Search in sources :

Example 36 with AMException

use of com.iplanet.am.sdk.AMException in project OpenAM by OpenRock.

the class DirectoryManagerImpl method removeAdminRole.

public void removeAdminRole(String token, String dn, boolean recursive) throws AMRemoteException, SSOException, RemoteException {
    initialize();
    try {
        SSOToken ssoToken = getSSOToken(token);
        dsServices.removeAdminRole(ssoToken, dn, recursive);
    } catch (AMException amex) {
        if (debug.messageEnabled()) {
            debug.message("DirectoryManagerImpl.removeAdminRole." + " Caught Exception: " + amex);
        }
        throw convertException(amex);
    }
}
Also used : SSOToken(com.iplanet.sso.SSOToken) AMException(com.iplanet.am.sdk.AMException)

Example 37 with AMException

use of com.iplanet.am.sdk.AMException in project OpenAM by OpenRock.

the class DirectoryManagerImpl method modifyMemberShip.

public void modifyMemberShip(String token, Set members, String target, int type, int operation) throws AMRemoteException, SSOException, RemoteException {
    initialize();
    try {
        SSOToken ssoToken = getSSOToken(token);
        dsServices.modifyMemberShip(ssoToken, members, target, type, operation);
    } catch (AMException amex) {
        if (debug.messageEnabled()) {
            debug.message("DirectoryManagerImpl.modifyMemberShip." + " Caught Exception: " + amex);
        }
        throw convertException(amex);
    }
}
Also used : SSOToken(com.iplanet.sso.SSOToken) AMException(com.iplanet.am.sdk.AMException)

Example 38 with AMException

use of com.iplanet.am.sdk.AMException in project OpenAM by OpenRock.

the class ComplianceServicesImpl method verifyAndLinkRoleToGroup.

/**
     * Method which verifies if the <code>roleDN</code> corresponds to an
     * admin role. If true the <code>memberOf</code> and
     * <code>adminRole</code> attributes of each member/user are set to the
     * corresponding administration <code>groupDN</code> and administration
     * <code>groupRDN</code> respectively. Each of the members/users are also
     * added to the corresponding admin group.
     * 
     * @param token
     *            single sign on token.
     * @param membersGuid
     *            Guid array of members to be operated on.
     * @param roleDN
     *            distinguished name of the role.
     * 
     * @exception AMException
     *                if unsuccessful in adding the members to the corresponding
     *                admin group. As a result of which the memberOf and
     *                adminRole attributes are also not updated.
     */
protected void verifyAndLinkRoleToGroup(SSOToken token, Guid[] membersGuid, String roleDN) throws AMException {
    // Obtain the group corresponding to roleDN
    DN dn = DN.valueOf(roleDN);
    String groupName = getGroupFromRoleDN(dn);
    if (groupName != null) {
        // roleDN corresponds to an admin role
        String orgDN = dn.parent().toString();
        String groupDN = NamingAttributeManager.getNamingAttribute(AMObject.GROUP) + "=" + groupName + ",ou=Groups," + orgDN;
        String groupRDN = NamingAttributeManager.getNamingAttribute(AMObject.GROUP) + "=" + groupName;
        try {
            // Add the members to corresponding group.
            AssignableDynamicGroup group = (AssignableDynamicGroup) UMSObject.getObject(token, new Guid(groupDN));
            group.addMembers(membersGuid);
            Attr[] attrs = new Attr[1];
            attrs[0] = new Attr("adminrole", groupRDN);
            AttrSet attrSet = new AttrSet(attrs);
            int numMembers = membersGuid.length;
            for (int i = 0; i < numMembers; i++) {
                addAttributesToEntry(token, membersGuid[i].getDn(), attrSet);
            }
        } catch (EntryNotFoundException ex) {
            debug.error("Compliance.verifyAndLinkRoleToGroup: " + "Admin groups are missing");
        } catch (UMSException ue) {
            debug.error("Compliance." + "verifyAndLinkRoleToGroup(): ", ue);
            throw new AMException(AMSDKBundle.getString("771"), "771");
        }
    }
}
Also used : UMSException(com.iplanet.ums.UMSException) EntryNotFoundException(com.iplanet.ums.EntryNotFoundException) AMException(com.iplanet.am.sdk.AMException) DN(org.forgerock.opendj.ldap.DN) Guid(com.iplanet.ums.Guid) AssignableDynamicGroup(com.iplanet.ums.AssignableDynamicGroup) Attr(com.iplanet.services.ldap.Attr) AttrSet(com.iplanet.services.ldap.AttrSet)

Example 39 with AMException

use of com.iplanet.am.sdk.AMException in project OpenAM by OpenRock.

the class ComplianceServicesImpl method isComplianceUserDeletionEnabled.

/**
     * Method which checks if Compliance User Deletion is enabled
     * 
     * @return true if Compliance User Deletion is enabled
     * @exception AMException
     *                if an error is encountered
     */
public static boolean isComplianceUserDeletionEnabled() throws AMException {
    try {
        if (gsc == null) {
            ServiceSchemaManager scm = new ServiceSchemaManager(ADMINISTRATION_SERVICE, internalToken);
            gsc = scm.getGlobalSchema();
        }
        Map attrMap = gsc.getReadOnlyAttributeDefaults();
        Set values = (Set) attrMap.get(COMPLIANCE_USER_DELETION_ATTR);
        boolean enabled = false;
        if (values == null || values.isEmpty()) {
            enabled = false;
        } else {
            String val = (String) values.iterator().next();
            enabled = (val.equalsIgnoreCase("true"));
        }
        if (debug.messageEnabled()) {
            debug.message("Compliance.isComplianceUserDeletionEnabled = " + enabled);
        }
        return enabled;
    } catch (SMSException ex) {
        debug.error(AMSDKBundle.getString("359"), ex);
        throw new AMException(AMSDKBundle.getString("359"), "359");
    } catch (SSOException ex) {
        debug.error(AMSDKBundle.getString("359"), ex);
        throw new AMException(AMSDKBundle.getString("359"), "359");
    }
}
Also used : HashSet(java.util.HashSet) AttrSet(com.iplanet.services.ldap.AttrSet) Set(java.util.Set) SMSException(com.sun.identity.sm.SMSException) AMException(com.iplanet.am.sdk.AMException) SSOException(com.iplanet.sso.SSOException) HashMap(java.util.HashMap) Map(java.util.Map) ServiceSchemaManager(com.sun.identity.sm.ServiceSchemaManager)

Example 40 with AMException

use of com.iplanet.am.sdk.AMException in project OpenAM by OpenRock.

the class LoginState method getUserProfile.

