/**
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
*
* Copyright (c) 2006 Sun Microsystems Inc. All Rights Reserved
*
* The contents of this file are subject to the terms
* of the Common Development and Distribution License
* (the License). You may not use this file except in
* compliance with the License.
*
* You can obtain a copy of the License at
* See the License for the specific language governing
* permission and limitations under the License.
*
* When distributing Covered Code, include this CDDL
* Header Notice in each file and include the License file
* at opensso/legal/CDDLv1.0.txt.
* If applicable, add the following below the CDDL Header,
* with the fields enclosed by brackets [] replaced by
* your own identifying information:
* "Portions Copyrighted [year] [name of copyright owner]"
*
* $Id: DiscoServiceManager.java,v 1.7 2008/08/06 17:28:08 exu Exp $
*
*/
/**
* Portions Copyrighted 2012 ForgeRock Inc
*/
/**
* This is a singleton class. It reads the current values from Discovery
* Service configuration and updates the values by listening to Discovery
* Service configuration events.
*/
// constants used by this class only.
// Don't need to publish them in DiscoConstants.
"sunIdentityServerDiscoveryService";
"sunIdentityServerDiscoProviderID";
"sunIdentityServerDiscoSupportedAuthnMechs";
"sunIdentityServerDiscoSupportedDirectives";
"sunIdentityServerDiscoLookupNeedPolicyEval";
"sunIdentityServerDiscoUpdateNeedPolicyEval";
"sunIdentityServerDiscoAuthorizer";
"sunIdentityServerDiscoEntryHandler";
"sunIdentityServerGlobalDiscoEntryHandler";
"sunIdentityServerDiscoProviderResourceIDMapper";
"sunIdentityServerBootstrappingDiscoEntry";
"sunIdentityServerBootstrappingSessionContext";
"sunIdentityServerBootstrappingEncryptNIinSessionContext";
"sunIdentityServerBootstrappingImpliedResource";
"sunIdentityServerDiscoOptionSecurityResponse";
"sunIdentityServerDiscoNameIdentifierMapper";
private static boolean policyEvalLookup = false;
private static boolean policyEvalUpdate = false;
private static boolean requireSessionContextStmt = false;
private static boolean encryptNI = false;
private static boolean useImpliedRes = false;
private static boolean useRespAuth = false;
private DiscoServiceManager() {
}
static {
try {
setValues();
} catch (ConfigurationException ce) {
} catch (JAXBException jex) {
"get JAXBContext:", jex);
}
}
/**
* This method will be invoked when a component's
* configuration data has been changed. The parameters componentName,
* realm and configName denotes the component name,
* organization and configuration instance name that are changed
* respectively.
*
* @param e Configuration action event, like ADDED, DELETED, MODIFIED etc.
*/
setValues();
}
/**
* Returns the provider ID for Discovery Service. Null would be returned
* if it's not configured in the admin console. During installation, a
* default value will be configured.
* @return provider ID of discovery service.
*/
return selfProviderID;
}
/**
* Returns the Set of <code>SecurityMechID</code>s that the discovery
* service supports. A set of default values will be configured during
* installation time.
* @return Set of <code>SecurityMechID</code>s that the discovery service
* supports.
*/
return authnMechs;
}
/**
* Returns the Set of <code>Directive</code>s that the discovery service
* supports.
* @return Set of <code>Directive</code>s the discovery service supports.
*/
return supportedDirectives;
}
/**
* Returns a boolean value which indicates whether policy evaluation is
* needed for discovery lookup.
* @return true if policy evaluation is needed for discovery lookup; false
* otherwise.
*/
public static boolean needPolicyEvalLookup() {
return policyEvalLookup;
}
/**
* Returns a boolean value which indicates whether policy evaluation is
* needed for discovery update.
* @return true if policy evaluation is needed for discovery update; false
* otherwise.
*/
public static boolean needPolicyEvalUpdate() {
return policyEvalUpdate; }
/**
* Returns the <code>Authorizer</code> specified in the discovery service.
* If no <code>Authorizer</code> is configured, an instance of
* <code>DefaultDiscoAuthorizer</code> will be returned.
* @return Authorizer configured in discovery service.
*/
return authorizer;
}
/**
* Returns the <code>NameIdentifierMapper</code> class specified in the
* discovery service.
* @return instance of <code>NameIdentifierMapper</code> class.
* <code>null</code> if no handler is configured, or unable to
* instantiate the mapper class.
*/
return nameIdMapper;
}
/**
* Returns the <code>DiscoEntryHandler</code> specified in the discovery
* service.
* @return DiscoEntryHandler of the service. <code>null</code> if no
* handler is configured.
*/
return entryHandler;
}
/**
* Returns the glbal <code>DiscoEntryHandler</code> for
* business-to-enterprise (B2E) scenarios. This handler is invoked
* when the resource id is implied.
*/
return globalEntryHandler;
}
/**
* Returns the <code>ResourceIDMapper</code> associated with the providerID.
* @param providerID a provider's ID
* @return ResourceIDMapper associated with providerID. Null will be
* returned if <code>providerID</code> is null, or couldn't find the
* matching <code>ResourceIDMapper</code> in the configuration. Caller
* could call <code>DiscoServiceManager.getDefaultResourceIDMapper()</code>
* to obtain the default <code>ResourceIDMapper</code>.
*/
{
return null;
}
}
/**
* Returns the default <code>ResourceIDMapper</code> of the discovery
* service.
* @return ResourceIDMapper of the discovery service.
*/
return new Default64ResourceIDMapper();
}
/**
* Returns the <code>DiscoEntryElement</code> of the discovery service
* configured for bootstrapping. Null will be returned if it's not
* configured. A default value will be configured during installation.
* @return Bootstrapping <code>DiscoEntryElement</code>
*/
try {
} catch (Exception e) {
+ "Exception when creating Disco Resource Offering:",e);
}
} else {
if (debug.messageEnabled()) {
+ "no Discovery Resource Offering specified.");
}
}
return bootDiscoEntry;
}
/**
* Updates discovery service cache.
*/
private static synchronized void setValues() {
try {
// self provider id
// supported security mech id
// supported directives
authorizer = null;
// authorizer
try {
} catch (Exception e) {
if (debug.messageEnabled()) {
+ "Exception when instantiating authorizer. Using "
+ "default Authorizer. Exception", e);
}
}
}
// entry handler
try {
} catch (Exception e) {
if (debug.messageEnabled()) {
+ "Exception when instantiating entry handler:", e);
}
}
}
try {
} catch (Exception e) {
if (debug.messageEnabled()) {
" when instantiating global entry handler:", e);
}
}
}
// Name Identifier Mapper
try {
if (debug.messageEnabled()) {
+ "disco name id mapper=" + niMapperName);
}
} catch (Exception e) {
if (debug.messageEnabled()) {
+ "Exception when instantiating nameid mapper:", e);
}
}
}
// the syntax for each set value is:
// providerid=<providerid>|idmapper=<the class for ResourceIDMapper>
while(stz.hasMoreTokens()) {
int pos = -1;
// ignore the attribute if it doesn't include "="
+ "Values: illegal format for ResourceIDMapper:"
+ token);
break;
}
// ignore the attribute if it is like "providerid="
+ "Values: illegal format of ResourceIDMapper:"
+ token);
break;
}
try {
newInstance();
} catch (Exception e) {
+ ".setValues: couldn't instantiate "
break;
}
} else {
+ "Values: illegal format of ResourceIDMapper:"
+ token);
break;
}
}
+ "Values: Invalid syntax for "
+ "ResourceIDMapper:" + value);
} else {
}
} else {
if (debug.warningEnabled()) {
+ "Values: Invalid syntax for ResourceIDMapper:"
+ value);
}
}
}
}
// disco resource offering for bootstrapping
if (debug.messageEnabled()) {
+ "Context Statement?" + requireSessionContextStmt);
}
if (debug.messageEnabled()) {
+ "Session Context?" + encryptNI);
}
if (debug.messageEnabled()) {
+ "resource?" + useImpliedRes);
}
if (debug.messageEnabled()) {
+ "authentication?" + useRespAuth);
}
} catch (Exception e) {
}
}
private static void tagswapBootDiscoEntry() {
}
/**
* Returns flag used by the IDP to decide if
* <code>SessionContextStatement</code> needs to be generated for discovery
* bootstrapping.
* @return true if <code>SessionContextStatement</code> needs to be
* generated; false otherwise.
*/
public static boolean needSessionContextStatement() {
return requireSessionContextStmt;
}
/**
* Returns flag used by the IDP to decide if <code>NameIdentifier</code> in
* <code>SessionContext</code> needs to be encrypted for discovery
* bootstrapping.
* @return true if <code>NameIdentifier</code> in
* <code>SessionContext</code> needs to be encrypted; false otherwise.
*/
public static boolean encryptNIinSessionContext() {
return encryptNI;
}
/**
* Returns flag used by Discovery Service to decide whether Response
* is always authenticated or not.
* @return true if response authentication is used; false otherwise.
*/
public static boolean useResponseAuthentication() {
return useRespAuth;
}
/**
* implied resource for discovery bootstrapping.
* @return true if implied resource is used; false otherwise.
*/
public static boolean useImpliedResource() {
return useImpliedRes;
}
}