AMSDKRepo.java revision 6340439720654d76109888406a64026599d7142f
/**
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
*
* Copyright (c) 2005 Sun Microsystems Inc. All Rights Reserved
*
* The contents of this file are subject to the terms
* of the Common Development and Distribution License
* (the License). You may not use this file except in
* compliance with the License.
*
* You can obtain a copy of the License at
* See the License for the specific language governing
* permission and limitations under the License.
*
* When distributing Covered Code, include this CDDL
* Header Notice in each file and include the License file
* at opensso/legal/CDDLv1.0.txt.
* If applicable, add the following below the CDDL Header,
* with the fields enclosed by brackets [] replaced by
* your own identifying information:
* "Portions Copyrighted [year] [name of copyright owner]"
*
* $Id: AMSDKRepo.java,v 1.28 2009/12/25 05:54:05 hengming Exp $
*
*/
/*
* Portions Copyrighted 2011 ForgeRock AS
*/
// private Map configMap = new AMHashMap();
private boolean dataStoreRecursive = false;
public AMSDKRepo() {
}
/*
* (non-Javadoc)
*
* @see com.sun.identity.idm.IdRepo#addListener(com.iplanet.sso.SSOToken,
* com.iplanet.am.sdk.AMObjectListener, java.util.Map)
*/
throws IdRepoException, SSOException {
// TODO Auto-generated method stub
synchronized (listeners) {
}
myListener = listnr;
return 0;
}
/*
* (non-Javadoc)
*
* @see com.sun.identity.idm.IdRepo#removeListener()
*/
public void removeListener() {
synchronized (listeners) {
}
}
/*
* (non-Javadoc)
*
* @see com.sun.identity.idm.IdRepo#create(com.iplanet.sso.SSOToken,
* com.sun.identity.idm.IdType, java.lang.String, java.util.Map)
*/
throws IdRepoException, SSOException {
if (debug.messageEnabled()) {
+ name);
}
: sc;
try {
+ " plugin: Org DN is wrong = " + orgDN);
null);
}
} catch (AMException ame) {
+ " initializing AM SDK ", ame);
"304", args);
throw ide;
}
try {
}
} catch (AMException ame) {
}
return dn;
}
/*
* (non-Javadoc)
*
* @see com.sun.identity.idm.IdRepo#delete(com.iplanet.sso.SSOToken,
* com.sun.identity.idm.IdType, java.lang.String)
*/
throws IdRepoException, SSOException {
if (debug.messageEnabled()) {
+ name);
}
try {
}
} catch (AMException ame) {
}
}
/*
* (non-Javadoc)
*
* @see com.sun.identity.idm.IdRepo#getAttributes(com.iplanet.sso.SSOToken,
* com.sun.identity.idm.IdType, java.lang.String, java.util.Set)
*/
: sc;
if (debug.messageEnabled()) {
}
// Use adminToken if present
if (adminToken != null) {
token = adminToken;
}
try {
false, profileType);
} else {
args);
}
} catch (AMException ame) {
}
}
/*
* (non-Javadoc)
*
* @see com.sun.identity.idm.IdRepo#getAttributes(com.iplanet.sso.SSOToken,
* com.sun.identity.idm.IdType, java.lang.String)
*/
throws IdRepoException, SSOException {
: sc;
if (debug.messageEnabled()) {
}
// Use adminToken if present
if (adminToken != null) {
token = adminToken;
}
try {
} else {
args);
}
} catch (AMException ame) {
}
}
/*
* (non-Javadoc)
*
* @see com.sun.identity.idm.IdRepo#getBinaryAttributes(
* com.iplanet.sso.SSOToken, com.sun.identity.idm.IdType,
* java.lang.String, java.util.Set)
*/
if (debug.messageEnabled()) {
}
: sc;
// Use adminToken if present
if (adminToken != null) {
token = adminToken;
}
try {
} else {
args);
}
} catch (AMException ame) {
}
}
/*
* (non-Javadoc)
*
* @see com.sun.identity.idm.IdRepo#getConfiguration()
*/
public Map getConfiguration() {
return super.getConfiguration();
}
/*
* (non-Javadoc)
*
* @see com.sun.identity.idm.IdRepo#getMembers(com.iplanet.sso.SSOToken,
* com.sun.identity.idm.IdType, java.lang.String,
* com.sun.identity.idm.IdType)
*/
if (debug.messageEnabled()) {
+ ": " + membersType);
}
: sc;
+ " for Users or Agents");
try {
} catch (AMException ame) {
throw ide;
}
} else {
args);
}
try {
} catch (AMException ame) {
}
} else {
args);
}
try {
} catch (AMException ame) {
"AMSDKRepo: Unable to get user memberships for "
}
} else {
args);
}
} else {
"305", args);
}
return results;
}
if (debug.messageEnabled()) {
}
: sc;
+ " Users is not allowed ");
} else {
try {
} catch (AMException ame) {
throw ide;
}
try {
} catch (AMException ame) {
}
try {
} catch (AMException ame) {
}
} else { // Memberships of any other types not supported for
// users.
