Search in sources :

Example 61 with AMException

use of com.iplanet.am.sdk.AMException in project OpenAM by OpenRock.

the class ComplianceServicesImpl method verifyAndLinkGroupToRole.

/**
     * Method which verifies if the <code>groupDN</code> corresponds to an
     * administrative role. If true then the members listed in 
     * <Code>membersGuid</Code> are added to the admin role.
     * 
     * @param token
     *            SSO Token
     * @param membersGuid
     *            Guid array of members to be operated on
     * @param groupDN
     *            DN of the role
     * 
     * @exception AMException
     *                if unsuccessful in adding the members to the corresponding
     *                admin group. As a result of which the memberOf and
     *                adminRole attributes are also not updated.
     */
protected void verifyAndLinkGroupToRole(SSOToken token, Guid[] membersGuid, String groupDN) throws AMException {
    // Obtain the role corresponding to groupDN
    DN dn = DN.valueOf(groupDN);
    String roleName = getRoleFromGroupDN(dn);
    if (roleName != null) {
        // roleDN corresponds to an admin role
        String orgDN = dn.parent().parent().toString();
        String roleDN = NamingAttributeManager.getNamingAttribute(AMObject.ROLE) + "=" + roleName + "," + orgDN;
        if (debug.messageEnabled()) {
            debug.message("Compliance.verifyAndLinkGroupToRole" + " Linking group: " + groupDN + " to role :" + roleDN);
        }
        try {
            // Add the members to corresponding group.
            ManagedRole role = (ManagedRole) UMSObject.getObject(token, new Guid(roleDN));
            role.addMembers(membersGuid);
        } catch (EntryNotFoundException ex) {
            debug.error("Compliance.verifyAndLinkGroupToRole: Admin " + "groups are missing");
        } catch (UMSException ue) {
            debug.error("Compliance.verifyAndLinkGroupToRole():", ue);
            Object[] args = { roleDN };
            throw new AMException(AMSDKBundle.getString("972", args), "771", args);
        }
    }
}
Also used : UMSException(com.iplanet.ums.UMSException) EntryNotFoundException(com.iplanet.ums.EntryNotFoundException) AMException(com.iplanet.am.sdk.AMException) DN(org.forgerock.opendj.ldap.DN) Guid(com.iplanet.ums.Guid) ManagedRole(com.iplanet.ums.ManagedRole)

Example 62 with AMException

use of com.iplanet.am.sdk.AMException in project OpenAM by OpenRock.

the class ComplianceServicesImpl method verifyAndUnLinkGroupToRole.

/**
     * Method which verifies if the groupDN corresponds to an admin role. If
     * true then the <Code> members </Code> are removed from the admin role.
     * 
     * @param token Single Sign On Token.
     * @param members Set of member DNs to be operated.
     * @param groupDN Distinguished Name of the group.
     * @throws AMException if unsuccessful in removing the members from the
     *         corresponding admin groups and updating the <code>memberOf</code>
     *         and <code>adminRole</code> attribute values to null.
     */
protected void verifyAndUnLinkGroupToRole(SSOToken token, Set members, String groupDN) throws AMException {
    // Obtain the group corresponding to roleDN
    DN dn = DN.valueOf(groupDN);
    String roleName = getRoleFromGroupDN(dn);
    if (roleName != null) {
        String orgDN = dn.parent().parent().toString();
        String roleDN = NamingAttributeManager.getNamingAttribute(AMObject.ROLE) + "=" + roleName + "," + orgDN;
        if (debug.messageEnabled()) {
            debug.message("Compliance.verifyAndUnlinkGroupToRole(): " + "Unlinking group: " + groupDN + " to role :" + roleDN);
        }
        // Remove the members from the admin role
        Iterator itr = members.iterator();
        try {
            ManagedRole role = (ManagedRole) UMSObject.getObject(token, new Guid(roleDN));
            while (itr.hasNext()) {
                String memberDN = (String) itr.next();
                role.removeMember(new Guid(memberDN));
            }
        } catch (EntryNotFoundException ex) {
            debug.error("Compliance.verifyAndUnLinkGroupToRole: Admin " + "groups are missing");
        } catch (UMSException ue) {
            debug.error("Compliance.verifyAndUnLinkGroupToRole(): ", ue);
            Object[] args = { roleDN };
            throw new AMException(AMSDKBundle.getString("972", args), "772", args);
        }
    }
}
Also used : UMSException(com.iplanet.ums.UMSException) Iterator(java.util.Iterator) EntryNotFoundException(com.iplanet.ums.EntryNotFoundException) AMException(com.iplanet.am.sdk.AMException) DN(org.forgerock.opendj.ldap.DN) Guid(com.iplanet.ums.Guid) ManagedRole(com.iplanet.ums.ManagedRole)

Example 63 with AMException

use of com.iplanet.am.sdk.AMException in project OpenAM by OpenRock.

the class CallBackHelper method postProcessModifyMemberShip.

/**
     * Special method for post processing memberShip modification for roles &
     * groups.
     */
public void postProcessModifyMemberShip(SSOToken token, String entryDN, String orgDN, Set members, int operation, int objectType) throws AMException {
    // Use the external impls instantiated at the time of pre-processing
    Set implSet = getPrePostImpls(orgDN);
    if ((implSet != null) && (!implSet.isEmpty())) {
        // Iterate through the PrePost-Processing plugins and execute
        Iterator itr = implSet.iterator();
        while (itr.hasNext()) {
            String className = (String) itr.next();
            AMCallBack impl = getCallBackObject(className);
            if (impl == null) {
                continue;
            }
            try {
                switch(operation) {
                    case DirectoryServicesImpl.ADD_MEMBER:
                        impl.postProcessAddUser(token, entryDN, members, objectType);
                        break;
                    case DirectoryServicesImpl.REMOVE_MEMBER:
                        impl.postProcessRemoveUser(token, entryDN, members, objectType);
                        break;
                }
            } catch (AMException ae) {
                // Exception thrown by the external impl
                debug.error("CallBackHelper.postProcessModifyMemberShip()" + ": Preprocessing impl " + impl.getClass().getName() + " exception thrown: ", ae);
            }
        }
    }
}
Also used : AMCallBack(com.iplanet.am.sdk.AMCallBack) AttrSet(com.iplanet.services.ldap.AttrSet) Set(java.util.Set) Iterator(java.util.Iterator) AMException(com.iplanet.am.sdk.AMException)

Example 64 with AMException

use of com.iplanet.am.sdk.AMException in project OpenAM by OpenRock.

the class CachedDirectoryServicesImpl method getOrganizationDN.

/**
     * Gets the Organization DN for the specified entryDN. If the entry itself
     * is an org, then same DN is returned.
     * <p>
     * <b>NOTE:</b> This method will involve serveral directory searches, hence
     * be cautious of Performance hit.
     * 
     * <p>
     * This method does not call its base classes method unlike the rest of the
     * overriden methods to obtain the organization DN, as it requires special
     * processing requirements.
     * 
     * @param token
     *            a valid SSOToken
     * @param entryDN
     *            the entry whose parent Organization is to be obtained
     * @return the DN String of the parent Organization
     * @throws AMException
     *             if an error occured while obtaining the parent Organization
     */
public String getOrganizationDN(SSOToken token, String entryDN) throws AMException {
    if (!LDAPUtils.isDN(entryDN)) {
        debug.error("CachedDirectoryServicesImpl.getOrganizationDN() " + "Invalid DN: " + entryDN);
        throw new AMException(token, "157");
    }
    String organizationDN = "";
    Set childDNSet = new HashSet();
    boolean errorCondition = false;
    boolean found = false;
    while (!errorCondition && !found) {
        DN dnObject = DN.valueOf(entryDN);
        boolean lookupDirectory = true;
        String childDN = dnObject.toString().toLowerCase();
        if (debug.messageEnabled()) {
            debug.message("CachedDirectoryServicesImpl." + "getOrganizationDN() - looping Organization DN for" + " entry: " + childDN);
        }
        CacheBlock cb = (CacheBlock) sdkCache.get(childDN);
        if (cb != null) {
            organizationDN = cb.getOrganizationDN();
            if (organizationDN != null) {
                if (debug.messageEnabled()) {
                    debug.message("CachedDirectoryServicesImpl." + "getOrganizationDN(): found OrganizationDN: " + organizationDN + " for: " + childDN);
                }
                found = true;
                setOrganizationDNs(organizationDN, childDNSet);
                continue;
            } else if (cb.getObjectType() == AMObject.ORGANIZATION || cb.getObjectType() == AMObject.ORGANIZATIONAL_UNIT) {
                // Object type is organization
                organizationDN = childDN;
                found = true;
                childDNSet.add(childDN);
                setOrganizationDNs(organizationDN, childDNSet);
                continue;
            } else if (cb.getObjectType() != AMObject.UNDETERMINED_OBJECT_TYPE) {
                // Don't lookup directory if the object type is unknown
                lookupDirectory = false;
            }
        }
        childDNSet.add(childDN);
        if (lookupDirectory) {
            organizationDN = super.verifyAndGetOrgDN(token, entryDN, childDN);
        }
        if (organizationDN != null && organizationDN.length() > 0) {
            found = true;
            setOrganizationDNs(organizationDN, childDNSet);
        } else if (dnObject.size() == 1) {
            // Reached topmost level
            errorCondition = true;
            debug.error("CachedDirectoryServicesImpl.getOrgnizationDN(): " + "Reached root suffix. Unable to get parent Org");
        } else {
            // Climb tree on level up
            dnObject = dnObject.parent();
        }
    }
    return organizationDN;
}
Also used : Set(java.util.Set) HashSet(java.util.HashSet) AMException(com.iplanet.am.sdk.AMException) DN(org.forgerock.opendj.ldap.DN) CacheBlock(com.iplanet.am.sdk.common.CacheBlock) HashSet(java.util.HashSet)

Example 65 with AMException

use of com.iplanet.am.sdk.AMException in project OpenAM by OpenRock.

the class CachedDirectoryServicesImpl method validateEntry.

/**
     * Method to be called to validate the entry before any of the get/put/
     * remove methods are called.
     * 
     * @throws AMException
     *             if the entry does not exist in the DS
     */
private void validateEntry(SSOToken token, CacheBlock cb) throws AMException {
    if (!cb.hasExpiredAndUpdated() && !cb.isExists()) {
        // Entry does not exist in DS, invalid entry
        String dn = cb.getEntryDN();
        boolean isPresent = super.doesEntryExists(token, dn);
        if (debug.messageEnabled()) {
            debug.message("CachedDirectoryServicesImpl.validateEntry():" + " DN " + dn + " got from DS & exists: " + isPresent);
        }
        if (isPresent) {
            // Intialize the CacheBlock based on isPresent
            // else throw '461' exception/error message.
            // This is for certain containers created dynamically.
            // eg. ou=agents,ou=container,ou=agents.
            String rfcDN = LDAPUtils.formatToRFC(dn);
            cb = new CacheBlock(rfcDN, isPresent);
            sdkCache.put(rfcDN, cb);
        } else {
            String locale = CommonUtils.getUserLocale(token);
            Object[] args = { dn };
            throw new AMException(AMSDKBundle.getString("461", args, locale), "461", args);
        }
    }
}
Also used : AMException(com.iplanet.am.sdk.AMException) CacheBlock(com.iplanet.am.sdk.common.CacheBlock) AMObject(com.iplanet.am.sdk.AMObject)

Aggregations

AMException (com.iplanet.am.sdk.AMException)127 SSOException (com.iplanet.sso.SSOException)56 Set (java.util.Set)35 AMEntryExistsException (com.iplanet.am.sdk.AMEntryExistsException)34 Guid (com.iplanet.ums.Guid)33 UMSException (com.iplanet.ums.UMSException)33 Map (java.util.Map)33 AMEventManagerException (com.iplanet.am.sdk.AMEventManagerException)32 RemoteException (java.rmi.RemoteException)31 AttrSet (com.iplanet.services.ldap.AttrSet)28 HashSet (java.util.HashSet)28 HashMap (java.util.HashMap)26 Iterator (java.util.Iterator)22 PersistentObject (com.iplanet.ums.PersistentObject)20 SSOToken (com.iplanet.sso.SSOToken)14 EntryNotFoundException (com.iplanet.ums.EntryNotFoundException)13 AMHashMap (com.iplanet.am.sdk.AMHashMap)12 AccessRightsException (com.iplanet.ums.AccessRightsException)12 SMSException (com.sun.identity.sm.SMSException)12 DN (org.forgerock.opendj.ldap.DN)12