001: package com.sun.ssoadapter.mbeans;
002:
003: import java.util.*;
004: import java.util.logging.Level;
005: import java.util.logging.Logger;
006: import com.sun.portal.admin.common.AttrOptionConstants;
007: import com.sun.portal.admin.common.PSMBeanException;
008: import com.sun.portal.admin.common.context.PortalDomainContext;
009: import com.sun.portal.admin.common.context.PSConfigContext;
010: import com.sun.portal.admin.common.util.AdminUtil;
011: import com.sun.portal.admin.common.util.AdminClientUtil;
012: import com.sun.portal.admin.server.AdminServerUtil;
013: import com.sun.portal.admin.server.mbeans.PSResource;
014: import com.sun.portal.admin.server.PASModule;
015: import com.sun.portal.fabric.common.AttributeHandler; //import com.sun.portal.fabric.common.AttributeHandlerFactory;
016: import com.sun.portal.fabric.common.GenericDSAMEAttributeHandler;
017: import com.sun.portal.log.common.PortalLogger;
018: import com.sun.ssoadapter.config.Configuration;
019: import com.sun.ssoadapter.SSOAdapterLogger;
020: import com.iplanet.am.sdk.AMConstants;
021: import com.iplanet.am.sdk.AMException;
022: import com.iplanet.am.sdk.AMObject;
023: import com.iplanet.am.sdk.AMOrganization;
024: import com.iplanet.am.sdk.AMRole;
025: import com.iplanet.am.sdk.AMTemplate;
026: import com.iplanet.am.sdk.AMUser;
027: import com.iplanet.am.sdk.AMStoreConnection;
028: import com.iplanet.sso.SSOException;
029: import com.iplanet.sso.SSOTokenManager;
030: import com.iplanet.sso.SSOToken;
031: import javax.management.ObjectName;
032: import javax.management.MBeanServer;
033: import java.security.AccessController;
034: import com.sun.identity.security.DecryptAction;
035: import com.sun.identity.security.EncryptAction;
036:
037: import com.sun.identity.sm.ServiceSchemaManager;
038: import com.sun.identity.sm.SMSException;
039: import com.sun.identity.sm.ServiceSchema;
040:
041: public class SSOAdapter extends PSResource implements SSOAdapterMBean {
042:
043: private static final String SSO_SERVICE = "SunSSOAdapterService";
044: private static final String TEMPLATE_ATTR = "sunConfigurationTemplates";
045: private static final String AUTHLESS_ATTR = "sunSSOAdapterAuthorizedAuthlessUIDs";
046: private static final String CONFIGURATION_ATTR = "sunSSOAdapterConfigurations";
047: private static final String GLOBAL_DN = "_!global!_";
048: private static final String INVALID_STRING = ",cn=" + SSO_SERVICE;
049: private static final String PROTOCOL_DEFAULT = "default|";
050: private Map templateOptionsMap = null;
051: private Map authlessOptionsMap = null;
052: private Logger logger = SSOAdapterLogger
053: .getLogger("com.sun.portal.ssoadapter.mbeans");
054:
055: // private Logger logger = SSOAdapterLogger.getLogger("com.sun.ssoadapter.mbeans");
056: // private static Logger logger = SSOAdapterLogger.getLogger(SSOAdapter.class);
057: /* Option constants here as a reference
058: String OPT_COMPONENT = "component";
059: String OPT_ATTR_NAME = "attribute-name";
060: String OPT_DN = "dn";
061: String OPT_GLOBAL = "global";
062: String OPT_ORG = "org";
063:
064: //set operation options
065: String OPT_INHERIT = "inherit";
066: String OPT_ADD = "add";
067: String OPT_REMOVE = "remove";
068: */
069:
070: // init here
071: public void init(PSConfigContext cc, PortalDomainContext pdc,
072: List path) {
073: super .init(cc, pdc, path);
074: templateOptionsMap = new HashMap(5);
075: templateOptionsMap.put(AttrOptionConstants.OPT_COMPONENT,
076: SSO_SERVICE);
077: templateOptionsMap.put(AttrOptionConstants.OPT_ATTR_NAME,
078: TEMPLATE_ATTR);
079: templateOptionsMap.put(AttrOptionConstants.OPT_GLOBAL, "true");
080: authlessOptionsMap = new HashMap(5);
081: authlessOptionsMap.put(AttrOptionConstants.OPT_COMPONENT,
082: SSO_SERVICE);
083: authlessOptionsMap.put(AttrOptionConstants.OPT_ATTR_NAME,
084: AUTHLESS_ATTR);
085: authlessOptionsMap.put(AttrOptionConstants.OPT_GLOBAL, "true");
086: }
087:
088: // This method will get all global templates and convert them
089: // to a list of Configuration objects
090: private List getTemplates() throws PSMBeanException {
091: logger.log(Level.FINEST, "Start");
092: AttributeHandler handler = new GenericDSAMEAttributeHandler();
093: handler.init("ssoadapter", getDomainID(), getID());
094: // AttributeHandlerFactory.getComponentAttrHandler("ssoadapter",
095: // getPSConfigContext(), getDomainID(), getID());
096: handler.validate(null, templateOptionsMap);
097: List values = handler.getAttribute(templateOptionsMap);
098: List templates = new ArrayList(values.size());
099: for (Iterator i = values.iterator(); i.hasNext();) {
100: // Remove leading "default|"
101: String t = (String) i.next();
102: if (t.startsWith(PROTOCOL_DEFAULT)) {
103: t = t.substring(PROTOCOL_DEFAULT.length());
104: }
105: templates.add(new Configuration(t));
106: }
107: return templates;
108: }
109:
110: // This method will set all global templates from
111: // to a list of Configuration objects
112: private void setTemplates(List templates) throws PSMBeanException {
113: logger.log(Level.FINEST, "SSOAdapter.setTemplates: Start");
114: List values = new ArrayList(templates.size());
115: for (Iterator i = templates.iterator(); i.hasNext();) {
116: Configuration c = (Configuration) i.next();
117: String curl = c.getConfigurationURL();
118: // Add leading "default|"
119: if (!curl.startsWith(PROTOCOL_DEFAULT)) {
120: curl = PROTOCOL_DEFAULT.concat(curl);
121: }
122: values.add(curl);
123: }
124: AttributeHandler handler = new GenericDSAMEAttributeHandler();
125: handler.init("ssoadapter", getDomainID(), getID());
126: // AttributeHandlerFactory.getComponentAttrHandler("ssoadapter",
127: // getPSConfigContext(), getDomainID(), getID());
128: handler.validate(null, templateOptionsMap);
129: handler.setAttribute(values, templateOptionsMap);
130: logger.log(Level.FINEST,
131: "SSOAdapter.setTemplates: Successfully set templates");
132: }
133:
134: // Return a list of all the template names available
135: public List getTemplateNames() throws PSMBeanException {
136: logger.log(Level.FINEST, "Getting template names for "
137: + SSO_SERVICE);
138: List templates = getTemplates();
139: List names = new ArrayList(templates.size());
140: for (Iterator i = templates.iterator(); i.hasNext();) {
141: Configuration c = (Configuration) i.next();
142: names.add(c.getConfigurationName());
143: }
144: // Sort these bad boys
145: Collections.sort(names);
146: return names;
147: }
148:
149: // Return a map of property names and their values for a template
150: // The map of the template contains:
151: // attribute names and values for default properties,
152: // an attribute named "merge" whos value is a List of merge properties,
153: // an attribute named "encoded" whos value is a List of encoded properties.
154: public Map getTemplateProperties(String name)
155: throws PSMBeanException {
156: logger.log(Level.FINEST, "Getting template properties for "
157: + name);
158: List templates = getTemplates();
159: List names = new ArrayList(templates.size());
160: for (Iterator i = templates.iterator(); i.hasNext();) {
161: Configuration c = (Configuration) i.next();
162: if (c.getConfigurationName().equals(name)) {
163: Map properties = c.getHashMap();
164: // Decrypt properties
165: String[] encoded = (String[]) c
166: .getPropertyArray("encoded");
167: if (encoded != null) {
168: List encodedList = Arrays.asList(encoded);
169: logger.log(Level.FINEST,
170: "SSOAdapter.setTemplateProperties: Encoded list:"
171: + encodedList);
172: decryptProperties(encodedList, properties);
173: }
174: //decryptProperties(Arrays.asList(encoded), properties);
175: return properties;
176: }
177: }
178: return Collections.EMPTY_MAP;
179: }
180:
181: // Set properties of a template, replacing the current properties
182: // The map of the template contains:
183: // attribute names and values for default properties,
184: // an attribute named "merge" whos value is a List of merge properties,
185: // an attribute named "encoded" whos value is a List of encoded properties.
186: public void setTemplateProperties(String name, Map properties)
187: throws PSMBeanException {
188: logger.log(Level.FINEST,
189: "SSOAdapter.setTemplateProperties: Start");
190: boolean found = false;
191: List templates = getTemplates();
192: for (int i = 0; i < templates.size(); i++) {
193: Configuration c = (Configuration) templates.get(i);
194: if (name.equals(c.getConfigurationName())) {
195: logger
196: .log(Level.FINEST,
197: "SSOAdapter.setTemplateProperties: Found template to replace");
198: found = true;
199: // Encrypt properties
200: String[] encoded = (String[]) properties.get("encoded");
201: if (encoded != null) {
202: List encodedList = Arrays.asList(encoded);
203: logger.log(Level.FINEST,
204: "SSOAdapter.setTemplateProperties: Encoded list:"
205: + encodedList);
206: encryptProperties(encodedList, properties);
207: }
208: c.setHashMap(new HashMap(properties));
209: break;
210: }
211: }
212: if (found) {
213: setTemplates(templates);
214: } else {
215: logger.log(Level.WARNING,
216: "SSOAdapter.setTemplateProperties: Unable to find template "
217: + name);
218: }
219: }
220:
221: // Create a new global template
222: public void createTemplate(String name, String basis)
223: throws PSMBeanException {
224: logger.log(Level.FINEST, "SSOAdapter.createTemplate: Start");
225: Configuration newc = new Configuration();
226: newc.setConfigurationName(name);
227: newc.setHashMap(new HashMap(getTemplateProperties(basis)));
228: List templates = getTemplates();
229: templates.add(newc);
230: setTemplates(templates);
231: }
232:
233: // Delete a global template.
234: // User is responsible for deleting all configurations that reference the template
235: public void deleteTemplate(String name) throws PSMBeanException {
236: logger.log(Level.FINEST, "Start");
237: List templates = getTemplates();
238: logger.log(Level.FINEST, "Before deletes, templates size is "
239: + templates.size());
240: for (int i = 0; i < templates.size(); i++) {
241: Configuration c = (Configuration) templates.get(i);
242: logger.log(Level.FINEST, "Checking template named "
243: + c.getConfigurationName());
244: if (name.equals(c.getConfigurationName())) {
245: //logger.log(Level.FINEST, "SSOAdapter.deleteTemplateProperties: Found template to delete");
246: templates.remove(i);
247: i--;
248: }
249: }
250: logger.log(Level.FINEST, "After deletes, templates size is "
251: + templates.size());
252: setTemplates(templates);
253: }
254:
255: // Return a List of configurations defined for a dn
256: private List getConfigurationsByDn(String dn)
257: throws PSMBeanException {
258: logger.log(Level.FINEST,
259: "SSOAdapter.getConfigurationsByDn: Getting configurations for "
260: + dn);
261: HashMap configOptionsMap = new HashMap(5);
262: configOptionsMap.put(AttrOptionConstants.OPT_COMPONENT,
263: SSO_SERVICE);
264: configOptionsMap.put(AttrOptionConstants.OPT_ATTR_NAME,
265: CONFIGURATION_ATTR);
266: if (dn != null && dn.equals(GLOBAL_DN)) {
267: logger
268: .log(Level.FINEST,
269: "SSOAdapter.getConfigurationsByDn: Searching globally");
270: configOptionsMap.put(AttrOptionConstants.OPT_DN, null);
271: } else {
272: configOptionsMap.put(AttrOptionConstants.OPT_DN, dn);
273: //configOptionsMap.put(AttrOptionConstants.OPT_INHERIT, false);
274: }
275: AttributeHandler handler = new GenericDSAMEAttributeHandler();
276: handler.init("ssoadapter", getDomainID(), getID());
277: // AttributeHandlerFactory.getComponentAttrHandler("ssoadapter",
278: // getPSConfigContext(), getDomainID(), getID());
279: handler.validate(null, configOptionsMap);
280: List values = handler.getAttribute(configOptionsMap);
281: List configs = new ArrayList(values.size());
282: for (Iterator i = values.iterator(); i.hasNext();) {
283: // Remove leading "default|"
284: String c = (String) i.next();
285: if (c.startsWith(PROTOCOL_DEFAULT)) {
286: c = c.substring(PROTOCOL_DEFAULT.length());
287: }
288: configs.add(new Configuration(c));
289: }
290: logger.log(Level.FINEST,
291: "SSOAdapter.getConfigurationsByDn: Returning "
292: + configs.size() + " configs");
293: return configs;
294: }
295:
296: // This method will set all configurations for a dn from
297: // a list of Configuration objects
298: private void setConfigurations(String dn, List configs)
299: throws PSMBeanException {
300: logger.log(Level.FINEST, "Setting configurations for " + dn);
301: HashMap configOptionsMap = new HashMap(5);
302: configOptionsMap.put(AttrOptionConstants.OPT_COMPONENT,
303: SSO_SERVICE);
304: configOptionsMap.put(AttrOptionConstants.OPT_ATTR_NAME,
305: CONFIGURATION_ATTR);
306: if (dn != null && dn.equals(GLOBAL_DN)) {
307: logger
308: .log(Level.FINEST,
309: "SSOAdapter.getConfigurationsByDn: Setting global configuration");
310: configOptionsMap.put(AttrOptionConstants.OPT_DN, null);
311: } else {
312: configOptionsMap.put(AttrOptionConstants.OPT_DN, dn);
313: }
314: List values = new ArrayList(configs.size());
315: for (Iterator i = configs.iterator(); i.hasNext();) {
316: Configuration c = (Configuration) i.next();
317: String curl = c.getConfigurationURL();
318: // Add leading "default|"
319: if (!curl.startsWith(PROTOCOL_DEFAULT)) {
320: curl = PROTOCOL_DEFAULT.concat(curl);
321: }
322: values.add(curl);
323: }
324: AttributeHandler handler = new GenericDSAMEAttributeHandler();
325: handler.init("ssoadapter", getDomainID(), getID());
326: // AttributeHandlerFactory.getComponentAttrHandler("ssoadapter",
327: // getPSConfigContext(), getDomainID(), getID());
328: handler.validate(null, configOptionsMap);
329: handler.setAttribute(values, configOptionsMap);
330: logger.log(Level.FINEST, "Successfully set configurations");
331: }
332:
333: // Return a map of all the configuration names and associated dns available for a given dn
334: // Each key in the map is a configuration name, the value is a String representing the Template basis
335: //
336: public Map getConfigurationNamesByDn(String dn)
337: throws PSMBeanException {
338: List config = getConfigurationsByDn(dn);
339: Map returnMap = new HashMap(config.size());
340: for (Iterator i = config.iterator(); i.hasNext();) {
341: Configuration c = (Configuration) i.next();
342: returnMap.put(c.getConfigurationName(), c
343: .getConfigurationDescription());
344: }
345: return returnMap;
346: }
347:
348: // Return a map of all the configuration names and associated dns available for a given template
349: // Each key in the map is a configuration name, the value is a List of Strings representing dns
350: // that have that configuration defined
351: public Map getConfigurationNamesByTemplate(String template)
352: throws PSMBeanException {
353: logger.log(Level.FINEST,
354: "SSOAdapter.getConfigurationNamesByTemplate: Start");
355: Map returnMap = new HashMap();
356: AMStoreConnection conn = null;
357: try {
358: SSOTokenManager manager = SSOTokenManager.getInstance();
359: SSOToken token = AdminServerUtil.getSSOToken();
360: java.security.Principal principal = token.getPrincipal();
361: if ((token != null) && (manager.isValidToken(token))) {
362: // open a store connection
363: conn = new AMStoreConnection(token);
364: logger.log(Level.FINEST, "Got AMStoreConnection");
365: // get the starting OrgDN from the principal
366: AMUser user = conn.getUser(principal.getName());
367: String orgDN = user.getOrganizationDN();
368: AMOrganization startOrg = conn.getOrganization(orgDN);
369:
370: // Search top level dynamic attribute
371: ServiceSchemaManager svcMgr = new ServiceSchemaManager(
372: SSO_SERVICE, token);
373: ServiceSchema svcSchema = svcMgr.getDynamicSchema();
374: Map attrs = svcSchema.getAttributeDefaults();
375: Set globalValues = (Set) attrs.get(CONFIGURATION_ATTR);
376: logger.log(Level.FINEST, "Global dynamic schema has "
377: + globalValues.size() + " configurations");
378: Set globalConfigNames = getConfigsWithTemplate(
379: globalValues, template);
380: for (Iterator j = globalConfigNames.iterator(); j
381: .hasNext();) {
382: String configName = (String) j.next();
383: logger.log(Level.FINEST,
384: "Match for template found: " + configName);
385: if (returnMap.containsKey(configName)) {
386: List configDns = (List) returnMap
387: .get(configName);
388: configDns.add(GLOBAL_DN);
389: // May not have to do this
390: returnMap.put(configName, configDns);
391: } else {
392: ArrayList configDns = new ArrayList();
393: configDns.add(GLOBAL_DN);
394: returnMap.put(configName, configDns);
395: }
396: }
397:
398: // Search organizations for service schema attributes
399: Set orgs = startOrg
400: .getSubOrganizations(AMConstants.SCOPE_SUB);
401: for (Iterator i = orgs.iterator(); i.hasNext();) {
402: String orgDn = (String) i.next();
403: AMOrganization org = startOrg
404: .getSubOrganization(orgDn);
405: logger.log(Level.FINEST, "Searching " + orgDn);
406: // See if the attribute is defined here
407: AMTemplate dynTemplate = org.getTemplate(
408: SSO_SERVICE, AMTemplate.DYNAMIC_TEMPLATE);
409: if (dynTemplate.isExists()) {
410: Set vals = dynTemplate
411: .getAttribute(CONFIGURATION_ATTR);
412: logger.log(Level.FINEST,
413: "Has a dynamic template with "
414: + vals.size()
415: + " configurations");
416: Set configNames = getConfigsWithTemplate(vals,
417: template);
418: //if (configNames.size() > 0){
419: for (Iterator j = configNames.iterator(); j
420: .hasNext();) {
421: String configName = (String) j.next();
422: logger.log(Level.FINEST,
423: "Match for template found: "
424: + configName);
425: if (returnMap.containsKey(configName)) {
426: List configDns = (List) returnMap
427: .get(configName);
428: configDns.add(orgDn);
429: // May not have to do this
430: returnMap.put(configName, configDns);
431: } else {
432: ArrayList configDns = new ArrayList();
433: configDns.add(orgDn);
434: returnMap.put(configName, configDns);
435: }
436: }
437: }
438: }
439:
440: // Search roles for service schema attributes
441: Set roles = startOrg.getRoles(AMConstants.SCOPE_SUB);
442: for (Iterator i = roles.iterator(); i.hasNext();) {
443: String roleDn = (String) i.next();
444: logger.log(Level.FINEST, "Searching " + roleDn);
445: AMRole role = conn.getRole(roleDn);
446: AMTemplate dynTemplate = role.getTemplate(
447: SSO_SERVICE, AMTemplate.DYNAMIC_TEMPLATE);
448: if (dynTemplate.isExists()) {
449: Set vals = dynTemplate
450: .getAttribute(CONFIGURATION_ATTR);
451: logger.log(Level.FINEST,
452: "Has a dynamic template with "
453: + vals.size()
454: + " configurations");
455: Set configNames = getConfigsWithTemplate(vals,
456: template);
457: //if (configNames.size() > 0){
458: for (Iterator j = configNames.iterator(); j
459: .hasNext();) {
460: String configName = (String) j.next();
461: logger.log(Level.FINEST,
462: "Match for template found: "
463: + configName);
464: if (returnMap.containsKey(configName)) {
465: List configDns = (List) returnMap
466: .get(configName);
467: configDns.add(roleDn);
468: // May not have to do this
469: returnMap.put(configName, configDns);
470: } else {
471: ArrayList configDns = new ArrayList();
472: configDns.add(roleDn);
473: returnMap.put(configName, configDns);
474: }
475: }
476: }
477: }
478:
479: }
480: } catch (SSOException ssoe) {
481: if (logger.isLoggable(Level.INFO)) {
482: logger.log(Level.INFO, "PSFB_CSPFM0001", ssoe);
483: }
484: throw new PSMBeanException("ssoTokenError");
485: } catch (AMException ame) {
486: if (logger.isLoggable(Level.INFO)) {
487: logger.log(Level.INFO, "PSFB_CSPFM0002", ame);
488: }
489: throw new PSMBeanException("amException");
490: } catch (SMSException smse) {
491: if (logger.isLoggable(Level.INFO)) {
492: logger.log(Level.INFO, "PSFB_CSPFM0002", smse);
493: }
494: throw new PSMBeanException("SMSException");
495: } finally {
496: if (conn != null) {
497: // help garbage collect
498: conn = null;
499: }
500: }
501: return returnMap;
502: }
503:
504: // Return a map of property names and their values for a configuration and dn
505: // Fills in undefined merged properties as null values in the Map
506: // Unencodes properties listed in the encoded list
507: // Adds configDesc={basis} to the map
508: // Adds encoded={encodedList} to the map
509: public Map getConfigurationProperties(String dn, String name)
510: throws PSMBeanException {
511: logger.log(Level.FINEST, "Start");
512: List config = getConfigurationsByDn(dn);
513: logger.log(Level.FINEST, "Found " + config.size()
514: + " configs for dn " + dn);
515: for (Iterator i = config.iterator(); i.hasNext();) {
516: Configuration c = (Configuration) i.next();
517: if (c.getConfigurationName().equals(name)) {
518: // Found the config, now fill in missing merge properties from the template
519: String configDesc = c.getConfigurationDescription();
520: Map t = getTemplateProperties(configDesc);
521: String[] merge = (String[]) t.get("merge");
522: HashMap returnMap = new HashMap();
523: if (merge != null) {
524: // There is at least one user property
525: HashMap configMap = c.getHashMap();
526: for (int j = 0; j < merge.length; j++) {
527: String prop = merge[j];
528: if (configMap.containsKey(prop)) {
529: returnMap.put(prop, configMap.get(prop));
530: } else {
531: returnMap.put(prop, null);
532: }
533: }
534: }
535: // Decrypt properties
536: String[] encoded = (String[]) t.get("encoded");
537: if (encoded != null)
538: decryptProperties(Arrays.asList(encoded), returnMap);
539: returnMap.put("encoded", encoded);
540: String[] configDescArray = { configDesc };
541: returnMap.put("configDesc", configDescArray);
542: return returnMap;
543: }
544: }
545: logger.log(Level.WARNING,
546: "Could not find configuration name matching " + name
547: + " in dn " + dn);
548: return Collections.EMPTY_MAP;
549: }
550:
551: // Set property values for a configuration and dn, replacing all existing properties.
552: public void setConfigurationProperties(String dn, String name,
553: Map properties) throws PSMBeanException {
554: logger.log(Level.FINEST, "Start");
555: boolean found = false;
556: List configs = getConfigurationsByDn(dn);
557: logger.log(Level.FINEST, "Found " + configs.size()
558: + " configs for dn " + dn);
559: for (Iterator i = configs.iterator(); i.hasNext();) {
560: Configuration c = (Configuration) i.next();
561: if (c.getConfigurationName().equals(name)) {
562: // Found the config, now replace properties
563: // Make sure to encrypt all properties in the template encoded list
564: Map t = getTemplateProperties(c
565: .getConfigurationDescription());
566: // Typically, the encoded list will be very small so iterating thru
567: // that list will be faster than the other way around
568: String[] encoded = (String[]) t.get("encoded");
569: if (encoded != null)
570: encryptProperties(Arrays.asList(encoded),
571: properties);
572: c.setHashMap(new HashMap(properties));
573: found = true;
574: }
575: }
576: if (found) {
577: setConfigurations(dn, configs);
578: } else {
579: logger.log(Level.WARNING, "Unable to find config " + name
580: + " for dn " + dn);
581: }
582: }
583:
584: // Create a new configuration for given dn
585: public void createConfiguration(String dn, String name, String basis)
586: throws PSMBeanException {
587: logger.log(Level.FINEST, "Start create configuration");
588: Configuration newc = new Configuration();
589: newc.setConfigurationName(name);
590: newc.setConfigurationDescription(basis);
591: List configs = getConfigurationsByDn(dn);
592: configs.add(newc);
593: setConfigurations(dn, configs);
594: }
595:
596: // Delete a configuration for a given dn
597: public void deleteConfiguration(String dn, String name)
598: throws PSMBeanException {
599: logger.log(Level.FINEST, "Start delete configuration");
600: List configs = getConfigurationsByDn(dn);
601: logger.log(Level.FINEST, "Before deletes, configs size is "
602: + configs.size());
603: for (int i = 0; i < configs.size(); i++) {
604: Configuration c = (Configuration) configs.get(i);
605: logger.log(Level.FINEST, "Checking config named "
606: + c.getConfigurationName());
607: if (name.equals(c.getConfigurationName())) {
608: logger.log(Level.FINEST, "Found template to delete");
609: configs.remove(i);
610: i--;
611: }
612: }
613: logger.log(Level.FINEST, "After deletes, configs size is "
614: + configs.size());
615: setConfigurations(dn, configs);
616: }
617:
618: // Return a whether or not the dn has the SSOAdapter service registered
619: // Passing in null or GLOBAL_DN will always return true
620: // Passing in an empty value will always return false
621: public Boolean hasSSOAdapterService(String dn)
622: throws PSMBeanException {
623: logger.log(Level.FINEST, "Start");
624: // Global dn always has the service assigned
625: if ((dn == null) || GLOBAL_DN.equals(dn))
626: return Boolean.TRUE;
627: List returnList = new ArrayList();
628: AMStoreConnection conn = null;
629: try {
630: SSOTokenManager manager = SSOTokenManager.getInstance();
631: SSOToken token = AdminServerUtil.getSSOToken();
632: java.security.Principal principal = token.getPrincipal();
633: if ((token != null) && (manager.isValidToken(token))) {
634: // open a store connection
635: conn = new AMStoreConnection(token);
636: if (!conn.isValidEntry(dn)) {
637: logger.log(Level.WARNING, "dn does not exist: "
638: + dn);
639: return Boolean.FALSE;
640: }
641: int type = conn.getAMObjectType(dn);
642: AMObject object = null;
643: switch (type) {
644: case AMObject.ORGANIZATION:
645: object = conn.getOrganization(dn);
646: break;
647: case AMObject.ROLE:
648: object = conn.getRole(dn);
649: break;
650: case AMObject.USER:
651: AMUser user = conn.getUser(dn);
652: Set services = user.getAssignedServices();
653: if ((services != null)
654: && (services.contains(SSO_SERVICE))) {
655: logger
656: .finest("User does have the SSOAdapter service registered");
657: return Boolean.TRUE;
658: } else {
659: logger.log(Level.WARNING,
660: "User does have the SSOAdapter service registered. Services registered: "
661: + services);
662: return Boolean.FALSE;
663: }
664: default:
665: logger.log(Level.WARNING,
666: "Invalid object type for dn " + dn + ": "
667: + type);
668: return Boolean.FALSE;
669: }
670: // This one fails for users with an Unsupported operation exception
671: AMTemplate dynTemplate = object.getTemplate(
672: SSO_SERVICE, AMTemplate.DYNAMIC_TEMPLATE);
673: if (dynTemplate.isExists()) {
674: logger
675: .log(Level.FINEST,
676: "dn does have the SSOAdapter service registered");
677: return Boolean.TRUE;
678: } else {
679: logger
680: .log(
681: Level.WARNING,
682: "dn "
683: + dn
684: + " does not have the SSOAdapter service registered");
685: return Boolean.FALSE;
686: }
687: // This one just plain doesn't work at any level
688: /* String status = object.getServiceStatus(SSO_SERVICE);
689: if (status != null) {
690: logger.log(Level.FINEST, "dn does have the SSOAdapter service registered", status);
691: }*/
692: // This one returns an empty set for orgs, and throws Unsupported op exception for roles
693: /* Set services = object.getAssignedServices();
694: if ((services != null)&&(services.contains(SSO_SERVICE))){
695: logger.finest("dn does have the SSOAdapter service registered");
696: } else {
697: logger.log(Level.WARNING,"dn does have the SSOAdapter service registered. Services registered: "+services);
698: }*/
699:
700: }
701: } catch (Exception e) {
702: // Soooo many possible exceptions, just catch em all and return false
703: logger.log(Level.WARNING, "Problem checking " + dn
704: + " for the SSOAdapter service", e);
705: }
706: return Boolean.FALSE;
707: }
708:
709: // Return a set of all role and org dns which have the sso adapter service template defined
710: public List getDnsWithConfigurations() throws PSMBeanException {
711: logger.log(Level.FINEST, "Start");
712: List returnList = new ArrayList();
713: AMStoreConnection conn = null;
714: try {
715: SSOTokenManager manager = SSOTokenManager.getInstance();
716: SSOToken token = AdminServerUtil.getSSOToken();
717: java.security.Principal principal = token.getPrincipal();
718: if ((token != null) && (manager.isValidToken(token))) {
719: // open a store connection
720: conn = new AMStoreConnection(token);
721: logger.log(Level.FINEST, "Got AMStoreConnection");
722: // get the starting OrgDN from the principal
723: AMUser user = conn.getUser(principal.getName());
724: String orgDN = user.getOrganizationDN();
725: AMOrganization startOrg = conn.getOrganization(orgDN);
726:
727: // Try getting the service template attributes and searching those
728: Set orgs = startOrg
729: .getSubOrganizations(AMConstants.SCOPE_SUB);
730: for (Iterator i = orgs.iterator(); i.hasNext();) {
731: String orgDn = (String) i.next();
732: AMOrganization org = startOrg
733: .getSubOrganization(orgDn);
734: logger.log(Level.FINEST, "Searching " + orgDn);
735: // See if the attribute is defined here
736: AMTemplate dynTemplate = org.getTemplate(
737: SSO_SERVICE, AMTemplate.DYNAMIC_TEMPLATE);
738: if (dynTemplate.isExists()) {
739: logger
740: .log(Level.FINEST,
741: "Adding to return set");
742: // Add this dn to the return set
743: returnList.add(orgDn);
744: }
745: }
746:
747: // Do the same for roles
748: Set roles = startOrg.getRoles(AMConstants.SCOPE_SUB);
749: for (Iterator i = roles.iterator(); i.hasNext();) {
750: String roleDn = (String) i.next();
751: logger.log(Level.FINEST, "Searching " + roleDn);
752: AMRole role = conn.getRole(roleDn);
753: AMTemplate dynTemplate = role.getTemplate(
754: SSO_SERVICE, AMTemplate.DYNAMIC_TEMPLATE);
755: if (dynTemplate.isExists()) {
756: logger
757: .log(Level.FINEST,
758: "Adding to return set");
759: // Add this dn to the return set
760: returnList.add(roleDn);
761: }
762: }
763: }
764: } catch (SSOException ssoe) {
765: if (logger.isLoggable(Level.INFO)) {
766: logger.log(Level.INFO, "PSFB_CSPFM0001", ssoe);
767: }
768: throw new PSMBeanException("ssoTokenError");
769: } catch (AMException ame) {
770: if (logger.isLoggable(Level.INFO)) {
771: logger.log(Level.INFO, "PSFB_CSPFM0002", ame);
772: }
773: throw new PSMBeanException("amException");
774: } finally {
775: if (conn != null) {
776: // help garbage collect
777: conn = null;
778: }
779: }
780:
781: return returnList;
782: }
783:
784: // Return a list of authless users that can use the sso adapter service without authentication
785: public List getAuthorizedAuthlessUsers() throws PSMBeanException {
786: logger.log(Level.FINEST,
787: "Getting authorized authless user list");
788: AttributeHandler handler = new GenericDSAMEAttributeHandler();
789: handler.init("ssoadapter", getDomainID(), getID());
790: // AttributeHandlerFactory.getComponentAttrHandler("ssoadapter",
791: // getPSConfigContext(), getDomainID(), getID());
792: handler.validate(null, authlessOptionsMap);
793: return handler.getAttribute(authlessOptionsMap);
794: }
795:
796: // Set the list of authless users that can use the sso adapter service without authentication
797: public void setAuthorizedAuthlessUsers(List userDns)
798: throws PSMBeanException {
799: logger.log(Level.FINEST,
800: "Setting authorized authless user list");
801: AttributeHandler handler = new GenericDSAMEAttributeHandler();
802: handler.init("ssoadapter", getDomainID(), getID());
803: // AttributeHandlerFactory.getComponentAttrHandler("ssoadapter",
804: // getPSConfigContext(), getDomainID(), getID());
805: handler.validate(null, authlessOptionsMap);
806: handler.setAttribute(userDns, authlessOptionsMap);
807: logger.log(Level.FINEST,
808: "Successfully set authorized authless users");
809: }
810:
811: // Grep on the values to see if the template is used as a basis for any of the configurations
812: // If it is, return a String that corresponds to the name of the configuration
813: private Set getConfigsWithTemplate(Set vals, String template) {
814: if (vals == null)
815: return Collections.EMPTY_SET;
816: Set configNames = new HashSet();
817: //String searchString = "configDesc="+template;
818: for (Iterator i = vals.iterator(); i.hasNext();) {
819: // Remove leading "default|"
820: String cstr = (String) i.next();
821: if (cstr.startsWith(PROTOCOL_DEFAULT)) {
822: cstr = cstr.substring(PROTOCOL_DEFAULT.length());
823: }
824: Configuration c = new Configuration(cstr);
825: String desc = c.getConfigurationDescription();
826: logger.log(Level.FINEST, "Testing " + desc + " vs "
827: + template);
828: if ((desc != null) && (desc.equals(template))) {
829: configNames.add(c.getConfigurationName());
830: }
831: }
832: return configNames;
833: }
834:
835: // Searches properties for keys to encrypt, where properties contain a map of names to
836: // array of strings values
837: private void encryptProperties(List keysToEncrypt, Map properties) {
838: for (Iterator i = keysToEncrypt.iterator(); i.hasNext();) {
839: String key = (String) i.next();
840: if (properties.containsKey(key)) {
841: String[] unencryptedValues = (String[]) properties
842: .get(key);
843: logger.log(Level.FINEST,
844: "Found property to be encrypted: " + key);
845: String unencryptedValue = (unencryptedValues != null) ? unencryptedValues[0]
846: : "";
847: if (unencryptedValue == null) {
848: logger.log(Level.FINEST, "Null value found");
849: continue;
850: }
851: // For some odd reason, encrypting a blank string returns null, which configuration.java hates
852: String encryptedValue = (String) AccessController
853: .doPrivileged(new EncryptAction(
854: unencryptedValue));
855: String[] encryptedValues = { (encryptedValue == null) ? ""
856: : encryptedValue };
857: //logger.log(Level.FINEST, "overwriting key "+key+" value:"+unencryptedValue+" with:"+encryptedValues[0]);
858: properties.put(key, encryptedValues);
859: }
860: }
861: }
862:
863: // Searches properties for keys to encrypt, where properties contain a map of names to
864: // array of strings values
865: private void decryptProperties(List keysToDecrypt, Map properties) {
866: for (Iterator i = keysToDecrypt.iterator(); i.hasNext();) {
867: String key = (String) i.next();
868: if (properties.containsKey(key)) {
869: String[] encryptedValues = (String[]) properties
870: .get(key);
871: logger.log(Level.FINEST,
872: "Found property to be decrypted: " + key);
873: String encryptedValue = (encryptedValues != null) ? encryptedValues[0]
874: : null;
875: if (encryptedValue == null) {
876: //logger.log(Level.FINEST, "Encrypted value is null");
877: continue;
878: }
879: //logger.log(Level.FINEST, "Encrypted value: "+encryptedValue);
880: String decryptedValue = (String) AccessController
881: .doPrivileged(new DecryptAction(encryptedValue));
882: //logger.log(Level.FINEST, "Decrypted value: "+decryptedValue);
883: String[] decryptedValues = { decryptedValue };
884: properties.put(key, decryptedValues);
885: }
886: }
887: }
888: }
|