Examples with SSOToken com.iplanet.sso.SSOToken used on opensource projects

Search in sources :

Example 6 with SSOToken

use of com.iplanet.sso.SSOToken in project OpenAM by OpenRock.

the class OpenSSOGroupSubject method getSearchIndexAttributes.

/**
     * Returns search index attributes.
     *
     * @return search index attributes.
     */
@Override
public Map<String, Set<String>> getSearchIndexAttributes() {
    SubjectAttributesManager sam = getSubjectAttributesManager();
    if (sam != null) {
        Map<String, Set<String>> map = new HashMap<String, Set<String>>(4);
        if (sam.isGroupMembershipSearchIndexEnabled()) {
            Set<String> set = new HashSet<String>();
            String uuid = getID();
            SSOToken adminToken = (SSOToken) AccessController.doPrivileged(AdminTokenAction.getInstance());
            try {
                AMIdentity amid = IdUtils.getIdentity(adminToken, uuid);
                set.add(OpenSSOSubjectAttributesCollector.getIDWithoutOrgName(amid));
            } catch (IdRepoException ex) {
                if (PrivilegeManager.debug.messageEnabled()) {
                    PrivilegeManager.debug.message("OpenSSOGroupSubject.getSearchIndexAttributes", ex);
                }
                set.add(uuid);
            }
            map.put(SubjectAttributesCollector.NAMESPACE_MEMBERSHIP + IdType.GROUP.getName(), set);
        } else {
            Set<String> set = new HashSet<String>();
            set.add(SubjectAttributesCollector.ATTR_NAME_ALL_ENTITIES);
            map.put(SubjectAttributesCollector.NAMESPACE_IDENTITY, set);
        }
        return map;
    } else {
        return super.getSearchIndexAttributes();
    }
}
Also used : SubjectAttributesManager(com.sun.identity.entitlement.SubjectAttributesManager) Set(java.util.Set) HashSet(java.util.HashSet) SSOToken(com.iplanet.sso.SSOToken) HashMap(java.util.HashMap) AMIdentity(com.sun.identity.idm.AMIdentity) IdRepoException(com.sun.identity.idm.IdRepoException) HashSet(java.util.HashSet)

Example 7 with SSOToken

use of com.iplanet.sso.SSOToken in project OpenAM by OpenRock.

the class OpenSSOPolicyDataStore method getPolicy.

public Object getPolicy(Subject adminSubject, String realm, String name) throws EntitlementException {
    SSOToken adminToken = SubjectUtils.getSSOToken(adminSubject);
    if (adminToken == null) {
        Object[] params = { name };
        throw new EntitlementException(209, params);
    }
    String dn = getPolicyDistinguishedName(realm, name);
    if (!SMSEntry.checkIfEntryExists(dn, adminToken)) {
        Object[] params = { name };
        throw new EntitlementException(203, params);
    }
    try {
        SMSEntry s = new SMSEntry(adminToken, dn);
        Map<String, Set<String>> map = s.getAttributes();
        Set<String> xml = map.get(SMSEntry.ATTR_KEYVAL);
        String strXML = xml.iterator().next();
        if (strXML.startsWith(POLICY_XML)) {
            strXML = strXML.substring(POLICY_XML.length() + 1);
        }
        return createPolicy(adminToken, realm, strXML);
    } catch (SSOException ex) {
        Object[] params = { name };
        throw new EntitlementException(204, params, ex);
    } catch (SMSException ex) {
        Object[] params = { name };
        throw new EntitlementException(204, params, ex);
    } catch (Exception ex) {
        Object[] params = { name };
        throw new EntitlementException(204, params, ex);
    }
}
Also used : EntitlementException(com.sun.identity.entitlement.EntitlementException) SSOToken(com.iplanet.sso.SSOToken) HashSet(java.util.HashSet) Set(java.util.Set) SMSException(com.sun.identity.sm.SMSException) SMSEntry(com.sun.identity.sm.SMSEntry) SSOException(com.iplanet.sso.SSOException) EntitlementException(com.sun.identity.entitlement.EntitlementException) PolicyException(com.sun.identity.policy.PolicyException) SMSException(com.sun.identity.sm.SMSException) SSOException(com.iplanet.sso.SSOException)

Example 8 with SSOToken

use of com.iplanet.sso.SSOToken in project OpenAM by OpenRock.

the class OpenSSOPolicyDataStore method getReferral.

public ReferralPrivilege getReferral(Subject adminSubject, String realm, String name) throws EntitlementException {
    SSOToken adminToken = (adminSubject == PrivilegeManager.superAdminSubject) ? dsameUserToken : SubjectUtils.getSSOToken(adminSubject);
    if (adminToken == null) {
        Object[] params = { name };
        throw new EntitlementException(262, params);
    }
    String dn = getPolicyDistinguishedName(realm, name);
    if (!SMSEntry.checkIfEntryExists(dn, adminToken)) {
        Object[] params = { name };
        throw new EntitlementException(263, params);
    }
    try {
        SMSEntry s = new SMSEntry(adminToken, dn);
        Map<String, Set<String>> map = s.getAttributes();
        Set<String> set = map.get(SMSEntry.ATTR_KEYVAL);
        String xml = set.iterator().next();
        if (xml.startsWith(POLICY_XML)) {
            xml = xml.substring(POLICY_XML.length() + 1);
        }
        Set<IPrivilege> privileges = PrivilegeUtils.policyToPrivileges(createPolicy(adminToken, realm, xml));
        return (ReferralPrivilege) privileges.iterator().next();
    } catch (SSOException ex) {
        Object[] params = { name };
        throw new EntitlementException(204, params, ex);
    } catch (SMSException ex) {
        Object[] params = { name };
        throw new EntitlementException(204, params, ex);
    } catch (Exception ex) {
        Object[] params = { name };
        throw new EntitlementException(204, params, ex);
    }
}
Also used : SSOToken(com.iplanet.sso.SSOToken) HashSet(java.util.HashSet) Set(java.util.Set) SMSException(com.sun.identity.sm.SMSException) SSOException(com.iplanet.sso.SSOException) EntitlementException(com.sun.identity.entitlement.EntitlementException) PolicyException(com.sun.identity.policy.PolicyException) SMSException(com.sun.identity.sm.SMSException) SSOException(com.iplanet.sso.SSOException) EntitlementException(com.sun.identity.entitlement.EntitlementException) ReferralPrivilege(com.sun.identity.entitlement.ReferralPrivilege) IPrivilege(com.sun.identity.entitlement.IPrivilege) SMSEntry(com.sun.identity.sm.SMSEntry)

Example 9 with SSOToken

use of com.iplanet.sso.SSOToken in project OpenAM by OpenRock.

the class OpenSSOSubjectAttributesCollector method hasAttribute.

/**
     * Returns <code>true</code> if attribute value for the given user
     * represented by <class>Subject</class> object is present.
     *
     * @param subject identity of the user
     * @param attrName attribute name to check
     * @param attrValue attribute value to check
     * @return <code>true</code> if attribute value for the given user
     * represented by <class>Subject</class> object is present.
     * @throws com.sun.identity.entitlement.EntitlementException if this
     * operation failed.
     */
public boolean hasAttribute(Subject subject, String attrName, String attrValue) throws EntitlementException {
    String uuid = SubjectUtils.getPrincipalId(subject);
    try {
        SSOToken adminToken = (SSOToken) AccessController.doPrivileged(AdminTokenAction.getInstance());
        AMIdentity amid = new AMIdentity(adminToken, uuid);
        if (attrName.startsWith(NAMESPACE_ATTR)) {
            Set<String> values = amid.getAttribute(attrName.substring(NAMESPACE_ATTR.length()));
            return (values != null) ? values.contains(attrValue) : false;
        } else if (attrName.startsWith(NAMESPACE_MEMBERSHIP)) {
            IdType type = IdUtils.getType(attrName.substring(NAMESPACE_MEMBERSHIP.length()));
            if (type != null) {
                AMIdentity parent = new AMIdentity(adminToken, attrValue);
                if (parent.getType().equals(type)) {
                    Set<String> members = parent.getMembers(IdType.USER);
                    return members.contains(amid.getUniversalId());
                }
            }
        }
        return false;
    } catch (IdRepoException e) {
        Object[] params = { uuid };
        throw new EntitlementException(601, params, e);
    } catch (SSOException e) {
        Object[] params = { uuid };
        throw new EntitlementException(601, params, e);
    }
}
Also used : EntitlementException(com.sun.identity.entitlement.EntitlementException) SSOToken(com.iplanet.sso.SSOToken) CaseInsensitiveHashSet(com.sun.identity.common.CaseInsensitiveHashSet) Set(java.util.Set) HashSet(java.util.HashSet) AMIdentity(com.sun.identity.idm.AMIdentity) IdRepoException(com.sun.identity.idm.IdRepoException) SSOException(com.iplanet.sso.SSOException) IdType(com.sun.identity.idm.IdType)

Example 10 with SSOToken

use of com.iplanet.sso.SSOToken in project OpenAM by OpenRock.

the class OpenSSOPolicyDataStore method addReferral.

public void addReferral(Subject subject, String realm, ReferralPrivilege referral) throws EntitlementException {
    String name = referral.getName();
    String dn = getPolicyDistinguishedName(realm, name);
    SSOToken adminToken = SubjectUtils.getSSOToken(subject);
    if (adminToken == null) {
        Object[] params = { name };
        throw new EntitlementException(260, params);
    }
    // Delegation to applications is currently not configurable, passing super admin (see AME-4959)
    ApplicationPrivilegeManager applPrivilegeMgr = ApplicationPrivilegeManager.getInstance(realm, PrivilegeManager.superAdminSubject);
    if (!applPrivilegeMgr.hasPrivilege(referral, ApplicationPrivilege.Action.MODIFY)) {
        throw new EntitlementException(326);
    }
    try {
        createParentNode(dsameUserToken, realm);
        SMSEntry s = new SMSEntry(dsameUserToken, dn);
        Map<String, Set<String>> map = new HashMap<String, Set<String>>();
        Set<String> setServiceID = new HashSet<String>(2);
        map.put(SMSEntry.ATTR_SERVICE_ID, setServiceID);
        setServiceID.add("NamedPolicy");
        Set<String> setObjectClass = new HashSet<String>(4);
        map.put(SMSEntry.ATTR_OBJECTCLASS, setObjectClass);
        setObjectClass.add(SMSEntry.OC_TOP);
        setObjectClass.add(SMSEntry.OC_SERVICE_COMP);
        Set<String> setValue = new HashSet<String>(2);
        map.put(SMSEntry.ATTR_KEYVAL, setValue);
        Policy p = PrivilegeUtils.referralPrivilegeToPolicy(realm, referral);
        setValue.add(POLICY_XML + "=" + p.toXML());
        s.setAttributes(map);
        String[] logParams = { DNMapper.orgNameToRealmName(realm), name };
        OpenSSOLogger.log(OpenSSOLogger.LogLevel.MESSAGE, Level.INFO, "ATTEMPT_ADD_REFERRAL", logParams, subject);
        s.save();
        OpenSSOLogger.log(OpenSSOLogger.LogLevel.MESSAGE, Level.INFO, "SUCCEEDED_ADD_REFERRAL", logParams, subject);
        PrivilegeIndexStore pis = PrivilegeIndexStore.getInstance(dsameUserSubject, realm);
        Set<IPrivilege> tmp = new HashSet<IPrivilege>();
        tmp.add(referral);
        pis.add(tmp);
    } catch (PolicyException e) {
        String[] logParams = { DNMapper.orgNameToRealmName(realm), name, e.getMessage() };
        OpenSSOLogger.log(OpenSSOLogger.LogLevel.ERROR, Level.INFO, "FAILED_ADD_REFERRAL", logParams, subject);
        Object[] params = { name };
        throw new EntitlementException(261, params, e);
    } catch (SSOException e) {
        String[] logParams = { DNMapper.orgNameToRealmName(realm), name, e.getMessage() };
        OpenSSOLogger.log(OpenSSOLogger.LogLevel.ERROR, Level.INFO, "FAILED_ADD_REFERRAL", logParams, subject);
        Object[] params = { name };
        throw new EntitlementException(261, params, e);
    } catch (SMSException e) {
        String[] logParams = { DNMapper.orgNameToRealmName(realm), name, e.getMessage() };
        OpenSSOLogger.log(OpenSSOLogger.LogLevel.ERROR, Level.INFO, "FAILED_ADD_REFERRAL", logParams, subject);
        Object[] params = { name };
        throw new EntitlementException(261, params, e);
    }
}
Also used : Policy(com.sun.identity.policy.Policy) SSOToken(com.iplanet.sso.SSOToken) HashSet(java.util.HashSet) Set(java.util.Set) PrivilegeIndexStore(com.sun.identity.entitlement.PrivilegeIndexStore) HashMap(java.util.HashMap) SMSException(com.sun.identity.sm.SMSException) SSOException(com.iplanet.sso.SSOException) ApplicationPrivilegeManager(com.sun.identity.entitlement.ApplicationPrivilegeManager) EntitlementException(com.sun.identity.entitlement.EntitlementException) PolicyException(com.sun.identity.policy.PolicyException) IPrivilege(com.sun.identity.entitlement.IPrivilege) SMSEntry(com.sun.identity.sm.SMSEntry) HashSet(java.util.HashSet)

Aggregations

SSOToken (com.iplanet.sso.SSOToken)776 SSOException (com.iplanet.sso.SSOException)390 Set (java.util.Set)226 SMSException (com.sun.identity.sm.SMSException)218 HashSet (java.util.HashSet)179 IdRepoException (com.sun.identity.idm.IdRepoException)144 HashMap (java.util.HashMap)130 Test (org.testng.annotations.Test)130 CLIException (com.sun.identity.cli.CLIException)117 Iterator (java.util.Iterator)115 AMIdentity (com.sun.identity.idm.AMIdentity)113 Map (java.util.Map)113 IOutput (com.sun.identity.cli.IOutput)99 IOException (java.io.IOException)68 List (java.util.List)57 AMIdentityRepository (com.sun.identity.idm.AMIdentityRepository)56 IdType (com.sun.identity.idm.IdType)54 ServiceConfigManager (com.sun.identity.sm.ServiceConfigManager)53 EntitlementException (com.sun.identity.entitlement.EntitlementException)52 ServiceConfig (com.sun.identity.sm.ServiceConfig)52
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial