Search in sources :

Example 21 with IdRepoUnsupportedOpException

use of com.sun.identity.idm.IdRepoUnsupportedOpException in project OpenAM by OpenRock.

the class FilesRepo method getServiceAttributes.

/*
     * (non-Javadoc)
     *
     * @see com.sun.identity.idm.IdRepo#getServiceAttributes(
     *      com.iplanet.sso.SSOToken, com.sun.identity.idm.IdType,
     *      java.lang.String, java.lang.String, java.util.Set)
     */
private Map getServiceAttributes(SSOToken token, IdType type, String name, String serviceName, Set attrNames, boolean isString) throws IdRepoException, SSOException {
    if (debug.messageEnabled()) {
        debug.message("FilesRepo.getServiceAttributes called. " + name + "\n\t" + serviceName + "=" + attrNames);
    }
    if (initializationException != null) {
        debug.error("FilesRepo.getServiceAttributes: throwing initialization exception");
        throw (initializationException);
    }
    if (!type.equals(IdType.USER) && !type.equals(IdType.ROLE) && !type.equals(IdType.REALM)) {
        // Unsupported Operation
        Object[] args = { NAME, IdOperation.SERVICE.getName() };
        throw new IdRepoUnsupportedOpException(IdRepoBundle.BUNDLE_NAME, IdRepoErrorCode.PLUGIN_OPERATION_NOT_SUPPORTED, args);
    }
    // Get attributes from Identity Object
    Map results = (isString ? getAttributes(token, type, name, attrNames) : getBinaryAttributes(token, type, name, attrNames));
    if (results == null) {
        results = new HashMap();
    }
    // For types role and realm, return the attributes
    if (!type.equals(IdType.USER)) {
        return (results);
    }
    // Get the roles for the identity and add the service attributes
    Set roles = getMemberships(token, type, name, IdType.ROLE);
    for (Iterator items = roles.iterator(); items.hasNext(); ) {
        String role = (String) items.next();
        Map roleAttrs = Collections.EMPTY_MAP;
        try {
            roleAttrs = (isString ? getAttributes(token, IdType.ROLE, role, attrNames) : getBinaryAttributes(token, IdType.ROLE, role, attrNames));
        } catch (FilesRepoEntryNotFoundException fnf) {
            roleAttrs = Collections.EMPTY_MAP;
        }
        // Add the attributes to results
        for (Iterator ris = roleAttrs.keySet().iterator(); ris.hasNext(); ) {
            Object roleAttrName = ris.next();
            Object roleAttrValues = (Object) roleAttrs.get(roleAttrName);
            Object idAttrValues = (Object) results.get(roleAttrName);
            if (idAttrValues == null) {
                results.put(roleAttrName, roleAttrValues);
            } else {
                if (isString) {
                    ((Set) idAttrValues).addAll((Set) roleAttrValues);
                } else {
                    byte[][] resultsArr = (byte[][]) results.get(roleAttrName);
                    byte[][] roleArr = (byte[][]) roleAttrs.get(roleAttrName);
                    resultsArr = combineByteArray(resultsArr, roleArr);
                    results.put(roleAttrName, resultsArr);
                }
            }
        }
    }
    // Get the service attributes for the realm and add it
    Map realmAttrs = (isString ? getAttributes(token, IdType.REALM, "ContainerDefaultTemplateRole", attrNames) : getBinaryAttributes(token, IdType.REALM, "ContainerDefaultTemplateRole", attrNames));
    // Add the attributes to results
    for (Iterator ris = realmAttrs.keySet().iterator(); ris.hasNext(); ) {
        Object realmAttrName = ris.next();
        Object realmAttrValues = (Object) realmAttrs.get(realmAttrName);
        Object idAttrValues = (Object) results.get(realmAttrName);
        if (idAttrValues == null) {
            results.put(realmAttrName, realmAttrValues);
        } else {
            // combine the values
            if (isString) {
                ((Set) idAttrValues).addAll((Set) realmAttrValues);
            } else {
                byte[][] resultsArr = (byte[][]) results.get(realmAttrName);
                byte[][] realmArr = (byte[][]) realmAttrs.get(realmAttrName);
                resultsArr = combineByteArray(resultsArr, realmArr);
                results.put(realmAttrName, resultsArr);
            }
        }
    }
    return (results);
}
Also used : IdRepoUnsupportedOpException(com.sun.identity.idm.IdRepoUnsupportedOpException) CaseInsensitiveHashSet(com.sun.identity.common.CaseInsensitiveHashSet) HashSet(java.util.HashSet) Set(java.util.Set) HashMap(java.util.HashMap) CaseInsensitiveHashMap(com.sun.identity.common.CaseInsensitiveHashMap) Iterator(java.util.Iterator) HashMap(java.util.HashMap) CaseInsensitiveHashMap(com.sun.identity.common.CaseInsensitiveHashMap) Map(java.util.Map)

Example 22 with IdRepoUnsupportedOpException

use of com.sun.identity.idm.IdRepoUnsupportedOpException in project OpenAM by OpenRock.

the class DatabaseRepo method getMembers.

/*
     * Returns members of an identity. Applicable if identity is a
     * group or a role.
     * @see com.sun.identity.idm.IdRepo#getMembers(com.iplanet.sso.SSOToken,
     *      com.sun.identity.idm.IdType, java.lang.String,
     *      com.sun.identity.idm.IdType)
     */
public Set getMembers(SSOToken token, IdType type, String name, IdType membersType) throws IdRepoException, SSOException {
    if (initializationException != null) {
        debug.error("DatabaseRepo.getMembers: throwing" + " initialization exception");
        throw (initializationException);
    }
    if (debug.messageEnabled()) {
        debug.message("DatabaseRepo.getMembers: " + "token=" + token + "IdType=" + type + ": name=" + name + ": membersType=" + membersType);
    }
    if (name == null || type == null || membersType == null) {
        debug.message("DatabaseRepo.getMembers: parameters type, name," + "membersTypeare can not be null, so returning empty set." + "IdType=" + type + ": name=" + name + ": membersType=" + membersType);
        return Collections.EMPTY_SET;
    }
    if (!membersType.equals(IdType.USER)) {
        debug.error("DatabaseRepo.getMembers: Groups do not support" + " membership for " + membersType.getName());
        Object[] args = { PLUGIN_CLASS_NAME, membersType.getName(), type.getName() };
        throw new IdRepoException(IdRepoBundle.BUNDLE_NAME, IdRepoErrorCode.MEMBERSHIP_NOT_SUPPORTED, args);
    }
    //throw exception if this type user not allowed to do this
    //isValidType(type, "getMembers");
    Set members = null;
    if (type.equals(IdType.USER)) {
        debug.error("DatabaseRepo.getMembers: Membership operation is not" + " supported for Users");
        throw new IdRepoException(IdRepoBundle.getString(IdRepoErrorCode.MEMBERSHIP_TO_USERS_AND_AGENTS_NOT_ALLOWED), IdRepoErrorCode.MEMBERSHIP_TO_USERS_AND_AGENTS_NOT_ALLOWED);
    } else if (type.equals(IdType.GROUP)) {
        members = dao.getMembers(name, membershipIdAttributeName);
    } else {
        Object[] args = { PLUGIN_CLASS_NAME, IdOperation.READ.getName(), type.getName() };
        throw new IdRepoUnsupportedOpException(IdRepoBundle.BUNDLE_NAME, IdRepoErrorCode.PLUGIN_OPERATION_NOT_SUPPORTED, args);
    }
    if (members == null) {
        members = Collections.EMPTY_SET;
    }
    if (debug.messageEnabled()) {
        debug.message("DatabaseRepo.getMembers: returning members=" + members);
    }
    return members;
}
Also used : IdRepoUnsupportedOpException(com.sun.identity.idm.IdRepoUnsupportedOpException) HashSet(java.util.HashSet) Set(java.util.Set) IdRepoException(com.sun.identity.idm.IdRepoException)

Example 23 with IdRepoUnsupportedOpException

use of com.sun.identity.idm.IdRepoUnsupportedOpException in project OpenAM by OpenRock.

the class DJLDAPv3Repo method isActive.

/**
     * Tells whether the given identity is considered as "active" or not. In case the user status attribute is not
     * configured, this method will always return <code>true</code>. In case of Active Directory the returned
     * userAccountControl attribute will be masked with 0x2 to detect whether the given account is disabled or not.
     *
     * @param token Not used.
     * @param type The type of the identity, this should be always USER.
     * @param name The name of the identity.
     * @return <code>true</code> if user status attribute is not configured, or decision based on the status
     * attribute value. If there was any error while retrieving the status attribute this method will return
     * <code>false</code>.
     * @throws IdRepoException If the identity type is invalid.
     */
@Override
public boolean isActive(SSOToken token, IdType type, String name) throws IdRepoException {
    if (DEBUG.messageEnabled()) {
        DEBUG.message("isActive invoked");
    }
    if (!type.equals(IdType.USER)) {
        throw new IdRepoUnsupportedOpException(IdRepoBundle.BUNDLE_NAME, IdRepoErrorCode.PLUGIN_OPERATION_NOT_SUPPORTED, new Object[] { CLASS_NAME, IdOperation.READ.getName(), type.getName() });
    }
    if (alwaysActive) {
        try {
            return isExists(token, type, name);
        } catch (IdRepoException ide) {
            return false;
        }
    }
    Map<String, Set<String>> attrMap;
    try {
        attrMap = getAttributes(token, type, name, asSet(userStatusAttr));
        attrMap = new CaseInsensitiveHashMap(attrMap);
    } catch (IdRepoException ire) {
        return false;
    }
    String status = CollectionHelper.getMapAttr(attrMap, userStatusAttr);
    if (status != null) {
        return helper.isActive(status, inactiveValue);
    } else {
        return true;
    }
}
Also used : IdRepoUnsupportedOpException(com.sun.identity.idm.IdRepoUnsupportedOpException) Set(java.util.Set) CaseInsensitiveHashSet(com.sun.identity.common.CaseInsensitiveHashSet) HashSet(java.util.HashSet) LinkedHashSet(java.util.LinkedHashSet) CollectionUtils.asSet(org.forgerock.openam.utils.CollectionUtils.asSet) IdRepoException(com.sun.identity.idm.IdRepoException) ByteString(org.forgerock.opendj.ldap.ByteString) CaseInsensitiveHashMap(com.sun.identity.common.CaseInsensitiveHashMap)

Example 24 with IdRepoUnsupportedOpException

use of com.sun.identity.idm.IdRepoUnsupportedOpException in project OpenAM by OpenRock.

the class DJLDAPv3Repo method unassignService.

/**
     * Unassigns a service from the provided identity.
     * In case of a USER this will traverse through all the existing user attributes and will remove those that are
     * currently present in the entry. This will also remove the objectclass corresponding to the service.
     * In case of a REALM this will remove the service from the locally cached serviceMap, and will notify the
     * registered {@link IdRepoListener}.
     *
     * @param token Not used.
     * @param type The type of the identity, this should be always USER or REALM.
     * @param name The name of the identity. Only used when identity type is USER.
     * @param serviceName The name of the service to remove from the identity.
     * @param attrMap Holds the objectclasses relevant for this service removal.
     * @throws IdRepoException If the identity type was invalid or if there was an error while removing the service.
     */
@Override
@SuppressWarnings("rawtypes")
public void unassignService(SSOToken token, IdType type, String name, String serviceName, Map<String, Set<String>> attrMap) throws IdRepoException {
    if (DEBUG.messageEnabled()) {
        DEBUG.message("unassignService invoked");
    }
    if (type.equals(IdType.USER)) {
        Set<String> removeOCs = attrMap.get(OBJECT_CLASS_ATTR);
        if (removeOCs != null) {
            Schema dirSchema = getSchema();
            Map attrs = new CaseInsensitiveHashMap();
            for (String oc : removeOCs) {
                try {
                    ObjectClass oc2 = dirSchema.getObjectClass(oc);
                    for (AttributeType optional : oc2.getOptionalAttributes()) {
                        attrs.put(optional.getNameOrOID(), Collections.EMPTY_SET);
                    }
                    for (AttributeType required : oc2.getRequiredAttributes()) {
                        attrs.put(required.getNameOrOID(), Collections.EMPTY_SET);
                    }
                } catch (UnknownSchemaElementException usee) {
                    DEBUG.error("Unable to unassign " + serviceName + " service from identity: " + name, usee);
                    throw newIdRepoException(IdRepoErrorCode.UNABLE_GET_SERVICE_SCHEMA, serviceName);
                }
            }
            Set<String> requestedAttrs = new CaseInsensitiveHashSet(attrs.keySet());
            //if the service objectclass is auxiliary (which it should be), then the objectclass attribute may not
            //be present if top is not defined as superior class.
            requestedAttrs.add(OBJECT_CLASS_ATTR);
            Map<String, Set<String>> attributes = new CaseInsensitiveHashMap(getAttributes(token, type, name, requestedAttrs));
            Set<String> OCValues = new CaseInsensitiveHashSet(attributes.get(OBJECT_CLASS_ATTR));
            OCValues.removeAll(removeOCs);
            attrs.put(OBJECT_CLASS_ATTR, OCValues);
            //implementing retainAll here for CaseInsensitiveHashMap's keySet
            for (String string : (Set<String>) attrs.keySet()) {
                if (!attributes.containsKey(string)) {
                    attrs.remove(string);
                }
            }
            setAttributes(token, type, name, attrs, false, true, false);
        }
    } else if (type.equals(IdType.REALM)) {
        if (serviceName != null && !serviceName.isEmpty()) {
            serviceMap.remove(serviceName);
        }
        if (idRepoListener != null) {
            idRepoListener.setServiceAttributes(serviceName, serviceMap);
        }
    } else {
        throw new IdRepoUnsupportedOpException(IdRepoBundle.BUNDLE_NAME, IdRepoErrorCode.SERVICES_NOT_SUPPORTED_FOR_AGENTS_AND_GROUPS, new Object[] { CLASS_NAME });
    }
}
Also used : ObjectClass(org.forgerock.opendj.ldap.schema.ObjectClass) Set(java.util.Set) CaseInsensitiveHashSet(com.sun.identity.common.CaseInsensitiveHashSet) HashSet(java.util.HashSet) LinkedHashSet(java.util.LinkedHashSet) CollectionUtils.asSet(org.forgerock.openam.utils.CollectionUtils.asSet) UnknownSchemaElementException(org.forgerock.opendj.ldap.schema.UnknownSchemaElementException) Schema(org.forgerock.opendj.ldap.schema.Schema) ByteString(org.forgerock.opendj.ldap.ByteString) CaseInsensitiveHashMap(com.sun.identity.common.CaseInsensitiveHashMap) CaseInsensitiveHashSet(com.sun.identity.common.CaseInsensitiveHashSet) IdRepoUnsupportedOpException(com.sun.identity.idm.IdRepoUnsupportedOpException) AttributeType(org.forgerock.opendj.ldap.schema.AttributeType) Map(java.util.Map) HashMap(java.util.HashMap) CaseInsensitiveHashMap(com.sun.identity.common.CaseInsensitiveHashMap)

Example 25 with IdRepoUnsupportedOpException

use of com.sun.identity.idm.IdRepoUnsupportedOpException in project OpenAM by OpenRock.

the class DJLDAPv3Repo method getAssignedServices.

/**
     * Returns the currently assigned to the given identity.
     * In case of a USER this will retrieve the objectclasses defined for this user, and based on the provided
     * mapOfServicesAndOCs if all of the objectclasses mapped to a service is present, only then will the service be
     * added to the resulting list.
     * In case of a REALM the locally stored serviceMap's keySet will be returned, since that contains all the different
     * service names defined within this realm.
     *
     * @param token Not used.
     * @param type The type of the identity, this should be always USER or REALM.
     * @param name The name of the identity. Only used when identity type is USER.
     * @param mapOfServicesAndOCs A mapping between the names of services and the corresponding objectclasses.
     * @return The list of services that are currently assigned to the identity.
     * @throws IdRepoException If the identity type was invalid, or if there was an error while retrieving the
     * objectclasses.
     */
@Override
public Set<String> getAssignedServices(SSOToken token, IdType type, String name, Map<String, Set<String>> mapOfServicesAndOCs) throws IdRepoException {
    if (DEBUG.messageEnabled()) {
        DEBUG.message("getAssignedServices invoked");
    }
    Set<String> results = new HashSet<String>();
    if (type.equals(IdType.USER)) {
        Set<String> attrs = asSet("objectclass");
        Set<String> objectClasses = getAttributes(token, type, name, attrs).get(OBJECT_CLASS_ATTR);
        if (objectClasses != null) {
            objectClasses = new CaseInsensitiveHashSet(objectClasses);
        }
        for (Map.Entry<String, Set<String>> entry : mapOfServicesAndOCs.entrySet()) {
            String serviceName = entry.getKey();
            Set<String> serviceOCs = entry.getValue();
            if (objectClasses != null && objectClasses.containsAll(serviceOCs)) {
                results.add(serviceName);
            }
        }
    } else if (type.equals(IdType.REALM)) {
        results.addAll(serviceMap.keySet());
    } else {
        throw new IdRepoUnsupportedOpException(IdRepoBundle.BUNDLE_NAME, IdRepoErrorCode.SERVICES_NOT_SUPPORTED_FOR_AGENTS_AND_GROUPS, new Object[] { CLASS_NAME });
    }
    if (DEBUG.messageEnabled()) {
        DEBUG.message("Assigned services returned: " + results);
    }
    return results;
}
Also used : CaseInsensitiveHashSet(com.sun.identity.common.CaseInsensitiveHashSet) IdRepoUnsupportedOpException(com.sun.identity.idm.IdRepoUnsupportedOpException) Set(java.util.Set) CaseInsensitiveHashSet(com.sun.identity.common.CaseInsensitiveHashSet) HashSet(java.util.HashSet) LinkedHashSet(java.util.LinkedHashSet) CollectionUtils.asSet(org.forgerock.openam.utils.CollectionUtils.asSet) ByteString(org.forgerock.opendj.ldap.ByteString) Map(java.util.Map) HashMap(java.util.HashMap) CaseInsensitiveHashMap(com.sun.identity.common.CaseInsensitiveHashMap) CaseInsensitiveHashSet(com.sun.identity.common.CaseInsensitiveHashSet) HashSet(java.util.HashSet) LinkedHashSet(java.util.LinkedHashSet)

Aggregations

IdRepoUnsupportedOpException (com.sun.identity.idm.IdRepoUnsupportedOpException)43 HashSet (java.util.HashSet)37 Set (java.util.Set)36 IdRepoException (com.sun.identity.idm.IdRepoException)33 CaseInsensitiveHashSet (com.sun.identity.common.CaseInsensitiveHashSet)32 CaseInsensitiveHashMap (com.sun.identity.common.CaseInsensitiveHashMap)26 HashMap (java.util.HashMap)24 Iterator (java.util.Iterator)24 Map (java.util.Map)24 IdRepoFatalException (com.sun.identity.idm.IdRepoFatalException)20 IdRepo (com.sun.identity.idm.IdRepo)18 OrderedSet (com.sun.identity.shared.datastruct.OrderedSet)17 SMSException (com.sun.identity.sm.SMSException)12 AMHashMap (com.iplanet.am.sdk.AMHashMap)11 SSOException (com.iplanet.sso.SSOException)7 AuthLoginException (com.sun.identity.authentication.spi.AuthLoginException)7 ServiceConfig (com.sun.identity.sm.ServiceConfig)6 ByteString (org.forgerock.opendj.ldap.ByteString)6 DelegationException (com.sun.identity.delegation.DelegationException)5 LinkedHashSet (java.util.LinkedHashSet)5