Example 76 with SSOToken
use of com.iplanet.sso.SSOToken in project OpenAM by OpenRock.
the class DataStore method findPolicies.
private List<Privilege> findPolicies(String realm, String ldapFilter) throws EntitlementException {
List<Privilege> results = new ArrayList<>();
String baseDN = getSearchBaseDN(realm, null);
SSOToken token = AccessController.doPrivileged(AdminTokenAction.getInstance());
if (SMSEntry.checkIfEntryExists(baseDN, token)) {
try {
@SuppressWarnings("unchecked") Iterator<SMSDataEntry> iterator = SMSEntry.search(token, baseDN, ldapFilter, NO_LIMIT, NO_LIMIT, NOT_SORTED, NOT_SORTED, emptySet());
while (iterator.hasNext()) {
SMSDataEntry entry = iterator.next();
String policyJson = entry.getAttributeValue(SERIALIZABLE_INDEX_KEY);
results.add(Privilege.getInstance(new JSONObject(policyJson)));
}
} catch (JSONException | SMSException e) {
throw new EntitlementException(EntitlementException.UNABLE_SEARCH_PRIVILEGES, e);
}
}
return results;
}
Also used :
SSOToken(com.iplanet.sso.SSOToken)
SMSDataEntry(com.sun.identity.sm.SMSDataEntry)
SMSException(com.sun.identity.sm.SMSException)
ArrayList(java.util.ArrayList)
JSONException(org.json.JSONException)
EntitlementException(com.sun.identity.entitlement.EntitlementException)
JSONObject(org.json.JSONObject)
IPrivilege(com.sun.identity.entitlement.IPrivilege)
Privilege(com.sun.identity.entitlement.Privilege)
ReferralPrivilege(com.sun.identity.entitlement.ReferralPrivilege)
Example 77 with SSOToken
use of com.iplanet.sso.SSOToken in project OpenAM by OpenRock.
the class DataStore method searchReferral.
/**
* Returns a set of referral privilege that satifies the resource and
* subject indexes.
*
* @param adminToken Subject who has the rights to read datastore.
* @param realm Realm name
* @param iterator Buffered iterator to have the result fed to it.
* @param indexes Resource search indexes.
* @param bSubTree <code>true</code> to do sub tree search
* @param excludeDNs Set of DN to be excluded from the search results.
* @return a set of privilege that satifies the resource and subject
* indexes.
*/
public Set<ReferralPrivilege> searchReferral(SSOToken adminToken, String realm, BufferedIterator iterator, ResourceSearchIndexes indexes, boolean bSubTree, Set<String> excludeDNs) throws EntitlementException {
Set<ReferralPrivilege> results = new HashSet<ReferralPrivilege>();
String filter = getFilter(indexes, null, bSubTree);
String baseDN = getSearchBaseDN(realm, REFERRAL_STORE);
if (PolicyConstants.DEBUG.messageEnabled()) {
PolicyConstants.DEBUG.message("[PolicyEval] DataStore.searchReferral");
PolicyConstants.DEBUG.message("[PolicyEval] search filter: " + filter);
PolicyConstants.DEBUG.message("[PolicyEval] search DN: " + baseDN);
}
if (filter != null) {
SSOToken token = (SSOToken) AccessController.doPrivileged(AdminTokenAction.getInstance());
long start = DB_MONITOR_REFERRAL.start();
if (SMSEntry.checkIfEntryExists(baseDN, token)) {
try {
Iterator i = SMSEntry.search(token, baseDN, filter, NO_LIMIT, NO_LIMIT, NOT_SORTED, NOT_SORTED, excludeDNs);
while (i.hasNext()) {
SMSDataEntry e = (SMSDataEntry) i.next();
ReferralPrivilege referral = ReferralPrivilege.getInstance(new JSONObject(e.getAttributeValue(SERIALIZABLE_INDEX_KEY)));
iterator.add(referral);
results.add(referral);
}
iterator.isDone();
} catch (JSONException e) {
Object[] arg = { baseDN };
throw new EntitlementException(52, arg, e);
} catch (SMSException e) {
Object[] arg = { baseDN };
throw new EntitlementException(52, arg, e);
}
}
DB_MONITOR_REFERRAL.end(start);
}
return results;
}
Also used :
EntitlementException(com.sun.identity.entitlement.EntitlementException)
ReferralPrivilege(com.sun.identity.entitlement.ReferralPrivilege)
SSOToken(com.iplanet.sso.SSOToken)
JSONObject(org.json.JSONObject)
SMSDataEntry(com.sun.identity.sm.SMSDataEntry)
SMSException(com.sun.identity.sm.SMSException)
BufferedIterator(com.sun.identity.shared.BufferedIterator)
Iterator(java.util.Iterator)
JSONException(org.json.JSONException)
HashSet(java.util.HashSet)
Example 78 with SSOToken
use of com.iplanet.sso.SSOToken in project OpenAM by OpenRock.
the class LogConfigReader method newStatusIsInactive.
private boolean newStatusIsInactive() {
SSOToken ssoToken;
try {
ssoToken = getSSOToken();
} catch (SSOException ssoe) {
debug.error("LogConfigReader:newStatusIsInactive:" + "Could not get proper SSOToken", ssoe);
return false;
}
try {
ServiceSchemaManager schemaManager = new ServiceSchemaManager("iPlanetAMLoggingService", ssoToken);
ServiceSchema smsLogSchema = schemaManager.getGlobalSchema();
Map sss = smsLogSchema.getAttributeDefaults();
String key = LogConstants.LOG_STATUS_ATTR;
String value = CollectionHelper.getMapAttr(sss, key);
if ((value == null) || (value.length() == 0)) {
value = "ACTIVE";
}
return (value.equalsIgnoreCase("INACTIVE"));
} catch (Exception e) {
debug.error("LogConfigReader:newStatusIsInactive:" + "error reading Log Status attribute: " + e.getMessage());
}
return false;
}
Also used :
ServiceSchema(com.sun.identity.sm.ServiceSchema)
SSOToken(com.iplanet.sso.SSOToken)
SSOException(com.iplanet.sso.SSOException)
Map(java.util.Map)
ServiceSchemaManager(com.sun.identity.sm.ServiceSchemaManager)
SMSException(com.sun.identity.sm.SMSException)
IOException(java.io.IOException)
SSOException(com.iplanet.sso.SSOException)
UnsupportedEncodingException(java.io.UnsupportedEncodingException)
Example 79 with SSOToken
use of com.iplanet.sso.SSOToken in project OpenAM by OpenRock.
the class CreateServiceConfig method createService.
static void createService(ServiceManager sm, String sName, String version, Node configNode, boolean createRealms, AMEncryption decryptObj) throws SMSException, SSOException {
// Make sure schema exists for the given service & version
SSOToken token = sm.getSSOToken();
ServiceSchemaManagerImpl ssm = ServiceSchemaManagerImpl.getInstance(token, sName, version);
// Construct the base DN
String baseDN = ServiceManager.getServiceNameDN(sName, version);
checkBaseNodes(token, baseDN);
// Check for instance nodes
Iterator insNodes = XMLUtils.getChildNodes(configNode, SMSUtils.INSTANCE).iterator();
while (insNodes.hasNext()) {
Node insNode = (Node) insNodes.next();
String insName = XMLUtils.getNodeAttributeValue(insNode, SMSUtils.NAME);
if (insName == null) {
insName = SMSUtils.DEFAULT;
}
String insGroup = XMLUtils.getNodeAttributeValue(insNode, SMSUtils.GROUP);
if (insGroup == null) {
insGroup = SMSUtils.DEFAULT;
}
String insUri = XMLUtils.getNodeAttributeValue(insNode, SMSUtils.URI);
// Get Attribute Value Pairs, if any
Map insAttrs = getAttributeValuePairs(insNode);
StringBuilder sb = new StringBuilder(100);
sb.append("ou=").append(insName).append(",").append(INSTANCES_NODE).append(baseDN);
CachedSMSEntry cEntry = CachedSMSEntry.getInstance(token, sb.toString());
if (cEntry.isDirty()) {
cEntry.refresh();
}
SMSEntry insEntry = cEntry.getSMSEntry();
if (insEntry.isNewEntry()) {
// create the entry
insEntry = cEntry.getClonedSMSEntry();
insEntry.addAttribute(SMSEntry.ATTR_OBJECTCLASS, SMSEntry.OC_TOP);
insEntry.addAttribute(SMSEntry.ATTR_OBJECTCLASS, SMSEntry.OC_SERVICE_COMP);
insEntry.addAttribute(SMSEntry.ATTR_SERVICE_ID, insGroup);
if (insUri != null) {
insEntry.addAttribute(SMSEntry.ATTR_LABELED_URI, insUri);
}
if (insAttrs != null) {
SMSUtils.setAttributeValuePairs(insEntry, insAttrs, Collections.EMPTY_SET);
}
insEntry.save(token);
cEntry.refresh(insEntry);
updateSubEntriesNode(token, insEntry.getDN());
} else {
// throw instance already exists exception
Object[] args = { sName, version };
throw (new SMSException(IUMSConstants.UMS_BUNDLE_NAME, IUMSConstants.SMS_service_already_exists, args));
}
}
// Process global configuration
Iterator globalNodes = XMLUtils.getChildNodes(configNode, SMSUtils.GLOBAL_CONFIG).iterator();
while (globalNodes.hasNext()) {
Node globalNode = (Node) globalNodes.next();
ServiceSchemaImpl ss = ssm.getSchema(SchemaType.GLOBAL);
String globalGroup = XMLUtils.getNodeAttributeValue(globalNode, SMSUtils.GROUP);
if (globalGroup == null) {
globalGroup = SMSUtils.DEFAULT;
}
StringBuilder sb = new StringBuilder(100);
sb.append("ou=").append(globalGroup).append(",").append(GLOBAL_CONFIG_NODE).append(baseDN);
createSubConfig(token, sb.toString(), globalNode, ss, baseDN, decryptObj);
}
// Process organization configuration
Iterator orgNodes = XMLUtils.getChildNodes(configNode, SMSUtils.ORG_CONFIG).iterator();
while (orgNodes.hasNext()) {
Node orgNode = (Node) orgNodes.next();
ServiceSchemaImpl ss = ssm.getSchema(SchemaType.ORGANIZATION);
String orgGroup = XMLUtils.getNodeAttributeValue(orgNode, SMSUtils.GROUP);
if (orgGroup == null) {
orgGroup = SMSUtils.DEFAULT;
}
// Construct the org name
String orgDN = SMSEntry.baseDN;
String orgName = XMLUtils.getNodeAttributeValue(orgNode, SMSUtils.NAME);
if (orgName != null) {
if (LDAPUtils.isDN(orgName)) {
orgDN = orgName;
} else if (orgName.indexOf('/') != -1) {
orgDN = DNMapper.orgNameToDN(orgName);
}
}
// Check if config nodes exists
checkBaseNodesForOrg(token, orgDN, sName, version, createRealms);
// create sub-config node
StringBuilder sb = new StringBuilder(100);
sb.append("ou=").append(orgGroup).append(",").append(ORG_CONFIG_NODE).append("ou=").append(version).append(",ou=").append(sName).append(",ou=services,").append(orgDN);
createSubConfig(token, sb.toString(), orgNode, ss, orgDN, decryptObj);
// Process OrganizationAttributeValuePairs
Node orgAttrValuePairNode = XMLUtils.getChildNode(orgNode, SMSUtils.ORG_ATTRIBUTE_VALUE_PAIR);
if (orgAttrValuePairNode != null) {
// Get the attributes
Map attrs = getAttributeValuePairs(orgAttrValuePairNode);
OrganizationConfigManager ocm = new OrganizationConfigManager(token, orgDN);
ocm.setAttributes(sName, attrs);
}
}
// Process Plugin configuration
Iterator pNodes = XMLUtils.getChildNodes(configNode, SMSUtils.PLUGIN_CONFIG).iterator();
while (pNodes.hasNext()) {
Node pNode = (Node) pNodes.next();
String pName = XMLUtils.getNodeAttributeValue(pNode, SMSUtils.NAME);
String schemaName = XMLUtils.getNodeAttributeValue(pNode, SMSUtils.PLUGIN_CONFIG_SCHEMA_NAME);
String intName = XMLUtils.getNodeAttributeValue(pNode, SMSUtils.PLUGIN_CONFIG_INT_NAME);
String orgName = DNMapper.orgNameToDN(XMLUtils.getNodeAttributeValue(pNode, SMSUtils.PLUGIN_CONFIG_ORG_NAME));
// Get the PluginSchema
PluginSchemaImpl psi = PluginSchemaImpl.getInstance(token, sName, version, schemaName, intName, orgName);
// Check if config nodes exists
checkBaseNodesForOrg(token, orgName, sName, version);
// Check and create interfaces node
StringBuilder sb = new StringBuilder(100);
sb.append("ou=").append(intName).append(",").append(PLUGIN_CONFIG_NODE).append("ou=").append(version).append(",ou=").append(sName).append(",ou=services,").append(orgName);
checkAndCreateServiceNode(token, sb.toString());
// Check and create schema node
sb.insert(0, ",").insert(0, schemaName).insert(0, "ou=");
checkAndCreateServiceNode(token, sb.toString());
// Create plugin config node
sb.insert(0, ",").insert(0, pName).insert(0, "ou=");
createSubConfig(token, sb.toString(), pNode, psi, orgName, decryptObj);
}
}Example 80 with SSOToken
use of com.iplanet.sso.SSOToken in project OpenAM by OpenRock.
the class AuthLevelConditionTest method conditionShouldEvaluateToTrueWhenUsingAuthLevelsFromSSOTokenWithRealmAndIsGE.
@Test
public void conditionShouldEvaluateToTrueWhenUsingAuthLevelsFromSSOTokenWithRealmAndIsGE() throws EntitlementException, SSOException {
//Given
String realm = "REALM";
Subject subject = new Subject();
String resourceName = "RESOURCE_NAME";
Map<String, Set<String>> env = new HashMap<String, Set<String>>();
SSOToken ssoToken = mock(SSOToken.class);
Set<String> authenticatedLevels = new HashSet<String>();
given(coreWrapper.getDataFromRealmQualifiedData("3")).willReturn("3");
given(coreWrapper.getDataFromRealmQualifiedData("4")).willReturn("4");
given(coreWrapper.getDataFromRealmQualifiedData("6")).willReturn("6");
condition.setState("{\"authLevel\": 5}");
subject.getPrivateCredentials().add(ssoToken);
authenticatedLevels.add("3");
authenticatedLevels.add("4");
authenticatedLevels.add("6");
given(coreWrapper.getAuthenticatedLevels(ssoToken)).willReturn(authenticatedLevels);
//When
ConditionDecision decision = condition.evaluate(realm, subject, resourceName, env);
//Then
assertThat(decision.isSatisfied()).isTrue();
assertThat(decision.getAdvice()).isEmpty();
}Aggregations
SSOToken (com.iplanet.sso.SSOToken)776
SSOException (com.iplanet.sso.SSOException)390
Set (java.util.Set)226
SMSException (com.sun.identity.sm.SMSException)218
HashSet (java.util.HashSet)179
IdRepoException (com.sun.identity.idm.IdRepoException)144
HashMap (java.util.HashMap)130
Test (org.testng.annotations.Test)130
CLIException (com.sun.identity.cli.CLIException)117
Iterator (java.util.Iterator)115
AMIdentity (com.sun.identity.idm.AMIdentity)113
Map (java.util.Map)113
IOutput (com.sun.identity.cli.IOutput)99
IOException (java.io.IOException)68
List (java.util.List)57
AMIdentityRepository (com.sun.identity.idm.AMIdentityRepository)56
IdType (com.sun.identity.idm.IdType)54
ServiceConfigManager (com.sun.identity.sm.ServiceConfigManager)53
EntitlementException (com.sun.identity.entitlement.EntitlementException)52
ServiceConfig (com.sun.identity.sm.ServiceConfig)52
