AuthClientUtils.java revision 2cdbc4fc62ed8b9c2c8ef660adc4fe0188b65407
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Copyright (c) 2005 Sun Microsystems Inc. All Rights Reserved
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * The contents of this file are subject to the terms
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * of the Common Development and Distribution License
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * (the License). You may not use this file except in
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * compliance with the License.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * You can obtain a copy of the License at
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * https://opensso.dev.java.net/public/CDDLv1.0.html or
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * See the License for the specific language governing
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * permission and limitations under the License.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * When distributing Covered Code, include this CDDL
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Header Notice in each file and include the License file
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * If applicable, add the following below the CDDL Header,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * with the fields enclosed by brackets [] replaced by
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * your own identifying information:
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * "Portions Copyrighted [year] [name of copyright owner]"
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * $Id: AuthClientUtils.java,v 1.40 2010/01/22 03:31:01 222713 Exp $
8664d1ad0030edb76938df2352bf8fb0dd64bff6Mark de Reeper * Portions Copyrighted 2010-2014 ForgeRock AS.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport com.iplanet.dpro.session.SessionException;
cd085ff36bed57615d33434450ffc7c44ca016edDavid Lunaimport com.iplanet.dpro.session.share.SessionEncodeURL;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport com.iplanet.services.naming.ServerEntryNotFoundException;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport com.iplanet.services.naming.WebtopNaming;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport com.sun.identity.authentication.AuthContext;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport com.sun.identity.authentication.service.AMAuthErrorCode;
cd085ff36bed57615d33434450ffc7c44ca016edDavid Lunaimport com.sun.identity.authentication.service.AuthException;
cd085ff36bed57615d33434450ffc7c44ca016edDavid Lunaimport com.sun.identity.authentication.util.ISAuthConstants;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport com.sun.identity.common.HttpURLConnectionManager;
cd085ff36bed57615d33434450ffc7c44ca016edDavid Lunaimport com.sun.identity.policy.plugins.AuthSchemeCondition;
cd085ff36bed57615d33434450ffc7c44ca016edDavid Lunaimport com.sun.identity.security.AdminTokenAction;
cd085ff36bed57615d33434450ffc7c44ca016edDavid Lunaimport com.sun.identity.session.util.SessionUtils;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport com.sun.identity.shared.encode.CookieUtils;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport com.sun.identity.shared.encode.URLEncDec;
cd085ff36bed57615d33434450ffc7c44ca016edDavid Lunaimport org.forgerock.openam.security.whitelist.ValidGotoUrlExtractor;
cd085ff36bed57615d33434450ffc7c44ca016edDavid Lunaimport org.forgerock.openam.shared.security.whitelist.RedirectUrlValidator;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public static final String DEFAULT_CLIENT_TYPE ="genericHTML";
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public static final String COMPOSITE_ADVICE = "sunamcompositeadvice";
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster private static final String DEFAULT_CONTENT_TYPE="text/html";
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster private static final String DEFAULT_FILE_PATH = "html";
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster private static final String DEFAULT_COOKIE_SUPPORT = "true";
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster private static final String DSAME_VERSION="7.0";
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public static final String ERROR_MESSAGE = "Error_Message";
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public static final String ERROR_TEMPLATE = "Error_Template";
2cdbc4fc62ed8b9c2c8ef660adc4fe0188b65407Neil Madden public static final String BUNDLE_NAME="amAuth";
2cdbc4fc62ed8b9c2c8ef660adc4fe0188b65407Neil Madden private static final String HTTP_REFERER = "Referer";
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster private static boolean setRequestEncoding = false;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster private static AMClientDetector clientDetector;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster private static final boolean urlRewriteInPath =
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster new StringBuffer().append(Constants.FILE_SEPARATOR)
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster private static final String rootSuffix = SMSEntry.getRootSuffix();
cd085ff36bed57615d33434450ffc7c44ca016edDavid Luna protected static final RedirectUrlValidator<String> REDIRECT_URL_VALIDATOR =
cd085ff36bed57615d33434450ffc7c44ca016edDavid Luna new RedirectUrlValidator<String>(ValidGotoUrlExtractor.getInstance());
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // dsame version
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster SystemProperties.get(Constants.AM_VERSION,DSAME_VERSION);
fd8e00bb4008ddccf0430ca49ecbdbef27e6a2acMark de Reeper // If true, version header will be added to responses, default is false
fd8e00bb4008ddccf0430ca49ecbdbef27e6a2acMark de Reeper private static final boolean isVersionHeaderEnabled =
fd8e00bb4008ddccf0430ca49ecbdbef27e6a2acMark de Reeper SystemProperties.getAsBoolean(Constants.AM_VERSION_HEADER_ENABLED, false);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster /* Constants.AM_COOKIE_NAME is the AM Cookie which
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * gets set when the user has authenticated
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster SystemProperties.get(Constants.AM_COOKIE_NAME);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster /* Constants.AM_AUTH_COOKIE_NAME is the Auth Cookie which
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * gets set during the authentication process.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster SystemProperties.get(Constants.AM_AUTH_COOKIE_NAME,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster /* Constants.AM_DIST_AUTH_COOKIE_NAME is the Auth Cookie which
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * gets set during the authentication process.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster SystemProperties.get(Constants.AM_DIST_AUTH_COOKIE_NAME,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster SystemProperties.get(Constants.AM_PCOOKIE_NAME);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster private static String serviceURI = getServiceURI() + "/UI/Login";
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster private static boolean setCookieToAllDomains = true;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster static Debug utilDebug = Debug.getInstance("amAuthClientUtils");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster "IDtoken0", "IDtoken1", "IDtoken2", "IDButton", "AMAuthCookie", "encoded", "IDToken3"
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster private static boolean useCache = Boolean.getBoolean(SystemProperties.get(
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster private static boolean isSessionHijackingEnabled =
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster Constants.IS_ENABLE_UNIQUE_COOKIE, "false")).booleanValue();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster SystemProperties.get(Constants.AUTH_UNIQUE_COOKIE_NAME,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster "sunIdentityServerAuthNServer");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster SystemProperties.get(Constants.AUTH_UNIQUE_COOKIE_DOMAIN);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster SystemProperties.get(Constants.DISTAUTH_CLUSTER, "");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster private static ArrayList distAuthClusterList = new ArrayList();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster SystemProperties.get(Constants.AM_DISTAUTH_SITES, "");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster private static Map<String, Set<String>> distAuthSitesMap = new HashMap();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster private static final List<String> RETAINED_HTTP_REQUEST_HEADERS = new ArrayList<String>();
9a8a88c1867d7f60df76cdfbf10606db698b63fePeter Major private static final List<String> RETAINED_HTTP_HEADERS = new ArrayList<String>();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // Initialzing variables
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster SystemProperties.get(AdminTokenAction.AMADMIN_MODE, "false");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster defaultClient = ClientsManager.getDefaultInstance();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster bundle = Locale.getInstallResourceBundle(BUNDLE_NAME);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String proto = SystemProperties.get(Constants.DISTAUTH_SERVER_PROTOCOL);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster host = SystemProperties.get(Constants.DISTAUTH_SERVER_HOST);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster port = SystemProperties.get(Constants.DISTAUTH_SERVER_PORT);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster proto = SystemProperties.get(Constants.AM_SERVER_PROTOCOL);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster host = SystemProperties.get(Constants.AM_SERVER_HOST);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster port = SystemProperties.get(Constants.AM_SERVER_PORT);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (str != null && str.toLowerCase().equals("false")) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster utilDebug.message("AuthClientUtils: setCookieToAllDomains = "+
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster "AuthClientUtils.static(): "
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster distAuthClusterList.add(distAuthCluster.trim());
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster "AuthClientUtils.static(): "
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster distAuthServer.substring(0, distAuthServer.indexOf("="));
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster distAuthServer.substring(distAuthServer.indexOf("=") + 1);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster Set<String> distAuthSet = distAuthSitesMap.get(distAuthSiteName);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster distAuthSitesMap.put(distAuthSiteName, distAuthSet);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster utilDebug.message("AuthClientUtils.static(): " +
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster "invalid dist auth server entry: " + distAuthServer);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster distAuthSites.substring(0, distAuthSites.indexOf("="));
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster distAuthSites.substring(distAuthSites.indexOf("=") + 1);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster Set<String> distAuthSet = new HashSet<String>();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster distAuthSitesMap.put(distAuthSiteName, distAuthSet);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster utilDebug.message("AuthClientUtils.static(): " +
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster "invalid dist auth server entry: " + distAuthSites);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster utilDebug.message("AuthClientUtils.static(): " +
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster "dist auth server to site: " + distAuthSitesMap);
9a8a88c1867d7f60df76cdfbf10606db698b63fePeter Major RETAINED_HTTP_REQUEST_HEADERS.addAll(getHeaderNameListForProperty(
9a8a88c1867d7f60df76cdfbf10606db698b63fePeter Major //configuration sanity check
9a8a88c1867d7f60df76cdfbf10606db698b63fePeter Major RETAINED_HTTP_REQUEST_HEADERS.removeAll(getHeaderNameListForProperty(
9a8a88c1867d7f60df76cdfbf10606db698b63fePeter Major RETAINED_HTTP_HEADERS.addAll(getHeaderNameListForProperty(
9a8a88c1867d7f60df76cdfbf10606db698b63fePeter Major //configuration sanity check
9a8a88c1867d7f60df76cdfbf10606db698b63fePeter Major RETAINED_HTTP_HEADERS.removeAll(getHeaderNameListForProperty(
9a8a88c1867d7f60df76cdfbf10606db698b63fePeter Major //we need to ensure that set-cookie headers are always retained for the response.
