Search in sources :

Example 6 with SMSEntry

use of com.sun.identity.sm.SMSEntry in project OpenAM by OpenRock.

the class TokenCleanupRunnable method run.

public void run() {
    if (!runCleanup()) {
        // no need to run cleanup on this instance
        return;
    }
    CoreTokenUtils.debug.message("TokenCleanupRunnable.run : START");
    Set<String> tokenSet = getAllTokens();
    Iterator<String> tokens = tokenSet.iterator();
    if (CoreTokenUtils.debug.messageEnabled()) {
        CoreTokenUtils.debug.message("TokenCleanupRunnable.run : found " + tokenSet.size() + " tokens");
    }
    while (tokens.hasNext()) {
        String token = tokens.next();
        String dn = OpenSSOCoreTokenStore.getCoreTokenDN(token);
        SSOToken adminToken = (SSOToken) AccessController.doPrivileged(AdminTokenAction.getInstance());
        if (SMSEntry.checkIfEntryExists(dn, adminToken)) {
            try {
                SMSEntry s = new SMSEntry(adminToken, dn);
                String tokenExpiry = getTokenExpiry(s);
                if (CoreTokenUtils.isTokenExpired(tokenExpiry)) {
                    s.delete();
                    // add logging
                    TokenLogUtils.access(Level.INFO, TokenLogUtils.EXPIRED_TOKEN_DELETE_SUCCESS, null, null, token);
                    if (CoreTokenUtils.debug.messageEnabled()) {
                        CoreTokenUtils.debug.message("TokenCleanupRunnable" + ".run: removed expired token " + token);
                    }
                }
            } catch (SMSException ex) {
                CoreTokenUtils.debug.error("TokenCleanupRunnable.run", ex);
            } catch (SSOException ex) {
                CoreTokenUtils.debug.error("TokenCleanupRunnable.run", ex);
            } catch (CoreTokenException ce) {
                CoreTokenUtils.debug.error("TokenCleanupRunnable.run", ce);
            }
        }
    }
    CoreTokenUtils.debug.message("TokenCleanupRunnable.run : END");
}
Also used : SSOToken(com.iplanet.sso.SSOToken) SMSException(com.sun.identity.sm.SMSException) CoreTokenException(com.sun.identity.coretoken.CoreTokenException) SMSEntry(com.sun.identity.sm.SMSEntry) SSOException(com.iplanet.sso.SSOException)

Example 7 with SMSEntry

use of com.sun.identity.sm.SMSEntry in project OpenAM by OpenRock.

the class OpenSSOCoreTokenStore method updateToken.

/**
     * Updates a token.
     * @param subject caller subject.
     * @param tokenId token.id of the token to be updated.
     * @param eTag
     * @param newVals
     * @throws CoreTokenException
     * @throws JSONException
     */
public void updateToken(Subject subject, String tokenId, String eTag, JSONObject newVals) throws CoreTokenException, JSONException {
    SSOToken token = SubjectUtils.getSSOToken(subject);
    if (token == null) {
        throw new CoreTokenException(210, null, 401);
    }
    String dn = null;
    try {
        dn = getCoreTokenDN(tokenId);
        if (SMSEntry.checkIfEntryExists(dn, token)) {
            SMSEntry s = new SMSEntry(token, dn);
            String tokenAttrs = getTokenAttributeValueFromSM(s, JSON_ATTR);
            JSONObject json = new JSONObject(tokenAttrs);
            checkETag(eTag, json, tokenId);
            // validate attribute names and convert to lower case
            newVals = validateAndToLowerCase(newVals);
            // token.id attribute can't be modified
            if (newVals.has(CoreTokenConstants.TOKEN_ID)) {
                throw new CoreTokenException(221, null, 409);
            }
            // token.type attribute can't be modified
            if (newVals.has(CoreTokenConstants.TOKEN_TYPE)) {
                throw new CoreTokenException(224, null, 409);
            }
            json = updateAttributeValues(json, newVals);
            Map<String, Set<String>> map = validateAndCreateMap(tokenId, json);
            s.setAttributes(map);
            s.save();
        } else {
            throw new CoreTokenException(203, null, 404);
        }
    } catch (SMSException e) {
        CoreTokenUtils.debug.error("OpenSSOCoreTokenStore.updateToken", e);
        throw new CoreTokenException(206, null, e);
    } catch (SSOException e) {
        CoreTokenUtils.debug.error("OpenSSOCoreTokenStore.updateToken", e);
        throw new CoreTokenException(301, null, e);
    }
}
Also used : SSOToken(com.iplanet.sso.SSOToken) HashSet(java.util.HashSet) Set(java.util.Set) JSONObject(org.json.JSONObject) SMSException(com.sun.identity.sm.SMSException) CoreTokenException(com.sun.identity.coretoken.CoreTokenException) SMSEntry(com.sun.identity.sm.SMSEntry) SSOException(com.iplanet.sso.SSOException)

Example 8 with SMSEntry

use of com.sun.identity.sm.SMSEntry in project OpenAM by OpenRock.

the class ScriptConfigurationDataStore method oidcClaimsUsageCount.

/**
     * Count how many times the script identified by the specified uuid is used in OIDC claims.
     * @param uuid The specified uuid.
     * @return the count of how many times the script is used in OIDC Claims
     * @throws SMSException If the LDAP node could not be read.
     * @throws SSOException If the Admin token could not be found.
     */
private int oidcClaimsUsageCount(String uuid) throws SSOException, SMSException {
    SMSEntry smsEntry = new SMSEntry(getToken(), getOAuth2ProviderBaseDN());
    Map<String, Set<String>> attributes = smsEntry.getAttributes();
    try {
        Set<String> sunKeyValues = getMapSetThrows(attributes, "sunKeyValue");
        if (sunKeyValues.contains("forgerock-oauth2-provider-oidc-claims-extension-script=" + uuid)) {
            return 1;
        }
    } catch (ValueNotFoundException ignored) {
    }
    return 0;
}
Also used : ValueNotFoundException(com.sun.identity.shared.datastruct.ValueNotFoundException) LinkedHashSet(java.util.LinkedHashSet) Set(java.util.Set) SMSEntry(com.sun.identity.sm.SMSEntry)

Example 9 with SMSEntry

use of com.sun.identity.sm.SMSEntry in project OpenAM by OpenRock.

the class DataStore method remove.

/**
     * Removes privilege.
     *
     * @param adminSubject Admin Subject who has the rights to write to
     *        datastore.
     * @param realm Realm name.
     * @param name Privilege name.
     * @throws com.sun.identity.entitlement.EntitlementException if privilege
     * cannot be removed.
     */
public void remove(Subject adminSubject, String realm, String name) throws EntitlementException {
    SSOToken token = getSSOToken(adminSubject);
    if (token == null) {
        Object[] arg = { name };
        throw new EntitlementException(55, arg);
    }
    String dn = null;
    try {
        dn = getPrivilegeDistinguishedName(name, realm, null);
        if (SMSEntry.checkIfEntryExists(dn, token)) {
            SMSEntry s = new SMSEntry(token, dn);
            s.delete();
            updateIndexCount(realm, -1, false);
            Map<String, String> params = new HashMap<String, String>();
            params.put(NotificationServlet.ATTR_NAME, name);
            params.put(NotificationServlet.ATTR_REALM_NAME, realm);
            Notifier.submit(NotificationServlet.PRIVILEGE_DELETED, params);
        }
    } catch (SMSException e) {
        Object[] arg = { dn };
        throw new EntitlementException(51, arg, e);
    } catch (SSOException e) {
        throw new EntitlementException(10, null, e);
    }
}
Also used : EntitlementException(com.sun.identity.entitlement.EntitlementException) SSOToken(com.iplanet.sso.SSOToken) HashMap(java.util.HashMap) SMSException(com.sun.identity.sm.SMSException) JSONObject(org.json.JSONObject) SMSEntry(com.sun.identity.sm.SMSEntry) SSOException(com.iplanet.sso.SSOException)

Example 10 with SMSEntry

use of com.sun.identity.sm.SMSEntry in project OpenAM by OpenRock.

the class DataStore method add.

/**
     * Adds a privilege.
     *
     * @param adminSubject Admin Subject who has the rights to write to
     *        datastore.
     * @param realm Realm name.
     * @param p Privilege object.
     * @return the DN of added privilege.
     * @throws com.sun.identity.entitlement.EntitlementException if privilege
     * cannot be added.
     */
public String add(Subject adminSubject, String realm, Privilege p) throws EntitlementException {
    ResourceSaveIndexes indexes = p.getEntitlement().getResourceSaveIndexes(adminSubject, realm);
    Set<String> subjectIndexes = SubjectAttributesManager.getSubjectSearchIndexes(p);
    String dn = null;
    try {
        createDefaultSubConfig(adminToken, realm, null);
        dn = getPrivilegeDistinguishedName(p.getName(), realm, null);
        SMSEntry s = new SMSEntry(adminToken, dn);
        Map<String, Set<String>> map = new HashMap<String, Set<String>>();
        Set<String> searchable = new HashSet<String>();
        map.put(SMSEntry.ATTR_XML_KEYVAL, searchable);
        searchable.add(Privilege.RESOURCE_TYPE_UUID_ATTRIBUTE + "=" + p.getResourceTypeUuid());
        if (indexes != null) {
            for (String i : indexes.getHostIndexes()) {
                searchable.add(HOST_INDEX_KEY + "=" + i);
            }
            for (String i : indexes.getPathIndexes()) {
                searchable.add(PATH_INDEX_KEY + "=" + i);
            }
            for (String i : indexes.getParentPathIndexes()) {
                searchable.add(PATH_PARENT_INDEX_KEY + "=" + i);
            }
            for (String i : subjectIndexes) {
                searchable.add(SUBJECT_INDEX_KEY + "=" + i);
            }
        }
        Set<String> setServiceID = new HashSet<String>(2);
        map.put(SMSEntry.ATTR_SERVICE_ID, setServiceID);
        setServiceID.add("indexes");
        Set<String> set = new HashSet<String>(2);
        map.put(SMSEntry.ATTR_KEYVAL, set);
        set.add(SERIALIZABLE_INDEX_KEY + "=" + p.toJSONObject().toString());
        Set<String> setObjectClass = new HashSet<String>(4);
        map.put(SMSEntry.ATTR_OBJECTCLASS, setObjectClass);
        setObjectClass.add(SMSEntry.OC_TOP);
        setObjectClass.add(SMSEntry.OC_SERVICE_COMP);
        Set<String> info = new HashSet<String>(8);
        String privilegeName = p.getName();
        if (privilegeName != null) {
            info.add(Privilege.NAME_ATTRIBUTE + "=" + privilegeName);
        }
        String privilegeDesc = p.getDescription();
        if (privilegeDesc != null) {
            info.add(Privilege.DESCRIPTION_ATTRIBUTE + "=" + privilegeDesc);
        }
        String createdBy = p.getCreatedBy();
        if (createdBy != null) {
            info.add(Privilege.CREATED_BY_ATTRIBUTE + "=" + createdBy);
        }
        String lastModifiedBy = p.getLastModifiedBy();
        if (lastModifiedBy != null) {
            info.add(Privilege.LAST_MODIFIED_BY_ATTRIBUTE + "=" + lastModifiedBy);
        }
        long creationDate = p.getCreationDate();
        if (creationDate > 0) {
            String data = Long.toString(creationDate) + "=" + Privilege.CREATION_DATE_ATTRIBUTE;
            info.add(data);
            info.add("|" + data);
        }
        long lastModifiedDate = p.getLastModifiedDate();
        if (lastModifiedDate > 0) {
            String data = Long.toString(lastModifiedDate) + "=" + Privilege.LAST_MODIFIED_DATE_ATTRIBUTE;
            info.add(data);
            info.add("|" + data);
        }
        Entitlement ent = p.getEntitlement();
        info.add(Privilege.APPLICATION_ATTRIBUTE + "=" + ent.getApplicationName());
        for (String a : p.getApplicationIndexes()) {
            info.add(Privilege.APPLICATION_ATTRIBUTE + "=" + a);
        }
        map.put("ou", info);
        s.setAttributes(map);
        s.save();
        Map<String, String> params = new HashMap<String, String>();
        params.put(NotificationServlet.ATTR_NAME, privilegeName);
        params.put(NotificationServlet.ATTR_REALM_NAME, realm);
        Notifier.submit(NotificationServlet.PRIVILEGE_ADDED, params);
        updateIndexCount(realm, 1, false);
    } catch (JSONException e) {
        throw new EntitlementException(210, e);
    } catch (SSOException e) {
        throw new EntitlementException(210, e);
    } catch (SMSException e) {
        throw new EntitlementException(210, e);
    }
    return dn;
}
Also used : HashSet(java.util.HashSet) Collections.emptySet(java.util.Collections.emptySet) Set(java.util.Set) HashMap(java.util.HashMap) SMSException(com.sun.identity.sm.SMSException) JSONException(org.json.JSONException) SSOException(com.iplanet.sso.SSOException) ResourceSaveIndexes(com.sun.identity.entitlement.ResourceSaveIndexes) EntitlementException(com.sun.identity.entitlement.EntitlementException) SMSEntry(com.sun.identity.sm.SMSEntry) Entitlement(com.sun.identity.entitlement.Entitlement) HashSet(java.util.HashSet)

Aggregations

SMSEntry (com.sun.identity.sm.SMSEntry)23 SSOException (com.iplanet.sso.SSOException)18 SMSException (com.sun.identity.sm.SMSException)18 SSOToken (com.iplanet.sso.SSOToken)16 EntitlementException (com.sun.identity.entitlement.EntitlementException)11 Set (java.util.Set)10 HashMap (java.util.HashMap)8 HashSet (java.util.HashSet)8 CoreTokenException (com.sun.identity.coretoken.CoreTokenException)5 PolicyException (com.sun.identity.policy.PolicyException)5 ApplicationPrivilegeManager (com.sun.identity.entitlement.ApplicationPrivilegeManager)4 PrivilegeIndexStore (com.sun.identity.entitlement.PrivilegeIndexStore)4 CachedSMSEntry (com.sun.identity.sm.CachedSMSEntry)4 JSONObject (org.json.JSONObject)4 IPrivilege (com.sun.identity.entitlement.IPrivilege)3 ResourceSaveIndexes (com.sun.identity.entitlement.ResourceSaveIndexes)2 Policy (com.sun.identity.policy.Policy)2 Collections.emptySet (java.util.Collections.emptySet)2 SystemProperties (com.iplanet.am.util.SystemProperties)1 LDAPServiceException (com.iplanet.services.ldap.LDAPServiceException)1