AMAuthConfigUtils.java revision f61b30b8e8804b30f7e3c4eb122d6d908ae42d53
/**
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
*
* Copyright (c) 2005 Sun Microsystems Inc. All Rights Reserved
*
* The contents of this file are subject to the terms
* of the Common Development and Distribution License
* (the License). You may not use this file except in
* compliance with the License.
*
* You can obtain a copy of the License at
* See the License for the specific language governing
* permission and limitations under the License.
*
* When distributing Covered Code, include this CDDL
* Header Notice in each file and include the License file
* at opensso/legal/CDDLv1.0.txt.
* If applicable, add the following below the CDDL Header,
* with the fields enclosed by brackets [] replaced by
* your own identifying information:
* "Portions Copyrighted [year] [name of copyright owner]"
*
* $Id: AMAuthConfigUtils.java,v 1.5 2008/06/25 05:41:51 qcheng Exp $
*
* Portions Copyrighted 2011-2015 ForgeRock AS.
*/
/**
* Authentication Configuration Utility.
*/
public class AMAuthConfigUtils {
private static final String AUTH_MODULES_ATTR =
"iplanet-am-auth-allowed-modules";
private static final String AUTH_AUTHENTICATOR_ATTR =
"iplanet-am-auth-authenticators";
private static final String APPLICATION_CLASS_NAME =
"com.sun.identity.authentication.modules.application.Application";
/**
* Parses the string value for the authentication configuration
* based on the attribute DTD and return an array of
* <code>AppConfigurationEntry</code> which could be used to retrieve
* module name, flag and options. Empty array of
* <code>AppConfigurationEntry</code> will be returned if the XML value
* could not be parsed.
*
* @param xmlValue XML string value for the authentication configuration.
* @return Array of <code>AppConfigurationEntry</code> each contains module
* name, flag and options.
*/
if (debug.messageEnabled()) {
"AuthConfigUtil.AppConfigurationEntry, xml=" + xmlValue);
}
// call util method to parse the document
return entries;
}
// get document elements of the documents
// retrieve child elements (<Value>) of the root (<AttributeValuePair>)
// each element corresponding to one AppConfigurationEntry
// new AppConfigurationEntry[] according to children number
// process each child
for (int i = 0; i < number; i++) {
}
return entries;
}
/**
* Processes value of the Auth Configuration.
* The value consists of thress part :
* module_name flag options
*/
if (debug.messageEnabled()) {
}
return null;
}
// construct string tokenizer
if (len < 2) {
return null;
}
// set module & flag
// check control flag
} else {
return null;
}
// process options if any
while (st.hasMoreElements()) {
// process next options
if (k != -1) {
//set.add("Empty");
}
}
}
/**
* Returns the authentication configuration name given the
* <code>AuthContext.IndexType</code> and <code>indexName</code>. The
* authentication configuration name will be used as the
* <code>configName</code> for <code>getAppConfigurationEntry()</code>
* function in <code>AMConfiguration</code>.
*
* @param indexType The <code>AuthContext.IndexType</code>, one of the
* following values:
* <code>AuthContext.IndexType.MODULE_INSTANCE</code>,
* <code>AuthContext.IndexType.SERVICE</code>,
* <code>AuthContext.IndexType.ROLE</code> or
* <code>AuthContext.IndexType.USER </code>.
* @param indexName The corresponding index value for the
* <code>IndexType</code>, for <code>ROLE</code> and
* <code>USER</code>, DNs must be passed in.
* @param organizationDN DN for the login organization.
* @param clientType Client type, example <code>genericHTML</code>.
* @throws AMConfigurationException if <code>indexType</code> is not
* supported.
* @return Corresponding authentication configuration name.
*/
public static String getAuthConfigName(
) throws AMConfigurationException {
}
// Invalid IndexType, throw exception
}
/**
* Returns the authentication configuration name for the organization based
* authentication. The authentication configuration name will be used as
* the <code>configName</code> for <code>getAppConfigurationEntry()</code>.
