Example 1 with AMPostCallBackException
use of com.iplanet.am.sdk.AMPostCallBackException in project OpenAM by OpenRock.
the class SubjectReferentialIntegrityPlugin method postProcessDelete.
/**
* This implementation would visit all the subjects in policies
* across all orgs/sub-orgs and remove the subject values
* corresponding to the deleted entry DN. After removing an entry from a
* subject, checks if that entry is the only one in the subject to
* remove the subject as well.
*/
public void postProcessDelete(SSOToken token, String entryDN, Map attributes, boolean softDeleteEnabled, int objectType) throws AMPostCallBackException {
try {
if (debug.messageEnabled()) {
debug.message("ReferentialIntegrityPlugin.postProcessDelete()");
}
// check the subject types
Set objectTypes = new HashSet();
objectTypes.add(new Integer(AMObject.USER));
objectTypes.add(new Integer(AMObject.ROLE));
objectTypes.add(new Integer(AMObject.ORGANIZATION));
objectTypes.add(new Integer(AMObject.GROUP));
objectTypes.add(new Integer(AMObject.ASSIGNABLE_DYNAMIC_GROUP));
objectTypes.add(new Integer(AMObject.DYNAMIC_GROUP));
objectTypes.add(new Integer(AMObject.FILTERED_ROLE));
if (objectTypes.contains(new Integer(objectType))) {
String subOrg, policyName, subjectName;
Policy policy;
Subject subject;
Iterator policyIter, subjectIter;
// create a DN for the entry to be deleted
DN entryDName = DN.valueOf(entryDN);
//a connection to the Identity Server data store.
AMStoreConnection dpStore = new AMStoreConnection(token);
DN rootDN = DN.valueOf(SMSEntry.getRootSuffix());
if (debug.messageEnabled()) {
debug.message("Searching for all policies from root DN: " + rootDN.toString());
}
PolicyManager pm = new PolicyManager(token, rootDN.toString());
String org = pm.getOrganizationName();
/**
* find out from org policy config that is the directory
* specified is the local directory
*/
Map configParams = PolicyConfig.getPolicyConfig(org);
String ldapServer = ((String) configParams.get(PolicyConfig.LDAP_SERVER)).toLowerCase();
boolean localDS = PolicyUtils.isLocalDS(ldapServer);
/**
* process IdentityServer Role irrespective of local or
* non-local DS
*/
if (objectType == AMObject.ROLE) {
localDS = true;
}
if (localDS) {
AMOrganization rootOrg = (AMOrganization) dpStore.getOrganization(org);
Set subOrgs = null;
//all orgs/sub-orgs
subOrgs = rootOrg.searchSubOrganizations("*", AMConstants.SCOPE_SUB);
Iterator orgIter = subOrgs.iterator();
while (orgIter.hasNext()) {
subOrg = (String) orgIter.next();
if (debug.messageEnabled()) {
debug.message("Visiting suborg: " + subOrg);
}
PolicyManager pmSubOrg = new PolicyManager(token, subOrg);
// all policies
Set policies = pmSubOrg.getPolicyNames();
policyIter = policies.iterator();
while (policyIter.hasNext()) {
policyName = (String) policyIter.next();
if (debug.messageEnabled()) {
debug.message("policyName: " + policyName);
}
policy = pmSubOrg.getPolicy(policyName);
// referral policies don't have subjects defined
if (!policy.isReferralPolicy()) {
// all subjects
boolean replacePolicy = false;
Set subjectsInPolicy = policy.getSubjectNames();
Set subjects = new HashSet();
subjects.addAll(subjectsInPolicy);
subjectIter = subjects.iterator();
while (subjectIter.hasNext()) {
subjectName = (String) subjectIter.next();
if (debug.messageEnabled()) {
debug.message("subjectName: " + subjectName);
}
subject = policy.getSubject(subjectName);
Set set = subject.getValues();
Iterator ite = set.iterator();
String str = null;
DN strDN = null;
while (ite.hasNext()) {
str = (String) ite.next();
strDN = DN.valueOf(str);
if (entryDName.equals(strDN)) {
replacePolicy = true;
if (debug.messageEnabled()) {
debug.message("DNs match, str:" + str + "entryDN:" + entryDN);
}
set.remove(str);
if (set.isEmpty()) {
policy.removeSubject(subjectName);
if (debug.messageEnabled()) {
debug.message("subjectDeleted:" + subjectName);
}
} else {
subject.setValues(set);
}
break;
}
// match DNs
}
// all subject values in the subject
}
// all subjects in the policy
if (replacePolicy) {
pmSubOrg.replacePolicy(policy);
}
}
// for referral policies
}
// all policies
}
// all orgs
}
// localDS check
}
// objectType check
} catch (PolicyException pe) {
debug.error("ReferentialIntegrityPlugin.postProcessDelete():", pe);
} catch (SSOException sse) {
debug.error("ReferentialIntegrityPlugin.postProcessDelete():", sse);
} catch (Exception e) {
debug.error("ReferentialIntegrityPlugin.postProcessDelete():", e);
}
}
Also used :
Policy(com.sun.identity.policy.Policy)
PolicyManager(com.sun.identity.policy.PolicyManager)
Set(java.util.Set)
HashSet(java.util.HashSet)
DN(org.forgerock.opendj.ldap.DN)
SSOException(com.iplanet.sso.SSOException)
Subject(com.sun.identity.policy.interfaces.Subject)
AMPostCallBackException(com.iplanet.am.sdk.AMPostCallBackException)
SSOException(com.iplanet.sso.SSOException)
PolicyException(com.sun.identity.policy.PolicyException)
AMStoreConnection(com.iplanet.am.sdk.AMStoreConnection)
PolicyException(com.sun.identity.policy.PolicyException)
AMOrganization(com.iplanet.am.sdk.AMOrganization)
Iterator(java.util.Iterator)
Map(java.util.Map)
HashSet(java.util.HashSet)
Aggregations
AMOrganization (com.iplanet.am.sdk.AMOrganization)1
AMPostCallBackException (com.iplanet.am.sdk.AMPostCallBackException)1
AMStoreConnection (com.iplanet.am.sdk.AMStoreConnection)1
SSOException (com.iplanet.sso.SSOException)1
Policy (com.sun.identity.policy.Policy)1
PolicyException (com.sun.identity.policy.PolicyException)1
PolicyManager (com.sun.identity.policy.PolicyManager)1
Subject (com.sun.identity.policy.interfaces.Subject)1
HashSet (java.util.HashSet)1
Iterator (java.util.Iterator)1
Map (java.util.Map)1
Set (java.util.Set)1
DN (org.forgerock.opendj.ldap.DN)1
