use of com.iplanet.services.ldap.Attr in project OpenAM by OpenRock.
the class PersistentObject method getAttributes.
/**
* Gets attribute values
*
* @param attrs
* Array of strings representing attribute names
* @param cacheOnly
* if true, read attributes from cache only without contacting
* data stroe
* @return attribute value set for the return values
* @see #getAttribute(String)
*
* @supported.api
*/
public AttrSet getAttributes(String[] attrs, boolean cacheOnly) throws UMSException {
if (attrs == null) {
throw new IllegalArgumentException(i18n.getString(IUMSConstants.BAD_ATTRNAMES));
}
AttrSet attrSet = new AttrSet();
if (!cacheOnly) {
Collection attributesNotInCache = findAttributesNotRead(attrs);
if ((!attributesNotInCache.isEmpty()) && (getGuid() != null) && (getPrincipal() != null)) {
readAttributesFromDataStore(attributesNotInCache);
}
}
int length = attrs.length;
for (int i = 0; i < length; i++) {
Attr attr = getAttributeFromCache(attrs[i]);
if (attr != null) {
attrSet.add(attr);
}
}
return attrSet;
}
use of com.iplanet.services.ldap.Attr in project OpenAM by OpenRock.
the class AMCommonUtils method attrSetToMap.
/**
* Method to convert a AttrSet object to Map.
*
* @param attrSet
* the AttrSet to be converted to a Map
* @param fetchByteValues
* if false stringValues are added, if true byteValues are added.
* @return a Map containing attribute names as key's and a Set of attribute
* values or byte Values
*/
protected static Map attrSetToMap(AttrSet attrSet, boolean fetchByteValues) {
Map attributesMap = new AMHashMap(fetchByteValues);
if (attrSet == null) {
return attributesMap;
}
int attrSetSize = attrSet.size();
if (!fetchByteValues) {
for (int i = 0; i < attrSetSize; i++) {
Attr attr = attrSet.elementAt(i);
String[] values = attr.getStringValues();
attributesMap.put(attr.getName(), stringArrayToSet(values));
}
} else {
for (int i = 0; i < attrSetSize; i++) {
Attr attr = attrSet.elementAt(i);
attributesMap.put(attr.getName(), attr.getByteValues());
}
}
return attributesMap;
}
use of com.iplanet.services.ldap.Attr in project OpenAM by OpenRock.
the class AMCommonUtils method mapToAttrSet.
/**
* Method to convert a Map to AttrSet.
*
* @param map
* a map contaning attribute names as keys and a Set of attribute
* values corresponding to each map key.
* @param byteValues
* if true then values are bytes otherwise strings
* @return an AttrSet having the contents of the supplied map
*/
protected static AttrSet mapToAttrSet(Map map, boolean byteValues) {
AttrSet attrSet = new AttrSet();
if (map == null) {
return attrSet;
}
if (!byteValues) {
Iterator itr = map.keySet().iterator();
while (itr.hasNext()) {
String attrName = (String) (itr.next());
Set set = (Set) (map.get(attrName));
String[] attrValues = (set == null ? null : (String[]) set.toArray(new String[set.size()]));
attrSet.replace(new Attr(attrName, attrValues));
}
} else {
Iterator itr = map.keySet().iterator();
while (itr.hasNext()) {
String attrName = (String) (itr.next());
byte[][] attrValues = (byte[][]) (map.get(attrName));
attrSet.replace(new Attr(attrName, attrValues));
}
}
return attrSet;
}
use of com.iplanet.services.ldap.Attr in project OpenAM by OpenRock.
the class AssignableDynamicGroup method hasMember.
/**
* Returns <code>true</code> if a given identifier is a member of the
* group.
*
* @param guid Identity of member to be checked for membership.
* @return <code>true</code> if it is a member.
* @exception UMSException if fail to read object for guid.
*
* @supported.api
*/
public boolean hasMember(Guid guid) throws UMSException {
if (getPrincipal() == null) {
throw new IllegalArgumentException(i18n.getString(IUMSConstants.NULL_PRINCIPAL));
}
PersistentObject object = UMSObject.getObject(getPrincipal(), guid);
Attr attr = object.getAttribute(MEMBER_ATTR_NAME);
if (attr == null) {
if (debug.messageEnabled()) {
debug.message("AssignableDynamicGroup.hasMember: no " + "attribute " + MEMBER_ATTR_NAME + " in " + guid.getDn());
}
return false;
}
// need to normalize DN to escape spaces and such
// for accurate checking of membership
// TODO: This ties guids to DNS. The methods to normalize and compare
// should be managed separately.
// TODO: The members should have been normalized before adding to
// the group (i.e. when creating or modifying it), so it should not
// be necessary to have normalizing code spread out in the classes
// and methods.
String normalized = getGuid().getDn();
String[] members = attr.getStringValues();
for (int i = 0; i < members.length; i++) {
String target = members[i];
if (debug.messageEnabled()) {
debug.message("AssignableDynamicGroup.hasMember: comparing " + normalized + " to " + target);
}
if (Guid.equals(normalized, target)) {
return true;
}
}
return false;
}
use of com.iplanet.services.ldap.Attr in project OpenAM by OpenRock.
the class BaseRole method newAccessRight.
/**
* Creates attribute access rights for the role;
* existing attribute access rights for the role will be replaced.
*
* @param accessRight
* New access right to be set to the role
*
* @supported.api
*/
public void newAccessRight(AccessRightObject accessRight) throws UMSException, ACIParseException {
ACI readACI = null;
ACI writeACI = null;
// get parent GUID
if (parentObject == null) {
parentObject = getParentObject();
}
// get ACIS from parent object
Iterator acis = parentObject.getACI().iterator();
// go throw each ACI to see if it sets the access right for the role
if (acis != null) {
String guid = getGuid().getDn().trim();
while (acis.hasNext()) {
ACI aci = (ACI) acis.next();
if (debug.messageEnabled()) {
debug.message("BaseRole.newAccessRight ACI.toString =" + aci.toString());
}
// try to find out if this ACI is for this role
// checking the name of the aci,
// better solution is to check the roledn, TBD
String aciName = aci.getName();
if (aciName.equals(READ_PERM_HEADER + guid)) {
readACI = aci;
if (writeACI != null)
break;
else
continue;
}
if (aciName.equals(WRITE_PERM_HEADER + guid)) {
writeACI = aci;
if (readACI != null)
break;
else
continue;
}
}
}
if (readACI != null) {
debug.message("modify existing read aci");
// modify existing read ACI
Attr attr = new Attr(ACI.ACI, readACI.getACIText());
if (debug.messageEnabled()) {
debug.message("readaci.ACIText :" + readACI.getACIText());
}
parentObject.modify(attr, ModificationType.DELETE);
ACI newReadACI = ACI.valueOf(readACI.toString());
QualifiedCollection readAttrs = new QualifiedCollection(accessRight.getReadableAttributeNames(), false);
newReadACI.setTargetAttributes(readAttrs);
attr = new Attr(ACI.ACI, newReadACI.toString());
parentObject.modify(attr, ModificationType.ADD);
} else {
debug.message("new read aci");
// add new read ACI
ACI newReadACI = new ACI(READ_PERM_HEADER + getGuid().getDn());
newReadACI.setName(READ_PERM_HEADER + getGuid().getDn());
QualifiedCollection readAttrs = new QualifiedCollection(accessRight.getReadableAttributeNames(), false);
newReadACI.setTargetAttributes(readAttrs);
// set Allow "read" permission
HashSet hs = new HashSet();
hs.add(READ_PERM_STRING);
QualifiedCollection perm = new QualifiedCollection(hs, false);
newReadACI.setPermissions(perm);
// set applied role
hs = new HashSet();
hs.add(getGuid().getDn());
newReadACI.setRoles(hs);
Attr attr = new Attr(ACI.ACI, newReadACI.toString());
if (debug.messageEnabled()) {
debug.message("READ " + getGuid().getDn() + "=" + newReadACI.toString());
}
parentObject.modify(attr, ModificationType.ADD);
}
if (writeACI != null) {
debug.message("modify existing write aci");
// modify existing read ACI
Attr attr = new Attr(ACI.ACI, writeACI.getACIText());
if (debug.messageEnabled()) {
debug.message("writeaci.ACIText :" + writeACI.getACIText());
}
parentObject.modify(attr, ModificationType.DELETE);
ACI newWriteACI = ACI.valueOf(writeACI.toString());
QualifiedCollection qual = new QualifiedCollection(accessRight.getWritableAttributeNames(), false);
newWriteACI.setTargetAttributes(qual);
attr = new Attr(ACI.ACI, newWriteACI.toString());
parentObject.modify(attr, ModificationType.ADD);
} else {
debug.message("new write aci");
// add new write ACI
ACI newWriteACI = new ACI(WRITE_PERM_HEADER + getGuid().getDn());
newWriteACI.setName(WRITE_PERM_HEADER + getGuid().getDn());
QualifiedCollection writeAttrs = new QualifiedCollection(accessRight.getWritableAttributeNames(), false);
newWriteACI.setTargetAttributes(writeAttrs);
// set Allow "write" permission
HashSet hs = new HashSet();
hs.add(WRITE_PERM_STRING);
QualifiedCollection perm = new QualifiedCollection(hs, false);
newWriteACI.setPermissions(perm);
// set applied role
hs = new HashSet();
hs.add(getGuid().getDn());
newWriteACI.setRoles(hs);
Attr attr = new Attr(ACI.ACI, newWriteACI.toString());
if (debug.messageEnabled()) {
debug.message("Write " + getGuid().getDn() + "=" + newWriteACI.toString());
}
parentObject.modify(attr, ModificationType.ADD);
}
// save ACI changes to parent persistent store
parentObject.save();
}
Aggregations