EntitiesModelImpl.java revision 4febcdb66d17c2dea52af5e710144ecd72fba00a
/**
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
*
* Copyright (c) 2007 Sun Microsystems Inc. All Rights Reserved
*
* The contents of this file are subject to the terms
* of the Common Development and Distribution License
* (the License). You may not use this file except in
* compliance with the License.
*
* You can obtain a copy of the License at
* See the License for the specific language governing
* permission and limitations under the License.
*
* When distributing Covered Code, include this CDDL
* Header Notice in each file and include the License file
* at opensso/legal/CDDLv1.0.txt.
* If applicable, add the following below the CDDL Header,
* with the fields enclosed by brackets [] replaced by
* your own identifying information:
* "Portions Copyrighted [year] [name of copyright owner]"
*
* $Id: EntitiesModelImpl.java,v 1.17 2009/09/05 01:30:46 veiming Exp $
*
*/
/*
* Portions Copyrighted [2011] [ForgeRock AS]
*/
/* - LOG COMPLETE - */
public class EntitiesModelImpl
extends AMModelBase
implements EntitiesModel
{
private static final String AGENT_ATTRIBUTE_LIST =
"sunIdentityServerDeviceKeyValue";
private static boolean isWSSEnabled = false;
private boolean endUser = false;
private static SSOToken adminSSOToken =
private static RequiredValueValidator reqValidator =
new RequiredValueValidator();
private boolean isServicesSupported = true;
static {
try {
"com.sun.identity.wss.security.SecurityMechanism");
} catch (ClassNotFoundException e) {
//ignored
}
}
}
/**
* Returns the type of <code>entity</code> object for which the model
* was constructed.
*
* @return type of <code>entity</code> object being used.
*/
public String getEntityType() {
return type;
}
/**
* Set end user flag.
*
* @param endUser end user flag.
*/
public void setEndUser(boolean endUser) {
}
/**
* Returns entity names.
*
* @param realmName Name of Realm.
* @param pattern Search Pattern.
* @param strType Entity Type.
*/
public IdSearchResults getEntityNames(
) throws AMConsoleException {
realmName = "/";
}
int sizeLimit = getSearchResultLimit();
int timeLimit = getSearchTimeOutLimit();
try {
idsc.setAllReturnAttributes(false);
/*
* For user identities we will modify the search filter so that
* we can search on a non naming attribute.
*/
/*
* change the pattern to * since we are passing a searchMap.
* pattern will be used in the default filter and given to
* the naming attribute (uid in this case). Here we are passing
* cn=John Doe in the searchMap, but the naming attribute is
* set to *.
* "(&(&(uid=*)(objectClass=inetOrgPerson))(|(cn=John Doe)))"
*/
pattern = "*";
}
getUserSSOToken(), realmName);
return results;
} catch (IdRepoException e) {
getErrorString(e)};
if (debug.warningEnabled()) {
getErrorString(e));
}
throw new AMConsoleException("no.properties");
} catch (SSOException e) {
getErrorString(e)};
throw new AMConsoleException(getErrorString(e));
}
}
/**
* Returns attribute values of an entity object.
*
* @param universalId Universal ID of the entity.
* @param bCreate true for creation page
* @return attribute values of an entity object.
* @throws AMConsoleException if object cannot located.
*/
throws AMConsoleException {
try {
boolean webJ2EEagent = false;
}
} else {
}
}
} else {
}
}
}
}
}
return values;
} catch (IdRepoException e) {
throw new AMConsoleException(getErrorString(e));
} catch (SMSException e) {
throw new AMConsoleException(getErrorString(e));
} catch (SSOException e) {
throw new AMConsoleException(getErrorString(e));
}
}
/**
* Returns property sheet XML for Entity Profile.
*
* @param realmName Name of Realm.
* @param idType Type of Entity.
* @param agentType agent type.
* @param bCreate <code>true</code> for creation operation.
* @param viewbeanClassName Class Name of View Bean.
* @return property sheet XML for Entity Profile.
*/
public String getPropertyXMLString(
boolean bCreate,
) throws AMConsoleException {
try {
bCreate);
if (serviceName != null) {
serviceName, this, attributeSchemas);
if (!bCreate) {
) {
builder.setAllAttributeReadOnly(true);
}
}
}
} catch (AMConsoleException e) {
} catch (IdRepoException e) {
} catch (SMSException e) {
} catch (SSOException e) {
}
if (bCreate) {
} else {
}
} else {
} else {
}
}
return xml;
}
if (isRequiredAttribute(as)) {
}
}
}
}
boolean isReqd = false;
}
}
return isReqd;
}
/**
* Returns defauls values for an Entity Type.
*
* @param idType Type of Entity.
* @param agentType mainly for agent type
* @param bCreate true for creation page.
* @throws AMConsoleException if default values cannot be obtained.
*/
public Map getDefaultAttributeValues(
boolean bCreate
) throws AMConsoleException {
try {
}
}
return values;
} catch (IdRepoException e) {
throw new AMConsoleException(getErrorString(e));
} catch (SMSException e) {
throw new AMConsoleException(getErrorString(e));
} catch (SSOException e) {
throw new AMConsoleException(getErrorString(e));
}
}
private Set getAttributeSchemas(
boolean bCreate
if (serviceName != null) {
} else {
}
// Clean up the Attribute Schema
if (bCreate &&
i.remove();
continue;
}
i.remove();
continue;
}
}
}
}
// get the attributes to display in create and profile pages
if (bCreate) {
// beforeDisplay called to remove naming attr in create page
} else {
if (!bAgentType) {
} else {
i.remove();
}
}
}
}
}
return (attributeSchemas != null)
}
/**
* Creates an entity.
*
* @param realmName Name of Realm.
* @param entityName Name of Entity.
* @param idType Type of Entity.
* @param values Map of attribute name to Set of attribute values.
* @throws AMConsoleException if entity cannot be created.
*/
public void createEntity(
) throws AMConsoleException {
}
realmName = "/";
}
try {
getUserSSOToken(), realmName);
} catch (IdRepoException e) {
throw new AMConsoleException(strError);
} catch (SSOException e) {
throw new AMConsoleException(strError);
}
}
throws AMConsoleException {
"SecurityMech=urn:sun:wss:security:null:Anonymous");
try {
"com.sun.identity.wss.security.SecurityMechanism");
boolean first = true;
if (first) {
first = false;
} else {
}
}
} catch (ClassNotFoundException e) {
throw new AMConsoleException(e);
} catch (NoSuchMethodException e) {
throw new AMConsoleException(e);
} catch (IllegalAccessException e) {
throw new AMConsoleException(e);
} catch (InvocationTargetException e) {
throw new AMConsoleException(e);
}
}
}
}
/**
* Modifies profile of entity.
*
* @param realmName Name of Realm.
* @param universalId Universal ID of the entity.
* @param values Map of attribute name to set of attribute values.
* @throws AMConsoleException if entity cannot be located or modified.
*/
throws AMConsoleException {
try {
// In the case of Agents, the attribute sun device key
// values must be merged
) {
// Check if this attribute exists in new values
boolean found = false;
) {
// Remove the entry
}
found = true;
break;
}
}
if (!found) {
}
}
}
} catch (IdRepoException e) {
logEvent("IDM_EXCEPTION_MODIFY_IDENTITY_ATTRIBUTE_VALUE",
paramsEx);
throw new AMConsoleException(getErrorString(e));
} catch (SSOException e) {
logEvent("SSO_EXCEPTION_MODIFY_IDENTITY_ATTRIBUTE_VALUE",
paramsEx);
throw new AMConsoleException(getErrorString(e));
}
}
}
throws AMConsoleException {
boolean webJ2EEagent = false;
try {
}
if (webJ2EEagent) {
}
}
}
}
} catch (IdRepoException e) {
throw new AMConsoleException(e);
} catch (SSOException e) {
throw new AMConsoleException(e);
}
}
throws AMConsoleException {
}
}
}
}
/**
* Deletes entities.
*
* @param realmName Name of Realm.
* @param names Name of Entities to be deleted.
* @throws AMConsoleException if entity cannot be deleted.
*/
throws AMConsoleException {
try {
getUserSSOToken(), realmName);
} catch (IdRepoException e) {
throw new AMConsoleException(getErrorString(e));
} catch (SSOException e) {
throw new AMConsoleException(getErrorString(e));
}
}
}
/**
* Returns true if services can be assigned to this entity type.
*
* @param realmName Name of Realm.
* @param idType Type of Entity.
* @return true if services can be assigned to this entity type.
*/
boolean can = false;
try {
} catch (IdRepoException e) {
} catch (SSOException e) {
}
return can;
}
/**
* Returns a set of entity types of which a given type can have member of.
*
* @param realmName Name of Realm.
* @param idType Type of Entity.
* @return a set of entity types of which a given type can have member of.
* @throws AMConsoleException if <code>idType</code> is not supported.
*/
throws AMConsoleException {
try {
i.remove();
}
}
return memberOfs;
} catch (IdRepoException e) {
throw new AMConsoleException(getErrorString(e));
}
}
/**
* Returns a set of entity types that can be member of a given type.
*
* @param realmName Name of Realm.
* @param idType Type of Entity.
* @return a set of entity types that can be member of a given type.
* @throws AMConsoleException if <code>idType</code> is not supported.
*/
throws AMConsoleException {
try {
return beMemberOfs;
} catch (IdRepoException e) {
throw new AMConsoleException(getErrorString(e));
}
}
/**
* Returns true of members can be added to a type.
*
* @param realmName Name of Realm.
* @param idType Type of Entity.
* @param containerIDType Type of Entity of Container.
* @return true of members can be added to a type.
*/
public boolean canAddMember(
) throws AMConsoleException {
boolean can = false;
try {
} catch (IdRepoException e) {
throw new AMConsoleException(getErrorString(e));
}
return can;
}
}
}
}
}
throws IdRepoException
{
}
return identities;
}
/**
* Returns service name of a given ID type.
*
* @param idType ID Type.
* @param agentType Agent Type.
* @return service name of a given ID type.
*/
try {
} catch (IdRepoException e) {
}
return serviceName;
}
throws IdRepoException {
if (ServiceManager.isCoexistenceMode()) {
}
}
return serviceName;
}
throws IdRepoException {
/*
* This is required to hide the naming attribute in profile and
* creation view for users.
*/
}
private void beforeModify(
) throws IdRepoException {
// NO-OP
}
throws IdRepoException
{
/*
* This is required to set entity name to naming attribute field
* in the creation view for user.
*/
}
/**
* Returns membership of an entity.
*
* @param realmName Name of Realm.
* @param universalId Universal ID of the entity.
* @param type Type of membership.
* @return membership of an entity.
* @throws AMConsoleException if members cannot be returned.
*/
throws AMConsoleException {
try {
return results;
} catch (SSOException e) {
throw new AMConsoleException(getErrorString(e));
} catch (IdRepoException e) {
throw new AMConsoleException(getErrorString(e));
}
}
/**
* Returns members of an entity.
*
* @param realmName Name of Realm.
* @param universalId Universal ID of the entity.
* @param type Type of membership.
* @return members of an entity.
* @throws AMConsoleException if members cannot be returned.
*/
throws AMConsoleException {
try {
return results;
} catch (SSOException e) {
throw new AMConsoleException(getErrorString(e));
} catch (IdRepoException e) {
throw new AMConsoleException(getErrorString(e));
}
}
/**
* Adds an entity to a set of membership.
*
* @param universalId Universal ID of the entity.
* @param membership Set of Universal ID of membership.
* @throws AMConsoleException if membership addition fails.
*/
throws AMConsoleException {
throw new AMConsoleException(
"entities.membership.add.no.selection.message");
}
try {
}
} catch (SSOException e) {
throw new AMConsoleException(getErrorString(e));
} catch (IdRepoException e) {
throw new AMConsoleException(getErrorString(e));
}
}
/**
* Adds an entities to a membership.
*
* @param universalId Universal ID of the membership.
* @param names Set of Universal ID of entities.
* @throws AMConsoleException if membership addition fails.
*/
throws AMConsoleException {
throw new AMConsoleException(
"entities.members.add.no.selection.message");
}
try {
}
} catch (SSOException e) {
throw new AMConsoleException(getErrorString(e));
} catch (IdRepoException e) {
throw new AMConsoleException(getErrorString(e));
}
}
/**
* Removes an entity from a set of memberships.
*
* @param universalId Universal ID of the entity.
* @param membership Set of Universal ID of membership.
* @throws AMConsoleException if membership removal fails.
*/
throws AMConsoleException {
throw new AMConsoleException(
"entities.membership.remove.no.selection.message");
}
try {
}
} catch (SSOException e) {
throw new AMConsoleException(getErrorString(e));
} catch (IdRepoException e) {
throw new AMConsoleException(getErrorString(e));
}
}
/**
* Removes a set of entities from a membership.
*
* @param universalId Universal ID of the membership.
* @param names Set of Universal ID of entities.
* @throws AMConsoleException if membership removal fails.
*/
throws AMConsoleException {
throw new AMConsoleException(
"entities.members.remove.no.selection.message");
}
try {
}
} catch (SSOException e) {
throw new AMConsoleException(getErrorString(e));
} catch (IdRepoException e) {
throw new AMConsoleException(getErrorString(e));
}
}
/**
* Returns assigned memberships.
*
* @param universalId Universal ID of the entity.
* @param memberships Set of assignable memberships.
* @throws AMConsoleException if memberships information cannot be
* determined.
*/
throws AMConsoleException {
try {
}
}
} catch (SSOException e) {
throw new AMConsoleException(getErrorString(e));
} catch (IdRepoException e) {
throw new AMConsoleException(getErrorString(e));
}
return assigned;
}
/**
* Returns assigned members.
*
* @param universalId Universal ID of the entity.
* @param members Set of assignable members.
* @throws AMConsoleException if members information cannot be
* determined.
*/
throws AMConsoleException {
try {
}
}
} catch (SSOException e) {
throw new AMConsoleException(getErrorString(e));
} catch (IdRepoException e) {
throw new AMConsoleException(getErrorString(e));
}
return assigned;
}
/**
* Returns assigned services. Map of service name to its display name.
*
* @param universalId Universal ID of the entity.
* @return assigned services.
* @throws AMConsoleException if service information cannot be determined.
*/
throws AMConsoleException {
try {
// don't show auth config or user services in the user profile.
}
} catch (SSOException e) {
throw new AMConsoleException(getErrorString(e));
} catch (IdRepoFatalException e) {
// special casing this, because exception message from this
// exception is too cryptic
isServicesSupported = false;
throw new AMConsoleException(
getLocalizedString("idrepo.sevices.not.supported"));
} else {
throw new AMConsoleException(getErrorString(e));
}
} catch (IdRepoException e) {
throw new AMConsoleException(getErrorString(e));
}
}
/**
* Returns assignable services. Map of service name to its display name.
*
* @param universalId Universal ID of the entity.
* @return assignable services.
* @throws AMConsoleException if service information cannot be determined.
*/
throws AMConsoleException {
try {
/*
* don't show the auth config, user, or saml service.
*/
}
} catch (SSOException e) {
logEvent("SSO_EXCEPTION_READ_IDENTITY_ASSIGNABLE_SERVICE",
paramsEx);
throw new AMConsoleException(getErrorString(e));
} catch (IdRepoException e) {
logEvent("IDM_EXCEPTION_READ_IDENTITY_ASSIGNABLE_SERVICE",
paramsEx);
throw new AMConsoleException(getErrorString(e));
}
}
private void discardServicesWithoutAttributeSchema(
) {
} else if (!hasI18nKeys(attributes)) {
}
}
}
}
boolean has = false;
}
return has;
}
}
}
}
}
/**
* Returns the XML for property sheet view component.
*
* @param realmName Name of Realm.
* @param serviceName Name of service.
* @param idType type of Identity.
* @param bCreate true if the property sheet is for identity creation.
* @param viewbeanClassName Class Name of View Bean.
* @return the XML for property sheet view component.
* @throws AMConsoleException if XML cannot be created.
*/
public String getServicePropertySheetXML(
boolean bCreate,
) throws AMConsoleException {
try {
serviceName, set, this);
if (!bCreate) {
if (!canModify) {
}
}
);
} else {
cosPriority, true);
}
}
return xml;
} catch (SMSException e) {
throw new AMConsoleException(getErrorString(e));
} catch (SSOException e) {
throw new AMConsoleException(getErrorString(e));
}
}
/**
* Assigns service to an entity.
*
* @param universalId Universal ID of the entity.
* @param serviceName Name of service names.
* @param values Attribute Values of the service.
* @throws AMConsoleException if service cannot be assigned.
*/
public void assignService(
) throws AMConsoleException {
try {
} catch (SSOException e) {
throw new AMConsoleException(getErrorString(e));
} catch (IdRepoException e) {
throw new AMConsoleException(getErrorString(e));
}
}
/**
* Returns defaults values for an Entity Type.
*
* @param idType ID Type.
* @param serviceName Name of service name.
* @throws AMConsoleException if default values cannot be obtained.
*/
throws AMConsoleException {
try {
} else {
}
}
}
} catch (SMSException e) {
throw new AMConsoleException(getErrorString(e));
} catch (SSOException e) {
throw new AMConsoleException(getErrorString(e));
}
}
/**
* Unassigns services from an entity.
*
* @param universalId Universal ID of the entity.
* @param serviceNames Set of service names to be unassigned.
* @throws AMConsoleException if services cannot be unassigned.
*/
throws AMConsoleException {
try {
}
} catch (SSOException e) {
getErrorString(e)};
throw new AMConsoleException(getErrorString(e));
} catch (IdRepoException e) {
getErrorString(e)};
throw new AMConsoleException(getErrorString(e));
}
}
}
/**
* Returns properties view bean URL for an attribute schema.
*
* @param name Name of attribute schema.
* @return properties view bean URL for an attribute schema.
*/
try {
) {
}
}
} catch (SMSException e) {
} catch (SSOException e) {
}
return url;
}
/**
* Returns service attribute values of an entity.
*
* @param universalId Universal ID of the entity.
* @param serviceName Name of service name.
* @return service attribute values of entity.
* @throws AMConsoleException if values cannot be returned.
*/
throws AMConsoleException {
try {
} catch (SSOException e) {
logEvent("SSO_EXCEPTION_IDENTITY_READ_SERVICE_ATTRIBUTE_VALUES",
paramsEx);
throw new AMConsoleException(getErrorString(e));
} catch (IdRepoException e) {
logEvent("IDM_EXCEPTION_IDENTITY_READ_SERVICE_ATTRIBUTE_VALUES",
paramsEx);
throw new AMConsoleException(getErrorString(e));
}
}
/*
* For whatever reason, AMIdentity.getServiceAttributes method
* is returning attribute name is lowercase. Now, we have to
* correct the case accordingly.
*/
private Map correctAttributeNames(
) {
} else {
}
}
}
} else {
}
}
return correctedValues;
}
/**
* Set service attribute values to an entity.
*
* @param universalId Universal ID of the entity.
* @param serviceName Name of service name.
* @param values Attribute values.
* @throws AMConsoleException if values cannot be set.
*/
public void setServiceAttributeValues(
) throws AMConsoleException {
try {
logEvent("ATTEMPT_IDENTITY_WRITE_SERVICE_ATTRIBUTE_VALUES",
params);
logEvent("SUCCEED_IDENTITY_WRITE_SERVICE_ATTRIBUTE_VALUES",
params);
} catch (SSOException e) {
getErrorString(e)};
"SSO_EXCEPTION_IDENTITY_WRITE_SERVICE_ATTRIBUTE_VALUES",
paramsEx);
throw new AMConsoleException(getErrorString(e));
} catch (IdRepoException e) {
getErrorString(e)};
"IDM_EXCEPTION_IDENTITY_WRITE_SERVICE_ATTRIBUTE_VALUES",
paramsEx);
throw new AMConsoleException(getErrorString(e));
}
}
}
/**
* Returns true if service has displayable user attributes.
*
* @param serviceName Name of service.
* @return true if service has user attribute schema.
*/
}
/**
* This is a convenience method to check if there is displayable
* attributes for a given service.
*
* @param serviceName name of service being displayed.
* @return true if the service schema has at least one attribute to display.
*/
}
}
boolean hasAttributes = false;
try {
}
}
} catch (SMSException e) {
} catch (SSOException e) {
}
return hasAttributes;
}
/**
* Returns all the authentication chains in a realm.
*
* @param realm Name of realm.
* @return all the authentication chains in a realm.
* @throws AMConsoleException if authentication chains cannot be returned.+ */
throws AMConsoleException {
realm = "/";
}
try {
getUserSSOToken());
} catch (SSOException e) {
throw new AMConsoleException(getErrorString(e));
} catch (SMSException e) {
throw new AMConsoleException(getErrorString(e));
}
}
/**
* Returns <code>true</code> if services is supported for the identity.
*
* @return <code>true</code> if services is supported for the identity.
*/
public boolean isServicesSupported() {
return isServicesSupported;
}
try {
ServiceConfigManager svcCfgMgr = new ServiceConfigManager(IdConstants.REPO_SERVICE, getUserSSOToken());
return false;
}
return false;
}
return true;
} catch (SMSException e) {
return false;
} catch (SSOException e) {
return false;
}
}
}