session/service/SessionRequestHandler.java

	SessionRequestHandler.java revision bf2a56fd7e5b3bb37378e87e32829a01402d27f0
53247d28ba99538f841a13ea2cde01c3faa3ef36kenneth_suter/*
53247d28ba99538f841a13ea2cde01c3faa3ef36kenneth_suter * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
53247d28ba99538f841a13ea2cde01c3faa3ef36kenneth_suter *
53247d28ba99538f841a13ea2cde01c3faa3ef36kenneth_suter * Copyright (c) 2005 Sun Microsystems Inc. All Rights Reserved
53247d28ba99538f841a13ea2cde01c3faa3ef36kenneth_suter *
53247d28ba99538f841a13ea2cde01c3faa3ef36kenneth_suter * The contents of this file are subject to the terms
53247d28ba99538f841a13ea2cde01c3faa3ef36kenneth_suter * of the Common Development and Distribution License
53247d28ba99538f841a13ea2cde01c3faa3ef36kenneth_suter * (the License). You may not use this file except in
53247d28ba99538f841a13ea2cde01c3faa3ef36kenneth_suter * compliance with the License.
53247d28ba99538f841a13ea2cde01c3faa3ef36kenneth_suter *
53247d28ba99538f841a13ea2cde01c3faa3ef36kenneth_suter * You can obtain a copy of the License at
53247d28ba99538f841a13ea2cde01c3faa3ef36kenneth_suter * https://opensso.dev.java.net/public/CDDLv1.0.html or
53247d28ba99538f841a13ea2cde01c3faa3ef36kenneth_suter * opensso/legal/CDDLv1.0.txt
53247d28ba99538f841a13ea2cde01c3faa3ef36kenneth_suter * See the License for the specific language governing
53247d28ba99538f841a13ea2cde01c3faa3ef36kenneth_suter * permission and limitations under the License.
53247d28ba99538f841a13ea2cde01c3faa3ef36kenneth_suter *
53247d28ba99538f841a13ea2cde01c3faa3ef36kenneth_suter * When distributing Covered Code, include this CDDL
53247d28ba99538f841a13ea2cde01c3faa3ef36kenneth_suter * Header Notice in each file and include the License file
53247d28ba99538f841a13ea2cde01c3faa3ef36kenneth_suter * at opensso/legal/CDDLv1.0.txt.
53247d28ba99538f841a13ea2cde01c3faa3ef36kenneth_suter * If applicable, add the following below the CDDL Header,
53247d28ba99538f841a13ea2cde01c3faa3ef36kenneth_suter * with the fields enclosed by brackets [] replaced by
53247d28ba99538f841a13ea2cde01c3faa3ef36kenneth_suter * your own identifying information:
88b21ceea35c266dd8f33fbafd9973d443efe96fmrossign * "Portions Copyrighted [year] [name of copyright owner]"
2b883938e131f26b1e3c69156125436e5f2ecabamatthew *
44927ac95bbf5d52e9dae2100e09b58f1f01f8dbgbellato * $Id: SessionRequestHandler.java,v 1.9 2009/04/02 04:11:44 ericow Exp $
44927ac95bbf5d52e9dae2100e09b58f1f01f8dbgbellato *
44927ac95bbf5d52e9dae2100e09b58f1f01f8dbgbellato * Portions Copyrighted 2011-2016 ForgeRock AS.
44927ac95bbf5d52e9dae2100e09b58f1f01f8dbgbellato */
44927ac95bbf5d52e9dae2100e09b58f1f01f8dbgbellatopackage com.iplanet.dpro.session.service;
44927ac95bbf5d52e9dae2100e09b58f1f01f8dbgbellato
53247d28ba99538f841a13ea2cde01c3faa3ef36kenneth_suterimport static org.forgerock.openam.audit.AuditConstants.Component.*;
53247d28ba99538f841a13ea2cde01c3faa3ef36kenneth_suterimport static org.forgerock.openam.session.SessionConstants.*;
53247d28ba99538f841a13ea2cde01c3faa3ef36kenneth_suter
53247d28ba99538f841a13ea2cde01c3faa3ef36kenneth_suterimport java.net.URL;
53247d28ba99538f841a13ea2cde01c3faa3ef36kenneth_suterimport java.util.ArrayList;
53247d28ba99538f841a13ea2cde01c3faa3ef36kenneth_suterimport java.util.List;
53247d28ba99538f841a13ea2cde01c3faa3ef36kenneth_suterimport java.util.Map;
53247d28ba99538f841a13ea2cde01c3faa3ef36kenneth_suter
53247d28ba99538f841a13ea2cde01c3faa3ef36kenneth_suterimport javax.servlet.ServletContext;
53247d28ba99538f841a13ea2cde01c3faa3ef36kenneth_suterimport javax.servlet.http.HttpServletRequest;
53247d28ba99538f841a13ea2cde01c3faa3ef36kenneth_suterimport javax.servlet.http.HttpServletResponse;
53247d28ba99538f841a13ea2cde01c3faa3ef36kenneth_suter
53247d28ba99538f841a13ea2cde01c3faa3ef36kenneth_suterimport org.forgerock.guice.core.InjectorHolder;
53247d28ba99538f841a13ea2cde01c3faa3ef36kenneth_suterimport org.forgerock.openam.session.SessionCache;
53247d28ba99538f841a13ea2cde01c3faa3ef36kenneth_suterimport org.forgerock.openam.session.SessionPLLSender;
53247d28ba99538f841a13ea2cde01c3faa3ef36kenneth_suterimport org.forgerock.openam.session.SessionServiceURLService;
53247d28ba99538f841a13ea2cde01c3faa3ef36kenneth_suterimport org.forgerock.openam.sso.providers.stateless.StatelessSessionFactory;
53247d28ba99538f841a13ea2cde01c3faa3ef36kenneth_suter
53247d28ba99538f841a13ea2cde01c3faa3ef36kenneth_suterimport com.google.inject.Key;
53247d28ba99538f841a13ea2cde01c3faa3ef36kenneth_suterimport com.google.inject.name.Names;
53247d28ba99538f841a13ea2cde01c3faa3ef36kenneth_suterimport com.iplanet.dpro.session.Session;
53247d28ba99538f841a13ea2cde01c3faa3ef36kenneth_suterimport com.iplanet.dpro.session.SessionException;
53247d28ba99538f841a13ea2cde01c3faa3ef36kenneth_suterimport com.iplanet.dpro.session.SessionID;
53247d28ba99538f841a13ea2cde01c3faa3ef36kenneth_suterimport com.iplanet.dpro.session.share.SessionBundle;
53247d28ba99538f841a13ea2cde01c3faa3ef36kenneth_suterimport com.iplanet.dpro.session.share.SessionInfo;
53247d28ba99538f841a13ea2cde01c3faa3ef36kenneth_suterimport com.iplanet.dpro.session.share.SessionRequest;
53247d28ba99538f841a13ea2cde01c3faa3ef36kenneth_suterimport com.iplanet.dpro.session.share.SessionResponse;
53247d28ba99538f841a13ea2cde01c3faa3ef36kenneth_suterimport com.iplanet.services.comm.server.PLLAuditor;
dbc7d9a87959bb94723ca1f56e22cbd9044fb416gbellatoimport com.iplanet.services.comm.server.RequestHandler;
dbc7d9a87959bb94723ca1f56e22cbd9044fb416gbellatoimport com.iplanet.services.comm.share.Request;
dbc7d9a87959bb94723ca1f56e22cbd9044fb416gbellatoimport com.iplanet.services.comm.share.Response;
dbc7d9a87959bb94723ca1f56e22cbd9044fb416gbellatoimport com.iplanet.services.comm.share.ResponseSet;
53247d28ba99538f841a13ea2cde01c3faa3ef36kenneth_suterimport com.iplanet.sso.SSOException;
53247d28ba99538f841a13ea2cde01c3faa3ef36kenneth_suterimport com.iplanet.sso.SSOToken;
53247d28ba99538f841a13ea2cde01c3faa3ef36kenneth_suterimport com.iplanet.sso.SSOTokenManager;
6bb100d3f180f6f3c740b20e09cb6bdc304cddcfpgambaimport com.sun.identity.common.SearchResults;
53247d28ba99538f841a13ea2cde01c3faa3ef36kenneth_suterimport com.sun.identity.session.util.RestrictedTokenAction;
6bb100d3f180f6f3c740b20e09cb6bdc304cddcfpgambaimport com.sun.identity.session.util.RestrictedTokenContext;
6bb100d3f180f6f3c740b20e09cb6bdc304cddcfpgambaimport com.sun.identity.session.util.SessionUtils;
53247d28ba99538f841a13ea2cde01c3faa3ef36kenneth_suterimport com.sun.identity.shared.Constants;
53247d28ba99538f841a13ea2cde01c3faa3ef36kenneth_suterimport com.sun.identity.shared.debug.Debug;
53247d28ba99538f841a13ea2cde01c3faa3ef36kenneth_suter
44927ac95bbf5d52e9dae2100e09b58f1f01f8dbgbellato/**
53247d28ba99538f841a13ea2cde01c3faa3ef36kenneth_suter * Responsible for processing a PLL request and routing it to the appropriate handler which will respond to the caller
53247d28ba99538f841a13ea2cde01c3faa3ef36kenneth_suter * the results of the operation.
53247d28ba99538f841a13ea2cde01c3faa3ef36kenneth_suter *
5c5d8d41fd26273525b669e084095ef2172457b6mrossign * The operations available from this handler split into two broad categories:
d25372dc8e65a9ed019a88fdf659ca61313f1b31jcduff *
53247d28ba99538f841a13ea2cde01c3faa3ef36kenneth_suter * In the first group, the request is targeting either all LOCAL sessions or a single local session identified by another
53247d28ba99538f841a13ea2cde01c3faa3ef36kenneth_suter * request parameter. The session ID in this case is only used to authenticate the operation. That session is not
d25372dc8e65a9ed019a88fdf659ca61313f1b31jcduff * expected to be local to this server (although it might). These operations are:
d25372dc8e65a9ed019a88fdf659ca61313f1b31jcduff * <ul>
44927ac95bbf5d52e9dae2100e09b58f1f01f8dbgbellato *   <li>GetValidSessions</li>
44927ac95bbf5d52e9dae2100e09b58f1f01f8dbgbellato *   <li>GetSessionCount</li>
53247d28ba99538f841a13ea2cde01c3faa3ef36kenneth_suter * </ul>
5c5d8d41fd26273525b669e084095ef2172457b6mrossign *
5c5d8d41fd26273525b669e084095ef2172457b6mrossign * In the second group, the request is targeting a single session identified by a session ID, which is supposed to be
dbc7d9a87959bb94723ca1f56e22cbd9044fb416gbellato * hosted by this server instance. The session ID is used both as an id for the target session and to authenticate the
dbc7d9a87959bb94723ca1f56e22cbd9044fb416gbellato * operation (i.e. operations are performed on the callers own session). The operations in this group are:
53247d28ba99538f841a13ea2cde01c3faa3ef36kenneth_suter * <ul>
53247d28ba99538f841a13ea2cde01c3faa3ef36kenneth_suter *   <li>GetSession</li>
53247d28ba99538f841a13ea2cde01c3faa3ef36kenneth_suter *   <li>Logout</li>
dbc7d9a87959bb94723ca1f56e22cbd9044fb416gbellato *   <li>AddSessionListener</li>
53247d28ba99538f841a13ea2cde01c3faa3ef36kenneth_suter *   <li>SetProperty</li>
dbc7d9a87959bb94723ca1f56e22cbd9044fb416gbellato *   <li>DestroySession</li>
8c6a14e9610d08491d2e2415c0c603441ddb4968kenneth_suter * </ul>
dbc7d9a87959bb94723ca1f56e22cbd9044fb416gbellato */
53247d28ba99538f841a13ea2cde01c3faa3ef36kenneth_suterpublic class SessionRequestHandler implements RequestHandler {
dbc7d9a87959bb94723ca1f56e22cbd9044fb416gbellato
dbc7d9a87959bb94723ca1f56e22cbd9044fb416gbellato    private final SessionService sessionService;
8c6a14e9610d08491d2e2415c0c603441ddb4968kenneth_suter    private final Debug sessionDebug;
d25372dc8e65a9ed019a88fdf659ca61313f1b31jcduff    private final SessionServerConfig serverConfig;
d25372dc8e65a9ed019a88fdf659ca61313f1b31jcduff    private final StatelessSessionFactory statelessSessionFactory;
53247d28ba99538f841a13ea2cde01c3faa3ef36kenneth_suter
8c6a14e9610d08491d2e2415c0c603441ddb4968kenneth_suter    private SSOToken clientToken = null;
53247d28ba99538f841a13ea2cde01c3faa3ef36kenneth_suter
8c6a14e9610d08491d2e2415c0c603441ddb4968kenneth_suter    private static final SessionServiceURLService SESSION_SERVICE_URL_SERVICE = InjectorHolder.getInstance(SessionServiceURLService.class);
c4cdb34ae21ebbbc11586715cfa777fd2a75b8e0gbellato    private static final SessionCache sessionCache = InjectorHolder.getInstance(SessionCache.class);
c4cdb34ae21ebbbc11586715cfa777fd2a75b8e0gbellato    private static final SessionPLLSender sessionPLLSender = InjectorHolder.getInstance(SessionPLLSender.class);
c4cdb34ae21ebbbc11586715cfa777fd2a75b8e0gbellato
53247d28ba99538f841a13ea2cde01c3faa3ef36kenneth_suter    public SessionRequestHandler() {
53247d28ba99538f841a13ea2cde01c3faa3ef36kenneth_suter        sessionService = InjectorHolder.getInstance(SessionService.class);
53247d28ba99538f841a13ea2cde01c3faa3ef36kenneth_suter        sessionDebug =  InjectorHolder.getInstance(Key.get(Debug.class, Names.named(SESSION_DEBUG)));
44927ac95bbf5d52e9dae2100e09b58f1f01f8dbgbellato        serverConfig = InjectorHolder.getInstance(SessionServerConfig.class);
53247d28ba99538f841a13ea2cde01c3faa3ef36kenneth_suter        statelessSessionFactory = InjectorHolder.getInstance(StatelessSessionFactory.class);
dbc7d9a87959bb94723ca1f56e22cbd9044fb416gbellato    }
dbc7d9a87959bb94723ca1f56e22cbd9044fb416gbellato
32ae71dc042a0705476818a67d5abcebf52689b9lfrost    /**
dbc7d9a87959bb94723ca1f56e22cbd9044fb416gbellato     * Understands how to resolve a Token based on its SessionID.
