Example 11 with IdRepoException
use of com.sun.identity.idm.IdRepoException in project OpenAM by OpenRock.
the class DelegationUtils method copyRealmPrivilegesFromParent.
/**
* Creates default privileges for a newly created realm This method should
* be called in realm mode only.
* @param token <code>SSOToken</code> of a privileged user who has
* permission to create the privileges, mostly the admin token.
* @param parent parent realm's <code>OrganizationConfigManager</code>
where default privileges are picked from.
* @param child realm where default privileges are copied from the
* </code>parent</code>.
*/
public static void copyRealmPrivilegesFromParent(SSOToken token, OrganizationConfigManager parent, OrganizationConfigManager child) throws SSOException, DelegationException {
if (debug.messageEnabled()) {
debug.message("DelegationUtils.copyRealmPrivilegesFromParent" + " Parent org: " + parent.getOrganizationName() + " Child org: " + child.getOrganizationName());
}
DelegationManager pdm = new DelegationManager(token, parent.getOrganizationName());
DelegationManager cdm = new DelegationManager(token, child.getOrganizationName());
String childOrgName = DNMapper.orgNameToDN(child.getOrganizationName());
Set pdps = pdm.getPrivileges();
if (pdps == null || pdps.isEmpty()) {
if (debug.messageEnabled()) {
debug.message("DelegationUtils.copyRealmPrivileges" + "FromParent: No privilege subjects in parent");
}
return;
}
// Set cdps = new HashSet();
for (Iterator items = pdps.iterator(); items.hasNext(); ) {
DelegationPrivilege dp = (DelegationPrivilege) items.next();
Set subjects = dp.getSubjects();
if (subjects == null || subjects.isEmpty()) {
if (debug.messageEnabled()) {
debug.message("DelegationUtils.copyRealmPrivileges" + "FromParent: No subjects in privilege: " + dp);
}
continue;
}
Set newSubjects = new HashSet();
for (Iterator subs = subjects.iterator(); subs.hasNext(); ) {
String sName = (String) subs.next();
try {
AMIdentity id = IdUtils.getIdentity(token, sName);
// Construct a new AMIdentity object with child realm
AMIdentity newId = new AMIdentity(token, id.getName(), id.getType(), childOrgName, id.getDN());
newSubjects.add(IdUtils.getUniversalId(newId));
} catch (IdRepoException ide) {
if (debug.messageEnabled()) {
debug.message("DelegationUtils.copyRealmPrivileges" + "FromParent: IdRepoException for: " + dp, ide);
}
continue;
}
}
dp.setSubjects(newSubjects);
Set permissions = dp.getPermissions();
if ((permissions != null) && (!permissions.isEmpty())) {
Iterator it = permissions.iterator();
while (it.hasNext()) {
DelegationPermission perm = (DelegationPermission) it.next();
perm.setOrganizationName("*" + childOrgName);
}
}
cdm.addPrivilege(dp);
if (debug.messageEnabled()) {
debug.message("DelegationUtils.copyRealmPrivileges" + "FromParent: Privilege copied from parent: " + dp);
}
}
}
Also used :
Set(java.util.Set)
HashSet(java.util.HashSet)
AMIdentity(com.sun.identity.idm.AMIdentity)
Iterator(java.util.Iterator)
IdRepoException(com.sun.identity.idm.IdRepoException)
HashSet(java.util.HashSet)
Example 12 with IdRepoException
use of com.sun.identity.idm.IdRepoException in project OpenAM by OpenRock.
the class DatabaseRepo method getMemberships.
/*
* Receive a name and the idType of that name, plus the type of memberships
* that you are interested in. For example, for a "user" named "chris"
* get all the groups that he is a member of.
*
* @return Set of objects that <code>name</code> is a member of.
*
* @see com.sun.identity.idm.IdRepo#getMemberships(
* com.iplanet.sso.SSOToken, com.sun.identity.idm.IdType,
* java.lang.String, com.sun.identity.idm.IdType)
*/
public Set getMemberships(SSOToken token, IdType type, String name, IdType membershipType) throws IdRepoException, SSOException {
if (initializationException != null) {
debug.error("DatabaseRepo.getMemberships: throwing initialization" + " exception");
throw (initializationException);
}
if (debug.messageEnabled()) {
debug.message("DatabaseRepo.getMemberships called " + " token=" + token + " type=" + type + " name=" + name + "membershipType=" + membershipType);
}
if (name == null || type == null || membershipType == null) {
debug.message("DatabaseRepo.getMemberships: parameters type, name," + "membersTypeare can not be null, so returning empty set." + "IdType=" + type + ": name=" + name + ": membershipType=" + membershipType);
return Collections.EMPTY_SET;
}
Set groups = null;
if (!type.equals(IdType.USER)) {
debug.error("DatabaseRepo.getMemberships: Membership for identities" + " other than Users is not allowed ");
Object[] args = { PLUGIN_CLASS_NAME };
throw new IdRepoException(IdRepoBundle.BUNDLE_NAME, IdRepoErrorCode.MEMBERSHIPS_FOR_NOT_USERS_NOT_ALLOWED, args);
} else {
if (membershipType.equals(IdType.GROUP)) {
groups = dao.getMemberships(name, membershipIdAttributeName);
} else {
// Memberships of any other types not supported for
debug.error("DatabaseRepo.getMemberships: Membership for other" + " types of entities not supported for Users");
Object[] args = { PLUGIN_CLASS_NAME, type.getName(), membershipType.getName() };
throw new IdRepoException(IdRepoBundle.BUNDLE_NAME, IdRepoErrorCode.MEMBERSHIP_NOT_SUPPORTED, args);
}
}
if (groups == null) {
groups = Collections.EMPTY_SET;
}
if (debug.messageEnabled()) {
debug.message("DatabaseRepo.getMemberships: returning groups=" + groups);
}
return groups;
}
Also used :
HashSet(java.util.HashSet)
Set(java.util.Set)
IdRepoException(com.sun.identity.idm.IdRepoException)
Example 13 with IdRepoException
use of com.sun.identity.idm.IdRepoException in project OpenAM by OpenRock.
the class FilesRepo method initDir.
// -----------------------------------------------
// private methods to manage directory structure
// -----------------------------------------------
// Methods for cache management
// Initialize, read and write methods
void initDir(String rootDir) throws IdRepoException {
// Check if roor dir exists, if not create
File root = new File(rootDir);
if (!root.exists() && !root.mkdirs()) {
// Unable to create the directory
Object[] args = { root.getAbsolutePath() };
throw new IdRepoException(IdRepoBundle.BUNDLE_NAME, IdRepoErrorCode.UNABLE_CREATE_DIRECTORY, args);
} else if (!root.isDirectory()) {
// Not a directory
Object[] args = { root.getAbsolutePath() };
throw new IdRepoException(IdRepoBundle.BUNDLE_NAME, IdRepoErrorCode.NOT_DIRECTORY, args);
}
// Check sub-directories
Set types = supportedOps.keySet();
for (Iterator items = types.iterator(); items.hasNext(); ) {
String subDir = ((IdType) items.next()).getName();
File dir = new File(root, subDir);
if (!dir.exists() && !dir.mkdir()) {
// Unable to create the directory
String[] args = { dir.getAbsolutePath() };
throw new IdRepoException(IdRepoBundle.BUNDLE_NAME, IdRepoErrorCode.UNABLE_CREATE_DIRECTORY, args);
} else if (!dir.isDirectory()) {
// Not a directory
String[] args = { dir.getAbsolutePath() };
throw new IdRepoException(IdRepoBundle.BUNDLE_NAME, IdRepoErrorCode.NOT_DIRECTORY, args);
}
if (subDir.equals(IdType.REALM.getName())) {
// Create realm ContainerDefaultTemplateRole
File role = new File(dir, "ContainerDefaultTemplateRole");
if (!role.exists()) {
// Write an empyt map to the file
writeFile(role, Collections.EMPTY_MAP);
}
}
}
}
Also used :
CaseInsensitiveHashSet(com.sun.identity.common.CaseInsensitiveHashSet)
HashSet(java.util.HashSet)
Set(java.util.Set)
IdRepoException(com.sun.identity.idm.IdRepoException)
Iterator(java.util.Iterator)
File(java.io.File)
IdType(com.sun.identity.idm.IdType)
Example 14 with IdRepoException
use of com.sun.identity.idm.IdRepoException in project OpenAM by OpenRock.
the class DatabaseRepo method getMembers.
/*
* Returns members of an identity. Applicable if identity is a
* group or a role.
* @see com.sun.identity.idm.IdRepo#getMembers(com.iplanet.sso.SSOToken,
* com.sun.identity.idm.IdType, java.lang.String,
* com.sun.identity.idm.IdType)
*/
public Set getMembers(SSOToken token, IdType type, String name, IdType membersType) throws IdRepoException, SSOException {
if (initializationException != null) {
debug.error("DatabaseRepo.getMembers: throwing" + " initialization exception");
throw (initializationException);
}
if (debug.messageEnabled()) {
debug.message("DatabaseRepo.getMembers: " + "token=" + token + "IdType=" + type + ": name=" + name + ": membersType=" + membersType);
}
if (name == null || type == null || membersType == null) {
debug.message("DatabaseRepo.getMembers: parameters type, name," + "membersTypeare can not be null, so returning empty set." + "IdType=" + type + ": name=" + name + ": membersType=" + membersType);
return Collections.EMPTY_SET;
}
if (!membersType.equals(IdType.USER)) {
debug.error("DatabaseRepo.getMembers: Groups do not support" + " membership for " + membersType.getName());
Object[] args = { PLUGIN_CLASS_NAME, membersType.getName(), type.getName() };
throw new IdRepoException(IdRepoBundle.BUNDLE_NAME, IdRepoErrorCode.MEMBERSHIP_NOT_SUPPORTED, args);
}
//throw exception if this type user not allowed to do this
//isValidType(type, "getMembers");
Set members = null;
if (type.equals(IdType.USER)) {
debug.error("DatabaseRepo.getMembers: Membership operation is not" + " supported for Users");
throw new IdRepoException(IdRepoBundle.getString(IdRepoErrorCode.MEMBERSHIP_TO_USERS_AND_AGENTS_NOT_ALLOWED), IdRepoErrorCode.MEMBERSHIP_TO_USERS_AND_AGENTS_NOT_ALLOWED);
} else if (type.equals(IdType.GROUP)) {
members = dao.getMembers(name, membershipIdAttributeName);
} else {
Object[] args = { PLUGIN_CLASS_NAME, IdOperation.READ.getName(), type.getName() };
throw new IdRepoUnsupportedOpException(IdRepoBundle.BUNDLE_NAME, IdRepoErrorCode.PLUGIN_OPERATION_NOT_SUPPORTED, args);
}
if (members == null) {
members = Collections.EMPTY_SET;
}
if (debug.messageEnabled()) {
debug.message("DatabaseRepo.getMembers: returning members=" + members);
}
return members;
}
Also used :
IdRepoUnsupportedOpException(com.sun.identity.idm.IdRepoUnsupportedOpException)
HashSet(java.util.HashSet)
Set(java.util.Set)
IdRepoException(com.sun.identity.idm.IdRepoException)
Example 15 with IdRepoException
use of com.sun.identity.idm.IdRepoException in project OpenAM by OpenRock.
the class DatabaseRepo method initialize.
/*
* Initialization of parameters as configured for a given plugin.
*
* @see com.sun.identity.idm.IdRepo#initialize(java.util.Map)
*/
public void initialize(Map configParams) throws IdRepoException {
if (debug.messageEnabled()) {
debug.message("DatabaseRepo.initialize called.");
}
super.initialize(configParams);
//helper for parsing config info
RepoConfigHelper configHelper = new RepoConfigHelper(debug);
daoClassName = configHelper.getPropertyStringValue(configParams, DAO_PLUGIN_CLASS_NAME_SCHEMA_NAME);
try {
//validate
if (daoClassName == null || daoClassName.trim().length() == 0) {
String badDaoMsg = "DatabaseRepo.initialize: daoClassName obtained" + " from IdRepoService.xml can not be null or empty." + " daoClassName=" + daoClassName;
initializationException = new IdRepoException(badDaoMsg);
debug.error(badDaoMsg);
return;
} else {
dao = (DaoInterface) Class.forName(daoClassName).newInstance();
}
} catch (ClassNotFoundException cnfe) {
initializationException = new IdRepoException(cnfe.getMessage());
debug.error("DatabaseRepo.initialize: exception trying to create a new" + " DAO class. Can not configure this datastore", cnfe);
return;
} catch (InstantiationException ie) {
initializationException = new IdRepoException(ie.getMessage());
debug.error("DatabaseRepo.initialize: exception trying to create a new" + " DAO class. Can not configure this datastore", ie);
return;
} catch (IllegalAccessException iae) {
initializationException = new IdRepoException(iae.getMessage());
debug.error("DatabaseRepo.initialize: exception trying to create a new" + " DAO class. Can not configure this datastore", iae);
return;
} catch (Exception noDAOex) {
initializationException = new IdRepoException(noDAOex.getMessage());
debug.error("DatabaseRepo.initialize: exception trying to create a new" + " DAO class. Can not configure this datastore", noDAOex);
return;
}
//determines whether to use JNDI or JDBC driver manager for connections
String connectionType = configHelper.getPropertyStringValue(configParams, JDBC_CONNECTION_TYPE_SCHEMA_NAME);
boolean useJNDI;
if (connectionType != null && connectionType.equals("JNDI")) {
useJNDI = true;
} else {
//unless JNDI is specified, then assume JDBC
useJNDI = false;
}
//Get the name of the database table for users
userDataBaseTableName = configHelper.getPropertyStringValue(configParams, USER_DB_TABLE_NAME_SCHEMA_NAME);
if (userDataBaseTableName == null || userDataBaseTableName.trim().length() == 0) {
String errorMessage = "DatabaseRepo.initialize: validation failed" + " on User DataBase Table Name config info, value must be" + " non-null and not empty for" + " userDataBaseTableName=" + userDataBaseTableName;
if (debug.errorEnabled()) {
debug.error(errorMessage);
}
initializationException = new IdRepoException(errorMessage);
//consider returning and not continuing ??
}
//now get membership info, for example to support groups
membershipTableName = configHelper.getPropertyStringValue(configParams, MEMBERSHIP_TABLE_NAME_SCHEMA_NAME);
membershipIdAttributeName = configHelper.getPropertyStringValue(configParams, MEMBERSHIP_ID_ATTRIBUTE_NAME_SCHEMA_NAME);
membershipSearchAttributeName = configHelper.getPropertyStringValue(configParams, MEMBERSHIP_SEARCH_ATTRIBUTE_NAME_SCHEMA_NAME);
//validate membership config info
if (membershipTableName == null || membershipIdAttributeName == null || membershipSearchAttributeName == null) {
//no need to validate against length==0 ,can be blank since optional
//RFE: use the supportedOps to see if groups is allowed and if so
// then make sure values are not blank since they will be used
String errorMessage = "DatabaseRepo.initialize: validation failed" + " on membership config info, values must be non-null for" + " membershipTableName=" + membershipTableName + " membershipIdAttributeName=" + membershipIdAttributeName + " membershipSearchAttributeName=" + membershipSearchAttributeName;
if (debug.errorEnabled()) {
debug.error(errorMessage);
}
initializationException = new IdRepoException(errorMessage);
//consider returning and not continuing ??
}
if (debug.messageEnabled()) {
debug.message("DatabaseRepo.initialize: " + " membershipTableName=" + membershipTableName + " membershipIdAttributeName=" + membershipIdAttributeName + " membershipSearchAttributeName=" + membershipSearchAttributeName);
}
if (useJNDI) {
//name to use to lookup DataSource for database connections,
//for example java:comp/env/jdbc/mysqltest
String datasourceName = configHelper.getPropertyStringValue(configParams, DATASOURCE_SCHEMA_NAME);
if (datasourceName != null && !(datasourceName.length() == 0) && userDataBaseTableName != null && !(userDataBaseTableName.length() == 0)) {
if (debug.messageEnabled()) {
debug.message("DatabaseRepo.initialize, about to call" + "DAO initialize, for useJNDI=" + useJNDI);
}
try {
dao.initialize(datasourceName, userDataBaseTableName, membershipTableName, debug);
} catch (Exception ex) {
//this exception is used as a flag to determine whether this
//idRepo has been connected to its data store or not
//and sometimes thrown from other methods if error on initialize
initializationException = new IdRepoException(ex.getMessage());
debug.error("DatabaseRepo.initialize: exception trying to" + " set up DB datasource connection.", ex);
}
} else {
String errorMessage = "DatabaseRepo.initialize: datasourceName" + " and userDataBaseTableName must be not null and not" + " empty. So initialize can not succeed." + " datasourceName=" + datasourceName + " userDataBaseTableName" + userDataBaseTableName;
debug.error(errorMessage);
initializationException = new IdRepoException(errorMessage);
//consider returning and not continuing ??
}
} else {
//use JDBC DriverManager params to initialize DAO
//if connection type is JDBC ...
//if JDBCConnectionType is JDBC then it needs the DriverManager
//class name, plus the url, dbUserName, dbPassword to get connections
String jdbcDriver = configHelper.getPropertyStringValue(configParams, JDBC_DRIVER_SCHEMA_NAME);
//url of JDBC driver
String jdbcDriverUrl = configHelper.getPropertyStringValue(configParams, JDBC__DRIVER_URL_SCHEMA_NAME);
// username for JDBC driver
String jdbcDbUser = configHelper.getPropertyStringValue(configParams, JDBC_USER_NAME_SCHEMA_NAME);
// password for JDBC driver
String jdbcDbPassword = configHelper.getPropertyStringValue(configParams, JDBC__DRIVER_PASSWORD_SCHEMA_NAME);
if (jdbcDriver != null && !(jdbcDriver.length() == 0) && jdbcDriverUrl != null && !(jdbcDriverUrl.length() == 0) && jdbcDbUser != null && !(jdbcDbUser.length() == 0) && jdbcDbPassword != null && !(jdbcDbPassword.length() == 0) && userDataBaseTableName != null && !(userDataBaseTableName.length() == 0)) {
if (debug.messageEnabled()) {
debug.message("DatabaseRepo.initialize, about to call" + "DAO initialize, for useJNDI=" + useJNDI);
}
try {
dao.initialize(jdbcDriver, jdbcDriverUrl, jdbcDbUser, jdbcDbPassword, userDataBaseTableName, membershipTableName, debug);
} catch (Exception ex) {
//this exception is used as a flag to determine whether this
//idRepo has been connected to its data store or not
//and sometimes thrown from other methods if error on initialize
initializationException = new IdRepoException(ex.getMessage());
debug.error("DatabaseRepo.initialize: exception trying to" + " set up DB datasource connection.", ex);
}
} else {
String errorMessage = "DatabaseRepo.initialize: using " + " useJNDI=" + useJNDI + " . The config parameters" + " jdbcDriver, jdbcDriverUrl, jdbcDbUser, jdbcDbPassword," + " and userDataBaseTableName must be not null and not" + " empty. So initialize can not succeed." + " jdbcDriver=" + jdbcDriver + " jdbcDriverUrl=" + jdbcDriverUrl + " jdbcDbUser=" + jdbcDbUser + " jdbcDbPassword=" + jdbcDbPassword + " userDataBaseTableName" + userDataBaseTableName;
debug.error(errorMessage);
initializationException = new IdRepoException(errorMessage);
//consider returning and not continuing ??
}
}
// Get password attribute name
passwordAttributeName = configHelper.getPropertyStringValue(configParams, USER_PASSWORD_SCHEMA_NAME);
// Get userID attribute name
userIDAttributeName = configHelper.getPropertyStringValue(configParams, USER_ID_SCHEMA_NAME);
//get the set of operations for each IdType allowed
Set userSpecifiedOpsSet = null;
userSpecifiedOpsSet = new HashSet((Set) configParams.get(SUPPORTED_OPERATIONS_SCHEMA_NAME));
supportedOps = configHelper.parsedUserSpecifiedOps(userSpecifiedOpsSet);
//get set of attribute/column names for users
userAtttributesAllowed = new HashSet((Set) configParams.get(SET_OF_USER_ATTRIBUTES_SCHEMA_NAME));
// Get name of status attribute from idRepoService.xml config
statusAttributeName = configHelper.getPropertyStringValue(configParams, USER_STATUS_SCHEMA_NAME);
if (statusAttributeName == null || statusAttributeName.length() == 0) {
//if nothing specified then each user is always active
alwaysActive = true;
}
// Get value of status attribute from idRepoService.xml config. This
//value is used to compare with values retreived from db to test if user
//status value is set to active, so need to find value that means active.
statusActiveComparisonValue = configHelper.getPropertyStringValue(configParams, USER_STATUS_ACTIVE_VALUE_SCHEMA_NAME, DEFAULT_USER_STATUS_ACTIVE_COMPARISON_VALUE);
statusInActiveComparisonValue = configHelper.getPropertyStringValue(configParams, USER_STATUS_INACTIVE_VALUE_SCHEMA_NAME, DEFAULT_USER_STATUS_INACTIVE_COMPARISON_VALUE);
defaultSearchMaxResults = configHelper.getPropertyIntValue(configParams, SEARCH_MAX_RESULT, defaultSearchMaxResults);
userSearchNamingAttr = configHelper.getPropertyStringValue(configParams, USERS_SEARCH_ATTRIBUTE_SCHEMA_NAME);
if (debug.messageEnabled()) {
debug.message("DatabaseRepo.initialize: " + "\n\t Password Attr name: " + passwordAttributeName + "\n\t User ID Attr name: " + userIDAttributeName + "\n\t userAtttributesAllowed: " + userAtttributesAllowed + "\n\tStatus Attr name: " + statusAttributeName + "\n\t defaultSearchMaxResults:" + defaultSearchMaxResults + "\n\t userSearchNamingAttr:" + userSearchNamingAttr + "\n\tsupportedOps Map Attr: " + supportedOps);
}
}
Also used :
HashSet(java.util.HashSet)
Set(java.util.Set)
IdRepoException(com.sun.identity.idm.IdRepoException)
IdRepoException(com.sun.identity.idm.IdRepoException)
IdRepoUnsupportedOpException(com.sun.identity.idm.IdRepoUnsupportedOpException)
IdRepoDuplicateObjectException(com.sun.identity.idm.IdRepoDuplicateObjectException)
AuthLoginException(com.sun.identity.authentication.spi.AuthLoginException)
SSOException(com.iplanet.sso.SSOException)
HashSet(java.util.HashSet)
Aggregations
IdRepoException (com.sun.identity.idm.IdRepoException)403
SSOException (com.iplanet.sso.SSOException)275
Set (java.util.Set)224
AMIdentity (com.sun.identity.idm.AMIdentity)221
HashSet (java.util.HashSet)183
Map (java.util.Map)121
Iterator (java.util.Iterator)118
SSOToken (com.iplanet.sso.SSOToken)112
HashMap (java.util.HashMap)110
SMSException (com.sun.identity.sm.SMSException)103
AMIdentityRepository (com.sun.identity.idm.AMIdentityRepository)96
CaseInsensitiveHashSet (com.sun.identity.common.CaseInsensitiveHashSet)67
AMConsoleException (com.sun.identity.console.base.model.AMConsoleException)58
IdType (com.sun.identity.idm.IdType)57
CaseInsensitiveHashMap (com.sun.identity.common.CaseInsensitiveHashMap)51
CLIException (com.sun.identity.cli.CLIException)48
IOutput (com.sun.identity.cli.IOutput)45
IdSearchResults (com.sun.identity.idm.IdSearchResults)44
IdSearchControl (com.sun.identity.idm.IdSearchControl)39
IdRepoUnsupportedOpException (com.sun.identity.idm.IdRepoUnsupportedOpException)35