* function in <code>AMConfiguration</code>.
*
* @param organizationDN DN for the login organization.
* @param clientType
* @return Corresponding authentication configuration name.
*/
public static String getAuthConfigName(
String clientType) {
}
/**
* Converts a List of authentication configuration to XML string
* representation according to following DTD.
* <pre>
* <!-- AttributeValuePair defines the values used to specify
* authentication configuration information. -->
* <!ELEMENT AttributeValuePair (Value*) >
*
* <!-- Value defines one authentication configuration -->
* <!ELEMENT Value (#PCDATA) >
* </pre>
*
* @param configs List of configurations to be processed, each value
* consists of following parts separated by blank space:
* <code>module_name</code> flag <code>option1</code>,
* <code>option2</code>.
* @return XML representation of the configuration .
*/
if (debug.messageEnabled()) {
}
}
}
if (debug.messageEnabled()) {
}
}
/**
* Creates an authentication configuration in
* <code>iPlanetAMAuthConfiguration</code> service. This method will be
* used by console to manage configurations for different services.
*
* @param configName Name of the authentication configuration.
* @param priority Priority of this authentication configuration.
* @param attributeDataMap Map of authentication service attributes.
* @param orgName Organization DN.
* @param token Single sign on token.
* @throws SMSException if failed to store the configuration because
* of SM Exception.
* @throws SSOException if single sign on token is not valid.
* @throws AMConfigurationException if the <code>configName</code> is null.
*/
public static void createNamedConfig(
int priority,
if (debug.messageEnabled()) {
}
// Check if name is valid
}
}
if (authConfig == null) {
}
/*Map map = new HashMap();
Set set = new HashSet();
// construct the xml for value, and add it as value for the map
set.add(convertToXMLString(configs));
map.put(ATTR_NAME, set); */
// add sub config
}
/**
* Replaces an existing authentication configuration defined in
* <code>iPlanetAMAuthConfiguration</code> service. This method will be
* used by console to manage configurations for different services.
*
* @param configName Name of the authentication configuration.
* @param priority Priority of the configuration.
* @param attributeDataMap Map of authentication service attributes.
* @param orgName Organization DN.
* @param token Single sign on token.
* @throws SMSException if failed to set the configuration because
* of SM Exception.
* @throws SSOException if single sign on token is not valid.
* @throws AMConfigurationException if <code>configName</code> is null or
* not defined.
*/
public static void replaceNamedConfig(
int priority,
if (debug.messageEnabled()) {
}
// Check if name is valid
if (configName == null) {
}
// Get the named config node
// service not registered
throw new AMConfigurationException(
bundleName, "service-not-registered");
}
if (namedConfig == null) {
// named configuration not exists
throw new AMConfigurationException(
bundleName, "named-config-not-defined");
}
// configuration does not exist
}
// Construct the named config
/*String configXml = convertToXMLString(configs);
Map attrs = new HashMap();
Set set = new HashSet();
set.add(configXml);
attrs.put(ATTR_NAME, set);*/
// do the replacement in named config
// return the xml string
//return configXml;
}
/**
* Removes an authentication configuration defined in
* <code>iPlanetAMAuthConfiguration</code> service. This method will be
* used by console to manage configurations for different services.
*
* @param configName Name of the authentication configuration.
* @param orgName Organization DN.
* @param token Single Sign On token.
* @throws SMSException if failed to delete the configuration because
* of SM Exception.
* @throws SSOException if single sign on token is not valid.
* @throws AMConfigurationException if <code>configName</code> is null
* or not defined .
*/
public static void removeNamedConfig(
if (debug.messageEnabled()) {
orgName);
}
// Check if name is valid
if (configName == null) {
}
// Get service config for named config node
// service not registered
throw new AMConfigurationException(
bundleName, "service-not-registered");
}
if (namedConfig == null) {
// named configuration not exists
throw new AMConfigurationException(
bundleName, "named-config-not-defined");
}
// get the config
// configuration does not exist
}
// do the removal of config
}
/**
* Returns all the authentication configurations defined in
* <code>iPlanetAMAuthConfiguration</code> service. This method will be
* used by console to manage configurations for different services.
*
* @param orgName Organization DN.
* @param token Single Sign On token.
* @return Set which contains all the configuration names
* @throws SMSException if failed to get configurations because
* of SM Exception.
* @throws SSOException if single sign on token is not valid.
*/
throws SMSException, SSOException {
}
if (debug.messageEnabled()) {
}
// Get the named config node
// service not registered
return Collections.EMPTY_SET;
}
if (namedConfig == null) {
// named configuration not exists
return Collections.EMPTY_SET;
}
// get all sub config names
}
/**
* Returns the authentication configuration defined in
* <code>iPlanetAMAuthConfiguration</code> service as XML string.
* This method will be used by console to manage configurations for
* different services.
* <p>
* Here is a sample XML string for an authentication configuration
* <pre>
* <AttributeValuePair> <br>
* <Value>com.sun.identity.authentication.modules.LDAP required
* debug=true</Value><br>
* <Value>com.sun.identity.authentication.modules.RADIUS
* optional</Value>
* </AttributeValuePair>
* </pre>
* This means user need to pass a required LDAP Login module, then an
* optional RADIUS Login module.
*
* @param configName Name of the authentication configuration.
* @param orgName Organization DN.
* @param token Single Sign On token.
* @return Map containing authentication service attributes.
* @throws SMSException if failed to get the configuration because
* of SM Exception.
* @throws SSOException if single sign on token is not valid.
* @throws AMConfigurationException if <code>configName</code> is null or
* not defined.
*/
public static Map getNamedConfig(
if (debug.messageEnabled()) {
}
// Check if name is valid
if (configName == null) {
}
// get configuration using SM API
// retrieve subconfig
// service not registered
throw new AMConfigurationException(
bundleName, "service-not-registered");
}
if (authConfig == null) {
// named configuration not exists
throw new AMConfigurationException(
bundleName, "named-config-not-defined");
}
// configuration does not exist
}
// retrieve attribute
/*Set value = (Set) map.get(ATTR_NAME);
if (value == null || value.isEmpty()) {
return null;
} else {
return (String) value.iterator().next();
}*/
return attributeDataMap;
}
/**
* Returns module name from complete class name.
*
* @param className Class name, example
* <code>com.sun.identity.authentication.modules.ldap.LDAP</code>.
* @return module name, e.g. "LDAP"
*/
if (dot == -1) {
return className;
// dot is the last character in className
return "";
} else {
}
}
/**
* Returns SM service name based on module name
*
* @param module Login module name, e.g. "LDAP"
* @return Service name for the login module, example
* <code>iPlanetAMAuthLDAPService</code>
*/
return "iPlanetAMAuthRadiusService";
}
}
}
/**
* Returns authentication level attribute name for module name.
*
* @param attrs parameter map of the module service.
* @param module Login module name, e.g. "LDAP".
* @return attribute name for authentication level
* example <code>iplanet-am-auth-ldap-auth-level</code> or
* <code>sunIdentityServerLDAPAuthLevel</code>.
*/
// auth level attribute must follow this naming convention
}
}
return attrName;
}
/**
* Returns service schema object for the authentication configuration
* subschema.
*
* @param token Single Sign On token.
* @return Service Schema.
* @throws AMConfigurationException if there are errors accessing
* authentication configuration.
*/
throws AMConfigurationException {
try {
return configSchema;
} catch (Exception e) {
throw new AMConfigurationException(e);
}
}
/**
* Returns all supported authentication modules
*
* @param token Single Sign On token to be using for accessing configuration
* information.
