/*
* CDDL HEADER START
*
* The contents of this file are subject to the terms of the
* Common Development and Distribution License, Version 1.0 only
* (the "License"). You may not use this file except in compliance
* with the License.
*
* You can obtain a copy of the license at legal-notices/CDDLv1_0.txt
* or http://forgerock.org/license/CDDLv1.0.html.
* See the License for the specific language governing permissions
* and limitations under the License.
*
* When distributing Covered Code, include this CDDL HEADER in each
* file and include the License file at legal-notices/CDDLv1_0.txt.
* If applicable, add the following below this CDDL HEADER, with the
* fields enclosed by brackets "[]" replaced with your own identifying
* information:
* Portions Copyright [yyyy] [name of copyright owner]
*
* CDDL HEADER END
*
*
* Copyright 2006-2008 Sun Microsystems, Inc.
* Portions Copyright 2014-2015 ForgeRock AS
*/
package org.opends.server.core;
import static org.opends.messages.ConfigMessages.*;
import static org.opends.server.util.StaticUtils.*;
import java.util.ArrayList;
import java.util.List;
import java.util.concurrent.ConcurrentHashMap;
import org.forgerock.i18n.LocalizableMessage;
import org.forgerock.i18n.slf4j.LocalizedLogger;
import org.forgerock.opendj.config.server.ConfigException;
import org.forgerock.opendj.ldap.ResultCode;
import org.forgerock.util.Utils;
import org.opends.server.admin.ClassPropertyDefinition;
import org.opends.server.admin.server.ConfigurationAddListener;
import org.opends.server.admin.server.ConfigurationChangeListener;
import org.opends.server.admin.server.ConfigurationDeleteListener;
import org.opends.server.admin.server.ServerManagementContext;
import org.opends.server.admin.std.meta.IdentityMapperCfgDefn;
import org.opends.server.admin.std.server.IdentityMapperCfg;
import org.opends.server.admin.std.server.RootCfg;
import org.opends.server.api.IdentityMapper;
import org.forgerock.opendj.config.server.ConfigChangeResult;
import org.opends.server.types.DN;
import org.opends.server.types.InitializationException;
/**
* This class defines a utility that will be used to manage the set of identity
* mappers defined in the Directory Server. It will initialize the identity
* mappers when the server starts, and then will manage any additions, removals,
* or modifications to any identity mappers while the server is running.
*/
public class IdentityMapperConfigManager
implements ConfigurationChangeListener<IdentityMapperCfg>,
ConfigurationAddListener<IdentityMapperCfg>,
ConfigurationDeleteListener<IdentityMapperCfg>
{
private static final LocalizedLogger logger = LocalizedLogger.getLoggerForThisClass();
/** A mapping between the DNs of the config entries and the associated identity mappers. */
private final ConcurrentHashMap<DN,IdentityMapper> identityMappers;
private final ServerContext serverContext;
/**
* Creates a new instance of this identity mapper config manager.
*
* @param serverContext
* The server context.
*/
public IdentityMapperConfigManager(ServerContext serverContext)
{
this.serverContext = serverContext;
identityMappers = new ConcurrentHashMap<>();
}
/**
* Initializes all identity mappers currently defined in the Directory Server
* configuration. This should only be called at Directory Server startup.
*
* @throws ConfigException If a configuration problem causes the identity
* mapper initialization process to fail.
*
* @throws InitializationException If a problem occurs while initializing
* the identity mappers that is not related
* to the server configuration.
*/
public void initializeIdentityMappers()
throws ConfigException, InitializationException
{
// Get the root configuration object.
ServerManagementContext managementContext =
ServerManagementContext.getInstance();
RootCfg rootConfiguration =
managementContext.getRootConfiguration();
// Register as an add and delete listener with the root configuration so we
// can be notified if any identity mapper entries are added or removed.
rootConfiguration.addIdentityMapperAddListener(this);
rootConfiguration.addIdentityMapperDeleteListener(this);
//Initialize the existing identity mappers.
for (String mapperName : rootConfiguration.listIdentityMappers())
{
IdentityMapperCfg mapperConfiguration =
rootConfiguration.getIdentityMapper(mapperName);
mapperConfiguration.addChangeListener(this);
if (mapperConfiguration.isEnabled())
{
String className = mapperConfiguration.getJavaClass();
try
{
IdentityMapper mapper = loadMapper(className, mapperConfiguration,
true);
identityMappers.put(mapperConfiguration.dn(), mapper);
DirectoryServer.registerIdentityMapper(mapperConfiguration.dn(),
mapper);
}
catch (InitializationException ie)
{
logger.error(ie.getMessageObject());
continue;
}
}
}
// Now that all of the identity mappers are defined, see if the Directory
// Server's proxied auth mapper is valid. If not, then log a warning
// message.
DN mapperDN = DirectoryServer.getProxiedAuthorizationIdentityMapperDN();
if (mapperDN == null)
{
logger.error(ERR_CONFIG_IDMAPPER_NO_PROXY_MAPPER_DN);
}
else if (! identityMappers.containsKey(mapperDN))
{
logger.error(ERR_CONFIG_IDMAPPER_INVALID_PROXY_MAPPER_DN, mapperDN);
}
}
/** {@inheritDoc} */
@Override
public boolean isConfigurationAddAcceptable(
IdentityMapperCfg configuration,
List<LocalizableMessage> unacceptableReasons)
{
if (configuration.isEnabled())
{
// Get the name of the class and make sure we can instantiate it as an
// identity mapper.
String className = configuration.getJavaClass();
try
{
loadMapper(className, configuration, false);
}
catch (InitializationException ie)
{
unacceptableReasons.add(ie.getMessageObject());
return false;
}
}
// If we've gotten here, then it's fine.
return true;
}
/** {@inheritDoc} */
@Override
public ConfigChangeResult applyConfigurationAdd(
IdentityMapperCfg configuration)
{
final ConfigChangeResult ccr = new ConfigChangeResult();
configuration.addChangeListener(this);
if (! configuration.isEnabled())
{
return ccr;
}
IdentityMapper identityMapper = null;
// Get the name of the class and make sure we can instantiate it as an
// identity mapper.
String className = configuration.getJavaClass();
try
{
identityMapper = loadMapper(className, configuration, true);
}
catch (InitializationException ie)
{
ccr.setResultCodeIfSuccess(DirectoryServer.getServerErrorResultCode());
ccr.addMessage(ie.getMessageObject());
}
if (ccr.getResultCode() == ResultCode.SUCCESS)
{
identityMappers.put(configuration.dn(), identityMapper);
DirectoryServer.registerIdentityMapper(configuration.dn(), identityMapper);
}
return ccr;
}
/** {@inheritDoc} */
@Override
public boolean isConfigurationDeleteAcceptable(
IdentityMapperCfg configuration,
List<LocalizableMessage> unacceptableReasons)
{
// FIXME -- We should try to perform some check to determine whether the
// identity mapper is in use.
return true;
}
/** {@inheritDoc} */
@Override
public ConfigChangeResult applyConfigurationDelete(
IdentityMapperCfg configuration)
{
final ConfigChangeResult ccr = new ConfigChangeResult();
DirectoryServer.deregisterIdentityMapper(configuration.dn());
IdentityMapper identityMapper = identityMappers.remove(configuration.dn());
if (identityMapper != null)
{
identityMapper.finalizeIdentityMapper();
}
return ccr;
}
/** {@inheritDoc} */
@Override
public boolean isConfigurationChangeAcceptable(
IdentityMapperCfg configuration,
List<LocalizableMessage> unacceptableReasons)
{
if (configuration.isEnabled())
{
// Get the name of the class and make sure we can instantiate it as an
// identity mapper.
String className = configuration.getJavaClass();
try
{
loadMapper(className, configuration, false);
}
catch (InitializationException ie)
{
unacceptableReasons.add(ie.getMessageObject());
return false;
}
}
// If we've gotten here, then it's fine.
return true;
}
/** {@inheritDoc} */
@Override
public ConfigChangeResult applyConfigurationChange(
IdentityMapperCfg configuration)
{
final ConfigChangeResult ccr = new ConfigChangeResult();
// Get the existing mapper if it's already enabled.
IdentityMapper existingMapper = identityMappers.get(configuration.dn());
// If the new configuration has the mapper disabled, then disable it if it
// is enabled, or do nothing if it's already disabled.
if (! configuration.isEnabled())
{
if (existingMapper != null)
{
DirectoryServer.deregisterIdentityMapper(configuration.dn());
IdentityMapper identityMapper =
identityMappers.remove(configuration.dn());
if (identityMapper != null)
{
identityMapper.finalizeIdentityMapper();
}
}
return ccr;
}
// Get the class for the identity mapper. If the mapper is already enabled,
// then we shouldn't do anything with it although if the class has changed
// then we'll at least need to indicate that administrative action is
// required. If the mapper is disabled, then instantiate the class and
// initialize and register it as an identity mapper.
String className = configuration.getJavaClass();
if (existingMapper != null)
{
if (! className.equals(existingMapper.getClass().getName()))
{
ccr.setAdminActionRequired(true);
}
return ccr;
}
IdentityMapper identityMapper = null;
try
{
identityMapper = loadMapper(className, configuration, true);
}
catch (InitializationException ie)
{
ccr.setResultCodeIfSuccess(DirectoryServer.getServerErrorResultCode());
ccr.addMessage(ie.getMessageObject());
}
if (ccr.getResultCode() == ResultCode.SUCCESS)
{
identityMappers.put(configuration.dn(), identityMapper);
DirectoryServer.registerIdentityMapper(configuration.dn(), identityMapper);
}
return ccr;
}
/**
* Loads the specified class, instantiates it as an identity mapper, and
* optionally initializes that instance.
*
* @param className The fully-qualified name of the identity mapper
* class to load, instantiate, and initialize.
* @param configuration The configuration to use to initialize the identity
* mapper. It must not be {@code null}.
* @param initialize Indicates whether the identity mapper instance
* should be initialized.
*
* @return The possibly initialized identity mapper.
*
* @throws InitializationException If a problem occurred while attempting to
* initialize the identity mapper.
*/
private IdentityMapper loadMapper(String className,
IdentityMapperCfg configuration,
boolean initialize)
throws InitializationException
{
try
{
IdentityMapperCfgDefn definition =
IdentityMapperCfgDefn.getInstance();
ClassPropertyDefinition propertyDefinition =
definition.getJavaClassPropertyDefinition();
Class<? extends IdentityMapper> mapperClass =
propertyDefinition.loadClass(className, IdentityMapper.class);
IdentityMapper mapper = mapperClass.newInstance();
if (initialize)
{
mapper.initializeIdentityMapper(configuration);
}
else
{
List<LocalizableMessage> unacceptableReasons = new ArrayList<>();
if (!mapper.isConfigurationAcceptable(configuration, unacceptableReasons))
{
String reasons = Utils.joinAsString(". ", unacceptableReasons);
throw new InitializationException(
ERR_CONFIG_IDMAPPER_CONFIG_NOT_ACCEPTABLE.get(configuration.dn(), reasons));
}
}
return mapper;
}
catch (Exception e)
{
LocalizableMessage message = ERR_CONFIG_IDMAPPER_INITIALIZATION_FAILED.
get(className, configuration.dn(), stackTraceToSingleLineString(e));
throw new InitializationException(message, e);
}
}
}