Example 26 with PolicyException
use of com.sun.identity.policy.PolicyException in project OpenAM by OpenRock.
the class LDAPUsers method initialize.
/**
* Initialize the LDAPGroup object by using the configuration
* information passed by the Policy Framework.
* @param configParams the configuration information
* @exception PolicyException if an error occured during
* initialization of the instance
*/
public void initialize(Map configParams) throws PolicyException {
if (configParams == null) {
throw (new PolicyException(ResBundleUtils.rbName, "ldapusers_initialization_failed", null, null));
}
String configuredLdapServer = (String) configParams.get(PolicyConfig.LDAP_SERVER);
if (configuredLdapServer == null) {
debug.error("LDAPUsers.initialize(): failed to get LDAP " + "server name. If you enter more than one server name " + "in the policy config service's Primary LDAP Server " + "field, please make sure the ldap server name is preceded " + "with the local server name.");
throw (new PolicyException(ResBundleUtils.rbName, "invalid_ldap_server_host", null, null));
}
ldapServer = configuredLdapServer.toLowerCase();
localDS = PolicyUtils.isLocalDS(ldapServer);
aliasEnabled = Boolean.valueOf((String) configParams.get(PolicyConfig.USER_ALIAS_ENABLED));
String authid = (String) configParams.get(PolicyConfig.LDAP_BIND_DN);
String authpw = (String) configParams.get(PolicyConfig.LDAP_BIND_PASSWORD);
if (authpw != null) {
authpw = PolicyUtils.decrypt(authpw);
}
baseDN = (String) configParams.get(PolicyConfig.LDAP_USERS_BASE_DN);
userSearchFilter = (String) configParams.get(PolicyConfig.LDAP_USERS_SEARCH_FILTER);
String scope = (String) configParams.get(PolicyConfig.LDAP_USERS_SEARCH_SCOPE);
if (scope.equalsIgnoreCase(LDAP_SCOPE_BASE)) {
userSearchScope = SearchScope.BASE_OBJECT;
} else if (scope.equalsIgnoreCase(LDAP_SCOPE_ONE)) {
userSearchScope = SearchScope.SINGLE_LEVEL;
} else {
userSearchScope = SearchScope.WHOLE_SUBTREE;
}
userRDNAttrName = (String) configParams.get(PolicyConfig.LDAP_USER_SEARCH_ATTRIBUTE);
int minPoolSize;
int maxPoolSize;
try {
timeLimit = Integer.parseInt((String) configParams.get(PolicyConfig.LDAP_SEARCH_TIME_OUT));
maxResults = Integer.parseInt((String) configParams.get(PolicyConfig.LDAP_SEARCH_LIMIT));
minPoolSize = Integer.parseInt((String) configParams.get(PolicyConfig.LDAP_CONNECTION_POOL_MIN_SIZE));
maxPoolSize = Integer.parseInt((String) configParams.get(PolicyConfig.LDAP_CONNECTION_POOL_MAX_SIZE));
} catch (NumberFormatException nfe) {
throw (new PolicyException(nfe));
}
boolean sslEnabled = Boolean.valueOf((String) configParams.get(PolicyConfig.LDAP_SSL_ENABLED));
// get the organization name
Set orgNameSet = (Set) configParams.get(PolicyManager.ORGANIZATION_NAME);
if ((orgNameSet != null) && (!orgNameSet.isEmpty())) {
Iterator items = orgNameSet.iterator();
orgName = (String) items.next();
}
if (debug.messageEnabled()) {
debug.message("LDAPUsers.initialize(): getting params" + "\nldapServer: " + ldapServer + "\nauthid: " + authid + "\nbaseDN: " + baseDN + "\nuserSearchFilter: " + userSearchFilter + "\nuserRDNAttrName: " + userRDNAttrName + "\ntimeLimit: " + timeLimit + "\nmaxResults: " + maxResults + "\nminPoolSize: " + minPoolSize + "\nmaxPoolSize: " + maxPoolSize + "\nSSLEnabled: " + sslEnabled + "\nOrgName: " + orgName);
}
// initialize the connection pool for the ldap server
LDAPConnectionPools.initConnectionPool(ldapServer, authid, authpw, sslEnabled, minPoolSize, maxPoolSize);
connPool = LDAPConnectionPools.getConnectionPool(ldapServer);
initialized = true;
}
Also used :
HashSet(java.util.HashSet)
Set(java.util.Set)
PolicyException(com.sun.identity.policy.PolicyException)
Iterator(java.util.Iterator)
ByteString(org.forgerock.opendj.ldap.ByteString)
Example 27 with PolicyException
use of com.sun.identity.policy.PolicyException in project OpenAM by OpenRock.
the class Organization method getValidValues.
/**
* Returns a list of possible values for the <code>Organization
* </code> that satisfy the given <code>pattern</code>.
*
* @param token the <code>SSOToken</code> that will be used
* to determine the possible values
* @param pattern search pattern that will be used to narrow
* the list of valid names.
*
* @return <code>ValidValues</code>
*
* @exception SSOException if <code>SSOToken</code> is not valid
* @exception PolicyException if unable to get the list of valid
* names.
*/
public ValidValues getValidValues(SSOToken token, String pattern) throws SSOException, PolicyException {
if (!initialized) {
throw (new PolicyException(ResBundleUtils.rbName, "org_subject_not_yet_initialized", null, null));
}
String searchFilter = null;
if ((pattern != null) && !(pattern.trim().length() == 0)) {
searchFilter = "(&" + orgSearchFilter + "(" + orgRDNAttrName + "=" + pattern + "))";
} else {
searchFilter = orgSearchFilter;
}
if (debug.messageEnabled()) {
debug.message("Organization.getValidValues(): organization search filter is: " + searchFilter);
}
String[] attrs = { orgRDNAttrName };
Set<String> validOrgDNs = new HashSet<>();
int status = ValidValues.SUCCESS;
try {
SearchRequest request = LDAPRequests.newSearchRequest(baseDN, orgSearchScope, searchFilter, attrs);
try (Connection conn = connPool.getConnection()) {
// connect to the server to authenticate
ConnectionEntryReader reader = conn.search(request);
while (reader.hasNext()) {
if (reader.isReference()) {
//ignore
reader.readReference();
} else {
SearchResultEntry entry = reader.readEntry();
validOrgDNs.add(entry.getName().toString());
debug.message("Organization.getValidValues(): found org name = {}", entry.getName().toString());
}
}
}
} catch (LdapException le) {
ResultCode resultCode = le.getResult().getResultCode();
if (ResultCode.SIZE_LIMIT_EXCEEDED.equals(resultCode)) {
debug.warning("Organization.getValidValues(): exceeded the size limit");
status = ValidValues.SIZE_LIMIT_EXCEEDED;
} else if (ResultCode.TIME_LIMIT_EXCEEDED.equals(resultCode)) {
debug.warning("Organization.getValidValues(): exceeded the time limit");
status = ValidValues.TIME_LIMIT_EXCEEDED;
} else {
if (ResultCode.INVALID_CREDENTIALS.equals(resultCode)) {
throw new PolicyException(ResBundleUtils.rbName, "ldap_invalid_password", null, null);
} else if (ResultCode.NO_SUCH_OBJECT.equals(resultCode)) {
String[] objs = { baseDN };
throw new PolicyException(ResBundleUtils.rbName, "no_such_ldap_base_dn", objs, null);
}
String errorMsg = le.getMessage();
String additionalMsg = le.getResult().getDiagnosticMessage();
if (additionalMsg != null) {
throw new PolicyException(errorMsg + ": " + additionalMsg);
} else {
throw new PolicyException(errorMsg);
}
}
} catch (Exception e) {
throw new PolicyException(e);
}
if (debug.messageEnabled()) {
debug.message("Organization.getValidValues(): return set= {}", validOrgDNs.toString());
}
return new ValidValues(status, validOrgDNs);
}
Also used :
SearchRequest(org.forgerock.opendj.ldap.requests.SearchRequest)
ValidValues(com.sun.identity.policy.ValidValues)
Connection(org.forgerock.opendj.ldap.Connection)
LdapException(org.forgerock.opendj.ldap.LdapException)
NameNotFoundException(com.sun.identity.policy.NameNotFoundException)
PolicyException(com.sun.identity.policy.PolicyException)
InvalidNameException(com.sun.identity.policy.InvalidNameException)
SSOException(com.iplanet.sso.SSOException)
ConnectionEntryReader(org.forgerock.opendj.ldif.ConnectionEntryReader)
PolicyException(com.sun.identity.policy.PolicyException)
LdapException(org.forgerock.opendj.ldap.LdapException)
ResultCode(org.forgerock.opendj.ldap.ResultCode)
HashSet(java.util.HashSet)
SearchResultEntry(org.forgerock.opendj.ldap.responses.SearchResultEntry)
Example 28 with PolicyException
use of com.sun.identity.policy.PolicyException in project OpenAM by OpenRock.
the class Organization method getUserDN.
/**
* Gets the DN for a user identified
* by the token. If the Directory server is locally installed to speed
* up the search, no directoty search is performed and the DN obtained
* from the token is returned. If the directory is remote
* a LDAP search is performed to get the user DN.
*/
private DN getUserDN(SSOToken token) throws SSOException, PolicyException {
DN userDN = null;
Set<String> qualifiedUserDNs = new HashSet<>();
String userLocalDN = token.getPrincipal().getName();
if (localDS && !PolicyUtils.principalNameEqualsUuid(token)) {
userDN = DN.valueOf(userLocalDN);
} else {
// try to figure out the user name from the local user DN
int beginIndex = userLocalDN.indexOf("=");
int endIndex = userLocalDN.indexOf(",");
if ((beginIndex <= 0) || (endIndex <= 0) || (beginIndex >= endIndex)) {
throw (new PolicyException(ResBundleUtils.rbName, "org_subject_invalid_local_user_dn", null, null));
}
String userName = userLocalDN.substring(beginIndex + 1, endIndex);
String searchFilter = null;
if ((userSearchFilter != null) && !(userSearchFilter.length() == 0)) {
searchFilter = "(&" + userSearchFilter + PolicyUtils.constructUserFilter(token, userRDNAttrName, userName, aliasEnabled) + ")";
} else {
searchFilter = PolicyUtils.constructUserFilter(token, userRDNAttrName, userName, aliasEnabled);
}
if (debug.messageEnabled()) {
debug.message("Organization.getUserDN(): search filter is: " + searchFilter);
}
String[] attrs = { userRDNAttrName };
// search the remote ldap and find out the user DN
try (Connection conn = connPool.getConnection()) {
SearchRequest request = LDAPRequests.newSearchRequest(baseDN, userSearchScope, searchFilter, attrs);
ConnectionEntryReader reader = conn.search(request);
while (reader.hasNext()) {
if (reader.isReference()) {
//ignore
reader.readReference();
} else {
SearchResultEntry entry = reader.readEntry();
if (entry != null) {
qualifiedUserDNs.add(entry.getName().toString());
}
}
}
} catch (LdapException le) {
String[] objs = { orgName };
ResultCode resultCode = le.getResult().getResultCode();
if (ResultCode.SIZE_LIMIT_EXCEEDED.equals(resultCode)) {
debug.warning("Organization.getUserDN(): exceeded the size limit");
throw new PolicyException(ResBundleUtils.rbName, "ldap_search_exceed_size_limit", objs, null);
} else if (ResultCode.TIME_LIMIT_EXCEEDED.equals(resultCode)) {
debug.warning("Organization.getUserDN(): exceeded the time limit");
throw new PolicyException(ResBundleUtils.rbName, "ldap_search_exceed_time_limit", objs, null);
} else {
if (ResultCode.INVALID_CREDENTIALS.equals(resultCode)) {
throw new PolicyException(ResBundleUtils.rbName, "ldap_invalid_password", null, null);
} else if (ResultCode.NO_SUCH_OBJECT.equals(resultCode)) {
objs = new String[] { baseDN };
throw new PolicyException(ResBundleUtils.rbName, "no_such_ldap_base_dn", objs, null);
}
String errorMsg = le.getMessage();
String additionalMsg = le.getResult().getDiagnosticMessage();
if (additionalMsg != null) {
throw new PolicyException(errorMsg + ": " + additionalMsg);
} else {
throw new PolicyException(errorMsg);
}
}
} catch (Exception e) {
throw new PolicyException(e);
}
if (qualifiedUserDNs.size() > 0) {
if (debug.messageEnabled()) {
debug.message("Organization.getUserDN(): qualified users=" + qualifiedUserDNs);
}
Iterator iter = qualifiedUserDNs.iterator();
// we only take the first qualified DN
userDN = DN.valueOf((String) iter.next());
}
}
return userDN;
}
Also used :
SearchRequest(org.forgerock.opendj.ldap.requests.SearchRequest)
Connection(org.forgerock.opendj.ldap.Connection)
DN(org.forgerock.opendj.ldap.DN)
LdapException(org.forgerock.opendj.ldap.LdapException)
NameNotFoundException(com.sun.identity.policy.NameNotFoundException)
PolicyException(com.sun.identity.policy.PolicyException)
InvalidNameException(com.sun.identity.policy.InvalidNameException)
SSOException(com.iplanet.sso.SSOException)
ConnectionEntryReader(org.forgerock.opendj.ldif.ConnectionEntryReader)
PolicyException(com.sun.identity.policy.PolicyException)
Iterator(java.util.Iterator)
LdapException(org.forgerock.opendj.ldap.LdapException)
ResultCode(org.forgerock.opendj.ldap.ResultCode)
HashSet(java.util.HashSet)
SearchResultEntry(org.forgerock.opendj.ldap.responses.SearchResultEntry)
Example 29 with PolicyException
use of com.sun.identity.policy.PolicyException in project OpenAM by OpenRock.
the class Organization method initialize.
/**
* Initialize the <code>Organization</code> object by using the
* configuration information passed by the Policy Framework.
* @param configParams the configuration information
* @exception PolicyException if an error occured during
* initialization of the instance
*/
public void initialize(Map configParams) throws PolicyException {
if (configParams == null) {
throw (new PolicyException(ResBundleUtils.rbName, "org_initialization_failed", null, null));
}
String configuredLdapServer = (String) configParams.get(PolicyConfig.LDAP_SERVER);
if (configuredLdapServer == null) {
debug.error("Organization.initialize(): failed to get LDAP " + "server name. If you enter more than one server name " + "in the policy config service's Primary LDAP Server " + "field, please make sure the ldap server name is preceded " + "with the local server name.");
throw (new PolicyException(ResBundleUtils.rbName, "invalid_ldap_server_host", null, null));
}
ldapServer = configuredLdapServer.toLowerCase();
localDS = PolicyUtils.isLocalDS(ldapServer);
aliasEnabled = Boolean.valueOf((String) configParams.get(PolicyConfig.USER_ALIAS_ENABLED)).booleanValue();
authid = (String) configParams.get(PolicyConfig.LDAP_BIND_DN);
authpw = (String) configParams.get(PolicyConfig.LDAP_BIND_PASSWORD);
if (authpw != null) {
authpw = PolicyUtils.decrypt(authpw);
}
baseDN = (String) configParams.get(PolicyConfig.LDAP_BASE_DN);
userSearchFilter = (String) configParams.get(PolicyConfig.LDAP_USERS_SEARCH_FILTER);
String scope = (String) configParams.get(PolicyConfig.LDAP_USERS_SEARCH_SCOPE);
if (scope.equalsIgnoreCase(LDAP_SCOPE_BASE)) {
userSearchScope = SearchScope.BASE_OBJECT;
} else if (scope.equalsIgnoreCase(LDAP_SCOPE_ONE)) {
userSearchScope = SearchScope.SINGLE_LEVEL;
} else {
userSearchScope = SearchScope.WHOLE_SUBTREE;
}
userRDNAttrName = (String) configParams.get(PolicyConfig.LDAP_USER_SEARCH_ATTRIBUTE);
orgSearchFilter = (String) configParams.get(PolicyConfig.LDAP_ORG_SEARCH_FILTER);
scope = (String) configParams.get(PolicyConfig.LDAP_ORG_SEARCH_SCOPE);
if (scope.equalsIgnoreCase(LDAP_SCOPE_BASE)) {
orgSearchScope = SearchScope.BASE_OBJECT;
} else if (scope.equalsIgnoreCase(LDAP_SCOPE_ONE)) {
orgSearchScope = SearchScope.SINGLE_LEVEL;
} else {
orgSearchScope = SearchScope.WHOLE_SUBTREE;
}
orgRDNAttrName = (String) configParams.get(PolicyConfig.LDAP_ORG_SEARCH_ATTRIBUTE);
try {
timeLimit = Integer.parseInt((String) configParams.get(PolicyConfig.LDAP_SEARCH_TIME_OUT));
maxResults = Integer.parseInt((String) configParams.get(PolicyConfig.LDAP_SEARCH_LIMIT));
minPoolSize = Integer.parseInt((String) configParams.get(PolicyConfig.LDAP_CONNECTION_POOL_MIN_SIZE));
maxPoolSize = Integer.parseInt((String) configParams.get(PolicyConfig.LDAP_CONNECTION_POOL_MAX_SIZE));
} catch (NumberFormatException nfe) {
throw (new PolicyException(nfe));
}
String ssl = (String) configParams.get(PolicyConfig.LDAP_SSL_ENABLED);
if (ssl.equalsIgnoreCase("true")) {
sslEnabled = true;
} else {
sslEnabled = false;
}
// get the organization name
Set orgNameSet = (Set) configParams.get(PolicyManager.ORGANIZATION_NAME);
if ((orgNameSet != null) && (!orgNameSet.isEmpty())) {
Iterator items = orgNameSet.iterator();
orgName = (String) items.next();
}
if (debug.messageEnabled()) {
debug.message("Organization.initialize(): getting params" + "\nldapServer: " + ldapServer + "\nauthid: " + authid + "\nbaseDN: " + baseDN + "\nuserSearchFilter: " + userSearchFilter + "\nuserRDNAttrName: " + userRDNAttrName + "\norgSearchFilter: " + orgSearchFilter + "\norgRDNAttrName: " + orgRDNAttrName + "\ntimeLimit: " + timeLimit + "\nmaxResults: " + maxResults + "\nminPoolSize: " + minPoolSize + "\nmaxPoolSize: " + maxPoolSize + "\nSSLEnabled: " + sslEnabled + "\nOrgName: " + orgName);
}
// initialize the connection pool for the ldap server
LDAPConnectionPools.initConnectionPool(ldapServer, authid, authpw, sslEnabled, minPoolSize, maxPoolSize);
connPool = LDAPConnectionPools.getConnectionPool(ldapServer);
initialized = true;
}
Also used :
HashSet(java.util.HashSet)
Set(java.util.Set)
PolicyException(com.sun.identity.policy.PolicyException)
Iterator(java.util.Iterator)
Example 30 with PolicyException
use of com.sun.identity.policy.PolicyException in project OpenAM by OpenRock.
the class LDAPRoles method getUserEntry.
/**
* Gets the <code>LDAPEntry</code> for a user identified
* by the token. The base DN used to perform the user search
* is the DN of the user if the user is local to speed
* up the search, but if user is not local then the base DN as
* configured in the policy config service is used.
*/
private SearchResultEntry getUserEntry(SSOToken token) throws SSOException, PolicyException {
Set<SearchResultEntry> qualifiedUsers = new HashSet<>();
String userLocalDN = token.getPrincipal().getName();
if (debug.messageEnabled()) {
debug.message("LDAPRoles.getUserEntry(): user local DN is " + userLocalDN);
}
String searchBaseDN = baseDN;
if (localDS && !PolicyUtils.principalNameEqualsUuid(token)) {
// if it is local, then we search the user entry only
searchBaseDN = DN.valueOf(userLocalDN).toString();
debug.message("LDAPRoles.getUserEntry(): search user {} only as it is local.", searchBaseDN);
}
// try to figure out the user name from the local user DN
int beginIndex = userLocalDN.indexOf("=");
int endIndex = userLocalDN.indexOf(",");
if ((beginIndex <= 0) || (endIndex <= 0) || (beginIndex >= endIndex)) {
throw (new PolicyException(ResBundleUtils.rbName, "ldaproles_subject_invalid_local_user_dn", null, null));
}
String userName = userLocalDN.substring(beginIndex + 1, endIndex);
String searchFilter = null;
if ((userSearchFilter != null) && !(userSearchFilter.length() == 0)) {
searchFilter = "(&" + userSearchFilter + PolicyUtils.constructUserFilter(token, userRDNAttrName, userName, aliasEnabled) + ")";
} else {
searchFilter = PolicyUtils.constructUserFilter(token, userRDNAttrName, userName, aliasEnabled);
}
if (debug.messageEnabled()) {
debug.message("LDAPRoles.getUserEntry(): search filter is: " + searchFilter);
}
// search the remote ldap and find out the user DN
String[] myAttrs = { LDAP_USER_ROLE_ATTR };
try (Connection conn = connPool.getConnection()) {
SearchRequest searchRequest = LDAPRequests.newSearchRequest(searchBaseDN, userSearchScope, searchFilter, myAttrs);
ConnectionEntryReader reader = conn.search(searchRequest);
while (reader.hasNext()) {
if (reader.isReference()) {
//Ignore
reader.readReference();
} else {
qualifiedUsers.add(reader.readEntry());
}
}
} catch (LdapException le) {
ResultCode resultCode = le.getResult().getResultCode();
if (ResultCode.SIZE_LIMIT_EXCEEDED.equals(resultCode)) {
String[] objs = { orgName };
debug.warning("LDAPRoles.isMember(): exceeded the size limit");
throw new PolicyException(ResBundleUtils.rbName, "ldap_search_exceed_size_limit", objs, null);
} else if (ResultCode.TIME_LIMIT_EXCEEDED.equals(resultCode)) {
String[] objs = { orgName };
debug.warning("LDAPRoles.isMember(): exceeded the time limit");
throw new PolicyException(ResBundleUtils.rbName, "ldap_search_exceed_time_limit", objs, null);
} else if (ResultCode.INVALID_CREDENTIALS.equals(resultCode)) {
throw new PolicyException(ResBundleUtils.rbName, "ldap_invalid_password", null, null);
} else if (ResultCode.NO_SUCH_OBJECT.equals(resultCode)) {
String[] objs = { baseDN };
throw new PolicyException(ResBundleUtils.rbName, "no_such_ldap_base_dn", objs, null);
}
String errorMsg = le.getMessage();
String additionalMsg = le.getResult().getDiagnosticMessage();
if (additionalMsg != null) {
throw new PolicyException(errorMsg + ": " + additionalMsg);
} else {
throw new PolicyException(errorMsg);
}
} catch (Exception e) {
throw new PolicyException(e);
}
if (qualifiedUsers.size() > 0) {
Iterator<SearchResultEntry> iter = qualifiedUsers.iterator();
// we only take the first qualified DN
return iter.next();
}
return null;
}
Also used :
SearchRequest(org.forgerock.opendj.ldap.requests.SearchRequest)
Connection(org.forgerock.opendj.ldap.Connection)
ByteString(org.forgerock.opendj.ldap.ByteString)
LdapException(org.forgerock.opendj.ldap.LdapException)
NameNotFoundException(com.sun.identity.policy.NameNotFoundException)
PolicyException(com.sun.identity.policy.PolicyException)
InvalidNameException(com.sun.identity.policy.InvalidNameException)
SSOException(com.iplanet.sso.SSOException)
ConnectionEntryReader(org.forgerock.opendj.ldif.ConnectionEntryReader)
PolicyException(com.sun.identity.policy.PolicyException)
LdapException(org.forgerock.opendj.ldap.LdapException)
ResultCode(org.forgerock.opendj.ldap.ResultCode)
HashSet(java.util.HashSet)
SearchResultEntry(org.forgerock.opendj.ldap.responses.SearchResultEntry)
Aggregations
PolicyException (com.sun.identity.policy.PolicyException)151
SSOException (com.iplanet.sso.SSOException)64
HashSet (java.util.HashSet)63
Set (java.util.Set)57
Iterator (java.util.Iterator)50
PolicyManager (com.sun.identity.policy.PolicyManager)35
NameNotFoundException (com.sun.identity.policy.NameNotFoundException)32
HashMap (java.util.HashMap)28
Map (java.util.Map)27
AMConsoleException (com.sun.identity.console.base.model.AMConsoleException)26
ByteString (org.forgerock.opendj.ldap.ByteString)16
EntitlementException (com.sun.identity.entitlement.EntitlementException)14
LdapException (org.forgerock.opendj.ldap.LdapException)13
ResultCode (org.forgerock.opendj.ldap.ResultCode)13
Connection (org.forgerock.opendj.ldap.Connection)12
SearchResultEntry (org.forgerock.opendj.ldap.responses.SearchResultEntry)12
InvalidNameException (com.sun.identity.policy.InvalidNameException)11
ValidValues (com.sun.identity.policy.ValidValues)11
IOException (java.io.IOException)11
ConnectionEntryReader (org.forgerock.opendj.ldif.ConnectionEntryReader)11
