Example 36 with PolicyException
use of com.sun.identity.policy.PolicyException in project OpenAM by OpenRock.
the class LDAPConnectionPools method initConnectionPool.
/**
* Create a Ldap Connection Pool for a ldap server
* @param host the name of the LDAP server host and its port number.
* For example, dsame.sun.com:389
* Alternatively, this can be a space-delimited list of
* host names.
* @param ssl if the connection is in ssl
* @param minPoolSize minimal pool size
* @param maxPoolSize maximum pool size
*/
static void initConnectionPool(String host, String authDN, String authPasswd, boolean ssl, int minPoolSize, int maxPoolSize, Options options) throws PolicyException {
if (host.length() < 1) {
debug.message("Invalid host name");
throw new PolicyException(ResBundleUtils.rbName, "invalid_ldap_server_host", null, null);
}
try {
synchronized (connectionPools) {
if (connectionPools.get(host) == null) {
if (debug.messageEnabled()) {
debug.message("Create LDAPConnectionPool: " + host);
}
if (ssl) {
options.set(LDAPConnectionFactory.SSL_CONTEXT, new SSLContextBuilder().getSSLContext());
}
ConnectionFactory ldc = LDAPUtils.createFailoverConnectionFactory(host, DEFAULT_PORT, authDN, authPasswd, options);
if (minPoolSize < 1) {
minPoolSize = MIN_CONNECTION_POOL_SIZE;
}
if (maxPoolSize < 1) {
maxPoolSize = MAX_CONNECTION_POOL_SIZE;
}
debug.message("LDAPConnectionPools.initConnectionPool(): minPoolSize={}, maxPoolSize={}", minPoolSize, maxPoolSize);
ShutdownManager shutdownMan = com.sun.identity.common.ShutdownManager.getInstance();
int idleTimeout = SystemProperties.getAsInt(Constants.LDAP_CONN_IDLE_TIME_IN_SECS, 0);
if (idleTimeout == 0) {
debug.error("LDAPConnectionPools: Idle timeout could not be parsed, connection reaping is disabled");
}
final ConnectionFactory cPool = Connections.newCachedConnectionPool(ldc, minPoolSize, maxPoolSize, idleTimeout, TimeUnit.SECONDS);
debug.message("LDAPConnectionPools.initConnectionPool(): host: {}", host);
shutdownMan.addShutdownListener(new ShutdownListener() {
public void shutdown() {
cPool.close();
}
});
connectionPools.put(host, cPool);
}
}
} catch (Exception e) {
debug.message("Unable to create LDAPConnectionPool", e);
throw new PolicyException(e.getMessage(), e);
}
}
Also used :
ShutdownListener(org.forgerock.util.thread.listener.ShutdownListener)
ConnectionFactory(org.forgerock.opendj.ldap.ConnectionFactory)
LDAPConnectionFactory(org.forgerock.opendj.ldap.LDAPConnectionFactory)
PolicyException(com.sun.identity.policy.PolicyException)
ShutdownManager(org.forgerock.util.thread.listener.ShutdownManager)
SSLContextBuilder(org.forgerock.opendj.ldap.SSLContextBuilder)
PolicyException(com.sun.identity.policy.PolicyException)
Example 37 with PolicyException
use of com.sun.identity.policy.PolicyException in project OpenAM by OpenRock.
the class LDAPFilterCondition method validateProperties.
/**
* Validates the <code>properties</code> set using the
* setProperties public method. Checks for null,
* presence of expected LDAP_FILTER property and no
* other invalid property.
* @see #LDAP_FILTER
*/
private boolean validateProperties(Map properties) throws PolicyException {
if ((properties == null) || (properties.keySet() == null)) {
throw new PolicyException(ResBundleUtils.rbName, "properties_can_not_be_null_or_empty", null, null);
}
Set keySet = properties.keySet();
//Check if the required key(s) are defined
if (!keySet.contains(LDAP_FILTER)) {
String[] args = { LDAP_FILTER };
throw new PolicyException(ResBundleUtils.rbName, "property_value_not_defined", args, null);
}
//Check if all the keys are valid
Iterator keys = keySet.iterator();
while (keys.hasNext()) {
String key = (String) keys.next();
if (!LDAP_FILTER.equals(key)) {
String[] args = { key };
throw new PolicyException(ResBundleUtils.rbName, "attempt_to_set_invalid_property", args, null);
}
}
//validate LDAP_FILTER
Collection ldapFilterCollection = (Collection) properties.get(LDAP_FILTER);
if (ldapFilterCollection != null) {
validateLdapFilterCollection(ldapFilterCollection);
}
return true;
}
Also used :
HashSet(java.util.HashSet)
Set(java.util.Set)
PolicyException(com.sun.identity.policy.PolicyException)
Iterator(java.util.Iterator)
Collection(java.util.Collection)
Example 38 with PolicyException
use of com.sun.identity.policy.PolicyException in project OpenAM by OpenRock.
the class LDAPFilterCondition method isMember.
/**
* Determines if the user statisfies the <code>ldapConditionFilter</code>
* defined for this condition.
*
* @param token Single Sign On token of the user
*
* @return <code>true</code> if the user satisfies the <code>
* ldapConditionFilter</code>
*
* @throws SSOException if Single Sign On token is not valid
* @throws PolicyException if an error occurred
*/
private boolean isMember(SSOToken token) throws SSOException, PolicyException {
boolean member = false;
boolean listenerAdded = false;
String userLocalDN = token.getPrincipal().getName();
String tokenID = token.getTokenID().toString();
if (debug.messageEnabled()) {
debug.message("LDAPFilterCondition.isMember(): userLocalDN from ssoToken is: " + userLocalDN);
}
Boolean matchFound = null;
if ((matchFound = SubjectEvaluationCache.isMember(tokenID, ldapServer, ldapConditionFilter)) != null) {
if (debug.messageEnabled()) {
debug.message("LDAPFilterCondition.isMember():" + "Got membership " + "from cache userLocalDN: " + userLocalDN + ", ldapConditionFilter: " + ldapConditionFilter + " , member:" + matchFound.booleanValue());
}
boolean result = matchFound.booleanValue();
if (result) {
return result;
}
}
// got here so entry not in subject evaluation cache
if (debug.messageEnabled()) {
debug.message("LDAPFilterCondition:isMember():" + " ldapConditionFilter:" + ldapConditionFilter + " not in subject evaluation cache, " + " fetching from directory server.");
}
// construct searchFilter for user
int beginIndex = userLocalDN.indexOf("=");
int endIndex = userLocalDN.indexOf(",");
if ((beginIndex <= 0) || (endIndex <= 0) || (beginIndex >= endIndex)) {
throw (new PolicyException(ResBundleUtils.rbName, "ldapusers_subject_invalid_local_user_dn", null, null));
}
String userName = userLocalDN.substring(beginIndex + 1, endIndex);
String userMappingFilter = PolicyUtils.constructUserFilter(token, userRDNAttrName, userName, aliasEnabled);
boolean multipleFilters = false;
String searchFilter = null;
if ((userSearchFilter != null) && !(userSearchFilter.equals(""))) {
searchFilter = trimAndParenthesise(userSearchFilter) + trimAndParenthesise(userMappingFilter);
multipleFilters = true;
}
if (debug.messageEnabled()) {
debug.message("LDAPFilterCondition.isMember(): " + " user search filter is: " + userSearchFilter);
debug.message("LDAPFilterCondition.isMember(): " + " user mapping filter is: " + userMappingFilter);
debug.message("LDAPFilterCondition.isMember(): " + " condition ldapConditionFilter is: " + ldapConditionFilter);
}
//combine condition ldapConditionFilter and user search filter
if ((ldapConditionFilter != null) && (ldapConditionFilter.length() != 0)) {
multipleFilters = true;
searchFilter = searchFilter + trimAndParenthesise(ldapConditionFilter);
}
if (multipleFilters) {
searchFilter = trimAndParenthesise(AMPERSAND + searchFilter);
}
if (debug.messageEnabled()) {
debug.message("LDAPFilterCondition.isMember(): " + " combined filter : " + searchFilter);
}
member = searchFilterSatisfied(searchFilter);
if (debug.messageEnabled()) {
debug.message("LDAPFilterCondition:isMember():" + " caching result, searchFilter:" + searchFilter + ", member:" + member);
}
SubjectEvaluationCache.addEntry(tokenID, ldapServer, ldapConditionFilter, member);
if (!listenerAdded) {
if (!PolicyEvaluator.ssoListenerRegistry.containsKey(tokenID)) {
token.addSSOTokenListener(PolicyEvaluator.ssoListener);
PolicyEvaluator.ssoListenerRegistry.put(tokenID, PolicyEvaluator.ssoListener);
if (debug.messageEnabled()) {
debug.message("LDAPFilterCondition.isMember():" + " sso listener added .\n");
}
listenerAdded = true;
}
}
if (debug.messageEnabled()) {
debug.message("LDAPFilterCondition.isMember():" + "member=" + member);
}
return member;
}
Also used :
PolicyException(com.sun.identity.policy.PolicyException)
Example 39 with PolicyException
use of com.sun.identity.policy.PolicyException in project OpenAM by OpenRock.
the class LDAPFilterCondition method resetPolicyConfig.
/**
* This condition resets its policy configuration information, periodically.
* The time period is based on the SUBJECTS_RESULT_TTL defined in the policy config service.
* @see com.sun.identity.policy.PolicyConfig#SUBJECTS_RESULT_TTL
*/
private void resetPolicyConfig(Map env) throws PolicyException, SSOException {
if (System.currentTimeMillis() > policyConfigExpiresAt) {
String realmDn = CollectionHelper.getMapAttr(env, PolicyEvaluator.REALM_DN);
if (realmDn == null) {
debug.error("LDAPFilterCondition.resetPolicyConfig(): realmDn is null");
throw new PolicyException(ResBundleUtils.rbName, "ldapfiltercondition_resetpolicyconfig_null_realm_dn", null, null);
}
Map policyConfigParams = PolicyConfig.getPolicyConfig(realmDn);
setPolicyConfig(policyConfigParams, realmDn);
}
}
Also used :
PolicyException(com.sun.identity.policy.PolicyException)
HashMap(java.util.HashMap)
Map(java.util.Map)
Example 40 with PolicyException
use of com.sun.identity.policy.PolicyException in project OpenAM by OpenRock.
the class ResourceEnvIPCondition method getMaxRequestAuthLevel.
/**
* Returns the maximum auth level specified for the REQUEST_AUTH_LEVEL
* property in the environment Map.
* @see #REQUEST_AUTH_LEVEL
*/
private int getMaxRequestAuthLevel(Map env, String authRealm, String authLevel) throws PolicyException {
int maxAuthLevel = Integer.MIN_VALUE;
int currentAuthLevel = Integer.MIN_VALUE;
if (DEBUG.messageEnabled()) {
DEBUG.message("ResourceEnvIPCondition.getMaxRequestAuthLevel(" + "envMap,authRealm,authLevel): entering: envMap= " + env + ", authRealm= " + authRealm + ", conditionAuthLevel= " + authLevel);
}
Object envAuthLevelObject = env.get(REQUEST_AUTH_LEVEL);
if (envAuthLevelObject != null) {
if (envAuthLevelObject instanceof Integer) {
if ((authRealm == null) || (authRealm.length() == 0)) {
maxAuthLevel = ((Integer) envAuthLevelObject).intValue();
if (DEBUG.messageEnabled()) {
DEBUG.message("ResourceEnvIPCondition." + "getMaxRequestAuthLevel():Integer level in env= " + maxAuthLevel);
}
}
} else if (envAuthLevelObject instanceof Set) {
Set envAuthLevelSet = (Set) envAuthLevelObject;
if (!envAuthLevelSet.isEmpty()) {
Iterator iter = envAuthLevelSet.iterator();
while (iter.hasNext()) {
Object envAuthLevelElement = iter.next();
if (!(envAuthLevelElement instanceof String)) {
if (DEBUG.warningEnabled()) {
DEBUG.warning("ResourceEnvIPCondition." + "getMaxRequestAuthLevel():" + "requestAuthLevel Set element" + " not String");
}
throw new PolicyException(ResBundleUtils.rbName, "request_authlevel_in_env_set_element_not_string", null, null);
} else {
String qualifiedLevel = (String) envAuthLevelElement;
currentAuthLevel = getAuthLevel(qualifiedLevel);
if ((authRealm == null) || authRealm.length() == 0) {
if (currentAuthLevel > maxAuthLevel) {
maxAuthLevel = currentAuthLevel;
}
} else {
String realmString = AMAuthUtils.getRealmFromRealmQualifiedData(qualifiedLevel);
if (authRealm.equals(realmString) && (currentAuthLevel > maxAuthLevel)) {
maxAuthLevel = currentAuthLevel;
}
}
}
}
}
} else {
if (DEBUG.warningEnabled()) {
DEBUG.warning("ResourceEnvIPCondition.getMaxRequestAuthLevel():" + "requestAuthLevel in env neither" + " Integer nor Set");
}
throw new PolicyException(ResBundleUtils.rbName, "request_authlevel_in_env_not_Integer_or_set", null, null);
}
}
if (DEBUG.messageEnabled()) {
DEBUG.message("ResourceEnvIPCondition.getMaxRequestAuthLevel(" + "): returning: maxAuthLevel=" + maxAuthLevel);
}
return maxAuthLevel;
}
Also used :
HashSet(java.util.HashSet)
Set(java.util.Set)
PolicyException(com.sun.identity.policy.PolicyException)
Iterator(java.util.Iterator)
Aggregations
PolicyException (com.sun.identity.policy.PolicyException)151
SSOException (com.iplanet.sso.SSOException)64
HashSet (java.util.HashSet)63
Set (java.util.Set)57
Iterator (java.util.Iterator)50
PolicyManager (com.sun.identity.policy.PolicyManager)35
NameNotFoundException (com.sun.identity.policy.NameNotFoundException)32
HashMap (java.util.HashMap)28
Map (java.util.Map)27
AMConsoleException (com.sun.identity.console.base.model.AMConsoleException)26
ByteString (org.forgerock.opendj.ldap.ByteString)16
EntitlementException (com.sun.identity.entitlement.EntitlementException)14
LdapException (org.forgerock.opendj.ldap.LdapException)13
ResultCode (org.forgerock.opendj.ldap.ResultCode)13
Connection (org.forgerock.opendj.ldap.Connection)12
SearchResultEntry (org.forgerock.opendj.ldap.responses.SearchResultEntry)12
InvalidNameException (com.sun.identity.policy.InvalidNameException)11
ValidValues (com.sun.identity.policy.ValidValues)11
IOException (java.io.IOException)11
ConnectionEntryReader (org.forgerock.opendj.ldif.ConnectionEntryReader)11
