}
// roles
Node ndRoles = (Node) xpath.evaluate("roles", ndSimple, XPathConstants.NODE);
if (ndRoles != null) {
Roles roles = idConfig.getConfiguredRoles();
NodeList nlRoles = (NodeList) xpath.evaluate("role", ndRoles, XPathConstants.NODESET);
for (int i = 0; i < nlRoles.getLength(); i++) {
Node ndRole = nlRoles.item(i);
Role role = new Role();
role.setKey(xpath.evaluate("@key", ndRole));
roles.add(role);
}
for (Role role : roles.values()) {
role.buildFullRoleSet(roles);
}
}
}
// LDAP adapter configuration
if (ndLdap != null) {
// connection properties & service account
Node ndCon = (Node) xpath.evaluate("ldapConnectionProperties", ndLdap,
XPathConstants.NODE);
if (ndCon != null) {
LdapConnectionProperties props = ldapConfig.getConnectionProperties();
props.setProviderUrl(xpath.evaluate("@providerURL", ndCon));
props.setInitialContextFactoryName(xpath.evaluate(
"@initialContextFactoryName", ndCon));
props.setSecurityAuthenticationLevel(xpath.evaluate(
"@securityAuthentication", ndCon));
props.setSecurityProtocol(xpath.evaluate("@securityProtocol", ndCon));
Node ndService = (Node) xpath.evaluate("ldapServiceAccount", ndCon, XPathConstants.NODE);
if (ndService != null) {
String sUser = xpath.evaluate("@securityPrincipal", ndService);
String sPwd = xpath.evaluate("@securityCredentials", ndService);
boolean bEncrypted = Val.chkBool(xpath.evaluate("@encrypted", ndService), false);
if (bEncrypted) {
try {
String sDecrypted = PC1_Encryptor.decrypt(sPwd);
sPwd = sDecrypted;
} catch (Exception e) {
this.getLogger().log(Level.SEVERE, "The securityCredentials failed to decrypt.", e);
}
}
UsernamePasswordCredentials creds = new UsernamePasswordCredentials(sUser, sPwd);
props.setServiceAccountCredentials(creds);
idConfig.setCatalogAdminDN(xpath.evaluate("@catalogAdminDN", ndService));
}
}
// single sign-on mechanism
Node ndSSO = (Node) xpath.evaluate("singleSignOn", ndLdap,
XPathConstants.NODE);
if (ndSSO != null) {
SingleSignOnMechanism sso = idConfig.getSingleSignOnMechanism();
sso.setActive(Val.chkBool(xpath.evaluate("@active", ndSSO), false));
sso.setCredentialLocation(xpath.evaluate("@credentialLocation", ndSSO));
sso.setAnonymousValue(xpath.evaluate("@anonymousValue", ndSSO));
}
// self care support
Node ndSupport = (Node) xpath.evaluate("selfCareSupport", ndLdap,
XPathConstants.NODE);
if (ndSupport != null) {
IdentitySupport support = idConfig.getSupportedFunctions();
support.setSupportsLogin(Val.chkBool(xpath.evaluate("@supportsLogin",
ndSupport), true));
support.setSupportsLogout(Val.chkBool(xpath.evaluate("@supportsLogout",
ndSupport), true));
support.setSupportsUserRegistration(Val.chkBool(xpath.evaluate(
"@supportsUserRegistration", ndSupport), false));
support.setSupportsUserProfileManagement(Val.chkBool(xpath.evaluate(
"@supportsUserProfileManagement", ndSupport), false));
support.setSupportsPasswordChange(Val.chkBool(xpath.evaluate(
"@supportsPasswordChange", ndSupport), false));
support.setSupportsPasswordRecovery(Val.chkBool(xpath.evaluate(
"@supportsPasswordRecovery", ndSupport), false));
}
// roles
Node ndRoles = (Node) xpath.evaluate("roles", ndLdap, XPathConstants.NODE);
if (ndRoles != null) {
Roles roles = idConfig.getConfiguredRoles();
String sRegUserKey = Val.chkStr(xpath.evaluate("@registeredUserRoleKey",
ndRoles));
if (sRegUserKey.length() == 0) {
sRegUserKey = "gptRegisteredUser";
}
roles.setAuthenticatedUserRequiresRole(Val.chkBool(xpath.evaluate(
"@authenticatedUserRequiresRole", ndRoles), true));
roles.setRegisteredUserRoleKey(sRegUserKey);
NodeList nlRoles = (NodeList) xpath.evaluate("role", ndRoles,
XPathConstants.NODESET);
for (int i = 0; i < nlRoles.getLength(); i++) {
Node ndRole = nlRoles.item(i);
Role role = new Role();
role.setKey(xpath.evaluate("@key", ndRole));
role.setInherits(xpath.evaluate("@inherits", ndRole));
role.setResKey(xpath.evaluate("@resKey", ndRole));
role.setManage(Val.chkBool(xpath.evaluate("@manage", ndRole),true));
role.setForbidden(Val.chkBool(xpath.evaluate("@forbidden", ndRole),false));
role.setDistinguishedName(xpath.evaluate("@groupDN", ndRole));
roles.add(role);
}
for (Role role : roles.values()) {
role.buildFullRoleSet(roles);
}
}
// user properties