use of com.iplanet.am.sdk.AMException in project OpenAM by OpenRock.
the class EntityObjectImpl method deleteEntity.
/**
* Deletes entities.
*
* @param ssoToken User's Single Sign On Token.
* @param entityName Name of this entity. example
* <code>cn=websphereAgent</code>.
* @param entityType Type of entity being created. eg. Agent The types
* supported by SDK are configured in the list of Managed Objects
* in the <code>DAI</code> service.
* @param entityLocation Location of the entity creation. example
* <code>www.abc.com</code>.
* @throws EntityException if there is an internal error in the AM Store.
* @throws SSOException if the sign on is no longer valid.
*/
public void deleteEntity(String ssoToken, String entityName, String entityType, String entityLocation) throws EntityException, SSOException {
initializeObject(ssoToken, entityLocation);
Set entityNameSet = new HashSet();
try {
int type = 0;
type = getIntTypeFromStr(entityType);
String entDN = getEntityDN(entityName, type, entityLocation);
entityNameSet.add(entDN);
if (entity != null) {
entity.deleteEntities(type, entityNameSet);
if (EntityUtils.debug.messageEnabled()) {
EntityUtils.debug.message("EntityObjectImpl.deleteEntity():" + " Deleted " + entityNameSet.toString());
}
}
} catch (AMException amex) {
EntityUtils.debug.error("EntityObjectImpl.deleteEntity() : " + "Delete Entity Failed. " + amex);
throw EntityUtils.convertException(amex);
}
}
use of com.iplanet.am.sdk.AMException in project OpenAM by OpenRock.
the class IdUtils method getIdentity.
/**
* Returns an <code>AMIdentity</code> object, given the
* DN of an authenticated identity, realm name and identity type.
* This interface is mainly for authentication component to get
* back the identity of the user.
*
* @param token SSOToken of the administrator
* @param amsdkdn DN of the authenticated user
* @param realm realm name where the user was authenticated
* @return Identity object or <code>null</code>
* @throws IdRepoException if the underly components throws
* exception while obtaining the identity object
*/
public static AMIdentity getIdentity(SSOToken token, String amsdkdn, String realm) throws IdRepoException {
if (amsdkdn == null || !LDAPUtils.isDN(amsdkdn)) {
Object[] args = { amsdkdn };
throw (new IdRepoException(IdRepoBundle.BUNDLE_NAME, IdRepoErrorCode.ILLEGAL_UNIVERSAL_IDENTIFIER, args));
}
DN amsdkdnObject = LDAPUtils.newDN(amsdkdn);
// Try constructing the identity object
if (amsdkdn.toLowerCase().startsWith("id=")) {
try {
return (new AMIdentity(amsdkdnObject, token));
} catch (IdRepoException ide) {
// this could be a AMSDK DN. Follow the AMSDK rules
if (debug.messageEnabled()) {
debug.message("IdUtils:getIdentity(token, " + amsdkdn + ") got exception: " + ide.getMessage() + "\n\tContinuing with AMSDK DN check");
}
}
}
// Check for Special Users
initializeSpecialUsers();
if (specialUsers.contains(DNUtils.normalizeDN(amsdkdn))) {
return new AMIdentity(amsdkdnObject, token, LDAPUtils.rdnValueFromDn(amsdkdnObject), IdType.USER, ROOT_SUFFIX);
}
// any of the realms.
try {
if (!ServiceManager.isAMSDKEnabled() || ((realm != null) && !OrgConfigViaAMSDK.isAMSDKConfigured(realm)) || (!ServiceManager.isAMSDKConfigured())) {
// Not configured for AMSDK, return
return (null);
}
} catch (SMSException smse) {
// Ignore the exception and continue
}
// Initialize root realm suffix, org and user naming attributes
initializeForGetIdentity();
// Determine if the amsdkdn is valid. Obtain name & type
String name = null;
IdType type = null;
try {
// Since we would using AMSDK, get AMDirectoryManager preload
// all the attributes and check if it exists
IDirectoryServices dsServices = AMDirectoryAccessFactory.getDirectoryServices();
// force multiple another directory lookup
try {
if (amsdkdn.startsWith(USER_NAMING_ATTR)) {
dsServices.getAttributes(token, amsdkdn, AMObject.USER);
}
} catch (Exception e) {
// Ignore the exception and continue since this for cache
}
// Getting object type would use the cached attributes
int sdkType = dsServices.getObjectType(token, amsdkdn);
// Convert the sdkType to IdRepo type
type = getType(AMStoreConnection.getObjectName(sdkType));
name = AMConstants.CONTAINER_DEFAULT_TEMPLATE_ROLE;
if (!type.equals(IdType.REALM)) {
name = LDAPUtils.rdnValueFromDn(amsdkdnObject);
}
} catch (AMException ame) {
// Debug the message and return null
if (debug.messageEnabled()) {
debug.message("IdUtils.getIdentity: Unable to resolve " + "AMSDK DN: " + amsdkdn, ame);
}
return (null);
} catch (SSOException ssoe) {
// Debug the message and return null
if (debug.messageEnabled()) {
debug.message("IdUtils.getIdentity: Unable to resolve " + "AMSDK DN. Got SSOException", ssoe);
}
return (null);
}
// Need to determine realm for amsdkdn
String srealm = ROOT_SUFFIX;
if (!amsdkdn.equals(ROOT_SUFFIX) && !amsdkdn.equals(SERVICES_SUFFIX)) {
// Need to get the object type and walk up the tree
int index = amsdkdn.indexOf(ORG_NAMING_ATTR);
if (index == 0) {
srealm = OrgConfigViaAMSDK.getRealmForAMSDK(amsdkdn, realm);
} else if (index > 0) {
srealm = OrgConfigViaAMSDK.getRealmForAMSDK(amsdkdn.substring(index), realm);
}
if (debug.messageEnabled()) {
debug.message("IdUtils.getIdentity:: amsdkdn=" + amsdkdn + " maps to realm=" + srealm);
}
} else if (amsdkdn.equals(SERVICES_SUFFIX)) {
// Since amsdkdn points to services node,
// it should be reset to root suffix
amsdkdn = ROOT_SUFFIX;
}
return (new AMIdentity(amsdkdnObject, token, name, type, srealm));
}
use of com.iplanet.am.sdk.AMException in project OpenAM by OpenRock.
the class DSAMERole method getValidValues.
/**
* Returns a list of possible values for the <code>Subject
* </code> that matches the pattern.
*
* @param token the <code>SSOToken</code> that will be used
* to determine the possible values
*
* @return <code>ValidValues</code> object
*
* @exception SSOException if SSO token is not valid
* @exception PolicyException if unable to get the list of valid
* names.
*/
public ValidValues getValidValues(SSOToken token, String pattern) throws SSOException, PolicyException {
if (!initialized) {
throw (new PolicyException(ResBundleUtils.rbName, "role_subject_not_yet_initialized", null, null));
}
try {
AMStoreConnection amConnection = new AMStoreConnection(token);
AMOrganization orgObject = amConnection.getOrganization(organizationDN);
AMSearchControl sc = new AMSearchControl();
sc.setMaxResults(maxResults);
sc.setTimeOut(timeLimit);
sc.setSearchScope(roleSearchScope);
AMSearchResults results = orgObject.searchAllRoles(pattern, sc);
int status;
switch(results.getErrorCode()) {
case AMSearchResults.SUCCESS:
status = ValidValues.SUCCESS;
break;
case AMSearchResults.SIZE_LIMIT_EXCEEDED:
status = ValidValues.SIZE_LIMIT_EXCEEDED;
break;
case AMSearchResults.TIME_LIMIT_EXCEEDED:
status = ValidValues.TIME_LIMIT_EXCEEDED;
break;
default:
status = ValidValues.SUCCESS;
}
return new ValidValues(status, results.getSearchResults());
} catch (AMException e) {
LdapException lde = e.getLDAPException();
if (lde != null) {
ResultCode ldapErrorCode = lde.getResult().getResultCode();
if (ResultCode.INVALID_CREDENTIALS.equals(ldapErrorCode)) {
throw new PolicyException(ResBundleUtils.rbName, "ldap_invalid_password", null, null);
} else if (ResultCode.NO_SUCH_OBJECT.equals(ldapErrorCode)) {
String[] objs = { organizationDN };
throw new PolicyException(ResBundleUtils.rbName, "no_such_am_roles_base_dn", objs, null);
}
String errorMsg = lde.getResult().getDiagnosticMessage();
String additionalMsg = lde.getResult().getResultCode().getName().toString(Locale.ROOT);
if (additionalMsg != null) {
throw new PolicyException(errorMsg + ": " + additionalMsg);
} else {
throw new PolicyException(errorMsg);
}
}
throw new PolicyException(e);
}
}
use of com.iplanet.am.sdk.AMException in project OpenAM by OpenRock.
the class OrgConfigViaAMSDK method removeAttribute.
/**
* Removes the specified attribute from AMSDK organization. The organziation
* attribute names are defined in the IdRepo service.
*/
void removeAttribute(String attrName) throws SMSException {
if (attrName == null) {
return;
}
// Get the attribute mapping and removed specified attribute
Map attrMap = getAttributeMapping();
String amsdkAttrName = (String) attrMap.get(attrName);
if (amsdkAttrName != null) {
HashSet set = new HashSet();
set.add(amsdkAttrName);
try {
parentOrg.removeAttributes(set);
parentOrg.store();
} catch (AMException ame) {
if (debug.messageEnabled()) {
debug.message("OrgConfigViaAMSDK::removeAttribute" + ": failed with AMException", ame);
}
throw (new SMSException(AMSDKBundle.BUNDLE_NAME, ame.getMessage(), ame, ame.getMessage()));
} catch (SSOException ssoe) {
throw (new SMSException(bundle.getString("sms-INVALID_SSO_TOKEN"), ssoe, "sms-INVALID_SSO_TOKEN"));
}
}
}
use of com.iplanet.am.sdk.AMException in project OpenAM by OpenRock.
the class OrgConfigViaAMSDK method deleteSubOrganization.
/**
* Deletes sub-organiation using AMSDK. If recursive flag is set, then all
* sub-entries are also removed. Else if sub-entries are present this will
* throw an exception.
*/
void deleteSubOrganization(String subOrgName) throws SMSException {
try {
// Check if subOrgName is empty or null
if (subOrgName == null || subOrgName.trim().length() == 0) {
if (parentOrg.isExists()) {
parentOrg.delete(true);
}
return;
}
// Check if it is a hidden realm
if (subOrgName.startsWith(SMSEntry.SUN_INTERNAL_REALM_NAME)) {
return;
}
// Get the suborg DN
Set subOrgDNs = parentOrg.searchSubOrganizations(subOrgName, AMConstants.SCOPE_ONE);
if (subOrgDNs != null && !subOrgDNs.isEmpty()) {
for (Iterator items = subOrgDNs.iterator(); items.hasNext(); ) {
String dn = (String) items.next();
AMOrganization subOrg = parentOrg.getSubOrganization(dn);
if (subOrg != null) {
subOrg.delete(true);
}
}
} else {
AMOrganization subOrg = parentOrg.getSubOrganization(subOrgName);
if (subOrg != null) {
subOrg.delete(true);
}
}
} catch (AMException ame) {
if (debug.messageEnabled()) {
debug.message("OrgConfigViaAMSDK::deleteSubOrganization" + ": failed with AMException", ame);
}
throw (new SMSException(AMSDKBundle.BUNDLE_NAME, ame.getMessage(), ame, ame.getMessage()));
} catch (SSOException ssoe) {
throw (new SMSException(bundle.getString("sms-INVALID_SSO_TOKEN"), ssoe, "sms-INVALID_SSO_TOKEN"));
}
}
Aggregations