Example 76 with IdRepoException
use of com.sun.identity.idm.IdRepoException in project OpenAM by OpenRock.
the class IdRepoUtils method loadIdRepoSchema.
/**
* Loads schema to specified IdRepo.
*
* @param ssoToken single sign on token of authenticated user identity
* @param idRepoName IdRepo name
* @param realm the realm
* @param servletCtx the servlet context
*
* @throws IdRepoException If schema can't be loaded or there are
* repository related error conditions.
*/
public static void loadIdRepoSchema(SSOToken ssoToken, String idRepoName, String realm, ServletContext servletCtx) throws IdRepoException {
if (servletCtx == null) {
return;
}
try {
ServiceConfigManager svcCfgMgr = new ServiceConfigManager(IdConstants.REPO_SERVICE, ssoToken);
ServiceConfig cfg = svcCfgMgr.getOrganizationConfig(realm, null);
ServiceConfig ss = cfg.getSubConfig(idRepoName);
if (ss == null) {
if (DEBUG.messageEnabled()) {
DEBUG.message("IdRepoUtils.loadIdRepoSchema: data store " + idRepoName + " for realm " + realm + " doesn't exist.");
}
Object[] args = { idRepoName, realm };
throw new IdRepoException(IdRepoBundle.BUNDLE_NAME, IdRepoErrorCode.PLUGIN_DOESNT_EXIST_FOR_REALM, args);
}
String idRepoType = ss.getSchemaID();
Map attrValues = ss.getAttributes();
String schemaFiles = getSchemaFiles(idRepoType);
if ((schemaFiles == null) || (schemaFiles.trim().length() == 0)) {
if (DEBUG.messageEnabled()) {
DEBUG.message("IdRepoUtils.loadIdRepoSchema: data store " + idRepoName + " for realm " + realm + " doesn't have " + "schema files.");
}
return;
}
StringTokenizer st = new StringTokenizer(schemaFiles);
while (st.hasMoreTokens()) {
String schemaFile = st.nextToken();
tagSwapAndImportSchema(schemaFile, attrValues, servletCtx, idRepoType);
}
} catch (SMSException smsex) {
if (DEBUG.messageEnabled()) {
DEBUG.message("IdRepoUtils.loadIdRepoSchema:", smsex);
}
Object[] args = { idRepoName, realm };
throw new IdRepoException(IdRepoBundle.BUNDLE_NAME, IdRepoErrorCode.UNABLE_READ_PLUGIN_FOR_REALM, args);
} catch (SSOException ssoex) {
if (DEBUG.messageEnabled()) {
DEBUG.message("IdRepoUtils.loadIdRepoSchema:", ssoex);
}
Object[] args = { idRepoName, realm };
throw new IdRepoException(IdRepoBundle.BUNDLE_NAME, IdRepoErrorCode.UNABLE_READ_PLUGING_FOR_REALM_SSOTOKEN_NOT_VALID, args);
} catch (Exception ex) {
if (DEBUG.messageEnabled()) {
DEBUG.message("IdRepoUtils.loadIdRepoSchema:", ex);
}
Object[] args = { idRepoName, realm, ex.getMessage() };
throw new IdRepoException(IdRepoBundle.BUNDLE_NAME, IdRepoErrorCode.UNABLE_LOAD_SCHEMA_FOR_PLUGIN_FOR_REALM, args);
}
}
Also used :
StringTokenizer(java.util.StringTokenizer)
ServiceConfig(com.sun.identity.sm.ServiceConfig)
SMSException(com.sun.identity.sm.SMSException)
IdRepoException(com.sun.identity.idm.IdRepoException)
SSOException(com.iplanet.sso.SSOException)
AMHashMap(com.iplanet.am.sdk.AMHashMap)
HashMap(java.util.HashMap)
CaseInsensitiveHashMap(com.sun.identity.common.CaseInsensitiveHashMap)
Map(java.util.Map)
ServiceConfigManager(com.sun.identity.sm.ServiceConfigManager)
IdRepoException(com.sun.identity.idm.IdRepoException)
ServerEntryNotFoundException(com.iplanet.services.naming.ServerEntryNotFoundException)
SMSException(com.sun.identity.sm.SMSException)
SSOException(com.iplanet.sso.SSOException)
Example 77 with IdRepoException
use of com.sun.identity.idm.IdRepoException in project OpenAM by OpenRock.
the class IdRepoUtils method getLDAPConnection.
private static ConnectionFactory getLDAPConnection(Map attrValues) throws Exception {
Options options = Options.defaultOptions().set(CONNECT_TIMEOUT, new Duration((long) 300, TimeUnit.MILLISECONDS));
if (CollectionHelper.getBooleanMapAttr(attrValues, "sun-idrepo-ldapv3-config-ssl-enabled", false)) {
options = options.set(SSL_CONTEXT, new SSLContextBuilder().getSSLContext());
}
Set<LDAPURL> ldapUrls = getLDAPUrls(attrValues);
if (CollectionUtils.isEmpty(ldapUrls)) {
if (DEBUG.warningEnabled()) {
DEBUG.warning("IdRepoUtils.getLDAPConnection: No LDAPURLs found");
}
throw new IdRepoException(IdRepoBundle.BUNDLE_NAME, IdRepoErrorCode.UNABLE_AUTHENTICATE_LDAP_SERVER, null);
}
LDAPURL ldapUrl = ldapUrls.iterator().next();
if (org.forgerock.openam.utils.StringUtils.isEmpty(ldapUrl.getHost())) {
if (DEBUG.warningEnabled()) {
DEBUG.warning("IdRepoUtils.getLDAPConnection: No LDAP host found");
}
throw new IdRepoException(IdRepoBundle.BUNDLE_NAME, IdRepoErrorCode.UNABLE_AUTHENTICATE_LDAP_SERVER, null);
}
// All connections will use authentication
String bindDn = CollectionHelper.getMapAttr(attrValues, "sun-idrepo-ldapv3-config-authid");
if (org.forgerock.openam.utils.StringUtils.isBlank(bindDn)) {
if (DEBUG.warningEnabled()) {
DEBUG.warning("IdRepoUtils.getLDAPConnection: No LDAP bindDN found");
}
throw new IdRepoException(IdRepoBundle.BUNDLE_NAME, IdRepoErrorCode.UNABLE_AUTHENTICATE_LDAP_SERVER, null);
}
String bindPwd = CollectionHelper.getMapAttr(attrValues, "sun-idrepo-ldapv3-config-authpw");
if (org.forgerock.openam.utils.StringUtils.isBlank(bindPwd)) {
if (DEBUG.warningEnabled()) {
DEBUG.warning("IdRepoUtils.getLDAPConnection: No LDAP bindPW found");
}
throw new IdRepoException(IdRepoBundle.BUNDLE_NAME, IdRepoErrorCode.UNABLE_AUTHENTICATE_LDAP_SERVER, null);
}
options = options.set(AUTHN_BIND_REQUEST, LDAPRequests.newSimpleBindRequest(bindDn, bindPwd.toCharArray()));
return new LDAPConnectionFactory(ldapUrl.getHost(), ldapUrl.getPort(), options);
}
Also used :
Options(org.forgerock.util.Options)
LDAPURL(org.forgerock.openam.ldap.LDAPURL)
IdRepoException(com.sun.identity.idm.IdRepoException)
Duration(org.forgerock.util.time.Duration)
LDAPConnectionFactory(org.forgerock.opendj.ldap.LDAPConnectionFactory)
SSLContextBuilder(org.forgerock.opendj.ldap.SSLContextBuilder)
Example 78 with IdRepoException
use of com.sun.identity.idm.IdRepoException in project OpenAM by OpenRock.
the class IdServicesImpl method setAttributes.
public void setAttributes(SSOToken token, IdType type, String name, Map attributes, boolean isAdd, String amOrgName, String amsdkDN, boolean isString) throws IdRepoException, SSOException {
IdRepoException origEx = null;
// Check permission first. If allowed then proceed, else the
// checkPermission method throws an "402" exception.
checkPermission(token, amOrgName, name, attributes.keySet(), IdOperation.EDIT, type);
if (type.equals(IdType.USER)) {
IdRepoAttributeValidator attrValidator = IdRepoAttributeValidatorManager.getInstance().getIdRepoAttributeValidator(amOrgName);
attrValidator.validateAttributes(attributes, IdOperation.EDIT);
}
// Get the list of plugins that service/edit the create operation.
Set configuredPluginClasses = (attributes.containsKey("objectclass")) ? idrepoCache.getIdRepoPlugins(amOrgName, IdOperation.SERVICE, type) : idrepoCache.getIdRepoPlugins(amOrgName, IdOperation.EDIT, type);
if ((configuredPluginClasses == null) || configuredPluginClasses.isEmpty()) {
throw new IdRepoException(IdRepoBundle.BUNDLE_NAME, IdRepoErrorCode.NO_PLUGINS_CONFIGURED, null);
}
Iterator it = configuredPluginClasses.iterator();
int noOfSuccess = configuredPluginClasses.size();
IdRepo idRepo;
while (it.hasNext()) {
idRepo = (IdRepo) it.next();
try {
Map cMap = idRepo.getConfiguration();
// do stuff to map attr names.
Map mappedAttributes = mapAttributeNames(attributes, cMap);
if (idRepo.getClass().getName().equals(IdConstants.AMSDK_PLUGIN) && amsdkDN != null) {
if (isString) {
idRepo.setAttributes(token, type, amsdkDN, mappedAttributes, isAdd);
} else {
idRepo.setBinaryAttributes(token, type, amsdkDN, mappedAttributes, isAdd);
}
} else {
if (isString) {
idRepo.setAttributes(token, type, name, mappedAttributes, isAdd);
} else {
idRepo.setBinaryAttributes(token, type, name, mappedAttributes, isAdd);
}
}
} catch (IdRepoUnsupportedOpException ide) {
if (idRepo != null && DEBUG.messageEnabled()) {
DEBUG.message("IdServicesImpl.setAttributes: " + "Unable to set attributes in the following " + "repository " + idRepo.getClass().getName() + " :: " + ide.getMessage());
}
noOfSuccess--;
origEx = (origEx == null) ? ide : origEx;
} catch (IdRepoFatalException idf) {
// fatal ..throw it all the way up
DEBUG.error("IdServicesImpl.setAttributes: Fatal Exception ", idf);
throw idf;
} catch (IdRepoException ide) {
if (idRepo != null && DEBUG.warningEnabled()) {
DEBUG.warning("IdServicesImpl.setAttributes: " + "Unable to modify identity in the " + "following repository " + idRepo.getClass().getName() + " :: " + ide.getMessage());
}
noOfSuccess--;
// all the ds and this entry might exist in one of the other ds.
if (!IdRepoErrorCode.UNABLE_FIND_ENTRY.equalsIgnoreCase(ide.getErrorCode()) || (origEx == null)) {
origEx = ide;
}
}
}
if (noOfSuccess == 0) {
if (DEBUG.warningEnabled()) {
DEBUG.warning("IdServicesImpl.setAttributes: " + "Unable to set attributes for identity " + type.getName() + "::" + name + " in any configured data" + " store", origEx);
}
throw origEx;
}
}
Also used :
IdRepoUnsupportedOpException(com.sun.identity.idm.IdRepoUnsupportedOpException)
Set(java.util.Set)
OrderedSet(com.sun.identity.shared.datastruct.OrderedSet)
CaseInsensitiveHashSet(com.sun.identity.common.CaseInsensitiveHashSet)
HashSet(java.util.HashSet)
IdRepo(com.sun.identity.idm.IdRepo)
IdRepoException(com.sun.identity.idm.IdRepoException)
Iterator(java.util.Iterator)
Map(java.util.Map)
AMHashMap(com.iplanet.am.sdk.AMHashMap)
HashMap(java.util.HashMap)
CaseInsensitiveHashMap(com.sun.identity.common.CaseInsensitiveHashMap)
IdRepoFatalException(com.sun.identity.idm.IdRepoFatalException)
Example 79 with IdRepoException
use of com.sun.identity.idm.IdRepoException in project OpenAM by OpenRock.
the class IdServicesImpl method checkPermission.
private boolean checkPermission(SSOToken token, String realm, String name, Set attrs, IdOperation op, IdType type) throws IdRepoException, SSOException {
if (!ServiceManager.isConfigMigratedTo70()) {
// in coexistence mode. Do not perform any delegation check
return true;
}
Set thisAction = null;
if (op.equals(IdOperation.READ)) {
// thisAction = readAction;
// TODO This is a temporary fix where-in all users are
// being allowed read permisions, till delegation component
// is fixed to support "user self read" operations
thisAction = READ_ACTION;
} else {
thisAction = WRITE_ACTION;
}
try {
DelegationEvaluator de = new DelegationEvaluatorImpl();
String resource = type.getName();
if (name != null) {
resource += "/" + name;
}
DelegationPermission dp = new DelegationPermission(realm, IdConstants.REPO_SERVICE, "1.0", "application", resource, thisAction, Collections.EMPTY_MAP);
Map envMap = Collections.EMPTY_MAP;
if (attrs != null) {
envMap = new HashMap();
envMap.put(DELEGATION_ATTRS_NAME, attrs);
}
if (!de.isAllowed(token, dp, envMap)) {
Object[] args = { op.getName(), token.getPrincipal().getName() };
throw new IdRepoException(IdRepoBundle.BUNDLE_NAME, IdRepoErrorCode.ACCESS_DENIED, args);
}
return true;
} catch (DelegationException dex) {
DEBUG.error("IdServicesImpl.checkPermission Got Delegation Exception: ", dex);
Object[] args = { op.getName(), token.getPrincipal().getName() };
throw new IdRepoException(IdRepoBundle.BUNDLE_NAME, IdRepoErrorCode.ACCESS_DENIED, args);
}
}
Also used :
DelegationEvaluatorImpl(com.sun.identity.delegation.DelegationEvaluatorImpl)
Set(java.util.Set)
OrderedSet(com.sun.identity.shared.datastruct.OrderedSet)
CaseInsensitiveHashSet(com.sun.identity.common.CaseInsensitiveHashSet)
HashSet(java.util.HashSet)
AMHashMap(com.iplanet.am.sdk.AMHashMap)
HashMap(java.util.HashMap)
CaseInsensitiveHashMap(com.sun.identity.common.CaseInsensitiveHashMap)
IdRepoException(com.sun.identity.idm.IdRepoException)
DelegationEvaluator(com.sun.identity.delegation.DelegationEvaluator)
DelegationException(com.sun.identity.delegation.DelegationException)
Map(java.util.Map)
AMHashMap(com.iplanet.am.sdk.AMHashMap)
HashMap(java.util.HashMap)
CaseInsensitiveHashMap(com.sun.identity.common.CaseInsensitiveHashMap)
DelegationPermission(com.sun.identity.delegation.DelegationPermission)
Example 80 with IdRepoException
use of com.sun.identity.idm.IdRepoException in project OpenAM by OpenRock.
the class IdServicesImpl method changePassword.
public void changePassword(SSOToken token, IdType type, String name, String oldPassword, String newPassword, String amOrgName, String amsdkDN) throws IdRepoException, SSOException {
String attrName = "userPassword";
Set attrNames = new HashSet();
attrNames.add(attrName);
// Check permission first. If allowed then proceed, else the
// checkPermission method throws an "402" exception.
checkPermission(token, amOrgName, name, attrNames, IdOperation.EDIT, type);
if (type.equals(IdType.USER)) {
IdRepoAttributeValidator attrValidator = IdRepoAttributeValidatorManager.getInstance().getIdRepoAttributeValidator(amOrgName);
HashMap attributes = new HashMap();
Set values = new HashSet();
values.add(newPassword);
attributes.put(attrName, values);
attrValidator.validateAttributes(attributes, IdOperation.EDIT);
}
Set configuredPluginClasses = idrepoCache.getIdRepoPlugins(amOrgName, IdOperation.EDIT, type);
if ((configuredPluginClasses == null) || configuredPluginClasses.isEmpty()) {
throw new IdRepoException(IdRepoBundle.BUNDLE_NAME, IdRepoErrorCode.NO_PLUGINS_CONFIGURED, null);
}
Iterator it = configuredPluginClasses.iterator();
int noOfSuccess = configuredPluginClasses.size();
IdRepoException origEx = null;
IdRepo idRepo;
while (it.hasNext()) {
idRepo = (IdRepo) it.next();
Map cMap = idRepo.getConfiguration();
Set mappedAttributeNames = mapAttributeNames(attrNames, cMap);
if ((mappedAttributeNames != null) && (!mappedAttributeNames.isEmpty())) {
attrName = (String) mappedAttributeNames.iterator().next();
}
try {
if (idRepo.getClass().getName().equals(IdConstants.AMSDK_PLUGIN) && (amsdkDN != null)) {
idRepo.changePassword(token, type, amsdkDN, attrName, oldPassword, newPassword);
} else {
idRepo.changePassword(token, type, name, attrName, oldPassword, newPassword);
}
} catch (IdRepoUnsupportedOpException ide) {
if (DEBUG.messageEnabled()) {
DEBUG.message("IdServicesImpl.changePassword: " + "Unable to change password in the following " + "repository " + idRepo.getClass().getName() + " :: " + ide.getMessage());
}
noOfSuccess--;
origEx = (origEx == null) ? ide : origEx;
} catch (IdRepoFatalException idf) {
// fatal ..throw it all the way up
DEBUG.error("IdServicesImpl.changePassword: Fatal Exception ", idf);
throw idf;
} catch (IdRepoException ide) {
if (DEBUG.warningEnabled()) {
DEBUG.warning("IdServicesImpl.changePassword: " + "Unable to change password " + "following repository " + idRepo.getClass().getName() + " :: " + ide.getMessage());
}
noOfSuccess--;
// all the ds and this entry might exist in one of the other ds.
if (!ide.getErrorCode().equalsIgnoreCase(IdRepoErrorCode.UNABLE_FIND_ENTRY) || (origEx == null)) {
origEx = ide;
}
}
}
if (noOfSuccess == 0) {
if (DEBUG.warningEnabled()) {
DEBUG.warning("IdServicesImpl.changePassword: " + "Unable to change password for identity " + type.getName() + "::" + name + " in any configured data" + " store", origEx);
}
throw origEx;
}
}
Also used :
IdRepoUnsupportedOpException(com.sun.identity.idm.IdRepoUnsupportedOpException)
Set(java.util.Set)
OrderedSet(com.sun.identity.shared.datastruct.OrderedSet)
CaseInsensitiveHashSet(com.sun.identity.common.CaseInsensitiveHashSet)
HashSet(java.util.HashSet)
IdRepo(com.sun.identity.idm.IdRepo)
AMHashMap(com.iplanet.am.sdk.AMHashMap)
HashMap(java.util.HashMap)
CaseInsensitiveHashMap(com.sun.identity.common.CaseInsensitiveHashMap)
IdRepoException(com.sun.identity.idm.IdRepoException)
Iterator(java.util.Iterator)
Map(java.util.Map)
AMHashMap(com.iplanet.am.sdk.AMHashMap)
HashMap(java.util.HashMap)
CaseInsensitiveHashMap(com.sun.identity.common.CaseInsensitiveHashMap)
IdRepoFatalException(com.sun.identity.idm.IdRepoFatalException)
CaseInsensitiveHashSet(com.sun.identity.common.CaseInsensitiveHashSet)
HashSet(java.util.HashSet)
Aggregations
IdRepoException (com.sun.identity.idm.IdRepoException)403
SSOException (com.iplanet.sso.SSOException)275
Set (java.util.Set)224
AMIdentity (com.sun.identity.idm.AMIdentity)221
HashSet (java.util.HashSet)183
Map (java.util.Map)121
Iterator (java.util.Iterator)118
SSOToken (com.iplanet.sso.SSOToken)112
HashMap (java.util.HashMap)110
SMSException (com.sun.identity.sm.SMSException)103
AMIdentityRepository (com.sun.identity.idm.AMIdentityRepository)96
CaseInsensitiveHashSet (com.sun.identity.common.CaseInsensitiveHashSet)67
AMConsoleException (com.sun.identity.console.base.model.AMConsoleException)58
IdType (com.sun.identity.idm.IdType)57
CaseInsensitiveHashMap (com.sun.identity.common.CaseInsensitiveHashMap)51
CLIException (com.sun.identity.cli.CLIException)48
IOutput (com.sun.identity.cli.IOutput)45
IdSearchResults (com.sun.identity.idm.IdSearchResults)44
IdSearchControl (com.sun.identity.idm.IdSearchControl)39
IdRepoUnsupportedOpException (com.sun.identity.idm.IdRepoUnsupportedOpException)35
