Examples with AMIdentity com.sun.identity.idm.AMIdentity used on opensource projects

Example 51 with AMIdentity

use of com.sun.identity.idm.AMIdentity in project OpenAM by OpenRock.

the class RestUtils method hasPermission.

public static void hasPermission(final Context context) throws SSOException, IdRepoException, ForbiddenException {
    SSOTokenManager mgr = SSOTokenManager.getInstance();
    SSOToken ssotok = mgr.createSSOToken(getCookieFromServerContext(context));
    mgr.validateToken(ssotok);
    mgr.refreshSession(ssotok);
    AMIdentity amIdentity = new AMIdentity(ssotok);
    if (!(amIdentity.equals(AdminUserIdHolder.adminUserId))) {
        debug.error("Unauthorized user.");
        throw new ForbiddenException("Access Denied");
    }
}

Example 52 with AMIdentity

use of com.sun.identity.idm.AMIdentity in project OpenAM by OpenRock.

the class PendingRequestsService method denyPendingRequest.

/**
     * Denies the pending request with the specified {@literal id}.
     *
     * @param id The pending request id.
     * @param realm The current realm.
     * @throws ResourceException If the pending request is not found or could not be marked as denied.
     */
public void denyPendingRequest(String id, String realm) throws ResourceException {
    try {
        UmaPendingRequest request = store.read(id);
        store.delete(id);
        AMIdentity resourceOwner = coreWrapper.getIdentity(request.getResourceOwnerId(), realm);
        auditLogger.log(request.getResourceSetId(), request.getResourceSetName(), resourceOwner, UmaAuditType.REQUEST_DENIED, request.getRequestingPartyId());
    } catch (NotFoundException e) {
        throw new org.forgerock.json.resource.NotFoundException("Pending request, " + id + ", not found", e);
    } catch (ServerException e) {
        throw new InternalServerErrorException("Failed to mark pending request, " + id + ", as denied", e);
    }
}

Example 53 with AMIdentity

use of com.sun.identity.idm.AMIdentity in project OpenAM by OpenRock.

the class WindowsDesktopSSO method searchUserAccount.

/**
     * Searches for an account with user Id userID in the organization organization
     * @param attributeValue The attributeValue to compare when searching for an
     *  identity in the organization
     * @param organization organization or the organization name where the identity will be
     *  looked up
     * @return the attribute value for the identity searched. Empty string if not found or
     *  null if an error occurs
     */
private String searchUserAccount(String attributeValue, String organization) throws AuthLoginException {
    String classMethod = "WindowsDesktopSSO.searchUserAccount: ";
    if (organization.isEmpty()) {
        organization = "/";
    }
    if (debug.messageEnabled()) {
        debug.message(classMethod + " searching for user " + attributeValue + " in the organization =" + organization);
    }
    // And the search criteria
    IdSearchControl searchControl = new IdSearchControl();
    searchControl.setMaxResults(1);
    searchControl.setTimeOut(3000);
    searchControl.setSearchModifiers(IdSearchOpModifier.OR, buildSearchControl(attributeValue));
    searchControl.setAllReturnAttributes(false);
    try {
        AMIdentityRepository amirepo = new AMIdentityRepository(getSSOSession(), organization);
        IdSearchResults searchResults = amirepo.searchIdentities(IdType.USER, "*", searchControl);
        if (searchResults.getErrorCode() == IdSearchResults.SUCCESS && searchResults != null) {
            Set<AMIdentity> results = searchResults.getSearchResults();
            if (!results.isEmpty()) {
                if (debug.messageEnabled()) {
                    debug.message(classMethod + results.size() + " result(s) obtained");
                }
                AMIdentity userDNId = results.iterator().next();
                if (userDNId != null) {
                    if (debug.messageEnabled()) {
                        debug.message(classMethod + "user = " + userDNId.getUniversalId());
                        debug.message(classMethod + "attrs =" + userDNId.getAttributes(getUserAliasList()));
                    }
                    return attributeValue.trim();
                }
            }
        }
    } catch (IdRepoException idrepoex) {
        String[] data = { attributeValue, organization };
        throw new AuthLoginException(amAuthWindowsDesktopSSO, "idRepoSearch", data, idrepoex);
    } catch (SSOException ssoe) {
        String[] data = { attributeValue, organization };
        throw new AuthLoginException(amAuthWindowsDesktopSSO, "ssoSearch", data, ssoe);
    }
    if (debug.messageEnabled()) {
        debug.message(classMethod + " No results were found !");
    }
    return null;
}

Example 54 with AMIdentity

use of com.sun.identity.idm.AMIdentity in project OpenAM by OpenRock.

the class EntitiesModelImpl method getAttributeValues.

/**
     * Returns attribute values of an entity object.
     *
     * @param universalId Universal ID of the entity.
     * @param bCreate true for creation page
     * @return attribute values of an entity object.
     * @throws AMConsoleException if object cannot located.
     */
public Map getAttributeValues(String universalId, boolean bCreate) throws AMConsoleException {
    String[] param = { universalId, "*" };
    logEvent("ATTEMPT_READ_IDENTITY_ATTRIBUTE_VALUE", param);
    try {
        AMIdentity amid = IdUtils.getIdentity(getUserSSOToken(), universalId);
        Map tempMap = new CaseInsensitiveHashMap();
        tempMap.putAll(amid.getAttributes());
        validateUserStatusEntry(tempMap);
        Map values = new HashMap();
        String agentType = null;
        boolean webJ2EEagent = false;
        Set agentTypes = amid.getAttribute("AgentType");
        if ((agentTypes != null) && !agentTypes.isEmpty()) {
            agentType = (String) agentTypes.iterator().next();
            webJ2EEagent = agentType.equals(AgentConfiguration.AGENT_TYPE_J2EE) || agentType.equals(AgentConfiguration.AGENT_TYPE_WEB) || agentType.equals(AgentConfiguration.AGENT_TYPE_AGENT_AUTHENTICATOR);
        }
        Set attributeSchemas = getAttributeSchemas(amid.getType().getName(), agentType, bCreate);
        Set attributeNames = new HashSet();
        for (Iterator iter = attributeSchemas.iterator(); iter.hasNext(); ) {
            AttributeSchema as = (AttributeSchema) iter.next();
            String name = as.getName();
            if (!tempMap.containsKey(name)) {
                values.put(name, Collections.EMPTY_SET);
            } else {
                if (webJ2EEagent && name.equals(AGENT_ATTRIBUTE_LIST)) {
                    Set newValues = new HashSet();
                    Set temp = (Set) tempMap.get(name);
                    for (Iterator i = temp.iterator(); i.hasNext(); ) {
                        String val = (String) i.next();
                        if (val.startsWith(AGENT_ROOT_URL)) {
                            val = val.substring(AGENT_ROOT_URL.length());
                        }
                        newValues.add(val);
                    }
                    values.put(name, newValues);
                } else {
                    values.put(name, tempMap.get(name));
                }
            }
            attributeNames.add(name);
        }
        for (Iterator iter = values.keySet().iterator(); iter.hasNext(); ) {
            String name = (String) iter.next();
            if (!attributeNames.contains(name)) {
                iter.remove();
            }
        }
        logEvent("SUCCEED_READ_IDENTITY_ATTRIBUTE_VALUE", param);
        return values;
    } catch (IdRepoException e) {
        String[] paramsEx = { universalId, "*", getErrorString(e) };
        logEvent("IDM_EXCEPTION_READ_IDENTITY_ATTRIBUTE_VALUE", paramsEx);
        debug.warning("EntitiesModelImpl.getAttributeValues", e);
        throw new AMConsoleException(getErrorString(e));
    } catch (SMSException e) {
        String[] paramsEx = { universalId, "*", getErrorString(e) };
        logEvent("SMS_EXCEPTION_READ_IDENTITY_ATTRIBUTE_VALUE", paramsEx);
        debug.warning("EntitiesModelImpl.getAttributeValues", e);
        throw new AMConsoleException(getErrorString(e));
    } catch (SSOException e) {
        String[] paramsEx = { universalId, "*", getErrorString(e) };
        logEvent("SSO_EXCEPTION_READ_IDENTITY_ATTRIBUTE_VALUE", paramsEx);
        debug.warning("EntitiesModelImpl.getAttributeValues", e);
        throw new AMConsoleException(getErrorString(e));
    }
}

Example 55 with AMIdentity

use of com.sun.identity.idm.AMIdentity in project OpenAM by OpenRock.

the class EntitiesModelImpl method getMembership.

/**
     * Returns membership of an entity.
     *
     * @param realmName Name of Realm.
     * @param universalId Universal ID of the entity.
     * @param type Type of membership.
     * @return membership of an entity.
     * @throws AMConsoleException if members cannot be returned.
     */
public Set getMembership(String realmName, String universalId, String type) throws AMConsoleException {
    String[] params = { universalId, type };
    logEvent("ATTEMPT_READ_IDENTITY_MEMBERSHIP", params);
    try {
        AMIdentity amid = IdUtils.getIdentity(getUserSSOToken(), universalId);
        Set results = amid.getMemberships(IdUtils.getType(type));
        logEvent("SUCCEED_READ_IDENTITY_MEMBERSHIP", params);
        return results;
    } catch (SSOException e) {
        String[] paramsEx = { universalId, type, getErrorString(e) };
        logEvent("SSO_EXCEPTION_READ_IDENTITY_MEMBERSHIP", paramsEx);
        debug.warning("EntitiesModelImpl.getMembership", e);
        throw new AMConsoleException(getErrorString(e));
    } catch (IdRepoException e) {
        String[] paramsEx = { universalId, type, getErrorString(e) };
        logEvent("IDM_EXCEPTION_READ_IDENTITY_MEMBERSHIP", paramsEx);
        debug.warning("EntitiesModelImpl.getMembership", e);
        throw new AMConsoleException(getErrorString(e));
    }
}