Example 1 with AMStoreConnection
use of com.iplanet.am.sdk.AMStoreConnection in project OpenAM by OpenRock.
the class DSAMERole method getValidValues.
/**
* Returns a list of possible values for the <code>Subject
* </code> that matches the pattern.
*
* @param token the <code>SSOToken</code> that will be used
* to determine the possible values
*
* @return <code>ValidValues</code> object
*
* @exception SSOException if SSO token is not valid
* @exception PolicyException if unable to get the list of valid
* names.
*/
public ValidValues getValidValues(SSOToken token, String pattern) throws SSOException, PolicyException {
if (!initialized) {
throw (new PolicyException(ResBundleUtils.rbName, "role_subject_not_yet_initialized", null, null));
}
try {
AMStoreConnection amConnection = new AMStoreConnection(token);
AMOrganization orgObject = amConnection.getOrganization(organizationDN);
AMSearchControl sc = new AMSearchControl();
sc.setMaxResults(maxResults);
sc.setTimeOut(timeLimit);
sc.setSearchScope(roleSearchScope);
AMSearchResults results = orgObject.searchAllRoles(pattern, sc);
int status;
switch(results.getErrorCode()) {
case AMSearchResults.SUCCESS:
status = ValidValues.SUCCESS;
break;
case AMSearchResults.SIZE_LIMIT_EXCEEDED:
status = ValidValues.SIZE_LIMIT_EXCEEDED;
break;
case AMSearchResults.TIME_LIMIT_EXCEEDED:
status = ValidValues.TIME_LIMIT_EXCEEDED;
break;
default:
status = ValidValues.SUCCESS;
}
return new ValidValues(status, results.getSearchResults());
} catch (AMException e) {
LdapException lde = e.getLDAPException();
if (lde != null) {
ResultCode ldapErrorCode = lde.getResult().getResultCode();
if (ResultCode.INVALID_CREDENTIALS.equals(ldapErrorCode)) {
throw new PolicyException(ResBundleUtils.rbName, "ldap_invalid_password", null, null);
} else if (ResultCode.NO_SUCH_OBJECT.equals(ldapErrorCode)) {
String[] objs = { organizationDN };
throw new PolicyException(ResBundleUtils.rbName, "no_such_am_roles_base_dn", objs, null);
}
String errorMsg = lde.getResult().getDiagnosticMessage();
String additionalMsg = lde.getResult().getResultCode().getName().toString(Locale.ROOT);
if (additionalMsg != null) {
throw new PolicyException(errorMsg + ": " + additionalMsg);
} else {
throw new PolicyException(errorMsg);
}
}
throw new PolicyException(e);
}
}
Also used :
AMStoreConnection(com.iplanet.am.sdk.AMStoreConnection)
AMSearchControl(com.iplanet.am.sdk.AMSearchControl)
PolicyException(com.sun.identity.policy.PolicyException)
ValidValues(com.sun.identity.policy.ValidValues)
AMOrganization(com.iplanet.am.sdk.AMOrganization)
AMException(com.iplanet.am.sdk.AMException)
AMSearchResults(com.iplanet.am.sdk.AMSearchResults)
LdapException(org.forgerock.opendj.ldap.LdapException)
ResultCode(org.forgerock.opendj.ldap.ResultCode)
Example 2 with AMStoreConnection
use of com.iplanet.am.sdk.AMStoreConnection in project OpenAM by OpenRock.
the class OrgConfigViaAMSDK method getObjectType.
// Returns the organization type for AMSDK DN.
private int getObjectType() {
if (objType == 0) {
try {
AMStoreConnection amcom = new AMStoreConnection((SSOToken) AccessController.doPrivileged(AdminTokenAction.getInstance()));
objType = amcom.getAMObjectType(parentOrgName);
} catch (AMException ame) {
// set as organizational unit
objType = AMObject.ORGANIZATIONAL_UNIT;
debug.error("OrgConfigViaAMSDK: Unable to determine type");
} catch (SSOException ssoe) {
// set as organizational unit
objType = AMObject.ORGANIZATIONAL_UNIT;
}
}
return (objType);
}
Also used :
AMStoreConnection(com.iplanet.am.sdk.AMStoreConnection)
AMException(com.iplanet.am.sdk.AMException)
SSOException(com.iplanet.sso.SSOException)
Example 3 with AMStoreConnection
use of com.iplanet.am.sdk.AMStoreConnection in project OpenAM by OpenRock.
the class PolicyEvaluator method getUserNSRoleValues.
/**
* Get the set of role DNs of a user. The role DNs are cached to
* improve the performance of IdentityServerRole subject membership
* validation.
*
* @param token single sign on token of the user evaluating policies
*
* @return The set of user <code>nsRole</code> attribute values
*
* @exception SSOException single-sign-on token invalid or expired
* @exception PolicyException if an error occured while getting the
* user's nsRole attribute value set
*/
public static Set getUserNSRoleValues(SSOToken token) throws SSOException, PolicyException {
if (userNSRoleCacheTTL == 0) {
synchronized (userNSRoleCache) {
String orgName = ServiceManager.getBaseDN();
Map pConfigValues = PolicyConfig.getPolicyConfig(orgName);
userNSRoleCacheTTL = PolicyConfig.getSubjectsResultTtl(pConfigValues);
if (userNSRoleCacheTTL <= 0) {
userNSRoleCacheTTL = DEFAULT_USER_NSROLE_CACHE_TTL;
if (DEBUG.warningEnabled()) {
DEBUG.warning("Invalid TTL got from configuration." + " Set TTL to default:" + userNSRoleCacheTTL);
}
}
if (DEBUG.messageEnabled()) {
DEBUG.message("userNSRoleCacheTTL=" + userNSRoleCacheTTL);
}
}
}
if (token == null) {
return null;
}
String tokenIDStr = token.getTokenID().toString();
Object[] element = (Object[]) userNSRoleCache.get(tokenIDStr);
if (element != null) {
Long timeStamp = (Long) element[0];
long timeToLive = 0;
if (timeStamp != null) {
timeToLive = timeStamp.longValue();
}
long currentTime = System.currentTimeMillis();
if (timeToLive > currentTime) {
if (DEBUG.messageEnabled()) {
DEBUG.message("PolicyEvaluator.getUserNSRoleValues():" + " get the nsRole values from cache.\n");
}
return (HashSet) element[1];
}
}
// cache or the cache element is out of date.
try {
AMStoreConnection am = new AMStoreConnection(token);
AMUser user = am.getUser(token.getPrincipal().getName());
if ((user == null) || !(user.isActivated())) {
return null;
}
Set roleSet = new HashSet();
Set roles = new HashSet();
// get all the roles assigned to the user
Set staticRoles = user.getRoleDNs();
Set filteredRoles = user.getFilteredRoleDNs();
if (staticRoles != null) {
roles.addAll(staticRoles);
}
if (filteredRoles != null) {
roles.addAll(filteredRoles);
}
if (!roles.isEmpty()) {
Iterator iter = roles.iterator();
while (iter.hasNext()) {
String role = (String) iter.next();
if (role != null) {
roleSet.add(LDAPUtils.formatToRFC(role));
}
}
}
if (DEBUG.messageEnabled()) {
DEBUG.message("PolicyEvaluator.getUserNSRoleValues():" + " added user nsRoles: " + roleSet);
}
Object[] elem = new Object[2];
elem[0] = new Long(System.currentTimeMillis() + userNSRoleCacheTTL);
elem[1] = roleSet;
userNSRoleCache.put(tokenIDStr, elem);
if (!ssoListenerRegistry.containsKey(tokenIDStr)) {
token.addSSOTokenListener(ssoListener);
ssoListenerRegistry.put(tokenIDStr, ssoListener);
if (DEBUG.messageEnabled()) {
DEBUG.message("PolicyEvaluator.getUserNSRoleValues():" + " sso listener added .\n");
}
}
return roleSet;
} catch (AMException e) {
throw (new PolicyException(e));
}
}
Also used :
HashSet(java.util.HashSet)
Set(java.util.Set)
CollectionUtils.asSet(org.forgerock.openam.utils.CollectionUtils.asSet)
AMUser(com.iplanet.am.sdk.AMUser)
AMException(com.iplanet.am.sdk.AMException)
AMStoreConnection(com.iplanet.am.sdk.AMStoreConnection)
Iterator(java.util.Iterator)
HashMap(java.util.HashMap)
Map(java.util.Map)
HashSet(java.util.HashSet)
Example 4 with AMStoreConnection
use of com.iplanet.am.sdk.AMStoreConnection in project OpenAM by OpenRock.
the class AMClientCapData method removeClient.
/**
* Remove a Client - removes the client from the externalDB. Valid only with
* instance of externalDB.
*
* @param token
* SSOToken to validate the user
* @param clientType
* Client Type Name.
*
* @return 0 on success
* @exception AMClientCapException
* if Client could not be removed - permission problems
*/
public int removeClient(SSOToken token, String clientType) throws AMClientCapException {
if (isInternalInstance()) {
throw new AMClientCapException(BUNDLE_NAME, CANNOT_MOD_INT_DB, null);
}
try {
AMStoreConnection localConn = new AMStoreConnection(token);
String dn = generateClientDN(clientType);
AMEntity amEntity = localConn.getEntity(dn);
amEntity.delete();
} catch (Exception e) {
String[] errArgs = { clientType };
AMClientCapException ace = new AMClientCapException(BUNDLE_NAME, DELETE_FAILED, errArgs);
String msg = ace.getMessage();
debug.error(dbStr + msg, e);
throw ace;
}
return 0;
}
Also used :
AMEntity(com.iplanet.am.sdk.AMEntity)
AMStoreConnection(com.iplanet.am.sdk.AMStoreConnection)
SSOException(com.iplanet.sso.SSOException)
Example 5 with AMStoreConnection
use of com.iplanet.am.sdk.AMStoreConnection in project OpenAM by OpenRock.
the class PolicyUtils method removePolicyRules.
/**
* Removes policy rules defined for a service.
* All the policy rules defined for a service in the system
* are removed.
* @param token session token of the user doing the operation
* @param serviceName name of the service
*/
public static void removePolicyRules(SSOToken token, String serviceName) throws SSOException, AMException {
try {
AMStoreConnection dpStore = new AMStoreConnection(token);
PolicyManager pm = new PolicyManager(token);
String org = pm.getOrganizationDN();
AMOrganization rootOrg = (AMOrganization) dpStore.getOrganization(org);
String dn, policyName, ruleName;
DN rootDN;
DN tmpDN;
Set policyNames;
Policy p;
Rule rule, ruleDeleted;
Iterator iter, ruleItr, levelItr;
Map policyDNs = new HashMap();
Map levelDNs = new HashMap();
TreeMap sortedDNs;
rootDN = DN.valueOf(SMSEntry.getRootSuffix());
Map avPair = new HashMap();
Set value = new HashSet();
value.add("iPlanetAMPolicyConfigService");
avPair.put(AMConstants.SERVICE_STATUS_ATTRIBUTE, value);
Set subOrgs = null;
subOrgs = rootOrg.searchSubOrganizations("*", avPair, AMConstants.SCOPE_SUB);
for (Iterator iterOrg = subOrgs.iterator(); iterOrg.hasNext(); ) {
dn = (String) iterOrg.next();
PolicyManager pmSubOrg = new PolicyManager(token, dn);
policyNames = pmSubOrg.getPolicyNames();
iter = policyNames.iterator();
while (iter.hasNext()) {
policyName = (String) iter.next();
p = pmSubOrg.getPolicy(policyName);
if (!p.isReferralPolicy()) {
ruleItr = p.getRuleNames().iterator();
while (ruleItr.hasNext()) {
ruleName = (String) ruleItr.next();
rule = p.getRule(ruleName);
if ((rule.getServiceTypeName()).equalsIgnoreCase(serviceName)) {
if (PolicyManager.debug.messageEnabled()) {
debug.message("PolicyUtils.removePolicyRules():" + "policy: " + policyName + ",rule: " + ruleName);
}
ruleDeleted = p.removeRule(ruleName);
if (ruleDeleted != null) {
pmSubOrg.replacePolicy(p);
}
}
}
} else {
//store the policies corresponding to DNs
if (policyDNs.containsKey(dn)) {
((Vector) policyDNs.get(dn)).add(policyName);
} else {
Vector policies = new Vector();
policies.add(policyName);
policyDNs.put(dn, policies);
}
//store DNs corresponding to levels wrt root
tmpDN = DN.valueOf(dn);
String levelDiff = String.valueOf(rootDN.size() - tmpDN.size());
if (levelDNs.containsKey(levelDiff)) {
((Vector) levelDNs.get(levelDiff)).add(dn);
} else {
Vector DNs = new Vector();
DNs.add(dn);
levelDNs.put(levelDiff, DNs);
}
}
}
}
sortedDNs = new TreeMap(levelDNs);
levelItr = sortedDNs.keySet().iterator();
while (levelItr.hasNext()) {
String level = (String) levelItr.next();
Vector vDNs = (Vector) sortedDNs.get(level);
for (int i = 0; i < vDNs.size(); i++) {
dn = (String) vDNs.get(i);
PolicyManager pmRefOrg = new PolicyManager(token, dn);
Vector vPolicies = (Vector) policyDNs.get(dn);
for (int j = 0; j < vPolicies.size(); j++) {
policyName = (String) vPolicies.get(j);
p = pmRefOrg.getPolicy(policyName);
ruleItr = p.getRuleNames().iterator();
while (ruleItr.hasNext()) {
ruleName = (String) ruleItr.next();
rule = p.getRule(ruleName);
if ((rule.getServiceTypeName()).equalsIgnoreCase(serviceName)) {
if (debug.messageEnabled()) {
debug.message("PolicyUtils.removePolicyRules():" + "referral policy: " + policyName + ",rule: " + ruleName);
}
ruleDeleted = p.removeRule(ruleName);
if (ruleDeleted != null) {
pmRefOrg.replacePolicy(p);
}
}
}
}
}
}
} catch (PolicyException pe) {
debug.error("PolicyUtils.removePolicyRules():", pe);
}
}
Also used :
HashSet(java.util.HashSet)
Set(java.util.Set)
HashMap(java.util.HashMap)
RDN(org.forgerock.opendj.ldap.RDN)
DN(org.forgerock.opendj.ldap.DN)
TreeMap(java.util.TreeMap)
AMStoreConnection(com.iplanet.am.sdk.AMStoreConnection)
AMOrganization(com.iplanet.am.sdk.AMOrganization)
Iterator(java.util.Iterator)
HashMap(java.util.HashMap)
Map(java.util.Map)
TreeMap(java.util.TreeMap)
Vector(java.util.Vector)
HashSet(java.util.HashSet)
Aggregations
AMStoreConnection (com.iplanet.am.sdk.AMStoreConnection)18
Set (java.util.Set)11
SSOException (com.iplanet.sso.SSOException)10
HashSet (java.util.HashSet)10
AMException (com.iplanet.am.sdk.AMException)9
AMOrganization (com.iplanet.am.sdk.AMOrganization)8
Iterator (java.util.Iterator)7
Map (java.util.Map)7
HashMap (java.util.HashMap)6
DN (org.forgerock.opendj.ldap.DN)5
AttrSet (com.iplanet.services.ldap.AttrSet)4
SMSException (com.sun.identity.sm.SMSException)4
AMObject (com.iplanet.am.sdk.AMObject)3
OrderedSet (com.sun.identity.shared.datastruct.OrderedSet)3
RDN (org.forgerock.opendj.ldap.RDN)3
AMEntity (com.iplanet.am.sdk.AMEntity)2
AMOrganizationalUnit (com.iplanet.am.sdk.AMOrganizationalUnit)2
AMRole (com.iplanet.am.sdk.AMRole)2
AMUser (com.iplanet.am.sdk.AMUser)2
PolicyException (com.sun.identity.policy.PolicyException)2
