Search in sources :

Example 11 with AMStoreConnection

use of com.iplanet.am.sdk.AMStoreConnection in project OpenAM by OpenRock.

the class AMClientCapData method modifyClient.

/**
     * Modify the properties of the Client instance in externalDB. Valid only
     * with instance of externalDB. <br>
     * <b>Note: To add a property in the external db to mask the corresponding
     * property value in internal db, add the property with a " "
     * ("&lt;space&gt;") not an empty "" string. This is required because, when
     * dsame fetches the value from directory and sees it has no value, it
     * returns an empty set. (And we discard empty sets internally - bcos dsame
     * stores values for every property defined in the schema).</b>
     * 
     * Also, if the additionalProperties are being modified, it should contain
     * both the modified and the unmodified ones. This is required since all the
     * additionalProperties are stored in a single Attribute
     * "additionalProperties".
     * 
     * @param token
     *            SSOToken to validate the user.
     * @param props
     *            Map of profiles known to ClientCapabilities. The Map contains
     *            key of property name(s) and Set for the values. It wont
     *            overwrite the property names not in the Map. A key with an
     *            empty Set for the values will delete the property (DSAME
     *            cannot handle null values - throws NullPointerExcptn). The Map
     *            "must" have a property "clientType"
     * 
     * @return 0 on success
     * @exception AMClientCapException
     *                if Client could not be modified - permission problems OR
     *                if the clientType property is mising in the Map.
     */
public int modifyClient(SSOToken token, Map props) throws AMClientCapException {
    int status = 0;
    if (isInternalInstance()) {
        throw new AMClientCapException(BUNDLE_NAME, CANNOT_MOD_INT_DB, null);
    }
    String ct = getClientType(props);
    try {
        AMStoreConnection localConn = new AMStoreConnection(token);
        String dn = generateClientDN(ct);
        AMEntity amEntity = localConn.getEntity(dn);
        if (amEntity.isExists()) {
            Map m = getKnownProperties(props);
            // modify shouldn't have the RDN
            m.remove(CLIENTTYPE_ATTR);
            amEntity.setAttributes(m);
            amEntity.store();
        } else {
            //
            // Need to add if the entry doesn't exist
            //
            status = addClient(token, props);
        }
    } catch (Exception e) {
        String[] errArgs = { ct };
        AMClientCapException ace = new AMClientCapException(BUNDLE_NAME, MODIFY_FAILED, errArgs);
        String msg = ace.getMessage();
        debug.error(dbStr + msg, e);
        throw ace;
    }
    return status;
}
Also used : AMEntity(com.iplanet.am.sdk.AMEntity) AMStoreConnection(com.iplanet.am.sdk.AMStoreConnection) HashMap(java.util.HashMap) Map(java.util.Map) SSOException(com.iplanet.sso.SSOException)

Example 12 with AMStoreConnection

use of com.iplanet.am.sdk.AMStoreConnection in project OpenAM by OpenRock.

the class AMClientCapData method addClient.

/**
     * Add a client. For every property in the Map, it looks up the schema to
     * check if the property is known, if not known adds it to the
     * additionalProperties schema element. <br>
     * 
     * <b>Note: To add a property in the external db to mask the corresponding
     * property value in internal db, add the property with a " "
     * ("&lt;space&gt;") not an empty "" string. This is required because, when
     * dsame fetches the value from directory and sees it has no value, it
     * returns an empty set. (And we discard empty sets internally - bcos dsame
     * stores values for every property defined in the schema).</b>
     * 
     * @param token
     *            SSOToken to validate the user
     * @param props
     *            Map of profiles known to ClientCap. The Map "must" have a
     *            property "clientType"
     * 
     * @return 0 on success
     * @exception AMClientCapException
     *                if Client could not be added - permission problems or if
     *                the clientType property is mising in the Map.
     */
public int addClient(SSOToken token, Map props) throws AMClientCapException {
    int status = 0;
    String ct = getClientType(props);
    Map m = getKnownProperties(props);
    Map entityMap = new HashMap(1);
    entityMap.put(ct, m);
    try {
        AMStoreConnection conn = new AMStoreConnection(token);
        AMOrganizationalUnit amOU = conn.getOrganizationalUnit(databaseDN);
        amOU.createEntities(UMS_ADD_TEMPLATE_NAME, entityMap);
    } catch (Exception e) {
        String[] errArgs = { ct };
        AMClientCapException ace = new AMClientCapException(BUNDLE_NAME, ADD_FAILED, errArgs);
        String msg = ace.getMessage();
        debug.error(dbStr + msg, e);
        throw ace;
    }
    return status;
}
Also used : AMStoreConnection(com.iplanet.am.sdk.AMStoreConnection) HashMap(java.util.HashMap) AMOrganizationalUnit(com.iplanet.am.sdk.AMOrganizationalUnit) HashMap(java.util.HashMap) Map(java.util.Map) SSOException(com.iplanet.sso.SSOException)

Example 13 with AMStoreConnection

use of com.iplanet.am.sdk.AMStoreConnection in project OpenAM by OpenRock.

the class EntityObjectImpl method initializeObject.

/**
     * Method to initialize the object. The AMStoreConnection handle is obtained
     * by creating a valid SSOToken.
     */
protected void initializeObject(String ssoToken, String entityLocation) throws EntityException, SSOException {
    checkInitialization();
    try {
        token = tokenManager.createSSOToken(ssoToken);
        amsc = new AMStoreConnection(token);
        String orgDN = amsc.getOrganizationDN(entityLocation, null);
        entity = amsc.getOrganization(orgDN);
    } catch (AMException amex) {
        EntityUtils.debug.error("EntityObjectImpl.initializeObject() : " + "Unable to get Organization DN " + amex);
        throw EntityUtils.convertException(amex);
    } catch (SSOException ssoe) {
        EntityUtils.debug.error("EntityObjectImpl.initializeObject() : " + "Unable to convert SSOToken: " + ssoToken, ssoe);
        throw ssoe;
    }
    if (EntityUtils.debug.messageEnabled()) {
        EntityUtils.debug.message("EntityObjectImpl.getAMEntity(): " + "Obtained ssotoken: " + ssoToken);
        EntityUtils.debug.message("EntityObjectImpl.getAMEntity(): " + "Obtained AMSToreConnection object for SSOToken: " + ssoToken);
    }
}
Also used : AMStoreConnection(com.iplanet.am.sdk.AMStoreConnection) AMException(com.iplanet.am.sdk.AMException) SSOException(com.iplanet.sso.SSOException)

Example 14 with AMStoreConnection

use of com.iplanet.am.sdk.AMStoreConnection in project OpenAM by OpenRock.

the class DirectoryServicesImpl method removeAdminRole.

/**
     * Remove group admin role
     * 
     * @param token
     *            SSOToken of the caller
     * @param dn
     *            group DN
     * @param recursive
     *            true to delete all admin roles for all sub groups or sub
     *            people container
     */
public void removeAdminRole(SSOToken token, String dn, boolean recursive) throws SSOException, AMException {
    SSOTokenManager.getInstance().validateToken(token);
    if (debug.messageEnabled()) {
        debug.message("DirectoryServicesImpl.removeAdminRole() dn: " + dn + " recursive: " + recursive);
    }
    // first find out the admin role dn for the group
    DN ldapDN = DN.valueOf(dn);
    String orgDN = getOrganizationDN(token, ldapDN.parent().toString());
    String newdn = dn.replace(',', '_');
    String roleNameAttr = getNamingAttribute(AMObject.ROLE);
    String roleDN = new StringBuilder().append(roleNameAttr).append("=").append(newdn).append(",").append(orgDN).toString();
    Set adminRoles = Collections.EMPTY_SET;
    if (recursive) {
        String roleSearchFilter = SearchFilterManager.getSearchFilter(AMObject.ROLE, orgDN);
        StringBuilder sb = new StringBuilder();
        sb.append("(&").append(roleSearchFilter).append("(");
        sb.append(roleNameAttr).append("=*").append(newdn).append("))");
        adminRoles = search(token, orgDN, sb.toString(), SearchControl.SCOPE_ONE);
    } else {
        adminRoles = new HashSet();
        adminRoles.add(roleDN);
    }
    Iterator iter = adminRoles.iterator();
    while (iter.hasNext()) {
        String adminRoleDN = (String) iter.next();
        // remove all members from the role
        try {
            ManagedRole roleObj = (ManagedRole) UMSObject.getObject(token, new Guid(adminRoleDN));
            roleObj.removeAllMembers();
            // removeEntry(token, adminRoleDN, AMObject.ROLE, false, false);
            AMStoreConnection amsc = new AMStoreConnection(internalToken);
            AMRole role = amsc.getRole(adminRoleDN);
            role.delete(recursive);
        } catch (Exception e) {
            if (debug.messageEnabled()) {
                debug.message("DirectoryServicesImpl.removeAdminRole() " + "Unable to admin roles:", e);
            }
        }
    }
}
Also used : Set(java.util.Set) OrderedSet(com.sun.identity.shared.datastruct.OrderedSet) TreeSet(java.util.TreeSet) HashSet(java.util.HashSet) AttrSet(com.iplanet.services.ldap.AttrSet) AMStoreConnection(com.iplanet.am.sdk.AMStoreConnection) Iterator(java.util.Iterator) RDN(org.forgerock.opendj.ldap.RDN) DN(org.forgerock.opendj.ldap.DN) Guid(com.iplanet.ums.Guid) AMRole(com.iplanet.am.sdk.AMRole) EntryAlreadyExistsException(com.iplanet.ums.EntryAlreadyExistsException) UMSException(com.iplanet.ums.UMSException) AMEventManagerException(com.iplanet.am.sdk.AMEventManagerException) AMEntryExistsException(com.iplanet.am.sdk.AMEntryExistsException) SizeLimitExceededException(com.iplanet.ums.SizeLimitExceededException) AMInvalidDNException(com.iplanet.am.sdk.AMInvalidDNException) TimeLimitExceededException(com.iplanet.ums.TimeLimitExceededException) SSOException(com.iplanet.sso.SSOException) AccessRightsException(com.iplanet.ums.AccessRightsException) LdapException(org.forgerock.opendj.ldap.LdapException) InvalidSearchFilterException(com.iplanet.ums.InvalidSearchFilterException) SMSException(com.sun.identity.sm.SMSException) AMException(com.iplanet.am.sdk.AMException) AMPreCallBackException(com.iplanet.am.sdk.AMPreCallBackException) EntryNotFoundException(com.iplanet.ums.EntryNotFoundException) COSNotFoundException(com.iplanet.ums.cos.COSNotFoundException) HashSet(java.util.HashSet) ManagedRole(com.iplanet.ums.ManagedRole)

Example 15 with AMStoreConnection

use of com.iplanet.am.sdk.AMStoreConnection in project OpenAM by OpenRock.

the class SubjectReferentialIntegrityPlugin method postProcessDelete.

/**
     * This implementation would visit all the subjects in policies
     * across all orgs/sub-orgs and remove the subject values
     * corresponding to the deleted entry DN. After removing an entry from a
     * subject, checks if that entry is the only one in the subject to
     * remove the subject as well.
     */
public void postProcessDelete(SSOToken token, String entryDN, Map attributes, boolean softDeleteEnabled, int objectType) throws AMPostCallBackException {
    try {
        if (debug.messageEnabled()) {
            debug.message("ReferentialIntegrityPlugin.postProcessDelete()");
        }
        // check the subject types
        Set objectTypes = new HashSet();
        objectTypes.add(new Integer(AMObject.USER));
        objectTypes.add(new Integer(AMObject.ROLE));
        objectTypes.add(new Integer(AMObject.ORGANIZATION));
        objectTypes.add(new Integer(AMObject.GROUP));
        objectTypes.add(new Integer(AMObject.ASSIGNABLE_DYNAMIC_GROUP));
        objectTypes.add(new Integer(AMObject.DYNAMIC_GROUP));
        objectTypes.add(new Integer(AMObject.FILTERED_ROLE));
        if (objectTypes.contains(new Integer(objectType))) {
            String subOrg, policyName, subjectName;
            Policy policy;
            Subject subject;
            Iterator policyIter, subjectIter;
            // create a DN for the entry to be deleted
            DN entryDName = DN.valueOf(entryDN);
            //a connection to the Identity Server data store.
            AMStoreConnection dpStore = new AMStoreConnection(token);
            DN rootDN = DN.valueOf(SMSEntry.getRootSuffix());
            if (debug.messageEnabled()) {
                debug.message("Searching for all policies from root DN: " + rootDN.toString());
            }
            PolicyManager pm = new PolicyManager(token, rootDN.toString());
            String org = pm.getOrganizationName();
            /**
                 *  find out from org policy config that is the directory
                 *  specified is the local directory
                 */
            Map configParams = PolicyConfig.getPolicyConfig(org);
            String ldapServer = ((String) configParams.get(PolicyConfig.LDAP_SERVER)).toLowerCase();
            boolean localDS = PolicyUtils.isLocalDS(ldapServer);
            /** 
                 * process IdentityServer Role irrespective of local or 
                 * non-local DS
                 */
            if (objectType == AMObject.ROLE) {
                localDS = true;
            }
            if (localDS) {
                AMOrganization rootOrg = (AMOrganization) dpStore.getOrganization(org);
                Set subOrgs = null;
                //all orgs/sub-orgs
                subOrgs = rootOrg.searchSubOrganizations("*", AMConstants.SCOPE_SUB);
                Iterator orgIter = subOrgs.iterator();
                while (orgIter.hasNext()) {
                    subOrg = (String) orgIter.next();
                    if (debug.messageEnabled()) {
                        debug.message("Visiting suborg: " + subOrg);
                    }
                    PolicyManager pmSubOrg = new PolicyManager(token, subOrg);
                    // all policies
                    Set policies = pmSubOrg.getPolicyNames();
                    policyIter = policies.iterator();
                    while (policyIter.hasNext()) {
                        policyName = (String) policyIter.next();
                        if (debug.messageEnabled()) {
                            debug.message("policyName: " + policyName);
                        }
                        policy = pmSubOrg.getPolicy(policyName);
                        // referral policies don't have subjects defined
                        if (!policy.isReferralPolicy()) {
                            // all subjects
                            boolean replacePolicy = false;
                            Set subjectsInPolicy = policy.getSubjectNames();
                            Set subjects = new HashSet();
                            subjects.addAll(subjectsInPolicy);
                            subjectIter = subjects.iterator();
                            while (subjectIter.hasNext()) {
                                subjectName = (String) subjectIter.next();
                                if (debug.messageEnabled()) {
                                    debug.message("subjectName: " + subjectName);
                                }
                                subject = policy.getSubject(subjectName);
                                Set set = subject.getValues();
                                Iterator ite = set.iterator();
                                String str = null;
                                DN strDN = null;
                                while (ite.hasNext()) {
                                    str = (String) ite.next();
                                    strDN = DN.valueOf(str);
                                    if (entryDName.equals(strDN)) {
                                        replacePolicy = true;
                                        if (debug.messageEnabled()) {
                                            debug.message("DNs match, str:" + str + "entryDN:" + entryDN);
                                        }
                                        set.remove(str);
                                        if (set.isEmpty()) {
                                            policy.removeSubject(subjectName);
                                            if (debug.messageEnabled()) {
                                                debug.message("subjectDeleted:" + subjectName);
                                            }
                                        } else {
                                            subject.setValues(set);
                                        }
                                        break;
                                    }
                                // match DNs
                                }
                            // all subject values in the subject
                            }
                            // all subjects in the policy
                            if (replacePolicy) {
                                pmSubOrg.replacePolicy(policy);
                            }
                        }
                    // for referral policies
                    }
                // all policies
                }
            // all orgs
            }
        // localDS check
        }
    // objectType check
    } catch (PolicyException pe) {
        debug.error("ReferentialIntegrityPlugin.postProcessDelete():", pe);
    } catch (SSOException sse) {
        debug.error("ReferentialIntegrityPlugin.postProcessDelete():", sse);
    } catch (Exception e) {
        debug.error("ReferentialIntegrityPlugin.postProcessDelete():", e);
    }
}
Also used : Policy(com.sun.identity.policy.Policy) PolicyManager(com.sun.identity.policy.PolicyManager) Set(java.util.Set) HashSet(java.util.HashSet) DN(org.forgerock.opendj.ldap.DN) SSOException(com.iplanet.sso.SSOException) Subject(com.sun.identity.policy.interfaces.Subject) AMPostCallBackException(com.iplanet.am.sdk.AMPostCallBackException) SSOException(com.iplanet.sso.SSOException) PolicyException(com.sun.identity.policy.PolicyException) AMStoreConnection(com.iplanet.am.sdk.AMStoreConnection) PolicyException(com.sun.identity.policy.PolicyException) AMOrganization(com.iplanet.am.sdk.AMOrganization) Iterator(java.util.Iterator) Map(java.util.Map) HashSet(java.util.HashSet)

Aggregations

AMStoreConnection (com.iplanet.am.sdk.AMStoreConnection)18 Set (java.util.Set)11 SSOException (com.iplanet.sso.SSOException)10 HashSet (java.util.HashSet)10 AMException (com.iplanet.am.sdk.AMException)9 AMOrganization (com.iplanet.am.sdk.AMOrganization)8 Iterator (java.util.Iterator)7 Map (java.util.Map)7 HashMap (java.util.HashMap)6 DN (org.forgerock.opendj.ldap.DN)5 AttrSet (com.iplanet.services.ldap.AttrSet)4 SMSException (com.sun.identity.sm.SMSException)4 AMObject (com.iplanet.am.sdk.AMObject)3 OrderedSet (com.sun.identity.shared.datastruct.OrderedSet)3 RDN (org.forgerock.opendj.ldap.RDN)3 AMEntity (com.iplanet.am.sdk.AMEntity)2 AMOrganizationalUnit (com.iplanet.am.sdk.AMOrganizationalUnit)2 AMRole (com.iplanet.am.sdk.AMRole)2 AMUser (com.iplanet.am.sdk.AMUser)2 PolicyException (com.sun.identity.policy.PolicyException)2