DatabaseRepo.java revision 416e6233d8b831f113740660ed8857282a289cd8
/**
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
*
* Copyright (c) 2009 Sun Microsystems Inc. All Rights Reserved
*
* The contents of this file are subject to the terms
* of the Common Development and Distribution License
* (the License). You may not use this file except in
* compliance with the License.
*
* You can obtain a copy of the License at
* See the License for the specific language governing
* permission and limitations under the License.
*
* When distributing Covered Code, include this CDDL
* Header Notice in each file and include the License file
* at opensso/legal/CDDLv1.0.txt.
* If applicable, add the following below the CDDL Header,
* with the fields enclosed by brackets [] replaced by
* your own identifying information:
* "Portions Copyrighted [year] [name of copyright owner]"
*
* $Id: DatabaseRepo.java,v 1.1 2009/04/21 20:04:48 sean_brydon Exp $
*
*/
/*
* Portions Copyrighted 2011-2014 ForgeRock AS
*/
/**
* This class stores identity information in a database
*/
public class DatabaseRepo extends IdRepo {
//??can change later to another logfile but in merge list so keep for now ??
// Class name used in exception messages
private static final String PLUGIN_CLASS_NAME =
"com.sun.identity.idm.plugins.database.DatabaseRepo";
// SMS Configurations, names of schema elements in idRepoService.xml.
// Each of these schema element names is the element that holds the actual
// value for some configuration info, such as DB connection info.
// idRepoService.xml schema element name for list of IdTypes and the
//opeartions each is allowed to do
private static final String SUPPORTED_OPERATIONS_SCHEMA_NAME =
"sun-opensso-database-sunIdRepoSupportedOperations";
// idRepoService.xml schema element name for user data access object DAO
// class name. Used by factory method to bind to a DAO implementation
private static final String DAO_PLUGIN_CLASS_NAME_SCHEMA_NAME =
"sun-opensso-database-dao-class-name";
// idRepoService.xml schema element name for database data source name
//determines whether to use JNDI of JBDC to get connetcions to datasoure
private static final String JDBC_CONNECTION_TYPE_SCHEMA_NAME =
"sun-opensso-database-dao-JDBCConnectionType";
// idRepoService.xml schema element name for database data source name
//this code uses a DataSource so does not need the DB username and password
//in code for connections, since it is in config of appserver env in web.xml
private static final String DATASOURCE_SCHEMA_NAME =
"sun-opensso-database-DataSourceJndiName";
// idRepoService.xml schema element name for JDBC class to use to get
// connections to the db
private static final String JDBC_DRIVER_SCHEMA_NAME =
"sun-opensso-database-JDBCDriver";
// idRepoService.xml schema element name for url of JDBC driver
private static final String JDBC__DRIVER_URL_SCHEMA_NAME =
"sun-opensso-database-JDBCUrl";
// idRepoService.xml schema element name for username for JDBC driver
private static final String JDBC_USER_NAME_SCHEMA_NAME =
"sun-opensso-database-JDBCDbuser";
// idRepoService.xml schema element name for password for JDBC driver
private static final String JDBC__DRIVER_PASSWORD_SCHEMA_NAME =
"sun-opensso-database-JDBCDbpassword";
//wont use for now
//idRepoService.xml schema element name for list of attributes to be hashed
//private static final String ATTRIBUTES_TO_BE_HASHED_SCHEMA_NAME = "sun-opensso-database-HashAttrs";
//wont use for now
// idRepoService.xml schema element name for list of attributes to be encrypted
//private static final String ATTRIBUTES_TO_BE_ENCRYPTED_SCHEMA_NAME = "sun-opensso-database-EncryptAttrs";
// idRepoService.xml schema element name for user database table name
private static final String USER_DB_TABLE_NAME_SCHEMA_NAME =
"sun-opensso-database-UserTableName";
// idRepoService.xml schema element name for password attribute
private static final String USER_PASSWORD_SCHEMA_NAME =
"sun-opensso-database-UserPasswordAttr";
// idRepoService.xml schema element name for userID attribute
private static final String USER_ID_SCHEMA_NAME =
"sun-opensso-database-UserIDAttr";
// ???? Status attribute ??? is this status used for users, roles, groups,
private static final String USER_STATUS_SCHEMA_NAME =
"sun-opensso-database-UserStatusAttr";
// idRepoService.xml schema element name for user status active value
//for example the value could be "Active" or whatever is specified in
//idReposervices.xml under this attribute
private static final String USER_STATUS_ACTIVE_VALUE_SCHEMA_NAME =
"sun-opensso-database-activeValue";
// idRepoService.xml schema element name for user status in-active value
//for example the value could be "Inactive"
private static final String USER_STATUS_INACTIVE_VALUE_SCHEMA_NAME =
"sun-opensso-database-inactiveValue";
// idRepoService.xml schema element name for max search results value
private static final String SEARCH_MAX_RESULT =
"sun-opensso-database-config-max-result";
// idRepoService.xml schema element name for user db attr name to use
// when doing search queries
private static final String USERS_SEARCH_ATTRIBUTE_SCHEMA_NAME =
"sun-opensso-database-config-users-search-attribute";
// idRepoService.xml schema element name for set of user attribute names
private static final String SET_OF_USER_ATTRIBUTES_SCHEMA_NAME =
"sun-opensso-database-UserAttrs";
// idRepoService.xml schema element name of the table in the DB for
// membership info, like a groups table which holds group info
private static final String MEMBERSHIP_TABLE_NAME_SCHEMA_NAME =
"sun-opensso-database-MembershipTableName";
// idRepoService.xml schema element name of the column in the DB within the
// membership table which is the unique column identifying the membership
// id, like a group_name column which holds a name that uniquely identifies
// a group
private static final String MEMBERSHIP_ID_ATTRIBUTE_NAME_SCHEMA_NAME =
"sun-opensso-database-MembershipIDAttr";
// idRepoService.xml schema element name of the column in the DB within the
// membership table and that column name is used for searches
private static final String MEMBERSHIP_SEARCH_ATTRIBUTE_NAME_SCHEMA_NAME =
"sun-opensso-database-membership-search-attribute";
// Fields that represent the actual values that were retrieved from
// idRepoService.xml schema element names
//Used by factory method to bind to a DAO implementation. Value is
//obtained from idRepoService.xml but a default is assigned.
// example value com.sun.identity.idm.plugins.jdbc.JdbcSimpleUserDao
private String daoClassName;
//Data Access Object for accessing a DB datastore
private DaoInterface dao;
private String userDataBaseTableName;
// Password attribute used in authenticate method
private String passwordAttributeName;
private String userIDAttributeName;
//list of IdTpes and associated operations each is allowd to do
//name of user status attribute column
private String statusAttributeName;
//in some conditions, like there is no statusAttributeName available in
//idRepoService.xml, then may set the users status as always active
//since there is no attribute column to check for a user's status value
private boolean alwaysActive = false;
//these values are used to compare with values retreived from user db table
//status attribute column to see if user is active or not
private String statusActiveComparisonValue =
private String statusInActiveComparisonValue =
//determine the deafult for number of search results to fetch
private int defaultSearchMaxResults = 100;
//attribute column name to be used in searches fro users
// name of the table in the DB for membership info, like a groups table
// name of the column in the DB within the membership table which is the
// unique column identifying the membership id, like a group_name column
// which holds a name that uniquely identifies a group
// name of the column in the DB within the membership table and that
// column name is used for searches
// Initialization exception
public DatabaseRepo() {
}
//load some default ops, later they are changed in initialize
//based on user provided list of types and allowed ops
}
/*
* Initialization of parameters as configured for a given plugin.
*
* @see com.sun.identity.idm.IdRepo#initialize(java.util.Map)
*/
if (debug.messageEnabled()) {
}
super.initialize(configParams);
//helper for parsing config info
new RepoConfigHelper(debug);
try {
//validate
+ " from IdRepoService.xml can not be null or empty."
+ " daoClassName=" + daoClassName;
return;
} else {
}
} catch (ClassNotFoundException cnfe) {
+ " DAO class. Can not configure this datastore", cnfe);
return;
} catch (InstantiationException ie) {
+ " DAO class. Can not configure this datastore", ie);
return;
} catch (IllegalAccessException iae) {
+ " DAO class. Can not configure this datastore", iae);
return;
+ " DAO class. Can not configure this datastore", noDAOex);
return;
}
//determines whether to use JNDI or JDBC driver manager for connections
boolean useJNDI;
useJNDI = true;
} else {
//unless JNDI is specified, then assume JDBC
useJNDI = false;
}
//Get the name of the database table for users
if (userDataBaseTableName == null
+ " on User DataBase Table Name config info, value must be"
+ " non-null and not empty for"
+ " userDataBaseTableName=" + userDataBaseTableName;
if (debug.errorEnabled()) {
}
//consider returning and not continuing ??
}
//now get membership info, for example to support groups
//validate membership config info
|| membershipSearchAttributeName == null) {
//no need to validate against length==0 ,can be blank since optional
//RFE: use the supportedOps to see if groups is allowed and if so
// then make sure values are not blank since they will be used
+ " on membership config info, values must be non-null for"
+ " membershipTableName=" + membershipTableName
+ " membershipIdAttributeName=" + membershipIdAttributeName
+ " membershipSearchAttributeName="
if (debug.errorEnabled()) {
}
//consider returning and not continuing ??
