Search in sources :

Example 1 with AMException

use of com.iplanet.am.sdk.AMException in project OpenAM by OpenRock.

the class EntityObjectImpl method deleteEntity.

/**
     * Deletes entities.
     * 
     * @param ssoToken User's Single Sign On Token.
     * @param entityName Name of this entity. example
     *        <code>cn=websphereAgent</code>.
     * @param entityType Type of entity being created. eg. Agent The types
     *        supported by SDK are configured in the list of Managed Objects
     *        in the <code>DAI</code> service.
     * @param entityLocation Location of the entity creation. example
     *        <code>www.abc.com</code>.
     * @throws EntityException if there is an internal error in the AM Store.
     * @throws SSOException if the sign on is no longer valid.
     */
public void deleteEntity(String ssoToken, String entityName, String entityType, String entityLocation) throws EntityException, SSOException {
    initializeObject(ssoToken, entityLocation);
    Set entityNameSet = new HashSet();
    try {
        int type = 0;
        type = getIntTypeFromStr(entityType);
        String entDN = getEntityDN(entityName, type, entityLocation);
        entityNameSet.add(entDN);
        if (entity != null) {
            entity.deleteEntities(type, entityNameSet);
            if (EntityUtils.debug.messageEnabled()) {
                EntityUtils.debug.message("EntityObjectImpl.deleteEntity():" + " Deleted " + entityNameSet.toString());
            }
        }
    } catch (AMException amex) {
        EntityUtils.debug.error("EntityObjectImpl.deleteEntity() : " + "Delete Entity Failed. " + amex);
        throw EntityUtils.convertException(amex);
    }
}
Also used : Set(java.util.Set) HashSet(java.util.HashSet) AMException(com.iplanet.am.sdk.AMException) HashSet(java.util.HashSet)

Example 2 with AMException

use of com.iplanet.am.sdk.AMException in project OpenAM by OpenRock.

the class IdUtils method getIdentity.

/**
     * Returns an <code>AMIdentity</code> object, given the
     * DN of an authenticated identity, realm name and identity type.
     * This interface is mainly for authentication component to get
     * back the identity of the user.
     * 
     * @param token SSOToken of the administrator
     * @param amsdkdn DN of the authenticated user
     * @param realm  realm name where the user was authenticated
     * @return Identity object or <code>null</code> 
     * @throws IdRepoException if the underly components throws
     * exception while obtaining the identity object
     */
public static AMIdentity getIdentity(SSOToken token, String amsdkdn, String realm) throws IdRepoException {
    if (amsdkdn == null || !LDAPUtils.isDN(amsdkdn)) {
        Object[] args = { amsdkdn };
        throw (new IdRepoException(IdRepoBundle.BUNDLE_NAME, IdRepoErrorCode.ILLEGAL_UNIVERSAL_IDENTIFIER, args));
    }
    DN amsdkdnObject = LDAPUtils.newDN(amsdkdn);
    // Try constructing the identity object
    if (amsdkdn.toLowerCase().startsWith("id=")) {
        try {
            return (new AMIdentity(amsdkdnObject, token));
        } catch (IdRepoException ide) {
            // this could be a AMSDK DN. Follow the AMSDK rules
            if (debug.messageEnabled()) {
                debug.message("IdUtils:getIdentity(token, " + amsdkdn + ") got exception: " + ide.getMessage() + "\n\tContinuing with AMSDK DN check");
            }
        }
    }
    // Check for Special Users
    initializeSpecialUsers();
    if (specialUsers.contains(DNUtils.normalizeDN(amsdkdn))) {
        return new AMIdentity(amsdkdnObject, token, LDAPUtils.rdnValueFromDn(amsdkdnObject), IdType.USER, ROOT_SUFFIX);
    }
    // any of the realms. 
    try {
        if (!ServiceManager.isAMSDKEnabled() || ((realm != null) && !OrgConfigViaAMSDK.isAMSDKConfigured(realm)) || (!ServiceManager.isAMSDKConfigured())) {
            // Not configured for AMSDK, return
            return (null);
        }
    } catch (SMSException smse) {
    // Ignore the exception and continue
    }
    // Initialize root realm suffix, org and user naming attributes
    initializeForGetIdentity();
    // Determine if the amsdkdn is valid. Obtain name & type
    String name = null;
    IdType type = null;
    try {
        // Since we would using AMSDK, get AMDirectoryManager preload
        // all the attributes and check if it exists
        IDirectoryServices dsServices = AMDirectoryAccessFactory.getDirectoryServices();
        // force multiple another directory lookup
        try {
            if (amsdkdn.startsWith(USER_NAMING_ATTR)) {
                dsServices.getAttributes(token, amsdkdn, AMObject.USER);
            }
        } catch (Exception e) {
        // Ignore the exception and continue since this for cache
        }
        // Getting object type would use the cached attributes
        int sdkType = dsServices.getObjectType(token, amsdkdn);
        // Convert the sdkType to IdRepo type
        type = getType(AMStoreConnection.getObjectName(sdkType));
        name = AMConstants.CONTAINER_DEFAULT_TEMPLATE_ROLE;
        if (!type.equals(IdType.REALM)) {
            name = LDAPUtils.rdnValueFromDn(amsdkdnObject);
        }
    } catch (AMException ame) {
        // Debug the message and return null
        if (debug.messageEnabled()) {
            debug.message("IdUtils.getIdentity: Unable to resolve " + "AMSDK DN: " + amsdkdn, ame);
        }
        return (null);
    } catch (SSOException ssoe) {
        // Debug the message and return null
        if (debug.messageEnabled()) {
            debug.message("IdUtils.getIdentity: Unable to resolve " + "AMSDK DN. Got SSOException", ssoe);
        }
        return (null);
    }
    // Need to determine realm for amsdkdn
    String srealm = ROOT_SUFFIX;
    if (!amsdkdn.equals(ROOT_SUFFIX) && !amsdkdn.equals(SERVICES_SUFFIX)) {
        // Need to get the object type and walk up the tree
        int index = amsdkdn.indexOf(ORG_NAMING_ATTR);
        if (index == 0) {
            srealm = OrgConfigViaAMSDK.getRealmForAMSDK(amsdkdn, realm);
        } else if (index > 0) {
            srealm = OrgConfigViaAMSDK.getRealmForAMSDK(amsdkdn.substring(index), realm);
        }
        if (debug.messageEnabled()) {
            debug.message("IdUtils.getIdentity:: amsdkdn=" + amsdkdn + " maps to realm=" + srealm);
        }
    } else if (amsdkdn.equals(SERVICES_SUFFIX)) {
        // Since amsdkdn points to services node,
        // it should be reset to root suffix
        amsdkdn = ROOT_SUFFIX;
    }
    return (new AMIdentity(amsdkdnObject, token, name, type, srealm));
}
Also used : SMSException(com.sun.identity.sm.SMSException) AMException(com.iplanet.am.sdk.AMException) DN(org.forgerock.opendj.ldap.DN) SSOException(com.iplanet.sso.SSOException) SMSException(com.sun.identity.sm.SMSException) AMException(com.iplanet.am.sdk.AMException) SSOException(com.iplanet.sso.SSOException) IDirectoryServices(com.iplanet.am.sdk.common.IDirectoryServices) AMObject(com.iplanet.am.sdk.AMObject)

Example 3 with AMException

use of com.iplanet.am.sdk.AMException in project OpenAM by OpenRock.

the class DSAMERole method getValidValues.

/**
     * Returns a list of possible values for the <code>Subject
     * </code> that matches the pattern. 
     *
     * @param token the <code>SSOToken</code> that will be used
     * to determine the possible values
     *
     * @return <code>ValidValues</code> object
     *
     * @exception SSOException if SSO token is not valid
     * @exception PolicyException if unable to get the list of valid
     * names.
     */
public ValidValues getValidValues(SSOToken token, String pattern) throws SSOException, PolicyException {
    if (!initialized) {
        throw (new PolicyException(ResBundleUtils.rbName, "role_subject_not_yet_initialized", null, null));
    }
    try {
        AMStoreConnection amConnection = new AMStoreConnection(token);
        AMOrganization orgObject = amConnection.getOrganization(organizationDN);
        AMSearchControl sc = new AMSearchControl();
        sc.setMaxResults(maxResults);
        sc.setTimeOut(timeLimit);
        sc.setSearchScope(roleSearchScope);
        AMSearchResults results = orgObject.searchAllRoles(pattern, sc);
        int status;
        switch(results.getErrorCode()) {
            case AMSearchResults.SUCCESS:
                status = ValidValues.SUCCESS;
                break;
            case AMSearchResults.SIZE_LIMIT_EXCEEDED:
                status = ValidValues.SIZE_LIMIT_EXCEEDED;
                break;
            case AMSearchResults.TIME_LIMIT_EXCEEDED:
                status = ValidValues.TIME_LIMIT_EXCEEDED;
                break;
            default:
                status = ValidValues.SUCCESS;
        }
        return new ValidValues(status, results.getSearchResults());
    } catch (AMException e) {
        LdapException lde = e.getLDAPException();
        if (lde != null) {
            ResultCode ldapErrorCode = lde.getResult().getResultCode();
            if (ResultCode.INVALID_CREDENTIALS.equals(ldapErrorCode)) {
                throw new PolicyException(ResBundleUtils.rbName, "ldap_invalid_password", null, null);
            } else if (ResultCode.NO_SUCH_OBJECT.equals(ldapErrorCode)) {
                String[] objs = { organizationDN };
                throw new PolicyException(ResBundleUtils.rbName, "no_such_am_roles_base_dn", objs, null);
            }
            String errorMsg = lde.getResult().getDiagnosticMessage();
            String additionalMsg = lde.getResult().getResultCode().getName().toString(Locale.ROOT);
            if (additionalMsg != null) {
                throw new PolicyException(errorMsg + ": " + additionalMsg);
            } else {
                throw new PolicyException(errorMsg);
            }
        }
        throw new PolicyException(e);
    }
}
Also used : AMStoreConnection(com.iplanet.am.sdk.AMStoreConnection) AMSearchControl(com.iplanet.am.sdk.AMSearchControl) PolicyException(com.sun.identity.policy.PolicyException) ValidValues(com.sun.identity.policy.ValidValues) AMOrganization(com.iplanet.am.sdk.AMOrganization) AMException(com.iplanet.am.sdk.AMException) AMSearchResults(com.iplanet.am.sdk.AMSearchResults) LdapException(org.forgerock.opendj.ldap.LdapException) ResultCode(org.forgerock.opendj.ldap.ResultCode)

Example 4 with AMException

use of com.iplanet.am.sdk.AMException in project OpenAM by OpenRock.

the class OrgConfigViaAMSDK method removeAttribute.

/**
     * Removes the specified attribute from AMSDK organization. The organziation
     * attribute names are defined in the IdRepo service.
     */
void removeAttribute(String attrName) throws SMSException {
    if (attrName == null) {
        return;
    }
    // Get the attribute mapping and removed specified attribute
    Map attrMap = getAttributeMapping();
    String amsdkAttrName = (String) attrMap.get(attrName);
    if (amsdkAttrName != null) {
        HashSet set = new HashSet();
        set.add(amsdkAttrName);
        try {
            parentOrg.removeAttributes(set);
            parentOrg.store();
        } catch (AMException ame) {
            if (debug.messageEnabled()) {
                debug.message("OrgConfigViaAMSDK::removeAttribute" + ": failed with AMException", ame);
            }
            throw (new SMSException(AMSDKBundle.BUNDLE_NAME, ame.getMessage(), ame, ame.getMessage()));
        } catch (SSOException ssoe) {
            throw (new SMSException(bundle.getString("sms-INVALID_SSO_TOKEN"), ssoe, "sms-INVALID_SSO_TOKEN"));
        }
    }
}
Also used : AMException(com.iplanet.am.sdk.AMException) SSOException(com.iplanet.sso.SSOException) HashMap(java.util.HashMap) CaseInsensitiveHashMap(com.sun.identity.common.CaseInsensitiveHashMap) Map(java.util.Map) HashSet(java.util.HashSet)

Example 5 with AMException

use of com.iplanet.am.sdk.AMException in project OpenAM by OpenRock.

the class OrgConfigViaAMSDK method deleteSubOrganization.

/**
     * Deletes sub-organiation using AMSDK. If recursive flag is set, then all
     * sub-entries are also removed. Else if sub-entries are present this will
     * throw an exception.
     */
void deleteSubOrganization(String subOrgName) throws SMSException {
    try {
        // Check if subOrgName is empty or null
        if (subOrgName == null || subOrgName.trim().length() == 0) {
            if (parentOrg.isExists()) {
                parentOrg.delete(true);
            }
            return;
        }
        // Check if it is a hidden realm
        if (subOrgName.startsWith(SMSEntry.SUN_INTERNAL_REALM_NAME)) {
            return;
        }
        // Get the suborg DN
        Set subOrgDNs = parentOrg.searchSubOrganizations(subOrgName, AMConstants.SCOPE_ONE);
        if (subOrgDNs != null && !subOrgDNs.isEmpty()) {
            for (Iterator items = subOrgDNs.iterator(); items.hasNext(); ) {
                String dn = (String) items.next();
                AMOrganization subOrg = parentOrg.getSubOrganization(dn);
                if (subOrg != null) {
                    subOrg.delete(true);
                }
            }
        } else {
            AMOrganization subOrg = parentOrg.getSubOrganization(subOrgName);
            if (subOrg != null) {
                subOrg.delete(true);
            }
        }
    } catch (AMException ame) {
        if (debug.messageEnabled()) {
            debug.message("OrgConfigViaAMSDK::deleteSubOrganization" + ": failed with AMException", ame);
        }
        throw (new SMSException(AMSDKBundle.BUNDLE_NAME, ame.getMessage(), ame, ame.getMessage()));
    } catch (SSOException ssoe) {
        throw (new SMSException(bundle.getString("sms-INVALID_SSO_TOKEN"), ssoe, "sms-INVALID_SSO_TOKEN"));
    }
}
Also used : HashSet(java.util.HashSet) Set(java.util.Set) AMOrganization(com.iplanet.am.sdk.AMOrganization) Iterator(java.util.Iterator) AMException(com.iplanet.am.sdk.AMException) SSOException(com.iplanet.sso.SSOException)

Aggregations

AMException (com.iplanet.am.sdk.AMException)127 SSOException (com.iplanet.sso.SSOException)56 Set (java.util.Set)35 AMEntryExistsException (com.iplanet.am.sdk.AMEntryExistsException)34 Guid (com.iplanet.ums.Guid)33 UMSException (com.iplanet.ums.UMSException)33 Map (java.util.Map)33 AMEventManagerException (com.iplanet.am.sdk.AMEventManagerException)32 RemoteException (java.rmi.RemoteException)31 AttrSet (com.iplanet.services.ldap.AttrSet)28 HashSet (java.util.HashSet)28 HashMap (java.util.HashMap)26 Iterator (java.util.Iterator)22 PersistentObject (com.iplanet.ums.PersistentObject)20 SSOToken (com.iplanet.sso.SSOToken)14 EntryNotFoundException (com.iplanet.ums.EntryNotFoundException)13 AMHashMap (com.iplanet.am.sdk.AMHashMap)12 AccessRightsException (com.iplanet.ums.AccessRightsException)12 SMSException (com.sun.identity.sm.SMSException)12 DN (org.forgerock.opendj.ldap.DN)12