Example 51 with SSOException
use of com.iplanet.sso.SSOException in project OpenAM by OpenRock.
the class OpenSSOCoreTokenStore method updateToken.
/**
* Updates a token.
* @param subject caller subject.
* @param tokenId token.id of the token to be updated.
* @param eTag
* @param newVals
* @throws CoreTokenException
* @throws JSONException
*/
public void updateToken(Subject subject, String tokenId, String eTag, JSONObject newVals) throws CoreTokenException, JSONException {
SSOToken token = SubjectUtils.getSSOToken(subject);
if (token == null) {
throw new CoreTokenException(210, null, 401);
}
String dn = null;
try {
dn = getCoreTokenDN(tokenId);
if (SMSEntry.checkIfEntryExists(dn, token)) {
SMSEntry s = new SMSEntry(token, dn);
String tokenAttrs = getTokenAttributeValueFromSM(s, JSON_ATTR);
JSONObject json = new JSONObject(tokenAttrs);
checkETag(eTag, json, tokenId);
// validate attribute names and convert to lower case
newVals = validateAndToLowerCase(newVals);
// token.id attribute can't be modified
if (newVals.has(CoreTokenConstants.TOKEN_ID)) {
throw new CoreTokenException(221, null, 409);
}
// token.type attribute can't be modified
if (newVals.has(CoreTokenConstants.TOKEN_TYPE)) {
throw new CoreTokenException(224, null, 409);
}
json = updateAttributeValues(json, newVals);
Map<String, Set<String>> map = validateAndCreateMap(tokenId, json);
s.setAttributes(map);
s.save();
} else {
throw new CoreTokenException(203, null, 404);
}
} catch (SMSException e) {
CoreTokenUtils.debug.error("OpenSSOCoreTokenStore.updateToken", e);
throw new CoreTokenException(206, null, e);
} catch (SSOException e) {
CoreTokenUtils.debug.error("OpenSSOCoreTokenStore.updateToken", e);
throw new CoreTokenException(301, null, e);
}
}
Also used :
SSOToken(com.iplanet.sso.SSOToken)
HashSet(java.util.HashSet)
Set(java.util.Set)
JSONObject(org.json.JSONObject)
SMSException(com.sun.identity.sm.SMSException)
CoreTokenException(com.sun.identity.coretoken.CoreTokenException)
SMSEntry(com.sun.identity.sm.SMSEntry)
SSOException(com.iplanet.sso.SSOException)
Example 52 with SSOException
use of com.iplanet.sso.SSOException in project OpenAM by OpenRock.
the class IdentityServicesImpl method search.
/**
* Searches the identity repository to find all identities that match the search criteria.
*
* @param crestQuery A CREST Query object which will contain either a _queryId or a _queryFilter.
* @param searchModifiers The search modifiers
* @param admin Your SSO token.
* @return a list of matching identifiers.
* @throws ResourceException
*/
public List<String> search(CrestQuery crestQuery, Map<String, Set<String>> searchModifiers, SSOToken admin) throws ResourceException {
List<String> rv = new ArrayList<>();
try {
String realm = "/";
String objectType = "User";
if (searchModifiers != null) {
realm = attractValues("realm", searchModifiers, "/");
objectType = attractValues("objecttype", searchModifiers, "User");
}
AMIdentityRepository repo = getRepo(admin, realm);
IdType idType = getIdType(objectType);
if (idType != null) {
List<AMIdentity> objList = fetchAMIdentities(idType, crestQuery, false, repo, searchModifiers);
if (objList != null && !objList.isEmpty()) {
List<String> names = getNames(realm, idType, objList);
if (!names.isEmpty()) {
for (String name : names) {
rv.add(name);
}
}
}
} else {
debug.error("IdentityServicesImpl:search unsupported IdType" + objectType);
throw new BadRequestException("search unsupported IdType: " + objectType);
}
} catch (IdRepoException e) {
debug.error("IdentityServicesImpl:search", e);
throw new InternalServerErrorException(e.getMessage());
} catch (SSOException e) {
debug.error("IdentityServicesImpl:search", e);
throw new InternalServerErrorException(e.getMessage());
} catch (ObjectNotFound e) {
debug.error("IdentityServicesImpl:search", e);
throw new NotFoundException(e.getMessage());
}
return rv;
}
Also used :
ArrayList(java.util.ArrayList)
IdRepoException(com.sun.identity.idm.IdRepoException)
NotFoundException(org.forgerock.json.resource.NotFoundException)
SSOException(com.iplanet.sso.SSOException)
IdType(com.sun.identity.idm.IdType)
ObjectNotFound(com.sun.identity.idsvcs.ObjectNotFound)
AMIdentity(com.sun.identity.idm.AMIdentity)
AMIdentityRepository(com.sun.identity.idm.AMIdentityRepository)
BadRequestException(org.forgerock.json.resource.BadRequestException)
InternalServerErrorException(org.forgerock.json.resource.InternalServerErrorException)
Example 53 with SSOException
use of com.iplanet.sso.SSOException in project OpenAM by OpenRock.
the class IdentityServicesImpl method read.
public IdentityDetails read(String name, Map<String, Set<String>> attributes, SSOToken admin) throws IdServicesException {
IdentityDetails rv = null;
String realm = null;
String repoRealm;
String identityType = null;
List<String> attrsToGet = null;
if (attributes != null) {
for (Attribute attr : asAttributeArray(attributes)) {
String attrName = attr.getName();
if ("realm".equalsIgnoreCase(attrName)) {
String[] values = attr.getValues();
if (values != null && values.length > 0) {
realm = values[0];
}
} else if ("objecttype".equalsIgnoreCase(attrName)) {
String[] values = attr.getValues();
if (values != null && values.length > 0) {
identityType = values[0];
}
} else {
if (attrsToGet == null) {
attrsToGet = new ArrayList<>();
}
attrsToGet.add(attrName);
}
}
}
if (StringUtils.isEmpty(realm)) {
repoRealm = "/";
} else {
repoRealm = realm;
}
if (StringUtils.isEmpty(identityType)) {
identityType = "User";
}
try {
AMIdentity amIdentity = getAMIdentity(admin, identityType, name, repoRealm);
if (amIdentity == null) {
debug.error("IdentityServicesImpl:read identity not found");
throw new ObjectNotFound(name);
}
if (isSpecialUser(amIdentity)) {
throw new AccessDenied("Cannot retrieve attributes for this user.");
}
rv = convertToIdentityDetails(amIdentity, attrsToGet);
if (!StringUtils.isEmpty(realm)) {
// use the realm specified by the request
rv.setRealm(realm);
}
} catch (IdRepoException e) {
debug.error("IdentityServicesImpl:read", e);
mapIdRepoException(e);
} catch (SSOException e) {
debug.error("IdentityServicesImpl:read", e);
throw new GeneralFailure(e.getMessage());
}
return rv;
}
Also used :
Attribute(com.sun.identity.idsvcs.Attribute)
ObjectNotFound(com.sun.identity.idsvcs.ObjectNotFound)
AMIdentity(com.sun.identity.idm.AMIdentity)
ArrayList(java.util.ArrayList)
IdRepoException(com.sun.identity.idm.IdRepoException)
GeneralFailure(com.sun.identity.idsvcs.GeneralFailure)
IdentityDetails(com.sun.identity.idsvcs.IdentityDetails)
SSOException(com.iplanet.sso.SSOException)
AccessDenied(com.sun.identity.idsvcs.AccessDenied)
Example 54 with SSOException
use of com.iplanet.sso.SSOException in project OpenAM by OpenRock.
the class IdentityServicesImpl method delete.
/**
* Deletes an {@code AMIdentity} from the identity repository that match
* the details specified in {@code identity}.
*
* @param identity The identity to delete.
* @param admin The admin token.
* @throws ResourceException If a problem occurs.
*/
public void delete(IdentityDetails identity, SSOToken admin) throws ResourceException {
if (identity == null) {
throw new BadRequestException("delete failed: identity object not specified.");
}
String name = identity.getName();
String identityType = identity.getType();
String realm = identity.getRealm();
if (name == null) {
throw new NotFoundException("delete failed: null object name.");
}
if (realm == null) {
realm = "/";
}
try {
AMIdentity amIdentity = getAMIdentity(admin, identityType, name, realm);
if (amIdentity != null) {
if (isSpecialUser(amIdentity)) {
throw new ForbiddenException("Cannot delete user.");
}
AMIdentityRepository repo = getRepo(admin, realm);
IdType idType = amIdentity.getType();
if (IdType.GROUP.equals(idType) || IdType.ROLE.equals(idType)) {
// First remove users from memberships
Set<AMIdentity> members = getMembers(amIdentity, IdType.USER);
for (AMIdentity member : members) {
try {
removeMember(repo, amIdentity, member);
} catch (IdRepoException ex) {
//ignore this, member maybe already removed.
}
}
}
deleteAMIdentity(repo, amIdentity);
} else {
String msg = "Object \'" + name + "\' of type \'" + identityType + "\' was not found.";
throw new NotFoundException(msg);
}
} catch (IdRepoException ex) {
debug.error("IdentityServicesImpl:delete", ex);
throw RESOURCE_MAPPING_HANDLER.handleError(ex);
} catch (SSOException ex) {
debug.error("IdentityServicesImpl:delete", ex);
throw new BadRequestException(ex.getMessage());
} catch (ObjectNotFound e) {
debug.error("IdentityServicesImpl:delete", e);
throw new NotFoundException(e.getMessage());
}
}
Also used :
ForbiddenException(org.forgerock.json.resource.ForbiddenException)
ObjectNotFound(com.sun.identity.idsvcs.ObjectNotFound)
AMIdentity(com.sun.identity.idm.AMIdentity)
AMIdentityRepository(com.sun.identity.idm.AMIdentityRepository)
IdRepoException(com.sun.identity.idm.IdRepoException)
BadRequestException(org.forgerock.json.resource.BadRequestException)
NotFoundException(org.forgerock.json.resource.NotFoundException)
SSOException(com.iplanet.sso.SSOException)
IdType(com.sun.identity.idm.IdType)
Example 55 with SSOException
use of com.iplanet.sso.SSOException in project OpenAM by OpenRock.
the class LDAPUsers method getUserDN.
/**
* Gets the DN for a user identified
* by the token. If the Directory server is locally installed to speed
* up the search, no directoty search is performed and the DN obtained
* from the token is returned. If the directory is remote
* a LDAP search is performed to get the user DN.
*/
private DN getUserDN(SSOToken token) throws SSOException, PolicyException {
Set<String> qualifiedUserDNs = new HashSet<>();
String userLocalDN = token.getPrincipal().getName();
DN userDN = null;
if (localDS && !PolicyUtils.principalNameEqualsUuid(token)) {
userDN = DN.valueOf(userLocalDN);
} else {
// try to figure out the user name from the local user DN
int beginIndex = userLocalDN.indexOf("=");
int endIndex = userLocalDN.indexOf(",");
if ((beginIndex <= 0) || (endIndex <= 0) || (beginIndex >= endIndex)) {
throw (new PolicyException(ResBundleUtils.rbName, "ldapusers_subject_invalid_local_user_dn", null, null));
}
String userName = userLocalDN.substring(beginIndex + 1, endIndex);
String searchFilter = null;
if ((userSearchFilter != null) && !(userSearchFilter.length() == 0)) {
searchFilter = "(&" + userSearchFilter + PolicyUtils.constructUserFilter(token, userRDNAttrName, userName, aliasEnabled) + ")";
} else {
searchFilter = PolicyUtils.constructUserFilter(token, userRDNAttrName, userName, aliasEnabled);
}
if (debug.messageEnabled()) {
debug.message("LDAPUsers.getUserDN(): search filter is: " + searchFilter);
}
String[] attrs = { userRDNAttrName };
// search the remote ldap and find out the user DN
try (Connection ld = connPool.getConnection()) {
ConnectionEntryReader res = search(searchFilter, ld, attrs);
while (res.hasNext()) {
try {
SearchResultEntry entry = res.readEntry();
qualifiedUserDNs.add(entry.getName().toString());
} catch (SearchResultReferenceIOException e) {
// ignore referrals
continue;
} catch (LdapException e) {
String[] objs = { orgName };
ResultCode resultCode = e.getResult().getResultCode();
if (resultCode.equals(ResultCode.SIZE_LIMIT_EXCEEDED)) {
debug.warning("LDAPUsers.getUserDN(): exceeded the size limit");
throw new PolicyException(ResBundleUtils.rbName, "ldap_search_exceed_size_limit", objs, null);
} else if (resultCode.equals(ResultCode.TIME_LIMIT_EXCEEDED)) {
debug.warning("LDAPUsers.getUserDN(): exceeded the time limit");
throw new PolicyException(ResBundleUtils.rbName, "ldap_search_exceed_time_limit", objs, null);
} else {
throw new PolicyException(e);
}
}
}
} catch (LdapException e) {
throw handleResultException(e);
} catch (Exception e) {
throw new PolicyException(e);
}
// check if the user belongs to any of the selected users
if (qualifiedUserDNs.size() > 0) {
debug.message("LDAPUsers.getUserDN(): qualified users={}", qualifiedUserDNs);
Iterator<String> iter = qualifiedUserDNs.iterator();
// we only take the first qualified DN
userDN = DN.valueOf(iter.next());
}
}
return userDN;
}
Also used :
Connection(org.forgerock.opendj.ldap.Connection)
DN(org.forgerock.opendj.ldap.DN)
ByteString(org.forgerock.opendj.ldap.ByteString)
SearchResultReferenceIOException(org.forgerock.opendj.ldap.SearchResultReferenceIOException)
LdapException(org.forgerock.opendj.ldap.LdapException)
NameNotFoundException(com.sun.identity.policy.NameNotFoundException)
PolicyException(com.sun.identity.policy.PolicyException)
InvalidNameException(com.sun.identity.policy.InvalidNameException)
SSOException(com.iplanet.sso.SSOException)
SearchResultReferenceIOException(org.forgerock.opendj.ldap.SearchResultReferenceIOException)
ConnectionEntryReader(org.forgerock.opendj.ldif.ConnectionEntryReader)
PolicyException(com.sun.identity.policy.PolicyException)
LdapException(org.forgerock.opendj.ldap.LdapException)
ResultCode(org.forgerock.opendj.ldap.ResultCode)
HashSet(java.util.HashSet)
SearchResultEntry(org.forgerock.opendj.ldap.responses.SearchResultEntry)
Aggregations
SSOException (com.iplanet.sso.SSOException)1002
SMSException (com.sun.identity.sm.SMSException)553
Set (java.util.Set)374
SSOToken (com.iplanet.sso.SSOToken)336
IdRepoException (com.sun.identity.idm.IdRepoException)291
HashSet (java.util.HashSet)289
Map (java.util.Map)223
HashMap (java.util.HashMap)205
AMIdentity (com.sun.identity.idm.AMIdentity)193
Iterator (java.util.Iterator)189
CLIException (com.sun.identity.cli.CLIException)170
AMConsoleException (com.sun.identity.console.base.model.AMConsoleException)126
ServiceConfig (com.sun.identity.sm.ServiceConfig)126
IOutput (com.sun.identity.cli.IOutput)121
ServiceSchemaManager (com.sun.identity.sm.ServiceSchemaManager)104
ServiceSchema (com.sun.identity.sm.ServiceSchema)101
ServiceConfigManager (com.sun.identity.sm.ServiceConfigManager)93
AMIdentityRepository (com.sun.identity.idm.AMIdentityRepository)88
IOException (java.io.IOException)65
PolicyException (com.sun.identity.policy.PolicyException)62
