Example 36 with AMAuthenticationManager
use of com.sun.identity.authentication.config.AMAuthenticationManager in project OpenAM by OpenRock.
the class ResourceEnvIPCondition method getAdviceMessagesforRedirectURL.
/**
* Returns advice messages for Authentication Redirect condition.
*/
private Set getAdviceMessagesforRedirectURL(String adviceValue, SSOToken token, Map env) throws PolicyException, SSOException {
Set adviceMessages = new HashSet();
Set requestAuthSchemes = null;
Set requestAuthSchemesIgnoreRealm = null;
boolean nullRealm = false;
boolean allow = false;
String orgName = "/";
if ((env != null) && (env.get(REQUEST_AUTH_SCHEMES) != null)) {
try {
Set<String> orgSet = (Set<String>) env.get(PolicyEvaluator.REALM_DN);
if (orgSet != null) {
orgName = orgSet.iterator().next();
}
requestAuthSchemes = (Set) env.get(REQUEST_AUTH_SCHEMES);
if (DEBUG.messageEnabled()) {
DEBUG.message("At ResourceEnvIPCondition." + "getAdviceMessagesforRedirectURL(): " + "requestAuthSchemes from env= " + requestAuthSchemes + " AND orgName from env= " + orgName);
}
} catch (ClassCastException e) {
String[] args = { REQUEST_AUTH_SCHEMES };
throw new PolicyException(ResBundleUtils.rbName, "property_is_not_a_Set", args, e);
}
} else {
if (token != null) {
orgName = token.getProperty(ISAuthConstants.ORGANIZATION);
requestAuthSchemes = AMAuthUtils.getRealmQualifiedAuthenticatedSchemes(token);
requestAuthSchemesIgnoreRealm = AMAuthUtils.getAuthenticatedSchemes(token);
if (DEBUG.messageEnabled()) {
DEBUG.message("At ResourceEnvIPCondition." + "getAdviceMessagesforRedirectURL(): " + "orgName from ssoToken= " + orgName);
DEBUG.message("At ResourceEnvIPCondition." + "getAdviceMessagesforRedirectURL(): " + "requestAuthSchemes from ssoToken= " + requestAuthSchemes);
DEBUG.message("At ResourceEnvIPCondition." + "getAdviceMessagesforRedirectURL(): " + "requestAuthSchemesIgnoreRealm from ssoToken= " + requestAuthSchemesIgnoreRealm);
}
}
}
if (requestAuthSchemes == null) {
requestAuthSchemes = Collections.EMPTY_SET;
}
if (requestAuthSchemesIgnoreRealm == null) {
requestAuthSchemesIgnoreRealm = Collections.EMPTY_SET;
}
String schemeInstance = null;
String authSchemeType = null;
try {
SSOToken adminToken = (SSOToken) AccessController.doPrivileged(AdminTokenAction.getInstance());
for (Iterator iter = requestAuthSchemes.iterator(); iter.hasNext(); ) {
String requestAuthnScheme = (String) iter.next();
schemeInstance = AMAuthUtils.getDataFromRealmQualifiedData(requestAuthnScheme);
String realm = AMAuthUtils.getRealmFromRealmQualifiedData(requestAuthnScheme);
if ((realm == null) || (realm.length() == 0)) {
nullRealm = true;
break;
} else {
AMAuthenticationManager authManager = new AMAuthenticationManager(adminToken, orgName);
AMAuthenticationInstance authInstance = authManager.getAuthenticationInstance(schemeInstance);
authSchemeType = authInstance.getType();
if ("Federation".equals(authSchemeType)) {
allow = true;
break;
}
}
}
if (nullRealm) {
for (Iterator iter = requestAuthSchemesIgnoreRealm.iterator(); iter.hasNext(); ) {
schemeInstance = (String) iter.next();
AMAuthenticationManager authManager = new AMAuthenticationManager(adminToken, orgName);
AMAuthenticationInstance authInstance = authManager.getAuthenticationInstance(schemeInstance);
authSchemeType = authInstance.getType();
if ("Federation".equals(authSchemeType)) {
allow = true;
break;
}
}
}
} catch (AMConfigurationException ace) {
if (DEBUG.warningEnabled()) {
DEBUG.warning("ResourceEnvIPCondition." + "getAdviceMessagesforRedirectURL():" + "got AMConfigurationException:" + "schemeInstance=" + schemeInstance + ", authSchemeType = " + authSchemeType);
}
Object[] args = { schemeInstance };
throw new PolicyException(ResBundleUtils.rbName, "auth_scheme_not_found", args, ace);
}
if (!allow) {
adviceMessages.add(adviceValue);
}
if (DEBUG.messageEnabled()) {
DEBUG.message("At ResourceEnvIPCondition." + "getAdviceMessagesforRedirectURL():" + "redirectURL=" + adviceValue + "schemeInstance=" + schemeInstance + ",authSchemeType=" + authSchemeType + ",adviceMessages=" + adviceMessages);
}
return adviceMessages;
}
Also used :
HashSet(java.util.HashSet)
Set(java.util.Set)
SSOToken(com.iplanet.sso.SSOToken)
PolicyException(com.sun.identity.policy.PolicyException)
Iterator(java.util.Iterator)
AMConfigurationException(com.sun.identity.authentication.config.AMConfigurationException)
AMAuthenticationInstance(com.sun.identity.authentication.config.AMAuthenticationInstance)
HashSet(java.util.HashSet)
AMAuthenticationManager(com.sun.identity.authentication.config.AMAuthenticationManager)
Example 37 with AMAuthenticationManager
use of com.sun.identity.authentication.config.AMAuthenticationManager in project OpenAM by OpenRock.
the class ResourceEnvIPCondition method getAdviceMessagesforRedirectURL.
/**
* Returns advice messages for Authentication Redirect condition.
*/
private Set<String> getAdviceMessagesforRedirectURL(String adviceValue, SSOToken token, Map env) throws EntitlementException, SSOException {
if (debug.messageEnabled()) {
localDebugName = debugName + ".getAdviceMessagesforRedirectURL(): ";
}
Set<String> adviceMessages = new HashSet<String>();
Set requestAuthSchemes = null;
Set requestAuthSchemesIgnoreRealm = null;
boolean nullRealm = false;
boolean allow = false;
String orgName = "/";
if ((env != null) && (env.get(REQUEST_AUTH_SCHEMES) != null)) {
try {
orgName = CollectionHelper.getMapAttr(env, PolicyEvaluator.REALM_DN, orgName);
requestAuthSchemes = (Set) env.get(REQUEST_AUTH_SCHEMES);
if (debug.messageEnabled()) {
debug.message(localDebugName + "requestAuthSchemes from env= " + requestAuthSchemes + " AND " + "orgName from env= " + orgName);
}
} catch (ClassCastException e) {
throw new EntitlementException(PROPERTY_IS_NOT_A_SET, new String[] { REQUEST_AUTH_SCHEMES }, e);
}
} else {
if (token != null) {
orgName = token.getProperty(ISAuthConstants.ORGANIZATION);
requestAuthSchemes = AMAuthUtils.getRealmQualifiedAuthenticatedSchemes(token);
requestAuthSchemesIgnoreRealm = AMAuthUtils.getAuthenticatedSchemes(token);
if (debug.messageEnabled()) {
debug.message(localDebugName + "orgName " + "from ssoToken= " + orgName);
debug.message(localDebugName + "requestAuthSchemes from ssoToken= " + requestAuthSchemes);
debug.message(localDebugName + "requestAuthSchemesIgnoreRealm from ssoToken= " + requestAuthSchemesIgnoreRealm);
}
}
}
if (requestAuthSchemes == null) {
requestAuthSchemes = Collections.EMPTY_SET;
}
if (requestAuthSchemesIgnoreRealm == null) {
requestAuthSchemesIgnoreRealm = Collections.EMPTY_SET;
}
String schemeInstance = null;
String authSchemeType = null;
try {
SSOToken adminToken = AccessController.doPrivileged(AdminTokenAction.getInstance());
for (Iterator iter = requestAuthSchemes.iterator(); iter.hasNext(); ) {
String requestAuthnScheme = (String) iter.next();
schemeInstance = AMAuthUtils.getDataFromRealmQualifiedData(requestAuthnScheme);
String realm = AMAuthUtils.getRealmFromRealmQualifiedData(requestAuthnScheme);
if ((realm == null) || (realm.length() == 0)) {
nullRealm = true;
break;
} else {
AMAuthenticationManager authManager = new AMAuthenticationManager(adminToken, orgName);
AMAuthenticationInstance authInstance = authManager.getAuthenticationInstance(schemeInstance);
authSchemeType = authInstance.getType();
if ("Federation".equals(authSchemeType)) {
allow = true;
break;
}
}
}
if (nullRealm) {
for (Iterator iter = requestAuthSchemesIgnoreRealm.iterator(); iter.hasNext(); ) {
schemeInstance = (String) iter.next();
AMAuthenticationManager authManager = new AMAuthenticationManager(adminToken, orgName);
AMAuthenticationInstance authInstance = authManager.getAuthenticationInstance(schemeInstance);
authSchemeType = authInstance.getType();
if ("Federation".equals(authSchemeType)) {
allow = true;
break;
}
}
}
} catch (AMConfigurationException ace) {
if (debug.warningEnabled()) {
debug.warning(localDebugName + "got AMConfigurationException: schemeInstance=" + schemeInstance + ", " + "authSchemeType = " + authSchemeType);
}
throw new EntitlementException(AUTH_SCHEME_NOT_FOUND, new String[] { schemeInstance }, ace);
}
if (!allow) {
adviceMessages.add(adviceValue);
}
if (debug.messageEnabled()) {
debug.message(localDebugName + "redirectURL=" + adviceValue + "schemeInstance=" + schemeInstance + "," + "authSchemeType=" + authSchemeType + ",adviceMessages=" + adviceMessages);
}
return adviceMessages;
}
Also used :
EntitlementException(com.sun.identity.entitlement.EntitlementException)
Set(java.util.Set)
HashSet(java.util.HashSet)
SSOToken(com.iplanet.sso.SSOToken)
Iterator(java.util.Iterator)
AMConfigurationException(com.sun.identity.authentication.config.AMConfigurationException)
AMAuthenticationInstance(com.sun.identity.authentication.config.AMAuthenticationInstance)
HashSet(java.util.HashSet)
AMAuthenticationManager(com.sun.identity.authentication.config.AMAuthenticationManager)
Example 38 with AMAuthenticationManager
use of com.sun.identity.authentication.config.AMAuthenticationManager in project OpenAM by OpenRock.
the class HTTPBasic method init.
public void init(Subject subject, Map sharedState, Map options) {
java.util.Locale locale = getLoginLocale();
bundle = amCache.getResBundle(amAuthHTTPBasic, locale);
if (debug.messageEnabled()) {
debug.message("HttpBasicAuth resbundle locale=" + locale);
}
this.options = options;
instanceName = CollectionHelper.getMapAttr(options, MODCONFIG);
String authLevel = CollectionHelper.getMapAttr(options, AUTHLEVEL);
if (authLevel != null) {
try {
setAuthLevel(Integer.parseInt(authLevel));
} catch (Exception e) {
debug.error("Unable to set auth level " + authLevel, e);
}
}
try {
SSOToken adminToken = (SSOToken) AccessController.doPrivileged(AdminTokenAction.getInstance());
AMAuthenticationManager amAM = new AMAuthenticationManager(adminToken, getRequestOrg());
AMAuthenticationInstance amInstance = amAM.getAuthenticationInstance(instanceName);
currentConfig = amInstance.getAttributeValues();
String moduleType = amInstance.getType();
String moduleClassName = AuthD.getAuth().getAuthenticatorForName(moduleType);
Class moduleClass = Class.forName(moduleClassName);
amLoginModule = (AMLoginModule) moduleClass.newInstance();
CallbackHandler handler = getCallbackHandler();
amLoginModule.initialize(subject, handler, sharedState, currentConfig);
} catch (Exception exp) {
debug.error("Could not initialize the module instance" + instanceName, exp);
}
}
Also used :
CallbackHandler(javax.security.auth.callback.CallbackHandler)
SSOToken(com.iplanet.sso.SSOToken)
AMAuthenticationInstance(com.sun.identity.authentication.config.AMAuthenticationInstance)
LoginException(javax.security.auth.login.LoginException)
IOException(java.io.IOException)
AuthLoginException(com.sun.identity.authentication.spi.AuthLoginException)
InvalidPasswordException(com.sun.identity.authentication.spi.InvalidPasswordException)
AMAuthenticationManager(com.sun.identity.authentication.config.AMAuthenticationManager)
Example 39 with AMAuthenticationManager
use of com.sun.identity.authentication.config.AMAuthenticationManager in project OpenAM by OpenRock.
the class AddAuthConfigurationEntry method getInstanceNames.
private Set getInstanceNames(String realm, SSOToken adminSSOToken) throws AMConfigurationException {
Set names = new HashSet();
AMAuthenticationManager mgr = new AMAuthenticationManager(adminSSOToken, realm);
Set instances = mgr.getAuthenticationInstances();
for (Iterator i = instances.iterator(); i.hasNext(); ) {
AMAuthenticationInstance instance = (AMAuthenticationInstance) i.next();
names.add(instance.getName());
}
return names;
}
Also used :
Set(java.util.Set)
HashSet(java.util.HashSet)
Iterator(java.util.Iterator)
AMAuthenticationInstance(com.sun.identity.authentication.config.AMAuthenticationInstance)
HashSet(java.util.HashSet)
AMAuthenticationManager(com.sun.identity.authentication.config.AMAuthenticationManager)
Example 40 with AMAuthenticationManager
use of com.sun.identity.authentication.config.AMAuthenticationManager in project OpenAM by OpenRock.
the class GetSupportedAuthModules method handleRequest.
/**
* Services a Commandline Request.
*
* @param rc Request Context.
* @throws CLIException if the request cannot serviced.
*/
public void handleRequest(RequestContext rc) throws CLIException {
super.handleRequest(rc);
ldapLogin();
SSOToken adminSSOToken = getAdminSSOToken();
IOutput outputWriter = getOutputWriter();
String[] params = {};
writeLog(LogWriter.LOG_ACCESS, Level.INFO, "ATTEMPT_GET_SUPPORTED_AUTH_MODULES", params);
try {
AMAuthenticationManager mgr = new AMAuthenticationManager(adminSSOToken, "/");
Set types = mgr.getAuthenticationTypes();
if ((types != null) && !types.isEmpty()) {
Set sorted = new TreeSet();
sorted.addAll(types);
for (Iterator iter = sorted.iterator(); iter.hasNext(); ) {
String type = (String) iter.next();
outputWriter.printlnMessage(type);
}
} else {
outputWriter.printlnMessage(getResourceString("get-supported-no-supported-authtype"));
}
writeLog(LogWriter.LOG_ACCESS, Level.INFO, "SUCCEED_GET_SUPPORTED_AUTH_MODULES", params);
} catch (AMConfigurationException e) {
String[] args = { e.getMessage() };
debugError("GetSupportedAuthModules.handleRequest", e);
writeLog(LogWriter.LOG_ERROR, Level.INFO, "FAILED_GET_SUPPORTED_AUTH_MODULES", args);
throw new CLIException(e, ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
}
}
Also used :
SSOToken(com.iplanet.sso.SSOToken)
Set(java.util.Set)
TreeSet(java.util.TreeSet)
IOutput(com.sun.identity.cli.IOutput)
TreeSet(java.util.TreeSet)
Iterator(java.util.Iterator)
AMConfigurationException(com.sun.identity.authentication.config.AMConfigurationException)
CLIException(com.sun.identity.cli.CLIException)
AMAuthenticationManager(com.sun.identity.authentication.config.AMAuthenticationManager)
Aggregations
AMAuthenticationManager (com.sun.identity.authentication.config.AMAuthenticationManager)43
AMConfigurationException (com.sun.identity.authentication.config.AMConfigurationException)35
Set (java.util.Set)28
AMAuthenticationInstance (com.sun.identity.authentication.config.AMAuthenticationInstance)22
HashSet (java.util.HashSet)18
Iterator (java.util.Iterator)16
SSOToken (com.iplanet.sso.SSOToken)15
SSOException (com.iplanet.sso.SSOException)10
HashMap (java.util.HashMap)10
SMSException (com.sun.identity.sm.SMSException)9
Map (java.util.Map)8
AMAuthenticationSchema (com.sun.identity.authentication.config.AMAuthenticationSchema)7
CLIException (com.sun.identity.cli.CLIException)7
AMConsoleException (com.sun.identity.console.base.model.AMConsoleException)7
OrganizationConfigManager (com.sun.identity.sm.OrganizationConfigManager)3
ServiceConfig (com.sun.identity.sm.ServiceConfig)3
ServiceSchemaManager (com.sun.identity.sm.ServiceSchemaManager)3
AMException (com.iplanet.am.sdk.AMException)2
SessionException (com.iplanet.dpro.session.SessionException)2
AuthLoginException (com.sun.identity.authentication.spi.AuthLoginException)2
