use of com.iplanet.sso.SSOException in project OpenAM by OpenRock.
the class ISPermission method implies.
/**
* Checks if the specified permission's actions are "implied by"
* this object's actions.
* <P>
* The <code>implies</code> method is used by the
* <code>AccessController</code> to determine whether or not a requested
* permission is implied by another permission that is known to be valid
* in the current execution context.
*
* @param perm the permission to check against.
*
* @return true if the specified permission is implied by this object,
* false if not. The check is made against the OpenAM's
* policy service to determine this evaluation.
*/
public boolean implies(Permission perm) {
debug.message("ISPermission: implies called");
boolean allowed = false;
if (perm instanceof ISPermission) {
debug.message("ISPermission:passed perm is of type ISPermission");
if (protectionDomain != null) {
debug.message("ISPermission:implies:protectionDomain not null");
if (debug.messageEnabled()) {
debug.message("ISPermission::implies: protectionDomain:" + protectionDomain.toString());
}
final String serviceName = ((ISPermission) perm).getServiceName();
final String resourceName = ((ISPermission) perm).getResourceName();
final String actions = ((ISPermission) perm).getActions();
final Map envParams = ((ISPermission) perm).getEnvParams();
if (debug.messageEnabled()) {
debug.message("ISPermission: resourceName=" + resourceName);
debug.message("ISPermission: serviceName=" + serviceName);
debug.message("ISPermission: actions=" + actions);
}
SSOTokenPrincipal tokenPrincipal = null;
try {
Principal[] principals = protectionDomain.getPrincipals();
// principals should have only one entry
Principal principal = (Principal) principals[0];
if (principal.getName().equals("com.sun.identity." + "authentication.service.SSOTokenPrincipal")) {
if (debug.messageEnabled()) {
debug.message("ISPermission::implies:principals:" + principal.toString());
}
tokenPrincipal = (SSOTokenPrincipal) principal;
}
if (tokenPrincipal == null) {
if (debug.messageEnabled()) {
debug.error("ISPermission::implies:" + " Principal is null");
}
} else {
SSOTokenManager ssomgr = SSOTokenManager.getInstance();
final SSOToken token = ssomgr.createSSOToken(tokenPrincipal.getName());
/* TODO currently ISPermission uses remote policy
client API so if this class gets used from server side
, will always make remote call, need to make changes
in this code to to make a local/remote call accordingly.
*/
if (policyEvalFactory == null) {
policyEvalFactory = PolicyEvaluatorFactory.getInstance();
}
PolicyEvaluator policyEvaluator = policyEvalFactory.getPolicyEvaluator(serviceName);
if (debug.messageEnabled()) {
debug.message("ISPermission::implies::created " + "PolicyEvaluator for " + serviceName);
}
if (actions != null) {
StringTokenizer st = new StringTokenizer(actions, ",");
while (st.hasMoreTokens()) {
String action = (String) st.nextToken();
allowed = policyEvaluator.isAllowed(token, resourceName, action, envParams);
if (!allowed) {
// the final result is not allowwed
break;
}
if (debug.messageEnabled()) {
debug.message("ISPermission::result for " + action + " is :" + allowed);
}
}
if (debug.messageEnabled()) {
debug.message("ISPermission::result for " + actions + " is :" + allowed);
}
} else {
if (debug.messageEnabled()) {
debug.message("ISPermission:: actions is null");
}
}
}
} catch (SSOException ssoe) {
if (debug.messageEnabled()) {
debug.error("ISPermission::SSOException:" + ssoe.getMessage());
ssoe.printStackTrace();
}
} catch (Exception e) {
if (debug.messageEnabled()) {
debug.error("ISPermission::Exception:" + e.getMessage());
e.printStackTrace();
}
}
} else {
debug.message("ISPermission:: subject was null");
}
}
if (debug.messageEnabled()) {
debug.message("ISPermission: allowed::" + allowed);
}
return allowed;
}
use of com.iplanet.sso.SSOException in project OpenAM by OpenRock.
the class AuthenticatedSharedAgents method getOrgConfig.
