RestSTSInstanceModule.java revision e6d7ebe1d98f7f030969e521b061f8643253475e
/*
* The contents of this file are subject to the terms of the Common Development and
* Distribution License (the License). You may not use this file except in compliance with the
* License.
*
* You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for the
* specific language governing permission and limitations under the License.
*
* When distributing Covered Software, include this CDDL Header Notice in each file and include
* the License file at legal/CDDLv1.0.txt. If applicable, add the following below the CDDL
* Header, with the fields enclosed by brackets [] replaced by your own identifying
* information: "Portions Copyrighted [year] [name of copyright owner]".
*
* Copyright 2013-2014 ForgeRock AS. All rights reserved.
*/
import org.forgerock.openam.sts.token.validator.wss.disp.OpenIdConnectAuthenticationRequestDispatcher;
import org.forgerock.openam.sts.token.validator.wss.disp.UsernameTokenAuthenticationRequestDispatcher;
/**
* This class defines all of the bindings for an instance of the REST-STS. The RestSTSInstanceConfig instance
* passed to its ctor defines all of the state necessary to bind the elements necessary for a full REST-STS object
* graph.
*/
public class RestSTSInstanceModule extends AbstractModule {
private final RestSTSInstanceConfig stsInstanceConfig;
this.stsInstanceConfig = stsInstanceConfig;
}
public void configure() {
/*
we want only one instance of the TokenStore shared among all token operations
Perhaps this should be a provider - i.e. to leverage the ctor that takes a bus instance? TODO:
*/
// bind(AMTokenCache.class).to(AMTokenCacheImpl.class).in(Scopes.SINGLETON);
bind(AuthenticationUriProvider.class)
.to(AuthenticationUriProviderImpl.class);
/*
bind the class that can issue XML Element instances encapsulating an OpenAM session Id.
Needed by the AMTokenProvider.
*/
bind(new TypeLiteral<XmlMarshaller<OpenAMSessionToken>>(){}).to(OpenAMSessionTokenMarshaller.class);
bind(new TypeLiteral<XmlMarshaller<OpenIdConnectIdToken>>(){}).to(OpenIdConnectIdTokenMarshaller.class);
bind(new TypeLiteral<JsonMarshaller<OpenIdConnectIdToken>>(){}).to(OpenIdConnectIdTokenMarshaller.class);
}).to(RestSTSInstanceConfigPersister.class);
}
/**
* This method will provide the instance of the STSPropertiesMBean necessary both for the STS proper, and for the
* CXF interceptor-set which enforces the SecurityPolicy bindings.
*
* It should be a singleton because this same instance is shared by all of the token operation instances, as well as
* by the CXF interceptor-set
*/
stsProperties.setCallbackHandler(new STSCallbackHandler(stsInstanceConfig.getKeystoreConfig(), logger));
try {
} catch (WSSecurityException e) {
throw new IllegalStateException(message);
}
return stsProperties;
}
private Properties getEncryptionProperties() {
"org.apache.ws.security.crypto.provider", "org.apache.ws.security.components.crypto.Merlin"
);
try {
keystorePassword = new String(stsInstanceConfig.getKeystoreConfig().getKeystorePassword(), AMSTSConstants.UTF_8_CHARSET_ID);
} catch (UnsupportedEncodingException e) {
throw new RuntimeException("Unsupported string encoding for keystore password: " + e);
}
properties.put("org.apache.ws.security.crypto.merlin.keystore.file", stsInstanceConfig.getKeystoreConfig().getKeystoreFileName());
return properties;
}
/*
Provides the WSSUsernameTokenValidator provider to the TokenOperationProviderImpl
*/
}
/*
Provides the AMTokenProvider Provider to issue AMTokens.
*/
}
/*
Bindings below required by the STSAuthenticationUriProviderImpl - necessary to construct the URI for the REST authn call.
*/
}
return stsInstanceConfig.getAMDeploymentUrl();
}
return stsInstanceConfig.getAMRestAuthNUriElement();
}
return stsInstanceConfig.getAMRestLogoutUriElement();
}
}
}
return stsInstanceConfig.getAMSessionCookieName();
}
}
}
String getJsonRoot() {
return stsInstanceConfig.getJsonRestBase();
}
}
/*
Allows for a custom AuthnContextMapper to be plugged-in. This AuthnContextMapper provides a
SAML2 AuthnContext class ref value given an input token and input token type.
*/
String customMapperClassName = SystemPropertiesManager.get(AMSTSConstants.CUSTOM_STS_AUTHN_CONTEXT_MAPPER_PROPERTY);
if (customMapperClassName == null) {
return new AuthnContextMapperImpl(logger);
} else {
try {
} catch (Exception e) {
logger.error("Exception caught implementing custom AuthnContextMapper class " + customMapperClassName
+ "; Returning default AuthnContextMapperImpl. The exception: " + e);
return new AuthnContextMapperImpl(logger);
}
}
}
Logger getSlf4jLogger() {
}
}