Example 16 with IdRepo
use of com.sun.identity.idm.IdRepo in project OpenAM by OpenRock.
the class IdRepoPluginsCache method constructIdRepoPlugin.
/**
* Constructs IdRepo plugin object and returns.
*/
private IdRepo constructIdRepoPlugin(String orgName, Map configMap, String name) throws IdRepoException, SSOException {
IdRepo answer = null;
if (debug.messageEnabled()) {
debug.message("IdRepoPluginsCache.constructIdRepoPlugin: config=" + configMap.get("sunIdRepoClass"));
}
if (configMap == null || configMap.isEmpty()) {
if (debug.warningEnabled()) {
debug.warning("IdRepoPluginsCache.constructIdRepoPlugin: " + "Cannot construct with empty config data");
}
return (null);
}
Set vals = (Set) configMap.get(IdConstants.ID_REPO);
if ((vals != null) && !vals.isEmpty()) {
String className = (String) vals.iterator().next();
Class thisClass;
try {
thisClass = Thread.currentThread().getContextClassLoader().loadClass(className);
answer = (IdRepo) thisClass.newInstance();
} catch (Throwable ex) {
debug.error("IdRepoPluginsCached.constructIdRepoPlugin " + " OrgName: " + orgName + " ConfigMap: " + configMap, ex);
throw (new IdRepoException(ex.getMessage()));
}
answer.initialize(configMap);
// Add listener to this plugin class!
Map listenerConfig = new HashMap();
listenerConfig.put("realm", orgName);
listenerConfig.put("plugin-name", name);
if (className.equals(IdConstants.AMSDK_PLUGIN)) {
listenerConfig.put("amsdk", "true");
}
IdRepoListener listener = new IdRepoListener();
listener.setConfigMap(listenerConfig);
answer.addListener(getAdminToken(), listener);
}
return (answer);
}
Also used :
IdRepoListener(com.sun.identity.idm.IdRepoListener)
HashSet(java.util.HashSet)
Set(java.util.Set)
OrderedSet(com.sun.identity.shared.datastruct.OrderedSet)
IdRepo(com.sun.identity.idm.IdRepo)
HashMap(java.util.HashMap)
LinkedHashMap(java.util.LinkedHashMap)
IdRepoException(com.sun.identity.idm.IdRepoException)
HashMap(java.util.HashMap)
LinkedHashMap(java.util.LinkedHashMap)
Map(java.util.Map)
Example 17 with IdRepo
use of com.sun.identity.idm.IdRepo in project OpenAM by OpenRock.
the class IdRepoPluginsCache method clearIdRepoPluginsCache.
/**
* Clears the IdRepo plugin cache
*/
public void clearIdRepoPluginsCache() {
Map cache = null;
synchronized (idrepoPlugins) {
// Clear readonly cache first.
// Don't want other theads to get plugins that are
// shutdown.
readonlyPlugins.clear();
cache = new HashMap(idrepoPlugins);
idrepoPlugins.clear();
readonlyPlugins.clear();
}
// Iterate throught the orgName and shutdown the repos
for (Iterator onames = cache.keySet().iterator(); onames.hasNext(); ) {
Map repos = (Map) cache.get(onames.next());
for (Iterator items = repos.keySet().iterator(); items.hasNext(); ) {
String name = items.next().toString();
IdRepo repo = (IdRepo) repos.get(name);
repo.removeListener();
repo.shutdown();
}
}
}
Also used :
IdRepo(com.sun.identity.idm.IdRepo)
HashMap(java.util.HashMap)
LinkedHashMap(java.util.LinkedHashMap)
Iterator(java.util.Iterator)
HashMap(java.util.HashMap)
LinkedHashMap(java.util.LinkedHashMap)
Map(java.util.Map)
Example 18 with IdRepo
use of com.sun.identity.idm.IdRepo in project OpenAM by OpenRock.
the class IdRepoPluginsCache method addIdRepo.
/**
* Adds an IdRepo plugin to an organization given the configuration
* @param orgName organization to which IdRepo would be added
* @param name id repo name
*/
private void addIdRepo(String orgName, String name) throws IdRepoException, SSOException {
if (debug.messageEnabled()) {
debug.message("IdRepoPluginsCache.addIdRepo called for orgName: " + orgName + " IdRepo Name: " + name);
}
Map configMap = null;
try {
ServiceConfig sc = idRepoServiceConfigManager.getOrganizationConfig(orgName, null);
if (sc == null) {
debug.error("IdRepoPluginsCache.addIdRepo orgName: " + orgName + " does not exisit");
Object[] args = { orgName };
throw new IdRepoException(IdRepoBundle.BUNDLE_NAME, IdRepoErrorCode.REALM_DOESNT_EXIST, args);
}
sc = sc.getSubConfig(name);
if (sc == null) {
debug.error("IdRepoPluginsCache.addIdRepo orgName: " + orgName + " subConfig does not exisit: " + name);
Object[] args = { orgName + ":" + name };
throw new IdRepoException(IdRepoBundle.BUNDLE_NAME, IdRepoErrorCode.REALM_DOESNT_EXIST, args);
}
configMap = sc.getAttributes();
} catch (SMSException smse) {
if (debug.warningEnabled()) {
debug.warning("IdRepoPluginsCache.addIdRepo SMSException " + "for orgName: " + orgName + " sc name: " + name, smse);
}
return;
}
IdRepo repo = constructIdRepoPlugin(orgName, configMap, name);
// Add to cache
orgName = DNUtils.normalizeDN(orgName);
synchronized (idrepoPlugins) {
// Clear the readonly plugins first.
// Other threads have to wait for the initialization to complete
// Will get updated when getPlugins gets called
clearReadOnlyPlugins(orgName);
Map repos = (Map) idrepoPlugins.get(orgName);
boolean addInternalRepos = false;
if (repos == null) {
repos = new LinkedHashMap();
idrepoPlugins.put(orgName, repos);
addInternalRepos = true;
}
repos.put(name, repo);
if (addInternalRepos) {
addInternalRepo(repos, orgName);
}
}
}
Also used :
IdRepo(com.sun.identity.idm.IdRepo)
ServiceConfig(com.sun.identity.sm.ServiceConfig)
SMSException(com.sun.identity.sm.SMSException)
IdRepoException(com.sun.identity.idm.IdRepoException)
HashMap(java.util.HashMap)
LinkedHashMap(java.util.LinkedHashMap)
Map(java.util.Map)
LinkedHashMap(java.util.LinkedHashMap)
Example 19 with IdRepo
use of com.sun.identity.idm.IdRepo in project OpenAM by OpenRock.
the class IdServicesImpl method create.
public AMIdentity create(SSOToken token, IdType type, String name, Map attrMap, String amOrgName) throws IdRepoException, SSOException {
if (hasBookendSpaces(name)) {
throw new IdRepoException(IdRepoBundle.BUNDLE_NAME, IdRepoErrorCode.NO_SPACE_IDENTITY_NAMES, null);
}
if (type.equals(IdType.REALM)) {
return createRealmIdentity(token, type, name, attrMap, amOrgName);
}
IdRepoException origEx = null;
// First get the list of plugins that support the create operation.
// Check permission first. If allowed then proceed, else the
// checkPermission method throws an "402" exception.
checkPermission(token, amOrgName, name, attrMap.keySet(), IdOperation.CREATE, type);
if (type.equals(IdType.USER)) {
IdRepoAttributeValidator attrValidator = IdRepoAttributeValidatorManager.getInstance().getIdRepoAttributeValidator(amOrgName);
attrValidator.validateAttributes(attrMap, IdOperation.CREATE);
}
String amsdkdn = null;
Set configuredPluginClasses = idrepoCache.getIdRepoPlugins(amOrgName, IdOperation.CREATE, type);
if ((configuredPluginClasses == null) || configuredPluginClasses.isEmpty()) {
throw new IdRepoException(IdRepoBundle.BUNDLE_NAME, IdRepoErrorCode.NO_PLUGINS_CONFIGURED, null);
}
Iterator it = configuredPluginClasses.iterator();
int noOfSuccess = configuredPluginClasses.size();
IdRepo idRepo;
while (it.hasNext()) {
idRepo = (IdRepo) it.next();
try {
// do stuff to map attr
Map cMap = idRepo.getConfiguration();
// names.
Map mappedAttributes = mapAttributeNames(attrMap, cMap);
String representation = idRepo.create(token, type, name, mappedAttributes);
if (idRepo.getClass().getName().equals(IdConstants.AMSDK_PLUGIN)) {
amsdkdn = representation;
}
} catch (IdRepoUnsupportedOpException ide) {
if (idRepo != null && DEBUG.warningEnabled()) {
DEBUG.warning("IdServicesImpl.create: " + "Unable to create identity in the" + " following repository " + idRepo.getClass().getName() + ":: " + ide.getMessage());
}
noOfSuccess--;
origEx = (origEx == null) ? ide : origEx;
} catch (IdRepoFatalException idf) {
// fatal ..throw it all the way up
DEBUG.error("IdServicesImpl.create: " + "Create: Fatal Exception", idf);
throw idf;
} catch (IdRepoException ide) {
if (idRepo != null && DEBUG.warningEnabled()) {
DEBUG.warning("IdServicesImpl.create: " + "Unable to create identity in the following " + "repository " + idRepo.getClass().getName() + " :: " + ide.getMessage());
}
noOfSuccess--;
origEx = (origEx == null) ? ide : origEx;
}
}
AMIdentity id = new AMIdentity(token, name, type, amOrgName, amsdkdn);
if (noOfSuccess == 0) {
if (DEBUG.warningEnabled()) {
DEBUG.warning("IdServicesImpl.create: " + "Unable to create identity " + type.getName() + " :: " + name + " in any of the configured data stores", origEx);
}
throw origEx;
} else {
return id;
}
}
Also used :
IdRepoUnsupportedOpException(com.sun.identity.idm.IdRepoUnsupportedOpException)
Set(java.util.Set)
OrderedSet(com.sun.identity.shared.datastruct.OrderedSet)
CaseInsensitiveHashSet(com.sun.identity.common.CaseInsensitiveHashSet)
HashSet(java.util.HashSet)
IdRepo(com.sun.identity.idm.IdRepo)
AMIdentity(com.sun.identity.idm.AMIdentity)
IdRepoException(com.sun.identity.idm.IdRepoException)
Iterator(java.util.Iterator)
Map(java.util.Map)
AMHashMap(com.iplanet.am.sdk.AMHashMap)
HashMap(java.util.HashMap)
CaseInsensitiveHashMap(com.sun.identity.common.CaseInsensitiveHashMap)
IdRepoFatalException(com.sun.identity.idm.IdRepoFatalException)
Example 20 with IdRepo
use of com.sun.identity.idm.IdRepo in project OpenAM by OpenRock.
the class IdServicesImpl method search.
@Override
public IdSearchResults search(SSOToken token, IdType type, IdSearchControl ctrl, String amOrgName, CrestQuery crestQuery) throws IdRepoException, SSOException {
IdRepoException origEx = null;
// Check permission first. If allowed then proceed, else the
// checkPermission method throws an "402" exception.
// In the case of web services security (wss), a search is performed
// with the identity of shared agent and a filter.
// Since shared agents do not have search permissions, might have to
// use admintoken and check permissions on matched objects.
boolean checkPermissionOnObjects = false;
SSOToken userToken = token;
try {
checkPermission(token, amOrgName, null, null, IdOperation.READ, type);
} catch (IdRepoException ire) {
// If permission denied and control has search filters
// perform the search and check permissions on the matched objects
Map filter = ctrl.getSearchModifierMap();
if ((!ire.getErrorCode().equals(IdRepoErrorCode.ACCESS_DENIED)) || (filter == null) || (filter.isEmpty())) {
throw (ire);
}
// Check permissions after obtaining the matched objects
checkPermissionOnObjects = true;
token = (SSOToken) AccessController.doPrivileged(AdminTokenAction.getInstance());
}
// First get the list of plugins that support the create operation.
Set configuredPluginClasses = idrepoCache.getIdRepoPlugins(amOrgName, IdOperation.READ, type);
if ((configuredPluginClasses == null) || configuredPluginClasses.isEmpty()) {
throw new IdRepoException(IdRepoBundle.BUNDLE_NAME, IdRepoErrorCode.NO_PLUGINS_CONFIGURED, null);
}
Iterator it = configuredPluginClasses.iterator();
int noOfSuccess = configuredPluginClasses.size();
IdRepo idRepo;
Object[][] amsdkResults = new Object[1][2];
boolean amsdkIncluded = false;
Object[][] arrayOfResult = new Object[noOfSuccess][2];
int iterNo = 0;
int maxTime = ctrl.getTimeOut();
int maxResults = ctrl.getMaxResults();
Set returnAttrs = ctrl.getReturnAttributes();
boolean returnAllAttrs = ctrl.isGetAllReturnAttributesEnabled();
IdSearchOpModifier modifier = ctrl.getSearchModifier();
int filterOp = IdRepo.NO_MOD;
if (modifier.equals(IdSearchOpModifier.AND)) {
filterOp = IdRepo.AND_MOD;
} else if (modifier.equals(IdSearchOpModifier.OR)) {
filterOp = IdRepo.OR_MOD;
}
Map avPairs = ctrl.getSearchModifierMap();
boolean recursive = ctrl.isRecursive();
while (it.hasNext()) {
idRepo = (IdRepo) it.next();
try {
Map cMap = idRepo.getConfiguration();
RepoSearchResults results;
results = idRepo.search(token, type, crestQuery, maxTime, maxResults, returnAttrs, returnAllAttrs, filterOp, avPairs, recursive);
if (idRepo.getClass().getName().equals(IdConstants.AMSDK_PLUGIN)) {
amsdkResults[0][0] = results;
amsdkResults[0][1] = cMap;
amsdkIncluded = true;
} else {
arrayOfResult[iterNo][0] = results;
arrayOfResult[iterNo][1] = cMap;
iterNo++;
}
} catch (IdRepoUnsupportedOpException ide) {
if (idRepo != null && DEBUG.warningEnabled()) {
DEBUG.warning("IdServicesImpl.search: " + "Unable to search in the following repository " + idRepo.getClass().getName() + " :: " + ide.getMessage());
}
noOfSuccess--;
origEx = (origEx == null) ? ide : origEx;
} catch (IdRepoFatalException idf) {
// fatal ..throw it all the way up
DEBUG.error("IdServicesImpl.search: Fatal Exception ", idf);
throw idf;
} catch (IdRepoException ide) {
if (idRepo != null && DEBUG.warningEnabled()) {
DEBUG.warning("IdServicesImpl.search: " + "Unable to search identity in the following" + " repository " + idRepo.getClass().getName() + " :: " + ide.getMessage());
}
noOfSuccess--;
origEx = (origEx == null) ? ide : origEx;
}
}
if (noOfSuccess == 0) {
if (DEBUG.warningEnabled()) {
DEBUG.warning("IdServicesImpl.search: " + "Unable to search for identity " + type.getName() + ":: using " + crestQuery + " in any configured data store", origEx);
}
throw origEx;
}
IdSearchResults res = combineSearchResults(token, arrayOfResult, iterNo, type, amOrgName, amsdkIncluded, amsdkResults);
if (checkPermissionOnObjects) {
IdSearchResults newRes = new IdSearchResults(type, amOrgName);
Map idWithAttrs = res.getResultAttributes();
for (Iterator items = idWithAttrs.keySet().iterator(); items.hasNext(); ) {
AMIdentity id = (AMIdentity) items.next();
try {
checkPermission(userToken, amOrgName, id.getName(), returnAttrs, IdOperation.READ, type);
// Permission checked, add to newRes
newRes.addResult(id, (Map) idWithAttrs.get(id));
} catch (Exception e) {
// Ignore & continue
}
}
res = newRes;
}
return res;
}
Also used :
SSOToken(com.iplanet.sso.SSOToken)
Set(java.util.Set)
OrderedSet(com.sun.identity.shared.datastruct.OrderedSet)
CaseInsensitiveHashSet(com.sun.identity.common.CaseInsensitiveHashSet)
HashSet(java.util.HashSet)
IdSearchResults(com.sun.identity.idm.IdSearchResults)
IdRepoException(com.sun.identity.idm.IdRepoException)
IdSearchOpModifier(com.sun.identity.idm.IdSearchOpModifier)
IdRepoFatalException(com.sun.identity.idm.IdRepoFatalException)
DelegationException(com.sun.identity.delegation.DelegationException)
IdRepoUnsupportedOpException(com.sun.identity.idm.IdRepoUnsupportedOpException)
IdRepoFatalException(com.sun.identity.idm.IdRepoFatalException)
AuthLoginException(com.sun.identity.authentication.spi.AuthLoginException)
SSOException(com.iplanet.sso.SSOException)
IdRepoException(com.sun.identity.idm.IdRepoException)
SMSException(com.sun.identity.sm.SMSException)
IdRepoUnsupportedOpException(com.sun.identity.idm.IdRepoUnsupportedOpException)
IdRepo(com.sun.identity.idm.IdRepo)
AMIdentity(com.sun.identity.idm.AMIdentity)
Iterator(java.util.Iterator)
RepoSearchResults(com.sun.identity.idm.RepoSearchResults)
Map(java.util.Map)
AMHashMap(com.iplanet.am.sdk.AMHashMap)
HashMap(java.util.HashMap)
CaseInsensitiveHashMap(com.sun.identity.common.CaseInsensitiveHashMap)
Aggregations
IdRepo (com.sun.identity.idm.IdRepo)34
HashSet (java.util.HashSet)30
IdRepoException (com.sun.identity.idm.IdRepoException)29
OrderedSet (com.sun.identity.shared.datastruct.OrderedSet)28
Iterator (java.util.Iterator)28
Set (java.util.Set)28
CaseInsensitiveHashSet (com.sun.identity.common.CaseInsensitiveHashSet)25
IdRepoFatalException (com.sun.identity.idm.IdRepoFatalException)19
IdRepoUnsupportedOpException (com.sun.identity.idm.IdRepoUnsupportedOpException)19
HashMap (java.util.HashMap)19
Map (java.util.Map)18
AMHashMap (com.iplanet.am.sdk.AMHashMap)11
CaseInsensitiveHashMap (com.sun.identity.common.CaseInsensitiveHashMap)11
SMSException (com.sun.identity.sm.SMSException)11
SSOException (com.iplanet.sso.SSOException)10
LinkedHashMap (java.util.LinkedHashMap)8
AuthLoginException (com.sun.identity.authentication.spi.AuthLoginException)7
DelegationException (com.sun.identity.delegation.DelegationException)6
IdRepoListener (com.sun.identity.idm.IdRepoListener)4
RepoSearchResults (com.sun.identity.idm.RepoSearchResults)3
