com.iplanet.am.sdk
Class AMStoreConnection

java.lang.Object
  |
  +--com.iplanet.am.sdk.AMStoreConnection

All Implemented Interfaces:

AMConstants

public final class AMStoreConnection

extends java.lang.Object

implements AMConstants

The AMStoreConnection class represents a connection to the Sun Java System Identity Server data store. It provides methods to create, remove and get different type of Sun Java System Identity Server SDK objects in the data tore. AMStoreConnection controls and manages access to the data store.

An instance of AMStoreConnection object should always be obtained by anyone using the AM SDK since this object is the entry point to all other AM SDK managed objects. The constructor takes the SSO token of the user. Here is some sample code on how to get a user's attributes, using AM SDK:

      AMStoreConnection amsc = new AMStoreConnection(ssotoken);
      AMUser user = amsc.getUser(ssotoken.getPrincipal());
      Map attributes = user.getAttributes();
 

AMStoreConnection also has other helper methods which are very useful. Some examples below:

      int otype = amsc.getAMObjectType(fullDN);
 

otype returned is one of the managed AMObject types, like AMObject.USER, AMObject.ROLE, AMObject.ORGANIZATION. If the entry being checked in not of the type managed by AM SDK, then an AMException is thrown.

      boolean exists = amsc.isValidEntry(fullDN);
 

If there is a fullDN that you want to know if it exists or not in the data store, then use the above method. The typical use of this method is in the case when you know that you need to get a managed object from amsc, but you want to verify that it exists before you create the managed object instance:

      if (amsc.isValidEntry(userDN)) {
             AMUser user = amsc.getUser(userDN);
              - More code here -
      }
 

Helper method getOrganizationDN(): Use this method to perform a subtree scoped search for organization,based on various attribute values.

      String orgDN = amsc.getOrganizationDN("sun.com", null);
 

The above method will return the DN of a organization, which matches the search criterias of having either domain name of sun.com, Domain alias name of sun.com or it's naming attribute value is sun.com. More examples of how to use this method are provided in the Javadocs of the method below.

Fields inherited from interface com.iplanet.am.sdk.AMConstants

ADD_MEMBER, ADMIN_GROUPS_ENABLED_ATTR, ADMIN_ROLE_ATTR, ADMINISTRATION_SERVICE, CACHE_ENABLED_DISABLED_KEY, CACHE_MAX_SIZE_KEY, COMPLIANCE_SPECIAL_FILTER_ATTR, COMPLIANCE_USER_DELETION_ATTR, CONTAINER_DEFAULT_TEMPLATE_ROLE, DCT_ATTRIBUTE_LIST_ATTR, DCT_ENABLED_ATTR, DOMAIN_ADMINISTRATORS, DOMAIN_HELP_DESK_ADMINISTRATORS, EMAIL_ATTRIBUTE, INET_ADMIN_OBJECT_CLASS, INET_DOMAIN_STATUS_ATTR, INET_DOMAIN_STATUS_ATTRIBUTE, OTHER_COSATTR_TYPE, POLICY_COSATTR_TYPE, POLICY_SUFFIX, PRE_POST_PROCESSING_MODULES_ATTR, REMOVE_MEMBER, REQUIRED_SERVICES_ATTR, ROLE_MANAGED_CONTAINER_DN_ATTRIBUTE, SCOPE_BASE, SCOPE_ONE, SCOPE_SUB, SERVICE_STATUS_ATTRIBUTE, STATIC_GROUP_DN_ATTRIBUTE, SUBSCRIBABLE_ATTRIBUTE, UNIQUE_ATTRIBUTE_LIST_ATTRIBUTE, UNIQUE_MEMBER_ATTRIBUTE, USER_CREATE_NOTIFICATION_LIST, USER_DELETE_NOTIFICATION_LIST, USER_ENCRYPTED_PASSWORD_ATTRIBUTE, USER_ENTRY_PROCESSING_IMPL, USER_MODIFY_NOTIFICATION_LIST, USER_PASSWORD_ATTRIBUTE, USER_SEARCH_RETURN_ATTR, USERID_PASSWORD_VALIDATION_CLASS

Constructor Summary

AMStoreConnection(SSOToken ssoToken)
Gets the connection to the Sun Java System Identity Server data store if the Session is valid.

Method Summary

AMOrganization	createTopOrganization(java.lang.String orgName, java.util.Map avPairs) Bootstraps the Organization tree by creating the Top Organization tree.
java.lang.String	getAMObjectName(int type) Take a supported type, and returns the matching name of the supported managed type.
int	getAMObjectType(java.lang.String dn) Returns the type of the object given its DN.
AMAssignableDynamicGroup	getAssignableDynamicGroup(java.lang.String assignableDynamicGroupDN) Returns the handle to the AMAssignableDynamicGroup object represented by DN.
java.util.Set	getAttributeNames(java.lang.String serviceName, AMSchema.Type schemaType) Returns the service attribute names for a given service name and schema type.
AMDynamicGroup	getDynamicGroup(java.lang.String dynamicGroupDN) Returns the handle to the AMDynamicGroup object represented by DN.
AMEntity	getEntity(java.lang.String eDN) Returns the handle to the AMEntity object represented by DN.
AMFilteredRole	getFilteredRole(java.lang.String roleDN) Returns the handle to the AMFilteredRole object represented by DN.
static java.lang.String	getFilteredRoleNamingAttribute() Deprecated. This method is deprecated. Use getNamingAttribute(int objectType)
AMGroupContainer	getGroupContainer(java.lang.String groupContainerDN) Returns the handle to the AMGroupContainer object represented by DN.
static java.lang.String	getGroupContainerNamingAttribute() Deprecated. This method is deprecated. Use getNamingAttribute(int objectType)
static java.lang.String	getGroupNamingAttribute() Deprecated. This method is deprecated. Use getNamingAttribute(int objectType)
java.lang.String	getI18NPropertiesFileName(java.lang.String serviceName) Returns the I18N properties file name that contains the internationalized messages.
static java.lang.String	getNamingAttribute(int objectType) Returns the naming attribute of an object type.
AMOrganization	getOrganization(java.lang.String orgDN) Returns the handle to the AMOrganization object represented by DN.
AMOrganizationalUnit	getOrganizationalUnit(java.lang.String orgUnitDN) Returns the handle to the AMOrganizationalUnit object represented by DN.
static java.lang.String	getOrganizationalUnitNamingAttribute() Deprecated. This method is deprecated. Use getNamingAttribute(int objectType)
java.lang.String	getOrganizationDN(java.lang.String domainname, java.lang.String orgSearchTemplate) Returns the DN of the organization, using the domainname provided and the searchTemplate (if provided).
static java.lang.String	getOrganizationNamingAttribute() Deprecated. This method is deprecated. Use getNamingAttribute(int objectType)
AMPeopleContainer	getPeopleContainer(java.lang.String peopleContainerDN) Returns the handle to the AMPeopleContainer object represented by DN.
static java.lang.String	getPeopleContainerNamingAttribute() Deprecated. This method is deprecated. Use getNamingAttribute(int objectType)
AMTemplate	getPolicyTemplate(java.lang.String templateDN) Deprecated.
java.lang.String	getPropertiesViewBeanURL(java.lang.String serviceName) Returns the URL of the view bean for the service
AMResource	getResource(java.lang.String resourceDN) Returns the handle to the AMResource object represented by DN.
AMRole	getRole(java.lang.String roleDN) Returns the handle to the AMRole object represented by DN.
static java.lang.String	getRoleNamingAttribute() Deprecated. This method is deprecated. Use getNamingAttribute(int objectType)
AMSchema	getSchema(java.lang.String serviceName, AMSchema.Type schemaType) Deprecated. This method has been deprecated. Please use com.sun.identity.sm.ServiceSchemaManager.getSchema().
java.util.Set	getSchemaTypes(java.lang.String serviceName) Deprecated. This method has been deprecated. Please use com.sun.identity.sm.ServiceSchemaManager.getSchemaTypes().
java.util.Set	getServiceHierarchy() Returns the service hierarchy for all registered services.
java.util.Set	getServiceNames() Returns the set of name of services that have been loaded to the data store.
AMStaticGroup	getStaticGroup(java.lang.String groupDN) Returns the handle to the AMStaticGroup object represented by DN.
java.util.Set	getTopLevelContainers() Returns the top level containers (Organizations, People Containers, Roles, etc) for the particular user based on single sign on token as the starting point in the tree.
java.util.Set	getTopLevelOrganizations() Returns the "real" or "physical" top level organizations as the starting point in the tree.
AMUser	getUser(java.lang.String userDN) Returns the handle to the AMUser object represented by DN.
static java.lang.String	getUserNamingAttribute() Deprecated. This method is deprecated. Use getNamingAttribute(int objectType)
boolean	isValidEntry(java.lang.String dn) Checks if the entry exists in the directory or not.
void	purge(java.lang.String domainName, int graceperiod) This method takes an organization DN and purges all objects marked for deletion.
void	purgeGroup(java.lang.String gid, java.lang.String domainName, int graceperiod) This method takes a group name and a domain name, It uses default search templates to search for the organization and uses the deleted objects search filter for Groups as defined in the Administration Service of IS.
void	purgeResource(java.lang.String rid, java.lang.String domainName, int graceperiod) This method takes a resource ID and a domain name, It uses default search templates to search for the organization and uses the deleted objects search filter for Resources as defined in the Administration Service of IS.
void	purgeUser(java.lang.String uid, java.lang.String domainName, int graceperiod) This method takes a user ID and a domain name, It uses default search templates to search for the organization and uses the deleted objects search filter for Users as defined in the Administration Service of IS.

Methods inherited from class java.lang.Object

equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

AMStoreConnection

public AMStoreConnection(SSOToken ssoToken)
                  throws SSOException

Gets the connection to the Sun Java System Identity Server data store if the Session is valid.

Parameters:

ssoToken - a valid SSO token object to authenticate before getting the connection

Throws:

SSOException - if single sign on token is invalid or expired.

Method Detail

getFilteredRoleNamingAttribute

public static java.lang.String getFilteredRoleNamingAttribute()

Deprecated. This method is deprecated. Use getNamingAttribute(int objectType)

Returns the filtered role naming attribute.

Returns:

filtered role naming attribute

getGroupContainerNamingAttribute

public static java.lang.String getGroupContainerNamingAttribute()

Deprecated. This method is deprecated. Use getNamingAttribute(int objectType)

Returns the group container naming attribute.

Returns:

group container naming attribute

getGroupNamingAttribute

public static java.lang.String getGroupNamingAttribute()

Deprecated. This method is deprecated. Use getNamingAttribute(int objectType)

Returns the group naming attribute.

Returns:

group naming attribute

getNamingAttribute

public static java.lang.String getNamingAttribute(int objectType)
                                           throws AMException

Returns the naming attribute of an object type.

Parameters:

objectType - Object type can be one of the following:

• AMObject.USER
• AMObject.ROLE
• AMObject.FILTERED_ROLE
• AMObject.ORGANIZATION
• AMObject.ORGANIZATIONAL_UNIT
• AMObject.GROUP
• AMObject.DYNAMIC_GROUP
• AMObject.ASSIGNABLE_DYNAMIC_GROUP
• AMObject.PEOPLE_CONTAINER
• AMObject.GROUP_CONTAINER

Returns:

the naming attribute corresponding to the objectType

Throws:

AMException - if an error occurred in obtaining the naming attribute

getOrganizationNamingAttribute

public static java.lang.String getOrganizationNamingAttribute()

Deprecated. This method is deprecated. Use getNamingAttribute(int objectType)

Returns the organization naming attribute.

Returns:

organization naming attribute

getOrganizationalUnitNamingAttribute

public static java.lang.String getOrganizationalUnitNamingAttribute()

Deprecated. This method is deprecated. Use getNamingAttribute(int objectType)

Returns the organizational unit naming attribute.

Returns:

organizational unit naming attribute

getPeopleContainerNamingAttribute

public static java.lang.String getPeopleContainerNamingAttribute()

Deprecated. This method is deprecated. Use getNamingAttribute(int objectType)

Returns the people container naming attribute.

Returns:

people container naming attribute

getRoleNamingAttribute

public static java.lang.String getRoleNamingAttribute()

Deprecated. This method is deprecated. Use getNamingAttribute(int objectType)

Returns the role naming attribute.

Returns:

role naming attribute

getUserNamingAttribute

public static java.lang.String getUserNamingAttribute()

Deprecated. This method is deprecated. Use getNamingAttribute(int objectType)

Returns the user naming attribute.

Returns:

user naming attribute

getAMObjectType

public int getAMObjectType(java.lang.String dn)
                    throws AMException,
                           SSOException

Returns the type of the object given its DN.

Parameters:

dn - DN of the object whose type is to be known.

Returns:

the type of the object given its DN.

Throws:

AMException - if the data store is unavailable or if the object type is unknown.

SSOException - if single sign on token is invalid or expired.

getAMObjectName

public java.lang.String getAMObjectName(int type)

Take a supported type, and returns the matching name of the supported managed type. For example, if AMObject.USER is passed in, it will return "user" (one of the basic supported types in AM SDK. But this method (and configuration in the service DAI) can be used to extend the basic supported types to include customer-specific entities, like "agents", "printers" etc.

Parameters:

type - Integer type (as returned by getAMObjectType)

Returns:

identifier for the above type. Returns null if type is unknown.

getAssignableDynamicGroup

public AMAssignableDynamicGroup getAssignableDynamicGroup(java.lang.String assignableDynamicGroupDN)
                                                   throws SSOException

Returns the handle to the AMAssignableDynamicGroup object represented by DN. However, the validity of the handle returned by this method cannot be guaranteed, since the object is created in memory, and not instantiated from the data store. Using the AMAssignableDynamicGroup returned from this method may result in exceptions thrown in the later part of the application, if the DN is not valid or represents an entry that does not exist.

Validity of the DN can be verified is using isValidEntry() method of the object returned.

Parameters:

assignableDynamicGroupDN - assignable dynamic group DN

Returns:

AMAssignableDynamicGroup object represented by DN.

Throws:

SSOException - if single sign on token is invalid or expired.

See Also:

isValidEntry(java.lang.String)

getAttributeNames

public java.util.Set getAttributeNames(java.lang.String serviceName,
                                       AMSchema.Type schemaType)
                                throws AMException

Returns the service attribute names for a given service name and schema type.

Parameters:

serviceName - the name of the service

schemaType - the type of service schema

Returns:

Set of service attribute names

Throws:

AMException -

getDynamicGroup

public AMDynamicGroup getDynamicGroup(java.lang.String dynamicGroupDN)
                               throws SSOException

Returns the handle to the AMDynamicGroup object represented by DN. However, the validity of the handle returned by this method cannot be guaranteed, since the object is created in memory, and not instantiated from the data store. Using the AMDynamicGroup returned from this method may result in exceptions thrown in the later part of the application, if the DN is not valid or represents an entry that does not exist.

Validity of the DN can be verified is using isValidEntry() method of the object returned.

Parameters:

dynamicGroupDN - group DN

Returns:

AMDynamicGroup object represented by DN.

Throws:

SSOException - if single sign on token is invalid or expired.

See Also:

isValidEntry(java.lang.String)

getFilteredRole

public AMFilteredRole getFilteredRole(java.lang.String roleDN)
                               throws SSOException

Returns the handle to the AMFilteredRole object represented by DN. However, the validity of the handle returned by this method cannot be guaranteed, since the object is created in memory, and not instantiated from the data store. Using the AMFilteredRole returned from this method may result in exceptions thrown in the later part of the application, if the DN is not valid or represents an entry that does not exist.

Validity of the DN can be verified is using isValidEntry() method of the object returned.

Parameters:

roleDN - role DN.

Returns:

AMFilteredRole object represented by DN.

Throws:

SSOException - if single sign on token is invalid or expired.

See Also:

isValidEntry(java.lang.String)

getGroupContainer

public AMGroupContainer getGroupContainer(java.lang.String groupContainerDN)
                                   throws SSOException

Returns the handle to the AMGroupContainer object represented by DN. However, the validity of the handle returned by this method cannot be guaranteed, since the object is created in memory, and not instantiated from the data store. Using the AMGroupContainer returned from this method may result in exceptions thrown in the later part of the application, if the DN is not valid or represents an entry that does not exist.

Validity of the DN can be verified is using isValidEntry() method of the object returned.

Parameters:

groupContainerDN - group container DN.

Returns:

AMGroupContainer object represented by DN.

Throws:

SSOException - if single sign on token is invalid or expired.

See Also:

isValidEntry(java.lang.String)

getI18NPropertiesFileName

public java.lang.String getI18NPropertiesFileName(java.lang.String serviceName)
                                           throws AMException

Returns the I18N properties file name that contains the internationalized messages.

Parameters:

serviceName - the service name

Returns:

String String representing i18N properties file name

Throws:

AMException - if an error is encountered while retrieving information

getOrganization

public AMOrganization getOrganization(java.lang.String orgDN)
                               throws SSOException

Returns the handle to the AMOrganization object represented by DN. However, the validity of the handle returned by this method cannot be guaranteed, since the object is created in memory, and not instantiated from the data store. Using the AMOrganization returned from this method may result in exceptions thrown in the later part of the application, if the DN is not valid or represents an entry that does not exist.

Validity of the DN can be verified is using isValidEntry() method of the object returned.

Parameters:

orgDN - organization DN

Returns:

AMOrganization object represented by DN.

Throws:

SSOException - if single sign on token is invalid or expired.

See Also:

isValidEntry(java.lang.String)

getOrganizationDN

public java.lang.String getOrganizationDN(java.lang.String domainname,
                                          java.lang.String orgSearchTemplate)
                                   throws AMException,
                                          SSOException

Returns the DN of the organization, using the domainname provided and the searchTemplate (if provided). If searchTemplate is null, SDK uses the default searchTemplate to perform the orgDN search. If the DC tree global flag is enabled, the DC tree is used to obtain the organization DN, otherwise an LDAP search is conducted using the searchfilter in the searchtemplate. All %V in the filter are replaced with domainname. If the search returns more than one entries, then an Exception is thrown. Otherwise the DN obtained is returned.

Parameters:

domainname - Organization identifier passed. It can be a domain name (example: sun.com) or it could be a full DN or it could be null or * "/". A full DN is verified to be an organization and returned as is. A "/" is assumed to be a request for the root DN and the root DN is returned. A "/" separated string is assumed to represent an existing organization DN in the DIT. For example: /iplanet/sun is converted to a DN (o=iplanet,o=sun,<base DN>) and the validity of this DN is checked and returned. Any other string is assumed to be either a domain or an associated domain or the organization name. The search filter is created accordingly.

orgSearchTemplate - template to use for the search.

Returns:

The full organization DN

Throws:

AMException - If there is a problem connecting or searching the data store.

SSOException - If the user has an invalid SSO token.

getOrganizationalUnit

public AMOrganizationalUnit getOrganizationalUnit(java.lang.String orgUnitDN)
                                           throws SSOException

Returns the handle to the AMOrganizationalUnit object represented by DN. However, the validity of the handle returned by this method cannot be guaranteed, since the object is created in memory, and not instantiated from the data store. Using the AMOrganizationialUnit returned from this method may result in exceptions thrown in the later part of the application, if the DN is not valid or represents an entry that does not exist.

Validity of the DN can be verified is using isValidEntry() method of the object returned.

Parameters:

orgUnitDN - organizational unit DN

Returns:

AMOrganizationalUnit object represented by DN.

Throws:

SSOException - if single sign on token is invalid or expired.

See Also:

isValidEntry(java.lang.String)

getPeopleContainer

public AMPeopleContainer getPeopleContainer(java.lang.String peopleContainerDN)
                                     throws SSOException

Returns the handle to the AMPeopleContainer object represented by DN. However, the validity of the handle returned by this method cannot be guaranteed, since the object is created in memory, and not instantiated from the data store. Using the AMPeopleContainer returned from this method may result in exceptions thrown in the later part of the application, if the DN is not valid or represents an entry that does not exist.

Validity of the DN can be verified is using isValidEntry() method of the object returned.

Parameters:

peopleContainerDN - people container DN

Returns:

AMPeopleContainer object represented by DN.

Throws:

SSOException - if single sign on token is invalid or expired.

See Also:

isValidEntry(java.lang.String)

getPolicyTemplate

public AMTemplate getPolicyTemplate(java.lang.String templateDN)
                             throws AMException,
                                    SSOException

Deprecated.

Returns the handle to the AMTemplate object represented by DN. However, the validity of the handle returned by this method cannot be guaranteed, since the object is created in memory, and not instantiated from the data store. Using the AMTemplate returned from this method may result in exceptions thrown in the later part of the application, if the DN is not valid or represents an entry that does not exist.

Validity of the DN can be verified is using isValidEntry() method of the object returned.

Parameters:

templateDN - a policy template DN.

Returns:

AMTemplate object represented by DN.

Throws:

AMException - if the DN does not represent a Policy template DN

SSOException - if single sign on token is invalid or expired.

See Also:

isValidEntry(java.lang.String)

getPropertiesViewBeanURL

public java.lang.String getPropertiesViewBeanURL(java.lang.String serviceName)
                                          throws AMException

Returns the URL of the view bean for the service

Parameters:

serviceName - the service name

Returns:

String URL of the view bean for the service

Throws:

AMException - if an error is encountered while retrieving information

getResource

public AMResource getResource(java.lang.String resourceDN)
                       throws SSOException

Returns the handle to the AMResource object represented by DN. However, the validity of the handle returned by this method cannot be guaranteed, since the object is created in memory, and not instantiated from the data store. Using the AMResource returned from this method may result in exceptions thrown in the later part of the application, if the DN is not valid or represents an entry that does not exist.

Validity of the DN can be verified is using isValidEntry() method of the object returned.

Parameters:

resourceDN - resource DN.

Returns:

AMResource object represented by DN.

Throws:

SSOException - if single sign on token is invalid or expired.

See Also:

isValidEntry(java.lang.String)

getRole

public AMRole getRole(java.lang.String roleDN)
               throws SSOException

Returns the handle to the AMRole object represented by DN. However, the validity of the handle returned by this method cannot be guaranteed, since the object is created in memory, and not instantiated from the data store. Using the AMRole returned from this method may result in exceptions thrown in the later part of the application, if the DN is not valid or represents an entry that does not exist.

Validity of the DN can be verified is using isValidEntry() method of the object returned.

Parameters:

roleDN - role DN

Returns:

AMRole object represented by DN.

Throws:

SSOException - if single sign on token is invalid or expired.

See Also:

isValidEntry(java.lang.String)

getSchema

public AMSchema getSchema(java.lang.String serviceName,
                          AMSchema.Type schemaType)
                   throws AMException

Deprecated. This method has been deprecated. Please use com.sun.identity.sm.ServiceSchemaManager.getSchema().

Returns the AMSchema for the given service name and service type.

Parameters:

serviceName - the name of the service

schemaType - the type of service schema that needs to be retrieved.

Returns:

AMSchema corresponding to the given service name and schema type.

Throws:

AMException - if an error is encountered in retrieving the AMSchema.

getSchemaTypes

public java.util.Set getSchemaTypes(java.lang.String serviceName)
                             throws AMException

Deprecated. This method has been deprecated. Please use com.sun.identity.sm.ServiceSchemaManager.getSchemaTypes().

Returns the schema types available for a particular service.

Parameters:

serviceName - the name of the service whose schema types needs to be retrieved

Returns:

Set of AMSchema.Type objects

Throws:

AMException - if an error is encountered in retrieving the schemaTypes.

getServiceHierarchy

public java.util.Set getServiceHierarchy()
                                  throws AMException

Returns the service hierarchy for all registered services.

Returns:

the service hierarchy for all registered services.

Throws:

AMException - if an error is encountered in retrieving the service hierarchy. The return value is a Set of strings in slash format.

getServiceNames

public java.util.Set getServiceNames()
                              throws AMException

Returns the set of name of services that have been loaded to the data store.

Returns:

set of name of services.

Throws:

AMException - if an error is encountered in retrieving the names of the services

getStaticGroup

public AMStaticGroup getStaticGroup(java.lang.String groupDN)
                             throws SSOException

Returns the handle to the AMStaticGroup object represented by DN. However, the validity of the handle returned by this method cannot be guaranteed, since the object is created in memory, and not instantiated from the data store. Using the AMStaticGroup returned from this method may result in exceptions thrown in the later part of the application, if the DN is not valid or represents an entry that does not exist.

Validity of the DN can be verified is using isValidEntry() method of the object returned.

Parameters:

groupDN - group DN

Returns:

AMStaticGroup object represented by DN.

Throws:

SSOException - if single sign on token is invalid or expired.

See Also:

isValidEntry(java.lang.String)

getTopLevelContainers

public java.util.Set getTopLevelContainers()
                                    throws AMException,
                                           SSOException

Returns the top level containers (Organizations, People Containers, Roles, etc) for the particular user based on single sign on token as the starting point in the tree.

Returns:

set of DBObjects that are top level containers for the signed in user.

Throws:

AMException - if an error occurred when retrieving the information from the data store.

SSOException - if single sign on token is invalid or expired.

getTopLevelOrganizations

public java.util.Set getTopLevelOrganizations()
                                       throws AMException,
                                              SSOException

Returns the "real" or "physical" top level organizations as the starting point in the tree.

Returns:

Set Set of DN Strings for top level Organizations

Throws:

AMException - if an error occurred when retrieving the information from the data store.

SSOException - if single sign on token is invalid or expired.

getUser

public AMUser getUser(java.lang.String userDN)
               throws SSOException

Returns the handle to the AMUser object represented by DN. However, the validity of the handle returned by this method cannot be guaranteed, since the object is created in memory, and not instantiated from the data store. Using the AMUser returned from this method may result in exceptions thrown in the later part of the application, if the DN is not valid or represents an entry that does not exist.

Validity of the DN can be verified is using isValidEntry() method of the object returned.

Parameters:

userDN - user DN

Returns:

AMUser object represented by DN

Throws:

SSOException - if single sign on token is invalid or expired.

See Also:

isValidEntry(java.lang.String)

getEntity

public AMEntity getEntity(java.lang.String eDN)
                   throws SSOException

Returns the handle to the AMEntity object represented by DN. However, the validity of the handle returned by this method cannot be guaranteed, since the object is created in memory, and not instantiated from the data store. Using the AMEntity returned from this method may result in exceptions thrown in the later part of the application, if the DN is not valid or represents an entry that does not exist.

Validity of the DN can be verified is using isValidEntry() method of the object returned.

Parameters:

eDN - entity DN.

Returns:

AMEntity object represented by DN.

Throws:

SSOException - if single sign on token is invalid or expired.

See Also:

isValidEntry(java.lang.String)

isValidEntry

public boolean isValidEntry(java.lang.String dn)
                     throws SSOException

Checks if the entry exists in the directory or not. First a syntax check is done on the DN string corresponding to the entry. If the DN syntax is valid, a directory call will be made to check for the existence of the entry.

NOTE: This method internally invokes a call to the directory to verify the existence of the entry. There could be a performance overhead. Hence, please use your discretion while using this method.

Parameters:

dn - DN of the entry that needs to be validated.

Returns:

false if the entry does not have a valid DN syntax or if the entry does not exists in the Directory. True otherwise.

Throws:

SSOException - if the single sign on token is no longer valid.

createTopOrganization

public AMOrganization createTopOrganization(java.lang.String orgName,
                                            java.util.Map avPairs)
                                     throws AMException,
                                            SSOException

Bootstraps the Organization tree by creating the Top Organization tree.

Parameters:

orgName - name of the top organization

avPairs - Attribute-Value pairs for the top organization

Returns:

Top Organization object.

Throws:

AMException - if an error occurred during the process of creation.

SSOException - if single sign on token is invalid or expired.

purge

public void purge(java.lang.String domainName,
                  int graceperiod)
           throws AMException,
                  SSOException

This method takes an organization DN and purges all objects marked for deletion. If the organization itself is marked for deletion, then a recursive delete of everything under the organization is called, followed by the organization deletion. This method works in the mode where soft-delete option in IS is turned on. The Pre/Post callbacks for users are executed during this method.

Parameters:

domainName - domain to be purged

graceperiod - time in days which should have passed since the entry was last modified before it can be deleted from the system.

Throws:

AMException - if an error occurred when retrieving the information from the data store.

SSOException - if single sign on token is invalid or expired.

purgeUser

public void purgeUser(java.lang.String uid,
                      java.lang.String domainName,
                      int graceperiod)
               throws AMException,
                      SSOException

This method takes a user ID and a domain name, It uses default search templates to search for the organization and uses the deleted objects search filter for Users as defined in the Administration Service of IS. This filter is used to search for the deleted user under the organization. If the user is marked for deletion and the grace period is passed then the user is purged. The pre-delete call backs as listed in the Administration service, are called before the user is deleted. If any of the callbacks throw an exception the delete operation is aborted.

Parameters:

uid - user ID

domainName - domain in which the user belongs.

graceperiod - time in days which should have passed before this user can be deleted.

Throws:

AMException - if there is an error in deleting the user, or if the user callbacks thrown an exception

SSOException -

purgeResource

public void purgeResource(java.lang.String rid,
                          java.lang.String domainName,
                          int graceperiod)
                   throws AMException,
                          SSOException

This method takes a resource ID and a domain name, It uses default search templates to search for the organization and uses the deleted objects search filter for Resources as defined in the Administration Service of IS. This filter is used to search for the deleted resource under the organization. If the resource is marked for deletion and the grace period is passed then the resource is purged. The pre-delete call backs as listed in the Administration service, are called before the user is deleted. If any of the callbacks throw an exception the delete operation is aborted.

Parameters:

rid - resource ID

domainName - domain in which the user belongs.

graceperiod - time in days which should have passed before this user can be deleted.

Throws:

AMException - if there is an error in deleting the user, or if the user callbacks thrown an exception

SSOException -

purgeGroup

public void purgeGroup(java.lang.String gid,
                       java.lang.String domainName,
                       int graceperiod)
                throws AMException,
                       SSOException

This method takes a group name and a domain name, It uses default search templates to search for the organization and uses the deleted objects search filter for Groups as defined in the Administration Service of IS. This filter is used to search for the deleted user under the organization. If the group is marked for deletion and the grace period is passed then the group is purged. The pre-delete call backs as listed in the Administration service, are called before the group is deleted. If any of the callbacks throw an exception the delete operation is aborted.

Parameters:

gid - group name

domainName - domain in which the group belongs.

graceperiod - time in days which should have passed before this user can be deleted. If a -1 is passed, group is deleted right away without check on graceperiod.

Throws:

AMException - if there is an error in deleting the group, or if the callbacks thrown an exception

SSOException -