IdServicesImpl.java revision 64d3fa08513695d9a3c20bdd22593aa9d0d900b4
/**
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
*
* Copyright (c) 2005 Sun Microsystems Inc. All Rights Reserved
*
* The contents of this file are subject to the terms
* of the Common Development and Distribution License
* (the License). You may not use this file except in
* compliance with the License.
*
* You can obtain a copy of the License at
* See the License for the specific language governing
* permission and limitations under the License.
*
* When distributing Covered Code, include this CDDL
* Header Notice in each file and include the License file
* at opensso/legal/CDDLv1.0.txt.
* If applicable, add the following below the CDDL Header,
* with the fields enclosed by brackets [] replaced by
* your own identifying information:
* "Portions Copyrighted [year] [name of copyright owner]"
*
* $Id: IdServicesImpl.java,v 1.61 2010/01/20 01:08:36 goodearth Exp $
*
*/
/*
* Portions Copyrighted [2011] [ForgeRock AS]
*/
public class IdServicesImpl implements IdServices {
// Cache to hold special identities stored in SpecialRepo
protected Set specialIdentityNames;
protected IdSearchResults specialIdentities;
protected IdSearchResults emptyUserIdentities =
private IdRepoPluginsCache idrepoCache;
protected static volatile boolean shutdownCalled;
private static IdServices _instance;
static {
}
protected static synchronized IdServices getInstance() {
+ "Creating new Instance of IdServicesImpl()");
if (shutdownMan.acquireValidLock()) {
try {
_instance = new IdServicesImpl();
new ShutdownListener() {
public void shutdown() {
synchronized (_instance) {
shutdownCalled = true;
}
}
});
} finally {
}
}
}
return _instance;
}
protected IdServicesImpl() {
idrepoCache = new IdRepoPluginsCache();
}
return debug;
}
public void reinitialize() {
}
public static boolean isShutdownCalled() {
return shutdownCalled;
}
/**
* Returns the set of fully qualified names for the identity.
* The fully qualified names would be unique for a given datastore.
*
* @param token SSOToken that can be used by the datastore
* to determine the fully qualified name
* @param type type of the identity
* @param name name of the identity
*
* @return fully qualified names for the identity
* @throws IdRepoException If there are repository related error conditions
* @throws SSOException If identity's single sign on token is invalid
*/
throws IdRepoException, SSOException {
if (getDebug().messageEnabled()) {
" org: " + orgName);
}
// Get IdRepo plugins
// to avoid calling other plugins for special users
}
}
return (answer);
}
// Get the fully qualified names from IdRepo plugins
// Skip users in Special Repo
continue;
}
try {
}
} catch (IdRepoException ide) {
if (firstException == null) {
}
}
}
}
throw (firstException);
}
return (answer);
}
/**
* Returns <code>true</code> if the data store has successfully
* authenticated the identity with the provided credentials. In case the
* data store requires additional credentials, the list would be returned
* via the <code>IdRepoException</code> exception.
*
* @param orgName
* realm name to which the identity would be authenticated
* @param credentials
* Array of callback objects containing information such as
* username and password.
