Examples with IdSearchControl com.sun.identity.idm.IdSearchControl used on opensource projects

Search in sources :

Example 41 with IdSearchControl

use of com.sun.identity.idm.IdSearchControl in project OpenAM by OpenRock.

the class DelegationPrivilegeIdRepoAccessTest method testIdRepoAccess.

private void testIdRepoAccess(SSOToken token) throws Exception {
    try {
        AMIdentityRepository idrepo = new AMIdentityRepository(token, "/");
        IdSearchResults result = idrepo.searchIdentities(IdType.USER, "*", new IdSearchControl());
        result.getSearchResults();
    } catch (IdRepoException e) {
    // permission denied
    }
    // ok to search current realm
    AMIdentityRepository idrepo = new AMIdentityRepository(token, SUB_REALM);
    IdSearchResults result = idrepo.searchIdentities(IdType.USER, "*", new IdSearchControl());
    result.getSearchResults();
    // ok to search sub realm
    idrepo = new AMIdentityRepository(token, SUB_REALM + "/" + SUB_SUB_REALM);
    result = idrepo.searchIdentities(IdType.USER, "*", new IdSearchControl());
    result.getSearchResults();
}
Also used : IdSearchResults(com.sun.identity.idm.IdSearchResults) AMIdentityRepository(com.sun.identity.idm.AMIdentityRepository) IdSearchControl(com.sun.identity.idm.IdSearchControl) IdRepoException(com.sun.identity.idm.IdRepoException)

Example 42 with IdSearchControl

use of com.sun.identity.idm.IdSearchControl in project OpenAM by OpenRock.

the class ClientResourceManager method getIdentity.

private AMIdentity getIdentity(String uName, String realm) throws InternalServerErrorException {
    AMIdentity theID = null;
    AMIdentityRepository amIdRepo = null;
    amIdRepo = new AMIdentityRepository(realm, getAdminToken());
    IdSearchControl idsc = new IdSearchControl();
    idsc.setRecursive(true);
    idsc.setAllReturnAttributes(true);
    // search for the identity
    Set<AMIdentity> results = Collections.EMPTY_SET;
    try {
        idsc.setMaxResults(0);
        IdSearchResults searchResults = amIdRepo.searchIdentities(IdType.AGENTONLY, uName, idsc);
        if (searchResults != null) {
            results = searchResults.getSearchResults();
        }
        if (results == null || results.size() != 1) {
            throw new InternalServerErrorException("Too many results or not enough");
        }
        theID = results.iterator().next();
    } catch (IdRepoException e) {
        throw new InternalServerErrorException("Unable to get search results", e);
    } catch (SSOException e) {
        throw new InternalServerErrorException("Unable to get search results", e);
    }
    return theID;
}
Also used : IdSearchResults(com.sun.identity.idm.IdSearchResults) AMIdentity(com.sun.identity.idm.AMIdentity) AMIdentityRepository(com.sun.identity.idm.AMIdentityRepository) IdSearchControl(com.sun.identity.idm.IdSearchControl) IdRepoException(com.sun.identity.idm.IdRepoException) InternalServerErrorException(org.forgerock.json.resource.InternalServerErrorException) SSOException(com.iplanet.sso.SSOException)

Example 43 with IdSearchControl

use of com.sun.identity.idm.IdSearchControl in project OpenAM by OpenRock.

the class OpenAMClientDAO method delete.

/**
     * {@inheritDoc}
     */
public void delete(String clientId, OAuth2Request request) throws UnauthorizedClientException {
    try {
        //get the AMIdentity
        final SSOToken token = AccessController.doPrivileged(AdminTokenAction.getInstance());
        final String realm = request.getParameter(OAuth2Constants.Custom.REALM);
        AMIdentityRepository repo = idRepoFactory.create(realm, token);
        AMIdentity theID = null;
        IdSearchControl idsc = new IdSearchControl();
        idsc.setRecursive(true);
        idsc.setAllReturnAttributes(true);
        // search for the identity
        Set<AMIdentity> results;
        idsc.setMaxResults(0);
        IdSearchResults searchResults = repo.searchIdentities(IdType.AGENTONLY, clientId, idsc);
        results = searchResults.getSearchResults();
        if (results == null || results.size() != 1) {
            logger.error("OpenAMClientDAO.delete(): No client profile or more than one profile found.");
            throw new UnauthorizedClientException("Not able to get client from OpenAM");
        }
        theID = results.iterator().next();
        //if the client is deactivated return null
        if (!theID.isActive()) {
            theID = null;
        }
        //delete the AMIdentity
        Set<AMIdentity> identities = new HashSet<AMIdentity>();
        identities.add(theID);
        repo.deleteIdentities(identities);
    } catch (SSOException e) {
        logger.error("OpenAMClientDAO.delete(): Unable to delete client", e);
        throw new UnauthorizedClientException();
    } catch (IdRepoException e) {
        logger.error("OpenAMClientDAO.delete(): Unable to delete client", e);
        throw new UnauthorizedClientException();
    }
}
Also used : SSOToken(com.iplanet.sso.SSOToken) IdSearchResults(com.sun.identity.idm.IdSearchResults) AMIdentity(com.sun.identity.idm.AMIdentity) UnauthorizedClientException(org.forgerock.oauth2.core.exceptions.UnauthorizedClientException) AMIdentityRepository(com.sun.identity.idm.AMIdentityRepository) IdSearchControl(com.sun.identity.idm.IdSearchControl) IdRepoException(com.sun.identity.idm.IdRepoException) SSOException(com.iplanet.sso.SSOException) HashSet(java.util.HashSet)

Example 44 with IdSearchControl

use of com.sun.identity.idm.IdSearchControl in project OpenAM by OpenRock.

the class OpenAMClientRegistrationStore method getIdentity.

@SuppressWarnings("unchecked")
private AMIdentity getIdentity(String uName, String realm, OAuth2Request request) throws InvalidClientException {
    final SSOToken token = AccessController.doPrivileged(AdminTokenAction.getInstance());
    final AMIdentity theID;
    try {
        final AMIdentityRepository amIdRepo = new AMIdentityRepository(token, realm);
        final IdSearchControl idsc = new IdSearchControl();
        idsc.setRecursive(true);
        idsc.setAllReturnAttributes(true);
        // search for the identity
        Set<AMIdentity> results = Collections.emptySet();
        idsc.setMaxResults(0);
        IdSearchResults searchResults = amIdRepo.searchIdentities(IdType.AGENT, uName, idsc);
        if (searchResults != null) {
            results = searchResults.getSearchResults();
        }
        if (results == null || results.size() != 1) {
            throw failureFactory.getException(request, "Client authentication failed");
        }
        theID = results.iterator().next();
        //if the client is deactivated throw InvalidClientException
        if (theID.isActive()) {
            return theID;
        } else {
            throw failureFactory.getException(request, "Client authentication failed");
        }
    } catch (SSOException e) {
        logger.error("ClientVerifierImpl::Unable to get client AMIdentity: ", e);
        throw failureFactory.getException(request, "Client authentication failed");
    } catch (IdRepoException e) {
        logger.error("ClientVerifierImpl::Unable to get client AMIdentity: ", e);
        throw failureFactory.getException(request, "Client authentication failed");
    }
}
Also used : SSOToken(com.iplanet.sso.SSOToken) IdSearchResults(com.sun.identity.idm.IdSearchResults) AMIdentity(com.sun.identity.idm.AMIdentity) AMIdentityRepository(com.sun.identity.idm.AMIdentityRepository) IdSearchControl(com.sun.identity.idm.IdSearchControl) IdRepoException(com.sun.identity.idm.IdRepoException) SSOException(com.iplanet.sso.SSOException)

Example 45 with IdSearchControl

use of com.sun.identity.idm.IdSearchControl in project OpenAM by OpenRock.

the class IdentityManager method getResourceOwnerIdentity.

/**
     * Gets a resource owner's identity.
     *
     * @param username The resource owner's username.
     * @param realm The resource owner's realm.
     * @return The resource owner's identity.
     * @throws UnauthorizedClientException If the resource owner's identity cannot be found.
     */
public AMIdentity getResourceOwnerIdentity(String username, final String realm) throws UnauthorizedClientException {
    final SSOToken token = AccessController.doPrivileged(AdminTokenAction.getInstance());
    final AMIdentity amIdentity;
    try {
        final AMIdentityRepository amIdRepo = new AMIdentityRepository(token, realm);
        final IdSearchControl idsc = new IdSearchControl();
        idsc.setRecursive(true);
        idsc.setAllReturnAttributes(true);
        // search for the identity
        final Set<AMIdentity> results = new HashSet<AMIdentity>();
        idsc.setMaxResults(0);
        IdSearchResults searchResults = amIdRepo.searchIdentities(IdType.USER, username, idsc);
        if (searchResults != null && !searchResults.getResultAttributes().isEmpty()) {
            results.addAll(searchResults.getSearchResults());
        } else {
            OAuth2ProviderSettings settings = providerSettingsFactory.get(new OAuth2Request() {

                public <T> T getRequest() {
                    throw new UnsupportedOperationException("Realm parameter only OAuth2Request");
                }

                public <T> T getParameter(String name) {
                    if ("realm".equals(name)) {
                        return (T) realm;
                    }
                    throw new UnsupportedOperationException("Realm parameter only OAuth2Request");
                }

                public JsonValue getBody() {
                    throw new UnsupportedOperationException("Realm parameter only OAuth2Request");
                }

                @Override
                public Locale getLocale() {
                    throw new UnsupportedOperationException();
                }
            });
            final Map<String, Set<String>> avPairs = toAvPairMap(settings.getResourceOwnerAuthenticatedAttributes(), username);
            idsc.setSearchModifiers(IdSearchOpModifier.OR, avPairs);
            searchResults = amIdRepo.searchIdentities(IdType.USER, "*", idsc);
            if (searchResults != null) {
                results.addAll(searchResults.getSearchResults());
            }
        }
        if (results.size() != 1) {
            logger.error("No user profile or more than one profile found.");
            throw new UnauthorizedClientException("Not able to get user from OpenAM");
        }
        amIdentity = results.iterator().next();
        //if the client is deactivated return null
        if (amIdentity.isActive()) {
            return amIdentity;
        } else {
            return null;
        }
    } catch (Exception e) {
        logger.error("Unable to get client AMIdentity: ", e);
        throw new UnauthorizedClientException("Not able to get client from OpenAM");
    }
}
Also used : Locale(java.util.Locale) SSOToken(com.iplanet.sso.SSOToken) Set(java.util.Set) HashSet(java.util.HashSet) IdSearchResults(com.sun.identity.idm.IdSearchResults) JsonValue(org.forgerock.json.JsonValue) UnauthorizedClientException(org.forgerock.oauth2.core.exceptions.UnauthorizedClientException) OAuth2Request(org.forgerock.oauth2.core.OAuth2Request) AMIdentity(com.sun.identity.idm.AMIdentity) UnauthorizedClientException(org.forgerock.oauth2.core.exceptions.UnauthorizedClientException) AMIdentityRepository(com.sun.identity.idm.AMIdentityRepository) IdSearchControl(com.sun.identity.idm.IdSearchControl) OAuth2ProviderSettings(org.forgerock.oauth2.core.OAuth2ProviderSettings) HashSet(java.util.HashSet)

Aggregations

IdSearchControl (com.sun.identity.idm.IdSearchControl)48 IdSearchResults (com.sun.identity.idm.IdSearchResults)43 IdRepoException (com.sun.identity.idm.IdRepoException)41 SSOException (com.iplanet.sso.SSOException)36 AMIdentityRepository (com.sun.identity.idm.AMIdentityRepository)36 AMIdentity (com.sun.identity.idm.AMIdentity)35 Set (java.util.Set)25 HashSet (java.util.HashSet)20 SSOToken (com.iplanet.sso.SSOToken)15 Iterator (java.util.Iterator)14 IdType (com.sun.identity.idm.IdType)9 HashMap (java.util.HashMap)8 Map (java.util.Map)6 AMConsoleException (com.sun.identity.console.base.model.AMConsoleException)4 UnauthorizedClientException (org.forgerock.oauth2.core.exceptions.UnauthorizedClientException)4 CLIException (com.sun.identity.cli.CLIException)3 IOutput (com.sun.identity.cli.IOutput)3 AuthLoginException (com.sun.identity.authentication.spi.AuthLoginException)2 DelegationException (com.sun.identity.delegation.DelegationException)2 TreeSet (java.util.TreeSet)2
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial