Search in sources :

Example 96 with AMException

use of com.iplanet.am.sdk.AMException in project OpenAM by OpenRock.

the class LoginState method getContainerDN.

/**
     * Return DN for container
     *
     * @param containerDNs set of DN for containers
     * @throws AuthException if container name is invalid
     */
void getContainerDN(Set containerDNs) throws AuthException {
    String userOrgDN = null;
    String agentContainerDN = null;
    // Check Container DNs for NULL
    if ((containerDNs == null) || (containerDNs.isEmpty())) {
        DEBUG.message("Container DNs is null");
    } else {
        Iterator it = containerDNs.iterator();
        while (it.hasNext()) {
            String containerName = (String) it.next();
            try {
                if (DN.valueOf(containerName).isInScopeOf(getOrgDN(), SearchScope.WHOLE_SUBTREE)) {
                    int containerType = LazyConfig.AUTHD.getSDK().getAMObjectType(containerName);
                    if (DEBUG.messageEnabled()) {
                        DEBUG.message("Container Type = " + containerType);
                        DEBUG.message("Container Name = " + containerName);
                    }
                    if ((containerType == AMObject.ORGANIZATIONAL_UNIT) && (agentContainerDN == null)) {
                        agentContainerDN = containerName;
                        identityTypes.add("agent");
                    } else if ((containerType == AMObject.ORGANIZATION) && (userOrgDN == null)) {
                        userOrgDN = containerName;
                        identityTypes.add("agent");
                        identityTypes.add("user");
                    } else if ((containerType == AMObject.PEOPLE_CONTAINER) && (userContainerDN == null)) {
                        userContainerDN = containerName;
                        identityTypes.add("user");
                    }
                }
                if (userContainerDN != null && agentContainerDN != null && userOrgDN != null) {
                    break;
                }
            } catch (Exception e) {
                DEBUG.error("Container - " + containerName + " is INVALID :- ", e);
                continue;
            }
        }
    }
    if (userContainerDN == null) {
        try {
            userContainerDN = AMStoreConnection.getNamingAttribute(AMObject.PEOPLE_CONTAINER) + "=" + AdminInterfaceUtils.defaultPeopleContainerName() + "," + getOrgDN();
            identityTypes.add("user");
        } catch (AMException aec) {
            DEBUG.message("Cannot get userContainer DN");
        }
    }
    if (userContainerDN == null && agentContainerDN == null) {
        DEBUG.message("No Valid Container in the list");
        throw new AuthException(AMAuthErrorCode.AUTH_ERROR, null);
    }
    if (DEBUG.messageEnabled()) {
        DEBUG.message("agentContainerDN = " + agentContainerDN);
        DEBUG.message("userContainerDN = " + userContainerDN);
        DEBUG.message("userOrgDN set in PC atrr = " + userOrgDN);
    }
}
Also used : Iterator(java.util.Iterator) AMException(com.iplanet.am.sdk.AMException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) SSOException(com.iplanet.sso.SSOException) AMConfigurationException(com.sun.identity.authentication.config.AMConfigurationException) IdRepoException(com.sun.identity.idm.IdRepoException) AuthenticationException(com.sun.identity.authentication.spi.AuthenticationException) AMException(com.iplanet.am.sdk.AMException) SessionException(com.iplanet.dpro.session.SessionException)

Example 97 with AMException

use of com.iplanet.am.sdk.AMException in project OpenAM by OpenRock.

the class IdUtils method getOrganization.

/**
     * Returns an organization which maps to the identifier used by application
     * 
     * @param orgIdentifier  Organization identifier
     * @return Organization mapping to that identifier.
     */
public static String getOrganization(SSOToken token, String orgIdentifier) throws IdRepoException, SSOException {
    // Check in cache first
    String id = null;
    if ((id = (String) orgIdentifierToOrgName.get(orgIdentifier)) != null) {
        return (id);
    }
    // Compute the organization name
    if (debug.messageEnabled()) {
        debug.message("IdUtils:getOrganization Input orgname: " + orgIdentifier);
    }
    if (orgIdentifier == null || orgIdentifier.length() == 0 || orgIdentifier.equals("/")) {
        // Return base DN
        id = DNMapper.orgNameToDN("/");
    } else if (orgIdentifier.startsWith("/")) {
        // If orgIdentifier is in "/" format covert to DN and return
        id = DNMapper.orgNameToDN(orgIdentifier);
        try {
            new OrganizationConfigManager(token, orgIdentifier);
        } catch (SMSException e) {
            debug.message("IdUtils.getOrganization Exception in getting org name from SMS", e);
            Object[] args = { orgIdentifier };
            throw new IdRepoException(IdRepoBundle.BUNDLE_NAME, IdRepoErrorCode.NO_MAPPING_FOUND, args);
        }
    } else if (LDAPUtils.isDN(orgIdentifier)) {
        id = orgIdentifier;
        try {
            // Search for realms with orgIdentifier name
            OrganizationConfigManager ocm = new OrganizationConfigManager(token, orgIdentifier);
        } catch (SMSException smse) {
            // debug message here.
            if (debug.messageEnabled()) {
                debug.message("IdUtils.getOrganization Exception in " + "getting org name from SMS", smse);
            }
            Object[] args = { orgIdentifier };
            throw new IdRepoException(IdRepoBundle.BUNDLE_NAME, IdRepoErrorCode.NO_MAPPING_FOUND, args);
        }
    } else if (ServiceManager.isCoexistenceMode()) {
        // Return the org DN as determined by AMStoreConnection
        if (debug.messageEnabled()) {
            debug.message("IdUtils.getOrganization: getting from AMSDK");
        }
        try {
            AMStoreConnection amsc = new AMStoreConnection(token);
            id = amsc.getOrganizationDN(orgIdentifier, null);
        } catch (AMException ame) {
            if (debug.messageEnabled()) {
                debug.message("IdUtils.getOrganization Exception in " + "getting org name from AMSDK", ame);
            }
            throw convertAMException(ame);
        }
    } else {
        // Get the realm name from SMS
        if (debug.messageEnabled()) {
            debug.message("IdUtils.getOrganization: getting from " + "SMS realms");
        }
        try {
            boolean foundOrg = false;
            ServiceManager sm = new ServiceManager(token);
            // First search for realms with orgIdentifier name
            OrganizationConfigManager ocm = sm.getOrganizationConfigManager("/");
            Set subOrgNames = ocm.getSubOrganizationNames(orgIdentifier, true);
            if (subOrgNames != null && !subOrgNames.isEmpty()) {
                if (subOrgNames.size() == 1) {
                    id = DNMapper.orgNameToDN((String) subOrgNames.iterator().next());
                    foundOrg = true;
                } else {
                    for (Iterator items = subOrgNames.iterator(); items.hasNext(); ) {
                        // check for orgIdentifier
                        String subRealmName = (String) items.next();
                        StringTokenizer st = new StringTokenizer(subRealmName, "/");
                        // allowed
                        while (st.hasMoreTokens()) {
                            if (st.nextToken().equalsIgnoreCase(orgIdentifier)) {
                                if (!foundOrg) {
                                    id = DNMapper.orgNameToDN(subRealmName);
                                    foundOrg = true;
                                } else {
                                    Object[] args = { orgIdentifier };
                                    throw new IdRepoException(IdRepoBundle.BUNDLE_NAME, IdRepoErrorCode.MULTIPLE_MAPPINGS_FOUND, args);
                                }
                            }
                        }
                    }
                }
            }
            // Check if organization name has been determined
            if (debug.messageEnabled()) {
                debug.message("IdUtils.getOrganization: getting from " + "SMS realms aliases");
            }
            // perform organization alias search
            Set vals = new HashSet();
            vals.add(orgIdentifier);
            Set orgAliases = sm.searchOrganizationNames(IdConstants.REPO_SERVICE, IdConstants.ORGANIZATION_ALIAS_ATTR, vals);
            if (!foundOrg && ((orgAliases == null) || orgAliases.isEmpty())) {
                if (debug.warningEnabled()) {
                    debug.warning("IdUtils.getOrganization Unable" + " to find Org name for: " + orgIdentifier);
                }
                Object[] args = { orgIdentifier };
                throw new IdRepoException(IdRepoBundle.BUNDLE_NAME, IdRepoErrorCode.NO_MAPPING_FOUND, args);
            } else if ((orgAliases != null) && (orgAliases.size() > 0) && (foundOrg || orgAliases.size() > 1)) {
                // Multiple realms should not have the same alias
                if (debug.warningEnabled()) {
                    debug.warning("IdUtils.getOrganization Multiple " + " matching Orgs found for: " + orgIdentifier);
                }
                Object[] args = { orgIdentifier };
                throw new IdRepoException(IdRepoBundle.BUNDLE_NAME, IdRepoErrorCode.MULTIPLE_MAPPINGS_FOUND, args);
            }
            if (!foundOrg) {
                String tmpS = (String) orgAliases.iterator().next();
                id = DNMapper.orgNameToDN(tmpS);
            }
        } catch (SMSException smse) {
            // debug message here.
            if (debug.messageEnabled()) {
                debug.message("IdUtils.getOrganization Exception in " + "getting org name from SMS", smse);
            }
            Object[] args = { orgIdentifier };
            throw new IdRepoException(IdRepoBundle.BUNDLE_NAME, IdRepoErrorCode.NO_MAPPING_FOUND, args);
        }
    }
    if (debug.messageEnabled()) {
        debug.message("IdUtils:getOrganization Search for OrgIdentifier:" + orgIdentifier + " returning realm DN: " + id);
    }
    // Add to cache and return id
    orgIdentifierToOrgName.put(orgIdentifier, id);
    return id;
}
Also used : HashSet(java.util.HashSet) Set(java.util.Set) SMSException(com.sun.identity.sm.SMSException) AMException(com.iplanet.am.sdk.AMException) StringTokenizer(java.util.StringTokenizer) AMStoreConnection(com.iplanet.am.sdk.AMStoreConnection) ServiceManager(com.sun.identity.sm.ServiceManager) OrganizationConfigManager(com.sun.identity.sm.OrganizationConfigManager) Iterator(java.util.Iterator) AMObject(com.iplanet.am.sdk.AMObject) HashSet(java.util.HashSet)

Example 98 with AMException

use of com.iplanet.am.sdk.AMException in project OpenAM by OpenRock.

the class IdUtils method isOrganizationActive.

/**
     * Returs true or false, depending on if this organization is enabled or
     * not. The organization string passed to this method should be an
     * identifier returned from the method
     * <code> IdUtils.getOrganization </code>. In the default mode, where
     * relams are enabled but backward comaptibility is required, this checks
     * for organization status in the AM enabled Sun DS. Otherwise, it checks
     * for organization status from the realms tree.
     * 
     * @param token token SSOToken a valid SSOToken.
     * @param org name of the organization of interest.
     * @return <code>true</code> if org is active; 
     *    otherwise <code>false</code>
     * @throws IdRepoException if there are repository related error conditions.
     * @throws SSOException If user's single sign on token is invalid.
     */
public static boolean isOrganizationActive(SSOToken token, String org) throws IdRepoException, SSOException {
    // Check the cache
    if (orgStatusCache.containsKey(org)) {
        return (((Boolean) orgStatusCache.get(org)).booleanValue());
    }
    boolean isActive = true;
    // Need to initialize ServiceManager by creating the constructor
    if (!ServiceManager.isCoexistenceMode()) {
        // Pick it up from the realms tree.
        try {
            OrganizationConfigManager ocm = new OrganizationConfigManager(token, org);
            if (ocm == null) {
                Object[] args = { org };
                throw new IdRepoException(IdRepoBundle.BUNDLE_NAME, IdRepoErrorCode.NO_MAPPING_FOUND, args);
            }
            Map attributes = ocm.getAttributes(IdConstants.REPO_SERVICE);
            Set vals = (Set) attributes.get(IdConstants.ORGANIZATION_STATUS_ATTR);
            if (vals == null || vals.isEmpty()) {
                isActive = true;
            } else {
                String stringActive = (String) vals.iterator().next();
                isActive = stringActive.equalsIgnoreCase("Active");
            }
        } catch (SMSException smse) {
            Object[] args = { org };
            throw new IdRepoException(IdRepoBundle.BUNDLE_NAME, IdRepoErrorCode.NO_MAPPING_FOUND, args);
        }
    } else if (ServiceManager.isAMSDKEnabled()) {
        // Return the org DN as determined by AMStoreConnection.
        try {
            AMStoreConnection amsc = new AMStoreConnection(token);
            AMOrganization orgObj = amsc.getOrganization(org);
            isActive = orgObj.isActivated();
        } catch (AMException ame) {
            throw convertAMException(ame);
        }
    }
    // Add to cache
    orgStatusCache.put(org, isActive);
    return isActive;
}
Also used : HashSet(java.util.HashSet) Set(java.util.Set) AMStoreConnection(com.iplanet.am.sdk.AMStoreConnection) SMSException(com.sun.identity.sm.SMSException) AMOrganization(com.iplanet.am.sdk.AMOrganization) OrganizationConfigManager(com.sun.identity.sm.OrganizationConfigManager) AMException(com.iplanet.am.sdk.AMException) AMObject(com.iplanet.am.sdk.AMObject) CaseInsensitiveHashMap(com.sun.identity.common.CaseInsensitiveHashMap) Map(java.util.Map)

Example 99 with AMException

use of com.iplanet.am.sdk.AMException in project OpenAM by OpenRock.

the class OrgConfigViaAMSDK method setAttributes.

/**
     * Sets attributes to AMSDK Organization. The organziation attribute names
     * are defined in the IdRepo service.
     */
void setAttributes(Map attributes) throws SMSException {
    Map amsdkAttrs = null;
    // These attributes must be defined in ../idm/xml/idRepoService.xml
    if (attributes != null && !attributes.isEmpty()) {
        Map smsIdRepoAttrs = new CaseInsensitiveHashMap(attributes);
        // Iterate through the attribute mappings
        Map attrs = getAttributeMapping();
        Map existingAttributes = getAttributes();
        if (attrs != null && !attrs.isEmpty()) {
            for (Iterator items = attrs.keySet().iterator(); items.hasNext(); ) {
                String key = (String) items.next();
                Set value = (Set) smsIdRepoAttrs.get(key);
                if (value != null) {
                    if (amsdkAttrs == null) {
                        amsdkAttrs = new HashMap();
                    }
                    boolean notEmptyFlg = false;
                    if (!value.isEmpty()) {
                        for (Iterator iter = value.iterator(); iter.hasNext(); ) {
                            String val = (String) iter.next();
                            // Avoid empty string storage.
                            if (val.length() > 0) {
                                notEmptyFlg = true;
                            }
                        }
                        if (notEmptyFlg) {
                            amsdkAttrs.put(attrs.get(key), value);
                        }
                    } else {
                        Set existingValues = (Set) existingAttributes.get(key);
                        if (existingValues != null && !existingValues.isEmpty()) {
                            amsdkAttrs.put(attrs.get(key), value);
                        }
                    }
                }
            }
        }
    }
    // Update the organization entry
    if (amsdkAttrs != null) {
        try {
            parentOrg.setAttributes(amsdkAttrs);
            parentOrg.store();
        } catch (AMException ame) {
            if (debug.messageEnabled()) {
                debug.message("OrgConfigViaAMSDK::createSub" + "Organization: failed with AMException", ame);
            }
            throw (new SMSException(AMSDKBundle.BUNDLE_NAME, ame.getMessage(), ame, ame.getMessage()));
        } catch (SSOException ssoe) {
            throw (new SMSException(bundle.getString("sms-INVALID_SSO_TOKEN"), ssoe, "sms-INVALID_SSO_TOKEN"));
        }
    }
}
Also used : HashSet(java.util.HashSet) Set(java.util.Set) HashMap(java.util.HashMap) CaseInsensitiveHashMap(com.sun.identity.common.CaseInsensitiveHashMap) Iterator(java.util.Iterator) AMException(com.iplanet.am.sdk.AMException) SSOException(com.iplanet.sso.SSOException) HashMap(java.util.HashMap) CaseInsensitiveHashMap(com.sun.identity.common.CaseInsensitiveHashMap) Map(java.util.Map) CaseInsensitiveHashMap(com.sun.identity.common.CaseInsensitiveHashMap)

Example 100 with AMException

use of com.iplanet.am.sdk.AMException in project OpenAM by OpenRock.

the class ComplianceServicesImpl method verifyAndLinkGroupToRole.

/**
     * Method which verifies if the <code>groupDN</code> corresponds to an
     * administrative role. If true then the members listed in 
     * <Code>membersGuid</Code> are added to the admin role.
     * 
     * @param token
     *            SSO Token
     * @param membersGuid
     *            Guid array of members to be operated on
     * @param groupDN
     *            DN of the role
     * 
     * @exception AMException
     *                if unsuccessful in adding the members to the corresponding
     *                admin group. As a result of which the memberOf and
     *                adminRole attributes are also not updated.
     */
protected void verifyAndLinkGroupToRole(SSOToken token, Guid[] membersGuid, String groupDN) throws AMException {
    // Obtain the role corresponding to groupDN
    DN dn = DN.valueOf(groupDN);
    String roleName = getRoleFromGroupDN(dn);
    if (roleName != null) {
        // roleDN corresponds to an admin role
        String orgDN = dn.parent().parent().toString();
        String roleDN = NamingAttributeManager.getNamingAttribute(AMObject.ROLE) + "=" + roleName + "," + orgDN;
        if (debug.messageEnabled()) {
            debug.message("Compliance.verifyAndLinkGroupToRole" + " Linking group: " + groupDN + " to role :" + roleDN);
        }
        try {
            // Add the members to corresponding group.
            ManagedRole role = (ManagedRole) UMSObject.getObject(token, new Guid(roleDN));
            role.addMembers(membersGuid);
        } catch (EntryNotFoundException ex) {
            debug.error("Compliance.verifyAndLinkGroupToRole: Admin " + "groups are missing");
        } catch (UMSException ue) {
            debug.error("Compliance.verifyAndLinkGroupToRole():", ue);
            Object[] args = { roleDN };
            throw new AMException(AMSDKBundle.getString("972", args), "771", args);
        }
    }
}
Also used : UMSException(com.iplanet.ums.UMSException) EntryNotFoundException(com.iplanet.ums.EntryNotFoundException) AMException(com.iplanet.am.sdk.AMException) DN(org.forgerock.opendj.ldap.DN) Guid(com.iplanet.ums.Guid) ManagedRole(com.iplanet.ums.ManagedRole)

Aggregations

AMException (com.iplanet.am.sdk.AMException)127 SSOException (com.iplanet.sso.SSOException)56 Set (java.util.Set)35 AMEntryExistsException (com.iplanet.am.sdk.AMEntryExistsException)34 Guid (com.iplanet.ums.Guid)33 UMSException (com.iplanet.ums.UMSException)33 Map (java.util.Map)33 AMEventManagerException (com.iplanet.am.sdk.AMEventManagerException)32 RemoteException (java.rmi.RemoteException)31 AttrSet (com.iplanet.services.ldap.AttrSet)28 HashSet (java.util.HashSet)28 HashMap (java.util.HashMap)26 Iterator (java.util.Iterator)22 PersistentObject (com.iplanet.ums.PersistentObject)20 SSOToken (com.iplanet.sso.SSOToken)14 EntryNotFoundException (com.iplanet.ums.EntryNotFoundException)13 AMHashMap (com.iplanet.am.sdk.AMHashMap)12 AccessRightsException (com.iplanet.ums.AccessRightsException)12 SMSException (com.sun.identity.sm.SMSException)12 DN (org.forgerock.opendj.ldap.DN)12