private void logConfiguration(final Collection<IdentityConfiguration> configurations) {
for (IdentityConfiguration identityConfiguration : configurations) {
if (ROOT_LOGGER.isDebugEnabled()) {
ROOT_LOGGER.debug(" Identity Management Configuration: [");
ROOT_LOGGER.debugf(" Name: %s", identityConfiguration.getName());
ROOT_LOGGER.debugf(
" Identity Store Configuration: %s", identityConfiguration.getStoreConfiguration());
ROOT_LOGGER.debugf(
" Supports Partition: %s",
this.partitionManagementConfig != null
&& this.partitionManagementConfig.equals(identityConfiguration));
ROOT_LOGGER.debugf(
" Supports Attribute: %s",
this.attributeManagementConfig != null
&& this.attributeManagementConfig.equals(identityConfiguration));
ROOT_LOGGER.debugf(
" Supports Credential: %s", identityConfiguration.supportsCredential());
List<Class<?>> supportedTypes = new ArrayList<Class<?>>();
for (IdentityStoreConfiguration storeConfiguration :
identityConfiguration.getStoreConfiguration()) {
supportedTypes.addAll(storeConfiguration.getSupportedTypes().keySet());
}
ROOT_LOGGER.debugf(" Supported Types: %s", supportedTypes);
ROOT_LOGGER.debug(" ]");
}
}
}
@Override
public PermissionStore getStoreForPermissionOperation(IdentityContext context) {
IdentityConfiguration identityConfiguration = null;
if (this.partitionManagementConfig != null) {
identityConfiguration = getConfigurationForPartition(context.getPartition());
} else if (this.configurations.size() == 1) {
identityConfiguration = this.configurations.iterator().next();
}
if (identityConfiguration == null) {
for (IdentityConfiguration configuration : this.configurations) {
for (IdentityStoreConfiguration storeConfig : configuration.getStoreConfiguration()) {
if (storeConfig.supportsPermissions()) {
return (PermissionStore)
getIdentityStoreAndInitializeContext(context, configuration, storeConfig);
}
}
}
} else {
for (IdentityStoreConfiguration storeConfig : identityConfiguration.getStoreConfiguration()) {
if (storeConfig.supportsPermissions()) {
return (PermissionStore)
getIdentityStoreAndInitializeContext(context, identityConfiguration, storeConfig);
}
}
}
throw MESSAGES.permissionUnsupportedOperation();
}
@Override
public <T extends CredentialStore<?>> T getStoreForCredentialOperation(
IdentityContext context, Class<?> credentialClass) {
T store = null;
IdentityConfiguration identityConfiguration = null;
if (this.partitionManagementConfig != null) {
identityConfiguration = getConfigurationForPartition(context.getPartition());
} else {
for (IdentityConfiguration configuration : this.configurations) {
for (IdentityStoreConfiguration storeConfig : configuration.getStoreConfiguration()) {
if (storeConfig.supportsCredential()) {
identityConfiguration = configuration;
}
}
}
}
if (identityConfiguration != null && identityConfiguration.supportsCredential()) {
for (IdentityStoreConfiguration storeConfig : identityConfiguration.getStoreConfiguration()) {
if (storeConfig.supportsCredential()) {
for (@SuppressWarnings("rawtypes")
Class<? extends CredentialHandler> handlerClass : storeConfig.getCredentialHandlers()) {
if (handlerClass.isAnnotationPresent(SupportsCredentials.class)) {
for (Class<?> cls :
handlerClass.getAnnotation(SupportsCredentials.class).credentialClass()) {
if (cls.isAssignableFrom(credentialClass)) {
IdentityStore<?> identityStore = null;
try {
store =
getIdentityStoreAndInitializeContext(
context, identityConfiguration, storeConfig);
} catch (ClassCastException cce) {
throw MESSAGES.storeUnexpectedType(
identityStore.getClass(), CredentialStore.class);
}
// if we found a specific handler for the credential, immediately return.
if (cls.equals(credentialClass)) {
return store;
}
}
}
}
}
}
}
}
if (store == null) {
throw MESSAGES.credentialNoStoreForCredentials(credentialClass);
}
return store;
}
private boolean isPartitionSupported(final List<IdentityConfiguration> configurations) {
for (IdentityConfiguration configuration : configurations) {
for (IdentityStoreConfiguration storeConfig : configuration.getStoreConfiguration()) {
if (storeConfig.supportsPartition()
&& storeConfig.supportsType(Realm.class, IdentityOperation.create)) {
return true;
}
}
}
return false;
}
public <T extends IdentityStore<?>> T lookupStore(
IdentityContext context,
IdentityConfiguration configuration,
Class<? extends AttributedType> type,
IdentityOperation operation) {
for (IdentityStoreConfiguration storeConfig : configuration.getStoreConfiguration()) {
if (storeConfig.supportsType(type, operation)) {
return getIdentityStoreAndInitializeContext(context, configuration, storeConfig);
}
}
return null;
}
@Override
public Set<IdentityStore<?>> getStoresForRelationshipQuery(
IdentityContext context,
Class<? extends Relationship> relationshipClass,
Set<Partition> partitions) {
Set<IdentityStore<?>> identityStores = new HashSet<IdentityStore<?>>();
// If _no_ parameters have been specified for the query at all, we return all stores that
// support the
// specified relationship class
if (partitions.isEmpty()) {
for (IdentityConfiguration config : configurations) {
if (config.getRelationshipPolicy().isGlobalRelationshipSupported(relationshipClass)
|| config.getRelationshipPolicy().isSelfRelationshipSupported(relationshipClass)) {
for (IdentityStoreConfiguration storeConfig : config.getStoreConfiguration()) {
if (storeConfig.supportsType(relationshipClass, IdentityOperation.create)
|| Relationship.class.equals(relationshipClass)) {
identityStores.add(
getIdentityStoreAndInitializeContext(context, config, storeConfig));
}
}
}
}
} else {
for (Partition partition : partitions) {
IdentityConfiguration config = getConfigurationForPartition(partition);
if (config.getRelationshipPolicy().isGlobalRelationshipSupported(relationshipClass)) {
for (IdentityStoreConfiguration storeConfig : config.getStoreConfiguration()) {
if (storeConfig.supportsType(relationshipClass, IdentityOperation.create)
|| Relationship.class.equals(relationshipClass)) {
identityStores.add(
getIdentityStoreAndInitializeContext(context, config, storeConfig));
}
}
}
}
}
if (identityStores.isEmpty()) {
throw MESSAGES.attributedTypeUnsupportedOperation(
relationshipClass, IdentityOperation.read, relationshipClass, IdentityOperation.read);
}
return identityStores;
}
/**
* Returns a {@link IdentityStore} instance considering the given {@link IdentityConfiguration}
* and {@link IdentityStoreConfiguration}.
*
* <p>Before returning the instance, the {@link IdentityContext} is initialized.
*
* @param context
* @param configuration
* @param storeConfig
* @param <T>
* @return
*/
private <T extends IdentityStore<?>> T getIdentityStoreAndInitializeContext(
final IdentityContext context,
final IdentityConfiguration configuration,
final IdentityStoreConfiguration storeConfig) {
IdentityStore<?> store = this.stores.get(configuration).get(storeConfig);
storeConfig.initializeContext(context, store);
return (T) store;
}
@Override
public <T extends PartitionStore<?>> T getStoreForPartitionOperation(IdentityContext context) {
Map<IdentityStoreConfiguration, IdentityStore<?>> configStores =
stores.get(this.partitionManagementConfig);
for (IdentityStoreConfiguration cfg : configStores.keySet()) {
if (cfg.supportsType(Partition.class, IdentityOperation.create)) {
T store =
getIdentityStoreAndInitializeContext(context, this.partitionManagementConfig, cfg);
if (!PartitionStore.class.isInstance(store)) {
throw MESSAGES.storeUnexpectedType(store.getClass(), PartitionStore.class);
}
return store;
}
}
throw MESSAGES.storeNotFound(PartitionStore.class);
}
@Override
public <T extends AttributeStore<?>> T getStoreForAttributeOperation(IdentityContext context) {
if (attributeManagementConfig != null) {
Map<IdentityStoreConfiguration, IdentityStore<?>> configStores =
stores.get(attributeManagementConfig);
for (IdentityStoreConfiguration cfg : configStores.keySet()) {
if (cfg.supportsAttribute()) {
T store =
getIdentityStoreAndInitializeContext(context, this.attributeManagementConfig, cfg);
if (!AttributeStore.class.isInstance(store)) {
throw MESSAGES.storeUnexpectedType(store.getClass(), AttributeStore.class);
}
return store;
}
}
}
return null;
}
@Override
public Set<IdentityStore<?>> getStoresForIdentityQuery(
final IdentityContext context, final Class<? extends IdentityType> identityType) {
Set<IdentityStore<?>> identityStores = new HashSet<IdentityStore<?>>();
for (IdentityConfiguration configuration : this.configurations) {
for (IdentityStoreConfiguration storeConfig : configuration.getStoreConfiguration()) {
if (storeConfig.supportsType(identityType, IdentityOperation.read)
|| IdentityType.class.equals(identityType)) {
identityStores.add(
getIdentityStoreAndInitializeContext(context, configuration, storeConfig));
}
}
}
if (identityStores.isEmpty()) {
throw MESSAGES.attributedTypeUnsupportedOperation(
identityType, IdentityOperation.read, identityType, IdentityOperation.read);
}
return identityStores;
}
@SuppressWarnings({"unchecked", "rawtypes"})
private <T extends IdentityStore> T createIdentityStore(
IdentityStoreConfiguration storeConfiguration) {
Class<T> storeClass = (Class<T>) storeConfiguration.getIdentityStoreType();
if (storeClass == null) {
// If no store class is configured, default to the built-in types for known configurations
if (FileIdentityStoreConfiguration.class.isInstance(storeConfiguration)) {
storeClass = (Class<T>) FileIdentityStore.class;
} else if (JPAIdentityStoreConfiguration.class.isInstance(storeConfiguration)) {
storeClass = (Class<T>) JPAIdentityStore.class;
} else if (LDAPIdentityStoreConfiguration.class.isInstance(storeConfiguration)) {
storeClass = (Class<T>) LDAPIdentityStore.class;
} else if (JDBCIdentityStoreConfiguration.class.isInstance(storeConfiguration)) {
storeClass = (Class<T>) JDBCIdentityStore.class;
}
}
if (storeClass == null) {
throw MESSAGES.configUnknownStoreForConfiguration(storeConfiguration);
}
try {
if (storeConfiguration instanceof AbstractIdentityStoreConfiguration) {
((AbstractIdentityStoreConfiguration) storeConfiguration).setIdentityStoreType(storeClass);
}
T store = storeClass.newInstance();
store.setup(storeConfiguration);
return store;
} catch (Exception ex) {
throw MESSAGES.configCouldNotCreateStore(storeClass, storeConfiguration, ex);
}
}
@Override
public IdentityStore<?> getStoreForRelationshipOperation(
IdentityContext context,
Class<? extends Relationship> relationshipClass,
Relationship relationship,
IdentityOperation operation) {
Set<Partition> partitions = relationshipMetadata.getRelationshipPartitions(relationship);
IdentityStore<?> store = null;
// Check if the partition can manage its own relationship
if (partitions.size() == 1) {
IdentityConfiguration config;
if (this.partitionManagementConfig != null) {
config = getConfigurationForPartition(partitions.iterator().next());
} else {
config = this.configurations.iterator().next();
}
if (config.getRelationshipPolicy().isSelfRelationshipSupported(relationshipClass)) {
for (IdentityStoreConfiguration storeConfig : config.getStoreConfiguration()) {
if (storeConfig.supportsType(relationshipClass, operation)) {
store = getIdentityStoreAndInitializeContext(context, config, storeConfig);
}
}
}
} else {
// This is a multi-partition relationship - use the configuration that supports the global
// relationship type
for (Partition partition : partitions) {
IdentityConfiguration config = getConfigurationForPartition(partition);
if (config.getRelationshipPolicy().isGlobalRelationshipSupported(relationshipClass)) {
for (IdentityStoreConfiguration storeConfig : config.getStoreConfiguration()) {
if (storeConfig.supportsType(relationshipClass, operation)) {
store = getIdentityStoreAndInitializeContext(context, config, storeConfig);
}
}
}
}
}
// If none of the participating partition configurations support the relationship, try to find
// another configuration
// that supports the global relationship as a last ditch effort
if (store == null) {
for (IdentityConfiguration cfg : configurations) {
if (cfg.getRelationshipPolicy().isGlobalRelationshipSupported(relationshipClass)) {
// found one
for (IdentityStoreConfiguration storeConfig : cfg.getStoreConfiguration()) {
if (storeConfig.supportsType(relationshipClass, operation)) {
store = getIdentityStoreAndInitializeContext(context, cfg, storeConfig);
}
}
}
}
}
if (store == null) {
throw MESSAGES.attributedTypeUnsupportedOperation(
relationshipClass, operation, relationshipClass, operation);
}
return store;
}
public DefaultPartitionManager(
Collection<IdentityConfiguration> configurations,
EventBridge eventBridge,
Collection<PermissionHandler> permissionHandlers,
IdGenerator idGenerator) {
if (configurations == null || configurations.isEmpty()) {
throw MESSAGES.configNoIdentityConfigurationProvided();
}
ROOT_LOGGER.partitionManagerBootstrap();
try {
this.configurations = Collections.unmodifiableCollection(configurations);
if (eventBridge != null) {
this.eventBridge = eventBridge;
} else {
this.eventBridge =
new EventBridge() {
public void raiseEvent(Object event) {
/* no-op */
}
};
}
if (idGenerator != null) {
this.idGenerator = idGenerator;
} else {
this.idGenerator = new DefaultIdGenerator();
}
permissionHandlerPolicy = new PermissionHandlerPolicy(null);
if (permissionHandlers != null) {
for (PermissionHandler handler : permissionHandlers) {
permissionHandlerPolicy.registerHandler(handler);
}
}
IdentityConfiguration partitionCfg = null;
IdentityConfiguration attributeCfg = null;
for (IdentityConfiguration config : configurations) {
for (IdentityStoreConfiguration storeConfig : config.getStoreConfiguration()) {
if (storeConfig.supportsPartition()) {
partitionCfg = config;
}
if (storeConfig.supportsAttribute()) {
attributeCfg = config;
}
}
}
// There may be no configuration that supports partition management, in which case the
// partitionManagementConfig
// field will be null and partition management operations will not be supported
this.partitionManagementConfig = partitionCfg;
this.attributeManagementConfig = attributeCfg;
logConfiguration(this.configurations);
Map<IdentityConfiguration, Map<IdentityStoreConfiguration, IdentityStore<?>>>
configuredStores =
new HashMap<
IdentityConfiguration, Map<IdentityStoreConfiguration, IdentityStore<?>>>();
for (IdentityConfiguration config : configurations) {
Map<IdentityStoreConfiguration, IdentityStore<?>> storeMap =
new HashMap<IdentityStoreConfiguration, IdentityStore<?>>();
for (IdentityStoreConfiguration storeConfig : config.getStoreConfiguration()) {
storeMap.put(storeConfig, createIdentityStore(storeConfig));
}
configuredStores.put(config, Collections.unmodifiableMap(storeMap));
}
stores = Collections.unmodifiableMap(configuredStores);
} catch (Exception e) {
throw MESSAGES.partitionManagerInitializationFailed(this.getClass(), e);
}
}