SessionService.java revision cc7c18212481f5e9ee508afe2ffcaecb6b9330f5
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * Copyright (c) 2005 Sun Microsystems Inc. All Rights Reserved
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * The contents of this file are subject to the terms
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * of the Common Development and Distribution License
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * (the License). You may not use this file except in
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * compliance with the License.
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * You can obtain a copy of the License at
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * https://opensso.dev.java.net/public/CDDLv1.0.html or
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * See the License for the specific language governing
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * permission and limitations under the License.
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * When distributing Covered Code, include this CDDL
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * Header Notice in each file and include the License file
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * If applicable, add the following below the CDDL Header,
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * with the fields enclosed by brackets [] replaced by
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * your own identifying information:
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * "Portions Copyrighted [year] [name of copyright owner]"
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * $Id: SessionService.java,v 1.37 2010/02/03 03:52:54 bina Exp $
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * Portions Copyrighted 2010-2014 ForgeRock AS.
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Fosterimport com.iplanet.dpro.session.SessionException;
9c1ec205dd4a7c6a5a2b06fa7385cf5b33274208Neil Maddenimport com.iplanet.dpro.session.SessionNotificationHandler;
9c1ec205dd4a7c6a5a2b06fa7385cf5b33274208Neil Maddenimport com.iplanet.dpro.session.TokenRestriction;
9c1ec205dd4a7c6a5a2b06fa7385cf5b33274208Neil Maddenimport com.iplanet.dpro.session.TokenRestrictionFactory;
9c1ec205dd4a7c6a5a2b06fa7385cf5b33274208Neil Maddenimport com.iplanet.dpro.session.share.SessionBundle;
9c1ec205dd4a7c6a5a2b06fa7385cf5b33274208Neil Maddenimport com.iplanet.dpro.session.share.SessionInfo;
9c1ec205dd4a7c6a5a2b06fa7385cf5b33274208Neil Maddenimport com.iplanet.dpro.session.share.SessionNotification;
9c1ec205dd4a7c6a5a2b06fa7385cf5b33274208Neil Maddenimport com.iplanet.dpro.session.utils.SessionInfoFactory;
9c1ec205dd4a7c6a5a2b06fa7385cf5b33274208Neil Maddenimport com.iplanet.services.comm.server.PLLServer;
9c1ec205dd4a7c6a5a2b06fa7385cf5b33274208Neil Maddenimport com.iplanet.services.comm.share.Notification;
9c1ec205dd4a7c6a5a2b06fa7385cf5b33274208Neil Maddenimport com.iplanet.services.comm.share.NotificationSet;
9c1ec205dd4a7c6a5a2b06fa7385cf5b33274208Neil Maddenimport com.sun.identity.authentication.internal.AuthPrincipal;
9c1ec205dd4a7c6a5a2b06fa7385cf5b33274208Neil Maddenimport com.sun.identity.common.HttpURLConnectionManager;
9c1ec205dd4a7c6a5a2b06fa7385cf5b33274208Neil Maddenimport com.sun.identity.common.configuration.ServerConfiguration;
9c1ec205dd4a7c6a5a2b06fa7385cf5b33274208Neil Maddenimport com.sun.identity.common.configuration.SiteConfiguration;
9c1ec205dd4a7c6a5a2b06fa7385cf5b33274208Neil Maddenimport com.sun.identity.delegation.DelegationEvaluator;
9c1ec205dd4a7c6a5a2b06fa7385cf5b33274208Neil Maddenimport com.sun.identity.delegation.DelegationException;
9c1ec205dd4a7c6a5a2b06fa7385cf5b33274208Neil Maddenimport com.sun.identity.delegation.DelegationPermission;
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Fosterimport com.sun.identity.log.messageid.LogMessageProvider;
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Fosterimport com.sun.identity.log.messageid.MessageProviderFactory;
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Fosterimport com.sun.identity.monitoring.MonitoringUtil;
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Fosterimport com.sun.identity.monitoring.SsoServerSessSvcImpl;
9c1ec205dd4a7c6a5a2b06fa7385cf5b33274208Neil Maddenimport com.sun.identity.security.AdminPasswordAction;
564945e59b60a40c3b9458177b2ff63e2947686cPeter Majorimport com.sun.identity.security.AdminTokenAction;
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Fosterimport com.sun.identity.session.util.RestrictedTokenContext;
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Fosterimport com.sun.identity.shared.datastruct.CollectionHelper;
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Fosterimport com.sun.identity.shared.encode.URLEncDec;
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Fosterimport com.sun.identity.sm.ServiceConfigManager;
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Fosterimport com.sun.identity.sm.ServiceSchemaManager;
9c1ec205dd4a7c6a5a2b06fa7385cf5b33274208Neil Maddenimport org.forgerock.openam.cts.CTSPersistentStore;
564945e59b60a40c3b9458177b2ff63e2947686cPeter Majorimport org.forgerock.openam.cts.adapters.SessionAdapter;
564945e59b60a40c3b9458177b2ff63e2947686cPeter Majorimport org.forgerock.openam.cts.api.CoreTokenConstants;
564945e59b60a40c3b9458177b2ff63e2947686cPeter Majorimport org.forgerock.openam.cts.api.tokens.Token;
564945e59b60a40c3b9458177b2ff63e2947686cPeter Majorimport org.forgerock.openam.cts.api.tokens.TokenIdFactory;
9c1ec205dd4a7c6a5a2b06fa7385cf5b33274208Neil Maddenimport org.forgerock.openam.cts.exceptions.CoreTokenException;
9c1ec205dd4a7c6a5a2b06fa7385cf5b33274208Neil Maddenimport org.forgerock.openam.session.service.SessionTimeoutHandler;
9c1ec205dd4a7c6a5a2b06fa7385cf5b33274208Neil Maddenimport org.forgerock.util.thread.listener.ShutdownListener;
9c1ec205dd4a7c6a5a2b06fa7385cf5b33274208Neil Maddenimport org.forgerock.util.thread.listener.ShutdownManager;
9c1ec205dd4a7c6a5a2b06fa7385cf5b33274208Neil Madden * This class represents a Session Service
564945e59b60a40c3b9458177b2ff63e2947686cPeter Major * Session Service Thread Pool for Session
564945e59b60a40c3b9458177b2ff63e2947686cPeter Major * Handler Tasks.
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * Our Session Service Singleton Service Implementation Instance.
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster private static volatile SessionService sessionService = null;
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * AM Session Repository for Session Persistence.
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster private static volatile CTSPersistentStore coreTokenService = null;
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * SSO Token Manager Instance Reference.
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster private static String dsameAdminPassword = null;
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster private static SessionMaxStats maxSessionStats;
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster private static boolean logStatus = false;
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster private static final String amSSOErrorLogFile = "amSSO.error";
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster private static final String amSSOLogFile = "amSSO.access";
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster private static LogMessageProvider logProvider = null;
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster public static final String SHANDLE_SCHEME_PREFIX = "shandle:";
23e304384f98fca4ab2e6f9f07a53465c1bfc645Peter Major private static final String amSessionService = "iPlanetAMSessionService";
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster private static final String httpSessionTrackingCookieName =
23e304384f98fca4ab2e6f9f07a53465c1bfc645Peter Major Constants.AM_SESSION_HTTP_SESSION_TRACKING_COOKIE_NAME,
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster "JSESSIONID");
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster private static boolean cookieEncoding =
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster (SystemProperties.get(Constants.AM_COOKIE_ENCODE) != null) &&
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster (SystemProperties.get(Constants.AM_COOKIE_ENCODE)
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster private static final String sunAppServerLBRoutingCookieName =
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster "com.iplanet.am.session.failover.sunAppServerLBRoutingCookieName",
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster private static final String httpSessionPropertyName =
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster "DSAMEInternalSession";
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster private static final String httpSessionOwnerListPropertyName =
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster "DSAMEInternalSession.ownerList";
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster private static final int DEFAULT_POOL_SIZE = 10;
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster private static final int DEFAULT_THRESHOLD = DEFAULT_POOL_SIZE * 10;
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster protected static final String securityCookieName = "DSAMESecurityCookie";
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster protected static final String defaultApplicationMaxCachingTime = String
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster protected static final long applicationMaxCachingTime = Long.valueOf(
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster Constants.APPLICATION_SESSION_MAX_CACHING_TIME,
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster defaultApplicationMaxCachingTime)).longValue();
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster // Session Constraints specific properties
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster private static final String SESSION_CONSTRAINT =
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster "iplanet-am-session-enable-session-constraint";
