Package com.iplanet.dpro.session.service

Class InternalSession

    • Field Detail

      • sessionProperties

        public Properties sessionProperties

    • Method Detail

      • setDebug

        public void setDebug​(Debug debug)
        The debug instance is not restored during deserialisation.
        Parameters:
        debug - Non null debug instance.

      • getID

        public SessionID getID()
        Returns the SessionID of this Internal Session.
        Specified by:
        getID in interface AMSession
        Returns:
        SessionID for the internal session object

      • getType

        public SessionType getType()
        Returns the type of Internal Session.
        Returns:
        USER or APPLICATION.

      • setType

        public void setType​(SessionType type)
        Set the type of Internal Session. User OR Application.
        Parameters:
        type - USER or APPLICATION.

      • getClientID

        public String getClientID()
        Returns Client ID, accessing this Internal Session.
        Returns:
        Client ID.

      • setClientID

        public void setClientID​(String id)
        Sets Client ID for this Internal Session.
        Parameters:
        id -

      • getClientDomain

        public String getClientDomain()
        Returns the Domain of the Client
        Returns:
        Client Domain

      • setClientDomain

        public void setClientDomain​(String domain)
        Sets the Clieant's Domain.
        Parameters:
        domain - Client Domain

      • getMaxSessionTime

        public long getMaxSessionTime()
        Returns maximum time allowed for the Internal Session.
        Returns:
        the number of maximum minutes for the session

      • setMaxSessionTime

        public void setMaxSessionTime​(long maxSessionTimeInMinutes)
        Sets the maximum time (in minutes) allowed for the Internal Session
        Parameters:
        maxSessionTimeInMinutes - Maximum Session Time

      • getMaxIdleTime

        public long getMaxIdleTime()
        Returns the maximum idle time(in minutes) for the Internal Session.
        Returns:
        the number maximum idle minutes

      • setMaxIdleTime

        public void setMaxIdleTime​(long maxIdleTimeInMinutes)
        Sets the maximum idle time (in minutes) for the Internal Session.
        Parameters:
        maxIdleTimeInMinutes -

      • getMaxCachingTime

        public long getMaxCachingTime()
        Returns the maximum caching time(in minutes) allowed for the Internal Session.
        Returns:
        Maximum Cache Time

      • setMaxCachingTime

        public void setMaxCachingTime​(long t)
        Sets the maximum caching time(in minutes) for the Internal Session.
        Parameters:
        t - Maximum Caching Time

      • getIdleTime

        public long getIdleTime()
        Returns the time(in seconds) for which the Internal Session has not been accessed.
        Returns:
        session idle time

      • getTimeLeft

        public long getTimeLeft()
        Returns the total time left(in seconds) for the Internal Session. Returns 0 if the time left is negative.
        Returns:
        Time left for the internal session to be invalid

      • isTimedOut

        public boolean isTimedOut()
        Returns true if the session has timed out due to idle/max timeout period.
        Returns:
        true if the Internal session has timedout , false otherwise

      • cacheCookieString

        public void cacheCookieString​(String cookieString)
        Cache the cookie string. No guarantees are made as to its continued persistence.
        Parameters:
        cookieString - The cookie string to persist.

      • getCachedCookieString

        public String getCachedCookieString()
        Returns the cached cookie string for this InternalSession. May be null.
        Returns:
        The cached cookie string. May be null.

      • getSessionID

        public SessionID getSessionID()
        Return the SessionID object which represents this InternalSession.
        Returns:
        The session ID.

      • getState

        public SessionState getState()
        Returns the state of the Internal Session
        Returns:
        the session state can be VALID, INVALID, INACTIVE or DESTROYED

      • getAuthContext

        public AuthContextLocal getAuthContext()
        Get the authentication context associated with this session.
        Returns:
        the AuthContextLocal associated with this session

      • hasAuthenticationContext

        public boolean hasAuthenticationContext()
        Gets whether this session has an associated authenticationContext.
        Returns:
        true if this session has an authentication context.

      • setAuthContext

        public void setAuthContext​(AuthContextLocal authContext)
        Sets the authentication context.
        Parameters:
        authContext - the authentication context

      • clearAuthContext

        public void clearAuthContext()
        Clears the authentication context from this session.

      • getProperty

        public String getProperty​(String key)
        Returns the value of the specified key from the Internal Session property table.
        Parameters:
        key - Property key
        Returns:
        string value for the key from Internal Session table.

      • getPropertyNames

        public Enumeration getPropertyNames()
        Returns the Enumeration of property names of the Internal Session property table.
        Returns:
        list of properties in the Internal session table.

      • isProtectedProperty

        public static boolean isProtectedProperty​(String key)
        Helper method to check if a property is protected or not. We introduce a mechanism to protect certain "core" or "internal" properties from updates via remote SetProperty method of the SessionService. Allowing remote self-updates to session properties leads to a security vulnerability which allows unconstrained user impersonation or privilege elevation. See bug # 4814922 for more information protectedProperties contains a set of property names which can not be remotely updated. It is initially populated using static initializer. We also implemented an extra safety mechanism intended to protect from accidental reopening of this security hole in the future if a property name changes or new property is introduced without corresponding update of the static hardcoded list of protected properties below. This mechanism automatically adds any property to protectedProperties if it is set via local invocation of putProperty. However, some properties (such as Locale and CharSet) must be settable both locally and remotely. In order to make it configurable we use a second table called remotelyUpdateableProperties. Note that protectedProperties takes precedence over remotelyUpdateableProperties: remotelyUpdateableProperties will be consulted only if a property is not on the protectedProperties list already. The following tables defines the behavior of putProperty() and putExternalProperty() depending on whether property name is present in protectedProperties or remotelyUpdateableProperty list protectedProperties remotelyUpdateableProperties putProperty() putExternalProperty() in n/a sets value logs, does nothing out in sets value sets value out out sets value and sets value adds to protectedProperty
        Parameters:
        key - property name.
        Returns:
        true if property is protected else false.

      • putExternalProperty

        public void putExternalProperty​(SSOToken clientToken,
                                String key,
                                String value)
                         throws SessionException
        Sets the key-value pair in the InternalSession property table if it is not protected. If it is protected client should have permission to set it. This method is to be used in conjuction with SessionRequestHandler/SessionService invocation path If the property is protected, an attempt to remotely set a protected property is logged and the method throws an Exception. Otherwise invocation is delegated to internalPutProperty() Note that package default access is being used
        Parameters:
        clientToken - Token of the client setting external property.
        key - Property key
        value - Property value for the key
        Throws:
        SessionException - is thrown if the key is protected property.

      • putProperty

        public void putProperty​(String key,
                        String value)
        Sets the key-value pair in the Internal Session property table. This method should only be invoked locally by code running in the same server VM. Remote invocations should use putExternalProperty(). This is a simple wrapper around internalPutProperty(), which in addition calls to registerProtectedProperty() to make sure that if a property key is not already on the list of protected properties, it will be automatically added there (unless it is also on remotelyUpdateableProperties list!)
        Parameters:
        key - Property key
        value - Property value for the key

      • setIsSessionUpgrade

        public void setIsSessionUpgrade​(boolean value)
        Sets the status of the isSessionUpgrade flag to which determines if the Session is in the upgrade state or not.
        Parameters:
        value - true if it is an upgrade false otherwise

      • getIsSessionUpgrade

        public boolean getIsSessionUpgrade()
        Gets the status of the Session if is an upgrade state
        Returns:
        true if the session is in upgrade state false otherwise

      • isStored

        public boolean isStored()
        Returns whether the InternalSession represented has been stored. If this is true, changes to this object will update the stored version. return true if the internal session is stored false otherwise

      • activate

        public boolean activate​(String userDN)
        Changes the state of the session to ACTIVE after creation.
        Parameters:
        userDN -
        Returns:
        true if the session is successfully activated after creation , false otherwise

      • getUUID

        public String getUUID()
        Gets the User Universal ID
        Returns:
        UUID

      • setNonExpiring

        public void setNonExpiring()
        Sets the willExpireFlag. This flag specify that whether the session will ever expire or not.

      • setTimedOutTime

        public void setTimedOutTime​(long timeoutTime)
        Sets session timeout time (in millis).
        Parameters:
        timeoutTime - The timeout time (in millis).

      • toSessionInfo

        public SessionInfo toSessionInfo​(boolean withIds)
        Transfers the info about the Internal Session to Session Info.
        Returns:
        SessionInfo

      • setLatestAccessTime

        public void setLatestAccessTime()
        Sets the last time the client sent a request associated with this session, as the number of seconds since midnight January 1, 1970 GMT. Once updated the Session will be persisted.

      • setState

        public void setState​(SessionState sessionState)
        Sets the SessionState of the Internal Session.
        Parameters:
        sessionState -

      • getSessionEventURLs

        public Map<String,​Set<SessionID>> getSessionEventURLs()
        Returns the URL of the Session events and the associated master and restricted token ids.
        Returns:
        Map of session event URLs and their associated SessionIDs.

      • addSessionEventURL

        public void addSessionEventURL​(String url,
                               SessionID sid)
        Adds a listener for the associated session ID.
        Parameters:
        url - The listening URL.
        sid - The associated SessionID.

      • willExpire

        public boolean willExpire()
        Returns the value of willExpireFlag.

      • isAppSession

        public boolean isAppSession()
        Determine whether it is an application session.
        Returns:
        true if this is an application session, false otherwise.

      • isUserSession

        public boolean isUserSession()
        Determine whether it is a user session.
        Returns:
        true if this is a user session, false otherwise.

      • setCreationTime

        public void setCreationTime()
        Sets the creation time of the Internal Session, as the number of seconds since midnight January 1, 1970 GMT.

      • addRestrictedToken

        public SessionID addRestrictedToken​(SessionID newRestrictedTokenId,
                                    TokenRestriction restriction)
        Add new restricted token pointing at the same session to the list.
        Parameters:
        newRestrictedTokenId - The session ID.
        restriction - The token restriction.
        Returns:
        The restricted token id for this TokenRestriction.

      • getRestrictionForToken

        public TokenRestriction getRestrictionForToken​(SessionID sid)
        Returns the TokenRestriction for the given SessionID.
        Parameters:
        sid - Possibly null SessionID.
        Returns:
        Null indicates there is no restriction on the Session.

      • getRestrictedTokenForRestriction

        public SessionID getRestrictedTokenForRestriction​(TokenRestriction restriction)
        Returns the SessionID of the restricted token for the provided restriction for this session.
        Parameters:
        restriction - restriction used to look up restricted token.
        Returns:
        restricted token sessionID.

      • getRestrictedTokens

        public Set<SessionID> getRestrictedTokens()
        Returns the set (possibly empty) of restricted session IDs associated with this session. A restricted session ID can only be used when the associated TokenRestriction is satisfied. Typically this ties a particular user session to only be used via a particular agent or from a particular IP address.

        The result is a copy of the current restricted token set: modifications to it will not change the set of restricted tokens associated with the session.

        Returns:
        the set of restricted tokens associated with this session. Never null but can be empty.

      • getCookieSupport

        public boolean getCookieSupport()
        Returns true if cookies are supported.
        Returns:
        true if cookie supported;

      • setCookieMode

        public void setCookieMode​(Boolean cookieMode)
        set the cookieMode based on whether the request has cookies or not. This method is called from createSSOToken(request) method in SSOTokenManager.
        Parameters:
        cookieMode - , Boolean value whether request has cookies or not.

      • setSessionHandle

        public void setSessionHandle​(String sessionHandle)
        Used during session deserialization. This method SHALL NOT be invoked by custom code.
        Parameters:
        sessionHandle - The sessionHandle to set.

      • getSessionHandle

        public String getSessionHandle()
        Returns the session handle.
        Returns:
        The session handle.

      • getExpirationTime

        public long getExpirationTime​(TimeUnit timeUnit)
        Computes session object expiration time as the smallest of the remaining idle time (or purge delay if the session has already timed out) or the session lifetime limit.

        Time value is returned in the requested unit (accurate to millisecond) and uses the same epoch as System.currentTimeMillis().

        Parameters:
        timeUnit - the time unit to return the result in.
        Returns:
        the result in the given units.

      • getMaxSessionExpirationTime

        public long getMaxSessionExpirationTime​(TimeUnit timeUnit)
        Returns time at which session's lifetime expires.

        Time value is returned in the requested unit (accurate to millisecond) and uses the same epoch as System.currentTimeMillis().

        Parameters:
        timeUnit - the time unit to return the result in.
        Returns:
        the result in the given units.
        See Also:
        getMaxSessionTime()

      • getMaxIdleExpirationTime

        public long getMaxIdleExpirationTime​(TimeUnit timeUnit)
        Returns time at which session's idle time expires.

        Time value is returned in the requested unit (accurate to millisecond) and uses the same epoch as System.currentTimeMillis().

        Parameters:
        timeUnit - the time unit to return the result in.
        Returns:
        the result in the given units.
        See Also:
        getMaxIdleTime()

      • isInvalid

        public boolean isInvalid()
        Returns:
        True if the Session has reached an invalid state.

      • notifyPersistenceManager

        public void notifyPersistenceManager()

      • getObject

        public Object getObject​(String key)
        Returns the value of the specified key from the internal object map.
        Parameters:
        key - the key whose associated value is to be returned
        Returns:
        internal object

      • removeObject

        public void removeObject​(String key)
        Removes the mapping for this key from the internal object map if present.
        Parameters:
        key - key whose mapping is to be removed from the map

      • setObject

        public void setObject​(String key,
                      Object value)
        Sets the key-value pair in the internal object map.
        Parameters:
        key - with which the specified value is to be associated
        value - to be associated with the specified key