private BiMap<String, String> getAttributeNameToResourceName(ServiceSchema schema) {
HashBiMap<String, String> result = HashBiMap.create();
for (String attributeName : (Set<String>) schema.getAttributeSchemaNames()) {
final String resourceName = schema.getAttributeSchema(attributeName).getResourceName();
if (resourceName != null) {
result.put(attributeName, resourceName);
}
}
return result;
}
/**
* Returns a XML for displaying attribute in property sheet.
*
* @param serviceSchema Service schemas.
* @param model Model for getting localized string and user locale.
* @throws SMSException if attribute schema cannot obtained.
* @throws SSOException if single sign on token is invalid.
*/
public PropertyXMLBuilder(ServiceSchema serviceSchema, AMModel model)
throws SMSException, SSOException {
this.model = model;
this.serviceName = serviceSchema.getServiceName();
getServiceResourceBundle(serviceSchema);
if (serviceBundle != null) {
mapTypeToAttributeSchema = new HashMap();
mapTypeToAttributeSchema.put(
serviceSchema.getServiceType(), serviceSchema.getAttributeSchemas());
}
}
private void detectMode(String service, String attribute) {
try {
ServiceSchema schema = schemaManager.getGlobalSchema();
Map defaults = schema.getAttributeDefaults();
enabled = Boolean.parseBoolean(CollectionHelper.getMapAttr(defaults, attribute, ""));
if (listenerId == null) {
listenerId = schemaManager.addListener(this);
}
} catch (SMSException e) {
DEBUG.error("Could not get " + service, e);
throw new IllegalStateException("Could not get " + service, e);
}
}
protected HashMap<String, String> getAttributeNameToSection() {
HashMap<String, String> result = new HashMap<String, String>();
InputStream inputStream =
getClass()
.getClassLoader()
.getResourceAsStream("/" + schema.getName() + ".section" + ".properties");
if (inputStream != null) {
String line;
BufferedReader reader = new BufferedReader(new InputStreamReader(inputStream));
try {
while ((line = reader.readLine()) != null) {
if (!(line.matches("^\\#.*") || line.isEmpty())) {
String[] attributeValue = line.split("=");
final String sectionName = attributeValue[0];
result.put(attributeValue[1], sectionName);
}
}
} catch (IOException e) {
if (debug.errorEnabled()) {
debug.error("Error reading section properties file", e);
}
}
}
return result;
}
private synchronized void init() {
if (initialised) {
return;
}
attributeNameToResourceName = getAttributeNameToResourceName(schema);
hiddenAttributeNames = getHiddenAttributeNames();
for (Object attributeName : schema.getAttributeSchemaNames()) {
AttributeSchemaConverter attributeSchemaConverter;
final AttributeSchema attributeSchema =
this.schema.getAttributeSchema((String) attributeName);
final AttributeSchema.Syntax syntax = attributeSchema.getSyntax();
attributeSchemaConverter = getAttributeSchemaValue(syntax);
final String resourceName = attributeSchema.getResourceName();
if (resourceName == null) {
attributeSchemaConverters.put((String) attributeName, attributeSchemaConverter);
} else {
attributeSchemaConverters.put(resourceName, attributeSchemaConverter);
}
}
resourceNameToAttributeName = attributeNameToResourceName.inverse();
attributeNameToSection = getAttributeNameToSection();
initialised = true;
}
private Map<String, Set<String>> getDefaultOAuth2ProviderAttributes(SSOToken token)
throws WorkflowException {
try {
final ServiceSchema serviceSchema =
new ServiceSchemaManager(SERVICE_NAME, token).getOrganizationSchema();
return SMSUtils.removeValidators(serviceSchema.getReadOnlyAttributeDefaults(), serviceSchema);
} catch (SMSException e) {
DEBUG.error(
"An error occurred while trying to read the default OAuth2 Provider settings.", e);
throw new WorkflowException("oauth2.provider.read.error", null);
} catch (SSOException e) {
DEBUG.error(
"An error occurred while trying to read the default OAuth2 Provider settings.", e);
throw new WorkflowException("oauth2.provider.read.error", null);
}
}
/**
* Update the AuthService global and organization settings. most of the code is moved in from
* AuthenticatorManager.java.
*
* @param scm <code>ServiceSchemaManager</code> to be used for update
* @throws SMSException if it fails to update auth service
* @throws Exception
*/
synchronized void updateAuthServiceGlobals(ServiceSchemaManager scm)
throws SMSException, Exception {
ServiceSchema schema = scm.getOrganizationSchema();
Map attrs = schema.getAttributeDefaults();
// get Global type attributes for iPlanetAMAuthService
schema = scm.getGlobalSchema();
attrs.putAll(schema.getAttributeDefaults());
if (debug.messageEnabled()) {
debug.message("attrs : " + attrs);
}
defaultAuthLocale = CollectionHelper.getMapAttr(attrs, ISAuthConstants.AUTH_LOCALE_ATTR);
adminAuthModule = CollectionHelper.getMapAttr(attrs, ISAuthConstants.ADMIN_AUTH_MODULE);
defaultAuthLevel =
CollectionHelper.getMapAttr(attrs, ISAuthConstants.DEFAULT_AUTH_LEVEL, DEFAULT_AUTH_LEVEL);
Set s = (Set) attrs.get(ISAuthConstants.AUTHENTICATORS);
Iterator iter = s.iterator();
while (iter.hasNext()) {
String name = (String) iter.next();
int dot = name.lastIndexOf('.');
if (dot > -1) {
String tmp = name.substring(dot + 1, name.length());
authMethods.put(tmp, name);
} else {
authMethods.put(name, name);
}
}
if (debug.messageEnabled()) {
debug.message("AM.update authMethods = " + authMethods.toString());
}
defaultSuccessURLSet = (Set) attrs.get(ISAuthConstants.LOGIN_SUCCESS_URL);
defaultFailureURLSet = (Set) attrs.get(ISAuthConstants.LOGIN_FAILURE_URL);
if (debug.messageEnabled()) {
debug.message("Default Success URL Set = " + defaultSuccessURLSet);
debug.message("Default Failure URL Set = " + defaultFailureURLSet);
}
Integer sleepTime =
new Integer(CollectionHelper.getMapAttr(attrs, ISAuthConstants.SLEEP_INTERVAL));
defaultSleepTime = sleepTime.longValue();
}
/**
* Update the AuthConfiguration organization attributes.
*
* @param scm <code>ServiceSchemaManager</code> to be used for update
* @throws SMSException if it fails to update auth service
*/
synchronized void updateAuthConfigGlobals(ServiceSchemaManager scm) throws SMSException {
ServiceSchema schema = scm.getOrganizationSchema();
schema = schema.getSubSchema("Configurations");
schema = schema.getSubSchema("NamedConfiguration");
Map attrs = schema.getAttributeDefaults();
if (attrs != null) {
defaultServiceSuccessURLSet = (Set) attrs.get(ISAuthConstants.LOGIN_SUCCESS_URL);
defaultServiceFailureURLSet = (Set) attrs.get(ISAuthConstants.LOGIN_FAILURE_URL);
}
if (debug.messageEnabled()) {
debug.message("Default Service Success URL Set = " + defaultServiceSuccessURLSet);
debug.message("Default Service Failure URL Set = " + defaultServiceFailureURLSet);
}
}
/**
* Update the PlatformService global attributes.
*
* @param scm <code>ServiceSchemaManager</code> to be used for update
* @throws SMSException if it fails to initialize platform service
*/
synchronized void updatePlatformServiceGlobals(ServiceSchemaManager scm) throws SMSException {
platformSchema = scm.getGlobalSchema();
Map attrs = platformSchema.getAttributeDefaults();
platformLocale = CollectionHelper.getMapAttr(attrs, ISAuthConstants.PLATFORM_LOCALE_ATTR);
if (debug.messageEnabled()) {
debug.message("PlatformLocale = " + platformLocale);
}
}
/**
* Returns a XML for displaying attribute in property sheet.
*
* @param serviceSchema Service schemas.
* @param model Model for getting localized string and user locale.
* @throws SMSException if attribute schema cannot obtained.
* @throws SSOException if single sign on token is invalid.
*/
public PropertyXMLBuilder(ServiceSchema serviceSchema, AMModel model, Set attributeSchemas)
throws SMSException, SSOException {
this.model = model;
this.serviceName = serviceSchema.getServiceName();
getServiceResourceBundle(serviceSchema);
if (serviceBundle != null) {
mapTypeToAttributeSchema = new HashMap(attributeSchemas.size() * 2);
mapTypeToAttributeSchema.put(NULL_TYPE, attributeSchemas);
}
}
private Set getAttributeSchemas(SchemaType type) throws SMSException {
Set results = null;
ServiceSchema schema = svcSchemaManager.getSchema(type);
if (schema != null) {
Set attributes = schema.getAttributeSchemas();
if ((attributes != null) && !attributes.isEmpty()) {
results = new HashSet(attributes.size() * 2);
for (Iterator iter = attributes.iterator(); iter.hasNext(); ) {
AttributeSchema as = (AttributeSchema) iter.next();
String i18nKey = as.getI18NKey();
if ((i18nKey != null) && (i18nKey.trim().length() > 0)) {
results.add(as);
}
}
}
}
return results;
}
/**
* Update the SessionService dynamic attributes.
*
* @param scm <code>ServiceSchemaManager</code> to be used for update
* @throws SMSException if it fails to update session service
*/
synchronized void updateSessionServiceDynamics(ServiceSchemaManager scm) throws SMSException {
sessionSchema = scm.getDynamicSchema();
if (debug.messageEnabled()) {
Map attrs = sessionSchema.getAttributeDefaults();
String defaultMaxSessionTime =
CollectionHelper.getMapAttr(attrs, ISAuthConstants.MAX_SESSION_TIME, "120");
String defaultMaxIdleTime =
CollectionHelper.getMapAttr(attrs, ISAuthConstants.SESS_MAX_IDLE_TIME, "30");
String defaultMaxCachingTime =
CollectionHelper.getMapAttr(attrs, ISAuthConstants.SESS_MAX_CACHING_TIME, "3");
debug.message(
"AuthD.defaultMaxSessionTime="
+ defaultMaxSessionTime
+ "\nAuthD.defaultMaxIdleTime="
+ defaultMaxIdleTime
+ "\nAuthD.defaultMaxCachingTime="
+ defaultMaxCachingTime);
}
}
/**
* Determine the listener list based on the diable list property and SMS DataStore notification
* property in Realm mode
*/
private static void getListenerList() {
String list = SystemProperties.get(EVENT_LISTENER_DISABLE_LIST, "");
if (debugger.messageEnabled()) {
debugger.message(
"EventService.getListenerList(): " + EVENT_LISTENER_DISABLE_LIST + ": " + list);
}
boolean enableDataStoreNotification =
Boolean.parseBoolean(SystemProperties.get(Constants.SMS_ENABLE_DB_NOTIFICATION));
if (debugger.messageEnabled()) {
debugger.message(
"EventService.getListenerList(): "
+ "com.sun.identity.sm.enableDataStoreNotification: "
+ enableDataStoreNotification);
}
boolean configTime =
Boolean.parseBoolean(SystemProperties.get(Constants.SYS_PROPERTY_INSTALL_TIME));
if (debugger.messageEnabled()) {
debugger.message(
"EventService.getListenerList(): "
+ Constants.SYS_PROPERTY_INSTALL_TIME
+ ": "
+ configTime);
}
// Copy the default listeners
String[] tmpListeners = new String[ALL_LISTENERS.length];
System.arraycopy(ALL_LISTENERS, 0, tmpListeners, 0, ALL_LISTENERS.length);
// Process the configured disabled list first
boolean disableACI = false, disableUM = false, disableSM = false;
if (list.length() != 0) {
StringTokenizer st = new StringTokenizer(list, ",");
String listener = "";
while (st.hasMoreTokens()) {
listener = st.nextToken().trim();
if (listener.equalsIgnoreCase("aci")) {
disableACI = true;
} else if (listener.equalsIgnoreCase("um")) {
disableUM = true;
} else if (listener.equalsIgnoreCase("sm")) {
disableSM = true;
} else {
debugger.error(
"EventService.getListenerList() - " + "Invalid listener name: " + listener);
}
}
}
if (!disableUM || !disableACI) {
// Check if AMSDK is configured
boolean disableAMSDK = true;
if (!configTime) {
try {
ServiceSchemaManager scm =
new ServiceSchemaManager(getSSOToken(), IdConstants.REPO_SERVICE, "1.0");
ServiceSchema idRepoSubSchema = scm.getOrganizationSchema();
Set idRepoPlugins = idRepoSubSchema.getSubSchemaNames();
if (idRepoPlugins.contains("amSDK")) {
disableAMSDK = false;
}
} catch (SMSException ex) {
if (debugger.warningEnabled()) {
debugger.warning(
"EventService.getListenerList() - " + "Unable to obtain idrepo service", ex);
}
} catch (SSOException ex) {
// Should not happen, ignore the exception
}
}
if (disableAMSDK) {
disableUM = true;
disableACI = true;
if (debugger.messageEnabled()) {
debugger.message(
"EventService.getListener"
+ "List(): AMSDK is not configured or config time. "
+ "Disabling UM and ACI event listeners");
}
}
}
// Verify if SMSnotification should be enabled
if (configTime || ServiceManager.isRealmEnabled()) {
disableSM = !enableDataStoreNotification;
if (debugger.messageEnabled()) {
debugger.message(
"EventService.getListenerList(): In realm "
+ "mode or config time, SMS listener is set to datastore "
+ "notification flag: "
+ enableDataStoreNotification);
}
}
// Disable the selected listeners
if (disableACI) {
tmpListeners[0] = null;
}
if (disableUM) {
tmpListeners[1] = null;
}
if (disableSM) {
tmpListeners[2] = null;
}
listeners = tmpListeners;
// if all disabled, signal to not start the thread
if (disableACI && disableUM && disableSM) {
if (debugger.messageEnabled()) {
debugger.message(
"EventService.getListenerList() - "
+ "all listeners are disabled, EventService won't start");
}
_allDisabled = true;
} else {
_allDisabled = false;
}
}
/**
* Return max session time
*
* @return max session time
*/
String getDefaultMaxSessionTime() {
return CollectionHelper.getMapAttr(
sessionSchema.getAttributeDefaults(), ISAuthConstants.MAX_SESSION_TIME, "120");
}
private boolean shouldNotBeUpdated(String attributeName) {
final AttributeSchema attributeSchema = schema.getAttributeSchema(attributeName);
return attributeSchema == null || hiddenAttributeNames.contains(attributeName);
}
private boolean shouldBeIgnored(String attributeName) {
final AttributeSchema attributeSchema = schema.getAttributeSchema(attributeName);
return attributeSchema == null
|| StringUtils.isBlank(attributeSchema.getI18NKey())
|| hiddenAttributeNames.contains(attributeName);
}
/**
* Will validate the Json representation of the service configuration against the serviceSchema
* for a realm, and return a corresponding Map representation.
*
* @param jsonValue The request body.
* @param realm The realm, or null if global.
* @return Map representation of jsonValue
*/
public Map<String, Set<String>> fromJson(String realm, JsonValue jsonValue)
throws JsonException, BadRequestException {
if (!initialised) {
init();
}
Map<String, Set<String>> result = new HashMap<>();
if (jsonValue == null || jsonValue.isNull()) {
return result;
}
Map<String, Object> translatedAttributeValuePairs =
getTranslatedAttributeValuePairs(jsonValue.asMap());
for (String attributeName : translatedAttributeValuePairs.keySet()) {
// Ignore _id field used to name resource when creating
if (ResourceResponse.FIELD_CONTENT_ID.equals(attributeName)) {
continue;
}
if (shouldNotBeUpdated(attributeName)) {
throw new BadRequestException("Invalid attribute, '" + attributeName + "', specified");
}
if (shouldBeIgnored(attributeName)) {
continue;
}
final Object attributeValue = translatedAttributeValuePairs.get(attributeName);
Set<String> value = new HashSet<>();
if (attributeValue instanceof HashMap) {
final HashMap<String, Object> attributeMap = (HashMap<String, Object>) attributeValue;
for (String name : attributeMap.keySet()) {
value.add("[" + name + "]=" + convertJsonToString(attributeName, attributeMap.get(name)));
}
} else if (attributeValue instanceof List) {
List<Object> attributeArray = (ArrayList<Object>) attributeValue;
for (Object val : attributeArray) {
value.add(convertJsonToString(attributeName, val));
}
} else {
value.add(convertJsonToString(attributeName, attributeValue));
}
result.put(attributeName, value);
}
try {
if (result.isEmpty()
|| (realm == null && schema.validateAttributes(result))
|| (realm != null && schema.validateAttributes(result, realm))) {
return result;
} else {
throw new JsonException("Invalid attributes");
}
} catch (InvalidAttributeValueException e) {
throw new BadRequestException(e.getLocalizedMessage(), e);
} catch (SMSException e) {
throw new JsonException("Unable to validate attributes", e);
}
}
/**
* Will validate the Map representation of the service configuration against the serviceSchema and
* return a corresponding JSON representation
*
* @param attributeValuePairs The schema attribute values.
* @param realm The realm, or null if global.
* @return Json representation of attributeValuePairs
*/
public JsonValue toJson(String realm, Map<String, Set<String>> attributeValuePairs) {
if (!initialised) {
init();
}
final boolean validAttributes;
try {
if (realm == null) {
validAttributes = schema.validateAttributes(attributeValuePairs);
} else {
validAttributes = schema.validateAttributes(attributeValuePairs, realm);
}
} catch (SMSException e) {
debug.error(
"schema validation threw an exception while validating the attributes: realm="
+ realm
+ " attributes: "
+ attributeValuePairs,
e);
throw new JsonException("Unable to validate attributes", e);
}
JsonValue parentJson = json(new HashMap<String, Object>());
if (validAttributes) {
for (String attributeName : attributeValuePairs.keySet()) {
String jsonResourceName = attributeNameToResourceName.get(attributeName);
String name;
if (jsonResourceName != null) {
name = jsonResourceName;
} else {
name = attributeName;
}
AttributeSchema attributeSchema = schema.getAttributeSchema(attributeName);
if (shouldBeIgnored(attributeName)) {
continue;
}
AttributeSchema.Type type = attributeSchema.getType();
final Set<String> object = attributeValuePairs.get(attributeName);
Object jsonAttributeValue = null;
if (type == null) {
throw new JsonException("Type not defined.");
}
AttributeSchemaConverter attributeSchemaConverter = attributeSchemaConverters.get(name);
if (isASingleValue(type)) {
if (!object.isEmpty()) {
jsonAttributeValue = attributeSchemaConverter.toJson(object.iterator().next());
}
} else if (containsMultipleValues(type)) {
if (isAMap(attributeSchema.getUIType())) {
Map<String, Object> map = new HashMap<String, Object>();
Iterator<String> itr = object.iterator();
while (itr.hasNext()) {
Pair<String, String> entry = nameValueParser.parse(itr.next());
map.put(entry.getFirst(), attributeSchemaConverter.toJson(entry.getSecond()));
}
jsonAttributeValue = map;
} else {
List<Object> list = new ArrayList<Object>();
Iterator<String> itr = object.iterator();
while (itr.hasNext()) {
list.add(attributeSchemaConverter.toJson(itr.next()));
}
jsonAttributeValue = list;
}
}
String sectionName = attributeNameToSection.get(attributeName);
if (sectionName != null) {
parentJson.putPermissive(
new JsonPointer("/" + sectionName + "/" + name), jsonAttributeValue);
} else {
parentJson.put(name, jsonAttributeValue);
}
}
} else {
throw new JsonException("Invalid attributes");
}
return parentJson;
}
/**
* Return max session idle time
*
* @return max session idle time
*/
String getDefaultMaxIdleTime() {
return CollectionHelper.getMapAttr(
sessionSchema.getAttributeDefaults(), ISAuthConstants.SESS_MAX_IDLE_TIME, "30");
}
/**
* Return max session caching time
*
* @return max session caching time
*/
String getDefaultMaxCachingTime() {
return CollectionHelper.getMapAttr(
sessionSchema.getAttributeDefaults(), ISAuthConstants.SESS_MAX_CACHING_TIME, "3");
}