ReplayPasswd.java revision 55fd6d019a44ba92b8161fc97ce159198afddb24
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Copyright (c) 2007 Sun Microsystems Inc. All Rights Reserved
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * The contents of this file are subject to the terms
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * of the Common Development and Distribution License
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * (the License). You may not use this file except in
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * compliance with the License.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * You can obtain a copy of the License at
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * https://opensso.dev.java.net/public/CDDLv1.0.html or
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * See the License for the specific language governing
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * permission and limitations under the License.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * When distributing Covered Code, include this CDDL
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Header Notice in each file and include the License file
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * If applicable, add the following below the CDDL Header,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * with the fields enclosed by brackets [] replaced by
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * your own identifying information:
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * "Portions Copyrighted [year] [name of copyright owner]"
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * $Id: ReplayPasswd.java,v 1.6 2009/11/04 22:50:35 manish_rustagi Exp $
2873f732e8ca9bfb195e9dab5e5078a162695503Peter Major * Portions Copyrighted 2011-2013 ForgeRock, Inc.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport com.sun.identity.authentication.service.AuthUtils;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * This class is used to set the encrypted password as a session property.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * It reads the value of the property "com.sun.am.replaypasswd.key" which is
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * the key that is to be used for DES Encryption. Once the password is
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * encrypted, it assigns a session property "sunIdentityUserPassword" with
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * this value.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * This class is also used to set "sharepoint_login_attr_value" as a session
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * property to support Sharepoint. It reads the value of the property
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * "com.sun.am.sharepoint_login_attr_name" which indicates the user token that
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Sharepoint uses for authentication and gets its corresponding attribute
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * value from the user datastore.It will then put this as a value of
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * "sharepoint_login_attr_value" session property.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * This class also sets the "owaAuthCookie" for the all the domains for which
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * "iPlanetdirectoryPro" cookie is set.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterpublic class ReplayPasswd implements AMPostAuthProcessInterface {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster private static final String CIPHER_INSTANCE_NAME =
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster private static final String REPLAY_PASSWORD_KEY =
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster "com.sun.am.replaypasswd.key";
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster private static final String SUN_IDENTITY_USER_PASSWORD =
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster "sunIdentityUserPassword";
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster "com.sun.am.iis_owa_enabled";
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster "owaAuthCookie";
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster private static final String OWA_AUTH_COOKIE_VALUE =
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster "amOwaValue";
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster private static final String SHAREPOINT_LOGIN_ATTR_NAME =
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster "com.sun.am.sharepoint_login_attr_name";
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster private static final String SHAREPOINT_LOGIN_ATTR_VALUE =
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster "sharepoint_login_attr_value";
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster private static Debug debug = Debug.getInstance("ReplayPasswd");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Post processing on successful authentication.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param requestParamsMap contains HttpServletRequest parameters
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param request HttpServlet request
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param response HttpServlet response
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param ssoToken user's session
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @throws AuthenticationException if there is an error while setting
55fd6d019a44ba92b8161fc97ce159198afddb24Peter Major * the session password property
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public void onLoginSuccess(Map requestParamsMap,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster SSOToken ssoToken) throws AuthenticationException {
55fd6d019a44ba92b8161fc97ce159198afddb24Peter Major debug.message("ReplayPasswd.onLoginSuccess: request is not available, password is not saved.");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster debug.message("ReplayPasswd.onLoginSuccess called: Req:" +
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String userpasswd = request.getParameter(PASSWORD_TOKEN);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String deskeystr = SystemProperties.get(REPLAY_PASSWORD_KEY);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster SystemProperties.get(SHAREPOINT_LOGIN_ATTR_NAME);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster SecretKeySpec keySpec = new SecretKeySpec(desKey, "DES");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster Cipher cipher = Cipher.getInstance(CIPHER_INSTANCE_NAME);
2873f732e8ca9bfb195e9dab5e5078a162695503Peter Major //The array size must be a multiply of 8 (DES block size)
2873f732e8ca9bfb195e9dab5e5078a162695503Peter Major int length = userpasswd.length() + (8 - userpasswd.length() % 8);
2873f732e8ca9bfb195e9dab5e5078a162695503Peter Major System.arraycopy(userpasswd.getBytes(), 0, data, 0, userpasswd.length());
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String encodedpasswd = Base64.encode(ciphertext);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster ssoToken.setProperty(SUN_IDENTITY_USER_PASSWORD, encodedpasswd);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster iisOwaEnabled.trim().equalsIgnoreCase("true")) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // Set OWA Auth Cookie
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster Cookie owaAuthCookie = new Cookie(OWA_AUTH_COOKIE,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster for (Iterator it = domains.iterator(); it.hasNext(); ) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if(strAttributeName != null && !strAttributeName.trim().equals("")){
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster AMIdentity amIdentityUser = IdUtils.getIdentity(ssoToken);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster SHAREPOINT_LOGIN_ATTR_VALUE, strAttributeValue);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster debug.message("ReplayPasswd.onLoginSuccess: " +
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster debug.message("ReplayPasswd.onLoginSuccess: Replay password " +
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster "concluded successfully");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster debug.error("ReplayPasswd.onLoginSuccess: IOException while " +
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster debug.error("ReplayPasswd.onLoginSuccess: NoSuchAlgorithmException"+
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster " while setting session password property: " + noe);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster debug.error("ReplayPasswd.onLoginSuccess: InvalidKeyException " +
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster "while setting session password property: " + ike);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster debug.error("ReplayPasswd.onLoginSuccess:IllegalBlockSizeException"+
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster " while setting session password property: " + ibe);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster debug.error("ReplayPasswd.onLoginSuccess: NoSuchPaddingException " +
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster "while setting session password property: " + npe);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster debug.error("ReplayPasswd.onLoginSuccess: BadPaddingException " +
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster "while setting session password property: " + bpe);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster debug.error("ReplayPasswd.onLoginSuccess: SSOException while " +
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Post processing on failed authentication.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param requestParamsMap contains HttpServletRequest parameters
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param req HttpServlet request
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param res HttpServlet response
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @throws AuthenticationException if there is an error
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public void onLoginFailure(Map requestParamsMap,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster HttpServletResponse res) throws AuthenticationException {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster debug.message("ReplayPasswd.onLoginFailure: called");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Post processing on Logout.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param req HttpServlet request
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param res HttpServlet response
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param ssoToken user's session
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @throws AuthenticationException if there is an error