Example 1 with CaseInsensitiveHashSet
use of com.sun.identity.common.CaseInsensitiveHashSet in project OpenAM by OpenRock.
the class AMIdentity method modifyService.
/**
* Set attributes related to a specific service. The assumption is that the
* service is already assigned to the identity. The attributes for the
* service are validated against the service schema.
*
* This method is only valid for AMIdentity object of type User.
*
* @param serviceName
* Name of the service.
* @param attrMap
* Map of attribute-values.
* @throws IdRepoException
* If there are repository related error conditions.
* @throws SSOException
* If user's single sign on token is invalid.
* @supported.api
*/
public void modifyService(String serviceName, Map attrMap) throws IdRepoException, SSOException {
IdServices idServices = IdServicesFactory.getDataStoreServices();
Set OCs = getServiceOCs(token, serviceName);
SchemaType stype;
Map tMap = new HashMap();
tMap.put(serviceName, OCs);
Set assignedServices = idServices.getAssignedServices(token, type, name, tMap, orgName, univDN);
if (!assignedServices.contains(serviceName)) {
Object[] args = { serviceName };
throw new IdRepoException(IdRepoBundle.BUNDLE_NAME, IdRepoErrorCode.SERVICE_NOT_ASSIGNED, args);
}
// Check if attrMap has cos priority attribute
// If present, remove it for validating the attributes
boolean hasCosPriority = (new CaseInsensitiveHashSet(attrMap.keySet()).contains(COS_PRIORITY));
Object values = null;
if (hasCosPriority) {
attrMap = new CaseInsensitiveHashMap(attrMap);
values = attrMap.remove(COS_PRIORITY);
}
// Validate the attributes
try {
ServiceSchemaManager ssm = new ServiceSchemaManager(serviceName, token);
ServiceSchema ss = ssm.getSchema(type.getName());
if (ss != null) {
attrMap = ss.validateAndInheritDefaults(attrMap, false);
stype = ss.getServiceType();
} else if ((ss = ssm.getSchema(SchemaType.DYNAMIC)) != null) {
attrMap = ss.validateAndInheritDefaults(attrMap, false);
stype = SchemaType.DYNAMIC;
} else {
Object[] args = { serviceName };
throw new IdRepoException(IdRepoBundle.BUNDLE_NAME, IdRepoErrorCode.UNABLE_GET_SERVICE_SCHEMA, args);
}
} catch (SMSException smse) {
// debug.error
Object[] args = { serviceName };
throw new IdRepoException(IdRepoBundle.BUNDLE_NAME, IdRepoErrorCode.DATA_INVALID_FOR_SERVICE, args);
}
// Add COS priority if present
if (hasCosPriority) {
attrMap.put(COS_PRIORITY, values);
}
// modify service attrs
if (debug.messageEnabled()) {
debug.message("AMIdentity.modifyService befre idService " + "serviceName=" + serviceName + "; attrMap=" + attrMap);
}
idServices.modifyService(token, type, name, serviceName, stype, attrMap, orgName, univDN);
}
Also used :
CaseInsensitiveHashSet(com.sun.identity.common.CaseInsensitiveHashSet)
HashSet(java.util.HashSet)
Set(java.util.Set)
AMHashMap(com.iplanet.am.sdk.AMHashMap)
HashMap(java.util.HashMap)
CaseInsensitiveHashMap(com.sun.identity.common.CaseInsensitiveHashMap)
SMSException(com.sun.identity.sm.SMSException)
SchemaType(com.sun.identity.sm.SchemaType)
CaseInsensitiveHashMap(com.sun.identity.common.CaseInsensitiveHashMap)
CaseInsensitiveHashSet(com.sun.identity.common.CaseInsensitiveHashSet)
ServiceSchema(com.sun.identity.sm.ServiceSchema)
AMHashMap(com.iplanet.am.sdk.AMHashMap)
HashMap(java.util.HashMap)
CaseInsensitiveHashMap(com.sun.identity.common.CaseInsensitiveHashMap)
Map(java.util.Map)
ServiceSchemaManager(com.sun.identity.sm.ServiceSchemaManager)
Example 2 with CaseInsensitiveHashSet
use of com.sun.identity.common.CaseInsensitiveHashSet in project OpenAM by OpenRock.
the class UserSelfCheckCondition method setProperties.
/**
* Sets the properties of the condition.
* Evaluation of ConditionDecision is influenced by these properties.
* @param properties of the condition that governs
* whether a policy applies. The only defined property
* is <code>attributes</code>
*/
public void setProperties(Map properties) throws PolicyException {
if ((properties == null) || (properties.keySet() == null)) {
throw new PolicyException(ResBundleUtils.rbName, "properties_can_not_be_null_or_empty", null, null);
}
this.properties = Collections.unmodifiableMap(properties);
Object attrSet = properties.get(ATTRIBUTES);
Object notAttrSet = properties.get(NOT_ATTRIBUTES);
if ((attrSet == null) && (notAttrSet == null)) {
throw new PolicyException(ResBundleUtils.rbName, "properties_can_not_be_null_or_empty", null, null);
}
//Check if attributes is set
if ((attrSet != null) && (attrSet instanceof Set)) {
attributes = new CaseInsensitiveHashSet();
attributes.addAll((Set) attrSet);
} else {
if (debug.messageEnabled()) {
debug.message("UserSelfCheckCondition:setProperties: " + "Attributes are empty");
}
}
//Check if NotAttributes is set
if (notAttrSet != null && notAttrSet instanceof Set) {
notAttributes = new CaseInsensitiveHashSet();
notAttributes.addAll((Set) notAttrSet);
if (debug.messageEnabled()) {
debug.message("UserSelfCheckCondition.setProperties():" + "notAttributes = " + properties.get(NOT_ATTRIBUTES));
}
} else {
if (debug.messageEnabled()) {
debug.message("UserSelfCheckCondition:setProperties: " + "NotAttributes are empty");
}
}
// Check if all attributes are allowed
if (attributes.contains("*")) {
allowAllAttributes = true;
} else {
allowAllAttributes = false;
}
if (debug.messageEnabled()) {
debug.message("UserSelfCheckCondition.setProperties():" + "attributes, notAttributes = " + attributes + "," + notAttributes);
}
}
Also used :
CaseInsensitiveHashSet(com.sun.identity.common.CaseInsensitiveHashSet)
CaseInsensitiveHashSet(com.sun.identity.common.CaseInsensitiveHashSet)
PolicyException(com.sun.identity.policy.PolicyException)
Example 3 with CaseInsensitiveHashSet
use of com.sun.identity.common.CaseInsensitiveHashSet in project OpenAM by OpenRock.
the class SMSFlatFileObjectBase method searchOrgs.
private Set<String> searchOrgs(SSOToken token, String objName, String filter, int numOfEntries, boolean sortResults, boolean ascendingOrder, boolean recursive, String serviceName, String attrName, Set values) throws SMSException, SSOException {
// Check the args
if ((objName == null) || (objName.length() == 0) || (filter == null) || (filter.length() == 0) || (numOfEntries < 0)) {
throw new IllegalArgumentException("SMSFlatFileObject.searchOrganizationNames(): " + "One or more arguments is null or empty: " + "objName [" + objName == null ? "null" : objName + "] filter ]" + filter == null ? "null" : filter + "]");
}
// For org search the filter prefix would be "o="
// However for root realm it would be "ou=" when search is performed
String fPrefix = "o=";
String sidFilter = null;
// construct the filename filter
if ((serviceName != null) && (attrName != null) && (values != null) && !values.isEmpty()) {
sidFilter = serviceName + "-" + attrName + "=" + values.iterator().next();
if (objName.equalsIgnoreCase(mRootDN)) {
fPrefix = "ou=";
}
}
Set<String> subentries = null;
if (sortResults) {
subentries = new CaseInsensitiveTreeSet(ascendingOrder);
} else {
subentries = new CaseInsensitiveHashSet();
}
try {
Set entries = getSubEntries(objName, fPrefix + filter, sidFilter, false, numOfEntries, sortResults, ascendingOrder);
// to make it a full DN
for (Iterator i = entries.iterator(); i.hasNext(); ) {
String suborg = (String) i.next();
subentries.add(fPrefix + suborg + "," + objName);
}
if (recursive) {
// Get the list if sub-orgs and search
Set<String> subOrgs = new HashSet();
if (!filter.equals("*") || (sidFilter != null)) {
Set ssubOrgs = getSubEntries(objName, fPrefix + "*", null, false, 0, sortResults, ascendingOrder);
for (Iterator i = ssubOrgs.iterator(); i.hasNext(); ) {
String suborg = (String) i.next();
subOrgs.add(fPrefix + suborg + "," + objName);
}
} else {
subOrgs.addAll(subentries);
}
for (String subOrgName : subOrgs) {
int reqEntries = (numOfEntries == 0) ? numOfEntries : numOfEntries - subentries.size();
if (numOfEntries < 0) {
break;
}
Set<String> subsubentries = searchOrgs(token, subOrgName, filter, reqEntries, sortResults, ascendingOrder, recursive, serviceName, attrName, values);
subentries.addAll(subsubentries);
}
}
} catch (ServiceNotFoundException e) {
// return empty set if object does not exist.
subentries = new CaseInsensitiveHashSet<>();
}
if (mDebug.messageEnabled()) {
mDebug.message("SMSFlatFileObject:searchOrgs " + "search " + filter + " for " + objName + " returned " + subentries.size() + " items");
}
return (subentries);
}
Also used :
CaseInsensitiveHashSet(com.sun.identity.common.CaseInsensitiveHashSet)
CaseInsensitiveHashSet(com.sun.identity.common.CaseInsensitiveHashSet)
HashSet(java.util.HashSet)
CaseInsensitiveTreeSet(com.sun.identity.common.CaseInsensitiveTreeSet)
Set(java.util.Set)
ServiceNotFoundException(com.sun.identity.sm.ServiceNotFoundException)
Iterator(java.util.Iterator)
CaseInsensitiveTreeSet(com.sun.identity.common.CaseInsensitiveTreeSet)
CaseInsensitiveHashSet(com.sun.identity.common.CaseInsensitiveHashSet)
HashSet(java.util.HashSet)
Example 4 with CaseInsensitiveHashSet
use of com.sun.identity.common.CaseInsensitiveHashSet in project OpenAM by OpenRock.
the class SMSFlatFileObjectBase method toValSet.
/**
* Converts a string of values from the attributes properties file
* to a Set, decoding special characters in each value.
*/
protected Set toValSet(String attrName, String vals) {
Set valset = (SMSEntry.isAttributeCaseSensitive(attrName)) ? new HashSet() : new CaseInsensitiveHashSet();
if ((vals != null) && (vals.length() > 0)) {
char[] valchars = vals.toCharArray();
int i, j;
for (i = 0, j = 0; j < valchars.length; j++) {
char c = valchars[j];
if (c == ',') {
if (i == j) {
i = j + 1;
} else {
// separator found
String val = new String(valchars, i, j - i).trim();
if (val.length() > 0) {
val = decodeVal(val);
}
valset.add(val);
i = j + 1;
}
}
}
if (j == valchars.length && i < j) {
String val = new String(valchars, i, j - i).trim();
if (val.length() > 0) {
val = decodeVal(val);
}
valset.add(val);
}
}
return valset;
}
Also used :
CaseInsensitiveHashSet(com.sun.identity.common.CaseInsensitiveHashSet)
CaseInsensitiveHashSet(com.sun.identity.common.CaseInsensitiveHashSet)
HashSet(java.util.HashSet)
CaseInsensitiveTreeSet(com.sun.identity.common.CaseInsensitiveTreeSet)
Set(java.util.Set)
CaseInsensitiveHashSet(com.sun.identity.common.CaseInsensitiveHashSet)
HashSet(java.util.HashSet)
Example 5 with CaseInsensitiveHashSet
use of com.sun.identity.common.CaseInsensitiveHashSet in project OpenAM by OpenRock.
the class AuthenticateToRealmCondition method getConditionDecision.
/**
* Returns the decision computed by this condition object, based on the
* map of environment parameters
*
* @param token single sign on token of the user
*
* @param env request specific environment map of key/value pairs
* <code>AuthenticateToRealmCondition</code> looks for value of key
* <code>REQUEST_AUTHENTICATED_TO_REALMS</code> in the map.
* The value should be a <code>Set</code> with <code>String</code>
* elements.
* If the <code>env</code> parameter is <code>null</code> or does not
* define the value for
* <code>REQUEST_AUTHENTICATED_TO_REALMS</code>, value for
* <code>REQUEST_AUTHENTICATED_TO_REALMS</code> is computed
* from sso token.
*
* @return the condition decision. The condition decision encapsulates
* whether a policy applies for the request and advice messages
* generated by the condition.
*
* Policy framework continues evaluating a policy only if it applies
* to the request as indicated by the <code>ConditionDecision</code>.
* Otherwise, further evaluation of the policy is skipped.
* However, the advice messages encapsulated in the
* <code>ConditionDecision</code> are aggregated and passed up, encapsulated
* in the policy decision.
*
* @throws PolicyException if the condition has not been initialized with a
* successful call to <code>setProperties(Map)</code> and/or the
* value of <code>REQUEST_AUTHENTICATED_TO_REALMS</code> could not be
* determined.
* @throws SSOException if the token is invalid
*
* @see #setProperties(Map)
* @see #AUTHENTICATE_TO_REALM
* @see #REQUEST_AUTHENTICATED_TO_REALMS
* @see com.sun.identity.policy.ConditionDecision
*/
public ConditionDecision getConditionDecision(SSOToken token, Map env) throws PolicyException, SSOException {
// We don't care about case of the realm when doing the comparison so use a CaseInsensitiveHashSet
Set requestAuthnRealms = new CaseInsensitiveHashSet();
if ((env != null) && (env.get(REQUEST_AUTHENTICATED_TO_REALMS) != null)) {
try {
requestAuthnRealms.addAll((Set) env.get(REQUEST_AUTHENTICATED_TO_REALMS));
if (debugMessageEnabled) {
DEBUG.message("At AuthenticateToRealmCondition." + "getConditionDecision(): " + "requestAuthnRealms, from request = " + requestAuthnRealms);
}
} catch (ClassCastException e) {
String[] args = { REQUEST_AUTHENTICATED_TO_REALMS };
throw new PolicyException(ResBundleUtils.rbName, "property_is_not_a_Set", args, e);
}
} else {
if (token != null) {
Set authenticatedRealms = AMAuthUtils.getAuthenticatedRealms(token);
if (authenticatedRealms != null) {
requestAuthnRealms.addAll(authenticatedRealms);
}
if (debugMessageEnabled) {
DEBUG.message("At AuthenticateToRealmCondition." + "getConditionDecision(): " + "requestAuthnRealms, from ssoToken = " + requestAuthnRealms);
}
}
}
boolean allowed = true;
Set adviceMessages = new HashSet(1);
if (!requestAuthnRealms.contains(authenticateToRealm)) {
allowed = false;
adviceMessages.add(authenticateToRealm);
if (debugMessageEnabled) {
DEBUG.message("At AuthenticateToRealmCondition." + "getConditionDecision():" + "authenticateToRealm not satisfied = " + authenticateToRealm);
}
}
if (debugMessageEnabled) {
DEBUG.message("At AuthenticateToRealmCondition." + "getConditionDecision():authenticateToRealm = " + authenticateToRealm + "," + "requestAuthnRealms = " + requestAuthnRealms + ", " + " allowed = " + allowed);
}
Map advices = new HashMap();
if (!allowed) {
advices.put(AUTHENTICATE_TO_REALM_CONDITION_ADVICE, adviceMessages);
}
return new ConditionDecision(allowed, advices);
}
Also used :
CaseInsensitiveHashSet(com.sun.identity.common.CaseInsensitiveHashSet)
CaseInsensitiveHashSet(com.sun.identity.common.CaseInsensitiveHashSet)
Set(java.util.Set)
HashSet(java.util.HashSet)
PolicyException(com.sun.identity.policy.PolicyException)
HashMap(java.util.HashMap)
HashMap(java.util.HashMap)
Map(java.util.Map)
ConditionDecision(com.sun.identity.policy.ConditionDecision)
CaseInsensitiveHashSet(com.sun.identity.common.CaseInsensitiveHashSet)
HashSet(java.util.HashSet)
Aggregations
CaseInsensitiveHashSet (com.sun.identity.common.CaseInsensitiveHashSet)37
Set (java.util.Set)30
HashSet (java.util.HashSet)27
HashMap (java.util.HashMap)19
CaseInsensitiveHashMap (com.sun.identity.common.CaseInsensitiveHashMap)18
Map (java.util.Map)16
Iterator (java.util.Iterator)13
ByteString (org.forgerock.opendj.ldap.ByteString)9
SSOException (com.iplanet.sso.SSOException)6
IdRepoException (com.sun.identity.idm.IdRepoException)6
IdRepoUnsupportedOpException (com.sun.identity.idm.IdRepoUnsupportedOpException)6
SMSException (com.sun.identity.sm.SMSException)6
CollectionUtils.asSet (org.forgerock.openam.utils.CollectionUtils.asSet)6
LinkedHashSet (java.util.LinkedHashSet)5
CaseInsensitiveTreeSet (com.sun.identity.common.CaseInsensitiveTreeSet)4
PolicyException (com.sun.identity.policy.PolicyException)3
OrderedSet (com.sun.identity.shared.datastruct.OrderedSet)3
ServiceConfig (com.sun.identity.sm.ServiceConfig)3
ServiceNotFoundException (com.sun.identity.sm.ServiceNotFoundException)3
File (java.io.File)3
