Search in sources :

Example 11 with IdRepoFatalException

use of com.sun.identity.idm.IdRepoFatalException in project OpenAM by OpenRock.

the class IdServicesImpl method getAttributes.

/*
    * (non-Javadoc)
    */
public Map getAttributes(SSOToken token, IdType type, String name, Set attrNames, String amOrgName, String amsdkDN, boolean isString) throws IdRepoException, SSOException {
    IdRepoException origEx = null;
    // Check permission first. If allowed then proceed, else the
    // checkPermission method throws an "402" exception.
    checkPermission(token, amOrgName, name, attrNames, IdOperation.READ, type);
    // Get the list of plugins that support the read operation
    Set configuredPluginClasses = idrepoCache.getIdRepoPlugins(amOrgName, IdOperation.READ, type);
    if ((configuredPluginClasses == null) || configuredPluginClasses.isEmpty()) {
        throw new IdRepoException(IdRepoBundle.BUNDLE_NAME, IdRepoErrorCode.NO_PLUGINS_CONFIGURED, null);
    }
    // Verify if it is an internal/special identity
    // to avoid calling other plugins for special users
    Set attrMapsSet = new HashSet();
    if (isSpecialIdentity(token, name, type, amOrgName)) {
        try {
            for (Iterator items = configuredPluginClasses.iterator(); items.hasNext(); ) {
                IdRepo idRepo = (IdRepo) items.next();
                if (idRepo.getClass().getName().equals(IdConstants.SPECIAL_PLUGIN)) {
                    attrMapsSet.add(idRepo.getAttributes(token, type, name, attrNames));
                    return (combineAttrMaps(attrMapsSet, true));
                }
            }
        } catch (Exception e) {
        // Ignore and continue
        }
    }
    Iterator it = configuredPluginClasses.iterator();
    int noOfSuccess = configuredPluginClasses.size();
    IdRepo idRepo;
    while (it.hasNext()) {
        idRepo = (IdRepo) it.next();
        try {
            Map cMap = idRepo.getConfiguration();
            // do stuff to map attr names.
            Set mappedAttributeNames = mapAttributeNames(attrNames, cMap);
            Map aMap = null;
            if (idRepo.getClass().getName().equals(IdConstants.AMSDK_PLUGIN) && amsdkDN != null) {
                if (isString) {
                    aMap = idRepo.getAttributes(token, type, amsdkDN, mappedAttributeNames);
                } else {
                    aMap = idRepo.getBinaryAttributes(token, type, amsdkDN, mappedAttributeNames);
                }
            } else {
                if (isString) {
                    aMap = idRepo.getAttributes(token, type, name, mappedAttributeNames);
                } else {
                    aMap = idRepo.getBinaryAttributes(token, type, name, mappedAttributeNames);
                }
            }
            aMap = reverseMapAttributeNames(aMap, cMap);
            attrMapsSet.add(aMap);
        } catch (IdRepoUnsupportedOpException ide) {
            if (DEBUG.warningEnabled()) {
                DEBUG.warning("IdServicesImpl.getAttributes: " + "Unable to read identity in the following " + "repository " + idRepo.getClass().getName() + " :: " + ide.getMessage());
            }
            noOfSuccess--;
            origEx = (origEx == null) ? ide : origEx;
        } catch (IdRepoFatalException idf) {
            // fatal ..throw it all the way up
            DEBUG.error("GetAttributes: Fatal Exception ", idf);
            throw idf;
        } catch (IdRepoException ide) {
            if (idRepo != null && DEBUG.warningEnabled()) {
                DEBUG.warning("IdServicesImpl.getAttributes: " + "Unable to read identity in the following " + "repository " + idRepo.getClass().getName() + " :: " + ide.getMessage());
            }
            noOfSuccess--;
            origEx = (origEx == null) ? ide : origEx;
        }
    }
    if (noOfSuccess == 0) {
        if (DEBUG.warningEnabled()) {
            DEBUG.warning("idServicesImpl.getAttributes: " + "Unable to get attributes for identity " + type.getName() + ", " + name + " in any configured data store", origEx);
        }
        throw origEx;
    }
    return combineAttrMaps(attrMapsSet, isString);
}
Also used : IdRepoUnsupportedOpException(com.sun.identity.idm.IdRepoUnsupportedOpException) Set(java.util.Set) OrderedSet(com.sun.identity.shared.datastruct.OrderedSet) CaseInsensitiveHashSet(com.sun.identity.common.CaseInsensitiveHashSet) HashSet(java.util.HashSet) IdRepo(com.sun.identity.idm.IdRepo) IdRepoException(com.sun.identity.idm.IdRepoException) Iterator(java.util.Iterator) Map(java.util.Map) AMHashMap(com.iplanet.am.sdk.AMHashMap) HashMap(java.util.HashMap) CaseInsensitiveHashMap(com.sun.identity.common.CaseInsensitiveHashMap) DelegationException(com.sun.identity.delegation.DelegationException) IdRepoUnsupportedOpException(com.sun.identity.idm.IdRepoUnsupportedOpException) IdRepoFatalException(com.sun.identity.idm.IdRepoFatalException) AuthLoginException(com.sun.identity.authentication.spi.AuthLoginException) SSOException(com.iplanet.sso.SSOException) IdRepoException(com.sun.identity.idm.IdRepoException) SMSException(com.sun.identity.sm.SMSException) IdRepoFatalException(com.sun.identity.idm.IdRepoFatalException) CaseInsensitiveHashSet(com.sun.identity.common.CaseInsensitiveHashSet) HashSet(java.util.HashSet)

Example 12 with IdRepoFatalException

use of com.sun.identity.idm.IdRepoFatalException in project OpenAM by OpenRock.

the class AMSDKRepo method setAttributes.

/**
     * Sets the Attributes of the named identity. the single sign on
     * token must have the necessary permission to set the attributes.
     *
     * @param token
     *            single sign on token for this operation.
     * @param type
     *            type of the identity
     * @param name
     *            name of the identity
     * @param attributes
     *            attributes to set.
     * @param isAdd
     *            should attributes values be added to existing values.
     * @throws IdRepoException
     *             if there are repository related error conditions.
     * @throws SSOException
     *             if user's single sign on token is invalid.
     */
public void setAttributes(SSOToken token, IdType type, String name, Map attributes, boolean isAdd) throws IdRepoException, SSOException {
    if (debug.messageEnabled()) {
        if (attributes.containsKey("userpassword")) {
            AMHashMap removedPasswd = new AMHashMap();
            removedPasswd.copy(attributes);
            removedPasswd.remove("userpassword");
            removedPasswd.put("userpassword", "xxx...");
            debug.message("AMSDKRepo: setAttributes called" + type + ": " + name + ": " + removedPasswd);
        } else {
            debug.message("AMSDKRepo: setAttributes called" + type + ": " + name + ": " + attributes);
        }
    }
    if (attributes == null || attributes.isEmpty()) {
        throw new IdRepoException(IdRepoBundle.BUNDLE_NAME, IdRepoErrorCode.ILLEGAL_ARGUMENTS, null);
    }
    String dn = getDN(type, name);
    int profileType = getProfileType(type);
    try {
        if (adminToken != null) {
            token = adminToken;
        }
        IDirectoryServices dsServices = AMDirectoryAccessFactory.getDirectoryServices();
        dsServices.setAttributes(token, dn, profileType, attributes, null, false);
    } catch (AMException ame) {
        debug.error("AMSDKRepo.setAttributes: Unable to set attributes", ame);
        String ldapError = ame.getLDAPErrorCode();
        String errorMessage = ame.getMessage();
        int errCode = Integer.parseInt(ldapError);
        if (ResultCode.CONSTRAINT_VIOLATION.equals(ResultCode.valueOf(errCode))) {
            Object[] args = { this.getClass().getName(), ldapError, errorMessage };
            //as it breaks password policy for password length.
            throw new IdRepoFatalException(IdRepoBundle.BUNDLE_NAME, IdRepoErrorCode.LDAP_EXCEPTION, ResultCode.CONSTRAINT_VIOLATION, args);
        } else {
            throw IdUtils.convertAMException(ame);
        }
    }
}
Also used : IDirectoryServices(com.iplanet.am.sdk.common.IDirectoryServices) IdRepoException(com.sun.identity.idm.IdRepoException) IdRepoFatalException(com.sun.identity.idm.IdRepoFatalException)

Example 13 with IdRepoFatalException

use of com.sun.identity.idm.IdRepoFatalException in project OpenAM by OpenRock.

the class IdServicesImpl method create.

public AMIdentity create(SSOToken token, IdType type, String name, Map attrMap, String amOrgName) throws IdRepoException, SSOException {
    if (hasBookendSpaces(name)) {
        throw new IdRepoException(IdRepoBundle.BUNDLE_NAME, IdRepoErrorCode.NO_SPACE_IDENTITY_NAMES, null);
    }
    if (type.equals(IdType.REALM)) {
        return createRealmIdentity(token, type, name, attrMap, amOrgName);
    }
    IdRepoException origEx = null;
    // First get the list of plugins that support the create operation.
    // Check permission first. If allowed then proceed, else the
    // checkPermission method throws an "402" exception.
    checkPermission(token, amOrgName, name, attrMap.keySet(), IdOperation.CREATE, type);
    if (type.equals(IdType.USER)) {
        IdRepoAttributeValidator attrValidator = IdRepoAttributeValidatorManager.getInstance().getIdRepoAttributeValidator(amOrgName);
        attrValidator.validateAttributes(attrMap, IdOperation.CREATE);
    }
    String amsdkdn = null;
    Set configuredPluginClasses = idrepoCache.getIdRepoPlugins(amOrgName, IdOperation.CREATE, type);
    if ((configuredPluginClasses == null) || configuredPluginClasses.isEmpty()) {
        throw new IdRepoException(IdRepoBundle.BUNDLE_NAME, IdRepoErrorCode.NO_PLUGINS_CONFIGURED, null);
    }
    Iterator it = configuredPluginClasses.iterator();
    int noOfSuccess = configuredPluginClasses.size();
    IdRepo idRepo;
    while (it.hasNext()) {
        idRepo = (IdRepo) it.next();
        try {
            // do stuff to map attr
            Map cMap = idRepo.getConfiguration();
            // names.
            Map mappedAttributes = mapAttributeNames(attrMap, cMap);
            String representation = idRepo.create(token, type, name, mappedAttributes);
            if (idRepo.getClass().getName().equals(IdConstants.AMSDK_PLUGIN)) {
                amsdkdn = representation;
            }
        } catch (IdRepoUnsupportedOpException ide) {
            if (idRepo != null && DEBUG.warningEnabled()) {
                DEBUG.warning("IdServicesImpl.create: " + "Unable to create identity in the" + " following repository " + idRepo.getClass().getName() + ":: " + ide.getMessage());
            }
            noOfSuccess--;
            origEx = (origEx == null) ? ide : origEx;
        } catch (IdRepoFatalException idf) {
            // fatal ..throw it all the way up
            DEBUG.error("IdServicesImpl.create: " + "Create: Fatal Exception", idf);
            throw idf;
        } catch (IdRepoException ide) {
            if (idRepo != null && DEBUG.warningEnabled()) {
                DEBUG.warning("IdServicesImpl.create: " + "Unable to create identity in the following " + "repository " + idRepo.getClass().getName() + " :: " + ide.getMessage());
            }
            noOfSuccess--;
            origEx = (origEx == null) ? ide : origEx;
        }
    }
    AMIdentity id = new AMIdentity(token, name, type, amOrgName, amsdkdn);
    if (noOfSuccess == 0) {
        if (DEBUG.warningEnabled()) {
            DEBUG.warning("IdServicesImpl.create: " + "Unable to create identity " + type.getName() + " :: " + name + " in any of the configured data stores", origEx);
        }
        throw origEx;
    } else {
        return id;
    }
}
Also used : IdRepoUnsupportedOpException(com.sun.identity.idm.IdRepoUnsupportedOpException) Set(java.util.Set) OrderedSet(com.sun.identity.shared.datastruct.OrderedSet) CaseInsensitiveHashSet(com.sun.identity.common.CaseInsensitiveHashSet) HashSet(java.util.HashSet) IdRepo(com.sun.identity.idm.IdRepo) AMIdentity(com.sun.identity.idm.AMIdentity) IdRepoException(com.sun.identity.idm.IdRepoException) Iterator(java.util.Iterator) Map(java.util.Map) AMHashMap(com.iplanet.am.sdk.AMHashMap) HashMap(java.util.HashMap) CaseInsensitiveHashMap(com.sun.identity.common.CaseInsensitiveHashMap) IdRepoFatalException(com.sun.identity.idm.IdRepoFatalException)

Example 14 with IdRepoFatalException

use of com.sun.identity.idm.IdRepoFatalException in project OpenAM by OpenRock.

the class IdServicesImpl method search.

@Override
public IdSearchResults search(SSOToken token, IdType type, IdSearchControl ctrl, String amOrgName, CrestQuery crestQuery) throws IdRepoException, SSOException {
    IdRepoException origEx = null;
    // Check permission first. If allowed then proceed, else the
    // checkPermission method throws an "402" exception.
    // In the case of web services security (wss), a search is performed
    // with the identity of shared agent and  a filter.
    // Since shared agents do not have search permissions, might have to
    // use admintoken and check permissions on matched objects.
    boolean checkPermissionOnObjects = false;
    SSOToken userToken = token;
    try {
        checkPermission(token, amOrgName, null, null, IdOperation.READ, type);
    } catch (IdRepoException ire) {
        // If permission denied and control has search filters
        // perform the search and check permissions on the matched objects
        Map filter = ctrl.getSearchModifierMap();
        if ((!ire.getErrorCode().equals(IdRepoErrorCode.ACCESS_DENIED)) || (filter == null) || (filter.isEmpty())) {
            throw (ire);
        }
        // Check permissions after obtaining the matched objects
        checkPermissionOnObjects = true;
        token = (SSOToken) AccessController.doPrivileged(AdminTokenAction.getInstance());
    }
    // First get the list of plugins that support the create operation.
    Set configuredPluginClasses = idrepoCache.getIdRepoPlugins(amOrgName, IdOperation.READ, type);
    if ((configuredPluginClasses == null) || configuredPluginClasses.isEmpty()) {
        throw new IdRepoException(IdRepoBundle.BUNDLE_NAME, IdRepoErrorCode.NO_PLUGINS_CONFIGURED, null);
    }
    Iterator it = configuredPluginClasses.iterator();
    int noOfSuccess = configuredPluginClasses.size();
    IdRepo idRepo;
    Object[][] amsdkResults = new Object[1][2];
    boolean amsdkIncluded = false;
    Object[][] arrayOfResult = new Object[noOfSuccess][2];
    int iterNo = 0;
    int maxTime = ctrl.getTimeOut();
    int maxResults = ctrl.getMaxResults();
    Set returnAttrs = ctrl.getReturnAttributes();
    boolean returnAllAttrs = ctrl.isGetAllReturnAttributesEnabled();
    IdSearchOpModifier modifier = ctrl.getSearchModifier();
    int filterOp = IdRepo.NO_MOD;
    if (modifier.equals(IdSearchOpModifier.AND)) {
        filterOp = IdRepo.AND_MOD;
    } else if (modifier.equals(IdSearchOpModifier.OR)) {
        filterOp = IdRepo.OR_MOD;
    }
    Map avPairs = ctrl.getSearchModifierMap();
    boolean recursive = ctrl.isRecursive();
    while (it.hasNext()) {
        idRepo = (IdRepo) it.next();
        try {
            Map cMap = idRepo.getConfiguration();
            RepoSearchResults results;
            results = idRepo.search(token, type, crestQuery, maxTime, maxResults, returnAttrs, returnAllAttrs, filterOp, avPairs, recursive);
            if (idRepo.getClass().getName().equals(IdConstants.AMSDK_PLUGIN)) {
                amsdkResults[0][0] = results;
                amsdkResults[0][1] = cMap;
                amsdkIncluded = true;
            } else {
                arrayOfResult[iterNo][0] = results;
                arrayOfResult[iterNo][1] = cMap;
                iterNo++;
            }
        } catch (IdRepoUnsupportedOpException ide) {
            if (idRepo != null && DEBUG.warningEnabled()) {
                DEBUG.warning("IdServicesImpl.search: " + "Unable to search in the following repository " + idRepo.getClass().getName() + " :: " + ide.getMessage());
            }
            noOfSuccess--;
            origEx = (origEx == null) ? ide : origEx;
        } catch (IdRepoFatalException idf) {
            // fatal ..throw it all the way up
            DEBUG.error("IdServicesImpl.search: Fatal Exception ", idf);
            throw idf;
        } catch (IdRepoException ide) {
            if (idRepo != null && DEBUG.warningEnabled()) {
                DEBUG.warning("IdServicesImpl.search: " + "Unable to search identity in the following" + " repository " + idRepo.getClass().getName() + " :: " + ide.getMessage());
            }
            noOfSuccess--;
            origEx = (origEx == null) ? ide : origEx;
        }
    }
    if (noOfSuccess == 0) {
        if (DEBUG.warningEnabled()) {
            DEBUG.warning("IdServicesImpl.search: " + "Unable to search for identity " + type.getName() + ":: using " + crestQuery + " in any configured data store", origEx);
        }
        throw origEx;
    }
    IdSearchResults res = combineSearchResults(token, arrayOfResult, iterNo, type, amOrgName, amsdkIncluded, amsdkResults);
    if (checkPermissionOnObjects) {
        IdSearchResults newRes = new IdSearchResults(type, amOrgName);
        Map idWithAttrs = res.getResultAttributes();
        for (Iterator items = idWithAttrs.keySet().iterator(); items.hasNext(); ) {
            AMIdentity id = (AMIdentity) items.next();
            try {
                checkPermission(userToken, amOrgName, id.getName(), returnAttrs, IdOperation.READ, type);
                // Permission checked, add to newRes
                newRes.addResult(id, (Map) idWithAttrs.get(id));
            } catch (Exception e) {
            // Ignore & continue
            }
        }
        res = newRes;
    }
    return res;
}
Also used : SSOToken(com.iplanet.sso.SSOToken) Set(java.util.Set) OrderedSet(com.sun.identity.shared.datastruct.OrderedSet) CaseInsensitiveHashSet(com.sun.identity.common.CaseInsensitiveHashSet) HashSet(java.util.HashSet) IdSearchResults(com.sun.identity.idm.IdSearchResults) IdRepoException(com.sun.identity.idm.IdRepoException) IdSearchOpModifier(com.sun.identity.idm.IdSearchOpModifier) IdRepoFatalException(com.sun.identity.idm.IdRepoFatalException) DelegationException(com.sun.identity.delegation.DelegationException) IdRepoUnsupportedOpException(com.sun.identity.idm.IdRepoUnsupportedOpException) IdRepoFatalException(com.sun.identity.idm.IdRepoFatalException) AuthLoginException(com.sun.identity.authentication.spi.AuthLoginException) SSOException(com.iplanet.sso.SSOException) IdRepoException(com.sun.identity.idm.IdRepoException) SMSException(com.sun.identity.sm.SMSException) IdRepoUnsupportedOpException(com.sun.identity.idm.IdRepoUnsupportedOpException) IdRepo(com.sun.identity.idm.IdRepo) AMIdentity(com.sun.identity.idm.AMIdentity) Iterator(java.util.Iterator) RepoSearchResults(com.sun.identity.idm.RepoSearchResults) Map(java.util.Map) AMHashMap(com.iplanet.am.sdk.AMHashMap) HashMap(java.util.HashMap) CaseInsensitiveHashMap(com.sun.identity.common.CaseInsensitiveHashMap)

Example 15 with IdRepoFatalException

use of com.sun.identity.idm.IdRepoFatalException in project OpenAM by OpenRock.

the class IdServicesImpl method modifyService.

public void modifyService(SSOToken token, IdType type, String name, String serviceName, SchemaType stype, Map attrMap, String amOrgName, String amsdkDN) throws IdRepoException, SSOException {
    // Check permission first. If allowed then proceed, else the
    // checkPermission method throws an "402" exception.
    checkPermission(token, amOrgName, name, attrMap.keySet(), IdOperation.SERVICE, type);
    // Get the list of plugins that support the service operation.
    Set configuredPluginClasses = idrepoCache.getIdRepoPlugins(amOrgName, IdOperation.SERVICE, type);
    if ((configuredPluginClasses == null) || configuredPluginClasses.isEmpty()) {
        throw new IdRepoException(IdRepoBundle.BUNDLE_NAME, IdRepoErrorCode.NO_PLUGINS_CONFIGURED, null);
    }
    Iterator it = configuredPluginClasses.iterator();
    int noOfSuccess = configuredPluginClasses.size();
    IdRepo idRepo = null;
    while (it.hasNext()) {
        IdRepo repo = (IdRepo) it.next();
        Map cMap = repo.getConfiguration();
        try {
            Map mappedAttributes = mapAttributeNames(attrMap, cMap);
            if (repo.getClass().getName().equals(IdConstants.AMSDK_PLUGIN) && amsdkDN != null) {
                repo.modifyService(token, type, amsdkDN, serviceName, stype, mappedAttributes);
            } else {
                repo.modifyService(token, type, name, serviceName, stype, mappedAttributes);
            }
        } catch (IdRepoUnsupportedOpException ide) {
            if (idRepo != null && DEBUG.messageEnabled()) {
                DEBUG.message("IdServicesImpl.modifyService: " + "Modify Services not supported for repository " + repo.getClass().getName() + " :: " + ide.getMessage());
            }
            noOfSuccess--;
        } catch (IdRepoFatalException idf) {
            // fatal ..throw it all the way up
            DEBUG.error("IdServicesImpl.modifyService: Fatal Exception ", idf);
            throw idf;
        } catch (IdRepoException ide) {
            if (idRepo != null && DEBUG.warningEnabled()) {
                DEBUG.warning("IdServicesImpl.modifyService: " + "Unable to modify service in the " + "following repository " + idRepo.getClass().getName() + " :: " + ide.getMessage());
            }
            noOfSuccess--;
        }
    }
    if (noOfSuccess == 0) {
        if (DEBUG.warningEnabled()) {
            DEBUG.warning("IdServicesImpl.modifyService: " + "Unable to modify service attributes for identity " + type.getName() + "::" + name + " in any configured data store");
        }
        Object[] args = { IdOperation.SERVICE.toString() };
        throw new IdRepoUnsupportedOpException(IdRepoBundle.BUNDLE_NAME, IdRepoErrorCode.OPERATION_NOT_SUPPORTED, args);
    }
}
Also used : IdRepoUnsupportedOpException(com.sun.identity.idm.IdRepoUnsupportedOpException) Set(java.util.Set) OrderedSet(com.sun.identity.shared.datastruct.OrderedSet) CaseInsensitiveHashSet(com.sun.identity.common.CaseInsensitiveHashSet) HashSet(java.util.HashSet) IdRepo(com.sun.identity.idm.IdRepo) IdRepoException(com.sun.identity.idm.IdRepoException) Iterator(java.util.Iterator) Map(java.util.Map) AMHashMap(com.iplanet.am.sdk.AMHashMap) HashMap(java.util.HashMap) CaseInsensitiveHashMap(com.sun.identity.common.CaseInsensitiveHashMap) IdRepoFatalException(com.sun.identity.idm.IdRepoFatalException)

Aggregations

IdRepoException (com.sun.identity.idm.IdRepoException)20 IdRepoFatalException (com.sun.identity.idm.IdRepoFatalException)20 HashSet (java.util.HashSet)19 CaseInsensitiveHashSet (com.sun.identity.common.CaseInsensitiveHashSet)18 IdRepo (com.sun.identity.idm.IdRepo)18 IdRepoUnsupportedOpException (com.sun.identity.idm.IdRepoUnsupportedOpException)18 Set (java.util.Set)18 OrderedSet (com.sun.identity.shared.datastruct.OrderedSet)17 Iterator (java.util.Iterator)17 CaseInsensitiveHashMap (com.sun.identity.common.CaseInsensitiveHashMap)12 HashMap (java.util.HashMap)12 Map (java.util.Map)12 AMHashMap (com.iplanet.am.sdk.AMHashMap)11 SSOException (com.iplanet.sso.SSOException)6 AuthLoginException (com.sun.identity.authentication.spi.AuthLoginException)5 DelegationException (com.sun.identity.delegation.DelegationException)5 SMSException (com.sun.identity.sm.SMSException)5 AMIdentity (com.sun.identity.idm.AMIdentity)3 IDirectoryServices (com.iplanet.am.sdk.common.IDirectoryServices)1 SSOToken (com.iplanet.sso.SSOToken)1