001/* 002 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER. 003 * 004 * Copyright (c) 2005 Sun Microsystems Inc. All Rights Reserved 005 * 006 * The contents of this file are subject to the terms 007 * of the Common Development and Distribution License 008 * (the License). You may not use this file except in 009 * compliance with the License. 010 * 011 * You can obtain a copy of the License at 012 * https://opensso.dev.java.net/public/CDDLv1.0.html or 013 * opensso/legal/CDDLv1.0.txt 014 * See the License for the specific language governing 015 * permission and limitations under the License. 016 * 017 * When distributing Covered Code, include this CDDL 018 * Header Notice in each file and include the License file 019 * at opensso/legal/CDDLv1.0.txt. 020 * If applicable, add the following below the CDDL Header, 021 * with the fields enclosed by brackets [] replaced by 022 * your own identifying information: 023 * "Portions Copyrighted [year] [name of copyright owner]" 024 * 025 * $Id: User.java,v 1.5 2009/01/28 05:34:51 ww203982 Exp $ 026 * 027 * Portions Copyright 2015 ForgeRock AS. 028 */ 029 030package com.iplanet.ums; 031 032import java.security.Principal; 033import java.util.Collection; 034import java.util.Iterator; 035 036import com.sun.identity.shared.debug.Debug; 037import com.iplanet.services.ldap.Attr; 038import com.iplanet.services.ldap.AttrSet; 039import org.forgerock.opendj.ldap.DN; 040import org.forgerock.opendj.ldap.SearchScope; 041 042/** 043 * Represents a user entry in UMS. 044 * 045 * @supported.api 046 */ 047public class User extends PersistentObject { 048 049 private static Debug debug; 050 051 static { 052 debug = Debug.getInstance(IUMSConstants.UMS_DEBUG); 053 } 054 055 /** 056 * No args constructor; used to construct the right object as entries are 057 * read from persistent storage. 058 * 059 */ 060 protected User() throws UMSException { 061 super(); 062 } 063 064 /** 065 * Construct user entry from session and a given guid. 066 * 067 * @param session 068 * authenticated session maintained by Session Manager 069 * @param guid 070 * globally unique identifier for the entity 071 */ 072 User(Principal principal, Guid guid) throws UMSException { 073 super(principal, guid); 074 verifyClass(); 075 } 076 077 /** 078 * Construct User object without a session. Unlike the constructor with a 079 * session parameter; this one simply creates a User object in memory, using 080 * the default template. The save() method must be called to save the object 081 * to the persistent store. 082 * 083 * @param attrSet 084 * attribute/value set 085 * 086 */ 087 User(AttrSet attrSet) throws UMSException { 088 this(TemplateManager.getTemplateManager().getCreationTemplate(_class, 089 null), attrSet); 090 } 091 092 /** 093 * Construct User object without session. Unlike constructor with session, 094 * this one simply creates a User object in memory. Call the save() method 095 * to save the object to data store. 096 * 097 * @param template 098 * template to the User 099 * @param attrSet 100 * attribute/value set 101 * 102 * @supported.api 103 */ 104 public User(CreationTemplate template, AttrSet attrSet) throws UMSException 105 { 106 super(template, attrSet); 107 } 108 109 /** 110 * Return uid for the user 111 * 112 * @return uid of the user 113 * 114 * @supported.api 115 */ 116 public String getUID() throws UMSException { 117 return getAttribute(DEFAULT_NAMING_ATTR).getValue(); 118 } 119 120 /** 121 * Return attribute set according to a supplied search template. The search 122 * template is used as attribute retrieval guidelines. 123 * 124 * @param template 125 * Search template 126 * @return attribute set with attribute names defined in the template 127 * 128 * @supported.api 129 */ 130 public AttrSet getAttributes(SearchTemplate template) throws UMSException { 131 AttrSet attrSet = new AttrSet(); 132 String[] attrNames = template.getAttributeNames(); 133 134 for (int i = 0; i < attrNames.length; i++) { 135 attrSet.add(getAttribute(attrNames[i])); 136 } 137 return attrSet; 138 } 139 140 /** 141 * Return groups that the user is a member of. If the user is not a member 142 * of a group as indicated in the "memberof" attribute in the user entry, 143 * null is returned for this method. 144 * 145 * @return String representation of guid for the group(s) that the user is a 146 * member of; null if the user is not recorded as a member of any 147 * group. 148 * 149 * @supported.api 150 */ 151 public String[] getGroups() throws UMSException { 152 Attr memberOfGroups = getAttribute(MEMBER_ATTR_NAME); 153 154 if (memberOfGroups == null || memberOfGroups.size() == 0) { 155 return null; 156 } else { 157 return memberOfGroups.getStringValues(); 158 } 159 } 160 161 /** 162 * Get the access rights associated with the user; this will return an 163 * aggregation of all the attribute access rights granted by each of the 164 * user's roles. The aggregation will only include from the 'guid' parameter 165 * on up the DIT. 166 * 167 * @param guid 168 * The starting location of the role (rights) aggregation. 169 * @return AccessRightObject associated with the user 170 * 171 * @supported.api 172 */ 173 public AccessRightObject getAccessRight(Guid guid) throws UMSException, 174 com.iplanet.services.ldap.aci.ACIParseException { 175 AccessRightObject aro = new AccessRightObject(); 176 Collection roles = getRoles(); 177 Iterator it = roles.iterator(); 178 if (it != null) { 179 if (debug.messageEnabled()) { 180 debug.message("User.getAccessRight : Get rights for : " 181 + guid.getDn()); 182 } 183 DN guidDn = DN.valueOf(guid.getDn()); 184 while (it.hasNext()) { 185 Guid roleGuid = new Guid((String) it.next()); 186 DN roleGuidDn = DN.valueOf(roleGuid.getDn()); 187 if (debug.messageEnabled()) { 188 debug.message("User.getAccessRight : Role Dn : " 189 + roleGuid.getDn()); 190 } 191 if (roleGuidDn.parent().isInScopeOf(guidDn, SearchScope.SUBORDINATES)) 192 continue; 193 BaseRole role = (BaseRole) UMSObject.getObject(getPrincipal(), 194 roleGuid); 195 if (debug.messageEnabled()) { 196 debug.message("User.getAccessRight : Role " 197 + role.getGuid()); 198 } 199 AccessRightObject right = role.getAccessRight(); 200 aro.grantReadPermission(right.getReadableAttributeNames()); 201 aro.grantWritePermission(right.getWritableAttributeNames()); 202 debug.message("User.getAccessRight : Done grant"); 203 } 204 } 205 return aro; 206 } 207 208 private static final String MEMBER_ATTR_NAME = "memberof"; 209 210 private static final String DEFAULT_NAMING_ATTR = "uid"; 211 212 static final String NEW_INSTANCE_FAILED = "newinstancefailed"; 213 214 private static final Class _class = com.iplanet.ums.User.class; 215}