diff options
author | Endi Sukma Dewata <edewata@redhat.com> | 2012-03-24 02:27:47 -0500 |
---|---|---|
committer | Endi Sukma Dewata <edewata@redhat.com> | 2012-03-26 11:43:54 -0500 |
commit | 621d9e5c413e561293d7484b93882d985b3fe15f (patch) | |
tree | 638f3d75761c121d9a8fb50b52a12a6686c5ac5c /base/common/src/com/netscape/cms/servlet/admin/AuthAdminServlet.java | |
parent | 40d3643b8d91886bf210aa27f711731c81a11e49 (diff) | |
download | pki-621d9e5c413e561293d7484b93882d985b3fe15f.tar.gz pki-621d9e5c413e561293d7484b93882d985b3fe15f.tar.xz pki-621d9e5c413e561293d7484b93882d985b3fe15f.zip |
Removed unnecessary pki folder.
Previously the source code was located inside a pki folder.
This folder was created during svn migration and is no longer
needed. This folder has now been removed and the contents have
been moved up one level.
Ticket #131
Diffstat (limited to 'base/common/src/com/netscape/cms/servlet/admin/AuthAdminServlet.java')
-rw-r--r-- | base/common/src/com/netscape/cms/servlet/admin/AuthAdminServlet.java | 1721 |
1 files changed, 1721 insertions, 0 deletions
diff --git a/base/common/src/com/netscape/cms/servlet/admin/AuthAdminServlet.java b/base/common/src/com/netscape/cms/servlet/admin/AuthAdminServlet.java new file mode 100644 index 000000000..cacd0b5d0 --- /dev/null +++ b/base/common/src/com/netscape/cms/servlet/admin/AuthAdminServlet.java @@ -0,0 +1,1721 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.cms.servlet.admin; + +import java.io.IOException; +import java.util.Enumeration; +import java.util.Locale; + +import javax.servlet.ServletConfig; +import javax.servlet.ServletException; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import com.netscape.certsrv.apps.CMS; +import com.netscape.certsrv.authentication.AuthManagerProxy; +import com.netscape.certsrv.authentication.AuthMgrPlugin; +import com.netscape.certsrv.authentication.EAuthException; +import com.netscape.certsrv.authentication.EAuthMgrNotFound; +import com.netscape.certsrv.authentication.EAuthMgrPluginNotFound; +import com.netscape.certsrv.authentication.IAuthManager; +import com.netscape.certsrv.authentication.IAuthSubsystem; +import com.netscape.certsrv.base.EBaseException; +import com.netscape.certsrv.base.IConfigStore; +import com.netscape.certsrv.base.IExtendedPluginInfo; +import com.netscape.certsrv.common.Constants; +import com.netscape.certsrv.common.DestDef; +import com.netscape.certsrv.common.NameValuePairs; +import com.netscape.certsrv.common.OpDef; +import com.netscape.certsrv.common.ScopeDef; +import com.netscape.certsrv.ldap.ILdapAuthInfo; +import com.netscape.certsrv.logging.ILogger; + +/** + * A class representing an administration servlet for the + * Authentication Management subsystem. This servlet is responsible + * to serve configuration requests for the Auths Management subsystem. + * + * + * @version $Revision$, $Date$ + */ +public class AuthAdminServlet extends AdminServlet { + + /** + * + */ + private static final long serialVersionUID = -6258411211380144425L; + private final static String INFO = "AuthAdminServlet"; + private IAuthSubsystem mAuths = null; + + private final static String PW_PASSWORD_CACHE_ADD = + "PASSWORD_CACHE_ADD"; + private final static String VIEW = ";" + Constants.VIEW; + private final static String EDIT = ";" + Constants.EDIT; + + private final static String LOGGING_SIGNED_AUDIT_CONFIG_AUTH = + "LOGGING_SIGNED_AUDIT_CONFIG_AUTH_3"; + + public AuthAdminServlet() { + super(); + } + + /** + * Initializes this servlet. + */ + public void init(ServletConfig config) throws ServletException { + super.init(config); + mAuths = (IAuthSubsystem) CMS.getSubsystem(CMS.SUBSYSTEM_AUTH); + AUTHZ_RES_NAME = "certServer.auth.configuration"; + } + + /** + * Returns serlvet information. + */ + public String getServletInfo() { + return INFO; + } + + /** + * retrieve extended plugin info such as brief description, type info + * from policy, authentication, + * need to add: listener, mapper and publishing plugins + * --- same as policy, should we move this into extendedpluginhelper? + */ + private void getExtendedPluginInfo(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, + IOException, EBaseException { + + String id = req.getParameter(Constants.RS_ID); + + int colon = id.indexOf(':'); + + String implType = id.substring(0, colon); + String implName = id.substring(colon + 1); + + NameValuePairs params = + getExtendedPluginInfo(getLocale(req), implType, implName); + + sendResponse(SUCCESS, null, params, resp); + } + + private NameValuePairs getExtendedPluginInfo(Locale locale, String implType, String implName) { + IExtendedPluginInfo ext_info = null; + Object impl = null; + + impl = mAuths.getAuthManagerPlugin(implName); + if (impl != null) { + if (impl instanceof IExtendedPluginInfo) { + ext_info = (IExtendedPluginInfo) impl; + } + } + + NameValuePairs nvps = null; + + if (ext_info == null) { + nvps = new NameValuePairs(); + } else { + nvps = convertStringArrayToNVPairs(ext_info.getExtendedPluginInfo(locale)); + } + + return nvps; + + } + + /** + * Serves HTTP admin request. + */ + public void service(HttpServletRequest req, HttpServletResponse resp) + throws ServletException, IOException { + super.service(req, resp); + + String scope = req.getParameter(Constants.OP_SCOPE); + String op = req.getParameter(Constants.OP_TYPE); + + if (op == null) { + //System.out.println("SRVLT_INVALID_PROTOCOL"); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_PROTOCOL"), + null, resp); + return; + } + + // if it is not authentication, that means it is for CSC admin ping. + // the best way to do is to define another protocol for ping and move + // it to the generic servlet which is admin servlet. + if (!op.equals(OpDef.OP_AUTH)) { + if (scope.equals(ScopeDef.SC_AUTH)) { + String id = req.getParameter(Constants.RS_ID); + + // for CSC admin ping only + if (op.equals(OpDef.OP_READ) && + id.equals(Constants.RS_ID_CONFIG)) { + + // no need to authenticate this. if we're alive, return true. + NameValuePairs params = new NameValuePairs(); + + params.put(Constants.PR_PING, Constants.TRUE); + sendResponse(SUCCESS, null, params, resp); + return; + } else { + //System.out.println("SRVLT_INVALID_OP_TYPE"); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_TYPE", op), + null, resp); + return; + } + } + } + + try { + if (op.equals(OpDef.OP_AUTH)) { + if (scope.equals(ScopeDef.SC_AUTHTYPE)) { + IConfigStore configStore = CMS.getConfigStore(); + String val = configStore.getString("authType", "pwd"); + NameValuePairs params = new NameValuePairs(); + + params.put("authType", val); + sendResponse(SUCCESS, null, params, resp); + return; + } + } + } catch (Exception e) { + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHS_FAILED"), + null, resp); + return; + } + // for the rest + try { + super.authenticate(req); + if (op.equals(OpDef.OP_AUTH)) { // for admin authentication only + sendResponse(SUCCESS, null, null, resp); + return; + } + } catch (IOException e) { + //System.out.println("SRVLT_FAIL_AUTHS"); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHS_FAILED"), + null, resp); + return; + } + + try { + // perform operation based on scope + if (scope != null) { + AUTHZ_RES_NAME = "certServer.auth.configuration"; + if (scope.equals(ScopeDef.SC_EXTENDED_PLUGIN_INFO)) { + try { + mOp = "read"; + if ((mToken = super.authorize(req)) == null) { + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); + return; + } + getExtendedPluginInfo(req, resp); + return; + } catch (EBaseException e) { + sendResponse(ERROR, e.toString(getLocale(req)), null, resp); + return; + } + } + if (op.equals(OpDef.OP_SEARCH)) { + mOp = "read"; + if ((mToken = super.authorize(req)) == null) { + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); + return; + } + if (scope.equals(ScopeDef.SC_AUTH_IMPLS)) { + listAuthMgrPlugins(req, resp); + return; + } else if (scope.equals(ScopeDef.SC_AUTH_MGR_INSTANCE)) { + listAuthMgrInsts(req, resp); + return; + } else { + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"), + null, resp); + return; + } + } else if (op.equals(OpDef.OP_READ)) { + mOp = "read"; + if ((mToken = super.authorize(req)) == null) { + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); + return; + } + if (scope.equals(ScopeDef.SC_AUTH_IMPLS)) { + getConfig(req, resp); + return; + } else if (scope.equals(ScopeDef.SC_AUTH_MGR_INSTANCE)) { + getInstConfig(req, resp); + return; + } else { + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"), + null, resp); + return; + } + } else if (op.equals(OpDef.OP_ADD)) { + mOp = "modify"; + if ((mToken = super.authorize(req)) == null) { + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); + return; + } + if (scope.equals(ScopeDef.SC_AUTH_IMPLS)) { + addAuthMgrPlugin(req, resp, scope); + return; + } else if (scope.equals(ScopeDef.SC_AUTH_MGR_INSTANCE)) { + addAuthMgrInst(req, resp, scope); + return; + } else { + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"), + null, resp); + return; + } + } else if (op.equals(OpDef.OP_DELETE)) { + mOp = "modify"; + if ((mToken = super.authorize(req)) == null) { + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); + return; + } + if (scope.equals(ScopeDef.SC_AUTH_IMPLS)) { + delAuthMgrPlugin(req, resp, scope); + return; + } else if (scope.equals(ScopeDef.SC_AUTH_MGR_INSTANCE)) { + delAuthMgrInst(req, resp, scope); + return; + } else { + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"), + null, resp); + return; + } + } else if (op.equals(OpDef.OP_MODIFY)) { + mOp = "modify"; + if ((mToken = super.authorize(req)) == null) { + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); + return; + } + if (scope.equals(ScopeDef.SC_AUTH_MGR_INSTANCE)) { + modAuthMgrInst(req, resp, scope); + return; + } + } else { + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"), + null, resp); + return; + } + } + } catch (EBaseException e) { + sendResponse(ERROR, e.toString(getLocale(req)), null, resp); + return; + } + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_PERFORM_FAILED"), + null, resp); + return; + } + + private void putUserPWPair(String combo) { + int semicolon; + + semicolon = combo.indexOf(";"); + String user = combo.substring(0, semicolon); + String pw = combo.substring(semicolon + 1); + + CMS.putPasswordCache(user, pw); + } + + /** + * Add authentication manager plug-in + * <P> + * + * <ul> + * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_AUTH used when configuring authentication + * </ul> + * + * @param req HTTP servlet request + * @param resp HTTP servlet response + * @param scope string used to obtain the contents of this authentication + * manager's substore + * @exception ServletException a servlet error has occurred + * @exception IOException an input/output error has occurred + * @exception EBaseException an error has occurred + */ + + private synchronized void addAuthMgrPlugin(HttpServletRequest req, + HttpServletResponse resp, String scope) + throws ServletException, IOException, EBaseException { + + String auditMessage = null; + String auditSubjectID = auditSubjectID(); + + // ensure that any low-level exceptions are reported + // to the signed audit log and stored as failures + try { + String id = req.getParameter(Constants.RS_ID); + + if (id == null) { + // store a message in the signed audit log file + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CONFIG_AUTH, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); + + audit(auditMessage); + + //System.out.println("SRVLT_NULL_RS_ID"); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), + null, resp); + return; + } + // is the manager id unique? + if (mAuths.getPlugins().containsKey((Object) id)) { + // store a message in the signed audit log file + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CONFIG_AUTH, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); + + audit(auditMessage); + + sendResponse( + ERROR, + new EAuthException(CMS.getUserMessage(getLocale(req), "CMS_AUTHENTICATION_DUP_MGR_PLUGIN_ID", + id)).toString(), + null, resp); + return; + } + + String classPath = req.getParameter(Constants.PR_AUTH_CLASS); + + if (classPath == null) { + // store a message in the signed audit log file + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CONFIG_AUTH, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); + + audit(auditMessage); + + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_AUTHENTICATION_NULL_AUTHMGR_CLASSNAME"), + null, resp); + return; + } + + if (classPath.equals("com.netscape.cmscore.authentication.PasswdUserDBAuthentication") || + classPath.equals("com.netscape.cmscore.authentication.CertUserDBAuthentication")) { + // store a message in the signed audit log file + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CONFIG_AUTH, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); + + audit(auditMessage); + + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_BASE_PERMISSION_DENIED"), null, resp); + return; + } + + IConfigStore destStore = + mConfig.getSubStore(DestDef.DEST_AUTH_ADMIN); + IConfigStore instancesConfig = + destStore.getSubStore(scope); + + // Does the class exist? + + Class<IAuthManager> newImpl = null; + + try { + @SuppressWarnings("unchecked") + Class<IAuthManager> tmpImpl = (Class<IAuthManager>) Class.forName(classPath); + newImpl = tmpImpl; + } catch (ClassNotFoundException e) { + // store a message in the signed audit log file + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CONFIG_AUTH, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); + + audit(auditMessage); + + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_AUTHENTICATION_AUTHMGR_PLUGIN_NOT_FOUND"), + null, resp); + return; + } catch (IllegalArgumentException e) { + // store a message in the signed audit log file + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CONFIG_AUTH, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); + + audit(auditMessage); + + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_AUTHENTICATION_AUTHMGR_PLUGIN_NOT_FOUND"), + null, resp); + return; + } + + // is the class an IAuthManager? + try { + if (IAuthManager.class.isAssignableFrom(newImpl) == false) { + // store a message in the signed audit log file + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CONFIG_AUTH, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); + + audit(auditMessage); + + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_AUTHENTICATION_ILL_CLASS"), + null, resp); + return; + } + } catch (NullPointerException e) { // unlikely, only if newImpl null. + // store a message in the signed audit log file + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CONFIG_AUTH, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); + + audit(auditMessage); + + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_AUTHENTICATION_ILL_CLASS"), + null, resp); + return; + } + + IConfigStore substore = instancesConfig.makeSubStore(id); + + substore.put(Constants.PR_AUTH_CLASS, classPath); + + // commiting + try { + mConfig.commit(true); + } catch (EBaseException e) { + // store a message in the signed audit log file + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CONFIG_AUTH, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); + + audit(auditMessage); + + //System.out.println("SRVLT_FAIL_COMMIT"); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), + null, resp); + return; + } + + // add manager to registry. + AuthMgrPlugin plugin = new AuthMgrPlugin(id, classPath); + + mAuths.getPlugins().put(id, plugin); + mAuths.log(ILogger.LL_INFO, + CMS.getLogMessage("ADMIN_SRVLT_PLUGIN_ADD", id)); + + NameValuePairs params = new NameValuePairs(); + + // store a message in the signed audit log file + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CONFIG_AUTH, + auditSubjectID, + ILogger.SUCCESS, + auditParams(req)); + + audit(auditMessage); + + sendResponse(SUCCESS, null, params, resp); + return; + // } catch( EBaseException eAudit1 ) { + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_AUTH, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); + // + // audit( auditMessage ); + // + // // rethrow the specific exception to be handled later + // throw eAudit1; + } catch (IOException eAudit2) { + // store a message in the signed audit log file + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CONFIG_AUTH, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); + + audit(auditMessage); + + // rethrow the specific exception to be handled later + throw eAudit2; + // } catch( ServletException eAudit3 ) { + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_AUTH, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); + // + // audit( auditMessage ); + // + // // rethrow the specific exception to be handled later + // throw eAudit3; + } + } + + /** + * Add authentication manager instance + * <P> + * + * <ul> + * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_AUTH used when configuring authentication + * </ul> + * + * @param req HTTP servlet request + * @param resp HTTP servlet response + * @param scope string used to obtain the contents of this authentication + * manager's substore + * @exception ServletException a servlet error has occurred + * @exception IOException an input/output error has occurred + * @exception EBaseException an error has occurred + */ + private synchronized void addAuthMgrInst(HttpServletRequest req, + HttpServletResponse resp, String scope) + throws ServletException, IOException, EBaseException { + + String auditMessage = null; + String auditSubjectID = auditSubjectID(); + + // ensure that any low-level exceptions are reported + // to the signed audit log and stored as failures + try { + String id = req.getParameter(Constants.RS_ID); + + if (id == null) { + // store a message in the signed audit log file + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CONFIG_AUTH, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); + + audit(auditMessage); + + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), + null, resp); + return; + } + + // is the manager instance id unique? + if (mAuths.getInstances().containsKey((Object) id)) { + // store a message in the signed audit log file + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CONFIG_AUTH, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); + + audit(auditMessage); + + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_AUTHENTICATION_ILL_MGR_INST_ID"), + null, resp); + return; + } + + // get required parameters + // SC_AUTH_IMPL_NAME is absolutely required, the rest depend on + // on each authenticaton manager + String implname = req.getParameter(Constants.PR_AUTH_IMPL_NAME); + + if (implname == null) { + // store a message in the signed audit log file + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CONFIG_AUTH, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); + + audit(auditMessage); + + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_AUTHENTICATION_MISSING_PARAMS"), + null, resp); + return; + } + + // prevent agent & admin creation. + if (implname.equals(IAuthSubsystem.PASSWDUSERDB_PLUGIN_ID) || + implname.equals(IAuthSubsystem.CERTUSERDB_PLUGIN_ID)) { + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_BASE_PERMISSION_DENIED"), null, resp); + } + + // check if implementation exists. + AuthMgrPlugin plugin = + (AuthMgrPlugin) mAuths.getPlugins().get(implname); + + if (plugin == null) { + // store a message in the signed audit log file + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CONFIG_AUTH, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); + + audit(auditMessage); + + sendResponse( + ERROR, + new EAuthMgrPluginNotFound(CMS.getUserMessage(getLocale(req), + "CMS_AUTHENTICATION_AUTHMGR_NOT_FOUND", implname)).toString(), + null, resp); + return; + } + + // now the rest of config parameters + // note that we only check to see if the required parameters + // are there, but not checking the values are valid + String[] configParams = mAuths.getConfigParams(implname); + + IConfigStore destStore = + mConfig.getSubStore(DestDef.DEST_AUTH_ADMIN); + IConfigStore instancesConfig = + destStore.getSubStore(scope); + IConfigStore substore = instancesConfig.makeSubStore(id); + + if (configParams != null) { + for (int i = 0; i < configParams.length; i++) { + String key = configParams[i]; + String val = req.getParameter(key); + + if (val != null) { + substore.put(key, val); + } + } + } + substore.put(IAuthSubsystem.PROP_PLUGIN, implname); + + String pwadd = req.getParameter(PW_PASSWORD_CACHE_ADD); + + if (pwadd != null) { + putUserPWPair(pwadd); + } + + // Instantiate an object for this implementation + String className = plugin.getClassPath(); + IAuthManager authMgrInst = null; + + try { + authMgrInst = (IAuthManager) Class.forName(className).newInstance(); + } catch (ClassNotFoundException e) { + // store a message in the signed audit log file + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CONFIG_AUTH, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); + + audit(auditMessage); + + // cleanup + instancesConfig.removeSubStore(id); + sendResponse( + ERROR, + new EAuthException(CMS.getUserMessage(getLocale(req), "CMS_AUTHENTICATION_LOAD_CLASS_FAIL", + className)).toString(), + null, resp); + return; + } catch (InstantiationException e) { + // store a message in the signed audit log file + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CONFIG_AUTH, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); + + audit(auditMessage); + + instancesConfig.removeSubStore(id); + sendResponse( + ERROR, + new EAuthException(CMS.getUserMessage(getLocale(req), "CMS_AUTHENTICATION_LOAD_CLASS_FAIL", + className)).toString(), + null, resp); + return; + } catch (IllegalAccessException e) { + // store a message in the signed audit log file + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CONFIG_AUTH, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); + + audit(auditMessage); + + instancesConfig.removeSubStore(id); + sendResponse( + ERROR, + new EAuthException(CMS.getUserMessage(getLocale(req), "CMS_AUTHENTICATION_LOAD_CLASS_FAIL", + className)).toString(), + null, resp); + return; + } + + // initialize the authentication manager + try { + authMgrInst.init(id, implname, substore); + } catch (EBaseException e) { + // store a message in the signed audit log file + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CONFIG_AUTH, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); + + audit(auditMessage); + + // don't commit in this case and cleanup the new substore. + instancesConfig.removeSubStore(id); + sendResponse(ERROR, e.toString(getLocale(req)), null, resp); + return; + } + + // commiting + try { + mConfig.commit(true); + } catch (EBaseException e) { + // store a message in the signed audit log file + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CONFIG_AUTH, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); + + audit(auditMessage); + + // clean