/**
     * Returns <code>true</code> if user profile found.
     *
     * @param user        userID for profile
     * @param populate
     * @param loginStatus current login status for profile
     * @return <code>true</code> if user profile found.
     * @throws AuthException if multiple user match found in search
     */
public boolean getUserProfile(String user, boolean populate, boolean loginStatus) throws AuthException {
    // if this check is not added SDK goes into a loop
    if ((user == null) || (user.length() == 0)) {
        throw new AuthException(AMAuthErrorCode.AUTH_ERROR, null);
    }
    IdType idt = null;
    try {
        if (DEBUG.messageEnabled()) {
            DEBUG.message("In getUserProfile : Search for user " + user);
        }
        Set<AMIdentity> amIdentitySet = Collections.emptySet();
        IdSearchResults searchResults = null;
        if (LazyConfig.AUTHD.isSuperAdmin(user)) {
            // get the AMIdentity to get the universal
            // id of amAdmin, currently there is no support
            // for special users so the universal id in
            // the ssotoken will be amAdmin's id.
            AMIdentity amIdentity = LazyConfig.AUTHD.getIdentity(IdType.USER, user, getOrgDN());
            amIdentitySet = new HashSet<AMIdentity>();
            amIdentitySet.add(amIdentity);
        } else {
            // is present i.e., using IdUtils
            try {
                if (DEBUG.messageEnabled()) {
                    DEBUG.message("LoginState: gettingIdentity " + "using IdUtil.getIdentity: " + user + " Org: " + getOrgDN());
                }
                AMIdentity amIdentity = IdUtils.getIdentity(LazyConfig.AUTHD.getSSOAuthSession(), user, getOrgDN());
                if (amIdentity != null && amIdentity.getAttributes() != null) {
                    amIdentitySet = new HashSet<AMIdentity>();
                    amIdentitySet.add(amIdentity);
                    idt = amIdentity.getType();
                    if (DEBUG.messageEnabled()) {
                        DEBUG.message("LoginState: getIdentity " + "using IdUtil.getIdentity: " + amIdentity);
                    }
                }
            } catch (IdRepoException e) {
                // Ignore the exception and continue
                if (DEBUG.messageEnabled()) {
                    DEBUG.message("LoginState: getting identity " + "Got IdRepException in IdUtils.getIdentity", e);
                }
            } catch (SSOException se) {
                // Ignore the exception and continue
                if (DEBUG.messageEnabled()) {
                    DEBUG.message("LoginState: getting identity " + "Got SSOException in IdUtils.getIdentity", se);
                }
            }
            // search for all configured Identity Types
            if (amIdentitySet == Collections.EMPTY_SET || idt != null && !identityTypes.contains(idt.getName())) {
                if (DEBUG.messageEnabled()) {
                    DEBUG.message("LoginState: getIdentity " + "performing IdRepo search to obtain AMIdentity");
                }
                String userTokenID = DNUtils.DNtoName(user);
                if (DEBUG.messageEnabled()) {
                    DEBUG.message("Search for Identity " + userTokenID);
                }
                Set<String> tmpIdentityTypes = new HashSet<String>(identityTypes);
                if (identityTypes.contains("user")) {
                    tmpIdentityTypes.remove("user");
                    searchResults = searchIdentity(IdUtils.getType("user"), userTokenID, populate);
                    if (searchResults != null) {
                        amIdentitySet = searchResults.getSearchResults();
                    }
                }
                if (amIdentitySet.isEmpty()) {
                    for (final String strIdType : tmpIdentityTypes) {
                        // Get identity by searching
                        searchResults = searchIdentity(IdUtils.getType(strIdType), userTokenID, populate);
                        if (searchResults != null) {
                            amIdentitySet = searchResults.getSearchResults();
                        }
                        if (!amIdentitySet.isEmpty()) {
                            break;
                        }
                    }
                }
            }
        }
        if (DEBUG.messageEnabled()) {
            DEBUG.message("result is :" + amIdentitySet);
        }
        if (amIdentitySet.isEmpty()) {
            return false;
        }
        // check if there is multiple match
        if (amIdentitySet.size() > 1) {
            // multiple user match found, throw exception,
            // user need to login as super admin to fix it
            DEBUG.error("getUserProfile : Multiple matches found for " + "user '" + token + "' in org " + orgDN + "\nPlease make sure user is unique within the login " + "organization, and contact your admin to fix the problem");
            throw new AuthException(AMAuthErrorCode.AUTH_ERROR, null);
        }
        amIdentityUser = (AMIdentity) amIdentitySet.iterator().next();
        userDN = getUserDN(amIdentityUser);
        idt = amIdentityUser.getType();
        if (DEBUG.messageEnabled()) {
            DEBUG.message("userDN is : " + userDN);
            DEBUG.message("userID(token) is : " + token);
            DEBUG.message("idType is : " + idt);
        }
        if (populate) {
            Map basicAttrs = null;
            Map serviceAttrs = null;
            if (searchResults != null) {
                basicAttrs = (Map) searchResults.getResultAttributes().get(amIdentityUser);
            } else {
                basicAttrs = amIdentityUser.getAttributes();
            }
            if (amIdentityRole != null) {
                // role based auth. the specified role takes preference.
                DEBUG.message("retrieving session service from role");
                if (amIdentityRole != null) {
                    //Fix for OPENAM-612 - this request is cached most of the time
                    Set oc = amIdentityRole.getAttribute("objectclass");
                    if (oc != null && oc.contains("iplanet-am-session-service")) {
                        serviceAttrs = amIdentityRole.getServiceAttributes(ISAuthConstants.SESSION_SERVICE_NAME);
                    }
                }
            } else if (idt.equals(IdType.USER)) {
                DEBUG.message("retrieving session service from user");
                //Fix for OPENAM-612 - this request is cached most of the time
                Set oc = amIdentityUser.getAttribute("objectclass");
                if (oc != null && oc.contains("iplanet-am-session-service")) {
                    serviceAttrs = amIdentityUser.getServiceAttributes(ISAuthConstants.SESSION_SERVICE_NAME);
                }
            }
            if (serviceAttrs != null && !serviceAttrs.isEmpty()) {
                basicAttrs.putAll(serviceAttrs);
            }
            populateUserAttributes(basicAttrs, loginStatus, amIdentityUser);
        }
        return true;
    } catch (SSOException ex) {
        DEBUG.error("SSOException");
        if (DEBUG.messageEnabled()) {
            DEBUG.message("Stack trace: ", ex);
        }
    } catch (AMException ex) {
        DEBUG.error("No aliases for: " + aliasAttrNames + "=" + token);
        if (DEBUG.messageEnabled()) {
            DEBUG.message("Stack trace: ", ex);
        }
    } catch (IdRepoException ee) {
        if (DEBUG.messageEnabled()) {
            DEBUG.error("IdReporException ", ee);
        }
    }
    return false;
}
Also used : Set(java.util.Set) HashSet(java.util.HashSet) IdSearchResults(com.sun.identity.idm.IdSearchResults) IdRepoException(com.sun.identity.idm.IdRepoException) AMException(com.iplanet.am.sdk.AMException) SSOException(com.iplanet.sso.SSOException) IdType(com.sun.identity.idm.IdType) AMIdentity(com.sun.identity.idm.AMIdentity) Map(java.util.Map) HashMap(java.util.HashMap) HashSet(java.util.HashSet)

Aggregations

AMException (com.iplanet.am.sdk.AMException)127 SSOException (com.iplanet.sso.SSOException)56 Set (java.util.Set)35 AMEntryExistsException (com.iplanet.am.sdk.AMEntryExistsException)34 Guid (com.iplanet.ums.Guid)33 UMSException (com.iplanet.ums.UMSException)33 Map (java.util.Map)33 AMEventManagerException (com.iplanet.am.sdk.AMEventManagerException)32 RemoteException (java.rmi.RemoteException)31 AttrSet (com.iplanet.services.ldap.AttrSet)28 HashSet (java.util.HashSet)28 HashMap (java.util.HashMap)26 Iterator (java.util.Iterator)22 PersistentObject (com.iplanet.ums.PersistentObject)20 SSOToken (com.iplanet.sso.SSOToken)14 EntryNotFoundException (com.iplanet.ums.EntryNotFoundException)13 AMHashMap (com.iplanet.am.sdk.AMHashMap)12 AccessRightsException (com.iplanet.ums.AccessRightsException)12 SMSException (com.sun.identity.sm.SMSException)12 DN (org.forgerock.opendj.ldap.DN)12