From 5984af9f0c6c5f852bc3292d981e0854f44ae802 Mon Sep 17 00:00:00 2001
From: Matthew Swift <matthew.swift@forgerock.com>
Date: Wed, 29 Jun 2016 12:25:42 +0000
Subject: [PATCH] OPENDJ-3173 Upgrade task for new HTTP configuration model
---
opendj-server-legacy/src/main/java/org/opends/server/tools/upgrade/Upgrade.java | 148 +++++++++++++++++++++++++++++++++++++++++++++++++
1 files changed, 148 insertions(+), 0 deletions(-)
diff --git a/opendj-server-legacy/src/main/java/org/opends/server/tools/upgrade/Upgrade.java b/opendj-server-legacy/src/main/java/org/opends/server/tools/upgrade/Upgrade.java
index 48f3fe9..a565408 100644
--- a/opendj-server-legacy/src/main/java/org/opends/server/tools/upgrade/Upgrade.java
+++ b/opendj-server-legacy/src/main/java/org/opends/server/tools/upgrade/Upgrade.java
@@ -591,6 +591,154 @@
register("3.5.0",
restoreCsvDelimiterAttributeTypeInConcatenatedSchemaFile());
+ register("3.5.0",
+ requireConfirmation(INFO_UPGRADE_TASK_CONFIRM_DISABLING_HTTP_CONNECTION_HANDLER.get(), YES,
+ modifyConfigEntry(INFO_UPGRADE_TASK_DISABLING_HTTP_CONNECTION_HANDLER.get(),
+ "(objectclass=ds-cfg-http-connection-handler)",
+ "replace: ds-cfg-enabled",
+ "ds-cfg-enabled: false",
+ "-",
+ "delete: ds-cfg-authentication-required",
+ "-",
+ "delete: ds-cfg-config-file",
+ "-"
+ )
+ ),
+ addConfigEntry(INFO_UPGRADE_TASK_ADDING_DEFAULT_HTTP_ENDPOINTS_AND_AUTH.get(),
+ "dn: cn=HTTP Endpoints,cn=config",
+ "objectClass: top",
+ "objectClass: ds-cfg-branch",
+ "cn: HTTP Endpoints"
+ ),
+ addConfigEntry(
+ "dn: ds-cfg-base-path=/api,cn=HTTP Endpoints,cn=config",
+ "objectClass: top",
+ "objectClass: ds-cfg-http-endpoint",
+ "objectClass: ds-cfg-rest2ldap-endpoint",
+ "ds-cfg-enabled: true",
+ "ds-cfg-java-class: org.opends.server.protocols.http.rest2ldap.Rest2LdapEndpoint",
+ "ds-cfg-base-path: /api",
+ "ds-cfg-config-directory: config/rest2ldap/endpoints/api",
+ "ds-cfg-http-authorization-mechanism: cn=HTTP Basic,cn=HTTP Authorization Mechanisms,cn=config"
+ ),
+ addConfigEntry(
+ "dn: ds-cfg-base-path=/admin,cn=HTTP Endpoints,cn=config",
+ "objectClass: top",
+ "objectClass: ds-cfg-http-endpoint",
+ "objectClass: ds-cfg-admin-endpoint",
+ "ds-cfg-enabled: true",
+ "ds-cfg-base-path: /admin",
+ "ds-cfg-java-class: org.opends.server.protocols.http.rest2ldap.AdminEndpoint",
+ "ds-cfg-http-authorization-mechanism: cn=HTTP Basic,cn=HTTP Authorization Mechanisms,cn=config"
+ ),
+ addConfigEntry(
+ "dn: cn=HTTP Authorization Mechanisms,cn=config",
+ "objectClass: top",
+ "objectClass: ds-cfg-branch",
+ "cn: HTTP Authorizations"
+ ),
+ addConfigEntry(
+ "dn: cn=HTTP Anonymous,cn=HTTP Authorization Mechanisms,cn=config",
+ "objectClass: top",
+ "objectClass: ds-cfg-http-authorization-mechanism",
+ "objectClass: ds-cfg-http-anonymous-authorization-mechanism",
+ "cn: HTTP Anonymous",
+ "ds-cfg-enabled: true",
+ "ds-cfg-java-class: org.opends.server.protocols.http.authz.HttpAnonymousAuthorizationMechanism"
+ ),
+ addConfigEntry(
+ "dn: cn=HTTP Basic,cn=HTTP Authorization Mechanisms,cn=config",
+ "objectClass: top",
+ "objectClass: ds-cfg-http-authorization-mechanism",
+ "objectClass: ds-cfg-http-basic-authorization-mechanism",
+ "cn: HTTP Basic",
+ "ds-cfg-java-class: org.opends.server.protocols.http.authz.HttpBasicAuthorizationMechanism",
+ "ds-cfg-enabled: true",
+ "ds-cfg-http-basic-alt-authentication-enabled: true",
+ "ds-cfg-http-basic-alt-username-header: X-OpenIDM-Username",
+ "ds-cfg-http-basic-alt-password-header: X-OpenIDM-Password",
+ "ds-cfg-identity-mapper: cn=Exact Match,cn=Identity Mappers,cn=config"
+ ),
+ addConfigEntry(
+ "dn: cn=HTTP OAuth2 CTS,cn=HTTP Authorization Mechanisms,cn=config",
+ "objectClass: top",
+ "objectClass: ds-cfg-http-authorization-mechanism",
+ "objectClass: ds-cfg-http-oauth2-authorization-mechanism",
+ "objectClass: ds-cfg-http-oauth2-cts-authorization-mechanism",
+ "cn: HTTP OAuth2 CTS",
+ "ds-cfg-java-class: org.opends.server.protocols.http.authz.HttpOAuth2CtsAuthorizationMechanism",
+ "ds-cfg-enabled: false",
+ "ds-cfg-cts-base-dn: ou=famrecords,ou=openam-session,ou=tokens,dc=example,dc=com",
+ "ds-cfg-oauth2-authzid-json-pointer: userName/0",
+ "ds-cfg-identity-mapper: cn=Exact Match,cn=Identity Mappers,cn=config",
+ "ds-cfg-oauth2-required-scope: read",
+ "ds-cfg-oauth2-required-scope: write",
+ "ds-cfg-oauth2-required-scope: uid",
+ "ds-cfg-oauth2-access-token-cache-enabled: false",
+ "ds-cfg-oauth2-access-token-cache-expiration: 300s"
+ ),
+ addConfigEntry(
+ "dn: cn=HTTP OAuth2 OpenAM,cn=HTTP Authorization Mechanisms,cn=config",
+ "objectClass: top",
+ "objectClass: ds-cfg-http-authorization-mechanism",
+ "objectClass: ds-cfg-http-oauth2-authorization-mechanism",
+ "objectClass: ds-cfg-http-oauth2-openam-authorization-mechanism",
+ "cn: HTTP OAuth2 OpenAM",
+ "ds-cfg-java-class: org.opends.server.protocols.http.authz.HttpOAuth2OpenAmAuthorizationMechanism",
+ "ds-cfg-enabled: false",
+ "ds-cfg-openam-token-info-url: http://openam.example.com:8080/openam/oauth2/tokeninfo",
+ "ds-cfg-oauth2-authzid-json-pointer: uid",
+ "ds-cfg-identity-mapper: cn=Exact Match,cn=Identity Mappers,cn=config",
+ "ds-cfg-oauth2-required-scope: read",
+ "ds-cfg-oauth2-required-scope: write",
+ "ds-cfg-oauth2-required-scope: uid",
+ "ds-cfg-oauth2-access-token-cache-enabled: false",
+ "ds-cfg-oauth2-access-token-cache-expiration: 300s"
+ ),
+ addConfigEntry(
+ "dn: cn=HTTP OAuth2 Token Introspection (RFC7662),cn=HTTP Authorization Mechanisms,cn=config",
+ "objectClass: top",
+ "objectClass: ds-cfg-http-authorization-mechanism",
+ "objectClass: ds-cfg-http-oauth2-authorization-mechanism",
+ "objectClass: ds-cfg-http-oauth2-token-introspection-authorization-mechanism",
+ "cn: HTTP OAuth2 Token Introspection (RFC7662)",
+ "ds-cfg-java-class: "
+ + "org.opends.server.protocols.http.authz.HttpOAuth2TokenIntrospectionAuthorizationMechanism",
+ "ds-cfg-enabled: false",
+ "ds-cfg-oauth2-token-introspection-url: "
+ + "http://openam.example.com:8080/openam/oauth2/myrealm/introspect",
+ "ds-cfg-oauth2-token-introspection-client-id: directoryserver",
+ "ds-cfg-oauth2-token-introspection-client-secret: secret",
+ "ds-cfg-oauth2-authzid-json-pointer: sub",
+ "ds-cfg-identity-mapper: cn=Exact Match,cn=Identity Mappers,cn=config",
+ "ds-cfg-oauth2-required-scope: read",
+ "ds-cfg-oauth2-required-scope: write",
+ "ds-cfg-oauth2-required-scope: uid",
+ "ds-cfg-oauth2-access-token-cache-enabled: false",
+ "ds-cfg-oauth2-access-token-cache-expiration: 300s"
+ ),
+ addConfigEntry(
+ "dn: cn=HTTP OAuth2 File,cn=HTTP Authorization Mechanisms,cn=config",
+ "objectClass: top",
+ "objectClass: ds-cfg-http-authorization-mechanism",
+ "objectClass: ds-cfg-http-oauth2-authorization-mechanism",
+ "objectClass: ds-cfg-http-oauth2-file-authorization-mechanism",
+ "cn: HTTP OAuth2 File",
+ "ds-cfg-java-class: org.opends.server.protocols.http.authz.HttpOAuth2FileAuthorizationMechanism",
+ "ds-cfg-enabled: false",
+ "ds-cfg-oauth2-access-token-directory: oauth2-demo/",
+ "ds-cfg-oauth2-authzid-json-pointer: uid",
+ "ds-cfg-identity-mapper: cn=Exact Match,cn=Identity Mappers,cn=config",
+ "ds-cfg-oauth2-required-scope: read",
+ "ds-cfg-oauth2-required-scope: write",
+ "ds-cfg-oauth2-required-scope: uid",
+ "ds-cfg-oauth2-access-token-cache-enabled: false",
+ "ds-cfg-oauth2-access-token-cache-expiration: 300s"
+ ),
+ /* Recursively copies.*/
+ addConfigFile("rest2ldap")
+ );
+
/** All upgrades will refresh the server configuration schema and generate a new upgrade folder. */
registerLast(
performOEMMigrationIfNeeded(),
--
Gitblit v1.10.0