Example 1 with AccessRightsException
use of com.iplanet.ums.AccessRightsException in project OpenAM by OpenRock.
the class DirectoryServicesImpl method setAttributes.
// TODO: method rename from setProfileAttributes to setAttributes
/**
* Method Set the attributes of an entry.
*
* @param token
* SSOToken
* @param entryDN
* DN of the profile whose template is to be set
* @param objectType
* profile type
* @param stringAttributes
* attributes to be set
* @param byteAttributes
* attributes to be set
* @param isAdd
* <code>true</code> if add to existing value;
* otherwise replace the existing value.
*/
public void setAttributes(SSOToken token, String entryDN, int objectType, Map stringAttributes, Map byteAttributes, boolean isAdd) throws AMException, SSOException {
Map oldAttributes = null;
EmailNotificationHelper mailer = null;
validateAttributeUniqueness(entryDN, objectType, false, stringAttributes);
String eDN = entryDN;
if (objectType == AMObject.USER) {
eDN = DN.valueOf(entryDN).parent().toString();
}
String orgDN = getOrganizationDN(internalToken, eDN);
try {
if (debug.messageEnabled()) {
debug.message("DirectoryServicesImpl.setAttributes() entryDN: " + entryDN);
}
if (objectType == AMObject.USER) {
// Create user modification list
// Invoke the user password validation plugin. Note: the
// validation is done only for String attributes
UserPasswordValidationHelper pluginImpl = new UserPasswordValidationHelper(token, orgDN);
try {
pluginImpl.validate(stringAttributes);
} catch (AMException ame) {
debug.error("DirectoryServicesImpl.setAttributes(): Invalid " + "characters for user", ame);
throw ame;
}
// Create a mailter instance
mailer = new EmailNotificationHelper(entryDN);
mailer.setUserModifyNotificationList();
}
if ((getUserPostPlugin() != null) || (mailer != null && mailer.isPresentUserModifyNotificationList())) {
Set attrNames = stringAttributes.keySet();
oldAttributes = getAttributes(token, entryDN, attrNames, objectType);
}
// Call pre-processing user impls & get modified attributes
// Note currently only String attributes supported
stringAttributes = processPreModifyCallBacks(token, entryDN, oldAttributes, stringAttributes, orgDN, objectType);
// Set DCTree attributes
setDCTreeAttributes(token, entryDN, stringAttributes, objectType);
// modify and save the entry
modifyAndSaveEntry(token, entryDN, stringAttributes, byteAttributes, isAdd);
} catch (AccessRightsException e) {
if (debug.warningEnabled()) {
debug.warning("DirectoryServicesImpl.setAttributes() User does " + "not have sufficient access rights: ", e);
}
throw new AMException(token, "460");
} catch (EntryNotFoundException ee) {
if (debug.warningEnabled()) {
debug.warning("DirectoryServicesImpl.setAttributes() Entry not " + "found: ", ee);
}
String msgid = getEntryNotFoundMsgID(objectType);
String entryName = getEntryName(ee);
Object[] args = { entryName };
throw new AMException(AMSDKBundle.getString(msgid, args), msgid, args);
} catch (UMSException e) {
if (debug.warningEnabled())
debug.warning("DirectoryServicesImpl.setAttributes() Internal " + "error occurred", e);
processInternalException(token, e, "452");
}
processPostModifyCallBacks(token, entryDN, oldAttributes, stringAttributes, orgDN, objectType);
if (objectType == AMObject.USER) {
AMUserEntryProcessed postPlugin = getUserPostPlugin();
if (postPlugin != null) {
// Invoke pre processing impls
postPlugin.processUserModify(token, entryDN, oldAttributes, stringAttributes);
}
if (mailer != null && mailer.isPresentUserModifyNotificationList()) {
mailer.sendUserModifyNotification(token, stringAttributes, oldAttributes);
}
}
}
Also used :
AccessRightsException(com.iplanet.ums.AccessRightsException)
Set(java.util.Set)
OrderedSet(com.sun.identity.shared.datastruct.OrderedSet)
TreeSet(java.util.TreeSet)
HashSet(java.util.HashSet)
AttrSet(com.iplanet.services.ldap.AttrSet)
UMSException(com.iplanet.ums.UMSException)
EntryNotFoundException(com.iplanet.ums.EntryNotFoundException)
AMException(com.iplanet.am.sdk.AMException)
AMUserEntryProcessed(com.iplanet.am.sdk.AMUserEntryProcessed)
Map(java.util.Map)
AMHashMap(com.iplanet.am.sdk.AMHashMap)
HashMap(java.util.HashMap)
TreeMap(java.util.TreeMap)
Example 2 with AccessRightsException
use of com.iplanet.ums.AccessRightsException in project OpenAM by OpenRock.
the class DirectoryServicesImpl method createUser.
/**
* Method to create a user entry
*/
private void createUser(SSOToken token, PersistentObject parentObj, Map attributes, String profileName) throws UMSException, AMEntryExistsException, AMException {
String orgDN = getOrganizationDN(internalToken, parentObj.getDN());
// Invoke the Pre Processing plugin
String entryDN = getNamingAttribute(AMObject.USER) + "=" + profileName + "," + parentObj.getDN();
attributes = callBackHelper.preProcess(token, entryDN, orgDN, null, attributes, CallBackHelper.CREATE, AMObject.USER, false);
AttrSet attrSet = CommonUtils.mapToAttrSet(attributes);
makeNamingFirst(attrSet, getNamingAttribute(AMObject.USER), profileName);
// Invoke the user password validation plugin
UserPasswordValidationHelper pluginImpl = new UserPasswordValidationHelper(token, orgDN);
try {
pluginImpl.validate(CommonUtils.attrSetToMap(attrSet));
} catch (AMException ame) {
debug.error("DirectoryServicesImpl.createUser(): Invalid " + "characters for user", ame);
throw ame;
}
TemplateManager tempMgr = TemplateManager.getTemplateManager();
CreationTemplate creationTemp = tempMgr.getCreationTemplate("BasicUser", new Guid(orgDN), TemplateManager.SCOPE_ANCESTORS);
attrSet = combineOCs(creationTemp, attrSet);
// User user = new User(creationTemp, attrSet);
PersistentObject user = new PersistentObject(creationTemp, attrSet);
try {
parentObj.addChild(user);
} catch (AccessRightsException e) {
if (debug.warningEnabled()) {
debug.warning("DirectoryServicesImpl.createUser(): Insufficient " + "Access rights to create user", e);
}
throw new AMException(token, "460");
} catch (EntryAlreadyExistsException ee) {
if (ComplianceServicesImpl.isComplianceUserDeletionEnabled()) {
// COMPLIANCE
// If the existing entry is marked for deletion, then
// the error message should be different.
complianceImpl.checkIfDeletedUser(token, user.getDN());
}
if (debug.warningEnabled()) {
debug.warning("DirectoryServicesImpl.createUser() User " + "already exists: ", ee);
}
throw new AMEntryExistsException(token, "328", ee);
} catch (UMSException ue) {
if (debug.warningEnabled()) {
debug.warning("DirectoryServicesImpl.createUser(): Internal " + "Error occurred. Unable to create User Entry", ue);
}
processInternalException(token, ue, "324");
}
// Invoke Post processing impls
callBackHelper.postProcess(token, user.getDN(), orgDN, null, attributes, CallBackHelper.CREATE, AMObject.USER, false);
// TODO: REMOVE after Portal moves to new API's
AMUserEntryProcessed postPlugin = getUserPostPlugin();
if (postPlugin != null) {
Map attrMap = CommonUtils.attrSetToMap(attrSet);
postPlugin.processUserAdd(token, user.getDN(), attrMap);
}
EmailNotificationHelper mailerObj = new EmailNotificationHelper(user.getDN());
mailerObj.setUserCreateNotificationList();
mailerObj.sendUserCreateNotification(attributes);
}
Also used :
AccessRightsException(com.iplanet.ums.AccessRightsException)
UMSException(com.iplanet.ums.UMSException)
AMException(com.iplanet.am.sdk.AMException)
PersistentObject(com.iplanet.ums.PersistentObject)
Guid(com.iplanet.ums.Guid)
EntryAlreadyExistsException(com.iplanet.ums.EntryAlreadyExistsException)
AttrSet(com.iplanet.services.ldap.AttrSet)
AMEntryExistsException(com.iplanet.am.sdk.AMEntryExistsException)
CreationTemplate(com.iplanet.ums.CreationTemplate)
TemplateManager(com.iplanet.ums.TemplateManager)
AMUserEntryProcessed(com.iplanet.am.sdk.AMUserEntryProcessed)
Map(java.util.Map)
AMHashMap(com.iplanet.am.sdk.AMHashMap)
HashMap(java.util.HashMap)
TreeMap(java.util.TreeMap)
Example 3 with AccessRightsException
use of com.iplanet.ums.AccessRightsException in project OpenAM by OpenRock.
the class DirectoryServicesImpl method createEntity.
/**
* Method to create a user entry
*/
private void createEntity(SSOToken token, PersistentObject parentObj, int objectType, Map attributes, String profileName) throws UMSException, AMEntryExistsException, AMException {
String orgDN = getOrganizationDN(internalToken, parentObj.getDN());
// Invoke the Pre Processing plugin
AttrSet attrSet = CommonUtils.mapToAttrSet(attributes);
makeNamingFirst(attrSet, getNamingAttribute(objectType), profileName);
String ctName = getCreationTemplateName(objectType);
if (ctName == null) {
// Create a user if no CT defined.
ctName = "BasicUser";
}
TemplateManager tempMgr = TemplateManager.getTemplateManager();
CreationTemplate creationTemp = tempMgr.getCreationTemplate(ctName, new Guid(orgDN), TemplateManager.SCOPE_ANCESTORS);
attrSet = combineOCs(creationTemp, attrSet);
PersistentObject user = new PersistentObject(creationTemp, attrSet);
try {
parentObj.addChild(user);
} catch (AccessRightsException e) {
if (debug.warningEnabled()) {
debug.warning("DirectoryServicesImpl.createEntity():" + " Insufficient Access rights to create entity", e);
}
throw new AMException(token, "460");
} catch (EntryAlreadyExistsException ee) {
if (ComplianceServicesImpl.isComplianceUserDeletionEnabled()) {
// COMPLIANCE
// If the existing entry is marked for deletion, then
// the error message should be different.
complianceImpl.checkIfDeletedUser(token, user.getDN());
}
if (debug.warningEnabled()) {
debug.warning("DirectoryServicesImpl.createEntity() Entity " + "already exists: ", ee);
}
throw new AMEntryExistsException(token, "462", ee);
} catch (UMSException ue) {
if (debug.warningEnabled()) {
debug.warning("DirectoryServicesImpl.createEntity(): Internal " + "Error occurred. Unable to create User Entry", ue);
}
processInternalException(token, ue, "324");
}
}
Also used :
CreationTemplate(com.iplanet.ums.CreationTemplate)
AccessRightsException(com.iplanet.ums.AccessRightsException)
UMSException(com.iplanet.ums.UMSException)
TemplateManager(com.iplanet.ums.TemplateManager)
PersistentObject(com.iplanet.ums.PersistentObject)
AMException(com.iplanet.am.sdk.AMException)
Guid(com.iplanet.ums.Guid)
EntryAlreadyExistsException(com.iplanet.ums.EntryAlreadyExistsException)
AttrSet(com.iplanet.services.ldap.AttrSet)
AMEntryExistsException(com.iplanet.am.sdk.AMEntryExistsException)
Example 4 with AccessRightsException
use of com.iplanet.ums.AccessRightsException in project OpenAM by OpenRock.
the class DirectoryServicesImpl method registerService.
/**
* Register a service for an org or org unit policy to a profile
*
* @param token
* token
* @param orgDN
* DN of the org
* @param serviceName
* Service Name
*/
public void registerService(SSOToken token, String orgDN, String serviceName) throws AMException, SSOException {
try {
// This returns a valid set only if the service has
// Dynamic attributes
Set attrNames = getServiceAttributesWithQualifier(token, serviceName);
if ((attrNames != null) && !attrNames.isEmpty()) {
PersistentObject po = UMSObject.getObjectHandle(token, new Guid(orgDN));
DirectCOSDefinition dcos = createCOSDefinition(serviceName, attrNames);
COSManager cm = COSManager.getCOSManager(token, po.getGuid());
cm.addDefinition(dcos);
}
} catch (AccessRightsException e) {
debug.error("DirectoryServicesImpl.registerService() " + "Insufficient access rights to register service: " + serviceName, e);
throw new AMException(token, "460");
} catch (EntryAlreadyExistsException e) {
if (debug.warningEnabled()) {
debug.warning("DirectoryServicesImpl.registerService() " + "Service " + serviceName + " already registered", e);
}
Object[] args = { serviceName };
String locale = CommonUtils.getUserLocale(token);
throw new AMException(AMSDKBundle.getString("464", args, locale), "464", args);
} catch (SMSException e) {
debug.error("DirectoryServicesImpl.registerService() Unable to " + "register service: " + serviceName, e);
throw new AMException(token, "914");
} catch (UMSException e) {
debug.error("DirectoryServicesImpl.registerService() Unable to " + "register service: " + serviceName, e);
throw new AMException(token, "914", e);
}
}
Also used :
DirectCOSDefinition(com.iplanet.ums.cos.DirectCOSDefinition)
AccessRightsException(com.iplanet.ums.AccessRightsException)
Set(java.util.Set)
OrderedSet(com.sun.identity.shared.datastruct.OrderedSet)
TreeSet(java.util.TreeSet)
HashSet(java.util.HashSet)
AttrSet(com.iplanet.services.ldap.AttrSet)
UMSException(com.iplanet.ums.UMSException)
SMSException(com.sun.identity.sm.SMSException)
PersistentObject(com.iplanet.ums.PersistentObject)
AMException(com.iplanet.am.sdk.AMException)
Guid(com.iplanet.ums.Guid)
COSManager(com.iplanet.ums.cos.COSManager)
EntryAlreadyExistsException(com.iplanet.ums.EntryAlreadyExistsException)
Example 5 with AccessRightsException
use of com.iplanet.ums.AccessRightsException in project OpenAM by OpenRock.
the class DirectoryServicesImpl method removeSubtree.
/**
* Private method used by "removeEntry" to delete an entire subtree
*/
private void removeSubtree(SSOToken token, String entryDN, boolean softDelete) throws AMException, SSOException {
int type = AMObject.UNKNOWN_OBJECT_TYPE;
try {
Guid guid = new Guid(entryDN);
PersistentObject po = UMSObject.getObjectHandle(internalToken, guid);
// first get all the children of the object
SearchControl control = new SearchControl();
control.setSearchScope(SearchControl.SCOPE_SUB);
String searchFilter = "(|(objectclass=*)(objectclass=ldapsubEntry))";
List list = new ArrayList();
// get number of RDNs in the entry itself
int entryRDNs = DN.valueOf(entryDN).size();
// to count maximum level of RDNs in the search return
int maxRDNCount = entryRDNs;
// go through all search results, add DN to the list, and
// set the maximun RDN count, will be used to remove DNs
SearchResults children = po.getChildren(searchFilter, control);
while (children.hasMoreElements()) {
PersistentObject object = children.next();
DN dn = DN.valueOf(object.getDN());
if (debug.messageEnabled()) {
debug.message("DirectoryServicesImpl.removeEntry(): " + "found child: " + object.getDN());
}
int count = dn.size();
if (count > maxRDNCount) {
maxRDNCount = count;
}
list.add(dn);
}
if (debug.messageEnabled()) {
debug.message("DirectoryServicesImpl.removeEntry(): max " + "RDNs: " + maxRDNCount);
}
// go through all search results, delete entries from the
// bottom up, starting from entries whose's RDN count
// equals the maxRDNCount
// TODO : If the list has too many entries, then the multiple
// iteration in the inner for loop may be the bottleneck.
// One enhancement to the existing algorithm is to store all
// the entries by level in a different List. Per Sai's comments
int len = list.size();
for (int i = maxRDNCount; i >= entryRDNs; i--) {
for (int j = 0; j < len; j++) {
DN dn = (DN) list.get(j);
// check if we need delete it now
if (dn.size() == i) {
// remove the entry
if (debug.messageEnabled()) {
debug.message("DirectoryServicesImpl." + "removeEntry(): del " + dn.toString());
}
String rfcDN = dn.toString();
type = AMObject.UNKNOWN_OBJECT_TYPE;
try {
type = getObjectType(internalToken, rfcDN);
} catch (AMException ae) {
// Not a managed type, just delete it.
Guid g = new Guid(rfcDN);
UMSObject.removeObject(token, g);
}
// Do a non-recursive delete
if (type != AMObject.UNKNOWN_OBJECT_TYPE && type != AMObject.UNDETERMINED_OBJECT_TYPE) {
try {
removeSingleEntry(token, rfcDN, type, softDelete);
} catch (AMPreCallBackException amp) {
debug.error("DirectoryServicesImpl." + "removeSubTree: Aborting delete of: " + rfcDN + " due to pre-callback exception", amp);
}
}
// remove the deleted entry from the list
list.remove(j);
// move back pointer, as current element is removed
j--;
// reduce list length
len--;
}
}
}
} catch (AccessRightsException e) {
debug.error("DirectoryServicesImpl.removeEntry() Insufficient " + "access rights to remove entry: " + entryDN, e);
throw new AMException(token, "460");
} catch (EntryNotFoundException e) {
String entry = getEntryName(e);
debug.error("DirectoryServicesImpl.removeEntry() Entry not found: " + entry, e);
String msgid = getEntryNotFoundMsgID(type);
Object[] args = { entry };
String locale = CommonUtils.getUserLocale(token);
throw new AMException(AMSDKBundle.getString(msgid, args, locale), msgid, args);
} catch (UMSException e) {
debug.error("DirectoryServicesImpl.removeEntry() Unable to remove: " + " Internal error occurred: ", e);
throw new AMException(token, "325", e);
}
}
Also used :
AccessRightsException(com.iplanet.ums.AccessRightsException)
UMSException(com.iplanet.ums.UMSException)
ArrayList(java.util.ArrayList)
PersistentObject(com.iplanet.ums.PersistentObject)
AMException(com.iplanet.am.sdk.AMException)
RDN(org.forgerock.opendj.ldap.RDN)
DN(org.forgerock.opendj.ldap.DN)
Guid(com.iplanet.ums.Guid)
AMSearchResults(com.iplanet.am.sdk.AMSearchResults)
SearchResults(com.iplanet.ums.SearchResults)
EntryNotFoundException(com.iplanet.ums.EntryNotFoundException)
List(java.util.List)
ArrayList(java.util.ArrayList)
SearchControl(com.iplanet.ums.SearchControl)
AMPreCallBackException(com.iplanet.am.sdk.AMPreCallBackException)
Aggregations
AMException (com.iplanet.am.sdk.AMException)10
AccessRightsException (com.iplanet.ums.AccessRightsException)10
UMSException (com.iplanet.ums.UMSException)10
Guid (com.iplanet.ums.Guid)9
PersistentObject (com.iplanet.ums.PersistentObject)8
AttrSet (com.iplanet.services.ldap.AttrSet)5
EntryAlreadyExistsException (com.iplanet.ums.EntryAlreadyExistsException)5
EntryNotFoundException (com.iplanet.ums.EntryNotFoundException)5
AMEntryExistsException (com.iplanet.am.sdk.AMEntryExistsException)3
AMHashMap (com.iplanet.am.sdk.AMHashMap)3
AMUserEntryProcessed (com.iplanet.am.sdk.AMUserEntryProcessed)3
COSManager (com.iplanet.ums.cos.COSManager)3
DirectCOSDefinition (com.iplanet.ums.cos.DirectCOSDefinition)3
HashMap (java.util.HashMap)3
Map (java.util.Map)3
TreeMap (java.util.TreeMap)3
AMPreCallBackException (com.iplanet.am.sdk.AMPreCallBackException)2
CreationTemplate (com.iplanet.ums.CreationTemplate)2
TemplateManager (com.iplanet.ums.TemplateManager)2
COSNotFoundException (com.iplanet.ums.cos.COSNotFoundException)2
