001/** 002 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER. 003 * 004 * Copyright (c) 2005 Sun Microsystems Inc. All Rights Reserved 005 * 006 * The contents of this file are subject to the terms 007 * of the Common Development and Distribution License 008 * (the License). You may not use this file except in 009 * compliance with the License. 010 * 011 * You can obtain a copy of the License at 012 * https://opensso.dev.java.net/public/CDDLv1.0.html or 013 * opensso/legal/CDDLv1.0.txt 014 * See the License for the specific language governing 015 * permission and limitations under the License. 016 * 017 * When distributing Covered Code, include this CDDL 018 * Header Notice in each file and include the License file 019 * at opensso/legal/CDDLv1.0.txt. 020 * If applicable, add the following below the CDDL Header, 021 * with the fields enclosed by brackets [] replaced by 022 * your own identifying information: 023 * "Portions Copyrighted [year] [name of copyright owner]" 024 * 025 * $Id: User.java,v 1.5 2009/01/28 05:34:51 ww203982 Exp $ 026 * 027 */ 028 029package com.iplanet.ums; 030 031import java.security.Principal; 032import java.util.Collection; 033import java.util.Iterator; 034 035import com.sun.identity.shared.ldap.util.DN; 036 037import com.sun.identity.shared.debug.Debug; 038import com.iplanet.services.ldap.Attr; 039import com.iplanet.services.ldap.AttrSet; 040 041/** 042 * Represents a user entry in UMS. 043 * 044 * @supported.api 045 */ 046public class User extends PersistentObject { 047 048 private static Debug debug; 049 050 static { 051 debug = Debug.getInstance(IUMSConstants.UMS_DEBUG); 052 } 053 054 /** 055 * No args constructor; used to construct the right object as entries are 056 * read from persistent storage. 057 * 058 */ 059 protected User() throws UMSException { 060 super(); 061 } 062 063 /** 064 * Construct user entry from session and a given guid. 065 * 066 * @param session 067 * authenticated session maintained by Session Manager 068 * @param guid 069 * globally unique identifier for the entity 070 */ 071 User(Principal principal, Guid guid) throws UMSException { 072 super(principal, guid); 073 verifyClass(); 074 } 075 076 /** 077 * Construct User object without a session. Unlike the constructor with a 078 * session parameter; this one simply creates a User object in memory, using 079 * the default template. The save() method must be called to save the object 080 * to the persistent store. 081 * 082 * @param attrSet 083 * attribute/value set 084 * 085 */ 086 User(AttrSet attrSet) throws UMSException { 087 this(TemplateManager.getTemplateManager().getCreationTemplate(_class, 088 null), attrSet); 089 } 090 091 /** 092 * Construct User object without session. Unlike constructor with session, 093 * this one simply creates a User object in memory. Call the save() method 094 * to save the object to data store. 095 * 096 * @param template 097 * template to the User 098 * @param attrSet 099 * attribute/value set 100 * 101 * @supported.api 102 */ 103 public User(CreationTemplate template, AttrSet attrSet) throws UMSException 104 { 105 super(template, attrSet); 106 } 107 108 /** 109 * Return uid for the user 110 * 111 * @return uid of the user 112 * 113 * @supported.api 114 */ 115 public String getUID() throws UMSException { 116 return getAttribute(DEFAULT_NAMING_ATTR).getValue(); 117 } 118 119 /** 120 * Return attribute set according to a supplied search template. The search 121 * template is used as attribute retrieval guidelines. 122 * 123 * @param template 124 * Search template 125 * @return attribute set with attribute names defined in the template 126 * 127 * @supported.api 128 */ 129 public AttrSet getAttributes(SearchTemplate template) throws UMSException { 130 AttrSet attrSet = new AttrSet(); 131 String[] attrNames = template.getAttributeNames(); 132 133 for (int i = 0; i < attrNames.length; i++) { 134 attrSet.add(getAttribute(attrNames[i])); 135 } 136 return attrSet; 137 } 138 139 /** 140 * Return groups that the user is a member of. If the user is not a member 141 * of a group as indicated in the "memberof" attribute in the user entry, 142 * null is returned for this method. 143 * 144 * @return String representation of guid for the group(s) that the user is a 145 * member of; null if the user is not recorded as a member of any 146 * group. 147 * 148 * @supported.api 149 */ 150 public String[] getGroups() throws UMSException { 151 Attr memberOfGroups = getAttribute(MEMBER_ATTR_NAME); 152 153 if (memberOfGroups == null || memberOfGroups.size() == 0) { 154 return null; 155 } else { 156 return memberOfGroups.getStringValues(); 157 } 158 } 159 160 /** 161 * Get the access rights associated with the user; this will return an 162 * aggregation of all the attribute access rights granted by each of the 163 * user's roles. The aggregation will only include from the 'guid' parameter 164 * on up the DIT. 165 * 166 * @param guid 167 * The starting location of the role (rights) aggregation. 168 * @return AccessRightObject associated with the user 169 * 170 * @supported.api 171 */ 172 public AccessRightObject getAccessRight(Guid guid) throws UMSException, 173 com.iplanet.services.ldap.aci.ACIParseException { 174 AccessRightObject aro = new AccessRightObject(); 175 Collection roles = getRoles(); 176 Iterator it = roles.iterator(); 177 if (it != null) { 178 if (debug.messageEnabled()) { 179 debug.message("User.getAccessRight : Get rights for : " 180 + guid.getDn()); 181 } 182 DN guidDn = new DN(guid.getDn()); 183 while (it.hasNext()) { 184 Guid roleGuid = new Guid((String) it.next()); 185 DN roleGuidDn = new DN(roleGuid.getDn()); 186 if (debug.messageEnabled()) { 187 debug.message("User.getAccessRight : Role Dn : " 188 + roleGuid.getDn()); 189 } 190 if (roleGuidDn.getParent().isDescendantOf(guidDn)) 191 continue; 192 BaseRole role = (BaseRole) UMSObject.getObject(getPrincipal(), 193 roleGuid); 194 if (debug.messageEnabled()) { 195 debug.message("User.getAccessRight : Role " 196 + role.getGuid()); 197 } 198 AccessRightObject right = role.getAccessRight(); 199 aro.grantReadPermission(right.getReadableAttributeNames()); 200 aro.grantWritePermission(right.getWritableAttributeNames()); 201 debug.message("User.getAccessRight : Done grant"); 202 } 203 } 204 return aro; 205 } 206 207 private static final String MEMBER_ATTR_NAME = "memberof"; 208 209 private static final String DEFAULT_NAMING_ATTR = "uid"; 210 211 static final String NEW_INSTANCE_FAILED = "newinstancefailed"; 212 213 private static final Class _class = com.iplanet.ums.User.class; 214}
Copyright © 2010-2017, ForgeRock All Rights Reserved.