use of com.sun.identity.idm.IdRepo in project OpenAM by OpenRock.
the class IdRepoPluginsCache method constructIdRepoPlugin.
/**
* Constructs IdRepo plugin object and returns.
*/
private IdRepo constructIdRepoPlugin(String orgName, Map configMap, String name) throws IdRepoException, SSOException {
IdRepo answer = null;
if (debug.messageEnabled()) {
debug.message("IdRepoPluginsCache.constructIdRepoPlugin: config=" + configMap.get("sunIdRepoClass"));
}
if (configMap == null || configMap.isEmpty()) {
if (debug.warningEnabled()) {
debug.warning("IdRepoPluginsCache.constructIdRepoPlugin: " + "Cannot construct with empty config data");
}
return (null);
}
Set vals = (Set) configMap.get(IdConstants.ID_REPO);
if ((vals != null) && !vals.isEmpty()) {
String className = (String) vals.iterator().next();
Class thisClass;
try {
thisClass = Thread.currentThread().getContextClassLoader().loadClass(className);
answer = (IdRepo) thisClass.newInstance();
} catch (Throwable ex) {
debug.error("IdRepoPluginsCached.constructIdRepoPlugin " + " OrgName: " + orgName + " ConfigMap: " + configMap, ex);
throw (new IdRepoException(ex.getMessage()));
}
answer.initialize(configMap);
// Add listener to this plugin class!
Map listenerConfig = new HashMap();
listenerConfig.put("realm", orgName);
listenerConfig.put("plugin-name", name);
if (className.equals(IdConstants.AMSDK_PLUGIN)) {
listenerConfig.put("amsdk", "true");
}
IdRepoListener listener = new IdRepoListener();
listener.setConfigMap(listenerConfig);
answer.addListener(getAdminToken(), listener);
}
return (answer);
}
use of com.sun.identity.idm.IdRepo in project OpenAM by OpenRock.
the class IdRepoPluginsCache method clearIdRepoPluginsCache.
/**
* Clears the IdRepo plugin cache
*/
public void clearIdRepoPluginsCache() {
Map cache = null;
synchronized (idrepoPlugins) {
// Clear readonly cache first.
// Don't want other theads to get plugins that are
// shutdown.
readonlyPlugins.clear();
cache = new HashMap(idrepoPlugins);
idrepoPlugins.clear();
readonlyPlugins.clear();
}
// Iterate throught the orgName and shutdown the repos
for (Iterator onames = cache.keySet().iterator(); onames.hasNext(); ) {
Map repos = (Map) cache.get(onames.next());
for (Iterator items = repos.keySet().iterator(); items.hasNext(); ) {
String name = items.next().toString();
IdRepo repo = (IdRepo) repos.get(name);
repo.removeListener();
repo.shutdown();
}
}
}
use of com.sun.identity.idm.IdRepo in project OpenAM by OpenRock.
the class IdRepoPluginsCache method addIdRepo.
/**
* Adds an IdRepo plugin to an organization given the configuration
* @param orgName organization to which IdRepo would be added
* @param name id repo name
*/
private void addIdRepo(String orgName, String name) throws IdRepoException, SSOException {
if (debug.messageEnabled()) {
debug.message("IdRepoPluginsCache.addIdRepo called for orgName: " + orgName + " IdRepo Name: " + name);
}
Map configMap = null;
try {
ServiceConfig sc = idRepoServiceConfigManager.getOrganizationConfig(orgName, null);
if (sc == null) {
debug.error("IdRepoPluginsCache.addIdRepo orgName: " + orgName + " does not exisit");
Object[] args = { orgName };
throw new IdRepoException(IdRepoBundle.BUNDLE_NAME, IdRepoErrorCode.REALM_DOESNT_EXIST, args);
}
sc = sc.getSubConfig(name);
if (sc == null) {
debug.error("IdRepoPluginsCache.addIdRepo orgName: " + orgName + " subConfig does not exisit: " + name);
Object[] args = { orgName + ":" + name };
throw new IdRepoException(IdRepoBundle.BUNDLE_NAME, IdRepoErrorCode.REALM_DOESNT_EXIST, args);
}
configMap = sc.getAttributes();
} catch (SMSException smse) {
if (debug.warningEnabled()) {
debug.warning("IdRepoPluginsCache.addIdRepo SMSException " + "for orgName: " + orgName + " sc name: " + name, smse);
}
return;
}
IdRepo repo = constructIdRepoPlugin(orgName, configMap, name);
// Add to cache
orgName = DNUtils.normalizeDN(orgName);
synchronized (idrepoPlugins) {
// Clear the readonly plugins first.
// Other threads have to wait for the initialization to complete
// Will get updated when getPlugins gets called
clearReadOnlyPlugins(orgName);
Map repos = (Map) idrepoPlugins.get(orgName);
boolean addInternalRepos = false;
if (repos == null) {
repos = new LinkedHashMap();
idrepoPlugins.put(orgName, repos);
addInternalRepos = true;
}
repos.put(name, repo);
if (addInternalRepos) {
addInternalRepo(repos, orgName);
}
}
}
use of com.sun.identity.idm.IdRepo in project OpenAM by OpenRock.
the class IdServicesImpl method create.
public AMIdentity create(SSOToken token, IdType type, String name, Map attrMap, String amOrgName) throws IdRepoException, SSOException {
if (hasBookendSpaces(name)) {
throw new IdRepoException(IdRepoBundle.BUNDLE_NAME, IdRepoErrorCode.NO_SPACE_IDENTITY_NAMES, null);
}
if (type.equals(IdType.REALM)) {
return createRealmIdentity(token, type, name, attrMap, amOrgName);
}
IdRepoException origEx = null;
// First get the list of plugins that support the create operation.
// Check permission first. If allowed then proceed, else the
// checkPermission method throws an "402" exception.
checkPermission(token, amOrgName, name, attrMap.keySet(), IdOperation.CREATE, type);
if (type.equals(IdType.USER)) {
IdRepoAttributeValidator attrValidator = IdRepoAttributeValidatorManager.getInstance().getIdRepoAttributeValidator(amOrgName);
attrValidator.validateAttributes(attrMap, IdOperation.CREATE);
}
String amsdkdn = null;
Set configuredPluginClasses = idrepoCache.getIdRepoPlugins(amOrgName, IdOperation.CREATE, type);
if ((configuredPluginClasses == null) || configuredPluginClasses.isEmpty()) {
throw new IdRepoException(IdRepoBundle.BUNDLE_NAME, IdRepoErrorCode.NO_PLUGINS_CONFIGURED, null);
}
Iterator it = configuredPluginClasses.iterator();
int noOfSuccess = configuredPluginClasses.size();
IdRepo idRepo;
while (it.hasNext()) {
idRepo = (IdRepo) it.next();
try {
// do stuff to map attr
Map cMap = idRepo.getConfiguration();
// names.
Map mappedAttributes = mapAttributeNames(attrMap, cMap);
String representation = idRepo.create(token, type, name, mappedAttributes);
if (idRepo.getClass().getName().equals(IdConstants.AMSDK_PLUGIN)) {
amsdkdn = representation;
}
} catch (IdRepoUnsupportedOpException ide) {
if (idRepo != null && DEBUG.warningEnabled()) {
DEBUG.warning("IdServicesImpl.create: " + "Unable to create identity in the" + " following repository " + idRepo.getClass().getName() + ":: " + ide.getMessage());
}
noOfSuccess--;
origEx = (origEx == null) ? ide : origEx;
} catch (IdRepoFatalException idf) {
// fatal ..throw it all the way up
DEBUG.error("IdServicesImpl.create: " + "Create: Fatal Exception", idf);
throw idf;
} catch (IdRepoException ide) {
if (idRepo != null && DEBUG.warningEnabled()) {
DEBUG.warning("IdServicesImpl.create: " + "Unable to create identity in the following " + "repository " + idRepo.getClass().getName() + " :: " + ide.getMessage());
}
noOfSuccess--;
origEx = (origEx == null) ? ide : origEx;
}
}
AMIdentity id = new AMIdentity(token, name, type, amOrgName, amsdkdn);
if (noOfSuccess == 0) {
if (DEBUG.warningEnabled()) {
DEBUG.warning("IdServicesImpl.create: " + "Unable to create identity " + type.getName() + " :: " + name + " in any of the configured data stores", origEx);
}
throw origEx;
} else {
return id;
}
}
use of com.sun.identity.idm.IdRepo in project OpenAM by OpenRock.
the class IdServicesImpl method search.
@Override
public IdSearchResults search(SSOToken token, IdType type, IdSearchControl ctrl, String amOrgName, CrestQuery crestQuery) throws IdRepoException, SSOException {
IdRepoException origEx = null;
// Check permission first. If allowed then proceed, else the
// checkPermission method throws an "402" exception.
// In the case of web services security (wss), a search is performed
// with the identity of shared agent and a filter.
// Since shared agents do not have search permissions, might have to
// use admintoken and check permissions on matched objects.
boolean checkPermissionOnObjects = false;
SSOToken userToken = token;
try {
checkPermission(token, amOrgName, null, null, IdOperation.READ, type);
} catch (IdRepoException ire) {
// If permission denied and control has search filters
// perform the search and check permissions on the matched objects
Map filter = ctrl.getSearchModifierMap();
if ((!ire.getErrorCode().equals(IdRepoErrorCode.ACCESS_DENIED)) || (filter == null) || (filter.isEmpty())) {
throw (ire);
}
// Check permissions after obtaining the matched objects
checkPermissionOnObjects = true;
token = (SSOToken) AccessController.doPrivileged(AdminTokenAction.getInstance());
}
// First get the list of plugins that support the create operation.
Set configuredPluginClasses = idrepoCache.getIdRepoPlugins(amOrgName, IdOperation.READ, type);
if ((configuredPluginClasses == null) || configuredPluginClasses.isEmpty()) {
throw new IdRepoException(IdRepoBundle.BUNDLE_NAME, IdRepoErrorCode.NO_PLUGINS_CONFIGURED, null);
}
Iterator it = configuredPluginClasses.iterator();
int noOfSuccess = configuredPluginClasses.size();
IdRepo idRepo;
Object[][] amsdkResults = new Object[1][2];
boolean amsdkIncluded = false;
Object[][] arrayOfResult = new Object[noOfSuccess][2];
int iterNo = 0;
int maxTime = ctrl.getTimeOut();
int maxResults = ctrl.getMaxResults();
Set returnAttrs = ctrl.getReturnAttributes();
boolean returnAllAttrs = ctrl.isGetAllReturnAttributesEnabled();
IdSearchOpModifier modifier = ctrl.getSearchModifier();
int filterOp = IdRepo.NO_MOD;
if (modifier.equals(IdSearchOpModifier.AND)) {
filterOp = IdRepo.AND_MOD;
} else if (modifier.equals(IdSearchOpModifier.OR)) {
filterOp = IdRepo.OR_MOD;
}
Map avPairs = ctrl.getSearchModifierMap();
boolean recursive = ctrl.isRecursive();
while (it.hasNext()) {
idRepo = (IdRepo) it.next();
try {
Map cMap = idRepo.getConfiguration();
RepoSearchResults results;
results = idRepo.search(token, type, crestQuery, maxTime, maxResults, returnAttrs, returnAllAttrs, filterOp, avPairs, recursive);
if (idRepo.getClass().getName().equals(IdConstants.AMSDK_PLUGIN)) {
amsdkResults[0][0] = results;
amsdkResults[0][1] = cMap;
amsdkIncluded = true;
} else {
arrayOfResult[iterNo][0] = results;
arrayOfResult[iterNo][1] = cMap;
iterNo++;
}
} catch (IdRepoUnsupportedOpException ide) {
if (idRepo != null && DEBUG.warningEnabled()) {
DEBUG.warning("IdServicesImpl.search: " + "Unable to search in the following repository " + idRepo.getClass().getName() + " :: " + ide.getMessage());
}
noOfSuccess--;
origEx = (origEx == null) ? ide : origEx;
} catch (IdRepoFatalException idf) {
// fatal ..throw it all the way up
DEBUG.error("IdServicesImpl.search: Fatal Exception ", idf);
throw idf;
} catch (IdRepoException ide) {
if (idRepo != null && DEBUG.warningEnabled()) {
DEBUG.warning("IdServicesImpl.search: " + "Unable to search identity in the following" + " repository " + idRepo.getClass().getName() + " :: " + ide.getMessage());
}
noOfSuccess--;
origEx = (origEx == null) ? ide : origEx;
}
}
if (noOfSuccess == 0) {
if (DEBUG.warningEnabled()) {
DEBUG.warning("IdServicesImpl.search: " + "Unable to search for identity " + type.getName() + ":: using " + crestQuery + " in any configured data store", origEx);
}
throw origEx;
}
IdSearchResults res = combineSearchResults(token, arrayOfResult, iterNo, type, amOrgName, amsdkIncluded, amsdkResults);
if (checkPermissionOnObjects) {
IdSearchResults newRes = new IdSearchResults(type, amOrgName);
Map idWithAttrs = res.getResultAttributes();
for (Iterator items = idWithAttrs.keySet().iterator(); items.hasNext(); ) {
AMIdentity id = (AMIdentity) items.next();
try {
checkPermission(userToken, amOrgName, id.getName(), returnAttrs, IdOperation.READ, type);
// Permission checked, add to newRes
newRes.addResult(id, (Map) idWithAttrs.get(id));
} catch (Exception e) {
// Ignore & continue
}
}
res = newRes;
}
return res;
}
Aggregations