Example 6 with AMOrganization
use of com.iplanet.am.sdk.AMOrganization in project OpenAM by OpenRock.
the class DSAMERole method getValidValues.
/**
* Returns a list of possible values for the <code>Subject
* </code> that matches the pattern.
*
* @param token the <code>SSOToken</code> that will be used
* to determine the possible values
*
* @return <code>ValidValues</code> object
*
* @exception SSOException if SSO token is not valid
* @exception PolicyException if unable to get the list of valid
* names.
*/
public ValidValues getValidValues(SSOToken token, String pattern) throws SSOException, PolicyException {
if (!initialized) {
throw (new PolicyException(ResBundleUtils.rbName, "role_subject_not_yet_initialized", null, null));
}
try {
AMStoreConnection amConnection = new AMStoreConnection(token);
AMOrganization orgObject = amConnection.getOrganization(organizationDN);
AMSearchControl sc = new AMSearchControl();
sc.setMaxResults(maxResults);
sc.setTimeOut(timeLimit);
sc.setSearchScope(roleSearchScope);
AMSearchResults results = orgObject.searchAllRoles(pattern, sc);
int status;
switch(results.getErrorCode()) {
case AMSearchResults.SUCCESS:
status = ValidValues.SUCCESS;
break;
case AMSearchResults.SIZE_LIMIT_EXCEEDED:
status = ValidValues.SIZE_LIMIT_EXCEEDED;
break;
case AMSearchResults.TIME_LIMIT_EXCEEDED:
status = ValidValues.TIME_LIMIT_EXCEEDED;
break;
default:
status = ValidValues.SUCCESS;
}
return new ValidValues(status, results.getSearchResults());
} catch (AMException e) {
LdapException lde = e.getLDAPException();
if (lde != null) {
ResultCode ldapErrorCode = lde.getResult().getResultCode();
if (ResultCode.INVALID_CREDENTIALS.equals(ldapErrorCode)) {
throw new PolicyException(ResBundleUtils.rbName, "ldap_invalid_password", null, null);
} else if (ResultCode.NO_SUCH_OBJECT.equals(ldapErrorCode)) {
String[] objs = { organizationDN };
throw new PolicyException(ResBundleUtils.rbName, "no_such_am_roles_base_dn", objs, null);
}
String errorMsg = lde.getResult().getDiagnosticMessage();
String additionalMsg = lde.getResult().getResultCode().getName().toString(Locale.ROOT);
if (additionalMsg != null) {
throw new PolicyException(errorMsg + ": " + additionalMsg);
} else {
throw new PolicyException(errorMsg);
}
}
throw new PolicyException(e);
}
}
Also used :
AMStoreConnection(com.iplanet.am.sdk.AMStoreConnection)
AMSearchControl(com.iplanet.am.sdk.AMSearchControl)
PolicyException(com.sun.identity.policy.PolicyException)
ValidValues(com.sun.identity.policy.ValidValues)
AMOrganization(com.iplanet.am.sdk.AMOrganization)
AMException(com.iplanet.am.sdk.AMException)
AMSearchResults(com.iplanet.am.sdk.AMSearchResults)
LdapException(org.forgerock.opendj.ldap.LdapException)
ResultCode(org.forgerock.opendj.ldap.ResultCode)
Example 7 with AMOrganization
use of com.iplanet.am.sdk.AMOrganization in project OpenAM by OpenRock.
the class SubjectReferentialIntegrityPlugin method postProcessDelete.
/**
* This implementation would visit all the subjects in policies
* across all orgs/sub-orgs and remove the subject values
* corresponding to the deleted entry DN. After removing an entry from a
* subject, checks if that entry is the only one in the subject to
* remove the subject as well.
*/
public void postProcessDelete(SSOToken token, String entryDN, Map attributes, boolean softDeleteEnabled, int objectType) throws AMPostCallBackException {
try {
if (debug.messageEnabled()) {
debug.message("ReferentialIntegrityPlugin.postProcessDelete()");
}
// check the subject types
Set objectTypes = new HashSet();
objectTypes.add(new Integer(AMObject.USER));
objectTypes.add(new Integer(AMObject.ROLE));
objectTypes.add(new Integer(AMObject.ORGANIZATION));
objectTypes.add(new Integer(AMObject.GROUP));
objectTypes.add(new Integer(AMObject.ASSIGNABLE_DYNAMIC_GROUP));
objectTypes.add(new Integer(AMObject.DYNAMIC_GROUP));
objectTypes.add(new Integer(AMObject.FILTERED_ROLE));
if (objectTypes.contains(new Integer(objectType))) {
String subOrg, policyName, subjectName;
Policy policy;
Subject subject;
Iterator policyIter, subjectIter;
// create a DN for the entry to be deleted
DN entryDName = DN.valueOf(entryDN);
//a connection to the Identity Server data store.
AMStoreConnection dpStore = new AMStoreConnection(token);
DN rootDN = DN.valueOf(SMSEntry.getRootSuffix());
if (debug.messageEnabled()) {
debug.message("Searching for all policies from root DN: " + rootDN.toString());
}
PolicyManager pm = new PolicyManager(token, rootDN.toString());
String org = pm.getOrganizationName();
/**
* find out from org policy config that is the directory
* specified is the local directory
*/
Map configParams = PolicyConfig.getPolicyConfig(org);
String ldapServer = ((String) configParams.get(PolicyConfig.LDAP_SERVER)).toLowerCase();
boolean localDS = PolicyUtils.isLocalDS(ldapServer);
/**
* process IdentityServer Role irrespective of local or
* non-local DS
*/
if (objectType == AMObject.ROLE) {
localDS = true;
}
if (localDS) {
AMOrganization rootOrg = (AMOrganization) dpStore.getOrganization(org);
Set subOrgs = null;
//all orgs/sub-orgs
subOrgs = rootOrg.searchSubOrganizations("*", AMConstants.SCOPE_SUB);
Iterator orgIter = subOrgs.iterator();
while (orgIter.hasNext()) {
subOrg = (String) orgIter.next();
if (debug.messageEnabled()) {
debug.message("Visiting suborg: " + subOrg);
}
PolicyManager pmSubOrg = new PolicyManager(token, subOrg);
// all policies
Set policies = pmSubOrg.getPolicyNames();
policyIter = policies.iterator();
while (policyIter.hasNext()) {
policyName = (String) policyIter.next();
if (debug.messageEnabled()) {
debug.message("policyName: " + policyName);
}
policy = pmSubOrg.getPolicy(policyName);
// referral policies don't have subjects defined
if (!policy.isReferralPolicy()) {
// all subjects
boolean replacePolicy = false;
Set subjectsInPolicy = policy.getSubjectNames();
Set subjects = new HashSet();
subjects.addAll(subjectsInPolicy);
subjectIter = subjects.iterator();
while (subjectIter.hasNext()) {
subjectName = (String) subjectIter.next();
if (debug.messageEnabled()) {
debug.message("subjectName: " + subjectName);
}
subject = policy.getSubject(subjectName);
Set set = subject.getValues();
Iterator ite = set.iterator();
String str = null;
DN strDN = null;
while (ite.hasNext()) {
str = (String) ite.next();
strDN = DN.valueOf(str);
if (entryDName.equals(strDN)) {
replacePolicy = true;
if (debug.messageEnabled()) {
debug.message("DNs match, str:" + str + "entryDN:" + entryDN);
}
set.remove(str);
if (set.isEmpty()) {
policy.removeSubject(subjectName);
if (debug.messageEnabled()) {
debug.message("subjectDeleted:" + subjectName);
}
} else {
subject.setValues(set);
}
break;
}
// match DNs
}
// all subject values in the subject
}
// all subjects in the policy
if (replacePolicy) {
pmSubOrg.replacePolicy(policy);
}
}
// for referral policies
}
// all policies
}
// all orgs
}
// localDS check
}
// objectType check
} catch (PolicyException pe) {
debug.error("ReferentialIntegrityPlugin.postProcessDelete():", pe);
} catch (SSOException sse) {
debug.error("ReferentialIntegrityPlugin.postProcessDelete():", sse);
} catch (Exception e) {
debug.error("ReferentialIntegrityPlugin.postProcessDelete():", e);
}
}
Also used :
Policy(com.sun.identity.policy.Policy)
PolicyManager(com.sun.identity.policy.PolicyManager)
Set(java.util.Set)
HashSet(java.util.HashSet)
DN(org.forgerock.opendj.ldap.DN)
SSOException(com.iplanet.sso.SSOException)
Subject(com.sun.identity.policy.interfaces.Subject)
AMPostCallBackException(com.iplanet.am.sdk.AMPostCallBackException)
SSOException(com.iplanet.sso.SSOException)
PolicyException(com.sun.identity.policy.PolicyException)
AMStoreConnection(com.iplanet.am.sdk.AMStoreConnection)
PolicyException(com.sun.identity.policy.PolicyException)
AMOrganization(com.iplanet.am.sdk.AMOrganization)
Iterator(java.util.Iterator)
Map(java.util.Map)
HashSet(java.util.HashSet)
Example 8 with AMOrganization
use of com.iplanet.am.sdk.AMOrganization in project OpenAM by OpenRock.
the class AMAuthConfigUtils method getAllAuthModules.
/**
* Returns all supported authentication modules in an Organization
* If there are not modules configured at the Organization level
* then the authentication modules set at Global level will be returned.
*
* @param orgDN organization DN.
* @param token single sign on token.
* @return Map contains all modules, key is the module name (e.g. LDAP),
* value is the complete class name (e.g.
* <code>com.sun.identity.authentication.modules.ldap.LDAP</code>)
*/
public static Map getAllAuthModules(String orgDN, SSOToken token) {
Map modules = new HashMap();
// get auth global attribute
Set authenticators = null;
try {
AMStoreConnection dpStore = new AMStoreConnection(token);
AMOrganization org = (AMOrganization) dpStore.getOrganization(orgDN);
AMTemplate template = org.getTemplate(AUTH_SERVICE, AMTemplate.ORGANIZATION_TEMPLATE);
Map attrs = template.getAttributes();
authenticators = (Set) attrs.get(AUTH_MODULES_ATTR);
} catch (Exception e) {
debug.error("getAllAuthModules", e);
}
Set globalAuth = getGlobalAuthenticators(token);
if ((authenticators != null) && (!authenticators.isEmpty())) {
modules = constructModulesList(authenticators, globalAuth);
} else {
modules = constructModulesList(globalAuth, null);
}
if (debug.messageEnabled()) {
debug.message("Returning modules : " + modules);
}
return modules;
}
Also used :
HashSet(java.util.HashSet)
Set(java.util.Set)
AMStoreConnection(com.iplanet.am.sdk.AMStoreConnection)
HashMap(java.util.HashMap)
AMOrganization(com.iplanet.am.sdk.AMOrganization)
AMTemplate(com.iplanet.am.sdk.AMTemplate)
HashMap(java.util.HashMap)
Map(java.util.Map)
SMSException(com.sun.identity.sm.SMSException)
SSOException(com.iplanet.sso.SSOException)
Example 9 with AMOrganization
use of com.iplanet.am.sdk.AMOrganization in project OpenAM by OpenRock.
the class IdUtils method isOrganizationActive.
/**
* Returs true or false, depending on if this organization is enabled or
* not. The organization string passed to this method should be an
* identifier returned from the method
* <code> IdUtils.getOrganization </code>. In the default mode, where
* relams are enabled but backward comaptibility is required, this checks
* for organization status in the AM enabled Sun DS. Otherwise, it checks
* for organization status from the realms tree.
*
* @param token token SSOToken a valid SSOToken.
* @param org name of the organization of interest.
* @return <code>true</code> if org is active;
* otherwise <code>false</code>
* @throws IdRepoException if there are repository related error conditions.
* @throws SSOException If user's single sign on token is invalid.
*/
public static boolean isOrganizationActive(SSOToken token, String org) throws IdRepoException, SSOException {
// Check the cache
if (orgStatusCache.containsKey(org)) {
return (((Boolean) orgStatusCache.get(org)).booleanValue());
}
boolean isActive = true;
// Need to initialize ServiceManager by creating the constructor
if (!ServiceManager.isCoexistenceMode()) {
// Pick it up from the realms tree.
try {
OrganizationConfigManager ocm = new OrganizationConfigManager(token, org);
if (ocm == null) {
Object[] args = { org };
throw new IdRepoException(IdRepoBundle.BUNDLE_NAME, IdRepoErrorCode.NO_MAPPING_FOUND, args);
}
Map attributes = ocm.getAttributes(IdConstants.REPO_SERVICE);
Set vals = (Set) attributes.get(IdConstants.ORGANIZATION_STATUS_ATTR);
if (vals == null || vals.isEmpty()) {
isActive = true;
} else {
String stringActive = (String) vals.iterator().next();
isActive = stringActive.equalsIgnoreCase("Active");
}
} catch (SMSException smse) {
Object[] args = { org };
throw new IdRepoException(IdRepoBundle.BUNDLE_NAME, IdRepoErrorCode.NO_MAPPING_FOUND, args);
}
} else if (ServiceManager.isAMSDKEnabled()) {
// Return the org DN as determined by AMStoreConnection.
try {
AMStoreConnection amsc = new AMStoreConnection(token);
AMOrganization orgObj = amsc.getOrganization(org);
isActive = orgObj.isActivated();
} catch (AMException ame) {
throw convertAMException(ame);
}
}
// Add to cache
orgStatusCache.put(org, isActive);
return isActive;
}
Also used :
HashSet(java.util.HashSet)
Set(java.util.Set)
AMStoreConnection(com.iplanet.am.sdk.AMStoreConnection)
SMSException(com.sun.identity.sm.SMSException)
AMOrganization(com.iplanet.am.sdk.AMOrganization)
OrganizationConfigManager(com.sun.identity.sm.OrganizationConfigManager)
AMException(com.iplanet.am.sdk.AMException)
AMObject(com.iplanet.am.sdk.AMObject)
CaseInsensitiveHashMap(com.sun.identity.common.CaseInsensitiveHashMap)
Map(java.util.Map)
Aggregations
AMOrganization (com.iplanet.am.sdk.AMOrganization)9
AMStoreConnection (com.iplanet.am.sdk.AMStoreConnection)8
Set (java.util.Set)8
HashSet (java.util.HashSet)7
AMException (com.iplanet.am.sdk.AMException)5
SSOException (com.iplanet.sso.SSOException)5
Iterator (java.util.Iterator)4
Map (java.util.Map)4
HashMap (java.util.HashMap)3
DN (org.forgerock.opendj.ldap.DN)3
AMObject (com.iplanet.am.sdk.AMObject)2
AttrSet (com.iplanet.services.ldap.AttrSet)2
PolicyException (com.sun.identity.policy.PolicyException)2
SMSException (com.sun.identity.sm.SMSException)2
RDN (org.forgerock.opendj.ldap.RDN)2
AMOrganizationalUnit (com.iplanet.am.sdk.AMOrganizationalUnit)1
AMPostCallBackException (com.iplanet.am.sdk.AMPostCallBackException)1
AMSearchControl (com.iplanet.am.sdk.AMSearchControl)1
AMSearchResults (com.iplanet.am.sdk.AMSearchResults)1
AMTemplate (com.iplanet.am.sdk.AMTemplate)1
