Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
The table of contents is too big for display.
Diff view
Diff view
  •  
  •  
  •  
3 changes: 3 additions & 0 deletions .gitattributes
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
# Keep HTML checked out with LF on all platforms so javadoc doclint
# (JDK 25/26) does not treat CR (from CRLF) as part of a multi-line tag name.
*.html text eol=lf
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,7 @@
* information: "Portions copyright [year] [name of copyright owner]".
*
* Copyright 2015-2016 ForgeRock AS.
* Portions Copyrighted 2026 3A Systems, LLC.
*/
package org.forgerock.openam.audit.context;

Expand All @@ -24,9 +25,9 @@
import org.forgerock.util.thread.ExecutorServiceFactory;

/**
* Responsible for filtering the API of {@ExecutorServiceFactory} to exclude any
* Responsible for filtering the API of {@link ExecutorServiceFactory} to exclude any
* methods that do not offer a means of setting thread names and to ensure that
* new methods added to {@ExecutorServiceFactory} are always called via
* new methods added to {@link ExecutorServiceFactory} are always called via
* {@link AuditRequestContextPropagatingExecutorServiceFactory}.
*
* @see ExecutorServiceFactory
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -12,14 +12,15 @@
* information: "Portions copyright [year] [name of copyright owner]".
*
* Copyright 2015 ForgeRock AS.
* Portions Copyrighted 2026 3A Systems, LLC.
*/

package org.forgerock.openam.audit.context;

import java.util.concurrent.ExecutorService;

/**
* An ExecutorService that <ul>may</ul> be re-configured after construction.
* An ExecutorService that may be re-configured after construction.
*
* This interface is a work-around for the fact that ThreadPoolExecutor does not implement an interface for
* its configuration methods. As such, in order to re-configure a ThreadPoolExecutor after its construction
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -12,12 +12,13 @@
* information: "Portions copyright [year] [name of copyright owner]".
*
* Copyright 2015 ForgeRock AS.
* Portions Copyrighted 2026 3A Systems, LLC.
*/
package org.forgerock.openam.audit.context;

/**
* Responsible for deciding whether or not transaction ID received as HTTP header should be accepted.
* <p/>
* <p>
* The decision should be made based on the value of the System Property "org.forgerock.http.TrustTransactionHeader";
* unfortunately, due to cyclic dependency issues, it's not possible to access the com.iplanet.am.util.SystemProperties
* from this module.
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,7 @@
* information: "Portions copyright [year] [name of copyright owner]".
*
* Copyright 2015-2016 ForgeRock AS.
* Portions Copyrighted 2026 3A Systems, LLC.
*/
package org.forgerock.openam.audit;

Expand All @@ -26,7 +27,7 @@ public interface AuditEventPublisher {

/**
* Tries to publish the provided AuditEvent to the specified topic of the AuditService.
* <p/>
* <p>
* If an error occurs that prevents the AuditEvent from being published, then details regarding the error
* are recorded in the debug logs. However, only details relating to the error are logged; the debug logs
* are not treated as the fallback destination for audit information.
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,7 @@
* information: "Portions copyright [year] [name of copyright owner]".
*
* Copyright 2015-2016 ForgeRock AS.
* Portions Copyrighted 2026 3A Systems, LLC.
*/
package org.forgerock.openam.audit.configuration;

Expand All @@ -25,7 +26,7 @@
* Audit service configuration specific to OpenAM. An instance of the current state can be retrieved from
* {@link AuditServiceConfigurationProvider}. The instance retrieved from {@link AuditServiceConfigurationProvider}
* will represent the current settings in the SMS.
* <p/>
* <p>
* Each of the Audit Services has its own configuration, which is stored with the Audit Service and can be retrieved
* in a thread-safe way via its own accessor methods -
* {@link AMAuditService#isAuditEnabled(String, org.forgerock.openam.audit.AuditConstants.EventName)}.
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@
* $Id: Application.java,v 1.9 2009/07/23 18:54:17 qcheng Exp $
*
* Portions Copyrighted 2011-2016 ForgeRock AS.
* Portions Copyrighted 2025 3A Systems LLC.
* Portions Copyrighted 2025-2026 3A Systems LLC.
*/

package com.sun.identity.authentication.modules.application;
Expand Down Expand Up @@ -69,16 +69,16 @@
* <code>Login.Token1</code> to specify secret.) For example:
* </p>
* <pre>
* "module=Application&IDToken0=UrlAccessAgent&IDToken1=secret"
* "module=Application&amp;IDToken0=UrlAccessAgent&amp;IDToken1=secret"
* </pre>
* OR
* <pre>
* "module=Application&IDToken0=<user id for Agent>&IDToken1=
* <password for Agent user>"
* "module=Application&amp;IDToken0=&lt;user id for Agent&gt;&amp;IDToken1=
* &lt;password for Agent user&gt;"
* </pre>
* Old usage:
* <pre>
* "module=Application&Login.Token0=UrlAccessAgent&Login.Token1=secret"
* "module=Application&amp;Login.Token0=UrlAccessAgent&amp;Login.Token1=secret"
* </pre>
*/
public class Application extends AMLoginModule {
Expand Down Expand Up @@ -161,7 +161,7 @@

if (!isValidUserEntry(userDNString)) {
debug.message("{} is not a valid special user entry", userDNString);
if (!doFallbackAuth(userName, secretParam)) {

Check failure

Code scanning / CodeQL

User-controlled bypass of sensitive method High

Sensitive method may not be executed depending on a
this condition
, which flows from
user-controlled value
.
Sensitive method may not be executed depending on a
this condition
, which flows from
user-controlled value
.
Sensitive method may not be executed depending on a
this condition
, which flows from
user-controlled value
.
Sensitive method may not be executed depending on a
this condition
, which flows from
user-controlled value
.
Sensitive method may not be executed depending on a
this condition
, which flows from
user-controlled value
.
Sensitive method may not be executed depending on a
this condition
, which flows from
user-controlled value
.
Sensitive method may not be executed depending on a
this condition
, which flows from
user-controlled value
.
debug.error("App validation failed, User not Valid: {}", userName);
setFailureID(userName);
throw new AuthLoginException(amAuthApplication, "userInvalid", null);
Expand All @@ -169,7 +169,7 @@
} else {
userTokenId = userDNString;
}
} else if (!doFallbackAuth(userName, secretParam)) {

Check failure

Code scanning / CodeQL

User-controlled bypass of sensitive method High

Sensitive method may not be executed depending on a
this condition
, which flows from
user-controlled value
.
Sensitive method may not be executed depending on a
this condition
, which flows from
user-controlled value
.
Sensitive method may not be executed depending on a
this condition
, which flows from
user-controlled value
.
Sensitive method may not be executed depending on a
this condition
, which flows from
user-controlled value
.
Sensitive method may not be executed depending on a
this condition
, which flows from
user-controlled value
.
Sensitive method may not be executed depending on a
this condition
, which flows from
user-controlled value
.
Sensitive method may not be executed depending on a
this condition
, which flows from
user-controlled value
.
debug.error("App validation failed, User not Valid: " + userName);
setFailureID(userName);
throw new AuthLoginException(amAuthApplication, "userInvalid", null);
Expand All @@ -185,7 +185,7 @@
debug.message("doFallbackAuth : User = {}", userName);

if (userName != null && (userName.length() != 0)) {
if (authenticateToDatastore(userName, userPassword)) {

Check failure

Code scanning / CodeQL

User-controlled bypass of sensitive method High

Sensitive method may not be executed depending on a
this condition
, which flows from
user-controlled value
.
Sensitive method may not be executed depending on a
this condition
, which flows from
user-controlled value
.
Sensitive method may not be executed depending on a
this condition
, which flows from
user-controlled value
.
Sensitive method may not be executed depending on a
this condition
, which flows from
user-controlled value
.
Sensitive method may not be executed depending on a
this condition
, which flows from
user-controlled value
.
Sensitive method may not be executed depending on a
this condition
, which flows from
user-controlled value
.
Sensitive method may not be executed depending on a
this condition
, which flows from
user-controlled value
.
debug.message("Application.doFallbackAuth: Authenticated to AgentsRepo.");
if (userTokenId == null) {
userTokenId = userName;
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@
* information: "Portions copyright [year] [name of copyright owner]".
*
* Copyright 2013-2016 ForgeRock AS.
* Portions Copyrighted 2025 3A Systems LLC.
* Portions Copyrighted 2025-2026 3A Systems LLC.
*/

package org.forgerock.openam.authentication.modules.common;
Expand Down Expand Up @@ -68,7 +68,7 @@ protected abstract Map<String, Object> generateConfig(HttpServletRequest request
* @param request {@inheritDoc}
* @param response {@inheritDoc}
* @param ssoToken {@inheritDoc}
* @throws AuthenticationException {@inheritDoc}
* @throws AuthenticationException if the JASPI ServerAuthModule cannot secure the response
*/
public final void onLoginSuccess(Map requestParamsMap, HttpServletRequest request, HttpServletResponse response,
SSOToken ssoToken) throws AuthenticationException {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
 *
 * Copyright 2011-2015 ForgeRock AS. All rights reserved.
 * Portions Copyrighted 2026 3A Systems, LLC.
 *
 * The contents of this file are subject to the terms
 * of the Common Development and Distribution License
Expand Down Expand Up @@ -50,7 +51,7 @@ public interface AttributeMapper<T> {
* @param attributeMapConfiguration The map of keys in the source to keys in the result.
* @param source The source of values.
* @return A map of attribute keys to values found.
* @throws AuthLoginException
* @throws AuthLoginException if the attributes cannot be mapped from the source
*/
Map<String, Set<String>> getAttributes(Map<String, String> attributeMapConfiguration, T source)
throws AuthLoginException;
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,7 @@
* information: "Portions copyright [year] [name of copyright owner]".
*
* Copyright 2012-2015 ForgeRock AS.
* Portions Copyrighted 2026 3A Systems, LLC
*/

package org.forgerock.openam.authentication.modules.fr.oath;
Expand All @@ -37,8 +38,6 @@ public OATHPrincipal(String name) {

/**
* Returns the HOTP username for this <code>HOTPPrincipal</code>.
* <p/>
* <p/>
*
* @return the HOTP username for this <code>HOTPPrincipal</code>
*/
Expand All @@ -48,8 +47,6 @@ public String getName() {

/**
* Returns a string representation of this <code>HOTPPrincipal</code>.
* <p/>
* <p/>
*
* @return a string representation of this <code>HOTPPrincipal</code>.
*/
Expand All @@ -62,8 +59,6 @@ public String toString() {
* for equality. Returns true if the given object is also a
* <code>HOTPPrincipal</code> and the two HOTPPrincipals
* have the same username.
* <p/>
* <p/>
*
* @param o Object to be compared for equality with this
* <code>HOTPPrincipal</code>.
Expand Down Expand Up @@ -92,8 +87,6 @@ public boolean equals(Object o) {

/**
* Returns a hash code for this <code>HOTPPrincipal</code>.
* <p/>
* <p/>
*
* @return a hash code for this <code>HOTPPrincipal</code>.
*/
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@
*/
/**
* Portions Copyrighted 2012-2015 ForgeRock AS.
* Portions Copyrighted 2026 3A Systems, LLC
*/

package org.forgerock.openam.authentication.modules.fr.oath;
Expand Down Expand Up @@ -86,7 +87,7 @@ private static byte[] hexStr2Bytes(String hex) {
* @param time a value that reflects a time
* @param returnDigits number of digits to return
* @return a numeric String in base 10 that includes
* {@link truncationDigits} digits
* {@code truncationDigits} digits
*/

public static String generateTOTP(String key,
Expand All @@ -104,7 +105,7 @@ public static String generateTOTP(String key,
* @param time a value that reflects a time
* @param returnDigits number of digits to return
* @return a numeric String in base 10 that includes
* {@link truncationDigits} digits
* {@code truncationDigits} digits
*/

public static String generateTOTP256(String key,
Expand All @@ -121,7 +122,7 @@ public static String generateTOTP256(String key,
* @param time a value that reflects a time
* @param returnDigits number of digits to return
* @return a numeric String in base 10 that includes
* {@link truncationDigits} digits
* {@code truncationDigits} digits
*/

public static String generateTOTP512(String key,
Expand All @@ -140,7 +141,7 @@ public static String generateTOTP512(String key,
* @param returnDigits number of digits to return
* @param crypto the crypto function to use
* @return a numeric String in base 10 that includes
* {@link truncationDigits} digits
* {@code truncationDigits} digits
*/

public static String generateTOTP(String key,
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,7 @@
*/
/**
* Portions Copyrighted [2011] [ForgeRock AS]
* Portions Copyrighted 2026 3A Systems, LLC.
*/
package com.sun.identity.authentication.modules.hotp;

Expand All @@ -53,7 +54,6 @@ public HOTPPrincipal(String name) {
/**
* Returns the HOTP username for this <code>HOTPPrincipal</code>.
*
* <p>
*
* @return the HOTP username for this <code>HOTPPrincipal</code>
*/
Expand All @@ -64,7 +64,6 @@ public String getName() {
/**
* Returns a string representation of this <code>HOTPPrincipal</code>.
*
* <p>
*
* @return a string representation of this <code>HOTPPrincipal</code>.
*/
Expand All @@ -78,7 +77,6 @@ public String toString() {
* <code>HOTPPrincipal</code> and the two HOTPPrincipals
* have the same username.
*
* <p>
*
* @param o Object to be compared for equality with this
* <code>HOTPPrincipal</code>.
Expand Down Expand Up @@ -109,7 +107,6 @@ public boolean equals(Object o) {
/**
* Returns a hash code for this <code>HOTPPrincipal</code>.
*
* <p>
*
* @return a hash code for this <code>HOTPPrincipal</code>.
*/
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,7 @@
* $Id: SMSGateway.java,v 1.2 2009/06/03 20:46:51 veiming Exp $
*
* Portions Copyrighted 2011-2016 ForgeRock AS.
* Portions Copyrighted 2026 3A Systems, LLC.
*/
package com.sun.identity.authentication.modules.hotp;

Expand All @@ -48,7 +49,6 @@ public interface SMSGateway {

/**
* Sends a SMS message to the phone with the code
* <p>
*
* @param from The address that sends the SMS message
* @param to The address that the SMS message is sent
Expand All @@ -64,7 +64,6 @@ void sendSMSMessage(String from, String to, String subject,

/**
* Sends an email message to the mail with the code
* <p>
*
* @param from The address that sends the E-mail message
* @param to The address that the E-mail message is sent
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,7 @@
*
* $Id: ClearTextTransform.java,v 1.2 2008/06/25 05:41:57 qcheng Exp $
*
* Portions Copyrighted 2026 3A Systems, LLC.
*/


Expand All @@ -46,8 +47,8 @@ public ClearTextTransform() {
*
* @param input Password before transform
* @return Password after transform in this case the same thing.
* @throws AuthLoginException
*/
* @throws AuthLoginException if the input password is {@code null}
*/
public String transform(String input) throws AuthLoginException {
if (input == null) {
throw new AuthLoginException(
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,7 @@
*
* Portions Copyrighted 2011-2016 ForgeRock AS.
* Portions Copyrighted 2012 Open Source Solution Technology Corporation
* Portions Copyrighted 2026 3A Systems, LLC.
*/

package com.sun.identity.authentication.modules.jdbc;
Expand Down Expand Up @@ -116,9 +117,9 @@ public JDBC() {
/**
* Initializes parameters.
*
* @param subject
* @param sharedState
* @param options
* @param subject the subject to be authenticated
* @param sharedState the state shared between authentication modules
* @param options the configuration options for this module
*/
public void init(Subject subject, Map sharedState, Map options) {
debug.message("in initialize...");
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,7 @@
*
* $Id: JDBCPasswordSyntaxTransform.java,v 1.3 2008/06/25 05:41:57 qcheng Exp $
*
* Portions Copyrighted 2026 3A Systems, LLC.
*/


Expand All @@ -43,7 +44,7 @@ public interface JDBCPasswordSyntaxTransform {
*
* @param input Password before transform
* @return Password after transform - in this case the same thing.
* @throws AuthLoginException
* @throws AuthLoginException if the password cannot be transformed
*/
String transform(String input)
throws AuthLoginException;
Expand Down
Original file line number Diff line number Diff line change
@@ -1,3 +1,7 @@
/*
* Portions Copyrighted 2026 3A Systems, LLC.
*/

package com.sun.identity.authentication.modules.jdbc;

import java.security.MessageDigest;
Expand All @@ -20,8 +24,8 @@ public MD5Transform() {
*
* @param input Password before transform
* @return MD5 Password after transform in this case the same thing.
* @throws AuthLoginException
*/
* @throws AuthLoginException if the input password is {@code null}
*/
public String transform(String input) throws AuthLoginException {
if (input == null) {
throw new AuthLoginException(
Expand Down
Loading
Loading