Example 1 with SAMLToken
use of org.forgerock.openam.cts.api.tokens.SAMLToken in project OpenAM by OpenRock.
the class SAML2CTSPersistentStore method retrieveSAML2TokensWithSecondaryKey.
/**
*{@inheritDoc}
*/
@Override
public List<Object> retrieveSAML2TokensWithSecondaryKey(String secondaryKey) throws SAML2TokenRepositoryException {
secondaryKey = tokenIdFactory.toSAMLSecondaryTokenId(secondaryKey);
try {
TokenFilter filter = new TokenFilterBuilder().withAttribute(SAMLTokenField.SECONDARY_KEY.getField(), secondaryKey).build();
Collection<Token> tokens = persistentStore.query(filter);
List<Object> results = new ArrayList<Object>(tokens.size());
for (Token token : tokens) {
SAMLToken samlToken = tokenAdapter.fromToken(token);
results.add(samlToken.getToken());
}
return results;
} catch (CoreTokenException e) {
debug.error("SAML2CTSPersistentStore.retrieveSAML2TokensWithSecondaryKey(): failed to retrieve SAML2 " + "tokens using secondary key:" + secondaryKey, e);
throw new SAML2TokenRepositoryException(e.getMessage(), e);
}
}
Also used :
ArrayList(java.util.ArrayList)
CoreTokenException(org.forgerock.openam.cts.exceptions.CoreTokenException)
TokenFilterBuilder(org.forgerock.openam.cts.api.filter.TokenFilterBuilder)
SAMLToken(org.forgerock.openam.cts.api.tokens.SAMLToken)
Token(org.forgerock.openam.cts.api.tokens.Token)
SAML2TokenRepositoryException(org.forgerock.openam.federation.saml2.SAML2TokenRepositoryException)
SAMLToken(org.forgerock.openam.cts.api.tokens.SAMLToken)
TokenFilter(org.forgerock.openam.cts.api.filter.TokenFilter)
Example 2 with SAMLToken
use of org.forgerock.openam.cts.api.tokens.SAMLToken in project OpenAM by OpenRock.
the class SAMLAdapter method toToken.
/**
* Convert the SAMLToken to a Token.
*
*
* This conversion performs the additional mapping needed when dealing with SAMLTokens.
*
* @param samlToken Non null.
* @return Non null Token.
*/
public Token toToken(SAMLToken samlToken) {
String tokenId = tokenIdFactory.toSAMLPrimaryTokenId(samlToken.getPrimaryKey());
Token token = new Token(tokenId, TokenType.SAML2);
// Expiry Date
Calendar timestamp = TimeUtils.fromUnixTime(samlToken.getExpiryTime());
token.setExpiryTimestamp(timestamp);
// Persist the SAML token class, because there is no obvious hierarchy to the SAML tokens.
String className = samlToken.getToken().getClass().getName();
token.setAttribute(SAMLTokenField.OBJECT_CLASS.getField(), className);
// Persist the SAML secondary key because it can be queried over.
String secondaryKey = samlToken.getSecondaryKey();
if (secondaryKey != null) {
secondaryKey = tokenIdFactory.toSAMLSecondaryTokenId(secondaryKey);
token.setAttribute(SAMLTokenField.SECONDARY_KEY.getField(), secondaryKey);
}
// Binary data
String jsonBlob = serialisation.serialise(samlToken.getToken());
blobUtils.setBlobFromString(token, jsonBlob);
return token;
}Example 3 with SAMLToken
use of org.forgerock.openam.cts.api.tokens.SAMLToken in project OpenAM by OpenRock.
the class SAMLAdapter method fromToken.
/**
* Convert from a Token using deserialsied JSON blob to rebuild the SAMLToken.
*
* @param token Token to be converted back to its original format.
* @return Non null SAMLToken.
*/
public SAMLToken fromToken(Token token) {
// Use the persisted field to work out the type of class that was persisted.
