Example 6 with IdRepo
use of com.sun.identity.idm.IdRepo in project OpenAM by OpenRock.
the class IdServicesImpl method getSupportedTypes.
public Set getSupportedTypes(SSOToken token, String amOrgName) throws IdRepoException, SSOException {
Set unionSupportedTypes = new HashSet();
Set configuredPluginClasses = idrepoCache.getIdRepoPlugins(amOrgName);
if (configuredPluginClasses == null || configuredPluginClasses.isEmpty()) {
throw new IdRepoException(IdRepoBundle.BUNDLE_NAME, IdRepoErrorCode.NO_PLUGINS_CONFIGURED, null);
}
Iterator it = configuredPluginClasses.iterator();
while (it.hasNext()) {
IdRepo repo = (IdRepo) it.next();
Set supportedTypes = repo.getSupportedTypes();
if (supportedTypes != null && !supportedTypes.isEmpty()) {
unionSupportedTypes.addAll(supportedTypes);
}
}
// Check if the supportedTypes is defined as supported in
// the global schema.
unionSupportedTypes.retainAll(IdUtils.supportedTypes);
return unionSupportedTypes;
}
Also used :
Set(java.util.Set)
OrderedSet(com.sun.identity.shared.datastruct.OrderedSet)
CaseInsensitiveHashSet(com.sun.identity.common.CaseInsensitiveHashSet)
HashSet(java.util.HashSet)
IdRepo(com.sun.identity.idm.IdRepo)
IdRepoException(com.sun.identity.idm.IdRepoException)
Iterator(java.util.Iterator)
CaseInsensitiveHashSet(com.sun.identity.common.CaseInsensitiveHashSet)
HashSet(java.util.HashSet)
Example 7 with IdRepo
use of com.sun.identity.idm.IdRepo in project OpenAM by OpenRock.
the class IdServicesImpl method modifyMemberShip.
/*
* (non-Javadoc)
*/
public void modifyMemberShip(SSOToken token, IdType type, String name, Set members, IdType membersType, int operation, String amOrgName) throws IdRepoException, SSOException {
IdRepoException origEx = null;
// Check permission first. If allowed then proceed, else the
// checkPermission method throws an "402" exception.
checkPermission(token, amOrgName, name, null, IdOperation.EDIT, type);
// First get the list of plugins that support the create operation.
Set configuredPluginClasses = idrepoCache.getIdRepoPlugins(amOrgName, IdOperation.EDIT, type);
if ((configuredPluginClasses == null) || configuredPluginClasses.isEmpty()) {
throw new IdRepoException(IdRepoBundle.BUNDLE_NAME, IdRepoErrorCode.NO_PLUGINS_CONFIGURED, null);
}
//check if the identity exist
if (!isExists(token, type, name, amOrgName)) {
Object[] args = { name, type.getName() };
throw new IdRepoException(IdRepoBundle.BUNDLE_NAME, IdRepoErrorCode.TYPE_NOT_FOUND, args);
}
validateMembers(token, members, membersType, amOrgName);
Iterator it = configuredPluginClasses.iterator();
int noOfSuccess = configuredPluginClasses.size();
while (it.hasNext()) {
IdRepo idRepo = (IdRepo) it.next();
if (!idRepo.getSupportedTypes().contains(membersType) || idRepo.getClass().getName().equals(IdConstants.SPECIAL_PLUGIN)) {
// IdRepo plugin does not support the idType for
// memberships
noOfSuccess--;
continue;
}
try {
idRepo.modifyMemberShip(token, type, name, members, membersType, operation);
} catch (IdRepoUnsupportedOpException ide) {
if (DEBUG.warningEnabled()) {
DEBUG.warning("IdServicesImpl.modifyMembership: " + "Unable to modify memberships in the following" + " repository " + idRepo.getClass().getName() + " :: " + ide.getMessage());
}
noOfSuccess--;
origEx = (origEx == null) ? ide : origEx;
} catch (IdRepoFatalException idf) {
// fatal ..throw it all the way up
DEBUG.error("IdServicesImpl.modifyMembership: " + "Fatal Exception ", idf);
throw idf;
} catch (IdRepoException ide) {
if (DEBUG.warningEnabled()) {
DEBUG.warning("IdServicesImpl.modifyMembership: " + "Unable to modify memberships in the following" + " repository " + idRepo.getClass().getName() + " :: " + ide.getMessage());
}
noOfSuccess--;
origEx = (origEx == null) ? ide : origEx;
}
}
if (noOfSuccess == 0) {
if (DEBUG.warningEnabled()) {
DEBUG.warning("IdServicesImpl.modifyMemberShip: " + "Unable to modify members for identity " + type.getName() + "::" + name + " in any configured data store", origEx);
}
if (origEx != null) {
throw origEx;
} else {
Object[] args = { "modifyMemberShip", IdOperation.EDIT.getName() };
throw new IdRepoUnsupportedOpException(IdRepoBundle.BUNDLE_NAME, IdRepoErrorCode.PLUGIN_OPERATION_NOT_SUPPORTED, args);
}
}
}
Also used :
IdRepoUnsupportedOpException(com.sun.identity.idm.IdRepoUnsupportedOpException)
Set(java.util.Set)
OrderedSet(com.sun.identity.shared.datastruct.OrderedSet)
CaseInsensitiveHashSet(com.sun.identity.common.CaseInsensitiveHashSet)
HashSet(java.util.HashSet)
IdRepo(com.sun.identity.idm.IdRepo)
IdRepoException(com.sun.identity.idm.IdRepoException)
Iterator(java.util.Iterator)
IdRepoFatalException(com.sun.identity.idm.IdRepoFatalException)
Example 8 with IdRepo
use of com.sun.identity.idm.IdRepo in project OpenAM by OpenRock.
the class IdServicesImpl method authenticate.
/**
* Returns <code>true</code> if the data store has successfully
* authenticated the identity with the provided credentials. In case the
* data store requires additional credentials, the list would be returned
* via the <code>IdRepoException</code> exception.
*
* @param orgName
* realm name to which the identity would be authenticated
* @param credentials
* Array of callback objects containing information such as
* username and password.
*
* @return <code>true</code> if data store authenticates the identity;
* else <code>false</code>
*/
public boolean authenticate(String orgName, Callback[] credentials) throws IdRepoException, AuthLoginException {
if (DEBUG.messageEnabled()) {
DEBUG.message("IdServicesImpl.authenticate: called for org: " + orgName);
}
IdRepoException firstException = null;
AuthLoginException authException = null;
// Get the list of plugins and check if they support authN
Set cPlugins = null;
try {
cPlugins = idrepoCache.getIdRepoPlugins(orgName);
} catch (SSOException ex) {
// Debug the message and return false
if (DEBUG.messageEnabled()) {
DEBUG.message("IdServicesImpl.authenticate: " + "Error obtaining " + "IdRepo plugins for the org: " + orgName);
}
return (false);
} catch (IdRepoException ex) {
// Debug the message and return false
if (DEBUG.messageEnabled()) {
DEBUG.message("IdServicesImpl.authenticate: " + "Error obtaining " + "IdRepo plugins for the org: " + orgName);
}
return (false);
}
// Check for internal user. If internal user, use SpecialRepo only
String name = null;
for (int i = 0; i < credentials.length; i++) {
if (credentials[i] instanceof NameCallback) {
name = ((NameCallback) credentials[i]).getName();
if (LDAPUtils.isDN(name)) {
// Obtain the firsr RDN
name = LDAPUtils.rdnValueFromDn(name);
}
break;
}
}
SSOToken token = (SSOToken) AccessController.doPrivileged(AdminTokenAction.getInstance());
try {
if ((name != null) && isSpecialIdentity(token, name, IdType.USER, orgName)) {
for (Iterator tis = cPlugins.iterator(); tis.hasNext(); ) {
IdRepo idRepo = (IdRepo) tis.next();
if (idRepo.getClass().getName().equals(IdConstants.SPECIAL_PLUGIN)) {
if (idRepo.authenticate(credentials)) {
if (DEBUG.messageEnabled()) {
DEBUG.message("IdServicesImpl.authenticate: " + "AuthN success using special repo " + idRepo.getClass().getName() + " user: " + name);
}
return (true);
} else {
// Invalid password used for internal user
DEBUG.error("IdServicesImpl.authenticate: " + "AuthN failed using special repo " + idRepo.getClass().getName() + " user: " + name);
return (false);
}
}
}
}
} catch (SSOException ssoe) {
// Ignore the exception
DEBUG.error("IdServicesImpl.authenticate: AuthN failed " + "checking for special users", ssoe);
return (false);
}
for (Iterator items = cPlugins.iterator(); items.hasNext(); ) {
IdRepo idRepo = (IdRepo) items.next();
if (idRepo.supportsAuthentication()) {
if (DEBUG.messageEnabled()) {
DEBUG.message("IdServicesImpl.authenticate: " + "AuthN to " + idRepo.getClass().getName() + " in org: " + orgName);
}
try {
if (idRepo.authenticate(credentials)) {
// Successfully authenticated
if (DEBUG.messageEnabled()) {
DEBUG.message("IdServicesImpl.authenticate: " + "AuthN success for " + idRepo.getClass().getName());
}
return (true);
}
} catch (IdRepoException ide) {
// all authentication calls fail
if (firstException == null) {
firstException = ide;
}
} catch (AuthLoginException authex) {
if (authException == null) {
authException = authex;
}
}
} else if (DEBUG.messageEnabled()) {
DEBUG.message("IdServicesImpl.authenticate: AuthN " + "not supported by " + idRepo.getClass().getName());
}
}
if (authException != null) {
throw (authException);
}
if (firstException != null) {
throw (firstException);
}
return (false);
}
Also used :
Set(java.util.Set)
OrderedSet(com.sun.identity.shared.datastruct.OrderedSet)
CaseInsensitiveHashSet(com.sun.identity.common.CaseInsensitiveHashSet)
HashSet(java.util.HashSet)
NameCallback(javax.security.auth.callback.NameCallback)
SSOToken(com.iplanet.sso.SSOToken)
IdRepo(com.sun.identity.idm.IdRepo)
IdRepoException(com.sun.identity.idm.IdRepoException)
Iterator(java.util.Iterator)
AuthLoginException(com.sun.identity.authentication.spi.AuthLoginException)
SSOException(com.iplanet.sso.SSOException)
Example 9 with IdRepo
use of com.sun.identity.idm.IdRepo in project OpenAM by OpenRock.
the class IdServicesImpl method getAssignedServices.
public Set<String> getAssignedServices(SSOToken token, IdType type, String name, Map mapOfServiceNamesAndOCs, String amOrgName, String amsdkDN) throws IdRepoException, SSOException {
IdRepoException origEx = null;
// Check permission first. If allowed then proceed, else the
// checkPermission method throws an "402" exception.
checkPermission(token, amOrgName, name, null, IdOperation.READ, type);
// Get the list of plugins that support the service operation.
Set<IdRepo> configuredPluginClasses = idrepoCache.getIdRepoPlugins(amOrgName, IdOperation.SERVICE, type);
if (configuredPluginClasses == null || configuredPluginClasses.isEmpty()) {
if (type.equals(IdType.REALM)) {
return Collections.emptySet();
}
}
int noOfSuccess = configuredPluginClasses.size();
Set<String> resultsSet = new HashSet<String>();
for (IdRepo repo : configuredPluginClasses) {
try {
Set<String> services;
if (repo.getClass().getName().equals(IdConstants.AMSDK_PLUGIN) && amsdkDN != null) {
services = repo.getAssignedServices(token, type, amsdkDN, mapOfServiceNamesAndOCs);
} else {
services = repo.getAssignedServices(token, type, name, mapOfServiceNamesAndOCs);
}
if (services != null && !services.isEmpty()) {
resultsSet.addAll(services);
}
} catch (IdRepoUnsupportedOpException ide) {
if (DEBUG.messageEnabled()) {
DEBUG.message("IdServicesImpl.getAssignedServices: Services not supported for repository " + repo.getClass().getName() + " :: " + ide.getMessage());
}
noOfSuccess--;
origEx = origEx == null ? ide : origEx;
} catch (IdRepoFatalException idf) {
// fatal ..throw it all the way up
DEBUG.error("IdServicesImpl.getAssignedServices: Fatal Exception ", idf);
throw idf;
} catch (IdRepoException ide) {
if (DEBUG.warningEnabled()) {
DEBUG.warning("IdServicesImpl.getAssignedServices: Unable to get services for identity in the " + "following repository " + repo.getClass().getName() + " :: " + ide.getMessage());
}
noOfSuccess--;
origEx = (origEx == null) ? ide : origEx;
}
}
if (noOfSuccess == 0) {
if (DEBUG.warningEnabled()) {
DEBUG.warning("IdServicesImpl.getAssignedServices: Unable to get assigned services for identity " + type.getName() + "::" + name + " in any configured data store", origEx);
}
throw origEx;
} else {
return resultsSet;
}
}
Also used :
IdRepoUnsupportedOpException(com.sun.identity.idm.IdRepoUnsupportedOpException)
IdRepo(com.sun.identity.idm.IdRepo)
IdRepoException(com.sun.identity.idm.IdRepoException)
IdRepoFatalException(com.sun.identity.idm.IdRepoFatalException)
CaseInsensitiveHashSet(com.sun.identity.common.CaseInsensitiveHashSet)
HashSet(java.util.HashSet)
Example 10 with IdRepo
use of com.sun.identity.idm.IdRepo in project OpenAM by OpenRock.
the class IdServicesImpl method unassignService.
public void unassignService(SSOToken token, IdType type, String name, String serviceName, Map attrMap, String amOrgName, String amsdkDN) throws IdRepoException, SSOException {
IdRepoException origEx = null;
// Check permission first. If allowed then proceed, else the
// checkPermission method throws an "402" exception.
checkPermission(token, amOrgName, name, null, IdOperation.SERVICE, type);
// Get the list of plugins that support the service operation.
Set configuredPluginClasses = idrepoCache.getIdRepoPlugins(amOrgName, IdOperation.SERVICE, type);
if ((configuredPluginClasses == null) || configuredPluginClasses.isEmpty()) {
throw new IdRepoException(IdRepoBundle.BUNDLE_NAME, IdRepoErrorCode.NO_PLUGINS_CONFIGURED, null);
}
Iterator it = configuredPluginClasses.iterator();
int noOfSuccess = configuredPluginClasses.size();
IdRepo idRepo = null;
while (it.hasNext()) {
IdRepo repo = (IdRepo) it.next();
Map cMap = repo.getConfiguration();
try {
Map mappedAttributes = mapAttributeNames(attrMap, cMap);
if (repo.getClass().getName().equals(IdConstants.AMSDK_PLUGIN) && amsdkDN != null) {
repo.unassignService(token, type, amsdkDN, serviceName, mappedAttributes);
} else {
repo.unassignService(token, type, name, serviceName, mappedAttributes);
}
} catch (IdRepoUnsupportedOpException ide) {
if (idRepo != null && DEBUG.messageEnabled()) {
DEBUG.message("IdServicesImpl.unassignService: " + "Unassign Service not supported for repository " + repo.getClass().getName() + " :: " + ide.getMessage());
}
noOfSuccess--;
origEx = (origEx == null) ? ide : origEx;
} catch (IdRepoFatalException idf) {
// fatal ..throw it all the way up
DEBUG.error("IdServicesImpl.unassignService: Fatal Exception ", idf);
throw idf;
} catch (IdRepoException ide) {
if (idRepo != null && DEBUG.warningEnabled()) {
DEBUG.warning("IdServicesImpl.unassignService: " + "Unable to unassign service in the " + "following repository " + idRepo.getClass().getName() + " :: " + ide.getMessage());
}
noOfSuccess--;
origEx = (origEx == null) ? ide : origEx;
}
}
if (noOfSuccess == 0) {
if (DEBUG.warningEnabled()) {
DEBUG.warning("IdServicesImpl.unassignService: " + "Unable to unassign Service for identity " + type.getName() + "::" + name + " in any configured " + "data store ", origEx);
}
throw origEx;
}
}
Also used :
IdRepoUnsupportedOpException(com.sun.identity.idm.IdRepoUnsupportedOpException)
Set(java.util.Set)
OrderedSet(com.sun.identity.shared.datastruct.OrderedSet)
CaseInsensitiveHashSet(com.sun.identity.common.CaseInsensitiveHashSet)
HashSet(java.util.HashSet)
IdRepo(com.sun.identity.idm.IdRepo)
IdRepoException(com.sun.identity.idm.IdRepoException)
Iterator(java.util.Iterator)
Map(java.util.Map)
AMHashMap(com.iplanet.am.sdk.AMHashMap)
HashMap(java.util.HashMap)
CaseInsensitiveHashMap(com.sun.identity.common.CaseInsensitiveHashMap)
IdRepoFatalException(com.sun.identity.idm.IdRepoFatalException)
Aggregations
IdRepo (com.sun.identity.idm.IdRepo)34
HashSet (java.util.HashSet)30
IdRepoException (com.sun.identity.idm.IdRepoException)29
OrderedSet (com.sun.identity.shared.datastruct.OrderedSet)28
Iterator (java.util.Iterator)28
Set (java.util.Set)28
CaseInsensitiveHashSet (com.sun.identity.common.CaseInsensitiveHashSet)25
IdRepoFatalException (com.sun.identity.idm.IdRepoFatalException)19
IdRepoUnsupportedOpException (com.sun.identity.idm.IdRepoUnsupportedOpException)19
HashMap (java.util.HashMap)19
Map (java.util.Map)18
AMHashMap (com.iplanet.am.sdk.AMHashMap)11
CaseInsensitiveHashMap (com.sun.identity.common.CaseInsensitiveHashMap)11
SMSException (com.sun.identity.sm.SMSException)11
SSOException (com.iplanet.sso.SSOException)10
LinkedHashMap (java.util.LinkedHashMap)8
AuthLoginException (com.sun.identity.authentication.spi.AuthLoginException)7
DelegationException (com.sun.identity.delegation.DelegationException)6
IdRepoListener (com.sun.identity.idm.IdRepoListener)4
RepoSearchResults (com.sun.identity.idm.RepoSearchResults)3
