Search in sources :

Example 76 with SSOException

use of com.iplanet.sso.SSOException in project OpenAM by OpenRock.

the class UpgradeLegacySTSStep method determineDefaultLegacySTSSharedAgentRemoval.

private void determineDefaultLegacySTSSharedAgentRemoval() throws UpgradeException {
    try {
        ServiceConfig baseService = getOrganizationConfigForAgentService(ROOT_REALM);
        Set<String> subConfigNames = baseService.getSubConfigNames();
        if (subConfigNames.contains(LEGACY_STS_RELATED_SHARED_AGENT_NAME)) {
            final ServiceConfig agentInstance = baseService.getSubConfig(LEGACY_STS_RELATED_SHARED_AGENT_NAME);
            if (SHARED_AGENT_SCHEMA_ID.equals(agentInstance.getSchemaID())) {
                Map<String, Set<String>> attributes = agentInstance.getAttributesWithoutDefaultsForRead();
                if (attributes != null) {
                    Set<String> sharedSet = attributes.get(AGENTS_ALLOWED_TO_READ_ATTRIBUTE);
                    if ((sharedSet != null) && Sets.symmetricDifference(sharedSet, DEFAULT_STS_SHARED_AGENT_SHARE_SET).isEmpty()) {
                        removeDefaultLegacySTSSharedAgent = true;
                        agentsRequiringRemoval.add(new ToBeRemovedAgentState(LEGACY_STS_RELATED_SHARED_AGENT_NAME, ROOT_REALM, SHARED_AGENT_SCHEMA_ID));
                    }
                }
            }
        }
    } catch (SMSException | SSOException e) {
        throw new UpgradeException("Could not determine whether to remove the legacy-sts SharedAgent called " + LEGACY_STS_RELATED_SHARED_AGENT_NAME + " in the root realm. Exception: " + e.getMessage());
    }
}
Also used : UpgradeException(org.forgerock.openam.upgrade.UpgradeException) HashSet(java.util.HashSet) Set(java.util.Set) ServiceConfig(com.sun.identity.sm.ServiceConfig) SMSException(com.sun.identity.sm.SMSException) SSOException(com.iplanet.sso.SSOException)

Example 77 with SSOException

use of com.iplanet.sso.SSOException in project OpenAM by OpenRock.

the class TwoStepVerificationSettingUpgrade method initialize.

@Override
public void initialize() throws UpgradeException {
    try {
        // Does the policy already exist...
        manager = new PolicyManager(getAdminToken(), HIDDEN_REALM);
        applicable = manager.getPolicyNames(EVALUATE_POLICY).isEmpty();
    } catch (SSOException ssoE) {
        throw new UpgradeException("Failed to identify existing privileges", ssoE);
    } catch (PolicyException pE) {
        throw new UpgradeException("Failed to identify existing privileges", pE);
    }
}
Also used : UpgradeException(org.forgerock.openam.upgrade.UpgradeException) PolicyManager(com.sun.identity.policy.PolicyManager) PolicyException(com.sun.identity.policy.PolicyException) SSOException(com.iplanet.sso.SSOException)

Example 78 with SSOException

use of com.iplanet.sso.SSOException in project OpenAM by OpenRock.

the class DataStore method getIndexCount.

private static int getIndexCount(String realm, boolean referral) {
    int count = 0;
    if (adminToken != null) {
        try {
            ServiceConfigManager mgr = new ServiceConfigManager(SERVICE_NAME, adminToken);
            ServiceConfig orgConf = mgr.getOrganizationConfig(realm, null);
            if (orgConf != null) {
                Map<String, Set<String>> map = orgConf.getAttributes();
                Set<String> set = (referral) ? map.get(REFERRAL_INDEX_COUNT) : map.get(INDEX_COUNT);
                if ((set != null) && !set.isEmpty()) {
                    String strCount = (String) set.iterator().next();
                    count = Integer.parseInt(strCount);
                }
            }
        } catch (NumberFormatException ex) {
            PolicyConstants.DEBUG.error("DataStore.getIndexCount", ex);
        } catch (SMSException ex) {
            PolicyConstants.DEBUG.error("DataStore.getIndexCount", ex);
        } catch (SSOException ex) {
            PolicyConstants.DEBUG.error("DataStore.getIndexCount", ex);
        }
    }
    return count;
}
Also used : HashSet(java.util.HashSet) Collections.emptySet(java.util.Collections.emptySet) Set(java.util.Set) ServiceConfig(com.sun.identity.sm.ServiceConfig) SMSException(com.sun.identity.sm.SMSException) SSOException(com.iplanet.sso.SSOException) ServiceConfigManager(com.sun.identity.sm.ServiceConfigManager)

Example 79 with SSOException

use of com.iplanet.sso.SSOException in project OpenAM by OpenRock.

the class DataStore method remove.

/**
     * Removes privilege.
     *
     * @param adminSubject Admin Subject who has the rights to write to
     *        datastore.
     * @param realm Realm name.
     * @param name Privilege name.
     * @throws com.sun.identity.entitlement.EntitlementException if privilege
     * cannot be removed.
     */
public void remove(Subject adminSubject, String realm, String name) throws EntitlementException {
    SSOToken token = getSSOToken(adminSubject);
    if (token == null) {
        Object[] arg = { name };
        throw new EntitlementException(55, arg);
    }
    String dn = null;
    try {
        dn = getPrivilegeDistinguishedName(name, realm, null);
        if (SMSEntry.checkIfEntryExists(dn, token)) {
            SMSEntry s = new SMSEntry(token, dn);
            s.delete();
            updateIndexCount(realm, -1, false);
            Map<String, String> params = new HashMap<String, String>();
            params.put(NotificationServlet.ATTR_NAME, name);
            params.put(NotificationServlet.ATTR_REALM_NAME, realm);
            Notifier.submit(NotificationServlet.PRIVILEGE_DELETED, params);
        }
    } catch (SMSException e) {
        Object[] arg = { dn };
        throw new EntitlementException(51, arg, e);
    } catch (SSOException e) {
        throw new EntitlementException(10, null, e);
    }
}
Also used : EntitlementException(com.sun.identity.entitlement.EntitlementException) SSOToken(com.iplanet.sso.SSOToken) HashMap(java.util.HashMap) SMSException(com.sun.identity.sm.SMSException) JSONObject(org.json.JSONObject) SMSEntry(com.sun.identity.sm.SMSEntry) SSOException(com.iplanet.sso.SSOException)

Example 80 with SSOException

use of com.iplanet.sso.SSOException in project OpenAM by OpenRock.

the class DataStore method add.

/**
     * Adds a privilege.
     *
     * @param adminSubject Admin Subject who has the rights to write to
     *        datastore.
     * @param realm Realm name.
     * @param p Privilege object.
     * @return the DN of added privilege.
     * @throws com.sun.identity.entitlement.EntitlementException if privilege
     * cannot be added.
     */
public String add(Subject adminSubject, String realm, Privilege p) throws EntitlementException {
    ResourceSaveIndexes indexes = p.getEntitlement().getResourceSaveIndexes(adminSubject, realm);
    Set<String> subjectIndexes = SubjectAttributesManager.getSubjectSearchIndexes(p);
    String dn = null;
    try {
        createDefaultSubConfig(adminToken, realm, null);
        dn = getPrivilegeDistinguishedName(p.getName(), realm, null);
        SMSEntry s = new SMSEntry(adminToken, dn);
        Map<String, Set<String>> map = new HashMap<String, Set<String>>();
        Set<String> searchable = new HashSet<String>();
        map.put(SMSEntry.ATTR_XML_KEYVAL, searchable);
        searchable.add(Privilege.RESOURCE_TYPE_UUID_ATTRIBUTE + "=" + p.getResourceTypeUuid());
        if (indexes != null) {
            for (String i : indexes.getHostIndexes()) {
                searchable.add(HOST_INDEX_KEY + "=" + i);
            }
            for (String i : indexes.getPathIndexes()) {
                searchable.add(PATH_INDEX_KEY + "=" + i);
            }
            for (String i : indexes.getParentPathIndexes()) {
                searchable.add(PATH_PARENT_INDEX_KEY + "=" + i);
            }
            for (String i : subjectIndexes) {
                searchable.add(SUBJECT_INDEX_KEY + "=" + i);
            }
        }
        Set<String> setServiceID = new HashSet<String>(2);
        map.put(SMSEntry.ATTR_SERVICE_ID, setServiceID);
        setServiceID.add("indexes");
        Set<String> set = new HashSet<String>(2);
        map.put(SMSEntry.ATTR_KEYVAL, set);
        set.add(SERIALIZABLE_INDEX_KEY + "=" + p.toJSONObject().toString());
        Set<String> setObjectClass = new HashSet<String>(4);
        map.put(SMSEntry.ATTR_OBJECTCLASS, setObjectClass);
        setObjectClass.add(SMSEntry.OC_TOP);
        setObjectClass.add(SMSEntry.OC_SERVICE_COMP);
        Set<String> info = new HashSet<String>(8);
        String privilegeName = p.getName();
        if (privilegeName != null) {
            info.add(Privilege.NAME_ATTRIBUTE + "=" + privilegeName);
        }
        String privilegeDesc = p.getDescription();
        if (privilegeDesc != null) {
            info.add(Privilege.DESCRIPTION_ATTRIBUTE + "=" + privilegeDesc);
        }
        String createdBy = p.getCreatedBy();
        if (createdBy != null) {
            info.add(Privilege.CREATED_BY_ATTRIBUTE + "=" + createdBy);
        }
        String lastModifiedBy = p.getLastModifiedBy();
        if (lastModifiedBy != null) {
            info.add(Privilege.LAST_MODIFIED_BY_ATTRIBUTE + "=" + lastModifiedBy);
        }
        long creationDate = p.getCreationDate();
        if (creationDate > 0) {
            String data = Long.toString(creationDate) + "=" + Privilege.CREATION_DATE_ATTRIBUTE;
            info.add(data);
            info.add("|" + data);
        }
        long lastModifiedDate = p.getLastModifiedDate();
        if (lastModifiedDate > 0) {
            String data = Long.toString(lastModifiedDate) + "=" + Privilege.LAST_MODIFIED_DATE_ATTRIBUTE;
            info.add(data);
            info.add("|" + data);
        }
        Entitlement ent = p.getEntitlement();
        info.add(Privilege.APPLICATION_ATTRIBUTE + "=" + ent.getApplicationName());
        for (String a : p.getApplicationIndexes()) {
            info.add(Privilege.APPLICATION_ATTRIBUTE + "=" + a);
        }
        map.put("ou", info);
        s.setAttributes(map);
        s.save();
        Map<String, String> params = new HashMap<String, String>();
        params.put(NotificationServlet.ATTR_NAME, privilegeName);
        params.put(NotificationServlet.ATTR_REALM_NAME, realm);
        Notifier.submit(NotificationServlet.PRIVILEGE_ADDED, params);
        updateIndexCount(realm, 1, false);
    } catch (JSONException e) {
        throw new EntitlementException(210, e);
    } catch (SSOException e) {
        throw new EntitlementException(210, e);
    } catch (SMSException e) {
        throw new EntitlementException(210, e);
    }
    return dn;
}
Also used : HashSet(java.util.HashSet) Collections.emptySet(java.util.Collections.emptySet) Set(java.util.Set) HashMap(java.util.HashMap) SMSException(com.sun.identity.sm.SMSException) JSONException(org.json.JSONException) SSOException(com.iplanet.sso.SSOException) ResourceSaveIndexes(com.sun.identity.entitlement.ResourceSaveIndexes) EntitlementException(com.sun.identity.entitlement.EntitlementException) SMSEntry(com.sun.identity.sm.SMSEntry) Entitlement(com.sun.identity.entitlement.Entitlement) HashSet(java.util.HashSet)

Aggregations

SSOException (com.iplanet.sso.SSOException)1002 SMSException (com.sun.identity.sm.SMSException)553 Set (java.util.Set)374 SSOToken (com.iplanet.sso.SSOToken)336 IdRepoException (com.sun.identity.idm.IdRepoException)291 HashSet (java.util.HashSet)289 Map (java.util.Map)223 HashMap (java.util.HashMap)205 AMIdentity (com.sun.identity.idm.AMIdentity)193 Iterator (java.util.Iterator)189 CLIException (com.sun.identity.cli.CLIException)170 AMConsoleException (com.sun.identity.console.base.model.AMConsoleException)126 ServiceConfig (com.sun.identity.sm.ServiceConfig)126 IOutput (com.sun.identity.cli.IOutput)121 ServiceSchemaManager (com.sun.identity.sm.ServiceSchemaManager)104 ServiceSchema (com.sun.identity.sm.ServiceSchema)101 ServiceConfigManager (com.sun.identity.sm.ServiceConfigManager)93 AMIdentityRepository (com.sun.identity.idm.AMIdentityRepository)88 IOException (java.io.IOException)65 PolicyException (com.sun.identity.policy.PolicyException)62