Search in sources :

Example 21 with CLIException

use of com.sun.identity.cli.CLIException in project OpenAM by OpenRock.

the class SetConfigurations method handleRequest.

/**
     * Services a Commandline Request.
     *
     * @param rc Request Context.
     * @throws CLIException if the request cannot serviced.
     */
@Override
public void handleRequest(RequestContext rc) throws CLIException {
    super.handleRequest(rc);
    ldapLogin();
    String datafile = getStringOptionValue(IArgument.DATA_FILE);
    List attrValues = rc.getOption(IArgument.ATTRIBUTE_VALUES);
    if ((datafile == null) && (attrValues == null)) {
        throw new CLIException(getResourceString("missing-attributevalues"), ExitCodes.INCORRECT_OPTION, rc.getSubCommand().getName());
    }
    Map<String, Set<String>> attributeValues = AttributeValues.parse(getCommandManager(), datafile, attrValues);
    writeLog(LogWriter.LOG_ACCESS, Level.INFO, "ATTEMPT_MODIFY_ENTITLEMENT_SVC", null);
    try {
        ServiceSchemaManager ssm = new ServiceSchemaManager(EntitlementService.SERVICE_NAME, getAdminSSOToken());
        validateData(attributeValues, ssm);
        ServiceSchema gss = ssm.getGlobalSchema();
        gss.setAttributeDefaults(attributeValues);
        getOutputWriter().printlnMessage(getResourceString("set-entitlement-config-succeeded"));
        writeLog(LogWriter.LOG_ACCESS, Level.INFO, "SUCCEEDED_MODIFY_ENTITLEMENT_SVC", null);
    } catch (SMSException e) {
        String[] paramExs = { e.getMessage() };
        writeLog(LogWriter.LOG_ACCESS, Level.INFO, "FAILED_MODIFY_ENTITLEMENT_SVC", paramExs);
        throw new CLIException(e, ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
    } catch (SSOException e) {
        String[] paramExs = { e.getMessage() };
        writeLog(LogWriter.LOG_ACCESS, Level.INFO, "FAILED_MODIFY_ENTITLEMENT_SVC", paramExs);
        throw new CLIException(e, ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
    } catch (CLIException e) {
        String[] paramExs = { e.getMessage() };
        writeLog(LogWriter.LOG_ACCESS, Level.INFO, "FAILED_MODIFY_ENTITLEMENT_SVC", paramExs);
        throw e;
    }
}
Also used : ServiceSchema(com.sun.identity.sm.ServiceSchema) Set(java.util.Set) SMSException(com.sun.identity.sm.SMSException) CLIException(com.sun.identity.cli.CLIException) List(java.util.List) SSOException(com.iplanet.sso.SSOException) ServiceSchemaManager(com.sun.identity.sm.ServiceSchemaManager)

Example 22 with CLIException

use of com.sun.identity.cli.CLIException in project OpenAM by OpenRock.

the class DeleteRealm method handleRequest.

/**
     * Services a Commandline Request.
     *
     * @param rc Request Context.
     * @throws CLIException if the request cannot serviced.
     */
public void handleRequest(RequestContext rc) throws CLIException {
    super.handleRequest(rc);
    ldapLogin();
    SSOToken adminSSOToken = getAdminSSOToken();
    String realm = getStringOptionValue(IArgument.REALM_NAME);
    boolean recursive = isOptionSet(IArgument.RECURSIVE);
    String strRecursive = (recursive) ? "recursive" : "non recursive";
    String[] params = { realm, strRecursive };
    writeLog(LogWriter.LOG_ACCESS, Level.INFO, "ATTEMPT_DELETE_REALM", params);
    try {
        OrganizationConfigManager ocm = new OrganizationConfigManager(adminSSOToken, realm);
        ocm.deleteSubOrganization(null, recursive);
        getOutputWriter().printlnMessage(getResourceString("delete-realm-succeed"));
        writeLog(LogWriter.LOG_ACCESS, Level.INFO, "SUCCEED_DELETE_REALM", params);
    } catch (SMSException e) {
        String[] args = { realm, strRecursive, e.getMessage() };
        debugError("DeleteRealm.handleRequest", e);
        writeLog(LogWriter.LOG_ERROR, Level.INFO, "FAILED_DELETE_REALM", args);
        throw new CLIException(e, ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
    }
}
Also used : SSOToken(com.iplanet.sso.SSOToken) SMSException(com.sun.identity.sm.SMSException) OrganizationConfigManager(com.sun.identity.sm.OrganizationConfigManager) CLIException(com.sun.identity.cli.CLIException)

Example 23 with CLIException

use of com.sun.identity.cli.CLIException in project OpenAM by OpenRock.

the class ListXACML method getPolicies.

/**
     * Uses the Realm and Search Filters to identify all Privileges in the Entitlement
     * framework to export.
     *
     * @throws CLIException If there was an unexpected error.
     */
private void getPolicies() throws CLIException {
    FileOutputStream fout = null;
    PrintWriter pwout = null;
    if (outfile != null) {
        try {
            fout = new FileOutputStream(outfile, true);
            pwout = new PrintWriter(fout, true);
        } catch (FileNotFoundException e) {
            debugError("ListXACML.handleXACMLPolicyRequest", e);
            try {
                if (fout != null) {
                    fout.close();
                }
            } catch (IOException ex) {
            //do nothing
            }
            throw new CLIException(e, ExitCodes.IO_EXCEPTION);
        } catch (SecurityException e) {
            debugError("ListXACML.handleXACMLPolicyRequest", e);
            try {
                if (fout != null) {
                    fout.close();
                }
            } catch (IOException ex) {
            //do nothing
            }
            throw new CLIException(e, ExitCodes.IO_EXCEPTION);
        }
    }
    PolicySet policySet = null;
    try {
        PrivilegeValidator privilegeValidator = new PrivilegeValidator(new RealmValidator(new OrganizationConfigManager(adminSSOToken, "/")));
        XACMLExportImport importExport = new XACMLExportImport(new XACMLExportImport.PrivilegeManagerFactory(), new XACMLReaderWriter(), privilegeValidator, new SearchFilterFactory(), PrivilegeManager.debug);
        policySet = importExport.exportXACML(realm, adminSubject, filters);
    } catch (EntitlementException e) {
        String[] args = { realm, e.getMessage() };
        debugError("ListXACML.handleRequest", e);
        writeLog(LogWriter.LOG_ERROR, Level.INFO, "FAILED_GET_POLICY_IN_REALM", args);
        throw new CLIException(e, ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
    } catch (SMSException e) {
        String[] args = { realm, e.getMessage() };
        debugError("ListXACML.handleRequest", e);
        writeLog(LogWriter.LOG_ERROR, Level.INFO, "FAILED_GET_POLICY_IN_REALM", args);
        throw new CLIException(e, ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
    }
    if (policySet == null || policySet.getPolicySetOrPolicyOrPolicySetIdReference().isEmpty()) {
        String[] arg = { realm };
        outputWriter.printlnMessage(MessageFormat.format(getResourceString("get-policy-in-realm-no-policies"), (Object[]) arg));
    } else {
        try {
            if (pwout != null) {
                pwout.write(XACMLPrivilegeUtils.toXML(policySet));
            } else {
                outputWriter.printlnMessage(XACMLPrivilegeUtils.toXML(policySet));
            }
        } catch (EntitlementException e) {
            throw new CLIException(e, ExitCodes.IO_EXCEPTION);
        }
        writeLog(LogWriter.LOG_ACCESS, Level.INFO, "SUCCEED_GET_POLICY_IN_REALM", new String[] { realm });
        String[] arg = { realm };
        outputWriter.printlnMessage(MessageFormat.format(getResourceString("get-policy-in-realm-succeed"), (Object[]) arg));
        if (pwout != null) {
            try {
                pwout.close();
                fout.close();
            } catch (IOException e) {
            //do nothing
            }
        }
    }
}
Also used : SearchFilterFactory(com.sun.identity.entitlement.xacml3.SearchFilterFactory) SMSException(com.sun.identity.sm.SMSException) FileNotFoundException(java.io.FileNotFoundException) XACMLExportImport(com.sun.identity.entitlement.xacml3.XACMLExportImport) IOException(java.io.IOException) PolicySet(com.sun.identity.entitlement.xacml3.core.PolicySet) PrivilegeValidator(com.sun.identity.entitlement.xacml3.validation.PrivilegeValidator) EntitlementException(com.sun.identity.entitlement.EntitlementException) FileOutputStream(java.io.FileOutputStream) OrganizationConfigManager(com.sun.identity.sm.OrganizationConfigManager) CLIException(com.sun.identity.cli.CLIException) RealmValidator(com.sun.identity.entitlement.xacml3.validation.RealmValidator) XACMLReaderWriter(com.sun.identity.entitlement.xacml3.XACMLReaderWriter) PrintWriter(java.io.PrintWriter)

Example 24 with CLIException

use of com.sun.identity.cli.CLIException in project OpenAM by OpenRock.

the class ListXACML method handleRequest.

/**
     * Services a Commandline Request.
     *
     * @param rc Request Context.
     * @throws CLIException if the request cannot serviced.
     */
public void handleRequest(RequestContext rc) throws CLIException {
    super.handleRequest(rc);
    ldapLogin();
    // FIXME: change to use entitlementService.xacmlPrivilegeEnabled()
    EntitlementConfiguration ec = EntitlementConfiguration.getInstance(adminSubject, "/");
    if (!ec.migratedToEntitlementService()) {
        String[] args = { realm, "ANY", "list-xacml not supported in  legacy policy mode" };
        debugError("ListXACML.handleRequest(): " + "list-xacml not supported in  legacy policy mode");
        writeLog(LogWriter.LOG_ERROR, Level.INFO, "FAILED_GET_POLICY_IN_REALM", args);
        throw new CLIException(getResourceString("list-xacml-not-supported-in-legacy-policy-mode"), ExitCodes.REQUEST_CANNOT_BE_PROCESSED, "list-xacml");
    }
    adminSSOToken = getAdminSSOToken();
    if (!XACMLUtils.hasPermission(realm, adminSSOToken, "READ")) {
        String errorMessage = MessageFormat.format(getResourceString("permission-denied"), "list-xacml", getAdminID());
        String[] args = { realm, "ANY", errorMessage };
        writeLog(LogWriter.LOG_ERROR, Level.INFO, "FAILED_GET_POLICY_IN_REALM", args);
        throw new CLIException(errorMessage, ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
    }
    adminSubject = SubjectUtils.createSubject(adminSSOToken);
    realm = getStringOptionValue(IArgument.REALM_NAME);
    getPolicyNamesOnly = isOptionSet("namesonly");
    filters = (List) rc.getOption(ARGUMENT_POLICY_NAMES);
    outfile = getStringOptionValue(IArgument.OUTPUT_FILE);
    outputWriter = getOutputWriter();
    if (getPolicyNamesOnly) {
        getPolicyNames();
    } else {
        getPolicies();
    }
}
Also used : EntitlementConfiguration(com.sun.identity.entitlement.EntitlementConfiguration) CLIException(com.sun.identity.cli.CLIException)

Example 25 with CLIException

use of com.sun.identity.cli.CLIException in project OpenAM by OpenRock.

the class RemoveApplicationPrivilegeResources method handleRequest.

/**
     * Services a Commandline Request.
     *
     * @param rc Request Context.
     * @throws CLIException if the request cannot serviced.
     */
@Override
public void handleRequest(RequestContext rc) throws CLIException {
    super.handleRequest(rc);
    String realm = getStringOptionValue(IArgument.REALM_NAME);
    String name = getStringOptionValue(PARAM_NAME);
    String[] params = { realm, name };
    try {
        Map<String, Set<String>> mapAppToResources = getApplicationResourcesMap(rc, realm);
        Subject userSubject = SubjectUtils.createSubject(getAdminSSOToken());
        ApplicationPrivilegeManager apm = ApplicationPrivilegeManager.getInstance(realm, userSubject);
        writeLog(LogWriter.LOG_ACCESS, Level.INFO, "ATTEMPT_UPDATE_APPLICATION_PRIVILEGE", params);
        ApplicationPrivilege appPrivilege = apm.getPrivilege(name);
        Map<String, Set<String>> origAppToResources = getApplicationToResources(appPrivilege);
        removeFromMap(origAppToResources, mapAppToResources);
        if (origAppToResources.isEmpty()) {
            throw new CLIException(getResourceString("remove-application-privilege-resources-emptied-resources"), ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
        }
        appPrivilege.setApplicationResources(origAppToResources);
        apm.replacePrivilege(appPrivilege);
        Object[] msgParam = { name };
        getOutputWriter().printlnMessage(MessageFormat.format(getResourceString("update-application-privilege-succeeded"), msgParam));
        writeLog(LogWriter.LOG_ACCESS, Level.INFO, "SUCCEEDED_UPDATE_APPLICATION_PRIVILEGE", params);
    } catch (EntitlementException ex) {
        String[] paramExs = { realm, name, ex.getMessage() };
        writeLog(LogWriter.LOG_ACCESS, Level.INFO, "FAILED_UPDATE_APPLICATION_PRIVILEGE", paramExs);
        throw new CLIException(ex, ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
    }
}
Also used : EntitlementException(com.sun.identity.entitlement.EntitlementException) Set(java.util.Set) ApplicationPrivilege(com.sun.identity.entitlement.ApplicationPrivilege) CLIException(com.sun.identity.cli.CLIException) ApplicationPrivilegeManager(com.sun.identity.entitlement.ApplicationPrivilegeManager) Subject(javax.security.auth.Subject)

Aggregations

CLIException (com.sun.identity.cli.CLIException)282 SSOException (com.iplanet.sso.SSOException)171 SMSException (com.sun.identity.sm.SMSException)150 IOutput (com.sun.identity.cli.IOutput)136 SSOToken (com.iplanet.sso.SSOToken)116 Set (java.util.Set)88 Iterator (java.util.Iterator)62 List (java.util.List)61 IOException (java.io.IOException)53 IdRepoException (com.sun.identity.idm.IdRepoException)48 ServiceSchema (com.sun.identity.sm.ServiceSchema)46 AMIdentity (com.sun.identity.idm.AMIdentity)43 Map (java.util.Map)42 ServiceSchemaManager (com.sun.identity.sm.ServiceSchemaManager)33 AMIdentityRepository (com.sun.identity.idm.AMIdentityRepository)29 AttributeSchema (com.sun.identity.sm.AttributeSchema)28 CLIRequest (com.sun.identity.cli.CLIRequest)27 AfterTest (org.testng.annotations.AfterTest)27 BeforeTest (org.testng.annotations.BeforeTest)27 Test (org.testng.annotations.Test)27