001/** 002 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER. 003 * 004 * Copyright (c) 2005 Sun Microsystems Inc. All Rights Reserved 005 * 006 * The contents of this file are subject to the terms 007 * of the Common Development and Distribution License 008 * (the License). You may not use this file except in 009 * compliance with the License. 010 * 011 * You can obtain a copy of the License at 012 * https://opensso.dev.java.net/public/CDDLv1.0.html or 013 * opensso/legal/CDDLv1.0.txt 014 * See the License for the specific language governing 015 * permission and limitations under the License. 016 * 017 * When distributing Covered Code, include this CDDL 018 * Header Notice in each file and include the License file 019 * at opensso/legal/CDDLv1.0.txt. 020 * If applicable, add the following below the CDDL Header, 021 * with the fields enclosed by brackets [] replaced by 022 * your own identifying information: 023 * "Portions Copyrighted [year] [name of copyright owner]" 024 * 025 * $Id: ManagedRole.java,v 1.5 2009/01/28 05:34:50 ww203982 Exp $ 026 * 027 */ 028 029package com.iplanet.ums; 030 031import java.security.Principal; 032 033import com.sun.identity.shared.ldap.LDAPv2; 034import com.sun.identity.shared.ldap.util.DN; 035 036import com.iplanet.services.ldap.Attr; 037import com.iplanet.services.ldap.AttrSet; 038import com.iplanet.services.ldap.ModSet; 039import com.iplanet.services.util.I18n; 040 041/** 042 * ManagedRole is a role implementation of the membership interface 043 * IAssignableMembership. ManagedRole maps to nsManagedRoleDefinition of iPlanet 044 * Directory Server. Member objects added to the role should allow nsRoleDN 045 * attribute. When a member is added to the role, the DN of the role is added to 046 * the member's nsRoleDN attribute. When a member is removed from the role, the 047 * DN of the role is removed from the member's nsRoleDN attribute value. 048 * 049 * @supported.api 050 */ 051public class ManagedRole extends BaseRole implements IAssignableMembership { 052 053 private static I18n i18n = I18n.getInstance(IUMSConstants.UMS_PKG); 054 055 /** 056 * Name of the member attribute, which is modified when the member is added 057 * to/removed from the role. To be added as a member of the role, the member 058 * object should allow this attribute. 059 * @supported.api 060 */ 061 public static final String MEMBER_ATTR_NAME = "nsRoleDN"; 062 063 /** 064 * Name of the computed member attribute, which would be computed by 065 * Directory server for role, when the member entry is read. 066 * @supported.api 067 */ 068 public static final String COMPUTED_MEMBER_ATTR_NAME = "nsRole"; 069 070 /** 071 * LDAP object classes that define the nsManagedRoleDefinition, the iPlanet 072 * Directory Server object class, that maps to ManagedRole 073 * @supported.api 074 */ 075 public static final String[] MANAGEDROLE_OBJECTCLASSES = { "top", 076 "ldapsubentry", "nsroledefinition", "nssimpleroledefinition", 077 "nsmanagedroledefinition" }; 078 079 /** 080 * The attribute that is must for ManagedRole. Any creation template for 081 * ManagedRole should have this attribute 082 * @supported.api 083 */ 084 public static final String[] MANAGEDROLE_ATTRIBUTES = { "cn" }; 085 086 /** 087 * No argument constructor 088 * 089 * @supported.api 090 */ 091 public ManagedRole() { 092 } 093 094 /** 095 * Constructs a ManagedRole object in memory using the default template 096 * registered for ManagedRole. The save method must be called to save the 097 * new object to persistent storage. 098 * 099 * @param name 100 * name for the role 101 * @throws UMSException 102 * on failure to instantiate 103 */ 104 ManagedRole(String name) throws UMSException { 105 this(new AttrSet(new Attr("cn", name))); 106 } 107 108 /** 109 * Constructs a ManagedRole object in memory using the default template 110 * registered for ManagedRole. One needs to call save method to save the new 111 * object to persistent storage. 112 * 113 * @param attrSet 114 * Attribute/value set 115 * @throws UMSException 116 * on failure to instantiate 117 */ 118 ManagedRole(AttrSet attrSet) throws UMSException { 119 this(TemplateManager.getTemplateManager().getCreationTemplate(_class, 120 null), attrSet); 121 } 122 123 /** 124 * Constructs a ManagedRole object in memory with a given template. One 125 * needs to call save method to save the new object to persistent storage. 126 * 127 * @param template 128 * Template for creating a group 129 * @param attrSet 130 * Attribute/value set 131 * @throws UMSException 132 * on failure to instantiate 133 * @supported.api 134 */ 135 public ManagedRole(CreationTemplate template, AttrSet attrSet) 136 throws UMSException { 137 super(template, attrSet); 138 } 139 140 /** 141 * Adds a member to the role. The change is saved to persistent storage. 142 * 143 * @param member 144 * Object to be added as member 145 * @throws UMSException 146 * on failure to save to persistent storage 147 * @supported.api 148 */ 149 public void addMember(PersistentObject member) throws UMSException { 150 member.modify(new Attr(MEMBER_ATTR_NAME, this.getDN()), ModSet.ADD); 151 this.getDN(); 152 153 Principal principal = getPrincipal(); 154 if (principal == null) { 155 throw new IllegalArgumentException(i18n 156 .getString(IUMSConstants.BAD_PRINCIPAL_HDL)); 157 } 158 DataLayer.getInstance().addAttributeValue(principal, member.getGuid(), 159 MEMBER_ATTR_NAME, this.getDN()); 160 161 // invalidate the cached computed role attribute 162 member.getAttrSet().remove(COMPUTED_MEMBER_ATTR_NAME); 163 } 164 165 /** 166 * Adds a member to the role. The change is saved to persistent storage. 167 * 168 * @param guid Globally unique identifier for the member to be added. 169 * @throws UMSException if fail to save to persistent storage. 170 * @supported.api 171 */ 172 public void addMember(Guid guid) throws UMSException { 173 174 Principal principal = getPrincipal(); 175 if (principal == null) { 176 throw new IllegalArgumentException(i18n 177 .getString(IUMSConstants.BAD_PRINCIPAL_HDL)); 178 } 179 DataLayer.getInstance().addAttributeValue(principal, guid, 180 MEMBER_ATTR_NAME, this.getDN()); 181 } 182 183 /** 184 * Adds a list of members to the role. The change is saved to persistent 185 * storage. 186 * 187 * @param guids 188 * Array of member guids to be added as members to the role 189 * @throws UMSException 190 * on failure to save to persistent storage 191 * @supported.api 192 */ 193 public void addMembers(Guid[] guids) throws UMSException { 194 if (guids == null) { 195 String msg = i18n.getString(IUMSConstants.BAD_GUID); 196 throw new IllegalArgumentException(msg); 197 } 198 if (guids == null) { 199 throw new IllegalArgumentException(i18n 200 .getString(IUMSConstants.NULL_GUIDS)); 201 } 202 for (int i = 0; i < guids.length; i++) { 203 addMember(guids[i]); 204 } 205 } 206 207 /** 208 * Gets the members of the role. 209 * 210 * @param attributes 211 * Attributes to return 212 * @return SearchResults to iterate over members of the role 213 * @throws UMSException 214 * on failure to search 215 */ 216 protected SearchResults getMemberIDs(String[] attributes) 217 throws UMSException { 218 219 Principal principal = getPrincipal(); 220 if (principal == null) { 221 throw new IllegalArgumentException(i18n 222 .getString(IUMSConstants.BAD_PRINCIPAL_HDL)); 223 } 224 // Review: PKB: The members of the role 225 // must be under the role definition 226 String dn = getGuid().getDn(); 227 DN tdn = new DN(dn); 228 tdn = tdn.getParent(); 229 230 Guid guid = new Guid(tdn.toString()); 231 232 return DataLayer.getInstance().search(principal, guid, 233 LDAPv2.SCOPE_SUB, "(" + MEMBER_ATTR_NAME + "=" + getDN() + ")", 234 attributes, false, null); 235 } 236 237 /** 238 * Gets the members of the role meeting the filter condition. 239 * 240 * @param attributes 241 * Attributes to return 242 * @param filter 243 * LDAP filter to select a subset of members 244 * @return SearchResults to iterate over members of the role 245 * @throws InvalidSearchFilterException 246 * on invalid search filter 247 * @throws UMSException 248 * on failure to search 249 */ 250 protected SearchResults getMemberIDs(String[] attributes, String filter) 251 throws InvalidSearchFilterException, UMSException { 252 253 Principal principal = getPrincipal(); 254 if (principal == null) { 255 throw new IllegalArgumentException(i18n 256 .getString(IUMSConstants.BAD_PRINCIPAL_HDL)); 257 } 258 DN dn = new DN(this.getDN()); 259 dn = dn.getParent(); 260 Guid guid = new Guid(dn.toString()); 261 return DataLayer.getInstance().search( 262 principal, 263 guid, 264 LDAPv2.SCOPE_SUB, 265 "( & " + " ( " + MEMBER_ATTR_NAME + "=" + getDN() + " ) " 266 + " ( " + filter + " ) " + " ) ", attributes, false, 267 null); 268 } 269 270 /** 271 * Gets the members of the group. 272 * 273 * @return Iterator for unique identifiers for members of the role 274 * @throws UMSException 275 * on failure to search 276 * @supported.api 277 */ 278 public SearchResults getMemberIDs() throws UMSException { 279 String[] attributesToGet = { "objectclass" }; 280 return getMemberIDs(attributesToGet); 281 } 282 283 /** 284 * Returns the members of the group meeting the filter condition. 285 * 286 * @param filter LDAP filter to select a subset of members 287 * @return <code>SearchResults</code> that can be used to iterate over the 288 * unique identifiers for members of the role. 289 * @throws UMSException if fail to search. 290 * @supported.api 291 */ 292 public SearchResults getMemberIDs(String filter) throws UMSException { 293 String[] attributesToGet = { "objectclass" }; 294 return getMemberIDs(attributesToGet); 295 } 296 297 /** 298 * Gets the member count. 299 * 300 * @return Number of members of the role 301 * @throws UMSException 302 * on failure to search 303 * @supported.api 304 */ 305 public int getMemberCount() throws UMSException { 306 int count = 0; 307 // String[] attributesToGet = {"dn"}; 308 SearchResults searchResults = getMemberIDs(); 309 while (searchResults.hasMoreElements()) { 310 searchResults.next().getDN(); 311 count++; 312 } 313 return count; 314 } 315 316 /** 317 * Gets the GUID of the member at the given index (zero-based). 318 * 319 * @param index 320 * Zero-based index into the group container 321 * @return Unique identifier for a member 322 * @throws UMSException 323 * on failure to search 324 * @supported.api 325 */ 326 public Guid getMemberIDAt(int index) throws UMSException { 327 if (index < 0) { 328 throw new IllegalArgumentException(Integer.toString(index)); 329 } 330 // String[] attributesToGet = {"dn"}; 331 SearchResults searchResults = getMemberIDs(); 332 int srIndex = 0; 333 while (searchResults.hasMoreElements()) { 334 String s = searchResults.next().getDN(); 335 if (srIndex == index) { 336 searchResults.abandon(); 337 return new Guid(s); 338 } 339 srIndex++; 340 } 341 throw new ArrayIndexOutOfBoundsException(Integer.toString(index)); 342 } 343 344 /** 345 * Removes a member from the role. The change is saved to persistent 346 * storage. 347 * 348 * @param member 349 * member to be removed from the role 350 * @exception UMSException 351 * on failure to save to persistent storage 352 * @supported.api 353 */ 354 public void removeMember(PersistentObject member) throws UMSException { 355 356 Principal principal = getPrincipal(); 357 if (principal == null) { 358 throw new IllegalArgumentException(i18n 359 .getString(IUMSConstants.BAD_PRINCIPAL_HDL)); 360 } 361 member.modify(new Attr(MEMBER_ATTR_NAME, this.getDN()), ModSet.DELETE); 362 // member.save(); 363 DataLayer.getInstance().removeAttributeValue(principal, 364 member.getGuid(), MEMBER_ATTR_NAME, this.getDN()); 365 366 } 367 368 /** 369 * Removes a member from the group. The change is saved to persistent 370 * storage. 371 * 372 * @param guid 373 * Unique identifier for the member to be removed 374 * @exception UMSException 375 * on failure to save to persistent storage 376 * @supported.api 377 */ 378 public void removeMember(Guid guid) throws UMSException { 379 380 Principal principal = getPrincipal(); 381 if (principal == null) { 382 throw new IllegalArgumentException(i18n 383 .getString(IUMSConstants.BAD_PRINCIPAL_HDL)); 384 } 385 DataLayer.getInstance().removeAttributeValue(principal, guid, 386 MEMBER_ATTR_NAME, this.getDN()); 387 } 388 389 /** 390 * Removes all members of the role. 391 * 392 * @exception UMSException 393 * on failure to save to persistent storage 394 * @supported.api 395 */ 396 public void removeAllMembers() throws UMSException { 397 SearchResults searchResults = getMemberIDs(); 398 while (searchResults.hasMoreElements()) { 399 removeMember(searchResults.next()); 400 } 401 } 402 403 /** 404 * Checks if a given identifier is a member of the role. 405 * 406 * @param guid 407 * guid of the member to be checked for membership 408 * @return <code>true</code> if it is a member 409 * @exception UMSException 410 * on failure to read object for guid 411 * @supported.api 412 */ 413 public boolean hasMember(Guid guid) throws UMSException { 414 415 Principal principal = getPrincipal(); 416 if (principal == null) { 417 throw new IllegalArgumentException(i18n 418 .getString(IUMSConstants.BAD_PRINCIPAL_HDL)); 419 } 420 PersistentObject member = UMSObject.getObject(principal, guid); 421 return hasMember(member); 422 } 423 424 private static final Class _class = com.iplanet.ums.ManagedRole.class; 425}
Copyright © 2010-2017, ForgeRock All Rights Reserved.