user/model/UMUserPasswordResetOptionsModelImpl.java

	UMUserPasswordResetOptionsModelImpl.java revision ba07e74da87b2caf40d3397e50523632daeb4cac
bb5e3b2f129cc39517b925419c22f69a378ec023eh/**
0dc2366f7b9f9f36e10909b1e95edbf2a261c2acVenugopal Iyer * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
bb5e3b2f129cc39517b925419c22f69a378ec023eh *
bb5e3b2f129cc39517b925419c22f69a378ec023eh * Copyright (c) 2007 Sun Microsystems Inc. All Rights Reserved
bb5e3b2f129cc39517b925419c22f69a378ec023eh *
bb5e3b2f129cc39517b925419c22f69a378ec023eh * The contents of this file are subject to the terms
bb5e3b2f129cc39517b925419c22f69a378ec023eh * of the Common Development and Distribution License
bb5e3b2f129cc39517b925419c22f69a378ec023eh * (the License). You may not use this file except in
bb5e3b2f129cc39517b925419c22f69a378ec023eh * compliance with the License.
bb5e3b2f129cc39517b925419c22f69a378ec023eh *
bb5e3b2f129cc39517b925419c22f69a378ec023eh * You can obtain a copy of the License at
bb5e3b2f129cc39517b925419c22f69a378ec023eh * https://opensso.dev.java.net/public/CDDLv1.0.html or
bb5e3b2f129cc39517b925419c22f69a378ec023eh * opensso/legal/CDDLv1.0.txt
bb5e3b2f129cc39517b925419c22f69a378ec023eh * See the License for the specific language governing
bb5e3b2f129cc39517b925419c22f69a378ec023eh * permission and limitations under the License.
bb5e3b2f129cc39517b925419c22f69a378ec023eh *
bb5e3b2f129cc39517b925419c22f69a378ec023eh * When distributing Covered Code, include this CDDL
bb5e3b2f129cc39517b925419c22f69a378ec023eh * Header Notice in each file and include the License file
bb5e3b2f129cc39517b925419c22f69a378ec023eh * at opensso/legal/CDDLv1.0.txt.
bb5e3b2f129cc39517b925419c22f69a378ec023eh * If applicable, add the following below the CDDL Header,
bb5e3b2f129cc39517b925419c22f69a378ec023eh * with the fields enclosed by brackets [] replaced by
bb5e3b2f129cc39517b925419c22f69a378ec023eh * your own identifying information:
bb5e3b2f129cc39517b925419c22f69a378ec023eh * "Portions Copyrighted [year] [name of copyright owner]"
bb5e3b2f129cc39517b925419c22f69a378ec023eh *
bb5e3b2f129cc39517b925419c22f69a378ec023eh * $Id: UMUserPasswordResetOptionsModelImpl.java,v 1.5 2010/01/27 18:21:37 veiming Exp $
bb5e3b2f129cc39517b925419c22f69a378ec023eh *
bb5e3b2f129cc39517b925419c22f69a378ec023eh */
bb5e3b2f129cc39517b925419c22f69a378ec023eh
bb5e3b2f129cc39517b925419c22f69a378ec023ehpackage com.sun.identity.console.user.model;
bb5e3b2f129cc39517b925419c22f69a378ec023eh
bb5e3b2f129cc39517b925419c22f69a378ec023ehimport com.iplanet.sso.SSOException;
bb5e3b2f129cc39517b925419c22f69a378ec023ehimport com.iplanet.sso.SSOToken;
bb5e3b2f129cc39517b925419c22f69a378ec023ehimport com.sun.identity.console.base.model.AMAdminConstants;
bb5e3b2f129cc39517b925419c22f69a378ec023ehimport com.sun.identity.console.base.model.AMAdminUtils;
bb5e3b2f129cc39517b925419c22f69a378ec023ehimport com.sun.identity.console.base.model.AMConsoleException;
bb5e3b2f129cc39517b925419c22f69a378ec023ehimport com.sun.identity.console.base.model.AMModelBase;
bb5e3b2f129cc39517b925419c22f69a378ec023ehimport com.sun.identity.delegation.DelegationEvaluator;
bb5e3b2f129cc39517b925419c22f69a378ec023ehimport com.sun.identity.delegation.DelegationEvaluatorImpl;
bb5e3b2f129cc39517b925419c22f69a378ec023ehimport com.sun.identity.delegation.DelegationException;
bb5e3b2f129cc39517b925419c22f69a378ec023ehimport com.sun.identity.delegation.DelegationPermission;
bb5e3b2f129cc39517b925419c22f69a378ec023ehimport com.sun.identity.idm.AMIdentity;
bb5e3b2f129cc39517b925419c22f69a378ec023ehimport com.sun.identity.idm.IdRepoException;
bb5e3b2f129cc39517b925419c22f69a378ec023ehimport com.sun.identity.idm.IdUtils;
bb5e3b2f129cc39517b925419c22f69a378ec023ehimport com.sun.identity.security.DecryptAction;
bb5e3b2f129cc39517b925419c22f69a378ec023ehimport com.sun.identity.security.EncryptAction;
bb5e3b2f129cc39517b925419c22f69a378ec023ehimport com.sun.identity.shared.Constants;
bb5e3b2f129cc39517b925419c22f69a378ec023ehimport com.sun.identity.sm.OrganizationConfigManager;
bb5e3b2f129cc39517b925419c22f69a378ec023ehimport com.sun.identity.sm.SchemaType;
bb5e3b2f129cc39517b925419c22f69a378ec023ehimport com.sun.identity.sm.ServiceSchemaManager;
bb5e3b2f129cc39517b925419c22f69a378ec023ehimport com.sun.identity.sm.SMSException;
da14cebe459d3275048785f25bd869cb09b5307fEric Chengimport java.security.AccessController;
e7801d59e8ceda0cde8ebdfdddd7582ee2ea96efsowminiimport java.util.ArrayList;
bb5e3b2f129cc39517b925419c22f69a378ec023ehimport java.util.Collections;
bb5e3b2f129cc39517b925419c22f69a378ec023ehimport java.util.HashMap;
bb5e3b2f129cc39517b925419c22f69a378ec023ehimport java.util.HashSet;
bb5e3b2f129cc39517b925419c22f69a378ec023ehimport java.util.Iterator;
bb5e3b2f129cc39517b925419c22f69a378ec023ehimport java.util.List;
bb5e3b2f129cc39517b925419c22f69a378ec023ehimport java.util.Map;
bb5e3b2f129cc39517b925419c22f69a378ec023ehimport java.util.MissingResourceException;
bb5e3b2f129cc39517b925419c22f69a378ec023ehimport java.util.ResourceBundle;
bb5e3b2f129cc39517b925419c22f69a378ec023ehimport java.util.Set;
bb5e3b2f129cc39517b925419c22f69a378ec023ehimport java.util.StringTokenizer;
bb5e3b2f129cc39517b925419c22f69a378ec023ehimport javax.servlet.http.HttpServletRequest;
bb5e3b2f129cc39517b925419c22f69a378ec023eh
bb5e3b2f129cc39517b925419c22f69a378ec023eh/* - LOG COMPLETE - */
bb5e3b2f129cc39517b925419c22f69a378ec023eh
bb5e3b2f129cc39517b925419c22f69a378ec023ehpublic class UMUserPasswordResetOptionsModelImpl
193974072f41a843678abf5f61979c748687e66bSherry Moore    extends AMModelBase
bb5e3b2f129cc39517b925419c22f69a378ec023eh    implements UMUserPasswordResetOptionsModel
bb5e3b2f129cc39517b925419c22f69a378ec023eh{
bb5e3b2f129cc39517b925419c22f69a378ec023eh    private OrganizationConfigManager orgCfgMgr;
bb5e3b2f129cc39517b925419c22f69a378ec023eh    private static SSOToken adminSSOToken =
bb5e3b2f129cc39517b925419c22f69a378ec023eh        AMAdminUtils.getSuperAdminSSOToken();
bb5e3b2f129cc39517b925419c22f69a378ec023eh
bb5e3b2f129cc39517b925419c22f69a378ec023eh    public UMUserPasswordResetOptionsModelImpl(
bb5e3b2f129cc39517b925419c22f69a378ec023eh        HttpServletRequest req,
bb5e3b2f129cc39517b925419c22f69a378ec023eh        Map map
bb5e3b2f129cc39517b925419c22f69a378ec023eh    ) {
bb5e3b2f129cc39517b925419c22f69a378ec023eh        super(req, map);
bb5e3b2f129cc39517b925419c22f69a378ec023eh    }
bb5e3b2f129cc39517b925419c22f69a378ec023eh
bb5e3b2f129cc39517b925419c22f69a378ec023eh    public UMUserPasswordResetOptionsModelImpl() {
bb5e3b2f129cc39517b925419c22f69a378ec023eh        // do nothing
bb5e3b2f129cc39517b925419c22f69a378ec023eh    }
bb5e3b2f129cc39517b925419c22f69a378ec023eh
bb5e3b2f129cc39517b925419c22f69a378ec023eh    /**
bb5e3b2f129cc39517b925419c22f69a378ec023eh     * Returns a map of question to its localized name.
bb5e3b2f129cc39517b925419c22f69a378ec023eh     *
bb5e3b2f129cc39517b925419c22f69a378ec023eh     * @param realmName Name of realm.
bb5e3b2f129cc39517b925419c22f69a378ec023eh     * @return a map of question to its localized name.
bb5e3b2f129cc39517b925419c22f69a378ec023eh     */
bb5e3b2f129cc39517b925419c22f69a378ec023eh    private Map getQuestions(String realmName) {
bb5e3b2f129cc39517b925419c22f69a378ec023eh        Map mapQuestions = null;
bb5e3b2f129cc39517b925419c22f69a378ec023eh        Set questions = getAttributeValues(
bb5e3b2f129cc39517b925419c22f69a378ec023eh            realmName, PW_RESET_QUESTION, AMAdminConstants.PW_RESET_SERVICE);
bb5e3b2f129cc39517b925419c22f69a378ec023eh
bb5e3b2f129cc39517b925419c22f69a378ec023eh        if ((questions != null) && !questions.isEmpty()) {
bb5e3b2f129cc39517b925419c22f69a378ec023eh            mapQuestions = new HashMap(questions.size() *2);
bb5e3b2f129cc39517b925419c22f69a378ec023eh            ResourceBundle rb = getServiceResourceBundle(
bb5e3b2f129cc39517b925419c22f69a378ec023eh                AMAdminConstants.PW_RESET_SERVICE);
bb5e3b2f129cc39517b925419c22f69a378ec023eh
bb5e3b2f129cc39517b925419c22f69a378ec023eh            for (Iterator iter = questions.iterator(); iter.hasNext(); ) {
bb5e3b2f129cc39517b925419c22f69a378ec023eh                String val = (String)iter.next();
bb5e3b2f129cc39517b925419c22f69a378ec023eh                String label = val;
bb5e3b2f129cc39517b925419c22f69a378ec023eh                try {
bb5e3b2f129cc39517b925419c22f69a378ec023eh                    label = (rb == null) ? val : rb.getString(val);
bb5e3b2f129cc39517b925419c22f69a378ec023eh                } catch (MissingResourceException mre) {
bb5e3b2f129cc39517b925419c22f69a378ec023eh                    debug.warning("no i18nKey defined for question " +
bb5e3b2f129cc39517b925419c22f69a378ec023eh                        mre.getMessage());
bb5e3b2f129cc39517b925419c22f69a378ec023eh                }
bb5e3b2f129cc39517b925419c22f69a378ec023eh                mapQuestions.put(val, label);
bb5e3b2f129cc39517b925419c22f69a378ec023eh            }
bb5e3b2f129cc39517b925419c22f69a378ec023eh        } else {
bb5e3b2f129cc39517b925419c22f69a378ec023eh            debug.message("UMUserPasswordResetOptionsModelImpl " +
bb5e3b2f129cc39517b925419c22f69a378ec023eh                "there were no questions defined for this user");
bb5e3b2f129cc39517b925419c22f69a378ec023eh        }
bb5e3b2f129cc39517b925419c22f69a378ec023eh        return mapQuestions;
bb5e3b2f129cc39517b925419c22f69a378ec023eh    }
bb5e3b2f129cc39517b925419c22f69a378ec023eh
bb5e3b2f129cc39517b925419c22f69a378ec023eh    /**
bb5e3b2f129cc39517b925419c22f69a378ec023eh     * Returns true if user personal question/answer feature is enabled.
bb5e3b2f129cc39517b925419c22f69a378ec023eh     *
bb5e3b2f129cc39517b925419c22f69a378ec023eh     * @param realmName Name of realm.
bb5e3b2f129cc39517b925419c22f69a378ec023eh     * @return true if user personal question/answer feature is enabled.
bb5e3b2f129cc39517b925419c22f69a378ec023eh     */
bb5e3b2f129cc39517b925419c22f69a378ec023eh    public boolean isUserQuestionEnabled(String realmName) {
bb5e3b2f129cc39517b925419c22f69a378ec023eh        Set values = getAttributeValues(
bb5e3b2f129cc39517b925419c22f69a378ec023eh            realmName, PW_RESET_PERSONAL_ANSWER,
bb5e3b2f129cc39517b925419c22f69a378ec023eh            AMAdminConstants.PW_RESET_SERVICE);
bb5e3b2f129cc39517b925419c22f69a378ec023eh        return ((String)AMAdminUtils.getValue(values)).equalsIgnoreCase("true");
bb5e3b2f129cc39517b925419c22f69a378ec023eh    }
bb5e3b2f129cc39517b925419c22f69a378ec023eh
bb5e3b2f129cc39517b925419c22f69a378ec023eh    /**
bb5e3b2f129cc39517b925419c22f69a378ec023eh     * Returns the maximum number of question that can be display in
bb5e3b2f129cc39517b925419c22f69a378ec023eh     * the reset password page.
bb5e3b2f129cc39517b925419c22f69a378ec023eh     *
bb5e3b2f129cc39517b925419c22f69a378ec023eh     * @return maximum number of question which can be in reset password page
bb5e3b2f129cc39517b925419c22f69a378ec023eh     */
bb5e3b2f129cc39517b925419c22f69a378ec023eh    public int getMaxNumQuestions(String realmName) {
7efa17f5f4c3cc113e1b0a1e86f43d4bf2ede8fafei feng - Sun Microsystems - Beijing China        int maxNum = 1;
7efa17f5f4c3cc113e1b0a1e86f43d4bf2ede8fafei feng - Sun Microsystems - Beijing China        Set set = getAttributeValues(realmName,
7efa17f5f4c3cc113e1b0a1e86f43d4bf2ede8fafei feng - Sun Microsystems - Beijing China            PW_RESET_MAX_NUM_OF_QUESTIONS, AMAdminConstants.PW_RESET_SERVICE);
0dc2366f7b9f9f36e10909b1e95edbf2a261c2acVenugopal Iyer
0dc2366f7b9f9f36e10909b1e95edbf2a261c2acVenugopal Iyer        if (set != null && !set.isEmpty()) {
0dc2366f7b9f9f36e10909b1e95edbf2a261c2acVenugopal Iyer            String value = (String)set.iterator().next();
bb5e3b2f129cc39517b925419c22f69a378ec023eh            try {
bb5e3b2f129cc39517b925419c22f69a378ec023eh                maxNum = Integer.parseInt(value);
bb5e3b2f129cc39517b925419c22f69a378ec023eh            } catch (NumberFormatException e) {
bb5e3b2f129cc39517b925419c22f69a378ec023eh                debug.warning(
bb5e3b2f129cc39517b925419c22f69a378ec023eh                    "UMUserPasswordResetOptionsModelImplxNumQuestions.", e);
bb5e3b2f129cc39517b925419c22f69a378ec023eh            }
bb5e3b2f129cc39517b925419c22f69a378ec023eh        }
bb5e3b2f129cc39517b925419c22f69a378ec023eh
bb5e3b2f129cc39517b925419c22f69a378ec023eh        return maxNum;
bb5e3b2f129cc39517b925419c22f69a378ec023eh    }
bb5e3b2f129cc39517b925419c22f69a378ec023eh
bb5e3b2f129cc39517b925419c22f69a378ec023eh
bb5e3b2f129cc39517b925419c22f69a378ec023eh    /**
bb5e3b2f129cc39517b925419c22f69a378ec023eh     * Modifies user's password reset option.
bb5e3b2f129cc39517b925419c22f69a378ec023eh     *
bb5e3b2f129cc39517b925419c22f69a378ec023eh     * @param questionAnswers List of
bb5e3b2f129cc39517b925419c22f69a378ec023eh     *        <code>UMUserPasswordResetOptionsData</code> objects.
bb5e3b2f129cc39517b925419c22f69a378ec023eh     * @param userId Universal ID of user.
bb5e3b2f129cc39517b925419c22f69a378ec023eh     * @param forceReset true to force reset.
bb5e3b2f129cc39517b925419c22f69a378ec023eh     * @throws AMConsoleException if password reset option cannot be modified.
bb5e3b2f129cc39517b925419c22f69a378ec023eh     */
bb5e3b2f129cc39517b925419c22f69a378ec023eh    public void modifyUserOption(
bb5e3b2f129cc39517b925419c22f69a378ec023eh        List questionAnswers,
bb5e3b2f129cc39517b925419c22f69a378ec023eh        String userId,
bb5e3b2f129cc39517b925419c22f69a378ec023eh        boolean forceReset
bb5e3b2f129cc39517b925419c22f69a378ec023eh    ) throws AMConsoleException {
bb5e3b2f129cc39517b925419c22f69a378ec023eh        Map mapData = new HashMap(4);
bb5e3b2f129cc39517b925419c22f69a378ec023eh        if (isLoggedInUser(userId)) {
0f1b305ee9e700c825d9e9ad1ea1e4311d212eb2Seth Goldberg            Set attribVals = formatOptionData(questionAnswers);
0f1b305ee9e700c825d9e9ad1ea1e4311d212eb2Seth Goldberg            mapData.put(PW_RESET_QUESTION_ANSWER, attribVals);
0f1b305ee9e700c825d9e9ad1ea1e4311d212eb2Seth Goldberg        }
0f1b305ee9e700c825d9e9ad1ea1e4311d212eb2Seth Goldberg
0f1b305ee9e700c825d9e9ad1ea1e4311d212eb2Seth Goldberg        if (isRealmAdmin()) {
0f1b305ee9e700c825d9e9ad1ea1e4311d212eb2Seth Goldberg            Set set = new HashSet(2);
bb5e3b2f129cc39517b925419c22f69a378ec023eh            set.add(String.valueOf(forceReset));
bb5e3b2f129cc39517b925419c22f69a378ec023eh            mapData.put(PW_RESET_FORCE_RESET, set);
bb5e3b2f129cc39517b925419c22f69a378ec023eh        }
bb5e3b2f129cc39517b925419c22f69a378ec023eh
0dc2366f7b9f9f36e10909b1e95edbf2a261c2acVenugopal Iyer        if (!mapData.isEmpty()) {
bb5e3b2f129cc39517b925419c22f69a378ec023eh            String[] params = {userId, PW_RESET_QUESTION_ANSWER};
bb5e3b2f129cc39517b925419c22f69a378ec023eh            logEvent("ATTEMPT_MODIFY_IDENTITY_ATTRIBUTE_VALUE", params);
bb5e3b2f129cc39517b925419c22f69a378ec023eh            try {
bb5e3b2f129cc39517b925419c22f69a378ec023eh                AMIdentity amid = IdUtils.getIdentity(
bb5e3b2f129cc39517b925419c22f69a378ec023eh                    getUserSSOToken(), userId);
bb5e3b2f129cc39517b925419c22f69a378ec023eh                amid.setAttributes(mapData);
bb5e3b2f129cc39517b925419c22f69a378ec023eh                amid.store();
0dc2366f7b9f9f36e10909b1e95edbf2a261c2acVenugopal Iyer                logEvent("SUCCEED_MODIFY_IDENTITY_ATTRIBUTE_VALUE", params);
7efa17f5f4c3cc113e1b0a1e86f43d4bf2ede8fafei feng - Sun Microsystems - Beijing China            } catch (SSOException e) {
7efa17f5f4c3cc113e1b0a1e86f43d4bf2ede8fafei feng - Sun Microsystems - Beijing China                String strError = getErrorString(e);
7efa17f5f4c3cc113e1b0a1e86f43d4bf2ede8fafei feng - Sun Microsystems - Beijing China                String[] paramsEx = {userId, PW_RESET_QUESTION_ANSWER,
7efa17f5f4c3cc113e1b0a1e86f43d4bf2ede8fafei feng - Sun Microsystems - Beijing China                    strError};
7efa17f5f4c3cc113e1b0a1e86f43d4bf2ede8fafei feng - Sun Microsystems - Beijing China                logEvent("SSO_EXCEPTION_MODIFY_IDENTITY_ATTRIBUTE_VALUE",
0dc2366f7b9f9f36e10909b1e95edbf2a261c2acVenugopal Iyer                    paramsEx);
0dc2366f7b9f9f36e10909b1e95edbf2a261c2acVenugopal Iyer                throw new AMConsoleException(strError);
bb5e3b2f129cc39517b925419c22f69a378ec023eh            } catch (IdRepoException e) {
bb5e3b2f129cc39517b925419c22f69a378ec023eh                String strError = getErrorString(e);
bb5e3b2f129cc39517b925419c22f69a378ec023eh                String[] paramsEx = {userId, PW_RESET_QUESTION_ANSWER,
bb5e3b2f129cc39517b925419c22f69a378ec023eh                    strError};
bb5e3b2f129cc39517b925419c22f69a378ec023eh                logEvent("IDM_EXCEPTION_MODIFY_IDENTITY_ATTRIBUTE_VALUE",
bb5e3b2f129cc39517b925419c22f69a378ec023eh                    paramsEx);
bb5e3b2f129cc39517b925419c22f69a378ec023eh                throw new AMConsoleException(strError);
bb5e3b2f129cc39517b925419c22f69a378ec023eh            }
bb5e3b2f129cc39517b925419c22f69a378ec023eh        }
bb5e3b2f129cc39517b925419c22f69a378ec023eh    }
bb5e3b2f129cc39517b925419c22f69a378ec023eh
bb5e3b2f129cc39517b925419c22f69a378ec023eh    /**
bb5e3b2f129cc39517b925419c22f69a378ec023eh     * Returns true if force reset is set.
bb5e3b2f129cc39517b925419c22f69a378ec023eh     *
bb5e3b2f129cc39517b925419c22f69a378ec023eh     * @param userId Universal ID of user.
bb5e3b2f129cc39517b925419c22f69a378ec023eh     * @return true if force reset is set.
bb5e3b2f129cc39517b925419c22f69a378ec023eh     */
bb5e3b2f129cc39517b925419c22f69a378ec023eh    public boolean isForceReset(String userId) {
bb5e3b2f129cc39517b925419c22f69a378ec023eh        boolean forcedReset = false;
bb5e3b2f129cc39517b925419c22f69a378ec023eh
bb5e3b2f129cc39517b925419c22f69a378ec023eh        try {
bb5e3b2f129cc39517b925419c22f69a378ec023eh            String[] params = {userId, PW_RESET_FORCE_RESET};
7efa17f5f4c3cc113e1b0a1e86f43d4bf2ede8fafei feng - Sun Microsystems - Beijing China            logEvent("ATTEMPT_READ_IDENTITY_ATTRIBUTE_VALUE", params);
bb5e3b2f129cc39517b925419c22f69a378ec023eh            AMIdentity amid = IdUtils.getIdentity(getUserSSOToken(), userId);
bb5e3b2f129cc39517b925419c22f69a378ec023eh            Set set = amid.getAttribute(PW_RESET_FORCE_RESET);
bb5e3b2f129cc39517b925419c22f69a378ec023eh            logEvent("SUCCEED_READ_IDENTITY_ATTRIBUTE_VALUE", params);
bb5e3b2f129cc39517b925419c22f69a378ec023eh
bb5e3b2f129cc39517b925419c22f69a378ec023eh            if ((set != null) && !set.isEmpty()) {
bb5e3b2f129cc39517b925419c22f69a378ec023eh                forcedReset = ((String)AMAdminUtils.getValue(set))
bb5e3b2f129cc39517b925419c22f69a378ec023eh                    .equalsIgnoreCase("true");
bb5e3b2f129cc39517b925419c22f69a378ec023eh            }
bb5e3b2f129cc39517b925419c22f69a378ec023eh        } catch (SSOException e) {
bb5e3b2f129cc39517b925419c22f69a378ec023eh            String[] paramsEx = {userId, PW_RESET_FORCE_RESET,
bb5e3b2f129cc39517b925419c22f69a378ec023eh                getErrorString(e)};
bb5e3b2f129cc39517b925419c22f69a378ec023eh            logEvent("SSO_EXCEPTION_READ_IDENTITY_ATTRIBUTE_VALUE", paramsEx);
bb5e3b2f129cc39517b925419c22f69a378ec023eh            debug.warning(
bb5e3b2f129cc39517b925419c22f69a378ec023eh                "UMUserPasswordResetOptionsModelImpl.isForceReset", e);
bb5e3b2f129cc39517b925419c22f69a378ec023eh        } catch (IdRepoException e) {
bb5e3b2f129cc39517b925419c22f69a378ec023eh            String[] paramsEx = {userId, PW_RESET_FORCE_RESET,
bb5e3b2f129cc39517b925419c22f69a378ec023eh                getErrorString(e)};
bb5e3b2f129cc39517b925419c22f69a378ec023eh            logEvent("IDM_EXCEPTION_READ_IDENTITY_ATTRIBUTE_VALUE", paramsEx);
bb5e3b2f129cc39517b925419c22f69a378ec023eh            debug.warning(
bb5e3b2f129cc39517b925419c22f69a378ec023eh                "UMUserPasswordResetOptionsModelImpl.isForceReset", e);
bb5e3b2f129cc39517b925419c22f69a378ec023eh        }
bb5e3b2f129cc39517b925419c22f69a378ec023eh
bb5e3b2f129cc39517b925419c22f69a378ec023eh        return forcedReset;
bb5e3b2f129cc39517b925419c22f69a378ec023eh    }
bb5e3b2f129cc39517b925419c22f69a378ec023eh
bb5e3b2f129cc39517b925419c22f69a378ec023eh
bb5e3b2f129cc39517b925419c22f69a378ec023eh    private Set formatOptionData(List questionAnswers)
bb5e3b2f129cc39517b925419c22f69a378ec023eh        throws AMConsoleException
bb5e3b2f129cc39517b925419c22f69a378ec023eh    {
bb5e3b2f129cc39517b925419c22f69a378ec023eh        Set attribVals = null;
bb5e3b2f129cc39517b925419c22f69a378ec023eh
bb5e3b2f129cc39517b925419c22f69a378ec023eh        /*
bb5e3b2f129cc39517b925419c22f69a378ec023eh         * If the question and answer map is empty then user has selected
bb5e3b2f129cc39517b925419c22f69a378ec023eh         * nothing or has unselected previous selected question. Stored
bb5e3b2f129cc39517b925419c22f69a378ec023eh         * empty string to overwrite previous data.
bb5e3b2f129cc39517b925419c22f69a378ec023eh         */
bb5e3b2f129cc39517b925419c22f69a378ec023eh        if ((questionAnswers == null) || questionAnswers.isEmpty()) {
bb5e3b2f129cc39517b925419c22f69a378ec023eh            attribVals = new HashSet(2);
bb5e3b2f129cc39517b925419c22f69a378ec023eh            attribVals.add("");
bb5e3b2f129cc39517b925419c22f69a378ec023eh        } else {
bb5e3b2f129cc39517b925419c22f69a378ec023eh            attribVals = new HashSet(questionAnswers.size() *2);
bb5e3b2f129cc39517b925419c22f69a378ec023eh
0f1b305ee9e700c825d9e9ad1ea1e4311d212eb2Seth Goldberg            // Data Format: question \t answer \t selection status
0f1b305ee9e700c825d9e9ad1ea1e4311d212eb2Seth Goldberg            for (Iterator iter = questionAnswers.iterator(); iter.hasNext(); ) {
0f1b305ee9e700c825d9e9ad1ea1e4311d212eb2Seth Goldberg                UMUserPasswordResetOptionsData data =
0f1b305ee9e700c825d9e9ad1ea1e4311d212eb2Seth Goldberg                    (UMUserPasswordResetOptionsData)iter.next();
0f1b305ee9e700c825d9e9ad1ea1e4311d212eb2Seth Goldberg                data.validate();
0f1b305ee9e700c825d9e9ad1ea1e4311d212eb2Seth Goldberg
0f1b305ee9e700c825d9e9ad1ea1e4311d212eb2Seth Goldberg                if (data != null) {
0f1b305ee9e700c825d9e9ad1ea1e4311d212eb2Seth Goldberg                    String str = data.getQuestion() + DELIMITER +
0f1b305ee9e700c825d9e9ad1ea1e4311d212eb2Seth Goldberg                        data.getAnswer() + DELIMITER +
0f1b305ee9e700c825d9e9ad1ea1e4311d212eb2Seth Goldberg                        data.getDataStatus();
0f1b305ee9e700c825d9e9ad1ea1e4311d212eb2Seth Goldberg                    String encryptStr = (String)AccessController.doPrivileged(
bb5e3b2f129cc39517b925419c22f69a378ec023eh                        new EncryptAction(str));
bb5e3b2f129cc39517b925419c22f69a378ec023eh                    attribVals.add(encryptStr);
bb5e3b2f129cc39517b925419c22f69a378ec023eh                }
bb5e3b2f129cc39517b925419c22f69a378ec023eh            }
bb5e3b2f129cc39517b925419c22f69a378ec023eh        }
bb5e3b2f129cc39517b925419c22f69a378ec023eh
bb5e3b2f129cc39517b925419c22f69a378ec023eh        return attribVals;
bb5e3b2f129cc39517b925419c22f69a378ec023eh    }
bb5e3b2f129cc39517b925419c22f69a378ec023eh
bb5e3b2f129cc39517b925419c22f69a378ec023eh    /**
bb5e3b2f129cc39517b925419c22f69a378ec023eh     * Returns user's answers for password reset questions.
bb5e3b2f129cc39517b925419c22f69a378ec023eh     *
bb5e3b2f129cc39517b925419c22f69a378ec023eh     * @param userId Universal ID of user.
bb5e3b2f129cc39517b925419c22f69a378ec023eh     * @return user's answers for password reset questions.
bb5e3b2f129cc39517b925419c22f69a378ec023eh     * @throws AMConsoleException if answers cannot be retrieved.
bb5e3b2f129cc39517b925419c22f69a378ec023eh     */
bb5e3b2f129cc39517b925419c22f69a378ec023eh    public List getUserAnswers(String userId)
bb5e3b2f129cc39517b925419c22f69a378ec023eh        throws AMConsoleException {
bb5e3b2f129cc39517b925419c22f69a378ec023eh        try {
bb5e3b2f129cc39517b925419c22f69a378ec023eh            String[] params = {userId, PW_RESET_QUESTION_ANSWER};
bb5e3b2f129cc39517b925419c22f69a378ec023eh            logEvent("ATTEMPT_READ_IDENTITY_ATTRIBUTE_VALUE", params);
bb5e3b2f129cc39517b925419c22f69a378ec023eh
bb5e3b2f129cc39517b925419c22f69a378ec023eh            AMIdentity amid = IdUtils.getIdentity(getUserSSOToken(), userId);
bb5e3b2f129cc39517b925419c22f69a378ec023eh            Set questions = amid.getAttribute(PW_RESET_QUESTION_ANSWER);
bb5e3b2f129cc39517b925419c22f69a378ec023eh            logEvent("SUCCEED_READ_IDENTITY_ATTRIBUTE_VALUE", params);
bb5e3b2f129cc39517b925419c22f69a378ec023eh            return getUserPasswordResetAnswers(amid, questions);
bb5e3b2f129cc39517b925419c22f69a378ec023eh        } catch (SSOException e) {
bb5e3b2f129cc39517b925419c22f69a378ec023eh            String strError = getErrorString(e);
bb5e3b2f129cc39517b925419c22f69a378ec023eh            String[] paramsEx = {userId, PW_RESET_QUESTION_ANSWER, strError};
bb5e3b2f129cc39517b925419c22f69a378ec023eh            logEvent("SSO_EXCEPTION_READ_IDENTITY_ATTRIBUTE_VALUE", paramsEx);
bb5e3b2f129cc39517b925419c22f69a378ec023eh            throw new AMConsoleException(strError);
bb5e3b2f129cc39517b925419c22f69a378ec023eh        } catch (IdRepoException e) {
bb5e3b2f129cc39517b925419c22f69a378ec023eh            String strError = getErrorString(e);
bb5e3b2f129cc39517b925419c22f69a378ec023eh            String[] paramsEx = {userId, PW_RESET_QUESTION_ANSWER, strError};
bb5e3b2f129cc39517b925419c22f69a378ec023eh            logEvent("IDM_EXCEPTION_READ_IDENTITY_ATTRIBUTE_VALUE", paramsEx);
bb5e3b2f129cc39517b925419c22f69a378ec023eh            throw new AMConsoleException(getErrorString(e));
bb5e3b2f129cc39517b925419c22f69a378ec023eh        }
bb5e3b2f129cc39517b925419c22f69a378ec023eh    }
bb5e3b2f129cc39517b925419c22f69a378ec023eh
bb5e3b2f129cc39517b925419c22f69a378ec023eh    private List getUserPasswordResetAnswers(AMIdentity amid, Set questions) {
bb5e3b2f129cc39517b925419c22f69a378ec023eh        List mapQuestionAnswer = new ArrayList();
bb5e3b2f129cc39517b925419c22f69a378ec023eh        String realmName = amid.getRealm();
bb5e3b2f129cc39517b925419c22f69a378ec023eh        boolean showUserQn = isUserQuestionEnabled(realmName);
bb5e3b2f129cc39517b925419c22f69a378ec023eh        UMUserPasswordResetOptionsData personalQn = null;
bb5e3b2f129cc39517b925419c22f69a378ec023eh        Map localizedQuestions = getQuestions(realmName);
bb5e3b2f129cc39517b925419c22f69a378ec023eh        if ((localizedQuestions == null) || localizedQuestions.isEmpty()) {
bb5e3b2f129cc39517b925419c22f69a378ec023eh            return mapQuestionAnswer;
bb5e3b2f129cc39517b925419c22f69a378ec023eh        }
bb5e3b2f129cc39517b925419c22f69a378ec023eh
bb5e3b2f129cc39517b925419c22f69a378ec023eh        Set selectedQns = new HashSet(localizedQuestions.size() *2);
bb5e3b2f129cc39517b925419c22f69a378ec023eh        Map userAnswers = parseUserQuestionAnswers(
bb5e3b2f129cc39517b925419c22f69a378ec023eh            questions, showUserQn, localizedQuestions);
bb5e3b2f129cc39517b925419c22f69a378ec023eh
bb5e3b2f129cc39517b925419c22f69a378ec023eh        for (Iterator i = localizedQuestions.keySet().iterator();
bb5e3b2f129cc39517b925419c22f69a378ec023eh            i.hasNext();
bb5e3b2f129cc39517b925419c22f69a378ec023eh        ) {
bb5e3b2f129cc39517b925419c22f69a378ec023eh            String qn = (String)i.next();
bb5e3b2f129cc39517b925419c22f69a378ec023eh            UMUserPasswordResetOptionsData data =
bb5e3b2f129cc39517b925419c22f69a378ec023eh                (UMUserPasswordResetOptionsData)userAnswers.get(qn);
bb5e3b2f129cc39517b925419c22f69a378ec023eh            if (data != null) {
bb5e3b2f129cc39517b925419c22f69a378ec023eh                mapQuestionAnswer.add(data);
bb5e3b2f129cc39517b925419c22f69a378ec023eh                selectedQns.add(qn);
bb5e3b2f129cc39517b925419c22f69a378ec023eh            } else {
bb5e3b2f129cc39517b925419c22f69a378ec023eh                mapQuestionAnswer.add(
bb5e3b2f129cc39517b925419c22f69a378ec023eh                    new UMUserPasswordResetOptionsData(qn,
bb5e3b2f129cc39517b925419c22f69a378ec023eh                        (String)localizedQuestions.get(qn),
bb5e3b2f129cc39517b925419c22f69a378ec023eh                        "", UMUserPasswordResetOptionsData.DEFAULT_OFF));
bb5e3b2f129cc39517b925419c22f69a378ec023eh            }
bb5e3b2f129cc39517b925419c22f69a378ec023eh        }
bb5e3b2f129cc39517b925419c22f69a378ec023eh
bb5e3b2f129cc39517b925419c22f69a378ec023eh        if (personalQn == null) {
bb5e3b2f129cc39517b925419c22f69a378ec023eh            personalQn = getPersonalQuestionAnswer(userAnswers);
bb5e3b2f129cc39517b925419c22f69a378ec023eh        }
bb5e3b2f129cc39517b925419c22f69a378ec023eh
bb5e3b2f129cc39517b925419c22f69a378ec023eh        if (showUserQn) {
bb5e3b2f129cc39517b925419c22f69a378ec023eh            if (personalQn == null) {
bb5e3b2f129cc39517b925419c22f69a378ec023eh                personalQn = new UMUserPasswordResetOptionsData("", "", "",
bb5e3b2f129cc39517b925419c22f69a378ec023eh                    UMUserPasswordResetOptionsData.PERSONAL_OFF);
bb5e3b2f129cc39517b925419c22f69a378ec023eh            }
bb5e3b2f129cc39517b925419c22f69a378ec023eh            mapQuestionAnswer.add(personalQn);
bb5e3b2f129cc39517b925419c22f69a378ec023eh        }
bb5e3b2f129cc39517b925419c22f69a378ec023eh
bb5e3b2f129cc39517b925419c22f69a378ec023eh        return mapQuestionAnswer;
bb5e3b2f129cc39517b925419c22f69a378ec023eh    }
bb5e3b2f129cc39517b925419c22f69a378ec023eh
bb5e3b2f129cc39517b925419c22f69a378ec023eh    private UMUserPasswordResetOptionsData getPersonalQuestionAnswer(
bb5e3b2f129cc39517b925419c22f69a378ec023eh        Map<String, UMUserPasswordResetOptionsData> userAnswers) {
bb5e3b2f129cc39517b925419c22f69a378ec023eh        for (UMUserPasswordResetOptionsData data : userAnswers.values()) {
bb5e3b2f129cc39517b925419c22f69a378ec023eh            if (data.isPersonalQuestion()) {
bb5e3b2f129cc39517b925419c22f69a378ec023eh                return data;
bb5e3b2f129cc39517b925419c22f69a378ec023eh            }
bb5e3b2f129cc39517b925419c22f69a378ec023eh        }
bb5e3b2f129cc39517b925419c22f69a378ec023eh        return null;
bb5e3b2f129cc39517b925419c22f69a378ec023eh    }
bb5e3b2f129cc39517b925419c22f69a378ec023eh
bb5e3b2f129cc39517b925419c22f69a378ec023eh    private Map parseUserQuestionAnswers(
bb5e3b2f129cc39517b925419c22f69a378ec023eh        Set questions,
bb5e3b2f129cc39517b925419c22f69a378ec023eh        boolean showUserQn,
bb5e3b2f129cc39517b925419c22f69a378ec023eh        Map localizedQuestions
bb5e3b2f129cc39517b925419c22f69a378ec023eh    ) {
bb5e3b2f129cc39517b925419c22f69a378ec023eh        Map map = new HashMap();
bb5e3b2f129cc39517b925419c22f69a378ec023eh        if ((questions != null) && !questions.isEmpty()) {
bb5e3b2f129cc39517b925419c22f69a378ec023eh            for (Iterator i = questions.iterator(); i.hasNext(); ) {
bb5e3b2f129cc39517b925419c22f69a378ec023eh                String value = (String)i.next();
bb5e3b2f129cc39517b925419c22f69a378ec023eh                String decryptStr = (String)AccessController.doPrivileged(
bb5e3b2f129cc39517b925419c22f69a378ec023eh                    new DecryptAction(value));
bb5e3b2f129cc39517b925419c22f69a378ec023eh                StringTokenizer st = new StringTokenizer(decryptStr, DELIMITER);
bb5e3b2f129cc39517b925419c22f69a378ec023eh                if (st.countTokens() == 3) {
bb5e3b2f129cc39517b925419c22f69a378ec023eh                    UMUserPasswordResetOptionsData data = getPwdResetOptionData(
bb5e3b2f129cc39517b925419c22f69a378ec023eh                        st, localizedQuestions, showUserQn);
bb5e3b2f129cc39517b925419c22f69a378ec023eh                    if (data != null) {
bb5e3b2f129cc39517b925419c22f69a378ec023eh                        map.put(data.getQuestion(), data);
bb5e3b2f129cc39517b925419c22f69a378ec023eh                    }
bb5e3b2f129cc39517b925419c22f69a378ec023eh                }
bb5e3b2f129cc39517b925419c22f69a378ec023eh            }
bb5e3b2f129cc39517b925419c22f69a378ec023eh        }
bb5e3b2f129cc39517b925419c22f69a378ec023eh        return map;
bb5e3b2f129cc39517b925419c22f69a378ec023eh    }
bb5e3b2f129cc39517b925419c22f69a378ec023eh
bb5e3b2f129cc39517b925419c22f69a378ec023eh    private UMUserPasswordResetOptionsData getPwdResetOptionData(
bb5e3b2f129cc39517b925419c22f69a378ec023eh        StringTokenizer st,
bb5e3b2f129cc39517b925419c22f69a378ec023eh        Map localizedQuestions,
bb5e3b2f129cc39517b925419c22f69a378ec023eh        boolean showUserQn
bb5e3b2f129cc39517b925419c22f69a378ec023eh    ) {
bb5e3b2f129cc39517b925419c22f69a378ec023eh        UMUserPasswordResetOptionsData optionsData = null;
bb5e3b2f129cc39517b925419c22f69a378ec023eh        String question = st.nextToken();
bb5e3b2f129cc39517b925419c22f69a378ec023eh        String answer = st.nextToken();
bb5e3b2f129cc39517b925419c22f69a378ec023eh        String dataStatus = st.nextToken();
bb5e3b2f129cc39517b925419c22f69a378ec023eh
bb5e3b2f129cc39517b925419c22f69a378ec023eh        try {
bb5e3b2f129cc39517b925419c22f69a378ec023eh            int status = Integer.parseInt(dataStatus);
bb5e3b2f129cc39517b925419c22f69a378ec023eh            String questionLocalizedName = null;
bb5e3b2f129cc39517b925419c22f69a378ec023eh
bb5e3b2f129cc39517b925419c22f69a378ec023eh            switch (status) {
bb5e3b2f129cc39517b925419c22f69a378ec023eh            case UMUserPasswordResetOptionsData.DEFAULT_ON:
bb5e3b2f129cc39517b925419c22f69a378ec023eh            case UMUserPasswordResetOptionsData.DEFAULT_OFF:
bb5e3b2f129cc39517b925419c22f69a378ec023eh                questionLocalizedName =
bb5e3b2f129cc39517b925419c22f69a378ec023eh                    (String)localizedQuestions.get(question);
bb5e3b2f129cc39517b925419c22f69a378ec023eh            }
bb5e3b2f129cc39517b925419c22f69a378ec023eh
bb5e3b2f129cc39517b925419c22f69a378ec023eh            if ((questionLocalizedName == null) && showUserQn) {
bb5e3b2f129cc39517b925419c22f69a378ec023eh                questionLocalizedName = question;
bb5e3b2f129cc39517b925419c22f69a378ec023eh            }
bb5e3b2f129cc39517b925419c22f69a378ec023eh
bb5e3b2f129cc39517b925419c22f69a378ec023eh            if (questionLocalizedName != null) {
bb5e3b2f129cc39517b925419c22f69a378ec023eh                optionsData = new UMUserPasswordResetOptionsData(question,
bb5e3b2f129cc39517b925419c22f69a378ec023eh                    questionLocalizedName, answer, status);
bb5e3b2f129cc39517b925419c22f69a378ec023eh            }
bb5e3b2f129cc39517b925419c22f69a378ec023eh        } catch (NumberFormatException e) {
bb5e3b2f129cc39517b925419c22f69a378ec023eh            if (debug.warningEnabled()) {
bb5e3b2f129cc39517b925419c22f69a378ec023eh                debug.warning("UMUserPasswordResetOptionsModelImpl." +
bb5e3b2f129cc39517b925419c22f69a378ec023eh                    "getUserPasswordResetAnswers: " + dataStatus, e);
bb5e3b2f129cc39517b925419c22f69a378ec023eh            }
bb5e3b2f129cc39517b925419c22f69a378ec023eh        }
bb5e3b2f129cc39517b925419c22f69a378ec023eh
bb5e3b2f129cc39517b925419c22f69a378ec023eh        return optionsData;
bb5e3b2f129cc39517b925419c22f69a378ec023eh    }
bb5e3b2f129cc39517b925419c22f69a378ec023eh
bb5e3b2f129cc39517b925419c22f69a378ec023eh    private Set getAttributeValues(
922d2c76afbee21520ffa2088c4e60dcb80d3945eh        String realmName,
bb5e3b2f129cc39517b925419c22f69a378ec023eh        String attributeName,
bb5e3b2f129cc39517b925419c22f69a378ec023eh        String serviceName
bb5e3b2f129cc39517b925419c22f69a378ec023eh    ) {
bb5e3b2f129cc39517b925419c22f69a378ec023eh        Set values = null;
bb5e3b2f129cc39517b925419c22f69a378ec023eh
bb5e3b2f129cc39517b925419c22f69a378ec023eh        try {
bb5e3b2f129cc39517b925419c22f69a378ec023eh            String[] params = {realmName, serviceName, attributeName};
bb5e3b2f129cc39517b925419c22f69a378ec023eh            logEvent("ATTEMPT_GET_ATTR_VALUE_OF_SERVICE_UNDER_REALM",
bb5e3b2f129cc39517b925419c22f69a378ec023eh                params);
bb5e3b2f129cc39517b925419c22f69a378ec023eh            OrganizationConfigManager orgMgr = getOrganizationConfigManager(
bb5e3b2f129cc39517b925419c22f69a378ec023eh                realmName);
bb5e3b2f129cc39517b925419c22f69a378ec023eh            Map map = orgMgr.getServiceAttributes(serviceName);
bb5e3b2f129cc39517b925419c22f69a378ec023eh            values = (Set)map.get(attributeName);
bb5e3b2f129cc39517b925419c22f69a378ec023eh            logEvent("SUCCEED_GET_ATTR_VALUE_OF_SERVICE_UNDER_REALM", params);
bb5e3b2f129cc39517b925419c22f69a378ec023eh        } catch (SMSException e) {
bb5e3b2f129cc39517b925419c22f69a378ec023eh            String strError = getErrorString(e);
bb5e3b2f129cc39517b925419c22f69a378ec023eh            String[] paramsEx = {realmName, serviceName, attributeName,
bb5e3b2f129cc39517b925419c22f69a378ec023eh                strError};
bb5e3b2f129cc39517b925419c22f69a378ec023eh            logEvent("SMS_EXCEPTION_GET_ATTR_VALUE_OF_SERVICE_UNDER_REALM",
bb5e3b2f129cc39517b925419c22f69a378ec023eh                paramsEx);
bb5e3b2f129cc39517b925419c22f69a378ec023eh            //fall back to global defaults.
bb5e3b2f129cc39517b925419c22f69a378ec023eh            values = getGlobalAttributeValues(attributeName, serviceName);
bb5e3b2f129cc39517b925419c22f69a378ec023eh        }
bb5e3b2f129cc39517b925419c22f69a378ec023eh
bb5e3b2f129cc39517b925419c22f69a378ec023eh        return (values == null) ? Collections.EMPTY_SET : values;
bb5e3b2f129cc39517b925419c22f69a378ec023eh    }
bb5e3b2f129cc39517b925419c22f69a378ec023eh
bb5e3b2f129cc39517b925419c22f69a378ec023eh    private Set getGlobalAttributeValues(
bb5e3b2f129cc39517b925419c22f69a378ec023eh        String attributeName,
bb5e3b2f129cc39517b925419c22f69a378ec023eh        String serviceName
bb5e3b2f129cc39517b925419c22f69a378ec023eh    ) {
bb5e3b2f129cc39517b925419c22f69a378ec023eh        Set values = null;
bb5e3b2f129cc39517b925419c22f69a378ec023eh
bb5e3b2f129cc39517b925419c22f69a378ec023eh        try {
bb5e3b2f129cc39517b925419c22f69a378ec023eh            String[] params = {serviceName, SchemaType.GLOBAL.getType(),
bb5e3b2f129cc39517b925419c22f69a378ec023eh                attributeName};
bb5e3b2f129cc39517b925419c22f69a378ec023eh            logEvent("ATTEMPT_GET_ATTR_VALUE_SCHEMA_TYPE", params);
bb5e3b2f129cc39517b925419c22f69a378ec023eh            ServiceSchemaManager mgr = new ServiceSchemaManager(
bb5e3b2f129cc39517b925419c22f69a378ec023eh                serviceName, getUserSSOToken());
bb5e3b2f129cc39517b925419c22f69a378ec023eh            values = AMAdminUtils.getAttribute(
bb5e3b2f129cc39517b925419c22f69a378ec023eh                mgr, SchemaType.GLOBAL, attributeName);
bb5e3b2f129cc39517b925419c22f69a378ec023eh            logEvent("SUCCEED_GET_ATTR_VALUE_SCHEMA_TYPE", params);
bb5e3b2f129cc39517b925419c22f69a378ec023eh        } catch (SSOException e) {
bb5e3b2f129cc39517b925419c22f69a378ec023eh            String strError = getErrorString(e);
bb5e3b2f129cc39517b925419c22f69a378ec023eh            String[] paramsEx = {serviceName, SchemaType.GLOBAL.getType(),
bb5e3b2f129cc39517b925419c22f69a378ec023eh                attributeName, strError};
bb5e3b2f129cc39517b925419c22f69a378ec023eh            logEvent("SSO_EXCEPTION_GET_ATTR_VALUE_SCHEMA_TYPE", paramsEx);
bb5e3b2f129cc39517b925419c22f69a378ec023eh            debug.error(
bb5e3b2f129cc39517b925419c22f69a378ec023eh                "UMUserPasswordResetOptionsModelImpl.getGlobalAttributeValues",
bb5e3b2f129cc39517b925419c22f69a378ec023eh                e);
bb5e3b2f129cc39517b925419c22f69a378ec023eh        } catch (SMSException e) {
bb5e3b2f129cc39517b925419c22f69a378ec023eh            String strError = getErrorString(e);
bb5e3b2f129cc39517b925419c22f69a378ec023eh            String[] paramsEx = {serviceName, SchemaType.GLOBAL.getType(),
bb5e3b2f129cc39517b925419c22f69a378ec023eh                attributeName, strError};
bb5e3b2f129cc39517b925419c22f69a378ec023eh            logEvent("SMS_EXCEPTION_GET_ATTR_VALUE_SCHEMA_TYPE", paramsEx);
bb5e3b2f129cc39517b925419c22f69a378ec023eh            debug.error(
bb5e3b2f129cc39517b925419c22f69a378ec023eh                "UMUserPasswordResetOptionsModelImpl.getGlobalAttributeValues",
bb5e3b2f129cc39517b925419c22f69a378ec023eh                e);
bb5e3b2f129cc39517b925419c22f69a378ec023eh        }
bb5e3b2f129cc39517b925419c22f69a378ec023eh
bb5e3b2f129cc39517b925419c22f69a378ec023eh        return (values == null) ? Collections.EMPTY_SET : values;
bb5e3b2f129cc39517b925419c22f69a378ec023eh    }
bb5e3b2f129cc39517b925419c22f69a378ec023eh
bb5e3b2f129cc39517b925419c22f69a378ec023eh    private OrganizationConfigManager getOrganizationConfigManager(
bb5e3b2f129cc39517b925419c22f69a378ec023eh        String realmName) {
bb5e3b2f129cc39517b925419c22f69a378ec023eh        if (orgCfgMgr == null) {
bb5e3b2f129cc39517b925419c22f69a378ec023eh            try {
bb5e3b2f129cc39517b925419c22f69a378ec023eh                orgCfgMgr = new OrganizationConfigManager(
bb5e3b2f129cc39517b925419c22f69a378ec023eh                    adminSSOToken, realmName);
bb5e3b2f129cc39517b925419c22f69a378ec023eh            } catch (SMSException e) {
bb5e3b2f129cc39517b925419c22f69a378ec023eh                debug.error(
bb5e3b2f129cc39517b925419c22f69a378ec023eh            "UMUserPasswordResetOptionsModelImpl.getOrganizationConfigManager",
bb5e3b2f129cc39517b925419c22f69a378ec023eh                e);
bb5e3b2f129cc39517b925419c22f69a378ec023eh            }
bb5e3b2f129cc39517b925419c22f69a378ec023eh        }
bb5e3b2f129cc39517b925419c22f69a378ec023eh        return orgCfgMgr;
bb5e3b2f129cc39517b925419c22f69a378ec023eh    }
bb5e3b2f129cc39517b925419c22f69a378ec023eh
bb5e3b2f129cc39517b925419c22f69a378ec023eh    /**
bb5e3b2f129cc39517b925419c22f69a378ec023eh     * Returns true if <code>userId</code> is the same as the logged in user.
bb5e3b2f129cc39517b925419c22f69a378ec023eh     *
bb5e3b2f129cc39517b925419c22f69a378ec023eh     * @param userId Universal ID of user.
bb5e3b2f129cc39517b925419c22f69a378ec023eh     * @return true if <code>userId</code> is the same as the logged in user.
bb5e3b2f129cc39517b925419c22f69a378ec023eh     */
bb5e3b2f129cc39517b925419c22f69a378ec023eh    public boolean isLoggedInUser(String userId) {
bb5e3b2f129cc39517b925419c22f69a378ec023eh        return userId.equals(getUserName());
bb5e3b2f129cc39517b925419c22f69a378ec023eh    }
bb5e3b2f129cc39517b925419c22f69a378ec023eh
bb5e3b2f129cc39517b925419c22f69a378ec023eh    /**
bb5e3b2f129cc39517b925419c22f69a378ec023eh     * Returns <code>true</code> if current user is an realm administrator.
bb5e3b2f129cc39517b925419c22f69a378ec023eh     *
bb5e3b2f129cc39517b925419c22f69a378ec023eh     * @return <code>true</code> if current user is an realm administrator.
bb5e3b2f129cc39517b925419c22f69a378ec023eh     */
0f1b305ee9e700c825d9e9ad1ea1e4311d212eb2Seth Goldberg    public boolean isRealmAdmin() {
0f1b305ee9e700c825d9e9ad1ea1e4311d212eb2Seth Goldberg        SSOToken token = getUserSSOToken();
0f1b305ee9e700c825d9e9ad1ea1e4311d212eb2Seth Goldberg        try {
0f1b305ee9e700c825d9e9ad1ea1e4311d212eb2Seth Goldberg            Set actionNames = new HashSet();
0f1b305ee9e700c825d9e9ad1ea1e4311d212eb2Seth Goldberg            actionNames.add("MODIFY");
0f1b305ee9e700c825d9e9ad1ea1e4311d212eb2Seth Goldberg            DelegationEvaluator de = new DelegationEvaluatorImpl();
bb5e3b2f129cc39517b925419c22f69a378ec023eh            DelegationPermission permission =
0f1b305ee9e700c825d9e9ad1ea1e4311d212eb2Seth Goldberg                    new DelegationPermission(token.getProperty(
bb5e3b2f129cc39517b925419c22f69a378ec023eh                    Constants.ORGANIZATION), "sunAMRealmService",
bb5e3b2f129cc39517b925419c22f69a378ec023eh                    "1.0", "organization", "default", actionNames, null);
bb5e3b2f129cc39517b925419c22f69a378ec023eh            return de.isAllowed(token, permission, null);
bb5e3b2f129cc39517b925419c22f69a378ec023eh        } catch (SSOException e) {
bb5e3b2f129cc39517b925419c22f69a378ec023eh            debug.warning("UserPasswordResetOptionsModelImpl.isRealmAdmin", e);
bb5e3b2f129cc39517b925419c22f69a378ec023eh        } catch (DelegationException e) {
bb5e3b2f129cc39517b925419c22f69a378ec023eh            debug.warning("UserPasswordResetOptionsModelImpl.isRealmAdmin", e);
bb5e3b2f129cc39517b925419c22f69a378ec023eh        }
bb5e3b2f129cc39517b925419c22f69a378ec023eh        return false;
bb5e3b2f129cc39517b925419c22f69a378ec023eh    }
bb5e3b2f129cc39517b925419c22f69a378ec023eh}
bb5e3b2f129cc39517b925419c22f69a378ec023eh