up. + instancesConfig.removeSubStore(id); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), + null, resp); + return; + } + + // inited and commited ok. now add manager instance to list. + mAuths.add(id, authMgrInst); + + mAuths.log(ILogger.LL_INFO, + CMS.getLogMessage("ADMIN_SRVLT_AUTH_MGR_ADD", id)); + + NameValuePairs params = new NameValuePairs(); + + params.put(Constants.PR_AUTH_IMPL_NAME, implname); + + // store a message in the signed audit log file + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CONFIG_AUTH, + auditSubjectID, + ILogger.SUCCESS, + auditParams(req)); + + audit(auditMessage); + + sendResponse(SUCCESS, null, params, resp); + return; + } catch (EBaseException eAudit1) { + // store a message in the signed audit log file + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CONFIG_AUTH, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); + + audit(auditMessage); + + // rethrow the specific exception to be handled later + throw eAudit1; + } catch (IOException eAudit2) { + // store a message in the signed audit log file + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CONFIG_AUTH, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); + + audit(auditMessage); + + // rethrow the specific exception to be handled later + throw eAudit2; + // } catch( ServletException eAudit3 ) { + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_AUTH, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); + // + // audit( auditMessage ); + // + // // rethrow the specific exception to be handled later + // throw eAudit3; + } + } + + private synchronized void listAuthMgrPlugins(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, + IOException, EBaseException { + + NameValuePairs params = new NameValuePairs(); + Enumeration<String> e = mAuths.getPlugins().keys(); + + while (e.hasMoreElements()) { + String name = (String) e.nextElement(); + AuthMgrPlugin value = (AuthMgrPlugin) + mAuths.getPlugins().get(name); + + if (value.isVisible()) { + params.put(name, value.getClassPath() + EDIT); + } + } + sendResponse(SUCCESS, null, params, resp); + return; + } + + private synchronized void listAuthMgrInsts(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, + IOException, EBaseException { + + NameValuePairs params = new NameValuePairs(); + + for (Enumeration<?> e = mAuths.getInstances().keys(); e.hasMoreElements();) { + String name = (String) e.nextElement(); + AuthManagerProxy proxy = (AuthManagerProxy) mAuths.getInstances().get(name); + IAuthManager value = proxy.getAuthManager(); + String enableStr = "enabled"; + + if (!proxy.isEnable()) { + enableStr = "disabled"; + } + + AuthMgrPlugin amgrplugin = (AuthMgrPlugin) + mAuths.getPlugins().get(value.getImplName()); + + if (!amgrplugin.isVisible()) { + params.put(name, value.getImplName() + ";invisible;" + enableStr); + } else { + params.put(name, value.getImplName() + ";visible;" + enableStr); + } + } + sendResponse(SUCCESS, null, params, resp); + return; + } + + /** + * Delete authentication manager plug-in + * <P> + * + * <ul> + * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_AUTH used when configuring authentication + * </ul> + * + * @param req HTTP servlet request + * @param resp HTTP servlet response + * @param scope string used to obtain the contents of this authentication + * manager's substore + * @exception ServletException a servlet error has occurred + * @exception IOException an input/output error has occurred + * @exception EBaseException an error has occurred + */ + private synchronized void delAuthMgrPlugin(HttpServletRequest req, + HttpServletResponse resp, String scope) throws ServletException, + IOException, EBaseException { + + String auditMessage = null; + String auditSubjectID = auditSubjectID(); + + // ensure that any low-level exceptions are reported + // to the signed audit log and stored as failures + try { + NameValuePairs params = new NameValuePairs(); + String id = req.getParameter(Constants.RS_ID); + + if (id == null) { + // store a message in the signed audit log file + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CONFIG_AUTH, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); + + audit(auditMessage); + + //System.out.println("SRVLT_NULL_RS_ID"); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), + null, resp); + return; + } + + // prevent deletion of admin and agent. + if (id.equals(IAuthSubsystem.PASSWDUSERDB_PLUGIN_ID) || + id.equals(IAuthSubsystem.CERTUSERDB_PLUGIN_ID)) { + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_BASE_PERMISSION_DENIED"), null, resp); + } + + // does auth manager exist? + if (mAuths.getPlugins().containsKey(id) == false) { + // store a message in the signed audit log file + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CONFIG_AUTH, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); + + audit(auditMessage); + + sendResponse( + ERROR, + new EAuthMgrPluginNotFound(CMS.getUserMessage(getLocale(req), + "CMS_AUTHENTICATION_DUP_MGR_PLUGIN_ID", id)).toString(), + null, resp); + return; + } + + // first check if any instances from this auth manager + // DON'T remove auth manager if any instance + for (Enumeration<?> e = mAuths.getInstances().keys(); e.hasMoreElements();) { + IAuthManager authMgr = (IAuthManager) mAuths.get((String) e.nextElement()); + + if (authMgr.getImplName() == id) { + // store a message in the signed audit log file + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CONFIG_AUTH, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); + + audit(auditMessage); + + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_AUTHENTICATION_MGR_IN_USE"), + null, resp); + return; + } + } + + // then delete this auth manager + mAuths.getPlugins().remove((Object) id); + + IConfigStore destStore = + mConfig.getSubStore(DestDef.DEST_AUTH_ADMIN); + IConfigStore instancesConfig = + destStore.getSubStore(scope); + + instancesConfig.removeSubStore(id); + // commiting + try { + mConfig.commit(true); + } catch (EBaseException e) { + // store a message in the signed audit log file + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CONFIG_AUTH, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); + + audit(auditMessage); + + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), + null, resp); + return; + } + + // store a message in the signed audit log file + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CONFIG_AUTH, + auditSubjectID, + ILogger.SUCCESS, + auditParams(req)); + + audit(auditMessage); + + sendResponse(SUCCESS, null, params, resp); + return; + // } catch( EBaseException eAudit1 ) { + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_AUTH, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); + // + // audit( auditMessage ); + // + // // rethrow the specific exception to be handled later + // throw eAudit1; + } catch (IOException eAudit2) { + // store a message in the signed audit log file + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CONFIG_AUTH, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); + + audit(auditMessage); + + // rethrow the specific exception to be handled later + throw eAudit2; + // } catch( ServletException eAudit1 ) { + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_AUTH, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); + // + // audit( auditMessage ); + // + // // rethrow the specific exception to be handled later + // throw eAudit1; + } + } + + /** + * Delete authentication manager instance + * <P> + * + * <ul> + * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_AUTH used when configuring authentication + * </ul> + * + * @param req HTTP servlet request + * @param resp HTTP servlet response + * @param scope string used to obtain the contents of this authentication + * manager's substore + * @exception ServletException a servlet error has occurred + * @exception IOException an input/output error has occurred + * @exception EBaseException an error has occurred + */ + private synchronized void delAuthMgrInst(HttpServletRequest req, + HttpServletResponse resp, String scope) throws ServletException, + IOException, EBaseException { + + String auditMessage = null; + String auditSubjectID = auditSubjectID(); + + // ensure that any low-level exceptions are reported + // to the signed audit log and stored as failures + try { + NameValuePairs params = new NameValuePairs(); + String id = req.getParameter(Constants.RS_ID); + + if (id == null) { + // store a message in the signed audit log file + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CONFIG_AUTH, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); + + audit(auditMessage); + + //System.out.println("SRVLT_NULL_RS_ID"); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), + null, resp); + return; + } + + // prevent deletion of admin and agent. + if (id.equals(IAuthSubsystem.PASSWDUSERDB_AUTHMGR_ID) || + id.equals(IAuthSubsystem.CERTUSERDB_AUTHMGR_ID)) { + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_BASE_PERMISSION_DENIED"), null, resp); + } + + // does auth manager instance exist? + if (mAuths.getInstances().containsKey(id) == false) { + // store a message in the signed audit log file + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CONFIG_AUTH, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); + + audit(auditMessage); + + sendResponse( + ERROR, + new EAuthMgrNotFound(CMS.getUserMessage(getLocale(req), "CMS_AUTHENTICATION_AUTHMGR_NOT_FOUND", + id)).toString(), + null, resp); + return; + } + + // only remove from memory + // cannot shutdown because we don't keep track of whether it's + // being used. + mAuths.getInstances().remove(id); + + // remove the configuration. + IConfigStore destStore = + mConfig.getSubStore(DestDef.DEST_AUTH_ADMIN); + IConfigStore instancesConfig = + destStore.getSubStore(scope); + + instancesConfig.removeSubStore(id); + // commiting + try { + mConfig.commit(true); + } catch (EBaseException e) { + // store a message in the signed audit log file + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CONFIG_AUTH, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); + + audit(auditMessage); + + //System.out.println("SRVLT_FAIL_COMMIT"); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), + null, resp); + return; + } + + //This only works in the fact that we only support one instance per + //auth plugin. + ILdapAuthInfo authInfo = CMS.getLdapAuthInfo(); + + authInfo.removePassword("Rule " + id); + + // store a message in the signed audit log file + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CONFIG_AUTH, + auditSubjectID, + ILogger.SUCCESS, + auditParams(req)); + + audit(auditMessage); + + sendResponse(SUCCESS, null, params, resp); + return; + // } catch( EBaseException eAudit1 ) { + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_AUTH, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); + // + // audit( auditMessage ); + // + // // rethrow the specific exception to be handled later + // throw eAudit1; + } catch (IOException eAudit2) { + // store a message in the signed audit log file + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CONFIG_AUTH, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); + + audit(auditMessage); + + // rethrow the specific exception to be handled later + throw eAudit2; + // } catch( ServletException eAudit3 ) { + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_AUTH, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); + // + // audit( auditMessage ); + // + // // rethrow the specific exception to be handled later + // throw eAudit3; + } + } + + /** + * used for getting the required configuration parameters (with + * possible default values) for a particular auth manager plugin + * implementation name specified in the RS_ID. Actually, there is + * no logic in here to set any default value here...there's no + * default value for any parameter in this authentication subsystem + * at this point. Later, if we do have one (or some), it can be + * added. The interface remains the same. + */ + private synchronized void getConfig(HttpServletRequest req, + HttpServletResponse resp) + throws ServletException, IOException, EBaseException { + + String implname = req.getParameter(Constants.RS_ID); + + if (implname == null) { + //System.out.println("SRVLT_NULL_RS_ID"); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), + null, resp); + return; + } + + String[] configParams = mAuths.getConfigParams(implname); + NameValuePairs params = new NameValuePairs(); + + // implName is always required so always send it. + params.put(Constants.PR_AUTH_IMPL_NAME, ""); + if (configParams != null) { + for (int i = 0; i < configParams.length; i++) { + params.put(configParams[i], ""); + } + } + sendResponse(0, null, params, resp); + return; + } + + private synchronized void getInstConfig(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, + IOException, EBaseException { + + String id = req.getParameter(Constants.RS_ID); + + if (id == null) { + //System.out.println("SRVLT_NULL_RS_ID"); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), + null, resp); + return; + } + + // does auth manager instance exist? + if (mAuths.getInstances().containsKey(id) == false) { + sendResponse( + ERROR, + new EAuthMgrNotFound(CMS.getUserMessage(getLocale(req), "CMS_AUTHENTICATION_AUTHMGR_NOT_FOUND", id)) + .toString(), + null, resp); + return; + } + + IAuthManager mgrInst = (IAuthManager) mAuths.get(id); + IConfigStore config = mgrInst.getConfigStore(); + String[] configParams = mgrInst.getConfigParams(); + NameValuePairs params = new NameValuePairs(); + + params.put(Constants.PR_AUTH_IMPL_NAME, mgrInst.getImplName()); + // implName is always required so always send it. + if (configParams != null) { + for (int i = 0; i < configParams.length; i++) { + String key = configParams[i]; + String val = (String) config.get(key); + + if (val != null) { + params.put(key, val); + } else { + params.put(key, ""); + } + } + } + + sendResponse(SUCCESS, null, params, resp); + return; + } + + /** + * Modify authentication manager instance + * This will actually create a new instance with new configuration + * parameters and replace the old instance if the new instance is + * created and initialized successfully. + * The old instance is left running, so this is very expensive. + * Restart of server recommended. + * <P> + * + * <ul> + * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_AUTH used when configuring authentication + * </ul> + * + * @param req HTTP servlet request + * @param resp HTTP servlet response + * @param scope string used to obtain the contents of this authentication + * manager's substore + * @exception ServletException a servlet error has occurred + * @exception IOException an input/output error has occurred + * @exception EBaseException an error has occurred + */ + private synchronized void modAuthMgrInst(HttpServletRequest req, + HttpServletResponse resp, String scope) + throws ServletException, IOException, EBaseException { + + // expensive operation. + + String auditMessage = null; + String auditSubjectID = auditSubjectID(); + + // ensure that any low-level exceptions are reported + // to the signed audit log and stored as failures + try { + String id = req.getParameter(Constants.RS_ID); + + if (id == null) { + // store a message in the signed audit log file + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CONFIG_AUTH, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); + + audit(auditMessage); + + //System.out.println("SRVLT_NULL_RS_ID"); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), + null, resp); + return; + } + + // prevent modification of admin and agent. + if (id.equals(IAuthSubsystem.PASSWDUSERDB_AUTHMGR_ID) || + id.equals(IAuthSubsystem.CERTUSERDB_AUTHMGR_ID)) { + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_BASE_PERMISSION_DENIED"), null, resp); + } + + // Does the manager instance exist? + if (!mAuths.getInstances().containsKey((Object) id)) { + // store a message in the signed audit log file + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CONFIG_AUTH, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); + + audit(auditMessage); + + sendResponse(ERROR, + CMS.getUserMessage("CMS_AUTHENTICATION_MGR_IMPL_NOT_FOUND"), + null, resp); + return; + } + + // get new implementation (same or different.) + String implname = req.getParameter(Constants.PR_AUTH_IMPL_NAME); + + if (implname == null) { + // store a message in the signed audit log file + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CONFIG_AUTH, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); + + audit(auditMessage); + + sendResponse(ERROR, + CMS.getUserMessage("CMS_AUTHENTICATION_MISSING_PARAMS"), + null, resp); + return; + } + + // get plugin for implementation + AuthMgrPlugin plugin = + (AuthMgrPlugin) mAuths.getPlugins().get(implname); + + if (plugin == null) { + // store a message in the signed audit log file + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CONFIG_AUTH, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); + + audit(auditMessage); + + sendResponse( + ERROR, + new EAuthMgrPluginNotFound(CMS.getUserMessage(getLocale(req), + "CMS_AUTHENTICATION_AUTHMGR_NOT_FOUND", implname)).toString(), + null, resp); + return; + } + + // save old instance substore params in case new one fails. + + IAuthManager oldinst = + (IAuthManager) mAuths.get(id); + IConfigStore oldConfig = oldinst.getConfigStore(); + + String[] oldConfigParms = oldinst.getConfigParams(); + NameValuePairs saveParams = new NameValuePairs(); + + // implName is always required so always include it it. + saveParams.put(IAuthSubsystem.PROP_PLUGIN, + (String) oldConfig.get(IAuthSubsystem.PROP_PLUGIN)); + if (oldConfigParms != null) { + for (int i = 0; i < oldConfigParms.length; i++) { + String key = oldConfigParms[i]; + Object val = oldConfig.get(key); + + if (val != null) { + saveParams.put(key, (String) val); + } + } + } + + // on to the new instance. + + // remove old substore. + + IConfigStore destStore = + mConfig.getSubStore(DestDef.DEST_AUTH_ADMIN); + IConfigStore instancesConfig = + destStore.getSubStore(scope); + + instancesConfig.removeSubStore(id); + + // create new substore. + + String[] configParams = mAuths.getConfigParams(implname); + + IConfigStore substore = instancesConfig.makeSubStore(id); + + substore.put(IAuthSubsystem.PROP_PLUGIN, implname); + if (configParams != null) { + for (int i = 0; i < configParams.length; i++) { + String key = configParams[i]; + String val = req.getParameter(key); + + if (val != null) { + substore.put(key, val); + } + } + } + + // Instantiate an object for new implementation + + String className = plugin.getClassPath(); + IAuthManager newMgrInst = null; + + try { + newMgrInst = (IAuthManager) Class.forName(className).newInstance(); + } catch (ClassNotFoundException e) { + // store a message in the signed audit log file + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CONFIG_AUTH, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); + + audit(auditMessage); + + // cleanup + restore(instancesConfig, id, saveParams); + sendResponse( + ERROR, + new EAuthException(CMS.getUserMessage(getLocale(req), "CMS_AUTHENTICATION_LOAD_CLASS_FAIL", + className)).toString(), + null, resp); + return; + } catch (InstantiationException e) { + // store a message in the signed audit log file + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CONFIG_AUTH, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); + + audit(auditMessage); + + restore(instancesConfig, id, saveParams); + sendResponse( + ERROR, + new EAuthException(CMS.getUserMessage(getLocale(req), "CMS_AUTHENTICATION_LOAD_CLASS_FAIL", + className)).toString(), + null, resp); + return; + } catch (IllegalAccessException e) { + // store a message in the signed audit log file + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CONFIG_AUTH, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); + + audit(auditMessage); + + restore(instancesConfig, id, saveParams); + sendResponse( + ERROR, + new EAuthException(CMS.getUserMessage(getLocale(req), "CMS_AUTHENTICATION_LOAD_CLASS_FAIL", + className)).toString(), + null, resp); + return; + } + + // initialize the authentication manager + + try { + newMgrInst.init(id, implname, substore); + } catch (EBaseException e) { + // store a message in the signed audit log file + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CONFIG_AUTH, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); + + audit(auditMessage); + + // don't commit in this case and cleanup the new substore. + restore(instancesConfig, id, saveParams); + sendResponse(ERROR, e.toString(getLocale(req)), null, resp); + return; + } + + // initialized ok. commiting + try { + mConfig.commit(true); + } catch (EBaseException e) { + // store a message in the signed audit log file + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CONFIG_AUTH, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); + + audit(auditMessage); + + // clean up. + restore(instancesConfig, id, saveParams); + //System.out.println("SRVLT_FAIL_COMMIT"); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), + null, resp); + return; + } + + // commited ok. replace instance. + + mAuths.add(id, newMgrInst); + + mAuths.log(ILogger.LL_INFO, + CMS.getLogMessage("ADMIN_SRVLT_AUTH_MGR_REPL", id)); + + NameValuePairs params = new NameValuePairs(); + + // store a message in the signed audit log file + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CONFIG_AUTH, + auditSubjectID, + ILogger.SUCCESS, + auditParams(req)); + + audit(auditMessage); + + sendResponse(SUCCESS, null, params, resp); + return; + } catch (EBaseException eAudit1) { + // store a message in the signed audit log file + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CONFIG_AUTH, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); + + audit(auditMessage); + + // rethrow the specific exception to be handled later + throw eAudit1; + } catch (IOException eAudit2) { + // store a message in the signed audit log file + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CONFIG_AUTH, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); + + audit(auditMessage); + + // rethrow the specific exception to be handled later + throw eAudit2; + // } catch( ServletException eAudit3 ) { + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_AUTH, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); + // + // audit( auditMessage ); + // + // // rethrow the specific exception to be handled later + // throw eAudit3; + } + } + + // convenience routine. + private static void restore(IConfigStore store, + String id, NameValuePairs saveParams) { + store.removeSubStore(id); + IConfigStore rstore = store.makeSubStore(id); + + for (String key : saveParams.keySet()) { + String value = saveParams.get(key); + + if (value != null) + rstore.put(key, value); + } + } +} |