Search in sources :

Example 16 with SMSEntry

use of com.sun.identity.sm.SMSEntry in project OpenAM by OpenRock.

the class DataStore method addReferral.

/**
     * Adds a referral.
     *
     * @param adminSubject Admin Subject who has the rights to write to
     *        datastore.
     * @param realm Realm name.
     * @param referral Referral Privilege object.
     * @return the DN of added privilege.
     * @throws EntitlementException if privilege cannot be added.
     */
public String addReferral(Subject adminSubject, String realm, ReferralPrivilege referral) throws EntitlementException {
    ResourceSaveIndexes indexes = referral.getResourceSaveIndexes(adminSubject, realm);
    SSOToken token = getSSOToken(adminSubject);
    String dn = null;
    try {
        createDefaultSubConfig(token, realm, REFERRAL_STORE);
        dn = getPrivilegeDistinguishedName(referral.getName(), realm, REFERRAL_STORE);
        SMSEntry s = new SMSEntry(token, dn);
        Map<String, Set<String>> map = new HashMap<String, Set<String>>();
        Set<String> searchable = new HashSet<String>();
        map.put(SMSEntry.ATTR_XML_KEYVAL, searchable);
        if (indexes != null) {
            for (String i : indexes.getHostIndexes()) {
                searchable.add(HOST_INDEX_KEY + "=" + i);
            }
            for (String i : indexes.getPathIndexes()) {
                searchable.add(PATH_INDEX_KEY + "=" + i);
            }
            for (String i : indexes.getParentPathIndexes()) {
                searchable.add(PATH_PARENT_INDEX_KEY + "=" + i);
            }
        }
        Set<String> setServiceID = new HashSet<String>(2);
        map.put(SMSEntry.ATTR_SERVICE_ID, setServiceID);
        setServiceID.add("indexes");
        Set<String> set = new HashSet<String>(2);
        map.put(SMSEntry.ATTR_KEYVAL, set);
        set.add(SERIALIZABLE_INDEX_KEY + "=" + referral.toJSON());
        Set<String> setObjectClass = new HashSet<String>(4);
        map.put(SMSEntry.ATTR_OBJECTCLASS, setObjectClass);
        setObjectClass.add(SMSEntry.OC_TOP);
        setObjectClass.add(SMSEntry.OC_SERVICE_COMP);
        Set<String> info = new HashSet<String>(8);
        String privilegeName = referral.getName();
        if (privilegeName != null) {
            info.add(Privilege.NAME_ATTRIBUTE + "=" + privilegeName);
        }
        String privilegeDesc = referral.getDescription();
        if (privilegeDesc != null) {
            info.add(Privilege.DESCRIPTION_ATTRIBUTE + "=" + privilegeDesc);
        }
        String createdBy = referral.getCreatedBy();
        if (createdBy != null) {
            info.add(Privilege.CREATED_BY_ATTRIBUTE + "=" + createdBy);
        }
        String lastModifiedBy = referral.getLastModifiedBy();
        if (lastModifiedBy != null) {
            info.add(Privilege.LAST_MODIFIED_BY_ATTRIBUTE + "=" + lastModifiedBy);
        }
        long creationDate = referral.getCreationDate();
        if (creationDate > 0) {
            String data = Long.toString(creationDate) + "=" + Privilege.CREATION_DATE_ATTRIBUTE;
            info.add(data);
            info.add("|" + data);
        }
        long lastModifiedDate = referral.getLastModifiedDate();
        if (lastModifiedDate > 0) {
            String data = Long.toString(lastModifiedDate) + "=" + Privilege.LAST_MODIFIED_DATE_ATTRIBUTE;
            info.add(data);
            info.add("|" + data);
        }
        for (String rlm : referral.getRealms()) {
            info.add(REFERRAL_REALMS + "=" + rlm);
        }
        for (String n : referral.getApplicationTypeNames(adminSubject, realm)) {
            info.add(REFERRAL_APPLS + "=" + n);
        }
        for (String n : referral.getMapApplNameToResources().keySet()) {
            info.add(Privilege.APPLICATION_ATTRIBUTE + "=" + n);
        }
        map.put("ou", info);
        s.setAttributes(map);
        s.save();
        Map<String, String> params = new HashMap<String, String>();
        params.put(NotificationServlet.ATTR_NAME, privilegeName);
        params.put(NotificationServlet.ATTR_REALM_NAME, realm);
        Notifier.submit(NotificationServlet.REFERRAL_ADDED, params);
        updateIndexCount(realm, 1, true);
    } catch (SSOException e) {
        throw new EntitlementException(270, e);
    } catch (SMSException e) {
        throw new EntitlementException(270, e);
    }
    return dn;
}
Also used : SSOToken(com.iplanet.sso.SSOToken) HashSet(java.util.HashSet) Collections.emptySet(java.util.Collections.emptySet) Set(java.util.Set) HashMap(java.util.HashMap) SMSException(com.sun.identity.sm.SMSException) SSOException(com.iplanet.sso.SSOException) ResourceSaveIndexes(com.sun.identity.entitlement.ResourceSaveIndexes) EntitlementException(com.sun.identity.entitlement.EntitlementException) SMSEntry(com.sun.identity.sm.SMSEntry) HashSet(java.util.HashSet)

Example 17 with SMSEntry

use of com.sun.identity.sm.SMSEntry in project OpenAM by OpenRock.

the class EntitlementService method storeApplication.

/**
     * Stores the application to data store.
     *
     * @param appl Application object.
     * @throws EntitlementException if application cannot be stored.
     */
public void storeApplication(Application appl) throws EntitlementException {
    SSOToken token = SubjectUtils.getSSOToken(getAdminSubject());
    try {
        createApplicationCollectionConfig(realm);
        String dn = getApplicationDN(appl.getName(), realm);
        SMSEntry s = new SMSEntry(token, dn);
        s.setAttributes(getApplicationData(appl));
        String[] logParams = { realm, appl.getName() };
        OpenSSOLogger.log(OpenSSOLogger.LogLevel.MESSAGE, Level.INFO, "ATTEMPT_SAVE_APPLICATION", logParams, getAdminSubject());
        s.save();
        OpenSSOLogger.log(OpenSSOLogger.LogLevel.MESSAGE, Level.INFO, "SUCCEEDED_SAVE_APPLICATION", logParams, getAdminSubject());
        Map<String, String> params = new HashMap<String, String>();
        params.put(NotificationServlet.ATTR_REALM_NAME, realm);
        Notifier.submit(NotificationServlet.APPLICATIONS_CHANGED, params);
    } catch (SMSException ex) {
        String[] logParams = { realm, appl.getName(), ex.getMessage() };
        OpenSSOLogger.log(OpenSSOLogger.LogLevel.ERROR, Level.INFO, "FAILED_SAVE_APPLICATION", logParams, getAdminSubject());
        Object[] arg = { appl.getName() };
        throw new EntitlementException(EntitlementException.MODIFY_APPLICATION_FAIL, arg, ex);
    } catch (SSOException ex) {
        String[] logParams = { realm, appl.getName(), ex.getMessage() };
        OpenSSOLogger.log(OpenSSOLogger.LogLevel.ERROR, Level.INFO, "FAILED_SAVE_APPLICATION", logParams, getAdminSubject());
        Object[] arg = { appl.getName() };
        throw new EntitlementException(EntitlementException.MODIFY_APPLICATION_FAIL, arg, ex);
    }
}
Also used : EntitlementException(com.sun.identity.entitlement.EntitlementException) SSOToken(com.iplanet.sso.SSOToken) HashMap(java.util.HashMap) SMSException(com.sun.identity.sm.SMSException) SMSEntry(com.sun.identity.sm.SMSEntry) SSOException(com.iplanet.sso.SSOException)

Example 18 with SMSEntry

use of com.sun.identity.sm.SMSEntry in project OpenAM by OpenRock.

the class ImportServiceConfiguration method deleteOuServicesDescendents.

private void deleteOuServicesDescendents(SSOToken ssoToken, String ouServices) throws SSOException, SMSException {
    CachedSubEntries smsEntry = CachedSubEntries.getInstance(ssoToken, ouServices);
    Set children = smsEntry.searchSubOrgNames(ssoToken, "*", false);
    for (Iterator i = children.iterator(); i.hasNext(); ) {
        String child = (String) i.next();
        child = "o=" + child + "," + ouServices;
        SMSEntry s = new SMSEntry(ssoToken, child);
        s.delete();
    }
    {
        // hardcoding hidden realm, cannot find a better option.
        SMSEntry s = new SMSEntry(ssoToken, "o=sunamhiddenrealmdelegationservicepermissions," + ouServices);
        s.delete();
    }
    children = smsEntry.getSubEntries(ssoToken, "*");
    for (Iterator i = children.iterator(); i.hasNext(); ) {
        String child = (String) i.next();
        child = "ou=" + child + "," + ouServices;
        SMSEntry s = new SMSEntry(ssoToken, child);
        s.delete();
    }
    ServiceManager mgr = new ServiceManager(ssoToken);
    mgr.clearCache();
    AMIdentityRepository.clearCache();
}
Also used : CachedSubEntries(com.sun.identity.sm.CachedSubEntries) Set(java.util.Set) ServiceManager(com.sun.identity.sm.ServiceManager) Iterator(java.util.Iterator) SMSEntry(com.sun.identity.sm.SMSEntry)

Example 19 with SMSEntry

use of com.sun.identity.sm.SMSEntry in project OpenAM by OpenRock.

the class OpenSSOPolicyDataStore method removePrivilege.

public void removePrivilege(Subject subject, String realm, Privilege privilege) throws EntitlementException {
    SSOToken adminToken = SubjectUtils.getSSOToken(subject);
    String name = privilege.getName();
    if (adminToken == null) {
        Object[] params = { name };
        throw new EntitlementException(211, params);
    }
    // Delegation to applications is currently not configurable, passing super admin (see AME-4959)
    ApplicationPrivilegeManager applPrivilegeMgr = ApplicationPrivilegeManager.getInstance(realm, PrivilegeManager.superAdminSubject);
    if (!applPrivilegeMgr.hasPrivilege(privilege, ApplicationPrivilege.Action.MODIFY)) {
        throw new EntitlementException(326);
    }
    try {
        String[] logParams = { DNMapper.orgNameToRealmName(realm), name };
        OpenSSOLogger.log(OpenSSOLogger.LogLevel.MESSAGE, Level.INFO, "ATTEMPT_REMOVE_PRIVILEGE", logParams, subject);
        // Remove from privilege index store first
        PrivilegeIndexStore pis = PrivilegeIndexStore.getInstance(dsameUserSubject, realm);
        pis.delete(name);
        // Only remove from legacy policy store if the policy still exists. This can happen if an old policy
        // had multiple rules (= multiple privileges in new store) and one of the new privileges for that policy
        // has been deleted, which deletes the entire legacy policy.
        String dn = findLegacyPolicyDn(dsameUserToken, realm, name);
        if (dn != null) {
            SMSEntry s = new SMSEntry(dsameUserToken, dn);
            s.delete();
        } else {
            debug("Unable to find legacy policy for privilege %s in realm %s", name, realm);
        }
        OpenSSOLogger.log(OpenSSOLogger.LogLevel.MESSAGE, Level.INFO, "SUCCEEDED_REMOVE_PRIVILEGE", logParams, subject);
    } catch (SSOException ex) {
        String[] logParams = { DNMapper.orgNameToRealmName(realm), name, ex.getMessage() };
        OpenSSOLogger.log(OpenSSOLogger.LogLevel.ERROR, Level.INFO, "FAILED_REMOVE_PRIVILEGE", logParams, subject);
        Object[] params = { name };
        throw new EntitlementException(205, params, ex);
    } catch (SMSException ex) {
        String[] logParams = { DNMapper.orgNameToRealmName(realm), name, ex.getMessage() };
        OpenSSOLogger.log(OpenSSOLogger.LogLevel.ERROR, Level.INFO, "FAILED_REMOVE_PRIVILEGE", logParams, subject);
        Object[] params = { name };
        throw new EntitlementException(205, params, ex);
    }
}
Also used : EntitlementException(com.sun.identity.entitlement.EntitlementException) SSOToken(com.iplanet.sso.SSOToken) PrivilegeIndexStore(com.sun.identity.entitlement.PrivilegeIndexStore) SMSException(com.sun.identity.sm.SMSException) SMSEntry(com.sun.identity.sm.SMSEntry) SSOException(com.iplanet.sso.SSOException) ApplicationPrivilegeManager(com.sun.identity.entitlement.ApplicationPrivilegeManager)

Example 20 with SMSEntry

use of com.sun.identity.sm.SMSEntry in project OpenAM by OpenRock.

the class OpenSSOPolicyDataStore method removeReferral.

public void removeReferral(Subject subject, String realm, ReferralPrivilege referral) throws EntitlementException {
    SSOToken adminToken = SubjectUtils.getSSOToken(subject);
    String name = referral.getName();
    if (adminToken == null) {
        Object[] params = { name };
        throw new EntitlementException(266, params);
    }
    // Delegation to applications is currently not configurable, passing super admin (see AME-4959)
    ApplicationPrivilegeManager applPrivilegeMgr = ApplicationPrivilegeManager.getInstance(realm, PrivilegeManager.superAdminSubject);
    if (!applPrivilegeMgr.hasPrivilege(referral, ApplicationPrivilege.Action.MODIFY)) {
        throw new EntitlementException(326);
    }
    String dn = getPolicyDistinguishedName(realm, name);
    if (!SMSEntry.checkIfEntryExists(dn, dsameUserToken)) {
        Object[] params = { name };
        throw new EntitlementException(263, params);
    }
    try {
        String[] logParams = { DNMapper.orgNameToRealmName(realm), name };
        OpenSSOLogger.log(OpenSSOLogger.LogLevel.MESSAGE, Level.INFO, "ATTEMPT_REMOVE_REFERRAL", logParams, subject);
        SMSEntry s = new SMSEntry(dsameUserToken, dn);
        s.delete();
        OpenSSOLogger.log(OpenSSOLogger.LogLevel.MESSAGE, Level.INFO, "SUCCEEDED_REMOVE_REFERRAL", logParams, subject);
        PrivilegeIndexStore pis = PrivilegeIndexStore.getInstance(dsameUserSubject, realm);
        pis.deleteReferral(name);
    } catch (SSOException ex) {
        String[] logParams = { DNMapper.orgNameToRealmName(realm), name, ex.getMessage() };
        OpenSSOLogger.log(OpenSSOLogger.LogLevel.ERROR, Level.INFO, "FAILED_REMOVE_REFERRAL", logParams, subject);
        Object[] params = { name };
        throw new EntitlementException(205, params, ex);
    } catch (SMSException ex) {
        String[] logParams = { DNMapper.orgNameToRealmName(realm), name, ex.getMessage() };
        OpenSSOLogger.log(OpenSSOLogger.LogLevel.ERROR, Level.INFO, "FAILED_REMOVE_REFERRAL", logParams, subject);
        Object[] params = { name };
        throw new EntitlementException(205, params, ex);
    }
}
Also used : EntitlementException(com.sun.identity.entitlement.EntitlementException) SSOToken(com.iplanet.sso.SSOToken) PrivilegeIndexStore(com.sun.identity.entitlement.PrivilegeIndexStore) SMSException(com.sun.identity.sm.SMSException) SMSEntry(com.sun.identity.sm.SMSEntry) SSOException(com.iplanet.sso.SSOException) ApplicationPrivilegeManager(com.sun.identity.entitlement.ApplicationPrivilegeManager)

Aggregations

SMSEntry (com.sun.identity.sm.SMSEntry)23 SSOException (com.iplanet.sso.SSOException)18 SMSException (com.sun.identity.sm.SMSException)18 SSOToken (com.iplanet.sso.SSOToken)16 EntitlementException (com.sun.identity.entitlement.EntitlementException)11 Set (java.util.Set)10 HashMap (java.util.HashMap)8 HashSet (java.util.HashSet)8 CoreTokenException (com.sun.identity.coretoken.CoreTokenException)5 PolicyException (com.sun.identity.policy.PolicyException)5 ApplicationPrivilegeManager (com.sun.identity.entitlement.ApplicationPrivilegeManager)4 PrivilegeIndexStore (com.sun.identity.entitlement.PrivilegeIndexStore)4 CachedSMSEntry (com.sun.identity.sm.CachedSMSEntry)4 JSONObject (org.json.JSONObject)4 IPrivilege (com.sun.identity.entitlement.IPrivilege)3 ResourceSaveIndexes (com.sun.identity.entitlement.ResourceSaveIndexes)2 Policy (com.sun.identity.policy.Policy)2 Collections.emptySet (java.util.Collections.emptySet)2 SystemProperties (com.iplanet.am.util.SystemProperties)1 LDAPServiceException (com.iplanet.services.ldap.LDAPServiceException)1