Example 21 with CaseInsensitiveHashSet
use of com.sun.identity.common.CaseInsensitiveHashSet in project OpenAM by OpenRock.
the class SpecialRepo method setAttributes.
/*
* (non-Javadoc)
*
* @see com.sun.identity.idm.IdRepo#setAttributes(com.iplanet.sso.SSOToken,
* com.sun.identity.idm.IdType, java.lang.String, java.util.Map,
* boolean)
*/
public void setAttributes(SSOToken token, IdType type, String name, Map attributes, boolean isAdd) throws IdRepoException, SSOException {
if (isSpecialUser(type, name)) {
boolean isUrlAccessAgent = isUrlAccessAgent(type, name);
String urlAccessAgentCryptPwd = null;
if (!isAmAdminUser(token)) {
Object[] args = { name };
throw new IdRepoException(IdRepoBundle.BUNDLE_NAME, IdRepoErrorCode.PERMISSION_DENIED_SETTING_ATTRIBUTES, args);
}
try {
ServiceConfig userConfig = getUserConfig();
// For performance reason check if the user entry
// is present before getting the subConfig
CaseInsensitiveHashSet userSet = new CaseInsensitiveHashSet();
userSet.addAll(userConfig.getSubConfigNames());
if (userSet.contains(name)) {
ServiceConfig usc1 = userConfig.getSubConfig(name);
Map attrs = usc1.getAttributes();
// can only set "userpassword" and "inetUserStatus"
String newPassword = null;
Set vals = (Set) attributes.get("userPassword");
if ((vals != null) || (vals = (Set) attributes.get("userpassword")) != null) {
Set hashedVals = new HashSet();
Iterator it = vals.iterator();
while (it.hasNext()) {
String val = (String) it.next();
hashedVals.add(Hash.hash(val));
newPassword = val;
// urlAccessAgentCryptPwd will be null.
if (isUrlAccessAgent) {
urlAccessAgentCryptPwd = Crypt.encode(val);
}
}
attrs.put("userPassword", hashedVals);
}
if ((vals = (Set) attributes.get(statusAttribute)) != null || (vals = (Set) attributes.get(statusAttribute)) != null) {
attrs.put(statusAttribute, vals);
}
if ((vals = (Set) attributes.get(cnAttribute)) != null || (vals = (Set) attributes.get(cnAttribute)) != null) {
attrs.put(cnAttribute, vals);
}
if ((vals = (Set) attributes.get(snAttribute)) != null || (vals = (Set) attributes.get(snAttribute)) != null) {
attrs.put(snAttribute, vals);
}
if ((vals = (Set) attributes.get(gnAttribute)) != null || (vals = (Set) attributes.get(gnAttribute)) != null) {
attrs.put(gnAttribute, vals);
}
if ((vals = (Set) attributes.get(empNumAttribute)) != null || (vals = (Set) attributes.get(empNumAttribute)) != null) {
attrs.put(empNumAttribute, vals);
}
if ((vals = (Set) attributes.get(aliasAttribute)) != null || (vals = (Set) attributes.get(aliasAttribute)) != null) {
attrs.put(aliasAttribute, vals);
}
if ((vals = (Set) attributes.get(successAttribute)) != null || (vals = (Set) attributes.get(successAttribute)) != null) {
attrs.put(successAttribute, vals);
}
if ((vals = (Set) attributes.get(failureAttribute)) != null || (vals = (Set) attributes.get(failureAttribute)) != null) {
attrs.put(failureAttribute, vals);
}
if ((vals = (Set) attributes.get(mailAttribute)) != null || (vals = (Set) attributes.get(mailAttribute)) != null) {
attrs.put(mailAttribute, vals);
}
if ((vals = (Set) attributes.get(addrAttribute)) != null || (vals = (Set) attributes.get(addrAttribute)) != null) {
attrs.put(addrAttribute, vals);
}
if ((vals = (Set) attributes.get(msisdnAttribute)) != null || (vals = (Set) attributes.get(msisdnAttribute)) != null) {
attrs.put(msisdnAttribute, vals);
}
if ((vals = (Set) attributes.get(phoneAttribute)) != null || (vals = (Set) attributes.get(phoneAttribute)) != null) {
attrs.put(phoneAttribute, vals);
}
usc1.setAttributes(attrs);
// update serverconfig.xml and directory
if (name.equalsIgnoreCase("dsameuser")) {
String op = (String) AccessController.doPrivileged(new AdminPasswordAction());
try {
ServerConfigMgr sscm = new ServerConfigMgr();
sscm.setAdminUserPassword(op, newPassword);
sscm.save();
} catch (Exception e) {
debug.error("SpecialRepo: error in " + "changing password", e);
}
}
updateServiceConfiguration(urlAccessAgentCryptPwd);
} else {
Object[] args = { name };
throw new IdRepoException(IdRepoBundle.BUNDLE_NAME, IdRepoErrorCode.NOT_VALID_ENTRY, args);
}
} catch (SMSException smse) {
debug.error("SpecialRepo: Unable to set user attributes ", smse);
Object[] args = { NAME, type.getName(), name };
throw new IdRepoException(IdRepoBundle.BUNDLE_NAME, IdRepoErrorCode.ERROR_SETTING_ATTRIBUTES, args);
}
} else {
Object[] args = { NAME, IdOperation.EDIT.getName() };
throw new IdRepoUnsupportedOpException(IdRepoBundle.BUNDLE_NAME, IdRepoErrorCode.PLUGIN_OPERATION_NOT_SUPPORTED, args);
}
}
Also used :
Set(java.util.Set)
CaseInsensitiveHashSet(com.sun.identity.common.CaseInsensitiveHashSet)
HashSet(java.util.HashSet)
AdminPasswordAction(com.sun.identity.security.AdminPasswordAction)
SMSException(com.sun.identity.sm.SMSException)
IdRepoException(com.sun.identity.idm.IdRepoException)
LoginException(javax.security.auth.login.LoginException)
UnknownPropertyNameException(com.sun.identity.common.configuration.UnknownPropertyNameException)
IdRepoUnsupportedOpException(com.sun.identity.idm.IdRepoUnsupportedOpException)
IdRepoFatalException(com.sun.identity.idm.IdRepoFatalException)
AuthLoginException(com.sun.identity.authentication.spi.AuthLoginException)
SSOException(com.iplanet.sso.SSOException)
IdRepoException(com.sun.identity.idm.IdRepoException)
SMSException(com.sun.identity.sm.SMSException)
IOException(java.io.IOException)
ConfigurationException(com.sun.identity.common.configuration.ConfigurationException)
CaseInsensitiveHashSet(com.sun.identity.common.CaseInsensitiveHashSet)
IdRepoUnsupportedOpException(com.sun.identity.idm.IdRepoUnsupportedOpException)
ServiceConfig(com.sun.identity.sm.ServiceConfig)
Iterator(java.util.Iterator)
Map(java.util.Map)
HashMap(java.util.HashMap)
CaseInsensitiveHashMap(com.sun.identity.common.CaseInsensitiveHashMap)
CaseInsensitiveHashSet(com.sun.identity.common.CaseInsensitiveHashSet)
HashSet(java.util.HashSet)
ServerConfigMgr(com.iplanet.services.ldap.ServerConfigMgr)
Example 22 with CaseInsensitiveHashSet
use of com.sun.identity.common.CaseInsensitiveHashSet in project OpenAM by OpenRock.
the class FilesRepo method readFile.
Map readFile(File file) throws IdRepoException {
Map answer = Collections.EMPTY_MAP;
String fileName = file.getAbsolutePath();
// Check in cache & if time is curent
Long lastModified = (Long) identityTimeCache.get(fileName);
if ((lastModified != null) && (lastModified.longValue() == file.lastModified()) && ((answer = (Map) identityCache.get(fileName)) != null)) {
return (answer);
}
for (Iterator it = identityCache.keySet().iterator(); it.hasNext(); ) {
String origFileName = (String) it.next();
// object in flatfile repository is saved as mixed case filenames.
if (!fileName.equals(origFileName)) {
if (fileName.equalsIgnoreCase(origFileName)) {
fileName = origFileName;
break;
}
} else {
break;
}
}
BufferedReader br = null;
try {
br = new BufferedReader(new FileReader(fileName));
StringBuilder encodedMapBuffer = new StringBuilder(200);
String line;
while ((line = br.readLine()) != null) {
encodedMapBuffer.append(line);
}
String encodedMap = encodedMapBuffer.toString();
SOAPClient client = new SOAPClient();
Map map = client.decodeMap(encodedMap);
// Convert HashMap to CaseInsensitiveHashMap
answer = new CaseInsensitiveHashMap();
for (Iterator items = map.keySet().iterator(); items.hasNext(); ) {
Object key = items.next();
Set ovalue = (Set) map.get(key);
Set nvalue = new CaseInsensitiveHashSet();
nvalue.addAll(ovalue);
answer.put(key, nvalue);
}
// Add to cache
identityTimeCache.put(fileName, new Long(file.lastModified()));
identityCache.put(fileName, answer);
} catch (FileNotFoundException fn) {
if (debug.messageEnabled()) {
debug.message("FilesRepo.readFile: file not found: " + fileName);
}
String[] args = { NAME, fileName };
throw new FilesRepoEntryNotFoundException(IdRepoBundle.BUNDLE_NAME, IdRepoErrorCode.UNABLE_FIND_ENTRY, args);
} catch (IOException e) {
if (debug.messageEnabled()) {
debug.message("FilesRepo.readFile: error reading file: " + fileName, e);
}
String[] args = { NAME, fileName };
throw (new IdRepoException(IdRepoBundle.BUNDLE_NAME, IdRepoErrorCode.UNABLE_FIND_ENTRY, args));
} finally {
if (br != null) {
try {
br.close();
} catch (IOException e) {
if (debug.warningEnabled()) {
debug.warning("FilesRepo.redFile: read error: " + fileName, e);
}
}
}
}
return (answer);
}
Also used :
CaseInsensitiveHashSet(com.sun.identity.common.CaseInsensitiveHashSet)
HashSet(java.util.HashSet)
Set(java.util.Set)
FileNotFoundException(java.io.FileNotFoundException)
IdRepoException(com.sun.identity.idm.IdRepoException)
IOException(java.io.IOException)
CaseInsensitiveHashMap(com.sun.identity.common.CaseInsensitiveHashMap)
CaseInsensitiveHashSet(com.sun.identity.common.CaseInsensitiveHashSet)
SOAPClient(com.sun.identity.shared.jaxrpc.SOAPClient)
Iterator(java.util.Iterator)
BufferedReader(java.io.BufferedReader)
FileReader(java.io.FileReader)
HashMap(java.util.HashMap)
CaseInsensitiveHashMap(com.sun.identity.common.CaseInsensitiveHashMap)
Map(java.util.Map)
Example 23 with CaseInsensitiveHashSet
use of com.sun.identity.common.CaseInsensitiveHashSet in project OpenAM by OpenRock.
the class FilesRepo method processAttributes.
static Map processAttributes(Map attrs, Set hashAttrs, Set encAttrs) {
// Convert to CaseInsensitiveHashMap
Map answer = new CaseInsensitiveHashMap();
for (Iterator items = attrs.keySet().iterator(); items.hasNext(); ) {
Object key = items.next();
Set ovalue = (Set) attrs.get(key);
Set nvalue = new CaseInsensitiveHashSet();
if (hashAttrs.contains(key)) {
for (Iterator i = ovalue.iterator(); i.hasNext(); ) {
nvalue.add(Hash.hash((String) i.next()));
}
} else if (encAttrs.contains(key)) {
try {
for (Iterator i = ovalue.iterator(); i.hasNext(); ) {
nvalue.add((String) AccessController.doPrivileged(new EncodeAction((String) i.next())));
}
} catch (Throwable e) {
// Printing the attribute value could be security issue
debug.error("FilesRepo.processAttributes: unable to encode", e);
}
} else {
nvalue.addAll(ovalue);
}
answer.put(key, nvalue);
}
return (answer);
}
Also used :
CaseInsensitiveHashSet(com.sun.identity.common.CaseInsensitiveHashSet)
CaseInsensitiveHashSet(com.sun.identity.common.CaseInsensitiveHashSet)
HashSet(java.util.HashSet)
Set(java.util.Set)
EncodeAction(com.sun.identity.security.EncodeAction)
Iterator(java.util.Iterator)
HashMap(java.util.HashMap)
CaseInsensitiveHashMap(com.sun.identity.common.CaseInsensitiveHashMap)
Map(java.util.Map)
CaseInsensitiveHashMap(com.sun.identity.common.CaseInsensitiveHashMap)
Example 24 with CaseInsensitiveHashSet
use of com.sun.identity.common.CaseInsensitiveHashSet in project OpenAM by OpenRock.
the class FilesRepo method decodeAttributes.
static Map decodeAttributes(Map attrs, Set encAttrs) {
if (encAttrs.isEmpty()) {
return (attrs);
}
// Decode the attributes
for (Iterator items = encAttrs.iterator(); items.hasNext(); ) {
Object key = items.next();
Set ovalue = (Set) attrs.get(key);
if (ovalue != null && !ovalue.isEmpty()) {
Set nvalue = new CaseInsensitiveHashSet();
for (Iterator i = ovalue.iterator(); i.hasNext(); ) {
try {
nvalue.add((String) AccessController.doPrivileged(new DecodeAction((String) i.next())));
} catch (Throwable e) {
// Printing the attribute value could be security issue
debug.error("FilesRepo: unable to decode", e);
}
}
attrs.put(key, nvalue);
}
}
return (attrs);
}
Also used :
CaseInsensitiveHashSet(com.sun.identity.common.CaseInsensitiveHashSet)
CaseInsensitiveHashSet(com.sun.identity.common.CaseInsensitiveHashSet)
HashSet(java.util.HashSet)
Set(java.util.Set)
Iterator(java.util.Iterator)
DecodeAction(com.sun.identity.security.DecodeAction)
Example 25 with CaseInsensitiveHashSet
use of com.sun.identity.common.CaseInsensitiveHashSet in project OpenAM by OpenRock.
the class UserSelfCheckCondition method getConditionDecision.
/**
* Gets the decision computed by this condition object.
*
* @param token single sign on token of the user
*
* @param env request specific environment map of key/value pairs.
*
* @return the condition decision. The condition decision
* encapsulates whether a policy applies for the request.
*
* Policy framework continues evaluating a policy only if it
* applies to the request as indicated by the CondtionDecision.
* Otherwise, further evaluation of the policy is skipped.
*
* @throws SSOException if the token is invalid
*/
public ConditionDecision getConditionDecision(SSOToken token, Map env) throws PolicyException, SSOException {
boolean allowed = false;
if (debug.messageEnabled()) {
debug.message("UserSelfCheckCondition.getConditionDecision: " + "called with Token: " + token.getPrincipal().getName() + ", requestedResourcename: " + env.get(PolicyEvaluator.SUN_AM_REQUESTED_RESOURCE));
}
// Check if attributes in envMap are a subset of "attributes"
boolean attributeCheckOk = allowAllAttributes;
if (debug.messageEnabled()) {
debug.message("UserSelfCheckCondition.getConditionDecision: " + "attributeCheckOk:" + attributeCheckOk);
}
Set attrSet = null;
if (!attributeCheckOk) {
Object o = env.get(ATTRIBUTES);
if (o != null && o instanceof Set) {
Set s = (Set) o;
if (!s.isEmpty()) {
attrSet = new CaseInsensitiveHashSet();
attrSet.addAll((Set) o);
if (debug.messageEnabled()) {
debug.message("UserSelfCheckCondition." + "getConditionDecision: Is attributes " + attrSet + " subset of config attrs: " + attributes);
}
if (attributes.containsAll(attrSet)) {
attributeCheckOk = true;
}
}
} else if (debug.warningEnabled()) {
debug.warning("UserSelfCheckCondition.getConditionDecision " + "Invalid attribute set in env params");
}
}
if (debug.messageEnabled()) {
debug.message("UserSelfCheckCondition.getConditionDecision: " + "attributes check:" + attributeCheckOk);
}
if (!attributeCheckOk && (notAttributes != null) && !(notAttributes.isEmpty())) {
if ((attrSet != null) && !(attrSet.isEmpty())) {
if (debug.messageEnabled()) {
debug.message("UserSelfCheckCondition." + "getConditionDecision: Is attributes " + attrSet + " subset of notattrs:" + notAttributes);
}
Iterator it = attrSet.iterator();
for (int i = 0; it.hasNext(); i++) {
String attr = (String) it.next();
if ((notAttributes.contains(attr))) {
attributeCheckOk = false;
break;
}
// If notAttributes schema is defined and if
// none of the attributes are in NotAttributes set,
// then return true.
attributeCheckOk = true;
}
}
if (debug.messageEnabled()) {
debug.message("UserSelfCheckCondition.getConditionDecision:" + " attributeCheckOk " + attributeCheckOk + " for notAttributes " + notAttributes);
}
}
if (attributeCheckOk) {
// Construct the users' resource string
StringBuffer name = new StringBuffer(100);
name.append(RESOURCE_PREFIX);
try {
AMIdentity id = IdUtils.getIdentity(token);
name.append(id.getRealm());
name.append(RESOURCE_NAME);
name.append(id.getType().getName()).append("/");
name.append(id.getName());
} catch (SSOException ssoe) {
// Debug it
if (debug.messageEnabled()) {
debug.message("UserSelfCheckCondition." + "getConditionDecision: invalid sso token: " + ssoe.getMessage());
}
throw ssoe;
} catch (IdRepoException ide) {
// Debug it
if (debug.messageEnabled()) {
debug.message("UserSelfCheckCondition." + "getConditionDecision IdRepo exception: ", ide);
}
throw new PolicyException(ide);
}
// Get the resource name from the env
Object o = env.get(PolicyEvaluator.SUN_AM_REQUESTED_RESOURCE);
if (debug.messageEnabled()) {
debug.message("UserSelfCheckCondition.getConditionDecision:" + " name: " + name + " resource: " + o);
}
if (o != null) {
String resource = null;
if (o instanceof String) {
resource = (String) o;
} else if (o instanceof Set) {
resource = (String) ((Set) o).iterator().next();
} else if (debug.warningEnabled()) {
resource = "";
debug.warning("UserSelfCheckCondition." + "getConditionDecision: Unable to get resource name");
}
// compare the resource and the name
if (resource.equalsIgnoreCase(name.toString())) {
allowed = true;
if (debug.messageEnabled()) {
debug.message("UserSelfCheckCondition." + "getConditionDecision: " + "returning true");
}
} else if (debug.messageEnabled()) {
debug.message("UserSelfCheckCondition." + "getConditionDecision:Resource names donot match: " + resource + " " + name);
}
}
}
return new ConditionDecision(allowed);
}
Also used :
CaseInsensitiveHashSet(com.sun.identity.common.CaseInsensitiveHashSet)
IdRepoException(com.sun.identity.idm.IdRepoException)
SSOException(com.iplanet.sso.SSOException)
ConditionDecision(com.sun.identity.policy.ConditionDecision)
CaseInsensitiveHashSet(com.sun.identity.common.CaseInsensitiveHashSet)
PolicyException(com.sun.identity.policy.PolicyException)
AMIdentity(com.sun.identity.idm.AMIdentity)
Aggregations
CaseInsensitiveHashSet (com.sun.identity.common.CaseInsensitiveHashSet)37
Set (java.util.Set)30
HashSet (java.util.HashSet)27
HashMap (java.util.HashMap)19
CaseInsensitiveHashMap (com.sun.identity.common.CaseInsensitiveHashMap)18
Map (java.util.Map)16
Iterator (java.util.Iterator)13
ByteString (org.forgerock.opendj.ldap.ByteString)9
SSOException (com.iplanet.sso.SSOException)6
IdRepoException (com.sun.identity.idm.IdRepoException)6
IdRepoUnsupportedOpException (com.sun.identity.idm.IdRepoUnsupportedOpException)6
SMSException (com.sun.identity.sm.SMSException)6
CollectionUtils.asSet (org.forgerock.openam.utils.CollectionUtils.asSet)6
LinkedHashSet (java.util.LinkedHashSet)5
CaseInsensitiveTreeSet (com.sun.identity.common.CaseInsensitiveTreeSet)4
PolicyException (com.sun.identity.policy.PolicyException)3
OrderedSet (com.sun.identity.shared.datastruct.OrderedSet)3
ServiceConfig (com.sun.identity.sm.ServiceConfig)3
ServiceNotFoundException (com.sun.identity.sm.ServiceNotFoundException)3
File (java.io.File)3
