilDebug.message("AuthClientUtils.setHostUrlCookie: " +
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster "hostUrlCookieName = " + hostUrlCookieName +
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster ", hostUrlCookieDomain = " + hostUrlCookieDomain +
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster ", hostUrlCookieValue = " + hostUrlCookieValue);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // Create Cookie
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster try {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster Cookie cookie = createCookie(hostUrlCookieName,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster hostUrlCookieValue, hostUrlCookieDomain);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster CookieUtils.addCookieToResponse(response, cookie);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster } catch (Exception e) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster utilDebug.message("AuthClientUtils.setHostUrlCookie:", e);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public static void clearHostUrlCookie(HttpServletResponse response) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (isSessionHijackingEnabled) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // Create Cookie
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster try {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster Cookie cookie = createCookie(hostUrlCookieName,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster "LOGOUT", hostUrlCookieDomain);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster cookie.setMaxAge(0);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster response.addCookie(cookie);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster } catch (Exception e) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster utilDebug.message("AuthClientUtils.clearHostUrlCookie:", e);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public static boolean isDistAuthServerTrusted(String distAuthServerLoginURL){
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster return distAuthClusterList.contains(distAuthServerLoginURL);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster /**
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Returns the resource URL. The method checks value for "resourceURL"
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * parameter first, if not present, checks value for "goto" parameter.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * If none exists, returns null.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param request HttpServletRequest object
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @return resourceURL based on the query parameters, returns null if
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * resource URL could not be found.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster */
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public static String getResourceURL(HttpServletRequest request) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String resourceUrl = request.getParameter(
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster ISAuthConstants.RESOURCE_URL_PARAM);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (resourceUrl == null) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster resourceUrl =
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster request.getParameter(ISAuthConstants.GOTO_PARAM);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster return resourceUrl;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster /**
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Returns an environment map which contains all query parameters
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * and HTTP headers. Keys of the map are String, values of the map are
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Sets of String.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param request HttpServletRequest object.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @return environment Map whose key is String, and value is Set of String.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster */
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public static Map getEnvMap(HttpServletRequest request) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster Map envParameters = new HashMap();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // add all query parameters
4a5a82da9bbab0a3ea1701c3ae9334c678d24ca5Mark de Reeper String strIP = ClientUtils.getClientIPAddress(request);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (strIP != null) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster Set ipSet = new HashSet(1);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster ipSet.add((String) strIP);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster envParameters.put(ISAuthConstants.REQUEST_IP,ipSet);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster Enumeration enum1 = request.getParameterNames();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster while (enum1.hasMoreElements()) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String paramName = (String) enum1.nextElement();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String[] values = request.getParameterValues(paramName);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (values != null) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster Set set = new HashSet();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster for (int i = 0; i < values.length; i++) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster set.add((String) values[i]);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (!set.isEmpty()) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster envParameters.put(paramName, set);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // add all headers
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster enum1 = request.getHeaderNames();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (enum1 != null) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster while (enum1.hasMoreElements()) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String name = (String) enum1.nextElement();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster Enumeration enum2 = request.getHeaders(name);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster Set values = new HashSet();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster while (enum2.hasMoreElements()) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster values.add(enum2.nextElement());
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (!values.isEmpty()) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster envParameters.put(name, values);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster return envParameters;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster /**
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Returns unescaped text. This method replaces "&#124;" with "|".
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster *
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param text String to be unescaped.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @return unescape special character text.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster */
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public static String unescapePipe(String text) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster return text.replaceAll("&#124;", "|");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster /**
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Replaces <code>|</code> with "&#124;".
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster *
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @return String with the special "|" character replaced with "&#124;".
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster */
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public static String escapePipe(String text) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // escape "|" as it will be used as separator
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster int i = text.indexOf("|");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (i != -1) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster StringBuilder sb = new StringBuilder();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster int len = 0;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (text != null) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster len = text.length();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster sb.append(text.substring(0, i));
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster for (; i < len; i++) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (text.charAt(i) == '|') {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster sb.append("&#124;");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster } else {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster sb.append(text.charAt(i));
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster text = sb.toString();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster return text;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster /**
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Returns the data from Realm qualified data. This could be authentication
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * scheme or authentication level or service.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster *
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param realmQualifedData Realm qualified data. This could be Realm
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * qualified authentication scheme or authentication level or service.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @return String representing data. This could be authentication
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * scheme or authentication level or service.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster */
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public static String getDataFromRealmQualifiedData(
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String realmQualifedData){
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String data = null;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (realmQualifedData != null && realmQualifedData.length() != 0) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster int index = realmQualifedData.indexOf(ISAuthConstants.COLON);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (index != -1) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster data = realmQualifedData.substring(index + 1).trim();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster } else {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster data = realmQualifedData;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (utilDebug.messageEnabled()) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster utilDebug.message("realmQualifedData : " + realmQualifedData );
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster utilDebug.message("DataFromRealmQualifiedData : " + data );
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster return data;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
2cdbc4fc62ed8b9c2c8ef660adc4fe0188b65407Neil Madden
2cdbc4fc62ed8b9c2c8ef660adc4fe0188b65407Neil Madden
2cdbc4fc62ed8b9c2c8ef660adc4fe0188b65407Neil Madden /**
2cdbc4fc62ed8b9c2c8ef660adc4fe0188b65407Neil Madden * Determines whether Zero Page Login (ZPL) should be allowed for this request. This includes checking whether
2cdbc4fc62ed8b9c2c8ef660adc4fe0188b65407Neil Madden * ZPL is enabled for this AuthContext and, if so, whether the HTTP Referer header on the request matches the
2cdbc4fc62ed8b9c2c8ef660adc4fe0188b65407Neil Madden * ZPL whitelist. POST requests are always enabled, but are still subject to the Referer whitelist.
2cdbc4fc62ed8b9c2c8ef660adc4fe0188b65407Neil Madden *
2cdbc4fc62ed8b9c2c8ef660adc4fe0188b65407Neil Madden * @param config the ZPL configuration.
2cdbc4fc62ed8b9c2c8ef660adc4fe0188b65407Neil Madden * @param request the HTTP request.
2cdbc4fc62ed8b9c2c8ef660adc4fe0188b65407Neil Madden * @return true if ZPL is allowed, otherwise false.
2cdbc4fc62ed8b9c2c8ef660adc4fe0188b65407Neil Madden */
2cdbc4fc62ed8b9c2c8ef660adc4fe0188b65407Neil Madden public static boolean isZeroPageLoginAllowed(ZeroPageLoginConfig config, HttpServletRequest request) {
2cdbc4fc62ed8b9c2c8ef660adc4fe0188b65407Neil Madden final boolean isPost = "POST".equalsIgnoreCase(request.getMethod());
2cdbc4fc62ed8b9c2c8ef660adc4fe0188b65407Neil Madden if (!isPost && !config.isEnabled()) {
2cdbc4fc62ed8b9c2c8ef660adc4fe0188b65407Neil Madden return false;
2cdbc4fc62ed8b9c2c8ef660adc4fe0188b65407Neil Madden }
2cdbc4fc62ed8b9c2c8ef660adc4fe0188b65407Neil Madden
2cdbc4fc62ed8b9c2c8ef660adc4fe0188b65407Neil Madden final String referer = request.getHeader(HTTP_REFERER);
2cdbc4fc62ed8b9c2c8ef660adc4fe0188b65407Neil Madden final Set<String> whitelist = config.getRefererWhitelist();
2cdbc4fc62ed8b9c2c8ef660adc4fe0188b65407Neil Madden
2cdbc4fc62ed8b9c2c8ef660adc4fe0188b65407Neil Madden if (referer == null) {
2cdbc4fc62ed8b9c2c8ef660adc4fe0188b65407Neil Madden return config.isAllowedWithoutReferer();
2cdbc4fc62ed8b9c2c8ef660adc4fe0188b65407Neil Madden }
2cdbc4fc62ed8b9c2c8ef660adc4fe0188b65407Neil Madden
2cdbc4fc62ed8b9c2c8ef660adc4fe0188b65407Neil Madden return whitelist.isEmpty() || whitelist.contains(referer);
2cdbc4fc62ed8b9c2c8ef660adc4fe0188b65407Neil Madden }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL /**
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL * Decode the value
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL * @param strIn
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL * @param charset
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL * @return an empty string if strIn is null. Use UTF-8 if the charset is empty or null. Return the original
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL * string if the decoding failed.
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL */
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL private static String getCharDecodedField(String strIn, String charset) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (strIn == null) {
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL return "";
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL }
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL if (charset == null || charset.isEmpty()) {
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL charset = "UTF-8";
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster try {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // Translate the individual field values in the encoding value.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // Do not use getBytes() instead convert unicode into bytes by
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // casting. Using getBytes() results in conversion into platform
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // encoding. It appears to work in C locale because default
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // encoding is 8859-1 but fails in other locales like Japanese,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // Chinese.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster int len = strIn.length();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster byte buf[] = new byte[len];
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster int i = 0;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster int offset = 0;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster char[] carr = strIn.toCharArray();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster while (i < len) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster buf[offset++] = (byte) carr[i++];
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL return new String(buf, 0, offset, charset);
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster } catch (Exception ex) {
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL utilDebug.error("AuthClientUtils.getCharDecodedField():", ex);
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL return strIn;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
3d6aee7121714bbefc14dc1fa93b07f985700eb2David Luna }
3d6aee7121714bbefc14dc1fa93b07f985700eb2David Luna
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL /**
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL * Put the value in the map. The value will be char decoded with the correct encoding.
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL * If for any reason, the value is empty, this function won't add the value to the map. So no Null or empty value
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL * will added to the map
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL * @param data the map where you want to add the value
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL * @param name the value key name
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL * @param value the value you want to add in the map.
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL * @param encoding the encoding charset. If null, UTF-8 will be used
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL */
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL private static void putDecodedValue(Map<String, String> data, String name, String value, String encoding) {
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL if (value == null || value.isEmpty()) {
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL if (utilDebug.messageEnabled()) {
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL utilDebug.message("AuthUtils::putDecodedValue the '" + name + "' value is null or empty'");
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL }
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL return;
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL }
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL String decodedValue = getCharDecodedField(value, encoding);
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL if (decodedValue.isEmpty()) {
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL if (utilDebug.messageEnabled()) {
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL utilDebug.message("AuthUtils::putDecodedValue decoding with encoding '" + encoding + "' is empty");
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL }
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL return;
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL }
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL data.put(name, decodedValue);
e9d82a2c785b1c3f169589c2a6865376670eef68Quentin CASTEL }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster}