AuthUtils.java revision ff61673cd5d9fe33dfc9078d5542d8c5d409fdd6
0N/A * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER. 0N/A * Copyright (c) 2005 Sun Microsystems Inc. All Rights Reserved 0N/A * The contents of this file are subject to the terms 0N/A * of the Common Development and Distribution License 0N/A * (the License). You may not use this file except in 0N/A * compliance with the License. 0N/A * You can obtain a copy of the License at 0N/A * See the License for the specific language governing 0N/A * permission and limitations under the License. 0N/A * When distributing Covered Code, include this CDDL 0N/A * Header Notice in each file and include the License file 0N/A * If applicable, add the following below the CDDL Header, 0N/A * with the fields enclosed by brackets [] replaced by 0N/A * your own identifying information: 0N/A * "Portions Copyrighted [year] [name of copyright owner]" 0N/A * Portions Copyrighted 2010-2015 ForgeRock AS. 0N/A * Authentication type for Realm based authentication after 0N/A * Authentication type for Service based authentication after 4134N/A * Authentication type for Module based authentication after 2086N/A * Private constructor to prevent any instances being created 0N/A /* retrieve session */ 0N/A /* this method does the following 0N/A * 1. initializes authService (AuthD) if not already done. 4134N/A * 2. parses the request parameters and stores in dataHash 0N/A * 3. Retrieves the AuthContext object from the global table 0N/A * 4. if this is found then updates the loginState request 0N/A * type to false and updates the parameter hash table in 0N/A * loginstate object. 0N/A * on error throws AuthException 0N/A * Returns the authentication context for a request. 0N/A * @param request HTTP Servlet Request. 4134N/A * @param response HTTP Servlet Response. 0N/A * @param sid SessionID for this request. 0N/A * @param isSessionUpgrade <code>true</code> if session upgrade. 0N/A * @param isBackPost <code>true</code> if back posting. 0N/A * @return authentication context. 0N/A * Returns the authentication context for a request. 0N/A * @param request HTTP Servlet Request. 0N/A * @param response HTTP Servlet Response. 0N/A * @param sid SessionID for this request. 0N/A * @param isSessionUpgrade <code>true</code> if session upgrade. 0N/A * @param isBackPost <code>true</code> if back posting. 0N/A * @param isLogout <code>true</code> for logout. 0N/A * @return authentication context. 0N/A // initialize auth service. 4134N/A +
"Invalid Session Timed out");
0N/A // processAuthContext checks for arg=newsession in the HttpServletRequest 0N/A // if request has arg=newsession then destroy session and create a new 0N/A // AuthContextLocal object. 0N/A // initialize auth service. 4566N/A // destroy auth context and create new one. 4566N/A * This flag indicates that the same user is running the auth login 0N/A * process in mutiple tabs of the same browser and if the auth 0N/A * is zero user intervention custom auth module using Redirect 0N/A * Callback, then there would be a situation that the same 0N/A * authContext is being used by mutiple threads running the 0N/A * auth process, so avoid this mutiple thread interference keep 0N/A * the process in this while loop until all the submit requirements 4566N/A * have been met. This is a specific customer use case. 0N/A // update loginState - requestHash , sess 5303N/A // retrieve the sid from the LoginState object 5303N/A // no need to have error code since the method where this is called 868N/A // generates AUTH_ERROR 5303N/A * Returns the Cookie object created based on the cookie name, 5303N/A * Session ID and cookie domain. If Session is in invalid State then 5303N/A * cookie is created with authentication cookie name , if 5303N/A * @param ac the AuthContext object 5303N/A *@param cookieDomain the cookie domain for creating cookie 868N/A * Returns the Logout cookie. 5303N/A * @param ac the AuthContextLocal object 5303N/A * @param cookieDomain the cookieDomain 5303N/A * Return logout url from LoginState object. 5303N/A * Caller should check for possible null value returned. 5303N/A // No default URL in case of logout. Taken care by LogoutBean. 5303N/A // returns true if request is new else false. 5303N/A /* return the successful login url */ 5303N/A /* return the failed login url */ 5303N/A //removeLoginStateFromHash(authContext); 5303N/A // destroySession(authContext); 5303N/A /* return filename - will use FileLookUp API 5303N/A * for UI only - this returns the relative path 0N/A // return the locale 0N/A // initialize auth service. 