d0da70ccbba38b773e7a7cc71bc124b06206d201Robert Wapshott * The contents of this file are subject to the terms of the Common Development and
d0da70ccbba38b773e7a7cc71bc124b06206d201Robert Wapshott * Distribution License (the License). You may not use this file except in compliance with the
d0da70ccbba38b773e7a7cc71bc124b06206d201Robert Wapshott * You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for the
d0da70ccbba38b773e7a7cc71bc124b06206d201Robert Wapshott * specific language governing permission and limitations under the License.
d0da70ccbba38b773e7a7cc71bc124b06206d201Robert Wapshott * When distributing Covered Software, include this CDDL Header Notice in each file and include
d0da70ccbba38b773e7a7cc71bc124b06206d201Robert Wapshott * the License file at legal/CDDLv1.0.txt. If applicable, add the following below the CDDL
d0da70ccbba38b773e7a7cc71bc124b06206d201Robert Wapshott * Header, with the fields enclosed by brackets [] replaced by your own identifying
d0da70ccbba38b773e7a7cc71bc124b06206d201Robert Wapshott * information: "Portions copyright [year] [name of copyright owner]".
e2c8a434054afd7228765bdfb72df3c6117be3b8David Luna * Copyright 2015-2016 ForgeRock AS.
d0da70ccbba38b773e7a7cc71bc124b06206d201Robert Wapshottpackage com.sun.identity.authentication.service;
d0da70ccbba38b773e7a7cc71bc124b06206d201Robert Wapshottimport org.forgerock.guice.core.InjectorHolder;
e2c8a434054afd7228765bdfb72df3c6117be3b8David Lunaimport org.forgerock.openam.sso.providers.stateless.StatelessSession;
d0da70ccbba38b773e7a7cc71bc124b06206d201Robert Wapshottimport org.forgerock.openam.sso.providers.stateless.StatelessSessionFactory;
d0da70ccbba38b773e7a7cc71bc124b06206d201Robert Wapshottimport org.forgerock.util.annotations.VisibleForTesting;
d78764efc954da87cd81023cc846a6a5af360d95Robert Wapshottimport com.iplanet.dpro.session.SessionException;
d78764efc954da87cd81023cc846a6a5af360d95Robert Wapshottimport com.iplanet.dpro.session.service.InternalSession;
d78764efc954da87cd81023cc846a6a5af360d95Robert Wapshottimport com.iplanet.dpro.session.service.SessionService;
d78764efc954da87cd81023cc846a6a5af360d95Robert Wapshottimport com.iplanet.dpro.session.share.SessionInfo;
d0da70ccbba38b773e7a7cc71bc124b06206d201Robert Wapshott * Creates stateless sessions after authentication.
d0da70ccbba38b773e7a7cc71bc124b06206d201Robert Wapshottclass StatelessSessionActivator extends DefaultSessionActivator {
d0da70ccbba38b773e7a7cc71bc124b06206d201Robert Wapshott static final StatelessSessionActivator INSTANCE = new StatelessSessionActivator();
d0da70ccbba38b773e7a7cc71bc124b06206d201Robert Wapshott private volatile StatelessSessionFactory statelessSessionFactory;
d0da70ccbba38b773e7a7cc71bc124b06206d201Robert Wapshott StatelessSessionActivator(final StatelessSessionFactory statelessSessionFactory) {
d0da70ccbba38b773e7a7cc71bc124b06206d201Robert Wapshott this.statelessSessionFactory = statelessSessionFactory;
e2c8a434054afd7228765bdfb72df3c6117be3b8David Luna public boolean activateSession(final LoginState loginState, final SessionService sessionService,
e2c8a434054afd7228765bdfb72df3c6117be3b8David Luna final InternalSession authSession, final Subject subject, final Object loginContext)
e2c8a434054afd7228765bdfb72df3c6117be3b8David Luna DEBUG.message("Cannot force auth stateless sessions.");
e2c8a434054afd7228765bdfb72df3c6117be3b8David Luna throw new AuthException(AMAuthErrorCode.STATELESS_FORCE_FAILED, null);
e2c8a434054afd7228765bdfb72df3c6117be3b8David Luna //set our old session -- necessary as if the currently owned token is stateless this won't be set
e2c8a434054afd7228765bdfb72df3c6117be3b8David Luna SessionID sid = new SessionID(loginState.getHttpServletRequest());
d78764efc954da87cd81023cc846a6a5af360d95Robert Wapshott SessionInfo info = getStatelessSessionFactory().getSessionInfo(sid);
e2c8a434054afd7228765bdfb72df3c6117be3b8David Luna oldSession = getStatelessSessionFactory().generate(info);
e2c8a434054afd7228765bdfb72df3c6117be3b8David Luna throw new AuthException(AMAuthErrorCode.SESSION_UPGRADE_FAILED, null);
e2c8a434054afd7228765bdfb72df3c6117be3b8David Luna //create our new session - the loginState needs this session as it's the one we'll be passing back to the user
e2c8a434054afd7228765bdfb72df3c6117be3b8David Luna final InternalSession session = createSession(sessionService, loginState);
e2c8a434054afd7228765bdfb72df3c6117be3b8David Luna return updateSessions(session, loginState, session, authSession, sessionService, subject, loginContext);
d0da70ccbba38b773e7a7cc71bc124b06206d201Robert Wapshott protected InternalSession createSession(SessionService sessionService, LoginState loginState) {
d0da70ccbba38b773e7a7cc71bc124b06206d201Robert Wapshott return sessionService.newInternalSession(loginState.getOrgDN(), null, true);
d0da70ccbba38b773e7a7cc71bc124b06206d201Robert Wapshott protected boolean activateSession(InternalSession session, LoginState loginState) throws SessionException {
d0da70ccbba38b773e7a7cc71bc124b06206d201Robert Wapshott boolean activated = session.activate(loginState.getUserDN(), true);
d0da70ccbba38b773e7a7cc71bc124b06206d201Robert Wapshott // Update the session id in the login state to reflect the activated session
d0da70ccbba38b773e7a7cc71bc124b06206d201Robert Wapshott loginState.setSessionID(getStatelessSessionFactory().generate(session).getID());
d0da70ccbba38b773e7a7cc71bc124b06206d201Robert Wapshott // Make sure that session is never scheduled
e2c8a434054afd7228765bdfb72df3c6117be3b8David Luna oldSession.logout(); //attempt to blacklist the old session
e2c8a434054afd7228765bdfb72df3c6117be3b8David Luna DEBUG.warning("Unable to blacklist old stateless session after session upgrade.");
d0da70ccbba38b773e7a7cc71bc124b06206d201Robert Wapshott private StatelessSessionFactory getStatelessSessionFactory() {