+ "entities " + " not supported for Users");
membershipType.getName() };
args);
}
}
return results;
}
}
public Set getSupportedTypes() {
return supportedOps.keySet();
}
/*
* (non-Javadoc)
*
* @see com.sun.identity.idm.IdRepo#initialize(java.util.Map)
*/
super.initialize(configParams);
if (debug.messageEnabled()) {
}
} else {
}
if (adminToken == null) {
try {
} catch (SSOException ssoe) {
// do nothing ... but log the error
+ " AMStoreConnection...", ssoe);
}
}
if ((consoleRecursiveFlg != null) &&
(!consoleRecursiveFlg.isEmpty())) {
dataStoreRecursive = true;
}
}
"sun-idrepo-amSDK-config-people-container-name");
"sun-idrepo-amSDK-config-people-container-value");
(!pcValueSet.isEmpty())) {
}
}
"sun-idrepo-amSDK-config-agent-container-name");
"sun-idrepo-amSDK-config-agent-container-value");
(!agentValueSet.isEmpty())) {
}
}
}
throws IdRepoException, SSOException {
if (debug.messageEnabled()) {
}
try {
} catch (IdRepoException ide) {
return false;
}
}
throws SSOException {
: sc;
try {
return entity.isActivated();
} catch (AMException ame) {
return false;
} catch (IdRepoException ide) {
return false;
}
}
/* (non-Javadoc)
* @see com.sun.identity.idm.IdRepo#setActiveStatus(
com.iplanet.sso.SSOToken, com.sun.identity.idm.IdType,
java.lang.String, boolean)
*/
throws IdRepoException, SSOException {
try {
if (active) {
} else {
entity.deactivate();
}
} catch (AMException ame) {
}
}
throws IdRepoException, SSOException {
if (debug.messageEnabled()) {
}
}
+ " agents is not supported");
}
+ " be made a member of any identity"
+ membersType.getName());
}
}
: sc;
try {
switch (operation) {
case ADDMEMBER:
break;
case REMOVEMEMBER:
}
} catch (AMException ame) {
+ "exception while adding users to groups", ame);
}
try {
switch (operation) {
case ADDMEMBER:
break;
case REMOVEMEMBER:
}
} catch (AMException ame) {
+ " to roles", ame);
}
} else {
// throw an exception
}
}
/*
* (non-Javadoc)
*
* @see com.sun.identity.idm.IdRepo#removeAttributes(
* com.iplanet.sso.SSOToken,
* com.sun.identity.idm.IdType, java.lang.String, java.util.Set)
*/
// TODO Auto-generated method stub
if (debug.messageEnabled()) {
}
// Will do later. NOT BEING USED yet.
// NOT YET Implemented !!!!!!
}
/*
* (non-Javadoc)
*
* @see com.sun.identity.idm.IdRepo#search(com.iplanet.sso.SSOToken,
* com.sun.identity.idm.IdType, java.lang.String, java.util.Map,
* boolean, int, int, java.util.Set)
*/
if (debug.messageEnabled()) {
+ ": " + avPairs);
}
}
// String avFilter = AMObjectImpl.constructFilter(avPairs);
ctrl.setAllReturnAttributes(true);
} else {
}
try {
: sc;
switch (profileType) {
} else {
// avPairs is being passed. Create an OR condition
// filter.
}
if (recursive) {
// It could be an Auth
// search and if no matching user found then we need
// to do a scope-sub search
// SCOPE_SUB search to find exactly one user.
// Throw an exception if more than one
// matching is found.
} else {
avPairs);
}
}
}
break;
case 100:
// results = ou.searchEntities(pattern, ctrl, avFilter, null);
break;
case AMObject.STATIC_GROUP:
break;
break;
case AMObject.FILTERED_ROLE:
break;
default:
args);
}
} catch (AMException ame) {
ame);
;
}
}
/*
* (non-Javadoc)
*
* @see com.sun.identity.idm.IdRepo#search(com.iplanet.sso.SSOToken,
* com.sun.identity.idm.IdType, java.lang.String, int, int,
* java.util.Set, boolean, int, java.util.Map)
*/
boolean recursive)
throws IdRepoException, SSOException {
if (debug.messageEnabled()) {
+ ": " + avPairs);
}
}
if (returnAllAttrs) {
ctrl.setAllReturnAttributes(true);
} else {
}
}
try {
switch (profileType) {
if (!dataStoreRecursive) {
} else {
}
} else {
if (!dataStoreRecursive) {
"," + orgDN;
} else {
}
}
} else {
// avPairs is being passed. Create an OR condition
// filter.
}
break;
case 100:
// IdType is Agent.
if (!dataStoreRecursive) {
} else {
}
} else {
if (!dataStoreRecursive) {
"," + orgDN;
} else {
}
}
// fix 6515502
} else {
// avPairs is being passed. Create an OR condition
// filter.
}
break;
case AMObject.STATIC_GROUP:
break;
break;
case AMObject.FILTERED_ROLE:
break;
default:
args);
}
} catch (AMException ame) {
"AMSDKRepo.search: Unable to perform search operation",
ame);
}
// Agent profile type...if container does not exist
// then return empty results
return new RepoSearchResults(new HashSet(),
}
}
}
/**
* Sets the Attributes of the named identity. the single sign on
* token must have the necessary permission to set the attributes.
*
* @param token
* single sign on token for this operation.
* @param type
* type of the identity
* @param name
* name of the identity
* @param attributes
* attributes to set.
* @param isAdd
* should attributes values be added to existing values.
* @throws IdRepoException
* if there are repository related error conditions.
* @throws SSOException
* if user's single sign on token is invalid.
*/
throws IdRepoException, SSOException {
if (debug.messageEnabled()) {
} else {
}
}
}
try {
if (adminToken != null) {
token = adminToken;
}
false);
} catch (AMException ame) {
ame);
//Throw Fatal exception for errCode 19(eg.,Password too short)
//as it breaks password policy for password length.
throw ide;
} else {
}
}
}
throws IdRepoException, SSOException {
if (debug.messageEnabled()) {
}
}
try {
if (adminToken != null) {
token = adminToken;
}
false), attributes, false);
} catch (AMException ame) {
"AMSDKRepo.setBinaryAttributes: Unable to set attributes",
ame);
}
}
throws IdRepoException, SSOException {
if (debug.messageEnabled()) {
}
"229", args);
}
try {
} catch (AMException ame) {
}
}
// check for binary attributes.
boolean foundBin = false;
if (!foundBin) {
// need to seperate into binary and string
// attribute map
binAttrMap = new HashMap();
}
foundBin = true;
}
}
if (foundBin) {
} else {
}
}
throws IdRepoException, SSOException{
// check for binary attributes.
boolean foundBin = false;
if (!foundBin) {
// need to seperate into binary and string
// attribute map
binAttrMap = new HashMap();
}
foundBin = true;
} else {
binAttrMap = new HashMap();
}
}
try {
if (foundBin) {
} else {
}
} catch (AMException ame) {
}
}
throws IdRepoException, SSOException {
"213", args);
}
// Use adminToken if present
if (adminToken != null) {
token = adminToken;
}
// Set oldOCs = getAttribute("objectclass");
// Map tmpMap = new HashMap();
// tmpMap.put("objectclass", (Set) attrMap.get("objectclass"));
}
try {
// Check if service is already assigned
}
} catch (AMException ame) {
// do nothing. Definition already exists. That's OK.
} else {
}
}
try {
// Remove OCs. Those are needed only when setting service
// for users, not roles.
try {
} catch (NumberFormatException ex) {
if (debug.warningEnabled()) {
}
}
}
} catch (AMException ame) {
}
}
}
"213", args);
}
// Use adminToken if present
if (adminToken != null) {
token = adminToken;
}
// Get the object classes that need to be remove from Service Schema
// Get the attributes that need to be removed
}
}
// Will be AMHashMap, So the attr names will be in lower case
try {
// remove attribute one at a time, so if the first
// one fails, it will keep continue to remove
// other attributes.
if (debug.messageEnabled()) {
+ "Error occured while removing attribute: "
+ attrName);
}
}
}
}
// Now update the object class attribute
try {
}
/*
* amdm.unRegisterService(token, orgDN, AMObject.ORGANIZATION,
* serviceName, AMTemplate.DYNAMIC_TEMPLATE);
*/
} catch (AMException ame) {
ame);
}
try {
}
/*
* amdm.unRegisterService(token, orgDN, AMObject.ORGANIZATION,
* serviceName, AMTemplate.DYNAMIC_TEMPLATE);
*/
} catch (AMException ame) {
ame);
}
} else {
"213", args);
}
}
"213", args);
}
if (mapOfServiceNamesandOCs == null
|| mapOfServiceNamesandOCs.isEmpty()) {
return resultsSet;
}
}
}
// Check to see if COS template exists.
try {
new AMStoreConnection(token)
: sc;
}
} catch (AMException ame) {
// throw IdUtils.convertAMException(ame);
// Ignore this exception..the service might not have
// dynamic attributes. Continue iterating.
}
}
// Check to see if COS template exists.
try {
new AMStoreConnection(token)
: sc;
}
} catch (AMException ame) {
// throw IdUtils.convertAMException(ame);
// ignore this exception
}
}
} else {
"213", args);
}
return resultsSet;
}
/*
* (non-Javadoc)
*
* @see com.sun.identity.idm.IdRepo#getServiceAttributes(
* com.iplanet.sso.SSOToken,
* com.sun.identity.idm.IdType, java.lang.String, java.lang.String,
* java.util.Set)
*/
throw new IdRepoUnsupportedOpException(
} else {
attrNames, true);
}
}
/*
* (non-Javadoc)
*
* @see com.sun.identity.idm.IdRepo#getBinaryServiceAttributes(
* com.iplanet.sso.SSOToken,
* com.sun.identity.idm.IdType, java.lang.String, java.lang.String,
* java.util.Set)
*/
throws IdRepoException, SSOException {
attrNames, false));
}
/*
* (non-Javadoc)
*
* @see com.sun.identity.idm.IdRepo#getServiceAttributes(
* com.iplanet.sso.SSOToken,
* com.sun.identity.idm.IdType, java.lang.String, java.lang.String,
* java.util.Set)
*/
throws IdRepoException, SSOException {
throw new IdRepoUnsupportedOpException(
return (isString ?
try {
return (isString ?
} else {
if (debug.messageEnabled()) {
+ "Service: " + serviceName
+ " is not assigned to DN: " + roleDN);
}
return (Collections.EMPTY_MAP);
}
} catch (AMException ame) {
}
try {
return (isString ?
} else {
args);
}
} catch (AMException ame) {
}
} else {
"213", args);
}
}
/*
* (non-Javadoc)
*
* @see com.sun.identity.idm.IdRepo#modifyService(com.iplanet.sso.SSOToken,
* com.sun.identity.idm.IdType, java.lang.String, java.lang.String,
* java.util.Map)
*/
throws IdRepoException, SSOException {
"213", args);
args);
} else {
}
// Need to modify COS definition and COS template.
args);
}
try {
} else {
args);
}
} catch (AMException ame) {
}
// Need to modify COS definition and COS template.
args);
}
try {
} else {
args);
}
} catch (AMException ame) {
}
}
}
int eventType) {
if (debug.messageEnabled()) {
+ "event to listeners.");
}
if (adminToken == null) {
try {
} catch (SSOException ssoe) {
// do nothing ... but log the error
+ "to initialize AMStoreConnection...", ssoe);
}
}
int type = 0;
try {
// If entry has been deleted, its type cannot be obtained
}
} catch (AMException amse) {
+ "to convert name to getAMObjectType.");
} catch (SSOException amsso) {
+ "to detemine permission.");
}
switch (type) {
case AMObject.STATIC_GROUP:
case AMObject.DYNAMIC_GROUP:
break;
break;
case AMObject.ORGANIZATION:
case AMObject.ORGANIZATIONAL_UNIT:
break;
case AMObject.MANAGED_ROLE:
break;
case AMObject.FILTERED_ROLE:
break;
default:
if (debug.messageEnabled()) {
"unknown matching type: type=" + type +
}
break;
}
synchronized (listeners) {
// agents were treated as users so we have to
// send agent change as well.
}
} else {
// Unknow idType, send notifications for all types
}
}
}
}
public static void notifyAllObjectsChangedEvent() {
if (debug.messageEnabled()) {
+ "event to listeners.");
}
synchronized (listeners) {
l.allObjectsChanged();
}
}
}
private void loadSupportedOps() {
.unmodifiableSet(opSet));
try {
}
} catch (SMSException smse) {
if (debug.messageEnabled()) {
}
} catch (SSOException ssoe) {
// should not happen
}
}
private String getDefaultPeopleContainerName() {
try {
}
}
} catch (SMSException smse) {
} catch (SSOException ssoe) {
}
return gcName;
}
private String getDefaultGroupContainerName() {
try {
}
}
} catch (SMSException smse) {
} catch (SSOException ssoe) {
}
return gcName;
}
private String getDefaultAgentContainerName() {
try {
}
}
} catch (SMSException smse) {
} catch (SSOException ssoe) {
}
return gcName;
}
throws IdRepoException, SSOException {
: sc;
try {
+ " plugin: Org DN is wrong = " + orgDN);
null);
}
} catch (AMException ame) {
+ " initializing AM SDK ", ame);
"304", args);
throw ide;
}
}
// If should contain at least one comma for it to be a DN
return name;
}
// initialization error. Throw an exception
}
} else {
}
try {
args);
}
} catch (AMException ame) {
}
"," + agentDN;
} else {
}
try {
if (sdkType != 100) {
args);
}
} catch (AMException ame) {
}
try {
args);
}
} catch (AMException ame) {
}
+ "," + orgDN;
try {
args);
}
} catch (AMException ame) {
}
try {
args);
}
} catch (AMException ame) {
}
// Hidden filtered role. No check should be done here
+ orgDN;
} else {
"305", args);
}
return dn;
}
int profileType;
profileType = 100;
} else {
"305", args);
}
return profileType;
}
throws IdRepoException, SSOException {
return OCValues;
}
return vals;
} else {
}
return tSet;
}
}
return null;
}
}
}
}
throws IdRepoException {
try {
} catch (LDAPServiceException ldex) {
if (debug.messageEnabled()) {
}
}
return (svrCfg);
}
/**
* Returns the fully qualified name for the identity. It is expected that
* the fully qualified name would be unique, hence it is recommended to
* prefix the name with the data store name or protocol. Used by IdRepo
* framework to check for equality of two identities
*
* @param token
* administrator SSOToken that can be used by the datastore to
* determine the fully qualified name
* @param type
* type of the identity
* @param name
* name of the identity
*
* @return fully qualified name for the identity within the data store
*/
throws IdRepoException, SSOException {
if (debug.messageEnabled()) {
}
// given idtype and name, we will do search to get its FDN.
"220", args);
}
}
/**
* Returns <code>true</code> if the data store supports authentication of
* identities. Used by IdRepo framework to authenticate identities.
*
* @return <code>true</code> if data store supports authentication of of
* identities; else <code>false</code>
*/
public boolean supportsAuthentication() {
if (debug.messageEnabled()) {
+ " authenticationEnabled=" + true);
}
return (true);
}
// Obtain user name and password from credentials and authenticate
if (credentials[i] instanceof NameCallback) {
if (debug.messageEnabled()) {
+ username);
}
} else if (credentials[i] instanceof PasswordCallback) {
.getPassword();
}
}
}
}
try {
} catch (LDAPUtilException ldapUtilEx) {
if (debug.messageEnabled()) {
}
}
// TODO?do one then sub?
if (debug.messageEnabled()) {
}
return (true);
}
if (debug.messageEnabled()) {
}
return (true);
}
return (false);
}
throws IdRepoException, AuthLoginException {
try {
+ "," + orgDN;
} else {
return (false);
}
} catch (AMException ame) {
if (debug.messageEnabled()) {
+ ame.getMessage());
}
return (false);
}
try {
// need to reset filter otherwise it appends
// new filter to previous.
}
} catch (LDAPUtilException ldapUtilEx) {
switch (ldapUtilEx.getLDAPResultCode()) {
if (debug.messageEnabled()) {
"The specified user does not exist. " +
"username=" + username);
}
throw new AuthLoginException(amAuthLDAP,
"NoUser", null);
if (debug.messageEnabled()) {
" Invalid password. username=" + username);
}
throw new InvalidPasswordException(amAuthLDAP,
if (debug.messageEnabled()) {
"Unwilling to perform. Account inactivated." +
" username" + username);
}
throw new AuthLoginException(amAuthLDAP,
"FConnect", null);
if (debug.messageEnabled()) {
"Inappropriate authentication. username="
+ username);
}
null);
if (debug.messageEnabled()) {
"Exceed password retry limit. username"
+ username);
}
throw new AuthLoginException(amAuthLDAP,
"ExceedRetryLimit", null);
default:
if (debug.messageEnabled()) {
"default exception. username=" + username);
}
}
}
}
}