Examples with AMIdentityRepository com.sun.identity.idm.AMIdentityRepository used on opensource projects

Example 6 with AMIdentityRepository

use of com.sun.identity.idm.AMIdentityRepository in project OpenAM by OpenRock.

the class CramMD5MechanismHandler method getUserPassword.

private static String getUserPassword(String userName) {
    try {
        SSOToken adminToken = (SSOToken) AccessController.doPrivileged(AdminTokenAction.getInstance());
        AMIdentityRepository idRepo = new AMIdentityRepository(adminToken, SMSEntry.getRootSuffix());
        IdSearchControl searchControl = new IdSearchControl();
        searchControl.setTimeOut(0);
        searchControl.setMaxResults(0);
        searchControl.setAllReturnAttributes(false);
        IdSearchResults searchResults = idRepo.searchIdentities(IdType.USER, userName, searchControl);
        Set users = searchResults.getSearchResults();
        if (users == null || users.isEmpty()) {
            if (debug.messageEnabled()) {
                debug.message("CramMD5MechanismHandler.getUserPassword: " + "no user found");
            }
            return null;
        }
        if (users.size() > 1) {
            if (debug.messageEnabled()) {
                debug.message("CramMD5MechanismHandler.getUserPassword: " + "more than 1 user found");
            }
            return null;
        }
        AMIdentity user = (AMIdentity) users.iterator().next();
        Set passwords = user.getAttribute("userPassword");
        if (passwords == null || passwords.isEmpty()) {
            if (debug.messageEnabled()) {
                debug.message("CramMD5MechanismHandler.getUserPassword: " + "user has no password");
            }
            return null;
        }
        if (passwords.size() > 1) {
            if (debug.messageEnabled()) {
                debug.message("CramMD5MechanismHandler.getUserPassword: " + "user has more than 1 passwords");
            }
            return null;
        }
        String password = (String) passwords.iterator().next();
        if (password.startsWith("{CLEAR}")) {
            password = password.substring(7);
        }
        return password;
    } catch (Exception ex) {
        AuthnSvcUtils.debug.error("CramMD5MechanismHandler.getUserPassword: ", ex);
        return null;
    }
}

Example 7 with AMIdentityRepository

use of com.sun.identity.idm.AMIdentityRepository in project OpenAM by OpenRock.

the class ClientResourceManager method createIdentity.

public void createIdentity(String realm, String id, Map<String, Set<String>> attrs) throws IdRepoException, SSOException {
    AMIdentityRepository repo = new AMIdentityRepository(getAdminToken(), realm);
    repo.createIdentity(IdType.AGENTONLY, id, attrs);
}

Example 8 with AMIdentityRepository

use of com.sun.identity.idm.AMIdentityRepository in project OpenAM by OpenRock.

the class IdentityServicesImpl method search.

/**
     * Searches the identity repository to find all identities that match the search criteria.
     *
     * @param crestQuery A CREST Query object which will contain either a _queryId or a _queryFilter.
     * @param searchModifiers The search modifiers
     * @param admin Your SSO token.
     * @return a list of matching identifiers.
     * @throws ResourceException
     */
public List<String> search(CrestQuery crestQuery, Map<String, Set<String>> searchModifiers, SSOToken admin) throws ResourceException {
    List<String> rv = new ArrayList<>();
    try {
        String realm = "/";
        String objectType = "User";
        if (searchModifiers != null) {
            realm = attractValues("realm", searchModifiers, "/");
            objectType = attractValues("objecttype", searchModifiers, "User");
        }
        AMIdentityRepository repo = getRepo(admin, realm);
        IdType idType = getIdType(objectType);
        if (idType != null) {
            List<AMIdentity> objList = fetchAMIdentities(idType, crestQuery, false, repo, searchModifiers);
            if (objList != null && !objList.isEmpty()) {
                List<String> names = getNames(realm, idType, objList);
                if (!names.isEmpty()) {
                    for (String name : names) {
                        rv.add(name);
                    }
                }
            }
        } else {
            debug.error("IdentityServicesImpl:search unsupported IdType" + objectType);
            throw new BadRequestException("search unsupported IdType: " + objectType);
        }
    } catch (IdRepoException e) {
        debug.error("IdentityServicesImpl:search", e);
        throw new InternalServerErrorException(e.getMessage());
    } catch (SSOException e) {
        debug.error("IdentityServicesImpl:search", e);
        throw new InternalServerErrorException(e.getMessage());
    } catch (ObjectNotFound e) {
        debug.error("IdentityServicesImpl:search", e);
        throw new NotFoundException(e.getMessage());
    }
    return rv;
}

Example 9 with AMIdentityRepository

use of com.sun.identity.idm.AMIdentityRepository in project OpenAM by OpenRock.

the class IdentityServicesImpl method delete.

/**
     * Deletes an {@code AMIdentity} from the identity repository that match
     * the details specified in {@code identity}.
     *
     * @param identity The identity to delete.
     * @param admin The admin token.
     * @throws ResourceException If a problem occurs.
     */
public void delete(IdentityDetails identity, SSOToken admin) throws ResourceException {
    if (identity == null) {
        throw new BadRequestException("delete failed: identity object not specified.");
    }
    String name = identity.getName();
    String identityType = identity.getType();
    String realm = identity.getRealm();
    if (name == null) {
        throw new NotFoundException("delete failed: null object name.");
    }
    if (realm == null) {
        realm = "/";
    }
    try {
        AMIdentity amIdentity = getAMIdentity(admin, identityType, name, realm);
        if (amIdentity != null) {
            if (isSpecialUser(amIdentity)) {
                throw new ForbiddenException("Cannot delete user.");
            }
            AMIdentityRepository repo = getRepo(admin, realm);
            IdType idType = amIdentity.getType();
            if (IdType.GROUP.equals(idType) || IdType.ROLE.equals(idType)) {
                // First remove users from memberships
                Set<AMIdentity> members = getMembers(amIdentity, IdType.USER);
                for (AMIdentity member : members) {
                    try {
                        removeMember(repo, amIdentity, member);
                    } catch (IdRepoException ex) {
                    //ignore this, member maybe already removed.
                    }
                }
            }
            deleteAMIdentity(repo, amIdentity);
        } else {
            String msg = "Object \'" + name + "\' of type \'" + identityType + "\' was not found.";
            throw new NotFoundException(msg);
        }
    } catch (IdRepoException ex) {
        debug.error("IdentityServicesImpl:delete", ex);
        throw RESOURCE_MAPPING_HANDLER.handleError(ex);
    } catch (SSOException ex) {
        debug.error("IdentityServicesImpl:delete", ex);
        throw new BadRequestException(ex.getMessage());
    } catch (ObjectNotFound e) {
        debug.error("IdentityServicesImpl:delete", e);
        throw new NotFoundException(e.getMessage());
    }
}

Example 10 with AMIdentityRepository

use of com.sun.identity.idm.AMIdentityRepository in project OpenAM by OpenRock.

the class IdentityGroupToEntitlementGroupTest method setup.

@BeforeClass
public void setup() throws Exception {
    SSOToken adminToken = (SSOToken) AccessController.doPrivileged(AdminTokenAction.getInstance());
    AMIdentityRepository amir = new AMIdentityRepository(adminToken, "/");
    group1 = amir.createIdentity(IdType.GROUP, GROUP_NAME1, Collections.EMPTY_MAP);
    group2 = amir.createIdentity(IdType.GROUP, GROUP_NAME2, Collections.EMPTY_MAP);
}