session/service/SessionRequestHandler.java

	SessionRequestHandler.java revision 8af80418ba1ec431c8027fa9668e5678658d3611
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster/**
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster *
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Copyright (c) 2005 Sun Microsystems Inc. All Rights Reserved
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster *
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * The contents of this file are subject to the terms
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * of the Common Development and Distribution License
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * (the License). You may not use this file except in
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * compliance with the License.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster *
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * You can obtain a copy of the License at
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * https://opensso.dev.java.net/public/CDDLv1.0.html or
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * opensso/legal/CDDLv1.0.txt
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * See the License for the specific language governing
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * permission and limitations under the License.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster *
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * When distributing Covered Code, include this CDDL
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Header Notice in each file and include the License file
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * at opensso/legal/CDDLv1.0.txt.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * If applicable, add the following below the CDDL Header,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * with the fields enclosed by brackets [] replaced by
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * your own identifying information:
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * "Portions Copyrighted [year] [name of copyright owner]"
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster *
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * $Id: SessionRequestHandler.java,v 1.9 2009/04/02 04:11:44 ericow Exp $
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster *
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster */
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster/*
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Portions Copyrighted 2011 ForgeRock AS
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster */
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterpackage com.iplanet.dpro.session.service;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport com.iplanet.am.util.SystemProperties;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport com.iplanet.dpro.session.Session;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport com.iplanet.dpro.session.SessionException;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport com.iplanet.dpro.session.SessionID;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport com.iplanet.dpro.session.share.SessionBundle;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport com.iplanet.dpro.session.share.SessionInfo;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport com.iplanet.dpro.session.share.SessionRequest;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport com.iplanet.dpro.session.share.SessionResponse;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport com.iplanet.services.comm.server.RequestHandler;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport com.iplanet.services.comm.share.Request;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport com.iplanet.services.comm.share.Response;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport com.iplanet.services.comm.share.ResponseSet;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport com.sun.identity.session.util.RestrictedTokenAction;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport com.sun.identity.session.util.RestrictedTokenContext;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport com.sun.identity.session.util.SessionUtils;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport com.sun.identity.shared.encode.CookieUtils;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport com.sun.identity.shared.Constants;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport com.iplanet.sso.SSOToken;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport com.iplanet.sso.SSOTokenManager;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport java.net.URL;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport java.util.List;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport java.util.Map;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport javax.servlet.ServletContext;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport javax.servlet.http.HttpServletRequest;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport javax.servlet.http.HttpServletResponse;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterpublic class SessionRequestHandler implements RequestHandler {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster    private SessionService sessionService = null;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster    /*
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     * Added this property to block registration of the global notification
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     * listener (AddListenerOnAllSessions);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     */
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster    private static Boolean enableAddListenerOnAllSessions = null;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster    private SSOToken clientToken = null;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster    public SessionRequestHandler() {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        sessionService = SessionService.getSessionService();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster    }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster    public ResponseSet process(List<Request> requests,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster            HttpServletRequest servletRequest,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster            HttpServletResponse servletResponse, ServletContext servletContext) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        ResponseSet rset = new ResponseSet(SessionService.SESSION_SERVICE);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        for (Request req : requests) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster            Response res = processRequest(req, servletRequest, servletResponse);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster            rset.addResponse(res);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        return rset;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster    }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster    private Response processRequest(Request req,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster            HttpServletRequest servletRequest,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster            HttpServletResponse servletResponse) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        String content = req.getContent();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        SessionRequest sreq = SessionRequest.parseXML(content);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        SessionResponse sres = new SessionResponse(sreq.getRequestID(), sreq.getMethodID());
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        try {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster            // use remote client IP as default RestrictedToken context
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster            Object context = SessionUtils.getClientAddress(servletRequest);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster            this.clientToken = null;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster            String requester = sreq.getRequester();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster            if (requester != null) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                try {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                    context = RestrictedTokenContext.unmarshal(requester);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                    if (context instanceof SSOToken) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                        SSOTokenManager ssoTokenManager = SSOTokenManager.getInstance();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                        SSOToken adminToken = (SSOToken)context;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                        if (!ssoTokenManager.isValidToken(adminToken)) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                            sres.setException(SessionBundle.getString(
