use of com.iplanet.am.sdk.common.IDirectoryServices in project OpenAM by OpenRock.
the class AMSDKRepo method getBinaryAttributes.
/*
* (non-Javadoc)
*
* @see com.sun.identity.idm.IdRepo#getBinaryAttributes(
* com.iplanet.sso.SSOToken, com.sun.identity.idm.IdType,
* java.lang.String, java.util.Set)
*/
public Map getBinaryAttributes(SSOToken token, IdType type, String name, Set attrNames) throws IdRepoException, SSOException {
if (debug.messageEnabled()) {
debug.message("AMSDKIdRepo: getBinaryAttributes called" + ": " + type + ": " + name);
}
AMStoreConnection amsc = (sc == null) ? new AMStoreConnection(token) : sc;
String dn = getDN(type, name);
int profileType = getProfileType(type);
// Use adminToken if present
if (adminToken != null) {
token = adminToken;
}
try {
if (amsc.isValidEntry(dn)) {
IDirectoryServices dsServices = AMDirectoryAccessFactory.getDirectoryServices();
return dsServices.getAttributesByteValues(token, dn, attrNames, profileType);
} else {
Object[] args = { name };
throw new IdRepoException(IdRepoBundle.BUNDLE_NAME, IdRepoErrorCode.NOT_VALID_ENTRY, args);
}
} catch (AMException ame) {
debug.error("AMSDKRepo.getBinaryAttributes(): AMException ", ame);
throw IdUtils.convertAMException(ame);
}
}
use of com.iplanet.am.sdk.common.IDirectoryServices in project OpenAM by OpenRock.
the class AMSDKRepo method changePassword.
public void changePassword(SSOToken token, IdType type, String name, String attrName, String oldPassword, String newPassword) throws IdRepoException, SSOException {
if (debug.messageEnabled()) {
debug.message("AMSDKRepo.changePassword: name = " + name);
}
if (!type.equals(IdType.USER)) {
Object[] args = { this.getClass().getName() };
throw new IdRepoUnsupportedOpException(IdRepoBundle.BUNDLE_NAME, IdRepoErrorCode.CHANGE_PASSWORD_ONLY_FOR_USER, args);
}
String dn = getDN(type, name);
int profileType = getProfileType(type);
try {
IDirectoryServices dsServices = AMDirectoryAccessFactory.getDirectoryServices();
dsServices.changePassword(token, dn, attrName, oldPassword, newPassword);
} catch (AMException ame) {
debug.error("AMSDKRepo.changePassword:", ame);
throw IdUtils.convertAMException(ame);
}
}
use of com.iplanet.am.sdk.common.IDirectoryServices in project OpenAM by OpenRock.
the class AMSearchFilterManager method getSearchFilter.
/**
* Method to get search filter for the specified object type defined at the
* specified Organization. If a search template corresponding to the
* AMObject, is not found at the specified Organization, then one defined at
* global one will be returned.
*
* @param objectType
* type of AMObject
* @param orgDN
* the DN of the organization where the AMObject resides.
* @param searchTemplateName
* name of the search template to be used. If this is null, then
* default search templates are used.
* @param ignoreComplianceFilter
* if true then modify the compliance related search filters will
* not be applied. If false, compliance related filters will be
* applied.
* @return a search filter String in lower case.
*/
public static String getSearchFilter(int objectType, String orgDN, String searchTemplateName, boolean ignoreComplianceFilter) {
String filter;
String organizationDN = DN.valueOf(orgDN).toString();
// Already in RFC
String rootSuffixDN = AMStoreConnection.getAMSdkBaseDN();
if (orgDN != null && organizationDN.equals(rootSuffixDN)) {
orgDN = null;
}
String cacheKey = (new Integer(objectType)).toString() + ":" + searchTemplateName + ":" + organizationDN;
if ((filter = (String) searchfilterMap.get(cacheKey)) == null) {
IDirectoryServices dsServices = AMDirectoryAccessFactory.getDirectoryServices();
filter = dsServices.getSearchFilterFromTemplate(objectType, orgDN, searchTemplateName);
searchfilterMap.put(cacheKey, filter);
}
// Now modify the obtained search filter if necessary. Also, mostly
// do the modification here, if you do not want the modified filter
// to be cached. Applicable to cases where filter may change dynamically
// Note: Always add lowercase filters, to guarantee a lowercase filter
// String to be returned.
filter = modifyFilter(filter, objectType);
filter = addAdminGroupFilters(filter, orgDN, objectType);
filter = addComplianceModeFilters(filter, objectType, ignoreComplianceFilter);
return filter;
}
use of com.iplanet.am.sdk.common.IDirectoryServices in project OpenAM by OpenRock.
the class AMSDKRepo method getAttributes.
/*
* (non-Javadoc)
*
* @see com.sun.identity.idm.IdRepo#getAttributes(com.iplanet.sso.SSOToken,
* com.sun.identity.idm.IdType, java.lang.String)
*/
public Map getAttributes(SSOToken token, IdType type, String name) throws IdRepoException, SSOException {
AMStoreConnection amsc = (sc == null) ? new AMStoreConnection(token) : sc;
String dn = getDN(type, name);
int profileType = getProfileType(type);
if (debug.messageEnabled()) {
debug.message("AMSDKIdRepo: getAttributes called" + ": " + type + ": " + name + " DN: '" + dn + "'");
}
// Use adminToken if present
if (adminToken != null) {
token = adminToken;
}
try {
if (amsc.isValidEntry(dn)) {
IDirectoryServices dsServices = AMDirectoryAccessFactory.getDirectoryServices();
return dsServices.getAttributes(token, dn, false, false, profileType);
} else {
Object[] args = { name };
throw new IdRepoException(IdRepoBundle.BUNDLE_NAME, IdRepoErrorCode.NOT_VALID_ENTRY, args);
}
} catch (AMException ame) {
debug.error("AMSDKRepo.getAttributes(): AMException ", ame);
throw IdUtils.convertAMException(ame);
}
}
use of com.iplanet.am.sdk.common.IDirectoryServices in project OpenAM by OpenRock.
the class IdUtils method getIdentity.
/**
* Returns an <code>AMIdentity</code> object, given the
* DN of an authenticated identity, realm name and identity type.
* This interface is mainly for authentication component to get
* back the identity of the user.
*
* @param token SSOToken of the administrator
* @param amsdkdn DN of the authenticated user
* @param realm realm name where the user was authenticated
* @return Identity object or <code>null</code>
* @throws IdRepoException if the underly components throws
* exception while obtaining the identity object
*/
public static AMIdentity getIdentity(SSOToken token, String amsdkdn, String realm) throws IdRepoException {
if (amsdkdn == null || !LDAPUtils.isDN(amsdkdn)) {
Object[] args = { amsdkdn };
throw (new IdRepoException(IdRepoBundle.BUNDLE_NAME, IdRepoErrorCode.ILLEGAL_UNIVERSAL_IDENTIFIER, args));
}
DN amsdkdnObject = LDAPUtils.newDN(amsdkdn);
// Try constructing the identity object
if (amsdkdn.toLowerCase().startsWith("id=")) {
try {
return (new AMIdentity(amsdkdnObject, token));
} catch (IdRepoException ide) {
// this could be a AMSDK DN. Follow the AMSDK rules
if (debug.messageEnabled()) {
debug.message("IdUtils:getIdentity(token, " + amsdkdn + ") got exception: " + ide.getMessage() + "\n\tContinuing with AMSDK DN check");
}
}
}
// Check for Special Users
initializeSpecialUsers();
if (specialUsers.contains(DNUtils.normalizeDN(amsdkdn))) {
return new AMIdentity(amsdkdnObject, token, LDAPUtils.rdnValueFromDn(amsdkdnObject), IdType.USER, ROOT_SUFFIX);
}
// any of the realms.
try {
if (!ServiceManager.isAMSDKEnabled() || ((realm != null) && !OrgConfigViaAMSDK.isAMSDKConfigured(realm)) || (!ServiceManager.isAMSDKConfigured())) {
// Not configured for AMSDK, return
return (null);
}
} catch (SMSException smse) {
// Ignore the exception and continue
}
// Initialize root realm suffix, org and user naming attributes
initializeForGetIdentity();
// Determine if the amsdkdn is valid. Obtain name & type
String name = null;
IdType type = null;
try {
// Since we would using AMSDK, get AMDirectoryManager preload
// all the attributes and check if it exists
IDirectoryServices dsServices = AMDirectoryAccessFactory.getDirectoryServices();
// force multiple another directory lookup
try {
if (amsdkdn.startsWith(USER_NAMING_ATTR)) {
dsServices.getAttributes(token, amsdkdn, AMObject.USER);
}
} catch (Exception e) {
// Ignore the exception and continue since this for cache
}
// Getting object type would use the cached attributes
int sdkType = dsServices.getObjectType(token, amsdkdn);
// Convert the sdkType to IdRepo type
type = getType(AMStoreConnection.getObjectName(sdkType));
name = AMConstants.CONTAINER_DEFAULT_TEMPLATE_ROLE;
if (!type.equals(IdType.REALM)) {
name = LDAPUtils.rdnValueFromDn(amsdkdnObject);
}
} catch (AMException ame) {
// Debug the message and return null
if (debug.messageEnabled()) {
debug.message("IdUtils.getIdentity: Unable to resolve " + "AMSDK DN: " + amsdkdn, ame);
}
return (null);
} catch (SSOException ssoe) {
// Debug the message and return null
if (debug.messageEnabled()) {
debug.message("IdUtils.getIdentity: Unable to resolve " + "AMSDK DN. Got SSOException", ssoe);
}
return (null);
}
// Need to determine realm for amsdkdn
String srealm = ROOT_SUFFIX;
if (!amsdkdn.equals(ROOT_SUFFIX) && !amsdkdn.equals(SERVICES_SUFFIX)) {
// Need to get the object type and walk up the tree
int index = amsdkdn.indexOf(ORG_NAMING_ATTR);
if (index == 0) {
srealm = OrgConfigViaAMSDK.getRealmForAMSDK(amsdkdn, realm);
} else if (index > 0) {
srealm = OrgConfigViaAMSDK.getRealmForAMSDK(amsdkdn.substring(index), realm);
}
if (debug.messageEnabled()) {
debug.message("IdUtils.getIdentity:: amsdkdn=" + amsdkdn + " maps to realm=" + srealm);
}
} else if (amsdkdn.equals(SERVICES_SUFFIX)) {
// Since amsdkdn points to services node,
// it should be reset to root suffix
amsdkdn = ROOT_SUFFIX;
}
return (new AMIdentity(amsdkdnObject, token, name, type, srealm));
}
Aggregations