use of com.sun.identity.idm.IdRepoUnsupportedOpException in project OpenAM by OpenRock.
the class IdServicesImpl method create.
public AMIdentity create(SSOToken token, IdType type, String name, Map attrMap, String amOrgName) throws IdRepoException, SSOException {
if (hasBookendSpaces(name)) {
throw new IdRepoException(IdRepoBundle.BUNDLE_NAME, IdRepoErrorCode.NO_SPACE_IDENTITY_NAMES, null);
}
if (type.equals(IdType.REALM)) {
return createRealmIdentity(token, type, name, attrMap, amOrgName);
}
IdRepoException origEx = null;
// First get the list of plugins that support the create operation.
// Check permission first. If allowed then proceed, else the
// checkPermission method throws an "402" exception.
checkPermission(token, amOrgName, name, attrMap.keySet(), IdOperation.CREATE, type);
if (type.equals(IdType.USER)) {
IdRepoAttributeValidator attrValidator = IdRepoAttributeValidatorManager.getInstance().getIdRepoAttributeValidator(amOrgName);
attrValidator.validateAttributes(attrMap, IdOperation.CREATE);
}
String amsdkdn = null;
Set configuredPluginClasses = idrepoCache.getIdRepoPlugins(amOrgName, IdOperation.CREATE, type);
if ((configuredPluginClasses == null) || configuredPluginClasses.isEmpty()) {
throw new IdRepoException(IdRepoBundle.BUNDLE_NAME, IdRepoErrorCode.NO_PLUGINS_CONFIGURED, null);
}
Iterator it = configuredPluginClasses.iterator();
int noOfSuccess = configuredPluginClasses.size();
IdRepo idRepo;
while (it.hasNext()) {
idRepo = (IdRepo) it.next();
try {
// do stuff to map attr
Map cMap = idRepo.getConfiguration();
// names.
Map mappedAttributes = mapAttributeNames(attrMap, cMap);
String representation = idRepo.create(token, type, name, mappedAttributes);
if (idRepo.getClass().getName().equals(IdConstants.AMSDK_PLUGIN)) {
amsdkdn = representation;
}
} catch (IdRepoUnsupportedOpException ide) {
if (idRepo != null && DEBUG.warningEnabled()) {
DEBUG.warning("IdServicesImpl.create: " + "Unable to create identity in the" + " following repository " + idRepo.getClass().getName() + ":: " + ide.getMessage());
}
noOfSuccess--;
origEx = (origEx == null) ? ide : origEx;
} catch (IdRepoFatalException idf) {
// fatal ..throw it all the way up
DEBUG.error("IdServicesImpl.create: " + "Create: Fatal Exception", idf);
throw idf;
} catch (IdRepoException ide) {
if (idRepo != null && DEBUG.warningEnabled()) {
DEBUG.warning("IdServicesImpl.create: " + "Unable to create identity in the following " + "repository " + idRepo.getClass().getName() + " :: " + ide.getMessage());
}
noOfSuccess--;
origEx = (origEx == null) ? ide : origEx;
}
}
AMIdentity id = new AMIdentity(token, name, type, amOrgName, amsdkdn);
if (noOfSuccess == 0) {
if (DEBUG.warningEnabled()) {
DEBUG.warning("IdServicesImpl.create: " + "Unable to create identity " + type.getName() + " :: " + name + " in any of the configured data stores", origEx);
}
throw origEx;
} else {
return id;
}
}
use of com.sun.identity.idm.IdRepoUnsupportedOpException in project OpenAM by OpenRock.
the class IdServicesImpl method search.
@Override
public IdSearchResults search(SSOToken token, IdType type, IdSearchControl ctrl, String amOrgName, CrestQuery crestQuery) throws IdRepoException, SSOException {
IdRepoException origEx = null;
// Check permission first. If allowed then proceed, else the
// checkPermission method throws an "402" exception.
// In the case of web services security (wss), a search is performed
// with the identity of shared agent and a filter.
// Since shared agents do not have search permissions, might have to
// use admintoken and check permissions on matched objects.
boolean checkPermissionOnObjects = false;
SSOToken userToken = token;
try {
checkPermission(token, amOrgName, null, null, IdOperation.READ, type);
} catch (IdRepoException ire) {
// If permission denied and control has search filters
// perform the search and check permissions on the matched objects
Map filter = ctrl.getSearchModifierMap();
if ((!ire.getErrorCode().equals(IdRepoErrorCode.ACCESS_DENIED)) || (filter == null) || (filter.isEmpty())) {
throw (ire);
}
// Check permissions after obtaining the matched objects
checkPermissionOnObjects = true;
token = (SSOToken) AccessController.doPrivileged(AdminTokenAction.getInstance());
}
// First get the list of plugins that support the create operation.
Set configuredPluginClasses = idrepoCache.getIdRepoPlugins(amOrgName, IdOperation.READ, type);
if ((configuredPluginClasses == null) || configuredPluginClasses.isEmpty()) {
throw new IdRepoException(IdRepoBundle.BUNDLE_NAME, IdRepoErrorCode.NO_PLUGINS_CONFIGURED, null);
}
Iterator it = configuredPluginClasses.iterator();
int noOfSuccess = configuredPluginClasses.size();
IdRepo idRepo;
Object[][] amsdkResults = new Object[1][2];
boolean amsdkIncluded = false;
Object[][] arrayOfResult = new Object[noOfSuccess][2];
int iterNo = 0;
int maxTime = ctrl.getTimeOut();
int maxResults = ctrl.getMaxResults();
Set returnAttrs = ctrl.getReturnAttributes();
boolean returnAllAttrs = ctrl.isGetAllReturnAttributesEnabled();
IdSearchOpModifier modifier = ctrl.getSearchModifier();
int filterOp = IdRepo.NO_MOD;
if (modifier.equals(IdSearchOpModifier.AND)) {
filterOp = IdRepo.AND_MOD;
} else if (modifier.equals(IdSearchOpModifier.OR)) {
filterOp = IdRepo.OR_MOD;
}
Map avPairs = ctrl.getSearchModifierMap();
boolean recursive = ctrl.isRecursive();
while (it.hasNext()) {
idRepo = (IdRepo) it.next();
try {
Map cMap = idRepo.getConfiguration();
RepoSearchResults results;
results = idRepo.search(token, type, crestQuery, maxTime, maxResults, returnAttrs, returnAllAttrs, filterOp, avPairs, recursive);
if (idRepo.getClass().getName().equals(IdConstants.AMSDK_PLUGIN)) {
amsdkResults[0][0] = results;
amsdkResults[0][1] = cMap;
amsdkIncluded = true;
} else {
arrayOfResult[iterNo][0] = results;
arrayOfResult[iterNo][1] = cMap;
iterNo++;
}
} catch (IdRepoUnsupportedOpException ide) {
if (idRepo != null && DEBUG.warningEnabled()) {
DEBUG.warning("IdServicesImpl.search: " + "Unable to search in the following repository " + idRepo.getClass().getName() + " :: " + ide.getMessage());
}
noOfSuccess--;
origEx = (origEx == null) ? ide : origEx;
} catch (IdRepoFatalException idf) {
// fatal ..throw it all the way up
DEBUG.error("IdServicesImpl.search: Fatal Exception ", idf);
throw idf;
} catch (IdRepoException ide) {
if (idRepo != null && DEBUG.warningEnabled()) {
DEBUG.warning("IdServicesImpl.search: " + "Unable to search identity in the following" + " repository " + idRepo.getClass().getName() + " :: " + ide.getMessage());
}
noOfSuccess--;
origEx = (origEx == null) ? ide : origEx;
}
}
if (noOfSuccess == 0) {
if (DEBUG.warningEnabled()) {
DEBUG.warning("IdServicesImpl.search: " + "Unable to search for identity " + type.getName() + ":: using " + crestQuery + " in any configured data store", origEx);
}
throw origEx;
}
IdSearchResults res = combineSearchResults(token, arrayOfResult, iterNo, type, amOrgName, amsdkIncluded, amsdkResults);
if (checkPermissionOnObjects) {
IdSearchResults newRes = new IdSearchResults(type, amOrgName);
Map idWithAttrs = res.getResultAttributes();
for (Iterator items = idWithAttrs.keySet().iterator(); items.hasNext(); ) {
AMIdentity id = (AMIdentity) items.next();
try {
checkPermission(userToken, amOrgName, id.getName(), returnAttrs, IdOperation.READ, type);
// Permission checked, add to newRes
newRes.addResult(id, (Map) idWithAttrs.get(id));
} catch (Exception e) {
// Ignore & continue
}
}
res = newRes;
}
return res;
}
use of com.sun.identity.idm.IdRepoUnsupportedOpException in project OpenAM by OpenRock.
the class IdServicesImpl method modifyService.
public void modifyService(SSOToken token, IdType type, String name, String serviceName, SchemaType stype, Map attrMap, String amOrgName, String amsdkDN) throws IdRepoException, SSOException {
// Check permission first. If allowed then proceed, else the
// checkPermission method throws an "402" exception.
checkPermission(token, amOrgName, name, attrMap.keySet(), IdOperation.SERVICE, type);
// Get the list of plugins that support the service operation.
