8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Copyright (c) 2005 Sun Microsystems Inc. All Rights Reserved
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * The contents of this file are subject to the terms
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * of the Common Development and Distribution License
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * (the License). You may not use this file except in
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * compliance with the License.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * You can obtain a copy of the License at
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * https://opensso.dev.java.net/public/CDDLv1.0.html or
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * See the License for the specific language governing
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * permission and limitations under the License.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * When distributing Covered Code, include this CDDL
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Header Notice in each file and include the License file
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * If applicable, add the following below the CDDL Header,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * with the fields enclosed by brackets [] replaced by
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * your own identifying information:
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * "Portions Copyrighted [year] [name of copyright owner]"
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * $Id: AssignableDynamicGroup.java,v 1.6 2009/01/28 05:34:50 ww203982 Exp $
bee2440354b4bc8796e1de0b6cbd60e1f68deba0Phill Cunnington * Portions Copyrighted 2013-2015 ForgeRock AS.
bee2440354b4bc8796e1de0b6cbd60e1f68deba0Phill Cunningtonimport org.forgerock.opendj.ldap.ModificationType;
bee2440354b4bc8796e1de0b6cbd60e1f68deba0Phill Cunningtonimport org.forgerock.opendj.ldap.SearchScope;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Represents a dynamic group entry that uses memberOf as its filter. It checks
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * whether the user is the member of the specified group
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @supported.api
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterpublic class AssignableDynamicGroup extends DynamicGroup implements
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster private static I18n i18n = I18n.getInstance(IUMSConstants.UMS_PKG);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster debug = Debug.getInstance(IUMSConstants.UMS_DEBUG);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Default constructor
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @supported.api
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Constructs an in memory AssignableDynamicGroup object. Default registered
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * template will be used. This is an in memory Group object and one needs to
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * call <code>save</code> method to save this newly created object to
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * persistent storage.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param attrSet Attribute/value set.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @exception UMSException if fail to instantiate from persistent storage.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster AssignableDynamicGroup(AttrSet attrSet) throws UMSException {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster this(TemplateManager.getTemplateManager().getCreationTemplate(_class,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Constructs an in memory <code>AssignableDynamicGroup</code> object with
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * a given template. This is an in memory Group object and one needs to
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * call save method to <code>save</code> this newly created object to
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * persistent storage.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param template Template for creating a group.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param attrSet Attribute/value set.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @exception UMSException if fail to instantiate from persistent storage.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @supported.api
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public AssignableDynamicGroup(CreationTemplate template, AttrSet attrSet)
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Constructs an in memory <code>AssignableDynamicGroup</code> object using
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * default registered for <code>AssignableDynamicGroup</code>. This is an
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * in memory Group object and one needs to call <code>save</code> method to
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * save this newly created object to persistent storage.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param attrSet Attribute/value set, which should not contain
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * <code>memberUrl</code>; any values of <code>memberUrl</code> will
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * be overwritten by the explicit search criteria arguments.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param base Search base for evaluating members of the group.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param scope Search scope for evaluating members of the group the value
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * has to be <code>LDAPv2.SCOPE_ONE</code> or
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * <code>LDAPv2.SCOPE_SUB</code>.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @exception UMSException if fail to instantiate from persistent storage.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster AssignableDynamicGroup(AttrSet attrSet, Guid baseGuid, int scope)
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster this(TemplateManager.getTemplateManager().getCreationTemplate(_class,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Constructs an <code>AssignableDynamicGroup</code> object with a given
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * template. This is an in memory Group object and one needs to call
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * <code>save</code> method to save this newly created object to
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * persistent storage.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param template Template for creating a group.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param attrSet Attribute-value set which should not contain member URL;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * any values of member URL will be overwritten by the explicit
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * search criteria arguments.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param baseGuid Search base for evaluating members of the group
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param scope Search scope for evaluating members of the group has to be
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * <code>LDAPv2.SCOPE_ONE</code> or <code>LDAPv2.SCOPE_SUB</code>.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @exception UMSException if fail to instantiate from persistent storage
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @supported.api
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public AssignableDynamicGroup(CreationTemplate template, AttrSet attrSet,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster Guid baseGuid, int scope) throws UMSException {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // No host, port, or attributes in the URL
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // setUrl( new LDAPUrl( null, 0, base, (String[])null, scope, "" ) );
bee2440354b4bc8796e1de0b6cbd60e1f68deba0Phill Cunnington setUrl(baseGuid, null, SearchScope.valueOf(scope));
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Sets the search filter used to evaluate this dynamic group. For an
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * <code>AssignableDynamicGroup</code>, the filter is always
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * <code>"memberof=THIS_DN"</code>, so this method should not generally be
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * called outside the package.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param filter Search filter for evaluating members of the group the
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * scope in the filter has to be <code>LDAPv2.SCOPE_ONE</code> or
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * <code>LDAPv2.SCOPE_SUB</code>.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @supported.api
bee2440354b4bc8796e1de0b6cbd60e1f68deba0Phill Cunnington if (SearchScope.SINGLE_LEVEL.equals(scope) && SearchScope.WHOLE_SUBTREE.equals(scope)) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String msg = i18n.getString(IUMSConstants.ILLEGAL_ADGROUP_SCOPE);
bee2440354b4bc8796e1de0b6cbd60e1f68deba0Phill Cunnington Guid baseGuid = new Guid(url.getName().toString());
bee2440354b4bc8796e1de0b6cbd60e1f68deba0Phill Cunnington setUrl(baseGuid, Filter.valueOf(filter), scope);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Sets the GUID of the entity; used within the package.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param guid GUID <code>REVIEW</code>: This method overloads the
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * <code>PersistentObject.setGuid()</code> method. Hence the
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * signature has to match, and we can't throw the
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * <code>UMSException</code> that could be thrown from
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * <code>"setSearchFilter"</code>. Is it enough to log such an
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // setSearchFilter( "(" + "memberof=" + getDN() + ")" );
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // TODO - Log Exception
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster debug.message("AssignableDynamicGroup.setGuid() : "
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Adds a member to the group. The change is saved to persistent storage.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param userGuid Globally unique identifier for the member to be added.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @exception UMSException if fail to save to persistent storage or if the
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * user is not within the scope of the group.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @supported.api
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public void addMember(Guid userGuid) throws UMSException {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // UMSSession session = getUMSSession();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster addMember(UMSObject.getObject(getPrincipal(), userGuid));
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Adds a member to the group. The change is saved to persistent storage.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param member Object to be added as member.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @exception UMSException if fail to save to persistent storage or if the
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * user is not within the scope of the group.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @supported.api
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public void addMember(PersistentObject member) throws UMSException {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // check whether the userGuid is within the scope of memberUrl
bee2440354b4bc8796e1de0b6cbd60e1f68deba0Phill Cunnington DN userDN = DN.valueOf(member.getGuid().getDn());
bee2440354b4bc8796e1de0b6cbd60e1f68deba0Phill Cunnington if (!userDN.isInScopeOf(memberDN, SearchScope.WHOLE_SUBTREE)) {
bee2440354b4bc8796e1de0b6cbd60e1f68deba0Phill Cunnington throw new UMSException(i18n.getString(IUMSConstants.USER_NOT_IN_GROUP_SCOPE, args));
bee2440354b4bc8796e1de0b6cbd60e1f68deba0Phill Cunnington } else if ((userDN.size() - memberDN.size()) > 1 && SearchScope.SINGLE_LEVEL.equals(memberUrl.getScope())) {
bee2440354b4bc8796e1de0b6cbd60e1f68deba0Phill Cunnington throw new UMSException(i18n.getString(IUMSConstants.USER_NOT_IN_GROUP_SCOPE, args));
bee2440354b4bc8796e1de0b6cbd60e1f68deba0Phill Cunnington member.modify(new Attr(MEMBER_ATTR_NAME, this.getDN()), ModificationType.ADD);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Adds a list of members to the group. The change is saved to persistent
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param guids Array of member GUIDs to be added as members to the group.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @exception UMSException if fail to save to persistent storage.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @supported.api
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public void addMembers(Guid[] guids) throws UMSException {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Removes a member from the group. The change is saved to persistent
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param guid Unique identifier for the member to be removed.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @exception UMSException if fail to save to persistent storage.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @supported.api
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public void removeMember(Guid guid) throws UMSException {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster PersistentObject member = UMSObject.getObject(getPrincipal(), guid);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Removes a member from the group. The change is saved to persistent
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param member Object to be removed.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @exception UMSException if fail to save to persistent storage.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @supported.api
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public void removeMember(PersistentObject member) throws UMSException {
bee2440354b4bc8796e1de0b6cbd60e1f68deba0Phill Cunnington member.modify(new Attr(MEMBER_ATTR_NAME, this.getDN()), ModificationType.DELETE);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Removes all members of the group.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @exception UMSException if fail to save to persistent storage.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @supported.api
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public void removeAllMembers() throws UMSException {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster SearchResults searchResults = getMemberIDs(attributesToGet);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster PersistentObject member = searchResults.next();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Returns <code>true</code> if a given identifier is a member of the
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param guid Identity of member to be checked for membership.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @return <code>true</code> if it is a member.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @exception UMSException if fail to read object for guid.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @supported.api
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public boolean hasMember(Guid guid) throws UMSException {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster PersistentObject object = UMSObject.getObject(getPrincipal(), guid);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster Attr attr = object.getAttribute(MEMBER_ATTR_NAME);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster debug.message("AssignableDynamicGroup.hasMember: no "
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster return false;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // need to normalize DN to escape spaces and such
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // for accurate checking of membership
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // TODO: This ties guids to DNS. The methods to normalize and compare
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // should be managed separately.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // TODO: The members should have been normalized before adding to
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // the group (i.e. when creating or modifying it), so it should not
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // be necessary to have normalizing code spread out in the classes
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // and methods.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster debug.message("AssignableDynamicGroup.hasMember: comparing "
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster return true;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster return false;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Saves the modification(s) to the object to persistent storage.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @return UMSException on failure to save to persistent storage.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * public void save () throws UMSException { String filter =
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * getSearchFilter(); if ( (filter == null) || (filter.length() < 1) ) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * setSearchFilter( "memberof=" + getDN() ); } super.save(); }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster private static final String MEMBER_ATTR_NAME = "memberof";
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster private static final Class _class = new AssignableDynamicGroup().getClass();