Examples with LocalizedIllegalArgumentException - org.forgerock.i18n.LocalizedIllegalArgumentException

Example 6 with LocalizedIllegalArgumentException

use of org.forgerock.i18n.LocalizedIllegalArgumentException in project OpenAM by OpenRock.

the class LDAPGroups method isMemberOfGroup.

/**
     * Find out if a user belongs to a particular group
     * @param groupName the ldap DN of the group
     * @param userDN the ldap DN of the user
     * @return <code>true</code> if the user is member of the group;
     * <code>false</code> otherwise.
     */
private boolean isMemberOfGroup(String groupName, DN userDN, String userRDN, SSOToken token) throws SSOException, PolicyException {
    if (debug.messageEnabled()) {
        debug.message("LDAPGroups.isMemberOfGroup():" + " entering with groupName = " + groupName + ",userDN = " + userDN);
    }
    if ((groupName == null) || (groupName.length() == 0) || (userDN == null)) {
        return false;
    }
    String tokenID = token.getTokenID().toString();
    boolean groupMatch = false;
    SearchResultEntry entry;
    try (Connection conn = connPool.getConnection()) {
        entry = conn.searchSingleEntry(LDAPRequests.newSingleEntrySearchRequest(groupName));
    } catch (Exception e) {
        debug.warning("LDAPGroups: invalid group name {} specified in the policy definition.", groupName);
        return false;
    }
    debug.message("LDAPGroups.isMemberOfGroup(): get {} group attribute", STATIC_GROUP_MEMBER_ATTR);
    Attribute attribute = entry.getAttribute(STATIC_GROUP_MEMBER_ATTR);
    if (attribute != null) {
        for (ByteString memberDNStr : attribute) {
            debug.message("LDAPGroups.isMemberOfGroup(): memberDNStr = ", memberDNStr);
            DN memberDN = DN.valueOf(memberDNStr.toString());
            if (userDN.equals(memberDN)) {
                groupMatch = true;
                break;
            }
        }
    }
    if (!groupMatch) {
        debug.message("LDAPGroups.isMemberOfGroup(): get {} group attribute", STATIC_GROUP_MEMBER_ALT_ATTR);
        attribute = entry.getAttribute(STATIC_GROUP_MEMBER_ALT_ATTR);
        if (attribute != null) {
            for (ByteString memberDNStr : attribute) {
                debug.message("LDAPGroups.isMemberOfGroup(): memberDNStr = ", memberDNStr);
                DN memberDN = DN.valueOf(memberDNStr.toString());
                if (userDN.equals(memberDN)) {
                    groupMatch = true;
                    break;
                }
            }
        }
    }
    if (!groupMatch) {
        attribute = entry.getAttribute(DYNAMIC_GROUP_MEMBER_URL);
        if (attribute != null) {
            for (ByteString memberUrl : attribute) {
                try {
                    LDAPUrl ldapUrl = LDAPUrl.valueOf(memberUrl.toString());
                    Set members = findDynamicGroupMembersByUrl(ldapUrl, userRDN);
                    Iterator iter = members.iterator();
                    while (iter.hasNext()) {
                        String memberDNStr = (String) iter.next();
                        DN memberDN = DN.valueOf(memberDNStr);
                        if (userDN.equals(memberDN)) {
                            groupMatch = true;
                            break;
                        }
                    }
                } catch (LocalizedIllegalArgumentException e) {
                    throw new PolicyException(e);
                }
            }
        }
    }
    debug.message("LDAPGroups.isMemberOfGroup():adding entry {} {} {} {} in subject evaluation cache.", tokenID, ldapServer, groupName, groupMatch);
    SubjectEvaluationCache.addEntry(tokenID, ldapServer, groupName, groupMatch);
    return groupMatch;
}

Also used : HashSet(java.util.HashSet) Set(java.util.Set) Attribute(org.forgerock.opendj.ldap.Attribute) ByteString(org.forgerock.opendj.ldap.ByteString) Connection(org.forgerock.opendj.ldap.Connection) DN(org.forgerock.opendj.ldap.DN) ByteString(org.forgerock.opendj.ldap.ByteString) LocalizedIllegalArgumentException(org.forgerock.i18n.LocalizedIllegalArgumentException) LdapException(org.forgerock.opendj.ldap.LdapException) NameNotFoundException(com.sun.identity.policy.NameNotFoundException) PolicyException(com.sun.identity.policy.PolicyException) InvalidNameException(com.sun.identity.policy.InvalidNameException) SSOException(com.iplanet.sso.SSOException) LocalizedIllegalArgumentException(org.forgerock.i18n.LocalizedIllegalArgumentException) LDAPUrl(org.forgerock.opendj.ldap.LDAPUrl) PolicyException(com.sun.identity.policy.PolicyException) Iterator(java.util.Iterator) SearchResultEntry(org.forgerock.opendj.ldap.responses.SearchResultEntry)

Aggregations

LocalizedIllegalArgumentException (org.forgerock.i18n.LocalizedIllegalArgumentException)6 LDAPUrl (org.forgerock.opendj.ldap.LDAPUrl)5 Attr (com.iplanet.services.ldap.Attr)2 HashSet (java.util.HashSet)2 Set (java.util.Set)2 Attribute (org.forgerock.opendj.ldap.Attribute)2 Connection (org.forgerock.opendj.ldap.Connection)2 DN (org.forgerock.opendj.ldap.DN)2 LdapException (org.forgerock.opendj.ldap.LdapException)2 SearchResultEntry (org.forgerock.opendj.ldap.responses.SearchResultEntry)2 SSOException (com.iplanet.sso.SSOException)1 InvalidNameException (com.sun.identity.policy.InvalidNameException)1 NameNotFoundException (com.sun.identity.policy.NameNotFoundException)1 PolicyException (com.sun.identity.policy.PolicyException)1 IOException (java.io.IOException)1 HttpURLConnection (java.net.HttpURLConnection)1 GeneralSecurityException (java.security.GeneralSecurityException)1 Iterator (java.util.Iterator)1 TreeSet (java.util.TreeSet)1 ByteString (org.forgerock.opendj.ldap.ByteString)1