}
if (debug.messageEnabled()) {
+ " membershipTableName=" + membershipTableName
+ " membershipIdAttributeName=" + membershipIdAttributeName
+ " membershipSearchAttributeName="
}
if (useJNDI) {
//name to use to lookup DataSource for database connections,
&& userDataBaseTableName != null
if (debug.messageEnabled()) {
+ "DAO initialize, for useJNDI=" + useJNDI);
}
try {
//this exception is used as a flag to determine whether this
//idRepo has been connected to its data store or not
//and sometimes thrown from other methods if error on initialize
+ " set up DB datasource connection.", ex);
}
} else {
+ " and userDataBaseTableName must be not null and not"
+ " empty. So initialize can not succeed."
+ " datasourceName=" + datasourceName
+ " userDataBaseTableName" + userDataBaseTableName;
//consider returning and not continuing ??
}
} else { //use JDBC DriverManager params to initialize DAO
//if connection type is JDBC ...
//if JDBCConnectionType is JDBC then it needs the DriverManager
//class name, plus the url, dbUserName, dbPassword to get connections
//url of JDBC driver
// username for JDBC driver
// password for JDBC driver
&& userDataBaseTableName != null
if (debug.messageEnabled()) {
+ "DAO initialize, for useJNDI=" + useJNDI);
}
try {
//this exception is used as a flag to determine whether this
//idRepo has been connected to its data store or not
//and sometimes thrown from other methods if error on initialize
+ " set up DB datasource connection.", ex);
}
} else {
+ " jdbcDriver, jdbcDriverUrl, jdbcDbUser, jdbcDbPassword,"
+ " and userDataBaseTableName must be not null and not"
+ " empty. So initialize can not succeed."
+ " jdbcDriver=" + jdbcDriver
+ " jdbcDriverUrl=" + jdbcDriverUrl
+ " jdbcDbUser=" + jdbcDbUser
+ " jdbcDbPassword=" + jdbcDbPassword
+ " userDataBaseTableName" + userDataBaseTableName;
//consider returning and not continuing ??
}
}
// Get password attribute name
// Get userID attribute name
//get the set of operations for each IdType allowed
// Get name of status attribute from idRepoService.xml config
//if nothing specified then each user is always active
alwaysActive = true;
}
// Get value of status attribute from idRepoService.xml config. This
//value is used to compare with values retreived from db to test if user
//status value is set to active, so need to find value that means active.
if (debug.messageEnabled()) {
+ "\n\t Password Attr name: " + passwordAttributeName
+ "\n\t User ID Attr name: " + userIDAttributeName
+ "\n\t userAtttributesAllowed: "+ userAtttributesAllowed
+ "\n\tStatus Attr name: " + statusAttributeName
+ "\n\t defaultSearchMaxResults:" + defaultSearchMaxResults
+ "\n\t userSearchNamingAttr:" + userSearchNamingAttr
+ "\n\tsupportedOps Map Attr: " + supportedOps);
}
}
/*
* (non-Javadoc)
*
* Creates an identity.
*
* @param token
* Single sign on token of identity performing the task. This is not
* used.
* @param type
* Identity type of this object. For example user or agent etc.
* @param name
* Name of the object of interest, usually a user id.
* @param attrMap
* Map of attribute-values assoicated with this object. The values would
* be stored in the database in the corresponding columns for example.
* If it contains attribute names which dont correspond to table coulmn
* names the an error coccurs. Similarly if the values are bad for
* example.
* @throws IdRepoException If there are repository related error conditions.
* @throws SSOException If identity's single sign on token is invalid.
*
* @see com.sun.identity.idm.IdRepo#create(com.iplanet.sso.SSOToken,
* com.sun.identity.idm.IdType, java.lang.String, java.util.Map)
*/
throws IdRepoException, SSOException {
if (initializationException != null) {
"DatabaseRepo.create: throwing initialization exception");
throw (initializationException);
}
if (debug.messageEnabled()) {
+ "\n\tattrMap=" + attrMap);
}
if (debug.messageEnabled()) {
}
}
if (debug.messageEnabled()) {
+ "\n\tattrMap=" + attrMap);
}
return name;
}
//add name to the attrMap and try to add it
} else {
//contains userIDAttributeName key but now check value is ok
}
}
//throw exception if this type user not allowed to do this
//FIX: dont use isExists since it is extra query. Plus to be consistent
//would need the two queries in a transaction
//put info into DB
//FIX: should validate that attrMap is Ok, has required
// attributes, proper types for values etc
} else {
//Name already exists
}
if (createdName == null) {
//later, need to throw IdRepoException..need to add proper message to amIdrepo.properties
return ""; //empty string ?
} else {
return createdName;
}
}
/*
* (non-Javadoc)
* Deletes an identity.
*
* @param token
* Single sign on token of identity performing the task.
* @param type
* Identity type of this object.
* @param name
* Name of the object of interest.
*
* @throws IdRepoException If there are repository related error conditions.
* @throws SSOException If identity's single sign on token is invalid.
*
* @see com.sun.identity.idm.IdRepo#delete(com.iplanet.sso.SSOToken,
* com.sun.identity.idm.IdType, java.lang.String)
*/
throws IdRepoException, SSOException {
if (initializationException != null) {
"DatabaseRepo.delete: throwing initialization exception");
throw (initializationException);
}
if (debug.messageEnabled()) {
+ " name=" + name);
}
//throw exception if this type user not allowed to do this
}
} else {
if (debug.messageEnabled()) {
+ "empty so delete will not be executed. name=" + name);
}
}
}
/*
* Returns just --requested-- attributes and values of name object.
* Allows user to provide a set of attributes that should be returned,
* and this set of attributes to retrieve is provided in parameter
* Set attrNames.
*
* @see com.sun.identity.idm.IdRepo#getAttributes(com.iplanet.sso.SSOToken,
* com.sun.identity.idm.IdType, java.lang.String, java.util.Set)
*/
if (initializationException != null) {
"DatabaseRepo.getAttributes: throwing initialization exception");
throw (initializationException);
}
if (debug.messageEnabled()) {
+ "\n\treturn attributes=" + attrNames);
}
//throw exception if this type user not allowed to do this
// Get all the attributes and return the subset
//Map answer = (attrNames == null) ? null : new HashMap();
//get all attributes and their corresponding values Sets
} else {
//make a map that only includes the attributes specified in input
//paramater Set attrNames,
}
}
}
return (answer);
}
/*
* Returns --all-- attributes and values of name object
* so whole row of DB table for this user for example
*
* a String key and a Set as the value where Set can be the String values
* for that attribute. Does the case matter????
* Should the values to a CaseSenstiveHashMap ???? or all lowercase?
* should keys be lowercase ???
* What should I put in the case of when an attribute has no values???
*
* @see com.sun.identity.idm.IdRepo#getAttributes(com.iplanet.sso.SSOToken,
* com.sun.identity.idm.IdType, java.lang.String)
*/
throws IdRepoException, SSOException {
if (initializationException != null) {
+ " initialization exception");
throw (initializationException);
}
if (debug.messageEnabled()) {
}
//throw exception if this type user not allowed to do this
//RFE: consider making the groups allowed to be fetched set a
//config option in UI as with userAtttributesAllowed
}
//not sure this is how case insensitive map works???
//are keys insensitive or set of values or ????
return answer;
}
/**
* Set the values of attributes of the identity.
*
* @param token
* Single sign on token of identity performing the task.
* @param type
* Identity type of this object.
* @param name
* Name of the object of interest.
* @param attributes
* Map of attribute-values to set or add.
* @param isAdd
* if <code>true</code> add the attribute-values; otherwise
* replaces the attribute-values.
* @throws IdRepoException If there are repository related error conditions.
* @throws SSOException If identity's single sign on token is invalid.
*
* @see com.sun.identity.idm.IdRepo#setAttributes(com.iplanet.sso.SSOToken,
* com.sun.identity.idm.IdType, java.lang.String, java.util.Map,
* boolean)
*/
throws IdRepoException, SSOException {
if (initializationException != null) {
+ " initialization exception");
throw (initializationException);
}
if (debug.messageEnabled()) {
+ "\n\tAttributes=" + attributes);
}
//throw exception if this type user not allowed to do this
//for now set isAdd to false since I will just replace the
//current values with the new values
//FIX: later add support for multi-valued attributes
isAdd = false;
} else {
if (debug.messageEnabled()) {
+ " name is null or empty so delete will not be"
+ " executed. name=" + name);
}
}
}
/*
* Removes the attributes from the identity.
*
* @see com.sun.identity.idm.IdRepo#removeAttributes(
* com.iplanet.sso.SSOToken, com.sun.identity.idm.IdType,
* java.lang.String, java.util.Set)
*/
if (initializationException != null) {
+ " initialization exception");
throw (initializationException);
}
if (debug.messageEnabled()) {
}
//throw exception if this type user not allowed to do this
//TO DO LATER...Not sure this is needed for a database repo?
}
/*
* (non-Javadoc)
*
* @see com.sun.identity.idm.IdRepo#getBinaryAttributes(
* com.iplanet.sso.SSOToken, com.sun.identity.idm.IdType,
* java.lang.String, java.util.Set)
*/
if (initializationException != null) {
+ " initialization exception");
throw (initializationException);
}
if (debug.messageEnabled()) {
}
//throw exception if this type user not allowed to do this
//Map stringAttributes = getAttributes(token, type, name, attrNames);
//TO DO LATER
return Collections.EMPTY_MAP;
}
/*
* (non-Javadoc)
*
* Set the values of binary attributes the identity.
*
* @see com.sun.identity.idm.IdRepo#setBinaryAttributes(
* com.iplanet.sso.SSOToken, com.sun.identity.idm.IdType,
* java.lang.String, java.util.Map, boolean)
*/
throws IdRepoException, SSOException {
if (initializationException != null) {
+ " initialization exception");
throw (initializationException);
}
if (debug.messageEnabled()) {
+ "\n\t attributes=" + attributes);
}
//throw exception if this type user not allowed to do this
//TODO LATER
}
/*
* Returns members of an identity. Applicable if identity is a
* group or a role.
* @see com.sun.identity.idm.IdRepo#getMembers(com.iplanet.sso.SSOToken,
* com.sun.identity.idm.IdType, java.lang.String,
* com.sun.identity.idm.IdType)
*/
if (initializationException != null) {
+ " initialization exception");
throw (initializationException);
}
if (debug.messageEnabled()) {
}
+ "membersTypeare can not be null, so returning empty set."
+ ": membersType=" + membersType);
return Collections.EMPTY_SET;
}
throw new IdRepoException(
}
//throw exception if this type user not allowed to do this
//isValidType(type, "getMembers");
+ " supported for Users");
} else {
"305", args);
}
}
if (debug.messageEnabled()) {
+ members);
}
return members;
}
/*
* Receive a name and the idType of that name, plus the type of memberships
* that you are interested in. For example, for a "user" named "chris"
* get all the groups that he is a member of.
*
* @return Set of objects that <code>name</code> is a member of.
*
* @see com.sun.identity.idm.IdRepo#getMemberships(
* com.iplanet.sso.SSOToken, com.sun.identity.idm.IdType,
* java.lang.String, com.sun.identity.idm.IdType)
*/
if (initializationException != null) {
+ " exception");
throw (initializationException);
}
if (debug.messageEnabled()) {
}
//throw exception if this type user not allowed to do this
//isValidType(type, "getMemberships");
+ "membersTypeare can not be null, so returning empty set."
+ ": membershipType=" + membershipType);
return Collections.EMPTY_SET;
}
+ " other than Users is not allowed ");
} else {
} else { // Memberships of any other types not supported for
+ " types of entities not supported for Users");
membershipType.getName() };
throw new IdRepoException(
}
}
}
if (debug.messageEnabled()) {
+ groups);
}
return groups;
}
/*
* (non-Javadoc)
*
* Modify membership of the identity. Set of members is
* a set of unique identifiers of other identities.
*
* @see com.sun.identity.idm.IdRepo#modifyMemberShip(
* com.iplanet.sso.SSOToken, com.sun.identity.idm.IdType,
* java.lang.String, java.util.Set, com.sun.identity.idm.IdType, int)
*/
throws IdRepoException, SSOException {
if (initializationException != null) {
+ " initialization exception");
throw (initializationException);
}
if (debug.messageEnabled()) {
}
//throw exception if this type user not allowed to do this
//isValidType(type, "modifyMemberShip");
if (debug.messageEnabled()) {
+ " name can not be null. type=" + type
+ " name=" + name );
}
return; //maybe should throw exception instead?
}
if (debug.messageEnabled()) {
+ " operation must have value equivalent to ADD or"
+ " REMOVE. operation=" + operation);
}
return; //maybe should throw exception instead?
}
if (debug.messageEnabled()) {
+ " is empty");
}
}
if (debug.messageEnabled()) {
" to users is not supported");
}
}
if (debug.messageEnabled()) {
" type cannot be made a member of any identity"
+ membersType.getName());
}
}
switch (operation) {
case ADDMEMBER:
break;
case REMOVEMEMBER:
}
} else {
}
}
/*
* Search for specific type of identities.
*
* @see com.sun.identity.idm.IdRepo#search(com.iplanet.sso.SSOToken,
* com.sun.identity.idm.IdType, java.lang.String, int, int,
* java.util.Set, boolean, int, java.util.Map, boolean)
*
* @param token
* Single signon token of identity performing the task. (Not Using)
* @param type
* Identity type of this object.
* @param pattern
* pattern to search for. The pattern can either be an id, for example
* a user's id. Or pattern can be just a * which means all. Or pattern
* can be a string that contains * such as searching for any ids that
* match *ea* like 'sean' , or it could be pattern with just one * in
* front or back
* if pattern is NULL or empty or "*" then they all mean pattern = "*"
* which is wildcard char. Note, wildcard searches can be modified as
* they are affected by other params like avPairs whxi add other
* conditions to the seacrhes.
* @param maxTime
* maximum wait time for search. (Not Using)
* @param maxResults
* maximum records to return.
* @param returnAttrs
* Set of attribute names to return. If this is null, then all
* atrributes will be fetched and returned. If empty then no attributes
* will be fetched and returned, and just the set of ids will be
* returned, and for each id it will have an empty set for values.
* @param returnAllAttrs
* flag specifies if should return all attributes for each id
* that matches search. This overrides the setting of returnAttrs, so if
* this flag is true then all attributes will be fecthed and returned
* no matter what the value of returnAttrs parameter.
* @param filterOp
* filter condition. For example IdRepo.OR_MOD or IdRepo.AND_MOD and
* then the WHERE clause of SQL search will use this operand between
* the avPairs comparisons
* @param avPairs
* additional search conditions. For example, these would be added to
* the search query WHERE clause, like WHERE last_name = 'Jones' and
* you could use the attribute-value in the map for column last_name
* and value 'Jones'.
* @param recursive
* boolean to indicate recursive search? (Not Using)
*
* @return RepoSearchResults
* @throws IdRepoException If there are repository related error conditions.
* @throws SSOException If identity's single sign on token is invalid.
*/
if (initializationException != null) {
+ " initialization exception");
throw (initializationException);
}
if (debug.messageEnabled()) {
+ " recursive=" + recursive);
}
//throw exception if this type user not allowed to do this
if (maxResults < 1) {
if (debug.messageEnabled()) {
+ " to deafult, so now maxResults=" + maxResults);
}
}
//?? SHOULD THE RETURNED LIST BE ORDERED ????
//a set of Maps where each map is a user and their attributes
//determine the set of attributes to fetch from the database
if (returnAttrs == null){
//to fetch all user attributes, need to pass in all attr names
//RFE: treat groupAttrsAllowed in same way as userAtttributesAllowed
}
} else if(returnAttrs.isEmpty()) {
//fetch just userIDs
}
} else {
}
filterOpString = "OR";
filterOpString = "AND";
}
//what if pattern or values in avPairs contain wildcard chars of SQL
//in SQL % allows you to match any string of any length
//in SQL _ allows you to match on a single character
//later consider if this case matters?
//get all users
users = dao.search(userIDAttributeName, maxResults, "", attributesToFetch, filterOpString, avPairs);
users = dao.searchForGroups(membershipIdAttributeName, maxResults, "", attributesToFetch, filterOpString, avPairs);
}
} else {
//get users that match with the pattern
//not sure if we need to differentiate between case where
// avPairs==null or empty ??? vs when avPairs has attrs and values??
//AFAIK the searches on a pattern all include something in avPairs
//substitute % for * for sql LIKE query
//avPairs with values having wilcard chars replaced
//need to replace % for * in all avPairs too
//modify each value to replace any wildcard chars
}
}
}
//now that Set values has each value with new wildcard
//replace it in the changed avPairsMap
}
}
}
users = dao.search(userIDAttributeName, maxResults, searchPattern, attributesToFetch, filterOpString, avPairsChanged);
users = dao.searchForGroups(membershipIdAttributeName, maxResults, searchPattern, attributesToFetch, filterOpString, avPairsChanged);
}
}
}
}
//I believe that is this case, we should only return the userids
// and each Map is empty???
//Or should it be the user id and for
//each user id the Set of just useridattrname=value ????
//for now, just return userids and empty map
//throw away any fetched attrs for each userid, if any
//now set each id's value set to an empty set
}
}
if (debug.messageEnabled()) {
}
}
/*
* (non-Javadoc)
*
* @see com.sun.identity.idm.IdRepo#getSupportedOperations(
* com.sun.identity.idm.IdType)
*/
if (debug.messageEnabled()) {
+ supportedOps);
}
}
/*
* Load some default operations for different id types. This just sets up
* each IdType with almost all possible opeartions being allowed.
* Later they can be made more fine grained and they are changed in
* initialize method based on user provided list of types and allowed ops.
*
* If nothing is provided in idRepoService.xml so nothing is fetched in and
* initialize hence nothing is set, then these defaults will still apply.
*
* When finished it has set this info in the class field Map supportedOps
*/
private static void loadDefaultSupportedOps() {
//supportedOps.put(IdType.REALM, Collections.unmodifiableSet(opSet));
//supportedOps.put(IdType.AGENT, Collections.unmodifiableSet(op2Set));
//supportedOps.put(IdType.FILTEREDROLE, Collections.unmodifiableSet(op2Set));
if (debug.messageEnabled()) {
"\n\t supportedOps=" + supportedOps);
}
}
/*
* Returns the supported types of identities for this
* plugin. If a plugin does not override this method, it
* returns an empty set.
*
* @return a Set of IdTypes supported by this plugin.
*
* @see com.sun.identity.idm.IdRepo#getSupportedTypes()
*/
public Set getSupportedTypes() {
if (debug.messageEnabled()){
}
return supportedOps.keySet();
}
/*
* (non-Javadoc)
*
* Returns true if the <code> name </code> object exists in the data store.
*
* @see com.sun.identity.idm.IdRepo#isExists(com.iplanet.sso.SSOToken,
* com.sun.identity.idm.IdType, java.lang.String)
*/
throws IdRepoException, SSOException {
if (initializationException != null) {
+ " initialization exception");
throw (initializationException);
}
if (debug.messageEnabled()) {
}
//throw exception if this type user not allowed to do this
boolean entryExists = true;
if(userDetails.isEmpty()) {
entryExists = false;
}
return entryExists;
}
/**
* Returns true if the <code> name </code> object is active
* The convention is that a user is only considered inactive if the user
* active attribute is explicitly set to be inactive.
* If the user does not exist then also is considered inactive.
* Otherwise if user exists and is not set to inactive, then user is active.
*
* @see com.sun.identity.idm.IdRepo#isActive(com.iplanet.sso.SSOToken,
* com.sun.identity.idm.IdType, java.lang.String)
*/
throws IdRepoException, SSOException {
if (initializationException != null) {
+ " initialization exception");
throw (initializationException);
}
if (debug.messageEnabled()) {
}
//throw exception if this type user not allowed to do this
//get the row of this user's data and pull out their status column value
try {
} catch (IdRepoException idrepoerr) {
if (debug.messageEnabled()) {
+ " got IdRepoException=" + idrepoerr);
}
return false; //can't determine user existence so inactive
}
if (debug.messageEnabled()) {
}
if (debug.messageEnabled()) {
+ " for user name=" + name
+ " got no results, either null or empty, which indicates"
+ " user does not exists, so considered inactive.");
}
return false;
}
//Since user exists, now check if active
//if alwaysActive flag is set and user exists then active
if (alwaysActive) {
return true;
}
//check value of the active attribute for the user
return true; //no value specified for active attr, means active
}
//in most cases this is not multi-valued, but just in case later it is
//we will iterate thru values.
//only if ALL values are INACTIVE, is user considered inactive
//otherwise any other value means active
boolean allValuesInactive = true;
//check if ALL values are INACTIVE
allValuesInactive = false; //null means active
//if value is anything other than "InActive" then its active
allValuesInactive = false; ///
}
}
if (allValuesInactive) {
return false;
} else {
return true;
}
}
/*
* Sets the object's status to <code>active</code>.
* @see com.sun.identity.idm.IdRepo#setActiveStatus(
* com.iplanet.sso.SSOToken, com.sun.identity.idm.IdType,
* java.lang.String, boolean)
*/
if (initializationException != null) {
+ " initialization exception");
throw (initializationException);
}
if (debug.messageEnabled()) {
+ " active=" + active);
}
if (debug.messageEnabled()) {
+ " so can not set active status. name=" + name);
}
return;
}
//throw exception if this type user not allowed to do this
if (active) {
} else {
}
}
/*
* Returns the fully qualified name for the identity. It is expected that
* the fully qualified name would be unique, hence it is recommended to
* prefix the name with the data store name or protocol. Used by IdRepo
* framework to check for equality of two identities
*/
if (initializationException != null) {
+ " initialization exception");
throw (initializationException);
}
if (debug.messageEnabled()) {
}
"220", args);
}
//need to search for name and then make the url of datasource db
if (debug.messageEnabled()) {
" search results dns=" + dns);
}
}
// example url is jdbc:mysql://localhost:3306/openssousersdb
if (debug.messageEnabled()) {
" about to return fqdn=" + fqdn);
}
return (fqdn);
}
/*
* Returns <code>true</code> if the data store supports authentication of
* identities. Used by IdRepo framework to authenticate identities.
*/
public boolean supportsAuthentication() {
final boolean AUTHN_ENABLED = true;
if (debug.messageEnabled()) {
" authenticationEnabled=" + AUTHN_ENABLED);
}
return (AUTHN_ENABLED);
}
/*
* Returns <code>true</code> if the data store successfully authenticates
* the identity with the provided credentials. In case the data store
* requires additional credentials, the list would be returned via the
* <code>IdRepoException</code> exception.
*/
if (initializationException != null) {
+ " initialization exception");
throw (initializationException);
}
if (debug.messageEnabled()) {
" credentials=" + credentials);
}
//Obtain user name and password from credentials and authenticate
if (credentials[i] instanceof NameCallback) {
if (debug.messageEnabled()) {
username);
}
} else if (credentials[i] instanceof PasswordCallback) {
}
}
}
return (false);
}
// Get user's password attribute
if (debug.messageEnabled()) {
}
return (false);
}
if (debug.messageEnabled()) {
}
return (false);
}
/**if (hashAttributes.contains(passwordAttributeName)) {
password = Hash.hash(password);
}
*/
if (debug.messageEnabled()) {
}
}
throws IdRepoException
{
try {
if (debug.messageEnabled()) {
}
} else {
if (debug.messageEnabled()) {
}
}
} catch (SSOException ssoe) {
// Can ignore this as this won't happen. No token was passed.
}
return attributes;
}
/*
* (non-Javadoc)
*
* @see com.sun.identity.idm.IdRepo#addListener(com.iplanet.sso.SSOToken,
* com.iplanet.am.sdk.IdRepoListener)
*/
throws IdRepoException, SSOException {
if (debug.messageEnabled()) {
}
//TO DO LATER
return 0;
}
/*
* (non-Javadoc)
*
* @see com.sun.identity.idm.IdRepo#removeListener()
*/
public void removeListener() {
if (debug.messageEnabled()) {
}
//TO DO LATER
}
/*
* (non-Javadoc)
*
* @see com.sun.identity.idm.IdRepo#assignService(com.iplanet.sso.SSOToken,
* com.sun.identity.idm.IdType, java.lang.String, java.lang.String,
* com.sun.identity.sm.SchemaType, java.util.Map)
*/
throws IdRepoException, SSOException {
if (initializationException != null) {
+ " initialization exception");
throw (initializationException);
}
if (debug.messageEnabled()) {
+ "\n\tSchema Type stype=" + stype
}
//throw exception if this type user not allowed to do this
//TO DO LATER
}
/*
* If the service is already assigned to the identity then
* this method unassigns the service and removes the related
* attributes from the entry.
*
* @see com.sun.identity.idm.IdRepo#unassignService(
* com.iplanet.sso.SSOToken, com.sun.identity.idm.IdType,
* java.lang.String, java.lang.String, java.util.Map)
*/
if (initializationException != null) {
+ " initialization exception");
throw (initializationException);
}
if (debug.messageEnabled()) {
}
//throw exception if this type user not allowed to do this
//TO DO LATER
}
/*
* (non-Javadoc)
*
* @see com.sun.identity.idm.IdRepo#getAssignedServices(
* com.iplanet.sso.SSOToken, com.sun.identity.idm.IdType,
* java.lang.String, java.util.Map)
*/
if (initializationException != null) {
+ " initialization exception");
throw (initializationException);
}
if (debug.messageEnabled()) {
+ " name=" + name
+ " mapOfServicesAndOCs=" + mapOfServicesAndOCs);
}
//throw exception if this type user not allowed to do this
//TO DO LATER
return Collections.EMPTY_SET;
}
/*
* (non-Javadoc)
*
* Modifies the attribute values of the service attributes.
*
* @see com.sun.identity.idm.IdRepo#modifyService(com.iplanet.sso.SSOToken,
* com.sun.identity.idm.IdType, java.lang.String, java.lang.String,
* com.sun.identity.sm.SchemaType, java.util.Map)
*/
throws IdRepoException, SSOException {
if (initializationException != null) {
+ " initialization exception");
throw (initializationException);
}
if (debug.messageEnabled()) {
}
//throw exception if this type user not allowed to do this
//TO DO LATER
}
/*
* (non-Javadoc)
*
* @see com.sun.identity.idm.IdRepo#getServiceAttributes(
* com.iplanet.sso.SSOToken,
* com.sun.identity.idm.IdType, java.lang.String, java.lang.String,
* java.util.Set)
*/
if (initializationException != null) {
+ " initialization exception");
throw (initializationException);
}
if (debug.messageEnabled()) {
+ " attrNames=" + attrNames);
}
//throw exception if this type user not allowed to do this
//TO DO LATER
return Collections.EMPTY_MAP;
}
/*
* (non-Javadoc)
*
* @see com.sun.identity.idm.IdRepo#getServiceAttributes(
* com.iplanet.sso.SSOToken,
* com.sun.identity.idm.IdType, java.lang.String, java.lang.String,
* java.util.Set)
*/
throws IdRepoException, SSOException {
if (initializationException != null) {
+ " initialization exception");
throw (initializationException);
}
if (debug.messageEnabled()) {
+ " attrNames=" + attrNames);
}
//throw exception if this type user not allowed to do this
//TO DO LATER
return Collections.EMPTY_MAP;
}
//throw exception if this type user not allowed to do this
//@param methodName may be used if need to log any debug messages
throws IdRepoUnsupportedOpException {
//if not a user type then should not execute
// if (!type.equals(IdType.USER))
if (debug.messageEnabled()) {
+ " was called with type="
+ " but this is an unsupported operation for this type of"
+ " user. So operation cannot be executed. Exception will be"
+ " thrown.");
}
"305", args);
}
}
}