use of com.sun.identity.idm.IdRepoUnsupportedOpException in project OpenAM by OpenRock.
the class AMSDKRepo method modifyService.
/*
* (non-Javadoc)
*
* @see com.sun.identity.idm.IdRepo#modifyService(com.iplanet.sso.SSOToken,
* com.sun.identity.idm.IdType, java.lang.String, java.lang.String,
* java.util.Map)
*/
public void modifyService(SSOToken token, IdType type, String name, String serviceName, SchemaType sType, Map attrMap) throws IdRepoException, SSOException {
if (type.equals(IdType.AGENT) || type.equals(IdType.GROUP)) {
Object[] args = { this.getClass().getName() };
throw new IdRepoUnsupportedOpException(IdRepoBundle.BUNDLE_NAME, IdRepoErrorCode.SERVICES_NOT_SUPPORTED_FOR_AGENTS_AND_GROUPS, args);
} else if (type.equals(IdType.USER)) {
if (sType.equals(SchemaType.DYNAMIC)) {
Object[] args = { this.getClass().getName(), sType.toString(), type.getName() };
throw new IdRepoException(IdRepoBundle.BUNDLE_NAME, IdRepoErrorCode.CANNOT_MODIFY_SERVICE, args);
} else {
setMixAttributes(token, type, name, attrMap, false);
}
} else if (type.equals(IdType.ROLE)) {
// Need to modify COS definition and COS template.
if (sType.equals(SchemaType.USER)) {
Object[] args = { this.getClass().getName(), sType.toString(), type.getName() };
throw new IdRepoException(IdRepoBundle.BUNDLE_NAME, IdRepoErrorCode.CANNOT_MODIFY_SERVICE, args);
}
try {
AMStoreConnection amsc = (sc == null) ? new AMStoreConnection(token) : sc;
String roleDN = getDN(type, name);
AMRole role = amsc.getRole(roleDN);
AMTemplate templ = role.getTemplate(serviceName, AMTemplate.DYNAMIC_TEMPLATE);
if (templ != null && templ.isExists()) {
setTempMixAttributes(templ, attrMap);
templ.store();
} else {
Object[] args = { serviceName };
throw new IdRepoException(IdRepoBundle.BUNDLE_NAME, IdRepoErrorCode.SERVICE_NOT_ASSIGNED, args);
}
} catch (AMException ame) {
throw IdUtils.convertAMException(ame);
}
} else if (type.equals(IdType.FILTEREDROLE) || type.equals(IdType.REALM)) {
// Need to modify COS definition and COS template.
if (sType.equals(SchemaType.USER)) {
Object[] args = { this.getClass().getName(), sType.toString(), type.getName() };
throw new IdRepoException(IdRepoBundle.BUNDLE_NAME, IdRepoErrorCode.CANNOT_MODIFY_SERVICE, args);
}
try {
AMStoreConnection amsc = (sc == null) ? new AMStoreConnection(token) : sc;
String roleDN = getDN(type, name);
AMFilteredRole role = amsc.getFilteredRole(roleDN);
AMTemplate templ = role.getTemplate(serviceName, AMTemplate.DYNAMIC_TEMPLATE);
if (templ != null && templ.isExists()) {
setTempMixAttributes(templ, attrMap);
templ.store();
} else {
Object[] args = { serviceName };
throw new IdRepoException(IdRepoBundle.BUNDLE_NAME, IdRepoErrorCode.SERVICE_NOT_ASSIGNED, args);
}
} catch (AMException ame) {
throw IdUtils.convertAMException(ame);
}
}
}
use of com.sun.identity.idm.IdRepoUnsupportedOpException in project OpenAM by OpenRock.
the class AMSDKRepo method assignService.
public void assignService(SSOToken token, IdType type, String name, String serviceName, SchemaType sType, Map attrMap) throws IdRepoException, SSOException {
if (type.equals(IdType.AGENT) || type.equals(IdType.GROUP)) {
Object[] args = { this.getClass().getName() };
throw new IdRepoUnsupportedOpException(IdRepoBundle.BUNDLE_NAME, IdRepoErrorCode.SERVICES_NOT_SUPPORTED_FOR_AGENTS_AND_GROUPS, args);
}
// Use adminToken if present
if (adminToken != null) {
token = adminToken;
}
attrMap = new CaseInsensitiveHashMap(attrMap);
if (type.equals(IdType.USER)) {
Set OCs = (Set) attrMap.get("objectclass");
Set attrName = new HashSet(1);
attrName.add("objectclass");
Map tmpMap = getAttributes(token, type, name, attrName);
Set oldOCs = (Set) tmpMap.get("objectclass");
// Set oldOCs = getAttribute("objectclass");
OCs = AMCommonUtils.combineOCs(OCs, oldOCs);
attrMap.put("objectclass", OCs);
if (sType.equals(SchemaType.USER)) {
setMixAttributes(token, type, name, attrMap, false);
} else if (sType.equals(SchemaType.DYNAMIC)) {
// Map tmpMap = new HashMap();
// tmpMap.put("objectclass", (Set) attrMap.get("objectclass"));
setMixAttributes(token, type, name, attrMap, false);
}
} else if (type.equals(IdType.ROLE) || type.equals(IdType.FILTEREDROLE) || type.equals(IdType.REALM)) {
IDirectoryServices dsServices = AMDirectoryAccessFactory.getDirectoryServices();
try {
AMStoreConnection amsc = (sc == null) ? new AMStoreConnection(token) : sc;
AMOrganization amOrg = amsc.getOrganization(orgDN);
// Check if service is already assigned
Set assndSvcs = amOrg.getRegisteredServiceNames();
if (!assndSvcs.contains(serviceName)) {
amOrg.registerService(serviceName, false, false);
}
} catch (AMException ame) {
if (ame.getErrorCode().equals("464")) {
// do nothing. Definition already exists. That's OK.
} else {
throw IdUtils.convertAMException(ame);
}
}
String dn = getDN(type, name);
try {
// Remove OCs. Those are needed only when setting service
// for users, not roles.
attrMap.remove("objectclass");
int priority = type.equals(IdType.REALM) ? 3 : 0;
Set values = (Set) attrMap.remove("cospriority");
if ((values != null) && (!values.isEmpty())) {
try {
priority = Integer.parseInt((String) values.iterator().next());
} catch (NumberFormatException ex) {
if (debug.warningEnabled()) {
debug.warning("AMSDKRepo.assignService:", ex);
}
}
}
dsServices.createAMTemplate(token, dn, getProfileType(type), serviceName, attrMap, priority);
} catch (AMException ame) {
debug.error("AMSDKRepo.assignService: Caught AMException", ame);
throw IdUtils.convertAMException(ame);
}
}
}
use of com.sun.identity.idm.IdRepoUnsupportedOpException in project OpenAM by OpenRock.
the class IdServicesImpl method create.
public AMIdentity create(SSOToken token, IdType type, String name, Map attrMap, String amOrgName) throws IdRepoException, SSOException {
if (hasBookendSpaces(name)) {
throw new IdRepoException(IdRepoBundle.BUNDLE_NAME, IdRepoErrorCode.NO_SPACE_IDENTITY_NAMES, null);
}
if (type.equals(IdType.REALM)) {
return createRealmIdentity(token, type, name, attrMap, amOrgName);
}
IdRepoException origEx = null;
// First get the list of plugins that support the create operation.
// Check permission first. If allowed then proceed, else the
// checkPermission method throws an "402" exception.
checkPermission(token, amOrgName, name, attrMap.keySet(), IdOperation.CREATE, type);
if (type.equals(IdType.USER)) {
IdRepoAttributeValidator attrValidator = IdRepoAttributeValidatorManager.getInstance().getIdRepoAttributeValidator(amOrgName);
attrValidator.validateAttributes(attrMap, IdOperation.CREATE);
}
String amsdkdn = null;
Set configuredPluginClasses = idrepoCache.getIdRepoPlugins(amOrgName, IdOperation.CREATE, type);
if ((configuredPluginClasses == null) || configuredPluginClasses.isEmpty()) {
throw new IdRepoException(IdRepoBundle.BUNDLE_NAME, IdRepoErrorCode.NO_PLUGINS_CONFIGURED, null);
}
Iterator it = configuredPluginClasses.iterator();
int noOfSuccess = configuredPluginClasses.size();
IdRepo idRepo;
while (it.hasNext()) {
idRepo = (IdRepo) it.next();
try {
// do stuff to map attr
Map cMap = idRepo.getConfiguration();
// names.
Map mappedAttributes = mapAttributeNames(attrMap, cMap);
String representation = idRepo.create(token, type, name, mappedAttributes);
if (idRepo.getClass().getName().equals(IdConstants.AMSDK_PLUGIN)) {
amsdkdn = representation;
}
} catch (IdRepoUnsupportedOpException ide) {
if (idRepo != null && DEBUG.warningEnabled()) {
DEBUG.warning("IdServicesImpl.create: " + "Unable to create identity in the" + " following repository " + idRepo.getClass().getName() + ":: " + ide.getMessage());
}
noOfSuccess--;
origEx = (origEx == null) ? ide : origEx;
} catch (IdRepoFatalException idf) {
// fatal ..throw it all the way up
DEBUG.error("IdServicesImpl.create: " + "Create: Fatal Exception", idf);
throw idf;
} catch (IdRepoException ide) {
if (idRepo != null && DEBUG.warningEnabled()) {
DEBUG.warning("IdServicesImpl.create: " + "Unable to create identity in the following " + "repository " + idRepo.getClass().getName() + " :: " + ide.getMessage());
}
noOfSuccess--;
origEx = (origEx == null) ? ide : origEx;
}
}
AMIdentity id = new AMIdentity(token, name, type, amOrgName, amsdkdn);
if (noOfSuccess == 0) {
if (DEBUG.warningEnabled()) {
DEBUG.warning("IdServicesImpl.create: " + "Unable to create identity " + type.getName() + " :: " + name + " in any of the configured data stores", origEx);
}
throw origEx;
} else {
return id;
}
}
use of com.sun.identity.idm.IdRepoUnsupportedOpException in project OpenAM by OpenRock.
the class IdServicesImpl method search.
@Override
public IdSearchResults search(SSOToken token, IdType type, IdSearchControl ctrl, String amOrgName, CrestQuery crestQuery) throws IdRepoException, SSOException {
IdRepoException origEx = null;
// Check permission first. If allowed then proceed, else the
// checkPermission method throws an "402" exception.
// In the case of web services security (wss), a search is performed
// with the identity of shared agent and a filter.
// Since shared agents do not have search permissions, might have to
// use admintoken and check permissions on matched objects.
boolean checkPermissionOnObjects = false;
SSOToken userToken = token;
try {
checkPermission(token, amOrgName, null, null, IdOperation.READ, type);
} catch (IdRepoException ire) {
// If permission denied and control has search filters
// perform the search and check permissions on the matched objects
Map filter = ctrl.getSearchModifierMap();
if ((!ire.getErrorCode().equals(IdRepoErrorCode.ACCESS_DENIED)) || (filter == null) || (filter.isEmpty())) {
throw (ire);
}
// Check permissions after obtaining the matched objects
checkPermissionOnObjects = true;
token = (SSOToken) AccessController.doPrivileged(AdminTokenAction.getInstance());
}
// First get the list of plugins that support the create operation.
Set configuredPluginClasses = idrepoCache.getIdRepoPlugins(amOrgName, IdOperation.READ, type);
if ((configuredPluginClasses == null) || configuredPluginClasses.isEmpty()) {
throw new IdRepoException(IdRepoBundle.BUNDLE_NAME, IdRepoErrorCode.NO_PLUGINS_CONFIGURED, null);
}
Iterator it = configuredPluginClasses.iterator();
int noOfSuccess = configuredPluginClasses.size();
IdRepo idRepo;
Object[][] amsdkResults = new Object[1][2];
boolean amsdkIncluded = false;
Object[][] arrayOfResult = new Object[noOfSuccess][2];
int iterNo = 0;
int maxTime = ctrl.getTimeOut();
int maxResults = ctrl.getMaxResults();
Set returnAttrs = ctrl.getReturnAttributes();
boolean returnAllAttrs = ctrl.isGetAllReturnAttributesEnabled();
IdSearchOpModifier modifier = ctrl.getSearchModifier();
int filterOp = IdRepo.NO_MOD;
if (modifier.equals(IdSearchOpModifier.AND)) {
filterOp = IdRepo.AND_MOD;
} else if (modifier.equals(IdSearchOpModifier.OR)) {
filterOp = IdRepo.OR_MOD;
}
Map avPairs = ctrl.getSearchModifierMap();
boolean recursive = ctrl.isRecursive();
while (it.hasNext()) {
idRepo = (IdRepo) it.next();
try {
Map cMap = idRepo.getConfiguration();
RepoSearchResults results;
results = idRepo.search(token, type, crestQuery, maxTime, maxResults, returnAttrs, returnAllAttrs, filterOp, avPairs, recursive);
if (idRepo.getClass().getName().equals(IdConstants.AMSDK_PLUGIN)) {
amsdkResults[0][0] = results;
amsdkResults[0][1] = cMap;
amsdkIncluded = true;
} else {
arrayOfResult[iterNo][0] = results;
arrayOfResult[iterNo][1] = cMap;
iterNo++;
}
} catch (IdRepoUnsupportedOpException ide) {
if (idRepo != null && DEBUG.warningEnabled()) {
DEBUG.warning("IdServicesImpl.search: " + "Unable to search in the following repository " + idRepo.getClass().getName() + " :: " + ide.getMessage());
}
noOfSuccess--;
origEx = (origEx == null) ? ide : origEx;
} catch (IdRepoFatalException idf) {
// fatal ..throw it all the way up
DEBUG.error("IdServicesImpl.search: Fatal Exception ", idf);
throw idf;
} catch (IdRepoException ide) {
if (idRepo != null && DEBUG.warningEnabled()) {
DEBUG.warning("IdServicesImpl.search: " + "Unable to search identity in the following" + " repository " + idRepo.getClass().getName() + " :: " + ide.getMessage());
}
noOfSuccess--;
origEx = (origEx == null) ? ide : origEx;
}
}
if (noOfSuccess == 0) {
if (DEBUG.warningEnabled()) {
DEBUG.warning("IdServicesImpl.search: " + "Unable to search for identity " + type.getName() + ":: using " + crestQuery + " in any configured data store", origEx);
}
throw origEx;
}
IdSearchResults res = combineSearchResults(token, arrayOfResult, iterNo, type, amOrgName, amsdkIncluded, amsdkResults);
if (checkPermissionOnObjects) {
IdSearchResults newRes = new IdSearchResults(type, amOrgName);
Map idWithAttrs = res.getResultAttributes();
for (Iterator items = idWithAttrs.keySet().iterator(); items.hasNext(); ) {
AMIdentity id = (AMIdentity) items.next();
try {
checkPermission(userToken, amOrgName, id.getName(), returnAttrs, IdOperation.READ, type);
// Permission checked, add to newRes
newRes.addResult(id, (Map) idWithAttrs.get(id));
} catch (Exception e) {
// Ignore & continue
}
}
res = newRes;
}
return res;
}
use of com.sun.identity.idm.IdRepoUnsupportedOpException in project OpenAM by OpenRock.
the class IdServicesImpl method modifyService.
public void modifyService(SSOToken token, IdType type, String name, String serviceName, SchemaType stype, Map attrMap, String amOrgName, String amsdkDN) throws IdRepoException, SSOException {
// Check permission first. If allowed then proceed, else the
// checkPermission method throws an "402" exception.
checkPermission(token, amOrgName, name, attrMap.keySet(), IdOperation.SERVICE, type);
// Get the list of plugins that support the service operation.
Set configuredPluginClasses = idrepoCache.getIdRepoPlugins(amOrgName, IdOperation.SERVICE, type);
if ((configuredPluginClasses == null) || configuredPluginClasses.isEmpty()) {
throw new IdRepoException(IdRepoBundle.BUNDLE_NAME, IdRepoErrorCode.NO_PLUGINS_CONFIGURED, null);
}
Iterator it = configuredPluginClasses.iterator();
int noOfSuccess = configuredPluginClasses.size();
IdRepo idRepo = null;
while (it.hasNext()) {
IdRepo repo = (IdRepo) it.next();
Map cMap = repo.getConfiguration();
try {
Map mappedAttributes = mapAttributeNames(attrMap, cMap);
if (repo.getClass().getName().equals(IdConstants.AMSDK_PLUGIN) && amsdkDN != null) {
repo.modifyService(token, type, amsdkDN, serviceName, stype, mappedAttributes);
} else {
repo.modifyService(token, type, name, serviceName, stype, mappedAttributes);
}
} catch (IdRepoUnsupportedOpException ide) {
if (idRepo != null && DEBUG.messageEnabled()) {
DEBUG.message("IdServicesImpl.modifyService: " + "Modify Services not supported for repository " + repo.getClass().getName() + " :: " + ide.getMessage());
}
noOfSuccess--;
} catch (IdRepoFatalException idf) {
// fatal ..throw it all the way up
DEBUG.error("IdServicesImpl.modifyService: Fatal Exception ", idf);
throw idf;
} catch (IdRepoException ide) {
if (idRepo != null && DEBUG.warningEnabled()) {
DEBUG.warning("IdServicesImpl.modifyService: " + "Unable to modify service in the " + "following repository " + idRepo.getClass().getName() + " :: " + ide.getMessage());
}
noOfSuccess--;
}
}
if (noOfSuccess == 0) {
if (DEBUG.warningEnabled()) {
DEBUG.warning("IdServicesImpl.modifyService: " + "Unable to modify service attributes for identity " + type.getName() + "::" + name + " in any configured data store");
}
Object[] args = { IdOperation.SERVICE.toString() };
throw new IdRepoUnsupportedOpException(IdRepoBundle.BUNDLE_NAME, IdRepoErrorCode.OPERATION_NOT_SUPPORTED, args);
}
}
Aggregations