AuthClientUtils.java revision 8d3140b524c0e28c0a49dc7c7d481123ef3cfe11
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Copyright (c) 2005 Sun Microsystems Inc. All Rights Reserved
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * The contents of this file are subject to the terms
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * of the Common Development and Distribution License
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * (the License). You may not use this file except in
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * compliance with the License.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * You can obtain a copy of the License at
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * https://opensso.dev.java.net/public/CDDLv1.0.html or
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * See the License for the specific language governing
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * permission and limitations under the License.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * When distributing Covered Code, include this CDDL
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Header Notice in each file and include the License file
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * If applicable, add the following below the CDDL Header,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * with the fields enclosed by brackets [] replaced by
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * your own identifying information:
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * "Portions Copyrighted [year] [name of copyright owner]"
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * $Id: AuthClientUtils.java,v 1.40 2010/01/22 03:31:01 222713 Exp $
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Portions Copyrighted 2010-2014 ForgeRock AS.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.iplanet.dpro.session.SessionException;
public class AuthClientUtils {
private static boolean setRequestEncoding = false;
private static final boolean urlRewriteInPath =
private static final boolean isVersionHeaderEnabled =
private static boolean setCookieToAllDomains = true;
private static boolean isSessionHijackingEnabled =
if (isClientDetectionEnabled()) {
setCookieToAllDomains = false;
} catch (Exception e) {
e.toString());
protected AuthClientUtils() {
return (data);
return (logoutCookie);
new EncodeAction(
} catch (Exception e) {
return (logout_cookie );
return (queryOrg);
} catch (Exception e) {
} catch (Exception e) {
+ e.getMessage());
return (cookie);
return (errorMessage);
return (errorTemplate);
} catch (Exception e) {
+ e.toString());
return (null);
return (null);
boolean isCookieSupported) {
return (logoutURL);
//Let's check the URL first in case this is a forwarded request from Federation. URL should have precedence
//over the actual cookie value, so this way a new federated auth can always start with a clear auth session.
return sessionID;
if (isGetRequest) {
return (sessionID);
boolean newSessionArgExists =
return (newSessionArgExists);
return (indexType);
} catch (Exception e) {
return (indexName);
return (indexName);
return (firstIndexName);
} catch (Exception e) {
public static boolean checkSessionUpgrade(
boolean upgrade = false;
upgrade = true;
upgrade = true;
upgrade = true;
upgrade = true;
upgrade = true;
upgrade = true;
} catch (Exception e) {
return (upgrade);
* @return <code>true</code> if the request corresponds to a session upgrade or ForceAuth, <code>false</code>
if (!isForceAuth) {
return isForceAuth;
return cookieURL;
return null;
return cookieURL;
public static boolean isClientDetectionEnabled() {
boolean clientDetectionEnabled = false;
return (clientDetectionEnabled);
return (getDefaultClientType());
} catch (Exception e) {
+ e.toString());
return (defaultClientType);
return (defaultClient);
return null;
return (null);
if (isClientDetectionEnabled()) {
return (charset);
return (DEFAULT_FILE_PATH);
return (filePath);
return (DEFAULT_CONTENT_TYPE);
return (contentType);
return (DEFAULT_COOKIE_SUPPORT);
return (cookieSup);
return (setCookie);
return (setCookie);
boolean cookieDetect
return (cookieDetect);
return (clientURL);
return (rewriteURL);
return (dsameVersion);
public static boolean isVersionHeaderEnabled() {
return isVersionHeaderEnabled;
return (authCookieName);
return (distAuthCookieName);
return (cookieName);
return (persistentCookieName);
return loadBalanceCookieName;
} catch (Exception e) {
return (null);
return cookieDomains;
if (setCookieToAllDomains) {
return allDomains;
+ domains);
return domains;
} catch (Exception e) {
return (orgName);
boolean noQueryParam=false;
noQueryParam= true;
return (orgDN);
return orgParam;
return (in);
if (retVal) {
return (retVal);
return (requestURL);
return (hostname);
return (urlString);
boolean ignore = false;
ignore = true;
return ignore;
+ queryParams);
value =
} catch (Exception e) {
+ e.toString());
return (ssoToken);
return (ssoToken);
boolean isTimedOut = false;
isTimedOut = false;
} catch (Exception e) {
isTimedOut = true;
return isTimedOut;
return (errorMsg);
return (templateName);
return (null);
boolean cookieSupported = true;
cookieSupported = false;
return (cookieSupported);
boolean cookieSet = false;
cookieSet = true;
return (cookieSet);
return (pCookie);
lbCookie =
return (lbCookie);
} catch (Exception e) {
} catch (Exception e) {
+ e.getMessage());
return (cookie);
return (url);
if (urlRewriteInPath) {
return(encodedURL);
return (encodedURL);
} catch (Exception e) {
return (templateFile);
return (rootSuffix);
return (fileRoot);
return (null);
return (charsetFilename);
return (resourceName);
public static String getFilePath(HttpServletRequest request, AuthContext.IndexType indexType, String indexName) {
return null;
// To avoid issues with case-sensitive filesystems, always use the lowercase version of the serviceName
return newFilePath;
orgName);
return (orgPath);
} catch (Exception e) {
return (templateFile);
//Let's check the URL first in case this is a forwarded request from Federation. URL should have precedence
//over the actual cookie value, so this way a new federated auth can always start with a clear auth session.
return orgDN;
return null;
return null;
return realm;
boolean local = false;
local = true;
+ platformList);
local = true;
} catch (Exception e) {
return (local);
boolean isSiteMember = false;
isSiteMember = true;
isSiteMember = true;
isSiteMember = true;
return isSiteMember;
int len;
} catch (Exception e) {
return (origRequestData);
private static void copyResponseHeaders(Map<String, List<String>> headers, HttpServletResponse response) {
return (strCookies);
throws AuthException {
domain);
domain);
boolean first = true;
if (first) {
first = false;
boolean globalPersist =
if (globalPersist) {
boolean persistCookie = false;
boolean allowRequestPersist =
return persistCookie;
if (forceFlag == false) {
return forceFlag;
boolean returnForcedAuth = false;
+ adviceMap);
returnForcedAuth = true;
return returnForcedAuth;
if (isSessionHijackingEnabled) {
} catch(ServerEntryNotFoundException e) {
} catch (Exception e) {
if (isSessionHijackingEnabled) {
} catch (Exception e) {
return resourceUrl;
return envParameters;
for (; i < len; i++) {
return text;
return data;
* Determines whether Zero Page Login (ZPL) should be allowed for this request. This includes checking whether
* ZPL is enabled for this AuthContext and, if so, whether the HTTP Referer header on the request matches the
public static boolean isZeroPageLoginAllowed(ZeroPageLoginConfig config, HttpServletRequest request) {
return strIn;
while (i < len) {
byte b = (byte) carr[i];
return strOut;