Example 86 with IdRepoException
use of com.sun.identity.idm.IdRepoException in project OpenAM by OpenRock.
the class IdServicesImpl method modifyMemberShip.
/*
* (non-Javadoc)
*/
public void modifyMemberShip(SSOToken token, IdType type, String name, Set members, IdType membersType, int operation, String amOrgName) throws IdRepoException, SSOException {
IdRepoException origEx = null;
// Check permission first. If allowed then proceed, else the
// checkPermission method throws an "402" exception.
checkPermission(token, amOrgName, name, null, IdOperation.EDIT, type);
// First get the list of plugins that support the create operation.
Set configuredPluginClasses = idrepoCache.getIdRepoPlugins(amOrgName, IdOperation.EDIT, type);
if ((configuredPluginClasses == null) || configuredPluginClasses.isEmpty()) {
throw new IdRepoException(IdRepoBundle.BUNDLE_NAME, IdRepoErrorCode.NO_PLUGINS_CONFIGURED, null);
}
//check if the identity exist
if (!isExists(token, type, name, amOrgName)) {
Object[] args = { name, type.getName() };
throw new IdRepoException(IdRepoBundle.BUNDLE_NAME, IdRepoErrorCode.TYPE_NOT_FOUND, args);
}
validateMembers(token, members, membersType, amOrgName);
Iterator it = configuredPluginClasses.iterator();
int noOfSuccess = configuredPluginClasses.size();
while (it.hasNext()) {
IdRepo idRepo = (IdRepo) it.next();
if (!idRepo.getSupportedTypes().contains(membersType) || idRepo.getClass().getName().equals(IdConstants.SPECIAL_PLUGIN)) {
// IdRepo plugin does not support the idType for
// memberships
noOfSuccess--;
continue;
}
try {
idRepo.modifyMemberShip(token, type, name, members, membersType, operation);
} catch (IdRepoUnsupportedOpException ide) {
if (DEBUG.warningEnabled()) {
DEBUG.warning("IdServicesImpl.modifyMembership: " + "Unable to modify memberships in the following" + " repository " + idRepo.getClass().getName() + " :: " + ide.getMessage());
}
noOfSuccess--;
origEx = (origEx == null) ? ide : origEx;
} catch (IdRepoFatalException idf) {
// fatal ..throw it all the way up
DEBUG.error("IdServicesImpl.modifyMembership: " + "Fatal Exception ", idf);
throw idf;
} catch (IdRepoException ide) {
if (DEBUG.warningEnabled()) {
DEBUG.warning("IdServicesImpl.modifyMembership: " + "Unable to modify memberships in the following" + " repository " + idRepo.getClass().getName() + " :: " + ide.getMessage());
}
noOfSuccess--;
origEx = (origEx == null) ? ide : origEx;
}
}
if (noOfSuccess == 0) {
if (DEBUG.warningEnabled()) {
DEBUG.warning("IdServicesImpl.modifyMemberShip: " + "Unable to modify members for identity " + type.getName() + "::" + name + " in any configured data store", origEx);
}
if (origEx != null) {
throw origEx;
} else {
Object[] args = { "modifyMemberShip", IdOperation.EDIT.getName() };
throw new IdRepoUnsupportedOpException(IdRepoBundle.BUNDLE_NAME, IdRepoErrorCode.PLUGIN_OPERATION_NOT_SUPPORTED, args);
}
}
}
Also used :
IdRepoUnsupportedOpException(com.sun.identity.idm.IdRepoUnsupportedOpException)
Set(java.util.Set)
OrderedSet(com.sun.identity.shared.datastruct.OrderedSet)
CaseInsensitiveHashSet(com.sun.identity.common.CaseInsensitiveHashSet)
HashSet(java.util.HashSet)
IdRepo(com.sun.identity.idm.IdRepo)
IdRepoException(com.sun.identity.idm.IdRepoException)
Iterator(java.util.Iterator)
IdRepoFatalException(com.sun.identity.idm.IdRepoFatalException)
Example 87 with IdRepoException
use of com.sun.identity.idm.IdRepoException in project OpenAM by OpenRock.
the class IdServicesImpl method authenticate.
/**
* Returns <code>true</code> if the data store has successfully
* authenticated the identity with the provided credentials. In case the
* data store requires additional credentials, the list would be returned
* via the <code>IdRepoException</code> exception.
*
* @param orgName
* realm name to which the identity would be authenticated
* @param credentials
* Array of callback objects containing information such as
* username and password.
*
* @return <code>true</code> if data store authenticates the identity;
* else <code>false</code>
*/
public boolean authenticate(String orgName, Callback[] credentials) throws IdRepoException, AuthLoginException {
if (DEBUG.messageEnabled()) {
DEBUG.message("IdServicesImpl.authenticate: called for org: " + orgName);
}
IdRepoException firstException = null;
AuthLoginException authException = null;
// Get the list of plugins and check if they support authN
Set cPlugins = null;
try {
cPlugins = idrepoCache.getIdRepoPlugins(orgName);
} catch (SSOException ex) {
// Debug the message and return false
if (DEBUG.messageEnabled()) {
DEBUG.message("IdServicesImpl.authenticate: " + "Error obtaining " + "IdRepo plugins for the org: " + orgName);
}
return (false);
} catch (IdRepoException ex) {
// Debug the message and return false
if (DEBUG.messageEnabled()) {
DEBUG.message("IdServicesImpl.authenticate: " + "Error obtaining " + "IdRepo plugins for the org: " + orgName);
}
return (false);
}
// Check for internal user. If internal user, use SpecialRepo only
String name = null;
for (int i = 0; i < credentials.length; i++) {
if (credentials[i] instanceof NameCallback) {
name = ((NameCallback) credentials[i]).getName();
if (LDAPUtils.isDN(name)) {
// Obtain the firsr RDN
name = LDAPUtils.rdnValueFromDn(name);
}
break;
}
}
SSOToken token = (SSOToken) AccessController.doPrivileged(AdminTokenAction.getInstance());
try {
if ((name != null) && isSpecialIdentity(token, name, IdType.USER, orgName)) {
for (Iterator tis = cPlugins.iterator(); tis.hasNext(); ) {
IdRepo idRepo = (IdRepo) tis.next();
if (idRepo.getClass().getName().equals(IdConstants.SPECIAL_PLUGIN)) {
if (idRepo.authenticate(credentials)) {
if (DEBUG.messageEnabled()) {
DEBUG.message("IdServicesImpl.authenticate: " + "AuthN success using special repo " + idRepo.getClass().getName() + " user: " + name);
}
return (true);
} else {
// Invalid password used for internal user
DEBUG.error("IdServicesImpl.authenticate: " + "AuthN failed using special repo " + idRepo.getClass().getName() + " user: " + name);
return (false);
}
}
}
}
} catch (SSOException ssoe) {
// Ignore the exception
DEBUG.error("IdServicesImpl.authenticate: AuthN failed " + "checking for special users", ssoe);
return (false);
}
for (Iterator items = cPlugins.iterator(); items.hasNext(); ) {
IdRepo idRepo = (IdRepo) items.next();
if (idRepo.supportsAuthentication()) {
if (DEBUG.messageEnabled()) {
DEBUG.message("IdServicesImpl.authenticate: " + "AuthN to " + idRepo.getClass().getName() + " in org: " + orgName);
}
try {
if (idRepo.authenticate(credentials)) {
// Successfully authenticated
if (DEBUG.messageEnabled()) {
DEBUG.message("IdServicesImpl.authenticate: " + "AuthN success for " + idRepo.getClass().getName());
}
return (true);
}
} catch (IdRepoException ide) {
// all authentication calls fail
if (firstException == null) {
firstException = ide;
}
} catch (AuthLoginException authex) {
if (authException == null) {
authException = authex;
}
}
} else if (DEBUG.messageEnabled()) {
DEBUG.message("IdServicesImpl.authenticate: AuthN " + "not supported by " + idRepo.getClass().getName());
}
}
if (authException != null) {
throw (authException);
}
if (firstException != null) {
throw (firstException);
}
return (false);
}
Also used :
Set(java.util.Set)
OrderedSet(com.sun.identity.shared.datastruct.OrderedSet)
CaseInsensitiveHashSet(com.sun.identity.common.CaseInsensitiveHashSet)
HashSet(java.util.HashSet)
NameCallback(javax.security.auth.callback.NameCallback)
SSOToken(com.iplanet.sso.SSOToken)
IdRepo(com.sun.identity.idm.IdRepo)
IdRepoException(com.sun.identity.idm.IdRepoException)
Iterator(java.util.Iterator)
AuthLoginException(com.sun.identity.authentication.spi.AuthLoginException)
SSOException(com.iplanet.sso.SSOException)
Example 88 with IdRepoException
use of com.sun.identity.idm.IdRepoException in project OpenAM by OpenRock.
the class IdServicesImpl method getAssignedServices.
public Set<String> getAssignedServices(SSOToken token, IdType type, String name, Map mapOfServiceNamesAndOCs, String amOrgName, String amsdkDN) throws IdRepoException, SSOException {
IdRepoException origEx = null;
// Check permission first. If allowed then proceed, else the
// checkPermission method throws an "402" exception.
checkPermission(token, amOrgName, name, null, IdOperation.READ, type);
// Get the list of plugins that support the service operation.
Set<IdRepo> configuredPluginClasses = idrepoCache.getIdRepoPlugins(amOrgName, IdOperation.SERVICE, type);
if (configuredPluginClasses == null || configuredPluginClasses.isEmpty()) {
if (type.equals(IdType.REALM)) {
return Collections.emptySet();
}
}
int noOfSuccess = configuredPluginClasses.size();
Set<String> resultsSet = new HashSet<String>();
for (IdRepo repo : configuredPluginClasses) {
try {
Set<String> services;
if (repo.getClass().getName().equals(IdConstants.AMSDK_PLUGIN) && amsdkDN != null) {
services = repo.getAssignedServices(token, type, amsdkDN, mapOfServiceNamesAndOCs);
} else {
services = repo.getAssignedServices(token, type, name, mapOfServiceNamesAndOCs);
}
if (services != null && !services.isEmpty()) {
resultsSet.addAll(services);
}
} catch (IdRepoUnsupportedOpException ide) {
if (DEBUG.messageEnabled()) {
DEBUG.message("IdServicesImpl.getAssignedServices: Services not supported for repository " + repo.getClass().getName() + " :: " + ide.getMessage());
}
noOfSuccess--;
origEx = origEx == null ? ide : origEx;
} catch (IdRepoFatalException idf) {
// fatal ..throw it all the way up
DEBUG.error("IdServicesImpl.getAssignedServices: Fatal Exception ", idf);
throw idf;
} catch (IdRepoException ide) {
if (DEBUG.warningEnabled()) {
DEBUG.warning("IdServicesImpl.getAssignedServices: Unable to get services for identity in the " + "following repository " + repo.getClass().getName() + " :: " + ide.getMessage());
}
noOfSuccess--;
origEx = (origEx == null) ? ide : origEx;
}
}
if (noOfSuccess == 0) {
if (DEBUG.warningEnabled()) {
DEBUG.warning("IdServicesImpl.getAssignedServices: Unable to get assigned services for identity " + type.getName() + "::" + name + " in any configured data store", origEx);
}
throw origEx;
} else {
return resultsSet;
}
}
Also used :
IdRepoUnsupportedOpException(com.sun.identity.idm.IdRepoUnsupportedOpException)
IdRepo(com.sun.identity.idm.IdRepo)
IdRepoException(com.sun.identity.idm.IdRepoException)
IdRepoFatalException(com.sun.identity.idm.IdRepoFatalException)
CaseInsensitiveHashSet(com.sun.identity.common.CaseInsensitiveHashSet)
HashSet(java.util.HashSet)
Example 89 with IdRepoException
use of com.sun.identity.idm.IdRepoException in project OpenAM by OpenRock.
the class IdServicesImpl method unassignService.
public void unassignService(SSOToken token, IdType type, String name, String serviceName, Map attrMap, String amOrgName, String amsdkDN) throws IdRepoException, SSOException {
IdRepoException origEx = null;
// Check permission first. If allowed then proceed, else the
// checkPermission method throws an "402" exception.
checkPermission(token, amOrgName, name, null, IdOperation.SERVICE, type);
// Get the list of plugins that support the service operation.
Set configuredPluginClasses = idrepoCache.getIdRepoPlugins(amOrgName, IdOperation.SERVICE, type);
if ((configuredPluginClasses == null) || configuredPluginClasses.isEmpty()) {
throw new IdRepoException(IdRepoBundle.BUNDLE_NAME, IdRepoErrorCode.NO_PLUGINS_CONFIGURED, null);
}
Iterator it = configuredPluginClasses.iterator();
int noOfSuccess = configuredPluginClasses.size();
IdRepo idRepo = null;
while (it.hasNext()) {
IdRepo repo = (IdRepo) it.next();
Map cMap = repo.getConfiguration();
try {
Map mappedAttributes = mapAttributeNames(attrMap, cMap);
if (repo.getClass().getName().equals(IdConstants.AMSDK_PLUGIN) && amsdkDN != null) {
repo.unassignService(token, type, amsdkDN, serviceName, mappedAttributes);
} else {
repo.unassignService(token, type, name, serviceName, mappedAttributes);
}
} catch (IdRepoUnsupportedOpException ide) {
if (idRepo != null && DEBUG.messageEnabled()) {
DEBUG.message("IdServicesImpl.unassignService: " + "Unassign Service not supported for repository " + repo.getClass().getName() + " :: " + ide.getMessage());
}
noOfSuccess--;
origEx = (origEx == null) ? ide : origEx;
} catch (IdRepoFatalException idf) {
// fatal ..throw it all the way up
DEBUG.error("IdServicesImpl.unassignService: Fatal Exception ", idf);
throw idf;
} catch (IdRepoException ide) {
if (idRepo != null && DEBUG.warningEnabled()) {
DEBUG.warning("IdServicesImpl.unassignService: " + "Unable to unassign service in the " + "following repository " + idRepo.getClass().getName() + " :: " + ide.getMessage());
}
noOfSuccess--;
origEx = (origEx == null) ? ide : origEx;
}
}
if (noOfSuccess == 0) {
if (DEBUG.warningEnabled()) {
DEBUG.warning("IdServicesImpl.unassignService: " + "Unable to unassign Service for identity " + type.getName() + "::" + name + " in any configured " + "data store ", origEx);
}
throw origEx;
}
}
Also used :
IdRepoUnsupportedOpException(com.sun.identity.idm.IdRepoUnsupportedOpException)
Set(java.util.Set)
OrderedSet(com.sun.identity.shared.datastruct.OrderedSet)
CaseInsensitiveHashSet(com.sun.identity.common.CaseInsensitiveHashSet)
HashSet(java.util.HashSet)
IdRepo(com.sun.identity.idm.IdRepo)
IdRepoException(com.sun.identity.idm.IdRepoException)
Iterator(java.util.Iterator)
Map(java.util.Map)
AMHashMap(com.iplanet.am.sdk.AMHashMap)
HashMap(java.util.HashMap)
CaseInsensitiveHashMap(com.sun.identity.common.CaseInsensitiveHashMap)
IdRepoFatalException(com.sun.identity.idm.IdRepoFatalException)
Example 90 with IdRepoException
use of com.sun.identity.idm.IdRepoException in project OpenAM by OpenRock.
the class IdServicesImpl method getMembers.
/*
* (non-Javadoc)
*/
public Set getMembers(SSOToken token, IdType type, String name, String amOrgName, IdType membersType, String amsdkDN) throws IdRepoException, SSOException {
IdRepoException origEx = null;
// Check permission first. If allowed then proceed, else the
// checkPermission method throws an "402" exception.
checkPermission(token, amOrgName, name, null, IdOperation.READ, type);
// Get the list of plugins that support the read operation.
Set configuredPluginClasses = idrepoCache.getIdRepoPlugins(amOrgName, IdOperation.READ, type);
if ((configuredPluginClasses == null) || configuredPluginClasses.isEmpty()) {
throw new IdRepoException(IdRepoBundle.BUNDLE_NAME, IdRepoErrorCode.NO_PLUGINS_CONFIGURED, null);
}
Iterator it = configuredPluginClasses.iterator();
int noOfSuccess = configuredPluginClasses.size();
Set membersSet = new HashSet();
Set amsdkMembers = new HashSet();
boolean amsdkIncluded = false;
while (it.hasNext()) {
IdRepo idRepo = (IdRepo) it.next();
if (!idRepo.getSupportedTypes().contains(membersType) || idRepo.getClass().getName().equals(IdConstants.SPECIAL_PLUGIN)) {
// IdRepo plugin does not support the idType for
// memberships
noOfSuccess--;
continue;
}
try {
boolean isAMSDK = idRepo.getClass().getName().equals(IdConstants.AMSDK_PLUGIN);
Set members = (isAMSDK && (amsdkDN != null)) ? idRepo.getMembers(token, type, amsdkDN, membersType) : idRepo.getMembers(token, type, name, membersType);
if (isAMSDK) {
amsdkMembers.addAll(members);
amsdkIncluded = true;
} else {
membersSet.add(members);
}
} catch (IdRepoUnsupportedOpException ide) {
if (DEBUG.warningEnabled()) {
DEBUG.warning("IdServicesImpl.getMembers: " + "Unable to read identity members in the following" + " repository " + idRepo.getClass().getName() + " :: " + ide.getMessage());
}
noOfSuccess--;
origEx = (origEx == null) ? ide : origEx;
} catch (IdRepoFatalException idf) {
// fatal ..throw it all the way up
DEBUG.error("IdServicesImpl.getMembers: " + "Fatal Exception ", idf);
throw idf;
} catch (IdRepoException ide) {
if (DEBUG.warningEnabled()) {
DEBUG.warning("IdServicesImpl.getMembers: " + "Unable to read identity members in the following" + " repository " + idRepo.getClass().getName() + " :: " + ide.getMessage());
}
noOfSuccess--;
origEx = (origEx == null) ? ide : origEx;
}
}
if (noOfSuccess == 0) {
if (DEBUG.warningEnabled()) {
DEBUG.warning("IdServicesImpl.getMembers: " + "Unable to get members for identity " + type.getName() + "::" + name + " in any configured data store", origEx);
}
if (origEx != null) {
throw origEx;
} else {
return (Collections.EMPTY_SET);
}
} else {
Set results = combineMembers(token, membersSet, membersType, amOrgName, amsdkIncluded, amsdkMembers);
return results;
}
}
Also used :
IdRepoUnsupportedOpException(com.sun.identity.idm.IdRepoUnsupportedOpException)
Set(java.util.Set)
OrderedSet(com.sun.identity.shared.datastruct.OrderedSet)
CaseInsensitiveHashSet(com.sun.identity.common.CaseInsensitiveHashSet)
HashSet(java.util.HashSet)
IdRepo(com.sun.identity.idm.IdRepo)
IdRepoException(com.sun.identity.idm.IdRepoException)
Iterator(java.util.Iterator)
IdRepoFatalException(com.sun.identity.idm.IdRepoFatalException)
CaseInsensitiveHashSet(com.sun.identity.common.CaseInsensitiveHashSet)
HashSet(java.util.HashSet)
Aggregations
IdRepoException (com.sun.identity.idm.IdRepoException)403
SSOException (com.iplanet.sso.SSOException)275
Set (java.util.Set)224
AMIdentity (com.sun.identity.idm.AMIdentity)221
HashSet (java.util.HashSet)183
Map (java.util.Map)121
Iterator (java.util.Iterator)118
SSOToken (com.iplanet.sso.SSOToken)112
HashMap (java.util.HashMap)110
SMSException (com.sun.identity.sm.SMSException)103
AMIdentityRepository (com.sun.identity.idm.AMIdentityRepository)96
CaseInsensitiveHashSet (com.sun.identity.common.CaseInsensitiveHashSet)67
AMConsoleException (com.sun.identity.console.base.model.AMConsoleException)58
IdType (com.sun.identity.idm.IdType)57
CaseInsensitiveHashMap (com.sun.identity.common.CaseInsensitiveHashMap)51
CLIException (com.sun.identity.cli.CLIException)48
IOutput (com.sun.identity.cli.IOutput)45
IdSearchResults (com.sun.identity.idm.IdSearchResults)44
IdSearchControl (com.sun.identity.idm.IdSearchControl)39
IdRepoUnsupportedOpException (com.sun.identity.idm.IdRepoUnsupportedOpException)35
