001/**
002 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
003 *
004 * Copyright (c) 2005 Sun Microsystems Inc. All Rights Reserved
005 *
006 * The contents of this file are subject to the terms
007 * of the Common Development and Distribution License
008 * (the License). You may not use this file except in
009 * compliance with the License.
010 *
011 * You can obtain a copy of the License at
012 * https://opensso.dev.java.net/public/CDDLv1.0.html or
013 * opensso/legal/CDDLv1.0.txt
014 * See the License for the specific language governing
015 * permission and limitations under the License.
016 *
017 * When distributing Covered Code, include this CDDL
018 * Header Notice in each file and include the License file
019 * at opensso/legal/CDDLv1.0.txt.
020 * If applicable, add the following below the CDDL Header,
021 * with the fields enclosed by brackets [] replaced by
022 * your own identifying information:
023 * "Portions Copyrighted [year] [name of copyright owner]"
024 *
025 * $Id: ManagedRole.java,v 1.5 2009/01/28 05:34:50 ww203982 Exp $
026 *
027 */
028
029package com.iplanet.ums;
030
031import java.security.Principal;
032
033import com.sun.identity.shared.ldap.LDAPv2;
034import com.sun.identity.shared.ldap.util.DN;
035
036import com.iplanet.services.ldap.Attr;
037import com.iplanet.services.ldap.AttrSet;
038import com.iplanet.services.ldap.ModSet;
039import com.iplanet.services.util.I18n;
040
041/**
042 * ManagedRole is a role implementation of the membership interface
043 * IAssignableMembership. ManagedRole maps to nsManagedRoleDefinition of iPlanet
044 * Directory Server. Member objects added to the role should allow nsRoleDN
045 * attribute. When a member is added to the role, the DN of the role is added to
046 * the member's nsRoleDN attribute. When a member is removed from the role, the
047 * DN of the role is removed from the member's nsRoleDN attribute value.
048 *
049 * @supported.api
050 */
051public class ManagedRole extends BaseRole implements IAssignableMembership {
052
053    private static I18n i18n = I18n.getInstance(IUMSConstants.UMS_PKG);
054
055    /**
056     * Name of the member attribute, which is modified when the member is added
057     * to/removed from the role. To be added as a member of the role, the member
058     * object should allow this attribute.
059     * @supported.api
060     */
061    public static final String MEMBER_ATTR_NAME = "nsRoleDN";
062
063    /**
064     * Name of the computed member attribute, which would be computed by
065     * Directory server for role, when the member entry is read.
066     * @supported.api
067     */
068    public static final String COMPUTED_MEMBER_ATTR_NAME = "nsRole";
069
070    /**
071     * LDAP object classes that define the nsManagedRoleDefinition, the iPlanet
072     * Directory Server object class, that maps to ManagedRole
073     * @supported.api
074     */
075    public static final String[] MANAGEDROLE_OBJECTCLASSES = { "top",
076            "ldapsubentry", "nsroledefinition", "nssimpleroledefinition",
077            "nsmanagedroledefinition" };
078
079    /**
080     * The attribute that is must for ManagedRole. Any creation template for
081     * ManagedRole should have this attribute
082     * @supported.api
083     */
084    public static final String[] MANAGEDROLE_ATTRIBUTES = { "cn" };
085
086    /**
087     * No argument constructor
088     * 
089     * @supported.api
090     */
091    public ManagedRole() {
092    }
093
094    /**
095     * Constructs a ManagedRole object in memory using the default template
096     * registered for ManagedRole. The save method must be called to save the
097     * new object to persistent storage.
098     * 
099     * @param name
100     *            name for the role
101     * @throws UMSException
102     *             on failure to instantiate
103     */
104    ManagedRole(String name) throws UMSException {
105        this(new AttrSet(new Attr("cn", name)));
106    }
107
108    /**
109     * Constructs a ManagedRole object in memory using the default template
110     * registered for ManagedRole. One needs to call save method to save the new
111     * object to persistent storage.
112     * 
113     * @param attrSet
114     *            Attribute/value set
115     * @throws UMSException
116     *             on failure to instantiate
117     */
118    ManagedRole(AttrSet attrSet) throws UMSException {
119        this(TemplateManager.getTemplateManager().getCreationTemplate(_class,
120                null), attrSet);
121    }
122
123    /**
124     * Constructs a ManagedRole object in memory with a given template. One
125     * needs to call save method to save the new object to persistent storage.
126     * 
127     * @param template
128     *            Template for creating a group
129     * @param attrSet
130     *            Attribute/value set
131     * @throws UMSException
132     *             on failure to instantiate
133     * @supported.api
134     */
135    public ManagedRole(CreationTemplate template, AttrSet attrSet)
136            throws UMSException {
137        super(template, attrSet);
138    }
139
140    /**
141     * Adds a member to the role. The change is saved to persistent storage.
142     * 
143     * @param member
144     *            Object to be added as member
145     * @throws UMSException
146     *             on failure to save to persistent storage
147     * @supported.api
148     */
149    public void addMember(PersistentObject member) throws UMSException {
150        member.modify(new Attr(MEMBER_ATTR_NAME, this.getDN()), ModSet.ADD);
151        this.getDN();
152
153        Principal principal = getPrincipal();
154        if (principal == null) {
155            throw new IllegalArgumentException(i18n
156                    .getString(IUMSConstants.BAD_PRINCIPAL_HDL));
157        }
158        DataLayer.getInstance().addAttributeValue(principal, member.getGuid(),
159                MEMBER_ATTR_NAME, this.getDN());
160
161        // invalidate the cached computed role attribute
162        member.getAttrSet().remove(COMPUTED_MEMBER_ATTR_NAME);
163    }
164
165    /**
166     * Adds a member to the role. The change is saved to persistent storage.
167     * 
168     * @param guid Globally unique identifier for the member to be added.
169     * @throws UMSException if fail to save to persistent storage.
170     * @supported.api
171     */
172    public void addMember(Guid guid) throws UMSException {
173
174        Principal principal = getPrincipal();
175        if (principal == null) {
176            throw new IllegalArgumentException(i18n
177                    .getString(IUMSConstants.BAD_PRINCIPAL_HDL));
178        }
179        DataLayer.getInstance().addAttributeValue(principal, guid,
180                MEMBER_ATTR_NAME, this.getDN());
181    }
182
183    /**
184     * Adds a list of members to the role. The change is saved to persistent
185     * storage.
186     * 
187     * @param guids
188     *            Array of member guids to be added as members to the role
189     * @throws UMSException
190     *             on failure to save to persistent storage
191     * @supported.api
192     */
193    public void addMembers(Guid[] guids) throws UMSException {
194        if (guids == null) {
195            String msg = i18n.getString(IUMSConstants.BAD_GUID);
196            throw new IllegalArgumentException(msg);
197        }
198        if (guids == null) {
199            throw new IllegalArgumentException(i18n
200                    .getString(IUMSConstants.NULL_GUIDS));
201        }
202        for (int i = 0; i < guids.length; i++) {
203            addMember(guids[i]);
204        }
205    }
206
207    /**
208     * Gets the members of the role.
209     * 
210     * @param attributes
211     *            Attributes to return
212     * @return SearchResults to iterate over members of the role
213     * @throws UMSException
214     *             on failure to search
215     */
216    protected SearchResults getMemberIDs(String[] attributes)
217            throws UMSException {
218
219        Principal principal = getPrincipal();
220        if (principal == null) {
221            throw new IllegalArgumentException(i18n
222                    .getString(IUMSConstants.BAD_PRINCIPAL_HDL));
223        }
224        // Review: PKB: The members of the role
225        // must be under the role definition
226        String dn = getGuid().getDn();
227        DN tdn = new DN(dn);
228        tdn = tdn.getParent();
229
230        Guid guid = new Guid(tdn.toString());
231
232        return DataLayer.getInstance().search(principal, guid,
233                LDAPv2.SCOPE_SUB, "(" + MEMBER_ATTR_NAME + "=" + getDN() + ")",
234                attributes, false, null);
235    }
236
237    /**
238     * Gets the members of the role meeting the filter condition.
239     * 
240     * @param attributes
241     *            Attributes to return
242     * @param filter
243     *            LDAP filter to select a subset of members
244     * @return SearchResults to iterate over members of the role
245     * @throws InvalidSearchFilterException
246     *             on invalid search filter
247     * @throws UMSException
248     *             on failure to search
249     */
250    protected SearchResults getMemberIDs(String[] attributes, String filter)
251            throws InvalidSearchFilterException, UMSException {
252
253        Principal principal = getPrincipal();
254        if (principal == null) {
255            throw new IllegalArgumentException(i18n
256                    .getString(IUMSConstants.BAD_PRINCIPAL_HDL));
257        }
258        DN dn = new DN(this.getDN());
259        dn = dn.getParent();
260        Guid guid = new Guid(dn.toString());
261        return DataLayer.getInstance().search(
262                principal,
263                guid,
264                LDAPv2.SCOPE_SUB,
265                "( & " + " ( " + MEMBER_ATTR_NAME + "=" + getDN() + " ) "
266                        + " ( " + filter + " ) " + " ) ", attributes, false,
267                null);
268    }
269
270    /**
271     * Gets the members of the group.
272     * 
273     * @return Iterator for unique identifiers for members of the role
274     * @throws UMSException
275     *             on failure to search
276     * @supported.api
277     */
278    public SearchResults getMemberIDs() throws UMSException {
279        String[] attributesToGet = { "objectclass" };
280        return getMemberIDs(attributesToGet);
281    }
282
283    /**
284     * Returns the members of the group meeting the filter condition.
