/*
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
*
* Copyright (c) 2005 Sun Microsystems Inc. All Rights Reserved
*
* The contents of this file are subject to the terms
* of the Common Development and Distribution License
* (the License). You may not use this file except in
* compliance with the License.
*
* You can obtain a copy of the License at
* See the License for the specific language governing
* permission and limitations under the License.
*
* When distributing Covered Code, include this CDDL
* Header Notice in each file and include the License file
* at opensso/legal/CDDLv1.0.txt.
* If applicable, add the following below the CDDL Header,
* with the fields enclosed by brackets [] replaced by
* your own identifying information:
* "Portions Copyrighted [year] [name of copyright owner]"
*
* $Id: AuthXMLHandler.java,v 1.20 2009/04/29 18:07:03 qcheng Exp $
*
* Portions Copyrighted 2010-2015 ForgeRock AS.
*/
/**
* <code>AuthXMLHandler</code> class implements the <code>RequestHandler</code>.
* It processes the authentication request from remote client which
* comes in as XML document
*/
private static boolean messageEnabled = false;
private boolean security = false;
private static final SessionServiceURLService SESSION_SERVICE_URL_SERVICE = InjectorHolder.getInstance(SessionServiceURLService.class);
static {
AM_SERVICES_DEPLOYMENT_DESCRIPTOR)+"/authservice";
}
/**
* Creates <code>AuthXMLHandler</code> object
*/
public AuthXMLHandler() {
}
/**
* process the request and return the response
* @param requests Vector of
* <code>com.iplanet.services.comm.server.RequestHandler</code> objects.
* @param servletRequest <code>HttpServletRequest</code>object for
* this request.
* @param servletResponse <code>HttpServletResponse</code> object for this
* request.
* @param servletContext <code>servletContext</code> object for this request
* @return <code>ResponseSet</code> object for the processed request.
*/
public ResponseSet process(PLLAuditor auditor, List<Request> requests, HttpServletRequest servletRequest,
}
return rset;
}
/* process the request */
// this call is to create a http session so that the JSESSIONID cookie
// is created. The appserver(8.1) load balancer plugin relies on the
// JSESSIONID cookie to set its JROUTE sticky cookie.
servletReq.getSession(true);
// Check for mis-routed requests
if (index != -1) {
// Check for mis-routed requests, get server URL for
// AuthIdentifier
if (debug.messageEnabled()) {
}
try {
.append(serviceURI);
}
}
}
// Routing to the correct server, the looks like a mis-routed
// requested.
while (headerNames.hasMoreElements()) {
while (enum1.hasMoreElements()) {
}
}
if (debug.messageEnabled()) {
}
if (debug.messageEnabled()) {
}
try {
}
} catch (Exception e) {
// Attempt to contact server failed
setErrorCode(authResponse, e);
}
}
// Either local request or new request, handle it locally
try {
} catch (AuthException e) {
}
if (authResponse.isException) {
} else {
}
}
/*
* Process the XMLRequest
*/
if (messageEnabled) {
}
if (messageEnabled) {
}
if (authXMLRequest.getValidSessionNoUpgrade()) {
return authResponse;
}
try {
} catch (AuthException auExp) {
return authResponse;
}
if (debug.messageEnabled()) {
}
if (requestType != 0) {
security = true;
if (indexTypeLoc == null) {
}
if (debug.messageEnabled()) {
}
try {
if (debug.messageEnabled()) {
}
// if the token isn't valid, let the client know so they
// retry
if (debug.messageEnabled()) {
}
return authResponse;
} else {
}
} catch (SSOException ssoe) {
// token is unknown to OpenAM, let the client know so they
// can retry
if (debug.messageEnabled()) {
}
return authResponse;
return authResponse;
}
}
}
} else {
security = false;
}
// if index type is level and choice callback has a
// selected choice then start module based authentication.
){
if (messageEnabled) {
}
if (messageEnabled) {
}
if (messageEnabled) {
}
}
}
}
if (loginState != null) {
if (clientRequest != null) {
}
}
switch (requestType) {
case AuthXMLRequest.NewAuthContext:
try {
}
break;
case AuthXMLRequest.Login:
try {
}
if (security) {
if (messageEnabled) {
}
}
}
authContext.login();
//setServletRequest(servletRequest,authContext);
}
break;
case AuthXMLRequest.LoginIndex:
try {
if (messageEnabled) {
}
}
if (security) {
if (messageEnabled) {
}
}
}
if (debug.messageEnabled()) {
}
} else {
}
//setServletRequest(servletRequest,authContext);
}
break;
case AuthXMLRequest.LoginSubject:
try {
//setServletRequest(servletRequest,authContext);
} catch (AuthLoginException ale) {
}
break;
try {
//setServletRequest(servletRequest,authContext);
if (authContext.hasMoreRequirements()) {
}
}
break;
try {
}
}
break;
case AuthXMLRequest.Logout:
//Object loginContext = null;
//InternalSession intSess = null;
//SSOToken token = null;
//boolean logoutCalled = false;
/*intSess = AuthD.getSession(sessionID);
try {
token = SSOTokenManager.getInstance().
createSSOToken(sessionID);
if (debug.messageEnabled()) {
debug.message("AuthXMLHandler."
+ "processAuthXMLRequest: Created token "
+ "during logout = "+token);
}
} catch (com.iplanet.sso.SSOException ssoExp) {
if (debug.messageEnabled()) {
debug.message("AuthXMLHandler.processAuthXMLRequest:"
+ "SSOException checking validity of SSO Token");
}
}*/
try {
if (debug.messageEnabled()) {
+ "SSOException checking validity of SSO Token");
}
}
}
/*if (intSess != null) {
loginContext = intSess.getObject(ISAuthConstants.
LOGIN_CONTEXT);
}
try {
if (loginContext != null) {
if (loginContext instanceof
javax.security.auth.login.LoginContext) {
javax.security.auth.login.LoginContext lc =
(javax.security.auth.login.LoginContext)
loginContext;
lc.logout();
} else {
com.sun.identity.authentication.jaas.LoginContext
jlc = (com.sun.identity.authentication.jaas.
LoginContext) loginContext;
jlc.logout();
}
logoutCalled = true;
}
} catch (javax.security.auth.login.LoginException loginExp) {
debug.error("AuthXMLHandler.processAuthXMLRequest: "
+ "Cannot Execute module Logout", loginExp);
}
Set postAuthSet = null;
if (intSess != null) {
postAuthSet = (Set) intSess.getObject(ISAuthConstants.
POSTPROCESS_INSTANCE_SET);
}
if ((postAuthSet != null) && !(postAuthSet.isEmpty())) {
AMPostAuthProcessInterface postLoginInstance=null;
for(Iterator iter = postAuthSet.iterator();
iter.hasNext();) {
try {
postLoginInstance =
(AMPostAuthProcessInterface) iter.next();
postLoginInstance.onLogout(servletRequest,
servletResponse, token);
} catch (Exception exp) {
debug.error("AuthXMLHandler.processAuthXMLRequest: "
+ "Failed in post logout.", exp);
}
}
} else {
String plis = null;
if (intSess != null) {
plis = intSess.getProperty(
ISAuthConstants.POST_AUTH_PROCESS_INSTANCE);
}
if (plis != null && plis.length() > 0) {
StringTokenizer st = new StringTokenizer(plis, "|");
if (token != null) {
while (st.hasMoreTokens()) {
String pli = (String)st.nextToken();
try {
AMPostAuthProcessInterface postProcess =
(AMPostAuthProcessInterface)
Thread.currentThread().
getContextClassLoader().
loadClass(pli).newInstance();
postProcess.onLogout(servletRequest,
servletResponse, token);
} catch (Exception e) {
debug.error("AuthXMLHandler."
+ "processAuthXMLRequest:" + pli, e);
}
}
}
}
}
try {
boolean isTokenValid = SSOTokenManager.getInstance().
isValidToken(token);
if ((token != null) && isTokenValid) {
AuthD.getAuth().logLogout(token);
Session session = Session.getSession(
new SessionID(sessionID));
session.logout();
debug.message("logout successful.");
}
} catch (com.iplanet.dpro.session.SessionException
sessExp) {
if (debug.messageEnabled()) {
debug.message("AuthXMLHandler."
+ "processAuthXMLRequest: SessionException"
+ " checking validity of SSO Token");
}
} catch (com.iplanet.sso.SSOException ssoExp) {
if (debug.messageEnabled()) {
debug.message("AuthXMLHandler."
+ "processAuthXMLRequest: SSOException "
+ "checking validity of SSO Token");
}
}*/
break;
case AuthXMLRequest.Abort:
try {
authContext.abort();
} catch (AuthLoginException ale) {
}
break;
}
if (messageEnabled) {
if (authContext != null) {
}
}
getResBundle("amAuthLDAP",
loginState.getLocale())).
}
}
}
//Account Lockout Warning Check
}
}
}
return authResponse;
}
}
}
if (loginState != null) {
}
}
}
}
switch (requestType) {
case AuthXMLRequest.NewAuthContext:
return "NewAuthContext";
case AuthXMLRequest.Login:
return "Login";
case AuthXMLRequest.LoginIndex:
return "LoginIndex";
case AuthXMLRequest.LoginSubject:
return "LoginSubject";
return "SubmitRequirements";
return "QueryInformation";
case AuthXMLRequest.Logout:
return "Logout";
case AuthXMLRequest.Abort:
return "Abort";
default:
return "unknown";
}
}
/*
* Process the new http request
*/
private void processNewRequest(
) throws AuthException {
if ( authContext == null ) {
throw new AuthException(
}
}
/*
* reset the auth identifier, in case a status change(auth succeeds)
* will cause sid change from that of HttpSession to InternalSession.
*/
}
if (messageEnabled) {
}
}
/*
* Gets the next http request parameter
*/
if (st.hasMoreTokens()) {
}
}
return retStr;
}
/*
* process callbacks
*/
private void processRequirements(
}
boolean allCallbacksAreSet = true;
while (authContext.hasMoreRequirements()) {
if (reqdCallbacks[i] instanceof X509CertificateCallback) {
if (loginState != null) {
certCallback.setReqSignature(false);
} else {
allCallbacksAreSet = false;
}
}
} else {
if (reqdCallbacks[i] instanceof NameCallback) {
if (messageEnabled) {
}
} else {
allCallbacksAreSet = false;
break;
}
} else if (reqdCallbacks[i] instanceof PasswordCallback) {
if (messageEnabled) {
}
} else {
allCallbacksAreSet = false;
break;
}
} else {
allCallbacksAreSet = false;
}
}
// add more callbacks if required
}
}
allCallbacksAreSet = false;
}
if (allCallbacksAreSet) {
if (messageEnabled) {
}
} else {
break;
}
}
if (!authContext.hasMoreRequirements()) {
if (messageEnabled) {
}
}
}
/*
* Check for the AuthContext Exceptions
*/
private void checkACException(
return;
}
/*
* this code does not allow client to remotely select locale.
* but this is a problem comes with the AuthContext API, cannot
* be simply solved here.
*/
) {
}
authResponse.setIsException(true);
}
/*
* Set the error code
*/
if (e == null) {
return;
}
if (e instanceof L10NMessage) {
} else {
}
authResponse.setIsException(true);
}
/*
* Get the error code
*/
}
return errorCode;
}
if (debug.messageEnabled()) {
}
}
// Returns environment Map based on input environment List values
// each value takes following format:
// env-name|value1|value2|....
return null;
}
for (int i = 0; i < size; i++) {
if (tokens.hasMoreTokens()) {
}
while (tokens.hasMoreTokens()) {
}
}
}
return map;
}
} // end class