use of com.iplanet.am.sdk.AMException in project OpenAM by OpenRock.
the class ComplianceServicesImpl method verifyAndLinkGroupToRole.
/**
* Method which verifies if the <code>groupDN</code> corresponds to an
* administrative role. If true then the members listed in
* <Code>membersGuid</Code> are added to the admin role.
*
* @param token
* SSO Token
* @param membersGuid
* Guid array of members to be operated on
* @param groupDN
* DN of the role
*
* @exception AMException
* if unsuccessful in adding the members to the corresponding
* admin group. As a result of which the memberOf and
* adminRole attributes are also not updated.
*/
protected void verifyAndLinkGroupToRole(SSOToken token, Guid[] membersGuid, String groupDN) throws AMException {
// Obtain the role corresponding to groupDN
DN dn = DN.valueOf(groupDN);
String roleName = getRoleFromGroupDN(dn);
if (roleName != null) {
// roleDN corresponds to an admin role
String orgDN = dn.parent().parent().toString();
String roleDN = NamingAttributeManager.getNamingAttribute(AMObject.ROLE) + "=" + roleName + "," + orgDN;
if (debug.messageEnabled()) {
debug.message("Compliance.verifyAndLinkGroupToRole" + " Linking group: " + groupDN + " to role :" + roleDN);
}
try {
// Add the members to corresponding group.
ManagedRole role = (ManagedRole) UMSObject.getObject(token, new Guid(roleDN));
role.addMembers(membersGuid);
} catch (EntryNotFoundException ex) {
debug.error("Compliance.verifyAndLinkGroupToRole: Admin " + "groups are missing");
} catch (UMSException ue) {
debug.error("Compliance.verifyAndLinkGroupToRole():", ue);
Object[] args = { roleDN };
throw new AMException(AMSDKBundle.getString("972", args), "771", args);
}
}
}
use of com.iplanet.am.sdk.AMException in project OpenAM by OpenRock.
the class ComplianceServicesImpl method verifyAndUnLinkGroupToRole.
/**
* Method which verifies if the groupDN corresponds to an admin role. If
* true then the <Code> members </Code> are removed from the admin role.
*
* @param token Single Sign On Token.
* @param members Set of member DNs to be operated.
* @param groupDN Distinguished Name of the group.
* @throws AMException if unsuccessful in removing the members from the
* corresponding admin groups and updating the <code>memberOf</code>
* and <code>adminRole</code> attribute values to null.
*/
protected void verifyAndUnLinkGroupToRole(SSOToken token, Set members, String groupDN) throws AMException {
// Obtain the group corresponding to roleDN
DN dn = DN.valueOf(groupDN);
String roleName = getRoleFromGroupDN(dn);
if (roleName != null) {
String orgDN = dn.parent().parent().toString();
String roleDN = NamingAttributeManager.getNamingAttribute(AMObject.ROLE) + "=" + roleName + "," + orgDN;
if (debug.messageEnabled()) {
debug.message("Compliance.verifyAndUnlinkGroupToRole(): " + "Unlinking group: " + groupDN + " to role :" + roleDN);
}
// Remove the members from the admin role
Iterator itr = members.iterator();
try {
ManagedRole role = (ManagedRole) UMSObject.getObject(token, new Guid(roleDN));
while (itr.hasNext()) {
String memberDN = (String) itr.next();
role.removeMember(new Guid(memberDN));
}
} catch (EntryNotFoundException ex) {
debug.error("Compliance.verifyAndUnLinkGroupToRole: Admin " + "groups are missing");
} catch (UMSException ue) {
debug.error("Compliance.verifyAndUnLinkGroupToRole(): ", ue);
Object[] args = { roleDN };
throw new AMException(AMSDKBundle.getString("972", args), "772", args);
}
}
}
use of com.iplanet.am.sdk.AMException in project OpenAM by OpenRock.
the class CallBackHelper method postProcessModifyMemberShip.
/**
* Special method for post processing memberShip modification for roles &
* groups.
*/
public void postProcessModifyMemberShip(SSOToken token, String entryDN, String orgDN, Set members, int operation, int objectType) throws AMException {
// Use the external impls instantiated at the time of pre-processing
Set implSet = getPrePostImpls(orgDN);
if ((implSet != null) && (!implSet.isEmpty())) {
// Iterate through the PrePost-Processing plugins and execute
Iterator itr = implSet.iterator();
while (itr.hasNext()) {
String className = (String) itr.next();
AMCallBack impl = getCallBackObject(className);
if (impl == null) {
continue;
}
try {
switch(operation) {
case DirectoryServicesImpl.ADD_MEMBER:
impl.postProcessAddUser(token, entryDN, members, objectType);
break;
case DirectoryServicesImpl.REMOVE_MEMBER:
impl.postProcessRemoveUser(token, entryDN, members, objectType);
break;
}
} catch (AMException ae) {
// Exception thrown by the external impl
debug.error("CallBackHelper.postProcessModifyMemberShip()" + ": Preprocessing impl " + impl.getClass().getName() + " exception thrown: ", ae);
}
}
}
}
use of com.iplanet.am.sdk.AMException in project OpenAM by OpenRock.
the class CachedDirectoryServicesImpl method getOrganizationDN.
/**
* Gets the Organization DN for the specified entryDN. If the entry itself
* is an org, then same DN is returned.
* <p>
* <b>NOTE:</b> This method will involve serveral directory searches, hence
* be cautious of Performance hit.
*
* <p>
* This method does not call its base classes method unlike the rest of the
* overriden methods to obtain the organization DN, as it requires special
* processing requirements.
*
* @param token
* a valid SSOToken
* @param entryDN
* the entry whose parent Organization is to be obtained
* @return the DN String of the parent Organization
* @throws AMException
* if an error occured while obtaining the parent Organization
*/
public String getOrganizationDN(SSOToken token, String entryDN) throws AMException {
if (!LDAPUtils.isDN(entryDN)) {
debug.error("CachedDirectoryServicesImpl.getOrganizationDN() " + "Invalid DN: " + entryDN);
throw new AMException(token, "157");
}
String organizationDN = "";
Set childDNSet = new HashSet();
boolean errorCondition = false;
boolean found = false;
while (!errorCondition && !found) {
DN dnObject = DN.valueOf(entryDN);
boolean lookupDirectory = true;
String childDN = dnObject.toString().toLowerCase();
if (debug.messageEnabled()) {
debug.message("CachedDirectoryServicesImpl." + "getOrganizationDN() - looping Organization DN for" + " entry: " + childDN);
}
CacheBlock cb = (CacheBlock) sdkCache.get(childDN);
if (cb != null) {
organizationDN = cb.getOrganizationDN();
if (organizationDN != null) {
if (debug.messageEnabled()) {
debug.message("CachedDirectoryServicesImpl." + "getOrganizationDN(): found OrganizationDN: " + organizationDN + " for: " + childDN);
}
found = true;
setOrganizationDNs(organizationDN, childDNSet);
continue;
} else if (cb.getObjectType() == AMObject.ORGANIZATION || cb.getObjectType() == AMObject.ORGANIZATIONAL_UNIT) {
// Object type is organization
organizationDN = childDN;
found = true;
childDNSet.add(childDN);
setOrganizationDNs(organizationDN, childDNSet);
continue;
} else if (cb.getObjectType() != AMObject.UNDETERMINED_OBJECT_TYPE) {
// Don't lookup directory if the object type is unknown
lookupDirectory = false;
}
}
childDNSet.add(childDN);
if (lookupDirectory) {
organizationDN = super.verifyAndGetOrgDN(token, entryDN, childDN);
}
if (organizationDN != null && organizationDN.length() > 0) {
found = true;
setOrganizationDNs(organizationDN, childDNSet);
} else if (dnObject.size() == 1) {
// Reached topmost level
errorCondition = true;
debug.error("CachedDirectoryServicesImpl.getOrgnizationDN(): " + "Reached root suffix. Unable to get parent Org");
} else {
// Climb tree on level up
dnObject = dnObject.parent();
}
}
return organizationDN;
}
use of com.iplanet.am.sdk.AMException in project OpenAM by OpenRock.
the class CachedDirectoryServicesImpl method validateEntry.
/**
* Method to be called to validate the entry before any of the get/put/
* remove methods are called.
*
* @throws AMException
* if the entry does not exist in the DS
*/
private void validateEntry(SSOToken token, CacheBlock cb) throws AMException {
if (!cb.hasExpiredAndUpdated() && !cb.isExists()) {
// Entry does not exist in DS, invalid entry
String dn = cb.getEntryDN();
boolean isPresent = super.doesEntryExists(token, dn);
if (debug.messageEnabled()) {
debug.message("CachedDirectoryServicesImpl.validateEntry():" + " DN " + dn + " got from DS & exists: " + isPresent);
}
if (isPresent) {
// Intialize the CacheBlock based on isPresent
// else throw '461' exception/error message.
// This is for certain containers created dynamically.
// eg. ou=agents,ou=container,ou=agents.
String rfcDN = LDAPUtils.formatToRFC(dn);
cb = new CacheBlock(rfcDN, isPresent);
sdkCache.put(rfcDN, cb);
} else {
String locale = CommonUtils.getUserLocale(token);
Object[] args = { dn };
throw new AMException(AMSDKBundle.getString("461", args, locale), "461", args);
}
}
}
Aggregations