Search in sources :

Example 46 with PolicyException

use of com.sun.identity.policy.PolicyException in project OpenAM by OpenRock.

the class LEAuthLevelCondition method getMaxRequestAuthLevel.

/**
     * gets the maximum auth level specified for the REQUEST_AUTH_LEVEL
     * property in the environment Map.
     * @see #REQUEST_AUTH_LEVEL
     */
private int getMaxRequestAuthLevel(Map env) throws PolicyException {
    int maxAuthLevel = Integer.MIN_VALUE;
    int currentAuthLevel = Integer.MIN_VALUE;
    if (DEBUG.messageEnabled()) {
        DEBUG.message("LEAuthLevelCondition.getMaxRequestAuthLevel(" + "envMap,realm): entering: envMap= " + env + ", authRealm= " + authRealm + ", conditionAuthLevel= " + authLevel);
    }
    Object envAuthLevelObject = env.get(REQUEST_AUTH_LEVEL);
    if (envAuthLevelObject != null) {
        if (envAuthLevelObject instanceof Integer) {
            if ((authRealm == null) || (authRealm.length() == 0)) {
                maxAuthLevel = ((Integer) envAuthLevelObject).intValue();
                if (DEBUG.messageEnabled()) {
                    DEBUG.message("AuthLevelCondition." + "getMaxRequestAuthLevel():Integer level in env= " + maxAuthLevel);
                }
            }
        } else if (envAuthLevelObject instanceof Set) {
            Set envAuthLevelSet = (Set) envAuthLevelObject;
            if (!envAuthLevelSet.isEmpty()) {
                Iterator iter = envAuthLevelSet.iterator();
                while (iter.hasNext()) {
                    Object envAuthLevelElement = iter.next();
                    if (!(envAuthLevelElement instanceof String)) {
                        if (DEBUG.warningEnabled()) {
                            DEBUG.warning("LEAuthLevelCondition." + "getMaxRequestAuthLevel():" + "requestAuthLevel Set element" + " not String");
                        }
                        throw new PolicyException(ResBundleUtils.rbName, "request_authlevel_in_env_set_element_not_string", null, null);
                    } else {
                        String qualifiedLevel = (String) envAuthLevelElement;
                        currentAuthLevel = getAuthLevel(qualifiedLevel);
                        if ((authRealm == null) || authRealm.length() == 0) {
                            if (currentAuthLevel > maxAuthLevel) {
                                maxAuthLevel = currentAuthLevel;
                            }
                        } else {
                            String realmString = AMAuthUtils.getRealmFromRealmQualifiedData(qualifiedLevel);
                            if (authRealm.equals(realmString) && (currentAuthLevel > maxAuthLevel)) {
                                maxAuthLevel = currentAuthLevel;
                            }
                        }
                    }
                }
            }
        } else {
            if (DEBUG.warningEnabled()) {
                DEBUG.warning("LEAuthLevelCondition." + "getMaxRequestAuthLevel():requestAuthLevel in env " + "neither Integer nor Set");
            }
            throw new PolicyException(ResBundleUtils.rbName, "request_authlevel_in_env_not_Integer_or_set", null, null);
        }
    }
    if (DEBUG.messageEnabled()) {
        DEBUG.message("LEAuthLevelCondition.getMaxRequestAuthLevel(" + "): returning: maxAuthLevel=" + maxAuthLevel);
    }
    return maxAuthLevel;
}
Also used : Set(java.util.Set) HashSet(java.util.HashSet) PolicyException(com.sun.identity.policy.PolicyException) Iterator(java.util.Iterator)

Example 47 with PolicyException

use of com.sun.identity.policy.PolicyException in project OpenAM by OpenRock.

the class MigrateValidGotoSetting method initialize.

@Override
public void initialize() throws UpgradeException {
    try {
        final PolicyManager pm = new PolicyManager(getAdminToken(), HIDDEN_REALM);
        if (pm.getPolicyNames(DELEGATION_POLICY_NAME).isEmpty()) {
            if (DEBUG.messageEnabled()) {
                DEBUG.message("Unable to find the delegation policy in the hidden realm, looking for existing goto" + " domain values.");
            }
            //The delegation policy is not defined yet in the configuration, we need to migrate the goto domains.
            final ServiceConfigManager scm = new ServiceConfigManager(ISAuthConstants.AUTH_SERVICE_NAME, getAdminToken());
            for (final String realm : getRealmNames()) {
                if (DEBUG.messageEnabled()) {
                    DEBUG.message("Looking for valid goto URLs in realm " + realm);
                }
                final ServiceConfig organizationConfig = scm.getOrganizationConfig(realm, null);
                final Map<String, Set<String>> attrs = organizationConfig.getAttributesWithoutDefaults();
                final Set<String> validDomains = attrs.get(LEGACY_GOTO_DOMAINS_SETTING);
                if (validDomains != null && !validDomains.isEmpty()) {
                    changes.put(realm, validDomains);
                }
            }
            if (DEBUG.messageEnabled()) {
                DEBUG.message("Found the following existing goto URL domains in realms: " + changes);
            }
        } else {
            delegationPolicyFound = true;
        }
    } catch (final NameNotFoundException nnfe) {
        throw new UpgradeException("Unable to find hidden realm", nnfe);
    } catch (final PolicyException pe) {
        throw new UpgradeException("Unexpected error occurred while retrieving policies from the hidden realm", pe);
    } catch (final SMSException smse) {
        throw new UpgradeException("An error occurred while checking for old valid goto domains", smse);
    } catch (final SSOException ssoe) {
        throw new UpgradeException("An error occurred while checking for old valid goto domains", ssoe);
    }
}
Also used : UpgradeException(org.forgerock.openam.upgrade.UpgradeException) PolicyManager(com.sun.identity.policy.PolicyManager) Set(java.util.Set) ServiceConfig(com.sun.identity.sm.ServiceConfig) NameNotFoundException(com.sun.identity.policy.NameNotFoundException) PolicyException(com.sun.identity.policy.PolicyException) SMSException(com.sun.identity.sm.SMSException) SSOException(com.iplanet.sso.SSOException) ServiceConfigManager(com.sun.identity.sm.ServiceConfigManager)

Example 48 with PolicyException

use of com.sun.identity.policy.PolicyException in project OpenAM by OpenRock.

the class MigrateValidGotoSetting method perform.

@Override
public void perform() throws UpgradeException {
    try {
        if (!changes.isEmpty()) {
            final ServiceConfigManager validationService = new ServiceConfigManager(VALIDATION_SERVICE, getAdminToken());
            final ServiceConfigManager authService = new ServiceConfigManager(ISAuthConstants.AUTH_SERVICE_NAME, getAdminToken());
            for (final Map.Entry<String, Set<String>> entry : changes.entrySet()) {
                final String realm = entry.getKey();
                if (DEBUG.messageEnabled()) {
                    DEBUG.message("Starting to migrate goto domains for realm: " + realm);
                }
                UpgradeProgress.reportStart("upgrade.goto.migrate.start", realm);
                validationService.createOrganizationConfig(realm, getAttrMap(GOTO_RESOURCES, entry.getValue()));
                //The settings now are migrated, we should now clear up the legacy settings
                if (DEBUG.messageEnabled()) {
                    DEBUG.message("Removing old goto domains from iPlanetAMAuthService");
                }
                final ServiceConfig organizationConfig = authService.getOrganizationConfig(realm, null);
                organizationConfig.setAttributes(getAttrMap(LEGACY_GOTO_DOMAINS_SETTING, Collections.EMPTY_SET));
                UpgradeProgress.reportEnd("upgrade.success");
            }
        }
        if (DEBUG.messageEnabled()) {
            DEBUG.message("Attempting to create the delegation policy in the hidden realm");
        }
        UpgradeProgress.reportStart("upgrade.goto.policy.start");
        final PolicyManager pm = new PolicyManager(getAdminToken(), HIDDEN_REALM);
        String policy = AMSetupServlet.readFile(DELEGATION_POLICY_FILE);
        policy = ServicesDefaultValues.tagSwap(policy, true);
        //Adding the delegation privileges to allow agent accounts to read the new validationService.
        PolicyUtils.createPolicies(pm, new ByteArrayInputStream(policy.getBytes()));
        if (DEBUG.messageEnabled()) {
            DEBUG.message("Delegation policy successfully created under the hidden realm");
        }
        UpgradeProgress.reportEnd("upgrade.success");
    } catch (final IOException ioe) {
        UpgradeProgress.reportEnd("upgrade.failed");
        throw new UpgradeException("An IO error occurred while reading the delegation policy", ioe);
    } catch (final PolicyException pe) {
        UpgradeProgress.reportEnd("upgrade.failed");
        throw new UpgradeException("An unexpected error occurred while importing the delegation policy", pe);
    } catch (final SMSException smse) {
        UpgradeProgress.reportEnd("upgrade.failed");
        throw new UpgradeException("An error occurred while migrating the valid goto domain setting", smse);
    } catch (final SSOException ssoe) {
        UpgradeProgress.reportEnd("upgrade.failed");
        throw new UpgradeException("An error occurred while migrating the valid goto domain setting", ssoe);
    }
}
Also used : PolicyManager(com.sun.identity.policy.PolicyManager) Set(java.util.Set) SMSException(com.sun.identity.sm.SMSException) SSOException(com.iplanet.sso.SSOException) IOException(java.io.IOException) UpgradeException(org.forgerock.openam.upgrade.UpgradeException) ServiceConfig(com.sun.identity.sm.ServiceConfig) ByteArrayInputStream(java.io.ByteArrayInputStream) PolicyException(com.sun.identity.policy.PolicyException) HashMap(java.util.HashMap) Map(java.util.Map) ServiceConfigManager(com.sun.identity.sm.ServiceConfigManager)

Example 49 with PolicyException

use of com.sun.identity.policy.PolicyException in project OpenAM by OpenRock.

the class TwoStepVerificationSettingUpgrade method initialize.

@Override
public void initialize() throws UpgradeException {
    try {
        // Does the policy already exist...
        manager = new PolicyManager(getAdminToken(), HIDDEN_REALM);
        applicable = manager.getPolicyNames(EVALUATE_POLICY).isEmpty();
    } catch (SSOException ssoE) {
        throw new UpgradeException("Failed to identify existing privileges", ssoE);
    } catch (PolicyException pE) {
        throw new UpgradeException("Failed to identify existing privileges", pE);
    }
}
Also used : UpgradeException(org.forgerock.openam.upgrade.UpgradeException) PolicyManager(com.sun.identity.policy.PolicyManager) PolicyException(com.sun.identity.policy.PolicyException) SSOException(com.iplanet.sso.SSOException)

Example 50 with PolicyException

use of com.sun.identity.policy.PolicyException in project OpenAM by OpenRock.

the class IPv4Condition method stringToIp.

/**
     * Converts String represenration of IP address to
     * a long.
     */
private long stringToIp(String ip) throws PolicyException {
    StringTokenizer st = new StringTokenizer(ip, ".");
    int tokenCount = st.countTokens();
    if (tokenCount != 4) {
        String[] args = { "ip", ip };
        throw new PolicyException(ResBundleUtils.rbName, "invalid_property_value", args, null);
    }
    long ipValue = 0L;
    while (st.hasMoreElements()) {
        String s = st.nextToken();
        short ipElement = 0;
        try {
            ipElement = Short.parseShort(s);
        } catch (Exception e) {
            String[] args = { "ip", ip };
            throw new PolicyException(ResBundleUtils.rbName, "invalid_property_value", args, null);
        }
        if (ipElement < 0 || ipElement > 255) {
            String[] args = { "ipElement", s };
            throw new PolicyException(ResBundleUtils.rbName, "invalid_property_value", args, null);
        }
        ipValue = ipValue * 256L + ipElement;
    }
    return ipValue;
}
Also used : StringTokenizer(java.util.StringTokenizer) PolicyException(com.sun.identity.policy.PolicyException) SSOException(com.iplanet.sso.SSOException) PolicyException(com.sun.identity.policy.PolicyException)

Aggregations

PolicyException (com.sun.identity.policy.PolicyException)151 SSOException (com.iplanet.sso.SSOException)64 HashSet (java.util.HashSet)63 Set (java.util.Set)57 Iterator (java.util.Iterator)50 PolicyManager (com.sun.identity.policy.PolicyManager)35 NameNotFoundException (com.sun.identity.policy.NameNotFoundException)32 HashMap (java.util.HashMap)28 Map (java.util.Map)27 AMConsoleException (com.sun.identity.console.base.model.AMConsoleException)26 ByteString (org.forgerock.opendj.ldap.ByteString)16 EntitlementException (com.sun.identity.entitlement.EntitlementException)14 LdapException (org.forgerock.opendj.ldap.LdapException)13 ResultCode (org.forgerock.opendj.ldap.ResultCode)13 Connection (org.forgerock.opendj.ldap.Connection)12 SearchResultEntry (org.forgerock.opendj.ldap.responses.SearchResultEntry)12 InvalidNameException (com.sun.identity.policy.InvalidNameException)11 ValidValues (com.sun.identity.policy.ValidValues)11 IOException (java.io.IOException)11 ConnectionEntryReader (org.forgerock.opendj.ldif.ConnectionEntryReader)11