8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Copyright (c) 2005 Sun Microsystems Inc. All Rights Reserved
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * The contents of this file are subject to the terms
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * of the Common Development and Distribution License
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * (the License). You may not use this file except in
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * compliance with the License.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * You can obtain a copy of the License at
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * https://opensso.dev.java.net/public/CDDLv1.0.html or
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * See the License for the specific language governing
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * permission and limitations under the License.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * When distributing Covered Code, include this CDDL
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Header Notice in each file and include the License file
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * If applicable, add the following below the CDDL Header,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * with the fields enclosed by brackets [] replaced by
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * your own identifying information:
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * "Portions Copyrighted [year] [name of copyright owner]"
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * $Id: AMAuthLevelManager.java,v 1.3 2008/06/25 05:41:51 qcheng Exp $
e6c3a72a023407f5d1fface64356e1cc81f1af31Phill Cunnington * Portions Copyrighted 2012-2016 ForgeRock AS.
6cca41916c5a9e6c4706f3aaf0e2291b8c727b9bNeil Maddenimport static java.util.Collections.synchronizedMap;
6cca41916c5a9e6c4706f3aaf0e2291b8c727b9bNeil Maddenimport com.sun.identity.authentication.service.AuthD;
6cca41916c5a9e6c4706f3aaf0e2291b8c727b9bNeil Maddenimport com.sun.identity.authentication.service.AuthUtils;
6cca41916c5a9e6c4706f3aaf0e2291b8c727b9bNeil Maddenimport com.sun.identity.authentication.util.ISAuthConstants;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport com.sun.identity.shared.datastruct.CollectionHelper;
6cca41916c5a9e6c4706f3aaf0e2291b8c727b9bNeil Maddenimport com.sun.identity.sm.ServiceNotFoundException;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Manager for module authentication level, this class provides methods to
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * retrieve modules which satisfied specific authentication level requirement.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * It keeps a cache copy of all module authentication level for all
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * organizations, and implements <code>ServiceListener</code> so the cache
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * could be updated when changes happened.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterpublic class AMAuthLevelManager implements ServiceListener {
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major private static volatile AMAuthLevelManager instance = null;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * listener Map for the auth modules, key is the module name,
6cca41916c5a9e6c4706f3aaf0e2291b8c727b9bNeil Madden * value is a ListenerMapEntry which contain the <code>ServiceSchemaManager</code>,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * listener ID, <code>ServiceConfigmanager</code> and listener ID.
6cca41916c5a9e6c4706f3aaf0e2291b8c727b9bNeil Madden private final Map<String, ListenerMapEntry> listenerMap = synchronizedMap(new HashMap<String, ListenerMapEntry>());
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Map to hold authentication level for all organizations. Map of
6cca41916c5a9e6c4706f3aaf0e2291b8c727b9bNeil Madden * organization DN to a map of authentication module name (String) to
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * module authentication level(Integer).
6cca41916c5a9e6c4706f3aaf0e2291b8c727b9bNeil Madden private static final ConcurrentMap<String, Map<String, Integer>> authLevelMap = new ConcurrentHashMap<>();
6cca41916c5a9e6c4706f3aaf0e2291b8c727b9bNeil Madden * Map from service name to module name.
6cca41916c5a9e6c4706f3aaf0e2291b8c727b9bNeil Madden private static final ConcurrentMap<String, String> moduleServiceMap = new ConcurrentHashMap<>();
6cca41916c5a9e6c4706f3aaf0e2291b8c727b9bNeil Madden * Map from global module name to auth level.
6cca41916c5a9e6c4706f3aaf0e2291b8c727b9bNeil Madden private static final Map<String, Integer> globalAuthLevelMap = new ConcurrentHashMap<>();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Map of service name to authentication config name. This is the map to
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * register all auth configuration names which are affected by the service
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * changes. Upon notification on the service change, the listened
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * authentication configuration need to be checked.
6cca41916c5a9e6c4706f3aaf0e2291b8c727b9bNeil Madden private static final Map<String, Set<String>> authConfigListenerMap =
6cca41916c5a9e6c4706f3aaf0e2291b8c727b9bNeil Madden synchronizedMap(new HashMap<String, Set<String>>());
6cca41916c5a9e6c4706f3aaf0e2291b8c727b9bNeil Madden private static final String CORE_AUTH = "iPlanetAMAuthService";
6cca41916c5a9e6c4706f3aaf0e2291b8c727b9bNeil Madden private static final Debug debug = Debug.getInstance("amAuthConfig");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Constructor
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Returns manager instance.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @return <code>AMAuthLevelManager</code>.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public static AMAuthLevelManager getInstance() {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster synchronized (AMAuthLevelManager.class) {
6cca41916c5a9e6c4706f3aaf0e2291b8c727b9bNeil Madden private void registerListener(String serviceName, Map<String, ListenerMapEntry> newMap) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // register listener for the specified service
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // check if the listener for the service is registered already
6cca41916c5a9e6c4706f3aaf0e2291b8c727b9bNeil Madden ListenerMapEntry entry = listenerMap.remove(serviceName);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster debug.message("initialize, existing " + serviceName);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // create new listener
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster debug.error("can't add listener for " + serviceName, e);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Reads the <code>iplanet-am-auth-authenticators</code> attribute.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Adds listener to <code>iPlanetAMAuthService</code>,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * <code>iPlanetAMAuthConfiguration</code> and all login modules.
6cca41916c5a9e6c4706f3aaf0e2291b8c727b9bNeil Madden final Map<String, ListenerMapEntry> newMap = new HashMap<>();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // register listener for iPlanetAMAuthService
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // register listener for iPlanetAMAuthConfiguration
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster registerListener(AMAuthConfigUtils.SERVICE_NAME, newMap);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // get All auth modules
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster Iterator it = AuthD.getAuth().getAuthenticators();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // register all listeners from it
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // check if the listener for the module is registered already
6cca41916c5a9e6c4706f3aaf0e2291b8c727b9bNeil Madden ListenerMapEntry entry = listenerMap.remove(moduleName);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster debug.message("initialize, existing " + moduleName);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // create new listener
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // this is OK since some modules might not have
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // xml config defined
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster debug.message("authlevel, add service listener," +
6cca41916c5a9e6c4706f3aaf0e2291b8c727b9bNeil Madden moduleServiceMap.putIfAbsent(moduleServiceName, moduleName);
6cca41916c5a9e6c4706f3aaf0e2291b8c727b9bNeil Madden // get organization schema auth level for module
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // remove listeners remains in listenerMap : module removed
6cca41916c5a9e6c4706f3aaf0e2291b8c727b9bNeil Madden for (ListenerMapEntry entry : listenerMap.values()) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // reassign map
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster synchronized (listenerMap) {
6cca41916c5a9e6c4706f3aaf0e2291b8c727b9bNeil Madden private ListenerMapEntry addServiceListener(String service) throws SMSException, SSOException {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster debug.message("addServiceListener for " + service);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // add Service Schema Listener
6cca41916c5a9e6c4706f3aaf0e2291b8c727b9bNeil Madden ssm = new ServiceSchemaManager(service, AuthD.getAuth().getSSOAuthSession());
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // service not defined, this is OK, since Application/Cert
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // module does not define any xml file
6cca41916c5a9e6c4706f3aaf0e2291b8c727b9bNeil Madden String schemaListenerId = ssm.addListener(this);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // add Service Config Manager
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // service not defined, this is OK, since Application/Cert
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // module does not define any xml file
6cca41916c5a9e6c4706f3aaf0e2291b8c727b9bNeil Madden String configListenerId = scm.addListener(this);
6cca41916c5a9e6c4706f3aaf0e2291b8c727b9bNeil Madden return new ListenerMapEntry(ssm, schemaListenerId, scm, configListenerId);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Returns modules whose authentication level is equals or bigger than
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * the authentication level specified, am empty set will be returned
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * if organization does not exist, or no matching authentication level
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * could be found.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param level Authentication level.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param orgDN Organization DN.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param clientType Client Type.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @return Set which contains module names, e.g. <code>LDAP, Cert,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * RADIUS</code>.
6cca41916c5a9e6c4706f3aaf0e2291b8c727b9bNeil Madden public Set<String> getModulesForLevel(int level, String orgDN, String clientType) {
6cca41916c5a9e6c4706f3aaf0e2291b8c727b9bNeil Madden Map<String, Integer> map = authLevelMap.get(orgDN);
6cca41916c5a9e6c4706f3aaf0e2291b8c727b9bNeil Madden Set<String> set = getModuleForLevel(level, map);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster debug.message("getModuleForLevel " + level + ", org=" + orgDN +
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster debug.message("getModuleForLevel, modules=" + set);
6cca41916c5a9e6c4706f3aaf0e2291b8c727b9bNeil Madden private Map<String, Integer> initOrgAuthLevel(String orgDN) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // new map contains the module to auth level mapping
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // get all enabled auth modules for this org
6cca41916c5a9e6c4706f3aaf0e2291b8c727b9bNeil Madden manager = new AMAuthenticationManager(AuthD.getAuth().getSSOAuthSession(), orgDN);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster allowedModules = manager.getAllowedModuleNames();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster debug.message("initOrgAuthLevel process " + module);
6cca41916c5a9e6c4706f3aaf0e2291b8c727b9bNeil Madden final AMAuthenticationInstance instance = manager.getAuthenticationInstance(module);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // get the auth level attribute
6cca41916c5a9e6c4706f3aaf0e2291b8c727b9bNeil Madden String attrName = AMAuthConfigUtils.getAuthLevelAttribute(attrs, instance.getType());
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String authLevel = CollectionHelper.getMapAttr(attrs, attrName);
6cca41916c5a9e6c4706f3aaf0e2291b8c727b9bNeil Madden if (authLevel != null && authLevel.length() != 0) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster debug.error("initOrgAuthLevel, invalid level", e);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster debug.message("globalAuthLevel MAP " + globalAuthLevelMap);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster debug.message("initOrgAuthLevel add " + module);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // add the mapping to the map
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // add to the authLevelMap
6cca41916c5a9e6c4706f3aaf0e2291b8c727b9bNeil Madden Map<String, Integer> previousMap = authLevelMap.putIfAbsent(orgDN, map);
6cca41916c5a9e6c4706f3aaf0e2291b8c727b9bNeil Madden // We lost the race
6cca41916c5a9e6c4706f3aaf0e2291b8c727b9bNeil Madden private Set<String> getModuleForLevel(int level, Map<String, Integer> map) {
6cca41916c5a9e6c4706f3aaf0e2291b8c727b9bNeil Madden for (final Map.Entry<String, Integer> entry : map.entrySet()) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Implements methods in <code>com.sun.identity.sm.ServiceListener</code>
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param serviceName
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param version
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param groupName
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param serviceComponent
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param type
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster debug.message("authlevel : globalConfigChanged " + serviceName +
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (serviceName.equals(ISAuthConstants.AUTH_SERVICE_NAME)) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster AMAuthenticationManager.reInitializeAuthServices();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Implements methods in <code>com.sun.identity.sm.ServiceListener</code>.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param serviceName
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param version
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param orgName
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param groupName
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param serviceComponent
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param type
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster debug.message("authlevel : orgConfigChanged " + serviceName +
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster ", ver=" + version + ", org=" + orgName + ", group=" +
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster groupName + ", componnet=" + serviceComponent +
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // update auth level map for the org
cb2437f97da72f3556bace2a129fa5d48e1aa9cfPeter Major // this listener event should be conditioned only for ADDED and REMOVED. SM will provide special MODIFIED type
cb2437f97da72f3556bace2a129fa5d48e1aa9cfPeter Major // for removal of all attributes(for the default instance)
cb2437f97da72f3556bace2a129fa5d48e1aa9cfPeter Major AMAuthenticationManager.updateModuleInstanceTable(orgName, serviceName);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // process auth config updates
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster updateAuthConfiguration(serviceName, orgName, serviceComponent);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Implements methods in <code>com.sun.identity.sm.ServiceListener</code>.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param serviceName
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param version
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public void schemaChanged(String serviceName, String version) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster debug.message("authlevel : schemaChanged " + serviceName +
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // if it is iPlanetAMAuthService, initialize listeners
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // since new modules might be added or old modules removed
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster //HashMap will replace if there is existing one already
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster //this is necessary because ServiceSchemaManagerImpl will
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster //be cleared and therefore will be stale
6cca41916c5a9e6c4706f3aaf0e2291b8c727b9bNeil Madden String moduleName = moduleServiceMap.get(serviceName);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // just in case ssm or scm already has AMAuthLevelManager registered
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // will remove existing one and replace it with new one.
6cca41916c5a9e6c4706f3aaf0e2291b8c727b9bNeil Madden ListenerMapEntry entry = listenerMap.remove(moduleName);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster debug.error("can't add listener for " + serviceName, e);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // process auth configuration updates
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster debug.message("defaultAuthLevel: " + defaultAuthLevel);
6cca41916c5a9e6c4706f3aaf0e2291b8c727b9bNeil Madden Map<String, Integer> map = authLevelMap.get(orgDN);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster //same fix needed for 6.3 too.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Removes all service listeners for the specified authentication
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * configuration.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param configName Name of authentication configuration.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster protected void removeAuthConfigListener(String configName) {
6cca41916c5a9e6c4706f3aaf0e2291b8c727b9bNeil Madden removeConfigListenerEntry(singleton(configName));
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Register auth config listener for a auth modules or auth
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * configuration service.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param service Service name, e.g. iPlanetAMAuthLDAPService
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param name Auth config name
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster protected void addAuthConfigListener(String service, String name) {
6cca41916c5a9e6c4706f3aaf0e2291b8c727b9bNeil Madden Set<String> set = authConfigListenerMap.get(service);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Processes authentication configuration update upon service change
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * notification.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param serviceName Name of the service which was changed.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param orgName Organization DN.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param componentName Name of the component changed.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster private synchronized void updateAuthConfiguration(
6cca41916c5a9e6c4706f3aaf0e2291b8c727b9bNeil Madden Set<String> set = authConfigListenerMap.get(serviceName);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // no auth config listener for this service
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // new set to hold entries which will be updated
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // need to remove them from other entries in the authConfigListenerMap
6cca41916c5a9e6c4706f3aaf0e2291b8c727b9bNeil Madden if (processAuthConfigEntry(serviceName, orgName,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster debug.message("updateAuthConfiguration, updated=" + updatedEntries);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // now we need to remove the update auth config entries from
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // other entries in authConfigListenerMap
6cca41916c5a9e6c4706f3aaf0e2291b8c727b9bNeil Madden private void removeConfigListenerEntry(Set<String> updatedEntries) {
6cca41916c5a9e6c4706f3aaf0e2291b8c727b9bNeil Madden synchronized (authConfigListenerMap) {
6cca41916c5a9e6c4706f3aaf0e2291b8c727b9bNeil Madden for (final Map.Entry<String, Set<String>> entry : authConfigListenerMap.entrySet()) {
6cca41916c5a9e6c4706f3aaf0e2291b8c727b9bNeil Madden debug.message("updateAuthConfiguration, check " + service + ", entries=" + entries);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Processes one authentication configuration entry upon service change
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * notification. Check if this entry need to be updated based on the
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * notification information, if so, call AMAuthConfiguration to update
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * auth config for this entry.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param serviceName Name of the service which was changed
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param orgName Organization DN.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param componentName Name of the component changed.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param configName Authentication configuration name.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @return true if the auth config is updated.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // check if we need to update config based on service names
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster boolean needUpdate = false;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // always update for schema changes
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster serviceName.startsWith(ISAuthConstants.AUTH_ATTR_PREFIX_NEW)) &&
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // Login Module or Core auth changed,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // module name looks like following
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // iPlanetAMAuth<Module_Name>Service
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // check if it is for this org
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster AMAuthConfigType type = new AMAuthConfigType(configName);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster } else if (serviceName.equals(AMAuthConfigUtils.SERVICE_NAME)) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // configuration service changed.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // find out subconfig name
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // hold the service name
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (i != -1) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // convert name to AMAuthConfigType
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster AMAuthConfigType type = new AMAuthConfigType(configName);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster (AuthD.revisionNumber >= ISAuthConstants.AUTHSERVICE_REVISION7_0
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster || (type.getIndexType() == AMAuthConfigType.SERVICE &&
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // match index type, service name & orgnanization DN
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster debug.message(configName + " matches " + temp);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster debug.message("processSMNotification, name=" + configName);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster ((AMConfiguration)Configuration.getConfiguration())
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Retreives and updates the service organization schema's global
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * authentication level map with the changed authentication level.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster private void updateGlobalAuthLevelMap(String serviceName) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster debug.message("updateGlobalAuthLevelMap for " + serviceName);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster ServiceSchemaManager ssm = new ServiceSchemaManager(serviceName,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster ServiceSchema schema = ssm.getOrganizationSchema();
6cca41916c5a9e6c4706f3aaf0e2291b8c727b9bNeil Madden String module = moduleServiceMap.get(serviceName);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if ( (module != null) && module.length() > 0 ) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster AMAuthConfigUtils.getAuthLevelAttribute(attrs, module);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String authLevel = CollectionHelper.getMapAttr(attrs, attrName);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if ((authLevel != null) && (authLevel.length() > 0)) {
fd221febac22042d455264918986340e0ed02ce1James Phillpotts Integer level = Integer.valueOf(authLevel);
fd221febac22042d455264918986340e0ed02ce1James Phillpotts debug.message("authLevel is : {}", authLevel);
fd221febac22042d455264918986340e0ed02ce1James Phillpotts debug.message("globalAuthLevelMap is : {}", globalAuthLevelMap);
fd221febac22042d455264918986340e0ed02ce1James Phillpotts debug.warning("No auth level for module {}", module);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster debug.message("Error retrieving service schema " , e);
6cca41916c5a9e6c4706f3aaf0e2291b8c727b9bNeil Madden * Holds information on registered service and config listeners so that they can be de-registered when no longer
6cca41916c5a9e6c4706f3aaf0e2291b8c727b9bNeil Madden private final ServiceSchemaManager serviceSchemaManager;
6cca41916c5a9e6c4706f3aaf0e2291b8c727b9bNeil Madden private final ServiceConfigManager serviceConfigManager;
6cca41916c5a9e6c4706f3aaf0e2291b8c727b9bNeil Madden ListenerMapEntry(final ServiceSchemaManager serviceSchemaManager, final String schemaListenerId,
6cca41916c5a9e6c4706f3aaf0e2291b8c727b9bNeil Madden final ServiceConfigManager serviceConfigManager, final String configListenerId) {
6cca41916c5a9e6c4706f3aaf0e2291b8c727b9bNeil Madden this.serviceSchemaManager = serviceSchemaManager;
6cca41916c5a9e6c4706f3aaf0e2291b8c727b9bNeil Madden this.serviceConfigManager = serviceConfigManager;
6cca41916c5a9e6c4706f3aaf0e2291b8c727b9bNeil Madden * Removes the registered listeners. Any errors that occur will be logged and swallowed.
6cca41916c5a9e6c4706f3aaf0e2291b8c727b9bNeil Madden serviceSchemaManager.removeListener(schemaListenerId);
6cca41916c5a9e6c4706f3aaf0e2291b8c727b9bNeil Madden serviceConfigManager.removeListener(configListenerId);
6cca41916c5a9e6c4706f3aaf0e2291b8c727b9bNeil Madden } catch (Exception e) {
6cca41916c5a9e6c4706f3aaf0e2291b8c727b9bNeil Madden debug.error("AMAuthLevelManager: removeListeners", e);