Example 81 with PolicyException
use of com.sun.identity.policy.PolicyException in project OpenAM by OpenRock.
the class AuthenticateToServiceCondition method getConditionDecision.
/**
* Returns the decision computed by this condition object, based on the
* map of environment parameters
*
* @param token single sign on token of the user
*
* @param env request specific environment map of key/value pairs
* <code>AuthenticateToServiceCondition</code> looks for value of key
* <code>REQUEST_AUTHENTICATED_TO_SERVICES</code> in the map.
* The value should be a <code>Set</code> with <code>String</code>
* elements.
* If the <code>env</code> parameter is <code>null</code> or does not
* define the value for
* <code>REQUEST_AUTHENTICATED_TO_SERVICES</code>, value for
* <code>REQUEST_AUTHENTICATED_TO_SERVICES</code> is computed
* from sso token.
*
* @return the condition decision. The condition decision encapsulates
* whether a policy applies for the request and advice messages
* generated by the condition.
*
* Policy framework continues evaluating a policy only if it applies
* to the request as indicated by the <code>ConditionDecision</code>.
* Otherwise, further evaluation of the policy is skipped.
* However, the advice messages encapsulated in the
* <code>ConditionDecision</code> are aggregated and passed up, encapsulated
* in the policy decision.
*
* @throws PolicyException if the condition has not been initialized with a
* successful call to <code>setProperties(Map)</code> and/or the
* value of <code>REQUEST_AUTHENTICATED_TO_SERVICES</code>
* could not be determined.
* @throws SSOException if the token is invalid
*
* @see #setProperties(Map)
* @see #AUTHENTICATE_TO_SERVICE
* @see #REQUEST_AUTHENTICATED_TO_SERVICES
* @see com.sun.identity.policy.ConditionDecision
*/
public ConditionDecision getConditionDecision(SSOToken token, Map env) throws PolicyException, SSOException {
boolean allowed = false;
Set requestAuthnServices = new HashSet();
if ((env != null) && (env.get(REQUEST_AUTHENTICATED_TO_SERVICES) != null)) {
try {
requestAuthnServices = (Set) env.get(REQUEST_AUTHENTICATED_TO_SERVICES);
if (DEBUG.messageEnabled()) {
DEBUG.message("At AuthenticateToServiceCondition." + "getConditionDecision(): " + "requestAuthnServices from request = " + requestAuthnServices);
}
} catch (ClassCastException e) {
String[] args = { REQUEST_AUTHENTICATED_TO_SERVICES };
throw new PolicyException(ResBundleUtils.rbName, "property_is_not_a_Set", args, e);
}
} else {
if (token != null) {
Set authenticatedServices = AMAuthUtils.getRealmQualifiedAuthenticatedServices(token);
if (authenticatedServices != null) {
requestAuthnServices.addAll(authenticatedServices);
}
if (DEBUG.messageEnabled()) {
DEBUG.message("At AuthenticateToServiceCondition." + "getConditionDecision(): " + "requestAuthnServices from ssoToken = " + requestAuthnServices);
}
}
}
Set adviceMessages = new HashSet(1);
if (requestAuthnServices.contains(authenticateToService)) {
allowed = true;
} else if (realmEmpty) {
for (Iterator iter = requestAuthnServices.iterator(); iter.hasNext(); ) {
String requestAuthnService = (String) iter.next();
String service = AMAuthUtils.getDataFromRealmQualifiedData(requestAuthnService);
if (authenticateToService.equals(service)) {
allowed = true;
break;
}
}
}
if (!allowed) {
adviceMessages.add(authenticateToService);
if (DEBUG.messageEnabled()) {
DEBUG.message("At AuthenticateToServiceCondition." + "getConditionDecision():" + "authenticateToService not satisfied = " + authenticateToService);
}
}
if (DEBUG.messageEnabled()) {
DEBUG.message("At AuthenticateToServiceCondition." + "getConditionDecision():authenticateToService = " + authenticateToService + "," + " requestAuthnServices = " + requestAuthnServices + ", " + " allowed = " + allowed);
}
Map advices = new HashMap();
if (!allowed) {
advices.put(AUTHENTICATE_TO_SERVICE_CONDITION_ADVICE, adviceMessages);
}
return new ConditionDecision(allowed, advices);
}
Also used :
Set(java.util.Set)
HashSet(java.util.HashSet)
PolicyException(com.sun.identity.policy.PolicyException)
HashMap(java.util.HashMap)
Iterator(java.util.Iterator)
HashMap(java.util.HashMap)
Map(java.util.Map)
ConditionDecision(com.sun.identity.policy.ConditionDecision)
HashSet(java.util.HashSet)
Example 82 with PolicyException
use of com.sun.identity.policy.PolicyException in project OpenAM by OpenRock.
the class AuthLevelCondition method getAuthLevel.
/**
* Extract the integer auth level from String realm qualified
* ( realm:level) String.
*/
private int getAuthLevel(String qualifiedLevel) throws PolicyException {
int levelInt = 0;
String levelString = AMAuthUtils.getDataFromRealmQualifiedData(qualifiedLevel);
try {
levelInt = Integer.parseInt(levelString);
} catch (NumberFormatException nfe) {
if (DEBUG.warningEnabled()) {
DEBUG.warning("AuthLevelCondition.getAuthLevel(qualifiedLevel):" + "got NumberFormatException:" + "qualifiedLevel=" + qualifiedLevel + ", levelString = " + levelString);
}
Object[] args = { levelString };
throw new PolicyException(ResBundleUtils.rbName, "auth_level_not_integer", args, nfe);
}
return levelInt;
}
Also used :
PolicyException(com.sun.identity.policy.PolicyException)
Example 83 with PolicyException
use of com.sun.identity.policy.PolicyException in project OpenAM by OpenRock.
the class AuthLevelCondition method validateAuthLevels.
/**
* This method validates the auth levels set using the <code>setProperties
* </code> method. It is called from validateProperties() method.
* It validates <code>AUTH_LEVEL</code>.
* @see #AUTH_LEVEL
*/
private boolean validateAuthLevels(Set authLevelSet) throws PolicyException {
if (authLevelSet.isEmpty() || (authLevelSet.size() > 1)) {
String[] args = { AUTH_LEVEL };
throw new PolicyException(ResBundleUtils.rbName, "property_does_not_allow_empty_or_multiple_values", args, null);
}
Iterator authLevels = authLevelSet.iterator();
authLevel = (String) authLevels.next();
try {
authRealm = AMAuthUtils.getRealmFromRealmQualifiedData(authLevel);
String authLevelIntString = AMAuthUtils.getDataFromRealmQualifiedData(authLevel);
authLevelInt = Integer.parseInt(authLevelIntString);
} catch (NumberFormatException e) {
String[] args = { AUTH_LEVEL };
throw new PolicyException(ResBundleUtils.rbName, "property_is_not_an_Integer", args, null);
}
return true;
}
Also used :
PolicyException(com.sun.identity.policy.PolicyException)
Iterator(java.util.Iterator)
Example 84 with PolicyException
use of com.sun.identity.policy.PolicyException in project OpenAM by OpenRock.
the class AuthLevelCondition method validateProperties.
/**
* This method validates the properties set using the <code>setProperties
* </code> method. It checks for the presence of the required key
* <code>AUTH_LEVEL</code>, validates it and also makes sure no other
* invalid key is being set.
* @see #AUTH_LEVEL
*/
private boolean validateProperties() throws PolicyException {
if ((properties == null) || (properties.keySet() == null)) {
throw new PolicyException(ResBundleUtils.rbName, "properties_can_not_be_null_or_empty", null, null);
}
if (DEBUG.messageEnabled()) {
DEBUG.message("AuthLevelCondition.setProperties()," + "properties=" + properties);
}
Set keySet = properties.keySet();
//Check if the required key(s) are defined
if (!keySet.contains(AUTH_LEVEL)) {
String[] args = { AUTH_LEVEL };
throw new PolicyException(ResBundleUtils.rbName, "property_value_not_defined", args, null);
}
//Check if all the keys are valid
Iterator keys = keySet.iterator();
while (keys.hasNext()) {
String key = (String) keys.next();
if (!AUTH_LEVEL.equals(key)) {
String[] args = { key };
throw new PolicyException(ResBundleUtils.rbName, "attempt_to_set_invalid_property ", args, null);
}
}
//validate AUTH_LEVEL
Set authLevelSet = (Set) properties.get(AUTH_LEVEL);
if (authLevelSet != null) {
validateAuthLevels(authLevelSet);
}
if (DEBUG.messageEnabled()) {
DEBUG.message("AuthLevelCondition.setProperties()," + "authLevel=" + authLevel + ",authRealm=" + authRealm + ",authLevelInt=" + authLevelInt);
}
return true;
}
Also used :
Set(java.util.Set)
HashSet(java.util.HashSet)
PolicyException(com.sun.identity.policy.PolicyException)
Iterator(java.util.Iterator)
Example 85 with PolicyException
use of com.sun.identity.policy.PolicyException in project OpenAM by OpenRock.
the class SimpleTimeCondition method validateDates.
/**
* extracts <code>startDate</code> and <code>endDate</code> from the
* respective <code>Set</code>, throws Exception for invalid data
* like startDate > endDate or format.
* @see #START_DATE
* @see #END_DATE
*/
private boolean validateDates(Set startDateSet, Set endDateSet) throws PolicyException {
if (startDateSet.size() != 1) {
String[] args = { START_DATE };
throw new PolicyException(ResBundleUtils.rbName, "property_does_not_allow_multiple_values", args, null);
}
if (endDateSet.size() != 1) {
String[] args = { END_DATE };
throw new PolicyException(ResBundleUtils.rbName, "property_does_not_allow_multiple_values", args, null);
}
DateFormat df = new SimpleDateFormat(DATE_FORMAT);
df.setLenient(false);
df.setTimeZone(TimeZone.getTimeZone("GMT"));
String startDateString = (String) (startDateSet.iterator().next());
String endDateString = (String) (endDateSet.iterator().next());
Date date1 = null;
Date date2 = null;
try {
date1 = df.parse(startDateString);
} catch (Exception e) {
String[] args = { START_DATE, startDateString };
throw new PolicyException(ResBundleUtils.rbName, "invalid_property_value", args, e);
}
try {
date2 = df.parse(endDateString);
} catch (Exception e) {
String[] args = { END_DATE, endDateString };
throw new PolicyException(ResBundleUtils.rbName, "invalid_property_value", args, e);
}
if (date1.getTime() > date2.getTime()) {
throw new PolicyException(ResBundleUtils.rbName, "start_date_can_not_be_larger_than_end_date", null, null);
}
Calendar cal = new GregorianCalendar(TimeZone.getTimeZone("GMT"));
cal.setTime(date1);
startDate[0] = cal.get(Calendar.YEAR);
startDate[1] = cal.get(Calendar.MONTH);
startDate[2] = cal.get(Calendar.DAY_OF_MONTH);
cal.setTime(date2);
endDate[0] = cal.get(Calendar.YEAR);
endDate[1] = cal.get(Calendar.MONTH);
endDate[2] = cal.get(Calendar.DAY_OF_MONTH);
return true;
}
Also used :
PolicyException(com.sun.identity.policy.PolicyException)
SSOException(com.iplanet.sso.SSOException)
PolicyException(com.sun.identity.policy.PolicyException)
Aggregations
PolicyException (com.sun.identity.policy.PolicyException)151
SSOException (com.iplanet.sso.SSOException)64
HashSet (java.util.HashSet)63
Set (java.util.Set)57
Iterator (java.util.Iterator)50
PolicyManager (com.sun.identity.policy.PolicyManager)35
NameNotFoundException (com.sun.identity.policy.NameNotFoundException)32
HashMap (java.util.HashMap)28
Map (java.util.Map)27
AMConsoleException (com.sun.identity.console.base.model.AMConsoleException)26
ByteString (org.forgerock.opendj.ldap.ByteString)16
EntitlementException (com.sun.identity.entitlement.EntitlementException)14
LdapException (org.forgerock.opendj.ldap.LdapException)13
ResultCode (org.forgerock.opendj.ldap.ResultCode)13
Connection (org.forgerock.opendj.ldap.Connection)12
SearchResultEntry (org.forgerock.opendj.ldap.responses.SearchResultEntry)12
InvalidNameException (com.sun.identity.policy.InvalidNameException)11
ValidValues (com.sun.identity.policy.ValidValues)11
IOException (java.io.IOException)11
ConnectionEntryReader (org.forgerock.opendj.ldif.ConnectionEntryReader)11
