use of com.sun.identity.idm.IdRepoFatalException in project OpenAM by OpenRock.
the class IdServicesImpl method removeAttributes.
/*
* (non-Javadoc)
*/
public void removeAttributes(SSOToken token, IdType type, String name, Set attrNames, String amOrgName, String amsdkDN) throws IdRepoException, SSOException {
IdRepoException origEx = null;
// Check permission first. If allowed then proceed, else the
// checkPermission method throws an "402" exception.
checkPermission(token, amOrgName, name, attrNames, IdOperation.EDIT, type);
// First get the list of plugins that support the create operation.
Set configuredPluginClasses = idrepoCache.getIdRepoPlugins(amOrgName, IdOperation.EDIT, type);
if ((configuredPluginClasses == null) || configuredPluginClasses.isEmpty()) {
throw new IdRepoException(IdRepoBundle.BUNDLE_NAME, IdRepoErrorCode.NO_PLUGINS_CONFIGURED, null);
}
Iterator it = configuredPluginClasses.iterator();
int noOfSuccess = configuredPluginClasses.size();
while (it.hasNext()) {
IdRepo idRepo = (IdRepo) it.next();
try {
Map cMap = idRepo.getConfiguration();
// do stuff to map attr names.
Set mappedAttributeNames = mapAttributeNames(attrNames, cMap);
if (idRepo.getClass().getName().equals(IdConstants.AMSDK_PLUGIN) && (amsdkDN != null)) {
idRepo.removeAttributes(token, type, amsdkDN, mappedAttributeNames);
} else {
idRepo.removeAttributes(token, type, name, mappedAttributeNames);
}
} catch (IdRepoUnsupportedOpException ide) {
if (idRepo != null && DEBUG.warningEnabled()) {
DEBUG.warning("IdServicesImpl.removeAttributes: " + "Unable to modify identity in the following " + "repository " + idRepo.getClass().getName() + " :: " + ide.getMessage());
}
noOfSuccess--;
origEx = (origEx == null) ? ide : origEx;
} catch (IdRepoFatalException idf) {
// fatal ..throw it all the way up
DEBUG.error("IdServicesImpl.removeAttributes: " + "Fatal Exception ", idf);
throw idf;
} catch (IdRepoException ide) {
if (idRepo != null && DEBUG.warningEnabled()) {
DEBUG.warning("IdServicesImpl.removeAttributes: " + "Unable to remove attributes in the following " + "repository " + idRepo.getClass().getName() + " :: " + ide.getMessage());
}
noOfSuccess--;
// all the ds and this entry might exist in one of the other ds.
if (!ide.getErrorCode().equalsIgnoreCase(IdRepoErrorCode.UNABLE_FIND_ENTRY) || (origEx == null)) {
origEx = ide;
}
}
}
if (noOfSuccess == 0) {
if (DEBUG.warningEnabled()) {
DEBUG.warning("IdServicesImpl.removeAttributes: " + "Unable to remove attributes for identity " + type.getName() + "::" + name + " in any configured data store", origEx);
}
throw origEx;
}
}
use of com.sun.identity.idm.IdRepoFatalException in project OpenAM by OpenRock.
the class IdServicesImpl method getAttributes.
/*
* (non-Javadoc)
*/
public Map getAttributes(SSOToken token, IdType type, String name, String amOrgName, String amsdkDN) throws IdRepoException, SSOException {
IdRepoException origEx = null;
// Check permission first. If allowed then proceed, else the
// checkPermission method throws an "402" exception.
checkPermission(token, amOrgName, name, null, IdOperation.READ, type);
// Get the list of plugins that support the read operation.
Set configuredPluginClasses = idrepoCache.getIdRepoPlugins(amOrgName, IdOperation.READ, type);
if ((configuredPluginClasses == null) || configuredPluginClasses.isEmpty()) {
throw new IdRepoException(IdRepoBundle.BUNDLE_NAME, IdRepoErrorCode.NO_PLUGINS_CONFIGURED, null);
}
// Verify if it is an internal/special identity
// to avoid calling other plugins for special users
Set attrMapsSet = new HashSet();
if (isSpecialIdentity(token, name, type, amOrgName)) {
try {
for (Iterator items = configuredPluginClasses.iterator(); items.hasNext(); ) {
IdRepo idRepo = (IdRepo) items.next();
if (idRepo.getClass().getName().equals(IdConstants.SPECIAL_PLUGIN)) {
attrMapsSet.add(idRepo.getAttributes(token, type, name));
return (combineAttrMaps(attrMapsSet, true));
}
}
} catch (Exception e) {
// Ignore and continue
}
}
Iterator it = configuredPluginClasses.iterator();
int noOfSuccess = configuredPluginClasses.size();
while (it.hasNext()) {
IdRepo idRepo = (IdRepo) it.next();
try {
Map cMap = idRepo.getConfiguration();
Map aMap = null;
if (idRepo.getClass().getName().equals(IdConstants.AMSDK_PLUGIN) && (amsdkDN != null)) {
aMap = idRepo.getAttributes(token, type, amsdkDN);
} else {
aMap = idRepo.getAttributes(token, type, name);
}
if (DEBUG.messageEnabled()) {
DEBUG.message("IdServicesImpl.getAttributes: " + "before reverseMapAttributeNames aMap=" + IdRepoUtils.getAttrMapWithoutPasswordAttrs(aMap, null));
}
aMap = reverseMapAttributeNames(aMap, cMap);
attrMapsSet.add(aMap);
if (DEBUG.messageEnabled()) {
for (Iterator iter = attrMapsSet.iterator(); iter.hasNext(); ) {
Map attrMap = (Map) iter.next();
DEBUG.message("IdServicesImpl.getAttributes: " + "after before reverseMapAttributeNames attrMapsSet=" + IdRepoUtils.getAttrMapWithoutPasswordAttrs(attrMap, null));
}
}
} catch (IdRepoUnsupportedOpException ide) {
if (idRepo != null && DEBUG.warningEnabled()) {
DEBUG.warning("IdServicesImpl.getAttributes: " + "Unable to read identity in the following " + "repository " + idRepo.getClass().getName() + " :: " + ide.getMessage());
}
noOfSuccess--;
origEx = (origEx == null) ? ide : origEx;
} catch (IdRepoFatalException idf) {
// fatal ..throw it all the way up
DEBUG.error("IdServicesImpl.getAttributes: " + "Fatal Exception ", idf);
throw idf;
} catch (IdRepoException ide) {
if (idRepo != null && DEBUG.warningEnabled()) {
DEBUG.warning("IdServicesImpl.getAttributes: " + "Unable to read identity in the following " + "repository " + idRepo.getClass().getName() + " :: " + ide.getMessage());
}
noOfSuccess--;
origEx = (origEx == null) ? ide : origEx;
}
}
if (noOfSuccess == 0) {
if (DEBUG.warningEnabled()) {
DEBUG.warning("IdServicesImpl.getAttributes: " + "Unable to get attributes for identity " + type.getName() + "::" + name + " in any configured data store", origEx);
}
throw origEx;
} else {
Map returnMap = combineAttrMaps(attrMapsSet, true);
if (DEBUG.warningEnabled()) {
DEBUG.warning("IdServicesImpl.getAttributes exit: returnMap=" + IdRepoUtils.getAttrMapWithoutPasswordAttrs(returnMap, null));
}
return returnMap;
}
}
use of com.sun.identity.idm.IdRepoFatalException in project OpenAM by OpenRock.
the class IdServicesImpl method getMemberships.
/*
* (non-Javadoc)
*/
public Set getMemberships(SSOToken token, IdType type, String name, IdType membershipType, String amOrgName, String amsdkDN) throws IdRepoException, SSOException {
IdRepoException origEx = null;
// Check permission first. If allowed then proceed, else the
// checkPermission method throws an "402" exception.
checkPermission(token, amOrgName, name, null, IdOperation.READ, type);
// Get the list of plugins that support the read operation.
Set configuredPluginClasses = idrepoCache.getIdRepoPlugins(amOrgName, IdOperation.READ, type);
if ((configuredPluginClasses == null) || configuredPluginClasses.isEmpty()) {
throw new IdRepoException(IdRepoBundle.BUNDLE_NAME, IdRepoErrorCode.NO_PLUGINS_CONFIGURED, null);
}
// If Special Identity, call SpecialRepo
if (isSpecialIdentity(token, name, type, amOrgName)) {
try {
for (Iterator items = configuredPluginClasses.iterator(); items.hasNext(); ) {
IdRepo idRepo = (IdRepo) items.next();
if (idRepo.getClass().getName().equals(IdConstants.SPECIAL_PLUGIN)) {
return (idRepo.getMemberships(token, type, name, membershipType));
}
}
} catch (Exception e) {
// Ignore and continue
}
}
Iterator it = configuredPluginClasses.iterator();
int noOfSuccess = configuredPluginClasses.size();
Set membershipsSet = new HashSet();
Set amsdkMemberShips = new HashSet();
boolean amsdkIncluded = false;
while (it.hasNext()) {
IdRepo idRepo = (IdRepo) it.next();
if (!idRepo.getSupportedTypes().contains(membershipType) || idRepo.getClass().getName().equals(IdConstants.SPECIAL_PLUGIN)) {
// IdRepo plugin does not support the idType for
// memberships
noOfSuccess--;
continue;
}
try {
boolean isAMSDK = idRepo.getClass().getName().equals(IdConstants.AMSDK_PLUGIN);
Set members = (isAMSDK && (amsdkDN != null)) ? idRepo.getMemberships(token, type, amsdkDN, membershipType) : idRepo.getMemberships(token, type, name, membershipType);
if (isAMSDK) {
amsdkMemberShips.addAll(members);
amsdkIncluded = true;
} else {
membershipsSet.add(members);
}
} catch (IdRepoUnsupportedOpException ide) {
if (DEBUG.warningEnabled()) {
DEBUG.warning("IdServicesImpl.getMemberships: " + "Unable to get memberships in the following " + "repository " + idRepo.getClass().getName() + " :: " + ide.getMessage());
}
noOfSuccess--;
origEx = (origEx == null) ? ide : origEx;
} catch (IdRepoFatalException idf) {
// fatal ..throw it all the way up
DEBUG.error("IdServicesImpl.getMemberships: " + "Fatal Exception ", idf);
throw idf;
} catch (IdRepoException ide) {
if (DEBUG.warningEnabled()) {
DEBUG.warning("IdServicesImpl.getMemberships: " + "Unable to read identity in the following " + "repository " + idRepo.getClass().getName(), ide);
}
noOfSuccess--;
origEx = (origEx == null) ? ide : origEx;
}
}
if (noOfSuccess == 0) {
if (DEBUG.warningEnabled()) {
DEBUG.warning("IdServicesImpl.getMemberships: " + "Unable to get members for identity " + type.getName() + "::" + name + " in any configured data store", origEx);
}
if (origEx != null) {
throw origEx;
} else {
return (Collections.EMPTY_SET);
}
} else {
Set results = combineMembers(token, membershipsSet, membershipType, amOrgName, amsdkIncluded, amsdkMemberShips);
return results;
}
}
use of com.sun.identity.idm.IdRepoFatalException in project OpenAM by OpenRock.
the class IdServicesImpl method getServiceAttributes.
public Map getServiceAttributes(SSOToken token, IdType type, String name, String serviceName, Set attrNames, String amOrgName, String amsdkDN, boolean isString) throws IdRepoException, SSOException {
// Check permission first. If allowed then proceed, else the
// checkPermission method throws an "402" exception.
checkPermission(token, amOrgName, name, attrNames, IdOperation.READ, type);
// First get the list of plugins that support the create operation.
// use IdOperation.READ insteadof IdOperation.SERVICE. IdRepo for
// AD doesn't support SERVICE because service object classes can't
// exist in user entry. So IdRepo.getServiceAttributes won't get
// user attributes. But IdRepo.getServiceAttributes will also read
// realm service attributes. We should move the code that reads
// ealm service attributes in IdRepo.getServiceAttributes to this class
// later. Only after that we can use IdOperation.SERVICE.
Set configuredPluginClasses = idrepoCache.getIdRepoPlugins(amOrgName, IdOperation.READ, type);
if (configuredPluginClasses == null || configuredPluginClasses.isEmpty()) {
throw new IdRepoException(IdRepoBundle.BUNDLE_NAME, IdRepoErrorCode.NO_PLUGINS_CONFIGURED, null);
}
Iterator it = configuredPluginClasses.iterator();
int noOfSuccess = configuredPluginClasses.size();
IdRepo idRepo = null;
Set resultsSet = new HashSet();
IdRepoException origEx = null;
while (it.hasNext()) {
IdRepo repo = (IdRepo) it.next();
Map cMap = repo.getConfiguration();
try {
Map attrs = null;
if (repo.getClass().getName().equals(IdConstants.AMSDK_PLUGIN) && amsdkDN != null) {
attrs = (isString ? repo.getServiceAttributes(token, type, amsdkDN, serviceName, attrNames) : repo.getBinaryServiceAttributes(token, type, amsdkDN, serviceName, attrNames));
} else {
attrs = (isString ? repo.getServiceAttributes(token, type, name, serviceName, attrNames) : repo.getBinaryServiceAttributes(token, type, name, serviceName, attrNames));
}
attrs = reverseMapAttributeNames(attrs, cMap);
resultsSet.add(attrs);
} catch (IdRepoUnsupportedOpException ide) {
if (idRepo != null && DEBUG.messageEnabled()) {
DEBUG.message("IdServicesImpl.getServiceAttributes: " + "Services not supported for repository " + repo.getClass().getName() + " :: " + ide.getMessage());
}
noOfSuccess--;
origEx = (origEx == null) ? ide : origEx;
} catch (IdRepoFatalException idf) {
// fatal ..throw it all the way up
DEBUG.error("IdServicesImpl.getServiceAttributes: Fatal Exception ", idf);
throw idf;
} catch (IdRepoException ide) {
if (idRepo != null && DEBUG.warningEnabled()) {
DEBUG.warning("IdServicesImpl.getServiceAttributes: " + "Unable to get service " + "attributes for the repository " + idRepo.getClass().getName() + " :: " + ide.getMessage());
}
noOfSuccess--;
origEx = (origEx == null) ? ide : origEx;
}
}
if (noOfSuccess == 0) {
if (DEBUG.warningEnabled()) {
DEBUG.warning("IdServicesImpl.getServiceAttributes: " + "Unable to get service attributes for identity " + type.getName() + "::" + name + " in any configured data store", origEx);
}
throw origEx;
} else {
Map resultsMap = combineAttrMaps(resultsSet, isString);
return resultsMap;
}
}
use of com.sun.identity.idm.IdRepoFatalException in project OpenAM by OpenRock.
the class IdServicesImpl method isActive.
public boolean isActive(SSOToken token, IdType type, String name, String amOrgName, String amsdkDN) throws SSOException, IdRepoException {
IdRepoException origEx = null;
// Check permission first. If allowed then proceed, else the
// checkPermission method throws an "402" exception.
checkPermission(token, amOrgName, name, null, IdOperation.READ, type);
// First get the list of plugins that support the create operation.
Set configuredPluginClasses = idrepoCache.getIdRepoPlugins(amOrgName, IdOperation.READ, type);
if ((configuredPluginClasses == null) || configuredPluginClasses.isEmpty()) {
throw new IdRepoException(IdRepoBundle.BUNDLE_NAME, IdRepoErrorCode.NO_PLUGINS_CONFIGURED, null);
}
// To avoid loading other plugins
if (isSpecialIdentity(token, name, type, amOrgName)) {
try {
for (Iterator items = configuredPluginClasses.iterator(); items.hasNext(); ) {
IdRepo idRepo = (IdRepo) items.next();
if (idRepo.getClass().getName().equals(IdConstants.SPECIAL_PLUGIN)) {
return (idRepo.isActive(token, type, name));
}
}
} catch (Exception idm) {
// Ignore exception
}
}
// Iterator through the plugins
Iterator it = configuredPluginClasses.iterator();
int noOfSuccess = configuredPluginClasses.size();
boolean active = false;
while (it.hasNext()) {
IdRepo idRepo = (IdRepo) it.next();
try {
if (idRepo.getClass().getName().equals(IdConstants.AMSDK_PLUGIN) && (amsdkDN != null)) {
active = idRepo.isActive(token, type, amsdkDN);
} else if (idRepo.getClass().getName().equals(IdConstants.SPECIAL_PLUGIN)) {
// Already checked above
noOfSuccess--;
continue;
} else {
active = idRepo.isActive(token, type, name);
}
if (active) {
break;
}
} catch (IdRepoFatalException idf) {
// fatal ..throw it all the way up
DEBUG.error("IdServicesImpl.isActive: Fatal Exception ", idf);
throw idf;
} catch (IdRepoException ide) {
if (idRepo != null && DEBUG.warningEnabled()) {
DEBUG.warning("IdServicesImpl.isActive: " + "Unable to check isActive identity in the " + "following repository " + idRepo.getClass().getName() + " :: " + ide.getMessage());
}
noOfSuccess--;
origEx = (origEx == null) ? ide : origEx;
}
}
if (noOfSuccess == 0) {
if (DEBUG.warningEnabled()) {
DEBUG.warning("IdServicesImpl.isActive: " + "Unable to check if identity is active " + type.getName() + "::" + name + " in any configured data store", origEx);
}
if (origEx != null) {
throw origEx;
} else {
Object[] args = { "isActive", IdOperation.READ.getName() };
throw new IdRepoUnsupportedOpException(IdRepoBundle.BUNDLE_NAME, IdRepoErrorCode.PLUGIN_OPERATION_NOT_SUPPORTED, args);
}
}
return active;
}
Aggregations