Organization.java revision a82d04bc19fee9d5e34b41ccd7641da1f62ab634
/*
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
*
* Copyright (c) 2006 Sun Microsystems Inc. All Rights Reserved
*
* The contents of this file are subject to the terms
* of the Common Development and Distribution License
* (the License). You may not use this file except in
* compliance with the License.
*
* You can obtain a copy of the License at
* See the License for the specific language governing
* permission and limitations under the License.
*
* When distributing Covered Code, include this CDDL
* Header Notice in each file and include the License file
* at opensso/legal/CDDLv1.0.txt.
* If applicable, add the following below the CDDL Header,
* with the fields enclosed by brackets [] replaced by
* your own identifying information:
* "Portions Copyrighted [year] [name of copyright owner]"
*
* $Id: Organization.java,v 1.9 2009/11/20 23:52:55 ww203982 Exp $
*
* Portions Copyrighted 2011-2015 ForgeRock AS.
* Portions Copyrighted 2012 Open Source Solution Technology Corporation
*/
/**
* This class represents a group of OpenAM organizations.
*/
public class Organization implements Subject {
// Variables
private boolean initialized = false;
private String userSearchFilter;
private String orgSearchFilter;
private String userRDNAttrName;
private String orgRDNAttrName;
private int timeLimit;
private int maxResults;
private boolean sslEnabled = false;
private int minPoolSize;
private int maxPoolSize;
private ConnectionFactory connPool;
private boolean localDS;
private boolean aliasEnabled;
private String ldapServer;
// Debug
/**
* Constructor with no parameter
*/
public Organization() {
// do nothing
}
/**
* Initialize the <code>Organization</code> object by using the
* configuration information passed by the Policy Framework.
* @param configParams the configuration information
* @exception PolicyException if an error occured during
* initialization of the instance
*/
if (configParams == null) {
}
if (configuredLdapServer == null) {
+ "server name. If you enter more than one server name "
+ "in the policy config service's Primary LDAP Server "
+ "field, please make sure the ldap server name is preceded "
+ "with the local server name.");
}
}
} else {
}
} else {
}
try {
} catch (NumberFormatException nfe) {
throw (new PolicyException(nfe));
}
sslEnabled = true;
} else {
sslEnabled = false;
}
// get the organization name
}
if (debug.messageEnabled()) {
+ "\nldapServer: " + ldapServer
+ "\nauthid: " + authid
+ "\nbaseDN: " + baseDN
+ "\nuserSearchFilter: " + userSearchFilter
+ "\nuserRDNAttrName: " + userRDNAttrName
+ "\norgSearchFilter: " + orgSearchFilter
+ "\norgRDNAttrName: " + orgRDNAttrName
+ "\ntimeLimit: " + timeLimit
+ "\nmaxResults: " + maxResults
+ "\nminPoolSize: " + minPoolSize
+ "\nmaxPoolSize: " + maxPoolSize
+ "\nSSLEnabled: " + sslEnabled
+ "\nOrgName: " + orgName);
}
// initialize the connection pool for the ldap server
initialized = true;
}
/**
* Returns the syntax of the values the <code>Organization</code>
* @see com.sun.identity.policy.Syntax
* @param token the <code>SSOToken</code> that will be used
* to determine the syntax
* @return set of of valid names for the user collection.
* @exception SSOException if <code>SSOToken</code> is not valid
*/
return (Syntax.MULTIPLE_CHOICE);
}
/**
* Returns a list of possible values for the <code>Organization
* </code>.
*
* @param token the <code>SSOToken</code> that will be used
* to determine the possible values
*
* @return <code>ValidValues</code>
*
* @exception SSOException if <code>SSOToken</code> is not valid
* @exception PolicyException if unable to get the list of valid
* names.
*/
}
/**
* Returns a list of possible values for the <code>Organization
* </code> that satisfy the given <code>pattern</code>.
*
* @param token the <code>SSOToken</code> that will be used
* to determine the possible values
* @param pattern search pattern that will be used to narrow
* the list of valid names.
*
* @return <code>ValidValues</code>
*
* @exception SSOException if <code>SSOToken</code> is not valid
* @exception PolicyException if unable to get the list of valid
* names.
*/
throws SSOException, PolicyException {
if (!initialized) {
}
} else {
}
if (debug.messageEnabled()) {
"Organization.getValidValues(): organization search filter is: "
+ searchFilter);
}
try {
// connect to the server to authenticate
if (reader.isReference()) {
//ignore
} else {
}
}
}
} catch (LdapException le) {
} else {
}
if (additionalMsg != null) {
} else {
throw new PolicyException(errorMsg);
}
}
} catch (Exception e) {
throw new PolicyException(e);
}
if (debug.messageEnabled()) {
}
}
/**
* Returns the display name for the value for the given locale.
* For all the valid values obtained through the methods
* <code>getValidValues</code> this method must be called
* by GUI and CLI to get the corresponding display name.
* The <code>locale</code> variable could be used by the
* plugin to customize the display name for the given locale.
* The <code>locale</code> variable could be <code>null</code>,
* in which case the plugin must use the default locale (most probabily
* en_US).
* Alternatively, if the plugin does not have to localize
* the value, it can just return the <code>value</code> as is.
*
* @param value one of the valid value for the plugin
* @param locale locale for which the display name must be customized
*
* @exception NameNotFoundException if the given <code>value</code>
* is not one of the valid values for the plugin
*/
throws NameNotFoundException {
}
/**
* Returns the values that was set using the
* method <code>setValues</code>.
*
* @return values that have been set for the user collection
*/
if (debug.messageEnabled()) {
}
return selectedOrgDNs;
}
/**
* Sets the names for the instance of the <code>Organization</code>
* object. The names are obtained from the policy object,
* usually configured when a policy is created.
*
* @param names names selected for the instance of
* the user collection object.
*
* @exception InvalidNameException if the given names are not valid
*/
"org_subject_invalid_user_names", null,
}
selectedOrgDNs = new HashSet<>();
if (debug.messageEnabled()) {
+ selectedOrgDNs);
}
selectedRFCOrgDNs = new HashSet<>();
// add to the RFC Set now
}
}
/**
* Determines if the user belongs to this instance
* of the <code>Organization</code> object.
*
* @param token single-sign-on token of the user
*
* @return <code>true</code> if the user is member of the
* given subject; <code>false</code> otherwise.
*
* @exception SSOException if <code>token</code> is not valid
* @exception PolicyException if an error occured while
* checking if the user is a member of this subject
*/
throws SSOException, PolicyException {
boolean listenerAdded = false;
if (debug.messageEnabled()) {
+ userLocalDN);
}
boolean found = false;
if (debug.messageEnabled()) {
}
if (result) {
return result;
} else {
continue;
}
}
// got here so entry not in subject evaluation cache
if (debug.messageEnabled()) {
+" not in subject evaluation cache, fetching from "
+"directory server.");
}
if (debug.messageEnabled()) {
+ userLocalDN + " is not found in the directory");
}
return false;
}
}
if (!listenerAdded) {
tokenID))
{
if (debug.messageEnabled()) {
+ " sso listener added .\n");
}
listenerAdded = true;
}
}
if (debug.messageEnabled()) {
+"Organization object");
}
found = true;
break;
}
}
}
if (debug.messageEnabled()) {
if (found) {
+ " is a member of this Organization object");
} else {
+ " is not a member of this Organization object");
}
}
return found;
}
/**
* Check if the user identified by the userDN belongs to organization
* <code>org</code>
*/
if (debug.messageEnabled()) {
+", adding to Subject eval cache");
}
return orgMatch;
}
/**
* Return a hash code for this <code>Organization</code>.
*
* @return a hash code for this <code>Organization</code> object.
*/
public int hashCode() {
return selectedOrgDNs.hashCode();
}
/**
* Indicates whether some other object is "equal to" this one.
*
* @param o another object that will be compared with this one
*
* @return <code>true</code> if eqaul; <code>false</code>
* otherwise
*/
if (o instanceof Organization) {
if ((selectedOrgDNs != null)
return true;
}
}
return false;
}
/**
* Creates and returns a copy of this object.
*
* @return a copy of this object
*/
try {
} catch (CloneNotSupportedException e) {
// this should never happen
throw new InternalError();
}
if (selectedRFCOrgDNs != null) {
}
return theClone;
}
/**
* Gets the DN for a user identified
* by the token. If the Directory server is locally installed to speed
* up the search, no directoty search is performed and the DN obtained
* from the token is returned. If the directory is remote
* a LDAP search is performed to get the user DN.
*/
} else {
// try to figure out the user name from the local user DN
(beginIndex >= endIndex))
{
}
if ((userSearchFilter != null) &&
{
} else {
}
if (debug.messageEnabled()) {
"Organization.getUserDN(): search filter is: "
+ searchFilter);
}
// search the remote ldap and find out the user DN
SearchRequest request = LDAPRequests.newSearchRequest(baseDN, userSearchScope, searchFilter, attrs);
if (reader.isReference()) {
//ignore
} else {
}
}
}
} catch (LdapException le) {
} else {
}
if (additionalMsg != null) {
} else {
throw new PolicyException(errorMsg);
}
}
} catch (Exception e) {
throw new PolicyException(e);
}
if (debug.messageEnabled()) {
"Organization.getUserDN(): qualified users="
+ qualifiedUserDNs);
}
// we only take the first qualified DN
}
}
return userDN;
}
}