use of com.iplanet.sso.SSOException in project OpenAM by OpenRock.
the class UpgradeLegacySTSStep method determineDefaultLegacySTSSharedAgentRemoval.
private void determineDefaultLegacySTSSharedAgentRemoval() throws UpgradeException {
try {
ServiceConfig baseService = getOrganizationConfigForAgentService(ROOT_REALM);
Set<String> subConfigNames = baseService.getSubConfigNames();
if (subConfigNames.contains(LEGACY_STS_RELATED_SHARED_AGENT_NAME)) {
final ServiceConfig agentInstance = baseService.getSubConfig(LEGACY_STS_RELATED_SHARED_AGENT_NAME);
if (SHARED_AGENT_SCHEMA_ID.equals(agentInstance.getSchemaID())) {
Map<String, Set<String>> attributes = agentInstance.getAttributesWithoutDefaultsForRead();
if (attributes != null) {
Set<String> sharedSet = attributes.get(AGENTS_ALLOWED_TO_READ_ATTRIBUTE);
if ((sharedSet != null) && Sets.symmetricDifference(sharedSet, DEFAULT_STS_SHARED_AGENT_SHARE_SET).isEmpty()) {
removeDefaultLegacySTSSharedAgent = true;
agentsRequiringRemoval.add(new ToBeRemovedAgentState(LEGACY_STS_RELATED_SHARED_AGENT_NAME, ROOT_REALM, SHARED_AGENT_SCHEMA_ID));
}
}
}
}
} catch (SMSException | SSOException e) {
throw new UpgradeException("Could not determine whether to remove the legacy-sts SharedAgent called " + LEGACY_STS_RELATED_SHARED_AGENT_NAME + " in the root realm. Exception: " + e.getMessage());
}
}
use of com.iplanet.sso.SSOException in project OpenAM by OpenRock.
the class TwoStepVerificationSettingUpgrade method initialize.
@Override
public void initialize() throws UpgradeException {
try {
// Does the policy already exist...
manager = new PolicyManager(getAdminToken(), HIDDEN_REALM);
applicable = manager.getPolicyNames(EVALUATE_POLICY).isEmpty();
} catch (SSOException ssoE) {
throw new UpgradeException("Failed to identify existing privileges", ssoE);
} catch (PolicyException pE) {
throw new UpgradeException("Failed to identify existing privileges", pE);
}
}
use of com.iplanet.sso.SSOException in project OpenAM by OpenRock.
the class DataStore method getIndexCount.
private static int getIndexCount(String realm, boolean referral) {
int count = 0;
if (adminToken != null) {
try {
ServiceConfigManager mgr = new ServiceConfigManager(SERVICE_NAME, adminToken);
ServiceConfig orgConf = mgr.getOrganizationConfig(realm, null);
if (orgConf != null) {
Map<String, Set<String>> map = orgConf.getAttributes();
Set<String> set = (referral) ? map.get(REFERRAL_INDEX_COUNT) : map.get(INDEX_COUNT);
if ((set != null) && !set.isEmpty()) {
String strCount = (String) set.iterator().next();
count = Integer.parseInt(strCount);
}
}
} catch (NumberFormatException ex) {
PolicyConstants.DEBUG.error("DataStore.getIndexCount", ex);
} catch (SMSException ex) {
PolicyConstants.DEBUG.error("DataStore.getIndexCount", ex);
} catch (SSOException ex) {
PolicyConstants.DEBUG.error("DataStore.getIndexCount", ex);
}
}
return count;
}
use of com.iplanet.sso.SSOException in project OpenAM by OpenRock.
the class DataStore method remove.
/**
* Removes privilege.
*
* @param adminSubject Admin Subject who has the rights to write to
* datastore.
* @param realm Realm name.
* @param name Privilege name.
* @throws com.sun.identity.entitlement.EntitlementException if privilege
* cannot be removed.
*/
public void remove(Subject adminSubject, String realm, String name) throws EntitlementException {
SSOToken token = getSSOToken(adminSubject);
if (token == null) {
Object[] arg = { name };
throw new EntitlementException(55, arg);
}
String dn = null;
try {
dn = getPrivilegeDistinguishedName(name, realm, null);
if (SMSEntry.checkIfEntryExists(dn, token)) {
SMSEntry s = new SMSEntry(token, dn);
s.delete();
updateIndexCount(realm, -1, false);
Map<String, String> params = new HashMap<String, String>();
params.put(NotificationServlet.ATTR_NAME, name);
params.put(NotificationServlet.ATTR_REALM_NAME, realm);
Notifier.submit(NotificationServlet.PRIVILEGE_DELETED, params);
}
} catch (SMSException e) {
Object[] arg = { dn };
throw new EntitlementException(51, arg, e);
} catch (SSOException e) {
throw new EntitlementException(10, null, e);
}
}
use of com.iplanet.sso.SSOException in project OpenAM by OpenRock.
the class DataStore method add.
/**
* Adds a privilege.
*
* @param adminSubject Admin Subject who has the rights to write to
* datastore.
* @param realm Realm name.
* @param p Privilege object.
* @return the DN of added privilege.
* @throws com.sun.identity.entitlement.EntitlementException if privilege
* cannot be added.
*/
public String add(Subject adminSubject, String realm, Privilege p) throws EntitlementException {
ResourceSaveIndexes indexes = p.getEntitlement().getResourceSaveIndexes(adminSubject, realm);
Set<String> subjectIndexes = SubjectAttributesManager.getSubjectSearchIndexes(p);
String dn = null;
try {
createDefaultSubConfig(adminToken, realm, null);
dn = getPrivilegeDistinguishedName(p.getName(), realm, null);
SMSEntry s = new SMSEntry(adminToken, dn);
Map<String, Set<String>> map = new HashMap<String, Set<String>>();
Set<String> searchable = new HashSet<String>();
map.put(SMSEntry.ATTR_XML_KEYVAL, searchable);
searchable.add(Privilege.RESOURCE_TYPE_UUID_ATTRIBUTE + "=" + p.getResourceTypeUuid());
if (indexes != null) {
for (String i : indexes.getHostIndexes()) {
searchable.add(HOST_INDEX_KEY + "=" + i);
}
for (String i : indexes.getPathIndexes()) {
searchable.add(PATH_INDEX_KEY + "=" + i);
}
for (String i : indexes.getParentPathIndexes()) {
searchable.add(PATH_PARENT_INDEX_KEY + "=" + i);
}
for (String i : subjectIndexes) {
searchable.add(SUBJECT_INDEX_KEY + "=" + i);
}
}
Set<String> setServiceID = new HashSet<String>(2);
map.put(SMSEntry.ATTR_SERVICE_ID, setServiceID);
setServiceID.add("indexes");
Set<String> set = new HashSet<String>(2);
map.put(SMSEntry.ATTR_KEYVAL, set);
set.add(SERIALIZABLE_INDEX_KEY + "=" + p.toJSONObject().toString());
Set<String> setObjectClass = new HashSet<String>(4);
map.put(SMSEntry.ATTR_OBJECTCLASS, setObjectClass);
setObjectClass.add(SMSEntry.OC_TOP);
setObjectClass.add(SMSEntry.OC_SERVICE_COMP);
Set<String> info = new HashSet<String>(8);
String privilegeName = p.getName();
if (privilegeName != null) {
info.add(Privilege.NAME_ATTRIBUTE + "=" + privilegeName);
}
String privilegeDesc = p.getDescription();
if (privilegeDesc != null) {
info.add(Privilege.DESCRIPTION_ATTRIBUTE + "=" + privilegeDesc);
}
String createdBy = p.getCreatedBy();
if (createdBy != null) {
info.add(Privilege.CREATED_BY_ATTRIBUTE + "=" + createdBy);
}
String lastModifiedBy = p.getLastModifiedBy();
if (lastModifiedBy != null) {
info.add(Privilege.LAST_MODIFIED_BY_ATTRIBUTE + "=" + lastModifiedBy);
}
long creationDate = p.getCreationDate();
if (creationDate > 0) {
String data = Long.toString(creationDate) + "=" + Privilege.CREATION_DATE_ATTRIBUTE;
info.add(data);
info.add("|" + data);
}
long lastModifiedDate = p.getLastModifiedDate();
if (lastModifiedDate > 0) {
String data = Long.toString(lastModifiedDate) + "=" + Privilege.LAST_MODIFIED_DATE_ATTRIBUTE;
info.add(data);
info.add("|" + data);
}
Entitlement ent = p.getEntitlement();
info.add(Privilege.APPLICATION_ATTRIBUTE + "=" + ent.getApplicationName());
for (String a : p.getApplicationIndexes()) {
info.add(Privilege.APPLICATION_ATTRIBUTE + "=" + a);
}
map.put("ou", info);
s.setAttributes(map);
s.save();
Map<String, String> params = new HashMap<String, String>();
params.put(NotificationServlet.ATTR_NAME, privilegeName);
params.put(NotificationServlet.ATTR_REALM_NAME, realm);
Notifier.submit(NotificationServlet.PRIVILEGE_ADDED, params);
updateIndexCount(realm, 1, false);
} catch (JSONException e) {
throw new EntitlementException(210, e);
} catch (SSOException e) {
throw new EntitlementException(210, e);
} catch (SMSException e) {
throw new EntitlementException(210, e);
}
return dn;
}
Aggregations