8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Copyright (c) 2005 Sun Microsystems Inc. All Rights Reserved
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * The contents of this file are subject to the terms
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * of the Common Development and Distribution License
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * (the License). You may not use this file except in
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * compliance with the License.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * You can obtain a copy of the License at
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * https://opensso.dev.java.net/public/CDDLv1.0.html or
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * See the License for the specific language governing
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * permission and limitations under the License.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * When distributing Covered Code, include this CDDL
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Header Notice in each file and include the License file
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * If applicable, add the following below the CDDL Header,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * with the fields enclosed by brackets [] replaced by
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * your own identifying information:
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * "Portions Copyrighted [year] [name of copyright owner]"
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * $Id: AMConfiguration.java,v 1.9 2009/12/23 20:03:04 mrudul_uchil Exp $
a4544a5a0e622ef69e38641f87ab1b5685e05911Phill Cunnington * Portions Copyrighted 2015 ForgeRock AS.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport com.sun.identity.authentication.service.AuthD;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport com.sun.identity.authentication.service.AuthUtils;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport com.sun.identity.authentication.util.ISAuthConstants;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport com.sun.identity.sm.ServiceConfigManager;
841c74db7cd13c0bb1805982c6b622d81b8ec5cbJames Phillpottsimport org.forgerock.openam.utils.CollectionUtils;
841c74db7cd13c0bb1805982c6b622d81b8ec5cbJames Phillpottsimport java.util.concurrent.ConcurrentHashMap;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport javax.security.auth.login.AppConfigurationEntry;
8d3140b524c0e28c0a49dc7c7d481123ef3cfe11Chris Lee * OpenAM JAAS Configuration implementation.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterpublic class AMConfiguration extends Configuration {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Holds all JAAS configuration, maps configuration name (String) to
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * array of <code>AppConfigurationEntry</code>.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * TODO : make this a bounded map
841c74db7cd13c0bb1805982c6b622d81b8ec5cbJames Phillpotts private static final Map<String, AppConfigurationEntry[]> jaasConfig =
841c74db7cd13c0bb1805982c6b622d81b8ec5cbJames Phillpotts Collections.synchronizedMap(new HashMap<String, AppConfigurationEntry[]>());
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Map to hold listeners for a configuration, maps configuration name
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * to a set of Listener object. this is used to remove listeners
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * when config entry is removed from <code>jaasConfig</code>
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * TODO : make this a bounded map.
841c74db7cd13c0bb1805982c6b622d81b8ec5cbJames Phillpotts private static final Map<String, Set<Object>> listenersMap = new ConcurrentHashMap<String, Set<Object>>();
96b66a10984046afc14b24402275abec1f494977James Phillpotts final ConfigFile configFile = new ConfigFile();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster private static Debug debug = Debug.getInstance("amAuthConfig");
841c74db7cd13c0bb1805982c6b622d81b8ec5cbJames Phillpotts private static volatile ServiceConfigManager scm = null;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Constructor.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param config base authentication configuration.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster SSOToken adminToken = AuthD.getAuth().getSSOAuthSession();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Initialize JAAS configuration.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster debug.message("inside AMConfiguration.initialize()");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // initialize config map, this could also be called to
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // refresh the config map
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * There is a problem here in JAAS or our framework,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * AppConfigurationEntry[] could not be reused, Auth will hang.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * This method is used to create a clone copy of given config entry.
841c74db7cd13c0bb1805982c6b622d81b8ec5cbJames Phillpotts private AppConfigurationEntry[] cloneConfigurationEntry(AppConfigurationEntry[] entries, String orgDN,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster debug.message("AMConfiguration.cloneConfigurationEntry, orgDN=" +
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // clone the entry
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // get supported modules for this org
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (AuthD.revisionNumber < ISAuthConstants.AUTHSERVICE_REVISION7_0) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster supportedModules = amAM.getAllowedModuleNames();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster synchronized (entries) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (AuthD.revisionNumber<ISAuthConstants.AUTHSERVICE_REVISION7_0
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster && !tmp.equals(ISAuthConstants.APPLICATION_MODULE)
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // convert list to AppConfigurationEntry[]
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster AppConfigurationEntry[] clone = new AppConfigurationEntry[len];
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster clone[i] = (AppConfigurationEntry) list.get(i);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Returns organization DN from the authentication configuration name.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param configName Configuration Name.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @return organization DN.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster private String getOrganization(String configName) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster return (new AMAuthConfigType(configName)).getOrganization();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Creates new configuration entry based on the configuration name
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param name Configuration name
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @return Array of <code>AppConfigurationEntry</code> for the
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * configuration name.
841c74db7cd13c0bb1805982c6b622d81b8ec5cbJames Phillpotts private AppConfigurationEntry[] newConfiguration(String name, AMAuthenticationManager amAM) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // parse the config name
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster AMAuthConfigType type = new AMAuthConfigType(name);
841c74db7cd13c0bb1805982c6b622d81b8ec5cbJames Phillpotts entries = getUserBasedConfig(type.getOrganization(), type.getIndexName(), name, amAM);
841c74db7cd13c0bb1805982c6b622d81b8ec5cbJames Phillpotts entries = getOrgBasedConfig(type.getOrganization(), name, false, amAM);
841c74db7cd13c0bb1805982c6b622d81b8ec5cbJames Phillpotts entries = getRoleBasedConfig(type.getOrganization(), type.getIndexName(), name, amAM);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (type.getIndexName().equals(ISAuthConstants.
841c74db7cd13c0bb1805982c6b622d81b8ec5cbJames Phillpotts entries = getOrgBasedConfig(type.getOrganization(), name, true, amAM);
841c74db7cd13c0bb1805982c6b622d81b8ec5cbJames Phillpotts entries = getServiceBasedConfig(type.getOrganization(), type.getIndexName(), name, amAM);
841c74db7cd13c0bb1805982c6b622d81b8ec5cbJames Phillpotts entries = getModuleBasedConfig(type.getOrganization(), type.getIndexName(), name, amAM);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster debug.message("Unable to find config " + name +
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster " in OpenSSO config");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // check the default configuration
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster debug.message("Getting default configuration.");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster entries = defConfig.getAppConfigurationEntry(name);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster debug.message("Getting configuration from confFile.");
96b66a10984046afc14b24402275abec1f494977James Phillpotts entries = ConfigFileHolder.INSTANCE.configFile.getAppConfigurationEntry(name);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster debug.error("newConfiguration, invalid config " +name);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // could be sso, sdk or sm exception
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // configuration not defined
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster debug.message("newConfig, config not defined " + name);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // add the configuration to the jaas config map
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster synchronized (jaasConfig) {
841c74db7cd13c0bb1805982c6b622d81b8ec5cbJames Phillpotts return cloneConfigurationEntry(entries, type.getOrganization(), amAM);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Returns SM service name based on complete class name.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param name Java Class name for the login module
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @return Service name for the login module e.g.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * <code>iPlanetAMAuthLDAPService</code>.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster private String getServiceNameForModule(String name) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // there should be definition for mapping between class name
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // and service name, one optioion is to add the mapping in
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // iplanet-am-auth-authenticators (amAuth.xml)
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // for now just return using existing naming comvention
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // first get the module name based on the class name
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // no dot in class name
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster return AuthUtils.getModuleServiceName(moduleName);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Returns Login Module class name, this method should be provided
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * by <code>AuthenticatorManager</code>.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param module Login Module name, e.g. LDAP
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @return String class name for the module, e.g.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * <code>com.sun.identity.authentication.modules.ldap.LDAP</code>.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster private String getLoginModuleClassName(String module) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster return AuthD.getAuth().getAuthenticatorForName(module);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Returns organization based authentication configuration. This method
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * will read the authenticatin configuration XML from the organization,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * parse the XML to return the <code>AppConfigurationEntry[]</code>.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param orgDN Organization DN.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param name Authentication configuration name.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param isConsole <code>true</code> if this is for console service.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @return Array of <code>AppConfigurationEntry</code>.
841c74db7cd13c0bb1805982c6b622d81b8ec5cbJames Phillpotts private AppConfigurationEntry[] getOrgBasedConfig(String orgDN, String name, boolean isConsole,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster debug.message("getOrgBasedConfig, START " + orgDN);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster synchronized(jaasConfig) {
841c74db7cd13c0bb1805982c6b622d81b8ec5cbJames Phillpotts ISAuthConstants.AUTH_SERVICE_NAME, getAdminToken());
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster ServiceConfig service = scm.getOrganizationConfig(orgDN, null);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster configValues = (Set)attrs.get(ISAuthConstants.AUTHCONFIG_ADMIN);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster configValues = (Set)attrs.get(ISAuthConstants.AUTHCONFIG_ORG);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster configName = (String)configValues.iterator().next();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster debug.message("org auth config = " + configName);
841c74db7cd13c0bb1805982c6b622d81b8ec5cbJames Phillpotts AppConfigurationEntry[] ret = parseInstanceConfiguration(orgDN, configName, name, amAM);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster addServiceListener("iPlanetAMAuthService", name);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // got exception, return null config
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster debug.error("getOrgBasedConfig org=" + orgDN, e);
841c74db7cd13c0bb1805982c6b622d81b8ec5cbJames Phillpotts private AppConfigurationEntry[] parseInstanceConfiguration(String orgDN, String config, String name,
841c74db7cd13c0bb1805982c6b622d81b8ec5cbJames Phillpotts AMAuthenticationManager amAM) throws SMSException, SSOException {
841c74db7cd13c0bb1805982c6b622d81b8ec5cbJames Phillpotts entries = parseXMLConfig(configName, name, amAM);
841c74db7cd13c0bb1805982c6b622d81b8ec5cbJames Phillpotts if (entries == null || entries.length == 0) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster debug.message("New DIT with named service config");
841c74db7cd13c0bb1805982c6b622d81b8ec5cbJames Phillpotts entries = getServiceBasedConfig(orgDN, configName, name, amAM);
841c74db7cd13c0bb1805982c6b622d81b8ec5cbJames Phillpotts private AppConfigurationEntry[] parseXMLConfig(String xmlConfig, String name, AMAuthenticationManager amAM)
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // parse the auth configuration
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // App config entry to return
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster AppConfigurationEntry[] ret= new AppConfigurationEntry[len];
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // iterate through each config entry, read corresponding
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // module parameters for the organization
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String className = entries[i].getLoginModuleName();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // retrieve all attributes
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (dot == -1) { // className is only an instance name here.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // add those user defined options.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // NOTE : user defined options are key/String value
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // but our attributes are key/Set of String value
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster attribs.put(ISAuthConstants.MODULE_INSTANCE_NAME, moduleName);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // construct AppConfigurationEntry
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // add listener for this Login module
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster addServiceListener(AuthUtils.getModuleServiceName(
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Returns user based authentication configuration. This method will read
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * the authentication configuration XML for the user, parse the XML to
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * return the <code>AppConfigurationEntry[]</code>.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param orgDN Organization DN.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param universalId User Universal ID.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param name Authentication configuration name.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @return Array of <code>AppConfigurationEntry</code>.
841c74db7cd13c0bb1805982c6b622d81b8ec5cbJames Phillpotts private AppConfigurationEntry[] getUserBasedConfig(String orgDN, String universalId, String name,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster "getUserBasedConfig, START " + orgDN + "|" + universalId);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster AMIdentity identity = IdUtils.getIdentity(getAdminToken(),universalId);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if ((configNames == null)||(configNames.isEmpty())) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String configName = (String)configNames.iterator().next();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster "Named config for user " + universalId + " = " +
841c74db7cd13c0bb1805982c6b622d81b8ec5cbJames Phillpotts parseInstanceConfiguration(orgDN, configName, name, amAM);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // TODO add user listener for
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // user does not exists, return null config
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster "User Based Config, user not exist " + universalId);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // got exception, return null config
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster debug.error("getUserBasedConfig " + universalId + "|" + orgDN, e);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Returns service based authentication configuration. This method will
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * read the authentication configuration XML for the service, parse the
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * XML to return the <code>AppConfigurationEntry[]</code>.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param orgDN Organization DN.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param service Service name.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param name Authentication configuration name.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @return Array of <code>AppConfigurationEntry</code>.
841c74db7cd13c0bb1805982c6b622d81b8ec5cbJames Phillpotts private AppConfigurationEntry[] getServiceBasedConfig(String orgDN, String service, String name,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster debug.message("ServiceBasedConfig, START " + orgDN +"|"+ service+
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster Map attributeDataMap = AMAuthConfigUtils.getNamedConfig(
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster Set xmlConfigValue = (Set) attributeDataMap.get(
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (xmlConfigValue != null && !xmlConfigValue.isEmpty()) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster xmlConfig = (String) xmlConfigValue.iterator().next();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // service auth config not defined
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // retrieve organization auth config (??)
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster //return getOrgBasedConfig(orgDN);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // return null now for security concern
841c74db7cd13c0bb1805982c6b622d81b8ec5cbJames Phillpotts AppConfigurationEntry[] ret= parseXMLConfig(xmlConfig, name, amAM);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster debug.message("serviceBased, add SM listener on " +service);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster addServiceListener("iPlanetAMAuthConfiguration", name);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster debug.message("ServiceBasedConfig, return config " + service +
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // got exception, return null config
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster debug.error("getServiceBasedConfig " + service + "|" + orgDN, e);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Processes role based authentication configuration. This method will
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * read the auth config xml string for the role, parse the XML string to
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * return the <code>AppConfigurationEntry[]</code>.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param orgDN Organization DN.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param roleUniversalId Universal Id of Role.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param name Auth config name.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @return Array of <code>AppConfigurationEntry</code>.
841c74db7cd13c0bb1805982c6b622d81b8ec5cbJames Phillpotts private AppConfigurationEntry[] getRoleBasedConfig(String orgDN, String roleUniversalId, String name,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster "RoleBasedConfig, START " + orgDN +"|"+ roleUniversalId);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster IdUtils.getIdentity(getAdminToken(),roleUniversalId);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster Set configNames = (Set)identity.getServiceAttributes(
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String configName = (String)configNames.iterator().next();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster "Named config for role " + roleUniversalId + " = " +
841c74db7cd13c0bb1805982c6b622d81b8ec5cbJames Phillpotts AppConfigurationEntry[] ret = parseInstanceConfiguration(orgDN, configName, name, amAM);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster //TODO add listener for role
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // role does not exists, return null config
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster "RoleBaseConfig, role not exist " + roleUniversalId);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // got exception, return null config
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster "getRoleBasedConfig " + orgDN + "|" + roleUniversalId, e);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Returns module based authentication configuration.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * This method will read the auth config xml string for the module
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * defined in the specified organization,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * parse the xml string to return the AppConfigurationEntry[].
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param orgDN Organization DN.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param module auth module name.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param name Authentication configuration name.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @return module based authentication configuration.
841c74db7cd13c0bb1805982c6b622d81b8ec5cbJames Phillpotts private AppConfigurationEntry[] getModuleBasedConfig(String orgDN, String module, String name,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster debug.message("ModuleBasedConfig, START " + orgDN +"|"+ module +
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster attribs.put(ISAuthConstants.MODULE_INSTANCE_NAME, module);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // construct AppConfigurationEntry
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster AppConfigurationEntry[] ret = new AppConfigurationEntry[1];
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster ret[0] = new AppConfigurationEntry(getLoginModuleClassName(type),
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, attribs);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // add SM ServiceListener on module
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster addServiceListener(AuthUtils.getModuleServiceName(type), name);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster debug.message("ModuleBaseConfig, return config " + module +
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // got exception, return null config
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster debug.error("getModuleBasedConfig " + orgDN + "|" + module, e);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Retrieve an array of <code>AppConfigurationEntries</code> which
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * corresponds to the configuration of <code>LoginModules</code> for this
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * application.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param configName Configuration name used to index the Configuration.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @return Array of <code>AppConfigurationEntries</code> which
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * corresponds to the configuration of <code>LoginModules</code>
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * for this application, or null if this application has no
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * configured <code>LoginModules</code>.
841c74db7cd13c0bb1805982c6b622d81b8ec5cbJames Phillpotts public AppConfigurationEntry[] getAppConfigurationEntry(String configName) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // this function will read corresponding auth configuration for the
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // specified configName, and retrieve corresponding module instance
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // attributes for the module instance defined in the options field of
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // the auth configuration, and return those attributes in the
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster //getOptions() call of the AppConfigurationEntry instance.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster debug.message("retrieving configuration: " + configName);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster AMAuthConfigType type = new AMAuthConfigType(configName);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster amAM = new AMAuthenticationManager(getAdminToken(), orgDN);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster debug.error("Failed to obtain AMAuthenticationManager: " +
841c74db7cd13c0bb1805982c6b622d81b8ec5cbJames Phillpotts AppConfigurationEntry[] entry = jaasConfig.get(configName);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // already exists in the map
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster debug.message("getAppConfigurationEntry[], found "+configName);
841c74db7cd13c0bb1805982c6b622d81b8ec5cbJames Phillpotts return cloneConfigurationEntry(entry, getOrganization(configName), amAM);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // new configuration
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster debug.message("getAppConfigurationEntry[], new " + configName);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Refreshes and reloads the Configuration.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Processes listener event, this method will remove configuration from
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * the configuration cache, also remove the listener from the listened
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * object, such as <code>AMUser</code>, <code>AMRole</code>, or SM Service.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param name Configuration name.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public void processListenerEvent(String name) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster synchronized (jaasConfig) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // TODO IdRepo does not have listener support yet.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster //removeListenersMap(name);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Removes listeners from the listened object.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param name Configuration name.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster synchronized (listenersMap) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster debug.message("remove, no listeners for " + name);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster AMSDKEventListener l = (AMSDKEventListener) it.next();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster debug.message("remove SDK listener on " + name +
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // remove SDK listener for User/Role
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // clear listened object
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // remove entry from listeners map
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // remove this auth config entry from all the listened services
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster AMAuthLevelManager.getInstance().removeAuthConfigListener(name);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Adds Service listener for a service.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param service Service name, e.g. <code>iPlanetAMAuthLDAPService</code>.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param name Authentication config name.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @throws SMSException
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @throws SSOException
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster private void addServiceListener(String service, String name)
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster debug.message("addServiceListener for " + service+", name=" + name);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster AMAuthLevelManager.getInstance().addAuthConfigListener(service, name);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Adds listener to listeners Map.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param name Configuration name.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param listener Listener object.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public void addToListenersMap(String name, Object listener) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // put into the sdk listener map
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster synchronized (listenersMap) {