webapp/oauth2/checkSession.jsp

	checkSession.jsp revision 3547063d010b485922e56e2fe43f2f3cde2e710a
d81f6d00c343633159fc5ea08599d145135612c0ludovicp<%--
d81f6d00c343633159fc5ea08599d145135612c0ludovicp/*
d81f6d00c343633159fc5ea08599d145135612c0ludovicp * DO NOT REMOVE COPYRIGHT NOTICES OR THIS HEADER.
d81f6d00c343633159fc5ea08599d145135612c0ludovicp *
d81f6d00c343633159fc5ea08599d145135612c0ludovicp * Copyright (c) 2013 ForgeRock AS All rights reserved.
d81f6d00c343633159fc5ea08599d145135612c0ludovicp *
d81f6d00c343633159fc5ea08599d145135612c0ludovicp * The contents of this file are subject to the terms
d81f6d00c343633159fc5ea08599d145135612c0ludovicp * of the Common Development and Distribution License
d81f6d00c343633159fc5ea08599d145135612c0ludovicp * (the License). You may not use this file except in
d81f6d00c343633159fc5ea08599d145135612c0ludovicp * compliance with the License.
d81f6d00c343633159fc5ea08599d145135612c0ludovicp *
d81f6d00c343633159fc5ea08599d145135612c0ludovicp * You can obtain a copy of the License at
d81f6d00c343633159fc5ea08599d145135612c0ludovicp * http://forgerock.org/license/CDDLv1.0.html
d81f6d00c343633159fc5ea08599d145135612c0ludovicp * See the License for the specific language governing
d81f6d00c343633159fc5ea08599d145135612c0ludovicp * permission and limitations under the License.
d81f6d00c343633159fc5ea08599d145135612c0ludovicp *
d81f6d00c343633159fc5ea08599d145135612c0ludovicp * When distributing Covered Code, include this CDDL
d81f6d00c343633159fc5ea08599d145135612c0ludovicp * Header Notice in each file and include the License file
d81f6d00c343633159fc5ea08599d145135612c0ludovicp * at http://forgerock.org/license/CDDLv1.0.html
ff6286a9aeb144fa2ea2e61668eb86716a7d6117ludo * If applicable, add the following below the CDDL Header,
ff6286a9aeb144fa2ea2e61668eb86716a7d6117ludo * with the fields enclosed by brackets [] replaced by
ff6286a9aeb144fa2ea2e61668eb86716a7d6117ludo * your own identifying information:
ff6286a9aeb144fa2ea2e61668eb86716a7d6117ludo * "Portions copyright [year] [name of copyright owner]"
ff6286a9aeb144fa2ea2e61668eb86716a7d6117ludo */
--%>

<%@ page pageEncoding="UTF-8" %>
<%@ page import="org.forgerock.openam.oauth2.openid.CheckSessionImpl" %>
<%@ page import="org.forgerock.openam.oauth2.openid.CheckSession" %>
<%@ page import="org.owasp.esapi.ESAPI" %>
<%
    CheckSession checkSession = new CheckSessionImpl();
    String cookieName = checkSession.getCookieName();
    String clientSessionURI = checkSession.getClientSessionURI(request);
    Boolean validSession = checkSession.getValidSession(request);

%>
<!DOCTYPE html>
<html>
<head>
    <title></title>
</head>
<body>
<script src="../../js/sha256.js"></script>
<script type="text/javascript">

    window.addEventListener("message", receiveMessage, false);
    var client_id;
    function receiveMessage(e){
        data = e.data.split(' ');
        client_id = data[0];
        var clientURI = "<%=ESAPI.encoder().encodeForJavaScript(clientSessionURI)%>";
        if (e.origin !== clientURI){
            return;
        }
        var session_state = data[1];
        var opbs = getBrowserState();
        var ss = CryptoJS.SHA256(client_id + e.origin  + opbs);
        if (session_state == ss) {
            stat = 'unchanged';
        } else {
            stat = 'changed';
        }
        e.source.postMessage(stat, e.origin);
     }

    function getBrowserState(){
        var validSession = "<%=validSession%>";

        if (!validSession){
            return "";
        }
        var cookieName = "<%=ESAPI.encoder().encodeForJavaScript(cookieName)%>" + "=";
        var cookies = document.cookie+";";
        var cookieStart = cookies.indexOf(cookieName);
        if (cookieStart != -1) {
            var end = cookies.indexOf(";", cookieStart);
            return unescape(cookies.substring(cookieStart + cookieName.length, end));
        }
        return "";
    }
</script>
</body>
</html>