Package com.sun.identity.authentication.client

Class AuthClientUtils

  • Direct Known Subclasses:
    AuthUtils
    public class AuthClientUtils
extends Object

    • Constructor Detail

      • AuthClientUtils

        protected AuthClientUtils()

    • Method Detail

      • parseRequestParameters

        public static Hashtable parseRequestParameters​(jakarta.servlet.http.HttpServletRequest request)

      • getLogoutCookie

        public static jakarta.servlet.http.Cookie getLogoutCookie​(SessionID sid,
                                                          String cookieDomain)
        Returns the Logout cookie.
        Parameters:
        sid - Session ID.
        cookieDomain - Cookie domain.
        Returns:
        logout cookie string.

      • getLogoutCookieString

        public static String getLogoutCookieString​(SessionID sid)
        Returns the encrpted Logout cookie string . The format of this cookie is: LOGOUT@protocol@servername@serverport@sessiondomain.
        Parameters:
        sid - the SessionID
        Returns:
        encrypted logout cookie string.

      • createCookie

        public static jakarta.servlet.http.Cookie createCookie​(String cookieValue,
                                                       String cookieDomain)
        Returns Cookie to be set in the response.
        Parameters:
        cookieValue - value of cookie
        cookieDomain - domain for which cookie will be set.
        Returns:
        Cookie object.

      • getQueryOrgName

        public static String getQueryOrgName​(jakarta.servlet.http.HttpServletRequest request,
                                     String org)

      • printCookies

        public static void printCookies​(jakarta.servlet.http.HttpServletRequest req)

      • printHash

        public static void printHash​(Hashtable reqParameters)

      • setlbCookie

        public static void setlbCookie​(jakarta.servlet.http.HttpServletRequest request,
                               jakarta.servlet.http.HttpServletResponse response)
                        throws AuthException
        Throws:
        AuthException

      • createCookie

        public static jakarta.servlet.http.Cookie createCookie​(String cookieName,
                                                       String cookieValue,
                                                       String cookieDomain)
        Creates a Cookie with the cookieName, cookieValue for the cookie domains specified.
        Parameters:
        cookieName - is the name of the cookie
        cookieValue - is the value fo the cookie
        cookieDomain - Domain for which the cookie is to be set.
        Returns:
        the cookie object.

      • clearlbCookie

        public static void clearlbCookie​(jakarta.servlet.http.HttpServletRequest request,
                                 jakarta.servlet.http.HttpServletResponse response)

      • getErrorMessage

        public static String getErrorMessage​(String errorCode)

      • getErrorTemplate

        public static String getErrorTemplate​(String errorCode)

      • checkForCookies

        public static boolean checkForCookies​(jakarta.servlet.http.HttpServletRequest req)

      • getOrigRedirectURL

        public static String getOrigRedirectURL​(jakarta.servlet.http.HttpServletRequest request,
                                        SessionID sessID)

      • addLogoutCookieToURL

        public static String addLogoutCookieToURL​(String url,
                                          String logoutCookie,
                                          boolean isCookieSupported)
        Adds Logout cookie to URL.
        Parameters:
        url - is the url to be rewritten with the logout cookie
        logoutCookie - is the logoutCookie String
        isCookieSupported - is a boolean which indicates whether cookie support is true or false
        Returns:
        URL with the logout cookie appended to it.

      • getSessionIDFromRequest

        public static SessionID getSessionIDFromRequest​(jakarta.servlet.http.HttpServletRequest request)
        Returns the Session ID for this request. If Authetnication Cookie and Valid AM Cookie are there and request method is GET then use Valid AM Cookie else use Auth Cookie. The cookie in the request for invalid sessions is in auth cookie, com.iplanet.am.auth.cookie, and for active/inactive sessions in com.iplanet.am.cookie.
        Parameters:
        request - HTTP Servlet Request.
        Returns:
        Session ID for this request.

      • newSessionArgExists

        public static boolean newSessionArgExists​(Hashtable reqDataHash)
        Returns true if the request has the arg=newsession query parameter.
        Parameters:
        reqDataHash - Request Data Hashtable. returns true if this parameter is present.

      • isContain

        public static boolean isContain​(String value,
                                String key)

      • checkSessionUpgrade

        public static boolean checkSessionUpgrade​(SSOToken ssoToken,
                                          Hashtable reqDataHash)

      • isSessionUpgradeOrForceAuth

        public static boolean isSessionUpgradeOrForceAuth​(jakarta.servlet.http.HttpServletRequest request)
        Tells whether the incoming request corresponds to a session upgrade or ForceAuth.
        Parameters:
        request - The incoming HttpServletRequest.
        Returns:
        true if the request corresponds to a session upgrade or ForceAuth, false otherwise.

      • getCookieURLForSessionUpgrade

        public static String getCookieURLForSessionUpgrade​(jakarta.servlet.http.HttpServletRequest request)

      • getCookieURL

        public static String getCookieURL​(SessionID sessionID)

      • isClientDetectionEnabled

        public static boolean isClientDetectionEnabled()

      • getClientType

        public static String getClientType​(jakarta.servlet.http.HttpServletRequest req)
        Returns the client type. If client detection is enabled then client type is determined by the ClientDetector class otherwise defaultClientType set in iplanet-am-client-detection-default-client-type is assumed to be the client type.
        Parameters:
        req - HTTP Servlet Request.
        Returns:
        client type.

      • getDefaultClientType

        public static String getDefaultClientType()
        Get default client

      • getDefaultProperty

        public static String getDefaultProperty​(String property)
        return the requested property for default client

      • getCharSet

        public static String getCharSet​(String clientType,
                                Locale locale)
        return the charset associated with the clientType

      • getFilePath

        public static String getFilePath​(String clientType)
        return the filePath associated with a clientType

      • getContentType

        public static String getContentType​(String clientType)
        return the contentType associated with a clientType if no contentType found then return the default

      • getCookieSupport

        public static String getCookieSupport​(String clientType)
        for url rewriting with session id we need to know whether cookies are supported RFE 4412286

      • isGenericHTMLClient

        public static boolean isGenericHTMLClient​(String clientType)
        determine if this client is an html client

      • isSetCookie

        public static boolean isSetCookie​(String clientType)

      • setCookieVal

        public static boolean setCookieVal​(String clientType,
                                   String value)

      • getCookieDetect

        public static boolean getCookieDetect​(String cookieSupport)
        Returns true if cookieDetect mode else false.
        Parameters:
        cookieSupport - , whether cookie is supported or not.
        Returns:
        true if cookieDetect mode else false

      • getClientURLFromString

        public static String getClientURLFromString​(String urlString,
                                            int index,
                                            jakarta.servlet.http.HttpServletRequest request)
        Extracts the client URL from the String passed URL passed is in the format clientType | URL
        Parameters:
        urlString - is a String , a URL
        index - is the position of delimiter "|"
        Returns:
        Returns the client URL.

      • isUrlRewrite

        public static boolean isUrlRewrite​(String clientType)

      • getDSAMEVersion

        public static String getDSAMEVersion()

      • isVersionHeaderEnabled

        public static boolean isVersionHeaderEnabled()

      • getAuthCookieName

        public static String getAuthCookieName()
        Returns the Auth Cookie Name.
        Returns:
        authCookieName, a String,the auth cookie name.

      • getDistAuthCookieName

        public static String getDistAuthCookieName()
        Returns the Dist Auth Cookie Name.
        Returns:
        authCookieName, a String, the dist auth cookie name.

      • getCookieName

        public static String getCookieName()

      • getlbCookieName

        public static String getlbCookieName()

      • getlbCookieValue

        public static String getlbCookieValue()

      • getCookieDomains

        public static Set<String> getCookieDomains()
        Return the set of cookie domains configured in Platform settings. Whenever possible, use getCookieDomainsForRequest(HttpServletRequest) instead.
        Returns:
        The set of configured cookie domains. May contain null.

      • getCookieDomainsForRequest

        public static Set<String> getCookieDomainsForRequest​(jakarta.servlet.http.HttpServletRequest request)
        Find the cookie domains from the cookie domain list based on the hostname of the incoming request.
        Parameters:
        request - HttpServletRequest request.
        Returns:
        Set of the matching cookie domains. May contain null.

      • getOrganizationDN

        public static String getOrganizationDN​(String orgParam,
                                       boolean noQueryParam,
                                       jakarta.servlet.http.HttpServletRequest request)

      • getDomainNameByRequest

        public static String getDomainNameByRequest​(jakarta.servlet.http.HttpServletRequest request,
                                            Map<String,​String> requestHash)
        This method determines the org parameter and determines the organization DN based on query parameters. The organization DN is determined based on the policy advice OR the query parameters "org" OR "domain" OR the server host name. For backward compatibility the orgname will be determined from requestURI in the case where either query params OR server host name are not valid and orgDN cannot be found. The orgDN is determined based on and in order,by the SDK: 1. OrgDN - organization dn. 2. Domain - check if org is a domain by trying to get domain component 3 Org path- check if the orgName passed is a path (eg."/suborg1") 4. URL - check if the orgName passed is a DNS alias (URL). 5. Policy Advice will be checked for realm advice, or realm component in the advice 6. If no orgDN is found null is returned.
        Parameters:
        request - HTTP Servlet Request object.
        requestHash - Query Hashtable.
        Returns:
        Organization DN.

      • getOrgParam

        public static String getOrgParam​(Map<String,​String> requestHash)
        Returns the org or domain parameter passed as a query in the request.
        Parameters:
        requestHash - Hashtable containing the query parameters
        Returns:
        organization name.

      • isValidFQDNRequest

        public static boolean isValidFQDNRequest​(String hostName)
        Returns true if the host name in the URL is valid.
        Parameters:
        hostName - Host name.
        Returns:
        true if the host name in the URL is valid.

      • getValidFQDNResource

        public static String getValidFQDNResource​(String partialHostName,
                                          jakarta.servlet.http.HttpServletRequest servletRequest)
        Returns the valid hostname from the fqdn map and constructs the correct URL. The request will be forwarded to the new URL.
        Parameters:
        partialHostName - Partial host name.
        servletRequest - HTTP Servlet Request.

      • getHostName

        public static String getHostName​(jakarta.servlet.http.HttpServletRequest servletRequest)

      • constructLoginURL

        public static String constructLoginURL​(jakarta.servlet.http.HttpServletRequest request)

      • URLencodedSunQueryParamsString

        protected static String URLencodedSunQueryParamsString​(String queryParams,
                                                       String encoding)
        This method takes in a String representing base64 decoded SunQueryParamsString and URL encodes all the parameters included in its value

      • getExistingValidSSOToken

        public static SSOToken getExistingValidSSOToken​(SessionID sessID)

      • isTimedOut

        public static boolean isTimedOut​(SessionID sessID)

      • isCookieSupported

        public static boolean isCookieSupported​(jakarta.servlet.http.HttpServletRequest req)

      • isCookieSet

        public static boolean isCookieSet​(jakarta.servlet.http.HttpServletRequest req)

      • createCookie

        public static jakarta.servlet.http.Cookie createCookie​(String name,
                                                       String value,
                                                       int maxAge,
                                                       String cookieDomain)

      • getCookieString

        public static jakarta.servlet.http.Cookie getCookieString​(AuthContext ac,
                                                          String cookieDomain)
        Returns the Cookie object created based on the cookieName, Session ID and cookieDomain. If AuthContext,/code> status is not SUCCESS then cookie is created with authentication cookie Name, else AM Cookie Name will be used to create cookie.
        Parameters:
        ac - the AuthContext object
        cookieDomain - the cookie domain for creating cookie.
        Returns:
        Cookie object.

      • encodeURL

        public static String encodeURL​(String url,
                               jakarta.servlet.http.HttpServletRequest request,
                               AuthContext ac)
        ( Returns URL with the cookie value in the URL. The cookie in the re-written URL will have the AM cookie if session is active/inactive and authentication cookie if session is invalid.
        Parameters:
        url - URL to be encoded.
        request - HTTP Servlet Request.
        ac - Authentication Context.
        Returns:
        the encoded URL.

      • getDefaultFileName

        public static String getDefaultFileName​(jakarta.servlet.http.HttpServletRequest request,
                                        String fileName,
                                        Locale locale,
                                        jakarta.servlet.ServletContext servletContext)
        Returns the resource based on the default values.
        Parameters:
        request - HTTP Servlet Request.
        fileName - name of the file
        locale - Locale used for the search.
        servletContext - Servlet Context for server
        Returns:
        Path to the resource.

      • getRootSuffix

        public static String getRootSuffix()

      • getFileRoot

        protected static String getFileRoot()

      • getResourceLocation

        public static String getResourceLocation​(String fileRoot,
                                         String localeName,
                                         String orgFilePath,
                                         String filePath,
                                         String filename,
                                         String templatePath,
                                         jakarta.servlet.ServletContext servletContext,
                                         jakarta.servlet.http.HttpServletRequest request)

      • getOrgFilePath

        public static String getOrgFilePath​(String orgDN)

      • getFileName

        public static String getFileName​(String fileName,
                                 String localeName,
                                 String orgDN,
                                 jakarta.servlet.http.HttpServletRequest servletRequest,
                                 jakarta.servlet.ServletContext servletContext,
                                 AuthContext.IndexType indexType,
                                 String indexName)
        Returns the File name based on the given input values.
        Parameters:
        fileName - Name of the file.
        localeName - Locale name.
        orgDN - Organization distinguished name.
        servletRequest - HTTP Servlet Request.
        servletContext - Servlet Context for server.
        indexType - AuthContext Index Type.
        indexName - index name associated with the index type.
        Returns:
        File name of the resource.

      • getAuthCookieValue

        public static String getAuthCookieValue​(jakarta.servlet.http.HttpServletRequest request)

      • getDomainNameByRequest

        public static String getDomainNameByRequest​(Map<String,​String> requestHash)
        Deprecated.
        use #getDomainNameByRequest( jakarta.servlet.http.HttpServletRequest, java.util.Map) instead.

      • getRealmFromPolicyAdvice

        public static String getRealmFromPolicyAdvice​(String advice)
        Parses the policy condition advice and checks for realm advices
        Parameters:
        advice - The policy advice XML
        Returns:
        realm defined in the policy advice, if defined - or nullđ
        Throws:
        IllegalArgumentException - if more than one realm is defined within the advice
        See Also:
        AMAuthUtils

      • isLocalServer

        public static boolean isLocalServer​(String cookieURL,
                                    boolean isServer)

      • isLocalServer

        public static boolean isLocalServer​(String cookieURL,
                                    String inputURI)

      • isServerMemberOfLocalSite

        public static boolean isServerMemberOfLocalSite​(String cookieURL)

      • sendAuthRequestToOrigServer

        public static Map<String,​Object> sendAuthRequestToOrigServer​(jakarta.servlet.http.HttpServletRequest request,
                                                                   jakarta.servlet.http.HttpServletResponse response,
                                                                   String cookieURL)
        Sends the request to the original Auth server and receives the result data.
        Parameters:
        request - HttpServletRequest to be sent
        response - HttpServletResponse to be received
        cookieURL - URL of the original authentication server to be connected
        Returns:
        HashMap of the result data from the original server's response

      • setServerCookie

        public static void setServerCookie​(jakarta.servlet.http.Cookie aCookie,
                                   jakarta.servlet.http.HttpServletRequest request,
                                   jakarta.servlet.http.HttpServletResponse response)
                            throws AuthException
        Sets server cookie to HttpServletResponse object
        Parameters:
        aCookie - auth context associated with lb cookie
        response - true if it is persistent
        Throws:
        AuthException - if it fails to create pcookie

      • setRedirectBackServerCookie

        public static void setRedirectBackServerCookie​(String cookieName,
                                               String cookieValue,
                                               jakarta.servlet.http.HttpServletRequest request,
                                               jakarta.servlet.http.HttpServletResponse response)
                                        throws AuthException
        Sets the redirectBackUrlCookie to be set as OpenAM server URL when redirecting to external web site during authentication process.
        Parameters:
        cookieName - auth context associated with lb cookie
        cookieValue - auth context associated with lb cookie
        response - true if it is persistent
        Throws:
        AuthException - if it fails to create this cookie

      • clearServerCookie

        public static void clearServerCookie​(String cookieName,
                                     jakarta.servlet.http.HttpServletRequest request,
                                     jakarta.servlet.http.HttpServletResponse response)
        Clears server cookie.
        Parameters:
        cookieName - Cookie Name.
        response - HTTP Servlet Response.

      • getQueryStrFromParameters

        public static String getQueryStrFromParameters​(Map paramMap)

      • persistAMCookie

        public static boolean persistAMCookie​(Hashtable reqDataHash)
        Checks whether OpenAM session cookie has to be made persistent. Only if value of true is providued for HTTP query parameter Constants.PERSIST_AM_COOKIE and this property is enabled or if persistent cookies are set globally. If either of these are true, AM session cookie will be made persistent
        Parameters:
        reqDataHash - http request parameters and values
        Returns:
        true if AM session cookie has to be made persistent, otherwise returns false

      • forceAuthFlagExists

        public static boolean forceAuthFlagExists​(Hashtable reqDataHash)
        Returns true if the request has the ForceAuth=true query parameter or composite advise.
        Returns:
        true if this parameter is present otherwise false.

      • checkForForcedAuth

        public static boolean checkForForcedAuth​(String xmlCompositeAdvice)
        Returns true if the composite Advice has the ForceAuth element
        Returns:
        true if this parameter is present otherwise false.

      • getServiceURI

        public static String getServiceURI()
        Returns the service URI
        Returns:
        a String the Service URI

      • setHostUrlCookie

        public static void setHostUrlCookie​(jakarta.servlet.http.HttpServletResponse response)

      • clearHostUrlCookie

        public static void clearHostUrlCookie​(jakarta.servlet.http.HttpServletResponse response)

      • isDistAuthServerTrusted

        public static boolean isDistAuthServerTrusted​(String distAuthServerLoginURL)

      • getResourceURL

        public static String getResourceURL​(jakarta.servlet.http.HttpServletRequest request)
        Returns the resource URL. The method checks value for "resourceURL" parameter first, if not present, checks value for "goto" parameter. If none exists, returns null.
        Parameters:
        request - HttpServletRequest object
        Returns:
        resourceURL based on the query parameters, returns null if resource URL could not be found.

      • getEnvMap

        public static Map getEnvMap​(jakarta.servlet.http.HttpServletRequest request)
        Returns an environment map which contains all query parameters and HTTP headers. Keys of the map are String, values of the map are Sets of String.
        Parameters:
        request - HttpServletRequest object.
        Returns:
        environment Map whose key is String, and value is Set of String.

      • unescapePipe

        public static String unescapePipe​(String text)
        Returns unescaped text. This method replaces "|" with "|".
        Parameters:
        text - String to be unescaped.
        Returns:
        unescape special character text.

      • escapePipe

        public static String escapePipe​(String text)
        Replaces | with "|".
        Returns:
        String with the special "|" character replaced with "|".

      • getDataFromRealmQualifiedData

        public static String getDataFromRealmQualifiedData​(String realmQualifedData)
        Returns the data from Realm qualified data. This could be authentication scheme or authentication level or service.
        Parameters:
        realmQualifedData - Realm qualified data. This could be Realm qualified authentication scheme or authentication level or service.
        Returns:
        String representing data. This could be authentication scheme or authentication level or service.

      • isZeroPageLoginAllowed

        public static boolean isZeroPageLoginAllowed​(ZeroPageLoginConfig config,
                                             jakarta.servlet.http.HttpServletRequest request)
        Determines whether Zero Page Login (ZPL) should be allowed for this request. This includes checking whether ZPL is enabled for this AuthContext and, if so, whether the HTTP Referer header on the request matches the ZPL whitelist. POST requests are always enabled, but are still subject to the Referer whitelist.
        Parameters:
        config - the ZPL configuration.
        request - the HTTP request.
        Returns:
        true if ZPL is allowed, otherwise false.