org.gluu.credmanager.core.ConfigurationHandler の継承関係図

org.gluu.credmanager.core.ConfigurationHandler 連携図

公開メンバ関数
MainSettings	getSettings ()

Set< String >	retrieveAcrs ()

String	getName ()

void	jobToBeExecuted (JobExecutionContext context)

AppStateEnum	getAppState ()

Map< String, Integer >	getAcrLevelMapping ()

Set< String >	getEnabledAcrs ()

静的公開変数類
static final Pair< Integer, Integer >	BOUNDS_MINCREDS_2FA = new Pair<>(1, 3)

static final String	DEFAULT_ACR = "credmanager"

static final List< String >	DEFAULT_SUPPORTED_METHODS = Arrays.asList("u2f", "otp", "super_gluu", "twilio_sms")

関数
void	init ()

非公開メンバ関数
void	inited ()

void	initDevicesSweeper ()

void	setAppState (AppStateEnum state)

void	computeLoggingLevel ()

void	computeMinCredsForStrongAuth ()

void	computeBrandingPath ()

void	computePassResetable ()

void	compute2FAEnforcementPolicy ()

void	refreshAcrPluginMapping ()

非公開変数類
Logger	logger

MainSettings	settings

LdapService	ldapService

OxdService	oxdService

EventBus	eventBus

ExtensionsManager	extManager

TimerService	timerService

LogService	logService

TrustedDevicesSweeper	devicesSweeper

AuthnScriptsReloader	scriptsReloader

Set< String >	serverAcrs

String	acrQuartzJobName

ObjectMapper	mapper

AppStateEnum	appState

静的非公開変数類
static final int	RETRIES = 15

static final int	RETRY_INTERVAL = 20

static final int	TRUSTED_DEVICE_EXPIRATION_DAYS = 30

static final int	TRUSTED_LOCATION_EXPIRATION_DAYS = 15

詳解

著者: jgomer

関数詳解

◆ compute2FAEnforcementPolicy()

void org.gluu.credmanager.core.ConfigurationHandler.compute2FAEnforcementPolicy ( )

inlineprivate

                                                {
         if (Utils.isEmpty(settings.getEnforcement2FA())) {
             settings.setEnforcement2FA(Collections.singletonList(EnforcementPolicy.EVERY_LOGIN));
         }
     }

◆ computeBrandingPath()

void org.gluu.credmanager.core.ConfigurationHandler.computeBrandingPath ( )

inlineprivate

                                        {
 
         String path = settings.getBrandingPath();
         try {
             if (Utils.isNotEmpty(path) && !Files.isDirectory(Paths.get(path))) {
                 throw new IOException("Not a directory");
             }
         } catch (Exception e) {
             logger.error("Filesystem directory {} for custom branding is wrong. Using default theme", path);
             logger.error(e.getMessage(), e);
             settings.setBrandingPath(null);
         }
 
     }

◆ computeLoggingLevel()

void org.gluu.credmanager.core.ConfigurationHandler.computeLoggingLevel ( )

inlineprivate

                                        {
         settings.setLogLevel(logService.updateLoggingLevel(settings.getLogLevel()));
     }

◆ computeMinCredsForStrongAuth()

void org.gluu.credmanager.core.ConfigurationHandler.computeMinCredsForStrongAuth ( )

inlineprivate

                                                 {
 
         int defaultValue = (BOUNDS_MINCREDS_2FA.getX() + BOUNDS_MINCREDS_2FA.getY()) / 2;
         Integer providedValue = settings.getMinCredsFor2FA();
 
         if (providedValue == null) {
             logger.info("Using default value {} for minimum number of credentials to enable strong authentication");
             settings.setMinCredsFor2FA(defaultValue);
         } else {
             if (providedValue < BOUNDS_MINCREDS_2FA.getX() || providedValue > BOUNDS_MINCREDS_2FA.getY()) {
                 logger.info("Value for min_creds_2FA={} not in interval [{},{}]. Defaulting to {}", providedValue,
                         BOUNDS_MINCREDS_2FA.getX(), BOUNDS_MINCREDS_2FA.getY(), defaultValue);
                 settings.setMinCredsFor2FA(defaultValue);
             }
         }
 
     }

◆ computePassResetable()

void org.gluu.credmanager.core.ConfigurationHandler.computePassResetable ( )

inlineprivate

                                         {
 
         if (settings.isEnablePassReset() && ldapService.isBackendLdapEnabled()) {
             logger.error("Pass reset set automatically to false. Check if you are using a backend LDAP");
             settings.setEnablePassReset(false);
         }
 
     }

◆ getAcrLevelMapping()

