8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster/**
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster *
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Copyright (c) 2005 Sun Microsystems Inc. All Rights Reserved
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster *
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * The contents of this file are subject to the terms
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * of the Common Development and Distribution License
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * (the License). You may not use this file except in
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * compliance with the License.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster *
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * You can obtain a copy of the License at
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * https://opensso.dev.java.net/public/CDDLv1.0.html or
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * opensso/legal/CDDLv1.0.txt
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * See the License for the specific language governing
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * permission and limitations under the License.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster *
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * When distributing Covered Code, include this CDDL
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Header Notice in each file and include the License file
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * at opensso/legal/CDDLv1.0.txt.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * If applicable, add the following below the CDDL Header,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * with the fields enclosed by brackets [] replaced by
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * your own identifying information:
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * "Portions Copyrighted [year] [name of copyright owner]"
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster *
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * $Id: AMAuthenticationManager.java,v 1.9 2009/08/05 19:57:27 qcheng Exp $
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster *
cb2437f97da72f3556bace2a129fa5d48e1aa9cfPeter Major * Portions Copyrighted 2011-2015 ForgeRock AS.
4feaf0dfdbd264b8e1136c57c44123da3ba5a365Kohei Tamura * Portions Copyrighted 2014 Nomura Research Institute, Ltd
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster */
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterpackage com.sun.identity.authentication.config;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport com.iplanet.sso.SSOException;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport com.iplanet.sso.SSOToken;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport com.iplanet.am.util.SystemProperties;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport com.sun.identity.authentication.service.AuthUtils;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport com.sun.identity.authentication.util.ISAuthConstants;
802a57637c62f88161c7d7a6adb6c4ab46e6d19bTom Rumseyimport com.sun.identity.common.DNUtils;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport com.sun.identity.security.AdminTokenAction;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport com.sun.identity.shared.debug.Debug;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport com.sun.identity.shared.xml.XMLUtils;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport com.sun.identity.sm.SchemaType;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport com.sun.identity.sm.ServiceConfig;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport com.sun.identity.sm.ServiceConfigManager;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport com.sun.identity.sm.ServiceSchema;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport com.sun.identity.sm.ServiceSchemaManager;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport com.sun.identity.sm.OrganizationConfigManager;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport com.sun.identity.sm.SMSEntry;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport com.sun.identity.sm.SMSException;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport java.security.AccessController;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport java.util.Collections;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport java.util.HashMap;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport java.util.HashSet;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport java.util.Iterator;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport java.util.Map;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport java.util.Set;
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Majorimport java.util.concurrent.ConcurrentHashMap;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport org.w3c.dom.Document;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport org.w3c.dom.Element;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster/**
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * This class provides interfaces to manage authentication module instances.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster */
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterpublic class AMAuthenticationManager {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major private static final String BUNDLE_NAME = "amAuthConfig";
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major private static final Debug DEBUG = Debug.getInstance(BUNDLE_NAME);
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major private static final Set<String> AUTH_TYPES = new HashSet<String>();
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major private static final Map<String, String> MODULE_SERVICE_NAMES = new ConcurrentHashMap<String, String>();
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major private static final Set<String> GLOBAL_MODULE_NAMES = new HashSet<String>();
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major private static final Map<String, Map<String, Set<String>>> MODULE_INSTANCE_TABLE = Collections.synchronizedMap(
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major new HashMap<String, Map<String, Set<String>>>());
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster private SSOToken token;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster private String realm;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster private ServiceConfig orgServiceConfig;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster static {
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major initAuthenticationService();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster /**
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major * Constructs an instance of <code>AMAuthenticationManager</code> for the specified realm to manage the
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major * authentication module instances available to this realm.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster *
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major * @param token Single sign on token of the user identity on whose behalf the operations are performed.
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major * @param org The realm in which the module instance management is performed.
