/*
* The contents of this file are subject to the terms of the Common Development and
* Distribution License (the License). You may not use this file except in compliance with the
* License.
*
* You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for the
* specific language governing permission and limitations under the License.
*
* When distributing Covered Software, include this CDDL Header Notice in each file and include
* the License file at legal/CDDLv1.0.txt. If applicable, add the following below the CDDL
* Header, with the fields enclosed by brackets [] replaced by your own identifying
* information: "Portions Copyrighted [year] [name of copyright owner]".
*
* Copyright 2014-2015 ForgeRock AS.
*/
/**
* Defines the guice bindings needed by the soap-sts 'framework' - i.e. the elements need to exposed published soap-sts
* instances as web-services. Also defines bindings common to all soap-sts instances - i.e. version strings, and rest target
* endpoints. It is a PrivateModule as the Guice Injector created for each soap-sts instance will be a child of the Injector
* created by this module, and only some of the global bindings should be exposed to the child Injector.
*/
/*
Note that the correspondence between these values and the properties defined in config.properties must be maintained,
as the Names.bindProperties(binder(), properties) call will automatically bind the property values in the properties
file with @Named annotations corresponding to the keys - and the values defined below are used in the @Named annotations
governing these bindings.
*/
//Note that the PrincipalFromSessionImpl expects the OpenAM Server url to be bound under the AMSTSConstants.AM_DEPLOYMENT_URL.
//If the key in the config store changes, then this mismatch must be managed manually.
public static final String AM_SESSION_COOKIE_NAME_PROPERTY_KEY = AMSTSConstants.AM_SESSION_COOKIE_NAME;
protected void configure() {
bind(SoapSTSInstanceLifecycleManager.class).to(SoapSTSInstanceLifecycleManagerImpl.class).in(Scopes.SINGLETON);
bind(HttpURLConnectionWrapperFactory.class);
expose(HttpURLConnectionFactory.class);
// Expose to injectors creating soap-sts instances, as each require access tokens to consume the TGS.
expose(SoapSTSAccessTokenProvider.class);
expose(UrlConstituentCatenator.class);
// Expose as the STSBroker needs to reference this class to kick off the soap-sts bootstrap process.
expose(SoapSTSLifecycle.class);
bind(SoapSTSAgentCredentialsAccess.class).to(SoapSTSAgentCredentialsAccessImpl.class).in(Scopes.SINGLETON);
try {
} catch (Exception e) {
throw new IllegalStateException("Could not load the /config.properties for the soap-sts: " + e, e);
}
/*
Expose the session cookie name, as this will be required by the instance module for the various rest authN
and TGS consumers. Note that these consumers have a dependency on a string @Named AMSTSConstants.AM_SESSION_COOKIE_NAME.
If the name in the soap sts property file changes - i.e. if the SoapSTSModule.AM_SESSION_COOKIE_PROPERTY_NAME_KEY changes
from the current value of AMSTSConstants.AM_SESSION_COOKIE_NAME, then the SoapSTSInstanceModule will need a
@Provides method which will reference SoapSTSModule.AM_SESSION_COOKIE_NAME_PROPERTY via the SoapSTSInjectorHolder
to provide the dependency on a string @Named AMSTSConstants.AM_SESSION_COOKIE_NAME via the
SoapSTSModule.AM_SESSION_COOKIE_NAME_PROPERTY_KEY value.
*/
/*
Bind the InterceptorProvider which will provide the Interceptor instances to handle any soap-sts invocations
protected by the OpenAMSessionToken binding. Needed by the SoapSTSLifecycleImpl, to register the custom
OpenAMServerToken Interceptors with cxf.
*/
/*
Bind the dependencies of the OpenAMSessionTokenServerInterceptorProvider - PrincipalFromSession and the
ThreadLocalTokenCache. Expose the ThreadLocalAMTokenCache, and PrincipalFromSession, as these classes will be
needed by the injectors corresponding to soap-sts instances.
*/
expose(ThreadLocalAMTokenCache.class);
expose(PrincipalFromSession.class);
expose(AuditEventPublisher.class);
install(new FactoryModuleBuilder().implement(Auditor.class, Auditor.class).build(AuditorFactory.class));
expose(AuditorFactory.class);
expose(TimeService.class);
}
return Executors.newSingleThreadScheduledExecutor();
}
try {
final KeyStore soapSTSKeystore = KeyStore.getInstance(SharedSTSConstants.AM_INTERNAL_SOAP_STS_KEYSTORE_TYPE);
soapSTSKeystore.load(getClass().getResourceAsStream("/" + SharedSTSConstants.AM_INTERNAL_SOAP_STS_KEYSTORE),
return soapSTSKeystore;
throw new IllegalStateException("Could not initialize soap-sts internal keystore. A JCEKS keystore with name "
+ SharedSTSConstants.AM_INTERNAL_SOAP_STS_KEYSTORE + " must be in the WEB-INF/classes directory of " +
"the soap-sts .war. Exception: " + e);
}
}
/*
The following 6 methods provide the String constants corresponding to relatively static values relating to
consumption of the OpenAM rest context. This information is necessary for the STS instances to consume this
context, and is the single point where these values need to be changed.
*/
return "/authenticate";
}
return "/sessions/?_action=logout";
}
return "/users/?_action=idFromSession";
}
return "/sts-tokengen";
}
return "sts-publish/soap";
}
return "/json";
}
return "/agents";
}
return "/global-audit/access/?_action=create";
}
return urlConstituentCatenator.catenateUrlConstituents(openamUrl, jsonRoot, auditServiceUriElement);
}
return "protocol=1.0, resource=1.1";
}
return "protocol=1.0, resource=2.0";
}
return "protocol=1.0, resource=1.0";
}
return "protocol=1.0, resource=2.0";
}
return "protocol=1.0, resource=1.0";
}
return "protocol=1.0, resource=2.0";
}
return "protocol=1.0, resource=1.0";
}
}
}