Search in sources :

Example 36 with IdSearchControl

use of com.sun.identity.idm.IdSearchControl in project OpenAM by OpenRock.

the class OpenAMScopeValidator method getTimestamps.

private AMHashMap getTimestamps(String username, String realm, String modifyTimestamp, String createTimestamp) throws IdRepoException, SSOException {
    final SSOToken token = AccessController.doPrivileged(AdminTokenAction.getInstance());
    final AMIdentityRepository amIdRepo = new AMIdentityRepository(token, realm);
    final IdSearchControl searchConfig = new IdSearchControl();
    searchConfig.setReturnAttributes(new HashSet<String>(Arrays.asList(modifyTimestamp, createTimestamp)));
    searchConfig.setMaxResults(0);
    final IdSearchResults searchResults = amIdRepo.searchIdentities(IdType.USER, username, searchConfig);
    final Iterator searchResultsItr = searchResults.getResultAttributes().values().iterator();
    if (searchResultsItr.hasNext()) {
        return (AMHashMap) searchResultsItr.next();
    } else {
        logger.warning("Error retrieving timestamps from datastore");
        throw new IdRepoException();
    }
}
Also used : SSOToken(com.iplanet.sso.SSOToken) AMHashMap(com.iplanet.am.sdk.AMHashMap) IdSearchResults(com.sun.identity.idm.IdSearchResults) AMIdentityRepository(com.sun.identity.idm.AMIdentityRepository) IdSearchControl(com.sun.identity.idm.IdSearchControl) Iterator(java.util.Iterator) IdRepoException(com.sun.identity.idm.IdRepoException)

Example 37 with IdSearchControl

use of com.sun.identity.idm.IdSearchControl in project OpenAM by OpenRock.

the class PWResetUserValidationModelImpl method isUserExists.

/**
     * Returns <code>true</code> if the user exists. If more than one users is
     * found then it will return false and view bean will display an error
     * message.
     *
     * @param userAttrValue User attribute value to search for.
     * @param userAttrName User attribute name to search for.
     * @param realm Base realm
     * @return <code>true</code> if user exists.
     */
public boolean isUserExists(String userAttrValue, String userAttrName, String realm) {
    boolean found = false;
    try {
        AMIdentityRepository amir = new AMIdentityRepository(ssoToken, realm);
        Map searchMap = new HashMap(2);
        Set searchSet = new HashSet(2);
        searchSet.add(userAttrValue);
        searchMap.put(userAttrName, searchSet);
        IdSearchControl isCtl = new IdSearchControl();
        isCtl.setSearchModifiers(IdSearchOpModifier.AND, searchMap);
        IdSearchResults isr = amir.searchIdentities(IdType.USER, "*", isCtl);
        Set results = isr.getSearchResults();
        if ((results != null) && !results.isEmpty()) {
            if (results.size() > 1) {
                errorMsg = getLocalizedString("multipleUsersExists.message");
            } else {
                AMIdentity amid = (AMIdentity) results.iterator().next();
                userRealm = amid.getRealm();
                userId = amid.getUniversalId();
                found = true;
            }
        } else {
            errorMsg = getLocalizedString("userNotExists.message");
            writeLog("logUserNotExists.message", userAttrName);
        }
    } catch (SSOException e) {
        debug.error("PWResetUserValidationModelImpl.isUserExists", e);
        errorMsg = getErrorString(e);
    } catch (IdRepoException e) {
        debug.error("PWResetUserValidationModelImpl.isUserExists", e);
        errorMsg = getErrorString(e);
    }
    return found;
}
Also used : HashSet(java.util.HashSet) Set(java.util.Set) HashMap(java.util.HashMap) IdSearchResults(com.sun.identity.idm.IdSearchResults) AMIdentity(com.sun.identity.idm.AMIdentity) AMIdentityRepository(com.sun.identity.idm.AMIdentityRepository) IdSearchControl(com.sun.identity.idm.IdSearchControl) IdRepoException(com.sun.identity.idm.IdRepoException) SSOException(com.iplanet.sso.SSOException) HashMap(java.util.HashMap) Map(java.util.Map) HashSet(java.util.HashSet)

Example 38 with IdSearchControl

use of com.sun.identity.idm.IdSearchControl in project OpenAM by OpenRock.

the class IdRepoSampleCreateId method createAMId.

public void createAMId() {
    /*
         *  just create the identities with this selection.
         *  to "exercise" identities, use the
         *  "search identities" selection to find one to
         *  exercise.
         */
    IdType idtype = sampleUtils.getIdTypeToCreateOrDelete();
    if (idtype == null) {
        return;
    }
    IdType tmpIdtype = idtype;
    if (idtype.equals(IdType.AGENT)) {
        tmpIdtype = IdType.AGENTONLY;
    }
    try {
        /*
             * get and display list of identities of idtype
             * for reference...
             */
        IdSearchResults adRes = idRepo.searchIdentities(tmpIdtype, "*", new IdSearchControl());
        Set adResSet = adRes.getSearchResults();
        if (!adResSet.isEmpty()) {
            System.out.println("    Current list of " + idtype.getName() + "s:");
            for (Iterator it = adResSet.iterator(); it.hasNext(); ) {
                System.out.println("\t" + ((AMIdentity) it.next()).getName());
            }
        } else {
            System.out.println("    No " + idtype.getName() + "s found.");
        }
        String idName = sampleUtils.getLine("Enter idName to create: ");
        Map attrs = new HashMap();
        Set vals = new HashSet();
        AMIdentity tmpId = null;
        if (idtype.equals(IdType.AGENT)) {
            String tmpS = sampleUtils.getLine(idName + "'s password: ");
            vals = new HashSet();
            vals.add(tmpS);
            attrs.put("userpassword", vals);
            tmpId = idRepo.createIdentity(IdType.AGENTONLY, idName, attrs);
            idtype = IdType.AGENTONLY;
        } else if (idtype.equals(IdType.AGENTONLY) || idtype.equals(IdType.AGENTGROUP)) {
            String tmpS = sampleUtils.getLine(idName + "'s agentType: ");
            vals.add(tmpS);
            attrs.put(AGENT_TYPE_ATTR, vals);
            tmpS = sampleUtils.getLine(idName + "'s password: ");
            vals = new HashSet();
            vals.add(tmpS);
            attrs.put("userpassword", vals);
            tmpId = idRepo.createIdentity(idtype, idName, attrs);
        } else if (idtype.equals(IdType.USER)) {
            String tmpS = sampleUtils.getLine(idName + "'s password: ");
            vals.add(tmpS);
            attrs.put("userpassword", vals);
            vals = new HashSet();
            tmpS = sampleUtils.getLine(idName + "'s last name: ");
            vals.add(tmpS);
            attrs.put("sn", vals);
            vals = new HashSet();
            vals.add(idName + " " + tmpS);
            attrs.put("cn", vals);
            vals = new HashSet();
            vals.add(idName);
            // "full name"
            attrs.put("givenname", vals);
            tmpId = idRepo.createIdentity(IdType.USER, idName, attrs);
        } else if (idtype.equals(IdType.REALM)) {
            String tmpS = sampleUtils.getLine(idName + " active/inactive [a,i]: ");
            String actVal = "Active";
            if (tmpS.startsWith("i")) {
                actVal = "Inactive";
            }
            vals.add(actVal);
            attrs.put("sunOrganizationStatus", vals);
            tmpId = idRepo.createIdentity(IdType.REALM, idName, attrs);
        }
        //  identity should exist, since it was just created
        if (tmpId != null) {
            System.out.println("    Created " + idtype.getName() + " identity '" + idName + "' isExists = " + tmpId.isExists());
            //  now show list of the identities of type created
            adRes = idRepo.searchIdentities(idtype, "*", new IdSearchControl());
            adResSet = adRes.getSearchResults();
            if (!adResSet.isEmpty()) {
                System.out.println("    Current list of " + idtype.getName() + "s:");
                for (Iterator it = adResSet.iterator(); it.hasNext(); ) {
                    System.out.println("\t" + ((AMIdentity) it.next()).getName());
                }
            } else {
                System.out.println("    Odd, no " + idtype.getName() + "s found.");
            }
            IdSearchControl WSCcontrol = new IdSearchControl();
            String providerName = idName;
            WSCcontrol.setAllReturnAttributes(true);
            IdSearchResults WSCresults = idRepo.searchIdentities(IdType.AGENTONLY, providerName, WSCcontrol);
            Set agents = WSCresults.getSearchResults();
            System.out.println("WSC Agents before removeMember: " + agents);
            if (idtype.equals(IdType.AGENTONLY) || idtype.equals(IdType.AGENTGROUP)) {
                String POLLINT = "com.sun.am.policy.am.polling.interval";
                //  now get the attributes of the identities of type created
                Map attrMap = null;
                String name = null;
                String type = null;
                name = tmpId.getName();
                attrMap = tmpId.getAttributes();
                if (!attrMap.isEmpty()) {
                    Set keySet = attrMap.keySet();
                    for (Iterator it = keySet.iterator(); it.hasNext(); ) {
                        String key = (String) it.next();
                        if (key.equalsIgnoreCase(POLLINT)) {
                            System.out.println("Value before " + "removeAttribute: " + POLLINT + "=" + attrMap.get(POLLINT));
                            Set attrNameSet = null;
                            attrNameSet = new HashSet();
                            attrNameSet.add(key);
                            System.out.println("Attribute to remove :" + key);
                            tmpId.removeAttributes(attrNameSet);
                        }
                        if (key.equalsIgnoreCase("userpassword")) {
                            System.out.println("Value check for pwd " + "userpassword =" + attrMap.get("userpassword"));
                        }
                    }
                } else {
                    System.out.println(name + " has no attributes.");
                }
                // get/check after remove
                attrMap = tmpId.getAttributes();
                if (!attrMap.isEmpty()) {
                    System.out.println("Has key after removeAttribute : " + POLLINT + " : true/false :" + attrMap.keySet().contains(POLLINT));
                    if (attrMap.keySet().contains(POLLINT)) {
                        System.out.println("Value after removeAttribute : " + POLLINT + "=" + attrMap.get(POLLINT));
                    }
                }
                vals = new HashSet();
                vals.add("WebAgent");
                attrs.put(AGENT_TYPE_ATTR, vals);
                AMIdentity agroupIdentity = null;
                if (!((tmpId.getType()).equals(IdType.AGENTGROUP))) {
                    System.out.println("\nChecking membership operations");
                    IdSearchResults res = idRepo.searchIdentities(IdType.AGENTGROUP, "myagrp", new IdSearchControl());
                    Set resSet = res.getSearchResults();
                    if (!resSet.isEmpty()) {
                        Iterator iter = resSet.iterator();
                        if (iter.hasNext()) {
                            agroupIdentity = (AMIdentity) iter.next();
                        }
                    } else {
                        agroupIdentity = idRepo.createIdentity(IdType.AGENTGROUP, "myagrp", attrs);
                    }
                    // Test for getMembers()
                    System.out.println("Obtained agent group =" + agroupIdentity.getName());
                    System.out.println("\nAdding member to agent group: " + tmpId.getName());
                    agroupIdentity.addMember(tmpId);
                    System.out.println("\nGetting member from agent " + "group: " + agroupIdentity.getMembers(IdType.AGENTONLY));
                    // Test for getMemberships()
                    Set agentgroupsOfAgent = tmpId.getMemberships(IdType.AGENTGROUP);
                    System.out.println("Agent's agentGroup memberships = ");
                    Iterator agiter = agentgroupsOfAgent.iterator();
                    while (agiter.hasNext()) {
                        AMIdentity id = (AMIdentity) agiter.next();
                        System.out.println("AgentGroup of agent = " + id.getName());
                        System.out.println("AgentGroup of agent " + "isExists: " + id.isExists());
                    }
                    System.out.println("\nRemoving member from agent " + "group: " + tmpId.getName());
                    agroupIdentity.removeMember(tmpId);
                    System.out.println("\nAfter removeMember : Getting " + "member from agent group: " + agroupIdentity.getMembers(IdType.AGENTONLY));
                }
            }
            IdSearchControl WSCcnt = new IdSearchControl();
            WSCcnt.setAllReturnAttributes(true);
            IdSearchResults WSCres = idRepo.searchIdentities(IdType.AGENTONLY, providerName, WSCcnt);
            Set wscagents = WSCres.getSearchResults();
            System.out.println("WSC Agents after removeMember: " + wscagents);
            // Test for avpairs filter while searching..
            IdSearchControl avcontrol = new IdSearchControl();
            avcontrol.setAllReturnAttributes(true);
            avcontrol.setTimeOut(0);
            Map kvPairMap = new HashMap();
            Set avset = new HashSet();
            avset.add("WSCAgent");
            kvPairMap.put(AGENT_TYPE_ATTR, avset);
            avcontrol.setSearchModifiers(IdSearchOpModifier.OR, kvPairMap);
            IdSearchResults avresults = idRepo.searchIdentities(IdType.AGENTONLY, "*", avcontrol);
            Set avagents = avresults.getSearchResults();
            System.out.println("WSC Agents with avpairs as filter: " + avagents);
            // Test : Search for WSPAgent type with its WSP End point 
            // attribute value known. This search should not return 
            // multiple WSP profies instead should return just one that 
            // has given WSP end point attribute value.
            IdSearchControl wspcontrol = new IdSearchControl();
            wspcontrol.setAllReturnAttributes(true);
            wspcontrol.setTimeOut(0);
            Map wspkvPairMap = new HashMap();
            Set wspset = new HashSet();
            wspset.add("WSPAgent");
            wspkvPairMap.put(AGENT_TYPE_ATTR, wspset);
            wspset = new HashSet();
            //String endpoint = "default";
            String endpoint = "testendpoint1";
            wspset.add(endpoint);
            wspkvPairMap.put(WSP_ENDPOINT, wspset);
            wspcontrol.setSearchModifiers(IdSearchOpModifier.OR, wspkvPairMap);
            IdSearchResults wspresults = idRepo.searchIdentities(IdType.AGENTONLY, "*", wspcontrol);
            Set wspagents = wspresults.getSearchResults();
            System.out.println("WSP Agents with avpairs as filter: " + wspagents);
        }
    } catch (IdRepoException ire) {
        System.err.println("idRepoProcessing IdRepoException " + "creating '" + idtype + "': " + ire.getMessage());
    } catch (SSOException ssoe) {
        System.err.println("idRepoProcessing: SSOException " + "creating '" + idtype + "': " + ssoe.getMessage());
    }
    return;
}
Also used : IdSearchResults(com.sun.identity.idm.IdSearchResults) AMIdentity(com.sun.identity.idm.AMIdentity) IdSearchControl(com.sun.identity.idm.IdSearchControl) IdRepoException(com.sun.identity.idm.IdRepoException) SSOException(com.iplanet.sso.SSOException) IdType(com.sun.identity.idm.IdType)

Example 39 with IdSearchControl

use of com.sun.identity.idm.IdSearchControl in project OpenAM by OpenRock.

the class IdRepoSampleDeleteId method deleteAMId.

public void deleteAMId() {
    IdType idtype = sampleUtils.getIdTypeToCreateOrDelete();
    if (idtype == null) {
        return;
    }
    if (idtype.equals(IdType.AGENT)) {
        System.out.println("Use IdType 'agentonly' for deletion of " + "agents.\nOnly operation supported for IdType 'agent' is " + "READ");
        return;
    }
    try {
        /*
             *  get and display list of identities of idtype
             *  for reference...
             */
        IdSearchResults adRes = idRepo.searchIdentities(idtype, "*", new IdSearchControl());
        Set adResSet = adRes.getSearchResults();
        System.out.println("Found " + adResSet.size() + " entries of type " + idtype.getName() + ".");
        AMIdentity amid = null;
        if (adResSet.size() > 0) {
            int i;
            String ans = null;
            Object[] ids = adResSet.toArray();
            System.out.println("AMIdentities:");
            for (i = 0; i < ids.length; i++) {
                amid = (AMIdentity) ids[i];
                System.out.println("\t" + i + ": " + amid.getName());
            }
            System.out.println("\t" + i + ": No selection");
            ans = sampleUtils.getLine("Select id: [0.." + ids.length + "]: ");
            i = sampleUtils.getIntValue(ans);
            if (i == ids.length) {
                // no selection
                return;
            } else if ((i < 0) || (i > ids.length)) {
                System.err.println(ans + " is an invalid selection.");
                return;
            }
            amid = (AMIdentity) ids[i];
            boolean doAnyway = false;
            String tmpS = amid.getName().toLowerCase();
            if (amid.getType().equals(IdType.USER)) {
                if (tmpS.equals("dsameuser") || tmpS.equals("amadmin") || tmpS.equals("amservice-urlaccessagent") || tmpS.equals("anonymous")) {
                    System.out.println("VERY BAD idea deleting user " + amid.getName());
                } else {
                    doAnyway = true;
                }
            } else if (amid.getType().equals(IdType.REALM)) {
                // need to select from returned set
                // but not "/"!
                doAnyway = true;
            } else {
                //  no (default) AGENTs to worry about.
                doAnyway = true;
            }
            if (doAnyway) {
                Set tmpSet = new HashSet();
                tmpSet.add(amid);
                idRepo.deleteIdentities(tmpSet);
            } else {
                System.out.println("Not deleting " + amid.getName());
            }
        } else {
            System.out.println("No identities of type " + idtype.getName() + " found.");
        }
        /*
             *  now show the (updated) list of the
             *  identities of type idtype
             */
        adRes = idRepo.searchIdentities(idtype, "*", new IdSearchControl());
        adResSet = adRes.getSearchResults();
        System.out.print("    Current list of " + idtype.getName() + "s");
        if (!adResSet.isEmpty()) {
            System.out.println(":");
            for (Iterator it = adResSet.iterator(); it.hasNext(); ) {
                System.out.println("\t" + ((AMIdentity) it.next()).getName());
            }
        } else {
            System.out.println(" is empty");
        }
    } catch (IdRepoException ire) {
        System.err.println("idRepoProcessing: IdRepoException" + " Deleting Identity: " + ire.getMessage());
    } catch (SSOException ssoe) {
        System.err.println("idRepoProcessing: SSOException" + " Deleting Identity: " + ssoe.getMessage());
    }
    return;
}
Also used : IdSearchResults(com.sun.identity.idm.IdSearchResults) IdRepoException(com.sun.identity.idm.IdRepoException) SSOException(com.iplanet.sso.SSOException) IdType(com.sun.identity.idm.IdType) AMIdentity(com.sun.identity.idm.AMIdentity) IdSearchControl(com.sun.identity.idm.IdSearchControl)

Example 40 with IdSearchControl

use of com.sun.identity.idm.IdSearchControl in project OpenAM by OpenRock.

the class IdRepoSampleSearchIds method searchAMIds.

public void searchAMIds() {
    IdType idtype = sampleUtils.getIdType(idRepo);
    if (idtype == null) {
        return;
    }
    IdSearchControl isc = new IdSearchControl();
    isc.setAllReturnAttributes(true);
    //  recursive setting is done via the data store config
    String pattern = sampleUtils.getLine("    Enter search pattern", "*");
    try {
        IdSearchResults adRes = idRepo.searchIdentities(idtype, pattern, isc);
        Set adResSet = adRes.getSearchResults();
        processType(idtype, adResSet);
    } catch (IdRepoException ire) {
        System.err.println("idRepoProcessing: IdRepoException" + " Searching Identities for '" + idtype + "' and pattern '" + pattern + "': " + ire.getMessage());
    } catch (SSOException ssoe) {
        System.err.println("idRepoProcessing: SSOException" + " Searching Identities for '" + idtype + "' and pattern '" + pattern + "': " + ssoe.getMessage());
    }
    return;
}
Also used : IdSearchResults(com.sun.identity.idm.IdSearchResults) IdSearchControl(com.sun.identity.idm.IdSearchControl) IdRepoException(com.sun.identity.idm.IdRepoException) SSOException(com.iplanet.sso.SSOException) IdType(com.sun.identity.idm.IdType)

Aggregations

IdSearchControl (com.sun.identity.idm.IdSearchControl)48 IdSearchResults (com.sun.identity.idm.IdSearchResults)43 IdRepoException (com.sun.identity.idm.IdRepoException)41 SSOException (com.iplanet.sso.SSOException)36 AMIdentityRepository (com.sun.identity.idm.AMIdentityRepository)36 AMIdentity (com.sun.identity.idm.AMIdentity)35 Set (java.util.Set)25 HashSet (java.util.HashSet)20 SSOToken (com.iplanet.sso.SSOToken)15 Iterator (java.util.Iterator)14 IdType (com.sun.identity.idm.IdType)9 HashMap (java.util.HashMap)8 Map (java.util.Map)6 AMConsoleException (com.sun.identity.console.base.model.AMConsoleException)4 UnauthorizedClientException (org.forgerock.oauth2.core.exceptions.UnauthorizedClientException)4 CLIException (com.sun.identity.cli.CLIException)3 IOutput (com.sun.identity.cli.IOutput)3 AuthLoginException (com.sun.identity.authentication.spi.AuthLoginException)2 DelegationException (com.sun.identity.delegation.DelegationException)2 TreeSet (java.util.TreeSet)2