* @return Map contains all modules, key is the module name (e.g. LDAP),
* value is the complete class name (example
* <code>com.sun.identity.authentication.modules.ldap.LDAP</code>)
*/
// get auth global attribute
// if this is too slow, might need to consider listener option
try {
"iPlanetAMAuthService", token);
return modules;
}
// skip Application module here since it is internal
"com.sun.identity.authentication.modules.application.Application"
)) {
continue;
}
if (debug.messageEnabled()) {
}
if (dot > -1) {
} else {
}
}
} catch (Exception e) {
// ignore exception
}
return modules;
}
/**
* Returns all supported authentication modules in an Organization
* If there are not modules configured at the Organization level
* then the authentication modules set at Global level will be returned.
*
* @param orgDN organization DN.
* @param token single sign on token.
* @return Map contains all modules, key is the module name (e.g. LDAP),
* value is the complete class name (e.g.
* <code>com.sun.identity.authentication.modules.ldap.LDAP</code>)
*/
// get auth global attribute
try {
} catch (Exception e) {
}
} else {
}
if (debug.messageEnabled()) {
}
return modules;
}
/**
* Parses the string value for the authentication configuration
* based on the attribute DTD and return a List of
* <code>AuthConfigurationEntry</code> which could be used to retrieve
* module name, flag and options. Empty List will be returned if the XML
* value could not be parsed.
*
* @param xmlValue XML value for the authentication configuration.
* @return List of <code>AuthConfigurationEntry</code> contains module
* name, flag and options.
*/
if (debug.messageEnabled()) {
}
// call util method to parse the document
return entries;
}
// get document elements of the documents
// retrieve child elements (<Value>) of the root (<AttributeValuePair>)
// each element corresponding to one AuthConfigurationEntry
// process each child
for (int i = 0; i < number; i++) {
try {
} catch (Exception e) {
// continue next item
}
}
return entries;
}
/**
* Converts a List of <code>AuthConfigurationEntry</code> to XML
* representation according to following DTD.
* <pre>
* <!-- AttributeValuePair defines the values used to specify
* authentication configuration information. -->
* <!ELEMENT AttributeValuePair (Value*) >
*
* <!-- Value defines one authentication configuration -->
* <!ELEMENT Value (#PCDATA) >
* </pre>
*
* @param entries List of <code>AuthConfigurationEntry</code> to be
* processed.
* @return XML representation of the configuration.
*/
if (debug.messageEnabled()) {
}
for (int i = 0; i < len; i++) {
}
}
if (debug.messageEnabled()) {
}
} else {
return "";
}
}
/**
* Creates a map where key is the module name and value is the fully
* qualified class name of the module.
*
* @param classes Set of class name.
* @param globalAuth
*/
if (debug.messageEnabled()) {
}
// skip Application module here since it is internal
continue;
}
if (debug.messageEnabled()) {
}
if (dot > -1) {
} else {
if (debug.messageEnabled()) {
}
} else {
}
}
}
return modules;
}
/**
* Returns the fully qualified class name of the Module. Returns the module
* Name if class name is not found.
*
* @param moduleName Name of authentication module.
* @param globalAuth
*/
private static String getAuthenticatorClassName(
Set globalAuth) {
if (globalAuth == null) {
return moduleName;
}
// skip Application module here since it is internal
continue;
}
if (dot > -1) {
}
}
if (fullClassName != null) {
break;
}
}
if (debug.messageEnabled()) {
}
if (fullClassName != null) {
return fullClassName;
} else {
return moduleName;
}
}
/**
* Returns the global authenticators.
*
* @param token Single sign on token to access configuration information.
* @return the global Authenticators.
*/
try {
} catch (Exception e) {
}
return globalAuth;
}
/**
* Get the string representation of the {@link LoginModuleControlFlag}.
*
* @param controlFlag The {@link LoginModuleControlFlag}
* @return A string representing the {@link LoginModuleControlFlag}.
*/
return "REQUIRED";
return "OPTIONAL";
return "REQUISITE";
return "SUFFICIENT";
} else {
return "";
}
}
}