Example 56 with OrganizationConfigManager
use of com.sun.identity.sm.OrganizationConfigManager in project OpenAM by OpenRock.
the class AuthD method getOrgConfigManager.
/**
* Returns the Organization Configuration Manager for an organization.
*
* @param orgDN Name of the organization.
* @return Organization Configuration Manager for an organization.
*/
public OrganizationConfigManager getOrgConfigManager(String orgDN) {
OrganizationConfigManager orgConfigMgr = null;
try {
orgConfigMgr = orgMap.get(orgDN);
if (orgConfigMgr == null) {
orgConfigMgr = new OrganizationConfigManager(ssoAuthSession, orgDN);
OrganizationConfigManager winner = orgMap.putIfAbsent(orgDN, orgConfigMgr);
if (winner != null) {
// We lost the race
orgConfigMgr = winner;
}
}
} catch (Exception id) {
if (debug.messageEnabled()) {
debug.message("Error getAMIdentityRepository", id);
}
}
return orgConfigMgr;
}
Also used :
OrganizationConfigManager(com.sun.identity.sm.OrganizationConfigManager)
SSOException(com.iplanet.sso.SSOException)
IdRepoException(com.sun.identity.idm.IdRepoException)
SMSException(com.sun.identity.sm.SMSException)
IOException(java.io.IOException)
SessionException(com.iplanet.dpro.session.SessionException)
Example 57 with OrganizationConfigManager
use of com.sun.identity.sm.OrganizationConfigManager in project OpenAM by OpenRock.
the class ListXACML method getPolicies.
/**
* Uses the Realm and Search Filters to identify all Privileges in the Entitlement
* framework to export.
*
* @throws CLIException If there was an unexpected error.
*/
private void getPolicies() throws CLIException {
FileOutputStream fout = null;
PrintWriter pwout = null;
if (outfile != null) {
try {
fout = new FileOutputStream(outfile, true);
pwout = new PrintWriter(fout, true);
} catch (FileNotFoundException e) {
debugError("ListXACML.handleXACMLPolicyRequest", e);
try {
if (fout != null) {
fout.close();
}
} catch (IOException ex) {
//do nothing
}
throw new CLIException(e, ExitCodes.IO_EXCEPTION);
} catch (SecurityException e) {
debugError("ListXACML.handleXACMLPolicyRequest", e);
try {
if (fout != null) {
fout.close();
}
} catch (IOException ex) {
//do nothing
}
throw new CLIException(e, ExitCodes.IO_EXCEPTION);
}
}
PolicySet policySet = null;
try {
PrivilegeValidator privilegeValidator = new PrivilegeValidator(new RealmValidator(new OrganizationConfigManager(adminSSOToken, "/")));
XACMLExportImport importExport = new XACMLExportImport(new XACMLExportImport.PrivilegeManagerFactory(), new XACMLReaderWriter(), privilegeValidator, new SearchFilterFactory(), PrivilegeManager.debug);
policySet = importExport.exportXACML(realm, adminSubject, filters);
} catch (EntitlementException e) {
String[] args = { realm, e.getMessage() };
debugError("ListXACML.handleRequest", e);
writeLog(LogWriter.LOG_ERROR, Level.INFO, "FAILED_GET_POLICY_IN_REALM", args);
throw new CLIException(e, ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
} catch (SMSException e) {
String[] args = { realm, e.getMessage() };
debugError("ListXACML.handleRequest", e);
writeLog(LogWriter.LOG_ERROR, Level.INFO, "FAILED_GET_POLICY_IN_REALM", args);
throw new CLIException(e, ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
}
if (policySet == null || policySet.getPolicySetOrPolicyOrPolicySetIdReference().isEmpty()) {
String[] arg = { realm };
outputWriter.printlnMessage(MessageFormat.format(getResourceString("get-policy-in-realm-no-policies"), (Object[]) arg));
} else {
try {
if (pwout != null) {
pwout.write(XACMLPrivilegeUtils.toXML(policySet));
} else {
outputWriter.printlnMessage(XACMLPrivilegeUtils.toXML(policySet));
}
} catch (EntitlementException e) {
throw new CLIException(e, ExitCodes.IO_EXCEPTION);
}
writeLog(LogWriter.LOG_ACCESS, Level.INFO, "SUCCEED_GET_POLICY_IN_REALM", new String[] { realm });
String[] arg = { realm };
outputWriter.printlnMessage(MessageFormat.format(getResourceString("get-policy-in-realm-succeed"), (Object[]) arg));
if (pwout != null) {
try {
pwout.close();
fout.close();
} catch (IOException e) {
//do nothing
}
}
}
}
Also used :
SearchFilterFactory(com.sun.identity.entitlement.xacml3.SearchFilterFactory)
SMSException(com.sun.identity.sm.SMSException)
FileNotFoundException(java.io.FileNotFoundException)
XACMLExportImport(com.sun.identity.entitlement.xacml3.XACMLExportImport)
IOException(java.io.IOException)
PolicySet(com.sun.identity.entitlement.xacml3.core.PolicySet)
PrivilegeValidator(com.sun.identity.entitlement.xacml3.validation.PrivilegeValidator)
EntitlementException(com.sun.identity.entitlement.EntitlementException)
FileOutputStream(java.io.FileOutputStream)
OrganizationConfigManager(com.sun.identity.sm.OrganizationConfigManager)
CLIException(com.sun.identity.cli.CLIException)
RealmValidator(com.sun.identity.entitlement.xacml3.validation.RealmValidator)
XACMLReaderWriter(com.sun.identity.entitlement.xacml3.XACMLReaderWriter)
PrintWriter(java.io.PrintWriter)
Example 58 with OrganizationConfigManager
use of com.sun.identity.sm.OrganizationConfigManager in project OpenAM by OpenRock.
the class RealmResource method updateInstance.
/**
* {@inheritDoc}
*/
@Override
public Promise<ResourceResponse, ResourceException> updateInstance(Context context, String resourceId, UpdateRequest request) {
RealmContext realmContext = context.asContext(RealmContext.class);
String realmPath = realmContext.getResolvedRealm();
final JsonValue realmDetails = request.getContent();
ResourceResponse resource;
String realm;
OrganizationConfigManager ocm;
OrganizationConfigManager realmCreatedOcm;
String principalName = PrincipalRestUtils.getPrincipalNameFromServerContext(context);
try {
hasPermission(context);
realm = checkForTopLevelRealm(resourceId);
if (realm != null && !realm.startsWith("/")) {
realm = "/" + realm;
}
if (!realmPath.equalsIgnoreCase("/")) {
realm = realmPath + realm;
}
// Update a realm - if it's not found, error out.
ocm = new OrganizationConfigManager(getSSOToken(), realm);
List newServiceNames;
// update ID_REPO attributes
updateConfiguredServices(ocm, createServicesMap(realmDetails));
newServiceNames = realmDetails.get(SERVICE_NAMES).asList();
if (newServiceNames == null || newServiceNames.isEmpty()) {
debug.error("RealmResource.updateInstance() : No Services defined.");
} else {
//assign services to realm
assignServices(ocm, newServiceNames);
}
// READ THE REALM
realmCreatedOcm = new OrganizationConfigManager(getSSOToken(), realm);
debug.message("RealmResource.updateInstance :: UPDATE of realm " + realm + " performed by " + principalName);
// create a resource for handler to return
resource = newResourceResponse(realm, String.valueOf(System.currentTimeMillis()), createJsonMessage("realmUpdated", realmCreatedOcm.getOrganizationName()));
return newResultPromise(resource);
} catch (SMSException e) {
try {
configureErrorMessage(e);
return new NotFoundException(e.getMessage(), e).asPromise();
} catch (ForbiddenException fe) {
// User does not have authorization
debug.error("RealmResource.updateInstance() : Cannot UPDATE " + resourceId, fe);
return fe.asPromise();
} catch (PermanentException pe) {
debug.error("RealmResource.updateInstance() : Cannot UPDATE " + resourceId, pe);
// Cannot recover from this exception
return pe.asPromise();
} catch (ConflictException ce) {
debug.error("RealmResource.updateInstance() : Cannot UPDATE " + resourceId, ce);
return ce.asPromise();
} catch (BadRequestException be) {
debug.error("RealmResource.updateInstance() : Cannot UPDATE " + resourceId, be);
return be.asPromise();
} catch (Exception ex) {
debug.error("RealmResource.updateInstance() : Cannot UPDATE " + resourceId, ex);
return new NotFoundException("Cannot update realm.", ex).asPromise();
}
} catch (SSOException sso) {
debug.error("RealmResource.updateInstance() : Cannot UPDATE " + resourceId, sso);
return new PermanentException(401, "Access Denied", null).asPromise();
} catch (ForbiddenException fe) {
debug.error("RealmResource.updateInstance() : Cannot UPDATE " + resourceId, fe);
return fe.asPromise();
} catch (PermanentException pe) {
debug.error("RealmResource.Instance() : Cannot UPDATE " + resourceId, pe);
// Cannot recover from this exception
return pe.asPromise();
} catch (Exception ex) {
debug.error("RealmResource.updateInstance() : Cannot UPDATE " + resourceId, ex);
return new NotFoundException("Cannot update realm.", ex).asPromise();
}
}
Also used :
ForbiddenException(org.forgerock.json.resource.ForbiddenException)
RealmContext(org.forgerock.openam.rest.RealmContext)
SMSException(com.sun.identity.sm.SMSException)
ConflictException(org.forgerock.json.resource.ConflictException)
JsonValue(org.forgerock.json.JsonValue)
NotFoundException(org.forgerock.json.resource.NotFoundException)
SSOException(com.iplanet.sso.SSOException)
NotFoundException(org.forgerock.json.resource.NotFoundException)
BadRequestException(org.forgerock.json.resource.BadRequestException)
ConflictException(org.forgerock.json.resource.ConflictException)
PermanentException(org.forgerock.json.resource.PermanentException)
SMSException(com.sun.identity.sm.SMSException)
InternalServerErrorException(org.forgerock.json.resource.InternalServerErrorException)
ForbiddenException(org.forgerock.json.resource.ForbiddenException)
JsonValueException(org.forgerock.json.JsonValueException)
ResourceException(org.forgerock.json.resource.ResourceException)
SSOException(com.iplanet.sso.SSOException)
Responses.newResourceResponse(org.forgerock.json.resource.Responses.newResourceResponse)
ResourceResponse(org.forgerock.json.resource.ResourceResponse)
OrganizationConfigManager(com.sun.identity.sm.OrganizationConfigManager)
PermanentException(org.forgerock.json.resource.PermanentException)
BadRequestException(org.forgerock.json.resource.BadRequestException)
ArrayList(java.util.ArrayList)
List(java.util.List)
Example 59 with OrganizationConfigManager
use of com.sun.identity.sm.OrganizationConfigManager in project OpenAM by OpenRock.
the class RealmResource method readInstance.
/**
* {@inheritDoc}
*/
@Override
public Promise<ResourceResponse, ResourceException> readInstance(Context context, String resourceId, ReadRequest request) {
RealmContext realmContext = context.asContext(RealmContext.class);
String realmPath = realmContext.getResolvedRealm();
ResourceResponse resource;
JsonValue jval;
String holdResourceId = checkForTopLevelRealm(resourceId);
try {
hasPermission(context);
if (holdResourceId != null && !holdResourceId.startsWith("/")) {
holdResourceId = "/" + holdResourceId;
}
if (!realmPath.equalsIgnoreCase("/")) {
holdResourceId = realmPath + holdResourceId;
}
OrganizationConfigManager ocm = new OrganizationConfigManager(getSSOToken(), holdResourceId);
// get associated services for this realm , include mandatory service names.
Set serviceNames = ocm.getAssignedServices();
jval = createJsonMessage(SERVICE_NAMES, serviceNames);
String principalName = PrincipalRestUtils.getPrincipalNameFromServerContext(context);
resource = newResourceResponse(resourceId, String.valueOf(System.currentTimeMillis()), jval);
if (debug.messageEnabled()) {
debug.message("RealmResource.readInstance :: READ : Successfully read realm, " + resourceId + " performed by " + principalName);
}
return newResultPromise(resource);
} catch (SSOException sso) {
debug.error("RealmResource.updateInstance() : Cannot READ " + resourceId, sso);
return new PermanentException(401, "Access Denied", null).asPromise();
} catch (ForbiddenException fe) {
debug.error("RealmResource.readInstance() : Cannot READ " + resourceId + ":" + fe);
return fe.asPromise();
} catch (SMSException smse) {
debug.error("RealmResource.readInstance() : Cannot READ " + resourceId, smse);
try {
configureErrorMessage(smse);
return new BadRequestException(smse.getMessage(), smse).asPromise();
} catch (NotFoundException nf) {
debug.error("RealmResource.readInstance() : Cannot READ " + resourceId, nf);
return nf.asPromise();
} catch (ForbiddenException fe) {
// User does not have authorization
debug.error("RealmResource.readInstance() : Cannot READ " + resourceId, fe);
return fe.asPromise();
} catch (PermanentException pe) {
debug.error("RealmResource.readInstance() : Cannot READ " + resourceId, pe);
// Cannot recover from this exception
return pe.asPromise();
} catch (ConflictException ce) {
debug.error("RealmResource.readInstance() : Cannot READ " + resourceId, ce);
return ce.asPromise();
} catch (BadRequestException be) {
debug.error("RealmResource.readInstance() : Cannot READ " + resourceId, be);
return be.asPromise();
} catch (Exception e) {
debug.error("RealmResource.readInstance() : Cannot READ " + resourceId, e);
return new BadRequestException(e.getMessage(), e).asPromise();
}
} catch (Exception e) {
return new BadRequestException(e.getMessage(), e).asPromise();
}
}
Also used :
ForbiddenException(org.forgerock.json.resource.ForbiddenException)
HashSet(java.util.HashSet)
Set(java.util.Set)
RealmContext(org.forgerock.openam.rest.RealmContext)
SMSException(com.sun.identity.sm.SMSException)
ConflictException(org.forgerock.json.resource.ConflictException)
JsonValue(org.forgerock.json.JsonValue)
NotFoundException(org.forgerock.json.resource.NotFoundException)
SSOException(com.iplanet.sso.SSOException)
NotFoundException(org.forgerock.json.resource.NotFoundException)
BadRequestException(org.forgerock.json.resource.BadRequestException)
ConflictException(org.forgerock.json.resource.ConflictException)
PermanentException(org.forgerock.json.resource.PermanentException)
SMSException(com.sun.identity.sm.SMSException)
InternalServerErrorException(org.forgerock.json.resource.InternalServerErrorException)
ForbiddenException(org.forgerock.json.resource.ForbiddenException)
JsonValueException(org.forgerock.json.JsonValueException)
ResourceException(org.forgerock.json.resource.ResourceException)
SSOException(com.iplanet.sso.SSOException)
Responses.newResourceResponse(org.forgerock.json.resource.Responses.newResourceResponse)
ResourceResponse(org.forgerock.json.resource.ResourceResponse)
OrganizationConfigManager(com.sun.identity.sm.OrganizationConfigManager)
PermanentException(org.forgerock.json.resource.PermanentException)
BadRequestException(org.forgerock.json.resource.BadRequestException)
Example 60 with OrganizationConfigManager
use of com.sun.identity.sm.OrganizationConfigManager in project OpenAM by OpenRock.
the class DirectoryServicesImpl method createOrganization.
private void createOrganization(SSOToken token, PersistentObject parentObj, Map attributes, String profileName) throws UMSException, AMException, SSOException {
// Invoke the Pre Processing plugin. Note: we need to obtain
// the parent org of this organization to obtain the
// plugin classes for the parent org.
String orgDN = getOrganizationDN(internalToken, parentObj.getDN());
String entryDN = getNamingAttribute(AMObject.ORGANIZATION) + "=" + profileName + "," + parentObj.getDN();
attributes = callBackHelper.preProcess(token, entryDN, orgDN, null, attributes, CallBackHelper.CREATE, AMObject.ORGANIZATION, false);
AttrSet attrSet = CommonUtils.mapToAttrSet(attributes);
makeNamingFirst(attrSet, getNamingAttribute(AMObject.ORGANIZATION), profileName);
TemplateManager tempMgr = TemplateManager.getTemplateManager();
com.iplanet.ums.Organization org = null;
CreationTemplate creationTemp = tempMgr.getCreationTemplate("BasicOrganization", new Guid(orgDN), TemplateManager.SCOPE_ANCESTORS);
attrSet = combineOCs(creationTemp, attrSet);
// COMPLIANCE: DCTREE
if (dcTreeImpl.isRequired()) {
AttrSet[] attrSetArray = dcTreeImpl.splitAttrSet(parentObj.getDN(), attrSet);
org = new com.iplanet.ums.Organization(creationTemp, attrSetArray[0]);
// create the DC node first. If it fails then the org node will not
// be created at all. No clean up needed afterwards then.
dcTreeImpl.createDomain(token, new Guid(entryDN), attrSet);
} else {
org = new com.iplanet.ums.Organization(creationTemp, attrSet);
}
try {
parentObj.addChild(org);
} catch (UMSException ue) {
// clean up DC node
if (dcTreeImpl.isRequired()) {
dcTreeImpl.removeDomain(token, entryDN);
}
if (ComplianceServicesImpl.isComplianceUserDeletionEnabled()) {
// COMPLIANCE
// If the existing entry is marked for deletion, then
// the error message should be different.
complianceImpl.checkIfDeletedOrg(token, org.getDN());
}
throw ue;
}
if (ComplianceServicesImpl.isAdminGroupsEnabled(org.getDN())) {
complianceImpl.createAdminGroups(token, org);
}
// mode, the corresponding realm must also be created.
if (ServiceManager.isCoexistenceMode() && ServiceManager.isRealmEnabled()) {
try {
// Check if realm exisits, this throws SMSException
// if realm does not exist
new OrganizationConfigManager(token, entryDN);
} catch (SMSException smse) {
// Organization does not exist, create it
if (debug.messageEnabled()) {
debug.message("DirectoryServicesImpl::createOrganization " + "creating realm: " + org.getDN());
}
try {
OrganizationConfigManager ocm = new OrganizationConfigManager(token, orgDN);
ocm.createSubOrganization(profileName, null);
} catch (SMSException se) {
if (debug.messageEnabled()) {
debug.message("DirectoryServicesImpl::" + "createOrganization unable to create realm: " + org.getDN(), se);
}
}
}
}
// If in legacy mode, add the default services
if (ServiceManager.isCoexistenceMode()) {
try {
OrganizationConfigManager ocm = new OrganizationConfigManager(token, entryDN);
OrganizationConfigManager.loadDefaultServices(token, ocm);
} catch (SMSException smse) {
// Unable to load default services
if (debug.warningEnabled()) {
debug.warning("DirectoryServicesImpl::createOrganization " + "Unable to load services: " + org.getDN());
}
}
}
// Invoke Post processing impls. Note: orgDN is parent org
callBackHelper.postProcess(token, org.getDN(), orgDN, null, attributes, CallBackHelper.CREATE, AMObject.ORGANIZATION, false);
}
Also used :
CreationTemplate(com.iplanet.ums.CreationTemplate)
UMSException(com.iplanet.ums.UMSException)
SMSException(com.sun.identity.sm.SMSException)
OrganizationConfigManager(com.sun.identity.sm.OrganizationConfigManager)
TemplateManager(com.iplanet.ums.TemplateManager)
Guid(com.iplanet.ums.Guid)
AttrSet(com.iplanet.services.ldap.AttrSet)
Aggregations
OrganizationConfigManager (com.sun.identity.sm.OrganizationConfigManager)144
SMSException (com.sun.identity.sm.SMSException)87
Set (java.util.Set)79
HashSet (java.util.HashSet)54
SSOException (com.iplanet.sso.SSOException)50
Map (java.util.Map)48
HashMap (java.util.HashMap)40
SSOToken (com.iplanet.sso.SSOToken)33
IdRepoException (com.sun.identity.idm.IdRepoException)32
Iterator (java.util.Iterator)28
AMIdentity (com.sun.identity.idm.AMIdentity)23
CLIException (com.sun.identity.cli.CLIException)21
AMIdentityRepository (com.sun.identity.idm.AMIdentityRepository)20
ServiceConfig (com.sun.identity.sm.ServiceConfig)17
IOutput (com.sun.identity.cli.IOutput)15
AMConsoleException (com.sun.identity.console.base.model.AMConsoleException)15
List (java.util.List)10
ForbiddenException (org.forgerock.json.resource.ForbiddenException)9
BadRequestException (org.forgerock.json.resource.BadRequestException)8
InternalServerErrorException (org.forgerock.json.resource.InternalServerErrorException)8
