Agent.java revision 88f608b8855a99b19653376900fc5f234b7e771c
/**
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
*
* Copyright (c) 2009 Sun Microsystems Inc. All Rights Reserved
*
* The contents of this file are subject to the terms
* of the Common Development and Distribution License
* (the License). You may not use this file except in
* compliance with the License.
*
* You can obtain a copy of the License at
* See the License for the specific language governing
* permission and limitations under the License.
*
* When distributing Covered Code, include this CDDL
* Header Notice in each file and include the License file
* at opensso/legal/CDDLv1.0.txt.
* If applicable, add the following below the CDDL Header,
* with the fields enclosed by brackets [] replaced by
* your own identifying information:
* "Portions Copyrighted [year] [name of copyright owner]"
*
* $Id: Agent.java,v 1.9 2009/11/10 01:33:22 bigfatrat Exp $
*
*/
/*
* Portions Copyrighted 2011-2013 ForgeRock AS
*/
/**
* The Agent class provides a simple example on how to use the SNMP
* protocol adaptor.
*
* A subset of MIB II (RFC1213) is implemented. The MIB is loaded and
* initialized. As such you can now see the MIB using your favorite
* SNMP manager, or you can use a web browser and see the MIB through
* the HTML adaptor.
*
* When calling the program, you can specify:
* - nb_traps: number of traps the SNMP agent will send.
* If not specified, the agent will send traps continuously.
*
* In this example, the SNMP adaptor is started on port 8085, and the
* traps are sent to the port 8086, i.e. non standard ports for SNMP.
* As such you do not need to be root to start the agent.
*/
public class Agent {
/**
* This variable defines the number of traps this agent has to send.
* If not specified in the command line arguments, the traps will be
* sent continuously.
*/
private static int nbTraps = -1;
private static boolean agentStarted;
private static MBeanServer server;
private static ObjectName htmlObjName;
private static ObjectName snmpObjName;
private static ObjectName sunMibObjName;
private static ObjectName forgerockCtsMibObjName;
private static int monHtmlPort;
private static int monSnmpPort;
private static int monRmiPort;
private static String monAuthFilePath;
private static String ssoProtocol;
private static String ssoServerID;
private static boolean dsIsEmbedded;
private static JMXConnectorServer cs;
//static mib references
static SUN_OPENSSO_SERVER_MIBImpl sunMib;
private static SSOServerInfo agentSvrInfo;
private static Map<String, Integer> realm2Index = new HashMap<String, Integer>(); // realm name to index map
private static Map<Integer, String> index2Realm = new HashMap<Integer, String>(); // index to realm name map
private static Map<String, String> realm2DN = new HashMap<String, String>(); // realm name to DN map
private static boolean monitoringEnabled;
private static boolean monHtmlPortEnabled;
private static boolean monSnmpPortEnabled;
private static boolean monRmiPortEnabled;
private static boolean isSessFOEnabled;
private static SimpleDateFormat sdf =
new SimpleDateFormat("yyyy-MM-dd HH:mm:ss");
public static final int MON_CONFIG_DISABLED = -1;
public static final int MON_MBEANSRVR_PROBLEM = -2;
public static final int MON_RMICONNECTOR_PROBLEM = -3;
public static final int MON_CREATEMIB_PROBLEM = -4;
public static final int MON_READATTRS_PROBLEM = -5;
static {
}
}
/**
* Agent constructor
*/
private Agent() {
}
public static void stopRMI() {
try {
if (sunMibObjName != null) {
}
if (forgerockCtsMibObjName != null) {
}
} catch (InstanceNotFoundException ex) {
if (debug.warningEnabled()) {
"Agent.stopRMI: error unregistering MBean:" +
ex.getMessage());
}
} catch (MBeanRegistrationException ex) {
if (debug.warningEnabled()) {
"Agent.stopRMI: error unregistering MBean:" +
ex.getMessage());
}
}
}
try {
}
" agent RMI server: ", ex);
}
} else {
"monitoring or RMI port not enabled.");
}
snmpAdaptor.stop();
}
htmlAdaptor.stop();
}
}
/**
* Receives Site and Server configuration information from
* WebtopNaming. Information is saved and the corresponding
* Monitoring MBeans are created after the Agent ports are started.
*/
}
/**
* This method starts up the monitoring agent. Returns either
* zero (0) if intialization has completed successfully, or one (1)
* if not.
* @param OpenSSOServerID The OpenSSO server's ID in the site
* @param svrName OpenSSO server's hostname
* @param svrPort OpenSSO server's port
* @param svrURI OpenSSO server's URI
* @param siteID OpenSSO server's Site ID
* @param openSSOServerID OpenSSO server's ID
* @param isEmbeddedDS Whether the OpenSSO server is using an embedded DS
* @param siteIdTbl the Site ID table for this installation
* @param serverIdTbl the Server ID table for this installation
* @param namingTbl the Naming table for this installation
* @return Success (0) or Failure (1)
*/
/*
* ServerIDTable has form:
* <proto>://<host>:<port>/<uri>=nn,
* while NamingTable has form
* nn=<proto>://<host>:<port>/<uri>
*/
if (debug.messageEnabled()) {
new StringBuilder("Agent.startMonitoringAgent:ServerInfo:\n");
append("\n").
append("\n");
/*
* can get this server's URL from the naming table, using
* its serverID. get the site's URL with siteID
*/
} else {
}
} else {
}
/*
* if there's a site configured, then siteIdTable will contain
* the serverIDs
*/
}
} else {
}
/*
* print out the serverIDTable
*/
}
} else {
}
/*
* print out the namingTable
*/
}
} else {
}
}
}
/**
* This method starts up the monitoring agent from the
* common/ConfigMonitoring module (load-on-startup or at the
* end of AMSetupServlet/configuration). Since web-app startup
* is sensitive to exceptions in load-on-startup stuff, this has
*
* If any of HTML, SNMP, or RMI adaptors has a problem getting created
* at least one adaptor is started, monitoring will be "active"
* (Agent.isRunning() will return true).
*
* @param monConfig SSOServerMonConfig structure of OpenSSO configuration
* MON_CONFIG_DISABLED:
* if monitoring configured as disabled
* MON_MBEANSRVR_PROBLEM:
* if MBeanServer problem encountered
* MON_RMICONNECTOR_PROBLEM:
* if RMI connector problem
* (MIB not registered with MBeanServer)
* MON_CREATEMIB_PROBLEM:
* if problem creating/registering MIB
*/
// OpenSSO server port comes from WebtopNaming.siteAndServerInfo
// Check for Legacy MonAuthFile.
{
// Perform a rename of the old filename to the latest naming.
}
}
/*
* there are a lot of exception checks in this method, as
* it's invoked from a load-on-startup servlet. if it
* chokes in here, OpenSSO won't start up.
*/
if (debug.messageEnabled()) {
);
}
if (!monitoringEnabled) {
return MON_CONFIG_DISABLED;
}
/*
* verify that the HTML, SNMP and RMI ports aren't the same as
* the OpenSSO server port. if HTML or SNMP conflict with it,
* then they'll be disabled (warning message). if the RMI port
* conflicts, then all of monitoring is disabled. there might
* be other ports that should be checked.
*/
try {
if (monRmiPort == sport) {
"RMI port conflicts with OpenSSO server port (" +
sport + "); Monitoring disabled.");
return MON_RMICONNECTOR_PROBLEM;
}
if (monHtmlPort == sport) {
monHtmlPortEnabled = false;
if (debug.warningEnabled()) {
"HTML port conflicts with OpenSSO server port (" +
sport + "); Monitoring HTML port disabled.");
}
}
if (monSnmpPort == sport) {
monSnmpPortEnabled = false;
if (debug.warningEnabled()) {
"SNMP port conflicts with OpenSSO server port (" +
sport + "); Monitoring SNMP port disabled.");
}
}
} catch (NumberFormatException nfe) {
/*
* odd. if serverPort's not a valid int, then there'll be
* other problems
*/
}
if (debug.messageEnabled()) {
" HTML Port = " + monHtmlPort +
" SNMP Port = " + monSnmpPort +
" RMI Port = " + monRmiPort +
}
/*
* if OpenSSO's deployed on a container that has MBeanServer(s),
* will the findMBeanServer(null) "find" those? if so,
* is using the first one the right thing to do?
*/
try {
} catch (SecurityException ex) {
/*
* if can't find one, try creating one below, although
* if there's no findMBeanServer permission, it's unlikely
* that there's a createMBeanServer permission...
*/
if (debug.warningEnabled()) {
}
}
if (debug.messageEnabled()) {
}
} else {
try {
} catch (SecurityException ex) {
if (debug.warningEnabled()) {
"createMBeanServer permission error: " +
ex.getMessage());
}
return MON_MBEANSRVR_PROBLEM;
} catch (JMRuntimeException ex) {
if (debug.warningEnabled()) {
"createMBeanServer JMRuntime error: " +
ex.getMessage());
}
return MON_MBEANSRVR_PROBLEM;
} catch (ClassCastException ex) {
if (debug.warningEnabled()) {
"createMBeanServer ClassCast error: " +
ex.getMessage());
}
return MON_MBEANSRVR_PROBLEM;
}
}
if (debug.warningEnabled()) {
}
return MON_MBEANSRVR_PROBLEM;
}
// Create the MIB II (RFC 1213), add to the MBean server.
try {
new ObjectName("snmp:class=SUN_OPENSSO_SERVER_MIB");
new ObjectName("snmp:class=FORGEROCK_OPENAM_CTS_MIB");
if (debug.messageEnabled()) {
"Adding SUN_OPENSSO_SERVER_MIB to MBean server " +
"Adding FORGEROCK_OPENAM_CTS_MIB to MBean server " +
}
} catch (MalformedObjectNameException ex) {
// from ObjectName
if (debug.warningEnabled()) {
"Error getting ObjectName for the MIB: " +
ex.getMessage());
}
return MON_CREATEMIB_PROBLEM;
}
// Create an instance of the customized MIB
try {
sunMib = new SUN_OPENSSO_SERVER_MIBImpl();
} catch (RuntimeException ex) {
return MON_CREATEMIB_PROBLEM;
return MON_CREATEMIB_PROBLEM;
}
try {
} catch (RuntimeOperationsException ex) {
// from registerMBean
if (debug.warningEnabled()) {
"Null parameter or no object name for MIB specified: " +
ex.getMessage());
}
return MON_CREATEMIB_PROBLEM;
} catch (InstanceAlreadyExistsException ex) {
// from registerMBean
if (debug.warningEnabled()) {
"Error registering MIB MBean: " +
ex.getMessage());
}
// probably can just continue
} catch (MBeanRegistrationException ex) {
// from registerMBean
if (debug.warningEnabled()) {
"Error registering MIB MBean: " +
ex.getMessage());
}
return MON_CREATEMIB_PROBLEM;
} catch (NotCompliantMBeanException ex) {
// from registerMBean
if (debug.warningEnabled()) {
"Error registering MIB MBean: " +
ex.getMessage());
}
return MON_CREATEMIB_PROBLEM;
}
/*
* now that we have the MBeanServer, see if the HTML,
* SNMP and RMI adaptors specified will start up
*/
boolean monHTMLStarted = false;
boolean monSNMPStarted = false;
boolean monRMIStarted = false;
// HTML port adaptor
if (monHtmlPortEnabled) {
// Create and start the HTML adaptor.
try {
":class=HtmlAdaptorServer,protocol=html,port=" +
if (debug.messageEnabled()) {
"Adding HTML adaptor to MBean server with name '" +
htmlObjName + "'\n " +
"HTML adaptor is bound on TCP port " + monHtmlPort);
}
int i = 0;
i++;
}
} else {
if (debug.warningEnabled()) {
"HTML monitoring interface disabled; no " +
"authentication file found");
}
htmlAdaptor = null;
}
if (htmlAdaptor == null) {
if (debug.warningEnabled()) {
monHtmlPort + " unavailable or invalid. " +
"Monitoring HTML adaptor not started.");
}
} else {
monHTMLStarted = true;
}
} catch (MalformedObjectNameException ex) {
// from ObjectName
if (debug.warningEnabled()) {
"Error getting ObjectName for HTML adaptor: " +
ex.getMessage());
}
} catch (NullPointerException ex) {
// from ObjectName
"NPE getting ObjectName for HTML adaptor", ex);
if (debug.warningEnabled()) {
"NPE getting ObjectName for HTML adaptor: " +
ex.getMessage());
}
} catch (InstanceAlreadyExistsException ex) {
// from registerMBean
if (debug.warningEnabled()) {
"Error registering HTML adaptor MBean: " +
ex.getMessage());
}
} catch (MBeanRegistrationException ex) {
// from registerMBean
if (debug.warningEnabled()) {
"Error registering HTML adaptor MBean: " +
ex.getMessage());
}
} catch (NotCompliantMBeanException ex) {
// from registerMBean
if (debug.warningEnabled()) {
"Error registering HTML adaptor MBean: " +
ex.getMessage());
}
}
} else {
"Monitoring HTML port not enabled in configuration.");
}
// SNMP port adaptor
if (monSnmpPortEnabled) {
// SNMP specific code:
/*
* Create and start the SNMP adaptor.
* Specify the port to use in the constructor.
* The standard port for SNMP is 161.
*/
try {
":class=SnmpAdaptorServer,protocol=snmp,port=" +
if (debug.messageEnabled()) {
"Adding SNMP adaptor to MBean server with name '" +
snmpObjName + "'\n " +
"SNMP Adaptor is bound on UDP port " + monSnmpPort);
}
if (snmpAdaptor == null) {
if (debug.warningEnabled()) {
"Unable to get SNMP adaptor.");
}
} else {
/*
* Send a coldStart SNMP Trap.
* Use port = monSnmpPort+1.
*/
if (debug.messageEnabled()) {
"Sending a coldStart SNMP trap to each " +
"destination defined in the ACL file...");
}
if (debug.messageEnabled()) {
}
/*
* Bind the SNMP adaptor to the MIB in order to make the
* MIB accessible through the SNMP protocol adaptor.
* If this step is not performed, the MIB will still live
* in the Java DMK agent:
* its objects will be addressable through HTML but not
* SNMP.
*/
monSNMPStarted = true;
}
if (debug.warningEnabled()) {
"Error while setting up SNMP adaptor " +
ex.getMessage());
}
// should be from the snmpV1Trap call, which
//*shouldn't* affect the rest of snmp operations...
monSNMPStarted = true;
}
}
} else {
"Monitoring SNMP port not enabled.");
}
// RMI port adaptor
if (monRmiPortEnabled) {
// Create an RMI connector and start it
try {
monRmiPort + "/server");
monRMIStarted = true;
// /*
// * Create a LinkTrapGenerator.
// * Specify the ifIndex to use in the object name.
// */
// String trapGeneratorClass = "LinkTrapGenerator";
// int ifIndex = 1;
// trapGeneratorObjName = new ObjectName("trapGenerator" +
// ":class=LinkTrapGenerator,ifIndex=" + ifIndex);
// if (debug.messageEnabled()) {
// debug.message(classMethod +
// "Adding LinkTrapGenerator to MBean server " +
// "with name '" +
// trapGeneratorObjName + "'");
// }
//
// LinkTrapGenerator trapGenerator =
// new LinkTrapGenerator(nbTraps);
// server.registerMBean(trapGenerator, trapGeneratorObjName);
//
} catch (MalformedURLException ex) {
/*
* from JMXServiceURL or
* JMXConnectorServerFactory.JMXConnectorServer
*/
if (debug.warningEnabled()) {
"Error getting JMXServiceURL or JMXConnectorServer " +
}
} catch (NullPointerException ex) {
/*
* from JMXServiceURL or
* JMXConnectorServerFactory.JMXConnectorServer
*/
if (debug.warningEnabled()) {
"Error getting JMXServiceURL or JMXConnectorServer " +
}
} catch (IOException ex) {
/*
* from JMXConnectorServerFactory.JMXConnectorServer or
* JMXConnectorServer.start
*/
if (debug.warningEnabled()) {
"Error getting JMXConnectorServer for, or starting " +
}
} catch (IllegalStateException ex) {
// from JMXConnectorServer.start
if (debug.warningEnabled()) {
"Illegal State Error from JMXConnectorServer for " +
}
/*
* compiler says that JMXProviderException and
* NullPointerException already caught
*/
"Error starting RMI: executing rmiregistry " +
}
} else {
}
/*
* the HTML and SNMP adaptors may or may not be started,
* but if the RMI connector had a problem, monitoring is
* non-functional, as the opensso MIB didn't get registered.
*/
"No Monitoring interfaces started; monitoring disabled.");
return MON_RMICONNECTOR_PROBLEM;
} else {
agentStarted = true; // if all/enough has gone well
return 0;
}
}
/**
* Return whether agent is "running" or not
* Monitoring implementations should not call this method directly, but
* instead, they should call {@link MonitoringUtil#isRunning()}.
*/
protected static boolean isRunning() {
return agentStarted;
}
/**
* Return the pointer to the authentication service mbean
*/
public static SsoServerAuthSvcImpl getAuthSvcMBean() {
}
public static SsoServerConnPoolSvcImpl getConnPoolSvcMBean() {
}
/**
* Return the pointer to the session service mbean
*/
public static SsoServerSessSvcImpl getSessSvcMBean() {
}
/**
* Return the pointer to the logging service mbean
*/
public static SsoServerLoggingSvcImpl getLoggingSvcMBean() {
}
/**
* Return the pointer to the policy service mbean
*/
public static SsoServerPolicySvcImpl getPolicySvcMBean() {
}
/**
* Return the pointer to the IdRepo service mbean
*/
public static SsoServerIdRepoSvcImpl getIdrepoSvcMBean() {
}
/**
* Return the pointer to the service service mbean
*/
public static SsoServerSvcMgmtSvcImpl getSmSvcMBean() {
}
/**
* Return the pointer to the SAML1 service mbean
*/
public static SsoServerSAML1SvcImpl getSaml1SvcMBean() {
}
/**
* Return the pointer to the SAML2 service mbean
*/
public static SsoServerSAML2SvcImpl getSaml2SvcMBean() {
}
/**
* Return the pointer to the IDFF service mbean
*/
public static SsoServerIDFFSvcImpl getIdffSvcMBean() {
}
/**
* Return the pointer to the Topology mbean
*/
public static SsoServerTopologyImpl getTopologyMBean() {
}
/**
* Return the pointer to the CTSMonitor mbean
*/
public static CtsMonitoringImpl getCtsMonitoringMBean() {
}
/**
* Return the pointer to the Server Instance mbean
*/
public static SsoServerInstanceImpl getSvrInstanceMBean() {
}
/**
* Return the pointer to the Fed COTs mbean
*/
public static SsoServerFedCOTsImpl getFedCOTsMBean() {
}
/**
* Return the pointer to the Federation Entities mbean
*/
public static SsoServerFedEntitiesImpl getFedEntsMBean() {
}
/**
* Return the pointer to the Entitlements Service mbean
*/
public static SsoServerEntitlementSvcImpl getEntitlementsGroup() {
}
public static String getSsoProtocol() {
if (agentSvrInfo != null) {
return agentSvrInfo.serverProtocol;
} else {
return null;
}
}
public static String getSsoName() {
if (agentSvrInfo != null) {
return agentSvrInfo.serverName;
} else {
return null;
}
}
public static String getSsoPort() {
if (agentSvrInfo != null) {
return agentSvrInfo.serverPort;
} else {
return null;
}
}
if (agentSvrInfo != null) {
return agentSvrInfo.serverURI;
} else {
return null;
}
}
public static String getSsoSvrID() {
if (agentSvrInfo != null) {
return agentSvrInfo.serverID;
} else {
return null;
}
}
if (agentSvrInfo != null) {
return agentSvrInfo.siteIDTable;
} else {
return null;
}
}
if (agentSvrInfo != null) {
return agentSvrInfo.serverIDTable;
} else {
return null;
}
}
if (agentSvrInfo != null) {
return agentSvrInfo.namingTable;
} else {
return null;
}
}
return siteToURL;
}
return URLToSite;
}
public static boolean getDsIsEmbedded() {
return dsIsEmbedded;
}
public static String getStartDate() {
return startDate;
}
if (agentSvrInfo != null) {
return agentSvrInfo.siteID;
} else {
return null;
}
}
/**
* receive Set of site names
* @param sNames site name -> primary URL
* @param urlSites is opposite... primary URL -> site name
*/
if (debug.messageEnabled()) {
}
return;
}
if (debug.messageEnabled()) {
}
}
/*
* with the urlSites map (url => sitename), can do the
* SsoServerSitesEntryImpl entries
* where the key==value in siteIdTable is a site
*
* where the key!=value, then do the sitemap entries
*/
int i = 1;
try {
} catch (NumberFormatException nfe) {
}
if (debug.messageEnabled()) {
", svrURL = " + svrURL);
}
final ObjectName stName =
"Error creating object for siteName '" + siteName +
"'");
continue;
}
try {
}
}
} else { // is a server
try {
} catch (NumberFormatException nfe) {
continue;
}
final ObjectName smName =
"Error creating object for server siteName '" +
siteName + "'");
continue;
}
if (debug.messageEnabled()) {
"doing servermap entry; sitemapid = " + svrId +
}
try {
}
}
}
}
if (debug.messageEnabled()) {
}
}
/**
* receive ordered list of realms
*/
/*
* no realm "service", so have to create the
* realm table here.
*/
new StringBuilder("receiving list of realms (size = ");
try {
} catch (SnmpStatusException ex) {
return -1;
}
}
int realmsAdded = 0;
ss + "'");
continue;
}
/*
* each realm gets a realm-to-index, index-to-realm,
* realm-to-DN and DN-to-realm map entry
*/
try {
}
} catch (JMException ex) {
} catch (SnmpStatusException ex) {
}
realmsAdded++;
}
/*
* could have used TableSsoServerRealmTable.getEntries(),
* but that's a little more complicated than just counting
* entries as they're successfully added here.
*/
if (realmsAdded == 0) {
return -2;
}
if (debug.messageEnabled()) {
}
/*
* create the Entitlements MBeans for this realm as specified by Ii.
* the Network Monitors are not per-real. the set list is in
* MonitoringUtil.java (getNetworkMonitorNames()).
* the Policy Stats are realm-based.
*/
try {
ssi.
server);
"Error creating object for Entitlements " +
continue;
}
try {
}
} catch (JMException ex) {
"on Entitlements Network Monitor '" +
} catch (SnmpStatusException ex) {
"on Entitlements Network Monitor '" +
}
}
} catch (SnmpStatusException ex) {
"Can't get Network Monitor Table: " +
ex.getMessage());
}
// now the realm-based policy stats
try {
ssi.
server);
"Error creating object for Entitlements " +
continue;
}
try {
}
} catch (JMException ex) {
"on Entitlements Policy Stats '" +
} catch (SnmpStatusException ex) {
"on Entitlements Policy Stats '" +
}
}
} catch (SnmpStatusException ex) {
"getting Entitlements Policy Stats table: ", ex);
}
}
} else {
"Entitlement NetworkMonitor list empty.");
}
if (debug.messageEnabled()) {
}
return 0;
}
/**
* process configuration for a realm
*/
if (realmIndex == null) {
" in realm2Index map");
return -1;
}
try {
} catch (SnmpStatusException ex) {
return -2;
}
}
if (debug.messageEnabled()) {
}
/*
* auth module table entries have realm index, and auth module index
*/
int i = 1;
if (debug.messageEnabled()) {
}
"Error creating object for auth module name '" +
continue;
}
try {
}
/* is a Map of realm/authmodule to index needed? */
// aei is this module's SsoServerAuthModulesEntryImpl instance
} catch (JMException ex) {
} catch (SnmpStatusException ex) {
}
}
// if no realm info added because mbean not created...
if (realmAuthInst.isEmpty()) {
return -3;
}
if (debug.messageEnabled()) {
}
return 0;
}
/**
* process realm's Agents (only)
*
* the HashMap of attributes/values:
* CLIConstants.ATTR_NAME_AGENT_TYPE
* type is extracted from the set; can be:
* J2EEAgent, WSPAgent, WSCAgent, 2.2_Agent
* WSPAgent, STSAgent, WebAgent, DiscoveryAgent
* don't do "SharedAgent" (authenticators)
*
* J2EEAgent should have:
* "com.sun.identity.agents.config.login.url"
* "com.sun.identity.client.notification.url"
* "groupmembership"
* WSPAgent should have:
* "wspendpoint"
* "wspproxyendpoint"
* "groupmembership"
* WSCAgent should have:
* "wspendpoint"
* "wspproxyendpoint"
* "groupmembership"
* STSAgent should have:
* "stsendpoint"
* "groupmembership"
* WebAgent should have:
* "com.sun.identity.agents.config.agenturi.prefix"
* "com.sun.identity.agents.config.login.url"
* "groupmembership"
* DiscoveryAgent should have:
* "discoveryendpoint"
* "authnserviceendpoint"
* "groupmembership"
* 2.2_Agent should have:
* "groupmembership"
*/
if (debug.messageEnabled()) {
realm);
}
return;
}
/*
* get the tables
*/
try {
} catch (SnmpStatusException ex) {
return; // can't do anything without the tables
}
}
try {
} catch (SnmpStatusException ex) {
return; // can't do anything without the tables
}
}
if (debug.messageEnabled()) {
}
/*
* if the realm isn't in the table, there's not much point
* in doing the rest
*/
realm);
return;
}
// group and agent name can't have ":" in it, or jdmk gags
} else {
}
if (debug.messageEnabled()) {
}
"com.sun.identity.agents.config.agenturi.prefix");
"Error creating object for Policy WebAgent '" +
agtname + "'");
continue;
}
try {
}
} catch (JMException ex) {
} catch (SnmpStatusException ex) {
}
"Error creating object for Policy 2.2 Agent '" +
agtname + "'");
continue;
}
try {
}
} catch (JMException ex) {
} catch (SnmpStatusException ex) {
}
}
"Error creating object for Policy J2EE Agent '" +
agtname + "'");
continue;
}
try {
}
} catch (JMException ex) {
} catch (SnmpStatusException ex) {
}
}
}
}
// no entry for group membership...
"Error creating object for Policy WSP Agent '" +
agtname + "'");
continue;
}
try {
}
} else {
", realm = " + realm);
}
} catch (JMException ex) {
} catch (SnmpStatusException ex) {
}
}
}
}
// no entry for group membership...
"Error creating object for Policy WSC Agent '" +
agtname + "'");
continue;
}
try {
}
} catch (JMException ex) {
} catch (SnmpStatusException ex) {
}
// no entry for group membership...
"Error creating object for Policy STS Agent '" +
agtname + "'");
continue;
}
try {
}
} catch (JMException ex) {
} catch (SnmpStatusException ex) {
}
}
}
// no entry for group membership...
"Error creating object for Policy Discovery Agent '" +
agtname + "'");
continue;
}
try {
}
} catch (JMException ex) {
} catch (SnmpStatusException ex) {
}
// SharedAgent type are agent authenticators
} else {
}
}
if (debug.messageEnabled()) {
}
}
/**
* process realm's Agent Groups
*
* the HashMap of attributes/values:
* CLIConstants.ATTR_NAME_AGENT_TYPE
* type is extracted from the set; can be:
* STSAgent, WSPAgent, WSCAgent, WebAgent
* J2EEAgent, DiscoveryAgent
* don't do "SharedAgent" (authenticators)
* WSPAgent should have:
* "wspendpoint"
* "wspproxyendpoint"
* WSCAgent should have:
* "wspendpoint"
* "wspproxyendpoint"
* WebAgent should have:
* "com.sun.identity.agents.config.agenturi.prefix"
* "com.sun.identity.agents.config.login.url"
* J2EEAgents should have:
* "com.sun.identity.agents.config.login.url"
* "com.sun.identity.client.notification.url"
* DiscoveryAgent should have:
* "discoveryendpoint"
* "authnserviceendpoint"
* STSAgent should have:
* "stsendpoint"
* 2.2_Agent
* no groups
*/
if (debug.messageEnabled()) {
realm);
}
return;
}
/*
* only doing the J2EEAgent and WebAgent Groups
* for now.
*/
try {
} catch (SnmpStatusException ex) {
"getting Agent Groups tables: ", ex);
return; // can't do anything without the tables
}
}
try {
} catch (SnmpStatusException ex) {
"getting WSS Agent Groups tables: ", ex);
return; // can't do anything without the tables
}
}
if (debug.messageEnabled()) {
}
/*
* if the realm isn't in the table, there's not much point
* in doing the rest
*/
realm);
return;
}
if (debug.messageEnabled()) {
}
continue; // no table to put it into
}
"Error creating object for Policy Web Agent Group '" +
agtname + "'");
continue;
}
try {
}
} catch (JMException ex) {
} catch (SnmpStatusException ex) {
}
continue; // no table to put it into
}
"Error creating object for Policy J2EE Agent Group '" +
agtname + "'");
continue;
}
try {
}
} catch (JMException ex) {
} catch (SnmpStatusException ex) {
}
continue; // no table to put it into
}
}
}
server);
"Error creating object for Policy WSP Agent Group '" +
agtname + "'");
continue;
}
try {
}
} catch (JMException ex) {
} catch (SnmpStatusException ex) {
}
continue; // no table to put it into
}
}
}
server);
"Error creating object for Policy WSC Agent Group '" +
agtname + "'");
continue;
}
try {
}
} catch (JMException ex) {
} catch (SnmpStatusException ex) {
}
continue; // no table to put it into
}
}
server);
"Error creating object for Policy STS Agent Group '" +
agtname + "'");
continue;
}
try {
}
} catch (JMException ex) {
} catch (SnmpStatusException ex) {
}
continue; // no table to put it into
}
}
}
server);
"Error creating object for Policy Discovery Agent " +
continue;
}
try {
}
} catch (JMException ex) {
} catch (SnmpStatusException ex) {
}
} else {
}
}
if (debug.messageEnabled()) {
}
}
/**
* process saml1.x trusted partners (global)
*/
boolean skipSAML1EndPoints = true; // until instrumentation done
if (debug.messageEnabled()) {
append("\n");
}
return -1;
}
for (int i = 0; i < sz; i++) {
if (debug.messageEnabled()) {
}
try {
} catch (SnmpStatusException ex) {
"getting SAML1 trusted partner table: ", ex);
return -2; // can't do anything without the table
}
}
return -2; // can't do anything without the table
}
"Error creating object for SAML1 Trusted Partner '" +
pName + "'");
continue;
}
try {
}
} catch (JMException ex) {
} catch (SnmpStatusException ex) {
}
}
if (debug.messageEnabled()) {
}
/*
* while we're here, setup the
* SAML1 Cache table (Artifacts and Assertions)
* SAML1 Endpoints for SOAPReceiver, POSTProfile,
*/
// assertions
try {
} catch (SnmpStatusException ex) {
}
}
"Error creating object for SAML1 Assertion Cache");
} else {
try {
}
} catch (JMException ex) {
} catch (SnmpStatusException ex) {
}
}
// artifacts
"Error creating object for SAML1 Artifact Cache");
} else {
try {
}
} catch (JMException ex) {
ex.getMessage());
} catch (SnmpStatusException ex) {
ex.getMessage());
}
}
}
// SOAPReceiver endpoint
if (!skipSAML1EndPoints) {
try {
} catch (SnmpStatusException ex) {
"getting SAML1 EndPoint table: ", ex);
}
}
"Error creating object for SAML1 SOAPReceiver_EndPoint");
} else {
try {
}
} catch (JMException ex) {
"SAML1 SOAPReceiver EndPoint table: " +
ex.getMessage());
} catch (SnmpStatusException ex) {
"SAML1 SOAPReceiver EndPoint table: " +
ex.getMessage());
}
}
// POSTProfile table
"Error creating object for SAML1 POSTProfile_EndPoint");
} else {
try {
}
} catch (JMException ex) {
"SAML1 POSTProfile EndPoint table: " +
ex.getMessage());
} catch (SnmpStatusException ex) {
"SAML1 POSTProfile EndPoint table: " +
ex.getMessage());
}
}
// SAMLAware/ArtifactProfile table
"Error creating object for SAML1 SAMLAware_EndPoint");
} else {
try {
}
} catch (JMException ex) {
"SAML1 SAMLAware/ArtifactProfile EndPoint table: " +
ex.getMessage());
} catch (SnmpStatusException ex) {
"SAML1 SAMLAware/ArtifactProfile EndPoint table: " +
ex.getMessage());
}
}
}
} // if (!skipSAML1EndPoints)
if (debug.messageEnabled()) {
}
return 0;
}
{
if (debug.messageEnabled()) {
}
return -1;
}
if (debug.messageEnabled()) {
}
try {
} catch (SnmpStatusException ex) {
"getting fed COTs table: ", ex);
}
int i = 1;
if (debug.messageEnabled()) {
append("\n");
}
continue;
}
try {
}
} catch (JMException ex) {
} catch (SnmpStatusException ex) {
}
}
} else {
if (debug.messageEnabled()) {
}
}
}
/*
* the federation entities all go into the
* SsoServerFedEntitiesTable
*/
try {
} catch (SnmpStatusException ex) {
"getting FederationEntities table: ", ex);
return -1; // can't proceed without the table
}
/*
* the SAML2 entities map:
* entity name -> hashmap of:
* key="location"; value="hosted" or "remote"
* key="roles"; value=some combo of IDP;SP
*/
if (debug.messageEnabled()) {
}
try {
} catch (SnmpStatusException ex) {
return -1; // can't proceed without the tables
}
if (debug.messageEnabled()) {
}
int idpi = 1;
int spi = 1;
"Error creating object for SAML2 Entity '" +
entname + "'");
continue;
}
try {
}
} catch (JMException ex) {
"JMEx adding SAMLv2 entity " +
} catch (SnmpStatusException ex) {
"SnmpEx adding SAMLv2 entity " +
}
/*
* these also need to be added to either (possibly
* both if in both roles?) SAML2's IDP or SP table
*/
{
continue;
}
oname =
try {
}
// sei is this bean's instance
} catch (JMException ex) {
"JMEx adding SAMLv2 IDP entity " +
} catch (SnmpStatusException ex) {
"SnmpEx adding SAMLv2 IDP entity " +
}
}
{
}
{
continue;
}
oname =
try {
}
// sei is this bean's instance
} catch (JMException ex) {
"JMEx adding SAMLv2 SP entity " +
} catch (SnmpStatusException ex) {
"SnmpEx adding SAMLv2 SP entity " +
}
}
if (debug.messageEnabled()) {
}
}
} else {
if (debug.messageEnabled()) {
}
}
/*
* the WSFed entities map:
* entity name -> hashmap of:
* key="location"; value="hosted" or "remote"
* key="roles"; value=some combo of IDP;SP
*/
if (debug.messageEnabled()) {
}
if (debug.messageEnabled()) {
}
"Error creating object for WSFed Entity '" +
entname + "'");
continue;
}
try {
}
} catch (JMException ex) {
} catch (SnmpStatusException ex) {
"SnmpEx adding WSFed entity " +
}
append("\n");
}
} else {
if (debug.messageEnabled()) {
}
}
/*
* the IDFF entities map:
* entity name -> hashmap of:
* key="location"; value="hosted" or "remote"
* key="roles"; value=some combo of IDP;SP
*/
if (debug.messageEnabled()) {
}
if (debug.messageEnabled()) {
}
"Error creating object for IDFF Entity '" +
entname + "'");
continue;
}
try {
}
} catch (JMException ex) {
} catch (SnmpStatusException ex) {
"SnmpEx adding IDFF entity " +
}
if (debug.messageEnabled()) {
}
}
} else {
if (debug.messageEnabled()) {
}
}
} else {
"FederationEntities table is null");
}
/*
* the COT members map:
* cot name -> hashmap of:
* key="SAML"; value=Set of member names
* key="IDFF"; value=Set of member names
* key="WSFed"; value=Set of member names
*/
if (debug.messageEnabled()) {
}
if (debug.messageEnabled()) {
}
int coti = 1;
try {
} catch (SnmpStatusException ex) {
"getting fed COT members table: ", ex);
}
if (debug.messageEnabled()) {
append(", SAML members = ");
}
int mi = 1;
if (debug.messageEnabled()) {
}
server);
"Error creating object for SAMLv2 COT Member '"+
mbm + "'");
continue;
}
try {
}
}
}
} else {
if (debug.messageEnabled()) {
}
}
if (debug.messageEnabled()) {
}
if (debug.messageEnabled()) {
}
server);
"Error creating object for IDFF COT Member '" +
mbm + "'");
continue;
}
try {
}
}
}
} else {
if (debug.messageEnabled()) {
}
}
if (debug.messageEnabled()) {
}
if (debug.messageEnabled()) {
}
server);
"Error creating object for WSFed Member '" +
mbm + "'");
continue;
}
try {
}
}
}
} else {
if (debug.messageEnabled()) {
}
}
}
}
if (debug.messageEnabled()) {
}
/*
* have to do it here?
*/
if (debug.messageEnabled()) {
try {
}
} catch (Exception d) {
"trying to get Directory Server Config");
}
}
"\n dirSSL = " + dirSSL);
}
return 0;
}
}
return str;
}
}
return getEscapedString(ss);
}
}
}
public static SsoServerAuthModulesEntryImpl getAuthModuleEntry (
{
}
public static SSOServerInfo getAgentSvrInfo() {
return agentSvrInfo;
}
public static SsoServerSAML2IDPEntryImpl getSAML2IDPEntry (
{
}
public static SsoServerSAML2SPEntryImpl getSAML2SPEntry (
{
}
public static void setSFOStatus (boolean sfoStatus) {
}
public static boolean getSFOStatus() {
return isSessFOEnabled;
}
public static void setMonitoringDisabled () {
monitoringEnabled = false;
agentStarted = false; // so Agent.isRunning() is false
}
/**
* Main entry point.
* When calling the program, you can specify:
* 1) nb_traps: number of traps the SNMP agent will send.
* If not specified, the agent will send traps continuously.
*/
final MBeanServer server;
final ObjectName htmlObjName;
final ObjectName snmpObjName;
final ObjectName sunMibObjName;
final ObjectName forgerockCtsMibObjName;
final ObjectName trapGeneratorObjName;
int htmlPort = 8082;
int snmpPort = 11161;
// Parse the number of traps to be sent.
//
usage();
try {
if (nbTraps < 0) {
usage();
}
usage();
}
}
try {
} else {
}
// Create and start the HTML adaptor.
//
":class=HtmlAdaptorServer,protocol=html,port=" + htmlPort);
println("Adding HTML adaptor to MBean server with name \n " +
htmlAdaptor.start();
//
// SNMP specific code:
//
// Create and start the SNMP adaptor.
// Specify the port to use in the constructor.
// If you want to use the standard port (161) comment out the
// following line:
// snmpPort = 8085;
//
snmpPort = 11161;
":class=SnmpAdaptorServer,protocol=snmp,port=" + snmpPort);
println("Adding SNMP adaptor to MBean server with name \n " +
snmpAdaptor.start();
// Send a coldStart SNMP Trap.
// Use port = snmpPort+1.
//
print("NOTE: Sending a coldStart SNMP trap" +
" to each destination defined in the ACL file...");
println("Done.");
// Create an RMI connector and start it
try {
new JMXServiceURL(
"Error starting RMI : execute rmiregistry 9999; ex="+ex);
}
// Create the MIB II (RFC 1213) and add it to the MBean server.
//
"Adding SUN_OPENSSO_SERVER_MIB-MIB to MBean server with name" +
"\n " + sunMibObjName);
// Create an instance of the customized MIB
//
"Adding FORGEROCK_OPENAM_CTS_MIB-MIB to MBean server with name" +
"\n " + forgerockCtsMibObjName);
// Bind the SNMP adaptor to the MIB in order to make the MIB
// accessible through the SNMP protocol adaptor.
// If this step is not performed, the MIB will still live in
// the Java DMK agent:
// its objects will be addressable through HTML but not SNMP.
//
// Create a LinkTrapGenerator.
// Specify the ifIndex to use in the object name.
//
int ifIndex = 1;
":class=LinkTrapGenerator,ifIndex=" + ifIndex);
println("Adding LinkTrapGenerator to MBean server with name" +
"\n " + trapGeneratorObjName);
println("\n>> Press <Enter> if you want to start sending traps.");
println(" -or-");
println(">> Press <Ctrl-C> if you want to stop this agent.");
} catch (Exception e) {
e.printStackTrace();
}
}
/**
* Return a reference to the SNMP adaptor server.
*/
public static SnmpAdaptorServer getSnmpAdaptor() {
return snmpAdaptor;
}
/**
* Return usage of the program.
*/
public static void usage() {
println("java Agent <nb_traps>");
println("where");
println(" -nb_traps: " +
"number of traps the SNMP agent will send.");
println(" " +
"If not specified, the agent will send traps continuously.");
}
/**
*/
}
}
}