Example 26 with IdRepoUnsupportedOpException
use of com.sun.identity.idm.IdRepoUnsupportedOpException in project OpenAM by OpenRock.
the class SpecialRepo method setAttributes.
/*
* (non-Javadoc)
*
* @see com.sun.identity.idm.IdRepo#setAttributes(com.iplanet.sso.SSOToken,
* com.sun.identity.idm.IdType, java.lang.String, java.util.Map,
* boolean)
*/
public void setAttributes(SSOToken token, IdType type, String name, Map attributes, boolean isAdd) throws IdRepoException, SSOException {
if (isSpecialUser(type, name)) {
boolean isUrlAccessAgent = isUrlAccessAgent(type, name);
String urlAccessAgentCryptPwd = null;
if (!isAmAdminUser(token)) {
Object[] args = { name };
throw new IdRepoException(IdRepoBundle.BUNDLE_NAME, IdRepoErrorCode.PERMISSION_DENIED_SETTING_ATTRIBUTES, args);
}
try {
ServiceConfig userConfig = getUserConfig();
// For performance reason check if the user entry
// is present before getting the subConfig
CaseInsensitiveHashSet userSet = new CaseInsensitiveHashSet();
userSet.addAll(userConfig.getSubConfigNames());
if (userSet.contains(name)) {
ServiceConfig usc1 = userConfig.getSubConfig(name);
Map attrs = usc1.getAttributes();
// can only set "userpassword" and "inetUserStatus"
String newPassword = null;
Set vals = (Set) attributes.get("userPassword");
if ((vals != null) || (vals = (Set) attributes.get("userpassword")) != null) {
Set hashedVals = new HashSet();
Iterator it = vals.iterator();
while (it.hasNext()) {
String val = (String) it.next();
hashedVals.add(Hash.hash(val));
newPassword = val;
// urlAccessAgentCryptPwd will be null.
if (isUrlAccessAgent) {
urlAccessAgentCryptPwd = Crypt.encode(val);
}
}
attrs.put("userPassword", hashedVals);
}
if ((vals = (Set) attributes.get(statusAttribute)) != null || (vals = (Set) attributes.get(statusAttribute)) != null) {
attrs.put(statusAttribute, vals);
}
if ((vals = (Set) attributes.get(cnAttribute)) != null || (vals = (Set) attributes.get(cnAttribute)) != null) {
attrs.put(cnAttribute, vals);
}
if ((vals = (Set) attributes.get(snAttribute)) != null || (vals = (Set) attributes.get(snAttribute)) != null) {
attrs.put(snAttribute, vals);
}
if ((vals = (Set) attributes.get(gnAttribute)) != null || (vals = (Set) attributes.get(gnAttribute)) != null) {
attrs.put(gnAttribute, vals);
}
if ((vals = (Set) attributes.get(empNumAttribute)) != null || (vals = (Set) attributes.get(empNumAttribute)) != null) {
attrs.put(empNumAttribute, vals);
}
if ((vals = (Set) attributes.get(aliasAttribute)) != null || (vals = (Set) attributes.get(aliasAttribute)) != null) {
attrs.put(aliasAttribute, vals);
}
if ((vals = (Set) attributes.get(successAttribute)) != null || (vals = (Set) attributes.get(successAttribute)) != null) {
attrs.put(successAttribute, vals);
}
if ((vals = (Set) attributes.get(failureAttribute)) != null || (vals = (Set) attributes.get(failureAttribute)) != null) {
attrs.put(failureAttribute, vals);
}
if ((vals = (Set) attributes.get(mailAttribute)) != null || (vals = (Set) attributes.get(mailAttribute)) != null) {
attrs.put(mailAttribute, vals);
}
if ((vals = (Set) attributes.get(addrAttribute)) != null || (vals = (Set) attributes.get(addrAttribute)) != null) {
attrs.put(addrAttribute, vals);
}
if ((vals = (Set) attributes.get(msisdnAttribute)) != null || (vals = (Set) attributes.get(msisdnAttribute)) != null) {
attrs.put(msisdnAttribute, vals);
}
if ((vals = (Set) attributes.get(phoneAttribute)) != null || (vals = (Set) attributes.get(phoneAttribute)) != null) {
attrs.put(phoneAttribute, vals);
}
usc1.setAttributes(attrs);
// update serverconfig.xml and directory
if (name.equalsIgnoreCase("dsameuser")) {
String op = (String) AccessController.doPrivileged(new AdminPasswordAction());
try {
ServerConfigMgr sscm = new ServerConfigMgr();
sscm.setAdminUserPassword(op, newPassword);
sscm.save();
} catch (Exception e) {
debug.error("SpecialRepo: error in " + "changing password", e);
}
}
updateServiceConfiguration(urlAccessAgentCryptPwd);
} else {
Object[] args = { name };
throw new IdRepoException(IdRepoBundle.BUNDLE_NAME, IdRepoErrorCode.NOT_VALID_ENTRY, args);
}
} catch (SMSException smse) {
debug.error("SpecialRepo: Unable to set user attributes ", smse);
Object[] args = { NAME, type.getName(), name };
throw new IdRepoException(IdRepoBundle.BUNDLE_NAME, IdRepoErrorCode.ERROR_SETTING_ATTRIBUTES, args);
}
} else {
Object[] args = { NAME, IdOperation.EDIT.getName() };
throw new IdRepoUnsupportedOpException(IdRepoBundle.BUNDLE_NAME, IdRepoErrorCode.PLUGIN_OPERATION_NOT_SUPPORTED, args);
}
}
Also used :
Set(java.util.Set)
CaseInsensitiveHashSet(com.sun.identity.common.CaseInsensitiveHashSet)
HashSet(java.util.HashSet)
AdminPasswordAction(com.sun.identity.security.AdminPasswordAction)
SMSException(com.sun.identity.sm.SMSException)
IdRepoException(com.sun.identity.idm.IdRepoException)
LoginException(javax.security.auth.login.LoginException)
UnknownPropertyNameException(com.sun.identity.common.configuration.UnknownPropertyNameException)
IdRepoUnsupportedOpException(com.sun.identity.idm.IdRepoUnsupportedOpException)
IdRepoFatalException(com.sun.identity.idm.IdRepoFatalException)
AuthLoginException(com.sun.identity.authentication.spi.AuthLoginException)
SSOException(com.iplanet.sso.SSOException)
IdRepoException(com.sun.identity.idm.IdRepoException)
SMSException(com.sun.identity.sm.SMSException)
IOException(java.io.IOException)
ConfigurationException(com.sun.identity.common.configuration.ConfigurationException)
CaseInsensitiveHashSet(com.sun.identity.common.CaseInsensitiveHashSet)
IdRepoUnsupportedOpException(com.sun.identity.idm.IdRepoUnsupportedOpException)
ServiceConfig(com.sun.identity.sm.ServiceConfig)
Iterator(java.util.Iterator)
Map(java.util.Map)
HashMap(java.util.HashMap)
CaseInsensitiveHashMap(com.sun.identity.common.CaseInsensitiveHashMap)
CaseInsensitiveHashSet(com.sun.identity.common.CaseInsensitiveHashSet)
HashSet(java.util.HashSet)
ServerConfigMgr(com.iplanet.services.ldap.ServerConfigMgr)
Example 27 with IdRepoUnsupportedOpException
use of com.sun.identity.idm.IdRepoUnsupportedOpException in project OpenAM by OpenRock.
the class FilesRepo method getMemberships.
/*
* (non-Javadoc)
*
* @see com.sun.identity.idm.IdRepo#getMemberships(
* com.iplanet.sso.SSOToken, com.sun.identity.idm.IdType,
* java.lang.String, com.sun.identity.idm.IdType)
*/
public Set getMemberships(SSOToken token, IdType type, String name, IdType membershipType) throws IdRepoException, SSOException {
if (debug.messageEnabled()) {
debug.message("FilesRepo.getMemberships called " + type + ": " + name + ": " + membershipType);
}
if (initializationException != null) {
debug.error("FilesRepo.getMemeberships: throwing initialization exception");
throw (initializationException);
}
// Memerships can be returned for users and agents
if (!type.equals(IdType.USER) && !type.equals(IdType.AGENT)) {
debug.message("FilesRepo:getMemberships supported for users and agents");
Object[] args = { NAME };
throw (new IdRepoException(IdRepoBundle.BUNDLE_NAME, IdRepoErrorCode.MEMBERSHIPS_FOR_NOT_USERS_NOT_ALLOWED, args));
}
// Set to maintain the members
Set results = new HashSet();
if (membershipType.equals(IdType.ROLE)) {
// Get the role attribute and return
Set returnAttrs = new HashSet();
returnAttrs.add(roleMembershipAttribute);
Map attrs = getAttributes(token, type, name, returnAttrs);
if (attrs != null) {
Set roles = (Set) attrs.get(roleMembershipAttribute);
if (roles != null) {
results = roles;
}
}
} else if (membershipType.equals(IdType.GROUP)) {
// Get the list of groups and search for memberships
Set returnAttrs = new HashSet();
returnAttrs.add(groupMembersAttribute);
RepoSearchResults allGroups = search(token, membershipType, "*", 0, 0, returnAttrs, false, IdRepo.OR_MOD, null, false);
Map groupAttrs = null;
if ((allGroups != null) && ((groupAttrs = allGroups.getResultAttributes()) != null)) {
// Prefix name with IdType
name = type.getName() + name;
for (Iterator i = groupAttrs.keySet().iterator(); i.hasNext(); ) {
String sname = (String) i.next();
Map attrs = (Map) groupAttrs.get(sname);
Set ids = (Set) attrs.get(groupMembersAttribute);
if (ids != null && ids.contains(name)) {
results.add(sname);
}
}
}
} else {
// throw unsupported operation exception
Object[] args = { NAME, IdOperation.READ.getName(), membershipType.getName() };
throw new IdRepoUnsupportedOpException(IdRepoBundle.BUNDLE_NAME, IdRepoErrorCode.PLUGIN_OPERATION_NOT_SUPPORTED, args);
}
return (results);
}
Also used :
IdRepoUnsupportedOpException(com.sun.identity.idm.IdRepoUnsupportedOpException)
CaseInsensitiveHashSet(com.sun.identity.common.CaseInsensitiveHashSet)
HashSet(java.util.HashSet)
Set(java.util.Set)
IdRepoException(com.sun.identity.idm.IdRepoException)
Iterator(java.util.Iterator)
RepoSearchResults(com.sun.identity.idm.RepoSearchResults)
HashMap(java.util.HashMap)
CaseInsensitiveHashMap(com.sun.identity.common.CaseInsensitiveHashMap)
Map(java.util.Map)
CaseInsensitiveHashSet(com.sun.identity.common.CaseInsensitiveHashSet)
HashSet(java.util.HashSet)
Example 28 with IdRepoUnsupportedOpException
use of com.sun.identity.idm.IdRepoUnsupportedOpException in project OpenAM by OpenRock.
the class AgentsRepo method getAttributes.
/*
* (non-Javadoc)
*
* @see com.sun.identity.idm.IdRepo#getAttributes(com.iplanet.sso.SSOToken,
* com.sun.identity.idm.IdType, java.lang.String)
*/
public Map getAttributes(SSOToken token, IdType type, String name) throws IdRepoException, SSOException {
if (debug.messageEnabled()) {
debug.message("AgentsRepo.getAttributes() called: " + type + ": " + name);
}
if (initializationException != null) {
debug.error("AgentsRepo.getAttributes: " + "Realm " + realmName + " does not exist.");
throw (initializationException);
}
if (type.equals(IdType.AGENT) || type.equals(IdType.AGENTONLY) || type.equals(IdType.AGENTGROUP)) {
Map agentsAttrMap = new HashMap(2);
try {
if (type.equals(IdType.AGENTONLY)) {
// Return the attributes for the given agent under
// default group.
ServiceConfig orgConfig = getOrgConfig(token);
agentsAttrMap = getAgentAttrs(orgConfig, name, type);
} else if (type.equals(IdType.AGENTGROUP)) {
ServiceConfig agentGroupConfig = getAgentGroupConfig(token);
// Return the attributes of agent under specified group.
agentsAttrMap = getAgentAttrs(agentGroupConfig, name, type);
} else if (type.equals(IdType.AGENT)) {
// By default return the union of agents under
// default group and the agent group.
ServiceConfig orgConfig = getOrgConfig(token);
agentsAttrMap = getAgentAttrs(orgConfig, name, type);
String groupName = getGroupName(orgConfig, name);
if ((groupName != null) && (groupName.trim().length() > 0)) {
ServiceConfig agentGroupConfig = getAgentGroupConfig(token);
Map agentGroupMap = getAgentAttrs(agentGroupConfig, groupName, type);
if ((agentsAttrMap != null) && (agentGroupMap != null)) {
agentGroupMap.putAll(agentsAttrMap);
agentsAttrMap = agentGroupMap;
}
}
}
return agentsAttrMap;
} catch (SMSException e) {
if (debug.warningEnabled()) {
debug.warning("AgentsRepo.getAttributes(): Unable to " + "read/get agent attributes SMSException: " + e.getMessage());
}
Object[] args = { NAME };
throw new IdRepoException(IdRepoBundle.BUNDLE_NAME, IdRepoErrorCode.UNABLE_READ_ATTRIBUTES, args);
} catch (IdRepoException idpe) {
if (debug.warningEnabled()) {
debug.warning("AgentsRepo.getAttributes(): Unable to " + "read/get agent attributes IdRepoException: " + idpe.getMessage(), idpe);
}
Object[] args = { NAME };
throw new IdRepoException(IdRepoBundle.BUNDLE_NAME, IdRepoErrorCode.UNABLE_READ_ATTRIBUTES, args);
}
}
Object[] args = { NAME, IdOperation.READ.getName() };
throw new IdRepoUnsupportedOpException(IdRepoBundle.BUNDLE_NAME, IdRepoErrorCode.PLUGIN_OPERATION_NOT_SUPPORTED, args);
}
Also used :
IdRepoUnsupportedOpException(com.sun.identity.idm.IdRepoUnsupportedOpException)
HashMap(java.util.HashMap)
CaseInsensitiveHashMap(com.sun.identity.common.CaseInsensitiveHashMap)
ServiceConfig(com.sun.identity.sm.ServiceConfig)
SMSException(com.sun.identity.sm.SMSException)
IdRepoException(com.sun.identity.idm.IdRepoException)
Map(java.util.Map)
HashMap(java.util.HashMap)
CaseInsensitiveHashMap(com.sun.identity.common.CaseInsensitiveHashMap)
Example 29 with IdRepoUnsupportedOpException
use of com.sun.identity.idm.IdRepoUnsupportedOpException in project OpenAM by OpenRock.
the class DJLDAPv3Repo method getServiceAttributes.
/**
* Returns the service attributes in binary or string format for the given identity.
* In case of a USER this will retrieve first the service attributes from the user entry, and later it will also
* query the service attributes of the current realm. When a user-specific setting is missing the realm-specific one
* will be returned instead.
* In case of a REALM it will return a defensive copy of the service attributes stored locally.
*
* @param type The type of the identity, this should be always USER or REALM.
* @param name The name of the identity to query. Only used when identity type is USER.
* @param serviceName The name of the service, which in case of USER may be null.
* @param attrNames The name of the service attributes that needs to be queried. In case of USER this may NOT be
* null. In case of REALM, when null this will return all attributes for the service.
* @param extractor The attribute extractor to use.
* @param converter The attribute filter to use.
* @return The matching service attributes.
* @throws IdRepoException If there was an error while retrieving the service attributes from the user, or if the
* identity type was invalid.
*/
private <T> Map<String, T> getServiceAttributes(IdType type, String name, String serviceName, Set<String> attrNames, Function<Attribute, T, IdRepoException> extractor, Function<Map<String, Set<String>>, Map<String, T>, IdRepoException> converter) throws IdRepoException {
if (type.equals(IdType.USER)) {
Map<String, T> attrsFromUser = getAttributes(type, name, attrNames, extractor);
if (serviceName == null || serviceName.isEmpty()) {
return attrsFromUser;
}
Map<String, Set<String>> attrsFromRealm = serviceMap.get(serviceName);
Map<String, Set<String>> filteredAttrsFromRealm = new HashMap<String, Set<String>>();
if (attrsFromRealm == null || attrsFromRealm.isEmpty()) {
return attrsFromUser;
} else {
attrNames = new CaseInsensitiveHashSet(attrNames);
for (Map.Entry<String, Set<String>> entry : attrsFromRealm.entrySet()) {
String attrName = entry.getKey();
if (attrNames.contains(attrName)) {
filteredAttrsFromRealm.put(attrName, entry.getValue());
}
}
}
Map<String, T> filteredAttrsFromRealm2 = converter.apply(filteredAttrsFromRealm);
Set<String> attrNameSet = new CaseInsensitiveHashSet(attrsFromUser.keySet());
for (Map.Entry<String, T> entry : filteredAttrsFromRealm2.entrySet()) {
String attrName = entry.getKey();
if (!attrNameSet.contains(attrName)) {
attrsFromUser.put(attrName, entry.getValue());
}
}
return attrsFromUser;
} else if (type.equals(IdType.REALM)) {
Map<String, T> attrs = converter.apply(serviceMap.get(serviceName));
Map<String, T> results = new HashMap<String, T>();
if (attrs == null || attrs.isEmpty()) {
return results;
}
if (attrNames == null || attrNames.isEmpty()) {
results.putAll(attrs);
return results;
} else {
Set<String> attributeNames = new CaseInsensitiveHashSet(attrs.keySet());
for (String attrName : attrNames) {
if (attributeNames.contains(attrName)) {
results.put(attrName, attrs.get(attrName));
}
}
return results;
}
} else {
throw new IdRepoUnsupportedOpException(IdRepoBundle.BUNDLE_NAME, IdRepoErrorCode.SERVICES_NOT_SUPPORTED_FOR_AGENTS_AND_GROUPS, new Object[] { CLASS_NAME });
}
}
Also used :
Set(java.util.Set)
CaseInsensitiveHashSet(com.sun.identity.common.CaseInsensitiveHashSet)
HashSet(java.util.HashSet)
LinkedHashSet(java.util.LinkedHashSet)
CollectionUtils.asSet(org.forgerock.openam.utils.CollectionUtils.asSet)
HashMap(java.util.HashMap)
CaseInsensitiveHashMap(com.sun.identity.common.CaseInsensitiveHashMap)
ByteString(org.forgerock.opendj.ldap.ByteString)
CaseInsensitiveHashSet(com.sun.identity.common.CaseInsensitiveHashSet)
IdRepoUnsupportedOpException(com.sun.identity.idm.IdRepoUnsupportedOpException)
Map(java.util.Map)
HashMap(java.util.HashMap)
CaseInsensitiveHashMap(com.sun.identity.common.CaseInsensitiveHashMap)
Example 30 with IdRepoUnsupportedOpException
use of com.sun.identity.idm.IdRepoUnsupportedOpException in project OpenAM by OpenRock.
the class AMSDKRepo method getMembers.
/*
* (non-Javadoc)
*
* @see com.sun.identity.idm.IdRepo#getMembers(com.iplanet.sso.SSOToken,
* com.sun.identity.idm.IdType, java.lang.String,
* com.sun.identity.idm.IdType)
*/
public Set getMembers(SSOToken token, IdType type, String name, IdType membersType) throws IdRepoException, SSOException {
if (debug.messageEnabled()) {
debug.message("AMSDKRepo: getMembers called" + type + ": " + name + ": " + membersType);
}
Set results;
AMStoreConnection amsc = (sc == null) ? new AMStoreConnection(token) : sc;
String dn = null;
if (type.equals(IdType.USER) || type.equals(IdType.AGENT)) {
debug.error("AMSDKRepo: Membership operation is not supported " + " for Users or Agents");
throw new IdRepoException(IdRepoBundle.BUNDLE_NAME, IdRepoErrorCode.MEMBERSHIP_TO_USERS_AND_AGENTS_NOT_ALLOWED, null);
} else if (type.equals(IdType.GROUP)) {
dn = getDN(type, name);
AMStaticGroup group = amsc.getStaticGroup(dn);
if (membersType.equals(IdType.USER)) {
try {
results = group.getUserDNs();
} catch (AMException ame) {
debug.error("AMSDKRepo: Unable to get user memberships" + " for group" + dn, ame);
Object[] args = { CLASS_NAME, membersType.getName(), type.getName(), name };
IdRepoException ide = new IdRepoException(IdRepoBundle.BUNDLE_NAME, IdRepoErrorCode.UNABLE_GET_MEMBERSHIP, args);
ide.setLDAPErrorCode(ame.getLDAPErrorCode());
throw ide;
}
} else {
debug.error("AMSDKRepo: Groups do not supported membership " + "for " + membersType.getName());
Object[] args = { CLASS_NAME, membersType.getName(), type.getName() };
throw new IdRepoException(IdRepoBundle.BUNDLE_NAME, "204", args);
}
} else if (type.equals(IdType.ROLE)) {
dn = getDN(type, name);
AMRole role = amsc.getRole(dn);
if (membersType.equals(IdType.USER)) {
try {
results = role.getUserDNs();
} catch (AMException ame) {
debug.error("AMSDKRepo: Unable to get user memberships " + "for role " + dn, ame);
throw IdUtils.convertAMException(ame);
}
} else {
Object[] args = { CLASS_NAME, membersType.getName(), type.getName() };
throw new IdRepoException(IdRepoBundle.BUNDLE_NAME, "204", args);
}
} else if (type.equals(IdType.FILTEREDROLE)) {
dn = getDN(type, name);
AMFilteredRole role = amsc.getFilteredRole(dn);
if (membersType.equals(IdType.USER)) {
try {
results = role.getUserDNs();
} catch (AMException ame) {
debug.error("AMSDKRepo: Unable to get user memberships for " + "role " + dn, ame);
throw IdUtils.convertAMException(ame);
}
} else {
Object[] args = { CLASS_NAME, membersType.getName(), type.getName() };
throw new IdRepoException(IdRepoBundle.BUNDLE_NAME, IdRepoErrorCode.MEMBERSHIP_NOT_SUPPORTED, args);
}
} else {
Object[] args = { CLASS_NAME, IdOperation.READ.getName(), type.getName() };
throw new IdRepoUnsupportedOpException(IdRepoBundle.BUNDLE_NAME, IdRepoErrorCode.PLUGIN_OPERATION_NOT_SUPPORTED, args);
}
return results;
}
Also used :
IdRepoUnsupportedOpException(com.sun.identity.idm.IdRepoUnsupportedOpException)
Set(java.util.Set)
HashSet(java.util.HashSet)
IdRepoException(com.sun.identity.idm.IdRepoException)
Aggregations
IdRepoUnsupportedOpException (com.sun.identity.idm.IdRepoUnsupportedOpException)43
HashSet (java.util.HashSet)37
Set (java.util.Set)36
IdRepoException (com.sun.identity.idm.IdRepoException)33
CaseInsensitiveHashSet (com.sun.identity.common.CaseInsensitiveHashSet)32
CaseInsensitiveHashMap (com.sun.identity.common.CaseInsensitiveHashMap)26
HashMap (java.util.HashMap)24
Iterator (java.util.Iterator)24
Map (java.util.Map)24
IdRepoFatalException (com.sun.identity.idm.IdRepoFatalException)20
IdRepo (com.sun.identity.idm.IdRepo)18
OrderedSet (com.sun.identity.shared.datastruct.OrderedSet)17
SMSException (com.sun.identity.sm.SMSException)12
AMHashMap (com.iplanet.am.sdk.AMHashMap)11
SSOException (com.iplanet.sso.SSOException)7
AuthLoginException (com.sun.identity.authentication.spi.AuthLoginException)7
ServiceConfig (com.sun.identity.sm.ServiceConfig)6
ByteString (org.forgerock.opendj.ldap.ByteString)6
DelegationException (com.sun.identity.delegation.DelegationException)5
LinkedHashSet (java.util.LinkedHashSet)5
