use of com.sun.identity.idm.IdRepoUnsupportedOpException in project OpenAM by OpenRock.
the class FilesRepo method getServiceAttributes.
/*
* (non-Javadoc)
*
* @see com.sun.identity.idm.IdRepo#getServiceAttributes(
* com.iplanet.sso.SSOToken, com.sun.identity.idm.IdType,
* java.lang.String, java.lang.String, java.util.Set)
*/
private Map getServiceAttributes(SSOToken token, IdType type, String name, String serviceName, Set attrNames, boolean isString) throws IdRepoException, SSOException {
if (debug.messageEnabled()) {
debug.message("FilesRepo.getServiceAttributes called. " + name + "\n\t" + serviceName + "=" + attrNames);
}
if (initializationException != null) {
debug.error("FilesRepo.getServiceAttributes: throwing initialization exception");
throw (initializationException);
}
if (!type.equals(IdType.USER) && !type.equals(IdType.ROLE) && !type.equals(IdType.REALM)) {
// Unsupported Operation
Object[] args = { NAME, IdOperation.SERVICE.getName() };
throw new IdRepoUnsupportedOpException(IdRepoBundle.BUNDLE_NAME, IdRepoErrorCode.PLUGIN_OPERATION_NOT_SUPPORTED, args);
}
// Get attributes from Identity Object
Map results = (isString ? getAttributes(token, type, name, attrNames) : getBinaryAttributes(token, type, name, attrNames));
if (results == null) {
results = new HashMap();
}
// For types role and realm, return the attributes
if (!type.equals(IdType.USER)) {
return (results);
}
// Get the roles for the identity and add the service attributes
Set roles = getMemberships(token, type, name, IdType.ROLE);
for (Iterator items = roles.iterator(); items.hasNext(); ) {
String role = (String) items.next();
Map roleAttrs = Collections.EMPTY_MAP;
try {
roleAttrs = (isString ? getAttributes(token, IdType.ROLE, role, attrNames) : getBinaryAttributes(token, IdType.ROLE, role, attrNames));
} catch (FilesRepoEntryNotFoundException fnf) {
roleAttrs = Collections.EMPTY_MAP;
}
// Add the attributes to results
for (Iterator ris = roleAttrs.keySet().iterator(); ris.hasNext(); ) {
Object roleAttrName = ris.next();
Object roleAttrValues = (Object) roleAttrs.get(roleAttrName);
Object idAttrValues = (Object) results.get(roleAttrName);
if (idAttrValues == null) {
results.put(roleAttrName, roleAttrValues);
} else {
if (isString) {
((Set) idAttrValues).addAll((Set) roleAttrValues);
} else {
byte[][] resultsArr = (byte[][]) results.get(roleAttrName);
byte[][] roleArr = (byte[][]) roleAttrs.get(roleAttrName);
resultsArr = combineByteArray(resultsArr, roleArr);
results.put(roleAttrName, resultsArr);
}
}
}
}
// Get the service attributes for the realm and add it
Map realmAttrs = (isString ? getAttributes(token, IdType.REALM, "ContainerDefaultTemplateRole", attrNames) : getBinaryAttributes(token, IdType.REALM, "ContainerDefaultTemplateRole", attrNames));
// Add the attributes to results
for (Iterator ris = realmAttrs.keySet().iterator(); ris.hasNext(); ) {
Object realmAttrName = ris.next();
Object realmAttrValues = (Object) realmAttrs.get(realmAttrName);
Object idAttrValues = (Object) results.get(realmAttrName);
if (idAttrValues == null) {
results.put(realmAttrName, realmAttrValues);
} else {
// combine the values
if (isString) {
((Set) idAttrValues).addAll((Set) realmAttrValues);
} else {
byte[][] resultsArr = (byte[][]) results.get(realmAttrName);
byte[][] realmArr = (byte[][]) realmAttrs.get(realmAttrName);
resultsArr = combineByteArray(resultsArr, realmArr);
results.put(realmAttrName, resultsArr);
}
}
}
return (results);
}
use of com.sun.identity.idm.IdRepoUnsupportedOpException in project OpenAM by OpenRock.
the class DatabaseRepo method getMembers.
/*
* Returns members of an identity. Applicable if identity is a
* group or a role.
* @see com.sun.identity.idm.IdRepo#getMembers(com.iplanet.sso.SSOToken,
* com.sun.identity.idm.IdType, java.lang.String,
* com.sun.identity.idm.IdType)
*/
public Set getMembers(SSOToken token, IdType type, String name, IdType membersType) throws IdRepoException, SSOException {
if (initializationException != null) {
debug.error("DatabaseRepo.getMembers: throwing" + " initialization exception");
throw (initializationException);
}
if (debug.messageEnabled()) {
debug.message("DatabaseRepo.getMembers: " + "token=" + token + "IdType=" + type + ": name=" + name + ": membersType=" + membersType);
}
if (name == null || type == null || membersType == null) {
debug.message("DatabaseRepo.getMembers: parameters type, name," + "membersTypeare can not be null, so returning empty set." + "IdType=" + type + ": name=" + name + ": membersType=" + membersType);
return Collections.EMPTY_SET;
}
if (!membersType.equals(IdType.USER)) {
debug.error("DatabaseRepo.getMembers: Groups do not support" + " membership for " + membersType.getName());
Object[] args = { PLUGIN_CLASS_NAME, membersType.getName(), type.getName() };
throw new IdRepoException(IdRepoBundle.BUNDLE_NAME, IdRepoErrorCode.MEMBERSHIP_NOT_SUPPORTED, args);
}
//throw exception if this type user not allowed to do this
//isValidType(type, "getMembers");
Set members = null;
if (type.equals(IdType.USER)) {
debug.error("DatabaseRepo.getMembers: Membership operation is not" + " supported for Users");
throw new IdRepoException(IdRepoBundle.getString(IdRepoErrorCode.MEMBERSHIP_TO_USERS_AND_AGENTS_NOT_ALLOWED), IdRepoErrorCode.MEMBERSHIP_TO_USERS_AND_AGENTS_NOT_ALLOWED);
} else if (type.equals(IdType.GROUP)) {
members = dao.getMembers(name, membershipIdAttributeName);
} else {
Object[] args = { PLUGIN_CLASS_NAME, IdOperation.READ.getName(), type.getName() };
throw new IdRepoUnsupportedOpException(IdRepoBundle.BUNDLE_NAME, IdRepoErrorCode.PLUGIN_OPERATION_NOT_SUPPORTED, args);
}
if (members == null) {
members = Collections.EMPTY_SET;
}
if (debug.messageEnabled()) {
debug.message("DatabaseRepo.getMembers: returning members=" + members);
}
return members;
}
use of com.sun.identity.idm.IdRepoUnsupportedOpException in project OpenAM by OpenRock.
the class DJLDAPv3Repo method isActive.
/**
* Tells whether the given identity is considered as "active" or not. In case the user status attribute is not
* configured, this method will always return <code>true</code>. In case of Active Directory the returned
* userAccountControl attribute will be masked with 0x2 to detect whether the given account is disabled or not.
*
* @param token Not used.
* @param type The type of the identity, this should be always USER.
* @param name The name of the identity.
* @return <code>true</code> if user status attribute is not configured, or decision based on the status
* attribute value. If there was any error while retrieving the status attribute this method will return
* <code>false</code>.
* @throws IdRepoException If the identity type is invalid.
*/
@Override
public boolean isActive(SSOToken token, IdType type, String name) throws IdRepoException {
if (DEBUG.messageEnabled()) {
DEBUG.message("isActive invoked");
}
if (!type.equals(IdType.USER)) {
throw new IdRepoUnsupportedOpException(IdRepoBundle.BUNDLE_NAME, IdRepoErrorCode.PLUGIN_OPERATION_NOT_SUPPORTED, new Object[] { CLASS_NAME, IdOperation.READ.getName(), type.getName() });
}
if (alwaysActive) {
try {
return isExists(token, type, name);
} catch (IdRepoException ide) {
return false;
}
}
Map<String, Set<String>> attrMap;
try {
attrMap = getAttributes(token, type, name, asSet(userStatusAttr));
attrMap = new CaseInsensitiveHashMap(attrMap);
} catch (IdRepoException ire) {
return false;
}
String status = CollectionHelper.getMapAttr(attrMap, userStatusAttr);
if (status != null) {
return helper.isActive(status, inactiveValue);
} else {
return true;
}
}
use of com.sun.identity.idm.IdRepoUnsupportedOpException in project OpenAM by OpenRock.
the class DJLDAPv3Repo method unassignService.
/**
* Unassigns a service from the provided identity.
* In case of a USER this will traverse through all the existing user attributes and will remove those that are
* currently present in the entry. This will also remove the objectclass corresponding to the service.
* In case of a REALM this will remove the service from the locally cached serviceMap, and will notify the
* registered {@link IdRepoListener}.
*
* @param token Not used.
* @param type The type of the identity, this should be always USER or REALM.
* @param name The name of the identity. Only used when identity type is USER.
* @param serviceName The name of the service to remove from the identity.
* @param attrMap Holds the objectclasses relevant for this service removal.
* @throws IdRepoException If the identity type was invalid or if there was an error while removing the service.
*/
@Override
@SuppressWarnings("rawtypes")
public void unassignService(SSOToken token, IdType type, String name, String serviceName, Map<String, Set<String>> attrMap) throws IdRepoException {
if (DEBUG.messageEnabled()) {
DEBUG.message("unassignService invoked");
}
if (type.equals(IdType.USER)) {
Set<String> removeOCs = attrMap.get(OBJECT_CLASS_ATTR);
if (removeOCs != null) {
Schema dirSchema = getSchema();
Map attrs = new CaseInsensitiveHashMap();
for (String oc : removeOCs) {
try {
ObjectClass oc2 = dirSchema.getObjectClass(oc);
for (AttributeType optional : oc2.getOptionalAttributes()) {
attrs.put(optional.getNameOrOID(), Collections.EMPTY_SET);
}
for (AttributeType required : oc2.getRequiredAttributes()) {
attrs.put(required.getNameOrOID(), Collections.EMPTY_SET);
}
} catch (UnknownSchemaElementException usee) {
DEBUG.error("Unable to unassign " + serviceName + " service from identity: " + name, usee);
throw newIdRepoException(IdRepoErrorCode.UNABLE_GET_SERVICE_SCHEMA, serviceName);
}
}
Set<String> requestedAttrs = new CaseInsensitiveHashSet(attrs.keySet());
//if the service objectclass is auxiliary (which it should be), then the objectclass attribute may not
//be present if top is not defined as superior class.
requestedAttrs.add(OBJECT_CLASS_ATTR);
Map<String, Set<String>> attributes = new CaseInsensitiveHashMap(getAttributes(token, type, name, requestedAttrs));
Set<String> OCValues = new CaseInsensitiveHashSet(attributes.get(OBJECT_CLASS_ATTR));
OCValues.removeAll(removeOCs);
attrs.put(OBJECT_CLASS_ATTR, OCValues);
//implementing retainAll here for CaseInsensitiveHashMap's keySet
for (String string : (Set<String>) attrs.keySet()) {
if (!attributes.containsKey(string)) {
attrs.remove(string);
}
}
setAttributes(token, type, name, attrs, false, true, false);
}
} else if (type.equals(IdType.REALM)) {
if (serviceName != null && !serviceName.isEmpty()) {
serviceMap.remove(serviceName);
}
if (idRepoListener != null) {
idRepoListener.setServiceAttributes(serviceName, serviceMap);
}
} else {
throw new IdRepoUnsupportedOpException(IdRepoBundle.BUNDLE_NAME, IdRepoErrorCode.SERVICES_NOT_SUPPORTED_FOR_AGENTS_AND_GROUPS, new Object[] { CLASS_NAME });
}
}
use of com.sun.identity.idm.IdRepoUnsupportedOpException in project OpenAM by OpenRock.
the class DJLDAPv3Repo method getAssignedServices.
/**
* Returns the currently assigned to the given identity.
* In case of a USER this will retrieve the objectclasses defined for this user, and based on the provided
* mapOfServicesAndOCs if all of the objectclasses mapped to a service is present, only then will the service be
* added to the resulting list.
* In case of a REALM the locally stored serviceMap's keySet will be returned, since that contains all the different
* service names defined within this realm.
*
* @param token Not used.
* @param type The type of the identity, this should be always USER or REALM.
* @param name The name of the identity. Only used when identity type is USER.
* @param mapOfServicesAndOCs A mapping between the names of services and the corresponding objectclasses.
* @return The list of services that are currently assigned to the identity.
* @throws IdRepoException If the identity type was invalid, or if there was an error while retrieving the
* objectclasses.
*/
@Override
public Set<String> getAssignedServices(SSOToken token, IdType type, String name, Map<String, Set<String>> mapOfServicesAndOCs) throws IdRepoException {
if (DEBUG.messageEnabled()) {
DEBUG.message("getAssignedServices invoked");
}
Set<String> results = new HashSet<String>();
if (type.equals(IdType.USER)) {
Set<String> attrs = asSet("objectclass");
Set<String> objectClasses = getAttributes(token, type, name, attrs).get(OBJECT_CLASS_ATTR);
if (objectClasses != null) {
objectClasses = new CaseInsensitiveHashSet(objectClasses);
}
for (Map.Entry<String, Set<String>> entry : mapOfServicesAndOCs.entrySet()) {
String serviceName = entry.getKey();
Set<String> serviceOCs = entry.getValue();
if (objectClasses != null && objectClasses.containsAll(serviceOCs)) {
results.add(serviceName);
}
}
} else if (type.equals(IdType.REALM)) {
results.addAll(serviceMap.keySet());
} else {
throw new IdRepoUnsupportedOpException(IdRepoBundle.BUNDLE_NAME, IdRepoErrorCode.SERVICES_NOT_SUPPORTED_FOR_AGENTS_AND_GROUPS, new Object[] { CLASS_NAME });
}
if (DEBUG.messageEnabled()) {
DEBUG.message("Assigned services returned: " + results);
}
return results;
}
Aggregations