// Returns the organization configuration of the 'default' group
// from AgentService.
private ServiceConfig getOrgConfig(SSOToken token, String realmName) {
if (debug.messageEnabled()) {
debug.message("AuthenticatedSharedAgents.getOrgConfig() called. ");
}
ServiceConfig orgConfigCache = null;
try {
// Check in cache first
if ((realmCache != null) && (!realmCache.isEmpty()) && (realmCache.containsKey(realmName))) {
orgConfigCache = (ServiceConfig) realmCache.get(realmName);
if (orgConfigCache.isValid()) {
debug.message("AuthenticatedSharedAgents.getOrgConfig() found in cache.");
return (orgConfigCache);
}
}
if (scm == null) {
scm = new ServiceConfigManager(token, agentserviceName, version);
}
orgConfigCache = scm.getOrganizationConfig(realmName, null);
// Update the realm cache.
updateRealmCache(realmName, orgConfigCache);
} catch (SMSException smse) {
if (debug.warningEnabled()) {
debug.warning("AuthenticatedSharedAgents.getOrgConfig(): " + "Unable to get organization config due to " + smse);
}
} catch (SSOException ssoe) {
if (debug.warningEnabled()) {
debug.warning("AuthenticatedSharedAgents.getOrgConfig(): " + "Unable to get organization config due to " + ssoe);
}
}
return (orgConfigCache);
}
use of com.iplanet.sso.SSOException in project OpenAM by OpenRock.
the class AuthenticatedSharedAgents method isSharedAgent.
/**
* Checks if distinguished user name is a shared user/agent
* if returns true if so.
*/
protected boolean isSharedAgent(SSOToken token, String userName, String userDNUnivId, String rlmName) {
boolean isSharedAgent = false;
try {
if (debug.messageEnabled()) {
debug.message("AuthenticatedSharedAgents:isSharedAgent:" + "userName = " + userName + " Realm Name = " + rlmName);
}
if (userName != null) {
String agentName = userName;
if (LDAPUtils.isDN(userName)) {
agentName = LDAPUtils.rdnValueFromDn(userName);
}
if (debug.messageEnabled()) {
debug.message("AuthenticatedSharedAgents:isSharedAgent:" + "agentName = " + agentName);
}
// Check in cache
if ((sharedAgentsCache != null) && (!sharedAgentsCache.isEmpty()) && (sharedAgentsCache.contains(userDNUnivId))) {
return (true);
}
SSOToken adminToken = (SSOToken) AccessController.doPrivileged(AdminTokenAction.getInstance());
ServiceConfig oc = getOrgConfig(adminToken, rlmName);
// Get the agent's schemaID from the config.
ServiceConfig aCfg = oc.getSubConfig(agentName);
if (aCfg != null) {
String agentType = aCfg.getSchemaID();
if ((oc.getSubConfigNames().contains(agentName)) && (agentType.equalsIgnoreCase("SharedAgent"))) {
isSharedAgent = true;
updateCache(userDNUnivId);
}
}
}
} catch (SSOException ssoe) {
if (debug.warningEnabled()) {
debug.warning("AuthenticatedSharedAgents.isSharedAgent(): " + "SSOException: " + ssoe);
}
} catch (SMSException smse) {
if (debug.warningEnabled()) {
debug.warning("AuthenticatedSharedAgents.isSharedAgent(): " + "SMSException: " + smse);
}
}
return isSharedAgent;
}
use of com.iplanet.sso.SSOException in project OpenAM by OpenRock.
the class SMSEnhancedFlatFileObject method loadMapper.
/**
* Loads the dirrectory mapper, create it if it doesn't exist.
**/
synchronized void loadMapper() throws SMSException {
String fileName = mRootDir + File.separator + DIR_TREE_FILENAME;
File fileHandle = new File(fileName);
if (fileHandle.isFile()) {
if (!fileHandle.canRead()) {
String errmsg = "SMSEnhancedFlatFileObject.initialize: cannot read file " + fileName;
mDebug.error(errmsg);
throw new SMSException(errmsg);
}
parseDirectoryTreeXML(fileName);
} else {
try {
fileHandle.createNewFile();
} catch (IOException e) {
String errmsg = "SMSEnhancedFlatFileObject.initialize: " + "cannot create file, " + fileName + ". Exception " + e.getMessage();
mDebug.error("SMSEnhancedFlatFileObject.initialize", e);
throw new SMSException(errmsg);
} catch (SecurityException e) {
String errmsg = "SMSEnhancedFlatFileObject.initialize: " + "cannot create file, " + fileName + ". Exception " + e.getMessage();
mDebug.error("SMSEnhancedFlatFileObject.initialize", e);
throw new SMSException(errmsg);
}
root = new SMSFlatFileTreeNode(mRootDN);
try {
Map map = new HashMap(2);
Set set = new HashSet(4);
set.add("top");
set.add("organizationalunit");
map.put("objectclass", set);
create(null, "ou=services," + mRootDN, map);
saveDirectoryTree();
} catch (SSOException e) {
// not possible
} catch (ServiceAlreadyExistsException e) {
mDebug.message("SMSEnhancedFlatFileObject.initialize", e);
}
}
}
use of com.iplanet.sso.SSOException in project OpenAM by OpenRock.
the class SMSFlatFileObject method loadMapper.
/**
* Loads the name mapper, create it if it doesn't exist.
**/
protected void loadMapper() throws SMSException {
StringBuffer nameMapFilename = new StringBuffer(mRootDir);
nameMapFilename.append(File.separatorChar);
nameMapFilename.append(DEFAULT_NAMEMAP_FILENAME);
mNameMapHandle = new File(nameMapFilename.toString());
if (mNameMapHandle.isFile()) {
if (!mNameMapHandle.canRead()) {
String errmsg = "SMSFlatFileObject.initialize: cannot read file " + mNameMapHandle.getPath();
mDebug.error(errmsg);
throw new SMSException(errmsg);
}
mNameMap = loadProperties(mNameMapHandle, null);
} else {
try {
mNameMapHandle.createNewFile();
} catch (IOException e) {
String errmsg = "SMSFlatFileObject.initialize: " + "cannot create file, " + nameMapFilename + ". Exception " + e.getMessage();
mDebug.error(errmsg);
throw new SMSException(errmsg);
} catch (SecurityException e) {
String errmsg = "SMSFlatFileObject.initialize: " + "cannot create file " + nameMapFilename + ". Exception " + e.getMessage();
mDebug.error(errmsg);
throw new SMSException(errmsg);
}
mNameMap = new CaseInsensitiveProperties();
// create root dn if this is a new directory.
try {
create(null, mRootDN, new HashMap());
if (mDebug.messageEnabled()) {
mDebug.message("SMSFlatFileObject.initialize: " + "created SMS object for " + mRootDN);
}
} catch (SSOException e) {
// not possible
} catch (ServiceAlreadyExistsException e) {
if (mDebug.messageEnabled()) {
mDebug.message("SMSFlatFileObject.initialize: " + mRootDN + " already exists");
}
}
// also create ou=services this is a new directory.
try {
create(null, "ou=services," + mRootDN, new HashMap());
if (mDebug.messageEnabled()) {
mDebug.message("SMSFlatFileObject.initialize: " + "created SMS object for ou=services," + mRootDN);
}
} catch (SSOException e) {
// not possible
} catch (ServiceAlreadyExistsException e) {
if (mDebug.messageEnabled()) {
mDebug.message("SMSFlatFileObject.initialize: " + "ou=services," + mRootDN + " already exists");
}
}
}
}
Aggregations