private IdSearchControl getSearchControl( IdSearchOpModifier modifier, Map<String, Set<String>> avMap) { IdSearchControl control = new IdSearchControl(); control.setMaxResults(1); control.setSearchModifiers(modifier, avMap); return control; }
/** * Returns the <code>AMIdentity</code> object for the given parameters. If there is no such * identity, or there is more then one matching identity, then an AuthException will be thrown. * * @param idType Identity Type. * @param idName Identity Name. * @param orgName organization name. * @return <code>AMIdentity</code> object. * @throws AuthException if there was no result, or if there was more results then one. */ public AMIdentity getIdentity(IdType idType, String idName, String orgName) throws AuthException { if (debug.messageEnabled()) { debug.message("IdType is :" + idType); debug.message("IdName is :" + idName); debug.message("orgName is :" + orgName); } AMIdentity amIdentity = null; // Try getting the identity using IdUtils.getIdentity(...) try { if (debug.messageEnabled()) { debug.message("AuthD.getIdentity() from IdUtils Name: " + idName + " Org: " + orgName); } amIdentity = IdUtils.getIdentity(getSSOAuthSession(), idName, orgName); if ((amIdentity != null) && (amIdentity.isExists()) && (amIdentity.getType().equals(idType)) && (amIdentity.getAttributes() != null)) { if (debug.messageEnabled()) { debug.message( "AuthD.getIdentity obtained identity" + "using IdUtil.getIdentity: " + amIdentity); } return (amIdentity); } } catch (IdRepoException e) { // Ignore this exception and continue with search if (debug.messageEnabled()) { debug.message( "AuthD.getIdentity: Got IdRepoException while " + "getting Identity from IdUtils: " + e.getMessage()); } } catch (SSOException ssoe) { // Ignore this exception and continue with search if (debug.messageEnabled()) { debug.message( "AuthD.getIdentity: Got SSOException while " + "getting Identity from IdUtils: " + ssoe.getMessage()); } } // Obtain AMIdentity object by searching within IdRepo try { amIdentity = null; idName = DNUtils.DNtoName(idName); AMIdentityRepository amIdRepo = getAMIdentityRepository(orgName); IdSearchControl idsc = new IdSearchControl(); idsc.setRecursive(true); idsc.setTimeOut(0); idsc.setMaxResults(0); idsc.setAllReturnAttributes(false); IdSearchResults searchResults = amIdRepo.searchIdentities(idType, idName, idsc); Set results = Collections.EMPTY_SET; if (searchResults != null) { results = searchResults.getSearchResults(); } if ((results != null) && (results.size() > 1)) { // multiple user match found, throw exception, // user need to login as super admin to fix it debug.error("getIdentity: Multiple matches found for " + "user '" + idName); throw new AuthException(AMAuthErrorCode.AUTH_ERROR, null); } Iterator users = results.iterator(); if (users.hasNext()) { amIdentity = (AMIdentity) users.next(); } } catch (SSOException sso) { if (debug.messageEnabled()) { debug.message("getIdentity error " + sso.getMessage()); } } catch (IdRepoException ide) { if (debug.messageEnabled()) { debug.message("IdRepoException error " + ide.getMessage()); } } if (amIdentity == null) { throw new AuthException(AMAuthErrorCode.AUTH_PROFILE_ERROR, null); } return amIdentity; }