openam-jp · oss-aimoto · Oct 14, 2020
diff --git a/openam-core/src/main/java/com/sun/identity/authentication/service/AMAccountLockout.java b/openam-core/src/main/java/com/sun/identity/authentication/service/AMAccountLockout.java
@@ -26,6 +26,7 @@
  *
  * Portions Copyrighted 2013-2016 ForgeRock AS.
  * Portions Copyrighted 2019 OGIS-RI Co., Ltd.
+ * Portions Copyrighted 2020 Open Source Solution Technology Corporation
  */
 package com.sun.identity.authentication.service;
 
@@ -168,9 +169,10 @@ public int getWarnUserCount() {
      * Sends the lockout notice.
      *
      * @param userDN The distinguished name of the user.
+     * @param realm The realm name of the user.
      */
-    public void sendLockOutNotice(String userDN) {
-        isAccountLockout.sendLockOutNotice(userDN);
+    public void sendLockOutNotice(String userDN, String realm) {
+        isAccountLockout.sendLockOutNotice(userDN, realm);
     }
 
     /**

diff --git a/openam-core/src/main/java/com/sun/identity/common/ISAccountLockout.java b/openam-core/src/main/java/com/sun/identity/common/ISAccountLockout.java
@@ -25,6 +25,7 @@
  * $Id: ISAccountLockout.java,v 1.15 2009/03/07 08:01:50 veiming Exp $
  *
  * Portions Copyrighted 2011-2016 ForgeRock AS.
+ * Portions Copyrighted 2020 Open Source Solution Technology Corporation
  */
 package com.sun.identity.common;
 
@@ -33,12 +34,19 @@
 import com.iplanet.am.util.AMSendMail;
 import javax.mail.MessagingException;
 import com.iplanet.sso.SSOException;
+import com.iplanet.sso.SSOToken;
 import com.sun.identity.authentication.spi.AMAuthCallBackImpl;
 import com.sun.identity.authentication.spi.AMAuthCallBackException;
 import com.sun.identity.idm.AMIdentity;
 import com.sun.identity.idm.IdRepoException;
+import com.sun.identity.security.AdminTokenAction;
 import com.sun.identity.shared.debug.Debug;
 import com.sun.identity.shared.debug.IDebug;
+import com.sun.identity.sm.ServiceConfig;
+import com.sun.identity.sm.ServiceConfigManager;
+import com.sun.identity.sm.SMSException;
+import java.lang.reflect.InvocationTargetException;
+import java.security.AccessController;
 import java.text.MessageFormat;
 import java.util.Collections;
 import java.util.HashMap;
@@ -48,6 +56,8 @@
 import java.util.ResourceBundle;
 import java.util.Set;
 import java.util.StringTokenizer;
+import org.forgerock.openam.services.email.MailServer;
+import org.forgerock.openam.services.email.MailServerImpl;
 
 public class ISAccountLockout {
     private static final String USER_STATUS_ATTR="inetuserstatus";
@@ -276,7 +286,7 @@ public int invalidPasswd(String userDN, String userName,
                 inactivateUserAccount(amIdentity);
             }
             try {
-                sendLockOutNotice(userName);
+                sendLockOutNotice(userName, amIdentity.getRealm());
                 /*
                  * The callback implementation instance is retrieved for
                  * the user's organization. This will be used to notify the
@@ -448,7 +458,7 @@ private AccountLockoutInfo invalidPasswdEx(
                             if (notifyUser == null) {
                                 notifyUser = ((AMIdentity)subject).getUniversalId();
                             }
-                            sendLockOutNotice(notifyUser);
+                            sendLockOutNotice(notifyUser, ((AMIdentity)subject).getRealm());
                         }
                     }
                 }
@@ -476,9 +486,12 @@ private AccountLockoutInfo invalidPasswdEx(
      *
      * @param userDN Distinguished name of the user
      */
-    public void sendLockOutNotice(String userDN)  {
+    public void sendLockOutNotice(String userDN, String realm) {
         if (lockoutNotification != null) {
-            AMSendMail sm = new AMSendMail();
+            MailServer mailServer = getMailServer(realm);
+            if (mailServer == null){
+                return;
+            }
             StringTokenizer emailTokens = new StringTokenizer(
                 lockoutNotification, SPACE_DELIM);
 
@@ -511,8 +524,9 @@ public void sendLockOutNotice(String userDN)  {
                 }
 
                 try {
-                    sm.postMail(toAddress, emailSubject, emailMsg,
-                        fromAddress, charset);
+                    for (String emailTo: toAddress){
+                        mailServer.sendEmail(fromAddress, emailTo, emailSubject, emailMsg, null);
+                    }
                 } catch (MessagingException ex) {
                     debug.error("cannot email lockout notification:token ", ex);
                 }
@@ -775,5 +789,28 @@ private static String getElement(
         }
         return (answer);
     }
+
+    private MailServer getMailServer(String realm) {
+        try {
+            ServiceConfigManager mailmgr = new ServiceConfigManager(
+                    AccessController.doPrivileged(AdminTokenAction.getInstance()),
+                    MailServerImpl.SERVICE_NAME, MailServerImpl.SERVICE_VERSION);
+            ServiceConfig mailscm = mailmgr.getOrganizationConfig(realm, null);
+
+            if (!mailscm.exists()) {
+                debug.error("ISAccountLockout.getMailServer : EmailService is not configured for realm:[{}]", realm);
+                return null;
+            }
+
+            Map<String, Set<String>> mailattrs = mailscm.getAttributes();
+            String mailServerClass = mailattrs.get("forgerockMailServerImplClassName").iterator().next();
+            return Class.forName(mailServerClass).asSubclass(MailServer.class).getDeclaredConstructor(String.class)
+                    .newInstance(realm);
+        } catch (IllegalAccessException | SSOException | InstantiationException | ClassNotFoundException
+                | InvocationTargetException | NoSuchMethodException | SMSException e) {
+            debug.error("ISAccountLockout.getMailServer : Failed to load mail server", e);
+            return null;
+        }
+    }
 
 }
diff --git a/openam-core/src/main/java/org/forgerock/openam/services/email/MailServerImpl.java b/openam-core/src/main/java/org/forgerock/openam/services/email/MailServerImpl.java
@@ -20,6 +20,7 @@
  * "Portions copyright [year] [name of copyright owner]"
  *
  * Copyright 2013-2015 ForgeRock AS.
+ * Portions Copyrighted 2020 Open Source Solution Technology Corporation
  */
 
 package org.forgerock.openam.services.email;
@@ -204,7 +205,9 @@ private void sendEmail(String from, String to, String subject, String message, S
             } else {
                 //user global settings...
                 setOptions(this.options);
-                from = this.from;
+                if(from == null || from.isEmpty()){
+                    from = this.from;
+                }
             }
             String tos[] = new String[1];
             tos[0] = to;

diff --git a/openam-core/src/main/resources/amAuth.properties b/openam-core/src/main/resources/amAuth.properties
@@ -26,7 +26,7 @@
 #
 
 # Portions Copyrighted 2011-2016 ForgeRock AS.
-# Portions Copyrighted 2012 Open Source Solution Technology Corporation
+# Portions Copyrighted 2012-2020 Open Source Solution Technology Corporation
 
 onlinehelp.doc=coreauth.html
 authentication=Authentication
@@ -141,8 +141,9 @@ events occur. The contents of the email message is configured using the followin
 <li><code>lockOutEmailMsg</code> : The contents of the email message</li></ul><br/>\
 The identity for whom the account has been locked is included in the email message.<br/><br/>\
 The format of this property is:<br/>\
-<code>emailaddress|locale|charset</code>. Multiple email addresses are space-separated.<br/>\
-Email addresses must include the domain name, such as <code>[email protected]</code>.
+<code>emailaddress|locale</code>. Multiple email addresses are space-separated.<br/>\
+Email addresses must include the domain name, such as <code>[email protected]</code>.<br/><br/>\
+For the SMTP server, follow the settings of <code>Email service</code> in <code>Services</code>. (<code>Email service</code> settings are required.)
 a129=Warn User After N Failures
 a129.help=Warn the user when they reach this level of failed authentications.
 a129.help.txt=The user will be given a warning when they reach this level of failed authentications during the lockout interval.<br/>\

diff --git a/openam-core/src/main/resources/ja_JP/amAuth_ja.properties b/openam-core/src/main/resources/ja_JP/amAuth_ja.properties
@@ -26,7 +26,7 @@
 #
 
 # Portions Copyrighted 2011-2014 ForgeRock AS
-# Portions Copyrighted 2012-2019 Open Source Solution Technology Corporation
+# Portions Copyrighted 2012-2020 Open Source Solution Technology Corporation
 # Portions Copyrighted 2013-2014 Nomura Research Institute, Ltd
 
 onlinehelp.doc=coreauth.html
@@ -151,8 +151,9 @@ a128.help.txt=OpenAM \u306f\u3001\u30a2\u30ab\u30a6\u30f3\u30c8\u30ed\u30c3\u30a
 <li><code>lockOutEmailMsg</code> : \u96fb\u5b50\u30e1\u30fc\u30eb\u30e1\u30c3\u30bb\u30fc\u30b8\u306e\u5185\u5bb9</li></ul><br/>\
 \u30a2\u30ab\u30a6\u30f3\u30c8\u304c\u30ed\u30c3\u30af\u3055\u308c\u3066\u3044\u308b\u30e6\u30fc\u30b6\u30fc\u306eID\u306f\u3001\u96fb\u5b50\u30e1\u30fc\u30eb\u30e1\u30c3\u30bb\u30fc\u30b8\u306b\u542b\u307e\u308c\u3066\u3044\u307e\u3059\u3002<br/><br/>\
 \u30d7\u30ed\u30d1\u30c6\u30a3\u306e\u5f62\u5f0f\u306f:<br/>\
-<code>emailaddress|locale|charset</code> \u3002\u96fb\u5b50\u30e1\u30fc\u30eb\u30a2\u30c9\u30ec\u30b9\u304c\u8907\u6570\u306e\u5834\u5408\u3001\u30b9\u30da\u30fc\u30b9\u3067\u533a\u5207\u308a\u307e\u3059\u3002<br/>\
-\u30e1\u30fc\u30eb\u30a2\u30c9\u30ec\u30b9\u306f\u3001 <code>[email protected]</code> \u306a\u3069\u306e\u30c9\u30e1\u30a4\u30f3\u540d\u3092\u542b\u3081\u308b\u5fc5\u8981\u304c\u3042\u308a\u307e\u3059\u3002
+<code>emailaddress|locale</code> \u3002\u96fb\u5b50\u30e1\u30fc\u30eb\u30a2\u30c9\u30ec\u30b9\u304c\u8907\u6570\u306e\u5834\u5408\u3001\u30b9\u30da\u30fc\u30b9\u3067\u533a\u5207\u308a\u307e\u3059\u3002<br/>\
+\u30e1\u30fc\u30eb\u30a2\u30c9\u30ec\u30b9\u306f\u3001 <code>[email protected]</code> \u306a\u3069\u306e\u30c9\u30e1\u30a4\u30f3\u540d\u3092\u542b\u3081\u308b\u5fc5\u8981\u304c\u3042\u308a\u307e\u3059\u3002<br/><br/>\
+SMTP\u30b5\u30fc\u30d0\u30fc\u306b\u95a2\u3057\u3066\u306f<code>\u30b5\u30fc\u30d3\u30b9</code>\u306e<code>\u96fb\u5b50\u30e1\u30fc\u30eb\u30b5\u30fc\u30d3\u30b9</code>\u306e\u8a2d\u5b9a\u306b\u5f93\u3044\u307e\u3059\u3002(<code>\u96fb\u5b50\u30e1\u30fc\u30eb\u30b5\u30fc\u30d3\u30b9</code>\u306e\u8a2d\u5b9a\u304c\u5fc5\u8981\u3067\u3059\u3002)
 a129=\u30e6\u30fc\u30b6\u30fc\u306b\u8b66\u544a\u3092\u51fa\u3059\u307e\u3067\u306e\u5931\u6557\u56de\u6570
 a129.help=\u30e6\u30fc\u30b6\u30fc\u306e\u8a8d\u8a3c\u5931\u6557\u304c\u3053\u306e\u30ec\u30d9\u30eb\u306b\u5230\u9054\u3057\u305f\u3068\u304d\u30e6\u30fc\u30b6\u30fc\u306b\u8b66\u544a\u3057\u307e\u3059\u3002
 a129.help.txt=\u300c\u8a8d\u8a3c\u5931\u6557\u56de\u6570\u304c\u52a0\u7b97\u3055\u308c\u308b\u671f\u9593\u300d\u4e2d\u306b\u30e6\u30fc\u30b6\u30fc\u306e\u8a8d\u8a3c\u5931\u6557\u56de\u6570\u304c\u3053\u306e\u5024\u306b\u5230\u9054\u3057\u305f\u3068\u304d\u306b\u3001\u8b66\u544a\u304c\u4e0e\u3048\u3089\u308c\u307e\u3059\u3002<br/>\