Step4.java revision 4709b991352c6de69ba02928ed6cbf373ca62ed5
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Copyright (c) 2007 Sun Microsystems Inc. All Rights Reserved
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * The contents of this file are subject to the terms
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * of the Common Development and Distribution License
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * (the License). You may not use this file except in
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * compliance with the License.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * You can obtain a copy of the License at
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * https://opensso.dev.java.net/public/CDDLv1.0.html or
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * See the License for the specific language governing
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * permission and limitations under the License.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * When distributing Covered Code, include this CDDL
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Header Notice in each file and include the License file
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * If applicable, add the following below the CDDL Header,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * with the fields enclosed by brackets [] replaced by
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * your own identifying information:
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * "Portions Copyrighted [year] [name of copyright owner]"
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * $Id: Step4.java,v 1.20 2009/10/27 05:31:45 hengming Exp $
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Portions Copyrighted 2011-2012 ForgeRock AS
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport com.iplanet.am.util.SSLSocketFactoryManager;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport com.sun.identity.config.SessionAttributeNames;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport com.sun.identity.shared.ldap.LDAPConnection;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport com.sun.identity.shared.ldap.LDAPException;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport javax.naming.directory.InitialDirContext;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Step 4 is the input of the remote user data store properties.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public static final String LDAP_STORE_SESSION_KEY = "wizardCustomUserStore";
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster new ActionLink("validateUMHost", this, "validateUMHost");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster "validateUMDomainName");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster new ActionLink("setUMEmbedded", this, "setUMEmbedded");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster new ActionLink("resetUMEmbedded", this, "resetUMEmbedded");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster new ActionLink("setDomainName", this, "setDomainName");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster new ActionLink("setRootSuffix", this, "setRootSuffix");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster new ActionLink("setLoginID", this, "setLoginID");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster new ActionLink("setPassword", this, "setPassword");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster new ActionLink("setStoreType", this, "setStoreType");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public void onInit() {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (ctx.getSessionAttribute(SessionAttributeNames.USER_STORE_HOST)
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String val = getAttribute(SetupConstants.CONFIG_VAR_DATA_STORE,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (!val.equals(SetupConstants.SMS_EMBED_DATASTORE)) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster val = getAttribute("configStoreSSL", "SIMPLE");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster ctx.setSessionAttribute(SessionAttributeNames.USER_STORE_SSL,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster val = getAttribute("configStoreHost", getHostName());
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster ctx.setSessionAttribute(SessionAttributeNames.USER_STORE_HOST,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster ctx.setSessionAttribute(SessionAttributeNames.USER_STORE_PORT,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster val = getAttribute("configStoreLoginId",Wizard.defaultUserName);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster SessionAttributeNames.USER_STORE_LOGIN_ID, val);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster val = getAttribute("rootSuffix", Wizard.defaultRootSuffix);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster SessionAttributeNames.USER_STORE_ROOT_SUFFIX, val);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster ctx.setSessionAttribute(SessionAttributeNames.EXT_DATA_STORE,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster ctx.setSessionAttribute(SessionAttributeNames.USER_STORE_TYPE,
4709b991352c6de69ba02928ed6cbf373ca62ed5jeff.schenk "LDAPv3ForODSEE");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String smsType = getAttribute(SetupConstants.CONFIG_VAR_DATA_STORE,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster "embedded");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String val = getAttribute(SetupConstants.USER_STORE_HOST,getHostName());
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster ctx.setSessionAttribute(SessionAttributeNames.USER_STORE_HOST, val);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster val = getAttribute(SetupConstants.USER_STORE_SSL, "SIMPLE");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster ctx.setSessionAttribute(SessionAttributeNames.USER_STORE_SSL, val);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster addModel("selectUserStoreSSL", "checked=\"checked\"");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster val = getAttribute(SetupConstants.USER_STORE_PORT, "389");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster ctx.setSessionAttribute(SessionAttributeNames.USER_STORE_PORT, val);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster val = getAttribute(SetupConstants.USER_STORE_LOGIN_ID,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster ctx.setSessionAttribute(SessionAttributeNames.USER_STORE_LOGIN_ID, val);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster val = getAttribute(SetupConstants.USER_STORE_ROOT_SUFFIX,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster ctx.setSessionAttribute(SessionAttributeNames.USER_STORE_ROOT_SUFFIX,
4709b991352c6de69ba02928ed6cbf373ca62ed5jeff.schenk val = getAttribute(SetupConstants.USER_STORE_TYPE, "LDAPv3ForODSEE");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster addModel("selectLDAPv3ad", "checked=\"checked\"");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster addModel("selectLDAPv3addc", "checked=\"checked\"");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster addModel("selectLDAPv3adam", "checked=\"checked\"");
4709b991352c6de69ba02928ed6cbf373ca62ed5jeff.schenk addModel("selectLDAPv3odsee", "checked=\"checked\"");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster addModel("selectLDAPv3opends", "checked=\"checked\"");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster addModel("selectLDAPv3tivoli", "checked=\"checked\"");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster addModel("selectExternalUM", "checked=\"checked\"");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster addModel("selectEmbeddedUM", "checked=\"checked\"");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public boolean setAll() {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster return false;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public boolean setSSL() {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster SessionAttributeNames.USER_STORE_SSL, "SIMPLE");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster writeToResponse(getLocalizedString(responseString));
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster return false;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public boolean setDomainName() {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if ((domainname != null) && domainname.length() > 0) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster writeToResponse(getLocalizedString(responseString));
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster return false;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public boolean setHost() {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster writeToResponse(getLocalizedString(responseString));
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster return false;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public boolean setUMEmbedded() {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster getContext().setSessionAttribute(SessionAttributeNames.EXT_DATA_STORE,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster return false;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public boolean resetUMEmbedded() {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster getContext().setSessionAttribute(SessionAttributeNames.EXT_DATA_STORE,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster return false;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public boolean setPort() {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster writeToResponse(getLocalizedString(responseString));
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster return false;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public boolean setLoginID() {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster SessionAttributeNames.USER_STORE_LOGIN_ID, dn);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster writeToResponse(getLocalizedString(responseString));
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster return false;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public boolean setPassword() {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster SessionAttributeNames.USER_STORE_LOGIN_PWD, pwd);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster writeToResponse(getLocalizedString(responseString));
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster return false;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public boolean setRootSuffix() {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if ((rootsuffix != null) && rootsuffix.length() > 0) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster SessionAttributeNames.USER_STORE_ROOT_SUFFIX, rootsuffix);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster writeToResponse(getLocalizedString(responseString));
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster return false;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public boolean setStoreType() {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster return false;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public boolean validateUMHost() {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String strSSL = (String)ctx.getSessionAttribute(
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster boolean ssl = (strSSL != null) && (strSSL.equals("SSL"));
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String strPort = (String)ctx.getSessionAttribute(
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String bindDN = (String)ctx.getSessionAttribute(
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String rootSuffix = (String)ctx.getSessionAttribute(
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String bindPwd = (String)ctx.getSessionAttribute(
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster SSLSocketFactoryManager.getSSLSocketFactory()) :
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String filter = "cn=" + "\"" + rootSuffix + "\"";
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster ld.search(rootSuffix, LDAPConnection.SCOPE_BASE, filter,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster writeToResponse(getLocalizedString("ldap.connect.error"));
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster writeToResponse(getLocalizedString("ldap.server.down"));
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster writeToResponse(getLocalizedString("ldap.invalid.dn"));
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster writeToResponse(getLocalizedString("ldap.nosuch.object"));
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster getLocalizedString("ldap.invalid.credentials"));
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster writeToResponse(getLocalizedString("ldap.unwilling"));
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster case LDAPException.INAPPROPRIATE_AUTHENTICATION:
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster writeToResponse(getLocalizedString("ldap.inappropriate"));
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster writeToResponse(getLocalizedString("ldap.constraint"));
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster getLocalizedString("cannot.connect.to.SM.datastore"));
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster getLocalizedString("cannot.connect.to.SM.datastore"));
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster return false;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public boolean validateUMDomainName() {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String strSSL = (String)ctx.getSessionAttribute(
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster boolean ssl = (strSSL != null) && (strSSL.equals("SSL"));
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String domainName = (String)ctx.getSessionAttribute(
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String rootSuffixAD = dnsDomainToDN(domainName);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster getLocalizedString("cannot.connect.to.UM.datastore"));
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster return false;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster getLocalizedString("cannot.connect.to.UM.datastore"));
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster return false;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String bindDN = (String)ctx.getSessionAttribute(
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String rootSuffix = (String)ctx.getSessionAttribute(
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String bindPwd = (String)ctx.getSessionAttribute(
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster SSLSocketFactoryManager.getSSLSocketFactory()) :
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String filter = "cn=" + "\"" + rootSuffix + "\"";
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster ld.search(rootSuffix, LDAPConnection.SCOPE_BASE, filter,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster "ldap.connect.error"));
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster "ldap.server.down"));
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster "ldap.invalid.dn"));
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster "ldap.nosuch.object"));
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster "ldap.invalid.credentials"));
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster "ldap.unwilling"));
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster case LDAPException.INAPPROPRIATE_AUTHENTICATION:
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster "ldap.inappropriate"));
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster "ldap.constraint"));
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster "cannot.connect.to.UM.datastore"));
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster "cannot.connect.to.UM.datastore"));
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster return false;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // Method to get hostname and port number with the
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // provided Domain Name for Active Directory user data store.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster private String[] getLdapHostAndPort(String domainName)
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // Check if domain name is a valid one.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // The resource record type A is defined in RFC 1035.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster env.put(javax.naming.Context.INITIAL_CONTEXT_FACTORY,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster "com.sun.jndi.dns.DnsContextFactory");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster ictx.getAttributes(domainName, new String[]{"A"});
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // Failed to resolve domainName to A record.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // throw exception.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // then look for the LDAP server
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster final String ldapServer = "_ldap._tcp." + domainName;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // Attempting to resolve ldapServer to SRV record.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // This is a mechanism defined in MSDN, querying
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // SRV records for _ldap._tcp.DOMAINNAME.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // and get host and port from domain.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster ictx.getAttributes(ldapServer, new String[]{"SRV"});
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String[] srv = attr.get().toString().split(" ");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // Failed to resolve ldapServer to SRV record.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // throw exception.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // try to connect to LDAP port to make sure this machine
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // has LDAP service
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster int serverPort = Integer.parseInt(serverPortStr);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if ((serverPort > 0) && (serverPort < 65535)) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster SessionAttributeNames.USER_STORE_PORT, serverPortStr);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster new Socket(serverHostName, serverPort).close();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // Method to convert the domain name to the root suffix.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // eg., Domain Name amqa.test.com is converted to root suffix
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // DC=amqa,DC=test,DC=com