Examples with AMIdentityRepository com.sun.identity.idm.AMIdentityRepository used on opensource projects

Example 61 with AMIdentityRepository

use of com.sun.identity.idm.AMIdentityRepository in project OpenAM by OpenRock.

the class AuthD method getAMIdentityRepository.

/**
     * Returns the OpenAM Identity Repository for an organization.
     *
     * @param orgDN name of the organization
     * @return OpenAM Identity Repository.
     */
public AMIdentityRepository getAMIdentityRepository(String orgDN) {
    AMIdentityRepository amIdentityRepository = null;
    try {
        amIdentityRepository = idRepoMap.get(orgDN);
        if (amIdentityRepository == null) {
            amIdentityRepository = new AMIdentityRepository(ssoAuthSession, orgDN);
            AMIdentityRepository winner = idRepoMap.putIfAbsent(orgDN, amIdentityRepository);
            if (winner != null) {
                // We lost the race
                amIdentityRepository = winner;
            }
        }
    } catch (Exception id) {
        if (debug.messageEnabled()) {
            debug.message("Error getAMIdentityRepository", id);
        }
    }
    return amIdentityRepository;
}

Example 62 with AMIdentityRepository

use of com.sun.identity.idm.AMIdentityRepository in project OpenAM by OpenRock.

the class Application method authenticateToDatastore.

/**
     * Authenticates to the datastore using idRepo API
     *
     * @param userName User Name
     * @param userPassword User Password
     * @return <code>true</code> if success. <code>false</code> if failure
     * @throws <code> AuthLoginException </code> 
     */
private boolean authenticateToDatastore(String userName, String userPassword) throws AuthLoginException {
    boolean retval = false;
    Callback[] callbacks = new Callback[2];
    NameCallback nameCallback = new NameCallback("NamePrompt");
    nameCallback.setName(userName);
    callbacks[0] = nameCallback;
    PasswordCallback passwordCallback = new PasswordCallback("PasswordPrompt", false);
    passwordCallback.setPassword(userPassword.toCharArray());
    callbacks[1] = passwordCallback;
    try {
        AMIdentityRepository idrepo = getAMIdentityRepository(getRequestOrg());
        retval = idrepo.authenticate(callbacks);
    } catch (IdRepoException idrepoExp) {
        if (debug.messageEnabled()) {
            debug.message("Application.authenticateToDatastore:  " + "IdRepo Exception", idrepoExp);
        }
    }
    return retval;
}

Example 63 with AMIdentityRepository

use of com.sun.identity.idm.AMIdentityRepository in project OpenAM by OpenRock.

the class DataStore method process.

public int process(Callback[] callbacks, int state) throws AuthLoginException {
    currentState = state;
    int retVal = 0;
    Callback[] idCallbacks = new Callback[2];
    try {
        if (currentState == ISAuthConstants.LOGIN_START) {
            if (callbacks != null && callbacks.length == 0) {
                userName = (String) sharedState.get(getUserKey());
                userPassword = (String) sharedState.get(getPwdKey());
                if (userName == null || userPassword == null) {
                    return ISAuthConstants.LOGIN_START;
                }
                NameCallback nameCallback = new NameCallback("dummy");
                nameCallback.setName(userName);
                idCallbacks[0] = nameCallback;
                PasswordCallback passwordCallback = new PasswordCallback("dummy", false);
                passwordCallback.setPassword(userPassword.toCharArray());
                idCallbacks[1] = passwordCallback;
            } else {
                idCallbacks = callbacks;
                //callbacks is not null
                userName = ((NameCallback) callbacks[0]).getName();
                char[] password = ((PasswordCallback) callbacks[1]).getPassword();
                userPassword = password == null ? null : String.valueOf(password);
            }
            if (userName == null) {
                debug.message("DataStore.process: Username is null/empty");
                throw new UserNamePasswordValidationException("amAuth", "InvalidUP", null);
            }
            if (userPassword == null || userPassword.length() == 0) {
                debug.message("DataStore.process: Password is null/empty");
                throw new InvalidPasswordException("amAuth", "invalidPasswd", null);
            }
            //store username password both in success and failure case
            storeUsernamePasswd(userName, userPassword);
            /*
                Fix for OPENAM-1872. Reject usernames with illegal characters (e.g. * or ! or ) or ( or & ), just
                like the LDAP LoginModule does. List of invalid characters comes from a new configuration entry (though
                the list of illegal characters does not seem to be processed in validateUserName). I want the invocation
                to be just like the LDAP LoginModule, and to handle the case in which the username format validator
                cannot be successfully loaded in validateUserName.
                 */
            validateUserName(userName, CollectionHelper.getMapAttr(currentConfig, INVALID_CHARS));
            AMIdentityRepository idrepo = getAMIdentityRepository(getRequestOrg());
            boolean success = idrepo.authenticate(idCallbacks);
            if (success) {
                retVal = ISAuthConstants.LOGIN_SUCCEED;
                validatedUserID = userName;
            } else {
                throw new AuthLoginException(amAuthDataStore, "authFailed", null);
            }
        } else {
            setFailureID(userName);
            throw new AuthLoginException(amAuthDataStore, "authFailed", null);
        }
    } catch (IdRepoException ex) {
        debug.message("idRepo Exception");
        setFailureID(userName);
        throw new AuthLoginException(amAuthDataStore, "authFailed", null, ex);
    }
    return retVal;
}

Example 64 with AMIdentityRepository

use of com.sun.identity.idm.AMIdentityRepository in project OpenAM by OpenRock.

the class Adaptive method getIdentity.

private AMIdentity getIdentity() {
    AMIdentity theID = null;
    AMIdentityRepository amIdRepo = getAMIdentityRepository(getRequestOrg());
    IdSearchControl idsc = new IdSearchControl();
    idsc.setRecursive(true);
    idsc.setAllReturnAttributes(true);
    // search for the identity
    Set<AMIdentity> results = Collections.EMPTY_SET;
    try {
        idsc.setMaxResults(0);
        IdSearchResults searchResults = amIdRepo.searchIdentities(IdType.USER, userName, idsc);
        if (searchResults.getSearchResults().isEmpty() && !userSearchAttributes.isEmpty()) {
            if (debug.messageEnabled()) {
                debug.message("{}.getIdentity : searching user identity with alternative attributes {}", ADAPTIVE, userSearchAttributes);
            }
            final Map<String, Set<String>> searchAVP = CollectionUtils.toAvPairMap(userSearchAttributes, userName);
            idsc.setSearchModifiers(IdSearchOpModifier.OR, searchAVP);
            //workaround as data store always adds 'user-naming-attribute' to searchfilter
            searchResults = amIdRepo.searchIdentities(IdType.USER, "*", idsc);
        }
        if (searchResults != null) {
            results = searchResults.getSearchResults();
        }
        if (results.isEmpty()) {
            debug.error("{}.getIdentity : User '{}' is not found", ADAPTIVE, userName);
        } else if (results.size() > 1) {
            debug.error("{}.getIdentity : More than one user found for the userName '{}'", ADAPTIVE, userName);
        } else {
            theID = results.iterator().next();
        }
    } catch (IdRepoException e) {
        debug.error("{}.getIdentity : Error searching Identities with username '{}' ", ADAPTIVE, userName, e);
    } catch (SSOException e) {
        debug.error("{}.getIdentity : Module exception", ADAPTIVE, e);
    }
    return theID;
}

Example 65 with AMIdentityRepository

use of com.sun.identity.idm.AMIdentityRepository in project OpenAM by OpenRock.

the class RealmResourceOfferingModelImpl method assignService.

/**
     * Assigns service to a realm.
     *
     * @param realm Realm Name.
     * @throws AMConsoleException if values cannot be set.
     */
public void assignService(String realm) throws AMConsoleException {
    String[] params = { realm, AMAdminConstants.DISCOVERY_SERVICE };
    try {
        AMIdentityRepository repo = new AMIdentityRepository(getUserSSOToken(), realm);
        AMIdentity realmIdentity = repo.getRealmIdentity();
        Set servicesFromIdRepo = realmIdentity.getAssignableServices();
        if (servicesFromIdRepo.contains(AMAdminConstants.DISCOVERY_SERVICE)) {
            realmIdentity.assignService(AMAdminConstants.DISCOVERY_SERVICE, Collections.EMPTY_MAP);
        } else {
            OrganizationConfigManager orgCfgMgr = new OrganizationConfigManager(getUserSSOToken(), realm);
            orgCfgMgr.assignService(AMAdminConstants.DISCOVERY_SERVICE, Collections.EMPTY_MAP);
        }
    } catch (SSOException e) {
        String strError = getErrorString(e);
        String[] paramsEx = { realm, AMAdminConstants.DISCOVERY_SERVICE, strError };
        logEvent("SSO_EXCEPTION_ASSIGN_SERVICE_TO_REALM", paramsEx);
        throw new AMConsoleException(strError);
    } catch (IdRepoException e) {
        String strError = getErrorString(e);
        String[] paramsEx = { realm, AMAdminConstants.DISCOVERY_SERVICE, strError };
        logEvent("IDREPO_EXCEPTION_ASSIGN_SERVICE_TO_REALM", paramsEx);
        throw new AMConsoleException(strError);
    } catch (SMSException e) {
        String strError = getErrorString(e);
        String[] paramsEx = { realm, AMAdminConstants.DISCOVERY_SERVICE, strError };
        logEvent("SMS_EXCEPTION_ASSIGN_SERVICE_TO_REALM", paramsEx);
        throw new AMConsoleException(strError);
    }
}