use of com.sun.identity.sm.SMSEntry in project OpenAM by OpenRock.
the class TokenCleanupRunnable method run.
public void run() {
if (!runCleanup()) {
// no need to run cleanup on this instance
return;
}
CoreTokenUtils.debug.message("TokenCleanupRunnable.run : START");
Set<String> tokenSet = getAllTokens();
Iterator<String> tokens = tokenSet.iterator();
if (CoreTokenUtils.debug.messageEnabled()) {
CoreTokenUtils.debug.message("TokenCleanupRunnable.run : found " + tokenSet.size() + " tokens");
}
while (tokens.hasNext()) {
String token = tokens.next();
String dn = OpenSSOCoreTokenStore.getCoreTokenDN(token);
SSOToken adminToken = (SSOToken) AccessController.doPrivileged(AdminTokenAction.getInstance());
if (SMSEntry.checkIfEntryExists(dn, adminToken)) {
try {
SMSEntry s = new SMSEntry(adminToken, dn);
String tokenExpiry = getTokenExpiry(s);
if (CoreTokenUtils.isTokenExpired(tokenExpiry)) {
s.delete();
// add logging
TokenLogUtils.access(Level.INFO, TokenLogUtils.EXPIRED_TOKEN_DELETE_SUCCESS, null, null, token);
if (CoreTokenUtils.debug.messageEnabled()) {
CoreTokenUtils.debug.message("TokenCleanupRunnable" + ".run: removed expired token " + token);
}
}
} catch (SMSException ex) {
CoreTokenUtils.debug.error("TokenCleanupRunnable.run", ex);
} catch (SSOException ex) {
CoreTokenUtils.debug.error("TokenCleanupRunnable.run", ex);
} catch (CoreTokenException ce) {
CoreTokenUtils.debug.error("TokenCleanupRunnable.run", ce);
}
}
}
CoreTokenUtils.debug.message("TokenCleanupRunnable.run : END");
}
use of com.sun.identity.sm.SMSEntry in project OpenAM by OpenRock.
the class OpenSSOCoreTokenStore method updateToken.
/**
* Updates a token.
* @param subject caller subject.
* @param tokenId token.id of the token to be updated.
* @param eTag
* @param newVals
* @throws CoreTokenException
* @throws JSONException
*/
public void updateToken(Subject subject, String tokenId, String eTag, JSONObject newVals) throws CoreTokenException, JSONException {
SSOToken token = SubjectUtils.getSSOToken(subject);
if (token == null) {
throw new CoreTokenException(210, null, 401);
}
String dn = null;
try {
dn = getCoreTokenDN(tokenId);
if (SMSEntry.checkIfEntryExists(dn, token)) {
SMSEntry s = new SMSEntry(token, dn);
String tokenAttrs = getTokenAttributeValueFromSM(s, JSON_ATTR);
JSONObject json = new JSONObject(tokenAttrs);
checkETag(eTag, json, tokenId);
// validate attribute names and convert to lower case
newVals = validateAndToLowerCase(newVals);
// token.id attribute can't be modified
if (newVals.has(CoreTokenConstants.TOKEN_ID)) {
throw new CoreTokenException(221, null, 409);
}
// token.type attribute can't be modified
if (newVals.has(CoreTokenConstants.TOKEN_TYPE)) {
throw new CoreTokenException(224, null, 409);
}
json = updateAttributeValues(json, newVals);
Map<String, Set<String>> map = validateAndCreateMap(tokenId, json);
s.setAttributes(map);
s.save();
} else {
throw new CoreTokenException(203, null, 404);
}
} catch (SMSException e) {
CoreTokenUtils.debug.error("OpenSSOCoreTokenStore.updateToken", e);
throw new CoreTokenException(206, null, e);
} catch (SSOException e) {
CoreTokenUtils.debug.error("OpenSSOCoreTokenStore.updateToken", e);
throw new CoreTokenException(301, null, e);
}
}
use of com.sun.identity.sm.SMSEntry in project OpenAM by OpenRock.
the class ScriptConfigurationDataStore method oidcClaimsUsageCount.
/**
* Count how many times the script identified by the specified uuid is used in OIDC claims.
* @param uuid The specified uuid.
* @return the count of how many times the script is used in OIDC Claims
* @throws SMSException If the LDAP node could not be read.
* @throws SSOException If the Admin token could not be found.
*/
private int oidcClaimsUsageCount(String uuid) throws SSOException, SMSException {
SMSEntry smsEntry = new SMSEntry(getToken(), getOAuth2ProviderBaseDN());
Map<String, Set<String>> attributes = smsEntry.getAttributes();
try {
Set<String> sunKeyValues = getMapSetThrows(attributes, "sunKeyValue");
if (sunKeyValues.contains("forgerock-oauth2-provider-oidc-claims-extension-script=" + uuid)) {
return 1;
}
} catch (ValueNotFoundException ignored) {
}
return 0;
}
use of com.sun.identity.sm.SMSEntry in project OpenAM by OpenRock.
the class DataStore method remove.
/**
* Removes privilege.
*
* @param adminSubject Admin Subject who has the rights to write to
* datastore.
* @param realm Realm name.
* @param name Privilege name.
* @throws com.sun.identity.entitlement.EntitlementException if privilege
* cannot be removed.
*/
public void remove(Subject adminSubject, String realm, String name) throws EntitlementException {
SSOToken token = getSSOToken(adminSubject);
if (token == null) {
Object[] arg = { name };
throw new EntitlementException(55, arg);
}
String dn = null;
try {
dn = getPrivilegeDistinguishedName(name, realm, null);
if (SMSEntry.checkIfEntryExists(dn, token)) {
SMSEntry s = new SMSEntry(token, dn);
s.delete();
updateIndexCount(realm, -1, false);
Map<String, String> params = new HashMap<String, String>();
params.put(NotificationServlet.ATTR_NAME, name);
params.put(NotificationServlet.ATTR_REALM_NAME, realm);
Notifier.submit(NotificationServlet.PRIVILEGE_DELETED, params);
}
} catch (SMSException e) {
Object[] arg = { dn };
throw new EntitlementException(51, arg, e);
} catch (SSOException e) {
throw new EntitlementException(10, null, e);
}
}
use of com.sun.identity.sm.SMSEntry in project OpenAM by OpenRock.
the class DataStore method add.
/**
* Adds a privilege.
*
* @param adminSubject Admin Subject who has the rights to write to
* datastore.
* @param realm Realm name.
* @param p Privilege object.
* @return the DN of added privilege.
* @throws com.sun.identity.entitlement.EntitlementException if privilege
* cannot be added.
*/
public String add(Subject adminSubject, String realm, Privilege p) throws EntitlementException {
ResourceSaveIndexes indexes = p.getEntitlement().getResourceSaveIndexes(adminSubject, realm);
Set<String> subjectIndexes = SubjectAttributesManager.getSubjectSearchIndexes(p);
String dn = null;
try {
createDefaultSubConfig(adminToken, realm, null);
dn = getPrivilegeDistinguishedName(p.getName(), realm, null);
SMSEntry s = new SMSEntry(adminToken, dn);
Map<String, Set<String>> map = new HashMap<String, Set<String>>();
Set<String> searchable = new HashSet<String>();
map.put(SMSEntry.ATTR_XML_KEYVAL, searchable);
searchable.add(Privilege.RESOURCE_TYPE_UUID_ATTRIBUTE + "=" + p.getResourceTypeUuid());
if (indexes != null) {
for (String i : indexes.getHostIndexes()) {
searchable.add(HOST_INDEX_KEY + "=" + i);
}
for (String i : indexes.getPathIndexes()) {
searchable.add(PATH_INDEX_KEY + "=" + i);
}
for (String i : indexes.getParentPathIndexes()) {
searchable.add(PATH_PARENT_INDEX_KEY + "=" + i);
}
for (String i : subjectIndexes) {
searchable.add(SUBJECT_INDEX_KEY + "=" + i);
}
}
Set<String> setServiceID = new HashSet<String>(2);
map.put(SMSEntry.ATTR_SERVICE_ID, setServiceID);
setServiceID.add("indexes");
Set<String> set = new HashSet<String>(2);
map.put(SMSEntry.ATTR_KEYVAL, set);
set.add(SERIALIZABLE_INDEX_KEY + "=" + p.toJSONObject().toString());
Set<String> setObjectClass = new HashSet<String>(4);
map.put(SMSEntry.ATTR_OBJECTCLASS, setObjectClass);
setObjectClass.add(SMSEntry.OC_TOP);
setObjectClass.add(SMSEntry.OC_SERVICE_COMP);
Set<String> info = new HashSet<String>(8);
String privilegeName = p.getName();
if (privilegeName != null) {
info.add(Privilege.NAME_ATTRIBUTE + "=" + privilegeName);
}
String privilegeDesc = p.getDescription();
if (privilegeDesc != null) {
info.add(Privilege.DESCRIPTION_ATTRIBUTE + "=" + privilegeDesc);
}
String createdBy = p.getCreatedBy();
if (createdBy != null) {
info.add(Privilege.CREATED_BY_ATTRIBUTE + "=" + createdBy);
}
String lastModifiedBy = p.getLastModifiedBy();
if (lastModifiedBy != null) {
info.add(Privilege.LAST_MODIFIED_BY_ATTRIBUTE + "=" + lastModifiedBy);
}
long creationDate = p.getCreationDate();
if (creationDate > 0) {
String data = Long.toString(creationDate) + "=" + Privilege.CREATION_DATE_ATTRIBUTE;
info.add(data);
info.add("|" + data);
}
long lastModifiedDate = p.getLastModifiedDate();
if (lastModifiedDate > 0) {
String data = Long.toString(lastModifiedDate) + "=" + Privilege.LAST_MODIFIED_DATE_ATTRIBUTE;
info.add(data);
info.add("|" + data);
}
Entitlement ent = p.getEntitlement();
info.add(Privilege.APPLICATION_ATTRIBUTE + "=" + ent.getApplicationName());
for (String a : p.getApplicationIndexes()) {
info.add(Privilege.APPLICATION_ATTRIBUTE + "=" + a);
}
map.put("ou", info);
s.setAttributes(map);
s.save();
Map<String, String> params = new HashMap<String, String>();
params.put(NotificationServlet.ATTR_NAME, privilegeName);
params.put(NotificationServlet.ATTR_REALM_NAME, realm);
Notifier.submit(NotificationServlet.PRIVILEGE_ADDED, params);
updateIndexCount(realm, 1, false);
} catch (JSONException e) {
throw new EntitlementException(210, e);
} catch (SSOException e) {
throw new EntitlementException(210, e);
} catch (SMSException e) {
throw new EntitlementException(210, e);
}
return dn;
}
Aggregations