📄 defaultlogoncontroller.java
字号:
// Get the current lock (if any)
AccountLock lock = "true".equals(System.getProperty("sslexplorer.recoveryMode", "false")) ? null
: (AccountLock) lockedUsers.get(username);
// If the user is currently locked, check if the lock has expired yeet
if (lock != null && maxLogonAttemptsBeforeLock > 0 && lockDuration > 0 && lock.getLockedTime() != -1) {
long expires = lock.getLockedTime() + (1000 * lockDuration);
long now = System.currentTimeMillis();
if (now < expires) {
throw new AccountLockedException("Account temporarily locked. Please try later.", false, expires - now);
}
// There was a lock, it is now expired
lock.setAttempts(0);
lock.setLockedTime(-1);
}
return lock;
}
public User doClientLogon(String username, String password) throws UserDatabaseException, InvalidLoginCredentialsException,
AccountLockedException {
// Get the user lockout policy
int maxLogonAttemptsBeforeLock = 0;
int maxLocksBeforeDisable = 0;
int lockDuration = 0;
try {
maxLogonAttemptsBeforeLock = Integer.parseInt(CoreServlet.getServlet().getPropertyDatabase().getProperty(0, null,
"security.maxLogonAttemptsBeforeLock"));
maxLocksBeforeDisable = Integer.parseInt(CoreServlet.getServlet().getPropertyDatabase().getProperty(0, null,
"security.maxLocksBeforeDisable"));
lockDuration = Integer.parseInt(CoreServlet.getServlet().getPropertyDatabase().getProperty(0, null,
"security.lockDuration"));
} catch (Exception e) {
throw new UserDatabaseException("Failed to determine password lockout policy.", e);
}
// Get the current lock (if any)
AccountLock lock = "true".equals(System.getProperty("sslexplorer.recoveryMode", "false")) ? null
: (AccountLock) lockedUsers.get(username);
// If the user is currently locked, check if the lock has expired yeet
if (lock != null && maxLogonAttemptsBeforeLock > 0 && lockDuration > 0 && lock.getLockedTime() != -1) {
long expires = lock.getLockedTime() + (1000 * lockDuration);
long now = System.currentTimeMillis();
if (now < expires) {
throw new AccountLockedException("Account temporarily locked. Please try later.", false, expires - now);
}
// There was a lock, it is now expired
lock.setAttempts(0);
lock.setLockedTime(-1);
}
try {
User user = CoreServlet.getServlet().getUserDatabase().logon(username, password);
// Sucessful login, remove any locks
unlockUser(username);
return user;
} catch (InvalidLoginCredentialsException ilce) {
if (lock == null && maxLogonAttemptsBeforeLock > 0 && lockDuration > 0) {
lock = createLock(username);
}
if (lock != null) {
lock.setAttempts(lock.getAttempts() + 1);
if (lock.getAttempts() >= maxLogonAttemptsBeforeLock) {
lock.setLocks(lock.getLocks() + 1);
if (lock.getLocks() >= maxLocksBeforeDisable) {
try {
// Disable the user
User user = CoreServlet.getServlet().getUserDatabase().getAccount(username);
if (PolicyUtil.isEnabled(user)) {
PolicyUtil.setEnabled(user, false, lock, null);
}
} catch (Exception e) {
log.error(e);
}
throw new AccountLockedException("Account disabled, please contact your administrator.", true, 0);
} else {
lock.setLockedTime(System.currentTimeMillis());
throw new AccountLockedException("Account temporarily locked. Please try later.", false,
lockDuration * 1000);
}
}
}
throw ilce;
} catch (AccountLockedException ale) {
throw ale;
} catch (Exception e) {
throw new UserDatabaseException("Failed to logon. ", e);
}
}
public void logonFailed(String username, AccountLock lock) throws AuthenticationException, AccountLockedException {
// Get the user lockout policy
int maxLogonAttemptsBeforeLock = 0;
int maxLocksBeforeDisable = 0;
int lockDuration = 0;
try {
maxLogonAttemptsBeforeLock = Integer.parseInt(CoreServlet.getServlet().getPropertyDatabase().getProperty(0, null,
"security.maxLogonAttemptsBeforeLock"));
maxLocksBeforeDisable = Integer.parseInt(CoreServlet.getServlet().getPropertyDatabase().getProperty(0, null,
"security.maxLocksBeforeDisable"));
lockDuration = Integer.parseInt(CoreServlet.getServlet().getPropertyDatabase().getProperty(0, null,
"security.lockDuration"));
} catch (Exception e) {
throw new AuthenticationException("Failed to determine password lockout policy.", e);
}
if (lock == null && maxLogonAttemptsBeforeLock > 0 && lockDuration > 0) {
lock = createLock(username);
}
if (lock != null) {
lock.setAttempts(lock.getAttempts() + 1);
if (lock.getAttempts() >= maxLogonAttemptsBeforeLock) {
lock.setLocks(lock.getLocks() + 1);
if (lock.getLocks() >= maxLocksBeforeDisable) {
try {
// Disable the user
User user = CoreServlet.getServlet().getUserDatabase().getAccount(username);
if (PolicyUtil.isEnabled(user)) {
PolicyUtil.setEnabled(user, false, lock, null);
}
} catch (Exception e) {
log.error(e);
}
throw new AccountLockedException("Account disabled, please contact your administrator.", true, 0);
} else {
lock.setLockedTime(System.currentTimeMillis());
throw new AccountLockedException("Account temporarily locked. Please try later.", false, lockDuration * 1000);
}
}
}
}
public void removeVPNClient(VPNSession session) {
synchronized (activeVPNSessionsByTicket) {
activeVPNSessionsByTicket.remove(session.getVPNTicket());
if (activeVPNSessionsByLogon.containsKey(session.getSessionInfo().getLogonTicket())) {
List sessions = (List) activeVPNSessionsByLogon.get(session.getSessionInfo().getLogonTicket());
sessions.remove(session);
if (sessions.size() == 0) {
activeVPNSessionsByTicket.remove(session.getSessionInfo().getLogonTicket());
}
}
}
}
public void logoff(String ticket) {
if (log.isInfoEnabled())
log.info("Logging off " + ticket);
SessionInfo session = (SessionInfo) logons.remove(ticket);
List vpnSessions = (List) activeVPNSessionsByLogon.get(ticket);
if (vpnSessions != null) {
List l = new ArrayList(vpnSessions);
for (Iterator i = l.iterator(); i.hasNext();) {
deregisterVPNClient((VPNSession) i.next());
}
}
List ticketsToRemove = new ArrayList();
synchronized (pendingVPNSessionsByTicket) {
for (Iterator it = pendingVPNSessionsByTicket.entrySet().iterator(); it.hasNext();) {
Map.Entry entry = (Map.Entry) it.next();
if (((VPNSession) entry.getValue()).getSessionInfo().getLogonTicket().equals(ticket)) {
ticketsToRemove.add(entry.getKey());
}
}
for (Iterator i = ticketsToRemove.iterator(); i.hasNext();) {
Object key = i.next();
pendingVPNSessionsByTicket.remove(key);
}
}
synchronized (logonsBySessionId) {
for (Iterator it = logonsBySessionId.entrySet().iterator(); it.hasNext();) {
Map.Entry entry = (Map.Entry) it.next();
if (((SessionInfo) entry.getValue()).getLogonTicket().equals(ticket)) {
ticketsToRemove.add(entry.getKey());
}
}
for (Iterator i = ticketsToRemove.iterator(); i.hasNext();) {
Object key = i.next();
logonsBySessionId.remove(key);
}
}
pendingVPNSessionTicketsByLogon.remove(ticket);
CoreServlet.getServlet().fireCoreEvent(new CoreEvent(this, CoreEventConstants.LOGOFF, null, session));
}
public VPNSession getPrimaryVPNSession(List vpnSessions) {
if (vpnSessions == null) {
return null;
}
for (Iterator i = vpnSessions.iterator(); i.hasNext();) {
VPNSession session = (VPNSession) i.next();
if (session.getClientPort() != -1) {
return session;
}
}
return null;
}
public String setupVPNSession(HttpServletRequest request, SessionInfo sessionInfo) throws InvalidTicketException {
String ticket;
/*
* BPS - Mr painter, dont whats going wrong but this is causing 'Client
* sync. failed' messages.
*/
// if(System.getProperty("sslexplorer.useDevConfig")!=null &&
// System.getProperty("sslexplorer.useDevConfig").equalsIgnoreCase("true"))
// {
// ticket = "PST_VPN_CLIENT_DEBUG_MODE";
// } else {
ticket = TicketGenerator.getInstance().generateUniqueTicket("PST");
if (log.isDebugEnabled())
log.debug("Generated new pending VPN session ticket " + ticket);
VPNSession session = new VPNSession(sessionInfo);
pendingVPNSessionsByTicket.put(ticket, session);
pendingVPNSessionTicketsByLogon.put(sessionInfo.getLogonTicket(), ticket);
sessionInfo.getHttpSession().setAttribute(Constants.VPN_AUTHORIZATION_TICKET, ticket);
try {
sessionInfo.getHttpSession().setAttribute(
Constants.VPN_AUTOSTART,
CoreServlet.getServlet().getPropertyDatabase().getProperty(
CoreUtil.getCurrentPropertyProfileId(request.getSession()), sessionInfo.getUser().getPrincipalName(),
"client.autoStart"));
} catch (Exception e) {
throw new InvalidTicketException(e.getMessage());
}
return ticket;
}
public VPNSession getVPNSessionByTicket(String ticket) {
return (VPNSession) activeVPNSessionsByTicket.get(ticket);
}
public List getVPNSessionsByLogon(HttpServletRequest request) {
return getVPNSessionsByLogon((String) request.getSession().getAttribute(Constants.LOGON_TICKET));
}
public List getVPNSessionsByLogon(String ticket) {
return (List) activeVPNSessionsByLogon.get(ticket);
}
public VPNSession getPendingVPNSession(HttpServletRequest request) {
return getPendingVPNSession(request.getParameter("ticket"));
}
public VPNSession getPendingVPNSession(String ticket) {
return (VPNSession) pendingVPNSessionsByTicket.get(ticket);
}
public Map getActiveSessions() {
return logons;
}
public void deregisterVPNClient(VPNSession vpnSession) throws IllegalStateException {
if (log.isDebugEnabled())
log.debug("De-registering SSL-Explorer Agent " + vpnSession.getSessionInfo().getId());
synchronized (activeVPNSessionsByTicket) {
if (!activeVPNSessionsByTicket.containsKey(vpnSession.getVPNTicket())) {
throw new IllegalStateException(vpnSession.getVPNTicket() + " is not an active VPN session ticket");
} else {
// Take down any tunnels
if (log.isDebugEnabled())
log.debug("Taking down " + vpnSession.getListeningSockets().size() + " tunnels");
for (Iterator i = vpnSession.getListeningSockets().iterator(); i.hasNext();) {
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -