8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Copyright (c) 2005 Sun Microsystems Inc. All Rights Reserved
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * The contents of this file are subject to the terms
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * of the Common Development and Distribution License
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * (the License). You may not use this file except in
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * compliance with the License.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * You can obtain a copy of the License at
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * https://opensso.dev.java.net/public/CDDLv1.0.html or
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * See the License for the specific language governing
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * permission and limitations under the License.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * When distributing Covered Code, include this CDDL
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Header Notice in each file and include the License file
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * If applicable, add the following below the CDDL Header,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * with the fields enclosed by brackets [] replaced by
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * your own identifying information:
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * "Portions Copyrighted [year] [name of copyright owner]"
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * $Id: AMUserImpl.java,v 1.7 2009/11/20 23:52:51 ww203982 Exp $
bee2440354b4bc8796e1de0b6cbd60e1f68deba0Phill Cunnington * Portions Copyright 2015 ForgeRock AS.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport com.sun.identity.sm.ServiceSchemaManager;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport com.sun.identity.security.AdminTokenAction;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * The <code>AMUserImpl</code> implementation of interface AMUser
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @deprecated As of Sun Java System Access Manager 7.1.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterclass AMUserImpl extends AMObjectImpl implements AMUser {
bee2440354b4bc8796e1de0b6cbd60e1f68deba0Phill Cunnington static RDN ContainerDefaultTemplateRoleRDN = RDN.valueOf(AMNamingAttrManager
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public AMUserImpl(SSOToken ssoToken, String DN) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Renames the user name (ie., naming attribute of user entry) in the
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * datastore.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * <B>Note:</B> This operation directly commits the the user name changes
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * to the datastore. However, it does not save the modified/added
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * attributes. For saving them explictly to the datastore, use
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * {@link AMObject#store store()} method to save the attributes.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param newName
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * The new user name
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param deleteOldName
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * if true deletes the old name, otherwise retains the old name.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @return the new <code>DN</code> value for the user
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @throws AMException
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * if an error is encountered when trying to access/retrieve
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * data from the data store
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @throws SSOException
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * if the single sign on token is no longer valid.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public String rename(String newName, boolean deleteOldName)
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster entryDN = dsServices.renameEntry(token, profileType, entryDN, newName,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Gets all the filtered roles the user is in.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @return The Set of filtered role DN's the user is in.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @throws AMException
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * if an error is encountered when trying to access/retrieve
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * data from the data store
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @throws SSOException
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * if the single sign on token is no longer valid.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public Set getFilteredRoleDNs() throws AMException, SSOException {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster Map nsrolesMap = getAttributesFromDataStore(nsroleANSet);
bee2440354b4bc8796e1de0b6cbd60e1f68deba0Phill Cunnington normdns.add(DN.valueOf((String) iter.next()).toString()
bee2440354b4bc8796e1de0b6cbd60e1f68deba0Phill Cunnington if (!normdns.contains(nsroleDN.toString().toLowerCase()))
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (!rdn.equals(ContainerDefaultTemplateRoleRDN)
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Gets all the static roles the user is in.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @return The Set of static role DN's the user is in.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public Set getRoleDNs() throws AMException, SSOException {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster private static void getAMStoreConnection() throws SSOException {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster SSOToken internalToken = (SSOToken) AccessController
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster private boolean isAMManagedRole(String nsrole) throws SSOException {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (type == AMObject.ROLE || type == AMObject.FILTERED_ROLE)
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster return true;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster return false;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster debug.message(nsrole + " is not an AM managed role");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster return false;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Gets all the static and filtered roles the user is in.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @return The Set of static and filtered role DN's the user is in.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public Set getAllRoleDNs() throws AMException, SSOException {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster Map nsrolesMap = getAttributesFromDataStore(nsroleANSet);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (!rdn.equals(ContainerDefaultTemplateRoleRDN)
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Assigns a role to the user.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param role
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * The Role that the user is assigned to.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public void assignRole(AMRole role) throws AMException, SSOException {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Assigns a role to the user.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param roleDN
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * The role DN that the user is assigned to.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public void assignRole(String roleDN) throws AMException, SSOException {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster SSOTokenManager.getInstance().validateToken(super.token);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster dsServices.modifyMemberShip(super.token, userDNs, roleDN, ROLE,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Removes a role that is assigned to the user.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param role
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * The Role that the user is assigned to.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public void removeRole(AMRole role) throws AMException, SSOException {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Removes a role that is assigned to the user.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param roleDN
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * The role DN that the user is assigned to.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public void removeRole(String roleDN) throws AMException, SSOException {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster SSOTokenManager.getInstance().validateToken(super.token);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster dsServices.modifyMemberShip(super.token, userDNs, roleDN, ROLE,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Gets all the static groups the user is in.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @return The Set of static group DN's the user is in.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public Set getStaticGroupDNs() throws AMException, SSOException {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster return getAttribute("iplanet-am-static-group-dn");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Assigns a static group to the user.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param group
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * The AMStaticGroup that the user is assigned to.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public void assignStaticGroup(AMStaticGroup group) throws AMException,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Assigns a static group to the user.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param groupDN
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * The static group DN that the user is assigned to.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public void assignStaticGroup(String groupDN) throws AMException,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster SSOTokenManager.getInstance().validateToken(super.token);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster dsServices.modifyMemberShip(super.token, userDNs, groupDN, GROUP,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Removes a static group that is assigned to the user.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param group
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * The AMStaticGroup that the user is assigned to.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public void removeStaticGroup(AMStaticGroup group) throws AMException,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Removes a static group that is assigned to the user.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param groupDN
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * The static group DN that the user is assigned to.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public void removeStaticGroup(String groupDN) throws AMException,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster SSOTokenManager.getInstance().validateToken(super.token);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster dsServices.modifyMemberShip(super.token, userDNs, groupDN, GROUP,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Gets all the assignable dynamic groups the user is in.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @return The Set of assignable dynamic group DN's the user is in.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @throws AMException
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * if there is an internal error in the AM Store
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @throws SSOException
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * if the single sign on token is no longer valid.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public Set getAssignableDynamicGroupDNs() throws AMException, SSOException {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Assigns a assignable dynamic group to the user.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param assignableDynamicGroup
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * The AssignableDynamicGroup that the user is assigned to.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @throws AMException
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * if there is an internal error in the AM Store
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @throws SSOException
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * if the single sign on token is no longer valid.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster AMAssignableDynamicGroup assignableDynamicGroup)
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster assignAssignableDynamicGroup(assignableDynamicGroup.getDN());
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Assigns a assignable dynamic group to the user.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param assignableDynamicGroupDN
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * The assignable dynamic group DN that the user is assigned to.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @throws AMException
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * if there is an internal error in the AM Store
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @throws SSOException
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * if the single sign on token is no longer valid.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public void assignAssignableDynamicGroup(String assignableDynamicGroupDN)
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster SSOTokenManager.getInstance().validateToken(super.token);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster dsServices.modifyMemberShip(super.token, userDNs,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster assignableDynamicGroupDN, ASSIGNABLE_DYNAMIC_GROUP, ADD_MEMBER);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Removes a assignable dynamic group that is assigned to the user.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param assignableDynamicGroup
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * The AssignableDynamicGroup that the user is assigned to.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @throws AMException
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * if there is an internal error in the AM Store
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @throws SSOException
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * if the single sign on token is no longer valid.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster AMAssignableDynamicGroup assignableDynamicGroup)
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster removeAssignableDynamicGroup(assignableDynamicGroup.getDN());
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Removes a assignable dynamic group that is assigned to the user.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param assignableDynamicGroupDN
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * The assignable dynamic group DN that the user is assigned to.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @throws AMException
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * if there is an internal error in the AM Store
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @throws SSOException
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * if the single sign on token is no longer valid.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public void removeAssignableDynamicGroup(String assignableDynamicGroupDN)
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster SSOTokenManager.getInstance().validateToken(super.token);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster dsServices.modifyMemberShip(super.token, userDNs,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster assignableDynamicGroupDN, ASSIGNABLE_DYNAMIC_GROUP,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Activates the user.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public void activate() throws AMException, SSOException {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Deactivates the user.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public void deactivate() throws AMException, SSOException {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Returns true if the user is activated.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @return true if the user is activated.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @throws AMException
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * if there is an internal error in the AM Store.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @throws SSOException
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * if the single sign on token is no longer valid.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public boolean isActivated() throws AMException, SSOException {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster return getStringAttribute(statusAN).equalsIgnoreCase("active");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Assigns services to the user.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param serviceNames
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Set of service names
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @throws AMException
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * if there is an internal error in the AM Store
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @throws SSOException
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * if the single sign on token is no longer valid.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @see com.iplanet.am.sdk.AMObjectImpl#assignServices(java.util.Map)
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public void assignServices(Set serviceNames) throws AMException,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (serviceNames == null || serviceNames.isEmpty()) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster Set serviceOCs = AMServiceUtils.getServiceObjectClasses(token,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster newOCs = AMCommonUtils.combineOCs(newOCs, oldOCs);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // Check if the service has the schema type (User & Dynamic)
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // specified.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // If not throw an exception.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // The object class is assigned above even if the schema type
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // is not specified. The reason behind this is to support the
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // "COS" type attributes.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster ServiceSchemaManager ssm = new ServiceSchemaManager(
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster throw new AMException(AMSDKBundle.getString("1001", args,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster debug.error("AMUserImpl: schema type validation failed-> "