Search in sources :

Example 91 with AMException

use of com.iplanet.am.sdk.AMException in project OpenAM by OpenRock.

the class DirectoryServicesImpl method modifyRoleMembership.

/**
     * @param token
     * @param target
     * @param members
     * @param operation
     * @param profileType
     * @throws UMSException
     * @throws AMException
     */
private void modifyRoleMembership(SSOToken token, String target, Set members, int operation, int profileType) throws UMSException, AMException {
    ManagedRole role;
    try {
        role = (ManagedRole) UMSObject.getObject(token, new Guid(target));
    } catch (ClassCastException e) {
        debug.message("DirectoryServicesImpl.modifyRoleMembership() - Unable to " + "modify role membership", e);
        throw new AMException(token, "350");
    }
    // Since this target cannot be an Org. Get the parent
    String parentDN = role.getParentGuid().getDn();
    String orgDN = getOrganizationDN(token, parentDN);
    if (callBackHelper.isExistsPrePostPlugins(orgDN)) {
        members = callBackHelper.preProcessModifyMemberShip(token, target, orgDN, members, operation, profileType);
        if (members == null || members.isEmpty()) {
            return;
        }
    }
    switch(operation) {
        case ADD_MEMBER:
            Guid[] membersGuid = CommonUtils.toGuidArray(members);
            role.addMembers(membersGuid);
            // compilance related operations if needed.
            if (ComplianceServicesImpl.isAdminGroupsEnabled(parentDN)) {
                complianceImpl.verifyAndLinkRoleToGroup(token, membersGuid, target);
            }
            break;
        case REMOVE_MEMBER:
            // UMS does not have Role.removerMembers : TBD
            Object[] entries = members.toArray();
            for (int i = 0; i < entries.length; i++) {
                role.removeMember(new Guid((String) entries[i]));
            }
            // compilance related operations if needed.
            if (ComplianceServicesImpl.isAdminGroupsEnabled(parentDN)) {
                complianceImpl.verifyAndUnLinkRoleToGroup(token, members, target);
            }
            break;
        default:
            throw new AMException(token, "114");
    }
    // role membership.
    if (callBackHelper.isExistsPrePostPlugins(orgDN)) {
        // Here the new members are just the ones added not the complete Set
        callBackHelper.postProcessModifyMemberShip(token, target, orgDN, members, operation, profileType);
    }
}
Also used : AMException(com.iplanet.am.sdk.AMException) AMObject(com.iplanet.am.sdk.AMObject) UMSObject(com.iplanet.ums.UMSObject) PersistentObject(com.iplanet.ums.PersistentObject) Guid(com.iplanet.ums.Guid) ManagedRole(com.iplanet.ums.ManagedRole)

Example 92 with AMException

use of com.iplanet.am.sdk.AMException in project OpenAM by OpenRock.

the class DirectoryServicesImpl method unRegisterService.

// Rename from removeService to unRegisterService
/**
     * Un register service for a AMro profile.
     * 
     * @param token
     *            SSOToken
     * @param entryDN
     *            DN of the profile whose service is to be removed
     * @param objectType
     *            profile type
     * @param serviceName
     *            Service Name
     * @param type
     *            Template type
     */
public void unRegisterService(SSOToken token, String entryDN, int objectType, String serviceName, int type) throws AMException {
    if (type == AMTemplate.DYNAMIC_TEMPLATE) {
        // TODO:change "cn" to fleasible naming attribute for AMObject.ROLE
        try {
            PersistentObject po = UMSObject.getObjectHandle(token, new Guid(entryDN));
            COSManager cm = null;
            // COS Definition to obtaint depends on different profile type
            switch(objectType) {
                case AMObject.ROLE:
                case AMObject.FILTERED_ROLE:
                    cm = COSManager.getCOSManager(token, po.getParentGuid());
                    break;
                case AMObject.ORGANIZATION:
                case AMObject.ORGANIZATIONAL_UNIT:
                case AMObject.PEOPLE_CONTAINER:
                    cm = COSManager.getCOSManager(token, po.getGuid());
                    break;
                default:
                    // does not have COS
                    throw new AMException(token, "450");
            }
            DirectCOSDefinition dcos;
            try {
                dcos = (DirectCOSDefinition) cm.getDefinition(serviceName);
            } catch (COSNotFoundException e) {
                if (debug.messageEnabled()) {
                    debug.message("DirectoryServicesImpl." + "unRegisterService() " + "No COSDefinition found for service: " + serviceName);
                }
                Object[] args = { serviceName };
                String locale = CommonUtils.getUserLocale(token);
                throw new AMException(AMSDKBundle.getString("463", args, locale), "463", args);
            }
            // Remove the COS Definition and Template
            dcos.removeCOSTemplates();
            cm.removeDefinition(serviceName);
        } catch (AccessRightsException e) {
            debug.error("DirectoryServicesImpl.unRegisterService() " + "Insufficient Access rights to unRegister service: ", e);
            throw new AMException(token, "460");
        } catch (UMSException e) {
            debug.error("DirectoryServicesImpl.unRegisterService: " + "Unable to unregister service ", e);
            throw new AMException(token, "855", e);
        }
    }
}
Also used : DirectCOSDefinition(com.iplanet.ums.cos.DirectCOSDefinition) AccessRightsException(com.iplanet.ums.AccessRightsException) UMSException(com.iplanet.ums.UMSException) PersistentObject(com.iplanet.ums.PersistentObject) AMException(com.iplanet.am.sdk.AMException) Guid(com.iplanet.ums.Guid) COSManager(com.iplanet.ums.cos.COSManager) COSNotFoundException(com.iplanet.ums.cos.COSNotFoundException)

Example 93 with AMException

use of com.iplanet.am.sdk.AMException in project OpenAM by OpenRock.

the class DirectoryServicesImpl method search.

/**
     * Searches the Directory
     * 
     * @param token
     *            SSOToken
     * @param entryDN
     *            DN of the entry to start the search with
     * @param searchFilter
     *            search filter
     * @param searchScope
     *            search scope, BASE, ONELEVEL or SUBTREE
     * @return Set set of matching DNs
     */
public Set search(SSOToken token, String entryDN, String searchFilter, int searchScope) throws AMException {
    Set resultSet = Collections.EMPTY_SET;
    try {
        PersistentObject po = UMSObject.getObjectHandle(token, new Guid(entryDN));
        SearchControl control = new SearchControl();
        control.setSearchScope(searchScope);
        SearchResults results = po.search(searchFilter, control);
        resultSet = searchResultsToSet(results);
    } catch (UMSException ue) {
        LdapException lex = (LdapException) ue.getRootCause();
        ResultCode errorCode = lex.getResult().getResultCode();
        if (retryErrorCodes.contains("" + errorCode)) {
            throw new AMException(token, Integer.toString(errorCode.intValue()), ue);
        }
        if (debug.warningEnabled()) {
            debug.warning("DirectoryServicesImpl.search(token:, entryDN: " + entryDN + ", searchFilter: " + searchFilter + "searchScope: " + searchScope + " error occurred: ", ue);
        }
        processInternalException(token, ue, "341");
    }
    return resultSet;
}
Also used : Set(java.util.Set) OrderedSet(com.sun.identity.shared.datastruct.OrderedSet) TreeSet(java.util.TreeSet) HashSet(java.util.HashSet) AttrSet(com.iplanet.services.ldap.AttrSet) UMSException(com.iplanet.ums.UMSException) PersistentObject(com.iplanet.ums.PersistentObject) AMException(com.iplanet.am.sdk.AMException) Guid(com.iplanet.ums.Guid) SearchControl(com.iplanet.ums.SearchControl) AMSearchResults(com.iplanet.am.sdk.AMSearchResults) SearchResults(com.iplanet.ums.SearchResults) LdapException(org.forgerock.opendj.ldap.LdapException) ResultCode(org.forgerock.opendj.ldap.ResultCode)

Example 94 with AMException

use of com.iplanet.am.sdk.AMException in project OpenAM by OpenRock.

the class DirectoryServicesImpl method removeSingleEntry.

/**
     * Private method to delete a single entry
     */
private void removeSingleEntry(SSOToken token, String entryDN, int objectType, boolean softDelete) throws AMException, SSOException {
    Map attributes = null;
    EmailNotificationHelper mailer = null;
    String eDN = entryDN;
    if (objectType == AMObject.USER) {
        eDN = DN.valueOf(entryDN).parent().toString();
    }
    String orgDN = getOrganizationDN(internalToken, eDN);
    try {
        if (objectType == AMObject.USER) {
            // Extract a delete notification list
            mailer = new EmailNotificationHelper(entryDN);
            mailer.setUserDeleteNotificationList();
        }
        if ((getUserPostPlugin() != null) || (mailer != null && mailer.isPresentUserDeleteNotificationList())) {
            // Obtain the attributes needed to send notification and also
            // call backs as these won't be available after deletion
            attributes = getAttributes(token, entryDN, objectType);
        }
        processPreDeleteCallBacks(token, entryDN, attributes, orgDN, objectType, softDelete);
        // } else {
        if (dcTreeImpl.isRequired()) {
            String rfcDN = LDAPUtils.formatToRFC(entryDN);
            dcTreeImpl.removeDomain(internalToken, rfcDN);
        }
        Guid guid = new Guid(entryDN);
        UMSObject.removeObject(token, guid);
    // }
    } catch (AccessRightsException e) {
        debug.error("DirectoryServicesImpl.removeEntry() Insufficient " + "access rights to remove entry: " + entryDN, e);
        throw new AMException(token, "460");
    } catch (EntryNotFoundException e) {
        String entry = getEntryName(e);
        debug.error("DirectoryServicesImpl.removeEntry() Entry not found: " + entry, e);
        String msgid = getEntryNotFoundMsgID(objectType);
        Object[] args = { entry };
        String locale = CommonUtils.getUserLocale(token);
        throw new AMException(AMSDKBundle.getString(msgid, args, locale), msgid, args);
    } catch (UMSException e) {
        debug.error("DirectoryServicesImpl.removeEntry() Unable to remove: " + " Internal error occurred: ", e);
        throw new AMException(token, "325", e);
    }
    processPostDeleteCallBacks(token, entryDN, attributes, orgDN, objectType, softDelete);
    if (objectType == AMObject.USER) {
        AMUserEntryProcessed postPlugin = getUserPostPlugin();
        if (postPlugin != null) {
            // TODO: Remove after deprecating interface
            postPlugin.processUserDelete(token, entryDN, attributes);
        }
        if (mailer != null && mailer.isPresentUserDeleteNotificationList()) {
            mailer.sendUserDeleteNotification(attributes);
        }
    }
}
Also used : AccessRightsException(com.iplanet.ums.AccessRightsException) UMSException(com.iplanet.ums.UMSException) EntryNotFoundException(com.iplanet.ums.EntryNotFoundException) AMException(com.iplanet.am.sdk.AMException) AMUserEntryProcessed(com.iplanet.am.sdk.AMUserEntryProcessed) Guid(com.iplanet.ums.Guid) Map(java.util.Map) AMHashMap(com.iplanet.am.sdk.AMHashMap) HashMap(java.util.HashMap) TreeMap(java.util.TreeMap)

Example 95 with AMException

use of com.iplanet.am.sdk.AMException in project OpenAM by OpenRock.

the class DirectoryServicesImpl method removeAdminRole.

/**
     * Remove group admin role
     * 
     * @param token
     *            SSOToken of the caller
     * @param dn
     *            group DN
     * @param recursive
     *            true to delete all admin roles for all sub groups or sub
     *            people container
     */
public void removeAdminRole(SSOToken token, String dn, boolean recursive) throws SSOException, AMException {
    SSOTokenManager.getInstance().validateToken(token);
    if (debug.messageEnabled()) {
        debug.message("DirectoryServicesImpl.removeAdminRole() dn: " + dn + " recursive: " + recursive);
    }
    // first find out the admin role dn for the group
    DN ldapDN = DN.valueOf(dn);
    String orgDN = getOrganizationDN(token, ldapDN.parent().toString());
    String newdn = dn.replace(',', '_');
    String roleNameAttr = getNamingAttribute(AMObject.ROLE);
    String roleDN = new StringBuilder().append(roleNameAttr).append("=").append(newdn).append(",").append(orgDN).toString();
    Set adminRoles = Collections.EMPTY_SET;
    if (recursive) {
        String roleSearchFilter = SearchFilterManager.getSearchFilter(AMObject.ROLE, orgDN);
        StringBuilder sb = new StringBuilder();
        sb.append("(&").append(roleSearchFilter).append("(");
        sb.append(roleNameAttr).append("=*").append(newdn).append("))");
        adminRoles = search(token, orgDN, sb.toString(), SearchControl.SCOPE_ONE);
    } else {
        adminRoles = new HashSet();
        adminRoles.add(roleDN);
    }
    Iterator iter = adminRoles.iterator();
    while (iter.hasNext()) {
        String adminRoleDN = (String) iter.next();
        // remove all members from the role
        try {
            ManagedRole roleObj = (ManagedRole) UMSObject.getObject(token, new Guid(adminRoleDN));
            roleObj.removeAllMembers();
            // removeEntry(token, adminRoleDN, AMObject.ROLE, false, false);
            AMStoreConnection amsc = new AMStoreConnection(internalToken);
            AMRole role = amsc.getRole(adminRoleDN);
            role.delete(recursive);
        } catch (Exception e) {
            if (debug.messageEnabled()) {
                debug.message("DirectoryServicesImpl.removeAdminRole() " + "Unable to admin roles:", e);
            }
        }
    }
}
Also used : Set(java.util.Set) OrderedSet(com.sun.identity.shared.datastruct.OrderedSet) TreeSet(java.util.TreeSet) HashSet(java.util.HashSet) AttrSet(com.iplanet.services.ldap.AttrSet) AMStoreConnection(com.iplanet.am.sdk.AMStoreConnection) Iterator(java.util.Iterator) RDN(org.forgerock.opendj.ldap.RDN) DN(org.forgerock.opendj.ldap.DN) Guid(com.iplanet.ums.Guid) AMRole(com.iplanet.am.sdk.AMRole) EntryAlreadyExistsException(com.iplanet.ums.EntryAlreadyExistsException) UMSException(com.iplanet.ums.UMSException) AMEventManagerException(com.iplanet.am.sdk.AMEventManagerException) AMEntryExistsException(com.iplanet.am.sdk.AMEntryExistsException) SizeLimitExceededException(com.iplanet.ums.SizeLimitExceededException) AMInvalidDNException(com.iplanet.am.sdk.AMInvalidDNException) TimeLimitExceededException(com.iplanet.ums.TimeLimitExceededException) SSOException(com.iplanet.sso.SSOException) AccessRightsException(com.iplanet.ums.AccessRightsException) LdapException(org.forgerock.opendj.ldap.LdapException) InvalidSearchFilterException(com.iplanet.ums.InvalidSearchFilterException) SMSException(com.sun.identity.sm.SMSException) AMException(com.iplanet.am.sdk.AMException) AMPreCallBackException(com.iplanet.am.sdk.AMPreCallBackException) EntryNotFoundException(com.iplanet.ums.EntryNotFoundException) COSNotFoundException(com.iplanet.ums.cos.COSNotFoundException) HashSet(java.util.HashSet) ManagedRole(com.iplanet.ums.ManagedRole)

Aggregations

AMException (com.iplanet.am.sdk.AMException)127 SSOException (com.iplanet.sso.SSOException)56 Set (java.util.Set)35 AMEntryExistsException (com.iplanet.am.sdk.AMEntryExistsException)34 Guid (com.iplanet.ums.Guid)33 UMSException (com.iplanet.ums.UMSException)33 Map (java.util.Map)33 AMEventManagerException (com.iplanet.am.sdk.AMEventManagerException)32 RemoteException (java.rmi.RemoteException)31 AttrSet (com.iplanet.services.ldap.AttrSet)28 HashSet (java.util.HashSet)28 HashMap (java.util.HashMap)26 Iterator (java.util.Iterator)22 PersistentObject (com.iplanet.ums.PersistentObject)20 SSOToken (com.iplanet.sso.SSOToken)14 EntryNotFoundException (com.iplanet.ums.EntryNotFoundException)13 AMHashMap (com.iplanet.am.sdk.AMHashMap)12 AccessRightsException (com.iplanet.ums.AccessRightsException)12 SMSException (com.sun.identity.sm.SMSException)12 DN (org.forgerock.opendj.ldap.DN)12