a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Copyright (c) 2006 Sun Microsystems Inc. All Rights Reserved
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * The contents of this file are subject to the terms
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * of the Common Development and Distribution License
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * (the License). You may not use this file except in
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * compliance with the License.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * You can obtain a copy of the License at
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * https://opensso.dev.java.net/public/CDDLv1.0.html or
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * See the License for the specific language governing
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * permission and limitations under the License.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * When distributing Covered Code, include this CDDL
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Header Notice in each file and include the License file
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * If applicable, add the following below the CDDL Header,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * with the fields enclosed by brackets [] replaced by
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * your own identifying information:
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * "Portions Copyrighted [year] [name of copyright owner]"
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * $Id: PersonalProfile.java,v 1.2 2008/06/25 05:47:14 qcheng Exp $
9e34f70f789dbd049eed2b273ca9b7d2cd26fd51cweng * Portions Copyrighted 2014-2016 ForgeRock AS.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.liberty.ws.dst.DSTQueryItem;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.liberty.ws.dst.DSTModification;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.liberty.ws.idpp.common.*;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.liberty.ws.idpp.container.*;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.liberty.ws.idpp.plugin.*;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.liberty.ws.interfaces.Authorizer;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.liberty.ws.interfaces.ResourceIDMapper;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.liberty.ws.dst.DSTConstants;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.plugin.session.SessionException;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.plugin.session.SessionManager;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * This class <code>PersonalProfile</code> is an implementation of
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * <code>LibertyDataService</code>. The default implementation of Personal
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Profile leverages the XPATH technology for the queries. Inorder to make
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * sense for the XPath expressions, the user profile needs to be in XML blob.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * The current approach is to parse the select expression, build a container
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * level XML blob instead of the entire user profile.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * A WSC credential may not have enough priveleges to write or read the
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * user profile data since the policy evaluation is driven through Webservices
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * POLICY component rather than through ACI driven. So, currently, we use
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * admin token for both queries and updates, but the authorization check
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * will be done for a WSC credential.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster private static IDPPServiceManager serviceManager = null;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster serviceManager = IDPPServiceManager.getInstance();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster IDPPUtils.debug.error("PersonalProfile:Initialization failed", ex);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Default constructor for personal profile.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster IDPPUtils.debug.message("PersonalProfile:Init");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Queries for the data for a specific resourceID.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param credential credentials of the requesting WSC.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param dstQueryItems list of DSTQueryItems.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param request query DOM request.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param interactedData map for interacted data. This map will have the
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * key as the PP DS attribute, and the value as
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * it's value.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return Map map of processed query items and the correspoding list
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * of results.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @exception IDPPException.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster IDPPUtils.debug.message("PersonalProfile: query init");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster IDPPUtils.debug.error("PersonalProfile:queryData: null input");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster IDPPUtils.bundle.getString("nullInputParams"));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // validate the credentials of requesting WSC.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster boolean sessionValid = false;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster sessionValid = SessionManager.getProvider().isValid(credential);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster IDPPUtils.debug.error("PersonalProfile:queryData:Invalid WSC"+
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throw new IDPPException(IDPPUtils.bundle.getString(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "invalidWSCCredentials"));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster IDPPUtils.debug.message("PersonalProfile: queryData:userDN" +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "is null for a given resourceID.");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throw new IDPPException(IDPPUtils.bundle.getString("noResourceID"));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster IDPPUtils.debug.message("PersonalProfile:queryData: userDN=" +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // Get the User data from DS for all the given query items.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster IDPPUtils.debug.error("PersonalProfile:queryData:Error while"+
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster IDPPUtils.debug.message("PersonalProfile:queryData:no data:" +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "for the requested pp attributes.");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throw new IDPPException(IDPPUtils.bundle.getString("noData"));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if(interactedData != null && !interactedData.isEmpty()) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster IDPPUtils.debug.message("PersonalProfile.queryData(): " +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster " Contents of Interaction Map " +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster userMap = updateUserDataMap(userMap, interactedData);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster IDPPUtils.debug.message("PersonalProfile:queryData:requested Data "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster //Process each DSTQueryItem, apply Xpath.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String ppContainer = getContainerFromSelect(queryExpression);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster IDPPUtils.debug.message("PersonalProfile:queryData: Container"+
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster IDPPContainer container = getIDPPContainer(ppContainer, userDN);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster xmlContainer = container.toXMLDocument(userMap);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster IDPPUtils.debug.error("PersonalProfile:queryData:Error while"+
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "converting container to an XML document.", ie);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster IDPPUtils.debug.message("PersonalProfile:queryData: Container"+
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "xml doc:" + XMLUtils.print(xmlContainer.getDocumentElement()));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster Element element = request.getDocumentElement();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster serviceManager.getPPExtensionPrefix(), IDPPConstants.PP_EXT_XML_NS);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster queryExpression = replacePrefix(queryExpression);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster IDPPUtils.debug.message("PersonalProfile:queryData: query" +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "expression before applying Xpath:" + queryExpression);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster result = (NodeList)XPathAPI.selectNodeList(xmlContainer,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster IDPPUtils.debug.error("PersonalProfile.queryData:Invalid " +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if((result == null) || (result.getLength() == 0)) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster IDPPUtils.debug.message("PersonalProfile.queryData:null result");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster queryResults.add(IDPPUtils.getUnmarshaller().unmarshal(n));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster IDPPUtils.debug.error("PersonalProfile:queryData:JAXB" +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Replaces senders prefix with idpp prefix that's configured
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * in the service.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param String select.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return returns select string with configured idpp prefix.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster IDPPUtils.debug.message("PersonalProfile:replacePrefix:" +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if(select == null || select.indexOf(SLASH) == -1) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster IDPPUtils.debug.error("PersonalProfile:replacePrefix:" +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "Invalid expression.");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster StringTokenizer st = new StringTokenizer(select, SLASH);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if(i != -1) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster temp.indexOf(IDPPConstants.PP_EXTENSION_ELEMENT) != -1){
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster .append(serviceManager.getPPExtensionPrefix());
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster sb.append(SLASH).append(serviceManager.getIDPPPrefix());
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * This method parses the select expression and returns the
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * context of second level container queries.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * For e.g. a query expression is /idpp:IDPP/idpp:CommonName/CN, then
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * this will return <CommonName> as a string so that the xml
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * blob can be constructed and XPath can be applied on top of it.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster private String getContainerFromSelect(String selectExpression) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster IDPPUtils.debug.message("PersonalProfile:getContainerFromSel:"
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + "Init: selectexpression: " + selectExpression);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster StringTokenizer st = new StringTokenizer(selectExpression, SLASH);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster IDPPUtils.debug.message("PersonalProfile:getContainerFrom "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + "Invalid select expression.");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // Ignore the first token
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster //Look for the xml qualifiers
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (i != -1) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster //Look for the name space qualifiers
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if( i != -1) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster container = container.substring(i+1, container.length());
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * This method builds the XML blob for a specific container
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * to apply the XPath on it.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param ppContainer PP container
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param userDN User DN.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return DOM object of container values.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster IDPPUtils.debug.message("PersonalProfile:getIDPPContainer:" +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster Map containerClasses = serviceManager.getContainerClasses();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if(containerClasses.containsKey(ppContainer)) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster container = (IDPPContainer)containerClasses.get(ppContainer);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster int containerType = IDPPUtils.getIDPPElementType(ppContainer);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster case IDPPConstants.LEGAL_IDENTITY_ELEMENT_INT :
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster case IDPPConstants.EMPLOYMENT_IDENTITY_ELEMENT_INT :
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster case IDPPConstants.EMERGENCY_CONTACT_ELEMENT_INT:
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster IDPPUtils.debug.error("PersonalProfile:getIDPPContainer:" +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "Invalid container type");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Gets the user data for given list of DST Query items.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param String userDN.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param List list of DSTQueryItems.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return Map of user attribute value pairs.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @throws IDPPException.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster private Map getUserData(String userDN, List dstQueryItems)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster IDPPUtils.bundle.getString("nullInputParams"));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // Get all the required user attributes from all query items.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String ppContainer = getContainerFromSelect(queryExpression);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster IDPPUtils.debug.message("PersonalProfile:getUserData: Container"+
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster IDPPContainer container = getIDPPContainer(ppContainer, userDN);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster Set attrs = container.getContainerAttributes();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster Map tmpMap = IDPPUtils.getUserAttributes(userDN,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster IDPPUtils.debug.error("PersonalProfile.getUserData::"
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster IDPPUtils.debug.message("PersonalProfile:getUserData: Attributes"+
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // use admin token to get all the user attributes.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster Map tmpMap = IDPPUtils.getUserAttributes(userDN, querySet);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster IDPPUtils.debug.error("PersonalProfile.getUserData::"
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Processes modify request and update new data.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param credential credential of a WSC.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param resourceID resource id string
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param dstModifications list of DSTModification objects.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param interactedData map for interacted data. This map will have the
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * key as the PP DS attribute, and the value as
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * it's value.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param request a Document object
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return true if successful in modifying the data.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @exception IDPPException.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster dstModifications == null || dstModifications.isEmpty()) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster //request is not being used in the case of modify, there for
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // the interface purposes.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster IDPPUtils.debug.error("PersonalProfile:modifyData:null input");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster IDPPUtils.bundle.getString("nullInputParamters"));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster boolean sessionValid = false;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster sessionValid = SessionManager.getProvider().isValid(credential);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster IDPPUtils.debug.error("PersonalProfile:modifyData:Invalid WSC"+
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throw new IDPPException(IDPPUtils.bundle.getString(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "invalidWSCCredentials"));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster IDPPUtils.debug.message("PersonalProfile: modifyData:userDN" +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "is null for a given resourceID.");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throw new IDPPException(IDPPUtils.bundle.getString("noResourceID"));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster IDPPUtils.debug.message("PersonalProfile:modifyData:userDN ="+
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // Modifiable user map.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster DSTModification modification = (DSTModification)iter.next();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster boolean override = modification.isOverrideAllowed();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster List dataObject = modification.getNewDataValue();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String containerContext = getContainerFromSelect(select);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster IDPPUtils.debug.message("PersonalProfile:modifyData:" +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "The given select expression is not in supported containers");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return false;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (!override && IDPPUtils.checkForUserAttributes(userDN,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster container.getContainerAttributesForSelect(select))) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster IDPPUtils.debug.message("PersonalProfile:modifyData:" +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "override set to false and data Already exists.");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return false;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster Map map = container.getDataMapForSelect(select, dataObject);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if(interactedData != null && !interactedData.isEmpty()) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster modifyMap = updateUserDataMap(modifyMap, interactedData);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster IDPPUtils.debug.error("PersonalProfile:modifyData: error while"
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return false;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (binaryAttributeMap != null && !binaryAttributeMap.isEmpty()) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster IDPPUtils.setUserAttributes(userDN, binaryAttributeMap);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster IDPPUtils.debug.error("PersonalProfile:modifyMap:Error while" +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return false;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster IDPPUtils.debug.message("PersonalProfile:modifyData:map is null");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return true;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return false;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster IDPPUtils.debug.message("PersonalProfile:modifyData:data " +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster IDPPUtils.setUserAttributes(userDN, modifyMap);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return true;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster IDPPUtils.debug.error("PersonalProfile:modifyMap:Error while" +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return false;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Checks if the select data is supported by the PP service.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param select Select expression.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return true if supported.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public boolean isSelectDataSupported(String select) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster IDPPUtils.debug.message("PersonalProfile:isSelectDataSupported:Init");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String container = getContainerFromSelect(select);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster IDPPUtils.debug.message("PersonalProfile.isSelectDataSupported: " +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster Set supportedContainers = serviceManager.getSupportedContainers();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if(container == null || supportedContainers == null ||
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return false;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return true;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return false;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Checks if the resource id is valid.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param resourceID resource id.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return true if the resource id is valid.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public boolean isResourceIDValid(String resourceID) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster IDPPUtils.debug.message("PersonalProfile:isResourceIDValid:Init");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster ResourceIDMapper resourceIDMapper= serviceManager.getResourceIDMapper();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster IDPPUtils.debug.warning("PersonalProfile.isResourceIDValid." +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "unable to get resoureid mapper");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return false;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster IDPPUtils.debug.message("PersonalProfile.isResourceIDValid."
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Gets Authorization map for the list of select expressions.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param credential credential object.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param action request action query or modify
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param select resource being accessed
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param env Environment map that the policy could use
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return Authorization decision action.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public String getAuthZAction(Object credential,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster IDPPUtils.debug.message("PersonalProfile.getAuthorizationMap:Init");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if(credential == null || action == null || select == null) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster IDPPUtils.debug.error("PersonalProfile.getAuthZAction:null vals");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster IDPPUtils.bundle.getString("nullInputParams"));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if(action.equals(DSTConstants.MODIFY_ACTION) &&
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster !serviceManager.isModifyPolicyEvalRequired()) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster Authorizer authorizer = serviceManager.getAuthorizer();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return (String)authorizer.getAuthorizationDecision(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster IDPPUtils.debug.error("PersonalProfile.getAuthZAction:" +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "Exception while getting authorization info");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Gets the user dn for a specified resource id.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param resourceID resource id
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return String userDN.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster IDPPUtils.debug.message("PersonalProfile:getUserDN:Init");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster ResourceIDMapper resourceIDMapper =serviceManager.getResourceIDMapper();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Updates the user data map with interacted data map
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param userMap extracted or to be modified data map
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param interactedData Interacted data map
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return Map updated user data map
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster private Map updateUserDataMap(Map userMap, Map interactedData) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if(interactedData == null || userMap == null ||
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster interactedData.isEmpty() || userMap.isEmpty()) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster IDPPUtils.debug.message("PersonalProfile.updateUserDataMap:"+
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "Interacted data or the user data map is empty");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster Iterator iter = interactedData.keySet().iterator();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster IDPPUtils.debug.message("PersonalProfile.updateUserDataMap"+
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster ":Interacted key " + key + " isnotPart of the query");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String attrValue = (String)interactedData.get(key);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster private void addToMapWithLowerCaseKey(Map dstMap, Map srcMap) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (dstMap == null || srcMap == null || srcMap.isEmpty()) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster for(Iterator iter = srcMap.keySet().iterator(); iter.hasNext();) {