[prev in list] [next in list] [prev in thread] [next in thread]
List: forgerock-openam-commit
Subject: [CommitOpenAM] [14909] branches/AME-7692_noRestartsAuth/openam: AME-7689 Merged trunk to branch.
From: noreply () forgerock ! org
Date: 2015-07-31 15:38:52
Message-ID: 20150731153852.83D4A3F8E4 () sources ! internal ! forgerock ! com
[Download RAW message or body]
--===============7964415157822864166==
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: 8bit
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>[14909] branches/AME-7692_noRestartsAuth/openam: AME-7689 Merged trunk to \
branch.</title> </head>
<body>
<style type="text/css"><!--
#msg dl.meta { border: 1px #006 solid; background: #369; padding: 6px; color: #fff; }
#msg dl.meta dt { float: left; width: 6em; font-weight: bold; }
#msg dt:after { content:':';}
#msg dl, #msg dt, #msg ul, #msg li, #header, #footer, #logmsg { font-family: \
verdana,arial,helvetica,sans-serif; font-size: 10pt; } #msg dl a { font-weight: \
bold} #msg dl a:link { color:#fc3; }
#msg dl a:active { color:#ff0; }
#msg dl a:visited { color:#cc6; }
h3 { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; font-weight: \
bold; } #msg pre { overflow: auto; background: #ffc; border: 1px #fa0 solid; padding: \
6px; } #logmsg { background: #ffc; border: 1px #fa0 solid; padding: 1em 1em 0 1em; }
#logmsg p, #logmsg pre, #logmsg blockquote { margin: 0 0 1em 0; }
#logmsg p, #logmsg li, #logmsg dt, #logmsg dd { line-height: 14pt; }
#logmsg h1, #logmsg h2, #logmsg h3, #logmsg h4, #logmsg h5, #logmsg h6 { margin: .5em \
0; } #logmsg h1:first-child, #logmsg h2:first-child, #logmsg h3:first-child, #logmsg \
h4:first-child, #logmsg h5:first-child, #logmsg h6:first-child { margin-top: 0; } \
#logmsg ul, #logmsg ol { padding: 0; list-style-position: inside; margin: 0 0 0 1em; \
} #logmsg ul { text-indent: -1em; padding-left: 1em; }#logmsg ol { text-indent: \
-1.5em; padding-left: 1.5em; } #logmsg > ul, #logmsg > ol { margin: 0 0 1em 0; }
#logmsg pre { background: #eee; padding: 1em; }
#logmsg blockquote { border: 1px solid #fa0; border-left-width: 10px; padding: 1em \
1em 0 1em; background: white;} #logmsg dl { margin: 0; }
#logmsg dt { font-weight: bold; }
#logmsg dd { margin: 0; padding: 0 0 0.5em 0; }
#logmsg dd:before { content:'\00bb';}
#logmsg table { border-spacing: 0px; border-collapse: collapse; border-top: 4px solid \
#fa0; border-bottom: 1px solid #fa0; background: #fff; } #logmsg table th { \
text-align: left; font-weight: normal; padding: 0.2em 0.5em; border-top: 1px dotted \
#fa0; } #logmsg table td { text-align: right; border-top: 1px dotted #fa0; padding: \
0.2em 0.5em; } #logmsg table thead th { text-align: center; border-bottom: 1px solid \
#fa0; } #logmsg table th.Corner { text-align: left; }
#logmsg hr { border: none 0; border-top: 2px dashed #fa0; height: 1px; }
#header, #footer { color: #fff; background: #636; border: 1px #300 solid; padding: \
6px; } #patch { width: 100%; }
#patch h4 {font-family: \
verdana,arial,helvetica,sans-serif;font-size:10pt;padding:8px;background:#369;color:#fff;margin:0;}
#patch .propset h4, #patch .binary h4 {margin:0;}
#patch pre {padding:0;line-height:1.2em;margin:0;}
#patch .diff {width:100%;background:#eee;padding: 0 0 10px 0;overflow:auto;}
#patch .propset .diff, #patch .binary .diff {padding:10px 0;}
#patch span {display:block;padding:0 10px;}
#patch .modfile, #patch .addfile, #patch .delfile, #patch .propset, #patch .binary, \
#patch .copfile {border:1px solid #ccc;margin:10px 0;} #patch ins \
{background:#dfd;text-decoration:none;display:block;padding:0 10px;} #patch del \
{background:#fdd;text-decoration:none;display:block;padding:0 10px;} #patch .lines, \
.info {color:#888;background:#fff;}
--></style>
<div id="msg">
<dl class="meta">
<dt>Revision</dt> <dd><a \
href="http://sources.forgerock.org/changelog/openam/?cs=14909">14909</a></dd> \
<dt>Author</dt> <dd>BrianB</dd> <dt>Date</dt> <dd>2015-07-31 16:38:51 +0100 (Fri, 31 \
Jul 2015)</dd> </dl>
<h3>Log Message</h3>
<pre>AME-7689 Merged trunk to branch.</pre>
<h3>Modified Paths</h3>
<ul>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamauditopenamauditcontextpomxml" \
>branches/AME-7692_noRestartsAuth/openam/openam-audit/openam-audit-context/pom.xml</a></li>
>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamauditopenamauditcorepomxml">br \
anches/AME-7692_noRestartsAuth/openam/openam-audit/openam-audit-core/pom.xml</a></li> \
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamauditopenamauditcoresrcmainjav \
aorgforgerockopenamauditAMAccessAuditEventBuilderjava">branches/AME-7692_noRestartsAut \
h/openam/openam-audit/openam-audit-core/src/main/java/org/forgerock/openam/audit/AMAccessAuditEventBuilder.java</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamauditopenamauditcoresrcmainja \
vaorgforgerockopenamauditAMAuditEventBuilderUtilsjava">branches/AME-7692_noRestartsAut \
h/openam/openam-audit/openam-audit-core/src/main/java/org/forgerock/openam/audit/AMAuditEventBuilderUtils.java</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamauditopenamauditcoresrcmainja \
vaorgforgerockopenamauditAuditConstantsjava">branches/AME-7692_noRestartsAuth/openam/o \
penam-audit/openam-audit-core/src/main/java/org/forgerock/openam/audit/AuditConstants.java</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamauditopenamauditcoresrcmainja \
vaorgforgerockopenamauditAuditCoreGuiceModulejava">branches/AME-7692_noRestartsAuth/op \
enam/openam-audit/openam-audit-core/src/main/java/org/forgerock/openam/audit/AuditCoreGuiceModule.java</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamauditopenamauditcoresrcmainja \
vaorgforgerockopenamauditAuditEventFactoryjava">branches/AME-7692_noRestartsAuth/opena \
m/openam-audit/openam-audit-core/src/main/java/org/forgerock/openam/audit/AuditEventFactory.java</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamauditopenamauditcoresrcmainja \
vaorgforgerockopenamauditAuditEventPublisherjava">branches/AME-7692_noRestartsAuth/ope \
nam/openam-audit/openam-audit-core/src/main/java/org/forgerock/openam/audit/AuditEventPublisher.java</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamauditopenamauditcoresrcmainja \
vaorgforgerockopenamauditAuditServiceProviderImpljava">branches/AME-7692_noRestartsAut \
h/openam/openam-audit/openam-audit-core/src/main/java/org/forgerock/openam/audit/AuditServiceProviderImpl.java</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamauditopenamauditcoresrctestja \
vaorgforgerockopenamauditAMAccessAuditEventBuilderTestjava">branches/AME-7692_noRestar \
tsAuth/openam/openam-audit/openam-audit-core/src/test/java/org/forgerock/openam/audit/AMAccessAuditEventBuilderTest.java</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamauditopenamauditcoresrctestja \
vaorgforgerockopenamauditAuditEventPublisherTestjava">branches/AME-7692_noRestartsAuth \
/openam/openam-audit/openam-audit-core/src/test/java/org/forgerock/openam/audit/AuditEventPublisherTest.java</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamauditopenamauditcoresrctestja \
vaorgforgerockopenamauditAuditServiceProviderImplTestjava">branches/AME-7692_noRestart \
sAuth/openam/openam-audit/openam-audit-core/src/test/java/org/forgerock/openam/audit/AuditServiceProviderImplTest.java</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamauditopenamauditcoresrctestre \
sourcesaccesseventjson">branches/AME-7692_noRestartsAuth/openam/openam-audit/openam-audit-core/src/test/resources/access-event.json</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamauditpomxml">branches/AME-7692_noRestartsAuth/openam/openam-audit/pom.xml</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamauthenticationopenamauthoaths \
rcmainjavaorgforgerockopenamauthenticationmodulesoathOATHjava">branches/AME-7692_noRes \
tartsAuth/openam/openam-authentication/openam-auth-oath/src/main/java/org/forgerock/openam/authentication/modules/oath/OATH.java</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamauthenticationopenamauthoaths \
rcmainjavaorgforgerockopenamauthenticationmodulesoathOathGuiceModulejava">branches/AME \
-7692_noRestartsAuth/openam/openam-authentication/openam-auth-oath/src/main/java/org/forgerock/openam/authentication/modules/oath/OathGuiceModule.java</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamauthenticationopenamauthoaths \
rcmainresourcesamAuthOATHproperties">branches/AME-7692_noRestartsAuth/openam/openam-authentication/openam-auth-oath/src/main/resources/amAuthOATH.properties</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamauthenticationopenamauthoaths \
rcmainresourcesamAuthOATHxml">branches/AME-7692_noRestartsAuth/openam/openam-authentication/openam-auth-oath/src/main/resources/amAuthOATH.xml</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamauthenticationopenamauthoaths \
rctestjavaorgforgerockopenamauthenticationmodulesoathOathMakerTestjava">branches/AME-7 \
692_noRestartsAuth/openam/openam-authentication/openam-auth-oath/src/test/java/org/forgerock/openam/authentication/modules/oath/OathMakerTest.java</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamcliopenamclidefinitionssrcmai \
njavacomsunidentityclidefinitionAccessManagerjava">branches/AME-7692_noRestartsAuth/op \
enam/openam-cli/openam-cli-definitions/src/main/java/com/sun/identity/cli/definition/AccessManager.java</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamconsolesrcmainwebappconsolese \
rviceServerEditUMAjsp">branches/AME-7692_noRestartsAuth/openam/openam-console/src/main/webapp/console/service/ServerEditUMA.jsp</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamcorepomxml">branches/AME-7692_noRestartsAuth/openam/openam-core/pom.xml</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamcoresrcmainjavacomiplanetamut \
ilAMSendMailjava">branches/AME-7692_noRestartsAuth/openam/openam-core/src/main/java/com/iplanet/am/util/AMSendMail.java</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamcoresrcmainjavacomiplanetdpro \
sessionserviceSessionRequestHandlerjava">branches/AME-7692_noRestartsAuth/openam/opena \
m-core/src/main/java/com/iplanet/dpro/session/service/SessionRequestHandler.java</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamcoresrcmainjavacomiplanetdpro \
sessionshareSessionRequestjava">branches/AME-7692_noRestartsAuth/openam/openam-core/src/main/java/com/iplanet/dpro/session/share/SessionRequest.java</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamcoresrcmainjavacomiplanetserv \
icescommserverPLLRequestServletjava">branches/AME-7692_noRestartsAuth/openam/openam-co \
re/src/main/java/com/iplanet/services/comm/server/PLLRequestServlet.java</a></li> \
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamcoresrcmainjavacomiplanetservi \
cescommserverRequestHandlerjava">branches/AME-7692_noRestartsAuth/openam/openam-core/src/main/java/com/iplanet/services/comm/server/RequestHandler.java</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamcoresrcmainjavacomiplanetserv \
icesldapeventEventServicejava">branches/AME-7692_noRestartsAuth/openam/openam-core/src/main/java/com/iplanet/services/ldap/event/EventService.java</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamcoresrcmainjavacomiplanetserv \
icesnamingserviceNamingServicejava">branches/AME-7692_noRestartsAuth/openam/openam-core/src/main/java/com/iplanet/services/naming/service/NamingService.java</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamcoresrcmainjavacomiplanetumsD \
ataLayerjava">branches/AME-7692_noRestartsAuth/openam/openam-core/src/main/java/com/iplanet/ums/DataLayer.java</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamcoresrcmainjavacomsunidentity \
authenticationclientAuthClientUtilsjava">branches/AME-7692_noRestartsAuth/openam/opena \
m-core/src/main/java/com/sun/identity/authentication/client/AuthClientUtils.java</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamcoresrcmainjavacomsunidentity \
authenticationserverAuthXMLHandlerjava">branches/AME-7692_noRestartsAuth/openam/openam \
-core/src/main/java/com/sun/identity/authentication/server/AuthXMLHandler.java</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamcoresrcmainjavacomsunidentity \
authenticationserviceAuthDjava">branches/AME-7692_noRestartsAuth/openam/openam-core/src/main/java/com/sun/identity/authentication/service/AuthD.java</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamcoresrcmainjavacomsunidentity \
authenticationserviceLoginStatejava">branches/AME-7692_noRestartsAuth/openam/openam-co \
re/src/main/java/com/sun/identity/authentication/service/LoginState.java</a></li> \
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamcoresrcmainjavacomsunidentityc \
ommonDebugPropertiesObserverjava">branches/AME-7692_noRestartsAuth/openam/openam-core/src/main/java/com/sun/identity/common/DebugPropertiesObserver.java</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamcoresrcmainjavacomsunidentity \
idmserverIdCachedServicesImpljava">branches/AME-7692_noRestartsAuth/openam/openam-core/src/main/java/com/sun/identity/idm/server/IdCachedServicesImpl.java</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamcoresrcmainjavacomsunidentity \
logs1isLogSSOTokenDetailsjava">branches/AME-7692_noRestartsAuth/openam/openam-core/src/main/java/com/sun/identity/log/s1is/LogSSOTokenDetails.java</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamcoresrcmainjavacomsunidentity \
logserviceLogOperationjava">branches/AME-7692_noRestartsAuth/openam/openam-core/src/main/java/com/sun/identity/log/service/LogOperation.java</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamcoresrcmainjavacomsunidentity \
logserviceLogRecWritejava">branches/AME-7692_noRestartsAuth/openam/openam-core/src/main/java/com/sun/identity/log/service/LogRecWrite.java</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamcoresrcmainjavacomsunidentity \
logserviceLogServicejava">branches/AME-7692_noRestartsAuth/openam/openam-core/src/main/java/com/sun/identity/log/service/LogService.java</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamcoresrcmainjavacomsunidentity \
passworduimodelPWResetAdminLogjava">branches/AME-7692_noRestartsAuth/openam/openam-core/src/main/java/com/sun/identity/password/ui/model/PWResetAdminLog.java</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamcoresrcmainjavacomsunidentity \
passworduimodelPWResetModelImpljava">branches/AME-7692_noRestartsAuth/openam/openam-co \
re/src/main/java/com/sun/identity/password/ui/model/PWResetModelImpl.java</a></li> \
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamcoresrcmainjavacomsunidentityp \
olicyremotePolicyRequestjava">branches/AME-7692_noRestartsAuth/openam/openam-core/src/main/java/com/sun/identity/policy/remote/PolicyRequest.java</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamcoresrcmainjavacomsunidentity \
policyremotePolicyRequestHandlerjava">branches/AME-7692_noRestartsAuth/openam/openam-c \
ore/src/main/java/com/sun/identity/policy/remote/PolicyRequestHandler.java</a></li> \
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamcoresrcmainjavacomsunidentitys \
etupEmbeddedOpenDSjava">branches/AME-7692_noRestartsAuth/openam/openam-core/src/main/java/com/sun/identity/setup/EmbeddedOpenDS.java</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamcoresrcmainjavacomsunidentity \
smSMSPropertiesObserverjava">branches/AME-7692_noRestartsAuth/openam/openam-core/src/main/java/com/sun/identity/sm/SMSPropertiesObserver.java</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamcoresrcmainjavaorgforgerockop \
enamcoreguiceDataLayerGuiceModulejava">branches/AME-7692_noRestartsAuth/openam/openam- \
core/src/main/java/org/forgerock/openam/core/guice/DataLayerGuiceModule.java</a></li> \
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamcoresrcmainjavaorgforgerockope \
namctsapifieldsResourceSetTokenFieldjava">branches/AME-7692_noRestartsAuth/openam/open \
am-core/src/main/java/org/forgerock/openam/cts/api/fields/ResourceSetTokenField.java</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamcoresrcmainjavaorgforgerockop \
enamsmdatalayerapiConnectionTypejava">branches/AME-7692_noRestartsAuth/openam/openam-c \
ore/src/main/java/org/forgerock/openam/sm/datalayer/api/ConnectionType.java</a></li> \
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamcoresrcmainjavaorgforgerockope \
namsmdatalayerapiDataLayerConstantsjava">branches/AME-7692_noRestartsAuth/openam/opena \
m-core/src/main/java/org/forgerock/openam/sm/datalayer/api/DataLayerConstants.java</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamcoresrcmainjavaorgforgerockop \
enamsmdatalayerimplldapLdapDataLayerConnectionModulejava">branches/AME-7692_noRestarts \
Auth/openam/openam-core/src/main/java/org/forgerock/openam/sm/datalayer/impl/ldap/LdapDataLayerConnectionModule.java</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamcoresrcmainjavaorgforgerockop \
enamsmdatalayerutilsConnectionCountjava">branches/AME-7692_noRestartsAuth/openam/opena \
m-core/src/main/java/org/forgerock/openam/sm/datalayer/utils/ConnectionCount.java</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamcoresrcmainjavaorgforgerockop \
enamsmdatalayerutilsTimeoutConfigjava">branches/AME-7692_noRestartsAuth/openam/openam- \
core/src/main/java/org/forgerock/openam/sm/datalayer/utils/TimeoutConfig.java</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamcoresrcmainjavaorgforgerockop \
enamxuiXUIFilterjava">branches/AME-7692_noRestartsAuth/openam/openam-core/src/main/java/org/forgerock/openam/xui/XUIFilter.java</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamcoresrcmainresourcesamConsole \
properties">branches/AME-7692_noRestartsAuth/openam/openam-core/src/main/resources/amConsole.properties</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamcoresrcmainresourcesamUpgrade \
properties">branches/AME-7692_noRestartsAuth/openam/openam-core/src/main/resources/amUpgrade.properties</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamcoresrctestjavaorgforgerockop \
enamcoreguiceDataLayerGuiceModuleTestjava">branches/AME-7692_noRestartsAuth/openam/ope \
nam-core/src/test/java/org/forgerock/openam/core/guice/DataLayerGuiceModuleTest.java</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamcoresrctestjavaorgforgerockop \
enamsmdatalayerimplPooledTaskExecutorTestjava">branches/AME-7692_noRestartsAuth/openam \
/openam-core/src/test/java/org/forgerock/openam/sm/datalayer/impl/PooledTaskExecutorTest.java</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamcoresrctestjavaorgforgerockop \
enamsmdatalayerutilsConnectionCountTestjava">branches/AME-7692_noRestartsAuth/openam/o \
penam-core/src/test/java/org/forgerock/openam/sm/datalayer/utils/ConnectionCountTest.java</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamcoresrctestjavaorgforgerockop \
enamxuiXUIFilterTestjava">branches/AME-7692_noRestartsAuth/openam/openam-core/src/test/java/org/forgerock/openam/xui/XUIFilterTest.java</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamdocumentationopenamdoclogmess \
agerefsrcmainresourceslogmessagesprefaceheader">branches/AME-7692_noRestartsAuth/opena \
m/openam-documentation/openam-doc-log-message-ref/src/main/resources/log-messages-preface.header</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamfederationOpenFMsrcmainscript \
sbinssoadm">branches/AME-7692_noRestartsAuth/openam/openam-federation/OpenFM/src/main/scripts/bin/ssoadm</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamfederationopenamidpdiscoverys \
rcmainjavacomsunidentitysaml2idpdiscoveryDebugjava">branches/AME-7692_noRestartsAuth/o \
penam/openam-federation/openam-idpdiscovery/src/main/java/com/sun/identity/saml2/idpdiscovery/Debug.java</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamoauth2srcmainjavaorgforgerock \
openamoauth2OpenAMClientRegistrationStorejava">branches/AME-7692_noRestartsAuth/openam \
/openam-oauth2/src/main/java/org/forgerock/openam/oauth2/OpenAMClientRegistrationStore.java</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamoauth2srcmainjavaorgforgerock \
openamoauth2OpenAMOAuth2ProviderSettingsFactoryjava">branches/AME-7692_noRestartsAuth/ \
openam/openam-oauth2/src/main/java/org/forgerock/openam/oauth2/OpenAMOAuth2ProviderSettingsFactory.java</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamoauth2srcmainjavaorgforgerock \
openamoauth2OpenAMResourceOwnerAuthenticatorjava">branches/AME-7692_noRestartsAuth/ope \
nam/openam-oauth2/src/main/java/org/forgerock/openam/oauth2/OpenAMResourceOwnerAuthenticator.java</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamoauth2srcmainjavaorgforgerock \
openamoauth2OpenAMTokenStorejava">branches/AME-7692_noRestartsAuth/openam/openam-oauth2/src/main/java/org/forgerock/openam/oauth2/OpenAMTokenStore.java</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamoauth2srcmainjavaorgforgerock \
openamoauth2guiceOAuth2GuiceModulejava">branches/AME-7692_noRestartsAuth/openam/openam \
-oauth2/src/main/java/org/forgerock/openam/oauth2/guice/OAuth2GuiceModule.java</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamoauth2srcmainjavaorgforgerock \
openamopenidconnectCheckSessionImpljava">branches/AME-7692_noRestartsAuth/openam/opena \
m-oauth2/src/main/java/org/forgerock/openam/openidconnect/CheckSessionImpl.java</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamoauth2srctestjavaorgforgerock \
openamoauth2OpenAMTokenStoreTestjava">branches/AME-7692_noRestartsAuth/openam/openam-o \
auth2/src/test/java/org/forgerock/openam/oauth2/OpenAMTokenStoreTest.java</a></li> \
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamoauth2commonoauth2coresrcmainj \
avaorgforgerockoauth2coreAccessTokenVerifierjava">branches/AME-7692_noRestartsAuth/ope \
nam/openam-oauth2-common/oauth2-core/src/main/java/org/forgerock/oauth2/core/AccessTokenVerifier.java</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamoauth2commonoauth2coresrcmain \
javaorgforgerockoauth2coreClientRegistrationStorejava">branches/AME-7692_noRestartsAut \
h/openam/openam-oauth2-common/oauth2-core/src/main/java/org/forgerock/oauth2/core/ClientRegistrationStore.java</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamoauth2commonoauth2coresrcmain \
javaorgforgerockoauth2coreOAuth2Constantsjava">branches/AME-7692_noRestartsAuth/openam \
/openam-oauth2-common/oauth2-core/src/main/java/org/forgerock/oauth2/core/OAuth2Constants.java</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamoauth2commonoauth2coresrcmain \
javaorgforgerockoauth2coreOAuth2ProviderSettingsFactoryjava">branches/AME-7692_noResta \
rtsAuth/openam/openam-oauth2-common/oauth2-core/src/main/java/org/forgerock/oauth2/core/OAuth2ProviderSettingsFactory.java</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamoauth2commonoauth2coresrcmain \
javaorgforgerockoauth2coreOAuth2TokenIntrospectionHandlerjava">branches/AME-7692_noRes \
tartsAuth/openam/openam-oauth2-common/oauth2-core/src/main/java/org/forgerock/oauth2/core/OAuth2TokenIntrospectionHandler.java</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamoauth2commonoauth2coresrcmain \
javaorgforgerockoauth2coreResourceOwnerAuthenticatorjava">branches/AME-7692_noRestarts \
Auth/openam/openam-oauth2-common/oauth2-core/src/main/java/org/forgerock/oauth2/core/ResourceOwnerAuthenticator.java</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamoauth2commonoauth2coresrcmain \
javaorgforgerockoauth2coreTokenStorejava">branches/AME-7692_noRestartsAuth/openam/open \
am-oauth2-common/oauth2-core/src/main/java/org/forgerock/oauth2/core/TokenStore.java</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamoauth2commonoauth2restletsrcm \
ainjavaorgforgerockoauth2restletresourcesResourceSetDescriptionValidatorjava">branches \
/AME-7692_noRestartsAuth/openam/openam-oauth2-common/oauth2-restlet/src/main/java/org/forgerock/oauth2/restlet/resources/ResourceSetDescriptionValidator.java</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamoauth2commonoauth2restletsrcm \
ainjavaorgforgerockopenamoauth2AccessTokenProtectionFilterjava">branches/AME-7692_noRe \
startsAuth/openam/openam-oauth2-common/oauth2-restlet/src/main/java/org/forgerock/openam/oauth2/AccessTokenProtectionFilter.java</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamoauth2commonopenidconnectcores \
rcmainjavaorgforgerockopenidconnectCheckSessionjava">branches/AME-7692_noRestartsAuth/ \
openam/openam-oauth2-common/openid-connect-core/src/main/java/org/forgerock/openidconnect/CheckSession.java</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamoauth2commonopenidconnectcore \
srcmainjavaorgforgerockopenidconnectOpenIdConnectAuthorizeRequestValidatorjava">branch \
es/AME-7692_noRestartsAuth/openam/openam-oauth2-common/openid-connect-core/src/main/ja \
va/org/forgerock/openidconnect/OpenIdConnectAuthorizeRequestValidator.java</a></li> \
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamoauth2commonopenidconnectcores \
rcmainjavaorgforgerockopenidconnectOpenIdConnectClientRegistrationStorejava">branches/ \
AME-7692_noRestartsAuth/openam/openam-oauth2-common/openid-connect-core/src/main/java/org/forgerock/openidconnect/OpenIdConnectClientRegistrationStore.java</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamoauth2commonopenidconnectcore \
srctestjavaorgforgerockopenidconnectOpenIdConnectAuthorizeRequestValidatorTestjava">br \
anches/AME-7692_noRestartsAuth/openam/openam-oauth2-common/openid-connect-core/src/tes \
t/java/org/forgerock/openidconnect/OpenIdConnectAuthorizeRequestValidatorTest.java</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamoauth2commonopenidconnectrest \
letsrcmainjavaorgforgerockopenidconnectrestletEndSessionjava">branches/AME-7692_noRest \
artsAuth/openam/openam-oauth2-common/openid-connect-restlet/src/main/java/org/forgerock/openidconnect/restlet/EndSession.java</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamoauth2commonopenidconnectrest \
letsrctestjavaorgforgerockopenidconnectrestletEndSessionTestjava">branches/AME-7692_no \
RestartsAuth/openam/openam-oauth2-common/openid-connect-restlet/src/test/java/org/forgerock/openidconnect/restlet/EndSessionTest.java</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamrestsrcmainjavaorgforgerockop \
enamforgerockrestauthnRestAuthenticationHandlerjava">branches/AME-7692_noRestartsAuth/ \
openam/openam-rest/src/main/java/org/forgerock/openam/forgerockrest/authn/RestAuthenticationHandler.java</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamrestsrcmainjavaorgforgerockop \
enamforgerockrestutilsServerContextUtilsjava">branches/AME-7692_noRestartsAuth/openam/ \
openam-rest/src/main/java/org/forgerock/openam/forgerockrest/utils/ServerContextUtils.java</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamrestsrcmainjavaorgforgerockop \
enamrestRestEndpointServletjava">branches/AME-7692_noRestartsAuth/openam/openam-rest/src/main/java/org/forgerock/openam/rest/RestEndpointServlet.java</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamrestsrcmainjavaorgforgerockop \
enamrestRestEndpointsjava">branches/AME-7692_noRestartsAuth/openam/openam-rest/src/main/java/org/forgerock/openam/rest/RestEndpoints.java</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamrestsrcmainjavaorgforgerockop \
enamrestdevicesOathDeviceSettingsjava">branches/AME-7692_noRestartsAuth/openam/openam- \
rest/src/main/java/org/forgerock/openam/rest/devices/OathDeviceSettings.java</a></li> \
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamrestsrcmainjavaorgforgerockope \
namrestdevicesOathDevicesResourcejava">branches/AME-7692_noRestartsAuth/openam/openam- \
rest/src/main/java/org/forgerock/openam/rest/devices/OathDevicesResource.java</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamrestsrcmainjavaorgforgerockop \
enamrestdevicesUserDevicesDaojava">branches/AME-7692_noRestartsAuth/openam/openam-rest/src/main/java/org/forgerock/openam/rest/devices/UserDevicesDao.java</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamrestsrcmainjavaorgforgerockop \
enamrestdevicesservicesDeviceServicejava">branches/AME-7692_noRestartsAuth/openam/open \
am-rest/src/main/java/org/forgerock/openam/rest/devices/services/DeviceService.java</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamrestsrcmainjavaorgforgerockop \
enamrestdevicesservicesOathServicejava">branches/AME-7692_noRestartsAuth/openam/openam \
-rest/src/main/java/org/forgerock/openam/rest/devices/services/OathService.java</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamrestsrcmainjavaorgforgerockop \
enamrestdevicesservicesOathServiceFactoryjava">branches/AME-7692_noRestartsAuth/openam \
/openam-rest/src/main/java/org/forgerock/openam/rest/devices/services/OathServiceFactory.java</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamrestsrcmainjavaorgforgerockop \
enamrestdevicesservicesTrustedDeviceServicejava">branches/AME-7692_noRestartsAuth/open \
am/openam-rest/src/main/java/org/forgerock/openam/rest/devices/services/TrustedDeviceService.java</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamrestsrcmainjavaorgforgerockop \
enamrestfluentAbstractAuditingResultHandlerjava">branches/AME-7692_noRestartsAuth/open \
am/openam-rest/src/main/java/org/forgerock/openam/rest/fluent/AbstractAuditingResultHandler.java</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamrestsrcmainjavaorgforgerockop \
enamrestoauth2ResourceSetResourcejava">branches/AME-7692_noRestartsAuth/openam/openam- \
rest/src/main/java/org/forgerock/openam/rest/oauth2/ResourceSetResource.java</a></li> \
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamrestsrcmainjavaorgforgerockope \
namrestoauth2ResourceSetServicejava">branches/AME-7692_noRestartsAuth/openam/openam-re \
st/src/main/java/org/forgerock/openam/rest/oauth2/ResourceSetService.java</a></li> \
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamrestsrcmainjavaorgforgerockope \
namrestsmsSmsRealmProviderjava">branches/AME-7692_noRestartsAuth/openam/openam-rest/src/main/java/org/forgerock/openam/rest/sms/SmsRealmProvider.java</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamrestsrcmainjavaorgforgerockop \
enamrestumaPendingRequestResourcejava">branches/AME-7692_noRestartsAuth/openam/openam- \
rest/src/main/java/org/forgerock/openam/rest/uma/PendingRequestResource.java</a></li> \
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamrestsrcmainresourcesOATHxml">b \
ranches/AME-7692_noRestartsAuth/openam/openam-rest/src/main/resources/OATH.xml</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamrestsrcmainresourcesOATHServi \
ceproperties">branches/AME-7692_noRestartsAuth/openam/openam-rest/src/main/resources/OATHService.properties</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamrestsrctestjavaorgforgerockop \
enamrestdashboardOathDevicesResourceTestjava">branches/AME-7692_noRestartsAuth/openam/ \
openam-rest/src/test/java/org/forgerock/openam/rest/dashboard/OathDevicesResourceTest.java</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamrestsrctestjavaorgforgerockop \
enamrestoauth2ResourceSetResourceTestjava">branches/AME-7692_noRestartsAuth/openam/ope \
nam-rest/src/test/java/org/forgerock/openam/rest/oauth2/ResourceSetResourceTest.java</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamserveronlypomxml">branches/AME-7692_noRestartsAuth/openam/openam-server-only/pom.xml</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamserveronlysrcmainresourcesMET \
AINFservicescomgoogleinjectAbstractModule">branches/AME-7692_noRestartsAuth/openam/ope \
nam-server-only/src/main/resources/META-INF/services/com.google.inject.AbstractModule</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamserveronlysrcmainresourcescom \
sunidentityconsolepropertyServerEditUMAxml">branches/AME-7692_noRestartsAuth/openam/op \
enam-server-only/src/main/resources/com/sun/identity/console/propertyServerEditUMA.xml</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamserveronlysrcmainresourcescon \
figschemaNamesproperties">branches/AME-7692_noRestartsAuth/openam/openam-server-only/src/main/resources/config/schemaNames.properties</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamserveronlysrcmainresourcescon \
figserviceNamesproperties">branches/AME-7692_noRestartsAuth/openam/openam-server-only/src/main/resources/config/serviceNames.properties</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamserveronlysrcmainresourcescon \
figvalidserverconfigproperties">branches/AME-7692_noRestartsAuth/openam/openam-server-only/src/main/resources/config/validserverconfig.properties</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamserveronlysrcmainwebappWEBINF \
templatesmsdefaultDelegationPoliciesxml">branches/AME-7692_noRestartsAuth/openam/opena \
m-server-only/src/main/webapp/WEB-INF/template/sms/defaultDelegationPolicies.xml</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamserveronlysrcmainwebappWEBINF \
templatesmsserverdefaultsproperties">branches/AME-7692_noRestartsAuth/openam/openam-se \
rver-only/src/main/webapp/WEB-INF/template/sms/serverdefaults.properties</a></li> \
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamsharedsrcmainjavacomsunidentit \
yshareddebugfileimplDebugFileImpljava">branches/AME-7692_noRestartsAuth/openam/openam- \
shared/src/main/java/com/sun/identity/shared/debug/file/impl/DebugFileImpl.java</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamsharedsrcmainjavacomsunidenti \
tysharedlocaleLocalejava">branches/AME-7692_noRestartsAuth/openam/openam-shared/src/main/java/com/sun/identity/shared/locale/Locale.java</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamuiopenamuicommonpomxml">branches/AME-7692_noRestartsAuth/openam/openam-ui/openam-ui-common/pom.xml</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamuiopenamuicommonsrcmainjsorgf \
orgerockopenamuicommondelegatesSiteConfigurationDelegatejs">branches/AME-7692_noRestar \
tsAuth/openam/openam-ui/openam-ui-common/src/main/js/org/forgerock/openam/ui/common/delegates/SiteConfigurationDelegate.js</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamuiopenamuipolicypomxml">branches/AME-7692_noRestartsAuth/openam/openam-ui/openam-ui-policy/pom.xml</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamuiopenamuipolicysrcmainjsorgf \
orgerockopenamuipolicycommonUtilsjs">branches/AME-7692_noRestartsAuth/openam/openam-ui \
/openam-ui-policy/src/main/js/org/forgerock/openam/ui/policy/common/Utils.js</a></li> \
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamuiopenamuiriapomxml">branches/AME-7692_noRestartsAuth/openam/openam-ui/openam-ui-ria/pom.xml</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamuiopenamuiriasrcmainjsconfigA \
ppConfigurationjs">branches/AME-7692_noRestartsAuth/openam/openam-ui/openam-ui-ria/src/main/js/config/AppConfiguration.js</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamuiopenamuiriasrcmainjsconfigA \
ppMessagesjs">branches/AME-7692_noRestartsAuth/openam/openam-ui/openam-ui-ria/src/main/js/config/AppMessages.js</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamuiopenamuiriasrcmainjsconfigr \
outesadminRealmsRoutesjs">branches/AME-7692_noRestartsAuth/openam/openam-ui/openam-ui-ria/src/main/js/config/routes/admin/RealmsRoutes.js</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamuiopenamuiriasrcmainjsconfigr \
outesuserUMARoutesjs">branches/AME-7692_noRestartsAuth/openam/openam-ui/openam-ui-ria/src/main/js/config/routes/user/UMARoutes.js</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamuiopenamuiriasrcmainjsmainjs" \
>branches/AME-7692_noRestartsAuth/openam/openam-ui/openam-ui-ria/src/main/js/main.js</a></li>
>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamuiopenamuiriasrcmainjsorgforge \
rockopenamuiadmindelegatesSMSGlobalDelegatejs">branches/AME-7692_noRestartsAuth/openam \
/openam-ui/openam-ui-ria/src/main/js/org/forgerock/openam/ui/admin/delegates/SMSGlobalDelegate.js</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamuiopenamuiriasrcmainjsorgforg \
erockopenamuiadminmainjs">branches/AME-7692_noRestartsAuth/openam/openam-ui/openam-ui-ria/src/main/js/org/forgerock/openam/ui/admin/main.js</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamuiopenamuiriasrcmainjsorgforg \
erockopenamuiadminviewsrealmsCreateUpdateRealmDialogjs">branches/AME-7692_noRestartsAu \
th/openam/openam-ui/openam-ui-ria/src/main/js/org/forgerock/openam/ui/admin/views/realms/CreateUpdateRealmDialog.js</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamuiopenamuiriasrcmainjsorgforg \
erockopenamuiadminviewsrealmsdashboardDashboardViewjs">branches/AME-7692_noRestartsAut \
h/openam/openam-ui/openam-ui-ria/src/main/js/org/forgerock/openam/ui/admin/views/realms/dashboard/DashboardView.js</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamuiopenamuiriasrcmainjsorgforg \
erockopenamuiadminviewsrealmspoliciesapplicationsApplicationsViewjs">branches/AME-7692 \
_noRestartsAuth/openam/openam-ui/openam-ui-ria/src/main/js/org/forgerock/openam/ui/admin/views/realms/policies/applications/ApplicationsView.js</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamuiopenamuiriasrcmainjsorgforg \
erockopenamuiadminviewsrealmspoliciesapplicationsEditApplicationViewjs">branches/AME-7 \
692_noRestartsAuth/openam/openam-ui/openam-ui-ria/src/main/js/org/forgerock/openam/ui/admin/views/realms/policies/applications/EditApplicationView.js</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamuiopenamuiriasrcmainjsorgforg \
erockopenamuiadminviewsrealmspoliciescommonAbstractListViewjs">branches/AME-7692_noRes \
tartsAuth/openam/openam-ui/openam-ui-ria/src/main/js/org/forgerock/openam/ui/admin/views/realms/policies/common/AbstractListView.js</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamuiopenamuiriasrcmainjsorgforg \
erockopenamuiadminviewsrealmspoliciescommonStripedListViewjs">branches/AME-7692_noRest \
artsAuth/openam/openam-ui/openam-ui-ria/src/main/js/org/forgerock/openam/ui/admin/views/realms/policies/common/StripedListView.js</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamuiopenamuiriasrcmainjsorgforg \
erockopenamuiadminviewsrealmspoliciespoliciesEditPolicyViewjs">branches/AME-7692_noRes \
tartsAuth/openam/openam-ui/openam-ui-ria/src/main/js/org/forgerock/openam/ui/admin/views/realms/policies/policies/EditPolicyView.js</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamuiopenamuiriasrcmainjsorgforg \
erockopenamuiadminviewsrealmspoliciespoliciesPoliciesViewjs">branches/AME-7692_noResta \
rtsAuth/openam/openam-ui/openam-ui-ria/src/main/js/org/forgerock/openam/ui/admin/views/realms/policies/policies/PoliciesView.js</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamuiopenamuiriasrcmainjsorgforg \
erockopenamuiadminviewsrealmspoliciespoliciesconditionsConditionAttrArrayViewjs">branc \
hes/AME-7692_noRestartsAuth/openam/openam-ui/openam-ui-ria/src/main/js/org/forgerock/o \
penam/ui/admin/views/realms/policies/policies/conditions/ConditionAttrArrayView.js</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamuiopenamuiriasrcmainjsorgforg \
erockopenamuiadminviewsrealmspoliciespoliciesconditionsConditionAttrBaseViewjs">branch \
es/AME-7692_noRestartsAuth/openam/openam-ui/openam-ui-ria/src/main/js/org/forgerock/op \
enam/ui/admin/views/realms/policies/policies/conditions/ConditionAttrBaseView.js</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamuiopenamuiriasrcmainjsorgforg \
erockopenamuiadminviewsrealmspoliciespoliciesconditionsEditEnvironmentViewjs">branches \
/AME-7692_noRestartsAuth/openam/openam-ui/openam-ui-ria/src/main/js/org/forgerock/open \
am/ui/admin/views/realms/policies/policies/conditions/EditEnvironmentView.js</a></li> \
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamuiopenamuiriasrcmainjsorgforge \
rockopenamuiadminviewsrealmspoliciespoliciesconditionsEditSubjectViewjs">branches/AME- \
7692_noRestartsAuth/openam/openam-ui/openam-ui-ria/src/main/js/org/forgerock/openam/ui/admin/views/realms/policies/policies/conditions/EditSubjectView.js</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamuiopenamuiriasrcmainjsorgforg \
erockopenamuiadminviewsrealmspoliciespoliciesconditionsLegacyListItemViewjs">branches/ \
AME-7692_noRestartsAuth/openam/openam-ui/openam-ui-ria/src/main/js/org/forgerock/opena \
m/ui/admin/views/realms/policies/policies/conditions/LegacyListItemView.js</a></li> \
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamuiopenamuiriasrcmainjsorgforge \
rockopenamuiadminviewsrealmspoliciespoliciesconditionsManageRulesViewjs">branches/AME- \
7692_noRestartsAuth/openam/openam-ui/openam-ui-ria/src/main/js/org/forgerock/openam/ui/admin/views/realms/policies/policies/conditions/ManageRulesView.js</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamuiopenamuiriasrcmainjsorgforg \
erockopenamuiadminviewsrealmspoliciespoliciesconditionsOperatorRulesViewjs">branches/A \
ME-7692_noRestartsAuth/openam/openam-ui/openam-ui-ria/src/main/js/org/forgerock/openam \
/ui/admin/views/realms/policies/policies/conditions/OperatorRulesView.js</a></li> \
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamuiopenamuiriasrcmainjsorgforge \
rockopenamuiadminviewsrealmspoliciesresourceTypesEditResourceTypeViewjs">branches/AME- \
7692_noRestartsAuth/openam/openam-ui/openam-ui-ria/src/main/js/org/forgerock/openam/ui/admin/views/realms/policies/resourceTypes/EditResourceTypeView.js</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamuiopenamuiriasrcmainjsorgforg \
erockopenamuiadminviewsrealmspoliciesresourceTypesResourceTypesViewjs">branches/AME-76 \
92_noRestartsAuth/openam/openam-ui/openam-ui-ria/src/main/js/org/forgerock/openam/ui/admin/views/realms/policies/resourceTypes/ResourceTypesView.js</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamuiopenamuiriasrcmainjsorgforg \
erockopenamuiadminviewsrealmsscriptsEditScriptViewjs">branches/AME-7692_noRestartsAuth \
/openam/openam-ui/openam-ui-ria/src/main/js/org/forgerock/openam/ui/admin/views/realms/scripts/EditScriptView.js</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamuiopenamuiriasrcmainjsorgforg \
erockopenamuiadminviewsrealmsscriptsScriptsViewjs">branches/AME-7692_noRestartsAuth/op \
enam/openam-ui/openam-ui-ria/src/main/js/org/forgerock/openam/ui/admin/views/realms/scripts/ScriptsView.js</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamuiopenamuiriasrcmainjsorgforg \
erockopenamuiumadelegatesUMADelegatejs">branches/AME-7692_noRestartsAuth/openam/openam \
-ui/openam-ui-ria/src/main/js/org/forgerock/openam/ui/uma/delegates/UMADelegate.js</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamuiopenamuiriasrcmainjsorgforg \
erockopenamuiumamainjs">branches/AME-7692_noRestartsAuth/openam/openam-ui/openam-ui-ria/src/main/js/org/forgerock/openam/ui/uma/main.js</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamuiopenamuiriasrcmainjsorgforg \
erockopenamuiumamodelsUMAPolicyjs">branches/AME-7692_noRestartsAuth/openam/openam-ui/o \
penam-ui-ria/src/main/js/org/forgerock/openam/ui/uma/models/UMAPolicy.js</a></li> \
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamuiopenamuiriasrcmainjsorgforge \
rockopenamuiumamodelsUMAPolicyPermissionjs">branches/AME-7692_noRestartsAuth/openam/op \
enam-ui/openam-ui-ria/src/main/js/org/forgerock/openam/ui/uma/models/UMAPolicyPermission.js</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamuiopenamuiriasrcmainjsorgforg \
erockopenamuiumamodelsUMAPolicyPermissionScopejs">branches/AME-7692_noRestartsAuth/ope \
nam/openam-ui/openam-ui-ria/src/main/js/org/forgerock/openam/ui/uma/models/UMAPolicyPermissionScope.js</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamuiopenamuiriasrcmainjsorgforg \
erockopenamuiumamodelsUMAResourceSetWithPolicyjs">branches/AME-7692_noRestartsAuth/ope \
nam/openam-ui/openam-ui-ria/src/main/js/org/forgerock/openam/ui/uma/models/UMAResourceSetWithPolicy.js</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamuiopenamuiriasrcmainjsorgforg \
erockopenamuiuserloginRESTLoginViewjs">branches/AME-7692_noRestartsAuth/openam/openam- \
ui/openam-ui-ria/src/main/js/org/forgerock/openam/ui/user/login/RESTLoginView.js</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamuiopenamuiriasrcmainresources \
cssopenamconsoleless">branches/AME-7692_noRestartsAuth/openam/openam-ui/openam-ui-ria/src/main/resources/css/openam/console.less</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamuiopenamuiriasrcmainresources \
cssopenamopenamless">branches/AME-7692_noRestartsAuth/openam/openam-ui/openam-ui-ria/src/main/resources/css/openam/openam.less</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamuiopenamuiriasrcmainresources \
cssopenampoliciesless">branches/AME-7692_noRestartsAuth/openam/openam-ui/openam-ui-ria/src/main/resources/css/openam/policies.less</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamuiopenamuiriasrcmainresources \
cssopenamumaless">branches/AME-7692_noRestartsAuth/openam/openam-ui/openam-ui-ria/src/main/resources/css/openam/uma.less</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamuiopenamuiriasrcmainresources \
localesentranslationjson">branches/AME-7692_noRestartsAuth/openam/openam-ui/openam-ui-ria/src/main/resources/locales/en/translation.json</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamuiopenamuiriasrcmainresources \
partialsheaders_Titlehtml">branches/AME-7692_noRestartsAuth/openam/openam-ui/openam-ui-ria/src/main/resources/partials/headers/_Title.html</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamuiopenamuiriasrcmainresources \
partialsheaders_TitleWithSubAndIconhtml">branches/AME-7692_noRestartsAuth/openam/opena \
m-ui/openam-ui-ria/src/main/resources/partials/headers/_TitleWithSubAndIcon.html</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamuiopenamuiriasrcmainresources \
templatesadminviewsrealmspoliciesapplicationsEditApplicationTemplatehtml">branches/AME \
-7692_noRestartsAuth/openam/openam-ui/openam-ui-ria/src/main/resources/templates/admin/views/realms/policies/applications/EditApplicationTemplate.html</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamuiopenamuiriasrcmainresources \
templatesadminviewsrealmspoliciespoliciesconditionsConditionAttrDatehtml">branches/AME \
-7692_noRestartsAuth/openam/openam-ui/openam-ui-ria/src/main/resources/templates/admin/views/realms/policies/policies/conditions/ConditionAttrDate.html</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamuiopenamuiriasrcmainresources \
templatesadminviewsrealmspoliciesresourceTypesEditResourceTypeTemplatehtml">branches/A \
ME-7692_noRestartsAuth/openam/openam-ui/openam-ui-ria/src/main/resources/templates/admin/views/realms/policies/resourceTypes/EditResourceTypeTemplate.html</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamuiopenamuiriasrcmainresources \
templatesadminviewsrealmsscriptsEditScriptTemplatehtml">branches/AME-7692_noRestartsAu \
th/openam/openam-ui/openam-ui-ria/src/main/resources/templates/admin/views/realms/scripts/EditScriptTemplate.html</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamuiopenamuiscriptspomxml">branches/AME-7692_noRestartsAuth/openam/openam-ui/openam-ui-scripts/pom.xml</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamumasrcmainjavaorgforgerockope \
namumaAuthorizationRequestEndpointjava">branches/AME-7692_noRestartsAuth/openam/openam \
-uma/src/main/java/org/forgerock/openam/uma/AuthorizationRequestEndpoint.java</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamumasrcmainjavaorgforgerockope \
namumaPendingRequestEmailTemplatejava">branches/AME-7692_noRestartsAuth/openam/openam- \
uma/src/main/java/org/forgerock/openam/uma/PendingRequestEmailTemplate.java</a></li> \
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamumasrcmainjavaorgforgerockopen \
amumaPendingRequestsServicejava">branches/AME-7692_noRestartsAuth/openam/openam-uma/src/main/java/org/forgerock/openam/uma/PendingRequestsService.java</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamumasrcmainjavaorgforgerockope \
namumaUmaConstantsjava">branches/AME-7692_noRestartsAuth/openam/openam-uma/src/main/java/org/forgerock/openam/uma/UmaConstants.java</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamumasrcmainjavaorgforgerockope \
namumaUmaExceptionjava">branches/AME-7692_noRestartsAuth/openam/openam-uma/src/main/java/org/forgerock/openam/uma/UmaException.java</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamumasrcmainjavaorgforgerockope \
namumaUmaExceptionFilterjava">branches/AME-7692_noRestartsAuth/openam/openam-uma/src/main/java/org/forgerock/openam/uma/UmaExceptionFilter.java</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamumasrcmainjavaorgforgerockope \
namumaUmaGuiceModulejava">branches/AME-7692_noRestartsAuth/openam/openam-uma/src/main/java/org/forgerock/openam/uma/UmaGuiceModule.java</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamumasrcmainjavaorgforgerockope \
namumaUmaProviderSettingsjava">branches/AME-7692_noRestartsAuth/openam/openam-uma/src/main/java/org/forgerock/openam/uma/UmaProviderSettings.java</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamumasrcmainjavaorgforgerockope \
namumaUmaProviderSettingsFactoryjava">branches/AME-7692_noRestartsAuth/openam/openam-u \
ma/src/main/java/org/forgerock/openam/uma/UmaProviderSettingsFactory.java</a></li> \
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamumasrcmainjavaorgforgerockopen \
amumaUmaSettingsjava">branches/AME-7692_noRestartsAuth/openam/openam-uma/src/main/java/org/forgerock/openam/uma/UmaSettings.java</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamumasrcmainjavaorgforgerockope \
namumaUmaSettingsImpljava">branches/AME-7692_noRestartsAuth/openam/openam-uma/src/main/java/org/forgerock/openam/uma/UmaSettingsImpl.java</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamumasrcmainjavaorgforgerockope \
namumaUmaTokenStorejava">branches/AME-7692_noRestartsAuth/openam/openam-uma/src/main/java/org/forgerock/openam/uma/UmaTokenStore.java</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamumasrcmainjavaorgforgerockope \
namumaauditUmaAuditLoggerjava">branches/AME-7692_noRestartsAuth/openam/openam-uma/src/main/java/org/forgerock/openam/uma/audit/UmaAuditLogger.java</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamumasrcmainresourcesUmaProvide \
rproperties">branches/AME-7692_noRestartsAuth/openam/openam-uma/src/main/resources/UmaProvider.properties</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamumasrcmainresourcesUmaProvide \
rxml">branches/AME-7692_noRestartsAuth/openam/openam-uma/src/main/resources/UmaProvider.xml</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamumasrctestjavaorgforgerockope \
namumaAuthorizationRequestEndpointTestjava">branches/AME-7692_noRestartsAuth/openam/op \
enam-uma/src/test/java/org/forgerock/openam/uma/AuthorizationRequestEndpointTest.java</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamumasrctestjavaorgforgerockope \
namumaUmaExceptionFilterTestjava">branches/AME-7692_noRestartsAuth/openam/openam-uma/src/test/java/org/forgerock/openam/uma/UmaExceptionFilterTest.java</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamumasrctestjavaorgforgerockope \
namumaUmaTokenStoreTestjava">branches/AME-7692_noRestartsAuth/openam/openam-uma/src/test/java/org/forgerock/openam/uma/UmaTokenStoreTest.java</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamupgradesrcmainjavaorgforgeroc \
kopenamupgradehelpersRestApiUpgradeHelperjava">branches/AME-7692_noRestartsAuth/openam \
/openam-upgrade/src/main/java/org/forgerock/openam/upgrade/helpers/RestApiUpgradeHelper.java</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamupgradesrcmainjavaorgforgeroc \
kopenamupgradestepsTwoStepVerificationUpgradeStepjava">branches/AME-7692_noRestartsAut \
h/openam/openam-upgrade/src/main/java/org/forgerock/openam/upgrade/steps/TwoStepVerificationUpgradeStep.java</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenampomxml">branches/AME-7692_noRestartsAuth/openam/pom.xml</a></li>
</ul>
<h3>Added Paths</h3>
<ul>
<li>branches/AME-7692_noRestartsAuth/openam/openam-audit/openam-audit-configuration/</li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamauditopenamauditconfiguration \
pomxml">branches/AME-7692_noRestartsAuth/openam/openam-audit/openam-audit-configuration/pom.xml</a></li>
<li>branches/AME-7692_noRestartsAuth/openam/openam-audit/openam-audit-configuration/src/</li>
<li>branches/AME-7692_noRestartsAuth/openam/openam-audit/openam-audit-configuration/src/main/</li>
<li>branches/AME-7692_noRestartsAuth/openam/openam-audit/openam-audit-configuration/src/main/java/</li>
<li>branches/AME-7692_noRestartsAuth/openam/openam-audit/openam-audit-configuration/src/main/java/org/</li>
<li>branches/AME-7692_noRestartsAuth/openam/openam-audit/openam-audit-configuration/src/main/java/org/forgerock/</li>
<li>branches/AME-7692_noRestartsAuth/openam/openam-audit/openam-audit-configuration/src/main/java/org/forgerock/openam/</li>
<li>branches/AME-7692_noRestartsAuth/openam/openam-audit/openam-audit-configuration/src/main/java/org/forgerock/openam/audit/</li>
<li>branches/AME-7692_noRestartsAuth/openam/openam-audit/openam-audit-configuration/src/main/java/org/forgerock/openam/audit/configuration/</li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamauditopenamauditconfiguration \
srcmainjavaorgforgerockopenamauditconfigurationAuditConfigurationGuiceModulejava">bran \
ches/AME-7692_noRestartsAuth/openam/openam-audit/openam-audit-configuration/src/main/j \
ava/org/forgerock/openam/audit/configuration/AuditConfigurationGuiceModule.java</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamauditopenamauditconfiguration \
srcmainjavaorgforgerockopenamauditconfigurationAuditServiceConfiguratorImpljava">branc \
hes/AME-7692_noRestartsAuth/openam/openam-audit/openam-audit-configuration/src/main/ja \
va/org/forgerock/openam/audit/configuration/AuditServiceConfiguratorImpl.java</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamauditopenamauditconfiguration \
srcmainjavaorgforgerockopenamauditconfigurationAuditTopicChoiceValuesjava">branches/AM \
E-7692_noRestartsAuth/openam/openam-audit/openam-audit-configuration/src/main/java/org/forgerock/openam/audit/configuration/AuditTopicChoiceValues.java</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamauditopenamauditconfiguration \
srcmainjavaorgforgerockopenamauditconfigurationAuditTopicDefaultValuesjava">branches/A \
ME-7692_noRestartsAuth/openam/openam-audit/openam-audit-configuration/src/main/java/org/forgerock/openam/audit/configuration/AuditTopicDefaultValues.java</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamauditopenamauditconfiguration \
srcmainjavaorgforgerockopenamauditconfigurationpackageinfojava">branches/AME-7692_noRe \
startsAuth/openam/openam-audit/openam-audit-configuration/src/main/java/org/forgerock/openam/audit/configuration/package-info.java</a></li>
<li>branches/AME-7692_noRestartsAuth/openam/openam-audit/openam-audit-configuration/src/main/resources/</li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamauditopenamauditconfiguration \
srcmainresourcesauditproperties">branches/AME-7692_noRestartsAuth/openam/openam-audit/openam-audit-configuration/src/main/resources/audit.properties</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamauditopenamauditconfiguration \
srcmainresourcesauditxml">branches/AME-7692_noRestartsAuth/openam/openam-audit/openam-audit-configuration/src/main/resources/audit.xml</a></li>
<li>branches/AME-7692_noRestartsAuth/openam/openam-audit/openam-audit-configuration/src/test/</li>
<li>branches/AME-7692_noRestartsAuth/openam/openam-audit/openam-audit-configuration/src/test/java/</li>
<li>branches/AME-7692_noRestartsAuth/openam/openam-audit/openam-audit-core/src/main/java/org/forgerock/openam/audit/configuration/</li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamauditopenamauditcoresrcmainja \
vaorgforgerockopenamauditconfigurationAMAuditServiceConfigurationjava">branches/AME-76 \
92_noRestartsAuth/openam/openam-audit/openam-audit-core/src/main/java/org/forgerock/openam/audit/configuration/AMAuditServiceConfiguration.java</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamauditopenamauditcoresrcmainja \
vaorgforgerockopenamauditconfigurationAuditServiceConfiguratorjava">branches/AME-7692_ \
noRestartsAuth/openam/openam-audit/openam-audit-core/src/main/java/org/forgerock/openam/audit/configuration/AuditServiceConfigurator.java</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamauditopenamauditcoresrcmainja \
vaorgforgerockopenamauditconfigurationpackageinfojava">branches/AME-7692_noRestartsAut \
h/openam/openam-audit/openam-audit-core/src/main/java/org/forgerock/openam/audit/configuration/package-info.java</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamcoresrcmainjavacomiplanetserv \
icescommserverPLLAuditorjava">branches/AME-7692_noRestartsAuth/openam/openam-core/src/main/java/com/iplanet/services/comm/server/PLLAuditor.java</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamcoresrcmainjavacomsunidentity \
commonLocaleContextjava">branches/AME-7692_noRestartsAuth/openam/openam-core/src/main/java/com/sun/identity/common/LocaleContext.java</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamcoresrcmainjavacomsunidentity \
logserviceAgentLogParserjava">branches/AME-7692_noRestartsAuth/openam/openam-core/src/main/java/com/sun/identity/log/service/AgentLogParser.java</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamcoresrcmainjavaorgforgerockop \
enamsmdatalayerimplldapExternalConnectionConfigProviderjava">branches/AME-7692_noResta \
rtsAuth/openam/openam-core/src/main/java/org/forgerock/openam/sm/datalayer/impl/ldap/ExternalConnectionConfigProvider.java</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamcoresrcmainjavaorgforgerockop \
enamutilsRealmNormaliserjava">branches/AME-7692_noRestartsAuth/openam/openam-core/src/main/java/org/forgerock/openam/utils/RealmNormaliser.java</a></li>
<li>branches/AME-7692_noRestartsAuth/openam/openam-core/src/test/java/com/sun/identity/log/</li>
<li>branches/AME-7692_noRestartsAuth/openam/openam-core/src/test/java/com/sun/identity/log/service/</li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamcoresrctestjavacomsunidentity \
logserviceAgentLogParserTestjava">branches/AME-7692_noRestartsAuth/openam/openam-core/src/test/java/com/sun/identity/log/service/AgentLogParserTest.java</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamoauth2srcmainjavaorgforgerock \
openamoauth2resourcesResourceSetLabelRegistrationjava">branches/AME-7692_noRestartsAut \
h/openam/openam-oauth2/src/main/java/org/forgerock/openam/oauth2/resources/ResourceSetLabelRegistration.java</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamoauth2srcmainjavaorgforgerock \
openamoauth2resourcesResourceSetRegistrationEndpointjava">branches/AME-7692_noRestarts \
Auth/openam/openam-oauth2/src/main/java/org/forgerock/openam/oauth2/resources/ResourceSetRegistrationEndpoint.java</a></li>
<li>branches/AME-7692_noRestartsAuth/openam/openam-oauth2/src/main/java/org/forgerock/openam/oauth2/resources/labels/</li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamoauth2srcmainjavaorgforgerock \
openamoauth2resourceslabelsLabelTypejava">branches/AME-7692_noRestartsAuth/openam/open \
am-oauth2/src/main/java/org/forgerock/openam/oauth2/resources/labels/LabelType.java</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamoauth2srcmainjavaorgforgerock \
openamoauth2resourceslabelsLabelsConstantsjava">branches/AME-7692_noRestartsAuth/opena \
m/openam-oauth2/src/main/java/org/forgerock/openam/oauth2/resources/labels/LabelsConstants.java</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamoauth2srcmainjavaorgforgerock \
openamoauth2resourceslabelsLabelsDataLayerConfigurationjava">branches/AME-7692_noResta \
rtsAuth/openam/openam-oauth2/src/main/java/org/forgerock/openam/oauth2/resources/labels/LabelsDataLayerConfiguration.java</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamoauth2srcmainjavaorgforgerock \
openamoauth2resourceslabelsLabelsGuiceModulejava">branches/AME-7692_noRestartsAuth/ope \
nam/openam-oauth2/src/main/java/org/forgerock/openam/oauth2/resources/labels/LabelsGuiceModule.java</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamoauth2srcmainjavaorgforgerock \
openamoauth2resourceslabelsResourceSetLabeljava">branches/AME-7692_noRestartsAuth/open \
am/openam-oauth2/src/main/java/org/forgerock/openam/oauth2/resources/labels/ResourceSetLabel.java</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamoauth2srcmainjavaorgforgerock \
openamoauth2resourceslabelsUmaLabelsStorejava">branches/AME-7692_noRestartsAuth/openam \
/openam-oauth2/src/main/java/org/forgerock/openam/oauth2/resources/labels/UmaLabelsStore.java</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamoauth2srctestjavaorgforgerock \
openamoauth2resourcesResourceSetLabelRegistrationTestjava">branches/AME-7692_noRestart \
sAuth/openam/openam-oauth2/src/test/java/org/forgerock/openam/oauth2/resources/ResourceSetLabelRegistrationTest.java</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamoauth2srctestjavaorgforgerock \
openamoauth2resourcesResourceSetRegistrationEndpointTestjava">branches/AME-7692_noRest \
artsAuth/openam/openam-oauth2/src/test/java/org/forgerock/openam/oauth2/resources/ResourceSetRegistrationEndpointTest.java</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamrestsrcmainjavaorgforgerockop \
enamforgerockrestUmaLabelResourcejava">branches/AME-7692_noRestartsAuth/openam/openam- \
rest/src/main/java/org/forgerock/openam/forgerockrest/UmaLabelResource.java</a></li> \
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamrestsrcmainjavaorgforgerockope \
namforgerockrestutilsRequestHolderjava">branches/AME-7692_noRestartsAuth/openam/openam \
-rest/src/main/java/org/forgerock/openam/forgerockrest/utils/RequestHolder.java</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamrestsrcmainjavaorgforgerockop \
enamrestdevicesDeviceSerialisationjava">branches/AME-7692_noRestartsAuth/openam/openam \
-rest/src/main/java/org/forgerock/openam/rest/devices/DeviceSerialisation.java</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamrestsrcmainjavaorgforgerockop \
enamrestdevicesEncryptedJwtDeviceSerialisationjava">branches/AME-7692_noRestartsAuth/o \
penam/openam-rest/src/main/java/org/forgerock/openam/rest/devices/EncryptedJwtDeviceSerialisation.java</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamrestsrcmainjavaorgforgerockop \
enamrestdevicesJsonDeviceSerialisationjava">branches/AME-7692_noRestartsAuth/openam/op \
enam-rest/src/main/java/org/forgerock/openam/rest/devices/JsonDeviceSerialisation.java</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamrestsrcmainjavaorgforgerockop \
enamrestumaUmaEnabledFilterjava">branches/AME-7692_noRestartsAuth/openam/openam-rest/src/main/java/org/forgerock/openam/rest/uma/UmaEnabledFilter.java</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamrestsrctestjavaorgforgerockop \
enamrestumaUmaEnabledFilterTestjava">branches/AME-7692_noRestartsAuth/openam/openam-re \
st/src/test/java/org/forgerock/openam/rest/uma/UmaEnabledFilterTest.java</a></li> \
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamrestsrctestjavaorgforgerockope \
namrestumaUmaLabelResourceTestjava">branches/AME-7692_noRestartsAuth/openam/openam-rest/src/test/java/org/forgerock/openam/rest/uma/UmaLabelResourceTest.java</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamserveronlysrcmainwebappWEBINF \
templateldifopendjopendj_uma_labels_schemaldif">branches/AME-7692_noRestartsAuth/opena \
m/openam-server-only/src/main/webapp/WEB-INF/template/ldif/opendj/opendj_uma_labels_schema.ldif</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamserveronlysrcmainwebappWEBINF \
templateldifopendjopendj_uma_resource_set_labelsldif">branches/AME-7692_noRestartsAuth \
/openam/openam-server-only/src/main/webapp/WEB-INF/template/ldif/opendj/opendj_uma_resource_set_labels.ldif</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamserveronlysrcmainwebappWEBINF \
templatesms2faDelegationPoliciesxml">branches/AME-7692_noRestartsAuth/openam/openam-se \
rver-only/src/main/webapp/WEB-INF/template/sms/2faDelegationPolicies.xml</a></li> \
<li>branches/AME-7692_noRestartsAuth/openam/openam-shared/src/main/java/org/forgerock/openam/shared/security/crypto/</li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamsharedsrcmainjavaorgforgerock \
openamsharedsecuritycryptoKeyStoreBuilderjava">branches/AME-7692_noRestartsAuth/openam \
/openam-shared/src/main/java/org/forgerock/openam/shared/security/crypto/KeyStoreBuilder.java</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamsharedsrcmainjavaorgforgerock \
openamsharedsecuritycryptoKeyStoreTypejava">branches/AME-7692_noRestartsAuth/openam/op \
enam-shared/src/main/java/org/forgerock/openam/shared/security/crypto/KeyStoreType.java</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamuiopenamuicommonsrcmainjsorgf \
orgerockopenamuicommoncomponentsTreeNavigationjs">branches/AME-7692_noRestartsAuth/ope \
nam/openam-ui/openam-ui-common/src/main/js/org/forgerock/openam/ui/common/components/TreeNavigation.js</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamuiopenamuiriasrcmainjsorgforg \
erockopenamuiadminviewsrealmsRealmTreeNavigationViewjs">branches/AME-7692_noRestartsAu \
th/openam/openam-ui/openam-ui-ria/src/main/js/org/forgerock/openam/ui/admin/views/realms/RealmTreeNavigationView.js</a></li>
<li>branches/AME-7692_noRestartsAuth/openam/openam-ui/openam-ui-ria/src/main/js/org/forgerock/openam/ui/uma/views/request/</li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamuiopenamuiriasrcmainjsorgforg \
erockopenamuiumaviewsrequestEditRequestjs">branches/AME-7692_noRestartsAuth/openam/ope \
nam-ui/openam-ui-ria/src/main/js/org/forgerock/openam/ui/uma/views/request/EditRequest.js</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamuiopenamuiriasrcmainjsorgforg \
erockopenamuiumaviewsrequestListRequestjs">branches/AME-7692_noRestartsAuth/openam/ope \
nam-ui/openam-ui-ria/src/main/js/org/forgerock/openam/ui/uma/views/request/ListRequest.js</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamuiopenamuiriasrcmainjsorgforg \
erockopenamuiumaviewsresourceBasePagejs">branches/AME-7692_noRestartsAuth/openam/opena \
m-ui/openam-ui-ria/src/main/js/org/forgerock/openam/ui/uma/views/resource/BasePage.js</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamuiopenamuiriasrcmainjsorgforg \
erockopenamuiumaviewsresourceLabelTreeNavigationViewjs">branches/AME-7692_noRestartsAu \
th/openam/openam-ui/openam-ui-ria/src/main/js/org/forgerock/openam/ui/uma/views/resource/LabelTreeNavigationView.js</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamuiopenamuiriasrcmainjsorgforg \
erockopenamuiumaviewsresourceMyLabelsPagejs">branches/AME-7692_noRestartsAuth/openam/o \
penam-ui/openam-ui-ria/src/main/js/org/forgerock/openam/ui/uma/views/resource/MyLabelsPage.js</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamuiopenamuiriasrcmainjsorgforg \
erockopenamuiumaviewsresourceMyResourcesPagejs">branches/AME-7692_noRestartsAuth/opena \
m/openam-ui/openam-ui-ria/src/main/js/org/forgerock/openam/ui/uma/views/resource/MyResourcesPage.js</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamuiopenamuiriasrcmainjsorgforg \
erockopenamuiumaviewsresourceResourcePagejs">branches/AME-7692_noRestartsAuth/openam/o \
penam-ui/openam-ui-ria/src/main/js/org/forgerock/openam/ui/uma/views/resource/ResourcePage.js</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamuiopenamuiriasrcmainjsorgforg \
erockopenamuiumaviewsresourceSharedWithMePagejs">branches/AME-7692_noRestartsAuth/open \
am/openam-ui/openam-ui-ria/src/main/js/org/forgerock/openam/ui/uma/views/resource/SharedWithMePage.js</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamuiopenamuiriasrcmainjsorgforg \
erockopenamuiumaviewsresourceStarredPagejs">branches/AME-7692_noRestartsAuth/openam/op \
enam-ui/openam-ui-ria/src/main/js/org/forgerock/openam/ui/uma/views/resource/StarredPage.js</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamuiopenamuiriasrcmainresources \
templatesadminviewsrealmsRealmTreeNavigationTemplatehtml">branches/AME-7692_noRestarts \
Auth/openam/openam-ui/openam-ui-ria/src/main/resources/templates/admin/views/realms/RealmTreeNavigationTemplate.html</a></li>
<li>branches/AME-7692_noRestartsAuth/openam/openam-ui/openam-ui-ria/src/main/resources/templates/admin/views/realms/partials/</li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamuiopenamuiriasrcmainresources \
templatesadminviewsrealmspartials_HeaderDeleteButtonhtml">branches/AME-7692_noRestarts \
Auth/openam/openam-ui/openam-ui-ria/src/main/resources/templates/admin/views/realms/partials/_HeaderDeleteButton.html</a></li>
<li>branches/AME-7692_noRestartsAuth/openam/openam-ui/openam-ui-ria/src/main/resources/templates/uma/views/request/</li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamuiopenamuiriasrcmainresources \
templatesumaviewsrequestEditRequestTemplatehtml">branches/AME-7692_noRestartsAuth/open \
am/openam-ui/openam-ui-ria/src/main/resources/templates/uma/views/request/EditRequestTemplate.html</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamuiopenamuiriasrcmainresources \
templatesumaviewsrequestListRequestTemplatehtml">branches/AME-7692_noRestartsAuth/open \
am/openam-ui/openam-ui-ria/src/main/resources/templates/uma/views/request/ListRequestTemplate.html</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamuiopenamuiriasrcmainresources \
templatesumaviewsresourceLabelTreeNavigationTemplatehtml">branches/AME-7692_noRestarts \
Auth/openam/openam-ui/openam-ui-ria/src/main/resources/templates/uma/views/resource/LabelTreeNavigationTemplate.html</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamuiopenamuiriasrcmainresources \
templatesumaviewsresourceMyLabelsPageTemplatehtml">branches/AME-7692_noRestartsAuth/op \
enam/openam-ui/openam-ui-ria/src/main/resources/templates/uma/views/resource/MyLabelsPageTemplate.html</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamuiopenamuiriasrcmainresources \
templatesumaviewsresourceMyResourcesPageTemplatehtml">branches/AME-7692_noRestartsAuth \
/openam/openam-ui/openam-ui-ria/src/main/resources/templates/uma/views/resource/MyResourcesPageTemplate.html</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamuiopenamuiriasrcmainresources \
templatesumaviewsresourceResourceTemplatehtml">branches/AME-7692_noRestartsAuth/openam \
/openam-ui/openam-ui-ria/src/main/resources/templates/uma/views/resource/ResourceTemplate.html</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamuiopenamuiriasrcmainresources \
templatesumaviewsresourceSharedWithMePageTemplatehtml">branches/AME-7692_noRestartsAut \
h/openam/openam-ui/openam-ui-ria/src/main/resources/templates/uma/views/resource/SharedWithMePageTemplate.html</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamuiopenamuiriasrcmainresources \
templatesumaviewsresourceStarredPageTemplatehtml">branches/AME-7692_noRestartsAuth/ope \
nam/openam-ui/openam-ui-ria/src/main/resources/templates/uma/views/resource/StarredPageTemplate.html</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamuiopenamuiriasrcmainresources \
templatesumaviewsresource_DeleteLabelButtonhtml">branches/AME-7692_noRestartsAuth/open \
am/openam-ui/openam-ui-ria/src/main/resources/templates/uma/views/resource/_DeleteLabelButton.html</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamuiopenamuiriasrcmainresources \
templatesumaviewsresource_NestedListhtml">branches/AME-7692_noRestartsAuth/openam/open \
am-ui/openam-ui-ria/src/main/resources/templates/uma/views/resource/_NestedList.html</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamuiopenamuiriasrcmainresources \
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamumasrcmainjavaorgforgerockopen \
amumaClaimGathererjava">branches/AME-7692_noRestartsAuth/openam/openam-uma/src/main/java/org/forgerock/openam/uma/ClaimGatherer.java</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamumasrcmainjavaorgforgerockope \
namumaIdTokenClaimGathererjava">branches/AME-7692_noRestartsAuth/openam/openam-uma/src/main/java/org/forgerock/openam/uma/IdTokenClaimGatherer.java</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamumasrctestjavaorgforgerockope \
namumaIdTokenClaimGathererTestjava">branches/AME-7692_noRestartsAuth/openam/openam-uma/src/test/java/org/forgerock/openam/uma/IdTokenClaimGathererTest.java</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamupgradesrcmainjavaorgforgeroc \
kopenamupgradestepsTwoStepVerificationSettingUpgradejava">branches/AME-7692_noRestarts \
Auth/openam/openam-upgrade/src/main/java/org/forgerock/openam/upgrade/steps/TwoStepVerificationSettingUpgrade.java</a></li>
</ul>
<h3>Removed Paths</h3>
<ul>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamauditopenamauditconfigurationp \
omxml">branches/AME-7692_noRestartsAuth/openam/openam-audit/openam-audit-configuration/pom.xml</a></li>
<li>branches/AME-7692_noRestartsAuth/openam/openam-audit/openam-audit-configuration/src/</li>
<li>branches/AME-7692_noRestartsAuth/openam/openam-audit/openam-audit-configuration/src/main/</li>
<li>branches/AME-7692_noRestartsAuth/openam/openam-audit/openam-audit-configuration/src/main/java/</li>
<li>branches/AME-7692_noRestartsAuth/openam/openam-audit/openam-audit-configuration/src/main/java/org/</li>
<li>branches/AME-7692_noRestartsAuth/openam/openam-audit/openam-audit-configuration/src/main/java/org/forgerock/</li>
<li>branches/AME-7692_noRestartsAuth/openam/openam-audit/openam-audit-configuration/src/main/java/org/forgerock/openam/</li>
<li>branches/AME-7692_noRestartsAuth/openam/openam-audit/openam-audit-configuration/src/main/java/org/forgerock/openam/audit/</li>
<li>branches/AME-7692_noRestartsAuth/openam/openam-audit/openam-audit-configuration/src/main/java/org/forgerock/openam/audit/configuration/</li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamauditopenamauditconfiguration \
srcmainjavaorgforgerockopenamauditconfigurationAuditConfigurationGuiceModulejava">bran \
ches/AME-7692_noRestartsAuth/openam/openam-audit/openam-audit-configuration/src/main/j \
ava/org/forgerock/openam/audit/configuration/AuditConfigurationGuiceModule.java</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamauditopenamauditconfiguration \
srcmainjavaorgforgerockopenamauditconfigurationAuditServiceConfiguratorImpljava">branc \
hes/AME-7692_noRestartsAuth/openam/openam-audit/openam-audit-configuration/src/main/ja \
va/org/forgerock/openam/audit/configuration/AuditServiceConfiguratorImpl.java</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamauditopenamauditconfiguration \
srcmainjavaorgforgerockopenamauditconfigurationAuditTopicChoiceValuesjava">branches/AM \
E-7692_noRestartsAuth/openam/openam-audit/openam-audit-configuration/src/main/java/org/forgerock/openam/audit/configuration/AuditTopicChoiceValues.java</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamauditopenamauditconfiguration \
srcmainjavaorgforgerockopenamauditconfigurationAuditTopicDefaultValuesjava">branches/A \
ME-7692_noRestartsAuth/openam/openam-audit/openam-audit-configuration/src/main/java/org/forgerock/openam/audit/configuration/AuditTopicDefaultValues.java</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamauditopenamauditconfiguration \
srcmainjavaorgforgerockopenamauditconfigurationpackageinfojava">branches/AME-7692_noRe \
startsAuth/openam/openam-audit/openam-audit-configuration/src/main/java/org/forgerock/openam/audit/configuration/package-info.java</a></li>
<li>branches/AME-7692_noRestartsAuth/openam/openam-audit/openam-audit-configuration/src/main/resources/</li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamauditopenamauditconfiguration \
srcmainresourcesauditproperties">branches/AME-7692_noRestartsAuth/openam/openam-audit/openam-audit-configuration/src/main/resources/audit.properties</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamauditopenamauditconfiguration \
srcmainresourcesauditxml">branches/AME-7692_noRestartsAuth/openam/openam-audit/openam-audit-configuration/src/main/resources/audit.xml</a></li>
<li>branches/AME-7692_noRestartsAuth/openam/openam-audit/openam-audit-configuration/src/test/</li>
<li>branches/AME-7692_noRestartsAuth/openam/openam-audit/openam-audit-configuration/src/test/java/</li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamauditopenamauditcoresrcmainja \
vaorgforgerockopenamauditconfigurationAMAuditServiceConfigurationjava">branches/AME-76 \
92_noRestartsAuth/openam/openam-audit/openam-audit-core/src/main/java/org/forgerock/openam/audit/configuration/AMAuditServiceConfiguration.java</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamauditopenamauditcoresrcmainja \
vaorgforgerockopenamauditconfigurationAuditServiceConfiguratorjava">branches/AME-7692_ \
noRestartsAuth/openam/openam-audit/openam-audit-core/src/main/java/org/forgerock/openam/audit/configuration/AuditServiceConfigurator.java</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamauditopenamauditcoresrcmainja \
vaorgforgerockopenamauditconfigurationpackageinfojava">branches/AME-7692_noRestartsAut \
h/openam/openam-audit/openam-audit-core/src/main/java/org/forgerock/openam/audit/configuration/package-info.java</a></li>
<li>branches/AME-7692_noRestartsAuth/openam/openam-core/src/test/java/com/sun/identity/log/service/</li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamcoresrctestjavacomsunidentity \
logserviceAgentLogParserTestjava">branches/AME-7692_noRestartsAuth/openam/openam-core/src/test/java/com/sun/identity/log/service/AgentLogParserTest.java</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamoauth2srcmainjavaorgforgerock \
openamoauth2resourceslabelsLabelTypejava">branches/AME-7692_noRestartsAuth/openam/open \
am-oauth2/src/main/java/org/forgerock/openam/oauth2/resources/labels/LabelType.java</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamoauth2srcmainjavaorgforgerock \
openamoauth2resourceslabelsLabelsConstantsjava">branches/AME-7692_noRestartsAuth/opena \
m/openam-oauth2/src/main/java/org/forgerock/openam/oauth2/resources/labels/LabelsConstants.java</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamoauth2srcmainjavaorgforgerock \
openamoauth2resourceslabelsLabelsDataLayerConfigurationjava">branches/AME-7692_noResta \
rtsAuth/openam/openam-oauth2/src/main/java/org/forgerock/openam/oauth2/resources/labels/LabelsDataLayerConfiguration.java</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamoauth2srcmainjavaorgforgerock \
openamoauth2resourceslabelsLabelsGuiceModulejava">branches/AME-7692_noRestartsAuth/ope \
nam/openam-oauth2/src/main/java/org/forgerock/openam/oauth2/resources/labels/LabelsGuiceModule.java</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamoauth2srcmainjavaorgforgerock \
openamoauth2resourceslabelsResourceSetLabeljava">branches/AME-7692_noRestartsAuth/open \
am/openam-oauth2/src/main/java/org/forgerock/openam/oauth2/resources/labels/ResourceSetLabel.java</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamoauth2srcmainjavaorgforgerock \
openamoauth2resourceslabelsUmaLabelsStorejava">branches/AME-7692_noRestartsAuth/openam \
/openam-oauth2/src/main/java/org/forgerock/openam/oauth2/resources/labels/UmaLabelsStore.java</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamoauth2commonoauth2restletsrcm \
ainjavaorgforgerockoauth2restletresourcesResourceSetRegistrationEndpointjava">branches \
/AME-7692_noRestartsAuth/openam/openam-oauth2-common/oauth2-restlet/src/main/java/org/forgerock/oauth2/restlet/resources/ResourceSetRegistrationEndpoint.java</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamoauth2commonoauth2restletsrct \
estjavaorgforgerockoauth2restletresourcesResourceSetRegistrationEndpointTestjava">bran \
ches/AME-7692_noRestartsAuth/openam/openam-oauth2-common/oauth2-restlet/src/test/java/ \
org/forgerock/oauth2/restlet/resources/ResourceSetRegistrationEndpointTest.java</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamsharedsrcmainjavaorgforgerock \
openamsharedsecuritycryptoKeyStoreBuilderjava">branches/AME-7692_noRestartsAuth/openam \
/openam-shared/src/main/java/org/forgerock/openam/shared/security/crypto/KeyStoreBuilder.java</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamsharedsrcmainjavaorgforgerock \
openamsharedsecuritycryptoKeyStoreTypejava">branches/AME-7692_noRestartsAuth/openam/op \
enam-shared/src/main/java/org/forgerock/openam/shared/security/crypto/KeyStoreType.java</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamsharedsrcmainjavaorgforgerock \
openamutilsRealmNormaliserjava">branches/AME-7692_noRestartsAuth/openam/openam-shared/src/main/java/org/forgerock/openam/utils/RealmNormaliser.java</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamuiopenamuiriasrcmainjsorgforg \
erockopenamuiadminviewsrealmsRealmViewjs">branches/AME-7692_noRestartsAuth/openam/open \
am-ui/openam-ui-ria/src/main/js/org/forgerock/openam/ui/admin/views/realms/RealmView.js</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamuiopenamuiriasrcmainjsorgforg \
erockopenamuiadminviewsrealmspoliciespoliciesconditionsConditionAttrTimeZoneViewjs">br \
anches/AME-7692_noRestartsAuth/openam/openam-ui/openam-ui-ria/src/main/js/org/forgeroc \
k/openam/ui/admin/views/realms/policies/policies/conditions/ConditionAttrTimeZoneView.js</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamuiopenamuiriasrcmainjsorgforg \
erockopenamuiumaviewsRequestsViewjs">branches/AME-7692_noRestartsAuth/openam/openam-ui \
/openam-ui-ria/src/main/js/org/forgerock/openam/ui/uma/views/RequestsView.js</a></li> \
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamuiopenamuiriasrcmainjsorgforge \
rockopenamuiumaviewsrequestEditRequestjs">branches/AME-7692_noRestartsAuth/openam/open \
am-ui/openam-ui-ria/src/main/js/org/forgerock/openam/ui/uma/views/request/EditRequest.js</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamuiopenamuiriasrcmainjsorgforg \
erockopenamuiumaviewsrequestListRequestjs">branches/AME-7692_noRestartsAuth/openam/ope \
nam-ui/openam-ui-ria/src/main/js/org/forgerock/openam/ui/uma/views/request/ListRequest.js</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamuiopenamuiriasrcmainjsorgforg \
erockopenamuiumaviewsresourceEditResourcejs">branches/AME-7692_noRestartsAuth/openam/o \
penam-ui/openam-ui-ria/src/main/js/org/forgerock/openam/ui/uma/views/resource/EditResource.js</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamuiopenamuiriasrcmainjsorgforg \
erockopenamuiumaviewsresourceListResourcejs">branches/AME-7692_noRestartsAuth/openam/o \
penam-ui/openam-ui-ria/src/main/js/org/forgerock/openam/ui/uma/views/resource/ListResource.js</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamuiopenamuiriasrcmainjsorgforg \
erockopenamuiumaviewsresourceMyResourcesTabjs">branches/AME-7692_noRestartsAuth/openam \
/openam-ui/openam-ui-ria/src/main/js/org/forgerock/openam/ui/uma/views/resource/MyResourcesTab.js</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamuiopenamuiriasrcmainjsorgforg \
erockopenamuiumaviewsresourceSharedResourcesTabjs">branches/AME-7692_noRestartsAuth/op \
enam/openam-ui/openam-ui-ria/src/main/js/org/forgerock/openam/ui/uma/views/resource/SharedResourcesTab.js</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamuiopenamuiriasrcmainresources \
templatesadminviewsrealmsRealmTemplatehtml">branches/AME-7692_noRestartsAuth/openam/op \
enam-ui/openam-ui-ria/src/main/resources/templates/admin/views/realms/RealmTemplate.html</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamuiopenamuiriasrcmainresources \
templatesadminviewsrealmspartials_HeaderDeleteButtonhtml">branches/AME-7692_noRestarts \
Auth/openam/openam-ui/openam-ui-ria/src/main/resources/templates/admin/views/realms/partials/_HeaderDeleteButton.html</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamuiopenamuiriasrcmainresources \
templatesadminviewsrealmspoliciespoliciesconditionsConditionAttrTimeZonehtml">branches \
/AME-7692_noRestartsAuth/openam/openam-ui/openam-ui-ria/src/main/resources/templates/a \
dmin/views/realms/policies/policies/conditions/ConditionAttrTimeZone.html</a></li> \
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamuiopenamuiriasrcmainresourcest \
emplatesumaviewsRequestsTemplatehtml">branches/AME-7692_noRestartsAuth/openam/openam-u \
i/openam-ui-ria/src/main/resources/templates/uma/views/RequestsTemplate.html</a></li> \
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamuiopenamuiriasrcmainresourcest \
emplatesumaviewsrequestEditRequestTemplatehtml">branches/AME-7692_noRestartsAuth/opena \
m/openam-ui/openam-ui-ria/src/main/resources/templates/uma/views/request/EditRequestTemplate.html</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamuiopenamuiriasrcmainresources \
templatesumaviewsrequestListRequestTemplatehtml">branches/AME-7692_noRestartsAuth/open \
am/openam-ui/openam-ui-ria/src/main/resources/templates/uma/views/request/ListRequestTemplate.html</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamuiopenamuiriasrcmainresources \
templatesumaviewsresourceEditResourcehtml">branches/AME-7692_noRestartsAuth/openam/ope \
nam-ui/openam-ui-ria/src/main/resources/templates/uma/views/resource/EditResource.html</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamuiopenamuiriasrcmainresources \
templatesumaviewsresourceListResourcehtml">branches/AME-7692_noRestartsAuth/openam/ope \
nam-ui/openam-ui-ria/src/main/resources/templates/uma/views/resource/ListResource.html</a></li>
</ul>
<h3>Property Changed</h3>
<ul>
<li><a href="#branchesAME7692_noRestartsAuthopenam">branches/AME-7692_noRestartsAuth/openam/</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamauthenticationopenamauthhotp" \
>branches/AME-7692_noRestartsAuth/openam/openam-authentication/openam-auth-hotp/</a></li>
>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamauthenticationopenamauthwindow \
sdesktopsso">branches/AME-7692_noRestartsAuth/openam/openam-authentication/openam-auth-windowsdesktopsso/</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamoauth2">branches/AME-7692_noRestartsAuth/openam/openam-oauth2/</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamoauth2commonoauth2core">branches/AME-7692_noRestartsAuth/openam/openam-oauth2-common/oauth2-core/</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamoauth2commonopenidconnectcore \
">branches/AME-7692_noRestartsAuth/openam/openam-oauth2-common/openid-connect-core/</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamrestsrcmainjavaorgforgerockop \
enamforgerockrestIdentityResourceV1java">branches/AME-7692_noRestartsAuth/openam/opena \
m-rest/src/main/java/org/forgerock/openam/forgerockrest/IdentityResourceV1.java</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamsts">branches/AME-7692_noRestartsAuth/openam/openam-sts/</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamuiopenamuipolicy">branches/AME-7692_noRestartsAuth/openam/openam-ui/openam-ui-policy/</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamuiopenamuiria">branches/AME-7692_noRestartsAuth/openam/openam-ui/openam-ui-ria/</a></li>
<li><a href="#branchesAME7692_noRestartsAuthopenamopenamuiopenamuiscripts">branches/AME-7692_noRestartsAuth/openam/openam-ui/openam-ui-scripts/</a></li>
</ul>
</div>
<div id="patch">
<h3>Diff</h3>
<a id="branchesAME7692_noRestartsAuthopenam"></a>
<div class="propset"><h4>Property changes: \
branches/AME-7692_noRestartsAuth/openam</h4> <pre class="diff"><span>
</span></pre></div>
<a id="svnmergeinfo"></a>
<div class="modfile"><h4>Modified: svn:mergeinfo</h4></div>
<span class="cx">/branches/AME-2629/openam:7585-7632
</span><span class="cx">/branches/AME-2766-policy-entitlements-REST-APIs/openam:8455-8476
</span><span class="cx">/branches/AME-3087-entitlements-CREST-management/openam:8481-8664
</span><span class="cx">/branches/AME-3087_query_and_patch/openam:8667-8681
</span><span class="cx">/branches/AME-3405-session-read-from-cts/openam:8749-8823
</span><span class="cx">/branches/AME-3423/openam:10105-10414
</span><span class="cx">/branches/AME-3612-pcunnington/openam:9534-9723
</span><span class="cx">/branches/AME-3719/openam:9517-9879
</span><span class="cx">/branches/AME-3726-script-sandboxing/openam:9663-9819
</span><span class="cx">/branches/AME-4378/openam:10443-10621
</span><span class="cx">/branches/AME-4460_AME-4459/openam:10437-10535
</span><span class="cx">/branches/AME-4547/openam:10585-10783
</span><span class="cx">/branches/AME-4569-XACML-Response-Provider-Support/openam:10624-10817
</span><span class="cx">/branches/AME-4595/openam:10581-10789
</span><span class="cx">/branches/AME-4609/openam:10678-10949
</span><span class="cx">/branches/AME-4616/openam:10652-10817
</span><span class="cx">/branches/AME-4638/openam:10869-11050
</span><span class="cx">/branches/AME-5023/openam:11070-11123
</span><span class="cx">/branches/AME-5326_refactor_and_test_oath_module/openam:13066-13428
</span><span class="cx">/branches/AME-5568-stateless-sessions/openam:12629-13078
</span><span class="cx">/branches/AME-6128_and_AME-6129_JSONify_attributes_for_OATH/openam:13797-13866
</span><span class="cx">/branches/AME-6128_and_AME-6129_new_user_attributes_for_OATH/openam:13602-13794
</span><span class="cx">/branches/AME-6130/openam:13565-13665
</span><span class="cx">/branches/AME-6369/openam:13289-13686
</span><span class="cx">/branches/AME-6627_Remove-LDAP-SDK/openam:13713-14249
</span><span class="cx">/branches/AME-6632_oath_registration/openam:13911-13999
</span><span class="cx">/branches/AME-6796/openam:13716-13732
</span><span class="cx">/branches/AME-7286/openam:14363-14465
</span><span class="cx">/branches/AME-7509/openam:14559-14630
</span><span class="cx">/branches/AME-7515/openam:14510-14556
</span><span class="cx">/branches/CTS-Async/openam:8847-9739
</span><span class="cx">/branches/OPENAM-2961-forgot-password-404/openam:8322-8362
</span><span class="cx">/branches/OPENAM-3097-sessions-not-deleted/openam:6910-6946
</span><span class="cx">/branches/OPENAM-3130-session-quota/openam:6958-6972
</span><span class="cx">/branches/OPENAM-3283-CTS-thread-exceptions/openam:7270-7369
</span><span class="cx">/branches/OPENAM-3425-class-cast-exception/openam:8333-8359
</span><span class="cx">/branches/OPENAM-3782-forgotten-password-changes/openam:8747-8835
</span><span class="cx">/branches/OPENAM-4028-connection-pool/openam:9750-10171
</span><span class="cx">/branches/OPENAM-4384-ssoadm-classpath/openam:10263-10264
</span><span class="cx">/branches/OPENAM-4394/openam:11059-11099
</span><span class="cx">/branches/OPENAM-4775-REST-endpoint-malformed-3/openam:11322-11331
</span><span class="cx">/branches/OPENAM-5019_entitlement_condition_validation/openam:11455-11491
</span><span class="cx">/branches/OPENAM-5269/openam:11838-11851
</span><span class="cx">/branches/OPENAM-5970_trim_unused_qrcode_references/openam:13756-13770
</span><span class="cx">/branches/OPENAM-OPENAM-3528-client-side-session-validation/openam:7834-7844
</span><span class="cx">/branches/ame4272/openam:10073-10101
</span><span class="cx">/branches/andy-ame-2227-v2/openam:7508-7697
</span><span class="cx">/branches/andy-ame1316-connectionfactory/openam:5311-5328
</span><span class="cx">/branches/andy-cts-connection-pool/openam:7098-7175
</span><span class="cx">/branches/andy-openam-2654/openam:6872-6911
</span><span class="cx">/branches/andy-openam-2880/openam:6451-6503
</span><span class="cx">/branches/andy-openam-2907/openam:6531-6534
</span><span class="cx">/branches/andy-openam-3006/openam:6709-6749
</span><span class="cx">/branches/andy-openam-3063/openam:6927-6948
</span><span class="cx">/branches/andy-openam-3193/openam:7124-7128
</span><span class="cx">/branches/andy-openam-3248/openam:7171-7715
</span><span class="cx">/branches/andy-openam2743/openam:6372-6439
</span><span class="cx">/branches/andy-openam2744/openam:6347-6367
</span><span class="cx">/branches/andyAme2972/openam:8270-8318
</span><span class="cx">/branches/andyAme3102/openam:8312-8413
</span><span class="cx">/branches/andyAme3196/openam:8853-9084
</span><span class="cx">/branches/andyAme5550/openam:13493-13515
</span><span class="cx">/branches/andyOpenam1708/openam:5576-5592
</span><span class="cx">/branches/andyOpenam2140/openam:7819-7862
</span><span class="cx">/branches/andyOpenam2373/openam:5600-5706
</span><span class="cx">/branches/andyOpenam2525/openam:5601-5733
</span><span class="cx">/branches/andyOpenam3509/openam:7881-7963
</span><span class="cx">/branches/andyOpenam3638/openam:8094-8172
</span><span class="cx">/branches/andyOpenam3969/openam:10453-10977
</span><span class="cx">/branches/andyPolicyCrest/openam:8295-8813
</span><span class="cx">/branches/apforrest-ame1316/openam:4881-5305
</span><span class="cx">/branches/apforrest_ame805_indextree/openam:4567-4852
</span><span class="cx">/branches/auditHistory/openam:12633-12709
</span><span class="cx">/branches/cert_chain_bug:11102-11125
</span><span class="cx">/branches/contextualAuthz/openam:12734-12787
</span><span class="cx">/branches/curieResourceTypes/openam:12286-12669
</span><span class="cx">/branches/dirk_oauth_perf:5904
</span><span class="cx">/branches/dirk_sts:5297,5314,5317-5318,5320-5321
</span><span class="cx">/branches/initial_uma/openam:12067-12470
</span><span class="cx">/branches/oidc_authn:8507,8540,8557-8559,8565-8566
</span><span class="cx">/branches/openam-3049-cts-reaper-connection-usage/openam:6658-6745
</span><span class="cx">/branches/openam-3053-cts-tab-exception/openam:6672-6721
</span><span class="cx">/branches/openam-3072-cts-configuration/openam:6691-6714
</span><span class="cx">/branches/openam-3092-store-mode-error/openam:6729-6733
</span><span class="cx">/branches/openam-3110-create-or-update-bug/openam:6767-6804
</span><span class="cx">/branches/openam2742-andy/openam:6266-6323
</span><span class="cx">/branches/openam_10.1.0_xacml3_JAS/openam:4039-4140
</span><span class="cx">/branches/openam_10.2.0_xacml3_JAS/openam:4141-4379
</span><span class="cx">/branches/pcunnington-AME-3115-refactor/openam:8348-8473
</span><span class="cx">/branches/pcunnington-AME-3158/openam:8476-8577
</span><span class="cx">/branches/pcunnington-AME-350/openam:4165-4344
</span><span class="cx">/branches/pcunnington-ame-344/openam:4651-5199
</span><span class="cx">/branches/pcunnington-oauth2/openam:8710-8793
</span><span class="cx">/branches/phcunnington-AME-3114/openam:8314-8341
</span><span class="cx">/branches/policyimprovements/openam:5513-5515
</span><span class="cx">/branches/referralsWithoutApplications/openam:11071-11119
</span><span class="cx">/branches/rest_sts_publish:8167,8180,8214,8227,8245,8260
</span><span class="cx">/branches/rest_sts_view_bean:9690-9965
</span><span class="cx">/branches/rwapshott-AME-1739/openam:5331-5353
</span><span class="cx">/branches/rwapshott-AME-215/openam:4091-4155
</span><span class="cx">/branches/rwapshott-AME-257/openam:4047-4126
</span><span class="cx">/branches/rwapshott-AME-804/openam:4267-5404
</span><span class="cx">/branches/rwapshott-ame-2027-cts-oids-should-follow-fr-oid-scheme/openam:5609-5614
</span><span class="cx">/branches/rwapshott-ame-2160-session-size/openam:6086-6319
</span><span class="cx">/branches/rwapshott-ame-2311-index-names/openam:6058-6069
</span><span class="cx">/branches/rwapshott-ame-258-cts-replication/openam:5548-6055
</span><span class="cx">/branches/rwapshott-openam-2198-session-resource-protection/openam:5628-5824
</span><span class="cx">/branches/rwapshott-openam-2526/openam:5442-5484
</span><span class="cx">/branches/rwapshott-openam-2716-cts-invalid-chars/openam:6170-6194
</span><span class="cx">/branches/rwapshott-openam-2729-saml2-error/openam:6247-6257
</span><span class="cx">/branches/soap_sts_admin_ui:14254-14454
</span><span class="cx">/branches/soap_sts_auth:12414,12467-12578
</span><span class="cx">/branches/soap_sts_config:12590-12719,12744
</span><span class="cx">/branches/soap_sts_policy:12762-13106,13172-13354
</span><span class="cx">/branches/soap_sts_tgs:9585-9618
</span><span class="cx">/branches/soap_sts_x509:13550-13640,13667,13693
</span><span class="cx">/branches/stateless_logout/openam:12511-13298
</span><span class="cx">/branches/sts_client_sdk:11175-11185
</span><span class="cx">/branches/sts_custom_ops:14051-14331
</span><span class="cx">/branches/sts_disable_am_token:11204,11229-11233
</span><span class="cx">/branches/sts_filtering:10605-10717,10719-10900,10924,10927,10929-10931,10955,10963-10964,10986,10989,10993,10996,11001-11002,11028-11029
</span><span class="cx">/branches/sts_oidc_saml:8310,8352,8355,8368,8378-8379,8387-8388,8403,8410,8416
</span><span class="cx">/branches/sts_oidc_saml_redux:8417-8422,8424,8440,8445-8446,8460,8490,8498
</span><span class="cx">/branches/sts_restart_persistence:9003-9005,9009-9414
</span><span class="cx">/branches/sts_saml2_encrypt:10424-10472,10474-10550
</span><span class="cx">/branches/sts_sans_cxf:13383-13518,13532-13542
</span><span class="cx">/branches/sts_service_listeners:9968-10031,10047-10048,10053
</span><span class="cx">/branches/sts_soap:11665-12039,12056-12242,12273-12321
</span><span class="cx">/branches/sts_tgs_oidc:13712-14040
</span><span class="cx">/branches/sts_token_gen_service:8706,8717-8720,8723-8725,8727-8728,8731,8737,8740-8742,8759-8760,8774-8776,8796-8797,8800-8801,8818-8819,8821
</span><span class="cx">/branches/sts_token_gen_service2:8844-8887,8894-9000
</span><span class="cx">/branches/sts_x509:10206-10398
</span><span class="cx">/branches/twoStepVerification/openam:13994-14047
</span><span class="cx">/branches/xui-restructure/openam:14260-14306
</span><span class="cx">/fr-branches/11.0.x/openam:12232,12915,13700
</span><span class="cx">/fr-branches/12.0.x/openam:12351,12627,12922,13050,13455,13701
</span><span class="cx"> + /branches/AME-2526-SFO-between-sites/openam:7510-8258
</span><span class="cx">/branches/AME-2629/openam:7585-7632
</span><span class="cx">/branches/AME-2766-policy-entitlements-REST-APIs/openam:8455-8476
</span><span class="cx">/branches/AME-3087-entitlements-CREST-management/openam:8481-8664
</span><span class="cx">/branches/AME-3087_query_and_patch/openam:8667-8681
</span><span class="cx">/branches/AME-3405-session-read-from-cts/openam:8749-8823
</span><span class="cx">/branches/AME-3423/openam:10105-10414
</span><span class="cx">/branches/AME-3612-pcunnington/openam:9534-9723
</span><span class="cx">/branches/AME-3719/openam:9517-9879
</span><span class="cx">/branches/AME-3726-script-sandboxing/openam:9663-9819
</span><span class="cx">/branches/AME-4378/openam:10443-10621
</span><span class="cx">/branches/AME-4460_AME-4459/openam:10437-10535
</span><span class="cx">/branches/AME-4547/openam:10585-10783
</span><span class="cx">/branches/AME-4569-XACML-Response-Provider-Support/openam:10624-10817
</span><span class="cx">/branches/AME-4595/openam:10581-10789
</span><span class="cx">/branches/AME-4609/openam:10678-10949
</span><span class="cx">/branches/AME-4616/openam:10652-10817
</span><span class="cx">/branches/AME-4638/openam:10869-11050
</span><span class="cx">/branches/AME-5023/openam:11070-11123
</span><span class="cx">/branches/AME-5326_refactor_and_test_oath_module/openam:13066-13428
</span><span class="cx">/branches/AME-5568-stateless-sessions/openam:12629-13078
</span><span class="cx">/branches/AME-6128_and_AME-6129_JSONify_attributes_for_OATH/openam:13797-13866
</span><span class="cx">/branches/AME-6128_and_AME-6129_new_user_attributes_for_OATH/openam:13602-13794
</span><span class="cx">/branches/AME-6130/openam:13565-13665
</span><span class="cx">/branches/AME-6369/openam:13289-13686
</span><span class="cx">/branches/AME-6627_Remove-LDAP-SDK/openam:13713-14249
</span><span class="cx">/branches/AME-6632_oath_registration/openam:13911-13999
</span><span class="cx">/branches/AME-6796/openam:13716-13732
</span><span class="cx">/branches/AME-7286/openam:14363-14465
</span><span class="cx">/branches/AME-7509/openam:14559-14630
</span><span class="cx">/branches/AME-7515/openam:14510-14556
</span><span class="cx">/branches/AME-7754_UMA_labels/openam:14781-14882
</span><span class="cx">/branches/CTS-Async/openam:8847-9739
</span><span class="cx">/branches/OPENAM-2961-forgot-password-404/openam:8322-8362
</span><span class="cx">/branches/OPENAM-3097-sessions-not-deleted/openam:6910-6946
</span><span class="cx">/branches/OPENAM-3130-session-quota/openam:6958-6972
</span><span class="cx">/branches/OPENAM-3283-CTS-thread-exceptions/openam:7270-7369
</span><span class="cx">/branches/OPENAM-3425-class-cast-exception/openam:8333-8359
</span><span class="cx">/branches/OPENAM-3782-forgotten-password-changes/openam:8747-8835
</span><span class="cx">/branches/OPENAM-4028-connection-pool/openam:9750-10171
</span><span class="cx">/branches/OPENAM-4384-ssoadm-classpath/openam:10263-10264
</span><span class="cx">/branches/OPENAM-4394/openam:11059-11099
</span><span class="cx">/branches/OPENAM-4775-REST-endpoint-malformed-3/openam:11322-11331
</span><span class="cx">/branches/OPENAM-5019_entitlement_condition_validation/openam:11455-11491
</span><span class="cx">/branches/OPENAM-5269/openam:11838-11851
</span><span class="cx">/branches/OPENAM-5970_trim_unused_qrcode_references/openam:13756-13770
</span><span class="cx">/branches/OPENAM-6272-OPENAM-1462-OATH-RFEs/openam:14653-14742
</span><span class="cx">/branches/OPENAM-6326-ssoadm-classpath/openam:14839-14844
</span><span class="cx">/branches/OPENAM-OPENAM-3528-client-side-session-validation/openam:7834-7844
</span><span class="cx">/branches/ame4272/openam:10073-10101
</span><span class="cx">/branches/andy-ame-2227-v2/openam:7508-7697
</span><span class="cx">/branches/andy-ame1316-connectionfactory/openam:5311-5328
</span><span class="cx">/branches/andy-cts-connection-pool/openam:7098-7175
</span><span class="cx">/branches/andy-openam-2654/openam:6872-6911
</span><span class="cx">/branches/andy-openam-2880/openam:6451-6503
</span><span class="cx">/branches/andy-openam-2907/openam:6531-6534
</span><span class="cx">/branches/andy-openam-3006/openam:6709-6749
</span><span class="cx">/branches/andy-openam-3063/openam:6927-6948
</span><span class="cx">/branches/andy-openam-3193/openam:7124-7128
</span><span class="cx">/branches/andy-openam-3248/openam:7171-7715
</span><span class="cx">/branches/andy-openam2743/openam:6372-6439
</span><span class="cx">/branches/andy-openam2744/openam:6347-6367
</span><span class="cx">/branches/andyAme2972/openam:8270-8318
</span><span class="cx">/branches/andyAme3102/openam:8312-8413
</span><span class="cx">/branches/andyAme3196/openam:8853-9084
</span><span class="cx">/branches/andyAme5550/openam:13493-13515
</span><span class="cx">/branches/andyOpenam1708/openam:5576-5592
</span><span class="cx">/branches/andyOpenam2140/openam:7819-7862
</span><span class="cx">/branches/andyOpenam2373/openam:5600-5706
</span><span class="cx">/branches/andyOpenam2525/openam:5601-5733
</span><span class="cx">/branches/andyOpenam3509/openam:7881-7963
</span><span class="cx">/branches/andyOpenam3638/openam:8094-8172
</span><span class="cx">/branches/andyOpenam3969/openam:10453-10977
</span><span class="cx">/branches/andyPolicyCrest/openam:8295-8813
</span><span class="cx">/branches/apforrest-ame1316/openam:4881-5305
</span><span class="cx">/branches/apforrest_ame805_indextree/openam:4567-4852
</span><span class="cx">/branches/auditHistory/openam:12633-12709
</span><span class="cx">/branches/cert_chain_bug:11102-11125
</span><span class="cx">/branches/contextualAuthz/openam:12734-12787
</span><span class="cx">/branches/curieResourceTypes/openam:12286-12669
</span><span class="cx">/branches/dirk_oauth_perf:5904
</span><span class="cx">/branches/dirk_sts:5297,5314,5317-5318,5320-5321
</span><span class="cx">/branches/initial_uma/openam:12067-12470
</span><span class="cx">/branches/oidc_authn:8507,8540,8557-8559,8565-8566
</span><span class="cx">/branches/openam-3049-cts-reaper-connection-usage/openam:6658-6745
</span><span class="cx">/branches/openam-3053-cts-tab-exception/openam:6672-6721
</span><span class="cx">/branches/openam-3072-cts-configuration/openam:6691-6714
</span><span class="cx">/branches/openam-3092-store-mode-error/openam:6729-6733
</span><span class="cx">/branches/openam-3110-create-or-update-bug/openam:6767-6804
</span><span class="cx">/branches/openam2742-andy/openam:6266-6323
</span><span class="cx">/branches/openam_10.1.0_xacml3_JAS/openam:4039-4140
</span><span class="cx">/branches/openam_10.2.0_xacml3_JAS/openam:4141-4379
</span><span class="cx">/branches/pcunnington-AME-3115-refactor/openam:8348-8473
</span><span class="cx">/branches/pcunnington-AME-3158/openam:8476-8577
</span><span class="cx">/branches/pcunnington-AME-350/openam:4165-4344
</span><span class="cx">/branches/pcunnington-ame-344/openam:4651-5199
</span><span class="cx">/branches/pcunnington-oauth2/openam:8710-8793
</span><span class="cx">/branches/phcunnington-AME-3114/openam:8314-8341
</span><span class="cx">/branches/policyimprovements/openam:5513-5515
</span><span class="cx">/branches/referralsWithoutApplications/openam:11071-11119
</span><span class="cx">/branches/rest_sts_publish:8167,8180,8214,8227,8245,8260
</span><span class="cx">/branches/rest_sts_view_bean:9690-9965
</span><span class="cx">/branches/rwapshott-AME-1739/openam:5331-5353
</span><span class="cx">/branches/rwapshott-AME-215/openam:4091-4155
</span><span class="cx">/branches/rwapshott-AME-257/openam:4047-4126
</span><span class="cx">/branches/rwapshott-AME-804/openam:4267-5404
</span><span class="cx">/branches/rwapshott-ame-2027-cts-oids-should-follow-fr-oid-scheme/openam:5609-5614
</span><span class="cx">/branches/rwapshott-ame-2160-session-size/openam:6086-6319
</span><span class="cx">/branches/rwapshott-ame-2311-index-names/openam:6058-6069
</span><span class="cx">/branches/rwapshott-ame-258-cts-replication/openam:5548-6055
</span><span class="cx">/branches/rwapshott-openam-2198-session-resource-protection/openam:5628-5824
</span><span class="cx">/branches/rwapshott-openam-2526/openam:5442-5484
</span><span class="cx">/branches/rwapshott-openam-2716-cts-invalid-chars/openam:6170-6194
</span><span class="cx">/branches/rwapshott-openam-2729-saml2-error/openam:6247-6257
</span><span class="cx">/branches/soap_sts_admin_ui:14254-14454
</span><span class="cx">/branches/soap_sts_auth:12414,12467-12578
</span><span class="cx">/branches/soap_sts_config:12590-12719,12744
</span><span class="cx">/branches/soap_sts_policy:12762-13106,13172-13354
</span><span class="cx">/branches/soap_sts_tgs:9585-9618
</span><span class="cx">/branches/soap_sts_x509:13550-13640,13667,13693
</span><span class="cx">/branches/stateless_logout/openam:12511-13298
</span><span class="cx">/branches/sts_client_sdk:11175-11185
</span><span class="cx">/branches/sts_custom_ops:14051-14331
</span><span class="cx">/branches/sts_disable_am_token:11204,11229-11233
</span><span class="cx">/branches/sts_filtering:10605-10717,10719-10900,10924,10927,10929-10931,10955,10963-10964,10986,10989,10993,10996,11001-11002,11028-11029
</span><span class="cx">/branches/sts_oidc_saml:8310,8352,8355,8368,8378-8379,8387-8388,8403,8410,8416
</span><span class="cx">/branches/sts_oidc_saml_redux:8417-8422,8424,8440,8445-8446,8460,8490,8498
</span><span class="cx">/branches/sts_restart_persistence:9003-9005,9009-9414
</span><span class="cx">/branches/sts_saml2_encrypt:10424-10472,10474-10550
</span><span class="cx">/branches/sts_sans_cxf:13383-13518,13532-13542
</span><span class="cx">/branches/sts_service_listeners:9968-10031,10047-10048,10053
</span><span class="cx">/branches/sts_soap:11665-12039,12056-12242,12273-12321
</span><span class="cx">/branches/sts_tgs_oidc:13712-14040
</span><span class="cx">/branches/sts_token_gen_service:8706,8717-8720,8723-8725,8727-8728,8731,8737,8740-8742,8759-8760,8774-8776,8796-8797,8800-8801,8818-8819,8821
</span><span class="cx">/branches/sts_token_gen_service2:8844-8887,8894-9000
</span><span class="cx">/branches/sts_x509:10206-10398
</span><span class="cx">/branches/twoStepVerification/openam:13994-14047
</span><span class="cx">/branches/xui-restructure/openam:14260-14306
</span><span class="cx">/fr-branches/11.0.x/openam:12232,12915,13700
</span><span class="cx">/fr-branches/12.0.x/openam:12351,12627,12922,13050,13455,13701
</span><span class="cx">/trunk/openam:14738-14908
</span><a id="branchesAME7692_noRestartsAuthopenamopenamauditopenamauditconfigurationpomxml"></a>
<div class="delfile"><h4>Deleted: \
branches/AME-7692_noRestartsAuth/openam/openam-audit/openam-audit-configuration/pom.xml \
(14908 => 14909)</h4> <pre class="diff"><span>
<span class="info">--- \
trunk/openam/openam-audit/openam-audit-configuration/pom.xml 2015-07-31 14:42:37 UTC \
(rev 14908)
+++ branches/AME-7692_noRestartsAuth/openam/openam-audit/openam-audit-configuration/pom.xml 2015-07-31 \
15:38:51 UTC (rev 14909) </span><span class="lines">@@ -1,43 +0,0 @@
</span><del>-<?xml version="1.0" encoding="UTF-8"?>
-<!--
- ~ The contents of this file are subject to the terms of the Common Development and
- ~ Distribution License (the License). You may not use this file except in \
compliance with the
- ~ License.
- ~
- ~ You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for \
the
- ~ specific language governing permission and limitations under the License.
- ~
- ~ When distributing Covered Software, include this CDDL Header Notice in each file \
and include
- ~ the License file at legal/CDDLv1.0.txt. If applicable, add the following below \
the CDDL
- ~ Header, with the fields enclosed by brackets [] replaced by your own identifying
- ~ information: "Portions copyright [year] [name of copyright owner]".
- ~
- ~ Copyright 2014-2015 ForgeRock AS.
--->
-<project xmlns="http://maven.apache.org/POM/4.0.0"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 \
http://maven.apache.org/xsd/maven-4.0.0.xsd">
- <parent>
- <artifactId>openam-audit</artifactId>
- <groupId>org.forgerock.openam</groupId>
- <version>13.0.0-SNAPSHOT</version>
- </parent>
- <modelVersion>4.0.0</modelVersion>
-
- <name>OpenAM Audit Configuration</name>
- <artifactId>openam-audit-configuration</artifactId>
- <packaging>jar</packaging>
-
- <dependencies>
- <dependency>
- <groupId>org.forgerock.openam</groupId>
- <artifactId>openam-audit-core</artifactId>
- </dependency>
- <dependency>
- <groupId>org.forgerock.openam</groupId>
- <artifactId>openam-core</artifactId>
- </dependency>
- </dependencies>
-
-
-</project>
</del><span class="cx">\ No newline at end of file
</span></span></pre></div>
<a id="branchesAME7692_noRestartsAuthopenamopenamauditopenamauditconfigurationpomxmlfromrev14908trunkopenamopenamauditopenamauditconfigurationpomxml"></a>
<div class="copfile"><h4>Copied: \
branches/AME-7692_noRestartsAuth/openam/openam-audit/openam-audit-configuration/pom.xml \
(from rev 14908, trunk/openam/openam-audit/openam-audit-configuration/pom.xml) (0 => \
14909)</h4> <pre class="diff"><span>
<span class="info">--- \
branches/AME-7692_noRestartsAuth/openam/openam-audit/openam-audit-configuration/pom.xml \
(rev 0)
+++ branches/AME-7692_noRestartsAuth/openam/openam-audit/openam-audit-configuration/pom.xml 2015-07-31 \
15:38:51 UTC (rev 14909) </span><span class="lines">@@ -0,0 +1,43 @@
</span><ins>+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ ~ The contents of this file are subject to the terms of the Common Development and
+ ~ Distribution License (the License). You may not use this file except in \
compliance with the + ~ License.
+ ~
+ ~ You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for \
the + ~ specific language governing permission and limitations under the License.
+ ~
+ ~ When distributing Covered Software, include this CDDL Header Notice in each file \
and include + ~ the License file at legal/CDDLv1.0.txt. If applicable, add the \
following below the CDDL + ~ Header, with the fields enclosed by brackets [] \
replaced by your own identifying + ~ information: "Portions copyright [year] \
[name of copyright owner]". + ~
+ ~ Copyright 2014-2015 ForgeRock AS.
+-->
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 \
http://maven.apache.org/xsd/maven-4.0.0.xsd"> + <parent>
+ <artifactId>openam-audit</artifactId>
+ <groupId>org.forgerock.openam</groupId>
+ <version>13.0.0-SNAPSHOT</version>
+ </parent>
+ <modelVersion>4.0.0</modelVersion>
+
+ <name>OpenAM Audit Configuration</name>
+ <artifactId>openam-audit-configuration</artifactId>
+ <packaging>jar</packaging>
+
+ <dependencies>
+ <dependency>
+ <groupId>org.forgerock.openam</groupId>
+ <artifactId>openam-audit-core</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>org.forgerock.openam</groupId>
+ <artifactId>openam-core</artifactId>
+ </dependency>
+ </dependencies>
+
+
+</project>
</ins><span class="cx">\ No newline at end of file
</span></span></pre></div>
<a id="branchesAME7692_noRestartsAuthopenamopenamauditopenamauditconfigurationsrcmainjavaorgforgerockopenamauditconfigurationAuditConfigurationGuiceModulejava"></a>
<div class="delfile"><h4>Deleted: \
branches/AME-7692_noRestartsAuth/openam/openam-audit/openam-audit-configuration/src/ma \
in/java/org/forgerock/openam/audit/configuration/AuditConfigurationGuiceModule.java \
(14908 => 14909)</h4> <pre class="diff"><span>
<span class="info">--- \
trunk/openam/openam-audit/openam-audit-configuration/src/main/java/org/forgerock/openam/audit/configuration/AuditConfigurationGuiceModule.java 2015-07-31 \
14:42:37 UTC (rev 14908)
+++ branches/AME-7692_noRestartsAuth/openam/openam-audit/openam-audit-configuration/sr \
c/main/java/org/forgerock/openam/audit/configuration/AuditConfigurationGuiceModule.java 2015-07-31 \
15:38:51 UTC (rev 14909) </span><span class="lines">@@ -1,32 +0,0 @@
</span><del>-/*
- * The contents of this file are subject to the terms of the Common Development and
- * Distribution License (the License). You may not use this file except in \
compliance with the
- * License.
- *
- * You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for \
the
- * specific language governing permission and limitations under the License.
- *
- * When distributing Covered Software, include this CDDL Header Notice in each file \
and include
- * the License file at legal/CDDLv1.0.txt. If applicable, add the following below \
the CDDL
- * Header, with the fields enclosed by brackets [] replaced by your own identifying
- * information: "Portions copyright [year] [name of copyright owner]".
- *
- * Copyright 2015 ForgeRock AS.
- */
-package org.forgerock.openam.audit.configuration;
-
-import com.google.inject.AbstractModule;
-import org.forgerock.guice.core.GuiceModule;
-
-/**
- * Guice Module for configuring bindings for the OpenAM Audit Configuration classes.
- */
-@GuiceModule
-public class AuditConfigurationGuiceModule extends AbstractModule {
-
- @Override
- protected void configure() {
- bind(AuditServiceConfigurator.class).to(AuditServiceConfiguratorImpl.class);
- }
-
-}
</del></span></pre></div>
<a id="branchesAME7692_noRestartsAuthopenamopenamauditopenamauditconfigurationsrcmainj \
avaorgforgerockopenamauditconfigurationAuditConfigurationGuiceModulejavafromrev14908tr \
unkopenamopenamauditopenamauditconfigurationsrcmainjavaorgforgerockopenamauditconfigurationAuditConfigurationGuiceModulejava"></a>
<div class="copfile"><h4>Copied: \
branches/AME-7692_noRestartsAuth/openam/openam-audit/openam-audit-configuration/src/ma \
in/java/org/forgerock/openam/audit/configuration/AuditConfigurationGuiceModule.java \
(from rev 14908, trunk/openam/openam-audit/openam-audit-configuration/src/main/java/org/forgerock/openam/audit/configuration/AuditConfigurationGuiceModule.java) \
(0 => 14909)</h4> <pre class="diff"><span>
<span class="info">--- \
branches/AME-7692_noRestartsAuth/openam/openam-audit/openam-audit-configuration/src/ma \
in/java/org/forgerock/openam/audit/configuration/AuditConfigurationGuiceModule.java \
(rev 0)
+++ branches/AME-7692_noRestartsAuth/openam/openam-audit/openam-audit-configuration/sr \
c/main/java/org/forgerock/openam/audit/configuration/AuditConfigurationGuiceModule.java 2015-07-31 \
15:38:51 UTC (rev 14909) </span><span class="lines">@@ -0,0 +1,32 @@
</span><ins>+/*
+ * The contents of this file are subject to the terms of the Common Development and
+ * Distribution License (the License). You may not use this file except in \
compliance with the + * License.
+ *
+ * You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for \
the + * specific language governing permission and limitations under the License.
+ *
+ * When distributing Covered Software, include this CDDL Header Notice in each file \
and include + * the License file at legal/CDDLv1.0.txt. If applicable, add the \
following below the CDDL + * Header, with the fields enclosed by brackets [] replaced \
by your own identifying + * information: "Portions copyright [year] [name of \
copyright owner]". + *
+ * Copyright 2015 ForgeRock AS.
+ */
+package org.forgerock.openam.audit.configuration;
+
+import com.google.inject.AbstractModule;
+import org.forgerock.guice.core.GuiceModule;
+
+/**
+ * Guice Module for configuring bindings for the OpenAM Audit Configuration classes.
+ */
+@GuiceModule
+public class AuditConfigurationGuiceModule extends AbstractModule {
+
+ @Override
+ protected void configure() {
+ bind(AuditServiceConfigurator.class).to(AuditServiceConfiguratorImpl.class);
+ }
+
+}
</ins></span></pre></div>
<a id="branchesAME7692_noRestartsAuthopenamopenamauditopenamauditconfigurationsrcmainjavaorgforgerockopenamauditconfigurationAuditServiceConfiguratorImpljava"></a>
<div class="delfile"><h4>Deleted: \
branches/AME-7692_noRestartsAuth/openam/openam-audit/openam-audit-configuration/src/ma \
in/java/org/forgerock/openam/audit/configuration/AuditServiceConfiguratorImpl.java \
(14908 => 14909)</h4> <pre class="diff"><span>
<span class="info">--- \
trunk/openam/openam-audit/openam-audit-configuration/src/main/java/org/forgerock/openam/audit/configuration/AuditServiceConfiguratorImpl.java 2015-07-31 \
14:42:37 UTC (rev 14908)
+++ branches/AME-7692_noRestartsAuth/openam/openam-audit/openam-audit-configuration/sr \
c/main/java/org/forgerock/openam/audit/configuration/AuditServiceConfiguratorImpl.java 2015-07-31 \
15:38:51 UTC (rev 14909) </span><span class="lines">@@ -1,220 +0,0 @@
</span><del>-/*
- * The contents of this file are subject to the terms of the Common Development and
- * Distribution License (the License). You may not use this file except in \
compliance with the
- * License.
- *
- * You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for \
the
- * specific language governing permission and limitations under the License.
- *
- * When distributing Covered Software, include this CDDL Header Notice in each file \
and include
- * the License file at legal/CDDLv1.0.txt. If applicable, add the following below \
the CDDL
- * Header, with the fields enclosed by brackets [] replaced by your own identifying
- * information: "Portions copyright [year] [name of copyright owner]".
- *
- * Copyright 2015 ForgeRock AS.
- */
-package org.forgerock.openam.audit.configuration;
-
-import static com.iplanet.am.util.SystemProperties.CONFIG_PATH;
-import static com.iplanet.am.util.SystemProperties.get;
-import static com.sun.identity.shared.Constants.AM_SERVICES_DEPLOYMENT_DESCRIPTOR;
-import static org.forgerock.openam.audit.AuditConstants.*;
-
-import com.google.inject.Singleton;
-import com.iplanet.sso.SSOException;
-import com.iplanet.sso.SSOToken;
-import com.sun.identity.security.AdminTokenAction;
-import com.sun.identity.shared.datastruct.CollectionHelper;
-import com.sun.identity.shared.debug.Debug;
-import com.sun.identity.sm.SMSException;
-import com.sun.identity.sm.ServiceConfig;
-import com.sun.identity.sm.ServiceConfigManager;
-import com.sun.identity.sm.ServiceListener;
-import org.forgerock.audit.AuditException;
-import org.forgerock.audit.AuditService;
-import org.forgerock.audit.events.handlers.AuditEventHandler;
-import org.forgerock.audit.events.handlers.impl.CSVAuditEventHandler;
-import org.forgerock.audit.events.handlers.impl.CSVAuditEventHandlerConfiguration;
-import org.forgerock.guice.core.InjectorHolder;
-import org.forgerock.json.resource.ResourceException;
-import org.forgerock.openam.utils.StringUtils;
-
-import java.security.AccessController;
-import java.util.Map;
-import java.util.Set;
-
-/**
- * Listens to Audit Logger configuration changes and notify the Audit Service.
- *
- * @since 13.0.0
- */
-@Singleton
-public class AuditServiceConfiguratorImpl implements AuditServiceConfigurator, \
ServiceListener {
-
- private static final Debug debug = Debug.getInstance("amAudit");
-
- private final AMAuditServiceConfiguration configuration = new \
AMAuditServiceConfiguration();
-
- @Override
- public void registerEventHandlers(AuditService auditService) throws \
ResourceException, AuditException {
- refreshConfiguration();
- if (!configuration.isAuditEnabled()) {
- debug.message("Audit logging is disabled. No event handlers will be \
registered.");
- return;
- }
-
- try {
- ServiceConfig parentConfig = getAuditGlobalConfiguration();
- Set<String> handlerNames = parentConfig.getSubConfigNames();
- for (String handler : handlerNames) {
- updateEventHandlerConfiguration(parentConfig.getSubConfig(handler), \
auditService);
- }
- } catch (SSOException | SMSException e) {
- debug.error("Error accessing service {}", SERVICE_NAME, e);
- }
- }
-
- @Override
- public void initializeAuditServiceConfiguration() {
- refreshConfiguration();
- registerServiceListener();
- }
-
- @Override
- public AMAuditServiceConfiguration getAuditServiceConfiguration() {
- return configuration;
- }
-
- @Override
- public void globalConfigChanged(String serviceName, String version, String \
groupName, String component, int type) {
- if (!SERVICE_NAME.equals(serviceName)) {
- return;
- }
-
- if (StringUtils.isEmpty(component)) {
- refreshConfiguration();
-
- if (configuration.isAuditEnabled()) {
- try {
- \
registerEventHandlers(InjectorHolder.getInstance(AuditService.class));
- } catch (ResourceException | AuditException e) {
- debug.error("Unable to register audit event \
handlers.", e);
- }
- }
- } else {
- serviceComponentChanged(component);
- }
- }
-
- /**
- * Registers this configurator with the {@link \
com.sun.identity.sm.ServiceConfigManager} to receive updates
- * when the script configuration changes.
- *
- * @throws IllegalStateException if the configuration listener cannot be \
registered.
- */
- private void registerServiceListener() {
- try {
- String listenerId = new ServiceConfigManager(SERVICE_NAME, \
getAdminToken()).addListener(this);
- if (listenerId == null) {
- throw new SMSException("Unable to register service config \
listener");
- }
- debug.message("Registered service config listener: {}", \
listenerId);
- } catch (SSOException | SMSException e) {
- debug.error("Unable to create ServiceConfigManager", e);
- throw new IllegalStateException(e);
- }
- }
-
- private void refreshConfiguration() {
- ServiceConfig globalConfig = getAuditGlobalConfiguration();
- @SuppressWarnings("unchecked")
- Map<String, Set<String>> attributes = \
globalConfig.getAttributes();
- configuration.setAuditEnabled(CollectionHelper.getBooleanMapAttr(attributes, \
"auditEnabled", false));
- configuration.setAuditFailureSuppressed(
- CollectionHelper.getBooleanMapAttr(attributes, \
"suppressAuditFailure", true));
- configuration.setResolveHostNameEnabled(CollectionHelper.getBooleanMapAttr(attributes,
- "resolveHostNameEnabled", false));
- }
-
- private void serviceComponentChanged(String serviceComponent) {
- serviceComponent = serviceComponent.startsWith("/") ? \
serviceComponent.substring(1).trim() : serviceComponent;
- String[] components = serviceComponent.split("/");
- if (components.length == 1) {
- ServiceConfig eventHandlerConfig = \
getEventHandlerConfiguration(components[0]);
- if (eventHandlerConfig == null) {
- debug.error(
- "No event handler configuration called {} found in \
service {}. No configuration changes made.",
- components[0], SERVICE_NAME);
- return;
- }
- try {
- updateEventHandlerConfiguration(eventHandlerConfig, \
InjectorHolder.getInstance(AuditService.class));
- } catch (ResourceException | AuditException e) {
- debug.error("Failed to configure the {} event handler", \
components[0], e);
- }
- }
- }
-
- private void updateEventHandlerConfiguration(ServiceConfig eventHandlerConfig, \
AuditService auditService)
- throws ResourceException, AuditException {
-
- @SuppressWarnings("unchecked")
- Map<String, Set<String>> attributes = \
eventHandlerConfig.getAttributes();
- if (CSV.equalsIgnoreCase(eventHandlerConfig.getSchemaID())) {
- updateCsvEventHandlerConfiguration(attributes, auditService);
- }
- }
-
- private void updateCsvEventHandlerConfiguration(Map<String, \
Set<String>> attributes, AuditService auditService)
- throws AuditException, ResourceException {
-
- if (!CollectionHelper.getBooleanMapAttr(attributes, "enabled", \
false)) {
- // deregister the handler from the audit service here
- return;
- }
-
- AuditEventHandler csvAuditEventHandler = \
auditService.getRegisteredHandler(CSV);
- if (csvAuditEventHandler == null) {
- csvAuditEventHandler = new CSVAuditEventHandler();
- auditService.register(csvAuditEventHandler, CSV, \
attributes.get("topics"));
- }
- CSVAuditEventHandlerConfiguration csvHandlerConfiguration = new \
CSVAuditEventHandlerConfiguration();
- String location = CollectionHelper.getMapAttr(attributes, \
"location");
- csvHandlerConfiguration.setLogDirectory(location.replaceAll("%BASE_DIR%", \
get(CONFIG_PATH))
- .replaceAll("%SERVER_URI%", \
get(AM_SERVICES_DEPLOYMENT_DESCRIPTOR)));
- csvAuditEventHandler.configure(csvHandlerConfiguration);
- }
-
- private ServiceConfig getEventHandlerConfiguration(String handler) {
- try {
- return getAuditGlobalConfiguration().getSubConfig(handler);
- } catch (SMSException | SSOException e) {
- debug.error("Error accessing service {}", SERVICE_NAME, e);
- }
- return null;
- }
-
- private ServiceConfig getAuditGlobalConfiguration() {
- try {
- return new ServiceConfigManager(SERVICE_NAME, \
getAdminToken()).getGlobalConfig("default");
- } catch (SMSException | SSOException e) {
- debug.error("Error accessing service {}", SERVICE_NAME, e);
- throw new IllegalStateException(e);
- }
- }
-
- private SSOToken getAdminToken() {
- return AccessController.doPrivileged(AdminTokenAction.getInstance());
- }
-
- @Override
- public void schemaChanged(String serviceName, String version) {
- // Ignore
- }
-
- @Override
- public void organizationConfigChanged(String serviceName, String version, String \
orgName, String groupName,
- String serviceComponent, int type) {
- // Ignore
- }
-}
</del></span></pre></div>
<a id="branchesAME7692_noRestartsAuthopenamopenamauditopenamauditconfigurationsrcmainj \
avaorgforgerockopenamauditconfigurationAuditServiceConfiguratorImpljavafromrev14908tru \
nkopenamopenamauditopenamauditconfigurationsrcmainjavaorgforgerockopenamauditconfigurationAuditServiceConfiguratorImpljava"></a>
<div class="copfile"><h4>Copied: \
branches/AME-7692_noRestartsAuth/openam/openam-audit/openam-audit-configuration/src/ma \
in/java/org/forgerock/openam/audit/configuration/AuditServiceConfiguratorImpl.java \
(from rev 14908, trunk/openam/openam-audit/openam-audit-configuration/src/main/java/org/forgerock/openam/audit/configuration/AuditServiceConfiguratorImpl.java) \
(0 => 14909)</h4> <pre class="diff"><span>
<span class="info">--- \
branches/AME-7692_noRestartsAuth/openam/openam-audit/openam-audit-configuration/src/ma \
in/java/org/forgerock/openam/audit/configuration/AuditServiceConfiguratorImpl.java \
(rev 0)
+++ branches/AME-7692_noRestartsAuth/openam/openam-audit/openam-audit-configuration/sr \
c/main/java/org/forgerock/openam/audit/configuration/AuditServiceConfiguratorImpl.java 2015-07-31 \
15:38:51 UTC (rev 14909) </span><span class="lines">@@ -0,0 +1,220 @@
</span><ins>+/*
+ * The contents of this file are subject to the terms of the Common Development and
+ * Distribution License (the License). You may not use this file except in \
compliance with the + * License.
+ *
+ * You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for \
the + * specific language governing permission and limitations under the License.
+ *
+ * When distributing Covered Software, include this CDDL Header Notice in each file \
and include + * the License file at legal/CDDLv1.0.txt. If applicable, add the \
following below the CDDL + * Header, with the fields enclosed by brackets [] replaced \
by your own identifying + * information: "Portions copyright [year] [name of \
copyright owner]". + *
+ * Copyright 2015 ForgeRock AS.
+ */
+package org.forgerock.openam.audit.configuration;
+
+import static com.iplanet.am.util.SystemProperties.CONFIG_PATH;
+import static com.iplanet.am.util.SystemProperties.get;
+import static com.sun.identity.shared.Constants.AM_SERVICES_DEPLOYMENT_DESCRIPTOR;
+import static org.forgerock.openam.audit.AuditConstants.*;
+
+import com.google.inject.Singleton;
+import com.iplanet.sso.SSOException;
+import com.iplanet.sso.SSOToken;
+import com.sun.identity.security.AdminTokenAction;
+import com.sun.identity.shared.datastruct.CollectionHelper;
+import com.sun.identity.shared.debug.Debug;
+import com.sun.identity.sm.SMSException;
+import com.sun.identity.sm.ServiceConfig;
+import com.sun.identity.sm.ServiceConfigManager;
+import com.sun.identity.sm.ServiceListener;
+import org.forgerock.audit.AuditException;
+import org.forgerock.audit.AuditService;
+import org.forgerock.audit.events.handlers.AuditEventHandler;
+import org.forgerock.audit.events.handlers.impl.CSVAuditEventHandler;
+import org.forgerock.audit.events.handlers.impl.CSVAuditEventHandlerConfiguration;
+import org.forgerock.guice.core.InjectorHolder;
+import org.forgerock.json.resource.ResourceException;
+import org.forgerock.openam.utils.StringUtils;
+
+import java.security.AccessController;
+import java.util.Map;
+import java.util.Set;
+
+/**
+ * Listens to Audit Logger configuration changes and notify the Audit Service.
+ *
+ * @since 13.0.0
+ */
+@Singleton
+public class AuditServiceConfiguratorImpl implements AuditServiceConfigurator, \
ServiceListener { +
+ private static final Debug debug = Debug.getInstance("amAudit");
+
+ private final AMAuditServiceConfiguration configuration = new \
AMAuditServiceConfiguration(); +
+ @Override
+ public void registerEventHandlers(AuditService auditService) throws \
ResourceException, AuditException { + refreshConfiguration();
+ if (!configuration.isAuditEnabled()) {
+ debug.message("Audit logging is disabled. No event handlers will be \
registered."); + return;
+ }
+
+ try {
+ ServiceConfig parentConfig = getAuditGlobalConfiguration();
+ Set<String> handlerNames = parentConfig.getSubConfigNames();
+ for (String handler : handlerNames) {
+ updateEventHandlerConfiguration(parentConfig.getSubConfig(handler), \
auditService); + }
+ } catch (SSOException | SMSException e) {
+ debug.error("Error accessing service {}", SERVICE_NAME, e);
+ }
+ }
+
+ @Override
+ public void initializeAuditServiceConfiguration() {
+ refreshConfiguration();
+ registerServiceListener();
+ }
+
+ @Override
+ public AMAuditServiceConfiguration getAuditServiceConfiguration() {
+ return configuration;
+ }
+
+ @Override
+ public void globalConfigChanged(String serviceName, String version, String \
groupName, String component, int type) { + if \
(!SERVICE_NAME.equals(serviceName)) { + return;
+ }
+
+ if (StringUtils.isEmpty(component)) {
+ refreshConfiguration();
+
+ if (configuration.isAuditEnabled()) {
+ try {
+ \
registerEventHandlers(InjectorHolder.getInstance(AuditService.class)); + \
} catch (ResourceException | AuditException e) { + \
debug.error("Unable to register audit event handlers.", e); + \
} + }
+ } else {
+ serviceComponentChanged(component);
+ }
+ }
+
+ /**
+ * Registers this configurator with the {@link \
com.sun.identity.sm.ServiceConfigManager} to receive updates + * when the script \
configuration changes. + *
+ * @throws IllegalStateException if the configuration listener cannot be \
registered. + */
+ private void registerServiceListener() {
+ try {
+ String listenerId = new ServiceConfigManager(SERVICE_NAME, \
getAdminToken()).addListener(this); + if (listenerId == null) {
+ throw new SMSException("Unable to register service config \
listener"); + }
+ debug.message("Registered service config listener: {}", \
listenerId); + } catch (SSOException | SMSException e) {
+ debug.error("Unable to create ServiceConfigManager", e);
+ throw new IllegalStateException(e);
+ }
+ }
+
+ private void refreshConfiguration() {
+ ServiceConfig globalConfig = getAuditGlobalConfiguration();
+ @SuppressWarnings("unchecked")
+ Map<String, Set<String>> attributes = \
globalConfig.getAttributes(); + \
configuration.setAuditEnabled(CollectionHelper.getBooleanMapAttr(attributes, \
"auditEnabled", false)); + configuration.setAuditFailureSuppressed(
+ CollectionHelper.getBooleanMapAttr(attributes, \
"suppressAuditFailure", true)); + \
configuration.setResolveHostNameEnabled(CollectionHelper.getBooleanMapAttr(attributes,
+ "resolveHostNameEnabled", false));
+ }
+
+ private void serviceComponentChanged(String serviceComponent) {
+ serviceComponent = serviceComponent.startsWith("/") ? \
serviceComponent.substring(1).trim() : serviceComponent; + String[] components \
= serviceComponent.split("/"); + if (components.length == 1) {
+ ServiceConfig eventHandlerConfig = \
getEventHandlerConfiguration(components[0]); + if (eventHandlerConfig == \
null) { + debug.error(
+ "No event handler configuration called {} found in \
service {}. No configuration changes made.", + \
components[0], SERVICE_NAME); + return;
+ }
+ try {
+ updateEventHandlerConfiguration(eventHandlerConfig, \
InjectorHolder.getInstance(AuditService.class)); + } catch \
(ResourceException | AuditException e) { + debug.error("Failed to \
configure the {} event handler", components[0], e); + }
+ }
+ }
+
+ private void updateEventHandlerConfiguration(ServiceConfig eventHandlerConfig, \
AuditService auditService) + throws ResourceException, AuditException {
+
+ @SuppressWarnings("unchecked")
+ Map<String, Set<String>> attributes = \
eventHandlerConfig.getAttributes(); + if \
(CSV.equalsIgnoreCase(eventHandlerConfig.getSchemaID())) { + \
updateCsvEventHandlerConfiguration(attributes, auditService); + }
+ }
+
+ private void updateCsvEventHandlerConfiguration(Map<String, \
Set<String>> attributes, AuditService auditService) + throws \
AuditException, ResourceException { +
+ if (!CollectionHelper.getBooleanMapAttr(attributes, "enabled", \
false)) { + // deregister the handler from the audit service here
+ return;
+ }
+
+ AuditEventHandler csvAuditEventHandler = \
auditService.getRegisteredHandler(CSV); + if (csvAuditEventHandler == null) {
+ csvAuditEventHandler = new CSVAuditEventHandler();
+ auditService.register(csvAuditEventHandler, CSV, \
attributes.get("topics")); + }
+ CSVAuditEventHandlerConfiguration csvHandlerConfiguration = new \
CSVAuditEventHandlerConfiguration(); + String location = \
CollectionHelper.getMapAttr(attributes, "location"); + \
csvHandlerConfiguration.setLogDirectory(location.replaceAll("%BASE_DIR%", \
get(CONFIG_PATH)) + .replaceAll("%SERVER_URI%", \
get(AM_SERVICES_DEPLOYMENT_DESCRIPTOR))); + \
csvAuditEventHandler.configure(csvHandlerConfiguration); + }
+
+ private ServiceConfig getEventHandlerConfiguration(String handler) {
+ try {
+ return getAuditGlobalConfiguration().getSubConfig(handler);
+ } catch (SMSException | SSOException e) {
+ debug.error("Error accessing service {}", SERVICE_NAME, e);
+ }
+ return null;
+ }
+
+ private ServiceConfig getAuditGlobalConfiguration() {
+ try {
+ return new ServiceConfigManager(SERVICE_NAME, \
getAdminToken()).getGlobalConfig("default"); + } catch (SMSException \
| SSOException e) { + debug.error("Error accessing service {}", \
SERVICE_NAME, e); + throw new IllegalStateException(e);
+ }
+ }
+
+ private SSOToken getAdminToken() {
+ return AccessController.doPrivileged(AdminTokenAction.getInstance());
+ }
+
+ @Override
+ public void schemaChanged(String serviceName, String version) {
+ // Ignore
+ }
+
+ @Override
+ public void organizationConfigChanged(String serviceName, String version, String \
orgName, String groupName, + String \
serviceComponent, int type) { + // Ignore
+ }
+}
</ins></span></pre></div>
<a id="branchesAME7692_noRestartsAuthopenamopenamauditopenamauditconfigurationsrcmainjavaorgforgerockopenamauditconfigurationAuditTopicChoiceValuesjava"></a>
<div class="delfile"><h4>Deleted: \
branches/AME-7692_noRestartsAuth/openam/openam-audit/openam-audit-configuration/src/main/java/org/forgerock/openam/audit/configuration/AuditTopicChoiceValues.java \
(14908 => 14909)</h4> <pre class="diff"><span>
<span class="info">--- \
trunk/openam/openam-audit/openam-audit-configuration/src/main/java/org/forgerock/openam/audit/configuration/AuditTopicChoiceValues.java 2015-07-31 \
14:42:37 UTC (rev 14908)
+++ branches/AME-7692_noRestartsAuth/openam/openam-audit/openam-audit-configuration/sr \
c/main/java/org/forgerock/openam/audit/configuration/AuditTopicChoiceValues.java 2015-07-31 \
15:38:51 UTC (rev 14909) </span><span class="lines">@@ -1,38 +0,0 @@
</span><del>-/*
- * The contents of this file are subject to the terms of the Common Development and
- * Distribution License (the License). You may not use this file except in \
compliance with the
- * License.
- *
- * You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for \
the
- * specific language governing permission and limitations under the License.
- *
- * When distributing Covered Software, include this CDDL Header Notice in each file \
and include
- * the License file at legal/CDDLv1.0.txt. If applicable, add the following below \
the CDDL
- * Header, with the fields enclosed by brackets [] replaced by your own identifying
- * information: "Portions copyright [year] [name of copyright owner]".
- *
- * Copyright 2015 ForgeRock AS.
- */
-package org.forgerock.openam.audit.configuration;
-
-import com.sun.identity.sm.ChoiceValues;
-
-import java.util.HashMap;
-import java.util.Map;
-
-public class AuditTopicChoiceValues extends ChoiceValues {
-
- private static final Map<String, String> AUDIT_TOPICS = new \
HashMap<>();
-
- static {
- AUDIT_TOPICS.put("access", "audit.topic.access");
- AUDIT_TOPICS.put("activity", "audit.topic.activity");
- AUDIT_TOPICS.put("authentication", \
"audit.topic.authentication");
- AUDIT_TOPICS.put("config", "audit.topic.config");
- }
-
- @Override
- public Map<String, String> getChoiceValues() {
- return AUDIT_TOPICS;
- }
-}
</del></span></pre></div>
<a id="branchesAME7692_noRestartsAuthopenamopenamauditopenamauditconfigurationsrcmainj \
avaorgforgerockopenamauditconfigurationAuditTopicChoiceValuesjavafromrev14908trunkopen \
amopenamauditopenamauditconfigurationsrcmainjavaorgforgerockopenamauditconfigurationAuditTopicChoiceValuesjava"></a>
<div class="copfile"><h4>Copied: \
branches/AME-7692_noRestartsAuth/openam/openam-audit/openam-audit-configuration/src/main/java/org/forgerock/openam/audit/configuration/AuditTopicChoiceValues.java \
(from rev 14908, trunk/openam/openam-audit/openam-audit-configuration/src/main/java/org/forgerock/openam/audit/configuration/AuditTopicChoiceValues.java) \
(0 => 14909)</h4> <pre class="diff"><span>
<span class="info">--- \
branches/AME-7692_noRestartsAuth/openam/openam-audit/openam-audit-configuration/src/main/java/org/forgerock/openam/audit/configuration/AuditTopicChoiceValues.java \
(rev 0)
+++ branches/AME-7692_noRestartsAuth/openam/openam-audit/openam-audit-configuration/sr \
c/main/java/org/forgerock/openam/audit/configuration/AuditTopicChoiceValues.java 2015-07-31 \
15:38:51 UTC (rev 14909) </span><span class="lines">@@ -0,0 +1,38 @@
</span><ins>+/*
+ * The contents of this file are subject to the terms of the Common Development and
+ * Distribution License (the License). You may not use this file except in \
compliance with the + * License.
+ *
+ * You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for \
the + * specific language governing permission and limitations under the License.
+ *
+ * When distributing Covered Software, include this CDDL Header Notice in each file \
and include + * the License file at legal/CDDLv1.0.txt. If applicable, add the \
following below the CDDL + * Header, with the fields enclosed by brackets [] replaced \
by your own identifying + * information: "Portions copyright [year] [name of \
copyright owner]". + *
+ * Copyright 2015 ForgeRock AS.
+ */
+package org.forgerock.openam.audit.configuration;
+
+import com.sun.identity.sm.ChoiceValues;
+
+import java.util.HashMap;
+import java.util.Map;
+
+public class AuditTopicChoiceValues extends ChoiceValues {
+
+ private static final Map<String, String> AUDIT_TOPICS = new \
HashMap<>(); +
+ static {
+ AUDIT_TOPICS.put("access", "audit.topic.access");
+ AUDIT_TOPICS.put("activity", "audit.topic.activity");
+ AUDIT_TOPICS.put("authentication", \
"audit.topic.authentication"); + \
AUDIT_TOPICS.put("config", "audit.topic.config"); + }
+
+ @Override
+ public Map<String, String> getChoiceValues() {
+ return AUDIT_TOPICS;
+ }
+}
</ins></span></pre></div>
<a id="branchesAME7692_noRestartsAuthopenamopenamauditopenamauditconfigurationsrcmainjavaorgforgerockopenamauditconfigurationAuditTopicDefaultValuesjava"></a>
<div class="delfile"><h4>Deleted: \
branches/AME-7692_noRestartsAuth/openam/openam-audit/openam-audit-configuration/src/main/java/org/forgerock/openam/audit/configuration/AuditTopicDefaultValues.java \
(14908 => 14909)</h4> <pre class="diff"><span>
<span class="info">--- \
trunk/openam/openam-audit/openam-audit-configuration/src/main/java/org/forgerock/openam/audit/configuration/AuditTopicDefaultValues.java 2015-07-31 \
14:42:37 UTC (rev 14908)
+++ branches/AME-7692_noRestartsAuth/openam/openam-audit/openam-audit-configuration/sr \
c/main/java/org/forgerock/openam/audit/configuration/AuditTopicDefaultValues.java 2015-07-31 \
15:38:51 UTC (rev 14909) </span><span class="lines">@@ -1,38 +0,0 @@
</span><del>-/*
- * The contents of this file are subject to the terms of the Common Development and
- * Distribution License (the License). You may not use this file except in \
compliance with the
- * License.
- *
- * You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for \
the
- * specific language governing permission and limitations under the License.
- *
- * When distributing Covered Software, include this CDDL Header Notice in each file \
and include
- * the License file at legal/CDDLv1.0.txt. If applicable, add the following below \
the CDDL
- * Header, with the fields enclosed by brackets [] replaced by your own identifying
- * information: "Portions copyright [year] [name of copyright owner]".
- *
- * Copyright 2015 ForgeRock AS.
- */
-package org.forgerock.openam.audit.configuration;
-
-import com.sun.identity.sm.DefaultValues;
-
-import java.util.HashSet;
-import java.util.Set;
-
-public class AuditTopicDefaultValues extends DefaultValues {
-
- private static final Set<String> AUDIT_TOPICS = new HashSet<>();
-
- static {
- AUDIT_TOPICS.add("access");
- AUDIT_TOPICS.add("activity");
- AUDIT_TOPICS.add("authentication");
- AUDIT_TOPICS.add("config");
- };
-
- @Override
- public Set<String> getDefaultValues() {
- return AUDIT_TOPICS;
- }
-}
</del></span></pre></div>
<a id="branchesAME7692_noRestartsAuthopenamopenamauditopenamauditconfigurationsrcmainj \
avaorgforgerockopenamauditconfigurationAuditTopicDefaultValuesjavafromrev14908trunkope \
namopenamauditopenamauditconfigurationsrcmainjavaorgforgerockopenamauditconfigurationAuditTopicDefaultValuesjava"></a>
<div class="copfile"><h4>Copied: \
branches/AME-7692_noRestartsAuth/openam/openam-audit/openam-audit-configuration/src/main/java/org/forgerock/openam/audit/configuration/AuditTopicDefaultValues.java \
(from rev 14908, trunk/openam/openam-audit/openam-audit-configuration/src/main/java/org/forgerock/openam/audit/configuration/AuditTopicDefaultValues.java) \
(0 => 14909)</h4> <pre class="diff"><span>
<span class="info">--- \
branches/AME-7692_noRestartsAuth/openam/openam-audit/openam-audit-configuration/src/main/java/org/forgerock/openam/audit/configuration/AuditTopicDefaultValues.java \
(rev 0)
+++ branches/AME-7692_noRestartsAuth/openam/openam-audit/openam-audit-configuration/sr \
c/main/java/org/forgerock/openam/audit/configuration/AuditTopicDefaultValues.java 2015-07-31 \
15:38:51 UTC (rev 14909) </span><span class="lines">@@ -0,0 +1,38 @@
</span><ins>+/*
+ * The contents of this file are subject to the terms of the Common Development and
+ * Distribution License (the License). You may not use this file except in \
compliance with the + * License.
+ *
+ * You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for \
the + * specific language governing permission and limitations under the License.
+ *
+ * When distributing Covered Software, include this CDDL Header Notice in each file \
and include + * the License file at legal/CDDLv1.0.txt. If applicable, add the \
following below the CDDL + * Header, with the fields enclosed by brackets [] replaced \
by your own identifying + * information: "Portions copyright [year] [name of \
copyright owner]". + *
+ * Copyright 2015 ForgeRock AS.
+ */
+package org.forgerock.openam.audit.configuration;
+
+import com.sun.identity.sm.DefaultValues;
+
+import java.util.HashSet;
+import java.util.Set;
+
+public class AuditTopicDefaultValues extends DefaultValues {
+
+ private static final Set<String> AUDIT_TOPICS = new HashSet<>();
+
+ static {
+ AUDIT_TOPICS.add("access");
+ AUDIT_TOPICS.add("activity");
+ AUDIT_TOPICS.add("authentication");
+ AUDIT_TOPICS.add("config");
+ };
+
+ @Override
+ public Set<String> getDefaultValues() {
+ return AUDIT_TOPICS;
+ }
+}
</ins></span></pre></div>
<a id="branchesAME7692_noRestartsAuthopenamopenamauditopenamauditconfigurationsrcmainjavaorgforgerockopenamauditconfigurationpackageinfojava"></a>
<div class="delfile"><h4>Deleted: \
branches/AME-7692_noRestartsAuth/openam/openam-audit/openam-audit-configuration/src/main/java/org/forgerock/openam/audit/configuration/package-info.java \
(14908 => 14909)</h4> <pre class="diff"><span>
<span class="info">--- \
trunk/openam/openam-audit/openam-audit-configuration/src/main/java/org/forgerock/openam/audit/configuration/package-info.java 2015-07-31 \
14:42:37 UTC (rev 14908)
+++ branches/AME-7692_noRestartsAuth/openam/openam-audit/openam-audit-configuration/sr \
c/main/java/org/forgerock/openam/audit/configuration/package-info.java 2015-07-31 \
15:38:51 UTC (rev 14909) </span><span class="lines">@@ -1,22 +0,0 @@
</span><del>-/*
- * The contents of this file are subject to the terms of the Common Development and
- * Distribution License (the License). You may not use this file except in \
compliance with the
- * License.
- *
- * You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for \
the
- * specific language governing permission and limitations under the License.
- *
- * When distributing Covered Software, include this CDDL Header Notice in each file \
and include
- * the License file at legal/CDDLv1.0.txt. If applicable, add the following below \
the CDDL
- * Header, with the fields enclosed by brackets [] replaced by your own identifying
- * information: "Portions copyright [year] [name of copyright owner]".
- *
- * Copyright 2015 ForgeRock AS.
- */
-
-/**
- * Audit logging configuration based on Commons Audit.
- *
- * @since 13.0.0
- */
-package org.forgerock.openam.audit.configuration;
</del><span class="cx">\ No newline at end of file
</span></span></pre></div>
<a id="branchesAME7692_noRestartsAuthopenamopenamauditopenamauditconfigurationsrcmainj \
avaorgforgerockopenamauditconfigurationpackageinfojavafromrev14908trunkopenamopenamaud \
itopenamauditconfigurationsrcmainjavaorgforgerockopenamauditconfigurationpackageinfojava"></a>
<div class="copfile"><h4>Copied: \
branches/AME-7692_noRestartsAuth/openam/openam-audit/openam-audit-configuration/src/main/java/org/forgerock/openam/audit/configuration/package-info.java \
(from rev 14908, trunk/openam/openam-audit/openam-audit-configuration/src/main/java/org/forgerock/openam/audit/configuration/package-info.java) \
(0 => 14909)</h4> <pre class="diff"><span>
<span class="info">--- \
branches/AME-7692_noRestartsAuth/openam/openam-audit/openam-audit-configuration/src/main/java/org/forgerock/openam/audit/configuration/package-info.java \
(rev 0)
+++ branches/AME-7692_noRestartsAuth/openam/openam-audit/openam-audit-configuration/sr \
c/main/java/org/forgerock/openam/audit/configuration/package-info.java 2015-07-31 \
15:38:51 UTC (rev 14909) </span><span class="lines">@@ -0,0 +1,22 @@
</span><ins>+/*
+ * The contents of this file are subject to the terms of the Common Development and
+ * Distribution License (the License). You may not use this file except in \
compliance with the + * License.
+ *
+ * You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for \
the + * specific language governing permission and limitations under the License.
+ *
+ * When distributing Covered Software, include this CDDL Header Notice in each file \
and include + * the License file at legal/CDDLv1.0.txt. If applicable, add the \
following below the CDDL + * Header, with the fields enclosed by brackets [] replaced \
by your own identifying + * information: "Portions copyright [year] [name of \
copyright owner]". + *
+ * Copyright 2015 ForgeRock AS.
+ */
+
+/**
+ * Audit logging configuration based on Commons Audit.
+ *
+ * @since 13.0.0
+ */
+package org.forgerock.openam.audit.configuration;
</ins><span class="cx">\ No newline at end of file
</span></span></pre></div>
<a id="branchesAME7692_noRestartsAuthopenamopenamauditopenamauditconfigurationsrcmainresourcesauditproperties"></a>
<div class="delfile"><h4>Deleted: \
branches/AME-7692_noRestartsAuth/openam/openam-audit/openam-audit-configuration/src/main/resources/audit.properties \
(14908 => 14909)</h4> <pre class="diff"><span>
<span class="info">--- \
trunk/openam/openam-audit/openam-audit-configuration/src/main/resources/audit.properties 2015-07-31 \
14:42:37 UTC (rev 14908)
+++ branches/AME-7692_noRestartsAuth/openam/openam-audit/openam-audit-configuration/src/main/resources/audit.properties 2015-07-31 \
15:38:51 UTC (rev 14909) </span><span class="lines">@@ -1,44 +0,0 @@
</span><del>-# The contents of this file are subject to the terms of the Common \
Development and
-# Distribution License (the License). You may not use this file except in compliance \
with the
-# License.
-#
-# You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for \
the
-# specific language governing permission and limitations under the License.
-#
-# When distributing Covered Software, include this CDDL Header Notice in each file \
and include
-# the License file at legal/CDDLv1.0.txt. If applicable, add the following below the \
CDDL
-# Header, with the fields enclosed by brackets [] replaced by your own identifying
-# information: "Portions copyright [year] [name of copyright owner]".
-#
-# Copyright 2015 ForgeRock AS.
-
-
-########################################################################################################################
-# Global configuration properties
-########################################################################################################################
-audit-description=Audit Logging
-a001=Audit logging
-a001.help=Select to enable audit logging for OpenAM.
-a002=Suppress audit failure
-a002.help=Select to stop failure to log an audit message from also failing the \
operation that is being audited.
-a003=Resolve host name
-a003.help=When enabled DNS Host lookups will be performed to populate the record's \
host name field.
-a003.help.txt=<i>NB </i>Enabling this functionality will increase the \
load of the logging system and the OpenAM host \
- must have DNS configured.
-
-audit.topic.access=Access
-audit.topic.activity=Activity
-audit.topic.authentication=Authentication
-audit.topic.config=Configuration
-
-########################################################################################################################
-# Audit event handlers
-########################################################################################################################
-eh001=CSV
-
-csv001=Enabled
-csv001.help=If selected the CSV file audit logging will be enabled.
-csv002=Topics
-csv002.help=Select the audit event topics to be handled by this event handler.
-csv003=Location
-csv003.help=The directory to which the files should be written.
</del><span class="cx">\ No newline at end of file
</span></span></pre></div>
<a id="branchesAME7692_noRestartsAuthopenamopenamauditopenamauditconfigurationsrcmainr \
esourcesauditpropertiesfromrev14908trunkopenamopenamauditopenamauditconfigurationsrcmainresourcesauditproperties"></a>
<div class="copfile"><h4>Copied: \
branches/AME-7692_noRestartsAuth/openam/openam-audit/openam-audit-configuration/src/main/resources/audit.properties \
(from rev 14908, trunk/openam/openam-audit/openam-audit-configuration/src/main/resources/audit.properties) \
(0 => 14909)</h4> <pre class="diff"><span>
<span class="info">--- \
branches/AME-7692_noRestartsAuth/openam/openam-audit/openam-audit-configuration/src/main/resources/audit.properties \
(rev 0)
+++ branches/AME-7692_noRestartsAuth/openam/openam-audit/openam-audit-configuration/src/main/resources/audit.properties 2015-07-31 \
15:38:51 UTC (rev 14909) </span><span class="lines">@@ -0,0 +1,44 @@
</span><ins>+# The contents of this file are subject to the terms of the Common \
Development and +# Distribution License (the License). You may not use this file \
except in compliance with the +# License.
+#
+# You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for \
the +# specific language governing permission and limitations under the License.
+#
+# When distributing Covered Software, include this CDDL Header Notice in each file \
and include +# the License file at legal/CDDLv1.0.txt. If applicable, add the \
following below the CDDL +# Header, with the fields enclosed by brackets [] replaced \
by your own identifying +# information: "Portions copyright [year] [name of \
copyright owner]". +#
+# Copyright 2015 ForgeRock AS.
+
+
+########################################################################################################################
+# Global configuration properties
+########################################################################################################################
+audit-description=Audit Logging
+a001=Audit logging
+a001.help=Select to enable audit logging for OpenAM.
+a002=Suppress audit failure
+a002.help=Select to stop failure to log an audit message from also failing the \
operation that is being audited. +a003=Resolve host name
+a003.help=When enabled DNS Host lookups will be performed to populate the record's \
host name field. +a003.help.txt=<i>NB </i>Enabling this functionality \
will increase the load of the logging system and the OpenAM host \ + must have DNS \
configured. +
+audit.topic.access=Access
+audit.topic.activity=Activity
+audit.topic.authentication=Authentication
+audit.topic.config=Configuration
+
+########################################################################################################################
+# Audit event handlers
+########################################################################################################################
+eh001=CSV
+
+csv001=Enabled
+csv001.help=If selected the CSV file audit logging will be enabled.
+csv002=Topics
+csv002.help=Select the audit event topics to be handled by this event handler.
+csv003=Location
+csv003.help=The directory to which the files should be written.
</ins><span class="cx">\ No newline at end of file
</span></span></pre></div>
<a id="branchesAME7692_noRestartsAuthopenamopenamauditopenamauditconfigurationsrcmainresourcesauditxml"></a>
<div class="delfile"><h4>Deleted: \
branches/AME-7692_noRestartsAuth/openam/openam-audit/openam-audit-configuration/src/main/resources/audit.xml \
(14908 => 14909)</h4> <pre class="diff"><span>
<span class="info">--- \
trunk/openam/openam-audit/openam-audit-configuration/src/main/resources/audit.xml 2015-07-31 \
14:42:37 UTC (rev 14908)
+++ branches/AME-7692_noRestartsAuth/openam/openam-audit/openam-audit-configuration/src/main/resources/audit.xml 2015-07-31 \
15:38:51 UTC (rev 14909) </span><span class="lines">@@ -1,91 +0,0 @@
</span><del>-<?xml version="1.0" encoding="ISO-8859-1"?>
-<!--
- * The contents of this file are subject to the terms of the Common Development and
- * Distribution License (the License). You may not use this file except in \
compliance with the
- * License.
- *
- * You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for \
the
- * specific language governing permission and limitations under the License.
- *
- * When distributing Covered Software, include this CDDL Header Notice in each file \
and include
- * the License file at legal/CDDLv1.0.txt. If applicable, add the following below \
the CDDL
- * Header, with the fields enclosed by brackets [] replaced by your own identifying
- * information: "Portions copyright [year] [name of copyright owner]".
- *
- * Copyright 2015 ForgeRock AS.
--->
-<!DOCTYPE ServicesConfiguration
- PUBLIC "=//iPlanet//Service Management Services (SMS) 1.0 DTD//EN" \
"jar://com/sun/identity/sm/sms.dtd">
-
-<ServicesConfiguration>
- <Service name="AuditService" version="1.0">
- <Schema serviceHierarchy="/DSAMEConfig/AuditService"
- i18nFileName="audit"
- revisionNumber="1"
- resourceName="audit"
- i18nKey="audit-description">
- <Global>
- <AttributeSchema name="auditEnabled" \
type="single" syntax="boolean" \
i18nKey="a001">
- <BooleanValues>
- <BooleanTrueValue>true</BooleanTrueValue>
- <BooleanFalseValue>false</BooleanFalseValue>
- </BooleanValues>
- <DefaultValues>
- <Value>false</Value>
- </DefaultValues>
- </AttributeSchema>
- <AttributeSchema name="suppressAuditFailure" \
type="single" syntax="boolean" \
i18nKey="a002">
- <BooleanValues>
- <BooleanTrueValue>true</BooleanTrueValue>
- <BooleanFalseValue>false</BooleanFalseValue>
- </BooleanValues>
- <DefaultValues>
- <Value>true</Value>
- </DefaultValues>
- </AttributeSchema>
- <AttributeSchema name="resolveHostNameEnabled" \
type="single" syntax="boolean" \
i18nKey="a003">
- <BooleanValues>
- <BooleanTrueValue>true</BooleanTrueValue>
- <BooleanFalseValue>false</BooleanFalseValue>
- </BooleanValues>
- <DefaultValues>
- <Value>false</Value>
- </DefaultValues>
- </AttributeSchema>
-
- <SubSchema name="CSV" i18nKey="eh001">
- <AttributeSchema name="enabled" \
type="single" syntax="boolean" \
i18nKey="csv001">
- <BooleanValues>
- <BooleanTrueValue>true</BooleanTrueValue>
- <BooleanFalseValue>false</BooleanFalseValue>
- </BooleanValues>
- <DefaultValues>
- <Value>true</Value>
- </DefaultValues>
- </AttributeSchema>
- <AttributeSchema name="topics" \
type="multiple_choice" i18nKey="csv002">
- <ChoiceValues>
- <ChoiceValuesClassName
- \
className="org.forgerock.openam.audit.configuration.AuditTopicChoiceValues"/>
- </ChoiceValues>
- <DefaultValues>
- <DefaultValuesClassName
- \
className="org.forgerock.openam.audit.configuration.AuditTopicDefaultValues"/>
- </DefaultValues>
- </AttributeSchema>
- <AttributeSchema name="location" \
type="single" i18nKey="csv003">
- <DefaultValues>
- \
<Value>%BASE_DIR%/%SERVER_URI%/@LOG_DIR@/</Value>
- </DefaultValues>
- </AttributeSchema>
- </SubSchema>
- </Global>
- </Schema>
-
- <Configuration>
- <GlobalConfiguration>
- <SubConfiguration name="CSV" id="CSV"/>
- </GlobalConfiguration>
- </Configuration>
- </Service>
-</ServicesConfiguration>
</del></span></pre></div>
<a id="branchesAME7692_noRestartsAuthopenamopenamauditopenamauditconfigurationsrcmainr \
esourcesauditxmlfromrev14908trunkopenamopenamauditopenamauditconfigurationsrcmainresourcesauditxml"></a>
<div class="copfile"><h4>Copied: \
branches/AME-7692_noRestartsAuth/openam/openam-audit/openam-audit-configuration/src/main/resources/audit.xml \
(from rev 14908, trunk/openam/openam-audit/openam-audit-configuration/src/main/resources/audit.xml) \
(0 => 14909)</h4> <pre class="diff"><span>
<span class="info">--- \
branches/AME-7692_noRestartsAuth/openam/openam-audit/openam-audit-configuration/src/main/resources/audit.xml \
(rev 0)
+++ branches/AME-7692_noRestartsAuth/openam/openam-audit/openam-audit-configuration/src/main/resources/audit.xml 2015-07-31 \
15:38:51 UTC (rev 14909) </span><span class="lines">@@ -0,0 +1,91 @@
</span><ins>+<?xml version="1.0" encoding="ISO-8859-1"?>
+<!--
+ * The contents of this file are subject to the terms of the Common Development and
+ * Distribution License (the License). You may not use this file except in \
compliance with the + * License.
+ *
+ * You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for \
the + * specific language governing permission and limitations under the License.
+ *
+ * When distributing Covered Software, include this CDDL Header Notice in each file \
and include + * the License file at legal/CDDLv1.0.txt. If applicable, add the \
following below the CDDL + * Header, with the fields enclosed by brackets [] replaced \
by your own identifying + * information: "Portions copyright [year] [name of \
copyright owner]". + *
+ * Copyright 2015 ForgeRock AS.
+-->
+<!DOCTYPE ServicesConfiguration
+ PUBLIC "=//iPlanet//Service Management Services (SMS) 1.0 DTD//EN" \
"jar://com/sun/identity/sm/sms.dtd"> +
+<ServicesConfiguration>
+ <Service name="AuditService" version="1.0">
+ <Schema serviceHierarchy="/DSAMEConfig/AuditService"
+ i18nFileName="audit"
+ revisionNumber="1"
+ resourceName="audit"
+ i18nKey="audit-description">
+ <Global>
+ <AttributeSchema name="auditEnabled" \
type="single" syntax="boolean" i18nKey="a001"> + \
<BooleanValues> + \
<BooleanTrueValue>true</BooleanTrueValue> + \
<BooleanFalseValue>false</BooleanFalseValue> + \
</BooleanValues> + <DefaultValues>
+ <Value>false</Value>
+ </DefaultValues>
+ </AttributeSchema>
+ <AttributeSchema name="suppressAuditFailure" \
type="single" syntax="boolean" i18nKey="a002"> + \
<BooleanValues> + \
<BooleanTrueValue>true</BooleanTrueValue> + \
<BooleanFalseValue>false</BooleanFalseValue> + \
</BooleanValues> + <DefaultValues>
+ <Value>true</Value>
+ </DefaultValues>
+ </AttributeSchema>
+ <AttributeSchema name="resolveHostNameEnabled" \
type="single" syntax="boolean" i18nKey="a003"> + \
<BooleanValues> + \
<BooleanTrueValue>true</BooleanTrueValue> + \
<BooleanFalseValue>false</BooleanFalseValue> + \
</BooleanValues> + <DefaultValues>
+ <Value>false</Value>
+ </DefaultValues>
+ </AttributeSchema>
+
+ <SubSchema name="CSV" i18nKey="eh001">
+ <AttributeSchema name="enabled" \
type="single" syntax="boolean" i18nKey="csv001"> + \
<BooleanValues> + \
<BooleanTrueValue>true</BooleanTrueValue> + \
<BooleanFalseValue>false</BooleanFalseValue> + \
</BooleanValues> + <DefaultValues>
+ <Value>true</Value>
+ </DefaultValues>
+ </AttributeSchema>
+ <AttributeSchema name="topics" \
type="multiple_choice" i18nKey="csv002"> + \
<ChoiceValues> + <ChoiceValuesClassName
+ \
className="org.forgerock.openam.audit.configuration.AuditTopicChoiceValues"/>
+ </ChoiceValues>
+ <DefaultValues>
+ <DefaultValuesClassName
+ \
className="org.forgerock.openam.audit.configuration.AuditTopicDefaultValues"/>
+ </DefaultValues>
+ </AttributeSchema>
+ <AttributeSchema name="location" \
type="single" i18nKey="csv003"> + \
<DefaultValues> + \
<Value>%BASE_DIR%/%SERVER_URI%/@LOG_DIR@/</Value> + \
</DefaultValues> + </AttributeSchema>
+ </SubSchema>
+ </Global>
+ </Schema>
+
+ <Configuration>
+ <GlobalConfiguration>
+ <SubConfiguration name="CSV" id="CSV"/>
+ </GlobalConfiguration>
+ </Configuration>
+ </Service>
+</ServicesConfiguration>
</ins></span></pre></div>
<a id="branchesAME7692_noRestartsAuthopenamopenamauditopenamauditcontextpomxml"></a>
<div class="modfile"><h4>Modified: \
branches/AME-7692_noRestartsAuth/openam/openam-audit/openam-audit-context/pom.xml \
(14908 => 14909)</h4> <pre class="diff"><span>
<span class="info">--- \
branches/AME-7692_noRestartsAuth/openam/openam-audit/openam-audit-context/pom.xml 2015-07-31 \
14:42:37 UTC (rev 14908)
+++ branches/AME-7692_noRestartsAuth/openam/openam-audit/openam-audit-context/pom.xml 2015-07-31 \
15:38:51 UTC (rev 14909) </span><span class="lines">@@ -1,4 +1,19 @@
</span><span class="cx"> <?xml version="1.0" \
encoding="UTF-8"?> </span><ins>+<!--
+ ~ The contents of this file are subject to the terms of the Common Development and
+ ~ Distribution License (the License). You may not use this file except in \
compliance with the + ~ License.
+ ~
+ ~ You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for \
the + ~ specific language governing permission and limitations under the License.
+ ~
+ ~ When distributing Covered Software, include this CDDL Header Notice in each file \
and include + ~ the License file at legal/CDDLv1.0.txt. If applicable, add the \
following below the CDDL + ~ Header, with the fields enclosed by brackets [] \
replaced by your own identifying + ~ information: "Portions copyright [year] \
[name of copyright owner]". + ~
+ ~ Copyright 2014-2015 ForgeRock AS.
+-->
</ins><span class="cx"> <project \
xmlns="http://maven.apache.org/POM/4.0.0" </span><span class="cx"> \
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" </span><span \
class="cx"> xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 \
http://maven.apache.org/xsd/maven-4.0.0.xsd"> </span></span></pre></div>
<a id="branchesAME7692_noRestartsAuthopenamopenamauditopenamauditcorepomxml"></a>
<div class="modfile"><h4>Modified: \
branches/AME-7692_noRestartsAuth/openam/openam-audit/openam-audit-core/pom.xml (14908 \
=> 14909)</h4> <pre class="diff"><span>
<span class="info">--- \
branches/AME-7692_noRestartsAuth/openam/openam-audit/openam-audit-core/pom.xml 2015-07-31 \
14:42:37 UTC (rev 14908)
+++ branches/AME-7692_noRestartsAuth/openam/openam-audit/openam-audit-core/pom.xml 2015-07-31 \
15:38:51 UTC (rev 14909) </span><span class="lines">@@ -1,4 +1,19 @@
</span><span class="cx"> <?xml version="1.0" \
encoding="UTF-8"?> </span><ins>+<!--
+ ~ The contents of this file are subject to the terms of the Common Development and
+ ~ Distribution License (the License). You may not use this file except in \
compliance with the + ~ License.
+ ~
+ ~ You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for \
the + ~ specific language governing permission and limitations under the License.
+ ~
+ ~ When distributing Covered Software, include this CDDL Header Notice in each file \
and include + ~ the License file at legal/CDDLv1.0.txt. If applicable, add the \
following below the CDDL + ~ Header, with the fields enclosed by brackets [] \
replaced by your own identifying + ~ information: "Portions copyright [year] \
[name of copyright owner]". + ~
+ ~ Copyright 2014-2015 ForgeRock AS.
+-->
</ins><span class="cx"> <project \
xmlns="http://maven.apache.org/POM/4.0.0" </span><span class="cx"> \
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" </span><span \
class="cx"> xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 \
http://maven.apache.org/xsd/maven-4.0.0.xsd"> </span></span></pre></div>
<a id="branchesAME7692_noRestartsAuthopenamopenamauditopenamauditcoresrcmainjavaorgforgerockopenamauditAMAccessAuditEventBuilderjava"></a>
<div class="modfile"><h4>Modified: \
branches/AME-7692_noRestartsAuth/openam/openam-audit/openam-audit-core/src/main/java/org/forgerock/openam/audit/AMAccessAuditEventBuilder.java \
(14908 => 14909)</h4> <pre class="diff"><span>
<span class="info">--- \
branches/AME-7692_noRestartsAuth/openam/openam-audit/openam-audit-core/src/main/java/org/forgerock/openam/audit/AMAccessAuditEventBuilder.java 2015-07-31 \
14:42:37 UTC (rev 14908)
+++ branches/AME-7692_noRestartsAuth/openam/openam-audit/openam-audit-core/src/main/java/org/forgerock/openam/audit/AMAccessAuditEventBuilder.java 2015-07-31 \
15:38:51 UTC (rev 14909) </span><span class="lines">@@ -15,15 +15,25 @@
</span><span class="cx"> */
</span><span class="cx"> package org.forgerock.openam.audit;
</span><span class="cx">
</span><ins>+import static org.forgerock.openam.audit.AMAuditEventBuilderUtils.*;
+import static org.forgerock.openam.utils.ClientUtils.getClientIPAddress;
+
</ins><span class="cx"> import com.iplanet.sso.SSOToken;
</span><span class="cx"> import org.forgerock.audit.events.AccessAuditEventBuilder;
</span><span class="cx">
</span><ins>+import javax.servlet.http.HttpServletRequest;
+import java.util.ArrayList;
+import java.util.Enumeration;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+
</ins><span class="cx"> /**
</span><span class="cx"> * Builder for OpenAM audit access events.
</span><span class="cx"> *
</span><span class="cx"> * @since 13.0.0
</span><span class="cx"> */
</span><del>-public class AMAccessAuditEventBuilder extends \
AccessAuditEventBuilder<AMAccessAuditEventBuilder> { </del><ins>+public final \
class AMAccessAuditEventBuilder extends \
AccessAuditEventBuilder<AMAccessAuditEventBuilder> { </ins><span class="cx">
</span><span class="cx"> /**
</span><span class="cx"> * Provide value for "extraInfo" audit log \
field. </span><span class="lines">@@ -32,7 +42,7 @@
</span><span class="cx"> * @return this builder for method chaining.
</span><span class="cx"> */
</span><span class="cx"> public AMAccessAuditEventBuilder extraInfo(String... \
values) { </span><del>- AMAuditEventBuilderUtils.putExtraInfo(jsonValue, \
values); </del><ins>+ putExtraInfo(jsonValue, values);
</ins><span class="cx"> return this;
</span><span class="cx"> }
</span><span class="cx">
</span><span class="lines">@@ -43,29 +53,18 @@
</span><span class="cx"> * @return this builder for method chaining.
</span><span class="cx"> */
</span><span class="cx"> public AMAccessAuditEventBuilder contextId(String value) \
{ </span><del>- AMAuditEventBuilderUtils.putContextId(jsonValue, value);
</del><ins>+ putContextId(jsonValue, value);
</ins><span class="cx"> return this;
</span><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> /**
</span><del>- * Provide value for "domain" (aka realm) audit log field.
- *
- * @param value String "domain" value.
- * @return this builder for method chaining.
- */
- public AMAccessAuditEventBuilder domain(String value) {
- AMAuditEventBuilderUtils.putDomain(jsonValue, value);
- return this;
- }
-
- /**
</del><span class="cx"> * Provide value for "component" audit log \
field. </span><span class="cx"> *
</span><span class="cx"> * @param value String "component" value.
</span><span class="cx"> * @return this builder for method chaining.
</span><span class="cx"> */
</span><span class="cx"> public AMAccessAuditEventBuilder component(String value) \
{ </span><del>- AMAuditEventBuilderUtils.putComponent(jsonValue, value);
</del><ins>+ putComponent(jsonValue, value);
</ins><span class="cx"> return this;
</span><span class="cx"> }
</span><span class="cx">
</span><span class="lines">@@ -77,19 +76,46 @@
</span><span class="cx"> * @return this builder
</span><span class="cx"> */
</span><span class="cx"> public AMAccessAuditEventBuilder \
contextIdFromSSOToken(SSOToken ssoToken) { </span><del>- \
AMAuditEventBuilderUtils.putContextIdFromSSOToken(jsonValue, ssoToken); </del><ins>+ \
putContextIdFromSSOToken(jsonValue, ssoToken); </ins><span class="cx"> return \
this; </span><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> /**
</span><del>- * Sets domain from property of {@link SSOToken}, iff the provided
- * <code>SSOToken</code> is not <code>null</code>.
</del><ins>+ * Sets client, server and http details from HttpServletRequest.
</ins><span class="cx"> *
</span><del>- * @param ssoToken The SSOToken from which the domain value will be \
retrieved. </del><ins>+ * @param request HttpServletRequest from which client, \
server and http details will be retrieved. </ins><span class="cx"> * @return \
this builder </span><span class="cx"> */
</span><del>- public AMAccessAuditEventBuilder domainFromSSOToken(SSOToken \
ssoToken) {
- AMAuditEventBuilderUtils.putDomainFromSSOToken(jsonValue, ssoToken);
</del><ins>+ public final AMAccessAuditEventBuilder \
forHttpServletRequest(HttpServletRequest request) { + client(
+ getClientIPAddress(request),
+ request.getRemotePort(),
+ isReverseDnsLookupEnabled() ? request.getRemoteHost() : \
""); + server(
+ request.getLocalAddr(),
+ request.getLocalPort(),
+ request.getLocalName());
+ http(
+ request.getMethod(),
+ request.getRequestURL().toString(),
+ request.getQueryString() == null ? "" : \
request.getQueryString(), + getHeadersAsMap(request));
</ins><span class="cx"> return this;
</span><span class="cx"> }
</span><ins>+
+ private Map<String, List<String>> getHeadersAsMap(HttpServletRequest \
request) { + Map<String, List<String>> headers = new \
HashMap<>(); + Enumeration headerNamesEnumeration = \
request.getHeaderNames(); + while (headerNamesEnumeration.hasMoreElements()) {
+ String headerName = (String) headerNamesEnumeration.nextElement();
+ List<String> headerValues = new ArrayList<>();
+ Enumeration headersEnumeration = request.getHeaders(headerName);
+ while (headersEnumeration.hasMoreElements()) {
+ headerValues.add((String) headersEnumeration.nextElement());
+ }
+ headers.put(headerName, headerValues);
+ }
+ return headers;
+ }
+
</ins><span class="cx"> }
</span><span class="cx">\ No newline at end of file
</span></span></pre></div>
<a id="branchesAME7692_noRestartsAuthopenamopenamauditopenamauditcoresrcmainjavaorgforgerockopenamauditAMAuditEventBuilderUtilsjava"></a>
<div class="modfile"><h4>Modified: \
branches/AME-7692_noRestartsAuth/openam/openam-audit/openam-audit-core/src/main/java/org/forgerock/openam/audit/AMAuditEventBuilderUtils.java \
(14908 => 14909)</h4> <pre class="diff"><span>
<span class="info">--- \
branches/AME-7692_noRestartsAuth/openam/openam-audit/openam-audit-core/src/main/java/org/forgerock/openam/audit/AMAuditEventBuilderUtils.java 2015-07-31 \
14:42:37 UTC (rev 14908)
+++ branches/AME-7692_noRestartsAuth/openam/openam-audit/openam-audit-core/src/main/java/org/forgerock/openam/audit/AMAuditEventBuilderUtils.java 2015-07-31 \
15:38:51 UTC (rev 14909) </span><span class="lines">@@ -29,17 +29,16 @@
</span><span class="cx"> *
</span><span class="cx"> * @since 13.0.0
</span><span class="cx"> */
</span><del>-final class AMAuditEventBuilderUtils {
</del><ins>+public final class AMAuditEventBuilderUtils {
</ins><span class="cx">
</span><span class="cx"> private static Debug debug = \
Debug.getInstance("amAudit"); </span><span class="cx">
</span><span class="cx"> private static final String COMPONENT = \
"component"; </span><span class="cx"> private static final String \
CONTEXT_ID = "contextId"; </span><del>- private static final String \
DOMAIN = "domain"; </del><span class="cx"> private static final String \
EXTRA_INFO = "extraInfo"; </span><span class="cx">
</span><span class="cx"> private AMAuditEventBuilderUtils() {
</span><del>- // Prevent instantiation
</del><ins>+ throw new UnsupportedOperationException("Utils class; should \
not be instantiated."); </ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> /**
</span><span class="lines">@@ -48,7 +47,7 @@
</span><span class="cx"> * @param value String "component" value.
</span><span class="cx"> */
</span><span class="cx"> static void putComponent(JsonValue jsonValue, String \
value) { </span><del>- jsonValue.put(COMPONENT, value);
</del><ins>+ jsonValue.put(COMPONENT, value == null ? "" : value);
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> /**
</span><span class="lines">@@ -57,19 +56,10 @@
</span><span class="cx"> * @param value String "contextId" value.
</span><span class="cx"> */
</span><span class="cx"> static void putContextId(JsonValue jsonValue, String \
value) { </span><del>- jsonValue.put(CONTEXT_ID, value);
</del><ins>+ jsonValue.put(CONTEXT_ID, value == null ? "" : value);
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> /**
</span><del>- * Set "domain" (aka realm) audit log field.
- *
- * @param value String "domain" value.
- */
- static void putDomain(JsonValue jsonValue, String value) {
- jsonValue.put(DOMAIN, value);
- }
-
- /**
</del><span class="cx"> * Set "extraInfo" audit log field.
</span><span class="cx"> *
</span><span class="cx"> * @param values String sequence of values that should \
be stored in the 'extraInfo' audit log field. </span><span class="lines">@@ -85,23 \
+75,27 @@ </span><span class="cx"> * @param ssoToken The SSOToken from which the \
contextId value will be retrieved. </span><span class="cx"> */
</span><span class="cx"> static void putContextIdFromSSOToken(JsonValue \
jsonValue, SSOToken ssoToken) { </span><del>- putContextId(
- jsonValue,
- getSSOTokenProperty(ssoToken, Constants.AM_CTX_ID, ""));
</del><ins>+ putContextId(jsonValue, getContextIdFromSSOToken(ssoToken));
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> /**
</span><del>- * Sets "domain" audit log field from property of {@link \
SSOToken}, iff the provided
- * <code>SSOToken</code> is not <code>null</code>.
</del><ins>+ * @param ssoToken The SSOToken from which the contextId value will \
be retrieved. + * @return contextId for SSOToken or empty string if undefined.
+ */
+ public static String getContextIdFromSSOToken(SSOToken ssoToken) {
+ return getSSOTokenProperty(ssoToken, Constants.AM_CTX_ID, "");
+ }
+
+ /**
+ * Given the SSO token, retrieves the user's identifier.
</ins><span class="cx"> *
</span><del>- * @param ssoToken The SSOToken from which the domain value will be \
retrieved. </del><ins>+ * @param ssoToken
+ * the SSO token
+ *
+ * @return the associated user identifier
</ins><span class="cx"> */
</span><del>- static void putDomainFromSSOToken(JsonValue jsonValue, SSOToken \
ssoToken) {
- String clientDomain = getSSOTokenProperty(ssoToken, \
"Organization", "");
- if (clientDomain == null || clientDomain.isEmpty()) {
- clientDomain = getSSOTokenProperty(ssoToken, "cdomain", \
"");
- }
- putDomain(jsonValue, clientDomain);
</del><ins>+ public static String getUserId(SSOToken ssoToken) {
+ return getSSOTokenProperty(ssoToken, Constants.UNIVERSAL_IDENTIFIER, \
""); </ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> private static String getSSOTokenProperty(SSOToken \
ssoToken, String name, String defaultValue) { </span></span></pre></div>
<a id="branchesAME7692_noRestartsAuthopenamopenamauditopenamauditcoresrcmainjavaorgforgerockopenamauditAuditConstantsjava"></a>
<div class="modfile"><h4>Modified: \
branches/AME-7692_noRestartsAuth/openam/openam-audit/openam-audit-core/src/main/java/org/forgerock/openam/audit/AuditConstants.java \
(14908 => 14909)</h4> <pre class="diff"><span>
<span class="info">--- \
branches/AME-7692_noRestartsAuth/openam/openam-audit/openam-audit-core/src/main/java/org/forgerock/openam/audit/AuditConstants.java 2015-07-31 \
14:42:37 UTC (rev 14908)
+++ branches/AME-7692_noRestartsAuth/openam/openam-audit/openam-audit-core/src/main/java/org/forgerock/openam/audit/AuditConstants.java 2015-07-31 \
15:38:51 UTC (rev 14909) </span><span class="lines">@@ -27,6 +27,16 @@
</span><span class="cx"> */
</span><span class="cx"> public static final String ACCESS_TOPIC = \
"access"; </span><span class="cx">
</span><ins>+ /**
+ * SMS service name for the audit service.
+ */
+ public static final String SERVICE_NAME = "AuditService";
+
+ /**
+ * Name of the event handlers registered with the audit service.
+ */
+ public static final String CSV = "csv";
+
</ins><span class="cx"> private AuditConstants() {
</span><span class="cx"> // Prevent instantiation
</span><span class="cx"> }
</span></span></pre></div>
<a id="branchesAME7692_noRestartsAuthopenamopenamauditopenamauditcoresrcmainjavaorgforgerockopenamauditAuditCoreGuiceModulejava"></a>
<div class="modfile"><h4>Modified: \
branches/AME-7692_noRestartsAuth/openam/openam-audit/openam-audit-core/src/main/java/org/forgerock/openam/audit/AuditCoreGuiceModule.java \
(14908 => 14909)</h4> <pre class="diff"><span>
<span class="info">--- \
branches/AME-7692_noRestartsAuth/openam/openam-audit/openam-audit-core/src/main/java/org/forgerock/openam/audit/AuditCoreGuiceModule.java 2015-07-31 \
14:42:37 UTC (rev 14908)
+++ branches/AME-7692_noRestartsAuth/openam/openam-audit/openam-audit-core/src/main/java/org/forgerock/openam/audit/AuditCoreGuiceModule.java 2015-07-31 \
15:38:51 UTC (rev 14909) </span><span class="lines">@@ -16,6 +16,7 @@
</span><span class="cx"> package org.forgerock.openam.audit;
</span><span class="cx">
</span><span class="cx"> import com.google.inject.AbstractModule;
</span><ins>+import com.google.inject.Inject;
</ins><span class="cx"> import com.google.inject.Provides;
</span><span class="cx"> import org.forgerock.audit.AuditException;
</span><span class="cx"> import org.forgerock.audit.AuditService;
</span><span class="lines">@@ -31,12 +32,13 @@
</span><span class="cx">
</span><span class="cx"> @Override
</span><span class="cx"> protected void configure() {
</span><ins>+ \
bind(AuditServiceProvider.class).to(AuditServiceProviderImpl.class); </ins><span \
class="cx"> } </span><span class="cx">
</span><del>- @Provides @Singleton
- private AuditService getAuditService() {
</del><ins>+ @Provides @Singleton @Inject
+ private AuditService getAuditService(AuditServiceProvider serviceProvider) {
</ins><span class="cx"> try {
</span><del>- return new AuditServiceProviderImpl().createAuditService();
</del><ins>+ return serviceProvider.createAuditService();
</ins><span class="cx"> } catch (AuditException e) {
</span><span class="cx"> throw new IllegalStateException(e);
</span><span class="cx"> }
</span></span></pre></div>
<a id="branchesAME7692_noRestartsAuthopenamopenamauditopenamauditcoresrcmainjavaorgforgerockopenamauditAuditEventFactoryjava"></a>
<div class="modfile"><h4>Modified: \
branches/AME-7692_noRestartsAuth/openam/openam-audit/openam-audit-core/src/main/java/org/forgerock/openam/audit/AuditEventFactory.java \
(14908 => 14909)</h4> <pre class="diff"><span>
<span class="info">--- \
branches/AME-7692_noRestartsAuth/openam/openam-audit/openam-audit-core/src/main/java/org/forgerock/openam/audit/AuditEventFactory.java 2015-07-31 \
14:42:37 UTC (rev 14908)
+++ branches/AME-7692_noRestartsAuth/openam/openam-audit/openam-audit-core/src/main/java/org/forgerock/openam/audit/AuditEventFactory.java 2015-07-31 \
15:38:51 UTC (rev 14909) </span><span class="lines">@@ -15,6 +15,10 @@
</span><span class="cx"> */
</span><span class="cx"> package org.forgerock.openam.audit;
</span><span class="cx">
</span><ins>+import com.google.inject.Inject;
+import com.google.inject.Singleton;
+import org.forgerock.openam.audit.configuration.AuditServiceConfigurator;
+
</ins><span class="cx"> /**
</span><span class="cx"> * Factory for creation of AuditEvent builders.
</span><span class="cx"> *
</span><span class="lines">@@ -22,15 +26,27 @@
</span><span class="cx"> *
</span><span class="cx"> * @since 13.0.0
</span><span class="cx"> */
</span><ins>+@Singleton
</ins><span class="cx"> public class AuditEventFactory {
</span><span class="cx">
</span><ins>+ private final AuditServiceConfigurator configurator;
+
+ @Inject
+ public AuditEventFactory(AuditServiceConfigurator configurator) {
+ this.configurator = configurator;
+ }
+
</ins><span class="cx"> /**
</span><span class="cx"> * Creates a new AMAccessAuditEventBuilder.
</span><span class="cx"> *
</span><span class="cx"> * @return AMAccessAuditEventBuilder
</span><span class="cx"> */
</span><span class="cx"> public AMAccessAuditEventBuilder accessEvent() {
</span><del>- return new AMAccessAuditEventBuilder();
</del><ins>+ if \
(configurator.getAuditServiceConfiguration().isResolveHostNameEnabled()) { + \
return new AMAccessAuditEventBuilder().withReverseDnsLookup(); + } else {
+ return new AMAccessAuditEventBuilder();
+ }
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> }
</span></span></pre></div>
<a id="branchesAME7692_noRestartsAuthopenamopenamauditopenamauditcoresrcmainjavaorgforgerockopenamauditAuditEventPublisherjava"></a>
<div class="modfile"><h4>Modified: \
branches/AME-7692_noRestartsAuth/openam/openam-audit/openam-audit-core/src/main/java/org/forgerock/openam/audit/AuditEventPublisher.java \
(14908 => 14909)</h4> <pre class="diff"><span>
<span class="info">--- \
branches/AME-7692_noRestartsAuth/openam/openam-audit/openam-audit-core/src/main/java/org/forgerock/openam/audit/AuditEventPublisher.java 2015-07-31 \
14:42:37 UTC (rev 14908)
+++ branches/AME-7692_noRestartsAuth/openam/openam-audit/openam-audit-core/src/main/java/org/forgerock/openam/audit/AuditEventPublisher.java 2015-07-31 \
15:38:51 UTC (rev 14909) </span><span class="lines">@@ -29,6 +29,7 @@
</span><span class="cx"> import org.forgerock.json.resource.ResourceException;
</span><span class="cx"> import org.forgerock.json.resource.Resources;
</span><span class="cx"> import org.forgerock.json.resource.RootContext;
</span><ins>+import org.forgerock.openam.audit.configuration.AuditServiceConfigurator;
</ins><span class="cx">
</span><span class="cx"> /**
</span><span class="cx"> * Responsible for publishing locally created audit events \
to the AuditService. </span><span class="lines">@@ -40,13 +41,15 @@
</span><span class="cx"> private static Debug debug = \
Debug.getInstance("amAudit"); </span><span class="cx">
</span><span class="cx"> private final ConnectionFactory \
auditServiceConnectionFactory; </span><ins>+ private final \
AuditServiceConfigurator configurator; </ins><span class="cx">
</span><span class="cx"> /**
</span><span class="cx"> * @param auditService AuditService to which events \
should be published. </span><span class="cx"> */
</span><span class="cx"> @Inject
</span><del>- public AuditEventPublisher(AuditService auditService) {
</del><ins>+ public AuditEventPublisher(AuditService auditService, \
AuditServiceConfigurator configurator) { </ins><span class="cx"> \
this.auditServiceConnectionFactory = \
Resources.newInternalConnectionFactory(auditService); </span><ins>+ \
this.configurator = configurator; </ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> /**
</span><span class="lines">@@ -106,13 +109,13 @@
</span><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> public boolean isAuditing(String topic) {
</span><del>- return true; // TODO: Check AuditService SMS configuration
</del><ins>+ return \
configurator.getAuditServiceConfiguration().isAuditEnabled(); </ins><span class="cx"> \
} </span><span class="cx">
</span><span class="cx"> /**
</span><span class="cx"> * @return True if the operation being audited can \
proceed if an exception occurs while publishing an audit event. </span><span \
class="cx"> */ </span><span class="cx"> public boolean \
isSuppressExceptions() { </span><del>- return false; // TODO: Check \
AuditService SMS configuration </del><ins>+ return \
configurator.getAuditServiceConfiguration().isAuditFailureSuppressed(); </ins><span \
class="cx"> } </span><span class="cx"> }
</span></span></pre></div>
<a id="branchesAME7692_noRestartsAuthopenamopenamauditopenamauditcoresrcmainjavaorgforgerockopenamauditAuditServiceProviderImpljava"></a>
<div class="modfile"><h4>Modified: \
branches/AME-7692_noRestartsAuth/openam/openam-audit/openam-audit-core/src/main/java/org/forgerock/openam/audit/AuditServiceProviderImpl.java \
(14908 => 14909)</h4> <pre class="diff"><span>
<span class="info">--- \
branches/AME-7692_noRestartsAuth/openam/openam-audit/openam-audit-core/src/main/java/org/forgerock/openam/audit/AuditServiceProviderImpl.java 2015-07-31 \
14:42:37 UTC (rev 14908)
+++ branches/AME-7692_noRestartsAuth/openam/openam-audit/openam-audit-core/src/main/java/org/forgerock/openam/audit/AuditServiceProviderImpl.java 2015-07-31 \
15:38:51 UTC (rev 14909) </span><span class="lines">@@ -17,18 +17,17 @@
</span><span class="cx">
</span><span class="cx"> import static org.forgerock.json.fluent.JsonValue.*;
</span><span class="cx">
</span><ins>+import com.google.inject.Inject;
</ins><span class="cx"> import com.sun.identity.shared.debug.Debug;
</span><span class="cx"> import org.forgerock.audit.AuditException;
</span><span class="cx"> import org.forgerock.audit.AuditService;
</span><del>-import org.forgerock.audit.AuditServiceConfiguration;
-import org.forgerock.audit.events.handlers.impl.CSVAuditEventHandler;
-import org.forgerock.audit.events.handlers.impl.CSVAuditEventHandlerConfiguration;
</del><span class="cx"> import org.forgerock.json.fluent.JsonValue;
</span><span class="cx"> import org.forgerock.json.resource.ResourceException;
</span><ins>+import org.forgerock.openam.audit.configuration.AuditServiceConfigurator;
</ins><span class="cx"> import org.forgerock.openam.utils.IOUtils;
</span><span class="cx"> import org.forgerock.openam.utils.JsonValueBuilder;
</span><span class="cx">
</span><del>-import java.io.File;
</del><ins>+import javax.inject.Singleton;
</ins><span class="cx"> import java.io.IOException;
</span><span class="cx"> import java.io.InputStream;
</span><span class="cx">
</span><span class="lines">@@ -37,11 +36,23 @@
</span><span class="cx"> *
</span><span class="cx"> * @since 13.0.0
</span><span class="cx"> */
</span><ins>+@Singleton
</ins><span class="cx"> public class AuditServiceProviderImpl implements \
AuditServiceProvider { </span><span class="cx">
</span><span class="cx"> private static Debug debug = \
Debug.getInstance("amAudit"); </span><span class="cx">
</span><ins>+ private final AuditServiceConfigurator configurator;
+
</ins><span class="cx"> /**
</span><ins>+ * Create an instance of AuditServiceProviderImpl.
+ * @param configurator The configurator responsible for configuring the audit \
service. + */
+ @Inject
+ public AuditServiceProviderImpl(AuditServiceConfigurator configurator) {
+ this.configurator = configurator;
+ }
+
+ /**
</ins><span class="cx"> * {@inheritDoc}
</span><span class="cx"> */
</span><span class="cx"> @Override
</span><span class="lines">@@ -50,14 +61,11 @@
</span><span class="cx"> JsonValue extendedEventTypes = \
readJsonFile("/org/forgerock/openam/audit/events-config.json"); \
</span><span class="cx"> JsonValue customEventTypes = json(object()); \
</span><span class="cx"> </span><del>- AuditServiceConfiguration \
auditServiceConfiguration = new AuditServiceConfiguration();
- JsonValue serviceConfig = \
readJsonFile("/org/forgerock/openam/audit/service-config.json");
- auditServiceConfiguration.setHandlerForQueries(serviceConfig.get("useForQueries").asString());
-
</del><span class="cx"> AuditService auditService = new \
AuditService(extendedEventTypes, customEventTypes); </span><span class="cx"> \
try { </span><del>- registerCsvAuditEventHandler(auditService);
- auditService.configure(auditServiceConfiguration);
</del><ins>+ configurator.initializeAuditServiceConfiguration();
+ configurator.registerEventHandlers(auditService);
+ auditService.configure(configurator.getAuditServiceConfiguration());
</ins><span class="cx"> } catch (ResourceException|AuditException e) {
</span><span class="cx"> debug.error("Unable to configure \
AuditService", e); </span><span class="cx"> throw new \
RuntimeException("Unable to configure AuditService.", e); </span><span \
class="lines">@@ -65,23 +73,6 @@ </span><span class="cx"> return \
auditService; </span><span class="cx"> }
</span><span class="cx">
</span><del>- private void registerCsvAuditEventHandler(AuditService auditService) \
throws ResourceException, AuditException {
- JsonValue csvConfig = \
readJsonFile("/org/forgerock/openam/audit/csv-handler-config.json");
-
- CSVAuditEventHandlerConfiguration csvHandlerConfiguration = new \
CSVAuditEventHandlerConfiguration();
- csvHandlerConfiguration.setLogDirectory(getTmpAuditDirectory());
- csvHandlerConfiguration.setRecordDelimiter(csvConfig.get("config").get("recordDelimiter").asString());
-
- CSVAuditEventHandler csvAuditEventHandler = new CSVAuditEventHandler();
- csvAuditEventHandler.configure(csvHandlerConfiguration);
-
- auditService.register(csvAuditEventHandler, "csv", \
csvConfig.get("events").asSet(String.class));
- }
-
- private String getTmpAuditDirectory() {
- return new File(System.getProperty("java.io.tmpdir"), \
"audit").getAbsolutePath();
- }
-
</del><span class="cx"> private JsonValue readJsonFile(String path) throws \
AuditException { </span><span class="cx"> try {
</span><span class="cx"> InputStream is = \
AuditServiceProviderImpl.class.getResourceAsStream(path); </span></span></pre></div>
<a id="branchesAME7692_noRestartsAuthopenamopenamauditopenamauditcoresrcmainjavaorgforgerockopenamauditconfigurationAMAuditServiceConfigurationjava"></a>
<div class="delfile"><h4>Deleted: \
branches/AME-7692_noRestartsAuth/openam/openam-audit/openam-audit-core/src/main/java/org/forgerock/openam/audit/configuration/AMAuditServiceConfiguration.java \
(14908 => 14909)</h4> <pre class="diff"><span>
<span class="info">--- \
trunk/openam/openam-audit/openam-audit-core/src/main/java/org/forgerock/openam/audit/configuration/AMAuditServiceConfiguration.java 2015-07-31 \
14:42:37 UTC (rev 14908)
+++ branches/AME-7692_noRestartsAuth/openam/openam-audit/openam-audit-core/src/main/ja \
va/org/forgerock/openam/audit/configuration/AMAuditServiceConfiguration.java 2015-07-31 \
15:38:51 UTC (rev 14909) </span><span class="lines">@@ -1,80 +0,0 @@
</span><del>-/*
- * The contents of this file are subject to the terms of the Common Development and
- * Distribution License (the License). You may not use this file except in \
compliance with the
- * License.
- *
- * You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for \
the
- * specific language governing permission and limitations under the License.
- *
- * When distributing Covered Software, include this CDDL Header Notice in each file \
and include
- * the License file at legal/CDDLv1.0.txt. If applicable, add the following below \
the CDDL
- * Header, with the fields enclosed by brackets [] replaced by your own identifying
- * information: "Portions copyright [year] [name of copyright owner]".
- *
- * Copyright 2015 ForgeRock AS.
- */
-package org.forgerock.openam.audit.configuration;
-
-import org.forgerock.audit.AuditServiceConfiguration;
-
-/**
- * Audit service configuration specific to OpenAM. An instance of the current state \
can be retrieved from
- * {@link org.forgerock.openam.audit.configuration.AuditServiceConfigurator}. The \
instance will be updated with
- * any changes in configuration and should be consulted before for every log event \
where necessary.
- *
- * @since 13.0.0
- */
-public class AMAuditServiceConfiguration extends AuditServiceConfiguration {
-
- private volatile boolean auditEnabled = false;
- private volatile boolean auditFailureSuppressed = true;
- private volatile boolean resolveHostNameEnabled = false;
-
- /**
- * Is audit logging is enabled.
- * @param auditEnabled true if audit logging is enabled.
- */
- public void setAuditEnabled(boolean auditEnabled) {
- this.auditEnabled = auditEnabled;
- }
-
- /**
- * Is audit logging is enabled.
- * @return true if audit logging is enabled.
- */
- public boolean isAuditEnabled() {
- return auditEnabled;
- }
-
- /**
- * Stop failure to log an audit message form also failing the operation that is \
audited.
- * @param auditFailureSuppressed true if audit failure should be suppressed.
- */
- public void setAuditFailureSuppressed(boolean auditFailureSuppressed) {
- this.auditFailureSuppressed = auditFailureSuppressed;
- }
-
- /**
- * Stop failure to log an audit message form also failing the operation that is \
audited.
- * @return true if audit failure should be suppressed.
- */
- public boolean isAuditFailureSuppressed() {
- return auditFailureSuppressed;
- }
-
- /**
- * Set access event reverse DNS lookup enabled.
- * @param enabled true to enable
- */
- public void setResolveHostNameEnabled(boolean enabled) {
- this.resolveHostNameEnabled = enabled;
- }
-
- /**
- * Is access event reverse DNS lookup enabled.
- * @return true if enabled
- */
- public boolean isResolveHostNameEnabled() {
- return resolveHostNameEnabled;
- }
-}
</del></span></pre></div>
<a id="branchesAME7692_noRestartsAuthopenamopenamauditopenamauditcoresrcmainjavaorgfor \
gerockopenamauditconfigurationAMAuditServiceConfigurationjavafromrev14908trunkopenamop \
enamauditopenamauditcoresrcmainjavaorgforgerockopenamauditconfigurationAMAuditServiceConfigurationjava"></a>
<div class="copfile"><h4>Copied: \
branches/AME-7692_noRestartsAuth/openam/openam-audit/openam-audit-core/src/main/java/org/forgerock/openam/audit/configuration/AMAuditServiceConfiguration.java \
(from rev 14908, trunk/openam/openam-audit/openam-audit-core/src/main/java/org/forgerock/openam/audit/configuration/AMAuditServiceConfiguration.java) \
(0 => 14909)</h4> <pre class="diff"><span>
<span class="info">--- \
branches/AME-7692_noRestartsAuth/openam/openam-audit/openam-audit-core/src/main/java/org/forgerock/openam/audit/configuration/AMAuditServiceConfiguration.java \
(rev 0)
+++ branches/AME-7692_noRestartsAuth/openam/openam-audit/openam-audit-core/src/main/ja \
va/org/forgerock/openam/audit/configuration/AMAuditServiceConfiguration.java 2015-07-31 \
15:38:51 UTC (rev 14909) </span><span class="lines">@@ -0,0 +1,80 @@
</span><ins>+/*
+ * The contents of this file are subject to the terms of the Common Development and
+ * Distribution License (the License). You may not use this file except in \
compliance with the + * License.
+ *
+ * You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for \
the + * specific language governing permission and limitations under the License.
+ *
+ * When distributing Covered Software, include this CDDL Header Notice in each file \
and include + * the License file at legal/CDDLv1.0.txt. If applicable, add the \
following below the CDDL + * Header, with the fields enclosed by brackets [] replaced \
by your own identifying + * information: "Portions copyright [year] [name of \
copyright owner]". + *
+ * Copyright 2015 ForgeRock AS.
+ */
+package org.forgerock.openam.audit.configuration;
+
+import org.forgerock.audit.AuditServiceConfiguration;
+
+/**
+ * Audit service configuration specific to OpenAM. An instance of the current state \
can be retrieved from + * {@link \
org.forgerock.openam.audit.configuration.AuditServiceConfigurator}. The instance will \
be updated with + * any changes in configuration and should be consulted before for \
every log event where necessary. + *
+ * @since 13.0.0
+ */
+public class AMAuditServiceConfiguration extends AuditServiceConfiguration {
+
+ private volatile boolean auditEnabled = false;
+ private volatile boolean auditFailureSuppressed = true;
+ private volatile boolean resolveHostNameEnabled = false;
+
+ /**
+ * Is audit logging is enabled.
+ * @param auditEnabled true if audit logging is enabled.
+ */
+ public void setAuditEnabled(boolean auditEnabled) {
+ this.auditEnabled = auditEnabled;
+ }
+
+ /**
+ * Is audit logging is enabled.
+ * @return true if audit logging is enabled.
+ */
+ public boolean isAuditEnabled() {
+ return auditEnabled;
+ }
+
+ /**
+ * Stop failure to log an audit message form also failing the operation that is \
audited. + * @param auditFailureSuppressed true if audit failure should be \
suppressed. + */
+ public void setAuditFailureSuppressed(boolean auditFailureSuppressed) {
+ this.auditFailureSuppressed = auditFailureSuppressed;
+ }
+
+ /**
+ * Stop failure to log an audit message form also failing the operation that is \
audited. + * @return true if audit failure should be suppressed.
+ */
+ public boolean isAuditFailureSuppressed() {
+ return auditFailureSuppressed;
+ }
+
+ /**
+ * Set access event reverse DNS lookup enabled.
+ * @param enabled true to enable
+ */
+ public void setResolveHostNameEnabled(boolean enabled) {
+ this.resolveHostNameEnabled = enabled;
+ }
+
+ /**
+ * Is access event reverse DNS lookup enabled.
+ * @return true if enabled
+ */
+ public boolean isResolveHostNameEnabled() {
+ return resolveHostNameEnabled;
+ }
+}
</ins></span></pre></div>
<a id="branchesAME7692_noRestartsAuthopenamopenamauditopenamauditcoresrcmainjavaorgforgerockopenamauditconfigurationAuditServiceConfiguratorjava"></a>
<div class="delfile"><h4>Deleted: \
branches/AME-7692_noRestartsAuth/openam/openam-audit/openam-audit-core/src/main/java/org/forgerock/openam/audit/configuration/AuditServiceConfigurator.java \
(14908 => 14909)</h4> <pre class="diff"><span>
<span class="info">--- \
trunk/openam/openam-audit/openam-audit-core/src/main/java/org/forgerock/openam/audit/configuration/AuditServiceConfigurator.java 2015-07-31 \
14:42:37 UTC (rev 14908)
+++ branches/AME-7692_noRestartsAuth/openam/openam-audit/openam-audit-core/src/main/ja \
va/org/forgerock/openam/audit/configuration/AuditServiceConfigurator.java 2015-07-31 \
15:38:51 UTC (rev 14909) </span><span class="lines">@@ -1,49 +0,0 @@
</span><del>-/*
- * The contents of this file are subject to the terms of the Common Development and
- * Distribution License (the License). You may not use this file except in \
compliance with the
- * License.
- *
- * You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for \
the
- * specific language governing permission and limitations under the License.
- *
- * When distributing Covered Software, include this CDDL Header Notice in each file \
and include
- * the License file at legal/CDDLv1.0.txt. If applicable, add the following below \
the CDDL
- * Header, with the fields enclosed by brackets [] replaced by your own identifying
- * information: "Portions copyright [year] [name of copyright owner]".
- *
- * Copyright 2015 ForgeRock AS.
- */
-package org.forgerock.openam.audit.configuration;
-
-import org.forgerock.audit.AuditException;
-import org.forgerock.audit.AuditService;
-import org.forgerock.json.resource.ResourceException;
-
-/**
- * Implementations of this interface are responsible for configuring the audit \
service.
- *
- * @since 13.0.0
- */
-public interface AuditServiceConfigurator {
-
- /**
- * Register the required event handlers on the given audit service.
- *
- * @param auditService The audit service to which the event handlers should be \
registered.
- * @throws ResourceException if there is a problem with the configuration
- * @throws AuditException if there is a problem with the registration
- */
- void registerEventHandlers(AuditService auditService) throws ResourceException, \
AuditException;
-
- /**
- * Create an instance of and populate {@link \
org.forgerock.openam.audit.configuration.AMAuditServiceConfiguration}
- * from the given Json config and register the the service config listener.
- */
- void initializeAuditServiceConfiguration();
-
- /**
- * Get the pre-configured audit service configuration.
- * @return The pre-configured audit service configuration.
- */
- AMAuditServiceConfiguration getAuditServiceConfiguration();
-}
</del></span></pre></div>
<a id="branchesAME7692_noRestartsAuthopenamopenamauditopenamauditcoresrcmainjavaorgfor \
gerockopenamauditconfigurationAuditServiceConfiguratorjavafromrev14908trunkopenamopena \
mauditopenamauditcoresrcmainjavaorgforgerockopenamauditconfigurationAuditServiceConfiguratorjava"></a>
<div class="copfile"><h4>Copied: \
branches/AME-7692_noRestartsAuth/openam/openam-audit/openam-audit-core/src/main/java/org/forgerock/openam/audit/configuration/AuditServiceConfigurator.java \
(from rev 14908, trunk/openam/openam-audit/openam-audit-core/src/main/java/org/forgerock/openam/audit/configuration/AuditServiceConfigurator.java) \
(0 => 14909)</h4> <pre class="diff"><span>
<span class="info">--- \
branches/AME-7692_noRestartsAuth/openam/openam-audit/openam-audit-core/src/main/java/org/forgerock/openam/audit/configuration/AuditServiceConfigurator.java \
(rev 0)
+++ branches/AME-7692_noRestartsAuth/openam/openam-audit/openam-audit-core/src/main/ja \
va/org/forgerock/openam/audit/configuration/AuditServiceConfigurator.java 2015-07-31 \
15:38:51 UTC (rev 14909) </span><span class="lines">@@ -0,0 +1,49 @@
</span><ins>+/*
+ * The contents of this file are subject to the terms of the Common Development and
+ * Distribution License (the License). You may not use this file except in \
compliance with the + * License.
+ *
+ * You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for \
the + * specific language governing permission and limitations under the License.
+ *
+ * When distributing Covered Software, include this CDDL Header Notice in each file \
and include + * the License file at legal/CDDLv1.0.txt. If applicable, add the \
following below the CDDL + * Header, with the fields enclosed by brackets [] replaced \
by your own identifying + * information: "Portions copyright [year] [name of \
copyright owner]". + *
+ * Copyright 2015 ForgeRock AS.
+ */
+package org.forgerock.openam.audit.configuration;
+
+import org.forgerock.audit.AuditException;
+import org.forgerock.audit.AuditService;
+import org.forgerock.json.resource.ResourceException;
+
+/**
+ * Implementations of this interface are responsible for configuring the audit \
service. + *
+ * @since 13.0.0
+ */
+public interface AuditServiceConfigurator {
+
+ /**
+ * Register the required event handlers on the given audit service.
+ *
+ * @param auditService The audit service to which the event handlers should be \
registered. + * @throws ResourceException if there is a problem with the \
configuration + * @throws AuditException if there is a problem with the \
registration + */
+ void registerEventHandlers(AuditService auditService) throws ResourceException, \
AuditException; +
+ /**
+ * Create an instance of and populate {@link \
org.forgerock.openam.audit.configuration.AMAuditServiceConfiguration} + * from \
the given Json config and register the the service config listener. + */
+ void initializeAuditServiceConfiguration();
+
+ /**
+ * Get the pre-configured audit service configuration.
+ * @return The pre-configured audit service configuration.
+ */
+ AMAuditServiceConfiguration getAuditServiceConfiguration();
+}
</ins></span></pre></div>
<a id="branchesAME7692_noRestartsAuthopenamopenamauditopenamauditcoresrcmainjavaorgforgerockopenamauditconfigurationpackageinfojava"></a>
<div class="delfile"><h4>Deleted: \
branches/AME-7692_noRestartsAuth/openam/openam-audit/openam-audit-core/src/main/java/org/forgerock/openam/audit/configuration/package-info.java \
(14908 => 14909)</h4> <pre class="diff"><span>
<span class="info">--- \
trunk/openam/openam-audit/openam-audit-core/src/main/java/org/forgerock/openam/audit/configuration/package-info.java 2015-07-31 \
14:42:37 UTC (rev 14908)
+++ branches/AME-7692_noRestartsAuth/openam/openam-audit/openam-audit-core/src/main/java/org/forgerock/openam/audit/configuration/package-info.java 2015-07-31 \
15:38:51 UTC (rev 14909) </span><span class="lines">@@ -1,22 +0,0 @@
</span><del>-/*
- * The contents of this file are subject to the terms of the Common Development and
- * Distribution License (the License). You may not use this file except in \
compliance with the
- * License.
- *
- * You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for \
the
- * specific language governing permission and limitations under the License.
- *
- * When distributing Covered Software, include this CDDL Header Notice in each file \
and include
- * the License file at legal/CDDLv1.0.txt. If applicable, add the following below \
the CDDL
- * Header, with the fields enclosed by brackets [] replaced by your own identifying
- * information: "Portions copyright [year] [name of copyright owner]".
- *
- * Copyright 2015 ForgeRock AS.
- */
-
-/**
- * Audit logging configuration based on Commons Audit.
- *
- * @since 13.0.0
- */
-package org.forgerock.openam.audit.configuration;
</del><span class="cx">\ No newline at end of file
</span></span></pre></div>
<a id="branchesAME7692_noRestartsAuthopenamopenamauditopenamauditcoresrcmainjavaorgfor \
gerockopenamauditconfigurationpackageinfojavafromrev14908trunkopenamopenamauditopenamauditcoresrcmainjavaorgforgerockopenamauditconfigurationpackageinfojava"></a>
<div class="copfile"><h4>Copied: \
branches/AME-7692_noRestartsAuth/openam/openam-audit/openam-audit-core/src/main/java/org/forgerock/openam/audit/configuration/package-info.java \
(from rev 14908, trunk/openam/openam-audit/openam-audit-core/src/main/java/org/forgerock/openam/audit/configuration/package-info.java) \
(0 => 14909)</h4> <pre class="diff"><span>
<span class="info">--- \
branches/AME-7692_noRestartsAuth/openam/openam-audit/openam-audit-core/src/main/java/org/forgerock/openam/audit/configuration/package-info.java \
(rev 0)
+++ branches/AME-7692_noRestartsAuth/openam/openam-audit/openam-audit-core/src/main/java/org/forgerock/openam/audit/configuration/package-info.java 2015-07-31 \
15:38:51 UTC (rev 14909) </span><span class="lines">@@ -0,0 +1,22 @@
</span><ins>+/*
+ * The contents of this file are subject to the terms of the Common Development and
+ * Distribution License (the License). You may not use this file except in \
compliance with the + * License.
+ *
+ * You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for \
the + * specific language governing permission and limitations under the License.
+ *
+ * When distributing Covered Software, include this CDDL Header Notice in each file \
and include + * the License file at legal/CDDLv1.0.txt. If applicable, add the \
following below the CDDL + * Header, with the fields enclosed by brackets [] replaced \
by your own identifying + * information: "Portions copyright [year] [name of \
copyright owner]". + *
+ * Copyright 2015 ForgeRock AS.
+ */
+
+/**
+ * Audit logging configuration based on Commons Audit.
+ *
+ * @since 13.0.0
+ */
+package org.forgerock.openam.audit.configuration;
</ins><span class="cx">\ No newline at end of file
</span></span></pre></div>
<a id="branchesAME7692_noRestartsAuthopenamopenamauditopenamauditcoresrctestjavaorgforgerockopenamauditAMAccessAuditEventBuilderTestjava"></a>
<div class="modfile"><h4>Modified: \
branches/AME-7692_noRestartsAuth/openam/openam-audit/openam-audit-core/src/test/java/org/forgerock/openam/audit/AMAccessAuditEventBuilderTest.java \
(14908 => 14909)</h4> <pre class="diff"><span>
<span class="info">--- \
branches/AME-7692_noRestartsAuth/openam/openam-audit/openam-audit-core/src/test/java/org/forgerock/openam/audit/AMAccessAuditEventBuilderTest.java 2015-07-31 \
14:42:37 UTC (rev 14908)
+++ branches/AME-7692_noRestartsAuth/openam/openam-audit/openam-audit-core/src/test/java/org/forgerock/openam/audit/AMAccessAuditEventBuilderTest.java 2015-07-31 \
15:38:51 UTC (rev 14909) </span><span class="lines">@@ -37,7 +37,6 @@
</span><span class="cx"> \
.transactionId("ad1f26e3-1ced-418d-b6ec-c8488411a625") </span><span \
class="cx"> \
.authentication("id=amadmin,ou=user,dc=openam,dc=forgerock,dc=org") \
</span><span class="cx"> .contextId("uniqueSessionAlias") \
</span><del>- .domain("dc=openam,dc=forgerock,dc=org") \
</del><span class="cx"> .client("172.16.101.7", 62375) \
</span><span class="cx"> .server("216.58.208.36", 80) \
</span><span class="cx"> .resourceOperation("/some/path", \
"CREST", "READ") </span></span></pre></div>
<a id="branchesAME7692_noRestartsAuthopenamopenamauditopenamauditcoresrctestjavaorgforgerockopenamauditAuditEventPublisherTestjava"></a>
<div class="modfile"><h4>Modified: \
branches/AME-7692_noRestartsAuth/openam/openam-audit/openam-audit-core/src/test/java/org/forgerock/openam/audit/AuditEventPublisherTest.java \
(14908 => 14909)</h4> <pre class="diff"><span>
<span class="info">--- \
branches/AME-7692_noRestartsAuth/openam/openam-audit/openam-audit-core/src/test/java/org/forgerock/openam/audit/AuditEventPublisherTest.java 2015-07-31 \
14:42:37 UTC (rev 14908)
+++ branches/AME-7692_noRestartsAuth/openam/openam-audit/openam-audit-core/src/test/java/org/forgerock/openam/audit/AuditEventPublisherTest.java 2015-07-31 \
15:38:51 UTC (rev 14909) </span><span class="lines">@@ -15,18 +15,23 @@
</span><span class="cx"> */
</span><span class="cx"> package org.forgerock.openam.audit;
</span><span class="cx">
</span><ins>+import static org.assertj.core.api.Assertions.fail;
</ins><span class="cx"> import static \
org.forgerock.openam.utils.CollectionUtils.asSet; </span><span class="cx"> import \
static org.assertj.core.api.Assertions.assertThat; </span><span class="cx"> import \
static org.mockito.Mockito.*; </span><span class="cx">
</span><span class="cx"> import org.forgerock.audit.AuditException;
</span><span class="cx"> import org.forgerock.audit.AuditService;
</span><ins>+import org.forgerock.audit.AuditServiceConfiguration;
</ins><span class="cx"> import org.forgerock.audit.events.AuditEvent;
</span><span class="cx"> import \
org.forgerock.audit.events.handlers.AuditEventHandler; </span><span class="cx"> \
import org.forgerock.json.resource.CreateRequest; </span><span class="cx"> import \
org.forgerock.json.resource.Resource; </span><ins>+import \
org.forgerock.json.resource.ResourceException; </ins><span class="cx"> import \
org.forgerock.json.resource.ResultHandler; </span><span class="cx"> import \
org.forgerock.json.resource.ServerContext; </span><ins>+import \
org.forgerock.openam.audit.configuration.AMAuditServiceConfiguration; +import \
org.forgerock.openam.audit.configuration.AuditServiceConfigurator; </ins><span \
class="cx"> import org.mockito.ArgumentCaptor; </span><span class="cx"> import \
org.mockito.invocation.InvocationOnMock; </span><span class="cx"> import \
org.mockito.stubbing.Answer; </span><span class="lines">@@ -45,13 +50,18 @@
</span><span class="cx">
</span><span class="cx"> private AuditEventHandler mockHandler;
</span><span class="cx"> private AuditEventPublisher auditEventPublisher;
</span><ins>+ private AuditServiceConfigurator mockConfigurator;
+ private AMAuditServiceConfiguration configuration;
</ins><span class="cx">
</span><span class="cx"> @BeforeMethod
</span><span class="cx"> protected void setUp() throws AuditException {
</span><span class="cx"> AuditService auditService = new AuditService();
</span><span class="cx"> mockHandler = mock(AuditEventHandler.class);
</span><ins>+ mockConfigurator = mock(AuditServiceConfigurator.class);
+ configuration = new AMAuditServiceConfiguration();
+ when(mockConfigurator.getAuditServiceConfiguration()).thenReturn(configuration);
</ins><span class="cx"> auditService.register(mockHandler, \
"handler", asSet("access")); </span><del>- \
auditEventPublisher = new AuditEventPublisher(auditService); </del><ins>+ \
auditEventPublisher = new AuditEventPublisher(auditService, mockConfigurator); \
</ins><span class="cx"> } </span><span class="cx">
</span><span class="cx"> @Test
</span><span class="lines">@@ -80,6 +90,64 @@
</span><span class="cx"> \
assertThat(requestCaptor.getValue().getContent()).isEqualTo(auditEvent.getValue()); \
</span><span class="cx"> } </span><span class="cx">
</span><ins>+ @Test
+ public void shouldSuppressExceptionsOnPublish() {
+ // Given
+ AuditEvent auditEvent = new AMAccessAuditEventBuilder()
+ .eventName("AM-REST-1")
+ .transactionId(UUID.randomUUID().toString())
+ .authentication("id=amadmin,ou=user,dc=openam,dc=forgerock,dc=org")
+ .client("172.16.101.7", 62375)
+ .server("216.58.208.36", 80)
+ .resourceOperation("/some/path", "CREST", \
"READ") + .http("GET", "/some/path", \
"p1=v1&p2=v2", Collections.<String, \
List<String>>emptyMap()) + .response("200", 42)
+ .toEvent();
+
+ ArgumentCaptor<CreateRequest> requestCaptor = \
ArgumentCaptor.forClass(CreateRequest.class); + \
doAnswer(handleResult()).when(mockHandler) + \
.createInstance(any(ServerContext.class), requestCaptor.capture(), \
any(ResultHandler.class)); + configuration.setAuditFailureSuppressed(true);
+
+ // When
+ try {
+ auditEventPublisher.publish("unknownTopic", auditEvent);
+ } catch (AuditException e) {
+ fail("Audit exceptions should be suppressed when publish \
fails."); + }
+ }
+
+ @Test
+ public void shouldNotSuppressExceptionsOnPublish() {
+ // Given
+ AuditEvent auditEvent = new AMAccessAuditEventBuilder()
+ .eventName("AM-REST-1")
+ .transactionId(UUID.randomUUID().toString())
+ .authentication("id=amadmin,ou=user,dc=openam,dc=forgerock,dc=org")
+ .client("172.16.101.7", 62375)
+ .server("216.58.208.36", 80)
+ .resourceOperation("/some/path", "CREST", \
"READ") + .http("GET", "/some/path", \
"p1=v1&p2=v2", Collections.<String, \
List<String>>emptyMap()) + .response("200", 42)
+ .toEvent();
+
+ ArgumentCaptor<CreateRequest> requestCaptor = \
ArgumentCaptor.forClass(CreateRequest.class); + \
doAnswer(handleResult()).when(mockHandler) + \
.createInstance(any(ServerContext.class), requestCaptor.capture(), \
any(ResultHandler.class)); + configuration.setAuditFailureSuppressed(false);
+
+ // When
+ AuditException auditException = null;
+ try {
+ auditEventPublisher.publish("unknownTopic", auditEvent);
+ } catch (AuditException e) {
+ auditException = e;
+ }
+
+ // Then
+ assertThat(auditException).isNotNull();
+ }
+
</ins><span class="cx"> private Answer<Void> handleResult() {
</span><span class="cx"> return new Answer<Void>() {
</span><span class="cx"> @Override
</span></span></pre></div>
<a id="branchesAME7692_noRestartsAuthopenamopenamauditopenamauditcoresrctestjavaorgforgerockopenamauditAuditServiceProviderImplTestjava"></a>
<div class="modfile"><h4>Modified: \
branches/AME-7692_noRestartsAuth/openam/openam-audit/openam-audit-core/src/test/java/org/forgerock/openam/audit/AuditServiceProviderImplTest.java \
(14908 => 14909)</h4> <pre class="diff"><span>
<span class="info">--- \
branches/AME-7692_noRestartsAuth/openam/openam-audit/openam-audit-core/src/test/java/org/forgerock/openam/audit/AuditServiceProviderImplTest.java 2015-07-31 \
14:42:37 UTC (rev 14908)
+++ branches/AME-7692_noRestartsAuth/openam/openam-audit/openam-audit-core/src/test/java/org/forgerock/openam/audit/AuditServiceProviderImplTest.java 2015-07-31 \
15:38:51 UTC (rev 14909) </span><span class="lines">@@ -16,8 +16,12 @@
</span><span class="cx"> package org.forgerock.openam.audit;
</span><span class="cx">
</span><span class="cx"> import static org.assertj.core.api.Assertions.assertThat;
</span><ins>+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.when;
</ins><span class="cx">
</span><span class="cx"> import org.forgerock.audit.AuditService;
</span><ins>+import org.forgerock.openam.audit.configuration.AMAuditServiceConfiguration;
+import org.forgerock.openam.audit.configuration.AuditServiceConfigurator;
</ins><span class="cx"> import org.testng.annotations.Test;
</span><span class="cx">
</span><span class="cx"> /**
</span><span class="lines">@@ -28,7 +32,9 @@
</span><span class="cx"> @Test
</span><span class="cx"> public void \
shouldSetTransactionIdFromHttpHeaderAndClearRequestContextWhenFinished() throws \
Exception { </span><span class="cx"> // Given
</span><del>- AuditServiceProvider factory = new AuditServiceProviderImpl();
</del><ins>+ AuditServiceConfigurator configurator = \
mock(AuditServiceConfigurator.class); + \
when(configurator.getAuditServiceConfiguration()).thenReturn(new \
AMAuditServiceConfiguration()); + AuditServiceProvider factory = new \
AuditServiceProviderImpl(configurator); </ins><span class="cx">
</span><span class="cx"> // When
</span><span class="cx"> AuditService auditService = \
factory.createAuditService(); </span></span></pre></div>
<a id="branchesAME7692_noRestartsAuthopenamopenamauditopenamauditcoresrctestresourcesaccesseventjson"></a>
<div class="modfile"><h4>Modified: \
branches/AME-7692_noRestartsAuth/openam/openam-audit/openam-audit-core/src/test/resources/access-event.json \
(14908 => 14909)</h4> <pre class="diff"><span>
<span class="info">--- \
branches/AME-7692_noRestartsAuth/openam/openam-audit/openam-audit-core/src/test/resources/access-event.json 2015-07-31 \
14:42:37 UTC (rev 14908)
+++ branches/AME-7692_noRestartsAuth/openam/openam-audit/openam-audit-core/src/test/resources/access-event.json 2015-07-31 \
15:38:51 UTC (rev 14909) </span><span class="lines">@@ -7,7 +7,6 @@
</span><span class="cx"> "id": \
"id=amadmin,ou=user,dc=openam,dc=forgerock,dc=org" </span><span class="cx"> \
}, </span><span class="cx"> "contextId": "uniqueSessionAlias",
</span><del>- "domain": "dc=openam,dc=forgerock,dc=org",
</del><span class="cx"> "client": {
</span><span class="cx"> "host": null,
</span><span class="cx"> "ip": "172.16.101.7",
</span></span></pre></div>
<a id="branchesAME7692_noRestartsAuthopenamopenamauditpomxml"></a>
<div class="modfile"><h4>Modified: \
branches/AME-7692_noRestartsAuth/openam/openam-audit/pom.xml (14908 => 14909)</h4> \
<pre class="diff"><span> <span class="info">--- \
branches/AME-7692_noRestartsAuth/openam/openam-audit/pom.xml 2015-07-31 14:42:37 UTC \
(rev 14908)
+++ branches/AME-7692_noRestartsAuth/openam/openam-audit/pom.xml 2015-07-31 15:38:51 \
UTC (rev 14909) </span><span class="lines">@@ -1,4 +1,19 @@
</span><span class="cx"> <?xml version="1.0" \
encoding="UTF-8"?> </span><ins>+<!--
+ ~ The contents of this file are subject to the terms of the Common Development and
+ ~ Distribution License (the License). You may not use this file except in \
compliance with the + ~ License.
+ ~
+ ~ You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for \
the + ~ specific language governing permission and limitations under the License.
+ ~
+ ~ When distributing Covered Software, include this CDDL Header Notice in each file \
and include + ~ the License file at legal/CDDLv1.0.txt. If applicable, add the \
following below the CDDL + ~ Header, with the fields enclosed by brackets [] \
replaced by your own identifying + ~ information: "Portions copyright [year] \
[name of copyright owner]". + ~
+ ~ Copyright 2014-2015 ForgeRock AS.
+-->
</ins><span class="cx"> <project \
xmlns="http://maven.apache.org/POM/4.0.0" </span><span class="cx"> \
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" </span><span \
class="cx"> xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 \
http://maven.apache.org/xsd/maven-4.0.0.xsd"> </span><span class="lines">@@ \
-17,6 +32,7 @@ </span><span class="cx"> <modules>
</span><span class="cx"> <module>openam-audit-context</module>
</span><span class="cx"> <module>openam-audit-core</module>
</span><ins>+ <module>openam-audit-configuration</module>
</ins><span class="cx"> </modules>
</span><span class="cx">
</span><span class="cx"> </project>
</span><span class="cx">\ No newline at end of file
</span></span></pre></div>
<a id="branchesAME7692_noRestartsAuthopenamopenamauthenticationopenamauthhotp"></a>
<div class="propset"><h4>Property changes: \
branches/AME-7692_noRestartsAuth/openam/openam-authentication/openam-auth-hotp</h4> \
<pre class="diff"><span> </span></pre></div>
<a id="svnmergeinfo"></a>
<div class="modfile"><h4>Modified: svn:mergeinfo</h4></div>
<span class="cx">/branches/AME-2629/openam/openam-authentication/openam-auth-hotp:7585-7632
</span><span class="cx">/branches/AME-2766-policy-entitlements-REST-APIs/openam/openam-authentication/openam-auth-hotp:8455-8476
</span><span class="cx">/branches/AME-3087-entitlements-CREST-management/openam/openam-authentication/openam-auth-hotp:8481-8664
</span><span class="cx">/branches/AME-3087_query_and_patch/openam/openam-authentication/openam-auth-hotp:8667-8681
</span><span class="cx">/branches/AME-3405-session-read-from-cts/openam/openam-authentication/openam-auth-hotp:8749-8823
</span><span class="cx">/branches/AME-3423/openam/openam-authentication/openam-auth-hotp:10105-10414
</span><span class="cx">/branches/AME-3612-pcunnington/openam/openam-authentication/openam-auth-hotp:9534-9723
</span><span class="cx">/branches/AME-3719/openam/openam-authentication/openam-auth-hotp:9517-9879
</span><span class="cx">/branches/AME-3726-script-sandboxing/openam/openam-authentication/openam-auth-hotp:9663-9819
</span><span class="cx">/branches/AME-4378/openam/openam-authentication/openam-auth-hotp:10443-10621
</span><span class="cx">/branches/AME-4460_AME-4459/openam/openam-authentication/openam-auth-hotp:10437-10535
</span><span class="cx">/branches/AME-4547/openam/openam-authentication/openam-auth-hotp:10585-10783
</span><span class="cx">/branches/AME-4569-XACML-Response-Provider-Support/openam/openam-authentication/openam-auth-hotp:10624-10817
</span><span class="cx">/branches/AME-4595/openam/openam-authentication/openam-auth-hotp:10581-10789
</span><span class="cx">/branches/AME-4609/openam/openam-authentication/openam-auth-hotp:10678-10949
</span><span class="cx">/branches/AME-4616/openam/openam-authentication/openam-auth-hotp:10652-10817
</span><span class="cx">/branches/AME-4638/openam/openam-authentication/openam-auth-hotp:10869-11050
</span><span class="cx">/branches/AME-5023/openam/openam-authentication/openam-auth-hotp:11070-11123
</span><span class="cx">/branches/AME-5326_refactor_and_test_oath_module/openam/openam-authentication/openam-auth-hotp:13066-13428
</span><span class="cx">/branches/AME-5568-stateless-sessions/openam/openam-authentication/openam-auth-hotp:12629-13078
</span><span class="cx">/branches/AME-6128_and_AME-6129_JSONify_attributes_for_OATH/openam/openam-authentication/openam-auth-hotp:13797-13866
</span><span class="cx">/branches/AME-6128_and_AME-6129_new_user_attributes_for_OATH/openam/openam-authentication/openam-auth-hotp:13602-13794
</span><span class="cx">/branches/AME-6369/openam/openam-authentication/openam-auth-hotp:13289-13686
</span><span class="cx">/branches/AME-6627_Remove-LDAP-SDK/openam/openam-authentication/openam-auth-hotp:13713-14249
</span><span class="cx">/branches/AME-7286/openam/openam-authentication/openam-auth-hotp:14363-14465
</span><span class="cx">/branches/CTS-Async/openam/openam-authentication/openam-auth-hotp:8847-9739
</span><span class="cx">/branches/OPENAM-2961-forgot-password-404/openam/openam-authentication/openam-auth-hotp:8322-8362
</span><span class="cx">/branches/OPENAM-3097-sessions-not-deleted/openam/openam-authentication/openam-auth-hotp:6910-6946
</span><span class="cx">/branches/OPENAM-3130-session-quota/openam/openam-authentication/openam-auth-hotp:6958-6972
</span><span class="cx">/branches/OPENAM-3283-CTS-thread-exceptions/openam/openam-authentication/openam-auth-hotp:7270-7369
</span><span class="cx">/branches/OPENAM-3425-class-cast-exception/openam/openam-authentication/openam-auth-hotp:8333-8359
</span><span class="cx">/branches/OPENAM-3782-forgotten-password-changes/openam/openam-authentication/openam-auth-hotp:8747-8835
</span><span class="cx">/branches/OPENAM-4028-connection-pool/openam/openam-authentication/openam-auth-hotp:9750-10171
</span><span class="cx">/branches/OPENAM-4384-ssoadm-classpath/openam/openam-authentication/openam-auth-hotp:10263-10264
</span><span class="cx">/branches/OPENAM-4394/openam/openam-authentication/openam-auth-hotp:11059-11099
</span><span class="cx">/branches/OPENAM-4775-REST-endpoint-malformed-3/openam/openam-authentication/openam-auth-hotp:11322-11331
</span><span class="cx">/branches/OPENAM-5019_entitlement_condition_validation/openam/openam-authentication/openam-auth-hotp:11455-11491
</span><span class="cx">/branches/OPENAM-5269/openam/openam-authentication/openam-auth-hotp:11838-11851
</span><span class="cx">/branches/OPENAM-5970_trim_unused_qrcode_references/openam/openam-authentication/openam-auth-hotp:13756-13770
</span><span class="cx">/branches/OPENAM-OPENAM-3528-client-side-session-validation/openam/openam-authentication/openam-auth-hotp:7834-7844
</span><span class="cx">/branches/ame4272/openam/openam-authentication/openam-auth-hotp:10073-10101
</span><span class="cx">/branches/andy-ame-2227-v2/openam/openam-authentication/openam-auth-hotp:7508-7697
</span><span class="cx">/branches/andy-ame1316-connectionfactory/openam/openam-authentication/openam-auth-hotp:5311-5328
</span><span class="cx">/branches/andy-cts-connection-pool/openam/openam-authentication/openam-auth-hotp:7098-7175
</span><span class="cx">/branches/andy-openam-2654/openam/openam-authentication/openam-auth-hotp:6872-6911
</span><span class="cx">/branches/andy-openam-2880/openam/openam-authentication/openam-auth-hotp:6451-6503
</span><span class="cx">/branches/andy-openam-2907/openam/openam-authentication/openam-auth-hotp:6531-6534
</span><span class="cx">/branches/andy-openam-3006/openam/openam-authentication/openam-auth-hotp:6709-6749
</span><span class="cx">/branches/andy-openam-3063/openam/openam-authentication/openam-auth-hotp:6927-6948
</span><span class="cx">/branches/andy-openam-3193/openam/openam-authentication/openam-auth-hotp:7124-7128
</span><span class="cx">/branches/andy-openam-3248/openam/openam-authentication/openam-auth-hotp:7171-7715
</span><span class="cx">/branches/andy-openam2743/openam/openam-authentication/openam-auth-hotp:6372-6439
</span><span class="cx">/branches/andy-openam2744/openam/openam-authentication/openam-auth-hotp:6347-6367
</span><span class="cx">/branches/andyAme2972/openam/openam-authentication/openam-auth-hotp:8270-8318
</span><span class="cx">/branches/andyAme3102/openam/openam-authentication/openam-auth-hotp:8312-8413
</span><span class="cx">/branches/andyAme3196/openam/openam-authentication/openam-auth-hotp:8853-9084
</span><span class="cx">/branches/andyOpenam1708/openam/openam-authentication/openam-auth-hotp:5576-5592
</span><span class="cx">/branches/andyOpenam2140/openam/openam-authentication/openam-auth-hotp:7819-7862
</span><span class="cx">/branches/andyOpenam2373/openam/openam-authentication/openam-auth-hotp:5600-5706
</span><span class="cx">/branches/andyOpenam2525/openam/openam-authentication/openam-auth-hotp:5601-5733
</span><span class="cx">/branches/andyOpenam3509/openam/openam-authentication/openam-auth-hotp:7881-7963
</span><span class="cx">/branches/andyOpenam3638/openam/openam-authentication/openam-auth-hotp:8094-8172
</span><span class="cx">/branches/andyOpenam3969/openam/openam-authentication/openam-auth-hotp:10453-10977
</span><span class="cx">/branches/andyPolicyCrest/openam/openam-authentication/openam-auth-hotp:8295-8813
</span><span class="cx">/branches/apforrest-ame1316/openam/openam-authentication/openam-auth-hotp:4881-5305
</span><span class="cx">/branches/apforrest_ame805_indextree/openam/openam-authentication/openam-auth-hotp:4567-4852
</span><span class="cx">/branches/cert_chain_bug/openam-authentication/openam-auth-hotp:11102-11125
</span><span class="cx">/branches/contextualAuthz/openam/openam-authentication/openam-auth-hotp:12734-12787
</span><span class="cx">/branches/dirk_oauth_perf/openam-authentication/openam-auth-hotp:5904
</span><span class="cx">/branches/dirk_sts/openam-authentication/openam-auth-hotp:5297,5314,5317-5318,5320-5321
</span><span class="cx">/branches/initial_uma/openam/openam-authentication/openam-auth-hotp:12067-12470
</span><span class="cx">/branches/oidc_authn/openam-authentication/openam-auth-hotp:8507,8540,8557-8559,8565-8566
</span><span class="cx">/branches/openam-3049-cts-reaper-connection-usage/openam/openam-authentication/openam-auth-hotp:6658-6745
</span><span class="cx">/branches/openam-3053-cts-tab-exception/openam/openam-authentication/openam-auth-hotp:6672-6721
</span><span class="cx">/branches/openam-3072-cts-configuration/openam/openam-authentication/openam-auth-hotp:6691-6714
</span><span class="cx">/branches/openam-3092-store-mode-error/openam/openam-authentication/openam-auth-hotp:6729-6733
</span><span class="cx">/branches/openam-3110-create-or-update-bug/openam/openam-authentication/openam-auth-hotp:6767-6804
</span><span class="cx">/branches/openam2742-andy/openam/openam-authentication/openam-auth-hotp:6266-6323
</span><span class="cx">/branches/openam_10.1.0_xacml3_JAS/openam/openam-authentication/openam-auth-hotp:4039-4140
</span><span class="cx">/branches/openam_10.2.0_xacml3_JAS/openam/openam-authentication/openam-auth-hotp:4141-4379
</span><span class="cx">/branches/pcunnington-AME-3115-refactor/openam/openam-authentication/openam-auth-hotp:8348-8473
</span><span class="cx">/branches/pcunnington-AME-3158/openam/openam-authentication/openam-auth-hotp:8476-8577
</span><span class="cx">/branches/pcunnington-AME-350/openam/openam-authentication/openam-auth-hotp:4165-4344
</span><span class="cx">/branches/pcunnington-ame-344/openam/openam-authentication/openam-auth-hotp:4651-5199
</span><span class="cx">/branches/pcunnington-oauth2/openam/openam-authentication/openam-auth-hotp:8710-8793
</span><span class="cx">/branches/phcunnington-AME-3114/openam/openam-authentication/openam-auth-hotp:8314-8341
</span><span class="cx">/branches/policyimprovements/openam/openam-authentication/openam-auth-hotp:5513-5515
</span><span class="cx">/branches/referralsWithoutApplications/openam/openam-authentication/openam-auth-hotp:11071-11119
</span><span class="cx">/branches/rest_sts_publish/openam-authentication/openam-auth-hotp:8167,8180,8214,8227,8245,8260
</span><span class="cx">/branches/rest_sts_view_bean/openam-authentication/openam-auth-hotp:9690-9965
</span><span class="cx">/branches/rwapshott-AME-1739/openam/openam-authentication/openam-auth-hotp:5331-5353
</span><span class="cx">/branches/rwapshott-AME-215/openam/openam-authentication/openam-auth-hotp:4091-4155
</span><span class="cx">/branches/rwapshott-AME-257/openam/openam-authentication/openam-auth-hotp:4047-4126
</span><span class="cx">/branches/rwapshott-AME-804/openam/openam-authentication/openam-auth-hotp:4267-5404
</span><span class="cx">/branches/rwapshott-ame-2027-cts-oids-should-follow-fr-oid-scheme/openam/openam-authentication/openam-auth-hotp:5609-5614
</span><span class="cx">/branches/rwapshott-ame-2160-session-size/openam/openam-authentication/openam-auth-hotp:6086-6319
</span><span class="cx">/branches/rwapshott-ame-2311-index-names/openam/openam-authentication/openam-auth-hotp:6058-6069
</span><span class="cx">/branches/rwapshott-ame-258-cts-replication/openam/openam-authentication/openam-auth-hotp:5548-6055
</span><span class="cx">/branches/rwapshott-openam-2198-session-resource-protection/openam/openam-authentication/openam-auth-hotp:5628-5824
</span><span class="cx">/branches/rwapshott-openam-2526/openam/openam-authentication/openam-auth-hotp:5442-5484
</span><span class="cx">/branches/rwapshott-openam-2716-cts-invalid-chars/openam/openam-authentication/openam-auth-hotp:6170-6194
</span><span class="cx">/branches/rwapshott-openam-2729-saml2-error/openam/openam-authentication/openam-auth-hotp:6247-6257
</span><span class="cx">/branches/soap_sts_admin_ui/openam-authentication/openam-auth-hotp:14254-14454
</span><span class="cx">/branches/soap_sts_config/openam-authentication/openam-auth-hotp:12590-12719,12744
</span><span class="cx">/branches/soap_sts_policy/openam-authentication/openam-auth-hotp:12762-13106,13172-13354
</span><span class="cx">/branches/soap_sts_x509/openam-authentication/openam-auth-hotp:13550-13640,13667,13693
</span><span class="cx">/branches/stateless_logout/openam/openam-authentication/openam-auth-hotp:12511-13298
</span><span class="cx">/branches/sts_client_sdk/openam-authentication/openam-auth-hotp:11175-11185
</span><span class="cx">/branches/sts_custom_ops/openam-authentication/openam-auth-hotp:14051-14331
</span><span class="cx">/branches/sts_disable_am_token/openam-authentication/openam-auth-hotp:11204,11229-11233
</span><span class="cx">/branches/sts_filtering/openam-authentication/openam-auth-hot \
p:10605-10717,10719-10900,10924,10927,10929-10931,10955,10963-10964,10986,10989,10993,10996,11001-11002,11028-11029
</span><span class="cx">/branches/sts_oidc_saml/openam-authentication/openam-auth-hotp:8310,8352,8355,8368,8378-8379,8387-8388,8403,8410,8416
</span><span class="cx">/branches/sts_oidc_saml_redux/openam-authentication/openam-auth-hotp:8417-8422,8424,8440,8445-8446,8460,8490,8498
</span><span class="cx">/branches/sts_restart_persistence/openam-authentication/openam-auth-hotp:9003-9005,9009-9414
</span><span class="cx">/branches/sts_saml2_encrypt/openam-authentication/openam-auth-hotp:10424-10472,10474-10550
</span><span class="cx">/branches/sts_sans_cxf/openam-authentication/openam-auth-hotp:13383-13518,13532-13542
</span><span class="cx">/branches/sts_service_listeners/openam-authentication/openam-auth-hotp:9968-10031,10047-10048,10053
</span><span class="cx">/branches/sts_soap/openam-authentication/openam-auth-hotp:11665-12039,12056-12242,12273-12321
</span><span class="cx">/branches/sts_tgs_oidc/openam-authentication/openam-auth-hotp:13712-14040
</span><span class="cx">/branches/sts_token_gen_service/openam-authentication/openam- \
auth-hotp:8706,8717-8720,8723-8725,8727-8728,8731,8737,8740-8742,8759-8760,8774-8776,8796-8797,8800-8801,8818-8819,8821
</span><span class="cx">/branches/sts_token_gen_service2/openam-authentication/openam-auth-hotp:8844-8887,8894-9000
</span><span class="cx">/branches/sts_x509/openam-authentication/openam-auth-hotp:10206-10398
</span><span class="cx">/fr-branches/11.0.x/openam/openam-authentication/openam-auth-hotp:11353,11363,11666,12915
</span><span class="cx">/fr-branches/12.0.x/openam/openam-authentication/openam-auth-hotp:12922
</span><span class="cx"> + \
/branches/AME-2526-SFO-between-sites/openam/openam-authentication/openam-auth-hotp:7510-8258
</span><span class="cx">/branches/AME-2629/openam/openam-authentication/openam-auth-hotp:7585-7632
</span><span class="cx">/branches/AME-2766-policy-entitlements-REST-APIs/openam/openam-authentication/openam-auth-hotp:8455-8476
</span><span class="cx">/branches/AME-3087-entitlements-CREST-management/openam/openam-authentication/openam-auth-hotp:8481-8664
</span><span class="cx">/branches/AME-3087_query_and_patch/openam/openam-authentication/openam-auth-hotp:8667-8681
</span><span class="cx">/branches/AME-3405-session-read-from-cts/openam/openam-authentication/openam-auth-hotp:8749-8823
</span><span class="cx">/branches/AME-3423/openam/openam-authentication/openam-auth-hotp:10105-10414
</span><span class="cx">/branches/AME-3612-pcunnington/openam/openam-authentication/openam-auth-hotp:9534-9723
</span><span class="cx">/branches/AME-3719/openam/openam-authentication/openam-auth-hotp:9517-9879
</span><span class="cx">/branches/AME-3726-script-sandboxing/openam/openam-authentication/openam-auth-hotp:9663-9819
</span><span class="cx">/branches/AME-4378/openam/openam-authentication/openam-auth-hotp:10443-10621
</span><span class="cx">/branches/AME-4460_AME-4459/openam/openam-authentication/openam-auth-hotp:10437-10535
</span><span class="cx">/branches/AME-4547/openam/openam-authentication/openam-auth-hotp:10585-10783
</span><span class="cx">/branches/AME-4569-XACML-Response-Provider-Support/openam/openam-authentication/openam-auth-hotp:10624-10817
</span><span class="cx">/branches/AME-4595/openam/openam-authentication/openam-auth-hotp:10581-10789
</span><span class="cx">/branches/AME-4609/openam/openam-authentication/openam-auth-hotp:10678-10949
</span><span class="cx">/branches/AME-4616/openam/openam-authentication/openam-auth-hotp:10652-10817
</span><span class="cx">/branches/AME-4638/openam/openam-authentication/openam-auth-hotp:10869-11050
</span><span class="cx">/branches/AME-5023/openam/openam-authentication/openam-auth-hotp:11070-11123
</span><span class="cx">/branches/AME-5326_refactor_and_test_oath_module/openam/openam-authentication/openam-auth-hotp:13066-13428
</span><span class="cx">/branches/AME-5568-stateless-sessions/openam/openam-authentication/openam-auth-hotp:12629-13078
</span><span class="cx">/branches/AME-6128_and_AME-6129_JSONify_attributes_for_OATH/openam/openam-authentication/openam-auth-hotp:13797-13866
</span><span class="cx">/branches/AME-6128_and_AME-6129_new_user_attributes_for_OATH/openam/openam-authentication/openam-auth-hotp:13602-13794
</span><span class="cx">/branches/AME-6369/openam/openam-authentication/openam-auth-hotp:13289-13686
</span><span class="cx">/branches/AME-6627_Remove-LDAP-SDK/openam/openam-authentication/openam-auth-hotp:13713-14249
</span><span class="cx">/branches/AME-7286/openam/openam-authentication/openam-auth-hotp:14363-14465
</span><span class="cx">/branches/AME-7754_UMA_labels/openam/openam-authentication/openam-auth-hotp:14781-14882
</span><span class="cx">/branches/CTS-Async/openam/openam-authentication/openam-auth-hotp:8847-9739
</span><span class="cx">/branches/OPENAM-2961-forgot-password-404/openam/openam-authentication/openam-auth-hotp:8322-8362
</span><span class="cx">/branches/OPENAM-3097-sessions-not-deleted/openam/openam-authentication/openam-auth-hotp:6910-6946
</span><span class="cx">/branches/OPENAM-3130-session-quota/openam/openam-authentication/openam-auth-hotp:6958-6972
</span><span class="cx">/branches/OPENAM-3283-CTS-thread-exceptions/openam/openam-authentication/openam-auth-hotp:7270-7369
</span><span class="cx">/branches/OPENAM-3425-class-cast-exception/openam/openam-authentication/openam-auth-hotp:8333-8359
</span><span class="cx">/branches/OPENAM-3782-forgotten-password-changes/openam/openam-authentication/openam-auth-hotp:8747-8835
</span><span class="cx">/branches/OPENAM-4028-connection-pool/openam/openam-authentication/openam-auth-hotp:9750-10171
</span><span class="cx">/branches/OPENAM-4384-ssoadm-classpath/openam/openam-authentication/openam-auth-hotp:10263-10264
</span><span class="cx">/branches/OPENAM-4394/openam/openam-authentication/openam-auth-hotp:11059-11099
</span><span class="cx">/branches/OPENAM-4775-REST-endpoint-malformed-3/openam/openam-authentication/openam-auth-hotp:11322-11331
</span><span class="cx">/branches/OPENAM-5019_entitlement_condition_validation/openam/openam-authentication/openam-auth-hotp:11455-11491
</span><span class="cx">/branches/OPENAM-5269/openam/openam-authentication/openam-auth-hotp:11838-11851
</span><span class="cx">/branches/OPENAM-5970_trim_unused_qrcode_references/openam/openam-authentication/openam-auth-hotp:13756-13770
</span><span class="cx">/branches/OPENAM-6272-OPENAM-1462-OATH-RFEs/openam/openam-authentication/openam-auth-hotp:14653-14742
</span><span class="cx">/branches/OPENAM-6326-ssoadm-classpath/openam/openam-authentication/openam-auth-hotp:14839-14844
</span><span class="cx">/branches/OPENAM-OPENAM-3528-client-side-session-validation/openam/openam-authentication/openam-auth-hotp:7834-7844
</span><span class="cx">/branches/ame4272/openam/openam-authentication/openam-auth-hotp:10073-10101
</span><span class="cx">/branches/andy-ame-2227-v2/openam/openam-authentication/openam-auth-hotp:7508-7697
</span><span class="cx">/branches/andy-ame1316-connectionfactory/openam/openam-authentication/openam-auth-hotp:5311-5328
</span><span class="cx">/branches/andy-cts-connection-pool/openam/openam-authentication/openam-auth-hotp:7098-7175
</span><span class="cx">/branches/andy-openam-2654/openam/openam-authentication/openam-auth-hotp:6872-6911
</span><span class="cx">/branches/andy-openam-2880/openam/openam-authentication/openam-auth-hotp:6451-6503
</span><span class="cx">/branches/andy-openam-2907/openam/openam-authentication/openam-auth-hotp:6531-6534
</span><span class="cx">/branches/andy-openam-3006/openam/openam-authentication/openam-auth-hotp:6709-6749
</span><span class="cx">/branches/andy-openam-3063/openam/openam-authentication/openam-auth-hotp:6927-6948
</span><span class="cx">/branches/andy-openam-3193/openam/openam-authentication/openam-auth-hotp:7124-7128
</span><span class="cx">/branches/andy-openam-3248/openam/openam-authentication/openam-auth-hotp:7171-7715
</span><span class="cx">/branches/andy-openam2743/openam/openam-authentication/openam-auth-hotp:6372-6439
</span><span class="cx">/branches/andy-openam2744/openam/openam-authentication/openam-auth-hotp:6347-6367
</span><span class="cx">/branches/andyAme2972/openam/openam-authentication/openam-auth-hotp:8270-8318
</span><span class="cx">/branches/andyAme3102/openam/openam-authentication/openam-auth-hotp:8312-8413
</span><span class="cx">/branches/andyAme3196/openam/openam-authentication/openam-auth-hotp:8853-9084
</span><span class="cx">/branches/andyOpenam1708/openam/openam-authentication/openam-auth-hotp:5576-5592
</span><span class="cx">/branches/andyOpenam2140/openam/openam-authentication/openam-auth-hotp:7819-7862
</span><span class="cx">/branches/andyOpenam2373/openam/openam-authentication/openam-auth-hotp:5600-5706
</span><span class="cx">/branches/andyOpenam2525/openam/openam-authentication/openam-auth-hotp:5601-5733
</span><span class="cx">/branches/andyOpenam3509/openam/openam-authentication/openam-auth-hotp:7881-7963
</span><span class="cx">/branches/andyOpenam3638/openam/openam-authentication/openam-auth-hotp:8094-8172
</span><span class="cx">/branches/andyOpenam3969/openam/openam-authentication/openam-auth-hotp:10453-10977
</span><span class="cx">/branches/andyPolicyCrest/openam/openam-authentication/openam-auth-hotp:8295-8813
</span><span class="cx">/branches/apforrest-ame1316/openam/openam-authentication/openam-auth-hotp:4881-5305
</span><span class="cx">/branches/apforrest_ame805_indextree/openam/openam-authentication/openam-auth-hotp:4567-4852
</span><span class="cx">/branches/cert_chain_bug/openam-authentication/openam-auth-hotp:11102-11125
</span><span class="cx">/branches/contextualAuthz/openam/openam-authentication/openam-auth-hotp:12734-12787
</span><span class="cx">/branches/dirk_oauth_perf/openam-authentication/openam-auth-hotp:5904
</span><span class="cx">/branches/dirk_sts/openam-authentication/openam-auth-hotp:5297,5314,5317-5318,5320-5321
</span><span class="cx">/branches/initial_uma/openam/openam-authentication/openam-auth-hotp:12067-12470
</span><span class="cx">/branches/openam-3049-cts-reaper-connection-usage/openam/openam-authentication/openam-auth-hotp:6658-6745
</span><span class="cx">/branches/openam-3053-cts-tab-exception/openam/openam-authentication/openam-auth-hotp:6672-6721
</span><span class="cx">/branches/openam-3072-cts-configuration/openam/openam-authentication/openam-auth-hotp:6691-6714
</span><span class="cx">/branches/openam-3092-store-mode-error/openam/openam-authentication/openam-auth-hotp:6729-6733
</span><span class="cx">/branches/openam-3110-create-or-update-bug/openam/openam-authentication/openam-auth-hotp:6767-6804
</span><span class="cx">/branches/openam2742-andy/openam/openam-authentication/openam-auth-hotp:6266-6323
</span><span class="cx">/branches/openam_10.1.0_xacml3_JAS/openam/openam-authentication/openam-auth-hotp:4039-4140
</span><span class="cx">/branches/openam_10.2.0_xacml3_JAS/openam/openam-authentication/openam-auth-hotp:4141-4379
</span><span class="cx">/branches/pcunnington-AME-3115-refactor/openam/openam-authentication/openam-auth-hotp:8348-8473
</span><span class="cx">/branches/pcunnington-AME-3158/openam/openam-authentication/openam-auth-hotp:8476-8577
</span><span class="cx">/branches/pcunnington-AME-350/openam/openam-authentication/openam-auth-hotp:4165-4344
</span><span class="cx">/branches/pcunnington-ame-344/openam/openam-authentication/openam-auth-hotp:4651-5199
</span><span class="cx">/branches/pcunnington-oauth2/openam/openam-authentication/openam-auth-hotp:8710-8793
</span><span class="cx">/branches/phcunnington-AME-3114/openam/openam-authentication/openam-auth-hotp:8314-8341
</span><span class="cx">/branches/policyimprovements/openam/openam-authentication/openam-auth-hotp:5513-5515
</span><span class="cx">/branches/referralsWithoutApplications/openam/openam-authentication/openam-auth-hotp:11071-11119
</span><span class="cx">/branches/rest_sts_publish/openam-authentication/openam-auth-hotp:8167,8180,8214,8227,8245,8260
</span><span class="cx">/branches/rest_sts_view_bean/openam-authentication/openam-auth-hotp:9690-9965
</span><span class="cx">/branches/rwapshott-AME-1739/openam/openam-authentication/openam-auth-hotp:5331-5353
</span><span class="cx">/branches/rwapshott-AME-215/openam/openam-authentication/openam-auth-hotp:4091-4155
</span><span class="cx">/branches/rwapshott-AME-257/openam/openam-authentication/openam-auth-hotp:4047-4126
</span><span class="cx">/branches/rwapshott-AME-804/openam/openam-authentication/openam-auth-hotp:4267-5404
</span><span class="cx">/branches/rwapshott-ame-2027-cts-oids-should-follow-fr-oid-scheme/openam/openam-authentication/openam-auth-hotp:5609-5614
</span><span class="cx">/branches/rwapshott-ame-2160-session-size/openam/openam-authentication/openam-auth-hotp:6086-6319
</span><span class="cx">/branches/rwapshott-ame-2311-index-names/openam/openam-authentication/openam-auth-hotp:6058-6069
</span><span class="cx">/branches/rwapshott-ame-258-cts-replication/openam/openam-authentication/openam-auth-hotp:5548-6055
</span><span class="cx">/branches/rwapshott-openam-2198-session-resource-protection/openam/openam-authentication/openam-auth-hotp:5628-5824
</span><span class="cx">/branches/rwapshott-openam-2526/openam/openam-authentication/openam-auth-hotp:5442-5484
</span><span class="cx">/branches/rwapshott-openam-2716-cts-invalid-chars/openam/openam-authentication/openam-auth-hotp:6170-6194
</span><span class="cx">/branches/rwapshott-openam-2729-saml2-error/openam/openam-authentication/openam-auth-hotp:6247-6257
</span><span class="cx">/branches/soap_sts_admin_ui/openam-authentication/openam-auth-hotp:14254-14454
</span><span class="cx">/branches/soap_sts_config/openam-authentication/openam-auth-hotp:12590-12719,12744
</span><span class="cx">/branches/soap_sts_policy/openam-authentication/openam-auth-hotp:12762-13106,13172-13354
</span><span class="cx">/branches/soap_sts_x509/openam-authentication/openam-auth-hotp:13550-13640,13667,13693
</span><span class="cx">/branches/stateless_logout/openam/openam-authentication/openam-auth-hotp:12511-13298
</span><span class="cx">/branches/sts_client_sdk/openam-authentication/openam-auth-hotp:11175-11185
</span><span class="cx">/branches/sts_custom_ops/openam-authentication/openam-auth-hotp:14051-14331
</span><span class="cx">/branches/sts_disable_am_token/openam-authentication/openam-auth-hotp:11204,11229-11233
</span><span class="cx">/branches/sts_filtering/openam-authentication/openam-auth-hot \
p:10605-10717,10719-10900,10924,10927,10929-10931,10955,10963-10964,10986,10989,10993,10996,11001-11002,11028-11029
</span><span class="cx">/branches/sts_oidc_saml/openam-authentication/openam-auth-hotp:8310,8352,8355,8368,8378-8379,8387-8388,8403,8410,8416
</span><span class="cx">/branches/sts_oidc_saml_redux/openam-authentication/openam-auth-hotp:8417-8422,8424,8440,8445-8446,8460,8490,8498
</span><span class="cx">/branches/sts_restart_persistence/openam-authentication/openam-auth-hotp:9003-9005,9009-9414
</span><span class="cx">/branches/sts_saml2_encrypt/openam-authentication/openam-auth-hotp:10424-10472,10474-10550
</span><span class="cx">/branches/sts_sans_cxf/openam-authentication/openam-auth-hotp:13383-13518,13532-13542
</span><span class="cx">/branches/sts_service_listeners/openam-authentication/openam-auth-hotp:9968-10031,10047-10048,10053
</span><span class="cx">/branches/sts_soap/openam-authentication/openam-auth-hotp:11665-12039,12056-12242,12273-12321
</span><span class="cx">/branches/sts_tgs_oidc/openam-authentication/openam-auth-hotp:13712-14040
</span><span class="cx">/branches/sts_token_gen_service/openam-authentication/openam- \
auth-hotp:8706,8717-8720,8723-8725,8727-8728,8731,8737,8740-8742,8759-8760,8774-8776,8796-8797,8800-8801,8818-8819,8821
</span><span class="cx">/branches/sts_token_gen_service2/openam-authentication/openam-auth-hotp:8844-8887,8894-9000
</span><span class="cx">/branches/sts_x509/openam-authentication/openam-auth-hotp:10206-10398
</span><span class="cx">/fr-branches/11.0.x/openam/openam-authentication/openam-auth-hotp:11353,11363,11666,12915
</span><span class="cx">/fr-branches/12.0.x/openam/openam-authentication/openam-auth-hotp:12922
</span><span class="cx">/trunk/openam/openam-authentication/openam-auth-hotp:14738-14908
</span><a id="branchesAME7692_noRestartsAuthopenamopenamauthenticationopenamauthoathsrcmainjavaorgforgerockopenamauthenticationmodulesoathOATHjava"></a>
<div class="modfile"><h4>Modified: \
branches/AME-7692_noRestartsAuth/openam/openam-authentication/openam-auth-oath/src/main/java/org/forgerock/openam/authentication/modules/oath/OATH.java \
(14908 => 14909)</h4> <pre class="diff"><span>
<span class="info">--- \
branches/AME-7692_noRestartsAuth/openam/openam-authentication/openam-auth-oath/src/main/java/org/forgerock/openam/authentication/modules/oath/OATH.java 2015-07-31 \
14:42:37 UTC (rev 14908)
+++ branches/AME-7692_noRestartsAuth/openam/openam-authentication/openam-auth-oath/src/main/java/org/forgerock/openam/authentication/modules/oath/OATH.java 2015-07-31 \
15:38:51 UTC (rev 14909) </span><span class="lines">@@ -38,14 +38,15 @@
</span><span class="cx"> import com.sun.identity.idm.IdType;
</span><span class="cx"> import com.sun.identity.shared.datastruct.CollectionHelper;
</span><span class="cx"> import com.sun.identity.shared.debug.Debug;
</span><ins>+import com.sun.identity.sm.SMSException;
</ins><span class="cx"> import java.io.IOException;
</span><span class="cx"> import java.util.ArrayList;
</span><span class="cx"> import java.util.Arrays;
</span><span class="cx"> import java.util.Collections;
</span><del>-import java.util.HashMap;
</del><span class="cx"> import java.util.List;
</span><span class="cx"> import java.util.Map;
</span><span class="cx"> import java.util.Set;
</span><ins>+import java.util.concurrent.TimeUnit;
</ins><span class="cx"> import javax.security.auth.Subject;
</span><span class="cx"> import javax.security.auth.callback.Callback;
</span><span class="cx"> import javax.security.auth.callback.ConfirmationCallback;
</span><span class="lines">@@ -57,7 +58,9 @@
</span><span class="cx"> import \
org.forgerock.json.resource.InternalServerErrorException; </span><span class="cx"> \
import org.forgerock.openam.rest.devices.OathDeviceSettings; </span><span class="cx"> \
import org.forgerock.openam.rest.devices.OathDevicesDao; </span><ins>+import \
org.forgerock.openam.rest.devices.services.OathService; </ins><span class="cx"> \
import org.forgerock.openam.utils.CollectionUtils; </span><ins>+import \
org.forgerock.openam.utils.StringUtils; </ins><span class="cx"> import \
org.forgerock.openam.utils.qr.GenerationUtils; </span><span class="cx">
</span><span class="cx"> /**
</span><span class="lines">@@ -82,8 +85,6 @@
</span><span class="cx"> \
"iplanet-am-auth-oath-password-length"; </span><span class="cx"> \
private static final String WINDOW_SIZE = </span><span class="cx"> \
"iplanet-am-auth-oath-hotp-window-size"; </span><del>- private static \
final String USER_OATH_ACTIVATED_ATTRIBUTE_NAME =
- "iplanet-am-auth-oath-skippable-attr-name";
</del><span class="cx"> private static final String TRUNCATION_OFFSET =
</span><span class="cx"> \
"iplanet-am-auth-oath-truncation-offset"; </span><span class="cx"> \
private static final String CHECKSUM = "iplanet-am-auth-oath-add-checksum"; \
</span><span class="lines">@@ -94,10 +95,10 @@ </span><span class="cx"> private \
static final String ALGORITHM = "iplanet-am-auth-oath-algorithm"; \
</span><span class="cx"> private static final String MIN_SECRET_KEY_LENGTH = \
</span><span class="cx"> \
"iplanet-am-auth-oath-min-secret-key-length"; </span><ins>+ private \
static final String MAXIMUM_CLOCK_DRIFT = \
"openam-auth-oath-maximum-clock-drift"; </ins><span class="cx">
</span><span class="cx"> //module attribute holders
</span><span class="cx"> private int userConfiguredSkippable = 0;
</span><del>- private String skippableAttrName = null;
</del><span class="cx"> private boolean isOptional;
</span><span class="cx"> private int passLen = 0;
</span><span class="cx"> private int minSecretKeyLength = 0;
</span><span class="lines">@@ -108,6 +109,7 @@
</span><span class="cx"> private int totpTimeStep = 0;
</span><span class="cx"> private int totpStepsInWindow = 0;
</span><span class="cx"> private long time = 0;
</span><ins>+ private int totpMaxClockDrift = 0;
</ins><span class="cx">
</span><span class="cx"> private static final int HOTP = 0;
</span><span class="cx"> private static final int TOTP = 1;
</span><span class="lines">@@ -128,10 +130,10 @@
</span><span class="cx">
</span><span class="cx"> private static final int SCRIPT_OUTPUT_CALLBACK_INDEX = \
1; </span><span class="cx">
</span><del>- private static final int NOT_SET = 0;
- private static final int SKIPPABLE = 1;
- private static final int NOT_SKIPPABLE = 2;
</del><ins>+ private OathService realmOathService;
+ private AMIdentity id;
</ins><span class="cx">
</span><ins>+
</ins><span class="cx"> private final OathDevicesDao devicesDao = \
InjectorHolder.getInstance(OathDevicesDao.class); </span><span class="cx"> \
private final OathMaker deviceFactory = InjectorHolder.getInstance(OathMaker.class); \
</span><span class="cx"> </span><span class="lines">@@ -176,8 +178,14 @@
</span><span class="cx"> debug.message("OATH::init");
</span><span class="cx"> }
</span><span class="cx">
</span><del>- //get module attributes
</del><ins>+ //get username from previous authentication
</ins><span class="cx"> try {
</span><ins>+ userName = (String) sharedState.get(getUserKey());
+
+ //gets skippable name from the realm's service and stores it
+ id = getIdentity();
+ realmOathService = new OathService(id.getRealm());
+
</ins><span class="cx"> this.authLevel = \
CollectionHelper.getMapAttr(options, AUTHLEVEL); </span><span class="cx">
</span><span class="cx"> try {
</span><span class="lines">@@ -189,16 +197,16 @@
</span><span class="cx"> try {
</span><span class="cx"> this.minSecretKeyLength = \
CollectionHelper.getIntMapAttr(options, MIN_SECRET_KEY_LENGTH, 0, debug); \
</span><span class="cx"> } catch (NumberFormatException e) { \
</span><del>- minSecretKeyLength = 0; //Default value has been delete, \
set to 0 </del><ins>+ minSecretKeyLength = 0; //Default value has been \
deleted, set to 0 </ins><span class="cx"> }
</span><span class="cx">
</span><del>- this.skippableAttrName = \
CollectionHelper.getMapAttr(options, USER_OATH_ACTIVATED_ATTRIBUTE_NAME); </del><span \
class="cx"> this.windowSize = CollectionHelper.getIntMapAttr(options, \
WINDOW_SIZE, 0, debug); </span><del>- this.truncationOffset = \
CollectionHelper.getIntMapAttr(options, TRUNCATION_OFFSET, 0, debug); </del><ins>+ \
this.truncationOffset = CollectionHelper.getIntMapAttr(options, TRUNCATION_OFFSET, \
-1, debug); </ins><span class="cx"> this.isOptional = \
!getLoginState("OATH").is2faMandatory(); </span><span class="cx"> \
this.totpTimeStep = CollectionHelper.getIntMapAttr(options, TOTP_TIME_STEP, 1, \
debug); </span><span class="cx"> this.totpStepsInWindow = \
CollectionHelper.getIntMapAttr(options, TOTP_STEPS_IN_WINDOW, 1, debug); </span><span \
class="cx"> this.checksum = CollectionHelper.getBooleanMapAttr(options, \
CHECKSUM, false); </span><ins>+ this.totpMaxClockDrift = \
CollectionHelper.getIntMapAttr(options, MAXIMUM_CLOCK_DRIFT, 0, debug); </ins><span \
class="cx"> </span><span class="cx"> final String algorithm = \
CollectionHelper.getMapAttr(options, ALGORITHM); </span><span class="cx"> \
if (algorithm.equalsIgnoreCase("HOTP")) { </span><span class="lines">@@ \
-215,21 +223,16 @@ </span><span class="cx"> \
setAuthLevel(Integer.parseInt(authLevel)); </span><span class="cx"> } \
catch (Exception e) { </span><span class="cx"> if \
(debug.errorEnabled()) { </span><del>- \
debug.error("OATH" + ".init() : Unable to set auth level " + \
authLevel, e); </del><ins>+ debug.error("OATH :: init() : \
Unable to set auth level " + authLevel, e); </ins><span class="cx"> \
} </span><span class="cx"> }
</span><span class="cx"> }
</span><del>- } catch (Exception e) {
- debug.error("OATH.init() : Unable to get module attributes", \
e); </del><ins>+ } catch (SMSException | SSOException | AuthLoginException e) \
{ + if (debug.errorEnabled()) {
+ debug.error("OATH :: init() : Unable to configure basic module \
properties " + authLevel, e); + }
</ins><span class="cx"> }
</span><span class="cx">
</span><del>- //get username from previous authentication
- try {
- userName = (String) sharedState.get(getUserKey());
- } catch (Exception e) {
- debug.error("OATH.init() : Unable to get username : ", e);
- }
-
</del><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> /**
</span><span class="lines">@@ -264,8 +267,6 @@
</span><span class="cx"> }
</span><span class="cx"> }
</span><span class="cx">
</span><del>- final AMIdentity id = getIdentity();
-
</del><span class="cx"> final OathDeviceSettings settings = \
getOathDeviceSettings(id.getName(), id.getRealm()); </span><span class="cx">
</span><span class="cx"> try {
</span><span class="lines">@@ -280,11 +281,11 @@
</span><span class="cx"> switch (state) {
</span><span class="cx"> case LOGIN_START:
</span><span class="cx">
</span><del>- if (isOptional && userConfiguredSkippable == \
SKIPPABLE) { </del><ins>+ if (isOptional && \
userConfiguredSkippable == OathService.SKIPPABLE) { </ins><span class="cx"> \
return ISAuthConstants.LOGIN_SUCCEED; </span><del>- } else if \
(isOptional && userConfiguredSkippable == NOT_SET) { </del><ins>+ \
} else if (isOptional && userConfiguredSkippable == OathService.NOT_SET) { \
</ins><span class="cx"> return LOGIN_OPTIONAL; </span><del>- \
} else if (isOptional && userConfiguredSkippable != NOT_SKIPPABLE) { \
</del><ins>+ } else if (isOptional && \
userConfiguredSkippable != OathService.NOT_SKIPPABLE) { </ins><span class="cx"> \
throw new AuthLoginException(amAuthOATH, "authFailed", null); //invalid so \
error </span><span class="cx"> } else {
</span><span class="cx"> if (settings == null) {
</span><span class="lines">@@ -306,7 +307,7 @@
</span><span class="cx">
</span><span class="cx"> selectedIndex = ((ConfirmationCallback) \
callbacks[1]).getSelectedIndex(); </span><span class="cx"> if \
(selectedIndex == SKIP_OATH_INDEX) { </span><del>- \
setUserSkipOath(id, true); </del><ins>+ \
realmOathService.setUserSkipOath(id, true); </ins><span class="cx"> \
return ISAuthConstants.LOGIN_SUCCEED; </span><span class="cx"> }
</span><span class="cx">
</span><span class="lines">@@ -350,7 +351,7 @@
</span><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> case REGISTER_DEVICE:
</span><del>- setUserSkipOath(id, false);
</del><ins>+ realmOathService.setUserSkipOath(id, false);
</ins><span class="cx"> return LOGIN_SAVED_DEVICE;
</span><span class="cx">
</span><span class="cx"> case RECOVERY_USED:
</span><span class="lines">@@ -369,7 +370,7 @@
</span><span class="cx"> private OathDeviceSettings createBasicDevice(AMIdentity \
id) throws AuthLoginException { </span><span class="cx">
</span><span class="cx"> OathDeviceSettings settings = \
deviceFactory.createDeviceProfile(minSecretKeyLength); </span><del>- \
settings.setLastLogin(System.currentTimeMillis()); </del><ins>+ \
settings.setLastLogin(System.currentTimeMillis(), TimeUnit.MILLISECONDS); </ins><span \
class="cx"> settings.setChecksumDigit(checksum); </span><span class="cx"> \
settings.setRecoveryCodes(OathDeviceSettings.generateRecoveryCodes(NUM_CODES)); \
</span><span class="cx"> </span><span class="lines">@@ -413,19 +414,18 @@
</span><span class="cx"> private void detectNecessity(AMIdentity identity) throws \
AuthLoginException, IdRepoException, SSOException { </span><span class="cx">
</span><span class="cx"> //not optional if they haven't selected anywhere to \
save the user's preference </span><del>- if (isOptional && \
skippableAttrName == null) { </del><ins>+ if (isOptional && \
StringUtils.isBlank(realmOathService.getSkippableAttributeName())) { </ins><span \
class="cx"> isOptional = false; </span><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> //value is stored as: 0 (not chosen), 1 (skippable) \
or 2 (not skippable) </span><span class="cx"> if (isOptional) {
</span><del>- Set response = identity.getAttribute(skippableAttrName);
</del><ins>+ Set response = \
identity.getAttribute(realmOathService.getSkippableAttributeName()); </ins><span \
class="cx"> if (response != null && !response.isEmpty()) { //sets \
skippable to true if set in user </span><span class="cx"> String tmp \
= (String) response.iterator().next(); </span><span class="cx"> \
userConfiguredSkippable = Integer.valueOf(tmp); </span><span class="cx"> \
} </span><span class="cx"> }
</span><del>-
</del><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> private void paintRegisterDeviceCallback(AMIdentity id, \
OathDeviceSettings settings) throws AuthLoginException { </span><span \
class="lines">@@ -600,8 +600,8 @@ </span><span class="cx"> otpGen \
= HOTPAlgorithm.generateOTP(secretKeyBytes, counter + i, passLen, checksum, \
</span><span class="cx"> truncationOffset); </span><span \
class="cx"> if (otpGen.equals(otp)) { </span><del>- \
//OTP is correct set the counter value to counter+i
- setCounterAttr(id, counter + i, settings);
</del><ins>+ //OTP is correct set the counter value to \
counter+i (+1 for having been successful) + setCounterAttr(id, \
counter + i + 1, settings); </ins><span class="cx"> return \
true; </span><span class="cx"> }
</span><span class="cx"> }
</span><span class="lines">@@ -611,10 +611,10 @@
</span><span class="cx"> */
</span><span class="cx">
</span><span class="cx"> //get Last login time
</span><del>- long lastLoginTime = settings.getLastLogin();
</del><ins>+ long lastLoginTimeStep = settings.getLastLogin() / \
totpTimeStep; </ins><span class="cx">
</span><span class="cx"> //Check TOTP values for validity
</span><del>- if (lastLoginTime < 0) {
</del><ins>+ if (lastLoginTimeStep < 0) {
</ins><span class="cx"> debug.error("OATH.checkOTP() : \
invalid login time value : "); </span><span class="cx"> \
throw new AuthLoginException(amAuthOATH, "authFailed", null); </span><span \
class="cx"> } </span><span class="lines">@@ -631,15 +631,14 @@
</span><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> //get Time Step
</span><del>- long localTime = time;
- localTime /= totpTimeStep;
</del><ins>+ long localTime = (time / totpTimeStep) + \
(settings.getClockDriftSeconds() / totpTimeStep); </ins><span class="cx">
</span><span class="cx"> boolean sameWindow = false;
</span><span class="cx">
</span><span class="cx"> //check if we are in the time window to \
prevent 2 logins within the window using the same OTP </span><span class="cx">
</span><del>- if (lastLoginTime >= (localTime - totpStepsInWindow) \
&&
- lastLoginTime <= (localTime + totpStepsInWindow)) {
</del><ins>+ if (lastLoginTimeStep >= (localTime - \
totpStepsInWindow) && + lastLoginTimeStep <= \
(localTime + totpStepsInWindow)) { </ins><span class="cx"> if \
(debug.messageEnabled()) { </span><span class="cx"> \
debug.message("OATH.checkOTP() : Logging in in the same TOTP window"); \
</span><span class="cx"> } </span><span class="lines">@@ -669,11 \
+668,11 @@ </span><span class="cx"> //check time step before \
current time </span><span class="cx"> otpGen = \
TOTPAlgorithm.generateTOTP(secretKey, Long.toHexString(time2), passLenStr); \
</span><span class="cx"> </span><del>- if (otpGen.equals(otp) \
&& sameWindow){ </del><ins>+ if (otpGen.equals(otp) \
&& sameWindow) { </ins><span class="cx"> \
debug.error("OATH.checkOTP() : Logging in in the same window with a OTP that is \
older " + </span><span class="cx"> "than \
the current times OTP"); </span><span class="cx"> return \
false; </span><del>- } else if(otpGen.equals(otp) && \
!sameWindow) { </del><ins>+ } else if (otpGen.equals(otp) \
&& !sameWindow) { </ins><span class="cx"> \
setLoginTime(id, time2, settings); </span><span class="cx"> \
return true; </span><span class="cx"> }
</span><span class="lines">@@ -683,6 +682,9 @@
</span><span class="cx"> debug.error("OATH.checkOTP() : No OTP \
algorithm selected"); </span><span class="cx"> throw new \
AuthLoginException(amAuthOATH, "authFailed", null); </span><span \
class="cx"> } </span><ins>+ } catch (AuthLoginException e) {
+ // Re-throw to avoid the catch-all block below that would log and lose \
the error message. + throw e;
</ins><span class="cx"> } catch (Exception e) {
</span><span class="cx"> debug.error("OATH.checkOTP() : checkOTP \
process failed : ", e); </span><span class="cx"> throw new \
AuthLoginException(amAuthOATH, "authFailed", null); </span><span \
class="lines">@@ -770,23 +772,22 @@ </span><span class="cx"> * Sets the last \
login time of a user. </span><span class="cx"> *
</span><span class="cx"> * @param id The id of the user to set the attribute \
of. </span><del>- * @param time The time to set the attribute too.
</del><ins>+ * @param time The time <strong>step</strong> to set the \
attribute to. </ins><span class="cx"> * @param settings The settings to store \
the value in. </span><span class="cx"> */
</span><span class="cx"> private void setLoginTime(AMIdentity id, long time, \
OathDeviceSettings settings) </span><span class="cx"> throws \
AuthLoginException, IOException, InternalServerErrorException { </span><del>- \
settings.setLastLogin(time); </del><ins>+ settings.setLastLogin(time * \
totpTimeStep, TimeUnit.SECONDS); +
+ // Update the observed time-step drift for resynchronisation
+ long drift = time - (this.time / totpTimeStep);
+ if (Math.abs(drift) > totpMaxClockDrift) {
+ setFailureID(userName);
+ throw new AuthLoginException(amAuthOATH, "outOfSync", null);
+ }
+
+ settings.setClockDriftSeconds((int) drift * totpTimeStep);
</ins><span class="cx"> devicesDao.saveDeviceProfiles(id.getName(), \
id.getRealm(), </span><span class="cx"> \
Collections.singletonList(JsonConversionUtils.toJsonValue(settings))); </span><span \
class="cx"> } </span><del>-
- private void setUserSkipOath(AMIdentity id, boolean userSkipOath) throws \
IdRepoException, SSOException {
- final HashMap<String, Set<String>> attributesToWrite = new \
HashMap<>();
- attributesToWrite.put(skippableAttrName,
- userSkipOath ?
- Collections.singleton(String.valueOf(SKIPPABLE)) :
- Collections.singleton(String.valueOf(NOT_SKIPPABLE)));
- id.setAttributes(attributesToWrite);
- id.store();
- }
</del><span class="cx"> }
</span></span></pre></div>
<a id="branchesAME7692_noRestartsAuthopenamopenamauthenticationopenamauthoathsrcmainjavaorgforgerockopenamauthenticationmodulesoathOathGuiceModulejava"></a>
<div class="modfile"><h4>Modified: \
branches/AME-7692_noRestartsAuth/openam/openam-authentication/openam-auth-oath/src/main/java/org/forgerock/openam/authentication/modules/oath/OathGuiceModule.java \
(14908 => 14909)</h4> <pre class="diff"><span>
<span class="info">--- \
branches/AME-7692_noRestartsAuth/openam/openam-authentication/openam-auth-oath/src/mai \
n/java/org/forgerock/openam/authentication/modules/oath/OathGuiceModule.java 2015-07-31 \
14:42:37 UTC (rev 14908)
+++ branches/AME-7692_noRestartsAuth/openam/openam-authentication/openam-auth-oath/src \
/main/java/org/forgerock/openam/authentication/modules/oath/OathGuiceModule.java 2015-07-31 \
15:38:51 UTC (rev 14909) </span><span class="lines">@@ -21,6 +21,7 @@
</span><span class="cx"> import com.google.inject.name.Names;
</span><span class="cx"> import com.sun.identity.shared.debug.Debug;
</span><span class="cx"> import org.forgerock.guice.core.GuiceModule;
</span><ins>+import org.forgerock.openam.oauth2.resources.labels.LabelsGuiceModule;
</ins><span class="cx"> import org.forgerock.openam.rest.devices.OathDevicesDao;
</span><span class="cx"> import \
org.forgerock.openam.rest.devices.services.OathServiceFactory; </span><span \
class="cx"> </span><span class="lines">@@ -34,7 +35,6 @@
</span><span class="cx"> public class OathGuiceModule extends AbstractModule {
</span><span class="cx"> @Override
</span><span class="cx"> protected void configure() {
</span><del>-
</del><span class="cx"> // Auth module debug instances
</span><span class="cx"> \
bind(Debug.class).annotatedWith(Names.named("amAuthOATH")).toInstance(Debug.getInstance("amAuthOATH"));
</span><span class="cx">
</span></span></pre></div>
<a id="branchesAME7692_noRestartsAuthopenamopenamauthenticationopenamauthoathsrcmainresourcesamAuthOATHproperties"></a>
<div class="modfile"><h4>Modified: \
branches/AME-7692_noRestartsAuth/openam/openam-authentication/openam-auth-oath/src/main/resources/amAuthOATH.properties \
(14908 => 14909)</h4> <pre class="diff"><span>
<span class="info">--- \
branches/AME-7692_noRestartsAuth/openam/openam-authentication/openam-auth-oath/src/main/resources/amAuthOATH.properties 2015-07-31 \
14:42:37 UTC (rev 14908)
+++ branches/AME-7692_noRestartsAuth/openam/openam-authentication/openam-auth-oath/src/main/resources/amAuthOATH.properties 2015-07-31 \
15:38:51 UTC (rev 14909) </span><span class="lines">@@ -47,11 +47,10 @@
</span><span class="cx"> a511=Last Login Time Attribute
</span><span class="cx"> a511.help=Attribute to store the time of the users last \
login. This is required if TOTP is chosen as the OATH algorithm. </span><span \
class="cx"> a511.help.txt=This attribute stores the last time a user logged in to \
prevent time based attacks. The value is stored as a number (Unix Time). \
</span><del>-a512=Optional Module
-a512.help=If enabled, the first time a user encounters this module they will be \
offered the chance to skip it. Subsequently \
- they will not be challenged by 2FA unless they re-enable it via their dashboard.
-a513=Optional Module Attribute
-a513.help=Where to store the user's choice pertaining to the optional nature of the \
module. </del><ins>+a514=Maximum Allowed Clock Drift
+a514.help=Number of time steps a client is allowed to get out of sync with the \
server before manual resynchronisation\ + is required.
</ins><span class="cx"> HOTP=HOTP
</span><span class="cx"> TOTP=TOTP
</span><del>-authFailed=Authentication Failed
</del><span class="cx">\ No newline at end of file
</span><ins>+authFailed=Authentication Failed
+outOfSync=Device has exceeded maximum clock drift. Please re-register your device.
</ins><span class="cx">\ No newline at end of file
</span></span></pre></div>
<a id="branchesAME7692_noRestartsAuthopenamopenamauthenticationopenamauthoathsrcmainresourcesamAuthOATHxml"></a>
<div class="modfile"><h4>Modified: \
branches/AME-7692_noRestartsAuth/openam/openam-authentication/openam-auth-oath/src/main/resources/amAuthOATH.xml \
(14908 => 14909)</h4> <pre class="diff"><span>
<span class="info">--- \
branches/AME-7692_noRestartsAuth/openam/openam-authentication/openam-auth-oath/src/main/resources/amAuthOATH.xml 2015-07-31 \
14:42:37 UTC (rev 14908)
+++ branches/AME-7692_noRestartsAuth/openam/openam-authentication/openam-auth-oath/src/main/resources/amAuthOATH.xml 2015-07-31 \
15:38:51 UTC (rev 14909) </span><span class="lines">@@ -94,16 +94,6 @@
</span><span class="cx"> </DefaultValues>
</span><span class="cx"> </AttributeSchema>
</span><span class="cx">
</span><del>- <AttributeSchema \
name="iplanet-am-auth-oath-skippable-attr-name"
- type="single"
- syntax="string"
- i18nKey="a513"
- resourceName="oathSkippableAttrName">
- <DefaultValues>
- <Value>oath2faEnabled</Value>
- </DefaultValues>
- </AttributeSchema>
-
</del><span class="cx"> <AttributeSchema \
name="iplanet-am-auth-oath-add-checksum" </span><span class="cx"> \
type="single_choice" </span><span class="cx"> \
syntax="string" </span><span class="lines">@@ -144,6 +134,16 @@
</span><span class="cx"> <Value>2</Value>
</span><span class="cx"> </DefaultValues>
</span><span class="cx"> </AttributeSchema>
</span><ins>+ <AttributeSchema \
name="openam-auth-oath-maximum-clock-drift" + \
type="single" + syntax="number"
+ i18nKey="a514"
+ resourceName="totpMaximumClockDrift"
+ rangeStart="0" \
rangeEnd="2147483648"> + <DefaultValues>
+ <Value>0</Value>
+ </DefaultValues>
+ </AttributeSchema>
</ins><span class="cx"> <SubSchema name="serverconfig" \
inheritance="multiple" resourceName="USE-PARENT"> </span><span \
class="cx"> <AttributeSchema \
name="iplanet-am-auth-oath-auth-level" </span><span class="cx"> \
type="single" </span><span class="lines">@@ -195,16 +195,6 @@
</span><span class="cx"> </DefaultValues>
</span><span class="cx"> </AttributeSchema>
</span><span class="cx">
</span><del>- <AttributeSchema \
name="iplanet-am-auth-oath-skippable-attr-name"
- type="single"
- syntax="string"
- i18nKey="a513"
- \
resourceName="oathSkippableAttrName">
- <DefaultValues>
- <Value>oath2faEnabled</Value>
- </DefaultValues>
- </AttributeSchema>
-
</del><span class="cx"> <AttributeSchema \
name="iplanet-am-auth-oath-add-checksum" </span><span class="cx"> \
type="single_choice" </span><span class="cx"> \
syntax="string" </span><span class="lines">@@ -245,6 +235,16 @@
</span><span class="cx"> <Value>2</Value>
</span><span class="cx"> </DefaultValues>
</span><span class="cx"> </AttributeSchema>
</span><ins>+ <AttributeSchema \
name="openam-auth-oath-maximum-clock-drift" + \
type="single" + syntax="number"
+ i18nKey="a514"
+ resourceName="totpMaximumClockDrift"
+ rangeStart="0" rangeEnd="2147483648">
+ <DefaultValues>
+ <Value>0</Value>
+ </DefaultValues>
+ </AttributeSchema>
</ins><span class="cx"> </SubSchema>
</span><span class="cx"> </Organization>
</span><span class="cx"> </Schema>
</span></span></pre></div>
<a id="branchesAME7692_noRestartsAuthopenamopenamauthenticationopenamauthoathsrctestjavaorgforgerockopenamauthenticationmodulesoathOathMakerTestjava"></a>
<div class="modfile"><h4>Modified: \
branches/AME-7692_noRestartsAuth/openam/openam-authentication/openam-auth-oath/src/test/java/org/forgerock/openam/authentication/modules/oath/OathMakerTest.java \
(14908 => 14909)</h4> <pre class="diff"><span>
<span class="info">--- \
branches/AME-7692_noRestartsAuth/openam/openam-authentication/openam-auth-oath/src/tes \
t/java/org/forgerock/openam/authentication/modules/oath/OathMakerTest.java 2015-07-31 \
14:42:37 UTC (rev 14908)
+++ branches/AME-7692_noRestartsAuth/openam/openam-authentication/openam-auth-oath/src \
/test/java/org/forgerock/openam/authentication/modules/oath/OathMakerTest.java 2015-07-31 \
15:38:51 UTC (rev 14909) </span><span class="lines">@@ -32,6 +32,7 @@
</span><span class="cx">
</span><span class="cx"> import java.security.SecureRandom;
</span><span class="cx"> import java.util.List;
</span><ins>+import java.util.concurrent.TimeUnit;
</ins><span class="cx">
</span><span class="cx"> public class OathMakerTest {
</span><span class="cx"> private static final int SECRET_HEX_LENGTH = 20;
</span><span class="lines">@@ -82,7 +83,7 @@
</span><span class="cx"> deviceSettings.setCounter(42);
</span><span class="cx"> deviceSettings.setSharedSecret("sekret");
</span><span class="cx"> deviceSettings.setChecksumDigit(true);
</span><del>- deviceSettings.setLastLogin(99);
</del><ins>+ deviceSettings.setLastLogin(99, TimeUnit.MILLISECONDS);
</ins><span class="cx"> deviceSettings.setDeviceName("test \
device"); </span><span class="cx"> \
deviceSettings.setTruncationOffset(32); </span><span class="cx"> JsonValue \
expectedJson = JsonConversionUtils.toJsonValue(deviceSettings); \
</span></span></pre></div> <a \
id="branchesAME7692_noRestartsAuthopenamopenamauthenticationopenamauthwindowsdesktopsso"></a>
<div class="propset"><h4>Property changes: \
branches/AME-7692_noRestartsAuth/openam/openam-authentication/openam-auth-windowsdesktopsso</h4>
<pre class="diff"><span>
</span></pre></div>
<a id="svnmergeinfo"></a>
<div class="modfile"><h4>Modified: svn:mergeinfo</h4></div>
<span class="cx">/branches/AME-2629/openam/openam-authentication/openam-auth-windowsdesktopsso:7585-7632
</span><span class="cx">/branches/AME-2766-policy-entitlements-REST-APIs/openam/openam-authentication/openam-auth-windowsdesktopsso:8455-8476
</span><span class="cx">/branches/AME-3087-entitlements-CREST-management/openam/openam-authentication/openam-auth-windowsdesktopsso:8481-8664
</span><span class="cx">/branches/AME-3087_query_and_patch/openam/openam-authentication/openam-auth-windowsdesktopsso:8667-8681
</span><span class="cx">/branches/AME-3405-session-read-from-cts/openam/openam-authentication/openam-auth-windowsdesktopsso:8749-8823
</span><span class="cx">/branches/AME-3423/openam/openam-authentication/openam-auth-windowsdesktopsso:10105-10414
</span><span class="cx">/branches/AME-3612-pcunnington/openam/openam-authentication/openam-auth-windowsdesktopsso:9534-9723
</span><span class="cx">/branches/AME-3719/openam/openam-authentication/openam-auth-windowsdesktopsso:9517-9879
</span><span class="cx">/branches/AME-3726-script-sandboxing/openam/openam-authentication/openam-auth-windowsdesktopsso:9663-9819
</span><span class="cx">/branches/AME-4378/openam/openam-authentication/openam-auth-windowsdesktopsso:10443-10621
</span><span class="cx">/branches/AME-4460_AME-4459/openam/openam-authentication/openam-auth-windowsdesktopsso:10437-10535
</span><span class="cx">/branches/AME-4547/openam/openam-authentication/openam-auth-windowsdesktopsso:10585-10783
</span><span class="cx">/branches/AME-4569-XACML-Response-Provider-Support/openam/openam-authentication/openam-auth-windowsdesktopsso:10624-10817
</span><span class="cx">/branches/AME-4595/openam/openam-authentication/openam-auth-windowsdesktopsso:10581-10789
</span><span class="cx">/branches/AME-4609/openam/openam-authentication/openam-auth-windowsdesktopsso:10678-10949
</span><span class="cx">/branches/AME-4616/openam/openam-authentication/openam-auth-windowsdesktopsso:10652-10817
</span><span class="cx">/branches/AME-4638/openam/openam-authentication/openam-auth-windowsdesktopsso:10869-11050
</span><span class="cx">/branches/AME-5023/openam/openam-authentication/openam-auth-windowsdesktopsso:11070-11123
</span><span class="cx">/branches/AME-5326_refactor_and_test_oath_module/openam/openam-authentication/openam-auth-windowsdesktopsso:13066-13428
</span><span class="cx">/branches/AME-5568-stateless-sessions/openam/openam-authentication/openam-auth-windowsdesktopsso:12629-13078
</span><span class="cx">/branches/AME-6128_and_AME-6129_JSONify_attributes_for_OATH/openam/openam-authentication/openam-auth-windowsdesktopsso:13797-13866
</span><span class="cx">/branches/AME-6128_and_AME-6129_new_user_attributes_for_OATH/openam/openam-authentication/openam-auth-windowsdesktopsso:13602-13794
</span><span class="cx">/branches/AME-6369/openam/openam-authentication/openam-auth-windowsdesktopsso:13289-13686
</span><span class="cx">/branches/AME-6627_Remove-LDAP-SDK/openam/openam-authentication/openam-auth-windowsdesktopsso:13713-14249
</span><span class="cx">/branches/AME-7286/openam/openam-authentication/openam-auth-windowsdesktopsso:14363-14465
</span><span class="cx">/branches/CTS-Async/openam/openam-authentication/openam-auth-windowsdesktopsso:8847-9739
</span><span class="cx">/branches/OPENAM-2961-forgot-password-404/openam/openam-authentication/openam-auth-windowsdesktopsso:8322-8362
</span><span class="cx">/branches/OPENAM-3097-sessions-not-deleted/openam/openam-authentication/openam-auth-windowsdesktopsso:6910-6946
</span><span class="cx">/branches/OPENAM-3130-session-quota/openam/openam-authentication/openam-auth-windowsdesktopsso:6958-6972
</span><span class="cx">/branches/OPENAM-3283-CTS-thread-exceptions/openam/openam-authentication/openam-auth-windowsdesktopsso:7270-7369
</span><span class="cx">/branches/OPENAM-3425-class-cast-exception/openam/openam-authentication/openam-auth-windowsdesktopsso:8333-8359
</span><span class="cx">/branches/OPENAM-3782-forgotten-password-changes/openam/openam-authentication/openam-auth-windowsdesktopsso:8747-8835
</span><span class="cx">/branches/OPENAM-4028-connection-pool/openam/openam-authentication/openam-auth-windowsdesktopsso:9750-10171
</span><span class="cx">/branches/OPENAM-4384-ssoadm-classpath/openam/openam-authentication/openam-auth-windowsdesktopsso:10263-10264
</span><span class="cx">/branches/OPENAM-4394/openam/openam-authentication/openam-auth-windowsdesktopsso:11059-11099
</span><span class="cx">/branches/OPENAM-4775-REST-endpoint-malformed-3/openam/openam-authentication/openam-auth-windowsdesktopsso:11322-11331
</span><span class="cx">/branches/OPENAM-5019_entitlement_condition_validation/openam/openam-authentication/openam-auth-windowsdesktopsso:11455-11491
</span><span class="cx">/branches/OPENAM-5269/openam/openam-authentication/openam-auth-windowsdesktopsso:11838-11851
</span><span class="cx">/branches/OPENAM-5970_trim_unused_qrcode_references/openam/openam-authentication/openam-auth-windowsdesktopsso:13756-13770
</span><span class="cx">/branches/OPENAM-OPENAM-3528-client-side-session-validation/openam/openam-authentication/openam-auth-windowsdesktopsso:7834-7844
</span><span class="cx">/branches/ame4272/openam/openam-authentication/openam-auth-windowsdesktopsso:10073-10101
</span><span class="cx">/branches/andy-ame-2227-v2/openam/openam-authentication/openam-auth-windowsdesktopsso:7508-7697
</span><span class="cx">/branches/andy-ame1316-connectionfactory/openam/openam-authentication/openam-auth-windowsdesktopsso:5311-5328
</span><span class="cx">/branches/andy-cts-connection-pool/openam/openam-authentication/openam-auth-windowsdesktopsso:7098-7175
</span><span class="cx">/branches/andy-openam-2654/openam/openam-authentication/openam-auth-windowsdesktopsso:6872-6911
</span><span class="cx">/branches/andy-openam-2880/openam/openam-authentication/openam-auth-windowsdesktopsso:6451-6503
</span><span class="cx">/branches/andy-openam-2907/openam/openam-authentication/openam-auth-windowsdesktopsso:6531-6534
</span><span class="cx">/branches/andy-openam-3006/openam/openam-authentication/openam-auth-windowsdesktopsso:6709-6749
</span><span class="cx">/branches/andy-openam-3063/openam/openam-authentication/openam-auth-windowsdesktopsso:6927-6948
</span><span class="cx">/branches/andy-openam-3193/openam/openam-authentication/openam-auth-windowsdesktopsso:7124-7128
</span><span class="cx">/branches/andy-openam-3248/openam/openam-authentication/openam-auth-windowsdesktopsso:7171-7715
</span><span class="cx">/branches/andy-openam2743/openam/openam-authentication/openam-auth-windowsdesktopsso:6372-6439
</span><span class="cx">/branches/andy-openam2744/openam/openam-authentication/openam-auth-windowsdesktopsso:6347-6367
</span><span class="cx">/branches/andyAme2972/openam/openam-authentication/openam-auth-windowsdesktopsso:8270-8318
</span><span class="cx">/branches/andyAme3102/openam/openam-authentication/openam-auth-windowsdesktopsso:8312-8413
</span><span class="cx">/branches/andyAme3196/openam/openam-authentication/openam-auth-windowsdesktopsso:8853-9084
</span><span class="cx">/branches/andyOpenam1708/openam/openam-authentication/openam-auth-windowsdesktopsso:5576-5592
</span><span class="cx">/branches/andyOpenam2140/openam/openam-authentication/openam-auth-windowsdesktopsso:7819-7862
</span><span class="cx">/branches/andyOpenam2373/openam/openam-authentication/openam-auth-windowsdesktopsso:5600-5706
</span><span class="cx">/branches/andyOpenam2525/openam/openam-authentication/openam-auth-windowsdesktopsso:5601-5733
</span><span class="cx">/branches/andyOpenam3509/openam/openam-authentication/openam-auth-windowsdesktopsso:7881-7963
</span><span class="cx">/branches/andyOpenam3638/openam/openam-authentication/openam-auth-windowsdesktopsso:8094-8172
</span><span class="cx">/branches/andyOpenam3969/openam/openam-authentication/openam-auth-windowsdesktopsso:10453-10977
</span><span class="cx">/branches/andyPolicyCrest/openam/openam-authentication/openam-auth-windowsdesktopsso:8295-8813
</span><span class="cx">/branches/apforrest-ame1316/openam/openam-authentication/openam-auth-windowsdesktopsso:4881-5305
</span><span class="cx">/branches/apforrest_ame805_indextree/openam/openam-authentication/openam-auth-windowsdesktopsso:4567-4852
</span><span class="cx">/branches/cert_chain_bug/openam-authentication/openam-auth-windowsdesktopsso:11102-11125
</span><span class="cx">/branches/contextualAuthz/openam/openam-authentication/openam-auth-windowsdesktopsso:12734-12787
</span><span class="cx">/branches/dirk_oauth_perf/openam-authentication/openam-auth-windowsdesktopsso:5904
</span><span class="cx">/branches/dirk_sts/openam-authentication/openam-auth-windowsdesktopsso:5297,5314,5317-5318,5320-5321
</span><span class="cx">/branches/initial_uma/openam/openam-authentication/openam-auth-windowsdesktopsso:12067-12470
</span><span class="cx">/branches/oidc_authn/openam-authentication/openam-auth-windowsdesktopsso:8507,8540,8557-8559,8565-8566
</span><span class="cx">/branches/openam-3049-cts-reaper-connection-usage/openam/openam-authentication/openam-auth-windowsdesktopsso:6658-6745
</span><span class="cx">/branches/openam-3053-cts-tab-exception/openam/openam-authentication/openam-auth-windowsdesktopsso:6672-6721
</span><span class="cx">/branches/openam-3072-cts-configuration/openam/openam-authentication/openam-auth-windowsdesktopsso:6691-6714
</span><span class="cx">/branches/openam-3092-store-mode-error/openam/openam-authentication/openam-auth-windowsdesktopsso:6729-6733
</span><span class="cx">/branches/openam-3110-create-or-update-bug/openam/openam-authentication/openam-auth-windowsdesktopsso:6767-6804
</span><span class="cx">/branches/openam2742-andy/openam/openam-authentication/openam-auth-windowsdesktopsso:6266-6323
</span><span class="cx">/branches/openam_10.1.0_xacml3_JAS/openam/openam-authentication/openam-auth-windowsdesktopsso:4039-4140
</span><span class="cx">/branches/openam_10.2.0_xacml3_JAS/openam/openam-authentication/openam-auth-windowsdesktopsso:4141-4379
</span><span class="cx">/branches/pcunnington-AME-3115-refactor/openam/openam-authentication/openam-auth-windowsdesktopsso:8348-8473
</span><span class="cx">/branches/pcunnington-AME-3158/openam/openam-authentication/openam-auth-windowsdesktopsso:8476-8577
</span><span class="cx">/branches/pcunnington-AME-350/openam/openam-authentication/openam-auth-windowsdesktopsso:4165-4344
</span><span class="cx">/branches/pcunnington-ame-344/openam/openam-authentication/openam-auth-windowsdesktopsso:4651-5199
</span><span class="cx">/branches/pcunnington-oauth2/openam/openam-authentication/openam-auth-windowsdesktopsso:8710-8793
</span><span class="cx">/branches/phcunnington-AME-3114/openam/openam-authentication/openam-auth-windowsdesktopsso:8314-8341
</span><span class="cx">/branches/policyimprovements/openam/openam-authentication/openam-auth-windowsdesktopsso:5513-5515
</span><span class="cx">/branches/referralsWithoutApplications/openam/openam-authentication/openam-auth-windowsdesktopsso:11071-11119
</span><span class="cx">/branches/rest_sts_publish/openam-authentication/openam-auth-windowsdesktopsso:8167,8180,8214,8227,8245,8260
</span><span class="cx">/branches/rest_sts_view_bean/openam-authentication/openam-auth-windowsdesktopsso:9690-9965
</span><span class="cx">/branches/rwapshott-AME-1739/openam/openam-authentication/openam-auth-windowsdesktopsso:5331-5353
</span><span class="cx">/branches/rwapshott-AME-215/openam/openam-authentication/openam-auth-windowsdesktopsso:4091-4155
</span><span class="cx">/branches/rwapshott-AME-257/openam/openam-authentication/openam-auth-windowsdesktopsso:4047-4126
</span><span class="cx">/branches/rwapshott-AME-804/openam/openam-authentication/openam-auth-windowsdesktopsso:4267-5404
</span><span class="cx">/branches/rwapshott-ame-2027-cts-oids-should-follow-fr-oid-scheme/openam/openam-authentication/openam-auth-windowsdesktopsso:5609-5614
</span><span class="cx">/branches/rwapshott-ame-2160-session-size/openam/openam-authentication/openam-auth-windowsdesktopsso:6086-6319
</span><span class="cx">/branches/rwapshott-ame-2311-index-names/openam/openam-authentication/openam-auth-windowsdesktopsso:6058-6069
</span><span class="cx">/branches/rwapshott-ame-258-cts-replication/openam/openam-authentication/openam-auth-windowsdesktopsso:5548-6055
</span><span class="cx">/branches/rwapshott-openam-2198-session-resource-protection/openam/openam-authentication/openam-auth-windowsdesktopsso:5628-5824
</span><span class="cx">/branches/rwapshott-openam-2526/openam/openam-authentication/openam-auth-windowsdesktopsso:5442-5484
</span><span class="cx">/branches/rwapshott-openam-2716-cts-invalid-chars/openam/openam-authentication/openam-auth-windowsdesktopsso:6170-6194
</span><span class="cx">/branches/rwapshott-openam-2729-saml2-error/openam/openam-authentication/openam-auth-windowsdesktopsso:6247-6257
</span><span class="cx">/branches/soap_sts_admin_ui/openam-authentication/openam-auth-windowsdesktopsso:14254-14454
</span><span class="cx">/branches/soap_sts_config/openam-authentication/openam-auth-windowsdesktopsso:12590-12719,12744
</span><span class="cx">/branches/soap_sts_policy/openam-authentication/openam-auth-windowsdesktopsso:12762-13106,13172-13354
</span><span class="cx">/branches/soap_sts_x509/openam-authentication/openam-auth-windowsdesktopsso:13550-13640,13667,13693
</span><span class="cx">/branches/stateless_logout/openam/openam-authentication/openam-auth-windowsdesktopsso:12511-13298
</span><span class="cx">/branches/sts_client_sdk/openam-authentication/openam-auth-windowsdesktopsso:11175-11185
</span><span class="cx">/branches/sts_custom_ops/openam-authentication/openam-auth-windowsdesktopsso:14051-14331
</span><span class="cx">/branches/sts_disable_am_token/openam-authentication/openam-auth-windowsdesktopsso:11204,11229-11233
</span><span class="cx">/branches/sts_filtering/openam-authentication/openam-auth-win \
dowsdesktopsso:10605-10717,10719-10900,10924,10927,10929-10931,10955,10963-10964,10986,10989,10993,10996,11001-11002,11028-11029
</span><span class="cx">/branches/sts_oidc_saml/openam-authentication/openam-auth-windowsdesktopsso:8310,8352,8355,8368,8378-8379,8387-8388,8403,8410,8416
</span><span class="cx">/branches/sts_oidc_saml_redux/openam-authentication/openam-auth-windowsdesktopsso:8417-8422,8424,8440,8445-8446,8460,8490,8498
</span><span class="cx">/branches/sts_restart_persistence/openam-authentication/openam-auth-windowsdesktopsso:9003-9005,9009-9414
</span><span class="cx">/branches/sts_saml2_encrypt/openam-authentication/openam-auth-windowsdesktopsso:10424-10472,10474-10550
</span><span class="cx">/branches/sts_sans_cxf/openam-authentication/openam-auth-windowsdesktopsso:13383-13518,13532-13542
</span><span class="cx">/branches/sts_service_listeners/openam-authentication/openam-auth-windowsdesktopsso:9968-10031,10047-10048,10053
</span><span class="cx">/branches/sts_soap/openam-authentication/openam-auth-windowsdesktopsso:11665-12039,12056-12242,12273-12321
</span><span class="cx">/branches/sts_tgs_oidc/openam-authentication/openam-auth-windowsdesktopsso:13712-14040
</span><span class="cx">/branches/sts_token_gen_service/openam-authentication/openam- \
auth-windowsdesktopsso:8706,8717-8720,8723-8725,8727-8728,8731,8737,8740-8742,8759-8760,8774-8776,8796-8797,8800-8801,8818-8819,8821
</span><span class="cx">/branches/sts_token_gen_service2/openam-authentication/openam-auth-windowsdesktopsso:8844-8887,8894-9000
</span><span class="cx">/branches/sts_x509/openam-authentication/openam-auth-windowsdesktopsso:10206-10398
</span><span class="cx">/fr-branches/11.0.x/openam/openam-authentication/openam-auth-windowsdesktopsso:11440,12915
</span><span class="cx">/fr-branches/12.0.x/openam/openam-authentication/openam-auth-windowsdesktopsso:12922
</span><span class="cx"> + \
/branches/AME-2526-SFO-between-sites/openam/openam-authentication/openam-auth-windowsdesktopsso:7510-8258
</span><span class="cx">/branches/AME-2629/openam/openam-authentication/openam-auth-windowsdesktopsso:7585-7632
</span><span class="cx">/branches/AME-2766-policy-entitlements-REST-APIs/openam/openam-authentication/openam-auth-windowsdesktopsso:8455-8476
</span><span class="cx">/branches/AME-3087-entitlements-CREST-management/openam/openam-authentication/openam-auth-windowsdesktopsso:8481-8664
</span><span class="cx">/branches/AME-3087_query_and_patch/openam/openam-authentication/openam-auth-windowsdesktopsso:8667-8681
</span><span class="cx">/branches/AME-3405-session-read-from-cts/openam/openam-authentication/openam-auth-windowsdesktopsso:8749-8823
</span><span class="cx">/branches/AME-3423/openam/openam-authentication/openam-auth-windowsdesktopsso:10105-10414
</span><span class="cx">/branches/AME-3612-pcunnington/openam/openam-authentication/openam-auth-windowsdesktopsso:9534-9723
</span><span class="cx">/branches/AME-3719/openam/openam-authentication/openam-auth-windowsdesktopsso:9517-9879
</span><span class="cx">/branches/AME-3726-script-sandboxing/openam/openam-authentication/openam-auth-windowsdesktopsso:9663-9819
</span><span class="cx">/branches/AME-4378/openam/openam-authentication/openam-auth-windowsdesktopsso:10443-10621
</span><span class="cx">/branches/AME-4460_AME-4459/openam/openam-authentication/openam-auth-windowsdesktopsso:10437-10535
</span><span class="cx">/branches/AME-4547/openam/openam-authentication/openam-auth-windowsdesktopsso:10585-10783
</span><span class="cx">/branches/AME-4569-XACML-Response-Provider-Support/openam/openam-authentication/openam-auth-windowsdesktopsso:10624-10817
</span><span class="cx">/branches/AME-4595/openam/openam-authentication/openam-auth-windowsdesktopsso:10581-10789
</span><span class="cx">/branches/AME-4609/openam/openam-authentication/openam-auth-windowsdesktopsso:10678-10949
</span><span class="cx">/branches/AME-4616/openam/openam-authentication/openam-auth-windowsdesktopsso:10652-10817
</span><span class="cx">/branches/AME-4638/openam/openam-authentication/openam-auth-windowsdesktopsso:10869-11050
</span><span class="cx">/branches/AME-5023/openam/openam-authentication/openam-auth-windowsdesktopsso:11070-11123
</span><span class="cx">/branches/AME-5326_refactor_and_test_oath_module/openam/openam-authentication/openam-auth-windowsdesktopsso:13066-13428
</span><span class="cx">/branches/AME-5568-stateless-sessions/openam/openam-authentication/openam-auth-windowsdesktopsso:12629-13078
</span><span class="cx">/branches/AME-6128_and_AME-6129_JSONify_attributes_for_OATH/openam/openam-authentication/openam-auth-windowsdesktopsso:13797-13866
</span><span class="cx">/branches/AME-6128_and_AME-6129_new_user_attributes_for_OATH/openam/openam-authentication/openam-auth-windowsdesktopsso:13602-13794
</span><span class="cx">/branches/AME-6369/openam/openam-authentication/openam-auth-windowsdesktopsso:13289-13686
</span><span class="cx">/branches/AME-6627_Remove-LDAP-SDK/openam/openam-authentication/openam-auth-windowsdesktopsso:13713-14249
</span><span class="cx">/branches/AME-7286/openam/openam-authentication/openam-auth-windowsdesktopsso:14363-14465
</span><span class="cx">/branches/AME-7754_UMA_labels/openam/openam-authentication/openam-auth-windowsdesktopsso:14781-14882
</span><span class="cx">/branches/CTS-Async/openam/openam-authentication/openam-auth-windowsdesktopsso:8847-9739
</span><span class="cx">/branches/OPENAM-2961-forgot-password-404/openam/openam-authentication/openam-auth-windowsdesktopsso:8322-8362
</span><span class="cx">/branches/OPENAM-3097-sessions-not-deleted/openam/openam-authentication/openam-auth-windowsdesktopsso:6910-6946
</span><span class="cx">/branches/OPENAM-3130-session-quota/openam/openam-authentication/openam-auth-windowsdesktopsso:6958-6972
</span><span class="cx">/branches/OPENAM-3283-CTS-thread-exceptions/openam/openam-authentication/openam-auth-windowsdesktopsso:7270-7369
</span><span class="cx">/branches/OPENAM-3425-class-cast-exception/openam/openam-authentication/openam-auth-windowsdesktopsso:8333-8359
</span><span class="cx">/branches/OPENAM-3782-forgotten-password-changes/openam/openam-authentication/openam-auth-windowsdesktopsso:8747-8835
</span><span class="cx">/branches/OPENAM-4028-connection-pool/openam/openam-authentication/openam-auth-windowsdesktopsso:9750-10171
</span><span class="cx">/branches/OPENAM-4384-ssoadm-classpath/openam/openam-authentication/openam-auth-windowsdesktopsso:10263-10264
</span><span class="cx">/branches/OPENAM-4394/openam/openam-authentication/openam-auth-windowsdesktopsso:11059-11099
</span><span class="cx">/branches/OPENAM-4775-REST-endpoint-malformed-3/openam/openam-authentication/openam-auth-windowsdesktopsso:11322-11331
</span><span class="cx">/branches/OPENAM-5019_entitlement_condition_validation/openam/openam-authentication/openam-auth-windowsdesktopsso:11455-11491
</span><span class="cx">/branches/OPENAM-5269/openam/openam-authentication/openam-auth-windowsdesktopsso:11838-11851
</span><span class="cx">/branches/OPENAM-5970_trim_unused_qrcode_references/openam/openam-authentication/openam-auth-windowsdesktopsso:13756-13770
</span><span class="cx">/branches/OPENAM-6272-OPENAM-1462-OATH-RFEs/openam/openam-authentication/openam-auth-windowsdesktopsso:14653-14742
</span><span class="cx">/branches/OPENAM-6326-ssoadm-classpath/openam/openam-authentication/openam-auth-windowsdesktopsso:14839-14844
</span><span class="cx">/branches/OPENAM-OPENAM-3528-client-side-session-validation/openam/openam-authentication/openam-auth-windowsdesktopsso:7834-7844
</span><span class="cx">/branches/ame4272/openam/openam-authentication/openam-auth-windowsdesktopsso:10073-10101
</span><span class="cx">/branches/andy-ame-2227-v2/openam/openam-authentication/openam-auth-windowsdesktopsso:7508-7697
</span><span class="cx">/branches/andy-ame1316-connectionfactory/openam/openam-authentication/openam-auth-windowsdesktopsso:5311-5328
</span><span class="cx">/branches/andy-cts-connection-pool/openam/openam-authentication/openam-auth-windowsdesktopsso:7098-7175
</span><span class="cx">/branches/andy-openam-2654/openam/openam-authentication/openam-auth-windowsdesktopsso:6872-6911
</span><span class="cx">/branches/andy-openam-2880/openam/openam-authentication/openam-auth-windowsdesktopsso:6451-6503
</span><span class="cx">/branches/andy-openam-2907/openam/openam-authentication/openam-auth-windowsdesktopsso:6531-6534
</span><span class="cx">/branches/andy-openam-3006/openam/openam-authentication/openam-auth-windowsdesktopsso:6709-6749
</span><span class="cx">/branches/andy-openam-3063/openam/openam-authentication/openam-auth-windowsdesktopsso:6927-6948
</span><span class="cx">/branches/andy-openam-3193/openam/openam-authentication/openam-auth-windowsdesktopsso:7124-7128
</span><span class="cx">/branches/andy-openam-3248/openam/openam-authentication/openam-auth-windowsdesktopsso:7171-7715
</span><span class="cx">/branches/andy-openam2743/openam/openam-authentication/openam-auth-windowsdesktopsso:6372-6439
</span><span class="cx">/branches/andy-openam2744/openam/openam-authentication/openam-auth-windowsdesktopsso:6347-6367
</span><span class="cx">/branches/andyAme2972/openam/openam-authentication/openam-auth-windowsdesktopsso:8270-8318
</span><span class="cx">/branches/andyAme3102/openam/openam-authentication/openam-auth-windowsdesktopsso:8312-8413
</span><span class="cx">/branches/andyAme3196/openam/openam-authentication/openam-auth-windowsdesktopsso:8853-9084
</span><span class="cx">/branches/andyOpenam1708/openam/openam-authentication/openam-auth-windowsdesktopsso:5576-5592
</span><span class="cx">/branches/andyOpenam2140/openam/openam-authentication/openam-auth-windowsdesktopsso:7819-7862
</span><span class="cx">/branches/andyOpenam2373/openam/openam-authentication/openam-auth-windowsdesktopsso:5600-5706
</span><span class="cx">/branches/andyOpenam2525/openam/openam-authentication/openam-auth-windowsdesktopsso:5601-5733
</span><span class="cx">/branches/andyOpenam3509/openam/openam-authentication/openam-auth-windowsdesktopsso:7881-7963
</span><span class="cx">/branches/andyOpenam3638/openam/openam-authentication/openam-auth-windowsdesktopsso:8094-8172
</span><span class="cx">/branches/andyOpenam3969/openam/openam-authentication/openam-auth-windowsdesktopsso:10453-10977
</span><span class="cx">/branches/andyPolicyCrest/openam/openam-authentication/openam-auth-windowsdesktopsso:8295-8813
</span><span class="cx">/branches/apforrest-ame1316/openam/openam-authentication/openam-auth-windowsdesktopsso:4881-5305
</span><span class="cx">/branches/apforrest_ame805_indextree/openam/openam-authentication/openam-auth-windowsdesktopsso:4567-4852
</span><span class="cx">/branches/cert_chain_bug/openam-authentication/openam-auth-windowsdesktopsso:11102-11125
</span><span class="cx">/branches/contextualAuthz/openam/openam-authentication/openam-auth-windowsdesktopsso:12734-12787
</span><span class="cx">/branches/dirk_oauth_perf/openam-authentication/openam-auth-windowsdesktopsso:5904
</span><span class="cx">/branches/dirk_sts/openam-authentication/openam-auth-windowsdesktopsso:5297,5314,5317-5318,5320-5321
</span><span class="cx">/branches/initial_uma/openam/openam-authentication/openam-auth-windowsdesktopsso:12067-12470
</span><span class="cx">/branches/openam-3049-cts-reaper-connection-usage/openam/openam-authentication/openam-auth-windowsdesktopsso:6658-6745
</span><span class="cx">/branches/openam-3053-cts-tab-exception/openam/openam-authentication/openam-auth-windowsdesktopsso:6672-6721
</span><span class="cx">/branches/openam-3072-cts-configuration/openam/openam-authentication/openam-auth-windowsdesktopsso:6691-6714
</span><span class="cx">/branches/openam-3092-store-mode-error/openam/openam-authentication/openam-auth-windowsdesktopsso:6729-6733
</span><span class="cx">/branches/openam-3110-create-or-update-bug/openam/openam-authentication/openam-auth-windowsdesktopsso:6767-6804
</span><span class="cx">/branches/openam2742-andy/openam/openam-authentication/openam-auth-windowsdesktopsso:6266-6323
</span><span class="cx">/branches/openam_10.1.0_xacml3_JAS/openam/openam-authentication/openam-auth-windowsdesktopsso:4039-4140
</span><span class="cx">/branches/openam_10.2.0_xacml3_JAS/openam/openam-authentication/openam-auth-windowsdesktopsso:4141-4379
</span><span class="cx">/branches/pcunnington-AME-3115-refactor/openam/openam-authentication/openam-auth-windowsdesktopsso:8348-8473
</span><span class="cx">/branches/pcunnington-AME-3158/openam/openam-authentication/openam-auth-windowsdesktopsso:8476-8577
</span><span class="cx">/branches/pcunnington-AME-350/openam/openam-authentication/openam-auth-windowsdesktopsso:4165-4344
</span><span class="cx">/branches/pcunnington-ame-344/openam/openam-authentication/openam-auth-windowsdesktopsso:4651-5199
</span><span class="cx">/branches/pcunnington-oauth2/openam/openam-authentication/openam-auth-windowsdesktopsso:8710-8793
</span><span class="cx">/branches/phcunnington-AME-3114/openam/openam-authentication/openam-auth-windowsdesktopsso:8314-8341
</span><span class="cx">/branches/policyimprovements/openam/openam-authentication/openam-auth-windowsdesktopsso:5513-5515
</span><span class="cx">/branches/referralsWithoutApplications/openam/openam-authentication/openam-auth-windowsdesktopsso:11071-11119
</span><span class="cx">/branches/rest_sts_publish/openam-authentication/openam-auth-windowsdesktopsso:8167,8180,8214,8227,8245,8260
</span><span class="cx">/branches/rest_sts_view_bean/openam-authentication/openam-auth-windowsdesktopsso:9690-9965
</span><span class="cx">/branches/rwapshott-AME-1739/openam/openam-authentication/openam-auth-windowsdesktopsso:5331-5353
</span><span class="cx">/branches/rwapshott-AME-215/openam/openam-authentication/openam-auth-windowsdesktopsso:4091-4155
</span><span class="cx">/branches/rwapshott-AME-257/openam/openam-authentication/openam-auth-windowsdesktopsso:4047-4126
</span><span class="cx">/branches/rwapshott-AME-804/openam/openam-authentication/openam-auth-windowsdesktopsso:4267-5404
</span><span class="cx">/branches/rwapshott-ame-2027-cts-oids-should-follow-fr-oid-scheme/openam/openam-authentication/openam-auth-windowsdesktopsso:5609-5614
</span><span class="cx">/branches/rwapshott-ame-2160-session-size/openam/openam-authentication/openam-auth-windowsdesktopsso:6086-6319
</span><span class="cx">/branches/rwapshott-ame-2311-index-names/openam/openam-authentication/openam-auth-windowsdesktopsso:6058-6069
</span><span class="cx">/branches/rwapshott-ame-258-cts-replication/openam/openam-authentication/openam-auth-windowsdesktopsso:5548-6055
</span><span class="cx">/branches/rwapshott-openam-2198-session-resource-protection/openam/openam-authentication/openam-auth-windowsdesktopsso:5628-5824
</span><span class="cx">/branches/rwapshott-openam-2526/openam/openam-authentication/openam-auth-windowsdesktopsso:5442-5484
</span><span class="cx">/branches/rwapshott-openam-2716-cts-invalid-chars/openam/openam-authentication/openam-auth-windowsdesktopsso:6170-6194
</span><span class="cx">/branches/rwapshott-openam-2729-saml2-error/openam/openam-authentication/openam-auth-windowsdesktopsso:6247-6257
</span><span class="cx">/branches/soap_sts_admin_ui/openam-authentication/openam-auth-windowsdesktopsso:14254-14454
</span><span class="cx">/branches/soap_sts_config/openam-authentication/openam-auth-windowsdesktopsso:12590-12719,12744
</span><span class="cx">/branches/soap_sts_policy/openam-authentication/openam-auth-windowsdesktopsso:12762-13106,13172-13354
</span><span class="cx">/branches/soap_sts_x509/openam-authentication/openam-auth-windowsdesktopsso:13550-13640,13667,13693
</span><span class="cx">/branches/stateless_logout/openam/openam-authentication/openam-auth-windowsdesktopsso:12511-13298
</span><span class="cx">/branches/sts_client_sdk/openam-authentication/openam-auth-windowsdesktopsso:11175-11185
</span><span class="cx">/branches/sts_custom_ops/openam-authentication/openam-auth-windowsdesktopsso:14051-14331
</span><span class="cx">/branches/sts_disable_am_token/openam-authentication/openam-auth-windowsdesktopsso:11204,11229-11233
</span><span class="cx">/branches/sts_filtering/openam-authentication/openam-auth-win \
dowsdesktopsso:10605-10717,10719-10900,10924,10927,10929-10931,10955,10963-10964,10986,10989,10993,10996,11001-11002,11028-11029
</span><span class="cx">/branches/sts_oidc_saml/openam-authentication/openam-auth-windowsdesktopsso:8310,8352,8355,8368,8378-8379,8387-8388,8403,8410,8416
</span><span class="cx">/branches/sts_oidc_saml_redux/openam-authentication/openam-auth-windowsdesktopsso:8417-8422,8424,8440,8445-8446,8460,8490,8498
</span><span class="cx">/branches/sts_restart_persistence/openam-authentication/openam-auth-windowsdesktopsso:9003-9005,9009-9414
</span><span class="cx">/branches/sts_saml2_encrypt/openam-authentication/openam-auth-windowsdesktopsso:10424-10472,10474-10550
</span><span class="cx">/branches/sts_sans_cxf/openam-authentication/openam-auth-windowsdesktopsso:13383-13518,13532-13542
</span><span class="cx">/branches/sts_service_listeners/openam-authentication/openam-auth-windowsdesktopsso:9968-10031,10047-10048,10053
</span><span class="cx">/branches/sts_soap/openam-authentication/openam-auth-windowsdesktopsso:11665-12039,12056-12242,12273-12321
</span><span class="cx">/branches/sts_tgs_oidc/openam-authentication/openam-auth-windowsdesktopsso:13712-14040
</span><span class="cx">/branches/sts_token_gen_service/openam-authentication/openam- \
auth-windowsdesktopsso:8706,8717-8720,8723-8725,8727-8728,8731,8737,8740-8742,8759-8760,8774-8776,8796-8797,8800-8801,8818-8819,8821
</span><span class="cx">/branches/sts_token_gen_service2/openam-authentication/openam-auth-windowsdesktopsso:8844-8887,8894-9000
</span><span class="cx">/branches/sts_x509/openam-authentication/openam-auth-windowsdesktopsso:10206-10398
</span><span class="cx">/fr-branches/11.0.x/openam/openam-authentication/openam-auth-windowsdesktopsso:11440,12915
</span><span class="cx">/fr-branches/12.0.x/openam/openam-authentication/openam-auth-windowsdesktopsso:12922
</span><span class="cx">/trunk/openam/openam-authentication/openam-auth-windowsdesktopsso:14738-14908
</span><a id="branchesAME7692_noRestartsAuthopenamopenamcliopenamclidefinitionssrcmainjavacomsunidentityclidefinitionAccessManagerjava"></a>
<div class="modfile"><h4>Modified: \
branches/AME-7692_noRestartsAuth/openam/openam-cli/openam-cli-definitions/src/main/java/com/sun/identity/cli/definition/AccessManager.java \
(14908 => 14909)</h4> <pre class="diff"><span>
<span class="info">--- \
branches/AME-7692_noRestartsAuth/openam/openam-cli/openam-cli-definitions/src/main/java/com/sun/identity/cli/definition/AccessManager.java 2015-07-31 \
14:42:37 UTC (rev 14908)
+++ branches/AME-7692_noRestartsAuth/openam/openam-cli/openam-cli-definitions/src/main/java/com/sun/identity/cli/definition/AccessManager.java 2015-07-31 \
15:38:51 UTC (rev 14909) </span><span class="lines">@@ -1836,7 +1836,7 @@
</span><span class="cx">
</span><span class="cx"> @SubCommandInfo(
</span><span class="cx"> \
implClassName="com.sun.identity.cli.schema.ExportServiceConfiguration", \
</span><del>- description="Export service configuration.", \
</del><ins>+ description="Export service configuration. In production \
environments, you should back up the service configuration using file system \
utilities or the export-ldif command.", </ins><span class="cx"> \
webSupport="false", </span><span class="cx"> mandatoryOptions={
</span><span class="cx"> "encryptsecret|e|s|Secret key for \
encrypting password. Any arbitrary value can be specified."}, </span><span \
class="lines">@@ -1851,7 +1851,7 @@ </span><span class="cx">
</span><span class="cx"> @SubCommandInfo(
</span><span class="cx"> \
implClassName="com.sun.identity.cli.schema.ImportServiceConfiguration", \
</span><del>- description="Import service configuration.", \
</del><ins>+ description="Import service configuration. In production \
environments, you should restore the service configuration using file system \
utilities or the import-ldif command.", </ins><span class="cx"> \
webSupport="false", </span><span class="cx"> mandatoryOptions={
</span><span class="cx"> "encryptsecret|e|s|Secret key for \
decrypting password.", </span></span></pre></div>
<a id="branchesAME7692_noRestartsAuthopenamopenamconsolesrcmainwebappconsoleserviceServerEditUMAjsp"></a>
<div class="modfile"><h4>Modified: \
branches/AME-7692_noRestartsAuth/openam/openam-console/src/main/webapp/console/service/ServerEditUMA.jsp \
(14908 => 14909)</h4> <pre class="diff"><span>
<span class="info">--- \
branches/AME-7692_noRestartsAuth/openam/openam-console/src/main/webapp/console/service/ServerEditUMA.jsp 2015-07-31 \
14:42:37 UTC (rev 14908)
+++ branches/AME-7692_noRestartsAuth/openam/openam-console/src/main/webapp/console/service/ServerEditUMA.jsp 2015-07-31 \
15:38:51 UTC (rev 14909) </span><span class="lines">@@ -44,14 +44,24 @@
</span><span class="cx"> heartbeat: \
'ServerEditUMA.cscorg-forgerock-services-umaaudit-store-heartbeat' </span><span \
class="cx"> }, </span><span class="cx"> \
pendingrequests: { </span><del>- storeLocationRadioButtonName: \
'ServerEditUMA.cscorg-forgerock-services-uma-pendingrequests-store-location',
- sslEnableCheckBoxName: \
'ServerEditUMA.cscorg-forgerock-services-uma-pendingrequests-store-ssl-enabled',
- directoryNameFieldName: \
'ServerEditUMA.cscorg-forgerock-services-uma-pendingrequests-store-directory-name',
- portFieldName: \
'ServerEditUMA.cscorg-forgerock-services-uma-pendingrequests-store-port',
- loginIdFieldName: \
'ServerEditUMA.cscorg-forgerock-services-uma-pendingrequests-store-loginid',
- passwordFieldName: \
'ServerEditUMA.cscorg-forgerock-services-uma-pendingrequests-store-password',
- maxConnectionsFieldName: \
'ServerEditUMA.cscorg-forgerock-services-uma-pendingrequests-store-max-connections',
- heartbeat: \
'ServerEditUMA.cscorg-forgerock-services-uma-pendingrequests-store-heartbeat' \
</del><ins>+ storeLocationRadioButtonName: \
'ServerEditUMA.cscorg-forgerock-services-uma-pendingrequests-store-location', + \
sslEnableCheckBoxName: \
'ServerEditUMA.cscorg-forgerock-services-uma-pendingrequests-store-ssl-enabled', + \
directoryNameFieldName: \
'ServerEditUMA.cscorg-forgerock-services-uma-pendingrequests-store-directory-name', + \
portFieldName: 'ServerEditUMA.cscorg-forgerock-services-uma-pendingrequests-store-port',
+ loginIdFieldName: \
'ServerEditUMA.cscorg-forgerock-services-uma-pendingrequests-store-loginid', + \
passwordFieldName: 'ServerEditUMA.cscorg-forgerock-services-uma-pendingrequests-store-password',
+ maxConnectionsFieldName: \
'ServerEditUMA.cscorg-forgerock-services-uma-pendingrequests-store-max-connections', \
+ heartbeat: \
'ServerEditUMA.cscorg-forgerock-services-uma-pendingrequests-store-heartbeat' + \
}, + labels: {
+ storeLocationRadioButtonName: \
'ServerEditUMA.cscorg-forgerock-services-uma-labels-store-location', + \
sslEnableCheckBoxName: \
'ServerEditUMA.cscorg-forgerock-services-uma-labels-store-ssl-enabled', + \
directoryNameFieldName: \
'ServerEditUMA.cscorg-forgerock-services-uma-labels-store-directory-name', + \
portFieldName: 'ServerEditUMA.cscorg-forgerock-services-uma-labels-store-port', + \
loginIdFieldName: 'ServerEditUMA.cscorg-forgerock-services-uma-labels-store-loginid', \
+ passwordFieldName: \
'ServerEditUMA.cscorg-forgerock-services-uma-labels-store-password', + \
maxConnectionsFieldName: \
'ServerEditUMA.cscorg-forgerock-services-uma-labels-store-max-connections', + \
heartbeat: 'ServerEditUMA.cscorg-forgerock-services-uma-labels-store-heartbeat' \
</ins><span class="cx"> } </span><span class="cx"> };
</span><span class="cx">
</span><span class="lines">@@ -59,6 +69,7 @@
</span><span class="cx"> setState(fields.audit);
</span><span class="cx"> setState(fields.resourcesets);
</span><span class="cx"> setState(fields.pendingrequests);
</span><ins>+ setState(fields.labels);
</ins><span class="cx"> };
</span><span class="cx">
</span><span class="cx"> function setState(fieldset) {
</span><span class="lines">@@ -87,7 +98,6 @@
</span><span class="cx"> toggleField(fieldset.portFieldName, \
readonly); </span><span class="cx"> \
toggleField(fieldset.loginIdFieldName, readonly); </span><span class="cx"> \
toggleField(fieldset.passwordFieldName, readonly); </span><del>- \
toggleField(fieldset.maxConnectionsFieldName, readonly); </del><span class="cx"> \
toggleField(fieldset.heartbeat, readonly); </span><span class="cx"> }
</span><span class="cx">
</span></span></pre></div>
<a id="branchesAME7692_noRestartsAuthopenamopenamcorepomxml"></a>
<div class="modfile"><h4>Modified: \
branches/AME-7692_noRestartsAuth/openam/openam-core/pom.xml (14908 => 14909)</h4> \
<pre class="diff"><span> <span class="info">--- \
branches/AME-7692_noRestartsAuth/openam/openam-core/pom.xml 2015-07-31 14:42:37 UTC \
(rev 14908)
+++ branches/AME-7692_noRestartsAuth/openam/openam-core/pom.xml 2015-07-31 15:38:51 \
UTC (rev 14909) </span><span class="lines">@@ -150,6 +150,14 @@
</span><span class="cx"> </dependency>
</span><span class="cx"> <dependency>
</span><span class="cx"> \
<groupId>org.forgerock.openam</groupId> </span><ins>+ \
<artifactId>openam-audit-context</artifactId> + \
</dependency> + <dependency>
+ <groupId>org.forgerock.openam</groupId>
+ <artifactId>openam-audit-core</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>org.forgerock.openam</groupId>
</ins><span class="cx"> \
<artifactId>openam-coretoken</artifactId> </span><span class="cx"> \
</dependency> </span><span class="cx"> <dependency>
</span><span class="lines">@@ -259,6 +267,11 @@
</span><span class="cx"> </dependency>
</span><span class="cx">
</span><span class="cx"> <dependency>
</span><ins>+ <groupId>org.forgerock.commons.guava</groupId>
+ <artifactId>forgerock-guava-io</artifactId>
+ </dependency>
+
+ <dependency>
</ins><span class="cx"> <groupId>external</groupId>
</span><span class="cx"> <artifactId>esapiport</artifactId>
</span><span class="cx"> </dependency>
</span></span></pre></div>
<a id="branchesAME7692_noRestartsAuthopenamopenamcoresrcmainjavacomiplanetamutilAMSendMailjava"></a>
<div class="modfile"><h4>Modified: \
branches/AME-7692_noRestartsAuth/openam/openam-core/src/main/java/com/iplanet/am/util/AMSendMail.java \
(14908 => 14909)</h4> <pre class="diff"><span>
<span class="info">--- \
branches/AME-7692_noRestartsAuth/openam/openam-core/src/main/java/com/iplanet/am/util/AMSendMail.java 2015-07-31 \
14:42:37 UTC (rev 14908)
+++ branches/AME-7692_noRestartsAuth/openam/openam-core/src/main/java/com/iplanet/am/util/AMSendMail.java 2015-07-31 \
15:38:51 UTC (rev 14909) </span><span class="lines">@@ -45,17 +45,14 @@
</span><span class="cx"> */
</span><span class="cx"> public class AMSendMail {
</span><span class="cx">
</span><del>- private static String mailServerHost = SystemProperties.get(
- Constants.AM_SMTP_HOST, "localhost");
- private static String mailServerPort = SystemProperties.get(
- Constants.SM_SMTP_PORT, "25");
- private static Properties props = new Properties();
</del><ins>+ private Properties props = new Properties();
</ins><span class="cx">
</span><del>-
- static {
- // Set the host smtp address
- props.put("mail.smtp.host", mailServerHost);
- props.put("mail.smtp.port", mailServerPort);
</del><ins>+ /**
+ * Constructor that grabs its SMTP values from SystemProperties.
+ */
+ public AMSendMail() {
+ props.put("mail.smtp.host", \
SystemProperties.get(Constants.AM_SMTP_HOST, "localhost")); + \
props.put("mail.smtp.port", SystemProperties.get(Constants.SM_SMTP_PORT, \
"25")); </ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> /**
</span><span class="lines">@@ -242,20 +239,4 @@
</span><span class="cx"> // Transport the message now
</span><span class="cx"> Transport.send(msg);
</span><span class="cx"> }
</span><del>-
- public static void main(String[] args) {
-
- String from = "<" + "ganesh@iplanet.com" + \
">";
- String[] to = {"malla@sun.com", "ganesh@iplanet.com"};
- String sub = "Hello Bond";
- String msg = "Have fun dude";
-
- try {
- AMSendMail sm = new AMSendMail();
- sm.postMail(to, sub, msg, from);
- } catch (MessagingException ex) {
- System.out.println("Message Exception occured");
- ex.printStackTrace();
- }
- }
</del><span class="cx"> }
</span></span></pre></div>
<a id="branchesAME7692_noRestartsAuthopenamopenamcoresrcmainjavacomiplanetdprosessionserviceSessionRequestHandlerjava"></a>
<div class="modfile"><h4>Modified: \
branches/AME-7692_noRestartsAuth/openam/openam-core/src/main/java/com/iplanet/dpro/session/service/SessionRequestHandler.java \
(14908 => 14909)</h4> <pre class="diff"><span>
<span class="info">--- \
branches/AME-7692_noRestartsAuth/openam/openam-core/src/main/java/com/iplanet/dpro/session/service/SessionRequestHandler.java 2015-07-31 \
14:42:37 UTC (rev 14908)
+++ branches/AME-7692_noRestartsAuth/openam/openam-core/src/main/java/com/iplanet/dpro/session/service/SessionRequestHandler.java 2015-07-31 \
15:38:51 UTC (rev 14909) </span><span class="lines">@@ -51,6 +51,7 @@
</span><span class="cx"> import com.iplanet.services.comm.share.ResponseSet;
</span><span class="cx"> import com.iplanet.sso.SSOToken;
</span><span class="cx"> import com.iplanet.sso.SSOTokenManager;
</span><ins>+import com.iplanet.services.comm.server.PLLAuditor;
</ins><span class="cx"> import com.sun.identity.session.util.RestrictedTokenAction;
</span><span class="cx"> import com.sun.identity.session.util.RestrictedTokenContext;
</span><span class="cx"> import com.sun.identity.session.util.SessionUtils;
</span><span class="lines">@@ -88,7 +89,7 @@
</span><span class="cx"> = \
InjectorHolder.getInstance(SessionCookies.class); </span><span class="cx"> \
private static final SessionCache sessionCache = \
InjectorHolder.getInstance(SessionCache.class); </span><span class="cx"> private \
static final SessionPLLSender sessionPLLSender = \
InjectorHolder.getInstance(SessionPLLSender.class); </span><del>-
</del><ins>+
</ins><span class="cx"> public SessionRequestHandler() {
</span><span class="cx"> sessionService = \
InjectorHolder.getInstance(SessionService.class); </span><span class="cx"> \
sessionDebug = InjectorHolder.getInstance(Key.get(Debug.class, \
Names.named(SESSION_DEBUG))); </span><span class="lines">@@ -96,88 +97,117 @@
</span><span class="cx"> serviceConfig = \
InjectorHolder.getInstance(SessionServiceConfig.class); </span><span class="cx"> \
} </span><span class="cx">
</span><del>- public ResponseSet process(List<Request> requests,
- HttpServletRequest servletRequest,
- HttpServletResponse servletResponse, ServletContext servletContext) {
</del><ins>+ public ResponseSet process(PLLAuditor auditor,
+ List<Request> requests,
+ HttpServletRequest servletRequest,
+ HttpServletResponse servletResponse,
+ ServletContext servletContext) {
</ins><span class="cx"> ResponseSet rset = new \
ResponseSet(SessionService.SESSION_SERVICE); </span><del>-
</del><ins>+
</ins><span class="cx"> for (Request req : requests) {
</span><del>- Response res = processRequest(req, servletRequest, \
servletResponse); </del><ins>+ Response res = processRequest(auditor, req, \
servletRequest, servletResponse); </ins><span class="cx"> \
rset.addResponse(res); </span><span class="cx"> }
</span><del>-
</del><ins>+
</ins><span class="cx"> return rset;
</span><span class="cx"> }
</span><span class="cx">
</span><del>- private Response processRequest(Request req,
- HttpServletRequest servletRequest,
- HttpServletResponse servletResponse) {
- String content = req.getContent();
- SessionRequest sreq = SessionRequest.parseXML(content);
</del><ins>+ private Response processRequest(
+ final PLLAuditor auditor,
+ final Request req,
+ final HttpServletRequest servletRequest,
+ final HttpServletResponse servletResponse) {
+
+ final SessionRequest sreq = SessionRequest.parseXML(req.getContent());
+ auditor.setMethod(sreq.getMethodName());
</ins><span class="cx"> SessionResponse sres = new \
SessionResponse(sreq.getRequestID(), sreq.getMethodID()); </span><span class="cx">
</span><ins>+ Object context;
</ins><span class="cx"> try {
</span><span class="cx"> // use remote client IP as default \
RestrictedToken context </span><del>- Object context = \
SessionUtils.getClientAddress(servletRequest); </del><ins>+ context = \
SessionUtils.getClientAddress(servletRequest); </ins><span class="cx"> \
this.clientToken = null; </span><del>- String requester = \
sreq.getRequester();
-
- if (requester != null) {
- try {
- context = RestrictedTokenContext.unmarshal(requester);
-
- if (context instanceof SSOToken) {
- SSOTokenManager ssoTokenManager = \
SSOTokenManager.getInstance();
- SSOToken adminToken = (SSOToken)context;
-
- if (!ssoTokenManager.isValidToken(adminToken)) {
- sres.setException(SessionBundle.getString(
- "appTokenInvalid") + requester);
- return new Response(sres.toXMLString());
- }
-
- this.clientToken = (SSOToken)context;
</del><ins>+ } catch (Exception ex) {
+ sessionDebug.error("SessionRequestHandler encounterd \
exception", ex); + sres.setException(ex.getMessage());
+ return auditedExceptionResponse(auditor, sres);
+ }
+
+ String requester = sreq.getRequester();
+ if (requester != null) {
+ try {
+ context = RestrictedTokenContext.unmarshal(requester);
+
+ if (context instanceof SSOToken) {
+ SSOTokenManager ssoTokenManager = SSOTokenManager.getInstance();
+ SSOToken adminToken = (SSOToken)context;
+
+ if (!ssoTokenManager.isValidToken(adminToken)) {
+ \
sres.setException(SessionBundle.getString("appTokenInvalid") + requester); \
+ return auditedExceptionResponse(auditor, sres); </ins><span \
class="cx"> } </span><del>- } catch (Exception ex) \
{
- if (sessionDebug.warningEnabled()) {
- sessionDebug.warning(
- "SessionRequestHandler.processRequest:"
- + "app token invalid, sending Session \
response"
- +" with Exception");
- }
- sres.setException(SessionBundle.getString(
- "appTokenInvalid") + requester);
- return new Response(sres.toXMLString());
</del><ins>+
+ this.clientToken = (SSOToken)context;
</ins><span class="cx"> }
</span><ins>+ } catch (Exception ex) {
+ if (sessionDebug.warningEnabled()) {
+ sessionDebug.warning(
+ "SessionRequestHandler.processRequest:"
+ + "app token invalid, sending Session \
response" + +" with Exception");
+ }
+ sres.setException(SessionBundle.getString("appTokenInvalid") \
+ requester); + return auditedExceptionResponse(auditor, sres);
</ins><span class="cx"> }
</span><del>-
- final HttpServletRequest httpReq = servletRequest;
- final HttpServletResponse httpResp = servletResponse;
- final SessionRequest fsreq = sreq;
</del><ins>+ }
+
+ try {
</ins><span class="cx"> sres = (SessionResponse) \
RestrictedTokenContext.doUsing(context, </span><span class="cx"> \
new RestrictedTokenAction() { </span><span class="cx"> public \
Object run() throws Exception { </span><del>- return \
processSessionRequest(fsreq, httpReq,
- httpResp);
</del><ins>+ return processSessionRequest(auditor, sreq, \
servletRequest, servletResponse); </ins><span class="cx"> }
</span><span class="cx"> });
</span><span class="cx"> } catch (Exception ex) {
</span><span class="cx"> sessionDebug.error("SessionRequestHandler \
encounterd exception", ex); </span><span class="cx"> \
sres.setException(ex.getMessage()); </span><span class="cx"> }
</span><del>-
</del><ins>+
+ if (sres.getException() == null) {
+ auditor.auditAccessSuccess();
+ } else {
+ auditor.auditAccessFailure(sres.getException());
+ }
+
</ins><span class="cx"> return new Response(sres.toXMLString());
</span><span class="cx"> }
</span><span class="cx">
</span><del>- private SessionResponse processSessionRequest(SessionRequest req,
- HttpServletRequest servletRequest,
- HttpServletResponse servletResponse) {
- SessionResponse res = new SessionResponse(req.getRequestID(), req
- .getMethodID());
</del><ins>+ private Response auditedExceptionResponse(PLLAuditor auditor, \
SessionResponse sres) { + auditor.auditAccessAttempt();
+ auditor.auditAccessFailure(sres.getException());
+ return new Response(sres.toXMLString());
+ }
+
+ private SessionResponse processSessionRequest(PLLAuditor auditor,
+ SessionRequest req,
+ HttpServletRequest servletRequest,
+ HttpServletResponse \
servletResponse) { + SessionResponse res = new \
SessionResponse(req.getRequestID(), req.getMethodID()); </ins><span class="cx"> \
SessionID sid = new SessionID(req.getSessionID()); </span><span class="cx"> \
Session requesterSession = null; </span><span class="cx">
</span><span class="cx"> try {
</span><ins>+
+ /*
+ * Always lookup the Session so that we can extract audit information \
from it. If sid belongs to a remote + * session, then looking up the \
session may require further inter-server communication. + * Note, this \
also acts as a filter since we must have a valid session identifier in order to \
proceed. + */
+ requesterSession = sessionCache.getSession(sid);
+ auditor.setAuthenticationId(requesterSession.getClientID());
+ auditor.setContextId(requesterSession.getProperty(Constants.AM_CTX_ID));
+ auditor.auditAccessAttempt();
+
</ins><span class="cx"> /* common processing by groups of methods */
</span><span class="cx"> switch (req.getMethodID()) {
</span><span class="cx"> /*
</span><span class="lines">@@ -187,148 +217,124 @@
</span><span class="cx"> * the operation Session pointed by sid is not \
expected to be local </span><span class="cx"> * to this server (although \
it might) </span><span class="cx"> */
</span><del>- case SessionRequest.GetValidSessions:
- case SessionRequest.AddSessionListenerOnAllSessions:
- case SessionRequest.GetSessionCount:
</del><ins>+ case SessionRequest.GetValidSessions:
+ case SessionRequest.AddSessionListenerOnAllSessions:
+ case SessionRequest.GetSessionCount:
</ins><span class="cx"> /*
</span><del>- * note that the purpose of the following is just to \
check the
- * authentication of the caller (which can also be used as a
- * filter for the operation scope!)
- */
- requesterSession = sessionCache.getSession(sid);
- /*
</del><span class="cx"> * also check that sid is not a restricted \
token </span><span class="cx"> */
</span><del>- if (requesterSession.getProperty(TOKEN_RESTRICTION_PROP) \
!= null) {
- res.setException(sid + " " + \
SessionBundle.getString("noPrivilege"));
- return res;
- }
-
- break;
</del><ins>+ if \
(requesterSession.getProperty(TOKEN_RESTRICTION_PROP) != null) { + \
res.setException(sid + " " + \
SessionBundle.getString("noPrivilege")); + return \
res; + }
</ins><span class="cx">
</span><ins>+ break;
+
</ins><span class="cx"> /*
</span><span class="cx"> * In this group request is targeting a single \
session identified by </span><span class="cx"> * sid which is supposed \
to be hosted by this server instance sid is </span><span class="cx"> * \
used both as an id of a session and to authenticate the operation </span><span \
class="cx"> * (performed on own session) </span><span class="cx"> \
*/ </span><del>- case SessionRequest.GetSession:
- case SessionRequest.Logout:
- case SessionRequest.AddSessionListener:
- case SessionRequest.SetProperty:
- case SessionRequest.DestroySession:
- if (req.getMethodID() == SessionRequest.DestroySession) {
</del><ins>+ case SessionRequest.GetSession:
+ case SessionRequest.Logout:
+ case SessionRequest.AddSessionListener:
+ case SessionRequest.SetProperty:
+ case SessionRequest.DestroySession:
+ if (req.getMethodID() == SessionRequest.DestroySession) {
</ins><span class="cx"> /*
</span><del>- * note that the purpose of the following is just to \
check
- * the authentication of the caller (which can also be used
- * as a filter for the operation scope!)
- */
- requesterSession = sessionCache.getSession(sid);
- /*
</del><span class="cx"> * also check that sid is not a \
restricted token </span><span class="cx"> */
</span><del>- if \
(requesterSession.getProperty(TOKEN_RESTRICTION_PROP) != null) {
- res.setException(sid + " " + \
SessionBundle.getString("noPrivilege"));
- return res;
- }
- sid = new SessionID(req.getDestroySessionID());
- } else if (req.getMethodID() == SessionRequest.SetProperty) {
</del><ins>+ if \
(requesterSession.getProperty(TOKEN_RESTRICTION_PROP) != null) { + \
res.setException(sid + " " + \
SessionBundle.getString("noPrivilege")); + \
return res; + }
+ sid = new SessionID(req.getDestroySessionID());
+ } else if (req.getMethodID() == SessionRequest.SetProperty) {
</ins><span class="cx"> /*
</span><span class="cx"> * This fix is to avoid clients sneaking \
in to set </span><span class="cx"> * protected properties in \
server-2 or so through </span><span class="cx"> * server-1. \
Short circuit this operation without </span><span class="cx"> * \
forwrading it further. </span><span class="cx"> */
</span><del>- try {
- SessionUtils.checkPermissionToSetProperty(
</del><ins>+ try {
+ SessionUtils.checkPermissionToSetProperty(
</ins><span class="cx"> this.clientToken, \
req.getPropertyName(), </span><span class="cx"> \
req.getPropertyValue()); </span><del>- } catch (SessionException \
se) {
- if (sessionDebug.warningEnabled()) {
- sessionDebug.warning(
- "SessionRequestHandler.processRequest:"
- + "Client does not have permission to set"
- + " - property key = " + \
req.getPropertyName()
- + " : property value = " + \
req.getPropertyValue()); </del><ins>+ } catch \
(SessionException se) { + if \
(sessionDebug.warningEnabled()) { + \
sessionDebug.warning( + \
"SessionRequestHandler.processRequest:" + \
+ "Client does not have permission to set" + \
+ " - property key = " + req.getPropertyName() + \
+ " : property value = " + req.getPropertyValue()); + \
} +
+ res.setException(sid + " " + \
SessionBundle.getString("noPrivilege")); + \
return res; </ins><span class="cx"> }
</span><ins>+ }
</ins><span class="cx">
</span><del>- res.setException(sid + " " + \
SessionBundle.getString("noPrivilege"));
- return res;
- }
- }
-
- if (!serviceConfig.isSessionFailoverEnabled()) {
- // TODO check how this behaves in non-session failover case
- URL originService = \
SESSION_SERVICE_URL_SERVICE.getSessionServiceURL(sid);
-
- if (!serverConfig.isLocalSessionService(originService)) {
- if (!serverConfig.isSiteEnabled()) {
- String siteID = sid.getExtension(SessionID.SITE_ID);
- if (siteID != null) {
- String primaryID = \
sid.getExtension(SessionID.PRIMARY_ID);
- String localServerID = \
serverConfig.getLocalServerID();
- if ( (primaryID != null) && (localServerID \
!= null) )
- {
- if (primaryID.equals(localServerID)) {
- throw new SessionException("invalid \
session id"); </del><ins>+ if \
(!serviceConfig.isSessionFailoverEnabled()) { + // TODO check \
how this behaves in non-session failover case + URL \
originService = SESSION_SERVICE_URL_SERVICE.getSessionServiceURL(sid); +
+ if (!serverConfig.isLocalSessionService(originService)) {
+ if (!serverConfig.isSiteEnabled()) {
+ String siteID = sid.getExtension(SessionID.SITE_ID);
+ if (siteID != null) {
+ String primaryID = \
sid.getExtension(SessionID.PRIMARY_ID); + String \
localServerID = serverConfig.getLocalServerID(); + \
if ( (primaryID != null) && (localServerID != null) ) + \
{ + if (primaryID.equals(localServerID)) {
+ throw new SessionException("invalid \
session id"); + }
</ins><span class="cx"> }
</span><span class="cx"> }
</span><ins>+ } else {
+ return forward(originService, req);
</ins><span class="cx"> }
</span><del>- } else {
- return forward(originService, req);
</del><span class="cx"> }
</span><del>- }
- } else {
- if (serviceConfig.isUseInternalRequestRoutingEnabled()) {
- // first try
- String hostServerID = \
sessionService.getCurrentHostServer(sid); </del><ins>+ } else {
+ if (serviceConfig.isUseInternalRequestRoutingEnabled()) {
+ // first try
+ String hostServerID = \
sessionService.getCurrentHostServer(sid); </ins><span class="cx">
</span><del>- if (!serverConfig.isLocalServer(hostServerID)) {
- try {
- return \
forward(SESSION_SERVICE_URL_SERVICE.getSessionServiceURL(hostServerID), \
req);
- } catch (SessionException se) {
- // attempt retry
- if (!sessionService.checkServerUp(hostServerID)) {
- // proceed with failover
- String retryHostServerID = \
sessionService.getCurrentHostServer(sid);
- if (retryHostServerID.equals(hostServerID)) {
</del><ins>+ if \
(!serverConfig.isLocalServer(hostServerID)) { + try {
+ return \
forward(SESSION_SERVICE_URL_SERVICE.getSessionServiceURL(hostServerID), req); + \
} catch (SessionException se) { + // attempt retry
+ if (!sessionService.checkServerUp(hostServerID)) \
{ + // proceed with failover
+ String retryHostServerID = \
sessionService.getCurrentHostServer(sid); + if \
(retryHostServerID.equals(hostServerID)) { + \
throw se; + } else {
+ // we have a shot at retrying here
+ // if it is remote, forward it
+ // otherwise treat it as a case of local
+ // case
+ if \
(!serverConfig.isLocalServer(retryHostServerID)) { + \
return forward(SESSION_SERVICE_URL_SERVICE.getSessionServiceURL(retryHostServerID), \
req); + }
+ }
+ } else {
</ins><span class="cx"> throw se;
</span><del>- } else {
- // we have a shot at retrying here
- // if it is remote, forward it
- // otherwise treat it as a case of local
- // case
- if \
(!serverConfig.isLocalServer(retryHostServerID)) {
- return \
forward(SESSION_SERVICE_URL_SERVICE.getSessionServiceURL(retryHostServerID), \
req);
- }
</del><span class="cx"> }
</span><del>- } else {
- throw se;
</del><span class="cx"> }
</span><span class="cx"> }
</span><ins>+ } else {
+ // Likely an unreachable code block [AME-5701]:
+ // SessionServiceConfig sets \
useInternalRequestRouting=true if SMS property + // \
"iplanet-am-session-sfo-enabled" is true + // To \
enter this block, SMS value "iplanet-am-session-sfo-enabled" must be false \
+ // and the following System Properties must be set: + \
// com.iplanet.am.session.failover.useInternalRequestRouting=false + \
// iplanet-am-session-sfo-enabled=true (in direct contradiction to SMS property with \
same name) + throw new AssertionError("Unreachable \
code"); </ins><span class="cx"> }
</span><del>- } else {
- // use LB-dependent routing
- // if session is not found at this instance we check that \
both OpenAM session and
- // HTTP session cookies were enclosed in the request. If \
they were then LB must have
- // routed to the proper server instance and we must treat it \
as a session recovery
- // case. If any of the cookies missing or do not match the \
sid in the message we
- // assume that request was misrouted and correct it by \
forwarding via LB with all
- // cookies enclosed
- String isSessionCookie =
- CookieUtils.getCookieValueFromReq(servletRequest, \
sessionCookies.getCookieName());
- String httpCookie = CookieUtils.getCookieValueFromReq(
- servletRequest,
- serviceConfig.getHttpSessionTrackingCookieName());
-
- if (!sessionService.isSessionPresent(sid)
- && (isSessionCookie == null
- || !isSessionCookie.equals(sid.toString())
- || httpCookie == null
- || !httpCookie.equals(sid.getTail()))) {
- return \
forward(SESSION_SERVICE_URL_SERVICE.getSessionServiceURL(sid), req);
- }
- }
</del><span class="cx">
</span><span class="cx"> /*
</span><span class="cx"> * We determined that this server is the \
host and the </span><span class="lines">@@ -339,8 +345,8 @@
</span><span class="cx"> * if session is not already present \
locally attempt to </span><span class="cx"> * recover session if \
in failover mode </span><span class="cx"> */
</span><del>- if (!sessionService.isSessionPresent(sid)) {
- if (sessionService.recoverSession(sid) == null) {
</del><ins>+ if (!sessionService.isSessionPresent(sid)) {
+ if (sessionService.recoverSession(sid) == null) {
</ins><span class="cx"> /*
</span><span class="cx"> * if not in failover mode or \
recovery was not </span><span class="cx"> * successful \
return an exception </span><span class="lines">@@ -356,78 +362,78 @@
</span><span class="cx"> * agent code base or switch to \
a new version of </span><span class="cx"> * Session \
Service interface </span><span class="cx"> */
</span><del>- res.setException(sid + " " + \
SessionBundle.getString("sessionNotObtained"));
- return res;
</del><ins>+ res.setException(sid + " " + \
SessionBundle.getString("sessionNotObtained")); + \
return res; + }
</ins><span class="cx"> }
</span><span class="cx"> }
</span><del>- }
</del><span class="cx">
</span><del>- break;
- default:
- res.setException(sid + " " + \
SessionBundle.getString("unknownRequestMethod"));
- return res;
</del><ins>+ break;
+ default:
+ res.setException(sid + " " + \
SessionBundle.getString("unknownRequestMethod")); + \
return res; </ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> /*
</span><span class="cx"> * request method-specific processing
</span><span class="cx"> */
</span><span class="cx"> switch (req.getMethodID()) {
</span><del>- case SessionRequest.GetSession:
- res.addSessionInfo(sessionService.getSessionInfo(sid, \
req.getResetFlag()));
- break;
</del><ins>+ case SessionRequest.GetSession:
+ res.addSessionInfo(sessionService.getSessionInfo(sid, \
req.getResetFlag())); + break;
</ins><span class="cx">
</span><del>- case SessionRequest.GetValidSessions:
- String pattern = req.getPattern();
- List<SessionInfo> infos = null;
- int status[] = { 0 };
- infos = sessionService.getValidSessions(requesterSession, pattern, \
status);
- res.setStatus(status[0]);
- res.setSessionInfo(infos);
- break;
</del><ins>+ case SessionRequest.GetValidSessions:
+ String pattern = req.getPattern();
+ List<SessionInfo> infos = null;
+ int status[] = { 0 };
+ infos = sessionService.getValidSessions(requesterSession, \
pattern, status); + res.setStatus(status[0]);
+ res.setSessionInfo(infos);
+ break;
</ins><span class="cx">
</span><del>- case SessionRequest.DestroySession:
- sessionService.destroySession(requesterSession, new \
SessionID(req.getDestroySessionID()));
- break;
</del><ins>+ case SessionRequest.DestroySession:
+ sessionService.destroySession(requesterSession, new \
SessionID(req.getDestroySessionID())); + break;
</ins><span class="cx">
</span><del>- case SessionRequest.Logout:
- sessionService.logout(sid);
- break;
</del><ins>+ case SessionRequest.Logout:
+ sessionService.logout(sid);
+ break;
</ins><span class="cx">
</span><del>- case SessionRequest.AddSessionListener:
- sessionService.addSessionListener(sid, req.getNotificationURL());
- break;
</del><ins>+ case SessionRequest.AddSessionListener:
+ sessionService.addSessionListener(sid, \
req.getNotificationURL()); + break;
</ins><span class="cx">
</span><del>- case SessionRequest.AddSessionListenerOnAllSessions:
- /**
- * Cookie Hijacking fix to disable adding of Notification
- * Listener for ALL the sessions over the network to the server
- * instance specified by Notification URL This property can be
- * added and set in the AMConfig.properties file should there be
- * a need to add Notification Listener to ALL the sessions. The
- * default value of this property is FALSE
- */
- if (getEnableAddListenerOnAllSessions()) {
- sessionService.addSessionListenerOnAllSessions(requesterSession, \
req.getNotificationURL());
- }
- break;
</del><ins>+ case SessionRequest.AddSessionListenerOnAllSessions:
+ /**
+ * Cookie Hijacking fix to disable adding of Notification
+ * Listener for ALL the sessions over the network to the server
+ * instance specified by Notification URL This property can be
+ * added and set in the AMConfig.properties file should there be
+ * a need to add Notification Listener to ALL the sessions. The
+ * default value of this property is FALSE
+ */
+ if (getEnableAddListenerOnAllSessions()) {
+ \
sessionService.addSessionListenerOnAllSessions(requesterSession, \
req.getNotificationURL()); + }
+ break;
</ins><span class="cx">
</span><del>- case SessionRequest.SetProperty:
- sessionService.setExternalProperty(this.clientToken, sid, \
req.getPropertyName(), req.getPropertyValue());
- break;
</del><ins>+ case SessionRequest.SetProperty:
+ sessionService.setExternalProperty(this.clientToken, sid, \
req.getPropertyName(), req.getPropertyValue()); + break;
</ins><span class="cx">
</span><del>- case SessionRequest.GetSessionCount:
- String uuid = req.getUUID();
- Object sessions = SessionCount.getSessionsFromLocalServer(uuid);
-
- if (sessions != null) {
- res.setSessionsForGivenUUID((Map) sessions);
- }
-
- break;
</del><ins>+ case SessionRequest.GetSessionCount:
+ String uuid = req.getUUID();
+ Object sessions = SessionCount.getSessionsFromLocalServer(uuid);
</ins><span class="cx">
</span><del>- default:
- res.setException(sid + " " + \
SessionBundle.getString("unknownRequestMethod"));
- break;
</del><ins>+ if (sessions != null) {
+ res.setSessionsForGivenUUID((Map) sessions);
+ }
+
+ break;
+
+ default:
+ res.setException(sid + " " + \
SessionBundle.getString("unknownRequestMethod")); + \
break; </ins><span class="cx"> }
</span><span class="cx"> } catch (SessionException se) {
</span><span class="cx"> res.setException(sid + " " + \
se.getMessage()); </span><span class="lines">@@ -436,16 +442,16 @@
</span><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> private SessionResponse forward(URL svcurl, \
SessionRequest sreq) </span><del>- throws SessionException {
</del><ins>+ throws SessionException {
</ins><span class="cx"> try {
</span><span class="cx"> Object context = \
RestrictedTokenContext.getCurrent(); </span><del>-
</del><ins>+
</ins><span class="cx"> if (context != null) {
</span><span class="cx"> \
sreq.setRequester(RestrictedTokenContext.marshal(context)); </span><span class="cx"> \
} </span><span class="cx">
</span><span class="cx"> SessionResponse sres = \
sessionPLLSender.sendPLLRequest(svcurl, sreq); </span><del>-
</del><ins>+
</ins><span class="cx"> if (sres.getException() != null) {
</span><span class="cx"> throw new \
SessionException(sres.getException()); </span><span class="cx"> }
</span><span class="lines">@@ -462,7 +468,7 @@
</span><span class="cx"> enableAddListenerOnAllSessions = \
Boolean.valueOf(SystemProperties </span><span class="cx"> \
.get(Constants.ENABLE_ADD_LISTENER_ON_ALL_SESSIONS)); </span><span class="cx"> \
} </span><del>-
</del><ins>+
</ins><span class="cx"> return enableAddListenerOnAllSessions.booleanValue();
</span><span class="cx"> }
</span><span class="cx"> }
</span></span></pre></div>
<a id="branchesAME7692_noRestartsAuthopenamopenamcoresrcmainjavacomiplanetdprosessionshareSessionRequestjava"></a>
<div class="modfile"><h4>Modified: \
branches/AME-7692_noRestartsAuth/openam/openam-core/src/main/java/com/iplanet/dpro/session/share/SessionRequest.java \
(14908 => 14909)</h4> <pre class="diff"><span>
<span class="info">--- \
branches/AME-7692_noRestartsAuth/openam/openam-core/src/main/java/com/iplanet/dpro/session/share/SessionRequest.java 2015-07-31 \
14:42:37 UTC (rev 14908)
+++ branches/AME-7692_noRestartsAuth/openam/openam-core/src/main/java/com/iplanet/dpro/session/share/SessionRequest.java 2015-07-31 \
15:38:51 UTC (rev 14909) </span><span class="lines">@@ -39,7 +39,7 @@
</span><span class="cx"> * <code>SessionRequest</code> XML document. The \
<code>SessionRequest</code> </span><span class="cx"> * DTD is defined as \
the following: </span><span class="cx"> * </p>
</span><del>- *
</del><ins>+ *
</ins><span class="cx"> * <pre>
</span><span class="cx"> * &lt;?xml version=&quot;1.0&quot;&gt;
</span><span class="cx"> * &lt; !DOCTYPE SessionRequest [
</span><span class="lines">@@ -77,7 +77,7 @@
</span><span class="cx"> * &lt; !ELEMENT Pattern (#PCDATA)&gt;
</span><span class="cx"> * ]&gt;
</span><span class="cx"> * </pre>
</span><del>- *
</del><ins>+ *
</ins><span class="cx"> * </p>
</span><span class="cx"> */
</span><span class="cx">
</span><span class="lines">@@ -147,7 +147,7 @@
</span><span class="cx"> /**
</span><span class="cx"> * This constructor shall only be used at the client \
side to construct a </span><span class="cx"> * \
<code>SessionRequest</code> object. </span><del>- *
</del><ins>+ *
</ins><span class="cx"> * @param method The method ID of the \
<code>SessionRequest</code>. </span><span class="cx"> * @param sid \
The session ID required by the <code>SessionRequest</code>. </span><span \
class="cx"> * @param reset The flag to indicate whether this request needs to \
update </span><span class="lines">@@ -172,7 +172,7 @@
</span><span class="cx"> * This method is used primarily at the server side to \
reconstruct a </span><span class="cx"> * <code>SessionRequest</code> \
object based on the XML document received </span><span class="cx"> * from \
client. The DTD of this XML document is described above. </span><del>- *
</del><ins>+ *
</ins><span class="cx"> * @param xml The <code>SessionRequest</code> \
XML document String. </span><span class="cx"> * @return \
<code>SessionRequest</code> object. </span><span class="cx"> */
</span><span class="lines">@@ -183,7 +183,7 @@
</span><span class="cx">
</span><span class="cx"> /**
</span><span class="cx"> * Sets the request version.
</span><del>- *
</del><ins>+ *
</ins><span class="cx"> * @param version Request version.
</span><span class="cx"> */
</span><span class="cx"> void setRequestVersion(String version) {
</span><span class="lines">@@ -192,7 +192,7 @@
</span><span class="cx">
</span><span class="cx"> /**
</span><span class="cx"> * Returns the request version.
</span><del>- *
</del><ins>+ *
</ins><span class="cx"> * @return The request version.
</span><span class="cx"> */
</span><span class="cx"> public String getRequestVersion() {
</span><span class="lines">@@ -201,7 +201,7 @@
</span><span class="cx">
</span><span class="cx"> /**
</span><span class="cx"> * Sets the request ID.
</span><del>- *
</del><ins>+ *
</ins><span class="cx"> * @param id Request ID.
</span><span class="cx"> */
</span><span class="cx"> void setRequestID(String id) {
</span><span class="lines">@@ -210,7 +210,7 @@
</span><span class="cx">
</span><span class="cx"> /**
</span><span class="cx"> * Returns the request ID.
</span><del>- *
</del><ins>+ *
</ins><span class="cx"> * @return The request ID.
</span><span class="cx"> */
</span><span class="cx"> public String getRequestID() {
</span><span class="lines">@@ -219,7 +219,7 @@
</span><span class="cx">
</span><span class="cx"> /**
</span><span class="cx"> * Sets the method ID.
</span><del>- *
</del><ins>+ *
</ins><span class="cx"> * @param id Method ID.
</span><span class="cx"> */
</span><span class="cx"> void setMethodID(int id) {
</span><span class="lines">@@ -228,7 +228,7 @@
</span><span class="cx">
</span><span class="cx"> /**
</span><span class="cx"> * Returns the method ID.
</span><del>- *
</del><ins>+ *
</ins><span class="cx"> * @return The method ID.
</span><span class="cx"> */
</span><span class="cx"> public int getMethodID() {
</span><span class="lines">@@ -236,8 +236,34 @@
</span><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> /**
</span><ins>+ * @return The method name.
+ */
+ public String getMethodName() {
+ switch (methodID) {
+ case GetSession:
+ return "GetSession";
+ case GetValidSessions:
+ return "GetValidSessions";
+ case DestroySession:
+ return "DestroySession";
+ case Logout:
+ return "Logout";
+ case AddSessionListener:
+ return "AddSessionListener";
+ case AddSessionListenerOnAllSessions:
+ return "AddSessionListenerOnAllSessions";
+ case SetProperty:
+ return "SetProperty";
+ case GetSessionCount:
+ return "GetSessionCount";
+ default:
+ return "unknown";
+ }
+ }
+
+ /**
</ins><span class="cx"> * Sets the session ID.
</span><del>- *
</del><ins>+ *
</ins><span class="cx"> * @param id Session ID.
</span><span class="cx"> */
</span><span class="cx"> void setSessionID(String id) {
</span><span class="lines">@@ -246,7 +272,7 @@
</span><span class="cx">
</span><span class="cx"> /**
</span><span class="cx"> * Returns the session ID.
</span><del>- *
</del><ins>+ *
</ins><span class="cx"> * @return Session ID.
</span><span class="cx"> */
</span><span class="cx"> public String getSessionID() {
</span><span class="lines">@@ -273,7 +299,7 @@
</span><span class="cx">
</span><span class="cx"> /**
</span><span class="cx"> * Sets the reset flag.
</span><del>- *
</del><ins>+ *
</ins><span class="cx"> * @param reset <code>true</code> to update \
the latest session access time. </span><span class="cx"> */
</span><span class="cx"> void setResetFlag(boolean reset) {
</span><span class="lines">@@ -282,7 +308,7 @@
</span><span class="cx">
</span><span class="cx"> /**
</span><span class="cx"> * Returns the reset flag.
</span><del>- *
</del><ins>+ *
</ins><span class="cx"> * @return The reset flag.
</span><span class="cx"> */
</span><span class="cx"> public boolean getResetFlag() {
</span><span class="lines">@@ -291,7 +317,7 @@
</span><span class="cx">
</span><span class="cx"> /**
</span><span class="cx"> * Sets the ID of the session to be destroyed.
</span><del>- *
</del><ins>+ *
</ins><span class="cx"> * @param id The ID of the session to be destroyed.
</span><span class="cx"> */
</span><span class="cx"> public void setDestroySessionID(String id) {
</span><span class="lines">@@ -300,7 +326,7 @@
</span><span class="cx">
</span><span class="cx"> /**
</span><span class="cx"> * Returns the ID of the session to be destroyed.
</span><del>- *
</del><ins>+ *
</ins><span class="cx"> * @return The ID of the session to be destroyed.
</span><span class="cx"> */
</span><span class="cx"> public String getDestroySessionID() {
</span><span class="lines">@@ -309,7 +335,7 @@
</span><span class="cx">
</span><span class="cx"> /**
</span><span class="cx"> * Sets the notification URL.
</span><del>- *
</del><ins>+ *
</ins><span class="cx"> * @param url The notification URL.
</span><span class="cx"> */
</span><span class="cx"> public void setNotificationURL(String url) {
</span><span class="lines">@@ -318,7 +344,7 @@
</span><span class="cx">
</span><span class="cx"> /**
</span><span class="cx"> * Returns the notification URL.
</span><del>- *
</del><ins>+ *
</ins><span class="cx"> * @return The notification URL.
</span><span class="cx"> */
</span><span class="cx"> public String getNotificationURL() {
</span><span class="lines">@@ -327,7 +353,7 @@
</span><span class="cx">
</span><span class="cx"> /**
</span><span class="cx"> * Sets the property name.
</span><del>- *
</del><ins>+ *
</ins><span class="cx"> * @param name The property name.
</span><span class="cx"> */
</span><span class="cx"> public void setPropertyName(String name) {
</span><span class="lines">@@ -336,7 +362,7 @@
</span><span class="cx">
</span><span class="cx"> /**
</span><span class="cx"> * Returns the property name.
</span><del>- *
</del><ins>+ *
</ins><span class="cx"> * @return The property name.
</span><span class="cx"> */
</span><span class="cx"> public String getPropertyName() {
</span><span class="lines">@@ -345,7 +371,7 @@
</span><span class="cx">
</span><span class="cx"> /**
</span><span class="cx"> * Sets the property value.
</span><del>- *
</del><ins>+ *
</ins><span class="cx"> * @param value The property value.
</span><span class="cx"> */
</span><span class="cx"> public void setPropertyValue(String value) {
</span><span class="lines">@@ -354,7 +380,7 @@
</span><span class="cx">
</span><span class="cx"> /**
</span><span class="cx"> * Returns the property value.
</span><del>- *
</del><ins>+ *
</ins><span class="cx"> * @return The property value.
</span><span class="cx"> */
</span><span class="cx"> public String getPropertyValue() {
</span><span class="lines">@@ -364,7 +390,7 @@
</span><span class="cx"> /**
</span><span class="cx"> * Sets the pattern value. Process escape chars in \
pattern with </span><span class="cx"> * <code>CDATA</code>.
</span><del>- *
</del><ins>+ *
</ins><span class="cx"> * @param value The pattern value.
</span><span class="cx"> */
</span><span class="cx"> public void setPattern(String value) {
</span><span class="lines">@@ -386,7 +412,7 @@
</span><span class="cx">
</span><span class="cx"> /**
</span><span class="cx"> * Returns the pattern value.
</span><del>- *
</del><ins>+ *
</ins><span class="cx"> * @return The pattern value.
</span><span class="cx"> */
</span><span class="cx"> public String getPattern() {
</span><span class="lines">@@ -407,7 +433,7 @@
</span><span class="cx">
</span><span class="cx"> /**
</span><span class="cx"> * Sets the universal unique identifier.
</span><del>- *
</del><ins>+ *
</ins><span class="cx"> * @param id The universal unique identifier.
</span><span class="cx"> */
</span><span class="cx"> public void setUUID(String id) {
</span><span class="lines">@@ -416,7 +442,7 @@
</span><span class="cx">
</span><span class="cx"> /**
</span><span class="cx"> * Returns the universal unique identifier
</span><del>- *
</del><ins>+ *
</ins><span class="cx"> * @return The universal unique identifier
</span><span class="cx"> */
</span><span class="cx"> public String getUUID() {
</span><span class="lines">@@ -469,7 +495,7 @@
</span><span class="cx"> * <code>AddSessionListener</code> and
</span><span class="cx"> * \
<code>AddSessionListenerOnAllSessions</code>. otherwise, the returns \
</span><span class="cx"> * <code>null</code>. </span><del>- *
</del><ins>+ *
</ins><span class="cx"> * @return An XML String representing the request.
</span><span class="cx"> */
</span><span class="cx"> public String toXMLString() {
</span></span></pre></div>
<a id="branchesAME7692_noRestartsAuthopenamopenamcoresrcmainjavacomiplanetservicescomm \
serverPLLAuditorjavafromrev14908trunkopenamopenamcoresrcmainjavacomiplanetservicescommserverPLLAuditorjava"></a>
<div class="copfile"><h4>Copied: \
branches/AME-7692_noRestartsAuth/openam/openam-core/src/main/java/com/iplanet/services/comm/server/PLLAuditor.java \
(from rev 14908, trunk/openam/openam-core/src/main/java/com/iplanet/services/comm/server/PLLAuditor.java) \
(0 => 14909)</h4> <pre class="diff"><span>
<span class="info">--- \
branches/AME-7692_noRestartsAuth/openam/openam-core/src/main/java/com/iplanet/services/comm/server/PLLAuditor.java \
(rev 0)
+++ branches/AME-7692_noRestartsAuth/openam/openam-core/src/main/java/com/iplanet/services/comm/server/PLLAuditor.java 2015-07-31 \
15:38:51 UTC (rev 14909) </span><span class="lines">@@ -0,0 +1,223 @@
</span><ins>+/*
+ * The contents of this file are subject to the terms of the Common Development and
+ * Distribution License (the License). You may not use this file except in \
compliance with the + * License.
+ *
+ * You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for \
the + * specific language governing permission and limitations under the License.
+ *
+ * When distributing Covered Software, include this CDDL Header Notice in each file \
and include + * the License file at legal/CDDLv1.0.txt. If applicable, add the \
following below the CDDL + * Header, with the fields enclosed by brackets [] replaced \
by your own identifying + * information: "Portions copyright [year] [name of \
copyright owner]". + *
+ * Copyright 2015 ForgeRock AS.
+ */
+package com.iplanet.services.comm.server;
+
+import static org.forgerock.openam.audit.AMAuditEventBuilderUtils.*;
+import static org.forgerock.openam.audit.AuditConstants.ACCESS_TOPIC;
+
+import com.iplanet.services.comm.share.Request;
+import com.iplanet.services.comm.share.RequestSet;
+import com.iplanet.sso.SSOToken;
+import com.sun.identity.shared.debug.Debug;
+import org.forgerock.audit.AuditException;
+import org.forgerock.openam.audit.AMAccessAuditEventBuilder;
+import org.forgerock.openam.audit.AuditEventFactory;
+import org.forgerock.openam.audit.AuditEventPublisher;
+import org.forgerock.openam.audit.context.AuditRequestContext;
+
+import javax.servlet.http.HttpServletRequest;
+
+/**
+ * Responsible for publishing audit access events for individual PLL request.
+ */
+public class PLLAuditor {
+
+ public static final String PLL = "PLL";
+ public static final String AM_PLL_ACCESS_SUCCESS = \
"AM-PLL-ACCESS_SUCCESS"; + public static final String \
AM_PLL_ACCESS_FAILURE = "AM-PLL-ACCESS_FAILURE"; + public static final \
String AM_PLL_ACCESS_ATTEMPT = "AM-PLL-ACCESS_ATTEMPT"; +
+ private final Debug debug;
+ private final AuditEventPublisher auditEventPublisher;
+ private final AuditEventFactory auditEventFactory;
+ private final HttpServletRequest httpServletRequest;
+
+ private long startTime;
+ private String service;
+ private String method;
+ private String contextId;
+ private String authenticationId;
+ private boolean accessAttemptAudited;
+
+ /**
+ * Create a new Auditor.
+ * @param debug Debug instance.
+ * @param auditEventPublisher AuditEventPublisher to which publishing of events \
can be delegated. + * @param auditEventFactory AuditEventFactory for audit \
event builders. + * @param httpServletRequest
+ */
+ public PLLAuditor(Debug debug, AuditEventPublisher auditEventPublisher, \
AuditEventFactory auditEventFactory, + HttpServletRequest \
httpServletRequest) { + this.debug = debug;
+ this.auditEventPublisher = auditEventPublisher;
+ this.auditEventFactory = auditEventFactory;
+ this.httpServletRequest = httpServletRequest;
+ this.service = "unknown";
+ this.reset();
+ }
+
+ /**
+ * Publishes an audit event with details of the attempted CREST operation, if \
the 'access' topic is audited. + *
+ * @throws AuditException If an exception occurred that prevented the audit \
event from being published. + */
+ public void auditAccessAttempt() {
+ if (auditEventPublisher.isAuditing(ACCESS_TOPIC)) {
+
+ AMAccessAuditEventBuilder builder = auditEventFactory.accessEvent()
+ .forHttpServletRequest(httpServletRequest)
+ .timestamp(startTime)
+ .transactionId(AuditRequestContext.getTransactionIdValue())
+ .eventName(AM_PLL_ACCESS_ATTEMPT)
+ .component(PLL)
+ .authentication(authenticationId)
+ .resourceOperation(service, PLL, method)
+ .contextId(contextId);
+ auditEventPublisher.tryPublish(ACCESS_TOPIC, builder.toEvent());
+ }
+ accessAttemptAudited = true;
+ }
+
+ /**
+ * Publishes an event with details of the successfully completed CREST \
operation, if the 'access' topic is audited. + * <p/>
+ * Any exception that occurs while trying to publish the audit event will be
+ * captured in the debug logs but otherwise ignored.
+ */
+ public void auditAccessSuccess() {
+ if (!accessAttemptAudited) {
+ auditAccessAttempt();
+ }
+ if (auditEventPublisher.isAuditing(ACCESS_TOPIC)) {
+
+ final long endTime = System.currentTimeMillis();
+ final long elapsedTime = endTime - startTime;
+ AMAccessAuditEventBuilder builder = auditEventFactory.accessEvent()
+ .forHttpServletRequest(httpServletRequest)
+ .timestamp(endTime)
+ .transactionId(AuditRequestContext.getTransactionIdValue())
+ .eventName(AM_PLL_ACCESS_SUCCESS)
+ .component(PLL)
+ .response("SUCCESS", elapsedTime)
+ .authentication(authenticationId)
+ .resourceOperation(service, PLL, method)
+ .contextId(contextId);
+
+ auditEventPublisher.tryPublish(ACCESS_TOPIC, builder.toEvent());
+ reset();
+ }
+ }
+
+ /**
+ * Publishes an event with details of the failed CREST operation, if the \
'access' topic is audited. + * <p/>
+ * Any exception that occurs while trying to publish the audit event will be
+ * captured in the debug logs but otherwise ignored.
+ *
+ * @param message A human-readable description of the error that occurred.
+ */
+ public void auditAccessFailure(String message) {
+ auditAccessFailure(null, message);
+ }
+
+ /**
+ * Publishes an event with details of the failed CREST operation, if the \
'access' topic is audited. + * <p/>
+ * Any exception that occurs while trying to publish the audit event will be
+ * captured in the debug logs but otherwise ignored.
+ *
+ * @param errorCode A unique code that identifies the error condition.
+ * @param message A human-readable description of the error that occurred.
+ */
+ public void auditAccessFailure(String errorCode, String message) {
+ if (!accessAttemptAudited) {
+ auditAccessAttempt();
+ }
+ if (auditEventPublisher.isAuditing(ACCESS_TOPIC)) {
+
+ final long endTime = System.currentTimeMillis();
+ final long elapsedTime = endTime - startTime;
+ AMAccessAuditEventBuilder builder = auditEventFactory.accessEvent()
+ .forHttpServletRequest(httpServletRequest)
+ .timestamp(endTime)
+ .transactionId(AuditRequestContext.getTransactionIdValue())
+ .eventName(AM_PLL_ACCESS_FAILURE)
+ .component(PLL)
+ .responseWithMessage(errorCode == null ? "FAILED" : \
"FAILED - " + errorCode, elapsedTime, message) + \
.authentication(authenticationId) + .resourceOperation(service, \
PLL, method) + .contextId(contextId);
+
+ auditEventPublisher.tryPublish(ACCESS_TOPIC, builder.toEvent());
+ reset();
+ }
+ }
+
+ /**
+ * Resets the auditor in preparation for handling the next {@link Request} in a \
given {@link RequestSet}. + */
+ private void reset() {
+ accessAttemptAudited = false;
+ startTime = System.currentTimeMillis();
+ method = "unknown";
+ authenticationId = "";
+ contextId = "";
+ }
+
+ /**
+ * @param service Identifies the {@link RequestHandler} invoked.
+ */
+ public void setService(String service) {
+ this.service = service;
+ }
+
+ /**
+ * @param method Identifies the {@link RequestHandler} operation invoked.
+ */
+ public void setMethod(String method) {
+ this.method = method;
+ }
+
+ /**
+ * Provide SSOToken of originating client in order to lookup session contextId \
and realm. + *
+ * If the current server is not the 'home server' for the session, obtaining an \
SSOToken can itself + * lead to PLL communication between servers; therefore, \
it's worth considering whether or not this + * method should be used on a \
case-by-case basis. When obtaining an SSOToken may not be appropriate, + * the \
setDomain and setContextId methods may be useful alternatives if this information is \
available + * via other means.
+ *
+ * @param ssoToken SSOToken of the originating client from which the session \
contextId and realm are obtained. + */
+ public void setSsoToken(SSOToken ssoToken) {
+ this.contextId = getContextIdFromSSOToken(ssoToken);
+ this.authenticationId = getUserId(ssoToken);
+ }
+
+ /**
+ * @param contextId Unique alias of session.
+ */
+ public void setContextId(String contextId) {
+ this.contextId = contextId;
+ }
+
+ /**
+ * @param authenticationId Identifies Subject of authentication.
+ */
+ public void setAuthenticationId(String authenticationId) {
+ this.authenticationId = authenticationId;
+ }
+}
</ins></span></pre></div>
<a id="branchesAME7692_noRestartsAuthopenamopenamcoresrcmainjavacomiplanetservicescommserverPLLRequestServletjava"></a>
<div class="modfile"><h4>Modified: \
branches/AME-7692_noRestartsAuth/openam/openam-core/src/main/java/com/iplanet/services/comm/server/PLLRequestServlet.java \
(14908 => 14909)</h4> <pre class="diff"><span>
<span class="info">--- \
branches/AME-7692_noRestartsAuth/openam/openam-core/src/main/java/com/iplanet/services/comm/server/PLLRequestServlet.java 2015-07-31 \
14:42:37 UTC (rev 14908)
+++ branches/AME-7692_noRestartsAuth/openam/openam-core/src/main/java/com/iplanet/services/comm/server/PLLRequestServlet.java 2015-07-31 \
15:38:51 UTC (rev 14909) </span><span class="lines">@@ -26,7 +26,7 @@
</span><span class="cx"> *
</span><span class="cx"> */
</span><span class="cx"> /**
</span><del>- * Portions Copyrighted 2012-2014 ForgeRock AS
</del><ins>+ * Portions Copyrighted 2012-2015 ForgeRock AS
</ins><span class="cx"> */
</span><span class="cx"> package com.iplanet.services.comm.server;
</span><span class="cx">
</span><span class="lines">@@ -37,6 +37,10 @@
</span><span class="cx"> import com.iplanet.services.naming.WebtopNaming;
</span><span class="cx"> import com.iplanet.services.naming.service.NamingService;
</span><span class="cx"> import com.sun.identity.shared.Constants;
</span><ins>+import org.forgerock.guice.core.InjectorHolder;
+import org.forgerock.openam.audit.AuditEventFactory;
+import org.forgerock.openam.audit.AuditEventPublisher;
+
</ins><span class="cx"> import java.io.IOException;
</span><span class="cx"> import java.io.InputStream;
</span><span class="cx"> import java.io.OutputStreamWriter;
</span><span class="lines">@@ -97,58 +101,80 @@
</span><span class="cx"> */
</span><span class="cx"> public void doPost(HttpServletRequest req, \
HttpServletResponse res) </span><span class="cx"> throws \
ServletException, java.io.IOException { </span><del>- int length = \
req.getContentLength();
- if (length == -1) {
- PLLServer.pllDebug.warning(PLLBundle.getString("unknownLength"));
- throw new \
ServletException(PLLBundle.getString("unknownLength"));
- }
</del><span class="cx">
</span><del>- if (length > maxContentLength) {
- PLLServer.pllDebug.error("content length exceeded configured max \
request size - " + length);
- throw new ServletException(
- PLLBundle.getString("largeContentLength"));
- }
</del><ins>+ PLLAuditor auditor = newAuditor(req);
</ins><span class="cx">
</span><del>- byte[] reqData = new byte[length];
- InputStream in = req.getInputStream();
- int rlength = 0;
- int offset = 0;
- while (rlength != length) {
- int r = in.read(reqData, offset, length - offset);
- if (r == -1) {
- throw new ServletException(PLLBundle
- .getString("readRequestError"));
</del><ins>+ try {
+
+ int length = req.getContentLength();
+ if (length == -1) {
+ PLLServer.pllDebug.warning(PLLBundle.getString("unknownLength"));
+ throw servletException("unknownLength");
</ins><span class="cx"> }
</span><del>- rlength += r;
- offset += r;
- }
- String xml = new String(reqData, 0, length, "UTF-8");
</del><span class="cx">
</span><del>- RequestSet set = RequestSet.parseXML(xml);
- String svcid = set.getServiceID();
- if(!AUTH_SVC_ID.equalsIgnoreCase(svcid)) {
- if (PLLServer.pllDebug.messageEnabled()) {
- PLLServer.pllDebug.message("\nReceived RequestSet XML \
:\n" + xml); </del><ins>+ if (length > maxContentLength) {
+ PLLServer.pllDebug.error("content length exceeded configured \
max request size - " + length); + throw \
servletException("largeContentLength"); </ins><span class="cx"> \
} </span><del>- }
-
- String responseXML = handleRequest(set, req, res);
- res.setContentLength(responseXML.getBytes("UTF-8").length);
- OutputStreamWriter out = new OutputStreamWriter(res.getOutputStream(),
- "UTF-8");
- try {
- out.write(responseXML);
- out.flush();
- } catch (IOException e) {
- throw e;
- } finally {
</del><ins>+
+ byte[] reqData = new byte[length];
+ InputStream in = req.getInputStream();
+ int rlength = 0;
+ int offset = 0;
+ while (rlength != length) {
+ int r = in.read(reqData, offset, length - offset);
+ if (r == -1) {
+ throw servletException("readRequestError");
+ }
+ rlength += r;
+ offset += r;
+ }
+ String xml = new String(reqData, 0, length, "UTF-8");
+
+ RequestSet set = RequestSet.parseXML(xml);
+ String svcid = set.getServiceID();
+ auditor.setService(svcid);
+ if(!AUTH_SVC_ID.equalsIgnoreCase(svcid)) {
+ if (PLLServer.pllDebug.messageEnabled()) {
+ PLLServer.pllDebug.message("\nReceived RequestSet XML \
:\n" + xml); + }
+ }
+
+ String responseXML = handleRequest(auditor, set, req, res);
+ res.setContentLength(responseXML.getBytes("UTF-8").length);
+ OutputStreamWriter out = new OutputStreamWriter(res.getOutputStream(),
+ "UTF-8");
</ins><span class="cx"> try {
</span><del>- out.close();
- } catch (Exception ex) {
</del><ins>+ out.write(responseXML);
+ out.flush();
+ } catch (IOException e) {
+ throw e;
+ } finally {
+ try {
+ out.close();
+ } catch (Exception ex) {
+ }
</ins><span class="cx"> }
</span><ins>+
+ } catch (IOException | ServletException | RuntimeException e) {
+ auditor.auditAccessFailure(e.getMessage());
+ throw e;
</ins><span class="cx"> }
</span><ins>+
</ins><span class="cx"> }
</span><span class="cx">
</span><ins>+ private PLLAuditor newAuditor(HttpServletRequest httpServletRequest) \
{ + return new PLLAuditor(
+ PLLServer.pllDebug,
+ InjectorHolder.getInstance(AuditEventPublisher.class),
+ InjectorHolder.getInstance(AuditEventFactory.class),
+ httpServletRequest);
+ }
+
+ private ServletException servletException(String errorId) {
+ return new ServletException(PLLBundle.getString(errorId));
+ }
+
</ins><span class="cx"> public void doGet(HttpServletRequest req, \
HttpServletResponse res) </span><span class="cx"> throws \
ServletException, java.io.IOException { </span><span class="cx"> \
ServletOutputStream out = res.getOutputStream(); </span><span class="lines">@@ \
-166,21 +192,17 @@ </span><span class="cx"> *
</span><span class="cx"> * @see \
sunir.share.profile.service.server.http.RequestProcessor </span><span class="cx"> \
*/ </span><del>- private String handleRequest(RequestSet set,
- HttpServletRequest req,
- HttpServletResponse res)
- throws ServletException {
</del><ins>+ private String handleRequest(PLLAuditor auditor, RequestSet set, \
HttpServletRequest req, HttpServletResponse res) + throws ServletException \
{ </ins><span class="cx"> if (!isValid(set)) {
</span><del>- throw new ServletException(
- PLLBundle.getString("invalidRequestSet"));
</del><ins>+ throw servletException("invalidRequestSet");
</ins><span class="cx"> }
</span><span class="cx"> String svcid = set.getServiceID();
</span><span class="cx"> RequestHandler handler = getServiceHandler(svcid);
</span><span class="cx"> if (handler == null) {
</span><del>- throw new \
ServletException(PLLBundle.getString("noRequestHandler")); </del><ins>+ \
throw servletException("noRequestHandler"); </ins><span class="cx"> \
} </span><del>- ResponseSet rset = handler.process(set.getRequests(), req, \
res,
- getServletConfig().getServletContext());
</del><ins>+ ResponseSet rset = handler.process(auditor, set.getRequests(), \
req, res, getServletConfig().getServletContext()); </ins><span class="cx"> \
rset.setRequestSetID(set.getRequestSetID()); </span><span class="cx"> return \
rset.toXMLString(); </span><span class="cx"> }
</span><span class="lines">@@ -209,8 +231,10 @@
</span><span class="cx"> else {
</span><span class="cx"> String svcclass = \
WebtopNaming.getServiceClass(svcid); </span><span class="cx"> if \
(svcclass != null) { </span><del>- Class cl = \
Class.forName(svcclass);
- handler = (RequestHandler) cl.newInstance();
</del><ins>+ Class<? extends RequestHandler> cl = Class
+ .forName(svcclass)
+ .asSubclass(RequestHandler.class);
+ handler = InjectorHolder.getInstance(cl);
</ins><span class="cx"> } else if \
(PLLServer.pllDebug.messageEnabled()) { </span><span class="cx"> \
PLLServer.pllDebug.message("Service handler for :" </span><span class="cx"> \
+ svcid + " not found"); </span></span></pre></div>
<a id="branchesAME7692_noRestartsAuthopenamopenamcoresrcmainjavacomiplanetservicescommserverRequestHandlerjava"></a>
<div class="modfile"><h4>Modified: \
branches/AME-7692_noRestartsAuth/openam/openam-core/src/main/java/com/iplanet/services/comm/server/RequestHandler.java \
(14908 => 14909)</h4> <pre class="diff"><span>
<span class="info">--- \
branches/AME-7692_noRestartsAuth/openam/openam-core/src/main/java/com/iplanet/services/comm/server/RequestHandler.java 2015-07-31 \
14:42:37 UTC (rev 14908)
+++ branches/AME-7692_noRestartsAuth/openam/openam-core/src/main/java/com/iplanet/services/comm/server/RequestHandler.java 2015-07-31 \
15:38:51 UTC (rev 14909) </span><span class="lines">@@ -27,7 +27,7 @@
</span><span class="cx"> */
</span><span class="cx">
</span><span class="cx"> /*
</span><del>- * Portions Copyrighted 2011 ForgeRock AS
</del><ins>+ * Portions Copyrighted 2011-2015 ForgeRock AS
</ins><span class="cx"> */
</span><span class="cx">
</span><span class="cx"> package com.iplanet.services.comm.server;
</span><span class="lines">@@ -39,6 +39,7 @@
</span><span class="cx"> import javax.servlet.http.HttpServletResponse;
</span><span class="cx">
</span><span class="cx"> import com.iplanet.services.comm.share.ResponseSet;
</span><ins>+
</ins><span class="cx"> import java.util.List;
</span><span class="cx">
</span><span class="cx"> /**
</span><span class="lines">@@ -58,7 +59,9 @@
</span><span class="cx"> * This interface must be implemented by high level \
services and </span><span class="cx"> * applications in order to receive \
requests from the Platform Low Level </span><span class="cx"> * API.
</span><del>- *
</del><ins>+ *
+ * @param auditor
+ * Delegate for publication of 'access' audit events.
</ins><span class="cx"> * @param requests
</span><span class="cx"> * A Set<Request> of Request objects.
</span><span class="cx"> * @param servletRequest
</span><span class="lines">@@ -68,7 +71,6 @@
</span><span class="cx"> * @param servletContext
</span><span class="cx"> * Reference to ServletContext object.
</span><span class="cx"> */
</span><del>- public ResponseSet process(List<Request> requests,
- HttpServletRequest servletRequest,
- HttpServletResponse servletResponse, ServletContext servletContext);
</del><ins>+ ResponseSet process(PLLAuditor auditor, List<Request> requests,
+ HttpServletRequest servletRequest, HttpServletResponse servletResponse, \
ServletContext servletContext); </ins><span class="cx"> }
</span></span></pre></div>
<a id="branchesAME7692_noRestartsAuthopenamopenamcoresrcmainjavacomiplanetservicesldapeventEventServicejava"></a>
<div class="modfile"><h4>Modified: \
branches/AME-7692_noRestartsAuth/openam/openam-core/src/main/java/com/iplanet/services/ldap/event/EventService.java \
(14908 => 14909)</h4> <pre class="diff"><span>
<span class="info">--- \
branches/AME-7692_noRestartsAuth/openam/openam-core/src/main/java/com/iplanet/services/ldap/event/EventService.java 2015-07-31 \
14:42:37 UTC (rev 14908)
+++ branches/AME-7692_noRestartsAuth/openam/openam-core/src/main/java/com/iplanet/services/ldap/event/EventService.java 2015-07-31 \
15:38:51 UTC (rev 14909) </span><span class="lines">@@ -235,19 +235,15 @@
</span><span class="cx"> }
</span><span class="cx"> }
</span><span class="cx">
</span><del>- // Verify if SMS notification should be enabled
- if (isDuringConfigurationTime()) {
- boolean enableDataStoreNotification = Boolean.parseBoolean(
- SystemProperties.get(Constants.SMS_ENABLE_DB_NOTIFICATION));
- logger.message("EventService.getListenerList(): \
com.sun.identity.sm.enableDataStoreNotification: {}",
- enableDataStoreNotification);
- disableSM = !enableDataStoreNotification;
- if (logger.messageEnabled()) {
- logger.message("EventService.getListenerList(): In realm mode \
or config time, SMS listener is set "
- + "to datastore notification flag: {}", \
enableDataStoreNotification);
- }
</del><ins>+ //psearch terminated if you disable the DB notifications, or add \
'sm' to the list of disabled + if (!disableSM) {
+ disableSM = \
!Boolean.parseBoolean(SystemProperties.get(Constants.SMS_ENABLE_DB_NOTIFICATION)); \
</ins><span class="cx"> } </span><span class="cx">
</span><ins>+ if (logger.messageEnabled()) {
+ logger.message("EventService.getListenerList(): SMS listener is \
enabled: {}", !disableSM); + }
+
</ins><span class="cx"> List<Class<? extends IDSEventListener>> \
listeners = new ArrayList<>(); </span><span class="cx"> // Disable the \
selected listeners </span><span class="cx"> if (!disableACI) {
</span></span></pre></div>
<a id="branchesAME7692_noRestartsAuthopenamopenamcoresrcmainjavacomiplanetservicesnamingserviceNamingServicejava"></a>
<div class="modfile"><h4>Modified: \
branches/AME-7692_noRestartsAuth/openam/openam-core/src/main/java/com/iplanet/services/naming/service/NamingService.java \
(14908 => 14909)</h4> <pre class="diff"><span>
<span class="info">--- \
branches/AME-7692_noRestartsAuth/openam/openam-core/src/main/java/com/iplanet/services/naming/service/NamingService.java 2015-07-31 \
14:42:37 UTC (rev 14908)
+++ branches/AME-7692_noRestartsAuth/openam/openam-core/src/main/java/com/iplanet/services/naming/service/NamingService.java 2015-07-31 \
15:38:51 UTC (rev 14909) </span><span class="lines">@@ -46,6 +46,7 @@
</span><span class="cx"> import com.iplanet.sso.SSOToken;
</span><span class="cx"> import com.iplanet.sso.SSOTokenManager;
</span><span class="cx"> import \
com.sun.identity.authentication.internal.AuthPrincipal; </span><ins>+import \
com.iplanet.services.comm.server.PLLAuditor; </ins><span class="cx"> import \
com.sun.identity.common.FQDNUtils; </span><span class="cx"> import \
com.sun.identity.common.configuration.ServerConfiguration; </span><span class="cx"> \
import com.sun.identity.common.configuration.SiteConfiguration; </span><span \
class="lines">@@ -377,7 +378,7 @@ </span><span class="cx"> return \
sb.toString(); </span><span class="cx"> }
</span><span class="cx">
</span><del>- public ResponseSet process(List<Request> requests,
</del><ins>+ public ResponseSet process(PLLAuditor auditor, List<Request> \
requests, </ins><span class="cx"> HttpServletRequest servletRequest,
</span><span class="cx"> HttpServletResponse servletResponse, \
ServletContext servletContext) </span><span class="cx"> {
</span></span></pre></div>
<a id="branchesAME7692_noRestartsAuthopenamopenamcoresrcmainjavacomiplanetumsDataLayerjava"></a>
<div class="modfile"><h4>Modified: \
branches/AME-7692_noRestartsAuth/openam/openam-core/src/main/java/com/iplanet/ums/DataLayer.java \
(14908 => 14909)</h4> <pre class="diff"><span>
<span class="info">--- \
branches/AME-7692_noRestartsAuth/openam/openam-core/src/main/java/com/iplanet/ums/DataLayer.java 2015-07-31 \
14:42:37 UTC (rev 14908)
+++ branches/AME-7692_noRestartsAuth/openam/openam-core/src/main/java/com/iplanet/ums/DataLayer.java 2015-07-31 \
15:38:51 UTC (rev 14909) </span><span class="lines">@@ -29,18 +29,6 @@
</span><span class="cx">
</span><span class="cx"> package com.iplanet.ums;
</span><span class="cx">
</span><del>-import java.io.IOException;
-import java.security.AccessController;
-import java.security.Principal;
-import java.util.ArrayList;
-import java.util.Collection;
-import java.util.Collections;
-import java.util.HashSet;
-import java.util.List;
-import java.util.Set;
-import java.util.StringTokenizer;
-import java.util.concurrent.TimeUnit;
-
</del><span class="cx"> import com.iplanet.am.util.SystemProperties;
</span><span class="cx"> import com.iplanet.services.ldap.Attr;
</span><span class="cx"> import com.iplanet.services.ldap.AttrSet;
</span><span class="lines">@@ -50,9 +38,22 @@
</span><span class="cx"> import com.iplanet.services.ldap.ServerInstance;
</span><span class="cx"> import com.iplanet.services.ldap.event.EventService;
</span><span class="cx"> import com.iplanet.services.util.I18n;
</span><ins>+import com.sun.identity.common.configuration.ConfigurationListener;
+import com.sun.identity.common.configuration.ConfigurationObserver;
</ins><span class="cx"> import com.sun.identity.security.ServerInstanceAction;
</span><span class="cx"> import com.sun.identity.shared.Constants;
</span><span class="cx"> import com.sun.identity.shared.debug.Debug;
</span><ins>+import java.io.IOException;
+import java.security.AccessController;
+import java.security.Principal;
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.Collections;
+import java.util.HashSet;
+import java.util.List;
+import java.util.Set;
+import java.util.StringTokenizer;
+import java.util.concurrent.TimeUnit;
</ins><span class="cx"> import org.forgerock.opendj.ldap.Attribute;
</span><span class="cx"> import org.forgerock.opendj.ldap.Attributes;
</span><span class="cx"> import org.forgerock.opendj.ldap.ByteString;
</span><span class="lines">@@ -100,6 +101,9 @@
</span><span class="cx"> */
</span><span class="cx"> public class DataLayer implements java.io.Serializable {
</span><span class="cx">
</span><ins>+ private static final String RETRIES_KEY = \
"com.iplanet.am.replica.num.retries"; + private static final String \
RETRIES_DELAY_KEY = "com.iplanet.am.replica.delay.between.retries"; +
</ins><span class="cx"> /**
</span><span class="cx"> * Static section to retrieve the debug object.
</span><span class="cx"> */
</span><span class="lines">@@ -107,6 +111,8 @@
</span><span class="cx">
</span><span class="cx"> private static I18n i18n = \
I18n.getInstance(IUMSConstants.UMS_PKG); </span><span class="cx">
</span><ins>+ private static DataLayerConfigListener configListener;
+
</ins><span class="cx"> /**
</span><span class="cx"> * Default minimal connections if none is defined in \
configuration </span><span class="cx"> */
</span><span class="lines">@@ -216,13 +222,14 @@
</span><span class="cx"> m_proxyPassword = pwd;
</span><span class="cx"> m_host = host;
</span><span class="cx"> m_port = port;
</span><ins>+ configListener = new DataLayerConfigListener();
</ins><span class="cx">
</span><span class="cx"> initReplicaProperties();
</span><span class="cx"> initLdapPool();
</span><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> /**
</span><del>- * create the singelton DataLayer object if it doesn't exist \
already. </del><ins>+ * Create the singleton DataLayer object if it doesn't exist \
already. </ins><span class="cx"> *
</span><span class="cx"> * @supported.api
</span><span class="cx"> */
</span><span class="lines">@@ -244,6 +251,8 @@
</span><span class="cx"> }
</span><span class="cx"> m_instance = new DataLayer(pUser, pPwd, host, \
port); </span><span class="cx">
</span><ins>+ \
ConfigurationObserver.getInstance().addListener(configListener); +
</ins><span class="cx"> // Start the EventService thread if it has not \
already started. </span><span class="cx"> initializeEventService();
</span><span class="cx"> }
</span><span class="lines">@@ -251,7 +260,7 @@
</span><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> /**
</span><del>- * create the singelton DataLayer object if it doesn't exist \
already. </del><ins>+ * Create the singleton DataLayer object if it doesn't exist \
already. </ins><span class="cx"> * Assumes the server instance for \
"LDAPUser.Type.AUTH_PROXY". </span><span class="cx"> *
</span><span class="cx"> * @supported.api
</span><span class="lines">@@ -261,8 +270,7 @@
</span><span class="cx"> if (m_instance == null) {
</span><span class="cx"> try {
</span><span class="cx"> DSConfigMgr cfgMgr = \
DSConfigMgr.getDSConfigMgr(); </span><del>- ServerInstance serverCfg = \
cfgMgr
- .getServerInstance(LDAPUser.Type.AUTH_PROXY);
</del><ins>+ ServerInstance serverCfg = \
cfgMgr.getServerInstance(LDAPUser.Type.AUTH_PROXY); </ins><span class="cx"> \
m_instance = getInstance(serverCfg); </span><span class="cx"> } catch \
(LDAPServiceException ex) { </span><span class="cx"> \
debug.error("Error: Unable to get server config instance " </span><span \
class="lines">@@ -1025,38 +1033,22 @@ </span><span class="cx"> return null;
</span><span class="cx"> }
</span><span class="cx">
</span><del>- private void initReplicaProperties() {
- String retries = SystemProperties
- .get("com.iplanet.am.replica.num.retries");
- if (retries != null) {
- try {
- replicaRetryNum = Integer.parseInt(retries);
- if (replicaRetryNum < 0) {
- replicaRetryNum = 0;
- debug.warning("Invalid value for replica retry num, " \
+
- "set to 0");
- }
-
- } catch (NumberFormatException e) {
- debug.warning("Invalid value for replica retry num");
- }
</del><ins>+ private synchronized void initReplicaProperties() {
+ int retries = SystemProperties.getAsInt(RETRIES_KEY, 0);
+ if (retries < 0) {
+ retries = 0;
+ debug.warning("Invalid value for replica retry num, set to \
0"); </ins><span class="cx"> }
</span><span class="cx">
</span><del>- String interval = SystemProperties
- .get("com.iplanet.am.replica.delay.between.retries");
- if (interval != null) {
- try {
- replicaRetryInterval = Long.parseLong(interval);
- if (replicaRetryInterval < 0) {
- replicaRetryInterval = 0;
- debug.warning("Invalid value for replica interval, " +
- "set to 0");
- }
</del><ins>+ replicaRetryNum = retries;
</ins><span class="cx">
</span><del>- } catch (NumberFormatException e) {
- debug.warning("Invalid value for replica interval");
- }
</del><ins>+ long interval = SystemProperties.getAsLong(RETRIES_DELAY_KEY, 0);
+ if (interval < 0) {
+ interval = 0;
+ debug.warning("Invalid value for replica interval, set to 0");
</ins><span class="cx"> }
</span><ins>+
+ replicaRetryInterval = interval;
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> public Entry readLDAPEntry(Connection ld, String dn,
</span><span class="lines">@@ -1288,4 +1280,16 @@
</span><span class="cx">
</span><span class="cx"> private static final String[] EMPTY_STRING_ARRAY = new \
String[0]; </span><span class="cx">
</span><ins>+ private class DataLayerConfigListener implements \
ConfigurationListener { +
+ @Override
+ public synchronized void notifyChanges() {
+ final int retries = SystemProperties.getAsInt(RETRIES_KEY, 0);
+ final long delay = SystemProperties.getAsLong(RETRIES_DELAY_KEY, 0);
+
+ if (retries != replicaRetryNum || delay != replicaRetryInterval) {
+ initReplicaProperties();
+ }
+ }
+ }
</ins><span class="cx"> }
</span></span></pre></div>
<a id="branchesAME7692_noRestartsAuthopenamopenamcoresrcmainjavacomsunidentityauthenticationclientAuthClientUtilsjava"></a>
<div class="modfile"><h4>Modified: \
branches/AME-7692_noRestartsAuth/openam/openam-core/src/main/java/com/sun/identity/authentication/client/AuthClientUtils.java \
(14908 => 14909)</h4> <pre class="diff"><span>
<span class="info">--- \
branches/AME-7692_noRestartsAuth/openam/openam-core/src/main/java/com/sun/identity/authentication/client/AuthClientUtils.java 2015-07-31 \
14:42:37 UTC (rev 14908)
+++ branches/AME-7692_noRestartsAuth/openam/openam-core/src/main/java/com/sun/identity/authentication/client/AuthClientUtils.java 2015-07-31 \
15:38:51 UTC (rev 14909) </span><span class="lines">@@ -69,15 +69,6 @@
</span><span class="cx"> import com.sun.identity.sm.SMSException;
</span><span class="cx"> import com.sun.identity.sm.ServiceSchema;
</span><span class="cx"> import com.sun.identity.sm.ServiceSchemaManager;
</span><del>-import org.forgerock.openam.security.whitelist.ValidGotoUrlExtractor;
-import org.forgerock.openam.session.SessionServiceURLService;
-import org.forgerock.openam.shared.security.whitelist.RedirectUrlValidator;
-import org.forgerock.openam.utils.ClientUtils;
-
-import javax.servlet.ServletContext;
-import javax.servlet.http.Cookie;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
</del><span class="cx"> import java.io.BufferedReader;
</span><span class="cx"> import java.io.IOException;
</span><span class="cx"> import java.io.InputStreamReader;
</span><span class="lines">@@ -103,6 +94,14 @@
</span><span class="cx"> import java.util.Set;
</span><span class="cx"> import java.util.StringTokenizer;
</span><span class="cx"> import java.util.Vector;
</span><ins>+import javax.servlet.ServletContext;
+import javax.servlet.http.Cookie;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import org.forgerock.openam.security.whitelist.ValidGotoUrlExtractor;
+import org.forgerock.openam.session.SessionServiceURLService;
+import org.forgerock.openam.shared.security.whitelist.RedirectUrlValidator;
+import org.forgerock.openam.utils.ClientUtils;
</ins><span class="cx">
</span><span class="cx"> public class AuthClientUtils {
</span><span class="cx">
</span><span class="lines">@@ -122,7 +121,7 @@
</span><span class="cx">
</span><span class="cx"> private static AMClientDetector clientDetector;
</span><span class="cx"> private static Client defaultClient;
</span><del>- private static ResourceBundle bundle;
</del><ins>+ private static volatile ResourceBundle bundle;
</ins><span class="cx"> private static final boolean urlRewriteInPath =
</span><span class="cx"> Boolean.valueOf(SystemProperties.get(
</span><span class="cx"> \
Constants.REWRITE_AS_PATH,"")).booleanValue(); </span><span \
class="lines">@@ -139,7 +138,7 @@ </span><span class="cx">
</span><span class="cx"> // dsame version
</span><span class="cx"> private static String dsameVersion =
</span><del>- SystemProperties.get(Constants.AM_VERSION,DSAME_VERSION);
</del><ins>+ SystemProperties.get(Constants.AM_VERSION, DSAME_VERSION);
</ins><span class="cx">
</span><span class="cx"> // If true, version header will be added to responses, \
default is false </span><span class="cx"> private static final boolean \
isVersionHeaderEnabled = </span><span class="lines">@@ -178,7 +177,7 @@
</span><span class="cx"> Constants.IS_ENABLE_UNIQUE_COOKIE, \
"false")).booleanValue(); </span><span class="cx"> private static \
String hostUrlCookieName = </span><span class="cx"> \
SystemProperties.get(Constants.AUTH_UNIQUE_COOKIE_NAME, </span><del>- \
"sunIdentityServerAuthNServer"); </del><ins>+ \
"sunIdentityServerAuthNServer"); </ins><span class="cx"> private static \
String hostUrlCookieDomain = </span><span class="cx"> \
SystemProperties.get(Constants.AUTH_UNIQUE_COOKIE_DOMAIN); </span><span class="cx">
</span><span class="lines">@@ -420,7 +419,7 @@
</span><span class="cx"> */
</span><span class="cx"> public static Cookie getLogoutCookie(SessionID sid, \
String cookieDomain) { </span><span class="cx"> String logoutCookieString = \
getLogoutCookieString(sid); </span><del>- Cookie logoutCookie = \
createCookie(logoutCookieString,cookieDomain); </del><ins>+ Cookie \
logoutCookie = createCookie(logoutCookieString, cookieDomain); </ins><span \
class="cx"> logoutCookie.setMaxAge(0); </span><span class="cx"> \
return (logoutCookie); </span><span class="cx"> }
</span><span class="lines">@@ -612,7 +611,7 @@
</span><span class="cx">
</span><span class="cx"> /* return the the error message for the error code */
</span><span class="cx"> public static String getErrorMessage(String errorCode) {
</span><del>- String errorMessage = getErrorVal(errorCode,ERROR_MESSAGE);
</del><ins>+ String errorMessage = getErrorVal(errorCode, ERROR_MESSAGE);
</ins><span class="cx"> return (errorMessage);
</span><span class="cx"> }
</span><span class="cx">
</span><span class="lines">@@ -1194,7 +1193,7 @@
</span><span class="cx"> * whether cookie should be set in response or not.
</span><span class="cx"> */
</span><span class="cx"> public static boolean isSetCookie(String clientType) {
</span><del>- boolean setCookie = setCookieVal(clientType,"true");
</del><ins>+ boolean setCookie = setCookieVal(clientType, "true");
</ins><span class="cx">
</span><span class="cx"> if (utilDebug.messageEnabled()) {
</span><span class="cx"> utilDebug.message("setCookie : " + \
setCookie); </span><span class="lines">@@ -1874,6 +1873,11 @@
</span><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> public static String getErrorVal(String errorCode,String \
type) { </span><ins>+
+ if (Locale.getDefaultLocale() != bundle.getLocale()) {
+ bundle = Locale.getInstallResourceBundle(BUNDLE_NAME);
+ }
+
</ins><span class="cx"> String errorMsg=null;
</span><span class="cx"> String templateName=null;
</span><span class="cx"> String resProperty = bundle.getString(errorCode);
</span><span class="lines">@@ -3284,5 +3288,6 @@
</span><span class="cx"> strOut = strIn;
</span><span class="cx"> }
</span><span class="cx"> return strOut;
</span><del>- }
</del><ins>+ }
+
</ins><span class="cx"> }
</span></span></pre></div>
<a id="branchesAME7692_noRestartsAuthopenamopenamcoresrcmainjavacomsunidentityauthenticationserverAuthXMLHandlerjava"></a>
<div class="modfile"><h4>Modified: \
branches/AME-7692_noRestartsAuth/openam/openam-core/src/main/java/com/sun/identity/authentication/server/AuthXMLHandler.java \
(14908 => 14909)</h4> <pre class="diff"><span>
<span class="info">--- \
branches/AME-7692_noRestartsAuth/openam/openam-core/src/main/java/com/sun/identity/authentication/server/AuthXMLHandler.java 2015-07-31 \
14:42:37 UTC (rev 14908)
+++ branches/AME-7692_noRestartsAuth/openam/openam-core/src/main/java/com/sun/identity/authentication/server/AuthXMLHandler.java 2015-07-31 \
15:38:51 UTC (rev 14909) </span><span class="lines">@@ -32,6 +32,7 @@
</span><span class="cx"> import com.iplanet.dpro.session.SessionID;
</span><span class="cx"> import com.iplanet.dpro.session.service.InternalSession;
</span><span class="cx"> import com.iplanet.services.comm.client.PLLClient;
</span><ins>+import com.iplanet.services.comm.server.PLLAuditor;
</ins><span class="cx"> import com.iplanet.services.comm.server.RequestHandler;
</span><span class="cx"> import com.iplanet.services.comm.share.Request;
</span><span class="cx"> import com.iplanet.services.comm.share.RequestSet;
</span><span class="lines">@@ -75,6 +76,7 @@
</span><span class="cx"> import javax.servlet.ServletContext;
</span><span class="cx"> import javax.servlet.http.HttpServletRequest;
</span><span class="cx"> import javax.servlet.http.HttpServletResponse;
</span><ins>+
</ins><span class="cx"> import org.forgerock.guice.core.InjectorHolder;
</span><span class="cx"> import \
org.forgerock.openam.session.SessionServiceURLService; </span><span class="cx"> \
import org.forgerock.openam.utils.ClientUtils; </span><span class="lines">@@ -130,22 \
+132,19 @@ </span><span class="cx"> * @param servletContext \
<code>servletContext</code> object for this request </span><span \
class="cx"> * @return <code>ResponseSet</code> object for the \
processed request. </span><span class="cx"> */
</span><del>- public ResponseSet process(
- List<Request> requests,
- HttpServletRequest servletRequest,
- HttpServletResponse servletResponse,
- ServletContext servletContext) {
</del><ins>+ public ResponseSet process(PLLAuditor auditor, List<Request> \
requests, HttpServletRequest servletRequest, + \
HttpServletResponse servletResponse, ServletContext servletContext) { </ins><span \
class="cx"> ResponseSet rset = new ResponseSet(AuthXMLTags.AUTH_SERVICE); \
</span><span class="cx"> for (Request req : requests) { </span><del>- \
Response res = processRequest(req,servletRequest, servletResponse); </del><ins>+ \
Response res = processRequest(auditor, req, servletRequest, servletResponse); \
</ins><span class="cx"> rset.addResponse(res); </span><span class="cx"> \
} </span><span class="cx"> return rset;
</span><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> /* process the request */
</span><del>- private Response processRequest(Request req,
- HttpServletRequest servletReq, HttpServletResponse servletRes) {
</del><ins>+ private Response processRequest(PLLAuditor auditor, Request req,
+ HttpServletRequest servletReq, \
HttpServletResponse servletRes) { </ins><span class="cx">
</span><span class="cx"> // this call is to create a http session so that the \
JSESSIONID cookie </span><span class="cx"> // is created. The appserver(8.1) \
load balancer plugin relies on the </span><span class="lines">@@ -212,9 +211,11 @@
</span><span class="cx"> RequestSet set = new \
RequestSet(AuthXMLTags.AUTH_SERVICE); </span><span class="cx"> \
set.addRequest(req); </span><span class="cx"> try {
</span><del>- Vector responses = PLLClient.send(new URL(cookieURL), \
set, </del><ins>+ Vector responses = PLLClient.send(new \
URL(cookieURL), set, </ins><span class="cx"> cookieTable);
</span><span class="cx"> if (!responses.isEmpty()) {
</span><ins>+ auditor.auditAccessAttempt();
+ auditor.auditAccessSuccess(); // Just record result as success \
here to avoid parsing response </ins><span class="cx"> \
debug.message("=====================Returning redirected"); </span><span \
class="cx"> return ((Response) responses.elementAt(0)); \
</span><span class="cx"> } </span><span class="lines">@@ -224,6 \
+225,8 @@ </span><span class="cx"> authResponse = new \
AuthXMLResponse(AuthXMLRequest. </span><span class="cx"> \
NewAuthContext); </span><span class="cx"> setErrorCode(authResponse, \
e); </span><ins>+ auditor.auditAccessAttempt();
+ auditor.auditAccessFailure(authResponse.errorCode, \
authResponse.authErrorMessage); </ins><span class="cx"> return new \
Response(authResponse.toXMLString()); </span><span class="cx"> }
</span><span class="cx"> }
</span><span class="lines">@@ -232,7 +235,7 @@
</span><span class="cx"> try {
</span><span class="cx"> AuthXMLRequest sreq = \
AuthXMLRequest.parseXML(content, servletReq); </span><span class="cx"> \
sreq.setHttpServletRequest(servletReq); </span><del>- authResponse = \
processAuthXMLRequest(content, sreq, servletReq, servletRes); </del><ins>+ \
authResponse = processAuthXMLRequest(content, auditor, sreq, servletReq, servletRes); \
</ins><span class="cx"> } catch (AuthException e) { </span><span class="cx"> \
debug.error("Got Auth Exception", e); </span><span class="cx"> \
authResponse = new AuthXMLResponse(AuthXMLRequest.NewAuthContext); </span><span \
class="lines">@@ -243,14 +246,20 @@ </span><span class="cx"> \
setErrorCode(authResponse, ex); </span><span class="cx"> }
</span><span class="cx"> \
debug.message("=======================Returning"); </span><ins>+ if \
(authResponse.isException) { + \
auditor.auditAccessFailure(authResponse.errorCode, authResponse.authErrorMessage); + \
} else { + auditor.auditAccessSuccess();
+ }
</ins><span class="cx"> return new Response(authResponse.toXMLString());
</span><span class="cx"> }
</span><del>-
</del><ins>+
</ins><span class="cx"> /*
</span><span class="cx"> * Process the XMLRequest
</span><span class="cx"> */
</span><span class="cx"> private AuthXMLResponse processAuthXMLRequest(
</span><span class="cx"> String xml,
</span><ins>+ PLLAuditor auditor,
</ins><span class="cx"> AuthXMLRequest authXMLRequest,
</span><span class="cx"> HttpServletRequest servletRequest,
</span><span class="cx"> HttpServletResponse servletResponse) {
</span><span class="lines">@@ -262,6 +271,12 @@
</span><span class="cx"> String orgName = authXMLRequest.getOrgName();
</span><span class="cx"> AuthContextLocal authContext = \
authXMLRequest.getAuthContext(); </span><span class="cx"> LoginState \
loginState = AuthUtils.getLoginState(authContext); </span><ins>+
+ auditor.setMethod(getMethodName(requestType));
+ auditor.setAuthenticationId(getAuthenticationId(loginState));
+ auditor.setContextId(getContextId(loginState));
+ auditor.auditAccessAttempt();
+
</ins><span class="cx"> String params = authXMLRequest.getParams();
</span><span class="cx"> List envList = authXMLRequest.getEnvironment();
</span><span class="cx"> Map envMap = toEnvMap(envList);
</span><span class="lines">@@ -377,6 +392,7 @@
</span><span class="cx"> authXMLRequest.setIndexName(indexName);
</span><span class="cx"> \
authXMLRequest.setRequestType(AuthXMLRequest.LoginIndex); </span><span class="cx"> \
requestType = AuthXMLRequest.LoginIndex; </span><ins>+ \
auditor.setMethod(getMethodName(requestType)); </ins><span class="cx"> \
} </span><span class="cx"> }
</span><span class="cx"> }
</span><span class="lines">@@ -716,10 +732,60 @@
</span><span class="cx"> }
</span><span class="cx"> }
</span><span class="cx"> }
</span><del>-
</del><ins>+
+ auditor.setAuthenticationId(getAuthenticationId(loginState));
+ auditor.setContextId(getContextId(loginState));
+
</ins><span class="cx"> return authResponse;
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+ private String getContextId(LoginState loginState) {
+ String contextId = null;
+ if (loginState != null && loginState.getSession() != null) {
+ contextId = loginState.getSession().getProperty(Constants.AM_CTX_ID);
+ }
+ return contextId == null ? "" : contextId;
+ }
+
+ private String getDomain(LoginState loginState) {
+ String domain = null;
+ if (loginState != null) {
+ domain = loginState.getOrgDN();
+ }
+ return domain == null ? "" : domain;
+ }
+
+ private String getAuthenticationId(LoginState loginState) {
+ String authenticationId = "";
+ if (loginState != null && loginState.getSession() != null) {
+ authenticationId = loginState.getSession().getClientID();
+ }
+ return authenticationId == null ? "" : authenticationId;
+ }
+
+ private String getMethodName(int requestType) {
+ switch (requestType) {
+ case AuthXMLRequest.NewAuthContext:
+ return "NewAuthContext";
+ case AuthXMLRequest.Login:
+ return "Login";
+ case AuthXMLRequest.LoginIndex:
+ return "LoginIndex";
+ case AuthXMLRequest.LoginSubject:
+ return "LoginSubject";
+ case AuthXMLRequest.SubmitRequirements:
+ return "SubmitRequirements";
+ case AuthXMLRequest.QueryInformation:
+ return "QueryInformation";
+ case AuthXMLRequest.Logout:
+ return "Logout";
+ case AuthXMLRequest.Abort:
+ return "Abort";
+ default:
+ return "unknown";
+ }
+ }
+
</ins><span class="cx"> /*
</span><span class="cx"> * Process the new http request
</span><span class="cx"> */
</span></span></pre></div>
<a id="branchesAME7692_noRestartsAuthopenamopenamcoresrcmainjavacomsunidentityauthenticationserviceAuthDjava"></a>
<div class="modfile"><h4>Modified: \
branches/AME-7692_noRestartsAuth/openam/openam-core/src/main/java/com/sun/identity/authentication/service/AuthD.java \
(14908 => 14909)</h4> <pre class="diff"><span>
<span class="info">--- \
branches/AME-7692_noRestartsAuth/openam/openam-core/src/main/java/com/sun/identity/authentication/service/AuthD.java 2015-07-31 \
14:42:37 UTC (rev 14908)
+++ branches/AME-7692_noRestartsAuth/openam/openam-core/src/main/java/com/sun/identity/authentication/service/AuthD.java 2015-07-31 \
15:38:51 UTC (rev 14909) </span><span class="lines">@@ -28,25 +28,8 @@
</span><span class="cx"> */
</span><span class="cx"> package com.sun.identity.authentication.service;
</span><span class="cx">
</span><del>-import static org.forgerock.openam.ldap.LDAPUtils.rdnValueFromDn;
</del><ins>+import static org.forgerock.openam.ldap.LDAPUtils.*;
</ins><span class="cx">
</span><del>-import javax.servlet.ServletContext;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpSession;
-import java.io.IOException;
-import java.security.AccessController;
-import java.util.ArrayList;
-import java.util.Collections;
-import java.util.Hashtable;
-import java.util.Iterator;
-import java.util.List;
-import java.util.Map;
-import java.util.ResourceBundle;
-import java.util.Set;
-import java.util.StringTokenizer;
-import java.util.concurrent.ConcurrentHashMap;
-import java.util.concurrent.ConcurrentMap;
-
</del><span class="cx"> import com.iplanet.am.sdk.AMStoreConnection;
</span><span class="cx"> import com.iplanet.am.util.Misc;
</span><span class="cx"> import com.iplanet.am.util.SystemProperties;
</span><span class="lines">@@ -62,6 +45,8 @@
</span><span class="cx"> import com.sun.identity.authentication.util.ISAuthConstants;
</span><span class="cx"> import com.sun.identity.common.DNUtils;
</span><span class="cx"> import com.sun.identity.common.RequestUtils;
</span><ins>+import com.sun.identity.common.configuration.ConfigurationListener;
+import com.sun.identity.common.configuration.ConfigurationObserver;
</ins><span class="cx"> import com.sun.identity.idm.AMIdentity;
</span><span class="cx"> import com.sun.identity.idm.AMIdentityRepository;
</span><span class="cx"> import com.sun.identity.idm.IdRepoException;
</span><span class="lines">@@ -83,6 +68,22 @@
</span><span class="cx"> import com.sun.identity.sm.ServiceManager;
</span><span class="cx"> import com.sun.identity.sm.ServiceSchema;
</span><span class="cx"> import com.sun.identity.sm.ServiceSchemaManager;
</span><ins>+import java.io.IOException;
+import java.security.AccessController;
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.Hashtable;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Map;
+import java.util.ResourceBundle;
+import java.util.Set;
+import java.util.StringTokenizer;
+import java.util.concurrent.ConcurrentHashMap;
+import java.util.concurrent.ConcurrentMap;
+import javax.servlet.ServletContext;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpSession;
</ins><span class="cx"> import org.forgerock.guice.core.InjectorHolder;
</span><span class="cx"> import org.forgerock.openam.ldap.LDAPUtils;
</span><span class="cx"> import \
org.forgerock.openam.security.whitelist.ValidGotoUrlExtractor; </span><span \
class="lines">@@ -96,7 +97,7 @@ </span><span class="cx"> * It also initializes the \
other dependent services in the OpenAM system and </span><span class="cx"> * hence \
used as bootstrap class for the authentication server. </span><span class="cx"> */
</span><del>-public class AuthD {
</del><ins>+public class AuthD implements ConfigurationListener {
</ins><span class="cx"> /**
</span><span class="cx"> * Configured bundle name for auth service
</span><span class="cx"> */
</span><span class="lines">@@ -114,7 +115,18 @@
</span><span class="cx"> * Lazy initialisation holder idiom for the singleton \
instance. </span><span class="cx"> */
</span><span class="cx"> private static final class SingletonHolder {
</span><del>- private static final AuthD INSTANCE = new AuthD();
</del><ins>+ private static AuthD INSTANCE;
+
+ static AuthD getInstance() {
+ if (INSTANCE == null) {
+ INSTANCE = new AuthD();
+ ConfigurationObserver.getInstance().addListener(INSTANCE);
+
+ }
+
+ return INSTANCE;
+
+ }
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> /**
</span><span class="lines">@@ -183,10 +195,11 @@
</span><span class="cx"> private final String defaultOrg;
</span><span class="cx"> private String platformLocale;
</span><span class="cx"> private final String platformCharset;
</span><ins>+
</ins><span class="cx"> /**
</span><span class="cx"> * ResourceBundle for auth service
</span><span class="cx"> */
</span><del>- final ResourceBundle bundle;
</del><ins>+ ResourceBundle bundle;
</ins><span class="cx">
</span><span class="cx"> private final SSOToken ssoAuthSession;
</span><span class="cx"> private AMStoreConnection dpStore = null;
</span><span class="lines">@@ -515,7 +528,7 @@
</span><span class="cx"> * @return Authenticator singleton instance.
</span><span class="cx"> */
</span><span class="cx"> public static AuthD getAuth() {
</span><del>- return SingletonHolder.INSTANCE;
</del><ins>+ return SingletonHolder.getInstance();
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> /**
</span><span class="lines">@@ -831,6 +844,16 @@
</span><span class="cx"> return \
ssoManager.createSSOToken(authSession.getID().toString()); </span><span class="cx"> \
} </span><span class="cx">
</span><ins>+ @Override
+ public synchronized void notifyChanges() {
+ ResourceBundle newBundle = com.sun.identity.shared.locale.Locale.
+ getInstallResourceBundle(BUNDLE_NAME);
+
+ if (newBundle != bundle) {
+ bundle = newBundle;
+ }
+ }
+
</ins><span class="cx"> /**
</span><span class="cx"> * get inetDomainStatus attribute for the org
</span><span class="cx"> * @param orgName org name to check inetDomainStatus
</span></span></pre></div>
<a id="branchesAME7692_noRestartsAuthopenamopenamcoresrcmainjavacomsunidentityauthenticationserviceLoginStatejava"></a>
<div class="modfile"><h4>Modified: \
branches/AME-7692_noRestartsAuth/openam/openam-core/src/main/java/com/sun/identity/authentication/service/LoginState.java \
(14908 => 14909)</h4> <pre class="diff"><span>
<span class="info">--- \
branches/AME-7692_noRestartsAuth/openam/openam-core/src/main/java/com/sun/identity/authentication/service/LoginState.java 2015-07-31 \
14:42:37 UTC (rev 14908)
+++ branches/AME-7692_noRestartsAuth/openam/openam-core/src/main/java/com/sun/identity/authentication/service/LoginState.java 2015-07-31 \
15:38:51 UTC (rev 14909) </span><span class="lines">@@ -137,8 +137,6 @@
</span><span class="cx"> private static final List<String> \
SHARED_STATE_ATTRIBUTES = </span><span class="cx"> \
Arrays.asList(ISAuthConstants.SHARED_STATE_PASSWORD, \
ISAuthConstants.SHARED_STATE_USERNAME); </span><span class="cx">
</span><del>- private static final String DEFAULT_LOCALE = \
SystemProperties.get(Constants.AM_LOCALE);
-
</del><span class="cx"> /**
</span><span class="cx"> * Lazy initialisation holder to allow unit testing \
without loading the world. </span><span class="cx"> */
</span><span class="lines">@@ -1569,7 +1567,7 @@
</span><span class="cx"> */
</span><span class="cx"> public String getLocale() {
</span><span class="cx"> if (!isLocaleSet) {
</span><del>- return DEFAULT_LOCALE;
</del><ins>+ return SystemProperties.get(Constants.AM_LOCALE);
</ins><span class="cx"> } else {
</span><span class="cx"> return localeContext.getLocale().toString();
</span><span class="cx"> }
</span></span></pre></div>
<a id="branchesAME7692_noRestartsAuthopenamopenamcoresrcmainjavacomsunidentitycommonDebugPropertiesObserverjava"></a>
<div class="modfile"><h4>Modified: \
branches/AME-7692_noRestartsAuth/openam/openam-core/src/main/java/com/sun/identity/common/DebugPropertiesObserver.java \
(14908 => 14909)</h4> <pre class="diff"><span>
<span class="info">--- \
branches/AME-7692_noRestartsAuth/openam/openam-core/src/main/java/com/sun/identity/common/DebugPropertiesObserver.java 2015-07-31 \
14:42:37 UTC (rev 14908)
+++ branches/AME-7692_noRestartsAuth/openam/openam-core/src/main/java/com/sun/identity/common/DebugPropertiesObserver.java 2015-07-31 \
15:38:51 UTC (rev 14909) </span><span class="lines">@@ -24,6 +24,8 @@
</span><span class="cx"> *
</span><span class="cx"> * $Id: DebugPropertiesObserver.java,v 1.4 2008/08/13 \
16:00:54 rajeevangal Exp $ </span><span class="cx"> *
</span><ins>+ * Portions Copyrighted 2015 ForgeRock AS.
+ *
</ins><span class="cx"> */
</span><span class="cx">
</span><span class="cx"> package com.sun.identity.common;
</span><span class="lines">@@ -34,7 +36,6 @@
</span><span class="cx"> import com.sun.identity.shared.Constants;
</span><span class="cx"> import com.sun.identity.shared.debug.Debug;
</span><span class="cx"> import java.util.Collection;
</span><del>-import java.util.Iterator;
</del><span class="cx">
</span><span class="cx"> /**
</span><span class="cx"> * This class observes changes in debug configuration \
properties. </span><span class="lines">@@ -43,15 +44,15 @@
</span><span class="cx"> private static DebugPropertiesObserver instance;
</span><span class="cx"> private static String currentState;
</span><span class="cx"> private static String currentMergeFlag = \
"off"; </span><del>-
</del><ins>+
</ins><span class="cx"> static {
</span><span class="cx"> instance = new DebugPropertiesObserver();
</span><del>- ConfigurationObserver.getInstance().addListener(instance);
</del><span class="cx"> currentState = \
SystemProperties.get(Constants.SERVICES_DEBUG_LEVEL); </span><span class="cx"> \
currentMergeFlag = SystemProperties.get(Constants.SERVICES_DEBUG_MERGEALL); \
</span><span class="cx"> if (currentMergeFlag == null) { </span><span \
class="cx"> currentMergeFlag = "off"; </span><span class="cx"> \
} </span><ins>+ ConfigurationObserver.getInstance().addListener(instance);
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> private DebugPropertiesObserver() {
</span><span class="lines">@@ -69,24 +70,25 @@
</span><span class="cx"> /**
</span><span class="cx"> * This method will be call if configuration changed.
</span><span class="cx"> */
</span><del>- public void notifyChanges() {
</del><ins>+ public synchronized void notifyChanges() {
</ins><span class="cx"> String state = \
SystemProperties.get(Constants.SERVICES_DEBUG_LEVEL); </span><span class="cx"> \
if (!currentState.equals(state)) { </span><span class="cx"> Collection \
debugInstances = Debug.getInstances(); </span><del>- for (Iterator i = \
debugInstances.iterator(); i.hasNext(); ) {
- Debug d = (Debug)i.next();
</del><ins>+ for (Object debugInstance : debugInstances) {
+ Debug d = (Debug) debugInstance;
</ins><span class="cx"> d.setDebug(state);
</span><span class="cx"> }
</span><span class="cx"> currentState = state;
</span><span class="cx"> }
</span><ins>+
</ins><span class="cx"> String mergeflag = \
SystemProperties.get(Constants.SERVICES_DEBUG_MERGEALL); </span><span class="cx"> \
if (!currentMergeFlag.equals(mergeflag)) { </span><del>- currentMergeFlag \
= mergeflag; </del><span class="cx"> Collection debugInstances = \
Debug.getInstances(); </span><del>- for (Iterator i = \
debugInstances.iterator(); i.hasNext(); ) {
- Debug d = (Debug)i.next();
</del><ins>+ for (Object debugInstance : debugInstances) {
+ Debug d = (Debug) debugInstance;
</ins><span class="cx"> d.resetDebug(mergeflag);
</span><span class="cx"> }
</span><ins>+ currentMergeFlag = mergeflag;
</ins><span class="cx"> }
</span><span class="cx"> }
</span><span class="cx">
</span></span></pre></div>
<a id="branchesAME7692_noRestartsAuthopenamopenamcoresrcmainjavacomsunidentitycommonLo \
caleContextjavafromrev14908trunkopenamopenamcoresrcmainjavacomsunidentitycommonLocaleContextjava"></a>
<div class="copfile"><h4>Copied: \
branches/AME-7692_noRestartsAuth/openam/openam-core/src/main/java/com/sun/identity/common/LocaleContext.java \
(from rev 14908, trunk/openam/openam-core/src/main/java/com/sun/identity/common/LocaleContext.java) \
(0 => 14909)</h4> <pre class="diff"><span>
<span class="info">--- \
branches/AME-7692_noRestartsAuth/openam/openam-core/src/main/java/com/sun/identity/common/LocaleContext.java \
(rev 0)
+++ branches/AME-7692_noRestartsAuth/openam/openam-core/src/main/java/com/sun/identity/common/LocaleContext.java 2015-07-31 \
15:38:51 UTC (rev 14909) </span><span class="lines">@@ -0,0 +1,42 @@
</span><ins>+/*
+ * The contents of this file are subject to the terms of the Common Development and
+ * Distribution License (the License). You may not use this file except in \
compliance with the + * License.
+ *
+ * You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for \
the + * specific language governing permission and limitations under the License.
+ *
+ * When distributing Covered Software, include this CDDL Header Notice in each file \
and include + * the License file at legal/CDDLv1.0.txt. If applicable, add the \
following below the CDDL + * Header, with the fields enclosed by brackets [] replaced \
by your own identifying + * information: "Portions copyright [year] [name of \
copyright owner]". + *
+ * Copyright 2015 ForgeRock AS.
+ */
+
+package com.sun.identity.common;
+
+import java.util.Locale;
+
+import org.forgerock.json.resource.Context;
+import org.forgerock.json.resource.ServerContext;
+import org.forgerock.json.resource.servlet.HttpContext;
+
+/**
+ * CREST context for storing request Locale.
+ */
+public class LocaleContext extends ServerContext {
+
+ private final Locale locale;
+
+ public LocaleContext(Context parent) {
+ super("locale", parent);
+ ISLocaleContext localeContext = new ISLocaleContext();
+ localeContext.setLocale(parent.asContext(HttpContext.class));
+ this.locale = localeContext.getLocale();
+ }
+
+ public Locale getLocale() {
+ return locale;
+ }
+}
</ins></span></pre></div>
<a id="branchesAME7692_noRestartsAuthopenamopenamcoresrcmainjavacomsunidentityidmserverIdCachedServicesImpljava"></a>
<div class="modfile"><h4>Modified: \
branches/AME-7692_noRestartsAuth/openam/openam-core/src/main/java/com/sun/identity/idm/server/IdCachedServicesImpl.java \
(14908 => 14909)</h4> <pre class="diff"><span>
<span class="info">--- \
branches/AME-7692_noRestartsAuth/openam/openam-core/src/main/java/com/sun/identity/idm/server/IdCachedServicesImpl.java 2015-07-31 \
14:42:37 UTC (rev 14908)
+++ branches/AME-7692_noRestartsAuth/openam/openam-core/src/main/java/com/sun/identity/idm/server/IdCachedServicesImpl.java 2015-07-31 \
15:38:51 UTC (rev 14909) </span><span class="lines">@@ -27,47 +27,45 @@
</span><span class="cx"> */
</span><span class="cx">
</span><span class="cx"> /*
</span><del>- * Portions Copyrighted 2011-2014 ForgeRock AS
</del><ins>+ * Portions Copyrighted 2011-2015 ForgeRock AS
</ins><span class="cx"> */
</span><span class="cx"> package com.sun.identity.idm.server;
</span><span class="cx">
</span><del>-import java.util.Enumeration;
-import java.util.Map;
-import java.util.Set;
-
</del><ins>+import com.iplanet.am.sdk.AMEvent;
+import com.iplanet.am.sdk.AMHashMap;
+import com.iplanet.am.util.Cache;
</ins><span class="cx"> import com.iplanet.am.util.SystemProperties;
</span><span class="cx"> import com.iplanet.sso.SSOException;
</span><span class="cx"> import com.iplanet.sso.SSOToken;
</span><span class="cx"> import com.sun.identity.common.DNUtils;
</span><del>-
</del><ins>+import com.sun.identity.common.configuration.ConfigurationListener;
+import com.sun.identity.common.configuration.ConfigurationObserver;
</ins><span class="cx"> import com.sun.identity.idm.AMIdentity;
</span><span class="cx"> import com.sun.identity.idm.IdCachedServices;
</span><span class="cx"> import com.sun.identity.idm.IdConstants;
</span><span class="cx"> import com.sun.identity.idm.IdRepoException;
</span><ins>+import com.sun.identity.idm.IdSearchControl;
+import com.sun.identity.idm.IdSearchResults;
</ins><span class="cx"> import com.sun.identity.idm.IdServices;
</span><span class="cx"> import com.sun.identity.idm.IdType;
</span><span class="cx"> import com.sun.identity.idm.IdUtils;
</span><del>-import com.sun.identity.idm.IdSearchControl;
-import com.sun.identity.idm.IdSearchResults;
</del><span class="cx"> import com.sun.identity.idm.common.IdCacheBlock;
</span><span class="cx"> import com.sun.identity.idm.common.IdCacheStats;
</span><span class="cx"> import com.sun.identity.monitoring.Agent;
</span><ins>+import com.sun.identity.monitoring.MonitoringUtil;
</ins><span class="cx"> import com.sun.identity.monitoring.SsoServerIdRepoSvcImpl;
</span><span class="cx"> import com.sun.identity.shared.stats.Stats;
</span><span class="cx"> import com.sun.identity.sm.ServiceManager;
</span><del>-
-import com.iplanet.am.sdk.AMEvent;
-import com.iplanet.am.sdk.AMHashMap;
-import com.iplanet.am.util.Cache;
-import com.sun.identity.monitoring.MonitoringUtil;
</del><ins>+import java.util.Enumeration;
+import java.util.Map;
+import java.util.Set;
</ins><span class="cx"> import org.forgerock.util.thread.listener.ShutdownListener;
</span><span class="cx"> import org.forgerock.util.thread.listener.ShutdownManager;
</span><span class="cx">
</span><span class="cx"> /*
</span><span class="cx"> * Class which provides caching on top of available \
IdRepoLDAPServices. </span><span class="cx"> */
</span><del>-public class IdCachedServicesImpl extends IdServicesImpl implements
- IdCachedServices {
</del><ins>+public class IdCachedServicesImpl extends IdServicesImpl implements \
IdCachedServices, ConfigurationListener { </ins><span class="cx">
</span><span class="cx"> static final String CACHE_MAX_SIZE_KEY = \
"com.iplanet.am.sdk.cache.maxSize"; </span><span class="cx">
</span><span class="lines">@@ -77,7 +75,7 @@
</span><span class="cx">
</span><span class="cx"> private static int maxSize;
</span><span class="cx">
</span><del>- private static IdServices instance;
</del><ins>+ private static IdCachedServicesImpl instance;
</ins><span class="cx">
</span><span class="cx"> // Class Private
</span><span class="cx"> private Cache idRepoCache;
</span><span class="lines">@@ -89,34 +87,21 @@
</span><span class="cx"> private static SsoServerIdRepoSvcImpl monIdRepo;
</span><span class="cx">
</span><span class="cx"> static {
</span><del>- initializeParams();
</del><ins>+ int cacheSize = SystemProperties.getAsInt(CACHE_MAX_SIZE_KEY, \
CACHE_MAX_SIZE_INT); + setMaxSize(cacheSize);
</ins><span class="cx"> }
</span><span class="cx">
</span><del>- /**
- * Method to check if caching is enabled or disabled and configure the size
- * of the cache accordingly.
- */
- private static void initializeParams() {
- // Check if the caching property is set in System runtime.
- String cacheSize = SystemProperties.get(CACHE_MAX_SIZE_KEY,
- CACHE_MAX_SIZE);
- try {
- maxSize = Integer.parseInt(cacheSize);
- if (maxSize < 1) {
- maxSize = CACHE_MAX_SIZE_INT;
- }
- if (DEBUG.messageEnabled()) {
- DEBUG.message(
- "IdCachedServicesImpl.intializeParams() "
- + "Caching size set to: " + maxSize);
- }
- } catch (NumberFormatException ne) {
- maxSize = CACHE_MAX_SIZE_INT;
- if (DEBUG.warningEnabled()) {
- DEBUG.warning("IdCachedServicesImpl.initializeParams() - \
invalid value for cache size specified. "
- + "Setting to default value: " + maxSize);
- }
</del><ins>+ private static void setMaxSize(int newValue) {
+
+ if (newValue < 1) { //if it's invalid, drop back to max
+ newValue = CACHE_MAX_SIZE_INT;
</ins><span class="cx"> }
</span><ins>+
+ maxSize = newValue;
+
+ if (DEBUG.messageEnabled()) {
+ DEBUG.message("IdCachedServicesImpl.intializeParams() Caching size \
set to: " + maxSize); + }
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> private IdCachedServicesImpl() {
</span><span class="lines">@@ -134,6 +119,11 @@
</span><span class="cx"> idRepoCache = new Cache(maxSize);
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+ private void resetCache(int maxCacheSize) {
+ setMaxSize(maxCacheSize);
+ clearCache();
+ }
+
</ins><span class="cx"> /**
</span><span class="cx"> * Method to get the current cache size
</span><span class="cx"> *
</span><span class="lines">@@ -162,6 +152,8 @@
</span><span class="cx"> }
</span><span class="cx"> });
</span><span class="cx">
</span><ins>+ ConfigurationObserver.getInstance().addListener(instance);
+
</ins><span class="cx"> }
</span><span class="cx"> return instance;
</span><span class="cx"> }
</span><span class="lines">@@ -695,4 +687,13 @@
</span><span class="cx"> return cachedId;
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+ @Override
+ public synchronized void notifyChanges() {
+ final int value = SystemProperties.getAsInt(CACHE_MAX_SIZE_KEY, \
CACHE_MAX_SIZE_INT); +
+ if (value != maxSize) {
+ resetCache(value);
+ }
+
+ }
</ins><span class="cx"> }
</span></span></pre></div>
<a id="branchesAME7692_noRestartsAuthopenamopenamcoresrcmainjavacomsunidentitylogs1isLogSSOTokenDetailsjava"></a>
<div class="modfile"><h4>Modified: \
branches/AME-7692_noRestartsAuth/openam/openam-core/src/main/java/com/sun/identity/log/s1is/LogSSOTokenDetails.java \
(14908 => 14909)</h4> <pre class="diff"><span>
<span class="info">--- \
branches/AME-7692_noRestartsAuth/openam/openam-core/src/main/java/com/sun/identity/log/s1is/LogSSOTokenDetails.java 2015-07-31 \
14:42:37 UTC (rev 14908)
+++ branches/AME-7692_noRestartsAuth/openam/openam-core/src/main/java/com/sun/identity/log/s1is/LogSSOTokenDetails.java 2015-07-31 \
15:38:51 UTC (rev 14909) </span><span class="lines">@@ -24,10 +24,7 @@
</span><span class="cx"> *
</span><span class="cx"> * $Id: LogSSOTokenDetails.java,v 1.4 2008/09/05 00:51:01 \
ww203982 Exp $ </span><span class="cx"> *
</span><del>- */
-
-/*
- * Portions Copyrighted 2013 ForgeRock AS
</del><ins>+ * Portions Copyrighted 2013-2015 ForgeRock AS
</ins><span class="cx"> * Portions Copyrighted 2013 Nomura Research Institute, Ltd
</span><span class="cx"> */
</span><span class="cx">
</span><span class="lines">@@ -39,6 +36,7 @@
</span><span class="cx"> import com.sun.identity.log.LogRecord;
</span><span class="cx"> import com.sun.identity.log.Logger;
</span><span class="cx"> import com.sun.identity.log.spi.Debug;
</span><ins>+import com.sun.identity.shared.Constants;
</ins><span class="cx">
</span><span class="cx"> /**
</span><span class="cx"> * This is a DSAME specific util class which takes in \
LogRecord </span><span class="lines">@@ -110,6 +108,9 @@
</span><span class="cx">
</span><span class="cx"> clientID = ssoToken.getPrincipal().getName();
</span><span class="cx"> lr.addLogInfo(LogConstants.LOGIN_ID, clientID);
</span><ins>+
+ String contextId = ssoToken.getProperty(Constants.AM_CTX_ID);
+ lr.addLogInfo(LogConstants.CONTEXT_ID, contextId);
</ins><span class="cx"> } catch (SSOException ssoe) {
</span><span class="cx"> \
Debug.error("LogSSOTokenDetails:logSSOTokenInfo:SSOException: ", \
</span><span class="cx"> ssoe); </span></span></pre></div>
<a id="branchesAME7692_noRestartsAuthopenamopenamcoresrcmainjavacomsunidentitylogservi \
ceAgentLogParserjavafromrev14908trunkopenamopenamcoresrcmainjavacomsunidentitylogserviceAgentLogParserjava"></a>
<div class="copfile"><h4>Copied: \
branches/AME-7692_noRestartsAuth/openam/openam-core/src/main/java/com/sun/identity/log/service/AgentLogParser.java \
(from rev 14908, trunk/openam/openam-core/src/main/java/com/sun/identity/log/service/AgentLogParser.java) \
(0 => 14909)</h4> <pre class="diff"><span>
<span class="info">--- \
branches/AME-7692_noRestartsAuth/openam/openam-core/src/main/java/com/sun/identity/log/service/AgentLogParser.java \
(rev 0)
+++ branches/AME-7692_noRestartsAuth/openam/openam-core/src/main/java/com/sun/identity/log/service/AgentLogParser.java 2015-07-31 \
15:38:51 UTC (rev 14909) </span><span class="lines">@@ -0,0 +1,104 @@
</span><ins>+/*
+ * The contents of this file are subject to the terms of the Common Development and
+ * Distribution License (the License). You may not use this file except in \
compliance with the + * License.
+ *
+ * You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for \
the + * specific language governing permission and limitations under the License.
+ *
+ * When distributing Covered Software, include this CDDL Header Notice in each file \
and include + * the License file at legal/CDDLv1.0.txt. If applicable, add the \
following below the CDDL + * Header, with the fields enclosed by brackets [] replaced \
by your own identifying + * information: "Portions copyright [year] [name of \
copyright owner]". + *
+ * Copyright 2015 ForgeRock AS.
+ */
+package com.sun.identity.log.service;
+
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
+
+/**
+ * Attempts to parse an agent log message to extract useful information.
+ *
+ * @since 13.0.0
+ */
+final class AgentLogParser {
+
+ private enum Extractor {
+
+ WEB_AGENT("^user (\\S+) was (\\S+) access to (\\S+)$", 3, 1, 2),
+ JAVA_AGENT("^access to (\\S+) (\\S+) for user (\\S+)$", 1, 3, 2);
+
+ final Pattern pattern;
+ final int resourceIndex;
+ final int subjectIndex;
+ final int statusIndex;
+
+ Extractor(String pattern, int resourceIndex, int subjectIndex, int \
statusIndex) { + this.pattern = Pattern.compile(pattern, \
Pattern.CASE_INSENSITIVE); + this.resourceIndex = resourceIndex;
+ this.subjectIndex = subjectIndex;
+ this.statusIndex = statusIndex;
+ }
+
+ Matcher newMatcher(String message) {
+ return pattern.matcher(message);
+ }
+
+ }
+
+ /**
+ * Given the log message, attempts to parse and extract known parts.
+ *
+ * @param message
+ * the log message
+ *
+ * @return the log extracts, null if parsing fails
+ */
+ LogExtracts tryParse(String message) {
+ for (Extractor extractor : Extractor.values()) {
+ Matcher matcher = extractor.newMatcher(message);
+
+ if (matcher.matches()) {
+ return extract(extractor, matcher);
+ }
+ }
+
+ return null;
+ }
+
+ private LogExtracts extract(Extractor extractor, Matcher matcher) {
+ String resourceUrl = matcher.group(extractor.resourceIndex);
+ String subjectId = matcher.group(extractor.subjectIndex);
+ String status = matcher.group(extractor.statusIndex);
+ return new LogExtracts(resourceUrl, subjectId, status);
+ }
+
+ final static class LogExtracts {
+
+ private final String resourceUrl;
+ private final String subjectId;
+ private final String status;
+
+ private LogExtracts(String resourceUrl, String subjectId, String status) {
+ this.resourceUrl = resourceUrl;
+ this.subjectId = subjectId;
+ this.status = status;
+ }
+
+ String getResourceUrl() {
+ return resourceUrl;
+ }
+
+ String getSubjectId() {
+ return subjectId;
+ }
+
+ String getStatus() {
+ return status;
+ }
+
+ }
+
+}
</ins></span></pre></div>
<a id="branchesAME7692_noRestartsAuthopenamopenamcoresrcmainjavacomsunidentitylogserviceLogOperationjava"></a>
<div class="modfile"><h4>Modified: \
branches/AME-7692_noRestartsAuth/openam/openam-core/src/main/java/com/sun/identity/log/service/LogOperation.java \
(14908 => 14909)</h4> <pre class="diff"><span>
<span class="info">--- \
branches/AME-7692_noRestartsAuth/openam/openam-core/src/main/java/com/sun/identity/log/service/LogOperation.java 2015-07-31 \
14:42:37 UTC (rev 14908)
+++ branches/AME-7692_noRestartsAuth/openam/openam-core/src/main/java/com/sun/identity/log/service/LogOperation.java 2015-07-31 \
15:38:51 UTC (rev 14909) </span><span class="lines">@@ -24,20 +24,23 @@
</span><span class="cx"> *
</span><span class="cx"> * $Id: LogOperation.java,v 1.3 2008/06/25 05:43:39 qcheng \
Exp $ </span><span class="cx"> *
</span><ins>+ * Portions Copyrighted 2015 ForgeRock AS
</ins><span class="cx"> */
</span><del>-
-
-
</del><span class="cx"> package com.sun.identity.log.service;
</span><span class="cx">
</span><span class="cx"> import com.iplanet.services.comm.share.Response;
</span><ins>+import org.forgerock.openam.audit.AuditEventFactory;
+import org.forgerock.openam.audit.AuditEventPublisher;
+
</ins><span class="cx"> /**
</span><span class="cx"> * This interface defines result of log operation.
</span><span class="cx"> */
</span><span class="cx"> public interface LogOperation {
</span><ins>+
</ins><span class="cx"> /**
</span><span class="cx"> * Return result of the request processing in \
<code>Response</code> </span><span class="cx"> * @return result of \
the request processing in <code>Response</code> </span><span class="cx"> \
*/ </span><del>- public Response execute();
</del><ins>+ Response execute(AuditEventPublisher auditEventPublisher, \
AuditEventFactory auditEventFactory); +
</ins><span class="cx"> } //end of LogOperation
</span></span></pre></div>
<a id="branchesAME7692_noRestartsAuthopenamopenamcoresrcmainjavacomsunidentitylogserviceLogRecWritejava"></a>
<div class="modfile"><h4>Modified: \
branches/AME-7692_noRestartsAuth/openam/openam-core/src/main/java/com/sun/identity/log/service/LogRecWrite.java \
(14908 => 14909)</h4> <pre class="diff"><span>
<span class="info">--- \
branches/AME-7692_noRestartsAuth/openam/openam-core/src/main/java/com/sun/identity/log/service/LogRecWrite.java 2015-07-31 \
14:42:37 UTC (rev 14908)
+++ branches/AME-7692_noRestartsAuth/openam/openam-core/src/main/java/com/sun/identity/log/service/LogRecWrite.java 2015-07-31 \
15:38:51 UTC (rev 14909) </span><span class="lines">@@ -24,21 +24,11 @@
</span><span class="cx"> *
</span><span class="cx"> * $Id: LogRecWrite.java,v 1.6 2009/06/19 02:33:29 bigfatrat \
Exp $ </span><span class="cx"> *
</span><del>- */
-
-/*
- * Portions Copyrighted 2011 ForgeRock AS
</del><ins>+ * Portions Copyrighted 2011-2015 ForgeRock AS
</ins><span class="cx"> * Portions Copyrighted 2013 Nomura Research Institute, Ltd
</span><span class="cx"> */
</span><span class="cx"> package com.sun.identity.log.service;
</span><span class="cx">
</span><del>-import java.util.Hashtable;
-import java.util.Iterator;
-import java.util.Map;
-import java.util.Set;
-import java.util.Vector;
-import java.util.logging.Level;
-
</del><span class="cx"> import com.iplanet.dpro.parser.ParseOutput;
</span><span class="cx"> import com.iplanet.services.comm.share.Response;
</span><span class="cx"> import com.iplanet.sso.SSOException;
</span><span class="lines">@@ -48,12 +38,28 @@
</span><span class="cx"> import com.sun.identity.log.LogRecord;
</span><span class="cx"> import com.sun.identity.log.Logger;
</span><span class="cx"> import com.sun.identity.log.s1is.LogSSOTokenDetails;
</span><ins>+import com.sun.identity.log.service.AgentLogParser.LogExtracts;
</ins><span class="cx"> import com.sun.identity.log.spi.Debug;
</span><span class="cx"> import com.sun.identity.monitoring.Agent;
</span><span class="cx"> import com.sun.identity.monitoring.MonitoringUtil;
</span><span class="cx"> import \
com.sun.identity.monitoring.SsoServerLoggingHdlrEntryImpl; </span><span class="cx"> \
import com.sun.identity.monitoring.SsoServerLoggingSvcImpl; </span><ins>+import \
org.forgerock.openam.audit.AMAccessAuditEventBuilder; +import \
org.forgerock.openam.audit.AuditConstants; +import \
org.forgerock.openam.audit.AuditEventFactory; +import \
org.forgerock.openam.audit.AuditEventPublisher; +import \
org.forgerock.openam.audit.context.AuditRequestContext; +import \
org.forgerock.openam.utils.StringUtils; </ins><span class="cx">
</span><ins>+import java.util.Collections;
+import java.util.Hashtable;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Map;
+import java.util.Set;
+import java.util.Vector;
+import java.util.logging.Level;
+
</ins><span class="cx"> /**
</span><span class="cx"> * This class implements \
<code>ParseOutput</code> interface and <code> </span><span \
class="cx"> * LogOperation</code> interface. It is parsing request and process \
the request. </span><span class="lines">@@ -64,12 +70,12 @@
</span><span class="cx"> String _logname;
</span><span class="cx"> String _loggedBySid;
</span><span class="cx"> Vector _records = new Vector();
</span><del>-
</del><ins>+
</ins><span class="cx"> /**
</span><span class="cx"> * Return result of the request processing in \
<code>Response</code> </span><span class="cx"> * @return result of \
the request processing in <code>Response</code> </span><span class="cx"> \
*/ </span><del>- public Response execute() {
</del><ins>+ public Response execute(AuditEventPublisher auditEventPublisher, \
AuditEventFactory auditEventFactory) { </ins><span class="cx"> Response res = \
new Response("OK"); </span><span class="cx"> \
SsoServerLoggingSvcImpl slsi = null; </span><span class="cx"> \
SsoServerLoggingHdlrEntryImpl slei = null; </span><span class="lines">@@ -103,11 \
+109,11 @@ </span><span class="cx"> Debug.message("LogRecWrite: \
message is not base64 encoded"); </span><span class="cx"> }
</span><span class="cx"> }
</span><del>-
</del><ins>+
</ins><span class="cx"> LogRecord rec = new LogRecord(level, msg);
</span><del>-
</del><ins>+
</ins><span class="cx"> if (logInfoMap != null) {
</span><del>- String loginIDSid =
</del><ins>+ String loginIDSid =
</ins><span class="cx"> \
(String)logInfoMap.get(LogConstants.LOGIN_ID_SID); </span><span class="cx"> \
if (loginIDSid != null && loginIDSid.length() > 0) { </span><span \
class="cx"> SSOToken loginIDToken = null; </span><span \
class="lines">@@ -171,6 +177,7 @@ </span><span class="cx"> if \
(MonitoringUtil.isRunning()) { </span><span class="cx"> \
slei.incHandlerRequestCount(1); </span><span class="cx"> }
</span><ins>+ auditAccessMessage(auditEventPublisher, auditEventFactory, rec);
</ins><span class="cx"> logger.log(rec, loggedByToken);
</span><span class="cx"> // Log file record write okay and return OK
</span><span class="cx"> if (MonitoringUtil.isRunning()) {
</span><span class="lines">@@ -178,6 +185,49 @@
</span><span class="cx"> }
</span><span class="cx"> return res;
</span><span class="cx"> }
</span><ins>+
+ private void auditAccessMessage(AuditEventPublisher auditEventPublisher, \
AuditEventFactory auditEventFactory, LogRecord record) { + if \
(!auditEventPublisher.isAuditing(AuditConstants.ACCESS_TOPIC)) { + return;
+ }
+
+ AgentLogParser logParser = new AgentLogParser();
+ LogExtracts logExtracts = logParser.tryParse(record.getMessage());
+
+ if (logExtracts == null) {
+ // A message type of no interest
+ return;
+ }
+
+ @SuppressWarnings("unchecked")
+ Map<String, String> info = record.getLogInfoMap();
+ String clientIp = info.get(LogConstants.IP_ADDR);
+
+ if (StringUtils.isEmpty(clientIp)) {
+ clientIp = info.get(LogConstants.HOST_NAME);
+ }
+
+ String contextId = info.get(LogConstants.CONTEXT_ID);
+ String clientId = info.get(LogConstants.LOGIN_ID);
+
+ String resourceUrl = logExtracts.getResourceUrl();
+ int queryStringIndex = resourceUrl.indexOf('?');
+ String queryString = queryStringIndex > -1 ? \
resourceUrl.substring(queryStringIndex) : ""; + String path = \
resourceUrl.replace(queryString, ""); +
+ AMAccessAuditEventBuilder builder = auditEventFactory.accessEvent()
+ .transactionId(AuditRequestContext.getTransactionIdValue())
+ .eventName("AM-AGENT-ACCESS_ATTEMPT")
+ .component("AGENT")
+ .authentication(clientId)
+ .http("UNKNOWN", path, queryString, \
Collections.<String, List<String>>emptyMap()) + \
.resourceOperation(logExtracts.getResourceUrl(), "HTTP", \
"UNKNOWN") + .client(clientIp)
+ .contextId(contextId)
+ .response(logExtracts.getStatus(), -1);
+
+ auditEventPublisher.tryPublish(AuditConstants.ACCESS_TOPIC, \
builder.toEvent()); + }
</ins><span class="cx">
</span><span class="cx"> /**
</span><span class="cx"> * The method that implements the ParseOutput interface. \
This is called </span></span></pre></div>
<a id="branchesAME7692_noRestartsAuthopenamopenamcoresrcmainjavacomsunidentitylogserviceLogServicejava"></a>
<div class="modfile"><h4>Modified: \
branches/AME-7692_noRestartsAuth/openam/openam-core/src/main/java/com/sun/identity/log/service/LogService.java \
(14908 => 14909)</h4> <pre class="diff"><span>
<span class="info">--- \
branches/AME-7692_noRestartsAuth/openam/openam-core/src/main/java/com/sun/identity/log/service/LogService.java 2015-07-31 \
14:42:37 UTC (rev 14908)
+++ branches/AME-7692_noRestartsAuth/openam/openam-core/src/main/java/com/sun/identity/log/service/LogService.java 2015-07-31 \
15:38:51 UTC (rev 14909) </span><span class="lines">@@ -24,17 +24,15 @@
</span><span class="cx"> *
</span><span class="cx"> * $Id: LogService.java,v 1.5 2009/12/15 18:00:14 bigfatrat \
Exp $ </span><span class="cx"> *
</span><ins>+ * Portions Copyrighted 2011-2015 ForgeRock AS
</ins><span class="cx"> */
</span><span class="cx">
</span><del>-/*
- * Portions Copyrighted 2011 ForgeRock AS
- */
-
</del><span class="cx"> package com.sun.identity.log.service;
</span><span class="cx">
</span><span class="cx"> import java.io.ByteArrayInputStream;
</span><span class="cx"> import java.net.InetAddress;
</span><span class="cx">
</span><ins>+import javax.inject.Inject;
</ins><span class="cx"> import javax.servlet.http.HttpServletRequest;
</span><span class="cx"> import javax.servlet.http.HttpServletResponse;
</span><span class="cx"> import javax.servlet.ServletContext;
</span><span class="lines">@@ -47,6 +45,7 @@
</span><span class="cx"> import com.iplanet.sso.SSOException;
</span><span class="cx"> import com.iplanet.sso.SSOToken;
</span><span class="cx"> import com.iplanet.sso.SSOTokenManager;
</span><ins>+import com.iplanet.services.comm.server.PLLAuditor;
</ins><span class="cx"> import com.sun.identity.log.spi.Debug;
</span><span class="cx"> import com.sun.identity.monitoring.Agent;
</span><span class="cx"> import com.sun.identity.monitoring.MonitoringUtil;
</span><span class="lines">@@ -54,6 +53,9 @@
</span><span class="cx"> import com.sun.identity.monitoring.SsoServerLoggingSvcImpl;
</span><span class="cx"> import com.sun.identity.session.util.RestrictedTokenHelper;
</span><span class="cx"> import com.sun.identity.session.util.SessionUtils;
</span><ins>+import org.forgerock.openam.audit.AuditEventFactory;
+import org.forgerock.openam.audit.AuditEventPublisher;
+
</ins><span class="cx"> import java.util.List;
</span><span class="cx">
</span><span class="cx"> /**
</span><span class="lines">@@ -77,11 +79,19 @@
</span><span class="cx"> * The SAX parser instance
</span><span class="cx"> */
</span><span class="cx"> WebtopParser parser = new WebtopParser();
</span><ins>+
+ private final AuditEventPublisher auditEventPublisher;
+ private final AuditEventFactory auditEventFactory;
+
</ins><span class="cx"> /**
</span><span class="cx"> * Registers the classes with the SAX parser
</span><span class="cx"> * @throws Exception
</span><span class="cx"> */
</span><del>- public LogService() throws Exception {
</del><ins>+ @Inject
+ public LogService(AuditEventPublisher auditEventPublisher, AuditEventFactory \
auditEventFactory) throws Exception { + this.auditEventFactory = \
auditEventFactory; + this.auditEventPublisher = auditEventPublisher;
+
</ins><span class="cx"> parser = new WebtopParser();
</span><span class="cx"> parser.register(LogXMLStrings.RECWRITE, \
pkg+"LogRecWrite"); </span><span class="cx"> \
parser.register(LogXMLStrings.LOG, pkg+"Log"); </span><span \
class="lines">@@ -107,7 +117,7 @@ </span><span class="cx"> * @param \
servletResponse </span><span class="cx"> * @return The response set which \
contains the result of the log operation. </span><span class="cx"> */
</span><del>- public ResponseSet process(List<Request> requests,
</del><ins>+ public ResponseSet process(PLLAuditor auditor, List<Request> \
requests, </ins><span class="cx"> HttpServletRequest servletRequest,
</span><span class="cx"> HttpServletResponse servletResponse,
</span><span class="cx"> ServletContext servletContext) {
</span><span class="lines">@@ -169,7 +179,7 @@
</span><span class="cx"> ByteArrayInputStream bin = new \
ByteArrayInputStream( </span><span class="cx"> \
xmlRequestString.getBytes("UTF-8")); </span><span class="cx"> \
LogOperation op = (LogOperation) parser.parse(bin); </span><del>- \
res = op.execute(); </del><ins>+ res = \
op.execute(auditEventPublisher, auditEventFactory); </ins><span class="cx"> \
} catch(Exception e) { </span><span class="cx"> \
Debug.error("LogService::process():",e); </span><span class="cx"> \
// FORMAT ERROR RESPONSE HERE </span></span></pre></div>
<a id="branchesAME7692_noRestartsAuthopenamopenamcoresrcmainjavacomsunidentitypassworduimodelPWResetAdminLogjava"></a>
<div class="modfile"><h4>Modified: \
branches/AME-7692_noRestartsAuth/openam/openam-core/src/main/java/com/sun/identity/password/ui/model/PWResetAdminLog.java \
(14908 => 14909)</h4> <pre class="diff"><span>
<span class="info">--- \
branches/AME-7692_noRestartsAuth/openam/openam-core/src/main/java/com/sun/identity/password/ui/model/PWResetAdminLog.java 2015-07-31 \
14:42:37 UTC (rev 14908)
+++ branches/AME-7692_noRestartsAuth/openam/openam-core/src/main/java/com/sun/identity/password/ui/model/PWResetAdminLog.java 2015-07-31 \
15:38:51 UTC (rev 14909) </span><span class="lines">@@ -24,12 +24,14 @@
</span><span class="cx"> *
</span><span class="cx"> * $Id: PWResetAdminLog.java,v 1.2 2008/06/25 05:43:42 \
qcheng Exp $ </span><span class="cx"> *
</span><ins>+ * Portions Copyrighted 2015 ForgeRock AS.
</ins><span class="cx"> */
</span><span class="cx">
</span><span class="cx"> package com.sun.identity.password.ui.model;
</span><span class="cx">
</span><span class="cx"> import com.iplanet.am.util.SystemProperties;
</span><span class="cx"> import com.iplanet.sso.SSOToken;
</span><ins>+import com.sun.identity.common.configuration.ConfigurationListener;
</ins><span class="cx"> import com.sun.identity.log.LogRecord;
</span><span class="cx"> import com.sun.identity.log.Logger;
</span><span class="cx"> import com.sun.identity.security.AdminTokenAction;
</span><span class="lines">@@ -43,23 +45,22 @@
</span><span class="cx"> * <code>PWResetAdminLog</code> defines the \
methods to log messages </span><span class="cx"> * to password reset log file.
</span><span class="cx"> */
</span><del>-public class PWResetAdminLog
</del><ins>+public class PWResetAdminLog implements ConfigurationListener
</ins><span class="cx"> {
</span><span class="cx"> private Logger logger = null;
</span><span class="cx"> private static final String logFile = \
"amPasswordReset.access"; </span><span class="cx"> private static final \
String ACTIVE = "active"; </span><del>- private java.util.Locale locale \
= null; </del><span class="cx"> private static boolean logStatus = false;
</span><span class="cx"> private SSOToken token = null;
</span><ins>+ private String localString;
</ins><span class="cx">
</span><del>-
</del><span class="cx"> /**
</span><span class="cx"> * Resource bundle object
</span><span class="cx"> */
</span><del>- protected static ResourceBundle rb = null;
</del><ins>+ protected ResourceBundle rb = null;
</ins><span class="cx">
</span><span class="cx"> static {
</span><del>- String status = SystemProperties.get(Constants.AM_LOGSTATUS);
</del><ins>+ String status = SystemProperties.get(Constants.AM_LOGSTATUS);
</ins><span class="cx"> logStatus = status.equalsIgnoreCase(ACTIVE);
</span><span class="cx"> }
</span><span class="cx">
</span><span class="lines">@@ -75,12 +76,17 @@
</span><span class="cx"> }
</span><span class="cx"> String lstr = \
SystemProperties.get(Constants.AM_LOCALE); </span><span class="cx">
</span><del>- locale = com.sun.identity.shared.locale.Locale.getLocale(lstr);
</del><ins>+ init(lstr);
+ }
+
+ private void init(String localStr) {
+ localString = localStr;
+ java.util.Locale locale = Locale.getLocale(localStr);
</ins><span class="cx"> rb = \
PWResetResBundleCacher.getBundle(PWResetModel.DEFAULT_RB, locale); </span><span \
class="cx"> </span><span class="cx"> if (rb == null) {
</span><span class="cx"> PWResetModelImpl.debug.error(
</span><del>- "could not get ResourceBundle for " + \
PWResetModel.DEFAULT_RB); </del><ins>+ "could not get \
ResourceBundle for " + PWResetModel.DEFAULT_RB); </ins><span class="cx"> \
} </span><span class="cx"> }
</span><span class="cx">
</span><span class="lines">@@ -93,7 +99,7 @@
</span><span class="cx"> */
</span><span class="cx"> public void doLogKey(String key) {
</span><span class="cx"> if (logStatus) {
</span><del>- doLog(Locale.getString(rb, key, PWResetModelImpl.debug));
</del><ins>+ doLog(Locale.getString(rb, key, PWResetModelImpl.debug));
</ins><span class="cx"> }
</span><span class="cx"> }
</span><span class="cx">
</span><span class="lines">@@ -145,4 +151,13 @@
</span><span class="cx"> public boolean isEnabled() {
</span><span class="cx"> return logStatus;
</span><span class="cx"> }
</span><ins>+
+ @Override
+ public synchronized void notifyChanges() {
+ String lstr = SystemProperties.get(Constants.AM_LOCALE);
+
+ if (!lstr.equalsIgnoreCase(localString)) {
+ init(lstr);
+ }
+ }
</ins><span class="cx"> }
</span></span></pre></div>
<a id="branchesAME7692_noRestartsAuthopenamopenamcoresrcmainjavacomsunidentitypassworduimodelPWResetModelImpljava"></a>
<div class="modfile"><h4>Modified: \
branches/AME-7692_noRestartsAuth/openam/openam-core/src/main/java/com/sun/identity/password/ui/model/PWResetModelImpl.java \
(14908 => 14909)</h4> <pre class="diff"><span>
<span class="info">--- \
branches/AME-7692_noRestartsAuth/openam/openam-core/src/main/java/com/sun/identity/password/ui/model/PWResetModelImpl.java 2015-07-31 \
14:42:37 UTC (rev 14908)
+++ branches/AME-7692_noRestartsAuth/openam/openam-core/src/main/java/com/sun/identity/password/ui/model/PWResetModelImpl.java 2015-07-31 \
15:38:51 UTC (rev 14909) </span><span class="lines">@@ -27,7 +27,7 @@
</span><span class="cx"> */
</span><span class="cx">
</span><span class="cx"> /*
</span><del>- * Portions Copyrighted 2011-2013 ForgeRock, Inc.
</del><ins>+ * Portions Copyrighted 2011-2015 ForgeRock AS.
</ins><span class="cx"> */
</span><span class="cx"> package com.sun.identity.password.ui.model;
</span><span class="cx">
</span><span class="lines">@@ -35,6 +35,7 @@
</span><span class="cx"> import com.iplanet.sso.SSOException;
</span><span class="cx"> import com.iplanet.sso.SSOToken;
</span><span class="cx"> import com.sun.identity.common.ISLocaleContext;
</span><ins>+import com.sun.identity.common.configuration.ConfigurationObserver;
</ins><span class="cx"> import com.sun.identity.security.AdminTokenAction;
</span><span class="cx"> import com.sun.identity.shared.debug.Debug;
</span><span class="cx"> import com.sun.identity.shared.locale.Locale;
</span><span class="lines">@@ -208,10 +209,12 @@
</span><span class="cx"> *
</span><span class="cx"> */
</span><span class="cx"> public PWResetModelImpl() {
</span><del>- initialize();
- }
</del><ins>+ ssoToken = getSSOToken();
+ logger = new PWResetAdminLog(ssoToken);
+ resBundle = PWResetResBundleCacher.getBundle(rbName, \
localeContext.getLocale()); + \
ConfigurationObserver.getInstance().addListener(logger); + }
</ins><span class="cx">
</span><del>-
</del><span class="cx"> /**
</span><span class="cx"> * Returns localized string.
</span><span class="cx"> *
</span><span class="lines">@@ -478,18 +481,18 @@
</span><span class="cx">
</span><span class="cx"> try {
</span><span class="cx"> ServiceSchemaManager mgr = new \
ServiceSchemaManager( </span><del>- serviceName, ssoToken);
</del><ins>+ serviceName, ssoToken);
</ins><span class="cx"> String name = mgr.getI18NFileName();
</span><span class="cx"> if (name != null) {
</span><span class="cx"> ResourceBundle rb = \
PWResetResBundleCacher.getBundle( </span><del>- name, \
localeContext.getLocale()); </del><ins>+ name, \
localeContext.getLocale()); </ins><span class="cx"> i18nName = \
Locale.getString(rb, key, debug); </span><span class="cx"> }
</span><span class="cx"> } catch (MissingResourceException mre) {
</span><span class="cx"> if (debug.warningEnabled()) {
</span><span class="cx"> \
debug.warning("PWResetModelImpl.getL10NAttributeName: " + </span><del>- \
"Could not localized str for " + key + " in service \
" +
- serviceName, mre);
</del><ins>+ "Could not localized str for " + key + \
" in service " + + serviceName, mre);
</ins><span class="cx"> }
</span><span class="cx"> } catch (SSOException e) {
</span><span class="cx"> \
debug.warning("PWResetModelImpl.getL10NAttributeName", e); </span><span \
class="lines">@@ -501,17 +504,6 @@ </span><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> /**
</span><del>- * Initializes the data for this model by getting locale, SSO Token
- * and <code>AMStoreConnection</code>
- */
- private void initialize() {
- ssoToken = getSSOToken();
- logger = new PWResetAdminLog(ssoToken);
- resBundle = PWResetResBundleCacher.getBundle(
- rbName, localeContext.getLocale());
- }
-
- /**
</del><span class="cx"> * Sets the password reset enabled flag depending
</span><span class="cx"> * what is set in the password service for a given \
realm. </span><span class="cx"> *
</span></span></pre></div>
<a id="branchesAME7692_noRestartsAuthopenamopenamcoresrcmainjavacomsunidentitypolicyremotePolicyRequestjava"></a>
<div class="modfile"><h4>Modified: \
branches/AME-7692_noRestartsAuth/openam/openam-core/src/main/java/com/sun/identity/policy/remote/PolicyRequest.java \
(14908 => 14909)</h4> <pre class="diff"><span>
<span class="info">--- \
branches/AME-7692_noRestartsAuth/openam/openam-core/src/main/java/com/sun/identity/policy/remote/PolicyRequest.java 2015-07-31 \
14:42:37 UTC (rev 14908)
+++ branches/AME-7692_noRestartsAuth/openam/openam-core/src/main/java/com/sun/identity/policy/remote/PolicyRequest.java 2015-07-31 \
15:38:51 UTC (rev 14909) </span><span class="lines">@@ -117,6 +117,27 @@
</span><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> /**
</span><ins>+ * Retrieves the string representation of the method Id.
+ *
+ * @return the string representation of the method Id
+ * @throws IllegalStateException should the method Id become unknown
+ */
+ public String getMethodName() {
+ switch (methodID) {
+ case PolicyRequest.POLICY_REQUEST_ADD_POLICY_LISTENER:
+ return "REQUEST_ADD_POLICY_LISTENER";
+ case PolicyRequest.POLICY_REQUEST_REMOVE_POLICY_LISTENER:
+ return "REQUEST_REMOVE_POLICY_LISTENER";
+ case PolicyRequest.POLICY_REQUEST_ADVICES_HANDLEABLE_BY_AM_REQUEST:
+ return "REQUEST_ADVICES_HANDLEABLE_BY_AM_REQUEST";
+ case PolicyRequest.POLICY_REQUEST_GET_RESOURCE_RESULTS:
+ return "REQUEST_GET_RESOURCE_RESULTS";
+ default:
+ throw new IllegalStateException("Unknown method Id");
+ }
+ }
+
+ /**
</ins><span class="cx"> * Sets the method ID of the Policy Request.
</span><span class="cx"> *
</span><span class="cx"> * @param id the method ID.
</span></span></pre></div>
<a id="branchesAME7692_noRestartsAuthopenamopenamcoresrcmainjavacomsunidentitypolicyremotePolicyRequestHandlerjava"></a>
<div class="modfile"><h4>Modified: \
branches/AME-7692_noRestartsAuth/openam/openam-core/src/main/java/com/sun/identity/policy/remote/PolicyRequestHandler.java \
(14908 => 14909)</h4> <pre class="diff"><span>
<span class="info">--- \
branches/AME-7692_noRestartsAuth/openam/openam-core/src/main/java/com/sun/identity/policy/remote/PolicyRequestHandler.java 2015-07-31 \
14:42:37 UTC (rev 14908)
+++ branches/AME-7692_noRestartsAuth/openam/openam-core/src/main/java/com/sun/identity/policy/remote/PolicyRequestHandler.java 2015-07-31 \
15:38:51 UTC (rev 14909) </span><span class="lines">@@ -27,11 +27,12 @@
</span><span class="cx"> */
</span><span class="cx">
</span><span class="cx"> /*
</span><del>- * Portions Copyrighted 2010-2014 ForgeRock AS
</del><ins>+ * Portions Copyrighted 2010-2015 ForgeRock AS
</ins><span class="cx"> */
</span><span class="cx">
</span><span class="cx"> package com.sun.identity.policy.remote;
</span><span class="cx">
</span><ins>+import com.iplanet.services.comm.server.PLLAuditor;
</ins><span class="cx"> import com.iplanet.services.comm.server.RequestHandler;
</span><span class="cx"> import com.iplanet.services.comm.share.Request;
</span><span class="cx"> import com.iplanet.services.comm.share.Response;
</span><span class="lines">@@ -74,8 +75,6 @@
</span><span class="cx"> import java.util.Map;
</span><span class="cx"> import java.util.Set;
</span><span class="cx"> import java.util.TimeZone;
</span><del>-import java.util.concurrent.ConcurrentHashMap;
-import java.util.concurrent.ConcurrentMap;
</del><span class="cx">
</span><span class="cx"> /**
</span><span class="cx"> * The <code>PolicyRequestHandler</code> class \
handles the policy </span><span class="lines">@@ -112,46 +111,43 @@
</span><span class="cx"> String policyServiceRevision;
</span><span class="cx">
</span><span class="cx"> /**
</span><del>- * Default Constructor for \
<code>PolicyRequestHandler</code>.
- */
- public PolicyRequestHandler() {
- }
-
- /**
- * Process the requests and return the responses.
</del><ins>+ * Process the requests aÃŽnd return the responses.
</ins><span class="cx"> *
</span><span class="cx"> * @param requests Requests specified in the policy \
request </span><span class="cx"> * @return the set of the response
</span><span class="cx"> */
</span><del>- public ResponseSet process(
</del><ins>+ public ResponseSet process(PLLAuditor auditor,
</ins><span class="cx"> List<Request> requests,
</span><span class="cx"> HttpServletRequest servletRequest,
</span><span class="cx"> HttpServletResponse servletResponse,
</span><span class="cx"> ServletContext servletContext
</span><span class="cx"> ) {
</span><del>-
</del><ins>+
</ins><span class="cx"> ResponseSet resSet = new \
ResponseSet(PolicyService.POLICY_SERVICE); </span><span class="cx"> int size \
= requests.size(); </span><del>-
</del><ins>+
</ins><span class="cx"> for (Request req : requests) {
</span><span class="cx"> Response res = null;
</span><ins>+
</ins><span class="cx"> try {
</span><del>- res = processRequest(req);
</del><ins>+ res = processRequest(req, auditor);
</ins><span class="cx"> } catch (PolicyEvaluationException pe) {
</span><span class="cx"> if (debug.messageEnabled()) {
</span><span class="cx"> \
debug.message("PolicyRequesthandler.process" </span><del>- \
+ " caught PolicyEvaluationException:", </del><ins>+ \
+ " caught PolicyEvaluationException:", </ins><span class="cx"> \
pe); </span><span class="cx"> }
</span><ins>+
+
</ins><span class="cx"> PolicyService ps = new PolicyService();
</span><span class="cx"> try {
</span><del>- String rev = getPolicyServiceRevision();
</del><ins>+ String rev = getPolicyServiceRevision();
</ins><span class="cx"> ps.setRevision(rev);
</span><span class="cx"> } catch (PolicyEvaluationException pee) {
</span><span class="cx"> \
debug.error("PolicyRequesthandler.process" </span><del>- \
+ " can not get service revision number, "
- + ",revision defaulting to :"
- + PolicyService.ON_ERROR_REVISION_NUMBER,
</del><ins>+ + " can not get service revision \
number, " + + ",revision defaulting to \
:" + + \
PolicyService.ON_ERROR_REVISION_NUMBER, </ins><span class="cx"> \
pee); </span><span class="cx"> \
ps.setRevision(PolicyService.ON_ERROR_REVISION_NUMBER); </span><span class="cx"> \
} </span><span class="lines">@@ -161,8 +157,10 @@
</span><span class="cx"> pRes.setExceptionMsg(pe.getMessage());
</span><span class="cx"> \
pRes.setIssueInstant(System.currentTimeMillis()); </span><span class="cx"> \
ps.setMethodID(PolicyService.POLICY_RESPONSE_ID); </span><del>- \
ps.setPolicyResponse(pRes); </del><ins>+ ps.setPolicyResponse(pRes);
</ins><span class="cx"> res = new Response(ps.toXMLString());
</span><ins>+
+ auditor.auditAccessFailure(pe.getMessage());
</ins><span class="cx"> }
</span><span class="cx"> if (res != null) {
</span><span class="cx"> resSet.addResponse(res);
</span><span class="lines">@@ -176,9 +174,10 @@
</span><span class="cx"> * Processes a request and return its corresponding \
response. </span><span class="cx"> *
</span><span class="cx"> * @param req the request.
</span><ins>+ * @param auditor the auditor helper
</ins><span class="cx"> * @return the corresponding response.
</span><span class="cx"> */
</span><del>- private Response processRequest(Request req)
</del><ins>+ private Response processRequest(Request req, PLLAuditor auditor)
</ins><span class="cx"> throws PolicyEvaluationException {
</span><span class="cx"> String content = req.getContent();
</span><span class="cx">
</span><span class="lines">@@ -194,7 +193,7 @@
</span><span class="cx"> "policy service object:" + \
psReq.toXMLString()); </span><span class="cx"> }
</span><span class="cx">
</span><del>- PolicyService psRes = processPolicyServiceRequest(psReq);
</del><ins>+ PolicyService psRes = processPolicyServiceRequest(psReq, \
auditor); </ins><span class="cx">
</span><span class="cx"> if (debug.messageEnabled()) {
</span><span class="cx"> \
debug.message("PolicyRequestHandler.processRequest(): " + </span><span \
class="lines">@@ -208,9 +207,10 @@ </span><span class="cx"> * response.
</span><span class="cx"> *
</span><span class="cx"> * @param psReq a policy service request.
</span><ins>+ * @param auditor the auditor helper
</ins><span class="cx"> * @return its corresponding policy service response.
</span><span class="cx"> */
</span><del>- private PolicyService processPolicyServiceRequest(PolicyService \
psReq) </del><ins>+ private PolicyService \
processPolicyServiceRequest(PolicyService psReq, PLLAuditor auditor) </ins><span \
class="cx"> throws PolicyEvaluationException { </span><span class="cx">
</span><span class="cx"> PolicyService psRes = null;
</span><span class="lines">@@ -239,7 +239,7 @@
</span><span class="cx"> psRes = new PolicyService();
</span><span class="cx"> psRes.setRevision(getPolicyServiceRevision());
</span><span class="cx">
</span><del>- PolicyResponse policyRes = processPolicyRequest(policyReq);
</del><ins>+ PolicyResponse policyRes = processPolicyRequest(policyReq, \
auditor); </ins><span class="cx"> \
policyRes.setIssueInstant(System.currentTimeMillis()); </span><span class="cx"> \
psRes.setMethodID(PolicyService.POLICY_RESPONSE_ID); </span><span class="cx"> \
psRes.setPolicyResponse(policyRes); </span><span class="lines">@@ -259,7 +259,7 @@
</span><span class="cx"> * @param req a policy request
</span><span class="cx"> * @return its corresponding policy response
</span><span class="cx"> */
</span><del>- private PolicyResponse processPolicyRequest(PolicyRequest req)
</del><ins>+ private PolicyResponse processPolicyRequest(PolicyRequest req, \
PLLAuditor auditor) </ins><span class="cx"> throws PolicyEvaluationException
</span><span class="cx"> {
</span><span class="cx"> if (debug.messageEnabled()) {
</span><span class="lines">@@ -289,19 +289,25 @@
</span><span class="cx"> // set the app token into the ThreadLocal
</span><span class="cx"> AppTokenHandler.set(appToken);
</span><span class="cx">
</span><ins>+ auditor.setMethod(req.getMethodName());
+ auditor.setSsoToken(appToken);
+ auditor.auditAccessAttempt();
+
</ins><span class="cx"> if (req.getMethodID() ==
</span><span class="cx"> \
PolicyRequest.POLICY_REQUEST_ADD_POLICY_LISTENER) { </span><span class="cx"> \
PolicyListenerRequest plReq = req.getPolicyListenerRequest(); </span><span \
class="cx"> boolean addListener = addPolicyListener(appToken, plReq); \
</span><span class="cx"> if (addListener) { </span><span class="cx"> \
policyRes.setMethodID( </span><del>- \
PolicyResponse.POLICY_ADD_LISTENER_RESPONSE); </del><ins>+ \
PolicyResponse.POLICY_ADD_LISTENER_RESPONSE); + \
auditor.auditAccessSuccess(); </ins><span class="cx"> } else {
</span><span class="cx"> String[] objs = \
{plReq.getNotificationURL()}; </span><span class="cx"> String \
message = ResBundleUtils.getString( </span><span class="cx"> \
"failed.add.policy.listener", objs); </span><span class="cx"> \
policyRes.setExceptionMsg(message); </span><span class="cx"> \
policyRes.setMethodID(PolicyResponse.POLICY_EXCEPTION); </span><ins>+ \
auditor.auditAccessFailure(message); </ins><span class="cx"> }
</span><span class="cx"> return policyRes;
</span><span class="cx"> }
</span><span class="lines">@@ -312,13 +318,15 @@
</span><span class="cx"> boolean removeListener = \
removePolicyListener(appToken, rmReq); </span><span class="cx"> if \
(removeListener) { </span><span class="cx"> policyRes.setMethodID(
</span><del>- PolicyResponse.POLICY_REMOVE_LISTENER_RESPONSE);
</del><ins>+ PolicyResponse.POLICY_REMOVE_LISTENER_RESPONSE);
+ auditor.auditAccessSuccess();
</ins><span class="cx"> } else {
</span><span class="cx"> String[] objs = \
{rmReq.getNotificationURL()}; </span><span class="cx"> String \
message = ResBundleUtils.getString( </span><span class="cx"> \
"failed.remove.policy.listener", objs ); </span><span class="cx"> \
policyRes.setExceptionMsg(message); </span><span class="cx"> \
policyRes.setMethodID(PolicyResponse.POLICY_EXCEPTION); </span><ins>+ \
auditor.auditAccessFailure(message); </ins><span class="cx"> }
</span><span class="cx"> return policyRes;
</span><span class="cx"> }
</span><span class="lines">@@ -335,7 +343,8 @@
</span><span class="cx"> policyRes.setAdvicesHandleableByAMResponse(
</span><span class="cx"> new \
AdvicesHandleableByAMResponse(advices)); </span><span class="cx"> \
policyRes.setMethodID( </span><del>- \
PolicyResponse.POLICY_ADVICES_HANDLEABLE_BY_AM_RESPONSE); </del><ins>+ \
PolicyResponse.POLICY_ADVICES_HANDLEABLE_BY_AM_RESPONSE); + \
auditor.auditAccessSuccess(); </ins><span class="cx"> } catch \
(PolicyException pe) { </span><span class="cx"> if \
(debug.warningEnabled()) { </span><span class="cx"> \
debug.warning("PolicyRequestHandler: could not get " </span><span \
class="lines">@@ -353,7 +362,7 @@ </span><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> if (req.getMethodID() ==
</span><del>- PolicyRequest.POLICY_REQUEST_GET_RESOURCE_RESULTS) {
</del><ins>+ PolicyRequest.POLICY_REQUEST_GET_RESOURCE_RESULTS) {
</ins><span class="cx"> ResourceResultRequest resourceResultReq =
</span><span class="cx"> req.getResourceResultRequest();
</span><span class="cx">
</span><span class="lines">@@ -370,8 +379,8 @@
</span><span class="cx"> } catch (PolicyException pe) {
</span><span class="cx"> if (debug.warningEnabled()) {
</span><span class="cx"> debug.warning(
</span><del>- "PolicyRequestHandler: Invalid user sso \
token, " +
- userSSOTokenIDStr, pe);
</del><ins>+ "PolicyRequestHandler: Invalid user \
sso token, " + + userSSOTokenIDStr, pe);
</ins><span class="cx"> }
</span><span class="cx"> throw new \
PolicyEvaluationException(ResBundleUtils.rbName, </span><span class="cx"> \
"user_sso_token_invalid", null, null, requestId); </span><span \
class="lines">@@ -447,12 +456,13 @@ </span><span class="cx"> }
</span><span class="cx"> }
</span><span class="cx">
</span><del>- resourceRst.setResponseDecisions(respDecisions);
</del><ins>+ resourceRst.setResponseDecisions(respDecisions);
</ins><span class="cx"> \
resourceResults.addAll(resourceRst.getResourceResults()); </span><span class="cx"> \
policyRes.setResourceResults(resourceResults); </span><span class="cx"> \
policyRes.setMethodID( </span><del>- \
PolicyResponse.POLICY_RESPONSE_RESOURCE_RESULT);
- return policyRes;
</del><ins>+ PolicyResponse.POLICY_RESPONSE_RESOURCE_RESULT);
+ auditor.auditAccessSuccess();
+ return policyRes;
</ins><span class="cx"> }
</span><span class="cx"> debug.error("PolicyRequestHandler: Invalid \
policy request format"); </span><span class="cx"> throw new \
PolicyEvaluationException(ResBundleUtils.rbName, </span></span></pre></div>
<a id="branchesAME7692_noRestartsAuthopenamopenamcoresrcmainjavacomsunidentitysetupEmbeddedOpenDSjava"></a>
<div class="modfile"><h4>Modified: \
branches/AME-7692_noRestartsAuth/openam/openam-core/src/main/java/com/sun/identity/setup/EmbeddedOpenDS.java \
(14908 => 14909)</h4> <pre class="diff"><span>
<span class="info">--- \
branches/AME-7692_noRestartsAuth/openam/openam-core/src/main/java/com/sun/identity/setup/EmbeddedOpenDS.java 2015-07-31 \
14:42:37 UTC (rev 14908)
+++ branches/AME-7692_noRestartsAuth/openam/openam-core/src/main/java/com/sun/identity/setup/EmbeddedOpenDS.java 2015-07-31 \
15:38:51 UTC (rev 14909) </span><span class="lines">@@ -33,37 +33,7 @@
</span><span class="cx"> import com.sun.identity.common.ShutdownManager;
</span><span class="cx"> import com.sun.identity.shared.Constants;
</span><span class="cx"> import com.sun.identity.shared.debug.Debug;
</span><del>-import java.io.BufferedInputStream;
-import java.io.BufferedOutputStream;
-import java.io.BufferedReader;
-import java.io.ByteArrayOutputStream;
-import java.io.File;
-import java.io.FileNotFoundException;
-import java.io.FileOutputStream;
-import java.io.FileReader;
-import java.io.FileWriter;
-import java.io.FilenameFilter;
-import java.io.IOException;
-import java.io.OutputStream;
-import java.io.StringReader;
-import java.nio.ByteBuffer;
-import java.nio.channels.ReadableByteChannel;
-import java.nio.channels.WritableByteChannel;
-import java.security.NoSuchAlgorithmException;
-import java.util.ArrayList;
-import java.util.Enumeration;
-import java.util.HashSet;
-import java.util.List;
-import java.util.Map;
-import java.util.Scanner;
-import java.util.Set;
-import java.util.StringTokenizer;
-import java.util.concurrent.TimeUnit;
-import java.util.zip.ZipEntry;
-import java.util.zip.ZipFile;
-import javax.crypto.Cipher;
-import javax.crypto.NoSuchPaddingException;
-import javax.servlet.ServletContext;
</del><ins>+import org.forgerock.guava.common.io.ByteStreams;
</ins><span class="cx"> import org.forgerock.openam.utils.IOUtils;
</span><span class="cx"> import org.forgerock.opendj.ldap.Attribute;
</span><span class="cx"> import org.forgerock.opendj.ldap.Attributes;
</span><span class="lines">@@ -94,6 +64,38 @@
</span><span class="cx"> import org.opends.server.util.ServerConstants;
</span><span class="cx"> import org.opends.server.util.TimeThread;
</span><span class="cx">
</span><ins>+import javax.crypto.Cipher;
+import javax.crypto.NoSuchPaddingException;
+import javax.servlet.ServletContext;
+import java.io.BufferedInputStream;
+import java.io.BufferedOutputStream;
+import java.io.BufferedReader;
+import java.io.ByteArrayOutputStream;
+import java.io.File;
+import java.io.FileNotFoundException;
+import java.io.FileOutputStream;
+import java.io.FileReader;
+import java.io.FileWriter;
+import java.io.FilenameFilter;
+import java.io.IOException;
+import java.io.OutputStream;
+import java.io.StringReader;
+import java.nio.ByteBuffer;
+import java.nio.channels.ReadableByteChannel;
+import java.nio.channels.WritableByteChannel;
+import java.security.NoSuchAlgorithmException;
+import java.util.ArrayList;
+import java.util.Enumeration;
+import java.util.HashSet;
+import java.util.List;
+import java.util.Map;
+import java.util.Scanner;
+import java.util.Set;
+import java.util.StringTokenizer;
+import java.util.concurrent.TimeUnit;
+import java.util.zip.ZipEntry;
+import java.util.zip.ZipFile;
+
</ins><span class="cx"> // OpenDS, now OpenDJ, does not have APIs to install and \
setup replication yet </span><span class="cx">
</span><span class="cx"> /**
</span><span class="lines">@@ -160,9 +162,7 @@
</span><span class="cx"> new FileOutputStream(odsRoot + \
"/opendj.zip"), 10000); </span><span class="cx">
</span><span class="cx"> try {
</span><del>- while (bin.available() > 0) {
- bout.write(bin.read());
- }
</del><ins>+ ByteStreams.copy(bin, bout);
</ins><span class="cx"> } catch (IOException ioe) {
</span><span class="cx"> \
Debug.getInstance(SetupConstants.DEBUG_NAME).error( </span><span class="cx"> \
"EmbeddedOpenDS.setup(): Error copying zip file", ioe); </span><span \
class="lines">@@ -190,9 +190,7 @@ </span><span class="cx"> new \
BufferedOutputStream(new java.io.FileOutputStream(f), 10000); </span><span \
class="cx"> </span><span class="cx"> try {
</span><del>- while (is.available() > 0) {
- fos.write(is.read());
- }
</del><ins>+ ByteStreams.copy(is, fos);
</ins><span class="cx"> } catch (IOException ioe) {
</span><span class="cx"> \
Debug.getInstance(SetupConstants.DEBUG_NAME).error( </span><span class="cx"> \
"EmbeddedOpenDS.setup(): Error loading ldifs", ioe); \
</span></span></pre></div> <a \
id="branchesAME7692_noRestartsAuthopenamopenamcoresrcmainjavacomsunidentitysmSMSPropertiesObserverjava"></a>
<div class="modfile"><h4>Modified: \
branches/AME-7692_noRestartsAuth/openam/openam-core/src/main/java/com/sun/identity/sm/SMSPropertiesObserver.java \
(14908 => 14909)</h4> <pre class="diff"><span>
<span class="info">--- \
branches/AME-7692_noRestartsAuth/openam/openam-core/src/main/java/com/sun/identity/sm/SMSPropertiesObserver.java 2015-07-31 \
14:42:37 UTC (rev 14908)
+++ branches/AME-7692_noRestartsAuth/openam/openam-core/src/main/java/com/sun/identity/sm/SMSPropertiesObserver.java 2015-07-31 \
15:38:51 UTC (rev 14909) </span><span class="lines">@@ -24,13 +24,18 @@
</span><span class="cx"> *
</span><span class="cx"> * $Id: SMSPropertiesObserver.java,v 1.1 2008/07/30 00:50:15 \
arviranga Exp $ </span><span class="cx"> *
</span><ins>+ * Portions Copyrighted 2015 ForgeRock AS.
+ *
</ins><span class="cx"> */
</span><span class="cx">
</span><span class="cx"> package com.sun.identity.sm;
</span><span class="cx">
</span><ins>+import com.iplanet.services.ldap.event.EventException;
+import com.iplanet.services.ldap.event.EventService;
</ins><span class="cx"> import \
com.sun.identity.common.configuration.ConfigurationListener; </span><span class="cx"> \
import com.sun.identity.common.configuration.ConfigurationObserver; </span><span \
class="cx"> import com.sun.identity.shared.debug.Debug; </span><ins>+import \
org.forgerock.opendj.ldap.ErrorResultException; </ins><span class="cx">
</span><span class="cx"> /**
</span><span class="cx"> * Listenes to changes to \
<class>SystemProperties</class> and reinitialized </span><span \
class="lines">@@ -72,5 +77,12 @@ </span><span class="cx"> \
SMSNotificationManager.getInstance().initializeProperties(); </span><span class="cx"> \
CachedSMSEntry.initializeProperties(); </span><span class="cx"> \
SMSThreadPool.initialize(true); </span><ins>+ try {
+ EventService.getEventService().restartPSearches();
+ } catch (EventException | ErrorResultException e) {
+ if (debug.errorEnabled()) {
+ debug.error("SMSPropertiesObserver :: Unable to restart \
PSearches after SystemProperties change.", e); + }
+ }
</ins><span class="cx"> }
</span><span class="cx"> }
</span></span></pre></div>
<a id="branchesAME7692_noRestartsAuthopenamopenamcoresrcmainjavaorgforgerockopenamcoreguiceDataLayerGuiceModulejava"></a>
<div class="modfile"><h4>Modified: \
branches/AME-7692_noRestartsAuth/openam/openam-core/src/main/java/org/forgerock/openam/core/guice/DataLayerGuiceModule.java \
(14908 => 14909)</h4> <pre class="diff"><span>
<span class="info">--- \
branches/AME-7692_noRestartsAuth/openam/openam-core/src/main/java/org/forgerock/openam/core/guice/DataLayerGuiceModule.java 2015-07-31 \
14:42:37 UTC (rev 14908)
+++ branches/AME-7692_noRestartsAuth/openam/openam-core/src/main/java/org/forgerock/openam/core/guice/DataLayerGuiceModule.java 2015-07-31 \
15:38:51 UTC (rev 14909) </span><span class="lines">@@ -65,12 +65,14 @@
</span><span class="cx"> \
binder().bind(connectionMapKey).toProvider(ConfigurationMapProvider.class).in(Singleton.class);
</span><span class="cx">
</span><span class="cx"> for (ConnectionType connectionType : \
ConnectionType.values()) { </span><del>- try {
- DataLayerConnectionModule module = \
connectionType.getConfigurationClass().newInstance();
- module.setConnectionType(connectionType);
- binder().install(module);
- } catch (Exception e) {
- throw new IllegalStateException("Could not initialise \
connection module for " + connectionType, e); </del><ins>+ if \
(connectionType != ConnectionType.UMA_LABELS) { + try {
+ DataLayerConnectionModule module = \
connectionType.getConfigurationClass().newInstance(); + \
module.setConnectionType(connectionType); + \
binder().install(module); + } catch (Exception e) {
+ throw new IllegalStateException("Could not initialise \
connection module for " + connectionType, e); + }
</ins><span class="cx"> }
</span><span class="cx"> }
</span><span class="cx">
</span></span></pre></div>
<a id="branchesAME7692_noRestartsAuthopenamopenamcoresrcmainjavaorgforgerockopenamctsapifieldsResourceSetTokenFieldjava"></a>
<div class="modfile"><h4>Modified: \
branches/AME-7692_noRestartsAuth/openam/openam-core/src/main/java/org/forgerock/openam/cts/api/fields/ResourceSetTokenField.java \
(14908 => 14909)</h4> <pre class="diff"><span>
<span class="info">--- \
branches/AME-7692_noRestartsAuth/openam/openam-core/src/main/java/org/forgerock/openam/cts/api/fields/ResourceSetTokenField.java 2015-07-31 \
14:42:37 UTC (rev 14908)
+++ branches/AME-7692_noRestartsAuth/openam/openam-core/src/main/java/org/forgerock/openam/cts/api/fields/ResourceSetTokenField.java 2015-07-31 \
15:38:51 UTC (rev 14909) </span><span class="lines">@@ -30,4 +30,5 @@
</span><span class="cx"> public static final String RESOURCE_OWNER_ID = \
"resourceOwnerId"; </span><span class="cx"> public static final String \
REALM = "realm"; </span><span class="cx"> public static final String \
NAME = "name"; </span><ins>+ public static final String LABELS = \
"labels"; </ins><span class="cx"> }
</span></span></pre></div>
<a id="branchesAME7692_noRestartsAuthopenamopenamcoresrcmainjavaorgforgerockopenamsmdatalayerapiConnectionTypejava"></a>
<div class="modfile"><h4>Modified: \
branches/AME-7692_noRestartsAuth/openam/openam-core/src/main/java/org/forgerock/openam/sm/datalayer/api/ConnectionType.java \
(14908 => 14909)</h4> <pre class="diff"><span>
<span class="info">--- \
branches/AME-7692_noRestartsAuth/openam/openam-core/src/main/java/org/forgerock/openam/sm/datalayer/api/ConnectionType.java 2015-07-31 \
14:42:37 UTC (rev 14908)
+++ branches/AME-7692_noRestartsAuth/openam/openam-core/src/main/java/org/forgerock/openam/sm/datalayer/api/ConnectionType.java 2015-07-31 \
15:38:51 UTC (rev 14909) </span><span class="lines">@@ -62,7 +62,11 @@
</span><span class="cx"> */
</span><span class="cx"> UMA_AUDIT_ENTRY(UmaAuditConnectionModule.class),
</span><span class="cx">
</span><del>- UMA_PENDING_REQUESTS(UmaPendingRequestConnectionModule.class);
</del><ins>+ UMA_PENDING_REQUESTS(UmaPendingRequestConnectionModule.class),
+ /**
+ * See {@code org.forgerock.openam.oauth2.resources.labels.UmaLabelsStore}. No \
fallback module type available. + */
+ UMA_LABELS(null);
</ins><span class="cx">
</span><span class="cx"> private static final String \
CONFIGURATION_CLASS_PROPERTY_PREFIX = \
"org.forgerock.openam.sm.datalayer.module."; </span><span class="cx"> \
private final Class<? extends DataLayerConnectionModule> configurationClass; \
</span></span></pre></div> <a \
id="branchesAME7692_noRestartsAuthopenamopenamcoresrcmainjavaorgforgerockopenamsmdatalayerapiDataLayerConstantsjava"></a>
<div class="modfile"><h4>Modified: \
branches/AME-7692_noRestartsAuth/openam/openam-core/src/main/java/org/forgerock/openam/sm/datalayer/api/DataLayerConstants.java \
(14908 => 14909)</h4> <pre class="diff"><span>
<span class="info">--- \
branches/AME-7692_noRestartsAuth/openam/openam-core/src/main/java/org/forgerock/openam/sm/datalayer/api/DataLayerConstants.java 2015-07-31 \
14:42:37 UTC (rev 14908)
+++ branches/AME-7692_noRestartsAuth/openam/openam-core/src/main/java/org/forgerock/openam/sm/datalayer/api/DataLayerConstants.java 2015-07-31 \
15:38:51 UTC (rev 14909) </span><span class="lines">@@ -29,6 +29,7 @@
</span><span class="cx"> public static final String RESOURCE_SETS_TIMEOUT = \
"org.forgerock.services.datalayer.connection.timeout.resourcesets"; \
</span><span class="cx"> public static final String UMA_AUDIT_ENTRY_TIMEOUT = \
"org.forgerock.services.datalayer.connection.timeout.umaauditentry"; \
</span><span class="cx"> public static final String UMA_PENDING_REQUESTS_TIMEOUT \
= "org.forgerock.services.datalayer.connection.timeout.uma.pendingrequests";
</span><ins>+ public static final String UMA_LABELS_TIMEOUT = \
"org.forgerock.services.datalayer.connection.timeout.uma.labels"; \
</ins><span class="cx"> </span><span class="cx"> /**
</span><span class="cx"> * Guice bindings for ConnectionConfig instances
</span></span></pre></div>
<a id="branchesAME7692_noRestartsAuthopenamopenamcoresrcmainjavaorgforgerockopenamsmda \
talayerimplldapExternalConnectionConfigProviderjavafromrev14908trunkopenamopenamcoresr \
cmainjavaorgforgerockopenamsmdatalayerimplldapExternalConnectionConfigProviderjava"></a>
<div class="copfile"><h4>Copied: \
branches/AME-7692_noRestartsAuth/openam/openam-core/src/main/java/org/forgerock/openam/sm/datalayer/impl/ldap/ExternalConnectionConfigProvider.java \
(from rev 14908, trunk/openam/openam-core/src/main/java/org/forgerock/openam/sm/datalayer/impl/ldap/ExternalConnectionConfigProvider.java) \
(0 => 14909)</h4> <pre class="diff"><span>
<span class="info">--- \
branches/AME-7692_noRestartsAuth/openam/openam-core/src/main/java/org/forgerock/openam/sm/datalayer/impl/ldap/ExternalConnectionConfigProvider.java \
(rev 0)
+++ branches/AME-7692_noRestartsAuth/openam/openam-core/src/main/java/org/forgerock/openam/sm/datalayer/impl/ldap/ExternalConnectionConfigProvider.java 2015-07-31 \
15:38:51 UTC (rev 14909) </span><span class="lines">@@ -0,0 +1,43 @@
</span><ins>+/*
+ * The contents of this file are subject to the terms of the Common Development and
+ * Distribution License (the License). You may not use this file except in \
compliance with the + * License.
+ *
+ * You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for \
the + * specific language governing permission and limitations under the License.
+ *
+ * When distributing Covered Software, include this CDDL Header Notice in each file \
and include + * the License file at legal/CDDLv1.0.txt. If applicable, add the \
following below the CDDL + * Header, with the fields enclosed by brackets [] replaced \
by your own identifying + * information: "Portions copyright [year] [name of \
copyright owner]". + *
+ * Copyright 2015 ForgeRock AS.
+ */
+
+package org.forgerock.openam.sm.datalayer.impl.ldap;
+
+import javax.inject.Inject;
+
+import org.forgerock.openam.sm.ConnectionConfig;
+
+import com.google.inject.Provider;
+
+/**
+ * A guice provider for external connection config that is provided by an {@link \
LdapDataLayerConfiguration} + * instance.
+ */
+public final class ExternalConnectionConfigProvider implements \
Provider<ConnectionConfig> { + private final LdapDataLayerConfiguration \
configuration; + private final ExternalLdapConfig externalConfig;
+
+ @Inject
+ public ExternalConnectionConfigProvider(ExternalLdapConfig externalConfig, \
LdapDataLayerConfiguration configuration) { + this.externalConfig = \
externalConfig; + this.configuration = configuration;
+ }
+
+ public ConnectionConfig get() {
+ externalConfig.update(configuration);
+ return externalConfig;
+ }
+}
</ins></span></pre></div>
<a id="branchesAME7692_noRestartsAuthopenamopenamcoresrcmainjavaorgforgerockopenamsmdatalayerimplldapLdapDataLayerConnectionModulejava"></a>
<div class="modfile"><h4>Modified: \
branches/AME-7692_noRestartsAuth/openam/openam-core/src/main/java/org/forgerock/openam/sm/datalayer/impl/ldap/LdapDataLayerConnectionModule.java \
(14908 => 14909)</h4> <pre class="diff"><span>
<span class="info">--- \
branches/AME-7692_noRestartsAuth/openam/openam-core/src/main/java/org/forgerock/openam/sm/datalayer/impl/ldap/LdapDataLayerConnectionModule.java 2015-07-31 \
14:42:37 UTC (rev 14908)
+++ branches/AME-7692_noRestartsAuth/openam/openam-core/src/main/java/org/forgerock/openam/sm/datalayer/impl/ldap/LdapDataLayerConnectionModule.java 2015-07-31 \
15:38:51 UTC (rev 14909) </span><span class="lines">@@ -16,37 +16,26 @@
</span><span class="cx">
</span><span class="cx"> package org.forgerock.openam.sm.datalayer.impl.ldap;
</span><span class="cx">
</span><del>-import java.util.concurrent.Semaphore;
-
-import javax.inject.Inject;
</del><span class="cx"> import javax.inject.Singleton;
</span><span class="cx">
</span><span class="cx"> import org.forgerock.openam.cts.api.tokens.Token;
</span><span class="cx"> import org.forgerock.openam.cts.impl.LdapAdapter;
</span><span class="cx"> import \
org.forgerock.openam.cts.utils.LdapTokenAttributeConversion; </span><span class="cx"> \
import org.forgerock.openam.sm.ConnectionConfig; </span><del>-import \
org.forgerock.openam.sm.ConnectionConfigFactory; </del><span class="cx"> import \
org.forgerock.openam.sm.datalayer.api.ConnectionFactory; </span><del>-import \
org.forgerock.openam.sm.datalayer.api.ConnectionType; </del><span class="cx"> import \
org.forgerock.openam.sm.datalayer.api.DataLayer; </span><span class="cx"> import \
org.forgerock.openam.sm.datalayer.api.DataLayerConnectionModule; </span><span \
class="cx"> import org.forgerock.openam.sm.datalayer.api.DataLayerConstants; \
</span><span class="cx"> import org.forgerock.openam.sm.datalayer.api.TaskExecutor; \
</span><del>-import org.forgerock.openam.sm.datalayer.api.TokenStorageAdapter; \
</del><span class="cx"> import \
org.forgerock.openam.sm.datalayer.api.query.PartialToken; </span><span class="cx"> \
import org.forgerock.openam.sm.datalayer.api.query.QueryFactory; </span><span \
class="cx"> import org.forgerock.openam.sm.datalayer.impl.PooledTaskExecutor; \
</span><del>-import \
org.forgerock.openam.sm.datalayer.impl.SimpleTaskExecutor;
-import org.forgerock.openam.sm.datalayer.impl.SimpleTaskExecutorFactory;
</del><span class="cx"> import \
org.forgerock.openam.sm.datalayer.providers.ConnectionFactoryProvider; </span><span \
class="cx"> import org.forgerock.openam.sm.datalayer.providers.DataLayerConnectionFactoryCache;
</span><span class="cx"> import \
org.forgerock.openam.sm.datalayer.providers.LdapConnectionFactoryProvider; \
</span><del>-import org.forgerock.openam.sm.datalayer.utils.ConnectionCount; \
</del><span class="cx"> </span><span class="cx"> import com.google.inject.Key;
</span><span class="cx"> import com.google.inject.PrivateBinder;
</span><del>-import com.google.inject.Provider;
-import com.google.inject.assistedinject.FactoryModuleBuilder;
</del><span class="cx"> import com.google.inject.multibindings.MapBinder;
</span><span class="cx"> import com.google.inject.name.Names;
</span><span class="cx">
</span><span class="lines">@@ -100,20 +89,4 @@
</span><span class="cx"> return DataLayerConnectionFactoryCache.class;
</span><span class="cx"> }
</span><span class="cx">
</span><del>- private static final class ExternalConnectionConfigProvider \
implements Provider<ConnectionConfig> {
- private final LdapDataLayerConfiguration configuration;
- private final ExternalLdapConfig externalConfig;
-
- @Inject
- public ExternalConnectionConfigProvider (ExternalLdapConfig externalConfig, \
LdapDataLayerConfiguration configuration) {
- this.externalConfig = externalConfig;
- this.configuration = configuration;
- }
-
- public ConnectionConfig get() {
- externalConfig.update(configuration);
- return externalConfig;
- }
- }
-
</del><span class="cx"> }
</span></span></pre></div>
<a id="branchesAME7692_noRestartsAuthopenamopenamcoresrcmainjavaorgforgerockopenamsmdatalayerutilsConnectionCountjava"></a>
<div class="modfile"><h4>Modified: \
branches/AME-7692_noRestartsAuth/openam/openam-core/src/main/java/org/forgerock/openam/sm/datalayer/utils/ConnectionCount.java \
(14908 => 14909)</h4> <pre class="diff"><span>
<span class="info">--- \
branches/AME-7692_noRestartsAuth/openam/openam-core/src/main/java/org/forgerock/openam/sm/datalayer/utils/ConnectionCount.java 2015-07-31 \
14:42:37 UTC (rev 14908)
+++ branches/AME-7692_noRestartsAuth/openam/openam-core/src/main/java/org/forgerock/openam/sm/datalayer/utils/ConnectionCount.java 2015-07-31 \
15:38:51 UTC (rev 14909) </span><span class="lines">@@ -82,6 +82,8 @@
</span><span class="cx"> max = (max - 1) / \
numberTypesSharingSMSConnections; </span><span class="cx"> }
</span><span class="cx"> return max;
</span><ins>+ case UMA_LABELS:
+ return max;
</ins><span class="cx"> case DATA_LAYER:
</span><span class="cx"> /**
</span><span class="cx"> * Ensure that the DATA_LAYER connection \
type fits into the available </span><span class="lines">@@ -101,7 +103,8 @@
</span><span class="cx"> private int findNumberTypesSharingSMSConnections() {
</span><span class="cx"> int count = 0;
</span><span class="cx"> for (ConnectionType type : ConnectionType.values()) \
{ </span><del>- if (type != ConnectionType.CTS_REAPER && \
dataLayerConfiguration.get(type).getStoreMode() == StoreMode.DEFAULT) { </del><ins>+ \
if (type != ConnectionType.CTS_REAPER && type != ConnectionType.UMA_LABELS \
&& + dataLayerConfiguration.get(type).getStoreMode() == \
StoreMode.DEFAULT) { </ins><span class="cx"> count++;
</span><span class="cx"> }
</span><span class="cx"> }
</span></span></pre></div>
<a id="branchesAME7692_noRestartsAuthopenamopenamcoresrcmainjavaorgforgerockopenamsmdatalayerutilsTimeoutConfigjava"></a>
<div class="modfile"><h4>Modified: \
branches/AME-7692_noRestartsAuth/openam/openam-core/src/main/java/org/forgerock/openam/sm/datalayer/utils/TimeoutConfig.java \
(14908 => 14909)</h4> <pre class="diff"><span>
<span class="info">--- \
branches/AME-7692_noRestartsAuth/openam/openam-core/src/main/java/org/forgerock/openam/sm/datalayer/utils/TimeoutConfig.java 2015-07-31 \
14:42:37 UTC (rev 14908)
+++ branches/AME-7692_noRestartsAuth/openam/openam-core/src/main/java/org/forgerock/openam/sm/datalayer/utils/TimeoutConfig.java 2015-07-31 \
15:38:51 UTC (rev 14909) </span><span class="lines">@@ -52,6 +52,9 @@
</span><span class="cx"> case UMA_PENDING_REQUESTS:
</span><span class="cx"> return \
SystemProperties.getAsInt(DataLayerConstants.UMA_PENDING_REQUESTS_TIMEOUT, \
</span><span class="cx"> \
getTimeout(ConnectionType.DATA_LAYER)); </span><ins>+ case UMA_LABELS:
+ return \
SystemProperties.getAsInt(DataLayerConstants.UMA_LABELS_TIMEOUT, + \
getTimeout(ConnectionType.DATA_LAYER)); </ins><span class="cx"> default:
</span><span class="cx"> throw new IllegalStateException();
</span><span class="cx"> }
</span></span></pre></div>
<a id="branchesAME7692_noRestartsAuthopenamopenamcoresrcmainjavaorgforgerockopenamutil \
sRealmNormaliserjavafromrev14908trunkopenamopenamcoresrcmainjavaorgforgerockopenamutilsRealmNormaliserjava"></a>
<div class="copfile"><h4>Copied: \
branches/AME-7692_noRestartsAuth/openam/openam-core/src/main/java/org/forgerock/openam/utils/RealmNormaliser.java \
(from rev 14908, trunk/openam/openam-core/src/main/java/org/forgerock/openam/utils/RealmNormaliser.java) \
(0 => 14909)</h4> <pre class="diff"><span>
<span class="info">--- \
branches/AME-7692_noRestartsAuth/openam/openam-core/src/main/java/org/forgerock/openam/utils/RealmNormaliser.java \
(rev 0)
+++ branches/AME-7692_noRestartsAuth/openam/openam-core/src/main/java/org/forgerock/openam/utils/RealmNormaliser.java 2015-07-31 \
15:38:51 UTC (rev 14909) </span><span class="lines">@@ -0,0 +1,64 @@
</span><ins>+/*
+ * The contents of this file are subject to the terms of the Common Development and
+ * Distribution License (the License). You may not use this file except in \
compliance with the + * License.
+ *
+ * You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for \
the + * specific language governing permission and limitations under the License.
+ *
+ * When distributing Covered Software, include this CDDL Header Notice in each file \
and include + * the License file at legal/CDDLv1.0.txt. If applicable, add the \
following below the CDDL + * Header, with the fields enclosed by brackets [] replaced \
by your own identifying + * information: "Portions copyright [year] [name of \
copyright owner]". + *
+ * Copyright 2014-2015 ForgeRock AS.
+ */
+
+package org.forgerock.openam.utils;
+
+import javax.inject.Singleton;
+
+import org.forgerock.oauth2.core.exceptions.NotFoundException;
+import org.forgerock.openam.core.CoreWrapper;
+import org.forgerock.openam.utils.StringUtils;
+
+import com.iplanet.sso.SSOException;
+import com.iplanet.sso.SSOToken;
+import com.sun.identity.idm.IdRepoException;
+import com.sun.identity.shared.debug.Debug;
+
+/**
+ * Normalises the realm so that the returned realm is never {@code null} or an empty \
String. + *
+ * @since 12.0.0
+ */
+@Singleton
+public class RealmNormaliser {
+ private final Debug logger = Debug.getInstance("OAuth2Provider");
+ private final CoreWrapper coreWrapper = new CoreWrapper();
+
+ /**
+ * Normalises the realm.
+ * <br/>
+ * If the specified realm is {@code null} or an empty String, '/' is returned. \
Otherwise the specified realm is + * checked for its validity and returned in \
"/" separated format . + *
+ * @param realm The realm to normalise.
+ * @return The normalised realm.
+ */
+ public String normalise(String realm) throws NotFoundException {
+ if (StringUtils.isNotEmpty(realm)) {
+ try {
+ SSOToken adminToken = coreWrapper.getAdminToken();
+ String orgDN = coreWrapper.getOrganization(adminToken, realm);
+ return coreWrapper.convertOrgNameToRealmName(orgDN);
+ } catch (SSOException ssoe) {
+ logger.error("RealmNormaliser::Unable to verify realm : " \
+ realm, ssoe); + } catch(IdRepoException idre) {
+ logger.error("RealmNormaliser::Unable to verify realm : " \
+ realm, idre); + }
+ throw new NotFoundException("Invalid realm, " + realm);
+ }
+ return "/";
+ }
+}
</ins></span></pre></div>
<a id="branchesAME7692_noRestartsAuthopenamopenamcoresrcmainjavaorgforgerockopenamxuiXUIFilterjava"></a>
<div class="modfile"><h4>Modified: \
branches/AME-7692_noRestartsAuth/openam/openam-core/src/main/java/org/forgerock/openam/xui/XUIFilter.java \
(14908 => 14909)</h4> <pre class="diff"><span>
<span class="info">--- \
branches/AME-7692_noRestartsAuth/openam/openam-core/src/main/java/org/forgerock/openam/xui/XUIFilter.java 2015-07-31 \
14:42:37 UTC (rev 14908)
+++ branches/AME-7692_noRestartsAuth/openam/openam-core/src/main/java/org/forgerock/openam/xui/XUIFilter.java 2015-07-31 \
15:38:51 UTC (rev 14909) </span><span class="lines">@@ -1,5 +1,5 @@
</span><span class="cx"> /*
</span><del>- * Copyright 2013 ForgeRock AS.
</del><ins>+ * Copyright 2013-2015 ForgeRock AS.
</ins><span class="cx"> *
</span><span class="cx"> * The contents of this file are subject to the terms of the \
Common Development and </span><span class="cx"> * Distribution License (the \
License). You may not use this file except in compliance with the </span><span \
class="lines">@@ -19,22 +19,26 @@ </span><span class="cx"> import \
java.io.IOException; </span><span class="cx"> import java.security.AccessController;
</span><span class="cx"> import java.util.Map;
</span><ins>+
</ins><span class="cx"> import javax.servlet.*;
</span><span class="cx"> import javax.servlet.http.HttpServletRequest;
</span><span class="cx"> import javax.servlet.http.HttpServletResponse;
</span><span class="cx">
</span><span class="cx"> import com.iplanet.sso.SSOToken;
</span><span class="cx"> import com.iplanet.sso.SSOException;
</span><del>-
</del><span class="cx"> import com.sun.identity.security.AdminTokenAction;
</span><ins>+import com.sun.identity.shared.Constants;
</ins><span class="cx"> import com.sun.identity.shared.datastruct.CollectionHelper;
</span><span class="cx"> import com.sun.identity.shared.debug.Debug;
</span><span class="cx"> import com.sun.identity.sm.ServiceListener;
</span><span class="cx"> import com.sun.identity.sm.ServiceSchema;
</span><span class="cx"> import com.sun.identity.sm.SMSException;
</span><span class="cx"> import com.sun.identity.sm.ServiceSchemaManager;
</span><ins>+
</ins><span class="cx"> import \
org.forgerock.guava.common.annotations.VisibleForTesting; </span><span class="cx"> \
import org.forgerock.guice.core.InjectorHolder; </span><ins>+import \
org.owasp.esapi.ESAPI; +import org.owasp.esapi.errors.EncodingException;
</ins><span class="cx">
</span><span class="cx"> /**
</span><span class="cx"> * XUIFilter class is a servlet Filter for filtering \
incoming requests to OpenAM and redirecting them </span><span class="lines">@@ -51,6 \
+55,8 @@ </span><span class="cx"> protected volatile boolean initialized;
</span><span class="cx"> private ServiceSchemaManager scm = null;
</span><span class="cx"> private XUIState xuiState;
</span><ins>+
+ private final Debug DEBUG = Debug.getInstance("Configuration");
</ins><span class="cx">
</span><span class="cx"> public XUIFilter() {}
</span><span class="cx">
</span><span class="lines">@@ -106,6 +112,19 @@
</span><span class="cx"> } else if \
(request.getRequestURI().contains("idm/EndUser")) { </span><span \
class="cx"> response.sendRedirect(profilePage + query); </span><span \
class="cx"> } else { </span><ins>+ String compositeAdvice \
= (String)request.getParameter(Constants.COMPOSITE_ADVICE); +
+ if (compositeAdvice != null) {
+ try {
+ compositeAdvice = \
ESAPI.encoder().encodeForURL(compositeAdvice); +
+ final String authIndexType = \
"authIndexType=composite_advice"; + final String \
authIndexValue = "authIndexValue=" + compositeAdvice; + \
query = removeCompositeAdviceFromRequest(request) + "&" + authIndexType \
+ "&" + authIndexValue; + } catch (EncodingException \
e) { + DEBUG.error("XUIFilter.doFilter:: failed to \
encode composite_advice : " + compositeAdvice, e); + }
+ }
</ins><span class="cx"> response.sendRedirect(xuiLoginPath + query);
</span><span class="cx"> }
</span><span class="cx"> } else {
</span><span class="lines">@@ -120,4 +139,29 @@
</span><span class="cx"> xuiState.destroy();
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+ private String removeCompositeAdviceFromRequest(HttpServletRequest \
request) + throws ServletException, EncodingException {
+ Map<String, String[]> parameterNames = request.getParameterMap();
+ StringBuilder query = new StringBuilder();
+
+ if (parameterNames != null) {
+ for (Map.Entry<String, String[]> entry : \
parameterNames.entrySet()) + {
+ String paramName = entry.getKey();
+ String[] paramValues = entry.getValue();
+ if (paramName != null && \
!paramName.equalsIgnoreCase(Constants.COMPOSITE_ADVICE)) { + try {
+ if (paramValues != null) {
+ for(String paramValue : paramValues) {
+ query.append("&" + paramName + \
"=" + ESAPI.encoder().encodeForURL(paramValue)); + \
} + }
+ } catch (EncodingException e) {
+ DEBUG.message("XUIFilter.doFilter:: failed to encode \
" + paramName + " : " + paramValues); + }
+ }
+ }
+ }
+ return query.toString();
+ }
</ins><span class="cx"> }
</span></span></pre></div>
<a id="branchesAME7692_noRestartsAuthopenamopenamcoresrcmainresourcesamConsoleproperties"></a>
<div class="modfile"><h4>Modified: \
branches/AME-7692_noRestartsAuth/openam/openam-core/src/main/resources/amConsole.properties \
(14908 => 14909)</h4> <pre class="diff"><span>
<span class="info">--- \
branches/AME-7692_noRestartsAuth/openam/openam-core/src/main/resources/amConsole.properties 2015-07-31 \
14:42:37 UTC (rev 14908)
+++ branches/AME-7692_noRestartsAuth/openam/openam-core/src/main/resources/amConsole.properties 2015-07-31 \
15:38:51 UTC (rev 14909) </span><span class="lines">@@ -1266,6 +1266,9 @@
</span><span class="cx"> \
amconfig.org.forgerock.services.uma.pendingrequests.store.common.section=Pending \
Requests Store </span><span class="cx"> \
amconfig.org.forgerock.services.uma.pendingrequests.store.external.section=External \
Pending Requests Store Configuration </span><span class="cx">
</span><ins>+amconfig.org.forgerock.services.uma.labels.store.common.section=UMA \
Resource Set Labels Store \
+amconfig.org.forgerock.services.uma.labels.store.external.section=External Resource \
Set Labels Store Configuration +
</ins><span class="cx"> amconfig.org.forgerock.services.store.location=Store Mode
</span><span class="cx"> \
amconfig.org.forgerock.services.store.location.default=Default Token Store \
</span><span class="cx"> \
amconfig.org.forgerock.services.store.location.external=External Token Store \
</span><span class="lines">@@ -1317,6 +1320,15 @@ </span><span class="cx"> \
amconfig.org.forgerock.services.uma.pendingrequests.store.heartbeat=Pending Requests \
- Heartbeat </span><span class="cx"> \
amconfig.org.forgerock.services.uma.pendingrequests.store.directory.name=Pending \
Requests - Connection String(s) </span><span class="cx">
</span><ins>+amconfig.org.forgerock.services.uma.labels.store.location=Labels - Store \
Mode +amconfig.org.forgerock.services.uma.labels.store.root.suffix=Labels - Root \
Suffix +amconfig.org.forgerock.services.uma.labels.store.ssl.enabled=Labels - SSL/TLS \
Enabled +amconfig.org.forgerock.services.uma.labels.store.loginid=Labels - Login Id
+amconfig.org.forgerock.services.uma.labels.store.password=Labels - Password
+amconfig.org.forgerock.services.uma.labels.store.max.connections=Labels - Max \
Connections +amconfig.org.forgerock.services.uma.labels.store.heartbeat=Labels - \
Heartbeat +amconfig.org.forgerock.services.uma.labels.store.directory.name=Labels - \
Connection String(s) +
</ins><span class="cx"> amconfig.com.iplanet.am.clientIPCheckEnabled=Client IP \
Address Check </span><span class="cx"> \
amconfig.help.com.iplanet.am.clientIPCheckEnabled=Specifies whether or not the IP \
address of the client is checked in all single sign on token creations or \
validations. (property name: com.iplanet.am.clientIPCheckEnabled) </span><span \
class="cx"> amconfig.com.iplanet.am.cookie.name=Cookie Name </span><span \
class="lines">@@ -1371,7 +1383,7 @@ </span><span class="cx"> \
amconfig.help.com.sun.am.session.caseInsensitiveDN=Specifies if client distinguished \
name comparison is case insensitive/sensitive. (property name: \
com.sun.am.session.caseInsensitiveDN) </span><span class="cx">
</span><span class="cx"> amconfig.com.iplanet.am.sdk.cache.maxSize=SDK Caching Max. \
Size </span><del>-amconfig.help.com.iplanet.am.sdk.cache.maxSize=Specifies the size \
of the cache when SDK caching is enabled. The size should be an integer greater than \
0, or default size (10000) will be used. (property name: \
com.iplanet.am.sdk.cache.maxSize) \
</del><ins>+amconfig.help.com.iplanet.am.sdk.cache.maxSize=Specifies the size of the \
cache when SDK caching is enabled. The size should be an integer greater than 0, or \
default size (10000) will be used. Changing this value will reset (clear) the \
contents of the cache. (property name: com.iplanet.am.sdk.cache.maxSize) </ins><span \
class="cx"> amconfig.com.iplanet.am.replica.num.retries=SDK Replica Retries \
</span><span class="cx"> amconfig.help.com.iplanet.am.replica.num.retries=Specifies \
the number of times to retry when an Entry Not Found error is returned to the SDK. \
(property name: com.iplanet.am.replica.num.retries) </span><span class="cx">
</span></span></pre></div>
<a id="branchesAME7692_noRestartsAuthopenamopenamcoresrcmainresourcesamUpgradeproperties"></a>
<div class="modfile"><h4>Modified: \
branches/AME-7692_noRestartsAuth/openam/openam-core/src/main/resources/amUpgrade.properties \
(14908 => 14909)</h4> <pre class="diff"><span>
<span class="info">--- \
branches/AME-7692_noRestartsAuth/openam/openam-core/src/main/resources/amUpgrade.properties 2015-07-31 \
14:42:37 UTC (rev 14908)
+++ branches/AME-7692_noRestartsAuth/openam/openam-core/src/main/resources/amUpgrade.properties 2015-07-31 \
15:38:51 UTC (rev 14909) </span><span class="lines">@@ -179,3 +179,7 @@
</span><span class="cx"> NetscapeLDAPv3 IdRepos%LF%\
</span><span class="cx"> ----------------------%LF%\
</span><span class="cx"> %CONTENT%%LF%%LF%
</span><ins>+
+upgrade.privileges.new.oath2.start=Adding user permissions to edit 2FA selection
+upgrade.privileges.new.oath2=User permissions to edit 2FA selection
+
</ins></span></pre></div>
<a id="branchesAME7692_noRestartsAuthopenamopenamcoresrctestjavacomsunidentitylogserviceAgentLogParserTestjava"></a>
<div class="delfile"><h4>Deleted: \
branches/AME-7692_noRestartsAuth/openam/openam-core/src/test/java/com/sun/identity/log/service/AgentLogParserTest.java \
(14908 => 14909)</h4> <pre class="diff"><span>
<span class="info">--- \
trunk/openam/openam-core/src/test/java/com/sun/identity/log/service/AgentLogParserTest.java 2015-07-31 \
14:42:37 UTC (rev 14908)
+++ branches/AME-7692_noRestartsAuth/openam/openam-core/src/test/java/com/sun/identity/log/service/AgentLogParserTest.java 2015-07-31 \
15:38:51 UTC (rev 14909) </span><span class="lines">@@ -1,77 +0,0 @@
</span><del>-/*
- * The contents of this file are subject to the terms of the Common Development and
- * Distribution License (the License). You may not use this file except in \
compliance with the
- * License.
- *
- * You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for \
the
- * specific language governing permission and limitations under the License.
- *
- * When distributing Covered Software, include this CDDL Header Notice in each file \
and include
- * the License file at legal/CDDLv1.0.txt. If applicable, add the following below \
the CDDL
- * Header, with the fields enclosed by brackets [] replaced by your own identifying
- * information: "Portions copyright [year] [name of copyright owner]".
- *
- * Copyright 2015 ForgeRock AS.
- */
-package com.sun.identity.log.service;
-
-import static org.fest.assertions.Assertions.assertThat;
-
-import org.testng.annotations.BeforeMethod;
-import org.testng.annotations.Test;
-
-/**
- * Unit test for {@link AgentLogParser}.
- *
- * @since 13.0.0
- */
-public class AgentLogParserTest {
-
- private AgentLogParser logParser;
-
- @BeforeMethod
- public void setUp() {
- logParser = new AgentLogParser();
- }
-
- @Test
- public void parsesJavaAgentMessages() {
- // Given
- String message = "Access to \
http://raspi.forrest.org:8080/examples/index.html denied for user \
id=amadmin,ou=user,dc=openam,dc=forgerock,dc=org";
-
- // When
- AgentLogParser.LogExtracts logExtracts = logParser.tryParse(message);
-
- // Then
- assertThat(logExtracts.getResourceUrl()).isEqualTo("http://raspi.forrest.org:8080/examples/index.html");
- assertThat(logExtracts.getSubjectId()).isEqualTo("id=amadmin,ou=user,dc=openam,dc=forgerock,dc=org");
- assertThat(logExtracts.getStatus()).isEqualTo("denied");
- }
-
- @Test
- public void parsesWebAgentMessages() {
- // Given
- String message = "User amadmin was allowed access to \
http://raspi.forrest.org:80/";
-
- // When
- AgentLogParser.LogExtracts logExtracts = logParser.tryParse(message);
-
- // Then
- assertThat(logExtracts.getResourceUrl()).isEqualTo("http://raspi.forrest.org:80/");
- assertThat(logExtracts.getSubjectId()).isEqualTo("amadmin");
- assertThat(logExtracts.getStatus()).isEqualTo("allowed");
- }
-
- @Test
- public void unknownMessage() {
- // Given
- String message = "Fred is not going to be given access to the \
fridge";
-
- // When
- AgentLogParser.LogExtracts logExtracts = logParser.tryParse(message);
-
- // Then
- assertThat(logExtracts).isNull();
- }
-
-}
</del><span class="cx">\ No newline at end of file
</span></span></pre></div>
<a id="branchesAME7692_noRestartsAuthopenamopenamcoresrctestjavacomsunidentitylogservi \
ceAgentLogParserTestjavafromrev14908trunkopenamopenamcoresrctestjavacomsunidentitylogserviceAgentLogParserTestjava"></a>
<div class="copfile"><h4>Copied: \
branches/AME-7692_noRestartsAuth/openam/openam-core/src/test/java/com/sun/identity/log/service/AgentLogParserTest.java \
(from rev 14908, trunk/openam/openam-core/src/test/java/com/sun/identity/log/service/AgentLogParserTest.java) \
(0 => 14909)</h4> <pre class="diff"><span>
<span class="info">--- \
branches/AME-7692_noRestartsAuth/openam/openam-core/src/test/java/com/sun/identity/log/service/AgentLogParserTest.java \
(rev 0)
+++ branches/AME-7692_noRestartsAuth/openam/openam-core/src/test/java/com/sun/identity/log/service/AgentLogParserTest.java 2015-07-31 \
15:38:51 UTC (rev 14909) </span><span class="lines">@@ -0,0 +1,77 @@
</span><ins>+/*
+ * The contents of this file are subject to the terms of the Common Development and
+ * Distribution License (the License). You may not use this file except in \
compliance with the + * License.
+ *
+ * You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for \
the + * specific language governing permission and limitations under the License.
+ *
+ * When distributing Covered Software, include this CDDL Header Notice in each file \
and include + * the License file at legal/CDDLv1.0.txt. If applicable, add the \
following below the CDDL + * Header, with the fields enclosed by brackets [] replaced \
by your own identifying + * information: "Portions copyright [year] [name of \
copyright owner]". + *
+ * Copyright 2015 ForgeRock AS.
+ */
+package com.sun.identity.log.service;
+
+import static org.fest.assertions.Assertions.assertThat;
+
+import org.testng.annotations.BeforeMethod;
+import org.testng.annotations.Test;
+
+/**
+ * Unit test for {@link AgentLogParser}.
+ *
+ * @since 13.0.0
+ */
+public class AgentLogParserTest {
+
+ private AgentLogParser logParser;
+
+ @BeforeMethod
+ public void setUp() {
+ logParser = new AgentLogParser();
+ }
+
+ @Test
+ public void parsesJavaAgentMessages() {
+ // Given
+ String message = "Access to \
http://raspi.forrest.org:8080/examples/index.html denied for user \
id=amadmin,ou=user,dc=openam,dc=forgerock,dc=org"; +
+ // When
+ AgentLogParser.LogExtracts logExtracts = logParser.tryParse(message);
+
+ // Then
+ assertThat(logExtracts.getResourceUrl()).isEqualTo("http://raspi.forrest.org:8080/examples/index.html");
+ assertThat(logExtracts.getSubjectId()).isEqualTo("id=amadmin,ou=user,dc=openam,dc=forgerock,dc=org");
+ assertThat(logExtracts.getStatus()).isEqualTo("denied");
+ }
+
+ @Test
+ public void parsesWebAgentMessages() {
+ // Given
+ String message = "User amadmin was allowed access to \
http://raspi.forrest.org:80/"; +
+ // When
+ AgentLogParser.LogExtracts logExtracts = logParser.tryParse(message);
+
+ // Then
+ assertThat(logExtracts.getResourceUrl()).isEqualTo("http://raspi.forrest.org:80/");
+ assertThat(logExtracts.getSubjectId()).isEqualTo("amadmin");
+ assertThat(logExtracts.getStatus()).isEqualTo("allowed");
+ }
+
+ @Test
+ public void unknownMessage() {
+ // Given
+ String message = "Fred is not going to be given access to the \
fridge"; +
+ // When
+ AgentLogParser.LogExtracts logExtracts = logParser.tryParse(message);
+
+ // Then
+ assertThat(logExtracts).isNull();
+ }
+
+}
</ins><span class="cx">\ No newline at end of file
</span></span></pre></div>
<a id="branchesAME7692_noRestartsAuthopenamopenamcoresrctestjavaorgforgerockopenamcoreguiceDataLayerGuiceModuleTestjava"></a>
<div class="modfile"><h4>Modified: \
branches/AME-7692_noRestartsAuth/openam/openam-core/src/test/java/org/forgerock/openam/core/guice/DataLayerGuiceModuleTest.java \
(14908 => 14909)</h4> <pre class="diff"><span>
<span class="info">--- \
branches/AME-7692_noRestartsAuth/openam/openam-core/src/test/java/org/forgerock/openam/core/guice/DataLayerGuiceModuleTest.java 2015-07-31 \
14:42:37 UTC (rev 14908)
+++ branches/AME-7692_noRestartsAuth/openam/openam-core/src/test/java/org/forgerock/openam/core/guice/DataLayerGuiceModuleTest.java 2015-07-31 \
15:38:51 UTC (rev 14909) </span><span class="lines">@@ -35,9 +35,11 @@
</span><span class="cx"> import org.forgerock.openam.sm.datalayer.api.ConnectionType;
</span><span class="cx"> import org.forgerock.openam.sm.datalayer.api.DataLayer;
</span><span class="cx"> import \
org.forgerock.openam.sm.datalayer.api.DataLayerConstants; </span><ins>+import \
org.forgerock.openam.sm.datalayer.api.StoreMode; </ins><span class="cx"> import \
org.forgerock.openam.sm.datalayer.api.TaskExecutor; </span><span class="cx"> import \
org.forgerock.openam.sm.datalayer.api.query.QueryFactory; </span><span class="cx"> \
import org.forgerock.openam.sm.datalayer.impl.ldap.ExternalLdapConfig; \
</span><ins>+import org.forgerock.openam.sm.datalayer.impl.ldap.LdapDataLayerConfiguration;
</ins><span class="cx"> import \
org.forgerock.openam.sm.datalayer.impl.tasks.TaskFactory; </span><span class="cx"> \
import org.forgerock.openam.sm.datalayer.providers.LdapConnectionFactoryProvider; \
</span><span class="cx"> import \
org.forgerock.openam.sm.datalayer.store.TokenDataStore; </span><span class="lines">@@ \
-129,6 +131,12 @@ </span><span class="cx"> \
bind(ConnectionConfigFactory.class).toInstance(connectionConfigFactory); </span><span \
class="cx"> </span><span class="cx"> \
bind(ObjectMapper.class).annotatedWith(Names.named("cts-json-object-mapper")).toInstance(new \
ObjectMapper()); </span><ins>+
+ LdapDataLayerConfiguration labelsConfiguration = \
mock(LdapDataLayerConfiguration.class); + \
when(labelsConfiguration.getStoreMode()).thenReturn(StoreMode.DEFAULT); + \
bind(Key.get(LdapDataLayerConfiguration.class, \
DataLayer.Types.typed(ConnectionType.UMA_LABELS))) + \
.toInstance(labelsConfiguration); +
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> }
</span></span></pre></div>
<a id="branchesAME7692_noRestartsAuthopenamopenamcoresrctestjavaorgforgerockopenamsmdatalayerimplPooledTaskExecutorTestjava"></a>
<div class="modfile"><h4>Modified: \
branches/AME-7692_noRestartsAuth/openam/openam-core/src/test/java/org/forgerock/openam/sm/datalayer/impl/PooledTaskExecutorTest.java \
(14908 => 14909)</h4> <pre class="diff"><span>
<span class="info">--- \
branches/AME-7692_noRestartsAuth/openam/openam-core/src/test/java/org/forgerock/openam/sm/datalayer/impl/PooledTaskExecutorTest.java 2015-07-31 \
14:42:37 UTC (rev 14908)
+++ branches/AME-7692_noRestartsAuth/openam/openam-core/src/test/java/org/forgerock/openam/sm/datalayer/impl/PooledTaskExecutorTest.java 2015-07-31 \
15:38:51 UTC (rev 14909) </span><span class="lines">@@ -16,10 +16,12 @@
</span><span class="cx">
</span><span class="cx"> package org.forgerock.openam.sm.datalayer.impl;
</span><span class="cx">
</span><ins>+import static org.assertj.core.api.Assertions.*;
</ins><span class="cx"> import static org.mockito.Mockito.*;
</span><del>-import static org.assertj.core.api.Assertions.*;
</del><span class="cx">
</span><ins>+import java.text.MessageFormat;
</ins><span class="cx"> import java.util.concurrent.Semaphore;
</span><ins>+import java.util.concurrent.TimeUnit;
</ins><span class="cx"> import java.util.concurrent.atomic.AtomicBoolean;
</span><span class="cx"> import java.util.concurrent.locks.LockSupport;
</span><span class="cx">
</span><span class="lines">@@ -80,33 +82,46 @@
</span><span class="cx"> TaskThread task2 = new TaskThread(2, executor, \
longTask2); </span><span class="cx"> TaskThread task3 = new TaskThread(3, \
executor, mock(Task.class)); </span><span class="cx">
</span><ins>+ debug("Starting task 1");
</ins><span class="cx"> task1.start();
</span><ins>+ debug("Starting task 2");
</ins><span class="cx"> task2.start();
</span><span class="cx">
</span><span class="cx"> while (semaphore.availablePermits() > 0) {
</span><ins>+ debug("Waiting for no available permits. Currently got: \
{0}", semaphore.availablePermits()); </ins><span class="cx"> \
Thread.sleep(50); </span><span class="cx"> }
</span><span class="cx">
</span><ins>+ debug("Tasks 1 and 2 should now be executing and will \
shortly be blocked - starting task 3"); </ins><span class="cx"> \
task3.start(); </span><span class="cx">
</span><span class="cx"> long timeout = System.currentTimeMillis() + 5000;
</span><span class="cx"> while (!semaphore.hasQueuedThreads()) {
</span><ins>+ debug("Waiting for task 3 to be queued on \
semaphore"); </ins><span class="cx"> Thread.sleep(50);
</span><span class="cx"> if (System.currentTimeMillis() > timeout) {
</span><span class="cx"> fail("Where did my thread go?");
</span><span class="cx"> }
</span><span class="cx"> }
</span><ins>+ debug("Task 3 now queued on semaphore");
</ins><span class="cx">
</span><span class="cx"> // Then
</span><span class="cx"> verifyZeroInteractions(task3.task);
</span><span class="cx">
</span><ins>+ debug("Unblocking task 2");
</ins><span class="cx"> longTask2.unblock();
</span><ins>+ debug("Unblocking task 1");
</ins><span class="cx"> longTask1.unblock();
</span><span class="cx">
</span><del>- task1.join();
- task2.join();
- task3.join();
</del><ins>+ debug("Waiting for tasks to complete");
+ task1.join(TimeUnit.SECONDS.toMillis(10));
+ task2.join(1);
+ task3.join(1);
</ins><span class="cx">
</span><ins>+ assertThat(task1.isAlive()).as("Task 1 thread \
running").isFalse(); + assertThat(task2.isAlive()).as("Task 2 thread \
running").isFalse(); + assertThat(task3.isAlive()).as("Task 3 thread \
running").isFalse(); +
</ins><span class="cx"> verify(task3.task).execute(null, null);
</span><span class="cx"> verify(simpleTaskExecutorProvider, times(2)).get();
</span><span class="cx"> }
</span><span class="lines">@@ -119,6 +134,7 @@
</span><span class="cx"> this.executor = executor;
</span><span class="cx"> this.task = task;
</span><span class="cx"> setName("Task " + taskId);
</span><ins>+ setDaemon(true);
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> public void run() {
</span><span class="lines">@@ -138,18 +154,29 @@
</span><span class="cx"> @Override
</span><span class="cx"> public <T> void execute(T connection, \
TokenStorageAdapter<T> adapter) throws DataLayerException { </span><span \
class="cx"> this.executingThread = Thread.currentThread(); </span><ins>+ \
debug("Locking"); </ins><span class="cx"> locked.set(true);
</span><span class="cx"> while (!locked.compareAndSet(false, true)) {
</span><ins>+ debug("Task still locked - parking thread");
</ins><span class="cx"> LockSupport.park(this);
</span><ins>+ debug("Thread unparked");
</ins><span class="cx"> }
</span><ins>+ debug("Thread unlocked - continuing");
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> public void unblock() {
</span><ins>+ debug("Setting task unlocked");
</ins><span class="cx"> locked.set(false);
</span><ins>+ debug("Unparking thread {0}", executingThread);
</ins><span class="cx"> LockSupport.unpark(executingThread);
</span><ins>+ debug("Unparked thread {0}", executingThread);
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+ private static void debug(String message, Object... params) {
+ System.out.println("PooledTaskExecutorTest " + \
Thread.currentThread() + " :: " + + \
MessageFormat.format(message, params)); + }
</ins><span class="cx">
</span><span class="cx"> }
</span><span class="cx">\ No newline at end of file
</span></span></pre></div>
<a id="branchesAME7692_noRestartsAuthopenamopenamcoresrctestjavaorgforgerockopenamsmdatalayerutilsConnectionCountTestjava"></a>
<div class="modfile"><h4>Modified: \
branches/AME-7692_noRestartsAuth/openam/openam-core/src/test/java/org/forgerock/openam/sm/datalayer/utils/ConnectionCountTest.java \
(14908 => 14909)</h4> <pre class="diff"><span>
<span class="info">--- \
branches/AME-7692_noRestartsAuth/openam/openam-core/src/test/java/org/forgerock/openam/sm/datalayer/utils/ConnectionCountTest.java 2015-07-31 \
14:42:37 UTC (rev 14908)
+++ branches/AME-7692_noRestartsAuth/openam/openam-core/src/test/java/org/forgerock/openam/sm/datalayer/utils/ConnectionCountTest.java 2015-07-31 \
15:38:51 UTC (rev 14909) </span><span class="lines">@@ -44,11 +44,13 @@
</span><span class="cx"> LdapDataLayerConfiguration resourceSetConfiguration \
= mock(LdapDataLayerConfiguration.class); </span><span class="cx"> \
LdapDataLayerConfiguration umaAuditConfiguration = \
mock(UmaAuditDataLayerConfiguration.class); </span><span class="cx"> \
LdapDataLayerConfiguration umaPendingRequestsConfiguration = \
mock(UmaPendingRequestDataLayerConfiguration.class); </span><ins>+ \
LdapDataLayerConfiguration umaLabelsConfiguration = \
mock(UmaPendingRequestDataLayerConfiguration.class); </ins><span class="cx"> \
when(dataLayerConfiguration.getStoreMode()).thenReturn(StoreMode.DEFAULT); \
</span><span class="cx"> \
when(ctsConfiguration.getStoreMode()).thenReturn(StoreMode.DEFAULT); </span><span \
class="cx"> when(resourceSetConfiguration.getStoreMode()).thenReturn(StoreMode.DEFAULT);
</span><span class="cx"> \
when(umaAuditConfiguration.getStoreMode()).thenReturn(StoreMode.DEFAULT); \
</span><span class="cx"> \
when(umaPendingRequestsConfiguration.getStoreMode()).thenReturn(StoreMode.DEFAULT); \
</span><ins>+ \
when(umaLabelsConfiguration.getStoreMode()).thenReturn(StoreMode.DEFAULT); \
</ins><span class="cx"> Map<ConnectionType, LdapDataLayerConfiguration> \
configMap = new HashMap<ConnectionType, LdapDataLayerConfiguration>(); \
</span><span class="cx"> configMap.put(ConnectionType.DATA_LAYER, \
dataLayerConfiguration); </span><span class="cx"> \
configMap.put(ConnectionType.CTS_ASYNC, ctsConfiguration); </span><span \
class="lines">@@ -56,6 +58,7 @@ </span><span class="cx"> \
configMap.put(ConnectionType.RESOURCE_SETS, resourceSetConfiguration); </span><span \
class="cx"> configMap.put(ConnectionType.UMA_AUDIT_ENTRY, \
umaAuditConfiguration); </span><span class="cx"> \
configMap.put(ConnectionType.UMA_PENDING_REQUESTS, umaPendingRequestsConfiguration); \
</span><ins>+ configMap.put(ConnectionType.UMA_LABELS, \
umaLabelsConfiguration); </ins><span class="cx"> count = new \
ConnectionCount(configMap); </span><span class="cx"> }
</span><span class="cx">
</span></span></pre></div>
<a id="branchesAME7692_noRestartsAuthopenamopenamcoresrctestjavaorgforgerockopenamxuiXUIFilterTestjava"></a>
<div class="modfile"><h4>Modified: \
branches/AME-7692_noRestartsAuth/openam/openam-core/src/test/java/org/forgerock/openam/xui/XUIFilterTest.java \
(14908 => 14909)</h4> <pre class="diff"><span>
<span class="info">--- \
branches/AME-7692_noRestartsAuth/openam/openam-core/src/test/java/org/forgerock/openam/xui/XUIFilterTest.java 2015-07-31 \
14:42:37 UTC (rev 14908)
+++ branches/AME-7692_noRestartsAuth/openam/openam-core/src/test/java/org/forgerock/openam/xui/XUIFilterTest.java 2015-07-31 \
15:38:51 UTC (rev 14909) </span><span class="lines">@@ -1,5 +1,5 @@
</span><span class="cx"> /*
</span><del>- * Copyright 2013 ForgeRock AS.
</del><ins>+ * Copyright 2013-2015 ForgeRock AS.
</ins><span class="cx"> *
</span><span class="cx"> * The contents of this file are subject to the terms of the \
Common Development and </span><span class="cx"> * Distribution License (the \
License). You may not use this file except in compliance with the </span><span \
class="lines">@@ -15,6 +15,9 @@ </span><span class="cx"> */
</span><span class="cx"> package org.forgerock.openam.xui;
</span><span class="cx">
</span><ins>+import java.util.LinkedHashMap;
+import java.util.Map;
+
</ins><span class="cx"> import javax.servlet.FilterChain;
</span><span class="cx"> import javax.servlet.FilterConfig;
</span><span class="cx"> import javax.servlet.http.HttpServletRequest;
</span><span class="lines">@@ -24,6 +27,9 @@
</span><span class="cx"> import static org.fest.assertions.Assertions.*;
</span><span class="cx">
</span><span class="cx"> import org.mockito.ArgumentCaptor;
</span><ins>+import org.mockito.invocation.InvocationOnMock;
+import org.mockito.stubbing.Answer;
+import org.owasp.esapi.ESAPI;
</ins><span class="cx">
</span><span class="cx"> import static org.mockito.BDDMockito.mock;
</span><span class="cx"> import static org.mockito.Mockito.verify;
</span><span class="lines">@@ -32,6 +38,8 @@
</span><span class="cx"> import org.testng.annotations.BeforeMethod;
</span><span class="cx"> import org.testng.annotations.Test;
</span><span class="cx">
</span><ins>+import com.sun.identity.shared.Constants;
+
</ins><span class="cx"> public class XUIFilterTest {
</span><span class="cx">
</span><span class="cx"> private static final String CONTEXT = \
"/context"; </span><span class="lines">@@ -71,6 +79,41 @@
</span><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> @Test
</span><ins>+ public void loginRedirectsToXUIWithCompositeAdvice() throws \
Exception { + String pathInfo = "/UI/Login";
+ String query = "locale=fr&realm=%2F";
+ String compositeAdvice = \
"<Advices><AttributeValuePair><Attribute \
name=\"AuthLevelConditionAdvice\"/>" + + \
"<Value>1</Value></AttributeValuePair></Advices>"; \
+ String xuiLoginPath = "/XUI/#login/"; +
+ HttpServletRequest request = mock(HttpServletRequest.class);
+ HttpServletResponse responseLogin = mock(HttpServletResponse.class);
+ FilterChain filterChain = mock(FilterChain.class);
+
+ when(request.getRequestURI()).thenReturn(pathInfo);
+ when(request.getQueryString()).thenReturn(query);
+ when((request.getParameterMap())).thenAnswer(new Answer<Map>() {
+ @Override
+ public Map answer(InvocationOnMock invocation) throws Throwable {
+ Map parameterMap = new LinkedHashMap<String,String[]>();
+ parameterMap.put("locale", new String[]{"fr"});
+ parameterMap.put("realm", new String[]{"/"});
+ return parameterMap;
+ }
+ });
+ when(request.getParameter(Constants.COMPOSITE_ADVICE)).thenReturn(compositeAdvice);
+
+ filter.doFilter(request, responseLogin, filterChain);
+
+ ArgumentCaptor<String> captor = ArgumentCaptor.forClass(String.class);
+ verify(responseLogin).sendRedirect(captor.capture());
+
+ query += "&authIndexType=composite_advice&authIndexValue=" \
+ ESAPI.encoder().encodeForURL(compositeAdvice); +
+ assertThat(captor.getValue()).isEqualTo(CONTEXT + xuiLoginPath + \
"&" + query); + }
+
+ @Test
</ins><span class="cx"> public void testLogout() throws Exception {
</span><span class="cx"> String xuiLogoutPath = "/XUI/#logout/";
</span><span class="cx"> String logoutPath = "/UI/Logout";
</span></span></pre></div>
<a id="branchesAME7692_noRestartsAuthopenamopenamdocumentationopenamdoclogmessagerefsrcmainresourceslogmessagesprefaceheader"></a>
<div class="modfile"><h4>Modified: \
branches/AME-7692_noRestartsAuth/openam/openam-documentation/openam-doc-log-message-ref/src/main/resources/log-messages-preface.header \
(14908 => 14909)</h4> <pre class="diff"><span>
<span class="info">--- \
branches/AME-7692_noRestartsAuth/openam/openam-documentation/openam-doc-log-message-ref/src/main/resources/log-messages-preface.header 2015-07-31 \
14:42:37 UTC (rev 14908)
+++ branches/AME-7692_noRestartsAuth/openam/openam-documentation/openam-doc-log-message-ref/src/main/resources/log-messages-preface.header 2015-07-31 \
15:38:51 UTC (rev 14909) </span><span class="lines">@@ -377,20 +377,14 @@
</span><span class="cx">
</span><span class="cx"> <para>
</span><span class="cx"> For information about configuring the location and \
verbosity of </span><del>- debug log files, please see the section on
</del><ins>+ debug log files, see the section on
</ins><span class="cx"> <link
</span><span class="cx"> xlink:show="new"
</span><span class="cx"> xlink:href="admin-guide#debug-logging"
</span><span class="cx"> \
xlink:role="http://docbook.org/xlink/role/olink"> </span><span \
class="cx"> <citetitle>Debug Logging</citetitle> </span><span \
class="cx"> </link> </span><del>- in the
- <link
- xlink:show="new"
- xlink:href="admin-guide"
- xlink:role="http://docbook.org/xlink/role/olink">
- <citetitle>Administration Guide</citetitle>.
- </link>
</del><ins>+ in the <citetitle>OpenAM Administration \
Guide</citetitle>. </ins><span class="cx"> </para>
</span><span class="cx">
</span><span class="cx"> </section>
</span></span></pre></div>
<a id="branchesAME7692_noRestartsAuthopenamopenamfederationOpenFMsrcmainscriptsbinssoadm"></a>
<div class="modfile"><h4>Modified: \
branches/AME-7692_noRestartsAuth/openam/openam-federation/OpenFM/src/main/scripts/bin/ssoadm \
(14908 => 14909)</h4> <pre class="diff"><span>
<span class="info">--- \
branches/AME-7692_noRestartsAuth/openam/openam-federation/OpenFM/src/main/scripts/bin/ssoadm 2015-07-31 \
14:42:37 UTC (rev 14908)
+++ branches/AME-7692_noRestartsAuth/openam/openam-federation/OpenFM/src/main/scripts/bin/ssoadm 2015-07-31 \
15:38:51 UTC (rev 14909) </span><span class="lines">@@ -41,7 +41,7 @@
</span><span class="cx">
</span><span class="cx"> CLASSPATH="@CONFIG_DIR@"
</span><span class="cx"> \
CLASSPATH="$CLASSPATH:$TOOLS_HOME/classes:$TOOLS_HOME/resources" \
</span><del>-CLASSPATH="${CLASSPATH}:${LIB_CP}" \
</del><ins>+CLASSPATH="$CLASSPATH:$LIB_CP" </ins><span class="cx">
</span><span class="cx"> if [ -n "$EXT_CLASSPATH" ] ; then
</span><span class="cx"> CLASSPATH=$EXT_CLASSPATH:$CLASSPATH
</span></span></pre></div>
<a id="branchesAME7692_noRestartsAuthopenamopenamfederationopenamidpdiscoverysrcmainjavacomsunidentitysaml2idpdiscoveryDebugjava"></a>
<div class="modfile"><h4>Modified: \
branches/AME-7692_noRestartsAuth/openam/openam-federation/openam-idpdiscovery/src/main/java/com/sun/identity/saml2/idpdiscovery/Debug.java \
(14908 => 14909)</h4> <pre class="diff"><span>
<span class="info">--- \
branches/AME-7692_noRestartsAuth/openam/openam-federation/openam-idpdiscovery/src/main/java/com/sun/identity/saml2/idpdiscovery/Debug.java 2015-07-31 \
14:42:37 UTC (rev 14908)
+++ branches/AME-7692_noRestartsAuth/openam/openam-federation/openam-idpdiscovery/src/main/java/com/sun/identity/saml2/idpdiscovery/Debug.java 2015-07-31 \
15:38:51 UTC (rev 14909) </span><span class="lines">@@ -24,14 +24,26 @@
</span><span class="cx"> *
</span><span class="cx"> * $Id: Debug.java,v 1.5 2008/06/25 05:47:47 qcheng Exp $
</span><span class="cx"> *
</span><ins>+ * Portions Copyrighted 2015 ForgeRock AS.
</ins><span class="cx"> */
</span><span class="cx">
</span><span class="cx">
</span><span class="cx"> package com.sun.identity.saml2.idpdiscovery;
</span><span class="cx">
</span><del>-import java.io.*;
-import java.util.*;
-import java.text.*;
</del><ins>+import com.sun.identity.shared.configuration.SystemPropertiesManager;
+import java.io.BufferedWriter;
+import java.io.File;
+import java.io.FileOutputStream;
+import java.io.IOException;
+import java.io.OutputStreamWriter;
+import java.io.PrintWriter;
+import java.io.StringWriter;
+import java.text.DateFormat;
+import java.text.SimpleDateFormat;
+import java.util.Date;
+import java.util.HashMap;
+import java.util.Map;
+import java.util.MissingResourceException;
</ins><span class="cx">
</span><span class="cx"> // NOTE: Since JVM specs guarantee atomic access/updates to \
int variables </span><span class="cx"> // (actually all variables except double and \
long), the design consciously </span><span class="lines">@@ -112,9 +124,6 @@
</span><span class="cx"> * the key and Debug is the value of this map.
</span><span class="cx"> */
</span><span class="cx"> private static Map debugMap = new HashMap();
</span><del>-
- /** serviceInitialized indicates if the service is already initialized. */
- private static boolean serviceInitialized = false;
</del><span class="cx">
</span><span class="cx"> private static DateFormat dateFormat;
</span><span class="cx">
</span><span class="lines">@@ -127,13 +136,18 @@
</span><span class="cx"> * set the following two static variables to some \
default values here, then </span><span class="cx"> * it will interfere with the \
execution of {@link #initService}. </span><span class="cx"> */
</span><del>- private static String defaultDebugLevel;
- private static String outputDirectory;
</del><ins>+ private static String debugLevelStr;
+ private static String debugDirectory;
</ins><span class="cx">
</span><span class="cx"> private final String debugName;
</span><span class="cx"> private PrintWriter debugFile = null;
</span><del>- private int debugLevel;
-
</del><ins>+ private int debugLevel;
+
+ private static boolean validInit() {
+ return IDPDiscoveryConstants.DEBUG_DIR.equals(debugDirectory)
+ && IDPDiscoveryConstants.DEBUG_LEVEL.equals(debugLevelStr);
+ }
+
</ins><span class="cx"> /** Initializes the Debug service so that Debug objects \
can be created. At </span><span class="cx"> * startup (when the first Debug \
object is ever created in a JVM), this </span><span class="cx"> * method reads \
<code>DebugConfig.properties</code> file (using </span><span \
class="lines">@@ -151,8 +165,8 @@ </span><span class="cx"> /* We will use the \
double-checked locking pattern. Rarely entered </span><span class="cx"> * \
block. Push synchronization inside it. This is the first check. </span><span \
class="cx"> */ </span><del>- if (!serviceInitialized) {
- /* Only 1 thread at a time gets past the next point. Rarely
</del><ins>+ if (!validInit()) {
+ /* Only 1 thread at a time gets past the next point. Rarely
</ins><span class="cx"> * executed synchronization statement and hence \
synchronization </span><span class="cx"> * penalty is not paid every \
time this method is called. </span><span class="cx"> */
</span><span class="lines">@@ -162,37 +176,31 @@
</span><span class="cx"> * it will not re-initialize the instance \
variable. This is the </span><span class="cx"> * (second) \
double-check. </span><span class="cx"> */
</span><del>- if (!serviceInitialized) {
- dateFormat = new SimpleDateFormat(
- "MM/dd/yyyy hh:mm:ss:SSS a zzz");
</del><ins>+ if (!validInit()) {
+ dateFormat = new SimpleDateFormat("MM/dd/yyyy hh:mm:ss:SSS \
a zzz"); </ins><span class="cx"> try {
</span><del>- defaultDebugLevel = SystemProperties.get(
- IDPDiscoveryConstants.DEBUG_LEVEL);
- outputDirectory = SystemProperties.get(
- IDPDiscoveryConstants.DEBUG_DIR);
- if (outputDirectory != null ) {
- File createDir = new File(outputDirectory);
</del><ins>+ debugLevelStr = \
SystemProperties.get(IDPDiscoveryConstants.DEBUG_LEVEL); + \
debugDirectory = SystemProperties.get(IDPDiscoveryConstants.DEBUG_DIR); + \
if (debugDirectory != null ) { + File createDir = new \
File(debugDirectory); </ins><span class="cx"> if \
((!createDir.exists()) && (!createDir.mkdirs())) </span><span class="cx"> \
{ </span><del>- System.err.println("could not \
create "
- + "debug dir /var/opt/SUNWam/debug");
</del><ins>+ System.err.println("could not create \
debug dir /var/opt/SUNWam/debug"); </ins><span class="cx"> \
} </span><span class="cx"> }
</span><span class="cx"> } catch (MissingResourceException e) {
</span><span class="cx"> System.err.println(e.getMessage());
</span><span class="cx"> e.printStackTrace();
</span><span class="cx">
</span><del>- // If there is any error in getting the level or \
- // outputDirectory, defaultDebugLevel will be set to
</del><ins>+ // If there is any error in getting the level or
+ // outputDirectory, defaultDebugLevel will be set to
</ins><span class="cx"> // ON so that output will go to
</span><span class="cx"> // System.out
</span><del>-
- defaultDebugLevel = "on";
- outputDirectory = null;
</del><ins>+ debugLevelStr = "on";
+ debugDirectory = null;
</ins><span class="cx"> } catch (SecurityException se) {
</span><span class="cx"> System.err.println(se.getMessage());
</span><span class="cx"> }
</span><del>- serviceInitialized = true;
</del><span class="cx"> }
</span><span class="cx"> }
</span><span class="cx"> }
</span><span class="lines">@@ -213,13 +221,12 @@
</span><span class="cx"> public Debug(String debugName) {
</span><span class="cx"> // Initialize the debug service the first time a \
Debug object is </span><span class="cx"> // created.
</span><del>-
</del><span class="cx"> initService();
</span><span class="cx">
</span><span class="cx"> // Now initialize this instance itself
</span><span class="cx">
</span><span class="cx"> this.debugName = debugName;
</span><del>- setDebug(defaultDebugLevel);
</del><ins>+ setDebug(debugLevelStr);
</ins><span class="cx">
</span><span class="cx"> synchronized (debugMap) {
</span><span class="cx"> // explicitly ignore any duplicate instances.
</span><span class="lines">@@ -239,7 +246,9 @@
</span><span class="cx"> */
</span><span class="cx"> public static synchronized Debug getInstance(String \
debugName) { </span><span class="cx"> Debug debugObj = (Debug) \
debugMap.get(debugName); </span><del>- if (debugObj == null) {
</del><ins>+ if (debugObj == null ||
+ (debugDirectory != null &&
+ !debugDirectory.equals(SystemPropertiesManager.get(IDPDiscoveryConstants.DEBUG_DIR)))) \
{ </ins><span class="cx"> debugObj = new Debug(debugName);
</span><span class="cx"> }
</span><span class="cx"> return debugObj;
</span><span class="lines">@@ -530,19 +539,20 @@
</span><span class="cx"> * properties file, \
<code>DebugConfig.properties</code>. </span><span class="cx"> */
</span><span class="cx"> private synchronized void write(String msg) {
</span><ins>+
</ins><span class="cx"> try {
</span><span class="cx"> // debugging is enabled.
</span><span class="cx"> // First, see if the debugFile is already open. \
If not, open it now. </span><del>-
- if (debugFile == null) {
</del><ins>+ if (debugFile == null ||
+ (debugDirectory != null &&
+ \
!debugDirectory.equals(SystemPropertiesManager.get(IDPDiscoveryConstants.DEBUG_DIR)))) \
{ +
+ initService();
+
</ins><span class="cx"> // open file in append mode
</span><del>- FileOutputStream fos = new FileOutputStream(
- outputDirectory + File.separator + debugName,
- true);
</del><ins>+ FileOutputStream fos = new \
FileOutputStream(debugDirectory + File.separator + debugName, true); </ins><span \
class="cx"> debugFile = new PrintWriter( </span><del>- \
new BufferedWriter(
- new OutputStreamWriter(fos, "UTF8")
- ),
</del><ins>+ new BufferedWriter( new OutputStreamWriter(fos, \
"UTF8") ), </ins><span class="cx"> true); // autoflush \
enabled </span><span class="cx">
</span><span class="cx"> debugFile.println(
</span><span class="lines">@@ -589,8 +599,8 @@
</span><span class="cx">
</span><span class="cx"> /**
</span><span class="cx"> * Enables or disables debugging based on the value of \
debug attribute, </span><del>- * \
<code>com.iplanet.services.debug.level</code>, in the
- * <code>DebugConfig.properties</code> file.
</del><ins>+ * <code>com.iplanet.services.debug.level</code>, in the
+ * <code>DebugConfig.properties</code> file.
</ins><span class="cx"> * <code>DebugConfig.properties<code>
</span><span class="cx"> * file should be accessible from CLASSPATH.
</span><span class="cx"> * If the property is not defined, debug level is set to \
<code>error</code>. </span><span class="lines">@@ -603,7 +613,7 @@
</span><span class="cx"> // The following initService is temporary. \
setDebug() is anyways </span><span class="cx"> // deprecated and will be \
removed in future. </span><span class="cx"> initService();
</span><del>- setDebug(defaultDebugLevel);
</del><ins>+ setDebug(debugLevelStr);
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> /**
</span></span></pre></div>
<a id="branchesAME7692_noRestartsAuthopenamopenamoauth2"></a>
<div class="propset"><h4>Property changes: \
branches/AME-7692_noRestartsAuth/openam/openam-oauth2</h4> <pre class="diff"><span>
</span></pre></div>
<a id="svnmergeinfo"></a>
<div class="modfile"><h4>Modified: svn:mergeinfo</h4></div>
<span class="cx">/branches/AME-2629/openam/openam-oauth2:7585-7632
</span><span class="cx">/branches/AME-3405-session-read-from-cts/openam/openam-oauth2:8749-8823
</span><span class="cx">/branches/AME-3423/openam/openam-oauth2:10105-10414
</span><span class="cx">/branches/AME-3612-pcunnington/openam/openam-oauth2:9534-9723
</span><span class="cx">/branches/AME-3719/openam/openam-oauth2:9517-9879
</span><span class="cx">/branches/AME-3726-script-sandboxing/openam/openam-oauth2:9663-9819
</span><span class="cx">/branches/AME-4378/openam/openam-oauth2:10443-10621
</span><span class="cx">/branches/AME-4460_AME-4459/openam/openam-oauth2:10437-10535
</span><span class="cx">/branches/AME-4547/openam/openam-oauth2:10585-10783
</span><span class="cx">/branches/AME-4569-XACML-Response-Provider-Support/openam/openam-oauth2:10624-10817
</span><span class="cx">/branches/AME-4595/openam/openam-oauth2:10581-10789
</span><span class="cx">/branches/AME-4609/openam/openam-oauth2:10678-10949
</span><span class="cx">/branches/AME-4616/openam/openam-oauth2:10652-10817
</span><span class="cx">/branches/AME-4638/openam/openam-oauth2:10869-11050
</span><span class="cx">/branches/AME-5023/openam/openam-oauth2:11070-11123
</span><span class="cx">/branches/AME-5326_refactor_and_test_oath_module/openam/openam-oauth2:13066-13428
</span><span class="cx">/branches/AME-5568-stateless-sessions/openam/openam-oauth2:12629-13078
</span><span class="cx">/branches/AME-6128_and_AME-6129_JSONify_attributes_for_OATH/openam/openam-oauth2:13797-13866
</span><span class="cx">/branches/AME-6128_and_AME-6129_new_user_attributes_for_OATH/openam/openam-oauth2:13602-13794
</span><span class="cx">/branches/AME-6369/openam/openam-oauth2:13289-13686
</span><span class="cx">/branches/AME-6627_Remove-LDAP-SDK/openam/openam-oauth2:13713-14249
</span><span class="cx">/branches/AME-6796/openam/openam-oauth2:13716-13732
</span><span class="cx">/branches/AME-7286/openam/openam-oauth2:14363-14465
</span><span class="cx">/branches/CTS-Async/openam/openam-oauth2:8847-9739
</span><span class="cx">/branches/IIS7PostData/openam/openam-oauth2:224-261
</span><span class="cx">/branches/OPENAM-2961-forgot-password-404/openam/openam-oauth2:8322-8362
</span><span class="cx">/branches/OPENAM-3097-sessions-not-deleted/openam/openam-oauth2:6910-6946
</span><span class="cx">/branches/OPENAM-3130-session-quota/openam/openam-oauth2:6958-6972
</span><span class="cx">/branches/OPENAM-3283-CTS-thread-exceptions/openam/openam-oauth2:7270-7369
</span><span class="cx">/branches/OPENAM-3425-class-cast-exception/openam/openam-oauth2:8333-8359
</span><span class="cx">/branches/OPENAM-3782-forgotten-password-changes/openam/openam-oauth2:8747-8835
</span><span class="cx">/branches/OPENAM-4028-connection-pool/openam/openam-oauth2:9750-10171
</span><span class="cx">/branches/OPENAM-4384-ssoadm-classpath/openam/openam-oauth2:10263-10264
</span><span class="cx">/branches/OPENAM-4394/openam/openam-oauth2:11059-11099
</span><span class="cx">/branches/OPENAM-4775-REST-endpoint-malformed-3/openam/openam-oauth2:11322-11331
</span><span class="cx">/branches/OPENAM-5019_entitlement_condition_validation/openam/openam-oauth2:11455-11491
</span><span class="cx">/branches/OPENAM-5269/openam/openam-oauth2:11838-11851
</span><span class="cx">/branches/OPENAM-5970_trim_unused_qrcode_references/openam/openam-oauth2:13756-13770
</span><span class="cx">/branches/OPENAM-OPENAM-3528-client-side-session-validation/openam/openam-oauth2:7834-7844
</span><span class="cx">/branches/ame4272/openam/openam-oauth2:10073-10101
</span><span class="cx">/branches/andy-ame-2227-v2/openam/openam-oauth2:7508-7697
</span><span class="cx">/branches/andyAme3102/openam/openam-oauth2:8312-8413
</span><span class="cx">/branches/auditHistory/openam/openam-oauth2:12633-12709
</span><span class="cx">/branches/cert_chain_bug/openam-oauth2:11102-11125
</span><span class="cx">/branches/contextualAuthz/openam/openam-oauth2:12734-12787
</span><span class="cx">/branches/initial_uma/openam/openam-oauth2:12067-12470
</span><span class="cx">/branches/maven_merge/openam/openam-oauth2:2556-2558,2756-3124
</span><span class="cx">/branches/oidc-conf/openam/openam-oauth2:13365-13468
</span><span class="cx">/branches/oidc-conf/openam-oauth2:13312-13363
</span><span class="cx">/branches/oidc-conf2/openam/openam-oauth2:13364
</span><span class="cx">/branches/oidc_authn/openam-oauth2:8507,8540,8557-8559,8565-8566
</span><span class="cx">/branches/openam-3049-cts-reaper-connection-usage/openam/openam-oauth2:6658-6745
</span><span class="cx">/branches/openam-3053-cts-tab-exception/openam/openam-oauth2:6672-6721
</span><span class="cx">/branches/openam-3072-cts-configuration/openam/openam-oauth2:6691-6714
</span><span class="cx">/branches/openam-3092-store-mode-error/openam/openam-oauth2:6729-6733
</span><span class="cx">/branches/openam-3110-create-or-update-bug/openam/openam-oauth2:6767-6804
</span><span class="cx">/branches/openam_10.1.0_SAML2_FIXES/openam-oauth2:3725-3740
</span><span class="cx">/branches/openam_10.1.0_jeff/openam-oauth2:3128-3527
</span><span class="cx">/branches/openam_10.1.0_xacml3_JAS/openam/openam-oauth2:4039-4140
</span><span class="cx">/branches/openam_10.2.0_xacml3_JAS/openam/openam-oauth2:4141-4379
</span><span class="cx">/branches/openid_connect_implementation/openam-oauth2:4140-5165
</span><span class="cx">/branches/pcunnington-AME-3115-refactor/openam/openam-oauth2:8348-8473
</span><span class="cx">/branches/pcunnington-AME-3158/openam/openam-oauth2:8476-8577
</span><span class="cx">/branches/pcunnington-oauth2/openam/openam-oauth2:8710-8793
</span><span class="cx">/branches/phcunnington-AME-3114/openam/openam-oauth2:8314-8341
</span><span class="cx">/branches/referralsWithoutApplications/openam/openam-oauth2:11071-11119
</span><span class="cx">/branches/rest_sts_view_bean/openam-oauth2:9690-9965
</span><span class="cx">/branches/rwapshott-AME-1739/openam/openam-oauth2:5331-5353
</span><span class="cx">/branches/rwapshott-AME-215/openam/openam-oauth2:4091-4155
</span><span class="cx">/branches/rwapshott-AME-257/openam/openam-oauth2:4047-4126
</span><span class="cx">/branches/rwapshott-AME-804/openam/openam-oauth2:4267-5404
</span><span class="cx">/branches/rwapshott-ame-2027-cts-oids-should-follow-fr-oid-scheme/openam/openam-oauth2:5609-5614
</span><span class="cx">/branches/rwapshott-ame-2160-session-size/openam/openam-oauth2:6086-6319
</span><span class="cx">/branches/rwapshott-ame-2311-index-names/openam/openam-oauth2:6058-6069
</span><span class="cx">/branches/rwapshott-ame-258-cts-replication/openam/openam-oauth2:5548-6055
</span><span class="cx">/branches/rwapshott-openam-2198-session-resource-protection/openam/openam-oauth2:5628-5824
</span><span class="cx">/branches/rwapshott-openam-2526/openam/openam-oauth2:5442-5484
</span><span class="cx">/branches/rwapshott-openam-2716-cts-invalid-chars/openam/openam-oauth2:6170-6194
</span><span class="cx">/branches/rwapshott-openam-2729-saml2-error/openam/openam-oauth2:6247-6257
</span><span class="cx">/branches/soap_sts_admin_ui/openam-oauth2:14254-14454
</span><span class="cx">/branches/soap_sts_config/openam-oauth2:12590-12719,12744
</span><span class="cx">/branches/soap_sts_policy/openam-oauth2:12762-13106,13172-13354
</span><span class="cx">/branches/soap_sts_x509/openam-oauth2:13550-13640,13667,13693
</span><span class="cx">/branches/stateless_logout/openam/openam-oauth2:12511-13298
</span><span class="cx">/branches/sts_client_sdk/openam-oauth2:11175-11185
</span><span class="cx">/branches/sts_custom_ops/openam-oauth2:14051-14331
</span><span class="cx">/branches/sts_disable_am_token/openam-oauth2:11204,11229-11233
</span><span class="cx">/branches/sts_filtering/openam-oauth2:10605-10717,10719-10900,10924,10927,10929-10931,10963-10964,10986,10989,10993
</span><span class="cx">/branches/sts_oidc_saml_redux/openam-oauth2:8417-8422,8424,8440,8445-8446,8460,8490,8498
</span><span class="cx">/branches/sts_restart_persistence/openam-oauth2:9003-9005,9009-9414
</span><span class="cx">/branches/sts_saml2_encrypt/openam-oauth2:10424-10472,10474-10550
</span><span class="cx">/branches/sts_sans_cxf/openam-oauth2:13383-13518,13532-13542
</span><span class="cx">/branches/sts_service_listeners/openam-oauth2:9968-10031,10047-10048,10053
</span><span class="cx">/branches/sts_soap/openam-oauth2:11665-12039,12056-12242,12273-12321
</span><span class="cx">/branches/sts_tgs_oidc/openam-oauth2:13712-14040
</span><span class="cx">/branches/sts_token_gen_service/openam-oauth2:8706,8717-8720,8 \
723-8725,8727-8728,8731,8737,8740-8742,8759-8760,8774-8776,8796-8797,8800-8801,8818-8819,8821
</span><span class="cx">/branches/sts_token_gen_service2/openam-oauth2:8844-8887,8894-9000
</span><span class="cx">/branches/sts_x509/openam-oauth2:10206-10398
</span><span class="cx">/fr-branches/11.0.x/openam/openam-oauth2:12915
</span><span class="cx">/fr-branches/12.0.x/openam/openam-oauth2:12922
</span><span class="cx">/trunk/openam/openam-oauth2:3127-3577
</span><span class="cx"> + \
/branches/AME-2526-SFO-between-sites/openam/openam-oauth2:7510-8258 </span><span \
class="cx">/branches/AME-2629/openam/openam-oauth2:7585-7632 </span><span \
class="cx">/branches/AME-3405-session-read-from-cts/openam/openam-oauth2:8749-8823 \
</span><span class="cx">/branches/AME-3423/openam/openam-oauth2:10105-10414 \
</span><span class="cx">/branches/AME-3612-pcunnington/openam/openam-oauth2:9534-9723 \
</span><span class="cx">/branches/AME-3719/openam/openam-oauth2:9517-9879 \
</span><span class="cx">/branches/AME-3726-script-sandboxing/openam/openam-oauth2:9663-9819
</span><span class="cx">/branches/AME-4378/openam/openam-oauth2:10443-10621
</span><span class="cx">/branches/AME-4460_AME-4459/openam/openam-oauth2:10437-10535
</span><span class="cx">/branches/AME-4547/openam/openam-oauth2:10585-10783
</span><span class="cx">/branches/AME-4569-XACML-Response-Provider-Support/openam/openam-oauth2:10624-10817
</span><span class="cx">/branches/AME-4595/openam/openam-oauth2:10581-10789
</span><span class="cx">/branches/AME-4609/openam/openam-oauth2:10678-10949
</span><span class="cx">/branches/AME-4616/openam/openam-oauth2:10652-10817
</span><span class="cx">/branches/AME-4638/openam/openam-oauth2:10869-11050
</span><span class="cx">/branches/AME-5023/openam/openam-oauth2:11070-11123
</span><span class="cx">/branches/AME-5326_refactor_and_test_oath_module/openam/openam-oauth2:13066-13428
</span><span class="cx">/branches/AME-5568-stateless-sessions/openam/openam-oauth2:12629-13078
</span><span class="cx">/branches/AME-6128_and_AME-6129_JSONify_attributes_for_OATH/openam/openam-oauth2:13797-13866
</span><span class="cx">/branches/AME-6128_and_AME-6129_new_user_attributes_for_OATH/openam/openam-oauth2:13602-13794
</span><span class="cx">/branches/AME-6369/openam/openam-oauth2:13289-13686
</span><span class="cx">/branches/AME-6627_Remove-LDAP-SDK/openam/openam-oauth2:13713-14249
</span><span class="cx">/branches/AME-6796/openam/openam-oauth2:13716-13732
</span><span class="cx">/branches/AME-7286/openam/openam-oauth2:14363-14465
</span><span class="cx">/branches/AME-7754_UMA_labels/openam/openam-oauth2:14781-14882
</span><span class="cx">/branches/CTS-Async/openam/openam-oauth2:8847-9739
</span><span class="cx">/branches/IIS7PostData/openam/openam-oauth2:224-261
</span><span class="cx">/branches/OPENAM-2961-forgot-password-404/openam/openam-oauth2:8322-8362
</span><span class="cx">/branches/OPENAM-3097-sessions-not-deleted/openam/openam-oauth2:6910-6946
</span><span class="cx">/branches/OPENAM-3130-session-quota/openam/openam-oauth2:6958-6972
</span><span class="cx">/branches/OPENAM-3283-CTS-thread-exceptions/openam/openam-oauth2:7270-7369
</span><span class="cx">/branches/OPENAM-3425-class-cast-exception/openam/openam-oauth2:8333-8359
</span><span class="cx">/branches/OPENAM-3782-forgotten-password-changes/openam/openam-oauth2:8747-8835
</span><span class="cx">/branches/OPENAM-4028-connection-pool/openam/openam-oauth2:9750-10171
</span><span class="cx">/branches/OPENAM-4384-ssoadm-classpath/openam/openam-oauth2:10263-10264
</span><span class="cx">/branches/OPENAM-4394/openam/openam-oauth2:11059-11099
</span><span class="cx">/branches/OPENAM-4775-REST-endpoint-malformed-3/openam/openam-oauth2:11322-11331
</span><span class="cx">/branches/OPENAM-5019_entitlement_condition_validation/openam/openam-oauth2:11455-11491
</span><span class="cx">/branches/OPENAM-5269/openam/openam-oauth2:11838-11851
</span><span class="cx">/branches/OPENAM-5970_trim_unused_qrcode_references/openam/openam-oauth2:13756-13770
</span><span class="cx">/branches/OPENAM-6272-OPENAM-1462-OATH-RFEs/openam/openam-oauth2:14653-14742
</span><span class="cx">/branches/OPENAM-6326-ssoadm-classpath/openam/openam-oauth2:14839-14844
</span><span class="cx">/branches/OPENAM-OPENAM-3528-client-side-session-validation/openam/openam-oauth2:7834-7844
</span><span class="cx">/branches/ame4272/openam/openam-oauth2:10073-10101
</span><span class="cx">/branches/andy-ame-2227-v2/openam/openam-oauth2:7508-7697
</span><span class="cx">/branches/andyAme3102/openam/openam-oauth2:8312-8413
</span><span class="cx">/branches/auditHistory/openam/openam-oauth2:12633-12709
</span><span class="cx">/branches/cert_chain_bug/openam-oauth2:11102-11125
</span><span class="cx">/branches/contextualAuthz/openam/openam-oauth2:12734-12787
</span><span class="cx">/branches/initial_uma/openam/openam-oauth2:12067-12470
</span><span class="cx">/branches/maven_merge/openam/openam-oauth2:2556-2558,2756-3124
</span><span class="cx">/branches/oidc-conf/openam/openam-oauth2:13365-13468
</span><span class="cx">/branches/oidc-conf/openam-oauth2:13312-13363
</span><span class="cx">/branches/oidc-conf2/openam/openam-oauth2:13364
</span><span class="cx">/branches/oidc_authn/openam-oauth2:8507,8540,8557-8559,8565-8566
</span><span class="cx">/branches/openam-3049-cts-reaper-connection-usage/openam/openam-oauth2:6658-6745
</span><span class="cx">/branches/openam-3053-cts-tab-exception/openam/openam-oauth2:6672-6721
</span><span class="cx">/branches/openam-3072-cts-configuration/openam/openam-oauth2:6691-6714
</span><span class="cx">/branches/openam-3092-store-mode-error/openam/openam-oauth2:6729-6733
</span><span class="cx">/branches/openam-3110-create-or-update-bug/openam/openam-oauth2:6767-6804
</span><span class="cx">/branches/openam_10.1.0_SAML2_FIXES/openam-oauth2:3725-3740
</span><span class="cx">/branches/openam_10.1.0_jeff/openam-oauth2:3128-3527
</span><span class="cx">/branches/openam_10.1.0_xacml3_JAS/openam/openam-oauth2:4039-4140
</span><span class="cx">/branches/openam_10.2.0_xacml3_JAS/openam/openam-oauth2:4141-4379
</span><span class="cx">/branches/openid_connect_implementation/openam-oauth2:4140-5165
</span><span class="cx">/branches/pcunnington-AME-3115-refactor/openam/openam-oauth2:8348-8473
</span><span class="cx">/branches/pcunnington-AME-3158/openam/openam-oauth2:8476-8577
</span><span class="cx">/branches/pcunnington-oauth2/openam/openam-oauth2:8710-8793
</span><span class="cx">/branches/phcunnington-AME-3114/openam/openam-oauth2:8314-8341
</span><span class="cx">/branches/referralsWithoutApplications/openam/openam-oauth2:11071-11119
</span><span class="cx">/branches/rest_sts_view_bean/openam-oauth2:9690-9965
</span><span class="cx">/branches/rwapshott-AME-1739/openam/openam-oauth2:5331-5353
</span><span class="cx">/branches/rwapshott-AME-215/openam/openam-oauth2:4091-4155
</span><span class="cx">/branches/rwapshott-AME-257/openam/openam-oauth2:4047-4126
</span><span class="cx">/branches/rwapshott-AME-804/openam/openam-oauth2:4267-5404
</span><span class="cx">/branches/rwapshott-ame-2027-cts-oids-should-follow-fr-oid-scheme/openam/openam-oauth2:5609-5614
</span><span class="cx">/branches/rwapshott-ame-2160-session-size/openam/openam-oauth2:6086-6319
</span><span class="cx">/branches/rwapshott-ame-2311-index-names/openam/openam-oauth2:6058-6069
</span><span class="cx">/branches/rwapshott-ame-258-cts-replication/openam/openam-oauth2:5548-6055
</span><span class="cx">/branches/rwapshott-openam-2198-session-resource-protection/openam/openam-oauth2:5628-5824
</span><span class="cx">/branches/rwapshott-openam-2526/openam/openam-oauth2:5442-5484
</span><span class="cx">/branches/rwapshott-openam-2716-cts-invalid-chars/openam/openam-oauth2:6170-6194
</span><span class="cx">/branches/rwapshott-openam-2729-saml2-error/openam/openam-oauth2:6247-6257
</span><span class="cx">/branches/soap_sts_admin_ui/openam-oauth2:14254-14454
</span><span class="cx">/branches/soap_sts_config/openam-oauth2:12590-12719,12744
</span><span class="cx">/branches/soap_sts_policy/openam-oauth2:12762-13106,13172-13354
</span><span class="cx">/branches/soap_sts_x509/openam-oauth2:13550-13640,13667,13693
</span><span class="cx">/branches/stateless_logout/openam/openam-oauth2:12511-13298
</span><span class="cx">/branches/sts_client_sdk/openam-oauth2:11175-11185
</span><span class="cx">/branches/sts_custom_ops/openam-oauth2:14051-14331
</span><span class="cx">/branches/sts_disable_am_token/openam-oauth2:11204,11229-11233
</span><span class="cx">/branches/sts_filtering/openam-oauth2:10605-10717,10719-10900,10924,10927,10929-10931,10963-10964,10986,10989,10993
</span><span class="cx">/branches/sts_oidc_saml_redux/openam-oauth2:8417-8422,8424,8440,8445-8446,8460,8490,8498
</span><span class="cx">/branches/sts_restart_persistence/openam-oauth2:9003-9005,9009-9414
</span><span class="cx">/branches/sts_saml2_encrypt/openam-oauth2:10424-10472,10474-10550
</span><span class="cx">/branches/sts_sans_cxf/openam-oauth2:13383-13518,13532-13542
</span><span class="cx">/branches/sts_service_listeners/openam-oauth2:9968-10031,10047-10048,10053
</span><span class="cx">/branches/sts_soap/openam-oauth2:11665-12039,12056-12242,12273-12321
</span><span class="cx">/branches/sts_tgs_oidc/openam-oauth2:13712-14040
</span><span class="cx">/branches/sts_token_gen_service/openam-oauth2:8706,8717-8720,8 \
723-8725,8727-8728,8731,8737,8740-8742,8759-8760,8774-8776,8796-8797,8800-8801,8818-8819,8821
</span><span class="cx">/branches/sts_token_gen_service2/openam-oauth2:8844-8887,8894-9000
</span><span class="cx">/branches/sts_x509/openam-oauth2:10206-10398
</span><span class="cx">/fr-branches/11.0.x/openam/openam-oauth2:12915
</span><span class="cx">/fr-branches/12.0.x/openam/openam-oauth2:12922
</span><span class="cx">/trunk/openam/openam-oauth2:3127-3577,14738-14908
</span><a id="branchesAME7692_noRestartsAuthopenamopenamoauth2srcmainjavaorgforgerockopenamoauth2OpenAMClientRegistrationStorejava"></a>
<div class="modfile"><h4>Modified: \
branches/AME-7692_noRestartsAuth/openam/openam-oauth2/src/main/java/org/forgerock/openam/oauth2/OpenAMClientRegistrationStore.java \
(14908 => 14909)</h4> <pre class="diff"><span>
<span class="info">--- \
branches/AME-7692_noRestartsAuth/openam/openam-oauth2/src/main/java/org/forgerock/openam/oauth2/OpenAMClientRegistrationStore.java 2015-07-31 \
14:42:37 UTC (rev 14908)
+++ branches/AME-7692_noRestartsAuth/openam/openam-oauth2/src/main/java/org/forgerock/openam/oauth2/OpenAMClientRegistrationStore.java 2015-07-31 \
15:38:51 UTC (rev 14909) </span><span class="lines">@@ -37,6 +37,7 @@
</span><span class="cx"> import org.forgerock.oauth2.core.OAuth2Request;
</span><span class="cx"> import org.forgerock.oauth2.core.PEMDecoder;
</span><span class="cx"> import \
org.forgerock.oauth2.core.exceptions.InvalidClientException; </span><ins>+import \
org.forgerock.oauth2.core.exceptions.NotFoundException; </ins><span class="cx"> \
import org.forgerock.openam.utils.RealmNormaliser; </span><span class="cx"> import \
org.forgerock.openidconnect.OpenIdConnectClientRegistration; </span><span class="cx"> \
import org.forgerock.openidconnect.OpenIdConnectClientRegistrationStore; </span><span \
class="lines">@@ -71,7 +72,8 @@ </span><span class="cx"> /**
</span><span class="cx"> * {@inheritDoc}
</span><span class="cx"> */
</span><del>- public OpenIdConnectClientRegistration get(String clientId, \
OAuth2Request request) throws InvalidClientException { </del><ins>+ public \
OpenIdConnectClientRegistration get(String clientId, OAuth2Request request) + \
throws InvalidClientException, NotFoundException { </ins><span class="cx">
</span><span class="cx"> final String realm = \
realmNormaliser.normalise(request.<String>getParameter(OAuth2Constants.Custom.REALM));
</span><span class="cx"> return new \
OpenAMClientRegistration(getIdentity(clientId, realm), pemDecoder, resolverService); \
</span></span></pre></div> <a \
id="branchesAME7692_noRestartsAuthopenamopenamoauth2srcmainjavaorgforgerockopenamoauth2OpenAMOAuth2ProviderSettingsFactoryjava"></a>
<div class="modfile"><h4>Modified: \
branches/AME-7692_noRestartsAuth/openam/openam-oauth2/src/main/java/org/forgerock/openam/oauth2/OpenAMOAuth2ProviderSettingsFactory.java \
(14908 => 14909)</h4> <pre class="diff"><span>
<span class="info">--- \
branches/AME-7692_noRestartsAuth/openam/openam-oauth2/src/main/java/org/forgerock/openam/oauth2/OpenAMOAuth2ProviderSettingsFactory.java 2015-07-31 \
14:42:37 UTC (rev 14908)
+++ branches/AME-7692_noRestartsAuth/openam/openam-oauth2/src/main/java/org/forgerock/openam/oauth2/OpenAMOAuth2ProviderSettingsFactory.java 2015-07-31 \
15:38:51 UTC (rev 14909) </span><span class="lines">@@ -69,31 +69,27 @@
</span><span class="cx"> public OAuth2ProviderSettings get(OAuth2Request request) \
throws NotFoundException { </span><span class="cx"> final String realm = \
realmNormaliser.normalise(request.<String>getParameter(OAuth2Constants.Custom.REALM));
</span><span class="cx"> final HttpServletRequest req = \
ServletUtils.getRequest(request.<Request>getRequest()); </span><del>- \
String baseUrlPattern = \
baseURLProviderFactory.get(realm).getURL(req);
- return getInstance(realm, baseUrlPattern);
</del><ins>+ return get(realm, req);
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> /**
</span><del>- * Only to be used internally by AM.
- *
- * @param realm The realm.
- * @return The OAuth2ProviderSettings instance.
</del><ins>+ * Cache each provider settings on the realm it was created for.
+ * {@inheritDoc}
</ins><span class="cx"> */
</span><span class="cx"> public OAuth2ProviderSettings get(String realm) throws \
NotFoundException { </span><del>- return \
getInstance(realmNormaliser.normalise(realm), null); </del><ins>+ \
OAuth2ProviderSettings providerSettings = providerSettingsMap.get(realm); + if \
(providerSettings == null) { + throw new IllegalStateException("Realm \
provider settings have not yet been constructed."); + }
+ return providerSettings;
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> /**
</span><del>- * Gets the instance of the OAuth2ProviderSettings.
- * <br/>
</del><span class="cx"> * Cache each provider settings on the realm it was \
created for. </span><del>- *
- * @param realm The realm.
- * @param baseDeploymentUri The base deployment url.
- * @return The OAuth2ProviderSettings instance.
</del><ins>+ * {@inheritDoc}
</ins><span class="cx"> */
</span><del>- private OAuth2ProviderSettings getInstance(String realm, String \
baseDeploymentUri)
- throws NotFoundException {
</del><ins>+ public OAuth2ProviderSettings get(String realm, HttpServletRequest \
req) throws NotFoundException { + String baseDeploymentUri = \
baseURLProviderFactory.get(realm).getURL(req); </ins><span class="cx"> \
synchronized (providerSettingsMap) { </span><span class="cx"> \
OAuth2ProviderSettings providerSettings = providerSettingsMap.get(realm); \
</span><span class="cx"> if (providerSettings == null) { \
</span></span></pre></div> <a \
id="branchesAME7692_noRestartsAuthopenamopenamoauth2srcmainjavaorgforgerockopenamoauth2OpenAMResourceOwnerAuthenticatorjava"></a>
<div class="modfile"><h4>Modified: \
branches/AME-7692_noRestartsAuth/openam/openam-oauth2/src/main/java/org/forgerock/openam/oauth2/OpenAMResourceOwnerAuthenticator.java \
(14908 => 14909)</h4> <pre class="diff"><span>
<span class="info">--- \
branches/AME-7692_noRestartsAuth/openam/openam-oauth2/src/main/java/org/forgerock/openam/oauth2/OpenAMResourceOwnerAuthenticator.java 2015-07-31 \
14:42:37 UTC (rev 14908)
+++ branches/AME-7692_noRestartsAuth/openam/openam-oauth2/src/main/java/org/forgerock/openam/oauth2/OpenAMResourceOwnerAuthenticator.java 2015-07-31 \
15:38:51 UTC (rev 14909) </span><span class="lines">@@ -43,6 +43,7 @@
</span><span class="cx"> import org.forgerock.oauth2.core.OAuth2Request;
</span><span class="cx"> import org.forgerock.oauth2.core.ResourceOwner;
</span><span class="cx"> import org.forgerock.oauth2.core.ResourceOwnerAuthenticator;
</span><ins>+import org.forgerock.oauth2.core.exceptions.NotFoundException;
</ins><span class="cx"> import org.forgerock.openam.utils.RealmNormaliser;
</span><span class="cx"> import org.restlet.Request;
</span><span class="cx"> import org.restlet.data.Status;
</span><span class="lines">@@ -73,7 +74,7 @@
</span><span class="cx"> /**
</span><span class="cx"> * {@inheritDoc}
</span><span class="cx"> */
</span><del>- public ResourceOwner authenticate(OAuth2Request request) {
</del><ins>+ public ResourceOwner authenticate(OAuth2Request request) throws \
NotFoundException { </ins><span class="cx"> SSOToken token = null;
</span><span class="cx"> try {
</span><span class="cx"> SSOTokenManager mgr = \
SSOTokenManager.getInstance(); </span></span></pre></div>
<a id="branchesAME7692_noRestartsAuthopenamopenamoauth2srcmainjavaorgforgerockopenamoauth2OpenAMTokenStorejava"></a>
<div class="modfile"><h4>Modified: \
branches/AME-7692_noRestartsAuth/openam/openam-oauth2/src/main/java/org/forgerock/openam/oauth2/OpenAMTokenStore.java \
(14908 => 14909)</h4> <pre class="diff"><span>
<span class="info">--- \
branches/AME-7692_noRestartsAuth/openam/openam-oauth2/src/main/java/org/forgerock/openam/oauth2/OpenAMTokenStore.java 2015-07-31 \
14:42:37 UTC (rev 14908)
+++ branches/AME-7692_noRestartsAuth/openam/openam-oauth2/src/main/java/org/forgerock/openam/oauth2/OpenAMTokenStore.java 2015-07-31 \
15:38:51 UTC (rev 14909) </span><span class="lines">@@ -165,7 +165,7 @@
</span><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> private OpenIdConnectClientRegistration \
getClientRegistration(String clientId, OAuth2Request request) </span><del>- \
throws ServerException { </del><ins>+ throws ServerException, \
NotFoundException { </ins><span class="cx"> OpenIdConnectClientRegistration \
clientRegistration = null; </span><span class="cx"> try {
</span><span class="cx"> clientRegistration = \
clientRegistrationStore.get(clientId, request); </span><span class="lines">@@ -541,7 \
+541,8 @@ </span><span class="cx"> /**
</span><span class="cx"> * {@inheritDoc}
</span><span class="cx"> */
</span><del>- public AuthorizationCode readAuthorizationCode(OAuth2Request \
request, String code) throws InvalidGrantException, ServerException { </del><ins>+ \
public AuthorizationCode readAuthorizationCode(OAuth2Request request, String code) + \
throws InvalidGrantException, ServerException, NotFoundException { </ins><span \
class="cx"> if (logger.messageEnabled()) { </span><span class="cx"> \
logger.message("Reading Authorization code: " + code); </span><span \
class="cx"> } </span><span class="lines">@@ -561,7 +562,8 @@
</span><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> OpenAMAuthorizationCode authorizationCode = new \
OpenAMAuthorizationCode(token); </span><del>- if \
(!authorizationCode.getRealm().equals(request.<String>getParameter(REALM))) { \
</del><ins>+ final String realm = \
realmNormaliser.normalise(request.<String>getParameter(REALM)); + if \
(!authorizationCode.getRealm().equals(realm)) { </ins><span class="cx"> \
throw new InvalidGrantException("Grant is not valid for the requested \
realm"); </span><span class="cx"> }
</span><span class="cx"> request.setToken(AuthorizationCode.class, \
authorizationCode); </span><span class="lines">@@ -717,7 +719,7 @@
</span><span class="cx"> * {@inheritDoc}
</span><span class="cx"> */
</span><span class="cx"> public AccessToken readAccessToken(OAuth2Request \
request, String tokenId) throws ServerException, </span><del>- \
InvalidGrantException { </del><ins>+ InvalidGrantException, \
NotFoundException { </ins><span class="cx">
</span><span class="cx"> logger.message("Reading access token");
</span><span class="cx">
</span><span class="lines">@@ -737,7 +739,8 @@
</span><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> OpenAMAccessToken accessToken = new \
OpenAMAccessToken(token); </span><del>- if \
(!accessToken.getRealm().equals(request.<String>getParameter(REALM))) { \
</del><ins>+ final String realm = \
realmNormaliser.normalise(request.<String>getParameter(REALM)); + if \
(!accessToken.getRealm().equals(realm)) { </ins><span class="cx"> throw \
new InvalidGrantException("Grant is not valid for the requested realm"); \
</span><span class="cx"> } </span><span class="cx"> \
request.setToken(AccessToken.class, accessToken); </span><span class="lines">@@ \
-748,7 +751,7 @@ </span><span class="cx"> * {@inheritDoc}
</span><span class="cx"> */
</span><span class="cx"> public RefreshToken readRefreshToken(OAuth2Request \
request, String tokenId) throws ServerException, </span><del>- \
InvalidGrantException { </del><ins>+ InvalidGrantException, \
NotFoundException { </ins><span class="cx">
</span><span class="cx"> logger.message("Read refresh token");
</span><span class="cx"> JsonValue token;
</span><span class="lines">@@ -766,7 +769,8 @@
</span><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> OpenAMRefreshToken refreshToken = new \
OpenAMRefreshToken(token); </span><del>- if \
(!refreshToken.getRealm().equals(request.<String>getParameter(REALM))) { \
</del><ins>+ final String realm = \
realmNormaliser.normalise(request.<String>getParameter(REALM)); + if \
(!refreshToken.getRealm().equals(realm)) { </ins><span class="cx"> throw \
new InvalidGrantException("Grant is not valid for the requested realm"); \
</span><span class="cx"> } </span><span class="cx"> \
request.setToken(RefreshToken.class, refreshToken); </span></span></pre></div>
<a id="branchesAME7692_noRestartsAuthopenamopenamoauth2srcmainjavaorgforgerockopenamoauth2guiceOAuth2GuiceModulejava"></a>
<div class="modfile"><h4>Modified: \
branches/AME-7692_noRestartsAuth/openam/openam-oauth2/src/main/java/org/forgerock/openam/oauth2/guice/OAuth2GuiceModule.java \
(14908 => 14909)</h4> <pre class="diff"><span>
<span class="info">--- \
branches/AME-7692_noRestartsAuth/openam/openam-oauth2/src/main/java/org/forgerock/openam/oauth2/guice/OAuth2GuiceModule.java 2015-07-31 \
14:42:37 UTC (rev 14908)
+++ branches/AME-7692_noRestartsAuth/openam/openam-oauth2/src/main/java/org/forgerock/openam/oauth2/guice/OAuth2GuiceModule.java 2015-07-31 \
15:38:51 UTC (rev 14909) </span><span class="lines">@@ -72,7 +72,7 @@
</span><span class="cx"> import \
org.forgerock.oauth2.restlet.RestletOAuth2RequestFactory; </span><span class="cx"> \
import org.forgerock.oauth2.restlet.RestletQueryParameterAccessTokenVerifier; \
</span><span class="cx"> import org.forgerock.oauth2.restlet.TokenRequestHook; \
</span><del>-import org.forgerock.oauth2.restlet.resources.ResourceSetRegistrationEndpoint;
</del><ins>+import org.forgerock.openam.oauth2.resources.ResourceSetRegistrationEndpoint;
</ins><span class="cx"> import \
org.forgerock.oauth2.restlet.resources.ResourceSetRegistrationExceptionFilter; \
</span><span class="cx"> import \
org.forgerock.oauth2.restlet.resources.ResourceSetRegistrationListener; </span><span \
class="cx"> import org.forgerock.openam.cts.adapters.JavaBeanAdapter; </span><span \
class="lines">@@ -87,6 +87,7 @@ </span><span class="cx"> import \
org.forgerock.openam.oauth2.OpenAMTokenStore; </span><span class="cx"> import \
org.forgerock.openam.oauth2.resources.OpenAMResourceSetStore; </span><span \
class="cx"> import org.forgerock.openam.oauth2.resources.ResourceSetStoreFactory; \
</span><ins>+import org.forgerock.openam.oauth2.resources.labels.LabelsGuiceModule; \
</ins><span class="cx"> import \
org.forgerock.openam.oauth2.saml2.core.Saml2GrantTypeHandler; </span><span \
class="cx"> import org.forgerock.openam.oauth2.validation.OpenIDConnectURLValidator; \
</span><span class="cx"> import \
org.forgerock.openam.openidconnect.OpenAMOpenIDConnectProvider; </span><span \
class="lines">@@ -212,6 +213,7 @@ </span><span class="cx"> \
Multibinder.newSetBinder(binder(), ResourceSetRegistrationListener.class); \
</span><span class="cx"> </span><span class="cx"> \
bind(OpenIDConnectURLValidator.class).toInstance(OpenIDConnectURLValidator.getInstance());
</span><ins>+ install(new LabelsGuiceModule());
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> @Provides
</span></span></pre></div>
<a id="branchesAME7692_noRestartsAuthopenamopenamoauth2srcmainjavaorgforgerockopenamoa \
uth2resourcesResourceSetLabelRegistrationjavafromrev14908trunkopenamopenamoauth2srcmainjavaorgforgerockopenamoauth2resourcesResourceSetLabelRegistrationjava"></a>
<div class="copfile"><h4>Copied: \
branches/AME-7692_noRestartsAuth/openam/openam-oauth2/src/main/java/org/forgerock/openam/oauth2/resources/ResourceSetLabelRegistration.java \
(from rev 14908, trunk/openam/openam-oauth2/src/main/java/org/forgerock/openam/oauth2/resources/ResourceSetLabelRegistration.java) \
(0 => 14909)</h4> <pre class="diff"><span>
<span class="info">--- \
branches/AME-7692_noRestartsAuth/openam/openam-oauth2/src/main/java/org/forgerock/openam/oauth2/resources/ResourceSetLabelRegistration.java \
(rev 0)
+++ branches/AME-7692_noRestartsAuth/openam/openam-oauth2/src/main/java/org/forgerock/openam/oauth2/resources/ResourceSetLabelRegistration.java 2015-07-31 \
15:38:51 UTC (rev 14909) </span><span class="lines">@@ -0,0 +1,150 @@
</span><ins>+/*
+ * The contents of this file are subject to the terms of the Common Development and
+ * Distribution License (the License). You may not use this file except in \
compliance with the + * License.
+ *
+ * You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for \
the + * specific language governing permission and limitations under the License.
+ *
+ * When distributing Covered Software, include this CDDL Header Notice in each file \
and include + * the License file at legal/CDDLv1.0.txt. If applicable, add the \
following below the CDDL + * Header, with the fields enclosed by brackets [] replaced \
by your own identifying + * information: "Portions copyright [year] [name of \
copyright owner]". + *
+ * Copyright 2015 ForgeRock AS.
+ */
+
+package org.forgerock.openam.oauth2.resources;
+
+import static org.forgerock.json.fluent.JsonValue.array;
+import static org.forgerock.json.fluent.JsonValue.json;
+
+import javax.inject.Inject;
+import java.util.Collection;
+import java.util.Collections;
+import java.util.HashSet;
+import java.util.Set;
+
+import com.sun.identity.shared.debug.Debug;
+import org.forgerock.json.fluent.JsonValue;
+import org.forgerock.json.resource.ResourceException;
+import org.forgerock.oauth2.core.OAuth2Constants;
+import org.forgerock.oauth2.resources.ResourceSetDescription;
+import org.forgerock.openam.oauth2.resources.labels.LabelType;
+import org.forgerock.openam.oauth2.resources.labels.ResourceSetLabel;
+import org.forgerock.openam.oauth2.resources.labels.UmaLabelsStore;
+
+/**
+ * Updates Resource Set labels on Resource Set registration, update and deletion.
+ *
+ * @since 13.0.0
+ */
+public class ResourceSetLabelRegistration {
+
+ private final Debug logger = Debug.getInstance("OAuth2Provider");
+ private final UmaLabelsStore labelsStore;
+
+ /**
+ * Constructs an instance of a {@code ResourceSetLabelRegistration}.
+ *
+ * @param labelsStore An instance of the {@code UmaLabelsStore}.
+ */
+ @Inject
+ public ResourceSetLabelRegistration(UmaLabelsStore labelsStore) {
+ this.labelsStore = labelsStore;
+ }
+
+ /**
+ * Adds labels to the new resource set, creating the label if required.
+ *
+ * @param resourceSet The new resource set.
+ */
+ void updateLabelsForNewResourceSet(ResourceSetDescription resourceSet) {
+ JsonValue labels = \
resourceSet.getDescription().get(OAuth2Constants.ResourceSets.LABELS); + if \
(!labels.isNull() && labels.size() > 0) { + \
updateLabels(resourceSet, labels.asSet(String.class), \
Collections.<String>emptySet()); + }
+ }
+
+ /**
+ * Adds and removes labels on the updated resource set, creating the label
+ * if required and deleting labels which are no longer used.
+ *
+ * @param resourceSet The updated resource set.
+ */
+ void updateLabelsForExistingResourceSet(ResourceSetDescription resourceSet) {
+ JsonValue newLabels = \
resourceSet.getDescription().get(OAuth2Constants.ResourceSets.LABELS); + if \
(newLabels.isNull()) { + newLabels = json(array());
+ }
+ Collection<String> addedLabels = newLabels.asSet(String.class);
+ try {
+ Set<ResourceSetLabel> labels = \
labelsStore.forResourceSet(resourceSet.getRealm(), + \
resourceSet.getResourceOwnerId(), resourceSet.getId(), true); + \
Collection<String> removedLabels = new HashSet<>(); + for \
(ResourceSetLabel label : labels) { + String labelName = \
label.getName().substring(label.getName().lastIndexOf("/") + 1); + \
if (!addedLabels.remove(labelName)) { + \
removedLabels.add(labelName); + }
+ }
+
+ updateLabels(resourceSet, addedLabels, removedLabels);
+ } catch (ResourceException e) {
+ logger.error("Failed to find current labels on resource set: \
{}", resourceSet.getId(), e); + }
+ }
+
+ /**
+ * Removes labels from the deleted resource set, deleting labels which are no \
longer used. + *
+ * @param resourceSet The deleted resource set.
+ */
+ void updateLabelsForDeletedResourceSet(ResourceSetDescription resourceSet) {
+ JsonValue labels = \
resourceSet.getDescription().get(OAuth2Constants.ResourceSets.LABELS); + if \
(!labels.isNull() && labels.size() > 0) { + \
updateLabels(resourceSet, Collections.<String>emptySet(), \
labels.asSet(String.class)); + }
+ }
+
+ private void updateLabels(ResourceSetDescription resourceSet, \
Collection<String> addedLabels, + Collection<String> \
removedLabels) { + Collection<String> updatedLabels = new \
HashSet<>(addedLabels); + updatedLabels.addAll(removedLabels);
+ for (String label : updatedLabels) {
+ try {
+ String labelId = getLabelId(resourceSet.getClientId(), label);
+ try {
+ ResourceSetLabel resourceSetLabel = \
labelsStore.read(resourceSet.getRealm(), + \
resourceSet.getResourceOwnerId(), labelId); + if \
(addedLabels.contains(label)) { + \
resourceSetLabel.addResourceSetId(resourceSet.getId()); + } else \
if (removedLabels.contains(label)) { + \
resourceSetLabel.removeResourceSetId(resourceSet.getId()); + }
+ labelsStore.update(resourceSet.getRealm(), \
resourceSet.getResourceOwnerId(), resourceSetLabel); + if \
(removedLabels.contains(label)) { + if \
(!labelsStore.isLabelInUse(resourceSet.getRealm(), resourceSet.getResourceOwnerId(), \
+ labelId)) { + \
labelsStore.delete(resourceSet.getRealm(), resourceSet.getResourceOwnerId(), + \
getLabelId(resourceSet.getClientId(), label)); + }
+ }
+ } catch (org.forgerock.json.resource.NotFoundException e) {
+ if (addedLabels.contains(label)) {
+ labelsStore.create(resourceSet.getRealm(), \
resourceSet.getResourceOwnerId(), + new \
ResourceSetLabel(labelId, + label, \
LabelType.SYSTEM, Collections.singleton(resourceSet.getId()))); + \
} + }
+ } catch (ResourceException e) {
+ logger.error("Failed to update label, {}, on resource set: \
{}", + getLabelId(resourceSet.getClientId(), label), \
resourceSet.getId(), e); + }
+ }
+ }
+
+ private String getLabelId(String clientId, String label) {
+ return clientId + "/" + label;
+ }
+}
</ins></span></pre></div>
<a id="branchesAME7692_noRestartsAuthopenamopenamoauth2srcmainjavaorgforgerockopenamoa \
uth2resourcesResourceSetRegistrationEndpointjavafromrev14908trunkopenamopenamoauth2src \
mainjavaorgforgerockopenamoauth2resourcesResourceSetRegistrationEndpointjava"></a> \
<div class="copfile"><h4>Copied: \
branches/AME-7692_noRestartsAuth/openam/openam-oauth2/src/main/java/org/forgerock/openam/oauth2/resources/ResourceSetRegistrationEndpoint.java \
(from rev 14908, trunk/openam/openam-oauth2/src/main/java/org/forgerock/openam/oauth2/resources/ResourceSetRegistrationEndpoint.java) \
(0 => 14909)</h4> <pre class="diff"><span>
<span class="info">--- \
branches/AME-7692_noRestartsAuth/openam/openam-oauth2/src/main/java/org/forgerock/openam/oauth2/resources/ResourceSetRegistrationEndpoint.java \
(rev 0)
+++ branches/AME-7692_noRestartsAuth/openam/openam-oauth2/src/main/java/org/forgerock/openam/oauth2/resources/ResourceSetRegistrationEndpoint.java 2015-07-31 \
15:38:51 UTC (rev 14909) </span><span class="lines">@@ -0,0 +1,283 @@
</span><ins>+/*
+ * The contents of this file are subject to the terms of the Common Development and
+ * Distribution License (the License). You may not use this file except in \
compliance with the + * License.
+ *
+ * You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for \
the + * specific language governing permission and limitations under the License.
+ *
+ * When distributing Covered Software, include this CDDL Header Notice in each file \
and include + * the License file at legal/CDDLv1.0.txt. If applicable, add the \
following below the CDDL + * Header, with the fields enclosed by brackets [] replaced \
by your own identifying + * information: "Portions copyright [year] [name of \
copyright owner]". + *
+ * Copyright 2015 ForgeRock AS.
+ */
+
+package org.forgerock.openam.oauth2.resources;
+
+import javax.inject.Inject;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.Map;
+import java.util.Set;
+
+import org.apache.commons.lang.StringUtils;
+import org.forgerock.json.fluent.JsonValue;
+import org.forgerock.oauth2.core.AccessToken;
+import org.forgerock.oauth2.core.OAuth2Constants;
+import org.forgerock.oauth2.core.OAuth2ProviderSettingsFactory;
+import org.forgerock.oauth2.core.OAuth2Request;
+import org.forgerock.oauth2.core.OAuth2RequestFactory;
+import org.forgerock.oauth2.core.exceptions.BadRequestException;
+import org.forgerock.oauth2.core.exceptions.NotFoundException;
+import org.forgerock.oauth2.core.exceptions.ServerException;
+import org.forgerock.oauth2.resources.ResourceSetDescription;
+import org.forgerock.oauth2.resources.ResourceSetStore;
+import org.forgerock.oauth2.restlet.resources.ResourceSetDescriptionValidator;
+import org.forgerock.oauth2.restlet.resources.ResourceSetRegistrationListener;
+import org.forgerock.openam.cts.api.fields.ResourceSetTokenField;
+import org.forgerock.openam.utils.JsonValueBuilder;
+import org.forgerock.util.query.QueryFilter;
+import org.json.JSONException;
+import org.restlet.Request;
+import org.restlet.data.Status;
+import org.restlet.data.Tag;
+import org.restlet.ext.jackson.JacksonRepresentation;
+import org.restlet.ext.json.JsonRepresentation;
+import org.restlet.representation.EmptyRepresentation;
+import org.restlet.representation.Representation;
+import org.restlet.resource.Delete;
+import org.restlet.resource.Get;
+import org.restlet.resource.Post;
+import org.restlet.resource.Put;
+import org.restlet.resource.ResourceException;
+import org.restlet.resource.ServerResource;
+
+/**
+ * Restlet endpoint for OAuth2 resource servers to register resource set that should \
be protected. + *
+ * @link https://tools.ietf.org/html/draft-hardjono-oauth-resource-reg-04
+ * @since 13.0.0
+ */
+public class ResourceSetRegistrationEndpoint extends ServerResource {
+
+ private static final String RESOURCE_SET_ID_KEY = "rsid";
+ private static final String ID_FIELD = "_id";
+ private static final String POLICY_URI_FIELD = \
"user_access_policy_uri"; +
+ private final OAuth2ProviderSettingsFactory providerSettingsFactory;
+ private final ResourceSetDescriptionValidator validator;
+ private final OAuth2RequestFactory<Request> requestFactory;
+ private final Set<ResourceSetRegistrationListener> listeners;
+ private final ResourceSetLabelRegistration labelRegistration;
+
+ /**
+ * Construct a new ResourceSetRegistrationEndpoint instance.
+ *
+ * @param providerSettingsFactory An instance of the {@link \
OAuth2ProviderSettingsFactory}. + * @param validator An instance of the {@link \
ResourceSetDescriptionValidator}. + * @param requestFactory An instance of the \
OAuth2RequestFactory. + * @param listeners A {@code Set} of {@code \
ResourceSetRegistrationListener}s. + * @param labelRegistration An instance of \
the {@code ResourceSetLabelRegistration}. + */
+ @Inject
+ public ResourceSetRegistrationEndpoint(OAuth2ProviderSettingsFactory \
providerSettingsFactory, + ResourceSetDescriptionValidator validator, \
OAuth2RequestFactory<Request> requestFactory, + \
Set<ResourceSetRegistrationListener> listeners, ResourceSetLabelRegistration \
labelRegistration) { + this.providerSettingsFactory = providerSettingsFactory;
+ this.validator = validator;
+ this.requestFactory = requestFactory;
+ this.listeners = listeners;
+ this.labelRegistration = labelRegistration;
+ }
+
+ /**
+ * <p>Creates or updates a resource set description.</p>
+ *
+ * <p>If the request contains a If-Match header an update is performed, \
otherwise a create is performed.</p> + *
+ * <p>An update will replace the current description of the resource set \
with the contents of the request body.</p> + *
+ * @param entity The new resource set description.
+ * @return A JSON object containing the authorization server's unique id for the \
resource set and, optionally, + * a policy uri.
+ * @throws NotFoundException If the requested resource set description does not \
exist. + * @throws ServerException When an error occurs during creating or \
updating. + * @throws BadRequestException If the request JSON is invalid.
+ */
+
+ @Post
+ public Representation createResourceSet(JsonRepresentation entity) throws \
NotFoundException, ServerException, + BadRequestException {
+ ResourceSetDescription resourceSetDescription = new \
ResourceSetDescription(null, getClientId(), + getResourceOwnerId(), \
validator.validate(toMap(entity))); + OAuth2Request oAuth2Request = \
requestFactory.create(getRequest()); + ResourceSetStore store = \
providerSettingsFactory.get(oAuth2Request).getResourceSetStore(); +
+ QueryFilter<String> query = QueryFilter.and(
+ QueryFilter.equalTo(ResourceSetTokenField.NAME, \
resourceSetDescription.getName()), + \
QueryFilter.equalTo(ResourceSetTokenField.CLIENT_ID, getClientId()), + \
QueryFilter.equalTo(ResourceSetTokenField.RESOURCE_OWNER_ID, getResourceOwnerId())); \
+ + if (!store.query(query).isEmpty()) {
+ getResponse().setStatus(Status.CLIENT_ERROR_BAD_REQUEST);
+ Map<String, Object> response = new HashMap<String, \
Object>(); + response.put(OAuth2Constants.Params.ERROR, \
Status.CLIENT_ERROR_BAD_REQUEST.getReasonPhrase()); + \
response.put(OAuth2Constants.Params.ERROR_DESCRIPTION, "A shared item with the \
name '" + + resourceSetDescription.getName() + "' \
already exists"); + return new JsonRepresentation(response);
+ }
+
+ store.create(oAuth2Request, resourceSetDescription);
+ for (ResourceSetRegistrationListener listener : listeners) {
+ listener.resourceSetCreated(oAuth2Request.<String>getParameter("realm"), \
resourceSetDescription); + }
+ labelRegistration.updateLabelsForNewResourceSet(resourceSetDescription);
+ getResponse().setStatus(Status.SUCCESS_CREATED);
+ return createJsonResponse(resourceSetDescription, false, true);
+ }
+
+ @Put
+ public Representation updateResourceSet(JsonRepresentation entity) throws \
NotFoundException, + ServerException, BadRequestException {
+
+ if (!isConditionalRequest()) {
+ throw new ResourceException(512, "precondition_failed", \
"Require If-Match header to update Resource Set", + \
null); + }
+
+ final Map<String, Object> resourceSetDescriptionAttributes = \
validator.validate(toMap(entity)); + final String resourceSetId = \
getResourceSetId(); +
+ ResourceSetStore store = \
providerSettingsFactory.get(requestFactory.create(getRequest())).getResourceSetStore();
+ ResourceSetDescription resourceSetDescription = store.read(resourceSetId)
+ .update(resourceSetDescriptionAttributes);
+ store.update(resourceSetDescription);
+ labelRegistration.updateLabelsForExistingResourceSet(resourceSetDescription);
+ return createJsonResponse(resourceSetDescription, false, true);
+ }
+
+ /**
+ * Reads the requested resource set description or queries all the client's \
(resource server's) resource sets. + *
+ * @return When reading returns a JSON object of the authorization server's \
unique id and the description of the + * resource set. When querying returns a \
JSON array of the resource set ids. + * @throws NotFoundException If the \
requested resource set description does not exist. + * @throws ServerException \
When the resource set description cannot be loaded. + */
+ @Get
+ public Representation readOrListResourceSet() throws NotFoundException, \
ServerException { + String resourceSetId = getResourceSetId();
+ if (resourceSetId == null || resourceSetId.isEmpty()) {
+ return listResourceSets();
+ } else {
+ return readResourceSet(resourceSetId);
+ }
+ }
+
+ private Representation readResourceSet(String resourceSetId) throws \
NotFoundException, ServerException { + ResourceSetStore store = \
providerSettingsFactory.get(requestFactory.create(getRequest())).getResourceSetStore();
+ return createJsonResponse(store.read(resourceSetId), true, true);
+ }
+
+ private Representation listResourceSets() throws ServerException, \
NotFoundException { + ResourceSetStore store = \
providerSettingsFactory.get(requestFactory.create(getRequest())).getResourceSetStore();
+ QueryFilter<String> query = QueryFilter.and(
+ QueryFilter.equalTo(ResourceSetTokenField.CLIENT_ID, getClientId()),
+ QueryFilter.equalTo(ResourceSetTokenField.RESOURCE_OWNER_ID, \
getResourceOwnerId())); + Set<ResourceSetDescription> \
resourceSetDescriptions = store.query(query); +
+ Set<String> resourceSetIds = new HashSet<String>();
+
+ for (ResourceSetDescription resourceSetDescription : \
resourceSetDescriptions) { + \
resourceSetIds.add(resourceSetDescription.getId()); + }
+
+ return new JacksonRepresentation<Set<String>>(resourceSetIds);
+ }
+
+ /**
+ * <p>Deletes the resource set description for the request resource set id \
as long as the If-Match header matches + * the current version of the resource \
set.</p> + *
+ * <p>If no If-Match header is present on the request a 512 Precondition \
Failed response will be returned.</p> + *
+ * @return An empty representation.
+ * @throws NotFoundException If the requested resource set description does not \
exist. + * @throws ServerException When an error occurs during removal.
+ */
+ @Delete
+ public Representation deleteResourceSet() throws NotFoundException, \
ServerException { +
+ if (!isConditionalRequest()) {
+ throw new ResourceException(512, "precondition_failed", \
"Require If-Match header to delete Resource Set", + \
null); + }
+
+ ResourceSetStore store = \
providerSettingsFactory.get(requestFactory.create(getRequest())).getResourceSetStore();
+ labelRegistration.updateLabelsForDeletedResourceSet(store.read(getResourceSetId()));
+ store.delete(getResourceSetId(), getResourceOwnerId());
+ return createEmptyResponse();
+ }
+
+ private boolean isConditionalRequest() {
+ return !getConditions().getMatch().isEmpty();
+ }
+
+ private String getResourceSetId() {
+ return (String) getRequestAttributes().get(RESOURCE_SET_ID_KEY);
+ }
+
+ private String getClientId() {
+ return requestFactory.create(getRequest()).getToken(AccessToken.class).getClientId();
+ }
+
+ private String getResourceOwnerId() {
+ return requestFactory.create(getRequest()).getToken(AccessToken.class).getResourceOwnerId();
+ }
+
+ private Representation createJsonResponse(ResourceSetDescription \
resourceSetDescription, boolean includeResourceSet, + boolean \
withPolicyUri) { + Map<String, Object> response = new HashMap<String, \
Object>(); + if (includeResourceSet) {
+ response = new HashMap<String, \
Object>(resourceSetDescription.asMap()); + }
+ response.put(ID_FIELD, resourceSetDescription.getId());
+ if (withPolicyUri && resourceSetDescription.getPolicyUri() != null) \
{ + response.put(POLICY_URI_FIELD, resourceSetDescription.getPolicyUri());
+ }
+ Representation representation = new JacksonRepresentation<Map<String, \
Object>>(response); + \
representation.setTag(generateETag(resourceSetDescription)); + return \
representation; + }
+
+ private Representation createEmptyResponse() {
+ Representation representation = new EmptyRepresentation();
+ getResponse().setStatus(new Status(204));
+ return representation;
+ }
+
+ private Tag generateETag(ResourceSetDescription resourceSetDescription) {
+ return new Tag(Integer.toString(resourceSetDescription.hashCode()), true);
+ }
+
+ private Map<String, Object> toMap(JsonRepresentation entity) throws \
BadRequestException { + if (entity == null) {
+ return Collections.emptyMap();
+ }
+
+ try {
+ final String jsonString = entity.getJsonObject().toString();
+ if (StringUtils.isNotEmpty(jsonString)) {
+ JsonValue jsonContent = JsonValueBuilder.toJsonValue(jsonString);
+ return jsonContent.asMap(Object.class);
+ }
+
+ return Collections.emptyMap();
+ } catch (JSONException e) {
+ throw new BadRequestException(e.getMessage());
+ }
+ }
+}
</ins></span></pre></div>
<a id="branchesAME7692_noRestartsAuthopenamopenamoauth2srcmainjavaorgforgerockopenamoauth2resourceslabelsLabelTypejava"></a>
<div class="delfile"><h4>Deleted: \
branches/AME-7692_noRestartsAuth/openam/openam-oauth2/src/main/java/org/forgerock/openam/oauth2/resources/labels/LabelType.java \
(14908 => 14909)</h4> <pre class="diff"><span>
<span class="info">--- \
trunk/openam/openam-oauth2/src/main/java/org/forgerock/openam/oauth2/resources/labels/LabelType.java 2015-07-31 \
14:42:37 UTC (rev 14908)
+++ branches/AME-7692_noRestartsAuth/openam/openam-oauth2/src/main/java/org/forgerock/openam/oauth2/resources/labels/LabelType.java 2015-07-31 \
15:38:51 UTC (rev 14909) </span><span class="lines">@@ -1,26 +0,0 @@
</span><del>-/*
- * The contents of this file are subject to the terms of the Common Development and
- * Distribution License (the License). You may not use this file except in \
compliance with the
- * License.
- *
- * You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for \
the
- * specific language governing permission and limitations under the License.
- *
- * When distributing Covered Software, include this CDDL Header Notice in each file \
and include
- * the License file at legal/CDDLv1.0.txt. If applicable, add the following below \
the CDDL
- * Header, with the fields enclosed by brackets [] replaced by your own identifying
- * information: "Portions copyright [year] [name of copyright owner]".
- *
- * Copyright 2015 ForgeRock AS.
- */
-
-package org.forgerock.openam.oauth2.resources.labels;
-
-/**
- * Types of UMA Resource Set Labels.
- */
-public enum LabelType {
- /** The user's starred/favorite resource sets. */ STAR,
- /** The user's custom resource set labels. */ USER,
- /** A system resource set label. */ SYSTEM
-}
</del></span></pre></div>
<a id="branchesAME7692_noRestartsAuthopenamopenamoauth2srcmainjavaorgforgerockopenamoa \
uth2resourceslabelsLabelTypejavafromrev14908trunkopenamopenamoauth2srcmainjavaorgforgerockopenamoauth2resourceslabelsLabelTypejava"></a>
<div class="copfile"><h4>Copied: \
branches/AME-7692_noRestartsAuth/openam/openam-oauth2/src/main/java/org/forgerock/openam/oauth2/resources/labels/LabelType.java \
(from rev 14908, trunk/openam/openam-oauth2/src/main/java/org/forgerock/openam/oauth2/resources/labels/LabelType.java) \
(0 => 14909)</h4> <pre class="diff"><span>
<span class="info">--- \
branches/AME-7692_noRestartsAuth/openam/openam-oauth2/src/main/java/org/forgerock/openam/oauth2/resources/labels/LabelType.java \
(rev 0)
+++ branches/AME-7692_noRestartsAuth/openam/openam-oauth2/src/main/java/org/forgerock/openam/oauth2/resources/labels/LabelType.java 2015-07-31 \
15:38:51 UTC (rev 14909) </span><span class="lines">@@ -0,0 +1,26 @@
</span><ins>+/*
+ * The contents of this file are subject to the terms of the Common Development and
+ * Distribution License (the License). You may not use this file except in \
compliance with the + * License.
+ *
+ * You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for \
the + * specific language governing permission and limitations under the License.
+ *
+ * When distributing Covered Software, include this CDDL Header Notice in each file \
and include + * the License file at legal/CDDLv1.0.txt. If applicable, add the \
following below the CDDL + * Header, with the fields enclosed by brackets [] replaced \
by your own identifying + * information: "Portions copyright [year] [name of \
copyright owner]". + *
+ * Copyright 2015 ForgeRock AS.
+ */
+
+package org.forgerock.openam.oauth2.resources.labels;
+
+/**
+ * Types of UMA Resource Set Labels.
+ */
+public enum LabelType {
+ /** The user's starred/favorite resource sets. */ STAR,
+ /** The user's custom resource set labels. */ USER,
+ /** A system resource set label. */ SYSTEM
+}
</ins></span></pre></div>
<a id="branchesAME7692_noRestartsAuthopenamopenamoauth2srcmainjavaorgforgerockopenamoauth2resourceslabelsLabelsConstantsjava"></a>
<div class="delfile"><h4>Deleted: \
branches/AME-7692_noRestartsAuth/openam/openam-oauth2/src/main/java/org/forgerock/openam/oauth2/resources/labels/LabelsConstants.java \
(14908 => 14909)</h4> <pre class="diff"><span>
<span class="info">--- \
trunk/openam/openam-oauth2/src/main/java/org/forgerock/openam/oauth2/resources/labels/LabelsConstants.java 2015-07-31 \
14:42:37 UTC (rev 14908)
+++ branches/AME-7692_noRestartsAuth/openam/openam-oauth2/src/main/java/org/forgerock/openam/oauth2/resources/labels/LabelsConstants.java 2015-07-31 \
15:38:51 UTC (rev 14909) </span><span class="lines">@@ -1,22 +0,0 @@
</span><del>-package org.forgerock.openam.oauth2.resources.labels;
-
-/**
- * UMA Resource Labels
- */
-public final class LabelsConstants {
- public static final String STORE_LOCATION = \
"org.forgerock.services.uma.labels.store.location";
- public static final String STORE_HOSTNAME = \
"org.forgerock.services.uma.labels.store.directory.name";
- public static final String STORE_USERNAME = \
"org.forgerock.services.uma.labels.store.loginid";
- public static final String STORE_PASSWORD = \
"org.forgerock.services.uma.labels.store.password";
- public static final String STORE_MAX_CONNECTIONS = \
"org.forgerock.services.uma.labels.store.max.connections";
- public static final String STORE_SSL_ENABLED = \
"org.forgerock.services.uma.labels.store.ssl.enabled";
- public static final String ROOT_SUFFIX = \
"org.forgerock.services.uma.labels.store.root.suffix";
- public static final String STORE_HEARTBEAT = \
"org.forgerock.services.uma.labels.store.heartbeat";
-
- public static final String ID_ATTR = "umaLabelId";
- public static final String NAME_ATTR = "umaLabelName";
- public static final String TYPE_ATTR = "umaLabelType";
- public static final String RESOURCE_SET_ATTR = "umaLabelResourceSet";
- public static final String OBJECT_CLASS = "frUmaLabel";
- public static final String ORG_UNIT_OBJECT_CLASS = \
"organizationalUnit";
-}
</del></span></pre></div>
<a id="branchesAME7692_noRestartsAuthopenamopenamoauth2srcmainjavaorgforgerockopenamoa \
uth2resourceslabelsLabelsConstantsjavafromrev14908trunkopenamopenamoauth2srcmainjavaorgforgerockopenamoauth2resourceslabelsLabelsConstantsjava"></a>
<div class="copfile"><h4>Copied: \
branches/AME-7692_noRestartsAuth/openam/openam-oauth2/src/main/java/org/forgerock/openam/oauth2/resources/labels/LabelsConstants.java \
(from rev 14908, trunk/openam/openam-oauth2/src/main/java/org/forgerock/openam/oauth2/resources/labels/LabelsConstants.java) \
(0 => 14909)</h4> <pre class="diff"><span>
<span class="info">--- \
branches/AME-7692_noRestartsAuth/openam/openam-oauth2/src/main/java/org/forgerock/openam/oauth2/resources/labels/LabelsConstants.java \
(rev 0)
+++ branches/AME-7692_noRestartsAuth/openam/openam-oauth2/src/main/java/org/forgerock/openam/oauth2/resources/labels/LabelsConstants.java 2015-07-31 \
15:38:51 UTC (rev 14909) </span><span class="lines">@@ -0,0 +1,22 @@
</span><ins>+package org.forgerock.openam.oauth2.resources.labels;
+
+/**
+ * UMA Resource Labels
+ */
+public final class LabelsConstants {
+ public static final String STORE_LOCATION = \
"org.forgerock.services.uma.labels.store.location"; + public static \
final String STORE_HOSTNAME = \
"org.forgerock.services.uma.labels.store.directory.name"; + public \
static final String STORE_USERNAME = \
"org.forgerock.services.uma.labels.store.loginid"; + public static final \
String STORE_PASSWORD = "org.forgerock.services.uma.labels.store.password"; \
+ public static final String STORE_MAX_CONNECTIONS = \
"org.forgerock.services.uma.labels.store.max.connections"; + public \
static final String STORE_SSL_ENABLED = \
"org.forgerock.services.uma.labels.store.ssl.enabled"; + public static \
final String ROOT_SUFFIX = \
"org.forgerock.services.uma.labels.store.root.suffix"; + public static \
final String STORE_HEARTBEAT = \
"org.forgerock.services.uma.labels.store.heartbeat"; +
+ public static final String ID_ATTR = "umaLabelId";
+ public static final String NAME_ATTR = "umaLabelName";
+ public static final String TYPE_ATTR = "umaLabelType";
+ public static final String RESOURCE_SET_ATTR = "umaLabelResourceSet";
+ public static final String OBJECT_CLASS = "frUmaLabel";
+ public static final String ORG_UNIT_OBJECT_CLASS = \
"organizationalUnit"; +}
</ins></span></pre></div>
<a id="branchesAME7692_noRestartsAuthopenamopenamoauth2srcmainjavaorgforgerockopenamoauth2resourceslabelsLabelsDataLayerConfigurationjava"></a>
<div class="delfile"><h4>Deleted: \
branches/AME-7692_noRestartsAuth/openam/openam-oauth2/src/main/java/org/forgerock/openam/oauth2/resources/labels/LabelsDataLayerConfiguration.java \
(14908 => 14909)</h4> <pre class="diff"><span>
<span class="info">--- \
trunk/openam/openam-oauth2/src/main/java/org/forgerock/openam/oauth2/resources/labels/LabelsDataLayerConfiguration.java 2015-07-31 \
14:42:37 UTC (rev 14908)
+++ branches/AME-7692_noRestartsAuth/openam/openam-oauth2/src/main/java/org/forgerock/openam/oauth2/resources/labels/LabelsDataLayerConfiguration.java 2015-07-31 \
15:38:51 UTC (rev 14909) </span><span class="lines">@@ -1,78 +0,0 @@
</span><del>-/*
- * The contents of this file are subject to the terms of the Common Development and
- * Distribution License (the License). You may not use this file except in \
compliance with the
- * License.
- *
- * You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for \
the
- * specific language governing permission and limitations under the License.
- *
- * When distributing Covered Software, include this CDDL Header Notice in each file \
and include
- * the License file at legal/CDDLv1.0.txt. If applicable, add the following below \
the CDDL
- * Header, with the fields enclosed by brackets [] replaced by your own identifying
- * information: "Portions copyright [year] [name of copyright owner]".
- *
- * Copyright 2015 ForgeRock AS.
- */
-
-package org.forgerock.openam.oauth2.resources.labels;
-
-import javax.inject.Inject;
-import javax.inject.Named;
-
-import org.apache.commons.lang.StringUtils;
-import org.forgerock.openam.sm.datalayer.api.DataLayerConstants;
-import org.forgerock.openam.sm.datalayer.api.StoreMode;
-import org.forgerock.openam.sm.datalayer.impl.ldap.LdapDataLayerConfiguration;
-import org.forgerock.openam.utils.ModifiedProperty;
-import org.forgerock.opendj.ldap.DN;
-
-import com.iplanet.am.util.AMPasswordUtil;
-import com.iplanet.am.util.SystemProperties;
-
-/**
- * Configuration for the Labels LDAP connections, used by the Data Layer classes to \
configure the DJ SDK
- * LDAP connections.
- */
-public class LabelsDataLayerConfiguration extends LdapDataLayerConfiguration {
-
- @Inject
- public LabelsDataLayerConfiguration(@Named(DataLayerConstants.ROOT_DN_SUFFIX) \
String rootDnSuffix) {
- super(rootDnSuffix);
- }
-
- @Override
- public StoreMode getStoreMode() {
- String mode = SystemProperties.get(LabelsConstants.STORE_LOCATION);
- if (StringUtils.isNotEmpty(mode)) {
- return StoreMode.valueOf(mode.toUpperCase());
- } else {
- return StoreMode.DEFAULT;
- }
- }
-
- @Override
- public void updateExternalLdapConfiguration(ModifiedProperty<String> \
hosts, ModifiedProperty<String> username,
- ModifiedProperty<String> password, ModifiedProperty<String> \
maxConnections,
- ModifiedProperty<Boolean> sslMode, ModifiedProperty<Integer> \
heartbeat) {
- hosts.set(SystemProperties.get(LabelsConstants.STORE_HOSTNAME));
- username.set(SystemProperties.get(LabelsConstants.STORE_USERNAME));
- password.set(AMPasswordUtil.decrypt(SystemProperties.get(LabelsConstants.STORE_PASSWORD)));
- maxConnections.set(SystemProperties.get(LabelsConstants.STORE_MAX_CONNECTIONS));
- sslMode.set(SystemProperties.getAsBoolean(LabelsConstants.STORE_SSL_ENABLED, \
false));
- heartbeat.set(SystemProperties.getAsInt(LabelsConstants.STORE_HEARTBEAT, \
-1));
- }
-
- @Override
- protected DN setDefaultTokenDNPrefix(DN root) {
- return getTokenRootDN(root);
- }
-
- public static DN getTokenRootDN(DN root) {
- return root.child("ou=uma_resource_set_labels");
- }
-
- @Override
- protected String getCustomTokenRootSuffixProperty() {
- return LabelsConstants.ROOT_SUFFIX;
- }
-}
</del></span></pre></div>
<a id="branchesAME7692_noRestartsAuthopenamopenamoauth2srcmainjavaorgforgerockopenamoa \
uth2resourceslabelsLabelsDataLayerConfigurationjavafromrev14908trunkopenamopenamoauth2 \
srcmainjavaorgforgerockopenamoauth2resourceslabelsLabelsDataLayerConfigurationjava"></a>
<div class="copfile"><h4>Copied: \
branches/AME-7692_noRestartsAuth/openam/openam-oauth2/src/main/java/org/forgerock/openam/oauth2/resources/labels/LabelsDataLayerConfiguration.java \
(from rev 14908, trunk/openam/openam-oauth2/src/main/java/org/forgerock/openam/oauth2/resources/labels/LabelsDataLayerConfiguration.java) \
(0 => 14909)</h4> <pre class="diff"><span>
<span class="info">--- \
branches/AME-7692_noRestartsAuth/openam/openam-oauth2/src/main/java/org/forgerock/openam/oauth2/resources/labels/LabelsDataLayerConfiguration.java \
(rev 0)
+++ branches/AME-7692_noRestartsAuth/openam/openam-oauth2/src/main/java/org/forgerock/openam/oauth2/resources/labels/LabelsDataLayerConfiguration.java 2015-07-31 \
15:38:51 UTC (rev 14909) </span><span class="lines">@@ -0,0 +1,78 @@
</span><ins>+/*
+ * The contents of this file are subject to the terms of the Common Development and
+ * Distribution License (the License). You may not use this file except in \
compliance with the + * License.
+ *
+ * You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for \
the + * specific language governing permission and limitations under the License.
+ *
+ * When distributing Covered Software, include this CDDL Header Notice in each file \
and include + * the License file at legal/CDDLv1.0.txt. If applicable, add the \
following below the CDDL + * Header, with the fields enclosed by brackets [] replaced \
by your own identifying + * information: "Portions copyright [year] [name of \
copyright owner]". + *
+ * Copyright 2015 ForgeRock AS.
+ */
+
+package org.forgerock.openam.oauth2.resources.labels;
+
+import javax.inject.Inject;
+import javax.inject.Named;
+
+import org.apache.commons.lang.StringUtils;
+import org.forgerock.openam.sm.datalayer.api.DataLayerConstants;
+import org.forgerock.openam.sm.datalayer.api.StoreMode;
+import org.forgerock.openam.sm.datalayer.impl.ldap.LdapDataLayerConfiguration;
+import org.forgerock.openam.utils.ModifiedProperty;
+import org.forgerock.opendj.ldap.DN;
+
+import com.iplanet.am.util.AMPasswordUtil;
+import com.iplanet.am.util.SystemProperties;
+
+/**
+ * Configuration for the Labels LDAP connections, used by the Data Layer classes to \
configure the DJ SDK + * LDAP connections.
+ */
+public class LabelsDataLayerConfiguration extends LdapDataLayerConfiguration {
+
+ @Inject
+ public LabelsDataLayerConfiguration(@Named(DataLayerConstants.ROOT_DN_SUFFIX) \
String rootDnSuffix) { + super(rootDnSuffix);
+ }
+
+ @Override
+ public StoreMode getStoreMode() {
+ String mode = SystemProperties.get(LabelsConstants.STORE_LOCATION);
+ if (StringUtils.isNotEmpty(mode)) {
+ return StoreMode.valueOf(mode.toUpperCase());
+ } else {
+ return StoreMode.DEFAULT;
+ }
+ }
+
+ @Override
+ public void updateExternalLdapConfiguration(ModifiedProperty<String> \
hosts, ModifiedProperty<String> username, + \
ModifiedProperty<String> password, ModifiedProperty<String> \
maxConnections, + ModifiedProperty<Boolean> sslMode, \
ModifiedProperty<Integer> heartbeat) { + \
hosts.set(SystemProperties.get(LabelsConstants.STORE_HOSTNAME)); + \
username.set(SystemProperties.get(LabelsConstants.STORE_USERNAME)); + \
password.set(AMPasswordUtil.decrypt(SystemProperties.get(LabelsConstants.STORE_PASSWORD)));
+ maxConnections.set(SystemProperties.get(LabelsConstants.STORE_MAX_CONNECTIONS));
+ sslMode.set(SystemProperties.getAsBoolean(LabelsConstants.STORE_SSL_ENABLED, \
false)); + heartbeat.set(SystemProperties.getAsInt(LabelsConstants.STORE_HEARTBEAT, \
-1)); + }
+
+ @Override
+ protected DN setDefaultTokenDNPrefix(DN root) {
+ return getTokenRootDN(root);
+ }
+
+ public static DN getTokenRootDN(DN root) {
+ return root.child("ou=uma_resource_set_labels");
+ }
+
+ @Override
+ protected String getCustomTokenRootSuffixProperty() {
+ return LabelsConstants.ROOT_SUFFIX;
+ }
+}
</ins></span></pre></div>
<a id="branchesAME7692_noRestartsAuthopenamopenamoauth2srcmainjavaorgforgerockopenamoauth2resourceslabelsLabelsGuiceModulejava"></a>
<div class="delfile"><h4>Deleted: \
branches/AME-7692_noRestartsAuth/openam/openam-oauth2/src/main/java/org/forgerock/openam/oauth2/resources/labels/LabelsGuiceModule.java \
(14908 => 14909)</h4> <pre class="diff"><span>
<span class="info">--- \
trunk/openam/openam-oauth2/src/main/java/org/forgerock/openam/oauth2/resources/labels/LabelsGuiceModule.java 2015-07-31 \
14:42:37 UTC (rev 14908)
+++ branches/AME-7692_noRestartsAuth/openam/openam-oauth2/src/main/java/org/forgerock/openam/oauth2/resources/labels/LabelsGuiceModule.java 2015-07-31 \
15:38:51 UTC (rev 14909) </span><span class="lines">@@ -1,48 +0,0 @@
</span><del>-/*
- * The contents of this file are subject to the terms of the Common Development and
- * Distribution License (the License). You may not use this file except in \
compliance with the
- * License.
- *
- * You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for \
the
- * specific language governing permission and limitations under the License.
- *
- * When distributing Covered Software, include this CDDL Header Notice in each file \
and include
- * the License file at legal/CDDLv1.0.txt. If applicable, add the following below \
the CDDL
- * Header, with the fields enclosed by brackets [] replaced by your own identifying
- * information: "Portions copyright [year] [name of copyright owner]".
- *
- * Copyright 2015 ForgeRock AS.
- */
-
-package org.forgerock.openam.oauth2.resources.labels;
-
-import javax.inject.Singleton;
-
-import org.forgerock.openam.sm.ConnectionConfig;
-import org.forgerock.openam.sm.datalayer.api.ConnectionType;
-import org.forgerock.openam.sm.datalayer.api.DataLayer;
-import org.forgerock.openam.sm.datalayer.api.DataLayerConstants;
-import org.forgerock.openam.sm.datalayer.impl.ldap.ExternalConnectionConfigProvider;
-import org.forgerock.openam.sm.datalayer.impl.ldap.LdapDataLayerConfiguration;
-
-import com.google.inject.Key;
-import com.google.inject.PrivateModule;
-import com.google.inject.name.Names;
-
-/**
- * A private module for Guice access to labels stored in LDAP.
- */
-public class LabelsGuiceModule extends PrivateModule {
- @Override
- protected void configure() {
- bind(ConnectionType.class).toInstance(ConnectionType.UMA_LABELS);
- bind(LdapDataLayerConfiguration.class).to(LabelsDataLayerConfiguration.class).in(Singleton.class);
- bind(Key.get(LdapDataLayerConfiguration.class, \
DataLayer.Types.typed(ConnectionType.UMA_LABELS)))
- .toProvider(getProvider(LdapDataLayerConfiguration.class));
- expose(Key.get(LdapDataLayerConfiguration.class, \
DataLayer.Types.typed(ConnectionType.UMA_LABELS)));
- bind(ConnectionConfig.class).annotatedWith(Names.named(DataLayerConstants.EXTERNAL_CONFIG))
- .toProvider(ExternalConnectionConfigProvider.class);
- bind(UmaLabelsStore.class);
- expose(UmaLabelsStore.class);
- }
-}
</del></span></pre></div>
<a id="branchesAME7692_noRestartsAuthopenamopenamoauth2srcmainjavaorgforgerockopenamoa \
uth2resourceslabelsLabelsGuiceModulejavafromrev14908trunkopenamopenamoauth2srcmainjavaorgforgerockopenamoauth2resourceslabelsLabelsGuiceModulejava"></a>
<div class="copfile"><h4>Copied: \
branches/AME-7692_noRestartsAuth/openam/openam-oauth2/src/main/java/org/forgerock/openam/oauth2/resources/labels/LabelsGuiceModule.java \
(from rev 14908, trunk/openam/openam-oauth2/src/main/java/org/forgerock/openam/oauth2/resources/labels/LabelsGuiceModule.java) \
(0 => 14909)</h4> <pre class="diff"><span>
<span class="info">--- \
branches/AME-7692_noRestartsAuth/openam/openam-oauth2/src/main/java/org/forgerock/openam/oauth2/resources/labels/LabelsGuiceModule.java \
(rev 0)
+++ branches/AME-7692_noRestartsAuth/openam/openam-oauth2/src/main/java/org/forgerock/openam/oauth2/resources/labels/LabelsGuiceModule.java 2015-07-31 \
15:38:51 UTC (rev 14909) </span><span class="lines">@@ -0,0 +1,48 @@
</span><ins>+/*
+ * The contents of this file are subject to the terms of the Common Development and
+ * Distribution License (the License). You may not use this file except in \
compliance with the + * License.
+ *
+ * You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for \
the + * specific language governing permission and limitations under the License.
+ *
+ * When distributing Covered Software, include this CDDL Header Notice in each file \
and include + * the License file at legal/CDDLv1.0.txt. If applicable, add the \
following below the CDDL + * Header, with the fields enclosed by brackets [] replaced \
by your own identifying + * information: "Portions copyright [year] [name of \
copyright owner]". + *
+ * Copyright 2015 ForgeRock AS.
+ */
+
+package org.forgerock.openam.oauth2.resources.labels;
+
+import javax.inject.Singleton;
+
+import org.forgerock.openam.sm.ConnectionConfig;
+import org.forgerock.openam.sm.datalayer.api.ConnectionType;
+import org.forgerock.openam.sm.datalayer.api.DataLayer;
+import org.forgerock.openam.sm.datalayer.api.DataLayerConstants;
+import org.forgerock.openam.sm.datalayer.impl.ldap.ExternalConnectionConfigProvider;
+import org.forgerock.openam.sm.datalayer.impl.ldap.LdapDataLayerConfiguration;
+
+import com.google.inject.Key;
+import com.google.inject.PrivateModule;
+import com.google.inject.name.Names;
+
+/**
+ * A private module for Guice access to labels stored in LDAP.
+ */
+public class LabelsGuiceModule extends PrivateModule {
+ @Override
+ protected void configure() {
+ bind(ConnectionType.class).toInstance(ConnectionType.UMA_LABELS);
+ bind(LdapDataLayerConfiguration.class).to(LabelsDataLayerConfiguration.class).in(Singleton.class);
+ bind(Key.get(LdapDataLayerConfiguration.class, \
DataLayer.Types.typed(ConnectionType.UMA_LABELS))) + \
.toProvider(getProvider(LdapDataLayerConfiguration.class)); + \
expose(Key.get(LdapDataLayerConfiguration.class, \
DataLayer.Types.typed(ConnectionType.UMA_LABELS))); + \
bind(ConnectionConfig.class).annotatedWith(Names.named(DataLayerConstants.EXTERNAL_CONFIG))
+ .toProvider(ExternalConnectionConfigProvider.class);
+ bind(UmaLabelsStore.class);
+ expose(UmaLabelsStore.class);
+ }
+}
</ins></span></pre></div>
<a id="branchesAME7692_noRestartsAuthopenamopenamoauth2srcmainjavaorgforgerockopenamoauth2resourceslabelsResourceSetLabeljava"></a>
<div class="delfile"><h4>Deleted: \
branches/AME-7692_noRestartsAuth/openam/openam-oauth2/src/main/java/org/forgerock/openam/oauth2/resources/labels/ResourceSetLabel.java \
(14908 => 14909)</h4> <pre class="diff"><span>
<span class="info">--- \
trunk/openam/openam-oauth2/src/main/java/org/forgerock/openam/oauth2/resources/labels/ResourceSetLabel.java 2015-07-31 \
14:42:37 UTC (rev 14908)
+++ branches/AME-7692_noRestartsAuth/openam/openam-oauth2/src/main/java/org/forgerock/openam/oauth2/resources/labels/ResourceSetLabel.java 2015-07-31 \
15:38:51 UTC (rev 14909) </span><span class="lines">@@ -1,100 +0,0 @@
</span><del>-/*
- * The contents of this file are subject to the terms of the Common Development and
- * Distribution License (the License). You may not use this file except in \
compliance with the
- * License.
- *
- * You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for \
the
- * specific language governing permission and limitations under the License.
- *
- * When distributing Covered Software, include this CDDL Header Notice in each file \
and include
- * the License file at legal/CDDLv1.0.txt. If applicable, add the following below \
the CDDL
- * Header, with the fields enclosed by brackets [] replaced by your own identifying
- * information: "Portions copyright [year] [name of copyright owner]".
- *
- * Copyright 2015 ForgeRock AS.
- */
-
-package org.forgerock.openam.oauth2.resources.labels;
-
-import java.util.Set;
-import org.forgerock.json.fluent.JsonValue;
-
-import static org.forgerock.json.fluent.JsonValue.*;
-
-/**
- * A bean representing a resource set label.
- */
-public class ResourceSetLabel {
-
- private final String id;
- private String name;
- private final LabelType type;
- private final Set<String> resourceSetIds;
-
- public ResourceSetLabel(String id, String name, LabelType type, \
Set<String> resourceSetIds) {
- this.id = id;
- this.name = name;
- this.type = type;
- this.resourceSetIds = resourceSetIds;
- }
-
- public String getId() {
- return id;
- }
-
- public String getName() {
- return name;
- }
-
- public void setName(String name) {
- this.name = name;
- }
-
- public LabelType getType() {
- return type;
- }
-
- public Set<String> getResourceSetIds() {
- return resourceSetIds;
- }
-
- public void addResourceSetId(String resourceSetId) {
- resourceSetIds.add(resourceSetId);
- }
-
- public void removeResourceSetId(String resourceSetId) {
- resourceSetIds.remove(resourceSetId);
- }
-
- @Override
- public boolean equals(Object o) {
- if (this == o) return true;
- if (o == null || getClass() != o.getClass()) return false;
-
- ResourceSetLabel that = (ResourceSetLabel) o;
-
- if (id != null ? !id.equals(that.id) : that.id != null) return false;
- if (name != null ? !name.equals(that.name) : that.name != null) return \
false;
- if (type != that.type) return false;
- return !(resourceSetIds != null ? \
!resourceSetIds.equals(that.resourceSetIds) : that.resourceSetIds != \
null);
-
- }
-
- @Override
- public int hashCode() {
- int result = id != null ? id.hashCode() : 0;
- result = 31 * result + (name != null ? name.hashCode() : 0);
- result = 31 * result + (type != null ? type.hashCode() : 0);
- result = 31 * result + (resourceSetIds != null ? resourceSetIds.hashCode() : \
0);
- return result;
- }
-
- public JsonValue asJson() {
- JsonValue resourceSetLabel = json(object(
- field("_id", id),
- field("name", name),
- field("type", type)
- ));
- return resourceSetLabel;
- }
-}
</del></span></pre></div>
<a id="branchesAME7692_noRestartsAuthopenamopenamoauth2srcmainjavaorgforgerockopenamoa \
uth2resourceslabelsResourceSetLabeljavafromrev14908trunkopenamopenamoauth2srcmainjavaorgforgerockopenamoauth2resourceslabelsResourceSetLabeljava"></a>
<div class="copfile"><h4>Copied: \
branches/AME-7692_noRestartsAuth/openam/openam-oauth2/src/main/java/org/forgerock/openam/oauth2/resources/labels/ResourceSetLabel.java \
(from rev 14908, trunk/openam/openam-oauth2/src/main/java/org/forgerock/openam/oauth2/resources/labels/ResourceSetLabel.java) \
(0 => 14909)</h4> <pre class="diff"><span>
<span class="info">--- \
branches/AME-7692_noRestartsAuth/openam/openam-oauth2/src/main/java/org/forgerock/openam/oauth2/resources/labels/ResourceSetLabel.java \
(rev 0)
+++ branches/AME-7692_noRestartsAuth/openam/openam-oauth2/src/main/java/org/forgerock/openam/oauth2/resources/labels/ResourceSetLabel.java 2015-07-31 \
15:38:51 UTC (rev 14909) </span><span class="lines">@@ -0,0 +1,100 @@
</span><ins>+/*
+ * The contents of this file are subject to the terms of the Common Development and
+ * Distribution License (the License). You may not use this file except in \
compliance with the + * License.
+ *
+ * You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for \
the + * specific language governing permission and limitations under the License.
+ *
+ * When distributing Covered Software, include this CDDL Header Notice in each file \
and include + * the License file at legal/CDDLv1.0.txt. If applicable, add the \
following below the CDDL + * Header, with the fields enclosed by brackets [] replaced \
by your own identifying + * information: "Portions copyright [year] [name of \
copyright owner]". + *
+ * Copyright 2015 ForgeRock AS.
+ */
+
+package org.forgerock.openam.oauth2.resources.labels;
+
+import java.util.Set;
+import org.forgerock.json.fluent.JsonValue;
+
+import static org.forgerock.json.fluent.JsonValue.*;
+
+/**
+ * A bean representing a resource set label.
+ */
+public class ResourceSetLabel {
+
+ private final String id;
+ private String name;
+ private final LabelType type;
+ private final Set<String> resourceSetIds;
+
+ public ResourceSetLabel(String id, String name, LabelType type, \
Set<String> resourceSetIds) { + this.id = id;
+ this.name = name;
+ this.type = type;
+ this.resourceSetIds = resourceSetIds;
+ }
+
+ public String getId() {
+ return id;
+ }
+
+ public String getName() {
+ return name;
+ }
+
+ public void setName(String name) {
+ this.name = name;
+ }
+
+ public LabelType getType() {
+ return type;
+ }
+
+ public Set<String> getResourceSetIds() {
+ return resourceSetIds;
+ }
+
+ public void addResourceSetId(String resourceSetId) {
+ resourceSetIds.add(resourceSetId);
+ }
+
+ public void removeResourceSetId(String resourceSetId) {
+ resourceSetIds.remove(resourceSetId);
+ }
+
+ @Override
+ public boolean equals(Object o) {
+ if (this == o) return true;
+ if (o == null || getClass() != o.getClass()) return false;
+
+ ResourceSetLabel that = (ResourceSetLabel) o;
+
+ if (id != null ? !id.equals(that.id) : that.id != null) return false;
+ if (name != null ? !name.equals(that.name) : that.name != null) return \
false; + if (type != that.type) return false;
+ return !(resourceSetIds != null ? \
!resourceSetIds.equals(that.resourceSetIds) : that.resourceSetIds != null); +
+ }
+
+ @Override
+ public int hashCode() {
+ int result = id != null ? id.hashCode() : 0;
+ result = 31 * result + (name != null ? name.hashCode() : 0);
+ result = 31 * result + (type != null ? type.hashCode() : 0);
+ result = 31 * result + (resourceSetIds != null ? resourceSetIds.hashCode() : \
0); + return result;
+ }
+
+ public JsonValue asJson() {
+ JsonValue resourceSetLabel = json(object(
+ field("_id", id),
+ field("name", name),
+ field("type", type)
+ ));
+ return resourceSetLabel;
+ }
+}
</ins></span></pre></div>
<a id="branchesAME7692_noRestartsAuthopenamopenamoauth2srcmainjavaorgforgerockopenamoauth2resourceslabelsUmaLabelsStorejava"></a>
<div class="delfile"><h4>Deleted: \
branches/AME-7692_noRestartsAuth/openam/openam-oauth2/src/main/java/org/forgerock/openam/oauth2/resources/labels/UmaLabelsStore.java \
(14908 => 14909)</h4> <pre class="diff"><span>
<span class="info">--- \
trunk/openam/openam-oauth2/src/main/java/org/forgerock/openam/oauth2/resources/labels/UmaLabelsStore.java 2015-07-31 \
14:42:37 UTC (rev 14908)
+++ branches/AME-7692_noRestartsAuth/openam/openam-oauth2/src/main/java/org/forgerock/openam/oauth2/resources/labels/UmaLabelsStore.java 2015-07-31 \
15:38:51 UTC (rev 14909) </span><span class="lines">@@ -1,330 +0,0 @@
</span><del>-/*
- * The contents of this file are subject to the terms of the Common Development and
- * Distribution License (the License). You may not use this file except in \
compliance with the
- * License.
- *
- * You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for \
the
- * specific language governing permission and limitations under the License.
- *
- * When distributing Covered Software, include this CDDL Header Notice in each file \
and include
- * the License file at legal/CDDLv1.0.txt. If applicable, add the following below \
the CDDL
- * Header, with the fields enclosed by brackets [] replaced by your own identifying
- * information: "Portions copyright [year] [name of copyright owner]".
- *
- * Copyright 2015 ForgeRock AS.
- */
-
-package org.forgerock.openam.oauth2.resources.labels;
-
-import com.google.inject.Inject;
-import com.sun.identity.shared.debug.Debug;
-import java.util.Collections;
-import java.util.HashSet;
-import java.util.Iterator;
-import java.util.Set;
-import org.forgerock.json.resource.ConflictException;
-import org.forgerock.json.resource.InternalServerErrorException;
-import org.forgerock.json.resource.NotFoundException;
-import org.forgerock.json.resource.ResourceException;
-import org.forgerock.openam.cts.api.tokens.TokenIdGenerator;
-import org.forgerock.openam.ldap.LDAPUtils;
-import org.forgerock.openam.sm.datalayer.api.ConnectionFactory;
-import org.forgerock.openam.sm.datalayer.api.DataLayerException;
-import org.forgerock.openam.sm.datalayer.impl.ldap.LdapDataLayerConfiguration;
-import org.forgerock.openam.sm.datalayer.providers.LdapConnectionFactoryProvider;
-import org.forgerock.openam.utils.CollectionUtils;
-import org.forgerock.opendj.ldap.Attribute;
-import org.forgerock.opendj.ldap.ByteString;
-import org.forgerock.opendj.ldap.Connection;
-import org.forgerock.opendj.ldap.DN;
-import org.forgerock.opendj.ldap.ErrorResultException;
-import org.forgerock.opendj.ldap.ErrorResultIOException;
-import org.forgerock.opendj.ldap.Filter;
-import org.forgerock.opendj.ldap.ResultCode;
-import org.forgerock.opendj.ldap.SearchResultReferenceIOException;
-import org.forgerock.opendj.ldap.SearchScope;
-import org.forgerock.opendj.ldap.requests.AddRequest;
-import org.forgerock.opendj.ldap.requests.Requests;
-import org.forgerock.opendj.ldap.responses.Result;
-import org.forgerock.opendj.ldap.responses.SearchResultEntry;
-import org.forgerock.opendj.ldif.ConnectionEntryReader;
-
-import static org.forgerock.opendj.ldap.Filter.and;
-import static org.forgerock.opendj.ldap.Filter.equality;
-import static org.forgerock.opendj.ldap.Filter.present;
-import static org.forgerock.opendj.ldap.ModificationType.REPLACE;
-import static org.forgerock.opendj.ldap.requests.Requests.newAddRequest;
-import static org.forgerock.openam.oauth2.resources.labels.LabelsConstants.*;
-
-/**
- * This class stores and gives access to UMA Resource Set labels. The underlying \
data
- * is accessed using the DJ LDAP SDK.
- */
-public class UmaLabelsStore {
-
- private final Debug debug = Debug.getInstance("UmaProvider");
- private final ConnectionFactory<Connection> connectionFactory;
- private final LdapDataLayerConfiguration ldapConfiguration;
- private final TokenIdGenerator tokenIdGenerator;
-
- /**
- * Guice constructor for the store.
- * @param connectionFactoryProvider Used to access DJ LDAP SDK {@code \
Connection} instances.
- * @param ldapConfiguration Provides the LDAP top level DN in which the data has \
been stored.
- * @param tokenIdGenerator Generates IDs for the label instances.
- */
- @Inject
- public UmaLabelsStore(LdapConnectionFactoryProvider connectionFactoryProvider,
- LdapDataLayerConfiguration ldapConfiguration, TokenIdGenerator \
tokenIdGenerator) {
- this.tokenIdGenerator = tokenIdGenerator;
- this.connectionFactory = connectionFactoryProvider.createFactory();
- this.ldapConfiguration = ldapConfiguration;
- }
-
- /**
- * Creates the provided {@link ResourceSetLabel} in the database, and returns an \
instance
- * with the {@link ResourceSetLabel#id} field populated with the value used.
- * @param realm The current realm.
- * @param username The user that owns the label.
- * @param label The label instance. The {@code id} field should be null.
- * @return A label instance with the {@code id} field populated.
- * @throws ResourceException Thrown if the label cannot be created.
- */
- public ResourceSetLabel create(String realm, String username, ResourceSetLabel \
label) throws ResourceException {
- String id = tokenIdGenerator.generateTokenId(label.getId());
- try (Connection connection = getConnection()) {
- return createLabel(realm, username, label, id, connection);
- } catch (ErrorResultException e) {
- if (e.getResult().getResultCode().equals(ResultCode.NO_SUCH_OBJECT)) {
- DN userDn = getUserDn(realm, username);
- DN realmDn = userDn.parent();
- try (Connection connection = getConnection()) {
- try {
- connection.add(newAddRequest(realmDn)
- .addAttribute("ou", \
LDAPUtils.rdnValueFromDn(realmDn))
- .addAttribute("objectClass", \
"top", ORG_UNIT_OBJECT_CLASS));
- } catch (ErrorResultException ex) {
- if \
(!ex.getResult().getResultCode().equals(ResultCode.ENTRY_ALREADY_EXISTS)) \
{
- throw new InternalServerErrorException("Could not \
create realm entry " + realmDn, ex);
- }
- }
- try {
- connection.add(newAddRequest(userDn)
- .addAttribute("ou", \
LDAPUtils.rdnValueFromDn(userDn))
- .addAttribute("objectClass", \
"top", ORG_UNIT_OBJECT_CLASS));
- } catch (ErrorResultException ex) {
- throw new InternalServerErrorException("Could not \
create user entry " + userDn, ex);
- }
- return createLabel(realm, username, label, id, connection);
- } catch (ErrorResultException e1) {
- e = e1;
- }
- }
- if (e.getResult().getResultCode().equals(ResultCode.ENTRY_ALREADY_EXISTS)) \
{
- throw new ConflictException();
- }
- throw new InternalServerErrorException("Could not create", e);
- }
- }
-
- private ResourceSetLabel createLabel(String realm, String username, \
ResourceSetLabel label, String id, Connection connection) throws \
ErrorResultException, InternalServerErrorException {
- final AddRequest addRequest = newAddRequest(getLabelDn(realm, username, id))
- .addAttribute("objectClass", "top", \
OBJECT_CLASS)
- .addAttribute(ID_ATTR, id)
- .addAttribute(NAME_ATTR, label.getName())
- .addAttribute(TYPE_ATTR, label.getType().name());
- if (CollectionUtils.isNotEmpty(label.getResourceSetIds())) {
- addRequest.addAttribute(RESOURCE_SET_ATTR, \
label.getResourceSetIds().toArray());
- }
- Result result = connection.add(addRequest);
- if (!result.isSuccess()) {
- throw new InternalServerErrorException("Unknown unsuccessful \
request");
- }
- return new ResourceSetLabel(id, label.getName(), label.getType(), \
label.getResourceSetIds());
- }
-
- /**
- * Reads a label from the underlying database.
- * @param realm The current realm.
- * @param username The user that owns the label.
- * @param id The id of the label.
- * @return The retrieved label details.
- * @throws ResourceException Thrown if the label cannot be read.
- */
- public ResourceSetLabel read(String realm, String username, String id) throws \
ResourceException {
- try (Connection connection = getConnection()) {
- SearchResultEntry entry = connection.readEntry(getLabelDn(realm, \
username, id));
- Set<String> resourceSets = new HashSet<>();
- final Attribute resourceSetAttribute = \
entry.getAttribute(RESOURCE_SET_ATTR);
- if (resourceSetAttribute != null) {
- for (ByteString resourceSetId : resourceSetAttribute) {
- resourceSets.add(resourceSetId.toString());
- }
- }
- return getResourceSetLabel(entry, resourceSets);
- } catch (ErrorResultException e) {
- final ResultCode resultCode = e.getResult().getResultCode();
- if (resultCode.equals(ResultCode.NO_SUCH_OBJECT)) {
- throw new NotFoundException();
- }
- throw new InternalServerErrorException("Could not read", e);
- }
- }
-
- /**
- * Updates the provided {@link ResourceSetLabel} in the database.
- * @param realm The current realm.
- * @param username The user that owns the label.
- * @param label The label instance.
- * @throws ResourceException Thrown if the label cannot be updated.
- */
- public void update(String realm, String username, ResourceSetLabel label) throws \
ResourceException {
- try (Connection connection = getConnection()) {
- Result result = connection.modify(
- Requests.newModifyRequest(getLabelDn(realm, username, \
label.getId()))
- .addModification(REPLACE, NAME_ATTR, label.getName())
- .addModification(REPLACE, RESOURCE_SET_ATTR, \
label.getResourceSetIds().toArray()));
- if (!result.isSuccess()) {
- throw new InternalServerErrorException("Unknown unsuccessful \
request");
- }
- } catch (ErrorResultException e) {
- final ResultCode resultCode = e.getResult().getResultCode();
- if (resultCode.equals(ResultCode.NO_SUCH_OBJECT)) {
- throw new NotFoundException();
- }
- throw new InternalServerErrorException("Could not update", e);
- }
- }
-
- /**
- * Deletes the referenced {@link ResourceSetLabel} from the database.
- * @param realm The current realm.
- * @param username The user that owns the label.
- * @param labelId The id of the label to delete.
- * @throws ResourceException Thrown if the label cannot be updated.
- */
- public void delete(String realm, String username, String labelId) throws \
ResourceException {
- try (Connection connection = getConnection()) {
- Result result = \
connection.delete(Requests.newDeleteRequest(getLabelDn(realm, \
username, labelId)));
- if (!result.isSuccess()) {
- throw new InternalServerErrorException("Unknown unsuccessful \
request");
- }
- } catch (ErrorResultException e) {
- throw new InternalServerErrorException(e); // TODO
- }
- }
-
- /**
- * Obtain a list of all labels used by a user from a particular realm.
- * @param realm The current realm.
- * @param username The user in question.
- * @return A list of resource set label objects.
- * @throws ResourceException If the list cannot be loaded.
- */
- public Set<ResourceSetLabel> list(String realm, String username) throws \
ResourceException {
- return query(realm, username, equality("objectClass", \
OBJECT_CLASS), false);
- }
-
- /**
- * Obtain a list of all labels used by a user from a particular realm on a \
specific resource set.
- * @param realm The current realm.
- * @param username The user in question.
- * @param resourceSetId The resource set ID.
- * @return A list of resource set label objects.
- * @throws ResourceException If the list cannot be loaded.
- */
- public Set<ResourceSetLabel> forResourceSet(String realm, String username, \
String resourceSetId, boolean includeResourceSets)
- throws ResourceException {
- return query(realm, username, and(equality("objectClass", \
OBJECT_CLASS), equality(RESOURCE_SET_ATTR, resourceSetId)), \
includeResourceSets);
- }
-
- /**
- * Determines if the label is present on any resource set.
- *
- * @param realm The current realm.
- * @param username The user in question.
- * @param labelId The ID of the label.
- * @return {@code true} if the label is present on a resource set, {@code false} \
if it is not.
- * @throws ResourceException If it cannot be determined if the label is in use.
- */
- public boolean isLabelInUse(String realm, String username, String labelId)
- throws ResourceException {
- return !query(realm, username, and(equality("objectClass", \
OBJECT_CLASS), equality(ID_ATTR, labelId),
- present(RESOURCE_SET_ATTR)), false).isEmpty();
- }
-
- private Set<ResourceSetLabel> query(String realm, String username, Filter \
filter, boolean includeResourceSets) throws ResourceException {
- try (Connection connection = getConnection()) {
- Set<ResourceSetLabel> result = new HashSet<>();
- String[] attrs;
-
- if (includeResourceSets) {
- attrs = new String[]{ID_ATTR, NAME_ATTR, TYPE_ATTR, \
RESOURCE_SET_ATTR};
- } else {
- attrs = new String[]{ID_ATTR, NAME_ATTR, TYPE_ATTR};
- }
- ConnectionEntryReader searchResult = connection.search(
- Requests.newSearchRequest(getUserDn(realm, username), \
SearchScope.SUBORDINATES, filter, attrs));
- while (searchResult.hasNext()) {
- if (searchResult.isReference()) {
- debug.warning("Encountered reference {} searching for \
resource set labels for user {} in realm {}",
- searchResult.readReference(), username, realm);
- } else {
- final SearchResultEntry entry = searchResult.readEntry();
- result.add(getResourceSetLabel(entry, \
getResourceSetIds(entry)));
- }
- }
- return result;
- } catch (ErrorResultIOException e) {
- if (e.getCause().getResult().getResultCode().equals(ResultCode.NO_SUCH_OBJECT)) \
{
- return Collections.emptySet();
- }
- throw new InternalServerErrorException("Could not complete \
search", e);
- } catch (SearchResultReferenceIOException e) {
- throw new InternalServerErrorException("Shouldn't get a reference \
as these have been handled", e);
- }
- }
-
- private Set<String> getResourceSetIds(SearchResultEntry searchResult) \
throws SearchResultReferenceIOException, ErrorResultIOException {
- final Attribute attribute = searchResult.getAttribute(RESOURCE_SET_ATTR);
- if (attribute != null) {
- final Iterator<ByteString> resourceSets = attribute.iterator();
- Set<String> resourceSetIds = new HashSet<>();
- while (resourceSets.hasNext()) {
- resourceSetIds.add(resourceSets.next().toString());
- }
- return resourceSetIds;
- } else {
- return new HashSet<>();
- }
- }
-
- private Connection getConnection() throws InternalServerErrorException {
- try {
- return connectionFactory.create();
- } catch (DataLayerException e) {
- throw new InternalServerErrorException("Could not get \
connection", e);
- }
- }
-
- private DN getLabelDn(String realm, String username, String id) {
- return ldapConfiguration.getTokenStoreRootSuffix()
- .child("ou", realm)
- .child("ou", username)
- .child(ID_ATTR, id);
- }
-
- private DN getUserDn(String realm, String username) {
- return ldapConfiguration.getTokenStoreRootSuffix()
- .child("ou", realm)
- .child("ou", username);
- }
-
- private ResourceSetLabel getResourceSetLabel(SearchResultEntry entry, \
Set<String> resourceSets) {
- return new ResourceSetLabel(entry.getAttribute(ID_ATTR).firstValueAsString(),
- entry.getAttribute(NAME_ATTR).firstValueAsString(),
- LabelType.valueOf(entry.getAttribute(TYPE_ATTR).firstValueAsString()),
- resourceSets);
- }
-
-}
</del></span></pre></div>
<a id="branchesAME7692_noRestartsAuthopenamopenamoauth2srcmainjavaorgforgerockopenamoa \
uth2resourceslabelsUmaLabelsStorejavafromrev14908trunkopenamopenamoauth2srcmainjavaorgforgerockopenamoauth2resourceslabelsUmaLabelsStorejava"></a>
<div class="copfile"><h4>Copied: \
branches/AME-7692_noRestartsAuth/openam/openam-oauth2/src/main/java/org/forgerock/openam/oauth2/resources/labels/UmaLabelsStore.java \
(from rev 14908, trunk/openam/openam-oauth2/src/main/java/org/forgerock/openam/oauth2/resources/labels/UmaLabelsStore.java) \
(0 => 14909)</h4> <pre class="diff"><span>
<span class="info">--- \
branches/AME-7692_noRestartsAuth/openam/openam-oauth2/src/main/java/org/forgerock/openam/oauth2/resources/labels/UmaLabelsStore.java \
(rev 0)
+++ branches/AME-7692_noRestartsAuth/openam/openam-oauth2/src/main/java/org/forgerock/openam/oauth2/resources/labels/UmaLabelsStore.java 2015-07-31 \
15:38:51 UTC (rev 14909) </span><span class="lines">@@ -0,0 +1,330 @@
</span><ins>+/*
+ * The contents of this file are subject to the terms of the Common Development and
+ * Distribution License (the License). You may not use this file except in \
compliance with the + * License.
+ *
+ * You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for \
the + * specific language governing permission and limitations under the License.
+ *
+ * When distributing Covered Software, include this CDDL Header Notice in each file \
and include + * the License file at legal/CDDLv1.0.txt. If applicable, add the \
following below the CDDL + * Header, with the fields enclosed by brackets [] replaced \
by your own identifying + * information: "Portions copyright [year] [name of \
copyright owner]". + *
+ * Copyright 2015 ForgeRock AS.
+ */
+
+package org.forgerock.openam.oauth2.resources.labels;
+
+import com.google.inject.Inject;
+import com.sun.identity.shared.debug.Debug;
+import java.util.Collections;
+import java.util.HashSet;
+import java.util.Iterator;
+import java.util.Set;
+import org.forgerock.json.resource.ConflictException;
+import org.forgerock.json.resource.InternalServerErrorException;
+import org.forgerock.json.resource.NotFoundException;
+import org.forgerock.json.resource.ResourceException;
+import org.forgerock.openam.cts.api.tokens.TokenIdGenerator;
+import org.forgerock.openam.ldap.LDAPUtils;
+import org.forgerock.openam.sm.datalayer.api.ConnectionFactory;
+import org.forgerock.openam.sm.datalayer.api.DataLayerException;
+import org.forgerock.openam.sm.datalayer.impl.ldap.LdapDataLayerConfiguration;
+import org.forgerock.openam.sm.datalayer.providers.LdapConnectionFactoryProvider;
+import org.forgerock.openam.utils.CollectionUtils;
+import org.forgerock.opendj.ldap.Attribute;
+import org.forgerock.opendj.ldap.ByteString;
+import org.forgerock.opendj.ldap.Connection;
+import org.forgerock.opendj.ldap.DN;
+import org.forgerock.opendj.ldap.ErrorResultException;
+import org.forgerock.opendj.ldap.ErrorResultIOException;
+import org.forgerock.opendj.ldap.Filter;
+import org.forgerock.opendj.ldap.ResultCode;
+import org.forgerock.opendj.ldap.SearchResultReferenceIOException;
+import org.forgerock.opendj.ldap.SearchScope;
+import org.forgerock.opendj.ldap.requests.AddRequest;
+import org.forgerock.opendj.ldap.requests.Requests;
+import org.forgerock.opendj.ldap.responses.Result;
+import org.forgerock.opendj.ldap.responses.SearchResultEntry;
+import org.forgerock.opendj.ldif.ConnectionEntryReader;
+
+import static org.forgerock.opendj.ldap.Filter.and;
+import static org.forgerock.opendj.ldap.Filter.equality;
+import static org.forgerock.opendj.ldap.Filter.present;
+import static org.forgerock.opendj.ldap.ModificationType.REPLACE;
+import static org.forgerock.opendj.ldap.requests.Requests.newAddRequest;
+import static org.forgerock.openam.oauth2.resources.labels.LabelsConstants.*;
+
+/**
+ * This class stores and gives access to UMA Resource Set labels. The underlying \
data + * is accessed using the DJ LDAP SDK.
+ */
+public class UmaLabelsStore {
+
+ private final Debug debug = Debug.getInstance("UmaProvider");
+ private final ConnectionFactory<Connection> connectionFactory;
+ private final LdapDataLayerConfiguration ldapConfiguration;
+ private final TokenIdGenerator tokenIdGenerator;
+
+ /**
+ * Guice constructor for the store.
+ * @param connectionFactoryProvider Used to access DJ LDAP SDK {@code \
Connection} instances. + * @param ldapConfiguration Provides the LDAP top level \
DN in which the data has been stored. + * @param tokenIdGenerator Generates IDs \
for the label instances. + */
+ @Inject
+ public UmaLabelsStore(LdapConnectionFactoryProvider connectionFactoryProvider,
+ LdapDataLayerConfiguration ldapConfiguration, TokenIdGenerator \
tokenIdGenerator) { + this.tokenIdGenerator = tokenIdGenerator;
+ this.connectionFactory = connectionFactoryProvider.createFactory();
+ this.ldapConfiguration = ldapConfiguration;
+ }
+
+ /**
+ * Creates the provided {@link ResourceSetLabel} in the database, and returns an \
instance + * with the {@link ResourceSetLabel#id} field populated with the value \
used. + * @param realm The current realm.
+ * @param username The user that owns the label.
+ * @param label The label instance. The {@code id} field should be null.
+ * @return A label instance with the {@code id} field populated.
+ * @throws ResourceException Thrown if the label cannot be created.
+ */
+ public ResourceSetLabel create(String realm, String username, ResourceSetLabel \
label) throws ResourceException { + String id = \
tokenIdGenerator.generateTokenId(label.getId()); + try (Connection connection \
= getConnection()) { + return createLabel(realm, username, label, id, \
connection); + } catch (ErrorResultException e) {
+ if (e.getResult().getResultCode().equals(ResultCode.NO_SUCH_OBJECT)) {
+ DN userDn = getUserDn(realm, username);
+ DN realmDn = userDn.parent();
+ try (Connection connection = getConnection()) {
+ try {
+ connection.add(newAddRequest(realmDn)
+ .addAttribute("ou", \
LDAPUtils.rdnValueFromDn(realmDn)) + \
.addAttribute("objectClass", "top", ORG_UNIT_OBJECT_CLASS)); + \
} catch (ErrorResultException ex) { + if \
(!ex.getResult().getResultCode().equals(ResultCode.ENTRY_ALREADY_EXISTS)) { + \
throw new InternalServerErrorException("Could not create realm entry " + \
realmDn, ex); + }
+ }
+ try {
+ connection.add(newAddRequest(userDn)
+ .addAttribute("ou", \
LDAPUtils.rdnValueFromDn(userDn)) + \
.addAttribute("objectClass", "top", ORG_UNIT_OBJECT_CLASS)); + \
} catch (ErrorResultException ex) { + throw new \
InternalServerErrorException("Could not create user entry " + userDn, ex); \
+ } + return createLabel(realm, username, \
label, id, connection); + } catch (ErrorResultException e1) {
+ e = e1;
+ }
+ }
+ if (e.getResult().getResultCode().equals(ResultCode.ENTRY_ALREADY_EXISTS)) \
{ + throw new ConflictException();
+ }
+ throw new InternalServerErrorException("Could not create", e);
+ }
+ }
+
+ private ResourceSetLabel createLabel(String realm, String username, \
ResourceSetLabel label, String id, Connection connection) throws \
ErrorResultException, InternalServerErrorException { + final AddRequest \
addRequest = newAddRequest(getLabelDn(realm, username, id)) + \
.addAttribute("objectClass", "top", OBJECT_CLASS) + \
.addAttribute(ID_ATTR, id) + .addAttribute(NAME_ATTR, label.getName())
+ .addAttribute(TYPE_ATTR, label.getType().name());
+ if (CollectionUtils.isNotEmpty(label.getResourceSetIds())) {
+ addRequest.addAttribute(RESOURCE_SET_ATTR, \
label.getResourceSetIds().toArray()); + }
+ Result result = connection.add(addRequest);
+ if (!result.isSuccess()) {
+ throw new InternalServerErrorException("Unknown unsuccessful \
request"); + }
+ return new ResourceSetLabel(id, label.getName(), label.getType(), \
label.getResourceSetIds()); + }
+
+ /**
+ * Reads a label from the underlying database.
+ * @param realm The current realm.
+ * @param username The user that owns the label.
+ * @param id The id of the label.
+ * @return The retrieved label details.
+ * @throws ResourceException Thrown if the label cannot be read.
+ */
+ public ResourceSetLabel read(String realm, String username, String id) throws \
ResourceException { + try (Connection connection = getConnection()) {
+ SearchResultEntry entry = connection.readEntry(getLabelDn(realm, \
username, id)); + Set<String> resourceSets = new HashSet<>();
+ final Attribute resourceSetAttribute = \
entry.getAttribute(RESOURCE_SET_ATTR); + if (resourceSetAttribute != null) \
{ + for (ByteString resourceSetId : resourceSetAttribute) {
+ resourceSets.add(resourceSetId.toString());
+ }
+ }
+ return getResourceSetLabel(entry, resourceSets);
+ } catch (ErrorResultException e) {
+ final ResultCode resultCode = e.getResult().getResultCode();
+ if (resultCode.equals(ResultCode.NO_SUCH_OBJECT)) {
+ throw new NotFoundException();
+ }
+ throw new InternalServerErrorException("Could not read", e);
+ }
+ }
+
+ /**
+ * Updates the provided {@link ResourceSetLabel} in the database.
+ * @param realm The current realm.
+ * @param username The user that owns the label.
+ * @param label The label instance.
+ * @throws ResourceException Thrown if the label cannot be updated.
+ */
+ public void update(String realm, String username, ResourceSetLabel label) throws \
ResourceException { + try (Connection connection = getConnection()) {
+ Result result = connection.modify(
+ Requests.newModifyRequest(getLabelDn(realm, username, \
label.getId())) + .addModification(REPLACE, NAME_ATTR, \
label.getName()) + .addModification(REPLACE, \
RESOURCE_SET_ATTR, label.getResourceSetIds().toArray())); + if \
(!result.isSuccess()) { + throw new \
InternalServerErrorException("Unknown unsuccessful request"); + \
} + } catch (ErrorResultException e) {
+ final ResultCode resultCode = e.getResult().getResultCode();
+ if (resultCode.equals(ResultCode.NO_SUCH_OBJECT)) {
+ throw new NotFoundException();
+ }
+ throw new InternalServerErrorException("Could not update", e);
+ }
+ }
+
+ /**
+ * Deletes the referenced {@link ResourceSetLabel} from the database.
+ * @param realm The current realm.
+ * @param username The user that owns the label.
+ * @param labelId The id of the label to delete.
+ * @throws ResourceException Thrown if the label cannot be updated.
+ */
+ public void delete(String realm, String username, String labelId) throws \
ResourceException { + try (Connection connection = getConnection()) {
+ Result result = \
connection.delete(Requests.newDeleteRequest(getLabelDn(realm, username, labelId))); + \
if (!result.isSuccess()) { + throw new \
InternalServerErrorException("Unknown unsuccessful request"); + \
} + } catch (ErrorResultException e) {
+ throw new InternalServerErrorException(e); // TODO
+ }
+ }
+
+ /**
+ * Obtain a list of all labels used by a user from a particular realm.
+ * @param realm The current realm.
+ * @param username The user in question.
+ * @return A list of resource set label objects.
+ * @throws ResourceException If the list cannot be loaded.
+ */
+ public Set<ResourceSetLabel> list(String realm, String username) throws \
ResourceException { + return query(realm, username, \
equality("objectClass", OBJECT_CLASS), false); + }
+
+ /**
+ * Obtain a list of all labels used by a user from a particular realm on a \
specific resource set. + * @param realm The current realm.
+ * @param username The user in question.
+ * @param resourceSetId The resource set ID.
+ * @return A list of resource set label objects.
+ * @throws ResourceException If the list cannot be loaded.
+ */
+ public Set<ResourceSetLabel> forResourceSet(String realm, String username, \
String resourceSetId, boolean includeResourceSets) + throws \
ResourceException { + return query(realm, username, \
and(equality("objectClass", OBJECT_CLASS), equality(RESOURCE_SET_ATTR, \
resourceSetId)), includeResourceSets); + }
+
+ /**
+ * Determines if the label is present on any resource set.
+ *
+ * @param realm The current realm.
+ * @param username The user in question.
+ * @param labelId The ID of the label.
+ * @return {@code true} if the label is present on a resource set, {@code false} \
if it is not. + * @throws ResourceException If it cannot be determined if the \
label is in use. + */
+ public boolean isLabelInUse(String realm, String username, String labelId)
+ throws ResourceException {
+ return !query(realm, username, and(equality("objectClass", \
OBJECT_CLASS), equality(ID_ATTR, labelId), + \
present(RESOURCE_SET_ATTR)), false).isEmpty(); + }
+
+ private Set<ResourceSetLabel> query(String realm, String username, Filter \
filter, boolean includeResourceSets) throws ResourceException { + try \
(Connection connection = getConnection()) { + Set<ResourceSetLabel> \
result = new HashSet<>(); + String[] attrs;
+
+ if (includeResourceSets) {
+ attrs = new String[]{ID_ATTR, NAME_ATTR, TYPE_ATTR, \
RESOURCE_SET_ATTR}; + } else {
+ attrs = new String[]{ID_ATTR, NAME_ATTR, TYPE_ATTR};
+ }
+ ConnectionEntryReader searchResult = connection.search(
+ Requests.newSearchRequest(getUserDn(realm, username), \
SearchScope.SUBORDINATES, filter, attrs)); + while \
(searchResult.hasNext()) { + if (searchResult.isReference()) {
+ debug.warning("Encountered reference {} searching for \
resource set labels for user {} in realm {}", + \
searchResult.readReference(), username, realm); + } else {
+ final SearchResultEntry entry = searchResult.readEntry();
+ result.add(getResourceSetLabel(entry, \
getResourceSetIds(entry))); + }
+ }
+ return result;
+ } catch (ErrorResultIOException e) {
+ if (e.getCause().getResult().getResultCode().equals(ResultCode.NO_SUCH_OBJECT)) \
{ + return Collections.emptySet();
+ }
+ throw new InternalServerErrorException("Could not complete \
search", e); + } catch (SearchResultReferenceIOException e) {
+ throw new InternalServerErrorException("Shouldn't get a reference \
as these have been handled", e); + }
+ }
+
+ private Set<String> getResourceSetIds(SearchResultEntry searchResult) \
throws SearchResultReferenceIOException, ErrorResultIOException { + final \
Attribute attribute = searchResult.getAttribute(RESOURCE_SET_ATTR); + if \
(attribute != null) { + final Iterator<ByteString> resourceSets = \
attribute.iterator(); + Set<String> resourceSetIds = new \
HashSet<>(); + while (resourceSets.hasNext()) {
+ resourceSetIds.add(resourceSets.next().toString());
+ }
+ return resourceSetIds;
+ } else {
+ return new HashSet<>();
+ }
+ }
+
+ private Connection getConnection() throws InternalServerErrorException {
+ try {
+ return connectionFactory.create();
+ } catch (DataLayerException e) {
+ throw new InternalServerErrorException("Could not get \
connection", e); + }
+ }
+
+ private DN getLabelDn(String realm, String username, String id) {
+ return ldapConfiguration.getTokenStoreRootSuffix()
+ .child("ou", realm)
+ .child("ou", username)
+ .child(ID_ATTR, id);
+ }
+
+ private DN getUserDn(String realm, String username) {
+ return ldapConfiguration.getTokenStoreRootSuffix()
+ .child("ou", realm)
+ .child("ou", username);
+ }
+
+ private ResourceSetLabel getResourceSetLabel(SearchResultEntry entry, \
Set<String> resourceSets) { + return new \
ResourceSetLabel(entry.getAttribute(ID_ATTR).firstValueAsString(), + \
entry.getAttribute(NAME_ATTR).firstValueAsString(), + \
LabelType.valueOf(entry.getAttribute(TYPE_ATTR).firstValueAsString()), + \
resourceSets); + }
+
+}
</ins></span></pre></div>
<a id="branchesAME7692_noRestartsAuthopenamopenamoauth2srcmainjavaorgforgerockopenamopenidconnectCheckSessionImpljava"></a>
<div class="modfile"><h4>Modified: \
branches/AME-7692_noRestartsAuth/openam/openam-oauth2/src/main/java/org/forgerock/openam/openidconnect/CheckSessionImpl.java \
(14908 => 14909)</h4> <pre class="diff"><span>
<span class="info">--- \
branches/AME-7692_noRestartsAuth/openam/openam-oauth2/src/main/java/org/forgerock/openam/openidconnect/CheckSessionImpl.java 2015-07-31 \
14:42:37 UTC (rev 14908)
+++ branches/AME-7692_noRestartsAuth/openam/openam-oauth2/src/main/java/org/forgerock/openam/openidconnect/CheckSessionImpl.java 2015-07-31 \
15:38:51 UTC (rev 14909) </span><span class="lines">@@ -19,6 +19,7 @@
</span><span class="cx"> import static \
org.forgerock.oauth2.core.OAuth2Constants.JWTTokenParams.*; </span><span class="cx">
</span><span class="cx"> import javax.servlet.http.HttpServletRequest;
</span><ins>+
</ins><span class="cx"> import java.net.URI;
</span><span class="cx"> import java.nio.charset.Charset;
</span><span class="cx"> import java.util.HashMap;
</span><span class="lines">@@ -32,6 +33,7 @@
</span><span class="cx"> import com.iplanet.sso.SSOToken;
</span><span class="cx"> import com.iplanet.sso.SSOTokenManager;
</span><span class="cx"> import com.sun.identity.shared.debug.Debug;
</span><ins>+
</ins><span class="cx"> import org.forgerock.guice.core.InjectorHolder;
</span><span class="cx"> import org.forgerock.json.fluent.JsonValue;
</span><span class="cx"> import org.forgerock.json.jose.common.JwtReconstruction;
</span><span class="lines">@@ -44,6 +46,7 @@
</span><span class="cx"> import org.forgerock.oauth2.core.OAuth2Constants;
</span><span class="cx"> import org.forgerock.oauth2.core.OAuth2Request;
</span><span class="cx"> import \
org.forgerock.oauth2.core.exceptions.InvalidClientException; </span><ins>+import \
org.forgerock.oauth2.core.exceptions.NotFoundException; </ins><span class="cx"> \
import org.forgerock.oauth2.core.exceptions.UnauthorizedClientException; </span><span \
class="cx"> import org.forgerock.openam.cts.CTSPersistentStore; </span><span \
class="cx"> import org.forgerock.openam.cts.adapters.TokenAdapter; </span><span \
class="lines">@@ -89,7 +92,7 @@ </span><span class="cx"> * {@inheritDoc}
</span><span class="cx"> */
</span><span class="cx"> public String getClientSessionURI(HttpServletRequest \
request) throws UnauthorizedClientException, </span><del>- \
InvalidClientException { </del><ins>+ InvalidClientException, \
NotFoundException { </ins><span class="cx">
</span><span class="cx"> SignedJwt jwt = getIDToken(request);
</span><span class="cx">
</span><span class="lines">@@ -113,7 +116,7 @@
</span><span class="cx"> * @return The Client's registration.
</span><span class="cx"> * @throws InvalidClientException If the client's \
registration is not found. </span><span class="cx"> */
</span><del>- private ClientRegistration getClientRegistration(Jwt jwt) throws \
InvalidClientException { </del><ins>+ private ClientRegistration \
getClientRegistration(Jwt jwt) throws InvalidClientException, NotFoundException { \
</ins><span class="cx"> </span><span class="cx"> List<String> clients \
= jwt.getClaimsSet().getAudience(); </span><span class="cx"> final String \
realm = (String)jwt.getClaimsSet().getClaim(REALM); </span></span></pre></div>
<a id="branchesAME7692_noRestartsAuthopenamopenamoauth2srctestjavaorgforgerockopenamoauth2OpenAMTokenStoreTestjava"></a>
<div class="modfile"><h4>Modified: \
branches/AME-7692_noRestartsAuth/openam/openam-oauth2/src/test/java/org/forgerock/openam/oauth2/OpenAMTokenStoreTest.java \
(14908 => 14909)</h4> <pre class="diff"><span>
<span class="info">--- \
branches/AME-7692_noRestartsAuth/openam/openam-oauth2/src/test/java/org/forgerock/openam/oauth2/OpenAMTokenStoreTest.java 2015-07-31 \
14:42:37 UTC (rev 14908)
+++ branches/AME-7692_noRestartsAuth/openam/openam-oauth2/src/test/java/org/forgerock/openam/oauth2/OpenAMTokenStoreTest.java 2015-07-31 \
15:38:51 UTC (rev 14909) </span><span class="lines">@@ -80,8 +80,10 @@
</span><span class="cx"> field("realm", \
Collections.singleton("/testrealm")))); </span><span class="cx"> \
given(tokenStore.read("TOKEN_ID")).willReturn(token); </span><span \
class="cx"> ConcurrentHashMap<String, Object> attributes = new \
ConcurrentHashMap<String, Object>(); </span><ins>+ \
attributes.put("realm", "/testrealm"); </ins><span class="cx"> \
given(request.getAttributes()).willReturn(attributes); </span><del>- \
attributes.put("realm", "/testrealm"); </del><ins>+
+ given(realmNormaliser.normalise("/testrealm")).willReturn("/testrealm");
</ins><span class="cx">
</span><span class="cx"> OAuth2Request request = new \
RestletOAuth2Request(this.request); </span><span class="cx">
</span></span></pre></div>
<a id="branchesAME7692_noRestartsAuthopenamopenamoauth2srctestjavaorgforgerockopenamoa \
uth2resourcesResourceSetLabelRegistrationTestjavafromrev14908trunkopenamopenamoauth2sr \
ctestjavaorgforgerockopenamoauth2resourcesResourceSetLabelRegistrationTestjava"></a> \
<div class="copfile"><h4>Copied: \
branches/AME-7692_noRestartsAuth/openam/openam-oauth2/src/test/java/org/forgerock/openam/oauth2/resources/ResourceSetLabelRegistrationTest.java \
(from rev 14908, trunk/openam/openam-oauth2/src/test/java/org/forgerock/openam/oauth2/resources/ResourceSetLabelRegistrationTest.java) \
(0 => 14909)</h4> <pre class="diff"><span>
<span class="info">--- \
branches/AME-7692_noRestartsAuth/openam/openam-oauth2/src/test/java/org/forgerock/openam/oauth2/resources/ResourceSetLabelRegistrationTest.java \
(rev 0)
+++ branches/AME-7692_noRestartsAuth/openam/openam-oauth2/src/test/java/org/forgerock/openam/oauth2/resources/ResourceSetLabelRegistrationTest.java 2015-07-31 \
15:38:51 UTC (rev 14909) </span><span class="lines">@@ -0,0 +1,225 @@
</span><ins>+/*
+ * The contents of this file are subject to the terms of the Common Development and
+ * Distribution License (the License). You may not use this file except in \
compliance with the + * License.
+ *
+ * You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for \
the + * specific language governing permission and limitations under the License.
+ *
+ * When distributing Covered Software, include this CDDL Header Notice in each file \
and include + * the License file at legal/CDDLv1.0.txt. If applicable, add the \
following below the CDDL + * Header, with the fields enclosed by brackets [] replaced \
by your own identifying + * information: "Portions copyright [year] [name of \
copyright owner]". + *
+ * Copyright 2015 ForgeRock AS.
+ */
+
+package org.forgerock.openam.oauth2.resources;
+
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.forgerock.json.fluent.JsonValue.*;
+import static org.mockito.BDDMockito.given;
+import static org.mockito.Matchers.any;
+import static org.mockito.Mockito.*;
+import static org.mockito.Mockito.eq;
+import static org.mockito.MockitoAnnotations.initMocks;
+
+import java.util.Arrays;
+import java.util.HashSet;
+import java.util.List;
+import java.util.Locale;
+import java.util.Set;
+
+import org.forgerock.json.resource.NotFoundException;
+import org.forgerock.oauth2.core.ClientRegistration;
+import org.forgerock.oauth2.core.ClientRegistrationStore;
+import org.forgerock.oauth2.core.OAuth2Request;
+import org.forgerock.oauth2.resources.ResourceSetDescription;
+import org.forgerock.openam.oauth2.resources.labels.LabelType;
+import org.forgerock.openam.oauth2.resources.labels.ResourceSetLabel;
+import org.forgerock.openam.oauth2.resources.labels.UmaLabelsStore;
+import org.mockito.ArgumentCaptor;
+import org.mockito.Mock;
+import org.testng.annotations.BeforeMethod;
+import org.testng.annotations.Test;
+
+public class ResourceSetLabelRegistrationTest {
+
+ private ResourceSetLabelRegistration labelRegistration;
+
+ @Mock
+ private UmaLabelsStore labelsStore;
+
+ @BeforeMethod
+ public void setup() throws Exception {
+ initMocks(this);
+ labelRegistration = new ResourceSetLabelRegistration(labelsStore);
+ }
+
+ @Test
+ public void shouldUpdateLabelsForNewResourceSet() throws Exception {
+
+ //Given
+ ResourceSetDescription resourceSet = newResourceSet("LABEL_ONE");
+ givenLabelsDoesNotExist("LABEL_ONE");
+
+ //When
+ labelRegistration.updateLabelsForNewResourceSet(resourceSet);
+
+ //Then
+ ArgumentCaptor<ResourceSetLabel> labelCaptor = \
ArgumentCaptor.forClass(ResourceSetLabel.class); + \
verify(labelsStore).create(eq("REALM"), eq("RESOURCE_OWNER_ID"), \
labelCaptor.capture()); + \
assertThat(labelCaptor.getValue().getId()).isEqualTo("CLIENT_ID/LABEL_ONE");
+ assertThat(labelCaptor.getValue().getName()).isEqualTo("LABEL_ONE");
+ assertThat(labelCaptor.getValue().getType()).isEqualTo(LabelType.SYSTEM);
+ assertThat(labelCaptor.getValue().getResourceSetIds()).containsOnly("RESOURCE_SET_ID");
+ }
+
+ @Test
+ public void shouldNotUpdateLabelsForNewResourceSetWithNoLabels() throws \
Exception { +
+ //Given
+ ResourceSetDescription resourceSet = newResourceSet();
+
+ //When
+ labelRegistration.updateLabelsForNewResourceSet(resourceSet);
+
+ //Then
+ verify(labelsStore, never()).create(eq("REALM"), \
eq("RESOURCE_OWNER_ID"), any(ResourceSetLabel.class)); + }
+
+ @Test
+ public void shouldUpdateLabelsForExistingResourceSet() throws Exception {
+
+ //Given
+ givenLabelsForResourceSet("LABEL_ONE", "LABEL_TWO");
+ ResourceSetDescription resourceSet = newResourceSet("LABEL_ONE", \
"LABEL_THREE", "LABEL_FOUR"); + \
givenLabelsExist("LABEL_ONE", "LABEL_TWO", \
"LABEL_THREE"); + givenLabelsDoesNotExist("LABEL_FOUR");
+
+ //When
+ labelRegistration.updateLabelsForExistingResourceSet(resourceSet);
+
+ //Then
+ ArgumentCaptor<ResourceSetLabel> labelCaptor = \
ArgumentCaptor.forClass(ResourceSetLabel.class); + verify(labelsStore, \
times(2)).update(eq("REALM"), eq("RESOURCE_OWNER_ID"), \
labelCaptor.capture()); + verify(labelsStore).create(eq("REALM"), \
eq("RESOURCE_OWNER_ID"), labelCaptor.capture()); +
+ List<ResourceSetLabel> labels = labelCaptor.getAllValues();
+ for (ResourceSetLabel label : labels) {
+ if (label.getId().contains("LABEL_TWO")) {
+ assertThat(label.getResourceSetIds()).isEmpty();
+ } else if (label.getId().contains("LABEL_THREE")) {
+ assertThat(label.getResourceSetIds()).containsOnly("RESOURCE_SET_ID");
+ } else if (label.getId().contains("LABEL_FOUR")) {
+ assertThat(label.getResourceSetIds()).containsOnly("RESOURCE_SET_ID");
+ }
+ }
+ }
+
+ @Test
+ public void shouldUpdateLabelsForExistingResourceSetWithAllLabelsRemoved() \
throws Exception { +
+ //Given
+ givenLabelsForResourceSet("LABEL_ONE", "LABEL_TWO");
+ ResourceSetDescription resourceSet = newResourceSet();
+ givenLabelsExist("LABEL_ONE", "LABEL_TWO");
+
+ //When
+ labelRegistration.updateLabelsForExistingResourceSet(resourceSet);
+
+ //Then
+ ArgumentCaptor<ResourceSetLabel> labelCaptor = \
ArgumentCaptor.forClass(ResourceSetLabel.class); + verify(labelsStore, \
times(2)).update(eq("REALM"), eq("RESOURCE_OWNER_ID"), \
labelCaptor.capture()); +
+ List<ResourceSetLabel> labels = labelCaptor.getAllValues();
+ for (ResourceSetLabel label : labels) {
+ assertThat(label.getResourceSetIds()).isEmpty();
+ }
+ }
+
+ @Test
+ public void shouldUpdateLabelsForDeletedResourceSet() throws Exception {
+
+ //Given
+ ResourceSetDescription resourceSet = newResourceSet("LABEL_ONE", \
"LABEL_TWO"); + givenLabelsExist("LABEL_ONE", \
"LABEL_TWO"); +
+ givenLabelsAreNotIsUse("LABEL_ONE");
+
+ //When
+ labelRegistration.updateLabelsForDeletedResourceSet(resourceSet);
+
+ //Then
+ ArgumentCaptor<ResourceSetLabel> labelCaptor = \
ArgumentCaptor.forClass(ResourceSetLabel.class); + verify(labelsStore, \
times(2)).update(eq("REALM"), eq("RESOURCE_OWNER_ID"), \
labelCaptor.capture()); + ArgumentCaptor<String> deletedLabelsCaptor = \
ArgumentCaptor.forClass(String.class); + verify(labelsStore, \
times(2)).delete(eq("REALM"), eq("RESOURCE_OWNER_ID"), \
deletedLabelsCaptor.capture()); +
+ List<ResourceSetLabel> labels = labelCaptor.getAllValues();
+ for (ResourceSetLabel label : labels) {
+ assertThat(label.getResourceSetIds()).isEmpty();
+ }
+ deletedLabelsCaptor.getAllValues().containsAll(Arrays.asList("CLIENT_ID/LABEL_ONE", \
"CLIENT_ID/LABEL_TWO")); + }
+
+ @Test
+ public void shouldUpdateLabelUsingClientIdIfClientDisplayNameIsNull() throws \
Exception { +
+ //Given
+ ResourceSetDescription resourceSet = newResourceSet("LABEL_ONE");
+ givenLabelsDoesNotExist("LABEL_ONE");
+
+ //When
+ labelRegistration.updateLabelsForNewResourceSet(resourceSet);
+
+ //Then
+ ArgumentCaptor<ResourceSetLabel> labelCaptor = \
ArgumentCaptor.forClass(ResourceSetLabel.class); + \
verify(labelsStore).create(eq("REALM"), eq("RESOURCE_OWNER_ID"), \
labelCaptor.capture()); + \
assertThat(labelCaptor.getValue().getId()).isEqualTo("CLIENT_ID/LABEL_ONE");
+ assertThat(labelCaptor.getValue().getName()).isEqualTo("LABEL_ONE");
+ }
+
+ private ResourceSetDescription newResourceSet(String... labels) {
+ ResourceSetDescription resourceSet = new ResourceSetDescription();
+ resourceSet.setId("RESOURCE_SET_ID");
+ resourceSet.setRealm("REALM");
+ resourceSet.setResourceOwnerId("RESOURCE_OWNER_ID");
+ resourceSet.setClientId("CLIENT_ID");
+ resourceSet.setDescription(json(object(field("labels", \
Arrays.asList(labels))))); + return resourceSet;
+ }
+
+ private void givenLabelsDoesNotExist(String... labels) throws Exception {
+ for (String label : labels) {
+ doThrow(NotFoundException.class).when(labelsStore).read("REALM", \
"RESOURCE_OWNER_ID", "CLIENT_ID/" + label); + }
+ }
+
+ private void givenLabelsExist(String... labels) throws Exception {
+ for (String label : labels) {
+ given(labelsStore.read("REALM", "RESOURCE_OWNER_ID", \
"CLIENT_ID/" + label)).willReturn(newLabel(label)); + }
+ }
+
+ private void givenLabelsForResourceSet(String... labels) throws Exception {
+ Set<ResourceSetLabel> resourceSetLabels = new HashSet<>();
+ for (String label : labels) {
+ resourceSetLabels.add(newLabel(label));
+ }
+ given(labelsStore.forResourceSet("REALM", \
"RESOURCE_OWNER_ID", "RESOURCE_SET_ID", true)) + \
.willReturn(resourceSetLabels); + }
+
+ private ResourceSetLabel newLabel(String label) {
+ Set<String> resourceSetIds = new HashSet<>();
+ resourceSetIds.add("RESOURCE_SET_ID");
+ return new ResourceSetLabel("CLIENT_ID/" + label, label, \
LabelType.SYSTEM, resourceSetIds); + }
+
+ private void givenLabelsAreNotIsUse(String... labels) throws Exception {
+ for (String label : labels) {
+ given(labelsStore.isLabelInUse("REALM", \
"RESOURCE_OWNER_ID", "CLIENT_ID/" + label)).willReturn(false); + \
} + }
+}
</ins></span></pre></div>
<a id="branchesAME7692_noRestartsAuthopenamopenamoauth2srctestjavaorgforgerockopenamoa \
uth2resourcesResourceSetRegistrationEndpointTestjavafromrev14908trunkopenamopenamoauth \
2srctestjavaorgforgerockopenamoauth2resourcesResourceSetRegistrationEndpointTestjava"></a>
<div class="copfile"><h4>Copied: \
branches/AME-7692_noRestartsAuth/openam/openam-oauth2/src/test/java/org/forgerock/openam/oauth2/resources/ResourceSetRegistrationEndpointTest.java \
(from rev 14908, trunk/openam/openam-oauth2/src/test/java/org/forgerock/openam/oauth2/resources/ResourceSetRegistrationEndpointTest.java) \
(0 => 14909)</h4> <pre class="diff"><span>
<span class="info">--- \
branches/AME-7692_noRestartsAuth/openam/openam-oauth2/src/test/java/org/forgerock/openam/oauth2/resources/ResourceSetRegistrationEndpointTest.java \
(rev 0)
+++ branches/AME-7692_noRestartsAuth/openam/openam-oauth2/src/test/java/org/forgerock/openam/oauth2/resources/ResourceSetRegistrationEndpointTest.java 2015-07-31 \
15:38:51 UTC (rev 14909) </span><span class="lines">@@ -0,0 +1,381 @@
</span><ins>+/*
+ * The contents of this file are subject to the terms of the Common Development and
+ * Distribution License (the License). You may not use this file except in \
compliance with the + * License.
+ *
+ * You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for \
the + * specific language governing permission and limitations under the License.
+ *
+ * When distributing Covered Software, include this CDDL Header Notice in each file \
and include + * the License file at legal/CDDLv1.0.txt. If applicable, add the \
following below the CDDL + * Header, with the fields enclosed by brackets [] replaced \
by your own identifying + * information: "Portions copyright [year] [name of \
copyright owner]". + *
+ * Copyright 2015 ForgeRock AS.
+ */
+
+package org.forgerock.openam.oauth2.resources;
+
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.entry;
+import static org.forgerock.json.fluent.JsonValue.*;
+import static org.forgerock.openam.utils.CollectionUtils.asSet;
+import static org.mockito.BDDMockito.given;
+import static org.mockito.Matchers.anyMapOf;
+import static org.mockito.Mockito.*;
+
+import java.net.URI;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.List;
+import java.util.Map;
+import java.util.Set;
+import java.util.concurrent.ConcurrentHashMap;
+
+import com.fasterxml.jackson.core.JsonProcessingException;
+import com.fasterxml.jackson.databind.ObjectMapper;
+import org.forgerock.json.fluent.JsonValue;
+import org.forgerock.oauth2.core.AccessToken;
+import org.forgerock.oauth2.core.OAuth2ProviderSettings;
+import org.forgerock.oauth2.core.OAuth2ProviderSettingsFactory;
+import org.forgerock.oauth2.core.OAuth2Request;
+import org.forgerock.oauth2.core.OAuth2RequestFactory;
+import org.forgerock.oauth2.core.exceptions.BadRequestException;
+import org.forgerock.oauth2.core.exceptions.InvalidGrantException;
+import org.forgerock.oauth2.core.exceptions.NotFoundException;
+import org.forgerock.oauth2.core.exceptions.ServerException;
+import org.forgerock.oauth2.resources.ResourceSetDescription;
+import org.forgerock.oauth2.resources.ResourceSetStore;
+import org.forgerock.oauth2.restlet.resources.ResourceSetDescriptionValidator;
+import org.forgerock.oauth2.restlet.resources.ResourceSetRegistrationListener;
+import org.forgerock.openam.cts.api.fields.ResourceSetTokenField;
+import org.forgerock.util.query.BaseQueryFilterVisitor;
+import org.forgerock.util.query.QueryFilter;
+import org.forgerock.util.query.QueryFilterVisitor;
+import org.json.JSONException;
+import org.json.JSONObject;
+import org.mockito.ArgumentCaptor;
+import org.mockito.Matchers;
+import org.mockito.invocation.InvocationOnMock;
+import org.mockito.stubbing.Answer;
+import org.restlet.Request;
+import org.restlet.Response;
+import org.restlet.data.ChallengeResponse;
+import org.restlet.data.ChallengeScheme;
+import org.restlet.data.Conditions;
+import org.restlet.data.Status;
+import org.restlet.data.Tag;
+import org.restlet.ext.json.JsonRepresentation;
+import org.restlet.representation.Representation;
+import org.testng.annotations.BeforeMethod;
+import org.testng.annotations.Test;
+
+public class ResourceSetRegistrationEndpointTest {
+
+ private static final JsonValue RESOURCE_SET_DESCRIPTION_CONTENT = \
json(object(field("name", "NAME"), + \
field("uri", "URI"), field("type", "TYPE"), \
field("scopes", array("SCOPE")), + \
field("icon_uri", "ICON_URI"), field("labels", \
array("LABEL")))); + private static final JsonValue \
RESOURCE_SET_DESCRIPTION_UPDATED_CONTENT = json(object(field("name", \
"NEW_NAME"), + field("uri", "NEW_URI"), \
field("type", "NEW_TYPE"), field("scopes", \
array("NEW_SCOPE")), + field("icon_uri", \
"NEW_ICON_URI"), field("labels", array()))); +
+ private ResourceSetRegistrationEndpoint endpoint;
+
+ private ResourceSetStore store;
+ private ResourceSetDescriptionValidator validator;
+ private ResourceSetRegistrationListener listener;
+ private ResourceSetLabelRegistration labelRegistration;
+
+ private Response response;
+
+ @BeforeMethod
+ @SuppressWarnings("unchecked")
+ public void setup() throws ServerException, InvalidGrantException, \
NotFoundException { +
+ store = mock(ResourceSetStore.class);
+ validator = mock(ResourceSetDescriptionValidator.class);
+ OAuth2RequestFactory<Request> requestFactory = \
mock(OAuth2RequestFactory.class); + Set<ResourceSetRegistrationListener> \
listeners = new HashSet<ResourceSetRegistrationListener>(); + listener = \
mock(ResourceSetRegistrationListener.class); + listeners.add(listener);
+ labelRegistration = mock(ResourceSetLabelRegistration.class);
+
+ OAuth2ProviderSettingsFactory providerSettingsFactory = \
mock(OAuth2ProviderSettingsFactory.class); + OAuth2ProviderSettings \
providerSettings = mock(OAuth2ProviderSettings.class); + \
given(providerSettingsFactory.get(Matchers.<OAuth2Request>anyObject())).willReturn(providerSettings);
+ given(providerSettings.getResourceSetStore()).willReturn(store);
+
+ endpoint = spy(new ResourceSetRegistrationEndpoint(providerSettingsFactory, \
validator, requestFactory, + listeners, labelRegistration));
+
+ Request request = mock(Request.class);
+ ChallengeResponse challengeResponse = new \
ChallengeResponse(ChallengeScheme.HTTP_BASIC); + \
challengeResponse.setRawValue("PAT"); + \
given(request.getChallengeResponse()).willReturn(challengeResponse); + \
given(endpoint.getRequest()).willReturn(request); +
+ AccessToken accessToken = mock(AccessToken.class);
+ given(accessToken.getClientId()).willReturn("CLIENT_ID");
+ given(accessToken.getResourceOwnerId()).willReturn("RESOURCE_OWNER_ID");
+
+ response = mock(Response.class);
+ given(endpoint.getResponse()).willReturn(response);
+
+ OAuth2Request oAuth2Request = mock(OAuth2Request.class);
+ given(requestFactory.create(Matchers.<Request>anyObject())).willReturn(oAuth2Request);
+ given(oAuth2Request.getToken(AccessToken.class)).willReturn(accessToken);
+ }
+
+ private void setUriResourceSetId() {
+ Map<String, Object> requestAttributes = new \
ConcurrentHashMap<String, Object>(); + \
requestAttributes.put("rsid", "RESOURCE_SET_ID"); + \
given(endpoint.getRequestAttributes()).willReturn(requestAttributes); + }
+
+ private void noUriResourceSetId() {
+ Map<String, Object> requestAttributes = new \
ConcurrentHashMap<String, Object>(); + \
given(endpoint.getRequestAttributes()).willReturn(requestAttributes); + }
+
+ private void addCondition() {
+ Conditions conditions = new Conditions();
+ conditions.setMatch(Collections.singletonList(new Tag()));
+ given(endpoint.getConditions()).willReturn(conditions);
+ }
+
+ private void noConditions() {
+ Conditions conditions = new Conditions();
+ conditions.setMatch(Collections.<Tag>emptyList());
+ given(endpoint.getConditions()).willReturn(conditions);
+ }
+
+ private JsonRepresentation createCreateRequestRepresentation() throws \
JSONException, + JsonProcessingException, BadRequestException {
+ JsonRepresentation entity = mock(JsonRepresentation.class);
+ JSONObject jsonObject = mock(JSONObject.class);
+ String jsonString = new \
ObjectMapper().writeValueAsString(RESOURCE_SET_DESCRIPTION_CONTENT.asMap()); +
+ given(entity.getJsonObject()).willReturn(jsonObject);
+ given(jsonObject.toString()).willReturn(jsonString);
+ given(validator.validate(anyMapOf(String.class, Object.class)))
+ .willReturn(RESOURCE_SET_DESCRIPTION_CONTENT.asMap());
+
+ return entity;
+ }
+
+ private JsonRepresentation createUpdateRequestRepresentation() throws \
JSONException, + JsonProcessingException, BadRequestException {
+ JsonRepresentation entity = mock(JsonRepresentation.class);
+ JSONObject jsonObject = mock(JSONObject.class);
+ String jsonString = new \
ObjectMapper().writeValueAsString(RESOURCE_SET_DESCRIPTION_UPDATED_CONTENT.asMap()); \
+ + given(entity.getJsonObject()).willReturn(jsonObject);
+ given(jsonObject.toString()).willReturn(jsonString);
+ given(validator.validate(anyMapOf(String.class, Object.class)))
+ .willReturn(RESOURCE_SET_DESCRIPTION_UPDATED_CONTENT.asMap());
+
+ return entity;
+ }
+
+ @Test
+ @SuppressWarnings("unchecked")
+ public void shouldCreateResourceSetDescription() throws Exception {
+
+ //Given
+ JsonRepresentation entity = createCreateRequestRepresentation();
+
+ doAnswer(new Answer<Void>() {
+ public Void answer(InvocationOnMock invocation) throws Throwable {
+ ResourceSetDescription resourceSetDescription = \
(ResourceSetDescription) invocation.getArguments()[1]; + \
resourceSetDescription.setId("123"); + return null;
+ }
+ }).when(store).create(any(OAuth2Request.class), \
any(ResourceSetDescription.class)); +
+ setUriResourceSetId();
+ noConditions();
+
+ //When
+ Representation response = endpoint.createResourceSet(entity);
+
+ //Then
+ ArgumentCaptor<ResourceSetDescription> resourceSetCaptor =
+ ArgumentCaptor.forClass(ResourceSetDescription.class);
+ verify(store).create(Matchers.<OAuth2Request>anyObject(), \
resourceSetCaptor.capture()); + \
assertThat(resourceSetCaptor.getValue().getId()).isNotNull().isNotEmpty(); + \
assertThat(resourceSetCaptor.getValue().getClientId()).isEqualTo("CLIENT_ID");
+ assertThat(resourceSetCaptor.getValue().getName()).isEqualTo("NAME");
+ assertThat(resourceSetCaptor.getValue().getUri()).isEqualTo(URI.create("URI"));
+ assertThat(resourceSetCaptor.getValue().getType()).isEqualTo("TYPE");
+ assertThat(resourceSetCaptor.getValue().getScopes()).containsExactly("SCOPE");
+ assertThat(resourceSetCaptor.getValue().getIconUri()).isEqualTo(URI.create("ICON_URI"));
+
+ Map<String, Object> responseBody = (Map<String, Object>) new \
ObjectMapper() + .readValue(response.getText(), Map.class);
+ assertThat(responseBody).containsKey("_id");
+ verify(listener).resourceSetCreated(anyString(), \
Matchers.<ResourceSetDescription>anyObject()); + \
verify(labelRegistration).updateLabelsForNewResourceSet(any(ResourceSetDescription.class));
+ }
+
+ @Test
+ @SuppressWarnings("unchecked")
+ public void shouldNotCreateExistingResourceSetDescription() throws Exception {
+
+ //Given
+ JsonRepresentation entity = createCreateRequestRepresentation();
+
+ when(store.query(any(QueryFilter.class))).thenReturn(
+ asSet(new ResourceSetDescription("id", \
"CLIENT_ID", "RESOURCE_OWNER_ID", \
RESOURCE_SET_DESCRIPTION_CONTENT.asMap()))); +
+ noConditions();
+
+ //When
+ Representation result = endpoint.createResourceSet(entity);
+
+ //Then
+ ArgumentCaptor<QueryFilter> queryCaptor = \
ArgumentCaptor.forClass(QueryFilter.class); + \
verify(store).query(queryCaptor.capture()); + String queryString = \
queryCaptor.getValue().toString(); + assertThat(queryString)
+ .contains("name eq \"NAME\"")
+ .contains("clientId eq \"CLIENT_ID\"")
+ .contains("resourceOwnerId eq \
\"RESOURCE_OWNER_ID\"") + .doesNotContain(" or \
"); +
+ verify(response).setStatus(Status.CLIENT_ERROR_BAD_REQUEST);
+
+ assertThat(result).isInstanceOf(JsonRepresentation.class);
+ assertThat(((JsonRepresentation) \
result).getJsonObject().get("error")).isEqualTo("Bad Request"); + \
assertThat(((JsonRepresentation) \
result).getJsonObject().getString("error_description")).contains("'NAME' \
already exists"); + }
+
+ @Test
+ @SuppressWarnings("unchecked")
+ public void shouldReadResourceSetDescription() throws Exception {
+
+ //Given
+ ResourceSetDescription resourceSetDescription = new \
ResourceSetDescription("RESOURCE_SET_ID", "CLIENT_ID", + \
"RESOURCE_OWNER_ID", RESOURCE_SET_DESCRIPTION_CONTENT.asMap()); +
+ setUriResourceSetId();
+ given(store.read("RESOURCE_SET_ID")).willReturn(resourceSetDescription);
+
+ //When
+ Representation responseRep = endpoint.readOrListResourceSet();
+
+ //Then
+ Map<String, Object> responseBody = (Map<String, Object>) new \
ObjectMapper() + .readValue(responseRep.getText(), Map.class);
+ assertThat(responseBody).containsKey("_id");
+ assertThat(responseBody).contains(entry("name", "NAME"), \
entry("uri", "URI"), entry("type", "TYPE"), + \
entry("scopes", Collections.singletonList("SCOPE")), \
entry("icon_uri", "ICON_URI")); + }
+
+ @Test
+ @SuppressWarnings("unchecked")
+ public void shouldUpdateResourceSetDescription() throws Exception {
+
+ //Given
+ JsonRepresentation entity = createUpdateRequestRepresentation();
+ ResourceSetDescription resourceSetDescription = new \
ResourceSetDescription("RESOURCE_SET_ID", "CLIENT_ID", + \
"RESOURCE_OWNER_ID", RESOURCE_SET_DESCRIPTION_CONTENT.asMap()); +
+ setUriResourceSetId();
+ addCondition();
+ given(store.read("RESOURCE_SET_ID")).willReturn(resourceSetDescription);
+
+ //When
+ Representation responseRep = endpoint.updateResourceSet(entity);
+
+ //Then
+ ArgumentCaptor<ResourceSetDescription> resourceSetCaptor =
+ ArgumentCaptor.forClass(ResourceSetDescription.class);
+ verify(store).update(resourceSetCaptor.capture());
+ assertThat(resourceSetCaptor.getValue().getId()).isEqualTo("RESOURCE_SET_ID");
+ assertThat(resourceSetCaptor.getValue().getClientId()).isEqualTo("CLIENT_ID");
+ assertThat(resourceSetCaptor.getValue().getName()).isEqualTo("NEW_NAME");
+ assertThat(resourceSetCaptor.getValue().getUri()).isEqualTo(URI.create("NEW_URI"));
+ assertThat(resourceSetCaptor.getValue().getType()).isEqualTo("NEW_TYPE");
+ assertThat(resourceSetCaptor.getValue().getScopes()).containsExactly("NEW_SCOPE");
+ assertThat(resourceSetCaptor.getValue().getIconUri()).isEqualTo(URI.create("NEW_ICON_URI"));
+
+ Map<String, Object> responseBody = (Map<String, Object>) new \
ObjectMapper() + .readValue(responseRep.getText(), Map.class);
+ assertThat(responseBody).containsKey("_id");
+ verify(labelRegistration).updateLabelsForExistingResourceSet(any(ResourceSetDescription.class));
+ }
+
+ @Test
+ public void shouldDeleteResourceSetDescription() throws Exception {
+
+ //Given
+ setUriResourceSetId();
+ addCondition();
+
+ //When
+ Representation responseRep = endpoint.deleteResourceSet();
+
+ //Then
+ verify(store).delete("RESOURCE_SET_ID", \
"RESOURCE_OWNER_ID"); + assertThat(responseRep.getText()).isNull();
+ ArgumentCaptor<Status> responseStatusCaptor = \
ArgumentCaptor.forClass(Status.class); + \
verify(response).setStatus(responseStatusCaptor.capture()); + \
assertThat(responseStatusCaptor.getValue().getCode()).isEqualTo(204); + \
verify(labelRegistration).updateLabelsForDeletedResourceSet(any(ResourceSetDescription.class));
+ }
+
+ @Test
+ @SuppressWarnings("unchecked")
+ public void shouldListResourceSetDescriptions() throws Exception {
+
+ //Given
+ Set<ResourceSetDescription> resourceSetDescriptions = new \
HashSet<ResourceSetDescription>(); + ResourceSetDescription \
resourceSetDescription = new ResourceSetDescription("RESOURCE_SET_ID", \
"CLIENT_ID", + "RESOURCE_OWNER_ID", \
RESOURCE_SET_DESCRIPTION_CONTENT.asMap()); + ResourceSetDescription \
resourceSetDescription2 = new ResourceSetDescription("RESOURCE_SET_ID_2", + \
"CLIENT_ID", + "RESOURCE_OWNER_ID", \
RESOURCE_SET_DESCRIPTION_UPDATED_CONTENT.asMap()); + \
resourceSetDescriptions.add(resourceSetDescription); + \
resourceSetDescriptions.add(resourceSetDescription2); +
+ noUriResourceSetId();
+ noConditions();
+ given(store.query(any(QueryFilter.class)))
+ .willReturn(resourceSetDescriptions);
+
+ //When
+ Representation responseRep = endpoint.readOrListResourceSet();
+
+ //Then
+ ArgumentCaptor<QueryFilter> queryParametersCaptor =
+ ArgumentCaptor.forClass(QueryFilter.class);
+ verify(store).query(queryParametersCaptor.capture());
+ QueryFilter<String> query = queryParametersCaptor.getValue();
+ Map<String, String> params = query.accept(QUERY_PARAMS_EXTRACTOR, new \
HashMap<String, String>()); + assertThat(params).contains(
+ entry(ResourceSetTokenField.CLIENT_ID, "CLIENT_ID"),
+ entry(ResourceSetTokenField.RESOURCE_OWNER_ID, \
"RESOURCE_OWNER_ID")); +
+ List<String> responseBody = (List<String>) new ObjectMapper()
+ .readValue(responseRep.getText(), List.class);
+ assertThat(responseBody).contains("RESOURCE_SET_ID", \
"RESOURCE_SET_ID_2"); + }
+
+ private static final QueryFilterVisitor<Map<String, String>, \
Map<String, String>, String> QUERY_PARAMS_EXTRACTOR = + new \
BaseQueryFilterVisitor<Map<String, String>, Map<String, String>, \
String>() { + @Override
+ public Map<String, String> visitAndFilter(Map<String, \
String> map, + List<QueryFilter<String>> \
subFilters) { + for (QueryFilter<String> subFilter : \
subFilters) { + subFilter.accept(this, map);
+ }
+ return map;
+ }
+
+ public Map<String, String> visitEqualsFilter(Map<String, \
String> map, String field, Object value) { + map.put(field, \
value.toString()); + return map;
+ }
+ };
+}
</ins></span></pre></div>
<a id="branchesAME7692_noRestartsAuthopenamopenamoauth2commonoauth2core"></a>
<div class="propset"><h4>Property changes: \
branches/AME-7692_noRestartsAuth/openam/openam-oauth2-common/oauth2-core</h4> <pre \
class="diff"><span> </span></pre></div>
<a id="svnmergeinfo"></a>
<div class="modfile"><h4>Modified: svn:mergeinfo</h4></div>
<span class="cx">/branches/AME-2629/openam/openam-oauth2-common/oauth2-core:7585-7632
</span><span class="cx">/branches/AME-2766-policy-entitlements-REST-APIs/openam/openam-oauth2-common/oauth2-core:8455-8476
</span><span class="cx">/branches/AME-3087-entitlements-CREST-management/openam/openam-oauth2-common/oauth2-core:8481-8664
</span><span class="cx">/branches/AME-3087_query_and_patch/openam/openam-oauth2-common/oauth2-core:8667-8681
</span><span class="cx">/branches/AME-3405-session-read-from-cts/openam/openam-oauth2-common/oauth2-core:8749-8823
</span><span class="cx">/branches/AME-3423/openam/openam-oauth2-common/oauth2-core:10105-10414
</span><span class="cx">/branches/AME-3612-pcunnington/openam/openam-oauth2-common/oauth2-core:9534-9723
</span><span class="cx">/branches/AME-3719/openam/openam-oauth2-common/oauth2-core:9517-9879
</span><span class="cx">/branches/AME-3726-script-sandboxing/openam/openam-oauth2-common/oauth2-core:9663-9819
</span><span class="cx">/branches/AME-4378/openam/openam-oauth2-common/oauth2-core:10443-10621
</span><span class="cx">/branches/AME-4460_AME-4459/openam/openam-oauth2-common/oauth2-core:10437-10535
</span><span class="cx">/branches/AME-4547/openam/openam-oauth2-common/oauth2-core:10585-10783
</span><span class="cx">/branches/AME-4569-XACML-Response-Provider-Support/openam/openam-oauth2-common/oauth2-core:10624-10817
</span><span class="cx">/branches/AME-4595/openam/openam-oauth2-common/oauth2-core:10581-10789
</span><span class="cx">/branches/AME-4609/openam/openam-oauth2-common/oauth2-core:10678-10949
</span><span class="cx">/branches/AME-4616/openam/openam-oauth2-common/oauth2-core:10652-10817
</span><span class="cx">/branches/AME-4638/openam/openam-oauth2-common/oauth2-core:10869-11050
</span><span class="cx">/branches/AME-5023/openam/openam-oauth2-common/oauth2-core:11070-11123
</span><span class="cx">/branches/AME-5326_refactor_and_test_oath_module/openam/openam-oauth2-common/oauth2-core:13066-13428
</span><span class="cx">/branches/AME-5568-stateless-sessions/openam/openam-oauth2-common/oauth2-core:12629-13078
</span><span class="cx">/branches/AME-6128_and_AME-6129_JSONify_attributes_for_OATH/openam/openam-oauth2-common/oauth2-core:13797-13866
</span><span class="cx">/branches/AME-6128_and_AME-6129_new_user_attributes_for_OATH/openam/openam-oauth2-common/oauth2-core:13602-13794
</span><span class="cx">/branches/AME-6369/openam/openam-oauth2-common/oauth2-core:13289-13686
</span><span class="cx">/branches/AME-6627_Remove-LDAP-SDK/openam/openam-oauth2-common/oauth2-core:13713-14249
</span><span class="cx">/branches/AME-7286/openam/openam-oauth2-common/oauth2-core:14363-14465
</span><span class="cx">/branches/CTS-Async/openam/openam-oauth2-common/oauth2-core:8847-9739
</span><span class="cx">/branches/OPENAM-2961-forgot-password-404/openam/openam-oauth2-common/oauth2-core:8322-8362
</span><span class="cx">/branches/OPENAM-3097-sessions-not-deleted/openam/openam-oauth2-common/oauth2-core:6910-6946
</span><span class="cx">/branches/OPENAM-3130-session-quota/openam/openam-oauth2-common/oauth2-core:6958-6972
</span><span class="cx">/branches/OPENAM-3283-CTS-thread-exceptions/openam/openam-oauth2-common/oauth2-core:7270-7369
</span><span class="cx">/branches/OPENAM-3425-class-cast-exception/openam/openam-oauth2-common/oauth2-core:8333-8359
</span><span class="cx">/branches/OPENAM-3782-forgotten-password-changes/openam/openam-oauth2-common/oauth2-core:8747-8835
</span><span class="cx">/branches/OPENAM-4028-connection-pool/openam/openam-oauth2-common/oauth2-core:9750-10171
</span><span class="cx">/branches/OPENAM-4384-ssoadm-classpath/openam/openam-oauth2-common/oauth2-core:10263-10264
</span><span class="cx">/branches/OPENAM-4394/openam/openam-oauth2-common/oauth2-core:11059-11099
</span><span class="cx">/branches/OPENAM-4775-REST-endpoint-malformed-3/openam/openam-oauth2-common/oauth2-core:11322-11331
</span><span class="cx">/branches/OPENAM-5019_entitlement_condition_validation/openam/openam-oauth2-common/oauth2-core:11455-11491
</span><span class="cx">/branches/OPENAM-5269/openam/openam-oauth2-common/oauth2-core:11838-11851
</span><span class="cx">/branches/OPENAM-5970_trim_unused_qrcode_references/openam/openam-oauth2-common/oauth2-core:13756-13770
</span><span class="cx">/branches/OPENAM-OPENAM-3528-client-side-session-validation/openam/openam-oauth2-common/oauth2-core:7834-7844
</span><span class="cx">/branches/ame4272/openam/openam-oauth2-common/oauth2-core:10073-10101
</span><span class="cx">/branches/andy-ame-2227-v2/openam/openam-oauth2-common/oauth2-core:7508-7697
</span><span class="cx">/branches/andy-ame1316-connectionfactory/openam/openam-oauth2-common/oauth2-core:5311-5328
</span><span class="cx">/branches/andy-cts-connection-pool/openam/openam-oauth2-common/oauth2-core:7098-7175
</span><span class="cx">/branches/andy-openam-2654/openam/openam-oauth2-common/oauth2-core:6872-6911
</span><span class="cx">/branches/andy-openam-2880/openam/openam-oauth2-common/oauth2-core:6451-6503
</span><span class="cx">/branches/andy-openam-2907/openam/openam-oauth2-common/oauth2-core:6531-6534
</span><span class="cx">/branches/andy-openam-3006/openam/openam-oauth2-common/oauth2-core:6709-6749
</span><span class="cx">/branches/andy-openam-3063/openam/openam-oauth2-common/oauth2-core:6927-6948
</span><span class="cx">/branches/andy-openam-3193/openam/openam-oauth2-common/oauth2-core:7124-7128
</span><span class="cx">/branches/andy-openam-3248/openam/openam-oauth2-common/oauth2-core:7171-7715
</span><span class="cx">/branches/andy-openam2743/openam/openam-oauth2-common/oauth2-core:6372-6439
</span><span class="cx">/branches/andy-openam2744/openam/openam-oauth2-common/oauth2-core:6347-6367
</span><span class="cx">/branches/andyAme2972/openam/openam-oauth2-common/oauth2-core:8270-8318
</span><span class="cx">/branches/andyAme3102/openam/openam-oauth2-common/oauth2-core:8312-8413
</span><span class="cx">/branches/andyAme3196/openam/openam-oauth2-common/oauth2-core:8853-9084
</span><span class="cx">/branches/andyAme5550/openam/openam-oauth2-common/oauth2-core:13493-13515
</span><span class="cx">/branches/andyOpenam1708/openam/openam-oauth2-common/oauth2-core:5576-5592
</span><span class="cx">/branches/andyOpenam2140/openam/openam-oauth2-common/oauth2-core:7819-7862
</span><span class="cx">/branches/andyOpenam2373/openam/openam-oauth2-common/oauth2-core:5600-5706
</span><span class="cx">/branches/andyOpenam2525/openam/openam-oauth2-common/oauth2-core:5601-5733
</span><span class="cx">/branches/andyOpenam3509/openam/openam-oauth2-common/oauth2-core:7881-7963
</span><span class="cx">/branches/andyOpenam3638/openam/openam-oauth2-common/oauth2-core:8094-8172
</span><span class="cx">/branches/andyOpenam3969/openam/openam-oauth2-common/oauth2-core:10453-10977
</span><span class="cx">/branches/andyPolicyCrest/openam/openam-oauth2-common/oauth2-core:8295-8813
</span><span class="cx">/branches/apforrest-ame1316/openam/openam-oauth2-common/oauth2-core:4881-5305
</span><span class="cx">/branches/apforrest_ame805_indextree/openam/openam-oauth2-common/oauth2-core:4567-4852
</span><span class="cx">/branches/auditHistory/openam/openam-oauth2-common/oauth2-core:12633-12709
</span><span class="cx">/branches/cert_chain_bug/openam-oauth2-common/oauth2-core:11102-11125
</span><span class="cx">/branches/contextualAuthz/openam/openam-oauth2-common/oauth2-core:12734-12787
</span><span class="cx">/branches/curieResourceTypes/openam/openam-oauth2-common/oauth2-core:12286-12669
</span><span class="cx">/branches/dirk_oauth_perf/openam-oauth2-common/oauth2-core:5904
</span><span class="cx">/branches/dirk_sts/openam-oauth2-common/oauth2-core:5297,5314,5317-5318,5320-5321
</span><span class="cx">/branches/initial_uma/openam/openam-oauth2-common/oauth2-core:12067-12470
</span><span class="cx">/branches/oidc-conf/openam/openam-oauth2-common/oauth2-core:13365-13459
</span><span class="cx">/branches/oidc-conf/openam-oauth2-common/oauth2-core:13312-13363
</span><span class="cx">/branches/oidc-conf2/openam/openam-oauth2-common/oauth2-core:13364
</span><span class="cx">/branches/oidc_authn/openam-oauth2-common/oauth2-core:8507,8540,8557-8559,8565-8566
</span><span class="cx">/branches/openam-3049-cts-reaper-connection-usage/openam/openam-oauth2-common/oauth2-core:6658-6745
</span><span class="cx">/branches/openam-3053-cts-tab-exception/openam/openam-oauth2-common/oauth2-core:6672-6721
</span><span class="cx">/branches/openam-3072-cts-configuration/openam/openam-oauth2-common/oauth2-core:6691-6714
</span><span class="cx">/branches/openam-3092-store-mode-error/openam/openam-oauth2-common/oauth2-core:6729-6733
</span><span class="cx">/branches/openam-3110-create-or-update-bug/openam/openam-oauth2-common/oauth2-core:6767-6804
</span><span class="cx">/branches/openam2742-andy/openam/openam-oauth2-common/oauth2-core:6266-6323
</span><span class="cx">/branches/openam_10.1.0_xacml3_JAS/openam/openam-oauth2-common/oauth2-core:4039-4140
</span><span class="cx">/branches/openam_10.2.0_xacml3_JAS/openam/openam-oauth2-common/oauth2-core:4141-4379
</span><span class="cx">/branches/pcunnington-AME-3115-refactor/openam/openam-oauth2-common/oauth2-core:8348
</span><span class="cx">/branches/pcunnington-AME-3158/openam/openam-oauth2-common/oauth2-core:8476-8577
</span><span class="cx">/branches/pcunnington-AME-350/openam/openam-oauth2-common/oauth2-core:4165-4344
</span><span class="cx">/branches/pcunnington-ame-344/openam/openam-oauth2-common/oauth2-core:4651-5199
</span><span class="cx">/branches/pcunnington-oauth2/openam/openam-oauth2-common/oauth2-core:8710-8793
</span><span class="cx">/branches/phcunnington-AME-3114/openam/openam-oauth2-common/oauth2-core:8314-8341
</span><span class="cx">/branches/policyimprovements/openam/openam-oauth2-common/oauth2-core:5513-5515
</span><span class="cx">/branches/referralsWithoutApplications/openam/openam-oauth2-common/oauth2-core:11071-11119
</span><span class="cx">/branches/rest_sts_publish/openam-oauth2-common/oauth2-core:8167,8180,8214,8227,8245,8260
</span><span class="cx">/branches/rest_sts_view_bean/openam-oauth2-common/oauth2-core:9690-9965
</span><span class="cx">/branches/rwapshott-AME-1739/openam/openam-oauth2-common/oauth2-core:5331-5353
</span><span class="cx">/branches/rwapshott-AME-215/openam/openam-oauth2-common/oauth2-core:4091-4155
</span><span class="cx">/branches/rwapshott-AME-257/openam/openam-oauth2-common/oauth2-core:4047-4126
</span><span class="cx">/branches/rwapshott-AME-804/openam/openam-oauth2-common/oauth2-core:4267-5404
</span><span class="cx">/branches/rwapshott-ame-2027-cts-oids-should-follow-fr-oid-scheme/openam/openam-oauth2-common/oauth2-core:5609-5614
</span><span class="cx">/branches/rwapshott-ame-2160-session-size/openam/openam-oauth2-common/oauth2-core:6086-6319
</span><span class="cx">/branches/rwapshott-ame-2311-index-names/openam/openam-oauth2-common/oauth2-core:6058-6069
</span><span class="cx">/branches/rwapshott-ame-258-cts-replication/openam/openam-oauth2-common/oauth2-core:5548-6055
</span><span class="cx">/branches/rwapshott-openam-2198-session-resource-protection/openam/openam-oauth2-common/oauth2-core:5628-5824
</span><span class="cx">/branches/rwapshott-openam-2526/openam/openam-oauth2-common/oauth2-core:5442-5484
</span><span class="cx">/branches/rwapshott-openam-2716-cts-invalid-chars/openam/openam-oauth2-common/oauth2-core:6170-6194
</span><span class="cx">/branches/rwapshott-openam-2729-saml2-error/openam/openam-oauth2-common/oauth2-core:6247-6257
</span><span class="cx">/branches/soap_sts_admin_ui/openam-oauth2-common/oauth2-core:14254-14454
</span><span class="cx">/branches/soap_sts_auth/openam-oauth2-common/oauth2-core:12414,12467-12578
</span><span class="cx">/branches/soap_sts_config/openam-oauth2-common/oauth2-core:12590-12719,12744
</span><span class="cx">/branches/soap_sts_policy/openam-oauth2-common/oauth2-core:12762-13106,13172-13354
</span><span class="cx">/branches/soap_sts_tgs/openam-oauth2-common/oauth2-core:9585-9618
</span><span class="cx">/branches/soap_sts_x509/openam-oauth2-common/oauth2-core:13550-13640,13667,13693
</span><span class="cx">/branches/stateless_logout/openam/openam-oauth2-common/oauth2-core:12511-13298
</span><span class="cx">/branches/sts_client_sdk/openam-oauth2-common/oauth2-core:11175-11185
</span><span class="cx">/branches/sts_custom_ops/openam-oauth2-common/oauth2-core:14051-14331
</span><span class="cx">/branches/sts_disable_am_token/openam-oauth2-common/oauth2-core:11204,11229-11233
</span><span class="cx">/branches/sts_filtering/openam-oauth2-common/oauth2-core:1060 \
5-10717,10719-10900,10924,10927,10929-10931,10955,10963-10964,10986,10989,10993,10996,11001-11002,11028-11029
</span><span class="cx">/branches/sts_oidc_saml/openam-oauth2-common/oauth2-core:8310,8352,8355,8368,8378-8379,8387-8388,8403,8410,8416
</span><span class="cx">/branches/sts_oidc_saml_redux/openam-oauth2-common/oauth2-core:8417-8422,8424,8440,8445-8446,8460,8490,8498
</span><span class="cx">/branches/sts_restart_persistence/openam-oauth2-common/oauth2-core:9003-9005,9009-9414
</span><span class="cx">/branches/sts_saml2_encrypt/openam-oauth2-common/oauth2-core:10424-10472,10474-10550
</span><span class="cx">/branches/sts_sans_cxf/openam-oauth2-common/oauth2-core:13383-13518,13532-13542
</span><span class="cx">/branches/sts_service_listeners/openam-oauth2-common/oauth2-core:9968-10031,10047-10048,10053
</span><span class="cx">/branches/sts_soap/openam-oauth2-common/oauth2-core:11665-12039,12056-12242,12273-12321
</span><span class="cx">/branches/sts_tgs_oidc/openam-oauth2-common/oauth2-core:13712-14040
</span><span class="cx">/branches/sts_token_gen_service/openam-oauth2-common/oauth2-c \
ore:8706,8717-8720,8723-8725,8727-8728,8731,8737,8740-8742,8759-8760,8774-8776,8796-8797,8800-8801,8818-8819,8821
</span><span class="cx">/branches/sts_token_gen_service2/openam-oauth2-common/oauth2-core:8844-8887,8894-9000
</span><span class="cx">/branches/sts_x509/openam-oauth2-common/oauth2-core:10206-10398
</span><span class="cx">/fr-branches/11.0.x/openam/openam-oauth2-common/oauth2-core:12232,12915
</span><span class="cx">/fr-branches/12.0.x/openam/openam-oauth2-common/oauth2-core:12351,12627,12922,13050,13455
</span><span class="cx"> + \
/branches/AME-2526-SFO-between-sites/openam/openam-oauth2-common/oauth2-core:7510-8258
</span><span class="cx">/branches/AME-2629/openam/openam-oauth2-common/oauth2-core:7585-7632
</span><span class="cx">/branches/AME-2766-policy-entitlements-REST-APIs/openam/openam-oauth2-common/oauth2-core:8455-8476
</span><span class="cx">/branches/AME-3087-entitlements-CREST-management/openam/openam-oauth2-common/oauth2-core:8481-8664
</span><span class="cx">/branches/AME-3087_query_and_patch/openam/openam-oauth2-common/oauth2-core:8667-8681
</span><span class="cx">/branches/AME-3405-session-read-from-cts/openam/openam-oauth2-common/oauth2-core:8749-8823
</span><span class="cx">/branches/AME-3423/openam/openam-oauth2-common/oauth2-core:10105-10414
</span><span class="cx">/branches/AME-3612-pcunnington/openam/openam-oauth2-common/oauth2-core:9534-9723
</span><span class="cx">/branches/AME-3719/openam/openam-oauth2-common/oauth2-core:9517-9879
</span><span class="cx">/branches/AME-3726-script-sandboxing/openam/openam-oauth2-common/oauth2-core:9663-9819
</span><span class="cx">/branches/AME-4378/openam/openam-oauth2-common/oauth2-core:10443-10621
</span><span class="cx">/branches/AME-4460_AME-4459/openam/openam-oauth2-common/oauth2-core:10437-10535
</span><span class="cx">/branches/AME-4547/openam/openam-oauth2-common/oauth2-core:10585-10783
</span><span class="cx">/branches/AME-4569-XACML-Response-Provider-Support/openam/openam-oauth2-common/oauth2-core:10624-10817
</span><span class="cx">/branches/AME-4595/openam/openam-oauth2-common/oauth2-core:10581-10789
</span><span class="cx">/branches/AME-4609/openam/openam-oauth2-common/oauth2-core:10678-10949
</span><span class="cx">/branches/AME-4616/openam/openam-oauth2-common/oauth2-core:10652-10817
</span><span class="cx">/branches/AME-4638/openam/openam-oauth2-common/oauth2-core:10869-11050
</span><span class="cx">/branches/AME-5023/openam/openam-oauth2-common/oauth2-core:11070-11123
</span><span class="cx">/branches/AME-5326_refactor_and_test_oath_module/openam/openam-oauth2-common/oauth2-core:13066-13428
</span><span class="cx">/branches/AME-5568-stateless-sessions/openam/openam-oauth2-common/oauth2-core:12629-13078
</span><span class="cx">/branches/AME-6128_and_AME-6129_JSONify_attributes_for_OATH/openam/openam-oauth2-common/oauth2-core:13797-13866
</span><span class="cx">/branches/AME-6128_and_AME-6129_new_user_attributes_for_OATH/openam/openam-oauth2-common/oauth2-core:13602-13794
</span><span class="cx">/branches/AME-6369/openam/openam-oauth2-common/oauth2-core:13289-13686
</span><span class="cx">/branches/AME-6627_Remove-LDAP-SDK/openam/openam-oauth2-common/oauth2-core:13713-14249
</span><span class="cx">/branches/AME-7286/openam/openam-oauth2-common/oauth2-core:14363-14465
</span><span class="cx">/branches/AME-7754_UMA_labels/openam/openam-oauth2-common/oauth2-core:14781-14882
</span><span class="cx">/branches/CTS-Async/openam/openam-oauth2-common/oauth2-core:8847-9739
</span><span class="cx">/branches/OPENAM-2961-forgot-password-404/openam/openam-oauth2-common/oauth2-core:8322-8362
</span><span class="cx">/branches/OPENAM-3097-sessions-not-deleted/openam/openam-oauth2-common/oauth2-core:6910-6946
</span><span class="cx">/branches/OPENAM-3130-session-quota/openam/openam-oauth2-common/oauth2-core:6958-6972
</span><span class="cx">/branches/OPENAM-3283-CTS-thread-exceptions/openam/openam-oauth2-common/oauth2-core:7270-7369
</span><span class="cx">/branches/OPENAM-3425-class-cast-exception/openam/openam-oauth2-common/oauth2-core:8333-8359
</span><span class="cx">/branches/OPENAM-3782-forgotten-password-changes/openam/openam-oauth2-common/oauth2-core:8747-8835
</span><span class="cx">/branches/OPENAM-4028-connection-pool/openam/openam-oauth2-common/oauth2-core:9750-10171
</span><span class="cx">/branches/OPENAM-4384-ssoadm-classpath/openam/openam-oauth2-common/oauth2-core:10263-10264
</span><span class="cx">/branches/OPENAM-4394/openam/openam-oauth2-common/oauth2-core:11059-11099
</span><span class="cx">/branches/OPENAM-4775-REST-endpoint-malformed-3/openam/openam-oauth2-common/oauth2-core:11322-11331
</span><span class="cx">/branches/OPENAM-5019_entitlement_condition_validation/openam/openam-oauth2-common/oauth2-core:11455-11491
</span><span class="cx">/branches/OPENAM-5269/openam/openam-oauth2-common/oauth2-core:11838-11851
</span><span class="cx">/branches/OPENAM-5970_trim_unused_qrcode_references/openam/openam-oauth2-common/oauth2-core:13756-13770
</span><span class="cx">/branches/OPENAM-6272-OPENAM-1462-OATH-RFEs/openam/openam-oauth2-common/oauth2-core:14653-14742
</span><span class="cx">/branches/OPENAM-6326-ssoadm-classpath/openam/openam-oauth2-common/oauth2-core:14839-14844
</span><span class="cx">/branches/OPENAM-OPENAM-3528-client-side-session-validation/openam/openam-oauth2-common/oauth2-core:7834-7844
</span><span class="cx">/branches/ame4272/openam/openam-oauth2-common/oauth2-core:10073-10101
</span><span class="cx">/branches/andy-ame-2227-v2/openam/openam-oauth2-common/oauth2-core:7508-7697
</span><span class="cx">/branches/andy-ame1316-connectionfactory/openam/openam-oauth2-common/oauth2-core:5311-5328
</span><span class="cx">/branches/andy-cts-connection-pool/openam/openam-oauth2-common/oauth2-core:7098-7175
</span><span class="cx">/branches/andy-openam-2654/openam/openam-oauth2-common/oauth2-core:6872-6911
</span><span class="cx">/branches/andy-openam-2880/openam/openam-oauth2-common/oauth2-core:6451-6503
</span><span class="cx">/branches/andy-openam-2907/openam/openam-oauth2-common/oauth2-core:6531-6534
</span><span class="cx">/branches/andy-openam-3006/openam/openam-oauth2-common/oauth2-core:6709-6749
</span><span class="cx">/branches/andy-openam-3063/openam/openam-oauth2-common/oauth2-core:6927-6948
</span><span class="cx">/branches/andy-openam-3193/openam/openam-oauth2-common/oauth2-core:7124-7128
</span><span class="cx">/branches/andy-openam-3248/openam/openam-oauth2-common/oauth2-core:7171-7715
</span><span class="cx">/branches/andy-openam2743/openam/openam-oauth2-common/oauth2-core:6372-6439
</span><span class="cx">/branches/andy-openam2744/openam/openam-oauth2-common/oauth2-core:6347-6367
</span><span class="cx">/branches/andyAme2972/openam/openam-oauth2-common/oauth2-core:8270-8318
</span><span class="cx">/branches/andyAme3102/openam/openam-oauth2-common/oauth2-core:8312-8413
</span><span class="cx">/branches/andyAme3196/openam/openam-oauth2-common/oauth2-core:8853-9084
</span><span class="cx">/branches/andyAme5550/openam/openam-oauth2-common/oauth2-core:13493-13515
</span><span class="cx">/branches/andyOpenam1708/openam/openam-oauth2-common/oauth2-core:5576-5592
</span><span class="cx">/branches/andyOpenam2140/openam/openam-oauth2-common/oauth2-core:7819-7862
</span><span class="cx">/branches/andyOpenam2373/openam/openam-oauth2-common/oauth2-core:5600-5706
</span><span class="cx">/branches/andyOpenam2525/openam/openam-oauth2-common/oauth2-core:5601-5733
</span><span class="cx">/branches/andyOpenam3509/openam/openam-oauth2-common/oauth2-core:7881-7963
</span><span class="cx">/branches/andyOpenam3638/openam/openam-oauth2-common/oauth2-core:8094-8172
</span><span class="cx">/branches/andyOpenam3969/openam/openam-oauth2-common/oauth2-core:10453-10977
</span><span class="cx">/branches/apforrest-ame1316/openam/openam-oauth2-common/oauth2-core:4881-5305
</span><span class="cx">/branches/apforrest_ame805_indextree/openam/openam-oauth2-common/oauth2-core:4567-4852
</span><span class="cx">/branches/auditHistory/openam/openam-oauth2-common/oauth2-core:12633-12709
</span><span class="cx">/branches/cert_chain_bug/openam-oauth2-common/oauth2-core:11102-11125
</span><span class="cx">/branches/contextualAuthz/openam/openam-oauth2-common/oauth2-core:12734-12787
</span><span class="cx">/branches/curieResourceTypes/openam/openam-oauth2-common/oauth2-core:12286-12669
</span><span class="cx">/branches/dirk_oauth_perf/openam-oauth2-common/oauth2-core:5904
</span><span class="cx">/branches/dirk_sts/openam-oauth2-common/oauth2-core:5297,5314,5317-5318,5320-5321
</span><span class="cx">/branches/initial_uma/openam/openam-oauth2-common/oauth2-core:12067-12470
</span><span class="cx">/branches/oidc-conf/openam/openam-oauth2-common/oauth2-core:13365-13459
</span><span class="cx">/branches/oidc-conf/openam-oauth2-common/oauth2-core:13312-13363
</span><span class="cx">/branches/oidc-conf2/openam/openam-oauth2-common/oauth2-core:13364
</span><span class="cx">/branches/oidc_authn/openam-oauth2-common/oauth2-core:8507,8540,8557-8559,8565-8566
</span><span class="cx">/branches/openam-3049-cts-reaper-connection-usage/openam/openam-oauth2-common/oauth2-core:6658-6745
</span><span class="cx">/branches/openam-3053-cts-tab-exception/openam/openam-oauth2-common/oauth2-core:6672-6721
</span><span class="cx">/branches/openam-3072-cts-configuration/openam/openam-oauth2-common/oauth2-core:6691-6714
</span><span class="cx">/branches/openam-3092-store-mode-error/openam/openam-oauth2-common/oauth2-core:6729-6733
</span><span class="cx">/branches/openam-3110-create-or-update-bug/openam/openam-oauth2-common/oauth2-core:6767-6804
</span><span class="cx">/branches/openam2742-andy/openam/openam-oauth2-common/oauth2-core:6266-6323
</span><span class="cx">/branches/openam_10.1.0_xacml3_JAS/openam/openam-oauth2-common/oauth2-core:4039-4140
</span><span class="cx">/branches/openam_10.2.0_xacml3_JAS/openam/openam-oauth2-common/oauth2-core:4141-4379
</span><span class="cx">/branches/pcunnington-AME-3115-refactor/openam/openam-oauth2-common/oauth2-core:8348
</span><span class="cx">/branches/pcunnington-AME-3158/openam/openam-oauth2-common/oauth2-core:8476-8577
</span><span class="cx">/branches/pcunnington-AME-350/openam/openam-oauth2-common/oauth2-core:4165-4344
</span><span class="cx">/branches/pcunnington-ame-344/openam/openam-oauth2-common/oauth2-core:4651-5199
</span><span class="cx">/branches/pcunnington-oauth2/openam/openam-oauth2-common/oauth2-core:8710-8793
</span><span class="cx">/branches/phcunnington-AME-3114/openam/openam-oauth2-common/oauth2-core:8314-8341
</span><span class="cx">/branches/policyimprovements/openam/openam-oauth2-common/oauth2-core:5513-5515
</span><span class="cx">/branches/referralsWithoutApplications/openam/openam-oauth2-common/oauth2-core:11071-11119
</span><span class="cx">/branches/rest_sts_publish/openam-oauth2-common/oauth2-core:8167,8180,8214,8227,8245,8260
</span><span class="cx">/branches/rest_sts_view_bean/openam-oauth2-common/oauth2-core:9690-9965
</span><span class="cx">/branches/rwapshott-AME-1739/openam/openam-oauth2-common/oauth2-core:5331-5353
</span><span class="cx">/branches/rwapshott-AME-215/openam/openam-oauth2-common/oauth2-core:4091-4155
</span><span class="cx">/branches/rwapshott-AME-257/openam/openam-oauth2-common/oauth2-core:4047-4126
</span><span class="cx">/branches/rwapshott-AME-804/openam/openam-oauth2-common/oauth2-core:4267-5404
</span><span class="cx">/branches/rwapshott-ame-2027-cts-oids-should-follow-fr-oid-scheme/openam/openam-oauth2-common/oauth2-core:5609-5614
</span><span class="cx">/branches/rwapshott-ame-2160-session-size/openam/openam-oauth2-common/oauth2-core:6086-6319
</span><span class="cx">/branches/rwapshott-ame-2311-index-names/openam/openam-oauth2-common/oauth2-core:6058-6069
</span><span class="cx">/branches/rwapshott-ame-258-cts-replication/openam/openam-oauth2-common/oauth2-core:5548-6055
</span><span class="cx">/branches/rwapshott-openam-2198-session-resource-protection/openam/openam-oauth2-common/oauth2-core:5628-5824
</span><span class="cx">/branches/rwapshott-openam-2526/openam/openam-oauth2-common/oauth2-core:5442-5484
</span><span class="cx">/branches/rwapshott-openam-2716-cts-invalid-chars/openam/openam-oauth2-common/oauth2-core:6170-6194
</span><span class="cx">/branches/rwapshott-openam-2729-saml2-error/openam/openam-oauth2-common/oauth2-core:6247-6257
</span><span class="cx">/branches/soap_sts_admin_ui/openam-oauth2-common/oauth2-core:14254-14454
</span><span class="cx">/branches/soap_sts_auth/openam-oauth2-common/oauth2-core:12414,12467-12578
</span><span class="cx">/branches/soap_sts_config/openam-oauth2-common/oauth2-core:12590-12719,12744
</span><span class="cx">/branches/soap_sts_policy/openam-oauth2-common/oauth2-core:12762-13106,13172-13354
</span><span class="cx">/branches/soap_sts_tgs/openam-oauth2-common/oauth2-core:9585-9618
</span><span class="cx">/branches/soap_sts_x509/openam-oauth2-common/oauth2-core:13550-13640,13667,13693
</span><span class="cx">/branches/stateless_logout/openam/openam-oauth2-common/oauth2-core:12511-13298
</span><span class="cx">/branches/sts_client_sdk/openam-oauth2-common/oauth2-core:11175-11185
</span><span class="cx">/branches/sts_custom_ops/openam-oauth2-common/oauth2-core:14051-14331
</span><span class="cx">/branches/sts_disable_am_token/openam-oauth2-common/oauth2-core:11204,11229-11233
</span><span class="cx">/branches/sts_filtering/openam-oauth2-common/oauth2-core:1060 \
5-10717,10719-10900,10924,10927,10929-10931,10955,10963-10964,10986,10989,10993,10996,11001-11002,11028-11029
</span><span class="cx">/branches/sts_oidc_saml/openam-oauth2-common/oauth2-core:8310,8352,8355,8368,8378-8379,8387-8388,8403,8410,8416
</span><span class="cx">/branches/sts_oidc_saml_redux/openam-oauth2-common/oauth2-core:8417-8422,8424,8440,8445-8446,8460,8490,8498
</span><span class="cx">/branches/sts_restart_persistence/openam-oauth2-common/oauth2-core:9003-9005,9009-9414
</span><span class="cx">/branches/sts_saml2_encrypt/openam-oauth2-common/oauth2-core:10424-10472,10474-10550
</span><span class="cx">/branches/sts_sans_cxf/openam-oauth2-common/oauth2-core:13383-13518,13532-13542
</span><span class="cx">/branches/sts_service_listeners/openam-oauth2-common/oauth2-core:9968-10031,10047-10048,10053
</span><span class="cx">/branches/sts_soap/openam-oauth2-common/oauth2-core:11665-12039,12056-12242,12273-12321
</span><span class="cx">/branches/sts_tgs_oidc/openam-oauth2-common/oauth2-core:13712-14040
</span><span class="cx">/branches/sts_token_gen_service/openam-oauth2-common/oauth2-c \
ore:8706,8717-8720,8723-8725,8727-8728,8731,8737,8740-8742,8759-8760,8774-8776,8796-8797,8800-8801,8818-8819,8821
</span><span class="cx">/branches/sts_token_gen_service2/openam-oauth2-common/oauth2-core:8844-8887,8894-9000
</span><span class="cx">/branches/sts_x509/openam-oauth2-common/oauth2-core:10206-10398
</span><span class="cx">/fr-branches/11.0.x/openam/openam-oauth2-common/oauth2-core:12232,12915
</span><span class="cx">/fr-branches/12.0.x/openam/openam-oauth2-common/oauth2-core:12351,12627,12922,13050,13455
</span><span class="cx">/trunk/openam/openam-oauth2-common/oauth2-core:14738-14908
</span><a id="branchesAME7692_noRestartsAuthopenamopenamoauth2commonoauth2coresrcmainjavaorgforgerockoauth2coreAccessTokenVerifierjava"></a>
<div class="modfile"><h4>Modified: \
branches/AME-7692_noRestartsAuth/openam/openam-oauth2-common/oauth2-core/src/main/java/org/forgerock/oauth2/core/AccessTokenVerifier.java \
(14908 => 14909)</h4> <pre class="diff"><span>
<span class="info">--- \
branches/AME-7692_noRestartsAuth/openam/openam-oauth2-common/oauth2-core/src/main/java/org/forgerock/oauth2/core/AccessTokenVerifier.java 2015-07-31 \
14:42:37 UTC (rev 14908)
+++ branches/AME-7692_noRestartsAuth/openam/openam-oauth2-common/oauth2-core/src/main/java/org/forgerock/oauth2/core/AccessTokenVerifier.java 2015-07-31 \
15:38:51 UTC (rev 14909) </span><span class="lines">@@ -17,6 +17,7 @@
</span><span class="cx"> package org.forgerock.oauth2.core;
</span><span class="cx">
</span><span class="cx"> import \
org.forgerock.oauth2.core.exceptions.InvalidGrantException; </span><ins>+import \
org.forgerock.oauth2.core.exceptions.NotFoundException; </ins><span class="cx"> \
import org.forgerock.oauth2.core.exceptions.ServerException; </span><span class="cx"> \
import org.slf4j.Logger; </span><span class="cx"> import org.slf4j.LoggerFactory;
</span><span class="lines">@@ -64,6 +65,8 @@
</span><span class="cx"> logger.debug(e.getMessage());
</span><span class="cx"> } catch (InvalidGrantException e) {
</span><span class="cx"> logger.debug(e.getMessage());
</span><ins>+ } catch (NotFoundException e) {
+ logger.debug(e.getMessage());
</ins><span class="cx"> }
</span><span class="cx"> return INVALID_TOKEN;
</span><span class="cx"> }
</span></span></pre></div>
<a id="branchesAME7692_noRestartsAuthopenamopenamoauth2commonoauth2coresrcmainjavaorgforgerockoauth2coreClientRegistrationStorejava"></a>
<div class="modfile"><h4>Modified: \
branches/AME-7692_noRestartsAuth/openam/openam-oauth2-common/oauth2-core/src/main/java/org/forgerock/oauth2/core/ClientRegistrationStore.java \
(14908 => 14909)</h4> <pre class="diff"><span>
<span class="info">--- \
branches/AME-7692_noRestartsAuth/openam/openam-oauth2-common/oauth2-core/src/main/java/org/forgerock/oauth2/core/ClientRegistrationStore.java 2015-07-31 \
14:42:37 UTC (rev 14908)
+++ branches/AME-7692_noRestartsAuth/openam/openam-oauth2-common/oauth2-core/src/main/java/org/forgerock/oauth2/core/ClientRegistrationStore.java 2015-07-31 \
15:38:51 UTC (rev 14909) </span><span class="lines">@@ -11,12 +11,13 @@
</span><span class="cx"> * Header, with the fields enclosed by brackets [] replaced \
by your own identifying </span><span class="cx"> * information: "Portions \
copyright [year] [name of copyright owner]". </span><span class="cx"> *
</span><del>- * Copyright 2014 ForgeRock AS.
</del><ins>+ * Copyright 2014-2015 ForgeRock AS.
</ins><span class="cx"> */
</span><span class="cx">
</span><span class="cx"> package org.forgerock.oauth2.core;
</span><span class="cx">
</span><span class="cx"> import \
org.forgerock.oauth2.core.exceptions.InvalidClientException; </span><ins>+import \
org.forgerock.oauth2.core.exceptions.NotFoundException; </ins><span class="cx">
</span><span class="cx"> /**
</span><span class="cx"> * The OAuth2 providers store for all client registrations.
</span><span class="lines">@@ -32,6 +33,8 @@
</span><span class="cx"> * @param request The OAuth2 request.
</span><span class="cx"> * @return The ClientRegistration.
</span><span class="cx"> * @throws InvalidClientException If client cannot be \
retrieved from the store. </span><ins>+ * @throws NotFoundException If requested \
realm doesn't exist </ins><span class="cx"> */
</span><del>- ClientRegistration get(String clientId, OAuth2Request request) \
throws InvalidClientException; </del><ins>+ ClientRegistration get(String \
clientId, OAuth2Request request) + throws InvalidClientException, \
NotFoundException; </ins><span class="cx"> }
</span></span></pre></div>
<a id="branchesAME7692_noRestartsAuthopenamopenamoauth2commonoauth2coresrcmainjavaorgforgerockoauth2coreOAuth2Constantsjava"></a>
<div class="modfile"><h4>Modified: \
branches/AME-7692_noRestartsAuth/openam/openam-oauth2-common/oauth2-core/src/main/java/org/forgerock/oauth2/core/OAuth2Constants.java \
(14908 => 14909)</h4> <pre class="diff"><span>
<span class="info">--- \
branches/AME-7692_noRestartsAuth/openam/openam-oauth2-common/oauth2-core/src/main/java/org/forgerock/oauth2/core/OAuth2Constants.java 2015-07-31 \
14:42:37 UTC (rev 14908)
+++ branches/AME-7692_noRestartsAuth/openam/openam-oauth2-common/oauth2-core/src/main/java/org/forgerock/oauth2/core/OAuth2Constants.java 2015-07-31 \
15:38:51 UTC (rev 14909) </span><span class="lines">@@ -1041,6 +1041,7 @@
</span><span class="cx"> public static final String SCOPES = \
"scopes"; </span><span class="cx"> public static final String \
ICON_URI = "icon_uri"; </span><span class="cx"> public static final \
String CLIENT_ID = "client_id"; </span><ins>+ public static final \
String LABELS = "labels"; </ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> /**
</span></span></pre></div>
<a id="branchesAME7692_noRestartsAuthopenamopenamoauth2commonoauth2coresrcmainjavaorgforgerockoauth2coreOAuth2ProviderSettingsFactoryjava"></a>
<div class="modfile"><h4>Modified: \
branches/AME-7692_noRestartsAuth/openam/openam-oauth2-common/oauth2-core/src/main/java/org/forgerock/oauth2/core/OAuth2ProviderSettingsFactory.java \
(14908 => 14909)</h4> <pre class="diff"><span>
<span class="info">--- \
branches/AME-7692_noRestartsAuth/openam/openam-oauth2-common/oauth2-core/src/main/java/org/forgerock/oauth2/core/OAuth2ProviderSettingsFactory.java 2015-07-31 \
14:42:37 UTC (rev 14908)
+++ branches/AME-7692_noRestartsAuth/openam/openam-oauth2-common/oauth2-core/src/main/java/org/forgerock/oauth2/core/OAuth2ProviderSettingsFactory.java 2015-07-31 \
15:38:51 UTC (rev 14909) </span><span class="lines">@@ -11,11 +11,13 @@
</span><span class="cx"> * Header, with the fields enclosed by brackets [] replaced \
by your own identifying </span><span class="cx"> * information: "Portions \
copyright [year] [name of copyright owner]". </span><span class="cx"> *
</span><del>- * Copyright 2014 ForgeRock AS.
</del><ins>+ * Copyright 2014-2015 ForgeRock AS.
</ins><span class="cx"> */
</span><span class="cx">
</span><span class="cx"> package org.forgerock.oauth2.core;
</span><span class="cx">
</span><ins>+import javax.servlet.http.HttpServletRequest;
+
</ins><span class="cx"> import \
org.forgerock.oauth2.core.exceptions.NotFoundException; </span><span class="cx">
</span><span class="cx"> /**
</span><span class="lines">@@ -35,4 +37,13 @@
</span><span class="cx"> * @return A OAuth2ProviderSettings instance.
</span><span class="cx"> */
</span><span class="cx"> OAuth2ProviderSettings get(final OAuth2Request request) \
throws NotFoundException; </span><ins>+
+ /**
+ * Gets the instance of the OAuth2ProviderSettings.
+ *
+ * @param realm The realm.
+ * @param req The request that can be used to obtain the base deployment url.
+ * @return The OAuth2ProviderSettings instance.
+ */
+ OAuth2ProviderSettings get(String realm, HttpServletRequest req) throws \
NotFoundException; </ins><span class="cx"> }
</span></span></pre></div>
<a id="branchesAME7692_noRestartsAuthopenamopenamoauth2commonoauth2coresrcmainjavaorgforgerockoauth2coreOAuth2TokenIntrospectionHandlerjava"></a>
<div class="modfile"><h4>Modified: \
branches/AME-7692_noRestartsAuth/openam/openam-oauth2-common/oauth2-core/src/main/java/org/forgerock/oauth2/core/OAuth2TokenIntrospectionHandler.java \
(14908 => 14909)</h4> <pre class="diff"><span>
<span class="info">--- \
branches/AME-7692_noRestartsAuth/openam/openam-oauth2-common/oauth2-core/src/main/java/org/forgerock/oauth2/core/OAuth2TokenIntrospectionHandler.java 2015-07-31 \
14:42:37 UTC (rev 14908)
+++ branches/AME-7692_noRestartsAuth/openam/openam-oauth2-common/oauth2-core/src/main/java/org/forgerock/oauth2/core/OAuth2TokenIntrospectionHandler.java 2015-07-31 \
15:38:51 UTC (rev 14909) </span><span class="lines">@@ -81,7 +81,7 @@
</span><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> protected IntrospectableToken \
getIntrospectableToken(OAuth2Request request, String tokenType, String tokenId) \
</span><del>- throws ServerException { </del><ins>+ throws \
ServerException, NotFoundException { </ins><span class="cx"> \
IntrospectableToken token = null; </span><span class="cx">
</span><span class="cx"> if (token == null && (tokenType == null || \
ACCESS_TOKEN_TYPE.equals(tokenType))) { </span></span></pre></div>
<a id="branchesAME7692_noRestartsAuthopenamopenamoauth2commonoauth2coresrcmainjavaorgforgerockoauth2coreResourceOwnerAuthenticatorjava"></a>
<div class="modfile"><h4>Modified: \
branches/AME-7692_noRestartsAuth/openam/openam-oauth2-common/oauth2-core/src/main/java/org/forgerock/oauth2/core/ResourceOwnerAuthenticator.java \
(14908 => 14909)</h4> <pre class="diff"><span>
<span class="info">--- \
branches/AME-7692_noRestartsAuth/openam/openam-oauth2-common/oauth2-core/src/main/java/org/forgerock/oauth2/core/ResourceOwnerAuthenticator.java 2015-07-31 \
14:42:37 UTC (rev 14908)
+++ branches/AME-7692_noRestartsAuth/openam/openam-oauth2-common/oauth2-core/src/main/java/org/forgerock/oauth2/core/ResourceOwnerAuthenticator.java 2015-07-31 \
15:38:51 UTC (rev 14909) </span><span class="lines">@@ -11,11 +11,13 @@
</span><span class="cx"> * Header, with the fields enclosed by brackets [] replaced \
by your own identifying </span><span class="cx"> * information: "Portions \
copyright [year] [name of copyright owner]". </span><span class="cx"> *
</span><del>- * Copyright 2014 ForgeRock AS.
</del><ins>+ * Copyright 2014-2015 ForgeRock AS.
</ins><span class="cx"> */
</span><span class="cx">
</span><span class="cx"> package org.forgerock.oauth2.core;
</span><span class="cx">
</span><ins>+import org.forgerock.oauth2.core.exceptions.NotFoundException;
+
</ins><span class="cx"> /**
</span><span class="cx"> * Authenticates a resource owner from the credentials \
provided on the request. </span><span class="cx"> *
</span><span class="lines">@@ -28,7 +30,8 @@
</span><span class="cx"> * against the OAuth2 provider's internal user store.
</span><span class="cx"> *
</span><span class="cx"> * @param request The OAuth2 request.
</span><ins>+ * @throws NotFoundException if the requested realm doesn't exist
</ins><span class="cx"> * @return The authenticated ResourceOwner, or {@code \
null} if authentication failed. </span><span class="cx"> */
</span><del>- ResourceOwner authenticate(OAuth2Request request);
</del><ins>+ ResourceOwner authenticate(OAuth2Request request) throws \
NotFoundException; </ins><span class="cx"> }
</span></span></pre></div>
<a id="branchesAME7692_noRestartsAuthopenamopenamoauth2commonoauth2coresrcmainjavaorgforgerockoauth2coreTokenStorejava"></a>
<div class="modfile"><h4>Modified: \
branches/AME-7692_noRestartsAuth/openam/openam-oauth2-common/oauth2-core/src/main/java/org/forgerock/oauth2/core/TokenStore.java \
(14908 => 14909)</h4> <pre class="diff"><span>
<span class="info">--- \
branches/AME-7692_noRestartsAuth/openam/openam-oauth2-common/oauth2-core/src/main/java/org/forgerock/oauth2/core/TokenStore.java 2015-07-31 \
14:42:37 UTC (rev 14908)
+++ branches/AME-7692_noRestartsAuth/openam/openam-oauth2-common/oauth2-core/src/main/java/org/forgerock/oauth2/core/TokenStore.java 2015-07-31 \
15:38:51 UTC (rev 14909) </span><span class="lines">@@ -98,8 +98,10 @@
</span><span class="cx"> * @throws InvalidGrantException If a problem occurs \
whilst retrieving the Authorization Code or if the read token </span><span \
class="cx"> * is not an Authorization Code. </span><span class="cx"> * \
@throws ServerException If any internal server error occurs. </span><ins>+ * \
@throws NotFoundException If the requested realm does not exist. </ins><span \
class="cx"> */ </span><del>- AuthorizationCode \
readAuthorizationCode(OAuth2Request request, String code) throws \
InvalidGrantException, ServerException; </del><ins>+ AuthorizationCode \
readAuthorizationCode(OAuth2Request request, String code) + throws \
InvalidGrantException, ServerException, NotFoundException; </ins><span class="cx">
</span><span class="cx"> /**
</span><span class="cx"> * Updates an Authorization Code.
</span><span class="lines">@@ -159,9 +161,10 @@
</span><span class="cx"> * @return The Access Token.
</span><span class="cx"> * @throws InvalidGrantException If the read token is \
not an Access Token. </span><span class="cx"> * @throws ServerException If the \
token could not be read by the server. </span><ins>+ * @throws NotFoundException \
If the requested realm does not exist. </ins><span class="cx"> */
</span><span class="cx"> AccessToken readAccessToken(OAuth2Request request, \
String tokenId) throws ServerException, </span><del>- \
InvalidGrantException; </del><ins>+ InvalidGrantException, \
NotFoundException; </ins><span class="cx">
</span><span class="cx"> /**
</span><span class="cx"> * Reads a Refresh Token from the OAuth2 Provider's \
store with the specified identifier. </span><span class="lines">@@ -171,7 +174,8 @@
</span><span class="cx"> * @return The Refresh Token.
</span><span class="cx"> * @throws InvalidGrantException If the read token is \
not a Refresh Token. </span><span class="cx"> * @throws ServerException If the \
token could not be read by the server. </span><ins>+ * @throws NotFoundException \
If the requested realm does not exist. </ins><span class="cx"> */
</span><span class="cx"> RefreshToken readRefreshToken(OAuth2Request request, \
String tokenId) throws ServerException, </span><del>- \
InvalidGrantException; </del><ins>+ InvalidGrantException, \
NotFoundException; </ins><span class="cx"> }
</span></span></pre></div>
<a id="branchesAME7692_noRestartsAuthopenamopenamoauth2commonoauth2restletsrcmainjavaorgforgerockoauth2restletresourcesResourceSetDescriptionValidatorjava"></a>
<div class="modfile"><h4>Modified: \
branches/AME-7692_noRestartsAuth/openam/openam-oauth2-common/oauth2-restlet/src/main/java/org/forgerock/oauth2/restlet/resources/ResourceSetDescriptionValidator.java \
(14908 => 14909)</h4> <pre class="diff"><span>
<span class="info">--- \
branches/AME-7692_noRestartsAuth/openam/openam-oauth2-common/oauth2-restlet/src/main/j \
ava/org/forgerock/oauth2/restlet/resources/ResourceSetDescriptionValidator.java 2015-07-31 \
14:42:37 UTC (rev 14908)
+++ branches/AME-7692_noRestartsAuth/openam/openam-oauth2-common/oauth2-restlet/src/ma \
in/java/org/forgerock/oauth2/restlet/resources/ResourceSetDescriptionValidator.java 2015-07-31 \
15:38:51 UTC (rev 14909) </span><span class="lines">@@ -50,6 +50,7 @@
</span><span class="cx"> validateType(description);
</span><span class="cx"> validateScopes(description);
</span><span class="cx"> validateIconUri(description);
</span><ins>+ validateLabels(description);
</ins><span class="cx">
</span><span class="cx"> return resourceSetDescription;
</span><span class="cx"> }
</span><span class="lines">@@ -109,4 +110,13 @@
</span><span class="cx"> }
</span><span class="cx"> }
</span><span class="cx"> }
</span><ins>+
+ private void validateLabels(JsonValue description) throws BadRequestException {
+ try {
+ description.get(OAuth2Constants.ResourceSets.LABELS).asSet(String.class);
+ } catch (JsonValueException e) {
+ throw new BadRequestException("Invalid Resource Set Description. \
Optional attribute, 'labels', must be an " + + "array of \
Strings."); + }
+ }
</ins><span class="cx"> }
</span></span></pre></div>
<a id="branchesAME7692_noRestartsAuthopenamopenamoauth2commonoauth2restletsrcmainjavaorgforgerockoauth2restletresourcesResourceSetRegistrationEndpointjava"></a>
<div class="delfile"><h4>Deleted: \
branches/AME-7692_noRestartsAuth/openam/openam-oauth2-common/oauth2-restlet/src/main/java/org/forgerock/oauth2/restlet/resources/ResourceSetRegistrationEndpoint.java \
(14908 => 14909)</h4> <pre class="diff"><span>
<span class="info">--- \
branches/AME-7692_noRestartsAuth/openam/openam-oauth2-common/oauth2-restlet/src/main/j \
ava/org/forgerock/oauth2/restlet/resources/ResourceSetRegistrationEndpoint.java 2015-07-31 \
14:42:37 UTC (rev 14908)
+++ branches/AME-7692_noRestartsAuth/openam/openam-oauth2-common/oauth2-restlet/src/ma \
in/java/org/forgerock/oauth2/restlet/resources/ResourceSetRegistrationEndpoint.java 2015-07-31 \
15:38:51 UTC (rev 14909) </span><span class="lines">@@ -1,272 +0,0 @@
</span><del>-/*
- * The contents of this file are subject to the terms of the Common Development and
- * Distribution License (the License). You may not use this file except in \
compliance with the
- * License.
- *
- * You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for \
the
- * specific language governing permission and limitations under the License.
- *
- * When distributing Covered Software, include this CDDL Header Notice in each file \
and include
- * the License file at legal/CDDLv1.0.txt. If applicable, add the following below \
the CDDL
- * Header, with the fields enclosed by brackets [] replaced by your own identifying
- * information: "Portions copyright [year] [name of copyright owner]".
- *
- * Copyright 2015 ForgeRock AS.
- */
-
-package org.forgerock.oauth2.restlet.resources;
-
-import javax.inject.Inject;
-import java.util.Collections;
-import java.util.HashMap;
-import java.util.HashSet;
-import java.util.Map;
-import java.util.Set;
-
-import org.apache.commons.lang.StringUtils;
-import org.forgerock.json.fluent.JsonValue;
-import org.forgerock.oauth2.core.AccessToken;
-import org.forgerock.oauth2.core.OAuth2Constants;
-import org.forgerock.oauth2.core.OAuth2ProviderSettingsFactory;
-import org.forgerock.oauth2.core.OAuth2Request;
-import org.forgerock.oauth2.core.OAuth2RequestFactory;
-import org.forgerock.oauth2.core.exceptions.BadRequestException;
-import org.forgerock.oauth2.core.exceptions.NotFoundException;
-import org.forgerock.oauth2.core.exceptions.ServerException;
-import org.forgerock.oauth2.resources.ResourceSetDescription;
-import org.forgerock.oauth2.resources.ResourceSetStore;
-import org.forgerock.openam.cts.api.fields.ResourceSetTokenField;
-import org.forgerock.openam.utils.JsonValueBuilder;
-import org.forgerock.util.query.QueryFilter;
-import org.json.JSONException;
-import org.restlet.Request;
-import org.restlet.data.Status;
-import org.restlet.data.Tag;
-import org.restlet.ext.jackson.JacksonRepresentation;
-import org.restlet.ext.json.JsonRepresentation;
-import org.restlet.representation.EmptyRepresentation;
-import org.restlet.representation.Representation;
-import org.restlet.resource.Delete;
-import org.restlet.resource.Get;
-import org.restlet.resource.Post;
-import org.restlet.resource.Put;
-import org.restlet.resource.ResourceException;
-import org.restlet.resource.ServerResource;
-
-/**
- * Restlet endpoint for OAuth2 resource servers to register resource set that should \
be protected.
- *
- * @link https://tools.ietf.org/html/draft-hardjono-oauth-resource-reg-04
- * @since 13.0.0
- */
-public class ResourceSetRegistrationEndpoint extends ServerResource {
-
- private static final String RESOURCE_SET_ID_KEY = "rsid";
- private static final String ID_FIELD = "_id";
- private static final String POLICY_URI_FIELD = \
"user_access_policy_uri";
-
- private final OAuth2ProviderSettingsFactory providerSettingsFactory;
- private final ResourceSetDescriptionValidator validator;
- private final OAuth2RequestFactory<Request> requestFactory;
- private final Set<ResourceSetRegistrationListener> listeners;
-
- /**
- * Construct a new ResourceSetRegistrationEndpoint instance.
- *
- * @param providerSettingsFactory An instance of the {@link \
OAuth2ProviderSettingsFactory}.
- * @param validator An instance of the {@link ResourceSetDescriptionValidator}.
- * @param requestFactory An instance of the OAuth2RequestFactory.
- * @param listeners A {@code Set} of {@code ResourceSetRegistrationListener}s.
- */
- @Inject
- public ResourceSetRegistrationEndpoint(OAuth2ProviderSettingsFactory \
providerSettingsFactory,
- ResourceSetDescriptionValidator validator, \
OAuth2RequestFactory<Request> requestFactory,
- Set<ResourceSetRegistrationListener> listeners) {
- this.providerSettingsFactory = providerSettingsFactory;
- this.validator = validator;
- this.requestFactory = requestFactory;
- this.listeners = listeners;
- }
-
- /**
- * <p>Creates or updates a resource set description.</p>
- *
- * <p>If the request contains a If-Match header an update is performed, \
otherwise a create is performed.</p>
- *
- * <p>An update will replace the current description of the resource set \
with the contents of the request body.</p>
- *
- * @param entity The new resource set description.
- * @return A JSON object containing the authorization server's unique id for the \
resource set and, optionally,
- * a policy uri.
- * @throws NotFoundException If the requested resource set description does not \
exist.
- * @throws ServerException When an error occurs during creating or updating.
- * @throws BadRequestException If the request JSON is invalid.
- */
-
- @Post
- public Representation createResourceSet(JsonRepresentation entity) throws \
NotFoundException, ServerException,
- BadRequestException {
- ResourceSetDescription resourceSetDescription = new \
ResourceSetDescription(null, getClientId(),
- getResourceOwnerId(), validator.validate(toMap(entity)));
- OAuth2Request oAuth2Request = requestFactory.create(getRequest());
- ResourceSetStore store = \
providerSettingsFactory.get(oAuth2Request).getResourceSetStore();
-
- QueryFilter<String> query = QueryFilter.and(
- QueryFilter.equalTo(ResourceSetTokenField.NAME, \
resourceSetDescription.getName()),
- QueryFilter.equalTo(ResourceSetTokenField.CLIENT_ID, getClientId()),
- QueryFilter.equalTo(ResourceSetTokenField.RESOURCE_OWNER_ID, \
getResourceOwnerId()));
-
- if (!store.query(query).isEmpty()) {
- getResponse().setStatus(Status.CLIENT_ERROR_BAD_REQUEST);
- Map<String, Object> response = new HashMap<String, \
Object>();
- response.put(OAuth2Constants.Params.ERROR, \
Status.CLIENT_ERROR_BAD_REQUEST.getReasonPhrase());
- response.put(OAuth2Constants.Params.ERROR_DESCRIPTION, "A shared \
item with the name '" +
- resourceSetDescription.getName() + "' already \
exists");
- return new JsonRepresentation(response);
- }
-
- store.create(oAuth2Request, resourceSetDescription);
- for (ResourceSetRegistrationListener listener : listeners) {
- listener.resourceSetCreated(oAuth2Request.<String>getParameter("realm"), \
resourceSetDescription);
- }
- getResponse().setStatus(Status.SUCCESS_CREATED);
- return createJsonResponse(resourceSetDescription, false, true);
- }
-
- @Put
- public Representation updateResourceSet(JsonRepresentation entity) throws \
NotFoundException,
- ServerException, BadRequestException {
-
- if (!isConditionalRequest()) {
- throw new ResourceException(512, "precondition_failed", \
"Require If-Match header to update Resource Set",
- null);
- }
-
- ResourceSetStore store = \
providerSettingsFactory.get(requestFactory.create(getRequest())).getResourceSetStore();
- ResourceSetDescription resourceSetDescription = \
store.read(getResourceSetId())
- .update(validator.validate(toMap(entity)));
- store.update(resourceSetDescription);
- return createJsonResponse(resourceSetDescription, false, true);
- }
-
- /**
- * Reads the requested resource set description or queries all the client's \
(resource server's) resource sets.
- *
- * @return When reading returns a JSON object of the authorization server's \
unique id and the description of the
- * resource set. When querying returns a JSON array of the resource set ids.
- * @throws NotFoundException If the requested resource set description does not \
exist.
- * @throws ServerException When the resource set description cannot be loaded.
- */
- @Get
- public Representation readOrListResourceSet() throws NotFoundException, \
ServerException {
- String resourceSetId = getResourceSetId();
- if (resourceSetId == null || resourceSetId.isEmpty()) {
- return listResourceSets();
- } else {
- return readResourceSet(resourceSetId);
- }
- }
-
- private Representation readResourceSet(String resourceSetId) throws \
NotFoundException, ServerException {
- ResourceSetStore store = \
providerSettingsFactory.get(requestFactory.create(getRequest())).getResourceSetStore();
- return createJsonResponse(store.read(resourceSetId), true, true);
- }
-
- private Representation listResourceSets() throws ServerException, \
NotFoundException {
- ResourceSetStore store = \
providerSettingsFactory.get(requestFactory.create(getRequest())).getResourceSetStore();
- QueryFilter<String> query = QueryFilter.and(
- QueryFilter.equalTo(ResourceSetTokenField.CLIENT_ID, getClientId()),
- QueryFilter.equalTo(ResourceSetTokenField.RESOURCE_OWNER_ID, \
getResourceOwnerId()));
- Set<ResourceSetDescription> resourceSetDescriptions = \
store.query(query);
-
- Set<String> resourceSetIds = new HashSet<String>();
-
- for (ResourceSetDescription resourceSetDescription : \
resourceSetDescriptions) {
- resourceSetIds.add(resourceSetDescription.getId());
- }
-
- return new JacksonRepresentation<Set<String>>(resourceSetIds);
- }
-
- /**
- * <p>Deletes the resource set description for the request resource set id \
as long as the If-Match header matches
- * the current version of the resource set.</p>
- *
- * <p>If no If-Match header is present on the request a 512 Precondition \
Failed response will be returned.</p>
- *
- * @return An empty representation.
- * @throws NotFoundException If the requested resource set description does not \
exist.
- * @throws ServerException When an error occurs during removal.
- */
- @Delete
- public Representation deleteResourceSet() throws NotFoundException, \
ServerException {
-
- if (!isConditionalRequest()) {
- throw new ResourceException(512, "precondition_failed", \
"Require If-Match header to delete Resource Set",
- null);
- }
-
- ResourceSetStore store = \
providerSettingsFactory.get(requestFactory.create(getRequest())).getResourceSetStore();
- store.delete(getResourceSetId(), getResourceOwnerId());
- return createEmptyResponse();
- }
-
- private boolean isConditionalRequest() {
- return !getConditions().getMatch().isEmpty();
- }
-
- private String getResourceSetId() {
- return (String) getRequestAttributes().get(RESOURCE_SET_ID_KEY);
- }
-
- private String getClientId() {
- return requestFactory.create(getRequest()).getToken(AccessToken.class).getClientId();
- }
-
- private String getResourceOwnerId() {
- return requestFactory.create(getRequest()).getToken(AccessToken.class).getResourceOwnerId();
- }
-
- private Representation createJsonResponse(ResourceSetDescription \
resourceSetDescription, boolean includeResourceSet,
- boolean withPolicyUri) {
- Map<String, Object> response = new HashMap<String, Object>();
- if (includeResourceSet) {
- response = new HashMap<String, \
Object>(resourceSetDescription.asMap());
- }
- response.put(ID_FIELD, resourceSetDescription.getId());
- if (withPolicyUri && resourceSetDescription.getPolicyUri() != null) \
{
- response.put(POLICY_URI_FIELD, resourceSetDescription.getPolicyUri());
- }
- Representation representation = new JacksonRepresentation<Map<String, \
Object>>(response);
- representation.setTag(generateETag(resourceSetDescription));
- return representation;
- }
-
- private Representation createEmptyResponse() {
- Representation representation = new EmptyRepresentation();
- getResponse().setStatus(new Status(204));
- return representation;
- }
-
- private Tag generateETag(ResourceSetDescription resourceSetDescription) {
- return new Tag(Integer.toString(resourceSetDescription.hashCode()), true);
- }
-
- private Map<String, Object> toMap(JsonRepresentation entity) throws \
BadRequestException {
- if (entity == null) {
- return Collections.emptyMap();
- }
-
- try {
- final String jsonString = entity.getJsonObject().toString();
- if (StringUtils.isNotEmpty(jsonString)) {
- JsonValue jsonContent = JsonValueBuilder.toJsonValue(jsonString);
- return jsonContent.asMap(Object.class);
- }
-
- return Collections.emptyMap();
- } catch (JSONException e) {
- throw new BadRequestException(e.getMessage());
- }
- }
-}
</del></span></pre></div>
<a id="branchesAME7692_noRestartsAuthopenamopenamoauth2commonoauth2restletsrcmainjavaorgforgerockopenamoauth2AccessTokenProtectionFilterjava"></a>
<div class="modfile"><h4>Modified: \
branches/AME-7692_noRestartsAuth/openam/openam-oauth2-common/oauth2-restlet/src/main/java/org/forgerock/openam/oauth2/AccessTokenProtectionFilter.java \
(14908 => 14909)</h4> <pre class="diff"><span>
<span class="info">--- \
branches/AME-7692_noRestartsAuth/openam/openam-oauth2-common/oauth2-restlet/src/main/java/org/forgerock/openam/oauth2/AccessTokenProtectionFilter.java 2015-07-31 \
14:42:37 UTC (rev 14908)
+++ branches/AME-7692_noRestartsAuth/openam/openam-oauth2-common/oauth2-restlet/src/main/java/org/forgerock/openam/oauth2/AccessTokenProtectionFilter.java 2015-07-31 \
15:38:51 UTC (rev 14909) </span><span class="lines">@@ -26,6 +26,7 @@
</span><span class="cx"> import \
org.forgerock.oauth2.core.exceptions.InvalidRequestException; </span><span \
class="cx"> import org.forgerock.oauth2.core.exceptions.InvalidTokenException; \
</span><span class="cx"> import org.forgerock.oauth2.core.exceptions.OAuth2Exception; \
</span><ins>+import org.forgerock.oauth2.core.exceptions.NotFoundException; \
</ins><span class="cx"> import org.forgerock.oauth2.core.exceptions.ServerException; \
</span><span class="cx"> import org.restlet.Request; </span><span class="cx"> import \
org.restlet.Response; </span><span class="lines">@@ -75,6 +76,9 @@
</span><span class="cx"> }
</span><span class="cx"> } catch (ServerException e) {
</span><span class="cx"> failure = new Status(500, e);
</span><ins>+ } catch (NotFoundException e) {
+ debug.message("Error loading token with id: " + tokenId, \
e); + failure = new Status(404, e);
</ins><span class="cx"> } catch (InvalidGrantException e) {
</span><span class="cx"> debug.message("Error loading token with \
id: " + tokenId, e); </span><span class="cx"> failure = new \
Status(401, new InvalidTokenException()); </span></span></pre></div>
<a id="branchesAME7692_noRestartsAuthopenamopenamoauth2commonoauth2restletsrctestjavaorgforgerockoauth2restletresourcesResourceSetDescriptionValidatorTestjava"></a>
<div class="modfile"><h4>Modified: \
branches/AME-7692_noRestartsAuth/openam/openam-oauth2-common/oauth2-restlet/src/test/j \
ava/org/forgerock/oauth2/restlet/resources/ResourceSetDescriptionValidatorTest.java \
(14908 => 14909)</h4> <pre class="diff"><span>
<span class="info">--- \
branches/AME-7692_noRestartsAuth/openam/openam-oauth2-common/oauth2-restlet/src/test/j \
ava/org/forgerock/oauth2/restlet/resources/ResourceSetDescriptionValidatorTest.java 2015-07-31 \
14:42:37 UTC (rev 14908)
+++ branches/AME-7692_noRestartsAuth/openam/openam-oauth2-common/oauth2-restlet/src/te \
st/java/org/forgerock/oauth2/restlet/resources/ResourceSetDescriptionValidatorTest.java 2015-07-31 \
15:38:51 UTC (rev 14909) </span><span class="lines">@@ -157,6 +157,7 @@
</span><span class="cx">
</span><span class="cx"> \
resourceSetDescription.put(OAuth2Constants.ResourceSets.NAME, "NAME"); \
</span><span class="cx"> \
resourceSetDescription.put(OAuth2Constants.ResourceSets.SCOPES, \
Collections.singleton("SCOPES")); </span><ins>+ \
resourceSetDescription.put(OAuth2Constants.ResourceSets.LABELS, \
Collections.singleton("LABELS")); </ins><span class="cx">
</span><span class="cx"> //When
</span><span class="cx"> Map<String, Object> validated = \
validator.validate(resourceSetDescription); </span><span class="lines">@@ -176,6 \
+177,7 @@ </span><span class="cx"> \
resourceSetDescription.put(OAuth2Constants.ResourceSets.TYPE, "TYPE"); \
</span><span class="cx"> \
resourceSetDescription.put(OAuth2Constants.ResourceSets.SCOPES, \
Collections.singleton("SCOPES")); </span><span class="cx"> \
resourceSetDescription.put(OAuth2Constants.ResourceSets.ICON_URI, \
"/ICON_URI"); </span><ins>+ \
resourceSetDescription.put(OAuth2Constants.ResourceSets.LABELS, \
Collections.singleton("LABELS")); </ins><span class="cx">
</span><span class="cx"> //When
</span><span class="cx"> Map<String, Object> validated = \
validator.validate(resourceSetDescription); </span></span></pre></div>
<a id="branchesAME7692_noRestartsAuthopenamopenamoauth2commonoauth2restletsrctestjavaorgforgerockoauth2restletresourcesResourceSetRegistrationEndpointTestjava"></a>
<div class="delfile"><h4>Deleted: \
branches/AME-7692_noRestartsAuth/openam/openam-oauth2-common/oauth2-restlet/src/test/j \
ava/org/forgerock/oauth2/restlet/resources/ResourceSetRegistrationEndpointTest.java \
(14908 => 14909)</h4> <pre class="diff"><span>
<span class="info">--- \
branches/AME-7692_noRestartsAuth/openam/openam-oauth2-common/oauth2-restlet/src/test/j \
ava/org/forgerock/oauth2/restlet/resources/ResourceSetRegistrationEndpointTest.java 2015-07-31 \
14:42:37 UTC (rev 14908)
+++ branches/AME-7692_noRestartsAuth/openam/openam-oauth2-common/oauth2-restlet/src/te \
st/java/org/forgerock/oauth2/restlet/resources/ResourceSetRegistrationEndpointTest.java 2015-07-31 \
15:38:51 UTC (rev 14909) </span><span class="lines">@@ -1,374 +0,0 @@
</span><del>-/*
- * The contents of this file are subject to the terms of the Common Development and
- * Distribution License (the License). You may not use this file except in \
compliance with the
- * License.
- *
- * You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for \
the
- * specific language governing permission and limitations under the License.
- *
- * When distributing Covered Software, include this CDDL Header Notice in each file \
and include
- * the License file at legal/CDDLv1.0.txt. If applicable, add the following below \
the CDDL
- * Header, with the fields enclosed by brackets [] replaced by your own identifying
- * information: "Portions copyright [year] [name of copyright owner]".
- *
- * Copyright 2015 ForgeRock AS.
- */
-
-package org.forgerock.oauth2.restlet.resources;
-
-import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assertions.entry;
-import static org.forgerock.json.fluent.JsonValue.*;
-import static org.forgerock.openam.utils.CollectionUtils.asSet;
-import static org.mockito.BDDMockito.given;
-import static org.mockito.Matchers.anyMapOf;
-import static org.mockito.Mockito.*;
-
-import java.net.URI;
-import java.util.Collections;
-import java.util.HashMap;
-import java.util.HashSet;
-import java.util.List;
-import java.util.Map;
-import java.util.Set;
-import java.util.concurrent.ConcurrentHashMap;
-
-import com.fasterxml.jackson.core.JsonProcessingException;
-import com.fasterxml.jackson.databind.ObjectMapper;
-import org.forgerock.json.fluent.JsonValue;
-import org.forgerock.oauth2.core.AccessToken;
-import org.forgerock.oauth2.core.OAuth2ProviderSettings;
-import org.forgerock.oauth2.core.OAuth2ProviderSettingsFactory;
-import org.forgerock.oauth2.core.OAuth2Request;
-import org.forgerock.oauth2.core.OAuth2RequestFactory;
-import org.forgerock.oauth2.core.exceptions.BadRequestException;
-import org.forgerock.oauth2.core.exceptions.InvalidGrantException;
-import org.forgerock.oauth2.core.exceptions.NotFoundException;
-import org.forgerock.oauth2.core.exceptions.ServerException;
-import org.forgerock.oauth2.resources.ResourceSetDescription;
-import org.forgerock.oauth2.resources.ResourceSetStore;
-import org.forgerock.openam.cts.api.fields.ResourceSetTokenField;
-import org.forgerock.util.query.BaseQueryFilterVisitor;
-import org.forgerock.util.query.QueryFilter;
-import org.forgerock.util.query.QueryFilterVisitor;
-import org.json.JSONException;
-import org.json.JSONObject;
-import org.mockito.ArgumentCaptor;
-import org.mockito.Matchers;
-import org.mockito.invocation.InvocationOnMock;
-import org.mockito.stubbing.Answer;
-import org.restlet.Request;
-import org.restlet.Response;
-import org.restlet.data.ChallengeResponse;
-import org.restlet.data.ChallengeScheme;
-import org.restlet.data.Conditions;
-import org.restlet.data.Status;
-import org.restlet.data.Tag;
-import org.restlet.ext.json.JsonRepresentation;
-import org.restlet.representation.Representation;
-import org.testng.annotations.BeforeMethod;
-import org.testng.annotations.Test;
-
-public class ResourceSetRegistrationEndpointTest {
-
- private static final JsonValue RESOURCE_SET_DESCRIPTION_CONTENT = \
json(object(field("name", "NAME"),
- field("uri", "URI"), field("type", \
"TYPE"), field("scopes", \
array("SCOPE")),
- field("icon_uri", "ICON_URI")));
- private static final JsonValue RESOURCE_SET_DESCRIPTION_UPDATED_CONTENT = \
json(object(field("name", "NEW_NAME"),
- field("uri", "NEW_URI"), field("type", \
"NEW_TYPE"), field("scopes", \
array("NEW_SCOPE")),
- field("icon_uri", "NEW_ICON_URI")));
-
- private ResourceSetRegistrationEndpoint endpoint;
-
- private ResourceSetStore store;
- private ResourceSetDescriptionValidator validator;
- private ResourceSetRegistrationListener listener;
-
- private Response response;
-
- @BeforeMethod
- @SuppressWarnings("unchecked")
- public void setup() throws ServerException, InvalidGrantException, \
NotFoundException {
-
- store = mock(ResourceSetStore.class);
- validator = mock(ResourceSetDescriptionValidator.class);
- OAuth2RequestFactory<Request> requestFactory = \
mock(OAuth2RequestFactory.class);
- Set<ResourceSetRegistrationListener> listeners = new \
HashSet<ResourceSetRegistrationListener>();
- listener = mock(ResourceSetRegistrationListener.class);
- listeners.add(listener);
-
- OAuth2ProviderSettingsFactory providerSettingsFactory = \
mock(OAuth2ProviderSettingsFactory.class);
- OAuth2ProviderSettings providerSettings = \
mock(OAuth2ProviderSettings.class);
- given(providerSettingsFactory.get(Matchers.<OAuth2Request>anyObject())).willReturn(providerSettings);
- given(providerSettings.getResourceSetStore()).willReturn(store);
-
- endpoint = spy(new ResourceSetRegistrationEndpoint(providerSettingsFactory, \
validator, requestFactory,
- listeners));
-
- Request request = mock(Request.class);
- ChallengeResponse challengeResponse = new \
ChallengeResponse(ChallengeScheme.HTTP_BASIC);
- challengeResponse.setRawValue("PAT");
- given(request.getChallengeResponse()).willReturn(challengeResponse);
- given(endpoint.getRequest()).willReturn(request);
-
- AccessToken accessToken = mock(AccessToken.class);
- given(accessToken.getClientId()).willReturn("CLIENT_ID");
- given(accessToken.getResourceOwnerId()).willReturn("RESOURCE_OWNER_ID");
-
- response = mock(Response.class);
- given(endpoint.getResponse()).willReturn(response);
-
- OAuth2Request oAuth2Request = mock(OAuth2Request.class);
- given(requestFactory.create(Matchers.<Request>anyObject())).willReturn(oAuth2Request);
- given(oAuth2Request.getToken(AccessToken.class)).willReturn(accessToken);
- }
-
- private void setUriResourceSetId() {
- Map<String, Object> requestAttributes = new \
ConcurrentHashMap<String, Object>();
- requestAttributes.put("rsid", "RESOURCE_SET_ID");
- given(endpoint.getRequestAttributes()).willReturn(requestAttributes);
- }
-
- private void noUriResourceSetId() {
- Map<String, Object> requestAttributes = new \
ConcurrentHashMap<String, Object>();
- given(endpoint.getRequestAttributes()).willReturn(requestAttributes);
- }
-
- private void addCondition() {
- Conditions conditions = new Conditions();
- conditions.setMatch(Collections.singletonList(new Tag()));
- given(endpoint.getConditions()).willReturn(conditions);
- }
-
- private void noConditions() {
- Conditions conditions = new Conditions();
- conditions.setMatch(Collections.<Tag>emptyList());
- given(endpoint.getConditions()).willReturn(conditions);
- }
-
- private JsonRepresentation createCreateRequestRepresentation() throws \
JSONException,
- JsonProcessingException, BadRequestException {
- JsonRepresentation entity = mock(JsonRepresentation.class);
- JSONObject jsonObject = mock(JSONObject.class);
- String jsonString = new \
ObjectMapper().writeValueAsString(RESOURCE_SET_DESCRIPTION_CONTENT.asMap());
-
- given(entity.getJsonObject()).willReturn(jsonObject);
- given(jsonObject.toString()).willReturn(jsonString);
- given(validator.validate(anyMapOf(String.class, Object.class)))
- .willReturn(RESOURCE_SET_DESCRIPTION_CONTENT.asMap());
-
- return entity;
- }
-
- private JsonRepresentation createUpdateRequestRepresentation() throws \
JSONException,
- JsonProcessingException, BadRequestException {
- JsonRepresentation entity = mock(JsonRepresentation.class);
- JSONObject jsonObject = mock(JSONObject.class);
- String jsonString = new \
ObjectMapper().writeValueAsString(RESOURCE_SET_DESCRIPTION_UPDATED_CONTENT.asMap());
-
- given(entity.getJsonObject()).willReturn(jsonObject);
- given(jsonObject.toString()).willReturn(jsonString);
- given(validator.validate(anyMapOf(String.class, Object.class)))
- .willReturn(RESOURCE_SET_DESCRIPTION_UPDATED_CONTENT.asMap());
-
- return entity;
- }
-
- @Test
- @SuppressWarnings("unchecked")
- public void shouldCreateResourceSetDescription() throws Exception {
-
- //Given
- JsonRepresentation entity = createCreateRequestRepresentation();
-
- doAnswer(new Answer<Void>() {
- public Void answer(InvocationOnMock invocation) throws Throwable {
- ResourceSetDescription resourceSetDescription = \
(ResourceSetDescription) invocation.getArguments()[1];
- resourceSetDescription.setId("123");
- return null;
- }
- }).when(store).create(any(OAuth2Request.class), \
any(ResourceSetDescription.class));
-
- setUriResourceSetId();
- noConditions();
-
- //When
- Representation response = endpoint.createResourceSet(entity);
-
- //Then
- ArgumentCaptor<ResourceSetDescription> resourceSetCaptor =
- ArgumentCaptor.forClass(ResourceSetDescription.class);
- verify(store).create(Matchers.<OAuth2Request>anyObject(), \
resourceSetCaptor.capture());
- assertThat(resourceSetCaptor.getValue().getId()).isNotNull().isNotEmpty();
- assertThat(resourceSetCaptor.getValue().getClientId()).isEqualTo("CLIENT_ID");
- assertThat(resourceSetCaptor.getValue().getName()).isEqualTo("NAME");
- assertThat(resourceSetCaptor.getValue().getUri()).isEqualTo(URI.create("URI"));
- assertThat(resourceSetCaptor.getValue().getType()).isEqualTo("TYPE");
- assertThat(resourceSetCaptor.getValue().getScopes()).containsExactly("SCOPE");
- assertThat(resourceSetCaptor.getValue().getIconUri()).isEqualTo(URI.create("ICON_URI"));
-
- Map<String, Object> responseBody = (Map<String, Object>) new \
ObjectMapper()
- .readValue(response.getText(), Map.class);
- assertThat(responseBody).containsKey("_id");
- verify(listener).resourceSetCreated(anyString(), \
Matchers.<ResourceSetDescription>anyObject());
- }
-
- @Test
- @SuppressWarnings("unchecked")
- public void shouldNotCreateExistingResourceSetDescription() throws Exception {
-
- //Given
- JsonRepresentation entity = createCreateRequestRepresentation();
-
- when(store.query(any(QueryFilter.class))).thenReturn(
- asSet(new ResourceSetDescription("id", \
"CLIENT_ID", "RESOURCE_OWNER_ID", \
RESOURCE_SET_DESCRIPTION_CONTENT.asMap())));
-
- noConditions();
-
- //When
- Representation result = endpoint.createResourceSet(entity);
-
- //Then
- ArgumentCaptor<QueryFilter> queryCaptor = \
ArgumentCaptor.forClass(QueryFilter.class);
- verify(store).query(queryCaptor.capture());
- String queryString = queryCaptor.getValue().toString();
- assertThat(queryString)
- .contains("name eq \"NAME\"")
- .contains("clientId eq \"CLIENT_ID\"")
- .contains("resourceOwnerId eq \
\"RESOURCE_OWNER_ID\"")
- .doesNotContain(" or ");
-
- verify(response).setStatus(Status.CLIENT_ERROR_BAD_REQUEST);
-
- assertThat(result).isInstanceOf(JsonRepresentation.class);
- assertThat(((JsonRepresentation) \
result).getJsonObject().get("error")).isEqualTo("Bad \
Request");
- assertThat(((JsonRepresentation) \
result).getJsonObject().getString("error_description")).contains("'NAME' \
already exists");
- }
-
- @Test
- @SuppressWarnings("unchecked")
- public void shouldReadResourceSetDescription() throws Exception {
-
- //Given
- ResourceSetDescription resourceSetDescription = new \
ResourceSetDescription("RESOURCE_SET_ID", \
"CLIENT_ID",
- "RESOURCE_OWNER_ID", \
RESOURCE_SET_DESCRIPTION_CONTENT.asMap());
-
- setUriResourceSetId();
- given(store.read("RESOURCE_SET_ID")).willReturn(resourceSetDescription);
-
- //When
- Representation responseRep = endpoint.readOrListResourceSet();
-
- //Then
- Map<String, Object> responseBody = (Map<String, Object>) new \
ObjectMapper()
- .readValue(responseRep.getText(), Map.class);
- assertThat(responseBody).containsKey("_id");
- assertThat(responseBody).contains(entry("name", "NAME"), \
entry("uri", "URI"), entry("type", \
"TYPE"),
- entry("scopes", \
Collections.singletonList("SCOPE")), entry("icon_uri", \
"ICON_URI"));
- }
-
- @Test
- @SuppressWarnings("unchecked")
- public void shouldUpdateResourceSetDescription() throws Exception {
-
- //Given
- JsonRepresentation entity = createUpdateRequestRepresentation();
- ResourceSetDescription resourceSetDescription = new \
ResourceSetDescription("RESOURCE_SET_ID", \
"CLIENT_ID",
- "RESOURCE_OWNER_ID", \
RESOURCE_SET_DESCRIPTION_CONTENT.asMap());
-
- setUriResourceSetId();
- addCondition();
- given(store.read("RESOURCE_SET_ID")).willReturn(resourceSetDescription);
-
- //When
- Representation responseRep = endpoint.updateResourceSet(entity);
-
- //Then
- ArgumentCaptor<ResourceSetDescription> resourceSetCaptor =
- ArgumentCaptor.forClass(ResourceSetDescription.class);
- verify(store).update(resourceSetCaptor.capture());
- assertThat(resourceSetCaptor.getValue().getId()).isEqualTo("RESOURCE_SET_ID");
- assertThat(resourceSetCaptor.getValue().getClientId()).isEqualTo("CLIENT_ID");
- assertThat(resourceSetCaptor.getValue().getName()).isEqualTo("NEW_NAME");
- assertThat(resourceSetCaptor.getValue().getUri()).isEqualTo(URI.create("NEW_URI"));
- assertThat(resourceSetCaptor.getValue().getType()).isEqualTo("NEW_TYPE");
- assertThat(resourceSetCaptor.getValue().getScopes()).containsExactly("NEW_SCOPE");
- assertThat(resourceSetCaptor.getValue().getIconUri()).isEqualTo(URI.create("NEW_ICON_URI"));
-
- Map<String, Object> responseBody = (Map<String, Object>) new \
ObjectMapper()
- .readValue(responseRep.getText(), Map.class);
- assertThat(responseBody).containsKey("_id");
- }
-
- @Test
- public void shouldDeleteResourceSetDescription() throws Exception {
-
- //Given
- setUriResourceSetId();
- addCondition();
-
- //When
- Representation responseRep = endpoint.deleteResourceSet();
-
- //Then
- verify(store).delete("RESOURCE_SET_ID", \
"RESOURCE_OWNER_ID");
- assertThat(responseRep.getText()).isNull();
- ArgumentCaptor<Status> responseStatusCaptor = \
ArgumentCaptor.forClass(Status.class);
- verify(response).setStatus(responseStatusCaptor.capture());
- assertThat(responseStatusCaptor.getValue().getCode()).isEqualTo(204);
- }
-
- @Test
- @SuppressWarnings("unchecked")
- public void shouldListResourceSetDescriptions() throws Exception {
-
- //Given
- Set<ResourceSetDescription> resourceSetDescriptions = new \
HashSet<ResourceSetDescription>();
- ResourceSetDescription resourceSetDescription = new \
ResourceSetDescription("RESOURCE_SET_ID", \
"CLIENT_ID",
- "RESOURCE_OWNER_ID", \
RESOURCE_SET_DESCRIPTION_CONTENT.asMap());
- ResourceSetDescription resourceSetDescription2 = new \
ResourceSetDescription("RESOURCE_SET_ID_2",
- "CLIENT_ID",
- "RESOURCE_OWNER_ID", \
RESOURCE_SET_DESCRIPTION_UPDATED_CONTENT.asMap());
- resourceSetDescriptions.add(resourceSetDescription);
- resourceSetDescriptions.add(resourceSetDescription2);
-
- noUriResourceSetId();
- noConditions();
- given(store.query(any(QueryFilter.class)))
- .willReturn(resourceSetDescriptions);
-
- //When
- Representation responseRep = endpoint.readOrListResourceSet();
-
- //Then
- ArgumentCaptor<QueryFilter> queryParametersCaptor =
- ArgumentCaptor.forClass(QueryFilter.class);
- verify(store).query(queryParametersCaptor.capture());
- QueryFilter<String> query = queryParametersCaptor.getValue();
- Map<String, String> params = query.accept(QUERY_PARAMS_EXTRACTOR, new \
HashMap<String, String>());
- assertThat(params).contains(
- entry(ResourceSetTokenField.CLIENT_ID, "CLIENT_ID"),
- entry(ResourceSetTokenField.RESOURCE_OWNER_ID, \
"RESOURCE_OWNER_ID"));
-
- List<String> responseBody = (List<String>) new ObjectMapper()
- .readValue(responseRep.getText(), List.class);
- assertThat(responseBody).contains("RESOURCE_SET_ID", \
"RESOURCE_SET_ID_2");
- }
-
- private static final QueryFilterVisitor<Map<String, String>, \
Map<String, String>, String> QUERY_PARAMS_EXTRACTOR =
- new BaseQueryFilterVisitor<Map<String, String>, Map<String, \
String>, String>() {
- @Override
- public Map<String, String> visitAndFilter(Map<String, \
String> map,
- List<QueryFilter<String>> subFilters) {
- for (QueryFilter<String> subFilter : subFilters) {
- subFilter.accept(this, map);
- }
- return map;
- }
-
- public Map<String, String> visitEqualsFilter(Map<String, \
String> map, String field, Object value) {
- map.put(field, value.toString());
- return map;
- }
- };
-}
</del></span></pre></div>
<a id="branchesAME7692_noRestartsAuthopenamopenamoauth2commonopenidconnectcore"></a>
<div class="propset"><h4>Property changes: \
branches/AME-7692_noRestartsAuth/openam/openam-oauth2-common/openid-connect-core</h4> \
<pre class="diff"><span> </span></pre></div>
<a id="svnmergeinfo"></a>
<div class="modfile"><h4>Modified: svn:mergeinfo</h4></div>
<span class="cx">/branches/AME-2629/openam/openam-oauth2-common/openid-connect-core:7585-7632
</span><span class="cx">/branches/AME-2766-policy-entitlements-REST-APIs/openam/openam-oauth2-common/openid-connect-core:8455-8476
</span><span class="cx">/branches/AME-3087-entitlements-CREST-management/openam/openam-oauth2-common/openid-connect-core:8481-8664
</span><span class="cx">/branches/AME-3087_query_and_patch/openam/openam-oauth2-common/openid-connect-core:8667-8681
</span><span class="cx">/branches/AME-3405-session-read-from-cts/openam/openam-oauth2-common/openid-connect-core:8749-8823
</span><span class="cx">/branches/AME-3423/openam/openam-oauth2-common/openid-connect-core:10105-10414
</span><span class="cx">/branches/AME-3612-pcunnington/openam/openam-oauth2-common/openid-connect-core:9534-9723
</span><span class="cx">/branches/AME-3719/openam/openam-oauth2-common/openid-connect-core:9517-9879
</span><span class="cx">/branches/AME-3726-script-sandboxing/openam/openam-oauth2-common/openid-connect-core:9663-9819
</span><span class="cx">/branches/AME-4378/openam/openam-oauth2-common/openid-connect-core:10443-10621
</span><span class="cx">/branches/AME-4460_AME-4459/openam/openam-oauth2-common/openid-connect-core:10437-10535
</span><span class="cx">/branches/AME-4547/openam/openam-oauth2-common/openid-connect-core:10585-10783
</span><span class="cx">/branches/AME-4569-XACML-Response-Provider-Support/openam/openam-oauth2-common/openid-connect-core:10624-10817
</span><span class="cx">/branches/AME-4595/openam/openam-oauth2-common/openid-connect-core:10581-10789
</span><span class="cx">/branches/AME-4609/openam/openam-oauth2-common/openid-connect-core:10678-10949
</span><span class="cx">/branches/AME-4616/openam/openam-oauth2-common/openid-connect-core:10652-10817
</span><span class="cx">/branches/AME-4638/openam/openam-oauth2-common/openid-connect-core:10869-11050
</span><span class="cx">/branches/AME-5023/openam/openam-oauth2-common/openid-connect-core:11070-11123
</span><span class="cx">/branches/AME-5326_refactor_and_test_oath_module/openam/openam-oauth2-common/openid-connect-core:13066-13428
</span><span class="cx">/branches/AME-5568-stateless-sessions/openam/openam-oauth2-common/openid-connect-core:12629-13078
</span><span class="cx">/branches/AME-6128_and_AME-6129_JSONify_attributes_for_OATH/openam/openam-oauth2-common/openid-connect-core:13797-13866
</span><span class="cx">/branches/AME-6128_and_AME-6129_new_user_attributes_for_OATH/openam/openam-oauth2-common/openid-connect-core:13602-13794
</span><span class="cx">/branches/AME-6369/openam/openam-oauth2-common/openid-connect-core:13289-13686
</span><span class="cx">/branches/AME-6627_Remove-LDAP-SDK/openam/openam-oauth2-common/openid-connect-core:13713-14249
</span><span class="cx">/branches/AME-7286/openam/openam-oauth2-common/openid-connect-core:14363-14465
</span><span class="cx">/branches/CTS-Async/openam/openam-oauth2-common/openid-connect-core:8847-9739
</span><span class="cx">/branches/OPENAM-2961-forgot-password-404/openam/openam-oauth2-common/openid-connect-core:8322-8362
</span><span class="cx">/branches/OPENAM-3097-sessions-not-deleted/openam/openam-oauth2-common/openid-connect-core:6910-6946
</span><span class="cx">/branches/OPENAM-3130-session-quota/openam/openam-oauth2-common/openid-connect-core:6958-6972
</span><span class="cx">/branches/OPENAM-3283-CTS-thread-exceptions/openam/openam-oauth2-common/openid-connect-core:7270-7369
</span><span class="cx">/branches/OPENAM-3425-class-cast-exception/openam/openam-oauth2-common/openid-connect-core:8333-8359
</span><span class="cx">/branches/OPENAM-3782-forgotten-password-changes/openam/openam-oauth2-common/openid-connect-core:8747-8835
</span><span class="cx">/branches/OPENAM-4028-connection-pool/openam/openam-oauth2-common/openid-connect-core:9750-10171
</span><span class="cx">/branches/OPENAM-4384-ssoadm-classpath/openam/openam-oauth2-common/openid-connect-core:10263-10264
</span><span class="cx">/branches/OPENAM-4394/openam/openam-oauth2-common/openid-connect-core:11059-11099
</span><span class="cx">/branches/OPENAM-4775-REST-endpoint-malformed-3/openam/openam-oauth2-common/openid-connect-core:11322-11331
</span><span class="cx">/branches/OPENAM-5019_entitlement_condition_validation/openam/openam-oauth2-common/openid-connect-core:11455-11491
</span><span class="cx">/branches/OPENAM-5269/openam/openam-oauth2-common/openid-connect-core:11838-11851
</span><span class="cx">/branches/OPENAM-5970_trim_unused_qrcode_references/openam/openam-oauth2-common/openid-connect-core:13756-13770
</span><span class="cx">/branches/OPENAM-OPENAM-3528-client-side-session-validation/openam/openam-oauth2-common/openid-connect-core:7834-7844
</span><span class="cx">/branches/ame4272/openam/openam-oauth2-common/openid-connect-core:10073-10101
</span><span class="cx">/branches/andy-ame-2227-v2/openam/openam-oauth2-common/openid-connect-core:7508-7697
</span><span class="cx">/branches/andy-ame1316-connectionfactory/openam/openam-oauth2-common/openid-connect-core:5311-5328
</span><span class="cx">/branches/andy-cts-connection-pool/openam/openam-oauth2-common/openid-connect-core:7098-7175
</span><span class="cx">/branches/andy-openam-2654/openam/openam-oauth2-common/openid-connect-core:6872-6911
</span><span class="cx">/branches/andy-openam-2880/openam/openam-oauth2-common/openid-connect-core:6451-6503
</span><span class="cx">/branches/andy-openam-2907/openam/openam-oauth2-common/openid-connect-core:6531-6534
</span><span class="cx">/branches/andy-openam-3006/openam/openam-oauth2-common/openid-connect-core:6709-6749
</span><span class="cx">/branches/andy-openam-3063/openam/openam-oauth2-common/openid-connect-core:6927-6948
</span><span class="cx">/branches/andy-openam-3193/openam/openam-oauth2-common/openid-connect-core:7124-7128
</span><span class="cx">/branches/andy-openam-3248/openam/openam-oauth2-common/openid-connect-core:7171-7715
</span><span class="cx">/branches/andy-openam2743/openam/openam-oauth2-common/openid-connect-core:6372-6439
</span><span class="cx">/branches/andy-openam2744/openam/openam-oauth2-common/openid-connect-core:6347-6367
</span><span class="cx">/branches/andyAme2972/openam/openam-oauth2-common/openid-connect-core:8270-8318
</span><span class="cx">/branches/andyAme3102/openam/openam-oauth2-common/openid-connect-core:8312-8413
</span><span class="cx">/branches/andyAme3196/openam/openam-oauth2-common/openid-connect-core:8853-9084
</span><span class="cx">/branches/andyAme5550/openam/openam-oauth2-common/openid-connect-core:13493-13515
</span><span class="cx">/branches/andyOpenam1708/openam/openam-oauth2-common/openid-connect-core:5576-5592
</span><span class="cx">/branches/andyOpenam2140/openam/openam-oauth2-common/openid-connect-core:7819-7862
</span><span class="cx">/branches/andyOpenam2373/openam/openam-oauth2-common/openid-connect-core:5600-5706
</span><span class="cx">/branches/andyOpenam2525/openam/openam-oauth2-common/openid-connect-core:5601-5733
</span><span class="cx">/branches/andyOpenam3509/openam/openam-oauth2-common/openid-connect-core:7881-7963
</span><span class="cx">/branches/andyOpenam3638/openam/openam-oauth2-common/openid-connect-core:8094-8172
</span><span class="cx">/branches/andyOpenam3969/openam/openam-oauth2-common/openid-connect-core:10453-10977
</span><span class="cx">/branches/andyPolicyCrest/openam/openam-oauth2-common/openid-connect-core:8295-8813
</span><span class="cx">/branches/apforrest-ame1316/openam/openam-oauth2-common/openid-connect-core:4881-5305
</span><span class="cx">/branches/apforrest_ame805_indextree/openam/openam-oauth2-common/openid-connect-core:4567-4852
</span><span class="cx">/branches/auditHistory/openam/openam-oauth2-common/openid-connect-core:12633-12709
</span><span class="cx">/branches/cert_chain_bug/openam-oauth2-common/openid-connect-core:11102-11125
</span><span class="cx">/branches/contextualAuthz/openam/openam-oauth2-common/openid-connect-core:12734-12787
</span><span class="cx">/branches/curieResourceTypes/openam/openam-oauth2-common/openid-connect-core:12286-12669
</span><span class="cx">/branches/dirk_oauth_perf/openam-oauth2-common/openid-connect-core:5904
</span><span class="cx">/branches/dirk_sts/openam-oauth2-common/openid-connect-core:5297,5314,5317-5318,5320-5321
</span><span class="cx">/branches/initial_uma/openam/openam-oauth2-common/openid-connect-core:12067-12470
</span><span class="cx">/branches/oidc-conf/openam/openam-oauth2-common/openid-connect-core:13365-13442
</span><span class="cx">/branches/oidc-conf/openam-oauth2-common/openid-connect-core:13312-13363
</span><span class="cx">/branches/oidc-conf2/openam/openam-oauth2-common/openid-connect-core:13364
</span><span class="cx">/branches/oidc_authn/openam-oauth2-common/openid-connect-core:8507,8540,8557-8559,8565-8566
</span><span class="cx">/branches/openam-3049-cts-reaper-connection-usage/openam/openam-oauth2-common/openid-connect-core:6658-6745
</span><span class="cx">/branches/openam-3053-cts-tab-exception/openam/openam-oauth2-common/openid-connect-core:6672-6721
</span><span class="cx">/branches/openam-3072-cts-configuration/openam/openam-oauth2-common/openid-connect-core:6691-6714
</span><span class="cx">/branches/openam-3092-store-mode-error/openam/openam-oauth2-common/openid-connect-core:6729-6733
</span><span class="cx">/branches/openam-3110-create-or-update-bug/openam/openam-oauth2-common/openid-connect-core:6767-6804
</span><span class="cx">/branches/openam2742-andy/openam/openam-oauth2-common/openid-connect-core:6266-6323
</span><span class="cx">/branches/openam_10.1.0_xacml3_JAS/openam/openam-oauth2-common/openid-connect-core:4039-4140
</span><span class="cx">/branches/openam_10.2.0_xacml3_JAS/openam/openam-oauth2-common/openid-connect-core:4141-4379
</span><span class="cx">/branches/pcunnington-AME-3115-refactor/openam/openam-oauth2-common/openid-connect-core:8348-8473
</span><span class="cx">/branches/pcunnington-AME-3158/openam/openam-oauth2-common/openid-connect-core:8476-8577
</span><span class="cx">/branches/pcunnington-AME-350/openam/openam-oauth2-common/openid-connect-core:4165-4344
</span><span class="cx">/branches/pcunnington-ame-344/openam/openam-oauth2-common/openid-connect-core:4651-5199
</span><span class="cx">/branches/pcunnington-oauth2/openam/openam-oauth2-common/openid-connect-core:8710-8713
</span><span class="cx">/branches/phcunnington-AME-3114/openam/openam-oauth2-common/openid-connect-core:8314-8341
</span><span class="cx">/branches/policyimprovements/openam/openam-oauth2-common/openid-connect-core:5513-5515
</span><span class="cx">/branches/referralsWithoutApplications/openam/openam-oauth2-common/openid-connect-core:11071-11119
</span><span class="cx">/branches/rest_sts_publish/openam-oauth2-common/openid-connect-core:8167,8180,8214,8227,8245,8260
</span><span class="cx">/branches/rest_sts_view_bean/openam-oauth2-common/openid-connect-core:9690-9965
</span><span class="cx">/branches/rwapshott-AME-1739/openam/openam-oauth2-common/openid-connect-core:5331-5353
</span><span class="cx">/branches/rwapshott-AME-215/openam/openam-oauth2-common/openid-connect-core:4091-4155
</span><span class="cx">/branches/rwapshott-AME-257/openam/openam-oauth2-common/openid-connect-core:4047-4126
</span><span class="cx">/branches/rwapshott-AME-804/openam/openam-oauth2-common/openid-connect-core:4267-5404
</span><span class="cx">/branches/rwapshott-ame-2027-cts-oids-should-follow-fr-oid-scheme/openam/openam-oauth2-common/openid-connect-core:5609-5614
</span><span class="cx">/branches/rwapshott-ame-2160-session-size/openam/openam-oauth2-common/openid-connect-core:6086-6319
</span><span class="cx">/branches/rwapshott-ame-2311-index-names/openam/openam-oauth2-common/openid-connect-core:6058-6069
</span><span class="cx">/branches/rwapshott-ame-258-cts-replication/openam/openam-oauth2-common/openid-connect-core:5548-6055
</span><span class="cx">/branches/rwapshott-openam-2198-session-resource-protection/openam/openam-oauth2-common/openid-connect-core:5628-5824
</span><span class="cx">/branches/rwapshott-openam-2526/openam/openam-oauth2-common/openid-connect-core:5442-5484
</span><span class="cx">/branches/rwapshott-openam-2716-cts-invalid-chars/openam/openam-oauth2-common/openid-connect-core:6170-6194
</span><span class="cx">/branches/rwapshott-openam-2729-saml2-error/openam/openam-oauth2-common/openid-connect-core:6247-6257
</span><span class="cx">/branches/soap_sts_admin_ui/openam-oauth2-common/openid-connect-core:14254-14454
</span><span class="cx">/branches/soap_sts_auth/openam-oauth2-common/openid-connect-core:12414,12467-12578
</span><span class="cx">/branches/soap_sts_config/openam-oauth2-common/openid-connect-core:12590-12719,12744
</span><span class="cx">/branches/soap_sts_policy/openam-oauth2-common/openid-connect-core:12762-13106,13172-13354
</span><span class="cx">/branches/soap_sts_tgs/openam-oauth2-common/openid-connect-core:9585-9618
</span><span class="cx">/branches/soap_sts_x509/openam-oauth2-common/openid-connect-core:13550-13640,13667,13693
</span><span class="cx">/branches/stateless_logout/openam/openam-oauth2-common/openid-connect-core:12511-13298
</span><span class="cx">/branches/sts_client_sdk/openam-oauth2-common/openid-connect-core:11175-11185
</span><span class="cx">/branches/sts_custom_ops/openam-oauth2-common/openid-connect-core:14051-14331
</span><span class="cx">/branches/sts_disable_am_token/openam-oauth2-common/openid-connect-core:11204,11229-11233
</span><span class="cx">/branches/sts_filtering/openam-oauth2-common/openid-connect-c \
ore:10605-10717,10719-10900,10924,10927,10929-10931,10955,10963-10964,10986,10989,10993,10996,11001-11002,11028-11029
</span><span class="cx">/branches/sts_oidc_saml/openam-oauth2-common/openid-connect-core:8310,8352,8355,8368,8378-8379,8387-8388,8403,8410,8416
</span><span class="cx">/branches/sts_oidc_saml_redux/openam-oauth2-common/openid-connect-core:8417-8422,8424,8440,8445-8446,8460,8490,8498
</span><span class="cx">/branches/sts_restart_persistence/openam-oauth2-common/openid-connect-core:9003-9005,9009-9414
</span><span class="cx">/branches/sts_saml2_encrypt/openam-oauth2-common/openid-connect-core:10424-10472,10474-10550
</span><span class="cx">/branches/sts_sans_cxf/openam-oauth2-common/openid-connect-core:13383-13518,13532-13542
</span><span class="cx">/branches/sts_service_listeners/openam-oauth2-common/openid-connect-core:9968-10031,10047-10048,10053
</span><span class="cx">/branches/sts_soap/openam-oauth2-common/openid-connect-core:11665-12039,12056-12242,12273-12321
</span><span class="cx">/branches/sts_tgs_oidc/openam-oauth2-common/openid-connect-core:13712-14040
</span><span class="cx">/branches/sts_token_gen_service/openam-oauth2-common/openid-c \
onnect-core:8706,8717-8720,8723-8725,8727-8728,8731,8737,8740-8742,8759-8760,8774-8776,8796-8797,8800-8801,8818-8819,8821
</span><span class="cx">/branches/sts_token_gen_service2/openam-oauth2-common/openid-connect-core:8844-8887,8894-9000
</span><span class="cx">/branches/sts_x509/openam-oauth2-common/openid-connect-core:10206-10398
</span><span class="cx">/fr-branches/11.0.x/openam/openam-oauth2-common/openid-connect-core:12232,12915
</span><span class="cx">/fr-branches/12.0.x/openam/openam-oauth2-common/openid-connect-core:12351,12627,12922,13050,13455
</span><span class="cx"> + \
/branches/AME-2526-SFO-between-sites/openam/openam-oauth2-common/openid-connect-core:7510-8258
</span><span class="cx">/branches/AME-2629/openam/openam-oauth2-common/openid-connect-core:7585-7632
</span><span class="cx">/branches/AME-2766-policy-entitlements-REST-APIs/openam/openam-oauth2-common/openid-connect-core:8455-8476
</span><span class="cx">/branches/AME-3087-entitlements-CREST-management/openam/openam-oauth2-common/openid-connect-core:8481-8664
</span><span class="cx">/branches/AME-3087_query_and_patch/openam/openam-oauth2-common/openid-connect-core:8667-8681
</span><span class="cx">/branches/AME-3405-session-read-from-cts/openam/openam-oauth2-common/openid-connect-core:8749-8823
</span><span class="cx">/branches/AME-3423/openam/openam-oauth2-common/openid-connect-core:10105-10414
</span><span class="cx">/branches/AME-3612-pcunnington/openam/openam-oauth2-common/openid-connect-core:9534-9723
</span><span class="cx">/branches/AME-3719/openam/openam-oauth2-common/openid-connect-core:9517-9879
</span><span class="cx">/branches/AME-3726-script-sandboxing/openam/openam-oauth2-common/openid-connect-core:9663-9819
</span><span class="cx">/branches/AME-4378/openam/openam-oauth2-common/openid-connect-core:10443-10621
</span><span class="cx">/branches/AME-4460_AME-4459/openam/openam-oauth2-common/openid-connect-core:10437-10535
</span><span class="cx">/branches/AME-4547/openam/openam-oauth2-common/openid-connect-core:10585-10783
</span><span class="cx">/branches/AME-4569-XACML-Response-Provider-Support/openam/openam-oauth2-common/openid-connect-core:10624-10817
</span><span class="cx">/branches/AME-4595/openam/openam-oauth2-common/openid-connect-core:10581-10789
</span><span class="cx">/branches/AME-4609/openam/openam-oauth2-common/openid-connect-core:10678-10949
</span><span class="cx">/branches/AME-4616/openam/openam-oauth2-common/openid-connect-core:10652-10817
</span><span class="cx">/branches/AME-4638/openam/openam-oauth2-common/openid-connect-core:10869-11050
</span><span class="cx">/branches/AME-5023/openam/openam-oauth2-common/openid-connect-core:11070-11123
</span><span class="cx">/branches/AME-5326_refactor_and_test_oath_module/openam/openam-oauth2-common/openid-connect-core:13066-13428
</span><span class="cx">/branches/AME-5568-stateless-sessions/openam/openam-oauth2-common/openid-connect-core:12629-13078
</span><span class="cx">/branches/AME-6128_and_AME-6129_JSONify_attributes_for_OATH/openam/openam-oauth2-common/openid-connect-core:13797-13866
</span><span class="cx">/branches/AME-6128_and_AME-6129_new_user_attributes_for_OATH/openam/openam-oauth2-common/openid-connect-core:13602-13794
</span><span class="cx">/branches/AME-6369/openam/openam-oauth2-common/openid-connect-core:13289-13686
</span><span class="cx">/branches/AME-6627_Remove-LDAP-SDK/openam/openam-oauth2-common/openid-connect-core:13713-14249
</span><span class="cx">/branches/AME-7286/openam/openam-oauth2-common/openid-connect-core:14363-14465
</span><span class="cx">/branches/AME-7754_UMA_labels/openam/openam-oauth2-common/openid-connect-core:14781-14882
</span><span class="cx">/branches/CTS-Async/openam/openam-oauth2-common/openid-connect-core:8847-9739
</span><span class="cx">/branches/OPENAM-2961-forgot-password-404/openam/openam-oauth2-common/openid-connect-core:8322-8362
</span><span class="cx">/branches/OPENAM-3097-sessions-not-deleted/openam/openam-oauth2-common/openid-connect-core:6910-6946
</span><span class="cx">/branches/OPENAM-3130-session-quota/openam/openam-oauth2-common/openid-connect-core:6958-6972
</span><span class="cx">/branches/OPENAM-3283-CTS-thread-exceptions/openam/openam-oauth2-common/openid-connect-core:7270-7369
</span><span class="cx">/branches/OPENAM-3425-class-cast-exception/openam/openam-oauth2-common/openid-connect-core:8333-8359
</span><span class="cx">/branches/OPENAM-3782-forgotten-password-changes/openam/openam-oauth2-common/openid-connect-core:8747-8835
</span><span class="cx">/branches/OPENAM-4028-connection-pool/openam/openam-oauth2-common/openid-connect-core:9750-10171
</span><span class="cx">/branches/OPENAM-4384-ssoadm-classpath/openam/openam-oauth2-common/openid-connect-core:10263-10264
</span><span class="cx">/branches/OPENAM-4394/openam/openam-oauth2-common/openid-connect-core:11059-11099
</span><span class="cx">/branches/OPENAM-4775-REST-endpoint-malformed-3/openam/openam-oauth2-common/openid-connect-core:11322-11331
</span><span class="cx">/branches/OPENAM-5019_entitlement_condition_validation/openam/openam-oauth2-common/openid-connect-core:11455-11491
</span><span class="cx">/branches/OPENAM-5269/openam/openam-oauth2-common/openid-connect-core:11838-11851
</span><span class="cx">/branches/OPENAM-5970_trim_unused_qrcode_references/openam/openam-oauth2-common/openid-connect-core:13756-13770
</span><span class="cx">/branches/OPENAM-6272-OPENAM-1462-OATH-RFEs/openam/openam-oauth2-common/openid-connect-core:14653-14742
</span><span class="cx">/branches/OPENAM-6326-ssoadm-classpath/openam/openam-oauth2-common/openid-connect-core:14839-14844
</span><span class="cx">/branches/OPENAM-OPENAM-3528-client-side-session-validation/openam/openam-oauth2-common/openid-connect-core:7834-7844
</span><span class="cx">/branches/ame4272/openam/openam-oauth2-common/openid-connect-core:10073-10101
</span><span class="cx">/branches/andy-ame-2227-v2/openam/openam-oauth2-common/openid-connect-core:7508-7697
</span><span class="cx">/branches/andy-ame1316-connectionfactory/openam/openam-oauth2-common/openid-connect-core:5311-5328
</span><span class="cx">/branches/andy-cts-connection-pool/openam/openam-oauth2-common/openid-connect-core:7098-7175
</span><span class="cx">/branches/andy-openam-2654/openam/openam-oauth2-common/openid-connect-core:6872-6911
</span><span class="cx">/branches/andy-openam-2880/openam/openam-oauth2-common/openid-connect-core:6451-6503
</span><span class="cx">/branches/andy-openam-2907/openam/openam-oauth2-common/openid-connect-core:6531-6534
</span><span class="cx">/branches/andy-openam-3006/openam/openam-oauth2-common/openid-connect-core:6709-6749
</span><span class="cx">/branches/andy-openam-3063/openam/openam-oauth2-common/openid-connect-core:6927-6948
</span><span class="cx">/branches/andy-openam-3193/openam/openam-oauth2-common/openid-connect-core:7124-7128
</span><span class="cx">/branches/andy-openam-3248/openam/openam-oauth2-common/openid-connect-core:7171-7715
</span><span class="cx">/branches/andy-openam2743/openam/openam-oauth2-common/openid-connect-core:6372-6439
</span><span class="cx">/branches/andy-openam2744/openam/openam-oauth2-common/openid-connect-core:6347-6367
</span><span class="cx">/branches/andyAme2972/openam/openam-oauth2-common/openid-connect-core:8270-8318
</span><span class="cx">/branches/andyAme3102/openam/openam-oauth2-common/openid-connect-core:8312-8413
</span><span class="cx">/branches/andyAme3196/openam/openam-oauth2-common/openid-connect-core:8853-9084
</span><span class="cx">/branches/andyAme5550/openam/openam-oauth2-common/openid-connect-core:13493-13515
</span><span class="cx">/branches/andyOpenam1708/openam/openam-oauth2-common/openid-connect-core:5576-5592
</span><span class="cx">/branches/andyOpenam2140/openam/openam-oauth2-common/openid-connect-core:7819-7862
</span><span class="cx">/branches/andyOpenam2373/openam/openam-oauth2-common/openid-connect-core:5600-5706
</span><span class="cx">/branches/andyOpenam2525/openam/openam-oauth2-common/openid-connect-core:5601-5733
</span><span class="cx">/branches/andyOpenam3509/openam/openam-oauth2-common/openid-connect-core:7881-7963
</span><span class="cx">/branches/andyOpenam3638/openam/openam-oauth2-common/openid-connect-core:8094-8172
</span><span class="cx">/branches/andyPolicyCrest/openam/openam-oauth2-common/openid-connect-core:8295-8813
</span><span class="cx">/branches/apforrest-ame1316/openam/openam-oauth2-common/openid-connect-core:4881-5305
</span><span class="cx">/branches/apforrest_ame805_indextree/openam/openam-oauth2-common/openid-connect-core:4567-4852
</span><span class="cx">/branches/auditHistory/openam/openam-oauth2-common/openid-connect-core:12633-12709
</span><span class="cx">/branches/cert_chain_bug/openam-oauth2-common/openid-connect-core:11102-11125
</span><span class="cx">/branches/contextualAuthz/openam/openam-oauth2-common/openid-connect-core:12734-12787
</span><span class="cx">/branches/curieResourceTypes/openam/openam-oauth2-common/openid-connect-core:12286-12669
</span><span class="cx">/branches/dirk_oauth_perf/openam-oauth2-common/openid-connect-core:5904
</span><span class="cx">/branches/dirk_sts/openam-oauth2-common/openid-connect-core:5297,5314,5317-5318,5320-5321
</span><span class="cx">/branches/initial_uma/openam/openam-oauth2-common/openid-connect-core:12067-12470
</span><span class="cx">/branches/oidc-conf/openam/openam-oauth2-common/openid-connect-core:13365-13442
</span><span class="cx">/branches/oidc-conf/openam-oauth2-common/openid-connect-core:13312-13363
</span><span class="cx">/branches/oidc-conf2/openam/openam-oauth2-common/openid-connect-core:13364
</span><span class="cx">/branches/oidc_authn/openam-oauth2-common/openid-connect-core:8507,8540,8557-8559,8565-8566
</span><span class="cx">/branches/openam-3049-cts-reaper-connection-usage/openam/openam-oauth2-common/openid-connect-core:6658-6745
</span><span class="cx">/branches/openam-3053-cts-tab-exception/openam/openam-oauth2-common/openid-connect-core:6672-6721
</span><span class="cx">/branches/openam-3072-cts-configuration/openam/openam-oauth2-common/openid-connect-core:6691-6714
</span><span class="cx">/branches/openam-3092-store-mode-error/openam/openam-oauth2-common/openid-connect-core:6729-6733
</span><span class="cx">/branches/openam-3110-create-or-update-bug/openam/openam-oauth2-common/openid-connect-core:6767-6804
</span><span class="cx">/branches/openam2742-andy/openam/openam-oauth2-common/openid-connect-core:6266-6323
</span><span class="cx">/branches/openam_10.1.0_xacml3_JAS/openam/openam-oauth2-common/openid-connect-core:4039-4140
</span><span class="cx">/branches/openam_10.2.0_xacml3_JAS/openam/openam-oauth2-common/openid-connect-core:4141-4379
</span><span class="cx">/branches/pcunnington-AME-3115-refactor/openam/openam-oauth2-common/openid-connect-core:8348-8473
</span><span class="cx">/branches/pcunnington-AME-3158/openam/openam-oauth2-common/openid-connect-core:8476-8577
</span><span class="cx">/branches/pcunnington-AME-350/openam/openam-oauth2-common/openid-connect-core:4165-4344
</span><span class="cx">/branches/pcunnington-ame-344/openam/openam-oauth2-common/openid-connect-core:4651-5199
</span><span class="cx">/branches/pcunnington-oauth2/openam/openam-oauth2-common/openid-connect-core:8710-8713
</span><span class="cx">/branches/phcunnington-AME-3114/openam/openam-oauth2-common/openid-connect-core:8314-8341
</span><span class="cx">/branches/policyimprovements/openam/openam-oauth2-common/openid-connect-core:5513-5515
</span><span class="cx">/branches/referralsWithoutApplications/openam/openam-oauth2-common/openid-connect-core:11071-11119
</span><span class="cx">/branches/rest_sts_publish/openam-oauth2-common/openid-connect-core:8167,8180,8214,8227,8245,8260
</span><span class="cx">/branches/rest_sts_view_bean/openam-oauth2-common/openid-connect-core:9690-9965
</span><span class="cx">/branches/rwapshott-AME-1739/openam/openam-oauth2-common/openid-connect-core:5331-5353
</span><span class="cx">/branches/rwapshott-AME-215/openam/openam-oauth2-common/openid-connect-core:4091-4155
</span><span class="cx">/branches/rwapshott-AME-257/openam/openam-oauth2-common/openid-connect-core:4047-4126
</span><span class="cx">/branches/rwapshott-AME-804/openam/openam-oauth2-common/openid-connect-core:4267-5404
</span><span class="cx">/branches/rwapshott-ame-2027-cts-oids-should-follow-fr-oid-scheme/openam/openam-oauth2-common/openid-connect-core:5609-5614
</span><span class="cx">/branches/rwapshott-ame-2160-session-size/openam/openam-oauth2-common/openid-connect-core:6086-6319
</span><span class="cx">/branches/rwapshott-ame-2311-index-names/openam/openam-oauth2-common/openid-connect-core:6058-6069
</span><span class="cx">/branches/rwapshott-ame-258-cts-replication/openam/openam-oauth2-common/openid-connect-core:5548-6055
</span><span class="cx">/branches/rwapshott-openam-2198-session-resource-protection/openam/openam-oauth2-common/openid-connect-core:5628-5824
</span><span class="cx">/branches/rwapshott-openam-2526/openam/openam-oauth2-common/openid-connect-core:5442-5484
</span><span class="cx">/branches/rwapshott-openam-2716-cts-invalid-chars/openam/openam-oauth2-common/openid-connect-core:6170-6194
</span><span class="cx">/branches/rwapshott-openam-2729-saml2-error/openam/openam-oauth2-common/openid-connect-core:6247-6257
</span><span class="cx">/branches/soap_sts_admin_ui/openam-oauth2-common/openid-connect-core:14254-14454
</span><span class="cx">/branches/soap_sts_auth/openam-oauth2-common/openid-connect-core:12414,12467-12578
</span><span class="cx">/branches/soap_sts_config/openam-oauth2-common/openid-connect-core:12590-12719,12744
</span><span class="cx">/branches/soap_sts_policy/openam-oauth2-common/openid-connect-core:12762-13106,13172-13354
</span><span class="cx">/branches/soap_sts_tgs/openam-oauth2-common/openid-connect-core:9585-9618
</span><span class="cx">/branches/soap_sts_x509/openam-oauth2-common/openid-connect-core:13550-13640,13667,13693
</span><span class="cx">/branches/stateless_logout/openam/openam-oauth2-common/openid-connect-core:12511-13298
</span><span class="cx">/branches/sts_client_sdk/openam-oauth2-common/openid-connect-core:11175-11185
</span><span class="cx">/branches/sts_custom_ops/openam-oauth2-common/openid-connect-core:14051-14331
</span><span class="cx">/branches/sts_disable_am_token/openam-oauth2-common/openid-connect-core:11204,11229-11233
</span><span class="cx">/branches/sts_filtering/openam-oauth2-common/openid-connect-c \
ore:10605-10717,10719-10900,10924,10927,10929-10931,10955,10963-10964,10986,10989,10993,10996,11001-11002,11028-11029
</span><span class="cx">/branches/sts_oidc_saml/openam-oauth2-common/openid-connect-core:8310,8352,8355,8368,8378-8379,8387-8388,8403,8410,8416
</span><span class="cx">/branches/sts_oidc_saml_redux/openam-oauth2-common/openid-connect-core:8417-8422,8424,8440,8445-8446,8460,8490,8498
</span><span class="cx">/branches/sts_restart_persistence/openam-oauth2-common/openid-connect-core:9003-9005,9009-9414
</span><span class="cx">/branches/sts_saml2_encrypt/openam-oauth2-common/openid-connect-core:10424-10472,10474-10550
</span><span class="cx">/branches/sts_sans_cxf/openam-oauth2-common/openid-connect-core:13383-13518,13532-13542
</span><span class="cx">/branches/sts_service_listeners/openam-oauth2-common/openid-connect-core:9968-10031,10047-10048,10053
</span><span class="cx">/branches/sts_soap/openam-oauth2-common/openid-connect-core:11665-12039,12056-12242,12273-12321
</span><span class="cx">/branches/sts_tgs_oidc/openam-oauth2-common/openid-connect-core:13712-14040
</span><span class="cx">/branches/sts_token_gen_service/openam-oauth2-common/openid-c \
onnect-core:8706,8717-8720,8723-8725,8727-8728,8731,8737,8740-8742,8759-8760,8774-8776,8796-8797,8800-8801,8818-8819,8821
</span><span class="cx">/branches/sts_token_gen_service2/openam-oauth2-common/openid-connect-core:8844-8887,8894-9000
</span><span class="cx">/branches/sts_x509/openam-oauth2-common/openid-connect-core:10206-10398
</span><span class="cx">/fr-branches/11.0.x/openam/openam-oauth2-common/openid-connect-core:12232,12915
</span><span class="cx">/fr-branches/12.0.x/openam/openam-oauth2-common/openid-connect-core:12351,12627,12922,13050,13455
</span><span class="cx">/trunk/openam/openam-oauth2-common/openid-connect-core:14738-14908
</span><a id="branchesAME7692_noRestartsAuthopenamopenamoauth2commonopenidconnectcoresrcmainjavaorgforgerockopenidconnectCheckSessionjava"></a>
<div class="modfile"><h4>Modified: \
branches/AME-7692_noRestartsAuth/openam/openam-oauth2-common/openid-connect-core/src/main/java/org/forgerock/openidconnect/CheckSession.java \
(14908 => 14909)</h4> <pre class="diff"><span>
<span class="info">--- \
branches/AME-7692_noRestartsAuth/openam/openam-oauth2-common/openid-connect-core/src/main/java/org/forgerock/openidconnect/CheckSession.java 2015-07-31 \
14:42:37 UTC (rev 14908)
+++ branches/AME-7692_noRestartsAuth/openam/openam-oauth2-common/openid-connect-core/src/main/java/org/forgerock/openidconnect/CheckSession.java 2015-07-31 \
15:38:51 UTC (rev 14909) </span><span class="lines">@@ -11,12 +11,13 @@
</span><span class="cx"> * Header, with the fields enclosed by brackets [] replaced \
by your own identifying </span><span class="cx"> * information: "Portions \
copyright [year] [name of copyright owner]". </span><span class="cx"> *
</span><del>- * Copyright 2013-2014 ForgeRock AS.
</del><ins>+ * Copyright 2013-2015 ForgeRock AS.
</ins><span class="cx"> */
</span><span class="cx">
</span><span class="cx"> package org.forgerock.openidconnect;
</span><span class="cx">
</span><span class="cx"> import \
org.forgerock.oauth2.core.exceptions.InvalidClientException; </span><ins>+import \
org.forgerock.oauth2.core.exceptions.NotFoundException; </ins><span class="cx"> \
import org.forgerock.oauth2.core.exceptions.UnauthorizedClientException; </span><span \
class="cx"> </span><span class="cx"> import javax.servlet.http.HttpServletRequest;
</span><span class="lines">@@ -43,7 +44,7 @@
</span><span class="cx"> * @return The url as a string or empty String.
</span><span class="cx"> */
</span><span class="cx"> public String getClientSessionURI(HttpServletRequest \
request) throws UnauthorizedClientException, </span><del>- \
InvalidClientException; </del><ins>+ InvalidClientException, \
NotFoundException; </ins><span class="cx">
</span><span class="cx"> /**
</span><span class="cx"> * Check if the JWT contains a valid session id.
</span></span></pre></div>
<a id="branchesAME7692_noRestartsAuthopenamopenamoauth2commonopenidconnectcoresrcmainjavaorgforgerockopenidconnectOpenIdConnectAuthorizeRequestValidatorjava"></a>
<div class="modfile"><h4>Modified: \
branches/AME-7692_noRestartsAuth/openam/openam-oauth2-common/openid-connect-core/src/main/java/org/forgerock/openidconnect/OpenIdConnectAuthorizeRequestValidator.java \
(14908 => 14909)</h4> <pre class="diff"><span>
<span class="info">--- \
branches/AME-7692_noRestartsAuth/openam/openam-oauth2-common/openid-connect-core/src/m \
ain/java/org/forgerock/openidconnect/OpenIdConnectAuthorizeRequestValidator.java 2015-07-31 \
14:42:37 UTC (rev 14908)
+++ branches/AME-7692_noRestartsAuth/openam/openam-oauth2-common/openid-connect-core/s \
rc/main/java/org/forgerock/openidconnect/OpenIdConnectAuthorizeRequestValidator.java 2015-07-31 \
15:38:51 UTC (rev 14909) </span><span class="lines">@@ -21,7 +21,9 @@
</span><span class="cx"> import static \
org.forgerock.oauth2.core.OAuth2Constants.UrlLocation.*; </span><span class="cx">
</span><span class="cx"> import java.util.Set;
</span><ins>+
</ins><span class="cx"> import javax.inject.Inject;
</span><ins>+
</ins><span class="cx"> import org.forgerock.oauth2.core.AuthorizeRequestValidator;
</span><span class="cx"> import org.forgerock.oauth2.core.ClientRegistration;
</span><span class="cx"> import org.forgerock.oauth2.core.ClientRegistrationStore;
</span><span class="lines">@@ -31,6 +33,7 @@
</span><span class="cx"> import \
org.forgerock.oauth2.core.exceptions.InvalidClientException; </span><span class="cx"> \
import org.forgerock.oauth2.core.exceptions.InvalidRequestException; </span><span \
class="cx"> import org.forgerock.oauth2.core.exceptions.InvalidScopeException; \
</span><ins>+import org.forgerock.oauth2.core.exceptions.NotFoundException; \
</ins><span class="cx"> import org.forgerock.util.Reject; </span><span class="cx">
</span><span class="cx"> /**
</span><span class="lines">@@ -56,7 +59,7 @@
</span><span class="cx"> * {@inheritDoc}
</span><span class="cx"> */
</span><span class="cx"> public void validateRequest(OAuth2Request request) \
throws BadRequestException, InvalidRequestException, </span><del>- \
InvalidClientException, InvalidScopeException { </del><ins>+ \
InvalidClientException, InvalidScopeException, NotFoundException { </ins><span \
class="cx"> </span><span class="cx"> validateOpenIdScope(request);
</span><span class="cx">
</span><span class="lines">@@ -79,7 +82,7 @@
</span><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> private void validateOpenIdScope(OAuth2Request request) \
throws InvalidClientException, InvalidRequestException, </span><del>- \
InvalidScopeException { </del><ins>+ InvalidScopeException, \
NotFoundException { </ins><span class="cx"> final ClientRegistration \
clientRegistration = clientRegistrationStore.get( </span><span class="cx"> \
request.<String>getParameter(CLIENT_ID), request); </span><span class="cx"> \
if (Utils.isOpenIdConnectClient(clientRegistration)) { </span></span></pre></div>
<a id="branchesAME7692_noRestartsAuthopenamopenamoauth2commonopenidconnectcoresrcmainjavaorgforgerockopenidconnectOpenIdConnectClientRegistrationStorejava"></a>
<div class="modfile"><h4>Modified: \
branches/AME-7692_noRestartsAuth/openam/openam-oauth2-common/openid-connect-core/src/main/java/org/forgerock/openidconnect/OpenIdConnectClientRegistrationStore.java \
(14908 => 14909)</h4> <pre class="diff"><span>
<span class="info">--- \
branches/AME-7692_noRestartsAuth/openam/openam-oauth2-common/openid-connect-core/src/m \
ain/java/org/forgerock/openidconnect/OpenIdConnectClientRegistrationStore.java 2015-07-31 \
14:42:37 UTC (rev 14908)
+++ branches/AME-7692_noRestartsAuth/openam/openam-oauth2-common/openid-connect-core/s \
rc/main/java/org/forgerock/openidconnect/OpenIdConnectClientRegistrationStore.java 2015-07-31 \
15:38:51 UTC (rev 14909) </span><span class="lines">@@ -11,7 +11,7 @@
</span><span class="cx"> * Header, with the fields enclosed by brackets [] replaced \
by your own identifying </span><span class="cx"> * information: "Portions \
copyright [year] [name of copyright owner]". </span><span class="cx"> *
</span><del>- * Copyright 2014 ForgeRock AS.
</del><ins>+ * Copyright 2014-2015 ForgeRock AS.
</ins><span class="cx"> */
</span><span class="cx">
</span><span class="cx"> package org.forgerock.openidconnect;
</span><span class="lines">@@ -19,6 +19,7 @@
</span><span class="cx"> import org.forgerock.oauth2.core.ClientRegistrationStore;
</span><span class="cx"> import org.forgerock.oauth2.core.OAuth2Request;
</span><span class="cx"> import \
org.forgerock.oauth2.core.exceptions.InvalidClientException; </span><ins>+import \
org.forgerock.oauth2.core.exceptions.NotFoundException; </ins><span class="cx">
</span><span class="cx"> /**
</span><span class="cx"> * The OpenId Connect provider's store for all client \
registrations. </span><span class="lines">@@ -30,5 +31,6 @@
</span><span class="cx"> /**
</span><span class="cx"> * {@inheritDoc}
</span><span class="cx"> */
</span><del>- OpenIdConnectClientRegistration get(String clientId, OAuth2Request \
request) throws InvalidClientException; </del><ins>+ \
OpenIdConnectClientRegistration get(String clientId, OAuth2Request request) + \
throws InvalidClientException, NotFoundException; </ins><span class="cx"> }
</span></span></pre></div>
<a id="branchesAME7692_noRestartsAuthopenamopenamoauth2commonopenidconnectcoresrctestjavaorgforgerockopenidconnectOpenIdConnectAuthorizeRequestValidatorTestjava"></a>
<div class="modfile"><h4>Modified: \
branches/AME-7692_noRestartsAuth/openam/openam-oauth2-common/openid-connect-core/src/t \
est/java/org/forgerock/openidconnect/OpenIdConnectAuthorizeRequestValidatorTest.java \
(14908 => 14909)</h4> <pre class="diff"><span>
<span class="info">--- \
branches/AME-7692_noRestartsAuth/openam/openam-oauth2-common/openid-connect-core/src/t \
est/java/org/forgerock/openidconnect/OpenIdConnectAuthorizeRequestValidatorTest.java 2015-07-31 \
14:42:37 UTC (rev 14908)
+++ branches/AME-7692_noRestartsAuth/openam/openam-oauth2-common/openid-connect-core/s \
rc/test/java/org/forgerock/openidconnect/OpenIdConnectAuthorizeRequestValidatorTest.java 2015-07-31 \
15:38:51 UTC (rev 14909) </span><span class="lines">@@ -11,7 +11,7 @@
</span><span class="cx"> * Header, with the fields enclosed by brackets [] replaced \
by your own identifying </span><span class="cx"> * information: "Portions \
copyright [year] [name of copyright owner]". </span><span class="cx"> *
</span><del>- * Copyright 2014 ForgeRock AS.
</del><ins>+ * Copyright 2014-2015 ForgeRock AS.
</ins><span class="cx"> */
</span><span class="cx">
</span><span class="cx"> package org.forgerock.openidconnect;
</span><span class="lines">@@ -22,6 +22,7 @@
</span><span class="cx"> import static org.testng.Assert.*;
</span><span class="cx">
</span><span class="cx"> import java.util.Collections;
</span><ins>+
</ins><span class="cx"> import org.forgerock.oauth2.core.ClientRegistration;
</span><span class="cx"> import org.forgerock.oauth2.core.ClientRegistrationStore;
</span><span class="cx"> import org.forgerock.oauth2.core.OAuth2Constants;
</span><span class="lines">@@ -29,6 +30,7 @@
</span><span class="cx"> import \
org.forgerock.oauth2.core.exceptions.BadRequestException; </span><span class="cx"> \
import org.forgerock.oauth2.core.exceptions.InvalidClientException; </span><span \
class="cx"> import org.forgerock.oauth2.core.exceptions.InvalidRequestException; \
</span><ins>+import org.forgerock.oauth2.core.exceptions.NotFoundException; \
</ins><span class="cx"> import org.mockito.Matchers; </span><span class="cx"> import \
org.testng.annotations.BeforeMethod; </span><span class="cx"> import \
org.testng.annotations.Test; </span><span class="lines">@@ -42,7 +44,7 @@
</span><span class="cx"> private ClientRegistration clientRegistration;
</span><span class="cx">
</span><span class="cx"> @BeforeMethod
</span><del>- public void setUp() throws InvalidClientException {
</del><ins>+ public void setUp() throws InvalidClientException, NotFoundException \
{ </ins><span class="cx"> ClientRegistrationStore clientRegistrationStore = \
mock(ClientRegistrationStore.class); </span><span class="cx"> \
clientRegistration = mock(ClientRegistration.class); </span><span class="cx"> \
given(clientRegistrationStore.get(anyString(), \
Matchers.<OAuth2Request>anyObject())).willReturn(clientRegistration); \
</span></span></pre></div> <a \
id="branchesAME7692_noRestartsAuthopenamopenamoauth2commonopenidconnectrestletsrcmainjavaorgforgerockopenidconnectrestletEndSessionjava"></a>
<div class="modfile"><h4>Modified: \
branches/AME-7692_noRestartsAuth/openam/openam-oauth2-common/openid-connect-restlet/src/main/java/org/forgerock/openidconnect/restlet/EndSession.java \
(14908 => 14909)</h4> <pre class="diff"><span>
<span class="info">--- \
branches/AME-7692_noRestartsAuth/openam/openam-oauth2-common/openid-connect-restlet/src/main/java/org/forgerock/openidconnect/restlet/EndSession.java 2015-07-31 \
14:42:37 UTC (rev 14908)
+++ branches/AME-7692_noRestartsAuth/openam/openam-oauth2-common/openid-connect-restlet/src/main/java/org/forgerock/openidconnect/restlet/EndSession.java 2015-07-31 \
15:38:51 UTC (rev 14909) </span><span class="lines">@@ -25,6 +25,7 @@
</span><span class="cx"> import org.forgerock.oauth2.core.OAuth2Request;
</span><span class="cx"> import org.forgerock.oauth2.core.OAuth2RequestFactory;
</span><span class="cx"> import \
org.forgerock.oauth2.core.exceptions.InvalidClientException; </span><ins>+import \
org.forgerock.oauth2.core.exceptions.NotFoundException; </ins><span class="cx"> \
import org.forgerock.oauth2.core.exceptions.OAuth2Exception; </span><span class="cx"> \
import org.forgerock.oauth2.core.exceptions.RedirectUriMismatchException; \
</span><span class="cx"> import \
org.forgerock.oauth2.core.exceptions.RelativeRedirectUriException; </span><span \
class="lines">@@ -41,6 +42,7 @@ </span><span class="cx"> import \
org.restlet.routing.Redirector; </span><span class="cx">
</span><span class="cx"> import javax.inject.Inject;
</span><ins>+
</ins><span class="cx"> import java.net.URI;
</span><span class="cx">
</span><span class="cx"> /**
</span><span class="lines">@@ -105,7 +107,8 @@
</span><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> private Representation handleRedirect(OAuth2Request \
request, String idToken, String redirectUri) </span><del>- throws \
RedirectUriMismatchException, InvalidClientException, RelativeRedirectUriException { \
</del><ins>+ throws RedirectUriMismatchException, InvalidClientException, \
+ RelativeRedirectUriException, NotFoundException { </ins><span \
class="cx"> </span><span class="cx"> validateRedirect(request, idToken, \
redirectUri); </span><span class="cx"> Response response = getResponse();
</span><span class="lines">@@ -115,7 +118,8 @@
</span><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> private void validateRedirect(OAuth2Request request, \
String idToken, String redirectUri) </span><del>- throws \
InvalidClientException, RedirectUriMismatchException, RelativeRedirectUriException { \
</del><ins>+ throws InvalidClientException, RedirectUriMismatchException, \
+ RelativeRedirectUriException, NotFoundException { </ins><span \
class="cx"> </span><span class="cx"> SignedJwt jwt = new \
JwtReconstruction().reconstructJwt(idToken, SignedJwt.class); </span><span \
class="cx"> JwtClaimsSet claims = jwt.getClaimsSet(); \
</span></span></pre></div> <a \
id="branchesAME7692_noRestartsAuthopenamopenamoauth2commonopenidconnectrestletsrctestjavaorgforgerockopenidconnectrestletEndSessionTestjava"></a>
<div class="modfile"><h4>Modified: \
branches/AME-7692_noRestartsAuth/openam/openam-oauth2-common/openid-connect-restlet/src/test/java/org/forgerock/openidconnect/restlet/EndSessionTest.java \
(14908 => 14909)</h4> <pre class="diff"><span>
<span class="info">--- \
branches/AME-7692_noRestartsAuth/openam/openam-oauth2-common/openid-connect-restlet/src/test/java/org/forgerock/openidconnect/restlet/EndSessionTest.java 2015-07-31 \
14:42:37 UTC (rev 14908)
+++ branches/AME-7692_noRestartsAuth/openam/openam-oauth2-common/openid-connect-restle \
t/src/test/java/org/forgerock/openidconnect/restlet/EndSessionTest.java 2015-07-31 \
15:38:51 UTC (rev 14909) </span><span class="lines">@@ -25,6 +25,7 @@
</span><span class="cx"> import org.forgerock.oauth2.core.OAuth2Request;
</span><span class="cx"> import org.forgerock.oauth2.core.OAuth2RequestFactory;
</span><span class="cx"> import \
org.forgerock.oauth2.core.exceptions.InvalidClientException; </span><ins>+import \
org.forgerock.oauth2.core.exceptions.NotFoundException; </ins><span class="cx"> \
import org.forgerock.oauth2.restlet.ExceptionHandler; </span><span class="cx"> import \
org.forgerock.oauth2.restlet.OAuth2RestletException; </span><span class="cx"> import \
org.forgerock.openidconnect.OpenIDConnectEndSession; </span><span class="lines">@@ \
-47,7 +48,7 @@ </span><span class="cx"> private ClientRegistration client;
</span><span class="cx">
</span><span class="cx"> @BeforeMethod
</span><del>- public void setup() throws InvalidClientException, \
SignatureException { </del><ins>+ public void setup() throws \
InvalidClientException, SignatureException, NotFoundException { </ins><span \
class="cx"> idToken = \
"eyAidHlwIjogIkpXVCIsICJhbGciOiAiSFMyNTYiIH0.eyAidG9rZW5OYW1lIjogImlkX3Rva2VuIiwgImF6cCI6ICJOZXdPcG" \
+ </span><span class="cx"> \
"VuSWRDbGllbnQiLCAic3ViIjogIlRlc3RVc2VyIiwgImF0X2hhc2giOiAibHhSNE1BcGV1aXl0dWxiVFI4OV9wQSIsICJpc3MiOi" \
+ </span><span class="cx"> \
"AiaHR0cDovL29wZW5hbS5leGFtcGxlLmNvbTo4MDgwL29wZW5hbS9vYXV0aDIiLCAib3JnLmZvcmdlcm9jay5vcGVuaWRjb25uZW" \
+ </span></span></pre></div>
<a id="branchesAME7692_noRestartsAuthopenamopenamrestsrcmainjavaorgforgerockopenamforgerockrestIdentityResourceV1java"></a>
<div class="propset"><h4>Property changes: \
branches/AME-7692_noRestartsAuth/openam/openam-rest/src/main/java/org/forgerock/openam/forgerockrest/IdentityResourceV1.java</h4>
<pre class="diff"><span>
</span></pre></div>
<a id="svnmergeinfo"></a>
<div class="modfile"><h4>Modified: svn:mergeinfo</h4></div>
<span class="cx">/branches/AME-4460_AME-4459/openam/openam-forgerock-rest/src/main/java/org/forgerock/openam/forgerockrest/IdentityResourceV1.java:10437-10535
</span><span class="cx">/branches/AME-4547/openam/openam-rest/src/main/java/org/forgerock/openam/forgerockrest/IdentityResourceV1.java:10585-10783
</span><span class="cx">/branches/AME-4569-XACML-Response-Provider-Support/openam/ope \
nam-rest/src/main/java/org/forgerock/openam/forgerockrest/IdentityResourceV1.java:10624-10817
</span><span class="cx">/branches/AME-4595/openam/openam-rest/src/main/java/org/forgerock/openam/forgerockrest/IdentityResourceV1.java:10581-10789
</span><span class="cx">/branches/AME-4609/openam/openam-rest/src/main/java/org/forgerock/openam/forgerockrest/IdentityResourceV1.java:10678-10949
</span><span class="cx">/branches/AME-4616/openam/openam-rest/src/main/java/org/forgerock/openam/forgerockrest/IdentityResourceV1.java:10652-10817
</span><span class="cx">/branches/AME-4638/openam/openam-rest/src/main/java/org/forgerock/openam/forgerockrest/IdentityResourceV1.java:10869-11050
</span><span class="cx">/branches/AME-5023/openam/openam-rest/src/main/java/org/forgerock/openam/forgerockrest/IdentityResourceV1.java:11070-11123
</span><span class="cx">/branches/AME-5326_refactor_and_test_oath_module/openam/opena \
m-rest/src/main/java/org/forgerock/openam/forgerockrest/IdentityResourceV1.java:13066-13428
</span><span class="cx">/branches/AME-5568-stateless-sessions/openam/openam-rest/src/main/java/org/forgerock/openam/forgerockrest/IdentityResourceV1.java:12629-13078
</span><span class="cx">/branches/AME-6128_and_AME-6129_JSONify_attributes_for_OATH/o \
penam/openam-rest/src/main/java/org/forgerock/openam/forgerockrest/IdentityResourceV1.java:13797-13866
</span><span class="cx">/branches/AME-6128_and_AME-6129_new_user_attributes_for_OATH/ \
openam/openam-rest/src/main/java/org/forgerock/openam/forgerockrest/IdentityResourceV1.java:13602-13794
</span><span class="cx">/branches/AME-6369/openam/openam-rest/src/main/java/org/forgerock/openam/forgerockrest/IdentityResourceV1.java:13289-13686
</span><span class="cx">/branches/AME-6627_Remove-LDAP-SDK/openam/openam-rest/src/main/java/org/forgerock/openam/forgerockrest/IdentityResourceV1.java:13713-14249
</span><span class="cx">/branches/AME-6796/openam/openam-rest/src/main/java/org/forgerock/openam/forgerockrest/IdentityResourceV1.java:13716-13732
</span><span class="cx">/branches/OPENAM-4775-REST-endpoint-malformed-3/openam/openam \
-rest/src/main/java/org/forgerock/openam/forgerockrest/IdentityResourceV1.java:11322-11331
</span><span class="cx">/branches/OPENAM-5269/openam/openam-rest/src/main/java/org/forgerock/openam/forgerockrest/IdentityResourceV1.java:11838-11851
</span><span class="cx">/branches/OPENAM-5970_trim_unused_qrcode_references/openam/op \
enam-rest/src/main/java/org/forgerock/openam/forgerockrest/IdentityResourceV1.java:13756-13770
</span><span class="cx">/branches/andyOpenam3969/openam/openam-rest/src/main/java/org/forgerock/openam/forgerockrest/IdentityResourceV1.java:10453-10977
</span><span class="cx">/branches/initial_uma/openam/openam-rest/src/main/java/org/forgerock/openam/forgerockrest/IdentityResourceV1.java:12067-12470
</span><span class="cx">/branches/maven_merge/openam/openam-forgerock-rest/src/main/java/org/forgerock/openam/forgerockrest/IdentityResource.java:3122-3124
</span><span class="cx">/branches/referralsWithoutApplications/openam/openam-rest/src \
/main/java/org/forgerock/openam/forgerockrest/IdentityResourceV1.java:11071-11119 \
</span><span class="cx">/branches/soap_sts_policy/openam-rest/src/main/java/org/forgerock/openam/forgerockrest/IdentityResourceV1.java:13301-13354
</span><span class="cx">/branches/stateless_logout/openam/openam-rest/src/main/java/org/forgerock/openam/forgerockrest/IdentityResourceV1.java:12511-13298
</span><span class="cx">/trunk/openam/openam-forgerock-rest/src/main/java/org/forgerock/openam/forgerockrest/IdentityResource.java:3125-10502
</span><span class="cx">/trunk/openam/openam-rest/src/main/java/org/forgerock/openam/forgerockrest/IdentityResourceV1.java:10443-10567
</span><span class="cx"> + \
/branches/AME-4378/openam/openam-rest/src/main/java/org/forgerock/openam/forgerockrest/IdentityResourceV1.java:10443-10621
</span><span class="cx">/branches/AME-4460_AME-4459/openam/openam-forgerock-rest/src/main/java/org/forgerock/openam/forgerockrest/IdentityResourceV1.java:10437-10535
</span><span class="cx">/branches/AME-4547/openam/openam-rest/src/main/java/org/forgerock/openam/forgerockrest/IdentityResourceV1.java:10585-10783
</span><span class="cx">/branches/AME-4569-XACML-Response-Provider-Support/openam/ope \
nam-rest/src/main/java/org/forgerock/openam/forgerockrest/IdentityResourceV1.java:10624-10817
</span><span class="cx">/branches/AME-4595/openam/openam-rest/src/main/java/org/forgerock/openam/forgerockrest/IdentityResourceV1.java:10581-10789
</span><span class="cx">/branches/AME-4609/openam/openam-rest/src/main/java/org/forgerock/openam/forgerockrest/IdentityResourceV1.java:10678-10949
</span><span class="cx">/branches/AME-4616/openam/openam-rest/src/main/java/org/forgerock/openam/forgerockrest/IdentityResourceV1.java:10652-10817
</span><span class="cx">/branches/AME-4638/openam/openam-rest/src/main/java/org/forgerock/openam/forgerockrest/IdentityResourceV1.java:10869-11050
</span><span class="cx">/branches/AME-5023/openam/openam-rest/src/main/java/org/forgerock/openam/forgerockrest/IdentityResourceV1.java:11070-11123
</span><span class="cx">/branches/AME-5326_refactor_and_test_oath_module/openam/opena \
m-rest/src/main/java/org/forgerock/openam/forgerockrest/IdentityResourceV1.java:13066-13428
</span><span class="cx">/branches/AME-5568-stateless-sessions/openam/openam-rest/src/main/java/org/forgerock/openam/forgerockrest/IdentityResourceV1.java:12629-13078
</span><span class="cx">/branches/AME-6128_and_AME-6129_JSONify_attributes_for_OATH/o \
penam/openam-rest/src/main/java/org/forgerock/openam/forgerockrest/IdentityResourceV1.java:13797-13866
</span><span class="cx">/branches/AME-6128_and_AME-6129_new_user_attributes_for_OATH/ \
openam/openam-rest/src/main/java/org/forgerock/openam/forgerockrest/IdentityResourceV1.java:13602-13794
</span><span class="cx">/branches/AME-6369/openam/openam-rest/src/main/java/org/forgerock/openam/forgerockrest/IdentityResourceV1.java:13289-13686
</span><span class="cx">/branches/AME-6627_Remove-LDAP-SDK/openam/openam-rest/src/main/java/org/forgerock/openam/forgerockrest/IdentityResourceV1.java:13713-14249
</span><span class="cx">/branches/AME-6796/openam/openam-rest/src/main/java/org/forgerock/openam/forgerockrest/IdentityResourceV1.java:13716-13732
</span><span class="cx">/branches/AME-7754_UMA_labels/openam/openam-rest/src/main/java/org/forgerock/openam/forgerockrest/IdentityResourceV1.java:14781-14882
</span><span class="cx">/branches/OPENAM-4775-REST-endpoint-malformed-3/openam/openam \
-rest/src/main/java/org/forgerock/openam/forgerockrest/IdentityResourceV1.java:11322-11331
</span><span class="cx">/branches/OPENAM-5269/openam/openam-rest/src/main/java/org/forgerock/openam/forgerockrest/IdentityResourceV1.java:11838-11851
</span><span class="cx">/branches/OPENAM-5970_trim_unused_qrcode_references/openam/op \
enam-rest/src/main/java/org/forgerock/openam/forgerockrest/IdentityResourceV1.java:13756-13770
</span><span class="cx">/branches/OPENAM-6326-ssoadm-classpath/openam/openam-rest/src \
/main/java/org/forgerock/openam/forgerockrest/IdentityResourceV1.java:14839-14844 \
</span><span class="cx">/branches/andyOpenam3969/openam/openam-rest/src/main/java/org/forgerock/openam/forgerockrest/IdentityResourceV1.java:10453-10977
</span><span class="cx">/branches/initial_uma/openam/openam-rest/src/main/java/org/forgerock/openam/forgerockrest/IdentityResourceV1.java:12067-12470
</span><span class="cx">/branches/maven_merge/openam/openam-forgerock-rest/src/main/java/org/forgerock/openam/forgerockrest/IdentityResource.java:3122-3124
</span><span class="cx">/branches/referralsWithoutApplications/openam/openam-rest/src \
/main/java/org/forgerock/openam/forgerockrest/IdentityResourceV1.java:11071-11119 \
</span><span class="cx">/branches/soap_sts_policy/openam-rest/src/main/java/org/forgerock/openam/forgerockrest/IdentityResourceV1.java:13301-13354
</span><span class="cx">/branches/stateless_logout/openam/openam-rest/src/main/java/org/forgerock/openam/forgerockrest/IdentityResourceV1.java:12511-13298
</span><span class="cx">/trunk/openam/openam-forgerock-rest/src/main/java/org/forgerock/openam/forgerockrest/IdentityResource.java:3125-10502
</span><span class="cx">/trunk/openam/openam-rest/src/main/java/org/forgerock/openam/forgerockrest/IdentityResourceV1.java:10443-10567,14738-14908
</span><a id="branchesAME7692_noRestartsAuthopenamopenamrestsrcmainjavaorgforgerockop \
enamforgerockrestUmaLabelResourcejavafromrev14908trunkopenamopenamrestsrcmainjavaorgforgerockopenamforgerockrestUmaLabelResourcejava"></a>
<div class="copfile"><h4>Copied: \
branches/AME-7692_noRestartsAuth/openam/openam-rest/src/main/java/org/forgerock/openam/forgerockrest/UmaLabelResource.java \
(from rev 14908, trunk/openam/openam-rest/src/main/java/org/forgerock/openam/forgerockrest/UmaLabelResource.java) \
(0 => 14909)</h4> <pre class="diff"><span>
<span class="info">--- \
branches/AME-7692_noRestartsAuth/openam/openam-rest/src/main/java/org/forgerock/openam/forgerockrest/UmaLabelResource.java \
(rev 0)
+++ branches/AME-7692_noRestartsAuth/openam/openam-rest/src/main/java/org/forgerock/openam/forgerockrest/UmaLabelResource.java 2015-07-31 \
15:38:51 UTC (rev 14909) </span><span class="lines">@@ -0,0 +1,243 @@
</span><ins>+/*
+ * The contents of this file are subject to the terms of the Common Development and
+ * Distribution License (the License). You may not use this file except in \
compliance with the + * License.
+ *
+ * You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for \
the + * specific language governing permission and limitations under the License.
+ *
+ * When distributing Covered Software, include this CDDL Header Notice in each file \
and include + * the License file at legal/CDDLv1.0.txt. If applicable, add the \
following below the CDDL + * Header, with the fields enclosed by brackets [] replaced \
by your own identifying + * information: "Portions copyright [year] [name of \
copyright owner]". + *
+ * Copyright 2015 ForgeRock AS.
+ */
+
+package org.forgerock.openam.forgerockrest;
+
+import javax.inject.Inject;
+import javax.inject.Provider;
+import java.util.Collections;
+import java.util.Locale;
+import java.util.Set;
+
+import com.sun.identity.common.LocaleContext;
+import com.sun.identity.shared.debug.Debug;
+import org.forgerock.json.fluent.JsonValue;
+import org.forgerock.json.fluent.JsonValueException;
+import org.forgerock.json.resource.ActionRequest;
+import org.forgerock.json.resource.BadRequestException;
+import org.forgerock.json.resource.CollectionResourceProvider;
+import org.forgerock.json.resource.CreateRequest;
+import org.forgerock.json.resource.DeleteRequest;
+import org.forgerock.json.resource.InternalServerErrorException;
+import org.forgerock.json.resource.NotSupportedException;
+import org.forgerock.json.resource.PatchRequest;
+import org.forgerock.json.resource.QueryRequest;
+import org.forgerock.json.resource.QueryResult;
+import org.forgerock.json.resource.QueryResultHandler;
+import org.forgerock.json.resource.ReadRequest;
+import org.forgerock.json.resource.Resource;
+import org.forgerock.json.resource.ResourceException;
+import org.forgerock.json.resource.ResultHandler;
+import org.forgerock.json.resource.ServerContext;
+import org.forgerock.json.resource.UpdateRequest;
+import org.forgerock.oauth2.core.ClientRegistration;
+import org.forgerock.oauth2.core.ClientRegistrationStore;
+import org.forgerock.oauth2.core.OAuth2Constants;
+import org.forgerock.oauth2.core.OAuth2Request;
+import org.forgerock.oauth2.core.exceptions.InvalidClientException;
+import org.forgerock.oauth2.core.exceptions.NotFoundException;
+import org.forgerock.openam.oauth2.resources.labels.LabelType;
+import org.forgerock.openam.oauth2.resources.labels.ResourceSetLabel;
+import org.forgerock.openam.oauth2.resources.labels.UmaLabelsStore;
+import org.forgerock.openam.rest.resource.ContextHelper;
+
+/**
+ * A collection provider for UMA Labels.
+ * @Since 13.0.0
+ */
+public class UmaLabelResource implements CollectionResourceProvider {
+
+ private static final Debug debug = Debug.getInstance("umaLabel");
+ private static final String TYPE_LABEL = "type";
+ private static final String NAME_LABEL = "name";
+ private final UmaLabelsStore labelStore;
+ private final ContextHelper contextHelper;
+ private final ClientRegistrationStore clientRegistrationStore;
+ private final Provider<LocaleContext> localeContextProvider;
+
+ @Inject
+ public UmaLabelResource(UmaLabelsStore labelStore, ContextHelper contextHelper,
+ ClientRegistrationStore clientRegistrationStore, \
Provider<LocaleContext> localeContextProvider) { + this.labelStore = \
labelStore; + this.contextHelper = contextHelper;
+ this.clientRegistrationStore = clientRegistrationStore;
+ this.localeContextProvider = localeContextProvider;
+ }
+
+ @Override
+ public void actionCollection(ServerContext serverContext, ActionRequest \
actionRequest, ResultHandler<JsonValue> resultHandler) { + \
resultHandler.handleError(new NotSupportedException("Not supported.")); + \
} +
+ @Override
+ public void actionInstance(ServerContext serverContext, String s, ActionRequest \
actionRequest, ResultHandler<JsonValue> resultHandler) { + \
resultHandler.handleError(new NotSupportedException("Not supported.")); + \
} +
+ @Override
+ public void createInstance(ServerContext serverContext, CreateRequest \
createRequest, ResultHandler<Resource> resultHandler) { + final \
JsonValue umaLabel = createRequest.getContent(); +
+ try {
+ validate(umaLabel);
+ } catch (BadRequestException e) {
+ resultHandler.handleError(e);
+ return;
+ }
+
+ final String realm = getRealm(serverContext);
+ final String userName = getUserName(serverContext);
+ final String labelName = umaLabel.get(NAME_LABEL).asString();
+ final String labelType = umaLabel.get(TYPE_LABEL).asString();
+ final ResourceSetLabel label;
+
+ try {
+ label = labelStore.create(realm, userName, new \
ResourceSetLabel("", labelName, LabelType.valueOf(labelType), \
Collections.EMPTY_SET)); + resultHandler.handleResult(new \
Resource(label.getId(), String.valueOf(label.hashCode()), label.asJson())); + \
} catch (ResourceException e) { + resultHandler.handleError(new \
BadRequestException("Error creating label")); + }
+ }
+
+ private void validate(JsonValue umaLabel) throws BadRequestException {
+ try {
+ umaLabel.get(TYPE_LABEL).required();
+ umaLabel.get(TYPE_LABEL).asEnum(LabelType.class);
+ umaLabel.get(NAME_LABEL).required();
+ } catch (JsonValueException e) {
+ debug.error("Invalid Json - " + e.getMessage());
+ throw new BadRequestException("Invalid Json - " + \
e.getMessage()); + }
+ }
+
+ @Override
+ public void deleteInstance(ServerContext serverContext, String labelId, \
DeleteRequest deleteRequest, ResultHandler<Resource> resultHandler) { + \
try { + ResourceSetLabel resourceSetLabel = \
labelStore.read(getRealm(serverContext), getUserName(serverContext), labelId); +
+ if (!isSameRevision(deleteRequest, resourceSetLabel)) {
+ throw new BadRequestException("Revision number doesn't match \
latest revision."); + }
+
+ labelStore.delete(getRealm(serverContext), getUserName(serverContext), \
labelId); + resultHandler.handleResult(new Resource(labelId, null, \
resourceSetLabel.asJson())); + } catch (ResourceException e) {
+ resultHandler.handleError(new BadRequestException("Error deleting \
label.")); + }
+ }
+
+ private boolean isSameRevision(DeleteRequest deleteRequest, ResourceSetLabel \
resourceSetLabel) { + return \
deleteRequest.getRevision().equals(String.valueOf(resourceSetLabel.hashCode())); + \
} +
+ @Override
+ public void patchInstance(ServerContext serverContext, String s, PatchRequest \
patchRequest, ResultHandler<Resource> resultHandler) { + \
resultHandler.handleError(new NotSupportedException("Not supported.")); + \
} +
+ @Override
+ public void queryCollection(ServerContext serverContext, QueryRequest \
queryRequest, QueryResultHandler queryResultHandler) { + if \
(!queryRequest.getQueryFilter().toString().equals("true")) { + \
queryResultHandler.handleError(new BadRequestException("Invalid query")); + \
return; + }
+
+ Set<ResourceSetLabel> labels;
+ try {
+ labels = labelStore.list(getRealm(serverContext), \
getUserName(serverContext)); + } catch (ResourceException e) {
+ queryResultHandler.handleError(new BadRequestException("Error \
retrieving labels.")); + return;
+ }
+
+ LocaleContext localeContext = localeContextProvider.get();
+ for (ResourceSetLabel label : labels) {
+ try {
+ label = resolveLabelName(contextHelper.getRealm(serverContext), \
label, localeContext); + } catch (InternalServerErrorException e) {
+ debug.error("Could not resolve Resource Server label name. id: \
{}, name: {}", label.getId(), + label.getName(), e);
+ }
+ queryResultHandler.handleResource(new Resource(label.getId(),
+ String.valueOf(label.asJson().getObject().hashCode()), \
label.asJson())); + }
+
+ queryResultHandler.handleResult(new QueryResult());
+ }
+
+ private ResourceSetLabel resolveLabelName(String realm, ResourceSetLabel label, \
LocaleContext localeContext) + throws InternalServerErrorException {
+ if (label.getId().endsWith("/" + label.getName())) {
+ String resourceServerId = label.getId().substring(0, \
label.getId().lastIndexOf("/")); + String resourceServerName = \
resolveResourceServerName(resourceServerId, realm, localeContext); + if \
(resourceServerName != null) { + label.setName(resourceServerName + \
"/" + label.getName()); + }
+ }
+ return label;
+ }
+
+ private String resolveResourceServerName(String resourceServerId, final String \
realm, LocaleContext localeContext) + throws InternalServerErrorException \
{ + try {
+ ClientRegistration clientRegistration = \
clientRegistrationStore.get(resourceServerId, new OAuth2Request() { + \
@Override + public <T> T getRequest() {
+ throw new UnsupportedOperationException("Realm parameter \
only OAuth2Request"); + }
+
+ @Override
+ public <T> T getParameter(String name) {
+ if (OAuth2Constants.Custom.REALM.equals(name)) {
+ return (T) realm;
+ }
+ throw new UnsupportedOperationException("Realm parameter \
only OAuth2Request"); + }
+
+ @Override
+ public JsonValue getBody() {
+ return null;
+ }
+
+ @Override
+ public Locale getLocale() {
+ return null;
+ }
+ });
+ return clientRegistration.getDisplayName(localeContext.getLocale());
+ } catch (InvalidClientException | NotFoundException e) {
+ throw new InternalServerErrorException("Could not resolve Resource \
Server label name", e); + }
+ }
+
+ @Override
+ public void readInstance(ServerContext serverContext, String s, ReadRequest \
readRequest, ResultHandler<Resource> resultHandler) { + \
resultHandler.handleError(new NotSupportedException("Not supported.")); + \
} +
+ @Override
+ public void updateInstance(ServerContext serverContext, String s, UpdateRequest \
updateRequest, ResultHandler<Resource> resultHandler) { + \
resultHandler.handleError(new NotSupportedException("Not supported.")); + \
} +
+ private String getRealm(ServerContext context) {
+ return contextHelper.getRealm(context);
+ }
+
+ private String getUserName(ServerContext context) {
+ return contextHelper.getUserId(context);
+ }
+}
</ins></span></pre></div>
<a id="branchesAME7692_noRestartsAuthopenamopenamrestsrcmainjavaorgforgerockopenamforgerockrestauthnRestAuthenticationHandlerjava"></a>
<div class="modfile"><h4>Modified: \
branches/AME-7692_noRestartsAuth/openam/openam-rest/src/main/java/org/forgerock/openam/forgerockrest/authn/RestAuthenticationHandler.java \
(14908 => 14909)</h4> <pre class="diff"><span>
<span class="info">--- \
branches/AME-7692_noRestartsAuth/openam/openam-rest/src/main/java/org/forgerock/openam/forgerockrest/authn/RestAuthenticationHandler.java 2015-07-31 \
14:42:37 UTC (rev 14908)
+++ branches/AME-7692_noRestartsAuth/openam/openam-rest/src/main/java/org/forgerock/openam/forgerockrest/authn/RestAuthenticationHandler.java 2015-07-31 \
15:38:51 UTC (rev 14909) </span><span class="lines">@@ -226,65 +226,65 @@
</span><span class="cx"> throws AuthLoginException, SignatureException, \
RestAuthException { </span><span class="cx">
</span><span class="cx"> switch (loginProcess.getLoginStage()) {
</span><del>- case REQUIREMENTS_WAITING: {
</del><ins>+ case REQUIREMENTS_WAITING: {
</ins><span class="cx">
</span><del>- Callback[] callbacks = loginProcess.getCallbacks();
</del><ins>+ Callback[] callbacks = loginProcess.getCallbacks();
</ins><span class="cx">
</span><del>- JsonValue jsonCallbacks;
- try {
- jsonCallbacks = handleCallbacks(request, response, postBody, \
callbacks);
- } catch (RestAuthResponseException e) {
- // Include the authId in the JSON response.
- if (authId == null) {
- authId = authIdHelper.createAuthId(loginConfiguration, \
loginProcess.getAuthContext()); </del><ins>+ JsonValue jsonCallbacks;
+ try {
+ jsonCallbacks = handleCallbacks(request, response, postBody, \
callbacks); + } catch (RestAuthResponseException e) {
+ // Include the authId in the JSON response.
+ if (authId == null) {
+ authId = authIdHelper.createAuthId(loginConfiguration, \
loginProcess.getAuthContext()); + }
+ e.getJsonResponse().put("authId", authId);
+ throw e;
</ins><span class="cx"> }
</span><del>- e.getJsonResponse().put("authId", authId);
- throw e;
- }
</del><span class="cx">
</span><del>- if (jsonCallbacks != null && jsonCallbacks.size() \
> 0) {
- JsonValue jsonValue = createJsonCallbackResponse(authId, \
loginConfiguration, loginProcess,
- jsonCallbacks);
- return jsonValue;
- } else {
- loginProcess = loginProcess.next(callbacks);
- return processAuthentication(request, response, null, authId,
- loginProcess, loginConfiguration);
</del><ins>+ if (jsonCallbacks != null && jsonCallbacks.size() \
> 0) { + JsonValue jsonValue = \
createJsonCallbackResponse(authId, loginConfiguration, loginProcess, + \
jsonCallbacks); + return jsonValue;
+ } else {
+ loginProcess = loginProcess.next(callbacks);
+ return processAuthentication(request, response, null, authId,
+ loginProcess, loginConfiguration);
+ }
</ins><span class="cx"> }
</span><del>- }
- case COMPLETE: {
- loginProcess.cleanup();
</del><ins>+ case COMPLETE: {
+ loginProcess.cleanup();
</ins><span class="cx">
</span><del>- if (loginProcess.isSuccessful()) {
- // send token to client
- JsonObject jsonResponseObject = JsonValueBuilder.jsonValue();
</del><ins>+ if (loginProcess.isSuccessful()) {
+ // send token to client
+ JsonObject jsonResponseObject = JsonValueBuilder.jsonValue();
</ins><span class="cx">
</span><del>- SSOToken ssoToken = loginProcess.getSSOToken();
- if (ssoToken != null) {
- String tokenId = ssoToken.getTokenID().toString();
- jsonResponseObject.put("tokenId", tokenId);
- } else {
- jsonResponseObject.put("message", "Authentication \
Successful");
- }
</del><ins>+ SSOToken ssoToken = loginProcess.getSSOToken();
+ if (ssoToken != null) {
+ String tokenId = ssoToken.getTokenID().toString();
+ jsonResponseObject.put("tokenId", tokenId);
+ } else {
+ jsonResponseObject.put("message", \
"Authentication Successful"); + }
</ins><span class="cx">
</span><del>- String gotoUrl = \
urlValidator.getRedirectUrl(loginProcess.getOrgDN(),
- urlValidator.getValueFromJson(postBody, \
RedirectUrlValidator.GOTO),
- loginProcess.getSuccessURL());
</del><ins>+ String gotoUrl = \
urlValidator.getRedirectUrl(loginProcess.getOrgDN(), + \
urlValidator.getValueFromJson(postBody, RedirectUrlValidator.GOTO), + \
loginProcess.getSuccessURL()); </ins><span class="cx">
</span><del>- jsonResponseObject.put("successUrl", gotoUrl);
</del><ins>+ jsonResponseObject.put("successUrl", \
gotoUrl); </ins><span class="cx">
</span><del>- return jsonResponseObject.build();
</del><ins>+ return jsonResponseObject.build();
</ins><span class="cx">
</span><del>- } else {
- // send Error to client
- AuthenticationContext authContext = loginProcess.getAuthContext();
- String errorCode = authContext.getErrorCode();
- String errorMessage = authContext.getErrorMessage();
</del><ins>+ } else {
+ // send Error to client
+ AuthenticationContext authContext = \
loginProcess.getAuthContext(); + String errorCode = \
authContext.getErrorCode(); + String errorMessage = \
authContext.getErrorMessage(); </ins><span class="cx">
</span><del>- throw new RestAuthErrorCodeException(errorCode, \
errorMessage); </del><ins>+ throw new \
RestAuthErrorCodeException(errorCode, errorMessage); + }
</ins><span class="cx"> }
</span><span class="cx"> }
</span><del>- }
</del><span class="cx">
</span><span class="cx"> // This should never happen
</span><span class="cx"> throw new \
RestAuthException(ResourceException.INTERNAL_ERROR, "Unknown Authentication \
State!"); </span></span></pre></div>
<a id="branchesAME7692_noRestartsAuthopenamopenamrestsrcmainjavaorgforgerockopenamforg \
erockrestutilsRequestHolderjavafromrev14908trunkopenamopenamrestsrcmainjavaorgforgerockopenamforgerockrestutilsRequestHolderjava"></a>
<div class="copfile"><h4>Copied: \
branches/AME-7692_noRestartsAuth/openam/openam-rest/src/main/java/org/forgerock/openam/forgerockrest/utils/RequestHolder.java \
(from rev 14908, trunk/openam/openam-rest/src/main/java/org/forgerock/openam/forgerockrest/utils/RequestHolder.java) \
(0 => 14909)</h4> <pre class="diff"><span>
<span class="info">--- \
branches/AME-7692_noRestartsAuth/openam/openam-rest/src/main/java/org/forgerock/openam/forgerockrest/utils/RequestHolder.java \
(rev 0)
+++ branches/AME-7692_noRestartsAuth/openam/openam-rest/src/main/java/org/forgerock/openam/forgerockrest/utils/RequestHolder.java 2015-07-31 \
15:38:51 UTC (rev 14909) </span><span class="lines">@@ -0,0 +1,50 @@
</span><ins>+/*
+ * The contents of this file are subject to the terms of the Common Development and
+ * Distribution License (the License). You may not use this file except in \
compliance with the + * License.
+ *
+ * You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for \
the + * specific language governing permission and limitations under the License.
+ *
+ * When distributing Covered Software, include this CDDL Header Notice in each file \
and include + * the License file at legal/CDDLv1.0.txt. If applicable, add the \
following below the CDDL + * Header, with the fields enclosed by brackets [] replaced \
by your own identifying + * information: "Portions copyright [year] [name of \
copyright owner]". + *
+ * Copyright 2015 ForgeRock AS.
+ */
+
+package org.forgerock.openam.forgerockrest.utils;
+
+import javax.servlet.http.HttpServletRequest;
+
+/**
+ * Contains the {@code HttpServletRequest} for the current request. This assumes \
that + * the request is handled by a single thread, and will not work using Servlet 3
+ * asynchronous requests.
+ */
+public class RequestHolder {
+
+ private static final ThreadLocal<HttpServletRequest> REQUEST = new \
ThreadLocal<HttpServletRequest>() {}; +
+ /**
+ * Gets the request for this thread.
+ */
+ public static HttpServletRequest get() {
+ return REQUEST.get();
+ }
+
+ /**
+ * Sets the request for this thread.
+ */
+ public static void set(HttpServletRequest request) {
+ REQUEST.set(request);
+ }
+
+ /**
+ * Removes the request for this thread.
+ */
+ public static void remove() {
+ REQUEST.remove();
+ }
+}
</ins><span class="cx">\ No newline at end of file
</span></span></pre></div>
<a id="branchesAME7692_noRestartsAuthopenamopenamrestsrcmainjavaorgforgerockopenamforgerockrestutilsServerContextUtilsjava"></a>
<div class="modfile"><h4>Modified: \
branches/AME-7692_noRestartsAuth/openam/openam-rest/src/main/java/org/forgerock/openam/forgerockrest/utils/ServerContextUtils.java \
(14908 => 14909)</h4> <pre class="diff"><span>
<span class="info">--- \
branches/AME-7692_noRestartsAuth/openam/openam-rest/src/main/java/org/forgerock/openam/forgerockrest/utils/ServerContextUtils.java 2015-07-31 \
14:42:37 UTC (rev 14908)
+++ branches/AME-7692_noRestartsAuth/openam/openam-rest/src/main/java/org/forgerock/openam/forgerockrest/utils/ServerContextUtils.java 2015-07-31 \
15:38:51 UTC (rev 14909) </span><span class="lines">@@ -11,7 +11,7 @@
</span><span class="cx"> * Header, with the fields enclosed by brackets [] replaced \
by your own identifying </span><span class="cx"> * information: "Portions \
copyright [year] [name of copyright owner]". </span><span class="cx"> *
</span><del>-* Copyright 2014 ForgeRock AS.
</del><ins>+* Copyright 2014-2015 ForgeRock AS.
</ins><span class="cx"> */
</span><span class="cx"> package org.forgerock.openam.forgerockrest.utils;
</span><span class="cx">
</span><span class="lines">@@ -34,6 +34,7 @@
</span><span class="cx"> import org.forgerock.json.resource.ServerContext;
</span><span class="cx"> import org.forgerock.json.resource.UpdateRequest;
</span><span class="cx"> import org.forgerock.json.resource.servlet.HttpContext;
</span><ins>+import org.forgerock.openam.rest.resource.RealmContext;
</ins><span class="cx"> import org.forgerock.openam.rest.resource.SSOTokenContext;
</span><span class="cx"> import org.forgerock.openam.utils.StringUtils;
</span><span class="cx">
</span><span class="lines">@@ -257,4 +258,13 @@
</span><span class="cx"> }
</span><span class="cx"> return locale;
</span><span class="cx"> }
</span><ins>+
+ /**
+ * Gets the resolved realm from the context.
+ * @param context The context.
+ * @return The resolved realm.
+ */
+ public static String getRealm(ServerContext context) {
+ return context.asContext(RealmContext.class).getResolvedRealm();
+ }
</ins><span class="cx"> }
</span></span></pre></div>
<a id="branchesAME7692_noRestartsAuthopenamopenamrestsrcmainjavaorgforgerockopenamrestRestEndpointServletjava"></a>
<div class="modfile"><h4>Modified: \
branches/AME-7692_noRestartsAuth/openam/openam-rest/src/main/java/org/forgerock/openam/rest/RestEndpointServlet.java \
(14908 => 14909)</h4> <pre class="diff"><span>
<span class="info">--- \
branches/AME-7692_noRestartsAuth/openam/openam-rest/src/main/java/org/forgerock/openam/rest/RestEndpointServlet.java 2015-07-31 \
14:42:37 UTC (rev 14908)
+++ branches/AME-7692_noRestartsAuth/openam/openam-rest/src/main/java/org/forgerock/openam/rest/RestEndpointServlet.java 2015-07-31 \
15:38:51 UTC (rev 14909) </span><span class="lines">@@ -20,6 +20,7 @@
</span><span class="cx"> import com.google.inject.name.Names;
</span><span class="cx"> import org.forgerock.json.resource.ConnectionFactory;
</span><span class="cx"> import org.forgerock.guice.core.InjectorHolder;
</span><ins>+import org.forgerock.openam.forgerockrest.utils.RequestHolder;
</ins><span class="cx"> import org.forgerock.openam.rest.resource.CrestHttpServlet;
</span><span class="cx"> import org.forgerock.openam.rest.router.RestEndpointManager;
</span><span class="cx"> import \
org.forgerock.openam.rest.service.JSONServiceEndpointApplication; </span><span \
class="lines">@@ -129,7 +130,12 @@ </span><span class="cx">
</span><span class="cx"> switch (endpointType) {
</span><span class="cx"> case RESOURCE: {
</span><del>- crestServlet.service(request, response);
</del><ins>+ RequestHolder.set(request);
+ try {
+ crestServlet.service(request, response);
+ } finally {
+ RequestHolder.remove();
+ }
</ins><span class="cx"> break;
</span><span class="cx"> }
</span><span class="cx"> case SERVICE: {
</span></span></pre></div>
<a id="branchesAME7692_noRestartsAuthopenamopenamrestsrcmainjavaorgforgerockopenamrestRestEndpointsjava"></a>
<div class="modfile"><h4>Modified: \
branches/AME-7692_noRestartsAuth/openam/openam-rest/src/main/java/org/forgerock/openam/rest/RestEndpoints.java \
(14908 => 14909)</h4> <pre class="diff"><span>
<span class="info">--- \
branches/AME-7692_noRestartsAuth/openam/openam-rest/src/main/java/org/forgerock/openam/rest/RestEndpoints.java 2015-07-31 \
14:42:37 UTC (rev 14908)
+++ branches/AME-7692_noRestartsAuth/openam/openam-rest/src/main/java/org/forgerock/openam/rest/RestEndpoints.java 2015-07-31 \
15:38:51 UTC (rev 14909) </span><span class="lines">@@ -81,10 +81,12 @@
</span><span class="cx"> import \
org.forgerock.openam.rest.sms.SmsServerPropertiesResource; </span><span class="cx"> \
import org.forgerock.openam.rest.uma.PendingRequestResource; </span><span class="cx"> \
import org.forgerock.openam.rest.uma.UmaConfigurationResource; </span><ins>+import \
org.forgerock.openam.rest.uma.UmaEnabledFilter; </ins><span class="cx"> import \
org.forgerock.openam.rest.uma.UmaPolicyResource; </span><span class="cx"> import \
org.forgerock.openam.rest.uma.UmaPolicyResourceAuthzFilter; </span><span class="cx"> \
import org.forgerock.openam.uma.UmaConstants; </span><span class="cx"> import \
org.forgerock.openam.uma.UmaExceptionFilter; </span><ins>+import \
org.forgerock.openam.forgerockrest.UmaLabelResource; </ins><span class="cx"> import \
org.forgerock.openam.uma.UmaWellKnownConfigurationEndpoint; </span><span class="cx"> \
import org.forgerock.openidconnect.restlet.ConnectClientRegistration; </span><span \
class="cx"> import org.forgerock.openidconnect.restlet.EndSession; </span><span \
class="lines">@@ -224,22 +226,26 @@ </span><span class="cx"> \
dynamicRealmRouter.route("/users/{user}/devices/2fa/oath") </span><span \
class="cx"> \
.forVersion("1.0").to(OathDevicesResource.class); </span><span class="cx">
</span><del>- \
dynamicRealmRouter.route("/users/{user}/oauth2/resourcesets") </del><ins>+ \
dynamicRealmRouter.route("/users/{user}/oauth2/resources/sets") </ins><span \
class="cx"> .through(ResourceOwnerOrSuperUserAuthzModule.class, \
ResourceOwnerOrSuperUserAuthzModule.NAME) </span><del>- \
.forVersion("1.0").to(ResourceSetResource.class); </del><ins>+ \
.forVersion("1.0").through(UmaEnabledFilter.class).to(ResourceSetResource.class);
</ins><span class="cx">
</span><span class="cx"> \
dynamicRealmRouter.route("/users/{user}/uma/policies") </span><span \
class="cx"> .through(UmaPolicyResourceAuthzFilter.class, \
UmaPolicyResourceAuthzFilter.NAME) </span><del>- \
.forVersion("1.0").to(UmaPolicyResource.class); </del><ins>+ \
.forVersion("1.0").through(UmaEnabledFilter.class).to(UmaPolicyResource.class);
</ins><span class="cx">
</span><span class="cx"> \
dynamicRealmRouter.route("/users/{user}/uma/auditHistory") </span><span \
class="cx"> .through(ResourceOwnerOrSuperUserAuthzModule.class, \
ResourceOwnerOrSuperUserAuthzModule.NAME) </span><del>- \
.forVersion("1.0").to(AuditHistory.class); </del><ins>+ \
.forVersion("1.0").through(UmaEnabledFilter.class).to(AuditHistory.class); \
</ins><span class="cx"> </span><span class="cx"> \
dynamicRealmRouter.route("/users/{user}/uma/pendingrequests") </span><span \
class="cx"> .through(ResourceOwnerOrSuperUserAuthzModule.class, \
ResourceOwnerOrSuperUserAuthzModule.NAME) </span><del>- \
.forVersion("1.0").to(PendingRequestResource.class); </del><ins>+ \
.forVersion("1.0").through(UmaEnabledFilter.class).to(PendingRequestResource.class);
</ins><span class="cx">
</span><ins>+ \
dynamicRealmRouter.route("/users/{user}/oauth2/resources/labels") + \
.through(ResourceOwnerOrSuperUserAuthzModule.class, \
ResourceOwnerOrSuperUserAuthzModule.NAME) + \
.forVersion("1.0").to(UmaLabelResource.class); +
</ins><span class="cx"> //protected
</span><span class="cx"> dynamicRealmRouter.route("/policies")
</span><span class="cx"> .through(PrivilegeAuthzModule.class, \
PrivilegeAuthzModule.NAME) </span></span></pre></div>
<a id="branchesAME7692_noRestartsAuthopenamopenamrestsrcmainjavaorgforgerockopenamrest \
devicesDeviceSerialisationjavafromrev14908trunkopenamopenamrestsrcmainjavaorgforgerockopenamrestdevicesDeviceSerialisationjava"></a>
<div class="copfile"><h4>Copied: \
branches/AME-7692_noRestartsAuth/openam/openam-rest/src/main/java/org/forgerock/openam/rest/devices/DeviceSerialisation.java \
(from rev 14908, trunk/openam/openam-rest/src/main/java/org/forgerock/openam/rest/devices/DeviceSerialisation.java) \
(0 => 14909)</h4> <pre class="diff"><span>
<span class="info">--- \
branches/AME-7692_noRestartsAuth/openam/openam-rest/src/main/java/org/forgerock/openam/rest/devices/DeviceSerialisation.java \
(rev 0)
+++ branches/AME-7692_noRestartsAuth/openam/openam-rest/src/main/java/org/forgerock/openam/rest/devices/DeviceSerialisation.java 2015-07-31 \
15:38:51 UTC (rev 14909) </span><span class="lines">@@ -0,0 +1,42 @@
</span><ins>+/*
+ * The contents of this file are subject to the terms of the Common Development and
+ * Distribution License (the License). You may not use this file except in \
compliance with the + * License.
+ *
+ * You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for \
the + * specific language governing permission and limitations under the License.
+ *
+ * When distributing Covered Software, include this CDDL Header Notice in each file \
and include + * the License file at legal/CDDLv1.0.txt. If applicable, add the \
following below the CDDL + * Header, with the fields enclosed by brackets [] replaced \
by your own identifying + * information: "Portions copyright [year] [name of \
copyright owner]". + *
+ * Copyright 2015 ForgeRock AS.
+ */
+
+package org.forgerock.openam.rest.devices;
+
+import org.forgerock.json.fluent.JsonValue;
+
+/**
+ * Provides serialisation of devices between JsonValue and String representations.
+ */
+public interface DeviceSerialisation {
+
+ /**
+ * Converts a JSON device profile to a string.
+ *
+ * @param deviceProfile the device profile to convert to a string.
+ * @return the serialised device profile.
+ */
+ String deviceProfileToString(JsonValue deviceProfile);
+
+ /**
+ * Converts a serialised string back into a JSON device profile.
+ *
+ * @param value the value to parse back into a JSON device profile.
+ * @return the JSON device profile.
+ * @throws IllegalArgumentException if the value cannot be parsed as a string.
+ */
+ JsonValue stringToDeviceProfile(String value);
+}
</ins></span></pre></div>
<a id="branchesAME7692_noRestartsAuthopenamopenamrestsrcmainjavaorgforgerockopenamrest \
devicesEncryptedJwtDeviceSerialisationjavafromrev14908trunkopenamopenamrestsrcmainjavaorgforgerockopenamrestdevicesEncryptedJwtDeviceSerialisationjava"></a>
<div class="copfile"><h4>Copied: \
branches/AME-7692_noRestartsAuth/openam/openam-rest/src/main/java/org/forgerock/openam/rest/devices/EncryptedJwtDeviceSerialisation.java \
(from rev 14908, trunk/openam/openam-rest/src/main/java/org/forgerock/openam/rest/devices/EncryptedJwtDeviceSerialisation.java) \
(0 => 14909)</h4> <pre class="diff"><span>
<span class="info">--- \
branches/AME-7692_noRestartsAuth/openam/openam-rest/src/main/java/org/forgerock/openam/rest/devices/EncryptedJwtDeviceSerialisation.java \
(rev 0)
+++ branches/AME-7692_noRestartsAuth/openam/openam-rest/src/main/java/org/forgerock/openam/rest/devices/EncryptedJwtDeviceSerialisation.java 2015-07-31 \
15:38:51 UTC (rev 14909) </span><span class="lines">@@ -0,0 +1,75 @@
</span><ins>+/*
+ * The contents of this file are subject to the terms of the Common Development and
+ * Distribution License (the License). You may not use this file except in \
compliance with the + * License.
+ *
+ * You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for \
the + * specific language governing permission and limitations under the License.
+ *
+ * When distributing Covered Software, include this CDDL Header Notice in each file \
and include + * the License file at legal/CDDLv1.0.txt. If applicable, add the \
following below the CDDL + * Header, with the fields enclosed by brackets [] replaced \
by your own identifying + * information: "Portions copyright [year] [name of \
copyright owner]". + *
+ * Copyright 2015 ForgeRock AS.
+ */
+
+package org.forgerock.openam.rest.devices;
+
+import org.forgerock.json.fluent.JsonValue;
+import org.forgerock.json.jose.builders.JwtBuilderFactory;
+import org.forgerock.json.jose.common.JwtReconstruction;
+import org.forgerock.json.jose.jwe.EncryptedJwt;
+import org.forgerock.json.jose.jwe.EncryptionMethod;
+import org.forgerock.json.jose.jwe.JweAlgorithm;
+import org.forgerock.json.jose.jwt.JwtClaimsSet;
+import org.forgerock.util.Reject;
+
+import java.security.KeyPair;
+import java.util.LinkedHashMap;
+
+/**
+ * Stores device profiles as an encrypted JWT for security.
+ */
+public final class EncryptedJwtDeviceSerialisation implements DeviceSerialisation {
+ private static final JwtBuilderFactory JWT = new JwtBuilderFactory();
+
+ private final KeyPair keyPair;
+ private final EncryptionMethod encryptionMethod;
+ private final JweAlgorithm jweAlgorithm;
+
+ public EncryptedJwtDeviceSerialisation(final EncryptionMethod encryptionMethod, \
final JweAlgorithm jweAlgorithm, + final \
KeyPair encryptionKeyPair) { + Reject.ifNull(encryptionMethod, jweAlgorithm, \
encryptionKeyPair); + Reject.ifNull(encryptionKeyPair.getPublic(), \
"PublicKey cannot be null"); + \
Reject.ifNull(encryptionKeyPair.getPrivate(), "PrivateKey cannot be null"); \
+ + this.keyPair = encryptionKeyPair;
+ this.encryptionMethod = encryptionMethod;
+ this.jweAlgorithm = jweAlgorithm;
+ }
+
+ @Override
+ public String deviceProfileToString(final JsonValue deviceProfile) {
+ return JWT.jwe(keyPair.getPublic())
+ .headers().enc(encryptionMethod).alg(jweAlgorithm).done()
+ .claims(JWT.claims().claims(deviceProfile.asMap()).build())
+ .build();
+ }
+
+ @Override
+ public JsonValue stringToDeviceProfile(final String value) {
+ final EncryptedJwt jwt = new JwtReconstruction().reconstructJwt(value, \
EncryptedJwt.class); + jwt.decrypt(keyPair.getPrivate());
+ return claimsToJson(jwt.getClaimsSet());
+ }
+
+ private static JsonValue claimsToJson(JwtClaimsSet claims) {
+ final JsonValue json = new JsonValue(new LinkedHashMap<>());
+ for (String key : claims.keys()) {
+ json.put(key, claims.getClaim(key));
+ }
+ return json;
+ }
+
+}
</ins></span></pre></div>
<a id="branchesAME7692_noRestartsAuthopenamopenamrestsrcmainjavaorgforgerockopenamrest \
devicesJsonDeviceSerialisationjavafromrev14908trunkopenamopenamrestsrcmainjavaorgforgerockopenamrestdevicesJsonDeviceSerialisationjava"></a>
<div class="copfile"><h4>Copied: \
branches/AME-7692_noRestartsAuth/openam/openam-rest/src/main/java/org/forgerock/openam/rest/devices/JsonDeviceSerialisation.java \
(from rev 14908, trunk/openam/openam-rest/src/main/java/org/forgerock/openam/rest/devices/JsonDeviceSerialisation.java) \
(0 => 14909)</h4> <pre class="diff"><span>
<span class="info">--- \
branches/AME-7692_noRestartsAuth/openam/openam-rest/src/main/java/org/forgerock/openam/rest/devices/JsonDeviceSerialisation.java \
(rev 0)
+++ branches/AME-7692_noRestartsAuth/openam/openam-rest/src/main/java/org/forgerock/openam/rest/devices/JsonDeviceSerialisation.java 2015-07-31 \
15:38:51 UTC (rev 14909) </span><span class="lines">@@ -0,0 +1,36 @@
</span><ins>+/*
+ * The contents of this file are subject to the terms of the Common Development and
+ * Distribution License (the License). You may not use this file except in \
compliance with the + * License.
+ *
+ * You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for \
the + * specific language governing permission and limitations under the License.
+ *
+ * When distributing Covered Software, include this CDDL Header Notice in each file \
and include + * the License file at legal/CDDLv1.0.txt. If applicable, add the \
following below the CDDL + * Header, with the fields enclosed by brackets [] replaced \
by your own identifying + * information: "Portions copyright [year] [name of \
copyright owner]". + *
+ * Copyright 2015 ForgeRock AS.
+ */
+
+package org.forgerock.openam.rest.devices;
+
+import org.forgerock.json.fluent.JsonValue;
+import org.forgerock.openam.utils.JsonValueBuilder;
+
+/**
+ * Stores devices as the JSON string serialisation of the device profile.
+ *
+ */
+public final class JsonDeviceSerialisation implements DeviceSerialisation {
+ @Override
+ public String deviceProfileToString(final JsonValue deviceProfile) {
+ return deviceProfile.toString();
+ }
+
+ @Override
+ public JsonValue stringToDeviceProfile(final String value) {
+ return JsonValueBuilder.toJsonValue(value);
+ }
+}
</ins></span></pre></div>
<a id="branchesAME7692_noRestartsAuthopenamopenamrestsrcmainjavaorgforgerockopenamrestdevicesOathDeviceSettingsjava"></a>
<div class="modfile"><h4>Modified: \
branches/AME-7692_noRestartsAuth/openam/openam-rest/src/main/java/org/forgerock/openam/rest/devices/OathDeviceSettings.java \
(14908 => 14909)</h4> <pre class="diff"><span>
<span class="info">--- \
branches/AME-7692_noRestartsAuth/openam/openam-rest/src/main/java/org/forgerock/openam/rest/devices/OathDeviceSettings.java 2015-07-31 \
14:42:37 UTC (rev 14908)
+++ branches/AME-7692_noRestartsAuth/openam/openam-rest/src/main/java/org/forgerock/openam/rest/devices/OathDeviceSettings.java 2015-07-31 \
15:38:51 UTC (rev 14909) </span><span class="lines">@@ -18,6 +18,8 @@
</span><span class="cx">
</span><span class="cx"> import java.util.Objects;
</span><span class="cx"> import java.util.UUID;
</span><ins>+import java.util.concurrent.TimeUnit;
+
</ins><span class="cx"> import org.forgerock.util.Reject;
</span><span class="cx">
</span><span class="cx"> /**
</span><span class="lines">@@ -35,6 +37,7 @@
</span><span class="cx"> private int truncationOffset = 0;
</span><span class="cx"> private String[] recoveryCodes = new String[0];
</span><span class="cx"> private String uuid;
</span><ins>+ private int clockDriftSeconds = 0;
</ins><span class="cx">
</span><span class="cx"> public OathDeviceSettings() {
</span><span class="cx"> //Empty no-arg constructor for Jackson usage, due to \
presence of non-default constructor. </span><span class="lines">@@ -50,7 +53,7 @@
</span><span class="cx"> public OathDeviceSettings(String sharedSecret, String \
deviceName, long lastLogin, int counter) { </span><span class="cx"> \
setSharedSecret(sharedSecret); </span><span class="cx"> \
setDeviceName(deviceName); </span><del>- setLastLogin(lastLogin);
</del><ins>+ setLastLogin(lastLogin, TimeUnit.SECONDS);
</ins><span class="cx"> setCounter(counter);
</span><span class="cx">
</span><span class="cx"> //when created w/ the constructor, use a random \
String </span><span class="lines">@@ -97,14 +100,15 @@
</span><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> /**
</span><del>- * Set the last login time, in milliseconds, when this device was \
used. This is relevant for authentication using </del><ins>+ * Set the last login \
time when this device was used. This is relevant for authentication using </ins><span \
class="cx"> * the TOTP algorithm. </span><span class="cx"> *
</span><span class="cx"> * @param lastLogin The last login time in ms. Can not \
be null. </span><ins>+ * @param timeUnit The time units.
</ins><span class="cx"> */
</span><del>- public void setLastLogin(long lastLogin) {
</del><ins>+ public void setLastLogin(long lastLogin, TimeUnit timeUnit) {
</ins><span class="cx"> Reject.ifNull(lastLogin, "lastLogin can not be \
null."); </span><del>- this.lastLogin = lastLogin;
</del><ins>+ this.lastLogin = timeUnit.toSeconds(lastLogin);
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> /**
</span><span class="lines">@@ -164,7 +168,7 @@
</span><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> /**
</span><del>- * Get the last login time, in milliseconds, when this device was \
used. This is relevant for authentication using </del><ins>+ * Get the last login \
time, in seconds, when this device was used. This is relevant for authentication \
using </ins><span class="cx"> * the TOTP algorithm.
</span><span class="cx"> *
</span><span class="cx"> * @return lastLogin The last login time in ms.
</span><span class="lines">@@ -210,6 +214,27 @@
</span><span class="cx"> return uuid;
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+ /**
+ * The calculated drift between the device and this server, in time steps. Used \
to implement the + * resynchronisation protocol described in <a \
href="https://tools.ietf.org/html/rfc6238#section-6">RFC 6238, + * \
section 6</a>. + *
+ * @return the current observed time-step drift for this TOTP client.
+ */
+ public int getClockDriftSeconds() {
+ return clockDriftSeconds;
+ }
+
+ /**
+ * Sets the observed time-step drift between this device and the server when \
performing TOTP authentication. + *
+ * @param clockDriftSeconds the observed time drift in time-steps.
+ * @see #getClockDriftSeconds()
+ */
+ public void setClockDriftSeconds(final int clockDriftSeconds) {
+ this.clockDriftSeconds = clockDriftSeconds;
+ }
+
</ins><span class="cx"> @Override
</span><span class="cx"> public boolean equals(Object o) {
</span><span class="cx"> if (this == o) {
</span><span class="lines">@@ -242,6 +267,9 @@
</span><span class="cx"> if (!uuid.equals(that.getUUID())) {
</span><span class="cx"> return false;
</span><span class="cx"> }
</span><ins>+ if (clockDriftSeconds != that.clockDriftSeconds) {
+ return false;
+ }
</ins><span class="cx">
</span><span class="cx"> return true;
</span><span class="cx"> }
</span><span class="lines">@@ -249,7 +277,7 @@
</span><span class="cx"> @Override
</span><span class="cx"> public int hashCode() {
</span><span class="cx"> return Objects.hash(sharedSecret, deviceName, \
lastLogin, counter, </span><del>- checksumDigit, truncationOffset, \
recoveryCodes, uuid); </del><ins>+ checksumDigit, truncationOffset, \
recoveryCodes, uuid, clockDriftSeconds); </ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> @Override
</span><span class="lines">@@ -262,6 +290,7 @@
</span><span class="cx"> ", checksumDigit='" + \
checksumDigit + '\'' + </span><span class="cx"> ", \
truncationOffset='" + truncationOffset + '\'' + </span><span class="cx"> \
", UUID='"+ uuid + '\'' + </span><ins>+ ", \
clockDriftSeconds=" + clockDriftSeconds + </ins><span class="cx"> \
'}'; </span><span class="cx"> }
</span><span class="cx">
</span></span></pre></div>
<a id="branchesAME7692_noRestartsAuthopenamopenamrestsrcmainjavaorgforgerockopenamrestdevicesOathDevicesResourcejava"></a>
<div class="modfile"><h4>Modified: \
branches/AME-7692_noRestartsAuth/openam/openam-rest/src/main/java/org/forgerock/openam/rest/devices/OathDevicesResource.java \
(14908 => 14909)</h4> <pre class="diff"><span>
<span class="info">--- \
branches/AME-7692_noRestartsAuth/openam/openam-rest/src/main/java/org/forgerock/openam/rest/devices/OathDevicesResource.java 2015-07-31 \
14:42:37 UTC (rev 14908)
+++ branches/AME-7692_noRestartsAuth/openam/openam-rest/src/main/java/org/forgerock/openam/rest/devices/OathDevicesResource.java 2015-07-31 \
15:38:51 UTC (rev 14909) </span><span class="lines">@@ -16,8 +16,26 @@
</span><span class="cx">
</span><span class="cx"> package org.forgerock.openam.rest.devices;
</span><span class="cx">
</span><ins>+import com.iplanet.sso.SSOException;
+import com.sun.identity.idm.AMIdentity;
+import com.sun.identity.idm.IdRepoException;
+import com.sun.identity.shared.debug.Debug;
+import com.sun.identity.sm.SMSException;
+import java.util.Set;
</ins><span class="cx"> import javax.inject.Inject;
</span><ins>+import javax.inject.Named;
+import org.forgerock.json.fluent.JsonValue;
+import org.forgerock.json.resource.ActionRequest;
+import org.forgerock.json.resource.ResourceException;
+import org.forgerock.json.resource.ResultHandler;
+import org.forgerock.json.resource.ServerContext;
+import org.forgerock.openam.rest.devices.services.OathService;
+import org.forgerock.openam.rest.devices.services.OathServiceFactory;
</ins><span class="cx"> import org.forgerock.openam.rest.resource.ContextHelper;
</span><ins>+import org.forgerock.openam.rest.resource.SSOTokenContext;
+import org.forgerock.openam.utils.CollectionUtils;
+import org.forgerock.openam.utils.JsonValueBuilder;
+import org.forgerock.util.annotations.VisibleForTesting;
</ins><span class="cx">
</span><span class="cx"> /**
</span><span class="cx"> * A user devices resource for OATH authentication devices.
</span><span class="lines">@@ -27,9 +45,84 @@
</span><span class="cx"> */
</span><span class="cx"> public class OathDevicesResource extends \
TwoFADevicesResource<OathDevicesDao> { </span><span class="cx">
</span><ins>+ private final static String SKIP = "skip";
+ private final static String CHECK = "check";
+
+ private final static String VALUE = "value";
+ private final static String RESULT = "result";
+
+ private final OathServiceFactory oathServiceFactory;
+ private final Debug debug;
+
</ins><span class="cx"> @Inject
</span><del>- public OathDevicesResource(OathDevicesDao dao, ContextHelper helper) \
{ </del><ins>+ public OathDevicesResource(OathDevicesDao dao, ContextHelper \
helper, + @Named("frRest") Debug debug, \
OathServiceFactory oathServiceFactory) { </ins><span class="cx"> super(dao, \
helper); </span><ins>+ this.debug = debug;
+ this.oathServiceFactory = oathServiceFactory;
</ins><span class="cx"> }
</span><span class="cx">
</span><ins>+ /**
+ * {@inheritDoc}
+ */
+ @Override
+ public void actionCollection(ServerContext context, ActionRequest request, \
ResultHandler<JsonValue> handler) { +
+ try {
+ final AMIdentity identity = getIdentity(context);
+ final OathService realmOathService = \
oathServiceFactory.create(getRealm(context)); +
+ switch (request.getAction()) {
+ case SKIP:
+
+ try {
+ final boolean setValue = \
request.getContent().get(VALUE).asBoolean(); +
+ realmOathService.setUserSkipOath(identity, setValue);
+ handler.handleResult(JsonValueBuilder.jsonValue().build());
+
+ } catch (SSOException | IdRepoException e) {
+ debug.error("OathDevicesResource :: SKIP action - \
Unable to set value in user store.", e); + \
handler.handleError(ResourceException.getException(ResourceException.INTERNAL_ERROR));
+ }
+
+ return;
+ case CHECK:
+ try {
+ final Set resultSet = \
identity.getAttribute(realmOathService.getSkippableAttributeName()); + \
boolean result = false; +
+ if (CollectionUtils.isNotEmpty(resultSet)) {
+ String tmp = (String) resultSet.iterator().next();
+ int resultInt = Integer.valueOf(tmp);
+ if (resultInt == OathService.SKIPPABLE) {
+ result = true;
+ }
+ }
+
+ \
handler.handleResult(JsonValueBuilder.jsonValue().put(RESULT, result).build()); +
+ } catch (SSOException | IdRepoException e) {
+ debug.error("OathDevicesResource :: CHECK action - \
Unable to read value from user store.", e); + \
handler.handleError(ResourceException.getException(ResourceException.INTERNAL_ERROR));
+ }
+ return;
+ default:
+ \
handler.handleError(ResourceException.getException(ResourceException.NOT_SUPPORTED)); \
+ } +
+ } catch (SMSException e) {
+ debug.error("OathDevicesResource :: Action - Unable to communicate \
with the SMS.", e); + \
handler.handleError(ResourceException.getException(ResourceException.INTERNAL_ERROR));
+ } catch (SSOException | IdRepoException e) {
+ debug.error("OathDevicesResource :: Action - Unable to retrieve \
identity data from request context", e); + \
handler.handleError(ResourceException.getException(ResourceException.INTERNAL_ERROR));
+ }
+ }
+
+ @VisibleForTesting
+ protected AMIdentity getIdentity(ServerContext context) throws SSOException, \
IdRepoException { + final SSOTokenContext ssoContext = \
context.asContext(SSOTokenContext.class); + return new \
AMIdentity(ssoContext.getCallerSSOToken()); + }
</ins><span class="cx"> }
</span><span class="cx">\ No newline at end of file
</span></span></pre></div>
<a id="branchesAME7692_noRestartsAuthopenamopenamrestsrcmainjavaorgforgerockopenamrestdevicesUserDevicesDaojava"></a>
<div class="modfile"><h4>Modified: \
branches/AME-7692_noRestartsAuth/openam/openam-rest/src/main/java/org/forgerock/openam/rest/devices/UserDevicesDao.java \
(14908 => 14909)</h4> <pre class="diff"><span>
<span class="info">--- \
branches/AME-7692_noRestartsAuth/openam/openam-rest/src/main/java/org/forgerock/openam/rest/devices/UserDevicesDao.java 2015-07-31 \
14:42:37 UTC (rev 14908)
+++ branches/AME-7692_noRestartsAuth/openam/openam-rest/src/main/java/org/forgerock/openam/rest/devices/UserDevicesDao.java 2015-07-31 \
15:38:51 UTC (rev 14909) </span><span class="lines">@@ -16,8 +16,6 @@
</span><span class="cx">
</span><span class="cx"> package org.forgerock.openam.rest.devices;
</span><span class="cx">
</span><del>-import static org.forgerock.openam.utils.JsonValueBuilder.*;
-
</del><span class="cx"> import com.iplanet.sso.SSOException;
</span><span class="cx"> import com.sun.identity.authentication.service.AuthD;
</span><span class="cx"> import com.sun.identity.idm.AMIdentity;
</span><span class="lines">@@ -27,6 +25,11 @@
</span><span class="cx"> import com.sun.identity.idm.IdSearchResults;
</span><span class="cx"> import com.sun.identity.idm.IdType;
</span><span class="cx"> import com.sun.identity.sm.SMSException;
</span><ins>+import org.forgerock.json.fluent.JsonValue;
+import org.forgerock.json.resource.InternalServerErrorException;
+import org.forgerock.openam.rest.devices.services.DeviceService;
+import org.forgerock.openam.rest.devices.services.DeviceServiceFactory;
+
</ins><span class="cx"> import java.util.ArrayList;
</span><span class="cx"> import java.util.Collections;
</span><span class="cx"> import java.util.HashMap;
</span><span class="lines">@@ -34,9 +37,6 @@
</span><span class="cx"> import java.util.List;
</span><span class="cx"> import java.util.Map;
</span><span class="cx"> import java.util.Set;
</span><del>-import org.forgerock.json.fluent.JsonValue;
-import org.forgerock.json.resource.InternalServerErrorException;
-import org.forgerock.openam.rest.devices.services.DeviceServiceFactory;
</del><span class="cx">
</span><span class="cx"> /**
</span><span class="cx"> * DAO for handling the retrieval and saving of a user's \
devices. </span><span class="lines">@@ -68,12 +68,14 @@
</span><span class="cx">
</span><span class="cx"> final AMIdentity identity = getIdentity(username, \
realm); </span><span class="cx"> try {
</span><del>- final String attrName = \
serviceFactory.create(realm).getConfigStorageAttributeName(); </del><ins>+ \
final DeviceService deviceService = serviceFactory.create(realm); + final \
String attrName = deviceService.getConfigStorageAttributeName(); + final \
DeviceSerialisation deviceSerialisation = \
deviceService.getDeviceSerialisationStrategy(); </ins><span class="cx">
</span><span class="cx"> Set<String> set = (Set<String>) \
identity.getAttribute(attrName); </span><span class="cx">
</span><span class="cx"> for (String profile : set) {
</span><del>- devices.add(toJsonValue(profile));
</del><ins>+ \
devices.add(deviceSerialisation.stringToDeviceProfile(profile)); </ins><span \
class="cx"> } </span><span class="cx">
</span><span class="cx"> return devices;
</span><span class="lines">@@ -97,14 +99,18 @@
</span><span class="cx">
</span><span class="cx"> final AMIdentity identity = getIdentity(username, \
realm); </span><span class="cx">
</span><ins>+
</ins><span class="cx"> Set<String> vals = new HashSet<>();
</span><span class="cx">
</span><del>- for (JsonValue profile : profiles) {
- vals.add(profile.toString());
- }
</del><span class="cx"> try {
</span><del>- final String attrName = \
serviceFactory.create(realm).getConfigStorageAttributeName(); </del><ins>+ \
final DeviceService deviceService = serviceFactory.create(realm); + final \
DeviceSerialisation deviceSerialisation = \
deviceService.getDeviceSerialisationStrategy(); + final String attrName = \
deviceService.getConfigStorageAttributeName(); </ins><span class="cx">
</span><ins>+ for (JsonValue profile : profiles) {
+ vals.add(deviceSerialisation.deviceProfileToString(profile));
+ }
+
</ins><span class="cx"> Map<String, Set> attrMap = new \
HashMap<>(); </span><span class="cx"> attrMap.put(attrName, vals);
</span><span class="cx">
</span></span></pre></div>
<a id="branchesAME7692_noRestartsAuthopenamopenamrestsrcmainjavaorgforgerockopenamrestdevicesservicesDeviceServicejava"></a>
<div class="modfile"><h4>Modified: \
branches/AME-7692_noRestartsAuth/openam/openam-rest/src/main/java/org/forgerock/openam/rest/devices/services/DeviceService.java \
(14908 => 14909)</h4> <pre class="diff"><span>
<span class="info">--- \
branches/AME-7692_noRestartsAuth/openam/openam-rest/src/main/java/org/forgerock/openam/rest/devices/services/DeviceService.java 2015-07-31 \
14:42:37 UTC (rev 14908)
+++ branches/AME-7692_noRestartsAuth/openam/openam-rest/src/main/java/org/forgerock/openam/rest/devices/services/DeviceService.java 2015-07-31 \
15:38:51 UTC (rev 14909) </span><span class="lines">@@ -16,6 +16,8 @@
</span><span class="cx"> package org.forgerock.openam.rest.devices.services;
</span><span class="cx">
</span><span class="cx">
</span><ins>+import org.forgerock.openam.rest.devices.DeviceSerialisation;
+
</ins><span class="cx"> /**
</span><span class="cx"> * Provides all necessary configuration information at a \
realm-wide level to 2FA authentication modules underneath it. </span><span \
class="cx"> */ </span><span class="lines">@@ -28,4 +30,10 @@
</span><span class="cx"> */
</span><span class="cx"> String getConfigStorageAttributeName();
</span><span class="cx">
</span><ins>+ /**
+ * Returns the strategy used for storing devices as profile attributes.
+ *
+ * @return the device profile storage strategy.
+ */
+ DeviceSerialisation getDeviceSerialisationStrategy();
</ins><span class="cx"> }
</span></span></pre></div>
<a id="branchesAME7692_noRestartsAuthopenamopenamrestsrcmainjavaorgforgerockopenamrestdevicesservicesOathServicejava"></a>
<div class="modfile"><h4>Modified: \
branches/AME-7692_noRestartsAuth/openam/openam-rest/src/main/java/org/forgerock/openam/rest/devices/services/OathService.java \
(14908 => 14909)</h4> <pre class="diff"><span>
<span class="info">--- \
branches/AME-7692_noRestartsAuth/openam/openam-rest/src/main/java/org/forgerock/openam/rest/devices/services/OathService.java 2015-07-31 \
14:42:37 UTC (rev 14908)
+++ branches/AME-7692_noRestartsAuth/openam/openam-rest/src/main/java/org/forgerock/openam/rest/devices/services/OathService.java 2015-07-31 \
15:38:51 UTC (rev 14909) </span><span class="lines">@@ -16,13 +16,35 @@
</span><span class="cx"> package org.forgerock.openam.rest.devices.services;
</span><span class="cx">
</span><span class="cx"> import com.iplanet.sso.SSOException;
</span><ins>+import com.sun.identity.idm.AMIdentity;
+import com.sun.identity.idm.IdRepoException;
</ins><span class="cx"> import com.sun.identity.security.AdminTokenAction;
</span><span class="cx"> import com.sun.identity.shared.datastruct.CollectionHelper;
</span><span class="cx"> import com.sun.identity.shared.debug.Debug;
</span><span class="cx"> import com.sun.identity.sm.SMSException;
</span><span class="cx"> import com.sun.identity.sm.ServiceConfig;
</span><span class="cx"> import com.sun.identity.sm.ServiceConfigManager;
</span><ins>+import java.util.Collections;
+import java.util.HashMap;
+import org.forgerock.json.jose.jwe.EncryptionMethod;
+import org.forgerock.json.jose.jwe.JweAlgorithm;
+import org.forgerock.openam.rest.devices.DeviceSerialisation;
+import org.forgerock.openam.rest.devices.EncryptedJwtDeviceSerialisation;
+import org.forgerock.openam.rest.devices.JsonDeviceSerialisation;
+import org.forgerock.openam.shared.security.crypto.KeyStoreBuilder;
+import org.forgerock.openam.shared.security.crypto.KeyStoreType;
+
+import java.io.File;
+import java.io.FileNotFoundException;
</ins><span class="cx"> import java.security.AccessController;
</span><ins>+import java.security.KeyPair;
+import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
+import java.security.PrivateKey;
+import java.security.PublicKey;
+import java.security.UnrecoverableKeyException;
+import java.security.cert.Certificate;
</ins><span class="cx"> import java.util.Map;
</span><span class="cx"> import java.util.Set;
</span><span class="cx">
</span><span class="lines">@@ -32,12 +54,27 @@
</span><span class="cx"> */
</span><span class="cx"> public class OathService implements DeviceService {
</span><span class="cx">
</span><del>- final static public String SERVICE_NAME = "OATH";
- final static public String SERVICE_VERSION = "1.0";
</del><ins>+ static public final String SERVICE_NAME = "OATH";
+ static public final String SERVICE_VERSION = "1.0";
</ins><span class="cx">
</span><ins>+ public static final int NOT_SET = 0;
+ public static final int SKIPPABLE = 1;
+ public static final int NOT_SKIPPABLE = 2;
+
</ins><span class="cx"> final static private Debug debug = \
Debug.getInstance("amAuthOATH"); </span><span class="cx">
</span><span class="cx"> public static final String OATH_ATTRIBUTE_NAME = \
"iplanet-am-auth-oath-attr-name"; </span><ins>+ private static final \
String OATH_ENCRYPTION_SCHEME = \
"openam-auth-oath-device-settings-encryption-scheme"; + private static \
final String OATH_KEYSTORE_FILE = \
"openam-auth-oath-device-settings-encryption-keystore"; + private static \
final String OATH_KEYSTORE_TYPE = \
"openam-auth-oath-device-settings-encryption-keystore-type"; + private \
static final String OATH_KEYSTORE_PASSWORD = + \
"openam-auth-oath-device-settings-encryption-keystore-password"; + \
private static final String OATH_KEYSTORE_KEYPAIR_ALIAS = + \
"openam-auth-oath-device-settings-encryption-keypair-alias"; + private \
static final String OATH_KEYSTORE_PRIVATEKEY_PASSWORD = + \
"openam-auth-oath-device-settings-encryption-privatekey-password"; + \
private static final String OATH_SKIPPABLE_ATTRIBUTE_NAME = + \
"iplanet-am-auth-oath-skippable-name"; </ins><span class="cx">
</span><span class="cx"> private Map<String, Set<String>> options;
</span><span class="cx">
</span><span class="lines">@@ -53,7 +90,6 @@
</span><span class="cx"> }
</span><span class="cx"> throw e;
</span><span class="cx"> }
</span><del>-
</del><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> /**
</span><span class="lines">@@ -63,4 +99,85 @@
</span><span class="cx"> public String getConfigStorageAttributeName() {
</span><span class="cx"> return CollectionHelper.getMapAttr(options, \
OATH_ATTRIBUTE_NAME); </span><span class="cx"> }
</span><ins>+
+ @Override
+ public DeviceSerialisation getDeviceSerialisationStrategy() {
+ final SupportedOathEncryptionScheme encryptionScheme =
+ SupportedOathEncryptionScheme.valueOf(CollectionHelper.getMapAttr(options, \
OATH_ENCRYPTION_SCHEME, + \
SupportedOathEncryptionScheme.NONE.toString())); +
+ if (encryptionScheme == null || encryptionScheme == \
SupportedOathEncryptionScheme.NONE) { + return new \
JsonDeviceSerialisation(); + } else {
+ return new \
EncryptedJwtDeviceSerialisation(encryptionScheme.encryptionMethod, + \
encryptionScheme.jweAlgorithm, getEncryptionKeyPair()); + }
+ }
+
+ private KeyPair getEncryptionKeyPair() {
+ try {
+ final KeyStore keyStore = new KeyStoreBuilder()
+ .withKeyStoreFile(new File(CollectionHelper.getMapAttr(options, \
OATH_KEYSTORE_FILE))) + \
.withPassword(CollectionHelper.getMapAttr(options, OATH_KEYSTORE_PASSWORD)) + \
.withKeyStoreType(KeyStoreType.valueOf(CollectionHelper.getMapAttr(options, \
OATH_KEYSTORE_TYPE))) + .build();
+
+ final Certificate cert = keyStore.getCertificate(
+ CollectionHelper.getMapAttr(options, \
OATH_KEYSTORE_KEYPAIR_ALIAS)); + final PublicKey publicKey = \
cert.getPublicKey(); + final PrivateKey privateKey = (PrivateKey) \
keyStore.getKey( + CollectionHelper.getMapAttr(options, \
OATH_KEYSTORE_KEYPAIR_ALIAS), + \
CollectionHelper.getMapAttr(options, \
OATH_KEYSTORE_PRIVATEKEY_PASSWORD).toCharArray()); +
+ return new KeyPair(publicKey, privateKey);
+ } catch (FileNotFoundException e) {
+ throw new IllegalArgumentException("Invalid keystore location \
specified", e); + } catch (KeyStoreException | UnrecoverableKeyException \
| NoSuchAlgorithmException e) { + \
debug.error("OathService.getEncryptionKeyPair(): Unable to load encryption key \
pair", e); + throw new IllegalStateException(e);
+ }
+ }
+
+ /**
+ * Returns the skippable attribute name for this service.
+ *
+ * @return The skippable attribute name.
+ */
+ public String getSkippableAttributeName() {
+ return CollectionHelper.getMapAttr(options, OATH_SKIPPABLE_ATTRIBUTE_NAME);
+ }
+
+ /**
+ * Sets the user's ability to skip an OATH module (or any module configured to \
look at the + * supplied attrName for its skippable value).
+ *
+ * @param id User's identity.
+ * @param userSkipOath Whether or not to skip.
+ * @throws IdRepoException If there were troubles talking to the IdRepo.
+ * @throws SSOException If there were issues setting values on the provided ID.
+ */
+ public void setUserSkipOath(AMIdentity id, boolean userSkipOath)
+ throws IdRepoException, SSOException {
+ final HashMap<String, Set<String>> attributesToWrite = new \
HashMap<>(); + attributesToWrite.put(getSkippableAttributeName(),
+ userSkipOath ?
+ Collections.singleton(String.valueOf(SKIPPABLE)) :
+ Collections.singleton(String.valueOf(NOT_SKIPPABLE)));
+ id.setAttributes(attributesToWrite);
+ id.store();
+ }
+
+ private enum SupportedOathEncryptionScheme {
+ NONE(null, null),
+ RSAES_AES256CBC_HS512(EncryptionMethod.A256CBC_HS512, \
JweAlgorithm.RSAES_PKCS1_V1_5), + \
RSAES_AES128CBC_HS256(EncryptionMethod.A128CBC_HS256, JweAlgorithm.RSAES_PKCS1_V1_5); \
+ + private final EncryptionMethod encryptionMethod;
+ private final JweAlgorithm jweAlgorithm;
+
+ SupportedOathEncryptionScheme(final EncryptionMethod encryptionMethod, final \
JweAlgorithm jweAlgorithm) { + this.encryptionMethod = encryptionMethod;
+ this.jweAlgorithm = jweAlgorithm;
+ }
+ }
</ins><span class="cx"> }
</span></span></pre></div>
<a id="branchesAME7692_noRestartsAuthopenamopenamrestsrcmainjavaorgforgerockopenamrestdevicesservicesOathServiceFactoryjava"></a>
<div class="modfile"><h4>Modified: \
branches/AME-7692_noRestartsAuth/openam/openam-rest/src/main/java/org/forgerock/openam/rest/devices/services/OathServiceFactory.java \
(14908 => 14909)</h4> <pre class="diff"><span>
<span class="info">--- \
branches/AME-7692_noRestartsAuth/openam/openam-rest/src/main/java/org/forgerock/openam/rest/devices/services/OathServiceFactory.java 2015-07-31 \
14:42:37 UTC (rev 14908)
+++ branches/AME-7692_noRestartsAuth/openam/openam-rest/src/main/java/org/forgerock/openam/rest/devices/services/OathServiceFactory.java 2015-07-31 \
15:38:51 UTC (rev 14909) </span><span class="lines">@@ -24,7 +24,7 @@
</span><span class="cx"> public class OathServiceFactory implements \
DeviceServiceFactory { </span><span class="cx">
</span><span class="cx"> @Override
</span><del>- public DeviceService create(String realm) throws SSOException, \
SMSException { </del><ins>+ public OathService create(String realm) throws \
SSOException, SMSException { </ins><span class="cx"> return new \
OathService(realm); </span><span class="cx"> }
</span><span class="cx"> }
</span></span></pre></div>
<a id="branchesAME7692_noRestartsAuthopenamopenamrestsrcmainjavaorgforgerockopenamrestdevicesservicesTrustedDeviceServicejava"></a>
<div class="modfile"><h4>Modified: \
branches/AME-7692_noRestartsAuth/openam/openam-rest/src/main/java/org/forgerock/openam/rest/devices/services/TrustedDeviceService.java \
(14908 => 14909)</h4> <pre class="diff"><span>
<span class="info">--- \
branches/AME-7692_noRestartsAuth/openam/openam-rest/src/main/java/org/forgerock/openam/rest/devices/services/TrustedDeviceService.java 2015-07-31 \
14:42:37 UTC (rev 14908)
+++ branches/AME-7692_noRestartsAuth/openam/openam-rest/src/main/java/org/forgerock/openam/rest/devices/services/TrustedDeviceService.java 2015-07-31 \
15:38:51 UTC (rev 14909) </span><span class="lines">@@ -15,6 +15,9 @@
</span><span class="cx"> */
</span><span class="cx"> package org.forgerock.openam.rest.devices.services;
</span><span class="cx">
</span><ins>+import org.forgerock.openam.rest.devices.DeviceSerialisation;
+import org.forgerock.openam.rest.devices.JsonDeviceSerialisation;
+
</ins><span class="cx"> /**
</span><span class="cx"> * Implementation of the Trusted Device (Device Print) \
Service. Provides all necessary configuration information </span><span class="cx"> * \
at a realm-wide level to Trusted Device (Device Print) authentication modules \
underneath it. </span><span class="lines">@@ -29,4 +32,9 @@
</span><span class="cx"> return "devicePrintProfiles";
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+ @Override
+ public DeviceSerialisation getDeviceSerialisationStrategy() {
+ return new JsonDeviceSerialisation();
+ }
+
</ins><span class="cx"> }
</span></span></pre></div>
<a id="branchesAME7692_noRestartsAuthopenamopenamrestsrcmainjavaorgforgerockopenamrestfluentAbstractAuditingResultHandlerjava"></a>
<div class="modfile"><h4>Modified: \
branches/AME-7692_noRestartsAuth/openam/openam-rest/src/main/java/org/forgerock/openam/rest/fluent/AbstractAuditingResultHandler.java \
(14908 => 14909)</h4> <pre class="diff"><span>
<span class="info">--- \
branches/AME-7692_noRestartsAuth/openam/openam-rest/src/main/java/org/forgerock/openam/rest/fluent/AbstractAuditingResultHandler.java 2015-07-31 \
14:42:37 UTC (rev 14908)
+++ branches/AME-7692_noRestartsAuth/openam/openam-rest/src/main/java/org/forgerock/openam/rest/fluent/AbstractAuditingResultHandler.java 2015-07-31 \
15:38:51 UTC (rev 14909) </span><span class="lines">@@ -165,6 +165,5 @@
</span><span class="cx"> private void \
addSessionDetailsFromSSOTokenContext(AMAccessAuditEventBuilder builder, ServerContext \
context) { </span><span class="cx"> SSOToken callerToken = \
getTokenFromContext(context, debug); </span><span class="cx"> \
builder.contextIdFromSSOToken(callerToken); </span><del>- \
builder.domainFromSSOToken(callerToken); </del><span class="cx"> }
</span><span class="cx"> }
</span><span class="cx">\ No newline at end of file
</span></span></pre></div>
<a id="branchesAME7692_noRestartsAuthopenamopenamrestsrcmainjavaorgforgerockopenamrestoauth2ResourceSetResourcejava"></a>
<div class="modfile"><h4>Modified: \
branches/AME-7692_noRestartsAuth/openam/openam-rest/src/main/java/org/forgerock/openam/rest/oauth2/ResourceSetResource.java \
(14908 => 14909)</h4> <pre class="diff"><span>
<span class="info">--- \
branches/AME-7692_noRestartsAuth/openam/openam-rest/src/main/java/org/forgerock/openam/rest/oauth2/ResourceSetResource.java 2015-07-31 \
14:42:37 UTC (rev 14908)
+++ branches/AME-7692_noRestartsAuth/openam/openam-rest/src/main/java/org/forgerock/openam/rest/oauth2/ResourceSetResource.java 2015-07-31 \
15:38:51 UTC (rev 14909) </span><span class="lines">@@ -16,16 +16,12 @@
</span><span class="cx">
</span><span class="cx"> package org.forgerock.openam.rest.oauth2;
</span><span class="cx">
</span><del>-import static org.forgerock.json.fluent.JsonValue.json;
-import static org.forgerock.json.fluent.JsonValue.object;
-
-import javax.inject.Inject;
</del><span class="cx"> import java.util.ArrayList;
</span><span class="cx"> import java.util.Collection;
</span><span class="cx"> import java.util.HashMap;
</span><span class="cx"> import java.util.List;
</span><span class="cx"> import java.util.Map;
</span><del>-
</del><ins>+import javax.inject.Inject;
</ins><span class="cx"> import org.forgerock.json.fluent.JsonPointer;
</span><span class="cx"> import org.forgerock.json.fluent.JsonValue;
</span><span class="cx"> import org.forgerock.json.resource.ActionRequest;
</span><span class="lines">@@ -47,12 +43,20 @@
</span><span class="cx"> import org.forgerock.json.resource.ResultHandler;
</span><span class="cx"> import org.forgerock.json.resource.ServerContext;
</span><span class="cx"> import org.forgerock.json.resource.UpdateRequest;
</span><ins>+import org.forgerock.oauth2.core.OAuth2Constants;
</ins><span class="cx"> import org.forgerock.oauth2.resources.ResourceSetDescription;
</span><span class="cx"> import \
org.forgerock.openam.cts.api.fields.ResourceSetTokenField; </span><span class="cx"> \
import org.forgerock.openam.forgerockrest.entitlements.query.QueryResultHandlerBuilder;
</span><span class="cx"> import org.forgerock.openam.rest.resource.ContextHelper;
</span><ins>+import org.forgerock.openam.oauth2.resources.labels.ResourceSetLabel;
+import org.forgerock.openam.oauth2.resources.labels.UmaLabelsStore;
+import org.forgerock.openam.uma.UmaConstants;
+import org.forgerock.openam.uma.UmaException;
</ins><span class="cx"> import org.forgerock.util.promise.ExceptionHandler;
</span><span class="cx">
</span><ins>+import static org.forgerock.json.fluent.JsonValue.json;
+import static org.forgerock.json.fluent.JsonValue.object;
+
</ins><span class="cx"> /**
</span><span class="cx"> * <p>Resource Set resource to expose registered \
Resource Sets for a given user.</p> </span><span class="cx"> *
</span><span class="lines">@@ -65,6 +69,7 @@
</span><span class="cx">
</span><span class="cx"> private final ResourceSetService resourceSetService;
</span><span class="cx"> private final ContextHelper contextHelper;
</span><ins>+ private final UmaLabelsStore umaLabelsStore;
</ins><span class="cx">
</span><span class="cx"> /**
</span><span class="cx"> * Constructs a new ResourceSetResource instance.
</span><span class="lines">@@ -73,9 +78,10 @@
</span><span class="cx"> * @param contextHelper An instance of the \
ContextHelper. </span><span class="cx"> */
</span><span class="cx"> @Inject
</span><del>- public ResourceSetResource(ResourceSetService resourceSetService, \
ContextHelper contextHelper) { </del><ins>+ public \
ResourceSetResource(ResourceSetService resourceSetService, ContextHelper \
contextHelper, UmaLabelsStore umaLabelsStore) { </ins><span class="cx"> \
this.resourceSetService = resourceSetService; </span><span class="cx"> \
this.contextHelper = contextHelper; </span><ins>+ this.umaLabelsStore = \
umaLabelsStore; </ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> /**
</span><span class="lines">@@ -164,7 +170,7 @@
</span><span class="cx"> query = new ResourceSetWithPolicyQuery();
</span><span class="cx"> \
query.setResourceSetQuery(org.forgerock.util.query.QueryFilter.<String>alwaysTrue());
</span><span class="cx"> } else if (request.getQueryFilter() != null) {
</span><del>- query = request.getQueryFilter().accept(new \
ResourceSetQueryFilter(), new ResourceSetWithPolicyQuery()); </del><ins>+ \
query = request.getQueryFilter().accept(new ResourceSetQueryFilter(context), new \
ResourceSetWithPolicyQuery()); </ins><span class="cx"> } else {
</span><span class="cx"> handler.handleError(new \
BadRequestException("Invalid query")); </span><span class="cx"> \
return; </span><span class="lines">@@ -226,16 +232,18 @@
</span><span class="cx"> return new JsonValue(content);
</span><span class="cx"> }
</span><span class="cx">
</span><del>- private static final class ResourceSetQueryFilter
</del><ins>+ private final class ResourceSetQueryFilter
</ins><span class="cx"> implements \
QueryFilterVisitor<ResourceSetWithPolicyQuery, ResourceSetWithPolicyQuery> { \
</span><span class="cx"> </span><span class="cx"> private final \
Map<JsonPointer, String> queryableFields = new HashMap<JsonPointer, \
String>(); </span><ins>+ private final ServerContext context;
</ins><span class="cx"> private int queryDepth = 0;
</span><span class="cx">
</span><del>- private ResourceSetQueryFilter() {
</del><ins>+ private ResourceSetQueryFilter(ServerContext context) {
+ this.context = context;
</ins><span class="cx"> queryableFields.put(new \
JsonPointer("/name"), ResourceSetTokenField.NAME); </span><span class="cx"> \
queryableFields.put(new JsonPointer("/resourceServer"), \
ResourceSetTokenField.CLIENT_ID); </span><del>- queryableFields.put(new \
JsonPointer("/resourceOwnerId"), "resourceOwnerId"); </del><ins>+ \
queryableFields.put(new JsonPointer("/resourceOwnerId"), \
ResourceSetTokenField.RESOURCE_OWNER_ID); </ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> private void increaseQueryDepth() {
</span><span class="lines">@@ -291,6 +299,18 @@
</span><span class="cx"> throw new \
UnsupportedOperationException("Cannot nest queries on \
/policy/permissions/subject field"); </span><span class="cx"> }
</span><span class="cx"> \
query.setPolicyQuery(QueryFilter.equalTo("/permissions/subject", \
valueAssertion)); </span><ins>+ } else if (new \
JsonPointer("/labels").equals(field)) { + ResourceSetLabel \
label = null; + try {
+ label = umaLabelsStore.read(getRealm(context), \
getResourceOwnerId(context), (String) valueAssertion); + } catch \
(ResourceException e) { + throw new \
IllegalArgumentException("Unknown Label ID."); + }
+ List<org.forgerock.util.query.QueryFilter<String>> \
labelFilters = new ArrayList<>(); + for (String resourceSetId : \
label.getResourceSetIds()) { + \
labelFilters.add(org.forgerock.util.query.QueryFilter.equalTo( \
ResourceSetTokenField.RESOURCE_SET_ID, resourceSetId)); + }
+ query.setResourceSetQuery(org.forgerock.util.query.QueryFilter.or(labelFilters));
</ins><span class="cx"> } else {
</span><span class="cx"> query.setResourceSetQuery(
</span><span class="cx"> \
org.forgerock.util.query.QueryFilter.equalTo(verifyFieldIsQueryable(field), \
valueAssertion)); </span></span></pre></div>
<a id="branchesAME7692_noRestartsAuthopenamopenamrestsrcmainjavaorgforgerockopenamrestoauth2ResourceSetServicejava"></a>
<div class="modfile"><h4>Modified: \
branches/AME-7692_noRestartsAuth/openam/openam-rest/src/main/java/org/forgerock/openam/rest/oauth2/ResourceSetService.java \
(14908 => 14909)</h4> <pre class="diff"><span>
<span class="info">--- \
branches/AME-7692_noRestartsAuth/openam/openam-rest/src/main/java/org/forgerock/openam/rest/oauth2/ResourceSetService.java 2015-07-31 \
14:42:37 UTC (rev 14908)
+++ branches/AME-7692_noRestartsAuth/openam/openam-rest/src/main/java/org/forgerock/openam/rest/oauth2/ResourceSetService.java 2015-07-31 \
15:38:51 UTC (rev 14909) </span><span class="lines">@@ -179,10 +179,14 @@
</span><span class="cx"> \
Set<ResourceSetDescription> results = new HashSet<>(); </span><span \
class="cx"> </span><span class="cx"> for \
(ResourceSetDescription resourceSetDescription : resourceSetDescriptions) { \
</span><del>- if \
(fieldName.equals("resourceOwnerId")) { </del><ins>+ \
if (fieldName.equals(ResourceSetTokenField.RESOURCE_OWNER_ID)) { </ins><span \
class="cx"> if \
(resourceSetDescription.getResourceOwnerId().equals(value)) { </span><span \
class="cx"> \
results.add(resourceSetDescription); </span><span class="cx"> \
} </span><ins>+ } else if \
(fieldName.equals(ResourceSetTokenField.RESOURCE_SET_ID)) { + \
if (resourceSetDescription.getId().equals(value)) { + \
results.add(resourceSetDescription); + }
</ins><span class="cx"> }
</span><span class="cx"> }
</span><span class="cx">
</span></span></pre></div>
<a id="branchesAME7692_noRestartsAuthopenamopenamrestsrcmainjavaorgforgerockopenamrestsmsSmsRealmProviderjava"></a>
<div class="modfile"><h4>Modified: \
branches/AME-7692_noRestartsAuth/openam/openam-rest/src/main/java/org/forgerock/openam/rest/sms/SmsRealmProvider.java \
(14908 => 14909)</h4> <pre class="diff"><span>
<span class="info">--- \
branches/AME-7692_noRestartsAuth/openam/openam-rest/src/main/java/org/forgerock/openam/rest/sms/SmsRealmProvider.java 2015-07-31 \
14:42:37 UTC (rev 14908)
+++ branches/AME-7692_noRestartsAuth/openam/openam-rest/src/main/java/org/forgerock/openam/rest/sms/SmsRealmProvider.java 2015-07-31 \
15:38:51 UTC (rev 14909) </span><span class="lines">@@ -69,7 +69,7 @@
</span><span class="cx"> private static final String ACTIVE_ATTRIBUTE_NAME = \
"active"; </span><span class="cx"> private static final String \
ALIASES_ATTRIBUTE_NAME = "aliases"; </span><span class="cx"> private \
static final String REALM_NAME_ATTRIBUTE_NAME = "name"; </span><del>- \
private static final String PATH_ATTRIBUTE_NAME = "path"; </del><ins>+ \
private static final String PATH_ATTRIBUTE_NAME = "parentPath"; </ins><span \
class="cx"> private static final String PARENT_I18N_KEY = "a109"; \
</span><span class="cx"> private static final String ACTIVE_I18N_KEY = \
"a108"; </span><span class="cx"> public static final String \
ROOT_SERVICE = ""; </span><span class="lines">@@ -174,7 +174,7 @@
</span><span class="cx"> public void handleCreate(ServerContext serverContext, \
CreateRequest createRequest, ResultHandler<Resource> resultHandler) { \
</span><span class="cx"> </span><span class="cx"> final JsonValue \
jsonContent = createRequest.getContent(); </span><del>- String realmName = \
jsonContent.get(REALM_NAME_ATTRIBUTE_NAME).asString(); </del><ins>+ final \
String realmName = jsonContent.get(REALM_NAME_ATTRIBUTE_NAME).asString(); </ins><span \
class="cx"> </span><span class="cx"> try {
</span><span class="cx"> if (StringUtils.isBlank(realmName)) {
</span><span class="lines">@@ -185,40 +185,44 @@
</span><span class="cx"> throw new BadRequestException("Realm \
names cannot contain '/'"); </span><span class="cx"> }
</span><span class="cx">
</span><del>- realmName = "/" + realmName;
-
</del><span class="cx"> RealmContext realmContext = \
serverContext.asContext(RealmContext.class); </span><del>- String \
realmPath = realmContext.getResolvedRealm();
- if (!realmPath.endsWith("/")) {
- realmPath = realmPath + "/";
- }
</del><ins>+ StringBuilder realmPath = new \
StringBuilder(realmContext.getResolvedRealm()); </ins><span class="cx">
</span><span class="cx"> String location = jsonContent.get(new \
JsonPointer(PATH_ATTRIBUTE_NAME)).asString(); </span><span class="cx">
</span><del>- if (!location.equals("/")) {
- realmPath = realmPath + location;
</del><ins>+ if (realmPath.length() > 1) {
+ if (realmPath.charAt(realmPath.length() - 1) != '/' && \
!location.startsWith("/")) { + realmPath.append('/');
+ }
+
+ realmPath.append(location);
+ } else {
+ realmPath = new StringBuilder(location);
</ins><span class="cx"> }
</span><span class="cx">
</span><del>- if (!realmPath.equalsIgnoreCase("/")) {
- realmName = realmPath + realmName;
</del><ins>+ if (realmPath.charAt(realmPath.length() - 1) != '/') {
+ realmPath.append('/');
</ins><span class="cx"> }
</span><span class="cx">
</span><del>- String parentRealm = RealmUtils.getParentRealm(realmName);
- String childRealm = RealmUtils.getChildRealm(realmName);
</del><ins>+ realmPath.append(realmName);
+ String path = realmPath.toString();
</ins><span class="cx">
</span><ins>+ String parentRealm = RealmUtils.getParentRealm(path);
+ String childRealm = RealmUtils.getChildRealm(path);
+
</ins><span class="cx"> OrganizationConfigManager realmManager = new \
OrganizationConfigManager(getUserSsoToken(serverContext), parentRealm); </span><span \
class="cx"> </span><del>- Map<String, Map<String, Set>> \
serviceAttributes = new HashMap(); </del><ins>+ Map<String, \
Map<String, Set>> serviceAttributes = new HashMap<>(); </ins><span \
class="cx"> serviceAttributes.put(IdConstants.REPO_SERVICE, \
getAttributeMap(jsonContent)); </span><span class="cx"> \
realmManager.createSubOrganization(childRealm, serviceAttributes); </span><span \
class="cx"> </span><span class="cx"> if (debug.messageEnabled()) {
</span><del>- debug.message("RealmResource.createInstance :: \
CREATE of realm " +
- childRealm + " in realm " + parentRealm + " \
performed by {}", \
PrincipalRestUtils.getPrincipalNameFromServerContext(serverContext)); </del><ins>+ \
debug.message("RealmResource.createInstance :: CREATE of realm {} in realm {} \
performed by {}", + childRealm, parentRealm, \
PrincipalRestUtils.getPrincipalNameFromServerContext(serverContext)); </ins><span \
class="cx"> } </span><span class="cx">
</span><del>- JsonValue jsonValue = getJsonValue(realmPath);
- resultHandler.handleResult(new Resource(childRealm, \
String.valueOf(jsonValue.hashCode()), jsonValue)); </del><ins>+ JsonValue \
jsonValue = getJsonValue(path, parentRealm); + \
resultHandler.handleResult(getResource(jsonValue)); </ins><span class="cx"> } \
catch (SMSException e) { </span><span class="cx"> \
handleError(resultHandler, e); </span><span class="cx"> } catch (SSOException \
sso) { </span><span class="lines">@@ -264,19 +268,19 @@
</span><span class="cx">
</span><span class="cx"> try {
</span><span class="cx"> OrganizationConfigManager realmManager = new \
OrganizationConfigManager(getSSOToken(), realmPath); </span><ins>+ final \
Resource resource = getResource(getJsonValue(realmPath)); </ins><span class="cx"> \
realmManager.deleteSubOrganization(null, false); </span><span class="cx"> \
String principalName = \
PrincipalRestUtils.getPrincipalNameFromServerContext(serverContext); </span><span \
class="cx"> debug.message("RealmResource.deleteInstance :: DELETE of \
realm " + realmPath + " performed by " + principalName); </span><del>- \
resultHandler.handleResult(new Resource(realmPath, "0", \
json(
- object(field("success", "true")))));
</del><ins>+ resultHandler.handleResult(resource);
</ins><span class="cx"> } catch (SMSException smse) {
</span><span class="cx"> try {
</span><span class="cx"> configureErrorMessage(smse);
</span><span class="cx"> } catch (NotFoundException nf) {
</span><del>- debug.error("RealmResource.deleteInstance() : \
Cannot find " + realmPath + ":" + smse); </del><ins>+ \
debug.warning("RealmResource.deleteInstance() : Cannot find {}", realmPath, \
smse); </ins><span class="cx"> resultHandler.handleError(nf);
</span><span class="cx"> } catch (ForbiddenException | PermanentException \
| ConflictException | BadRequestException e) { </span><del>- \
debug.error("RealmResource.deleteInstance() : Cannot DELETE " + realmPath + \
":" + smse); </del><ins>+ \
debug.warning("RealmResource.deleteInstance() : Cannot DELETE {}", \
realmPath, smse); </ins><span class="cx"> \
resultHandler.handleError(e); </span><span class="cx"> } catch (Exception \
e) { </span><span class="cx"> resultHandler.handleError(new \
BadRequestException(e.getMessage(), e)); </span><span class="lines">@@ -311,7 +315,7 \
@@ </span><span class="cx"> final OrganizationConfigManager ocm = new \
OrganizationConfigManager(getUserSsoToken(context), realmPath); </span><span \
class="cx"> </span><span class="cx"> //Return realm query is being \
performed on </span><del>- handler.handleResource(new Resource(realmPath, \
"0", getJsonValue(realmPath))); </del><ins>+ \
handler.handleResource(getResource(getJsonValue(realmPath))); </ins><span class="cx"> \
</span><span class="cx"> for (final Object subRealmRelativePath : \
ocm.getSubOrganizationNames("*", true)) { </span><span class="cx"> \
String realmName; </span><span class="lines">@@ -320,9 +324,9 @@
</span><span class="cx"> } else {
</span><span class="cx"> realmName = realmPath + "/" + \
subRealmRelativePath; </span><span class="cx"> }
</span><del>- handler.handleResource(new Resource(realmName, \
"0", getJsonValue(realmName))); </del><ins>+ \
handler.handleResource(getResource(getJsonValue(realmName))); </ins><span class="cx"> \
} </span><del>- debug.message("RealmResource :: QUERY : performed by \
" + principalName); </del><ins>+ debug.message("RealmResource :: \
QUERY : performed by {}", principalName); </ins><span class="cx"> \
handler.handleResult(new QueryResult()); </span><span class="cx"> } catch \
(SSOException ex) { </span><span class="cx"> \
debug.error("RealmResource :: QUERY by " + principalName + " failed : \
" + ex); </span><span class="lines">@@ -353,16 +357,15 @@
</span><span class="cx"> \
debug.message("RealmResource.readInstance :: READ : Successfully read realm, \
" + </span><span class="cx"> realmPath + " \
performed by " + PrincipalRestUtils.getPrincipalNameFromServerContext(context)); \
</span><span class="cx"> } </span><del>- \
resultHandler.handleResult(new Resource(realmPath, \
String.valueOf(System.currentTimeMillis()), jsonResponse)); </del><ins>+ \
resultHandler.handleResult(getResource(jsonResponse)); </ins><span class="cx"> \
} catch (SMSException smse) { </span><del>- \
debug.error("RealmResource.readInstance() : Cannot READ " + realmPath, \
smse); </del><span class="cx"> try {
</span><span class="cx"> configureErrorMessage(smse);
</span><span class="cx"> } catch (NotFoundException nf) {
</span><del>- debug.error("RealmResource.deleteInstance() : \
Cannot find " + realmPath + ":" + smse); </del><ins>+ \
debug.warning("RealmResource.readInstance() : Cannot find {}", realmPath, \
smse); </ins><span class="cx"> resultHandler.handleError(nf);
</span><span class="cx"> } catch (ForbiddenException | PermanentException \
| ConflictException | BadRequestException e) { </span><del>- \
debug.error("RealmResource.deleteInstance() : Cannot DELETE " + realmPath + \
":" + smse); </del><ins>+ \
debug.warning("RealmResource.readInstance() : Cannot READ {}", realmPath, \
smse); </ins><span class="cx"> resultHandler.handleError(e);
</span><span class="cx"> }
</span><span class="cx"> } catch (Exception e) {
</span><span class="lines">@@ -373,13 +376,37 @@
</span><span class="cx"> private JsonValue getJsonValue(String realmPath) throws \
SMSException { </span><span class="cx"> OrganizationConfigManager \
realmManager = new OrganizationConfigManager(getSSOToken(), realmPath); </span><span \
class="cx"> String realmName = getRealmName(realmManager); </span><ins>+ \
int pathLastSlash = realmPath.lastIndexOf('/'); + String parentPath = null;
+ if (!realmName.equals("/") && pathLastSlash == 0) {
+ parentPath = "/";
+ } else if (!realmName.equals("/")) {
+ parentPath = realmPath.substring(0, pathLastSlash);
+ }
+ return getJsonValue(realmManager, realmName, parentPath);
+ }
+
+ private JsonValue getJsonValue(String realmPath, String parentPath)
+ throws SMSException {
+ OrganizationConfigManager realmManager = new \
OrganizationConfigManager(getSSOToken(), realmPath); + String realmName = \
getRealmName(realmManager); + return getJsonValue(realmManager, realmName, \
parentPath); + }
+
+ private JsonValue getJsonValue(OrganizationConfigManager realmManager, String \
realmName, String parentPath) + throws SMSException {
</ins><span class="cx"> return json(object(
</span><del>- field(PATH_ATTRIBUTE_NAME, realmPath),
</del><ins>+ field(PATH_ATTRIBUTE_NAME, parentPath),
</ins><span class="cx"> field(ACTIVE_ATTRIBUTE_NAME, \
isActive(realmManager)), </span><span class="cx"> \
field(REALM_NAME_ATTRIBUTE_NAME, realmName), </span><span class="cx"> \
field(ALIASES_ATTRIBUTE_NAME, getAliases(realmManager)))); </span><span class="cx"> \
} </span><span class="cx">
</span><ins>+ private Resource getResource(JsonValue jsonValue) {
+ return new Resource(jsonValue.get(REALM_NAME_ATTRIBUTE_NAME).asString(),
+ String.valueOf(jsonValue.getObject().hashCode()), jsonValue);
+ }
+
</ins><span class="cx"> private String getRealmName(OrganizationConfigManager \
realmManager) { </span><span class="cx"> String realmName = \
realmManager.getOrganizationName(); </span><span class="cx">
</span><span class="lines">@@ -397,7 +424,7 @@
</span><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> private Set<String> \
getAliases(OrganizationConfigManager realmManager) throws SMSException { \
</span><del>- Set<String> result = (Set) \
realmManager.getAttributes(ROOT_SERVICE).get("sunidentityrepositoryservice-sunOrganizationAliases");
</del><ins>+ Set<String> result = (Set<String>) \
realmManager.getAttributes(ROOT_SERVICE).get("sunidentityrepositoryservice-sunOrganizationAliases");
</ins><span class="cx">
</span><span class="cx"> return result == null ? (Set) Collections.emptySet() \
: result; </span><span class="cx"> }
</span><span class="lines">@@ -422,12 +449,15 @@
</span><span class="cx"> OrganizationConfigManager realmManager = new \
OrganizationConfigManager(getSSOToken(), realmPath); </span><span class="cx"> \
realmManager.setAttributes(IdConstants.REPO_SERVICE, getAttributeMap(realmDetails)); \
</span><span class="cx"> </span><del>- assignServices(realmManager, \
realmDetails.get(SERVICE_NAMES).asList()); </del><ins>+ final \
List<Object> newServiceNames = realmDetails.get(SERVICE_NAMES).asList(); + \
if (newServiceNames != null) { + assignServices(realmManager, \
newServiceNames); + }
</ins><span class="cx">
</span><span class="cx"> debug.message("RealmResource.updateInstance \
:: UPDATE of realm " + realmPath + " performed by " + </span><span \
class="cx"> \
PrincipalRestUtils.getPrincipalNameFromServerContext(context)); </span><span \
class="cx"> </span><del>- handler.handleResult(new Resource(realmPath, \
String.valueOf(System.currentTimeMillis()), \
json(object(field("realmUpdated", realmManager.getOrganizationName()))))); \
</del><ins>+ handler.handleResult(getResource(getJsonValue(realmPath))); \
</ins><span class="cx"> } catch (SMSException e) { </span><span class="cx"> \
debug.error("RealmResource.updateInstance() : Cannot UPDATE " + realmPath, \
e); </span><span class="cx"> handleError(handler, e);
</span></span></pre></div>
<a id="branchesAME7692_noRestartsAuthopenamopenamrestsrcmainjavaorgforgerockopenamrestumaPendingRequestResourcejava"></a>
<div class="modfile"><h4>Modified: \
branches/AME-7692_noRestartsAuth/openam/openam-rest/src/main/java/org/forgerock/openam/rest/uma/PendingRequestResource.java \
(14908 => 14909)</h4> <pre class="diff"><span>
<span class="info">--- \
branches/AME-7692_noRestartsAuth/openam/openam-rest/src/main/java/org/forgerock/openam/rest/uma/PendingRequestResource.java 2015-07-31 \
14:42:37 UTC (rev 14908)
+++ branches/AME-7692_noRestartsAuth/openam/openam-rest/src/main/java/org/forgerock/openam/rest/uma/PendingRequestResource.java 2015-07-31 \
15:38:51 UTC (rev 14909) </span><span class="lines">@@ -43,8 +43,8 @@
</span><span class="cx"> import org.forgerock.json.resource.UpdateRequest;
</span><span class="cx"> import \
org.forgerock.openam.forgerockrest.entitlements.query.QueryResultHandlerBuilder; \
</span><span class="cx"> import \
org.forgerock.openam.forgerockrest.utils.JsonValueQueryFilterVisitor; \
</span><ins>+import org.forgerock.openam.forgerockrest.utils.ServerContextUtils; \
</ins><span class="cx"> import org.forgerock.openam.rest.resource.ContextHelper; \
</span><del>-import org.forgerock.openam.rest.resource.RealmContext; </del><span \
class="cx"> import org.forgerock.openam.sm.datalayer.impl.uma.UmaPendingRequest; \
</span><span class="cx"> import org.forgerock.openam.uma.PendingRequestsService; \
</span><span class="cx"> import org.forgerock.util.promise.ExceptionHandler; \
</span><span class="lines">@@ -80,12 +80,12 @@ </span><span class="cx"> \
JsonValue content = request.getContent(); </span><span class="cx"> \
for (UmaPendingRequest pendingRequest : queryResourceOwnerPendingRequests(context)) { \
</span><span class="cx"> \
promises.add(service.approvePendingRequest(context, pendingRequest.getId(), \
</span><del>- content.get(pendingRequest.getId()), \
getRealm(context))); </del><ins>+ \
content.get(pendingRequest.getId()), ServerContextUtils.getRealm(context))); \
</ins><span class="cx"> } </span><span class="cx"> \
handlePendingRequestApproval(promises, handler); </span><span class="cx"> \
} else if (DENY_ACTION_ID.equalsIgnoreCase(request.getAction())) { </span><span \
class="cx"> for (UmaPendingRequest pendingRequest : \
queryResourceOwnerPendingRequests(context)) { </span><del>- \
service.denyPendingRequest(pendingRequest.getId(), getRealm(context)); </del><ins>+ \
service.denyPendingRequest(pendingRequest.getId(), \
ServerContextUtils.getRealm(context)); </ins><span class="cx"> }
</span><span class="cx"> handler.handleResult(json(object()));
</span><span class="cx"> } else {
</span><span class="lines">@@ -103,9 +103,9 @@
</span><span class="cx"> try {
</span><span class="cx"> if \
(APPROVE_ACTION_ID.equalsIgnoreCase(request.getAction())) { </span><span class="cx"> \
handlePendingRequestApproval(service.approvePendingRequest(context, resourceId, \
request.getContent(), </span><del>- \
getRealm(context)), handler); </del><ins>+ \
ServerContextUtils.getRealm(context)), handler); </ins><span class="cx"> \
} else if (DENY_ACTION_ID.equalsIgnoreCase(request.getAction())) { </span><del>- \
service.denyPendingRequest(resourceId, getRealm(context)); </del><ins>+ \
service.denyPendingRequest(resourceId, ServerContextUtils.getRealm(context)); \
</ins><span class="cx"> handler.handleResult(json(object())); \
</span><span class="cx"> } else { </span><span class="cx"> \
handler.handleError(new NotSupportedException("Action, " + \
request.getAction() + ", is not supported.")); </span><span \
class="lines">@@ -169,17 +169,13 @@ </span><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> private Set<UmaPendingRequest> \
queryResourceOwnerPendingRequests(ServerContext context) throws ResourceException { \
</span><del>- return \
service.queryPendingRequests(contextHelper.getUserId(context), getRealm(context)); \
</del><ins>+ return \
service.queryPendingRequests(contextHelper.getUserId(context), \
ServerContextUtils.getRealm(context)); </ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> private Resource newResource(UmaPendingRequest request) \
{ </span><span class="cx"> return new Resource(request.getId(), \
String.valueOf(request.hashCode()), request.asJson()); </span><span class="cx"> }
</span><span class="cx">
</span><del>- private String getRealm(ServerContext context) {
- return context.asContext(RealmContext.class).getResolvedRealm();
- }
-
</del><span class="cx"> @Override
</span><span class="cx"> public void createInstance(ServerContext context, \
CreateRequest request, ResultHandler<Resource> handler) { </span><span \
class="cx"> handler.handleError(new NotSupportedException()); \
</span></span></pre></div> <a \
id="branchesAME7692_noRestartsAuthopenamopenamrestsrcmainjavaorgforgerockopenamrestuma \
UmaEnabledFilterjavafromrev14908trunkopenamopenamrestsrcmainjavaorgforgerockopenamrestumaUmaEnabledFilterjava"></a>
<div class="copfile"><h4>Copied: \
branches/AME-7692_noRestartsAuth/openam/openam-rest/src/main/java/org/forgerock/openam/rest/uma/UmaEnabledFilter.java \
(from rev 14908, trunk/openam/openam-rest/src/main/java/org/forgerock/openam/rest/uma/UmaEnabledFilter.java) \
(0 => 14909)</h4> <pre class="diff"><span>
<span class="info">--- \
branches/AME-7692_noRestartsAuth/openam/openam-rest/src/main/java/org/forgerock/openam/rest/uma/UmaEnabledFilter.java \
(rev 0)
+++ branches/AME-7692_noRestartsAuth/openam/openam-rest/src/main/java/org/forgerock/openam/rest/uma/UmaEnabledFilter.java 2015-07-31 \
15:38:51 UTC (rev 14909) </span><span class="lines">@@ -0,0 +1,115 @@
</span><ins>+/*
+ * The contents of this file are subject to the terms of the Common Development and
+ * Distribution License (the License). You may not use this file except in \
compliance with the + * License.
+ *
+ * You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for \
the + * specific language governing permission and limitations under the License.
+ *
+ * When distributing Covered Software, include this CDDL Header Notice in each file \
and include + * the License file at legal/CDDLv1.0.txt. If applicable, add the \
following below the CDDL + * Header, with the fields enclosed by brackets [] replaced \
by your own identifying + * information: "Portions copyright [year] [name of \
copyright owner]". + *
+ * Copyright 2015 ForgeRock AS.
+ */
+
+package org.forgerock.openam.rest.uma;
+
+import javax.inject.Inject;
+
+import org.forgerock.json.fluent.JsonValue;
+import org.forgerock.json.resource.ActionRequest;
+import org.forgerock.json.resource.CreateRequest;
+import org.forgerock.json.resource.DeleteRequest;
+import org.forgerock.json.resource.Filter;
+import org.forgerock.json.resource.NotSupportedException;
+import org.forgerock.json.resource.PatchRequest;
+import org.forgerock.json.resource.QueryRequest;
+import org.forgerock.json.resource.QueryResultHandler;
+import org.forgerock.json.resource.ReadRequest;
+import org.forgerock.json.resource.RequestHandler;
+import org.forgerock.json.resource.Resource;
+import org.forgerock.json.resource.ResultHandler;
+import org.forgerock.json.resource.ServerContext;
+import org.forgerock.json.resource.UpdateRequest;
+import org.forgerock.oauth2.core.exceptions.NotFoundException;
+import org.forgerock.openam.forgerockrest.utils.RequestHolder;
+import org.forgerock.openam.forgerockrest.utils.ServerContextUtils;
+import org.forgerock.openam.uma.UmaProviderSettings;
+import org.forgerock.openam.uma.UmaProviderSettingsFactory;
+
+/**
+ * Checks that an UMA Provider has been configured for the current realm, and \
returns not supported if + * it is not.
+ */
+public class UmaEnabledFilter implements Filter {
+
+ private final UmaProviderSettingsFactory umaProviderSettingsFactory;
+
+ @Inject
+ public UmaEnabledFilter(UmaProviderSettingsFactory umaProviderSettingsFactory) {
+ this.umaProviderSettingsFactory = umaProviderSettingsFactory;
+ }
+
+ private boolean enabled(ServerContext serverContext, ResultHandler<?> \
resultHandler) { + try {
+ final String realm = ServerContextUtils.getRealm(serverContext);
+ UmaProviderSettings settings = \
umaProviderSettingsFactory.get(RequestHolder.get(), realm); + if \
(settings.isEnabled()) { + return true;
+ }
+ } catch (NotFoundException e) { }
+ resultHandler.handleError(new NotSupportedException("UMA is not \
currently supported in this realm")); + return false;
+ }
+
+ @Override
+ public void filterAction(ServerContext serverContext, ActionRequest request, \
ResultHandler<JsonValue> resultHandler, RequestHandler requestHandler) { + \
if (enabled(serverContext, resultHandler)) { + \
requestHandler.handleAction(serverContext, request, resultHandler); + }
+ }
+
+ @Override
+ public void filterCreate(ServerContext serverContext, CreateRequest request, \
ResultHandler<Resource> resultHandler, RequestHandler requestHandler) { + \
if (enabled(serverContext, resultHandler)) { + \
requestHandler.handleCreate(serverContext, request, resultHandler); + }
+ }
+
+ @Override
+ public void filterDelete(ServerContext serverContext, DeleteRequest request, \
ResultHandler<Resource> resultHandler, RequestHandler requestHandler) { + \
if (enabled(serverContext, resultHandler)) { + \
requestHandler.handleDelete(serverContext, request, resultHandler); + }
+ }
+
+ @Override
+ public void filterPatch(ServerContext serverContext, PatchRequest request, \
ResultHandler<Resource> resultHandler, RequestHandler requestHandler) { + \
if (enabled(serverContext, resultHandler)) { + \
requestHandler.handlePatch(serverContext, request, resultHandler); + }
+ }
+
+ @Override
+ public void filterQuery(ServerContext serverContext, QueryRequest request, \
QueryResultHandler queryResultHandler, RequestHandler requestHandler) { + if \
(enabled(serverContext, queryResultHandler)) { + \
requestHandler.handleQuery(serverContext, request, queryResultHandler); + }
+ }
+
+ @Override
+ public void filterRead(ServerContext serverContext, ReadRequest request, \
ResultHandler<Resource> resultHandler, RequestHandler requestHandler) { + \
if (enabled(serverContext, resultHandler)) { + \
requestHandler.handleRead(serverContext, request, resultHandler); + }
+ }
+
+ @Override
+ public void filterUpdate(ServerContext serverContext, UpdateRequest request, \
ResultHandler<Resource> resultHandler, RequestHandler requestHandler) { + \
if (enabled(serverContext, resultHandler)) { + \
requestHandler.handleUpdate(serverContext, request, resultHandler); + }
+ }
+}
</ins></span></pre></div>
<a id="branchesAME7692_noRestartsAuthopenamopenamrestsrcmainresourcesOATHxml"></a>
<div class="modfile"><h4>Modified: \
branches/AME-7692_noRestartsAuth/openam/openam-rest/src/main/resources/OATH.xml \
(14908 => 14909)</h4> <pre class="diff"><span>
<span class="info">--- \
branches/AME-7692_noRestartsAuth/openam/openam-rest/src/main/resources/OATH.xml 2015-07-31 \
14:42:37 UTC (rev 14908)
+++ branches/AME-7692_noRestartsAuth/openam/openam-rest/src/main/resources/OATH.xml 2015-07-31 \
15:38:51 UTC (rev 14909) </span><span class="lines">@@ -40,6 +40,79 @@
</span><span class="cx"> </DefaultValues>
</span><span class="cx"> </AttributeSchema>
</span><span class="cx">
</span><ins>+ <AttributeSchema \
name="iplanet-am-auth-oath-skippable-name" + \
type="single" + syntax="string"
+ i18nKey="a107"
+ resourceName="oathSkippableName">
+ <DefaultValues>
+ <Value>oath2faEnabled</Value>
+ </DefaultValues>
+ </AttributeSchema>
+
+ <AttributeSchema \
name="openam-auth-oath-device-settings-encryption-scheme" + \
type="single_choice" + i18nKey="a101"
+ resourceName="oathDeviceSettingsEncryptionScheme">
+ <ChoiceValues>
+ <ChoiceValue \
i18nKey="RSAES_AES256CBC_HS512">RSAES_AES256CBC_HS512</ChoiceValue>
+ <ChoiceValue \
i18nKey="RSAES_AES128CBC_HS256">RSAES_AES128CBC_HS256</ChoiceValue>
+ <ChoiceValue \
i18nKey="None">NONE</ChoiceValue> + \
</ChoiceValues> + <DefaultValues>
+ <Value>NONE</Value>
+ </DefaultValues>
+ </AttributeSchema>
+
+ <AttributeSchema \
name="openam-auth-oath-device-settings-encryption-keystore" + \
type="single" + syntax="string"
+ i18nKey="a102"
+ \
resourceName="oathDeviceSettingsEncryptionKeystore"> + \
<DefaultValues> + \
<Value>@BASE_DIR@/@SERVER_URI@/keystore.jks</Value> + \
</DefaultValues> + </AttributeSchema>
+
+ <AttributeSchema \
name="openam-auth-oath-device-settings-encryption-keystore-type" + \
type="single_choice" + i18nKey="a103"
+ \
resourceName="oathDeviceSettingsEncryptionKeystoreType"> + \
<ChoiceValues> + <ChoiceValue \
i18nKey="JKS">JKS</ChoiceValue> + \
<ChoiceValue i18nKey="JCEKS">JCEKS</ChoiceValue> + \
<ChoiceValue i18nKey="PKCS11">PKCS11</ChoiceValue> + \
<ChoiceValue i18nKey="PKCS12">PKCS12</ChoiceValue> + \
</ChoiceValues> + <DefaultValues>
+ <Value>JKS</Value>
+ </DefaultValues>
+ </AttributeSchema>
+
+ <AttributeSchema \
name="openam-auth-oath-device-settings-encryption-keystore-password" + \
type="single" + syntax="password"
+ i18nKey="a104"
+ \
resourceName="oathDeviceSettingsEncryptionKeystorePassword"> + \
<DefaultValues> + <Value>changeit</Value>
+ </DefaultValues>
+ </AttributeSchema>
+
+ <AttributeSchema \
name="openam-auth-oath-device-settings-encryption-keypair-alias" + \
type="single" + syntax="string"
+ i18nKey="a105"
+ \
resourceName="oathDeviceSettingsEncryptionKeystoreKeyPairAlias"> + \
</AttributeSchema> +
+ <AttributeSchema \
name="openam-auth-oath-device-settings-encryption-privatekey-password" + \
type="single" + syntax="password"
+ i18nKey="a106"
+ \
resourceName="oathDeviceSettingsEncryptionKeystorePrivateKeyPassword"> + \
</AttributeSchema> +
</ins><span class="cx"> </Organization>
</span><span class="cx"> </Schema>
</span><span class="cx"> </Service>
</span></span></pre></div>
<a id="branchesAME7692_noRestartsAuthopenamopenamrestsrcmainresourcesOATHServiceproperties"></a>
<div class="modfile"><h4>Modified: \
branches/AME-7692_noRestartsAuth/openam/openam-rest/src/main/resources/OATHService.properties \
(14908 => 14909)</h4> <pre class="diff"><span>
<span class="info">--- \
branches/AME-7692_noRestartsAuth/openam/openam-rest/src/main/resources/OATHService.properties 2015-07-31 \
14:42:37 UTC (rev 14908)
+++ branches/AME-7692_noRestartsAuth/openam/openam-rest/src/main/resources/OATHService.properties 2015-07-31 \
15:38:51 UTC (rev 14909) </span><span class="lines">@@ -28,4 +28,33 @@
</span><span class="cx"> a100.help.txt=A specific field has been generated by OpenAM \
to handle these profiles, and in most cases the default \ </span><span class="cx"> \
value will work without further configuration. However, administrators are free to \
alter this. The new attribute \ </span><span class="cx"> must be able to handle \
Strings and be stored directly on the user's profile. LDAP User Attributes \
(accessible in the \ </span><del>- Realm -> Data Stores tab of the Administrator \
console) must also be configured to allow for any new attribute used. </del><span \
class="cx">\ No newline at end of file </span><ins>+ Realm -> Data Stores tab of \
the Administrator console) must also be configured to allow for any new attribute \
used. +a101=Device Profile Encryption Scheme
+a101.help=Encryption scheme to use to secure device profiles stored on the server.
+a101.help.txt=If enabled, each device profile is encrypted using a unique random \
secret key using the given strength \ + of AES encryption in CBC mode with PKCS#5 \
padding. A HMAC-SHA of the given strength (truncated to half-size) is \ + used to \
ensure integrity protection and authenticated encryption. The unique random key is \
encrypted with the given\ + RSA key-pair and stored with the device profile. NB: \
AES-256 may require installation of JCE Unlimited Strength. +a102=Encryption Key \
Store +a102.help=Key Store to load encryption keys from.
+a103=Key Store Type
+a103.help=Type of KeyStore to load.
+a103.help.txt=Note: PKCS#11 keystores require hardware support such as a security \
device or smart card and is not \ + available by default in most JVM installations. \
See the <a \ + href="https://docs.oracle.com/javase/8/docs/technotes/guides/security/p11guide.html" \
target="_blank">JDK 8 PKCS#11 \ + Reference Guide</a> for more \
details. +a104=Key Store Password
+a104.help=Password to unlock the keystore. This password will be encrypted.
+a105=Key-Pair Alias
+a105.help=Alias of the Certificate/PrivateKey in the keystore to use to \
encrypt/decrypt device profiles. +a106=Private Key Password
+a106.help=Password to unlock the private key.
+RSAES_AES128CBC_HS256=AES-128/HMAC-SHA-256 with RSA Key Wrapping
+RSAES_AES256CBC_HS512=AES-256/HMAC-SHA-512 with RSA Key Wrapping
+None=No encryption of device settings.
+JKS=Java Key Store (JKS).
+JCEKS=Java Cryptography Extension Key Store (JCEKS).
+PKCS11=PKCS#11 Hardware Crypto Storage.
+PKCS12=PKCS#12 Key Store.
+a107=OATH Device Skippable Attribute Name
+a107.help=Name of the attribute on a user's profile used to store their selection of \
whether to skip OATH 2FA modules. </ins><span class="cx">\ No newline at end of file
</span></span></pre></div>
<a id="branchesAME7692_noRestartsAuthopenamopenamrestsrctestjavaorgforgerockopenamrestdashboardOathDevicesResourceTestjava"></a>
<div class="modfile"><h4>Modified: \
branches/AME-7692_noRestartsAuth/openam/openam-rest/src/test/java/org/forgerock/openam/rest/dashboard/OathDevicesResourceTest.java \
(14908 => 14909)</h4> <pre class="diff"><span>
<span class="info">--- \
branches/AME-7692_noRestartsAuth/openam/openam-rest/src/test/java/org/forgerock/openam/rest/dashboard/OathDevicesResourceTest.java 2015-07-31 \
14:42:37 UTC (rev 14908)
+++ branches/AME-7692_noRestartsAuth/openam/openam-rest/src/test/java/org/forgerock/openam/rest/dashboard/OathDevicesResourceTest.java 2015-07-31 \
15:38:51 UTC (rev 14909) </span><span class="lines">@@ -18,7 +18,6 @@
</span><span class="cx">
</span><span class="cx"> import static org.fest.assertions.Assertions.*;
</span><span class="cx"> import static org.forgerock.json.fluent.JsonValue.*;
</span><del>-import static org.forgerock.json.resource.Resources.*;
</del><span class="cx"> import static org.mockito.BDDMockito.anyObject;
</span><span class="cx"> import static org.mockito.BDDMockito.anyString;
</span><span class="cx"> import static org.mockito.BDDMockito.*;
</span><span class="lines">@@ -26,24 +25,34 @@
</span><span class="cx"> import static org.mockito.Mockito.times;
</span><span class="cx"> import static org.mockito.Mockito.verify;
</span><span class="cx">
</span><ins>+import com.iplanet.sso.SSOException;
+import com.iplanet.sso.SSOToken;
+import com.sun.identity.idm.AMIdentity;
+import com.sun.identity.idm.IdRepoException;
+import com.sun.identity.shared.debug.Debug;
+import com.sun.identity.sm.SMSException;
</ins><span class="cx"> import java.util.ArrayList;
</span><span class="cx"> import java.util.Date;
</span><ins>+import java.util.HashSet;
</ins><span class="cx"> import java.util.List;
</span><span class="cx"> import org.forgerock.json.fluent.JsonValue;
</span><del>-import org.forgerock.json.resource.Connection;
-import org.forgerock.json.resource.Context;
</del><ins>+import org.forgerock.json.resource.ActionRequest;
</ins><span class="cx"> import org.forgerock.json.resource.DeleteRequest;
</span><del>-import org.forgerock.json.resource.NotFoundException;
</del><span class="cx"> import org.forgerock.json.resource.QueryRequest;
</span><span class="cx"> import org.forgerock.json.resource.QueryResultHandler;
</span><span class="cx"> import org.forgerock.json.resource.Requests;
</span><span class="cx"> import org.forgerock.json.resource.Resource;
</span><span class="cx"> import org.forgerock.json.resource.ResourceException;
</span><del>-import org.forgerock.json.resource.RootContext;
</del><ins>+import org.forgerock.json.resource.ResultHandler;
</ins><span class="cx"> import org.forgerock.json.resource.ServerContext;
</span><span class="cx"> import org.forgerock.openam.rest.devices.OathDevicesDao;
</span><span class="cx"> import \
org.forgerock.openam.rest.devices.OathDevicesResource; </span><ins>+import \
org.forgerock.openam.rest.devices.services.OathService; +import \
org.forgerock.openam.rest.devices.services.OathServiceFactory; </ins><span \
class="cx"> import org.forgerock.openam.rest.resource.ContextHelper; \
</span><ins>+import org.forgerock.openam.rest.resource.RealmContext; +import \
org.forgerock.openam.rest.resource.SSOTokenContext; +import \
org.forgerock.openam.utils.JsonValueBuilder; </ins><span class="cx"> import \
org.mockito.ArgumentCaptor; </span><span class="cx"> import org.mockito.Matchers;
</span><span class="cx"> import org.testng.annotations.BeforeMethod;
</span><span class="lines">@@ -55,28 +64,36 @@
</span><span class="cx">
</span><span class="cx"> private OathDevicesDao dao;
</span><span class="cx"> private ContextHelper contextHelper;
</span><ins>+ private Debug debug;
+ private OathServiceFactory oathServiceFactory;
+ private OathService oathService;
</ins><span class="cx">
</span><span class="cx"> @BeforeMethod
</span><del>- public void setUp() {
</del><ins>+ public void setUp() throws SMSException, SSOException {
</ins><span class="cx">
</span><span class="cx"> dao = mock(OathDevicesDao.class);
</span><span class="cx"> contextHelper = mock(ContextHelper.class);
</span><ins>+ debug = mock(Debug.class);
+ oathServiceFactory = mock(OathServiceFactory.class);
+ oathService = mock(OathService.class);
</ins><span class="cx">
</span><del>- resource = new OathDevicesResource(dao, contextHelper);
</del><ins>+ resource = new OathDevicesResourceTestClass(dao, contextHelper, \
debug, oathServiceFactory); </ins><span class="cx">
</span><span class="cx"> given(contextHelper.getUserId((ServerContext) \
anyObject())).willReturn("demo"); </span><ins>+ \
given(oathServiceFactory.create(anyString())).willReturn(oathService); </ins><span \
class="cx"> } </span><span class="cx">
</span><del>- private Context ctx() {
- return new ServerContext(new RootContext());
</del><ins>+ private ServerContext ctx() throws SSOException {
+ SSOTokenContext mockSubjectContext = mock(SSOTokenContext.class);
+ given(mockSubjectContext.getCallerSSOToken()).willReturn(mock(SSOToken.class));
+ return new ServerContext(new RealmContext(mock(SSOTokenContext.class)));
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> @Test
</span><del>- public void shouldQueryTrustedDevices() throws ResourceException {
</del><ins>+ public void shouldQueryTrustedDevices() throws ResourceException, \
SSOException { </ins><span class="cx">
</span><span class="cx"> //Given
</span><span class="cx"> QueryRequest request = \
Requests.newQueryRequest(""); </span><del>- Connection connection = \
newInternalConnection(newCollection(resource)); </del><span class="cx"> \
QueryResultHandler handler = mock(QueryResultHandler.class); </span><span class="cx"> \
List<JsonValue> devices = new ArrayList<JsonValue>(); </span><span \
class="cx"> devices.add(json(object(field("name", \
"NAME_1"), field("lastSelectedDate", new Date().getTime())))); \
</span><span class="lines">@@ -85,18 +102,19 @@ </span><span class="cx"> \
given(dao.getDeviceProfiles(anyString(), anyString())).willReturn(devices); \
</span><span class="cx"> </span><span class="cx"> //When
</span><del>- connection.query(ctx(), request, handler);
</del><ins>+ resource.queryCollection(ctx(), request, handler);
</ins><span class="cx">
</span><span class="cx"> //Then
</span><span class="cx"> verify(handler, \
times(2)).handleResource(Matchers.<Resource>anyObject()); </span><span \
class="cx"> } </span><span class="cx">
</span><span class="cx"> @Test
</span><del>- public void shouldDeleteTrustedDevice() throws ResourceException {
</del><ins>+ public void shouldDeleteTrustedDevice() throws ResourceException, \
SSOException { </ins><span class="cx">
</span><span class="cx"> //Given
</span><del>- DeleteRequest request = \
Requests.newDeleteRequest("UUID_1");
- Connection connection = newInternalConnection(newCollection(resource));
</del><ins>+ DeleteRequest request = \
Requests.newDeleteRequest("UUID_2"); + ResultHandler handler = \
mock(ResultHandler.class); +
</ins><span class="cx"> List<JsonValue> devices = new \
ArrayList<JsonValue>(); </span><span class="cx"> \
devices.add(json(object(field("uuid", "UUID_1"), \
field("name", "NAME_1")))); </span><span class="cx"> \
devices.add(json(object(field("uuid", "UUID_2"), \
field("name", "NAME_2")))); </span><span class="lines">@@ -104,7 \
+122,7 @@ </span><span class="cx"> given(dao.getDeviceProfiles(anyString(), \
anyString())).willReturn(devices); </span><span class="cx">
</span><span class="cx"> //When
</span><del>- connection.delete(ctx(), request);
</del><ins>+ resource.deleteInstance(ctx(), request.getResourceName(), \
request, handler); </ins><span class="cx">
</span><span class="cx"> //Then
</span><span class="cx"> ArgumentCaptor<List> devicesCaptor = \
ArgumentCaptor.forClass(List.class); </span><span class="lines">@@ -112,12 +130,12 @@
</span><span class="cx"> assertThat(devicesCaptor.getValue()).hasSize(1);
</span><span class="cx"> }
</span><span class="cx">
</span><del>- @Test (expectedExceptions = NotFoundException.class)
- public void shouldNotDeleteTrustedDeviceWhenNotFound() throws ResourceException \
{ </del><ins>+ @Test
+ public void shouldNotDeleteTrustedDeviceWhenNotFound() throws ResourceException, \
SSOException { </ins><span class="cx">
</span><span class="cx"> //Given
</span><span class="cx"> DeleteRequest request = \
Requests.newDeleteRequest("UUID_3"); </span><del>- Connection \
connection = newInternalConnection(newCollection(resource)); </del><ins>+ \
ResultHandler handler = mock(ResultHandler.class); </ins><span class="cx"> \
List<JsonValue> devices = new ArrayList<JsonValue>(); </span><span \
class="cx"> devices.add(json(object(field("uuid", \
"UUID_1"), field("name", "NAME_1")))); </span><span \
class="cx"> devices.add(json(object(field("uuid", \
"UUID_2"), field("name", "NAME_2")))); </span><span \
class="lines">@@ -125,9 +143,99 @@ </span><span class="cx"> \
given(dao.getDeviceProfiles(anyString(), anyString())).willReturn(devices); \
</span><span class="cx"> </span><span class="cx"> //When
</span><del>- connection.delete(ctx(), request);
</del><ins>+ resource.deleteInstance(ctx(), request.getResourceName(), \
request, handler); </ins><span class="cx">
</span><span class="cx"> //Then
</span><del>- //Expected NotFoundException
</del><ins>+ ArgumentCaptor<ResourceException> exceptionCaptor = \
ArgumentCaptor.forClass(ResourceException.class); + \
verify(handler).handleError(exceptionCaptor.capture()); + \
assertThat(exceptionCaptor.getValue().getCode() == ResourceException.NOT_FOUND); \
</ins><span class="cx"> } </span><ins>+
+ @Test
+ public void shouldFailOnUnknownAction() throws ResourceException, SSOException {
+
+ //given
+ ActionRequest request = Requests.newActionRequest("instanceId", \
"fake"); + ResultHandler handler = mock(ResultHandler.class);
+
+ //when
+ resource.actionCollection(ctx(), request, handler);
+
+ //then
+ ArgumentCaptor<ResourceException> exceptionCaptor = \
ArgumentCaptor.forClass(ResourceException.class); + \
verify(handler).handleError(exceptionCaptor.capture()); + \
assertThat(exceptionCaptor.getValue().getCode() == ResourceException.NOT_SUPPORTED); \
+ } +
+ @Test
+ public void shouldExecuteSkipAction() throws ResourceException, SSOException {
+
+ //given
+ JsonValue contents = JsonValueBuilder.toJsonValue("{ \
\"value\" : true }"); + JsonValue successResult = \
JsonValueBuilder.jsonValue().build(); + ActionRequest request = \
Requests.newActionRequest("instanceId", "skip"); + \
request.setContent(contents); + ResultHandler handler = \
mock(ResultHandler.class); +
+ //when
+ resource.actionCollection(ctx(), request, handler);
+
+ //then
+ ArgumentCaptor<JsonValue> jsonCaptor = \
ArgumentCaptor.forClass(JsonValue.class); + verify(handler, \
times(1)).handleResult(jsonCaptor.capture()); + \
assertThat(successResult.toString()).isEqualTo(jsonCaptor.getValue().toString()); + \
} +
+ @Test
+ public void shouldExecuteTrueCheckAction() throws ResourceException, \
SSOException { +
+ //given
+ JsonValue successResult = JsonValueBuilder.toJsonValue("{ \
\"result\" : true }"); + ActionRequest request = \
Requests.newActionRequest("instanceId", "check"); + \
ResultHandler handler = mock(ResultHandler.class); +
+ //when
+ resource.actionCollection(ctx(), request, handler);
+
+ //then
+ ArgumentCaptor<JsonValue> jsonCaptor = \
ArgumentCaptor.forClass(JsonValue.class); + verify(handler, \
times(1)).handleResult(jsonCaptor.capture()); + \
assertThat(successResult.toString()).isEqualTo(jsonCaptor.getValue().toString()); + \
} +
+ @Test
+ public void shouldFailOnUnknownActionInstance() throws ResourceException, \
SSOException { +
+ //given
+ ResultHandler handler = mock(ResultHandler.class);
+ ActionRequest actionRequest = mock(ActionRequest.class);
+
+
+ //when
+ resource.actionInstance(ctx(), "", actionRequest, handler);
+
+ //then
+ ArgumentCaptor<ResourceException> exceptionCaptor = \
ArgumentCaptor.forClass(ResourceException.class); + \
verify(handler).handleError(exceptionCaptor.capture()); + \
assertThat(exceptionCaptor.getValue().getCode() == ResourceException.NOT_SUPPORTED); \
+ } +
+ private static class OathDevicesResourceTestClass extends OathDevicesResource {
+
+
+ public OathDevicesResourceTestClass(OathDevicesDao dao, ContextHelper \
helper, Debug debug, + OathServiceFactory \
oathServiceFactory) { + super(dao, helper, debug, oathServiceFactory);
+ }
+
+ protected AMIdentity getIdentity(ServerContext context) throws SSOException, \
IdRepoException { +
+ HashSet<String> attribute = new HashSet<>();
+ attribute.add(String.valueOf(OathService.SKIPPABLE));
+
+ AMIdentity mockId = mock(AMIdentity.class);
+ given(mockId.getAttribute(anyString())).willReturn(attribute);
+ return mockId;
+ }
+ }
</ins><span class="cx"> }
</span></span></pre></div>
<a id="branchesAME7692_noRestartsAuthopenamopenamrestsrctestjavaorgforgerockopenamrestoauth2ResourceSetResourceTestjava"></a>
<div class="modfile"><h4>Modified: \
branches/AME-7692_noRestartsAuth/openam/openam-rest/src/test/java/org/forgerock/openam/rest/oauth2/ResourceSetResourceTest.java \
(14908 => 14909)</h4> <pre class="diff"><span>
<span class="info">--- \
branches/AME-7692_noRestartsAuth/openam/openam-rest/src/test/java/org/forgerock/openam/rest/oauth2/ResourceSetResourceTest.java 2015-07-31 \
14:42:37 UTC (rev 14908)
+++ branches/AME-7692_noRestartsAuth/openam/openam-rest/src/test/java/org/forgerock/openam/rest/oauth2/ResourceSetResourceTest.java 2015-07-31 \
15:38:51 UTC (rev 14909) </span><span class="lines">@@ -47,6 +47,7 @@
</span><span class="cx"> import org.forgerock.json.resource.UpdateRequest;
</span><span class="cx"> import \
org.forgerock.oauth2.resources.ResourceSetDescription; </span><span class="cx"> \
import org.forgerock.openam.rest.resource.ContextHelper; </span><ins>+import \
org.forgerock.openam.oauth2.resources.labels.UmaLabelsStore; </ins><span class="cx"> \
import org.forgerock.util.promise.Promise; </span><span class="cx"> import \
org.forgerock.util.promise.Promises; </span><span class="cx"> import \
org.mockito.ArgumentCaptor; </span><span class="lines">@@ -59,14 +60,15 @@
</span><span class="cx"> private ResourceSetResource resource;
</span><span class="cx">
</span><span class="cx"> private ResourceSetService resourceSetService;
</span><ins>+ private UmaLabelsStore umaLabelsStore;
</ins><span class="cx"> private ContextHelper contextHelper;
</span><span class="cx">
</span><span class="cx"> @BeforeMethod
</span><span class="cx"> public void setup() {
</span><span class="cx"> resourceSetService = mock(ResourceSetService.class);
</span><span class="cx"> contextHelper = mock(ContextHelper.class);
</span><del>-
- resource = new ResourceSetResource(resourceSetService, contextHelper);
</del><ins>+ umaLabelsStore = mock(UmaLabelsStore.class);
+ resource = new ResourceSetResource(resourceSetService, contextHelper, \
umaLabelsStore); </ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> @Test
</span></span></pre></div>
<a id="branchesAME7692_noRestartsAuthopenamopenamrestsrctestjavaorgforgerockopenamrest \
umaUmaEnabledFilterTestjavafromrev14908trunkopenamopenamrestsrctestjavaorgforgerockopenamrestumaUmaEnabledFilterTestjava"></a>
<div class="copfile"><h4>Copied: \
branches/AME-7692_noRestartsAuth/openam/openam-rest/src/test/java/org/forgerock/openam/rest/uma/UmaEnabledFilterTest.java \
(from rev 14908, trunk/openam/openam-rest/src/test/java/org/forgerock/openam/rest/uma/UmaEnabledFilterTest.java) \
(0 => 14909)</h4> <pre class="diff"><span>
<span class="info">--- \
branches/AME-7692_noRestartsAuth/openam/openam-rest/src/test/java/org/forgerock/openam/rest/uma/UmaEnabledFilterTest.java \
(rev 0)
+++ branches/AME-7692_noRestartsAuth/openam/openam-rest/src/test/java/org/forgerock/openam/rest/uma/UmaEnabledFilterTest.java 2015-07-31 \
15:38:51 UTC (rev 14909) </span><span class="lines">@@ -0,0 +1,241 @@
</span><ins>+/*
+ * The contents of this file are subject to the terms of the Common Development and
+ * Distribution License (the License). You may not use this file except in \
compliance with the + * License.
+ *
+ * You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for \
the + * specific language governing permission and limitations under the License.
+ *
+ * When distributing Covered Software, include this CDDL Header Notice in each file \
and include + * the License file at legal/CDDLv1.0.txt. If applicable, add the \
following below the CDDL + * Header, with the fields enclosed by brackets [] replaced \
by your own identifying + * information: "Portions copyright [year] [name of \
copyright owner]". + *
+ * Copyright 2015 ForgeRock AS.
+ */
+
+package org.forgerock.openam.rest.uma;
+
+import static org.assertj.core.api.Assertions.*;
+import static org.forgerock.json.fluent.JsonValue.*;
+import static org.mockito.BDDMockito.*;
+i
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic