/**
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
*
* Copyright (c) 2006 Sun Microsystems Inc. All Rights Reserved
*
* The contents of this file are subject to the terms
* of the Common Development and Distribution License
* (the License). You may not use this file except in
* compliance with the License.
*
* You can obtain a copy of the License at
* See the License for the specific language governing
* permission and limitations under the License.
*
* When distributing Covered Code, include this CDDL
* Header Notice in each file and include the License file
* at opensso/legal/CDDLv1.0.txt.
* If applicable, add the following below the CDDL Header,
* with the fields enclosed by brackets [] replaced by
* your own identifying information:
* "Portions Copyrighted [year] [name of copyright owner]"
*
* $Id: SessionCondition.java,v 1.4 2008/06/25 05:43:52 qcheng Exp $
*
*/
/*
* Portions Copyright 2014 ForgeRock AS
*/
/**
* The class <code>SessionCondition</code> is a plugin implementation
* of <code>Condition</code>. This lets you define the maximum
* user session time during which a policy applies. There is an option
* to terminate the user session if the session time exceeds the
* maximum allowed.
*
* @deprecated Use {@link org.forgerock.openam.entitlement.conditions.environment.SessionCondition} instead.
*/
/**
* Key that is used to define the user session creation time
* of the request. This is passed in to the <code>env</code> parameter while
* invoking <code>getConditionDecision</code> method of the
* <code>SessionCondition</code>. Value for the key should be a
* <code>Long</code> whose value is time in milliseconds since epoch.
*/
"requestSessionCreationTime";
/**
* Key that is used to identify the advice messages from this
* condition.
*/
"SessionConditionAdvice";
/**
* Key that is used in the <code>Advice</code> to identify the session was
* terminated.
*/
/**
* Key that is used in the <code>Advice</code> to identify the condition
* decision is <code>deny</code>.
*/
"session_condition_true_value";
"session_condition_false_value";
private long maxSessionTime;
private boolean terminateSession;
static {
}
/**
* No argument constructor.
*/
public SessionCondition() {
}
/**
* Gets a list of property names for the condition.
*
* @return list of property names
*/
return (new ArrayList(propertyNames));
}
/**
* Gets the <code>Syntax</code> for a property name.
*
* @param property property name
* @return <code>Syntax<code> for the property name
*
* @see com.sun.identity.policy.Syntax
*/
return Syntax.SINGLE_CHOICE;
}
}
/**
* Gets the display name for the property name.
* The locale variable could be used by the plugin to
* customize the display name for the given locale.
* The locale variable could be null, in which
* case the plugin must use the default locale.
*
* @param property property name
* @param locale locale for which the property name must be customized
* @return display name for the property name
* @exception PolicyException if unable to get the diplay name.
*/
throws PolicyException {
}
/**
* Gets a set of valid values given the property name. This method
* is called if the property <code>Syntax</code> is either the
* <code>SINGLE_CHOICE</code> or <code>MULTIPLE_CHOICE</code>.
*
* @param property property name
* @return set of valid values for the property
*
* @exception PolicyException if unable to get the <code>Syntax</code>
*/
// use OrderedSet to ensure the default is "false"
return values;
}
return Collections.EMPTY_SET;
}
/**
* Sets the properties of the condition.
* Evaluation of <code>ConditionDecision</code> is influenced
* by these properties.
*
* @param properties the properties of the condition that governs
* whether a policy applies. The properties should define
* value for <code>MAX_SESSION_TIME</code> and optionally
* <code>TERMINATE_SESSION</code>.
* The value should be a Set of string values. The value for
* <code>MAX_SESSION_TIME</code> should be parse-able as
* an <code>Integer</code>
*
* @throws PolicyException if properties is null or does not contain
* valid value for <code>MAX_SESSION_TIME</code>
*/
this.properties = properties;
}
/**
* Gets the properties of the condition.
* @return unmodifiable <code>Map</code> view of the properties that govern
* the evaluation of the condition.
* Please note that properties is not cloned before returning
*/
return (properties == null)
}
/**
* Gets the decision computed by this condition object, based on the
* map of environment parameters or the user token. If the value of
* <code>TERMINATE_SESSION</code> is true and the condition
* evaluation is false, it terminates the user session.
*
* @param token single-sign-on token of the user
* condition looks for value of key
* <code>REQUEST_SESSION_CREATION_TIME</code> in the map. And the
* value should be a <code>Long</code>. If the <code>env</code> is
* null of does not define value for
* <code>REQUEST_SESSION_CREATION_TIME</code>, the
* value will be obtained from SSO token of the user
* @return The condition decision. The condition decision encapsulates
* whether a policy applies for the request and advice messages
* generated by the condition.
* Policy framework continues evaluating a policy only if it
* applies to the request as indicated by the condition decision.
* Otherwise, further evaluation of the policy is skipped.
* However, the advice messages encapsulated in the
* condition decision are aggregated and passed up, encapsulated in
* the policy decision
*
* @throws PolicyException if the condition has not been initialized
* @throws SSOException if the SSO token is invalid or there is error when
trying to destroy the SSO token
*
* @see com.sun.identity.policy.ConditionDecision
*/
throws PolicyException, SSOException {
boolean allowed = false;
}
try {
} catch (ClassCastException e) {
throw new PolicyException(
}
}
long tokenCreationTime;
if (requestSessionCreationTime != null) {
} else {
try {
} catch (ParseException e) {
throw new PolicyException(
"unable_to_parse_ssotoken_authinstant", null, e);
}
}
if (debug.messageEnabled()) {
new StringBuffer("SessionCondition.getConditionDecision():")
}
if (currentTime < expiredTime) {
allowed = true;
} else {
if (terminateSession) {
// set advice message
// terminate token session
try {
if (debug.messageEnabled()) {
"SessionCondition.getConditionDecision(): " +
"successfully terminated user session!");
}
} catch (SSOException ssoEx) {
if (debug.warningEnabled()) {
"SessionCondition.getConditionDecision(): " +
"failed to terminate user session!", ssoEx);
}
}
} else {
// set advice message
}
}
return conditionDecision;
}
/**
* Creates and returns a copy of this object.
*
* @return a copy of this object
*/
try {
} catch (CloneNotSupportedException e) {
// this should never happen
throw new InternalError();
}
if (properties != null) {
}
}
return theClone;
}
/**
* This method validates the properties set using the <code>setProperties
* </code> method. It checks for the presence of the required key
* <code>MAX_SESSION_TIME</code>, validates it and also makes sure no other
* invalid key is being set. It also looks for optional key
* TERMINATE_SESSION and ensures its value is valid.
* @see #MAX_SESSION_TIME
* @see #TERMINATE_SESSION
*/
throw new PolicyException(
}
if (debug.messageEnabled()) {
"properties: " + properties);
}
// validate and get max session time
try {
if (i > 0) {
maxSessionTime = i * 60000;
} else {
throw new PolicyException(
}
} catch (NumberFormatException e) {
throw new PolicyException(
}
// get value for terminate session
{
terminateSession = true;
}
return true;
}
/**
* Utility method to return the <code>propertyName</code> value
* from the properties map.
*/
if (required) {
throw new PolicyException(
} else {
return null;
}
}
}
}