Examples with IdSearchControl com.sun.identity.idm.IdSearchControl used on opensource projects

Example 16 with IdSearchControl

use of com.sun.identity.idm.IdSearchControl in project OpenAM by OpenRock.

the class OpenAMClientDAO method read.

/**
     * {@inheritDoc}
     */
public Client read(String clientId, OAuth2Request request) throws UnauthorizedClientException {
    Map<String, Set<String>> clientAttributes = new HashMap<String, Set<String>>();
    try {
        AMIdentity theID = null;
        final SSOToken token = AccessController.doPrivileged(AdminTokenAction.getInstance());
        final String realm = request.getParameter(OAuth2Constants.Custom.REALM);
        AMIdentityRepository repo = idRepoFactory.create(realm, token);
        IdSearchControl idsc = new IdSearchControl();
        idsc.setRecursive(true);
        idsc.setAllReturnAttributes(true);
        // search for the identity
        Set<AMIdentity> results;
        idsc.setMaxResults(0);
        IdSearchResults searchResults = repo.searchIdentities(IdType.AGENTONLY, clientId, idsc);
        results = searchResults.getSearchResults();
        if (results == null || results.size() != 1) {
            logger.error("OpenAMClientDAO.read(): No client profile or more than one profile found.");
            throw new UnauthorizedClientException("Not able to get client from OpenAM");
        }
        theID = results.iterator().next();
        //if the client is deactivated return null
        if (!theID.isActive()) {
            theID = null;
        } else {
            clientAttributes = theID.getAttributes();
        }
    } catch (UnauthorizedClientException e) {
        logger.error("OpenAMClientDAO.read(): Unable to get client AMIdentity: ", e);
        throw new UnauthorizedClientException("Not able to get client from OpenAM");
    } catch (SSOException e) {
        logger.error("OpenAMClientDAO.read(): Unable to get client AMIdentity: ", e);
        throw new UnauthorizedClientException("Not able to get client from OpenAM");
    } catch (IdRepoException e) {
        logger.error("OpenAMClientDAO.read(): Unable to get client AMIdentity: ", e);
        throw new UnauthorizedClientException("Not able to get client from OpenAM");
    }
    Client client = createClient(clientAttributes);
    client.setClientID(clientId);
    return client;
}

Example 17 with IdSearchControl

use of com.sun.identity.idm.IdSearchControl in project OpenAM by OpenRock.

the class IdentityServicesImpl method fetchAMIdentities.

private List<AMIdentity> fetchAMIdentities(IdType type, CrestQuery crestQuery, boolean fetchAllAttrs, AMIdentityRepository repo, Map searchModifiers) throws IdRepoException, ObjectNotFound, SSOException {
    IdSearchControl searchControl = new IdSearchControl();
    IdSearchResults searchResults;
    List<AMIdentity> identities;
    if (isOperationSupported(repo, type, IdOperation.READ)) {
        Set<AMIdentity> resultSet;
        if (fetchAllAttrs) {
            searchControl.setAllReturnAttributes(true);
        } else {
            searchControl.setAllReturnAttributes(false);
        }
        if (searchModifiers != null) {
            searchControl.setSearchModifiers(IdSearchOpModifier.AND, searchModifiers);
        }
        searchResults = repo.searchIdentities(type, crestQuery, searchControl);
        resultSet = searchResults.getSearchResults();
        identities = new ArrayList<>(resultSet);
    } else {
        // A list is expected back
        /*
             * TODO: throw an exception instead of returning an empty list
             */
        identities = new ArrayList<>();
    }
    return identities;
}

Example 18 with IdSearchControl

use of com.sun.identity.idm.IdSearchControl in project OpenAM by OpenRock.

the class LdapSPValidator method searchAgents.

private Map searchAgents(StringBuffer rootPrefix, String realm) throws Exception {
    /*
         * Search for attribute "sunIdentityServerDeviceKeyValue:
         * sunIdentityServerAgentRootURL=<rootURL>"
         */
    Map searchParams = new HashMap();
    Set attrValues = new HashSet(2);
    attrValues.add(PROVIDER_ID_ATTR_NAME + "=" + rootPrefix.toString());
    searchParams.put(LDAP_ATTR_NAME, attrValues);
    IdSearchControl idsc = new IdSearchControl();
    idsc.setTimeOut(0);
    idsc.setMaxResults(0);
    idsc.setSearchModifiers(IdSearchOpModifier.AND, searchParams);
    Set returnAttrs = new HashSet(4);
    returnAttrs.add(LDAP_ATTR_NAME);
    returnAttrs.add(LDAP_STATUS_ATTR_NAME);
    idsc.setReturnAttributes(returnAttrs);
    try {
        SSOToken adminToken = (SSOToken) AccessController.doPrivileged(AdminTokenAction.getInstance());
        IdSearchResults sr = null;
        if ((realm != null) && (realm.trim().length() > 0)) {
            AMIdentityRepository idRepo = new AMIdentityRepository(adminToken, realm);
            sr = idRepo.searchIdentities(IdType.AGENT, "*", idsc);
        } else {
            sr = amIdRepo.searchIdentities(IdType.AGENT, "*", idsc);
        }
        return sr.getResultAttributes();
    } catch (IdRepoException ire) {
        CDCServlet.debug.error("LdapSPValidator.searchAgents", ire);
        throw new Exception(ire);
    } catch (SSOException ssoe) {
        CDCServlet.debug.error("LdapSPValidator.searchAgents", ssoe);
        throw new Exception(ssoe);
    }
}

Example 19 with IdSearchControl

use of com.sun.identity.idm.IdSearchControl in project OpenAM by OpenRock.

the class DelegationPolicyImpl method getPermissions.

/**
     * Returns a set of permissions that a user has.
     * 
     * @param token sso token of the user requesting permissions
     * @param orgName The name of the realm from which the delegation 
     *        permissions are fetched.
     * 
     * @return a <code>Set</code> of permissions that a user has
     * 
     * @throws SSOException if single-sign-on token invalid or expired
     * @throws DelegationException for any other abnormal condition
     */
public Set getPermissions(SSOToken token, String orgName) throws SSOException, DelegationException {
    DelegationPrivilege dp;
    Set perms = new HashSet();
    Set subjects;
    AMIdentity userIdentity = null;
    AMIdentity subjectIdentity = null;
    IdSearchResults results = null;
    if (token == null) {
        if (DelegationManager.debug.warningEnabled()) {
            DelegationManager.debug.warning("DelegationPolicyImpl.getPermissions():" + "user sso token is null");
        }
        return perms;
    }
    try {
        userIdentity = IdUtils.getIdentity(token);
        if (userIdentity == null) {
            if (DelegationManager.debug.warningEnabled()) {
                DelegationManager.debug.warning("DelegationPolicyImpl.getPermissions():" + "could not get user's identity from token");
            }
            return perms;
        }
        Set privileges = getPrivileges(appToken, orgName);
        if ((privileges != null) && (!privileges.isEmpty())) {
            AMIdentityRepository idRepo = new AMIdentityRepository(appToken, orgName);
            IdSearchControl ctrl = new IdSearchControl();
            ctrl.setRecursive(true);
            ctrl.setMaxResults(-1);
            ctrl.setTimeOut(-1);
            Iterator it = privileges.iterator();
            while (it.hasNext()) {
                dp = (DelegationPrivilege) it.next();
                subjects = dp.getSubjects();
                if ((subjects != null) && (!subjects.isEmpty())) {
                    Iterator sit = subjects.iterator();
                    while (sit.hasNext()) {
                        String subject = (String) sit.next();
                        String subjectId = LDAPUtils.rdnValueFromDn(subject);
                        if (subjectId != null) {
                            results = idRepo.searchIdentities(IdType.ROLE, subjectId, ctrl);
                            if (results != null) {
                                Set idSet = results.getSearchResults();
                                if ((idSet != null) && !idSet.isEmpty()) {
                                    subjectIdentity = (AMIdentity) (idSet.iterator().next());
                                    if (userIdentity.isMember(subjectIdentity)) {
                                        perms.addAll(dp.getPermissions());
                                    }
                                }
                            }
                        }
                    }
                }
            }
        }
    } catch (Exception e) {
        throw new DelegationException(e);
    }
    return perms;
}

Example 20 with IdSearchControl

use of com.sun.identity.idm.IdSearchControl in project OpenAM by OpenRock.

the class DelegationPolicyImpl method getSubjects.

/**
     * Returns a set of selected subjects of specified types matching the
     * pattern in the given realm. The pattern accepts "*" as the wild card for
     * searching subjects. For example, "a*c" matches with any subject starting
     * with a and ending with c.
     * 
     * @param token The <code>SSOToken</code> of the requesting user
     * @param orgName The name of the realm from which the subjects are fetched.
     * @param types a set of subject types. e.g. ROLE, GROUP.
     * @param pattern a filter used to select the subjects.
     * 
     * @return a set of subjects associated with the realm.
     * 
     * @throws SSOException invalid or expired single-sign-on token
     * @throws DelegationException for any abnormal condition
     *
     * @return <code>Set</code> of universal Ids of the subjects associated 
     *         with the realm.
     *
     * @throws SSOException invalid or expired single-sign-on token
     * @throws DelegationException for any abnormal condition
     */
public Set getSubjects(SSOToken token, String orgName, Set types, String pattern) throws SSOException, DelegationException {
    Set results = new HashSet();
    // All Authenticated Users would be returned only if pattern is *
    if ((pattern != null) && pattern.equals("*")) {
        results.add(AUTHN_USERS_ID);
    }
    if (DelegationManager.debug.messageEnabled()) {
        DelegationManager.debug.message("DelegationPolicyImpl.getSubjects(): types=" + types);
    }
    try {
        AMIdentityRepository idRepo = new AMIdentityRepository(appToken, orgName);
        Set supportedTypes = idRepo.getSupportedIdTypes();
        if (DelegationManager.debug.messageEnabled()) {
            DelegationManager.debug.message("DelegationPolicyImpl.getSubjects(): " + "supported subject types=" + supportedTypes);
        }
        if ((supportedTypes != null) && (!supportedTypes.isEmpty()) && (types != null) && (!types.isEmpty())) {
            Iterator it = types.iterator();
            while (it.hasNext()) {
                IdType idType = IdUtils.getType((String) it.next());
                if (supportedTypes.contains(idType)) {
                    IdSearchControl ctrl = new IdSearchControl();
                    ctrl.setRecursive(true);
                    ctrl.setMaxResults(-1);
                    ctrl.setTimeOut(-1);
                    IdSearchResults idsr = idRepo.searchIdentities(idType, pattern, ctrl);
                    if (idsr != null) {
                        Set searchRes = idsr.getSearchResults();
                        if ((searchRes != null) && (!searchRes.isEmpty())) {
                            Iterator iter = searchRes.iterator();
                            while (iter.hasNext()) {
                                AMIdentity id = (AMIdentity) iter.next();
                                results.add(IdUtils.getUniversalId(id));
                            }
                        }
                    }
                }
            }
        }
        return results;
    } catch (IdRepoException ide) {
        throw new DelegationException(ide);
    }
}