/*
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
*
* Copyright (c) 2005 Sun Microsystems Inc. All Rights Reserved
*
* The contents of this file are subject to the terms
* of the Common Development and Distribution License
* (the License). You may not use this file except in
* compliance with the License.
*
* You can obtain a copy of the License at
* See the License for the specific language governing
* permission and limitations under the License.
*
* When distributing Covered Code, include this CDDL
* Header Notice in each file and include the License file
* at opensso/legal/CDDLv1.0.txt.
* If applicable, add the following below the CDDL Header,
* with the fields enclosed by brackets [] replaced by
* your own identifying information:
* "Portions Copyrighted [year] [name of copyright owner]"
*
* $Id: AMConfiguration.java,v 1.9 2009/12/23 20:03:04 mrudul_uchil Exp $
*
* Portions Copyrighted 2015 ForgeRock AS.
*/
/**
* OpenAM JAAS Configuration implementation.
*/
/**
* Holds all JAAS configuration, maps configuration name (String) to
* array of <code>AppConfigurationEntry</code>.
* TODO : make this a bounded map
*/
/**
* Map to hold listeners for a configuration, maps configuration name
* to a set of Listener object. this is used to remove listeners
* when config entry is removed from <code>jaasConfig</code>
* TODO : make this a bounded map.
*/
private static final Map<String, Set<Object>> listenersMap = new ConcurrentHashMap<String, Set<Object>>();
private static enum ConfigFileHolder {
}
/**
* Constructor.
* @param config base authentication configuration.
*/
}
return adminToken;
}
/**
* Initialize JAAS configuration.
*/
private void initialize() {
// initialize config map, this could also be called to
// refresh the config map
jaasConfig.clear();
}
/**
* There is a problem here in JAAS or our framework,
* AppConfigurationEntry[] could not be reused, Auth will hang.
* This method is used to create a clone copy of given config entry.
*/
private AppConfigurationEntry[] cloneConfigurationEntry(AppConfigurationEntry[] entries, String orgDN,
if (debug.messageEnabled()) {
}
// clone the entry
// get supported modules for this org
if (supportedModules.isEmpty()) {
return null;
}
}
synchronized (entries) {
for (int i = 0; i < len; i++) {
&& !supportedModules.contains(
if (debug.messageEnabled()) {
}
continue;
}
entries[i].getLoginModuleName(),
entries[i].getControlFlag(),
entries[i].getOptions()));
}
}
if (len == 0) {
return null;
}
// convert list to AppConfigurationEntry[]
for (int i = 0; i < len; i++) {
}
return clone;
}
/**
* Returns organization DN from the authentication configuration name.
*
* @param configName Configuration Name.
* @return organization DN.
*/
}
/**
* Creates new configuration entry based on the configuration name
*
* @param name Configuration name
* @return Array of <code>AppConfigurationEntry</code> for the
* configuration name.
*/
if (debug.messageEnabled()) {
}
// parse the config name
try {
switch (type.getIndexType()) {
case AMAuthConfigType.USER :
break;
case AMAuthConfigType.ORGANIZATION:
break;
case AMAuthConfigType.ROLE :
break;
case AMAuthConfigType.SERVICE :
CONSOLE_SERVICE)) {
} else {
}
break;
case AMAuthConfigType.MODULE :
break;
default :
if (debug.messageEnabled()) {
" in OpenSSO config");
}
// check the default configuration
}
}
}
return entries;
}
} catch (Exception e) {
// could be sso, sdk or sm exception
}
// configuration not defined
if (debug.messageEnabled()) {
}
return null;
}
// add the configuration to the jaas config map
synchronized (jaasConfig) {
}
}
/**
* Returns SM service name based on complete class name.
*
* @param name Java Class name for the login module
* @return Service name for the login module e.g.
* <code>iPlanetAMAuthLDAPService</code>.
*/
// there should be definition for mapping between class name
// and service name, one optioion is to add the mapping in
// iplanet-am-auth-authenticators (amAuth.xml)
// for now just return using existing naming comvention
// first get the module name based on the class name
if (dot != -1) {
} else {
// no dot in class name
moduleName = name;
}
}
/**
* Returns Login Module class name, this method should be provided
* by <code>AuthenticatorManager</code>.
*
* @param module Login Module name, e.g. LDAP
* @return String class name for the module, e.g.
* <code>com.sun.identity.authentication.modules.ldap.LDAP</code>.
*/
}
/**
* Returns organization based authentication configuration. This method
* will read the authenticatin configuration XML from the organization,
* parse the XML to return the <code>AppConfigurationEntry[]</code>.
*
* @param orgDN Organization DN.
* @param name Authentication configuration name.
* @param isConsole <code>true</code> if this is for console service.
* @return Array of <code>AppConfigurationEntry</code>.
*/
if (debug.messageEnabled()) {
}
try {
synchronized(jaasConfig) {
scm = new ServiceConfigManager(
}
}
}
if (isConsole) {
} else {
}
if (configValues != null) {
}
if (debug.messageEnabled()) {
}
return ret;
} catch (Exception e) {
// got exception, return null config
return null;
}
}
private AppConfigurationEntry[] parseInstanceConfiguration(String orgDN, String config, String name,
return null;
}
if (debug.messageEnabled()) {
}
}
if (debug.messageEnabled()) {
}
}
return entries;
}
private AppConfigurationEntry[] parseXMLConfig(String xmlConfig, String name, AMAuthenticationManager amAM)
throws SMSException, SSOException {
// parse the auth configuration
return null;
}
// App config entry to return
// iterate through each config entry, read corresponding
// module parameters for the organization
for (int i = 0; i < len; i++) {
if (dot != -1) {
}
return null;
}
// retrieve all attributes
return null;
}
}
// add those user defined options.
// construct AppConfigurationEntry
// add listener for this Login module
}
return ret;
}
/**
* Returns user based authentication configuration. This method will read
* the authentication configuration XML for the user, parse the XML to
* return the <code>AppConfigurationEntry[]</code>.
*
* @param orgDN Organization DN.
* @param universalId User Universal ID.
* @param name Authentication configuration name.
* @return Array of <code>AppConfigurationEntry</code>.
*/
if (debug.messageEnabled()) {
}
try {
return null;
}
if (debug.messageEnabled()) {
}
// TODO add user listener for
return ret;
} else {
// user does not exists, return null config
if (debug.warningEnabled()) {
"User Based Config, user not exist " + universalId);
}
return null;
}
} catch (Exception e) {
// got exception, return null config
return null;
}
}
/**
* Returns service based authentication configuration. This method will
* read the authentication configuration XML for the service, parse the
* XML to return the <code>AppConfigurationEntry[]</code>.
*
* @param orgDN Organization DN.
* @param service Service name.
* @param name Authentication configuration name.
* @return Array of <code>AppConfigurationEntry</code>.
*/
if (debug.messageEnabled()) {
", name = " + name);
}
return null;
}
try {
}
// service auth config not defined
// retrieve organization auth config (??)
//return getOrgBasedConfig(orgDN);
// return null now for security concern
return null;
}
if (debug.messageEnabled()) {
}
if (debug.messageEnabled()) {
", org=" + orgDN);
}
return ret;
} catch (Exception e) {
// got exception, return null config
return null;
}
}
/**
* Processes role based authentication configuration. This method will
* read the auth config xml string for the role, parse the XML string to
* return the <code>AppConfigurationEntry[]</code>.
*
* @param orgDN Organization DN.
* @param roleUniversalId Universal Id of Role.
* @param name Auth config name.
* @return Array of <code>AppConfigurationEntry</code>.
*/
private AppConfigurationEntry[] getRoleBasedConfig(String orgDN, String roleUniversalId, String name,
if (debug.messageEnabled()) {
}
try {
if (configNames == null) {
return null;
}
if (debug.messageEnabled()) {
}
//TODO add listener for role
return ret;
} else {
// role does not exists, return null config
if (debug.warningEnabled()) {
"RoleBaseConfig, role not exist " + roleUniversalId);
}
return null;
}
} catch (Exception e) {
// got exception, return null config
return null;
}
}
/**
* Returns module based authentication configuration.
* This method will read the auth config xml string for the module
* defined in the specified organization,
* parse the xml string to return the AppConfigurationEntry[].
*
* @param orgDN Organization DN.
* @param module auth module name.
* @param name Authentication configuration name.
* @return module based authentication configuration.
*/
if (debug.messageEnabled()) {
", name = " + name);
}
try {
return null;
}
// construct AppConfigurationEntry
// add SM ServiceListener on module
if (debug.messageEnabled()) {
", " + orgDN);
}
return ret;
} catch (Exception e) {
// got exception, return null config
return null;
}
}
/**
* Retrieve an array of <code>AppConfigurationEntries</code> which
* corresponds to the configuration of <code>LoginModules</code> for this
* application.
*
* @param configName Configuration name used to index the Configuration.
* @return Array of <code>AppConfigurationEntries</code> which
* corresponds to the configuration of <code>LoginModules</code>
* for this application, or null if this application has no
* configured <code>LoginModules</code>.
*/
// this function will read corresponding auth configuration for the
// specified configName, and retrieve corresponding module instance
// attributes for the module instance defined in the options field of
// the auth configuration, and return those attributes in the
//getOptions() call of the AppConfigurationEntry instance.
if (debug.messageEnabled()) {
}
if (configName == null) {
return null;
}
try {
} catch (Exception e) {
e.getMessage());
if (debug.messageEnabled()) {
}
return null;
}
// already exists in the map
if (debug.messageEnabled()) {
}
} else {
// new configuration
if (debug.messageEnabled()) {
}
}
}
/**
* Refreshes and reloads the Configuration.
*/
public void refresh() {
this.initialize();
}
/**
* Processes listener event, this method will remove configuration from
* the configuration cache, also remove the listener from the listened
* object, such as <code>AMUser</code>, <code>AMRole</code>, or SM Service.
*
* @param name Configuration name.
*/
synchronized (jaasConfig) {
if (debug.messageEnabled()) {
}
}
// TODO IdRepo does not have listener support yet.
//removeListenersMap(name);
}
/**
* Removes listeners from the listened object.
*
* @param name Configuration name.
*/
synchronized (listenersMap) {
if (debug.messageEnabled()) {
}
return;
} else {
if (debug.messageEnabled()) {
}
l.getListenedObject().removeEventListener(l);
// clear listened object
} // while
// remove entry from listeners map
} //else
}
// remove this auth config entry from all the listened services
}
/**
* Adds Service listener for a service.
*
* @param service Service name, e.g. <code>iPlanetAMAuthLDAPService</code>.
* @param name Authentication config name.
* @throws SMSException
* @throws SSOException
*/
throws SMSException, SSOException {
if (debug.messageEnabled()) {
}
}
/**
* Adds listener to listeners Map.
*
* @param name Configuration name.
* @param listener Listener object.
*/
// put into the sdk listener map
synchronized (listenersMap) {
} else {
}
}
}
}