SessionService.java revision c184142912cff04e5442d8bf70febe477285fb1c
/*
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
*
* Copyright (c) 2005 Sun Microsystems Inc. All Rights Reserved
*
* The contents of this file are subject to the terms
* of the Common Development and Distribution License
* (the License). You may not use this file except in
* compliance with the License.
*
* You can obtain a copy of the License at
* See the License for the specific language governing
* permission and limitations under the License.
*
* When distributing Covered Code, include this CDDL
* Header Notice in each file and include the License file
* at opensso/legal/CDDLv1.0.txt.
* If applicable, add the following below the CDDL Header,
* with the fields enclosed by brackets [] replaced by
* your own identifying information:
* "Portions Copyrighted [year] [name of copyright owner]"
*
* $Id: SessionService.java,v 1.37 2010/02/03 03:52:54 bina Exp $
*
* Portions Copyrighted 2010-2016 ForgeRock AS.
*/
/**
* This class represents a Session Service.
*/
public class SessionService {
/**
* Service name for NotificationSets.
*/
private final Debug sessionDebug;
private final SessionServiceConfig serviceConfig;
private final SessionServerConfig serverConfig;
private final SSOTokenManager ssoTokenManager;
private final DsameAdminTokenProvider dsameAdminTokenProvider;
private final MonitoringOperations monitoringOperations;
private final SessionLogging sessionLogging;
private final SessionAuditor sessionAuditor;
private final InternalSessionFactory internalSessionFactory;
private final SessionNotificationSender sessionNotificationSender;
private final ExecutorService executorService = Executors.newCachedThreadPool(); // TODO: Inject from Guice
private final SessionOperationStrategy sessionOperationStrategy;
private final SessionAccessManager sessionAccessManager;
private final ForeignSessionHandler foreignSessionHandler;
private final SessionChangeAuthorizer sessionChangeAuthorizer;
private final ServicesClusterMonitorHandler servicesClusterMonitorHandler;
/**
* Private Singleton Session Service.
*/
private SessionService(
final SSOTokenManager ssoTokenManager,
final SessionServerConfig serverConfig,
final SessionLogging sessionLogging,
final SessionAuditor sessionAuditor,
this.sessionDebug = sessionDebug;
this.ssoTokenManager = ssoTokenManager;
this.serverConfig = serverConfig;
this.serviceConfig = serviceConfig;
this.sessionLogging = sessionLogging;
this.sessionAuditor = sessionAuditor;
try {
maxSessionStats = new SessionMaxStats(
} else {
}
}
}
/**
* Returns the restricted token
*
* @param masterSid master session id
* @param restriction TokenRestriction Object
* @return restricted token id
* @throws SessionException
*/
public String getRestrictedTokenId(String masterSid, TokenRestriction restriction) throws SessionException {
return sessionOperationStrategy.getOperation(sessionID).getRestrictedTokenId(sessionID, restriction);
}
}
/**
* Removes the Internal Session from the Internal Session table.
*
* @param sessionId Session ID
*/
return null;
}
}
/**
* Understands how to resolve a Token based on its SessionID.
*
* Stateless Sessions by their very nature do not need to be stored in memory, and so
* can be resolved in a different way to Stateful Sessions.
*
* @param sessionID Non null Session ID.
*
* @return Null if no matching Session could be found, otherwise a non null
* Session instance.
*
* @throws SessionException If there was an error resolving the Session.
*/
}
/**
* Destroy a Internal Session, depending on the value of the user's permissions.
* Performs no action if the sessionID cannot be matched.
*
* @param requester The requesting Session.
* @param sessionToDestroy The session to destroy.
* @throws SessionException If the user has insufficient permissions.
*/
if (sessionToDestroy == null) {
return;
}
sessionOperationStrategy.getOperation(sessionToDestroy).destroy(requester, resolveSession(sessionToDestroy));
}
/**
* Destroy a Internal Session, whose session id has been specified.
*
* @param sessionID The id of the session to destroy.
*/
}
}
/**
* Destroy a Internal Session, whose session id has been specified.
*
* @param sessionID
*/
InternalSession authenticationSession = InjectorHolder.getInstance(AuthenticationSessionStore.class).removeSession(sessionID);
if (authenticationSession == null) {
}
}
}
/**
* Checks whether current session should be considered local (so that local
* invocations of SessionService methods are to be used) and if local and
* Session Failover is enabled will recover the Session if the Session is
* not found locally.
*
* @return a boolean
*/
}
/**
* Returns the Internal Session corresponding to a Session ID.
*
* @param sessionId Session Id
*/
public InternalSession getInternalSession(SessionID sessionId) { // TODO Used to recover authentication session by AuthD
return null;
}
// check if sid is actually a handle return null (in order to prevent from assuming recovery case)
if (sessionId.isSessionHandle()) {
return null;
}
}
/**
* Get all valid Internal Sessions.
*/
synchronized (sessionAccessManager) {
}
}
return sessions;
}
}
/**
* Get all valid Internal Sessions matched with pattern.
*/
throws SessionException {
pattern = "*";
}
try {
long startTime = currentTimeMillis();
if (!matchAll) {
// For application sessions, the client ID
// will not be in the DN format but just uid.
sess.getClientID();
continue;
} else {
}
continue;
}
}
break;
}
if ((currentTimeMillis() - startTime) >=
break;
}
}
} catch (Exception e) {
+ "Unable to get Session Information ", e);
throw new SessionException(e);
}
}
/**
* Returns true if the given pattern is contained in the string.
*
* @param string to examine
* @param pattern to match
* @return true if string matches <code>filter</code>
*/
return true;
}
if (wildCardIndex >= 0) {
return false;
}
int stringIndex = 0;
if (wildCardIndex > 0) {
}
return false;
}
}
return true;
}
}
return false;
}
/**
* Simplifies the signalling that a Session has been removed.
* @param session Non null InternalSession.
* @param event An integrate from the SessionEvent class.
*/
}
/**
* Decrements number of active sessions
*/
public void decrementActiveSessions() {
}
/**
* Increments number of active sessions
*/
public void incrementActiveSessions() {
}
// The following methods are corresponding to the session requests
// defined in the Session DTD. Those methods are being called
// in SessionRequestHandler class
/**
* Returns the Session information.
*
* @param sid
* @param reset
* @throws SessionException
*/
}
/**
* Gets all valid Internal Sessions, depending on the value of the user's
* preferences.
*
* @param s
* @throws SessionException
*/
public SearchResults<SessionInfo> getValidSessions(Session s, String pattern) throws SessionException {
throw new SessionException(SessionBundle
.getString("invalidSessionState")
}
try {
}
Collection<InternalSession> sessionsWithPermission = sessionChangeAuthorizer.filterPermissionToAccess(
// replace session id with session handle to prevent impersonation
}
} catch (Exception e) {
throw new SessionException(e);
}
}
/**
* Logout the user.
*
* @param session
* @throws SessionException
*/
}
/**
* Adds listener to a Internal Sessions.
*
* @param sessionId Session ID
* @param url
* @throws SessionException Session is null OR the Session is invalid
*/
}
/**
* Returns current Notification queue size.
*/
public int getNotificationQueueSize() {
}
/**
* Sends the Internal Session event to the SessionNotificationSender.
*
* @param internalSession Internal Session.
* @param eventType Event Type.
*/
}
/**
* Given a restricted token, returns the SSOTokenID of the master token
* can only be used if the requester is an app token
*
* @param session Must be an app token
* @param restrictedID The SSOTokenID of the restricted token
* @return The SSOTokenID string of the master token
* @throws SSOException If the master token cannot be dereferenced
*/
return sessionOperationStrategy.getOperation(session.getSessionID()).deferenceRestrictedID(session, sessionId);
}
/**
* Sets external property in the Internal Session as long as it is not
* protected
*
* @param clientToken - Token of the client setting external property.
* @param sessionId
* @param name
* @param value
* @throws SessionException
*/
throws SessionException {
sessionOperationStrategy.getOperation(sessionId).setExternalProperty(clientToken, sessionId, name, value);
}
/**
* This is a key method for "internal request routing" mode It determines
* the server id which is currently hosting session identified by sid. In
* "internal request routing" mode, this method also has a side effect of
* releasing a session which no longer "belongs locally" (e.g., due to
* primary server instance restart)
*
* @param sessionId session id
* @return server id for the server instance determined to be the current
* host
* @throws SessionException
*/
}
/**
* Actively check if server identified by serverID is up
*
* @param serverID server id
* @return true if server is up, false otherwise
*/
}
/**
* Indicates that the Site is up.
*
* @param siteId A possibly null Site Id.
* @return True if the Site is up, False if it failed to respond to a query.
*/
}
/**
* This method will execute all the globally set session timeout handlers
* with the corresponding timeout event simultaneously.
*
* @param sessionId The timed out sessions ID
* @param changeType Type of the timeout event: IDLE_TIMEOUT (1) or MAX_TIMEOUT (2)
*/
// Take snapshot of reference to ensure atomicity.
try {
public void run() {
try {
SessionTimeoutHandler.class).newInstance();
switch (changeType) {
case SessionEvent.IDLE_TIMEOUT:
break;
case SessionEvent.MAX_TIMEOUT:
break;
}
if (Thread.interrupted()
|| ex instanceof InterruptedException
|| ex instanceof InterruptedIOException) {
} else {
}
} finally {
}
}
};
}
// Wait 1000ms for all handlers to complete.
try {
} catch (InterruptedException ignored) {
// This should never happen: we can't handle it here, so propagate it.
}
// It doesn't matter really if the future completes between isDone and cancel.
}
}
} catch (SSOException ssoe) {
}
}
}
/**
* Returns true if the user is super user
*
* @param uuid the uuid of the login user
*/
boolean isSuperUser = false;
try {
// Get the AMIdentity Object for super user
adminUserId = new AMIdentity(dsameAdminTokenProvider.getAdminToken(), adminUser, IdType.USER, "/", null);
}
//Get the AMIdentity Object for login user
//Check for the equality
} catch (SSOException ssoe) {
} catch (IdRepoException idme) {
}
if (sessionDebug.messageEnabled()) {
}
return isSuperUser;
}
/**
* This method is the "server side" of the getRestrictedTokenIdRemotely()
*
* @param masterSid SessionID
* @param restriction restriction
*/
try {
return sessionOperationStrategy.getOperation(masterSid).getRestrictedTokenId(masterSid, restriction);
}
return null;
}
/**
* Returns true if the URL is the URL of the local session service.
*
* @param svcurl the url to check
* @return true if the url represents the local session service.
*/
}
/**
* Determines if the Maximum umber of active sessions has been reached.
* @return true if the maximum number of sessions has ben reached.
*/
public boolean hasExceededMaxSessions() {
}
/**
* Gets the AM Server ID.
* @return the AM Server Id or null if WebtopNaming was unable to detmin the ID of this server.
*/
public static String getAMServerID() {
try {
return WebtopNaming.getAMServerID();
return null;
}
}
}