SessionInfoFactory.java revision cc7c18212481f5e9ee508afe2ffcaecb6b9330f5
72450cb9c2ca854c6d3479832c2738196c1d3282Robert Wapshott/**
72450cb9c2ca854c6d3479832c2738196c1d3282Robert Wapshott * Copyright 2014 ForgeRock AS.
72450cb9c2ca854c6d3479832c2738196c1d3282Robert Wapshott *
72450cb9c2ca854c6d3479832c2738196c1d3282Robert Wapshott * The contents of this file are subject to the terms of the Common Development and
72450cb9c2ca854c6d3479832c2738196c1d3282Robert Wapshott * Distribution License (the License). You may not use this file except in compliance with the
72450cb9c2ca854c6d3479832c2738196c1d3282Robert Wapshott * License.
72450cb9c2ca854c6d3479832c2738196c1d3282Robert Wapshott *
72450cb9c2ca854c6d3479832c2738196c1d3282Robert Wapshott * You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for the
72450cb9c2ca854c6d3479832c2738196c1d3282Robert Wapshott * specific language governing permission and limitations under the License.
72450cb9c2ca854c6d3479832c2738196c1d3282Robert Wapshott *
72450cb9c2ca854c6d3479832c2738196c1d3282Robert Wapshott * When distributing Covered Software, include this CDDL Header Notice in each file and include
72450cb9c2ca854c6d3479832c2738196c1d3282Robert Wapshott * the License file at legal/CDDLv1.0.txt. If applicable, add the following below the CDDL
72450cb9c2ca854c6d3479832c2738196c1d3282Robert Wapshott * Header, with the fields enclosed by brackets [] replaced by your own identifying
72450cb9c2ca854c6d3479832c2738196c1d3282Robert Wapshott * information: "Portions copyright [year] [name of copyright owner]".
72450cb9c2ca854c6d3479832c2738196c1d3282Robert Wapshott */
72450cb9c2ca854c6d3479832c2738196c1d3282Robert Wapshottpackage com.iplanet.dpro.session.utils;
72450cb9c2ca854c6d3479832c2738196c1d3282Robert Wapshott
72450cb9c2ca854c6d3479832c2738196c1d3282Robert Wapshottimport com.iplanet.dpro.session.Session;
72450cb9c2ca854c6d3479832c2738196c1d3282Robert Wapshottimport com.iplanet.dpro.session.SessionException;
72450cb9c2ca854c6d3479832c2738196c1d3282Robert Wapshottimport com.iplanet.dpro.session.SessionID;
72450cb9c2ca854c6d3479832c2738196c1d3282Robert Wapshottimport com.iplanet.dpro.session.SessionTimedOutException;
72450cb9c2ca854c6d3479832c2738196c1d3282Robert Wapshottimport com.iplanet.dpro.session.TokenRestriction;
72450cb9c2ca854c6d3479832c2738196c1d3282Robert Wapshottimport com.iplanet.dpro.session.TokenRestrictionFactory;
72450cb9c2ca854c6d3479832c2738196c1d3282Robert Wapshottimport com.iplanet.dpro.session.service.InternalSession;
72450cb9c2ca854c6d3479832c2738196c1d3282Robert Wapshottimport com.iplanet.dpro.session.share.SessionBundle;
72450cb9c2ca854c6d3479832c2738196c1d3282Robert Wapshottimport com.iplanet.dpro.session.share.SessionInfo;
72450cb9c2ca854c6d3479832c2738196c1d3282Robert Wapshott
72450cb9c2ca854c6d3479832c2738196c1d3282Robert Wapshottimport java.text.MessageFormat;
72450cb9c2ca854c6d3479832c2738196c1d3282Robert Wapshott
72450cb9c2ca854c6d3479832c2738196c1d3282Robert Wapshott/**
72450cb9c2ca854c6d3479832c2738196c1d3282Robert Wapshott * Responsible for providing a collection of utility functions for
72450cb9c2ca854c6d3479832c2738196c1d3282Robert Wapshott * manipulating InternalSessions.
72450cb9c2ca854c6d3479832c2738196c1d3282Robert Wapshott */
72450cb9c2ca854c6d3479832c2738196c1d3282Robert Wapshottpublic class SessionInfoFactory {
72450cb9c2ca854c6d3479832c2738196c1d3282Robert Wapshott
72450cb9c2ca854c6d3479832c2738196c1d3282Robert Wapshott private static final String ERROR_FORMAT = "{0} {1}";
72450cb9c2ca854c6d3479832c2738196c1d3282Robert Wapshott
72450cb9c2ca854c6d3479832c2738196c1d3282Robert Wapshott /**
72450cb9c2ca854c6d3479832c2738196c1d3282Robert Wapshott * Generates a SessionInfo which is a summary state of the Session used to
72450cb9c2ca854c6d3479832c2738196c1d3282Robert Wapshott * refresh remote instances of a Session.
72450cb9c2ca854c6d3479832c2738196c1d3282Robert Wapshott *
72450cb9c2ca854c6d3479832c2738196c1d3282Robert Wapshott * @param internalSession Non null InternalSession to summarise.
72450cb9c2ca854c6d3479832c2738196c1d3282Robert Wapshott * @param sessionID SessionID of the caller making the request.
72450cb9c2ca854c6d3479832c2738196c1d3282Robert Wapshott * @return Non null SessionInfo.
72450cb9c2ca854c6d3479832c2738196c1d3282Robert Wapshott *
72450cb9c2ca854c6d3479832c2738196c1d3282Robert Wapshott * @throws SessionException If there was a problem accessing the underlying Session.
72450cb9c2ca854c6d3479832c2738196c1d3282Robert Wapshott */
72450cb9c2ca854c6d3479832c2738196c1d3282Robert Wapshott public SessionInfo getSessionInfo(InternalSession internalSession, SessionID sessionID) throws SessionException {
72450cb9c2ca854c6d3479832c2738196c1d3282Robert Wapshott validateSession(internalSession, sessionID);
72450cb9c2ca854c6d3479832c2738196c1d3282Robert Wapshott return makeSessionInfo(internalSession, sessionID);
72450cb9c2ca854c6d3479832c2738196c1d3282Robert Wapshott }
72450cb9c2ca854c6d3479832c2738196c1d3282Robert Wapshott
72450cb9c2ca854c6d3479832c2738196c1d3282Robert Wapshott /**
72450cb9c2ca854c6d3479832c2738196c1d3282Robert Wapshott * Validates the state of an Internal Session against a Session ID.
72450cb9c2ca854c6d3479832c2738196c1d3282Robert Wapshott *
72450cb9c2ca854c6d3479832c2738196c1d3282Robert Wapshott * Performs two checks, firstly that the Session matches the SessionID
72450cb9c2ca854c6d3479832c2738196c1d3282Robert Wapshott * and secondly that the InternalSession is not timed out.
72450cb9c2ca854c6d3479832c2738196c1d3282Robert Wapshott *
72450cb9c2ca854c6d3479832c2738196c1d3282Robert Wapshott * @param internalSession InternalSession to check.
72450cb9c2ca854c6d3479832c2738196c1d3282Robert Wapshott * @param sid SessionID to check with the InternalSession.
72450cb9c2ca854c6d3479832c2738196c1d3282Robert Wapshott *
72450cb9c2ca854c6d3479832c2738196c1d3282Robert Wapshott * @throws SessionException If the InternalSession has timed out.
72450cb9c2ca854c6d3479832c2738196c1d3282Robert Wapshott *
72450cb9c2ca854c6d3479832c2738196c1d3282Robert Wapshott * @throws IllegalArgumentException If the SessionID of the InternalSession
72450cb9c2ca854c6d3479832c2738196c1d3282Robert Wapshott * and provided SessionID do not match.
72450cb9c2ca854c6d3479832c2738196c1d3282Robert Wapshott */
72450cb9c2ca854c6d3479832c2738196c1d3282Robert Wapshott public void validateSession(InternalSession internalSession, SessionID sid)
72450cb9c2ca854c6d3479832c2738196c1d3282Robert Wapshott throws SessionException {
72450cb9c2ca854c6d3479832c2738196c1d3282Robert Wapshott if (!sid.equals(internalSession.getID())
72450cb9c2ca854c6d3479832c2738196c1d3282Robert Wapshott && internalSession.getRestrictionForToken(sid) == null) {
72450cb9c2ca854c6d3479832c2738196c1d3282Robert Wapshott throw new IllegalArgumentException("Session id mismatch");
72450cb9c2ca854c6d3479832c2738196c1d3282Robert Wapshott }
72450cb9c2ca854c6d3479832c2738196c1d3282Robert Wapshott
72450cb9c2ca854c6d3479832c2738196c1d3282Robert Wapshott if (internalSession.getState() != Session.VALID) {
72450cb9c2ca854c6d3479832c2738196c1d3282Robert Wapshott if (internalSession.getTimeLeftBeforePurge() > 0) {
72450cb9c2ca854c6d3479832c2738196c1d3282Robert Wapshott throw new SessionTimedOutException(MessageFormat.format(ERROR_FORMAT,
72450cb9c2ca854c6d3479832c2738196c1d3282Robert Wapshott SessionBundle.getString("sessionTimedOut"),
72450cb9c2ca854c6d3479832c2738196c1d3282Robert Wapshott sid));
72450cb9c2ca854c6d3479832c2738196c1d3282Robert Wapshott } else {
72450cb9c2ca854c6d3479832c2738196c1d3282Robert Wapshott throw new SessionException(MessageFormat.format(ERROR_FORMAT,
72450cb9c2ca854c6d3479832c2738196c1d3282Robert Wapshott SessionBundle.getString("invalidSessionState"),
72450cb9c2ca854c6d3479832c2738196c1d3282Robert Wapshott sid));
72450cb9c2ca854c6d3479832c2738196c1d3282Robert Wapshott }
72450cb9c2ca854c6d3479832c2738196c1d3282Robert Wapshott }
72450cb9c2ca854c6d3479832c2738196c1d3282Robert Wapshott }
72450cb9c2ca854c6d3479832c2738196c1d3282Robert Wapshott
72450cb9c2ca854c6d3479832c2738196c1d3282Robert Wapshott /**
72450cb9c2ca854c6d3479832c2738196c1d3282Robert Wapshott * Generates a SessionInfo object from the given InternalSession.
72450cb9c2ca854c6d3479832c2738196c1d3282Robert Wapshott *
72450cb9c2ca854c6d3479832c2738196c1d3282Robert Wapshott * @param internalSession Non null InternalSession to use.
72450cb9c2ca854c6d3479832c2738196c1d3282Robert Wapshott * @param sid Session ID for the user performing the action.
72450cb9c2ca854c6d3479832c2738196c1d3282Robert Wapshott * @return A non null SessionInfo instance if valid.
72450cb9c2ca854c6d3479832c2738196c1d3282Robert Wapshott *
72450cb9c2ca854c6d3479832c2738196c1d3282Robert Wapshott * @throws SessionException If there was an error storing the TokenRestriction on the SessionInfo.
72450cb9c2ca854c6d3479832c2738196c1d3282Robert Wapshott *
72450cb9c2ca854c6d3479832c2738196c1d3282Robert Wapshott * @throws IllegalAccessException If this method has not been called in-conjunction with
72450cb9c2ca854c6d3479832c2738196c1d3282Robert Wapshott * SessionInfoFactory#validateSession
72450cb9c2ca854c6d3479832c2738196c1d3282Robert Wapshott */
cc7c18212481f5e9ee508afe2ffcaecb6b9330f5Craig McDonnell public SessionInfo makeSessionInfo(InternalSession internalSession, SessionID sid)
72450cb9c2ca854c6d3479832c2738196c1d3282Robert Wapshott throws SessionException {
72450cb9c2ca854c6d3479832c2738196c1d3282Robert Wapshott SessionInfo info = internalSession.toSessionInfo();
72450cb9c2ca854c6d3479832c2738196c1d3282Robert Wapshott TokenRestriction restriction = internalSession.getRestrictionForToken(sid);
72450cb9c2ca854c6d3479832c2738196c1d3282Robert Wapshott if (restriction != null) {
72450cb9c2ca854c6d3479832c2738196c1d3282Robert Wapshott try {
72450cb9c2ca854c6d3479832c2738196c1d3282Robert Wapshott info.properties.put(Session.TOKEN_RESTRICTION_PROP,
72450cb9c2ca854c6d3479832c2738196c1d3282Robert Wapshott TokenRestrictionFactory.marshal(restriction));
72450cb9c2ca854c6d3479832c2738196c1d3282Robert Wapshott } catch (Exception e) {
72450cb9c2ca854c6d3479832c2738196c1d3282Robert Wapshott throw new SessionException(e);
72450cb9c2ca854c6d3479832c2738196c1d3282Robert Wapshott }
72450cb9c2ca854c6d3479832c2738196c1d3282Robert Wapshott } else if (!sid.equals(internalSession.getID())) {
72450cb9c2ca854c6d3479832c2738196c1d3282Robert Wapshott throw new IllegalArgumentException("Session id mismatch");
72450cb9c2ca854c6d3479832c2738196c1d3282Robert Wapshott }
72450cb9c2ca854c6d3479832c2738196c1d3282Robert Wapshott // replace master sid with the sid from the request (either master or
72450cb9c2ca854c6d3479832c2738196c1d3282Robert Wapshott // restricted) in order not to leak the master sid
72450cb9c2ca854c6d3479832c2738196c1d3282Robert Wapshott info.sid = sid.toString();
72450cb9c2ca854c6d3479832c2738196c1d3282Robert Wapshott return info;
72450cb9c2ca854c6d3479832c2738196c1d3282Robert Wapshott }
72450cb9c2ca854c6d3479832c2738196c1d3282Robert Wapshott}