|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: INNER | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Object | +--com.iplanet.am.sdk.AMStoreConnection
The AMStoreConnection
class represents a connection to the
Sun Java System Access Manager data store. It provides methods to create,
remove and get different type of Sun Java System Access Manager SDK objects
in the data tore. AMStoreConnection
controls and manages access
to the data store.
An instance of AMStoreConnection
object should always be
obtained by anyone using the AM SDK since this object is the
entry point to all other AM SDK managed objects. The constructor takes
the SSO token of the user. Here is some sample code on how to get
a user's attributes, using AM SDK:
AMStoreConnection amsc = new AMStoreConnection(ssotoken); AMUser user = amsc.getUser(ssotoken.getPrincipal()); Map attributes = user.getAttributes();
AMStoreConnection
also has other helper methods which are very
useful. Some examples below:
int otype = amsc.getAMObjectType(fullDN);
otype
returned is one of the managed AMObject
types, like AMObject.USER
, AMObject.ROLE
,
AMObject.ORGANIZATION
. If the entry being checked in not
of the type managed by AM SDK, then an AMException
is thrown.
boolean exists = amsc.isValidEntry(fullDN);
If there is a fullDN
that you want to know if it exists or not
in the data store, then use the above method. The typical use of this method
is in the case when you know that you need to get a managed object from
amsc
, but you want to verify that it exists before you create
the managed object instance:
if (amsc.isValidEntry(userDN)) { AMUser user = amsc.getUser(userDN); - More code here - }
Helper method getOrganizationDN()
: Use this method to perform
a subtree scoped search for organization,based on various attribute values.
String orgDN = amsc.getOrganizationDN("sun.com", null);
The above method will return the DN of a organization, which matches the
search criterias of having either domain name of sun.com
, Domain
alias name of sun.com
or it's naming attribute value is
sun.com
. More examples
of how to use this method are provided in the Javadocs of the method below.
Field Summary | |
static java.lang.String |
rootSuffix
|
Constructor Summary | |
AMStoreConnection(SSOToken ssoToken)
Gets the connection to the Sun Java System Access Manager data store if the Session is valid. |
Method Summary | |
AMOrganization |
createTopOrganization(java.lang.String orgName,
java.util.Map avPairs)
Bootstraps the Organization tree by creating the Top Organization tree. |
java.lang.String |
getAMObjectName(int type)
Take a supported type, and returns the matching name of the supported managed type. |
int |
getAMObjectType(java.lang.String dn)
Returns the type of the object given its DN. |
AMAssignableDynamicGroup |
getAssignableDynamicGroup(java.lang.String assignableDynamicGroupDN)
Returns the handle to the AMAssignableDynamicGroup object
represented by DN. |
java.util.Set |
getAttributeNames(java.lang.String serviceName,
AMSchema.Type schemaType)
Deprecated. use com.sun.identity.sm.ServiceSchemaManager.
getServiceAttributeNames(com.sun.identity.sm.SchemaType) |
AMDynamicGroup |
getDynamicGroup(java.lang.String dynamicGroupDN)
Returns the handle to the AMDynamicGroup object represented by
DN. |
AMEntity |
getEntity(java.lang.String eDN)
Returns the handle to the AMEntity object represented by DN. |
java.util.Set |
getEntityTypes()
Returns a set of com.iplanet.am.sdk.AMEntityType
objects, which is the set of objects which are supported by
the com.iplanet.am.sdk.AMEntity APIs. |
AMFilteredRole |
getFilteredRole(java.lang.String roleDN)
Returns the handle to the AMFilteredRole object represented by
DN. |
static java.lang.String |
getFilteredRoleNamingAttribute()
Deprecated. This method is deprecated. Use getNamingAttribute(int objectType) |
AMGroupContainer |
getGroupContainer(java.lang.String groupContainerDN)
Returns the handle to the AMGroupContainer object
represented by DN. |
static java.lang.String |
getGroupContainerNamingAttribute()
Deprecated. This method is deprecated. Use getNamingAttribute(int objectType) |
static java.lang.String |
getGroupNamingAttribute()
Deprecated. This method is deprecated. Use getNamingAttribute(int objectType) |
java.lang.String |
getI18NPropertiesFileName(java.lang.String serviceName)
Returns the I18N properties file name that contains the internationalized messages. |
static java.lang.String |
getNamingAttribute(int objectType)
Returns the naming attribute of an object type. |
AMOrganization |
getOrganization(java.lang.String orgDN)
Returns the handle to the AMOrganization object represented
by DN. |
AMOrganizationalUnit |
getOrganizationalUnit(java.lang.String orgUnitDN)
Returns the handle to the AMOrganizationalUnit object
represented by DN. |
static java.lang.String |
getOrganizationalUnitNamingAttribute()
Deprecated. This method is deprecated. Use getNamingAttribute(int objectType) |
java.lang.String |
getOrganizationDN(java.lang.String domainname,
java.lang.String orgSearchTemplate)
Returns the DN of the organization, using the domainname
provided and the searchTemplate (if provided). |
static java.lang.String |
getOrganizationNamingAttribute()
Deprecated. This method is deprecated. Use getNamingAttribute(int objectType) |
AMPeopleContainer |
getPeopleContainer(java.lang.String peopleContainerDN)
Returns the handle to the AMPeopleContainer object represented
by DN. |
static java.lang.String |
getPeopleContainerNamingAttribute()
Deprecated. This method is deprecated. Use getNamingAttribute(int objectType) |
AMTemplate |
getPolicyTemplate(java.lang.String templateDN)
Deprecated. |
java.lang.String |
getPropertiesViewBeanURL(java.lang.String serviceName)
Returns the URL of the view bean for the service |
AMResource |
getResource(java.lang.String resourceDN)
Returns the handle to the AMResource object represented by
DN. |
AMRole |
getRole(java.lang.String roleDN)
Returns the handle to the AMRole object represented by DN. |
static java.lang.String |
getRoleNamingAttribute()
Deprecated. This method is deprecated. Use getNamingAttribute(int objectType) |
AMSchema |
getSchema(java.lang.String serviceName,
AMSchema.Type schemaType)
Deprecated. This method has been deprecated. Please use com.sun.identity.sm.ServiceSchemaManager.getSchema() . |
java.util.Set |
getSchemaTypes(java.lang.String serviceName)
Deprecated. This method has been deprecated. Please use com.sun.identity.sm.ServiceSchemaManager.getSchemaTypes() . |
java.util.Set |
getServiceHierarchy()
Returns the service hierarchy for all registered services. |
java.util.Set |
getServiceNames()
Returns the set of name of services that have been loaded to the data store. |
AMStaticGroup |
getStaticGroup(java.lang.String groupDN)
Returns the handle to the AMStaticGroup object represented
by DN. |
java.util.Set |
getTopLevelContainers()
Returns the top level containers (Organizations, People Containers, Roles, etc) for the particular user based on single sign on token as the starting point in the tree. |
java.util.Set |
getTopLevelOrganizations()
Returns the "real" or "physical" top level organizations as the starting point in the tree. |
AMUser |
getUser(java.lang.String userDN)
Returns the handle to the AMUser object represented by DN. |
static java.lang.String |
getUserNamingAttribute()
Deprecated. This method is deprecated. Use getNamingAttribute(int objectType) |
boolean |
isValidEntry(java.lang.String dn)
Checks if the entry exists in the directory or not. |
void |
purge(java.lang.String domainName,
int graceperiod)
This method takes an organization DN and purges all objects marked for deletion. |
void |
purgeGroup(java.lang.String gid,
java.lang.String domainName,
int graceperiod)
This method takes a group name and a domain name, It uses default search templates to search for the organization and uses the deleted objects search filter for Groups as defined in the Administration Service of Access Manager. |
void |
purgeResource(java.lang.String rid,
java.lang.String domainName,
int graceperiod)
This method takes a resource ID and a domain name, It uses default search templates to search for the organization and uses the deleted objects search filter for Resources as defined in the Administration Service of Access Manager. |
void |
purgeUser(java.lang.String uid,
java.lang.String domainName,
int graceperiod)
This method takes a user ID and a domain name, It uses default search templates to search for the organization and uses the deleted objects search filter for Users as defined in the Administration Service of Access Manager. |
Methods inherited from class java.lang.Object |
equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Field Detail |
public static java.lang.String rootSuffix
Constructor Detail |
public AMStoreConnection(SSOToken ssoToken) throws SSOException
ssoToken
- a valid SSO token object to authenticate before getting
the connectionSSOException
- if single sign on token is invalid or expired.Method Detail |
public static java.lang.String getFilteredRoleNamingAttribute()
getNamingAttribute(int objectType)
public static java.lang.String getGroupContainerNamingAttribute()
getNamingAttribute(int objectType)
public static java.lang.String getGroupNamingAttribute()
getNamingAttribute(int objectType)
public static java.lang.String getNamingAttribute(int objectType) throws AMException
objectType
- Object type can be one of the following:
objectType
AMException
- if an error occurred in obtaining the naming attributepublic static java.lang.String getOrganizationNamingAttribute()
getNamingAttribute(int objectType)
public static java.lang.String getOrganizationalUnitNamingAttribute()
getNamingAttribute(int objectType)
public static java.lang.String getPeopleContainerNamingAttribute()
getNamingAttribute(int objectType)
public static java.lang.String getRoleNamingAttribute()
getNamingAttribute(int objectType)
public static java.lang.String getUserNamingAttribute()
getNamingAttribute(int objectType)
public int getAMObjectType(java.lang.String dn) throws AMException, SSOException
dn
- DN of the object whose type is to be known.AMException
- if the data store is unavailable or if the object type
is unknown.SSOException
- if single sign on token is invalid or expired.public java.lang.String getAMObjectName(int type)
AMObject.USER
is passed in,
it will return "user" (one of the basic supported types in AM SDK.
But this method (and configuration in the service DAI
)
can be used to extend the basic supported types to include
customer-specific entities, like "agents", "printers" etc.type
- Integer type (as returned by getAMObjectType
)public AMAssignableDynamicGroup getAssignableDynamicGroup(java.lang.String assignableDynamicGroupDN) throws SSOException
AMAssignableDynamicGroup
object
represented by DN. However, the validity of the handle returned by this
method cannot be guaranteed, since the object is created in memory, and
not instantiated from the data store. Using the
AMAssignableDynamicGroup
returned from this method may
result in exceptions thrown in the later part of the application,
if the DN is not valid or represents an entry that does not exist.
Validity of the DN can be verified is using isValidEntry()
method of the object returned.
assignableDynamicGroupDN
- assignable dynamic group DNAMAssignableDynamicGroup
object represented by DN.SSOException
- if single sign on token is invalid or expired.isValidEntry(java.lang.String)
public java.util.Set getAttributeNames(java.lang.String serviceName, AMSchema.Type schemaType) throws AMException
com.sun.identity.sm.ServiceSchemaManager.
getServiceAttributeNames(com.sun.identity.sm.SchemaType)
serviceName
- the name of the serviceschemaType
- the type of service schemaAMException
- if an error is encountered while retrieving
information.public AMDynamicGroup getDynamicGroup(java.lang.String dynamicGroupDN) throws SSOException
AMDynamicGroup
object represented by
DN. However, the validity of the handle returned by this method cannot be
guaranteed, since the object is created in memory, and not instantiated
from the data store. Using the AMDynamicGroup
returned from
this method may result in exceptions thrown in the later part of the
application, if the DN is not valid or represents an entry that does not
exist.
Validity of the DN can be verified is using isValidEntry()
method of the object returned.
dynamicGroupDN
- group DNAMDynamicGroup
object represented by DN.SSOException
- if single sign on token is invalid or expired.isValidEntry(java.lang.String)
public AMFilteredRole getFilteredRole(java.lang.String roleDN) throws SSOException
AMFilteredRole
object represented by
DN. However, the validity of the handle returned by this method cannot be
guaranteed, since the object is created in memory, and not instantiated
from the data store. Using the AMFilteredRole
returned from
this method may result in exceptions thrown in the later part of the
application, if the DN is not valid or represents an entry that does not
exist.
