Example 1 with ServiceConfig
use of com.sun.identity.sm.ServiceConfig in project OpenAM by OpenRock.
the class OpenSSOPolicyDataStore method getOrgConfig.
private ServiceConfig getOrgConfig(SSOToken adminToken, String realm) throws SMSException, SSOException {
ServiceConfigManager mgr = new ServiceConfigManager(PolicyManager.POLICY_SERVICE_NAME, adminToken);
ServiceConfig orgConf = mgr.getOrganizationConfig(realm, null);
if (orgConf == null) {
mgr.createOrganizationConfig(realm, null);
orgConf = mgr.getOrganizationConfig(realm, null);
}
return orgConf;
}
Also used :
ServiceConfig(com.sun.identity.sm.ServiceConfig)
ServiceConfigManager(com.sun.identity.sm.ServiceConfigManager)
Example 2 with ServiceConfig
use of com.sun.identity.sm.ServiceConfig in project OpenAM by OpenRock.
the class DefaultADFSPartnerAccountMapper method isDynamicalOrIgnoredProfile.
/**
* Checks if dynamical profile creation or ignore profile is enabled.
* @param realm realm to check the dynamical profile creation attributes.
* @return true if dynamical profile creation or ignore profile is enabled,
* false otherwise.
*/
protected boolean isDynamicalOrIgnoredProfile(String realm) {
try {
OrganizationConfigManager orgConfigMgr = AuthD.getAuth().getOrgConfigManager(realm);
ServiceConfig svcConfig = orgConfigMgr.getServiceConfig(ISAuthConstants.AUTH_SERVICE_NAME);
Map attrs = svcConfig.getAttributes();
String tmp = CollectionHelper.getMapAttr(attrs, ISAuthConstants.DYNAMIC_PROFILE);
if (debug.messageEnabled()) {
debug.message("dynamicalCreationEnabled, attr=" + tmp);
}
if (tmp != null && (tmp.equalsIgnoreCase("createAlias") || tmp.equalsIgnoreCase("true") || tmp.equalsIgnoreCase("ignore"))) {
return true;
} else {
return false;
}
} catch (Exception e) {
debug.error("dynamicalCreationEnabled, unable to get attribute", e);
return false;
}
}
Also used :
ServiceConfig(com.sun.identity.sm.ServiceConfig)
OrganizationConfigManager(com.sun.identity.sm.OrganizationConfigManager)
HashMap(java.util.HashMap)
Map(java.util.Map)
WSFederationException(com.sun.identity.wsfederation.common.WSFederationException)
WSFederationMetaException(com.sun.identity.wsfederation.meta.WSFederationMetaException)
Example 3 with ServiceConfig
use of com.sun.identity.sm.ServiceConfig in project OpenAM by OpenRock.
the class DelegationUtils method getPermissionConfig.
/**
* Returns service config information for a delegation permission.
* @param orgName name of the organization whose organization config
* is searched.
* @param name name of the delegation permission whose information is.
sought.
* @param global <code>boolean</code> indicating if global config
* of the delegation service is expected.
* @return <code>ServiceConfig</code> information for a delegation
* permission
*/
static ServiceConfig getPermissionConfig(String orgName, String name, boolean global) throws SSOException, DelegationException {
ServiceConfig orgConfig = null;
ServiceConfig permsConfig = null;
ServiceConfig perm = null;
try {
// get the service configuration manager of the
// delegation service
ServiceConfigManager scm = new ServiceConfigManager(DelegationManager.DELEGATION_SERVICE, DelegationManager.getAdminToken());
// get the organization configuration of this realm
if (global) {
orgConfig = scm.getGlobalConfig(null);
} else {
orgConfig = scm.getOrganizationConfig(orgName, null);
}
} catch (SMSException se) {
throw new DelegationException(ResBundleUtils.rbName, "get_org_config_failed", null, se);
}
if (orgConfig == null) {
throw new DelegationException(ResBundleUtils.rbName, "get_perms_config_failed", null, null);
}
try {
// get the sub configuration "Permissions"
permsConfig = orgConfig.getSubConfig(DelegationManager.PERMISSIONS);
} catch (SMSException se) {
throw new DelegationException(ResBundleUtils.rbName, "get_perms_config_failed", null, se);
}
try {
// get the sub configuration for the defined permission
perm = permsConfig.getSubConfig(name);
} catch (SMSException se) {
throw new DelegationException(ResBundleUtils.rbName, "get_permission_config_failed", null, se);
}
return (perm);
}
Also used :
ServiceConfig(com.sun.identity.sm.ServiceConfig)
SMSException(com.sun.identity.sm.SMSException)
ServiceConfigManager(com.sun.identity.sm.ServiceConfigManager)
Example 4 with ServiceConfig
use of com.sun.identity.sm.ServiceConfig in project OpenAM by OpenRock.
the class IdUtils method initialize.
protected static void initialize() {
if (ServiceManager.isConfigMigratedTo70()) {
// entities from there
try {
SSOToken adminToken = (SSOToken) AccessController.doPrivileged(AdminTokenAction.getInstance());
serviceConfigManager = new ServiceConfigManager(adminToken, IdConstants.REPO_SERVICE, "1.0");
ServiceConfig ss = serviceConfigManager.getGlobalConfig(null);
Set typeSchemaNames = ss.getSubConfigNames("*", IdConstants.SUPPORTED_TYPES);
if (typeSchemaNames == null || typeSchemaNames.isEmpty()) {
loadDefaultTypes();
} else {
Iterator it = typeSchemaNames.iterator();
while (it.hasNext()) {
String typeSchema = (String) it.next();
IdType idType = new IdType(typeSchema);
supportedTypes.add(idType);
mapSupportedTypes.put(idType.getName(), idType);
ServiceConfig tsc = ss.getSubConfig(typeSchema);
Map attributes = tsc.getAttributes();
Set serviceNameSet = (Set) attributes.get(IdConstants.SERVICE_NAME);
Set canBeMembersOf = (Set) attributes.get(IdConstants.ATTR_MEMBER_OF);
Set canHaveMembers = (Set) attributes.get(IdConstants.ATTR_HAVE_MEMBERS);
Set canAddMembers = (Set) attributes.get(IdConstants.ATTR_ADD_MEMBERS);
if (serviceNameSet != null && !serviceNameSet.isEmpty()) {
mapTypesToServiceNames.put(typeSchema, (String) serviceNameSet.iterator().next());
}
if (canBeMembersOf != null && !canBeMembersOf.isEmpty()) {
Set memberOfSet = getMemberSet(canBeMembersOf);
typesCanBeMemberOf.put(typeSchema, memberOfSet);
}
if (canHaveMembers != null && !canHaveMembers.isEmpty()) {
Set memberSet = getMemberSet(canHaveMembers);
typesCanHaveMembers.put(typeSchema, memberSet);
}
if (canAddMembers != null && !canAddMembers.isEmpty()) {
Set memberSet = getMemberSet(canAddMembers);
typesCanAddMembers.put(typeSchema, memberSet);
}
}
}
} catch (SMSException e) {
String installTime = SystemProperties.get(Constants.SYS_PROPERTY_INSTALL_TIME, "false");
if (!installTime.equals("true")) {
debug.error("IdUtils.initialize: Loading default types.", e);
}
loadDefaultTypes();
} catch (SSOException ssoe) {
debug.error("dUtils.initialize: Loading default types", ssoe);
loadDefaultTypes();
}
} else {
loadDefaultTypes();
}
// Register for SMS notifications to root realm
if (notificationId == null) {
try {
SSOToken adminToken = (SSOToken) AccessController.doPrivileged(AdminTokenAction.getInstance());
if (serviceConfigManager == null) {
serviceConfigManager = new ServiceConfigManager(adminToken, IdConstants.REPO_SERVICE, "1.0");
}
notificationId = serviceConfigManager.addListener(new IdUtilsListener());
} catch (SMSException e) {
String installTime = SystemProperties.get(Constants.SYS_PROPERTY_INSTALL_TIME, "false");
if (!installTime.equals("true")) {
debug.error("IdUtils.initialize: Register notification", e);
}
} catch (SSOException ssoe) {
String installTime = SystemProperties.get(Constants.SYS_PROPERTY_INSTALL_TIME, "false");
if (!installTime.equals("true")) {
debug.error("IdUtils.initialize: Register notification", ssoe);
}
}
}
}
Also used :
SSOToken(com.iplanet.sso.SSOToken)
HashSet(java.util.HashSet)
Set(java.util.Set)
ServiceConfig(com.sun.identity.sm.ServiceConfig)
SMSException(com.sun.identity.sm.SMSException)
Iterator(java.util.Iterator)
SSOException(com.iplanet.sso.SSOException)
CaseInsensitiveHashMap(com.sun.identity.common.CaseInsensitiveHashMap)
Map(java.util.Map)
ServiceConfigManager(com.sun.identity.sm.ServiceConfigManager)
Example 5 with ServiceConfig
use of com.sun.identity.sm.ServiceConfig in project OpenAM by OpenRock.
the class AuthenticatedSharedAgentsCondition method getConditionDecision.
/**
* Gets the decision computed by this condition object.
*
* @param token single sign on token of the user
*
* @param env request specific environment map of key/value pairs.
*
* @return the condition decision. The condition decision
* encapsulates whether a policy applies for the request.
*
* Policy framework continues evaluating a policy only if it
* applies to the request as indicated by the CondtionDecision.
* Otherwise, further evaluation of the policy is skipped.
*
* @throws SSOException if the token is invalid
*/
public ConditionDecision getConditionDecision(SSOToken token, Map env) throws PolicyException, SSOException {
boolean allowed = false;
if (debug.messageEnabled()) {
debug.message("AuthenticatedSharedAgentsCondition." + "getConditionDecision: " + "called with Token: " + token.getPrincipal().getName() + ", requestedResourcename: " + env.get(PolicyEvaluator.SUN_AM_ORIGINAL_REQUESTED_RESOURCE));
}
String realmName = null;
String sharedAgentName = null;
String sharedAgentUnivId = null;
try {
AMIdentity id = IdUtils.getIdentity(token);
realmName = id.getRealm();
sharedAgentName = id.getName();
sharedAgentUnivId = id.getUniversalId();
} catch (SSOException ssoe) {
// Debug it and throe error message.
if (debug.messageEnabled()) {
debug.message("AuthenticatedSharedAgentsCondition." + "getConditionDecision: invalid sso token: " + ssoe.getMessage());
}
throw ssoe;
} catch (IdRepoException ide) {
// Debug it and throw converted policy exception.
if (debug.messageEnabled()) {
debug.message("AuthenticatedSharedAgentsCondition." + "getConditionDecision IdRepo exception: ", ide);
}
throw new PolicyException(ide);
}
// Get the resource name from the env
Object o = env.get(PolicyEvaluator.SUN_AM_ORIGINAL_REQUESTED_RESOURCE);
if (debug.messageEnabled()) {
debug.message("AuthenticatedSharedAgentsCondition." + "getConditionDecision:" + " name: " + sharedAgentName + " resource: " + o);
}
if (o != null) {
String resourceName = null;
if (o instanceof String) {
resourceName = (String) o;
} else if (o instanceof Set) {
if (!((Set) o).isEmpty()) {
resourceName = (String) ((Set) o).iterator().next();
}
} else if (debug.warningEnabled()) {
resourceName = "";
debug.warning("AuthenticatedSharedAgentsCondition." + "getConditionDecision: Unable to get resource name");
}
try {
Set agentsFromEnv = new HashSet();
String agentTypeName = IdType.AGENT.getName();
String agentOnlyTypeName = IdType.AGENTONLY.getName();
SSOToken adminToken = (SSOToken) AccessController.doPrivileged(AdminTokenAction.getInstance());
ServiceConfig orgConfig = getOrgConfig(adminToken, realmName);
String[] retVal = split(resourceName);
if ((retVal[0].equalsIgnoreCase(agentTypeName) && retVal[1].equalsIgnoreCase(agentTypeName)) || (retVal[0].equalsIgnoreCase(agentOnlyTypeName) && retVal[1].equalsIgnoreCase(agentOnlyTypeName))) {
agentsFromEnv.add(retVal[0]);
}
if ((!retVal[0].equalsIgnoreCase(agentTypeName)) && (!retVal[0].equalsIgnoreCase(agentOnlyTypeName))) {
retVal[0] = getAgentNameFromEnv(resourceName);
if (retVal[0] == null) {
return new ConditionDecision(false);
}
if (retVal[0].equalsIgnoreCase(sharedAgentName)) {
Map envMap = getAttributes(orgConfig, retVal[0]);
agentsFromEnv = (Set) envMap.get(attributeToRead);
} else {
agentsFromEnv.add(retVal[0]);
}
if (debug.messageEnabled()) {
debug.message("AuthenticatedSharedAgentsCondition." + "getConditionDecision: agentsFromEnv: " + agentsFromEnv + "retVal[0] " + retVal[0]);
}
}
// Check in cache
if ((sharedAgentsCache != null) && (sharedAgentsCache.containsKey(sharedAgentUnivId))) {
Set agentsfromCache = (Set) sharedAgentsCache.get(sharedAgentUnivId);
if (agentsfromCache != null && !agentsfromCache.isEmpty()) {
allowed = getPermission(agentsFromEnv, agentsfromCache);
}
return new ConditionDecision(allowed);
}
// If not in cache.
// Return the attributes for the given agent under
// default group.
Map agentsAttrMap = getAttributes(orgConfig, sharedAgentName);
Set agentsToRead = (Set) agentsAttrMap.get(attributeToRead);
if (debug.messageEnabled()) {
debug.message("AuthenticatedSharedAgentsCondition." + "getConditionDecision: agentsToRead: " + agentsToRead);
}
if (agentsToRead != null && !agentsToRead.isEmpty()) {
allowed = getPermission(agentsFromEnv, agentsToRead);
}
// Update the cache.
updateCache(sharedAgentUnivId, agentsToRead);
} catch (IdRepoException idpe) {
debug.error("AuthenticatedSharedAgentsCondition." + "getConditionDecision(): Unable to read agent" + " attributes for " + sharedAgentName, idpe);
throw new PolicyException(idpe);
}
}
return new ConditionDecision(allowed);
}
Also used :
CaseInsensitiveHashSet(com.sun.identity.common.CaseInsensitiveHashSet)
HashSet(java.util.HashSet)
Set(java.util.Set)
SSOToken(com.iplanet.sso.SSOToken)
IdRepoException(com.sun.identity.idm.IdRepoException)
SSOException(com.iplanet.sso.SSOException)
ConditionDecision(com.sun.identity.policy.ConditionDecision)
PolicyException(com.sun.identity.policy.PolicyException)
ServiceConfig(com.sun.identity.sm.ServiceConfig)
AMIdentity(com.sun.identity.idm.AMIdentity)
HashMap(java.util.HashMap)
Map(java.util.Map)
CaseInsensitiveHashSet(com.sun.identity.common.CaseInsensitiveHashSet)
HashSet(java.util.HashSet)
Aggregations
ServiceConfig (com.sun.identity.sm.ServiceConfig)285
SMSException (com.sun.identity.sm.SMSException)180
Set (java.util.Set)144
SSOException (com.iplanet.sso.SSOException)143
ServiceConfigManager (com.sun.identity.sm.ServiceConfigManager)124
HashSet (java.util.HashSet)119
Map (java.util.Map)101
HashMap (java.util.HashMap)96
SSOToken (com.iplanet.sso.SSOToken)52
Iterator (java.util.Iterator)41
IdRepoException (com.sun.identity.idm.IdRepoException)27
UpgradeException (org.forgerock.openam.upgrade.UpgradeException)22
EntitlementException (com.sun.identity.entitlement.EntitlementException)19
LinkedHashSet (java.util.LinkedHashSet)18
OrganizationConfigManager (com.sun.identity.sm.OrganizationConfigManager)17
CLIException (com.sun.identity.cli.CLIException)16
CaseInsensitiveHashSet (com.sun.identity.common.CaseInsensitiveHashSet)16
AMConsoleException (com.sun.identity.console.base.model.AMConsoleException)13
ServiceNotFoundException (com.sun.identity.sm.ServiceNotFoundException)13
ServiceSchema (com.sun.identity.sm.ServiceSchema)12
