Example 31 with DelegationException
use of com.sun.identity.delegation.DelegationException in project OpenAM by OpenRock.
the class SMSMigration70 method migrateDelegationPolicies.
/**
* Migrate delegation policies to have correct policy name, resource name
* and subjects
*/
protected static void migrateDelegationPolicies(SSOToken token, String orgName) throws SSOException {
System.out.println("Migrating delegation policies for org: " + orgName);
try {
DelegationManager dm = new DelegationManager(token, orgName);
Set privileges = dm.getPrivileges();
Set newPrivileges = new HashSet();
for (Iterator items = privileges.iterator(); items.hasNext(); ) {
DelegationPrivilege dp = (DelegationPrivilege) items.next();
String name = dp.getName();
// remove the privilege
dm.removePrivilege(name);
Set permissions = dp.getPermissions();
DelegationPermission perm = null;
int index = -1;
for (Iterator perms = permissions.iterator(); perms.hasNext(); ) {
perm = (DelegationPermission) perms.next();
// change the resource name
String resource = perm.getOrganizationName();
index = resource.toLowerCase().indexOf("," + SMSEntry.getRootSuffix());
if (index != -1) {
resource = resource.substring(0, index) + "," + DNMapper.serviceDN + resource.substring(index + SMSEntry.getRootSuffix().length() + 1);
perm.setOrganizationName(resource);
}
}
// change the subject name
Set subjects = dp.getSubjects();
Set newSubjects = new HashSet();
for (Iterator ss = subjects.iterator(); ss.hasNext(); ) {
String subject = (String) ss.next();
index = subject.toLowerCase().indexOf("," + SMSEntry.getRootSuffix());
if (index != -1) {
subject = subject.substring(0, index) + "," + DNMapper.serviceDN + subject.substring(index + SMSEntry.getRootSuffix().length() + 1);
}
newSubjects.add(subject);
}
dp.setSubjects(newSubjects);
newPrivileges.add(dp);
}
// Normalized orgname to realm name
int index = orgName.toLowerCase().indexOf("," + SMSEntry.getRootSuffix());
if (index != -1) {
orgName = orgName.substring(0, index) + "," + DNMapper.serviceDN + orgName.substring(index + 1 + SMSEntry.getRootSuffix().length());
}
dm = new DelegationManager(token, orgName);
// Add the modified privileges
for (Iterator items = newPrivileges.iterator(); items.hasNext(); ) {
DelegationPrivilege dp = (DelegationPrivilege) items.next();
dm.addPrivilege(dp);
}
System.out.println("Delegation Policies for org: " + orgName + "\n" + privileges);
} catch (DelegationException de) {
System.out.println(" " + de.getMessage());
}
}
Also used :
DelegationPrivilege(com.sun.identity.delegation.DelegationPrivilege)
HashSet(java.util.HashSet)
Set(java.util.Set)
DelegationManager(com.sun.identity.delegation.DelegationManager)
Iterator(java.util.Iterator)
DelegationException(com.sun.identity.delegation.DelegationException)
DelegationPermission(com.sun.identity.delegation.DelegationPermission)
HashSet(java.util.HashSet)
Example 32 with DelegationException
use of com.sun.identity.delegation.DelegationException in project OpenAM by OpenRock.
the class DelegationModelImpl method setPrivileges.
/**
* Set privileges of an identity.
*
* @param realmName Name of realm.
* @param uid Universal ID of the identity.
* @param privileges Map of privilege name to privilege value.
* @throws AMConsoleException if privilege cannot be set.
*/
public void setPrivileges(String realmName, String uid, Map privileges) throws AMConsoleException {
String curPrivilegeName = null;
try {
DelegationManager mgr = new DelegationManager(getUserSSOToken(), realmName);
Set privilegeObjects = mgr.getPrivileges();
String[] params = new String[3];
params[0] = realmName;
params[1] = uid;
for (Iterator i = privileges.keySet().iterator(); i.hasNext(); ) {
String name = (String) i.next();
String strVal = (String) AMAdminUtils.getValue((Set) privileges.get(name));
boolean bVal = strVal.equals(Boolean.TRUE.toString());
params[2] = name;
curPrivilegeName = name;
DelegationPrivilege dp = getDelegationPrivilege(name, privilegeObjects);
if (dp != null) {
Set subjects = dp.getSubjects();
boolean modified = false;
if (bVal) {
if (!subjects.contains(uid)) {
subjects.add(uid);
modified = true;
}
} else {
if (subjects.contains(uid)) {
subjects.remove(uid);
modified = true;
}
}
if (modified) {
logEvent("ATTEMPT_MODIFY_DELEGATION_PRIVILEGE", params);
mgr.addPrivilege(dp);
logEvent("SUCCEED_MODIFY_DELEGATION_PRIVILEGE", params);
}
} else if (bVal) {
Set subjects = new HashSet(2);
subjects.add(uid);
logEvent("ATTEMPT_MODIFY_DELEGATION_PRIVILEGE", params);
DelegationPrivilege newDp = new DelegationPrivilege(name, subjects, realmName);
mgr.addPrivilege(newDp);
logEvent("SUCCEED_MODIFY_DELEGATION_PRIVILEGE", params);
}
}
} catch (SSOException e) {
String strError = getErrorString(e);
String[] paramsEx = { realmName, uid, curPrivilegeName, strError };
logEvent("SSO_EXCEPTION_MODIFY_DELEGATION_PRIVILEGE", paramsEx);
throw new AMConsoleException(strError);
} catch (DelegationException e) {
String strError = getErrorString(e);
String[] paramsEx = { realmName, uid, curPrivilegeName, strError };
logEvent("DELEGATION_EXCEPTION_MODIFY_DELEGATION_PRIVILEGE", paramsEx);
throw new AMConsoleException(strError);
}
}
Also used :
DelegationPrivilege(com.sun.identity.delegation.DelegationPrivilege)
Set(java.util.Set)
HashSet(java.util.HashSet)
DelegationManager(com.sun.identity.delegation.DelegationManager)
Iterator(java.util.Iterator)
SSOException(com.iplanet.sso.SSOException)
DelegationException(com.sun.identity.delegation.DelegationException)
AMConsoleException(com.sun.identity.console.base.model.AMConsoleException)
HashSet(java.util.HashSet)
Example 33 with DelegationException
use of com.sun.identity.delegation.DelegationException in project OpenAM by OpenRock.
the class DelegationModelImpl method getSubjects.
/**
* Returns delegation subjects under a realm. Returning a set of
* universal ID of subject.
*
* @param realmName Name of realm.
* @param pattern Wildcard for matching subject name.
* @return delegation subjects under a realm.
* @throws AMConsoleException if subject universal ID cannot be obtained.
*/
public Set getSubjects(String realmName, String pattern) throws AMConsoleException {
String[] params = { realmName, pattern };
logEvent("ATTEMPT_GET_DELEGATION_SUBJECTS", params);
try {
DelegationManager mgr = new DelegationManager(getUserSSOToken(), realmName);
Set results = mgr.getSubjects(pattern);
logEvent("SUCCEED_GET_DELEGATION_SUBJECTS", params);
return (results != null) ? results : Collections.EMPTY_SET;
} catch (SSOException e) {
String strError = getErrorString(e);
String[] paramsEx = { realmName, pattern, strError };
logEvent("SSO_EXCEPTION_GET_DELEGATION_SUBJECTS", params);
debug.error("DelegationModelImpl.getSubjects", e);
throw new AMConsoleException(strError);
} catch (DelegationException e) {
String strError = getErrorString(e);
String[] paramsEx = { realmName, pattern, strError };
logEvent("DELEGATION_EXCEPTION_GET_DELEGATION_SUBJECTS", params);
debug.error("DelegationModelImpl.getSubjects", e);
throw new AMConsoleException(strError);
}
}
Also used :
Set(java.util.Set)
HashSet(java.util.HashSet)
DelegationManager(com.sun.identity.delegation.DelegationManager)
SSOException(com.iplanet.sso.SSOException)
DelegationException(com.sun.identity.delegation.DelegationException)
AMConsoleException(com.sun.identity.console.base.model.AMConsoleException)
Example 34 with DelegationException
use of com.sun.identity.delegation.DelegationException in project OpenAM by OpenRock.
the class DelegationModelImpl method getPrivileges.
/**
* Returns a set of privileges of an identity.
*
* @param realmName Name of realm.
* @param uid Universal ID of the identity.
* @return a set of privileges of an identity.
* @throws AMConsoleException if privilege cannot be determined.
*/
public Set getPrivileges(String realmName, String uid) throws AMConsoleException {
String[] params = { realmName, uid };
logEvent("ATTEMPT_GET_PRIVILEGES_OF_DELEGATION_SUBJECT", params);
try {
DelegationManager mgr = new DelegationManager(getUserSSOToken(), realmName);
Set results = mgr.getPrivileges(uid);
logEvent("SUCCEED_GET_PRIVILEGES_OF_DELEGATION_SUBJECT", params);
return (results != null) ? results : Collections.EMPTY_SET;
} catch (SSOException e) {
String strError = getErrorString(e);
String[] paramsEx = { realmName, uid, strError };
logEvent("SSO_EXCEPTION_GET_PRIVILEGES_OF_DELEGATION_SUBJECT", paramsEx);
debug.error("DelegationModelImpl.getPrivileges", e);
throw new AMConsoleException(strError);
} catch (DelegationException e) {
String strError = getErrorString(e);
String[] paramsEx = { realmName, uid, strError };
logEvent("DELEGATION_EXCEPTION_GET_PRIVILEGES_OF_DELEGATION_SUBJECT", paramsEx);
debug.error("DelegationModelImpl.getPrivileges", e);
throw new AMConsoleException(strError);
}
}
Also used :
Set(java.util.Set)
HashSet(java.util.HashSet)
DelegationManager(com.sun.identity.delegation.DelegationManager)
SSOException(com.iplanet.sso.SSOException)
DelegationException(com.sun.identity.delegation.DelegationException)
AMConsoleException(com.sun.identity.console.base.model.AMConsoleException)
Example 35 with DelegationException
use of com.sun.identity.delegation.DelegationException in project OpenAM by OpenRock.
the class UMUserPasswordResetOptionsModelImpl method isRealmAdmin.
/**
* Returns <code>true</code> if current user is an realm administrator.
*
* @return <code>true</code> if current user is an realm administrator.
*/
public boolean isRealmAdmin() {
SSOToken token = getUserSSOToken();
try {
Set actionNames = new HashSet();
actionNames.add("MODIFY");
DelegationEvaluator de = new DelegationEvaluatorImpl();
DelegationPermission permission = new DelegationPermission(token.getProperty(Constants.ORGANIZATION), "sunAMRealmService", "1.0", "organization", "default", actionNames, null);
return de.isAllowed(token, permission, null);
} catch (SSOException e) {
debug.warning("UserPasswordResetOptionsModelImpl.isRealmAdmin", e);
} catch (DelegationException e) {
debug.warning("UserPasswordResetOptionsModelImpl.isRealmAdmin", e);
}
return false;
}
Also used :
DelegationEvaluatorImpl(com.sun.identity.delegation.DelegationEvaluatorImpl)
SSOToken(com.iplanet.sso.SSOToken)
HashSet(java.util.HashSet)
Set(java.util.Set)
DelegationEvaluator(com.sun.identity.delegation.DelegationEvaluator)
SSOException(com.iplanet.sso.SSOException)
DelegationException(com.sun.identity.delegation.DelegationException)
DelegationPermission(com.sun.identity.delegation.DelegationPermission)
HashSet(java.util.HashSet)
Aggregations
DelegationException (com.sun.identity.delegation.DelegationException)37
SSOException (com.iplanet.sso.SSOException)29
Set (java.util.Set)27
HashSet (java.util.HashSet)21
Iterator (java.util.Iterator)18
DelegationPermission (com.sun.identity.delegation.DelegationPermission)17
SSOToken (com.iplanet.sso.SSOToken)12
IdRepoException (com.sun.identity.idm.IdRepoException)12
DelegationEvaluator (com.sun.identity.delegation.DelegationEvaluator)11
DelegationManager (com.sun.identity.delegation.DelegationManager)10
DelegationEvaluatorImpl (com.sun.identity.delegation.DelegationEvaluatorImpl)9
DelegationPrivilege (com.sun.identity.delegation.DelegationPrivilege)9
PolicyException (com.sun.identity.policy.PolicyException)8
AMIdentity (com.sun.identity.idm.AMIdentity)6
HashMap (java.util.HashMap)5
Map (java.util.Map)5
Test (org.testng.annotations.Test)5
AMIdentityRepository (com.sun.identity.idm.AMIdentityRepository)4
IdType (com.sun.identity.idm.IdType)4
CLIException (com.sun.identity.cli.CLIException)3
