AMAuthLevelManager.java revision cb2437f97da72f3556bace2a129fa5d48e1aa9cf
/**
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
*
* Copyright (c) 2005 Sun Microsystems Inc. All Rights Reserved
*
* The contents of this file are subject to the terms
* of the Common Development and Distribution License
* (the License). You may not use this file except in
* compliance with the License.
*
* You can obtain a copy of the License at
* See the License for the specific language governing
* permission and limitations under the License.
*
* When distributing Covered Code, include this CDDL
* Header Notice in each file and include the License file
* at opensso/legal/CDDLv1.0.txt.
* If applicable, add the following below the CDDL Header,
* with the fields enclosed by brackets [] replaced by
* your own identifying information:
* "Portions Copyrighted [year] [name of copyright owner]"
*
* $Id: AMAuthLevelManager.java,v 1.3 2008/06/25 05:41:51 qcheng Exp $
*
* Portions Copyrighted 2012-2015 ForgeRock AS.
*/
/**
* Manager for module authentication level, this class provides methods to
* retrieve modules which satisfied specific authentication level requirement.
* It keeps a cache copy of all module authentication level for all
* organizations, and implements <code>ServiceListener</code> so the cache
* could be updated when changes happened.
*/
public class AMAuthLevelManager implements ServiceListener {
// instance
/**
* listener Map for the auth modules, key is the module name,
* value is a List which contain the <code>ServiceSchemaManager</code>,
* listener ID, <code>ServiceConfigmanager</code> and listener ID.
*/
/**
* Map to hold authentication level for all organizations. Map of
* organization DN to a map of authentication module odule name (String) to
* module authentication level(Integer).
*/
/**
* Map to hold all supported modules for organizations. Map of
* organization DN to a set of all supported modules for the organization.
*/
/**
* Map of service name to authentication config name. This is the map to
* register all auth configuration names which are affected by the service
* changes. Upon notification on the service change, the listened
* authentication configuration need to be checked.
*/
/**
* Constructor
*/
private AMAuthLevelManager() {
initialize();
}
/**
* Returns manager instance.
*
* @return <code>AMAuthLevelManager</code>.
*/
public static AMAuthLevelManager getInstance() {
synchronized (AMAuthLevelManager.class) {
instance = new AMAuthLevelManager();
}
}
}
return instance;
}
// register listener for the specified service
// check if the listener for the service is registered already
if (debug.messageEnabled()) {
}
// remove from original map
synchronized (listenerMap) {
}
} else {
// create new listener
try {
}
} catch (Exception e) {
return;
}
}
}
/**
* Reads the <code>iplanet-am-auth-authenticators</code> attribute.
* Adds listener to <code>iPlanetAMAuthService</code>,
* <code>iPlanetAMAuthConfiguration</code> and all login modules.
*/
private synchronized void initialize() {
// register listener for iPlanetAMAuthService
// register listener for iPlanetAMAuthConfiguration
// get All auth modules
// register all listeners from it
// check if the listener for the module is registered already
if (debug.messageEnabled()) {
}
// remove from original map
synchronized (listenerMap) {
}
} else {
// create new listener
try {
}
} catch (Exception e) {
// this is OK since some modules might not have
// xml config defined
if (debug.messageEnabled()) {
e.getMessage());
}
}
}
if ((moduleServiceMap != null) &&
) {
}
// get organization schema auth level for module
}
}
// remove listeners remains in listenerMap : module removed
if (!listenerMap.isEmpty()) {
try {
} catch (Exception e) {
}
}
}
// reassign map
synchronized (listenerMap) {
}
}
throws SMSException, SSOException {
if (debug.messageEnabled()) {
}
// add Service Schema Listener
try {
} catch (ServiceNotFoundException e) {
// service not defined, this is OK, since Application/Cert
// module does not define any xml file
return null;
}
// new List to hold return
// add Service Config Manager
try {
} catch (ServiceNotFoundException e) {
// service not defined, this is OK, since Application/Cert
// module does not define any xml file
return null;
}
return list;
}
/**
* Returns modules whose authentication level is equals or bigger than
* the authentication level specified, am empty set will be returned
* if organization does not exist, or no matching authentication level
* could be found.
*
* @param level Authentication level.
* @param orgDN Organization DN.
* @param clientType Client Type.
* @return Set which contains module names, e.g. <code>LDAP, Cert,
* RADIUS</code>.
*/
}
return Collections.EMPTY_SET;
}
if (debug.messageEnabled()) {
", modules=" + set);
}
if (debug.messageEnabled()) {
}
return set;
}
// new map contains the module to auth level mapping
try {
// get all enabled auth modules for this org
manager = new AMAuthenticationManager(
// put the allowed modules into the map
synchronized (supportedModulesMap) {
}
} catch (Exception e) {
return map;
}
if (!allowedModules.isEmpty()) {
if (debug.messageEnabled()) {
}
continue;
}
// get the auth level attribute
try {
} catch (Exception e) {
}
}
if (debug.messageEnabled()) {
}
// add the mapping to the map
}
}
}
// add to the authLevelMap
synchronized (authLevelMap) {
}
return map;
}
}
}
return set;
}
/**
* Implements methods in <code>com.sun.identity.sm.ServiceListener</code>
*
* @param serviceName
* @param version
* @param groupName
* @param serviceComponent
* @param type
*/
public void globalConfigChanged(
int type) {
if (debug.messageEnabled()) {
", componnet=" + serviceComponent +
", type=" + type);
}
}
}
/**
* Implements methods in <code>com.sun.identity.sm.ServiceListener</code>.
*
* @param serviceName
* @param version
* @param orgName
* @param groupName
* @param serviceComponent
* @param type
*/
public void organizationConfigChanged(
int type) {
if (debug.messageEnabled()) {
", type=" + type);
}
// update auth level map for the org
synchronized (authLevelMap) {
}
// updated supported authentication modules for this org
// this is needed for 6.3 and earlier releases.
synchronized (supportedModulesMap) {
}
}
// this listener event should be conditioned only for ADDED and REMOVED. SM will provide special MODIFIED type
// for removal of all attributes(for the default instance)
// process auth config updates
}
/**
* Implements methods in <code>com.sun.identity.sm.ServiceListener</code>.
*
* @param serviceName
* @param version
*/
if (debug.messageEnabled()) {
", ver=" + version);
}
// if it is iPlanetAMAuthService, initialize listeners
// since new modules might be added or old modules removed
initialize();
} else {
//HashMap will replace if there is existing one already
//this is necessary because ServiceSchemaManagerImpl will
//be cleared and therefore will be stale
try {
// just in case ssm or scm already has AMAuthLevelManager registered
// will remove existing one and replace it with new one.
try {
} catch (Exception e) {
// this is harmless
}
}
synchronized (listenerMap) {
}
}
} catch (Exception e) {
return;
}
}
}
// process auth configuration updates
}
public int getLevelForModule(
if (debug.messageEnabled()) {
}
}
if (debug.messageEnabled()) {
}
}
//same fix needed for 6.3 too.
}
if (debug.messageEnabled()) {
}
return level;
}
if (debug.messageEnabled()) {
}
return Collections.EMPTY_SET;
}
}
if (debug.messageEnabled()) {
}
return modules;
}
/**
* Removes all service listeners for the specified authentication
* configuration.
*
* @param configName Name of authentication configuration.
*/
}
/**
* Register auth config listener for a auth modules or auth
* configuration service.
* @param service Service name, e.g. iPlanetAMAuthLDAPService
* @param name Auth config name
*/
synchronized(authConfigListenerMap) {
}
} else {
synchronized (set) {
}
}
}
/**
* Processes authentication configuration update upon service change
* notification.
*
* @param serviceName Name of the service which was changed.
* @param orgName Organization DN.
* @param componentName Name of the component changed.
*/
private synchronized void updateAuthConfiguration(
// no auth config listener for this service
return;
}
// new set to hold entries which will be updated
// need to remove them from other entries in the authConfigListenerMap
componentName, configName)) {
if (updatedEntries == null) {
updatedEntries = new HashSet();
}
}
}
if (updatedEntries == null) {
return;
}
if (debug.messageEnabled()) {
}
// now we need to remove the update auth config entries from
// other entries in authConfigListenerMap
}
synchronized(authConfigListenerMap) {
if (debug.messageEnabled()) {
}
}
}
}
}
/**
* Processes one authentication configuration entry upon service change
* notification. Check if this entry need to be updated based on the
* notification information, if so, call AMAuthConfiguration to update
* auth config for this entry.
*
* @param serviceName Name of the service which was changed
* @param orgName Organization DN.
* @param componentName Name of the component changed.
* @param configName Authentication configuration name.
* @return true if the auth config is updated.
*/
private boolean processAuthConfigEntry(
String configName) {
// check if we need to update config based on service names
boolean needUpdate = false;
// always update for schema changes
needUpdate = true;
// Login Module or Core auth changed,
// module name looks like following
// iPlanetAMAuth<Module_Name>Service
// check if it is for this org
needUpdate = true;
}
// configuration service changed.
// find out subconfig name
// hold the service name
if (i != -1) {
} else {
}
// convert name to AMAuthConfigType
)) {
// match index type, service name & orgnanization DN
if (debug.messageEnabled()) {
}
needUpdate = true;
}
}
if (needUpdate) {
if (debug.messageEnabled()) {
}
}
return needUpdate;
}
/**
* Retreives and updates the service organization schema's global
* authentication level map with the changed authentication level.
*/
if (debug.messageEnabled()) {
}
try {
}
}
if (debug.messageEnabled()) {
"globalAuthLevelMap is :" + globalAuthLevelMap);
}
}
} catch (Exception e) {
if (debug.messageEnabled()) {
}
}
}
}