Example 6 with ValidValues
use of com.sun.identity.policy.ValidValues in project OpenAM by OpenRock.
the class PeerOrgReferral method getValidValues.
/**Gets the valid values for this referral
* matching a pattern
* @param token SSOToken
* @param pattern a pattern to match against the value
* @return <code>ValidValues</code> object
* @exception SSOException if <code>SSOToken></code> is not valid
* @exception PolicyException if unable to get the list of valid
* names.
*/
public ValidValues getValidValues(SSOToken token, String pattern) throws SSOException, PolicyException {
Set values = new HashSet();
int status = ValidValues.SUCCESS;
if (debug.messageEnabled()) {
debug.message("PeerOrgReferral.getValidValues():entering");
}
try {
Set orgSet = (Set) _configurationMap.get(PolicyManager.ORGANIZATION_NAME);
if ((orgSet == null) || (orgSet.isEmpty())) {
debug.error("PeerOrgReferral.getValidValues(): " + " Organization name not set");
throw new PolicyException(ResBundleUtils.rbName, "org_name_not_set", null, null);
}
Iterator iter = orgSet.iterator();
String orgName = (String) iter.next();
OrganizationConfigManager orgConfigManager = new OrganizationConfigManager(token, orgName);
String fullOrgName = orgConfigManager.getOrganizationName();
if (debug.messageEnabled()) {
debug.message("PeerOrgReferral.getValidValues():fullOrgName=" + fullOrgName);
}
OrganizationConfigManager parentOrgConfig = orgConfigManager.getParentOrgConfigManager();
String fullParentOrgName = parentOrgConfig.getOrganizationName();
Set subOrgNames = parentOrgConfig.getSubOrganizationNames(pattern, //get only first level children
false);
if (!fullOrgName.equals(fullParentOrgName) && (subOrgNames != null) && !subOrgNames.isEmpty()) {
Iterator subOrgsIter = subOrgNames.iterator();
while (subOrgsIter.hasNext()) {
String subOrgName = (String) subOrgsIter.next();
OrganizationConfigManager subOrgManager = parentOrgConfig.getSubOrgConfigManager(subOrgName);
if (subOrgManager != null) {
String fullSubOrgName = subOrgManager.getOrganizationName();
if (!fullOrgName.equals(fullSubOrgName)) {
values.add(fullSubOrgName);
}
}
}
}
if (debug.messageEnabled()) {
debug.message("PeerOrgReferral.getValidValues():returning=" + values);
}
} catch (SMSException smse) {
debug.error("Can not get valid values for referral " + getReferralTypeName() + smse);
String[] objs = { getReferralTypeName() };
throw new PolicyException(ResBundleUtils.rbName, "can_not_get_values_for_referral", objs, smse);
}
return (new ValidValues(status, values));
}
Also used :
HashSet(java.util.HashSet)
Set(java.util.Set)
PolicyException(com.sun.identity.policy.PolicyException)
SMSException(com.sun.identity.sm.SMSException)
ValidValues(com.sun.identity.policy.ValidValues)
OrganizationConfigManager(com.sun.identity.sm.OrganizationConfigManager)
Iterator(java.util.Iterator)
HashSet(java.util.HashSet)
Example 7 with ValidValues
use of com.sun.identity.policy.ValidValues in project OpenAM by OpenRock.
the class DSAMERole method getValidValues.
/**
* Returns a list of possible values for the <code>Subject
* </code> that matches the pattern.
*
* @param token the <code>SSOToken</code> that will be used
* to determine the possible values
*
* @return <code>ValidValues</code> object
*
* @exception SSOException if SSO token is not valid
* @exception PolicyException if unable to get the list of valid
* names.
*/
public ValidValues getValidValues(SSOToken token, String pattern) throws SSOException, PolicyException {
if (!initialized) {
throw (new PolicyException(ResBundleUtils.rbName, "role_subject_not_yet_initialized", null, null));
}
try {
AMStoreConnection amConnection = new AMStoreConnection(token);
AMOrganization orgObject = amConnection.getOrganization(organizationDN);
AMSearchControl sc = new AMSearchControl();
sc.setMaxResults(maxResults);
sc.setTimeOut(timeLimit);
sc.setSearchScope(roleSearchScope);
AMSearchResults results = orgObject.searchAllRoles(pattern, sc);
int status;
switch(results.getErrorCode()) {
case AMSearchResults.SUCCESS:
status = ValidValues.SUCCESS;
break;
case AMSearchResults.SIZE_LIMIT_EXCEEDED:
status = ValidValues.SIZE_LIMIT_EXCEEDED;
break;
case AMSearchResults.TIME_LIMIT_EXCEEDED:
status = ValidValues.TIME_LIMIT_EXCEEDED;
break;
default:
status = ValidValues.SUCCESS;
}
return new ValidValues(status, results.getSearchResults());
} catch (AMException e) {
LdapException lde = e.getLDAPException();
if (lde != null) {
ResultCode ldapErrorCode = lde.getResult().getResultCode();
if (ResultCode.INVALID_CREDENTIALS.equals(ldapErrorCode)) {
throw new PolicyException(ResBundleUtils.rbName, "ldap_invalid_password", null, null);
} else if (ResultCode.NO_SUCH_OBJECT.equals(ldapErrorCode)) {
String[] objs = { organizationDN };
throw new PolicyException(ResBundleUtils.rbName, "no_such_am_roles_base_dn", objs, null);
}
String errorMsg = lde.getResult().getDiagnosticMessage();
String additionalMsg = lde.getResult().getResultCode().getName().toString(Locale.ROOT);
if (additionalMsg != null) {
throw new PolicyException(errorMsg + ": " + additionalMsg);
} else {
throw new PolicyException(errorMsg);
}
}
throw new PolicyException(e);
}
}
Also used :
AMStoreConnection(com.iplanet.am.sdk.AMStoreConnection)
AMSearchControl(com.iplanet.am.sdk.AMSearchControl)
PolicyException(com.sun.identity.policy.PolicyException)
ValidValues(com.sun.identity.policy.ValidValues)
AMOrganization(com.iplanet.am.sdk.AMOrganization)
AMException(com.iplanet.am.sdk.AMException)
AMSearchResults(com.iplanet.am.sdk.AMSearchResults)
LdapException(org.forgerock.opendj.ldap.LdapException)
ResultCode(org.forgerock.opendj.ldap.ResultCode)
Example 8 with ValidValues
use of com.sun.identity.policy.ValidValues in project OpenAM by OpenRock.
the class WebServicesClients method getValidValues.
/**
* Returns certificate subject DNs in the KeyStore as possible values.
*
* @param token the <code>SSOToken</code>
* @param pattern the pattern to match with valid values.
*
* @return <code>ValidValues</code> object wiht certificate subject DNs.
*
* @exception SSOException if SSO token is not valid
* @exception PolicyException if unable to get the list of valid names.
*/
public ValidValues getValidValues(SSOToken token, String pattern) throws SSOException, PolicyException {
// TODO: ignoring the pattern for now. Do we need to take care of it?
// probably we can ignore for this subject.
Set subjects = new HashSet();
try {
KeyProvider kp = null;
try {
kp = (KeyProvider) Class.forName(SystemConfigurationUtil.getProperty(SAMLConstants.KEY_PROVIDER_IMPL_CLASS, SAMLConstants.JKS_KEY_PROVIDER)).newInstance();
} catch (ClassNotFoundException cnfe) {
debug.error("WebServicesClients.getValidValues(): " + " Couldn't find the class.", cnfe);
kp = null;
} catch (InstantiationException ie) {
debug.error("WebServicesClients.getValidValues(): " + " Couldn't instantiate the key provider instance.", ie);
kp = null;
} catch (IllegalAccessException iae) {
debug.error("WebServicesClients.getValidValues(): " + " Couldn't access the default constructor.", iae);
kp = null;
}
if (kp != null) {
KeyStore ks = kp.getKeyStore();
if (ks != null) {
Enumeration aliases = ks.aliases();
while (aliases.hasMoreElements()) {
String alias = (String) aliases.nextElement();
if (debug.messageEnabled()) {
debug.message("WSClient.getValidValues: alias=" + alias);
}
// TODO: need to take care of certificate chaining
if (ks.isCertificateEntry(alias)) {
debug.message("WSClient.getValidValues: " + "alias is trusted.");
X509Certificate cert = (X509Certificate) ks.getCertificate(alias);
if (cert != null) {
debug.message("WSClient.getValidValues:cert " + "not null");
String name = CertUtils.getSubjectName(cert);
if (name != null && name.length() != 0) {
subjects.add(name);
}
} else {
debug.message("WSClient.getValidValues: " + "cert is null");
}
} else {
debug.message("WSClient.getValidValues:alias " + "not trusted.");
}
}
}
}
} catch (KeyStoreException kse) {
if (debug.warningEnabled()) {
debug.warning("WebServicesClients: couldn't get subjects", kse);
}
String[] objs = { kse.getMessage() };
throw (new PolicyException(ResBundleUtils.rbName, "can_not_get_subject_values", objs, kse));
}
return (new ValidValues(ValidValues.SUCCESS, subjects));
}
Also used :
KeyProvider(com.sun.identity.saml.xmlsig.KeyProvider)
HashSet(java.util.HashSet)
Set(java.util.Set)
Enumeration(java.util.Enumeration)
ValidValues(com.sun.identity.policy.ValidValues)
KeyStoreException(java.security.KeyStoreException)
KeyStore(java.security.KeyStore)
X509Certificate(java.security.cert.X509Certificate)
PolicyException(com.sun.identity.policy.PolicyException)
HashSet(java.util.HashSet)
Example 9 with ValidValues
use of com.sun.identity.policy.ValidValues in project OpenAM by OpenRock.
the class SubOrgReferral method getValidValues.
/**Gets the valid values for this referral
* matching a pattern
* @param token SSOToken
* @param pattern a pattern to match against the value
* @return <code>ValidValues</code> object
* @exception SSOException if <code>SSOToken></code> is not valid
* @exception PolicyException if unable to get the list of valid
* names.
*/
public ValidValues getValidValues(SSOToken token, String pattern) throws SSOException, PolicyException {
Set values = new HashSet();
int status = ValidValues.SUCCESS;
try {
Set orgSet = (Set) _configurationMap.get(PolicyManager.ORGANIZATION_NAME);
if ((orgSet == null) || (orgSet.isEmpty())) {
OrgReferral.DEBUG.error("SubOrgReferral.getValidValues(): " + " Organization name not set");
throw new PolicyException(ResBundleUtils.rbName, "org_name_not_set", null, null);
}
Iterator iter = orgSet.iterator();
String orgName = (String) iter.next();
OrganizationConfigManager orgConfigManager = new OrganizationConfigManager(token, orgName);
Set subOrgNames = orgConfigManager.getSubOrganizationNames(pattern, //get only first level children
false);
if ((subOrgNames != null) && !subOrgNames.isEmpty()) {
Iterator subOrgsIter = subOrgNames.iterator();
while (subOrgsIter.hasNext()) {
String subOrgName = (String) subOrgsIter.next();
OrganizationConfigManager subOrgManager = orgConfigManager.getSubOrgConfigManager(subOrgName);
if (subOrgManager != null) {
values.add(subOrgManager.getOrganizationName());
}
}
}
if (debug.messageEnabled()) {
debug.message("SubOrgReferral.getValidValues():subOrgNames=" + subOrgNames);
}
} catch (SMSException smse) {
OrgReferral.DEBUG.error("Can not get valid values for referral " + getReferralTypeName() + smse);
String[] objs = { getReferralTypeName() };
throw new PolicyException(ResBundleUtils.rbName, "can_not_get_values_for_referral", objs, smse);
}
return (new ValidValues(status, values));
}
Also used :
HashSet(java.util.HashSet)
Set(java.util.Set)
PolicyException(com.sun.identity.policy.PolicyException)
SMSException(com.sun.identity.sm.SMSException)
ValidValues(com.sun.identity.policy.ValidValues)
OrganizationConfigManager(com.sun.identity.sm.OrganizationConfigManager)
Iterator(java.util.Iterator)
HashSet(java.util.HashSet)
Example 10 with ValidValues
use of com.sun.identity.policy.ValidValues in project OpenAM by OpenRock.
the class PolicyModelImpl method getSubjectPossibleValues.
/**
* Returns a set of possible values for a subject type.
*
* @param realmName Name of Realm.
* @param subjectType Name of Subject Type.
* @param filter wildcards for filtering the results.
* @return a set of possible values for a subject type.
* @throws AMConsoleException if values cannot be obtained.
*/
public ValidValues getSubjectPossibleValues(String realmName, String subjectType, String filter) throws AMConsoleException {
debug.error("PolicyModelImpl.getSubjectPossibleValues()");
ValidValues values = null;
if ((filter == null) || (filter.trim().length() == 0)) {
filter = "*";
}
try {
PolicyManager policyMgr = getPolicyManager(realmName);
if (policyMgr != null) {
SubjectTypeManager subjectTypeMgr = policyMgr.getSubjectTypeManager();
Subject subject = subjectTypeMgr.getSubject(subjectType);
values = subject.getValidValues(getUserSSOToken(), filter);
}
} catch (AMConsoleException e) {
debug.warning("PolicyModelImpl.getSubjectPossibleValues", e);
} catch (NameNotFoundException e) {
debug.warning("PolicyModelImpl.getSubjectPossibleValues", e);
throw new AMConsoleException(getErrorString(e));
} catch (SSOException e) {
debug.warning("PolicyModelImpl.getSubjectPossibleValues", e);
throw new AMConsoleException(getErrorString(e));
} catch (PolicyException e) {
debug.warning("PolicyModelImpl.getSubjectPossibleValues", e);
throw new AMConsoleException(getErrorString(e));
}
return values;
}
Also used :
PolicyManager(com.sun.identity.policy.PolicyManager)
SubjectTypeManager(com.sun.identity.policy.SubjectTypeManager)
ValidValues(com.sun.identity.policy.ValidValues)
NameNotFoundException(com.sun.identity.policy.NameNotFoundException)
PolicyException(com.sun.identity.policy.PolicyException)
SSOException(com.iplanet.sso.SSOException)
AMConsoleException(com.sun.identity.console.base.model.AMConsoleException)
Subject(com.sun.identity.policy.interfaces.Subject)
Aggregations
ValidValues (com.sun.identity.policy.ValidValues)13
PolicyException (com.sun.identity.policy.PolicyException)11
HashSet (java.util.HashSet)8
SSOException (com.iplanet.sso.SSOException)6
NameNotFoundException (com.sun.identity.policy.NameNotFoundException)6
LdapException (org.forgerock.opendj.ldap.LdapException)6
ResultCode (org.forgerock.opendj.ldap.ResultCode)6
Connection (org.forgerock.opendj.ldap.Connection)5
SearchResultEntry (org.forgerock.opendj.ldap.responses.SearchResultEntry)5
ConnectionEntryReader (org.forgerock.opendj.ldif.ConnectionEntryReader)5
InvalidNameException (com.sun.identity.policy.InvalidNameException)4
Set (java.util.Set)4
ByteString (org.forgerock.opendj.ldap.ByteString)4
AMConsoleException (com.sun.identity.console.base.model.AMConsoleException)3
SearchRequest (org.forgerock.opendj.ldap.requests.SearchRequest)3
PolicyModel (com.sun.identity.console.policy.model.PolicyModel)2
PolicyManager (com.sun.identity.policy.PolicyManager)2
OrganizationConfigManager (com.sun.identity.sm.OrganizationConfigManager)2
SMSException (com.sun.identity.sm.SMSException)2
Iterator (java.util.Iterator)2