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major * @throws AMConfigurationException if Service Management related error occurs.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster */
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major public AMAuthenticationManager(SSOToken token, String org) throws AMConfigurationException {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster try {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster SMSEntry.validateToken(token);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster this.token = token;
802a57637c62f88161c7d7a6adb6c4ab46e6d19bTom Rumsey this.realm = DNUtils.normalizeDN(com.sun.identity.sm.DNMapper.orgNameToDN(org));
cb2437f97da72f3556bace2a129fa5d48e1aa9cfPeter Major
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster orgServiceConfig = getOrgServiceConfig();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (orgServiceConfig == null) {
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major throw new AMConfigurationException(BUNDLE_NAME, "badRealm",
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster new Object[]{realm});
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster synchronized (AMAuthenticationManager.class) {
cb2437f97da72f3556bace2a129fa5d48e1aa9cfPeter Major if (!MODULE_INSTANCE_TABLE.containsKey(realm)) {
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major buildModuleInstanceTable(token, realm);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster } catch (SMSException e) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster throw new AMConfigurationException(e);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster } catch (Exception ee) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String installTime = SystemProperties.get(
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster AdminTokenAction.AMADMIN_MODE);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if ((installTime != null) && installTime.equalsIgnoreCase("false")){
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major DEBUG.error("Token is invalid." , ee);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster /**
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Re-initializes the module services.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * This method is meant for global authentication configuration change.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster */
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public static synchronized void reInitializeAuthServices() {
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major AUTH_TYPES.clear();
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major GLOBAL_MODULE_NAMES.clear();
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major initAuthenticationService();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster /**
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Returns a Set contains all the authentication types that are plugged in
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * this server.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @return Set of String values of the authentication types available on
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * this server.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster */
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major public static Set<String> getAuthenticationTypes() {
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major return AUTH_TYPES;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster /**
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Returns a Set contains all the module service names that are plugged in
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * this server.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @return Set of String values of the module service names available on
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * this server.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster */
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major public static Set<String> getAuthenticationServiceNames() {
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major Set<String> names = new HashSet<String>(MODULE_SERVICE_NAMES.values());
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major if (DEBUG.messageEnabled()) {
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major DEBUG.message("Authenticator serviceNames: " + names);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster return names;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster /**
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Returns authentication service name of a module.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster *
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param moduleName Name of authentication module.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @return authentication service name of a module.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster */
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public static String getAuthenticationServiceName(String moduleName) {
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major return MODULE_SERVICE_NAMES.get(moduleName);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster /**
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * This code makes the authentication type list static. In case the list
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * is expanded or shrinked, the server needs to be restarted.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster */
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major private static void initAuthenticationService() {
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major SSOToken token = getAdminToken();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster try {
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major ServiceSchemaManager scm = new ServiceSchemaManager(ISAuthConstants.AUTH_SERVICE_NAME, token);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster ServiceSchema schema = scm.getGlobalSchema();
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major Set<String> authenticators = (Set<String>) schema.getAttributeDefaults().get(
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major ISAuthConstants.AUTHENTICATORS);
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major for (String module : authenticators) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster int index = module.lastIndexOf(".");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (index != -1) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster module = module.substring(index + 1);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major // Application is not one of the selectable instance type.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (!module.equals(ISAuthConstants.APPLICATION_MODULE)) {
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major AUTH_TYPES.add(module);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major String serviceName = MODULE_SERVICE_NAMES.get(module);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (serviceName == null) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster serviceName = AuthUtils.getModuleServiceName(module);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster try {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster new ServiceSchemaManager(serviceName, token);
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major MODULE_SERVICE_NAMES.put(module, serviceName);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster } catch (Exception e) {
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major GLOBAL_MODULE_NAMES.add(module);
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major AUTH_TYPES.remove(module);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major if (DEBUG.messageEnabled()) {
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major DEBUG.message("Global module names: " + GLOBAL_MODULE_NAMES);
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major DEBUG.message("moduleServiceNames: " + MODULE_SERVICE_NAMES);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster } catch (Exception smse) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String installTime = SystemProperties.get(
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster AdminTokenAction.AMADMIN_MODE);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if ((installTime != null) && installTime.equalsIgnoreCase("false")){
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major DEBUG.error("Failed to get module types", smse);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster /**
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * build the module instance table for the realm.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * format of this table:
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Table: key = realm, value = module Map for the realm.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * module Map for the realm:
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * key = module type, value = Set of module instances
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster */
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster private static void buildModuleInstanceTable(SSOToken token, String realm) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster try {
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major if (DEBUG.messageEnabled()) {
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major DEBUG.message("AMAuthenticationManager." +
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster "buildModuleInstanceTable: realm = " + realm);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major for (String service : MODULE_SERVICE_NAMES.values()) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster buildModuleInstanceForService(realm, service);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster } catch (Exception e) {
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major if (DEBUG.messageEnabled()) {
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major DEBUG.message("building module instance table error", e);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster /**
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Updates the static module instance table for the specified service in
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * the realm.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster *
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param realm The realm in which the operation is processed.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param serviceName the service for which the table is built.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster */
cb2437f97da72f3556bace2a129fa5d48e1aa9cfPeter Major private static synchronized void buildModuleInstanceForService(
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String realm,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String serviceName) {
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major if (DEBUG.messageEnabled()) {
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major DEBUG.message("start moduleInstanceTable : " + MODULE_INSTANCE_TABLE +
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster " for realm : " + realm + " and service : " + serviceName);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster try {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String moduleName = getModuleName(serviceName);
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major if (DEBUG.messageEnabled()) {
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major DEBUG.message("Module name : " + moduleName);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if ((moduleName != null) && (moduleName.length() != 0)) {
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major ServiceConfigManager scm = new ServiceConfigManager(serviceName, getAdminToken());
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster ServiceConfig config = scm.getOrganizationConfig(realm, null);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (config == null) {
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major if (DEBUG.messageEnabled()) {
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major DEBUG.message("AMAuthenticationManager." +
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster "buildModuleInstanceForService: Service="
802a57637c62f88161c7d7a6adb6c4ab46e6d19bTom Rumsey + serviceName + " not configured in realm=" + realm);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
802a57637c62f88161c7d7a6adb6c4ab46e6d19bTom Rumsey realm = DNUtils.normalizeDN(com.sun.identity.sm.DNMapper.orgNameToDN(realm));
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major synchronized (MODULE_INSTANCE_TABLE) {
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major Map<String, Set<String>> moduleMap = MODULE_INSTANCE_TABLE.remove(realm);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (moduleMap != null) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster /*
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * this code is to not manipulate the hashmap that might
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * be in iteration by other threads
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster */
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major Map<String, Set<String>> newMap = new HashMap<String, Set<String>>(moduleMap);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster newMap.remove(moduleName);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster moduleMap = newMap;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major Set<String> instanceSet = new HashSet<String>();
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major Map<String, Set<String>> defaultAttrs = null;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (config != null) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster defaultAttrs = config.getAttributesWithoutDefaults();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (defaultAttrs != null && !defaultAttrs.isEmpty()) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster instanceSet.add(moduleName);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major Set<String> instances = null;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (config != null) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster instances = config.getSubConfigNames();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (instances != null) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster instanceSet.addAll(instances);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (!instanceSet.isEmpty()){
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (moduleMap == null) {
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major moduleMap = new HashMap<String, Set<String>>();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster /*
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * this operation is safe as moduleMap is a local object
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * now.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster */
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster moduleMap.put(moduleName, instanceSet);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (moduleMap != null && !moduleMap.isEmpty()) {
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major MODULE_INSTANCE_TABLE.put(realm, moduleMap);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster } catch (Exception e) {
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major if (DEBUG.messageEnabled()) {
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major DEBUG.message("build module instance for service error: " , e);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major if (DEBUG.messageEnabled()) {
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major DEBUG.message("return moduleInstanceTable: " + MODULE_INSTANCE_TABLE);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
cb2437f97da72f3556bace2a129fa5d48e1aa9cfPeter Major
cb2437f97da72f3556bace2a129fa5d48e1aa9cfPeter Major /**
cb2437f97da72f3556bace2a129fa5d48e1aa9cfPeter Major * Updates the module instance table for the authentication service if the module instance table was already
cb2437f97da72f3556bace2a129fa5d48e1aa9cfPeter Major * cached for the provided realm.
cb2437f97da72f3556bace2a129fa5d48e1aa9cfPeter Major *
cb2437f97da72f3556bace2a129fa5d48e1aa9cfPeter Major * @param realm The realm where the configuration has changed.
cb2437f97da72f3556bace2a129fa5d48e1aa9cfPeter Major * @param serviceName The authentication module's service name.
cb2437f97da72f3556bace2a129fa5d48e1aa9cfPeter Major */
cb2437f97da72f3556bace2a129fa5d48e1aa9cfPeter Major public static synchronized void updateModuleInstanceTable(String realm, String serviceName) {
cb2437f97da72f3556bace2a129fa5d48e1aa9cfPeter Major realm = com.sun.identity.sm.DNMapper.orgNameToDN(realm);
cb2437f97da72f3556bace2a129fa5d48e1aa9cfPeter Major if (MODULE_INSTANCE_TABLE.containsKey(realm)) {
cb2437f97da72f3556bace2a129fa5d48e1aa9cfPeter Major buildModuleInstanceForService(realm, serviceName);
cb2437f97da72f3556bace2a129fa5d48e1aa9cfPeter Major }
cb2437f97da72f3556bace2a129fa5d48e1aa9cfPeter Major }
cb2437f97da72f3556bace2a129fa5d48e1aa9cfPeter Major
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // get the module name from its service name.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster private static String getModuleName(String serviceName) {
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major for (String moduleName : MODULE_SERVICE_NAMES.keySet()) {
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major if (MODULE_SERVICE_NAMES.get(moduleName).equals(serviceName)) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster return moduleName;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster return null;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster /**
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Returns an <code>AMAuthenticationSchema</code> object for the specified
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * authentication type.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster *
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param authType Type of the authentication module instance.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @return <code>AMAuthenticationSchema</code> object of the specified
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * authentication type.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @throws AMConfigurationException if error occurred during retrieving
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * the service schema.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster */
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public AMAuthenticationSchema getAuthenticationSchema(String authType)
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster throws AMConfigurationException {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster return getAuthenticationSchema(authType, token);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster private static AMAuthenticationSchema getAuthenticationSchema(
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String authType, SSOToken token) throws AMConfigurationException {
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major if (DEBUG.messageEnabled()) {
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major DEBUG.message("getting auth schema for " + authType);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster try {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster ServiceSchema serviceSchema;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String serviceName = getServiceName(authType);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster ServiceSchemaManager scm = new ServiceSchemaManager(serviceName,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster token);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster ServiceSchema orgSchema = scm.getOrganizationSchema();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster ServiceSchema subSchema = orgSchema.getSubSchema(
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster ISAuthConstants.SERVER_SUBSCHEMA);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (subSchema != null) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // using the sub schema in new auth config.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster serviceSchema = subSchema;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster } else {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // fall back to the org schema if the DIT is old.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster serviceSchema = orgSchema;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster AMAuthenticationSchema amschema =
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster new AMAuthenticationSchema(serviceSchema);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster return amschema;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster } catch (Exception e) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster throw new AMConfigurationException(e);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster /**
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Returns the <code>AMAuthenticationInstance</code> object whose name is
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * as specified.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Name uniqueness is required for the instances among the same realm, as
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * well as the instances that are available to this realm.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster *
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param authName Authentication instance name.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @return The <code>AMAuthenticationInstance</code> object that is
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * associated with the authentication instance name.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster */
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public AMAuthenticationInstance getAuthenticationInstance(String authName) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String type = getAuthInstanceType(authName);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (type == null) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster return null;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster return getAuthenticationInstance(authName, type);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster /**
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Returns an <code>AMAuthenticationInstance</code> object with the give
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * authentication name and type.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster */
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster private AMAuthenticationInstance getAuthenticationInstance(
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String authName,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String type){
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // for global authentication modules
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major if (GLOBAL_MODULE_NAMES.contains(authName)) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster return new AMAuthenticationInstance(authName, type, null, null);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String serviceName = getServiceName(type);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster AMAuthenticationInstance instance = null;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster ServiceConfigManager scm = null;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster ServiceSchemaManager ssm = null;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster try {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster ssm = new ServiceSchemaManager( serviceName, token);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster } catch (SMSException e) {
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major if (DEBUG.messageEnabled()) {
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major DEBUG.message("Instance type does not exist: " + type);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster return null;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster } catch (SSOException ee) {
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major DEBUG.error("SSO token is invalid", ee);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster return null;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster Map globalAttrs = null;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster ServiceSchema schema = null;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster try {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster schema = ssm.getSchema(SchemaType.GLOBAL);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (schema != null) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster globalAttrs = schema.getAttributeDefaults();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster } catch (SMSException e) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // normal exception for some schemas without global configuration.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // no need to log anything.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster Map orgAttrs = null;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster ServiceConfig service = null;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster try {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster scm = new ServiceConfigManager(serviceName, token);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster service = scm.getOrganizationConfig(realm, null);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (service != null) {
a8e92a7742f5a342600fad6421fd47602a2f6780Phill Cunnington if (authName.equals(type)
a8e92a7742f5a342600fad6421fd47602a2f6780Phill Cunnington // Must check if there is a sub-config with the auth
a8e92a7742f5a342600fad6421fd47602a2f6780Phill Cunnington // type as the name otherwise it will not be returned.
a8e92a7742f5a342600fad6421fd47602a2f6780Phill Cunnington && service.getSubConfig(authName) == null) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster orgAttrs = service.getAttributesWithoutDefaults();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster } else {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster service = service.getSubConfig(authName);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (service != null) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster orgAttrs = service.getAttributes();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster } catch (SSOException e) {
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major if (DEBUG.warningEnabled()) {
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major DEBUG.warning("Token doesn't have access to service: " +
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster token + " :: " + serviceName);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster } catch (SMSException e) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // normal exception for global service configuration.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // no need to log anything.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major if (DEBUG.messageEnabled()) {
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major DEBUG.message("global attrs = " + globalAttrs);
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major DEBUG.message("org attrs = ");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (orgAttrs != null) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster for (Iterator it=orgAttrs.entrySet().iterator(); it.hasNext();){
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster Map.Entry e = (Map.Entry) it.next();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if ((((String)e.getKey()).endsWith("passwd")) ||
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster (((String)e.getKey()).endsWith("Passwd")) ||
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster (((String)e.getKey()).endsWith("password")) ||
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster (((String)e.getKey()).endsWith("Password")) ||
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster (((String)e.getKey()).endsWith("secret"))) {
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major DEBUG.message(e.getKey() + ": " + "<BLOCKED>");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster else {
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major DEBUG.message(e.getKey() + ": " + e.getValue());
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if ((globalAttrs != null && ! globalAttrs.isEmpty()) ||
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster (orgAttrs != null && ! orgAttrs.isEmpty())) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster return new AMAuthenticationInstance(authName, type,service,schema);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster } else {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster return null;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster /**
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Returns the type of the authentication module instance with the
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * specified instance name.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster */
1cb968daf78963d139ff89a7b192e85314e82509James Phillpotts public String getAuthInstanceType(String authName) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String returnValue = null;
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major if (GLOBAL_MODULE_NAMES.contains(authName)) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster returnValue = authName;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster } else {
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major Map<String, Set<String>> moduleMap = MODULE_INSTANCE_TABLE.get(realm);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (moduleMap != null) {
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major for (String type : moduleMap.keySet()) {
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major Set<String> instanceNames = moduleMap.get(type);
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major if (instanceNames.contains(authName)) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster returnValue = type;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster break;
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster return returnValue;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster /**
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Returns a Set of all registered module instance names for a module type,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * including both the old instances from 6.3 DIT and the new instances
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * in 7.0.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster */
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major public Set<String> getModuleInstanceNames(String aModuleType) {
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major Set<String> instances = Collections.EMPTY_SET;
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major Map<String, Set<String>> moduleMap = MODULE_INSTANCE_TABLE.get(realm);
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major if (moduleMap != null || !GLOBAL_MODULE_NAMES.isEmpty()) {
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major instances = new HashSet<String>();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (moduleMap != null) {
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major for (String key : moduleMap.keySet()) {
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major if (key.equals(aModuleType)) {
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major instances.addAll(moduleMap.get(key));
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major if (DEBUG.messageEnabled()) {
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major DEBUG.message("Registered module names: " + instances);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster return instances;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster /**
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Returns a Set of all registered module instance names, including
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * both the old instances from 6.3 DIT and the new instances in 7.0.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster */
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major private Set<String> getRegisteredModuleNames() {
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major Set<String> instances = Collections.EMPTY_SET;
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major Map<String, Set<String>> moduleMap = MODULE_INSTANCE_TABLE.get(realm);
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major if (moduleMap != null || !GLOBAL_MODULE_NAMES.isEmpty()) {
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major instances = new HashSet<String>();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (moduleMap != null) {
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major for (String key : moduleMap.keySet()) {
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major instances.addAll(moduleMap.get(key));
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major if (!GLOBAL_MODULE_NAMES.isEmpty()){
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major instances.addAll(GLOBAL_MODULE_NAMES);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major if (DEBUG.messageEnabled()) {
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major DEBUG.message("Registered module names: " + instances);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster return instances;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster /**
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Returns a Set of module instance names that is allowed for this
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * organization.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Since this is only needed for 6.3 and earlier, for 7.0 it returns an
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * empty set.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @return a Set of String values for module instance names.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster */
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major public Set<String> getAllowedModuleNames() {
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major Set<String> retVal;
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major if (AuthUtils.getAuthRevisionNumber() >= ISAuthConstants.AUTHSERVICE_REVISION7_0) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster retVal = getRegisteredModuleNames();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster } else {
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major Map<String, Set<String>> attrMap = orgServiceConfig.getAttributes();
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major Set<String> defaultModuleNames = attrMap.get(ISAuthConstants.AUTH_ALLOWED_MODULES);
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major Set<String> returnSet = Collections.EMPTY_SET;
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major if (defaultModuleNames != null && !GLOBAL_MODULE_NAMES.isEmpty()) {
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major returnSet = new HashSet<String>();
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major returnSet.addAll(GLOBAL_MODULE_NAMES);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster returnSet.addAll(defaultModuleNames);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster retVal = returnSet;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (retVal != null) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster retVal.remove(ISAuthConstants.APPLICATION_MODULE);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster return retVal;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster /* return true if this module is from 6.3 DIT */
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster private boolean isInheritedAuthInstance(String name) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster Map attrMap = orgServiceConfig.getAttributes();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster Set defaultModuleNames = (Set)attrMap.get(
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster ISAuthConstants.AUTH_ALLOWED_MODULES);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (defaultModuleNames != null && defaultModuleNames.contains(name)) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster return true;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster return false;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster private ServiceConfig getOrgServiceConfig() {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster try {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster ServiceConfigManager scm = new ServiceConfigManager(
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster ISAuthConstants.AUTH_SERVICE_NAME, token);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster return scm.getOrganizationConfig(realm, null);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster } catch (Exception e) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String installTime = SystemProperties.get(
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster AdminTokenAction.AMADMIN_MODE);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if ((installTime != null) && installTime.equalsIgnoreCase("false")){
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major DEBUG.error("Service config for " + realm + " is null." +
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster e.getMessage());
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster return null;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster /**
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Returns the authentication module instances that are available to this
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * realm except the Application instance which is for internal use only.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster *
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @return A Set of <code>AMAuthenticationInstance</code> objects that are
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * available to this realm.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster */
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major public Set<AMAuthenticationInstance> getAuthenticationInstances() {
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major Set<AMAuthenticationInstance> instanceSet = Collections.EMPTY_SET;
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major Map<String, Set<String>> moduleMap = MODULE_INSTANCE_TABLE.get(realm);
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major if (moduleMap != null || !GLOBAL_MODULE_NAMES.isEmpty()) {
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major instanceSet = new HashSet<AMAuthenticationInstance>();
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major if (!GLOBAL_MODULE_NAMES.isEmpty()) {
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major for (String name : GLOBAL_MODULE_NAMES) {
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major if (name.equals(ISAuthConstants.APPLICATION_MODULE)) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster continue;
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major }
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major AMAuthenticationInstance instance = getAuthenticationInstance(name, name);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (instance != null) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster instanceSet.add(instance);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (moduleMap != null) {
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major for (String type : moduleMap.keySet()) {
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major Set<String> instanceNameSet = moduleMap.get(type);
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major for (String name : instanceNameSet) {
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major AMAuthenticationInstance instance = getAuthenticationInstance(name, type);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (instance != null) {
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major instanceSet.add(instance);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster return instanceSet;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster /**
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Creates an <code>AMAuthenticationInstance</code> instance with the
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * specified parameters.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster *
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param name Name of the authentication module instance.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param type Type of the authentication module instance.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param attributes A Map of parameters for this module instance.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @return <code>AMAuthenticationInstance</code> object is newly created.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @throws AMConfigurationException if error occurred during the
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * authentication creation.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster */
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public AMAuthenticationInstance createAuthenticationInstance(
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String name,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String type,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster Map attributes
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster ) throws AMConfigurationException {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (name.indexOf(' ') != -1) {
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major throw new AMConfigurationException(BUNDLE_NAME,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster "invalidAuthenticationInstanceName", null);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster Set moduleTypes = getAuthenticationTypes();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (!moduleTypes.contains(type)) {
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major throw new AMConfigurationException(BUNDLE_NAME, "wrongType",
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster new Object[]{type} );
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster AMAuthenticationInstance instance = getAuthenticationInstance(name);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (instance != null) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (instance.getServiceConfig() != null) {
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major throw new AMConfigurationException(BUNDLE_NAME,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster "authInstanceExist", new Object[]{name});
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster } else {
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major throw new AMConfigurationException(BUNDLE_NAME,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster "authInstanceIsGlobal", new Object[]{name});
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String serviceName = getServiceName(type);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster ServiceSchema schema = null;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster try {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster ServiceSchemaManager ssm =
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster new ServiceSchemaManager(serviceName, token);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster schema = ssm.getSchema(SchemaType.GLOBAL);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster } catch (SSOException e) {
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major if (DEBUG.warningEnabled()) {
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major DEBUG.warning("Token doesn't have access to service: " +
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster token + " -> " + serviceName);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster } catch (SMSException e) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // normal exception for service without global configuration.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // no need to log anything.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster try {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster OrganizationConfigManager ocm = new OrganizationConfigManager(
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster token, realm);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // Check if service is assigned
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (!ocm.getAssignedServices().contains(serviceName)) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster ocm.assignService(serviceName, null);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster ServiceConfig orgConfig = ocm.getServiceConfig(serviceName);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (orgConfig == null) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster orgConfig = ocm.addServiceConfig(serviceName, null);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster ServiceConfig subConfig = orgConfig;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (!name.equals(type)) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster orgConfig.addSubConfig(name, ISAuthConstants.SERVER_SUBSCHEMA,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster 0, attributes);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster subConfig = orgConfig.getSubConfig(name);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster } else {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // if the module instance name equals to its type, set the
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // the attributes in its organization config, not sub config.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster subConfig.setAttributes(attributes);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major //In case of server mode AMAuthLevelManager will update AMAuthenticationManager about the change, and
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major //there is no need to reinitialize the configuration twice. In client mode it is less likely that
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major //AMAuthLevelManager listeners are in place, so let's reinitialize to be on the safe side.
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major if (!SystemProperties.isServerMode()) {
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major buildModuleInstanceForService(realm, serviceName);
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster return new AMAuthenticationInstance(name, type, subConfig, schema);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster } catch (Exception e) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster throw new AMConfigurationException(e);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster /**
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Deletes a specified authentication module instance.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param name Name of the authentication module instance going to be
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * deleted.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @throws AMConfigurationException if it fails to delete the
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * authentication instance.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster */
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public void deleteAuthenticationInstance(String name)
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster throws AMConfigurationException {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster AMAuthenticationInstance instance = getAuthenticationInstance(name);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (instance == null) {
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major throw new AMConfigurationException(BUNDLE_NAME,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster "authInstanceNotExist", new Object[] {name});
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (isModuleInstanceInUse(name)) {
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major throw new AMConfigurationException(BUNDLE_NAME,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster "authInstanceInUse", new Object[]{name});
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String type = getAuthInstanceType(name);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster ServiceConfig serviceConfig = instance.getServiceConfig();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (serviceConfig == null) {
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major throw new AMConfigurationException(BUNDLE_NAME,
4feaf0dfdbd264b8e1136c57c44123da3ba5a365Kohei Tamura "authInstanceIsGlobal", new Object[] {type});
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster try {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (name.equals(type)) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // no subconfig
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster Map attrs = serviceConfig.getAttributesWithoutDefaults();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (attrs != null) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster serviceConfig.removeAttributes(attrs.keySet());
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster } else {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // remove sub config
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String serviceName = serviceConfig.getServiceName();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster ServiceConfigManager scm = new ServiceConfigManager(
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster serviceName, token);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster ServiceConfig orgConfig = scm.getOrganizationConfig(realm,null);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster orgConfig.removeSubConfig(name);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (isInheritedAuthInstance(name)) {
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major Set<String> moduleNames = new HashSet<String>();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster moduleNames.add(name);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster orgServiceConfig.removeAttributeValues(
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster ISAuthConstants.AUTH_ALLOWED_MODULES, moduleNames);
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major }
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major //In case of server mode AMAuthLevelManager will update AMAuthenticationManager about the change, and
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major //there is no need to reinitialize the configuration twice. In client mode it is less likely that
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major //AMAuthLevelManager listeners are in place, so let's reinitialize to be on the safe side.
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major if (!SystemProperties.isServerMode()) {
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major buildModuleInstanceForService(realm, serviceConfig.getServiceName());
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster } catch (Exception e) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster throw new AMConfigurationException(e);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster /**
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Returns <code>true</code> if this authentication module instance editable
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * by this user and/or in this realm.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster *
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param instance The authentication module instance.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @return <code>true</code> if editable.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster */
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public boolean isEditable(AMAuthenticationInstance instance) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster return true;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster private static String getServiceName(String module) {
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major return MODULE_SERVICE_NAMES.get(module);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster /**
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Returns <code>true</code> if the module instance with the specified
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * name is being used by any named configurations or not.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster *
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param moduleInstance Name of the module instance.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @return <code>true</code> if the module instance in use.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster */
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster private boolean isModuleInstanceInUse(String moduleInstance) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster Set services = Collections.EMPTY_SET;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster boolean returnValue = false;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster try {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster ServiceConfigManager scm = new ServiceConfigManager(
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster ISAuthConstants.AUTHCONFIG_SERVICE_NAME, token);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster ServiceConfig oConfig = scm.getOrganizationConfig(realm, null);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (oConfig != null) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster ServiceConfig namedConfig =
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster oConfig.getSubConfig("Configurations");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (namedConfig != null) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster services = namedConfig.getSubConfigNames("*");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster } catch (Exception e) {
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major if (DEBUG.messageEnabled()) {
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major DEBUG.message("Failed to get named sub configurations.");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster for (Iterator it = services.iterator(); it.hasNext(); ) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String service = (String)it.next();
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major if (DEBUG.messageEnabled()) {
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major DEBUG.message("Checking " + service + " ...");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (serviceContains(service, moduleInstance)) {
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major if (DEBUG.messageEnabled()) {
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major DEBUG.message(moduleInstance + " is used in " + service);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster returnValue = true;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster break;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster return returnValue;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster /**
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Checks if the module instance name appears in the named configuration
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * definition.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param serviceName String value for the name of the named configuration.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param moduleInstance String value for the name of the module instance.
98519db6bb79987d312dc3a552f53793e440923dKohei Tamura * @return <code>true</code> if the module instance is in the service.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster */
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster private boolean serviceContains(String serviceName, String moduleInstance) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster boolean returnValue = false;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster Map dataMap = null;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (serviceName != null) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster try {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster dataMap = AMAuthConfigUtils.getNamedConfig(serviceName,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster realm, this.token);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster } catch (Exception e) {
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major if (DEBUG.messageEnabled()) {
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major DEBUG.message("Failed to get named sub config attrs.");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (dataMap != null) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster Set xmlConfigValues = (Set)dataMap.get(AMAuthConfigUtils.ATTR_NAME);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (xmlConfigValues != null && !xmlConfigValues.isEmpty()) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String xmlConfig = (String)xmlConfigValues.iterator().next();
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major if (DEBUG.messageEnabled()) {
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major DEBUG.message("service config for " + serviceName + " = "
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster + xmlConfig);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (xmlConfig != null && xmlConfig.length() != 0) {
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major Document doc = XMLUtils.toDOMDocument(xmlConfig, DEBUG);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (doc != null) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster Element vPair = doc.getDocumentElement();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster Set values = XMLUtils.getAttributeValuePair(vPair);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster for (Iterator it=values.iterator(); it.hasNext(); ) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String value = (String)it.next();
98519db6bb79987d312dc3a552f53793e440923dKohei Tamura String[] moduleInfo = value.split(" ");
98519db6bb79987d312dc3a552f53793e440923dKohei Tamura if (moduleInfo.length > 0 && moduleInfo[0].equals(moduleInstance)) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster returnValue = true;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster break;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster return returnValue;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major private static SSOToken getAdminToken() {
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major return AccessController.doPrivileged(AdminTokenAction.getInstance());
d9dd367df24f6b71b7291d7bb62655492b78ba48Peter Major }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster}