AgentsRepo.java revision 60e9e896a1a7a9e62db162e1e9fb6b3c2df50c33
/*
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
*
* Copyright (c) 2007 Sun Microsystems Inc. All Rights Reserved
*
* The contents of this file are subject to the terms
* of the Common Development and Distribution License
* (the License). You may not use this file except in
* compliance with the License.
*
* You can obtain a copy of the License at
* See the License for the specific language governing
* permission and limitations under the License.
*
* When distributing Covered Code, include this CDDL
* Header Notice in each file and include the License file
* at opensso/legal/CDDLv1.0.txt.
* If applicable, add the following below the CDDL Header,
* with the fields enclosed by brackets [] replaced by
* your own identifying information:
* "Portions Copyrighted [year] [name of copyright owner]"
*
* $Id: AgentsRepo.java,v 1.46 2009/09/21 19:47:28 goodearth Exp $
*
* Portions Copyrighted 2012-2015 ForgeRock AS.
* Portions Copyrighted 2012 Open Source Solution Technology Corporation
*/
"com.sun.identity.idm.plugins.internal.AgentsRepo";
// Status attribute
private static final String statusAttribute =
"sunIdentityServerDeviceStatus";
private static String notificationURLname =
"com.sun.identity.client.notification.url";
private static String notificationURLenabled =
"com.sun.identity.agents.config.change.notification.enable";
// Initialization exception
public AgentsRepo() {
if (debug.messageEnabled()) {
}
try {
version);
version);
}
}
} catch (SMSException smse) {
if (debug.warningEnabled()) {
+ "Unable to init ssm and scm due to " + smse);
}
} catch (SSOException ssoe) {
if (debug.warningEnabled()) {
+ "Unable to init ssm and scm due to " + ssoe);
}
}
if (debug.messageEnabled()) {
}
}
/*
* (non-Javadoc)
*
* @see com.sun.identity.idm.IdRepo#addListener(com.iplanet.sso.SSOToken,
* com.iplanet.am.sdk.IdRepoListener)
*/
throws IdRepoException, SSOException {
if (debug.messageEnabled()) {
}
// Listeners are added when AgentsRepo got invoked.
return 0;
}
/*
* (non-Javadoc)
*
* @see com.sun.identity.idm.IdRepo#create(com.iplanet.sso.SSOToken,
* com.sun.identity.idm.IdType, java.lang.String, java.util.Map)
*/
}
if (debug.messageEnabled()) {
+ agentName);
}
if (initializationException != null) {
throw (initializationException);
}
if (debug.messageEnabled()) {
}
}
} else {
null);
}
} else {
// To be backward compatible, look for 'AgentType' attribute
// in the attribute map which is passed as a parameter and if
// assume that it is '2.2_Agent' type and create that agent
// under the 2.2_Agent node.
agentType = "2.2_Agent";
} else {
null);
}
}
}
try {
// If the password is already a hashed value, leave as is.
} else {
}
}
}
/*
* While migrating 2.2 agents to new ones, look for the
* attribute 'entrydn' and remove this 'entrydn' while
* creating the agent, as it gets added in a
* getAttributes() call explicitly to the result set and
* returned. Reason:
* api/ ldapjdk does not return this operational attribute.
*/
}
} else {
// Agent already found, throw an exception
}
if (agentGroupConfig==null) {
}
if (!agentGroupConfig.getSubConfigNames().
attrMap);
} else {
// Agent already found, throw an exception
}
}
} catch (ServiceAlreadyExistsException saee) {
} catch (SMSException smse) {
}
return (aTypeConfig.getDN());
}
/*
* (non-Javadoc)
*
* @see com.sun.identity.idm.IdRepo#delete(com.iplanet.sso.SSOToken,
* com.sun.identity.idm.IdType, java.lang.String)
*/
throws IdRepoException, SSOException {
if (debug.messageEnabled()) {
+ name);
}
if (initializationException != null) {
throw (initializationException);
}
try {
if (!isSharedAgent) {
}
} else {
// Agent not found, throw an exception
}
if (agentGroupConfig==null) {
// Agent not found, throw an exception
}
// AgentGroup deletion should clear the group memberships of the agents that belong to this group.
// Get the members that belong to this group and their config and set the agentgroup attribute to
// an empty string.
}
}
} else {
// Agent not found, throw an exception
}
}
} catch (SMSException smse) {
}
}
/*
* (non-Javadoc)
*
* @see com.sun.identity.idm.IdRepo#getAttributes(com.iplanet.sso.SSOToken,
* com.sun.identity.idm.IdType, java.lang.String, java.util.Set)
*/
if (debug.messageEnabled()) {
}
if (initializationException != null) {
throw (initializationException);
}
}
}
return resultMap;
}
/*
* (non-Javadoc)
*
* @see com.sun.identity.idm.IdRepo#getAttributes(com.iplanet.sso.SSOToken,
* com.sun.identity.idm.IdType, java.lang.String)
*/
throws IdRepoException, SSOException {
if (debug.messageEnabled()) {
+ name);
}
if (initializationException != null) {
throw (initializationException);
}
try {
// Return the attributes for the given agent under
// default group.
// Return the attributes of agent under specified group.
// By default return the union of agents under
// default group and the agent group.
if ((agentsAttrMap != null) &&
(agentGroupMap != null)) {
}
}
}
return agentsAttrMap;
} catch (SMSException e) {
if (debug.warningEnabled()) {
e.getMessage());
}
args);
} catch (IdRepoException idpe) {
if (debug.warningEnabled()) {
}
args);
}
}
throw new IdRepoUnsupportedOpException(IdRepoBundle.BUNDLE_NAME, IdRepoErrorCode.PLUGIN_OPERATION_NOT_SUPPORTED,
args);
}
throws IdRepoException, SSOException {
if (debug.messageEnabled()) {
}
try {
// Get the agent's config and then it's attributes.
// Send the agenttype of that agent.
} else {
// Agent not found, throw an exception
}
} catch (SMSException sme) {
}
return (answer);
}
/*
* (non-Javadoc)
*
* @see com.sun.identity.idm.IdRepo#getBinaryAttributes(
* com.iplanet.sso.SSOToken,
* com.sun.identity.idm.IdType, java.lang.String, java.util.Set)
*/
throw new IdRepoUnsupportedOpException(IdRepoBundle.BUNDLE_NAME, IdRepoErrorCode.PLUGIN_OPERATION_NOT_SUPPORTED,
args);
}
/*
* (non-Javadoc)
*
* @see com.sun.identity.idm.IdRepo#setBinaryAttributes(
* com.iplanet.sso.SSOToken, com.sun.identity.idm.IdType,
* java.lang.String, java.util.Map, boolean)
*/
throw new IdRepoUnsupportedOpException(IdRepoBundle.BUNDLE_NAME, IdRepoErrorCode.PLUGIN_OPERATION_NOT_SUPPORTED,
args);
}
/*
* (non-Javadoc)
*
* @see com.sun.identity.idm.IdRepo#getMembers(com.iplanet.sso.SSOToken,
* com.sun.identity.idm.IdType, java.lang.String,
* com.sun.identity.idm.IdType)
*/
/*
* name would be the name of the agentgroup.
* membersType would be the IdType of the agent to be retrieved.
* type would be the IdType of the agentgroup.
*/
if (debug.messageEnabled()) {
+ ": " + membersType);
}
if (initializationException != null) {
throw (initializationException);
}
+ "not supported for Users or Agents");
}
throw new IdRepoException(IdRepoBundle.BUNDLE_NAME, IdRepoErrorCode.MEMBERSHIPS_FOR_NOT_USERS_NOT_ALLOWED, args);
}
try {
// Search and get the serviceconfig of the agents and get the value of the attribute 'agentgroup' and
if (agentConfig != null) {
}
}
}
} catch (SMSException sme) {
+ "exception while getting agents"
+ " from groups", sme);
args);
}
} else {
}
return (results);
}
/*
* (non-Javadoc)
*
* @see com.sun.identity.idm.IdRepo#getMemberships(com.iplanet.sso.SSOToken,
* com.sun.identity.idm.IdType, java.lang.String,
* com.sun.identity.idm.IdType)
*/
/*
* name would be the name of the agent.
* membersType would be the IdType of the agentgroup to be retrieved.
* type would be the IdType of the agent.
*/
if (debug.messageEnabled()) {
}
if (initializationException != null) {
throw (initializationException);
}
// Memberships can be returned for agents.
"AgentsRepo:getMemberships supported only for agents");
}
// Set to maintain the members
try {
// Search and get the serviceconfig of the agent and get the value of the 'agentgroup' attribute and
// if the agent belongs to the agentgroup, add the agentgroup to the result set.
} catch (SMSException sme) {
+ "exception while getting memberships"
+ " for Agent", sme);
args);
}
} else {
// throw unsupported operation exception
membershipType.getName() };
}
return (results);
}
private String getGroupName(ServiceConfig orgConfig, String agentName) throws SSOException, SMSException {
}
private Set<String> getGroupNames(ServiceConfig orgConfig, String agentName) throws SSOException, SMSException {
if (agentConfig != null) {
}
}
return results;
}
/*
* (non-Javadoc)
*
* @see com.sun.identity.idm.IdRepo#getServiceAttributes(
* com.iplanet.sso.SSOToken,
* com.sun.identity.idm.IdType, java.lang.String, java.lang.String,
* java.util.Set)
*/
throw new IdRepoUnsupportedOpException(IdRepoBundle.BUNDLE_NAME, IdRepoErrorCode.PLUGIN_OPERATION_NOT_SUPPORTED,
args);
}
/*
* (non-Javadoc)
*
* @see com.sun.identity.idm.IdRepo#getBinaryServiceAttributes(
* com.iplanet.sso.SSOToken, com.sun.identity.idm.IdType,
* java.lang.String, java.util.Set)
*/
throws IdRepoException, SSOException {
throw new IdRepoUnsupportedOpException(IdRepoBundle.BUNDLE_NAME, IdRepoErrorCode.PLUGIN_OPERATION_NOT_SUPPORTED,
args);
}
/*
* (non-Javadoc)
*
* @see com.sun.identity.idm.IdRepo#isExists(com.iplanet.sso.SSOToken,
* com.sun.identity.idm.IdType, java.lang.String)
*/
throws IdRepoException, SSOException {
if (debug.messageEnabled()) {
name);
}
if (initializationException != null) {
throw (initializationException);
}
boolean exist = false;
exist = true;
}
return (exist);
}
/*
* (non-Javadoc)
*
* @see com.sun.identity.idm.IdRepo#modifyMemberShip(
* com.iplanet.sso.SSOToken,
* com.sun.identity.idm.IdType, java.lang.String, java.util.Set,
* com.sun.identity.idm.IdType, int)
*/
public void modifyMemberShip(SSOToken token, IdType type, String name, Set<String> members, IdType membersType,
/*
* name would be the name of the agentgroup.
* type would be the IdType of the agentgroup.
*/
if (debug.messageEnabled()) {
}
if (initializationException != null) {
throw initializationException;
}
}
}
debug.error("AgentsRepo.modifyMembership: A non-agent type cannot be made a member of any identity "
+ membersType.getName());
throw new IdRepoException(IdRepoBundle.BUNDLE_NAME, IdRepoErrorCode.MEMBERSHIPS_FOR_NOT_USERS_NOT_ALLOWED, args);
}
try {
// Search and get the serviceconfig of the agent and set the agentgroup attribute with the value of
// the agentgroup name eg., 'AgentGroup1'. One agent instance should belong to at most one group.
if (agentConfig != null) {
switch (operation) {
case ADDMEMBER:
break;
case REMOVEMEMBER:
break;
}
}
}
} catch (SMSException sme) {
sme);
throw new IdRepoException(IdRepoBundle.BUNDLE_NAME, IdRepoErrorCode.ERROR_SETTING_ATTRIBUTES, args);
}
} else {
// throw an exception
debug.error("AgentsRepo.modifyMembership: Memberships cannot be modified for type= " + type.getName());
throw new IdRepoException(IdRepoBundle.BUNDLE_NAME, IdRepoErrorCode.MEMBERSHIP_CANNOT_BE_MODIFIED, args);
}
}
/*
* (non-Javadoc)
*
* @see com.sun.identity.idm.IdRepo#removeAttributes(
* com.iplanet.sso.SSOToken,
* com.sun.identity.idm.IdType, java.lang.String, java.util.Set)
*/
if (debug.messageEnabled()) {
": " + name);
}
if (initializationException != null) {
throw (initializationException);
}
if (debug.messageEnabled()) {
"are empty");
}
} else {
if (debug.messageEnabled()) {
" names" + attrNames);
}
}
try {
} else {
// Agent not found, throw an exception
}
}
}
} catch (SMSException smse) {
+ "agent attributes ",smse);
throw new IdRepoException(IdRepoBundle.BUNDLE_NAME, IdRepoErrorCode.ERROR_SETTING_ATTRIBUTES, args);
}
}
/*
* (non-Javadoc)
*
* @see com.sun.identity.idm.IdRepo#removeListener()
*/
public void removeListener() {
}
}
}
throws IdRepoException, SSOException {
if (crestQuery.hasQueryFilter()) {
throw new IdRepoException("AgentsRepo does not support search by query filter");
}
if (debug.messageEnabled()) {
pattern);
}
if (initializationException != null) {
throw (initializationException);
}
try {
// Get the config from 'default' group.
avPairs);
// Get the config from specified group.
}
} else {
return new RepoSearchResults(new HashSet(),
type);
}
}
}
} catch (SSOException sse) {
sse);
}
}
/*
* (non-Javadoc)
*
* @see com.sun.identity.idm.IdRepo#setAttributes(com.iplanet.sso.SSOToken,
* com.sun.identity.idm.IdType, java.lang.String, java.util.Map,
* boolean)
*/
throws IdRepoException, SSOException {
if (debug.messageEnabled()) {
+ name);
}
if (initializationException != null) {
throw (initializationException);
}
if (debug.messageEnabled()) {
"are empty");
}
}
try {
if (agentGroupConfig == null) {
}
} else {
}
}
}
}
} else {
// Agent not found, throw an exception
}
} catch (SMSException smse) {
+ " attributes ",smse);
throw new IdRepoException(IdRepoBundle.BUNDLE_NAME, IdRepoErrorCode.ERROR_SETTING_ATTRIBUTES, args);
}
}
/*
* (non-Javadoc)
*
* @see com.sun.identity.idm.IdRepo#getSupportedOperations(
* com.sun.identity.idm.IdType)
*/
}
/*
* (non-Javadoc)
*
* @see com.sun.identity.idm.IdRepo#getSupportedTypes()
*/
public Set getSupportedTypes() {
return supportedOps.keySet();
}
/*
* (non-Javadoc)
*
* @see com.sun.identity.idm.IdRepo#initialize(java.util.Map)
*/
super.initialize(configParams);
// Initialize with the realm name
// Initalize ServiceConfig with realm names
}
}
}
/*
* (non-Javadoc)
*
* @see com.sun.identity.idm.IdRepo#isActive(com.iplanet.sso.SSOToken,
* com.sun.identity.idm.IdType, java.lang.String)
*/
throws IdRepoException, SSOException {
if (attributes == null) {
}
return true;
} else {
}
}
/* (non-Javadoc)
* @see com.sun.identity.idm.IdRepo#setActiveStatus(
com.iplanet.sso.SSOToken, com.sun.identity.idm.IdType,
java.lang.String, boolean)
*/
throws IdRepoException, SSOException {
if (active) {
} else {
}
}
/*
* (non-Javadoc)
*
* @see com.sun.identity.idm.IdRepo#shutdown()
*/
public void shutdown() {
}
}
}
private void loadSupportedOps() {
opSet));
opSet));
if (debug.messageEnabled()) {
+ "supportedOps Map = " + supportedOps);
}
}
// The following three methods implement ServiceListener interface
/*
* (non-Javadoc)
*
* @see com.sun.identity.sm.ServiceListener#globalConfigChanged(
* java.lang.String,
* java.lang.String, java.lang.String, java.lang.String, int)
*/
if (debug.messageEnabled()) {
}
} else {
}
return;
}
// If notification URLs are present, send notifications
if (repoListener != null) {
}
}
/*
* (non-Javadoc)
*
* @see com.sun.identity.sm.ServiceListener#organizationConfigChanged(
* java.lang.String,
* java.lang.String, java.lang.String, java.lang.String,
* java.lang.String, int)
*/
{
if (debug.messageEnabled()) {
}
// Process notification only if realm name matches and seviceComp
// is not "" (for org creation) and "/" for "ou=default" creation
// Get the Agent name
return;
}
// Send local notification first
if (repoListener != null) {
} else {
}
}
// If notification URLs are present, send notification
} else {
}
}
}
/*
* (non-Javadoc)
*
* @see com.sun.identity.sm.ServiceListener#schemaChanged(java.lang.String,
* java.lang.String)
*/
if (debug.messageEnabled()) {
}
if (repoListener != null) {
}
}
}
}
public boolean supportsAuthentication() {
return (true);
}
throws IdRepoException, AuthLoginException {
if (debug.messageEnabled()) {
}
// Obtain user name and password from credentials and compare
// with the ones from the agent profile to authorize the agent.
if (credentials[i] instanceof NameCallback) {
if (debug.messageEnabled()) {
+ username);
}
} else if (credentials[i] instanceof PasswordCallback) {
.getPassword();
if (debug.messageEnabled()) {
+ "present");
}
}
}
}
}
boolean answer = false;
try {
/* Only agents with IdType.AGENTONLY is used for authentication,
* not the agents with IdType.AGENTGROUP.
* AGENTGROUP is for storing common properties.
*/
}
if (!(answer = password.equals(userPwd)) && !(answer = oauth2PasswordMatch(ansMap, unhashedPassword, userPwd))) {
throw (new InvalidPasswordException("invalid password",
userid));
}
}
if (debug.messageEnabled()) {
}
} catch (SSOException ssoe) {
if (debug.warningEnabled()) {
+ "Unable to authenticate SSOException: " +
ssoe.getMessage());
}
}
return (answer);
}
private boolean oauth2PasswordMatch(Map attributeMap, String unhashedPassword, String userPassword) {
}
/*
* (non-Javadoc)
*
* @see com.sun.identity.idm.IdRepo#modifyService(com.iplanet.sso.SSOToken,
* com.sun.identity.idm.IdType, java.lang.String, java.lang.String,
* com.sun.identity.sm.SchemaType, java.util.Map)
*/
throws IdRepoException, SSOException {
throw new IdRepoUnsupportedOpException(IdRepoBundle.BUNDLE_NAME, IdRepoErrorCode.PLUGIN_OPERATION_NOT_SUPPORTED,
args);
}
/*
* (non-Javadoc)
*
* @see com.sun.identity.idm.IdRepo#unassignService(
* com.iplanet.sso.SSOToken,
* com.sun.identity.idm.IdType, java.lang.String, java.lang.String,
* java.util.Map)
*/
"com.sun.identity.idm.plugins.specialusers.SpecialRepo",
throw new IdRepoUnsupportedOpException(IdRepoBundle.BUNDLE_NAME, IdRepoErrorCode.PLUGIN_OPERATION_NOT_SUPPORTED,
args);
}
/*
* (non-Javadoc)
*
* @see com.sun.identity.idm.IdRepo#assignService(com.iplanet.sso.SSOToken,
* com.sun.identity.idm.IdType, java.lang.String, java.lang.String,
* com.sun.identity.sm.SchemaType, java.util.Map)
*/
throws IdRepoException, SSOException {
throw new IdRepoUnsupportedOpException(IdRepoBundle.BUNDLE_NAME, IdRepoErrorCode.PLUGIN_OPERATION_NOT_SUPPORTED,
args);
}
/*
* (non-Javadoc)
*
* @see com.sun.identity.idm.IdRepo#getAssignedServices(
* com.iplanet.sso.SSOToken,
* com.sun.identity.idm.IdType, java.lang.String, java.util.Map)
*/
throw new IdRepoUnsupportedOpException(IdRepoBundle.BUNDLE_NAME, IdRepoErrorCode.PLUGIN_OPERATION_NOT_SUPPORTED,
args);
}
if (debug.messageEnabled()) {
}
try {
version);
}
}
} catch (SMSException smse) {
if (debug.warningEnabled()) {
+ "Unable to get Organization Config due to " +
smse.getMessage());
}
} catch (SSOException ssoe) {
if (debug.warningEnabled()) {
+ "Unable to get Organization Config due to " +
ssoe.getMessage());
}
}
return (orgConfigCache);
}
if (debug.messageEnabled()) {
}
try {
// Always get from ServiceConfigManager which checks the cache
// and returns latest values stored in cache.
} catch (SMSException smse) {
if (debug.warningEnabled()) {
+ "Unable to get Agent Group Config due to " +
smse.getMessage());
}
} catch (SSOException ssoe) {
if (debug.warningEnabled()) {
+ "Unable to get Agent Group Config due to " +
ssoe.getMessage());
}
}
return (agentGroupConfigCache);
}
if (debug.messageEnabled()) {
}
try {
version);
}
}
// Always get from ServiceConfigManager which checks the cache
// and returns latest values stored in cache.
} catch (SMSException smse) {
if (debug.warningEnabled()) {
+ "Unable to create Agent Group Config due to " +
smse.getMessage());
}
} catch (SSOException ssoe) {
if (debug.warningEnabled()) {
+ "Unable to create Agent Group Config due to " +
ssoe.getMessage());
}
}
return (agentGroupConfigCache);
}
throws IdRepoException {
if (debug.messageEnabled()) {
}
boolean agentTypeflg = false;
try {
// Get the agentType and then compare the pattern sent for Search.
agentTypeflg = true;
break;
}
}
} catch (SMSException sme) {
}
return (agentTypeflg);
}
throws IdRepoException {
if (debug.messageEnabled()) {
}
return (Collections.EMPTY_SET);
}
// Get AgentType
}
}
if (debug.messageEnabled()) {
}
// Search for agents matching the pattern and agenttype
try {
} else {
}
if (debug.messageEnabled()) {
agentRes);
}
// Check if there are agents and if more attributes are present
}
/* if there are agents matching the pattern and agenttype and
* if avPairs is not empty, search for other attributes in the
* avPairs and add that Agent if search results are positive.
* ie., if avPairs matches with the attributes in store.
*/
continue;
}
/* 'attrValues' are values from avPairs sent by client.
* 'presentValues' are from Directory Server.
* The element in attrValues is compared with the
* values from DS, and then the agent name is added to
* resultant set to be returned if matches.
*/
if ((presentValues != null) &&
break;
}
}
}
}
}
return (agents);
} catch (SSOException sse) {
} catch (SMSException sme) {
}
}
}
try {
// If notification enabled is set to true ,send notifications.
switch (type) {
case MODIFIED:
if (agentIdTypeforNotificationSet == null) {
break;
}
if (debug.messageEnabled()) {
}
// This checks if the changes happened to an agentgroup.
// notifications to all its members.
//An agent group has been updated, so now we need to notify the internal cache for the
//group members so they return the changed inherited values as well.
}
} else {
}
if (debug.messageEnabled()) {
}
// To be consistent and for easy web agent
// parsing,the notification set should start with
// "AgentConfigChangeNotification"
.append(" ")
.append("=\"")
.append("\"")
.append(" ")
.append("=\"")
.append("\"/>");
if (debug.messageEnabled()) {
}
// If notification URLs are present,send
// notifications
try {
// Construct NotificationSet to be sent to
// Agents.
try {
if (debug.messageEnabled()) {
}
} catch (SendNotificationException ne) {
if (debug.warningEnabled()) {
}
}
} catch (MalformedURLException e) {
if (debug.warningEnabled()) {
+ e.getMessage());
}
}
}
}
}
}
}
} catch (IdRepoException idpe) {
} catch (SSOException ssoe) {
if (debug.warningEnabled()) {
+ ssoe.getMessage());
}
}
}
try {
"AgentsAllowedToRead");
}
}
}
}
} catch (IdRepoException e) {
"AgentRepo.removeIdentityFromAgentAuthenticators", e);
} catch (SSOException e) {
"AgentRepo.removeIdentityFromAgentAuthenticators", e);
}
}
}