Set configuredPluginClasses = idrepoCache.getIdRepoPlugins(amOrgName, IdOperation.SERVICE, type);
if ((configuredPluginClasses == null) || configuredPluginClasses.isEmpty()) {
throw new IdRepoException(IdRepoBundle.BUNDLE_NAME, IdRepoErrorCode.NO_PLUGINS_CONFIGURED, null);
}
Iterator it = configuredPluginClasses.iterator();
int noOfSuccess = configuredPluginClasses.size();
IdRepo idRepo = null;
while (it.hasNext()) {
IdRepo repo = (IdRepo) it.next();
Map cMap = repo.getConfiguration();
try {
Map mappedAttributes = mapAttributeNames(attrMap, cMap);
if (repo.getClass().getName().equals(IdConstants.AMSDK_PLUGIN) && amsdkDN != null) {
repo.modifyService(token, type, amsdkDN, serviceName, stype, mappedAttributes);
} else {
repo.modifyService(token, type, name, serviceName, stype, mappedAttributes);
}
} catch (IdRepoUnsupportedOpException ide) {
if (idRepo != null && DEBUG.messageEnabled()) {
DEBUG.message("IdServicesImpl.modifyService: " + "Modify Services not supported for repository " + repo.getClass().getName() + " :: " + ide.getMessage());
}
noOfSuccess--;
} catch (IdRepoFatalException idf) {
// fatal ..throw it all the way up
DEBUG.error("IdServicesImpl.modifyService: Fatal Exception ", idf);
throw idf;
} catch (IdRepoException ide) {
if (idRepo != null && DEBUG.warningEnabled()) {
DEBUG.warning("IdServicesImpl.modifyService: " + "Unable to modify service in the " + "following repository " + idRepo.getClass().getName() + " :: " + ide.getMessage());
}
noOfSuccess--;
}
}
if (noOfSuccess == 0) {
if (DEBUG.warningEnabled()) {
DEBUG.warning("IdServicesImpl.modifyService: " + "Unable to modify service attributes for identity " + type.getName() + "::" + name + " in any configured data store");
}
Object[] args = { IdOperation.SERVICE.toString() };
throw new IdRepoUnsupportedOpException(IdRepoBundle.BUNDLE_NAME, IdRepoErrorCode.OPERATION_NOT_SUPPORTED, args);
}
}
use of com.sun.identity.idm.IdRepoUnsupportedOpException in project OpenAM by OpenRock.
the class IdServicesImpl method removeAttributes.
/*
* (non-Javadoc)
*/
public void removeAttributes(SSOToken token, IdType type, String name, Set attrNames, String amOrgName, String amsdkDN) throws IdRepoException, SSOException {
IdRepoException origEx = null;
// Check permission first. If allowed then proceed, else the
// checkPermission method throws an "402" exception.
checkPermission(token, amOrgName, name, attrNames, IdOperation.EDIT, type);
// First get the list of plugins that support the create operation.
Set configuredPluginClasses = idrepoCache.getIdRepoPlugins(amOrgName, IdOperation.EDIT, type);
if ((configuredPluginClasses == null) || configuredPluginClasses.isEmpty()) {
throw new IdRepoException(IdRepoBundle.BUNDLE_NAME, IdRepoErrorCode.NO_PLUGINS_CONFIGURED, null);
}
Iterator it = configuredPluginClasses.iterator();
int noOfSuccess = configuredPluginClasses.size();
while (it.hasNext()) {
IdRepo idRepo = (IdRepo) it.next();
try {
Map cMap = idRepo.getConfiguration();
// do stuff to map attr names.
Set mappedAttributeNames = mapAttributeNames(attrNames, cMap);
if (idRepo.getClass().getName().equals(IdConstants.AMSDK_PLUGIN) && (amsdkDN != null)) {
idRepo.removeAttributes(token, type, amsdkDN, mappedAttributeNames);
} else {
idRepo.removeAttributes(token, type, name, mappedAttributeNames);
}
} catch (IdRepoUnsupportedOpException ide) {
if (idRepo != null && DEBUG.warningEnabled()) {
DEBUG.warning("IdServicesImpl.removeAttributes: " + "Unable to modify identity in the following " + "repository " + idRepo.getClass().getName() + " :: " + ide.getMessage());
}
noOfSuccess--;
origEx = (origEx == null) ? ide : origEx;
} catch (IdRepoFatalException idf) {
// fatal ..throw it all the way up
DEBUG.error("IdServicesImpl.removeAttributes: " + "Fatal Exception ", idf);
throw idf;
} catch (IdRepoException ide) {
if (idRepo != null && DEBUG.warningEnabled()) {
DEBUG.warning("IdServicesImpl.removeAttributes: " + "Unable to remove attributes in the following " + "repository " + idRepo.getClass().getName() + " :: " + ide.getMessage());
}
noOfSuccess--;
// all the ds and this entry might exist in one of the other ds.
if (!ide.getErrorCode().equalsIgnoreCase(IdRepoErrorCode.UNABLE_FIND_ENTRY) || (origEx == null)) {
origEx = ide;
}
}
}
if (noOfSuccess == 0) {
if (DEBUG.warningEnabled()) {
DEBUG.warning("IdServicesImpl.removeAttributes: " + "Unable to remove attributes for identity " + type.getName() + "::" + name + " in any configured data store", origEx);
}
throw origEx;
}
}
use of com.sun.identity.idm.IdRepoUnsupportedOpException in project OpenAM by OpenRock.
the class IdServicesImpl method getAttributes.
/*
* (non-Javadoc)
*/
public Map getAttributes(SSOToken token, IdType type, String name, String amOrgName, String amsdkDN) throws IdRepoException, SSOException {
IdRepoException origEx = null;
// Check permission first. If allowed then proceed, else the
// checkPermission method throws an "402" exception.
checkPermission(token, amOrgName, name, null, IdOperation.READ, type);
// Get the list of plugins that support the read operation.
Set configuredPluginClasses = idrepoCache.getIdRepoPlugins(amOrgName, IdOperation.READ, type);
if ((configuredPluginClasses == null) || configuredPluginClasses.isEmpty()) {
throw new IdRepoException(IdRepoBundle.BUNDLE_NAME, IdRepoErrorCode.NO_PLUGINS_CONFIGURED, null);
}
// Verify if it is an internal/special identity
// to avoid calling other plugins for special users
Set attrMapsSet = new HashSet();
if (isSpecialIdentity(token, name, type, amOrgName)) {
try {
for (Iterator items = configuredPluginClasses.iterator(); items.hasNext(); ) {
IdRepo idRepo = (IdRepo) items.next();
if (idRepo.getClass().getName().equals(IdConstants.SPECIAL_PLUGIN)) {
attrMapsSet.add(idRepo.getAttributes(token, type, name));
return (combineAttrMaps(attrMapsSet, true));
}
}
} catch (Exception e) {
// Ignore and continue
}
}
Iterator it = configuredPluginClasses.iterator();
int noOfSuccess = configuredPluginClasses.size();
while (it.hasNext()) {
IdRepo idRepo = (IdRepo) it.next();
try {
Map cMap = idRepo.getConfiguration();
Map aMap = null;
if (idRepo.getClass().getName().equals(IdConstants.AMSDK_PLUGIN) && (amsdkDN != null)) {
aMap = idRepo.getAttributes(token, type, amsdkDN);
} else {
aMap = idRepo.getAttributes(token, type, name);
}
if (DEBUG.messageEnabled()) {
DEBUG.message("IdServicesImpl.getAttributes: " + "before reverseMapAttributeNames aMap=" + IdRepoUtils.getAttrMapWithoutPasswordAttrs(aMap, null));
}
aMap = reverseMapAttributeNames(aMap, cMap);
attrMapsSet.add(aMap);
if (DEBUG.messageEnabled()) {
for (Iterator iter = attrMapsSet.iterator(); iter.hasNext(); ) {
Map attrMap = (Map) iter.next();
DEBUG.message("IdServicesImpl.getAttributes: " + "after before reverseMapAttributeNames attrMapsSet=" + IdRepoUtils.getAttrMapWithoutPasswordAttrs(attrMap, null));
}
}
} catch (IdRepoUnsupportedOpException ide) {
if (idRepo != null && DEBUG.warningEnabled()) {
DEBUG.warning("IdServicesImpl.getAttributes: " + "Unable to read identity in the following " + "repository " + idRepo.getClass().getName() + " :: " + ide.getMessage());
}
noOfSuccess--;
origEx = (origEx == null) ? ide : origEx;
} catch (IdRepoFatalException idf) {
// fatal ..throw it all the way up
DEBUG.error("IdServicesImpl.getAttributes: " + "Fatal Exception ", idf);
throw idf;
} catch (IdRepoException ide) {
if (idRepo != null && DEBUG.warningEnabled()) {
DEBUG.warning("IdServicesImpl.getAttributes: " + "Unable to read identity in the following " + "repository " + idRepo.getClass().getName() + " :: " + ide.getMessage());
}
noOfSuccess--;
origEx = (origEx == null) ? ide : origEx;
}
}
if (noOfSuccess == 0) {
if (DEBUG.warningEnabled()) {
DEBUG.warning("IdServicesImpl.getAttributes: " + "Unable to get attributes for identity " + type.getName() + "::" + name + " in any configured data store", origEx);
}
throw origEx;
} else {
Map returnMap = combineAttrMaps(attrMapsSet, true);
if (DEBUG.warningEnabled()) {
DEBUG.warning("IdServicesImpl.getAttributes exit: returnMap=" + IdRepoUtils.getAttrMapWithoutPasswordAttrs(returnMap, null));
}
return returnMap;
}
}
Aggregations