Examples of UserSession


Examples of com.cosmo.security.UserSession

    * @throws AuthenticationException
    * @throws AuthorizationException
    */
   public void createUserSession(User user) throws UserNotFoundException, AuthenticationException, AuthorizationException
   {
      this.usrSession = new UserSession(this, user);
   }
View Full Code Here

Examples of com.google.gsa.sessions.UserSession

        int statusCode = HttpServletResponse.SC_UNAUTHORIZED;
        boolean patternMatch = false;
        boolean rootIDExists = false;

        //UserSession
        UserSession userSession = null;

        //GSA cookie
        Cookie gsaAuthCookie = null;

        //Encoding support
        String newURL = null;

        //Try to avoid the double encoding problem
        try {
            newURL = URLDecoder.decode(url, ENCODING);
        } catch (IllegalArgumentException e) {
            logger.error("Illegal Argument when decoding/encoding URL");
            newURL = url;
        }
        URLUTF8Encoder encoder = new URLUTF8Encoder();
        url = encoder.encodeURL(new URL(newURL));

        //read vars
        if (valveConf != null) {
            //Set config vars
            setValveConf();

        } else {
            logger.error("Configuration error: Config file is not present");
            response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR,
                               "Configuration error - Kerberos is not set properly");
            return HttpServletResponse.SC_INTERNAL_SERVER_ERROR;
        }

        //set auth Cookie                               
        Cookie[] cookies = request.getCookies();

        //SAML
        if (cookies == null) {
            cookies = authCookies;
        }

        if (cookies != null) {
            logger.debug("authCookieName is: " + authCookieName);
            for (int i = 0; i < cookies.length; i++) {
                logger.debug("Cookie found: " + cookies[i].getName() +
                             "; value=" + cookies[i].getValue());
                if (cookies[i].getName().equals(authCookieName)) {
                    gsaAuthCookie = cookies[i];
                    logger.debug("Auth Cookie found!");
                    break;
                }
            }
        }

        //manage Sessions               
        if (isSessionEnabled) {
            logger.debug("Session is enabled. Getting session instance");
            try {

                //Session Support. Get Sessions instance           
                sessions = Sessions.getInstance();

                //Get user session
                userSession = manageSessions(gsaAuthCookie);

            } catch (nonValidSessionException nVS) {
                //throw Exception
                throw nVS;
            } catch (Exception e) {
                logger.error("Error when geting session: " + e.getMessage(),
                             e);
            }

        }


        //setting auth cookies
        if ((!isSessionEnabled) ||
            ((isSessionEnabled) && (sendCookies) && (!isSAML))) {
            //send auth cookies as those coming straight from the browser
            authCookies = request.getCookies();
        } else {
            //auth cookies are those that are in the session
            authCookies = userSession.getCookies();
        }

        logger.debug("Authz authorizing [" + url + "]");

View Full Code Here

Examples of com.google.gsa.sessions.UserSession

     *
     * @throws nonValidSessionException
     */
    public UserSession manageSessions(Cookie gsaAuthCookie) throws nonValidSessionException {

        UserSession userSession = null;

        logger.debug("ManageSessions method. Check if Session is enabled [" +
                     isSessionEnabled + "]");

        if (isSessionEnabled) {

            //check if the session is active
            logger.debug("The session is enabled");

            String userID = null;
            try {
                userID = URLDecoder.decode(gsaAuthCookie.getValue(), ENCODING);
            } catch (UnsupportedEncodingException e) {
                logger.error("Error during decoding Auth Cookie: " +
                             e.getMessage(), e);
                userID = gsaAuthCookie.getValue();
            }

            logger.debug("the userID has been read: " + userID);

            boolean isSessionInvalid = sessions.isSessionInvalid(userID);
            logger.debug("Session invalidity checked: " + isSessionInvalid);
            if (isSessionInvalid) {
                //protect this code
                synchronized (sessions) {
                    logger.debug("the session is invalid");
                    boolean doesSessionStillExist =
                        sessions.doesSessionExist(userID);
                    logger.debug("Session still exists: " +
                                 doesSessionStillExist);
                    if (doesSessionStillExist) {
                        logger.debug("the session does exists: let's delete it");
                        //delete Session
                        sessions.deleteSession(userID);
                    }

                    logger.debug("Setting session invalidity");
                    throw new nonValidSessionException("The session is invalid. It does not longer exists");
                }

            } //end session invalid

            //look for the existing session
            userSession = sessions.getUserSession(userID);
            if (userSession == null) {

                logger.error("User Session is not valid");
                throw new nonValidSessionException("The session does not exists");

            } else {
                if (isSessionEnabled) {
                    //update the last access
                    int sessionTimeout =
                        new Integer(valveConf.getSessionConfig().getSessionTimeout()).intValue();
                    if (sessionTimeout >= 0) {
                        long lastAccessTime = getCurrentTime();
                        if (lastAccessTime > 0) {
                            logger.debug("New access time: " + lastAccessTime);
                            userSession.setSessionLastAccessTime(lastAccessTime);
                            sessions.addSession(userID, userSession);
                        }
                    }
                }
            }
View Full Code Here

Examples of com.google.gsa.sessions.UserSession

       
        //user credentials
        Credentials creds = null;

        //User Session and Session ID vars definition
        UserSession userSession = null;
        String sessionID = null;
        String encodedSessionID = null;

        //Create the credentials store
        try {
            this.valveConf =
                    ValveConfigurationInstance.getValveConfig(gsaValveConfigPath);
        } catch (ValveConfigurationException e) {
            logger.error("Valve Config instantiation error: " + e);
        }

        logger.debug("Creating the credentials store");
        creds = new Credentials();
        String username = null;

        //Setting Valve parameters
        logger.debug("Setting Valve params");
        setValveParams(request);

        //Protection
        if ((!isKerberos) || (!isNegotiate)) {
            logger.error("Configuration error: if you want to use Kerberos silent AuthN, isKerberos and isNegotiate config vars have to be set to true");
            response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR,
                               "Configuration error - Kerberos is not set properly");
            return;
        }

        Cookie cookies[] = null;

        // Retrieve cookies
        cookies = request.getCookies();

        // Protection: look for auth and referer cookies
        if (cookies != null) {

            // Look for the referer cookie
            for (int i = 0; i < cookies.length; i++) {

                // Look for the referer cookie
                if ((cookies[i].getName()).equals(refererCookieName)) {

                    // Cache cookie
                    gsaRefererCookie = cookies[i];

                    logger.debug("Referer cookie already exists: " +
                                 gsaRefererCookie.getValue());


                } else {
                    // Look for the auth cookie
                    if ((cookies[i].getName()).equals(authCookieName)) {

                        // Cache cookie
                        gsaAuthCookie = cookies[i];

                        logger.debug("Auth cookie already exists: " +
                                     gsaAuthCookie.getValue());

                    }
                }

                if ((gsaRefererCookie != null) && (gsaAuthCookie != null)) {
                    // Exit
                    break;
                }

            }

        }

        // Protection
        if (!isSAML) {
            if (gsaRefererCookie == null) {

                // Raise error
                response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR,
                                   "The GSA authentication servlet couldn't read the referer cookie");

                // Log error
                logger.error("The GSA authentication servlet couldn't read the referer cookie, pls. check the cookie domain value");

                // Return
                return;

            }
        } else {
            //SAML

            //Get SAML Params
            relayState = request.getParameter("RelayState");
            samlRequest = request.getParameter("SAMLRequest");
            //String relayStateCookie = valveConf.getSAMLConfig().getRelayStateCookie();
            boolean noParams = false;
            boolean cookieExist = true;

            //Protection
            if ((relayState == null) || (relayState.equals(""))) {
                noParams = true;
            } else {
                if ((samlRequest == null) || (samlRequest.equals(""))) {
                    noParams = true;
                }
            }

            createRefererCookie(gsaRefererCookie);

            //if ((noParams)&&(!cookieExist)) {
            if (noParams) {
                response.sendError(HttpServletResponse.SC_BAD_REQUEST,
                                   "Invalid request");
                return;
            }
        }

        logger.debug("Let's validate if gsaAuthCookie is present");

        if (gsaAuthCookie != null) {

            if (!isSAML) {
                //redirect
                String redirect = gsaRefererCookie.getValue();

                logger.debug("redirect is " + redirect);
                //redirect only if the URL is different than the login one                   
                if (!redirect.equals(loginUrl)) {

                    //user properly authenticated
                    logger.debug("The user was properly authenticated. Lets redirect to..." +
                                 redirect);

                    // Redirect
                    response.sendRedirect(redirect);

                } else {
                    logger.debug("It's the login URL. No redirect");
                }
            } else {
                logger.debug("As this is SAML. Let's obviate the previous authentication cookie");
                gsaAuthCookie = null;
            }
        }

        userSession = new UserSession();

        Sessions sessions = Sessions.getInstance();
        sessions.setMaxSessionAgeMinutes(maxSessionAge);
        sessions.setSessionTimeoutMinutes(sessionTimeout);
View Full Code Here

Examples of com.google.gsa.sessions.UserSession

        //Session support
        if (isSessionEnabled) {

            logger.error("Session is enabled");
            UserSession userSession = new UserSession();
            userSession.setUserName(username);
            userSession.setSessionCreationTime(creationTime);
            userSession.setSessionLastAccessTime(creationTime);

            //Manage Cookies
            //add Auth Cookie to the authCookies vector
            authCookies.add(gsaAuthCookie);
            //add cookies to session
            userSession.setCookies(setCookieArray(authCookies));
            //add creds                   
            userSession.setUserCredentials(creds);

            if (isKerberos) {

                //get credentials
                boolean nonValidCred = getKrbCredentials(creds, userSession);
View Full Code Here

Examples of com.google.gsa.sessions.UserSession

        //Set Valve Config
        crawlSession.setValveConf(valveConf);

        //Get session
        logger.debug("Session ID to be seeked: " + credStr);
        UserSession userSession = crawlSession.getSession(credStr);

        //Check if session exists. If not, create/recreate it
        if (userSession == null) {

            resultCode =
                    crawlSession.authenticate(credStr, cred.getUsername(), httpRequest,
                                              httpResponse, authCookies, url,
                                              creds, credID);

            //Check resultCode
            if (resultCode != HttpServletResponse.SC_OK) {
                logger.error("Authentication result is not OK: " + resultCode);
                return resultCode;
            } else {
                userSession = crawlSession.getSession(credStr);
            }

        } else {

            //Check the session is valid
            if (!crawlSession.isValidSession(credStr)) {
                //reauthenticate
                resultCode =
                        crawlSession.reauthenticate(credStr, cred.getUsername(),
                                                    httpRequest, httpResponse,
                                                    authCookies, url, creds,
                                                    credID);

                //Check resultCode
                if (resultCode != HttpServletResponse.SC_OK) {
                    logger.error("Authentication result is not OK: " +
                                 resultCode);
                    return resultCode;
                } else {
                    userSession = crawlSession.getSession(credStr);
                }

            }
        }

        //Authorization
        AuthorizationProcessImpl authorizationProcessCls;
        try {
            authorizationProcessCls = setAuthorizationProcessImpl();
        } catch (ValveConfigurationException e) {
            logger.error("Valve configuration error: " + e.getMessage(), e);
            resultCode = HttpServletResponse.SC_INTERNAL_SERVER_ERROR;
            return resultCode;
        }

        if (authorizationProcessCls != null) {

            //Avoid HTML processing (URL rewriting)
            AuthorizationUtils.setProcessHTML(false);

            try {
                logger.debug("Authorization process [" + url + "]");
                //
                //Launch authorization process               
                resultCode =
                        authorizationProcessCls.authorize(httpRequest, httpResponse,
                                                          userSession.getCookies(),
                                                          url, credID);
                //Check if result is -1 (there is no pattern in the config file that matches with the URL)
                if (resultCode == -1) {
                    logger.debug("Auth pattern not found for such URL. Setting 401");
                    resultCode = HttpServletResponse.SC_UNAUTHORIZED;
View Full Code Here

Examples of com.google.gsa.sessions.UserSession

     *
     * @return the user session
     */
    public UserSession getSession(String sessionID) {

        UserSession userSession = null;

        if (sessions != null) {

            userSession = sessions.getUserSession(sessionID);

View Full Code Here

Examples of com.google.gsa.sessions.UserSession

                        CrawlingUtils.addCookie(authCookies, authnCookie);
                    }
                    //Prepare cookies to be included in the session
                    Cookie[] cookies =
                        CrawlingUtils.transformCookiesToArray(authCookies);
                    UserSession userSession =
                        createUserSession(userName, sessionCreationTime, creds,
                                          cookies);
                    createSession(sessionID, userSession);
                    logger.debug("Session created");
                }
View Full Code Here

Examples of com.google.gsa.sessions.UserSession

                    }
                    //Prepare cookies to be included in the session
                    Cookie[] cookies =
                        CrawlingUtils.transformCookiesToArray(authCookies);
                    //Create session
                    UserSession userSession =
                        createUserSession(userName, sessionCreationTime, creds,
                                          cookies);
                    createSession(sessionID, userSession);
                    logger.debug("Session created");
                }
View Full Code Here

Examples of com.google.gsa.sessions.UserSession

     * @return if the session is still valid or not
     */
    public boolean isValidSession(String sessionID) {

        boolean validSession = false;
        UserSession userSession = null;

        try {

            if (sessions != null) {
                userSession = sessions.getInstance().getUserSession(sessionID);
                if (userSession != null) {
                    logger.debug("User Session exists");
                    if (userSession.getValidSession()) {
                        if (timeout < 0) {
                            //if timeout is less than 0, the session is valid
                            validSession = true;
                        } else {
                            //check if it's still a valid session
View Full Code Here
TOP
Copyright © 2018 www.massapi.com. All rights reserved.
All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.