Examples with IdRepoException com.sun.identity.idm.IdRepoException used on opensource projects

Example 6 with IdRepoException

use of com.sun.identity.idm.IdRepoException in project OpenAM by OpenRock.

the class OpenSSOGroupSubject method getSearchIndexAttributes.

/**
     * Returns search index attributes.
     *
     * @return search index attributes.
     */
@Override
public Map<String, Set<String>> getSearchIndexAttributes() {
    SubjectAttributesManager sam = getSubjectAttributesManager();
    if (sam != null) {
        Map<String, Set<String>> map = new HashMap<String, Set<String>>(4);
        if (sam.isGroupMembershipSearchIndexEnabled()) {
            Set<String> set = new HashSet<String>();
            String uuid = getID();
            SSOToken adminToken = (SSOToken) AccessController.doPrivileged(AdminTokenAction.getInstance());
            try {
                AMIdentity amid = IdUtils.getIdentity(adminToken, uuid);
                set.add(OpenSSOSubjectAttributesCollector.getIDWithoutOrgName(amid));
            } catch (IdRepoException ex) {
                if (PrivilegeManager.debug.messageEnabled()) {
                    PrivilegeManager.debug.message("OpenSSOGroupSubject.getSearchIndexAttributes", ex);
                }
                set.add(uuid);
            }
            map.put(SubjectAttributesCollector.NAMESPACE_MEMBERSHIP + IdType.GROUP.getName(), set);
        } else {
            Set<String> set = new HashSet<String>();
            set.add(SubjectAttributesCollector.ATTR_NAME_ALL_ENTITIES);
            map.put(SubjectAttributesCollector.NAMESPACE_IDENTITY, set);
        }
        return map;
    } else {
        return super.getSearchIndexAttributes();
    }
}

Example 7 with IdRepoException

use of com.sun.identity.idm.IdRepoException in project OpenAM by OpenRock.

the class OpenSSOSubjectAttributesCollector method hasAttribute.

/**
     * Returns <code>true</code> if attribute value for the given user
     * represented by <class>Subject</class> object is present.
     *
     * @param subject identity of the user
     * @param attrName attribute name to check
     * @param attrValue attribute value to check
     * @return <code>true</code> if attribute value for the given user
     * represented by <class>Subject</class> object is present.
     * @throws com.sun.identity.entitlement.EntitlementException if this
     * operation failed.
     */
public boolean hasAttribute(Subject subject, String attrName, String attrValue) throws EntitlementException {
    String uuid = SubjectUtils.getPrincipalId(subject);
    try {
        SSOToken adminToken = (SSOToken) AccessController.doPrivileged(AdminTokenAction.getInstance());
        AMIdentity amid = new AMIdentity(adminToken, uuid);
        if (attrName.startsWith(NAMESPACE_ATTR)) {
            Set<String> values = amid.getAttribute(attrName.substring(NAMESPACE_ATTR.length()));
            return (values != null) ? values.contains(attrValue) : false;
        } else if (attrName.startsWith(NAMESPACE_MEMBERSHIP)) {
            IdType type = IdUtils.getType(attrName.substring(NAMESPACE_MEMBERSHIP.length()));
            if (type != null) {
                AMIdentity parent = new AMIdentity(adminToken, attrValue);
                if (parent.getType().equals(type)) {
                    Set<String> members = parent.getMembers(IdType.USER);
                    return members.contains(amid.getUniversalId());
                }
            }
        }
        return false;
    } catch (IdRepoException e) {
        Object[] params = { uuid };
        throw new EntitlementException(601, params, e);
    } catch (SSOException e) {
        Object[] params = { uuid };
        throw new EntitlementException(601, params, e);
    }
}

Example 8 with IdRepoException

use of com.sun.identity.idm.IdRepoException in project OpenAM by OpenRock.

the class OpenSSOSubjectAttributesCollector method getUserAttributes.

/**
     * Returns the attribute values of the given user represented by
     * <class>Subject</class> object.
     *
     * @param subject identity of the user.
     * @param attrNames requested attribute names.
     * @return a map of attribute names and their values
     * @throws com.sun.identity.entitlement.EntitlementException if this
     * operation failed.
     */
public Map<String, Set<String>> getUserAttributes(Subject subject, Set<String> attrNames) throws EntitlementException {
    String uuid = SubjectUtils.getPrincipalId(subject);
    try {
        SSOToken adminToken = (SSOToken) AccessController.doPrivileged(AdminTokenAction.getInstance());
        AMIdentity amid = new AMIdentity(adminToken, uuid);
        return amid.getAttributes(attrNames);
    } catch (IdRepoException e) {
        Object[] params = { uuid };
        throw new EntitlementException(601, params, e);
    } catch (SSOException e) {
        Object[] params = { uuid };
        throw new EntitlementException(601, params, e);
    }
}

Example 9 with IdRepoException

use of com.sun.identity.idm.IdRepoException in project OpenAM by OpenRock.

the class DefaultOpenIdConnectTokenClaimMapper method getCustomClaims.

@Override
public Map<String, String> getCustomClaims(SSOToken token, Map<String, String> claimMap) throws TokenCreationException {
    try {
        final AMIdentity amIdentity = IdUtils.getIdentity(token);
        final HashSet<String> attributeNames = new HashSet<>(claimMap.size());
        attributeNames.addAll(claimMap.values());
        Map<String, String> joinedMappings = joinMultiValues(amIdentity.getAttributes(attributeNames));
        /*
             At this point, the key entries joinedMappings will be the attribute name, and the value will be the
             corresponding value pulled from the user data store. Because I need to return a Map where the keys are the
             claim names, as in the claimMap parameter, I need to create a new map, whose keys correspond to the
             keys in the claimMap parameter, and whose value correspond to the joinedMappings value.
             */
        Map<String, String> adjustedMap = new HashMap<>(joinedMappings.size());
        for (Map.Entry<String, String> claimMapEntry : claimMap.entrySet()) {
            if (!StringUtils.isEmpty(joinedMappings.get(claimMapEntry.getValue()))) {
                adjustedMap.put(claimMapEntry.getKey(), joinedMappings.get(claimMapEntry.getValue()));
            }
        }
        return adjustedMap;
    } catch (IdRepoException | SSOException e) {
        throw new TokenCreationException(ResourceException.INTERNAL_ERROR, "Exception encountered in claim attribute lookup: " + e, e);
    }
}

Example 10 with IdRepoException

use of com.sun.identity.idm.IdRepoException in project OpenAM by OpenRock.

the class DelegationPolicyImpl method getSubjects.

/**
     * Returns a set of selected subjects of specified types matching the
     * pattern in the given realm. The pattern accepts "*" as the wild card for
     * searching subjects. For example, "a*c" matches with any subject starting
     * with a and ending with c.
     * 
     * @param token The <code>SSOToken</code> of the requesting user
     * @param orgName The name of the realm from which the subjects are fetched.
     * @param types a set of subject types. e.g. ROLE, GROUP.
     * @param pattern a filter used to select the subjects.
     * 
     * @return a set of subjects associated with the realm.
     * 
     * @throws SSOException invalid or expired single-sign-on token
     * @throws DelegationException for any abnormal condition
     *
     * @return <code>Set</code> of universal Ids of the subjects associated 
     *         with the realm.
     *
     * @throws SSOException invalid or expired single-sign-on token
     * @throws DelegationException for any abnormal condition
     */
public Set getSubjects(SSOToken token, String orgName, Set types, String pattern) throws SSOException, DelegationException {
    Set results = new HashSet();
    // All Authenticated Users would be returned only if pattern is *
    if ((pattern != null) && pattern.equals("*")) {
        results.add(AUTHN_USERS_ID);
    }
    if (DelegationManager.debug.messageEnabled()) {
        DelegationManager.debug.message("DelegationPolicyImpl.getSubjects(): types=" + types);
    }
    try {
        AMIdentityRepository idRepo = new AMIdentityRepository(appToken, orgName);
        Set supportedTypes = idRepo.getSupportedIdTypes();
        if (DelegationManager.debug.messageEnabled()) {
            DelegationManager.debug.message("DelegationPolicyImpl.getSubjects(): " + "supported subject types=" + supportedTypes);
        }
        if ((supportedTypes != null) && (!supportedTypes.isEmpty()) && (types != null) && (!types.isEmpty())) {
            Iterator it = types.iterator();
            while (it.hasNext()) {
                IdType idType = IdUtils.getType((String) it.next());
                if (supportedTypes.contains(idType)) {
                    IdSearchControl ctrl = new IdSearchControl();
                    ctrl.setRecursive(true);
                    ctrl.setMaxResults(-1);
                    ctrl.setTimeOut(-1);
                    IdSearchResults idsr = idRepo.searchIdentities(idType, pattern, ctrl);
                    if (idsr != null) {
                        Set searchRes = idsr.getSearchResults();
                        if ((searchRes != null) && (!searchRes.isEmpty())) {
                            Iterator iter = searchRes.iterator();
                            while (iter.hasNext()) {
                                AMIdentity id = (AMIdentity) iter.next();
                                results.add(IdUtils.getUniversalId(id));
                            }
                        }
                    }
                }
            }
        }
        return results;
    } catch (IdRepoException ide) {
        throw new DelegationException(ide);
    }
}