Examples with AdminPasswordAction com.sun.identity.security.AdminPasswordAction used on opensource projects

Search in sources :

Example 1 with AdminPasswordAction

use of com.sun.identity.security.AdminPasswordAction in project OpenAM by OpenRock.

the class AdminInterfaceUtils method initialize.

/**
     * Initializes the default containers using SMS
     */
private static void initialize() {
    if (!initialized) {
        try {
            // Generate a SSOToken to initialize ServiceSchemaManager
            String adminDN = (String) AccessController.doPrivileged(new AdminDNAction());
            String adminPassword = (String) AccessController.doPrivileged(new AdminPasswordAction());
            SSOTokenManager mgr = SSOTokenManager.getInstance();
            ServiceConfigManager scm = new ServiceConfigManager(SERVICE_NAME, mgr.createSSOToken(new AuthPrincipal(adminDN), adminPassword));
            if (!addedListener) {
                addedListener = true;
                scm.addListener(new AdminInterfaceUtils());
            }
            ServiceConfig globalConfig = scm.getGlobalConfig(null);
            ServiceConfig templatesConfig = globalConfig.getSubConfig(TEMPLATES);
            ServiceConfig structTemplateSubConfig = templatesConfig.getSubConfig(STRUCTURE_TEMPLATES);
            ServiceConfig groupContConfig = structTemplateSubConfig.getSubConfig(GCCREATE_ATTR_NAME);
            ServiceConfig peopleContConfig = structTemplateSubConfig.getSubConfig(PCCREATE_ATTR_NAME);
            ServiceConfig orgAdminConfig = structTemplateSubConfig.getSubConfig(ORG_ADMIN_ATTR_NAME);
            ServiceConfig helpDeskAdminConfig = structTemplateSubConfig.getSubConfig(HELP_DESK_ADMIN_ATTR_NAME);
            ServiceConfig policyAdminConfig = structTemplateSubConfig.getSubConfig(POLICY_ADMIN_ATTR_NAME);
            defaultGCCreateDuringOrgConfig = getConfigAttributeValue(groupContConfig, defaultGCCreateDuringOrgConfig);
            defaultPCCreateDuringOrgConfig = getConfigAttributeValue(peopleContConfig, defaultPCCreateDuringOrgConfig);
            defaultORGADMIN = getConfigAttributeValue(orgAdminConfig, defaultORGADMIN);
            defaultHELP_DESK_ADMIN = getConfigAttributeValue(helpDeskAdminConfig, defaultHELP_DESK_ADMIN);
            defaultPOLICY_ADMIN = getConfigAttributeValue(policyAdminConfig, defaultPOLICY_ADMIN);
            ServiceSchemaManager sm = new ServiceSchemaManager(CONSOLE_SERVICE_NAME, mgr.createSSOToken(new AuthPrincipal(adminDN), adminPassword));
            if (!addedListener) {
                addedListener = true;
                sm.addListener(new AdminInterfaceUtils());
            }
            ServiceSchema schema = sm.getGlobalSchema();
            defaultAC = getAttributeValue(schema, AC_ATTR_NAME, defaultAC);
            defaultGC = getAttributeValue(schema, GC_ATTR_NAME, defaultGC);
            defaultPC = getAttributeValue(schema, PC_ATTR_NAME, defaultPC);
        } catch (Exception e) {
            // Use the default values, and write out debug warning msg
            debug.warning("AdminInterfaceUtils: Unable to get " + "default People, Groups, Org Admin Role, " + "Help Desk Admin Role, Policy Admin Role and " + "Agents containers from SM", e);
        }
        if (debug.messageEnabled()) {
            debug.message("AdminInterfaceUtils: Defaults container: " + defaultPC + ", " + defaultGC + ", " + defaultAC + ", " + defaultPCCreateDuringOrgConfig + ", " + defaultGCCreateDuringOrgConfig + ", " + defaultORGADMIN + ", " + defaultHELP_DESK_ADMIN + ", " + defaultPOLICY_ADMIN);
        }
        initialized = true;
    }
}
Also used : SSOTokenManager(com.iplanet.sso.SSOTokenManager) ServiceSchema(com.sun.identity.sm.ServiceSchema) AdminDNAction(com.sun.identity.security.AdminDNAction) AdminPasswordAction(com.sun.identity.security.AdminPasswordAction) ServiceConfig(com.sun.identity.sm.ServiceConfig) AuthPrincipal(com.sun.identity.authentication.internal.AuthPrincipal) ServiceConfigManager(com.sun.identity.sm.ServiceConfigManager) ServiceSchemaManager(com.sun.identity.sm.ServiceSchemaManager) SMSException(com.sun.identity.sm.SMSException) AMException(com.iplanet.am.sdk.AMException) SSOException(com.iplanet.sso.SSOException)

Example 2 with AdminPasswordAction

use of com.sun.identity.security.AdminPasswordAction in project OpenAM by OpenRock.

the class SpecialRepo method setAttributes.

/*
     * (non-Javadoc)
     *
     * @see com.sun.identity.idm.IdRepo#setAttributes(com.iplanet.sso.SSOToken,
     *      com.sun.identity.idm.IdType, java.lang.String, java.util.Map,
     *      boolean)
     */
public void setAttributes(SSOToken token, IdType type, String name, Map attributes, boolean isAdd) throws IdRepoException, SSOException {
    if (isSpecialUser(type, name)) {
        boolean isUrlAccessAgent = isUrlAccessAgent(type, name);
        String urlAccessAgentCryptPwd = null;
        if (!isAmAdminUser(token)) {
            Object[] args = { name };
            throw new IdRepoException(IdRepoBundle.BUNDLE_NAME, IdRepoErrorCode.PERMISSION_DENIED_SETTING_ATTRIBUTES, args);
        }
        try {
            ServiceConfig userConfig = getUserConfig();
            // For performance reason check if the user entry
            // is present before getting the subConfig
            CaseInsensitiveHashSet userSet = new CaseInsensitiveHashSet();
            userSet.addAll(userConfig.getSubConfigNames());
            if (userSet.contains(name)) {
                ServiceConfig usc1 = userConfig.getSubConfig(name);
                Map attrs = usc1.getAttributes();
                // can only set "userpassword" and "inetUserStatus"
                String newPassword = null;
                Set vals = (Set) attributes.get("userPassword");
                if ((vals != null) || (vals = (Set) attributes.get("userpassword")) != null) {
                    Set hashedVals = new HashSet();
                    Iterator it = vals.iterator();
                    while (it.hasNext()) {
                        String val = (String) it.next();
                        hashedVals.add(Hash.hash(val));
                        newPassword = val;
                        // urlAccessAgentCryptPwd will be null.
                        if (isUrlAccessAgent) {
                            urlAccessAgentCryptPwd = Crypt.encode(val);
                        }
                    }
                    attrs.put("userPassword", hashedVals);
                }
                if ((vals = (Set) attributes.get(statusAttribute)) != null || (vals = (Set) attributes.get(statusAttribute)) != null) {
                    attrs.put(statusAttribute, vals);
                }
                if ((vals = (Set) attributes.get(cnAttribute)) != null || (vals = (Set) attributes.get(cnAttribute)) != null) {
                    attrs.put(cnAttribute, vals);
                }
                if ((vals = (Set) attributes.get(snAttribute)) != null || (vals = (Set) attributes.get(snAttribute)) != null) {
                    attrs.put(snAttribute, vals);
                }
                if ((vals = (Set) attributes.get(gnAttribute)) != null || (vals = (Set) attributes.get(gnAttribute)) != null) {
                    attrs.put(gnAttribute, vals);
                }
                if ((vals = (Set) attributes.get(empNumAttribute)) != null || (vals = (Set) attributes.get(empNumAttribute)) != null) {
                    attrs.put(empNumAttribute, vals);
                }
                if ((vals = (Set) attributes.get(aliasAttribute)) != null || (vals = (Set) attributes.get(aliasAttribute)) != null) {
                    attrs.put(aliasAttribute, vals);
                }
                if ((vals = (Set) attributes.get(successAttribute)) != null || (vals = (Set) attributes.get(successAttribute)) != null) {
                    attrs.put(successAttribute, vals);
                }
                if ((vals = (Set) attributes.get(failureAttribute)) != null || (vals = (Set) attributes.get(failureAttribute)) != null) {
                    attrs.put(failureAttribute, vals);
                }
                if ((vals = (Set) attributes.get(mailAttribute)) != null || (vals = (Set) attributes.get(mailAttribute)) != null) {
                    attrs.put(mailAttribute, vals);
                }
                if ((vals = (Set) attributes.get(addrAttribute)) != null || (vals = (Set) attributes.get(addrAttribute)) != null) {
                    attrs.put(addrAttribute, vals);
                }
                if ((vals = (Set) attributes.get(msisdnAttribute)) != null || (vals = (Set) attributes.get(msisdnAttribute)) != null) {
                    attrs.put(msisdnAttribute, vals);
                }
                if ((vals = (Set) attributes.get(phoneAttribute)) != null || (vals = (Set) attributes.get(phoneAttribute)) != null) {
                    attrs.put(phoneAttribute, vals);
                }
                usc1.setAttributes(attrs);
                // update serverconfig.xml and directory
                if (name.equalsIgnoreCase("dsameuser")) {
                    String op = (String) AccessController.doPrivileged(new AdminPasswordAction());
                    try {
                        ServerConfigMgr sscm = new ServerConfigMgr();
                        sscm.setAdminUserPassword(op, newPassword);
                        sscm.save();
                    } catch (Exception e) {
                        debug.error("SpecialRepo: error in " + "changing password", e);
                    }
                }
                updateServiceConfiguration(urlAccessAgentCryptPwd);
            } else {
                Object[] args = { name };
                throw new IdRepoException(IdRepoBundle.BUNDLE_NAME, IdRepoErrorCode.NOT_VALID_ENTRY, args);
            }
        } catch (SMSException smse) {
            debug.error("SpecialRepo: Unable to set user attributes ", smse);
            Object[] args = { NAME, type.getName(), name };
            throw new IdRepoException(IdRepoBundle.BUNDLE_NAME, IdRepoErrorCode.ERROR_SETTING_ATTRIBUTES, args);
        }
    } else {
        Object[] args = { NAME, IdOperation.EDIT.getName() };
        throw new IdRepoUnsupportedOpException(IdRepoBundle.BUNDLE_NAME, IdRepoErrorCode.PLUGIN_OPERATION_NOT_SUPPORTED, args);
    }
}
Also used : Set(java.util.Set) CaseInsensitiveHashSet(com.sun.identity.common.CaseInsensitiveHashSet) HashSet(java.util.HashSet) AdminPasswordAction(com.sun.identity.security.AdminPasswordAction) SMSException(com.sun.identity.sm.SMSException) IdRepoException(com.sun.identity.idm.IdRepoException) LoginException(javax.security.auth.login.LoginException) UnknownPropertyNameException(com.sun.identity.common.configuration.UnknownPropertyNameException) IdRepoUnsupportedOpException(com.sun.identity.idm.IdRepoUnsupportedOpException) IdRepoFatalException(com.sun.identity.idm.IdRepoFatalException) AuthLoginException(com.sun.identity.authentication.spi.AuthLoginException) SSOException(com.iplanet.sso.SSOException) IdRepoException(com.sun.identity.idm.IdRepoException) SMSException(com.sun.identity.sm.SMSException) IOException(java.io.IOException) ConfigurationException(com.sun.identity.common.configuration.ConfigurationException) CaseInsensitiveHashSet(com.sun.identity.common.CaseInsensitiveHashSet) IdRepoUnsupportedOpException(com.sun.identity.idm.IdRepoUnsupportedOpException) ServiceConfig(com.sun.identity.sm.ServiceConfig) Iterator(java.util.Iterator) Map(java.util.Map) HashMap(java.util.HashMap) CaseInsensitiveHashMap(com.sun.identity.common.CaseInsensitiveHashMap) CaseInsensitiveHashSet(com.sun.identity.common.CaseInsensitiveHashSet) HashSet(java.util.HashSet) ServerConfigMgr(com.iplanet.services.ldap.ServerConfigMgr)

Aggregations

SSOException (com.iplanet.sso.SSOException)2 AdminPasswordAction (com.sun.identity.security.AdminPasswordAction)2 SMSException (com.sun.identity.sm.SMSException)2 ServiceConfig (com.sun.identity.sm.ServiceConfig)2 AMException (com.iplanet.am.sdk.AMException)1 ServerConfigMgr (com.iplanet.services.ldap.ServerConfigMgr)1 SSOTokenManager (com.iplanet.sso.SSOTokenManager)1 AuthPrincipal (com.sun.identity.authentication.internal.AuthPrincipal)1 AuthLoginException (com.sun.identity.authentication.spi.AuthLoginException)1 CaseInsensitiveHashMap (com.sun.identity.common.CaseInsensitiveHashMap)1 CaseInsensitiveHashSet (com.sun.identity.common.CaseInsensitiveHashSet)1 ConfigurationException (com.sun.identity.common.configuration.ConfigurationException)1 UnknownPropertyNameException (com.sun.identity.common.configuration.UnknownPropertyNameException)1 IdRepoException (com.sun.identity.idm.IdRepoException)1 IdRepoFatalException (com.sun.identity.idm.IdRepoFatalException)1 IdRepoUnsupportedOpException (com.sun.identity.idm.IdRepoUnsupportedOpException)1 AdminDNAction (com.sun.identity.security.AdminDNAction)1 ServiceConfigManager (com.sun.identity.sm.ServiceConfigManager)1 ServiceSchema (com.sun.identity.sm.ServiceSchema)1 ServiceSchemaManager (com.sun.identity.sm.ServiceSchemaManager)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial