PersonalProfile.java revision 9e34f70f789dbd049eed2b273ca9b7d2cd26fd51
/**
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
*
* Copyright (c) 2006 Sun Microsystems Inc. All Rights Reserved
*
* The contents of this file are subject to the terms
* of the Common Development and Distribution License
* (the License). You may not use this file except in
* compliance with the License.
*
* You can obtain a copy of the License at
* See the License for the specific language governing
* permission and limitations under the License.
*
* When distributing Covered Code, include this CDDL
* Header Notice in each file and include the License file
* at opensso/legal/CDDLv1.0.txt.
* If applicable, add the following below the CDDL Header,
* with the fields enclosed by brackets [] replaced by
* your own identifying information:
* "Portions Copyrighted [year] [name of copyright owner]"
*
* $Id: PersonalProfile.java,v 1.2 2008/06/25 05:47:14 qcheng Exp $
*
* Portions Copyrighted 2014-2016 ForgeRock AS.
*/
/**
* This class <code>PersonalProfile</code> is an implementation of
* <code>LibertyDataService</code>. The default implementation of Personal
* Profile leverages the XPATH technology for the queries. Inorder to make
* sense for the XPath expressions, the user profile needs to be in XML blob.
* The current approach is to parse the select expression, build a container
* level XML blob instead of the entire user profile.
* A WSC credential may not have enough priveleges to write or read the
* user profile data since the policy evaluation is driven through Webservices
* POLICY component rather than through ACI driven. So, currently, we use
* admin token for both queries and updates, but the authorization check
* will be done for a WSC credential.
*/
public class PersonalProfile {
static {
try {
}
}
/**
* Default constructor for personal profile.
*/
public PersonalProfile() {
}
/**
* Queries for the data for a specific resourceID.
* @param credential credentials of the requesting WSC.
* @param dstQueryItems list of DSTQueryItems.
* @param request query DOM request.
* @param interactedData map for interacted data. This map will have the
* key as the PP DS attribute, and the value as
* it's value.
* @return Map map of processed query items and the correspoding list
* of results.
* @exception IDPPException.
*/
throws IDPPException {
throw new IDPPException(
}
// validate the credentials of requesting WSC.
boolean sessionValid = false;
try {
} catch (SessionException se) {
"credentials", se);
}
if (!sessionValid) {
"invalidWSCCredentials"));
}
"is null for a given resourceID.");
}
}
userDN);
}
// Get the User data from DS for all the given query items.
try {
} catch(IDPPException ie) {
"retrieving user data.", ie);
throw new IDPPException(ie);
}
"for the requested pp attributes.");
}
}
" Contents of Interaction Map " +
}
}
+ userMap);
}
//Process each DSTQueryItem, apply Xpath.
"processing:" + ppContainer);
}
if(ppContainer == null) {
continue;
}
continue;
}
try {
} catch (IDPPException ie) {
"converting container to an XML document.", ie);
throw new IDPPException(ie);
}
}
"expression before applying Xpath:" + queryExpression);
}
try {
"expression.", ex);
continue;
}
continue;
}
try {
} catch (JAXBException je) {
"Error while unmarshalling the results.", je);
continue;
}
}
}
return results;
}
/**
* Replaces senders prefix with idpp prefix that's configured
* in the service.
* @param String select.
* @return returns select string with configured idpp prefix.
*/
"Select =" + select);
}
"Invalid expression.");
return select;
}
while(st.hasMoreTokens()) {
if(i != -1) {
}
}
}
}
/**
* This method parses the select expression and returns the
* context of second level container queries.
* For e.g. a query expression is /idpp:IDPP/idpp:CommonName/CN, then
* this will return <CommonName> as a string so that the xml
* blob can be constructed and XPath can be applied on top of it.
*/
+ "Init: selectexpression: " + selectExpression);
}
+ "Invalid select expression.");
}
return selectExpression;
}
return IDPPConstants.IDPP_ELEMENT;
}
// Ignore the first token
//Look for the xml qualifiers
if (i != -1) {
}
return selectExpression;
}
//Look for the name space qualifiers
if( i != -1) {
}
return container;
}
/**
* This method builds the XML blob for a specific container
* to apply the XPath on it.
* @param ppContainer PP container
* @param userDN User DN.
* @return DOM object of container values.
*/
private IDPPContainer getIDPPContainer(
"Init: ContainerType: " + ppContainer);
}
if(ppContainer == null) {
return null;
}
return container;
}
switch(containerType) {
case IDPPConstants.IDPP_ELEMENT_INT :
break;
container = new IDPPCommonName();
break;
container = new IDPPInformalName();
break;
container = new IDPPLegalIdentity();
break;
container = new IDPPEmploymentIdentity();
break;
container = new IDPPSignKey();
break;
container = new IDPPEncryptKey();
break;
container = new IDPPExtensionContainer();
break;
container = new IDPPAddressCard();
break;
container = new IDPPMsgContact();
break;
case IDPPConstants.FACADE_ELEMENT_INT :
container = new IDPPFacade();
break;
container = new IDPPDemographics();
break;
container = new IDPPEmergencyContact();
break;
default:
"Invalid container type");
break;
}
return container;
}
/**
* Gets the user data for given list of DST Query items.
* @param String userDN.
* @param List list of DSTQueryItems.
* @return Map of user attribute value pairs.
* @throws IDPPException.
*/
throws IDPPException {
throw new IDPPException(
}
// Get all the required user attributes from all query items.
"processing:" + ppContainer);
}
if(ppContainer != null) {
if(container.hasBinaryAttributes()) {
try {
attrs);
+ " Error in retrieving the data", ex);
throw new IDPPException(ex);
}
continue;
}
}
}
}
}
" to be retrieved." + querySet);
}
// use admin token to get all the user attributes.
try {
+ " Error in retrieving the data", ex);
throw new IDPPException (ex);
}
}
return userMap;
}
/**
* Processes modify request and update new data.
* @param credential credential of a WSC.
* @param resourceID resource id string
* @param dstModifications list of DSTModification objects.
* @param interactedData map for interacted data. This map will have the
* key as the PP DS attribute, and the value as
* it's value.
* @param request a Document object
* @return true if successful in modifying the data.
* @exception IDPPException.
*/
throws IDPPException {
//request is not being used in the case of modify, there for
// the interface purposes.
throw new IDPPException(
}
boolean sessionValid = false;
try {
} catch (SessionException se) {
"credentials", se);
}
if (!sessionValid) {
"invalidWSCCredentials"));
}
"is null for a given resourceID.");
}
}
userDN);
}
// Modifiable user map.
"The given select expression is not in supported containers");
}
return false;
}
try {
"override set to false and data Already exists.");
}
return false;
}
if(container.hasBinaryAttributes()) {
continue;
}
}
}
} catch (IDPPException ie) {
+ "converting the data into a data map.", ie);
return false;
}
}
try {
"modifying the user data.", ie);
return false;
}
}
if(!binaryAttributeMap.isEmpty()) {
return true;
} else {
return false;
}
}
"to be modified" + modifyMap);
}
try {
return true;
"modifying the user data.", ie);
return false;
}
}
/**
* Checks if the select data is supported by the PP service.
* @param select Select expression.
* @return true if supported.
*/
if(index != -1) {
}
" Accessing container = " + container);
}
return false;
}
return true;
}
return false;
}
/**
* Checks if the resource id is valid.
* @param resourceID resource id.
* @return true if the resource id is valid.
*/
if(resourceIDMapper == null) {
"unable to get resoureid mapper");
}
return false;
}
+ userID);
}
}
/**
* Gets Authorization map for the list of select expressions.
* @param credential credential object.
* @param action request action query or modify
* @param select resource being accessed
* @param env Environment map that the policy could use
* @return Authorization decision action.
*/
throws IDPPException {
throw new IDPPException(
}
return IDPPConstants.AUTHZ_ALLOW;
}
return IDPPConstants.AUTHZ_ALLOW;
}
try {
} catch (Exception e) {
"Exception while getting authorization info");
throw new IDPPException(e);
}
}
/**
* Gets the user dn for a specified resource id.
* @param resourceID resource id
* @return String userDN.
*/
if(resourceIDMapper == null) {
return null;
}
return resourceIDMapper.getUserID(
}
/**
* Updates the user data map with interacted data map
* @param userMap extracted or to be modified data map
* @param interactedData Interacted data map
* @return Map updated user data map
*/
"Interacted data or the user data map is empty");
}
return userMap;
}
}
continue;
}
}
return userMap;
}
return;
}
}
}
}