Example 1 with IdRepoFatalException
use of com.sun.identity.idm.IdRepoFatalException in project OpenAM by OpenRock.
the class AMSDKRepo method setAttributes.
/**
* Sets the Attributes of the named identity. the single sign on
* token must have the necessary permission to set the attributes.
*
* @param token
* single sign on token for this operation.
* @param type
* type of the identity
* @param name
* name of the identity
* @param attributes
* attributes to set.
* @param isAdd
* should attributes values be added to existing values.
* @throws IdRepoException
* if there are repository related error conditions.
* @throws SSOException
* if user's single sign on token is invalid.
*/
public void setAttributes(SSOToken token, IdType type, String name, Map attributes, boolean isAdd) throws IdRepoException, SSOException {
if (debug.messageEnabled()) {
if (attributes.containsKey("userpassword")) {
AMHashMap removedPasswd = new AMHashMap();
removedPasswd.copy(attributes);
removedPasswd.remove("userpassword");
removedPasswd.put("userpassword", "xxx...");
debug.message("AMSDKRepo: setAttributes called" + type + ": " + name + ": " + removedPasswd);
} else {
debug.message("AMSDKRepo: setAttributes called" + type + ": " + name + ": " + attributes);
}
}
if (attributes == null || attributes.isEmpty()) {
throw new IdRepoException(IdRepoBundle.BUNDLE_NAME, IdRepoErrorCode.ILLEGAL_ARGUMENTS, null);
}
String dn = getDN(type, name);
int profileType = getProfileType(type);
try {
if (adminToken != null) {
token = adminToken;
}
IDirectoryServices dsServices = AMDirectoryAccessFactory.getDirectoryServices();
dsServices.setAttributes(token, dn, profileType, attributes, null, false);
} catch (AMException ame) {
debug.error("AMSDKRepo.setAttributes: Unable to set attributes", ame);
String ldapError = ame.getLDAPErrorCode();
String errorMessage = ame.getMessage();
int errCode = Integer.parseInt(ldapError);
if (ResultCode.CONSTRAINT_VIOLATION.equals(ResultCode.valueOf(errCode))) {
Object[] args = { this.getClass().getName(), ldapError, errorMessage };
//as it breaks password policy for password length.
throw new IdRepoFatalException(IdRepoBundle.BUNDLE_NAME, IdRepoErrorCode.LDAP_EXCEPTION, ResultCode.CONSTRAINT_VIOLATION, args);
} else {
throw IdUtils.convertAMException(ame);
}
}
}
Also used :
IDirectoryServices(com.iplanet.am.sdk.common.IDirectoryServices)
IdRepoException(com.sun.identity.idm.IdRepoException)
IdRepoFatalException(com.sun.identity.idm.IdRepoFatalException)
Example 2 with IdRepoFatalException
use of com.sun.identity.idm.IdRepoFatalException in project OpenAM by OpenRock.
the class EntitiesModelImpl method getAssignedServiceNames.
/**
* Returns assigned services. Map of service name to its display name.
*
* @param universalId Universal ID of the entity.
* @return assigned services.
* @throws AMConsoleException if service information cannot be determined.
*/
public Map getAssignedServiceNames(String universalId) throws AMConsoleException {
Map assigned = null;
String[] param = { universalId };
logEvent("ATTEMPT_READ_IDENTITY_ASSIGNED_SERVICE", param);
try {
AMIdentity amid = IdUtils.getIdentity(getUserSSOToken(), universalId);
Set serviceNames = amid.getAssignedServices();
// don't show auth config or user services in the user profile.
IdType type = amid.getType();
if (type.equals(IdType.USER)) {
serviceNames.remove(AMAdminConstants.USER_SERVICE);
serviceNames.remove(AMAdminConstants.AUTH_CONFIG_SERVICE);
}
assigned = getLocalizedServiceNames(serviceNames);
logEvent("SUCCEED_READ_IDENTITY_ASSIGNED_SERVICE", param);
} catch (SSOException e) {
String[] paramsEx = { universalId, getErrorString(e) };
logEvent("SSO_EXCEPTION_READ_IDENTITY_ASSIGNED_SERVICE", paramsEx);
debug.warning("EntitiesModelImpl.getAssignedServiceNames", e);
throw new AMConsoleException(getErrorString(e));
} catch (IdRepoFatalException e) {
String[] paramsEx = { universalId, getErrorString(e) };
logEvent("IDM_EXCEPTION_READ_IDENTITY_ASSIGNED_SERVICE", paramsEx);
debug.warning("EntitiesModelImpl.getAssignedServiceNames", e);
// exception is too cryptic
if (e.getErrorCode().equals(IdRepoErrorCode.PLUGIN_OPERATION_NOT_SUPPORTED)) {
isServicesSupported = false;
throw new AMConsoleException(getLocalizedString("idrepo.sevices.not.supported"));
} else {
throw new AMConsoleException(getErrorString(e));
}
} catch (IdRepoException e) {
String[] paramsEx = { universalId, getErrorString(e) };
logEvent("IDM_EXCEPTION_READ_IDENTITY_ASSIGNED_SERVICE", paramsEx);
debug.warning("EntitiesModelImpl.getAssignedServiceNames", e);
throw new AMConsoleException(getErrorString(e));
}
return (assigned != null) ? assigned : Collections.EMPTY_MAP;
}
Also used :
Set(java.util.Set)
HashSet(java.util.HashSet)
AMIdentity(com.sun.identity.idm.AMIdentity)
IdRepoException(com.sun.identity.idm.IdRepoException)
SSOException(com.iplanet.sso.SSOException)
AMConsoleException(com.sun.identity.console.base.model.AMConsoleException)
Map(java.util.Map)
HashMap(java.util.HashMap)
CaseInsensitiveHashMap(com.sun.identity.common.CaseInsensitiveHashMap)
IdRepoFatalException(com.sun.identity.idm.IdRepoFatalException)
IdType(com.sun.identity.idm.IdType)
Example 3 with IdRepoFatalException
use of com.sun.identity.idm.IdRepoFatalException in project OpenAM by OpenRock.
the class IdServicesImpl method setAttributes.
public void setAttributes(SSOToken token, IdType type, String name, Map attributes, boolean isAdd, String amOrgName, String amsdkDN, boolean isString) throws IdRepoException, SSOException {
IdRepoException origEx = null;
// Check permission first. If allowed then proceed, else the
// checkPermission method throws an "402" exception.
checkPermission(token, amOrgName, name, attributes.keySet(), IdOperation.EDIT, type);
if (type.equals(IdType.USER)) {
IdRepoAttributeValidator attrValidator = IdRepoAttributeValidatorManager.getInstance().getIdRepoAttributeValidator(amOrgName);
attrValidator.validateAttributes(attributes, IdOperation.EDIT);
}
// Get the list of plugins that service/edit the create operation.
Set configuredPluginClasses = (attributes.containsKey("objectclass")) ? idrepoCache.getIdRepoPlugins(amOrgName, IdOperation.SERVICE, type) : idrepoCache.getIdRepoPlugins(amOrgName, IdOperation.EDIT, type);
if ((configuredPluginClasses == null) || configuredPluginClasses.isEmpty()) {
throw new IdRepoException(IdRepoBundle.BUNDLE_NAME, IdRepoErrorCode.NO_PLUGINS_CONFIGURED, null);
}
Iterator it = configuredPluginClasses.iterator();
int noOfSuccess = configuredPluginClasses.size();
IdRepo idRepo;
while (it.hasNext()) {
idRepo = (IdRepo) it.next();
try {
Map cMap = idRepo.getConfiguration();
// do stuff to map attr names.
Map mappedAttributes = mapAttributeNames(attributes, cMap);
if (idRepo.getClass().getName().equals(IdConstants.AMSDK_PLUGIN) && amsdkDN != null) {
if (isString) {
idRepo.setAttributes(token, type, amsdkDN, mappedAttributes, isAdd);
} else {
idRepo.setBinaryAttributes(token, type, amsdkDN, mappedAttributes, isAdd);
}
} else {
if (isString) {
idRepo.setAttributes(token, type, name, mappedAttributes, isAdd);
} else {
idRepo.setBinaryAttributes(token, type, name, mappedAttributes, isAdd);
}
}
} catch (IdRepoUnsupportedOpException ide) {
if (idRepo != null && DEBUG.messageEnabled()) {
DEBUG.message("IdServicesImpl.setAttributes: " + "Unable to set attributes in the following " + "repository " + idRepo.getClass().getName() + " :: " + ide.getMessage());
}
noOfSuccess--;
origEx = (origEx == null) ? ide : origEx;
} catch (IdRepoFatalException idf) {
// fatal ..throw it all the way up
DEBUG.error("IdServicesImpl.setAttributes: Fatal Exception ", idf);
throw idf;
} catch (IdRepoException ide) {
if (idRepo != null && DEBUG.warningEnabled()) {
DEBUG.warning("IdServicesImpl.setAttributes: " + "Unable to modify identity in the " + "following repository " + idRepo.getClass().getName() + " :: " + ide.getMessage());
}
noOfSuccess--;
// all the ds and this entry might exist in one of the other ds.
if (!IdRepoErrorCode.UNABLE_FIND_ENTRY.equalsIgnoreCase(ide.getErrorCode()) || (origEx == null)) {
origEx = ide;
}
}
}
if (noOfSuccess == 0) {
if (DEBUG.warningEnabled()) {
DEBUG.warning("IdServicesImpl.setAttributes: " + "Unable to set attributes for identity " + type.getName() + "::" + name + " in any configured data" + " store", origEx);
}
throw origEx;
}
}
Also used :
IdRepoUnsupportedOpException(com.sun.identity.idm.IdRepoUnsupportedOpException)
Set(java.util.Set)
OrderedSet(com.sun.identity.shared.datastruct.OrderedSet)
CaseInsensitiveHashSet(com.sun.identity.common.CaseInsensitiveHashSet)
HashSet(java.util.HashSet)
IdRepo(com.sun.identity.idm.IdRepo)
IdRepoException(com.sun.identity.idm.IdRepoException)
Iterator(java.util.Iterator)
Map(java.util.Map)
AMHashMap(com.iplanet.am.sdk.AMHashMap)
HashMap(java.util.HashMap)
CaseInsensitiveHashMap(com.sun.identity.common.CaseInsensitiveHashMap)
IdRepoFatalException(com.sun.identity.idm.IdRepoFatalException)
Example 4 with IdRepoFatalException
use of com.sun.identity.idm.IdRepoFatalException in project OpenAM by OpenRock.
the class IdServicesImpl method changePassword.
public void changePassword(SSOToken token, IdType type, String name, String oldPassword, String newPassword, String amOrgName, String amsdkDN) throws IdRepoException, SSOException {
String attrName = "userPassword";
Set attrNames = new HashSet();
attrNames.add(attrName);
// Check permission first. If allowed then proceed, else the
// checkPermission method throws an "402" exception.
checkPermission(token, amOrgName, name, attrNames, IdOperation.EDIT, type);
if (type.equals(IdType.USER)) {
IdRepoAttributeValidator attrValidator = IdRepoAttributeValidatorManager.getInstance().getIdRepoAttributeValidator(amOrgName);
HashMap attributes = new HashMap();
Set values = new HashSet();
values.add(newPassword);
attributes.put(attrName, values);
attrValidator.validateAttributes(attributes, IdOperation.EDIT);
}
Set configuredPluginClasses = idrepoCache.getIdRepoPlugins(amOrgName, IdOperation.EDIT, type);
if ((configuredPluginClasses == null) || configuredPluginClasses.isEmpty()) {
throw new IdRepoException(IdRepoBundle.BUNDLE_NAME, IdRepoErrorCode.NO_PLUGINS_CONFIGURED, null);
}
Iterator it = configuredPluginClasses.iterator();
int noOfSuccess = configuredPluginClasses.size();
IdRepoException origEx = null;
IdRepo idRepo;
while (it.hasNext()) {
idRepo = (IdRepo) it.next();
Map cMap = idRepo.getConfiguration();
Set mappedAttributeNames = mapAttributeNames(attrNames, cMap);
if ((mappedAttributeNames != null) && (!mappedAttributeNames.isEmpty())) {
attrName = (String) mappedAttributeNames.iterator().next();
}
try {
if (idRepo.getClass().getName().equals(IdConstants.AMSDK_PLUGIN) && (amsdkDN != null)) {
idRepo.changePassword(token, type, amsdkDN, attrName, oldPassword, newPassword);
} else {
idRepo.changePassword(token, type, name, attrName, oldPassword, newPassword);
}
} catch (IdRepoUnsupportedOpException ide) {
if (DEBUG.messageEnabled()) {
DEBUG.message("IdServicesImpl.changePassword: " + "Unable to change password in the following " + "repository " + idRepo.getClass().getName() + " :: " + ide.getMessage());
}
noOfSuccess--;
origEx = (origEx == null) ? ide : origEx;
} catch (IdRepoFatalException idf) {
// fatal ..throw it all the way up
DEBUG.error("IdServicesImpl.changePassword: Fatal Exception ", idf);
throw idf;
} catch (IdRepoException ide) {
if (DEBUG.warningEnabled()) {
DEBUG.warning("IdServicesImpl.changePassword: " + "Unable to change password " + "following repository " + idRepo.getClass().getName() + " :: " + ide.getMessage());
}
noOfSuccess--;
// all the ds and this entry might exist in one of the other ds.
if (!ide.getErrorCode().equalsIgnoreCase(IdRepoErrorCode.UNABLE_FIND_ENTRY) || (origEx == null)) {
origEx = ide;
}
}
}
if (noOfSuccess == 0) {
if (DEBUG.warningEnabled()) {
DEBUG.warning("IdServicesImpl.changePassword: " + "Unable to change password for identity " + type.getName() + "::" + name + " in any configured data" + " store", origEx);
}
throw origEx;
}
}
Also used :
IdRepoUnsupportedOpException(com.sun.identity.idm.IdRepoUnsupportedOpException)
Set(java.util.Set)
OrderedSet(com.sun.identity.shared.datastruct.OrderedSet)
CaseInsensitiveHashSet(com.sun.identity.common.CaseInsensitiveHashSet)
HashSet(java.util.HashSet)
IdRepo(com.sun.identity.idm.IdRepo)
AMHashMap(com.iplanet.am.sdk.AMHashMap)
HashMap(java.util.HashMap)
CaseInsensitiveHashMap(com.sun.identity.common.CaseInsensitiveHashMap)
IdRepoException(com.sun.identity.idm.IdRepoException)
Iterator(java.util.Iterator)
Map(java.util.Map)
AMHashMap(com.iplanet.am.sdk.AMHashMap)
HashMap(java.util.HashMap)
CaseInsensitiveHashMap(com.sun.identity.common.CaseInsensitiveHashMap)
IdRepoFatalException(com.sun.identity.idm.IdRepoFatalException)
CaseInsensitiveHashSet(com.sun.identity.common.CaseInsensitiveHashSet)
HashSet(java.util.HashSet)
Example 5 with IdRepoFatalException
use of com.sun.identity.idm.IdRepoFatalException in project OpenAM by OpenRock.
the class IdServicesImpl method assignService.
public void assignService(SSOToken token, IdType type, String name, String serviceName, SchemaType stype, Map attrMap, String amOrgName, String amsdkDN) throws IdRepoException, SSOException {
IdRepoException origEx = null;
// Check permission first. If allowed then proceed, else the
// checkPermission method throws an "402" exception.
checkPermission(token, amOrgName, name, null, IdOperation.SERVICE, type);
// Get the list of plugins that support the service operation.
Set configuredPluginClasses = idrepoCache.getIdRepoPlugins(amOrgName, IdOperation.SERVICE, type);
if (configuredPluginClasses == null || configuredPluginClasses.isEmpty()) {
throw new IdRepoException(IdRepoBundle.BUNDLE_NAME, IdRepoErrorCode.NO_PLUGINS_CONFIGURED, null);
}
Iterator it = configuredPluginClasses.iterator();
int noOfSuccess = configuredPluginClasses.size();
IdRepo idRepo = null;
while (it.hasNext()) {
IdRepo repo = (IdRepo) it.next();
Map cMap = repo.getConfiguration();
try {
Map mappedAttributes = mapAttributeNames(attrMap, cMap);
if (repo.getClass().getName().equals(IdConstants.AMSDK_PLUGIN) && amsdkDN != null) {
repo.assignService(token, type, amsdkDN, serviceName, stype, mappedAttributes);
} else {
repo.assignService(token, type, name, serviceName, stype, mappedAttributes);
}
} catch (IdRepoUnsupportedOpException ide) {
if (idRepo != null && DEBUG.messageEnabled()) {
DEBUG.message("IdServicesImpl.assignService: " + "Assign Services not supported for repository " + repo.getClass().getName() + " :: " + ide.getMessage());
}
noOfSuccess--;
origEx = (origEx == null) ? ide : origEx;
} catch (IdRepoFatalException idf) {
// fatal ..throw it all the way up
DEBUG.error("IdServicesImpl.assignService: FatalException ", idf);
throw idf;
} catch (IdRepoException ide) {
if (idRepo != null && DEBUG.warningEnabled()) {
DEBUG.warning("IdServicesImpl.assignService: " + "Unable to assign Service identity in " + "the following repository " + idRepo.getClass().getName() + " :: " + ide.getMessage());
}
noOfSuccess--;
origEx = (origEx == null) ? ide : origEx;
}
}
if (noOfSuccess == 0) {
if (DEBUG.warningEnabled()) {
DEBUG.warning("IdServicesImpl.assignService: " + "Unable to assign service for identity " + type.getName() + "::" + name + " in any configured data store ", origEx);
}
throw origEx;
}
}
Also used :
IdRepoUnsupportedOpException(com.sun.identity.idm.IdRepoUnsupportedOpException)
Set(java.util.Set)
OrderedSet(com.sun.identity.shared.datastruct.OrderedSet)
CaseInsensitiveHashSet(com.sun.identity.common.CaseInsensitiveHashSet)
HashSet(java.util.HashSet)
IdRepo(com.sun.identity.idm.IdRepo)
IdRepoException(com.sun.identity.idm.IdRepoException)
Iterator(java.util.Iterator)
Map(java.util.Map)
AMHashMap(com.iplanet.am.sdk.AMHashMap)
HashMap(java.util.HashMap)
CaseInsensitiveHashMap(com.sun.identity.common.CaseInsensitiveHashMap)
IdRepoFatalException(com.sun.identity.idm.IdRepoFatalException)
Aggregations
IdRepoException (com.sun.identity.idm.IdRepoException)20
IdRepoFatalException (com.sun.identity.idm.IdRepoFatalException)20
HashSet (java.util.HashSet)19
CaseInsensitiveHashSet (com.sun.identity.common.CaseInsensitiveHashSet)18
IdRepo (com.sun.identity.idm.IdRepo)18
IdRepoUnsupportedOpException (com.sun.identity.idm.IdRepoUnsupportedOpException)18
Set (java.util.Set)18
OrderedSet (com.sun.identity.shared.datastruct.OrderedSet)17
Iterator (java.util.Iterator)17
CaseInsensitiveHashMap (com.sun.identity.common.CaseInsensitiveHashMap)12
HashMap (java.util.HashMap)12
Map (java.util.Map)12
AMHashMap (com.iplanet.am.sdk.AMHashMap)11
SSOException (com.iplanet.sso.SSOException)6
AuthLoginException (com.sun.identity.authentication.spi.AuthLoginException)5
DelegationException (com.sun.identity.delegation.DelegationException)5
SMSException (com.sun.identity.sm.SMSException)5
AMIdentity (com.sun.identity.idm.AMIdentity)3
IDirectoryServices (com.iplanet.am.sdk.common.IDirectoryServices)1
SSOToken (com.iplanet.sso.SSOToken)1
