Examples with SSOException com.iplanet.sso.SSOException used on opensource projects

Example 61 with SSOException

use of com.iplanet.sso.SSOException in project OpenAM by OpenRock.

the class LDAPGroups method getUserDN.

/**
     * Get the full DN for the user using the RDN against the
     * LDAP server configured in the policy config service.
     */
private DN getUserDN(String userRDN) throws SSOException, PolicyException {
    DN userDN = null;
    if (userRDN != null) {
        Set<String> qualifiedUserDNs = new HashSet<>();
        String searchFilter = null;
        if ((userSearchFilter != null) && !(userSearchFilter.length() == 0)) {
            searchFilter = "(&" + userSearchFilter + userRDN + ")";
        } else {
            searchFilter = userRDN;
        }
        if (debug.messageEnabled()) {
            debug.message("LDAPGroups.getUserDN(): search filter is: " + searchFilter);
        }
        String[] attrs = { userRDNAttrName };
        try (Connection conn = connPool.getConnection()) {
            SearchRequest searchRequest = LDAPRequests.newSearchRequest(baseDN, userSearchScope, searchFilter, attrs);
            ConnectionEntryReader reader = conn.search(searchRequest);
            while (reader.hasNext()) {
                if (reader.isReference()) {
                    //Ignore
                    reader.readReference();
                } else {
                    SearchResultEntry entry = reader.readEntry();
                    if (entry != null) {
                        qualifiedUserDNs.add(entry.getName().toString());
                    }
                }
            }
        } catch (LdapException le) {
            ResultCode resultCode = le.getResult().getResultCode();
            if (ResultCode.SIZE_LIMIT_EXCEEDED.equals(resultCode)) {
                String[] objs = { orgName };
                debug.warning("LDAPGroups.isMember(): exceeded the size limit");
                throw new PolicyException(ResBundleUtils.rbName, "ldap_search_exceed_size_limit", objs, null);
            } else if (ResultCode.TIME_LIMIT_EXCEEDED.equals(resultCode)) {
                String[] objs = { orgName };
                debug.warning("LDAPGroups.isMember(): exceeded the time limit");
                throw new PolicyException(ResBundleUtils.rbName, "ldap_search_exceed_time_limit", objs, null);
            } else if (ResultCode.INVALID_CREDENTIALS.equals(resultCode)) {
                throw new PolicyException(ResBundleUtils.rbName, "ldap_invalid_password", null, null);
            } else if (ResultCode.NO_SUCH_OBJECT.equals(resultCode)) {
                String[] objs = { baseDN };
                throw new PolicyException(ResBundleUtils.rbName, "no_such_ldap_base_dn", objs, null);
            }
            String errorMsg = le.getMessage();
            String additionalMsg = le.getResult().getDiagnosticMessage();
            if (additionalMsg != null) {
                throw new PolicyException(errorMsg + ": " + additionalMsg);
            } else {
                throw new PolicyException(errorMsg);
            }
        } catch (Exception e) {
            throw new PolicyException(e);
        }
        // check if the user belongs to any of the selected groups
        if (qualifiedUserDNs.size() > 0) {
            debug.message("LDAPGroups.getUserDN(): qualified users={}", qualifiedUserDNs);
            Iterator<String> iter = qualifiedUserDNs.iterator();
            // we only take the first qualified DN if the DN
            userDN = DN.valueOf(iter.next());
        }
    }
    return userDN;
}

Example 62 with SSOException

use of com.iplanet.sso.SSOException in project OpenAM by OpenRock.

the class SessionCondition method getConditionDecision.

/**
     * Gets the decision computed by this condition object, based on the 
     * map of environment parameters or the user token. If the value of
     * <code>TERMINATE_SESSION</code> is true and the condition
     * evaluation is false, it terminates the user session.
     *
     * @param token single-sign-on token of the user
     * @param env request specific environment map of key/value pair. This
     *        condition looks for value of key
     *        <code>REQUEST_SESSION_CREATION_TIME</code> in the map. And the
     *        value should be a <code>Long</code>. If the <code>env</code> is
     *        null of does not define value for
     *        <code>REQUEST_SESSION_CREATION_TIME</code>, the
     *        value will be obtained from SSO token of the user
     * @return The condition decision. The condition decision encapsulates
     *         whether a policy applies for the request and advice messages 
     *         generated by the condition.
     *         Policy framework continues evaluating a policy only if it
     *         applies to the request as indicated by the condition decision.
     *         Otherwise, further evaluation of the policy is skipped.
     *         However, the advice messages encapsulated in the
     *         condition decision are aggregated and passed up, encapsulated in
     *         the policy decision
     *
     * @throws PolicyException if the condition has not been initialized
     * @throws SSOException if the SSO token is invalid or there is error when
               trying to destroy the SSO token
     *
     * @see com.sun.identity.policy.ConditionDecision
     */
public ConditionDecision getConditionDecision(SSOToken token, Map env) throws PolicyException, SSOException {
    boolean allowed = false;
    Long requestSessionCreationTime = null;
    if (token == null) {
        return new ConditionDecision(true, Long.MAX_VALUE);
    }
    if (env != null) {
        try {
            requestSessionCreationTime = (Long) env.get(REQUEST_SESSION_CREATION_TIME);
        } catch (ClassCastException e) {
            String[] args = { REQUEST_SESSION_CREATION_TIME };
            throw new PolicyException(ResBundleUtils.rbName, "property_is_not_a_Long", args, null);
        }
    }
    long tokenCreationTime;
    if (requestSessionCreationTime != null) {
        tokenCreationTime = requestSessionCreationTime.longValue();
    } else {
        try {
            tokenCreationTime = (DateUtils.stringToDate(token.getProperty(SSOTOKEN_PROPERTY_AUTHINSTANT))).getTime();
        } catch (ParseException e) {
            throw new PolicyException(ResBundleUtils.rbName, "unable_to_parse_ssotoken_authinstant", null, e);
        }
    }
    long currentTime = System.currentTimeMillis();
    long timeToLive = Long.MAX_VALUE;
    long expiredTime = tokenCreationTime + maxSessionTime;
    if (debug.messageEnabled()) {
        debug.message(new StringBuffer("SessionCondition.getConditionDecision():").append("\n  currentTime: ").append(currentTime).append("\n  expiredTime: ").append(expiredTime).toString());
    }
    ConditionDecision conditionDecision = null;
    if (currentTime < expiredTime) {
        allowed = true;
        timeToLive = expiredTime;
        conditionDecision = new ConditionDecision(allowed, timeToLive);
    } else {
        Map advices = new HashMap(1);
        Set adviceMessages = null;
        if (terminateSession) {
            // set advice message
            adviceMessages = new HashSet(2);
            adviceMessages.add(ADVICE_DENY);
            adviceMessages.add(ADVICE_TERMINATE_SESSION);
            // terminate token session
            try {
                SSOTokenManager.getInstance().destroyToken(token);
                if (debug.messageEnabled()) {
                    debug.message("SessionCondition.getConditionDecision(): " + "successfully terminated user session!");
                }
            } catch (SSOException ssoEx) {
                if (debug.warningEnabled()) {
                    debug.warning("SessionCondition.getConditionDecision(): " + "failed to terminate user session!", ssoEx);
                }
            }
        } else {
            // set advice message
            adviceMessages = new HashSet(1);
            adviceMessages.add(ADVICE_DENY);
        }
        advices.put(SESSION_CONDITION_ADVICE, adviceMessages);
        conditionDecision = new ConditionDecision(allowed, timeToLive, advices);
    }
    return conditionDecision;
}

Example 63 with SSOException

use of com.iplanet.sso.SSOException in project OpenAM by OpenRock.

the class ResourceTypeConfigurationImpl method containsUUID.

/**
     * {@inheritDoc}
     */
@Override
public boolean containsUUID(Subject subject, String realm, String uuid) throws EntitlementException {
    final ServiceConfig resourceTypeConf;
    try {
        final ServiceConfig subOrgConfig = resourceTypeServiceConfig.getOrgConfig(subject, realm).getSubConfig(CONFIG_RESOURCE_TYPES);
        if (subOrgConfig == null) {
            return false;
        }
        resourceTypeConf = subOrgConfig.getSubConfig(uuid);
    } catch (SMSException ex) {
        PrivilegeManager.debug.error("ResourceTypeConfiguration.containsUUID", ex);
        throw new EntitlementException(RESOURCE_TYPE_RETRIEVAL_ERROR, ex, realm);
    } catch (SSOException ex) {
        PrivilegeManager.debug.error("ResourceTypeConfiguration.containsUUID", ex);
        throw new EntitlementException(RESOURCE_TYPE_RETRIEVAL_ERROR, ex, realm);
    }
    return resourceTypeConf != null && resourceTypeConf.exists();
}

Example 64 with SSOException

use of com.iplanet.sso.SSOException in project OpenAM by OpenRock.

the class ResourceTypeConfigurationImpl method containsName.

/**
     * {@inheritDoc}
     */
@Override
public boolean containsName(Subject subject, String realm, String name) throws EntitlementException {
    try {
        final ServiceConfig subOrgConfig = resourceTypeServiceConfig.getOrgConfig(subject, realm).getSubConfig(CONFIG_RESOURCE_TYPES);
        if (subOrgConfig == null) {
            return false;
        }
        final Set<String> configNames = subOrgConfig.getSubConfigNames();
        for (String configName : configNames) {
            if (name.equalsIgnoreCase(getAttribute(subOrgConfig.getSubConfig(configName).getAttributes(), CONFIG_NAME))) {
                return true;
            }
        }
    } catch (SMSException ex) {
        PrivilegeManager.debug.error("ResourceTypeConfiguration.containsName", ex);
        throw new EntitlementException(RESOURCE_TYPE_RETRIEVAL_ERROR, ex, realm);
    } catch (SSOException ex) {
        PrivilegeManager.debug.error("ResourceTypeConfiguration.containsName", ex);
        throw new EntitlementException(RESOURCE_TYPE_RETRIEVAL_ERROR, ex, realm);
    }
    return false;
}

Example 65 with SSOException

use of com.iplanet.sso.SSOException in project OpenAM by OpenRock.

the class ResourceTypeConfigurationImpl method getResourceTypesData.

@Override
public Map<String, Map<String, Set<String>>> getResourceTypesData(Subject subject, String realm) throws EntitlementException {
    final Map<String, Map<String, Set<String>>> configData = new HashMap<String, Map<String, Set<String>>>();
    try {
        final ServiceConfig subOrgConfig = resourceTypeServiceConfig.getOrgConfig(subject, realm).getSubConfig(CONFIG_RESOURCE_TYPES);
        if (subOrgConfig == null) {
            return configData;
        }
        final Set<String> uuids = subOrgConfig.getSubConfigNames();
        for (String uuid : uuids) {
            configData.put(uuid, subOrgConfig.getSubConfig(uuid).getAttributesForRead());
        }
    } catch (SMSException ex) {
        PrivilegeManager.debug.error("ResourceTypeConfiguration.getResourceTypesData", ex);
        throw new EntitlementException(RESOURCE_TYPE_RETRIEVAL_ERROR, ex, realm);
    } catch (SSOException ex) {
        PrivilegeManager.debug.error("ResourceTypeConfiguration.getResourceTypesData", ex);
        throw new EntitlementException(RESOURCE_TYPE_RETRIEVAL_ERROR, ex, realm);
    }
    return configData;
}