use of com.sun.identity.authentication.config.AMAuthenticationInstance in project OpenAM by OpenRock.
the class ListAuthInstances method handleRequest.
/**
* Handles request.
*
* @param rc Request Context.
* @throws CLIException if request cannot be processed.
*/
public void handleRequest(RequestContext rc) throws CLIException {
super.handleRequest(rc);
ldapLogin();
SSOToken adminSSOToken = getAdminSSOToken();
String realm = getStringOptionValue(IArgument.REALM_NAME);
String[] params = { realm };
writeLog(LogWriter.LOG_ACCESS, Level.INFO, "ATTEMPT_LIST_AUTH_INSTANCES", params);
try {
AMAuthenticationManager mgr = new AMAuthenticationManager(adminSSOToken, realm);
Set instances = mgr.getAuthenticationInstances();
if ((instances != null) && !instances.isEmpty()) {
getOutputWriter().printlnMessage(getResourceString("authentication-list-auth-instance"));
for (Iterator i = instances.iterator(); i.hasNext(); ) {
AMAuthenticationInstance instance = (AMAuthenticationInstance) i.next();
Object[] args = { instance.getName(), instance.getType() };
getOutputWriter().printlnMessage(MessageFormat.format(getResourceString("authentication-list-auth-instance-entry"), args));
}
} else {
getOutputWriter().printlnMessage(getResourceString("authentication-list-auth-instance-empty"));
}
writeLog(LogWriter.LOG_ACCESS, Level.INFO, "SUCCEEDED_LIST_AUTH_INSTANCES", params);
} catch (AMConfigurationException e) {
debugError("ListAuthInstances.handleRequest", e);
writeLog(LogWriter.LOG_ERROR, Level.INFO, "FAILED_LIST_AUTH_INSTANCES", params);
throw new CLIException(e, ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
}
}
use of com.sun.identity.authentication.config.AMAuthenticationInstance in project OpenAM by OpenRock.
the class AMLoginContext method executeLogin.
/**
* Starts login process, the map passed to this method is the parameters
* required to start the login process. These parameters are
* <code>indexType</code>, <code>indexName</code> , <code>principal</code>,
* <code>subject</code>, <code>password</code>,
* <code>organization name</code>. Based on these parameters Module
* Configuration name is retrieved using Configuration component. Creates
* a new LoginContext and starts login process and returns. On error
* LoginException is thrown.
*
* @param loginParamsMap login parameters HashMap
* @throws AuthLoginException if execute login fails
*/
public void executeLogin(Map<String, Object> loginParamsMap) throws AuthLoginException {
boolean errorState = false;
internalAuthError = false;
processDone = false;
isFailed = false;
setLoginHash();
/*
* Ensure loginState created and loginParamsMap provided
*/
if (loginState == null || loginParamsMap == null) {
debug.error("Error: loginState or loginParams is null");
loginStatus.setStatus(LoginStatus.AUTH_FAILED);
if (loginState != null) {
loginState.setErrorCode(AMAuthErrorCode.AUTH_ERROR);
}
setErrorMsgAndTemplate();
internalAuthError = true;
throw new AuthLoginException(BUNDLE_NAME, AMAuthErrorCode.AUTH_ERROR, null);
}
/*
* Lookup resource bundle and locale specific settings based on locale associated with LoginState
*/
java.util.Locale loginLocale = com.sun.identity.shared.locale.Locale.getLocale(loginState.getLocale());
bundle = AMResourceBundleCache.getInstance().getResBundle(BUNDLE_NAME, loginLocale);
exceedRetryLimit = AMResourceBundleCache.getInstance().getResBundle("amAuthLDAP", loginLocale).getString(ISAuthConstants.EXCEED_RETRY_LIMIT);
if (debug.messageEnabled()) {
debug.message("LoginState : " + loginState);
}
/*
* Handle redirection if applicable
*/
String redirectUrl = (String) loginParamsMap.get(AuthContextLocal.REDIRECT_URL);
if (redirectUrl != null) {
// Resource/IP/Env based auth case with Redirection Advice
Callback[] redirectCallback = new Callback[1];
redirectCallback[0] = new RedirectCallback(redirectUrl, null, "GET");
if (isPureJAAS()) {
loginState.setReceivedCallback_NoThread(redirectCallback);
} else {
loginState.setReceivedCallback(redirectCallback, this);
}
return;
}
/*
* Initialize instance fields from loginParamsMap
*/
parseLoginParams(loginParamsMap);
/*
* Copy orgDN and clientType values from LoginState
*/
if (authContext.getOrgDN() != null && !authContext.getOrgDN().isEmpty()) {
orgDN = authContext.getOrgDN();
loginState.setQualifiedOrgDN(orgDN);
} else {
orgDN = loginState.getOrgDN();
}
clientType = loginState.getClientType();
if (debug.messageEnabled()) {
debug.message("orgDN : " + orgDN);
debug.message("clientType : " + clientType);
}
/*
* Throw an exception if module-based authentication is disabled and an authentication module other
* than APPLICATION_MODULE or FEDERATION_MODULE is explicitly requested.
*/
if (indexType == IndexType.MODULE_INSTANCE && !loginState.getEnableModuleBasedAuth() && !indexName.equals(ISAuthConstants.APPLICATION_MODULE)) {
String moduleClassName = null;
try {
AMAuthenticationManager authManager = new AMAuthenticationManager(AccessController.doPrivileged(AdminTokenAction.getInstance()), orgDN);
AMAuthenticationInstance authInstance = authManager.getAuthenticationInstance(indexName);
moduleClassName = authInstance.getType();
} catch (AMConfigurationException amce) {
debug.error("AMLoginContext.executeLogin(): Unable to get authentication config", amce);
}
if (moduleClassName != null && !moduleClassName.equalsIgnoreCase(ISAuthConstants.FEDERATION_MODULE)) {
throwExceptionIfModuleBasedAuthenticationDisabled();
}
}
/*
* Update LoginState indexType and indexName
* (after storing current loginState indexType if required for HTTP callback processing)
*/
IndexType prevIndexType = loginState.getIndexType();
if (prevIndexType == IndexType.LEVEL || prevIndexType == IndexType.COMPOSITE_ADVICE) {
loginState.setPreviousIndexType(prevIndexType);
}
loginState.setIndexType(indexType);
loginState.setIndexName(indexName);
/*
* Delegate actual processing of requested authentication type to the dispatch method 'processIndexType'
*/
try {
if (processIndexType(indexType, indexName, orgDN)) {
return;
}
} catch (AuthLoginException le) {
if (MonitoringUtil.isRunning()) {
if (authImpl == null) {
authImpl = Agent.getAuthSvcMBean();
}
if (authImpl != null) {
authImpl.incSsoServerAuthenticationFailureCount();
}
}
debug.message("Error : ", le);
throw le;
} catch (Exception e) {
if (MonitoringUtil.isRunning()) {
if (authImpl == null) {
authImpl = Agent.getAuthSvcMBean();
}
if (authImpl != null) {
authImpl.incSsoServerAuthenticationFailureCount();
}
}
debug.message("Error : ", e);
throw new AuthLoginException(e);
}
/*
* Establish configName based on indexType, indexName, orgDN and clientType
*
* If configName can't be established, throw an exception
*/
configName = getConfigName(indexType, indexName, orgDN, clientType);
if (configName == null) {
loginState.setErrorCode(AMAuthErrorCode.AUTH_CONFIG_NOT_FOUND);
debug.message("Config not found");
setErrorMsgAndTemplate();
internalAuthError = true;
loginStatus.setStatus(LoginStatus.AUTH_FAILED);
loginState.logFailed(bundle.getString("noConfig"), "NOCONFIG");
auditor.auditLoginFailure(loginState, NO_CONFIG);
if (MonitoringUtil.isRunning()) {
if (authImpl == null) {
authImpl = Agent.getAuthSvcMBean();
}
if (authImpl != null) {
authImpl.incSsoServerAuthenticationFailureCount();
}
}
throw new AuthLoginException(BUNDLE_NAME, AMAuthErrorCode.AUTH_CONFIG_NOT_FOUND, null);
}
/*
* Create the LoginContext object that actually handles login/logout
*/
if (debug.messageEnabled()) {
debug.message("Creating login context object\n" + "\n orgDN : " + orgDN + "\n configName : " + configName);
}
try {
jaasCheck = AuthUtils.isPureJAASModulePresent(configName, this);
if (isPureJAAS()) {
debug.message("Using pure jaas mode.");
if (authThread == null) {
authThread = new AuthThreadManager();
authThread.start();
}
}
DSAMECallbackHandler dsameCallbackHandler = new DSAMECallbackHandler(this);
if (isPureJAAS()) {
if (subject != null) {
loginContext = new javax.security.auth.login.LoginContext(configName, subject, dsameCallbackHandler);
} else {
loginContext = new javax.security.auth.login.LoginContext(configName, dsameCallbackHandler);
}
} else {
debug.message("Using non pure jaas mode.");
if (subject != null) {
jaasLoginContext = new com.sun.identity.authentication.jaas.LoginContext(entries, subject, dsameCallbackHandler);
} else {
jaasLoginContext = new com.sun.identity.authentication.jaas.LoginContext(entries, dsameCallbackHandler);
}
}
} catch (AuthLoginException ae) {
debug.error("JAAS module for config: " + configName + ", " + ae.getMessage());
if (debug.messageEnabled()) {
debug.message("AuthLoginException", ae);
}
/* The user based authentication errors should not be different
* for users who exist and who don't, which can lead to
* possiblity of enumerating existing users.
* The AMAuthErrorCode.AUTH_LOGIN_FAILED error code is used for
* all user based authentication errors.
* Refer issue3278
*/
if (indexType == IndexType.USER && AMAuthErrorCode.AUTH_CONFIG_NOT_FOUND.equals(ae.getErrorCode())) {
loginState.setErrorCode(AMAuthErrorCode.AUTH_LOGIN_FAILED);
} else {
loginState.setErrorCode(ae.getErrorCode());
}
setErrorMsgAndTemplate();
loginState.logFailed(bundle.getString("loginContextCreateFailed"));
auditor.auditLoginFailure(loginState);
internalAuthError = true;
loginStatus.setStatus(LoginStatus.AUTH_FAILED);
if (MonitoringUtil.isRunning()) {
if (authImpl == null) {
authImpl = Agent.getAuthSvcMBean();
}
if (authImpl != null) {
authImpl.incSsoServerAuthenticationFailureCount();
}
}
throw ae;
} catch (LoginException le) {
debug.error("in creating LoginContext.");
if (debug.messageEnabled()) {
debug.message("Exception ", le);
}
loginState.setErrorCode(AMAuthErrorCode.AUTH_ERROR);
loginState.logFailed(bundle.getString("loginContextCreateFailed"));
auditor.auditLoginFailure(loginState);
setErrorMsgAndTemplate();
loginStatus.setStatus(LoginStatus.AUTH_FAILED);
internalAuthError = true;
if (MonitoringUtil.isRunning()) {
if (authImpl == null) {
authImpl = Agent.getAuthSvcMBean();
}
if (authImpl != null) {
authImpl.incSsoServerAuthenticationFailureCount();
}
}
throw new AuthLoginException(BUNDLE_NAME, AMAuthErrorCode.AUTH_ERROR, null, le);
} catch (SecurityException se) {
debug.error("security in creating LoginContext.");
if (debug.messageEnabled()) {
debug.message("Exception ", se);
}
loginState.setErrorCode(AMAuthErrorCode.AUTH_ERROR);
setErrorMsgAndTemplate();
loginState.logFailed(bundle.getString("loginContextCreateFailed"));
auditor.auditLoginFailure(loginState);
internalAuthError = true;
loginStatus.setStatus(LoginStatus.AUTH_FAILED);
if (MonitoringUtil.isRunning()) {
if (authImpl == null) {
authImpl = Agent.getAuthSvcMBean();
}
if (authImpl != null) {
authImpl.incSsoServerAuthenticationFailureCount();
}
}
throw new AuthLoginException(BUNDLE_NAME, AMAuthErrorCode.AUTH_ERROR, null);
} catch (Exception e) {
debug.error("Creating DSAMECallbackHandler: " + e.getMessage());
loginState.setErrorCode(AMAuthErrorCode.AUTH_ERROR);
setErrorMsgAndTemplate();
loginState.logFailed(bundle.getString("loginContextCreateFailed"));
auditor.auditLoginFailure(loginState);
internalAuthError = true;
if (MonitoringUtil.isRunning()) {
if (authImpl == null) {
authImpl = Agent.getAuthSvcMBean();
}
if (authImpl != null) {
authImpl.incSsoServerAuthenticationFailureCount();
}
}
loginStatus.setStatus(LoginStatus.AUTH_FAILED);
throw new AuthLoginException(BUNDLE_NAME, AMAuthErrorCode.AUTH_ERROR, null, e);
}
/*
* Perform the login using the objects this method has setup
*/
try {
if (isPureJAAS()) {
if (jaasThread != null) {
jaasThread.interrupt();
jaasThread = null;
errorState = true;
} else {
jaasThread = new JAASLoginThread(this);
jaasThread.start();
}
} else {
runLogin();
}
} catch (IllegalThreadStateException ite) {
errorState = true;
} catch (Exception e) {
errorState = true;
}
if (errorState) {
loginStatus.setStatus(LoginStatus.AUTH_RESET);
loginState.setErrorCode(AMAuthErrorCode.AUTH_ERROR);
setErrorMsgAndTemplate();
internalAuthError = true;
if (MonitoringUtil.isRunning()) {
if (authImpl == null) {
authImpl = Agent.getAuthSvcMBean();
}
if (authImpl != null) {
authImpl.incSsoServerAuthenticationFailureCount();
}
}
throw new AuthLoginException(BUNDLE_NAME, AMAuthErrorCode.AUTH_ERROR, null);
}
debug.message("AMLoginContext:Thread started... returning.");
}
use of com.sun.identity.authentication.config.AMAuthenticationInstance in project OpenAM by OpenRock.
the class AuthPropertiesViewBean method populateInstanceTable.
private void populateInstanceTable() {
tablePopulated = true;
CCActionTableModel tableModel = (CCActionTableModel) propertySheetModel.getModel(AUTH_INSTANCE_TABLE);
tableModel.clearAll();
boolean firstEntry = true;
Map instanceMap = new HashMap();
AuthPropertiesModel model = (AuthPropertiesModelImpl) getModel();
Set tmp = model.getAuthInstances();
/*
* These instance were deleted in the previous request. This
* is needed because the getAuthInstances call may return the
* instances that were just deleted.
*/
Set removedInstances = (Set) removePageSessionAttribute(INSTANCES_REMOVED);
for (Iterator i = tmp.iterator(); i.hasNext(); ) {
AMAuthenticationInstance inst = (AMAuthenticationInstance) i.next();
String name = inst.getName();
if ((removedInstances == null) || (!removedInstances.contains(name))) {
instanceMap.put(name, inst);
}
}
/*
* get instance names from previous pass. Need to use an ordered set
* here to assure the same order is retained during the request cycle.
*/
OrderedSet instanceSet = (OrderedSet) removePageSessionAttribute(AUTH_INSTANCE_TABLE);
// no instances if this is the 1st pass, create it now
if (instanceSet == null) {
instanceSet = new OrderedSet();
instanceSet.addAll(instanceMap.keySet());
}
AMAuthenticationManager mgr = null;
try {
mgr = new AMAuthenticationManager(model.getUserSSOToken(), "/");
} catch (AMConfigurationException e) {
debug.warning("Could not create Authentication Manager. Using non-localized type names", e);
}
for (Iterator i = instanceSet.iterator(); i.hasNext(); ) {
String name = (String) i.next();
AMAuthenticationInstance instance = (AMAuthenticationInstance) instanceMap.get(name);
/*
* check if instance still exists. This can happen if user goes
* the the advanced core properties page and removes an auth type
* from the available auth instances list.
*/
if (instance != null) {
if (!firstEntry) {
tableModel.appendRow();
} else {
firstEntry = false;
}
String type = instance.getType();
if (model.hasAuthAttributes(type)) {
tableModel.setValue(NAME_COLUMN_DATA, name);
tableModel.setValue(ACTION_COLUMN_HREF, stringToHex(name));
tableModel.setValue(NAME_COLUMN_DATA_NO_HREF, "");
} else {
tableModel.setValue(NAME_COLUMN_DATA, "");
tableModel.setValue(ACTION_COLUMN_HREF, stringToHex(name));
tableModel.setValue(NAME_COLUMN_DATA_NO_HREF, name);
}
if (mgr != null) {
try {
type = model.getLocalizedServiceName(mgr.getAuthenticationSchema(type).getServiceName());
} catch (AMConfigurationException e) {
if (debug.warningEnabled()) {
debug.warning("Could not get schema for type " + type + ". Using non-localized name.", e);
}
}
}
tableModel.setValue(TYPE_COLUMN_DATA, type);
}
}
/*
* set the instances in the page session so when a request comes in
* we can prepopulate the table model.
*/
setPageSessionAttribute(AUTH_INSTANCE_TABLE, instanceSet);
}
use of com.sun.identity.authentication.config.AMAuthenticationInstance in project OpenAM by OpenRock.
the class AuthConfigViewBean method getInstanceNames.
/*
* Iterate through the list of known AuthInstances and get the
* instance name. Use those names to create a set, then sort that set
* of names.
*/
private List getInstanceNames() {
AuthPropertiesModel apm = getPropertiesModel();
Set tmp = apm.getAuthInstances();
Set instances = new HashSet(tmp.size() * 2);
for (Iterator i = tmp.iterator(); i.hasNext(); ) {
AMAuthenticationInstance inst = (AMAuthenticationInstance) i.next();
instances.add(inst.getName());
}
return AMFormatUtils.sortItems(instances, apm.getUserLocale());
}
use of com.sun.identity.authentication.config.AMAuthenticationInstance in project OpenAM by OpenRock.
the class PolicyModelImpl method getAuthenticationLevel.
/**
* Returns authentication level of an authentication instance.
*
* @param realmName Name of realm.
* @param name Authentication Instance name.
* @return authentication level of an authentication instance.
*/
public String getAuthenticationLevel(String realmName, String name) {
String level = "0";
try {
AMAuthenticationManager mgr = new AMAuthenticationManager(adminSSOToken, realmName);
AMAuthenticationInstance ai = mgr.getAuthenticationInstance(name);
Map map = ai.getAttributeValues();
String authType = ai.getType();
Set set = (Set) map.get(AMAuthConfigUtils.getAuthLevelAttribute(map, authType));
if ((set != null) && !set.isEmpty()) {
level = (String) set.iterator().next();
}
} catch (AMConfigurationException e) {
debug.warning("PolicyModelImpl.getInstanceValues", e);
}
return level;
}
Aggregations