Search in sources :

Example 1 with IDirectoryServices

use of com.iplanet.am.sdk.common.IDirectoryServices in project OpenAM by OpenRock.

the class AMSDKRepo method setAttributes.

/**
     * Sets the Attributes of the named identity. the single sign on
     * token must have the necessary permission to set the attributes.
     *
     * @param token
     *            single sign on token for this operation.
     * @param type
     *            type of the identity
     * @param name
     *            name of the identity
     * @param attributes
     *            attributes to set.
     * @param isAdd
     *            should attributes values be added to existing values.
     * @throws IdRepoException
     *             if there are repository related error conditions.
     * @throws SSOException
     *             if user's single sign on token is invalid.
     */
public void setAttributes(SSOToken token, IdType type, String name, Map attributes, boolean isAdd) throws IdRepoException, SSOException {
    if (debug.messageEnabled()) {
        if (attributes.containsKey("userpassword")) {
            AMHashMap removedPasswd = new AMHashMap();
            removedPasswd.copy(attributes);
            removedPasswd.remove("userpassword");
            removedPasswd.put("userpassword", "xxx...");
            debug.message("AMSDKRepo: setAttributes called" + type + ": " + name + ": " + removedPasswd);
        } else {
            debug.message("AMSDKRepo: setAttributes called" + type + ": " + name + ": " + attributes);
        }
    }
    if (attributes == null || attributes.isEmpty()) {
        throw new IdRepoException(IdRepoBundle.BUNDLE_NAME, IdRepoErrorCode.ILLEGAL_ARGUMENTS, null);
    }
    String dn = getDN(type, name);
    int profileType = getProfileType(type);
    try {
        if (adminToken != null) {
            token = adminToken;
        }
        IDirectoryServices dsServices = AMDirectoryAccessFactory.getDirectoryServices();
        dsServices.setAttributes(token, dn, profileType, attributes, null, false);
    } catch (AMException ame) {
        debug.error("AMSDKRepo.setAttributes: Unable to set attributes", ame);
        String ldapError = ame.getLDAPErrorCode();
        String errorMessage = ame.getMessage();
        int errCode = Integer.parseInt(ldapError);
        if (ResultCode.CONSTRAINT_VIOLATION.equals(ResultCode.valueOf(errCode))) {
            Object[] args = { this.getClass().getName(), ldapError, errorMessage };
            //as it breaks password policy for password length.
            throw new IdRepoFatalException(IdRepoBundle.BUNDLE_NAME, IdRepoErrorCode.LDAP_EXCEPTION, ResultCode.CONSTRAINT_VIOLATION, args);
        } else {
            throw IdUtils.convertAMException(ame);
        }
    }
}
Also used : IDirectoryServices(com.iplanet.am.sdk.common.IDirectoryServices) IdRepoException(com.sun.identity.idm.IdRepoException) IdRepoFatalException(com.sun.identity.idm.IdRepoFatalException)

Example 2 with IDirectoryServices

use of com.iplanet.am.sdk.common.IDirectoryServices in project OpenAM by OpenRock.

the class ACIEventListener method entryChanged.

/**
     * This method will be invoked by the <code>EventService</code> if the
     * events for which this listener registered has been triggered. Since this
     * listener is interested in modifications with respect to ACI's it
     * identifies the DN's affected by this event and sends a notification to
     * the <code>AMObjectImpl</code> by calling the appropriate method.
     * Usually all the DN's whose have a suffix of this DN of this event will
     * get affected
     * <p>
     * 
     * @param dsEvent
     *            <code>DSEvent</code> object generated by the
     *            <code>EventService</code>.
     */
public void entryChanged(DSEvent dsEvent) {
    if (debug.messageEnabled()) {
        debug.message("ACIEventListener.entryChanged() DSEvent for dn: " + dsEvent.getID());
    }
    // Should not get cos related aci changes events here. But check anyway.
    String objClasses = dsEvent.getClassName();
    if ((objClasses.indexOf("cosClassicDefinition") != -1) || (objClasses.indexOf("costemplate") != -1)) {
        // Ignore Event.COS entries should'nt contain ACI's
        return;
    }
    String affectedDNs = LDAPUtils.formatToRFC(dsEvent.getID());
    IDirectoryServices dsServices = DirectoryServicesFactory.getInstance();
    if (DirectoryServicesFactory.isCachingEnabled()) {
        ((ICachedDirectoryServices) dsServices).dirtyCache(affectedDNs, dsEvent.getEventType(), false, true, Collections.EMPTY_SET);
    }
    // Call Listeners
    synchronized (listeners) {
        Set keys = listeners.keySet();
        for (Iterator items = keys.iterator(); items.hasNext(); ) {
            AMObjectListener listener = (AMObjectListener) items.next();
            if (dsEvent.getEventType() == DSEvent.OBJECT_CHANGED) {
                listener.permissionsChanged(dsEvent.getID(), (Map) listeners.get(listener));
            } else {
                listener.objectChanged(affectedDNs, dsEvent.getEventType(), (Map) listeners.get(listener));
            }
        }
    }
}
Also used : IDirectoryServices(com.iplanet.am.sdk.common.IDirectoryServices) Set(java.util.Set) AMObjectListener(com.iplanet.am.sdk.AMObjectListener) Iterator(java.util.Iterator) ICachedDirectoryServices(com.iplanet.am.sdk.common.ICachedDirectoryServices)

Example 3 with IDirectoryServices

use of com.iplanet.am.sdk.common.IDirectoryServices in project OpenAM by OpenRock.

the class EntryEventListener method entryChanged.

/**
     * This method will be invoked by the <code>EventService</code> if the
     * events for which this listener registered has been triggered. Since this
     * listener is interested in modifications/deletions/renaming of normal
     * directory entires, it identifies the distinguished names affected by this
     * event and sends a notification to the <code>AMObjectImpl</code> by
     * calling the appropriate method.
     * 
     * @param dsEvent
     *            <code>DSEvent</code> object generated by the
     *            <code>EventService</code>.
     */
public void entryChanged(DSEvent dsEvent) {
    // Get the "dn" responsible for the event
    DN dn = DN.valueOf(dsEvent.getID());
    String normalizedDN = dn.toString().toLowerCase();
    if (debug.messageEnabled()) {
        debug.message("EntryEventListener.entryChanged(): DSEvent " + "generated for: " + dn);
    }
    // Check if the event was caused by changes/deletions to cos entries
    // (cosdefinitions & costemplates) and figure out the affected dn
    // subtree. Parse the dn in case of cos related events to find out the
    // affected subtree of dns Examples of costemplate dn:
    // "cn="cn=RoleThree,o=hp.com,o=vortex.com",cn=nsCalUser,
    // o=hp.com,o=vortex.com"
    // affectDNs will be all those which suffix match
    // "o=hp.com,o=vortex.com"
    // Examples of cosdefintion dn:
    // "cn=nsCalUser,o=hp.com,o=vortex.com";
    // affectDNs => "o=hp.com,o=vortex.com"
    boolean cosType = true;
    String affectDNs = "";
    Set attrNames = Collections.EMPTY_SET;
    String serviceName = null;
    String objClasses = dsEvent.getClassName();
    if (objClasses.indexOf("cosClassicDefinition") != -1) {
        // COS
        // definition
        affectDNs = dn.parent().toString().toLowerCase();
        // Get the serviceName this applies to, and get the attribute
        // names of this service which impact the DNs.
        serviceName = LDAPUtils.rdnValueFromDn(dn);
        attrNames = getDynamicAttributeNames(serviceName);
        if (debug.messageEnabled()) {
            debug.message("EntryEventListener.entryChanged() " + "Cos Definition changed for service: " + serviceName + "Dynamic Attributes: " + attrNames);
        }
    } else if (objClasses.indexOf("costemplate") != -1) {
        // COS template
        affectDNs = dn.parent().parent().toString().toLowerCase();
        serviceName = LDAPUtils.rdnValueFromDn(dn.parent());
        attrNames = getDynamicAttributeNames(serviceName);
        if (debug.messageEnabled()) {
            debug.message("EntryEventListener." + "entryChanged()" + "Cos template changed for service: " + serviceName + "Dynamic Attributes: " + attrNames);
        }
    } else {
        // Not cos related - only a single dn affected
        cosType = false;
        affectDNs = normalizedDN;
    }
    if (debug.messageEnabled()) {
        debug.message("EntryEventListener.entryChanged(): Affected dn: " + affectDNs + " cosType: " + cosType);
    }
    IDirectoryServices dsServices = DirectoryServicesFactory.getInstance();
    // Call the listeners
    synchronized (listeners) {
        Set keys = listeners.keySet();
        for (Iterator items = keys.iterator(); items.hasNext(); ) {
            AMObjectListener listener = (AMObjectListener) items.next();
            Map configMap = (Map) listeners.get(listener);
            if (cosType) {
                // removed for user entries as well the affected template
                if (DirectoryServicesFactory.isCachingEnabled()) {
                    ((ICachedDirectoryServices) dsServices).dirtyCache(affectDNs, dsEvent.getEventType(), true, false, attrNames);
                    ((ICachedDirectoryServices) dsServices).dirtyCache(normalizedDN, dsEvent.getEventType(), false, false, Collections.EMPTY_SET);
                }
                listener.objectsChanged(affectDNs, dsEvent.getEventType(), attrNames, configMap);
                // first call removes the attributes. now remove
                // the template.
                listener.objectChanged(normalizedDN, dsEvent.getEventType(), configMap);
            } else {
                if (DirectoryServicesFactory.isCachingEnabled()) {
                    ((ICachedDirectoryServices) dsServices).dirtyCache(affectDNs, dsEvent.getEventType(), false, false, Collections.EMPTY_SET);
                }
                listener.objectChanged(affectDNs, dsEvent.getEventType(), configMap);
            }
        }
    }
}
Also used : IDirectoryServices(com.iplanet.am.sdk.common.IDirectoryServices) Set(java.util.Set) AMObjectListener(com.iplanet.am.sdk.AMObjectListener) Iterator(java.util.Iterator) DN(org.forgerock.opendj.ldap.DN) ICachedDirectoryServices(com.iplanet.am.sdk.common.ICachedDirectoryServices) HashMap(java.util.HashMap) Map(java.util.Map)

Example 4 with IDirectoryServices

use of com.iplanet.am.sdk.common.IDirectoryServices in project OpenAM by OpenRock.

the class AMSDKRepo method getAttributes.

/*
     * (non-Javadoc)
     *
     * @see com.sun.identity.idm.IdRepo#getAttributes(com.iplanet.sso.SSOToken,
     *      com.sun.identity.idm.IdType, java.lang.String, java.util.Set)
     */
public Map getAttributes(SSOToken token, IdType type, String name, Set attrNames) throws IdRepoException, SSOException {
    AMStoreConnection amsc = (sc == null) ? new AMStoreConnection(token) : sc;
    String dn = getDN(type, name);
    int profileType = getProfileType(type);
    if (debug.messageEnabled()) {
        debug.message("AMSDKIdRepo: getAttributes called" + ": " + type + ": " + name + " DN: '" + dn + "'");
    }
    // Use adminToken if present
    if (adminToken != null) {
        token = adminToken;
    }
    try {
        if (amsc.isValidEntry(dn)) {
            IDirectoryServices dsServices = AMDirectoryAccessFactory.getDirectoryServices();
            return dsServices.getAttributes(token, dn, attrNames, false, false, profileType);
        } else {
            Object[] args = { name };
            throw new IdRepoException(IdRepoBundle.BUNDLE_NAME, IdRepoErrorCode.NOT_VALID_ENTRY, args);
        }
    } catch (AMException ame) {
        debug.error("AMSDKRepo.getAttributes(): AMException ", ame);
        throw IdUtils.convertAMException(ame);
    }
}
Also used : IDirectoryServices(com.iplanet.am.sdk.common.IDirectoryServices) IdRepoException(com.sun.identity.idm.IdRepoException)

Example 5 with IDirectoryServices

use of com.iplanet.am.sdk.common.IDirectoryServices in project OpenAM by OpenRock.

the class AMSDKRepo method unassignService.

public void unassignService(SSOToken token, IdType type, String name, String serviceName, Map attrMap) throws IdRepoException, SSOException {
    if (type.equals(IdType.AGENT) || type.equals(IdType.GROUP)) {
        Object[] args = { this.getClass().getName() };
        throw new IdRepoUnsupportedOpException(IdRepoBundle.BUNDLE_NAME, IdRepoErrorCode.SERVICES_NOT_SUPPORTED_FOR_AGENTS_AND_GROUPS, args);
    }
    // Use adminToken if present
    if (adminToken != null) {
        token = adminToken;
    }
    if (type.equals(IdType.USER)) {
        // Get the object classes that need to be remove from Service Schema
        Set removeOCs = (Set) attrMap.get("objectclass");
        Set attrNameSet = new HashSet();
        attrNameSet.add("objectclass");
        Map objectClassesMap = getAttributes(token, type, name, attrNameSet);
        Set OCValues = (Set) objectClassesMap.get("objectclass");
        removeOCs = AMCommonUtils.updateAndGetRemovableOCs(OCValues, removeOCs);
        // Get the attributes that need to be removed
        Set removeAttrs = new HashSet();
        Iterator iter1 = removeOCs.iterator();
        while (iter1.hasNext()) {
            String oc = (String) iter1.next();
            IDirectoryServices dsServices = AMDirectoryAccessFactory.getDirectoryServices();
            Set attrs = dsServices.getAttributesForSchema(oc);
            Iterator iter2 = attrs.iterator();
            while (iter2.hasNext()) {
                String attrName = (String) iter2.next();
                removeAttrs.add(attrName.toLowerCase());
            }
        }
        // Will be AMHashMap, So the attr names will be in lower case
        Map avPair = getAttributes(token, type, name);
        Iterator itr = avPair.keySet().iterator();
        while (itr.hasNext()) {
            String attrName = (String) itr.next();
            if (removeAttrs.contains(attrName)) {
                try {
                    // remove attribute one at a time, so if the first
                    // one fails, it will keep continue to remove
                    // other attributes.
                    Map tmpMap = new AMHashMap();
                    tmpMap.put(attrName, Collections.EMPTY_SET);
                    setAttributes(token, type, name, tmpMap, false);
                } catch (Exception ex) {
                    if (debug.messageEnabled()) {
                        debug.message("AMUserImpl.unassignServices()" + "Error occured while removing attribute: " + attrName);
                    }
                }
            }
        }
        // Now update the object class attribute
        Map tmpMap = new AMHashMap();
        tmpMap.put("objectclass", OCValues);
        setAttributes(token, type, name, tmpMap, false);
    } else if (type.equals(IdType.ROLE)) {
        try {
            AMStoreConnection amsc = (sc == null) ? new AMStoreConnection(token) : sc;
            String roleDN = getDN(type, name);
            AMRole role = amsc.getRole(roleDN);
            AMTemplate templ = role.getTemplate(serviceName, AMTemplate.DYNAMIC_TEMPLATE);
            if (templ != null && templ.isExists()) {
                templ.delete();
            }
        /*
                 * amdm.unRegisterService(token, orgDN, AMObject.ORGANIZATION,
                 * serviceName, AMTemplate.DYNAMIC_TEMPLATE);
                 */
        } catch (AMException ame) {
            debug.error("AMSDKRepo.unassignService: Caught AMException", ame);
            throw IdUtils.convertAMException(ame);
        }
    } else if (type.equals(IdType.FILTEREDROLE) || type.equals(IdType.REALM)) {
        try {
            AMStoreConnection amsc = (sc == null) ? new AMStoreConnection(token) : sc;
            String roleDN = getDN(type, name);
            AMFilteredRole role = amsc.getFilteredRole(roleDN);
            AMTemplate templ = role.getTemplate(serviceName, AMTemplate.DYNAMIC_TEMPLATE);
            if (templ != null && templ.isExists()) {
                templ.delete();
            }
        /*
                 * amdm.unRegisterService(token, orgDN, AMObject.ORGANIZATION,
                 * serviceName, AMTemplate.DYNAMIC_TEMPLATE);
                 */
        } catch (AMException ame) {
            debug.error("AMSDKRepo.unassignService: Caught AMException", ame);
            throw IdUtils.convertAMException(ame);
        }
    } else {
        Object[] args = { this.getClass().getName() };
        throw new IdRepoUnsupportedOpException(IdRepoBundle.BUNDLE_NAME, IdRepoErrorCode.SERVICES_NOT_SUPPORTED_FOR_AGENTS_AND_GROUPS, args);
    }
}
Also used : Set(java.util.Set) HashSet(java.util.HashSet) IdRepoUnsupportedOpException(com.sun.identity.idm.IdRepoUnsupportedOpException) IdRepoFatalException(com.sun.identity.idm.IdRepoFatalException) AuthLoginException(com.sun.identity.authentication.spi.AuthLoginException) SSOException(com.iplanet.sso.SSOException) LDAPServiceException(com.iplanet.services.ldap.LDAPServiceException) IdRepoException(com.sun.identity.idm.IdRepoException) SMSException(com.sun.identity.sm.SMSException) LDAPUtilException(org.forgerock.openam.ldap.LDAPUtilException) InvalidPasswordException(com.sun.identity.authentication.spi.InvalidPasswordException) IDirectoryServices(com.iplanet.am.sdk.common.IDirectoryServices) IdRepoUnsupportedOpException(com.sun.identity.idm.IdRepoUnsupportedOpException) Iterator(java.util.Iterator) Map(java.util.Map) HashMap(java.util.HashMap) CaseInsensitiveHashMap(com.sun.identity.common.CaseInsensitiveHashMap) HashSet(java.util.HashSet)

Aggregations

IDirectoryServices (com.iplanet.am.sdk.common.IDirectoryServices)15 IdRepoException (com.sun.identity.idm.IdRepoException)6 Set (java.util.Set)6 Iterator (java.util.Iterator)5 AMObjectListener (com.iplanet.am.sdk.AMObjectListener)4 ICachedDirectoryServices (com.iplanet.am.sdk.common.ICachedDirectoryServices)4 Map (java.util.Map)4 SSOException (com.iplanet.sso.SSOException)3 IdRepoUnsupportedOpException (com.sun.identity.idm.IdRepoUnsupportedOpException)3 HashMap (java.util.HashMap)3 HashSet (java.util.HashSet)3 CaseInsensitiveHashMap (com.sun.identity.common.CaseInsensitiveHashMap)2 IdRepoFatalException (com.sun.identity.idm.IdRepoFatalException)2 SMSException (com.sun.identity.sm.SMSException)2 DN (org.forgerock.opendj.ldap.DN)2 AMEventManagerException (com.iplanet.am.sdk.AMEventManagerException)1 AMException (com.iplanet.am.sdk.AMException)1 AMObject (com.iplanet.am.sdk.AMObject)1 LDAPServiceException (com.iplanet.services.ldap.LDAPServiceException)1 AuthLoginException (com.sun.identity.authentication.spi.AuthLoginException)1