use of com.iplanet.am.sdk.AMStoreConnection in project OpenAM by OpenRock.
the class AMClientCapData method modifyClient.
/**
* Modify the properties of the Client instance in externalDB. Valid only
* with instance of externalDB. <br>
* <b>Note: To add a property in the external db to mask the corresponding
* property value in internal db, add the property with a " "
* ("<space>") not an empty "" string. This is required because, when
* dsame fetches the value from directory and sees it has no value, it
* returns an empty set. (And we discard empty sets internally - bcos dsame
* stores values for every property defined in the schema).</b>
*
* Also, if the additionalProperties are being modified, it should contain
* both the modified and the unmodified ones. This is required since all the
* additionalProperties are stored in a single Attribute
* "additionalProperties".
*
* @param token
* SSOToken to validate the user.
* @param props
* Map of profiles known to ClientCapabilities. The Map contains
* key of property name(s) and Set for the values. It wont
* overwrite the property names not in the Map. A key with an
* empty Set for the values will delete the property (DSAME
* cannot handle null values - throws NullPointerExcptn). The Map
* "must" have a property "clientType"
*
* @return 0 on success
* @exception AMClientCapException
* if Client could not be modified - permission problems OR
* if the clientType property is mising in the Map.
*/
public int modifyClient(SSOToken token, Map props) throws AMClientCapException {
int status = 0;
if (isInternalInstance()) {
throw new AMClientCapException(BUNDLE_NAME, CANNOT_MOD_INT_DB, null);
}
String ct = getClientType(props);
try {
AMStoreConnection localConn = new AMStoreConnection(token);
String dn = generateClientDN(ct);
AMEntity amEntity = localConn.getEntity(dn);
if (amEntity.isExists()) {
Map m = getKnownProperties(props);
// modify shouldn't have the RDN
m.remove(CLIENTTYPE_ATTR);
amEntity.setAttributes(m);
amEntity.store();
} else {
//
// Need to add if the entry doesn't exist
//
status = addClient(token, props);
}
} catch (Exception e) {
String[] errArgs = { ct };
AMClientCapException ace = new AMClientCapException(BUNDLE_NAME, MODIFY_FAILED, errArgs);
String msg = ace.getMessage();
debug.error(dbStr + msg, e);
throw ace;
}
return status;
}
use of com.iplanet.am.sdk.AMStoreConnection in project OpenAM by OpenRock.
the class AMClientCapData method addClient.
/**
* Add a client. For every property in the Map, it looks up the schema to
* check if the property is known, if not known adds it to the
* additionalProperties schema element. <br>
*
* <b>Note: To add a property in the external db to mask the corresponding
* property value in internal db, add the property with a " "
* ("<space>") not an empty "" string. This is required because, when
* dsame fetches the value from directory and sees it has no value, it
* returns an empty set. (And we discard empty sets internally - bcos dsame
* stores values for every property defined in the schema).</b>
*
* @param token
* SSOToken to validate the user
* @param props
* Map of profiles known to ClientCap. The Map "must" have a
* property "clientType"
*
* @return 0 on success
* @exception AMClientCapException
* if Client could not be added - permission problems or if
* the clientType property is mising in the Map.
*/
public int addClient(SSOToken token, Map props) throws AMClientCapException {
int status = 0;
String ct = getClientType(props);
Map m = getKnownProperties(props);
Map entityMap = new HashMap(1);
entityMap.put(ct, m);
try {
AMStoreConnection conn = new AMStoreConnection(token);
AMOrganizationalUnit amOU = conn.getOrganizationalUnit(databaseDN);
amOU.createEntities(UMS_ADD_TEMPLATE_NAME, entityMap);
} catch (Exception e) {
String[] errArgs = { ct };
AMClientCapException ace = new AMClientCapException(BUNDLE_NAME, ADD_FAILED, errArgs);
String msg = ace.getMessage();
debug.error(dbStr + msg, e);
throw ace;
}
return status;
}
use of com.iplanet.am.sdk.AMStoreConnection in project OpenAM by OpenRock.
the class EntityObjectImpl method initializeObject.
/**
* Method to initialize the object. The AMStoreConnection handle is obtained
* by creating a valid SSOToken.
*/
protected void initializeObject(String ssoToken, String entityLocation) throws EntityException, SSOException {
checkInitialization();
try {
token = tokenManager.createSSOToken(ssoToken);
amsc = new AMStoreConnection(token);
String orgDN = amsc.getOrganizationDN(entityLocation, null);
entity = amsc.getOrganization(orgDN);
} catch (AMException amex) {
EntityUtils.debug.error("EntityObjectImpl.initializeObject() : " + "Unable to get Organization DN " + amex);
throw EntityUtils.convertException(amex);
} catch (SSOException ssoe) {
EntityUtils.debug.error("EntityObjectImpl.initializeObject() : " + "Unable to convert SSOToken: " + ssoToken, ssoe);
throw ssoe;
}
if (EntityUtils.debug.messageEnabled()) {
EntityUtils.debug.message("EntityObjectImpl.getAMEntity(): " + "Obtained ssotoken: " + ssoToken);
EntityUtils.debug.message("EntityObjectImpl.getAMEntity(): " + "Obtained AMSToreConnection object for SSOToken: " + ssoToken);
}
}
use of com.iplanet.am.sdk.AMStoreConnection in project OpenAM by OpenRock.
the class DirectoryServicesImpl method removeAdminRole.
/**
* Remove group admin role
*
* @param token
* SSOToken of the caller
* @param dn
* group DN
* @param recursive
* true to delete all admin roles for all sub groups or sub
* people container
*/
public void removeAdminRole(SSOToken token, String dn, boolean recursive) throws SSOException, AMException {
SSOTokenManager.getInstance().validateToken(token);
if (debug.messageEnabled()) {
debug.message("DirectoryServicesImpl.removeAdminRole() dn: " + dn + " recursive: " + recursive);
}
// first find out the admin role dn for the group
DN ldapDN = DN.valueOf(dn);
String orgDN = getOrganizationDN(token, ldapDN.parent().toString());
String newdn = dn.replace(',', '_');
String roleNameAttr = getNamingAttribute(AMObject.ROLE);
String roleDN = new StringBuilder().append(roleNameAttr).append("=").append(newdn).append(",").append(orgDN).toString();
Set adminRoles = Collections.EMPTY_SET;
if (recursive) {
String roleSearchFilter = SearchFilterManager.getSearchFilter(AMObject.ROLE, orgDN);
StringBuilder sb = new StringBuilder();
sb.append("(&").append(roleSearchFilter).append("(");
sb.append(roleNameAttr).append("=*").append(newdn).append("))");
adminRoles = search(token, orgDN, sb.toString(), SearchControl.SCOPE_ONE);
} else {
adminRoles = new HashSet();
adminRoles.add(roleDN);
}
Iterator iter = adminRoles.iterator();
while (iter.hasNext()) {
String adminRoleDN = (String) iter.next();
// remove all members from the role
try {
ManagedRole roleObj = (ManagedRole) UMSObject.getObject(token, new Guid(adminRoleDN));
roleObj.removeAllMembers();
// removeEntry(token, adminRoleDN, AMObject.ROLE, false, false);
AMStoreConnection amsc = new AMStoreConnection(internalToken);
AMRole role = amsc.getRole(adminRoleDN);
role.delete(recursive);
} catch (Exception e) {
if (debug.messageEnabled()) {
debug.message("DirectoryServicesImpl.removeAdminRole() " + "Unable to admin roles:", e);
}
}
}
}
use of com.iplanet.am.sdk.AMStoreConnection in project OpenAM by OpenRock.
the class SubjectReferentialIntegrityPlugin method postProcessDelete.
/**
* This implementation would visit all the subjects in policies
* across all orgs/sub-orgs and remove the subject values
* corresponding to the deleted entry DN. After removing an entry from a
* subject, checks if that entry is the only one in the subject to
* remove the subject as well.
*/
public void postProcessDelete(SSOToken token, String entryDN, Map attributes, boolean softDeleteEnabled, int objectType) throws AMPostCallBackException {
try {
if (debug.messageEnabled()) {
debug.message("ReferentialIntegrityPlugin.postProcessDelete()");
}
// check the subject types
Set objectTypes = new HashSet();
objectTypes.add(new Integer(AMObject.USER));
objectTypes.add(new Integer(AMObject.ROLE));
objectTypes.add(new Integer(AMObject.ORGANIZATION));
objectTypes.add(new Integer(AMObject.GROUP));
objectTypes.add(new Integer(AMObject.ASSIGNABLE_DYNAMIC_GROUP));
objectTypes.add(new Integer(AMObject.DYNAMIC_GROUP));
objectTypes.add(new Integer(AMObject.FILTERED_ROLE));
if (objectTypes.contains(new Integer(objectType))) {
String subOrg, policyName, subjectName;
Policy policy;
Subject subject;
Iterator policyIter, subjectIter;
// create a DN for the entry to be deleted
DN entryDName = DN.valueOf(entryDN);
//a connection to the Identity Server data store.
AMStoreConnection dpStore = new AMStoreConnection(token);
DN rootDN = DN.valueOf(SMSEntry.getRootSuffix());
if (debug.messageEnabled()) {
debug.message("Searching for all policies from root DN: " + rootDN.toString());
}
PolicyManager pm = new PolicyManager(token, rootDN.toString());
String org = pm.getOrganizationName();
/**
* find out from org policy config that is the directory
* specified is the local directory
*/
Map configParams = PolicyConfig.getPolicyConfig(org);
String ldapServer = ((String) configParams.get(PolicyConfig.LDAP_SERVER)).toLowerCase();
boolean localDS = PolicyUtils.isLocalDS(ldapServer);
/**
* process IdentityServer Role irrespective of local or
* non-local DS
*/
if (objectType == AMObject.ROLE) {
localDS = true;
}
if (localDS) {
AMOrganization rootOrg = (AMOrganization) dpStore.getOrganization(org);
Set subOrgs = null;
//all orgs/sub-orgs
subOrgs = rootOrg.searchSubOrganizations("*", AMConstants.SCOPE_SUB);
Iterator orgIter = subOrgs.iterator();
while (orgIter.hasNext()) {
subOrg = (String) orgIter.next();
if (debug.messageEnabled()) {
debug.message("Visiting suborg: " + subOrg);
}
PolicyManager pmSubOrg = new PolicyManager(token, subOrg);
// all policies
Set policies = pmSubOrg.getPolicyNames();
policyIter = policies.iterator();
while (policyIter.hasNext()) {
policyName = (String) policyIter.next();
if (debug.messageEnabled()) {
debug.message("policyName: " + policyName);
}
policy = pmSubOrg.getPolicy(policyName);
// referral policies don't have subjects defined
if (!policy.isReferralPolicy()) {
// all subjects
boolean replacePolicy = false;
Set subjectsInPolicy = policy.getSubjectNames();
Set subjects = new HashSet();
subjects.addAll(subjectsInPolicy);
subjectIter = subjects.iterator();
while (subjectIter.hasNext()) {
subjectName = (String) subjectIter.next();
if (debug.messageEnabled()) {
debug.message("subjectName: " + subjectName);
}
subject = policy.getSubject(subjectName);
Set set = subject.getValues();
Iterator ite = set.iterator();
String str = null;
DN strDN = null;
while (ite.hasNext()) {
str = (String) ite.next();
strDN = DN.valueOf(str);
if (entryDName.equals(strDN)) {
replacePolicy = true;
if (debug.messageEnabled()) {
debug.message("DNs match, str:" + str + "entryDN:" + entryDN);
}
set.remove(str);
if (set.isEmpty()) {
policy.removeSubject(subjectName);
if (debug.messageEnabled()) {
debug.message("subjectDeleted:" + subjectName);
}
} else {
subject.setValues(set);
}
break;
}
// match DNs
}
// all subject values in the subject
}
// all subjects in the policy
if (replacePolicy) {
pmSubOrg.replacePolicy(policy);
}
}
// for referral policies
}
// all policies
}
// all orgs
}
// localDS check
}
// objectType check
} catch (PolicyException pe) {
debug.error("ReferentialIntegrityPlugin.postProcessDelete():", pe);
} catch (SSOException sse) {
debug.error("ReferentialIntegrityPlugin.postProcessDelete():", sse);
} catch (Exception e) {
debug.error("ReferentialIntegrityPlugin.postProcessDelete():", e);
}
}
Aggregations