use of com.sun.identity.idm.AMIdentity in project OpenAM by OpenRock.
the class GetPrivileges method handleRequest.
/**
* Services a Commandline Request.
*
* @param rc Request Context.
* @throws CLIException if the request cannot serviced.
*/
public void handleRequest(RequestContext rc) throws CLIException {
super.handleRequest(rc);
SSOToken adminSSOToken = getAdminSSOToken();
IOutput outputWriter = getOutputWriter();
String realm = getStringOptionValue(IArgument.REALM_NAME);
String idName = getStringOptionValue(ARGUMENT_ID_NAME);
String type = getStringOptionValue(ARGUMENT_ID_TYPE);
IdType idType = convert2IdType(type);
String[] params = { realm, type, idName };
try {
DelegationManager mgr = new DelegationManager(adminSSOToken, realm);
AMIdentityRepository amir = new AMIdentityRepository(adminSSOToken, realm);
writeLog(LogWriter.LOG_ACCESS, Level.INFO, "ATTEMPT_IDREPO_GET_PRIVILEGES", params);
AMIdentity amid;
if (idType.equals(IdType.ROLE) && idName.equalsIgnoreCase(ALL_AUTHENTICATED_USERS)) {
//realm needs to be /, see DelegationPolicyImpl#privilegeToPolicy implementation
amid = new AMIdentity(adminSSOToken, idName, idType, "/", null);
//do not check the existense of all authenticated users role as it would fail
} else {
amid = new AMIdentity(adminSSOToken, idName, idType, realm, null);
if (!amid.isExists()) {
Object[] p = { idName, type };
throw new CLIException(MessageFormat.format(getResourceString("identity-does-not-exist"), p), ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
}
}
Set results = mgr.getPrivileges(amid.getUniversalId());
if ((results != null) && !results.isEmpty()) {
String[] param = { "" };
String msg = getResourceString("privilege-result");
for (Iterator i = results.iterator(); i.hasNext(); ) {
DelegationPrivilege p = (DelegationPrivilege) i.next();
param[0] = p.getName();
outputWriter.printlnMessage(MessageFormat.format(msg, (Object[]) param));
}
} else {
outputWriter.printlnMessage(getResourceString("no-privileges"));
}
writeLog(LogWriter.LOG_ACCESS, Level.INFO, "SUCCEED_IDREPO_GET_PRIVILEGES", params);
} catch (DelegationException e) {
String[] args = { realm, type, idName, e.getMessage() };
debugError("GetPrivileges.handleRequest", e);
writeLog(LogWriter.LOG_ERROR, Level.INFO, "FAILED_IDREPO_GET_PRIVILEGES", args);
throw new CLIException(e, ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
} catch (IdRepoException e) {
String[] args = { realm, type, idName, e.getMessage() };
debugError("GetPrivileges.handleRequest", e);
writeLog(LogWriter.LOG_ERROR, Level.INFO, "FAILED_IDREPO_GET_PRIVILEGES", args);
throw new CLIException(e, ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
} catch (SSOException e) {
String[] args = { realm, type, idName, e.getMessage() };
debugError("GetPrivileges.handleRequest", e);
writeLog(LogWriter.LOG_ERROR, Level.INFO, "FAILED_IDREPO_GET_PRIVILEGES", args);
throw new CLIException(e, ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
}
}
use of com.sun.identity.idm.AMIdentity in project OpenAM by OpenRock.
the class AddMember method handleRequest.
/**
* Services a Commandline Request.
*
* @param rc Request Context.
* @throws CLIException if the request cannot serviced.
*/
public void handleRequest(RequestContext rc) throws CLIException {
super.handleRequest(rc);
SSOToken adminSSOToken = getAdminSSOToken();
IOutput outputWriter = getOutputWriter();
String realm = getStringOptionValue(IArgument.REALM_NAME);
String idName = getStringOptionValue(ARGUMENT_ID_NAME);
String type = getStringOptionValue(ARGUMENT_ID_TYPE);
IdType idType = convert2IdType(type);
String memberIdName = getStringOptionValue(ARGUMENT_MEMBER_IDNAME);
String memberType = getStringOptionValue(ARGUMENT_MEMBER_IDTYPE);
IdType memberIdType = convert2IdType(memberType);
String[] params = { realm, type, idName, memberIdName, memberType };
try {
AMIdentityRepository amir = new AMIdentityRepository(adminSSOToken, realm);
Set memberOfs = memberIdType.canBeMemberOf();
if (!memberOfs.contains(idType)) {
String[] args = { type, memberType };
throw new CLIException(MessageFormat.format(getResourceString("idrepo-cannot-be-member"), (Object[]) args), ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
}
writeLog(LogWriter.LOG_ACCESS, Level.INFO, "ATTEMPT_IDREPO_ADD_MEMBER", params);
AMIdentity amid = new AMIdentity(adminSSOToken, idName, idType, realm, null);
AMIdentity memberAmid = new AMIdentity(adminSSOToken, memberIdName, memberIdType, realm, null);
String[] args = { memberIdName, idName };
amid.addMember(memberAmid);
outputWriter.printlnMessage(MessageFormat.format(getResourceString("idrepo-get-addmember-succeed"), (Object[]) args));
writeLog(LogWriter.LOG_ACCESS, Level.INFO, "SUCCEED_IDREPO_ADD_MEMBER", params);
} catch (IdRepoException e) {
String[] args = { realm, type, idName, memberIdName, memberType, e.getMessage() };
debugError("AddMember.handleRequest", e);
writeLog(LogWriter.LOG_ERROR, Level.INFO, "FAILED_IDREPO_ADD_MEMBER", args);
throw new CLIException(e, ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
} catch (SSOException e) {
String[] args = { realm, type, idName, memberIdName, memberType, e.getMessage() };
debugError("AddMember.handleRequest", e);
writeLog(LogWriter.LOG_ERROR, Level.INFO, "FAILED_IDREPO_ADD_MEMBER", args);
throw new CLIException(e, ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
}
}
use of com.sun.identity.idm.AMIdentity in project OpenAM by OpenRock.
the class GetServiceAttributes method handleRequest.
/**
* Services a Commandline Request.
*
* @param rc Request Context.
* @throws CLIException if the request cannot serviced.
*/
public void handleRequest(RequestContext rc) throws CLIException {
super.handleRequest(rc);
SSOToken adminSSOToken = getAdminSSOToken();
IOutput outputWriter = getOutputWriter();
String realm = getStringOptionValue(IArgument.REALM_NAME);
String idName = getStringOptionValue(ARGUMENT_ID_NAME);
String type = getStringOptionValue(ARGUMENT_ID_TYPE);
String serviceName = getStringOptionValue(IArgument.SERVICE_NAME);
IdType idType = convert2IdType(type);
String[] params = { realm, type, idName, serviceName };
try {
AMIdentityRepository amir = new AMIdentityRepository(adminSSOToken, realm);
Set set = amir.getAllowedIdOperations(idType);
if (!set.contains(IdOperation.SERVICE)) {
throw new CLIException(MessageFormat.format(getResourceString("realm-does-not-support-service"), (Object[]) params), ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
}
writeLog(LogWriter.LOG_ACCESS, Level.INFO, "ATTEMPT_IDREPO_GET_SERVICE_ATTRIBUTES", params);
AMIdentity amid = new AMIdentity(adminSSOToken, idName, idType, realm, null);
Map values = amid.getServiceAttributes(serviceName);
if ((values != null) && !values.isEmpty()) {
String msg = getResourceString("idrepo-service-attribute-result");
String[] arg = { "", "" };
for (Iterator i = values.keySet().iterator(); i.hasNext(); ) {
String attrName = (String) i.next();
Set attrValues = (Set) values.get(attrName);
arg[0] = attrName;
arg[1] = tokenize(attrValues);
outputWriter.printlnMessage(MessageFormat.format(msg, (Object[]) arg));
}
} else {
outputWriter.printlnMessage(getResourceString("idrepo-no-service-attributes"));
}
writeLog(LogWriter.LOG_ACCESS, Level.INFO, "SUCCEED_IDREPO_GET_SERVICE_ATTRIBUTES", params);
} catch (IdRepoException e) {
String[] args = { realm, type, idName, serviceName, e.getMessage() };
debugError("GetServiceAttributes.handleRequest", e);
writeLog(LogWriter.LOG_ERROR, Level.INFO, "FAILED_IDREPO_GET_SERVICE_ATTRIBUTES", args);
throw new CLIException(e, ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
} catch (SSOException e) {
String[] args = { realm, type, idName, serviceName, e.getMessage() };
debugError("GetServiceAttributes.handleRequest", e);
writeLog(LogWriter.LOG_ERROR, Level.INFO, "FAILED_IDREPO_GET_SERVICE_ATTRIBUTES", args);
throw new CLIException(e, ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
}
}
use of com.sun.identity.idm.AMIdentity in project OpenAM by OpenRock.
the class ModifyService method handleRequest.
/**
* Services a Commandline Request.
*
* @param rc Request Context.
* @throws CLIException if the request cannot serviced.
*/
public void handleRequest(RequestContext rc) throws CLIException {
super.handleRequest(rc);
SSOToken adminSSOToken = getAdminSSOToken();
IOutput outputWriter = getOutputWriter();
String realm = getStringOptionValue(IArgument.REALM_NAME);
String idName = getStringOptionValue(ARGUMENT_ID_NAME);
String type = getStringOptionValue(ARGUMENT_ID_TYPE);
String serviceName = getStringOptionValue(IArgument.SERVICE_NAME);
IdType idType = convert2IdType(type);
String datafile = getStringOptionValue(IArgument.DATA_FILE);
List attrValues = rc.getOption(IArgument.ATTRIBUTE_VALUES);
if ((datafile == null) && (attrValues == null)) {
throw new CLIException(getResourceString("missing-attributevalues"), ExitCodes.INCORRECT_OPTION, rc.getSubCommand().getName());
}
Map attributeValues = AttributeValues.parse(getCommandManager(), datafile, attrValues);
String[] params = { realm, type, idName, serviceName };
try {
AMIdentityRepository amir = new AMIdentityRepository(adminSSOToken, realm);
writeLog(LogWriter.LOG_ACCESS, Level.INFO, "ATTEMPT_IDREPO_MODIFY_SERVICE", params);
AMIdentity amid = new AMIdentity(adminSSOToken, idName, idType, realm, null);
amid.modifyService(serviceName, attributeValues);
outputWriter.printlnMessage(MessageFormat.format(getResourceString("idrepo-modify-service-succeed"), (Object[]) params));
writeLog(LogWriter.LOG_ACCESS, Level.INFO, "SUCCEED_IDREPO_MODIFY_SERVICE", params);
} catch (IdRepoException e) {
String[] args = { realm, type, idName, serviceName, e.getMessage() };
debugError("ModifyService.handleRequest", e);
writeLog(LogWriter.LOG_ERROR, Level.INFO, "FAILED_IDREPO_MODIFY_SERVICE", args);
throw new CLIException(e, ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
} catch (SSOException e) {
String[] args = { realm, type, idName, serviceName, e.getMessage() };
debugError("ModifyService.handleRequest", e);
writeLog(LogWriter.LOG_ERROR, Level.INFO, "FAILED_IDREPO_MODIFY_SERVICE", args);
throw new CLIException(e, ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
}
}
use of com.sun.identity.idm.AMIdentity in project OpenAM by OpenRock.
the class RemoveMember method handleRequest.
/**
* Services a Commandline Request.
*
* @param rc Request Context.
* @throws CLIException if the request cannot serviced.
*/
public void handleRequest(RequestContext rc) throws CLIException {
super.handleRequest(rc);
SSOToken adminSSOToken = getAdminSSOToken();
IOutput outputWriter = getOutputWriter();
String realm = getStringOptionValue(IArgument.REALM_NAME);
String idName = getStringOptionValue(ARGUMENT_ID_NAME);
String type = getStringOptionValue(ARGUMENT_ID_TYPE);
IdType idType = convert2IdType(type);
String memberIdName = getStringOptionValue(ARGUMENT_MEMBER_IDNAME);
String memberType = getStringOptionValue(ARGUMENT_MEMBER_IDTYPE);
IdType memberIdType = convert2IdType(memberType);
String[] params = { realm, type, idName, memberIdName, memberType };
try {
AMIdentityRepository amir = new AMIdentityRepository(adminSSOToken, realm);
Set memberOfs = memberIdType.canBeMemberOf();
if (!memberOfs.contains(idType)) {
String[] args = { type, memberType };
throw new CLIException(MessageFormat.format(getResourceString("idrepo-cannot-be-member"), (Object[]) args), ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
}
writeLog(LogWriter.LOG_ACCESS, Level.INFO, "ATTEMPT_IDREPO_REMOVE_MEMBER", params);
AMIdentity amid = new AMIdentity(adminSSOToken, idName, idType, realm, null);
AMIdentity memberAmid = new AMIdentity(adminSSOToken, memberIdName, memberIdType, realm, null);
String[] args = { memberIdName, idName };
amid.removeMember(memberAmid);
outputWriter.printlnMessage(MessageFormat.format(getResourceString("idrepo-get-removemember-succeed"), (Object[]) args));
writeLog(LogWriter.LOG_ACCESS, Level.INFO, "SUCCEED_IDREPO_REMOVE_MEMBER", params);
} catch (IdRepoException e) {
String[] args = { realm, type, idName, memberIdName, memberType, e.getMessage() };
debugError("RemoveMember.handleRequest", e);
writeLog(LogWriter.LOG_ERROR, Level.INFO, "FAILED_IDREPO_REMOVE_MEMBER", args);
throw new CLIException(e, ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
} catch (SSOException e) {
String[] args = { realm, type, idName, memberIdName, memberType, e.getMessage() };
debugError("RemoveMember.handleRequest", e);
writeLog(LogWriter.LOG_ERROR, Level.INFO, "FAILED_IDREPO_REMOVE_MEMBER", args);
throw new CLIException(e, ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
}
}
Aggregations