/** * Returns <code>true</code> if attribute value for the given user represented by * <class>Subject</class> object is present. * * @param subject identity of the user * @param attrName attribute name to check * @param attrValue attribute value to check * @return <code>true</code> if attribute value for the given user represented by * <class>Subject</class> object is present. * @throws com.sun.identity.entitlement.EntitlementException if this operation failed. */ public boolean hasAttribute(Subject subject, String attrName, String attrValue) throws EntitlementException { String uuid = SubjectUtils.getPrincipalId(subject); try { SSOToken adminToken = (SSOToken) AccessController.doPrivileged(AdminTokenAction.getInstance()); AMIdentity amid = new AMIdentity(adminToken, uuid); if (attrName.startsWith(NAMESPACE_ATTR)) { Set<String> values = amid.getAttribute(attrName.substring(NAMESPACE_ATTR.length())); return (values != null) ? values.contains(attrValue) : false; } else if (attrName.startsWith(NAMESPACE_MEMBERSHIP)) { IdType type = IdUtils.getType(attrName.substring(NAMESPACE_MEMBERSHIP.length())); if (type != null) { AMIdentity parent = new AMIdentity(adminToken, attrValue); if (parent.getType().equals(type)) { Set<String> members = parent.getMembers(IdType.USER); return members.contains(amid.getUniversalId()); } } } return false; } catch (IdRepoException e) { Object[] params = {uuid}; throw new EntitlementException(601, params, e); } catch (SSOException e) { Object[] params = {uuid}; throw new EntitlementException(601, params, e); } }
/** * Returns the attribute values of the given user represented by <class>Subject</class> object. * * @param subject identity of the user. * @param attrNames requested attribute names. * @return a map of attribute names and their values * @throws com.sun.identity.entitlement.EntitlementException if this operation failed. */ public Map<String, Set<String>> getUserAttributes(Subject subject, Set<String> attrNames) throws EntitlementException { String uuid = SubjectUtils.getPrincipalId(subject); try { SSOToken adminToken = (SSOToken) AccessController.doPrivileged(AdminTokenAction.getInstance()); AMIdentity amid = new AMIdentity(adminToken, uuid); return amid.getAttributes(attrNames); } catch (IdRepoException e) { Object[] params = {uuid}; throw new EntitlementException(601, params, e); } catch (SSOException e) { Object[] params = {uuid}; throw new EntitlementException(601, params, e); } }
/** * Returns the attribute values of the given user represented by <class>Subject</class> object. * * @param subject identity of the user * @param attrNames requested attribute names * @return a map of attribute names and their values * @throws com.sun.identity.entitlement.EntitlementException if this operation failed. */ public Map<String, Set<String>> getAttributes(Subject subject, Set<String> attrNames) throws EntitlementException { String uuid = SubjectUtils.getPrincipalId(subject); try { Map<String, Set<String>> results = new HashMap<String, Set<String>>(); Map<String, Set<String>> pubCreds = new HashMap<String, Set<String>>(); SSOToken adminToken = (SSOToken) AccessController.doPrivileged(AdminTokenAction.getInstance()); AMIdentity amid = new AMIdentity(adminToken, uuid); Set<String> set = new HashSet<String>(2); set.add(getIDWithoutOrgName(amid)); results.put(NAMESPACE_IDENTITY, set); set = new HashSet<String>(2); set.add(uuid); pubCreds.put(NAMESPACE_IDENTITY, set); Set<String> primitiveAttrNames = getAttributeNames(attrNames, NAMESPACE_ATTR); if (!primitiveAttrNames.isEmpty()) { Map<String, Set<String>> primitiveAttrValues = amid.getAttributes(primitiveAttrNames); for (String name : primitiveAttrValues.keySet()) { Set<String> values = primitiveAttrValues.get(name); if (values != null) { results.put(NAMESPACE_ATTR + name, values); pubCreds.put(NAMESPACE_ATTR + name, values); } } } Set<String> membershipAttrNames = getAttributeNames(attrNames, NAMESPACE_MEMBERSHIP); if (!membershipAttrNames.isEmpty()) { for (String m : membershipAttrNames) { IdType type = IdUtils.getType(m); if (type != null) { Set<AMIdentity> memberships = amid.getMemberships(type); if (memberships != null) { Set<String> setMemberships = new HashSet<String>(); Set<String> membershipsCred = new HashSet<String>(); for (AMIdentity a : memberships) { setMemberships.add(getIDWithoutOrgName(a)); membershipsCred.add(a.getUniversalId()); } results.put(NAMESPACE_MEMBERSHIP + m, setMemberships); pubCreds.put(NAMESPACE_MEMBERSHIP + m, membershipsCred); } } } } Set<Object> publicCreds = subject.getPublicCredentials(); publicCreds.add(pubCreds); return results; } catch (SSOException e) { Object[] params = {uuid}; throw new EntitlementException(600, params, e); } catch (IdRepoException e) { Object[] params = {uuid}; throw new EntitlementException(600, params, e); } }