*
* @return <code>true</code> if data store authenticates the identity;
* else <code>false</code>
*/
throws IdRepoException, AuthLoginException {
if (getDebug().messageEnabled()) {
"IdServicesImpl.authenticate: called for org: " + orgName);
}
// Get the list of plugins and check if they support authN
try {
} catch (SSOException ex) {
// Debug the message and return false
if (getDebug().messageEnabled()) {
"IdServicesImpl.authenticate: " + "Error obtaining " +
"IdRepo plugins for the org: " + orgName);
}
return (false);
} catch (IdRepoException ex) {
// Debug the message and return false
if (getDebug().messageEnabled()) {
"IdServicesImpl.authenticate: " + "Error obtaining " +
"IdRepo plugins for the org: " + orgName);
}
return (false);
}
// Check for internal user. If internal user, use SpecialRepo only
if (credentials[i] instanceof NameCallback) {
// Obtain the firsr RDN
}
break;
}
}
try {
if (debug.messageEnabled()) {
"AuthN success using special repo " +
" user: " + name);
}
return (true);
} else {
// Invalid password used for internal user
"AuthN failed using special repo " +
" user: " + name);
return (false);
}
}
}
}
} catch (SSOException ssoe) {
// Ignore the exception
"checking for special users", ssoe);
return (false);
}
if (idRepo.supportsAuthentication()) {
if (getDebug().messageEnabled()) {
"IdServicesImpl.authenticate: " + "AuthN to " +
}
try {
// Successfully authenticated
if (getDebug().messageEnabled()) {
"IdServicesImpl.authenticate: " +
"AuthN success for " +
}
return (true);
}
} catch (IdRepoException ide) {
// Save the exception to be thrown later if
// all authentication calls fail
if (firstException == null) {
}
} catch (AuthLoginException authex) {
if (authException == null) {
}
}
} else if (getDebug().messageEnabled()) {
"IdServicesImpl.authenticate: AuthN " +
}
}
if (authException != null) {
throw (authException);
}
if (firstException != null) {
throw (firstException);
}
return (false);
}
throws IdRepoException {
+ orgDN;
}
// Wouldn't be a DN if it starts with "/"
}
+ subRealmName;
}
try {
} catch (SMSException sme) {
}
}
}
// First get the list of plugins that support the create operation.
// Check permission first. If allowed then proceed, else the
// checkPermission method throws an "402" exception.
}
if ((configuredPluginClasses == null) ||
}
try {
// names.
attrMap);
}
} catch (IdRepoUnsupportedOpException ide) {
"IdServicesImpl.create: "
+ "Unable to create identity in the"
+ " following repository "
+ ide.getMessage());
}
noOfSuccess--;
} catch (IdRepoFatalException idf) {
// fatal ..throw it all the way up
"IdServicesImpl.create: "
+ "Create: Fatal Exception", idf);
throw idf;
} catch (IdRepoException ide) {
"IdServicesImpl.create: "
+ "Unable to create identity in the following "
+ "repository "
+ ide.getMessage());
}
noOfSuccess--;
}
}
if (noOfSuccess == 0) {
if (getDebug().warningEnabled()) {
"IdServicesImpl.create: "
}
throw origEx;
} else {
return id;
}
}
try {
// By default a Realm is not a leaf node, delete the
// whole realm tree.
} catch (SMSException sme) {
}
}
/*
* (non-Javadoc)
*/
return;
}
// Check permission first. If allowed then proceed, else the
// checkPermission method throws an "402" exception.
// Get the list of plugins that support the delete operation.
if ((configuredPluginClasses == null) ||
}
noOfSuccess--;
}
try {
} else {
}
} catch (IdRepoUnsupportedOpException ide) {
if (getDebug().warningEnabled()) {
"IdServicesImpl.delete: "
+ "Unable to delete identity in the following "
+ ide.getMessage());
}
noOfSuccess--;
} catch (IdRepoFatalException idf) {
// fatal ..throw it all the way up
"IdServicesImpl.delete: Fatal Exception ", idf);
throw idf;
} catch (IdRepoException ide) {
"IdServicesImpl.delete: "
+ "Unable to delete identity in the following "
+ ide.getMessage());
}
noOfSuccess--;
}
}
}
if (getDebug().warningEnabled()) {
"IdServicesImpl.delete: "
}
throw origEx;
}
}
private void removeIdentityFromPrivileges(
) {
try {
mgr.addPrivilege(p);
}
}
} catch (SSOException ex) {
} catch (DelegationException ex) {
}
}
/*
* (non-Javadoc)
*/
throws IdRepoException, SSOException {
// Check permission first. If allowed then proceed, else the
// checkPermission method throws an "402" exception.
type);
// Get the list of plugins that support the read operation
if ((configuredPluginClasses == null) ||
}
// to avoid calling other plugins for special users
try {
attrNames));
return (combineAttrMaps(attrMapsSet, true));
}
}
} catch (Exception e) {
// Ignore and continue
}
}
try {
// do stuff to map attr names.
if (isString) {
} else {
}
} else {
if (isString) {
} else {
}
}
} catch (IdRepoUnsupportedOpException ide) {
if (getDebug().warningEnabled()) {
"IdServicesImpl.getAttributes: "
+ "Unable to read identity in the following "
+ ide.getMessage());
}
noOfSuccess--;
} catch (IdRepoFatalException idf) {
// fatal ..throw it all the way up
throw idf;
} catch (IdRepoException ide) {
"IdServicesImpl.getAttributes: "
+ "Unable to read identity in the following "
+ ide.getMessage());
}
noOfSuccess--;
}
}
if (noOfSuccess == 0) {
if (getDebug().warningEnabled()) {
}
throw origEx;
}
}
/*
* (non-Javadoc)
*/
public Map getAttributes(
) throws IdRepoException, SSOException {
// Check permission first. If allowed then proceed, else the
// checkPermission method throws an "402" exception.
// Get the list of plugins that support the read operation.
if ((configuredPluginClasses == null) ||
}
// to avoid calling other plugins for special users
try {
return (combineAttrMaps(attrMapsSet, true));
}
}
} catch (Exception e) {
// Ignore and continue
}
}
try {
} else {
}
if (getDebug().messageEnabled()) {
"before reverseMapAttributeNames aMap=" +
}
if (getDebug().messageEnabled()) {
"after before reverseMapAttributeNames attrMapsSet=" +
null));
}
}
} catch (IdRepoUnsupportedOpException ide) {
"IdServicesImpl.getAttributes: "
+ "Unable to read identity in the following "
+ ide.getMessage());
}
noOfSuccess--;
} catch (IdRepoFatalException idf) {
// fatal ..throw it all the way up
+ "Fatal Exception ", idf);
throw idf;
} catch (IdRepoException ide) {
+ "Unable to read identity in the following "
+ ide.getMessage());
}
noOfSuccess--;
}
}
if (noOfSuccess == 0) {
if (getDebug().warningEnabled()) {
+ "Unable to get attributes for identity "
}
throw origEx;
} else {
return returnMap;
}
}
/*
* (non-Javadoc)
*/
throws IdRepoException, SSOException {
// Check permission first. If allowed then proceed, else the
// checkPermission method throws an "402" exception.
// Get the list of plugins that support the read operation.
if ((configuredPluginClasses == null) ||
}
boolean amsdkIncluded = false;
// IdRepo plugin does not support the idType for
// memberships
noOfSuccess--;
continue;
}
try {
if (isAMSDK) {
amsdkIncluded = true;
} else {
}
} catch (IdRepoUnsupportedOpException ide) {
"IdServicesImpl.getMembers: "
+ "Unable to read identity members in the following"
+ ide.getMessage());
}
noOfSuccess--;
} catch (IdRepoFatalException idf) {
// fatal ..throw it all the way up
"IdServicesImpl.getMembers: "
+ "Fatal Exception ", idf);
throw idf;
} catch (IdRepoException ide) {
"IdServicesImpl.getMembers: "
+ "Unable to read identity members in the following"
+ ide.getMessage());
}
noOfSuccess--;
}
}
if (noOfSuccess == 0) {
if (getDebug().warningEnabled()) {
"IdServicesImpl.getMembers: "
}
throw origEx;
} else {
return (Collections.EMPTY_SET);
}
} else {
return results;
}
}
/*
* (non-Javadoc)
*/
public Set getMemberships(
) throws IdRepoException, SSOException {
// Check permission first. If allowed then proceed, else the
// checkPermission method throws an "402" exception.
// Get the list of plugins that support the read operation.
if ((configuredPluginClasses == null) ||
}
// If Special Identity, call SpecialRepo
try {
name, membershipType));
}
}
} catch (Exception e) {
// Ignore and continue
}
}
boolean amsdkIncluded = false;
// IdRepo plugin does not support the idType for
// memberships
noOfSuccess--;
continue;
}
try {
if (isAMSDK) {
amsdkIncluded = true;
} else {
}
} catch (IdRepoUnsupportedOpException ide) {
"IdServicesImpl.getMemberships: "
+ "Unable to get memberships in the following "
+ ide.getMessage());
}
noOfSuccess--;
} catch (IdRepoFatalException idf) {
// fatal ..throw it all the way up
"IdServicesImpl.getMemberships: "
+ "Fatal Exception ", idf);
throw idf;
} catch (IdRepoException ide) {
"IdServicesImpl.getMemberships: "
+ "Unable to read identity in the following "
}
noOfSuccess--;
}
}
if (noOfSuccess == 0) {
if (getDebug().warningEnabled()) {
"IdServicesImpl.getMemberships: "
}
throw origEx;
} else {
return (Collections.EMPTY_SET);
}
} else {
return results;
}
}
/*
* (non-Javadoc)
*/
// Check permission first. If allowed then proceed, else the
// checkPermission method throws an "402" exception.
// Get the list of plugins that support the read operation.
if ((configuredPluginClasses == null) ||
}
// To avoid loading other plugins
try {
}
}
// Ignore the exception
}
}
// Iterate through other plugins
boolean exists = false;
try {
if (exists) {
break;
}
}
// Ignore the exception if not found in one plugin.
// Iterate through all configured plugins and look for the
// identity and if found break the loop, if not finally return
// false.
}
return exists;
}
// Check permission first. If allowed then proceed, else the
// checkPermission method throws an "402" exception.
// First get the list of plugins that support the create operation.
if ((configuredPluginClasses == null) ||
}
// To avoid loading other plugins
try {
}
}
// Ignore exception
}
}
// Iterator through the plugins
boolean active = false;
try {
// Already checked above
noOfSuccess--;
continue;
} else {
}
if (active) {
break;
}
} catch (IdRepoFatalException idf) {
// fatal ..throw it all the way up
throw idf;
} catch (IdRepoException ide) {
+ "Unable to check isActive identity in the "
+ "following repository "
+ ide.getMessage());
}
noOfSuccess--;
}
}
if (noOfSuccess == 0) {
if (getDebug().warningEnabled()) {
"IdServicesImpl.isActive: "
}
throw origEx;
} else {
throw new IdRepoUnsupportedOpException(
}
}
return active;
}
/*
* (non-Javadoc)
*/
throws SSOException, IdRepoException {
// Check permission first. If allowed then proceed, else the
// checkPermission method throws an "402" exception.
// First get the list of plugins that support the edit operation.
if ((configuredPluginClasses == null) ||
}
try {
} else {
}
} catch (IdRepoUnsupportedOpException ide) {
+ "Unable to set attributes in the following "
}
noOfSuccess--;
} catch (IdRepoFatalException idf) {
// fatal ..throw it all the way up
throw idf;
} catch (IdRepoException ide) {
"Unable to setActiveStatus in the " +
}
noOfSuccess--;
// 220 is entry not found. this error should have lower
// precedence than other error because we search thru all
// the ds and this entry might exist in one of the other ds.
}
}
}
if (noOfSuccess == 0) {
+ "datastore", origEx);
throw origEx;
}
}
private void validateMembers(
) throws IdRepoException, SSOException {
}
}
}
/*
* (non-Javadoc)
*/
throws IdRepoException, SSOException {
// Check permission first. If allowed then proceed, else the
// checkPermission method throws an "402" exception.
// First get the list of plugins that support the create operation.
if ((configuredPluginClasses == null) ||
}
//check if the identity exist
}
// IdRepo plugin does not support the idType for
// memberships
noOfSuccess--;
continue;
}
try {
} catch (IdRepoUnsupportedOpException ide) {
+ "Unable to modify memberships in the following"
+ ide.getMessage());
}
noOfSuccess--;
} catch (IdRepoFatalException idf) {
// fatal ..throw it all the way up
+ "Fatal Exception ", idf);
throw idf;
} catch (IdRepoException ide) {
+ "Unable to modify memberships in the following"
+ ide.getMessage());
}
noOfSuccess--;
}
}
if (noOfSuccess == 0) {
if (getDebug().warningEnabled()) {
}
throw origEx;
} else {
throw new IdRepoUnsupportedOpException(
}
}
}
/*
* (non-Javadoc)
*/
throws IdRepoException, SSOException {
// Check permission first. If allowed then proceed, else the
// checkPermission method throws an "402" exception.
type);
// First get the list of plugins that support the create operation.
if ((configuredPluginClasses == null) ||
}
try {
// do stuff to map attr names.
