001: /*
002: * Copyright 2001 Sun Microsystems, Inc. All rights reserved.
003: * PROPRIETARY/CONFIDENTIAL. Use of this product is subject to license terms.
004: */
005: package com.sun.portal.desktop.context;
006:
007: import com.iplanet.sso.SSOException;
008: import com.iplanet.sso.SSOToken;
009: import com.iplanet.sso.SSOTokenManager;
010: import com.sun.portal.desktop.DesktopError;
011: import com.sun.portal.desktop.ROC;
012: import com.sun.portal.desktop.TypedException;
013: import java.security.Principal;
014: import javax.servlet.http.HttpServletRequest;
015:
016: /*
017: * This class represents a Session Application Context using iDS/AME.
018: *
019: * This class is assumed to be executing in a static environment. Meaning,
020: * it is declared statically or the class that declares this class is
021: * declared statically, etc. The reason for this is that is uses several
022: * data members that are most effectively used per-JVM.
023: */
024:
025: public class DSAMESessionAppContext implements SessionAppContext {
026: private static final String ROC_SSO_TOKEN = "ssoToken";
027:
028: //
029: // this member is re-used throughout the life of this class to get
030: // instances of SSOToken
031: //
032: protected SSOTokenManager tokenMgr = null;
033:
034: public DSAMESessionAppContext() {
035: tokenMgr = DSAMEConnection.getSSOTokenManager();
036: }
037:
038: public boolean validateSession(HttpServletRequest req) {
039: boolean isValid = false;
040:
041: SSOToken token = getSSOToken(req);
042: if (token != null && tokenMgr.isValidToken(token)) {
043: isValid = true;
044: }
045:
046: return isValid;
047: }
048:
049: protected SSOToken getSSOToken(HttpServletRequest req) {
050: //
051: // try to get the token from the request. this saves
052: // us creating >1 sso tokens for multiple
053: // per-request calls into this api
054: //
055: SSOToken token = (SSOToken) ROC.getObject(ROC_SSO_TOKEN);
056: if (token == null) {
057: try {
058: token = DSAMEConnection.getSSOTokenManager()
059: .createSSOToken(req);
060: //
061: // put the token into the request, so multiple calls
062: // into this api per request can use this value
063: //
064: ROC.setObject(ROC_SSO_TOKEN, token);
065: } catch (SSOException se) {
066: if ((se.getMessage().equals("Invalid session ID."))
067: || (se.getMessage()
068: .startsWith("Service URL not found:session"))) {
069: // No session really exists for this client/user-agent!
070: return null;
071: }
072:
073: // A valid session has become invalid for time-out or explicit killing on AMConsole.
074: if (se.getMessage().startsWith("Session timed out.")) {
075: throw new DesktopError(se,
076: TypedException.SESSION_TIMED_OUT);
077: }
078:
079: throw new DesktopError(se, TypedException.SESSION_TYPE);
080: }
081: }
082:
083: return token;
084: }
085:
086: public String getUserID(HttpServletRequest req) {
087: Principal p = null;
088:
089: try {
090: SSOToken token = getSSOToken(req);
091: if (token == null) {
092: return null;
093: }
094: p = token.getPrincipal();
095: } catch (SSOException ssoe) {
096: throw new ContextError(ssoe, ContextError.SESSION_TYPE);
097: }
098:
099: return p.toString();
100: }
101:
102: public String getSessionID(HttpServletRequest req) {
103: SSOToken token = getSSOToken(req);
104: String tokenID = null;
105:
106: if (token != null) {
107: tokenID = token.getTokenID().toString();
108: }
109:
110: return tokenID;
111: }
112: }
|