8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Copyright (c) 2005 Sun Microsystems Inc. All Rights Reserved
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * The contents of this file are subject to the terms
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * of the Common Development and Distribution License
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * (the License). You may not use this file except in
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * compliance with the License.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * You can obtain a copy of the License at
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * https://opensso.dev.java.net/public/CDDLv1.0.html or
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * See the License for the specific language governing
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * permission and limitations under the License.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * When distributing Covered Code, include this CDDL
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Header Notice in each file and include the License file
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * If applicable, add the following below the CDDL Header,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * with the fields enclosed by brackets [] replaced by
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * your own identifying information:
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * "Portions Copyrighted [year] [name of copyright owner]"
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * $Id: AMCallBack.java,v 1.3 2008/06/25 05:41:19 qcheng Exp $
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * A Plugin Class that needs to be extended by external applications in-order to
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * do some special pre/post-processing for creation/deletion and modification
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * operations for User, Organization, Roles and Groups. The implementation
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * classes/module(s) are pluggable and are configurable through the Organization
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * attribute: <code>iplanet-am-admin-console-pre-post-processing-modules</code>
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * of the <code>iPlanetAMAdminConsoleService</code> service.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * For call backs pertaining to Organizations and Organizational Units, the
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * parent organization's configuration (
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * <code>iPlanetAMAdminConsoleService</code>
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Organization configuration) will be used to obtain the plugin modules.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * The call backs will be made at the time of performing one of the
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * corresponding User/Organization/Role/Group operations (create/modify/delete
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * and attribute fetch) by the Sun Java System Access Manager SDK. Applications
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * that need to perform special pre/post processing for one or more of the above
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * operations, should extend the class and override the corresponding methods.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * The API's for pre call back provide a mechanism to inspect the attributes
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * being modified and also modify the values appropriately if required. Care
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * should be taken while performing such modifications, so that it will not
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * affect other plugins which are dependent on the same attributes.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * <b>Note:</b>
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * <li> When more than one plugin modules are configured at a particular
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Organization level, the call backs for each of the plugins will occur one
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * after the other. Also, note that the order in which plugins are called back
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * is cannot pre-determined in any way.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * <li> Since the methods of this class will be invoked by the Identity Server
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * SDK and will control the flow of SDK, extreme caution should be taken while
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * overriding these methods to avoid performance bottle necks.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * <li> The exceptions thrown by the pre-processing methods of this class will
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * be treated as a failure of external processing and the operation in progress
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * will be halted by the SDK. The exception thrown should include a proper user
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * specific localized error message which can be propagated back to the
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * application using the SDK. The locale of the user should to be determined
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * using token of the authenticated user while constructing such a localized
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @deprecated As of Sun Java System Access Manager 7.1.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @supported.all.api
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * This method provides a mechanism for applications to obtain attributes
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * external to the Access Manager data store.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * This callback gets invoked when any of the {@link AMObject#getAttributes
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * AMObject.getAttributes()} methods are called. When multiple plugins
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * override this method, then attributes returned from each of them will be
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * merged and returned. When the <code>getAttribute()</code> method that
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * request specific attributes the call backs are made only for those
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * attributes that are not found in the Access Manager's data store. If the
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * <code>getAttributes()</code> which do not request any specific
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * attributes is called, the call back will take place after obtaining all
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * the attributes for the corresponding entry from the Access Manager's data
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * store. <br>
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * <b>NOTE:</b>
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * <li> This callback is not enabled by default. In order for this call back
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * to be invoked, the organizational attribute:
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * <code>iplanet-am-admin-console-external-attribute-fetch-enabled</code>
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * of the <code>iPlanetAMAdminConsoleService</code> service should be set
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * to <code>enabled</code>
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * <li> Overriding this method would cause significant performance impact.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Hence, extreme caution should be taken while overriding this method to
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * avoid processing overhead.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * <li> The attributes returned by the plugins will not be cached by SDK.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Hence, in order to avoid performance overheads, it is recommended that
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * plugin's maintain a local cache of frequently attributes. Also, the cache
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * needs to be in sync with any modifications made to those attributes.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param token
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * the <code>SSOToken</code>
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param entryDN
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * the DN of the entry being added
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param attrNames
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * names of attributes that need to retrieved. If null, all
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * attributes should be returned.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @return a Map of attributes, where the key is the attribute name and the
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * value is a Set of values. This map of attributes will be copied
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * to the original map retrieved from the Access Manager data store
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * and will be returned to the caller.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public Map getAttributes(SSOToken token, String entryDN, Set attrNames) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Method which gets invoked before a create operation is performed.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param token
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * the <code>SSOToken</code>
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param entryDN
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * the DN of the entry being added
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param attributes
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * a map consisting of attribute names and a set of values for
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * each of them. This map of attributes can be inspected,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * modified and sent back. Note, caution should be taken while
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * performing modifications to avoid changing attributes that are
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * used by Access Manager. If no modifications need to done,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * either the original map or null value can be returned.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param objectType
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * represents the type of entry on which the operation is being
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * performed. Types could be:
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * <li> {@link AMObject#USER AMObject.USER}
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * <li> {@link AMObject#ROLE AMObject.ROLE}
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * <li> {@link AMObject#FILTERED_ROLE AMObject.FILTERED_ROLE}
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * <li> {@link AMObject#ORGANIZATION AMObject.ORGANIZATION}
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * <li> {@link AMObject#ORGANIZATIONAL_UNIT
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * AMObject.ORGANIZATIONAL_UNIT}
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * <li> {@link AMObject#GROUP AMObject.GROUP}
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * <li> {@link AMObject#DYNAMIC_GROUP AMObject.DYNAMIC_GROUP}
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * <li> {@link AMObject#ASSIGNABLE_DYNAMIC_GROUP
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * AMObject.ASSIGNABLE_DYNAMIC_GROUP}
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @return Map of updated values for <code>attributes<code> or null. If this
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * returned map is not null, then this map will be used while
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * performing the operation.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @throws AMPreCallBackException if an
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * error that occurs during pre processing. The SDK will not proceed
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * with the create operation, if any one of the implementation
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * classes throws an exception. A user specific localized message
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * should be sent as part of the exception message. The specific
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * messages can be added to <code>amProfile.properties</code> file.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public Map preProcessCreate(SSOToken token, String entryDN, Map attributes,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster int objectType) throws AMPreCallBackException {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Method which gets invoked before a modify operation is performed.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param token
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * the <code>SSOToken</code>
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param entryDN
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * the DN of the entry being modified
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param oldAttributes
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * a map consisting of attribute names and a set of values for
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * each of them before modification
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param newAttributes
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * a map consisting of attribute names and a set of values for
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * each of them after modification. This map of attributes can be
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * inspected, modified and sent back. Note, caution should be
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * taken while performing modifications to avoid changing
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * attributes that are used by Access Manager. If no
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * modifications need to done, either the original map or null
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * value can be returned.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param objectType
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * represents the type of entry on which the operation is being
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * performed. Types could be:
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * <li> {@link AMObject#USER AMObject.USER}
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * <li> {@link AMObject#ROLE AMObject.ROLE}
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * <li> {@link AMObject#FILTERED_ROLE AMObject.FILTERED_ROLE}
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * <li> {@link AMObject#ORGANIZATION AMObject.ORGANIZATION}
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * <li> {@link AMObject#ORGANIZATIONAL_UNIT
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * AMObject.ORGANIZATIONAL_UNIT}
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * <li> {@link AMObject#GROUP AMObject.GROUP}
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * <li> {@link AMObject#DYNAMIC_GROUP AMObject.DYNAMIC_GROUP}
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * <li> {@link AMObject#ASSIGNABLE_DYNAMIC_GROUP
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * AMObject.ASSIGNABLE_DYNAMIC_GROUP}
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @return Map of updated values for <code>newAttributes</code> or null.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * If this returned map is not null, then this map will be used
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * while performing the operation.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @throws AMPreCallBackException
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * if an error occurs pre processing. The SDK will not proceed
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * with the modify operation, if any one of the implementation
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * classes throws an exception. A user specific localized
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * message should be sent as part of the exception message. The
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * specific messages can be added to
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * <code>amProfile.properties</code> file.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public Map preProcessModify(SSOToken token, String entryDN,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster Map oldAttributes, Map newAttributes, int objectType)
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Method which gets invoked before an entry is deleted. The deletion type
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * configured in Sun Java System Access Manager is also passed as a
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * parameter to this method.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param token
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * the <code>SSOToken</code>
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param entryDN
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * the DN of the entry being deleted
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param attributes
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * a map consisting of attribute names and a set of values for
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * each of them.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param softDeleteEnabled
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * if true soft delete will be performed Otherwise hard delete
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * will be performed.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param objectType
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * represents the type of entry on which the operation is being
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * performed. Types could be:
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * <li> {@link AMObject#USER AMObject.USER}
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * <li> {@link AMObject#ROLE AMObject.ROLE}
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * <li> {@link AMObject#FILTERED_ROLE AMObject.FILTERED_ROLE}
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * <li> {@link AMObject#ORGANIZATION AMObject.ORGANIZATION}
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * <li> {@link AMObject#ORGANIZATIONAL_UNIT
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * AMObject.ORGANIZATIONAL_UNIT}
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * <li> {@link AMObject#GROUP AMObject.GROUP}
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * <li> {@link AMObject#DYNAMIC_GROUP AMObject.DYNAMIC_GROUP}
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * <li> {@link AMObject#ASSIGNABLE_DYNAMIC_GROUP
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * AMObject.ASSIGNABLE_DYNAMIC_GROUP}
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @throws AMPreCallBackException
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * if an error occurs during entry delete pre-processing. The
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * SDK will not proceed with the delete operation, if any one of
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * the implementation classes throws an exception. A user
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * specific localized message should be sent as part of the
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * exception message. The specific messages can be added to
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * <code>amProfile.properties</code> file.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public void preProcessDelete(SSOToken token, String entryDN,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster Map attributes, boolean softDeleteEnabled, int objectType)
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Method which gets invoked after a entry create operation is performed.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param token
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * the <code>SSOToken</code>
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param entryDN
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * the DN of the entry being added
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param attributes
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * a map consisting of attribute names and a set of values for
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * each of them
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param objectType
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * represents the type of entry on which the operation is being
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * performed. Types could be:
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * <li> {@link AMObject#USER AMObject.USER}
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * <li> {@link AMObject#ROLE AMObject.ROLE}
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * <li> {@link AMObject#FILTERED_ROLE AMObject.FILTERED_ROLE}
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * <li> {@link AMObject#ORGANIZATION AMObject.ORGANIZATION}
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * <li> {@link AMObject#ORGANIZATIONAL_UNIT
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * AMObject.ORGANIZATIONAL_UNIT}
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * <li> {@link AMObject#GROUP AMObject.GROUP}
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * <li> {@link AMObject#DYNAMIC_GROUP AMObject.DYNAMIC_GROUP}
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * <li> {@link AMObject#ASSIGNABLE_DYNAMIC_GROUP
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * AMObject.ASSIGNABLE_DYNAMIC_GROUP}
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @throws AMPostCallBackException
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * if an error occurs during post processing. A user specific
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * localized message should be sent as part of the exception
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * message. The specific messages can be added to
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * <code>amProfile.properties</code> file.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public void postProcessCreate(SSOToken token, String entryDN,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster Map attributes, int objectType) throws AMPostCallBackException {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Method which gets invoked after a entry is modified
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param token
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * the <code>SSOToken</code>
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param entryDN
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * the DN of the entry being modified
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param oldAttributes
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * a map consisting of attribute names and a set of values for
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * each of them before modification
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param newAttributes
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * a map consisting of attribute names and a set of values for
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * each of them after modification
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param objectType
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * represents the type of entry on which the operation is being
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * performed. Types could be:
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * <li> {@link AMObject#USER AMObject.USER}
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * <li> {@link AMObject#ROLE AMObject.ROLE}
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * <li> {@link AMObject#FILTERED_ROLE AMObject.FILTERED_ROLE}
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * <li> {@link AMObject#ORGANIZATION AMObject.ORGANIZATION}
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * <li> {@link AMObject#ORGANIZATIONAL_UNIT
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * AMObject.ORGANIZATIONAL_UNIT}
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * <li> {@link AMObject#GROUP AMObject.GROUP}
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * <li> {@link AMObject#DYNAMIC_GROUP AMObject.DYNAMIC_GROUP}
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * <li> {@link AMObject#ASSIGNABLE_DYNAMIC_GROUP
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * AMObject.ASSIGNABLE_DYNAMIC_GROUP}
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @throws AMPostCallBackException
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * if an error occurs during post processing. A user specific
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * localized message should be sent as part of the exception
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * message. The specific messages can be added to
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * <code>amProfile.properties</code> file.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public void postProcessModify(SSOToken token, String entryDN,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster Map oldAttributes, Map newAttributes, int objectType)
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Method which gets invoked after a entry entry is deleted. The deletion
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * type configured in Sun Java System Access Manager is also passed as a
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * parameter to this method.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param token
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * the <code>SSOToken</code>
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param entryDN
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * the DN of the entry being deleted
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param attributes
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * a map consisting of attribute names and a set of values for
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * each of them
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param softDelete
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * If true, this implies that the object is just being marked for
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * deletion, if false, then it implies that the object is being
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * removed from the data store.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param objectType
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * represents the type of entry on which the operation is being
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * performed. Types could be:
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * <li> {@link AMObject#USER AMObject.USER}
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * <li> {@link AMObject#ROLE AMObject.ROLE}
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * <li> {@link AMObject#FILTERED_ROLE AMObject.FILTERED_ROLE}
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * <li> {@link AMObject#ORGANIZATION AMObject.ORGANIZATION}
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * <li> {@link AMObject#ORGANIZATIONAL_UNIT
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * AMObject.ORGANIZATIONAL_UNIT}
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * <li> {@link AMObject#GROUP AMObject.GROUP}
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * <li> {@link AMObject#DYNAMIC_GROUP AMObject.DYNAMIC_GROUP}
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * <li> {@link AMObject#ASSIGNABLE_DYNAMIC_GROUP
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * AMObject.ASSIGNABLE_DYNAMIC_GROUP}
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @throws AMPostCallBackException
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * if an error occurs during post processing. A user specific
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * localized message should be sent as part of the exception
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * message. The specific messages can be added to
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * <code>amProfile.properties</code> file.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public void postProcessDelete(SSOToken token, String entryDN,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster Map attributes, boolean softDelete, int objectType)
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Method which gets called before users are added to a role/group.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param token
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * the <code>SSOToken</code>
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param entryDN
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * the DN of the entry being added
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param members
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * a set consisting of user DN's. This set of members can be
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * inspected, modified (users can be added/removed) and sent
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * back. If no modifications need to done, either the original
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * set or null value can be returned.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param objectType
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * represents the type of entry on which the operation is being
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * performed. Types could be:
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * <li> {@link AMObject#ROLE AMObject.ROLE}
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * <li> {@link AMObject#GROUP AMObject.GROUP}
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * <li> {@link AMObject#ASSIGNABLE_DYNAMIC_GROUP
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * AMObject.ASSIGNABLE_DYNAMIC_GROUP}
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @return Set of updated values for <code>members<code> or null. If null
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * value or empty set is returned, no users will be added. Hence, if no
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * modification is being performed to the original set, it needs to be
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @throws AMPreCallBackException if an
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * error occurs during pre processing. The SDK will not proceed with
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * the adding users to role/group operation, if any one of the
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * implementation classes throws an exception. A user specific localized
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * message should be sent as part of the exception message. The specific
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * messages can be added to
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * <code>amProfile.properties</code> file.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public Set preProcessAddUser(SSOToken token, String entryDN, Set members,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster int objectType) throws AMPreCallBackException {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Method which gets invoked after users are added to a role/group.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param token
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * the <code>SSOToken</code>
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param entryDN
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * the DN of the entry being added
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param members
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * a Set consisting of user DN's which represent the users added
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param objectType
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * represents the type of entry on which the operation is being
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * performed. Types could be:
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * <li> {@link AMObject#ROLE AMObject.ROLE}
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * <li> {@link AMObject#GROUP AMObject.GROUP}
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * <li> {@link AMObject#ASSIGNABLE_DYNAMIC_GROUP
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * AMObject.ASSIGNABLE_DYNAMIC_GROUP}
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @throws AMPostCallBackException
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * if an error occurs during post processing. A user specific
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * localized message should be sent as part of the exception
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * message. The specific messages can be added to
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * <code>amProfile.properties</code> file.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public void postProcessAddUser(SSOToken token, String entryDN, Set members,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster int objectType) throws AMPostCallBackException {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Method which gets called before users are removed from a role/group.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param token
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * the <code>SSOToken</code>
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param entryDN
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * the DN of the entry being added
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param members
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * a set consisting of user DN's. This set of members can be
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * inspected, modified (users can be added/removed) and sent
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * back. If no modifications need to done, either the original
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * set or null value can be returned.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param objectType
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * represents the type of entry on which the operation is being
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * performed. Types could be:
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * <li> {@link AMObject#ROLE AMObject.ROLE}
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * <li> {@link AMObject#GROUP AMObject.GROUP}
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * <li> {@link AMObject#ASSIGNABLE_DYNAMIC_GROUP
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * AMObject.ASSIGNABLE_DYNAMIC_GROUP}
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @return Set of updated values for <code>members<code> or null. If null
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * value or empty set is returned, no users will be removed. Hence, if no
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * modification is being performed to the original set, it needs to be
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @throws AMPreCallBackException if an
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * error that occurs during pre processing. The SDK will not proceed with
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * the removing users from role/group operation, if any one of the
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * implementation classes throws an exception. A user specific localized
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * message should be sent as part of the exception message. The specific
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * messages can be added to <code>amProfile.properties</code> file.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public Set preProcessRemoveUser(SSOToken token, String entryDN,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster Set members, int objectType) throws AMPreCallBackException {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Method which gets invoked after users are removed from a role/group.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param token
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * the <code>SSOToken</code>
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param entryDN
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * the DN of the entry being added
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param members
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * a Set consisting of user DN's which represent the users added
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param objectType
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * represents the type of entry on which the operation is being
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * performed. Types could be:
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * <li> {@link AMObject#ROLE AMObject.ROLE}
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * <li> {@link AMObject#GROUP AMObject.GROUP}
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * <li> {@link AMObject#ASSIGNABLE_DYNAMIC_GROUP
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * AMObject.ASSIGNABLE_DYNAMIC_GROUP}
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @throws AMPostCallBackException
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * if an error occurs during post processing. A user specific
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * localized message should be sent as part of the exception
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * message. The specific messages can be added to
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * <code>amProfile.properties</code> file.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public void postProcessRemoveUser(SSOToken token, String entryDN,