Example 1 with IdRepoUnsupportedOpException
use of com.sun.identity.idm.IdRepoUnsupportedOpException in project OpenAM by OpenRock.
the class AMSDKRepo method getAssignedServices.
public Set getAssignedServices(SSOToken token, IdType type, String name, Map mapOfServiceNamesandOCs) throws IdRepoException, SSOException {
Set resultsSet = new HashSet();
if (type.equals(IdType.AGENT) || type.equals(IdType.GROUP)) {
Object[] args = { this.getClass().getName() };
throw new IdRepoUnsupportedOpException(IdRepoBundle.BUNDLE_NAME, IdRepoErrorCode.SERVICES_NOT_SUPPORTED_FOR_AGENTS_AND_GROUPS, args);
}
if (mapOfServiceNamesandOCs == null || mapOfServiceNamesandOCs.isEmpty()) {
return resultsSet;
}
if (type.equals(IdType.USER)) {
Set OCs = readObjectClass(token, type, name);
OCs = convertToLowerCase(OCs);
Iterator iter = mapOfServiceNamesandOCs.keySet().iterator();
while (iter.hasNext()) {
String sname = (String) iter.next();
Set ocSet = (Set) mapOfServiceNamesandOCs.get(sname);
ocSet = convertToLowerCase(ocSet);
if (OCs.containsAll(ocSet)) {
resultsSet.add(sname);
}
}
} else if (type.equals(IdType.ROLE)) {
// Check to see if COS template exists.
Iterator iter = mapOfServiceNamesandOCs.keySet().iterator();
while (iter.hasNext()) {
String serviceName = (String) iter.next();
try {
AMStoreConnection amsc = (sc == null) ? new AMStoreConnection(token) : sc;
String roleDN = getDN(type, name);
AMRole role = amsc.getRole(roleDN);
AMTemplate templ = role.getTemplate(serviceName, AMTemplate.DYNAMIC_TEMPLATE);
if (templ != null && templ.isExists()) {
resultsSet.add(serviceName);
}
} catch (AMException ame) {
// throw IdUtils.convertAMException(ame);
// Ignore this exception..the service might not have
// dynamic attributes. Continue iterating.
}
}
} else if (type.equals(IdType.FILTEREDROLE) || type.equals(IdType.REALM)) {
// Check to see if COS template exists.
Iterator iter = mapOfServiceNamesandOCs.keySet().iterator();
while (iter.hasNext()) {
String serviceName = (String) iter.next();
try {
AMStoreConnection amsc = (sc == null) ? new AMStoreConnection(token) : sc;
String roleDN = getDN(type, name);
AMFilteredRole role = amsc.getFilteredRole(roleDN);
AMTemplate templ = role.getTemplate(serviceName, AMTemplate.DYNAMIC_TEMPLATE);
if (templ != null && templ.isExists()) {
resultsSet.add(serviceName);
}
} catch (AMException ame) {
// throw IdUtils.convertAMException(ame);
// ignore this exception
}
}
} else {
Object[] args = { this.getClass().getName() };
throw new IdRepoUnsupportedOpException(IdRepoBundle.BUNDLE_NAME, IdRepoErrorCode.SERVICES_NOT_SUPPORTED_FOR_AGENTS_AND_GROUPS, args);
}
return resultsSet;
}
Also used :
IdRepoUnsupportedOpException(com.sun.identity.idm.IdRepoUnsupportedOpException)
Set(java.util.Set)
HashSet(java.util.HashSet)
Iterator(java.util.Iterator)
HashSet(java.util.HashSet)
Example 2 with IdRepoUnsupportedOpException
use of com.sun.identity.idm.IdRepoUnsupportedOpException in project OpenAM by OpenRock.
the class AMSDKRepo method unassignService.
public void unassignService(SSOToken token, IdType type, String name, String serviceName, Map attrMap) throws IdRepoException, SSOException {
if (type.equals(IdType.AGENT) || type.equals(IdType.GROUP)) {
Object[] args = { this.getClass().getName() };
throw new IdRepoUnsupportedOpException(IdRepoBundle.BUNDLE_NAME, IdRepoErrorCode.SERVICES_NOT_SUPPORTED_FOR_AGENTS_AND_GROUPS, args);
}
// Use adminToken if present
if (adminToken != null) {
token = adminToken;
}
if (type.equals(IdType.USER)) {
// Get the object classes that need to be remove from Service Schema
Set removeOCs = (Set) attrMap.get("objectclass");
Set attrNameSet = new HashSet();
attrNameSet.add("objectclass");
Map objectClassesMap = getAttributes(token, type, name, attrNameSet);
Set OCValues = (Set) objectClassesMap.get("objectclass");
removeOCs = AMCommonUtils.updateAndGetRemovableOCs(OCValues, removeOCs);
// Get the attributes that need to be removed
Set removeAttrs = new HashSet();
Iterator iter1 = removeOCs.iterator();
while (iter1.hasNext()) {
String oc = (String) iter1.next();
IDirectoryServices dsServices = AMDirectoryAccessFactory.getDirectoryServices();
Set attrs = dsServices.getAttributesForSchema(oc);
Iterator iter2 = attrs.iterator();
while (iter2.hasNext()) {
String attrName = (String) iter2.next();
removeAttrs.add(attrName.toLowerCase());
}
}
// Will be AMHashMap, So the attr names will be in lower case
Map avPair = getAttributes(token, type, name);
Iterator itr = avPair.keySet().iterator();
while (itr.hasNext()) {
String attrName = (String) itr.next();
if (removeAttrs.contains(attrName)) {
try {
// remove attribute one at a time, so if the first
// one fails, it will keep continue to remove
// other attributes.
Map tmpMap = new AMHashMap();
tmpMap.put(attrName, Collections.EMPTY_SET);
setAttributes(token, type, name, tmpMap, false);
} catch (Exception ex) {
if (debug.messageEnabled()) {
debug.message("AMUserImpl.unassignServices()" + "Error occured while removing attribute: " + attrName);
}
}
}
}
// Now update the object class attribute
Map tmpMap = new AMHashMap();
tmpMap.put("objectclass", OCValues);
setAttributes(token, type, name, tmpMap, false);
} else if (type.equals(IdType.ROLE)) {
try {
AMStoreConnection amsc = (sc == null) ? new AMStoreConnection(token) : sc;
String roleDN = getDN(type, name);
AMRole role = amsc.getRole(roleDN);
AMTemplate templ = role.getTemplate(serviceName, AMTemplate.DYNAMIC_TEMPLATE);
if (templ != null && templ.isExists()) {
templ.delete();
}
/*
* amdm.unRegisterService(token, orgDN, AMObject.ORGANIZATION,
* serviceName, AMTemplate.DYNAMIC_TEMPLATE);
*/
} catch (AMException ame) {
debug.error("AMSDKRepo.unassignService: Caught AMException", ame);
throw IdUtils.convertAMException(ame);
}
} else if (type.equals(IdType.FILTEREDROLE) || type.equals(IdType.REALM)) {
try {
AMStoreConnection amsc = (sc == null) ? new AMStoreConnection(token) : sc;
String roleDN = getDN(type, name);
AMFilteredRole role = amsc.getFilteredRole(roleDN);
AMTemplate templ = role.getTemplate(serviceName, AMTemplate.DYNAMIC_TEMPLATE);
if (templ != null && templ.isExists()) {
templ.delete();
}
/*
* amdm.unRegisterService(token, orgDN, AMObject.ORGANIZATION,
* serviceName, AMTemplate.DYNAMIC_TEMPLATE);
*/
} catch (AMException ame) {
debug.error("AMSDKRepo.unassignService: Caught AMException", ame);
throw IdUtils.convertAMException(ame);
}
} else {
Object[] args = { this.getClass().getName() };
throw new IdRepoUnsupportedOpException(IdRepoBundle.BUNDLE_NAME, IdRepoErrorCode.SERVICES_NOT_SUPPORTED_FOR_AGENTS_AND_GROUPS, args);
}
}
Also used :
Set(java.util.Set)
HashSet(java.util.HashSet)
IdRepoUnsupportedOpException(com.sun.identity.idm.IdRepoUnsupportedOpException)
IdRepoFatalException(com.sun.identity.idm.IdRepoFatalException)
AuthLoginException(com.sun.identity.authentication.spi.AuthLoginException)
SSOException(com.iplanet.sso.SSOException)
LDAPServiceException(com.iplanet.services.ldap.LDAPServiceException)
IdRepoException(com.sun.identity.idm.IdRepoException)
SMSException(com.sun.identity.sm.SMSException)
LDAPUtilException(org.forgerock.openam.ldap.LDAPUtilException)
InvalidPasswordException(com.sun.identity.authentication.spi.InvalidPasswordException)
IDirectoryServices(com.iplanet.am.sdk.common.IDirectoryServices)
IdRepoUnsupportedOpException(com.sun.identity.idm.IdRepoUnsupportedOpException)
Iterator(java.util.Iterator)
Map(java.util.Map)
HashMap(java.util.HashMap)
CaseInsensitiveHashMap(com.sun.identity.common.CaseInsensitiveHashMap)
HashSet(java.util.HashSet)
Example 3 with IdRepoUnsupportedOpException
use of com.sun.identity.idm.IdRepoUnsupportedOpException in project OpenAM by OpenRock.
the class AMSDKRepo method changePassword.
public void changePassword(SSOToken token, IdType type, String name, String attrName, String oldPassword, String newPassword) throws IdRepoException, SSOException {
if (debug.messageEnabled()) {
debug.message("AMSDKRepo.changePassword: name = " + name);
}
if (!type.equals(IdType.USER)) {
Object[] args = { this.getClass().getName() };
throw new IdRepoUnsupportedOpException(IdRepoBundle.BUNDLE_NAME, IdRepoErrorCode.CHANGE_PASSWORD_ONLY_FOR_USER, args);
}
String dn = getDN(type, name);
int profileType = getProfileType(type);
try {
IDirectoryServices dsServices = AMDirectoryAccessFactory.getDirectoryServices();
dsServices.changePassword(token, dn, attrName, oldPassword, newPassword);
} catch (AMException ame) {
debug.error("AMSDKRepo.changePassword:", ame);
throw IdUtils.convertAMException(ame);
}
}
Also used :
IDirectoryServices(com.iplanet.am.sdk.common.IDirectoryServices)
IdRepoUnsupportedOpException(com.sun.identity.idm.IdRepoUnsupportedOpException)
Example 4 with IdRepoUnsupportedOpException
use of com.sun.identity.idm.IdRepoUnsupportedOpException in project OpenAM by OpenRock.
the class IdServicesImpl method setAttributes.
public void setAttributes(SSOToken token, IdType type, String name, Map attributes, boolean isAdd, String amOrgName, String amsdkDN, boolean isString) throws IdRepoException, SSOException {
IdRepoException origEx = null;
// Check permission first. If allowed then proceed, else the
// checkPermission method throws an "402" exception.
checkPermission(token, amOrgName, name, attributes.keySet(), IdOperation.EDIT, type);
if (type.equals(IdType.USER)) {
IdRepoAttributeValidator attrValidator = IdRepoAttributeValidatorManager.getInstance().getIdRepoAttributeValidator(amOrgName);
attrValidator.validateAttributes(attributes, IdOperation.EDIT);
}
// Get the list of plugins that service/edit the create operation.
Set configuredPluginClasses = (attributes.containsKey("objectclass")) ? idrepoCache.getIdRepoPlugins(amOrgName, IdOperation.SERVICE, type) : idrepoCache.getIdRepoPlugins(amOrgName, IdOperation.EDIT, type);
if ((configuredPluginClasses == null) || configuredPluginClasses.isEmpty()) {
throw new IdRepoException(IdRepoBundle.BUNDLE_NAME, IdRepoErrorCode.NO_PLUGINS_CONFIGURED, null);
}
Iterator it = configuredPluginClasses.iterator();
int noOfSuccess = configuredPluginClasses.size();
IdRepo idRepo;
while (it.hasNext()) {
idRepo = (IdRepo) it.next();
try {
Map cMap = idRepo.getConfiguration();
// do stuff to map attr names.
Map mappedAttributes = mapAttributeNames(attributes, cMap);
if (idRepo.getClass().getName().equals(IdConstants.AMSDK_PLUGIN) && amsdkDN != null) {
if (isString) {
idRepo.setAttributes(token, type, amsdkDN, mappedAttributes, isAdd);
} else {
idRepo.setBinaryAttributes(token, type, amsdkDN, mappedAttributes, isAdd);
}
} else {
if (isString) {
idRepo.setAttributes(token, type, name, mappedAttributes, isAdd);
} else {
idRepo.setBinaryAttributes(token, type, name, mappedAttributes, isAdd);
}
}
} catch (IdRepoUnsupportedOpException ide) {
if (idRepo != null && DEBUG.messageEnabled()) {
DEBUG.message("IdServicesImpl.setAttributes: " + "Unable to set attributes in the following " + "repository " + idRepo.getClass().getName() + " :: " + ide.getMessage());
}
noOfSuccess--;
origEx = (origEx == null) ? ide : origEx;
} catch (IdRepoFatalException idf) {
// fatal ..throw it all the way up
DEBUG.error("IdServicesImpl.setAttributes: Fatal Exception ", idf);
throw idf;
} catch (IdRepoException ide) {
if (idRepo != null && DEBUG.warningEnabled()) {
DEBUG.warning("IdServicesImpl.setAttributes: " + "Unable to modify identity in the " + "following repository " + idRepo.getClass().getName() + " :: " + ide.getMessage());
}
noOfSuccess--;
// all the ds and this entry might exist in one of the other ds.
if (!IdRepoErrorCode.UNABLE_FIND_ENTRY.equalsIgnoreCase(ide.getErrorCode()) || (origEx == null)) {
origEx = ide;
}
}
}
if (noOfSuccess == 0) {
if (DEBUG.warningEnabled()) {
DEBUG.warning("IdServicesImpl.setAttributes: " + "Unable to set attributes for identity " + type.getName() + "::" + name + " in any configured data" + " store", origEx);
}
throw origEx;
}
}
Also used :
IdRepoUnsupportedOpException(com.sun.identity.idm.IdRepoUnsupportedOpException)
Set(java.util.Set)
OrderedSet(com.sun.identity.shared.datastruct.OrderedSet)
CaseInsensitiveHashSet(com.sun.identity.common.CaseInsensitiveHashSet)
HashSet(java.util.HashSet)
IdRepo(com.sun.identity.idm.IdRepo)
IdRepoException(com.sun.identity.idm.IdRepoException)
Iterator(java.util.Iterator)
Map(java.util.Map)
AMHashMap(com.iplanet.am.sdk.AMHashMap)
HashMap(java.util.HashMap)
CaseInsensitiveHashMap(com.sun.identity.common.CaseInsensitiveHashMap)
IdRepoFatalException(com.sun.identity.idm.IdRepoFatalException)
Example 5 with IdRepoUnsupportedOpException
use of com.sun.identity.idm.IdRepoUnsupportedOpException in project OpenAM by OpenRock.
the class IdServicesImpl method changePassword.
public void changePassword(SSOToken token, IdType type, String name, String oldPassword, String newPassword, String amOrgName, String amsdkDN) throws IdRepoException, SSOException {
String attrName = "userPassword";
Set attrNames = new HashSet();
attrNames.add(attrName);
// Check permission first. If allowed then proceed, else the
// checkPermission method throws an "402" exception.
checkPermission(token, amOrgName, name, attrNames, IdOperation.EDIT, type);
if (type.equals(IdType.USER)) {
IdRepoAttributeValidator attrValidator = IdRepoAttributeValidatorManager.getInstance().getIdRepoAttributeValidator(amOrgName);
HashMap attributes = new HashMap();
Set values = new HashSet();
values.add(newPassword);
attributes.put(attrName, values);
attrValidator.validateAttributes(attributes, IdOperation.EDIT);
}
Set configuredPluginClasses = idrepoCache.getIdRepoPlugins(amOrgName, IdOperation.EDIT, type);
if ((configuredPluginClasses == null) || configuredPluginClasses.isEmpty()) {
throw new IdRepoException(IdRepoBundle.BUNDLE_NAME, IdRepoErrorCode.NO_PLUGINS_CONFIGURED, null);
}
Iterator it = configuredPluginClasses.iterator();
int noOfSuccess = configuredPluginClasses.size();
IdRepoException origEx = null;
IdRepo idRepo;
while (it.hasNext()) {
idRepo = (IdRepo) it.next();
Map cMap = idRepo.getConfiguration();
Set mappedAttributeNames = mapAttributeNames(attrNames, cMap);
if ((mappedAttributeNames != null) && (!mappedAttributeNames.isEmpty())) {
attrName = (String) mappedAttributeNames.iterator().next();
}
try {
if (idRepo.getClass().getName().equals(IdConstants.AMSDK_PLUGIN) && (amsdkDN != null)) {
idRepo.changePassword(token, type, amsdkDN, attrName, oldPassword, newPassword);
} else {
idRepo.changePassword(token, type, name, attrName, oldPassword, newPassword);
}
} catch (IdRepoUnsupportedOpException ide) {
if (DEBUG.messageEnabled()) {
DEBUG.message("IdServicesImpl.changePassword: " + "Unable to change password in the following " + "repository " + idRepo.getClass().getName() + " :: " + ide.getMessage());
}
noOfSuccess--;
origEx = (origEx == null) ? ide : origEx;
} catch (IdRepoFatalException idf) {
// fatal ..throw it all the way up
DEBUG.error("IdServicesImpl.changePassword: Fatal Exception ", idf);
throw idf;
} catch (IdRepoException ide) {
if (DEBUG.warningEnabled()) {
DEBUG.warning("IdServicesImpl.changePassword: " + "Unable to change password " + "following repository " + idRepo.getClass().getName() + " :: " + ide.getMessage());
}
noOfSuccess--;
// all the ds and this entry might exist in one of the other ds.
if (!ide.getErrorCode().equalsIgnoreCase(IdRepoErrorCode.UNABLE_FIND_ENTRY) || (origEx == null)) {
origEx = ide;
}
}
}
if (noOfSuccess == 0) {
if (DEBUG.warningEnabled()) {
DEBUG.warning("IdServicesImpl.changePassword: " + "Unable to change password for identity " + type.getName() + "::" + name + " in any configured data" + " store", origEx);
}
throw origEx;
}
}
Also used :
IdRepoUnsupportedOpException(com.sun.identity.idm.IdRepoUnsupportedOpException)
Set(java.util.Set)
OrderedSet(com.sun.identity.shared.datastruct.OrderedSet)
CaseInsensitiveHashSet(com.sun.identity.common.CaseInsensitiveHashSet)
HashSet(java.util.HashSet)
IdRepo(com.sun.identity.idm.IdRepo)
AMHashMap(com.iplanet.am.sdk.AMHashMap)
HashMap(java.util.HashMap)
CaseInsensitiveHashMap(com.sun.identity.common.CaseInsensitiveHashMap)
IdRepoException(com.sun.identity.idm.IdRepoException)
Iterator(java.util.Iterator)
Map(java.util.Map)
AMHashMap(com.iplanet.am.sdk.AMHashMap)
HashMap(java.util.HashMap)
CaseInsensitiveHashMap(com.sun.identity.common.CaseInsensitiveHashMap)
IdRepoFatalException(com.sun.identity.idm.IdRepoFatalException)
CaseInsensitiveHashSet(com.sun.identity.common.CaseInsensitiveHashSet)
HashSet(java.util.HashSet)
Aggregations
IdRepoUnsupportedOpException (com.sun.identity.idm.IdRepoUnsupportedOpException)43
HashSet (java.util.HashSet)37
Set (java.util.Set)36
IdRepoException (com.sun.identity.idm.IdRepoException)33
CaseInsensitiveHashSet (com.sun.identity.common.CaseInsensitiveHashSet)32
CaseInsensitiveHashMap (com.sun.identity.common.CaseInsensitiveHashMap)26
HashMap (java.util.HashMap)24
Iterator (java.util.Iterator)24
Map (java.util.Map)24
IdRepoFatalException (com.sun.identity.idm.IdRepoFatalException)20
IdRepo (com.sun.identity.idm.IdRepo)18
OrderedSet (com.sun.identity.shared.datastruct.OrderedSet)17
SMSException (com.sun.identity.sm.SMSException)12
AMHashMap (com.iplanet.am.sdk.AMHashMap)11
SSOException (com.iplanet.sso.SSOException)7
AuthLoginException (com.sun.identity.authentication.spi.AuthLoginException)7
ServiceConfig (com.sun.identity.sm.ServiceConfig)6
ByteString (org.forgerock.opendj.ldap.ByteString)6
DelegationException (com.sun.identity.delegation.DelegationException)5
LinkedHashSet (java.util.LinkedHashSet)5
