Example 36 with IdRepoException
use of com.sun.identity.idm.IdRepoException in project OpenAM by OpenRock.
the class OpenAMScopeValidator method getUpdatedAt.
private String getUpdatedAt(String username, String realm, OAuth2Request request) throws NotFoundException {
try {
final OAuth2ProviderSettings providerSettings = providerSettingsFactory.get(request);
String modifyTimestampAttributeName;
String createdTimestampAttributeName;
try {
modifyTimestampAttributeName = providerSettings.getModifiedTimestampAttributeName();
createdTimestampAttributeName = providerSettings.getCreatedTimestampAttributeName();
} catch (ServerException e) {
logger.error("Unable to read last modified attribute from datastore", e);
return DEFAULT_TIMESTAMP;
}
if (modifyTimestampAttributeName == null && createdTimestampAttributeName == null) {
return null;
}
final AMHashMap timestamps = getTimestamps(username, realm, modifyTimestampAttributeName, createdTimestampAttributeName);
final String modifyTimestamp = CollectionHelper.getMapAttr(timestamps, modifyTimestampAttributeName);
if (modifyTimestamp != null) {
synchronized (TIMESTAMP_DATE_FORMAT) {
return Long.toString(TIMESTAMP_DATE_FORMAT.parse(modifyTimestamp).getTime() / 1000);
}
} else {
final String createTimestamp = CollectionHelper.getMapAttr(timestamps, createdTimestampAttributeName);
if (createTimestamp != null) {
synchronized (TIMESTAMP_DATE_FORMAT) {
return Long.toString(TIMESTAMP_DATE_FORMAT.parse(createTimestamp).getTime() / 1000);
}
} else {
return DEFAULT_TIMESTAMP;
}
}
} catch (IdRepoException e) {
if (logger.errorEnabled()) {
logger.error("ScopeValidatorImpl" + ".getUpdatedAt: " + "error searching Identities with username : " + username, e);
}
} catch (SSOException e) {
logger.warning("Error getting updatedAt attribute", e);
} catch (ParseException e) {
logger.warning("Error getting updatedAt attribute", e);
}
return null;
}
Also used :
ServerException(org.forgerock.oauth2.core.exceptions.ServerException)
AMHashMap(com.iplanet.am.sdk.AMHashMap)
IdRepoException(com.sun.identity.idm.IdRepoException)
SSOException(com.iplanet.sso.SSOException)
OAuth2ProviderSettings(org.forgerock.oauth2.core.OAuth2ProviderSettings)
ParseException(java.text.ParseException)
Example 37 with IdRepoException
use of com.sun.identity.idm.IdRepoException in project OpenAM by OpenRock.
the class DelegationEvaluatorImpl method isAllowed.
public boolean isAllowed(SSOToken token, DelegationPermission permission, Map envParameters, boolean subTreeMode) throws SSOException, DelegationException {
EntitlementConfiguration ec = EntitlementConfiguration.getInstance(PolicyConstants.SUPER_ADMIN_SUBJECT, "/");
if (!ec.migratedToEntitlementService()) {
return false;
}
try {
AMIdentity user = new AMIdentity(token);
if (((privilegedUser != null) && user.equals(privilegedUser)) || (installTime && adminUserSet.contains(DNUtils.normalizeDN(token.getPrincipal().getName()))) || user.equals(adminUserId)) {
return true;
}
} catch (IdRepoException ide) {
throw (new DelegationException(ide.getMessage()));
}
if (!subTreeMode) {
return isAllowed(token, permission, envParameters);
}
StringBuilder buff = new StringBuilder();
buff.append("sms://");
if (permission.getOrganizationName() != null) {
buff.append(permission.getOrganizationName()).append("/");
}
if (permission.getServiceName() != null) {
buff.append(permission.getServiceName()).append("/");
}
if (permission.getVersion() != null) {
buff.append(permission.getVersion()).append("/");
}
if (permission.getConfigType() != null) {
buff.append(permission.getConfigType()).append("/");
}
if (permission.getSubConfigName() != null) {
buff.append(permission.getSubConfigName());
}
String resource = buff.toString();
try {
Subject userSubject = SubjectUtils.createSubject(token);
Evaluator eval = new Evaluator(PolicyConstants.SUPER_ADMIN_SUBJECT, DelegationManager.DELEGATION_SERVICE);
List<Entitlement> results = eval.evaluate(DNMapper.orgNameToDN(PolicyManager.DELEGATION_REALM), userSubject, resource, envParameters, true);
List<String> copiedActions = new ArrayList<String>();
copiedActions.addAll(permission.getActions());
for (Entitlement e : results) {
for (int i = copiedActions.size() - 1; i >= 0; --i) {
String action = copiedActions.get(i);
Boolean result = e.getActionValue(action);
if ((result != null) && result) {
copiedActions.remove(i);
}
}
if (copiedActions.isEmpty()) {
return true;
}
}
return false;
} catch (EntitlementException ex) {
debug.error("DelegationEvaluator.isAllowed", ex);
throw new DelegationException(ex);
}
}
Also used :
EntitlementConfiguration(com.sun.identity.entitlement.EntitlementConfiguration)
IdRepoException(com.sun.identity.idm.IdRepoException)
ArrayList(java.util.ArrayList)
Evaluator(com.sun.identity.entitlement.Evaluator)
Subject(javax.security.auth.Subject)
EntitlementException(com.sun.identity.entitlement.EntitlementException)
AMIdentity(com.sun.identity.idm.AMIdentity)
Entitlement(com.sun.identity.entitlement.Entitlement)
Example 38 with IdRepoException
use of com.sun.identity.idm.IdRepoException in project OpenAM by OpenRock.
the class DelegationManager method validateSupportedSubjectTypes.
private static void validateSupportedSubjectTypes(Set subjects) throws DelegationException {
if ((subjects != null) && !subjects.isEmpty()) {
try {
SSOToken adminToken = getAdminToken();
for (Iterator i = subjects.iterator(); i.hasNext(); ) {
String uuid = (String) i.next();
AMIdentity amid = IdUtils.getIdentity(adminToken, uuid);
if (!subjectIdTypes.contains(amid.getType().getName())) {
throw new DelegationException(ResBundleUtils.rbName, "un_supported_subject_type", null, null);
}
}
} catch (SSOException e) {
throw new DelegationException(e);
} catch (IdRepoException e) {
throw new DelegationException(e);
}
}
}
Also used :
SSOToken(com.iplanet.sso.SSOToken)
AMIdentity(com.sun.identity.idm.AMIdentity)
Iterator(java.util.Iterator)
IdRepoException(com.sun.identity.idm.IdRepoException)
SSOException(com.iplanet.sso.SSOException)
Example 39 with IdRepoException
use of com.sun.identity.idm.IdRepoException in project OpenAM by OpenRock.
the class DJLDAPv3Repo method isActive.
/**
* Tells whether the given identity is considered as "active" or not. In case the user status attribute is not
* configured, this method will always return <code>true</code>. In case of Active Directory the returned
* userAccountControl attribute will be masked with 0x2 to detect whether the given account is disabled or not.
*
* @param token Not used.
* @param type The type of the identity, this should be always USER.
* @param name The name of the identity.
* @return <code>true</code> if user status attribute is not configured, or decision based on the status
* attribute value. If there was any error while retrieving the status attribute this method will return
* <code>false</code>.
* @throws IdRepoException If the identity type is invalid.
*/
@Override
public boolean isActive(SSOToken token, IdType type, String name) throws IdRepoException {
if (DEBUG.messageEnabled()) {
DEBUG.message("isActive invoked");
}
if (!type.equals(IdType.USER)) {
throw new IdRepoUnsupportedOpException(IdRepoBundle.BUNDLE_NAME, IdRepoErrorCode.PLUGIN_OPERATION_NOT_SUPPORTED, new Object[] { CLASS_NAME, IdOperation.READ.getName(), type.getName() });
}
if (alwaysActive) {
try {
return isExists(token, type, name);
} catch (IdRepoException ide) {
return false;
}
}
Map<String, Set<String>> attrMap;
try {
attrMap = getAttributes(token, type, name, asSet(userStatusAttr));
attrMap = new CaseInsensitiveHashMap(attrMap);
} catch (IdRepoException ire) {
return false;
}
String status = CollectionHelper.getMapAttr(attrMap, userStatusAttr);
if (status != null) {
return helper.isActive(status, inactiveValue);
} else {
return true;
}
}
Also used :
IdRepoUnsupportedOpException(com.sun.identity.idm.IdRepoUnsupportedOpException)
Set(java.util.Set)
CaseInsensitiveHashSet(com.sun.identity.common.CaseInsensitiveHashSet)
HashSet(java.util.HashSet)
LinkedHashSet(java.util.LinkedHashSet)
CollectionUtils.asSet(org.forgerock.openam.utils.CollectionUtils.asSet)
IdRepoException(com.sun.identity.idm.IdRepoException)
ByteString(org.forgerock.opendj.ldap.ByteString)
CaseInsensitiveHashMap(com.sun.identity.common.CaseInsensitiveHashMap)
Example 40 with IdRepoException
use of com.sun.identity.idm.IdRepoException in project OpenAM by OpenRock.
the class DJLDAPv3Repo method getSchema.
protected Schema getSchema() throws IdRepoException {
if (schema == null) {
synchronized (this) {
if (schema == null) {
Connection conn = null;
try {
conn = connectionFactory.getConnection();
schema = Schema.readSchemaForEntry(conn, DN.valueOf(rootSuffix)).asStrictSchema();
} catch (LdapException ere) {
DEBUG.error("Unable to read the directory schema", ere);
throw new IdRepoException("Unable to read the directory schema");
} finally {
IOUtils.closeIfNotNull(conn);
}
}
}
}
return schema;
}
Also used :
Connection(org.forgerock.opendj.ldap.Connection)
IdRepoException(com.sun.identity.idm.IdRepoException)
LdapException(org.forgerock.opendj.ldap.LdapException)
Aggregations
IdRepoException (com.sun.identity.idm.IdRepoException)403
SSOException (com.iplanet.sso.SSOException)275
Set (java.util.Set)224
AMIdentity (com.sun.identity.idm.AMIdentity)221
HashSet (java.util.HashSet)183
Map (java.util.Map)121
Iterator (java.util.Iterator)118
SSOToken (com.iplanet.sso.SSOToken)112
HashMap (java.util.HashMap)110
SMSException (com.sun.identity.sm.SMSException)103
AMIdentityRepository (com.sun.identity.idm.AMIdentityRepository)96
CaseInsensitiveHashSet (com.sun.identity.common.CaseInsensitiveHashSet)67
AMConsoleException (com.sun.identity.console.base.model.AMConsoleException)58
IdType (com.sun.identity.idm.IdType)57
CaseInsensitiveHashMap (com.sun.identity.common.CaseInsensitiveHashMap)51
CLIException (com.sun.identity.cli.CLIException)48
IOutput (com.sun.identity.cli.IOutput)45
IdSearchResults (com.sun.identity.idm.IdSearchResults)44
IdSearchControl (com.sun.identity.idm.IdSearchControl)39
IdRepoUnsupportedOpException (com.sun.identity.idm.IdRepoUnsupportedOpException)35
