001/** 002 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER. 003 * 004 * Copyright (c) 2005 Sun Microsystems Inc. All Rights Reserved 005 * 006 * The contents of this file are subject to the terms 007 * of the Common Development and Distribution License 008 * (the License). You may not use this file except in 009 * compliance with the License. 010 * 011 * You can obtain a copy of the License at 012 * https://opensso.dev.java.net/public/CDDLv1.0.html or 013 * opensso/legal/CDDLv1.0.txt 014 * See the License for the specific language governing 015 * permission and limitations under the License. 016 * 017 * When distributing Covered Code, include this CDDL 018 * Header Notice in each file and include the License file 019 * at opensso/legal/CDDLv1.0.txt. 020 * If applicable, add the following below the CDDL Header, 021 * with the fields enclosed by brackets [] replaced by 022 * your own identifying information: 023 * "Portions Copyrighted [year] [name of copyright owner]" 024 * 025 * $Id: Resource.java,v 1.5 2009/01/28 05:34:50 ww203982 Exp $ 026 * 027 */ 028 029package com.iplanet.ums; 030 031import java.security.Principal; 032import java.util.Collection; 033import java.util.Iterator; 034 035import com.sun.identity.shared.ldap.util.DN; 036 037import com.sun.identity.shared.debug.Debug; 038import com.iplanet.services.ldap.AttrSet; 039 040/** 041 * Represents a user entry in UMS. 042 * 043 * @supported.api 044 */ 045public class Resource extends PersistentObject { 046 047 private static Debug debug; 048 049 static { 050 debug = Debug.getInstance(IUMSConstants.UMS_DEBUG); 051 } 052 053 /** 054 * No args constructor; used to construct the right object as entries are 055 * read from persistent storage. 056 * 057 */ 058 protected Resource() throws UMSException { 059 super(); 060 } 061 062 /** 063 * Construct user entry from session and a given guid. 064 * 065 * @param session 066 * authenticated session maintained by Session Manager 067 * @param guid 068 * globally unique identifier for the entity 069 */ 070 Resource(Principal principal, Guid guid) throws UMSException { 071 super(principal, guid); 072 verifyClass(); 073 } 074 075 /** 076 * Construct Resource object without a session. Unlike the constructor with 077 * a session parameter; this one simply creates a Resource object in memory, 078 * using the default template. The save() method must be called to save the 079 * object to the persistent store. 080 * 081 * @param attrSet 082 * attribute/value set 083 * 084 */ 085 Resource(AttrSet attrSet) throws UMSException { 086 this(TemplateManager.getTemplateManager().getCreationTemplate(_class, 087 null), attrSet); 088 } 089 090 /** 091 * Construct Resource object without session. Unlike constructor with 092 * session, this one simply creates a Resource object in memory. Call the 093 * save() method to save the object to data store. 094 * 095 * @param template 096 * template to the Resource 097 * @param attrSet 098 * attribute/value set 099 * 100 * @supported.api 101 */ 102 public Resource(CreationTemplate template, AttrSet attrSet) 103 throws UMSException { 104 super(template, attrSet); 105 } 106 107 /** 108 * Return attribute set according to a supplied search template. The search 109 * template is used as attribute retrieval guidelines. 110 * 111 * @param template 112 * Search template 113 * @return attribute set with attribute names defined in the template 114 * 115 * @supported.api 116 */ 117 public AttrSet getAttributes(SearchTemplate template) throws UMSException { 118 AttrSet attrSet = new AttrSet(); 119 String[] attrNames = template.getAttributeNames(); 120 121 for (int i = 0; i < attrNames.length; i++) { 122 attrSet.add(getAttribute(attrNames[i])); 123 } 124 return attrSet; 125 } 126 127 /** 128 * Get the access rights associated with the user; this will return an 129 * aggregation of all the attribute access rights granted by each of the 130 * user's roles. The aggregation will only include from the 'guid' parameter 131 * on up the DIT. 132 * 133 * @param guid 134 * The starting location of the role (rights) aggregation. 135 * @return AccessRightObject associated with the user 136 * 137 * @supported.api 138 */ 139 public AccessRightObject getAccessRight(Guid guid) throws UMSException, 140 com.iplanet.services.ldap.aci.ACIParseException { 141 AccessRightObject aro = new AccessRightObject(); 142 Collection roles = getRoles(); 143 Iterator it = roles.iterator(); 144 if (it != null) { 145 if (debug.messageEnabled()) { 146 debug.message("Resource.getAccessRight : Get rights for : " 147 + guid.getDn()); 148 } 149 DN guidDn = new DN(guid.getDn()); 150 while (it.hasNext()) { 151 Guid roleGuid = new Guid((String) it.next()); 152 DN roleGuidDn = new DN(roleGuid.getDn()); 153 if (debug.messageEnabled()) { 154 debug.message("Resource.getAccessRight : Role Dn : " 155 + roleGuid.getDn()); 156 } 157 if (roleGuidDn.getParent().isDescendantOf(guidDn)) 158 continue; 159 BaseRole role = (BaseRole) UMSObject.getObject(getPrincipal(), 160 roleGuid); 161 if (debug.messageEnabled()) { 162 debug.message("Resource.getAccessRight : Role " 163 + role.getGuid()); 164 } 165 AccessRightObject right = role.getAccessRight(); 166 aro.grantReadPermission(right.getReadableAttributeNames()); 167 aro.grantWritePermission(right.getWritableAttributeNames()); 168 debug.message("Resource.getAccessRight : Done grant"); 169 } 170 } 171 return aro; 172 } 173 174 static final String NEW_INSTANCE_FAILED = "newinstancefailed"; 175 176 private static final Class _class = com.iplanet.ums.Resource.class; 177}