ws/soapbinding/WebServiceAuthenticatorImpl.java

a4544a5a0e622ef69e38641f87ab1b5685e05911Phill Cunnington/*
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster *
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster * Copyright (c) 2006 Sun Microsystems Inc. All Rights Reserved
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster *
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster * The contents of this file are subject to the terms
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster * of the Common Development and Distribution License
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster * (the License). You may not use this file except in
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster * compliance with the License.
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster *
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster * You can obtain a copy of the License at
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster * https://opensso.dev.java.net/public/CDDLv1.0.html or
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster * opensso/legal/CDDLv1.0.txt
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster * See the License for the specific language governing
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster * permission and limitations under the License.
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster *
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster * When distributing Covered Code, include this CDDL
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster * Header Notice in each file and include the License file
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster * at opensso/legal/CDDLv1.0.txt.
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster * If applicable, add the following below the CDDL Header,
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster * with the fields enclosed by brackets [] replaced by
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster * your own identifying information:
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster * "Portions Copyrighted [year] [name of copyright owner]"
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster *
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster * $Id: WebServiceAuthenticatorImpl.java,v 1.4 2008/08/06 17:29:25 exu Exp $
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster *
ccf9d4a5c6453fa9f8b839baeee25147865fbb7dJames Phillpotts * Portions Copyrighted 2015-2016 ForgeRock AS.
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster */
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster
d0da70ccbba38b773e7a7cc71bc124b06206d201Robert Wapshottpackage com.sun.identity.liberty.ws.soapbinding;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster
ccf9d4a5c6453fa9f8b839baeee25147865fbb7dJames Phillpottsimport static org.forgerock.openam.utils.Time.*;
ccf9d4a5c6453fa9f8b839baeee25147865fbb7dJames Phillpotts
bf2a56fd7e5b3bb37378e87e32829a01402d27f0Tom Rumseyimport java.security.AccessController;
bf2a56fd7e5b3bb37378e87e32829a01402d27f0Tom Rumseyimport java.security.cert.X509Certificate;
bf2a56fd7e5b3bb37378e87e32829a01402d27f0Tom Rumseyimport java.util.ArrayList;
bf2a56fd7e5b3bb37378e87e32829a01402d27f0Tom Rumseyimport java.util.HashSet;
bf2a56fd7e5b3bb37378e87e32829a01402d27f0Tom Rumseyimport java.util.Iterator;
bf2a56fd7e5b3bb37378e87e32829a01402d27f0Tom Rumseyimport java.util.List;
bf2a56fd7e5b3bb37378e87e32829a01402d27f0Tom Rumseyimport java.util.Map;
bf2a56fd7e5b3bb37378e87e32829a01402d27f0Tom Rumseyimport java.util.Set;
bf2a56fd7e5b3bb37378e87e32829a01402d27f0Tom Rumsey
bf2a56fd7e5b3bb37378e87e32829a01402d27f0Tom Rumseyimport javax.security.auth.Subject;
bf2a56fd7e5b3bb37378e87e32829a01402d27f0Tom Rumseyimport javax.servlet.http.HttpServletRequest;
bf2a56fd7e5b3bb37378e87e32829a01402d27f0Tom Rumsey
bf2a56fd7e5b3bb37378e87e32829a01402d27f0Tom Rumseyimport org.forgerock.guice.core.InjectorHolder;
bf2a56fd7e5b3bb37378e87e32829a01402d27f0Tom Rumsey
d0da70ccbba38b773e7a7cc71bc124b06206d201Robert Wapshottimport com.iplanet.am.util.Cache;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Fosterimport com.iplanet.dpro.session.service.InternalSession;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Fosterimport com.iplanet.dpro.session.service.SessionService;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Fosterimport com.iplanet.security.x509.CertUtils;
d0da70ccbba38b773e7a7cc71bc124b06206d201Robert Wapshottimport com.iplanet.sso.SSOToken;
d0da70ccbba38b773e7a7cc71bc124b06206d201Robert Wapshottimport com.iplanet.sso.SSOTokenManager;
d0da70ccbba38b773e7a7cc71bc124b06206d201Robert Wapshottimport com.sun.identity.security.AdminTokenAction;
d0da70ccbba38b773e7a7cc71bc124b06206d201Robert Wapshottimport com.sun.identity.shared.DateUtils;
d0da70ccbba38b773e7a7cc71bc124b06206d201Robert Wapshottimport com.sun.identity.shared.configuration.SystemPropertiesManager;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Fosterimport com.sun.identity.shared.datastruct.CollectionHelper;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Fosterimport com.sun.identity.shared.debug.Debug;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Fosterimport com.sun.identity.sm.ServiceSchema;
d0da70ccbba38b773e7a7cc71bc124b06206d201Robert Wapshottimport com.sun.identity.sm.ServiceSchemaManager;
d0da70ccbba38b773e7a7cc71bc124b06206d201Robert Wapshott
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Fosterclass WebServiceAuthenticatorImpl implements WebServiceAuthenticator {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster    private static final String PRINCIPAL_PROP = "Principal";
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster    private static final String PRINCIPALS_PROP = "Principals";
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster    private static final String AUTH_TYPE_PROP = "AuthType";
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster    private static final String AUTH_INSTANT_PROP = "authInstant";
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster    private static final String ANONYMOUS_PRINCIPAL = "anonymous";
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster    private static final String SESSION_SERVICE_NAME =
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            "iPlanetAMSessionService";
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster    private static final String MAX_SESSION_TIME =
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            "iplanet-am-session-max-session-time";
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster    private static final String IDLE_TIME =
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            "iplanet-am-session-max-idle-time";
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster    private static final String CACHE_TIME =
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            "iplanet-am-session-max-caching-time";
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster    private static final int DEFAULT_MAX_SESSION_TIME = 120;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster    private static final int DEFAULT_IDLE_TIME = 30;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster    private static final int DEFAULT_CACHE_TIME = 3;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster    private static Cache ssoTokenCache = new Cache(1000);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster    private static SSOTokenManager ssoTokenManager = null;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster    private static ServiceSchema sessionSchema = null;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster    private static String rootSuffix =
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            SystemPropertiesManager.get("com.iplanet.am.rootsuffix");
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster    private static Debug debug = Debug.getInstance("libIDWSF");
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster    static {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        try {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            ssoTokenManager = SSOTokenManager.getInstance();
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        } catch (Exception ex) {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            debug.error("WebServiceAuthenticatorImpl.static: " +
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                "unable to get SSOTokenManager", ex);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        }
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        try {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            SSOToken adminToken = (SSOToken) AccessController.doPrivileged(
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                    AdminTokenAction.getInstance());
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            ServiceSchemaManager scm = new ServiceSchemaManager(
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                    SESSION_SERVICE_NAME, adminToken);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            sessionSchema = scm.getDynamicSchema();
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        } catch (Exception ex) {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            debug.error("WebServiceAuthenticatorImpl.static: " +
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                "unable to get session schema", ex);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        }
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster    }
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster    /**
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster     * Authenticates a web service using its certificates.
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster     *
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster     * @param message a Message object that needs authentication.
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster     * @param request the HttpServletRequest object that comes from the web
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster     *                service
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster     * @return a SSOToken Object for the valid certificates after
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster     *         successful authentication or null if authentication fails.
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster     */
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster    public Object authenticate(Message message,Subject subject,Map state,
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            HttpServletRequest request) {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        List certs = null;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        X509Certificate clientCert = message.getPeerCertificate();
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        if (clientCert != null) {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            // SSL client auth certificate
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            certs = new ArrayList(2);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            certs.add(clientCert);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        }
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        X509Certificate messageCert = message.getMessageCertificate();
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        if (messageCert != null) {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            if (certs == null) {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                certs = new ArrayList(1);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            }
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            certs.add(messageCert);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        }
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        String principal = null;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        StringBuffer principalsSB = null;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        if (certs == null) {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            principal = ANONYMOUS_PRINCIPAL;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        } else {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            Set principalsSet = new HashSet(6);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            for(Iterator iter = certs.iterator(); iter.hasNext();) {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                X509Certificate cert = (X509Certificate)iter.next();
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                if (debug.messageEnabled()) {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                    debug.message(
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                        "WebServiceAuthenticatorImpl.authenticate: cert = " +
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                        cert);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                }
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                String subjectDN = CertUtils.getSubjectName(cert);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                if (principal == null) {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                    principal = subjectDN;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                } else if (!principal.equals(subjectDN)) {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                    principalsSet.add(subjectDN);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                }
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                String issuerDN = CertUtils.getIssuerName(cert);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                principalsSet.add(issuerDN);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            }
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            principalsSB = new StringBuffer(50);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            for(Iterator iter = principalsSet.iterator(); iter.hasNext();) {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                String str = (String)iter.next();
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                if (principalsSB.length() == 0) {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                    principalsSB.append(str);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                } else {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                    principalsSB.append("|").append(str);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                }
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            }
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        }
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        if (debug.messageEnabled()) {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            debug.message("WebServiceAuthenticatorImpl.authenticate"+
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                ": principal = " + principal +
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                ", principals = " + principalsSB);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        }
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        String authMech = message.getAuthenticationMechanism();
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        String cacheKey = authMech + " " + principal;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        if (debug.messageEnabled()) {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            debug.message("WebServiceAuthenticatorImpl.authenticate"+
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                ": cacheKey = " + cacheKey);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        }
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        SSOToken ssoToken = null;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        ssoToken = (SSOToken)ssoTokenCache.get(cacheKey);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        if (ssoToken != null) {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            if (ssoTokenManager.isValidToken(ssoToken)) {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                if (debug.messageEnabled()) {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                    debug.message("WebServiceAuthenticatorImpl." +
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                        "authenticate: found ssoToken in cache");
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                }
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                return ssoToken;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            }
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            if (debug.messageEnabled()) {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                debug.message("WebServiceAuthenticatorImpl." +
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                    "authenticate: ssoToken in cache expired");
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            }
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            synchronized (ssoTokenCache) {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                ssoTokenCache.remove(cacheKey);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            }
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            ssoToken = null;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        }
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        String authInstant = null;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        try {
bf2a56fd7e5b3bb37378e87e32829a01402d27f0Tom Rumsey            InternalSession is = InjectorHolder.getInstance(SessionService.class).newInternalSession(null, false);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            is.activate("");
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            Map attrs = sessionSchema.getAttributeDefaults();
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            is.setMaxSessionTime(CollectionHelper.getIntMapAttr(
d0da70ccbba38b773e7a7cc71bc124b06206d201Robert Wapshott                    attrs, MAX_SESSION_TIME, DEFAULT_MAX_SESSION_TIME, debug));
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            is.setMaxIdleTime(CollectionHelper.getIntMapAttr(
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                attrs, IDLE_TIME, DEFAULT_IDLE_TIME, debug));
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            is.setMaxCachingTime(CollectionHelper.getIntMapAttr(
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                attrs, CACHE_TIME, DEFAULT_CACHE_TIME, debug));
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            is.putProperty(AUTH_TYPE_PROP,
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                    message.getAuthenticationMechanism());
ccf9d4a5c6453fa9f8b839baeee25147865fbb7dJames Phillpotts            authInstant = DateUtils.toUTCDateFormat(newDate());
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            is.putProperty(AUTH_INSTANT_PROP, authInstant);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            ssoToken = SSOTokenManager.getInstance()
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            .createSSOToken(is.getID().toString());
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        } catch (Exception ex) {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            debug.error("WebServiceAuthenticatorImpl.authenticate: " +
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                "Unable to get SSOToken", ex);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        }
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        if (ssoToken == null) {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            return null;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        }
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        try {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            ssoToken.setProperty(PRINCIPAL_PROP, principal);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            if (principalsSB != null) {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                ssoToken.setProperty(PRINCIPALS_PROP, principalsSB.toString());
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            }
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            if(authInstant != null) {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                ssoToken.setProperty(AUTH_INSTANT_PROP, authInstant);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            }
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            ssoToken.setProperty(AUTH_TYPE_PROP,
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                    message.getAuthenticationMechanism());
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            SSOTokenManager.getInstance().refreshSession(ssoToken);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            ssoTokenCache.put(cacheKey, ssoToken);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        } catch (Exception ex) {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            debug.error("WebServiceAuthenticatorImpl.authenticate: " +
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                "Unable to set SSOToken property", ex);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            return null;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        }
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        return ssoToken;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster    }
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster}