ConfigMonitoring.java revision fb3b3a01405c222ae1fdbbe6f5c1d4aa696195bb
/**
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
*
* Copyright (c) 2009 Sun Microsystems Inc. All Rights Reserved
*
* The contents of this file are subject to the terms
* of the Common Development and Distribution License
* (the License). You may not use this file except in
* compliance with the License.
*
* You can obtain a copy of the License at
* See the License for the specific language governing
* permission and limitations under the License.
*
* When distributing Covered Code, include this CDDL
* Header Notice in each file and include the License file
* at opensso/legal/CDDLv1.0.txt.
* If applicable, add the following below the CDDL Header,
* with the fields enclosed by brackets [] replaced by
* your own identifying information:
* "Portions Copyrighted [year] [name of copyright owner]"
*
* $Id: ConfigMonitoring.java,v 1.6 2009/12/23 23:50:21 bigfatrat Exp $
*
*/
/*
* Portions Copyrighted 2011-2014 ForgeRock Inc
*/
/**
* This class gathers the configuration information for the
* monitoring service, which is initially started in WebtopNaming.java
* Configuration information can be gathered after Session services
* have started up.
*/
public class ConfigMonitoring {
/*
* in AMLoginModule.java, the requested realm/org (i.e., in the
* "?realm=xxx" parameter) is not available, so realm-specific
* auth module statistics can't be updated. leave the code
* to gather the realms' auth module instances in, but don't
* call it for now.
*/
private boolean skipGettingAuthModules = true;
public ConfigMonitoring() {
}
/*
* this method is called by AMSetupServlet, when it's done
* configuring the OpenSSO server after deployment. it's also
* called by the MonitoringConfiguration load-on-startup servlet
* when the OpenSSO server is restarted any time after being
* configured. it completes the configuring of the monitoring
* agent with the config information that requires an SSOToken
* to retrieve. there is another part of the configuration supplied
* to the agent by WebtopNaming.
*/
public void configureMonitoring() {
try {
ssoToken = getSSOToken();
} catch (SSOException ssoe) {
return;
}
boolean isSessFOEnabled = false;
try {
} else {
}
ex.getMessage());
}
/*
* if monitoring disabled, go no further. any error
* from getMonServiceAttrs() or Agent.startAgent()
* will result in monitoring getting disabled.
*/
int i = getMonServiceAttrs();
if (i != 0) {
", monitoring disabled");
return;
}
try {
// get primary url for each site
}
}
} catch (SMSException smex) {
return;
} catch (SSOException ssoex) {
return;
}
getRealmsList("/");
return;
}
/*
* probably could combine getAllRealms() and getAllRealmsSpecific()
* to do auth modules, and agents and groups, when auth modules'
* statistics can be handled per realm.
*/
if (!skipGettingAuthModules) {
getAllRealms("/");
}
getAllRealmsSpecific("/");
if (debug.messageEnabled()) {
}
if (debug.messageEnabled()) {
}
}
}
try {
}
} catch (SMSException e) {
"SMSException getting OrgConfigMgr: " + e.getMessage());
}
}
if (debug.messageEnabled()) {
}
try {
/*
* the orgs Set of realms seems to have some sort of
* ordering to it, going through each of "/"'s realms.
* don't know that we need to count on it, but it's
* nice.
*/
// do the top-level realm first
/*
* get agent information... just for info, not processing
*/
if (debug.messageEnabled()) {
}
/*
* if realmConfigMonitoringAgent() had a problem with
* this realm, there's not much point in processing its
* subrealms...
*/
if (i != 0) {
"skip subrealms.");
return;
}
// then all the subrealms; they have leading "/"
if (debug.messageEnabled()) {
}
/* get this realm's auth modules */
try {
}
/*
*/
}
/*
* get agent information
* don't need with the *Specific versions... just
* needed to see what attributes there were (and values)
*/
srInfo =
/*
* problem with this subrealm, but at least the
* root realm was added. just output error and do next
* subrealm.
*/
if (i != 0) {
"error processing realm " + ss);
}
} catch (IdRepoException ire) {
"IdRepoException getting AMIdentityRepository" +
} catch (SSOException ssoe) {
"SSOException getting info for realm " + ss +
}
}
if (debug.messageEnabled()) {
}
} catch (SMSException e) {
"SMSException getting OrgConfigMgr: " + e.getMessage());
}
}
/*
* this is like getAllRealms("/"), but refined to get the specific
* attributes needed. probably the eventual version... for agents
* and agent groups, anyway.
*/
if (debug.messageEnabled()) {
}
try {
/*
* the orgs Set of realms seems to have some sort of
* ordering to it, going through each of "/"'s realms.
* don't know that we need to count on it, but it's
* nice.
*/
/*
* get agent and agent group information
*/
try {
/*
* get agents and agent groups information
*/
} catch (IdRepoException ire) {
"IdRepoException getting AMIdentityRepository" +
/*
* if we can't get the AMIdentityRepository, there's
* not much we can do
*/
return;
} catch (SSOException ssoe) {
"SSOException getting info for realm /: "
+ ssoe.getMessage());
/*
* likewise, if there's an issue with our SSOToken...
* there's not much we can do
*/
return;
}
// then all the subrealms; they have leading "/"
if (debug.messageEnabled()) {
}
try {
/*
* get agents and agent groups information
*/
} catch (IdRepoException ire) {
"IdRepoException getting AMIdentityRepository" +
} catch (SSOException ssoe) {
"SSOException getting info for realm " + ss +
}
}
if (debug.messageEnabled()) {
}
} catch (SMSException e) {
"SMSException getting OrgConfigMgr: " + e.getMessage());
}
}
try {
}
/*
*/
} catch (AMConfigurationException e) {
e.getMessage());
}
return aMods;
}
/*
* recursively process subrealms.
* gather per-realm configuration items:
* authentication modules
* 2.2 agents
* J2EE agents
* J2EE agent groups
* Web agents
* Web agent groups
* COTs
* each COT's members
* IDPs
* SPs
*/
try {
// get this realm's identity
// currentRealmAMIdName is fql; currentAMIdName is just realmname
if (debug.messageEnabled()) {
currentRealmAMIdName + "', name = '" +
currentAMIdName + "'");
}
// get this realm's subrealms
if (debug.messageEnabled()) {
" has no subrealms");
}
} else {
if (debug.messageEnabled()) {
}
int num = 0;
// get assigned services
if (debug.messageEnabled()) {
append(" assigned services:\n");
}
}
// get auth modules
if (debug.messageEnabled()) {
append(" auth modules:\n");
append("\n");
}
}
if (debug.messageEnabled()) {
sb2 =
new StringBuffer("Supported Entity types for ");
}
}
}
}
} catch (IdRepoException ire) {
"IdRepoException getting AMIdentityRepository" +
} catch (SSOException ssoe) {
"SSOException getting subrealms for root realm: " +
ssoe.getMessage());
}
return;
}
/*
* gather the auth modules for this (sub)"realm". "realm" is
* "currentRealmAMIdName" from:
*
* AMIdentityRepository idRepo =
* new AMIdentityRepository(ssoToken, realm);
* AMIdentity thisRealmAMId = idRepo.getRealmIdentity();
* String currentRealmAMIdName = thisRealmAMId.getRealm();
*/
try {
} catch (AMConfigurationException e) {
e.getMessage());
}
return insts;
}
try {
} catch (IdRepoException e) {
"idrepo exception getting supported entity types; " +
e.getMessage());
} catch (SSOException e) {
"sso exception getting supported entity types; " +
e.getMessage());
}
return supportedTypes;
}
private void getAgentTypes() {
/*
* agent types are:
* AgentConfiguration.AGENT_TYPE_J2EE = "J2EEAgent"
* AgentConfiguration.AGENT_TYPE_WEB = "WebAgent"
* AgentConfiguration.AGENT_TYPE_2_DOT_2_AGENT = "2.2_Agent"
* AgentConfiguration.AGENT_TYPE_AGENT_AUTHENTICATOR =
* "SharedAgent"
*
* these are in the federation tree, so not accessible
* com.sun.identity.wss.provider.ProviderConfig.WSC = "WSCAgent"
* com.sun.identity.wss.provider.ProviderConfig.WSP = "WSPAgent"
* com.sun.identity.wss.provider.TrustAuthorityConfig.\
* DISCOVERY_TRUST_AUTHORITY = "DiscoveryAgent"
*/
try {
} catch (SMSException sme) {
return;
} catch (SSOException sse) {
return;
}
if (debug.messageEnabled()) {
append(":\n");
}
}
if (debug.messageEnabled()) {
}
}
/*
* given a realm, can search the AMIdentityRepository for
* IdType.AGENTONLY and IdType.AGENTGROUP. or IdType.AGENT
* to get both. this is similar
* to AgentsModelImpl.java:getAgentNames(...)
*/
try {
isc.setAllReturnAttributes(false);
append(":\n");
}
} catch (IdRepoException e) {
e.getMessage());
} catch (SSOException e) {
e.getMessage());
}
}
/*
* given a realm, search the AMIdentityRepository for
* IdType.AGENTGROUP.
* this is similar to AgentsModelImpl.java:getAgentGroupNames(...)
*/
try {
isc.setAllReturnAttributes(false);
append(":\n");
}
} catch (IdRepoException e) {
e.getMessage());
} catch (SSOException e) {
e.getMessage());
}
}
private void getAgentsAndGroupsInfo (
{
/*
* given a realm, can search the AMIdentityRepository for
* IdType.AGENTONLY and IdType.AGENTGROUP. or IdType.AGENT
* to get both. this is similar
* to AgentsModelImpl.java:getAgentNames(...)
*/
try {
isc.setAllReturnAttributes(false);
if (debug.messageEnabled()) {
}
// results has all the agents (only, not agent groups)
}
}
/*
* now the agent groups
*/
isc = new IdSearchControl();
isc.setAllReturnAttributes(false);
if (debug.messageEnabled()) {
}
}
}
if (debug.messageEnabled()) {
}
} catch (IdRepoException e) {
e.getMessage());
} catch (SSOException e) {
e.getMessage());
}
}
/*
* aid.getName() => name of the agent/agentgroup
* aid.getType().toString() => "agent"/"agentgroup"
* aid.getAttributes([CLIConstants.ATTR_NAME_AGENT_TYPE]) =>
* for "agent":
* "SharedAgent"
* "2.2_Agent"
* "WSCAgent"
* "SharedAgent"
* "STSAgent"
* "DiscoveryAgent"
* "J2EEAgent"
* for "agentgroup":
* "STSAgent"
* "WSPAgent"
* "WSCAgent"
* "WebAgent"
* "J2EEAgent"
* "DiscoveryAgent"
* aid.getMemberships(IdType.AGENTGROUP) for agents
* gives the agent group name(s) it's a member of
* aid.getAttribute(com.sun.identity.agents.config.login.url) =>
* aid.getAttribute(com.sun.identity.agents.config.agenturi.prefix) =>
* agent's URL (plus trailing "/amagent")
*/
try {
} catch (IdRepoException e) {
return;
} catch (SSOException e) {
return;
}
}
append(",\n memberships =");
try {
} catch (IdRepoException e) {
return;
} catch (SSOException e) {
return;
}
}
} else {
}
try {
} else {
} else {
}
}
}
}
} else {
}
}
} catch (IdRepoException ex) {
} catch (SSOException ex) {
} catch (SMSException ex) {
}
}
private Map processAgentIdentitySpecific(
boolean isAgentOnly)
{
/*
* aid.getName() => name of the agent/agentgroup
* aid.getType().toString() => "agent"/"agentgroup"
* aid.getAttributes([CLIConstants.ATTR_NAME_AGENT_TYPE]) =>
* for "agent":
* "SharedAgent" -> skip these (Agent Authenticator)
* "2.2_Agent" -> only have name
* "WSCAgent" -> get wspendpoint and wspproxyendpoint
* "STSAgent" -> get stsendpoint
* "DiscoveryAgent" -> get discoveryendpoint, authnserviceendpoint
* "J2EEAgent" get com.sun.identity.client.notification.url (minus
* "/notification) and
* com.sun.identity.agents.config.login.url (already)
* for "agentgroup":
* "STSAgent" -> get stsendpoint
* "WSPAgent" -> get wspendpoint and wspproxyendpoint (can be opt)
* "WSCAgent" -> get wspendpoint and wspproxyendpoint (can be opt)
* "WebAgent" -> get com.sun.identity.agents.config.login.url (ok)
* "J2EEAgent" -> get com.sun.identity.agents.config.login.url (ok)
* and com.sun.identity.client.notification.url
* minus the "/notification"
* "DiscoveryAgent" -> get discoveryendpoint and authnserviceendpoint
*
* aid.getMemberships(IdType.AGENTGROUP) for agents
* gives the agent group name(s) it's a member of
* aid.getAttribute(com.sun.identity.agents.config.login.url) =>
* aid.getAttribute(com.sun.identity.agents.config.agenturi.prefix) =>
* agent's URL (plus trailing "/amagent")
*/
/*
* these are same for both agents and agent groups
* agents can be in only one agent group
*/
/*
* have to get the agenttype before knowing which
* attributes we really want, so try to get them all
*/
try {
} catch (IdRepoException e) {
return null;
} catch (SSOException e) {
return null;
}
/*
* depending on if agent or agent group, and what type
* see if the corresponding attribute(s) have values.
* the attribute's value comes as a Set... should only
*/
attrsToGet = new HashSet();
/*
*/
// only agent's name
// wspendpoint and wspproxyendpoint for both
// stsendpoint for both
// discoveryendpoint and authnserviceendpoint for both
/*
* com.sun.identity.client.notification.url (minus "/notification")
* and com.sun.identity.agents.config.login.url for both
*/
// wspendpoint and wspproxyendpoint (both)
} // don't process "SharedAgent" or "NONE" type
if (key.equalsIgnoreCase(
"com.sun.identity.client.notification.url"))
{
if (ind > -1) {
}
}
append("value = ").
}
} else {
}
if (isAgentOnly) {
try {
} catch (IdRepoException e) {
} catch (SSOException e) {
}
}
} else {
}
}
return attrMap;
}
if (debug.warningEnabled()) {
"Null return for attribute " + valAttr);
}
return "NONE";
}
} else {
return "NONE";
}
}
private int getMonServiceAttrs() {
try {
new ServiceSchemaManager(
"iPlanetAMMonitoringService", ssoToken);
boolean monEna =
"iplanet-am-monitoring-enabled")).booleanValue();
if (!monEna) {
if (debug.warningEnabled()) {
}
return -1;
}
boolean httpEna =
"iplanet-am-monitoring-http-enabled")).booleanValue();
int httpPort =
"iplanet-am-monitoring-http-port"));
"iplanet-am-monitoring-authfile-path");
int rmiPort =
"iplanet-am-monitoring-rmi-port"));
boolean rmiEna =
"iplanet-am-monitoring-rmi-enabled")).booleanValue();
int snmpPort =
"iplanet-am-monitoring-snmp-port"));
boolean snmpEna =
"iplanet-am-monitoring-snmp-enabled")).booleanValue();
int policyWindow =
"iplanet-am-monitoring-policy-window"));
if (debug.messageEnabled()) {
);
}
if (i != 0) {
if (debug.warningEnabled()) {
"Monitoring Agent not started (" + i + ")");
}
return (i);
}
"error reading Monitoring attributes: ", ex);
return (Agent.MON_READATTRS_PROBLEM);
}
return 0;
}
}