IdentityServicesHandler.java revision 1cdbb192cc46d4271df7197fc33f870c052efca7
65fea56f17cd614bc8908264df980a62e1931468vboxsync * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
65fea56f17cd614bc8908264df980a62e1931468vboxsync * Copyright (c) 2007 Sun Microsystems Inc. All Rights Reserved
65fea56f17cd614bc8908264df980a62e1931468vboxsync * The contents of this file are subject to the terms
65fea56f17cd614bc8908264df980a62e1931468vboxsync * of the Common Development and Distribution License
65fea56f17cd614bc8908264df980a62e1931468vboxsync * (the License). You may not use this file except in
65fea56f17cd614bc8908264df980a62e1931468vboxsync * compliance with the License.
65fea56f17cd614bc8908264df980a62e1931468vboxsync * You can obtain a copy of the License at
65fea56f17cd614bc8908264df980a62e1931468vboxsync * https://opensso.dev.java.net/public/CDDLv1.0.html or
65fea56f17cd614bc8908264df980a62e1931468vboxsync * See the License for the specific language governing
65fea56f17cd614bc8908264df980a62e1931468vboxsync * permission and limitations under the License.
65fea56f17cd614bc8908264df980a62e1931468vboxsync * When distributing Covered Code, include this CDDL
65fea56f17cd614bc8908264df980a62e1931468vboxsync * Header Notice in each file and include the License file
65fea56f17cd614bc8908264df980a62e1931468vboxsync * If applicable, add the following below the CDDL Header,
65fea56f17cd614bc8908264df980a62e1931468vboxsync * with the fields enclosed by brackets [] replaced by
65fea56f17cd614bc8908264df980a62e1931468vboxsync * your own identifying information:
65fea56f17cd614bc8908264df980a62e1931468vboxsync * "Portions Copyrighted [year] [name of copyright owner]"
65fea56f17cd614bc8908264df980a62e1931468vboxsync * $Id: IdentityServicesHandler.java,v 1.7 2008/12/15 19:50:21 arviranga Exp $
65fea56f17cd614bc8908264df980a62e1931468vboxsync * Portions Copyrighted 2011-2015 ForgeRock AS.
65fea56f17cd614bc8908264df980a62e1931468vboxsync * Portions Copyrighted 2012 Open Source Solution Technology Corporation
65fea56f17cd614bc8908264df980a62e1931468vboxsyncimport com.sun.identity.authentication.client.AuthClientUtils;
65fea56f17cd614bc8908264df980a62e1931468vboxsyncimport com.sun.identity.authentication.client.ZeroPageLoginConfig;
65fea56f17cd614bc8908264df980a62e1931468vboxsyncimport com.sun.identity.authentication.service.AuthException;
65fea56f17cd614bc8908264df980a62e1931468vboxsyncimport com.sun.identity.authentication.service.AuthUtils;
65fea56f17cd614bc8908264df980a62e1931468vboxsyncimport com.sun.identity.idsvcs.IdentityServicesFactory;
65fea56f17cd614bc8908264df980a62e1931468vboxsyncimport com.sun.identity.idsvcs.IdentityServicesImpl;
65fea56f17cd614bc8908264df980a62e1931468vboxsync * Provides a marshall/unmarshall layer to the Security interface.
65fea56f17cd614bc8908264df980a62e1931468vboxsyncpublic class IdentityServicesHandler extends HttpServlet {
65fea56f17cd614bc8908264df980a62e1931468vboxsync private static final long serialVersionUID = 2774677132209419157L;
65fea56f17cd614bc8908264df980a62e1931468vboxsync private static Debug debug = Debug.getInstance("amIdentityServices");
65fea56f17cd614bc8908264df980a62e1931468vboxsync // =======================================================================
65fea56f17cd614bc8908264df980a62e1931468vboxsync // Constants
65fea56f17cd614bc8908264df980a62e1931468vboxsync // =======================================================================
65fea56f17cd614bc8908264df980a62e1931468vboxsync private static final String PARAM_PROVIDER = "provider";
65fea56f17cd614bc8908264df980a62e1931468vboxsync private static final Class PROVIDER_DEFAULT = IdentityServicesImpl.class;
65fea56f17cd614bc8908264df980a62e1931468vboxsync // =======================================================================
65fea56f17cd614bc8908264df980a62e1931468vboxsync // =======================================================================
65fea56f17cd614bc8908264df980a62e1931468vboxsync // =======================================================================
65fea56f17cd614bc8908264df980a62e1931468vboxsync // =======================================================================
65fea56f17cd614bc8908264df980a62e1931468vboxsync * Loads the init parameters for use in the HTTP methods.
65fea56f17cd614bc8908264df980a62e1931468vboxsync * @see javax.servlet.GenericServlet#init()
65fea56f17cd614bc8908264df980a62e1931468vboxsync // determine if the provider is correct..
65fea56f17cd614bc8908264df980a62e1931468vboxsync // get the security provider from the params.
65fea56f17cd614bc8908264df980a62e1931468vboxsync String provider = getInitParameter(PARAM_PROVIDER, def);
65fea56f17cd614bc8908264df980a62e1931468vboxsync this.factory = IdentityServicesFactory.getInstance(provider);
65fea56f17cd614bc8908264df980a62e1931468vboxsync } catch (Exception e) {
65fea56f17cd614bc8908264df980a62e1931468vboxsync // wrap in a servlet exception as to not scare the natives..
65fea56f17cd614bc8908264df980a62e1931468vboxsync // =======================================================================
65fea56f17cd614bc8908264df980a62e1931468vboxsync // HTTP Methods
65fea56f17cd614bc8908264df980a62e1931468vboxsync // =======================================================================
65fea56f17cd614bc8908264df980a62e1931468vboxsync * Determines unmarshalls the request and executes the proper method based
65fea56f17cd614bc8908264df980a62e1931468vboxsync * on the request parameters.
65fea56f17cd614bc8908264df980a62e1931468vboxsync * @see javax.servlet.http.HttpServlet#service(HttpServletRequest request,
65fea56f17cd614bc8908264df980a62e1931468vboxsync * HttpServletResponse response)
65fea56f17cd614bc8908264df980a62e1931468vboxsync HttpServletResponse response) throws ServletException, IOException {
65fea56f17cd614bc8908264df980a62e1931468vboxsync // check/init LB cookie names
65fea56f17cd614bc8908264df980a62e1931468vboxsync if (lbCookieName == null || lbCookieValue == null) {
65fea56f17cd614bc8908264df980a62e1931468vboxsync //set headers before executing the method, so they are set even if exception is being thrown
65fea56f17cd614bc8908264df980a62e1931468vboxsync response.addHeader("Cache-Control", "no-store, no-cache, must-revalidate, max-age=0");
65fea56f17cd614bc8908264df980a62e1931468vboxsync IdentityServicesImpl security = this.factory.newInstance();
65fea56f17cd614bc8908264df980a62e1931468vboxsync SecurityMethod.execute(security, request, response);
65fea56f17cd614bc8908264df980a62e1931468vboxsync // check/set LB cookie
65fea56f17cd614bc8908264df980a62e1931468vboxsync // =======================================================================
65fea56f17cd614bc8908264df980a62e1931468vboxsync // Helper Methods
65fea56f17cd614bc8908264df980a62e1931468vboxsync // =======================================================================
65fea56f17cd614bc8908264df980a62e1931468vboxsync * Get a consistent behaviour between application servers..
65fea56f17cd614bc8908264df980a62e1931468vboxsync String getInitParameter(String param, String def) {
65fea56f17cd614bc8908264df980a62e1931468vboxsync private void initLbCookieSettings() {
65fea56f17cd614bc8908264df980a62e1931468vboxsync lbCookieValue = AuthClientUtils.getlbCookieValue();
65fea56f17cd614bc8908264df980a62e1931468vboxsync private void setLbCookie(HttpServletRequest request, HttpServletResponse response) {
65fea56f17cd614bc8908264df980a62e1931468vboxsync if (lbCookieName == null || lbCookieValue == null) {
65fea56f17cd614bc8908264df980a62e1931468vboxsync // unable to set lb cookie
65fea56f17cd614bc8908264df980a62e1931468vboxsync * Enum to get the request parameters and test w/ the SecurityMethods.
65fea56f17cd614bc8908264df980a62e1931468vboxsync public static class SecurityParameter {
65fea56f17cd614bc8908264df980a62e1931468vboxsync // ===================================================================
65fea56f17cd614bc8908264df980a62e1931468vboxsync // ===================================================================
65fea56f17cd614bc8908264df980a62e1931468vboxsync public Boolean getBoolean(ServletRequest request) {
65fea56f17cd614bc8908264df980a62e1931468vboxsync return Boolean.valueOf(request.getParameter(name));
return ret;
return ret;
return ret;
public static class SecurityMethod {
imethod = m;
throw new IllegalArgumentException();
} catch (Exception e) {
throw new ServletException(e);
} catch (Throwable e) {
if (e instanceof UnsupportedOperationException) {
} else if (e instanceof InvocationTargetException) {
private static boolean isZeroPageLoginAllowed(HttpServletRequest request) throws AuthException, SMSException,
* Gets the realm being used for this request by parsing the query parameters on the URI parameter (if present).
* This matches the logic used in opensso/IdentityServicesImpl. Defaults to "/".
return realm;
throws Throwable
} catch (InvocationTargetException e) {
throw e.getTargetException();
return ret;