001: /**
002: * $Id: SSOUtil.java,v 1.7 2005/09/21 13:12:20 mg155852 Exp $
003: * Copyright 2004 Sun Microsystems, Inc. All
004: * rights reserved. Use of this product is subject
005: * to license terms. Federal Acquisitions:
006: * Commercial Software -- Government Users
007: * Subject to Standard License Terms and
008: * Conditions.
009: *
010: * Sun, Sun Microsystems, the Sun logo, and Sun ONE
011: * are trademarks or registered trademarks of Sun Microsystems,
012: * Inc. in the United States and other countries.
013: */package com.sun.portal.util;
014:
015: import javax.security.auth.callback.Callback;
016: import javax.security.auth.callback.NameCallback;
017: import javax.security.auth.callback.PasswordCallback;
018:
019: import java.net.URLDecoder;
020: import java.util.logging.Level;
021: import java.util.logging.Logger;
022: import java.security.AccessController;
023:
024: import com.iplanet.sso.SSOException;
025: import com.iplanet.sso.SSOToken;
026: import com.iplanet.sso.SSOTokenManager;
027: import com.sun.identity.security.AdminTokenAction;
028: import com.sun.identity.authentication.AuthContext;
029: import com.sun.portal.log.common.PortalLogger;
030: import netscape.ldap.util.DN;
031:
032: public class SSOUtil {
033: private static Logger logger = PortalLogger
034: .getLogger(SSOUtil.class);
035: private static SSOTokenManager _tokenMgr = null;
036:
037: public static SSOToken getSSOToken(String strSessionId)
038: throws Exception {
039:
040: boolean decode = true;
041:
042: String cookieEncode = com.iplanet.am.util.SystemProperties
043: .get("com.iplanet.am.cookie.encode");
044: if (cookieEncode.equals("false"))
045: decode = false;
046: logger.log(Level.FINE,
047: "Value of the AMConfig encode property = "
048: + cookieEncode + " decoding cookies = "
049: + decode);
050:
051: if (decode)
052: return getSSOTokenNoDecode(URLDecoder.decode(strSessionId));
053: else
054: return getSSOTokenNoDecode(strSessionId);
055: }
056:
057: public static SSOToken getSSOTokenThrowExceptionToClient(
058: String strSessionId) throws Exception {
059:
060: boolean decode = true;
061:
062: String cookieEncode = com.iplanet.am.util.SystemProperties
063: .get("com.iplanet.am.cookie.encode");
064: if (cookieEncode.equals("false"))
065: decode = false;
066: logger.log(Level.FINE,
067: "Value of the AMConfig encode property = "
068: + cookieEncode + " decoding cookies = "
069: + decode);
070:
071: if (decode)
072: return getSSOTokenNoDecodeX(URLDecoder.decode(strSessionId));
073: else
074: return getSSOTokenNoDecodeX(strSessionId);
075: }
076:
077: public static SSOToken getSSOTokenNoDecode(String strSessionId)
078: throws Exception {
079:
080: try {
081: return getSSOTokenNoDecodeX(strSessionId);
082: } catch (SSOException ssoEx) {
083: // Thread.currentThread().dumpStack();
084: logger.log(Level.SEVERE, "PSSR_CSPU069", ssoEx);
085: throw ssoEx;
086: } catch (Exception e) {
087: // Thread.currentThread().dumpStack();
088: logger.log(Level.SEVERE, "PSSR_CSPU070", e);
089: throw e;
090: }
091:
092: }
093:
094: public static SSOToken getSSOTokenNoDecodeX(String strSessionId)
095: throws SSOException {
096: SSOToken ssoToken = null;
097: SSOTokenManager ssoTokenManager = SSOTokenManager.getInstance();
098: ssoToken = ssoTokenManager.createSSOToken(strSessionId);
099: if (!ssoTokenManager.isValidToken(ssoToken)) {
100: throw new SSOException(
101: "SSOToken creation suceeded , but it is not valid");
102: }
103: return ssoToken;
104: }
105:
106: /**
107: * New way to obtain AdminSSOToken
108: * @return
109: */
110:
111: public static SSOToken getAdminSSOToken() {
112: return (SSOToken) AccessController
113: .doPrivileged(AdminTokenAction.getInstance());
114: }
115:
116: /**
117: * This method is written to replace deprecated createSSOToken()
118: * method of SSOTokenManager.
119: * @param uid
120: * @param password
121: * @return
122: * @throws SSOException
123: */
124: public static SSOToken createSSOToken(final String uid,
125: String password) throws SSOException {
126: /* This implementation is returning SSOToken which expires after time
127: passing of "Maximum Idle Time:" as specified in AM
128: Replacing this with old way of obtaining SSOToken.
129:
130: SSOToken amSSOToken = null;
131: AuthContext lc = null;
132:
133: try {
134: lc = new AuthContext("/");
135: //IndexName is intentionally coded as Application
136: //By doing so, the SSOToken created for authlessannonymous
137: //user should never expire.
138: lc.login(AuthContext.IndexType.MODULE_INSTANCE, "Application");
139: } catch (Exception e) {
140: throw new SSOException(e);
141: }
142:
143: Callback[] callbacks = null;
144: // get information requested from module
145: while (lc.hasMoreRequirements()) {
146: callbacks = lc.getRequirements();
147: if (callbacks != null) {
148: try {
149: for (int i = 0; i < callbacks.length; i++) {
150: if (callbacks[i] instanceof NameCallback) {
151: NameCallback nc = (NameCallback) callbacks[i];
152: nc.setName(uid);
153: } else if (callbacks[i] instanceof PasswordCallback) {
154: PasswordCallback pc = (PasswordCallback) callbacks[i];
155: pc.setPassword(password.toCharArray());
156: }
157: }
158: lc.submitRequirements(callbacks);
159: } catch (Exception e) {
160: throw new SSOException(e);
161: }
162: }
163: }
164:
165: if (lc.getStatus() == AuthContext.Status.SUCCESS) {
166: try {
167: amSSOToken = lc.getSSOToken();
168: return amSSOToken;
169: } catch (Exception e) {
170: throw new SSOException(e);
171: }
172: } else if (lc.getStatus() == AuthContext.Status.FAILED) {
173: throw new SSOException("ldap authentication failed");
174: }
175: return amSSOToken;
176: */
177: SSOTokenManager ssom = getSSOTokenManager();
178: //Following is deprecated.
179: SSOToken token = ssom.createSSOToken(
180: new java.security.Principal() {
181: public String getName() {
182: return uid;
183: }
184: }, password);
185: return token;
186: }
187:
188: /**
189: * This method is written to replace deprecated createSSOToken()
190: * method of SSOTokenManager.
191: *
192: * @param uid
193: * @param password
194: * @return
195: * @throws SSOException
196: */
197: public static SSOToken createSSOToken(String uid, String password,
198: String orgDN) throws SSOException {
199:
200: SSOToken amSSOToken = null;
201: AuthContext lc = null;
202: String userName = null;
203:
204: DN dn = new DN(uid);
205: String[] RDN = dn.explodeDN(true);
206: if (RDN != null && RDN.length > 0) {
207: userName = RDN[0];
208: } else {
209: userName = uid;
210: }
211:
212: try {
213: lc = new AuthContext(orgDN);
214: //IndexName is intentionally coded as Application
215: //By doing so, the SSOToken created for authlessannonymous
216: //user should never expire.
217: lc.login(AuthContext.IndexType.MODULE_INSTANCE,
218: "Application");
219: } catch (Exception e) {
220: throw new SSOException(e);
221: }
222:
223: Callback[] callbacks = null;
224: // get information requested from module
225: while (lc.hasMoreRequirements()) {
226: callbacks = lc.getRequirements();
227: if (callbacks != null) {
228: try {
229: for (int i = 0; i < callbacks.length; i++) {
230: if (callbacks[i] instanceof NameCallback) {
231: NameCallback nc = (NameCallback) callbacks[i];
232: nc.setName(userName);
233: } else if (callbacks[i] instanceof PasswordCallback) {
234: PasswordCallback pc = (PasswordCallback) callbacks[i];
235: pc.setPassword(password.toCharArray());
236: }
237: }
238: lc.submitRequirements(callbacks);
239: } catch (Exception e) {
240: throw new SSOException(e);
241: }
242: }
243: }
244:
245: if (lc.getStatus() == AuthContext.Status.SUCCESS) {
246: try {
247: amSSOToken = lc.getSSOToken();
248: return amSSOToken;
249: } catch (Exception e) {
250: throw new SSOException(e);
251: }
252: } else if (lc.getStatus() == AuthContext.Status.FAILED) {
253: throw new SSOException("ldap authentication failed");
254: }
255: return amSSOToken;
256: }
257:
258: protected static SSOTokenManager getSSOTokenManager()
259: throws SSOException {
260: if (_tokenMgr == null) {
261: _tokenMgr = SSOTokenManager.getInstance();
262: if (_tokenMgr == null) {
263: throw new SSOException("SSOUtil.getSSOTokenMgr(): "
264: + "Failed to get SSOTokenManager. ");
265: }
266: }
267:
268: return _tokenMgr;
269: }
270: }
|