use of com.sun.identity.policy.PolicyException in project OpenAM by OpenRock.
the class LEAuthLevelCondition method getMaxRequestAuthLevel.
/**
* gets the maximum auth level specified for the REQUEST_AUTH_LEVEL
* property in the environment Map.
* @see #REQUEST_AUTH_LEVEL
*/
private int getMaxRequestAuthLevel(Map env) throws PolicyException {
int maxAuthLevel = Integer.MIN_VALUE;
int currentAuthLevel = Integer.MIN_VALUE;
if (DEBUG.messageEnabled()) {
DEBUG.message("LEAuthLevelCondition.getMaxRequestAuthLevel(" + "envMap,realm): entering: envMap= " + env + ", authRealm= " + authRealm + ", conditionAuthLevel= " + authLevel);
}
Object envAuthLevelObject = env.get(REQUEST_AUTH_LEVEL);
if (envAuthLevelObject != null) {
if (envAuthLevelObject instanceof Integer) {
if ((authRealm == null) || (authRealm.length() == 0)) {
maxAuthLevel = ((Integer) envAuthLevelObject).intValue();
if (DEBUG.messageEnabled()) {
DEBUG.message("AuthLevelCondition." + "getMaxRequestAuthLevel():Integer level in env= " + maxAuthLevel);
}
}
} else if (envAuthLevelObject instanceof Set) {
Set envAuthLevelSet = (Set) envAuthLevelObject;
if (!envAuthLevelSet.isEmpty()) {
Iterator iter = envAuthLevelSet.iterator();
while (iter.hasNext()) {
Object envAuthLevelElement = iter.next();
if (!(envAuthLevelElement instanceof String)) {
if (DEBUG.warningEnabled()) {
DEBUG.warning("LEAuthLevelCondition." + "getMaxRequestAuthLevel():" + "requestAuthLevel Set element" + " not String");
}
throw new PolicyException(ResBundleUtils.rbName, "request_authlevel_in_env_set_element_not_string", null, null);
} else {
String qualifiedLevel = (String) envAuthLevelElement;
currentAuthLevel = getAuthLevel(qualifiedLevel);
if ((authRealm == null) || authRealm.length() == 0) {
if (currentAuthLevel > maxAuthLevel) {
maxAuthLevel = currentAuthLevel;
}
} else {
String realmString = AMAuthUtils.getRealmFromRealmQualifiedData(qualifiedLevel);
if (authRealm.equals(realmString) && (currentAuthLevel > maxAuthLevel)) {
maxAuthLevel = currentAuthLevel;
}
}
}
}
}
} else {
if (DEBUG.warningEnabled()) {
DEBUG.warning("LEAuthLevelCondition." + "getMaxRequestAuthLevel():requestAuthLevel in env " + "neither Integer nor Set");
}
throw new PolicyException(ResBundleUtils.rbName, "request_authlevel_in_env_not_Integer_or_set", null, null);
}
}
if (DEBUG.messageEnabled()) {
DEBUG.message("LEAuthLevelCondition.getMaxRequestAuthLevel(" + "): returning: maxAuthLevel=" + maxAuthLevel);
}
return maxAuthLevel;
}
use of com.sun.identity.policy.PolicyException in project OpenAM by OpenRock.
the class MigrateValidGotoSetting method initialize.
@Override
public void initialize() throws UpgradeException {
try {
final PolicyManager pm = new PolicyManager(getAdminToken(), HIDDEN_REALM);
if (pm.getPolicyNames(DELEGATION_POLICY_NAME).isEmpty()) {
if (DEBUG.messageEnabled()) {
DEBUG.message("Unable to find the delegation policy in the hidden realm, looking for existing goto" + " domain values.");
}
//The delegation policy is not defined yet in the configuration, we need to migrate the goto domains.
final ServiceConfigManager scm = new ServiceConfigManager(ISAuthConstants.AUTH_SERVICE_NAME, getAdminToken());
for (final String realm : getRealmNames()) {
if (DEBUG.messageEnabled()) {
DEBUG.message("Looking for valid goto URLs in realm " + realm);
}
final ServiceConfig organizationConfig = scm.getOrganizationConfig(realm, null);
final Map<String, Set<String>> attrs = organizationConfig.getAttributesWithoutDefaults();
final Set<String> validDomains = attrs.get(LEGACY_GOTO_DOMAINS_SETTING);
if (validDomains != null && !validDomains.isEmpty()) {
changes.put(realm, validDomains);
}
}
if (DEBUG.messageEnabled()) {
DEBUG.message("Found the following existing goto URL domains in realms: " + changes);
}
} else {
delegationPolicyFound = true;
}
} catch (final NameNotFoundException nnfe) {
throw new UpgradeException("Unable to find hidden realm", nnfe);
} catch (final PolicyException pe) {
throw new UpgradeException("Unexpected error occurred while retrieving policies from the hidden realm", pe);
} catch (final SMSException smse) {
throw new UpgradeException("An error occurred while checking for old valid goto domains", smse);
} catch (final SSOException ssoe) {
throw new UpgradeException("An error occurred while checking for old valid goto domains", ssoe);
}
}
use of com.sun.identity.policy.PolicyException in project OpenAM by OpenRock.
the class MigrateValidGotoSetting method perform.
