001/* 002 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER. 003 * 004 * Copyright (c) 2005 Sun Microsystems Inc. All Rights Reserved 005 * 006 * The contents of this file are subject to the terms 007 * of the Common Development and Distribution License 008 * (the License). You may not use this file except in 009 * compliance with the License. 010 * 011 * You can obtain a copy of the License at 012 * https://opensso.dev.java.net/public/CDDLv1.0.html or 013 * opensso/legal/CDDLv1.0.txt 014 * See the License for the specific language governing 015 * permission and limitations under the License. 016 * 017 * When distributing Covered Code, include this CDDL 018 * Header Notice in each file and include the License file 019 * at opensso/legal/CDDLv1.0.txt. 020 * If applicable, add the following below the CDDL Header, 021 * with the fields enclosed by brackets [] replaced by 022 * your own identifying information: 023 * "Portions Copyrighted [year] [name of copyright owner]" 024 * 025 * $Id: Resource.java,v 1.5 2009/01/28 05:34:50 ww203982 Exp $ 026 * 027 * Portions Copyright 2015 ForgeRock AS. 028 */ 029 030package com.iplanet.ums; 031 032import java.security.Principal; 033import java.util.Collection; 034import java.util.Iterator; 035 036import com.sun.identity.shared.debug.Debug; 037import com.iplanet.services.ldap.AttrSet; 038import org.forgerock.opendj.ldap.DN; 039import org.forgerock.opendj.ldap.SearchScope; 040 041/** 042 * Represents a user entry in UMS. 043 * 044 * @supported.api 045 */ 046public class Resource extends PersistentObject { 047 048 private static Debug debug; 049 050 static { 051 debug = Debug.getInstance(IUMSConstants.UMS_DEBUG); 052 } 053 054 /** 055 * No args constructor; used to construct the right object as entries are 056 * read from persistent storage. 057 * 058 */ 059 protected Resource() throws UMSException { 060 super(); 061 } 062 063 /** 064 * Construct user entry from session and a given guid. 065 * 066 * @param session 067 * authenticated session maintained by Session Manager 068 * @param guid 069 * globally unique identifier for the entity 070 */ 071 Resource(Principal principal, Guid guid) throws UMSException { 072 super(principal, guid); 073 verifyClass(); 074 } 075 076 /** 077 * Construct Resource object without a session. Unlike the constructor with 078 * a session parameter; this one simply creates a Resource object in memory, 079 * using the default template. The save() method must be called to save the 080 * object to the persistent store. 081 * 082 * @param attrSet 083 * attribute/value set 084 * 085 */ 086 Resource(AttrSet attrSet) throws UMSException { 087 this(TemplateManager.getTemplateManager().getCreationTemplate(_class, 088 null), attrSet); 089 } 090 091 /** 092 * Construct Resource object without session. Unlike constructor with 093 * session, this one simply creates a Resource object in memory. Call the 094 * save() method to save the object to data store. 095 * 096 * @param template 097 * template to the Resource 098 * @param attrSet 099 * attribute/value set 100 * 101 * @supported.api 102 */ 103 public Resource(CreationTemplate template, AttrSet attrSet) 104 throws UMSException { 105 super(template, attrSet); 106 } 107 108 /** 109 * Return attribute set according to a supplied search template. The search 110 * template is used as attribute retrieval guidelines. 111 * 112 * @param template 113 * Search template 114 * @return attribute set with attribute names defined in the template 115 * 116 * @supported.api 117 */ 118 public AttrSet getAttributes(SearchTemplate template) throws UMSException { 119 AttrSet attrSet = new AttrSet(); 120 String[] attrNames = template.getAttributeNames(); 121 122 for (int i = 0; i < attrNames.length; i++) { 123 attrSet.add(getAttribute(attrNames[i])); 124 } 125 return attrSet; 126 } 127 128 /** 129 * Get the access rights associated with the user; this will return an 130 * aggregation of all the attribute access rights granted by each of the 131 * user's roles. The aggregation will only include from the 'guid' parameter 132 * on up the DIT. 133 * 134 * @param guid 135 * The starting location of the role (rights) aggregation. 136 * @return AccessRightObject associated with the user 137 * 138 * @supported.api 139 */ 140 public AccessRightObject getAccessRight(Guid guid) throws UMSException, 141 com.iplanet.services.ldap.aci.ACIParseException { 142 AccessRightObject aro = new AccessRightObject(); 143 Collection roles = getRoles(); 144 Iterator it = roles.iterator(); 145 if (it != null) { 146 if (debug.messageEnabled()) { 147 debug.message("Resource.getAccessRight : Get rights for : " 148 + guid.getDn()); 149 } 150 DN guidDn = DN.valueOf(guid.getDn()); 151 while (it.hasNext()) { 152 Guid roleGuid = new Guid((String) it.next()); 153 DN roleGuidDn = DN.valueOf(roleGuid.getDn()); 154 if (debug.messageEnabled()) { 155 debug.message("Resource.getAccessRight : Role Dn : " 156 + roleGuid.getDn()); 157 } 158 if (roleGuidDn.parent().isInScopeOf(guidDn, SearchScope.SUBORDINATES)) 159 continue; 160 BaseRole role = (BaseRole) UMSObject.getObject(getPrincipal(), 161 roleGuid); 162 if (debug.messageEnabled()) { 163 debug.message("Resource.getAccessRight : Role " 164 + role.getGuid()); 165 } 166 AccessRightObject right = role.getAccessRight(); 167 aro.grantReadPermission(right.getReadableAttributeNames()); 168 aro.grantWritePermission(right.getWritableAttributeNames()); 169 debug.message("Resource.getAccessRight : Done grant"); 170 } 171 } 172 return aro; 173 } 174 175 static final String NEW_INSTANCE_FAILED = "newinstancefailed"; 176 177 private static final Class _class = com.iplanet.ums.Resource.class; 178}