Examples with AMIdentity com.sun.identity.idm.AMIdentity used on opensource projects

Example 1 with AMIdentity

use of com.sun.identity.idm.AMIdentity in project OpenAM by OpenRock.

the class DevicePrintModule method init.

/**
     * {@inheritDoc}
     */
@Override
public void init(Subject subject, Map sharedState, Map options) {
    userName = (String) sharedState.get(getUserKey());
    if (StringUtils.isEmpty(userName)) {
        ResourceBundle bundle = amCache.getResBundle(AUTH_MODULE_NAME, getLoginLocale());
        DEBUG.warning(bundle.getString("authModuleNotSetUpWithUsername"));
    }
    AMIdentityRepository amIdentityRepository = getAMIdentityRepository(getRequestOrg());
    AMIdentity amIdentity = getIdentity();
    HOTPService hotpService = moduleInitialiser.getHOTPService(getLoginLocale(), amCache, userName, amIdentityRepository, options);
    devicePrintAuthenticationService = moduleInitialiser.getDevicePrintAuthenticationService(amIdentity, getHttpServletRequest(), hotpService, options);
}

Example 2 with AMIdentity

use of com.sun.identity.idm.AMIdentity in project OpenAM by OpenRock.

the class DevicePrintModule method getIdentity.

/**
     * Gets the user's AMIdentity from LDAP.
     *
     * @return The AMIdentity for the user.
     */
public AMIdentity getIdentity() {
    AMIdentity amIdentity = null;
    AMIdentityRepository amIdRepo = getAMIdentityRepository(getRequestOrg());
    IdSearchControl idsc = new IdSearchControl();
    idsc.setAllReturnAttributes(true);
    Set<AMIdentity> results = Collections.EMPTY_SET;
    try {
        idsc.setMaxResults(0);
        IdSearchResults searchResults = amIdRepo.searchIdentities(IdType.USER, userName, idsc);
        if (searchResults != null) {
            results = searchResults.getSearchResults();
        }
        if (results.isEmpty()) {
            DEBUG.error("DevicePrintModule.getIdentity : User " + userName + " is not found");
        } else if (results.size() > 1) {
            DEBUG.error("DevicePrintModule.getIdentity : More than one user found for the userName " + userName);
        } else {
            amIdentity = results.iterator().next();
        }
    } catch (IdRepoException e) {
        DEBUG.error("DevicePrintModule.getIdentity : Error searching Identities with username : " + userName, e);
    } catch (SSOException e) {
        DEBUG.error("DevicePrintModule.getIdentity : Module exception : ", e);
    }
    return amIdentity;
}

Example 3 with AMIdentity

use of com.sun.identity.idm.AMIdentity in project OpenAM by OpenRock.

the class RemovePrivileges method handleRequest.

/**
     * Services a Commandline Request.
     *
     * @param rc Request Context.
     * @throws CLIException if the request cannot serviced.
     */
public void handleRequest(RequestContext rc) throws CLIException {
    super.handleRequest(rc);
    SSOToken adminSSOToken = getAdminSSOToken();
    IOutput outputWriter = getOutputWriter();
    String realm = getStringOptionValue(IArgument.REALM_NAME);
    String idName = getStringOptionValue(ARGUMENT_ID_NAME);
    String type = getStringOptionValue(ARGUMENT_ID_TYPE);
    List privileges = (List) rc.getOption(IArgument.PRIVILEGES);
    IdType idType = convert2IdType(type);
    String[] params = { realm, type, idName };
    try {
        writeLog(LogWriter.LOG_ACCESS, Level.INFO, "ATTEMPT_IDREPO_REMOVE_PRIVILEGES", params);
        DelegationManager mgr = new DelegationManager(adminSSOToken, realm);
        Set privilegeObjects = mgr.getPrivileges();
        AMIdentity amid;
        if (idType.equals(IdType.ROLE) && idName.equalsIgnoreCase(ALL_AUTHENTICATED_USERS)) {
            //realm needs to be /, see DelegationPolicyImpl#privilegeToPolicy implementation
            amid = new AMIdentity(adminSSOToken, idName, idType, "/", null);
        //do not check the existense of all authenticated users role as it would fail
        } else {
            amid = new AMIdentity(adminSSOToken, idName, idType, realm, null);
        }
        String uid = amid.getUniversalId();
        for (Iterator i = privileges.iterator(); i.hasNext(); ) {
            String name = (String) i.next();
            DelegationPrivilege dp = getDelegationPrivilege(name, privilegeObjects);
            boolean removed = false;
            if (dp != null) {
                Set subjects = dp.getSubjects();
                if (subjects.contains(uid)) {
                    subjects.remove(uid);
                    mgr.addPrivilege(dp);
                    removed = true;
                }
            }
            if (!removed) {
                String[] args = { idName, name };
                String msg = MessageFormat.format(getResourceString("delegation-does-not-have-privilege"), (Object[]) args);
                throw new CLIException(msg, ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
            }
        }
        outputWriter.printlnMessage(MessageFormat.format(getResourceString("idrepo-remove-privileges-succeed"), (Object[]) params));
        writeLog(LogWriter.LOG_ACCESS, Level.INFO, "SUCCEED_IDREPO_REMOVE_PRIVILEGES", params);
    } catch (DelegationException e) {
        String[] args = { realm, type, idName, e.getMessage() };
        debugError("RemovePrivileges.handleRequest", e);
        writeLog(LogWriter.LOG_ERROR, Level.INFO, "FAILED_IDREPO_REMOVE_PRIVILEGES", args);
        throw new CLIException(e, ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
    } catch (SSOException e) {
        String[] args = { realm, type, idName, e.getMessage() };
        debugError("RemovePrivileges.handleRequest", e);
        writeLog(LogWriter.LOG_ERROR, Level.INFO, "FAILED_IDREPO_REMOVE_PRIVILEGES", args);
        throw new CLIException(e, ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
    }
}

Example 4 with AMIdentity

use of com.sun.identity.idm.AMIdentity in project OpenAM by OpenRock.

the class SearchIdentities method handleRequest.

/**
     * Services a Commandline Request.
     *
     * @param rc Request Context.
     * @throws CLIException if the request cannot serviced.
     */
public void handleRequest(RequestContext rc) throws CLIException {
    super.handleRequest(rc);
    SSOToken adminSSOToken = getAdminSSOToken();
    IOutput outputWriter = getOutputWriter();
    String realm = getStringOptionValue(IArgument.REALM_NAME);
    String type = getStringOptionValue(ARGUMENT_ID_TYPE);
    String filter = getStringOptionValue(IArgument.FILTER);
    String[] params = { realm, type, filter };
    writeLog(LogWriter.LOG_ACCESS, Level.INFO, "ATTEMPT_SEARCH_IDENTITIES", params);
    // test if realm exists
    try {
        new OrganizationConfigManager(adminSSOToken, realm);
    } catch (SMSException e) {
        String[] args = { realm, type, filter, e.getMessage() };
        debugError("SearchIdentities.handleRequest", e);
        writeLog(LogWriter.LOG_ERROR, Level.INFO, "FAILED_SEARCH_IDENTITIES", args);
        Object[] msgArg = { realm };
        throw new CLIException(MessageFormat.format(getResourceString("realm-does-not-exist"), msgArg), ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
    }
    try {
        AMIdentityRepository amir = new AMIdentityRepository(adminSSOToken, realm);
        IdType idType = convert2IdType(type);
        IdSearchResults isr = amir.searchIdentities(idType, filter, new IdSearchControl());
        Set results = isr.getSearchResults();
        if ((results != null) && !results.isEmpty()) {
            if (idType.equals(IdType.USER)) {
                IdSearchResults specialUsersResults = amir.getSpecialIdentities(IdType.USER);
                results.removeAll(specialUsersResults.getSearchResults());
            }
            for (Iterator i = results.iterator(); i.hasNext(); ) {
                AMIdentity amid = (AMIdentity) i.next();
                String[] args = { amid.getName(), amid.getUniversalId() };
                outputWriter.printlnMessage(MessageFormat.format(getResourceString("format-search-identities-results"), (Object[]) args));
            }
        } else {
            outputWriter.printlnMessage(getResourceString("search-identities-no-entries"));
        }
        outputWriter.printlnMessage(MessageFormat.format(getResourceString("search-identities-succeed"), (Object[]) params));
        writeLog(LogWriter.LOG_ACCESS, Level.INFO, "SUCCEED_SEARCH_IDENTITIES", params);
    } catch (IdRepoException e) {
        String[] args = { realm, type, filter, e.getMessage() };
        debugError("SearchIdentities.handleRequest", e);
        writeLog(LogWriter.LOG_ERROR, Level.INFO, "FAILED_SEARCH_IDENTITIES", args);
        throw new CLIException(e, ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
    } catch (SSOException e) {
        String[] args = { realm, type, filter, e.getMessage() };
        debugError("SearchIdentities.handleRequest", e);
        writeLog(LogWriter.LOG_ERROR, Level.INFO, "FAILED_SEARCH_IDENTITIES", args);
        throw new CLIException(e, ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
    }
}

Example 5 with AMIdentity

use of com.sun.identity.idm.AMIdentity in project OpenAM by OpenRock.

the class SetAttributeValues method handleRequest.

/**
     * Services a Commandline Request.
     *
     * @param rc Request Context.
     * @throws CLIException if the request cannot serviced.
     */
public void handleRequest(RequestContext rc) throws CLIException {
    super.handleRequest(rc);
    SSOToken adminSSOToken = getAdminSSOToken();
    IOutput outputWriter = getOutputWriter();
    String realm = getStringOptionValue(IArgument.REALM_NAME);
    String idName = getStringOptionValue(ARGUMENT_ID_NAME);
    String type = getStringOptionValue(ARGUMENT_ID_TYPE);
    IdType idType = convert2IdType(type);
    String datafile = getStringOptionValue(IArgument.DATA_FILE);
    List attrValues = rc.getOption(IArgument.ATTRIBUTE_VALUES);
    if ((datafile == null) && (attrValues == null)) {
        throw new CLIException(getResourceString("missing-attributevalues"), ExitCodes.INCORRECT_OPTION, rc.getSubCommand().getName());
    }
    Map attributeValues = AttributeValues.parse(getCommandManager(), datafile, attrValues);
    String[] params = { realm, type, idName };
    try {
        AMIdentityRepository amir = new AMIdentityRepository(adminSSOToken, realm);
        writeLog(LogWriter.LOG_ACCESS, Level.INFO, "ATTEMPT_IDREPO_SET_ATTRIBUTE_VALUES", params);
        AMIdentity amid = new AMIdentity(adminSSOToken, idName, idType, realm, null);
        amid.setAttributes(attributeValues);
        amid.store();
        outputWriter.printlnMessage(MessageFormat.format(getResourceString("idrepo-set-attribute-values-succeed"), (Object[]) params));
        writeLog(LogWriter.LOG_ACCESS, Level.INFO, "SUCCEED_IDREPO_SET_ATTRIBUTE_VALUES", params);
    } catch (IdRepoException e) {
        String[] args = { realm, type, idName, e.getMessage() };
        debugError("SetAttributeValues.handleRequest", e);
        writeLog(LogWriter.LOG_ERROR, Level.INFO, "FAILED_IDREPO_SET_ATTRIBUTE_VALUES", args);
        throw new CLIException(e, ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
    } catch (SSOException e) {
        String[] args = { realm, type, idName, e.getMessage() };
        debugError("SetAttributeValues.handleRequest", e);
        writeLog(LogWriter.LOG_ERROR, Level.INFO, "FAILED_IDREPO_SET_ATTRIBUTE_VALUES", args);
        throw new CLIException(e, ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
    }
}