Validity of the DN can be verified is using isValidEntry()
method of the object returned.
roleDN
- role DN.AMFilteredRole
object represented by DN.SSOException
- if single sign on token is invalid or expired.isValidEntry(java.lang.String)
public AMGroupContainer getGroupContainer(java.lang.String groupContainerDN) throws SSOException
AMGroupContainer
object
represented by DN. However, the validity of the handle returned by this
method cannot be guaranteed, since the object is created in memory, and
not instantiated from the data store. Using the
AMGroupContainer
returned from this method may result in
exceptions thrown in the later part of the application, if the DN is not
valid or represents an entry that does not exist.
Validity of the DN can be verified is using isValidEntry()
method of the object returned.
groupContainerDN
- group container DN.AMGroupContainer
object represented by DN.SSOException
- if single sign on token is invalid or expired.isValidEntry(java.lang.String)
public java.lang.String getI18NPropertiesFileName(java.lang.String serviceName) throws AMException
serviceName
- the service nameAMException
- if an error is encountered while retrieving
informationpublic AMOrganization getOrganization(java.lang.String orgDN) throws SSOException
AMOrganization
object represented
by DN. However, the validity of the handle returned by this method cannot
be guaranteed,
since the object is created in memory, and not instantiated from the
data store. Using the AMOrganization
returned from this
method may result in exceptions thrown in the later part of the
application, if the DN is not valid or represents an entry that does not
exist.
Validity of the DN can be verified is using isValidEntry()
method of the object returned.
orgDN
- organization DNAMOrganization
object represented by DN.SSOException
- if single sign on token is invalid or expired.isValidEntry(java.lang.String)
public java.lang.String getOrganizationDN(java.lang.String domainname, java.lang.String orgSearchTemplate) throws AMException, SSOException
domainname
provided and the searchTemplate
(if provided). If
searchTemplate
is null, SDK uses the default
searchTemplate
to perform the orgDN
search.
If the DC tree global flag is enabled,
the DC tree is used to obtain the organization DN, otherwise an LDAP
search is conducted using the searchfilter
in the
searchtemplate
. All %V
in the filter are
replaced with domainname
. If the search returns more
than one entries, then an Exception is thrown.
Otherwise the DN obtained is returned.domainname
- Organization identifier passed. It can be a domain
name (example: sun.com
) or it could be a full DN
or it could be null or * "/"
. A full DN is verified
to be an organization and returned as is.
A "/" is assumed to be a request for the root DN and the root DN
is returned. A "/" separated string is assumed to represent an
existing organization DN in the DIT. For example:
/iplanet/sun
is converted to a DN
(o=iplanet,o=sun,<base DN>)
and the validity of
this DN is checked and returned.
Any other string is assumed to be either a domain or an
associated domain or the organization name. The search filter is
created accordingly.orgSearchTemplate
- template to use for the search.AMException
- If there is a problem connecting or searching
the data store.SSOException
- If the user has an invalid SSO token.public AMOrganizationalUnit getOrganizationalUnit(java.lang.String orgUnitDN) throws SSOException
AMOrganizationalUnit
object
represented by DN. However, the validity of the handle returned by this
method cannot be guaranteed, since the object is created in memory, and
not instantiated from the data store. Using the
AMOrganizationialUnit
returned from this method
may result in exceptions thrown in the later part of the application,
if the DN is not valid or represents an entry that does not exist.
Validity of the DN can be verified is using isValidEntry()
method of the object returned.
orgUnitDN
- organizational unit DNAMOrganizationalUnit
object represented by DN.SSOException
- if single sign on token is invalid or expired.isValidEntry(java.lang.String)
public AMPeopleContainer getPeopleContainer(java.lang.String peopleContainerDN) throws SSOException
AMPeopleContainer
object represented
by DN. However, the validity of the handle returned by this method cannot
be guaranteed, since the object is created in memory, and not
instantiated from the data store. Using the
AMPeopleContainer
returned from this method may result in
exceptions thrown in the later part of the application, if the DN is not
valid or represents an entry that does not exist.
Validity of the DN can be verified is using isValidEntry()
method of
the object returned.
peopleContainerDN
- people container DNAMPeopleContainer
object represented by DN.SSOException
- if single sign on token is invalid or expired.isValidEntry(java.lang.String)
public AMTemplate getPolicyTemplate(java.lang.String templateDN) throws AMException, SSOException
AMTemplate
object represented by
DN. However, the validity of the handle returned by this method cannot be
guaranteed, since the object is created in memory, and not instantiated
from the data store. Using the AMTemplate
returned from
this method may result in exceptions thrown in the later part of the
application, if the DN is not valid or represents an entry that does
not exist.
Validity of the DN can be verified is using isValidEntry()
method of the object returned.
templateDN
- a policy template DN.AMTemplate
object represented by DN.AMException
- if the DN does not represent a Policy template DNSSOException
- if single sign on token is invalid or expired.isValidEntry(java.lang.String)
public java.lang.String getPropertiesViewBeanURL(java.lang.String serviceName) throws AMException
serviceName
- the service nameAMException
- if an error is encountered while retrieving
informationpublic AMResource getResource(java.lang.String resourceDN) throws SSOException
AMResource
object represented by
DN. However, the validity of the handle returned by this method cannot be
guaranteed, since the object is created in memory, and not instantiated
from the data store. Using the AMResource
returned from
this method may result in exceptions thrown in the later part of the
application, if the DN is not valid or represents an entry that does not
exist.
Validity of the DN can be verified is using isValidEntry()
method of the object returned.
resourceDN
- resource DN.AMResource
object represented by DN.SSOException
- if single sign on token is invalid or expired.isValidEntry(java.lang.String)
public AMRole getRole(java.lang.String roleDN) throws SSOException
AMRole
object represented by DN.
However, the validity of the handle returned by this method cannot be
guaranteed, since the object is created in memory, and not instantiated
from the data store. Using the AMRole
returned from this
method may result in exceptions thrown in the later part of the
application, if the DN is not valid or represents an entry that does not
exist.
Validity of the DN can be verified is using isValidEntry()
method of the object returned.
roleDN
- role DNAMRole
object represented by DN.SSOException
- if single sign on token is invalid or expired.isValidEntry(java.lang.String)
public AMSchema getSchema(java.lang.String serviceName, AMSchema.Type schemaType) throws AMException
com.sun.identity.sm.ServiceSchemaManager.getSchema()
.
AMSchema
for the given service name and service
type.serviceName
- the name of the serviceschemaType
- the type of service schema that needs to be retrieved.AMSchema
corresponding to the
given service name and schema type.AMException
- if an error is encountered in retrieving
the AMSchema
.public java.util.Set getSchemaTypes(java.lang.String serviceName) throws AMException
com.sun.identity.sm.ServiceSchemaManager.getSchemaTypes()
.
serviceName
- the name of the service whose schema
types needs to be retrievedAMSchema.Type
objectsAMException
- if an error is encountered in retrieving
the schemaTypes
.public java.util.Set getServiceHierarchy() throws AMException
AMException
- if an error is encountered in retrieving
the service hierarchy. The return value is a Set of strings
in slash format.public java.util.Set getServiceNames() throws AMException
AMException
- if an error is encountered in retrieving
the names of the servicespublic AMStaticGroup getStaticGroup(java.lang.String groupDN) throws SSOException
AMStaticGroup
object represented
by DN. However, the validity of the handle returned by this method cannot
be guaranteed, since the object is created in memory, and not
instantiated from the data store. Using the AMStaticGroup
returned from this method may result in exceptions thrown in the later
part of the application, if the DN is not valid or represents an entry
that does not exist.
Validity of the DN can be verified is using isValidEntry()
method of the object returned.
groupDN
- group DNAMStaticGroup
object represented by DN.SSOException
- if single sign on token is invalid or expired.isValidEntry(java.lang.String)
public java.util.Set getTopLevelContainers() throws AMException, SSOException
DBObjects
that are top level containers for
the signed in user.AMException
- if an error occurred when retrieving the information
from the data store.SSOException
- if single sign on token is invalid or expired.public java.util.Set getTopLevelOrganizations() throws AMException, SSOException
AMException
- if an error occurred when retrieving the information
from the data store.SSOException
- if single sign on token is invalid or expired.public AMUser getUser(java.lang.String userDN) throws SSOException
AMUser
object represented by DN.
However, the validity of the handle returned by this method cannot be
guaranteed, since the object is created in memory, and not instantiated
from the data store. Using the AMUser
returned from this
method may result in exceptions thrown in the later part of the
application, if the DN is not valid or represents an entry that does
not exist.
Validity of the DN can be verified is using isValidEntry()
method of the object returned.
userDN
- user DNAMUser
object represented by DNSSOException
- if single sign on token is invalid or expired.isValidEntry(java.lang.String)
public AMEntity getEntity(java.lang.String eDN) throws SSOException
AMEntity
object represented by DN.
However, the validity of the handle returned by this method cannot be
guaranteed, since the object is created in memory, and not instantiated
from the data store. Using the AMEntity
returned from
this method may result in exceptions thrown in the later part of the
application, if the DN is not valid or represents an entry that does
not exist.
Validity of the DN can be verified is using isValidEntry()
method of the object returned.
eDN
- entity DN.AMEntity
object represented by DN.SSOException
- if single sign on token is invalid or expired.isValidEntry(java.lang.String)
public boolean isValidEntry(java.lang.String dn) throws SSOException
NOTE: This method internally invokes a call to the directory to verify the existence of the entry. There could be a performance overhead. Hence, please use your discretion while using this method.
dn
- DN of the entry that needs to be validated.SSOException
- if the single sign on token is no longer valid.public AMOrganization createTopOrganization(java.lang.String orgName, java.util.Map avPairs) throws AMException, SSOException
orgName
- name of the top organizationavPairs
- Attribute-Value pairs for the top organizationAMException
- if an error occurred during the process of creation.SSOException
- if single sign on token is invalid or expired.public void purge(java.lang.String domainName, int graceperiod) throws AMException, SSOException
callbacks
for users are executed during this
method.domainName
- domain to be purgedgraceperiod
- time in days which should have passed since the entry was
last modified before it can be deleted from the system.AMException
- if an error occurred when retrieving the information
from the data store.SSOException
- if single sign on token is invalid or expired.public void purgeUser(java.lang.String uid, java.lang.String domainName, int graceperiod) throws AMException, SSOException
callbacks
throw an exception the
delete operation is aborted.uid
- user IDdomainName
- domain in which the user belongs.graceperiod
- time in days which should have passed
before this user can be deleted.AMException
- if there is an error in deleting the user, or if
the user callbacks
thrown an exceptionSSOException
- public void purgeResource(java.lang.String rid, java.lang.String domainName, int graceperiod) throws AMException, SSOException
callbacks
throw an exception the
delete operation is aborted.rid
- resource IDdomainName
- domain in which the user belongs.graceperiod
- time in days which should have passed
before this user can be deleted.AMException
- if there is an error in deleting the user, or if
the user callbacks
thrown an exceptionSSOException
- public void purgeGroup(java.lang.String gid, java.lang.String domainName, int graceperiod) throws AMException, SSOException
callbacks
throw an exception the
delete operation is aborted.gid
- group namedomainName
- domain in which the group belongs.graceperiod
- time in days which should have passed
before this user can be deleted. If a -1 is passed, group
is deleted right away without check on graceperiod
.AMException
- if there is an error in deleting the group, or if
the callbacks
thrown an exceptionSSOException
- public java.util.Set getEntityTypes()
com.iplanet.am.sdk.AMEntityType
objects, which is the set of objects which are supported by
the com.iplanet.am.sdk.AMEntity
APIs.AMEntityType
objects.
|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: INNER | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |