SSOProviderImpl.java revision 26304a2a091af368cfc16c977bcce6d17195360a
0N/A * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER. 0N/A * Copyright (c) 2005 Sun Microsystems Inc. All Rights Reserved 0N/A * The contents of this file are subject to the terms 0N/A * of the Common Development and Distribution License 0N/A * (the License). You may not use this file except in 0N/A * compliance with the License. 0N/A * You can obtain a copy of the License at 0N/A * See the License for the specific language governing 0N/A * permission and limitations under the License. 0N/A * When distributing Covered Code, include this CDDL 0N/A * Header Notice in each file and include the License file 0N/A * If applicable, add the following below the CDDL Header, 0N/A * with the fields enclosed by brackets [] replaced by 0N/A * your own identifying information: 0N/A * "Portions Copyrighted [year] [name of copyright owner]" 0N/A * Portions copyright 2013-2016 ForgeRock AS. 0N/A * This <code>final</code> class <code>SSOProviderImpl</code> implements 0N/A * <code>SSOProvider</code> interface and provides implementation of the methods 0N/A * to create , destroy , check the validity of a single sign on token. 2095N/A * Note: Used by ClientSDK, therefore must not use Guice for initialisation. 0N/A * Check to see if the clientIPCheck is enabled 0N/A // Initialize debug instance; 0N/A * Constructs a instance of <code>SSOProviderImpl</code> 0N/A * @throws SSOException 0N/A * Creates a single sign on token for the <code>HttpRequest</code> 0N/A * @param request <code>HttpServletRequest</code> 0N/A * @return single sign on token for the request 0N/A * @throws SSOException if the single sign on token cannot be created. 0N/A * Creates a single sign on token with user or service as the entity 0N/A * @param user Principal representing a user or service 0N/A * @param password password string. 0N/A * @return single sign on token 0N/A * @throws SSOException if the single sign on token cannot be created. 0N/A * @throws UnsupportedOperationException Thrown to indicate that the 0N/A * requested operation is not supported. 0N/A * @deprecated This method has been deprecated. Please use the 0N/A * regular LDAP authentication mechanism instead. More information 0N/A * on how to use the authentication programming interfaces as well as the 0N/A * code samples can be obtained from the "Authenticating Using 0N/A * OpenAM Java SDK" chapter of the OpenAM Developer's Guide. 0N/A * Creates a single sign on token. Note: this method should remain private 0N/A * and get called only by the AuthContext API. Note also: this method may reset 0N/A * the idle time of the session. 0N/A * @param tokenId single sign on token ID. 0N/A * @param invokedByAuth boolean flag indicating that this method has 0N/A * been invoked by the AuthContext.getSSOToken() API. 0N/A * @return single sign on token. 0N/A * @throws SSOException if the single sign on token cannot be created. 0N/A * @throws UnsupportedOperationException Thrown to indicate that the 0N/A * requested operation is not supported. 0N/A * Creates a single sign on token. 0N/A * @param tokenId single sign on token ID. 0N/A * @param invokedByAuth boolean flag indicating that this method has been invoked by the AuthContext.getSSOToken() 0N/A * @param possiblyResetIdleTime If true, the idle time of the token/session may be reset to zero. If false, the 0N/A * idle time will never be reset. 0N/A * @return single sign on token. 0N/A * @throws SSOException if the single sign on token cannot be created for any reason. 0N/A * @throws java.lang.UnsupportedOperationException only here to satisfy the interface, this is never thrown. 0N/A +
") could not create SSOToken for token ID \"" 0N/A * Creates a single sign on token. 0N/A * @param tokenId single sign on token ID. 0N/A * @return single sign on token. 0N/A * @throws SSOException if the single sign on token cannot be created. 0N/A * @throws UnsupportedOperationException 988N/A * @deprecated Use #createSSOToken(String, String) 2095N/A * Creates a single sign on token. 988N/A * @param tokenId single sign on token ID. 0N/A * @param clientIP client IP address 0N/A * @return single sign on token. 0N/A * @throws SSOException if the single sign on token cannot be created. 0N/A * @throws UnsupportedOperationException Thrown to indicate that the 0N/A * requested operation is not supported. 0N/A * @deprecated Use #createSSOToken(String, String) 0N/A * Checks the validity of the single sign on token 0N/A * @param token The single sign on token object to be validated 0N/A * @return Returns true if the <code>SSOToken</code> is valid 2095N/A * Checks the validity of the single sign on token 2095N/A * @param token The single sign on token object to be validated 2095N/A * @param refresh Flag indicating whether refreshing the token is allowed 0N/A * @return Returns true if the <code>SSOToken</code> is valid, false otherwise 0N/A * If the token was created from createSSOToken(Principal, password) 0N/A * there is no association with session. Use this temp solution for now. 0N/A * If this method is going to go away, we can remove that method, otherwise 0N/A * a better mechanism has to be implemented. 2095N/A * Checks if the single sign on token is valid. 1689N/A * @param token single sign on token. 2095N/A * @throws SSOException if the single sign on token is not valid. 2095N/A * if the token was created from createSSOToken(Principal, password) 2095N/A * there is no association with session. Use this temp solution now. 2095N/A * if this method is going to go away, we can remove that method. 1689N/A * otherwise a better mechanism has to be implemented. 2095N/A * Destroys a single sign on token 1689N/A * @param token The single sign on token object to be destroyed 2095N/A * @throws SSOException if the given token cannot be destroyed * Validate the IP address of the client with the IP stored in Session. * @param sess Session object associated with the token * @param clientIP IP address of the current client who made * <code>HttpRequest</code>. * @return Returns true if the IP is valid else false. * @throws SSOException if IP cannot be validated for the given session * Refresh the Session corresponding to the single sign on token from the * @param token single sign on token for which session need to be refreshed * @throws SSOException if the session cannot be refreshed * Refresh the Session corresponding to the single sign on token from the * @param token single sign on token for which session need to be refreshed. * @param possiblyResetIdleTime if true, the idle time may be reset, if false it will never be. * @throws SSOException if the session cannot be refreshed. debug.
error(
"Error in refreshing the session from sessions server");
* Destroys a single sign on token. * The single sign on token object used to authorize the * The single sign on token object to be destroyed. * if the there was an error during communication with session * Returns a list of single sign on token objects * which correspond to valid Sessions accessible to requester. single sign * on token objects returned are restricted: they can only be used to * retrieve properties and destroy sessions they represent. * The single sign on token object used to authorize the * The server for which the valid sessions are to be retrieved * @return Set of Valid Sessions * if the there was an error during communication with session