use of com.sun.identity.sm.SMSEntry in project OpenAM by OpenRock.
the class DataStore method addReferral.
/**
* Adds a referral.
*
* @param adminSubject Admin Subject who has the rights to write to
* datastore.
* @param realm Realm name.
* @param referral Referral Privilege object.
* @return the DN of added privilege.
* @throws EntitlementException if privilege cannot be added.
*/
public String addReferral(Subject adminSubject, String realm, ReferralPrivilege referral) throws EntitlementException {
ResourceSaveIndexes indexes = referral.getResourceSaveIndexes(adminSubject, realm);
SSOToken token = getSSOToken(adminSubject);
String dn = null;
try {
createDefaultSubConfig(token, realm, REFERRAL_STORE);
dn = getPrivilegeDistinguishedName(referral.getName(), realm, REFERRAL_STORE);
SMSEntry s = new SMSEntry(token, dn);
Map<String, Set<String>> map = new HashMap<String, Set<String>>();
Set<String> searchable = new HashSet<String>();
map.put(SMSEntry.ATTR_XML_KEYVAL, searchable);
if (indexes != null) {
for (String i : indexes.getHostIndexes()) {
searchable.add(HOST_INDEX_KEY + "=" + i);
}
for (String i : indexes.getPathIndexes()) {
searchable.add(PATH_INDEX_KEY + "=" + i);
}
for (String i : indexes.getParentPathIndexes()) {
searchable.add(PATH_PARENT_INDEX_KEY + "=" + i);
}
}
Set<String> setServiceID = new HashSet<String>(2);
map.put(SMSEntry.ATTR_SERVICE_ID, setServiceID);
setServiceID.add("indexes");
Set<String> set = new HashSet<String>(2);
map.put(SMSEntry.ATTR_KEYVAL, set);
set.add(SERIALIZABLE_INDEX_KEY + "=" + referral.toJSON());
Set<String> setObjectClass = new HashSet<String>(4);
map.put(SMSEntry.ATTR_OBJECTCLASS, setObjectClass);
setObjectClass.add(SMSEntry.OC_TOP);
setObjectClass.add(SMSEntry.OC_SERVICE_COMP);
Set<String> info = new HashSet<String>(8);
String privilegeName = referral.getName();
if (privilegeName != null) {
info.add(Privilege.NAME_ATTRIBUTE + "=" + privilegeName);
}
String privilegeDesc = referral.getDescription();
if (privilegeDesc != null) {
info.add(Privilege.DESCRIPTION_ATTRIBUTE + "=" + privilegeDesc);
}
String createdBy = referral.getCreatedBy();
if (createdBy != null) {
info.add(Privilege.CREATED_BY_ATTRIBUTE + "=" + createdBy);
}
String lastModifiedBy = referral.getLastModifiedBy();
if (lastModifiedBy != null) {
info.add(Privilege.LAST_MODIFIED_BY_ATTRIBUTE + "=" + lastModifiedBy);
}
long creationDate = referral.getCreationDate();
if (creationDate > 0) {
String data = Long.toString(creationDate) + "=" + Privilege.CREATION_DATE_ATTRIBUTE;
info.add(data);
info.add("|" + data);
}
long lastModifiedDate = referral.getLastModifiedDate();
if (lastModifiedDate > 0) {
String data = Long.toString(lastModifiedDate) + "=" + Privilege.LAST_MODIFIED_DATE_ATTRIBUTE;
info.add(data);
info.add("|" + data);
}
for (String rlm : referral.getRealms()) {
info.add(REFERRAL_REALMS + "=" + rlm);
}
for (String n : referral.getApplicationTypeNames(adminSubject, realm)) {
info.add(REFERRAL_APPLS + "=" + n);
}
for (String n : referral.getMapApplNameToResources().keySet()) {
info.add(Privilege.APPLICATION_ATTRIBUTE + "=" + n);
}
map.put("ou", info);
s.setAttributes(map);
s.save();
Map<String, String> params = new HashMap<String, String>();
params.put(NotificationServlet.ATTR_NAME, privilegeName);
params.put(NotificationServlet.ATTR_REALM_NAME, realm);
Notifier.submit(NotificationServlet.REFERRAL_ADDED, params);
updateIndexCount(realm, 1, true);
} catch (SSOException e) {
throw new EntitlementException(270, e);
} catch (SMSException e) {
throw new EntitlementException(270, e);
}
return dn;
}
use of com.sun.identity.sm.SMSEntry in project OpenAM by OpenRock.
the class EntitlementService method storeApplication.
/**
* Stores the application to data store.
*
* @param appl Application object.
* @throws EntitlementException if application cannot be stored.
*/
public void storeApplication(Application appl) throws EntitlementException {
SSOToken token = SubjectUtils.getSSOToken(getAdminSubject());
try {
createApplicationCollectionConfig(realm);
String dn = getApplicationDN(appl.getName(), realm);
SMSEntry s = new SMSEntry(token, dn);
s.setAttributes(getApplicationData(appl));
String[] logParams = { realm, appl.getName() };
OpenSSOLogger.log(OpenSSOLogger.LogLevel.MESSAGE, Level.INFO, "ATTEMPT_SAVE_APPLICATION", logParams, getAdminSubject());
s.save();
OpenSSOLogger.log(OpenSSOLogger.LogLevel.MESSAGE, Level.INFO, "SUCCEEDED_SAVE_APPLICATION", logParams, getAdminSubject());
Map<String, String> params = new HashMap<String, String>();
params.put(NotificationServlet.ATTR_REALM_NAME, realm);
Notifier.submit(NotificationServlet.APPLICATIONS_CHANGED, params);
} catch (SMSException ex) {
String[] logParams = { realm, appl.getName(), ex.getMessage() };
OpenSSOLogger.log(OpenSSOLogger.LogLevel.ERROR, Level.INFO, "FAILED_SAVE_APPLICATION", logParams, getAdminSubject());
Object[] arg = { appl.getName() };
throw new EntitlementException(EntitlementException.MODIFY_APPLICATION_FAIL, arg, ex);
} catch (SSOException ex) {
String[] logParams = { realm, appl.getName(), ex.getMessage() };
OpenSSOLogger.log(OpenSSOLogger.LogLevel.ERROR, Level.INFO, "FAILED_SAVE_APPLICATION", logParams, getAdminSubject());
Object[] arg = { appl.getName() };
throw new EntitlementException(EntitlementException.MODIFY_APPLICATION_FAIL, arg, ex);
}
}
use of com.sun.identity.sm.SMSEntry in project OpenAM by OpenRock.
the class ImportServiceConfiguration method deleteOuServicesDescendents.
private void deleteOuServicesDescendents(SSOToken ssoToken, String ouServices) throws SSOException, SMSException {
CachedSubEntries smsEntry = CachedSubEntries.getInstance(ssoToken, ouServices);
Set children = smsEntry.searchSubOrgNames(ssoToken, "*", false);
for (Iterator i = children.iterator(); i.hasNext(); ) {
String child = (String) i.next();
child = "o=" + child + "," + ouServices;
SMSEntry s = new SMSEntry(ssoToken, child);
s.delete();
}
{
// hardcoding hidden realm, cannot find a better option.
SMSEntry s = new SMSEntry(ssoToken, "o=sunamhiddenrealmdelegationservicepermissions," + ouServices);
s.delete();
}
children = smsEntry.getSubEntries(ssoToken, "*");
for (Iterator i = children.iterator(); i.hasNext(); ) {
String child = (String) i.next();
child = "ou=" + child + "," + ouServices;
SMSEntry s = new SMSEntry(ssoToken, child);
s.delete();
}
ServiceManager mgr = new ServiceManager(ssoToken);
mgr.clearCache();
AMIdentityRepository.clearCache();
}
use of com.sun.identity.sm.SMSEntry in project OpenAM by OpenRock.
the class OpenSSOPolicyDataStore method removePrivilege.
public void removePrivilege(Subject subject, String realm, Privilege privilege) throws EntitlementException {
SSOToken adminToken = SubjectUtils.getSSOToken(subject);
String name = privilege.getName();
if (adminToken == null) {
Object[] params = { name };
throw new EntitlementException(211, params);
}
// Delegation to applications is currently not configurable, passing super admin (see AME-4959)
ApplicationPrivilegeManager applPrivilegeMgr = ApplicationPrivilegeManager.getInstance(realm, PrivilegeManager.superAdminSubject);
if (!applPrivilegeMgr.hasPrivilege(privilege, ApplicationPrivilege.Action.MODIFY)) {
throw new EntitlementException(326);
}
try {
String[] logParams = { DNMapper.orgNameToRealmName(realm), name };
OpenSSOLogger.log(OpenSSOLogger.LogLevel.MESSAGE, Level.INFO, "ATTEMPT_REMOVE_PRIVILEGE", logParams, subject);
// Remove from privilege index store first
PrivilegeIndexStore pis = PrivilegeIndexStore.getInstance(dsameUserSubject, realm);
pis.delete(name);
// Only remove from legacy policy store if the policy still exists. This can happen if an old policy
// had multiple rules (= multiple privileges in new store) and one of the new privileges for that policy
// has been deleted, which deletes the entire legacy policy.
String dn = findLegacyPolicyDn(dsameUserToken, realm, name);
if (dn != null) {
SMSEntry s = new SMSEntry(dsameUserToken, dn);
s.delete();
} else {
debug("Unable to find legacy policy for privilege %s in realm %s", name, realm);
}
OpenSSOLogger.log(OpenSSOLogger.LogLevel.MESSAGE, Level.INFO, "SUCCEEDED_REMOVE_PRIVILEGE", logParams, subject);
} catch (SSOException ex) {
String[] logParams = { DNMapper.orgNameToRealmName(realm), name, ex.getMessage() };
OpenSSOLogger.log(OpenSSOLogger.LogLevel.ERROR, Level.INFO, "FAILED_REMOVE_PRIVILEGE", logParams, subject);
Object[] params = { name };
throw new EntitlementException(205, params, ex);
} catch (SMSException ex) {
String[] logParams = { DNMapper.orgNameToRealmName(realm), name, ex.getMessage() };
OpenSSOLogger.log(OpenSSOLogger.LogLevel.ERROR, Level.INFO, "FAILED_REMOVE_PRIVILEGE", logParams, subject);
Object[] params = { name };
throw new EntitlementException(205, params, ex);
}
}
use of com.sun.identity.sm.SMSEntry in project OpenAM by OpenRock.
the class OpenSSOPolicyDataStore method removeReferral.
public void removeReferral(Subject subject, String realm, ReferralPrivilege referral) throws EntitlementException {
SSOToken adminToken = SubjectUtils.getSSOToken(subject);
String name = referral.getName();
if (adminToken == null) {
Object[] params = { name };
throw new EntitlementException(266, params);
}
// Delegation to applications is currently not configurable, passing super admin (see AME-4959)
ApplicationPrivilegeManager applPrivilegeMgr = ApplicationPrivilegeManager.getInstance(realm, PrivilegeManager.superAdminSubject);
if (!applPrivilegeMgr.hasPrivilege(referral, ApplicationPrivilege.Action.MODIFY)) {
throw new EntitlementException(326);
}
String dn = getPolicyDistinguishedName(realm, name);
if (!SMSEntry.checkIfEntryExists(dn, dsameUserToken)) {
Object[] params = { name };
throw new EntitlementException(263, params);
}
try {
String[] logParams = { DNMapper.orgNameToRealmName(realm), name };
OpenSSOLogger.log(OpenSSOLogger.LogLevel.MESSAGE, Level.INFO, "ATTEMPT_REMOVE_REFERRAL", logParams, subject);
SMSEntry s = new SMSEntry(dsameUserToken, dn);
s.delete();
OpenSSOLogger.log(OpenSSOLogger.LogLevel.MESSAGE, Level.INFO, "SUCCEEDED_REMOVE_REFERRAL", logParams, subject);
PrivilegeIndexStore pis = PrivilegeIndexStore.getInstance(dsameUserSubject, realm);
pis.deleteReferral(name);
} catch (SSOException ex) {
String[] logParams = { DNMapper.orgNameToRealmName(realm), name, ex.getMessage() };
OpenSSOLogger.log(OpenSSOLogger.LogLevel.ERROR, Level.INFO, "FAILED_REMOVE_REFERRAL", logParams, subject);
Object[] params = { name };
throw new EntitlementException(205, params, ex);
} catch (SMSException ex) {
String[] logParams = { DNMapper.orgNameToRealmName(realm), name, ex.getMessage() };
OpenSSOLogger.log(OpenSSOLogger.LogLevel.ERROR, Level.INFO, "FAILED_REMOVE_REFERRAL", logParams, subject);
Object[] params = { name };
throw new EntitlementException(205, params, ex);
}
}
Aggregations