AuthTargetMapping.java revision 55e32e1d339c1e3417aa96111d48d51eb29be585
/*
* The contents of this file are subject to the terms of the Common Development and
* Distribution License (the License). You may not use this file except in compliance with the
* License.
*
* You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for the
* specific language governing permission and limitations under the License.
*
* When distributing Covered Software, include this CDDL Header Notice in each file and include
* the License file at legal/CDDLv1.0.txt. If applicable, add the following below the CDDL
* Header, with the fields enclosed by brackets [] replaced by your own identifying
* information: "Portions Copyrighted [year] [name of copyright owner]".
*
* Copyright 2013-2015 ForgeRock AS.
*/
/**
* Each deployed STS instance will be configured with a mapping which specifies the rest authN authIndexType and authIndexValue
* against which a particular token type will be validated.
* An instance of this class will be harvested from the UI elements configuring STS instances.
*
* See the org.forgerock.openam.forgerockrest.authn.core.AuthIndexType class for valid values for the authIndexType
* below. The authIndexValue is the actual name of the service, module, etc. (for an authIndexType of "service" the
* authIndexValue could be "ldapService").
*
* This class also allows for the creation of a {@code Map<String, Object>} to be associated with a given AuthTarget. This is
* required to provide some context to the {@code TokenAuthenticationRequestDispatcher<T>} responsible for dispatching the
* authentication request for token-type T to the OpenAM Rest authN context. For example the dispatcher for
* OpenIdConnectIdTokens must know what header name should reference the Id Token, a value dependant upon the value
* configured for the OpenAM OIDC authN module.
*
* Note that it is likely that the rest-sts (and possibly soap-sts) will support customers plugging-in token validation of
* custom token types. Thus this class must support a means of registering AuthTarget instances for custom token types.
* Thus the AuthTargetMapping will store the registered AuthTarget instances in a Map keyed by a String, the String
* obtained by the TokenTypeId#getId. The TokenType enum implements the TokenTypeId interface, so existing TokenTypes
* can be passed as usual, a scheme which can support the end-user registration of a custom implementation of the TokenTypeId,
* a necessary step in the validation of a custom token type.
*
*/
public class AuthTargetMapping {
//public visibility as referenced from RestDeploymentConfig-need to leak reference as these constants correspond
//to AttributeSchema names in restSTS.xml.
public static class AuthTargetMappingBuilder {
/**
* Associates a particular token class with authIndexType and authIndexValue values. For the associated STS
* instance, the particular token type will be authenticated against the Rest authN context specified by the
* authIndexType and authIndexValue.
*
* The context will provides state to the dispatcher of the authN request necessary
* by the associated authN module (e.g. the name of the header referencing the OpenID Connect ID Token).
*/
/**
* Associates a particular token type with authIndexType and authIndexValue values. For the associated STS
* instance, the particular token type will be authenticated against the Rest authN context specified by the
* authIndexType and authIndexValue.
* @param tokenTypeId the token type identifier
* @param authIndexType the authIndexType defining the authN target
* @param authIndexValue the authIndexValue defining the authN target
* @param context any context necessary for the {@code TokenAuthenticationRequestDispatcher<T> } to dispatch authN
* requests for the token type T against the specified authN target (e.g. the name of the header
* referencing the token).
* @return the builder
*/
public AuthTargetMappingBuilder addMapping(TokenTypeId tokenTypeId, String authIndexType, String authIndexValue, Map<String,String> context) {
return this;
}
/**
* Associates a particular token type with authIndexType and authIndexValue values. For the associated STS
* instance, the particular token type will be authenticated against the Rest authN context specified by the
* authIndexType and authIndexValue.
* @param tokenTypeId the token type identifier
* @param authIndexType the authIndexType defining the authN target
* @param authIndexValue the authIndexValue defining the authN target
* @return the builder
*/
public AuthTargetMappingBuilder addMapping(TokenTypeId tokenTypeId, String authIndexType, String authIndexValue) {
}
/**
* Private visibility, as this method will only be called when marshalling from Json. The bottom line is that
* supporting custom token types via the TokenTypeId interface does not allow for the re-constitution of a
* TokenTypeId instance given a string identifier, as works for Enum instances.
* @param tokenTypeId the String token type identifier
* @param authIndexType the authIndexType defining the authN target
* @param authIndexValue the authIndexValue defining the authN target
* @param context any context necessary for the {@code TokenAuthenticationRequestDispatcher<T> } to dispatch authN
* requests for the token type T against the specified authN target (e.g. the name of the header
* referencing the token).
* @return the builder
*/
private AuthTargetMappingBuilder addMapping(String tokenTypeId, String authIndexType, String authIndexValue, Map<String,String> context) {
return this;
}
public AuthTargetMapping build() {
return new AuthTargetMapping(this);
}
}
public static class AuthTarget {
private final String authIndexType;
private final String authIndexValue;
}
}
this.authIndexType = authIndexType;
this.authIndexValue = authIndexValue;
} else {
}
}
public String getAuthIndexType() {
return authIndexType;
}
public String getAuthIndexValue() {
return authIndexValue;
}
/*
Method called in the context of marshalling to a Map<String,Object>, necessary for SMS persistence.
*/
public String toSmsString() {
StringBuilder valueBuilder = new StringBuilder(authIndexType).append(AMSTSConstants.PIPE).append(authIndexValue);
int count = 0;
if (count > 0) {
}
count++;
}
}
return valueBuilder.toString();
}
return toSmsString();
}
/*
Called in the context of marshalling from the Map<String, Object> representation, back to the AuthTarget representation.
module;module_name OR
service;service_name;context_key1=context_value1,context_key_2=context_value2,
No effort was made to catch NoSuchElementException, thrown from StringTokenizer#nextToken(), as the
strings parsed in this method will only be generated by the toSmsString method in this class, and thus should
be predictable.
*/
if (topLevelTokenizer.hasMoreTokens()) {
while (contextTokenizer.hasMoreTokens()) {
StringTokenizer entryTokenizer = new StringTokenizer(contextTokenizer.nextToken(), AMSTSConstants.EQUALS);
}
} else {
}
}
if (other instanceof AuthTarget) {
}
}
return false;
}
public int hashCode() {
//does not have to include the map as the authIndexType and authIndex value should be unique
}
return json(object(field(AUTH_INDEX_TYPE, authIndexType), field(AUTH_INDEX_VALUE, authIndexValue)));
} else {
}
}
} else {
json.get(AUTH_INDEX_VALUE).asString(), MapMarshallUtils.objectValueToStringValueMap(json.get(CONTEXT).asMap()));
}
}
}
}
public static AuthTargetMappingBuilder builder() {
return new AuthTargetMappingBuilder();
}
/*
If a mapping is not present, null will be returned. This will allow the caller (e.g. the AuthenticationUriProvider)
to know when to decorate the URI.
*/
}
builder.append(entry.getKey()).append(AMSTSConstants.PIPE).append(entry.getValue().toString()).append('\n');
}
}
if (other instanceof AuthTargetMapping) {
}
return false;
}
}
return jsonMappings;
}
throw new IllegalArgumentException("JsonValue passed to AuthTargetMapping.fromJson not map. The json: "
}
}
}
}
return attributes;
}
if (authTargetMappings != null) {
AuthTarget authTarget = AuthTarget.fromSmsString(entry.substring(entry.indexOf(AMSTSConstants.PIPE) + 1));
}
} else {
throw new IllegalStateException("No value in attribute map corresponding to key " +
}
}
}