Example 11 with Duration
use of org.forgerock.util.time.Duration in project OpenAM by OpenRock.
the class LDAPGroups method initialize.
/**
* Initialize the LDAPGroup object by using the configuration
* information passed by the Policy Framework.
* @param configParams the configuration information
* @exception PolicyException if an error occured during
* initialization of the instance
*/
public void initialize(Map configParams) throws PolicyException {
if (configParams == null) {
throw (new PolicyException(ResBundleUtils.rbName, "ldapgroups_initialization_failed", null, null));
}
String configuredLdapServer = (String) configParams.get(PolicyConfig.LDAP_SERVER);
if (configuredLdapServer == null) {
debug.error("LDAPGroups.initialize(): failed to get LDAP " + "server name. If you enter more than one server name " + "in the policy config service's Primary LDAP Server " + "field, please make sure the ldap server name is preceded " + "with the local server name.");
throw (new PolicyException(ResBundleUtils.rbName, "invalid_ldap_server_host", null, null));
}
ldapServer = configuredLdapServer.toLowerCase();
localDS = PolicyUtils.isLocalDS(ldapServer);
aliasEnabled = Boolean.valueOf((String) configParams.get(PolicyConfig.USER_ALIAS_ENABLED)).booleanValue();
authid = (String) configParams.get(PolicyConfig.LDAP_BIND_DN);
authpw = (String) configParams.get(PolicyConfig.LDAP_BIND_PASSWORD);
if (authpw != null) {
authpw = PolicyUtils.decrypt(authpw);
}
baseDN = (String) configParams.get(PolicyConfig.LDAP_BASE_DN);
groupSearchFilter = (String) configParams.get(PolicyConfig.LDAP_GROUP_SEARCH_FILTER);
String scope = (String) configParams.get(PolicyConfig.LDAP_GROUP_SEARCH_SCOPE);
if (scope.equalsIgnoreCase(LDAP_SCOPE_BASE)) {
groupSearchScope = SearchScope.BASE_OBJECT;
} else if (scope.equalsIgnoreCase(LDAP_SCOPE_ONE)) {
groupSearchScope = SearchScope.SINGLE_LEVEL;
} else {
groupSearchScope = SearchScope.WHOLE_SUBTREE;
}
groupRDNAttrName = (String) configParams.get(PolicyConfig.LDAP_GROUP_SEARCH_ATTRIBUTE);
userSearchFilter = (String) configParams.get(PolicyConfig.LDAP_USERS_SEARCH_FILTER);
scope = (String) configParams.get(PolicyConfig.LDAP_USERS_SEARCH_SCOPE);
userSearchScope = LDAPUtils.getSearchScope(scope, SearchScope.WHOLE_SUBTREE);
userRDNAttrName = (String) configParams.get(PolicyConfig.LDAP_USER_SEARCH_ATTRIBUTE);
try {
timeLimit = Integer.parseInt((String) configParams.get(PolicyConfig.LDAP_SEARCH_TIME_OUT));
maxResults = Integer.parseInt((String) configParams.get(PolicyConfig.LDAP_SEARCH_LIMIT));
minPoolSize = Integer.parseInt((String) configParams.get(PolicyConfig.LDAP_CONNECTION_POOL_MIN_SIZE));
maxPoolSize = Integer.parseInt((String) configParams.get(PolicyConfig.LDAP_CONNECTION_POOL_MAX_SIZE));
} catch (NumberFormatException nfe) {
throw (new PolicyException(nfe));
}
String ssl = (String) configParams.get(PolicyConfig.LDAP_SSL_ENABLED);
if (ssl.equalsIgnoreCase("true")) {
sslEnabled = true;
} else {
sslEnabled = false;
}
// get the organization name
Set orgNameSet = (Set) configParams.get(PolicyManager.ORGANIZATION_NAME);
if ((orgNameSet != null) && (!orgNameSet.isEmpty())) {
Iterator items = orgNameSet.iterator();
orgName = (String) items.next();
}
if (debug.messageEnabled()) {