String className = token.getValue(SAMLTokenField.OBJECT_CLASS.getField());
Class<?> c;
try {
c = Class.forName(className);
} catch (ClassNotFoundException e) {
String message = MessageFormat.format(CoreTokenConstants.DEBUG_HEADER + "Could not deserialise SAML Token because class not found:\n" + "Class Name: {0}\n" + "Token: {1}", className, token);
throw new IllegalStateException(message, e);
}
// Binary Data
String jsonBlob = blobUtils.getBlobAsString(token);
Object blob = serialisation.deserialise(jsonBlob, c);
// Expiry Date
long expiryTime = TimeUtils.toUnixTime(token.getExpiryTimestamp());
// Secondary Key
String secondaryKey = token.getValue(SAMLTokenField.SECONDARY_KEY.getField());
String primaryKey = tokenIdFactory.fromSAMLPrimaryTokenId(token.getTokenId());
if (secondaryKey != null && !secondaryKey.isEmpty()) {
secondaryKey = tokenIdFactory.fromSAMLSecondaryTokenId(secondaryKey);
}
SAMLToken samlToken = new SAMLToken(primaryKey, secondaryKey, expiryTime, blob);
return samlToken;
}
Also used :
SAMLToken(org.forgerock.openam.cts.api.tokens.SAMLToken)
Example 4 with SAMLToken
use of org.forgerock.openam.cts.api.tokens.SAMLToken in project OpenAM by OpenRock.
the class SAMLAdapterTest method shouldNotStoreSecondaryKeyIfNull.
@Test
public void shouldNotStoreSecondaryKeyIfNull() {
// Given
SAMLToken samlToken = new SAMLToken("primary", null, 12345, "");
given(tokenIdFactory.toSAMLPrimaryTokenId(anyString())).willReturn("id");
given(serialisation.serialise(anyObject())).willReturn("");
// When
Token token = adapter.toToken(samlToken);
// Then
assertThat(token.<String>getValue(SAMLTokenField.SECONDARY_KEY.getField())).isNull();
}Example 5 with SAMLToken
use of org.forgerock.openam.cts.api.tokens.SAMLToken in project OpenAM by OpenRock.
the class CoreGuiceModule method configure.
@Override
protected void configure() {
bind(new AdminTokenType()).toProvider(new AdminTokenProvider()).in(Singleton.class);
bind(ServiceManagementDAO.class).to(ServiceManagementDAOWrapper.class).in(Singleton.class);
bind(DNWrapper.class).in(Singleton.class);
bind(URLValidator.class).toInstance(URLValidator.getInstance());
bind(new TypeLiteral<TokenAdapter<JsonValue>>() {
}).annotatedWith(Names.named(OAuth2Constants.CoreTokenParams.OAUTH_TOKEN_ADAPTER)).to(OAuthAdapter.class);
bind(DSConfigMgr.class).toProvider(new Provider<DSConfigMgr>() {
public DSConfigMgr get() {
try {
return DSConfigMgr.getDSConfigMgr();
} catch (LDAPServiceException e) {
throw new IllegalStateException(e);
}
}
}).in(Singleton.class);
bind(SSOTokenManager.class).toProvider(new Provider<SSOTokenManager>() {
public SSOTokenManager get() {
try {
return SSOTokenManager.getInstance();
} catch (SSOException e) {
throw new IllegalStateException(e);
}
}
}).in(Singleton.class);
/**
* Core Token Service bindings are divided into a number of logical groups.
*/
// CTS General
bind(CTSPersistentStore.class).to(CTSPersistentStoreImpl.class);
bind(Debug.class).annotatedWith(Names.named(CoreTokenConstants.CTS_DEBUG)).toInstance(Debug.getInstance(CoreTokenConstants.CTS_DEBUG));
bind(Debug.class).annotatedWith(Names.named(CoreTokenConstants.CTS_REAPER_DEBUG)).toInstance(Debug.getInstance(CoreTokenConstants.CTS_REAPER_DEBUG));
bind(Debug.class).annotatedWith(Names.named(CoreTokenConstants.CTS_ASYNC_DEBUG)).toInstance(Debug.getInstance(CoreTokenConstants.CTS_ASYNC_DEBUG));
bind(Debug.class).annotatedWith(Names.named(CoreTokenConstants.CTS_MONITOR_DEBUG)).toInstance(Debug.getInstance(CoreTokenConstants.CTS_MONITOR_DEBUG));
bind(Debug.class).annotatedWith(Names.named(DataLayerConstants.DATA_LAYER_DEBUG)).toInstance(Debug.getInstance(DataLayerConstants.DATA_LAYER_DEBUG));
bind(Debug.class).annotatedWith(Names.named("amSMS")).toInstance(Debug.getInstance("amSMS"));
bind(Debug.class).annotatedWith(Names.named(PolicyMonitor.POLICY_MONITOR_DEBUG)).toInstance(Debug.getInstance(PolicyMonitor.POLICY_MONITOR_DEBUG));
bind(Debug.class).annotatedWith(Names.named(OAuth2Constants.DEBUG_LOG_NAME)).toInstance(Debug.getInstance(OAuth2Constants.DEBUG_LOG_NAME));
bind(CoreTokenConstants.class).in(Singleton.class);
bind(CoreTokenConfig.class).in(Singleton.class);
// CTS Connection Management
bind(String.class).annotatedWith(Names.named(DataLayerConstants.ROOT_DN_SUFFIX)).toProvider(new Provider<String>() {
public String get() {
return SMSEntry.getRootSuffix();
}
}).in(Singleton.class);
bind(ConfigurationObserver.class).toProvider(new Provider<ConfigurationObserver>() {
public ConfigurationObserver get() {
return ConfigurationObserver.getInstance();
}
}).in(Singleton.class);
// CTS Monitoring
bind(CTSOperationsMonitoringStore.class).to(CTSMonitoringStoreImpl.class);
bind(CTSReaperMonitoringStore.class).to(CTSMonitoringStoreImpl.class);
bind(CTSConnectionMonitoringStore.class).to(CTSMonitoringStoreImpl.class);
// Enable monitoring of all CTS operations
bind(ResultHandlerFactory.class).to(MonitoredResultHandlerFactory.class);
// CTS Reaper configuration
bind(ReaperQuery.class).to(ReaperConnection.class);
// Policy Monitoring
bind(PolicyMonitor.class).to(PolicyMonitorImpl.class);
// SAML2 token repository dependencies
bind(new TypeLiteral<TokenAdapter<SAMLToken>>() {
}).to(SAMLAdapter.class);
/**
* Session related dependencies.
*/
bind(SessionOperationStrategy.class).to(ServerSessionOperationStrategy.class);
// TODO: Investigate whether or not this lazy-loading "Config<SessionService>" wrapper is still needed
bind(new TypeLiteral<Config<SessionService>>() {
}).toInstance(new Config<SessionService>() {
@Override
public boolean isReady() {
return true;
}
@Override
public SessionService get() {
return InjectorHolder.getInstance(SessionService.class);
}
});
bind(Debug.class).annotatedWith(Names.named(SessionConstants.SESSION_DEBUG)).toInstance(Debug.getInstance(SessionConstants.SESSION_DEBUG));
bind(new TypeLiteral<Function<String, String, NeverThrowsException>>() {
}).annotatedWith(Names.named("tagSwapFunc")).toInstance(new Function<String, String, NeverThrowsException>() {
@Override
public String apply(String text) {
return ServicesDefaultValues.tagSwap(text, true);
}
});
install(new FactoryModuleBuilder().implement(AMIdentityRepository.class, AMIdentityRepository.class).build(AMIdentityRepositoryFactory.class));
install(new FactoryModuleBuilder().implement(SMSAuditor.class, SMSAuditor.class).build(ConfigAuditorFactory.class));
Multibinder.newSetBinder(binder(), SMSAuditFilter.class);
Multibinder.newSetBinder(binder(), IdRepoCreationListener.class);
bind(Stats.class).annotatedWith(Names.named(SessionConstants.STATS_MASTER_TABLE)).toInstance(Stats.getInstance(SessionConstants.STATS_MASTER_TABLE));
bind(SessionCache.class).toInstance(SessionCache.getInstance());
bind(SessionPollerPool.class).toInstance(SessionPollerPool.getInstance());
/*
* Must use a provider to ensure initialisation happens after SystemProperties have been set.
*/
bind(SessionCookies.class).toProvider(new Provider<SessionCookies>() {
@Override
public SessionCookies get() {
return SessionCookies.getInstance();
}
});
/*
* Must use a provider to ensure initialisation happens after SystemProperties have been set.
*/
bind(SessionURL.class).toProvider(new Provider<SessionURL>() {
@Override
public SessionURL get() {
return SessionURL.getInstance();
}
});
bind(SessionServiceURLService.class).toInstance(SessionServiceURLService.getInstance());
bind(ConsoleConfigHandler.class).to(ConsoleConfigHandlerImpl.class);
}
Also used :
ServiceManagementDAOWrapper(com.sun.identity.sm.ServiceManagementDAOWrapper)
FactoryModuleBuilder(com.google.inject.assistedinject.FactoryModuleBuilder)
SessionURL(org.forgerock.openam.session.SessionURL)
SSOException(com.iplanet.sso.SSOException)
PolicyMonitor(org.forgerock.openam.entitlement.monitoring.PolicyMonitor)
CTSOperationsMonitoringStore(org.forgerock.openam.cts.monitoring.CTSOperationsMonitoringStore)
CTSPersistentStore(org.forgerock.openam.cts.CTSPersistentStore)
Function(org.forgerock.util.Function)
SessionCookies(org.forgerock.openam.session.SessionCookies)
TypeLiteral(com.google.inject.TypeLiteral)
URLValidator(com.sun.identity.shared.validation.URLValidator)
ConfigAuditorFactory(com.sun.identity.sm.ldap.ConfigAuditorFactory)
LDAPServiceException(com.iplanet.services.ldap.LDAPServiceException)
CTSConnectionMonitoringStore(org.forgerock.openam.cts.monitoring.CTSConnectionMonitoringStore)
ServerSessionOperationStrategy(com.iplanet.dpro.session.operations.ServerSessionOperationStrategy)
SessionOperationStrategy(com.iplanet.dpro.session.operations.SessionOperationStrategy)
SessionPollerPool(org.forgerock.openam.session.SessionPollerPool)
CTSReaperMonitoringStore(org.forgerock.openam.cts.monitoring.CTSReaperMonitoringStore)
ConsoleConfigHandler(org.forgerock.openam.sm.config.ConsoleConfigHandler)
AMIdentityRepositoryFactory(org.forgerock.openam.identity.idm.AMIdentityRepositoryFactory)
SAMLToken(org.forgerock.openam.cts.api.tokens.SAMLToken)
SessionServiceURLService(org.forgerock.openam.session.SessionServiceURLService)
Provider(com.google.inject.Provider)
ReaperQuery(org.forgerock.openam.cts.impl.query.reaper.ReaperQuery)
CoreTokenConfig(org.forgerock.openam.cts.CoreTokenConfig)
NeverThrowsException(org.forgerock.util.promise.NeverThrowsException)
SessionService(com.iplanet.dpro.session.service.SessionService)
CoreTokenConstants(org.forgerock.openam.cts.api.CoreTokenConstants)
TokenAdapter(org.forgerock.openam.cts.adapters.TokenAdapter)
MonitoredResultHandlerFactory(org.forgerock.openam.cts.monitoring.impl.queue.MonitoredResultHandlerFactory)
ResultHandlerFactory(org.forgerock.openam.cts.impl.queue.ResultHandlerFactory)
SessionCache(org.forgerock.openam.session.SessionCache)
Aggregations
SAMLToken (org.forgerock.openam.cts.api.tokens.SAMLToken)6
Token (org.forgerock.openam.cts.api.tokens.Token)4
CoreTokenException (org.forgerock.openam.cts.exceptions.CoreTokenException)2
SAML2TokenRepositoryException (org.forgerock.openam.federation.saml2.SAML2TokenRepositoryException)2
Provider (com.google.inject.Provider)1
TypeLiteral (com.google.inject.TypeLiteral)1
FactoryModuleBuilder (com.google.inject.assistedinject.FactoryModuleBuilder)1
ServerSessionOperationStrategy (com.iplanet.dpro.session.operations.ServerSessionOperationStrategy)1
SessionOperationStrategy (com.iplanet.dpro.session.operations.SessionOperationStrategy)1
SessionService (com.iplanet.dpro.session.service.SessionService)1
LDAPServiceException (com.iplanet.services.ldap.LDAPServiceException)1
SSOException (com.iplanet.sso.SSOException)1
URLValidator (com.sun.identity.shared.validation.URLValidator)1
ServiceManagementDAOWrapper (com.sun.identity.sm.ServiceManagementDAOWrapper)1
ConfigAuditorFactory (com.sun.identity.sm.ldap.ConfigAuditorFactory)1
ArrayList (java.util.ArrayList)1
Calendar (java.util.Calendar)1
CTSPersistentStore (org.forgerock.openam.cts.CTSPersistentStore)1
CoreTokenConfig (org.forgerock.openam.cts.CoreTokenConfig)1
TokenAdapter (org.forgerock.openam.cts.adapters.TokenAdapter)1
