AuthUtils.java revision ff61673cd5d9fe33dfc9078d5542d8c5d409fdd6
0N/A/**
0N/A * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
0N/A *
0N/A * Copyright (c) 2005 Sun Microsystems Inc. All Rights Reserved
0N/A *
0N/A * The contents of this file are subject to the terms
0N/A * of the Common Development and Distribution License
0N/A * (the License). You may not use this file except in
0N/A * compliance with the License.
0N/A *
0N/A * You can obtain a copy of the License at
0N/A * https://opensso.dev.java.net/public/CDDLv1.0.html or
0N/A * opensso/legal/CDDLv1.0.txt
0N/A * See the License for the specific language governing
0N/A * permission and limitations under the License.
0N/A *
0N/A * When distributing Covered Code, include this CDDL
0N/A * Header Notice in each file and include the License file
873N/A * at opensso/legal/CDDLv1.0.txt.
0N/A * If applicable, add the following below the CDDL Header,
0N/A * with the fields enclosed by brackets [] replaced by
0N/A * your own identifying information:
0N/A * "Portions Copyrighted [year] [name of copyright owner]"
0N/A *
4566N/A * $Id: AuthUtils.java,v 1.33 2009/12/15 16:39:47 qcheng Exp $
6249N/A *
0N/A * Portions Copyrighted 2010-2015 ForgeRock AS.
0N/A */
4566N/Apackage com.sun.identity.authentication.service;
0N/A
0N/Aimport static org.forgerock.openam.session.SessionConstants.*;
0N/A
5303N/Aimport com.iplanet.am.util.Misc;
5303N/Aimport com.iplanet.am.util.SystemProperties;
5303N/Aimport com.iplanet.dpro.session.SessionException;
5303N/Aimport com.iplanet.dpro.session.SessionID;
4578N/Aimport com.iplanet.dpro.session.service.InternalSession;
4578N/Aimport com.iplanet.sso.SSOException;
4578N/Aimport com.iplanet.sso.SSOToken;
4573N/Aimport com.iplanet.sso.SSOTokenManager;
4573N/Aimport com.sun.identity.authentication.AuthContext;
1617N/Aimport com.sun.identity.authentication.client.AuthClientUtils;
0N/Aimport com.sun.identity.authentication.client.ZeroPageLoginConfig;
0N/Aimport com.sun.identity.authentication.config.AMAuthConfigUtils;
0N/Aimport com.sun.identity.authentication.config.AMAuthLevelManager;
0N/Aimport com.sun.identity.authentication.server.AuthContextLocal;
0N/Aimport com.sun.identity.authentication.server.AuthXMLRequest;
4566N/Aimport com.sun.identity.authentication.spi.AMLoginModule;
1400N/Aimport com.sun.identity.authentication.spi.AMPostAuthProcessInterface;
4134N/Aimport com.sun.identity.authentication.spi.AuthLoginException;
2086N/Aimport com.sun.identity.authentication.util.AMAuthUtils;
4578N/Aimport com.sun.identity.authentication.util.ISAuthConstants;
4578N/Aimport com.sun.identity.common.ResourceLookup;
4578N/Aimport com.sun.identity.policy.PolicyUtils;
4578N/Aimport com.sun.identity.policy.plugins.AuthLevelCondition;
4578N/Aimport com.sun.identity.policy.plugins.AuthSchemeCondition;
6249N/Aimport com.sun.identity.policy.plugins.AuthenticateToRealmCondition;
4578N/Aimport com.sun.identity.policy.plugins.AuthenticateToServiceCondition;
4578N/Aimport com.sun.identity.security.AdminTokenAction;
0N/Aimport com.sun.identity.shared.Constants;
4578N/Aimport com.sun.identity.shared.configuration.SystemPropertiesManager;
4578N/Aimport com.sun.identity.shared.datastruct.CollectionHelper;
4578N/Aimport com.sun.identity.shared.debug.Debug;
4578N/Aimport com.sun.identity.shared.encode.CookieUtils;
0N/Aimport com.sun.identity.shared.encode.URLEncDec;
4578N/Aimport com.sun.identity.sm.DNMapper;
0N/Aimport com.sun.identity.sm.SMSException;
0N/Aimport com.sun.identity.sm.ServiceConfig;
0N/Aimport com.sun.identity.sm.ServiceConfigManager;
0N/Aimport com.sun.identity.sm.ServiceSchema;
0N/Aimport com.sun.identity.sm.ServiceSchemaManager;
0N/Aimport java.net.URL;
0N/Aimport java.security.AccessController;
1617N/Aimport java.util.ArrayList;
0N/Aimport java.util.Collections;
1400N/Aimport java.util.HashMap;
1400N/Aimport java.util.HashSet;
1400N/Aimport java.util.Hashtable;
1400N/Aimport java.util.Iterator;
1400N/Aimport java.util.Map;
0N/Aimport java.util.ResourceBundle;
0N/Aimport java.util.Set;
0N/Aimport java.util.StringTokenizer;
0N/Aimport javax.security.auth.callback.Callback;
0N/Aimport javax.security.auth.login.AppConfigurationEntry;
0N/Aimport javax.security.auth.login.Configuration;
0N/Aimport javax.servlet.http.Cookie;
0N/Aimport javax.servlet.http.HttpServletRequest;
0N/Aimport javax.servlet.http.HttpServletResponse;
0N/Aimport org.forgerock.openam.session.SessionServiceURLService;
0N/Aimport org.forgerock.openam.shared.security.whitelist.RedirectUrlValidator;
0N/Aimport org.forgerock.util.Reject;
0N/A
0N/Apublic class AuthUtils extends AuthClientUtils {
0N/A
0N/A public static final String BUNDLE_NAME="amAuth";
0N/A
0N/A /**
0N/A * Authentication type for Realm based authentication after
0N/A * Composite Advices
0N/A */
0N/A public static final int REALM = 1;
0N/A
0N/A /**
0N/A * Authentication type for Service based authentication after
0N/A * Composite Advices
0N/A */
0N/A public static final int SERVICE = 2;
1617N/A
0N/A /**
4134N/A * Authentication type for Module based authentication after
1617N/A * Composite Advices
0N/A */
0N/A public static final int MODULE = 3;
0N/A
0N/A
0N/A private static ArrayList pureJAASModuleClasses = new ArrayList();
0N/A private static ArrayList ISModuleClasses = new ArrayList();
2086N/A private static Hashtable moduleService = new Hashtable();
2086N/A private static ResourceBundle bundle;
0N/A static Debug utilDebug = Debug.getInstance("amAuthUtils");
0N/A private static String serviceURI = SystemProperties.get(
0N/A Constants.AM_SERVICES_DEPLOYMENT_DESCRIPTOR) + "/UI/Login";
0N/A
0N/A private static final SessionServiceURLService SESSION_SERVICE_URL_SERVICE = SessionServiceURLService.getInstance();
0N/A
2086N/A /*
2086N/A * Private constructor to prevent any instances being created
0N/A */
0N/A private AuthUtils() {
0N/A }
0N/A
0N/A /* retrieve session */
0N/A public static com.iplanet.dpro.session.service.InternalSession
2086N/A getSession(AuthContextLocal authContext) {
2086N/A
0N/A com.iplanet.dpro.session.service.InternalSession sess =
0N/A getLoginState(authContext).getSession();
0N/A if (utilDebug.messageEnabled()) {
0N/A utilDebug.message("returning session : " + sess);
0N/A }
0N/A return sess;
0N/A }
0N/A
0N/A /* this method does the following
0N/A * 1. initializes authService (AuthD) if not already done.
4134N/A * 2. parses the request parameters and stores in dataHash
0N/A * 3. Retrieves the AuthContext object from the global table
0N/A * 4. if this is found then updates the loginState request
0N/A * type to false and updates the parameter hash table in
0N/A * loginstate object.
0N/A
0N/A * on error throws AuthException
0N/A */
0N/A
0N/A /**
0N/A * Returns the authentication context for a request.
0N/A *
0N/A * @param request HTTP Servlet Request.
4134N/A * @param response HTTP Servlet Response.
0N/A * @param sid SessionID for this request.
0N/A * @param isSessionUpgrade <code>true</code> if session upgrade.
0N/A * @param isBackPost <code>true</code> if back posting.
0N/A * @return authentication context.
0N/A */
0N/A public static AuthContextLocal getAuthContext(
0N/A HttpServletRequest request,
0N/A HttpServletResponse response,
0N/A SessionID sid,
0N/A boolean isSessionUpgrade,
0N/A boolean isBackPost) throws AuthException {
0N/A return getAuthContext(request,response,sid,
4134N/A isSessionUpgrade,isBackPost,false);
0N/A }
0N/A
0N/A /**
0N/A * Returns the authentication context for a request.
0N/A *
0N/A * @param request HTTP Servlet Request.
0N/A * @param response HTTP Servlet Response.
0N/A * @param sid SessionID for this request.
0N/A * @param isSessionUpgrade <code>true</code> if session upgrade.
0N/A * @param isBackPost <code>true</code> if back posting.
0N/A * @param isLogout <code>true</code> for logout.
0N/A * @return authentication context.
0N/A */
0N/A public static AuthContextLocal getAuthContext(
0N/A HttpServletRequest request,
4134N/A HttpServletResponse response,
0N/A SessionID sid,
0N/A boolean isSessionUpgrade,
0N/A boolean isBackPost,
0N/A boolean isLogout) throws AuthException {
0N/A utilDebug.message("In AuthUtils:getAuthContext");
0N/A Hashtable dataHash;
0N/A AuthContextLocal authContext = null;
0N/A LoginState loginState = null;
0N/A // initialize auth service.
0N/A AuthD ad = AuthD.getAuth();
0N/A
0N/A try {
0N/A dataHash = parseRequestParameters(request);
0N/A authContext = retrieveAuthContext(request, sid);
0N/A
4134N/A if (utilDebug.messageEnabled()) {
0N/A utilDebug.message("AuthUtil:getAuthContext:sid is.. .: "
0N/A + sid);
0N/A utilDebug.message("AuthUtil:getAuthContext:authContext is..: "
0N/A + authContext);
0N/A }
0N/A
0N/A if(!sid.isNull() && authContext == null && !isSessionUpgrade) {
0N/A String authCookieValue = getAuthCookieValue(request);
0N/A if ((authCookieValue != null) && (!authCookieValue.isEmpty())
0N/A && (!authCookieValue.equalsIgnoreCase("LOGOUT"))) {
0N/A String cookieURL = null;
0N/A try {
0N/A SessionID sessionID = new SessionID(authCookieValue);
0N/A URL sessionServerURL = SESSION_SERVICE_URL_SERVICE.getSessionServiceURL(sessionID);
0N/A cookieURL = sessionServerURL.getProtocol()
4134N/A + "://" + sessionServerURL.getHost() + ":"
0N/A + Integer.toString(sessionServerURL.getPort())
0N/A + serviceURI;
0N/A } catch (SessionException e) {
0N/A if (utilDebug.messageEnabled()) {
0N/A utilDebug.message("AuthUtils:getAuthContext():"
0N/A + e.toString());
0N/A }
0N/A }
0N/A if (utilDebug.messageEnabled()) {
0N/A utilDebug.message("AuthUtils:getAuthContext():"
0N/A + "cookieURL : " + cookieURL);
0N/A }
0N/A if ((cookieURL != null) && (!cookieURL.isEmpty()) &&
0N/A (isLocalServer(cookieURL,true))) {
0N/A utilDebug.error("AuthUtils:getAuthContext(): "
4134N/A + "Invalid Session Timed out");
0N/A clearAllCookies(request, response);
0N/A throw new AuthException(
0N/A AMAuthErrorCode.AUTH_TIMEOUT, null);
0N/A }
0N/A }
0N/A }
0N/A
0N/A if (utilDebug.messageEnabled()) {
0N/A utilDebug.message("isSessionUpgrade :" + isSessionUpgrade);
5303N/A utilDebug.message("BACK with Request method POST : "
5303N/A + isBackPost);
5303N/A }
5303N/A
5303N/A if ((authContext == null) && (isLogout)) {
5303N/A return null;
5303N/A }
5303N/A
5303N/A if ((authContext == null) || (isSessionUpgrade) || (isBackPost)) {
5303N/A try {
5303N/A loginState = new LoginState();
5303N/A InternalSession oldSession = null;
5303N/A if (sid != null) {
5303N/A oldSession = AuthD.getSession(sid);
5303N/A loginState.setOldSession(oldSession);
5303N/A }
5303N/A if (isSessionUpgrade) {
5303N/A loginState.setOldSession(oldSession);
5303N/A loginState.setSessionUpgrade(isSessionUpgrade);
5303N/A } else if (isBackPost) {
0N/A loginState.setOldSession(oldSession);
5303N/A }
5303N/A authContext =
5303N/A loginState.createAuthContext(request,response,sid,dataHash);
0N/A authContext.setLoginState(loginState);
5303N/A String queryOrg =
5303N/A getQueryOrgName(request,getOrgParam(dataHash));
5303N/A if (utilDebug.messageEnabled()) {
0N/A utilDebug.message("query org is .. : "+ queryOrg);
0N/A }
0N/A loginState.setQueryOrg(queryOrg);
0N/A } catch (AuthException ae) {
0N/A utilDebug.message("Error creating AuthContextLocal : ");
0N/A if (utilDebug.messageEnabled()) {
0N/A utilDebug.message("Exception " , ae);
0N/A }
0N/A throw new AuthException(ae);
0N/A }
0N/A } else {
0N/A utilDebug.message("getAuthContext: found existing request.");
0N/A
2086N/A authContext = processAuthContext(authContext,request,
5303N/A response,dataHash,sid);
4566N/A loginState = getLoginState(authContext);
4566N/A loginState.setNewRequest(false);
0N/A }
0N/A
0N/A } catch (Exception ee) {
0N/A if (utilDebug.messageEnabled()) {
0N/A utilDebug.message("Error creating AuthContextLocal : "
0N/A + ee.getMessage());
0N/A }
0N/A
2086N/A throw new AuthException(ee);
4566N/A }
5303N/A return authContext;
4566N/A
4566N/A }
4566N/A
0N/A
0N/A // processAuthContext checks for arg=newsession in the HttpServletRequest
0N/A // if request has arg=newsession then destroy session and create a new
0N/A // AuthContextLocal object.
0N/A
0N/A static AuthContextLocal processAuthContext(AuthContextLocal authContext,
0N/A HttpServletRequest request,
0N/A HttpServletResponse response,
0N/A Hashtable dataHash,
0N/A SessionID sid) throws AuthException {
0N/A // initialize auth service.
0N/A AuthD ad = AuthD.getAuth();
0N/A
5303N/A LoginState loginState = getLoginState(authContext);
4566N/A com.iplanet.dpro.session.service.InternalSession sess = null;
4566N/A
4566N/A if (utilDebug.messageEnabled()) {
0N/A utilDebug.message("in processAuthContext authcontext : "
0N/A + authContext );
4566N/A utilDebug.message("in processAuthContext request : " + request);
0N/A utilDebug.message("in processAuthContext response : " + response);
0N/A utilDebug.message("in processAuthContext sid : " + sid);
0N/A }
0N/A
0N/A if (newSessionArgExists(dataHash, sid) &&
4566N/A (loginState.getLoginStatus() == LoginStatus.AUTH_SUCCESS)) {
4566N/A // destroy auth context and create new one.
0N/A utilDebug.message("newSession arg exists");
0N/A destroySession(loginState);
0N/A try{
0N/A loginState = new LoginState();
0N/A authContext = loginState.createAuthContext(request,response,
4566N/A sid,dataHash);
5303N/A authContext.setLoginState(loginState);
4566N/A String queryOrg =
4566N/A getQueryOrgName(request,getOrgParam(dataHash));
4566N/A if (utilDebug.messageEnabled()) {
0N/A utilDebug.message("query org is .. : "+ queryOrg);
0N/A }
0N/A loginState.setQueryOrg(queryOrg);
0N/A } catch (AuthException ae) {
0N/A utilDebug.message("Error creating AuthContextLocal");
0N/A if (utilDebug.messageEnabled()) {
0N/A utilDebug.message("Exception " , ae);
0N/A }
0N/A throw new AuthException(AMAuthErrorCode.AUTH_ERROR, null);
4566N/A }
5303N/A } else {
4566N/A boolean multipleTabsUsed =
4566N/A Boolean.valueOf(SystemPropertiesManager.get(
4566N/A Constants.MULTIPLE_TABS_USED, "false")).booleanValue();
0N/A if (ad.debug.messageEnabled()) {
0N/A ad.debug.message("AuthUtils .processAuthContext()."
0N/A + Constants.MULTIPLE_TABS_USED+"="+multipleTabsUsed);
0N/A }
0N/A /**
4566N/A * This flag indicates that the same user is running the auth login
0N/A * process in mutiple tabs of the same browser and if the auth
0N/A * is zero user intervention custom auth module using Redirect
0N/A * Callback, then there would be a situation that the same
0N/A * authContext is being used by mutiple threads running the
0N/A * auth process, so avoid this mutiple thread interference keep
0N/A * the process in this while loop until all the submit requirements
4566N/A * have been met. This is a specific customer use case.
4566N/A */
0N/A if (multipleTabsUsed) {
0N/A while (authContext.submittedRequirements()) {
0N/A ad.debug.error("Currently processing submit Requirements");
0N/A if (ad.debug.messageEnabled()) {
0N/A ad.debug.message("watiting for submittedRequirements() "
4566N/A +"to complete.");
0N/A }
0N/A }
0N/A } else {
0N/A if (authContext.submittedRequirements()) {
4566N/A ad.debug.error("Currently processing submit Requirements");
5303N/A throw new AuthException(
4566N/A AMAuthErrorCode.AUTH_TOO_MANY_ATTEMPTS, null);
4566N/A }
4566N/A }
0N/A // update loginState - requestHash , sess
0N/A utilDebug.message("new session arg does not exist");
0N/A loginState.setHttpServletRequest(request);
0N/A loginState.setHttpServletResponse(response);
0N/A loginState.setParamHash(dataHash);
0N/A sess = ad.getSession(sid);
5303N/A if (utilDebug.messageEnabled()) {
0N/A utilDebug.message("AuthUtil :Session is .. : " + sess);
0N/A }
5303N/A loginState.setSession(sess);
4566N/A loginState.setRequestLocale(request);
4566N/A if (checkForCookies(request)) {
4566N/A loginState.setCookieDetect(false);
4566N/A }
4566N/A }
4566N/A return authContext;
5303N/A }
0N/A
0N/A public static LoginState getLoginState(AuthContextLocal authContext) {
0N/A
0N/A LoginState loginState = null;
0N/A if (authContext != null) {
0N/A loginState = authContext.getLoginState();
0N/A }
0N/A return loginState;
0N/A }
0N/A
0N/A public static Hashtable getRequestParameters(AuthContextLocal authContext) {
0N/A LoginState loginState = getLoginState(authContext);
0N/A if (loginState != null) {
5303N/A return loginState.getRequestParamHash();
4566N/A } else {
4566N/A return new Hashtable();
4566N/A }
0N/A }
0N/A
5303N/A // retrieve the sid from the LoginState object
5303N/A public static String getSidString(AuthContextLocal authContext)
5303N/A throws AuthException {
5303N/A com.iplanet.dpro.session.service.InternalSession sess = null;
5303N/A String sidString = null;
5303N/A try {
5303N/A if (authContext != null) {
5303N/A LoginState loginState = authContext.getLoginState();
5303N/A if (loginState != null) {
5303N/A SessionID sid = loginState.getSid();
5303N/A if (sid != null) {
5303N/A sidString = sid.toString();
0N/A }
5303N/A }
0N/A }
0N/A } catch (Exception e) {
5303N/A if (utilDebug.messageEnabled()) {
5303N/A utilDebug.message("Error retreiving sid.. :" + e.getMessage());
5303N/A }
5303N/A // no need to have error code since the method where this is called
868N/A // generates AUTH_ERROR
5303N/A throw new AuthException("noSid", new Object[] {e.getMessage()});
5303N/A }
5303N/A return sidString;
5303N/A }
5303N/A
5303N/A /**
5303N/A * Returns the Cookie object created based on the cookie name,
5303N/A * Session ID and cookie domain. If Session is in invalid State then
5303N/A * cookie is created with authentication cookie name , if
0N/A * Active/Inactive Session state AM Cookie Name will be used to create
5303N/A * cookie.
5303N/A *
5303N/A * @param ac the AuthContext object
5303N/A *@param cookieDomain the cookie domain for creating cookie
5303N/A * @return Cookie object.
5303N/A */
5303N/A public static Cookie getCookieString(AuthContextLocal ac,String cookieDomain) {
5303N/A
5303N/A Cookie cookie=null;
5303N/A String cookieName = getCookieName();
5303N/A try {
868N/A String sidString= getSidString(ac);
5303N/A LoginState loginState = getLoginState(ac);
5303N/A if (loginState != null && loginState.isSessionInvalid()) {
5303N/A cookieName = getAuthCookieName();
5303N/A utilDebug.message("Create AM AUTH cookie");
5303N/A }
5303N/A cookie = createCookie(cookieName,sidString,cookieDomain);
5303N/A if (CookieUtils.isCookieSecure()) {
5303N/A cookie.setSecure(true);
5303N/A }
5303N/A } catch (Exception e) {
5303N/A if (utilDebug.messageEnabled()) {
5303N/A utilDebug.message("Error getting sid : " + e.getMessage());
5866N/A }
5303N/A }
5303N/A if (utilDebug.messageEnabled()) {
5303N/A utilDebug.message("Cookie is : " + cookie);
5303N/A }
5303N/A return cookie;
5303N/A }
5303N/A
5303N/A /**
868N/A * Returns the Logout cookie.
0N/A *
5303N/A * @param ac the AuthContextLocal object
5303N/A * @param cookieDomain the cookieDomain
5303N/A * @return Logout cookie .
5303N/A */
5303N/A public static Cookie getLogoutCookie(AuthContextLocal ac, String cookieDomain) {
5303N/A LoginState loginState = getLoginState(ac);
5303N/A SessionID sid = loginState.getSid();
5303N/A String logoutCookieString = getLogoutCookieString(sid);
5303N/A Cookie logoutCookie = createCookie(logoutCookieString,cookieDomain);
5303N/A logoutCookie.setMaxAge(0);
5303N/A return logoutCookie;
5303N/A }
5303N/A
5303N/A /*
5303N/A * Return logout url from LoginState object.
5303N/A * Caller should check for possible null value returned.
5303N/A */
5303N/A public String getLogoutURL(AuthContextLocal authContext) {
5303N/A
5303N/A try {
5303N/A LoginState loginState = getLoginState(authContext);
4566N/A if (loginState == null) {
5303N/A // No default URL in case of logout. Taken care by LogoutBean.
4578N/A return null;
5303N/A }
5303N/A
4578N/A String logoutURL = loginState.getLogoutURL();
5303N/A
4578N/A if (utilDebug.messageEnabled()) {
4578N/A if (logoutURL != null)
5303N/A utilDebug.message("AuthUtils: getLogoutURL : " + logoutURL);
5303N/A else
4578N/A utilDebug.message("AuthUtils: getLogoutURL : null");
5303N/A }
4578N/A
4578N/A return logoutURL;
5303N/A
5303N/A } catch (Exception e) {
5303N/A utilDebug.message("Exception " , e);
5303N/A return null;
5303N/A }
5303N/A }
5303N/A // returns true if request is new else false.
5303N/A public static boolean isNewRequest(AuthContextLocal ac) {
5303N/A
5303N/A LoginState loginState = getLoginState(ac);
5303N/A if (loginState.isNewRequest()) {
5303N/A if (utilDebug.messageEnabled()) {
5303N/A utilDebug.message("this is a newRequest");
4566N/A }
5303N/A return true;
5303N/A } else {
5303N/A if (utilDebug.messageEnabled()) {
5303N/A utilDebug.message("this is an existing request");
5303N/A }
5303N/A return false;
5303N/A }
5303N/A }
5303N/A
5303N/A /* return the successful login url */
5303N/A public static String getLoginSuccessURL(AuthContextLocal authContext) {
5303N/A String successURL = null;
5303N/A LoginState loginState = getLoginState(authContext);
5303N/A if (loginState == null) {
5303N/A successURL = AuthD.getAuth().getDefaultSuccessURL();
5303N/A } else {
5303N/A successURL = getLoginState(authContext).getSuccessLoginURL();
5303N/A }
5303N/A return successURL;
5303N/A }
5303N/A
5303N/A /* return the failed login url */
5303N/A public static String getLoginFailedURL(AuthContextLocal authContext) {
5303N/A
5303N/A try {
4566N/A LoginState loginState = getLoginState(authContext);
5303N/A if (loginState == null) {
5303N/A return AuthD.getAuth().getDefaultFailureURL();
5303N/A }
5303N/A String loginFailedURL=loginState.getFailureLoginURL();
5303N/A if (utilDebug.messageEnabled()) {
5303N/A utilDebug.message("AuthUtils: getLoginFailedURL "
5303N/A + loginFailedURL);
5303N/A }
5303N/A
5303N/A // remove the loginstate/authContext from the hashtable
5303N/A //removeLoginStateFromHash(authContext);
5303N/A // destroySession(authContext);
5303N/A return loginFailedURL;
5303N/A } catch (Exception e) {
4566N/A utilDebug.message("Exception " , e);
4566N/A return null;
4566N/A }
5303N/A }
5303N/A
5303N/A
5303N/A /* return filename - will use FileLookUp API
5303N/A * for UI only - this returns the relative path
5303N/A */
6249N/A public static String getFileName(AuthContextLocal authContext,String fileName) {
6249N/A
6249N/A LoginState loginState = getLoginState(authContext);
4566N/A String relFileName = null;
5303N/A if (loginState != null) {
5303N/A relFileName =
4566N/A getLoginState(authContext).getFileName(fileName);
4566N/A }
4566N/A if (utilDebug.messageEnabled()) {
4566N/A utilDebug.message("getFileName:AuthUtilsFile name is :"
4566N/A + relFileName);
4566N/A }
4566N/A return relFileName;
4566N/A }
4566N/A
4566N/A public static boolean getInetDomainStatus(AuthContextLocal authContext) {
4566N/A return getLoginState(authContext).getInetDomainStatus();
4566N/A }
4566N/A
4566N/A public static boolean newSessionArgExists(
4566N/A Hashtable dataHash, SessionID sid) {
4566N/A
4566N/A String arg = (String)dataHash.get("arg");
4566N/A if (arg != null && arg.equals("newsession")) {
4566N/A if (retrieveAuthContext(sid) != null) {
4566N/A return true;
5303N/A } else {
5303N/A return false;
5303N/A }
5303N/A }
5303N/A return false;
5303N/A }
5303N/A
5303N/A public static String encodeURL(String url,
5303N/A AuthContextLocal authContext,
5303N/A HttpServletResponse response) {
5303N/A if (utilDebug.messageEnabled()) {
5303N/A utilDebug.message("AuthUtils:input url is :"+ url);
5303N/A }
4566N/A LoginState loginState = getLoginState(authContext);
4566N/A String encodedURL;
0N/A
0N/A if (loginState==null) {
0N/A encodedURL = url;
0N/A } else {
0N/A encodedURL = loginState.encodeURL(url,response);
0N/A }
0N/A if (utilDebug.messageEnabled()) {
0N/A utilDebug.message("AuthUtils:encoded url is :"+encodedURL);
0N/A }
0N/A
0N/A return encodedURL;
0N/A }
0N/A
0N/A // return the locale
0N/A public static String getLocale(AuthContextLocal authContext) {
0N/A // initialize auth service.
0N/A AuthD ad = AuthD.getAuth();
0N/A
0N/A if (authContext == null) {
0N/A return ad.getPlatformLocale();
0N/A }
0N/A
0N/A LoginState loginState = getLoginState(authContext);
0N/A if (loginState == null) {
0N/A return ad.getPlatformLocale();
0N/A }
0N/A
0N/A return loginState.getLocale();
0N/A }
0N/A
0N/A static void destroySession(LoginState loginState) {
0N/A try {
0N/A if (loginState != null) {
0N/A loginState.destroySession();
0N/A }
2086N/A } catch (Exception e) {
5303N/A utilDebug.message("Error destroySEssion : " , e);
2086N/A }
2086N/A }
0N/A
0N/A public static void destroySession(AuthContextLocal authContext) {
0N/A if (authContext != null) {
0N/A LoginState loginState = getLoginState(authContext);
0N/A destroySession(loginState);
0N/A }
0N/A }
0N/A
0N/A /**
0N/A * Returns <code>true</code> if the session has timed out or the page has
0N/A * timed out.
0N/A *
0N/A * @param authContext the authentication context object for the request.
0N/A * @return <code>true</code> if timed out else false.
0N/A */
0N/A public static boolean sessionTimedOut(AuthContextLocal authContext) {
0N/A boolean timedOut = false;
0N/A
0N/A LoginState loginState = getLoginState(authContext);
0N/A
0N/A if (loginState != null) {
0N/A timedOut = loginState.isTimedOut();
0N/A
0N/A if (!timedOut) {
0N/A InternalSession sess = loginState.getSession();
0N/A if (sess != null) {
0N/A timedOut = sess.isTimedOut();
0N/A }
0N/A loginState.setTimedOut(timedOut);
0N/A }
0N/A
0N/A if (utilDebug.messageEnabled()) {
0N/A utilDebug.message("AuthUtils.sessionTimedOut: " + timedOut);
0N/A }
0N/A }
0N/A return timedOut;
0N/A }
0N/A
0N/A public static Cookie createlbCookie(AuthContextLocal authContext,
0N/A String cookieDomain, boolean persist) throws AuthException {
0N/A Cookie lbCookie=null;
0N/A try {
0N/A if (utilDebug.messageEnabled()) {
0N/A utilDebug.message("cookieDomain : " + cookieDomain);
0N/A }
0N/A LoginState loginState = getLoginState(authContext);
0N/A lbCookie = loginState.setlbCookie(cookieDomain, persist);
0N/A return lbCookie;
0N/A } catch (Exception e) {
0N/A utilDebug.message("Unable to create Load Balance Cookie");
0N/A throw new AuthException(AMAuthErrorCode.AUTH_ERROR, null);
0N/A }
0N/A
0N/A }
0N/A
2086N/A public static void setlbCookie(AuthContextLocal authContext,
5303N/A HttpServletRequest request, HttpServletResponse response)
2086N/A throws AuthException {
2086N/A String cookieName = getlbCookieName();
0N/A if (cookieName != null && cookieName.length() != 0) {
0N/A Set domains = getCookieDomainsForReq(request);
0N/A if (!domains.isEmpty()) {
0N/A for (Iterator it = domains.iterator(); it.hasNext(); ) {
0N/A String domain = (String)it.next();
0N/A Cookie cookie = createlbCookie(authContext, domain, false);
5303N/A CookieUtils.addCookieToResponse(response, cookie);
2086N/A }
2086N/A } else {
2086N/A CookieUtils.addCookieToResponse(response,
0N/A createlbCookie(authContext, null, false));
0N/A }
0N/A }
0N/A }
0N/A
0N/A /* return the indexType for this request */
0N/A public static int getCompositeAdviceType(AuthContextLocal authContext) {
0N/A int type = 0;
0N/A try {
0N/A LoginState loginState = getLoginState(authContext);
0N/A if (loginState != null) {
0N/A type = loginState.getCompositeAdviceType();
0N/A }
0N/A if (utilDebug.messageEnabled()) {
0N/A utilDebug.message("in getCompositeAdviceType, type : " + type);
0N/A }
0N/A } catch (Exception e) {
0N/A if (utilDebug.messageEnabled()) {
0N/A utilDebug.message("Error in getCompositeAdviceType : "
0N/A + e.toString());
0N/A }
0N/A }
0N/A return type;
2086N/A }
5303N/A
2086N/A /* return the indexType for this request */
2086N/A public static AuthContext.IndexType getIndexType(AuthContextLocal authContext) {
0N/A
0N/A try {
0N/A AuthContext.IndexType indexType = null;
0N/A LoginState loginState = getLoginState(authContext);
0N/A
0N/A if (loginState != null) {
607N/A indexType = loginState.getIndexType();
5303N/A }
5303N/A if (utilDebug.messageEnabled()) {
5303N/A utilDebug.message("in getIndexType, index type : " + indexType);
5303N/A }
5303N/A return indexType;
5303N/A } catch (Exception e) {
607N/A if (utilDebug.messageEnabled()) {
5303N/A utilDebug.message("Error in getIndexType : " + e.toString());
5303N/A }
5303N/A return null;
5303N/A }
607N/A }
5303N/A
607N/A /* return the indexName for this request */
5303N/A public static String getIndexName(AuthContextLocal authContext) {
5303N/A
607N/A try {
5303N/A String indexName = null;
5303N/A LoginState loginState = getLoginState(authContext);
5303N/A
5303N/A if (loginState != null) {
5303N/A indexName = loginState.getIndexName();
5303N/A }
5303N/A if (utilDebug.messageEnabled()) {
5303N/A utilDebug.message("in getIndexName, index Name : " + indexName);
5303N/A }
5303N/A return indexName;
5303N/A } catch (Exception e) {
5303N/A if (utilDebug.messageEnabled()) {
5303N/A utilDebug.message("Error in getIndexName : " + e.toString());
5303N/A }
5303N/A return null;
5303N/A }
5303N/A }
5303N/A
5303N/A public static Callback[] getRecdCallback(AuthContextLocal authContext) {
5303N/A LoginState loginState = getLoginState(authContext);
607N/A Callback[] recdCallback = null;
5303N/A if (loginState != null) {
5303N/A recdCallback = loginState.getRecdCallback();
5303N/A }
5303N/A
5303N/A if ( recdCallback != null ) {
5303N/A if (utilDebug.messageEnabled()) {
5303N/A for (int i = 0; i < recdCallback.length; i++) {
5303N/A utilDebug.message("in getRecdCallback, recdCallback["
5303N/A + i + "] :" + recdCallback[i]);
5303N/A }
5303N/A }
5303N/A }
5303N/A else {
5303N/A utilDebug.message("in getRecdCallback, recdCallback is null");
5303N/A }
5303N/A
5303N/A return recdCallback;
5303N/A }
5303N/A
5303N/A /**
5303N/A * Returns the resource based on the default values.
5303N/A *
607N/A * @param request HTTP Servlet Request.
5303N/A * @param fileName name of the file
5303N/A * @return Path to the resource.
5303N/A */
5303N/A public static String getDefaultFileName(
5303N/A HttpServletRequest request,
5303N/A String fileName) {
5303N/A // initialize auth service.
5303N/A AuthD ad = AuthD.getAuth();
5303N/A
5303N/A String locale = ad.getPlatformLocale();
5303N/A String filePath = getFilePath(getClientType(request));
5303N/A String fileRoot = getFileRoot();
5303N/A String orgDN;
5303N/A try {
5303N/A orgDN = getDomainNameByRequest(request, parseRequestParameters(request));
5303N/A } catch (Exception ex) {
5303N/A //in case we are unable to determine the realm from the incoming
5303N/A //requests, let's fallback to top level realm
5303N/A orgDN = getOrganizationDN("/", false, request);
5303N/A }
5303N/A String orgFilePath = getOrgFilePath(orgDN);
5303N/A String templateFile = null;
5303N/A try {
5303N/A templateFile = ResourceLookup.getFirstExisting(
5303N/A ad.getServletContext(),
5303N/A fileRoot,locale,orgFilePath,filePath,fileName,
5303N/A templatePath);
5303N/A } catch (Exception e) {
5303N/A templateFile = new StringBuffer().append(templatePath)
5303N/A .append(fileRoot).append(Constants.FILE_SEPARATOR)
5303N/A .append(fileName).toString();
5303N/A }
5303N/A if (utilDebug.messageEnabled()) {
5303N/A utilDebug.message("getDefaultFileName:templateFile is :" +
5303N/A templateFile);
5303N/A }
607N/A return templateFile;
5303N/A }
5303N/A
4578N/A /* returns the orgDN for the request */
4578N/A public static String getOrgDN(AuthContextLocal authContext) {
5303N/A String orgDN = null;
5303N/A LoginState loginState = getLoginState(authContext);
5303N/A if (loginState != null) {
5303N/A orgDN = loginState.getOrgDN();
5303N/A }
5303N/A if (utilDebug.messageEnabled()) {
5303N/A utilDebug.message("orgDN is : " + orgDN);
5303N/A }
5303N/A return orgDN;
5303N/A }
5303N/A
5303N/A /* create auth context for org */
5303N/A public static AuthContextLocal getAuthContext(String orgName)
5303N/A throws AuthException {
5303N/A return getAuthContext(orgName,"0",false, null);
5303N/A }
5303N/A
5303N/A public static AuthContextLocal getAuthContext(String orgName,
5303N/A String sessionID) throws AuthException {
5303N/A return getAuthContext(orgName,sessionID,false, null);
5303N/A }
5303N/A
5303N/A public static AuthContextLocal getAuthContext(String orgName,
5303N/A HttpServletRequest req) throws AuthException {
607N/A return getAuthContext(orgName, "0", false, req);
5303N/A }
5303N/A
5303N/A public static AuthContextLocal getAuthContext(String orgName,
5303N/A String sessionID, boolean logout) throws AuthException {
5303N/A return getAuthContext(orgName, sessionID, logout, null);
5303N/A }
5303N/A
5303N/A public static AuthContextLocal getAuthContext(HttpServletRequest req,
5303N/A String sessionID) throws AuthException {
5303N/A return getAuthContext(null, sessionID, false, req);
5303N/A }
5303N/A
5303N/A /** Returns the AuthContext Handle for the Request.
5303N/A * @param orgName OrganizationName in request
5303N/A * @param sessionID Session ID for this request
5303N/A * @param isLogout a boolean which is true if it is a Logout request
5303N/A * @param req HttpServletRequest
5303N/A * @return AuthContextLocal object
5303N/A */
5303N/A public static AuthContextLocal getAuthContext(String orgName,
5303N/A String sessionID, boolean isLogout, HttpServletRequest req)
5303N/A throws AuthException {
5303N/A return getAuthContext(orgName, sessionID, isLogout, req, null, null);
5303N/A }
5303N/A
5303N/A /* create auth context for org and sid, if sessionupgrade then
5303N/A * save the previous authcontext and create new authcontext
5303N/A * orgName - organization name to login to
5303N/A * sessionId - sessionID of the request - "0" if new request
607N/A * isLogout - is this a logout request
3853N/A * @param orgName OrganizationName in request
3853N/A * @param sessionID Session ID for this request
3853N/A * @param isLogout a boolean which is true if it is a Logout request
3853N/A * @param req HttpServletRequest
4134N/A * @param indexType Index Type
3853N/A * @param indexName Index Name
3853N/A * @return AuthContextLocal object
3853N/A */
3853N/A public static AuthContextLocal getAuthContext(String orgName,
4566N/A String sessionID, boolean isLogout, HttpServletRequest req,
4566N/A String indexType, AuthXMLRequest xmlReq)
4566N/A throws AuthException {
4566N/A return getAuthContext(orgName, sessionID, isLogout, req,indexType,
5866N/A xmlReq,false);
5866N/A }
5866N/A
5866N/A /* create auth context for org and sid, if sessionupgrade then
5866N/A * save the previous authcontext and create new authcontext
5866N/A * orgName - organization name to login too
5866N/A * sessionId - sessionID of the request - "0" if new request
5866N/A * isLogout - is this a logout request - if yes then no session
5866N/A * upgrade - this is the case where session is VALID so need
5866N/A * to use this flag to determine if session upgrade is needed.
4566N/A * this is used mainly for Logout/Abort.
4566N/A * @param orgName OrganizationName in request
4566N/A * @param sessionID Session ID for this request
4566N/A * @param isLogout a boolean which is true if it is a Logout request
4566N/A * @param req HttpServletRequest
4566N/A * @param indexType Index Type
4566N/A * @param indexName Index Name
5972N/A * @param forceAuth force auth flag
5866N/A * @return AuthContextLocal object
4566N/A */
4566N/A public static AuthContextLocal getAuthContext(String orgName,
4566N/A String sessionID, boolean isLogout, HttpServletRequest req,
4566N/A String indexType, AuthXMLRequest xmlReq, boolean forceAuth)
4583N/A throws AuthException {
4583N/A AuthContextLocal authContext = null;
4583N/A SessionID sid = null;
4583N/A com.iplanet.dpro.session.service.InternalSession sess = null;
4566N/A LoginState loginState = null;
4566N/A boolean sessionUpgrade = false;
4566N/A AuthD ad = AuthD.getAuth();
4566N/A int sessionState = -1;
4566N/A SSOToken ssot = null;
4566N/A String indexName = null;
5866N/A if (xmlReq != null) {
4583N/A indexName = xmlReq.getIndexName();
4566N/A }
4566N/A
4566N/A if (utilDebug.messageEnabled()) {
4566N/A utilDebug.message("orgName : " + orgName);
4566N/A utilDebug.message("sessionID is " + sessionID);
4583N/A utilDebug.message("sessionID is " + sessionID.length());
4566N/A utilDebug.message("isLogout : " + isLogout);
4566N/A }
4566N/A try {
4566N/A if ((sessionID != null) && (!sessionID.equals("0"))) {
4566N/A sid = new SessionID(sessionID);
4566N/A authContext = retrieveAuthContext(req, sid);
4573N/A
4566N/A // check if this sesson id is active, if yes then it
4566N/A // is a session upgrade case.
4566N/A loginState = getLoginState(authContext);
4566N/A if (loginState != null) {
4566N/A sess = loginState.getSession();
4566N/A } else {
4566N/A sess = AuthD.getSession(sessionID);
4566N/A }
4566N/A if (sess == null) {
4566N/A sessionUpgrade = false;
4566N/A } else {
4566N/A sessionState = sess.getState();
4566N/A if (utilDebug.messageEnabled()) {
4566N/A utilDebug.message("sid from sess is : " + sess.getID());
4566N/A utilDebug.message("sess is : " + sessionState);
4566N/A }
4566N/A if (!((sessionState == INVALID) || (isLogout))) {
4566N/A ssot = AuthUtils.
4566N/A getExistingValidSSOToken(sid);
4566N/A if ((indexType != null) && (indexName != null)) {
4566N/A Hashtable indexTable = new Hashtable();
4566N/A indexTable.put(indexType, indexName);
4566N/A if (forceAuth) {
4566N/A sessionUpgrade = true;
4566N/A } else {
4566N/A sessionUpgrade = checkSessionUpgrade(ssot,
4566N/A indexTable);
4566N/A }
4566N/A } else {
4566N/A sessionUpgrade = true;
4566N/A }
4566N/A }
4566N/A if (utilDebug.messageEnabled()) {
4583N/A utilDebug.message("session upgrade is : "+ sessionUpgrade);
4583N/A }
4583N/A }
4583N/A }
4583N/A
4583N/A if (utilDebug.messageEnabled()) {
4583N/A utilDebug.message("AuthUtil:getAuthContext:sid is.. .: " + sid);
4583N/A utilDebug.message("AuthUtil:getAuthContext:authContext is.. .: "
4583N/A + authContext);
4583N/A utilDebug.message("AuthUtil:getAuthContext:sessionUpgrade is.. .: "
4583N/A + sessionUpgrade);
4566N/A utilDebug.message("AuthUtil:getAuthContext:ForceAuth is.. .: "
4566N/A + forceAuth);
4566N/A }
4566N/A
4566N/A if ((orgName == null) && (sess == null)) {
4566N/A utilDebug.error("Cannot create authcontext with null org " );
4566N/A throw new AuthException(AMAuthErrorCode.AUTH_TIMEOUT, null);
4566N/A } else if (orgName == null) {
4566N/A orgName = sess.getClientDomain();
4566N/A }
4566N/A if ((ssot != null) && !(sessionUpgrade)) {
4566N/A xmlReq.setValidSessionNoUpgrade(true);
4573N/A return null;
4573N/A }
4573N/A
4573N/A if (((ssot == null) && (loginState == null)) ||
4573N/A (sessionUpgrade)) {
4573N/A try {
4573N/A loginState = new LoginState();
4573N/A InternalSession oldSession = null;
4573N/A if (sid != null) {
4573N/A oldSession = AuthD.getSession(sid);
4573N/A loginState.setOldSession(oldSession);
4573N/A }
4573N/A if (sessionUpgrade) {
4573N/A loginState.setOldSession(oldSession);
4573N/A loginState.setSessionUpgrade(sessionUpgrade);
4573N/A }
4573N/A authContext = loginState.createAuthContext(sid,orgName,req);
4573N/A authContext.setLoginState(loginState);
4573N/A String queryOrg = getQueryOrgName(null,orgName);
4573N/A if (utilDebug.messageEnabled()) {
4573N/A utilDebug.message("query org is .. : "+ queryOrg);
4573N/A }
4573N/A loginState.setQueryOrg(queryOrg);
4573N/A } catch (AuthException ae) {
4573N/A utilDebug.message("Error creating AuthContextLocal 2: ");
4573N/A if (utilDebug.messageEnabled()) {
4573N/A utilDebug.message("Exception " , ae);
4573N/A }
4573N/A throw new AuthException(ae);
4573N/A }
4573N/A } else {
4573N/A // update loginState
4573N/A try {
4573N/A com.iplanet.dpro.session.service.InternalSession
4573N/A requestSess = ad.getSession(sessionID);
4573N/A if (utilDebug.messageEnabled()) {
4573N/A utilDebug.message("AuthUtil :Session is .. : " + requestSess);
4573N/A }
4573N/A loginState = getLoginState(authContext);
4573N/A if (loginState != null) {
4573N/A loginState.setSession(requestSess);
4573N/A loginState.setNewRequest(false);
4573N/A }
4573N/A } catch (Exception ae) {
4573N/A utilDebug.message("Error Retrieving AuthContextLocal" );
4573N/A if (utilDebug.messageEnabled()) {
4573N/A utilDebug.message("Exception " , ae);
4573N/A }
4573N/A throw new AuthException(AMAuthErrorCode.AUTH_ERROR, null);
4573N/A }
4573N/A
4573N/A }
4573N/A if (forceAuth){
4573N/A loginState.setForceAuth(forceAuth);
4573N/A }
4573N/A
4573N/A
4573N/A } catch (Exception ee) {
4573N/A if (utilDebug.messageEnabled()) {
4573N/A utilDebug.message("Creating AuthContextLocal 2: ", ee);
4573N/A }
4566N/A
4566N/A throw new AuthException(ee);
4566N/A }
4566N/A return authContext;
4566N/A }
4573N/A
4573N/A /**
4573N/A * Returns a set of authentication modules whose authentication
4566N/A * level equals to or greater than the specified authLevel. If no such
4573N/A * module exists, an empty set will be returned.
4573N/A *
4566N/A * @param authLevel authentication level.
4573N/A * @param organizationDN DN for the organization.
4573N/A * @param clientType Client type, e.g. "genericHTML".
4573N/A * @return Set of authentication modules whose authentication level
4573N/A * equals to or greater that the specified authentication level.
4573N/A */
4573N/A public static Set getAuthModules(
4573N/A int authLevel,
4573N/A String organizationDN,
4573N/A String clientType) {
4583N/A return AMAuthLevelManager.getInstance().getModulesForLevel(authLevel,
4583N/A organizationDN, clientType);
4583N/A }
4573N/A
4573N/A /* return the previous Internal Session */
4573N/A public static InternalSession getOldSession(AuthContextLocal authContext) {
4573N/A LoginState loginState = getLoginState(authContext);
4573N/A InternalSession oldSession = loginState.getOldSession();
4573N/A return oldSession;
4573N/A }
4573N/A
4573N/A
4573N/A /* retreive the authcontext based on the req */
4573N/A public static AuthContextLocal getOrigAuthContext(SessionID sid)
4573N/A throws AuthException {
4573N/A AuthContextLocal authContext = null;
4573N/A // initialize auth service.
4573N/A AuthD ad = AuthD.getAuth();
4583N/A try {
4573N/A authContext = retrieveAuthContext(sid);
4573N/A if (utilDebug.messageEnabled()) {
4573N/A utilDebug.message("AuthUtil:getOrigAuthContext:sid is.:"+sid);
4573N/A utilDebug.message("AuthUtil:getOrigAuthContext:authContext is:"
4583N/A + authContext);
4573N/A }
4573N/A com.iplanet.dpro.session.service.InternalSession sess =
4573N/A getLoginState(authContext).getSession();
4573N/A if (utilDebug.messageEnabled()) {
4573N/A utilDebug.message("Session is : "+ sess);
4573N/A if (sess != null) {
4573N/A utilDebug.message("Session State is : "+ sess.getState());
4573N/A }
4573N/A utilDebug.message("Returning Orig AuthContext:"+authContext);
4573N/A }
4573N/A
4573N/A if (sess == null) {
4573N/A return null;
4573N/A } else {
4573N/A int status = sess.getState();
4573N/A if (status == INVALID){
4573N/A return null;
4573N/A }
4573N/A return authContext;
4573N/A }
4573N/A
4573N/A } catch (Exception e) {
4573N/A return null;
4573N/A }
4573N/A }
4573N/A
4573N/A /* check if the session is active */
4573N/A public static boolean isSessionActive(AuthContextLocal oldAuthContext) {
4573N/A try {
4573N/A com.iplanet.dpro.session.service.InternalSession sess =
4573N/A getSession(oldAuthContext);
4573N/A if (utilDebug.messageEnabled()) {
4573N/A utilDebug.message("Sess is : " + sess);
4573N/A }
4573N/A boolean sessionValid = false;
4573N/A if (sess != null) {
4573N/A if (sess.getState() == VALID) {
4573N/A sessionValid = true;
4566N/A }
4566N/A if (utilDebug.messageEnabled()) {
4583N/A utilDebug.message("Sess State is : " + sess.getState());
4583N/A utilDebug.message("Is Session Active : " + sessionValid);
4583N/A }
4583N/A }
4583N/A return sessionValid;
4583N/A } catch (Exception e) {
4583N/A return false;
4583N/A }
4583N/A }
4583N/A
4566N/A /* retreive session property */
4573N/A public static String getSessionProperty(String property,
4573N/A AuthContextLocal oldAuthContext) {
4573N/A String value = null;
4573N/A try {
4573N/A com.iplanet.dpro.session.service.InternalSession sess =
4573N/A getSession(oldAuthContext);
4573N/A if (sess != null) {
4573N/A value = sess.getProperty(property);
4573N/A }
4573N/A } catch (Exception e) {
4573N/A utilDebug.message("Error : " ,e);
4573N/A }
4573N/A return value;
4573N/A }
4573N/A
4573N/A /* return session upgrade - true or false */
4573N/A public static boolean isSessionUpgrade(AuthContextLocal authContext) {
4573N/A boolean isSessionUpgrade = false;
4573N/A LoginState loginState = getLoginState(authContext);
4573N/A if (loginState != null) {
4573N/A isSessionUpgrade = loginState.isSessionUpgrade();
4573N/A }
4573N/A return isSessionUpgrade;
4573N/A }
4573N/A
4573N/A public static void setCookieSupported(AuthContextLocal ac, boolean flag) {
4573N/A LoginState loginState = getLoginState(ac);
4573N/A if (loginState==null) {
4573N/A return;
4573N/A }
4573N/A if (utilDebug.messageEnabled()) {
4573N/A utilDebug.message("set cookieSupported to : " + flag);
4573N/A utilDebug.message("set cookieDetect to false");
4573N/A }
4573N/A loginState.setCookieSupported(flag);
4573N/A }
4573N/A
4573N/A public static boolean isCookieSupported(AuthContextLocal ac) {
4573N/A LoginState loginState = getLoginState(ac);
4566N/A if (loginState==null) {
4566N/A return false;
4566N/A }
4573N/A return loginState.isCookieSupported();
4573N/A }
4573N/A
4573N/A public static boolean isCookieSet(AuthContextLocal ac) {
4573N/A LoginState loginState = getLoginState(ac);
4573N/A if (loginState==null) {
4573N/A return false;
4573N/A }
4573N/A return loginState.isCookieSet();
4573N/A }
4573N/A
4573N/A /**
4573N/A * Returns true if cookies found in the request.
4573N/A *
4573N/A * @param req HTTP Servlet Request.
4573N/A * @param ac authentication context.
4573N/A * @return <code>true</code> if cookies found in request.
4573N/A */
4573N/A public static boolean checkForCookies(HttpServletRequest req, AuthContextLocal ac){
4573N/A LoginState loginState = getLoginState(ac);
4573N/A if (loginState!=null) {
4573N/A utilDebug.message("set cookieSet to false.");
4573N/A loginState.setCookieSet(false);
4573N/A loginState.setCookieDetect(false);
4573N/A }
4573N/A // came here if cookie not found , return false
4573N/A return (
4573N/A (CookieUtils.getCookieValueFromReq(req,getAuthCookieName()) != null)
4573N/A ||
4573N/A (CookieUtils.getCookieValueFromReq(req,getCookieName()) !=null));
4573N/A }
4573N/A
4573N/A public static String getLoginURL(AuthContextLocal authContext) {
4573N/A LoginState loginState = getLoginState(authContext);
4573N/A if (loginState==null) {
4573N/A return null;
4573N/A }
4573N/A return loginState.getLoginURL();
4573N/A }
4573N/A
4573N/A public static AuthContextLocal getAuthContextFromHash(SessionID sid) {
4573N/A AuthContextLocal authContext = null;
4573N/A if (sid != null) {
4573N/A authContext = retrieveAuthContext(sid);
4573N/A }
4573N/A return authContext;
4573N/A }
4573N/A
4573N/A // Gets Callbacks per Page state
4573N/A public static Callback[] getCallbacksPerState(AuthContextLocal authContext,
4573N/A String pageState) {
4573N/A LoginState loginState = getLoginState(authContext);
4573N/A Callback[] recdCallback = null;
4573N/A if (loginState != null) {
4573N/A recdCallback = loginState.getCallbacksPerState(pageState);
4573N/A }
4573N/A if ( recdCallback != null ) {
4573N/A if (utilDebug.messageEnabled()) {
4573N/A for (int i = 0; i < recdCallback.length; i++) {
4573N/A utilDebug.message("in getCallbacksPerState, recdCallback["
4573N/A + i + "] :" + recdCallback[i]);
4566N/A }
4578N/A }
4578N/A }
4578N/A else {
4578N/A utilDebug.message("in getCallbacksPerState, recdCallback is null");
4578N/A }
4578N/A return recdCallback;
4578N/A }
4578N/A
4578N/A // Sets (saves) Callbacks per Page state
4578N/A public static void setCallbacksPerState(AuthContextLocal authContext,
4578N/A String pageState, Callback[] callbacks) {
4578N/A LoginState loginState = getLoginState(authContext);
4578N/A
4578N/A if (loginState != null) {
4578N/A loginState.setCallbacksPerState(pageState, callbacks);
4578N/A }
4578N/A if ( callbacks != null ) {
4578N/A if (utilDebug.messageEnabled()) {
4578N/A for (int i = 0; i < callbacks.length; i++) {
4578N/A utilDebug.message("in setCallbacksPerState, callbacks["
4578N/A + i + "] :" + callbacks[i]);
4578N/A }
4578N/A }
4578N/A }
4578N/A else {
4578N/A utilDebug.message("in setCallbacksPerState, callbacks is null");
4578N/A }
4578N/A }
4578N/A
4578N/A /**
4578N/A * Returns the SessionID . This is required to added the
4578N/A * session server , port , protocol info to the Logout Cookie.
4583N/A * SessionID is retrieved from Auth service if a handle on
4583N/A * the authcontext object is there otherwise retrieve from
4583N/A * the request object.
4578N/A *
4578N/A * @param authContext is the AuthContext which is
4578N/A * handle to the auth service
4583N/A * @param request is the HttpServletRequest object
4578N/A * @return returns the SessionID
4578N/A */
4578N/A public static SessionID getSidValue(AuthContextLocal authContext,
4578N/A HttpServletRequest request) {
4578N/A SessionID sessionId = null;
4583N/A if (authContext != null) {
4578N/A utilDebug.message("AuthContext is not null");
4578N/A try {
4578N/A String sid = getSidString(authContext);
4578N/A if (sid != null) {
4578N/A sessionId = new SessionID(sid);
4578N/A }
4578N/A } catch (Exception e) {
4578N/A utilDebug.message("Exception getting sid",e);
4578N/A }
4578N/A }
4578N/A
4578N/A if (sessionId == null) {
4578N/A utilDebug.message("Sid from AuthContext is null");
4578N/A sessionId = new SessionID(request);
4578N/A }
4578N/A
4578N/A if (utilDebug.messageEnabled()) {
4578N/A utilDebug.message("sid is : " + sessionId);
4578N/A }
4578N/A return sessionId;
4578N/A }
4578N/A
4578N/A /**
4578N/A * Returns true if cookie is supported otherwise false.
4578N/A * the value is retrieved from the auth service if a
4578N/A * handle on the auth context object is there otherwise
4578N/A * check the HttpServletRequest object to see if the
4578N/A * OpenAM cookie is in the request header
4578N/A *
4578N/A * @param authContext is the handle to the auth service
4578N/A * for the request
4578N/A * @param request is the HttpServletRequest Object for the
4583N/A * request
4583N/A *
4583N/A * @return boolean value indicating whether cookie is supported
4583N/A * or not.
4583N/A */
4583N/A public static boolean isCookieSupported(AuthContextLocal authContext,
4583N/A HttpServletRequest request) {
4583N/A boolean cookieSupported;
4583N/A if (authContext != null) {
4583N/A utilDebug.message("AuthContext is not null");
4583N/A cookieSupported = isCookieSupported(authContext);
4578N/A } else {
4578N/A cookieSupported = checkForCookies(request,null);
4578N/A }
4578N/A
4578N/A if (utilDebug.messageEnabled()) {
4578N/A utilDebug.message("Cookie supported" + cookieSupported);
4578N/A }
4578N/A return cookieSupported;
4578N/A }
4578N/A
4578N/A /**
4578N/A * Returns the previous index type after module is selected in authlevel
4578N/A * or composite advices.
4578N/A * @param ac the is the AuthContextLocal instance.
4578N/A * @return AuthContext.IndexType.
4578N/A */
4578N/A public static AuthContext.IndexType getPrevIndexType(AuthContextLocal ac) {
4578N/A LoginState loginState = getLoginState(ac);
4578N/A if (loginState != null) {
4578N/A return loginState.getPreviousIndexType();
4578N/A } else {
4578N/A return null;
4578N/A }
4578N/A }
4578N/A
4578N/A /**
4578N/A * Returns whether the auth module is or the auth chain contains pure JAAS
4578N/A * module(s).
4578N/A * @param configName a string of the configuratoin name.
4578N/A * @return 1 for pure JAAS module; -1 for module(s) provided by IS only.
4578N/A */
4578N/A public static int isPureJAASModulePresent(
4578N/A String configName, AMLoginContext amlc)
4578N/A throws AuthLoginException {
4578N/A
4578N/A if (AuthD.isEnforceJAASThread()) {
4578N/A return 1;
4578N/A }
4578N/A int returnValue = -1;
4578N/A
4578N/A Configuration ISConfiguration = null;
4578N/A try {
4578N/A ISConfiguration = Configuration.getConfiguration();
4578N/A } catch (Exception e) {
4578N/A return 1;
4578N/A }
4578N/A
4578N/A AppConfigurationEntry[] entries =
4578N/A ISConfiguration.getAppConfigurationEntry(configName);
4578N/A if (entries == null) {
4578N/A throw new AuthLoginException("amAuth",
4578N/A AMAuthErrorCode.AUTH_CONFIG_NOT_FOUND, null);
4578N/A }
4578N/A // re-use the obtained configuration
4578N/A amlc.setConfigEntries(entries);
4578N/A
4578N/A for (int i = 0; i < entries.length; i++) {
4578N/A String className = entries[i].getLoginModuleName();
4578N/A if (utilDebug.messageEnabled()) {
4578N/A utilDebug.message("config entry: " + className);
4578N/A }
4578N/A if (pureJAASModuleClasses.contains(className)) {
4578N/A returnValue = 1;
4578N/A break;
4578N/A } else if (ISModuleClasses.contains(className)) {
4578N/A continue;
4578N/A }
4578N/A
4578N/A try {
4578N/A Object classObject = Class.forName(className,true,
4578N/A Thread.currentThread().getContextClassLoader()
4578N/A ).newInstance();
4578N/A if (classObject instanceof AMLoginModule) {
4578N/A if (utilDebug.messageEnabled()) {
4578N/A utilDebug.message(className +
4578N/A " is instance of AMLoginModule");
4578N/A }
4578N/A synchronized(ISModuleClasses) {
4578N/A if (! ISModuleClasses.contains(className)) {
4578N/A ISModuleClasses.add(className);
4578N/A }
4578N/A }
4578N/A } else {
4578N/A if (utilDebug.messageEnabled()) {
4578N/A utilDebug.message(className + " is a pure jaas module");
4578N/A }
4578N/A synchronized(pureJAASModuleClasses) {
4578N/A if (! pureJAASModuleClasses.contains(className)) {
4578N/A pureJAASModuleClasses.add(className);
4578N/A }
4578N/A }
4578N/A returnValue = 1;
4578N/A break;
4578N/A }
4578N/A } catch (Exception e) {
4578N/A if (utilDebug.messageEnabled()) {
4578N/A utilDebug.message("fail to instantiate class for " +
4578N/A className);
4578N/A }
4578N/A synchronized(pureJAASModuleClasses) {
4578N/A if (! pureJAASModuleClasses.contains(className)) {
4578N/A pureJAASModuleClasses.add(className);
4578N/A }
4578N/A }
4578N/A returnValue = 1;
4578N/A break;
4578N/A }
4578N/A }
4578N/A return returnValue;
4578N/A }
4578N/A
4578N/A /**
4578N/A * Get the module service name in either
4578N/A * iplanet-am-auth format<module.toLowerCase()>Service(old) or
4578N/A * sunAMAuth<module>Service format(new).
4578N/A */
4578N/A public static String getModuleServiceName(String moduleName) {
4578N/A String serviceName = (String) moduleService.get(moduleName);
4578N/A if (serviceName == null) {
4578N/A serviceName = AMAuthConfigUtils.getModuleServiceName(moduleName);
4578N/A try {
4578N/A SSOToken token = (SSOToken) AccessController.doPrivileged(
4578N/A AdminTokenAction.getInstance());
4578N/A new ServiceSchemaManager(serviceName, token);
4578N/A } catch (Exception e) {
4578N/A serviceName = AMAuthConfigUtils.getNewModuleServiceName(
4578N/A moduleName);
4578N/A }
4578N/A moduleService.put(moduleName, serviceName);
4578N/A }
4578N/A return serviceName;
4578N/A }
4578N/A
4578N/A public static int getAuthRevisionNumber(){
4578N/A try {
4578N/A SSOToken token = (SSOToken) AccessController.doPrivileged(
4578N/A AdminTokenAction.getInstance());
4578N/A ServiceSchemaManager scm = new ServiceSchemaManager(
4578N/A ISAuthConstants.AUTH_SERVICE_NAME, token);
4578N/A return scm.getRevisionNumber();
4578N/A } catch (Exception e) {
4578N/A if (utilDebug.messageEnabled()) {
4578N/A utilDebug.message("getAuthRevisionNumber error", e);
4578N/A }
4578N/A }
4578N/A return 0;
4578N/A }
4578N/A
4578N/A /**
4578N/A * Returns success URL for this request. If <code>goto</code> parameter is
4578N/A * in the current request then returns the <code>goto</code> parameter
4578N/A * else returns the success URL set in the valid session.
4578N/A *
4578N/A * @param request HTTP Servlet Request.
4578N/A * @param authContext authentication context for this request.
4578N/A * @return success URL.
4578N/A */
4578N/A public static String getSuccessURL(
4578N/A HttpServletRequest request,
4578N/A AuthContextLocal authContext) {
4578N/A String orgDN = authContext.getOrgDN();
4578N/A
4578N/A return REDIRECT_URL_VALIDATOR.getRedirectUrl(orgDN,
4578N/A REDIRECT_URL_VALIDATOR.getAndDecodeParameter(request, RedirectUrlValidator.GOTO),
4578N/A getSessionProperty("successURL",authContext));
4578N/A }
4578N/A
4578N/A // Returns the set of Module instances resulting from a 'composite advice'
4578N/A public static Map processCompositeAdviceXML(String xmlCompositeAdvice,
4578N/A String orgDN, String clientType) {
4578N/A Map returnAuthInstances = null;
4578N/A Set returnModuleInstances = null;
4578N/A try {
4578N/A String decodedAdviceXML = URLEncDec.decode(xmlCompositeAdvice);
4578N/A Map adviceMap = PolicyUtils.parseAdvicesXML(decodedAdviceXML);
4578N/A if (utilDebug.messageEnabled()) {
4578N/A utilDebug.message("processCompositeAdviceXML - decoded XML : "
4578N/A + decodedAdviceXML);
4578N/A utilDebug.message("processCompositeAdviceXML - result Map : "
4578N/A + adviceMap);
4578N/A }
4578N/A if ((adviceMap != null) && (!adviceMap.isEmpty())) {
4578N/A returnAuthInstances = new HashMap();
4578N/A returnModuleInstances = new HashSet();
4578N/A Set keySet = adviceMap.keySet();
4578N/A Iterator keyIter = keySet.iterator();
4578N/A while (keyIter.hasNext()) {
4578N/A String name = (String)keyIter.next();
4578N/A Set values = (Set)adviceMap.get(name);
4578N/A if (name.equals(AuthenticateToRealmCondition.
4578N/A AUTHENTICATE_TO_REALM_CONDITION_ADVICE)) {
4578N/A //returnAuthInstances = Collections.EMPTY_MAP;
4578N/A returnAuthInstances.put(name, values);
4578N/A break;
4578N/A } else if (name.equals(AuthenticateToServiceCondition.
4578N/A AUTHENTICATE_TO_SERVICE_CONDITION_ADVICE)) {
4578N/A returnAuthInstances.put(name, values);
4578N/A } else if (name.equals(AuthSchemeCondition.
4578N/A AUTH_SCHEME_CONDITION_ADVICE)) {
4578N/A returnModuleInstances.addAll(values);
4578N/A } else if (name.equals(AuthLevelCondition.
4578N/A AUTH_LEVEL_CONDITION_ADVICE)) {
4578N/A Set newAuthLevelModules =
4578N/A processAuthLevelCondition(values,orgDN,clientType);
4578N/A returnModuleInstances.addAll(newAuthLevelModules);
4578N/A }
4578N/A }
4578N/A if (returnAuthInstances.isEmpty()) {
4578N/A returnAuthInstances.put(
4578N/A AuthSchemeCondition.AUTH_SCHEME_CONDITION_ADVICE,
4578N/A returnModuleInstances);
4578N/A }
4578N/A }
4578N/A } catch (Exception e) {
4578N/A if (utilDebug.messageEnabled()) {
4578N/A utilDebug.message("Error in processCompositeAdviceXML : "
4578N/A , e);
4578N/A }
4578N/A }
4578N/A if (utilDebug.messageEnabled()) {
4578N/A utilDebug.message("processCompositeAdviceXML - " +
4578N/A "returnAuthInstances : " + returnAuthInstances);
4578N/A }
4578N/A return returnAuthInstances;
4578N/A }
4578N/A
4578N/A // Returns the set of module instances having lowest auth level from a
4578N/A // given set of auth level values
4578N/A private static Set processAuthLevelCondition(Set authLevelvalues,
4578N/A String orgDN, String clientType) {
4578N/A if (utilDebug.messageEnabled()) {
4578N/A utilDebug.message("processAuthLevelCondition - authLevelvalues : "
4578N/A + authLevelvalues);
4578N/A }
4578N/A Set returnModuleInstances = Collections.EMPTY_SET;
4578N/A try {
4578N/A if ((authLevelvalues != null) && (!authLevelvalues.isEmpty())) {
4578N/A // First get the lowest auth level value from a given set
4578N/A int minAuthlevel = Integer.MAX_VALUE;
4578N/A String qualifiedRealm = null;
4578N/A String qualifiedOrgDN = null;
4578N/A Iterator iter = authLevelvalues.iterator();
4578N/A while (iter.hasNext()) {
4578N/A //get the Realm qualified Auth Level value
4578N/A String realmQualifiedAuthLevel = (String) iter.next();
4578N/A String strAuthLevel =
4578N/A AMAuthUtils.getDataFromRealmQualifiedData(
4578N/A realmQualifiedAuthLevel);
4578N/A try {
4578N/A int authLevel = Integer.parseInt(strAuthLevel);
4578N/A if (authLevel < minAuthlevel) {
4578N/A minAuthlevel = authLevel;
4578N/A qualifiedRealm =
4578N/A AMAuthUtils.getRealmFromRealmQualifiedData(
4578N/A realmQualifiedAuthLevel);
4578N/A qualifiedOrgDN = null;
4578N/A if ((qualifiedRealm != null) &&
4578N/A (qualifiedRealm.length() != 0)) {
4578N/A qualifiedOrgDN = DNMapper.orgNameToDN(
4578N/A qualifiedRealm);
4578N/A }
4578N/A if (utilDebug.messageEnabled()) {
4578N/A utilDebug.message("qualifiedRealm : "
4578N/A + qualifiedRealm);
4578N/A utilDebug.message("qualifiedOrgDN : "
4578N/A + qualifiedOrgDN);
4578N/A }
4578N/A }
4578N/A } catch (Exception nex) {
4578N/A continue;
4578N/A }
4578N/A }
4578N/A
4578N/A if ((qualifiedOrgDN != null) && (qualifiedOrgDN.length() != 0)) {
4578N/A Set moduleInstances =
4578N/A getAuthModules(minAuthlevel,qualifiedOrgDN,clientType);
4578N/A if (utilDebug.messageEnabled()) {
4578N/A utilDebug.message("moduleInstances : "
4578N/A + moduleInstances);
4578N/A }
4578N/A if ((moduleInstances != null) &&
4578N/A (!moduleInstances.isEmpty())) {
4578N/A
4578N/A returnModuleInstances = new HashSet();
4578N/A Iterator iterInstances = moduleInstances.iterator();
4578N/A while (iterInstances.hasNext()) {
4578N/A //get the module instance value
4578N/A String moduleInstance =
4578N/A (String) iterInstances.next();
4578N/A String realmQualifiedModuleInstance =
4578N/A AMAuthUtils.toRealmQualifiedAuthnData(
4578N/A qualifiedRealm,moduleInstance);
4578N/A returnModuleInstances.add(
4578N/A realmQualifiedModuleInstance);
4578N/A }
4578N/A }
4578N/A } else {
4578N/A returnModuleInstances =
0N/A getAuthModules(minAuthlevel,orgDN,clientType);
}
if (utilDebug.messageEnabled()) {
utilDebug.message("processAuthLevelCondition - " +
"returnModuleInstances : " + returnModuleInstances +
" for auth level : " + minAuthlevel);
}
}
} catch (Exception e) {
if (utilDebug.messageEnabled()) {
utilDebug.message("Error in processAuthLevelCondition : "
, e);
}
}
return returnModuleInstances;
}
// returns AuthContextLocal object from Session object identified by 'sid'.
// if not found then check it in the HttpSession.
private static AuthContextLocal retrieveAuthContext(
HttpServletRequest req, SessionID sid) {
AuthContextLocal acLocal = null;
if (sid != null) {
acLocal = retrieveAuthContext(sid);
}
return acLocal;
}
// retrieve the AuthContextLocal object from the Session object.
private static AuthContextLocal retrieveAuthContext(SessionID sid) {
com.iplanet.dpro.session.service.InternalSession is =
AuthD.getSession(sid);
AuthContextLocal localAC = null;
if (is != null) {
localAC = (AuthContextLocal)
is.getObject(ISAuthConstants.AUTH_CONTEXT_OBJ);
}
if (utilDebug.messageEnabled()) {
utilDebug.message("retrieveAuthContext - InternalSession = " + is);
utilDebug.message("retrieveAuthContext - aclocal = " + localAC);
}
return localAC;
}
/**
* Removes the AuthContextLocal object in the Session object identified
* by the SessionID object parameter 'sid'.
*/
public static void removeAuthContext(SessionID sid) {
com.iplanet.dpro.session.service.InternalSession is =
AuthD.getSession(sid);
if (is != null) {
is.removeObject(ISAuthConstants.AUTH_CONTEXT_OBJ);
}
}
/**
* Returns the authentication service or chain configured for the
* given organization.
*
* @param orgDN organization DN.
* @return the authentication service or chain configured for the
* given organization.
*/
public static String getOrgConfiguredAuthenticationChain(String orgDN) {
AuthD ad = AuthD.getAuth();
return ad.getOrgConfiguredAuthenticationChain(orgDN);
}
/**
* Returns true if remote Auth security is enabled and false otherwise
*
* @return the value of sunRemoteAuthSecurityEnabled attribute
*/
public static String getRemoteSecurityEnabled() throws AuthException {
ServiceSchema schema = null;
try {
SSOToken dUserToken = (SSOToken) AccessController.doPrivileged (
AdminTokenAction.getInstance());
ServiceSchemaManager scm = new ServiceSchemaManager(
"iPlanetAMAuthService", dUserToken);
schema = scm.getGlobalSchema();
} catch ( Exception exp) {
utilDebug.error("Cannot get global schema",exp);
throw new AuthException(AMAuthErrorCode.AUTH_ERROR, null);
}
Map attrs = null;
if (schema != null) {
attrs = schema.getAttributeDefaults();
}
String securityEnabled = (String)Misc.getMapAttr(attrs,
ISAuthConstants.REMOTE_AUTH_APP_TOKEN_ENABLED);
if (utilDebug.messageEnabled()) {
utilDebug.message("Security Enabled = " + securityEnabled);
}
return securityEnabled;
}
/**
* Returns the flag indicating a request "forward" after
* successful authentication.
*
* @param authContext AuthContextLocal object
* @param req HttpServletRequest object
* @return the boolean flag.
*/
public static boolean isForwardSuccess(AuthContextLocal authContext,
HttpServletRequest req) {
boolean isForward = forwardSuccessExists(req);
if (!isForward) {
LoginState loginState = getLoginState(authContext);
if (loginState != null) {
isForward = loginState.isForwardSuccess();
}
}
return isForward;
}
/**
* Returns <code>true</code> if the request has the
* <code>forward=true</code> query parameter.
*
* @param req HttpServletRequest object
* @return <code>true</code> if this parameter is present.
*/
public static boolean forwardSuccessExists(HttpServletRequest req) {
String forward = req.getParameter("forward");
boolean isForward =
(forward != null) && forward.equals("true");
if (utilDebug.messageEnabled()) {
utilDebug.message("forwardSuccessExists : "+ isForward);
}
return isForward;
}
/**
* Returns <code>Map</code> attributes
*
* @param serviceName Service Name
* @return <code>Map</code> of global attributes.
*/
public static Map getGlobalAttributes(String serviceName) {
Map attrs = null;
try {
SSOToken dUserToken = (SSOToken) AccessController.doPrivileged (
AdminTokenAction.getInstance());
ServiceSchemaManager scm = new ServiceSchemaManager(
serviceName, dUserToken);
ServiceSchema schema = scm.getGlobalSchema();
if (schema != null) {
attrs = schema.getAttributeDefaults();
}
} catch (SMSException smsExp) {
utilDebug.error("AuthUtils.getGlobalAttributes: SMS Error", smsExp
);
} catch (SSOException ssoExp) {
utilDebug.error("AuthUtils.getGlobalAttributes: SSO Error", ssoExp
);
}
if (utilDebug.messageEnabled()) {
utilDebug.message("AuthUtils.getGlobalAttributes: attrs=" + attrs);
}
return attrs;
}
public static void clearAllCookies(HttpServletRequest request,
HttpServletResponse response) {
SessionID sid = new SessionID(request);
Set cookieDomainSet = getCookieDomainsForReq(request);
if (cookieDomainSet.isEmpty()) {
clearAllCookiesByDomain(sid, null, request, response);
} else {
Iterator iter = cookieDomainSet.iterator();
while (iter.hasNext()) {
clearAllCookiesByDomain(sid, (String)iter.next(), request,
response);
}
}
clearlbCookie(request, response);
clearHostUrlCookie(response);
}
public static void clearAllCookiesByDomain(SessionID sid,
String cookieDomain, HttpServletRequest request,
HttpServletResponse response) {
Cookie cookie = getLogoutCookie(sid, cookieDomain);
response.addCookie(cookie);
}
/*
* Get URL set by Post Process Plugin in HttpServletRequest.
* Caller should check for null return value.
*/
public static String getPostProcessURL(HttpServletRequest servletRequest, String attrName)
{
if (attrName == null) {
if (utilDebug.messageEnabled()) {
utilDebug.message("URL name is null");
}
return null;
}
String url = null;
if (servletRequest != null) {
url = (String) servletRequest.getAttribute(attrName);
}
if (utilDebug.messageEnabled()) {
if ( (url != null) && (url.length() > 0) ) {
utilDebug.message("URL name : " + attrName +
" Value : " + url);
}
else {
utilDebug.message("URL name : " + attrName +
" Value : Not set - null or empty string");
}
}
if ( (url != null) && (url.length() <= 0) )
url = null;
return url;
}
/* Helper method to reset HttpServletRequest object before it is sent to
* Post Process Plugin so that it can set new values.
*/
public static void resetPostProcessURLs(HttpServletRequest servletRequest)
{
if (servletRequest != null) {
servletRequest.removeAttribute(
AMPostAuthProcessInterface.POST_PROCESS_LOGIN_SUCCESS_URL);
servletRequest.removeAttribute(
AMPostAuthProcessInterface.POST_PROCESS_LOGIN_FAILURE_URL);
servletRequest.removeAttribute(
AMPostAuthProcessInterface.POST_PROCESS_LOGOUT_URL);
}
}
/**
* Returns valid goto parameter for this request. Validate goto parameter set in the current request, then returns
* it if valid.
*
* @param request The HttpServletRequest.
* @param orgDN Organization DN.
* @return The validated goto URL.
*/
public static String getValidGotoURL(HttpServletRequest request, String orgDN) {
return REDIRECT_URL_VALIDATOR.getRedirectUrl(
orgDN, REDIRECT_URL_VALIDATOR.getAndDecodeParameter(request, RedirectUrlValidator.GOTO), null);
}
/**
* Performs a logout on a given token ensuring the post auth classes are called
*
* @param sessionID The token id to logout
* @param request The HTTP request
* @param response The HTTP response
* @return true if the token was still valid before logout was called
* @throws SSOException If token is null or other SSO exceptions
*/
public static boolean logout(String sessionID, HttpServletRequest request, HttpServletResponse response)
throws SSOException {
return logout(AuthD.getSession(sessionID),
SSOTokenManager.getInstance().createSSOToken(sessionID), request, response);
}
/**
* Performs a logout on a given token ensuring the post auth classes are called
*
* @param intSession The <code>InternalSession</code> to logout
* @param token The <code>SSOToken</code> to logout
* @param request The HTTP request
* @param response The HTTP response
* @return true if the token was still valid before logout was called
* @throws SSOException If token is null or other SSO exceptions
*/
public static boolean logout(InternalSession intSession,
SSOToken token,
HttpServletRequest request,
HttpServletResponse response)
throws SSOException {
if (token == null) {
return false;
}
Object loginContext = null;
if (intSession != null) {
loginContext = intSession.getObject(ISAuthConstants.LOGIN_CONTEXT);
}
try {
if (loginContext != null) {
if (loginContext instanceof
javax.security.auth.login.LoginContext) {
javax.security.auth.login.LoginContext lc =
(javax.security.auth.login.LoginContext)
loginContext;
lc.logout();
} else {
com.sun.identity.authentication.jaas.LoginContext
jlc = (com.sun.identity.authentication.jaas.
LoginContext) loginContext;
jlc.logout();
}
}
} catch (javax.security.auth.login.LoginException loginExp) {
utilDebug.error("AuthUtils.logout: Cannot Execute module Logout", loginExp);
}
Set<AMPostAuthProcessInterface> postAuthSet = null;
if (intSession != null) {
postAuthSet = (Set<AMPostAuthProcessInterface>) intSession.getObject(ISAuthConstants.
POSTPROCESS_INSTANCE_SET);
}
if ((postAuthSet != null) && !(postAuthSet.isEmpty())) {
for (AMPostAuthProcessInterface postLoginInstance : postAuthSet) {
try {
postLoginInstance.onLogout(request, response, token);
} catch (Exception exp) {
utilDebug.error("AuthUtils.logout: Failed in post logout.", exp);
}
}
} else {
String plis = null;
if (intSession != null) {
plis = intSession.getProperty(ISAuthConstants.POST_AUTH_PROCESS_INSTANCE);
} else {
plis = token.getProperty(ISAuthConstants.POST_AUTH_PROCESS_INSTANCE);
if (utilDebug.messageEnabled()) {
utilDebug.message("InternalSession is null, obtaining PAP instance from ssotoken");
}
}
if (plis != null && plis.length() > 0) {
StringTokenizer st = new StringTokenizer(plis, "|");
while (st.hasMoreTokens()) {
String pli = (String)st.nextToken();
try {
AMPostAuthProcessInterface postProcess =
(AMPostAuthProcessInterface) Thread.currentThread().
getContextClassLoader().loadClass(pli).newInstance();
postProcess.onLogout(request, response, token);
} catch (Exception ex) {
utilDebug.error("AuthUtils.logout:" + pli, ex);
}
}
}
}
boolean isTokenValid = false;
try {
isTokenValid = SSOTokenManager.getInstance().isValidToken(token);
if (isTokenValid) {
AuthD.getAuth().logLogout(token);
SSOTokenManager.getInstance().logout(token);
if (utilDebug.messageEnabled()) {
utilDebug.message("AuthUtils.logout: logout successful.");
}
}
} catch (SSOException se) {
if (utilDebug.warningEnabled()) {
utilDebug.warning("AuthUtils.logout: SSOException"
+ " checking validity of SSO Token", se);
}
}
return isTokenValid;
}
/**
* Gets the ZPL configuration for the given realm.
*
* @param realm the realm to get the ZPL configuration for. Not null.
* @return the ZPL configuration object. Never null.
* @throws SSOException if there is a problem authenticating the configuration lookup.
* @throws SMSException if there is a problem fetching the configuration data.
*/
public static ZeroPageLoginConfig getZeroPageLoginConfig(final String realm) throws SSOException, SMSException {
Reject.ifNull(realm);
final SSOToken token = AccessController.doPrivileged(AdminTokenAction.getInstance());
final ServiceConfigManager mgr = new ServiceConfigManager(ISAuthConstants.AUTH_SERVICE_NAME, token);
final ServiceConfig serviceConfig = mgr.getOrganizationConfig(realm, null);
@SuppressWarnings("unchecked")
final Map<String, Set<String>> configMap = serviceConfig.getAttributes();
return new ZeroPageLoginConfig(
CollectionHelper.getBooleanMapAttr(configMap, Constants.ZERO_PAGE_LOGIN_ENABLED, false),
configMap.get(Constants.ZERO_PAGE_LOGIN_WHITELIST),
CollectionHelper.getBooleanMapAttr(configMap, Constants.ZERO_PAGE_LOGIN_ALLOW_MISSING_REFERER, true)
);
}
}