Examples with IdSearchOpModifier com.sun.identity.idm.IdSearchOpModifier used on opensource projects

Example 1 with IdSearchOpModifier

use of com.sun.identity.idm.IdSearchOpModifier in project OpenAM by OpenRock.

the class IdServicesImpl method search.

@Override
public IdSearchResults search(SSOToken token, IdType type, IdSearchControl ctrl, String amOrgName, CrestQuery crestQuery) throws IdRepoException, SSOException {
    IdRepoException origEx = null;
    // Check permission first. If allowed then proceed, else the
    // checkPermission method throws an "402" exception.
    // In the case of web services security (wss), a search is performed
    // with the identity of shared agent and  a filter.
    // Since shared agents do not have search permissions, might have to
    // use admintoken and check permissions on matched objects.
    boolean checkPermissionOnObjects = false;
    SSOToken userToken = token;
    try {
        checkPermission(token, amOrgName, null, null, IdOperation.READ, type);
    } catch (IdRepoException ire) {
        // If permission denied and control has search filters
        // perform the search and check permissions on the matched objects
        Map filter = ctrl.getSearchModifierMap();
        if ((!ire.getErrorCode().equals(IdRepoErrorCode.ACCESS_DENIED)) || (filter == null) || (filter.isEmpty())) {
            throw (ire);
        }
        // Check permissions after obtaining the matched objects
        checkPermissionOnObjects = true;
        token = (SSOToken) AccessController.doPrivileged(AdminTokenAction.getInstance());
    }
    // First get the list of plugins that support the create operation.
    Set configuredPluginClasses = idrepoCache.getIdRepoPlugins(amOrgName, IdOperation.READ, type);
    if ((configuredPluginClasses == null) || configuredPluginClasses.isEmpty()) {
        throw new IdRepoException(IdRepoBundle.BUNDLE_NAME, IdRepoErrorCode.NO_PLUGINS_CONFIGURED, null);
    }
    Iterator it = configuredPluginClasses.iterator();
    int noOfSuccess = configuredPluginClasses.size();
    IdRepo idRepo;
    Object[][] amsdkResults = new Object[1][2];
    boolean amsdkIncluded = false;
    Object[][] arrayOfResult = new Object[noOfSuccess][2];
    int iterNo = 0;
    int maxTime = ctrl.getTimeOut();
    int maxResults = ctrl.getMaxResults();
    Set returnAttrs = ctrl.getReturnAttributes();
    boolean returnAllAttrs = ctrl.isGetAllReturnAttributesEnabled();
    IdSearchOpModifier modifier = ctrl.getSearchModifier();
    int filterOp = IdRepo.NO_MOD;
    if (modifier.equals(IdSearchOpModifier.AND)) {
        filterOp = IdRepo.AND_MOD;
    } else if (modifier.equals(IdSearchOpModifier.OR)) {
        filterOp = IdRepo.OR_MOD;
    }
    Map avPairs = ctrl.getSearchModifierMap();
    boolean recursive = ctrl.isRecursive();
    while (it.hasNext()) {
        idRepo = (IdRepo) it.next();
        try {
            Map cMap = idRepo.getConfiguration();
            RepoSearchResults results;
            results = idRepo.search(token, type, crestQuery, maxTime, maxResults, returnAttrs, returnAllAttrs, filterOp, avPairs, recursive);
            if (idRepo.getClass().getName().equals(IdConstants.AMSDK_PLUGIN)) {
                amsdkResults[0][0] = results;
                amsdkResults[0][1] = cMap;
                amsdkIncluded = true;
            } else {
                arrayOfResult[iterNo][0] = results;
                arrayOfResult[iterNo][1] = cMap;
                iterNo++;
            }
        } catch (IdRepoUnsupportedOpException ide) {
            if (idRepo != null && DEBUG.warningEnabled()) {
                DEBUG.warning("IdServicesImpl.search: " + "Unable to search in the following repository " + idRepo.getClass().getName() + " :: " + ide.getMessage());
            }
            noOfSuccess--;
            origEx = (origEx == null) ? ide : origEx;
        } catch (IdRepoFatalException idf) {
            // fatal ..throw it all the way up
            DEBUG.error("IdServicesImpl.search: Fatal Exception ", idf);
            throw idf;
        } catch (IdRepoException ide) {
            if (idRepo != null && DEBUG.warningEnabled()) {
                DEBUG.warning("IdServicesImpl.search: " + "Unable to search identity in the following" + " repository " + idRepo.getClass().getName() + " :: " + ide.getMessage());
            }
            noOfSuccess--;
            origEx = (origEx == null) ? ide : origEx;
        }
    }
    if (noOfSuccess == 0) {
        if (DEBUG.warningEnabled()) {
            DEBUG.warning("IdServicesImpl.search: " + "Unable to search for identity " + type.getName() + ":: using " + crestQuery + " in any configured data store", origEx);
        }
        throw origEx;
    }
    IdSearchResults res = combineSearchResults(token, arrayOfResult, iterNo, type, amOrgName, amsdkIncluded, amsdkResults);
    if (checkPermissionOnObjects) {
        IdSearchResults newRes = new IdSearchResults(type, amOrgName);
        Map idWithAttrs = res.getResultAttributes();
        for (Iterator items = idWithAttrs.keySet().iterator(); items.hasNext(); ) {
            AMIdentity id = (AMIdentity) items.next();
            try {
                checkPermission(userToken, amOrgName, id.getName(), returnAttrs, IdOperation.READ, type);
                // Permission checked, add to newRes
                newRes.addResult(id, (Map) idWithAttrs.get(id));
            } catch (Exception e) {
            // Ignore & continue
            }
        }
        res = newRes;
    }
    return res;
}

Example 2 with IdSearchOpModifier

use of com.sun.identity.idm.IdSearchOpModifier in project OpenAM by OpenRock.

the class IdRepoJAXRPCObjectImpl method search2_idrepo.

public Map search2_idrepo(String token, String type, String pattern, int maxTime, int maxResults, Set returnAttrs, boolean returnAllAttrs, int filterOp, Map avPairs, boolean recursive, String amOrgName) throws RemoteException, IdRepoException, SSOException {
    SSOToken ssoToken = getSSOToken(token);
    IdType idtype = IdUtils.getType(type);
    IdSearchControl ctrl = new IdSearchControl();
    ctrl.setAllReturnAttributes(returnAllAttrs);
    ctrl.setMaxResults(maxResults);
    ctrl.setReturnAttributes(returnAttrs);
    ctrl.setTimeOut(maxTime);
    IdSearchOpModifier modifier = (filterOp == IdRepo.OR_MOD) ? IdSearchOpModifier.OR : IdSearchOpModifier.AND;
    ctrl.setSearchModifiers(modifier, avPairs);
    CrestQuery crestQuery = new CrestQuery(pattern);
    return IdSearchResultsToMap(idServices.search(ssoToken, idtype, ctrl, amOrgName, crestQuery));
}

Example 3 with IdSearchOpModifier

use of com.sun.identity.idm.IdSearchOpModifier in project OpenAM by OpenRock.

the class IdRemoteServicesImpl method search.

@Override
public IdSearchResults search(SSOToken token, IdType type, IdSearchControl ctrl, String amOrgName, CrestQuery crestQuery) throws IdRepoException, SSOException {
    IdSearchOpModifier modifier = ctrl.getSearchModifier();
    Map avMap = ctrl.getSearchModifierMap();
    int filterOp;
    if (modifier.equals(IdSearchOpModifier.AND)) {
        filterOp = IdRepo.AND_MOD;
    } else {
        filterOp = IdRepo.OR_MOD;
    }
    Map idResults = null;
    try {
        String pattern = crestQuery.getQueryId();
        Object[] objects = { getTokenString(token), type.getName(), pattern, ctrl.getTimeOut(), ctrl.getMaxResults(), ctrl.getReturnAttributes(), ctrl.isGetAllReturnAttributesEnabled(), filterOp, avMap, ctrl.isRecursive(), amOrgName };
        idResults = ((Map) client.send(client.encodeMessage("search2_idrepo", objects), sessionCookies.getLBCookie(token.getTokenID().toString()), null));
    } catch (Exception ex) {
        processException(ex);
    }
    return mapToIdSearchResults(token, type, amOrgName, idResults);
}