Examples with IdRepoUnsupportedOpException com.sun.identity.idm.IdRepoUnsupportedOpException used on opensource projects

Example 41 with IdRepoUnsupportedOpException

use of com.sun.identity.idm.IdRepoUnsupportedOpException in project OpenAM by OpenRock.

the class DJLDAPv3Repo method assignService.

/**
     * Assigns a service to the provided identity.
     * In case of a USER if the attribute map contains objectclasses, then
     * the existing set of objectclasses will be retrieved, and added to those. These settings will override the
     * existing values if any present.
     * In case of a REALM the service attributes will be persisted by the {@link IdRepoListener} implementation.
     *
     * @param token Not used.
     * @param type The type of the identity, this should be always USER or REALM.
     * @param name The name of the identity. Only used when identity type is USER.
     * @param serviceName The name of the service that needs to be assigned to the identity.
     * @param stype The schema type of the service that needs to be assigned.
     * @param attrMap The service configuration that needs to be saved for the identity.
     * @throws IdRepoException If there was an error while retrieving the user objectclasses, or when the settings were
     * being saved to the identity.
     */
@Override
public void assignService(SSOToken token, IdType type, String name, String serviceName, SchemaType stype, Map<String, Set<String>> attrMap) throws IdRepoException {
    if (DEBUG.messageEnabled()) {
        DEBUG.message("assignService invoked");
    }
    if (type.equals(IdType.USER)) {
        Set<String> ocs = attrMap.get(OBJECT_CLASS_ATTR);
        if (stype.equals(SchemaType.USER)) {
            if (ocs != null) {
                Map<String, Set<String>> attrs = getAttributes(token, type, name, asSet(OBJECT_CLASS_ATTR));
                ocs = new CaseInsensitiveHashSet(ocs);
                ocs.addAll(attrs.get(OBJECT_CLASS_ATTR));
                attrMap.put(OBJECT_CLASS_ATTR, ocs);
            }
            setAttributes(token, type, name, (Map) attrMap, false, true, false);
        }
    } else if (type.equals(IdType.REALM)) {
        if (serviceName != null && !serviceName.isEmpty() && attrMap != null) {
            Map<String, Set<String>> copyMap = new HashMap<String, Set<String>>(attrMap);
            serviceMap.put(serviceName, copyMap);
        }
        if (idRepoListener != null) {
            idRepoListener.setServiceAttributes(serviceName, serviceMap);
        }
    } else {
        throw new IdRepoUnsupportedOpException(IdRepoBundle.BUNDLE_NAME, IdRepoErrorCode.SERVICES_NOT_SUPPORTED_FOR_AGENTS_AND_GROUPS, new Object[] { CLASS_NAME });
    }
}

Example 42 with IdRepoUnsupportedOpException

use of com.sun.identity.idm.IdRepoUnsupportedOpException in project OpenAM by OpenRock.

the class DJLDAPv3Repo method changePassword.

/**
     * Changes password for the given identity by binding as the user first (i.e. this is not password reset). In case
     * of Active Directory the password will be encoded first. This will issue a DELETE for the old password and an ADD
     * for the new password value.
     *
     * @param token Not used.
     * @param type The type of the identity, this should be always USER.
     * @param name The name of the identity.
     * @param attrName The name of the password attribute, usually "userpassword" or "unicodepwd".
     * @param oldPassword The current password of the identity.
     * @param newPassword The new password of the idenity.
     * @throws IdRepoException If the identity type is invalid, or the entry cannot be found, or some other LDAP error
     * occurs while changing the password (like password policy related errors).
     */
@Override
public void changePassword(SSOToken token, IdType type, String name, String attrName, String oldPassword, String newPassword) throws IdRepoException {
    if (DEBUG.messageEnabled()) {
        DEBUG.message("changePassword invoked");
    }
    if (!type.equals(IdType.USER)) {
        throw new IdRepoUnsupportedOpException(IdRepoBundle.BUNDLE_NAME, IdRepoErrorCode.CHANGE_PASSWORD_ONLY_FOR_USER, new Object[] { CLASS_NAME });
    }
    String dn = getDN(type, name);
    BindRequest bindRequest = LDAPRequests.newSimpleBindRequest(dn, oldPassword.toCharArray());
    ModifyRequest modifyRequest = LDAPRequests.newModifyRequest(dn);
    byte[] encodedOldPwd = helper.encodePassword(oldPassword);
    byte[] encodedNewPwd = helper.encodePassword(newPassword);
    modifyRequest.addModification(ModificationType.DELETE, attrName, encodedOldPwd);
    modifyRequest.addModification(ModificationType.ADD, attrName, encodedNewPwd);
    Connection conn = null;
    try {
        conn = bindConnectionFactory.getConnection();
        conn.bind(bindRequest);
        conn.modify(modifyRequest);
    } catch (LdapException ere) {
        DEBUG.error("An error occurred while trying to change password for identity: " + name, ere);
        try {
            handleErrorResult(ere);
        } catch (IdRepoException e) {
            throw new PasswordPolicyException(e);
        }
    } finally {
        IOUtils.closeIfNotNull(conn);
    }
}

Example 43 with IdRepoUnsupportedOpException

use of com.sun.identity.idm.IdRepoUnsupportedOpException in project OpenAM by OpenRock.

the class AMSDKRepo method getServiceAttributes.

/*
     * (non-Javadoc)
     *
     * @see com.sun.identity.idm.IdRepo#getServiceAttributes(
     *      com.iplanet.sso.SSOToken,
     *      com.sun.identity.idm.IdType, java.lang.String, java.lang.String,
     *      java.util.Set)
     */
private Map getServiceAttributes(SSOToken token, IdType type, String name, String serviceName, Set attrNames, boolean isString) throws IdRepoException, SSOException {
    if (type.equals(IdType.AGENT) || type.equals(IdType.GROUP)) {
        Object[] args = { this.getClass().getName() };
        throw new IdRepoUnsupportedOpException(IdRepoBundle.BUNDLE_NAME, IdRepoErrorCode.SERVICES_NOT_SUPPORTED_FOR_AGENTS_AND_GROUPS, args);
    } else if (type.equals(IdType.USER)) {
        return (isString ? getAttributes(token, type, name, attrNames) : getBinaryAttributes(token, type, name, attrNames));
    } else if (type.equals(IdType.ROLE)) {
        try {
            AMStoreConnection amsc = (sc == null) ? new AMStoreConnection(token) : sc;
            String roleDN = getDN(type, name);
            AMRole role = amsc.getRole(roleDN);
            AMTemplate templ = role.getTemplate(serviceName, AMTemplate.DYNAMIC_TEMPLATE);
            if (templ != null && templ.isExists()) {
                return (isString ? templ.getAttributes(attrNames) : templ.getAttributesByteArray(attrNames));
            } else {
                if (debug.messageEnabled()) {
                    debug.message("AMSDKRepo::getServiceAttributes " + "Service: " + serviceName + " is not assigned to DN: " + roleDN);
                }
                return (Collections.EMPTY_MAP);
            }
        } catch (AMException ame) {
            throw IdUtils.convertAMException(ame);
        }
    } else if (type.equals(IdType.FILTEREDROLE) || type.equals(IdType.REALM)) {
        try {
            AMStoreConnection amsc = (sc == null) ? new AMStoreConnection(token) : sc;
            String roleDN = getDN(type, name);
            AMFilteredRole role = amsc.getFilteredRole(roleDN);
            AMTemplate templ = role.getTemplate(serviceName, AMTemplate.DYNAMIC_TEMPLATE);
            if (templ != null && templ.isExists()) {
                return (isString ? templ.getAttributes(attrNames) : templ.getAttributesByteArray(attrNames));
            } else {
                Object[] args = { serviceName };
                throw new IdRepoException(IdRepoBundle.BUNDLE_NAME, IdRepoErrorCode.SERVICE_NOT_ASSIGNED, args);
            }
        } catch (AMException ame) {
            throw IdUtils.convertAMException(ame);
        }
    } else {
        Object[] args = { this.getClass().getName() };
        throw new IdRepoUnsupportedOpException(IdRepoBundle.BUNDLE_NAME, IdRepoErrorCode.SERVICES_NOT_SUPPORTED_FOR_AGENTS_AND_GROUPS, args);
    }
}