8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Copyright (c) 2006 Sun Microsystems Inc. All Rights Reserved
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * The contents of this file are subject to the terms
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * of the Common Development and Distribution License
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * (the License). You may not use this file except in
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * compliance with the License.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * You can obtain a copy of the License at
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * https://opensso.dev.java.net/public/CDDLv1.0.html or
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * See the License for the specific language governing
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * permission and limitations under the License.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * When distributing Covered Code, include this CDDL
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Header Notice in each file and include the License file
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * If applicable, add the following below the CDDL Header,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * with the fields enclosed by brackets [] replaced by
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * your own identifying information:
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * "Portions Copyrighted [year] [name of copyright owner]"
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * $Id: AuthenticatedAgents.java,v 1.3 2008/06/25 05:43:51 qcheng Exp $
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Portions Copyrighted [2011] [ForgeRock AS]
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport com.sun.identity.policy.interfaces.Subject;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * This subject applies to all users with valid <code>SSOToken</code>.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterpublic class AuthenticatedAgents implements Subject {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster new ValidValues(ValidValues.SUCCESS, Collections.EMPTY_SET);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster SystemProperties.get(Constants.AUTHENTICATION_SPECIAL_USERS,"");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster static Debug debug = Debug.getInstance("AuthAgents");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Default Constructor
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // do nothing
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Initialize the subject. No properties are required for this
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param configParams configurational information
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // do nothing
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Returns the syntax of the subject type.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @see com.sun.identity.policy.Syntax
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param token the <code>SSOToken</code>. Not used for this subject.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @return Syntax for this subject.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Returns an empty list as possible values.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param token the <code>SSOToken</code>
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @return <code>ValidValues</code> object with empty list.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public ValidValues getValidValues(SSOToken token) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Returns an empty list as possible values.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param token the <code>SSOToken</code>
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param pattern the pattern to match in valid values. Ignored for this
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @return <code>ValidValues</code> object with empty list.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public ValidValues getValidValues(SSOToken token, String pattern) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * This method does nothing as there are no values to display for this
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public String getDisplayNameForValue(String value, Locale locale) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // does nothing
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Returns an empty collection as value.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @return an empty set
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * This method does nothing for this subject as there are no values to set
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * for this subject.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // does nothing
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Determines if the agent belongs to the
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * <code>AuthenticatedAgents</code> object.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param token SSOToken of the agent
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @return <code>true</code> if the agent SSOToken is valid.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * <code>false</code> otherwise.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @exception SSOException if error occurs while validating the token.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public boolean isMember(SSOToken token) throws SSOException {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster return false;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (!SSOTokenManager.getInstance().isValidToken(token)) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster return false;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster debug.message("AuthenticatedAgents:isMember:idType = " +
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster idType + ", amId.getName() = " + amId.getName());
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (isSpecialUser(token.getPrincipal().getName())) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster return true;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster return false;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster debug.error("AuthenticatedAgents:isMember:IdRepoException:msg = " +
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster return false;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster return true;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Creates and returns a copy of this object.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @return a copy of this object
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster theClone = (AuthenticatedAgents) super.clone();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // this should never happen
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Return a hash code for this <code>AuthenticatedAgents</code>.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @return a hash code for this <code>AuthenticatedAgents</code> object.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster return super.hashCode();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * checks if distinguished user name is a special user (the
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * url access agent, in particular). returns true if so.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster boolean isSpecialUser = false;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster StringTokenizer st = new StringTokenizer(specialUser, "|");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster debug.message("AuthAgents:isSpecial:dn = " + dn);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String specialAdminDN = (String)st.nextToken();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster debug.message("AuthAgents:isSpecial:compare to " +