} else {
}
} catch (IdRepoUnsupportedOpException ide) {
"IdServicesImpl.removeAttributes: "
+ "Unable to modify identity in the following "
+ ide.getMessage());
}
noOfSuccess--;
} catch (IdRepoFatalException idf) {
// fatal ..throw it all the way up
"Fatal Exception ", idf);
throw idf;
} catch (IdRepoException ide) {
+ "Unable to remove attributes in the following "
+ ide.getMessage());
}
noOfSuccess--;
// 220 is entry not found. this error should have lower
// precedence than other errors because we search through
// all the ds and this entry might exist in one of the other ds.
}
}
}
if (noOfSuccess == 0) {
if (getDebug().warningEnabled()) {
"IdServicesImpl.removeAttributes: "
+ "Unable to remove attributes for identity "
+ " in any configured data store", origEx);
}
throw origEx;
}
}
// Check permission first. If allowed then proceed, else the
// checkPermission method throws an "402" exception.
// In the case of web services security (wss), a search is performed
// with the identity of shared agent and a filter.
// Since shared agents do not have search permissions, might have to
// use admintoken and check permissions on matched objects.
boolean checkPermissionOnObjects = false;
try {
} catch (IdRepoException ire) {
// If permission denied and control has search filters
// perform the search and check permissions on the matched objects
throw (ire);
}
// Check permissions after obtaining the matched objects
checkPermissionOnObjects = true;
}
// First get the list of plugins that support the create operation.
if ((configuredPluginClasses == null) ||
}
boolean amsdkIncluded = false;
int iterNo = 0;
}
try {
amsdkIncluded = true;
} else {
iterNo++;
}
} catch (IdRepoUnsupportedOpException ide) {
"IdServicesImpl.search: "
+ "Unable to search in the following repository "
+ ide.getMessage());
}
noOfSuccess--;
} catch (IdRepoFatalException idf) {
// fatal ..throw it all the way up
"IdServicesImpl.search: Fatal Exception ", idf);
throw idf;
} catch (IdRepoException ide) {
"IdServicesImpl.search: "
+ "Unable to search identity in the following"
+ ide.getMessage());
}
noOfSuccess--;
}
}
if (noOfSuccess == 0) {
if (getDebug().warningEnabled()) {
"IdServicesImpl.search: "
+ "::" + pattern
+ " in any configured data store", origEx);
}
throw origEx;
} else {
if (checkPermissionOnObjects) {
try {
// Permission checked, add to newRes
} catch (Exception e) {
// Ignore & continue
}
}
}
return res;
}
}
// Check the cache
if (specialIdentities != null) {
return (specialIdentities);
}
// get the "SpecialUser plugin
if (repo instanceof SpecialRepo) {
}
}
}
// If no plugins found, return empty results
if (pluginClasses.isEmpty()) {
return (emptyUserIdentities);
} else {
false);
}
return (specialIdentities);
}
if (ServiceManager.isConfigMigratedTo70() &&
// Check the cache
if (specialIdentityNames == null) {
// get the "SpecialUser plugin
if (repo instanceof SpecialRepo) {
}
}
}
}
if ((specialIdentityNames != null) &&
!specialIdentityNames.isEmpty()) {
}
}
return (false);
}
// Check permission first. If allowed then proceed, else the
// checkPermission method throws an "402" exception.
