IdentityServicesImpl.java revision 27121b5c17e206894afd6d337a5d7fc6e4e8bb27
/**
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
*
* Copyright (c) 2007 Sun Microsystems Inc. All Rights Reserved
*
* The contents of this file are subject to the terms
* of the Common Development and Distribution License
* (the License). You may not use this file except in
* compliance with the License.
*
* You can obtain a copy of the License at
* See the License for the specific language governing
* permission and limitations under the License.
*
* When distributing Covered Code, include this CDDL
* Header Notice in each file and include the License file
* at opensso/legal/CDDLv1.0.txt.
* If applicable, add the following below the CDDL Header,
* with the fields enclosed by brackets [] replaced by
* your own identifying information:
* "Portions Copyrighted [year] [name of copyright owner]"
*
* $Id: IdentityServicesImpl.java,v 1.20 2010/01/06 19:11:17 veiming Exp $
*
* Portions Copyrighted 2010-2015 ForgeRock AS.
*/
/**
* Web Service to provide security based on authentication and authorization support.
*/
private final ExceptionMappingHandler<IdRepoException, IdServicesException> idServicesErrorHandler =
/**
* Creates a new {@code AMIdentity} in the identity repository with the
* details specified in {@code identity}.
*
* @param identity The identity details.
* @param admin The admin token.
* @throws ResourceException If a problem occurs.
*/
// Obtain identity details & verify
// TODO: add a message to the exception
throw new BadRequestException("Identity name not provided");
}
idType = "user";
}
realm = "/";
}
try {
// Obtain IdRepo to create validate IdType & operations
// TODO: add message to exception
}
// Obtain creation attributes
// Create the identity, special case of Agents to merge
// and validate the attributes
if (isTypeAgent(objectIdType)) {
} else {
// Create other identites like User, Group, Role, etc.
// Process roles, groups & memberships
// TODO: localize message
+ " Operation: EDIT");
}
}
}
}
// TODO: localize message
+ " Operation: EDIT");
}
}
}
}
}
throw new ForbiddenException("Token is not authorized");
}
throw new ForbiddenException("Token is not authorized");
}
}
}
amIdentity.store();
}
}
}
} catch (IdRepoDuplicateObjectException ex) {
} catch (IdRepoException e) {
throw new ForbiddenException(e.getMessage());
} else {
throw new NotFoundException(e.getMessage());
}
throw new NotFoundException(e.getMessage());
} catch (ObjectNotFound e) {
throw new NotFoundException(e.getMessage());
}
}
/**
* Updates an {@code AMIdentity} in the identity repository with the
* details specified in {@code identity}.
*
* @param identity The updated identity details.
* @param admin The admin token.
* @throws ResourceException If a problem occurs.
*/
// TODO: add a message to the exception
throw new BadRequestException("");
}
idType="user";
}
realm = "";
}
try {
// TODO: add message to exception
throw new ForbiddenException("");
}
if (amIdentity == null) {
throw new NotFoundException(msg);
}
if (isSpecialUser(amIdentity)) {
throw new ForbiddenException("Cannot update attributes for this user.");
}
// attribute to add or modify
} else {
// attribute to remove
}
}
boolean storeNeeded = false;
storeNeeded = true;
}
if (!removeAttrs.isEmpty()) {
storeNeeded = true;
}
if (storeNeeded) {
amIdentity.store();
}
}
}
}
}
}
}
} catch (IdRepoException ex) {
} catch (SSOException ex) {
} catch (ObjectNotFound e) {
throw new NotFoundException(e.getMessage());
}
}
/**
* Deletes an {@code AMIdentity} from the identity repository that match
* the details specified in {@code identity}.
*
* @param identity The identity to delete.
* @param admin The admin token.
* @throws ResourceException If a problem occurs.
*/
throw new BadRequestException("delete failed: identity object not specified.");
}
throw new NotFoundException("delete failed: null object name.");
}
realm = "/";
}
try {
if (amIdentity != null) {
if (isSpecialUser(amIdentity)) {
throw new ForbiddenException("Cannot delete user.");
}
// First remove users from memberships
try {
} catch (IdRepoException ex) {
//ignore this, member maybe already removed.
}
}
}
} else {
throw new NotFoundException(msg);
}
} catch (IdRepoException ex) {
} catch (SSOException ex) {
} catch (ObjectNotFound e) {
throw new NotFoundException(e.getMessage());
}
}
/**
* Searches the identity repository to find all {@code AMIdentity}s that
* match the provided search criteria.
*
* @param filter The search filter.
* @param searchModifiers The search attributes.
* @param admin The admin token.
* @return A {@code List} of identity names.
* @throws ResourceException If a problem occurs.
*/
throws ResourceException {
try {
if (searchModifiers != null) {
}
filter = "*";
}
}
}
}
} else {
}
} catch (IdRepoException e) {
throw new InternalServerErrorException(e.getMessage());
} catch (SSOException e) {
throw new InternalServerErrorException(e.getMessage());
} catch (ObjectNotFound e) {
throw new NotFoundException(e.getMessage());
}
return rv;
}
} else {
}
}
public LogResponse log(Token app, Token subject, String logName, String message) throws AccessDenied, TokenExpired,
throw new AccessDenied("No logging application token specified");
}
try {
//TODO Support internationalization via a resource bundle specification
} catch (AMLogException e) {
throw new GeneralFailure(e.getMessage());
}
return new LogResponse();
}
public UserDetails attributes(String[] attributeNames, Token subject, Boolean refresh) throws TokenExpired,
}
}
private UserDetails attributes(List<String> attributeNames, Token subject, Boolean refresh) throws TokenExpired,
try {
}
if (attributeNames != null) {
s = new HashSet<>();
} else {
s.add(propertyNext);
}
}
if (!s.isEmpty()) {
}
}
}
// Obtain user memberships (roles and groups)
if (isSpecialUser(userIdentity)) {
throw new AccessDenied(
"Cannot retrieve attributes for this user.");
}
// Determine the types that can have members
}
}
// Determine the roles and groups
try {
}
} catch (IdRepoException ire) {
// Ignore and continue
}
}
if (attributeNames != null) {
} else {
}
if (userAttributes != null) {
} else {
}
}
} else {
}
// Convert the set to a List of String
}
}
}
}
} catch (IdRepoException e) {
throw new GeneralFailure(e.getMessage());
} catch (SSOException e) {
throw new GeneralFailure(e.getMessage());
}
catch (TokenExpired e) {
throw new TokenExpired("Cannot retrieve Token.");
}
//TODO handle token translation
return details;
}
public IdentityDetails read(String name, Attribute[] attributes, Token admin) throws IdServicesException {
throw new ObjectNotFound(name);
}
}
}
private IdentityDetails read(String name, List<Attribute> attributes, SSOToken admin) throws IdServicesException {
}
throws IdServicesException {
if (attributes != null) {
}
}
} else {
if (attrsToGet == null) {
attrsToGet = new ArrayList<>();
}
}
}
}
repoRealm = "/";
} else {
}
identityType = "User";
}
try {
if (amIdentity == null) {
throw new ObjectNotFound(name);
}
if (isSpecialUser(amIdentity)) {
throw new AccessDenied("Cannot retrieve attributes for this user.");
}
// use the realm specified by the request
}
} catch (IdRepoException e) {
} catch (SSOException e) {
throw new GeneralFailure(e.getMessage());
}
return rv;
}
}
if (lbCookieName == null) {
} else {
}
return cookies;
}
}
/**
* To be backward compatible, look for 'AgentType' attribute
* in the attribute map which is passed as a parameter and if
* and then assume that it is '2.2_Agent' type to create
* that agent under the 2.2_Agent node.
**/
private void createAgent(Map<String, Set<String>> idAttrs, IdType objectIdType, String idType, String idName,
} else {
}
}
}
if (agentType.equals(AgentConfiguration.AGENT_TYPE_WEB) || agentType.equals(AgentConfiguration.AGENT_TYPE_J2EE)) {
throw new MalformedURLException("Agent type requires agenturl to be configured.");
throw new MalformedURLException("Agent type requires serverurl to be configured.");
}
}
} else {
}
} else {
} else {
AgentConfiguration.createAgentGroup(adminToken, realm, idName, agentType, idAttrs, serverUrl, agentUrl);
}
}
}
}
try {
return results.getSearchResults();
} catch (IdRepoException | SSOException e) {
}
return Collections.emptySet();
}
}
}
return identities;
}
/**
* Maps a IdRepoException to appropriate exception.
*
* @param exception IdRepoException that needs to be mapped
* @return boolean true if the identity object was deleted.
* @throws NeedMoreCredentials when more credentials are required for
* authorization.
* @throws ObjectNotFound if no subject is found that matches the input criteria.
* @throws TokenExpired when subject's token has expired.
* @throws AccessDenied when permission to preform action is denied
* @throws GeneralFailure on other errors.
*/
}
realm = "/";
}
}
try {
} catch (IdRepoException ioe) {
// Ignore exception
}
return null;
}
private List<String> getNames(String realm, IdType idType, List<AMIdentity> objList) throws SSOException,
}
}
}
}
return names;
}
private boolean isOperationSupported(AMIdentityRepository repo, IdType idType, IdOperation operation) {
try {
}
// Ignore
}
return false;
}
private Set<AMIdentity> getMembers(AMIdentity amIdentity, IdType type) throws IdRepoException, SSOException {
}
private Set<String> getMemberNames(AMIdentity amIdentity, IdType type) throws IdRepoException, SSOException {
}
}
return rv;
}
AMIdentityRepository repo, Map searchModifiers) throws IdRepoException, ObjectNotFound, SSOException {
if (fetchAllAttrs) {
} else {
searchControl.setAllReturnAttributes(false);
}
if (searchModifiers != null) {
}
} else {
// A list is expected back
/*
* TODO: throw an exception instead of returning an empty list
*/
identities = new ArrayList<>();
}
return identities;
}
private AMIdentity fetchAMIdentity(AMIdentityRepository repo, IdType type, String identity, boolean fetchAllAttrs)
}
return rv;
}
private AMIdentity getAMIdentity(SSOToken ssoToken, AMIdentityRepository repo, String guid, IdType idType)
throws IdRepoException, SSOException {
try {
} else {
}
} catch (IdRepoException ex) {
// If it is error code 215, ignore the error as this indicates
// an invalid uid.
throw ex;
}
}
}
return null;
}
} else {
return defaultValue;
}
}
}
private AMIdentity getAMIdentity(SSOToken ssoToken, AMIdentityRepository repo, String objectType, String id)
if (objectType != null) {
}
// First assume id is a universal id
// Not found through id lookup, try name lookup
}
}
return rv;
}
} else {
// TODO: Add message to exception
throw new ForbiddenException("");
}
}
}
} else {
// TODO: Add message to exception
throw new ForbiddenException("");
}
}
}
private void deleteAMIdentity(AMIdentityRepository repo, AMIdentity amIdentity) throws IdRepoException,
}
} else {
// TODO: add message to exception
throw new ForbiddenException("");
}
}
private void setMembers(AMIdentityRepository repo, AMIdentity amIdentity, Set<String> members, IdType idType)
}
if (membershipsToRemove != null) {
}
}
}
if (membershipsToAdd != null) {
}
}
}
}
private void setMemberships(AMIdentityRepository repo, AMIdentity amIdentity, Set<String> memberships,
}
if (membershipsToRemove != null) {
}
}
if (membershipsToAdd != null) {
}
}
}
return new HashSet<>();
} else {
}
if (s != null) {
}
}
}
return result;
}
}
try {
} catch (IdRepoException ex) {
// This can be thrown if the identity is not a member
// in any object of idType.
return new HashSet<>(0);
}
}
}
return rv;
}
throws IdRepoException, SSOException {
if (amIdentity != null) {
boolean addUniversalId = false;
rv = new IdentityDetails();
}
}
}
}
}
}
}
}
addUniversalId = true;
} else {
}
}
}
} else {
addUniversalId = true;
}
if (addUniversalId) {
}
}
}
}
return rv;
}
try {
throw new TokenExpired("Token is NULL");
}
} catch (SSOException ex) {
// throw TokenExpired exception
}
}
if (attributes != null) {
}
}
return map;
}
if (attributes == null) {
return new HashMap<>();
}
}
return new HashSet<>();
}
}
if (attributes != null) {
attributesArray.add(new Attribute(attribute.getKey(), attribute.getValue().toArray(new String[0])));
}
}
}
}