285     * 
286     * @param filter LDAP filter to select a subset of members
287     * @return <code>SearchResults</code> that can be used to iterate over the
288     *         unique identifiers for members of the role.
289     * @throws UMSException if fail to search.
290     * @supported.api
291     */
292    public SearchResults getMemberIDs(String filter) throws UMSException {
293        String[] attributesToGet = { "objectclass" };
294        return getMemberIDs(attributesToGet);
295    }
296
297    /**
298     * Gets the member count.
299     * 
300     * @return Number of members of the role
301     * @throws UMSException
302     *             on failure to search
303     * @supported.api
304     */
305    public int getMemberCount() throws UMSException {
306        int count = 0;
307        // String[] attributesToGet = {"dn"};
308        SearchResults searchResults = getMemberIDs();
309        while (searchResults.hasMoreElements()) {
310            searchResults.next().getDN();
311            count++;
312        }
313        return count;
314    }
315
316    /**
317     * Gets the GUID of the member at the given index (zero-based).
318     * 
319     * @param index
320     *            Zero-based index into the group container
321     * @return Unique identifier for a member
322     * @throws UMSException
323     *             on failure to search
324     * @supported.api
325     */
326    public Guid getMemberIDAt(int index) throws UMSException {
327        if (index < 0) {
328            throw new IllegalArgumentException(Integer.toString(index));
329        }
330        // String[] attributesToGet = {"dn"};
331        SearchResults searchResults = getMemberIDs();
332        int srIndex = 0;
333        while (searchResults.hasMoreElements()) {
334            String s = searchResults.next().getDN();
335            if (srIndex == index) {
336                searchResults.abandon();
337                return new Guid(s);
338            }
339            srIndex++;
340        }
341        throw new ArrayIndexOutOfBoundsException(Integer.toString(index));
342    }
343
344    /**
345     * Removes a member from the role. The change is saved to persistent
346     * storage.
347     * 
348     * @param member
349     *            member to be removed from the role
350     * @exception UMSException
351     *                on failure to save to persistent storage
352     * @supported.api
353     */
354    public void removeMember(PersistentObject member) throws UMSException {
355
356        Principal principal = getPrincipal();
357        if (principal == null) {
358            throw new IllegalArgumentException(i18n
359                    .getString(IUMSConstants.BAD_PRINCIPAL_HDL));
360        }
361        member.modify(new Attr(MEMBER_ATTR_NAME, this.getDN()), ModSet.DELETE);
362        // member.save();
363        DataLayer.getInstance().removeAttributeValue(principal,
364                member.getGuid(), MEMBER_ATTR_NAME, this.getDN());
365
366    }
367
368    /**
369     * Removes a member from the group. The change is saved to persistent
370     * storage.
371     * 
372     * @param guid
373     *            Unique identifier for the member to be removed
374     * @exception UMSException
375     *                on failure to save to persistent storage
376     * @supported.api
377     */
378    public void removeMember(Guid guid) throws UMSException {
379
380        Principal principal = getPrincipal();
381        if (principal == null) {
382            throw new IllegalArgumentException(i18n
383                    .getString(IUMSConstants.BAD_PRINCIPAL_HDL));
384        }
385        DataLayer.getInstance().removeAttributeValue(principal, guid,
386                MEMBER_ATTR_NAME, this.getDN());
387    }
388
389    /**
390     * Removes all members of the role.
391     * 
392     * @exception UMSException
393     *                on failure to save to persistent storage
394     * @supported.api
395     */
396    public void removeAllMembers() throws UMSException {
397        SearchResults searchResults = getMemberIDs();
398        while (searchResults.hasMoreElements()) {
399            removeMember(searchResults.next());
400        }
401    }
402
403    /**
404     * Checks if a given identifier is a member of the role.
405     * 
406     * @param guid
407     *            guid of the member to be checked for membership
408     * @return <code>true</code> if it is a member
409     * @exception UMSException
410     *                on failure to read object for guid
411     * @supported.api
412     */
413    public boolean hasMember(Guid guid) throws UMSException {
414
415        Principal principal = getPrincipal();
416        if (principal == null) {
417            throw new IllegalArgumentException(i18n
418                    .getString(IUMSConstants.BAD_PRINCIPAL_HDL));
419        }
420        PersistentObject member = UMSObject.getObject(principal, guid);
421        return hasMember(member);
422    }
423
424    private static final Class _class = com.iplanet.ums.ManagedRole.class;
425}




























































Copyright © 2010-2017, ForgeRock All Rights Reserved.