Example 1 with DataStoreProvider
use of com.sun.identity.plugin.datastore.DataStoreProvider in project OpenAM by OpenRock.
the class FSAttributeStatementHelper method getAutoFedAttributeStatement.
/**
* Gets a SAML <code>AttributeStatement</code> by using an
* <code>AutoFederate</code> attribute that is configured in Local Provider.
* @param realm The realm under which the entity resides.
* @param entityID Host Provider's entity ID.
* @param sub Liberty Subject.
* @param ssoToken session of the user
* @return Generated Auto Federate Attribute Statement.
* @exception FSException if an error occurred
*/
public static AttributeStatement getAutoFedAttributeStatement(String realm, String entityID, FSSubject sub, Object ssoToken) throws FSException {
IDFFMetaManager metaManager = FSUtils.getIDFFMetaManager();
BaseConfigType hostConfig = null;
try {
if (metaManager != null) {
hostConfig = metaManager.getIDPDescriptorConfig(realm, entityID);
}
} catch (IDFFMetaException fae) {
FSUtils.debug.error("FSAttributeStatementHelper.getAutoFed" + "AttributeStatement: IDFFMetaException ", fae);
throw new FSException(fae);
}
String autoFedAttr = IDFFMetaUtils.getFirstAttributeValueFromConfig(hostConfig, IFSConstants.AUTO_FEDERATION_ATTRIBUTE);
if (autoFedAttr == null) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSAttributeStatementHelper.getAutoFed:" + "AttributeStatement: AutoFederate Attribute is null");
}
return null;
}
List values = new ArrayList();
try {
String userID = SessionManager.getProvider().getPrincipalName(ssoToken);
DataStoreProvider provider = DataStoreProviderManager.getInstance().getDataStoreProvider(IFSConstants.IDFF);
Set vals = provider.getAttribute(userID, autoFedAttr);
Iterator iter = vals.iterator();
while (iter.hasNext()) {
values.add(getAttributeValue((String) iter.next()));
}
} catch (SessionException se) {
FSUtils.debug.error("FSAttributeStatementHelper.getAutoFed" + "AttributeStatement: SessionException ", se);
throw new FSException(se);
} catch (DataStoreProviderException ie) {
FSUtils.debug.error("FSAttributeStatementHelper.getAutoFed" + "AttributeStatement: DataStoreProviderException ", ie);
throw new FSException(ie);
}
if (values == null || values.size() == 0) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSAtributeStatementHelper.getAuto:" + "FedAttributeStatement. No values for autofed attribute");
}
return null;
}
try {
Attribute attribute = new Attribute(IFSConstants.AUTO_FED_ATTR, IFSConstants.assertionSAMLNameSpaceURI, values);
List attributeList = new ArrayList();
attributeList.add(attribute);
return new AttributeStatement(sub, attributeList);
} catch (SAMLException ex) {
FSUtils.debug.error("FSAttributeStatementHelper.getAutoFed" + "AttributeStatement: SAMLException ", ex);
throw new FSException(ex);
}
}
Also used :
DataStoreProviderException(com.sun.identity.plugin.datastore.DataStoreProviderException)
Set(java.util.Set)
Attribute(com.sun.identity.saml.assertion.Attribute)
IDFFMetaException(com.sun.identity.federation.meta.IDFFMetaException)
DataStoreProvider(com.sun.identity.plugin.datastore.DataStoreProvider)
ArrayList(java.util.ArrayList)
SessionException(com.sun.identity.plugin.session.SessionException)
SAMLException(com.sun.identity.saml.common.SAMLException)
BaseConfigType(com.sun.identity.federation.jaxb.entityconfig.BaseConfigType)
IDFFMetaManager(com.sun.identity.federation.meta.IDFFMetaManager)
AttributeStatement(com.sun.identity.saml.assertion.AttributeStatement)
FSException(com.sun.identity.federation.common.FSException)
Iterator(java.util.Iterator)
ArrayList(java.util.ArrayList)
List(java.util.List)
Example 2 with DataStoreProvider
use of com.sun.identity.plugin.datastore.DataStoreProvider in project OpenAM by OpenRock.
the class UserDiscoEntryHandler method modifyDiscoEntries.
/**
* Modifies discovery entries for a user.
* @param userID The user whose discovery entries will be set.
* @param removes List of
* <code>com.sun.identity.liberty.ws.disco.jaxb.RemoveEntryType</code>
* jaxb objects.
* @param inserts List of
* <code>com.sun.identity.liberty.ws.disco.jaxb.InsertEntryType</code>
* jaxb objects.
* @return Map which contains the following key value pairs:
* Key: <code>DiscoEntryHandler.STATUS_CODE</code>
* Value: status code String such as "OK", "Failed", etc.
* Key: <code>DiscoEntryHandler.NEW_ENTRY_IDS</code>
* Value: List of <code>entryIds</code> for the entries that were added.
* The second key/value pair will only exist when status code is
* "OK", and there are <code>InsertEntry</code> elements in the modify
* request. When successful, all modification (removes and inserts) should
* be done. No partial changes should be done.
*/
public Map modifyDiscoEntries(String userID, List removes, List inserts) {
DiscoEntryHandlerImplUtils.debug.message("in UserDiscoEntryHandler.modifyDiscoEntries");
Map result = new HashMap();
result.put(STATUS_CODE, DiscoConstants.STATUS_FAILED);
Map discoEntries = new HashMap();
DataStoreProvider store = null;
try {
store = DataStoreProviderManager.getInstance().getDataStoreProvider(DISCO);
DiscoEntryHandlerImplUtils.getUserDiscoEntries(store, userID, USER_ATTR_NAME, discoEntries);
} catch (Exception e) {
DiscoEntryHandlerImplUtils.debug.error("UserDiscoEntryHandler.modifyDiscoEntries: Exception:", e);
return result;
}
if ((removes != null) && !removes.isEmpty()) {
if (DiscoEntryHandlerImplUtils.debug.messageEnabled()) {
DiscoEntryHandlerImplUtils.debug.message("UserDiscoEntryHandler.modifyDiscoEntries: handling " + removes.size() + " removes.");
}
if (!DiscoEntryHandlerImplUtils.handleRemoves(discoEntries, removes)) {
return result;
}
}
Set results = new HashSet();
results.addAll(discoEntries.values());
List newEntryIDs = null;
if ((inserts != null) && (inserts.size() != 0)) {
if (DiscoEntryHandlerImplUtils.debug.messageEnabled()) {
DiscoEntryHandlerImplUtils.debug.message("UserDiscoEntryHandler.modifyDiscoEntries: handling " + inserts.size() + " inserts.");
}
Map insertResults = DiscoEntryHandlerImplUtils.handleInserts(results, inserts);
if (!((String) insertResults.get(STATUS_CODE)).equals(DiscoConstants.STATUS_OK)) {
return result;
}
newEntryIDs = (List) insertResults.get(NEW_ENTRY_IDS);
}
// so far everything is successful
if (!DiscoEntryHandlerImplUtils.setUserDiscoEntries(store, userID, USER_ATTR_NAME, results)) {
DiscoEntryHandlerImplUtils.debug.error("UserDiscoEntryHandler.modifyDiscoEntries: " + "couldn't set DiscoEntries through DiscoEntryHandler.");
return result;
} else {
if (DiscoEntryHandlerImplUtils.debug.messageEnabled()) {
DiscoEntryHandlerImplUtils.debug.message("UserDiscoEntryHandler.modifyDisco" + "Entries: set DiscoEntries through DiscoEntryHandler " + "successfully.");
}
result.put(STATUS_CODE, DiscoConstants.STATUS_OK);
if ((newEntryIDs != null) && (newEntryIDs.size() != 0)) {
result.put(NEW_ENTRY_IDS, newEntryIDs);
}
return result;
}
}Example 3 with DataStoreProvider
use of com.sun.identity.plugin.datastore.DataStoreProvider in project OpenAM by OpenRock.
the class DefaultAttributeMapper method getAttributes.
/**
* This method first mapps the Subject in the query to a local site
* account using the AccountMapper defined in the SAML Service.
* The source ID is used to find the appropriate AccountMapper.
* It then calls the User Management API to obtain the attribute value
* using the Session and the attribute name in the AttributeDesignator(s)
* of the query. If there is no AttributeDesignator in the query,
* attributes of services specified as userServiceNameList in
* amSAML.properties will be returned.
* <p>
*
* @param query the <code>AttributeQuery</code> object.
* @param sourceID the Source Identifier.
* @param token User Session
* @throws SAMLException if there is an error.
*/
public List getAttributes(AttributeQuery query, String sourceID, Object token) throws SAMLException {
if ((query == null) || (sourceID == null) || (token == null)) {
SAMLUtils.debug.message("DefaultAttributeMapper: null input.");
throw new SAMLException(SAMLUtils.bundle.getString("nullInput"));
}
Map entries = (Map) SAMLServiceManager.getAttribute(SAMLConstants.PARTNER_URLS);
SAMLServiceManager.SOAPEntry destSite = (SAMLServiceManager.SOAPEntry) entries.get(sourceID);
String name = null;
PartnerAccountMapper paMapper = destSite.getPartnerAccountMapper();
if (paMapper != null) {
Map map = paMapper.getUser(query, sourceID);
name = (String) map.get(PartnerAccountMapper.NAME);
}
if (name == null) {
if (SAMLUtils.debug.messageEnabled()) {
SAMLUtils.debug.message("DefaultAttributeMapper: couldn't " + "map the subject to a local user.");
}
throw new SAMLException(SAMLUtils.bundle.getString("cannotMapSubject"));
}
if (SAMLUtils.debug.messageEnabled()) {
SAMLUtils.debug.message("user=" + name);
}
// assume user in default root realm
DataStoreProvider provider = null;
try {
provider = DataStoreProviderManager.getInstance().getDataStoreProvider(SAMLConstants.SAML);
} catch (DataStoreProviderException de) {
if (SAMLUtils.debug.messageEnabled()) {
SAMLUtils.debug.message("DefaultAttributeMapper.getAttribute:", de);
}
throw new SAMLException(SAMLUtils.bundle.getString("cannotMapSubject"));
}
List attributes = new ArrayList();
Attribute attribute = null;
List attrValues = null;
String attrValueString = null;
String attrName = null;
Set valueSet = null;
Iterator valueIter = null;
List designators = query.getAttributeDesignator();
if ((designators == null) || (designators.isEmpty())) {
String userAttrName = SystemConfigurationUtil.getProperty("userAttributeNameList");
if ((userAttrName == null) || (userAttrName.length() == 0)) {
if (SAMLUtils.debug.messageEnabled()) {
SAMLUtils.debug.message("DefaultAttributeMapper: " + "userAttributeNameList is not defined " + "or empty.");
}
return attributes;
}
Set attrNames = new HashSet();
StringTokenizer stk = new StringTokenizer(userAttrName, ",");
while (stk.hasMoreTokens()) {
attrNames.add(stk.nextToken().trim());
}
Map valueMap = null;
try {
valueMap = provider.getAttributes(name, attrNames);
} catch (DataStoreProviderException ie) {
if (SAMLUtils.debug.messageEnabled()) {
SAMLUtils.debug.message("DefaultAttributeMapper: " + "DataStoreProviderException:", ie);
}
throw new SAMLException(ie.getMessage());
}
Set keySet = valueMap.keySet();
String keyName = null;
Iterator keyIter = keySet.iterator();
while (keyIter.hasNext()) {
keyName = (String) keyIter.next();
valueSet = (Set) valueMap.get(keyName);
valueIter = valueSet.iterator();
attrValues = new ArrayList();
while (valueIter.hasNext()) {
attrValueString = SAMLUtils.makeStartElementTagXML("AttributeValue", true, true) + ((String) valueIter.next()) + SAMLUtils.makeEndElementTagXML("AttributeValue", true);
attrValues.add(XMLUtils.toDOMDocument(attrValueString, SAMLUtils.debug).getDocumentElement());
}
if (!attrValues.isEmpty()) {
attribute = new Attribute(keyName, SAMLConstants.ATTR_NAME_SPACE, attrValues);
attributes.add(attribute);
}
}
} else {
Iterator iter = designators.iterator();
AttributeDesignator designator = null;
while (iter.hasNext()) {
designator = (AttributeDesignator) iter.next();
attrName = (String) designator.getAttributeName();
try {
valueSet = provider.getAttribute(name, attrName);
} catch (DataStoreProviderException ie) {
if (SAMLUtils.debug.messageEnabled()) {
SAMLUtils.debug.message("DefaultAttributeMapper: " + "DataStoreProviderException:", ie);
}
throw new SAMLException(ie.getMessage());
}
valueIter = valueSet.iterator();
attrValues = new ArrayList();
while (valueIter.hasNext()) {
attrValueString = SAMLUtils.makeStartElementTagXML("AttributeValue", true, true) + ((String) valueIter.next()) + SAMLUtils.makeEndElementTagXML("AttributeValue", true);
attrValues.add(XMLUtils.toDOMDocument(attrValueString, SAMLUtils.debug).getDocumentElement());
}
if (!attrValues.isEmpty()) {
attribute = new Attribute(attrName, designator.getAttributeNamespace(), attrValues);
attributes.add(attribute);
}
}
}
return attributes;
}
Also used :
DataStoreProviderException(com.sun.identity.plugin.datastore.DataStoreProviderException)
HashSet(java.util.HashSet)
Set(java.util.Set)
Attribute(com.sun.identity.saml.assertion.Attribute)
DataStoreProvider(com.sun.identity.plugin.datastore.DataStoreProvider)
ArrayList(java.util.ArrayList)
SAMLException(com.sun.identity.saml.common.SAMLException)
StringTokenizer(java.util.StringTokenizer)
AttributeDesignator(com.sun.identity.saml.assertion.AttributeDesignator)
Iterator(java.util.Iterator)
SAMLServiceManager(com.sun.identity.saml.common.SAMLServiceManager)
ArrayList(java.util.ArrayList)
NodeList(org.w3c.dom.NodeList)
List(java.util.List)
Map(java.util.Map)
HashSet(java.util.HashSet)
Example 4 with DataStoreProvider
use of com.sun.identity.plugin.datastore.DataStoreProvider in project OpenAM by OpenRock.
the class DefaultNameIdentifierMapper method getNameIdentifier.
/**
* Returns name identifier for assertion subject based on user account.
*
* @param session the session of the user performing the operation.
* @param sourceID source ID for the site from which the assertion
* originated.
* @param destID destination ID for the site for which the assertion will be
* created.
* @return a <code>NameIdentifier</code> for assertion subject.
* @exception SAMLException if an error occurs
*/
public NameIdentifier getNameIdentifier(Object session, String sourceID, String destID, String nameIDFormat) throws SAMLException {
if (SAMLUtils.debug.messageEnabled()) {
SAMLUtils.debug.message("DefaultNameIdentifierMapper." + "getNameIdentifier: sourceID = " + sourceID + ", destID = " + destID);
}
if (SAMLUtils.debug.messageEnabled()) {
SAMLUtils.debug.message("DefaultNameIdentifierMapper." + "getNameIdentifier: nameIDFormat = " + nameIDFormat);
}
try {
String nameQualifier = XMLUtils.escapeSpecialCharacters((SessionManager.getProvider().getProperty(session, "Organization")[0]));
String userID = SessionManager.getProvider().getPrincipalName(session);
String name = null;
if (nameIDFormat != null) {
Map nameIDFormatAttrMap = (Map) SAMLServiceManager.getAttribute(SAMLConstants.NAME_ID_FORMAT_MAP);
if ((nameIDFormatAttrMap != null) && (!nameIDFormatAttrMap.isEmpty()) && (nameIDFormatAttrMap.keySet().contains(nameIDFormat))) {
String attrName = (String) nameIDFormatAttrMap.get(nameIDFormat);
try {
DataStoreProvider dsProvider = DataStoreProviderManager.getInstance().getDataStoreProvider(SAMLConstants.SAML);
Set attrValues = dsProvider.getAttribute(userID, attrName);
if ((attrValues != null) && (!attrValues.isEmpty())) {
name = (String) attrValues.iterator().next();
}
} catch (DataStoreProviderException dspe) {
if (SAMLUtils.debug.warningEnabled()) {
SAMLUtils.debug.warning("DefaultNameIdentifierMapper." + "getNameIdentifier:", dspe);
}
}
}
}
if (name == null) {
name = XMLUtils.escapeSpecialCharacters(userID);
} else {
name = XMLUtils.escapeSpecialCharacters(name);
}
return new NameIdentifier(name, nameQualifier, nameIDFormat);
} catch (SessionException sx) {
SAMLUtils.debug.error("DefaultNameIdentifierMapper." + "getNameIdentifier: Invalid Session ", sx);
return null;
} catch (Exception ex) {
SAMLUtils.debug.error("DefaultNameIdentifierMapper." + "getNameIdentifier:", ex);
return null;
}
}
Also used :
DataStoreProviderException(com.sun.identity.plugin.datastore.DataStoreProviderException)
Set(java.util.Set)
NameIdentifier(com.sun.identity.saml.assertion.NameIdentifier)
DataStoreProvider(com.sun.identity.plugin.datastore.DataStoreProvider)
SessionException(com.sun.identity.plugin.session.SessionException)
Map(java.util.Map)
DataStoreProviderException(com.sun.identity.plugin.datastore.DataStoreProviderException)
SessionException(com.sun.identity.plugin.session.SessionException)
SAMLException(com.sun.identity.saml.common.SAMLException)
Example 5 with DataStoreProvider
use of com.sun.identity.plugin.datastore.DataStoreProvider in project OpenAM by OpenRock.
the class DefaultSiteAttributeMapper method getAttributes.
/**
* Returns <code>List</code> of <code>Attribute</code> objects
*
* @param token User's session.
* @param request The HttpServletRerquest object of the request which
* may contains query attributes to be included in the
* Assertion. This could be null if unavailable.
* @param response The HttpServletResponse object. This could be null
* if unavailable.
* @param targetURL value for TARGET query parameter when the user
* accessing the SAML aware servlet or post profile
* servlet. This could be null if unavailabl
* @return <code>List</code> if <code>Attribute</code> objects.
* <code>Attribute</code> is defined in the SAML SDK as part of
* <code>com.sun.identity.saml.assertion</code> package.
* @throws SAMLException if attributes cannot be obtained.
*/
public List getAttributes(Object token, HttpServletRequest request, HttpServletResponse response, String targetURL) throws SAMLException {
Map attrMap = (Map) SAMLServiceManager.getAttribute(SAMLConstants.ATTRIBUTE_MAP);
if ((attrMap == null) || (attrMap.isEmpty())) {
return null;
}
Set localAttrNames = new HashSet();
localAttrNames.addAll(attrMap.values());
Map localValueMap = null;
try {
DataStoreProvider dsProvider = DataStoreProviderManager.getInstance().getDataStoreProvider(SAMLConstants.SAML);
localValueMap = dsProvider.getAttributes(SessionManager.getProvider().getPrincipalName(token), localAttrNames);
} catch (Exception ex) {
if (SAMLUtils.debug.warningEnabled()) {
SAMLUtils.debug.warning("DefaultSiteAttributeMapper." + "getAttributes:", ex);
}
}
List samlAttrs = null;
for (Iterator iter = attrMap.keySet().iterator(); iter.hasNext(); ) {
String samlAttrName = (String) iter.next();
String localAttrName = (String) attrMap.get(samlAttrName);
String attrNamespace = null;
StringTokenizer tokenizer = new StringTokenizer(samlAttrName, "|");
int tokenCount = tokenizer.countTokens();
if (tokenCount == 1) {
attrNamespace = SAMLConstants.assertionSAMLNameSpaceURI;
} else if (tokenCount == 2) {
attrNamespace = tokenizer.nextToken();
samlAttrName = tokenizer.nextToken();
} else {
if (SAMLUtils.debug.messageEnabled()) {
SAMLUtils.debug.message("DefaultSiteAttributeMapper." + "getAttribute: invalid saml attribute in attribute " + " map. saml attribute = " + samlAttrName + ", the " + " syntax is namespace|attrName.");
}
continue;
}
String[] localAttrValues = null;
if ((localValueMap != null) && (!localValueMap.isEmpty())) {
Set values = (Set) localValueMap.get(localAttrName);
if ((values == null) || (values.isEmpty())) {
if (SAMLUtils.debug.messageEnabled()) {
SAMLUtils.debug.message("DefaultSiteAttributeMapper." + "getAttribute: user profile does not have " + "value for " + localAttrName + " but is going to check ssotoken:");
}
} else {
localAttrValues = (String[]) values.toArray(new String[values.size()]);
}
}
if (localAttrValues == null) {
try {
localAttrValues = SessionManager.getProvider().getProperty(token, localAttrName);
} catch (SessionException ex) {
if (SAMLUtils.debug.messageEnabled()) {
SAMLUtils.debug.message("DefaultSiteAttributeMapper." + "getAttribute:", ex);
}
}
}
if ((localAttrValues == null) || (localAttrValues.length == 0)) {
if (SAMLUtils.debug.messageEnabled()) {
SAMLUtils.debug.message("DefaultSiteAttributeMapper." + "getAttribute: user does not have " + localAttrName);
}
} else {
Attribute samlAttr = getSAMLAttribute(samlAttrName, attrNamespace, localAttrValues);
if (samlAttr != null) {
if (samlAttrs == null) {
samlAttrs = new ArrayList();
}
samlAttrs.add(samlAttr);
if (SAMLUtils.debug.messageEnabled()) {
SAMLUtils.debug.message("DefaultSiteAttributeMapper." + "getAttribute: add atttribute = " + samlAttrName + ", attrNamespace = " + attrNamespace + ", values = " + localAttrValues);
}
}
}
}
return samlAttrs;
}
Also used :
Set(java.util.Set)
HashSet(java.util.HashSet)
Attribute(com.sun.identity.saml.assertion.Attribute)
DataStoreProvider(com.sun.identity.plugin.datastore.DataStoreProvider)
ArrayList(java.util.ArrayList)
SessionException(com.sun.identity.plugin.session.SessionException)
SessionException(com.sun.identity.plugin.session.SessionException)
SAMLException(com.sun.identity.saml.common.SAMLException)
StringTokenizer(java.util.StringTokenizer)
Iterator(java.util.Iterator)
ArrayList(java.util.ArrayList)
List(java.util.List)
Map(java.util.Map)
HashSet(java.util.HashSet)
Aggregations
DataStoreProvider (com.sun.identity.plugin.datastore.DataStoreProvider)8
Set (java.util.Set)7
DataStoreProviderException (com.sun.identity.plugin.datastore.DataStoreProviderException)5
SessionException (com.sun.identity.plugin.session.SessionException)5
Map (java.util.Map)5
SAMLException (com.sun.identity.saml.common.SAMLException)4
List (java.util.List)4
Attribute (com.sun.identity.saml.assertion.Attribute)3
ArrayList (java.util.ArrayList)3
HashSet (java.util.HashSet)3
Iterator (java.util.Iterator)3
SessionProvider (com.sun.identity.plugin.session.SessionProvider)2
HashMap (java.util.HashMap)2
StringTokenizer (java.util.StringTokenizer)2
FSException (com.sun.identity.federation.common.FSException)1
BaseConfigType (com.sun.identity.federation.jaxb.entityconfig.BaseConfigType)1
IDFFMetaException (com.sun.identity.federation.meta.IDFFMetaException)1
IDFFMetaManager (com.sun.identity.federation.meta.IDFFMetaManager)1
AttributeDesignator (com.sun.identity.saml.assertion.AttributeDesignator)1
AttributeStatement (com.sun.identity.saml.assertion.AttributeStatement)1
