001 /* 002 * CDDL HEADER START 003 * 004 * The contents of this file are subject to the terms of the 005 * Common Development and Distribution License, Version 1.0 only 006 * (the "License"). You may not use this file except in compliance 007 * with the License. 008 * 009 * You can obtain a copy of the license at 010 * trunk/opends/resource/legal-notices/OpenDS.LICENSE 011 * or https://OpenDS.dev.java.net/OpenDS.LICENSE. 012 * See the License for the specific language governing permissions 013 * and limitations under the License. 014 * 015 * When distributing Covered Code, include this CDDL HEADER in each 016 * file and include the License file at 017 * trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable, 018 * add the following below this CDDL HEADER, with the fields enclosed 019 * by brackets "[]" replaced with your own identifying information: 020 * Portions Copyright [yyyy] [name of copyright owner] 021 * 022 * CDDL HEADER END 023 * 024 * 025 * Copyright 2008 Sun Microsystems, Inc. 026 */ 027 package org.opends.server.admin.std.meta; 028 029 030 031 import org.opends.server.admin.AdministratorAction; 032 import org.opends.server.admin.AggregationPropertyDefinition; 033 import org.opends.server.admin.AliasDefaultBehaviorProvider; 034 import org.opends.server.admin.BooleanPropertyDefinition; 035 import org.opends.server.admin.ClassPropertyDefinition; 036 import org.opends.server.admin.client.AuthorizationException; 037 import org.opends.server.admin.client.CommunicationException; 038 import org.opends.server.admin.client.ConcurrentModificationException; 039 import org.opends.server.admin.client.ManagedObject; 040 import org.opends.server.admin.client.MissingMandatoryPropertiesException; 041 import org.opends.server.admin.client.OperationRejectedException; 042 import org.opends.server.admin.DefaultBehaviorProvider; 043 import org.opends.server.admin.DefinedDefaultBehaviorProvider; 044 import org.opends.server.admin.ManagedObjectAlreadyExistsException; 045 import org.opends.server.admin.ManagedObjectDefinition; 046 import org.opends.server.admin.PropertyOption; 047 import org.opends.server.admin.PropertyProvider; 048 import org.opends.server.admin.server.ConfigurationChangeListener; 049 import org.opends.server.admin.server.ServerManagedObject; 050 import org.opends.server.admin.std.client.GSSAPISASLMechanismHandlerCfgClient; 051 import org.opends.server.admin.std.client.IdentityMapperCfgClient; 052 import org.opends.server.admin.std.server.GSSAPISASLMechanismHandlerCfg; 053 import org.opends.server.admin.std.server.IdentityMapperCfg; 054 import org.opends.server.admin.std.server.SASLMechanismHandlerCfg; 055 import org.opends.server.admin.StringPropertyDefinition; 056 import org.opends.server.admin.Tag; 057 import org.opends.server.admin.UndefinedDefaultBehaviorProvider; 058 import org.opends.server.types.DN; 059 060 061 062 /** 063 * An interface for querying the GSSAPI SASL Mechanism Handler managed 064 * object definition meta information. 065 * <p> 066 * The GSSAPI SASL mechanism performs all processing related to SASL 067 * GSSAPI authentication using Kerberos V5. 068 */ 069 public final class GSSAPISASLMechanismHandlerCfgDefn extends ManagedObjectDefinition<GSSAPISASLMechanismHandlerCfgClient, GSSAPISASLMechanismHandlerCfg> { 070 071 // The singleton configuration definition instance. 072 private static final GSSAPISASLMechanismHandlerCfgDefn INSTANCE = new GSSAPISASLMechanismHandlerCfgDefn(); 073 074 075 076 // The "identity-mapper" property definition. 077 private static final AggregationPropertyDefinition<IdentityMapperCfgClient, IdentityMapperCfg> PD_IDENTITY_MAPPER; 078 079 080 081 // The "java-class" property definition. 082 private static final ClassPropertyDefinition PD_JAVA_CLASS; 083 084 085 086 // The "kdc-address" property definition. 087 private static final StringPropertyDefinition PD_KDC_ADDRESS; 088 089 090 091 // The "keytab" property definition. 092 private static final StringPropertyDefinition PD_KEYTAB; 093 094 095 096 // The "realm" property definition. 097 private static final StringPropertyDefinition PD_REALM; 098 099 100 101 // The "server-fqdn" property definition. 102 private static final StringPropertyDefinition PD_SERVER_FQDN; 103 104 105 106 // Build the "identity-mapper" property definition. 107 static { 108 AggregationPropertyDefinition.Builder<IdentityMapperCfgClient, IdentityMapperCfg> builder = AggregationPropertyDefinition.createBuilder(INSTANCE, "identity-mapper"); 109 builder.setOption(PropertyOption.MANDATORY); 110 builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "identity-mapper")); 111 builder.setDefaultBehaviorProvider(new UndefinedDefaultBehaviorProvider<String>()); 112 builder.setParentPath("/"); 113 builder.setRelationDefinition("identity-mapper"); 114 PD_IDENTITY_MAPPER = builder.getInstance(); 115 INSTANCE.registerPropertyDefinition(PD_IDENTITY_MAPPER); 116 INSTANCE.registerConstraint(PD_IDENTITY_MAPPER.getSourceConstraint()); 117 } 118 119 120 121 // Build the "java-class" property definition. 122 static { 123 ClassPropertyDefinition.Builder builder = ClassPropertyDefinition.createBuilder(INSTANCE, "java-class"); 124 builder.setOption(PropertyOption.MANDATORY); 125 builder.setOption(PropertyOption.ADVANCED); 126 builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.COMPONENT_RESTART, INSTANCE, "java-class")); 127 DefaultBehaviorProvider<String> provider = new DefinedDefaultBehaviorProvider<String>("org.opends.server.extensions.GSSAPISASLMechanismHandler"); 128 builder.setDefaultBehaviorProvider(provider); 129 builder.addInstanceOf("org.opends.server.api.SASLMechanismHandler"); 130 PD_JAVA_CLASS = builder.getInstance(); 131 INSTANCE.registerPropertyDefinition(PD_JAVA_CLASS); 132 } 133 134 135 136 // Build the "kdc-address" property definition. 137 static { 138 StringPropertyDefinition.Builder builder = StringPropertyDefinition.createBuilder(INSTANCE, "kdc-address"); 139 builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "kdc-address")); 140 builder.setDefaultBehaviorProvider(new AliasDefaultBehaviorProvider<String>(INSTANCE, "kdc-address")); 141 PD_KDC_ADDRESS = builder.getInstance(); 142 INSTANCE.registerPropertyDefinition(PD_KDC_ADDRESS); 143 } 144 145 146 147 // Build the "keytab" property definition. 148 static { 149 StringPropertyDefinition.Builder builder = StringPropertyDefinition.createBuilder(INSTANCE, "keytab"); 150 builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "keytab")); 151 builder.setDefaultBehaviorProvider(new AliasDefaultBehaviorProvider<String>(INSTANCE, "keytab")); 152 PD_KEYTAB = builder.getInstance(); 153 INSTANCE.registerPropertyDefinition(PD_KEYTAB); 154 } 155 156 157 158 // Build the "realm" property definition. 159 static { 160 StringPropertyDefinition.Builder builder = StringPropertyDefinition.createBuilder(INSTANCE, "realm"); 161 builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "realm")); 162 builder.setDefaultBehaviorProvider(new AliasDefaultBehaviorProvider<String>(INSTANCE, "realm")); 163 PD_REALM = builder.getInstance(); 164 INSTANCE.registerPropertyDefinition(PD_REALM); 165 } 166 167 168 169 // Build the "server-fqdn" property definition. 170 static { 171 StringPropertyDefinition.Builder builder = StringPropertyDefinition.createBuilder(INSTANCE, "server-fqdn"); 172 builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "server-fqdn")); 173 builder.setDefaultBehaviorProvider(new AliasDefaultBehaviorProvider<String>(INSTANCE, "server-fqdn")); 174 PD_SERVER_FQDN = builder.getInstance(); 175 INSTANCE.registerPropertyDefinition(PD_SERVER_FQDN); 176 } 177 178 179 180 // Register the tags associated with this managed object definition. 181 static { 182 INSTANCE.registerTag(Tag.valueOf("security")); 183 } 184 185 186 187 /** 188 * Get the GSSAPI SASL Mechanism Handler configuration definition 189 * singleton. 190 * 191 * @return Returns the GSSAPI SASL Mechanism Handler configuration 192 * definition singleton. 193 */ 194 public static GSSAPISASLMechanismHandlerCfgDefn getInstance() { 195 return INSTANCE; 196 } 197 198 199 200 /** 201 * Private constructor. 202 */ 203 private GSSAPISASLMechanismHandlerCfgDefn() { 204 super("gssapi-sasl-mechanism-handler", SASLMechanismHandlerCfgDefn.getInstance()); 205 } 206 207 208 209 /** 210 * {@inheritDoc} 211 */ 212 public GSSAPISASLMechanismHandlerCfgClient createClientConfiguration( 213 ManagedObject<? extends GSSAPISASLMechanismHandlerCfgClient> impl) { 214 return new GSSAPISASLMechanismHandlerCfgClientImpl(impl); 215 } 216 217 218 219 /** 220 * {@inheritDoc} 221 */ 222 public GSSAPISASLMechanismHandlerCfg createServerConfiguration( 223 ServerManagedObject<? extends GSSAPISASLMechanismHandlerCfg> impl) { 224 return new GSSAPISASLMechanismHandlerCfgServerImpl(impl); 225 } 226 227 228 229 /** 230 * {@inheritDoc} 231 */ 232 public Class<GSSAPISASLMechanismHandlerCfg> getServerConfigurationClass() { 233 return GSSAPISASLMechanismHandlerCfg.class; 234 } 235 236 237 238 /** 239 * Get the "enabled" property definition. 240 * <p> 241 * Indicates whether the SASL mechanism handler is enabled for use. 242 * 243 * @return Returns the "enabled" property definition. 244 */ 245 public BooleanPropertyDefinition getEnabledPropertyDefinition() { 246 return SASLMechanismHandlerCfgDefn.getInstance().getEnabledPropertyDefinition(); 247 } 248 249 250 251 /** 252 * Get the "identity-mapper" property definition. 253 * <p> 254 * Specifies the name of the identity mapper that is to be used with 255 * this SASL mechanism handler to match the Kerberos principal 256 * included in the SASL bind request to the corresponding user in the 257 * directory. 258 * 259 * @return Returns the "identity-mapper" property definition. 260 */ 261 public AggregationPropertyDefinition<IdentityMapperCfgClient, IdentityMapperCfg> getIdentityMapperPropertyDefinition() { 262 return PD_IDENTITY_MAPPER; 263 } 264 265 266 267 /** 268 * Get the "java-class" property definition. 269 * <p> 270 * Specifies the fully-qualified name of the Java class that 271 * provides the SASL mechanism handler implementation. 272 * 273 * @return Returns the "java-class" property definition. 274 */ 275 public ClassPropertyDefinition getJavaClassPropertyDefinition() { 276 return PD_JAVA_CLASS; 277 } 278 279 280 281 /** 282 * Get the "kdc-address" property definition. 283 * <p> 284 * Specifies the address of the KDC that is to be used for Kerberos 285 * processing. 286 * <p> 287 * If provided, this property must be a fully-qualified 288 * DNS-resolvable name. If this property is not provided, then the 289 * server attempts to determine it from the system-wide Kerberos 290 * configuration. 291 * 292 * @return Returns the "kdc-address" property definition. 293 */ 294 public StringPropertyDefinition getKdcAddressPropertyDefinition() { 295 return PD_KDC_ADDRESS; 296 } 297 298 299 300 /** 301 * Get the "keytab" property definition. 302 * <p> 303 * Specifies the path to the keytab file that should be used for 304 * Kerberos processing. 305 * <p> 306 * If provided, this is either an absolute path or one that is 307 * relative to the server instance root. 308 * 309 * @return Returns the "keytab" property definition. 310 */ 311 public StringPropertyDefinition getKeytabPropertyDefinition() { 312 return PD_KEYTAB; 313 } 314 315 316 317 /** 318 * Get the "realm" property definition. 319 * <p> 320 * Specifies the realm to be used for GSSAPI authentication. 321 * 322 * @return Returns the "realm" property definition. 323 */ 324 public StringPropertyDefinition getRealmPropertyDefinition() { 325 return PD_REALM; 326 } 327 328 329 330 /** 331 * Get the "server-fqdn" property definition. 332 * <p> 333 * Specifies the DNS-resolvable fully-qualified domain name for the 334 * system. 335 * 336 * @return Returns the "server-fqdn" property definition. 337 */ 338 public StringPropertyDefinition getServerFqdnPropertyDefinition() { 339 return PD_SERVER_FQDN; 340 } 341 342 343 344 /** 345 * Managed object client implementation. 346 */ 347 private static class GSSAPISASLMechanismHandlerCfgClientImpl implements 348 GSSAPISASLMechanismHandlerCfgClient { 349 350 // Private implementation. 351 private ManagedObject<? extends GSSAPISASLMechanismHandlerCfgClient> impl; 352 353 354 355 // Private constructor. 356 private GSSAPISASLMechanismHandlerCfgClientImpl( 357 ManagedObject<? extends GSSAPISASLMechanismHandlerCfgClient> impl) { 358 this.impl = impl; 359 } 360 361 362 363 /** 364 * {@inheritDoc} 365 */ 366 public Boolean isEnabled() { 367 return impl.getPropertyValue(INSTANCE.getEnabledPropertyDefinition()); 368 } 369 370 371 372 /** 373 * {@inheritDoc} 374 */ 375 public void setEnabled(boolean value) { 376 impl.setPropertyValue(INSTANCE.getEnabledPropertyDefinition(), value); 377 } 378 379 380 381 /** 382 * {@inheritDoc} 383 */ 384 public String getIdentityMapper() { 385 return impl.getPropertyValue(INSTANCE.getIdentityMapperPropertyDefinition()); 386 } 387 388 389 390 /** 391 * {@inheritDoc} 392 */ 393 public void setIdentityMapper(String value) { 394 impl.setPropertyValue(INSTANCE.getIdentityMapperPropertyDefinition(), value); 395 } 396 397 398 399 /** 400 * {@inheritDoc} 401 */ 402 public String getJavaClass() { 403 return impl.getPropertyValue(INSTANCE.getJavaClassPropertyDefinition()); 404 } 405 406 407 408 /** 409 * {@inheritDoc} 410 */ 411 public void setJavaClass(String value) { 412 impl.setPropertyValue(INSTANCE.getJavaClassPropertyDefinition(), value); 413 } 414 415 416 417 /** 418 * {@inheritDoc} 419 */ 420 public String getKdcAddress() { 421 return impl.getPropertyValue(INSTANCE.getKdcAddressPropertyDefinition()); 422 } 423 424 425 426 /** 427 * {@inheritDoc} 428 */ 429 public void setKdcAddress(String value) { 430 impl.setPropertyValue(INSTANCE.getKdcAddressPropertyDefinition(), value); 431 } 432 433 434 435 /** 436 * {@inheritDoc} 437 */ 438 public String getKeytab() { 439 return impl.getPropertyValue(INSTANCE.getKeytabPropertyDefinition()); 440 } 441 442 443 444 /** 445 * {@inheritDoc} 446 */ 447 public void setKeytab(String value) { 448 impl.setPropertyValue(INSTANCE.getKeytabPropertyDefinition(), value); 449 } 450 451 452 453 /** 454 * {@inheritDoc} 455 */ 456 public String getRealm() { 457 return impl.getPropertyValue(INSTANCE.getRealmPropertyDefinition()); 458 } 459 460 461 462 /** 463 * {@inheritDoc} 464 */ 465 public void setRealm(String value) { 466 impl.setPropertyValue(INSTANCE.getRealmPropertyDefinition(), value); 467 } 468 469 470 471 /** 472 * {@inheritDoc} 473 */ 474 public String getServerFqdn() { 475 return impl.getPropertyValue(INSTANCE.getServerFqdnPropertyDefinition()); 476 } 477 478 479 480 /** 481 * {@inheritDoc} 482 */ 483 public void setServerFqdn(String value) { 484 impl.setPropertyValue(INSTANCE.getServerFqdnPropertyDefinition(), value); 485 } 486 487 488 489 /** 490 * {@inheritDoc} 491 */ 492 public ManagedObjectDefinition<? extends GSSAPISASLMechanismHandlerCfgClient, ? extends GSSAPISASLMechanismHandlerCfg> definition() { 493 return INSTANCE; 494 } 495 496 497 498 /** 499 * {@inheritDoc} 500 */ 501 public PropertyProvider properties() { 502 return impl; 503 } 504 505 506 507 /** 508 * {@inheritDoc} 509 */ 510 public void commit() throws ManagedObjectAlreadyExistsException, 511 MissingMandatoryPropertiesException, ConcurrentModificationException, 512 OperationRejectedException, AuthorizationException, 513 CommunicationException { 514 impl.commit(); 515 } 516 517 } 518 519 520 521 /** 522 * Managed object server implementation. 523 */ 524 private static class GSSAPISASLMechanismHandlerCfgServerImpl implements 525 GSSAPISASLMechanismHandlerCfg { 526 527 // Private implementation. 528 private ServerManagedObject<? extends GSSAPISASLMechanismHandlerCfg> impl; 529 530 // The value of the "enabled" property. 531 private final boolean pEnabled; 532 533 // The value of the "identity-mapper" property. 534 private final String pIdentityMapper; 535 536 // The value of the "java-class" property. 537 private final String pJavaClass; 538 539 // The value of the "kdc-address" property. 540 private final String pKdcAddress; 541 542 // The value of the "keytab" property. 543 private final String pKeytab; 544 545 // The value of the "realm" property. 546 private final String pRealm; 547 548 // The value of the "server-fqdn" property. 549 private final String pServerFqdn; 550 551 552 553 // Private constructor. 554 private GSSAPISASLMechanismHandlerCfgServerImpl(ServerManagedObject<? extends GSSAPISASLMechanismHandlerCfg> impl) { 555 this.impl = impl; 556 this.pEnabled = impl.getPropertyValue(INSTANCE.getEnabledPropertyDefinition()); 557 this.pIdentityMapper = impl.getPropertyValue(INSTANCE.getIdentityMapperPropertyDefinition()); 558 this.pJavaClass = impl.getPropertyValue(INSTANCE.getJavaClassPropertyDefinition()); 559 this.pKdcAddress = impl.getPropertyValue(INSTANCE.getKdcAddressPropertyDefinition()); 560 this.pKeytab = impl.getPropertyValue(INSTANCE.getKeytabPropertyDefinition()); 561 this.pRealm = impl.getPropertyValue(INSTANCE.getRealmPropertyDefinition()); 562 this.pServerFqdn = impl.getPropertyValue(INSTANCE.getServerFqdnPropertyDefinition()); 563 } 564 565 566 567 /** 568 * {@inheritDoc} 569 */ 570 public void addGSSAPIChangeListener( 571 ConfigurationChangeListener<GSSAPISASLMechanismHandlerCfg> listener) { 572 impl.registerChangeListener(listener); 573 } 574 575 576 577 /** 578 * {@inheritDoc} 579 */ 580 public void removeGSSAPIChangeListener( 581 ConfigurationChangeListener<GSSAPISASLMechanismHandlerCfg> listener) { 582 impl.deregisterChangeListener(listener); 583 } 584 /** 585 * {@inheritDoc} 586 */ 587 public void addChangeListener( 588 ConfigurationChangeListener<SASLMechanismHandlerCfg> listener) { 589 impl.registerChangeListener(listener); 590 } 591 592 593 594 /** 595 * {@inheritDoc} 596 */ 597 public void removeChangeListener( 598 ConfigurationChangeListener<SASLMechanismHandlerCfg> listener) { 599 impl.deregisterChangeListener(listener); 600 } 601 602 603 604 /** 605 * {@inheritDoc} 606 */ 607 public boolean isEnabled() { 608 return pEnabled; 609 } 610 611 612 613 /** 614 * {@inheritDoc} 615 */ 616 public String getIdentityMapper() { 617 return pIdentityMapper; 618 } 619 620 621 622 /** 623 * {@inheritDoc} 624 */ 625 public DN getIdentityMapperDN() { 626 String value = getIdentityMapper(); 627 if (value == null) return null; 628 return INSTANCE.getIdentityMapperPropertyDefinition().getChildDN(value); 629 } 630 631 632 633 /** 634 * {@inheritDoc} 635 */ 636 public String getJavaClass() { 637 return pJavaClass; 638 } 639 640 641 642 /** 643 * {@inheritDoc} 644 */ 645 public String getKdcAddress() { 646 return pKdcAddress; 647 } 648 649 650 651 /** 652 * {@inheritDoc} 653 */ 654 public String getKeytab() { 655 return pKeytab; 656 } 657 658 659 660 /** 661 * {@inheritDoc} 662 */ 663 public String getRealm() { 664 return pRealm; 665 } 666 667 668 669 /** 670 * {@inheritDoc} 671 */ 672 public String getServerFqdn() { 673 return pServerFqdn; 674 } 675 676 677 678 /** 679 * {@inheritDoc} 680 */ 681 public Class<? extends GSSAPISASLMechanismHandlerCfg> configurationClass() { 682 return GSSAPISASLMechanismHandlerCfg.class; 683 } 684 685 686 687 /** 688 * {@inheritDoc} 689 */ 690 public DN dn() { 691 return impl.getDN(); 692 } 693 694 } 695 }