53247d28ba99538f841a13ea2cde01c3faa3ef36kenneth_suter     *
53247d28ba99538f841a13ea2cde01c3faa3ef36kenneth_suter     * Stateless Sessions by their very nature do not need to be stored in memory, and so
dbc7d9a87959bb94723ca1f56e22cbd9044fb416gbellato     * can be resolved in a different way to Stateful Sessions.
32ae71dc042a0705476818a67d5abcebf52689b9lfrost     *
32ae71dc042a0705476818a67d5abcebf52689b9lfrost     * @param sessionID Non null Session ID.
53247d28ba99538f841a13ea2cde01c3faa3ef36kenneth_suter     *
32ae71dc042a0705476818a67d5abcebf52689b9lfrost     * @return Null if no matching Session could be found, otherwise a non null
32ae71dc042a0705476818a67d5abcebf52689b9lfrost     * Session instance.
53247d28ba99538f841a13ea2cde01c3faa3ef36kenneth_suter     *
53247d28ba99538f841a13ea2cde01c3faa3ef36kenneth_suter     * @throws SessionException If there was an error resolving the Session.
53247d28ba99538f841a13ea2cde01c3faa3ef36kenneth_suter     */
53247d28ba99538f841a13ea2cde01c3faa3ef36kenneth_suter    private Session resolveSession(SessionID sessionID) throws SessionException {
dbc7d9a87959bb94723ca1f56e22cbd9044fb416gbellato        if (statelessSessionFactory.containsJwt(sessionID)) {
53247d28ba99538f841a13ea2cde01c3faa3ef36kenneth_suter            return statelessSessionFactory.generate(sessionID);
dbc7d9a87959bb94723ca1f56e22cbd9044fb416gbellato        }
dbc7d9a87959bb94723ca1f56e22cbd9044fb416gbellato        return sessionCache.getSession(sessionID);
32ae71dc042a0705476818a67d5abcebf52689b9lfrost    }
53247d28ba99538f841a13ea2cde01c3faa3ef36kenneth_suter
53247d28ba99538f841a13ea2cde01c3faa3ef36kenneth_suter    @Override
53247d28ba99538f841a13ea2cde01c3faa3ef36kenneth_suter    public ResponseSet process(PLLAuditor auditor,
53247d28ba99538f841a13ea2cde01c3faa3ef36kenneth_suter                               List<Request> requests,
53247d28ba99538f841a13ea2cde01c3faa3ef36kenneth_suter                               HttpServletRequest servletRequest,
4d325b0e734b14038f641390866198852cb8a3dfludovicp                               HttpServletResponse servletResponse,
4d325b0e734b14038f641390866198852cb8a3dfludovicp                               ServletContext servletContext) {
4d325b0e734b14038f641390866198852cb8a3dfludovicp        ResponseSet rset = new ResponseSet(SessionService.SESSION_SERVICE);
53247d28ba99538f841a13ea2cde01c3faa3ef36kenneth_suter
4d325b0e734b14038f641390866198852cb8a3dfludovicp        auditor.setComponent(SESSION);
4d325b0e734b14038f641390866198852cb8a3dfludovicp        for (Request req : requests) {
d6d2f1fe7f71b877214d2adee570f1b44b115a99gbellato            Response res = processRequest(auditor, req, servletRequest);
53247d28ba99538f841a13ea2cde01c3faa3ef36kenneth_suter            rset.addResponse(res);
53247d28ba99538f841a13ea2cde01c3faa3ef36kenneth_suter        }
53247d28ba99538f841a13ea2cde01c3faa3ef36kenneth_suter
53247d28ba99538f841a13ea2cde01c3faa3ef36kenneth_suter        return rset;
53247d28ba99538f841a13ea2cde01c3faa3ef36kenneth_suter    }
53247d28ba99538f841a13ea2cde01c3faa3ef36kenneth_suter
53247d28ba99538f841a13ea2cde01c3faa3ef36kenneth_suter    private Response processRequest(
53247d28ba99538f841a13ea2cde01c3faa3ef36kenneth_suter            final PLLAuditor auditor,
d25372dc8e65a9ed019a88fdf659ca61313f1b31jcduff            final Request req,
d25372dc8e65a9ed019a88fdf659ca61313f1b31jcduff            final HttpServletRequest servletRequest) {
d25372dc8e65a9ed019a88fdf659ca61313f1b31jcduff
d25372dc8e65a9ed019a88fdf659ca61313f1b31jcduff        final SessionRequest sreq = SessionRequest.parseXML(req.getContent());
53247d28ba99538f841a13ea2cde01c3faa3ef36kenneth_suter        auditor.setMethod(sreq.getMethodName());
53247d28ba99538f841a13ea2cde01c3faa3ef36kenneth_suter        SessionResponse sres = new SessionResponse(sreq.getRequestID(), sreq.getMethodID());
44927ac95bbf5d52e9dae2100e09b58f1f01f8dbgbellato
8aa517a976c8407ed43dc4fd89e9dc887c9f2d9cneil_a_wilson        Object context;
44927ac95bbf5d52e9dae2100e09b58f1f01f8dbgbellato        try {
53247d28ba99538f841a13ea2cde01c3faa3ef36kenneth_suter            // use remote client IP as default RestrictedToken context
44927ac95bbf5d52e9dae2100e09b58f1f01f8dbgbellato            context = SessionUtils.getClientAddress(servletRequest);
44927ac95bbf5d52e9dae2100e09b58f1f01f8dbgbellato            this.clientToken = null;
53247d28ba99538f841a13ea2cde01c3faa3ef36kenneth_suter        } catch (Exception ex) {
53247d28ba99538f841a13ea2cde01c3faa3ef36kenneth_suter            sessionDebug.error("SessionRequestHandler encountered exception", ex);
53247d28ba99538f841a13ea2cde01c3faa3ef36kenneth_suter            sres.setException(ex.getMessage());
53247d28ba99538f841a13ea2cde01c3faa3ef36kenneth_suter            return auditedExceptionResponse(auditor, sres);
a776a93d0afa206f307e9140a35497ee255840f2mrossign        }
53247d28ba99538f841a13ea2cde01c3faa3ef36kenneth_suter
53247d28ba99538f841a13ea2cde01c3faa3ef36kenneth_suter        String requester = sreq.getRequester();
53247d28ba99538f841a13ea2cde01c3faa3ef36kenneth_suter        if (requester != null) {
85f6e15f35fa13ce5e3d0ed1716c8986b048745emrossign            try {
53247d28ba99538f841a13ea2cde01c3faa3ef36kenneth_suter                context = RestrictedTokenContext.unmarshal(requester);
44927ac95bbf5d52e9dae2100e09b58f1f01f8dbgbellato
44927ac95bbf5d52e9dae2100e09b58f1f01f8dbgbellato                if (context instanceof SSOToken) {
44927ac95bbf5d52e9dae2100e09b58f1f01f8dbgbellato                    SSOTokenManager ssoTokenManager = SSOTokenManager.getInstance();
44927ac95bbf5d52e9dae2100e09b58f1f01f8dbgbellato                    SSOToken adminToken = (SSOToken)context;
6bb100d3f180f6f3c740b20e09cb6bdc304cddcfpgamba
d361f9c126f69149b31512e1da2566cd05205f11gbellato                    if (!ssoTokenManager.isValidToken(adminToken)) {
d361f9c126f69149b31512e1da2566cd05205f11gbellato                        sres.setException(SessionBundle.getString("appTokenInvalid") + requester);
d361f9c126f69149b31512e1da2566cd05205f11gbellato                        return auditedExceptionResponse(auditor, sres);
d361f9c126f69149b31512e1da2566cd05205f11gbellato                    }
d361f9c126f69149b31512e1da2566cd05205f11gbellato
d361f9c126f69149b31512e1da2566cd05205f11gbellato                    this.clientToken = (SSOToken)context;
6bb100d3f180f6f3c740b20e09cb6bdc304cddcfpgamba                }
cd1e79978ef93553e6bee585a61e63256596f9eccoulbeck            } catch (Exception ex) {
6bb100d3f180f6f3c740b20e09cb6bdc304cddcfpgamba                if (sessionDebug.warningEnabled()) {
cd1e79978ef93553e6bee585a61e63256596f9eccoulbeck                    sessionDebug.warning(
72203eb185213ac610d2d9f4d2cd58d222aa72fdpgamba                            "SessionRequestHandler.processRequest:"
cd1e79978ef93553e6bee585a61e63256596f9eccoulbeck                                    + "app token invalid, sending Session response"
6bb100d3f180f6f3c740b20e09cb6bdc304cddcfpgamba                                    +" with Exception");
cd1e79978ef93553e6bee585a61e63256596f9eccoulbeck                }
6bb100d3f180f6f3c740b20e09cb6bdc304cddcfpgamba                sres.setException(SessionBundle.getString("appTokenInvalid") + requester);
d25372dc8e65a9ed019a88fdf659ca61313f1b31jcduff                return auditedExceptionResponse(auditor, sres);
6bb100d3f180f6f3c740b20e09cb6bdc304cddcfpgamba            }
6bb100d3f180f6f3c740b20e09cb6bdc304cddcfpgamba        }
6bb100d3f180f6f3c740b20e09cb6bdc304cddcfpgamba
6bb100d3f180f6f3c740b20e09cb6bdc304cddcfpgamba        try {
6bb100d3f180f6f3c740b20e09cb6bdc304cddcfpgamba            sres = (SessionResponse) RestrictedTokenContext.doUsing(context,
cd1e79978ef93553e6bee585a61e63256596f9eccoulbeck                    new RestrictedTokenAction() {
6bb100d3f180f6f3c740b20e09cb6bdc304cddcfpgamba                        public Object run() throws Exception {
6bb100d3f180f6f3c740b20e09cb6bdc304cddcfpgamba                            try {
6bb100d3f180f6f3c740b20e09cb6bdc304cddcfpgamba                                return processSessionRequest(auditor, sreq);
6bb100d3f180f6f3c740b20e09cb6bdc304cddcfpgamba                            } catch (ForwardSessionRequestException fsre) {
6bb100d3f180f6f3c740b20e09cb6bdc304cddcfpgamba                                return fsre.getResponse(); // This request needs to be forwarded to another server.
6bb100d3f180f6f3c740b20e09cb6bdc304cddcfpgamba                            } catch (SessionException se) {
cd1e79978ef93553e6bee585a61e63256596f9eccoulbeck                                sessionDebug.message("processSessionRequest caught exception: {}", se.getMessage(), se);
cd1e79978ef93553e6bee585a61e63256596f9eccoulbeck                                return handleException(sreq, new SessionID(sreq.getSessionID()), se.getMessage());
cd1e79978ef93553e6bee585a61e63256596f9eccoulbeck                            } catch (SessionRequestException se) {
de0a11aeb6a2954fb43eecd2e646eb2d03c41f71pgamba                                sessionDebug.message("processSessionRequest caught exception: {}", se.getResponseMessage(), se);
cd1e79978ef93553e6bee585a61e63256596f9eccoulbeck                                return handleException(sreq, se.getSid(), se.getResponseMessage());
de0a11aeb6a2954fb43eecd2e646eb2d03c41f71pgamba                            }
f48d1d8b0d4eedce62a4b826e6004ac9da860756pgamba                        }
f48d1d8b0d4eedce62a4b826e6004ac9da860756pgamba                    });
cd1e79978ef93553e6bee585a61e63256596f9eccoulbeck        } catch (Exception ex) {
eb4e26a8f06d28b2b79f2ce6f1ffd9611dd2c82apgamba            sessionDebug.error("SessionRequestHandler encountered exception", ex);
f48d1d8b0d4eedce62a4b826e6004ac9da860756pgamba            sres.setException(ex.getMessage());
f48d1d8b0d4eedce62a4b826e6004ac9da860756pgamba        }
c32408bfa74b32709a029b95bbd7bebae67bb919gbellato
f48d1d8b0d4eedce62a4b826e6004ac9da860756pgamba        if (sres.getException() == null) {
c32408bfa74b32709a029b95bbd7bebae67bb919gbellato            auditor.auditAccessSuccess();
c32408bfa74b32709a029b95bbd7bebae67bb919gbellato        } else {
808aea46662d46c93cb4b8d26cd7ca4c31108b37dugan            auditor.auditAccessFailure(sres.getException());
808aea46662d46c93cb4b8d26cd7ca4c31108b37dugan        }
808aea46662d46c93cb4b8d26cd7ca4c31108b37dugan
808aea46662d46c93cb4b8d26cd7ca4c31108b37dugan        return new Response(sres.toXMLString());
808aea46662d46c93cb4b8d26cd7ca4c31108b37dugan    }
5faab39c66ccd49a6c2bc1f9408f5fd131f33e00pgamba
5faab39c66ccd49a6c2bc1f9408f5fd131f33e00pgamba    private Response auditedExceptionResponse(PLLAuditor auditor, SessionResponse sres) {
df880e8f097ecf074c379e7137f2672437ac858fmatthew        auditor.auditAccessAttempt();
df880e8f097ecf074c379e7137f2672437ac858fmatthew        auditor.auditAccessFailure(sres.getException());
df880e8f097ecf074c379e7137f2672437ac858fmatthew        return new Response(sres.toXMLString());
4b06d356a3a1c7773b28a83650c8103723b0d803mrossign    }
4b06d356a3a1c7773b28a83650c8103723b0d803mrossign
38517882c5bafd5ce8f2f6388542cc27ae307682matthew_swift    private SessionResponse processSessionRequest(PLLAuditor auditor, SessionRequest req) throws SessionException,
38517882c5bafd5ce8f2f6388542cc27ae307682matthew_swift            SessionRequestException, ForwardSessionRequestException {
5c5d8d41fd26273525b669e084095ef2172457b6mrossign        SessionID sid = new SessionID(req.getSessionID());
5c5d8d41fd26273525b669e084095ef2172457b6mrossign
5c5d8d41fd26273525b669e084095ef2172457b6mrossign        Session requesterSession = null;
5c5d8d41fd26273525b669e084095ef2172457b6mrossign
5c5d8d41fd26273525b669e084095ef2172457b6mrossign        try {
c4cdb34ae21ebbbc11586715cfa777fd2a75b8e0gbellato            requesterSession = resolveSession(sid);
5c5d8d41fd26273525b669e084095ef2172457b6mrossign            auditAccessAttempt(auditor, requesterSession);
5c5d8d41fd26273525b669e084095ef2172457b6mrossign        } catch (SessionException se) {
df880e8f097ecf074c379e7137f2672437ac858fmatthew            // Log the access attempt without session properties, then continue.
df880e8f097ecf074c379e7137f2672437ac858fmatthew            auditor.auditAccessAttempt();
9c1d3b0f3b788959b5a512fd5bdaf2fbcd7c5022fdorson            throw se;
0a79ef609d114a911431d260ea8210eb28013562pgamba        }
4d325b0e734b14038f641390866198852cb8a3dfludovicp
4d325b0e734b14038f641390866198852cb8a3dfludovicp        verifyValidRequest(req, requesterSession);
4d325b0e734b14038f641390866198852cb8a3dfludovicp        return processMethod(req, requesterSession);
4d325b0e734b14038f641390866198852cb8a3dfludovicp    }
4d325b0e734b14038f641390866198852cb8a3dfludovicp
4d325b0e734b14038f641390866198852cb8a3dfludovicp    private void verifyRequestingSessionIsNotRestrictedToken(Session requesterSession)
d25372dc8e65a9ed019a88fdf659ca61313f1b31jcduff            throws SessionException, SessionRequestException {
d25372dc8e65a9ed019a88fdf659ca61313f1b31jcduff        if (requesterSession.getProperty(TOKEN_RESTRICTION_PROP) != null) {
d25372dc8e65a9ed019a88fdf659ca61313f1b31jcduff            throw new SessionRequestException(requesterSession.getSessionID(), SessionBundle.getString("noPrivilege"));
d25372dc8e65a9ed019a88fdf659ca61313f1b31jcduff        }
d25372dc8e65a9ed019a88fdf659ca61313f1b31jcduff    }
d25372dc8e65a9ed019a88fdf659ca61313f1b31jcduff
d25372dc8e65a9ed019a88fdf659ca61313f1b31jcduff    private void verifyValidRequest(SessionRequest req, Session requesterSession) throws SessionException,
d25372dc8e65a9ed019a88fdf659ca61313f1b31jcduff            SessionRequestException, ForwardSessionRequestException {
d25372dc8e65a9ed019a88fdf659ca61313f1b31jcduff        SessionID targetSid = requesterSession.getSessionID();
d25372dc8e65a9ed019a88fdf659ca61313f1b31jcduff        if (req.getMethodID() == SessionRequest.DestroySession) {
d25372dc8e65a9ed019a88fdf659ca61313f1b31jcduff            targetSid = new SessionID(req.getDestroySessionID());
d25372dc8e65a9ed019a88fdf659ca61313f1b31jcduff            verifyRequestingSessionIsNotRestrictedToken(requesterSession);
d25372dc8e65a9ed019a88fdf659ca61313f1b31jcduff        } else if (req.getMethodID() == SessionRequest.SetProperty) {
d25372dc8e65a9ed019a88fdf659ca61313f1b31jcduff            try {
d25372dc8e65a9ed019a88fdf659ca61313f1b31jcduff                SessionUtils.checkPermissionToSetProperty(
d25372dc8e65a9ed019a88fdf659ca61313f1b31jcduff                        this.clientToken, req.getPropertyName(),
d25372dc8e65a9ed019a88fdf659ca61313f1b31jcduff                        req.getPropertyValue());
d25372dc8e65a9ed019a88fdf659ca61313f1b31jcduff            } catch (SessionException se) {
d25372dc8e65a9ed019a88fdf659ca61313f1b31jcduff                if (sessionDebug.warningEnabled()) {
d25372dc8e65a9ed019a88fdf659ca61313f1b31jcduff                    sessionDebug.warning("SessionRequestHandler.processRequest: Client does not have permission to set"
d25372dc8e65a9ed019a88fdf659ca61313f1b31jcduff                                    + " - property key = " + req.getPropertyName()
d25372dc8e65a9ed019a88fdf659ca61313f1b31jcduff                                    + " : property value = " + req.getPropertyValue());
d25372dc8e65a9ed019a88fdf659ca61313f1b31jcduff                }
d25372dc8e65a9ed019a88fdf659ca61313f1b31jcduff                throw new SessionRequestException(requesterSession.getSessionID(), SessionBundle.getString("noPrivilege"));
d25372dc8e65a9ed019a88fdf659ca61313f1b31jcduff            }
d25372dc8e65a9ed019a88fdf659ca61313f1b31jcduff        }
d25372dc8e65a9ed019a88fdf659ca61313f1b31jcduff
d25372dc8e65a9ed019a88fdf659ca61313f1b31jcduff        switch (req.getMethodID()) {
d25372dc8e65a9ed019a88fdf659ca61313f1b31jcduff            case SessionRequest.GetValidSessions:
d25372dc8e65a9ed019a88fdf659ca61313f1b31jcduff            case SessionRequest.GetSessionCount:
d25372dc8e65a9ed019a88fdf659ca61313f1b31jcduff                verifyRequestingSessionIsNotRestrictedToken(requesterSession);
d25372dc8e65a9ed019a88fdf659ca61313f1b31jcduff                break;
d25372dc8e65a9ed019a88fdf659ca61313f1b31jcduff
d25372dc8e65a9ed019a88fdf659ca61313f1b31jcduff            case SessionRequest.GetSession:
d25372dc8e65a9ed019a88fdf659ca61313f1b31jcduff            case SessionRequest.Logout:
d25372dc8e65a9ed019a88fdf659ca61313f1b31jcduff            case SessionRequest.AddSessionListener:
d25372dc8e65a9ed019a88fdf659ca61313f1b31jcduff            case SessionRequest.SetProperty:
02186d7fb7ba6146abbb02734f14f2e0c355bd0fmrossign            case SessionRequest.DestroySession:
02186d7fb7ba6146abbb02734f14f2e0c355bd0fmrossign                verifyTargetSessionIsLocal(req, targetSid);
cdff8881b1bccbda7289cc18df0703bf420f5c35mrossign                break;
c4cdb34ae21ebbbc11586715cfa777fd2a75b8e0gbellato            default:
c4cdb34ae21ebbbc11586715cfa777fd2a75b8e0gbellato                throw new SessionRequestException(requesterSession.getSessionID(), SessionBundle.getString("unknownRequestMethod"));
c4cdb34ae21ebbbc11586715cfa777fd2a75b8e0gbellato        }
c4cdb34ae21ebbbc11586715cfa777fd2a75b8e0gbellato    }
c4cdb34ae21ebbbc11586715cfa777fd2a75b8e0gbellato
c4cdb34ae21ebbbc11586715cfa777fd2a75b8e0gbellato    /**
c4cdb34ae21ebbbc11586715cfa777fd2a75b8e0gbellato     *  Verify that this server is the correct host for the session and the session can be found(or recovered) locally.
c4cdb34ae21ebbbc11586715cfa777fd2a75b8e0gbellato     *  This function will become much simpler with removal of home servers, or possibly no longer be required.
df938720b09e4894f016a263c3465fd08bf8e001gbellato     */
df938720b09e4894f016a263c3465fd08bf8e001gbellato    private void verifyTargetSessionIsLocal(SessionRequest req, SessionID sid) throws SessionException,
9cb5b32bcc04eea45d4c1fb0e29ddc0dbe54a7b7gbellato            SessionRequestException, ForwardSessionRequestException {
9cb5b32bcc04eea45d4c1fb0e29ddc0dbe54a7b7gbellato        String hostServerID = sessionService.getCurrentHostServer(sid);
83aad4f28ba135315e791e2bca450c56d4026b37gbellato
6233fe152bf7580f7188109f9a3992712572aa94mrossign        if (!serverConfig.isLocalServer(hostServerID)) {
6233fe152bf7580f7188109f9a3992712572aa94mrossign            try {
eef6695bc3b88e10d60477095ebddd4b9499481fpgamba                throw new ForwardSessionRequestException(
eef6695bc3b88e10d60477095ebddd4b9499481fpgamba                        forward(SESSION_SERVICE_URL_SERVICE.getSessionServiceURL(hostServerID), req));
eef6695bc3b88e10d60477095ebddd4b9499481fpgamba            } catch (SessionException se) {
eef6695bc3b88e10d60477095ebddd4b9499481fpgamba                // attempt retry
4e346ef680b70ff86b0397d5bf797ac3593e682apgamba                if (!sessionService.checkServerUp(hostServerID)) {
fcedc930b58fc0ebac2b9d622b6f0a03dd6e5b1cludovicp                    // proceed with failover
fcedc930b58fc0ebac2b9d622b6f0a03dd6e5b1cludovicp                    String retryHostServerID = sessionService.getCurrentHostServer(sid);
fcedc930b58fc0ebac2b9d622b6f0a03dd6e5b1cludovicp                    if (retryHostServerID.equals(hostServerID)) {
d5af1880773b35da2da505be54be517b746e7410ludovicp                        throw se;
8a61390493c43e4d280bd33558f36682981f3790ludovicp                    } else {
aca8fb94414cb0e7cd21e6d0c205b95f9dc03500mrossign                        // we have a shot at retrying here
aca8fb94414cb0e7cd21e6d0c205b95f9dc03500mrossign                        // if it is remote, forward it
aca8fb94414cb0e7cd21e6d0c205b95f9dc03500mrossign                        // otherwise treat it as a case of local
aca8fb94414cb0e7cd21e6d0c205b95f9dc03500mrossign                        // case
aca8fb94414cb0e7cd21e6d0c205b95f9dc03500mrossign                        if (!serverConfig.isLocalServer(retryHostServerID)) {
aca8fb94414cb0e7cd21e6d0c205b95f9dc03500mrossign                            throw new ForwardSessionRequestException(
aca8fb94414cb0e7cd21e6d0c205b95f9dc03500mrossign                                    forward(SESSION_SERVICE_URL_SERVICE.getSessionServiceURL(hostServerID), req));
aca8fb94414cb0e7cd21e6d0c205b95f9dc03500mrossign                        }
aca8fb94414cb0e7cd21e6d0c205b95f9dc03500mrossign                    }
aca8fb94414cb0e7cd21e6d0c205b95f9dc03500mrossign                } else {
aca8fb94414cb0e7cd21e6d0c205b95f9dc03500mrossign                    throw se;
aca8fb94414cb0e7cd21e6d0c205b95f9dc03500mrossign                }
aca8fb94414cb0e7cd21e6d0c205b95f9dc03500mrossign            }
aca8fb94414cb0e7cd21e6d0c205b95f9dc03500mrossign        }
aca8fb94414cb0e7cd21e6d0c205b95f9dc03500mrossign
aca8fb94414cb0e7cd21e6d0c205b95f9dc03500mrossign        if (!sessionService.isSessionPresent(sid)) {
aca8fb94414cb0e7cd21e6d0c205b95f9dc03500mrossign            if (sessionService.recoverSession(sid) == null) {
aca8fb94414cb0e7cd21e6d0c205b95f9dc03500mrossign                throw new SessionRequestException(sid, SessionBundle.getString("sessionNotObtained"));
aca8fb94414cb0e7cd21e6d0c205b95f9dc03500mrossign            }
aca8fb94414cb0e7cd21e6d0c205b95f9dc03500mrossign        }
aca8fb94414cb0e7cd21e6d0c205b95f9dc03500mrossign    }
aca8fb94414cb0e7cd21e6d0c205b95f9dc03500mrossign
aca8fb94414cb0e7cd21e6d0c205b95f9dc03500mrossign    /**
aca8fb94414cb0e7cd21e6d0c205b95f9dc03500mrossign     * Request method-specific processing
aca8fb94414cb0e7cd21e6d0c205b95f9dc03500mrossign     */
aca8fb94414cb0e7cd21e6d0c205b95f9dc03500mrossign    private SessionResponse processMethod(SessionRequest req, Session requesterSession) throws SessionException {
aca8fb94414cb0e7cd21e6d0c205b95f9dc03500mrossign        SessionResponse res = new SessionResponse(req.getRequestID(), req.getMethodID());
aca8fb94414cb0e7cd21e6d0c205b95f9dc03500mrossign
aca8fb94414cb0e7cd21e6d0c205b95f9dc03500mrossign        switch (req.getMethodID()) {
aca8fb94414cb0e7cd21e6d0c205b95f9dc03500mrossign            case SessionRequest.GetSession:
aca8fb94414cb0e7cd21e6d0c205b95f9dc03500mrossign                try {
aca8fb94414cb0e7cd21e6d0c205b95f9dc03500mrossign                    if (statelessSessionFactory.containsJwt(requesterSession.getSessionID())) {
aca8fb94414cb0e7cd21e6d0c205b95f9dc03500mrossign                        // We need to validate the session before creating the sessioninfo to ensure that the
aca8fb94414cb0e7cd21e6d0c205b95f9dc03500mrossign                        // stateless session hasn't timed out yet, and hasn't  been blacklisted either.
aca8fb94414cb0e7cd21e6d0c205b95f9dc03500mrossign                        SSOTokenManager tokenManager = SSOTokenManager.getInstance();
aca8fb94414cb0e7cd21e6d0c205b95f9dc03500mrossign                        final SSOToken statelessToken = tokenManager.createSSOToken(req.getSessionID());
aca8fb94414cb0e7cd21e6d0c205b95f9dc03500mrossign                        if (!tokenManager.isValidToken(statelessToken)) {
85f6e15f35fa13ce5e3d0ed1716c8986b048745emrossign                            throw new SessionException(SessionBundle.getString("invalidSessionID")
c1c0b08b5ce89eacff706ff6785d88f5640e96bepgamba                                    + req.getSessionID());
c1c0b08b5ce89eacff706ff6785d88f5640e96bepgamba                        }
a1c9828e57e2182a61d9f36a4b6ec9f26ff26d75gbellato                    }
a1c9828e57e2182a61d9f36a4b6ec9f26ff26d75gbellato                    res.addSessionInfo(sessionService.getSessionInfo(requesterSession.getSessionID(), req.getResetFlag()));
88c08d96c418ba598fe4e7d09fed7f0d25fa3165mrossign                } catch (SSOException ssoe) {
88c08d96c418ba598fe4e7d09fed7f0d25fa3165mrossign                    return handleException(req, requesterSession.getSessionID(), SessionBundle.getString("invalidSessionID"));
88c08d96c418ba598fe4e7d09fed7f0d25fa3165mrossign                }
88c08d96c418ba598fe4e7d09fed7f0d25fa3165mrossign                break;
88c08d96c418ba598fe4e7d09fed7f0d25fa3165mrossign
88c08d96c418ba598fe4e7d09fed7f0d25fa3165mrossign            case SessionRequest.GetValidSessions:
88c08d96c418ba598fe4e7d09fed7f0d25fa3165mrossign                String pattern = req.getPattern();
88c08d96c418ba598fe4e7d09fed7f0d25fa3165mrossign                SearchResults<SessionInfo> infoSearchResults = sessionService.getValidSessions(requesterSession, pattern);
88c08d96c418ba598fe4e7d09fed7f0d25fa3165mrossign                res.setStatus(infoSearchResults.getErrorCode());
85f6e15f35fa13ce5e3d0ed1716c8986b048745emrossign                List<SessionInfo> sessionInfo = new ArrayList<>();
85f6e15f35fa13ce5e3d0ed1716c8986b048745emrossign                sessionInfo.addAll(infoSearchResults.getSearchResults());
85f6e15f35fa13ce5e3d0ed1716c8986b048745emrossign                res.setSessionInfo(sessionInfo);
85f6e15f35fa13ce5e3d0ed1716c8986b048745emrossign                break;
85f6e15f35fa13ce5e3d0ed1716c8986b048745emrossign
85f6e15f35fa13ce5e3d0ed1716c8986b048745emrossign            case SessionRequest.DestroySession:
85f6e15f35fa13ce5e3d0ed1716c8986b048745emrossign                sessionService.destroySession(requesterSession, new SessionID(req.getDestroySessionID()));
71cab92c05c90fc373c265102f8ae046f9f1a758pgamba                break;
9a7dc8e460da288a7cedfda8d5faf689f6c22215pgamba
71cab92c05c90fc373c265102f8ae046f9f1a758pgamba            case SessionRequest.Logout:
71cab92c05c90fc373c265102f8ae046f9f1a758pgamba                sessionService.logout(requesterSession.getSessionID());
96bb3124e0e186c4bb133b1ec62c188a5ba39201pgamba                break;
96bb3124e0e186c4bb133b1ec62c188a5ba39201pgamba
96bb3124e0e186c4bb133b1ec62c188a5ba39201pgamba            case SessionRequest.AddSessionListener:
4e346ef680b70ff86b0397d5bf797ac3593e682apgamba                sessionService.addSessionListener(requesterSession.getSessionID(), req.getNotificationURL());
4e346ef680b70ff86b0397d5bf797ac3593e682apgamba                break;
4e346ef680b70ff86b0397d5bf797ac3593e682apgamba
4e346ef680b70ff86b0397d5bf797ac3593e682apgamba            case SessionRequest.SetProperty:
4e346ef680b70ff86b0397d5bf797ac3593e682apgamba                sessionService.setExternalProperty(this.clientToken, requesterSession.getSessionID(), req.getPropertyName(), req.getPropertyValue());
4e346ef680b70ff86b0397d5bf797ac3593e682apgamba                break;
4d325b0e734b14038f641390866198852cb8a3dfludovicp
4d325b0e734b14038f641390866198852cb8a3dfludovicp            case SessionRequest.GetSessionCount:
4d325b0e734b14038f641390866198852cb8a3dfludovicp                String uuid = req.getUUID();
4d325b0e734b14038f641390866198852cb8a3dfludovicp                Object sessions = SessionCount.getSessionsFromLocalServer(uuid);
4d325b0e734b14038f641390866198852cb8a3dfludovicp
4d325b0e734b14038f641390866198852cb8a3dfludovicp                if (sessions != null) {
4d325b0e734b14038f641390866198852cb8a3dfludovicp                    res.setSessionsForGivenUUID((Map) sessions);
4d325b0e734b14038f641390866198852cb8a3dfludovicp                }
4d325b0e734b14038f641390866198852cb8a3dfludovicp
4d325b0e734b14038f641390866198852cb8a3dfludovicp                break;
4d325b0e734b14038f641390866198852cb8a3dfludovicp
4d325b0e734b14038f641390866198852cb8a3dfludovicp            default:
4d325b0e734b14038f641390866198852cb8a3dfludovicp                return handleException(req, requesterSession.getSessionID(), SessionBundle.getString("unknownRequestMethod"));
4d325b0e734b14038f641390866198852cb8a3dfludovicp        }
4d325b0e734b14038f641390866198852cb8a3dfludovicp        return res;
4d325b0e734b14038f641390866198852cb8a3dfludovicp    }
4d325b0e734b14038f641390866198852cb8a3dfludovicp
4d325b0e734b14038f641390866198852cb8a3dfludovicp    private void auditAccessAttempt(PLLAuditor auditor, Session session) {
4d325b0e734b14038f641390866198852cb8a3dfludovicp        try {
4d325b0e734b14038f641390866198852cb8a3dfludovicp            auditor.setUserId(session.getClientID());
4d325b0e734b14038f641390866198852cb8a3dfludovicp            auditor.setTrackingId(session.getProperty(Constants.AM_CTX_ID));
4d325b0e734b14038f641390866198852cb8a3dfludovicp            auditor.setRealm(session.getProperty(Constants.ORGANIZATION));
4d325b0e734b14038f641390866198852cb8a3dfludovicp        } catch (SessionException ignored) {
4d325b0e734b14038f641390866198852cb8a3dfludovicp            // Don't audit with session information.
4d325b0e734b14038f641390866198852cb8a3dfludovicp        }
4d325b0e734b14038f641390866198852cb8a3dfludovicp        auditor.auditAccessAttempt();
4d325b0e734b14038f641390866198852cb8a3dfludovicp    }
4d325b0e734b14038f641390866198852cb8a3dfludovicp
4d325b0e734b14038f641390866198852cb8a3dfludovicp    private SessionResponse forward(URL svcurl, SessionRequest sreq)
4d325b0e734b14038f641390866198852cb8a3dfludovicp            throws SessionException {
4d325b0e734b14038f641390866198852cb8a3dfludovicp        try {
bd6195724c9bc709dfeec54ad3717519726d3c86ludovicp            Object context = RestrictedTokenContext.getCurrent();
bd6195724c9bc709dfeec54ad3717519726d3c86ludovicp
8a61390493c43e4d280bd33558f36682981f3790ludovicp            if (context != null) {
7bfdea1bf45b6bcec4b0e02df8a8114893a6fc02ludovicp                sreq.setRequester(RestrictedTokenContext.marshal(context));
7bfdea1bf45b6bcec4b0e02df8a8114893a6fc02ludovicp            }
7bfdea1bf45b6bcec4b0e02df8a8114893a6fc02ludovicp
df880e8f097ecf074c379e7137f2672437ac858fmatthew            SessionResponse sres = sessionPLLSender.sendPLLRequest(svcurl, sreq);
df880e8f097ecf074c379e7137f2672437ac858fmatthew
afd6ce83f9ecfa7b375c1f72eb5f279bbd01568cmatthew            if (sres.getException() != null) {
afd6ce83f9ecfa7b375c1f72eb5f279bbd01568cmatthew                throw new SessionException(sres.getException());
afd6ce83f9ecfa7b375c1f72eb5f279bbd01568cmatthew            }
afd6ce83f9ecfa7b375c1f72eb5f279bbd01568cmatthew            return sres;
afd6ce83f9ecfa7b375c1f72eb5f279bbd01568cmatthew        } catch (SessionException se) {
afd6ce83f9ecfa7b375c1f72eb5f279bbd01568cmatthew            throw se;
afd6ce83f9ecfa7b375c1f72eb5f279bbd01568cmatthew        } catch (Exception ex) {
afd6ce83f9ecfa7b375c1f72eb5f279bbd01568cmatthew            throw new SessionException(ex);
afd6ce83f9ecfa7b375c1f72eb5f279bbd01568cmatthew        }
afd6ce83f9ecfa7b375c1f72eb5f279bbd01568cmatthew    }
afd6ce83f9ecfa7b375c1f72eb5f279bbd01568cmatthew
afd6ce83f9ecfa7b375c1f72eb5f279bbd01568cmatthew    /**
afd6ce83f9ecfa7b375c1f72eb5f279bbd01568cmatthew     * !!!!! IMPORTANT !!!!! DO NOT REMOVE "sid" FROM
afd6ce83f9ecfa7b375c1f72eb5f279bbd01568cmatthew     * EXCEPTIONMESSAGE Logic kludge in legacy Agent 2.0
afd6ce83f9ecfa7b375c1f72eb5f279bbd01568cmatthew     * code will break If it can not find SID value in
afd6ce83f9ecfa7b375c1f72eb5f279bbd01568cmatthew     * the exception message returned by Session
afd6ce83f9ecfa7b375c1f72eb5f279bbd01568cmatthew     * Service. This dependency should be eventually
afd6ce83f9ecfa7b375c1f72eb5f279bbd01568cmatthew     * removed once we migrate customers to a newer
afd6ce83f9ecfa7b375c1f72eb5f279bbd01568cmatthew     * agent code base or switch to a new version of
afd6ce83f9ecfa7b375c1f72eb5f279bbd01568cmatthew     * Session Service interface
afd6ce83f9ecfa7b375c1f72eb5f279bbd01568cmatthew     */
afd6ce83f9ecfa7b375c1f72eb5f279bbd01568cmatthew    private SessionResponse handleException(SessionRequest req, SessionID sid, String error) {
afd6ce83f9ecfa7b375c1f72eb5f279bbd01568cmatthew        SessionResponse response = new SessionResponse(req.getRequestID(), req.getMethodID());
afd6ce83f9ecfa7b375c1f72eb5f279bbd01568cmatthew        response.setException(sid + " " + error);
afd6ce83f9ecfa7b375c1f72eb5f279bbd01568cmatthew        return response;
afd6ce83f9ecfa7b375c1f72eb5f279bbd01568cmatthew    }
afd6ce83f9ecfa7b375c1f72eb5f279bbd01568cmatthew
afd6ce83f9ecfa7b375c1f72eb5f279bbd01568cmatthew    private class SessionRequestException extends Exception {
afd6ce83f9ecfa7b375c1f72eb5f279bbd01568cmatthew        private final SessionID sid;
afd6ce83f9ecfa7b375c1f72eb5f279bbd01568cmatthew        private final String responseMessage;
afd6ce83f9ecfa7b375c1f72eb5f279bbd01568cmatthew
afd6ce83f9ecfa7b375c1f72eb5f279bbd01568cmatthew        public SessionRequestException(SessionID sid, String responseMessage) {
afd6ce83f9ecfa7b375c1f72eb5f279bbd01568cmatthew
afd6ce83f9ecfa7b375c1f72eb5f279bbd01568cmatthew            this.sid = sid;
afd6ce83f9ecfa7b375c1f72eb5f279bbd01568cmatthew            this.responseMessage = responseMessage;
afd6ce83f9ecfa7b375c1f72eb5f279bbd01568cmatthew        }
afd6ce83f9ecfa7b375c1f72eb5f279bbd01568cmatthew
afd6ce83f9ecfa7b375c1f72eb5f279bbd01568cmatthew        public SessionID getSid() {
afd6ce83f9ecfa7b375c1f72eb5f279bbd01568cmatthew            return sid;
afd6ce83f9ecfa7b375c1f72eb5f279bbd01568cmatthew        }
afd6ce83f9ecfa7b375c1f72eb5f279bbd01568cmatthew
afd6ce83f9ecfa7b375c1f72eb5f279bbd01568cmatthew        public String getResponseMessage() {
afd6ce83f9ecfa7b375c1f72eb5f279bbd01568cmatthew            return responseMessage;
afd6ce83f9ecfa7b375c1f72eb5f279bbd01568cmatthew        }
afd6ce83f9ecfa7b375c1f72eb5f279bbd01568cmatthew    }
afd6ce83f9ecfa7b375c1f72eb5f279bbd01568cmatthew
afd6ce83f9ecfa7b375c1f72eb5f279bbd01568cmatthew    // This exception is not ideal, but will be removed when crosstalk is removed, and allows the code to better be
afd6ce83f9ecfa7b375c1f72eb5f279bbd01568cmatthew    // refactored at this point in time.
afd6ce83f9ecfa7b375c1f72eb5f279bbd01568cmatthew    private class ForwardSessionRequestException extends Exception {
afd6ce83f9ecfa7b375c1f72eb5f279bbd01568cmatthew
afd6ce83f9ecfa7b375c1f72eb5f279bbd01568cmatthew        private SessionResponse response;
afd6ce83f9ecfa7b375c1f72eb5f279bbd01568cmatthew
afd6ce83f9ecfa7b375c1f72eb5f279bbd01568cmatthew        public ForwardSessionRequestException(SessionResponse response) {
afd6ce83f9ecfa7b375c1f72eb5f279bbd01568cmatthew
afd6ce83f9ecfa7b375c1f72eb5f279bbd01568cmatthew            this.response = response;
afd6ce83f9ecfa7b375c1f72eb5f279bbd01568cmatthew        }
afd6ce83f9ecfa7b375c1f72eb5f279bbd01568cmatthew
afd6ce83f9ecfa7b375c1f72eb5f279bbd01568cmatthew        public SessionResponse getResponse() {
afd6ce83f9ecfa7b375c1f72eb5f279bbd01568cmatthew            return response;
afd6ce83f9ecfa7b375c1f72eb5f279bbd01568cmatthew        }
afd6ce83f9ecfa7b375c1f72eb5f279bbd01568cmatthew    }
afd6ce83f9ecfa7b375c1f72eb5f279bbd01568cmatthew}
afd6ce83f9ecfa7b375c1f72eb5f279bbd01568cmatthew