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster private static final String DENY_LOGIN_IF_DB_IS_DOWN =
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster "iplanet-am-session-deny-login-if-db-is-down";
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster private static final String MAX_WAIT_TIME_FOR_CONSTARINT =
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster "iplanet-am-session-constraint-max-wait-time";
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster private static final String CONSTRAINT_HANDLER =
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster "iplanet-am-session-constraint-handler";
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster private static final String SESSION_REPOSITORY_TYPE =
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster "iplanet-am-session-sfo-store-type";
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster // constants for permissions
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster private static final String PERMISSION_READ = "READ";
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster private static final String PERMISSION_MODIFY = "MODIFY";
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster private static final String PERMISSION_DELEGATE = "DELEGATE";
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster private static String sessionStoreUserName = null;
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster private static String sessionStorePassword = null;
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster private static HashMap clusterMemberMap = new HashMap();
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster private static int connectionMaxWaitTime = 5000; // in milli-seconds
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster private static String sessionExternalRepositoryURL = null;
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster private static int maxWaitTimeForConstraint = 6000; // in milli-seconds
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster private static boolean isPropertyNotificationEnabled = false;
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster protected static volatile Set<String> timeoutHandlers;
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster private static ExecutorService executorService = Executors.newCachedThreadPool();
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * This token is used to satisfy the admin interfaces
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster protected static boolean returnAppSession = Boolean
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster SystemProperties.get(Constants.SESSION_RETURN_APP_SESSION,
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster public static final String SESSION_SERVICE = "session";
3541688024dba67a647e29de859a327fc1018b05Andrew Forrest private static SecureRandom secureRandom = null;
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster private static Hashtable<SessionID, InternalSession> sessionTable = null;
3541688024dba67a647e29de859a327fc1018b05Andrew Forrest private static final Hashtable<String, InternalSession> sessionHandleTable = new Hashtable<String, InternalSession>();
3541688024dba67a647e29de859a327fc1018b05Andrew Forrest private static Map<SessionID, SessionID> restrictedTokenMap =
3541688024dba67a647e29de859a327fc1018b05Andrew Forrest Collections.synchronizedMap(new HashMap<SessionID, SessionID>());
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster public static String deploymentURI = SystemProperties
3541688024dba67a647e29de859a327fc1018b05Andrew Forrest .get(Constants.AM_SERVICES_DEPLOYMENT_DESCRIPTOR);
3541688024dba67a647e29de859a327fc1018b05Andrew Forrest // used for session trimming
3541688024dba67a647e29de859a327fc1018b05Andrew Forrest private static boolean isSessionTrimmingEnabled = false;
3541688024dba67a647e29de859a327fc1018b05Andrew Forrest /* the following group of members are for session constraints */
3541688024dba67a647e29de859a327fc1018b05Andrew Forrest private static boolean isSessionConstraintEnabled = false;
3541688024dba67a647e29de859a327fc1018b05Andrew Forrest private static boolean denyLoginIfDBIsDown = false;
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster SessionConstraint.DESTROY_OLDEST_SESSION_CLASS;
3541688024dba67a647e29de859a327fc1018b05Andrew Forrest private static String thisSessionServerPortAsString;
3541688024dba67a647e29de859a327fc1018b05Andrew Forrest private static int thisSessionServerPort;
3541688024dba67a647e29de859a327fc1018b05Andrew Forrest private static String thisSessionServerProtocol;
3541688024dba67a647e29de859a327fc1018b05Andrew Forrest // Must be True to permit Session Failover HA to be available.
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster private static boolean useRemoteSaveMethod = Boolean.valueOf(
3541688024dba67a647e29de859a327fc1018b05Andrew Forrest .get(Constants.AM_SESSION_FAILOVER_USE_REMOTE_SAVE_METHOD,
3541688024dba67a647e29de859a327fc1018b05Andrew Forrest // Must be True to permit Session Failover HA to be available.
