use of com.iplanet.am.sdk.AMException in project OpenAM by OpenRock.
the class LoginState method getContainerDN.
/**
* Return DN for container
*
* @param containerDNs set of DN for containers
* @throws AuthException if container name is invalid
*/
void getContainerDN(Set containerDNs) throws AuthException {
String userOrgDN = null;
String agentContainerDN = null;
// Check Container DNs for NULL
if ((containerDNs == null) || (containerDNs.isEmpty())) {
DEBUG.message("Container DNs is null");
} else {
Iterator it = containerDNs.iterator();
while (it.hasNext()) {
String containerName = (String) it.next();
try {
if (DN.valueOf(containerName).isInScopeOf(getOrgDN(), SearchScope.WHOLE_SUBTREE)) {
int containerType = LazyConfig.AUTHD.getSDK().getAMObjectType(containerName);
if (DEBUG.messageEnabled()) {
DEBUG.message("Container Type = " + containerType);
DEBUG.message("Container Name = " + containerName);
}
if ((containerType == AMObject.ORGANIZATIONAL_UNIT) && (agentContainerDN == null)) {
agentContainerDN = containerName;
identityTypes.add("agent");
} else if ((containerType == AMObject.ORGANIZATION) && (userOrgDN == null)) {
userOrgDN = containerName;
identityTypes.add("agent");
identityTypes.add("user");
} else if ((containerType == AMObject.PEOPLE_CONTAINER) && (userContainerDN == null)) {
userContainerDN = containerName;
identityTypes.add("user");
}
}
if (userContainerDN != null && agentContainerDN != null && userOrgDN != null) {
break;
}
} catch (Exception e) {
DEBUG.error("Container - " + containerName + " is INVALID :- ", e);
continue;
}
}
}
if (userContainerDN == null) {
try {
userContainerDN = AMStoreConnection.getNamingAttribute(AMObject.PEOPLE_CONTAINER) + "=" + AdminInterfaceUtils.defaultPeopleContainerName() + "," + getOrgDN();
identityTypes.add("user");
} catch (AMException aec) {
DEBUG.message("Cannot get userContainer DN");
}
}
if (userContainerDN == null && agentContainerDN == null) {
DEBUG.message("No Valid Container in the list");
throw new AuthException(AMAuthErrorCode.AUTH_ERROR, null);
}
if (DEBUG.messageEnabled()) {
DEBUG.message("agentContainerDN = " + agentContainerDN);
DEBUG.message("userContainerDN = " + userContainerDN);
DEBUG.message("userOrgDN set in PC atrr = " + userOrgDN);
}
}
use of com.iplanet.am.sdk.AMException in project OpenAM by OpenRock.
the class IdUtils method getOrganization.
/**
* Returns an organization which maps to the identifier used by application
*
* @param orgIdentifier Organization identifier
* @return Organization mapping to that identifier.
*/
public static String getOrganization(SSOToken token, String orgIdentifier) throws IdRepoException, SSOException {
// Check in cache first
String id = null;
if ((id = (String) orgIdentifierToOrgName.get(orgIdentifier)) != null) {
return (id);
}
// Compute the organization name
if (debug.messageEnabled()) {
debug.message("IdUtils:getOrganization Input orgname: " + orgIdentifier);
}
if (orgIdentifier == null || orgIdentifier.length() == 0 || orgIdentifier.equals("/")) {
// Return base DN
id = DNMapper.orgNameToDN("/");
} else if (orgIdentifier.startsWith("/")) {
// If orgIdentifier is in "/" format covert to DN and return
id = DNMapper.orgNameToDN(orgIdentifier);
try {
new OrganizationConfigManager(token, orgIdentifier);
} catch (SMSException e) {
debug.message("IdUtils.getOrganization Exception in getting org name from SMS", e);
Object[] args = { orgIdentifier };
throw new IdRepoException(IdRepoBundle.BUNDLE_NAME, IdRepoErrorCode.NO_MAPPING_FOUND, args);
}
} else if (LDAPUtils.isDN(orgIdentifier)) {
id = orgIdentifier;
try {
// Search for realms with orgIdentifier name
OrganizationConfigManager ocm = new OrganizationConfigManager(token, orgIdentifier);
} catch (SMSException smse) {
// debug message here.
if (debug.messageEnabled()) {
debug.message("IdUtils.getOrganization Exception in " + "getting org name from SMS", smse);
}
Object[] args = { orgIdentifier };
throw new IdRepoException(IdRepoBundle.BUNDLE_NAME, IdRepoErrorCode.NO_MAPPING_FOUND, args);
}
} else if (ServiceManager.isCoexistenceMode()) {
// Return the org DN as determined by AMStoreConnection
if (debug.messageEnabled()) {
debug.message("IdUtils.getOrganization: getting from AMSDK");
}
try {
AMStoreConnection amsc = new AMStoreConnection(token);
id = amsc.getOrganizationDN(orgIdentifier, null);
} catch (AMException ame) {
if (debug.messageEnabled()) {
debug.message("IdUtils.getOrganization Exception in " + "getting org name from AMSDK", ame);
}
throw convertAMException(ame);
}
} else {
// Get the realm name from SMS
if (debug.messageEnabled()) {
debug.message("IdUtils.getOrganization: getting from " + "SMS realms");
}
try {
boolean foundOrg = false;
ServiceManager sm = new ServiceManager(token);
// First search for realms with orgIdentifier name
OrganizationConfigManager ocm = sm.getOrganizationConfigManager("/");
Set subOrgNames = ocm.getSubOrganizationNames(orgIdentifier, true);
if (subOrgNames != null && !subOrgNames.isEmpty()) {
if (subOrgNames.size() == 1) {
id = DNMapper.orgNameToDN((String) subOrgNames.iterator().next());
foundOrg = true;
} else {
for (Iterator items = subOrgNames.iterator(); items.hasNext(); ) {
// check for orgIdentifier
String subRealmName = (String) items.next();
StringTokenizer st = new StringTokenizer(subRealmName, "/");
// allowed
while (st.hasMoreTokens()) {
if (st.nextToken().equalsIgnoreCase(orgIdentifier)) {
if (!foundOrg) {
id = DNMapper.orgNameToDN(subRealmName);
foundOrg = true;
} else {
Object[] args = { orgIdentifier };
throw new IdRepoException(IdRepoBundle.BUNDLE_NAME, IdRepoErrorCode.MULTIPLE_MAPPINGS_FOUND, args);
}
}
}
}
}
}
// Check if organization name has been determined
if (debug.messageEnabled()) {
debug.message("IdUtils.getOrganization: getting from " + "SMS realms aliases");
}
// perform organization alias search
Set vals = new HashSet();
vals.add(orgIdentifier);
Set orgAliases = sm.searchOrganizationNames(IdConstants.REPO_SERVICE, IdConstants.ORGANIZATION_ALIAS_ATTR, vals);
if (!foundOrg && ((orgAliases == null) || orgAliases.isEmpty())) {
if (debug.warningEnabled()) {
debug.warning("IdUtils.getOrganization Unable" + " to find Org name for: " + orgIdentifier);
}
Object[] args = { orgIdentifier };
throw new IdRepoException(IdRepoBundle.BUNDLE_NAME, IdRepoErrorCode.NO_MAPPING_FOUND, args);
} else if ((orgAliases != null) && (orgAliases.size() > 0) && (foundOrg || orgAliases.size() > 1)) {
// Multiple realms should not have the same alias
if (debug.warningEnabled()) {
debug.warning("IdUtils.getOrganization Multiple " + " matching Orgs found for: " + orgIdentifier);
}
Object[] args = { orgIdentifier };
throw new IdRepoException(IdRepoBundle.BUNDLE_NAME, IdRepoErrorCode.MULTIPLE_MAPPINGS_FOUND, args);
}
if (!foundOrg) {
String tmpS = (String) orgAliases.iterator().next();
id = DNMapper.orgNameToDN(tmpS);
}
} catch (SMSException smse) {
// debug message here.
if (debug.messageEnabled()) {
debug.message("IdUtils.getOrganization Exception in " + "getting org name from SMS", smse);
}
Object[] args = { orgIdentifier };
throw new IdRepoException(IdRepoBundle.BUNDLE_NAME, IdRepoErrorCode.NO_MAPPING_FOUND, args);
}
}
if (debug.messageEnabled()) {
debug.message("IdUtils:getOrganization Search for OrgIdentifier:" + orgIdentifier + " returning realm DN: " + id);
}
// Add to cache and return id
orgIdentifierToOrgName.put(orgIdentifier, id);
return id;
}
use of com.iplanet.am.sdk.AMException in project OpenAM by OpenRock.
the class IdUtils method isOrganizationActive.
/**
* Returs true or false, depending on if this organization is enabled or
* not. The organization string passed to this method should be an
* identifier returned from the method
* <code> IdUtils.getOrganization </code>. In the default mode, where
* relams are enabled but backward comaptibility is required, this checks
* for organization status in the AM enabled Sun DS. Otherwise, it checks
* for organization status from the realms tree.
*
* @param token token SSOToken a valid SSOToken.
* @param org name of the organization of interest.
* @return <code>true</code> if org is active;
* otherwise <code>false</code>
* @throws IdRepoException if there are repository related error conditions.
* @throws SSOException If user's single sign on token is invalid.
*/
public static boolean isOrganizationActive(SSOToken token, String org) throws IdRepoException, SSOException {
// Check the cache
if (orgStatusCache.containsKey(org)) {
return (((Boolean) orgStatusCache.get(org)).booleanValue());
}
boolean isActive = true;
// Need to initialize ServiceManager by creating the constructor
if (!ServiceManager.isCoexistenceMode()) {
// Pick it up from the realms tree.
try {
OrganizationConfigManager ocm = new OrganizationConfigManager(token, org);
if (ocm == null) {
Object[] args = { org };
throw new IdRepoException(IdRepoBundle.BUNDLE_NAME, IdRepoErrorCode.NO_MAPPING_FOUND, args);
}
Map attributes = ocm.getAttributes(IdConstants.REPO_SERVICE);
Set vals = (Set) attributes.get(IdConstants.ORGANIZATION_STATUS_ATTR);
if (vals == null || vals.isEmpty()) {
isActive = true;
} else {
String stringActive = (String) vals.iterator().next();
isActive = stringActive.equalsIgnoreCase("Active");
}
} catch (SMSException smse) {
Object[] args = { org };
throw new IdRepoException(IdRepoBundle.BUNDLE_NAME, IdRepoErrorCode.NO_MAPPING_FOUND, args);
}
} else if (ServiceManager.isAMSDKEnabled()) {
// Return the org DN as determined by AMStoreConnection.
try {
AMStoreConnection amsc = new AMStoreConnection(token);
AMOrganization orgObj = amsc.getOrganization(org);
isActive = orgObj.isActivated();
} catch (AMException ame) {
throw convertAMException(ame);
}
}
// Add to cache
orgStatusCache.put(org, isActive);
return isActive;
}
use of com.iplanet.am.sdk.AMException in project OpenAM by OpenRock.
the class OrgConfigViaAMSDK method setAttributes.
/**
* Sets attributes to AMSDK Organization. The organziation attribute names
* are defined in the IdRepo service.
*/
void setAttributes(Map attributes) throws SMSException {
Map amsdkAttrs = null;
// These attributes must be defined in ../idm/xml/idRepoService.xml
if (attributes != null && !attributes.isEmpty()) {
Map smsIdRepoAttrs = new CaseInsensitiveHashMap(attributes);
// Iterate through the attribute mappings
Map attrs = getAttributeMapping();
Map existingAttributes = getAttributes();
if (attrs != null && !attrs.isEmpty()) {
for (Iterator items = attrs.keySet().iterator(); items.hasNext(); ) {
String key = (String) items.next();
Set value = (Set) smsIdRepoAttrs.get(key);
if (value != null) {
if (amsdkAttrs == null) {
amsdkAttrs = new HashMap();
}
boolean notEmptyFlg = false;
if (!value.isEmpty()) {
for (Iterator iter = value.iterator(); iter.hasNext(); ) {
String val = (String) iter.next();
// Avoid empty string storage.
if (val.length() > 0) {
notEmptyFlg = true;
}
}
if (notEmptyFlg) {
amsdkAttrs.put(attrs.get(key), value);
}
} else {
Set existingValues = (Set) existingAttributes.get(key);
if (existingValues != null && !existingValues.isEmpty()) {
amsdkAttrs.put(attrs.get(key), value);
}
}
}
}
}
}
// Update the organization entry
if (amsdkAttrs != null) {
try {
parentOrg.setAttributes(amsdkAttrs);
parentOrg.store();
} catch (AMException ame) {
if (debug.messageEnabled()) {
debug.message("OrgConfigViaAMSDK::createSub" + "Organization: failed with AMException", ame);
}
throw (new SMSException(AMSDKBundle.BUNDLE_NAME, ame.getMessage(), ame, ame.getMessage()));
} catch (SSOException ssoe) {
throw (new SMSException(bundle.getString("sms-INVALID_SSO_TOKEN"), ssoe, "sms-INVALID_SSO_TOKEN"));
}
}
}
use of com.iplanet.am.sdk.AMException in project OpenAM by OpenRock.
the class ComplianceServicesImpl method verifyAndLinkGroupToRole.
/**
* Method which verifies if the <code>groupDN</code> corresponds to an
* administrative role. If true then the members listed in
* <Code>membersGuid</Code> are added to the admin role.
*
* @param token
* SSO Token
* @param membersGuid
* Guid array of members to be operated on
* @param groupDN
* DN of the role
*
* @exception AMException
* if unsuccessful in adding the members to the corresponding
* admin group. As a result of which the memberOf and
* adminRole attributes are also not updated.
*/
protected void verifyAndLinkGroupToRole(SSOToken token, Guid[] membersGuid, String groupDN) throws AMException {
// Obtain the role corresponding to groupDN
DN dn = DN.valueOf(groupDN);
String roleName = getRoleFromGroupDN(dn);
if (roleName != null) {
// roleDN corresponds to an admin role
String orgDN = dn.parent().parent().toString();
String roleDN = NamingAttributeManager.getNamingAttribute(AMObject.ROLE) + "=" + roleName + "," + orgDN;
if (debug.messageEnabled()) {
debug.message("Compliance.verifyAndLinkGroupToRole" + " Linking group: " + groupDN + " to role :" + roleDN);
}
try {
// Add the members to corresponding group.
ManagedRole role = (ManagedRole) UMSObject.getObject(token, new Guid(roleDN));
role.addMembers(membersGuid);
} catch (EntryNotFoundException ex) {
debug.error("Compliance.verifyAndLinkGroupToRole: Admin " + "groups are missing");
} catch (UMSException ue) {
debug.error("Compliance.verifyAndLinkGroupToRole():", ue);
Object[] args = { roleDN };
throw new AMException(AMSDKBundle.getString("972", args), "771", args);
}
}
}
Aggregations