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                                    "appTokenInvalid") + requester);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                            return new Response(sres.toXMLString());
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                        }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                        this.clientToken = (SSOToken)context;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                    }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                } catch (Exception ex) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                    if (SessionService.sessionDebug.warningEnabled()) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                         SessionService.sessionDebug.warning(
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                             "SessionRequestHandler.processRequest:"
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                             + "app token invalid, sending Session response"
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                             +" with Exception");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                     }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                     sres.setException(SessionBundle.getString(
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                             "appTokenInvalid") + requester);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                     return new Response(sres.toXMLString());
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster            }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster            final HttpServletRequest httpReq = servletRequest;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster            final HttpServletResponse httpResp = servletResponse;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster            final SessionRequest fsreq = sreq;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster            sres = (SessionResponse) RestrictedTokenContext.doUsing(context,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                    new RestrictedTokenAction() {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                        public Object run() throws Exception {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                            return processSessionRequest(fsreq, httpReq,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                                    httpResp);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                        }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                    });
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        } catch (Exception ex) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster            SessionService.sessionDebug.error(
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                    "SessionRequestHandler encounterd exception", ex);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster            sres.setException(ex.getMessage());
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        return new Response(sres.toXMLString());
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster    }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster    private SessionResponse processSessionRequest(SessionRequest req,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster            HttpServletRequest servletRequest,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster            HttpServletResponse servletResponse) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        SessionResponse res = new SessionResponse(req.getRequestID(), req
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                .getMethodID());
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        SessionID sid = new SessionID(req.getSessionID());
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        Session requesterSession = null;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        try {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster            /* common processing by groups of methods */
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster            switch (req.getMethodID()) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster            /*
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster             * in this group of methods the request is targeting either all
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster             * LOCAL sessions or a single local session identified by another
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster             * request parameter sid in this case is only used to authenticate
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster             * the operation Session pointed by sid is not expected to be local
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster             * to this server (although it might)
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster             */
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster            case SessionRequest.GetValidSessions:
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster            case SessionRequest.AddSessionListenerOnAllSessions:
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster            case SessionRequest.GetSessionCount:
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                /*
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                 * note that the purpose of the following is just to check the
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                 * authentication of the caller (which can also be used as a
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                 * filter for the operation scope!)
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                 */
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                requesterSession = Session.getSession(sid);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                /*
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                 * also check that sid is not a restricted token
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                 */
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                if (requesterSession.getProperty(Session.TOKEN_RESTRICTION_PROP) != null) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                    res.setException(sid + " " + SessionBundle.getString("noPrivilege"));
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                    return res;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                break;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster            /*
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster             * In this group request is targeting a single session identified by
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster             * sid which is supposed to be hosted by this server instance sid is
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster             * used both as an id of a session and to authenticate the operation
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster             * (performed on own session)
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster             */
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster            case SessionRequest.GetSession:
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster            case SessionRequest.Logout:
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster            case SessionRequest.AddSessionListener:
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster            case SessionRequest.SetProperty:
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster            case SessionRequest.DestroySession:
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                if (req.getMethodID() == SessionRequest.DestroySession) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                    /*
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                     * note that the purpose of the following is just to check
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                     * the authentication of the caller (which can also be used
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                     * as a filter for the operation scope!)
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                     */
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                    requesterSession = Session.getSession(sid);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                    /*
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                     * also check that sid is not a restricted token
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                     */
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                    if (requesterSession.getProperty(
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                        Session.TOKEN_RESTRICTION_PROP)!= null) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                        res.setException(sid + " " + SessionBundle.getString("noPrivilege"));
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                        return res;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                    }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                    sid = new SessionID(req.getDestroySessionID());
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                } else if (req.getMethodID() == SessionRequest.SetProperty) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                    /*
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                     * This fix is to avoid clients sneaking in to set
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                     * protected properties in server-2 or so through
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                     * server-1. Short circuit this operation without
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                     * forwrading it further.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                     */
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                    try {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                        SessionUtils.checkPermissionToSetProperty(
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                                    this.clientToken, req.getPropertyName(),
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                                    req.getPropertyValue());
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                    } catch (SessionException se) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                        if (SessionService.sessionDebug.warningEnabled()) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                            SessionService.sessionDebug.warning(
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                                "SessionRequestHandler.processRequest:"
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                                + "Client does not have permission to set"
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                                + " - property key = " + req.getPropertyName()
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                                + " : property value = " + req.getPropertyValue());
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                        }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                        res.setException(sid + " " + SessionBundle.getString("noPrivilege"));
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                        return res;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                    }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                if (!sessionService.isSessionFailoverEnabled()) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                    // TODO check how this behaves in non-session failover case
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                    URL originService = Session.getSessionServiceURL(sid);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                    if (!sessionService.isLocalSessionService(originService)) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                        if (!sessionService.isSiteEnabled()) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                            String siteID = sid.getExtension(SessionID.SITE_ID);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                            if (siteID != null) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                                String primaryID = sid.getExtension(SessionID.PRIMARY_ID);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                                String localServerID = sessionService.getLocalServerID();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                                if (primaryID.equals(localServerID)) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                                    throw new SessionException("invalid session id");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                                }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                            }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                        } else {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                            return forward(originService, req);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                        }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                    }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                } else {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                    if (SessionService.getUseInternalRequestRouting()) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                        // first try
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                        String hostServerID = sessionService
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                                .getCurrentHostServer(sid);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                        if (!sessionService.isLocalServer(hostServerID)) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                            try {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                                return forward(Session.getSessionServiceURL(hostServerID), req);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                            } catch (SessionException se) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                                // attempt retry
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                                if (!sessionService.checkServerUp(hostServerID)) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                                    // proceed with failover
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                                    String retryHostServerID = sessionService
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                                            .getCurrentHostServer(sid);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                                    if (retryHostServerID.equals(hostServerID)) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                                        throw se;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                                    } else {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                                        // we have a shot at retrying here
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                                        // if it is remote, forward it
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                                        // otherwise treat it as a case of local
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                                        // case
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                                        if (!sessionService.isLocalServer(retryHostServerID)) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                                            return forward(Session.getSessionServiceURL(retryHostServerID), req);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                                        }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                                    }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                                } else {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                                    throw se;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                                }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                            }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                        }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                    } else {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                        // use LB-dependent routing
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                        // if session is not found at this instance we check that both OpenSSO session and
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                        // HTTP session cookies were enclosed in the request. If they were then LB must have
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                        // routed to the proper server instance and we must treat it as a session recovery
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                        // case. If any of the cookies missing or do not match the sid in the message we
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                        // assume that request was misrouted and correct it by forwarding via LB with all
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                        // cookies enclosed
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                        String isSessionCookie =
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                                CookieUtils.getCookieValueFromReq(servletRequest, Session.getCookieName());
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                        String httpCookie =
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                                CookieUtils.getCookieValueFromReq(servletRequest, SessionService.getHttpSessionTrackingCookieName());
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                        if (!sessionService.isSessionPresent(sid)
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                                && (isSessionCookie == null
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                                || !isSessionCookie.equals(sid.toString())
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                                || httpCookie == null
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                                || !httpCookie.equals(sid.getTail()))) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                            return forward(Session.getSessionServiceURL(sid), req);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                        }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                    }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                    /*