@Override
public void perform() throws UpgradeException {
try {
if (!changes.isEmpty()) {
final ServiceConfigManager validationService = new ServiceConfigManager(VALIDATION_SERVICE, getAdminToken());
final ServiceConfigManager authService = new ServiceConfigManager(ISAuthConstants.AUTH_SERVICE_NAME, getAdminToken());
for (final Map.Entry<String, Set<String>> entry : changes.entrySet()) {
final String realm = entry.getKey();
if (DEBUG.messageEnabled()) {
DEBUG.message("Starting to migrate goto domains for realm: " + realm);
}
UpgradeProgress.reportStart("upgrade.goto.migrate.start", realm);
validationService.createOrganizationConfig(realm, getAttrMap(GOTO_RESOURCES, entry.getValue()));
//The settings now are migrated, we should now clear up the legacy settings
if (DEBUG.messageEnabled()) {
DEBUG.message("Removing old goto domains from iPlanetAMAuthService");
}
final ServiceConfig organizationConfig = authService.getOrganizationConfig(realm, null);
organizationConfig.setAttributes(getAttrMap(LEGACY_GOTO_DOMAINS_SETTING, Collections.EMPTY_SET));
UpgradeProgress.reportEnd("upgrade.success");
}
}
if (DEBUG.messageEnabled()) {
DEBUG.message("Attempting to create the delegation policy in the hidden realm");
}
UpgradeProgress.reportStart("upgrade.goto.policy.start");
final PolicyManager pm = new PolicyManager(getAdminToken(), HIDDEN_REALM);
String policy = AMSetupServlet.readFile(DELEGATION_POLICY_FILE);
policy = ServicesDefaultValues.tagSwap(policy, true);
//Adding the delegation privileges to allow agent accounts to read the new validationService.
PolicyUtils.createPolicies(pm, new ByteArrayInputStream(policy.getBytes()));
if (DEBUG.messageEnabled()) {
DEBUG.message("Delegation policy successfully created under the hidden realm");
}
UpgradeProgress.reportEnd("upgrade.success");
} catch (final IOException ioe) {
UpgradeProgress.reportEnd("upgrade.failed");
throw new UpgradeException("An IO error occurred while reading the delegation policy", ioe);
} catch (final PolicyException pe) {
UpgradeProgress.reportEnd("upgrade.failed");
throw new UpgradeException("An unexpected error occurred while importing the delegation policy", pe);
} catch (final SMSException smse) {
UpgradeProgress.reportEnd("upgrade.failed");
throw new UpgradeException("An error occurred while migrating the valid goto domain setting", smse);
} catch (final SSOException ssoe) {
UpgradeProgress.reportEnd("upgrade.failed");
throw new UpgradeException("An error occurred while migrating the valid goto domain setting", ssoe);
}
}
use of com.sun.identity.policy.PolicyException in project OpenAM by OpenRock.
the class TwoStepVerificationSettingUpgrade method initialize.
@Override
public void initialize() throws UpgradeException {
try {
// Does the policy already exist...
manager = new PolicyManager(getAdminToken(), HIDDEN_REALM);
applicable = manager.getPolicyNames(EVALUATE_POLICY).isEmpty();
} catch (SSOException ssoE) {
throw new UpgradeException("Failed to identify existing privileges", ssoE);
} catch (PolicyException pE) {
throw new UpgradeException("Failed to identify existing privileges", pE);
}
}
use of com.sun.identity.policy.PolicyException in project OpenAM by OpenRock.
the class IPv4Condition method stringToIp.
/**
* Converts String represenration of IP address to
* a long.
*/
private long stringToIp(String ip) throws PolicyException {
StringTokenizer st = new StringTokenizer(ip, ".");
int tokenCount = st.countTokens();
if (tokenCount != 4) {
String[] args = { "ip", ip };
throw new PolicyException(ResBundleUtils.rbName, "invalid_property_value", args, null);
}
long ipValue = 0L;
while (st.hasMoreElements()) {
String s = st.nextToken();
short ipElement = 0;
try {
ipElement = Short.parseShort(s);
} catch (Exception e) {
String[] args = { "ip", ip };
throw new PolicyException(ResBundleUtils.rbName, "invalid_property_value", args, null);
}
if (ipElement < 0 || ipElement > 255) {
String[] args = { "ipElement", s };
throw new PolicyException(ResBundleUtils.rbName, "invalid_property_value", args, null);
}
ipValue = ipValue * 256L + ipElement;
}
return ipValue;
}
Aggregations