001/** 002 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER. 003 * 004 * Copyright (c) 2007 Sun Microsystems Inc. All Rights Reserved 005 * 006 * The contents of this file are subject to the terms 007 * of the Common Development and Distribution License 008 * (the License). You may not use this file except in 009 * compliance with the License. 010 * 011 * You can obtain a copy of the License at 012 * https://opensso.dev.java.net/public/CDDLv1.0.html or 013 * opensso/legal/CDDLv1.0.txt 014 * See the License for the specific language governing 015 * permission and limitations under the License. 016 * 017 * When distributing Covered Code, include this CDDL 018 * Header Notice in each file and include the License file 019 * at opensso/legal/CDDLv1.0.txt. 020 * If applicable, add the following below the CDDL Header, 021 * with the fields enclosed by brackets [] replaced by 022 * your own identifying information: 023 * "Portions Copyrighted [year] [name of copyright owner]" 024 * 025 * $Id: DiscoveryConfig.java,v 1.6 2009/02/28 00:59:42 mrudul_uchil Exp $ 026 * 027 */ 028package com.sun.identity.wss.provider; 029 030import java.util.Iterator; 031import java.util.List; 032import java.util.ArrayList; 033 034import com.sun.identity.liberty.ws.disco.DiscoveryClient; 035import com.sun.identity.liberty.ws.disco.DiscoveryException; 036import com.sun.identity.liberty.ws.disco.Description; 037import com.sun.identity.liberty.ws.disco.Directive; 038import com.sun.identity.liberty.ws.disco.InsertEntry; 039import com.sun.identity.liberty.ws.disco.RemoveEntry; 040import com.sun.identity.liberty.ws.disco.Modify; 041import com.sun.identity.liberty.ws.disco.ModifyResponse; 042import com.sun.identity.liberty.ws.disco.ResourceOffering; 043import com.sun.identity.liberty.ws.disco.ResourceID; 044import com.sun.identity.liberty.ws.disco.ServiceInstance; 045import com.sun.identity.liberty.ws.disco.QueryResponse; 046import com.sun.identity.liberty.ws.disco.common.DiscoConstants; 047import com.sun.identity.liberty.ws.common.Status; 048import com.sun.identity.wss.security.SecurityMechanism; 049 050/** 051 * This abstract class <code>DiscoveryConfig</code> represents the 052 * configuration of a Discovery client entity. It extends 053 * <code>TrustAuthorityConfig</code>. 054 * 055 * <p>This class can be extended to define the trust authority config 056 * which is Discovery client configuration. 057 * 058 * <p>Pluggable implementation of this abstract class can choose to store this 059 * configuration in desired configuration store. This pluggable implementation 060 * class can be configured in client's AMConfig.properties as value of 061 * "com.sun.identity.wss.discovery.config.plugin" property 062 * for Discovery client configuration. 063 * 064 * <p>This class also provides methods for registering and un-registering 065 * with the discovery service. All the static methods in this class are for 066 * the persistent operations. 067 * @supported.all.api 068 */ 069 070public abstract class DiscoveryConfig extends TrustAuthorityConfig { 071 072 protected String authServiceEndpoint = null; 073 074 /** Creates a new instance of DiscoveryConfig */ 075 public DiscoveryConfig() {} 076 077 078 /** 079 * Returns Authentication Web Service End point. 080 * @return Authentication Web Service End point 081 */ 082 public String getAuthServiceEndPoint() { 083 return authServiceEndpoint; 084 } 085 086 /** 087 * Sets Authentication Web Service End point. 088 * @param authServiceEndpoint Authentication Web Service End point 089 * 090 */ 091 public void setAuthServiceEndPoint(String authServiceEndpoint) { 092 this.authServiceEndpoint = authServiceEndpoint; 093 } 094 095 /** 096 * Registers the Discovery client configuration with trusted authority. 097 * 098 * @param config the configuration of the Discovery client. 099 * 100 * @param serviceURI the <code>URI</code> of the web services provider. 101 * 102 * @exception ProviderException if any failure. 103 */ 104 public void registerProviderWithTA(ProviderConfig config, 105 String serviceURI) throws ProviderException { 106 107 registerProviderWithTA(config, serviceURI, false); 108 } 109 110 111 /** 112 * Registers the Discovery client configuration with trusted authority. 113 * 114 * @param config the configuration of the Discovery client. 115 * 116 * @param serviceURI the <code>URI</code> of the web services provider. 117 * 118 * @param unregister if true unregisters the service offering with 119 * trusted authority before registration. 120 * 121 * @exception ProviderException if any failure. 122 */ 123 public void registerProviderWithTA(ProviderConfig config, 124 String serviceURI, boolean unregister) throws ProviderException { 125 126 try { 127 if(unregister) { 128 unregisterProviderWithTA(serviceURI); 129 } 130 DiscoveryClient discoClient = new DiscoveryClient(endpoint, null); 131 Modify modifyReq = getDiscoveryModify(config, serviceURI); 132 ModifyResponse response = discoClient.modify(modifyReq); 133 134 Status status = response.getStatus(); 135 if(status != null) { 136 if(status.getCode().getLocalPart().equalsIgnoreCase 137 (DiscoConstants.STATUS_OK)) { 138 return; 139 } else { 140 throw new ProviderException( 141 ProviderUtils.bundle.getString("registrationFailed")); 142 } 143 } 144 throw new ProviderException( 145 ProviderUtils.bundle.getString("registrationFailed")); 146 } catch (DiscoveryException de) { 147 ProviderUtils.debug.error("DiscoveryConfig.registerProviderWith"+ 148 "TA: is failed", de); 149 throw new ProviderException( 150 ProviderUtils.bundle.getString("registrationFailed")); 151 } 152 153 } 154 155 /** 156 * Unregisters the provider with trusted authority. 157 * 158 * @param serviceURI the service <code>URI</code> of the 159 * web services provider. 160 * @exception ProviderException if any failure. 161 */ 162 public void unregisterProviderWithTA(String serviceURI) 163 throws ProviderException { 164 try { 165 DiscoveryClient client = new DiscoveryClient(endpoint, null); 166 client.setResourceID(DiscoConstants.IMPLIED_RESOURCE); 167 List types = new ArrayList(); 168 types.add(serviceURI); 169 QueryResponse result = client.getResourceOffering(types); 170 List offerings = result.getResourceOffering(); 171 if((offerings == null) || (offerings.isEmpty())) { 172 if(ProviderUtils.debug.messageEnabled()) { 173 ProviderUtils.debug.message("DiscoveryConfig." + 174 "unregisterProviderWithTA:: " + 175 "There are no resource offerings"); 176 } 177 return; 178 } 179 180 ResourceOffering offering = (ResourceOffering)offerings.get(0); 181 String entryID = offering.getEntryID(); 182 RemoveEntry remove = new RemoveEntry(entryID); 183 List removes = new ArrayList(); 184 removes.add(remove); 185 186 Modify modify = new Modify(); 187 ResourceID resourceID = 188 new ResourceID(DiscoConstants.IMPLIED_RESOURCE); 189 modify.setResourceID(resourceID); 190 modify.setRemoveEntry(removes); 191 client.modify(modify); 192 } catch (DiscoveryException de) { 193 ProviderUtils.debug.error("DiscoveryConfig.unregisterProviderWith"+ 194 "TA: is failed", de); 195 throw new ProviderException( 196 ProviderUtils.bundle.getString("unregisterFailed")); 197 } 198 } 199 200 private Modify getDiscoveryModify(ProviderConfig config, 201 String serviceURI) throws ProviderException { 202 203 // Register with discovery only if there are liberty security mechs. 204 List securityMech = config.getSecurityMechanisms(); 205 List libertyMech = new ArrayList(); 206 Iterator iter = securityMech.iterator(); 207 while(iter.hasNext()) { 208 String secMech = (String)iter.next(); 209 if(isLibertySecurityMechanism(secMech)) { 210 libertyMech.add(secMech); 211 } 212 } 213 214 if(libertyMech.isEmpty()) { 215 throw new ProviderException( 216 ProviderUtils.bundle.getString("noLibertyMechanisms")); 217 } 218 219 List directives = new ArrayList(); 220 iter = libertyMech.iterator(); 221 while(iter.hasNext()) { 222 String mech = (String)iter.next(); 223 getDirectives(mech, directives); 224 } 225 ResourceID resourceID = 226 new ResourceID(DiscoConstants.IMPLIED_RESOURCE); 227 Description description = 228 new Description(config.getSecurityMechanisms(), 229 null, config.getWSPEndpoint()); 230 ArrayList descriptions = new ArrayList(); 231 descriptions.add(description); 232 233 ServiceInstance serviceInstance = 234 new ServiceInstance(serviceURI, 235 config.getProviderName(), descriptions); 236 ResourceOffering offering = 237 new ResourceOffering(resourceID, serviceInstance); 238 InsertEntry insertEntry = new InsertEntry(offering, null); 239 if(!directives.isEmpty()) { 240 insertEntry.setAny(directives); 241 } 242 ArrayList insertEntries = new ArrayList(); 243 insertEntries.add(insertEntry); 244 return new Modify(resourceID, insertEntries, null); 245 } 246 247 private boolean isLibertySecurityMechanism(String mechanism) { 248 if(mechanism == null) { 249 return false; 250 } 251 252 return SecurityMechanism.getLibertySecurityMechanismURIs(). 253 contains(mechanism); 254 } 255 256 private void getDirectives(String mechanism, List directives) { 257 if(mechanism == null) { 258 return; 259 } 260 if(SecurityMechanism.LIB_NULL_SAML_TOKEN_URI.equals(mechanism) || 261 SecurityMechanism.LIB_TLS_SAML_TOKEN_URI.equals(mechanism) || 262 SecurityMechanism.LIB_CLIENT_TLS_SAML_TOKEN_URI.equals(mechanism)) { 263 Directive dir1 = new Directive(Directive.AUTHENTICATE_REQUESTER); 264 directives.add(dir1); 265 } else if( 266 SecurityMechanism.LIB_NULL_SAML_BEARER_TOKEN_URI.equals(mechanism) || 267 SecurityMechanism.LIB_TLS_SAML_BEARER_TOKEN_URI.equals(mechanism) || 268 SecurityMechanism.LIB_CLIENT_TLS_SAML_BEARER_TOKEN_URI. 269 equals(mechanism)) { 270 Directive dir1 = new Directive(Directive.AUTHENTICATE_REQUESTER); 271 directives.add(dir1); 272 273 Directive dir2 = new Directive(Directive.GENERATE_BEARER_TOKEN); 274 directives.add(dir2); 275 } 276 } 277 278}