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                     * We determined that this server is the host and the
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                     * session must be found(or recovered) locally
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                     */
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                    /*
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                     * if session is not already present locally attempt to
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                     * recover session if in failover mode
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                     */
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                    if (!sessionService.isSessionPresent(sid)) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                        if (sessionService.recoverSession(sid) == null) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                            /*
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                             * if not in failover mode or recovery was not
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                             * successful return an exception
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                             */
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                            /*
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                             * !!!!! IMPORTANT !!!!! DO NOT REMOVE "sid" FROM
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                             * EXCEPTIONMESSAGE Logic kludge in legacy Agent 2.0
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                             * code will break If it can not find SID value in
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                             * the exception message returned by Session
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                             * Service. This dependency should be eventually
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                             * removed once we migrate customers to a newer
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                             * agent code base or switch to a new version of
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                             * Session Service interface
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                             */
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                            res.setException(sid + " " + SessionBundle.getString("sessionNotObtained"));
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                            return res;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                        }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                    }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                break;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster            default:
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                res.setException(sid + " " + SessionBundle.getString("unknownRequestMethod"));
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                return res;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster            }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster            /*
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster             * request method-specific processing
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster             */
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster            switch (req.getMethodID()) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster            case SessionRequest.GetSession:
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                res.addSessionInfo(sessionService.getSessionInfo(sid, req.getResetFlag()));
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                break;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster            case SessionRequest.GetValidSessions:
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                String pattern = req.getPattern();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                List<SessionInfo> infos = null;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                int status[] = { 0 };
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                infos = sessionService.getValidSessions(requesterSession, pattern, status);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                res.setStatus(status[0]);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                res.setSessionInfo(infos);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                break;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster            case SessionRequest.DestroySession:
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                sessionService.destroySession(requesterSession, new SessionID(req.getDestroySessionID()));
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                break;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster            case SessionRequest.Logout:
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                sessionService.logout(sid);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                break;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster            case SessionRequest.AddSessionListener:
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                sessionService.addSessionListener(sid, req.getNotificationURL());
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                break;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster            case SessionRequest.AddSessionListenerOnAllSessions:
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                /**
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                 * Cookie Hijacking fix to disable adding of Notification
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                 * Listener for ALL the sessions over the network to the server
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                 * instance specified by Notification URL This property can be
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                 * added and set in the AMConfig.properties file should there be
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                 * a need to add Notification Listener to ALL the sessions. The
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                 * default value of this property is FALSE
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                 */
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                if (getEnableAddListenerOnAllSessions()) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                    sessionService.addSessionListenerOnAllSessions(requesterSession, req.getNotificationURL());
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                break;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster            case SessionRequest.SetProperty:
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                sessionService.setExternalProperty(this.clientToken, sid,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                        req.getPropertyName(), req.getPropertyValue());
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                break;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster            case SessionRequest.GetSessionCount:
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                String uuid = req.getUUID();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                Object sessions = SessionCount.getSessionsFromLocalServer(uuid);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                if (sessions != null) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                    res.setSessionsForGivenUUID((Map) sessions);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                break;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster            default:
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                res.setException(sid + " " + SessionBundle.getString("unknownRequestMethod"));
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                break;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster            }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        } catch (SessionException se) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster            res.setException(sid + " " + se.getMessage());
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        return res;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster    }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster    private SessionResponse forward(URL svcurl, SessionRequest sreq)
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster    throws SessionException {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        try {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster            Object context = RestrictedTokenContext.getCurrent();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster            if (context != null) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                sreq.setRequester(RestrictedTokenContext.marshal(context));
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster            }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster            SessionResponse sres = Session.sendPLLRequest(svcurl, sreq);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster            if (sres.getException() != null) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                throw new SessionException(sres.getException());
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster            }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster            return sres;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        } catch (SessionException se) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster            throw se;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        } catch (Exception ex) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster            throw new SessionException(ex);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster    }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster    private static boolean getEnableAddListenerOnAllSessions() {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        if (enableAddListenerOnAllSessions == null) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster            enableAddListenerOnAllSessions = Boolean.valueOf(SystemProperties
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                    .get(Constants.ENABLE_ADD_LISTENER_ON_ALL_SESSIONS));
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        return enableAddListenerOnAllSessions.booleanValue();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster    }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster}