AMStoreConnection.java revision bcb85423bc6855cb1c7accc69fa051e1771c000a
/**
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
*
* Copyright (c) 2005 Sun Microsystems Inc. All Rights Reserved
*
* The contents of this file are subject to the terms
* of the Common Development and Distribution License
* (the License). You may not use this file except in
* compliance with the License.
*
* You can obtain a copy of the License at
* See the License for the specific language governing
* permission and limitations under the License.
*
* When distributing Covered Code, include this CDDL
* Header Notice in each file and include the License file
* at opensso/legal/CDDLv1.0.txt.
* If applicable, add the following below the CDDL Header,
* with the fields enclosed by brackets [] replaced by
* your own identifying information:
* "Portions Copyrighted [year] [name of copyright owner]"
*
* $Id: AMStoreConnection.java,v 1.13 2009/01/28 05:34:47 ww203982 Exp $
*
*/
/**
* Portions Copyrighted 2011-2012 ForgeRock Inc
*/
/**
* The <code>AMStoreConnection</code> class represents a connection to the Sun
* Java System Access Manager data store. It provides methods to create, remove
* and get different type of Sun Java System Access Manager SDK objects in the
* data tore. <code>AMStoreConnection</code> controls and manages access to
* the data store.
* <p>
* An instance of <code>AMStoreConnection</code> object should always be
* obtained by anyone using the AM SDK since this object is the entry point to
* all other AM SDK managed objects. The constructor takes the SSO token of the
* user. Here is some sample code on how to get a user's attributes, using AM
* SDK:
*
* <PRE>
*
* AMStoreConnection amsc = new AMStoreConnection(ssotoken); AMUser user =
* amsc.getUser(ssotoken.getPrincipal()); Map attributes = user.getAttributes();
*
* </PRE>
*
* <p>
* <code>AMStoreConnection</code> also has other helper methods which are very
* useful. Some examples below:
*
* <PRE>
*
* int otype = amsc.getAMObjectType(fullDN);
*
* </PRE>
*
* <p>
* <code>otype</code> returned is one of the managed <code>AMObject</code>
* types, like <code>AMObject.USER</code>, <code>AMObject.ROLE</code>,
* <code>AMObject.ORGANIZATION</code>. If the entry being checked in not of
* the type managed by AM SDK, then an <code>AMException</code> is thrown.
*
* <PRE>
*
* boolean exists = amsc.isValidEntry(fullDN);
*
* </PRE>
*
* <p>
* If there is a <code>fullDN</code> that you want to know if it exists or not
* in the data store, then use the above method. The typical use of this method
* is in the case when you know that you need to get a managed object from
* <code>amsc</code>, but you want to verify that it exists before you create
* the managed object instance:
*
* <PRE>
*
* if (amsc.isValidEntry(userDN)) { AMUser user = amsc.getUser(userDN); - More
* code here - }
*
* </PRE>
*
* <p>
* Helper method <code>getOrganizationDN()</code>: Use this method to perform
* a subtree scoped search for organization,based on various attribute values.
*
* <PRE>
*
* String orgDN = amsc.getOrganizationDN("sun.com", null);
*
* </PRE>
*
* <p>
* The above method will return the DN of a organization, which matches the
* search criterias of having either domain name of <code>sun.com</code>,
* Domain alias name of <code>sun.com</code> or it's naming attribute value is
* <code>sun.com</code>. More examples of how to use this method are provided
* in the Javadocs of the method below.
*
* @deprecated As of Sun Java System Access Manager 7.1.
* @supported.all.api
*/
public final class AMStoreConnection implements AMConstants {
// ~ Static fields/initializers
// ---------------------------------------------
public static String rootSuffix;
protected static String defaultOrg;
// ~ Instance fields
// --------------------------------------------------------
private IDirectoryServices dsServices;
// ~ Constructors
// -----------------------------------------------------------
/**
* Gets the connection to the Sun Java System Access Manager data store if
* the Session is valid.
*
* @param ssoToken
* a valid SSO token object to authenticate before getting the
* connection
* @throws SSOException
* if single sign on token is invalid or expired.
*/
// initialize whatever you want to here.
}
// ~ Methods
// ----------------------------------------------------------------
/**
* Returns the root suffix for user management node.
*
* @return root suffix for user management node.
*
*/
public static String getAMSdkBaseDN() {
defaultOrg = rootSuffix =
// Get an instance as required otherwise it causes issues on container restart.
}
}
return defaultOrg;
}
/**
* Returns the filtered role naming attribute.
*
* @return filtered role naming attribute
* @deprecated This method is deprecated. Use
* {@link #getNamingAttribute(int)
* getNamingAttribute(int objectType)}
*/
public static String getFilteredRoleNamingAttribute() {
}
/**
* Returns the group container naming attribute.
*
* @return group container naming attribute
* @deprecated This method is deprecated. Use
* {@link #getNamingAttribute(int)
* getNamingAttribute(int objectType)}
*/
public static String getGroupContainerNamingAttribute() {
}
/**
* Returns the group naming attribute.
*
* @return group naming attribute
* @deprecated This method is deprecated. Use
* {@link #getNamingAttribute(int)
* getNamingAttribute(int objectType)}
*/
public static String getGroupNamingAttribute() {
}
/**
* Returns the naming attribute of an object type.
*
* @param objectType
* Object type can be one of the following:
* <ul>
* <li> {@link AMObject#USER AMObject.USER}
* <li> {@link AMObject#ROLE AMObject.ROLE}
* <li> {@link AMObject#FILTERED_ROLE AMObject.FILTERED_ROLE}
* <li> {@link AMObject#ORGANIZATION AMObject.ORGANIZATION}
* <li> {@link AMObject#ORGANIZATIONAL_UNIT
* AMObject.ORGANIZATIONAL_UNIT}
* <li> {@link AMObject#GROUP AMObject.GROUP}
* <li> {@link AMObject#DYNAMIC_GROUP AMObject.DYNAMIC_GROUP}
* <li> {@link AMObject#ASSIGNABLE_DYNAMIC_GROUP
* AMObject.ASSIGNABLE_DYNAMIC_GROUP}
* <li>
* {@link AMObject#PEOPLE_CONTAINER AMObject.PEOPLE_CONTAINER}
* <li> {@link AMObject#GROUP_CONTAINER AMObject.GROUP_CONTAINER}
* </ul>
* @return the naming attribute corresponding to the <code>objectType</code>
* @throws AMException
* if an error occurred in obtaining the naming attribute
*/
}
/**
* Returns the organization naming attribute.
*
* @return organization naming attribute
* @deprecated This method is deprecated. Use
* {@link #getNamingAttribute(int)
* getNamingAttribute(int objectType)}
*/
public static String getOrganizationNamingAttribute() {
}
/**
* Returns the organizational unit naming attribute.
*
* @return organizational unit naming attribute
* @deprecated This method is deprecated. Use
* {@link #getNamingAttribute(int)
* getNamingAttribute(int objectType)}
*/
public static String getOrganizationalUnitNamingAttribute() {
}
/**
* Returns the people container naming attribute.
*
* @return people container naming attribute
* @deprecated This method is deprecated. Use
* {@link #getNamingAttribute(int)
* getNamingAttribute(int objectType)}
*/
public static String getPeopleContainerNamingAttribute() {
}
/**
* Returns the role naming attribute.
*
* @return role naming attribute
* @deprecated This method is deprecated. Use
* {@link #getNamingAttribute(int)
* getNamingAttribute(int objectType)}
*/
public static String getRoleNamingAttribute() {
}
/**
* Returns the user naming attribute.
*
* @return user naming attribute
* @deprecated This method is deprecated. Use
* {@link #getNamingAttribute(int)
* getNamingAttribute(int objectType)}
*/
public static String getUserNamingAttribute() {
}
/**
* Returns the type of the object given its DN.
*
* @param dn
* DN of the object whose type is to be known.
* @return the type of the object given its DN.
* @throws AMException
* if the data store is unavailable or if the object type is
* unknown.
* @throws SSOException
* if single sign on token is invalid or expired.
*/
}
/**
* Take a supported type, and returns the matching name of the supported
* managed type. For example, if <code> AMObject.USER</code> is passed in,
* it will return "user" (one of the basic supported types in AM SDK. But
* this method (and configuration in the service <code>DAI</code>) can be
* used to extend the basic supported types to include customer-specific
* entities, like "agents", "printers" etc.
*
* @param type
* Integer type (as returned by <code>getAMObjectType</code>)
* @return identifier for the above type. Returns null if type is unknown.
*/
}
/**
* Take a supported type, and returns the matching name of the supported
* managed type. For example, if <code> AMObject.USER</code> is passed in,
* it will return "user" (one of the basic supported types in AM SDK. But
* this method (and configuration in the service <code>DAI</code>) can be
* used to extend the basic supported types to include customer-specific
* entities, like "agents", "printers" etc.
*
* @param type
* Integer type (as returned by <code>getAMObjectType</code>)
* @return identifier for the above type. Returns null if type is unknown.
*/
}
/**
* Returns the handle to the <code>AMAssignableDynamicGroup</code> object
* represented by DN. However, the validity of the handle returned by this
* method cannot be guaranteed, since the object is created in memory, and
* not instantiated from the data store. Using the
* <code>AMAssignableDynamicGroup</code> returned from this method may
* result in exceptions thrown in the later part of the application, if the
* DN is not valid or represents an entry that does not exist.
* <p>
*
* Validity of the DN can be verified is using <code>isValidEntry()</code>
* method of the object returned.
*
* @see #isValidEntry
*
* @param assignableDynamicGroupDN
* assignable dynamic group DN
* @return <code>AMAssignableDynamicGroup</code> object represented by DN.
* @throws SSOException
* if single sign on token is invalid or expired.
*/
new AMAssignableDynamicGroupImpl(this.token,
return assignableDynamicGroup;
}
/**
* Returns the service attribute names for a given service name and schema
* type.
*
* @param serviceName
* the name of the service
* @param schemaType
* the type of service schema
* @return Set of service attribute names
* @throws AMException
* if an error is encountered while retrieving information.
* @deprecated use <code>com.sun.identity.sm.ServiceSchemaManager.
* getServiceAttributeNames(com.sun.identity.sm.SchemaType)</code>
*/
throws AMException {
try {
token);
} catch (SSOException se) {
+ "AMSchema.Type)", se);
} catch (SMSException se) {
"AMSchema.Type)", se);
}
}
/**
* Returns the handle to the <code>AMDynamicGroup</code> object
* represented by DN. However, the validity of the handle returned by this
* method cannot be guaranteed, since the object is created in memory, and
* not instantiated from the data store. Using the
* <code>AMDynamicGroup</code> returned from this method may result in
* exceptions thrown in the later part of the application, if the DN is not
* valid or represents an entry that does not exist.
* <p>
*
* Validity of the DN can be verified is using <code>isValidEntry()</code>
* method of the object returned.
*
* @see #isValidEntry
*
* @param dynamicGroupDN
* group DN
* @return <code>AMDynamicGroup</code> object represented by DN.
* @throws SSOException
* if single sign on token is invalid or expired.
*/
throws SSOException {
return dynamicGroup;
}
/**
* Returns the handle to the <code>AMFilteredRole</code> object
* represented by DN. However, the validity of the handle returned by this
* method cannot be guaranteed, since the object is created in memory, and
* not instantiated from the data store. Using the
* <code>AMFilteredRole</code> returned from this method may result in
* exceptions thrown in the later part of the application, if the DN is not
* valid or represents an entry that does not exist.
* <p>
*
* Validity of the DN can be verified is using <code>isValidEntry()</code>
* method of the object returned.
*
* @see #isValidEntry
*
* @param roleDN
* role DN.
* @return <code>AMFilteredRole</code> object represented by DN.
* @throws SSOException
* if single sign on token is invalid or expired.
*/
return role;
}
/**
* Returns the handle to the <code>AMGroupContainer</code> object
* represented by DN. However, the validity of the handle returned by this
* method cannot be guaranteed, since the object is created in memory, and
* not instantiated from the data store. Using the
* <code>AMGroupContainer</code> returned from this method may result in
* exceptions thrown in the later part of the application, if the DN is not
* valid or represents an entry that does not exist.
* <p>
*
* Validity of the DN can be verified is using <code>isValidEntry()</code>
* method of the object returned.
*
* @see #isValidEntry
*
* @param groupContainerDN
* group container DN.
* @return <code>AMGroupContainer</code> object represented by DN.
* @throws SSOException
* if single sign on token is invalid or expired.
*/
throws SSOException {
return groupContainer;
}
/**
* Returns the I18N properties file name that contains the internationalized
* messages.
*
* @param serviceName
* the service name
* @return String String representing i18N properties file name
* @throws AMException
* if an error is encountered while retrieving information
*/
throws AMException {
try {
token);
return scm.getI18NFileName();
} catch (SSOException so) {
} catch (SMSException se) {
}
}
/**
* Returns the handle to the <code>AMOrganization</code> object
* represented by DN. However, the validity of the handle returned by this
* method cannot be guaranteed, since the object is created in memory, and
* not instantiated from the data store. Using the
* <code>AMOrganization</code> returned from this method may result in
* exceptions thrown in the later part of the application, if the DN is not
* valid or represents an entry that does not exist.
* <p>
*
* Validity of the DN can be verified is using <code>isValidEntry()</code>
* method of the object returned.
*
* @see #isValidEntry
*
* @param orgDN
* organization DN
* @return <code>AMOrganization</code> object represented by DN.
* @throws SSOException
* if single sign on token is invalid or expired.
*/
return organization;
}
/**
* Returns the DN of the organization, using the <code>domainname</code>
* provided and the <code>searchTemplate</code> (if provided). If
* <code>searchTemplate</code> is null, SDK uses the default
* <code>searchTemplate</code> to perform the <code>orgDN</code> search.
* If the DC tree global flag is enabled, the DC tree is used to obtain the
* organization DN, otherwise an LDAP search is conducted using the
* <code>searchfilter</code> in the <code>searchtemplate</code>. All
* <code>%V</code> in the filter are replaced with <code>domainname</code>.
* If the search returns more than one entries, then an Exception is thrown.
* Otherwise the DN obtained is returned.
*
* @param domainname
* Organization identifier passed. It can be a domain name
* (example: <code>sun.com</code>) or it could be a full DN or
* it could be null or <code>* "/"</code>. A full DN is
* verified to be an organization and returned as is. A "/" is
* assumed to be a request for the root DN and the root DN is
* returned. A "/" separated string is assumed to represent an
* existing organization DN in the DIT. For example:
* <code>(o=iplanet,o=sun,<base DN>)</code> and the validity
* of this DN is checked and returned. Any other string is
* assumed to be either a domain or an associated domain or the
* organization name. The search filter is created accordingly.
* @param orgSearchTemplate
* template to use for the search.
* @return The full organization DN
* @throws AMException
* If there is a problem connecting or searching the data store.
* @throws SSOException
* If the user has an invalid SSO token.
*/
throws AMException, SSOException {
if (domainname == null) {
return rootSuffix;
}
// If a DN is passed and is a valid organization DN, then
// return it.
return domainname;
}
{
if (isValidEntry(orgdn)
return (orgdn);
} else {
throw new AMException(AMSDKBundle
}
}
try {
if (AMDCTree.isRequired()) {
return orgdn;
}
}
} catch (AMException ae) {
// do nothing. will try to search the organization
// using search template
+ "In DC tree mode, unabe to find organization "
+ " for domain: " + domainname);
}
return (orgdn);
} else {
// use the searchfilter to obtain org DN
// replace %V with domainname.
if ((orgSearchTemplate != null)
} else {
}
+ searchFilter);
}
// throw an exception
throw new AMException(AMSDKBundle
} else {
return (orgdn);
}
}
}
/**
* Returns the handle to the <code>AMOrganizationalUnit</code> object
* represented by DN. However, the validity of the handle returned by this
* method cannot be guaranteed, since the object is created in memory, and
* not instantiated from the data store. Using the
* <code>AMOrganizationialUnit</code> returned from this method may result
* in exceptions thrown in the later part of the application, if the DN is
* not valid or represents an entry that does not exist.
* <p>
*
* Validity of the DN can be verified is using <code>isValidEntry()</code>
* method of the object returned.
*
* @see #isValidEntry
*
* @param orgUnitDN
* organizational unit DN
* @return <code>AMOrganizationalUnit</code> object represented by DN.
* @throws SSOException
* if single sign on token is invalid or expired.
*/
throws SSOException {
return organizationalUnit;
}
/**
* Returns the handle to the <code>AMPeopleContainer</code> object
* represented by DN. However, the validity of the handle returned by this
* method cannot be guaranteed, since the object is created in memory, and
* not instantiated from the data store. Using the
* <code>AMPeopleContainer</code> returned from this method may result in
* exceptions thrown in the later part of the application, if the DN is not
* valid or represents an entry that does not exist.
* <p>
*
* Validity of the DN can be verified is using <code>isValidEntry()</code>
* method of the object returned.
*
* @see #isValidEntry
*
* @param peopleContainerDN
* people container DN
* @return <code>AMPeopleContainer</code> object represented by DN.
* @throws SSOException
* if single sign on token is invalid or expired.
*/
throws SSOException {
this.token, peopleContainerDN);
return peopleContainer;
}
/**
* Returns the handle to the <code>AMTemplate</code> object represented by
* DN. However, the validity of the handle returned by this method cannot be
* guaranteed, since the object is created in memory, and not instantiated
* from the data store. Using the <code>AMTemplate</code> returned from
* this method may result in exceptions thrown in the later part of the
* application, if the DN is not valid or represents an entry that does not
* exist.
* <p>
*
* Validity of the DN can be verified is using <code>isValidEntry()</code>
* method of the object returned.
*
* @deprecated
* @see #isValidEntry
*
* @param templateDN
* a policy template DN.
* @return <code>AMTemplate</code> object represented by DN.
* @throws AMException
* if the DN does not represent a Policy template DN
* @throws SSOException
* if single sign on token is invalid or expired.
*/
throw new UnsupportedOperationException();
}
/**
* Returns the URL of the view bean for the service
*
* @param serviceName
* the service name
* @return String URL of the view bean for the service
* @throws AMException
* if an error is encountered while retrieving information
*/
throws AMException {
try {
token);
return scm.getPropertiesViewBeanURL();
} catch (SSOException so) {
} catch (SMSException se) {
}
}
/**
* Returns the handle to the <code>AMResource</code> object represented by
* DN. However, the validity of the handle returned by this method cannot be
* guaranteed, since the object is created in memory, and not instantiated
* from the data store. Using the <code>AMResource</code> returned from
* this method may result in exceptions thrown in the later part of the
* application, if the DN is not valid or represents an entry that does not
* exist.
* <p>
*
* Validity of the DN can be verified is using <code>isValidEntry()</code>
* method of the object returned.
*
* @see #isValidEntry
*
* @param resourceDN
* resource DN.
* @return <code>AMResource</code> object represented by DN.
* @throws SSOException
* if single sign on token is invalid or expired.
*/
return res;
}
/**
* Returns the handle to the <code>AMRole</code> object represented by DN.
* However, the validity of the handle returned by this method cannot be
* guaranteed, since the object is created in memory, and not instantiated
* from the data store. Using the <code>AMRole</code> returned from this
* method may result in exceptions thrown in the later part of the
* application, if the DN is not valid or represents an entry that does not
* exist.
* <p>
*
* Validity of the DN can be verified is using <code>isValidEntry()</code>
* method of the object returned.
*
* @see #isValidEntry
*
* @param roleDN
* role DN
* @return <code>AMRole</code> object represented by DN.
* @throws SSOException
* if single sign on token is invalid or expired.
*/
return role;
}
/**
* Returns the <code>AMSchema</code> for the given service name and
* service type.
*
* @param serviceName
* the name of the service
* @param schemaType
* the type of service schema that needs to be retrieved.
*
* @return <code>AMSchema</code> corresponding to the given service name
* and schema type.
*
* @throws AMException
* if an error is encountered in retrieving the
* <code>AMSchema</code>.
*
* @deprecated This method has been deprecated. Please use
* <code>com.sun.identity.sm.ServiceSchemaManager.getSchema()
* </code>.
*/
throws AMException {
throw new UnsupportedOperationException();
}
/**
* Returns the schema types available for a particular service.
*
* @param serviceName
* the name of the service whose schema types needs to be
* retrieved
* @return Set of <code>AMSchema.Type</code> objects
* @throws AMException
* if an error is encountered in retrieving the
* <code>schemaTypes</code>.
*
* @deprecated This method has been deprecated. Please use
* <code>
* com.sun.identity.sm.ServiceSchemaManager.getSchemaTypes()
* </code>.
*/
throw new UnsupportedOperationException();
}
/**
* Returns the service hierarchy for all registered services.
*
* @return the service hierarchy for all registered services.
* @throws AMException
* if an error is encountered in retrieving the service
* hierarchy. The return value is a Set of strings in slash
* format.
*/
try {
}
}
return retSet;
} catch (SSOException so) {
} catch (SMSException se) {
}
}
/**
* Returns the set of name of services that have been loaded to the data
* store.
*
* @return set of name of services.
* @throws AMException
* if an error is encountered in retrieving the names of the
* services
*/
try {
return sm.getServiceNames();
} catch (SSOException so) {
} catch (SMSException se) {
}
}
/**
* Returns the handle to the <code>AMStaticGroup</code> object represented
* by DN. However, the validity of the handle returned by this method cannot
* be guaranteed, since the object is created in memory, and not
* instantiated from the data store. Using the <code>AMStaticGroup</code>
* returned from this method may result in exceptions thrown in the later
* part of the application, if the DN is not valid or represents an entry
* that does not exist.
* <p>
*
* Validity of the DN can be verified is using <code>isValidEntry()</code>
* method of the object returned.
*
* @see #isValidEntry
*
* @param groupDN
* group DN
* @return <code>AMStaticGroup</code> object represented by DN.
* @throws SSOException
* if single sign on token is invalid or expired.
*/
return group;
}
/**
* Returns the top level containers (Organizations, People Containers,
* Roles, etc) for the particular user based on single sign on token as the
* starting point in the tree.
*
* @return set of <code>DBObjects</code> that are top level containers for
* the signed in user.
* @throws AMException
* if an error occurred when retrieving the information from the
* data store.
* @throws SSOException
* if single sign on token is invalid or expired.
*/
}
/**
* Returns the "real" or "physical" top level organizations as the starting
* point in the tree.
*
* @return Set Set of DN Strings for top level Organizations
* @throws AMException
* if an error occurred when retrieving the information from the
* data store.
* @throws SSOException
* if single sign on token is invalid or expired.
*/
}
/**
* Returns the handle to the <code>AMUser</code> object represented by DN.
* However, the validity of the handle returned by this method cannot be
* guaranteed, since the object is created in memory, and not instantiated
* from the data store. Using the <code>AMUser</code> returned from this
* method may result in exceptions thrown in the later part of the
* application, if the DN is not valid or represents an entry that does not
* exist.
* <p>
*
* Validity of the DN can be verified is using <code>isValidEntry()</code>
* method of the object returned.
*
* @see #isValidEntry
*
* @param userDN
* user DN
* @return <code>AMUser</code> object represented by DN
* @throws SSOException
* if single sign on token is invalid or expired.
*/
return user;
}
/**
* Returns the handle to the <code>AMEntity</code> object represented by
* DN. However, the validity of the handle returned by this method cannot be
* guaranteed, since the object is created in memory, and not instantiated
* from the data store. Using the <code>AMEntity</code> returned from this
* method may result in exceptions thrown in the later part of the
* application, if the DN is not valid or represents an entry that does not
* exist.
* <p>
*
* Validity of the DN can be verified is using <code>isValidEntry()</code>
* method of the object returned.
*
* @see #isValidEntry
*
* @param eDN
* entity DN.
* @return <code>AMEntity</code> object represented by DN.
* @throws SSOException
* if single sign on token is invalid or expired.
*/
try {
} catch (AMException ame) {
// Return AMEntity without object type
}
return entity;
}
/**
* Checks if the entry exists in the directory or not. First a syntax check
* is done on the DN string corresponding to the entry. If the DN syntax is
* valid, a directory call will be made to check for the existence of the
* entry.
* <p>
*
* <b>NOTE:</b> This method internally invokes a call to the directory to
* verify the existence of the entry. There could be a performance overhead.
* Hence, please use your discretion while using this method.
*
* @param dn
* DN of the entry that needs to be validated.
*
* @return false if the entry does not have a valid DN syntax or if the
* entry does not exists in the Directory. True otherwise.
*
* @throws SSOException
* if the single sign on token is no longer valid.
*/
// First check if DN syntax is valid. Avoid making iDS call
return false; // would be better here.
}
}
}
/**
* Bootstraps the Organization tree by creating the Top Organization tree.
*
* @param orgName
* name of the top organization
* @param avPairs
* Attribute-Value pairs for the top organization
* @return Top Organization object.
* @throws AMException
* if an error occurred during the process of creation.
* @throws SSOException
* if single sign on token is invalid or expired.
*/
throws AMException, SSOException {
.append(
.toString());
return orgImpl;
}
/**
* This method takes an organization DN and purges all objects marked for
* deletion. If the organization itself is marked for deletion, then a
* recursive delete of everything under the organization is called, followed
* by the organization deletion. This method works in the mode where
* <code>callbacks</code> for users are executed during this method.
*
* @param domainName
* domain to be purged
* @param graceperiod
* time in days which should have passed since the entry was last
* modified before it can be deleted from the system.
* @throws AMException
* if an error occurred when retrieving the information from the
* data store.
* @throws SSOException
* if single sign on token is invalid or expired.
*/
boolean deleted = false;
if (AMDCTree.isRequired()) {
} else {
// Use special org search filter for searching for deleted
// organizations.
+ "Using org filter= " + filter);
}
deleted = false;
} else {
deleted = true;
}
}
return;
}
+ orgDN);
}
// Check to see if grace period has expired.
// Delete all objects using the hardDelete method.
} else {
// Search for objects marked as deleted and
// try to purge them, if graceperiod as expired.
+ "Searching deleted objects. Filter: " + filter);
}
if (deletedObjs == null) {
// No objecxts to delete
+ "No objects to be deleted found for "
+ orgDN);
}
}
// get number of RDNs in the entry itself
// to count maximum level of RDNs in the search return
int maxRDNCount = entryRDNs;
// go through all search results, add DN to the list, and
// set the maximun RDN count, will be used to remove DNs
if (count > maxRDNCount) {
maxRDNCount = count;
}
}
for (int i = maxRDNCount; i >= entryRDNs; i--) {
for (int j = 0; j < len; j++) {
// depending on object type,
+ "deleting child " + thisDN);
}
try { // catch PreCallBackException
switch (objType) {
break;
break;
case AMObject.DYNAMIC_GROUP:
break;
case AMObject.STATIC_GROUP:
break;
break;
case AMObject.ORGANIZATION:
{
}
break;
default:
// should not show up in the searched
// objects.
// as none of the other objects are
// supported
// for being marked as soft-deleted/
// purging.
break;
} // switch
} catch (AMPreCallBackException amp) {
+ "Aborting delete of: "
+ thisDN
+ " due to pre-callback exception",
amp);
}
} // if
} // for
} // for
} // else
} // delIter
return;
}
/**
* This method takes a user ID and a domain name, It uses default search
* templates to search for the organization and uses the deleted objects
* search filter for Users as defined in the Administration Service of
* Access Manager. This filter is used to search for the deleted user under
* the organization. If the user is marked for deletion and the grace period
* is passed then the user is purged. The pre-delete call backs as listed in
* the Administration service, are called before the user is deleted. If any
* of the <code>callbacks</code> throw an exception the delete operation
* is aborted.
*
* @param uid
* user ID
* @param domainName
* domain in which the user belongs.
* @param graceperiod
* time in days which should have passed before this user can be
* deleted.
*
* @throws AMException
* if there is an error in deleting the user, or if the user
* <code>callbacks</code> thrown an exception
* @throws SSOException
*/
throws AMException, SSOException {
+ "Using deleted user filter= " + filter);
}
// throw an exception
"971", args);
}
return;
}
/**
* This method takes a resource ID and a domain name, It uses default search
* templates to search for the organization and uses the deleted objects
* search filter for Resources as defined in the Administration Service of
* Access Manager. This filter is used to search for the deleted resource
* under the organization. If the resource is marked for deletion and the
* grace period is passed then the resource is purged. The pre-delete call
* backs as listed in the Administration service, are called before the user
* is deleted. If any of the <code>callbacks</code> throw an exception the
* delete operation is aborted.
*
* @param rid
* resource ID
* @param domainName
* domain in which the user belongs.
* @param graceperiod
* time in days which should have passed before this user can be
* deleted.
*
* @throws AMException
* if there is an error in deleting the user, or if the user
* <code>callbacks</code> thrown an exception
* @throws SSOException
*/
throws AMException, SSOException {
+ "Using deleted user filter= " + filter);
}
// throw an exception
"971", args);
}
return;
}
/**
* This method takes a group name and a domain name, It uses default search
* templates to search for the organization and uses the deleted objects
* search filter for Groups as defined in the Administration Service of
* Access Manager. This filter is used to search for the deleted user under
* the organization. If the group is marked for deletion and the grace
* period is passed then the group is purged. The pre-delete call backs as
* listed in the Administration service, are called before the group is
* deleted. If any of the <code>callbacks</code> throw an exception the
* delete operation is aborted.
*
* @param gid
* group name
* @param domainName
* domain in which the group belongs.
* @param graceperiod
* time in days which should have passed before this user can be
* deleted. If a -1 is passed, group is deleted right away
* without check on <code>graceperiod</code>.
*
* @throws AMException
* if there is an error in deleting the group, or if the
* <code>callbacks</code> thrown an exception
* @throws SSOException
*/
throws AMException, SSOException {
+ "Using deleted group filter= " + filter);
}
// throw an exception
"971", args);
}
switch (type) {
case AMObject.STATIC_GROUP:
break;
break;
case AMObject.DYNAMIC_GROUP:
break;
default:
}
if (g != null) {
g.purge(false, graceperiod);
}
return;
}
/**
* Returns a set of <code>com.iplanet.am.sdk.AMEntityType</code> objects,
* which is the set of objects which are supported by the
* <code>com.iplanet.am.sdk.AMEntity</code> APIs.
*
* @return Set of <code>AMEntityType</code> objects.
*/
public Set getEntityTypes() {
return AMCommonUtils.getSupportedEntityTypes();
}
return null;
} else {
}
} else {
return null;
}
}
// ServiceConfig sc = getSearchTemplateConfig(orgTemplate);
return (false);
} else {
: false);
}
} else {
return (false);
}
}
/**
* Protected method to update the <code>orgMapCache</code>
*
*/
throws AMException, SSOException {
return;
}
// String rfcDN = (new DN(dn)).toRFCString().toLowerCase();
// Add to cache
synchronized (orgMapCache) {
// AMHashMap so no need to lowercase
}
}
}
}
}
}
}
/**
* Protected method to obtain the number of days since this DN was last
* modified.
*/
throws AMException, SSOException {
// Why are we adding objectclass when it is not being used?
// If a specific reason, then we need to change the method call.
// Same question applicable to other places where we add into orgmap
// cache
// attrNames.add("objectclass");
return -1;
}
return -1;
}
Number n;
try {
} catch (ParseException pe) {
+ "unable to parse date: " + value
+ " :Returning default= -1", pe);
}
return (-1);
}
// getTime() fn returns number of milliseconds
// since January 1, 1970, 00:00:00 GMT
}
return (elapsedDays);
}
/**
* Protected method to update <code>orgMapCache</code>.
*/
return;
}
switch (eventType) {
case AMEvent.OBJECT_ADDED:
// nothing to do
return;
case AMEvent.OBJECT_RENAMED:
synchronized (orgMapCache) {
orgMapCache.clear();
}
return;
case AMEvent.OBJECT_REMOVED:
case AMEvent.OBJECT_CHANGED:
// Go through the entire cache and check and delete
// any entries with values matching this DN
synchronized (orgMapCache) {
// String removeKey = null;
}
}
if (removeKeys != null) {
}
}
// orgMapCache.clear();
}
}
}
throws AMException, SSOException {
if (domainname == null) {
return Collections.EMPTY_SET;
}
// use the searchfilter to obtain organization DN
// replace %V with domainname.
} else {
}
+ searchFilter);
}
return orgSet;
}
/**
* Converts organization name which is "/" separated to DN.
*/
// Check if it is null or empty
return (rootSuffix);
}
// Check if it is org name
return (orgName);
}
// Construct the DN
while (strtok.hasMoreElements()) {
}
for (int i = 0; i < size; i++) {
}
} else {
}
}
}