0N/A * Returns <code>true</code> if the session has timed out or the page has 0N/A * @param authContext the authentication context object for the request. 0N/A * @return <code>true</code> if timed out else false. 0N/A /* return the indexType for this request */ 2086N/A /* return the indexType for this request */ 607N/A /* return the indexName for this request */ 5303N/A * Returns the resource based on the default values. 607N/A * @param request HTTP Servlet Request. 5303N/A * @param fileName name of the file 5303N/A * @return Path to the resource. 5303N/A // initialize auth service. 5303N/A //in case we are unable to determine the realm from the incoming 5303N/A //requests, let's fallback to top level realm 4578N/A /* returns the orgDN for the request */ 5303N/A /* create auth context for org */ 5303N/A /** Returns the AuthContext Handle for the Request. 5303N/A * @param orgName OrganizationName in request 5303N/A * @param sessionID Session ID for this request 5303N/A * @param isLogout a boolean which is true if it is a Logout request 5303N/A * @param req HttpServletRequest 5303N/A * @return AuthContextLocal object 5303N/A /* create auth context for org and sid, if sessionupgrade then 5303N/A * save the previous authcontext and create new authcontext 5303N/A * orgName - organization name to login to 5303N/A * sessionId - sessionID of the request - "0" if new request 607N/A * isLogout - is this a logout request 3853N/A * @param orgName OrganizationName in request 3853N/A * @param sessionID Session ID for this request 3853N/A * @param isLogout a boolean which is true if it is a Logout request 3853N/A * @param req HttpServletRequest 4134N/A * @param indexType Index Type 3853N/A * @param indexName Index Name 3853N/A * @return AuthContextLocal object 5866N/A /* create auth context for org and sid, if sessionupgrade then 5866N/A * save the previous authcontext and create new authcontext 5866N/A * orgName - organization name to login too 5866N/A * sessionId - sessionID of the request - "0" if new request 5866N/A * isLogout - is this a logout request - if yes then no session 5866N/A * upgrade - this is the case where session is VALID so need 5866N/A * to use this flag to determine if session upgrade is needed. 4566N/A * @param orgName OrganizationName in request 4566N/A * @param sessionID Session ID for this request 4566N/A * @param isLogout a boolean which is true if it is a Logout request 4566N/A * @param req HttpServletRequest 4566N/A * @param indexType Index Type 4566N/A * @param indexName Index Name 5972N/A * @param forceAuth force auth flag 5866N/A * @return AuthContextLocal object 4566N/A // check if this sesson id is active, if yes then it 4566N/A // is a session upgrade case. 4573N/A * Returns a set of authentication modules whose authentication 4566N/A * level equals to or greater than the specified authLevel. If no such 4573N/A * module exists, an empty set will be returned. 4566N/A * @param authLevel authentication level. 4573N/A * @param organizationDN DN for the organization. 4573N/A * @param clientType Client type, e.g. "genericHTML". 4573N/A * @return Set of authentication modules whose authentication level 4573N/A * equals to or greater that the specified authentication level. 4573N/A /* return the previous Internal Session */ 4573N/A /* retreive the authcontext based on the req */ 4573N/A // initialize auth service. 4573N/A /* check if the session is active */ 4566N/A /* retreive session property */ 4573N/A /* return session upgrade - true or false */ 4573N/A * Returns true if cookies found in the request. 4573N/A * @param req HTTP Servlet Request. 4573N/A * @param ac authentication context. 4573N/A * @return <code>true</code> if cookies found in request. 4573N/A // came here if cookie not found , return false 4573N/A // Gets Callbacks per Page state 4578N/A // Sets (saves) Callbacks per Page state 4578N/A * Returns the SessionID . This is required to added the 4578N/A * session server , port , protocol info to the Logout Cookie. 4583N/A * SessionID is retrieved from Auth service if a handle on 4583N/A * the authcontext object is there otherwise retrieve from 4578N/A * @param authContext is the AuthContext which is 4578N/A * handle to the auth service 4583N/A * @param request is the HttpServletRequest object 4578N/A * @return returns the SessionID 4578N/A * Returns true if cookie is supported otherwise false. 4578N/A * the value is retrieved from the auth service if a 4578N/A * handle on the auth context object is there otherwise 4578N/A * check the HttpServletRequest object to see if the 4578N/A * OpenAM cookie is in the request header 4578N/A * @param authContext is the handle to the auth service 4578N/A * @param request is the HttpServletRequest Object for the 4583N/A * @return boolean value indicating whether cookie is supported 4578N/A * Returns the previous index type after module is selected in authlevel 4578N/A * @param ac the is the AuthContextLocal instance. 4578N/A * @return AuthContext.IndexType. 4578N/A * Returns whether the auth module is or the auth chain contains pure JAAS 4578N/A * @param configName a string of the configuratoin name. 4578N/A * @return 1 for pure JAAS module; -1 for module(s) provided by IS only. 4578N/A // re-use the obtained configuration 4578N/A " is instance of AMLoginModule");
4578N/A * Get the module service name in either 4578N/A * iplanet-am-auth format<module.toLowerCase()>Service(old) or 4578N/A * sunAMAuth<module>Service format(new). 4578N/A * Returns success URL for this request. If <code>goto</code> parameter is 4578N/A * in the current request then returns the <code>goto</code> parameter 4578N/A * else returns the success URL set in the valid session. 4578N/A * @param request HTTP Servlet Request. 4578N/A * @param authContext authentication context for this request. 4578N/A // Returns the set of Module instances resulting from a 'composite advice' 4578N/A //returnAuthInstances = Collections.EMPTY_MAP; 4578N/A // Returns the set of module instances having lowest auth level from a 4578N/A // given set of auth level values 4578N/A // First get the lowest auth level value from a given set 4578N/A //get the Realm qualified Auth Level value 4578N/A //get the module instance value // returns AuthContextLocal object from Session object identified by 'sid'. // if not found then check it in the HttpSession. // retrieve the AuthContextLocal object from the Session object. * Removes the AuthContextLocal object in the Session object identified * by the SessionID object parameter 'sid'. * Returns the authentication service or chain configured for the * @param orgDN organization DN. * @return the authentication service or chain configured for the * Returns true if remote Auth security is enabled and false otherwise * @return the value of sunRemoteAuthSecurityEnabled attribute * Returns the flag indicating a request "forward" after * successful authentication. * @param authContext AuthContextLocal object * @param req HttpServletRequest object * @return the boolean flag. * Returns <code>true</code> if the request has the * <code>forward=true</code> query parameter. * @param req HttpServletRequest object * @return <code>true</code> if this parameter is present. * Returns <code>Map</code> attributes * @param serviceName Service Name * @return <code>Map</code> of global attributes. * Get URL set by Post Process Plugin in HttpServletRequest. * Caller should check for null return value. " Value : Not set - null or empty string");
/* Helper method to reset HttpServletRequest object before it is sent to * Post Process Plugin so that it can set new values. * Returns valid goto parameter for this request. Validate goto parameter set in the current request, then returns * @param request The HttpServletRequest. * @param orgDN Organization DN. * @return The validated goto URL. * Performs a logout on a given token ensuring the post auth classes are called * @param sessionID The token id to logout * @param request The HTTP request * @param response The HTTP response * @return true if the token was still valid before logout was called * @throws SSOException If token is null or other SSO exceptions * Performs a logout on a given token ensuring the post auth classes are called * @param intSession The <code>InternalSession</code> to logout * @param token The <code>SSOToken</code> to logout * @param request The HTTP request * @param response The HTTP response * @return true if the token was still valid before logout was called * @throws SSOException If token is null or other SSO exceptions utilDebug.
message(
"InternalSession is null, obtaining PAP instance from ssotoken");
+
" checking validity of SSO Token",
se);
* Gets the ZPL configuration for the given realm. * @param realm the realm to get the ZPL configuration for. Not null. * @return the ZPL configuration object. Never null. * @throws SSOException if there is a problem authenticating the configuration lookup. * @throws SMSException if there is a problem fetching the configuration data.