debug.message("LDAPGroups.initialize(): getting params" + "\nldapServer: " + ldapServer + "\nauthid: " + authid + "\nbaseDN: " + baseDN + "\ngroupSearchFilter: " + groupSearchFilter + "\ngroupRDNAttrName: " + groupRDNAttrName + "\nuserSearchFilter: " + userSearchFilter + "\nuserRDNAttrName: " + userRDNAttrName + "\ntimeLimit: " + timeLimit + "\nmaxResults: " + maxResults + "\nminPoolSize: " + minPoolSize + "\nmaxPoolSize: " + maxPoolSize + "\nSSLEnabled: " + sslEnabled + "\nOrgName: " + orgName);
}
// initialize the connection pool for the ldap server
Options options = Options.defaultOptions().set(REQUEST_TIMEOUT, new Duration((long) timeLimit, TimeUnit.SECONDS));
LDAPConnectionPools.initConnectionPool(ldapServer, authid, authpw, sslEnabled, minPoolSize, maxPoolSize, options);
connPool = LDAPConnectionPools.getConnectionPool(ldapServer);
initialized = true;
}
Also used :
Options(org.forgerock.util.Options)
HashSet(java.util.HashSet)
Set(java.util.Set)
PolicyException(com.sun.identity.policy.PolicyException)
Iterator(java.util.Iterator)
Duration(org.forgerock.util.time.Duration)
ByteString(org.forgerock.opendj.ldap.ByteString)
Example 12 with Duration
use of org.forgerock.util.time.Duration in project OpenAM by OpenRock.
the class LDAPFilterCondition method setPolicyConfig.
/**
* Sets the policy configuration parameters used by this condition.
*/
private synchronized void setPolicyConfig(Map configParams, String realmDn) throws PolicyException {
if (System.currentTimeMillis() < policyConfigExpiresAt) {
return;
}
if (debug.messageEnabled()) {
debug.message("LDAPFilterCondition.setPolicyConfig():policy config expired, resetting");
}
if (configParams == null) {
debug.error("LDAPFilterCondition.setPolicyConfig():configParams is null");
throw new PolicyException(ResBundleUtils.rbName, "ldapfiltercondition_setpolicyconfig_null_policy_config", null, null);
}
String configuredLdapServer = (String) configParams.get(PolicyConfig.LDAP_SERVER);
if (configuredLdapServer == null) {
debug.error("LDAPFilterCondition.initialize(): failed to get LDAP " + "server name. If you enter more than one server name " + "in the policy config service's Primary LDAP Server " + "field, please make sure the ldap server name is preceded " + "with the local server name.");
throw new PolicyException(ResBundleUtils.rbName, "invalid_ldap_server_host", null, null);
}
ldapServer = configuredLdapServer.toLowerCase();
aliasEnabled = Boolean.valueOf((String) configParams.get(PolicyConfig.USER_ALIAS_ENABLED));
authid = (String) configParams.get(PolicyConfig.LDAP_BIND_DN);
authpw = (String) configParams.get(PolicyConfig.LDAP_BIND_PASSWORD);
if (authpw != null) {
authpw = PolicyUtils.decrypt(authpw);
}
baseDN = (String) configParams.get(PolicyConfig.LDAP_USERS_BASE_DN);
userSearchFilter = (String) configParams.get(PolicyConfig.LDAP_USERS_SEARCH_FILTER);
String scope = (String) configParams.get(PolicyConfig.LDAP_USERS_SEARCH_SCOPE);
userSearchScope = LDAPUtils.getSearchScope(scope, SearchScope.WHOLE_SUBTREE);
userRDNAttrName = (String) configParams.get(PolicyConfig.LDAP_USER_SEARCH_ATTRIBUTE);
try {
timeLimit = Integer.parseInt((String) configParams.get(PolicyConfig.LDAP_SEARCH_TIME_OUT));
maxResults = Integer.parseInt((String) configParams.get(PolicyConfig.LDAP_SEARCH_LIMIT));
minPoolSize = Integer.parseInt((String) configParams.get(PolicyConfig.LDAP_CONNECTION_POOL_MIN_SIZE));
maxPoolSize = Integer.parseInt((String) configParams.get(PolicyConfig.LDAP_CONNECTION_POOL_MAX_SIZE));
} catch (NumberFormatException nfe) {
throw new PolicyException(nfe);
}
String ssl = (String) configParams.get(PolicyConfig.LDAP_SSL_ENABLED);
if (ssl.equalsIgnoreCase("true")) {
sslEnabled = true;
} else {
sslEnabled = false;
}
// get the organization name
if (realmDn != null) {
orgName = realmDn;
}
if (debug.messageEnabled()) {
debug.message("LDAPFilterCondition.setPolicyConfig(): " + "getting params" + "\nldapServer: " + ldapServer + "\nauthid: " + authid + "\nbaseDN: " + baseDN + "\nuserSearchFilter: " + userSearchFilter + "\nuserRDNAttrName: " + userRDNAttrName + "\ntimeLimit: " + timeLimit + "\nmaxResults: " + maxResults + "\nminPoolSize: " + minPoolSize + "\nmaxPoolSize: " + maxPoolSize + "\nSSLEnabled: " + sslEnabled + "\nOrgName: " + orgName);
}
// initialize the connection pool for the ldap server
Options options = Options.defaultOptions().set(CONNECT_TIMEOUT, new Duration((long) timeLimit, TimeUnit.MILLISECONDS));
LDAPConnectionPools.initConnectionPool(ldapServer, authid, authpw, sslEnabled, minPoolSize, maxPoolSize, options);
connPool = LDAPConnectionPools.getConnectionPool(ldapServer);
ShutdownManager shutdownMan = com.sun.identity.common.ShutdownManager.getInstance();
shutdownMan.addShutdownListener(new ShutdownListener() {
public void shutdown() {
if (connPool != null) {
connPool.close();
}
}
});
policyConfigExpiresAt = System.currentTimeMillis() + PolicyConfig.getSubjectsResultTtl(configParams);
}
Also used :
ShutdownListener(org.forgerock.util.thread.listener.ShutdownListener)
Options(org.forgerock.util.Options)
PolicyException(com.sun.identity.policy.PolicyException)
ShutdownManager(com.sun.identity.common.ShutdownManager)
Duration(org.forgerock.util.time.Duration)
Example 13 with Duration
use of org.forgerock.util.time.Duration in project OpenAM by OpenRock.
the class LDAPAuthUtils method createConnectionPool.
private ConnectionFactory createConnectionPool(Map<String, ConnectionFactory> connectionPools, String bindingUser, char[] bindingPwd) throws LdapException, LDAPUtilException {
ConnectionFactory connPool;
try {
String configName = servers.toString() + ":" + bindingUser;
connPool = connectionPools.get(configName);
if (connPool == null) {
synchronized (connectionPools) {
connPool = connectionPools.get(configName);
Options options = Options.defaultOptions().set(REQUEST_TIMEOUT, new Duration((long) operationsTimeout, TimeUnit.MILLISECONDS));
if (connPool == null) {
if (debug.messageEnabled()) {
debug.message("Create ConnectionPool for servers:\n" + servers);
}
// Since connection pool for search and authentication
// are different, each gets half the configured size
int min = minDefaultPoolSize / 2 + 1;
int max = maxDefaultPoolSize / 2;
if (min >= max) {
min = max - 1;
}
Set<LDAPURL> primaryUrls = convertToLDAPURLs(primaryServers);
Set<LDAPURL> secondaryUrls = convertToLDAPURLs(secondaryServers);
if (poolSize != null && !poolSize.isEmpty()) {
String tmpmin = null;
String tmpmax = null;
for (String val : poolSize) {
// host:port:min:max
StringTokenizer stz = new StringTokenizer(val, ":");
if (stz.countTokens() == 4) {
LDAPURL url = LDAPURL.valueOf(stz.nextToken() + ":" + stz.nextToken());
if (primaryUrls.contains(url) || secondaryUrls.contains(url)) {
tmpmin = stz.nextToken();
tmpmax = stz.nextToken();
break;
}
}
}
if (tmpmin != null) {
try {
min = Integer.parseInt(tmpmin);
max = Integer.parseInt(tmpmax);
if (max < min) {
debug.error("ldap connection pool max size is less than min size");
min = minDefaultPoolSize;
max = maxDefaultPoolSize;
}
} catch (NumberFormatException ex) {
debug.error("Invalid ldap connection pool size", ex);
min = minDefaultPoolSize;
max = maxDefaultPoolSize;
}
}
}
if (debug.messageEnabled()) {
debug.message("LDAPAuthUtils.LDAPAuthUtils: min=" + min + ", max=" + max);
}
if (isSecure) {
SSLContextBuilder builder = new SSLContextBuilder();
if (trustAll) {
builder.setTrustManager(TrustManagers.trustAll());
}
SSLContext sslContext = builder.getSSLContext();
options.set(SSL_CONTEXT, sslContext);
if (useStartTLS) {
options.set(SSL_USE_STARTTLS, true);
}
}
final ConnectionFactory connFactory;
ConnectionFactory primaryCf = newFailoverConnectionPool(primaryUrls, bindingUser, bindingPwd, max, heartBeatInterval, heartBeatTimeUnit, options);
if (secondaryServers.isEmpty()) {
connFactory = primaryCf;
} else {
ConnectionFactory secondaryCf = newFailoverConnectionPool(secondaryUrls, bindingUser, bindingPwd, max, heartBeatInterval, heartBeatTimeUnit, options);
connFactory = Connections.newFailoverLoadBalancer(asList(primaryCf, secondaryCf), options);
}
ShutdownManager shutdownMan = com.sun.identity.common.ShutdownManager.getInstance();
shutdownMan.addShutdownListener(new ShutdownListener() {
public void shutdown() {
connFactory.close();
}
});
connPool = connFactory;
connectionPools.put(configName, connPool);
}
}
}
} catch (GeneralSecurityException gse) {
debug.error("Unable to create connection pool", gse);
throw new LDAPUtilException(gse);
}
return connPool;
}
Also used :
Options(org.forgerock.util.Options)
DecodeOptions(org.forgerock.opendj.ldap.DecodeOptions)
GeneralSecurityException(java.security.GeneralSecurityException)
ShutdownManager(com.sun.identity.common.ShutdownManager)
Duration(org.forgerock.util.time.Duration)
ByteString(org.forgerock.opendj.ldap.ByteString)
SSLContext(javax.net.ssl.SSLContext)
ShutdownListener(org.forgerock.util.thread.listener.ShutdownListener)
ConnectionFactory(org.forgerock.opendj.ldap.ConnectionFactory)
LDAPConnectionFactory(org.forgerock.opendj.ldap.LDAPConnectionFactory)
StringTokenizer(java.util.StringTokenizer)
SSLContextBuilder(org.forgerock.opendj.ldap.SSLContextBuilder)
Example 14 with Duration
use of org.forgerock.util.time.Duration in project OpenAM by OpenRock.
the class AddAMSDKIdRepoPlugin method getLDAPConnection.
private ConnectionFactory getLDAPConnection(DSEntry ds) throws Exception {
BindRequest bindRequest = LDAPRequests.newSimpleBindRequest(bindDN, bindPwd.toCharArray());
Options options = Options.defaultOptions().set(CONNECT_TIMEOUT, new Duration((long) 300, TimeUnit.MILLISECONDS)).set(AUTHN_BIND_REQUEST, bindRequest);
if (ds.ssl) {
options = options.set(SSL_CONTEXT, new SSLContextBuilder().getSSLContext());
}
return new LDAPConnectionFactory(ds.host, ds.port, options);
}
Also used :
Options(org.forgerock.util.Options)
BindRequest(org.forgerock.opendj.ldap.requests.BindRequest)
Duration(org.forgerock.util.time.Duration)
LDAPConnectionFactory(org.forgerock.opendj.ldap.LDAPConnectionFactory)
SSLContextBuilder(org.forgerock.opendj.ldap.SSLContextBuilder)
Example 15 with Duration
use of org.forgerock.util.time.Duration in project ddf by codice.
the class LdapLoginConfig method createLdapConnectionFactory.
protected ConnectionFactory createLdapConnectionFactory(String url, Boolean startTls) {
boolean useSsl = url.startsWith("ldaps");
boolean useTls = !url.startsWith("ldaps") && startTls;
Options lo = Options.defaultOptions();
try {
if (useSsl || useTls) {
LOGGER.trace("Setting up secure LDAP connection.");
initializeSslContext();
lo.set(LDAPConnectionFactory.SSL_CONTEXT, sslContext);
} else {
LOGGER.trace("Setting up insecure LDAP connection.");
}
} catch (GeneralSecurityException e) {
LOGGER.info("Error encountered while configuring SSL. Secure connection will fail.", e);
}
lo.set(LDAPConnectionFactory.HEARTBEAT_TIMEOUT, new Duration(30L, TimeUnit.SECONDS));
lo.set(LDAPConnectionFactory.HEARTBEAT_INTERVAL, new Duration(60L, TimeUnit.SECONDS));
lo.set(LDAPConnectionFactory.CONNECT_TIMEOUT, new Duration(30L, TimeUnit.SECONDS));
lo.set(LDAPConnectionFactory.SSL_USE_STARTTLS, useTls);
String cipherSuites = System.getProperty(SecurityConstants.HTTPS_CIPHER_SUITES);
if (cipherSuites != null) {
lo.set(LDAPConnectionFactory.SSL_ENABLED_CIPHER_SUITES, Arrays.asList(cipherSuites.split(",")));
}
String protocols = System.getProperty(HTTPS_PROTOCOLS);
if (protocols != null) {
lo.set(LDAPConnectionFactory.SSL_ENABLED_PROTOCOLS, Arrays.asList(protocols.split(",")));
}
lo.set(LDAPConnectionFactory.TRANSPORT_PROVIDER_CLASS_LOADER, SslLdapLoginModule.class.getClassLoader());
LDAPUrl parsedUrl = LDAPUrl.valueOf(url);
String host = parsedUrl.getHost();
Integer port = parsedUrl.getPort();
auditRemoteConnection(host);
return new LDAPConnectionFactory(host, port, lo);
}
Also used :
Options(org.forgerock.util.Options)
LDAPUrl(org.forgerock.opendj.ldap.LDAPUrl)
GeneralSecurityException(java.security.GeneralSecurityException)
Duration(org.forgerock.util.time.Duration)
LDAPConnectionFactory(org.forgerock.opendj.ldap.LDAPConnectionFactory)
Aggregations
Duration (org.forgerock.util.time.Duration)15
Options (org.forgerock.util.Options)14
LDAPConnectionFactory (org.forgerock.opendj.ldap.LDAPConnectionFactory)9
SSLContextBuilder (org.forgerock.opendj.ldap.SSLContextBuilder)7
ByteString (org.forgerock.opendj.ldap.ByteString)4
ShutdownListener (org.forgerock.util.thread.listener.ShutdownListener)4
PolicyException (com.sun.identity.policy.PolicyException)3
GeneralSecurityException (java.security.GeneralSecurityException)3
ConnectionFactory (org.forgerock.opendj.ldap.ConnectionFactory)3
LdapException (org.forgerock.opendj.ldap.LdapException)3
ShutdownManager (com.sun.identity.common.ShutdownManager)2
IOException (java.io.IOException)2
HashSet (java.util.HashSet)2
Iterator (java.util.Iterator)2
Set (java.util.Set)2
SimpleBindRequest (org.forgerock.opendj.ldap.requests.SimpleBindRequest)2
IdRepoException (com.sun.identity.idm.IdRepoException)1
UnsupportedEncodingException (java.io.UnsupportedEncodingException)1
MalformedURLException (java.net.MalformedURLException)1
StringTokenizer (java.util.StringTokenizer)1
