Example 26 with IdRepoException
use of com.sun.identity.idm.IdRepoException in project OpenAM by OpenRock.
the class IdentityServicesImpl method read.
public IdentityDetails read(String name, Map<String, Set<String>> attributes, SSOToken admin) throws IdServicesException {
IdentityDetails rv = null;
String realm = null;
String repoRealm;
String identityType = null;
List<String> attrsToGet = null;
if (attributes != null) {
for (Attribute attr : asAttributeArray(attributes)) {
String attrName = attr.getName();
if ("realm".equalsIgnoreCase(attrName)) {
String[] values = attr.getValues();
if (values != null && values.length > 0) {
realm = values[0];
}
} else if ("objecttype".equalsIgnoreCase(attrName)) {
String[] values = attr.getValues();
if (values != null && values.length > 0) {
identityType = values[0];
}
} else {
if (attrsToGet == null) {
attrsToGet = new ArrayList<>();
}
attrsToGet.add(attrName);
}
}
}
if (StringUtils.isEmpty(realm)) {
repoRealm = "/";
} else {
repoRealm = realm;
}
if (StringUtils.isEmpty(identityType)) {
identityType = "User";
}
try {
AMIdentity amIdentity = getAMIdentity(admin, identityType, name, repoRealm);
if (amIdentity == null) {
debug.error("IdentityServicesImpl:read identity not found");
throw new ObjectNotFound(name);
}
if (isSpecialUser(amIdentity)) {
throw new AccessDenied("Cannot retrieve attributes for this user.");
}
rv = convertToIdentityDetails(amIdentity, attrsToGet);
if (!StringUtils.isEmpty(realm)) {
// use the realm specified by the request
rv.setRealm(realm);
}
} catch (IdRepoException e) {
debug.error("IdentityServicesImpl:read", e);
mapIdRepoException(e);
} catch (SSOException e) {
debug.error("IdentityServicesImpl:read", e);
throw new GeneralFailure(e.getMessage());
}
return rv;
}
Also used :
Attribute(com.sun.identity.idsvcs.Attribute)
ObjectNotFound(com.sun.identity.idsvcs.ObjectNotFound)
AMIdentity(com.sun.identity.idm.AMIdentity)
ArrayList(java.util.ArrayList)
IdRepoException(com.sun.identity.idm.IdRepoException)
GeneralFailure(com.sun.identity.idsvcs.GeneralFailure)
IdentityDetails(com.sun.identity.idsvcs.IdentityDetails)
SSOException(com.iplanet.sso.SSOException)
AccessDenied(com.sun.identity.idsvcs.AccessDenied)
Example 27 with IdRepoException
use of com.sun.identity.idm.IdRepoException in project OpenAM by OpenRock.
the class IdentityServicesImpl method delete.
/**
* Deletes an {@code AMIdentity} from the identity repository that match
* the details specified in {@code identity}.
*
* @param identity The identity to delete.
* @param admin The admin token.
* @throws ResourceException If a problem occurs.
*/
public void delete(IdentityDetails identity, SSOToken admin) throws ResourceException {
if (identity == null) {
throw new BadRequestException("delete failed: identity object not specified.");
}
String name = identity.getName();
String identityType = identity.getType();
String realm = identity.getRealm();
if (name == null) {
throw new NotFoundException("delete failed: null object name.");
}
if (realm == null) {
realm = "/";
}
try {
AMIdentity amIdentity = getAMIdentity(admin, identityType, name, realm);
if (amIdentity != null) {
if (isSpecialUser(amIdentity)) {
throw new ForbiddenException("Cannot delete user.");
}
AMIdentityRepository repo = getRepo(admin, realm);
IdType idType = amIdentity.getType();
if (IdType.GROUP.equals(idType) || IdType.ROLE.equals(idType)) {
// First remove users from memberships
Set<AMIdentity> members = getMembers(amIdentity, IdType.USER);
for (AMIdentity member : members) {
try {
removeMember(repo, amIdentity, member);
} catch (IdRepoException ex) {
//ignore this, member maybe already removed.
}
}
}
deleteAMIdentity(repo, amIdentity);
} else {
String msg = "Object \'" + name + "\' of type \'" + identityType + "\' was not found.";
throw new NotFoundException(msg);
}
} catch (IdRepoException ex) {
debug.error("IdentityServicesImpl:delete", ex);
throw RESOURCE_MAPPING_HANDLER.handleError(ex);
} catch (SSOException ex) {
debug.error("IdentityServicesImpl:delete", ex);
throw new BadRequestException(ex.getMessage());
} catch (ObjectNotFound e) {
debug.error("IdentityServicesImpl:delete", e);
throw new NotFoundException(e.getMessage());
}
}
Also used :
ForbiddenException(org.forgerock.json.resource.ForbiddenException)
ObjectNotFound(com.sun.identity.idsvcs.ObjectNotFound)
AMIdentity(com.sun.identity.idm.AMIdentity)
AMIdentityRepository(com.sun.identity.idm.AMIdentityRepository)
IdRepoException(com.sun.identity.idm.IdRepoException)
BadRequestException(org.forgerock.json.resource.BadRequestException)
NotFoundException(org.forgerock.json.resource.NotFoundException)
SSOException(com.iplanet.sso.SSOException)
IdType(com.sun.identity.idm.IdType)
Example 28 with IdRepoException
use of com.sun.identity.idm.IdRepoException in project OpenAM by OpenRock.
the class RestletRealmRouter method doHandle.
/**
* <p>Takes the last realm URI parameter from the request and appends to the growing full realm value.</p>
*
* <p>i.e. last realm URI parameter: realm2, current full realm value: /realm1, after appending: /realm1/realm2.</p>
*
* @param next {@inheritDoc}
* @param request {@inheritDoc}
* @param response {@inheritDoc}
*/
@Override
protected void doHandle(Restlet next, Request request, Response response) {
RealmInfo realmInfo = getRealmFromURI(request);
if (realmInfo == null) {
realmInfo = getRealmFromServerName(request);
}
if (next != delegateRoute) {
String overrideRealm = getRealmFromQueryString(request);
if (overrideRealm != null) {
realmInfo = realmInfo.withOverrideRealm(overrideRealm);
}
request.getAttributes().put(REALM_URL, request.getResourceRef().getBaseRef().toString());
}
// Check that the path references an existing realm
if (!realmValidator.isRealm(realmInfo.getAbsoluteRealm())) {
String realm = realmInfo.getAbsoluteRealm();
try {
SSOToken adminToken = coreWrapper.getAdminToken();
//Need to strip off leading '/' from realm otherwise just generates a DN based of the realm value, which is wrong
if (realmInfo.getAbsoluteRealm().startsWith("/")) {
realm = realm.substring(1);
}
String orgDN = coreWrapper.getOrganization(adminToken, realm);
realmInfo = realmInfo.withAbsoluteRealm(coreWrapper.convertOrgNameToRealmName(orgDN));
} catch (IdRepoException | SSOException e) {
throw new ResourceException(Status.CLIENT_ERROR_BAD_REQUEST, "Invalid realm, " + realm);
}
}
request.getAttributes().put(REALM, realmInfo.getAbsoluteRealm());
request.getAttributes().put(REALM_INFO, realmInfo);
HttpServletRequest httpRequest = ServletUtils.getRequest(request);
httpRequest.setAttribute(REALM, realmInfo.getAbsoluteRealm());
httpRequest.setAttribute(REALM_INFO, realmInfo);
request.getAttributes().remove("subrealm");
super.doHandle(next, request, response);
}
Also used :
HttpServletRequest(javax.servlet.http.HttpServletRequest)
RealmInfo(org.forgerock.openam.core.RealmInfo)
SSOToken(com.iplanet.sso.SSOToken)
IdRepoException(com.sun.identity.idm.IdRepoException)
SSOException(com.iplanet.sso.SSOException)
ResourceException(org.restlet.resource.ResourceException)
Example 29 with IdRepoException
use of com.sun.identity.idm.IdRepoException in project OpenAM by OpenRock.
the class LdapSPValidator method searchAgents.
private Map searchAgents(StringBuffer rootPrefix, String realm) throws Exception {
/*
* Search for attribute "sunIdentityServerDeviceKeyValue:
* sunIdentityServerAgentRootURL=<rootURL>"
*/
Map searchParams = new HashMap();
Set attrValues = new HashSet(2);
attrValues.add(PROVIDER_ID_ATTR_NAME + "=" + rootPrefix.toString());
searchParams.put(LDAP_ATTR_NAME, attrValues);
IdSearchControl idsc = new IdSearchControl();
idsc.setTimeOut(0);
idsc.setMaxResults(0);
idsc.setSearchModifiers(IdSearchOpModifier.AND, searchParams);
Set returnAttrs = new HashSet(4);
returnAttrs.add(LDAP_ATTR_NAME);
returnAttrs.add(LDAP_STATUS_ATTR_NAME);
idsc.setReturnAttributes(returnAttrs);
try {
SSOToken adminToken = (SSOToken) AccessController.doPrivileged(AdminTokenAction.getInstance());
IdSearchResults sr = null;
if ((realm != null) && (realm.trim().length() > 0)) {
AMIdentityRepository idRepo = new AMIdentityRepository(adminToken, realm);
sr = idRepo.searchIdentities(IdType.AGENT, "*", idsc);
} else {
sr = amIdRepo.searchIdentities(IdType.AGENT, "*", idsc);
}
return sr.getResultAttributes();
} catch (IdRepoException ire) {
CDCServlet.debug.error("LdapSPValidator.searchAgents", ire);
throw new Exception(ire);
} catch (SSOException ssoe) {
CDCServlet.debug.error("LdapSPValidator.searchAgents", ssoe);
throw new Exception(ssoe);
}
}
Also used :
HashSet(java.util.HashSet)
Set(java.util.Set)
SSOToken(com.iplanet.sso.SSOToken)
HashMap(java.util.HashMap)
IdSearchResults(com.sun.identity.idm.IdSearchResults)
IdSearchControl(com.sun.identity.idm.IdSearchControl)
AMIdentityRepository(com.sun.identity.idm.AMIdentityRepository)
IdRepoException(com.sun.identity.idm.IdRepoException)
SSOException(com.iplanet.sso.SSOException)
HashMap(java.util.HashMap)
Map(java.util.Map)
IdRepoException(com.sun.identity.idm.IdRepoException)
MalformedURLException(java.net.MalformedURLException)
SSOException(com.iplanet.sso.SSOException)
HashSet(java.util.HashSet)
Example 30 with IdRepoException
use of com.sun.identity.idm.IdRepoException in project OpenAM by OpenRock.
the class FirstTimeLogin method onLoginSuccess.
/**
* Post processing on successful authentication.
* @param requestParamsMap contains HttpServletRequest parameters
* @param request HttpServlet request
* @param response HttpServlet response
* @param ssoToken user's session
* @throws AuthenticationException if there is an error
*/
public void onLoginSuccess(Map requestParamsMap, HttpServletRequest request, HttpServletResponse response, SSOToken ssoToken) throws AuthenticationException {
if (debug.messageEnabled()) {
debug.message("FirstTimeLogin.onLoginSuccess called: Req:" + request.getRequestURL());
}
String strAttributeName = SystemProperties.get(FIRSTTIME_LOGIN_ATTR_NAME);
try {
if (strAttributeName != null && !strAttributeName.trim().equals("")) {
AMIdentity amIdentityUser = IdUtils.getIdentity(ssoToken);
Map attrMap = amIdentityUser.getAttributes();
String strAttributeValue = Misc.getMapAttr(attrMap, strAttributeName, null);
if (debug.messageEnabled()) {
debug.message("FirstTimeLogin.onLoginSuccess: " + strAttributeName + "=" + strAttributeValue);
}
// in the 'goto' parameter
if (strAttributeValue != null && strAttributeValue.equalsIgnoreCase("true")) {
if (request != null) {
//Change the IDM url so that it points to the correct IDM application
request.setAttribute(AMPostAuthProcessInterface.POST_PROCESS_LOGIN_SUCCESS_URL, "http://localhost:8081/idm/user/main.jsp?goto=http://mail.yahoo.com");
}
}
}
if (debug.messageEnabled()) {
debug.message("FirstTimeLogin.onLoginSuccess: FirstTimeLogin " + "concluded successfully");
}
} catch (IdRepoException ire) {
debug.error("FirstTimeLogin.onLoginSuccess: IOException while " + "fetching user attributes: " + ire);
} catch (SSOException sse) {
debug.error("FirstTimeLogin.onLoginSuccess: SSOException " + sse);
}
}
Also used :
AMIdentity(com.sun.identity.idm.AMIdentity)
IdRepoException(com.sun.identity.idm.IdRepoException)
SSOException(com.iplanet.sso.SSOException)
Map(java.util.Map)
Aggregations
IdRepoException (com.sun.identity.idm.IdRepoException)403
SSOException (com.iplanet.sso.SSOException)275
Set (java.util.Set)224
AMIdentity (com.sun.identity.idm.AMIdentity)221
HashSet (java.util.HashSet)183
Map (java.util.Map)121
Iterator (java.util.Iterator)118
SSOToken (com.iplanet.sso.SSOToken)112
HashMap (java.util.HashMap)110
SMSException (com.sun.identity.sm.SMSException)103
AMIdentityRepository (com.sun.identity.idm.AMIdentityRepository)96
CaseInsensitiveHashSet (com.sun.identity.common.CaseInsensitiveHashSet)67
AMConsoleException (com.sun.identity.console.base.model.AMConsoleException)58
IdType (com.sun.identity.idm.IdType)57
CaseInsensitiveHashMap (com.sun.identity.common.CaseInsensitiveHashMap)51
CLIException (com.sun.identity.cli.CLIException)48
IOutput (com.sun.identity.cli.IOutput)45
IdSearchResults (com.sun.identity.idm.IdSearchResults)44
IdSearchControl (com.sun.identity.idm.IdSearchControl)39
IdRepoUnsupportedOpException (com.sun.identity.idm.IdRepoUnsupportedOpException)35
