Example 1 with IdSearchControl
use of com.sun.identity.idm.IdSearchControl in project OpenAM by OpenRock.
the class DevicePrintModule method getIdentity.
/**
* Gets the user's AMIdentity from LDAP.
*
* @return The AMIdentity for the user.
*/
public AMIdentity getIdentity() {
AMIdentity amIdentity = null;
AMIdentityRepository amIdRepo = getAMIdentityRepository(getRequestOrg());
IdSearchControl idsc = new IdSearchControl();
idsc.setAllReturnAttributes(true);
Set<AMIdentity> results = Collections.EMPTY_SET;
try {
idsc.setMaxResults(0);
IdSearchResults searchResults = amIdRepo.searchIdentities(IdType.USER, userName, idsc);
if (searchResults != null) {
results = searchResults.getSearchResults();
}
if (results.isEmpty()) {
DEBUG.error("DevicePrintModule.getIdentity : User " + userName + " is not found");
} else if (results.size() > 1) {
DEBUG.error("DevicePrintModule.getIdentity : More than one user found for the userName " + userName);
} else {
amIdentity = results.iterator().next();
}
} catch (IdRepoException e) {
DEBUG.error("DevicePrintModule.getIdentity : Error searching Identities with username : " + userName, e);
} catch (SSOException e) {
DEBUG.error("DevicePrintModule.getIdentity : Module exception : ", e);
}
return amIdentity;
}
Also used :
IdSearchResults(com.sun.identity.idm.IdSearchResults)
AMIdentity(com.sun.identity.idm.AMIdentity)
AMIdentityRepository(com.sun.identity.idm.AMIdentityRepository)
IdSearchControl(com.sun.identity.idm.IdSearchControl)
IdRepoException(com.sun.identity.idm.IdRepoException)
SSOException(com.iplanet.sso.SSOException)
Example 2 with IdSearchControl
use of com.sun.identity.idm.IdSearchControl in project OpenAM by OpenRock.
the class SearchIdentities method handleRequest.
/**
* Services a Commandline Request.
*
* @param rc Request Context.
* @throws CLIException if the request cannot serviced.
*/
public void handleRequest(RequestContext rc) throws CLIException {
super.handleRequest(rc);
SSOToken adminSSOToken = getAdminSSOToken();
IOutput outputWriter = getOutputWriter();
String realm = getStringOptionValue(IArgument.REALM_NAME);
String type = getStringOptionValue(ARGUMENT_ID_TYPE);
String filter = getStringOptionValue(IArgument.FILTER);
String[] params = { realm, type, filter };
writeLog(LogWriter.LOG_ACCESS, Level.INFO, "ATTEMPT_SEARCH_IDENTITIES", params);
// test if realm exists
try {
new OrganizationConfigManager(adminSSOToken, realm);
} catch (SMSException e) {
String[] args = { realm, type, filter, e.getMessage() };
debugError("SearchIdentities.handleRequest", e);
writeLog(LogWriter.LOG_ERROR, Level.INFO, "FAILED_SEARCH_IDENTITIES", args);
Object[] msgArg = { realm };
throw new CLIException(MessageFormat.format(getResourceString("realm-does-not-exist"), msgArg), ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
}
try {
AMIdentityRepository amir = new AMIdentityRepository(adminSSOToken, realm);
IdType idType = convert2IdType(type);
IdSearchResults isr = amir.searchIdentities(idType, filter, new IdSearchControl());
Set results = isr.getSearchResults();
if ((results != null) && !results.isEmpty()) {
if (idType.equals(IdType.USER)) {
IdSearchResults specialUsersResults = amir.getSpecialIdentities(IdType.USER);
results.removeAll(specialUsersResults.getSearchResults());
}
for (Iterator i = results.iterator(); i.hasNext(); ) {
AMIdentity amid = (AMIdentity) i.next();
String[] args = { amid.getName(), amid.getUniversalId() };
outputWriter.printlnMessage(MessageFormat.format(getResourceString("format-search-identities-results"), (Object[]) args));
}
} else {
outputWriter.printlnMessage(getResourceString("search-identities-no-entries"));
}
outputWriter.printlnMessage(MessageFormat.format(getResourceString("search-identities-succeed"), (Object[]) params));
writeLog(LogWriter.LOG_ACCESS, Level.INFO, "SUCCEED_SEARCH_IDENTITIES", params);
} catch (IdRepoException e) {
String[] args = { realm, type, filter, e.getMessage() };
debugError("SearchIdentities.handleRequest", e);
writeLog(LogWriter.LOG_ERROR, Level.INFO, "FAILED_SEARCH_IDENTITIES", args);
throw new CLIException(e, ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
} catch (SSOException e) {
String[] args = { realm, type, filter, e.getMessage() };
debugError("SearchIdentities.handleRequest", e);
writeLog(LogWriter.LOG_ERROR, Level.INFO, "FAILED_SEARCH_IDENTITIES", args);
throw new CLIException(e, ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
}
}
Also used :
SSOToken(com.iplanet.sso.SSOToken)
Set(java.util.Set)
SMSException(com.sun.identity.sm.SMSException)
IdSearchResults(com.sun.identity.idm.IdSearchResults)
IdRepoException(com.sun.identity.idm.IdRepoException)
SSOException(com.iplanet.sso.SSOException)
IdType(com.sun.identity.idm.IdType)
IOutput(com.sun.identity.cli.IOutput)
OrganizationConfigManager(com.sun.identity.sm.OrganizationConfigManager)
AMIdentity(com.sun.identity.idm.AMIdentity)
AMIdentityRepository(com.sun.identity.idm.AMIdentityRepository)
IdSearchControl(com.sun.identity.idm.IdSearchControl)
Iterator(java.util.Iterator)
CLIException(com.sun.identity.cli.CLIException)
Example 3 with IdSearchControl
use of com.sun.identity.idm.IdSearchControl in project OpenAM by OpenRock.
the class LoginState method searchIdentity.
/**
* Search for identities given the identity type, identity name
* Use common method from LazyConfig.AUTHD for getIdentity
*
* @param idType identity type for user
* @param userTokenID user token identifier
* @param populate whether to retrieve all attributes or not
* @return IdSearchResults for given the identity type and identity name
* @throws IdRepoException if it fails to search user
* @throws SSOException if <code>SSOToken</code> is not valid
*/
IdSearchResults searchIdentity(IdType idType, String userTokenID, boolean populate) throws IdRepoException, SSOException {
if (DEBUG.messageEnabled()) {
DEBUG.message("In searchAutehnticatedUser: idType " + idType);
DEBUG.message("In getUserProfile : Search for user " + userTokenID);
}
IdSearchResults searchResults = null;
Set returnSet = mergeSet(aliasAttrNames, USER_ATTRIBUTES);
int maxResults = 2;
int maxTime = 0;
String pattern;
Map avPairs;
boolean isRecursive = true;
IdSearchControl idsc = new IdSearchControl();
idsc.setRecursive(isRecursive);
idsc.setTimeOut(maxTime);
if (populate) {
idsc.setAllReturnAttributes(true);
} else {
idsc.setReturnAttributes(returnSet);
}
if (DEBUG.messageEnabled()) {
DEBUG.message("alias attr=" + aliasAttrNames + ", attr=" + USER_ATTRIBUTES + ",merge=" + returnSet);
}
if (DEBUG.messageEnabled()) {
DEBUG.message("Search for Identity " + userTokenID);
}
// search for the identity
Set result = Collections.EMPTY_SET;
try {
idsc.setMaxResults(0);
searchResults = amIdRepo.searchIdentities(idType, userTokenID, idsc);
if (searchResults != null) {
result = searchResults.getSearchResults();
}
} catch (SSOException sso) {
if (DEBUG.messageEnabled()) {
DEBUG.message("SSOException Error searching Identity " + " with username " + sso.getMessage());
}
} catch (IdRepoException e) {
if (DEBUG.messageEnabled()) {
DEBUG.message("IdRepoException : Error searching " + " Identities with username : " + e.getMessage());
}
}
if (result.isEmpty() && (aliasAttrNames != null) && (!aliasAttrNames.isEmpty())) {
if (DEBUG.messageEnabled()) {
DEBUG.message("No identity found, try Alias attrname.");
}
pattern = "*";
avPairs = toAvPairMap(aliasAttrNames, userTokenID);
if (DEBUG.messageEnabled()) {
DEBUG.message("Search for Filter (avPairs) :" + avPairs);
DEBUG.message("userTokenID : " + userTokenID);
DEBUG.message("userDN : " + userDN);
DEBUG.message("idType :" + idType);
DEBUG.message("pattern :" + pattern);
DEBUG.message("isRecursive :" + isRecursive);
DEBUG.message("maxResults :" + maxResults);
DEBUG.message("maxTime :" + maxTime);
DEBUG.message("returnSet :" + returnSet);
}
Set resultAlias = Collections.EMPTY_SET;
try {
idsc.setMaxResults(maxResults);
idsc.setSearchModifiers(IdSearchOpModifier.OR, avPairs);
searchResults = amIdRepo.searchIdentities(idType, pattern, idsc);
if (searchResults != null) {
resultAlias = searchResults.getSearchResults();
}
if ((resultAlias.isEmpty()) && (userDN != null) && (!userDN.equalsIgnoreCase(userTokenID))) {
avPairs = toAvPairMap(aliasAttrNames, userDN);
if (DEBUG.messageEnabled()) {
DEBUG.message("Search for Filter (avPairs) " + "with userDN : " + avPairs);
}
idsc.setMaxResults(maxResults);
idsc.setSearchModifiers(IdSearchOpModifier.OR, avPairs);
searchResults = amIdRepo.searchIdentities(idType, pattern, idsc);
}
} catch (SSOException sso) {
if (DEBUG.messageEnabled()) {
DEBUG.message("SSOException : Error searching " + "Identities with aliasattrname : " + sso.getMessage());
}
} catch (IdRepoException e) {
if (DEBUG.messageEnabled()) {
DEBUG.message("IdRepoException : Error searching " + "Identities : " + e.getMessage());
}
}
}
return searchResults;
}
Also used :
Set(java.util.Set)
HashSet(java.util.HashSet)
IdSearchResults(com.sun.identity.idm.IdSearchResults)
IdSearchControl(com.sun.identity.idm.IdSearchControl)
IdRepoException(com.sun.identity.idm.IdRepoException)
SSOException(com.iplanet.sso.SSOException)
Map(java.util.Map)
HashMap(java.util.HashMap)
Example 4 with IdSearchControl
use of com.sun.identity.idm.IdSearchControl in project OpenAM by OpenRock.
the class DefaultAccountProvider method searchUser.
/**
* {@inheritDoc}
*/
public AMIdentity searchUser(AMIdentityRepository idrepo, Map<String, Set<String>> attr) {
AMIdentity identity = null;
if (attr == null || attr.isEmpty()) {
debug.warning("DefaultAccountMapper.searchUser: empty search");
return null;
}
IdSearchControl ctrl = getSearchControl(IdSearchOpModifier.OR, attr);
IdSearchResults results;
try {
results = idrepo.searchIdentities(IdType.USER, "*", ctrl);
Iterator<AMIdentity> iter = results.getSearchResults().iterator();
if (iter.hasNext()) {
identity = iter.next();
if (debug.messageEnabled()) {
debug.message("getUser: user found : " + identity.getName());
}
}
} catch (IdRepoException ex) {
debug.error("DefaultAccountMapper.searchUser: Problem while searching for the user. IdRepo", ex);
} catch (SSOException ex) {
debug.error("DefaultAccountMapper.searchUser: Problem while searching for the user. SSOExc", ex);
}
return identity;
}
Also used :
IdSearchResults(com.sun.identity.idm.IdSearchResults)
AMIdentity(com.sun.identity.idm.AMIdentity)
IdSearchControl(com.sun.identity.idm.IdSearchControl)
IdRepoException(com.sun.identity.idm.IdRepoException)
SSOException(com.iplanet.sso.SSOException)
Example 5 with IdSearchControl
use of com.sun.identity.idm.IdSearchControl in project OpenAM by OpenRock.
the class Adaptive method getIdentity.
private AMIdentity getIdentity() {
AMIdentity theID = null;
AMIdentityRepository amIdRepo = getAMIdentityRepository(getRequestOrg());
IdSearchControl idsc = new IdSearchControl();
idsc.setRecursive(true);
idsc.setAllReturnAttributes(true);
// search for the identity
Set<AMIdentity> results = Collections.EMPTY_SET;
try {
idsc.setMaxResults(0);
IdSearchResults searchResults = amIdRepo.searchIdentities(IdType.USER, userName, idsc);
if (searchResults.getSearchResults().isEmpty() && !userSearchAttributes.isEmpty()) {
if (debug.messageEnabled()) {
debug.message("{}.getIdentity : searching user identity with alternative attributes {}", ADAPTIVE, userSearchAttributes);
}
final Map<String, Set<String>> searchAVP = CollectionUtils.toAvPairMap(userSearchAttributes, userName);
idsc.setSearchModifiers(IdSearchOpModifier.OR, searchAVP);
//workaround as data store always adds 'user-naming-attribute' to searchfilter
searchResults = amIdRepo.searchIdentities(IdType.USER, "*", idsc);
}
if (searchResults != null) {
results = searchResults.getSearchResults();
}
if (results.isEmpty()) {
debug.error("{}.getIdentity : User '{}' is not found", ADAPTIVE, userName);
} else if (results.size() > 1) {
debug.error("{}.getIdentity : More than one user found for the userName '{}'", ADAPTIVE, userName);
} else {
theID = results.iterator().next();
}
} catch (IdRepoException e) {
debug.error("{}.getIdentity : Error searching Identities with username '{}' ", ADAPTIVE, userName, e);
} catch (SSOException e) {
debug.error("{}.getIdentity : Module exception", ADAPTIVE, e);
}
return theID;
}
Also used :
Set(java.util.Set)
HashSet(java.util.HashSet)
IdSearchResults(com.sun.identity.idm.IdSearchResults)
AMIdentity(com.sun.identity.idm.AMIdentity)
AMIdentityRepository(com.sun.identity.idm.AMIdentityRepository)
IdSearchControl(com.sun.identity.idm.IdSearchControl)
IdRepoException(com.sun.identity.idm.IdRepoException)
SSOException(com.iplanet.sso.SSOException)
Aggregations
IdSearchControl (com.sun.identity.idm.IdSearchControl)48
IdSearchResults (com.sun.identity.idm.IdSearchResults)43
IdRepoException (com.sun.identity.idm.IdRepoException)41
SSOException (com.iplanet.sso.SSOException)36
AMIdentityRepository (com.sun.identity.idm.AMIdentityRepository)36
AMIdentity (com.sun.identity.idm.AMIdentity)35
Set (java.util.Set)25
HashSet (java.util.HashSet)20
SSOToken (com.iplanet.sso.SSOToken)15
Iterator (java.util.Iterator)14
IdType (com.sun.identity.idm.IdType)9
HashMap (java.util.HashMap)8
Map (java.util.Map)6
AMConsoleException (com.sun.identity.console.base.model.AMConsoleException)4
UnauthorizedClientException (org.forgerock.oauth2.core.exceptions.UnauthorizedClientException)4
CLIException (com.sun.identity.cli.CLIException)3
IOutput (com.sun.identity.cli.IOutput)3
AuthLoginException (com.sun.identity.authentication.spi.AuthLoginException)2
DelegationException (com.sun.identity.delegation.DelegationException)2
TreeSet (java.util.TreeSet)2