}
if ((configuredPluginClasses == null) ||
}
try {
// do stuff to map attr names.
if (isString) {
isAdd);
} else {
attributes, isAdd);
}
} else {
if (isString) {
isAdd);
} else {
attributes, isAdd);
}
}
} catch (IdRepoUnsupportedOpException ide) {
+ "Unable to set attributes in the following "
+ "repository "
}
noOfSuccess--;
} catch (IdRepoFatalException idf) {
// fatal ..throw it all the way up
"IdServicesImpl.setAttributes: Fatal Exception ", idf);
throw idf;
} catch (IdRepoException ide) {
"IdServicesImpl.setAttributes: "
+ "Unable to modify identity in the "
+ "following repository "
+ ide.getMessage());
}
noOfSuccess--;
// 220 is entry not found. this error should have lower
// precedence than other error because we search thru
// all the ds and this entry might exist in one of the other ds.
}
}
}
if (noOfSuccess == 0) {
if (getDebug().warningEnabled()) {
"IdServicesImpl.setAttributes: "
+ "Unable to set attributes for identity "
+ " store", origEx);
}
throw origEx;
}
}
// Check permission first. If allowed then proceed, else the
// checkPermission method throws an "402" exception.
type);
}
if ((configuredPluginClasses == null) ||
}
}
try {
} else {
}
} catch (IdRepoUnsupportedOpException ide) {
+ "Unable to change password in the following "
+ "repository "
}
noOfSuccess--;
} catch (IdRepoFatalException idf) {
// fatal ..throw it all the way up
"IdServicesImpl.changePassword: Fatal Exception ", idf);
throw idf;
} catch (IdRepoException ide) {
"IdServicesImpl.changePassword: "
+ "Unable to change password "
+ "following repository "
+ ide.getMessage());
}
noOfSuccess--;
// 220 is entry not found. this error should have lower
// precedence than other error because we search thru
// all the ds and this entry might exist in one of the other ds.
}
}
}
if (noOfSuccess == 0) {
if (getDebug().warningEnabled()) {
"IdServicesImpl.changePassword: "
+ "Unable to change password for identity "
+ " store", origEx);
}
throw origEx;
}
}
throws IdRepoException, SSOException {
// Check permission first. If allowed then proceed, else the
// checkPermission method throws an "402" exception.
// Get the list of plugins that support the service operation.
if ((configuredPluginClasses == null) ||
return (configuredPluginClasses);
} else {
null);
}
}
try {
} else {
}
}
} catch (IdRepoUnsupportedOpException ide) {
"IdServicesImpl.getAssignedServices: "
+ "Services not supported for repository "
+ ide.getMessage());
}
noOfSuccess--;
} catch (IdRepoFatalException idf) {
// fatal ..throw it all the way up
"Fatal Exception ", idf);
throw idf;
} catch (IdRepoException ide) {
+ "Unable to get services for identity "
+ "in the following repository "
+ ide.getMessage());
}
noOfSuccess--;
}
}
if (noOfSuccess == 0) {
if (getDebug().warningEnabled()) {
+ "Unable to get assigned services for identity "
+ " in any configured data store", origEx);
}
throw origEx;
} else {
return resultsSet;
}
}
// Check permission first. If allowed then proceed, else the
// checkPermission method throws an "402" exception.
// Get the list of plugins that support the service operation.
if (configuredPluginClasses == null
|| configuredPluginClasses.isEmpty()) {
}
try {
} else {
attrMap);
}
} catch (IdRepoUnsupportedOpException ide) {
+ "Assign Services not supported for repository "
}
noOfSuccess--;
} catch (IdRepoFatalException idf) {
// fatal ..throw it all the way up
"IdServicesImpl.assignService: FatalException ", idf);
throw idf;
} catch (IdRepoException ide) {
"IdServicesImpl.assignService: "
+ "Unable to assign Service identity in "
+ "the following repository "
+ ide.getMessage());
}
noOfSuccess--;
}
}
if (noOfSuccess == 0) {
if (getDebug().warningEnabled()) {
"IdServicesImpl.assignService: "
+ "Unable to assign service for identity "
}
throw origEx;
}
}
throws IdRepoException, SSOException {
// Check permission first. If allowed then proceed, else the
// checkPermission method throws an "402" exception.
type);
// Get the list of plugins that support the service operation.
if ((configuredPluginClasses == null) ||
) {
}
try {
attrMap);
} else {
attrMap);
}
} catch (IdRepoUnsupportedOpException ide) {
"IdServicesImpl.unassignService: "
+ "Unassign Service not supported for repository "
}
noOfSuccess--;
} catch (IdRepoFatalException idf) {
// fatal ..throw it all the way up
"IdServicesImpl.unassignService: Fatal Exception ", idf);
throw idf;
} catch (IdRepoException ide) {
"IdServicesImpl.unassignService: "
+ "Unable to unassign service in the "
+ "following repository "
+ ide.getMessage());
}
noOfSuccess--;
}
}
if (noOfSuccess == 0) {
if (getDebug().warningEnabled()) {
"IdServicesImpl.unassignService: "
+ "Unable to unassign Service for identity "
+ "data store ", origEx);
}
throw origEx;
}
}
/**
* Non-javadoc, non-public methods
* Get the service attributes of the name identity. Traverse to the global
* configuration if necessary until all attributes are found or reached
* the global area whichever occurs first.
*
* @param token is the sso token of the person performing this operation.
* @param type is the identity type of the name parameter.
* @param name is the identity we are interested in.
* @param serviceName is the service we are interested in
* @param attrNames are the name of the attributes wer are interested in.
* @param amOrgName is the orgname.
* @param amsdkDN is the amsdkDN.
* @throws IdRepoException if there are repository related error conditions.
* @throws SSOException if user's single sign on token is invalid.
*/
do {
// name is the name of AMIdentity object. will change as we move
// up the tree.
// attrNames is missingAttr and will change as we move up the tree.
// amOrgname will change as we move up the tree.
// amsdkDN will change as we move up the tree.
try {
if (getDebug().messageEnabled()) {
+ "getServiceAttributesAscending:"
+ "; nextAmsdkDN=" + nextAmsdkDN);
+ "serviceResult=" + serviceResult);
+ " finalResult=" + finalResult);
+ " finalAttrName=" + finalAttrName);
}
if (serviceResult != null) {
// save the newly found attrs
// amsdk returns emptyset when attrname is not present.
}
}
if (getDebug().messageEnabled()) {
+ " serviceResult=" + serviceResult);
+ " finalResult=" + finalResult);
}
}
if (getDebug().messageEnabled()) {
+ " finalResult=" + finalResult);
}
return(finalResult);
}
// find the missing attributes
missingAttr.clear();
}
}
} catch (IdRepoException idrepo) {
if (getDebug().warningEnabled()) {
+ "idrepoerr", idrepo);
}
} catch (SSOException ssoex) {
if (getDebug().warningEnabled()) {
+ "ssoex", ssoex);
}
}
// go up to the parent org
try {
// try the user or agent's currect realm.
} else {
if (getDebug().messageEnabled()) {
+ " tmpParentName=" + tmpParentName
+ " parentName=" + parentName);
}
// at root.
} else {
}
}
} catch (SMSException smse) {
if (getDebug().warningEnabled()) {
+ "smserror", smse);
}
}
// get the rest from global.
if (!missingAttr.isEmpty()) {
try {
}
} catch (SMSException smse) {
if (getDebug().messageEnabled()) {
"IdServicesImpl(): getServiceAttributeAscending "
+ " Failed to get global default.", smse);
}
}
}
if (getDebug().messageEnabled()) {
+ " finalResult=" + finalResult);
}
return finalResult;
}
throws IdRepoException, SSOException {
}
}
throws IdRepoException, SSOException {
// Check permission first. If allowed then proceed, else the
// checkPermission method throws an "402" exception.
type);
// First get the list of plugins that support the create operation.
// use IdOperation.READ insteadof IdOperation.SERVICE. IdRepo for
// AD doesn't support SERVICE because service object classes can't
// exist in user entry. So IdRepo.getServiceAttributes won't get
// user attributes. But IdRepo.getServiceAttributes will also read
// realm service attributes. We should move the code that reads
// ealm service attributes in IdRepo.getServiceAttributes to this class
// later. Only after that we can use IdOperation.SERVICE.
if (configuredPluginClasses == null
|| configuredPluginClasses.isEmpty()) {
}
try {
serviceName, attrNames) :
serviceName, attrNames));
} else {
serviceName, attrNames) :
serviceName, attrNames));
}
} catch (IdRepoUnsupportedOpException ide) {
"IdServicesImpl.getServiceAttributes: "
+ "Services not supported for repository "
}
noOfSuccess--;
} catch (IdRepoFatalException idf) {
// fatal ..throw it all the way up
"IdServicesImpl.getServiceAttributes: Fatal Exception ",
idf);
throw idf;
} catch (IdRepoException ide) {
"IdServicesImpl.getServiceAttributes: "
+ "Unable to get service "
+ "attributes for the repository "
}
noOfSuccess--;
}
}
if (noOfSuccess == 0) {
if (getDebug().warningEnabled()) {
"IdServicesImpl.getServiceAttributes: "
+ "Unable to get service attributes for identity "
+ " in any configured data store", origEx);
}
throw origEx;
} else {
return resultsMap;
}
}
// Check permission first. If allowed then proceed, else the
// checkPermission method throws an "402" exception.
// Get the list of plugins that support the service operation.
if ((configuredPluginClasses == null) ||
}
try {
} else {
attrMap);
}
} catch (IdRepoUnsupportedOpException ide) {
+ "Modify Services not supported for repository "
}
noOfSuccess--;
} catch (IdRepoFatalException idf) {
// fatal ..throw it all the way up
"IdServicesImpl.modifyService: Fatal Exception ", idf);
throw idf;
} catch (IdRepoException ide) {
"IdServicesImpl.modifyService: "
+ "Unable to modify service in the "
+ "following repository "
+ ide.getMessage());
}
noOfSuccess--;
}
}
if (noOfSuccess == 0) {
if (getDebug().warningEnabled()) {
"IdServicesImpl.modifyService: "
+ "Unable to modify service attributes for identity "
+ " in any configured data store");
}
"302", args);
}
}
throws IdRepoException, SSOException {
if (configuredPluginClasses == null
|| configuredPluginClasses.isEmpty()) {
}
}
}
// Check if the supportedTypes is defined as supported in
// the global schema.
return unionSupportedTypes;
}
// First get the list of plugins that support the create operation.
if (configuredPluginClasses == null
|| configuredPluginClasses.isEmpty()) {
}
if (repo instanceof SpecialRepo) {
continue;
}
}
}
return unionSupportedOps;
}
if (isString) {
} else {
/*
* create a new Set so that we do not alter the set
* that is referenced in setOfMaps
*/
}
} else { // binary attributes
byte[][] tmpSet = new byte[combinedSize][];
}
}
} else {
}
}
}
}
}
return resultMap;
}
return attrMap;
}
} else {
resultMap = new CaseInsensitiveHashMap();
} else {
}
}
}
return resultMap;
}
return attrNames;
}
} else {
resultSet = new CaseInsensitiveHashSet();
} else {
}
}
}
return resultSet;
}
return attrMap;
}
} else {
resultMap = new CaseInsensitiveHashMap();
} else {
}
}
}
return resultMap;
}
if (amsdkIncluded) {
if (amsdkMemberships != null) {
m);
}
}
}
continue;
}
// add to results, if not already there!
null);
}
}
}
return results;
}
if (amsdkIncluded) {
}
}
for (int i = 0; i < sizeOfArray; i++) {
}
}
}
true);
}
return results;
}
return null;
} else {
if (eqIndex > -1) {
} else {
}
}
return returnArray;
}
}
if (!ServiceManager.isConfigMigratedTo70()) {
// Config not migrated to 7.0 which means this is
// in coexistence mode. Do not perform any delegation check
return true;
}
// thisAction = readAction;
// TODO This is a temporary fix where-in all users are
// being allowed read permisions, till delegation component
// is fixed to support "user self read" operations
} else {
}
try {
}
}
};
args);
}
return true;
} catch (DelegationException dex) {
"Got Delegation Exception: ", dex);
}
}
protected void clearSpecialIdentityCache() {
}
public void clearIdRepoPlugins() {
}
int type) {
}
public void reloadIdRepoServiceSchema() {
}
}