IdentityServicesHandler.java revision 1cdbb192cc46d4271df7197fc33f870c052efca7
65fea56f17cd614bc8908264df980a62e1931468vboxsync/**
65fea56f17cd614bc8908264df980a62e1931468vboxsync * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
65fea56f17cd614bc8908264df980a62e1931468vboxsync *
65fea56f17cd614bc8908264df980a62e1931468vboxsync * Copyright (c) 2007 Sun Microsystems Inc. All Rights Reserved
65fea56f17cd614bc8908264df980a62e1931468vboxsync *
65fea56f17cd614bc8908264df980a62e1931468vboxsync * The contents of this file are subject to the terms
65fea56f17cd614bc8908264df980a62e1931468vboxsync * of the Common Development and Distribution License
65fea56f17cd614bc8908264df980a62e1931468vboxsync * (the License). You may not use this file except in
65fea56f17cd614bc8908264df980a62e1931468vboxsync * compliance with the License.
65fea56f17cd614bc8908264df980a62e1931468vboxsync *
65fea56f17cd614bc8908264df980a62e1931468vboxsync * You can obtain a copy of the License at
65fea56f17cd614bc8908264df980a62e1931468vboxsync * https://opensso.dev.java.net/public/CDDLv1.0.html or
65fea56f17cd614bc8908264df980a62e1931468vboxsync * opensso/legal/CDDLv1.0.txt
65fea56f17cd614bc8908264df980a62e1931468vboxsync * See the License for the specific language governing
65fea56f17cd614bc8908264df980a62e1931468vboxsync * permission and limitations under the License.
65fea56f17cd614bc8908264df980a62e1931468vboxsync *
65fea56f17cd614bc8908264df980a62e1931468vboxsync * When distributing Covered Code, include this CDDL
65fea56f17cd614bc8908264df980a62e1931468vboxsync * Header Notice in each file and include the License file
65fea56f17cd614bc8908264df980a62e1931468vboxsync * at opensso/legal/CDDLv1.0.txt.
65fea56f17cd614bc8908264df980a62e1931468vboxsync * If applicable, add the following below the CDDL Header,
65fea56f17cd614bc8908264df980a62e1931468vboxsync * with the fields enclosed by brackets [] replaced by
65fea56f17cd614bc8908264df980a62e1931468vboxsync * your own identifying information:
65fea56f17cd614bc8908264df980a62e1931468vboxsync * "Portions Copyrighted [year] [name of copyright owner]"
65fea56f17cd614bc8908264df980a62e1931468vboxsync *
65fea56f17cd614bc8908264df980a62e1931468vboxsync * $Id: IdentityServicesHandler.java,v 1.7 2008/12/15 19:50:21 arviranga Exp $
65fea56f17cd614bc8908264df980a62e1931468vboxsync *
65fea56f17cd614bc8908264df980a62e1931468vboxsync */
65fea56f17cd614bc8908264df980a62e1931468vboxsync
65fea56f17cd614bc8908264df980a62e1931468vboxsync/*
65fea56f17cd614bc8908264df980a62e1931468vboxsync * Portions Copyrighted 2011-2015 ForgeRock AS.
65fea56f17cd614bc8908264df980a62e1931468vboxsync * Portions Copyrighted 2012 Open Source Solution Technology Corporation
65fea56f17cd614bc8908264df980a62e1931468vboxsync */
65fea56f17cd614bc8908264df980a62e1931468vboxsync
65fea56f17cd614bc8908264df980a62e1931468vboxsyncpackage com.sun.identity.idsvcs.rest;
65fea56f17cd614bc8908264df980a62e1931468vboxsync
65fea56f17cd614bc8908264df980a62e1931468vboxsyncimport javax.servlet.ServletException;
65fea56f17cd614bc8908264df980a62e1931468vboxsyncimport javax.servlet.ServletRequest;
65fea56f17cd614bc8908264df980a62e1931468vboxsyncimport javax.servlet.http.Cookie;
65fea56f17cd614bc8908264df980a62e1931468vboxsyncimport javax.servlet.http.HttpServlet;
65fea56f17cd614bc8908264df980a62e1931468vboxsyncimport javax.servlet.http.HttpServletRequest;
65fea56f17cd614bc8908264df980a62e1931468vboxsyncimport javax.servlet.http.HttpServletResponse;
65fea56f17cd614bc8908264df980a62e1931468vboxsyncimport java.io.IOException;
65fea56f17cd614bc8908264df980a62e1931468vboxsyncimport java.io.StringWriter;
65fea56f17cd614bc8908264df980a62e1931468vboxsyncimport java.io.Writer;
65fea56f17cd614bc8908264df980a62e1931468vboxsyncimport java.lang.reflect.InvocationTargetException;
65fea56f17cd614bc8908264df980a62e1931468vboxsyncimport java.lang.reflect.Method;
65fea56f17cd614bc8908264df980a62e1931468vboxsyncimport java.util.ArrayList;
65fea56f17cd614bc8908264df980a62e1931468vboxsyncimport java.util.List;
65fea56f17cd614bc8908264df980a62e1931468vboxsync
65fea56f17cd614bc8908264df980a62e1931468vboxsyncimport com.iplanet.sso.SSOException;
65fea56f17cd614bc8908264df980a62e1931468vboxsyncimport com.iplanet.sso.SSOToken;
65fea56f17cd614bc8908264df980a62e1931468vboxsyncimport com.iplanet.sso.SSOTokenManager;
65fea56f17cd614bc8908264df980a62e1931468vboxsyncimport com.sun.identity.authentication.client.AuthClientUtils;
65fea56f17cd614bc8908264df980a62e1931468vboxsyncimport com.sun.identity.authentication.client.ZeroPageLoginConfig;
65fea56f17cd614bc8908264df980a62e1931468vboxsyncimport com.sun.identity.authentication.service.AuthException;
65fea56f17cd614bc8908264df980a62e1931468vboxsyncimport com.sun.identity.authentication.service.AuthUtils;
65fea56f17cd614bc8908264df980a62e1931468vboxsyncimport com.sun.identity.idsvcs.GeneralFailure;
65fea56f17cd614bc8908264df980a62e1931468vboxsyncimport com.sun.identity.idsvcs.IdentityServicesFactory;
65fea56f17cd614bc8908264df980a62e1931468vboxsyncimport com.sun.identity.idsvcs.IdentityServicesImpl;
65fea56f17cd614bc8908264df980a62e1931468vboxsyncimport com.sun.identity.idsvcs.Token;
65fea56f17cd614bc8908264df980a62e1931468vboxsyncimport com.sun.identity.shared.debug.Debug;
65fea56f17cd614bc8908264df980a62e1931468vboxsyncimport com.sun.identity.sm.SMSException;
65fea56f17cd614bc8908264df980a62e1931468vboxsync
65fea56f17cd614bc8908264df980a62e1931468vboxsync/**
65fea56f17cd614bc8908264df980a62e1931468vboxsync * Provides a marshall/unmarshall layer to the Security interface.
65fea56f17cd614bc8908264df980a62e1931468vboxsync */
65fea56f17cd614bc8908264df980a62e1931468vboxsyncpublic class IdentityServicesHandler extends HttpServlet {
65fea56f17cd614bc8908264df980a62e1931468vboxsync
65fea56f17cd614bc8908264df980a62e1931468vboxsync private static final long serialVersionUID = 2774677132209419157L;
65fea56f17cd614bc8908264df980a62e1931468vboxsync private static Debug debug = Debug.getInstance("amIdentityServices");
65fea56f17cd614bc8908264df980a62e1931468vboxsync
65fea56f17cd614bc8908264df980a62e1931468vboxsync // =======================================================================
65fea56f17cd614bc8908264df980a62e1931468vboxsync // Constants
65fea56f17cd614bc8908264df980a62e1931468vboxsync // =======================================================================
65fea56f17cd614bc8908264df980a62e1931468vboxsync private static final String PARAM_PROVIDER = "provider";
65fea56f17cd614bc8908264df980a62e1931468vboxsync private static final Class PROVIDER_DEFAULT = IdentityServicesImpl.class;
65fea56f17cd614bc8908264df980a62e1931468vboxsync
65fea56f17cd614bc8908264df980a62e1931468vboxsync // =======================================================================
65fea56f17cd614bc8908264df980a62e1931468vboxsync // Fields
65fea56f17cd614bc8908264df980a62e1931468vboxsync // =======================================================================
65fea56f17cd614bc8908264df980a62e1931468vboxsync private IdentityServicesFactory factory;
65fea56f17cd614bc8908264df980a62e1931468vboxsync private String lbCookieName;
65fea56f17cd614bc8908264df980a62e1931468vboxsync private String lbCookieValue;
65fea56f17cd614bc8908264df980a62e1931468vboxsync
65fea56f17cd614bc8908264df980a62e1931468vboxsync // =======================================================================
65fea56f17cd614bc8908264df980a62e1931468vboxsync // Initialize/Destroy
65fea56f17cd614bc8908264df980a62e1931468vboxsync // =======================================================================
65fea56f17cd614bc8908264df980a62e1931468vboxsync /**
65fea56f17cd614bc8908264df980a62e1931468vboxsync * Loads the init parameters for use in the HTTP methods.
65fea56f17cd614bc8908264df980a62e1931468vboxsync *
65fea56f17cd614bc8908264df980a62e1931468vboxsync * @see javax.servlet.GenericServlet#init()
65fea56f17cd614bc8908264df980a62e1931468vboxsync */
65fea56f17cd614bc8908264df980a62e1931468vboxsync public void init() throws ServletException {
65fea56f17cd614bc8908264df980a62e1931468vboxsync super.init();
65fea56f17cd614bc8908264df980a62e1931468vboxsync // determine if the provider is correct..
65fea56f17cd614bc8908264df980a62e1931468vboxsync try {
65fea56f17cd614bc8908264df980a62e1931468vboxsync // get the security provider from the params.
65fea56f17cd614bc8908264df980a62e1931468vboxsync String def = PROVIDER_DEFAULT.toString();
65fea56f17cd614bc8908264df980a62e1931468vboxsync String provider = getInitParameter(PARAM_PROVIDER, def);
65fea56f17cd614bc8908264df980a62e1931468vboxsync this.factory = IdentityServicesFactory.getInstance(provider);
65fea56f17cd614bc8908264df980a62e1931468vboxsync } catch (Exception e) {
65fea56f17cd614bc8908264df980a62e1931468vboxsync // wrap in a servlet exception as to not scare the natives..
65fea56f17cd614bc8908264df980a62e1931468vboxsync throw new ServletException(e);
65fea56f17cd614bc8908264df980a62e1931468vboxsync }
65fea56f17cd614bc8908264df980a62e1931468vboxsync
65fea56f17cd614bc8908264df980a62e1931468vboxsync
65fea56f17cd614bc8908264df980a62e1931468vboxsync }
65fea56f17cd614bc8908264df980a62e1931468vboxsync
65fea56f17cd614bc8908264df980a62e1931468vboxsync // =======================================================================
65fea56f17cd614bc8908264df980a62e1931468vboxsync // HTTP Methods
65fea56f17cd614bc8908264df980a62e1931468vboxsync // =======================================================================
65fea56f17cd614bc8908264df980a62e1931468vboxsync /**
65fea56f17cd614bc8908264df980a62e1931468vboxsync * Determines unmarshalls the request and executes the proper method based
65fea56f17cd614bc8908264df980a62e1931468vboxsync * on the request parameters.
65fea56f17cd614bc8908264df980a62e1931468vboxsync *
65fea56f17cd614bc8908264df980a62e1931468vboxsync * @see javax.servlet.http.HttpServlet#service(HttpServletRequest request,
65fea56f17cd614bc8908264df980a62e1931468vboxsync * HttpServletResponse response)
65fea56f17cd614bc8908264df980a62e1931468vboxsync */
65fea56f17cd614bc8908264df980a62e1931468vboxsync protected void service(HttpServletRequest request,
65fea56f17cd614bc8908264df980a62e1931468vboxsync HttpServletResponse response) throws ServletException, IOException {
65fea56f17cd614bc8908264df980a62e1931468vboxsync // check/init LB cookie names
65fea56f17cd614bc8908264df980a62e1931468vboxsync if (lbCookieName == null || lbCookieValue == null) {
65fea56f17cd614bc8908264df980a62e1931468vboxsync initLbCookieSettings();
65fea56f17cd614bc8908264df980a62e1931468vboxsync }
65fea56f17cd614bc8908264df980a62e1931468vboxsync //set headers before executing the method, so they are set even if exception is being thrown
65fea56f17cd614bc8908264df980a62e1931468vboxsync response.addHeader("Cache-Control", "no-store, no-cache, must-revalidate, max-age=0");
65fea56f17cd614bc8908264df980a62e1931468vboxsync response.addHeader("Pragma", "no-cache");
65fea56f17cd614bc8908264df980a62e1931468vboxsync IdentityServicesImpl security = this.factory.newInstance();
65fea56f17cd614bc8908264df980a62e1931468vboxsync SecurityMethod.execute(security, request, response);
65fea56f17cd614bc8908264df980a62e1931468vboxsync
65fea56f17cd614bc8908264df980a62e1931468vboxsync // check/set LB cookie
65fea56f17cd614bc8908264df980a62e1931468vboxsync setLbCookie(request, response);
65fea56f17cd614bc8908264df980a62e1931468vboxsync }
65fea56f17cd614bc8908264df980a62e1931468vboxsync
65fea56f17cd614bc8908264df980a62e1931468vboxsync // =======================================================================
65fea56f17cd614bc8908264df980a62e1931468vboxsync // Helper Methods
65fea56f17cd614bc8908264df980a62e1931468vboxsync // =======================================================================
65fea56f17cd614bc8908264df980a62e1931468vboxsync /**
65fea56f17cd614bc8908264df980a62e1931468vboxsync * Get a consistent behaviour between application servers..
65fea56f17cd614bc8908264df980a62e1931468vboxsync */
65fea56f17cd614bc8908264df980a62e1931468vboxsync String getInitParameter(String param, String def) {
65fea56f17cd614bc8908264df980a62e1931468vboxsync String ret = getInitParameter(param);
65fea56f17cd614bc8908264df980a62e1931468vboxsync if (isBlank(param)) {
65fea56f17cd614bc8908264df980a62e1931468vboxsync ret = def;
65fea56f17cd614bc8908264df980a62e1931468vboxsync }
65fea56f17cd614bc8908264df980a62e1931468vboxsync return ret;
65fea56f17cd614bc8908264df980a62e1931468vboxsync }
65fea56f17cd614bc8908264df980a62e1931468vboxsync
65fea56f17cd614bc8908264df980a62e1931468vboxsync private static boolean isBlank(String val)
65fea56f17cd614bc8908264df980a62e1931468vboxsync {
65fea56f17cd614bc8908264df980a62e1931468vboxsync return (val == null) ? true :
65fea56f17cd614bc8908264df980a62e1931468vboxsync ((val.trim().length() == 0) ? true : false);
65fea56f17cd614bc8908264df980a62e1931468vboxsync }
65fea56f17cd614bc8908264df980a62e1931468vboxsync
65fea56f17cd614bc8908264df980a62e1931468vboxsync private void initLbCookieSettings() {
65fea56f17cd614bc8908264df980a62e1931468vboxsync lbCookieName = AuthClientUtils.getlbCookieName();
65fea56f17cd614bc8908264df980a62e1931468vboxsync lbCookieValue = AuthClientUtils.getlbCookieValue();
65fea56f17cd614bc8908264df980a62e1931468vboxsync }
65fea56f17cd614bc8908264df980a62e1931468vboxsync
65fea56f17cd614bc8908264df980a62e1931468vboxsync private void setLbCookie(HttpServletRequest request, HttpServletResponse response) {
65fea56f17cd614bc8908264df980a62e1931468vboxsync if (lbCookieName == null || lbCookieValue == null) {
65fea56f17cd614bc8908264df980a62e1931468vboxsync return;
65fea56f17cd614bc8908264df980a62e1931468vboxsync }
65fea56f17cd614bc8908264df980a62e1931468vboxsync
65fea56f17cd614bc8908264df980a62e1931468vboxsync Cookie[] cookies = request.getCookies();
65fea56f17cd614bc8908264df980a62e1931468vboxsync
65fea56f17cd614bc8908264df980a62e1931468vboxsync if (cookies != null) {
65fea56f17cd614bc8908264df980a62e1931468vboxsync for (int c = 0; c < cookies.length; c++) {
65fea56f17cd614bc8908264df980a62e1931468vboxsync if (cookies[c].getName().equals(lbCookieName)) {
65fea56f17cd614bc8908264df980a62e1931468vboxsync return;
65fea56f17cd614bc8908264df980a62e1931468vboxsync }
65fea56f17cd614bc8908264df980a62e1931468vboxsync }
65fea56f17cd614bc8908264df980a62e1931468vboxsync }
65fea56f17cd614bc8908264df980a62e1931468vboxsync
65fea56f17cd614bc8908264df980a62e1931468vboxsync try {
65fea56f17cd614bc8908264df980a62e1931468vboxsync AuthClientUtils.setlbCookie(request, response);
65fea56f17cd614bc8908264df980a62e1931468vboxsync } catch (Exception ex) {
65fea56f17cd614bc8908264df980a62e1931468vboxsync // unable to set lb cookie
65fea56f17cd614bc8908264df980a62e1931468vboxsync }
65fea56f17cd614bc8908264df980a62e1931468vboxsync }
65fea56f17cd614bc8908264df980a62e1931468vboxsync
65fea56f17cd614bc8908264df980a62e1931468vboxsync /**
65fea56f17cd614bc8908264df980a62e1931468vboxsync * Enum to get the request parameters and test w/ the SecurityMethods.
65fea56f17cd614bc8908264df980a62e1931468vboxsync */
65fea56f17cd614bc8908264df980a62e1931468vboxsync public static class SecurityParameter {
65fea56f17cd614bc8908264df980a62e1931468vboxsync
65fea56f17cd614bc8908264df980a62e1931468vboxsync public static final SecurityParameter URI =
65fea56f17cd614bc8908264df980a62e1931468vboxsync new SecurityParameter("URI");
65fea56f17cd614bc8908264df980a62e1931468vboxsync public static final SecurityParameter ACTION =
65fea56f17cd614bc8908264df980a62e1931468vboxsync new SecurityParameter("ACTION");
65fea56f17cd614bc8908264df980a62e1931468vboxsync public static final SecurityParameter USERNAME =
65fea56f17cd614bc8908264df980a62e1931468vboxsync new SecurityParameter("USERNAME");
65fea56f17cd614bc8908264df980a62e1931468vboxsync public static final SecurityParameter PASSWORD =
65fea56f17cd614bc8908264df980a62e1931468vboxsync new SecurityParameter("PASSWORD");
65fea56f17cd614bc8908264df980a62e1931468vboxsync public static final SecurityParameter SUBJECTID =
65fea56f17cd614bc8908264df980a62e1931468vboxsync new SecurityParameter("SUBJECTID", Token.class);
65fea56f17cd614bc8908264df980a62e1931468vboxsync public static final SecurityParameter LOGNAME =
65fea56f17cd614bc8908264df980a62e1931468vboxsync new SecurityParameter("LOGNAME");
65fea56f17cd614bc8908264df980a62e1931468vboxsync public static final SecurityParameter MESSAGE =
65fea56f17cd614bc8908264df980a62e1931468vboxsync new SecurityParameter("MESSAGE");
65fea56f17cd614bc8908264df980a62e1931468vboxsync public static final SecurityParameter APPID =
65fea56f17cd614bc8908264df980a62e1931468vboxsync new SecurityParameter("APPID", Token.class);
65fea56f17cd614bc8908264df980a62e1931468vboxsync public static final SecurityParameter NAME =
65fea56f17cd614bc8908264df980a62e1931468vboxsync new SecurityParameter("NAME");
65fea56f17cd614bc8908264df980a62e1931468vboxsync public static final SecurityParameter FILTER =
65fea56f17cd614bc8908264df980a62e1931468vboxsync new SecurityParameter("FILTER");
65fea56f17cd614bc8908264df980a62e1931468vboxsync // ===================================================================
65fea56f17cd614bc8908264df980a62e1931468vboxsync // Fields
65fea56f17cd614bc8908264df980a62e1931468vboxsync // ===================================================================
65fea56f17cd614bc8908264df980a62e1931468vboxsync final Class type;
65fea56f17cd614bc8908264df980a62e1931468vboxsync final String name;
65fea56f17cd614bc8908264df980a62e1931468vboxsync
65fea56f17cd614bc8908264df980a62e1931468vboxsync SecurityParameter(String name) {
65fea56f17cd614bc8908264df980a62e1931468vboxsync this.name = name;
65fea56f17cd614bc8908264df980a62e1931468vboxsync this.type = String.class;
65fea56f17cd614bc8908264df980a62e1931468vboxsync }
65fea56f17cd614bc8908264df980a62e1931468vboxsync
65fea56f17cd614bc8908264df980a62e1931468vboxsync SecurityParameter(String name, Class type) {
65fea56f17cd614bc8908264df980a62e1931468vboxsync this.name = name;
65fea56f17cd614bc8908264df980a62e1931468vboxsync this.type = type;
65fea56f17cd614bc8908264df980a62e1931468vboxsync }
65fea56f17cd614bc8908264df980a62e1931468vboxsync
65fea56f17cd614bc8908264df980a62e1931468vboxsync String name() {
65fea56f17cd614bc8908264df980a62e1931468vboxsync return name;
65fea56f17cd614bc8908264df980a62e1931468vboxsync }
65fea56f17cd614bc8908264df980a62e1931468vboxsync
65fea56f17cd614bc8908264df980a62e1931468vboxsync Object getValue(ServletRequest request) {
65fea56f17cd614bc8908264df980a62e1931468vboxsync Object ret = null;
65fea56f17cd614bc8908264df980a62e1931468vboxsync if (this.type == Token.class) {
65fea56f17cd614bc8908264df980a62e1931468vboxsync ret = getToken(request);
65fea56f17cd614bc8908264df980a62e1931468vboxsync } else if (this.type == List.class) {
65fea56f17cd614bc8908264df980a62e1931468vboxsync ret = getList(request);
65fea56f17cd614bc8908264df980a62e1931468vboxsync } else if (this.type == String[].class) {
65fea56f17cd614bc8908264df980a62e1931468vboxsync ret = getArray(request);
65fea56f17cd614bc8908264df980a62e1931468vboxsync } else if (type == Boolean.class) {
65fea56f17cd614bc8908264df980a62e1931468vboxsync ret = getBoolean(request);
65fea56f17cd614bc8908264df980a62e1931468vboxsync } else {
65fea56f17cd614bc8908264df980a62e1931468vboxsync ret = getString(request);
65fea56f17cd614bc8908264df980a62e1931468vboxsync }
65fea56f17cd614bc8908264df980a62e1931468vboxsync return ret;
65fea56f17cd614bc8908264df980a62e1931468vboxsync }
65fea56f17cd614bc8908264df980a62e1931468vboxsync
65fea56f17cd614bc8908264df980a62e1931468vboxsync public Boolean getBoolean(ServletRequest request) {
65fea56f17cd614bc8908264df980a62e1931468vboxsync String name = name().toLowerCase();
65fea56f17cd614bc8908264df980a62e1931468vboxsync return Boolean.valueOf(request.getParameter(name));
65fea56f17cd614bc8908264df980a62e1931468vboxsync }
65fea56f17cd614bc8908264df980a62e1931468vboxsync
65fea56f17cd614bc8908264df980a62e1931468vboxsync public String getString(ServletRequest request) {
65fea56f17cd614bc8908264df980a62e1931468vboxsync String name = name().toLowerCase();
65fea56f17cd614bc8908264df980a62e1931468vboxsync String ret = request.getParameter(name);
65fea56f17cd614bc8908264df980a62e1931468vboxsync if (isBlank(ret)) {
65fea56f17cd614bc8908264df980a62e1931468vboxsync ret = null;
65fea56f17cd614bc8908264df980a62e1931468vboxsync }
65fea56f17cd614bc8908264df980a62e1931468vboxsync return ret;
65fea56f17cd614bc8908264df980a62e1931468vboxsync }
65fea56f17cd614bc8908264df980a62e1931468vboxsync
65fea56f17cd614bc8908264df980a62e1931468vboxsync public Token getToken(ServletRequest request) {
65fea56f17cd614bc8908264df980a62e1931468vboxsync Token ret = null;
65fea56f17cd614bc8908264df980a62e1931468vboxsync String n = name().toLowerCase();
65fea56f17cd614bc8908264df980a62e1931468vboxsync String id = request.getParameter(n);
if (isBlank(id)) {
try {
// Check the cookie value "iPlanetDirectoryPro"
SSOTokenManager mgr = SSOTokenManager.getInstance();
SSOToken token = mgr.createSSOToken((HttpServletRequest) request);
if (token != null) {
id = token.getTokenID().toString();
}
} catch (SSOException ex) {
// Ignore the exception, and no valid token
}
}
if (!isBlank(id)) {
ret = new Token();
ret.setId(id);
}
return ret;
}
public List getList(ServletRequest request) {
List ret = null;
String n = name().toLowerCase();
String[] values = request.getParameterValues(n);
if (values != null) {
ret = new ArrayList();
for (int i = 0; i < values.length; i++) {
String value = values[i];
if (!isBlank(value)) {
ret.add(value);
}
}
}
return ret;
}
public String[] getArray(ServletRequest request) {
String[] ret = null;
List valuesList = getList(request);
if ((valuesList != null) && (valuesList.size() > 0)) {
ret = new String[valuesList.size()];
valuesList.toArray(ret);
}
return ret;
}
}
/**
* Defined by the interface 'com.sun.identity.idsvcs.Security'.
*/
public static class SecurityMethod {
public static final SecurityMethod TOKENCOOKIE = new SecurityMethod(
"GETCOOKIENAMEFORTOKEN", String.class, (SecurityParameter[]) null);
public static final SecurityMethod ALLCOOKIES = new SecurityMethod(
"GETCOOKIENAMESTOFORWARD", String[].class, (SecurityParameter[]) null);
public static final SecurityMethod LOG = new SecurityMethod(
"LOG", Void.class, new SecurityParameter[]
{SecurityParameter.APPID, SecurityParameter.SUBJECTID,
SecurityParameter.LOGNAME, SecurityParameter.MESSAGE});
// ===================================================================
// Constructors
// ===================================================================
private SecurityMethod(String name, Class clazz,
SecurityParameter[] params) {
final Method[] SECURITY_METHODS =
IdentityServicesImpl.class.getMethods();
// find the method
Method imethod = null;
String lname = name.toLowerCase();
for (int i = 0; i < SECURITY_METHODS.length; i++) {
Method m = SECURITY_METHODS[i];
// found the method by name..
String mname = m.getName().toLowerCase();
if (mname.equals(lname)) {
// lets check based on parameters..
imethod = m;
break;
}
}
// need to throw if we can't find it..
if (imethod == null) {
throw new IllegalArgumentException();
}
// set the internal fields
this.type = clazz;
this.method = imethod;
this.parameters = params;
}
private SecurityMethod(String name, Class clazz,
SecurityParameter param1) {
this(name, clazz, new SecurityParameter[]{param1});
}
private SecurityMethod(String name, Class clazz,
SecurityParameter param1, SecurityParameter param2) {
this(name, clazz, new SecurityParameter[]{param1, param2});
}
private SecurityMethod(String name, Class clazz,
SecurityParameter param1, SecurityParameter param2,
SecurityParameter param3) {
this(name, clazz, new SecurityParameter[]{param1, param2, param3});
}
// ===================================================================
// Fields
// ===================================================================
final Class type;
final Method method;
final SecurityParameter[] parameters;
public static void execute(IdentityServicesImpl security,
HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
// find the security method from the path..
response.setCharacterEncoding("UTF-8");
Writer wrt = response.getWriter();
StringWriter sw = null;
String path = request.getPathInfo();
MarshallerFactory mar = getMarshaller(path);
// Set the respone content type
if (mar.getProtocol().equalsIgnoreCase("XML")) {
response.setContentType("text/xml");
} else if (mar.getProtocol().equals("JSON")) {
response.setContentType("application/json");
} else {
response.setContentType("text/plain");
}
path = path.substring(path.lastIndexOf('/') + 1).toUpperCase();
SecurityMethod method = null;
if (path.equals("LOG")) {
method = SecurityMethod.LOG;
} else if (path.equals("GETCOOKIENAMEFORTOKEN")) {
method = SecurityMethod.TOKENCOOKIE;
} else if (path.equals("GETCOOKIENAMESTOFORWARD")) {
method = SecurityMethod.ALLCOOKIES;
}
try {
if (method == null) {
// Throw Unsupported Operation Exception
response.setStatus(501);
mar.newInstance(Throwable.class).marshall(wrt,
new UnsupportedOperationException(path));
return;
}
// execute the method w/ the parameters..
Object value = method.invoke(security, request);
// marshall the response..
if (method.type != Void.class && value != null) {
mar.newInstance(method.type).marshall(wrt, value);
} else {
response.setContentType("text/plain");
if (value == null) {
wrt.write("NULL");
}
}
} catch (GeneralFailure ex) {
// write out the proper security based exception..
if(debug.messageEnabled()) {
debug.message("A generalFailure exception has been caught; details: ", ex);
}
try {
mar.newInstance(GeneralFailure.class).marshall(wrt, ex);
response.setStatus(500);
} catch (Exception e) {
// something really went wrong so just give up..
throw new ServletException(e);
}
} catch (Throwable e) {
if(debug.messageEnabled()) {
debug.message("An unknown exception has been caught; details: ", e);
}
try {
// something really went wrong so just give up..
mar.newInstance(Throwable.class).marshall(wrt, e);
if (e instanceof UnsupportedOperationException) {
response.setStatus(501);
} else if (e instanceof InvocationTargetException) {
response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
} else {
response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
}
} catch (Exception ex) {
throw new ServletException(ex);
}
} finally {
if (sw != null) {
sw.close();
}
}
}
private static boolean isZeroPageLoginAllowed(HttpServletRequest request) throws AuthException, SMSException,
SSOException {
final String realm = getRealm(request);
final ZeroPageLoginConfig config = AuthUtils.getZeroPageLoginConfig(realm);
return AuthClientUtils.isZeroPageLoginAllowed(config, request);
}
/**
* Gets the realm being used for this request by parsing the query parameters on the URI parameter (if present).
* This matches the logic used in opensso/IdentityServicesImpl. Defaults to "/".
*/
private static String getRealm(HttpServletRequest request) {
String realm = "/";
final String uri = SecurityParameter.URI.getString(request);
if (uri != null) {
for (String param : uri.split("&")) {
String[] parts = param.split("=");
if (parts.length == 2 && "realm".equals(parts[0])) {
realm = parts[1];
break;
}
}
}
return realm;
}
/**
* If both exist on the path then return JSON, XML, and then Properites
* in that order.
*/
private static MarshallerFactory getMarshaller(String path) {
// default is properties format
boolean xml = path.indexOf("xml/") != -1;
boolean json = path.indexOf("json/") != -1;
return (json) ? MarshallerFactory.JSON :
(xml) ? MarshallerFactory.XML : MarshallerFactory.PROPS;
}
private Object invoke(IdentityServicesImpl security,
ServletRequest request)
throws Throwable
{
// find the value for each parameter..
Object[] params = null;
if (parameters != null) {
params = new Object[this.parameters.length];
for (int i = 0; i < this.parameters.length; i++) {
SecurityParameter param = this.parameters[i];
params[i] = param.getValue(request);
}
}
Object ret = null;
try {
// invoke the actual security param..
ret = method.invoke(security, params);
} catch (IllegalArgumentException | IllegalAccessException e) {
throw new GeneralFailure(e.getMessage());
} catch (InvocationTargetException e) {
debug.warning("Exception during invocation", e);
throw e.getTargetException();
}
return ret;
}
}
}