Search in sources :

Example 31 with ServiceSchema

use of com.sun.identity.sm.ServiceSchema in project OpenAM by OpenRock.

the class AMObjectImpl method assignServices.

/**
     * Assigns a set of services and the attributes for a service to the user.
     * 
     * @param serviceNamesAndAttr
     *            Set of service names and the attributes for a service.
     * @param store
     *            A boolean value. If the boolean value is 'true', 1) Checks if
     *            there is already an assigned service. 2) Checks if any of the
     *            assigned services are registered with the parent organization.
     *            3) Combines the old Object Classes and the new Object classes
     *            and assigns them for a service. If the boolean value is
     *            'false', 1) Assigns services without any check for existence
     *            of already assigned service. 2) Assigns only the new object
     *            classes.
     * 
     * @throws AMException
     *             if there is an internal error in the AM Store
     * @throws SSOException
     *             if the sign on is no longer valid
     * @see com.iplanet.am.sdk.AMUserImpl#assignServices( java.util.Set
     *      serviceNames)
     */
public void assignServices(Map serviceNamesAndAttr, boolean store) throws AMException, SSOException {
    if (!((profileType == AMObject.ORGANIZATION) || (profileType == AMObject.USER) || (profileType == AMObject.STATIC_GROUP) || (profileType == AMObject.DYNAMIC_GROUP) || (profileType == AMObject.ORGANIZATIONAL_UNIT) || (profileType == AMObject.ASSIGNABLE_DYNAMIC_GROUP) || (profileType == AMObject.GROUP))) {
        throw new UnsupportedOperationException();
    }
    if ((serviceNamesAndAttr == null) || serviceNamesAndAttr.isEmpty()) {
        return;
    }
    Set newOCs = new HashSet();
    Set canAssign = new HashSet();
    if (store) {
        Set assignedServices = getAssignedServices();
        Set toAssign = serviceNamesAndAttr.keySet();
        Iterator it = toAssign.iterator();
        while (it.hasNext()) {
            // If already assigned service, then do nothing,
            // else add the servicename to services to be
            // assigned.
            String thisService = (String) it.next();
            if (!assignedServices.contains(thisService)) {
                canAssign.add(thisService);
            } else {
                if (debug.warningEnabled()) {
                    debug.warning("AMObjectImpl.assignService()-> " + thisService + " is already assigned to " + entryDN);
                }
            }
        }
        /*
             * Check if any of the assigned services are registered with the
             * parent organization. If not then throw an exception. We cannot
             * assign a service which is not registered with the parent
             * organization.
             */
        Set registered = null;
        if (profileType == ORGANIZATION) {
            registered = dsServices.getRegisteredServiceNames(null, entryDN);
        } else {
            registered = dsServices.getRegisteredServiceNames(null, getOrganizationDN());
        }
        it = canAssign.iterator();
        while (it.hasNext()) {
            if (!registered.contains((String) it.next())) {
                throw new AMException(AMSDKBundle.getString("126", locale), "126");
            }
        }
    } else {
        canAssign = serviceNamesAndAttr.keySet();
    }
    newOCs = AMServiceUtils.getServiceObjectClasses(token, canAssign);
    if (store) {
        Set oldOCs = getAttribute("objectclass");
        newOCs = AMCommonUtils.combineOCs(newOCs, oldOCs);
    }
    setAttribute("objectclass", newOCs);
    Iterator it = canAssign.iterator();
    while (it.hasNext()) {
        String thisService = (String) it.next();
        Map attrMap = (Map) serviceNamesAndAttr.get(thisService);
        if ((attrMap == null) || attrMap.isEmpty()) {
            attrMap = new HashMap();
        }
        try {
            ServiceSchemaManager ssm = new ServiceSchemaManager(thisService, token);
            ServiceSchema ss = null;
            Object[] args = { thisService };
            if (profileType == AMObject.USER) {
                ss = ssm.getSchema(SchemaType.USER);
                if (ss == null) {
                    ss = ssm.getSchema(SchemaType.DYNAMIC);
                }
            } else if ((profileType == AMObject.ORGANIZATION) || (profileType == AMObject.ORGANIZATIONAL_UNIT)) {
                ss = ssm.getSchema(SchemaType.DOMAIN);
            } else if ((profileType == AMObject.STATIC_GROUP) || (profileType == AMObject.DYNAMIC_GROUP) || (profileType == AMObject.ASSIGNABLE_DYNAMIC_GROUP) || (profileType == AMObject.GROUP)) {
                ss = ssm.getSchema(SchemaType.GROUP);
            }
            if (ss == null) {
                debug.warning(AMSDKBundle.getString("1001"));
                throw new AMException(AMSDKBundle.getString("1001", args, locale), "1001", args);
            }
            if (ss.getServiceType() != SchemaType.DYNAMIC) {
                attrMap = ss.validateAndInheritDefaults(attrMap, true);
            }
            /*
                 * Below we iterate through the attribute map to remove any
                 * attribute that do not have values (empty set) This is because
                 * the default behaviour when doing "setAttributes" with
                 * attributes containing no values is to "delete" that attribute
                 * from the entry. this is not the behaviour we want so the
                 * below check is a precaution to avoid that behaviour.
                 */
            attrMap = AMCommonUtils.removeEmptyValues(attrMap);
        } catch (SMSException smse) {
            debug.error("AMObjectImpl:assignService-> " + "unable to validate attributes for " + thisService, smse);
            throw new AMException(AMSDKBundle.getString("908", locale), "908");
        }
        // TODO validate the attributes here...
        setAttributes(attrMap);
    }
    if (store) {
        store();
    }
}
Also used : TreeSet(java.util.TreeSet) HashSet(java.util.HashSet) Set(java.util.Set) HashMap(java.util.HashMap) SMSException(com.sun.identity.sm.SMSException) ServiceSchema(com.sun.identity.sm.ServiceSchema) Iterator(java.util.Iterator) HashMap(java.util.HashMap) Map(java.util.Map) ServiceSchemaManager(com.sun.identity.sm.ServiceSchemaManager) HashSet(java.util.HashSet)

Example 32 with ServiceSchema

use of com.sun.identity.sm.ServiceSchema in project OpenAM by OpenRock.

the class AMAuthLevelManager method updateGlobalAuthLevelMap.

/**
     * Retreives and updates the service organization schema's global 
     * authentication level map with the changed authentication level. 
     */
private void updateGlobalAuthLevelMap(String serviceName) {
    if (debug.messageEnabled()) {
        debug.message("updateGlobalAuthLevelMap for " + serviceName);
    }
    try {
        ServiceSchemaManager ssm = new ServiceSchemaManager(serviceName, AuthD.getAuth().getSSOAuthSession());
        ServiceSchema schema = ssm.getOrganizationSchema();
        Map attrs = null;
        if (schema != null) {
            attrs = schema.getAttributeDefaults();
        }
        String module = moduleServiceMap.get(serviceName);
        if ((module != null) && module.length() > 0) {
            String attrName = AMAuthConfigUtils.getAuthLevelAttribute(attrs, module);
            String authLevel = CollectionHelper.getMapAttr(attrs, attrName);
            if ((authLevel != null) && (authLevel.length() > 0)) {
                Integer level = Integer.valueOf(authLevel);
                globalAuthLevelMap.put(module, level);
                debug.message("authLevel is : {}", authLevel);
                debug.message("globalAuthLevelMap is : {}", globalAuthLevelMap);
            } else {
                debug.warning("No auth level for module {}", module);
            }
        }
    } catch (Exception e) {
        if (debug.messageEnabled()) {
            debug.message("Error retrieving service schema ", e);
        }
    }
}
Also used : ServiceSchema(com.sun.identity.sm.ServiceSchema) ConcurrentHashMap(java.util.concurrent.ConcurrentHashMap) HashMap(java.util.HashMap) ConcurrentMap(java.util.concurrent.ConcurrentMap) Collections.synchronizedMap(java.util.Collections.synchronizedMap) Map(java.util.Map) ServiceSchemaManager(com.sun.identity.sm.ServiceSchemaManager) SMSException(com.sun.identity.sm.SMSException) ServiceNotFoundException(com.sun.identity.sm.ServiceNotFoundException) SSOException(com.iplanet.sso.SSOException)

Example 33 with ServiceSchema

use of com.sun.identity.sm.ServiceSchema in project OpenAM by OpenRock.

the class AMAuthenticationManager method initAuthenticationService.

/**
     * This code makes the authentication type list static. In case the list
     * is expanded or shrinked, the server needs to be restarted.
     */
private static void initAuthenticationService() {
    SSOToken token = getAdminToken();
    try {
        ServiceSchemaManager scm = new ServiceSchemaManager(ISAuthConstants.AUTH_SERVICE_NAME, token);
        ServiceSchema schema = scm.getGlobalSchema();
        Set<String> authenticators = (Set<String>) schema.getAttributeDefaults().get(ISAuthConstants.AUTHENTICATORS);
        for (String module : authenticators) {
            int index = module.lastIndexOf(".");
            if (index != -1) {
                module = module.substring(index + 1);
            }
            // Application is not one of the selectable instance type.
            if (!module.equals(ISAuthConstants.APPLICATION_MODULE)) {
                AUTH_TYPES.add(module);
            }
            String serviceName = MODULE_SERVICE_NAMES.get(module);
            if (serviceName == null) {
                serviceName = AuthUtils.getModuleServiceName(module);
                try {
                    new ServiceSchemaManager(serviceName, token);
                    MODULE_SERVICE_NAMES.put(module, serviceName);
                } catch (Exception e) {
                    GLOBAL_MODULE_NAMES.add(module);
                    AUTH_TYPES.remove(module);
                }
            }
        }
        if (DEBUG.messageEnabled()) {
            DEBUG.message("Global module names: " + GLOBAL_MODULE_NAMES);
            DEBUG.message("moduleServiceNames: " + MODULE_SERVICE_NAMES);
        }
    } catch (Exception smse) {
        String installTime = SystemProperties.get(AdminTokenAction.AMADMIN_MODE);
        if ((installTime != null) && installTime.equalsIgnoreCase("false")) {
            DEBUG.error("Failed to get module types", smse);
        }
    }
}
Also used : ServiceSchema(com.sun.identity.sm.ServiceSchema) SSOToken(com.iplanet.sso.SSOToken) HashSet(java.util.HashSet) Set(java.util.Set) ServiceSchemaManager(com.sun.identity.sm.ServiceSchemaManager) SMSException(com.sun.identity.sm.SMSException) SSOException(com.iplanet.sso.SSOException)

Example 34 with ServiceSchema

use of com.sun.identity.sm.ServiceSchema in project OpenAM by OpenRock.

the class AMAuthConfigUtils method getAllAuthModules.

/**
     * Returns all supported authentication modules
     *
     * @param token Single Sign On token to be using for accessing configuration
     *        information.
     * @return Map contains all modules, key is the module name (e.g. LDAP),
     *         value is the complete class name (example
     *         <code>com.sun.identity.authentication.modules.ldap.LDAP</code>)
     */
public static Map getAllAuthModules(SSOToken token) {
    Map modules = new HashMap();
    // if this is too slow, might need to consider listener option
    try {
        ServiceSchemaManager scm = new ServiceSchemaManager("iPlanetAMAuthService", token);
        ServiceSchema global = scm.getGlobalSchema();
        Map attrs = global.getAttributeDefaults();
        Set classes = (Set) attrs.get("iplanet-am-auth-authenticators");
        if (classes == null) {
            return modules;
        }
        Iterator iter = classes.iterator();
        while (iter.hasNext()) {
            String name = (String) iter.next();
            // skip Application module here since it is internal
            if (name.equals("com.sun.identity.authentication.modules.application.Application")) {
                continue;
            }
            if (debug.messageEnabled()) {
                debug.message("getAllAuthModules. process " + name);
            }
            int dot = name.lastIndexOf('.');
            if (dot > -1) {
                String tmp = name.substring(dot + 1, name.length());
                modules.put(tmp, name);
            } else {
                modules.put(name, name);
            }
        }
    } catch (Exception e) {
        // ignore exception
        debug.error("getAllAuthModules", e);
    }
    return modules;
}
Also used : ServiceSchema(com.sun.identity.sm.ServiceSchema) HashSet(java.util.HashSet) Set(java.util.Set) HashMap(java.util.HashMap) Iterator(java.util.Iterator) HashMap(java.util.HashMap) Map(java.util.Map) ServiceSchemaManager(com.sun.identity.sm.ServiceSchemaManager) SMSException(com.sun.identity.sm.SMSException) SSOException(com.iplanet.sso.SSOException)

Example 35 with ServiceSchema

use of com.sun.identity.sm.ServiceSchema in project OpenAM by OpenRock.

the class AuthClientUtils method getCookieDomains.

/**
     * Return the set of cookie domains configured in Platform settings. Whenever possible, use
     * {@link #getCookieDomainsForRequest(HttpServletRequest)} instead.
     *
     * @return The set of configured cookie domains. May contain null.
     */
public static Set<String> getCookieDomains() {
    Set<String> cookieDomains = Collections.EMPTY_SET;
    try {
        SSOToken token = AccessController.doPrivileged(AdminTokenAction.getInstance());
        try {
            ServiceSchemaManager scm = new ServiceSchemaManager("iPlanetAMPlatformService", token);
            ServiceSchema psc = scm.getGlobalSchema();
            Map attrs = psc.getAttributeDefaults();
            cookieDomains = (Set) attrs.get(ISAuthConstants.PLATFORM_COOKIE_DOMAIN_ATTR);
        } catch (SMSException ex) {
            // Ignore the exception and leave cookieDomains empty;
            utilDebug.message("getCookieDomains - SMSException ");
        }
        if (cookieDomains == null) {
            cookieDomains = Collections.singleton(null);
        }
    } catch (SSOException ex) {
        // unable to get SSOToken
        utilDebug.message("getCookieDomains - SSOException ");
    }
    if (utilDebug.messageEnabled() && (!cookieDomains.isEmpty())) {
        StringBuilder message = new StringBuilder("CookieDomains : ");
        for (String cookieDomain : cookieDomains) {
            message.append("  '").append(cookieDomain).append("'");
        }
        utilDebug.message(message.toString());
    }
    return cookieDomains;
}
Also used : ServiceSchema(com.sun.identity.sm.ServiceSchema) SSOToken(com.iplanet.sso.SSOToken) SMSException(com.sun.identity.sm.SMSException) SSOException(com.iplanet.sso.SSOException) Map(java.util.Map) HashMap(java.util.HashMap) ServiceSchemaManager(com.sun.identity.sm.ServiceSchemaManager)

Aggregations

ServiceSchema (com.sun.identity.sm.ServiceSchema)216 SMSException (com.sun.identity.sm.SMSException)152 ServiceSchemaManager (com.sun.identity.sm.ServiceSchemaManager)131 SSOException (com.iplanet.sso.SSOException)117 Set (java.util.Set)101 AttributeSchema (com.sun.identity.sm.AttributeSchema)76 HashSet (java.util.HashSet)71 Map (java.util.Map)70 HashMap (java.util.HashMap)57 Iterator (java.util.Iterator)56 CLIException (com.sun.identity.cli.CLIException)46 SSOToken (com.iplanet.sso.SSOToken)27 IOutput (com.sun.identity.cli.IOutput)26 BeforeTest (org.testng.annotations.BeforeTest)22 CLIRequest (com.sun.identity.cli.CLIRequest)21 ByteString (org.forgerock.opendj.ldap.ByteString)21 AfterTest (org.testng.annotations.AfterTest)21 Test (org.testng.annotations.Test)21 Parameters (org.testng.annotations.Parameters)18 TreeSet (java.util.TreeSet)15