Search in sources :

Example 31 with SSOException

use of com.iplanet.sso.SSOException in project OpenAM by OpenRock.

the class ISPermission method implies.

/**
     * Checks if the specified permission's actions are "implied by" 
     * this object's actions.
     * <P>
     * The <code>implies</code> method is used by the
     * <code>AccessController</code> to determine whether or not a requested
     * permission is implied by another permission that is known to be valid
     * in the current execution context.
     *
     * @param perm the permission to check against.
     *
     * @return true if the specified permission is implied by this object,
     *         false if not. The check is made against the OpenAM's
     *         policy service to determine this evaluation.
     */
public boolean implies(Permission perm) {
    debug.message("ISPermission: implies called");
    boolean allowed = false;
    if (perm instanceof ISPermission) {
        debug.message("ISPermission:passed perm is of type ISPermission");
        if (protectionDomain != null) {
            debug.message("ISPermission:implies:protectionDomain not null");
            if (debug.messageEnabled()) {
                debug.message("ISPermission::implies: protectionDomain:" + protectionDomain.toString());
            }
            final String serviceName = ((ISPermission) perm).getServiceName();
            final String resourceName = ((ISPermission) perm).getResourceName();
            final String actions = ((ISPermission) perm).getActions();
            final Map envParams = ((ISPermission) perm).getEnvParams();
            if (debug.messageEnabled()) {
                debug.message("ISPermission: resourceName=" + resourceName);
                debug.message("ISPermission: serviceName=" + serviceName);
                debug.message("ISPermission: actions=" + actions);
            }
            SSOTokenPrincipal tokenPrincipal = null;
            try {
                Principal[] principals = protectionDomain.getPrincipals();
                // principals should have only one entry
                Principal principal = (Principal) principals[0];
                if (principal.getName().equals("com.sun.identity." + "authentication.service.SSOTokenPrincipal")) {
                    if (debug.messageEnabled()) {
                        debug.message("ISPermission::implies:principals:" + principal.toString());
                    }
                    tokenPrincipal = (SSOTokenPrincipal) principal;
                }
                if (tokenPrincipal == null) {
                    if (debug.messageEnabled()) {
                        debug.error("ISPermission::implies:" + " Principal is null");
                    }
                } else {
                    SSOTokenManager ssomgr = SSOTokenManager.getInstance();
                    final SSOToken token = ssomgr.createSSOToken(tokenPrincipal.getName());
                    /* TODO currently ISPermission uses remote policy 
                        client API so if this class gets used from server side
                        , will always make remote call, need to make changes 
                        in this code to to make a local/remote call accordingly.
                        */
                    if (policyEvalFactory == null) {
                        policyEvalFactory = PolicyEvaluatorFactory.getInstance();
                    }
                    PolicyEvaluator policyEvaluator = policyEvalFactory.getPolicyEvaluator(serviceName);
                    if (debug.messageEnabled()) {
                        debug.message("ISPermission::implies::created " + "PolicyEvaluator for " + serviceName);
                    }
                    if (actions != null) {
                        StringTokenizer st = new StringTokenizer(actions, ",");
                        while (st.hasMoreTokens()) {
                            String action = (String) st.nextToken();
                            allowed = policyEvaluator.isAllowed(token, resourceName, action, envParams);
                            if (!allowed) {
                                // the final result is not allowwed
                                break;
                            }
                            if (debug.messageEnabled()) {
                                debug.message("ISPermission::result for " + action + " is :" + allowed);
                            }
                        }
                        if (debug.messageEnabled()) {
                            debug.message("ISPermission::result for " + actions + " is :" + allowed);
                        }
                    } else {
                        if (debug.messageEnabled()) {
                            debug.message("ISPermission:: actions is null");
                        }
                    }
                }
            } catch (SSOException ssoe) {
                if (debug.messageEnabled()) {
                    debug.error("ISPermission::SSOException:" + ssoe.getMessage());
                    ssoe.printStackTrace();
                }
            } catch (Exception e) {
                if (debug.messageEnabled()) {
                    debug.error("ISPermission::Exception:" + e.getMessage());
                    e.printStackTrace();
                }
            }
        } else {
            debug.message("ISPermission:: subject was null");
        }
    }
    if (debug.messageEnabled()) {
        debug.message("ISPermission: allowed::" + allowed);
    }
    return allowed;
}
Also used : SSOTokenManager(com.iplanet.sso.SSOTokenManager) SSOToken(com.iplanet.sso.SSOToken) SSOTokenPrincipal(com.sun.identity.authentication.service.SSOTokenPrincipal) SSOException(com.iplanet.sso.SSOException) SSOException(com.iplanet.sso.SSOException) StringTokenizer(java.util.StringTokenizer) PolicyEvaluator(com.sun.identity.policy.client.PolicyEvaluator) Map(java.util.Map) Principal(java.security.Principal) SSOTokenPrincipal(com.sun.identity.authentication.service.SSOTokenPrincipal)

Example 32 with SSOException

use of com.iplanet.sso.SSOException in project OpenAM by OpenRock.

the class AuthenticatedSharedAgents method getOrgConfig.

// Returns the organization configuration of the 'default' group
// from AgentService.
private ServiceConfig getOrgConfig(SSOToken token, String realmName) {
    if (debug.messageEnabled()) {
        debug.message("AuthenticatedSharedAgents.getOrgConfig() called. ");
    }
    ServiceConfig orgConfigCache = null;
    try {
        // Check in cache first
        if ((realmCache != null) && (!realmCache.isEmpty()) && (realmCache.containsKey(realmName))) {
            orgConfigCache = (ServiceConfig) realmCache.get(realmName);
            if (orgConfigCache.isValid()) {
                debug.message("AuthenticatedSharedAgents.getOrgConfig() found in cache.");
                return (orgConfigCache);
            }
        }
        if (scm == null) {
            scm = new ServiceConfigManager(token, agentserviceName, version);
        }
        orgConfigCache = scm.getOrganizationConfig(realmName, null);
        // Update the realm cache.
        updateRealmCache(realmName, orgConfigCache);
    } catch (SMSException smse) {
        if (debug.warningEnabled()) {
            debug.warning("AuthenticatedSharedAgents.getOrgConfig(): " + "Unable to get organization config due to " + smse);
        }
    } catch (SSOException ssoe) {
        if (debug.warningEnabled()) {
            debug.warning("AuthenticatedSharedAgents.getOrgConfig(): " + "Unable to get organization config due to " + ssoe);
        }
    }
    return (orgConfigCache);
}
Also used : ServiceConfig(com.sun.identity.sm.ServiceConfig) SMSException(com.sun.identity.sm.SMSException) SSOException(com.iplanet.sso.SSOException) ServiceConfigManager(com.sun.identity.sm.ServiceConfigManager)

Example 33 with SSOException

use of com.iplanet.sso.SSOException in project OpenAM by OpenRock.

the class AuthenticatedSharedAgents method isSharedAgent.

/**
    * Checks if distinguished user name is a shared user/agent 
    * if returns true if so.
    */
protected boolean isSharedAgent(SSOToken token, String userName, String userDNUnivId, String rlmName) {
    boolean isSharedAgent = false;
    try {
        if (debug.messageEnabled()) {
            debug.message("AuthenticatedSharedAgents:isSharedAgent:" + "userName = " + userName + " Realm Name = " + rlmName);
        }
        if (userName != null) {
            String agentName = userName;
            if (LDAPUtils.isDN(userName)) {
                agentName = LDAPUtils.rdnValueFromDn(userName);
            }
            if (debug.messageEnabled()) {
                debug.message("AuthenticatedSharedAgents:isSharedAgent:" + "agentName = " + agentName);
            }
            // Check in cache
            if ((sharedAgentsCache != null) && (!sharedAgentsCache.isEmpty()) && (sharedAgentsCache.contains(userDNUnivId))) {
                return (true);
            }
            SSOToken adminToken = (SSOToken) AccessController.doPrivileged(AdminTokenAction.getInstance());
            ServiceConfig oc = getOrgConfig(adminToken, rlmName);
            // Get the agent's schemaID from the config.
            ServiceConfig aCfg = oc.getSubConfig(agentName);
            if (aCfg != null) {
                String agentType = aCfg.getSchemaID();
                if ((oc.getSubConfigNames().contains(agentName)) && (agentType.equalsIgnoreCase("SharedAgent"))) {
                    isSharedAgent = true;
                    updateCache(userDNUnivId);
                }
            }
        }
    } catch (SSOException ssoe) {
        if (debug.warningEnabled()) {
            debug.warning("AuthenticatedSharedAgents.isSharedAgent(): " + "SSOException: " + ssoe);
        }
    } catch (SMSException smse) {
        if (debug.warningEnabled()) {
            debug.warning("AuthenticatedSharedAgents.isSharedAgent(): " + "SMSException: " + smse);
        }
    }
    return isSharedAgent;
}
Also used : SSOToken(com.iplanet.sso.SSOToken) ServiceConfig(com.sun.identity.sm.ServiceConfig) SMSException(com.sun.identity.sm.SMSException) SSOException(com.iplanet.sso.SSOException)

Example 34 with SSOException

use of com.iplanet.sso.SSOException in project OpenAM by OpenRock.

the class SMSEnhancedFlatFileObject method loadMapper.

/**
     * Loads the dirrectory mapper, create it if it doesn't exist.
     **/
synchronized void loadMapper() throws SMSException {
    String fileName = mRootDir + File.separator + DIR_TREE_FILENAME;
    File fileHandle = new File(fileName);
    if (fileHandle.isFile()) {
        if (!fileHandle.canRead()) {
            String errmsg = "SMSEnhancedFlatFileObject.initialize: cannot read file " + fileName;
            mDebug.error(errmsg);
            throw new SMSException(errmsg);
        }
        parseDirectoryTreeXML(fileName);
    } else {
        try {
            fileHandle.createNewFile();
        } catch (IOException e) {
            String errmsg = "SMSEnhancedFlatFileObject.initialize: " + "cannot create file, " + fileName + ". Exception " + e.getMessage();
            mDebug.error("SMSEnhancedFlatFileObject.initialize", e);
            throw new SMSException(errmsg);
        } catch (SecurityException e) {
            String errmsg = "SMSEnhancedFlatFileObject.initialize: " + "cannot create file, " + fileName + ". Exception " + e.getMessage();
            mDebug.error("SMSEnhancedFlatFileObject.initialize", e);
            throw new SMSException(errmsg);
        }
        root = new SMSFlatFileTreeNode(mRootDN);
        try {
            Map map = new HashMap(2);
            Set set = new HashSet(4);
            set.add("top");
            set.add("organizationalunit");
            map.put("objectclass", set);
            create(null, "ou=services," + mRootDN, map);
            saveDirectoryTree();
        } catch (SSOException e) {
        // not possible
        } catch (ServiceAlreadyExistsException e) {
            mDebug.message("SMSEnhancedFlatFileObject.initialize", e);
        }
    }
}
Also used : CaseInsensitiveHashSet(com.sun.identity.common.CaseInsensitiveHashSet) HashSet(java.util.HashSet) CaseInsensitiveTreeSet(com.sun.identity.common.CaseInsensitiveTreeSet) Set(java.util.Set) SMSException(com.sun.identity.sm.SMSException) HashMap(java.util.HashMap) CaseInsensitiveHashMap(com.sun.identity.common.CaseInsensitiveHashMap) SSOException(com.iplanet.sso.SSOException) IOException(java.io.IOException) File(java.io.File) HashMap(java.util.HashMap) CaseInsensitiveHashMap(com.sun.identity.common.CaseInsensitiveHashMap) Map(java.util.Map) CaseInsensitiveHashSet(com.sun.identity.common.CaseInsensitiveHashSet) HashSet(java.util.HashSet) ServiceAlreadyExistsException(com.sun.identity.sm.ServiceAlreadyExistsException)

Example 35 with SSOException

use of com.iplanet.sso.SSOException in project OpenAM by OpenRock.

the class SMSFlatFileObject method loadMapper.

/**
     * Loads the name mapper, create it if it doesn't exist.
     **/
protected void loadMapper() throws SMSException {
    StringBuffer nameMapFilename = new StringBuffer(mRootDir);
    nameMapFilename.append(File.separatorChar);
    nameMapFilename.append(DEFAULT_NAMEMAP_FILENAME);
    mNameMapHandle = new File(nameMapFilename.toString());
    if (mNameMapHandle.isFile()) {
        if (!mNameMapHandle.canRead()) {
            String errmsg = "SMSFlatFileObject.initialize: cannot read file " + mNameMapHandle.getPath();
            mDebug.error(errmsg);
            throw new SMSException(errmsg);
        }
        mNameMap = loadProperties(mNameMapHandle, null);
    } else {
        try {
            mNameMapHandle.createNewFile();
        } catch (IOException e) {
            String errmsg = "SMSFlatFileObject.initialize: " + "cannot create file, " + nameMapFilename + ". Exception " + e.getMessage();
            mDebug.error(errmsg);
            throw new SMSException(errmsg);
        } catch (SecurityException e) {
            String errmsg = "SMSFlatFileObject.initialize: " + "cannot create file " + nameMapFilename + ". Exception " + e.getMessage();
            mDebug.error(errmsg);
            throw new SMSException(errmsg);
        }
        mNameMap = new CaseInsensitiveProperties();
        // create root dn if this is a new directory.
        try {
            create(null, mRootDN, new HashMap());
            if (mDebug.messageEnabled()) {
                mDebug.message("SMSFlatFileObject.initialize: " + "created SMS object for " + mRootDN);
            }
        } catch (SSOException e) {
        // not possible
        } catch (ServiceAlreadyExistsException e) {
            if (mDebug.messageEnabled()) {
                mDebug.message("SMSFlatFileObject.initialize: " + mRootDN + " already exists");
            }
        }
        // also create ou=services this is a new directory.
        try {
            create(null, "ou=services," + mRootDN, new HashMap());
            if (mDebug.messageEnabled()) {
                mDebug.message("SMSFlatFileObject.initialize: " + "created SMS object for ou=services," + mRootDN);
            }
        } catch (SSOException e) {
        // not possible
        } catch (ServiceAlreadyExistsException e) {
            if (mDebug.messageEnabled()) {
                mDebug.message("SMSFlatFileObject.initialize: " + "ou=services," + mRootDN + " already exists");
            }
        }
    }
}
Also used : SMSException(com.sun.identity.sm.SMSException) CaseInsensitiveProperties(com.sun.identity.common.CaseInsensitiveProperties) HashMap(java.util.HashMap) CaseInsensitiveHashMap(com.sun.identity.common.CaseInsensitiveHashMap) SSOException(com.iplanet.sso.SSOException) IOException(java.io.IOException) File(java.io.File) ServiceAlreadyExistsException(com.sun.identity.sm.ServiceAlreadyExistsException)

Aggregations

SSOException (com.iplanet.sso.SSOException)1002 SMSException (com.sun.identity.sm.SMSException)553 Set (java.util.Set)374 SSOToken (com.iplanet.sso.SSOToken)336 IdRepoException (com.sun.identity.idm.IdRepoException)291 HashSet (java.util.HashSet)289 Map (java.util.Map)223 HashMap (java.util.HashMap)205 AMIdentity (com.sun.identity.idm.AMIdentity)193 Iterator (java.util.Iterator)189 CLIException (com.sun.identity.cli.CLIException)170 AMConsoleException (com.sun.identity.console.base.model.AMConsoleException)126 ServiceConfig (com.sun.identity.sm.ServiceConfig)126 IOutput (com.sun.identity.cli.IOutput)121 ServiceSchemaManager (com.sun.identity.sm.ServiceSchemaManager)104 ServiceSchema (com.sun.identity.sm.ServiceSchema)101 ServiceConfigManager (com.sun.identity.sm.ServiceConfigManager)93 AMIdentityRepository (com.sun.identity.idm.AMIdentityRepository)88 IOException (java.io.IOException)65 PolicyException (com.sun.identity.policy.PolicyException)62