use of com.sun.identity.sm.ServiceSchema in project OpenAM by OpenRock.
the class AMObjectImpl method assignServices.
/**
* Assigns a set of services and the attributes for a service to the user.
*
* @param serviceNamesAndAttr
* Set of service names and the attributes for a service.
* @param store
* A boolean value. If the boolean value is 'true', 1) Checks if
* there is already an assigned service. 2) Checks if any of the
* assigned services are registered with the parent organization.
* 3) Combines the old Object Classes and the new Object classes
* and assigns them for a service. If the boolean value is
* 'false', 1) Assigns services without any check for existence
* of already assigned service. 2) Assigns only the new object
* classes.
*
* @throws AMException
* if there is an internal error in the AM Store
* @throws SSOException
* if the sign on is no longer valid
* @see com.iplanet.am.sdk.AMUserImpl#assignServices( java.util.Set
* serviceNames)
*/
public void assignServices(Map serviceNamesAndAttr, boolean store) throws AMException, SSOException {
if (!((profileType == AMObject.ORGANIZATION) || (profileType == AMObject.USER) || (profileType == AMObject.STATIC_GROUP) || (profileType == AMObject.DYNAMIC_GROUP) || (profileType == AMObject.ORGANIZATIONAL_UNIT) || (profileType == AMObject.ASSIGNABLE_DYNAMIC_GROUP) || (profileType == AMObject.GROUP))) {
throw new UnsupportedOperationException();
}
if ((serviceNamesAndAttr == null) || serviceNamesAndAttr.isEmpty()) {
return;
}
Set newOCs = new HashSet();
Set canAssign = new HashSet();
if (store) {
Set assignedServices = getAssignedServices();
Set toAssign = serviceNamesAndAttr.keySet();
Iterator it = toAssign.iterator();
while (it.hasNext()) {
// If already assigned service, then do nothing,
// else add the servicename to services to be
// assigned.
String thisService = (String) it.next();
if (!assignedServices.contains(thisService)) {
canAssign.add(thisService);
} else {
if (debug.warningEnabled()) {
debug.warning("AMObjectImpl.assignService()-> " + thisService + " is already assigned to " + entryDN);
}
}
}
/*
* Check if any of the assigned services are registered with the
* parent organization. If not then throw an exception. We cannot
* assign a service which is not registered with the parent
* organization.
*/
Set registered = null;
if (profileType == ORGANIZATION) {
registered = dsServices.getRegisteredServiceNames(null, entryDN);
} else {
registered = dsServices.getRegisteredServiceNames(null, getOrganizationDN());
}
it = canAssign.iterator();
while (it.hasNext()) {
if (!registered.contains((String) it.next())) {
throw new AMException(AMSDKBundle.getString("126", locale), "126");
}
}
} else {
canAssign = serviceNamesAndAttr.keySet();
}
newOCs = AMServiceUtils.getServiceObjectClasses(token, canAssign);
if (store) {
Set oldOCs = getAttribute("objectclass");
newOCs = AMCommonUtils.combineOCs(newOCs, oldOCs);
}
setAttribute("objectclass", newOCs);
Iterator it = canAssign.iterator();
while (it.hasNext()) {
String thisService = (String) it.next();
Map attrMap = (Map) serviceNamesAndAttr.get(thisService);
if ((attrMap == null) || attrMap.isEmpty()) {
attrMap = new HashMap();
}
try {
ServiceSchemaManager ssm = new ServiceSchemaManager(thisService, token);
ServiceSchema ss = null;
Object[] args = { thisService };
if (profileType == AMObject.USER) {
ss = ssm.getSchema(SchemaType.USER);
if (ss == null) {
ss = ssm.getSchema(SchemaType.DYNAMIC);
}
} else if ((profileType == AMObject.ORGANIZATION) || (profileType == AMObject.ORGANIZATIONAL_UNIT)) {
ss = ssm.getSchema(SchemaType.DOMAIN);
} else if ((profileType == AMObject.STATIC_GROUP) || (profileType == AMObject.DYNAMIC_GROUP) || (profileType == AMObject.ASSIGNABLE_DYNAMIC_GROUP) || (profileType == AMObject.GROUP)) {
ss = ssm.getSchema(SchemaType.GROUP);
}
if (ss == null) {
debug.warning(AMSDKBundle.getString("1001"));
throw new AMException(AMSDKBundle.getString("1001", args, locale), "1001", args);
}
if (ss.getServiceType() != SchemaType.DYNAMIC) {
attrMap = ss.validateAndInheritDefaults(attrMap, true);
}
/*
* Below we iterate through the attribute map to remove any
* attribute that do not have values (empty set) This is because
* the default behaviour when doing "setAttributes" with
* attributes containing no values is to "delete" that attribute
* from the entry. this is not the behaviour we want so the
* below check is a precaution to avoid that behaviour.
*/
attrMap = AMCommonUtils.removeEmptyValues(attrMap);
} catch (SMSException smse) {
debug.error("AMObjectImpl:assignService-> " + "unable to validate attributes for " + thisService, smse);
throw new AMException(AMSDKBundle.getString("908", locale), "908");
}
// TODO validate the attributes here...
setAttributes(attrMap);
}
if (store) {
store();
}
}
use of com.sun.identity.sm.ServiceSchema in project OpenAM by OpenRock.
the class AMAuthLevelManager method updateGlobalAuthLevelMap.
/**
* Retreives and updates the service organization schema's global
* authentication level map with the changed authentication level.
*/
private void updateGlobalAuthLevelMap(String serviceName) {
if (debug.messageEnabled()) {
debug.message("updateGlobalAuthLevelMap for " + serviceName);
}
try {
ServiceSchemaManager ssm = new ServiceSchemaManager(serviceName, AuthD.getAuth().getSSOAuthSession());
ServiceSchema schema = ssm.getOrganizationSchema();
Map attrs = null;
if (schema != null) {
attrs = schema.getAttributeDefaults();
}
String module = moduleServiceMap.get(serviceName);
if ((module != null) && module.length() > 0) {
String attrName = AMAuthConfigUtils.getAuthLevelAttribute(attrs, module);
String authLevel = CollectionHelper.getMapAttr(attrs, attrName);
if ((authLevel != null) && (authLevel.length() > 0)) {
Integer level = Integer.valueOf(authLevel);
globalAuthLevelMap.put(module, level);
debug.message("authLevel is : {}", authLevel);
debug.message("globalAuthLevelMap is : {}", globalAuthLevelMap);
} else {
debug.warning("No auth level for module {}", module);
}
}
} catch (Exception e) {
if (debug.messageEnabled()) {
debug.message("Error retrieving service schema ", e);
}
}
}
use of com.sun.identity.sm.ServiceSchema in project OpenAM by OpenRock.
the class AMAuthenticationManager method initAuthenticationService.
/**
* This code makes the authentication type list static. In case the list
* is expanded or shrinked, the server needs to be restarted.
*/
private static void initAuthenticationService() {
SSOToken token = getAdminToken();
try {
ServiceSchemaManager scm = new ServiceSchemaManager(ISAuthConstants.AUTH_SERVICE_NAME, token);
ServiceSchema schema = scm.getGlobalSchema();
Set<String> authenticators = (Set<String>) schema.getAttributeDefaults().get(ISAuthConstants.AUTHENTICATORS);
for (String module : authenticators) {
int index = module.lastIndexOf(".");
if (index != -1) {
module = module.substring(index + 1);
}
// Application is not one of the selectable instance type.
if (!module.equals(ISAuthConstants.APPLICATION_MODULE)) {
AUTH_TYPES.add(module);
}
String serviceName = MODULE_SERVICE_NAMES.get(module);
if (serviceName == null) {
serviceName = AuthUtils.getModuleServiceName(module);
try {
new ServiceSchemaManager(serviceName, token);
MODULE_SERVICE_NAMES.put(module, serviceName);
} catch (Exception e) {
GLOBAL_MODULE_NAMES.add(module);
AUTH_TYPES.remove(module);
}
}
}
if (DEBUG.messageEnabled()) {
DEBUG.message("Global module names: " + GLOBAL_MODULE_NAMES);
DEBUG.message("moduleServiceNames: " + MODULE_SERVICE_NAMES);
}
} catch (Exception smse) {
String installTime = SystemProperties.get(AdminTokenAction.AMADMIN_MODE);
if ((installTime != null) && installTime.equalsIgnoreCase("false")) {
DEBUG.error("Failed to get module types", smse);
}
}
}
use of com.sun.identity.sm.ServiceSchema in project OpenAM by OpenRock.
the class AMAuthConfigUtils method getAllAuthModules.
/**
* Returns all supported authentication modules
*
* @param token Single Sign On token to be using for accessing configuration
* information.
* @return Map contains all modules, key is the module name (e.g. LDAP),
* value is the complete class name (example
* <code>com.sun.identity.authentication.modules.ldap.LDAP</code>)
*/
public static Map getAllAuthModules(SSOToken token) {
Map modules = new HashMap();
// if this is too slow, might need to consider listener option
try {
ServiceSchemaManager scm = new ServiceSchemaManager("iPlanetAMAuthService", token);
ServiceSchema global = scm.getGlobalSchema();
Map attrs = global.getAttributeDefaults();
Set classes = (Set) attrs.get("iplanet-am-auth-authenticators");
if (classes == null) {
return modules;
}
Iterator iter = classes.iterator();
while (iter.hasNext()) {
String name = (String) iter.next();
// skip Application module here since it is internal
if (name.equals("com.sun.identity.authentication.modules.application.Application")) {
continue;
}
if (debug.messageEnabled()) {
debug.message("getAllAuthModules. process " + name);
}
int dot = name.lastIndexOf('.');
if (dot > -1) {
String tmp = name.substring(dot + 1, name.length());
modules.put(tmp, name);
} else {
modules.put(name, name);
}
}
} catch (Exception e) {
// ignore exception
debug.error("getAllAuthModules", e);
}
return modules;
}
use of com.sun.identity.sm.ServiceSchema in project OpenAM by OpenRock.
the class AuthClientUtils method getCookieDomains.
/**
* Return the set of cookie domains configured in Platform settings. Whenever possible, use
* {@link #getCookieDomainsForRequest(HttpServletRequest)} instead.
*
* @return The set of configured cookie domains. May contain null.
*/
public static Set<String> getCookieDomains() {
Set<String> cookieDomains = Collections.EMPTY_SET;
try {
SSOToken token = AccessController.doPrivileged(AdminTokenAction.getInstance());
try {
ServiceSchemaManager scm = new ServiceSchemaManager("iPlanetAMPlatformService", token);
ServiceSchema psc = scm.getGlobalSchema();
Map attrs = psc.getAttributeDefaults();
cookieDomains = (Set) attrs.get(ISAuthConstants.PLATFORM_COOKIE_DOMAIN_ATTR);
} catch (SMSException ex) {
// Ignore the exception and leave cookieDomains empty;
utilDebug.message("getCookieDomains - SMSException ");
}
if (cookieDomains == null) {
cookieDomains = Collections.singleton(null);
}
} catch (SSOException ex) {
// unable to get SSOToken
utilDebug.message("getCookieDomains - SSOException ");
}
if (utilDebug.messageEnabled() && (!cookieDomains.isEmpty())) {
StringBuilder message = new StringBuilder("CookieDomains : ");
for (String cookieDomain : cookieDomains) {
message.append(" '").append(cookieDomain).append("'");
}
utilDebug.message(message.toString());
}
return cookieDomains;
}
Aggregations