/**
* $Id: SSOUtil.java,v 1.7 2005/09/21 13:12:20 mg155852 Exp $
* Copyright 2004 Sun Microsystems, Inc. All
* rights reserved. Use of this product is subject
* to license terms. Federal Acquisitions:
* Commercial Software -- Government Users
* Subject to Standard License Terms and
* Conditions.
*
* Sun, Sun Microsystems, the Sun logo, and Sun ONE
* are trademarks or registered trademarks of Sun Microsystems,
* Inc. in the United States and other countries.
*/
package com.sun.portal.util;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import java.net.URLDecoder;
import java.util.logging.Level;
import java.util.logging.Logger;
import java.security.AccessController;
import com.iplanet.sso.SSOException;
import com.iplanet.sso.SSOToken;
import com.iplanet.sso.SSOTokenManager;
import com.sun.identity.security.AdminTokenAction;
import com.sun.identity.authentication.AuthContext;
import com.sun.portal.log.common.PortalLogger;
import netscape.ldap.util.DN;
public class SSOUtil {
private static Logger logger = PortalLogger.getLogger(SSOUtil.class);
private static SSOTokenManager _tokenMgr = null;
public static SSOToken getSSOToken(String strSessionId) throws Exception {
boolean decode = true;
String cookieEncode = com.iplanet.am.util.SystemProperties.get("com.iplanet.am.cookie.encode");
if (cookieEncode.equals("false"))
decode = false;
logger.log(Level.FINE, "Value of the AMConfig encode property = " + cookieEncode + " decoding cookies = "
+ decode);
if (decode)
return getSSOTokenNoDecode(URLDecoder.decode(strSessionId));
else
return getSSOTokenNoDecode(strSessionId);
}
public static SSOToken getSSOTokenThrowExceptionToClient(String strSessionId) throws Exception {
boolean decode = true;
String cookieEncode = com.iplanet.am.util.SystemProperties.get("com.iplanet.am.cookie.encode");
if (cookieEncode.equals("false"))
decode = false;
logger.log(Level.FINE, "Value of the AMConfig encode property = " + cookieEncode + " decoding cookies = "
+ decode);
if (decode)
return getSSOTokenNoDecodeX(URLDecoder.decode(strSessionId));
else
return getSSOTokenNoDecodeX(strSessionId);
}
public static SSOToken getSSOTokenNoDecode(String strSessionId) throws Exception {
try {
return getSSOTokenNoDecodeX(strSessionId);
} catch (SSOException ssoEx) {
// Thread.currentThread().dumpStack();
logger.log(Level.SEVERE, "PSSR_CSPU069", ssoEx );
throw ssoEx;
} catch (Exception e) {
// Thread.currentThread().dumpStack();
logger.log(Level.SEVERE, "PSSR_CSPU070", e);
throw e;
}
}
public static SSOToken getSSOTokenNoDecodeX(String strSessionId) throws SSOException {
SSOToken ssoToken = null;
SSOTokenManager ssoTokenManager = SSOTokenManager.getInstance();
ssoToken = ssoTokenManager.createSSOToken(strSessionId);
if (!ssoTokenManager.isValidToken(ssoToken)) {
throw new SSOException("SSOToken creation suceeded , but it is not valid");
}
return ssoToken;
}
/**
* New way to obtain AdminSSOToken
* @return
*/
public static SSOToken getAdminSSOToken(){
return (SSOToken) AccessController.doPrivileged(AdminTokenAction.getInstance());
}
/**
* This method is written to replace deprecated createSSOToken()
* method of SSOTokenManager.
* @param uid
* @param password
* @return
* @throws SSOException
*/
public static SSOToken createSSOToken(final String uid, String password) throws SSOException {
/* This implementation is returning SSOToken which expires after time
passing of "Maximum Idle Time:" as specified in AM
Replacing this with old way of obtaining SSOToken.
SSOToken amSSOToken = null;
AuthContext lc = null;
try {
lc = new AuthContext("/");
//IndexName is intentionally coded as Application
//By doing so, the SSOToken created for authlessannonymous
//user should never expire.
lc.login(AuthContext.IndexType.MODULE_INSTANCE, "Application");
} catch (Exception e) {
throw new SSOException(e);
}
Callback[] callbacks = null;
// get information requested from module
while (lc.hasMoreRequirements()) {
callbacks = lc.getRequirements();
if (callbacks != null) {
try {
for (int i = 0; i < callbacks.length; i++) {
if (callbacks[i] instanceof NameCallback) {
NameCallback nc = (NameCallback) callbacks[i];
nc.setName(uid);
} else if (callbacks[i] instanceof PasswordCallback) {
PasswordCallback pc = (PasswordCallback) callbacks[i];
pc.setPassword(password.toCharArray());
}
}
lc.submitRequirements(callbacks);
} catch (Exception e) {
throw new SSOException(e);
}
}
}
if (lc.getStatus() == AuthContext.Status.SUCCESS) {
try {
amSSOToken = lc.getSSOToken();
return amSSOToken;
} catch (Exception e) {
throw new SSOException(e);
}
} else if (lc.getStatus() == AuthContext.Status.FAILED) {
throw new SSOException("ldap authentication failed");
}
return amSSOToken;
*/
SSOTokenManager ssom = getSSOTokenManager();
//Following is deprecated.
SSOToken token = ssom.createSSOToken(new java.security.Principal() {
public String getName() {
return uid;
}
}, password);
return token;
}
/**
* This method is written to replace deprecated createSSOToken()
* method of SSOTokenManager.
*
* @param uid
* @param password
* @return
* @throws SSOException
*/
public static SSOToken createSSOToken(String uid, String password,
String orgDN) throws SSOException {
SSOToken amSSOToken = null;
AuthContext lc = null;
String userName = null;
DN dn = new DN(uid);
String[] RDN = dn.explodeDN(true);
if (RDN != null && RDN.length > 0) {
userName = RDN[0];
} else {
userName = uid;
}
try {
lc = new AuthContext(orgDN);
//IndexName is intentionally coded as Application
//By doing so, the SSOToken created for authlessannonymous
//user should never expire.
lc.login(AuthContext.IndexType.MODULE_INSTANCE, "Application");
} catch (Exception e) {
throw new SSOException(e);
}
Callback[] callbacks = null;
// get information requested from module
while (lc.hasMoreRequirements()) {
callbacks = lc.getRequirements();
if (callbacks != null) {
try {
for (int i = 0; i < callbacks.length; i++) {
if (callbacks[i] instanceof NameCallback) {
NameCallback nc = (NameCallback) callbacks[i];
nc.setName(userName);
} else if (callbacks[i] instanceof PasswordCallback) {
PasswordCallback pc = (PasswordCallback) callbacks[i];
pc.setPassword(password.toCharArray());
}
}
lc.submitRequirements(callbacks);
} catch (Exception e) {
throw new SSOException(e);
}
}
}
if (lc.getStatus() == AuthContext.Status.SUCCESS) {
try {
amSSOToken = lc.getSSOToken();
return amSSOToken;
} catch (Exception e) {
throw new SSOException(e);
}
} else if (lc.getStatus() == AuthContext.Status.FAILED) {
throw new SSOException("ldap authentication failed");
}
return amSSOToken;
}
protected static SSOTokenManager getSSOTokenManager() throws SSOException {
if (_tokenMgr == null) {
_tokenMgr = SSOTokenManager.getInstance();
if (_tokenMgr == null) {
throw new SSOException("SSOUtil.getSSOTokenMgr(): "
+ "Failed to get SSOTokenManager. ");
}
}
return _tokenMgr;
}
}
|