use of com.iplanet.am.sdk.AMException in project OpenAM by OpenRock.
the class DirectoryManagerImpl method removeAdminRole.
public void removeAdminRole(String token, String dn, boolean recursive) throws AMRemoteException, SSOException, RemoteException {
initialize();
try {
SSOToken ssoToken = getSSOToken(token);
dsServices.removeAdminRole(ssoToken, dn, recursive);
} catch (AMException amex) {
if (debug.messageEnabled()) {
debug.message("DirectoryManagerImpl.removeAdminRole." + " Caught Exception: " + amex);
}
throw convertException(amex);
}
}
use of com.iplanet.am.sdk.AMException in project OpenAM by OpenRock.
the class DirectoryManagerImpl method modifyMemberShip.
public void modifyMemberShip(String token, Set members, String target, int type, int operation) throws AMRemoteException, SSOException, RemoteException {
initialize();
try {
SSOToken ssoToken = getSSOToken(token);
dsServices.modifyMemberShip(ssoToken, members, target, type, operation);
} catch (AMException amex) {
if (debug.messageEnabled()) {
debug.message("DirectoryManagerImpl.modifyMemberShip." + " Caught Exception: " + amex);
}
throw convertException(amex);
}
}
use of com.iplanet.am.sdk.AMException in project OpenAM by OpenRock.
the class ComplianceServicesImpl method verifyAndLinkRoleToGroup.
/**
* Method which verifies if the <code>roleDN</code> corresponds to an
* admin role. If true the <code>memberOf</code> and
* <code>adminRole</code> attributes of each member/user are set to the
* corresponding administration <code>groupDN</code> and administration
* <code>groupRDN</code> respectively. Each of the members/users are also
* added to the corresponding admin group.
*
* @param token
* single sign on token.
* @param membersGuid
* Guid array of members to be operated on.
* @param roleDN
* distinguished name of the role.
*
* @exception AMException
* if unsuccessful in adding the members to the corresponding
* admin group. As a result of which the memberOf and
* adminRole attributes are also not updated.
*/
protected void verifyAndLinkRoleToGroup(SSOToken token, Guid[] membersGuid, String roleDN) throws AMException {
// Obtain the group corresponding to roleDN
DN dn = DN.valueOf(roleDN);
String groupName = getGroupFromRoleDN(dn);
if (groupName != null) {
// roleDN corresponds to an admin role
String orgDN = dn.parent().toString();
String groupDN = NamingAttributeManager.getNamingAttribute(AMObject.GROUP) + "=" + groupName + ",ou=Groups," + orgDN;
String groupRDN = NamingAttributeManager.getNamingAttribute(AMObject.GROUP) + "=" + groupName;
try {
// Add the members to corresponding group.
AssignableDynamicGroup group = (AssignableDynamicGroup) UMSObject.getObject(token, new Guid(groupDN));
group.addMembers(membersGuid);
Attr[] attrs = new Attr[1];
attrs[0] = new Attr("adminrole", groupRDN);
AttrSet attrSet = new AttrSet(attrs);
int numMembers = membersGuid.length;
for (int i = 0; i < numMembers; i++) {
addAttributesToEntry(token, membersGuid[i].getDn(), attrSet);
}
} catch (EntryNotFoundException ex) {
debug.error("Compliance.verifyAndLinkRoleToGroup: " + "Admin groups are missing");
} catch (UMSException ue) {
debug.error("Compliance." + "verifyAndLinkRoleToGroup(): ", ue);
throw new AMException(AMSDKBundle.getString("771"), "771");
}
}
}
use of com.iplanet.am.sdk.AMException in project OpenAM by OpenRock.
the class ComplianceServicesImpl method isComplianceUserDeletionEnabled.
/**
* Method which checks if Compliance User Deletion is enabled
*
* @return true if Compliance User Deletion is enabled
* @exception AMException
* if an error is encountered
*/
public static boolean isComplianceUserDeletionEnabled() throws AMException {
try {
if (gsc == null) {
ServiceSchemaManager scm = new ServiceSchemaManager(ADMINISTRATION_SERVICE, internalToken);
gsc = scm.getGlobalSchema();
}
Map attrMap = gsc.getReadOnlyAttributeDefaults();
Set values = (Set) attrMap.get(COMPLIANCE_USER_DELETION_ATTR);
boolean enabled = false;
if (values == null || values.isEmpty()) {
enabled = false;
} else {
String val = (String) values.iterator().next();
enabled = (val.equalsIgnoreCase("true"));
}
if (debug.messageEnabled()) {
debug.message("Compliance.isComplianceUserDeletionEnabled = " + enabled);
}
return enabled;
} catch (SMSException ex) {
debug.error(AMSDKBundle.getString("359"), ex);
throw new AMException(AMSDKBundle.getString("359"), "359");
} catch (SSOException ex) {
debug.error(AMSDKBundle.getString("359"), ex);
throw new AMException(AMSDKBundle.getString("359"), "359");
}
}
use of com.iplanet.am.sdk.AMException in project OpenAM by OpenRock.
the class LoginState method getUserProfile.
/**
* Returns <code>true</code> if user profile found.
*
* @param user userID for profile
* @param populate
* @param loginStatus current login status for profile
* @return <code>true</code> if user profile found.
* @throws AuthException if multiple user match found in search
*/
public boolean getUserProfile(String user, boolean populate, boolean loginStatus) throws AuthException {
// if this check is not added SDK goes into a loop
if ((user == null) || (user.length() == 0)) {
throw new AuthException(AMAuthErrorCode.AUTH_ERROR, null);
}
IdType idt = null;
try {
if (DEBUG.messageEnabled()) {
DEBUG.message("In getUserProfile : Search for user " + user);
}
Set<AMIdentity> amIdentitySet = Collections.emptySet();
IdSearchResults searchResults = null;
if (LazyConfig.AUTHD.isSuperAdmin(user)) {
// get the AMIdentity to get the universal
// id of amAdmin, currently there is no support
// for special users so the universal id in
// the ssotoken will be amAdmin's id.
AMIdentity amIdentity = LazyConfig.AUTHD.getIdentity(IdType.USER, user, getOrgDN());
amIdentitySet = new HashSet<AMIdentity>();
amIdentitySet.add(amIdentity);
} else {
// is present i.e., using IdUtils
try {
if (DEBUG.messageEnabled()) {
DEBUG.message("LoginState: gettingIdentity " + "using IdUtil.getIdentity: " + user + " Org: " + getOrgDN());
}
AMIdentity amIdentity = IdUtils.getIdentity(LazyConfig.AUTHD.getSSOAuthSession(), user, getOrgDN());
if (amIdentity != null && amIdentity.getAttributes() != null) {
amIdentitySet = new HashSet<AMIdentity>();
amIdentitySet.add(amIdentity);
idt = amIdentity.getType();
if (DEBUG.messageEnabled()) {
DEBUG.message("LoginState: getIdentity " + "using IdUtil.getIdentity: " + amIdentity);
}
}
} catch (IdRepoException e) {
// Ignore the exception and continue
if (DEBUG.messageEnabled()) {
DEBUG.message("LoginState: getting identity " + "Got IdRepException in IdUtils.getIdentity", e);
}
} catch (SSOException se) {
// Ignore the exception and continue
if (DEBUG.messageEnabled()) {
DEBUG.message("LoginState: getting identity " + "Got SSOException in IdUtils.getIdentity", se);
}
}
// search for all configured Identity Types
if (amIdentitySet == Collections.EMPTY_SET || idt != null && !identityTypes.contains(idt.getName())) {
if (DEBUG.messageEnabled()) {
DEBUG.message("LoginState: getIdentity " + "performing IdRepo search to obtain AMIdentity");
}
String userTokenID = DNUtils.DNtoName(user);
if (DEBUG.messageEnabled()) {
DEBUG.message("Search for Identity " + userTokenID);
}
Set<String> tmpIdentityTypes = new HashSet<String>(identityTypes);
if (identityTypes.contains("user")) {
tmpIdentityTypes.remove("user");
searchResults = searchIdentity(IdUtils.getType("user"), userTokenID, populate);
if (searchResults != null) {
amIdentitySet = searchResults.getSearchResults();
}
}
if (amIdentitySet.isEmpty()) {
for (final String strIdType : tmpIdentityTypes) {
// Get identity by searching
searchResults = searchIdentity(IdUtils.getType(strIdType), userTokenID, populate);
if (searchResults != null) {
amIdentitySet = searchResults.getSearchResults();
}
if (!amIdentitySet.isEmpty()) {
break;
}
}
}
}
}
if (DEBUG.messageEnabled()) {
DEBUG.message("result is :" + amIdentitySet);
}
if (amIdentitySet.isEmpty()) {
return false;
}
// check if there is multiple match
if (amIdentitySet.size() > 1) {
// multiple user match found, throw exception,
// user need to login as super admin to fix it
DEBUG.error("getUserProfile : Multiple matches found for " + "user '" + token + "' in org " + orgDN + "\nPlease make sure user is unique within the login " + "organization, and contact your admin to fix the problem");
throw new AuthException(AMAuthErrorCode.AUTH_ERROR, null);
}
amIdentityUser = (AMIdentity) amIdentitySet.iterator().next();
userDN = getUserDN(amIdentityUser);
idt = amIdentityUser.getType();
if (DEBUG.messageEnabled()) {
DEBUG.message("userDN is : " + userDN);
DEBUG.message("userID(token) is : " + token);
DEBUG.message("idType is : " + idt);
}
if (populate) {
Map basicAttrs = null;
Map serviceAttrs = null;
if (searchResults != null) {
basicAttrs = (Map) searchResults.getResultAttributes().get(amIdentityUser);
} else {
basicAttrs = amIdentityUser.getAttributes();
}
if (amIdentityRole != null) {
// role based auth. the specified role takes preference.
DEBUG.message("retrieving session service from role");
if (amIdentityRole != null) {
//Fix for OPENAM-612 - this request is cached most of the time
Set oc = amIdentityRole.getAttribute("objectclass");
if (oc != null && oc.contains("iplanet-am-session-service")) {
serviceAttrs = amIdentityRole.getServiceAttributes(ISAuthConstants.SESSION_SERVICE_NAME);
}
}
} else if (idt.equals(IdType.USER)) {
DEBUG.message("retrieving session service from user");
//Fix for OPENAM-612 - this request is cached most of the time
Set oc = amIdentityUser.getAttribute("objectclass");
if (oc != null && oc.contains("iplanet-am-session-service")) {
serviceAttrs = amIdentityUser.getServiceAttributes(ISAuthConstants.SESSION_SERVICE_NAME);
}
}
if (serviceAttrs != null && !serviceAttrs.isEmpty()) {
basicAttrs.putAll(serviceAttrs);
}
populateUserAttributes(basicAttrs, loginStatus, amIdentityUser);
}
return true;
} catch (SSOException ex) {
DEBUG.error("SSOException");
if (DEBUG.messageEnabled()) {
DEBUG.message("Stack trace: ", ex);
}
} catch (AMException ex) {
DEBUG.error("No aliases for: " + aliasAttrNames + "=" + token);
if (DEBUG.messageEnabled()) {
DEBUG.message("Stack trace: ", ex);
}
} catch (IdRepoException ee) {
if (DEBUG.messageEnabled()) {
DEBUG.error("IdReporException ", ee);
}
}
return false;
}
Aggregations