/*
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
*
* Copyright (c) 2005 Sun Microsystems Inc. All Rights Reserved
*
* The contents of this file are subject to the terms
* of the Common Development and Distribution License
* (the License). You may not use this file except in
* compliance with the License.
*
* You can obtain a copy of the License at
* See the License for the specific language governing
* permission and limitations under the License.
*
* When distributing Covered Code, include this CDDL
* Header Notice in each file and include the License file
* at opensso/legal/CDDLv1.0.txt.
* If applicable, add the following below the CDDL Header,
* with the fields enclosed by brackets [] replaced by
* your own identifying information:
* "Portions Copyrighted [year] [name of copyright owner]"
*
* $Id: AdminTokenAction.java,v 1.14 2009/06/19 02:35:11 bigfatrat Exp $
*
* Portions Copyrighted 2010-2015 ForgeRock AS.
*/
/**
* The class is used to perform privileged operations using
* <code>java.security.AccessController.doPrivileged()
* </code> when trying to
* get Application single sign on token. There are four approaches to get single
* sign on token. 1. Return the single sign on token of the administrator
* configured in <code>serverconfig.xml</code> if the code runs on server
* site. 2. If #1 fails, it implies the client is using remote SDK. If
* <code>com.sun.identity.security.AdminToken</code> is specified in
* <code>AMConfig.properties</code>, we will call this application token
* provider plug-in to retrieve the single sign on token. 3. If #2 fails, we
* look for <code>com.sun.identity.agents.app.username</code> and
* <code>com.iplanet.am.service.password</code> in
* <code>AMConfig.properties</code>, if so, we will generate single sign
* token of administrator based on the user name and password. 4. If #3 fails,
* we look for <code>com.sun.identity.agents.app.username</code> and
* <code>com.iplanet.am.service.secret</code> in
* <code>AMConfig.properties</code>. If so, we will generate single sign on
* token based on the user name and secret.
*
* Note: Java security permissions check for OpenAM can be enabled
* by setting the property <code>com.sun.identity.security.checkcaller</code> to
* true in <code>AMConfig.properties</code> file.
*
* </PRE>
*
* @supported.all.api
*/
//OPENAM-1109 admin token doesn't get cleared
//because SSOTokenManager#isValidToken() doesn't get
//real session status. This flag makes AdminTokenAction
//to refresh session status and get the true status.
/**
* Singleton instance.
*/
private boolean authInitialized;
private final boolean validateSession;
/**
* Returns a cached instance <code>AdminTokenAction</code>.
*
* @return instance of <code>AdminTokenAction</code>.
*/
// Safe double-checked locking pattern (instance is volatile):
synchronized (AdminTokenAction.class) {
try {
instance = new AdminTokenAction();
} catch (SSOException e) {
}
}
}
}
return instance;
}
/**
* Default constructor
*/
public void shutdown() {
}
});
}
/**
* Informs AdminTokenAction that Authentication has been initialized
* This class will start using Authentication service to obtain
* SSOToken for admin users
*/
public void authenticationInitialized() {
authInitialized = true;
// Generate the DPro's SSOToken
appSSOToken = getSSOToken();
if (debug.messageEnabled()) {
"called. AppSSOToken className=" + (String)
}
// Clear internalAppSSOToken
}
/**
* Resets cached SSOToken. WITHOUT destroying. Called when we know the
* token is invalid
*/
public static void invalid() {
getInstance().invalidate();
if (debug.messageEnabled()) {
}
}
private void invalidate() {
appSSOToken = null;
}
/**
* Resets cached SSOToken.
*/
public static void reset() {
getInstance().resetInstance();
}
private void resetInstance() {
if (appSSOToken != null) {
try {
} catch (SSOException ssoe) {
}
appSSOToken = null;
}
}
/* (non-Javadoc)
* @see java.security.PrivilegedAction#run()
*/
// Check if we have a valid cached SSOToken
try {
if (validateSession) {
}
return appSSOToken;
}
} catch (SSOException ssoe) {
}
}
// Check if internalAppSSOToken is present
return internalAppSSOToken;
}
// Try getting the token from serverconfig.xml
}
return answer;
} else if (debug.messageEnabled()) {
}
// Check for configured Application Token Provider in AMConfig.properties
if (appTokenProviderName != null) {
try {
}
} else {
try {
} catch (Throwable t) {
}
}
} else {
if (debug.messageEnabled()) {
}
}
}
// If SSOToken is NULL, AM would not bootstrap: fatal error
throw new AMSecurityPropertiesException(errorMessage);
// Cache the SSOToken if not in server mode (i.e., in the
// case of client sdk) or if the authN has been initialized
}
return answer;
}
// Please NEVER make this method public!!!!!!!!!!
// This can only be used in server site.
try {
//call method directly
// Use internal auth context to get the SSOToken
} else {
// Copy the authentication state
boolean authInit = authInitialized;
if (authInit) {
authInitialized = false;
}
// Obtain SSOToken using AuthN service
// Restore the authentication state
authInitialized = true;
}
}
}
} catch (NoClassDefFoundError ne) {
} catch (Throwable t) {
}
return ssoAuthToken;
}
}