Example 86 with AMIdentityRepository
use of com.sun.identity.idm.AMIdentityRepository in project OpenAM by OpenRock.
the class RealmGetServiceAttributeValues method handleRequest.
/**
* Services a Commandline Request.
*
* @param rc Request Context.
* @throws CLIException if the request cannot serviced.
*/
public void handleRequest(RequestContext rc) throws CLIException {
super.handleRequest(rc);
ldapLogin();
SSOToken adminSSOToken = getAdminSSOToken();
String realm = getStringOptionValue(IArgument.REALM_NAME);
String serviceName = getStringOptionValue(IArgument.SERVICE_NAME);
IOutput outputWriter = getOutputWriter();
try {
String[] params = { realm, serviceName };
writeLog(LogWriter.LOG_ACCESS, Level.INFO, "ATTEMPT_GET_REALM_SERVICE_ATTR_VALUES", params);
Map attributeValues = null;
AMIdentityRepository repo = new AMIdentityRepository(adminSSOToken, realm);
AMIdentity ai = repo.getRealmIdentity();
Set servicesFromIdRepo = ai.getAssignedServices();
if (servicesFromIdRepo.contains(serviceName)) {
attributeValues = ai.getServiceAttributes(serviceName);
} else {
OrganizationConfigManager ocm = new OrganizationConfigManager(adminSSOToken, realm);
attributeValues = ocm.getServiceAttributes(serviceName);
}
if ((attributeValues != null) && !attributeValues.isEmpty()) {
outputWriter.printlnMessage(FormatUtils.printAttributeValues(getResourceString("get-service-attr-values-of-realm-result"), attributeValues, CLIUtil.getPasswordFields(serviceName)));
} else {
outputWriter.printlnMessage(getResourceString("get-service-attr-values-of-realm-no-attr"));
}
writeLog(LogWriter.LOG_ACCESS, Level.INFO, "SUCCEED_GET_REALM_SERVICE_ATTR_VALUES", params);
} catch (IdRepoException e) {
String[] args = { realm, serviceName, e.getMessage() };
debugError("RealmGetServiceAttributeValues.handleRequest", e);
writeLog(LogWriter.LOG_ERROR, Level.INFO, "FAILED_GET_REALM_SERVICE_ATTR_VALUES", args);
throw new CLIException(e, ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
} catch (SSOException e) {
String[] args = { realm, serviceName, e.getMessage() };
debugError("RealmGetServiceAttributeValues.handleRequest", e);
writeLog(LogWriter.LOG_ERROR, Level.INFO, "FAILED_GET_REALM_SERVICE_ATTR_VALUES", args);
throw new CLIException(e, ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
} catch (SMSException e) {
String[] args = { realm, serviceName, e.getMessage() };
debugError("RealmGetServiceAttributeValues.handleRequest", e);
writeLog(LogWriter.LOG_ERROR, Level.INFO, "FAILED_GET_REALM_SERVICE_ATTR_VALUES", args);
throw new CLIException(e, ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
}
}
Also used :
SSOToken(com.iplanet.sso.SSOToken)
Set(java.util.Set)
SMSException(com.sun.identity.sm.SMSException)
IdRepoException(com.sun.identity.idm.IdRepoException)
SSOException(com.iplanet.sso.SSOException)
IOutput(com.sun.identity.cli.IOutput)
AMIdentity(com.sun.identity.idm.AMIdentity)
OrganizationConfigManager(com.sun.identity.sm.OrganizationConfigManager)
AMIdentityRepository(com.sun.identity.idm.AMIdentityRepository)
CLIException(com.sun.identity.cli.CLIException)
Map(java.util.Map)
Example 87 with AMIdentityRepository
use of com.sun.identity.idm.AMIdentityRepository in project OpenAM by OpenRock.
the class RealmUnassignService method handleRequest.
/**
* Services a Commandline Request.
*
* @param rc Request Context.
* @throws CLIException if the request cannot serviced.
*/
public void handleRequest(RequestContext rc) throws CLIException {
super.handleRequest(rc);
ldapLogin();
SSOToken adminSSOToken = getAdminSSOToken();
String realm = getStringOptionValue(IArgument.REALM_NAME);
String serviceName = getStringOptionValue(IArgument.SERVICE_NAME);
IOutput outputWriter = getOutputWriter();
try {
OrganizationConfigManager ocm = new OrganizationConfigManager(adminSSOToken, realm);
Set assignedServices = ocm.getAssignedServices();
AMIdentityRepository amir = new AMIdentityRepository(adminSSOToken, realm);
AMIdentity ai = amir.getRealmIdentity();
Set dynAssignedServices = ai.getAssignedServices();
String[] params = { realm, serviceName };
boolean unassigned = false;
if (assignedServices.contains(serviceName)) {
writeLog(LogWriter.LOG_ACCESS, Level.INFO, "ATTEMPT_UNASSIGN_SERVICE_FROM_REALM", params);
ocm.unassignService(serviceName);
outputWriter.printlnMessage(MessageFormat.format(getResourceString("unassign-service-from-realm-succeed"), (Object[]) params));
writeLog(LogWriter.LOG_ACCESS, Level.INFO, "SUCCEED_UNASSIGN_SERVICE_FROM_REALM", params);
unassigned = true;
}
if (dynAssignedServices.contains(serviceName)) {
writeLog(LogWriter.LOG_ACCESS, Level.INFO, "ATTEMPT_UNASSIGN_SERVICE_FROM_REALM", params);
ai.unassignService(serviceName);
outputWriter.printlnMessage(MessageFormat.format(getResourceString("unassign-service-from-realm-succeed"), (Object[]) params));
writeLog(LogWriter.LOG_ACCESS, Level.INFO, "SUCCEED_UNASSIGN_SERVICE_FROM_REALM", params);
unassigned = true;
}
if (!unassigned) {
outputWriter.printlnMessage(MessageFormat.format(getResourceString("unassign-service-from-realm-service-not-assigned"), (Object[]) params));
}
} catch (SSOException e) {
String[] args = { realm, e.getMessage() };
debugError("RealmUnassignService.handleRequest", e);
writeLog(LogWriter.LOG_ERROR, Level.INFO, "FAILED_UNASSIGN_SERVICE_FROM_REALM", args);
throw new CLIException(e, ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
} catch (IdRepoException e) {
String[] args = { realm, e.getMessage() };
debugError("RealmUnassignService.handleRequest", e);
writeLog(LogWriter.LOG_ERROR, Level.INFO, "FAILED_UNASSIGN_SERVICE_FROM_REALM", args);
throw new CLIException(e, ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
} catch (SMSException e) {
String[] args = { realm, e.getMessage() };
debugError("RealmUnassignService.handleRequest", e);
writeLog(LogWriter.LOG_ERROR, Level.INFO, "FAILED_UNASSIGN_SERVICE_FROM_REALM", args);
throw new CLIException(e, ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
}
}
Also used :
SSOToken(com.iplanet.sso.SSOToken)
Set(java.util.Set)
SMSException(com.sun.identity.sm.SMSException)
IdRepoException(com.sun.identity.idm.IdRepoException)
SSOException(com.iplanet.sso.SSOException)
IOutput(com.sun.identity.cli.IOutput)
OrganizationConfigManager(com.sun.identity.sm.OrganizationConfigManager)
AMIdentity(com.sun.identity.idm.AMIdentity)
AMIdentityRepository(com.sun.identity.idm.AMIdentityRepository)
CLIException(com.sun.identity.cli.CLIException)
Example 88 with AMIdentityRepository
use of com.sun.identity.idm.AMIdentityRepository in project OpenAM by OpenRock.
the class IsMember method handleRequest.
/**
* Services a Commandline Request.
*
* @param rc Request Context.
* @throws CLIException if the request cannot serviced.
*/
public void handleRequest(RequestContext rc) throws CLIException {
super.handleRequest(rc);
SSOToken adminSSOToken = getAdminSSOToken();
IOutput outputWriter = getOutputWriter();
String realm = getStringOptionValue(IArgument.REALM_NAME);
String idName = getStringOptionValue(ARGUMENT_ID_NAME);
String type = getStringOptionValue(ARGUMENT_ID_TYPE);
IdType idType = convert2IdType(type);
String memberIdName = getStringOptionValue(ARGUMENT_MEMBER_IDNAME);
String memberType = getStringOptionValue(ARGUMENT_MEMBER_IDTYPE);
IdType memberIdType = convert2IdType(memberType);
String[] params = { realm, type, idName, memberIdName, memberType };
try {
AMIdentityRepository amir = new AMIdentityRepository(adminSSOToken, realm);
Set memberOfs = memberIdType.canBeMemberOf();
if (!memberOfs.contains(idType)) {
String[] args = { type, memberType };
throw new CLIException(MessageFormat.format(getResourceString("idrepo-cannot-be-member"), (Object[]) args), ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
}
writeLog(LogWriter.LOG_ACCESS, Level.INFO, "ATTEMPT_IDREPO_IS_MEMBER", params);
AMIdentity amid = new AMIdentity(adminSSOToken, idName, idType, realm, null);
AMIdentity memberAmid = new AMIdentity(adminSSOToken, memberIdName, memberIdType, realm, null);
String[] args = { memberIdName, idName };
if (memberAmid.isMember(amid)) {
String msg = getResourceString("idrepo-ismembers-positive-result");
outputWriter.printlnMessage(MessageFormat.format(msg, (Object[]) args));
} else {
String msg = getResourceString("idrepo-ismembers-negative-result");
outputWriter.printlnMessage(MessageFormat.format(msg, (Object[]) args));
}
outputWriter.printlnMessage(MessageFormat.format(getResourceString("idrepo-get-ismember-succeed"), (Object[]) params));
writeLog(LogWriter.LOG_ACCESS, Level.INFO, "SUCCEED_IDREPO_IS_MEMBER", params);
} catch (IdRepoException e) {
String[] args = { realm, type, idName, memberIdName, memberType, e.getMessage() };
debugError("IsMember.handleRequest", e);
writeLog(LogWriter.LOG_ERROR, Level.INFO, "FAILED_IDREPO_IS_MEMBER", args);
throw new CLIException(e, ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
} catch (SSOException e) {
String[] args = { realm, type, idName, memberIdName, memberType, e.getMessage() };
debugError("IsMember.handleRequest", e);
writeLog(LogWriter.LOG_ERROR, Level.INFO, "FAILED_IDREPO_IS_MEMBER", args);
throw new CLIException(e, ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
}
}
Also used :
SSOToken(com.iplanet.sso.SSOToken)
Set(java.util.Set)
IOutput(com.sun.identity.cli.IOutput)
AMIdentity(com.sun.identity.idm.AMIdentity)
AMIdentityRepository(com.sun.identity.idm.AMIdentityRepository)
IdRepoException(com.sun.identity.idm.IdRepoException)
CLIException(com.sun.identity.cli.CLIException)
SSOException(com.iplanet.sso.SSOException)
IdType(com.sun.identity.idm.IdType)
Example 89 with AMIdentityRepository
use of com.sun.identity.idm.AMIdentityRepository in project OpenAM by OpenRock.
the class AMLoginModule method authenticateToDatastore.
/**
* Authenticates to the datastore using idRepo API
*
* @param callbacks Array of last submitted callbacks to the
* authentication module
* @return <code>true</code> if success. <code>false</code> if failure
* @throws <code> AuthLoginException </code>
*/
private boolean authenticateToDatastore(Callback[] callbacks) throws AuthLoginException {
boolean retval = false;
boolean needToCheck = false;
Callback[] idrepoCallbacks = new Callback[2];
String userName = null;
char[] password = null;
for (int i = 0; i < callbacks.length; i++) {
if (callbacks[i] instanceof NameCallback) {
NameCallback nc = (NameCallback) callbacks[i];
userName = nc.getName();
if (debug.messageEnabled()) {
debug.message("AMLoginModule.authenticateToDatastore:: " + " user is : " + userName);
debug.message("AMLoginModule.authenticateToDatastore:: " + " Internal users : " + LoginState.INTERNAL_USERS);
}
if (LoginState.INTERNAL_USERS.contains(userName.toLowerCase())) {
needToCheck = true;
} else {
break;
}
} else if (callbacks[i] instanceof PasswordCallback) {
PasswordCallback pc = (PasswordCallback) callbacks[i];
password = pc.getPassword();
}
}
if (needToCheck == false) {
return true;
}
if (debug.messageEnabled()) {
debug.message("AMLoginModule.authenticateToDatastore:: " + "Authenticating Internal user to configuration store");
}
NameCallback nameCallback = new NameCallback("NamePrompt");
nameCallback.setName(userName);
idrepoCallbacks[0] = nameCallback;
PasswordCallback passwordCallback = new PasswordCallback("PasswordPrompt", false);
passwordCallback.setPassword(password);
idrepoCallbacks[1] = passwordCallback;
try {
AMIdentityRepository idrepo = getAMIdentityRepository(getRequestOrg());
retval = idrepo.authenticate(idrepoCallbacks);
if (debug.messageEnabled()) {
debug.message("AMLoginModule.authenticateToDatastore:: " + " IDRepo authentication successful");
}
} catch (IdRepoException idrepoExp) {
if (debug.messageEnabled()) {
debug.message("AMLoginModule.authenticateToDatastore:: " + "IdRepo Exception : ", idrepoExp);
}
} catch (InvalidPasswordException ipe) {
throw new AuthLoginException(AMAuthErrorCode.AUTH_MODULE_DENIED);
}
return retval;
}
Also used :
HiddenValueCallback(com.sun.identity.authentication.callbacks.HiddenValueCallback)
ScriptTextOutputCallback(com.sun.identity.authentication.callbacks.ScriptTextOutputCallback)
PasswordCallback(javax.security.auth.callback.PasswordCallback)
Callback(javax.security.auth.callback.Callback)
TextInputCallback(javax.security.auth.callback.TextInputCallback)
TextOutputCallback(javax.security.auth.callback.TextOutputCallback)
LoginStateCallback(com.sun.identity.authentication.service.LoginStateCallback)
ChoiceCallback(javax.security.auth.callback.ChoiceCallback)
NameCallback(javax.security.auth.callback.NameCallback)
ConfirmationCallback(javax.security.auth.callback.ConfirmationCallback)
NameCallback(javax.security.auth.callback.NameCallback)
AMIdentityRepository(com.sun.identity.idm.AMIdentityRepository)
IdRepoException(com.sun.identity.idm.IdRepoException)
PasswordCallback(javax.security.auth.callback.PasswordCallback)
SessionConstraint(com.iplanet.dpro.session.service.SessionConstraint)
Example 90 with AMIdentityRepository
use of com.sun.identity.idm.AMIdentityRepository in project OpenAM by OpenRock.
the class IdentityServicesImpl method searchIdentityDetails.
/**
* Searches the identity repository to find all identities that match the search criteria and returns them as a
* list of identities.
*
* @param crestQuery A CREST Query object which will contain either a _queryId or a _queryFilter.
* @param searchModifiers The search modifiers
* @param admin Your SSO token.
* @return a list of matching identities.
* @throws ResourceException
*/
public List<IdentityDetails> searchIdentityDetails(CrestQuery crestQuery, Map<String, Set<String>> searchModifiers, SSOToken admin) throws ResourceException {
try {
String realm = "/";
String objectType = "User";
if (searchModifiers != null) {
realm = attractValues("realm", searchModifiers, "/");
objectType = attractValues("objecttype", searchModifiers, "User");
}
AMIdentityRepository repo = getRepo(admin, realm);
IdType idType = getIdType(objectType);
if (idType != null) {
List<AMIdentity> identities = fetchAMIdentities(idType, crestQuery, true, repo, searchModifiers);
List<IdentityDetails> result = new ArrayList<>();
for (AMIdentity identity : identities) {
result.add(convertToIdentityDetails(identity, null));
}
return result;
}
debug.error("IdentityServicesImpl.searchIdentities unsupported IdType " + objectType);
throw new BadRequestException("searchIdentities: unsupported IdType " + objectType);
} catch (IdRepoException e) {
debug.error("IdentityServicesImpl.searchIdentities", e);
throw new InternalServerErrorException(e.getMessage());
} catch (SSOException e) {
debug.error("IdentityServicesImpl.searchIdentities", e);
throw new InternalServerErrorException(e.getMessage());
} catch (ObjectNotFound e) {
debug.error("IdentityServicesImpl.searchIdentities", e);
throw new NotFoundException(e.getMessage());
}
}
Also used :
ArrayList(java.util.ArrayList)
IdRepoException(com.sun.identity.idm.IdRepoException)
NotFoundException(org.forgerock.json.resource.NotFoundException)
SSOException(com.iplanet.sso.SSOException)
IdType(com.sun.identity.idm.IdType)
ObjectNotFound(com.sun.identity.idsvcs.ObjectNotFound)
AMIdentity(com.sun.identity.idm.AMIdentity)
AMIdentityRepository(com.sun.identity.idm.AMIdentityRepository)
IdentityDetails(com.sun.identity.idsvcs.IdentityDetails)
BadRequestException(org.forgerock.json.resource.BadRequestException)
InternalServerErrorException(org.forgerock.json.resource.InternalServerErrorException)
Aggregations
AMIdentityRepository (com.sun.identity.idm.AMIdentityRepository)138
IdRepoException (com.sun.identity.idm.IdRepoException)103
SSOException (com.iplanet.sso.SSOException)94
AMIdentity (com.sun.identity.idm.AMIdentity)85
Set (java.util.Set)82
HashSet (java.util.HashSet)58
SSOToken (com.iplanet.sso.SSOToken)56
IdSearchControl (com.sun.identity.idm.IdSearchControl)36
IdSearchResults (com.sun.identity.idm.IdSearchResults)36
Iterator (java.util.Iterator)32
CLIException (com.sun.identity.cli.CLIException)29
HashMap (java.util.HashMap)29
IdType (com.sun.identity.idm.IdType)28
Map (java.util.Map)27
IOutput (com.sun.identity.cli.IOutput)26
SMSException (com.sun.identity.sm.SMSException)24
OrganizationConfigManager (com.sun.identity.sm.OrganizationConfigManager)20
List (java.util.List)13
AMConsoleException (com.sun.identity.console.base.model.AMConsoleException)12
Callback (javax.security.auth.callback.Callback)6
