8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Copyright (c) 2005 Sun Microsystems Inc. All Rights Reserved
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * The contents of this file are subject to the terms
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * of the Common Development and Distribution License
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * (the License). You may not use this file except in
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * compliance with the License.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * You can obtain a copy of the License at
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * https://opensso.dev.java.net/public/CDDLv1.0.html or
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * See the License for the specific language governing
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * permission and limitations under the License.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * When distributing Covered Code, include this CDDL
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Header Notice in each file and include the License file
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * If applicable, add the following below the CDDL Header,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * with the fields enclosed by brackets [] replaced by
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * your own identifying information:
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * "Portions Copyrighted [year] [name of copyright owner]"
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * $Id: AMAuthenticationManager.java,v 1.9 2009/08/05 19:57:27 qcheng Exp $
cb2437f97da72f3556bace2a129fa5d48e1aa9cfPeter Major * Portions Copyrighted 2011-2015 ForgeRock AS.
4feaf0dfdbd264b8e1136c57c44123da3ba5a365Kohei Tamura * Portions Copyrighted 2014 Nomura Research Institute, Ltd
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport com.sun.identity.authentication.service.AuthUtils;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport com.sun.identity.authentication.util.ISAuthConstants;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport com.sun.identity.security.AdminTokenAction;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport com.sun.identity.sm.ServiceConfigManager;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport com.sun.identity.sm.ServiceSchemaManager;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport com.sun.identity.sm.OrganizationConfigManager;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * This class provides interfaces to manage authentication module instances.
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major private static final String BUNDLE_NAME = "amAuthConfig";
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major private static final Debug DEBUG = Debug.getInstance(BUNDLE_NAME);
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major private static final Set<String> AUTH_TYPES = new HashSet<String>();
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major private static final Map<String, String> MODULE_SERVICE_NAMES = new ConcurrentHashMap<String, String>();
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major private static final Set<String> GLOBAL_MODULE_NAMES = new HashSet<String>();
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major private static final Map<String, Map<String, Set<String>>> MODULE_INSTANCE_TABLE = Collections.synchronizedMap(
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major new HashMap<String, Map<String, Set<String>>>());
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major * Constructs an instance of <code>AMAuthenticationManager</code> for the specified realm to manage the
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major * authentication module instances available to this realm.
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major * @param token Single sign on token of the user identity on whose behalf the operations are performed.
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major * @param org The realm in which the module instance management is performed.
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major * @throws AMConfigurationException if Service Management related error occurs.
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major public AMAuthenticationManager(SSOToken token, String org) throws AMConfigurationException {
802a57637c62f88161c7d7a6adb6c4ab46e6d19bTom Rumsey this.realm = DNUtils.normalizeDN(com.sun.identity.sm.DNMapper.orgNameToDN(org));
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major throw new AMConfigurationException(BUNDLE_NAME, "badRealm",
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster synchronized (AMAuthenticationManager.class) {
cb2437f97da72f3556bace2a129fa5d48e1aa9cfPeter Major if (!MODULE_INSTANCE_TABLE.containsKey(realm)) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if ((installTime != null) && installTime.equalsIgnoreCase("false")){
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Re-initializes the module services.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * This method is meant for global authentication configuration change.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public static synchronized void reInitializeAuthServices() {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Returns a Set contains all the authentication types that are plugged in
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * this server.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @return Set of String values of the authentication types available on
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * this server.
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major public static Set<String> getAuthenticationTypes() {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Returns a Set contains all the module service names that are plugged in
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * this server.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @return Set of String values of the module service names available on
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * this server.
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major public static Set<String> getAuthenticationServiceNames() {
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major Set<String> names = new HashSet<String>(MODULE_SERVICE_NAMES.values());
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major DEBUG.message("Authenticator serviceNames: " + names);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Returns authentication service name of a module.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param moduleName Name of authentication module.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @return authentication service name of a module.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public static String getAuthenticationServiceName(String moduleName) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * This code makes the authentication type list static. In case the list
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * is expanded or shrinked, the server needs to be restarted.
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major private static void initAuthenticationService() {
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major ServiceSchemaManager scm = new ServiceSchemaManager(ISAuthConstants.AUTH_SERVICE_NAME, token);
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major Set<String> authenticators = (Set<String>) schema.getAttributeDefaults().get(
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major // Application is not one of the selectable instance type.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (!module.equals(ISAuthConstants.APPLICATION_MODULE)) {
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major String serviceName = MODULE_SERVICE_NAMES.get(module);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster serviceName = AuthUtils.getModuleServiceName(module);
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major DEBUG.message("Global module names: " + GLOBAL_MODULE_NAMES);
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major DEBUG.message("moduleServiceNames: " + MODULE_SERVICE_NAMES);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if ((installTime != null) && installTime.equalsIgnoreCase("false")){
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major DEBUG.error("Failed to get module types", smse);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * build the module instance table for the realm.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * format of this table:
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Table: key = realm, value = module Map for the realm.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * module Map for the realm:
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * key = module type, value = Set of module instances
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster private static void buildModuleInstanceTable(SSOToken token, String realm) {
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major for (String service : MODULE_SERVICE_NAMES.values()) {
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major DEBUG.message("building module instance table error", e);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Updates the static module instance table for the specified service in
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * the realm.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param realm The realm in which the operation is processed.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param serviceName the service for which the table is built.
cb2437f97da72f3556bace2a129fa5d48e1aa9cfPeter Major private static synchronized void buildModuleInstanceForService(
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major DEBUG.message("start moduleInstanceTable : " + MODULE_INSTANCE_TABLE +
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster " for realm : " + realm + " and service : " + serviceName);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String moduleName = getModuleName(serviceName);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if ((moduleName != null) && (moduleName.length() != 0)) {
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major ServiceConfigManager scm = new ServiceConfigManager(serviceName, getAdminToken());
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster ServiceConfig config = scm.getOrganizationConfig(realm, null);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster "buildModuleInstanceForService: Service="
802a57637c62f88161c7d7a6adb6c4ab46e6d19bTom Rumsey + serviceName + " not configured in realm=" + realm);
802a57637c62f88161c7d7a6adb6c4ab46e6d19bTom Rumsey realm = DNUtils.normalizeDN(com.sun.identity.sm.DNMapper.orgNameToDN(realm));
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major synchronized (MODULE_INSTANCE_TABLE) {
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major Map<String, Set<String>> moduleMap = MODULE_INSTANCE_TABLE.remove(realm);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * this code is to not manipulate the hashmap that might
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * be in iteration by other threads
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major Map<String, Set<String>> newMap = new HashMap<String, Set<String>>(moduleMap);
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major Set<String> instanceSet = new HashSet<String>();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster defaultAttrs = config.getAttributesWithoutDefaults();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (defaultAttrs != null && !defaultAttrs.isEmpty()) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * this operation is safe as moduleMap is a local object
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (moduleMap != null && !moduleMap.isEmpty()) {
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major DEBUG.message("build module instance for service error: " , e);
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major DEBUG.message("return moduleInstanceTable: " + MODULE_INSTANCE_TABLE);
cb2437f97da72f3556bace2a129fa5d48e1aa9cfPeter Major * Updates the module instance table for the authentication service if the module instance table was already
cb2437f97da72f3556bace2a129fa5d48e1aa9cfPeter Major * cached for the provided realm.
cb2437f97da72f3556bace2a129fa5d48e1aa9cfPeter Major * @param realm The realm where the configuration has changed.
cb2437f97da72f3556bace2a129fa5d48e1aa9cfPeter Major * @param serviceName The authentication module's service name.
cb2437f97da72f3556bace2a129fa5d48e1aa9cfPeter Major public static synchronized void updateModuleInstanceTable(String realm, String serviceName) {
cb2437f97da72f3556bace2a129fa5d48e1aa9cfPeter Major realm = com.sun.identity.sm.DNMapper.orgNameToDN(realm);
cb2437f97da72f3556bace2a129fa5d48e1aa9cfPeter Major buildModuleInstanceForService(realm, serviceName);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // get the module name from its service name.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster private static String getModuleName(String serviceName) {
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major for (String moduleName : MODULE_SERVICE_NAMES.keySet()) {
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major if (MODULE_SERVICE_NAMES.get(moduleName).equals(serviceName)) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Returns an <code>AMAuthenticationSchema</code> object for the specified
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * authentication type.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param authType Type of the authentication module instance.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @return <code>AMAuthenticationSchema</code> object of the specified
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * authentication type.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @throws AMConfigurationException if error occurred during retrieving
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * the service schema.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public AMAuthenticationSchema getAuthenticationSchema(String authType)
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster return getAuthenticationSchema(authType, token);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster private static AMAuthenticationSchema getAuthenticationSchema(
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String authType, SSOToken token) throws AMConfigurationException {
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major DEBUG.message("getting auth schema for " + authType);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster ServiceSchemaManager scm = new ServiceSchemaManager(serviceName,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster ServiceSchema orgSchema = scm.getOrganizationSchema();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster ServiceSchema subSchema = orgSchema.getSubSchema(
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // using the sub schema in new auth config.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // fall back to the org schema if the DIT is old.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Returns the <code>AMAuthenticationInstance</code> object whose name is
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * as specified.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Name uniqueness is required for the instances among the same realm, as
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * well as the instances that are available to this realm.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param authName Authentication instance name.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @return The <code>AMAuthenticationInstance</code> object that is
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * associated with the authentication instance name.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public AMAuthenticationInstance getAuthenticationInstance(String authName) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster return getAuthenticationInstance(authName, type);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Returns an <code>AMAuthenticationInstance</code> object with the give
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * authentication name and type.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster private AMAuthenticationInstance getAuthenticationInstance(
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // for global authentication modules
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster return new AMAuthenticationInstance(authName, type, null, null);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster ssm = new ServiceSchemaManager( serviceName, token);
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major DEBUG.message("Instance type does not exist: " + type);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // normal exception for some schemas without global configuration.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // no need to log anything.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster scm = new ServiceConfigManager(serviceName, token);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster service = scm.getOrganizationConfig(realm, null);
a8e92a7742f5a342600fad6421fd47602a2f6780Phill Cunnington // Must check if there is a sub-config with the auth
a8e92a7742f5a342600fad6421fd47602a2f6780Phill Cunnington // type as the name otherwise it will not be returned.
a8e92a7742f5a342600fad6421fd47602a2f6780Phill Cunnington && service.getSubConfig(authName) == null) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster orgAttrs = service.getAttributesWithoutDefaults();
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major DEBUG.warning("Token doesn't have access to service: " +
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // normal exception for global service configuration.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // no need to log anything.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster for (Iterator it=orgAttrs.entrySet().iterator(); it.hasNext();){
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if ((((String)e.getKey()).endsWith("passwd")) ||
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major DEBUG.message(e.getKey() + ": " + e.getValue());
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if ((globalAttrs != null && ! globalAttrs.isEmpty()) ||
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster return new AMAuthenticationInstance(authName, type,service,schema);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Returns the type of the authentication module instance with the
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * specified instance name.
1cb968daf78963d139ff89a7b192e85314e82509James Phillpotts public String getAuthInstanceType(String authName) {
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major Map<String, Set<String>> moduleMap = MODULE_INSTANCE_TABLE.get(realm);
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major Set<String> instanceNames = moduleMap.get(type);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Returns a Set of all registered module instance names for a module type,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * including both the old instances from 6.3 DIT and the new instances
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major public Set<String> getModuleInstanceNames(String aModuleType) {
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major Map<String, Set<String>> moduleMap = MODULE_INSTANCE_TABLE.get(realm);
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major if (moduleMap != null || !GLOBAL_MODULE_NAMES.isEmpty()) {
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major DEBUG.message("Registered module names: " + instances);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Returns a Set of all registered module instance names, including
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * both the old instances from 6.3 DIT and the new instances in 7.0.
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major private Set<String> getRegisteredModuleNames() {
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major Map<String, Set<String>> moduleMap = MODULE_INSTANCE_TABLE.get(realm);
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major if (moduleMap != null || !GLOBAL_MODULE_NAMES.isEmpty()) {
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major DEBUG.message("Registered module names: " + instances);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Returns a Set of module instance names that is allowed for this
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * organization.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Since this is only needed for 6.3 and earlier, for 7.0 it returns an
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * empty set.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @return a Set of String values for module instance names.
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major if (AuthUtils.getAuthRevisionNumber() >= ISAuthConstants.AUTHSERVICE_REVISION7_0) {
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major Map<String, Set<String>> attrMap = orgServiceConfig.getAttributes();
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major Set<String> defaultModuleNames = attrMap.get(ISAuthConstants.AUTH_ALLOWED_MODULES);
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major if (defaultModuleNames != null && !GLOBAL_MODULE_NAMES.isEmpty()) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster retVal.remove(ISAuthConstants.APPLICATION_MODULE);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster /* return true if this module is from 6.3 DIT */
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster private boolean isInheritedAuthInstance(String name) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster Map attrMap = orgServiceConfig.getAttributes();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (defaultModuleNames != null && defaultModuleNames.contains(name)) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster return true;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster return false;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster ServiceConfigManager scm = new ServiceConfigManager(
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if ((installTime != null) && installTime.equalsIgnoreCase("false")){
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major DEBUG.error("Service config for " + realm + " is null." +
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Returns the authentication module instances that are available to this
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * realm except the Application instance which is for internal use only.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @return A Set of <code>AMAuthenticationInstance</code> objects that are
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * available to this realm.
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major public Set<AMAuthenticationInstance> getAuthenticationInstances() {
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major Set<AMAuthenticationInstance> instanceSet = Collections.EMPTY_SET;
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major Map<String, Set<String>> moduleMap = MODULE_INSTANCE_TABLE.get(realm);
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major if (moduleMap != null || !GLOBAL_MODULE_NAMES.isEmpty()) {
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major instanceSet = new HashSet<AMAuthenticationInstance>();
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major if (name.equals(ISAuthConstants.APPLICATION_MODULE)) {
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major AMAuthenticationInstance instance = getAuthenticationInstance(name, name);
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major Set<String> instanceNameSet = moduleMap.get(type);
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major AMAuthenticationInstance instance = getAuthenticationInstance(name, type);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Creates an <code>AMAuthenticationInstance</code> instance with the
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * specified parameters.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param name Name of the authentication module instance.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param type Type of the authentication module instance.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param attributes A Map of parameters for this module instance.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @return <code>AMAuthenticationInstance</code> object is newly created.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @throws AMConfigurationException if error occurred during the
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * authentication creation.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public AMAuthenticationInstance createAuthenticationInstance(
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major throw new AMConfigurationException(BUNDLE_NAME, "wrongType",
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster AMAuthenticationInstance instance = getAuthenticationInstance(name);
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major DEBUG.warning("Token doesn't have access to service: " +
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // normal exception for service without global configuration.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // no need to log anything.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster OrganizationConfigManager ocm = new OrganizationConfigManager(
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // Check if service is assigned
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (!ocm.getAssignedServices().contains(serviceName)) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster ServiceConfig orgConfig = ocm.getServiceConfig(serviceName);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster orgConfig = ocm.addServiceConfig(serviceName, null);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster orgConfig.addSubConfig(name, ISAuthConstants.SERVER_SUBSCHEMA,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // if the module instance name equals to its type, set the
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // the attributes in its organization config, not sub config.
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major //In case of server mode AMAuthLevelManager will update AMAuthenticationManager about the change, and
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major //there is no need to reinitialize the configuration twice. In client mode it is less likely that
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major //AMAuthLevelManager listeners are in place, so let's reinitialize to be on the safe side.
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major buildModuleInstanceForService(realm, serviceName);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster return new AMAuthenticationInstance(name, type, subConfig, schema);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Deletes a specified authentication module instance.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param name Name of the authentication module instance going to be
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @throws AMConfigurationException if it fails to delete the
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * authentication instance.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public void deleteAuthenticationInstance(String name)
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster AMAuthenticationInstance instance = getAuthenticationInstance(name);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster ServiceConfig serviceConfig = instance.getServiceConfig();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // no subconfig
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster Map attrs = serviceConfig.getAttributesWithoutDefaults();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster serviceConfig.removeAttributes(attrs.keySet());
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // remove sub config
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String serviceName = serviceConfig.getServiceName();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster ServiceConfigManager scm = new ServiceConfigManager(
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster ServiceConfig orgConfig = scm.getOrganizationConfig(realm,null);
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major Set<String> moduleNames = new HashSet<String>();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster ISAuthConstants.AUTH_ALLOWED_MODULES, moduleNames);
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major //In case of server mode AMAuthLevelManager will update AMAuthenticationManager about the change, and
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major //there is no need to reinitialize the configuration twice. In client mode it is less likely that
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major //AMAuthLevelManager listeners are in place, so let's reinitialize to be on the safe side.
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major buildModuleInstanceForService(realm, serviceConfig.getServiceName());
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Returns <code>true</code> if this authentication module instance editable
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * by this user and/or in this realm.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param instance The authentication module instance.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @return <code>true</code> if editable.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public boolean isEditable(AMAuthenticationInstance instance) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster return true;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster private static String getServiceName(String module) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Returns <code>true</code> if the module instance with the specified
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * name is being used by any named configurations or not.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param moduleInstance Name of the module instance.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @return <code>true</code> if the module instance in use.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster private boolean isModuleInstanceInUse(String moduleInstance) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster boolean returnValue = false;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster ServiceConfigManager scm = new ServiceConfigManager(
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster ISAuthConstants.AUTHCONFIG_SERVICE_NAME, token);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster ServiceConfig oConfig = scm.getOrganizationConfig(realm, null);
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major DEBUG.message("Failed to get named sub configurations.");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster for (Iterator it = services.iterator(); it.hasNext(); ) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (serviceContains(service, moduleInstance)) {
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major DEBUG.message(moduleInstance + " is used in " + service);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Checks if the module instance name appears in the named configuration
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * definition.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param serviceName String value for the name of the named configuration.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param moduleInstance String value for the name of the module instance.
98519db6bb79987d312dc3a552f53793e440923dKohei Tamura * @return <code>true</code> if the module instance is in the service.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster private boolean serviceContains(String serviceName, String moduleInstance) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster boolean returnValue = false;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster dataMap = AMAuthConfigUtils.getNamedConfig(serviceName,
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major DEBUG.message("Failed to get named sub config attrs.");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster Set xmlConfigValues = (Set)dataMap.get(AMAuthConfigUtils.ATTR_NAME);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (xmlConfigValues != null && !xmlConfigValues.isEmpty()) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String xmlConfig = (String)xmlConfigValues.iterator().next();
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major DEBUG.message("service config for " + serviceName + " = "
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (xmlConfig != null && xmlConfig.length() != 0) {
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major Document doc = XMLUtils.toDOMDocument(xmlConfig, DEBUG);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster Set values = XMLUtils.getAttributeValuePair(vPair);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster for (Iterator it=values.iterator(); it.hasNext(); ) {
98519db6bb79987d312dc3a552f53793e440923dKohei Tamura if (moduleInfo.length > 0 && moduleInfo[0].equals(moduleInstance)) {