Example 26 with DelegationException
use of com.sun.identity.delegation.DelegationException in project OpenAM by OpenRock.
the class DelegationModelImpl method getPrivileges.
/**
* Returns a set of privileges of an identity.
*
* @param realmName Name of realm.
* @param uid Universal ID of the identity.
* @return a set of privileges of an identity.
* @throws AMConsoleException if privilege cannot be determined.
*/
public Set getPrivileges(String realmName, String uid) throws AMConsoleException {
String[] params = { realmName, uid };
logEvent("ATTEMPT_GET_PRIVILEGES_OF_DELEGATION_SUBJECT", params);
try {
DelegationManager mgr = new DelegationManager(getUserSSOToken(), realmName);
Set results = mgr.getPrivileges(uid);
logEvent("SUCCEED_GET_PRIVILEGES_OF_DELEGATION_SUBJECT", params);
return (results != null) ? results : Collections.EMPTY_SET;
} catch (SSOException e) {
String strError = getErrorString(e);
String[] paramsEx = { realmName, uid, strError };
logEvent("SSO_EXCEPTION_GET_PRIVILEGES_OF_DELEGATION_SUBJECT", paramsEx);
debug.error("DelegationModelImpl.getPrivileges", e);
throw new AMConsoleException(strError);
} catch (DelegationException e) {
String strError = getErrorString(e);
String[] paramsEx = { realmName, uid, strError };
logEvent("DELEGATION_EXCEPTION_GET_PRIVILEGES_OF_DELEGATION_SUBJECT", paramsEx);
debug.error("DelegationModelImpl.getPrivileges", e);
throw new AMConsoleException(strError);
}
}
Also used :
Set(java.util.Set)
HashSet(java.util.HashSet)
DelegationManager(com.sun.identity.delegation.DelegationManager)
SSOException(com.iplanet.sso.SSOException)
DelegationException(com.sun.identity.delegation.DelegationException)
AMConsoleException(com.sun.identity.console.base.model.AMConsoleException)
Example 27 with DelegationException
use of com.sun.identity.delegation.DelegationException in project OpenAM by OpenRock.
the class UMUserPasswordResetOptionsModelImpl method isRealmAdmin.
/**
* Returns <code>true</code> if current user is an realm administrator.
*
* @return <code>true</code> if current user is an realm administrator.
*/
public boolean isRealmAdmin() {
SSOToken token = getUserSSOToken();
try {
Set actionNames = new HashSet();
actionNames.add("MODIFY");
DelegationEvaluator de = new DelegationEvaluatorImpl();
DelegationPermission permission = new DelegationPermission(token.getProperty(Constants.ORGANIZATION), "sunAMRealmService", "1.0", "organization", "default", actionNames, null);
return de.isAllowed(token, permission, null);
} catch (SSOException e) {
debug.warning("UserPasswordResetOptionsModelImpl.isRealmAdmin", e);
} catch (DelegationException e) {
debug.warning("UserPasswordResetOptionsModelImpl.isRealmAdmin", e);
}
return false;
}
Also used :
DelegationEvaluatorImpl(com.sun.identity.delegation.DelegationEvaluatorImpl)
SSOToken(com.iplanet.sso.SSOToken)
HashSet(java.util.HashSet)
Set(java.util.Set)
DelegationEvaluator(com.sun.identity.delegation.DelegationEvaluator)
SSOException(com.iplanet.sso.SSOException)
DelegationException(com.sun.identity.delegation.DelegationException)
DelegationPermission(com.sun.identity.delegation.DelegationPermission)
HashSet(java.util.HashSet)
Example 28 with DelegationException
use of com.sun.identity.delegation.DelegationException in project OpenAM by OpenRock.
the class OrganizationConfigManager method createSubOrganization.
/**
* Creates a sub-organization under the current
* organization and sets the specified attributes. The sub-organization
* created can be only one level below the current organization. For
* multiple levels this method must be called recursively with the
* corresponding <code>OrganizationConfigManager
* </code>. The organization
* name must not have forward slash ("/"). For eg., the actual organization
* name 'iplanet' cannot be 'iplan/et' because we are using '/' as the
* seperator here. The attributes for the organization can be <code>
* null</code>;
* else would contain service name as the key and another <code>Map</code>
* as the value that would contain the key-values pair for the services.
*
* @param subOrgName
* the name of the sub-organization.
* @param attributes
* Map of attributes for the organization per service. The
* parameter Map attributes contains another Map as its value,
* which then has attribute names and values. The way it is
* arranged is: Map::attributes --> Key: String::ServiceName
* Value: Map::svcAttributes Map::svcAttributes --> Key:
* String::AttributeName Value: Set::AttributeValues
*
* @return organization config manager of the newly created
* sub-organization.
* @throws SMSException
* if creation of sub-organization failed, or if creation of
* sub-organization is attempted when configuration is not
* migrated to realms.
*/
public OrganizationConfigManager createSubOrganization(String subOrgName, Map attributes) throws SMSException {
validateConfigImpl();
/*
* Since the "Map attributes" can contain more than one service name,
* creation of the sub organization is be achieved in 2 steps. i) create
* the sub-organization without the attributes ii) for the service names
* in the Map call setAttributes(...)
*/
boolean orgExists = false;
String subOrgDN = normalizeDN(subOrgName, orgDN);
try {
// Check if realm exists, this throws SMSException
// if realm does not exist
// This is to avoid duplicate creation of realms.
new OrganizationConfigManager(token, subOrgDN);
SMSEntry.debug.error("OrganizationConfigManager::" + "createSubOrganization() " + "Realm Already Exists.. " + subOrgDN);
orgExists = true;
} catch (SMSException smse) {
try {
orgExists = !getRealmByAlias(subOrgName).isEmpty();
} catch (SSOException e) {
SMSEntry.debug.error("OrganizationConfigManager::" + "createSubOrganization:", e);
}
if (!orgExists) {
SMSEntry.debug.message("OrganizationConfigManager::createSubOrganization() New Realm, creating realm: {} - {}", subOrgName, smse);
}
}
Object[] args = { subOrgName };
if (orgExists) {
throw (new SMSException(IUMSConstants.UMS_BUNDLE_NAME, "sms-organization_already_exists1", args));
}
StringTokenizer st = new StringTokenizer(specialCharsString, SEPERATOR);
while (st.hasMoreTokens()) {
String obj = (String) st.nextToken();
if (subOrgName.indexOf(obj) > -1) {
SMSEntry.debug.error("OrganizationConfigManager::" + "createSubOrganization() : Invalid realm name: " + subOrgName);
SMSEntry.debug.error("OrganizationConfigManager::" + "createSubOrganization() : Detected invalid chars: " + obj);
Object[] args1 = { subOrgName };
throw (new SMSException(IUMSConstants.UMS_BUNDLE_NAME, SMSEntry.bundle.getString("sms-invalid-org-name"), args1));
}
}
validateOrgName(subOrgName);
// Create the AMSDK organization first
if ((coexistMode) || (realmEnabled && isCopyOrgEnabled())) {
amsdk.createSubOrganization(subOrgName);
}
if ((realmEnabled || subOrgDN.toLowerCase().startsWith(SMSEntry.SUN_INTERNAL_REALM_PREFIX)) && getSubOrganizationNames(subOrgName, false).isEmpty()) {
CreateServiceConfig.createOrganization(token, subOrgDN);
}
// Update the attributes
// If in coexistMode and serviceName is idRepoService
// the following call sets the attributes to AMSDK organization also.
OrganizationConfigManager ocm = getSubOrgConfigManager(subOrgName);
if ((attributes != null) && (!attributes.isEmpty())) {
for (Iterator svcNames = attributes.keySet().iterator(); svcNames.hasNext(); ) {
String serviceName = (String) svcNames.next();
Map svcAttributes = (Map) attributes.get(serviceName);
if ((svcAttributes != null) && (!svcAttributes.isEmpty())) {
ocm.setAttributes(serviceName, svcAttributes);
}
}
}
if (realmEnabled) {
AgentsRepo agentsRepo = new AgentsRepo();
HashMap config = new HashMap(1);
HashSet realmName = new HashSet(1);
realmName.add(subOrgDN);
config.put("agentsRepoRealmName", realmName);
try {
agentsRepo.initialize(config);
agentsRepo.createAgentGroupConfig(token);
} catch (IdRepoException ide) {
SMSEntry.debug.error("OrganizationConfigManager::" + "createSubOrganization:", ide);
}
}
// to be added.
if (realmEnabled && !coexistMode) {
loadDefaultServices(token, ocm);
}
// new suborg dn.
if (realmEnabled && isCopyOrgEnabled()) {
registerSvcsForOrg(subOrgName, subOrgDN);
OrganizationConfigManager subOrg = getSubOrgConfigManager(subOrgName);
ServiceConfig s = subOrg.getServiceConfig(ServiceManager.REALM_SERVICE);
if (s != null) {
try {
Iterator items = s.getSubConfigNames().iterator();
while (items.hasNext()) {
ServiceConfig subConfig = s.getSubConfig((String) items.next());
if (subConfig.getSchemaID().equalsIgnoreCase(IdConstants.AMSDK_PLUGIN_NAME)) {
Map amsdkConfig = new HashMap();
Set vals = new HashSet();
vals.add(orgNamingAttrInLegacyMode + SMSEntry.EQUALS + subOrgName + SMSEntry.COMMA + amSDKOrgDN);
amsdkConfig.put("amSDKOrgName", vals);
subConfig.setAttributes(amsdkConfig);
}
break;
}
} catch (SSOException ssoe) {
SMSEntry.debug.error("OrganizationConfigManager::" + "createSubOrganization:", ssoe);
throw (new SMSException(SMSEntry.bundle.getString(SMS_INVALID_SSO_TOKEN), SMS_INVALID_SSO_TOKEN));
}
}
}
if (realmEnabled) {
try {
if (coexistMode) {
DelegationUtils.createRealmPrivileges(token, orgName);
} else {
OrganizationConfigManager parentOrg = getParentOrgConfigManager();
DelegationUtils.copyRealmPrivilegesFromParent(token, parentOrg, ocm);
}
} catch (SSOException ssoe) {
if (SMSEntry.debug.messageEnabled()) {
SMSEntry.debug.message("Creating delegation permissions for: " + orgName + " failed", ssoe);
}
} catch (SMSException smse) {
if (SMSEntry.debug.messageEnabled()) {
SMSEntry.debug.message("Creating delegation permissions for: " + orgName + " failed", smse);
}
} catch (DelegationException de) {
if (SMSEntry.debug.messageEnabled()) {
SMSEntry.debug.message("Creating delegation permissions for: " + orgName + " failed", de);
}
}
}
// Return the newly created organization config manager
return (ocm);
}
Also used :
AgentsRepo(com.sun.identity.idm.plugins.internal.AgentsRepo)
Set(java.util.Set)
CaseInsensitiveHashSet(com.sun.identity.common.CaseInsensitiveHashSet)
HashSet(java.util.HashSet)
HashMap(java.util.HashMap)
IdRepoException(com.sun.identity.idm.IdRepoException)
SSOException(com.iplanet.sso.SSOException)
DelegationException(com.sun.identity.delegation.DelegationException)
StringTokenizer(java.util.StringTokenizer)
Iterator(java.util.Iterator)
HashMap(java.util.HashMap)
Map(java.util.Map)
CaseInsensitiveHashSet(com.sun.identity.common.CaseInsensitiveHashSet)
HashSet(java.util.HashSet)
Example 29 with DelegationException
use of com.sun.identity.delegation.DelegationException in project OpenAM by OpenRock.
the class PrivilegeXMLBuilder method getAllPrivileges.
public Set getAllPrivileges(String realm, AMModel model) {
Set privileges = null;
if (realm == null) {
realm = model.getStartDN();
}
try {
DelegationManager mgr = new DelegationManager(adminSSOToken, realm);
privileges = mgr.getConfiguredPrivilegeNames();
} catch (SSOException e) {
PropertyXMLBuilderBase.debug.error("PrivilegeXMLBuilder.getAllPrivileges", e);
} catch (DelegationException e) {
PropertyXMLBuilderBase.debug.error("PrivilegeXMLBuilder.getAllPrivileges", e);
}
return (privileges != null) ? privileges : Collections.EMPTY_SET;
}
Also used :
Set(java.util.Set)
DelegationManager(com.sun.identity.delegation.DelegationManager)
SSOException(com.iplanet.sso.SSOException)
DelegationException(com.sun.identity.delegation.DelegationException)
Example 30 with DelegationException
use of com.sun.identity.delegation.DelegationException in project OpenAM by OpenRock.
the class IdServicesImpl method removeIdentityFromPrivileges.
private void removeIdentityFromPrivileges(String name, IdType type, String amsdkDN, String orgName) {
SSOToken superAdminToken = (SSOToken) AccessController.doPrivileged(AdminTokenAction.getInstance());
AMIdentity id = new AMIdentity(superAdminToken, name, type, orgName, amsdkDN);
String uid = id.getUniversalId();
try {
DelegationManager mgr = new DelegationManager(superAdminToken, orgName);
Set privilegeObjects = mgr.getPrivileges();
for (Iterator i = privilegeObjects.iterator(); i.hasNext(); ) {
DelegationPrivilege p = (DelegationPrivilege) i.next();
Set subjects = p.getSubjects();
if (subjects.contains(uid)) {
subjects.remove(uid);
mgr.addPrivilege(p);
}
}
} catch (SSOException ex) {
DEBUG.warning("IdServicesImpl.removeIdentityFromPrivileges", ex);
} catch (DelegationException ex) {
DEBUG.warning("IdServicesImpl.removeIdentityFromPrivileges", ex);
}
}
Also used :
DelegationPrivilege(com.sun.identity.delegation.DelegationPrivilege)
SSOToken(com.iplanet.sso.SSOToken)
Set(java.util.Set)
OrderedSet(com.sun.identity.shared.datastruct.OrderedSet)
CaseInsensitiveHashSet(com.sun.identity.common.CaseInsensitiveHashSet)
HashSet(java.util.HashSet)
DelegationManager(com.sun.identity.delegation.DelegationManager)
AMIdentity(com.sun.identity.idm.AMIdentity)
Iterator(java.util.Iterator)
SSOException(com.iplanet.sso.SSOException)
DelegationException(com.sun.identity.delegation.DelegationException)
Aggregations
DelegationException (com.sun.identity.delegation.DelegationException)37
SSOException (com.iplanet.sso.SSOException)29
Set (java.util.Set)27
HashSet (java.util.HashSet)21
Iterator (java.util.Iterator)18
DelegationPermission (com.sun.identity.delegation.DelegationPermission)17
SSOToken (com.iplanet.sso.SSOToken)12
IdRepoException (com.sun.identity.idm.IdRepoException)12
DelegationEvaluator (com.sun.identity.delegation.DelegationEvaluator)11
DelegationManager (com.sun.identity.delegation.DelegationManager)10
DelegationEvaluatorImpl (com.sun.identity.delegation.DelegationEvaluatorImpl)9
DelegationPrivilege (com.sun.identity.delegation.DelegationPrivilege)9
PolicyException (com.sun.identity.policy.PolicyException)8
AMIdentity (com.sun.identity.idm.AMIdentity)6
HashMap (java.util.HashMap)5
Map (java.util.Map)5
Test (org.testng.annotations.Test)5
AMIdentityRepository (com.sun.identity.idm.AMIdentityRepository)4
IdType (com.sun.identity.idm.IdType)4
CLIException (com.sun.identity.cli.CLIException)3