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster private static boolean useInternalRequestRouting = Boolean.valueOf(
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster Constants.AM_SESSION_FAILOVER_USE_INTERNAL_REQUEST_ROUTING,
3541688024dba67a647e29de859a327fc1018b05Andrew Forrest // Must be True to permit Session Failover HA to be available,
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster // but we default this to Disabled or Off for Now.
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster private static boolean isSessionFailoverEnabled = Boolean.valueOf(
3541688024dba67a647e29de859a327fc1018b05Andrew Forrest * Indicates whether to use crosstalk or session persistence to resolve remote sessions. Always true when session
3541688024dba67a647e29de859a327fc1018b05Andrew Forrest * persistence/SFO is disabled.
3541688024dba67a647e29de859a327fc1018b05Andrew Forrest private static volatile boolean isReducedCrosstalkEnabled = true;
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * The number of minutes to retain {@link Session} objects in DESTROYED state while waiting
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * for delete replication to occur if reduced cross-talk is enabled.
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster private static volatile long reducedCrosstalkPurgeDelay = 5;
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * Indicates what broadcast to undertake on session logout/destroy
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster private static volatile SessionBroadcastMode logoutDestroyBroadcast = SessionBroadcastMode.OFF;
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster // Must be True to permit Session Failover HA to be available.
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster private static boolean isSiteEnabled = false; // If this is set to True and no Site is found, issues will arise
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster // Trying to resolve the serverID and will hang install and subsequent login attempts.
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * The following InternalSession is for the Authentication Service to use
23e304384f98fca4ab2e6f9f07a53465c1bfc645Peter Major * Profile API to fetch user profile.
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster private static InternalSession authSession = null;
23e304384f98fca4ab2e6f9f07a53465c1bfc645Peter Major * The URL Vector for ALL session events : SESSION_CREATION, IDLE_TIMEOUT,
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * MAX_TIMEOUT, LOGOUT, REACTIVATION, DESTROY.
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster private static Vector sessionEventURLs = new Vector();
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster private static ClusterStateService clusterStateService = null;
23e304384f98fca4ab2e6f9f07a53465c1bfc645Peter Major * Static initialisation section will be called the first time the SessionService is initailised.
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * Note: This function depends on the singleton pattern that the SessionService follows.
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster private static void initialiseStatic() {
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster sessionDebug = Debug.getInstance(SessionConstants.SESSION_DEBUG);
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster stats = Stats.getInstance("amMasterSessionTableStats");
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster // Notification Thread Pool Size
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster "SessionService.<init>: incorrect thread pool size" + size +
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster // Notification Thread Pool Threshold
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster "SessionService.<init>: incorrect thread threshold" + thres
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster // Establish Shutdown Manager.
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster ShutdownManager shutdownMan = com.sun.identity.common.ShutdownManager.getInstance();
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster threadPool = new ThreadPool("amSession", poolSize, threshold, true,
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster public void shutdown() {
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster maxSessions = Integer.parseInt(SystemProperties
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster String status = SystemProperties.get(Constants.AM_LOGSTATUS);
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * Returns Session Service. If a Session Service already exists then it
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * returns the existing one. Else it creates a new one and returns.
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster public static SessionService getSessionService() {
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster synchronized (SessionService.class) {
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster } // End of synchronized Block.
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * Returns the name of the cookie/URL parameter used by J2EE container for
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * session tracking (currently hardcoded to "JSESSIONID")
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster public static String getHttpSessionTrackingCookieName() {
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * Returns the Internal Session used by the Auth Services.
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * @param domain Authentication Domain
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * @param httpSession HttpSession
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster public Session getAuthenticationSession(String domain,
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster // Create a special InternalSession for Authentication Service
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster authSession = getServiceSession(domain, httpSession);
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster sessionDebug.error("Error creating service session", e);
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * Returns the restricted token
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * @param masterSid master session id
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * @param restriction TokenRestriction Object
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * @return restricted token id
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * @throws SessionException
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster public String getRestrictedTokenId(String masterSid,
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster TokenRestriction restriction) throws SessionException {
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster // we need to accommodate session failover situation
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster if (SessionService.getUseInternalRequestRouting()) {
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster // first try
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster String hostServerID = getCurrentHostServer(sid);
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster if (!sessionService.checkServerUp(hostServerID)) {
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster String token = getRestrictedTokenIdRemotely(Session
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster // TODO consider one retry attempt
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster return doGetRestrictedTokenId(sid, restriction);
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * This method is expected to only be called for local sessions
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster String doGetRestrictedTokenId(SessionID masterSid,
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster TokenRestriction restriction) throws SessionException {
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster // locate master session
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster InternalSession session = sessionTable.get(masterSid);
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster session = sessionService.recoverSession(masterSid);
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster sessionInfoFactory.validateSession(session, masterSid);
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster // attempt to reuse the token if restriction is the same
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster SessionID restrictedSid = session.getRestrictedTokenForRestriction(restriction);
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster restrictedSid = new SessionID(SessionID.makeRelatedSessionID(generateEncryptedID(), session.getID()));
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster SessionID previousValue = session.addRestrictedToken(restrictedSid, restriction);
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster restrictedTokenMap.put(restrictedSid, session.getID());
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * Returns the Internal Session which can be used by services
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * @param domain Authentication Domain
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * @param httpSession HttpSession
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster private InternalSession getServiceSession(String domain,
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster // Create a special InternalSession which can be used as
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster // service token
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster // note that this session does not need failover protection
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster // as its scope is only this same instance
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster // more over creating an HTTP session by making a self-request
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster // results in dead-lock if called from within synchronized
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster // section in getSessionService()
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster session = newInternalSession(domain, httpSession, false);
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster sessionDebug.error("Error creating service session", e);
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * Creates a new Internal Session
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * @param domain Authentication Domain
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * @param httpSession Http Session
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster public InternalSession newInternalSession(String domain,
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster return newInternalSession(domain, httpSession, true);
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster sessionDebug.error("Error creating new session", e);
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * Creates a new Internal Session
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * @param domain Authentication Domain
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * @param httpSession Http Session
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * @param forceHttpSessionCreation in session failover mode if this parameter is true and
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * httpSession is null, it will cause SessionService to create a
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * new Http session for failover purposes
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster private InternalSession newInternalSession(String domain,
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster HttpSession httpSession, boolean forceHttpSessionCreation)
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster if (isSessionFailoverEnabled && !getUseInternalRequestRouting()
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster && httpSession == null && forceHttpSessionCreation) {
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster // generate primary id
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster // generate session handle which looks like normal session id
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster // except it is not a valid session id
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster // and can not be used for anything other than destroySession
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster // TODO consider unifying RestrictedTokens and session handle
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster + SessionID.makeRelatedSessionID(generateEncryptedID(), sid);
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster sessionHandleTable.put(sessionHandle, session);
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster String amCtxId = Long.toHexString(secureRandom.nextLong())
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster + (isSiteEnabled ? thisSessionServerID : sessionServerID);
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster session.putProperty(Constants.AM_CTX_ID, amCtxId);
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster WebtopNaming.getLBCookieValue(getLocalServerID()));
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * Generates new encrypted ID string to be used as part of session id
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * @return emcrypted ID string
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster String r = Long.toHexString(secureRandom.nextLong());
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster // TODO note that this encryptedID string is kept only
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster // to make this compatible with older Java SDK clients
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster // which knew too much about the structure of the session id
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster // newer clients will mostly treat session id as opaque
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster return (String) AccessController.doPrivileged(new EncodeAction(r + "@"
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster + sessionServerID, Crypt.getHardcodedKeyEncryptor()));
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * Generates new SessionID
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * @param domain session domain
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * @param httpSession http session for failover purposes
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * @return newly generated session id
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * @throws SessionException
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster private SessionID generateSessionId(String domain, HttpSession httpSession)
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster // AME-129 Required for Automatic Session Failover Persistence
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster if ((isSiteEnabled) && (thisSessionServerID != null) && (!thisSessionServerID.isEmpty())) {
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster ext.put(SessionID.PRIMARY_ID, thisSessionServerID);
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster // AME-129, always set a Storage Key regardless of persisting or not.
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster ext.put(SessionID.STORAGE_KEY, String.valueOf(secureRandom.nextLong()));
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster String sessionID = SessionID.makeSessionID(encryptedID, ext,
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster isSiteEnabled ? thisSessionServerID : sessionServerID,
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster } while (sessionTable.get(sid) != null || sessionHandleTable.get(sid.toString()) != null);
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * extract http session id useable as http session cookie
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * @param httpSession http session
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * @return http session id
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster private static String extractHttpSessionId(HttpSession httpSession) {
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * Removes the Internal Session from the Internal Session table.
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * @param sid Session ID
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster InternalSession removeInternalSession(SessionID sid) {
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster boolean isSessionStored = false;
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster InternalSession session = sessionTable.remove(sid);
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster // Session Constraint
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster if (isSessionFailoverEnabled && isSessionStored) {
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster String tokenId = tokenIdFactory.toSessionTokenId(session);
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster "SessionService : failed deleting session ", e);
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster String tokenId = tokenIdFactory.toSessionTokenId(sid);
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster sessionDebug.error("SessionService : failed deleting session ",
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster private void removeRestrictedTokens(InternalSession session) {
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster for (SessionID restrictedSessionID : session.getRestrictedTokens()) {
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster restrictedTokenMap.remove(restrictedSessionID);
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster private void removeSessionHandle(InternalSession session) {
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster // remove from sessionHandleTable (if present)
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster String sessionHandle = session.getSessionHandle();
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * Returns true if session failover is enabled
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster public boolean isSessionFailoverEnabled() {
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * Returns true if crosstalk is reduced (and if session failover is enabled).
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster public boolean isReducedCrossTalkEnabled() {
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster return isSessionFailoverEnabled && isReducedCrosstalkEnabled;
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * The number of minutes to retain {@link Session} objects in DESTROYED state while waiting
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * for delete replication to occur if reduced cross-talk is enabled.
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * This method checks if Internal session is already present locally
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * @param sid
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * @return a boolean
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster public boolean isSessionPresent(SessionID sid) {
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster boolean isPresent = sessionTable.get(sid) != null
2abcab75a7045a74128f7995dce24aa2e6a28e01Jon Jonthomas || sessionHandleTable.get(sid.toString()) != null;
2abcab75a7045a74128f7995dce24aa2e6a28e01Jon Jonthomas * Checks whether current session should be considered local (so that local
2abcab75a7045a74128f7995dce24aa2e6a28e01Jon Jonthomas * invocations of SessionService methods are to be used) and if local and
2abcab75a7045a74128f7995dce24aa2e6a28e01Jon Jonthomas * Session Failover is enabled will recover the Session if the Session is
2abcab75a7045a74128f7995dce24aa2e6a28e01Jon Jonthomas * not found locally.
2abcab75a7045a74128f7995dce24aa2e6a28e01Jon Jonthomas * @return a boolean
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster public boolean checkSessionLocal(SessionID sid) throws SessionException {
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster return true;
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster String hostServerID = getCurrentHostServer(sid);
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster return true;
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster return isLocalSessionService(Session.getSessionServiceURL(sid));
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster return false;
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * Returns true if URL is a URL of the local service local to this instance
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * @param url
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster public boolean isLocalSessionService(URL url) {
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster URL localURL = isSiteEnabled ? thisSessionServiceURL : sessionServiceID;
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster && localURL.getProtocol().equalsIgnoreCase(url.getProtocol())
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster && localURL.getHost().equalsIgnoreCase(url.getHost())
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster && url.getPath().startsWith(localURL.getPath());
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * Checks if server instance identified by serverID is the same as local
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * @param serverID server id
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * @return true if serverID is the same as local instance, false otherwise
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster public boolean isLocalServer(String serverID) {
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster // TODO it appears that in non-failover mode
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster // thisSessionServerID == sessionServerID
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster // so we could do away without the if()
23e304384f98fca4ab2e6f9f07a53465c1bfc645Peter Major * Checks if server instance identified by serverID is the same as local
23e304384f98fca4ab2e6f9f07a53465c1bfc645Peter Major * @param sid server id
23e304384f98fca4ab2e6f9f07a53465c1bfc645Peter Major * @return true if serverID is the same as local instance, false otherwise
23e304384f98fca4ab2e6f9f07a53465c1bfc645Peter Major * This method is called by Session.getSessionServiceURL, when routing a request to an individual session host. In
23e304384f98fca4ab2e6f9f07a53465c1bfc645Peter Major * this case, the SessionID.PRIMARY_ID extension is obtained from the SessionID instance (which corresponds to the
23e304384f98fca4ab2e6f9f07a53465c1bfc645Peter Major * AM-instance host of the session). WebtopNaming will then be called to turn this serverId (01,02, etc) into a
23e304384f98fca4ab2e6f9f07a53465c1bfc645Peter Major * URL which will point a PLL client GetSession request. Calling this method is part of insuring that the PLL GetSession
23e304384f98fca4ab2e6f9f07a53465c1bfc645Peter Major * request does not get routed to a site (load-balancer).
23e304384f98fca4ab2e6f9f07a53465c1bfc645Peter Major * @param serverId the server id (PRIMARY_ID) pulled from a presented cookie.
23e304384f98fca4ab2e6f9f07a53465c1bfc645Peter Major * @return true if the specified serverId is actually a site identifier for the current deployment
9c1ec205dd4a7c6a5a2b06fa7385cf5b33274208Neil Madden return sessionServerID.equals(serverId) || ((secondaryServerIDs != null) && secondaryServerIDs.contains(serverId));
564945e59b60a40c3b9458177b2ff63e2947686cPeter Major * Returns the local server ID
564945e59b60a40c3b9458177b2ff63e2947686cPeter Major * @return The local server ID
23e304384f98fca4ab2e6f9f07a53465c1bfc645Peter Major * Returns the Internal Session corresponding to a Session ID.
23e304384f98fca4ab2e6f9f07a53465c1bfc645Peter Major * @param sid Session Id
23e304384f98fca4ab2e6f9f07a53465c1bfc645Peter Major public InternalSession getInternalSession(SessionID sid) {
23e304384f98fca4ab2e6f9f07a53465c1bfc645Peter Major // check if sid is actually a handle return null
23e304384f98fca4ab2e6f9f07a53465c1bfc645Peter Major // (in order to prevent from assuming recovery case)
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * Checks if the provided SessionID actually represents a session handle.
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * @param sid A SessionID that may represent a standard session id or a session handle.
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * @return true if SessionID is actually a session handle.
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster public static boolean isSessionHandle(SessionID sid) {
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster return sid.toString().startsWith(SHANDLE_SCHEME_PREFIX);
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * Quick access to the total size of the remoteSessionSet.
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * @return the size of the sessionTable
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * Quick access to the total size of the sessionTable (internal sessions), including
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * both invalid and valid tokens in the count, as well as 'hidden' sessions used by OpenAM itself.
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * @return the size of the sessionTable
throws SessionException {
return sess;
return null;
return null;
if (checkRestriction) {
throw se;
} catch (Exception e) {
throw new SessionException(e);
return session;
synchronized (sessionTable) {
.nextElement();
return sessions;
throws SessionException {
if (!matchAll) {
} catch (Exception e) {
throw new SessionException(e);
return sessions;
public static synchronized void decrementActiveSessions() {
public static synchronized void incrementActiveSessions() {
public static synchronized int getActiveSessions() {
return numberOfActiveSessions;
public static int getNotificationQueueSize() {
throws SessionException {
if (reset) {
return info;
throws SessionException {
throws SessionException {
return infos;
} catch (Exception e) {
throw new SessionException(e);
* Checks if the requester has the necessary permission to destroy the provided session. The user has the necessary
* <li>The requester has top level admin role (having read/write access to any service configuration in the top
* @throws SessionException If none of the conditions above is fulfilled, i.e. when the requester does not have the
public void checkPermissionToDestroySession(Session requester, SessionID sid) throws SessionException {
} catch (Exception e) {
throw new SessionException(e);
//if the provided sid was a restricted token, resolveToken will always validate the restriction, so there is no
throws SessionException {
throws SessionException {
null);
} catch (Exception e) {
throw new SessionException(e);
throws SessionException {
throws SessionException {
return masterID;
return null;
return null;
throws SessionException {
} catch (ThreadPoolException e) {
switch (eventType) {
return logger;
throws Exception {
return logProvider;
if (!logStatus) {
if (!logStatus) {
data,
null);
return ssoManager;
return adminToken;
return adminToken;
private SessionService() {
if (isSiteEnabled) {
} catch (NoSuchProviderException e) {
postInit();
ex);
} catch (Exception e) {
} catch (Exception e) {
+ Constants.
clusterStateService = new ClusterStateService(this, thisSessionServerID, timeout, period, clusterMemberMap, siteMemberMap);
if (!isSessionFailoverEnabled) {
if (getUseInternalRequestRouting()) {
return serverID;
throws SessionException {
return serverID;
return serverID;
} catch (Exception e) {
sessionDebug.error("Unable to Initialize the Cluster Service, please review Configuration settings.", e);
throw new SessionException(e);
return primaryID;
.itemAt(i));
return selectedServerId;
static public boolean getUseInternalRequestRouting() {
if (isSessionFailoverEnabled) {
return useInternalRequestRouting;
static public boolean isSessionTrimmingEnabled() {
return isSessionTrimmingEnabled;
static public boolean isSessionConstraintEnabled() {
return isSessionConstraintEnabled;
static public boolean denyLoginIfDBIsDown() {
return denyLoginIfDBIsDown;
return constraintHandler;
if (!getUseInternalRequestRouting()) {
return null;
return coreTokenService;
return ((serverID == null) || (serverID.isEmpty())) ? false : clusterStateService.checkServerUp(serverID);
private void postInit() {
isPropertyNotificationEnabled = true;
isSessionTrimmingEnabled = true;
isSessionConstraintEnabled = true;
denyLoginIfDBIsDown = true;
if (sfoEnabled) {
isSessionFailoverEnabled = true;
useRemoteSaveMethod = true;
useInternalRequestRouting = true;
if (isReducedCrosstalkEnabled) {
public void run() {
switch (changeType) {
if (isSessionFailoverEnabled()) {
return logoutDestroyBroadcast;
private int eventType;
int evttype) {
boolean sendToLocal() {
boolean remoteURLExists = false;
remoteURLExists = true;
} catch (Exception e) {
remoteURLExists = true;
} catch (Exception e) {
return remoteURLExists;
public void run() {
} catch (Exception e) {
} catch (Exception e) {
} catch (IdRepoException e) {
return user;
private boolean hasTopLevelAdminRole(
boolean topLevelAdmin = false;
return topLevelAdmin;
boolean isSuperUser = false;
+ isSuperUser);
return isSuperUser;
return null;
return null;
+ query);
+ url);
} catch (IOException e) {
} catch (IOException e) {
+ url);
if (!isSessionFailoverEnabled) {
+ sid);
if (!isSessionFailoverEnabled) {
return null;
if (getUseInternalRequestRouting()) {
return sess;
} catch (CoreTokenException e) {
return sess;
+ sid);
return sess;
return null;
return null;
return null;
return sess;
return null;
if (getUseInternalRequestRouting()) {
public void cleanUpRemoteSessions() {
if (getUseInternalRequestRouting()) {
synchronized (remoteSessionSet) {
boolean shouldDestroy = false;
shouldDestroy = true;
if (shouldDestroy) {
return shouldDestroy;
if (!isSessionFailoverEnabled) {
+ sid);
+ query);
if (!isSessionFailoverEnabled) {
+ sid);
return null;
return null;
return null;
if (!isSessionFailoverEnabled) {
if (getUseInternalRequestRouting()) {
} catch (Exception e) {
if (useRemoteSaveMethod) {
} catch (Exception e) {
if (!isSessionFailoverEnabled) {
return null;
throw ex;
return connection;
.getHardcodedKeyEncryptor()));
} catch (Exception e) {
return null;
return strEncrypted;
return null;
.getHardcodedKeyEncryptor()));
} catch (Exception e) {
+ e.getMessage());
return null;
return null;
return null;
numberOfChar++;
switch (decoded[i]) {
+ calledFrom);
} catch (Exception e) {
+ e.getMessage());
public static int getConnectionMaxWaitTime() {
return connectionMaxWaitTime;
public static int getMaxWaitTimeForConstraint() {
return maxWaitTimeForConstraint;
return sessionExternalRepositoryURL;
return sessionStoreUserName;
return sessionStorePassword;
public boolean isSiteEnabled() {
return isSiteEnabled;
public static boolean isPropertyNotificationEnabled() {
return isPropertyNotificationEnabled;
if (!isPropertyNotificationEnabled) {
return notificationProperties;
super(sid);