Map<String, Integer> org.gluu.credmanager.core.ConfigurationHandler.getAcrLevelMapping ( )

inline

                                                      {
 
         Map<String, Integer> map = new HashMap<>();
         try {
             String oidcEndpointURL = ldapService.getOIDCEndpoint();
             JsonNode levels = mapper.readTree(new URL(oidcEndpointURL)).get("auth_level_mapping");
             Iterator<Map.Entry<String, JsonNode>> it = levels.fields();
 
             while (it.hasNext()) {
                 Map.Entry<String, JsonNode> entry = it.next();
                 try {
                     Integer levl = Integer.parseInt(entry.getKey());
                     Iterator<JsonNode> arrayIt = entry.getValue().elements();
                     while (arrayIt.hasNext()) {
                         map.put(arrayIt.next().asText(), levl);
                     }
                 } catch (Exception e) {
                     logger.error("Error parsing level for {}: {}", entry.getKey(), e.getMessage());
                 }
             }
         } catch (Exception e) {
             logger.error(e.getMessage(), e);
         }
         return map;
 
     }

◆ getAppState()

AppStateEnum org.gluu.credmanager.core.ConfigurationHandler.getAppState ( )

inline

                                       {
         return appState;
     }

◆ getEnabledAcrs()

Set<String> org.gluu.credmanager.core.ConfigurationHandler.getEnabledAcrs ( )

inline

                                         {
         Set<String> plugged = new HashSet<>(settings.getAcrPluginMap().keySet());
         plugged.retainAll(retrieveAcrs());
         return plugged;
     }

◆ getName()

String org.gluu.credmanager.core.ConfigurationHandler.getName ( )

inline

                             {
         return acrQuartzJobName;
     }

◆ getSettings()

MainSettings org.gluu.credmanager.core.ConfigurationHandler.getSettings ( )

inline

                                       {
         return settings;
     }

◆ init()

void org.gluu.credmanager.core.ConfigurationHandler.init ( )

inlinepackage

                 {
 
         try {
             //Update log level
             computeLoggingLevel();
             //Check LDAP access to proceed with acr timer
             if (ldapService.isInService()) {
                 setAppState(AppStateEnum.LOADING);
 
                 //This is a trick so the timer event logic can be coded inside this managed bean
                 timerService.addListener(this, acrQuartzJobName);
                 /*
                  A gap of 5 seconds is enough for the RestEasy scanning process to take place (in case oxAuth is already up and running)
                  RETRIES*RETRY_INTERVAL seconds gives room to recover the acr list. This big amount of time may be required
                  in cases where cred-manager service starts too soon (even before oxAuth itself)
                 */
                 timerService.schedule(acrQuartzJobName, 5, RETRIES, RETRY_INTERVAL);
             } else {
                 setAppState(AppStateEnum.FAIL);
             }
         } catch (Exception e) {
             setAppState(AppStateEnum.FAIL);
             logger.error(e.getMessage(), e);
         }
 
     }

◆ initDevicesSweeper()

void org.gluu.credmanager.core.ConfigurationHandler.initDevicesSweeper ( )

inlineprivate

                                       {
 
         TrustedDevicesSettings tsettings = settings.getTrustedDevicesSettings();
 
         long devicesExpiration = TimeUnit.DAYS.toMillis(Optional.ofNullable(tsettings)
                 .map(TrustedDevicesSettings::getDeviceExpirationDays).orElse(TRUSTED_DEVICE_EXPIRATION_DAYS));
 
         long locationExpiration = TimeUnit.DAYS.toMillis(Optional.ofNullable(tsettings)
                 .map(TrustedDevicesSettings::getLocationExpirationDays).orElse(TRUSTED_LOCATION_EXPIRATION_DAYS));
 
         devicesSweeper.activate(locationExpiration, devicesExpiration);
 
     }

◆ inited()

void org.gluu.credmanager.core.ConfigurationHandler.inited ( )

inlineprivate

                           {
         logger.info("ConfigurationHandler inited");
         mapper = new ObjectMapper();
         acrQuartzJobName = getClass().getSimpleName() + "_acr";
     }

◆ jobToBeExecuted()

void org.gluu.credmanager.core.ConfigurationHandler.jobToBeExecuted ( JobExecutionContext context )

inline

                                                              {
 
         try {
             if (serverAcrs == null) {
                 Date nextJobExecutionAt = context.getNextFireTime();
                 //Do an attempt to retrieve acrs
                 retrieveAcrs();
 
                 if (serverAcrs == null) {
                     if (nextJobExecutionAt == null) {     //Run out of attempts!
                         logger.warn("The list of supported acrs could not be obtained.");
                         setAppState(AppStateEnum.FAIL);
                     } else {
                         logger.warn("Retrying in {} seconds", RETRY_INTERVAL);
                     }
                 } else {
                     //TODO: uncomment this block for production
                     /*
                     //This is required to guarantee the list of acrs is really complete (after oxauth starts, the list
                     //can still contain just a few elements)
                     Thread.sleep(RETRIES * RETRY_INTERVAL * 100);
                     logger.debug("Additional attempt");
                     retrieveAcrs();
                     */
                     if (serverAcrs.contains(DEFAULT_ACR)) {
                         computeBrandingPath();
                         computeMinCredsForStrongAuth();
                         computePassResetable();
                         compute2FAEnforcementPolicy();
 
                         extManager.scan();
                         if (oxdService.initialize()) {
                             setAppState(AppStateEnum.OPERATING);
                             refreshAcrPluginMapping();
                             //TODO: uncomment
                             //scriptsReloader.init();
                             //initDevicesSweeper();
                             logger.info("=== WEBAPP INITIALIZED SUCCESSFULLY ===");
                         } else {
                             logger.warn("oxd configuration could not be initialized.");
                             setAppState(AppStateEnum.FAIL);
                         }
                     } else {
                         logger.error("Your Gluu server is missing one critical acr value: {}.", DEFAULT_ACR);
                         setAppState(AppStateEnum.FAIL);
                     }
                 }
                 if (appState.equals(AppStateEnum.FAIL)) {
                     logger.error("Application not in operable state, please fix configuration issues before proceeding.");
                     logger.info("=== WEBAPP INITIALIZATION FAILED ===");
                 }
             }
         } catch (Exception e) {
             if (!appState.equals(AppStateEnum.OPERATING)) {
                 logger.error(e.getMessage(), e);
             }
         }
 
     }

◆ refreshAcrPluginMapping()

void org.gluu.credmanager.core.ConfigurationHandler.refreshAcrPluginMapping ( )

inlineprivate

                                            {
 
         Map<String, String> mapping = settings.getAcrPluginMap();
 
         if (Utils.isEmpty(mapping)) {
             Set<String> acrs = extManager.getAuthnMethodExts().stream().map(AuthnMethod::getAcr).collect(Collectors.toSet());
             acrs.addAll(DEFAULT_SUPPORTED_METHODS);
 
             //Try to build the map by inspecting system extensions
             mapping = new HashMap<>();
             for (String acr : acrs) {
                 if (extManager.pluginImplementsAuthnMethod(acr, null)) {
                     mapping.put(acr, null);
                 }
             }
             settings.setAcrPluginMap(mapping);
         } else {
             Map<String, String> newMap = new HashMap<>();
             for (String acr : mapping.keySet()) {
                 //Is there a current runtime impl for this acr?
                 String plugId = mapping.get(acr);
                 if (extManager.pluginImplementsAuthnMethod(acr, plugId)) {
                     newMap.put(acr, plugId);
                 } else {
                     if (plugId == null) {
                         logger.warn("There is no system extension that can work with acr '{}'", acr);
                     } else {
                         logger.warn("Plugin {} does not have extensions that can work with acr '{}' or plugin does not exist", plugId, acr);
                     }
                     logger.warn("acr removed from configuration file...");
                 }
             }
             settings.setAcrPluginMap(newMap);
             try {
                 settings.save();
             } catch (Exception e) {
                 logger.error(e.getMessage(), e);
             }
         }
 
     }

◆ retrieveAcrs()

Set<String> org.gluu.credmanager.core.ConfigurationHandler.retrieveAcrs ( )

inline

Performs a GET to the OIDC metadata URL and extracts the ACR values supported by the server

戻り値: A Set of String values

例外

Exception If an networking or parsing error occurs

                                       {
 
         try {
             String oidcEndpointURL = ldapService.getOIDCEndpoint();
             logger.debug("Obtaining \"acr_values_supported\" from server {}", oidcEndpointURL);
             JsonNode values = mapper.readTree(new URL(oidcEndpointURL)).get("acr_values_supported");
 
             //Store server's supported acr values in a set
             serverAcrs = new HashSet<>();
             values.forEach(node -> serverAcrs.add(node.asText()));
         } catch (Exception e) {
             logger.error("Could not retrieve the list of acrs supported by this server: {}", e.getMessage());
         }
         return serverAcrs;
 
     }

◆ setAppState()

void org.gluu.credmanager.core.ConfigurationHandler.setAppState ( AppStateEnum state )

inlineprivate

                                                  {
 
         if (!state.equals(appState)) {
             eventBus.post(new AppStateChangeEvent(state));
         }
         appState = state;
 
     }

メンバ詳解

◆ acrQuartzJobName

String org.gluu.credmanager.core.ConfigurationHandler.acrQuartzJobName

private

◆ appState

AppStateEnum org.gluu.credmanager.core.ConfigurationHandler.appState

private

◆ BOUNDS_MINCREDS_2FA

final Pair<Integer, Integer> org.gluu.credmanager.core.ConfigurationHandler.BOUNDS_MINCREDS_2FA = new Pair<>(1, 3)

static

◆ DEFAULT_ACR

final String org.gluu.credmanager.core.ConfigurationHandler.DEFAULT_ACR = "credmanager"

static

◆ DEFAULT_SUPPORTED_METHODS

final List<String> org.gluu.credmanager.core.ConfigurationHandler.DEFAULT_SUPPORTED_METHODS = Arrays.asList("u2f", "otp", "super_gluu", "twilio_sms")

static

◆ devicesSweeper

TrustedDevicesSweeper org.gluu.credmanager.core.ConfigurationHandler.devicesSweeper

private

◆ eventBus

EventBus org.gluu.credmanager.core.ConfigurationHandler.eventBus

private

◆ extManager

ExtensionsManager org.gluu.credmanager.core.ConfigurationHandler.extManager

private

◆ ldapService

LdapService org.gluu.credmanager.core.ConfigurationHandler.ldapService

private

◆ logger

Logger org.gluu.credmanager.core.ConfigurationHandler.logger

private

◆ logService

LogService org.gluu.credmanager.core.ConfigurationHandler.logService

private

◆ mapper

ObjectMapper org.gluu.credmanager.core.ConfigurationHandler.mapper

private

◆ oxdService

OxdService org.gluu.credmanager.core.ConfigurationHandler.oxdService

private

◆ RETRIES

final int org.gluu.credmanager.core.ConfigurationHandler.RETRIES = 15

staticprivate

◆ RETRY_INTERVAL

final int org.gluu.credmanager.core.ConfigurationHandler.RETRY_INTERVAL = 20

staticprivate

◆ scriptsReloader

AuthnScriptsReloader org.gluu.credmanager.core.ConfigurationHandler.scriptsReloader

private

◆ serverAcrs

Set<String> org.gluu.credmanager.core.ConfigurationHandler.serverAcrs

private

◆ settings

MainSettings org.gluu.credmanager.core.ConfigurationHandler.settings

private

◆ timerService

TimerService org.gluu.credmanager.core.ConfigurationHandler.timerService

private

◆ TRUSTED_DEVICE_EXPIRATION_DAYS

final int org.gluu.credmanager.core.ConfigurationHandler.TRUSTED_DEVICE_EXPIRATION_DAYS = 30

staticprivate

◆ TRUSTED_LOCATION_EXPIRATION_DAYS

final int org.gluu.credmanager.core.ConfigurationHandler.TRUSTED_LOCATION_EXPIRATION_DAYS = 15

staticprivate

このクラス詳解は次のファイルから抽出されました:

D:/AppData/OpenId/gluu/src/cred-manager/app/src/main/java/org/gluu/credmanager/core/ConfigurationHandler.java

公開メンバ関数

静的公開変数類

関数

非公開メンバ関数

非公開変数類

静的非公開変数類

詳解

関数詳解

◆ compute2FAEnforcementPolicy()

◆ computeBrandingPath()

◆ computeLoggingLevel()

◆ computeMinCredsForStrongAuth()

◆ computePassResetable()

◆ getAcrLevelMapping()

◆ getAppState()

◆ getEnabledAcrs()

◆ getName()

◆ getSettings()

◆ init()

◆ initDevicesSweeper()

◆ inited()

◆ jobToBeExecuted()

◆ refreshAcrPluginMapping()

◆ retrieveAcrs()

◆ setAppState()

メンバ詳解

◆ acrQuartzJobName

◆ appState

◆ BOUNDS_MINCREDS_2FA

◆ DEFAULT_ACR

◆ DEFAULT_SUPPORTED_METHODS

◆ devicesSweeper

◆ eventBus

◆ extManager

◆ ldapService

◆ logger

◆ logService

◆ mapper

◆ oxdService

◆ RETRIES

◆ RETRY_INTERVAL

◆ scriptsReloader

◆ serverAcrs

◆ settings

◆ timerService

◆ TRUSTED_DEVICE_EXPIRATION_DAYS

◆ TRUSTED_LOCATION_EXPIRATION_DAYS