📄 defaultlogoncontroller.java
字号:
sessionId = cookies[i].getValue();
break;
}
}
if (sessionId != null) {
logonsBySessionId.put(sessionId, info);
} else
log.warn("Could not find session id using identifier " + sessionIdentifier + " in HTTP request");
} catch (Exception ex) {
log.warn("Failed to determine HTTP session id", ex);
}
addSession(logonTicket, info, request, response, user);
try {
if ("true".equals(CoreServlet.getServlet().getPropertyDatabase().getProperty(0, null,
"security.session.lockSessionOnBrowserClose"))) {
if (log.isInfoEnabled())
log.info("New session - will force the user to authenticate again");
request.getSession().setAttribute(Constants.SESSION_LOCKED, user);
}
} catch (Exception e) {
log.warn("Failed to set session lock.", e);
}
// If we had a pending VPN session then reconfigure the http session
if (pendingVPNSessionTicketsByLogon.containsKey(logonTicket)) {
request.getSession().setAttribute(Constants.VPN_AUTHORIZATION_TICKET, pendingVPNSessionTicketsByLogon.get(logonTicket));
//
request.getSession().setAttribute(Constants.VPN_AUTOSTART, Boolean.FALSE);
}
}
public void addSession(String logonTicket, SessionInfo info, HttpServletRequest request, HttpServletResponse response, User user) {
logons.put(logonTicket, info);
addCookies(new ServletRequestAdapter(request), new ServletResponseAdapter(response), logonTicket, user);
}
public void addCookies(RequestHandlerRequest request, RequestHandlerResponse response, String logonTicket, User user) {
/**
* Set the normal logon ticket without a domain - this works in almost
* all circumstances
*/
Cookie cookie = new Cookie(Constants.LOGON_TICKET, logonTicket);
try {
cookie.setMaxAge(Integer.parseInt(CoreServlet.getServlet().getPropertyDatabase().getProperty(0, null,
"security.session.maxCookieAge")));
} catch (Exception e) {
log.error(e);
cookie.setMaxAge(900);
}
cookie.setPath("/");
cookie.setSecure(true);
response.addCookie(cookie);
/**
* Set a logon ticket for the domain - this is require to make active
* dns work.
*/
Cookie cookie2 = new Cookie(Constants.DOMAIN_LOGON_TICKET, logonTicket);
try {
cookie2.setMaxAge(Integer.parseInt(CoreServlet.getServlet().getPropertyDatabase().getProperty(0, null,
"security.session.maxCookieAge")));
} catch (Exception e) {
log.error(e);
cookie2.setMaxAge(900);
}
cookie2.setPath("/");
// We now set the domain on the cookie so the new Active DNS feature for
// Reverse Proxy works correctly
String host = request.getField("Host");
if (host != null) {
HostService hostService = new HostService(host);
cookie2.setDomain(hostService.getHost());
}
cookie2.setSecure(true);
response.addCookie(cookie2);
/**
* LDP - This code was not setting the domain on the ticket. I've
* converted to the new format of having two seperate tickets to ensure
* tickets are sent across domains
*/
/*
* Cookie cookie = new Cookie(Constants.LOGON_TICKET, logonTicket); try {
* cookie.setMaxAge(Integer.parseInt(CoreServlet.getServlet().getPropertyDatabase().getProperty(0,
* null, "security.session.maxCookieAge"))); if
* ("true".equals(CoreServlet.getServlet().getPropertyDatabase().getProperty(0,
* null, "security.session.lockSessionOnBrowserClose"))) {
* if (log.isInfoEnabled())
* log.info("New
* session - will force the user to authenticate again"); //
* initialiseSession(request.getSession(), user); // List profiles = //
* CoreServlet.getServlet().getPropertyDatabase().getPropertyProfiles(user.getUsername(), //
* false); // request.getSession().setAttribute(Constants.PROFILES, //
* profiles);
* request.getSession().setAttribute(Constants.SESSION_LOCKED, user); } }
* catch (Exception e) { log.error(e); cookie.setMaxAge(900); }
* cookie.setPath("/"); cookie.setSecure(true);
* response.addCookie(cookie);
*/
//
}
private SessionInfo addLogonTicket(HttpServletRequest request, HttpServletResponse response, User user, InetAddress address,
int sessionType) {
String logonTicket = TicketGenerator.getInstance().generateUniqueTicket("SLX");
if (log.isInfoEnabled())
log.info("Adding logon ticket to session " + request.getSession().getId());
request.getSession().setAttribute(Constants.LOGON_TICKET, logonTicket);
request.setAttribute(Constants.LOGON_TICKET, logonTicket);
String userAgent = request.getHeader("User-Agent");
SessionInfo info = SessionInfo.nextSession(request.getSession(), logonTicket, user, address, sessionType, userAgent);
try {
String sessionIdentifier = System.getProperty("sslexplorer.cookie", "JSESSIONID");
String sessionId = null;
Cookie[] cookies = request.getCookies();
for (int i = 0; cookies != null && i < cookies.length; i++) {
if (cookies[i].getName().equalsIgnoreCase(sessionIdentifier)) {
sessionId = cookies[i].getValue();
break;
}
}
if (sessionId != null) {
logonsBySessionId.put(sessionId, info);
} else
log.warn("Could not find session id using identifier " + sessionIdentifier + " in HTTP request");
} catch (Exception ex) {
log.warn("Failed to determine HTTP session id", ex);
}
logons.put(logonTicket, info);
/**
* Set the normal logon ticket without a domain - this works in almost
* all circumstances
*/
Cookie cookie = new Cookie(Constants.LOGON_TICKET, logonTicket);
try {
cookie.setMaxAge(Integer.parseInt(CoreServlet.getServlet().getPropertyDatabase().getProperty(0, null,
"security.session.maxCookieAge")));
} catch (Exception e) {
log.error(e);
cookie.setMaxAge(900);
}
cookie.setPath("/");
cookie.setSecure(true);
response.addCookie(cookie);
/**
* Set a logon ticket for the domain - this is require to make active
* dns work.
*/
Cookie cookie2 = new Cookie(Constants.DOMAIN_LOGON_TICKET, logonTicket);
try {
cookie2.setMaxAge(Integer.parseInt(CoreServlet.getServlet().getPropertyDatabase().getProperty(0, null,
"security.session.maxCookieAge")));
} catch (Exception e) {
log.error(e);
cookie2.setMaxAge(900);
}
cookie2.setPath("/");
// We now set the domain on the cookie so the new Active DNS feature for
// Reverse Proxy works correctly
String host = request.getHeader("Host");
if (host != null) {
HostService hostService = new HostService(host);
cookie2.setDomain(hostService.getHost());
}
cookie.setSecure(true);
response.addCookie(cookie2);
return info;
}
public VPNSession getVPNSession(HttpServletRequest request) {
return getVPNSessionByTicket(request.getParameter("ticket"));
}
public boolean verifyPendingVPNAuthorization(String ticket) {
return pendingVPNSessionsByTicket.containsKey(ticket);
}
public boolean verifyPendingVPNAuthorization(HttpServletRequest request) {
return verifyPendingVPNAuthorization(request.getParameter("ticket"));
}
public void unlockUser(String username) {
if (log.isInfoEnabled())
log.info("Unlocking user " + username);
lockedUsers.remove(username);
}
public void waitForFirstClientHearbeat(HttpServletRequest request) throws Exception {
VPNSession session = getPrimaryVPNSession(getVPNSessionsByLogon(request));
if (session != null && session.getFirstAccessTime() == -1) {
int seconds = 0;
while (seconds < 15) {
Thread.sleep(1000);
seconds++;
if (session.getFirstAccessTime() != -1) {
return;
}
}
throw new Exception("A SSL-Explorer Agent has been started but has not yet sent its first heartbeat. "
+ "If the client is running, this may be due to network problems.");
}
}
/**
* @param request
* @param response
* @param scheme
*/
public void logon(HttpServletRequest request, HttpServletResponse response, AuthenticationScheme scheme) throws Exception {
User user = scheme.getUser();
// Check logon is currently allowed
String logonNotAllowedReason = CoreServlet.getServlet().getLogonController().checkLogonAllowed(user.getPrincipalName());
if (logonNotAllowedReason != null) {
log.warn("Logon not allowed because '" + logonNotAllowedReason + "'");
throw new Exception(logonNotAllowedReason);
}
if (log.isInfoEnabled()) {
log.info("Session logon ticket is " + (String) request.getSession().getAttribute(Constants.LOGON_TICKET));
log.info("Logging on " + scheme.getUsername() + " for scheme " + scheme.getSchemeName());
}
// Sucessful login, remove any locks
unlockUser(scheme.getUsername());
String host = (request.isSecure() || System.getProperty("jetty.force.HTTPSRedirect", "false").equals("true") ? "https" : "http") + "://" + request.getHeader(HttpConstants.HDR_HOST);
request.getSession().setAttribute(Constants.HOST, host);
SessionInfo info = null;
boolean fireEvent = false;
if (request.getSession().getAttribute(Constants.SESSION_LOCKED) == null) {
InetAddress address = InetAddress.getByName(request.getRemoteAddr());
int sessionType = SessionInfo.getSessionTypeForUserAgent(request.getHeader("User-Agent"));
checkForMultipleSessions(user, address, sessionType);
info = addLogonTicket(request, response, user, address, sessionType);
setupVPNSession(request, info);
fireEvent = true;
}
// Initialise the session
initialiseSession(request.getSession(), user, false);
// Build the menus
CoreUtil.resetMainNavigation(request.getSession());
char[] pw = getPasswordFromCredentials(scheme);
String mode = CoreServlet.getServlet().getPropertyDatabase().getProperty(0, null, "security.privateKeyMode");
if (!mode.equals("disabled")) {
try {
PublicKeyStore.getInstance().verifyPrivateKey(user, pw);
/*
* Reload the users attributes now that the key is initialised
* so that confidential attributes are loaded
*/
CoreServlet.getServlet().getUserDatabase().loadAttributes(user);
} catch (PromptForPasswordException e) {
CoreUtil.addPageInterceptListener(request.getSession(), new PromptForPrivateKeyPassphraseInterceptListener());
} catch (UpdatePrivateKeyPassphraseException e) {
if (mode.equals("prompt")) {
CoreUtil.addPageInterceptListener(request.getSession(), new PromptForPrivateKeyPassphraseInterceptListener());
} else {⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -