Search in sources :

Example 1 with AccessDenied

use of com.sun.identity.idsvcs.AccessDenied in project OpenAM by OpenRock.

the class IdentityResourceV1 method readInstance.

/**
     * {@inheritDoc}
     */
@Override
public Promise<ResourceResponse, ResourceException> readInstance(final Context context, final String resourceId, final ReadRequest request) {
    RealmContext realmContext = context.asContext(RealmContext.class);
    final String realm = realmContext.getResolvedRealm();
    IdentityDetails dtls;
    try {
        SSOToken admin = getSSOToken(getCookieFromServerContext(context));
        dtls = identityServices.read(resourceId, getIdentityServicesAttributes(realm), admin);
        String principalName = PrincipalRestUtils.getPrincipalNameFromServerContext(context);
        debug.message("IdentityResource.readInstance :: READ of resourceId={} in realm={} performed by " + "principalName={}", resourceId, realm, principalName);
        return newResultPromise(buildResourceResponse(resourceId, context, dtls));
    } catch (final NeedMoreCredentials needMoreCredentials) {
        debug.error("IdentityResource.readInstance() :: Cannot READ resourceId={} : User does not have enough " + "privileges.", resourceId, needMoreCredentials);
        return new ForbiddenException("User does not have enough privileges.", needMoreCredentials).asPromise();
    } catch (final ObjectNotFound objectNotFound) {
        debug.error("IdentityResource.readInstance() :: Cannot READ resourceId={} : Resource cannot be found.", resourceId, objectNotFound);
        return new NotFoundException("Resource cannot be found.", objectNotFound).asPromise();
    } catch (final TokenExpired tokenExpired) {
        debug.error("IdentityResource.readInstance() :: Cannot READ resourceId={} : Unauthorized", resourceId, tokenExpired);
        return new PermanentException(401, "Unauthorized", null).asPromise();
    } catch (final AccessDenied accessDenied) {
        debug.error("IdentityResource.readInstance() :: Cannot READ resourceId={} : Access denied", resourceId, accessDenied);
        return new ForbiddenException(accessDenied.getMessage(), accessDenied).asPromise();
    } catch (final GeneralFailure generalFailure) {
        debug.error("IdentityResource.readInstance() :: Cannot READ resourceId={}", resourceId, generalFailure);
        return new BadRequestException(generalFailure.getMessage(), generalFailure).asPromise();
    } catch (final Exception e) {
        debug.error("IdentityResource.readInstance() :: Cannot READ resourceId={}", resourceId, e);
        return new NotFoundException(e.getMessage(), e).asPromise();
    }
}
Also used : ForbiddenException(org.forgerock.json.resource.ForbiddenException) IdentityRestUtils.getSSOToken(org.forgerock.openam.core.rest.IdentityRestUtils.getSSOToken) SSOToken(com.iplanet.sso.SSOToken) NeedMoreCredentials(com.sun.identity.idsvcs.NeedMoreCredentials) RealmContext(org.forgerock.openam.rest.RealmContext) NotFoundException(org.forgerock.json.resource.NotFoundException) ServiceNotFoundException(com.sun.identity.sm.ServiceNotFoundException) AccessDenied(com.sun.identity.idsvcs.AccessDenied) InternalServerErrorException(org.forgerock.json.resource.InternalServerErrorException) DeleteFailedException(org.forgerock.openam.cts.exceptions.DeleteFailedException) SSOException(com.iplanet.sso.SSOException) NotFoundException(org.forgerock.json.resource.NotFoundException) NotSupportedException(org.forgerock.json.resource.NotSupportedException) BadRequestException(org.forgerock.json.resource.BadRequestException) MessagingException(javax.mail.MessagingException) ConflictException(org.forgerock.json.resource.ConflictException) PermanentException(org.forgerock.json.resource.PermanentException) ForbiddenException(org.forgerock.json.resource.ForbiddenException) UnsupportedEncodingException(java.io.UnsupportedEncodingException) ServiceNotFoundException(com.sun.identity.sm.ServiceNotFoundException) IdRepoException(com.sun.identity.idm.IdRepoException) SMSException(com.sun.identity.sm.SMSException) ResourceException(org.forgerock.json.resource.ResourceException) CoreTokenException(org.forgerock.openam.cts.exceptions.CoreTokenException) ObjectNotFound(com.sun.identity.idsvcs.ObjectNotFound) PermanentException(org.forgerock.json.resource.PermanentException) GeneralFailure(com.sun.identity.idsvcs.GeneralFailure) IdentityRestUtils.jsonValueToIdentityDetails(org.forgerock.openam.core.rest.IdentityRestUtils.jsonValueToIdentityDetails) IdentityDetails(com.sun.identity.idsvcs.IdentityDetails) BadRequestException(org.forgerock.json.resource.BadRequestException) TokenExpired(com.sun.identity.idsvcs.TokenExpired)

Example 2 with AccessDenied

use of com.sun.identity.idsvcs.AccessDenied in project OpenAM by OpenRock.

the class IdentityResourceV1 method updateInstance.

@Override
public Promise<ResourceResponse, ResourceException> updateInstance(final Context context, final String resourceId, final UpdateRequest request) {
    RealmContext realmContext = context.asContext(RealmContext.class);
    final String realm = realmContext.getResolvedRealm();
    final JsonValue jsonValue = request.getContent();
    final String rev = request.getRevision();
    IdentityDetails dtls, newDtls;
    ResourceResponse resource;
    try {
        SSOToken admin = getSSOToken(getCookieFromServerContext(context));
        // Retrieve details about user to be updated
        dtls = identityServices.read(resourceId, getIdentityServicesAttributes(realm), admin);
        //be removed from the IdentityDetails object.
        if (!isAdmin(context)) {
            for (String attrName : jsonValue.keys()) {
                if ("userpassword".equalsIgnoreCase(attrName)) {
                    String newPassword = jsonValue.get(attrName).asString();
                    if (!StringUtils.isBlank(newPassword)) {
                        String oldPassword = RestUtils.getMimeHeaderValue(context, OLD_PASSWORD);
                        if (StringUtils.isBlank(oldPassword)) {
                            throw new BadRequestException("The old password is missing from the request");
                        }
                        //This is an end-user trying to change the password, so let's change the password by
                        //verifying that the provided old password is correct. We also remove the password from the
                        //list of attributes to prevent the administrative password reset via the update call.
                        jsonValue.remove(attrName);
                        IdentityRestUtils.changePassword(context, realm, resourceId, oldPassword, newPassword);
                    }
                    break;
                }
            }
        }
        newDtls = jsonValueToIdentityDetails(objectType, jsonValue, realm);
        if (newDtls.getName() != null && !resourceId.equalsIgnoreCase(newDtls.getName())) {
            throw new BadRequestException("id in path does not match id in request body");
        }
        newDtls.setName(resourceId);
        // update resource with new details
        identityServices.update(newDtls, admin);
        // read updated identity back to client
        IdentityDetails checkIdent = identityServices.read(dtls.getName(), getIdentityServicesAttributes(realm), admin);
        // handle updated resource
        resource = newResourceResponse(resourceId, "0", identityDetailsToJsonValue(checkIdent));
        return newResultPromise(resource);
    } catch (final ObjectNotFound onf) {
        debug.error("IdentityResource.updateInstance() :: Cannot UPDATE resourceId={} : Could not find the " + "resource", resourceId, onf);
        return new NotFoundException("Could not find the resource [ " + resourceId + " ] to update", onf).asPromise();
    } catch (final NeedMoreCredentials needMoreCredentials) {
        debug.error("IdentityResource.updateInstance() :: Cannot UPDATE resourceId={} : Token is not authorized", resourceId, needMoreCredentials);
        return new ForbiddenException("Token is not authorized", needMoreCredentials).asPromise();
    } catch (final TokenExpired tokenExpired) {
        debug.error("IdentityResource.updateInstance() :: Cannot UPDATE resourceId={} : Unauthorized", resourceId, tokenExpired);
        return new PermanentException(401, "Unauthorized", null).asPromise();
    } catch (final AccessDenied accessDenied) {
        debug.error("IdentityResource.updateInstance() :: Cannot UPDATE resourceId={} : Access denied", resourceId, accessDenied);
        return new ForbiddenException(accessDenied.getMessage(), accessDenied).asPromise();
    } catch (final GeneralFailure generalFailure) {
        debug.error("IdentityResource.updateInstance() :: Cannot UPDATE resourceId={}", resourceId, generalFailure);
        return new BadRequestException(generalFailure.getMessage(), generalFailure).asPromise();
    } catch (NotFoundException e) {
        debug.warning("IdentityResource.updateInstance() :: Cannot UPDATE resourceId={} : Could not find the " + "resource", resourceId, e);
        return new NotFoundException("Could not find the resource [ " + resourceId + " ] to update", e).asPromise();
    } catch (ResourceException re) {
        debug.warning("IdentityResource.updateInstance() :: Cannot UPDATE resourceId={} ", resourceId, re);
        return re.asPromise();
    } catch (SSOException ssoe) {
        debug.error("IdentityResource.updateInstance() :: Cannot UPDATE resourceId={}", resourceId, ssoe);
        return new ForbiddenException(ssoe).asPromise();
    } catch (final Exception e) {
        debug.error("IdentityResource.updateInstance() :: Cannot UPDATE resourceId={}", resourceId, e);
        return new NotFoundException(e).asPromise();
    }
}
Also used : ForbiddenException(org.forgerock.json.resource.ForbiddenException) IdentityRestUtils.getSSOToken(org.forgerock.openam.core.rest.IdentityRestUtils.getSSOToken) SSOToken(com.iplanet.sso.SSOToken) NeedMoreCredentials(com.sun.identity.idsvcs.NeedMoreCredentials) RealmContext(org.forgerock.openam.rest.RealmContext) IdentityRestUtils.identityDetailsToJsonValue(org.forgerock.openam.core.rest.IdentityRestUtils.identityDetailsToJsonValue) JsonValue(org.forgerock.json.JsonValue) NotFoundException(org.forgerock.json.resource.NotFoundException) ServiceNotFoundException(com.sun.identity.sm.ServiceNotFoundException) SSOException(com.iplanet.sso.SSOException) AccessDenied(com.sun.identity.idsvcs.AccessDenied) InternalServerErrorException(org.forgerock.json.resource.InternalServerErrorException) DeleteFailedException(org.forgerock.openam.cts.exceptions.DeleteFailedException) SSOException(com.iplanet.sso.SSOException) NotFoundException(org.forgerock.json.resource.NotFoundException) NotSupportedException(org.forgerock.json.resource.NotSupportedException) BadRequestException(org.forgerock.json.resource.BadRequestException) MessagingException(javax.mail.MessagingException) ConflictException(org.forgerock.json.resource.ConflictException) PermanentException(org.forgerock.json.resource.PermanentException) ForbiddenException(org.forgerock.json.resource.ForbiddenException) UnsupportedEncodingException(java.io.UnsupportedEncodingException) ServiceNotFoundException(com.sun.identity.sm.ServiceNotFoundException) IdRepoException(com.sun.identity.idm.IdRepoException) SMSException(com.sun.identity.sm.SMSException) ResourceException(org.forgerock.json.resource.ResourceException) CoreTokenException(org.forgerock.openam.cts.exceptions.CoreTokenException) ResourceResponse(org.forgerock.json.resource.ResourceResponse) ObjectNotFound(com.sun.identity.idsvcs.ObjectNotFound) PermanentException(org.forgerock.json.resource.PermanentException) GeneralFailure(com.sun.identity.idsvcs.GeneralFailure) IdentityRestUtils.jsonValueToIdentityDetails(org.forgerock.openam.core.rest.IdentityRestUtils.jsonValueToIdentityDetails) IdentityDetails(com.sun.identity.idsvcs.IdentityDetails) BadRequestException(org.forgerock.json.resource.BadRequestException) TokenExpired(com.sun.identity.idsvcs.TokenExpired) ResourceException(org.forgerock.json.resource.ResourceException)

Example 3 with AccessDenied

use of com.sun.identity.idsvcs.AccessDenied in project OpenAM by OpenRock.

the class IdentityResourceV3 method patchInstance.

/**
     * Patch the user's password and only the password.  No other value may be patched.  The old value of the
     * password does not have to be known.  Admin only.  The only patch operation supported is "replace", i.e. not
     * "add" or "move", etc.
     *
     * @param context The context
     * @param resourceId The username we're patching
     * @param request The patch request
     */
@Override
public Promise<ResourceResponse, ResourceException> patchInstance(final Context context, final String resourceId, final PatchRequest request) {
    if (!objectType.equals(IdentityRestUtils.USER_TYPE)) {
        return new BadRequestException("Cannot patch object type " + objectType).asPromise();
    }
    RealmContext realmContext = context.asContext(RealmContext.class);
    final String realm = realmContext.getResolvedRealm();
    try {
        if (!isAdmin(context)) {
            return new ForbiddenException("Only admin can patch user values").asPromise();
        }
        SSOToken ssoToken = getSSOToken(RestUtils.getToken().getTokenID().toString());
        IdentityServicesImpl identityServices = getIdentityServices();
        IdentityDetails identityDetails = identityServices.read(resourceId, getIdentityServicesAttributes(realm, objectType), ssoToken);
        Attribute[] existingAttributes = identityDetails.getAttributes();
        Map<String, Set<String>> existingAttributeMap = attributesToMap(existingAttributes);
        Map<String, Set<String>> newAttributeMap = new HashMap<>();
        if (existingAttributeMap.containsKey(IdentityRestUtils.UNIVERSAL_ID)) {
            Set<String> values = existingAttributeMap.get(IdentityRestUtils.UNIVERSAL_ID);
            if (isNotEmpty(values) && !isUserActive(values.iterator().next())) {
                return new ForbiddenException("User " + resourceId + " is not active: Request is forbidden").asPromise();
            }
        }
        boolean updateNeeded = false;
        for (PatchOperation patchOperation : request.getPatchOperations()) {
            switch(patchOperation.getOperation()) {
                case PatchOperation.OPERATION_REPLACE:
                    {
                        String name = getFieldName(patchOperation.getField());
                        if (!patchableAttributes.contains(name)) {
                            return new BadRequestException("For the object type " + IdentityRestUtils.USER_TYPE + ", field \"" + name + "\" cannot be altered by PATCH").asPromise();
                        }
                        JsonValue value = patchOperation.getValue();
                        newAttributeMap.put(name, identityAttributeJsonToSet(value));
                        updateNeeded = true;
                        break;
                    }
                default:
                    return new BadRequestException("PATCH of " + IdentityRestUtils.USER_TYPE + " does not support operation " + patchOperation.getOperation()).asPromise();
            }
        }
        if (updateNeeded) {
            identityDetails.setAttributes(mapToAttributes(newAttributeMap));
            identityServices.update(identityDetails, ssoToken);
            // re-read the altered identity details from the repo.
            identityDetails = identityServices.read(resourceId, getIdentityServicesAttributes(realm, objectType), ssoToken);
        }
        return newResultPromise(newResourceResponse("result", "1", identityDetailsToJsonValue(identityDetails)));
    } catch (final ObjectNotFound notFound) {
        logger.error("IdentityResourceV3.patchInstance cannot find resource " + resourceId, notFound);
        return new NotFoundException("Resource cannot be found.", notFound).asPromise();
    } catch (final TokenExpired tokenExpired) {
        logger.error("IdentityResourceV3.patchInstance, token expired", tokenExpired);
        return new PermanentException(401, "Unauthorized", null).asPromise();
    } catch (final AccessDenied accessDenied) {
        logger.error("IdentityResourceV3.patchInstance, access denied", accessDenied);
        return new ForbiddenException(accessDenied.getMessage(), accessDenied).asPromise();
    } catch (final GeneralFailure generalFailure) {
        logger.error("IdentityResourceV3.patchInstance, general failure " + generalFailure.getMessage());
        return new BadRequestException(generalFailure.getMessage(), generalFailure).asPromise();
    } catch (ForbiddenException fex) {
        logger.warning("IdentityResourceV3.patchInstance, insufficient privileges.", fex);
        return fex.asPromise();
    } catch (NotFoundException notFound) {
        logger.warning("IdentityResourceV3.patchInstance " + resourceId + " not found", notFound);
        return new NotFoundException("Resource " + resourceId + " cannot be found.", notFound).asPromise();
    } catch (ResourceException resourceException) {
        logger.warning("IdentityResourceV3.patchInstance caught ResourceException", resourceException);
        return resourceException.asPromise();
    } catch (Exception exception) {
        logger.error("IdentityResourceV3.patchInstance caught exception", exception);
        return new InternalServerErrorException(exception.getMessage(), exception).asPromise();
    }
}
Also used : SSOToken(com.iplanet.sso.SSOToken) Set(java.util.Set) HashSet(java.util.HashSet) Attribute(com.sun.identity.idsvcs.Attribute) HashMap(java.util.HashMap) NotFoundException(org.forgerock.json.resource.NotFoundException) IdentityServicesImpl(com.sun.identity.idsvcs.opensso.IdentityServicesImpl) ObjectNotFound(com.sun.identity.idsvcs.ObjectNotFound) PermanentException(org.forgerock.json.resource.PermanentException) PatchOperation(org.forgerock.json.resource.PatchOperation) TokenExpired(com.sun.identity.idsvcs.TokenExpired) ResourceException(org.forgerock.json.resource.ResourceException) ForbiddenException(org.forgerock.json.resource.ForbiddenException) RealmContext(org.forgerock.openam.rest.RealmContext) JsonValue(org.forgerock.json.JsonValue) AccessDenied(com.sun.identity.idsvcs.AccessDenied) PermanentException(org.forgerock.json.resource.PermanentException) InternalServerErrorException(org.forgerock.json.resource.InternalServerErrorException) ForbiddenException(org.forgerock.json.resource.ForbiddenException) NotFoundException(org.forgerock.json.resource.NotFoundException) BadRequestException(org.forgerock.json.resource.BadRequestException) ResourceException(org.forgerock.json.resource.ResourceException) GeneralFailure(com.sun.identity.idsvcs.GeneralFailure) BadRequestException(org.forgerock.json.resource.BadRequestException) IdentityDetails(com.sun.identity.idsvcs.IdentityDetails) InternalServerErrorException(org.forgerock.json.resource.InternalServerErrorException)

Example 4 with AccessDenied

use of com.sun.identity.idsvcs.AccessDenied in project OpenAM by OpenRock.

the class IdentityServicesImpl method read.

public IdentityDetails read(String name, Map<String, Set<String>> attributes, SSOToken admin) throws IdServicesException {
    IdentityDetails rv = null;
    String realm = null;
    String repoRealm;
    String identityType = null;
    List<String> attrsToGet = null;
    if (attributes != null) {
        for (Attribute attr : asAttributeArray(attributes)) {
            String attrName = attr.getName();
            if ("realm".equalsIgnoreCase(attrName)) {
                String[] values = attr.getValues();
                if (values != null && values.length > 0) {
                    realm = values[0];
                }
            } else if ("objecttype".equalsIgnoreCase(attrName)) {
                String[] values = attr.getValues();
                if (values != null && values.length > 0) {
                    identityType = values[0];
                }
            } else {
                if (attrsToGet == null) {
                    attrsToGet = new ArrayList<>();
                }
                attrsToGet.add(attrName);
            }
        }
    }
    if (StringUtils.isEmpty(realm)) {
        repoRealm = "/";
    } else {
        repoRealm = realm;
    }
    if (StringUtils.isEmpty(identityType)) {
        identityType = "User";
    }
    try {
        AMIdentity amIdentity = getAMIdentity(admin, identityType, name, repoRealm);
        if (amIdentity == null) {
            debug.error("IdentityServicesImpl:read identity not found");
            throw new ObjectNotFound(name);
        }
        if (isSpecialUser(amIdentity)) {
            throw new AccessDenied("Cannot retrieve attributes for this user.");
        }
        rv = convertToIdentityDetails(amIdentity, attrsToGet);
        if (!StringUtils.isEmpty(realm)) {
            // use the realm specified by the request
            rv.setRealm(realm);
        }
    } catch (IdRepoException e) {
        debug.error("IdentityServicesImpl:read", e);
        mapIdRepoException(e);
    } catch (SSOException e) {
        debug.error("IdentityServicesImpl:read", e);
        throw new GeneralFailure(e.getMessage());
    }
    return rv;
}
Also used : Attribute(com.sun.identity.idsvcs.Attribute) ObjectNotFound(com.sun.identity.idsvcs.ObjectNotFound) AMIdentity(com.sun.identity.idm.AMIdentity) ArrayList(java.util.ArrayList) IdRepoException(com.sun.identity.idm.IdRepoException) GeneralFailure(com.sun.identity.idsvcs.GeneralFailure) IdentityDetails(com.sun.identity.idsvcs.IdentityDetails) SSOException(com.iplanet.sso.SSOException) AccessDenied(com.sun.identity.idsvcs.AccessDenied)

Example 5 with AccessDenied

use of com.sun.identity.idsvcs.AccessDenied in project OpenAM by OpenRock.

the class IdentityServicesImpl method attributes.

private UserDetails attributes(List<String> attributeNames, Token subject, Boolean refresh) throws TokenExpired, GeneralFailure, AccessDenied {
    UserDetails details = new UserDetails();
    try {
        SSOToken ssoToken = getSSOToken(subject);
        if (refresh != null && refresh) {
            SSOTokenManager.getInstance().refreshSession(ssoToken);
        }
        Map<String, Set<String>> sessionAttributes = new HashMap<>();
        Set<String> s;
        if (attributeNames != null) {
            String propertyNext;
            for (String attrNext : attributeNames) {
                s = new HashSet<>();
                if (attrNext.equalsIgnoreCase("idletime")) {
                    s.add(Long.toString(ssoToken.getIdleTime()));
                } else if (attrNext.equalsIgnoreCase("timeleft")) {
                    s.add(Long.toString(ssoToken.getTimeLeft()));
                } else if (attrNext.equalsIgnoreCase("maxsessiontime")) {
                    s.add(Long.toString(ssoToken.getMaxSessionTime()));
                } else if (attrNext.equalsIgnoreCase("maxidletime")) {
                    s.add(Long.toString(ssoToken.getMaxIdleTime()));
                } else {
                    propertyNext = ssoToken.getProperty(attrNext);
                    if (propertyNext != null && !propertyNext.isEmpty()) {
                        s.add(propertyNext);
                    }
                }
                if (!s.isEmpty()) {
                    sessionAttributes.put(attrNext, s);
                }
            }
        }
        // Obtain user memberships (roles and groups)
        AMIdentity userIdentity = IdUtils.getIdentity(ssoToken);
        if (isSpecialUser(userIdentity)) {
            throw new AccessDenied("Cannot retrieve attributes for this user.");
        }
        // Determine the types that can have members
        SSOToken adminToken = AccessController.doPrivileged(AdminTokenAction.getInstance());
        AMIdentityRepository idrepo = new AMIdentityRepository(userIdentity.getRealm(), adminToken);
        Set<IdType> supportedTypes = idrepo.getSupportedIdTypes();
        Set<IdType> membersTypes = new HashSet<>();
        for (IdType type : supportedTypes) {
            if (type.canHaveMembers().contains(userIdentity.getType())) {
                membersTypes.add(type);
            }
        }
        // Determine the roles and groups
        List<String> roles = new ArrayList<>();
        for (IdType type : membersTypes) {
            try {
                Set<AMIdentity> memberships = userIdentity.getMemberships(type);
                for (AMIdentity membership : memberships) {
                    roles.add(membership.getUniversalId());
                }
            } catch (IdRepoException ire) {
                debug.message("IdentityServicesImpl:attributes", ire);
            // Ignore and continue
            }
        }
        String[] r = new String[roles.size()];
        details.setRoles(roles.toArray(r));
        Map<String, Set<String>> userAttributes;
        if (attributeNames != null) {
            Set<String> attrNames = new HashSet<>(attributeNames);
            userAttributes = userIdentity.getAttributes(attrNames);
        } else {
            userAttributes = userIdentity.getAttributes();
        }
        if (userAttributes != null) {
            for (Map.Entry<String, Set<String>> entry : sessionAttributes.entrySet()) {
                if (userAttributes.keySet().contains(entry.getKey())) {
                    userAttributes.get(entry.getKey()).addAll(entry.getValue());
                } else {
                    userAttributes.put(entry.getKey(), entry.getValue());
                }
            }
        } else {
            userAttributes = sessionAttributes;
        }
        List<Attribute> attributes = new ArrayList<>(userAttributes.size());
        for (String name : userAttributes.keySet()) {
            Attribute attribute = new Attribute();
            attribute.setName(name);
            Set<String> value = userAttributes.get(name);
            if (value != null && !value.isEmpty()) {
                List<String> valueList = new ArrayList<>(value.size());
                // Convert the set to a List of String
                for (String next : value) {
                    if (next != null) {
                        valueList.add(next);
                    }
                }
                String[] v = new String[valueList.size()];
                attribute.setValues(valueList.toArray(v));
                attributes.add(attribute);
            }
        }
        Attribute[] a = new Attribute[attributes.size()];
        details.setAttributes(attributes.toArray(a));
    } catch (IdRepoException e) {
        debug.error("IdentityServicesImpl:attributes", e);
        throw new GeneralFailure(e.getMessage());
    } catch (SSOException e) {
        debug.error("IdentityServicesImpl:attributes", e);
        throw new GeneralFailure(e.getMessage());
    } catch (TokenExpired e) {
        debug.warning("IdentityServicesImpl:attributes original error", e);
        throw new TokenExpired("Cannot retrieve Token.");
    }
    //TODO handle token translation
    details.setToken(subject);
    return details;
}
Also used : SSOToken(com.iplanet.sso.SSOToken) Set(java.util.Set) HashSet(java.util.HashSet) HashMap(java.util.HashMap) Attribute(com.sun.identity.idsvcs.Attribute) ArrayList(java.util.ArrayList) SSOException(com.iplanet.sso.SSOException) UserDetails(com.sun.identity.idsvcs.UserDetails) TokenExpired(com.sun.identity.idsvcs.TokenExpired) HashSet(java.util.HashSet) IdRepoException(com.sun.identity.idm.IdRepoException) AccessDenied(com.sun.identity.idsvcs.AccessDenied) IdType(com.sun.identity.idm.IdType) AMIdentity(com.sun.identity.idm.AMIdentity) AMIdentityRepository(com.sun.identity.idm.AMIdentityRepository) GeneralFailure(com.sun.identity.idsvcs.GeneralFailure) Map(java.util.Map) HashMap(java.util.HashMap)

Aggregations

AccessDenied (com.sun.identity.idsvcs.AccessDenied)9 GeneralFailure (com.sun.identity.idsvcs.GeneralFailure)9 SSOException (com.iplanet.sso.SSOException)7 SSOToken (com.iplanet.sso.SSOToken)7 IdRepoException (com.sun.identity.idm.IdRepoException)7 IdentityDetails (com.sun.identity.idsvcs.IdentityDetails)7 ObjectNotFound (com.sun.identity.idsvcs.ObjectNotFound)7 TokenExpired (com.sun.identity.idsvcs.TokenExpired)7 BadRequestException (org.forgerock.json.resource.BadRequestException)6 ForbiddenException (org.forgerock.json.resource.ForbiddenException)6 InternalServerErrorException (org.forgerock.json.resource.InternalServerErrorException)6 NotFoundException (org.forgerock.json.resource.NotFoundException)6 PermanentException (org.forgerock.json.resource.PermanentException)6 ResourceException (org.forgerock.json.resource.ResourceException)6 NeedMoreCredentials (com.sun.identity.idsvcs.NeedMoreCredentials)5 SMSException (com.sun.identity.sm.SMSException)5 ServiceNotFoundException (com.sun.identity.sm.ServiceNotFoundException)5 UnsupportedEncodingException (java.io.UnsupportedEncodingException)5 MessagingException (javax.mail.MessagingException)5 ConflictException (org.forgerock.json.resource.ConflictException)5