Search in sources :

Example 11 with ValidValues

use of com.sun.identity.policy.ValidValues in project OpenAM by OpenRock.

the class SubjectOpViewBeanBase method getValidValues.

protected Set getValidValues() {
    Set values = null;
    String filter = (String) propertySheetModel.getValue(FILTER);
    String realmName = (String) getPageSessionAttribute(AMAdminConstants.CURRENT_REALM);
    String subjectType = (String) propertySheetModel.getValue(SUBJECT_TYPE);
    PolicyModel model = (PolicyModel) getModel();
    try {
        ValidValues validValues = model.getSubjectPossibleValues(realmName, subjectType, filter);
        if (validValues != null) {
            int errCode = validValues.getErrorCode();
            if (errCode == ValidValues.SIZE_LIMIT_EXCEEDED) {
                setInlineAlertMessage(CCAlert.TYPE_ERROR, "message.error", "policy.subject.sizelimit.exceeded.message");
            } else if (errCode == ValidValues.SIZE_LIMIT_EXCEEDED) {
                setInlineAlertMessage(CCAlert.TYPE_ERROR, "message.error", "policy.subject.timelimit.exceeded.message");
            }
            values = validValues.getSearchResults();
        }
    } catch (AMConsoleException e) {
        setInlineAlertMessage(CCAlert.TYPE_ERROR, "message.error", e.getMessage());
    }
    return values;
}
Also used : Set(java.util.Set) ValidValues(com.sun.identity.policy.ValidValues) PolicyModel(com.sun.identity.console.policy.model.PolicyModel) AMConsoleException(com.sun.identity.console.base.model.AMConsoleException)

Example 12 with ValidValues

use of com.sun.identity.policy.ValidValues in project OpenAM by OpenRock.

the class LDAPRoles method getValidValues.

/**
     * Returns a list of possible values for the <code>LDAPRoles
     * </code> that satisfy the given <code>pattern</code>.
     *
     * @param token the <code>SSOToken</code> that will be used
     * to determine the possible values
     * @param pattern search pattern that will be used to narrow
     * the list of valid names.
     *
     * @return <code>ValidValues</code> object
     *
     * @exception SSOException if <code>SSOToken></code> is not valid
     * @exception PolicyException if unable to get the list of valid
     * names.
     */
public ValidValues getValidValues(SSOToken token, String pattern) throws SSOException, PolicyException {
    if (!initialized) {
        throw (new PolicyException(ResBundleUtils.rbName, "ldaproles_subject_not_yet_initialized", null, null));
    }
    String searchFilter = null;
    if ((pattern != null) && !(pattern.trim().length() == 0)) {
        searchFilter = "(&" + roleSearchFilter + "(" + roleRDNAttrName + "=" + pattern + "))";
    } else {
        searchFilter = roleSearchFilter;
    }
    if (debug.messageEnabled()) {
        debug.message("LDAPRoles.getValidValues(): role search filter is: " + searchFilter);
    }
    String[] attrs = { roleRDNAttrName };
    Set<String> validRoleDNs = new HashSet<>();
    int status = ValidValues.SUCCESS;
    try (Connection conn = connPool.getConnection()) {
        SearchRequest searchRequest = LDAPRequests.newSearchRequest(baseDN, roleSearchScope, searchFilter, attrs);
        ConnectionEntryReader reader = conn.search(searchRequest);
        while (reader.hasNext()) {
            if (reader.isReference()) {
                //Ignore
                reader.readReference();
            } else {
                SearchResultEntry entry = reader.readEntry();
                if (entry != null) {
                    validRoleDNs.add(entry.getName().toString());
                    debug.message("LDAPRoles.getValidValues(): found role name={}", entry.getName().toString());
                }
            }
        }
    } catch (LdapException le) {
        ResultCode resultCode = le.getResult().getResultCode();
        if (ResultCode.SIZE_LIMIT_EXCEEDED.equals(resultCode)) {
            debug.warning("LDAPRoles.getValidValues(): exceeded the size limit");
            return new ValidValues(ValidValues.SIZE_LIMIT_EXCEEDED, validRoleDNs);
        } else if (ResultCode.TIME_LIMIT_EXCEEDED.equals(resultCode)) {
            debug.warning("LDAPRoles.getValidValues(): exceeded the time limit");
            return new ValidValues(ValidValues.TIME_LIMIT_EXCEEDED, validRoleDNs);
        } else if (ResultCode.INVALID_CREDENTIALS.equals(resultCode)) {
            throw new PolicyException(ResBundleUtils.rbName, "ldap_invalid_password", null, null);
        } else if (ResultCode.NO_SUCH_OBJECT.equals(resultCode)) {
            String[] objs = { baseDN };
            throw new PolicyException(ResBundleUtils.rbName, "no_such_ldap_base_dn", objs, null);
        }
        String errorMsg = le.getMessage();
        String additionalMsg = le.getResult().getDiagnosticMessage();
        if (additionalMsg != null) {
            throw new PolicyException(errorMsg + ": " + additionalMsg);
        } else {
            throw new PolicyException(errorMsg);
        }
    } catch (Exception e) {
        throw new PolicyException(e);
    }
    return new ValidValues(status, validRoleDNs);
}
Also used : SearchRequest(org.forgerock.opendj.ldap.requests.SearchRequest) ValidValues(com.sun.identity.policy.ValidValues) Connection(org.forgerock.opendj.ldap.Connection) ByteString(org.forgerock.opendj.ldap.ByteString) LdapException(org.forgerock.opendj.ldap.LdapException) NameNotFoundException(com.sun.identity.policy.NameNotFoundException) PolicyException(com.sun.identity.policy.PolicyException) InvalidNameException(com.sun.identity.policy.InvalidNameException) SSOException(com.iplanet.sso.SSOException) ConnectionEntryReader(org.forgerock.opendj.ldif.ConnectionEntryReader) PolicyException(com.sun.identity.policy.PolicyException) LdapException(org.forgerock.opendj.ldap.LdapException) ResultCode(org.forgerock.opendj.ldap.ResultCode) HashSet(java.util.HashSet) SearchResultEntry(org.forgerock.opendj.ldap.responses.SearchResultEntry)

Example 13 with ValidValues

use of com.sun.identity.policy.ValidValues in project OpenAM by OpenRock.

the class LDAPUsers method getValidValues.

/**
     * Returns a list of possible values for the <code>LDAPUsers
     * </code> that satisfy the given <code>pattern</code>.
     *
     * @param token the <code>SSOToken</code> that will be used
     * to determine the possible values
     * @param pattern search pattern that will be used to narrow
     * the list of valid names.
     *
     * @return <code>ValidValues</code> object
     *
     * @exception SSOException if <code>SSOToken</code> is not valid
     * @exception PolicyException if unable to get the list of valid
     * names.
     */
public ValidValues getValidValues(SSOToken token, String pattern) throws SSOException, PolicyException {
    if (!initialized) {
        throw (new PolicyException(ResBundleUtils.rbName, "ldapusers_subject_not_yet_initialized", null, null));
    }
    String searchFilter = getSearchFilter(pattern);
    Set<String> validUserDNs = new HashSet<>();
    int status = ValidValues.SUCCESS;
    try (Connection ld = connPool.getConnection()) {
        ConnectionEntryReader res = search(searchFilter, ld, userRDNAttrName);
        while (res.hasNext()) {
            try {
                if (res.isEntry()) {
                    SearchResultEntry entry = res.readEntry();
                    String name = entry.getName().toString();
                    validUserDNs.add(name);
                    debug.message("LDAPUsers.getValidValues(): found user name={}", name);
                } else {
                    // ignore referrals
                    debug.message("LDAPUsers.getValidValues(): Ignoring reference: {}", res.readReference());
                }
            } catch (LdapException e) {
                ResultCode resultCode = e.getResult().getResultCode();
                if (resultCode.equals(ResultCode.SIZE_LIMIT_EXCEEDED)) {
                    debug.warning("LDAPUsers.getValidValues(): exceeded the size limit");
                    status = ValidValues.SIZE_LIMIT_EXCEEDED;
                } else if (resultCode.equals(ResultCode.TIME_LIMIT_EXCEEDED)) {
                    debug.warning("LDAPUsers.getValidValues(): exceeded the time limit");
                    status = ValidValues.TIME_LIMIT_EXCEEDED;
                } else {
                    throw new PolicyException(e);
                }
            } catch (SearchResultReferenceIOException e) {
            // ignore referrals
            }
        }
    } catch (LdapException e) {
        throw handleResultException(e);
    }
    return new ValidValues(status, validUserDNs);
}
Also used : ConnectionEntryReader(org.forgerock.opendj.ldif.ConnectionEntryReader) PolicyException(com.sun.identity.policy.PolicyException) ValidValues(com.sun.identity.policy.ValidValues) Connection(org.forgerock.opendj.ldap.Connection) ByteString(org.forgerock.opendj.ldap.ByteString) SearchResultReferenceIOException(org.forgerock.opendj.ldap.SearchResultReferenceIOException) LdapException(org.forgerock.opendj.ldap.LdapException) ResultCode(org.forgerock.opendj.ldap.ResultCode) HashSet(java.util.HashSet) SearchResultEntry(org.forgerock.opendj.ldap.responses.SearchResultEntry)

Aggregations

ValidValues (com.sun.identity.policy.ValidValues)13 PolicyException (com.sun.identity.policy.PolicyException)11 HashSet (java.util.HashSet)8 SSOException (com.iplanet.sso.SSOException)6 NameNotFoundException (com.sun.identity.policy.NameNotFoundException)6 LdapException (org.forgerock.opendj.ldap.LdapException)6 ResultCode (org.forgerock.opendj.ldap.ResultCode)6 Connection (org.forgerock.opendj.ldap.Connection)5 SearchResultEntry (org.forgerock.opendj.ldap.responses.SearchResultEntry)5 ConnectionEntryReader (org.forgerock.opendj.ldif.ConnectionEntryReader)5 InvalidNameException (com.sun.identity.policy.InvalidNameException)4 Set (java.util.Set)4 ByteString (org.forgerock.opendj.ldap.ByteString)4 AMConsoleException (com.sun.identity.console.base.model.AMConsoleException)3 SearchRequest (org.forgerock.opendj.ldap.requests.SearchRequest)3 PolicyModel (com.sun.identity.console.policy.model.PolicyModel)2 PolicyManager (com.sun.identity.policy.PolicyManager)2 OrganizationConfigManager (com.sun.identity.sm.OrganizationConfigManager)2 SMSException (com.sun.identity.sm.SMSException)2 Iterator (java.util.Iterator)2