session/utils/SessionInfoFactory.java

a4544a5a0e622ef69e38641f87ab1b5685e05911Phill Cunnington/*
72450cb9c2ca854c6d3479832c2738196c1d3282Robert Wapshott * The contents of this file are subject to the terms of the Common Development and
72450cb9c2ca854c6d3479832c2738196c1d3282Robert Wapshott * Distribution License (the License). You may not use this file except in compliance with the
72450cb9c2ca854c6d3479832c2738196c1d3282Robert Wapshott * License.
72450cb9c2ca854c6d3479832c2738196c1d3282Robert Wapshott *
72450cb9c2ca854c6d3479832c2738196c1d3282Robert Wapshott * You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for the
72450cb9c2ca854c6d3479832c2738196c1d3282Robert Wapshott * specific language governing permission and limitations under the License.
72450cb9c2ca854c6d3479832c2738196c1d3282Robert Wapshott *
72450cb9c2ca854c6d3479832c2738196c1d3282Robert Wapshott * When distributing Covered Software, include this CDDL Header Notice in each file and include
72450cb9c2ca854c6d3479832c2738196c1d3282Robert Wapshott * the License file at legal/CDDLv1.0.txt. If applicable, add the following below the CDDL
72450cb9c2ca854c6d3479832c2738196c1d3282Robert Wapshott * Header, with the fields enclosed by brackets [] replaced by your own identifying
72450cb9c2ca854c6d3479832c2738196c1d3282Robert Wapshott * information: "Portions copyright [year] [name of copyright owner]".
a4544a5a0e622ef69e38641f87ab1b5685e05911Phill Cunnington *
7b3fa0c4c626865e92012ef9f885e91d945850eaCraig McDonnell * Copyright 2014-2016 ForgeRock AS.
72450cb9c2ca854c6d3479832c2738196c1d3282Robert Wapshott */
72450cb9c2ca854c6d3479832c2738196c1d3282Robert Wapshottpackage com.iplanet.dpro.session.utils;
72450cb9c2ca854c6d3479832c2738196c1d3282Robert Wapshott
fa03f17e603602dd9503a88cec3c310072c93ccaCraig McDonnellimport static org.forgerock.openam.session.SessionConstants.TOKEN_RESTRICTION_PROP;
c184142912cff04e5442d8bf70febe477285fb1cCraig McDonnell
c184142912cff04e5442d8bf70febe477285fb1cCraig McDonnellimport java.text.MessageFormat;
c184142912cff04e5442d8bf70febe477285fb1cCraig McDonnell
72450cb9c2ca854c6d3479832c2738196c1d3282Robert Wapshottimport com.iplanet.dpro.session.SessionException;
72450cb9c2ca854c6d3479832c2738196c1d3282Robert Wapshottimport com.iplanet.dpro.session.SessionID;
72450cb9c2ca854c6d3479832c2738196c1d3282Robert Wapshottimport com.iplanet.dpro.session.SessionTimedOutException;
72450cb9c2ca854c6d3479832c2738196c1d3282Robert Wapshottimport com.iplanet.dpro.session.TokenRestriction;
72450cb9c2ca854c6d3479832c2738196c1d3282Robert Wapshottimport com.iplanet.dpro.session.TokenRestrictionFactory;
72450cb9c2ca854c6d3479832c2738196c1d3282Robert Wapshottimport com.iplanet.dpro.session.service.InternalSession;
c184142912cff04e5442d8bf70febe477285fb1cCraig McDonnellimport com.iplanet.dpro.session.service.SessionState;
72450cb9c2ca854c6d3479832c2738196c1d3282Robert Wapshottimport com.iplanet.dpro.session.share.SessionBundle;
72450cb9c2ca854c6d3479832c2738196c1d3282Robert Wapshottimport com.iplanet.dpro.session.share.SessionInfo;
72450cb9c2ca854c6d3479832c2738196c1d3282Robert Wapshott
72450cb9c2ca854c6d3479832c2738196c1d3282Robert Wapshott/**
72450cb9c2ca854c6d3479832c2738196c1d3282Robert Wapshott * Responsible for providing a collection of utility functions for
72450cb9c2ca854c6d3479832c2738196c1d3282Robert Wapshott * manipulating InternalSessions.
72450cb9c2ca854c6d3479832c2738196c1d3282Robert Wapshott */
72450cb9c2ca854c6d3479832c2738196c1d3282Robert Wapshottpublic class SessionInfoFactory {
72450cb9c2ca854c6d3479832c2738196c1d3282Robert Wapshott
d4bacb2592326eee0ad1fcde08f37e5adb2c6f41Robert Wapshott    public static final String INVALID_SESSION_STATE = "invalidSessionState";
d4bacb2592326eee0ad1fcde08f37e5adb2c6f41Robert Wapshott    public static final String SESSION_TIMED_OUT = "sessionTimedOut";
72450cb9c2ca854c6d3479832c2738196c1d3282Robert Wapshott    private static final String ERROR_FORMAT = "{0} {1}";
72450cb9c2ca854c6d3479832c2738196c1d3282Robert Wapshott
72450cb9c2ca854c6d3479832c2738196c1d3282Robert Wapshott    /**
72450cb9c2ca854c6d3479832c2738196c1d3282Robert Wapshott     * Generates a SessionInfo which is a summary state of the Session used to
72450cb9c2ca854c6d3479832c2738196c1d3282Robert Wapshott     * refresh remote instances of a Session.
72450cb9c2ca854c6d3479832c2738196c1d3282Robert Wapshott     *
72450cb9c2ca854c6d3479832c2738196c1d3282Robert Wapshott     * @param internalSession Non null InternalSession to summarise.
72450cb9c2ca854c6d3479832c2738196c1d3282Robert Wapshott     * @param sessionID SessionID of the caller making the request.
72450cb9c2ca854c6d3479832c2738196c1d3282Robert Wapshott     * @return Non null SessionInfo.
72450cb9c2ca854c6d3479832c2738196c1d3282Robert Wapshott     *
72450cb9c2ca854c6d3479832c2738196c1d3282Robert Wapshott     * @throws SessionException If there was a problem accessing the underlying Session.
72450cb9c2ca854c6d3479832c2738196c1d3282Robert Wapshott     */
72450cb9c2ca854c6d3479832c2738196c1d3282Robert Wapshott    public SessionInfo getSessionInfo(InternalSession internalSession, SessionID sessionID) throws SessionException {
72450cb9c2ca854c6d3479832c2738196c1d3282Robert Wapshott        validateSession(internalSession, sessionID);
72450cb9c2ca854c6d3479832c2738196c1d3282Robert Wapshott        return makeSessionInfo(internalSession, sessionID);
72450cb9c2ca854c6d3479832c2738196c1d3282Robert Wapshott    }
72450cb9c2ca854c6d3479832c2738196c1d3282Robert Wapshott
72450cb9c2ca854c6d3479832c2738196c1d3282Robert Wapshott    /**
72450cb9c2ca854c6d3479832c2738196c1d3282Robert Wapshott     * Validates the state of an Internal Session against a Session ID.
72450cb9c2ca854c6d3479832c2738196c1d3282Robert Wapshott     *
72450cb9c2ca854c6d3479832c2738196c1d3282Robert Wapshott     * Performs two checks, firstly that the Session matches the SessionID
72450cb9c2ca854c6d3479832c2738196c1d3282Robert Wapshott     * and secondly that the InternalSession is not timed out.
72450cb9c2ca854c6d3479832c2738196c1d3282Robert Wapshott     *
72450cb9c2ca854c6d3479832c2738196c1d3282Robert Wapshott     * @param internalSession InternalSession to check.
72450cb9c2ca854c6d3479832c2738196c1d3282Robert Wapshott     * @param sid SessionID to check with the InternalSession.
72450cb9c2ca854c6d3479832c2738196c1d3282Robert Wapshott     *
72450cb9c2ca854c6d3479832c2738196c1d3282Robert Wapshott     * @throws SessionException If the InternalSession has timed out.
72450cb9c2ca854c6d3479832c2738196c1d3282Robert Wapshott     *
72450cb9c2ca854c6d3479832c2738196c1d3282Robert Wapshott     * @throws IllegalArgumentException If the SessionID of the InternalSession
72450cb9c2ca854c6d3479832c2738196c1d3282Robert Wapshott     * and provided SessionID do not match.
72450cb9c2ca854c6d3479832c2738196c1d3282Robert Wapshott     */
72450cb9c2ca854c6d3479832c2738196c1d3282Robert Wapshott    public void validateSession(InternalSession internalSession, SessionID sid)
72450cb9c2ca854c6d3479832c2738196c1d3282Robert Wapshott            throws SessionException {
72450cb9c2ca854c6d3479832c2738196c1d3282Robert Wapshott        if (!sid.equals(internalSession.getID())
72450cb9c2ca854c6d3479832c2738196c1d3282Robert Wapshott                && internalSession.getRestrictionForToken(sid) == null) {
72450cb9c2ca854c6d3479832c2738196c1d3282Robert Wapshott            throw new IllegalArgumentException("Session id mismatch");
72450cb9c2ca854c6d3479832c2738196c1d3282Robert Wapshott        }
72450cb9c2ca854c6d3479832c2738196c1d3282Robert Wapshott
c184142912cff04e5442d8bf70febe477285fb1cCraig McDonnell        if (internalSession.getState() != SessionState.VALID) {
fa03f17e603602dd9503a88cec3c310072c93ccaCraig McDonnell            if (internalSession.isTimedOut()) {
72450cb9c2ca854c6d3479832c2738196c1d3282Robert Wapshott                throw new SessionTimedOutException(MessageFormat.format(ERROR_FORMAT,
d4bacb2592326eee0ad1fcde08f37e5adb2c6f41Robert Wapshott                        SessionBundle.getString(SESSION_TIMED_OUT),
72450cb9c2ca854c6d3479832c2738196c1d3282Robert Wapshott                        sid));
72450cb9c2ca854c6d3479832c2738196c1d3282Robert Wapshott            } else {
72450cb9c2ca854c6d3479832c2738196c1d3282Robert Wapshott                throw new SessionException(MessageFormat.format(ERROR_FORMAT,
d4bacb2592326eee0ad1fcde08f37e5adb2c6f41Robert Wapshott                        SessionBundle.getString(INVALID_SESSION_STATE),
72450cb9c2ca854c6d3479832c2738196c1d3282Robert Wapshott                        sid));
72450cb9c2ca854c6d3479832c2738196c1d3282Robert Wapshott            }
72450cb9c2ca854c6d3479832c2738196c1d3282Robert Wapshott        }
72450cb9c2ca854c6d3479832c2738196c1d3282Robert Wapshott    }
72450cb9c2ca854c6d3479832c2738196c1d3282Robert Wapshott
72450cb9c2ca854c6d3479832c2738196c1d3282Robert Wapshott    /**
72450cb9c2ca854c6d3479832c2738196c1d3282Robert Wapshott     * Generates a SessionInfo object from the given InternalSession.
72450cb9c2ca854c6d3479832c2738196c1d3282Robert Wapshott     *
72450cb9c2ca854c6d3479832c2738196c1d3282Robert Wapshott     * @param internalSession Non null InternalSession to use.
72450cb9c2ca854c6d3479832c2738196c1d3282Robert Wapshott     * @param sid Session ID for the user performing the action.
72450cb9c2ca854c6d3479832c2738196c1d3282Robert Wapshott     * @return A non null SessionInfo instance if valid.
72450cb9c2ca854c6d3479832c2738196c1d3282Robert Wapshott     *
72450cb9c2ca854c6d3479832c2738196c1d3282Robert Wapshott     * @throws SessionException If there was an error storing the TokenRestriction on the SessionInfo.
72450cb9c2ca854c6d3479832c2738196c1d3282Robert Wapshott     *
72450cb9c2ca854c6d3479832c2738196c1d3282Robert Wapshott     * @throws IllegalAccessException If this method has not been called in-conjunction with
72450cb9c2ca854c6d3479832c2738196c1d3282Robert Wapshott     * SessionInfoFactory#validateSession
72450cb9c2ca854c6d3479832c2738196c1d3282Robert Wapshott     */
cc7c18212481f5e9ee508afe2ffcaecb6b9330f5Craig McDonnell    public SessionInfo makeSessionInfo(InternalSession internalSession, SessionID sid)
72450cb9c2ca854c6d3479832c2738196c1d3282Robert Wapshott            throws SessionException {
72450cb9c2ca854c6d3479832c2738196c1d3282Robert Wapshott        SessionInfo info = internalSession.toSessionInfo();
72450cb9c2ca854c6d3479832c2738196c1d3282Robert Wapshott        TokenRestriction restriction = internalSession.getRestrictionForToken(sid);
72450cb9c2ca854c6d3479832c2738196c1d3282Robert Wapshott        if (restriction != null) {
72450cb9c2ca854c6d3479832c2738196c1d3282Robert Wapshott            try {
d0da70ccbba38b773e7a7cc71bc124b06206d201Robert Wapshott                info.getProperties().put(TOKEN_RESTRICTION_PROP,
72450cb9c2ca854c6d3479832c2738196c1d3282Robert Wapshott                        TokenRestrictionFactory.marshal(restriction));
72450cb9c2ca854c6d3479832c2738196c1d3282Robert Wapshott            } catch (Exception e) {
72450cb9c2ca854c6d3479832c2738196c1d3282Robert Wapshott                throw new SessionException(e);
72450cb9c2ca854c6d3479832c2738196c1d3282Robert Wapshott            }
72450cb9c2ca854c6d3479832c2738196c1d3282Robert Wapshott        } else if (!sid.equals(internalSession.getID())) {
72450cb9c2ca854c6d3479832c2738196c1d3282Robert Wapshott            throw new IllegalArgumentException("Session id mismatch");
72450cb9c2ca854c6d3479832c2738196c1d3282Robert Wapshott        }
72450cb9c2ca854c6d3479832c2738196c1d3282Robert Wapshott        // replace master sid with the sid from the request (either master or
72450cb9c2ca854c6d3479832c2738196c1d3282Robert Wapshott        // restricted) in order not to leak the master sid
d0da70ccbba38b773e7a7cc71bc124b06206d201Robert Wapshott        info.setSessionID(sid.toString());
72450cb9c2ca854c6d3479832c2738196c1d3282Robert Wapshott        return info;
72450cb9c2ca854c6d3479832c2738196c1d3282Robert Wapshott    }
72450cb9c2ca854c6d3479832c2738196c1d3282Robert Wapshott}