/**
* Returns true if the field 'id' or 'userName' are present in the query.
*
* @param filter
* @return
*/
private boolean checkFilter(SCIMFilter filter) {
switch (filter.getFilterType()) {
case AND:
case OR:
return checkFilter(filter.getFilterComponents().get(0))
| checkFilter(filter.getFilterComponents().get(1));
case EQUALITY:
String name = filter.getFilterAttribute().getAttributeName();
if ("id".equalsIgnoreCase(name) || "userName".equalsIgnoreCase(name)) {
return true;
} else if (Origin.ORIGIN.equalsIgnoreCase(name)) {
return false;
} else {
throw new ScimException("Invalid filter attribute.", HttpStatus.BAD_REQUEST);
}
case PRESENCE:
case STARTS_WITH:
case CONTAINS:
throw new ScimException("Wildcards are not allowed in filter.", HttpStatus.BAD_REQUEST);
case GREATER_THAN:
case GREATER_OR_EQUAL:
case LESS_THAN:
case LESS_OR_EQUAL:
throw new ScimException("Invalid operator.", HttpStatus.BAD_REQUEST);
}
return false;
}
/** {@inheritDoc} */
@Override
public Filter toLDAPFilter(
final SCIMFilter filter,
final LDAPRequestInterface ldapInterface,
final LDAPSearchResolver userResolver)
throws InvalidResourceException {
// Only the managerId sub-attribute will ever have a value so filter
// must target that sub-attribute.
String subAttribute = filter.getFilterAttribute().getSubAttributeName();
if (subAttribute == null || !subAttribute.equals("managerId")) {
return null;
}
final String ldapAttributeType = ATTR_MANAGER;
final SCIMFilterType filterType = filter.getFilterType();
final String filterValue = filter.getFilterValue();
// Determine the DN for this member.
try {
switch (filterType) {
// We don't have to worry about AND and OR filter types since they are
// handled earlier by the resource mapper.
case EQUALITY:
{
String dn;
try {
dn = userResolver.getDnFromId(ldapInterface, filterValue);
} catch (ResourceNotFoundException e) {
// Value is not a valid user. Will not match anything.
return null;
}
return Filter.createEqualityFilter(ldapAttributeType, dn);
}
default:
throw new InvalidResourceException(
"Filter type "
+ filterType
+ " is not supported for attribute "
+ getAttributeDescriptor().getName());
}
} catch (Exception e) {
Debug.debugException(e);
throw new InvalidResourceException(e.getMessage());
}
}
private void checkFilter(String filter) {
if (filter.isEmpty()) {
throw new ScimException("a 'filter' parameter is required", HttpStatus.BAD_REQUEST);
}
SCIMFilter scimFilter;
try {
scimFilter = SCIMFilter.parse(filter);
if (!checkFilter(scimFilter)) {
throw new ScimException("Invalid filter attribute.", HttpStatus.BAD_REQUEST);
}
} catch (SCIMException e) {
logger.debug("/ids/Users received an invalid filter [" + filter + "]", e);
throw new ScimException("Invalid filter '" + filter + "'", HttpStatus.BAD_REQUEST);
}
}
