UMUserPasswordResetOptionsModelImpl.java revision ba07e74da87b2caf40d3397e50523632daeb4cac
0dc2366f7b9f9f36e10909b1e95edbf2a261c2acVenugopal Iyer * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
bb5e3b2f129cc39517b925419c22f69a378ec023eh * Copyright (c) 2007 Sun Microsystems Inc. All Rights Reserved
bb5e3b2f129cc39517b925419c22f69a378ec023eh * The contents of this file are subject to the terms
bb5e3b2f129cc39517b925419c22f69a378ec023eh * of the Common Development and Distribution License
bb5e3b2f129cc39517b925419c22f69a378ec023eh * (the License). You may not use this file except in
bb5e3b2f129cc39517b925419c22f69a378ec023eh * compliance with the License.
bb5e3b2f129cc39517b925419c22f69a378ec023eh * You can obtain a copy of the License at
bb5e3b2f129cc39517b925419c22f69a378ec023eh * See the License for the specific language governing
bb5e3b2f129cc39517b925419c22f69a378ec023eh * permission and limitations under the License.
bb5e3b2f129cc39517b925419c22f69a378ec023eh * When distributing Covered Code, include this CDDL
bb5e3b2f129cc39517b925419c22f69a378ec023eh * Header Notice in each file and include the License file
bb5e3b2f129cc39517b925419c22f69a378ec023eh * If applicable, add the following below the CDDL Header,
bb5e3b2f129cc39517b925419c22f69a378ec023eh * with the fields enclosed by brackets [] replaced by
bb5e3b2f129cc39517b925419c22f69a378ec023eh * your own identifying information:
bb5e3b2f129cc39517b925419c22f69a378ec023eh * "Portions Copyrighted [year] [name of copyright owner]"
bb5e3b2f129cc39517b925419c22f69a378ec023eh * $Id: UMUserPasswordResetOptionsModelImpl.java,v 1.5 2010/01/27 18:21:37 veiming Exp $
bb5e3b2f129cc39517b925419c22f69a378ec023ehimport com.sun.identity.console.base.model.AMAdminConstants;
bb5e3b2f129cc39517b925419c22f69a378ec023ehimport com.sun.identity.console.base.model.AMConsoleException;
bb5e3b2f129cc39517b925419c22f69a378ec023ehimport com.sun.identity.delegation.DelegationEvaluatorImpl;
bb5e3b2f129cc39517b925419c22f69a378ec023eh/* - LOG COMPLETE - */
bb5e3b2f129cc39517b925419c22f69a378ec023eh // do nothing
bb5e3b2f129cc39517b925419c22f69a378ec023eh * Returns a map of question to its localized name.
bb5e3b2f129cc39517b925419c22f69a378ec023eh * @param realmName Name of realm.
bb5e3b2f129cc39517b925419c22f69a378ec023eh * @return a map of question to its localized name.
bb5e3b2f129cc39517b925419c22f69a378ec023eh realmName, PW_RESET_QUESTION, AMAdminConstants.PW_RESET_SERVICE);
bb5e3b2f129cc39517b925419c22f69a378ec023eh for (Iterator iter = questions.iterator(); iter.hasNext(); ) {
bb5e3b2f129cc39517b925419c22f69a378ec023eh "there were no questions defined for this user");
bb5e3b2f129cc39517b925419c22f69a378ec023eh * Returns true if user personal question/answer feature is enabled.
bb5e3b2f129cc39517b925419c22f69a378ec023eh * @param realmName Name of realm.
bb5e3b2f129cc39517b925419c22f69a378ec023eh * @return true if user personal question/answer feature is enabled.
bb5e3b2f129cc39517b925419c22f69a378ec023eh return ((String)AMAdminUtils.getValue(values)).equalsIgnoreCase("true");
bb5e3b2f129cc39517b925419c22f69a378ec023eh * Returns the maximum number of question that can be display in
bb5e3b2f129cc39517b925419c22f69a378ec023eh * the reset password page.
bb5e3b2f129cc39517b925419c22f69a378ec023eh * @return maximum number of question which can be in reset password page
7efa17f5f4c3cc113e1b0a1e86f43d4bf2ede8fafei feng - Sun Microsystems - Beijing China Set set = getAttributeValues(realmName,
7efa17f5f4c3cc113e1b0a1e86f43d4bf2ede8fafei feng - Sun Microsystems - Beijing China PW_RESET_MAX_NUM_OF_QUESTIONS, AMAdminConstants.PW_RESET_SERVICE);
0dc2366f7b9f9f36e10909b1e95edbf2a261c2acVenugopal Iyer String value = (String)set.iterator().next();
bb5e3b2f129cc39517b925419c22f69a378ec023eh "UMUserPasswordResetOptionsModelImplxNumQuestions.", e);
bb5e3b2f129cc39517b925419c22f69a378ec023eh * Modifies user's password reset option.
bb5e3b2f129cc39517b925419c22f69a378ec023eh * @param questionAnswers List of
bb5e3b2f129cc39517b925419c22f69a378ec023eh * <code>UMUserPasswordResetOptionsData</code> objects.
bb5e3b2f129cc39517b925419c22f69a378ec023eh * @param userId Universal ID of user.
bb5e3b2f129cc39517b925419c22f69a378ec023eh * @param forceReset true to force reset.
bb5e3b2f129cc39517b925419c22f69a378ec023eh * @throws AMConsoleException if password reset option cannot be modified.
0f1b305ee9e700c825d9e9ad1ea1e4311d212eb2Seth Goldberg Set attribVals = formatOptionData(questionAnswers);
0f1b305ee9e700c825d9e9ad1ea1e4311d212eb2Seth Goldberg mapData.put(PW_RESET_QUESTION_ANSWER, attribVals);
bb5e3b2f129cc39517b925419c22f69a378ec023eh logEvent("ATTEMPT_MODIFY_IDENTITY_ATTRIBUTE_VALUE", params);
0dc2366f7b9f9f36e10909b1e95edbf2a261c2acVenugopal Iyer logEvent("SUCCEED_MODIFY_IDENTITY_ATTRIBUTE_VALUE", params);
7efa17f5f4c3cc113e1b0a1e86f43d4bf2ede8fafei feng - Sun Microsystems - Beijing China } catch (SSOException e) {
7efa17f5f4c3cc113e1b0a1e86f43d4bf2ede8fafei feng - Sun Microsystems - Beijing China String strError = getErrorString(e);
7efa17f5f4c3cc113e1b0a1e86f43d4bf2ede8fafei feng - Sun Microsystems - Beijing China String[] paramsEx = {userId, PW_RESET_QUESTION_ANSWER,
7efa17f5f4c3cc113e1b0a1e86f43d4bf2ede8fafei feng - Sun Microsystems - Beijing China logEvent("SSO_EXCEPTION_MODIFY_IDENTITY_ATTRIBUTE_VALUE",
bb5e3b2f129cc39517b925419c22f69a378ec023eh } catch (IdRepoException e) {
bb5e3b2f129cc39517b925419c22f69a378ec023eh logEvent("IDM_EXCEPTION_MODIFY_IDENTITY_ATTRIBUTE_VALUE",
bb5e3b2f129cc39517b925419c22f69a378ec023eh * Returns true if force reset is set.
bb5e3b2f129cc39517b925419c22f69a378ec023eh * @param userId Universal ID of user.
bb5e3b2f129cc39517b925419c22f69a378ec023eh * @return true if force reset is set.
bb5e3b2f129cc39517b925419c22f69a378ec023eh boolean forcedReset = false;
7efa17f5f4c3cc113e1b0a1e86f43d4bf2ede8fafei feng - Sun Microsystems - Beijing China logEvent("ATTEMPT_READ_IDENTITY_ATTRIBUTE_VALUE", params);
bb5e3b2f129cc39517b925419c22f69a378ec023eh AMIdentity amid = IdUtils.getIdentity(getUserSSOToken(), userId);
bb5e3b2f129cc39517b925419c22f69a378ec023eh logEvent("SUCCEED_READ_IDENTITY_ATTRIBUTE_VALUE", params);
bb5e3b2f129cc39517b925419c22f69a378ec023eh } catch (SSOException e) {
bb5e3b2f129cc39517b925419c22f69a378ec023eh logEvent("SSO_EXCEPTION_READ_IDENTITY_ATTRIBUTE_VALUE", paramsEx);
bb5e3b2f129cc39517b925419c22f69a378ec023eh "UMUserPasswordResetOptionsModelImpl.isForceReset", e);
bb5e3b2f129cc39517b925419c22f69a378ec023eh } catch (IdRepoException e) {
bb5e3b2f129cc39517b925419c22f69a378ec023eh logEvent("IDM_EXCEPTION_READ_IDENTITY_ATTRIBUTE_VALUE", paramsEx);
bb5e3b2f129cc39517b925419c22f69a378ec023eh "UMUserPasswordResetOptionsModelImpl.isForceReset", e);
bb5e3b2f129cc39517b925419c22f69a378ec023eh * If the question and answer map is empty then user has selected
bb5e3b2f129cc39517b925419c22f69a378ec023eh * nothing or has unselected previous selected question. Stored
bb5e3b2f129cc39517b925419c22f69a378ec023eh * empty string to overwrite previous data.
bb5e3b2f129cc39517b925419c22f69a378ec023eh if ((questionAnswers == null) || questionAnswers.isEmpty()) {
0f1b305ee9e700c825d9e9ad1ea1e4311d212eb2Seth Goldberg // Data Format: question \t answer \t selection status
0f1b305ee9e700c825d9e9ad1ea1e4311d212eb2Seth Goldberg for (Iterator iter = questionAnswers.iterator(); iter.hasNext(); ) {
0f1b305ee9e700c825d9e9ad1ea1e4311d212eb2Seth Goldberg String encryptStr = (String)AccessController.doPrivileged(
bb5e3b2f129cc39517b925419c22f69a378ec023eh * Returns user's answers for password reset questions.
bb5e3b2f129cc39517b925419c22f69a378ec023eh * @param userId Universal ID of user.
bb5e3b2f129cc39517b925419c22f69a378ec023eh * @return user's answers for password reset questions.
bb5e3b2f129cc39517b925419c22f69a378ec023eh * @throws AMConsoleException if answers cannot be retrieved.
bb5e3b2f129cc39517b925419c22f69a378ec023eh logEvent("ATTEMPT_READ_IDENTITY_ATTRIBUTE_VALUE", params);
bb5e3b2f129cc39517b925419c22f69a378ec023eh AMIdentity amid = IdUtils.getIdentity(getUserSSOToken(), userId);
bb5e3b2f129cc39517b925419c22f69a378ec023eh Set questions = amid.getAttribute(PW_RESET_QUESTION_ANSWER);
bb5e3b2f129cc39517b925419c22f69a378ec023eh logEvent("SUCCEED_READ_IDENTITY_ATTRIBUTE_VALUE", params);
bb5e3b2f129cc39517b925419c22f69a378ec023eh } catch (SSOException e) {
bb5e3b2f129cc39517b925419c22f69a378ec023eh String[] paramsEx = {userId, PW_RESET_QUESTION_ANSWER, strError};
bb5e3b2f129cc39517b925419c22f69a378ec023eh logEvent("SSO_EXCEPTION_READ_IDENTITY_ATTRIBUTE_VALUE", paramsEx);
bb5e3b2f129cc39517b925419c22f69a378ec023eh } catch (IdRepoException e) {
bb5e3b2f129cc39517b925419c22f69a378ec023eh String[] paramsEx = {userId, PW_RESET_QUESTION_ANSWER, strError};
bb5e3b2f129cc39517b925419c22f69a378ec023eh logEvent("IDM_EXCEPTION_READ_IDENTITY_ATTRIBUTE_VALUE", paramsEx);
bb5e3b2f129cc39517b925419c22f69a378ec023eh private List getUserPasswordResetAnswers(AMIdentity amid, Set questions) {
bb5e3b2f129cc39517b925419c22f69a378ec023eh if ((localizedQuestions == null) || localizedQuestions.isEmpty()) {
bb5e3b2f129cc39517b925419c22f69a378ec023eh Set selectedQns = new HashSet(localizedQuestions.size() *2);
bb5e3b2f129cc39517b925419c22f69a378ec023eh for (Iterator i = localizedQuestions.keySet().iterator();
bb5e3b2f129cc39517b925419c22f69a378ec023eh personalQn = new UMUserPasswordResetOptionsData("", "", "",
bb5e3b2f129cc39517b925419c22f69a378ec023eh private UMUserPasswordResetOptionsData getPersonalQuestionAnswer(
bb5e3b2f129cc39517b925419c22f69a378ec023eh Map<String, UMUserPasswordResetOptionsData> userAnswers) {
bb5e3b2f129cc39517b925419c22f69a378ec023eh for (UMUserPasswordResetOptionsData data : userAnswers.values()) {
bb5e3b2f129cc39517b925419c22f69a378ec023eh String decryptStr = (String)AccessController.doPrivileged(
bb5e3b2f129cc39517b925419c22f69a378ec023eh StringTokenizer st = new StringTokenizer(decryptStr, DELIMITER);
bb5e3b2f129cc39517b925419c22f69a378ec023eh UMUserPasswordResetOptionsData data = getPwdResetOptionData(
bb5e3b2f129cc39517b925419c22f69a378ec023eh private UMUserPasswordResetOptionsData getPwdResetOptionData(
bb5e3b2f129cc39517b925419c22f69a378ec023eh switch (status) {
bb5e3b2f129cc39517b925419c22f69a378ec023eh optionsData = new UMUserPasswordResetOptionsData(question,
bb5e3b2f129cc39517b925419c22f69a378ec023eh String[] params = {realmName, serviceName, attributeName};
bb5e3b2f129cc39517b925419c22f69a378ec023eh logEvent("ATTEMPT_GET_ATTR_VALUE_OF_SERVICE_UNDER_REALM",
bb5e3b2f129cc39517b925419c22f69a378ec023eh OrganizationConfigManager orgMgr = getOrganizationConfigManager(
bb5e3b2f129cc39517b925419c22f69a378ec023eh logEvent("SUCCEED_GET_ATTR_VALUE_OF_SERVICE_UNDER_REALM", params);
bb5e3b2f129cc39517b925419c22f69a378ec023eh } catch (SMSException e) {
bb5e3b2f129cc39517b925419c22f69a378ec023eh String[] paramsEx = {realmName, serviceName, attributeName,
bb5e3b2f129cc39517b925419c22f69a378ec023eh logEvent("SMS_EXCEPTION_GET_ATTR_VALUE_OF_SERVICE_UNDER_REALM",
bb5e3b2f129cc39517b925419c22f69a378ec023eh //fall back to global defaults.
bb5e3b2f129cc39517b925419c22f69a378ec023eh values = getGlobalAttributeValues(attributeName, serviceName);
bb5e3b2f129cc39517b925419c22f69a378ec023eh return (values == null) ? Collections.EMPTY_SET : values;
bb5e3b2f129cc39517b925419c22f69a378ec023eh String[] params = {serviceName, SchemaType.GLOBAL.getType(),
bb5e3b2f129cc39517b925419c22f69a378ec023eh } catch (SSOException e) {
bb5e3b2f129cc39517b925419c22f69a378ec023eh String[] paramsEx = {serviceName, SchemaType.GLOBAL.getType(),
bb5e3b2f129cc39517b925419c22f69a378ec023eh logEvent("SSO_EXCEPTION_GET_ATTR_VALUE_SCHEMA_TYPE", paramsEx);
bb5e3b2f129cc39517b925419c22f69a378ec023eh "UMUserPasswordResetOptionsModelImpl.getGlobalAttributeValues",
bb5e3b2f129cc39517b925419c22f69a378ec023eh } catch (SMSException e) {
bb5e3b2f129cc39517b925419c22f69a378ec023eh String[] paramsEx = {serviceName, SchemaType.GLOBAL.getType(),
bb5e3b2f129cc39517b925419c22f69a378ec023eh logEvent("SMS_EXCEPTION_GET_ATTR_VALUE_SCHEMA_TYPE", paramsEx);
bb5e3b2f129cc39517b925419c22f69a378ec023eh "UMUserPasswordResetOptionsModelImpl.getGlobalAttributeValues",
bb5e3b2f129cc39517b925419c22f69a378ec023eh return (values == null) ? Collections.EMPTY_SET : values;
bb5e3b2f129cc39517b925419c22f69a378ec023eh private OrganizationConfigManager getOrganizationConfigManager(
bb5e3b2f129cc39517b925419c22f69a378ec023eh } catch (SMSException e) {
bb5e3b2f129cc39517b925419c22f69a378ec023eh "UMUserPasswordResetOptionsModelImpl.getOrganizationConfigManager",
bb5e3b2f129cc39517b925419c22f69a378ec023eh * Returns true if <code>userId</code> is the same as the logged in user.
bb5e3b2f129cc39517b925419c22f69a378ec023eh * @param userId Universal ID of user.
bb5e3b2f129cc39517b925419c22f69a378ec023eh * @return true if <code>userId</code> is the same as the logged in user.
bb5e3b2f129cc39517b925419c22f69a378ec023eh * Returns <code>true</code> if current user is an realm administrator.
bb5e3b2f129cc39517b925419c22f69a378ec023eh * @return <code>true</code> if current user is an realm administrator.
0f1b305ee9e700c825d9e9ad1ea1e4311d212eb2Seth Goldberg public boolean isRealmAdmin() {
0f1b305ee9e700c825d9e9ad1ea1e4311d212eb2Seth Goldberg DelegationEvaluator de = new DelegationEvaluatorImpl();
bb5e3b2f129cc39517b925419c22f69a378ec023eh } catch (SSOException e) {
bb5e3b2f129cc39517b925419c22f69a378ec023eh debug.warning("UserPasswordResetOptionsModelImpl.isRealmAdmin", e);
bb5e3b2f129cc39517b925419c22f69a378ec023eh debug.warning("UserPasswordResetOptionsModelImpl.isRealmAdmin", e);
bb5e3b2f129cc39517b925419c22f69a378ec023eh return false;