Example 21 with AMIdentity
use of com.sun.identity.idm.AMIdentity in project OpenAM by OpenRock.
the class CramMD5MechanismHandler method getUserPassword.
private static String getUserPassword(String userName) {
try {
SSOToken adminToken = (SSOToken) AccessController.doPrivileged(AdminTokenAction.getInstance());
AMIdentityRepository idRepo = new AMIdentityRepository(adminToken, SMSEntry.getRootSuffix());
IdSearchControl searchControl = new IdSearchControl();
searchControl.setTimeOut(0);
searchControl.setMaxResults(0);
searchControl.setAllReturnAttributes(false);
IdSearchResults searchResults = idRepo.searchIdentities(IdType.USER, userName, searchControl);
Set users = searchResults.getSearchResults();
if (users == null || users.isEmpty()) {
if (debug.messageEnabled()) {
debug.message("CramMD5MechanismHandler.getUserPassword: " + "no user found");
}
return null;
}
if (users.size() > 1) {
if (debug.messageEnabled()) {
debug.message("CramMD5MechanismHandler.getUserPassword: " + "more than 1 user found");
}
return null;
}
AMIdentity user = (AMIdentity) users.iterator().next();
Set passwords = user.getAttribute("userPassword");
if (passwords == null || passwords.isEmpty()) {
if (debug.messageEnabled()) {
debug.message("CramMD5MechanismHandler.getUserPassword: " + "user has no password");
}
return null;
}
if (passwords.size() > 1) {
if (debug.messageEnabled()) {
debug.message("CramMD5MechanismHandler.getUserPassword: " + "user has more than 1 passwords");
}
return null;
}
String password = (String) passwords.iterator().next();
if (password.startsWith("{CLEAR}")) {
password = password.substring(7);
}
return password;
} catch (Exception ex) {
AuthnSvcUtils.debug.error("CramMD5MechanismHandler.getUserPassword: ", ex);
return null;
}
}
Also used :
SSOToken(com.iplanet.sso.SSOToken)
Set(java.util.Set)
IdSearchResults(com.sun.identity.idm.IdSearchResults)
AMIdentity(com.sun.identity.idm.AMIdentity)
AMIdentityRepository(com.sun.identity.idm.AMIdentityRepository)
IdSearchControl(com.sun.identity.idm.IdSearchControl)
IdRepoException(com.sun.identity.idm.IdRepoException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
AuthLoginException(com.sun.identity.authentication.spi.AuthLoginException)
SSOException(com.iplanet.sso.SSOException)
UnsupportedEncodingException(java.io.UnsupportedEncodingException)
Example 22 with AMIdentity
use of com.sun.identity.idm.AMIdentity in project OpenAM by OpenRock.
the class WSSReplayPasswd method onLoginSuccess.
/**
* Post processing on successful authentication.
* @param requestParamsMap contains HttpServletRequest parameters
* @param request HttpServlet request
* @param response HttpServlet response
* @param ssoToken user's session
* @throws AuthenticationException if there is an error while setting
* the session paswword property
*/
public void onLoginSuccess(Map requestParamsMap, HttpServletRequest request, HttpServletResponse response, SSOToken ssoToken) throws AuthenticationException {
try {
if (!useHashedPassword) {
String userpasswd = request.getParameter(PASSWORD_TOKEN);
if (userpasswd != null) {
ssoToken.setProperty("EncryptedUserPassword", Crypt.encrypt(userpasswd));
}
} else {
String userName = ssoToken.getPrincipal().getName();
String universalID = ssoToken.getProperty("sun.am.UniversalIdentifier");
if (debug.messageEnabled()) {
debug.message("WSSReplayPassword:Authenticated user : " + userName);
debug.message("WSSReplayPassword:Authenticated UUID : " + universalID);
}
AMIdentity amId = new AMIdentity(getAdminToken(), universalID);
Set tmp = amId.getAttribute("userPassword");
if (tmp != null && !tmp.isEmpty()) {
String userPassword = (String) tmp.iterator().next();
ssoToken.setProperty("HashedUserPassword", userPassword);
}
}
} catch (SSOException sse) {
debug.warning("WSSReplayPasswd.onLoginSuccess: " + "sso exception", sse);
} catch (IdRepoException ire) {
if (debug.warningEnabled()) {
debug.warning("WSSReplayPassword.onLoginSuccess: ", ire);
}
}
}
Also used :
Set(java.util.Set)
AMIdentity(com.sun.identity.idm.AMIdentity)
IdRepoException(com.sun.identity.idm.IdRepoException)
SSOException(com.iplanet.sso.SSOException)
Example 23 with AMIdentity
use of com.sun.identity.idm.AMIdentity in project OpenAM by OpenRock.
the class TokenResource method deleteToken.
/**
* Deletes the token with the provided token id.
*
* @param context The context.
* @param tokenId The token id.
* @param deleteRefreshToken Whether to delete associated refresh token, if token id is for an access token.
* @return {@code Void} if the token has been deleted.
*/
private Promise<Void, ResourceException> deleteToken(Context context, String tokenId, boolean deleteRefreshToken) {
try {
AMIdentity uid = getUid(context);
JsonValue token = tokenStore.read(tokenId);
if (token == null) {
if (debug.errorEnabled()) {
debug.error("TokenResource :: DELETE : No token with ID, " + tokenId + " found to delete");
}
throw new NotFoundException("Token Not Found", null);
}
String username = getAttributeValue(token, USERNAME);
if (username == null || username.isEmpty()) {
if (debug.errorEnabled()) {
debug.error("TokenResource :: DELETE : No username associated with " + "token with ID, " + tokenId + ".");
}
throw new PermanentException(HttpURLConnection.HTTP_NOT_FOUND, "Not Found", null);
}
String grantType = getAttributeValue(token, GRANT_TYPE);
if (grantType != null && grantType.equalsIgnoreCase(CLIENT_CREDENTIALS)) {
if (deleteRefreshToken) {
deleteAccessTokensRefreshToken(token);
}
tokenStore.delete(tokenId);
} else {
String realm = getAttributeValue(token, REALM);
AMIdentity uid2 = identityManager.getResourceOwnerIdentity(username, realm);
if (uid.equals(uid2) || uid.equals(adminUserId)) {
if (deleteRefreshToken) {
deleteAccessTokensRefreshToken(token);
}
tokenStore.delete(tokenId);
} else {
if (debug.errorEnabled()) {
debug.error("TokenResource :: DELETE : Only the resource owner or an administrator may perform " + "a delete on the token with ID, " + tokenId + ".");
}
throw new PermanentException(401, "Unauthorized", null);
}
}
return newResultPromise(null);
} catch (CoreTokenException e) {
return new ServiceUnavailableException(e.getMessage(), e).asPromise();
} catch (ResourceException e) {
return e.asPromise();
} catch (SSOException e) {
debug.error("TokenResource :: DELETE : Unable to retrieve identity of the requesting user. Unauthorized.");
return new PermanentException(401, "Unauthorized", e).asPromise();
} catch (IdRepoException e) {
debug.error("TokenResource :: DELETE : Unable to retrieve identity of the requesting user. Unauthorized.");
return new PermanentException(401, "Unauthorized", e).asPromise();
} catch (UnauthorizedClientException e) {
debug.error("TokenResource :: DELETE : Requesting user is unauthorized.");
return new PermanentException(401, "Unauthorized", e).asPromise();
}
}
Also used :
AMIdentity(com.sun.identity.idm.AMIdentity)
PermanentException(org.forgerock.json.resource.PermanentException)
UnauthorizedClientException(org.forgerock.oauth2.core.exceptions.UnauthorizedClientException)
JsonValue(org.forgerock.json.JsonValue)
IdRepoException(com.sun.identity.idm.IdRepoException)
NotFoundException(org.forgerock.json.resource.NotFoundException)
CoreTokenException(org.forgerock.openam.cts.exceptions.CoreTokenException)
ResourceException(org.forgerock.json.resource.ResourceException)
SSOException(com.iplanet.sso.SSOException)
ServiceUnavailableException(org.forgerock.json.resource.ServiceUnavailableException)
Example 24 with AMIdentity
use of com.sun.identity.idm.AMIdentity in project OpenAM by OpenRock.
the class AuditHistory method queryCollection.
@Override
public Promise<QueryResponse, ResourceException> queryCollection(Context context, QueryRequest request, QueryResourceHandler handler) {
AMIdentity identity = getIdentity(context);
Set<UmaAuditEntry> history;
try {
if (request.getQueryFilter().toString().equals("true")) {
history = auditLogger.getEntireHistory(identity);
} else {
history = auditLogger.getHistory(identity, request);
}
} catch (ServerException e) {
return new InternalServerErrorException(e).asPromise();
}
List<ResourceResponse> results = new ArrayList<>();
for (UmaAuditEntry entry : history) {
JsonValue result = entry.asJson();
results.add(newResourceResponse(entry.getId(), String.valueOf(result.hashCode()), result));
}
QueryResponsePresentation.enableDeprecatedRemainingQueryResponse(request);
return QueryResponsePresentation.perform(handler, request, results);
}
Also used :
ServerException(org.forgerock.openam.sm.datalayer.store.ServerException)
Responses.newResourceResponse(org.forgerock.json.resource.Responses.newResourceResponse)
ResourceResponse(org.forgerock.json.resource.ResourceResponse)
AMIdentity(com.sun.identity.idm.AMIdentity)
ArrayList(java.util.ArrayList)
JsonValue(org.forgerock.json.JsonValue)
InternalServerErrorException(org.forgerock.json.resource.InternalServerErrorException)
UmaAuditEntry(org.forgerock.openam.sm.datalayer.impl.uma.UmaAuditEntry)
Example 25 with AMIdentity
use of com.sun.identity.idm.AMIdentity in project OpenAM by OpenRock.
the class ResourceSetService method createSubject.
protected Subject createSubject(String username, String realm) {
AMIdentity identity = coreWrapper.getIdentity(username, realm);
JwtPrincipal principal = new JwtPrincipal(json(object(field("sub", identity.getUniversalId()))));
Set<Principal> principals = new HashSet<>();
principals.add(principal);
return new Subject(false, principals, Collections.emptySet(), Collections.emptySet());
}
Also used :
AMIdentity(com.sun.identity.idm.AMIdentity)
JwtPrincipal(com.sun.identity.entitlement.JwtPrincipal)
JwtPrincipal(com.sun.identity.entitlement.JwtPrincipal)
Principal(java.security.Principal)
Subject(javax.security.auth.Subject)
HashSet(java.util.HashSet)
Aggregations
AMIdentity (com.sun.identity.idm.AMIdentity)373
IdRepoException (com.sun.identity.idm.IdRepoException)243
SSOException (com.iplanet.sso.SSOException)215
Set (java.util.Set)170
HashSet (java.util.HashSet)150
SSOToken (com.iplanet.sso.SSOToken)112
Iterator (java.util.Iterator)91
AMIdentityRepository (com.sun.identity.idm.AMIdentityRepository)85
Map (java.util.Map)83
HashMap (java.util.HashMap)78
IdType (com.sun.identity.idm.IdType)52
SMSException (com.sun.identity.sm.SMSException)52
AMConsoleException (com.sun.identity.console.base.model.AMConsoleException)44
CLIException (com.sun.identity.cli.CLIException)43
IOutput (com.sun.identity.cli.IOutput)42
IdSearchResults (com.sun.identity.idm.IdSearchResults)39
IdSearchControl (com.sun.identity.idm.IdSearchControl)35
OrganizationConfigManager (com.sun.identity.sm.OrganizationConfigManager)23
Test (org.testng.annotations.Test)23
List (java.util.List)22
