Example 1 with IDirectoryServices
use of com.iplanet.am.sdk.common.IDirectoryServices in project OpenAM by OpenRock.
the class AMSDKRepo method setAttributes.
/**
* Sets the Attributes of the named identity. the single sign on
* token must have the necessary permission to set the attributes.
*
* @param token
* single sign on token for this operation.
* @param type
* type of the identity
* @param name
* name of the identity
* @param attributes
* attributes to set.
* @param isAdd
* should attributes values be added to existing values.
* @throws IdRepoException
* if there are repository related error conditions.
* @throws SSOException
* if user's single sign on token is invalid.
*/
public void setAttributes(SSOToken token, IdType type, String name, Map attributes, boolean isAdd) throws IdRepoException, SSOException {
if (debug.messageEnabled()) {
if (attributes.containsKey("userpassword")) {
AMHashMap removedPasswd = new AMHashMap();
removedPasswd.copy(attributes);
removedPasswd.remove("userpassword");
removedPasswd.put("userpassword", "xxx...");
debug.message("AMSDKRepo: setAttributes called" + type + ": " + name + ": " + removedPasswd);
} else {
debug.message("AMSDKRepo: setAttributes called" + type + ": " + name + ": " + attributes);
}
}
if (attributes == null || attributes.isEmpty()) {
throw new IdRepoException(IdRepoBundle.BUNDLE_NAME, IdRepoErrorCode.ILLEGAL_ARGUMENTS, null);
}
String dn = getDN(type, name);
int profileType = getProfileType(type);
try {
if (adminToken != null) {
token = adminToken;
}
IDirectoryServices dsServices = AMDirectoryAccessFactory.getDirectoryServices();
dsServices.setAttributes(token, dn, profileType, attributes, null, false);
} catch (AMException ame) {
debug.error("AMSDKRepo.setAttributes: Unable to set attributes", ame);
String ldapError = ame.getLDAPErrorCode();
String errorMessage = ame.getMessage();
int errCode = Integer.parseInt(ldapError);
if (ResultCode.CONSTRAINT_VIOLATION.equals(ResultCode.valueOf(errCode))) {
Object[] args = { this.getClass().getName(), ldapError, errorMessage };
//as it breaks password policy for password length.
throw new IdRepoFatalException(IdRepoBundle.BUNDLE_NAME, IdRepoErrorCode.LDAP_EXCEPTION, ResultCode.CONSTRAINT_VIOLATION, args);
} else {
throw IdUtils.convertAMException(ame);
}
}
}
Also used :
IDirectoryServices(com.iplanet.am.sdk.common.IDirectoryServices)
IdRepoException(com.sun.identity.idm.IdRepoException)
IdRepoFatalException(com.sun.identity.idm.IdRepoFatalException)
Example 2 with IDirectoryServices
use of com.iplanet.am.sdk.common.IDirectoryServices in project OpenAM by OpenRock.
the class ACIEventListener method entryChanged.
/**
* This method will be invoked by the <code>EventService</code> if the
* events for which this listener registered has been triggered. Since this
* listener is interested in modifications with respect to ACI's it
* identifies the DN's affected by this event and sends a notification to
* the <code>AMObjectImpl</code> by calling the appropriate method.
* Usually all the DN's whose have a suffix of this DN of this event will
* get affected
* <p>
*
* @param dsEvent
* <code>DSEvent</code> object generated by the
* <code>EventService</code>.
*/
public void entryChanged(DSEvent dsEvent) {
if (debug.messageEnabled()) {
debug.message("ACIEventListener.entryChanged() DSEvent for dn: " + dsEvent.getID());
}
// Should not get cos related aci changes events here. But check anyway.
String objClasses = dsEvent.getClassName();
if ((objClasses.indexOf("cosClassicDefinition") != -1) || (objClasses.indexOf("costemplate") != -1)) {
// Ignore Event.COS entries should'nt contain ACI's
return;
}
String affectedDNs = LDAPUtils.formatToRFC(dsEvent.getID());
IDirectoryServices dsServices = DirectoryServicesFactory.getInstance();
if (DirectoryServicesFactory.isCachingEnabled()) {
((ICachedDirectoryServices) dsServices).dirtyCache(affectedDNs, dsEvent.getEventType(), false, true, Collections.EMPTY_SET);
}
// Call Listeners
synchronized (listeners) {
Set keys = listeners.keySet();
for (Iterator items = keys.iterator(); items.hasNext(); ) {
AMObjectListener listener = (AMObjectListener) items.next();
if (dsEvent.getEventType() == DSEvent.OBJECT_CHANGED) {
listener.permissionsChanged(dsEvent.getID(), (Map) listeners.get(listener));
} else {
listener.objectChanged(affectedDNs, dsEvent.getEventType(), (Map) listeners.get(listener));
}
}
}
}
Also used :
IDirectoryServices(com.iplanet.am.sdk.common.IDirectoryServices)
Set(java.util.Set)
AMObjectListener(com.iplanet.am.sdk.AMObjectListener)
Iterator(java.util.Iterator)
ICachedDirectoryServices(com.iplanet.am.sdk.common.ICachedDirectoryServices)
Example 3 with IDirectoryServices
use of com.iplanet.am.sdk.common.IDirectoryServices in project OpenAM by OpenRock.
the class EntryEventListener method entryChanged.
/**
* This method will be invoked by the <code>EventService</code> if the
* events for which this listener registered has been triggered. Since this
* listener is interested in modifications/deletions/renaming of normal
* directory entires, it identifies the distinguished names affected by this
* event and sends a notification to the <code>AMObjectImpl</code> by
* calling the appropriate method.
*
* @param dsEvent
* <code>DSEvent</code> object generated by the
* <code>EventService</code>.
*/
public void entryChanged(DSEvent dsEvent) {
// Get the "dn" responsible for the event
DN dn = DN.valueOf(dsEvent.getID());
String normalizedDN = dn.toString().toLowerCase();
if (debug.messageEnabled()) {
debug.message("EntryEventListener.entryChanged(): DSEvent " + "generated for: " + dn);
}
// Check if the event was caused by changes/deletions to cos entries
// (cosdefinitions & costemplates) and figure out the affected dn
// subtree. Parse the dn in case of cos related events to find out the
// affected subtree of dns Examples of costemplate dn:
// "cn="cn=RoleThree,o=hp.com,o=vortex.com",cn=nsCalUser,
// o=hp.com,o=vortex.com"
// affectDNs will be all those which suffix match
// "o=hp.com,o=vortex.com"
// Examples of cosdefintion dn:
// "cn=nsCalUser,o=hp.com,o=vortex.com";
// affectDNs => "o=hp.com,o=vortex.com"
boolean cosType = true;
String affectDNs = "";
Set attrNames = Collections.EMPTY_SET;
String serviceName = null;
String objClasses = dsEvent.getClassName();
if (objClasses.indexOf("cosClassicDefinition") != -1) {
// COS
// definition
affectDNs = dn.parent().toString().toLowerCase();
// Get the serviceName this applies to, and get the attribute
// names of this service which impact the DNs.
serviceName = LDAPUtils.rdnValueFromDn(dn);
attrNames = getDynamicAttributeNames(serviceName);
if (debug.messageEnabled()) {
debug.message("EntryEventListener.entryChanged() " + "Cos Definition changed for service: " + serviceName + "Dynamic Attributes: " + attrNames);
}
} else if (objClasses.indexOf("costemplate") != -1) {
// COS template
affectDNs = dn.parent().parent().toString().toLowerCase();
serviceName = LDAPUtils.rdnValueFromDn(dn.parent());
attrNames = getDynamicAttributeNames(serviceName);
if (debug.messageEnabled()) {
debug.message("EntryEventListener." + "entryChanged()" + "Cos template changed for service: " + serviceName + "Dynamic Attributes: " + attrNames);
}
} else {
// Not cos related - only a single dn affected
cosType = false;
affectDNs = normalizedDN;
}
if (debug.messageEnabled()) {
debug.message("EntryEventListener.entryChanged(): Affected dn: " + affectDNs + " cosType: " + cosType);
}
IDirectoryServices dsServices = DirectoryServicesFactory.getInstance();
// Call the listeners
synchronized (listeners) {
Set keys = listeners.keySet();
for (Iterator items = keys.iterator(); items.hasNext(); ) {
AMObjectListener listener = (AMObjectListener) items.next();
Map configMap = (Map) listeners.get(listener);
if (cosType) {
// removed for user entries as well the affected template
if (DirectoryServicesFactory.isCachingEnabled()) {
((ICachedDirectoryServices) dsServices).dirtyCache(affectDNs, dsEvent.getEventType(), true, false, attrNames);
((ICachedDirectoryServices) dsServices).dirtyCache(normalizedDN, dsEvent.getEventType(), false, false, Collections.EMPTY_SET);
}
listener.objectsChanged(affectDNs, dsEvent.getEventType(), attrNames, configMap);
// first call removes the attributes. now remove
// the template.
listener.objectChanged(normalizedDN, dsEvent.getEventType(), configMap);
} else {
if (DirectoryServicesFactory.isCachingEnabled()) {
((ICachedDirectoryServices) dsServices).dirtyCache(affectDNs, dsEvent.getEventType(), false, false, Collections.EMPTY_SET);
}
listener.objectChanged(affectDNs, dsEvent.getEventType(), configMap);
}
}
}
}
Also used :
IDirectoryServices(com.iplanet.am.sdk.common.IDirectoryServices)
Set(java.util.Set)
AMObjectListener(com.iplanet.am.sdk.AMObjectListener)
Iterator(java.util.Iterator)
DN(org.forgerock.opendj.ldap.DN)
ICachedDirectoryServices(com.iplanet.am.sdk.common.ICachedDirectoryServices)
HashMap(java.util.HashMap)
Map(java.util.Map)
Example 4 with IDirectoryServices
use of com.iplanet.am.sdk.common.IDirectoryServices in project OpenAM by OpenRock.
the class AMSDKRepo method getAttributes.
/*
* (non-Javadoc)
*
* @see com.sun.identity.idm.IdRepo#getAttributes(com.iplanet.sso.SSOToken,
* com.sun.identity.idm.IdType, java.lang.String, java.util.Set)
*/
public Map getAttributes(SSOToken token, IdType type, String name, Set attrNames) throws IdRepoException, SSOException {
AMStoreConnection amsc = (sc == null) ? new AMStoreConnection(token) : sc;
String dn = getDN(type, name);
int profileType = getProfileType(type);
if (debug.messageEnabled()) {
debug.message("AMSDKIdRepo: getAttributes called" + ": " + type + ": " + name + " DN: '" + dn + "'");
}
// Use adminToken if present
if (adminToken != null) {
token = adminToken;
}
try {
if (amsc.isValidEntry(dn)) {
IDirectoryServices dsServices = AMDirectoryAccessFactory.getDirectoryServices();
return dsServices.getAttributes(token, dn, attrNames, false, false, profileType);
} else {
Object[] args = { name };
throw new IdRepoException(IdRepoBundle.BUNDLE_NAME, IdRepoErrorCode.NOT_VALID_ENTRY, args);
}
} catch (AMException ame) {
debug.error("AMSDKRepo.getAttributes(): AMException ", ame);
throw IdUtils.convertAMException(ame);
}
}
Also used :
IDirectoryServices(com.iplanet.am.sdk.common.IDirectoryServices)
IdRepoException(com.sun.identity.idm.IdRepoException)
Example 5 with IDirectoryServices
use of com.iplanet.am.sdk.common.IDirectoryServices in project OpenAM by OpenRock.
the class AMSDKRepo method unassignService.
public void unassignService(SSOToken token, IdType type, String name, String serviceName, Map attrMap) throws IdRepoException, SSOException {
if (type.equals(IdType.AGENT) || type.equals(IdType.GROUP)) {
Object[] args = { this.getClass().getName() };
throw new IdRepoUnsupportedOpException(IdRepoBundle.BUNDLE_NAME, IdRepoErrorCode.SERVICES_NOT_SUPPORTED_FOR_AGENTS_AND_GROUPS, args);
}
// Use adminToken if present
if (adminToken != null) {
token = adminToken;
}
if (type.equals(IdType.USER)) {
// Get the object classes that need to be remove from Service Schema
Set removeOCs = (Set) attrMap.get("objectclass");
Set attrNameSet = new HashSet();
attrNameSet.add("objectclass");
Map objectClassesMap = getAttributes(token, type, name, attrNameSet);
Set OCValues = (Set) objectClassesMap.get("objectclass");
removeOCs = AMCommonUtils.updateAndGetRemovableOCs(OCValues, removeOCs);
// Get the attributes that need to be removed
Set removeAttrs = new HashSet();
Iterator iter1 = removeOCs.iterator();
while (iter1.hasNext()) {
String oc = (String) iter1.next();
IDirectoryServices dsServices = AMDirectoryAccessFactory.getDirectoryServices();
Set attrs = dsServices.getAttributesForSchema(oc);
Iterator iter2 = attrs.iterator();
while (iter2.hasNext()) {
String attrName = (String) iter2.next();
removeAttrs.add(attrName.toLowerCase());
}
}
// Will be AMHashMap, So the attr names will be in lower case
Map avPair = getAttributes(token, type, name);
Iterator itr = avPair.keySet().iterator();
while (itr.hasNext()) {
String attrName = (String) itr.next();
if (removeAttrs.contains(attrName)) {
try {
// remove attribute one at a time, so if the first
// one fails, it will keep continue to remove
// other attributes.
Map tmpMap = new AMHashMap();
tmpMap.put(attrName, Collections.EMPTY_SET);
setAttributes(token, type, name, tmpMap, false);
} catch (Exception ex) {
if (debug.messageEnabled()) {
debug.message("AMUserImpl.unassignServices()" + "Error occured while removing attribute: " + attrName);
}
}
}
}
// Now update the object class attribute
Map tmpMap = new AMHashMap();
tmpMap.put("objectclass", OCValues);
setAttributes(token, type, name, tmpMap, false);
} else if (type.equals(IdType.ROLE)) {
try {
AMStoreConnection amsc = (sc == null) ? new AMStoreConnection(token) : sc;
String roleDN = getDN(type, name);
AMRole role = amsc.getRole(roleDN);
AMTemplate templ = role.getTemplate(serviceName, AMTemplate.DYNAMIC_TEMPLATE);
if (templ != null && templ.isExists()) {
templ.delete();
}
/*
* amdm.unRegisterService(token, orgDN, AMObject.ORGANIZATION,
* serviceName, AMTemplate.DYNAMIC_TEMPLATE);
*/
} catch (AMException ame) {
debug.error("AMSDKRepo.unassignService: Caught AMException", ame);
throw IdUtils.convertAMException(ame);
}
} else if (type.equals(IdType.FILTEREDROLE) || type.equals(IdType.REALM)) {
try {
AMStoreConnection amsc = (sc == null) ? new AMStoreConnection(token) : sc;
String roleDN = getDN(type, name);
AMFilteredRole role = amsc.getFilteredRole(roleDN);
AMTemplate templ = role.getTemplate(serviceName, AMTemplate.DYNAMIC_TEMPLATE);
if (templ != null && templ.isExists()) {
templ.delete();
}
/*
* amdm.unRegisterService(token, orgDN, AMObject.ORGANIZATION,
* serviceName, AMTemplate.DYNAMIC_TEMPLATE);
*/
} catch (AMException ame) {
debug.error("AMSDKRepo.unassignService: Caught AMException", ame);
throw IdUtils.convertAMException(ame);
}
} else {
Object[] args = { this.getClass().getName() };
throw new IdRepoUnsupportedOpException(IdRepoBundle.BUNDLE_NAME, IdRepoErrorCode.SERVICES_NOT_SUPPORTED_FOR_AGENTS_AND_GROUPS, args);
}
}
Also used :
Set(java.util.Set)
HashSet(java.util.HashSet)
IdRepoUnsupportedOpException(com.sun.identity.idm.IdRepoUnsupportedOpException)
IdRepoFatalException(com.sun.identity.idm.IdRepoFatalException)
AuthLoginException(com.sun.identity.authentication.spi.AuthLoginException)
SSOException(com.iplanet.sso.SSOException)
LDAPServiceException(com.iplanet.services.ldap.LDAPServiceException)
IdRepoException(com.sun.identity.idm.IdRepoException)
SMSException(com.sun.identity.sm.SMSException)
LDAPUtilException(org.forgerock.openam.ldap.LDAPUtilException)
InvalidPasswordException(com.sun.identity.authentication.spi.InvalidPasswordException)
IDirectoryServices(com.iplanet.am.sdk.common.IDirectoryServices)
IdRepoUnsupportedOpException(com.sun.identity.idm.IdRepoUnsupportedOpException)
Iterator(java.util.Iterator)
Map(java.util.Map)
HashMap(java.util.HashMap)
CaseInsensitiveHashMap(com.sun.identity.common.CaseInsensitiveHashMap)
HashSet(java.util.HashSet)
Aggregations
IDirectoryServices (com.iplanet.am.sdk.common.IDirectoryServices)15
IdRepoException (com.sun.identity.idm.IdRepoException)6
Set (java.util.Set)6
Iterator (java.util.Iterator)5
AMObjectListener (com.iplanet.am.sdk.AMObjectListener)4
ICachedDirectoryServices (com.iplanet.am.sdk.common.ICachedDirectoryServices)4
Map (java.util.Map)4
SSOException (com.iplanet.sso.SSOException)3
IdRepoUnsupportedOpException (com.sun.identity.idm.IdRepoUnsupportedOpException)3
HashMap (java.util.HashMap)3
HashSet (java.util.HashSet)3
CaseInsensitiveHashMap (com.sun.identity.common.CaseInsensitiveHashMap)2
IdRepoFatalException (com.sun.identity.idm.IdRepoFatalException)2
SMSException (com.sun.identity.sm.SMSException)2
DN (org.forgerock.opendj.ldap.DN)2
AMEventManagerException (com.iplanet.am.sdk.AMEventManagerException)1
AMException (com.iplanet.am.sdk.AMException)1
AMObject (com.iplanet.am.sdk.AMObject)1
LDAPServiceException (com.iplanet.services.ldap.LDAPServiceException)1
AuthLoginException (com.sun.identity.authentication.spi.AuthLoginException)1