9a8a88c1867d7f60df76cdfbf10606db698b63fePeter Major utilDebug.message("Retained request headers: " + RETAINED_HTTP_REQUEST_HEADERS);
9a8a88c1867d7f60df76cdfbf10606db698b63fePeter Major utilDebug.message("Retained response headers: " + RETAINED_HTTP_HEADERS);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Protected constructor to prevent any instances being created
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Needs to be protected to allow subclass AuthUtils
9a8a88c1867d7f60df76cdfbf10606db698b63fePeter Major private static List<String> getHeaderNameListForProperty(String property) {
9a8a88c1867d7f60df76cdfbf10606db698b63fePeter Major return Arrays.asList(value.toLowerCase().split(","));
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public static Hashtable parseRequestParameters(
5b07ede5c1cb1cec664ceab5734ad882483c1393Gabor Hollosi private static Hashtable decodeHash(HttpServletRequest request) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String clientEncoding = request.getCharacterEncoding();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String encoding = (clientEncoding != null) ? clientEncoding : "UTF-8";
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster utilDebug.message("AuthUtils::decodeHash:clientEncoding = "
5b07ede5c1cb1cec664ceab5734ad882483c1393Gabor Hollosi Enumeration<String> names = request.getParameterNames();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String encoded = request.getParameter("encoded");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if(name.equalsIgnoreCase("SunQueryParamsString")){
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // This will nornally be the case when browser back button is
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // used and the form is posted again with the base64 encoded
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // parameters
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster StringTokenizer st = new StringTokenizer(value, "&");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String parameterValue = str.substring(index+1);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster getCharDecodedField(parameterValue, encoding, utilDebug));
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // Again this will be the case when browser back
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // button is used and the form is posted with the
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // base64 encoded parameters including goto
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster getCharDecodedField(value, encoding, utilDebug));
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster getCharDecodedField(value, encoding, utilDebug));
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Returns the Logout cookie.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param sid Session ID.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param cookieDomain Cookie domain.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @return logout cookie string.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public static Cookie getLogoutCookie(SessionID sid, String cookieDomain) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String logoutCookieString = getLogoutCookieString(sid);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster Cookie logoutCookie = createCookie(logoutCookieString,cookieDomain);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Returns the encrpted Logout cookie string .
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * The format of this cookie is:
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * <code>LOGOUT@protocol@servername@serverport@sessiondomain</code>.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param sid the SessionID
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @return encrypted logout cookie string.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public static String getLogoutCookieString(SessionID sid) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster logout_cookie = (String) AccessController.doPrivileged(
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster sid.getSessionDomain(), Crypt.getHardcodedKeyEncryptor()));
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster utilDebug.message("Logout cookie : " + logout_cookie);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster utilDebug.message("Error creating cookie : " + e.getMessage());
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Returns Cookie to be set in the response.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param cookieValue value of cookie
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param cookieDomain domain for which cookie will be set.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @return Cookie object.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public static Cookie createCookie(String cookieValue, String cookieDomain) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster utilDebug.message("cookieName : " + cookieName);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster utilDebug.message("cookieValue : " + cookieValue);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster utilDebug.message("cookieDomain : " + cookieDomain);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster return (createCookie(cookieName,cookieValue,cookieDomain));
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public static String getQueryOrgName(HttpServletRequest request,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // print cookies in the request
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // use for debugging purposes
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public static void printCookies(HttpServletRequest req) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster utilDebug.message("Received Cookie:" + ck[i].getName() +
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public static void printHash(Hashtable reqParameters) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster utilDebug.message("AuthRequest: In printHash" + reqParameters);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster utilDebug.message("printHash Key is : " + key);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster utilDebug.message("printHash : String[] keyname ("+
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster utilDebug.warning("Exception: printHash :" , e);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public static void setlbCookie(HttpServletRequest request,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster HttpServletResponse response) throws AuthException {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (cookieName != null && cookieName.length() != 0) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster for (Iterator it = domains.iterator(); it.hasNext(); ) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster CookieUtils.addCookieToResponse(response, cookie);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster CookieUtils.addCookieToResponse(response, createlbCookie(null));
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Creates a Cookie with the <code>cookieName</code>,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * <code>cookieValue</code> for the cookie domains specified.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param cookieName is the name of the cookie
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param cookieValue is the value fo the cookie
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param cookieDomain Domain for which the cookie is to be set.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @return the cookie object.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster utilDebug.message("cookieName : " + cookieName);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster utilDebug.message("cookieValue : " + cookieValue);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster utilDebug.message("cookieDomain : " + cookieDomain);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // hardcoded need to read from attribute and set cookie
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // for all domains
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster cookie = CookieUtils.newCookie(cookieName, cookieValue,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster utilDebug.message("createCookie Cookie is set : " + cookie);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public static void clearlbCookie(HttpServletRequest request,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (cookieName != null && cookieName.length() != 0) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster for (Iterator it = domains.iterator(); it.hasNext(); ) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster createPersistentCookie(cookieName, "LOGOUT", 0, null));
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster /* return the the error message for the error code */
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public static String getErrorMessage(String errorCode) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String errorMessage = getErrorVal(errorCode,ERROR_MESSAGE);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster /* return the the error template for the error code */
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public static String getErrorTemplate(String errorCode) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String errorTemplate = getErrorVal(errorCode,ERROR_TEMPLATE);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public static boolean checkForCookies(HttpServletRequest req) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // came here if cookie not found , return false
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster (CookieUtils.getCookieValueFromReq(req,getAuthCookieName()) != null)
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster (CookieUtils.getCookieValueFromReq(req,getCookieName()) !=null));
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // Get Original Redirect URL for Auth to redirect the Login request
cd085ff36bed57615d33434450ffc7c44ca016edDavid Luna public static String getOrigRedirectURL(HttpServletRequest request, SessionID sessID) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster SSOTokenManager manager = SSOTokenManager.getInstance();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster SSOToken ssoToken = manager.createSSOToken(sidString);
cd085ff36bed57615d33434450ffc7c44ca016edDavid Luna return REDIRECT_URL_VALIDATOR.getRedirectUrl(ssoToken.getProperty(ISAuthConstants.ORGANIZATION),
cd085ff36bed57615d33434450ffc7c44ca016edDavid Luna REDIRECT_URL_VALIDATOR.getAndDecodeParameter(request, RedirectUrlValidator.GOTO),
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster utilDebug.message("Error in getOrigRedirectURL:"
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Adds Logout cookie to URL.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param url is the url to be rewritten with the logout cookie
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param logoutCookie is the logoutCookie String
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param isCookieSupported is a boolean which indicates whether
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * cookie support is true or false
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @return URL with the logout cookie appended to it.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if ((logoutCookie == null) || (isCookieSupported)) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster StringBuffer cookieString = new StringBuffer();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster cookieString.append(URLEncDec.encode(getCookieName()))
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster .append("=").append(URLEncDec.encode(logoutCookie));
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster utilDebug.message("cookieString is : "+ cookieString);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster /*if (utilDebug.messageEnabled()) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * utilDebug.message("logoutURL is : "+ logoutURL);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Returns the Session ID for the request.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * The cookie in the request for invalid sessions
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * is in authentication cookie, <code>com.iplanet.am.auth.cookie</code>,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * and for active/inactive sessions in <code>com.iplanet.am.cookie</code>.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param request HttpServletRequest object.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @return session id for this request.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster private static SessionID getSidFromCookie(HttpServletRequest request) {
a3ad5b897425a56b9765727e7ccea4679662411ePeter Major //Let's check the URL first in case this is a forwarded request from Federation. URL should have precedence
a3ad5b897425a56b9765727e7ccea4679662411ePeter Major //over the actual cookie value, so this way a new federated auth can always start with a clear auth session.
a3ad5b897425a56b9765727e7ccea4679662411ePeter Major String sidValue = SessionEncodeURL.getSidFromURL(request, getAuthCookieName());
a3ad5b897425a56b9765727e7ccea4679662411ePeter Major sidValue = CookieUtils.getCookieValueFromReq(request, getAuthCookieName());
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster utilDebug.message("sidValue from Auth Cookie");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Returns the Session ID for this request. If Authetnication Cookie and
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Valid AM Cookie are there and request method is GET then use Valid
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * AM Cookie else use Auth Cookie. The cookie in the request for invalid
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * sessions is in auth cookie, <code>com.iplanet.am.auth.cookie</code>,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * and for active/inactive sessions in <code>com.iplanet.am.cookie</code>.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param request HTTP Servlet Request.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @return Session ID for this request.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public static SessionID getSessionIDFromRequest(HttpServletRequest request) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster SessionID amCookieSid = new SessionID(request);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster SessionID authCookieSid = getSidFromCookie(request);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster utilDebug.message("AuthUtils:returning sessionID:" + sessionID);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Returns <code>true</code> if the request has the
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * <code>arg=newsession</code> query parameter.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param reqDataHash Request Data Hashtable.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * returns <code>true</code> if this parameter is present.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public static boolean newSessionArgExists(Hashtable reqDataHash) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster utilDebug.message("newSessionArgExists : " + newSessionArgExists);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // Get the AuthContext.IndexType given string index type value
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public static AuthContext.IndexType getIndexType(String strIndexType) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster utilDebug.message("getIndexType : strIndexType = " + strIndexType);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster } else if (strIndexType.equalsIgnoreCase("role")) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster } else if (strIndexType.equalsIgnoreCase("service")) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster } else if (strIndexType.equalsIgnoreCase("module_instance")) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster indexType = AuthContext.IndexType.MODULE_INSTANCE;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster } else if (strIndexType.equalsIgnoreCase("level")) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster } else if (strIndexType.equalsIgnoreCase("composite_advice")) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster indexType = AuthContext.IndexType.COMPOSITE_ADVICE;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster utilDebug.message("getIndexType : IndexType = " + indexType);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // Get the index name given index type from the existing valid session
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public static String getIndexName(SSOToken ssoToken,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster } else if (indexType == AuthContext.IndexType.ROLE) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster } else if (indexType == AuthContext.IndexType.SERVICE) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster } else if (indexType == AuthContext.IndexType.MODULE_INSTANCE) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster getLatestIndexName(ssoToken.getProperty("AuthType"));
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster } else if (indexType == AuthContext.IndexType.LEVEL) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster utilDebug.message("Error in getIndexName :"+ e.toString());
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster utilDebug.message("getIndexName : IndexType = " + indexType);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster utilDebug.message("getIndexName : IndexName = " + indexName);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // Get the first or latest index name from the string of index names
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // separated by "|".
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster private static String getLatestIndexName(String indexName) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster StringTokenizer st = new StringTokenizer(indexName,"|");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // search valve in the String
9160e3a1ec0de94808cbc042cf0f9d449430a126Phill Cunnington public static boolean isContain(String value, String key) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster return (false);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster StringTokenizer st = new StringTokenizer(value, "|");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster return (true);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster return (true);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster return (false);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // Method to check if this is Session Upgrade
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public static boolean checkSessionUpgrade(
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster boolean upgrade = false;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster utilDebug.message("AuthClientUtils.checkSessionUpgrade: user");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster utilDebug.message("AuthClientUtils.checkSessionUpgrade: role");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster reqDataHash.get(Constants.COMPOSITE_ADVICE) == null) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster utilDebug.message("AuthClientUtils.checkSessionUpgrade:"
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster +" service");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster utilDebug.message("AuthClientUtils.checkSessionUpgrade:module");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster } else if (reqDataHash.get("authlevel")!=null) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster utilDebug.message("checksessionUpgrade: authlevel");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster int i = Integer.parseInt((String)reqDataHash.get("authlevel"));
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (i>Integer.parseInt(ssoToken.getProperty("AuthLevel"))) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster } else if ( reqDataHash.get(Constants.COMPOSITE_ADVICE) != null ) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster utilDebug.message("checksessionUpgrade: composite advice");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster utilDebug.message("Exception in checkSessionUpgrade : " , e);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster utilDebug.message("Check session upgrade : " + upgrade);
b5d806442d0311234a3612ec0e1a04ed70a4e8e2Peter Major * Tells whether the incoming request corresponds to a session upgrade or ForceAuth.
b5d806442d0311234a3612ec0e1a04ed70a4e8e2Peter Major * @param request The incoming HttpServletRequest.
b5d806442d0311234a3612ec0e1a04ed70a4e8e2Peter Major * @return <code>true</code> if the request corresponds to a session upgrade or ForceAuth, <code>false</code>
b5d806442d0311234a3612ec0e1a04ed70a4e8e2Peter Major * otherwise.
b5d806442d0311234a3612ec0e1a04ed70a4e8e2Peter Major public static boolean isSessionUpgradeOrForceAuth(HttpServletRequest request) {
b5d806442d0311234a3612ec0e1a04ed70a4e8e2Peter Major Hashtable reqDataHash = parseRequestParameters(request);
b5d806442d0311234a3612ec0e1a04ed70a4e8e2Peter Major boolean isForceAuth = forceAuthFlagExists(reqDataHash);
b5d806442d0311234a3612ec0e1a04ed70a4e8e2Peter Major SSOTokenManager tokenManager = SSOTokenManager.getInstance();
b5d806442d0311234a3612ec0e1a04ed70a4e8e2Peter Major SSOToken token = tokenManager.createSSOToken(request);
b5d806442d0311234a3612ec0e1a04ed70a4e8e2Peter Major utilDebug.message("Unable to create sso token for isSessionUpgrade check: " + ssoe);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public static String getCookieURLForSessionUpgrade(HttpServletRequest request) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster SSOTokenManager tokenManager = SSOTokenManager.getInstance();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster SSOToken token = tokenManager.createSSOToken(request);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster Hashtable reqDataHash = parseRequestParameters(request);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster cookieURL = getCookieURL(new SessionID(token.getTokenID().toString()));
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (cookieURL != null && !isLocalServer(cookieURL, true)
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster utilDebug.message("SSOException occured while checking session upgrade case" + ssoe);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public static String getCookieURL(SessionID sessionID) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster URL sessionServerURL = Session.getSessionServiceURL(sessionID);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster + Integer.toString(sessionServerURL.getPort()) + serviceURI;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster utilDebug.message("LoginServlet error in Session : " + se.toString());
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public static boolean isClientDetectionEnabled() {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster clientDetectionEnabled = clientDetector.isDetectionEnabled();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster utilDebug.message("getClientDetector,Service does not exist");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Returns the client type. If client detection is enabled then
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * client type is determined by the <code>ClientDetector</code> class otherwise
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * <code>defaultClientType</code> set in
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * <code>iplanet-am-client-detection-default-client-type</code>
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * is assumed to be the client type.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param req HTTP Servlet Request.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @return client type.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public static String getClientType(HttpServletRequest req) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (isClientDetectionEnabled() && (clientDetector != null)) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Get default client
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String defaultClientType = DEFAULT_CLIENT_TYPE;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster defaultClientType = defaultClient.getClientType();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // add observer, so auth will be notified if the client changed
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // defClient.addObserver(this);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster utilDebug.error("getDefaultClientType Error : "
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster utilDebug.message("getDefaultClientType, ClientType = " +
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * return the client Object associated with a clientType
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * default instance is returned if the instance could not be found
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster private static Client getClientInstance(String clientType) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (!clientType.equals(getDefaultClientType())) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster return (AuthClient.getInstance(clientType,null));
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Returns the requested property from clientData (example fileIdentifer).
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param clientType
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param property
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @return the requested property from clientData.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster private static String getProperty(String clientType, String property) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (clientDetector == null || !isClientDetectionEnabled()) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster return (getClientInstance(clientType).getProperty(property));
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // which means we did not get the client Property
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster utilDebug.warning("Error retrieving Client Data : " + property +
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // if this was not the default client type then lets
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // try to get the default client Property
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * return the requested property for default client
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public static String getDefaultProperty(String property) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster utilDebug.warning("Could not get " + property + ce.toString());
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * return the charset associated with the clientType
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public static String getCharSet(String clientType,java.util.Locale locale) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String charset = Client.CDM_DEFAULT_CHARSET; // ISO-8859-1
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster charset = getClientInstance(clientType).getCharset(locale);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster utilDebug.warning("AuthClientUtils.getCharSet:"
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster + " Client data was "
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster + "not found, setting charset to UTF-8.");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster charset = Constants.CONSOLE_UI_DEFAULT_CHARSET;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster utilDebug.message("AuthClientUtils.getCharSet: Charset from"+
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster charset = Constants.CONSOLE_UI_DEFAULT_CHARSET; // UTF-8
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * return the filePath associated with a clientType
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public static String getFilePath(String clientType) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String filePath = getProperty(clientType,"filePath");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * return the contentType associated with a clientType
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * if no contentType found then return the default
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public static String getContentType(String clientType) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String contentType = getProperty(clientType,"contentType");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * for url rewriting with session id we need to know whether
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * cookies are supported
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * RFE 4412286
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public static String getCookieSupport(String clientType) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String cookieSup = getProperty(clientType,"cookieSupport");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * determine if this client is an html client
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public static boolean isGenericHTMLClient(String clientType) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String type = getProperty(clientType,"genericHTML");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster /* return true if cookiSupport is true or cookieDetection
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * mode has been detected .This is used to determine
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * whether cookie should be set in response or not.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public static boolean isSetCookie(String clientType) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster boolean setCookie = setCookieVal(clientType,"true");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster /* checks the cookieDetect , cookieSupport values to
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * determine if cookie should be rewritten or set.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public static boolean setCookieVal(String clientType,String value) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String cookieSupport = getCookieSupport(clientType);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster boolean cookieDetect = getCookieDetect(cookieSupport);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster boolean setCookie = (cookieSup || cookieDetect) ;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster utilDebug.message("cookieSupport : " + cookieSupport);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster utilDebug.message("cookieDetect : " + cookieDetect);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster utilDebug.message(" setCookie is : " + setCookie);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster /** Returns true if cookieDetect mode else false.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param cookieSupport , whether cookie is supported or not.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @return true if cookieDetect mode else false
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public static boolean getCookieDetect(String cookieSupport) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster utilDebug.message("CookieDetect : " + cookieDetect);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Extracts the client URL from the String passed
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * URL passed is in the format clientType | URL
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param urlString is a String , a URL
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param index is the position of delimiter "|"
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @return Returns the client URL.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public static String getClientURLFromString(String urlString,int index,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String clientTypeInUrl = urlString.substring(0,index);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster (clientTypeInUrl.equals(getClientType(request)))) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster utilDebug.message("Client URL is :" + clientURL);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster /* return true if cookieSupport is false and cookie Detect
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * mode (which is rewrite as well as set cookie the first
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * time). This determines whether url should be rewritten
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public static boolean isUrlRewrite(String clientType) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster boolean rewriteURL = setCookieVal(clientType,"false");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster utilDebug.message("rewriteURL : " + rewriteURL);
fd8e00bb4008ddccf0430ca49ecbdbef27e6a2acMark de Reeper public static boolean isVersionHeaderEnabled() {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster /**Returns the Auth Cookie Name.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @return authCookieName, a String,the auth cookie name.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster /**Returns the Dist Auth Cookie Name.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @return authCookieName, a String, the dist auth cookie name.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public static String getPersistentCookieName() {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster utilDebug.message("AuthClientUtils.getlbCookieName()" +
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster "loadBalanceCookieName is:" + loadBalanceCookieName);
b1d33c0a07fc2bb7ed7d4712f62492aee8dcc650David Luna Set<String> cookieDomains = Collections.EMPTY_SET;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster ServiceSchemaManager scm = new ServiceSchemaManager(
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster (Set)attrs.get(ISAuthConstants.PLATFORM_COOKIE_DOMAIN_ATTR);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // Ignore the exception and leave cookieDomains empty;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster utilDebug.message("getCookieDomains - SMSException ");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // unable to get SSOToken
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster utilDebug.message("getCookieDomains - SSOException ");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (utilDebug.messageEnabled() && (!cookieDomains.isEmpty())) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Find the cookie domains from the cookie domain list based on
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * the hostname of the incoming request
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param request HttpServletRequest request
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @return a set of the cookie domains
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public static Set getCookieDomainsForReq(HttpServletRequest request) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster for (Iterator it = allDomains.iterator(); it.hasNext(); ) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster utilDebug.message("AuthClientUtils:getCookieDomainsForReq returns "
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster /* This method returns the organization DN.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * The organization DN is deteremined based on
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * the query parameters "org" OR "domain" OR
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * the server host name. For backward compatibility
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * the orgname will be determined from requestURI
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * in the case where either query params OR server host
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * name are not valid and orgDN cannot be found.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * The orgDN is determined based on and in order,by the SDK:
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * 1. OrgDN - organization dn.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * 2. Domain - check if org is a domain by trying to get
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * domain component
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * 3 Org path- check if the orgName passed is a path (eg."/suborg1")
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * 4. URL - check if the orgName passed is a DNS alias (URL).
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * 5. If no orgDN is found null is returned.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param orgParam is the org or domain query param ,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * or the server host name
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param noQueryParam is a boolean indicating that the
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * the request did not have query.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param request is the HttpServletRequest object
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @return A String which is the organization DN
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public static String getOrganizationDN(String orgParam,boolean noQueryParam,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster SSOToken token = (SSOToken) AccessController.doPrivileged(
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // try to get the host name if org or domain Param is null
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster orgName = IdUtils.getOrganization(token,orgParam);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if ((orgName != null) && (orgName.length() != 0)) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // if orgName is null then match the DNS Alias Name
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // to the full url ie. proto:/server/amserver/UI/Login
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // This is for backward compatibility
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (((orgName == null) || orgName.length() == 0) && (noQueryParam)) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String url = request.getRequestURL().toString();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster orgName = IdUtils.getOrganization(token,orgParam);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster utilDebug.message("Could not get orgName"+orgParam,e);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster utilDebug.message("getOrganizationDN : orgParam... :" + orgParam);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster utilDebug.message("getOrganizationDN : orgDN ... :" + orgName);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster /** This method determines the org parameter
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * and determines the organization DN based on
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * query parameters.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * The organization DN is determined based on
03e319d6edecb454bdd9f18ad80f545ab4a64a17Peter Major * the policy advice OR
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * the query parameters "org" OR "domain" OR
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * the server host name. For backward compatibility
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * the orgname will be determined from requestURI
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * in the case where either query params OR server host
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * name are not valid and orgDN cannot be found.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * The orgDN is determined based on and in order,by the SDK:
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * 1. OrgDN - organization dn.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * 2. Domain - check if org is a domain by trying to get
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * domain component
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * 3 Org path- check if the orgName passed is a path (eg."/suborg1")
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * 4. URL - check if the orgName passed is a DNS alias (URL).
03e319d6edecb454bdd9f18ad80f545ab4a64a17Peter Major * 5. Policy Advice will be checked for realm advice, or realm component in
03e319d6edecb454bdd9f18ad80f545ab4a64a17Peter Major * the advice
03e319d6edecb454bdd9f18ad80f545ab4a64a17Peter Major * 6. If no orgDN is found null is returned.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param request HTTP Servlet Request object.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param requestHash Query Hashtable.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @return Organization DN.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster boolean noQueryParam=false;
03e319d6edecb454bdd9f18ad80f545ab4a64a17Peter Major String realm = getRealmFromPolicyAdvice(requestHash);
03e319d6edecb454bdd9f18ad80f545ab4a64a17Peter Major //Policy Advice has precedence over GET parameter
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster utilDebug.message("orgParam is.. :" + orgParam);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // try to get the host name if org or domain Param is null
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if ((orgParam == null) || (orgParam.length() == 0)) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String orgDN = getOrganizationDN(orgParam,noQueryParam,request);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Returns the org or domain parameter passed as a query in the request.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param requestHash Hashtable containing the query parameters
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @return organization name.
cd11a588d8e6635eef460baf7bd5fd98591aca24Peter Major public static String getOrgParam(Hashtable<String, String> requestHash) {
cd11a588d8e6635eef460baf7bd5fd98591aca24Peter Major if (requestHash != null && !requestHash.isEmpty()) {
cd11a588d8e6635eef460baf7bd5fd98591aca24Peter Major orgParam = requestHash.get(ISAuthConstants.DOMAIN_PARAM);
cd11a588d8e6635eef460baf7bd5fd98591aca24Peter Major if (orgParam == null || orgParam.length() == 0) {
cd11a588d8e6635eef460baf7bd5fd98591aca24Peter Major orgParam = requestHash.get(ISAuthConstants.ORG_PARAM);
cd11a588d8e6635eef460baf7bd5fd98591aca24Peter Major if (orgParam == null || orgParam.length() == 0) {
cd11a588d8e6635eef460baf7bd5fd98591aca24Peter Major orgParam = requestHash.get(ISAuthConstants.REALM_PARAM);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster return(url.getProtocol() + "://" + url.getHost()+ url.getFile());
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Returns <code>true</code> if the host name in the URL is valid.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param hostName Host name.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @return <code>true</code> if the host name in the URL is valid.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public static boolean isValidFQDNRequest(String hostName) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster utilDebug.message("hostName is : " + hostName);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster boolean retVal = FQDNUtils.getInstance().isHostnameValid(hostName);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster utilDebug.message("hostname and fqdnDefault match returning true");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster utilDebug.message("hostname and fqdnDefault don't match");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Returns the valid hostname from the fqdn map and constructs the correct
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * URL. The request will be forwarded to the new URL.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param partialHostName Partial host name.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param servletRequest HTTP Servlet Request.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster utilDebug.message("Get mapping for " + partialHostName);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // get mapping from table
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster FQDNUtils.getInstance().getFullyQualifiedHostName(partialHostName);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster utilDebug.message("fully qualified hostname :"+ validHostName);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String requestURL = constructURL(validHostName,servletRequest);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster utilDebug.message("Request URL :"+ requestURL);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster /* get the host name from the servlet request's host header or
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * get it using servletRequest:getServerName() in the case
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * where host header is not found
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public static String getHostName(HttpServletRequest servletRequest) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // get the host header
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String hostname = servletRequest.getHeader("host");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (i != -1) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster utilDebug.message("Returning host name : " + hostname);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster /* construct the url */
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster static String constructURL(String validHostName,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String requestURI = servletRequest.getRequestURI();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String queryString = servletRequest.getQueryString();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster utilDebug.message("returning new url : " + urlString);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster private static boolean ignoreParameter(String parameter) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster boolean ignore = false;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (parameter.equalsIgnoreCase(ignoreList[i])) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public static String constructLoginURL(HttpServletRequest request) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster StringBuilder loginURL = new StringBuilder(serviceURI);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String clientEncoding = request.getCharacterEncoding();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String encoding = (clientEncoding != null) ? clientEncoding : "UTF-8";
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String encoded = request.getParameter("encoded");
e08748a19c208005b9fccd4d4ca8281519eeec3dPeter Major if (request.getAttribute("javax.servlet.forward.servlet_path") != null) {
e08748a19c208005b9fccd4d4ca8281519eeec3dPeter Major //this is a forwarded request, we should only save the forwarded URL.
e08748a19c208005b9fccd4d4ca8281519eeec3dPeter Major utilDebug.message("constructLoginURL: Returning login url for forwarded request: "
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster Enumeration parameters = request.getParameterNames();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String parameter = (String)parameters.nextElement();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster utilDebug.message("constructLoginURL:parameter: "+parameter);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // This will nornally be the case when browser back button is
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // used and the form is posted again with the base64 encoded
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // parameters
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (parameter.equalsIgnoreCase("SunQueryParamsString")) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String queryParams = request.getParameter(parameter);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if ((queryParams != null) && (queryParams.length()>0)){
cd085ff36bed57615d33434450ffc7c44ca016edDavid Luna queryParams = Base64.decodeAsUTF8String(queryParams);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // This function will encode all the parameters in
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // SunQueryParamsString
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster queryParams = URLencodedSunQueryParamsString(queryParams,encoding);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String value = request.getParameter(parameter);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // Again this will be the case when browser back
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // button is used and the form is posted with the
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // base64 encoded parameters including goto
41202e15f589286770cacca433bbee5df379d00bAllan Foster queryString = queryString + URLEncDec.encode(parameter)
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster getCharDecodedField(value, encoding, utilDebug));
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster utilDebug.message("AuthClientUtils.constructLoginURL() " +
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster "returning URLEncoded login url : " +
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * This method takes in a String representing query parameters, and
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * URL encodes "sunamcompositeadvice" parameter out of it.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster private static String URLencodedCompositeAdvice(String queryParams) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster StringTokenizer st = new StringTokenizer(queryParams, "&");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String value = adviceString.substring(index+1);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * This method takes in a String representing base64 decoded
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * SunQueryParamsString and URL encodes all the parameters
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * included in its value
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster protected static String URLencodedSunQueryParamsString(String queryParams,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster StringTokenizer st = new StringTokenizer(queryParams, "&");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster getCharDecodedField(value, encoding, utilDebug);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // Get Original Redirect URL for Auth to redirect the Login request
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public static SSOToken getExistingValidSSOToken(SessionID sessID) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster SSOTokenManager manager = SSOTokenManager.getInstance();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster SSOToken currentToken = manager.createSSOToken(sidString);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster utilDebug.message("Error in getExistingValidSSOToken :"
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // Check for Session Timed Out
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // If Session is Timed Out Exception is thrown
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public static boolean isTimedOut(SessionID sessID) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster boolean isTimedOut = false;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster SSOTokenManager manager = SSOTokenManager.getInstance();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster SSOToken currentToken = manager.createSSOToken(sidString);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (e.getMessage().indexOf("Session timed out") != -1) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster utilDebug.message("Session Timed Out :"+ isTimedOut);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public static String getErrorVal(String errorCode,String type) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String resProperty = bundle.getString(errorCode);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster utilDebug.message("errorCod is.. : " + errorCode);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster utilDebug.message("resProperty is.. : " + resProperty);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if ((resProperty != null) && (resProperty.length() != 0)) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster int commaIndex = resProperty.indexOf(MSG_DELIMITER);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster resProperty.substring(commaIndex+1,resProperty.length());
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster errorMsg = resProperty.substring(0,commaIndex);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public static boolean isCookieSupported(HttpServletRequest req) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster boolean cookieSupported = true;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String cookieSupport = getCookieSupport(getClientType(req));
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if ((cookieSupport != null) && cookieSupport.equals("false")) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public static boolean isCookieSet(HttpServletRequest req) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster boolean cookieSet = false;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String cookieSupport = getCookieSupport(getClientType(req));
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster boolean cookieDetect = getCookieDetect(cookieSupport);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (isClientDetectionEnabled() && cookieDetect) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster /*create Persistent Cookie */
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public static Cookie createPersistentCookie(String name, String value,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster Cookie pCookie = CookieUtils.newCookie(name, value, "/", cookieDomain);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public static Cookie createlbCookie(String cookieDomain) throws AuthException {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster utilDebug.message("cookieDomain : " + cookieDomain);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster utilDebug.message("Unable to create Load Balance Cookie");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster throw new AuthException(AMAuthErrorCode.AUTH_ERROR, null);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Returns the Cookie object created based on the <code>cookieName</code>,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Session ID and <code>cookieDomain</code>.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * If <code>AuthContext,/code> status is not <code>SUCCESS</code> then
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * cookie is created with authentication cookie Name, else AM Cookie Name
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * will be used to create cookie.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param ac the AuthContext object
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param cookieDomain the cookie domain for creating cookie.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @return Cookie object.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public static Cookie getCookieString(AuthContext ac, String cookieDomain) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (ac.getStatus() == AuthContext.Status.SUCCESS) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster cookie = createCookie(cookieName,cookieValue,cookieDomain);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster ( Returns URL with the cookie value in the URL. The cookie in the
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * re-written URL will have the AM cookie if session is active/inactive
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * and authentication cookie if session is invalid.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param url URL to be encoded.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param request HTTP Servlet Request.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param ac Authentication Context.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @return the encoded URL.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (ac.getStatus() == AuthContext.Status.SUCCESS) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster private static String encodeURL(String url,short encodingScheme,boolean escape,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster SessionEncodeURL.createCookieString(cookieName,strSessionID);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster encodedURL = SessionEncodeURL.encodeURL(cookieStr,url,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Returns the resource based on the default values.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param request HTTP Servlet Request.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param fileName name of the file
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param locale Locale used for the search.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param servletContext Servlet Context for server
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @return Path to the resource.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String filePath = getFilePath(getClientType(request));
03e319d6edecb454bdd9f18ad80f545ab4a64a17Peter Major orgDN = getDomainNameByRequest(request, parseRequestParameters(request));
03e319d6edecb454bdd9f18ad80f545ab4a64a17Peter Major //in case we are unable to determine the realm from the incoming
03e319d6edecb454bdd9f18ad80f545ab4a64a17Peter Major //requests, let's fallback to top level realm
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster templateFile = ResourceLookup.getFirstExisting(
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster fileRoot,strlocale,orgFilePath,filePath,fileName,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster templateFile = new StringBuffer().append(templatePath)
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster .append(fileRoot).append(Constants.FILE_SEPARATOR)
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster utilDebug.message("getDefaultFileName:templateFile is :" +
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster /* get the root suffix , eg. o= isp */
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // rootSuffix is already normalized in SMSEntry
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster /* get the root dir to start lookup from./<default org>
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * default is /default
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String rootOrgName = DNUtils.DNtoName(rootSuffix);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster utilDebug.message("rootOrgName is : " + rootOrgName);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster /* insert chartset in the filename */
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster private static String getCharsetFileName(String fileName) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster ISLocaleContext localeContext = new ISLocaleContext();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String charset = localeContext.getMIMECharset();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (i != -1) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster charsetFilename = fileName.substring(0, i) + "_" + charset +
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster utilDebug.message("charsetFilename is : "+ charsetFilename);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster /* retrieve the resource (file) using resource lookup */
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public static String getResourceLocation(String fileRoot, String localeName,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String orgFilePath,String filePath,String filename,String templatePath,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster ServletContext servletContext,HttpServletRequest request) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster (!clientType.equals(getDefaultClientType()))) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // non-HTML client
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String charsetFileName = getCharsetFileName(filename);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster ResourceLookup.getFirstExisting(servletContext,fileRoot,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster resourceName = ResourceLookup.getFirstExisting(servletContext,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster utilDebug.message("Resource is.. " + resourceName);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster /* constructs the filePath parameter for FileLookUp
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * filePath = indexName (service name) + clientPath (eg. html).
8664d1ad0030edb76938df2352bf8fb0dd64bff6Mark de Reeper public static String getFilePath(HttpServletRequest request, AuthContext.IndexType indexType, String indexName) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String filePath = getFilePath(getClientType(request));
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster StringBuilder filePathBuffer = new StringBuilder();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // only if index name is service type then need it
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // as part of the filePath since service can have
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // have different auth template
8664d1ad0030edb76938df2352bf8fb0dd64bff6Mark de Reeper if (AuthContext.IndexType.SERVICE.equals(indexType)) {
8664d1ad0030edb76938df2352bf8fb0dd64bff6Mark de Reeper if (filePath == null && serviceName == null) {
8664d1ad0030edb76938df2352bf8fb0dd64bff6Mark de Reeper if (filePath != null && !filePath.isEmpty()) {
8664d1ad0030edb76938df2352bf8fb0dd64bff6Mark de Reeper filePathBuffer.append(Constants.FILE_SEPARATOR).append(filePath);
8664d1ad0030edb76938df2352bf8fb0dd64bff6Mark de Reeper if (serviceName != null && !serviceName.isEmpty()) {
8664d1ad0030edb76938df2352bf8fb0dd64bff6Mark de Reeper // To avoid issues with case-sensitive filesystems, always use the lowercase version of the serviceName
8664d1ad0030edb76938df2352bf8fb0dd64bff6Mark de Reeper filePathBuffer.append(Constants.FILE_SEPARATOR).append(serviceName.toLowerCase());
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String newFilePath = filePathBuffer.toString();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster utilDebug.message("FilePath is.. :" + newFilePath);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster /* retrieves the org path to search resource
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * eg. if orgDN = o=org1,o=org11,o=org12,dc=iplanet,dc=com
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * then orgFilePath will be org12/org11/org1
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public static String getOrgFilePath(String orgDN) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster utilDebug.message("getOrgFilePath : orgDN is: " + orgDN);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster while ((remOrgDN != null) && (remOrgDN.length() != 0)
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (i != -1) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster utilDebug.message("getOrgFilePath: orgPath is : " + orgPath);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Returns the File name based on the given input values.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param fileName Name of the file.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param localeName Locale name.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param orgDN Organization distinguished name.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param servletRequest HTTP Servlet Request.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param servletContext Servlet Context for server.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param indexType AuthContext Index Type.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param indexName index name associated with the index type.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @return File name of the resource.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // get the filePath Client filePath + serviceName
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String filePath = getFilePath(servletRequest,indexType,indexName);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster utilDebug.message("Calling ResourceLookup: filename = "
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster templateFile = getResourceLocation(fileRoot,localeName,orgFilePath,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster filePath,fileName,templatePath,servletContext,servletRequest);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster utilDebug.message("Error getting File : " + e.getMessage());
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster templateFile = new StringBuffer().append(templatePath)
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster utilDebug.message("File/Resource is : " + templateFile);
113e50bd437492c1b2bd4a5681359eae56b084dfPeter Major public static String getAuthCookieValue(HttpServletRequest request) {
113e50bd437492c1b2bd4a5681359eae56b084dfPeter Major //Let's check the URL first in case this is a forwarded request from Federation. URL should have precedence
113e50bd437492c1b2bd4a5681359eae56b084dfPeter Major //over the actual cookie value, so this way a new federated auth can always start with a clear auth session.
113e50bd437492c1b2bd4a5681359eae56b084dfPeter Major String isForward = (String) request.getAttribute(Constants.FORWARD_PARAM);
113e50bd437492c1b2bd4a5681359eae56b084dfPeter Major utilDebug.message("AuthClientUtils.getAuthCookieValue: is forward = " + isForward);
113e50bd437492c1b2bd4a5681359eae56b084dfPeter Major if (Constants.FORWARD_YES_VALUE.equals(isForward)) {
113e50bd437492c1b2bd4a5681359eae56b084dfPeter Major ret = SessionEncodeURL.getSidFromURL(request, getAuthCookieName());
113e50bd437492c1b2bd4a5681359eae56b084dfPeter Major return ret == null ? CookieUtils.getCookieValueFromReq(request, getAuthCookieName()) : ret;
03e319d6edecb454bdd9f18ad80f545ab4a64a17Peter Major * @deprecated use {@link #getDomainNameByRequest(
03e319d6edecb454bdd9f18ad80f545ab4a64a17Peter Major * javax.servlet.http.HttpServletRequest, java.util.Hashtable)} instead.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public static String getDomainNameByRequest(Hashtable requestHash) {
03e319d6edecb454bdd9f18ad80f545ab4a64a17Peter Major String realm = getRealmFromPolicyAdvice(requestHash);
03e319d6edecb454bdd9f18ad80f545ab4a64a17Peter Major //Policy Advice has precedence over GET parameter
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster utilDebug.message("orgParam is.. :" + orgParam);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // try to get the host name if org or domain Param is null
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if ((orgParam == null) || (orgParam.length() == 0)) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String orgDN = getOrganizationDN(orgParam,false,null);
03e319d6edecb454bdd9f18ad80f545ab4a64a17Peter Major * Parses the policy condition advice and checks for realm advices
03e319d6edecb454bdd9f18ad80f545ab4a64a17Peter Major * @param requestHash Request parameters
03e319d6edecb454bdd9f18ad80f545ab4a64a17Peter Major * @return realm defined in the policy advice, if defined - or nullđ
03e319d6edecb454bdd9f18ad80f545ab4a64a17Peter Major * @throws IllegalArgumentException if more than one realm is defined within
03e319d6edecb454bdd9f18ad80f545ab4a64a17Peter Major * the advice
03e319d6edecb454bdd9f18ad80f545ab4a64a17Peter Major * @see com.sun.identity.authentication.util.AMAuthUtils
03e319d6edecb454bdd9f18ad80f545ab4a64a17Peter Major private static String getRealmFromPolicyAdvice(Hashtable<String, String> requestHash) {
03e319d6edecb454bdd9f18ad80f545ab4a64a17Peter Major String advice = requestHash.get(COMPOSITE_ADVICE);
03e319d6edecb454bdd9f18ad80f545ab4a64a17Peter Major String decodedXml = URLDecoder.decode(advice, "UTF-8");
03e319d6edecb454bdd9f18ad80f545ab4a64a17Peter Major utilDebug.error("Unable to URLdecode condition advice using UTF-8");
03e319d6edecb454bdd9f18ad80f545ab4a64a17Peter Major * Parses the policy condition advice and checks for realm advices
03e319d6edecb454bdd9f18ad80f545ab4a64a17Peter Major * @param advice The policy advice XML
03e319d6edecb454bdd9f18ad80f545ab4a64a17Peter Major * @return realm defined in the policy advice, if defined - or nullđ
03e319d6edecb454bdd9f18ad80f545ab4a64a17Peter Major * @throws IllegalArgumentException if more than one realm is defined within
03e319d6edecb454bdd9f18ad80f545ab4a64a17Peter Major * the advice
03e319d6edecb454bdd9f18ad80f545ab4a64a17Peter Major * @see com.sun.identity.authentication.util.AMAuthUtils
03e319d6edecb454bdd9f18ad80f545ab4a64a17Peter Major public static String getRealmFromPolicyAdvice(String advice) {
03e319d6edecb454bdd9f18ad80f545ab4a64a17Peter Major Map<String, Set<String>> adviceMap = PolicyUtils.parseAdvicesXML(advice);
03e319d6edecb454bdd9f18ad80f545ab4a64a17Peter Major for (Map.Entry<String, Set<String>> entry : adviceMap.entrySet()) {
03e319d6edecb454bdd9f18ad80f545ab4a64a17Peter Major if (key.equals(AuthSchemeCondition.AUTHENTICATE_TO_REALM_CONDITION_ADVICE)) {
03e319d6edecb454bdd9f18ad80f545ab4a64a17Peter Major //AMAuthUtils is not present at DAS, so let's parse
03e319d6edecb454bdd9f18ad80f545ab4a64a17Peter Major //the advice manually
03e319d6edecb454bdd9f18ad80f545ab4a64a17Peter Major } else if (tmpRealm != null && !realm.equalsIgnoreCase(tmpRealm)) {
03e319d6edecb454bdd9f18ad80f545ab4a64a17Peter Major //NB: this method is also used when the engine wants
03e319d6edecb454bdd9f18ad80f545ab4a64a17Peter Major //to show the error page from the correct realm, hence
03e319d6edecb454bdd9f18ad80f545ab4a64a17Peter Major //this will fail twice, resulting in a generic error
03e319d6edecb454bdd9f18ad80f545ab4a64a17Peter Major throw new IllegalArgumentException("More than one realm defined in the Policy Advice");
03e319d6edecb454bdd9f18ad80f545ab4a64a17Peter Major utilDebug.error("Unable to parse policy condition advices", pe);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // Check whether the request is coming to the server who created the
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // original Auth request or session
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public static boolean isLocalServer(String cookieURL, boolean isServer) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster boolean local = false;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster utilDebug.message("This server URL : " + urlStr);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster utilDebug.message("Server URL from cookie : " + cookieURL);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (!local && isServer && (cookieURL != null)) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster tmpCookieURL = cookieURL.substring(0,uriIndex) +
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster Vector platformList = WebtopNaming.getPlatformServerList();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster utilDebug.message("search CookieURL : " + tmpCookieURL);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // if cookie URL is not in the Platform server list then
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // consider as new authentication for that local server
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster utilDebug.message("Error isLocalServer : " + e.getMessage());
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // Check whether the request is coming to the server who created the
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // original Auth request or session
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // This method needs to be merged with the one above.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public static boolean isLocalServer(String cookieURL, String inputURI) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster tmpCookieURL = cookieURL.substring(0,uriIndex);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster return (isLocalServer(tmpCookieURL+serviceURI, true));
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public static boolean isServerMemberOfLocalSite(String cookieURL) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster boolean isSiteMember = false;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String localSiteID = WebtopNaming.getSiteID(WebtopNaming.getAMServerID());
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster utilDebug.warning("AuthClientUtils::isServerMemberOfLocalSite:" +
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster "unable to determine local site id: " + WebtopNaming.getAMServerID());
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster return false;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String localSiteName = WebtopNaming.getSiteNameById(localSiteID);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster Set distAuthForSite = distAuthSitesMap.get(localSiteName);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster utilDebug.warning("AuthClientUtils::isServerMemberOfLocalSite:" +
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster "unable to determine distAuthForSite: " + localSiteName);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster return false;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster utilDebug.message("AuthClientUtils::isServerMemberOfLocalSite:" +
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster "local URL " + cookieURL + " found in local site " +
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster utilDebug.error("AuthClientUtils::isServerMemberOfLocalSite: ", ex);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Sends the request to the original Auth server and receives the result
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param request HttpServletRequest to be sent
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param response HttpServletResponse to be received
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param cookieURL URL of the original authentication server to be
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @return HashMap of the result data from the original server's response
9a8a88c1867d7f60df76cdfbf10606db698b63fePeter Major public static Map<String, Object> sendAuthRequestToOrigServer(HttpServletRequest request,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster HttpServletResponse response, String cookieURL) {
9a8a88c1867d7f60df76cdfbf10606db698b63fePeter Major Map<String, Object> origRequestData = new HashMap<String, Object>();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // Print request Headers
9a8a88c1867d7f60df76cdfbf10606db698b63fePeter Major Enumeration<String> requestHeaders = request.getHeaderNames();
9a8a88c1867d7f60df76cdfbf10606db698b63fePeter Major Enumeration value = (Enumeration) request.getHeaders(name);
9a8a88c1867d7f60df76cdfbf10606db698b63fePeter Major utilDebug.message("Header name = " + name + " Value = " + value);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // Open URL connection
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster authURL = new URL(cookieURL + "?" + queryString);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster utilDebug.message("Connecting to : " + authURL);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster conn = HttpURLConnectionManager.getConnection(authURL);
9a8a88c1867d7f60df76cdfbf10606db698b63fePeter Major conn.setRequestProperty(ISAuthConstants.ACCEPT_LANG_HEADER,
9a8a88c1867d7f60df76cdfbf10606db698b63fePeter Major request.getHeader(ISAuthConstants.ACCEPT_LANG_HEADER));
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // We should preserve the original host, so the target server will also see the accessed URL
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // If we don't do this the server might going to deny the request because of invalid domain access.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster conn.setRequestProperty("Host", request.getHeader("host"));
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // replay cookies
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster utilDebug.message("Sending cookies : " + strCookies);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // Sending Output to Original Auth server...
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster //First we should find out what GET parameters do we have.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster Map<String, Set<String>> queryParams = new HashMap<String, Set<String>>();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster Set<String> values = queryParams.get(paramName);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster "Content-Type", "application/x-www-form-urlencoded");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // merged parameter list containing both GET and POST parameters
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster Map<String, String[]> params = request.getParameterMap();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster Map<String, Set<String>> postParams = new HashMap<String, Set<String>>();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster for (Map.Entry<String, String[]> entry : params.entrySet()) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // TODO: do we need to care about params that can be both in GET and POST?
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster postParams.put(entry.getKey(), new HashSet<String>(Arrays.asList(entry.getValue())));
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster utilDebug.message("Request data : " + postData);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster pw.print(postData); // here we "send" the request body
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // Receiving input from Original Auth server...
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster utilDebug.message("Response Code: " + conn.getResponseCode());
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // Check response code
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (conn.getResponseCode() == HttpURLConnection.HTTP_OK) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // Input from Original servlet...
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster new InputStreamReader(conn.getInputStream(), "UTF-8"));
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster while ((len = in.read(buf,0,buf.length)) != -1) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster utilDebug.message("Received response data : " + in_string);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster utilDebug.warning("Response code for proxied auth is NOT OK");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String client_type = conn.getHeaderField("AM_CLIENT_TYPE");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster origRequestData.put("AM_CLIENT_TYPE", client_type);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String redirect_url = conn.getHeaderField("Location");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster utilDebug.message("Relative redirect detected");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster //relative redirect happened
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster redirect_url = (path != null ? path : "") + (query != null ? "?" + gotoURL.getQuery() : "");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster utilDebug.message("sendAuthRequestToOrigServer(): Setting redirect URL to: " + redirect_url);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster origRequestData.put("AM_REDIRECT_URL", redirect_url);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster //fallback to original handling
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster origRequestData.put("AM_REDIRECT_URL", redirect_url);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String content_type = conn.getHeaderField("Content-Type");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster origRequestData.put("CONTENT_TYPE", content_type);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster origRequestData.put("RESPONSE_CODE", conn.getResponseCode());
9a8a88c1867d7f60df76cdfbf10606db698b63fePeter Major //replay received headers to the original response
9a8a88c1867d7f60df76cdfbf10606db698b63fePeter Major copyResponseHeaders(conn.getHeaderFields(), response);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster //the catcher will log the exception
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster private static boolean isSameServer(URL url1, URL url2) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster int port1 = url1.getPort() != -1 ? url1.getPort() : url1.getDefaultPort();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster int port2 = url2.getPort() != -1 ? url2.getPort() : url2.getDefaultPort();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster return url1.getProtocol().equals(url2.getProtocol())
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster && url1.getHost().equalsIgnoreCase(url2.getHost())
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster private static void copyRequestHeaders(HttpServletRequest request, HttpURLConnection conn) {
87972b3af5f1ec9cbd4710e97f883dfe34b27783Peter Major utilDebug.message("AuthClientUtils.copyRequestHeaders: starting to copy request headers");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster Enumeration<String> headerNames = request.getHeaderNames();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (headerName != null && RETAINED_HTTP_REQUEST_HEADERS.contains(headerName.toLowerCase())) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster Enumeration<String> values = request.getHeaders(headerName);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster utilDebug.message("Copying header for proxied request: " + headerName + ": " + value);
9a8a88c1867d7f60df76cdfbf10606db698b63fePeter Major private static void copyResponseHeaders(Map<String, List<String>> headers, HttpServletResponse response) {
9a8a88c1867d7f60df76cdfbf10606db698b63fePeter Major for (Map.Entry<String, List<String>> entry : headers.entrySet()) {
9a8a88c1867d7f60df76cdfbf10606db698b63fePeter Major if (headerName != null && RETAINED_HTTP_HEADERS.contains(headerName.toLowerCase())) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // Gets the request form data in the form of string
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster private static String getFormData(Map<String, Set<String>> params) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster for (Map.Entry<String, Set<String>> entry : params.entrySet()) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // Get cookies string from HTTP request object
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster private static String getCookiesString(HttpServletRequest request) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // Process Cookies
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster for (int nCookie = 0; nCookie < cookies.length; nCookie++) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Sets server cookie to <code>HttpServletResponse</code> object
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param aCookie auth context associated with lb cookie
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param response <code>true</code> if it is persistent
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @throws AuthException if it fails to create pcookie
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public static void setServerCookie(Cookie aCookie,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster HttpServletRequest request, HttpServletResponse response)
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (cookieName != null && cookieName.length() != 0) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster for (Iterator it = domains.iterator(); it.hasNext(); ) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster Cookie cookie = createCookie(cookieName, cookieValue,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster CookieUtils.addCookieToResponse(response, cookie);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Sets the redirectBackUrlCookie to be set as OpenSSO
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * server URL when redirecting to external web site during authentication
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param cookieName auth context associated with lb cookie
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param cookieValue auth context associated with lb cookie
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param response <code>true</code> if it is persistent
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @throws AuthException if it fails to create this cookie
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public static void setRedirectBackServerCookie(String cookieName,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String cookieValue, HttpServletRequest request,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster HttpServletResponse response) throws AuthException {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (cookieName != null && cookieName.length() != 0) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster for (Iterator it = domains.iterator(); it.hasNext(); ) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster Cookie cookie = createCookie(cookieName, cookieValue,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster CookieUtils.addCookieToResponse(response, cookie);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Clears server cookie.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param cookieName Cookie Name.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param response HTTP Servlet Response.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public static void clearServerCookie(String cookieName,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster HttpServletRequest request, HttpServletResponse response) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster utilDebug.message("In clear server Cookie = " + cookieName);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (cookieName != null && cookieName.length() != 0) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster for (Iterator it = domains.iterator(); it.hasNext(); ) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster createPersistentCookie(cookieName, "LOGOUT", 0, domain);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster utilDebug.message("In clear server Cookie added cookie");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster createPersistentCookie(cookieName, "LOGOUT", 0, null));
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster utilDebug.message("In clear server added cookie no domain");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // Returns Query String from request parameters Map
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public static String getQueryStrFromParameters(Map paramMap) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster boolean first = true;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster for (Iterator i = paramMap.entrySet().iterator(); i.hasNext(); ) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Checks whether OpenSSO session cookie has to be made
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * persistent.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Only if value of <code>true</code> is providued for HTTP query
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * parameter <code>Constants.PERSIST_AM_COOKIE</code> and this property is
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * enabled or if persistent cookies are set globally.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * If either of these are true, AM session cookie will be made persistent
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param reqDataHash http request parameters and values
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @return <code>true</code> if AM session cookie has to be made persistent,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * otherwise returns <code>false</code>
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public static boolean persistAMCookie(Hashtable reqDataHash) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String globalPersistCookieString = SystemProperties.get(
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster Boolean.valueOf(globalPersistCookieString).booleanValue();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster utilDebug.message("AuthUtils.persistAMCookie(): Set globally ");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster return true;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster boolean persistCookie = false;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster = (String)reqDataHash.get(Constants.PERSIST_AM_COOKIE);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String allowRequestPersistString = SystemProperties.get(
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster Boolean.valueOf(allowRequestPersistString).booleanValue();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (allowRequestPersist && (persistCookieString != null)) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster = (Boolean.valueOf(persistCookieString)).booleanValue();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster utilDebug.message("AuthUtils.persistAMCookie(): " + persistCookie);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Returns true if the request has the ForceAuth=<code>true</code>
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * query parameter or composite advise.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @return true if this parameter is present otherwise false.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public static boolean forceAuthFlagExists(Hashtable reqDataHash) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String force = (String) reqDataHash.get("ForceAuth");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster boolean forceFlag = (Boolean.valueOf(force)).booleanValue();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster utilDebug.message("AuthUtils.forceFlagExists : " + forceFlag);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (forceFlag == false) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if ( reqDataHash.get(Constants.COMPOSITE_ADVICE) != null ) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Returns true if the composite Advice has the ForceAuth element
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @return true if this parameter is present otherwise false.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public static boolean checkForForcedAuth(String xmlCompositeAdvice) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster boolean returnForcedAuth = false;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String decodedAdviceXML = URLDecoder.decode(xmlCompositeAdvice);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster Map adviceMap = PolicyUtils.parseAdvicesXML(decodedAdviceXML);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster utilDebug.message("AuthUtils.checkForForcedAuth : decoded XML "
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster utilDebug.message("AuthUtils.checkForForcedAuth : result Map = "
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster } catch (com.sun.identity.policy.PolicyException polExp) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster utilDebug.error("AuthUtils.checkForForcedAuth : Error in "
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster utilDebug.message("AuthUtils.checkForForcedAuth: returnForcedAuth"+
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Returns the service URI
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @return a String the Service URI
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster return SystemProperties.get(Constants.AM_SERVICES_DEPLOYMENT_DESCRIPTOR);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster return SystemProperties.get(Constants.AM_DISTAUTH_DEPLOYMENT_DESCRIPTOR);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public static void setHostUrlCookie(HttpServletResponse response) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster hostUrlCookieValue = WebtopNaming.getServerFromID(siteID);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster hostUrlCookieValue = hostUrlCookieValue.substring(0,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster utilDebug.message("AuthClientUtils.setHostUrlCookie:", e);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String authServerProtocol = SystemProperties.get(
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster hostUrlCookieValue = authServerProtocol + "://" +
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster utilDebug.message("AuthClientUtils.setHostUrlCookie: " +
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster ", hostUrlCookieDomain = " + hostUrlCookieDomain +
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster ", hostUrlCookieValue = " + hostUrlCookieValue);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // Create Cookie
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster Cookie cookie = createCookie(hostUrlCookieName,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster CookieUtils.addCookieToResponse(response, cookie);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster utilDebug.message("AuthClientUtils.setHostUrlCookie:", e);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public static void clearHostUrlCookie(HttpServletResponse response) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // Create Cookie
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster Cookie cookie = createCookie(hostUrlCookieName,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster utilDebug.message("AuthClientUtils.clearHostUrlCookie:", e);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public static boolean isDistAuthServerTrusted(String distAuthServerLoginURL){
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster return distAuthClusterList.contains(distAuthServerLoginURL);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Returns the resource URL. The method checks value for "resourceURL"
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * parameter first, if not present, checks value for "goto" parameter.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * If none exists, returns null.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param request HttpServletRequest object
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @return resourceURL based on the query parameters, returns null if
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * resource URL could not be found.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public static String getResourceURL(HttpServletRequest request) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster request.getParameter(ISAuthConstants.GOTO_PARAM);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Returns an environment map which contains all query parameters
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * and HTTP headers. Keys of the map are String, values of the map are
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Sets of String.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param request HttpServletRequest object.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @return environment Map whose key is String, and value is Set of String.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public static Map getEnvMap(HttpServletRequest request) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // add all query parameters
4a5a82da9bbab0a3ea1701c3ae9334c678d24ca5Mark de Reeper String strIP = ClientUtils.getClientIPAddress(request);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster envParameters.put(ISAuthConstants.REQUEST_IP,ipSet);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster Enumeration enum1 = request.getParameterNames();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String paramName = (String) enum1.nextElement();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String[] values = request.getParameterValues(paramName);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // add all headers
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Returns unescaped text. This method replaces "|" with "|".
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param text String to be unescaped.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @return unescape special character text.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public static String unescapePipe(String text) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Replaces <code>|</code> with "|".
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @return String with the special "|" character replaced with "|".
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // escape "|" as it will be used as separator
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (i != -1) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster for (; i < len; i++) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Returns the data from Realm qualified data. This could be authentication
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * scheme or authentication level or service.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param realmQualifedData Realm qualified data. This could be Realm
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * qualified authentication scheme or authentication level or service.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @return String representing data. This could be authentication
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * scheme or authentication level or service.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public static String getDataFromRealmQualifiedData(
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (realmQualifedData != null && realmQualifedData.length() != 0) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster int index = realmQualifedData.indexOf(ISAuthConstants.COLON);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster data = realmQualifedData.substring(index + 1).trim();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster utilDebug.message("realmQualifedData : " + realmQualifedData );
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster utilDebug.message("DataFromRealmQualifiedData : " + data );
2cdbc4fc62ed8b9c2c8ef660adc4fe0188b65407Neil Madden * Determines whether Zero Page Login (ZPL) should be allowed for this request. This includes checking whether
2cdbc4fc62ed8b9c2c8ef660adc4fe0188b65407Neil Madden * ZPL is enabled for this AuthContext and, if so, whether the HTTP Referer header on the request matches the
2cdbc4fc62ed8b9c2c8ef660adc4fe0188b65407Neil Madden * ZPL whitelist. POST requests are always enabled, but are still subject to the Referer whitelist.
2cdbc4fc62ed8b9c2c8ef660adc4fe0188b65407Neil Madden * @param config the ZPL configuration.
2cdbc4fc62ed8b9c2c8ef660adc4fe0188b65407Neil Madden * @param request the HTTP request.
2cdbc4fc62ed8b9c2c8ef660adc4fe0188b65407Neil Madden * @return true if ZPL is allowed, otherwise false.
2cdbc4fc62ed8b9c2c8ef660adc4fe0188b65407Neil Madden public static boolean isZeroPageLoginAllowed(ZeroPageLoginConfig config, HttpServletRequest request) {
2cdbc4fc62ed8b9c2c8ef660adc4fe0188b65407Neil Madden final boolean isPost = "POST".equalsIgnoreCase(request.getMethod());
2cdbc4fc62ed8b9c2c8ef660adc4fe0188b65407Neil Madden return false;
2cdbc4fc62ed8b9c2c8ef660adc4fe0188b65407Neil Madden final String referer = request.getHeader(HTTP_REFERER);
2cdbc4fc62ed8b9c2c8ef660adc4fe0188b65407Neil Madden final Set<String> whitelist = config.getRefererWhitelist();
2cdbc4fc62ed8b9c2c8ef660adc4fe0188b65407Neil Madden return whitelist.isEmpty() || whitelist.contains(referer);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster private static String getCharDecodedField(String strIn, String charset,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // Translate the individual field values in the encoding value.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // Do not use getBytes() instead convert unicode into bytes by
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // casting. Using getBytes() results in conversion into platform
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // encoding. It appears to work in C locale because default
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // encoding is 8859-1 but fails in other locales like Japanese,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster while (i < len) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster byte b = (byte) carr[i];
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (charset == null || charset.length() == 0) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster debug.error("AuthClientUtils.getCharDecodedField():", ex);