SessionUtils.java revision 8d3140b524c0e28c0a49dc7c7d481123ef3cfe11
/**
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
*
* Copyright (c) 2005 Sun Microsystems Inc. All Rights Reserved
*
* The contents of this file are subject to the terms
* of the Common Development and Distribution License
* (the License). You may not use this file except in
* compliance with the License.
*
* You can obtain a copy of the License at
* See the License for the specific language governing
* permission and limitations under the License.
*
* When distributing Covered Code, include this CDDL
* Header Notice in each file and include the License file
* at opensso/legal/CDDLv1.0.txt.
* If applicable, add the following below the CDDL Header,
* with the fields enclosed by brackets [] replaced by
* your own identifying information:
* "Portions Copyrighted [year] [name of copyright owner]"
*
* $Id: SessionUtils.java,v 1.10 2009/11/09 18:35:22 beomsuk Exp $
*
*/
/*
* Portions Copyrighted 2013 ForgeRock, Inc.
*/
/**
* This class Implements utility methods for handling HTTP Session.
* <p>
*/
public class SessionUtils {
/** The QUERY encoding scheme*/
public static final short QUERY = 0;
/** The SLASH encoding scheme*/
public static final short SLASH = 1;
/** The SEMICOLON encoding scheme*/
public static final short SEMICOLON = 2;
/** Set of trusted Inetaddresses */
/** The HTTPClient IPHeader */
/** The SESSION_ENCRYPTION to check if this is encrypted session */
"false")).booleanValue();
/**
* Returns a SessionID string based on a HttpServletRequest object or null
* if session id is not present or there was an error.
* <p>
*
* @param request
* The HttpServletRequest object which contains the session
* string.
* @return an encodeURL with sessionID or the url if session was not present
* or there was an error.
*/
}
return sidString;
}
/**
* Returns URL encoded with the cookie Value (SSOToken ID) if cookies are
* not support. Throws an SSOException in case of an error.
*
* <p>
* The cookie Value is written in the URL based on the encodingScheme
* specified. The Cookie Value could be written as path info separated by
* either a "/" OR ";" or as a query string.
*
* <p>
* If the encoding scheme is SLASH then the cookie value would be written in
* the URL as extra path info in the following format:
* <pre>
* protocol://server:port/servletpath/<cookieName>=<cookieValue>?
* queryString
* </pre>
* <p>
* Note that this format works only if the path is a servlet, if a a jsp
* file is specified then webcontainers return with "File Not found" error.
* To rewrite links which are JSP files with cookie value use the SEMICOLON
* OR QUERY encoding scheme.
*
* <p>
* If the encoding scheme is SEMICOLON then the cookie value would be
* written in the URL as extra path info in the following format:
* <pre>
* </pre>
* Note that this is not supported in the servlet specification and some web
* containers do not support this.
*
* <p>
* If the encoding scheme is QUERY then the cookie value would be written in
* the URL in the following format:
* <pre>
* <cookieName>=<cookieValue>
* </pre>
* <p>
* This is the default and OpenAM always encodes in this format
* unless otherwise specified. If the URL passed in has query parameter then
* entity escaping of ampersand will be done before appending the cookie if
* the escape is true.Only the ampersand before appending cookie parameter
* will be entity escaped.
* <p>
*
* @param ssoToken Single Sign Token which contains the session string.
* @param url the URL to be encoded
* @param encodingScheme possible values are <code>QUERY</code>,
* <code>SLASH</code>, <code>SEMICOLON</code>.
* @param escape <code>true</code> to escape ampersand when appending the
* Single Sign On Token ID to request query string.
* @return encoded URL with cookie value (session ID) based on the encoding
* scheme.
* @exception SSOException if URL cannot be encoded.
*/
try {
} catch (Exception e) {
throw new SSOException(e);
}
return encodedURL;
}
/**
* Returns URL encoded with the cookie Value (SSOToken ID) if cookies are
* not supported.
*
* This method assumes default encoding scheme which is QUERY. The cookie
* value would be written in the URL in the following format:
* <pre>
* <cookieName>=<cookieValue>
* </pre>
* <p>
*
* This is the default and OpenAM always encodes in this format
* unless otherwise specified. If the URL passed in has query parameter then
* entity escaping of ampersand will be done before appending the cookie if
* the escape is true. Only the ampersand before appending cookie parameter
* will be entity escaped.
* <p>
*
* @param ssoToken Single Sign Token which contains the session string.
* @param url the URL to be encoded.
* @param escape <code>true</code> to escape ampersand when appending the
* Single Sign On Token ID to request query string.
* @return URL encoded with cookie Value in the query string.
* @exception SSOException if URL cannot be encoded.
*/
boolean escape
) throws SSOException
{
try {
} catch (Exception e) {
throw new SSOException(e);
}
return encodedURL;
}
/**
* Returns the remote IP address of the client
*
* @param servletRequest The HttpServletRequest object which contains the
* session string.
* @return InetAddress the client address
* @exception Exception
*/
public static InetAddress getClientAddress(
{
.getRemoteAddr());
if (isTrustedSource(remoteClient)) {
if (proxyHeader != null) {
}
}
return remoteClient;
}
/* build the trust source set*/
try {
while (stk.hasMoreTokens()) {
}
} else {
// use platform server list as a default fallback
"emptyTrustedSourceList", null);
}
try {
"Validating Host exception", ex);
}
}
}
} catch (Exception e) {
throw new SessionException(e);
}
return result;
}
/**
* Returns the remote IP address of the client is a trusted source
*
* @param source the InetAddress of the remote client
* @return a <code>true </code> if is a trusted source.<code>false> otherwise
* @exception Exception
*/
throws SessionException {
if (trustedSources == null) {
}
}
/**
* Helper method to serialize and encrypt objects saved in the repository
*
* @param obj
* object to be serialized and encrypted
* @return encrypted byte array containing serialized objects
* @throws Exception
* if anything goes wrong
*/
// convert object to byte using streams
if (SESSION_ENCRYPTION) {
return (byte[]) AccessController
.doPrivileged(new PrivilegedExceptionAction() {
}
});
}
return blob;
}
/**
* Deserializes and decrypts objects retrieved from the repository.
*
* @param blob Byte array containing serialized and encrypted object value.
* @return retrieved object.
* @throws Exception if anything goes wrong.
*/
byte[] decryptedBlob;
if (SESSION_ENCRYPTION) {
decryptedBlob = (byte[]) AccessController
.doPrivileged(new PrivilegedExceptionAction() {
}
});
} else {
}
return objInStream.readObject();
}
/**
* Helper method to get the encrypted session storage key
*
* @param sessionID
* SessionID
* @return encrypted session storage key
* @throws Exception
* if anything goes wrong
*/
throws Exception {
if (SESSION_ENCRYPTION) {
.getHardcodedKeyEncryptor()));
return strEncrypted;
}
return sKey;
}
/**
* Helper method to get admin token. This is not amadmin user
* but the user configured in serverconfig.xml as super user.
*
* @return SSOToken of super admin.
*/
if (adminToken == null) {
}
return (adminToken);
}
/**
* Helper method to compare if the user token passed is same as admin
* token. It does not check if user token or admin token is valid.
*
* @param admToken Admin Single Sign-On token.
* @param usrToken User Single Sign-On token to compare against admin
* Single Sign-On token.
* @return <code>true</code> if they both are same.
*/
return false;
}
return false;
}
boolean result = false;
try {
} catch (SSOException ssoEx) {
+ "to get principal");
return false;
}
try {
} catch (SSOException ssoEx) {
+ "to get principal");
return false;
}
result = true;
}
if (debug.messageEnabled()) {
" for user principal: " + usrName +
" against admin principal: " + admName);
}
return result;
}
/**
* Helper method to check if client has taken permission to
* set value to it. If
* @param clientToken Token of the client setting protected property.
* @param key Property key
* @param value Property value.
* @throws SessionException if the key is protected property.
*/
if (clientToken == null) {
// Throw Ex. Client should identify itself.
"SessionUtils.checkPermissionToSetProperty(): "
+ "Attempt to set protected property without client "
}
throw new SessionException(
+ " " + key);
}
try {
} catch (SSOException ssoEx) {
// Throw Ex. Not able to get SSOTokenManager instance.
"SessionUtils.checkPermissionToSetProperty(): "
+ "Cannot get instance of SSOTokenManager.");
throw new SessionException(
}
// Throw Ex. Client should identify itself.
"SessionUtils.checkPermissionToSetProperty(): "
+ "Attempt to set protected property with invalid client"
}
throw new SessionException(
}
try {
} catch (SSOException ssoEx) {
// Throw Ex. Server not able to get Admin Token.
"SessionUtils.checkPermissionToSetProperty(): "
+ "Cannot get Admin Token for validation to set protected "
throw new SessionException(
+ " " + key);
}
// Throw Ex. Client not authorized to set this property.
"SessionUtils.checkPermissionToSetProperty(): "
+ "Client does not have permission to set protected "
throw new SessionException(
+ " " + key);
}
}
}
}