SessionRequestHandler.java revision 8af80418ba1ec431c8027fa9668e5678658d3611
/**
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
*
* Copyright (c) 2005 Sun Microsystems Inc. All Rights Reserved
*
* The contents of this file are subject to the terms
* of the Common Development and Distribution License
* (the License). You may not use this file except in
* compliance with the License.
*
* You can obtain a copy of the License at
* See the License for the specific language governing
* permission and limitations under the License.
*
* When distributing Covered Code, include this CDDL
* Header Notice in each file and include the License file
* at opensso/legal/CDDLv1.0.txt.
* If applicable, add the following below the CDDL Header,
* with the fields enclosed by brackets [] replaced by
* your own identifying information:
* "Portions Copyrighted [year] [name of copyright owner]"
*
* $Id: SessionRequestHandler.java,v 1.9 2009/04/02 04:11:44 ericow Exp $
*
*/
/*
* Portions Copyrighted 2011 ForgeRock AS
*/
public class SessionRequestHandler implements RequestHandler {
/*
* Added this property to block registration of the global notification
* listener (AddListenerOnAllSessions);
*/
public SessionRequestHandler() {
}
}
return rset;
}
try {
// use remote client IP as default RestrictedToken context
this.clientToken = null;
try {
"appTokenInvalid") + requester);
}
}
"SessionRequestHandler.processRequest:"
+ "app token invalid, sending Session response"
+" with Exception");
}
"appTokenInvalid") + requester);
}
}
new RestrictedTokenAction() {
httpResp);
}
});
"SessionRequestHandler encounterd exception", ex);
}
}
.getMethodID());
try {
/* common processing by groups of methods */
switch (req.getMethodID()) {
/*
* in this group of methods the request is targeting either all
* LOCAL sessions or a single local session identified by another
* request parameter sid in this case is only used to authenticate
* the operation Session pointed by sid is not expected to be local
* to this server (although it might)
*/
/*
* note that the purpose of the following is just to check the
* authentication of the caller (which can also be used as a
* filter for the operation scope!)
*/
/*
* also check that sid is not a restricted token
*/
return res;
}
break;
/*
* In this group request is targeting a single session identified by
* sid which is supposed to be hosted by this server instance sid is
* used both as an id of a session and to authenticate the operation
* (performed on own session)
*/
case SessionRequest.GetSession:
case SessionRequest.Logout:
case SessionRequest.SetProperty:
case SessionRequest.DestroySession:
/*
* note that the purpose of the following is just to check
* the authentication of the caller (which can also be used
* as a filter for the operation scope!)
*/
/*
* also check that sid is not a restricted token
*/
return res;
}
/*
* This fix is to avoid clients sneaking in to set
* protected properties in server-2 or so through
* server-1. Short circuit this operation without
* forwrading it further.
*/
try {
req.getPropertyValue());
} catch (SessionException se) {
"SessionRequestHandler.processRequest:"
+ "Client does not have permission to set"
}
return res;
}
}
if (!sessionService.isSessionFailoverEnabled()) {
// TODO check how this behaves in non-session failover case
if (!sessionService.isSiteEnabled()) {
throw new SessionException("invalid session id");
}
}
} else {
}
}
} else {
// first try
try {
} catch (SessionException se) {
// attempt retry
// proceed with failover
throw se;
} else {
// we have a shot at retrying here
// if it is remote, forward it
// otherwise treat it as a case of local
// case
}
}
} else {
throw se;
}
}
}
} else {
// use LB-dependent routing
// if session is not found at this instance we check that both OpenSSO session and
// HTTP session cookies were enclosed in the request. If they were then LB must have
// routed to the proper server instance and we must treat it as a session recovery
// case. If any of the cookies missing or do not match the sid in the message we
// assume that request was misrouted and correct it by forwarding via LB with all
// cookies enclosed
CookieUtils.getCookieValueFromReq(servletRequest, SessionService.getHttpSessionTrackingCookieName());
&& (isSessionCookie == null
|| httpCookie == null
}
}
/*
* We determined that this server is the host and the
* session must be found(or recovered) locally
*/
/*
* if session is not already present locally attempt to
* recover session if in failover mode
*/
/*
* if not in failover mode or recovery was not
* successful return an exception
*/
/*
* !!!!! IMPORTANT !!!!! DO NOT REMOVE "sid" FROM
* EXCEPTIONMESSAGE Logic kludge in legacy Agent 2.0
* code will break If it can not find SID value in
* the exception message returned by Session
* Service. This dependency should be eventually
* removed once we migrate customers to a newer
* agent code base or switch to a new version of
* Session Service interface
*/
return res;
}
}
}
break;
default:
return res;
}
/*
* request method-specific processing
*/
switch (req.getMethodID()) {
case SessionRequest.GetSession:
break;
int status[] = { 0 };
break;
case SessionRequest.DestroySession:
break;
case SessionRequest.Logout:
break;
break;
/**
* Cookie Hijacking fix to disable adding of Notification
* Listener for ALL the sessions over the network to the server
* instance specified by Notification URL This property can be
* added and set in the AMConfig.properties file should there be
* a need to add Notification Listener to ALL the sessions. The
* default value of this property is FALSE
*/
if (getEnableAddListenerOnAllSessions()) {
}
break;
case SessionRequest.SetProperty:
break;
}
break;
default:
break;
}
} catch (SessionException se) {
}
return res;
}
throws SessionException {
try {
}
}
return sres;
} catch (SessionException se) {
throw se;
throw new SessionException(ex);
}
}
private static boolean getEnableAddListenerOnAllSessions() {
if (enableAddListenerOnAllSessions == null) {
}
return enableAddListenerOnAllSessions.booleanValue();
}
}