Example 1 with LdapNoSuchObjectException
use of org.apache.directory.api.ldap.model.exception.LdapNoSuchObjectException in project directory-ldap-api by apache.
the class WrappedPartialResultException method wrap.
/**
* Wraps a LDAP exception into a NaingException
*
* @param t The original exception
* @throws NamingException The wrapping JNDI exception
*/
public static void wrap(Throwable t) throws NamingException {
if (t instanceof NamingException) {
throw (NamingException) t;
}
NamingException ne;
if ((t instanceof LdapAffectMultipleDsaException) || (t instanceof LdapAliasDereferencingException) || (t instanceof LdapLoopDetectedException) || (t instanceof LdapAliasException) || (t instanceof LdapOperationErrorException) || (t instanceof LdapOtherException)) {
ne = new NamingException(t.getLocalizedMessage());
} else if (t instanceof LdapAttributeInUseException) {
ne = new AttributeInUseException(t.getLocalizedMessage());
} else if (t instanceof LdapAuthenticationException) {
ne = new AuthenticationException(t.getLocalizedMessage());
} else if (t instanceof LdapAuthenticationNotSupportedException) {
ne = new AuthenticationNotSupportedException(t.getLocalizedMessage());
} else if (t instanceof LdapContextNotEmptyException) {
ne = new ContextNotEmptyException(t.getLocalizedMessage());
} else if (t instanceof LdapEntryAlreadyExistsException) {
ne = new NameAlreadyBoundException(t.getLocalizedMessage());
} else if (t instanceof LdapInvalidAttributeTypeException) {
ne = new InvalidAttributeIdentifierException(t.getLocalizedMessage());
} else if (t instanceof LdapInvalidAttributeValueException) {
ne = new InvalidAttributeValueException(t.getLocalizedMessage());
} else if (t instanceof LdapInvalidDnException) {
ne = new InvalidNameException(t.getLocalizedMessage());
} else if (t instanceof LdapInvalidSearchFilterException) {
ne = new InvalidSearchFilterException(t.getLocalizedMessage());
} else if (t instanceof LdapNoPermissionException) {
ne = new NoPermissionException(t.getLocalizedMessage());
} else if (t instanceof LdapNoSuchAttributeException) {
ne = new NoSuchAttributeException(t.getLocalizedMessage());
} else if (t instanceof LdapNoSuchObjectException) {
ne = new NameNotFoundException(t.getLocalizedMessage());
} else if (t instanceof LdapProtocolErrorException) {
ne = new CommunicationException(t.getLocalizedMessage());
} else if (t instanceof LdapReferralException) {
ne = new WrappedReferralException((LdapReferralException) t);
} else if (t instanceof LdapPartialResultException) {
ne = new WrappedPartialResultException((LdapPartialResultException) t);
} else if (t instanceof LdapSchemaViolationException) {
ne = new SchemaViolationException(t.getLocalizedMessage());
} else if (t instanceof LdapServiceUnavailableException) {
ne = new ServiceUnavailableException(t.getLocalizedMessage());
} else if (t instanceof LdapTimeLimitExceededException) {
ne = new TimeLimitExceededException(t.getLocalizedMessage());
} else if (t instanceof LdapUnwillingToPerformException) {
ne = new OperationNotSupportedException(t.getLocalizedMessage());
} else {
ne = new NamingException(t.getLocalizedMessage());
}
ne.setRootCause(t);
throw ne;
}
Also used :
LdapEntryAlreadyExistsException(org.apache.directory.api.ldap.model.exception.LdapEntryAlreadyExistsException)
LdapOperationErrorException(org.apache.directory.api.ldap.model.exception.LdapOperationErrorException)
LdapAttributeInUseException(org.apache.directory.api.ldap.model.exception.LdapAttributeInUseException)
AuthenticationException(javax.naming.AuthenticationException)
LdapAuthenticationException(org.apache.directory.api.ldap.model.exception.LdapAuthenticationException)
LdapAuthenticationNotSupportedException(org.apache.directory.api.ldap.model.exception.LdapAuthenticationNotSupportedException)
AuthenticationNotSupportedException(javax.naming.AuthenticationNotSupportedException)
LdapServiceUnavailableException(org.apache.directory.api.ldap.model.exception.LdapServiceUnavailableException)
LdapInvalidAttributeTypeException(org.apache.directory.api.ldap.model.exception.LdapInvalidAttributeTypeException)
LdapInvalidAttributeValueException(org.apache.directory.api.ldap.model.exception.LdapInvalidAttributeValueException)
LdapServiceUnavailableException(org.apache.directory.api.ldap.model.exception.LdapServiceUnavailableException)
ServiceUnavailableException(javax.naming.ServiceUnavailableException)
LdapTimeLimitExceededException(org.apache.directory.api.ldap.model.exception.LdapTimeLimitExceededException)
LdapAliasException(org.apache.directory.api.ldap.model.exception.LdapAliasException)
LdapNoSuchObjectException(org.apache.directory.api.ldap.model.exception.LdapNoSuchObjectException)
LdapPartialResultException(org.apache.directory.api.ldap.model.exception.LdapPartialResultException)
LdapSchemaViolationException(org.apache.directory.api.ldap.model.exception.LdapSchemaViolationException)
LdapAuthenticationNotSupportedException(org.apache.directory.api.ldap.model.exception.LdapAuthenticationNotSupportedException)
NameAlreadyBoundException(javax.naming.NameAlreadyBoundException)
LdapLoopDetectedException(org.apache.directory.api.ldap.model.exception.LdapLoopDetectedException)
InvalidNameException(javax.naming.InvalidNameException)
LdapProtocolErrorException(org.apache.directory.api.ldap.model.exception.LdapProtocolErrorException)
LdapReferralException(org.apache.directory.api.ldap.model.exception.LdapReferralException)
NamingException(javax.naming.NamingException)
SchemaViolationException(javax.naming.directory.SchemaViolationException)
LdapSchemaViolationException(org.apache.directory.api.ldap.model.exception.LdapSchemaViolationException)
LdapNoPermissionException(org.apache.directory.api.ldap.model.exception.LdapNoPermissionException)
LdapOtherException(org.apache.directory.api.ldap.model.exception.LdapOtherException)
LdapInvalidDnException(org.apache.directory.api.ldap.model.exception.LdapInvalidDnException)
OperationNotSupportedException(javax.naming.OperationNotSupportedException)
LdapAliasDereferencingException(org.apache.directory.api.ldap.model.exception.LdapAliasDereferencingException)
InvalidAttributeIdentifierException(javax.naming.directory.InvalidAttributeIdentifierException)
CommunicationException(javax.naming.CommunicationException)
InvalidSearchFilterException(javax.naming.directory.InvalidSearchFilterException)
LdapInvalidSearchFilterException(org.apache.directory.api.ldap.model.exception.LdapInvalidSearchFilterException)
NameNotFoundException(javax.naming.NameNotFoundException)
LdapUnwillingToPerformException(org.apache.directory.api.ldap.model.exception.LdapUnwillingToPerformException)
LdapAffectMultipleDsaException(org.apache.directory.api.ldap.model.exception.LdapAffectMultipleDsaException)
LdapInvalidAttributeValueException(org.apache.directory.api.ldap.model.exception.LdapInvalidAttributeValueException)
InvalidAttributeValueException(javax.naming.directory.InvalidAttributeValueException)
LdapContextNotEmptyException(org.apache.directory.api.ldap.model.exception.LdapContextNotEmptyException)
NoSuchAttributeException(javax.naming.directory.NoSuchAttributeException)
LdapNoSuchAttributeException(org.apache.directory.api.ldap.model.exception.LdapNoSuchAttributeException)
LdapAuthenticationException(org.apache.directory.api.ldap.model.exception.LdapAuthenticationException)
ContextNotEmptyException(javax.naming.ContextNotEmptyException)
LdapContextNotEmptyException(org.apache.directory.api.ldap.model.exception.LdapContextNotEmptyException)
NoPermissionException(javax.naming.NoPermissionException)
LdapNoPermissionException(org.apache.directory.api.ldap.model.exception.LdapNoPermissionException)
LdapTimeLimitExceededException(org.apache.directory.api.ldap.model.exception.LdapTimeLimitExceededException)
TimeLimitExceededException(javax.naming.TimeLimitExceededException)
AttributeInUseException(javax.naming.directory.AttributeInUseException)
LdapAttributeInUseException(org.apache.directory.api.ldap.model.exception.LdapAttributeInUseException)
LdapInvalidSearchFilterException(org.apache.directory.api.ldap.model.exception.LdapInvalidSearchFilterException)
LdapNoSuchAttributeException(org.apache.directory.api.ldap.model.exception.LdapNoSuchAttributeException)
Example 2 with LdapNoSuchObjectException
use of org.apache.directory.api.ldap.model.exception.LdapNoSuchObjectException in project directory-fortress-core by apache.
the class PermDAO method getPermAttributeSet.
PermissionAttributeSet getPermAttributeSet(PermissionAttributeSet permAttributeSet) throws FinderException {
PermissionAttributeSet entity = null;
LdapConnection ld = null;
String dn = getDn(permAttributeSet, permAttributeSet.getContextId());
try {
ld = getAdminConnection();
Entry findEntry = read(ld, dn, PERMISION_ATTRIBUTE_SET_ATRS);
if (findEntry == null) {
String warning = "getPermAttributeSet no entry found dn [" + dn + "]";
throw new FinderException(GlobalErrIds.PERM_ATTRIBUTE_SET_NOT_FOUND, warning);
}
entity = unloadPASetLdapEntry(findEntry, 0);
// find permission attributes for this set
entity.setAttributes(this.findPermissionAttributes(entity));
} catch (LdapNoSuchObjectException e) {
String warning = "getPermAttributeSet COULD NOT FIND ENTRY for dn [" + dn + "]";
throw new FinderException(GlobalErrIds.PERM_ATTRIBUTE_SET_NOT_FOUND, warning);
} catch (LdapException e) {
String error = "getPermAttributeSet dn [" + dn + "] caught LdapException=" + e.getMessage();
throw new FinderException(GlobalErrIds.PERM_ATTRIBUTE_SET_NOT_FOUND, error, e);
} finally {
closeAdminConnection(ld);
}
return entity;
}
Also used :
LdapNoSuchObjectException(org.apache.directory.api.ldap.model.exception.LdapNoSuchObjectException)
PermissionAttributeSet(org.apache.directory.fortress.core.model.PermissionAttributeSet)
FinderException(org.apache.directory.fortress.core.FinderException)
DefaultEntry(org.apache.directory.api.ldap.model.entry.DefaultEntry)
Entry(org.apache.directory.api.ldap.model.entry.Entry)
LdapException(org.apache.directory.api.ldap.model.exception.LdapException)
LdapConnection(org.apache.directory.ldap.client.api.LdapConnection)
Example 3 with LdapNoSuchObjectException
use of org.apache.directory.api.ldap.model.exception.LdapNoSuchObjectException in project directory-fortress-core by apache.
the class PermDAO method grant.
/**
* @param pOp
* @param user
* @throws org.apache.directory.fortress.core.UpdateException
*
* @throws org.apache.directory.fortress.core.FinderException
*/
void grant(Permission pOp, User user) throws UpdateException {
LdapConnection ld = null;
String dn = getDn(pOp, pOp.getContextId());
try {
List<Modification> mods = new ArrayList<Modification>();
mods.add(new DefaultModification(ModificationOperation.ADD_ATTRIBUTE, USERS, user.getUserId()));
ld = getAdminConnection();
modify(ld, dn, mods, pOp);
} catch (LdapAttributeInUseException e) {
String warning = "grant perm object [" + pOp.getObjName() + "] operation [" + pOp.getOpName() + "] userId [" + user.getUserId() + "] assignment already exists, Fortress rc=" + GlobalErrIds.PERM_USER_EXIST;
throw new UpdateException(GlobalErrIds.PERM_USER_EXIST, warning);
} catch (LdapNoSuchObjectException e) {
String warning = "grant perm object [" + pOp.getObjName() + "] operation [" + pOp.getOpName() + "] userId [" + user.getUserId() + "] perm not found, Fortress rc=" + GlobalErrIds.PERM_OP_NOT_FOUND;
throw new UpdateException(GlobalErrIds.PERM_OP_NOT_FOUND, warning);
} catch (LdapException e) {
String error = "grant perm object [" + pOp.getObjName() + "] operation [" + pOp.getOpName() + "] userId [" + user.getUserId() + "] caught LdapException=" + e.getMessage();
throw new UpdateException(GlobalErrIds.PERM_GRANT_USER_FAILED, error, e);
} finally {
closeAdminConnection(ld);
}
}
Also used :
LdapNoSuchObjectException(org.apache.directory.api.ldap.model.exception.LdapNoSuchObjectException)
DefaultModification(org.apache.directory.api.ldap.model.entry.DefaultModification)
Modification(org.apache.directory.api.ldap.model.entry.Modification)
DefaultModification(org.apache.directory.api.ldap.model.entry.DefaultModification)
LdapAttributeInUseException(org.apache.directory.api.ldap.model.exception.LdapAttributeInUseException)
ArrayList(java.util.ArrayList)
UpdateException(org.apache.directory.fortress.core.UpdateException)
LdapException(org.apache.directory.api.ldap.model.exception.LdapException)
LdapConnection(org.apache.directory.ldap.client.api.LdapConnection)
Example 4 with LdapNoSuchObjectException
use of org.apache.directory.api.ldap.model.exception.LdapNoSuchObjectException in project directory-fortress-core by apache.
the class PermDAO method checkPermission.
/**
* This method performs fortress authorization using data passed in (session) and stored on ldap server (permission). It has been recently changed to use ldap compare operations in order to trigger slapd access log updates in directory.
* It performs ldap operations: read and (optionally) compare. The first is to pull back the permission to see if user has access or not. The second is to trigger audit
* record storage on ldap server but can be disabled.
*
* @param session contains {@link Session#getUserId()}, for impl check {@link org.apache.directory.fortress.core.model.Session#getRoles()}, for arbac check: {@link org.apache.directory.fortress.core.model.Session#getAdminRoles()}.
* @param inPerm must contain required attributes {@link Permission#objName} and {@link Permission#opName}. {@link org.apache.directory.fortress.core.model.Permission#objId} is optional.
* @return boolean containing result of check.
* @throws org.apache.directory.fortress.core.FinderException
* In the event system error occurs looking up data on ldap server.
*/
boolean checkPermission(Session session, Permission inPerm) throws FinderException {
boolean isAuthZd = false;
LdapConnection ld = null;
String dn = getOpRdn(inPerm.getOpName(), inPerm.getObjId()) + "," + GlobalIds.POBJ_NAME + "=" + inPerm.getObjName() + "," + getRootDn(inPerm.isAdmin(), inPerm.getContextId());
try {
ld = getAdminConnection();
// LDAP Operation #1: Read the targeted permission from ldap server
Entry entry = read(ld, dn, PERMISSION_OP_ATRS);
if (entry == null) {
// if permission not found, cannot continue.
String error = "checkPermission DOES NOT EXIST : obj name [" + inPerm.getObjName() + "], obj id [" + inPerm.getObjId() + "], op name [" + inPerm.getOpName() + "], idAdmin [" + inPerm.isAdmin() + "]";
throw new FinderException(GlobalErrIds.PERM_NOT_EXIST, error);
}
// load the permission entity with data retrieved from the permission node:
Permission outPerm = unloadPopLdapEntry(entry, 0, inPerm.isAdmin());
// The admin flag will be set to 'true' if this is an administrative permission:
outPerm.setAdmin(inPerm.isAdmin());
// Pass the tenant id along:
outPerm.setContextId(inPerm.getContextId());
// The objective of these next steps is to evaluate the outcome of authorization attempt and trigger a write to slapd access logger containing the result.
// The objectClass triggered by slapd access log write for upcoming ldap op is 'auditCompare'.
// Set this attribute either with actual operation name that will succeed compare (for authZ success) or bogus value which will fail compare (for authZ failure):
String attributeValue;
// This method determines if the user is authorized for this permission:
isAuthZd = isAuthorized(session, outPerm);
// This is done to leave an audit trail in ldap server log:
if (isAuthZd) {
// Yes, set the operation name onto this attribute for storage into audit trail:
attributeValue = outPerm.getOpName();
} else {
// Changing this attribute value forces the compare to fail. This facilitates tracking of authorization failures events in the slapd access log (by searching for compare failures).
attributeValue = outPerm.getOpName() + GlobalIds.FAILED_AUTHZ_INDICATOR;
}
// LDAP Operation #2: Compare.
if (!session.isGroupSession()) {
addAuthZAudit(ld, dn, session.getUser().getDn(), attributeValue);
}
} catch (LdapException e) {
if (!(e instanceof LdapNoSuchObjectException)) {
String error = "checkPermission caught LdapException=" + e.getMessage();
throw new FinderException(GlobalErrIds.PERM_READ_OP_FAILED, error, e);
}
// There is a switch in fortress config to disable the audit ops.
if (!session.isGroupSession()) {
addAuthZAudit(ld, dn, session.getUser().getDn(), "AuthZ Invalid");
}
} finally {
closeAdminConnection(ld);
}
return isAuthZd;
}
Also used :
LdapNoSuchObjectException(org.apache.directory.api.ldap.model.exception.LdapNoSuchObjectException)
FinderException(org.apache.directory.fortress.core.FinderException)
DefaultEntry(org.apache.directory.api.ldap.model.entry.DefaultEntry)
Entry(org.apache.directory.api.ldap.model.entry.Entry)
Permission(org.apache.directory.fortress.core.model.Permission)
LdapException(org.apache.directory.api.ldap.model.exception.LdapException)
LdapConnection(org.apache.directory.ldap.client.api.LdapConnection)
Example 5 with LdapNoSuchObjectException
use of org.apache.directory.api.ldap.model.exception.LdapNoSuchObjectException in project directory-fortress-core by apache.
the class PermDAO method getPerm.
/**
* @param permObj
* @return
* @throws org.apache.directory.fortress.core.FinderException
*/
PermObj getPerm(PermObj permObj) throws FinderException {
PermObj entity = null;
LdapConnection ld = null;
String dn = GlobalIds.POBJ_NAME + "=" + permObj.getObjName() + "," + getRootDn(permObj.isAdmin(), permObj.getContextId());
try {
ld = getAdminConnection();
Entry findEntry = read(ld, dn, PERMISION_OBJ_ATRS);
if (findEntry == null) {
String warning = "getPerm Obj no entry found dn [" + dn + "]";
throw new FinderException(GlobalErrIds.PERM_OBJ_NOT_FOUND, warning);
}
entity = unloadPobjLdapEntry(findEntry, 0, permObj.isAdmin());
} catch (LdapNoSuchObjectException e) {
String warning = "getPerm Obj COULD NOT FIND ENTRY for dn [" + dn + "]";
throw new FinderException(GlobalErrIds.PERM_OBJ_NOT_FOUND, warning);
} catch (LdapException e) {
String error = "getPerm Obj dn [" + dn + "] caught LdapException=" + e.getMessage();
throw new FinderException(GlobalErrIds.PERM_READ_OBJ_FAILED, error, e);
} finally {
closeAdminConnection(ld);
}
return entity;
}
Also used :
LdapNoSuchObjectException(org.apache.directory.api.ldap.model.exception.LdapNoSuchObjectException)
FinderException(org.apache.directory.fortress.core.FinderException)
PermObj(org.apache.directory.fortress.core.model.PermObj)
DefaultEntry(org.apache.directory.api.ldap.model.entry.DefaultEntry)
Entry(org.apache.directory.api.ldap.model.entry.Entry)
LdapException(org.apache.directory.api.ldap.model.exception.LdapException)
LdapConnection(org.apache.directory.ldap.client.api.LdapConnection)
Aggregations
LdapNoSuchObjectException (org.apache.directory.api.ldap.model.exception.LdapNoSuchObjectException)21
LdapException (org.apache.directory.api.ldap.model.exception.LdapException)19
LdapConnection (org.apache.directory.ldap.client.api.LdapConnection)19
Entry (org.apache.directory.api.ldap.model.entry.Entry)17
FinderException (org.apache.directory.fortress.core.FinderException)17
DefaultEntry (org.apache.directory.api.ldap.model.entry.DefaultEntry)16
LdapAttributeInUseException (org.apache.directory.api.ldap.model.exception.LdapAttributeInUseException)3
ArrayList (java.util.ArrayList)2
Properties (java.util.Properties)2
DefaultModification (org.apache.directory.api.ldap.model.entry.DefaultModification)2
Modification (org.apache.directory.api.ldap.model.entry.Modification)2
LdapInvalidAttributeValueException (org.apache.directory.api.ldap.model.exception.LdapInvalidAttributeValueException)2
Permission (org.apache.directory.fortress.core.model.Permission)2
AuthenticationException (javax.naming.AuthenticationException)1
AuthenticationNotSupportedException (javax.naming.AuthenticationNotSupportedException)1
CommunicationException (javax.naming.CommunicationException)1
ContextNotEmptyException (javax.naming.ContextNotEmptyException)1
InvalidNameException (javax.naming.InvalidNameException)1
NameAlreadyBoundException (javax.naming.NameAlreadyBoundException)1
NameNotFoundException (javax.naming.NameNotFoundException)1
