use of com.iplanet.am.sdk.AMException in project OpenAM by OpenRock.
the class DirectoryServicesImpl method modifyRoleMembership.
/**
* @param token
* @param target
* @param members
* @param operation
* @param profileType
* @throws UMSException
* @throws AMException
*/
private void modifyRoleMembership(SSOToken token, String target, Set members, int operation, int profileType) throws UMSException, AMException {
ManagedRole role;
try {
role = (ManagedRole) UMSObject.getObject(token, new Guid(target));
} catch (ClassCastException e) {
debug.message("DirectoryServicesImpl.modifyRoleMembership() - Unable to " + "modify role membership", e);
throw new AMException(token, "350");
}
// Since this target cannot be an Org. Get the parent
String parentDN = role.getParentGuid().getDn();
String orgDN = getOrganizationDN(token, parentDN);
if (callBackHelper.isExistsPrePostPlugins(orgDN)) {
members = callBackHelper.preProcessModifyMemberShip(token, target, orgDN, members, operation, profileType);
if (members == null || members.isEmpty()) {
return;
}
}
switch(operation) {
case ADD_MEMBER:
Guid[] membersGuid = CommonUtils.toGuidArray(members);
role.addMembers(membersGuid);
// compilance related operations if needed.
if (ComplianceServicesImpl.isAdminGroupsEnabled(parentDN)) {
complianceImpl.verifyAndLinkRoleToGroup(token, membersGuid, target);
}
break;
case REMOVE_MEMBER:
// UMS does not have Role.removerMembers : TBD
Object[] entries = members.toArray();
for (int i = 0; i < entries.length; i++) {
role.removeMember(new Guid((String) entries[i]));
}
// compilance related operations if needed.
if (ComplianceServicesImpl.isAdminGroupsEnabled(parentDN)) {
complianceImpl.verifyAndUnLinkRoleToGroup(token, members, target);
}
break;
default:
throw new AMException(token, "114");
}
// role membership.
if (callBackHelper.isExistsPrePostPlugins(orgDN)) {
// Here the new members are just the ones added not the complete Set
callBackHelper.postProcessModifyMemberShip(token, target, orgDN, members, operation, profileType);
}
}
use of com.iplanet.am.sdk.AMException in project OpenAM by OpenRock.
the class DirectoryServicesImpl method unRegisterService.
// Rename from removeService to unRegisterService
/**
* Un register service for a AMro profile.
*
* @param token
* SSOToken
* @param entryDN
* DN of the profile whose service is to be removed
* @param objectType
* profile type
* @param serviceName
* Service Name
* @param type
* Template type
*/
public void unRegisterService(SSOToken token, String entryDN, int objectType, String serviceName, int type) throws AMException {
if (type == AMTemplate.DYNAMIC_TEMPLATE) {
// TODO:change "cn" to fleasible naming attribute for AMObject.ROLE
try {
PersistentObject po = UMSObject.getObjectHandle(token, new Guid(entryDN));
COSManager cm = null;
// COS Definition to obtaint depends on different profile type
switch(objectType) {
case AMObject.ROLE:
case AMObject.FILTERED_ROLE:
cm = COSManager.getCOSManager(token, po.getParentGuid());
break;
case AMObject.ORGANIZATION:
case AMObject.ORGANIZATIONAL_UNIT:
case AMObject.PEOPLE_CONTAINER:
cm = COSManager.getCOSManager(token, po.getGuid());
break;
default:
// does not have COS
throw new AMException(token, "450");
}
DirectCOSDefinition dcos;
try {
dcos = (DirectCOSDefinition) cm.getDefinition(serviceName);
} catch (COSNotFoundException e) {
if (debug.messageEnabled()) {
debug.message("DirectoryServicesImpl." + "unRegisterService() " + "No COSDefinition found for service: " + serviceName);
}
Object[] args = { serviceName };
String locale = CommonUtils.getUserLocale(token);
throw new AMException(AMSDKBundle.getString("463", args, locale), "463", args);
}
// Remove the COS Definition and Template
dcos.removeCOSTemplates();
cm.removeDefinition(serviceName);
} catch (AccessRightsException e) {
debug.error("DirectoryServicesImpl.unRegisterService() " + "Insufficient Access rights to unRegister service: ", e);
throw new AMException(token, "460");
} catch (UMSException e) {
debug.error("DirectoryServicesImpl.unRegisterService: " + "Unable to unregister service ", e);
throw new AMException(token, "855", e);
}
}
}
use of com.iplanet.am.sdk.AMException in project OpenAM by OpenRock.
the class DirectoryServicesImpl method search.
/**
* Searches the Directory
*
* @param token
* SSOToken
* @param entryDN
* DN of the entry to start the search with
* @param searchFilter
* search filter
* @param searchScope
* search scope, BASE, ONELEVEL or SUBTREE
* @return Set set of matching DNs
*/
public Set search(SSOToken token, String entryDN, String searchFilter, int searchScope) throws AMException {
Set resultSet = Collections.EMPTY_SET;
try {
PersistentObject po = UMSObject.getObjectHandle(token, new Guid(entryDN));
SearchControl control = new SearchControl();
control.setSearchScope(searchScope);
SearchResults results = po.search(searchFilter, control);
resultSet = searchResultsToSet(results);
} catch (UMSException ue) {
LdapException lex = (LdapException) ue.getRootCause();
ResultCode errorCode = lex.getResult().getResultCode();
if (retryErrorCodes.contains("" + errorCode)) {
throw new AMException(token, Integer.toString(errorCode.intValue()), ue);
}
if (debug.warningEnabled()) {
debug.warning("DirectoryServicesImpl.search(token:, entryDN: " + entryDN + ", searchFilter: " + searchFilter + "searchScope: " + searchScope + " error occurred: ", ue);
}
processInternalException(token, ue, "341");
}
return resultSet;
}
use of com.iplanet.am.sdk.AMException in project OpenAM by OpenRock.
the class DirectoryServicesImpl method removeSingleEntry.
/**
* Private method to delete a single entry
*/
private void removeSingleEntry(SSOToken token, String entryDN, int objectType, boolean softDelete) throws AMException, SSOException {
Map attributes = null;
EmailNotificationHelper mailer = null;
String eDN = entryDN;
if (objectType == AMObject.USER) {
eDN = DN.valueOf(entryDN).parent().toString();
}
String orgDN = getOrganizationDN(internalToken, eDN);
try {
if (objectType == AMObject.USER) {
// Extract a delete notification list
mailer = new EmailNotificationHelper(entryDN);
mailer.setUserDeleteNotificationList();
}
if ((getUserPostPlugin() != null) || (mailer != null && mailer.isPresentUserDeleteNotificationList())) {
// Obtain the attributes needed to send notification and also
// call backs as these won't be available after deletion
attributes = getAttributes(token, entryDN, objectType);
}
processPreDeleteCallBacks(token, entryDN, attributes, orgDN, objectType, softDelete);
// } else {
if (dcTreeImpl.isRequired()) {
String rfcDN = LDAPUtils.formatToRFC(entryDN);
dcTreeImpl.removeDomain(internalToken, rfcDN);
}
Guid guid = new Guid(entryDN);
UMSObject.removeObject(token, guid);
// }
} catch (AccessRightsException e) {
debug.error("DirectoryServicesImpl.removeEntry() Insufficient " + "access rights to remove entry: " + entryDN, e);
throw new AMException(token, "460");
} catch (EntryNotFoundException e) {
String entry = getEntryName(e);
debug.error("DirectoryServicesImpl.removeEntry() Entry not found: " + entry, e);
String msgid = getEntryNotFoundMsgID(objectType);
Object[] args = { entry };
String locale = CommonUtils.getUserLocale(token);
throw new AMException(AMSDKBundle.getString(msgid, args, locale), msgid, args);
} catch (UMSException e) {
debug.error("DirectoryServicesImpl.removeEntry() Unable to remove: " + " Internal error occurred: ", e);
throw new AMException(token, "325", e);
}
processPostDeleteCallBacks(token, entryDN, attributes, orgDN, objectType, softDelete);
if (objectType == AMObject.USER) {
AMUserEntryProcessed postPlugin = getUserPostPlugin();
if (postPlugin != null) {
// TODO: Remove after deprecating interface
postPlugin.processUserDelete(token, entryDN, attributes);
}
if (mailer != null && mailer.isPresentUserDeleteNotificationList()) {
mailer.sendUserDeleteNotification(attributes);
}
}
}
use of com.iplanet.am.sdk.AMException in project OpenAM by OpenRock.
the class DirectoryServicesImpl method removeAdminRole.
/**
* Remove group admin role
*
* @param token
* SSOToken of the caller
* @param dn
* group DN
* @param recursive
* true to delete all admin roles for all sub groups or sub
* people container
*/
public void removeAdminRole(SSOToken token, String dn, boolean recursive) throws SSOException, AMException {
SSOTokenManager.getInstance().validateToken(token);
if (debug.messageEnabled()) {
debug.message("DirectoryServicesImpl.removeAdminRole() dn: " + dn + " recursive: " + recursive);
}
// first find out the admin role dn for the group
DN ldapDN = DN.valueOf(dn);
String orgDN = getOrganizationDN(token, ldapDN.parent().toString());
String newdn = dn.replace(',', '_');
String roleNameAttr = getNamingAttribute(AMObject.ROLE);
String roleDN = new StringBuilder().append(roleNameAttr).append("=").append(newdn).append(",").append(orgDN).toString();
Set adminRoles = Collections.EMPTY_SET;
if (recursive) {
String roleSearchFilter = SearchFilterManager.getSearchFilter(AMObject.ROLE, orgDN);
StringBuilder sb = new StringBuilder();
sb.append("(&").append(roleSearchFilter).append("(");
sb.append(roleNameAttr).append("=*").append(newdn).append("))");
adminRoles = search(token, orgDN, sb.toString(), SearchControl.SCOPE_ONE);
} else {
adminRoles = new HashSet();
adminRoles.add(roleDN);
}
Iterator iter = adminRoles.iterator();
while (iter.hasNext()) {
String adminRoleDN = (String) iter.next();
// remove all members from the role
try {
ManagedRole roleObj = (ManagedRole) UMSObject.getObject(token, new Guid(adminRoleDN));
roleObj.removeAllMembers();
// removeEntry(token, adminRoleDN, AMObject.ROLE, false, false);
AMStoreConnection amsc = new AMStoreConnection(internalToken);
AMRole role = amsc.getRole(adminRoleDN);
role.delete(recursive);
} catch (Exception e) {
if (debug.messageEnabled()) {
debug.message("DirectoryServicesImpl.removeAdminRole() " + "Unable to admin roles:", e);
}
}
}
}
Aggregations