com.iplanet.am.sdk

Class AMCallBack

java.lang.Object

com.iplanet.am.sdk.AMCallBack

Direct Known Subclasses:

SubjectReferentialIntegrityPlugin

Deprecated.

As of Sun Java System Access Manager 7.1.

public class AMCallBack
extends Object

A Plugin Class that needs to be extended by external applications in-order to do some special pre/post-processing for creation/deletion and modification operations for User, Organization, Roles and Groups. The implementation classes/module(s) are pluggable and are configurable through the Organization attribute: iplanet-am-admin-console-pre-post-processing-modules of the iPlanetAMAdminConsoleService service.

For call backs pertaining to Organizations and Organizational Units, the parent organization's configuration ( iPlanetAMAdminConsoleService Organization configuration) will be used to obtain the plugin modules.

The call backs will be made at the time of performing one of the corresponding User/Organization/Role/Group operations (create/modify/delete and attribute fetch) by the Sun Java System Access Manager SDK. Applications that need to perform special pre/post processing for one or more of the above operations, should extend the class and override the corresponding methods.

The API's for pre call back provide a mechanism to inspect the attributes being modified and also modify the values appropriately if required. Care should be taken while performing such modifications, so that it will not affect other plugins which are dependent on the same attributes.

Note:

• When more than one plugin modules are configured at a particular Organization level, the call backs for each of the plugins will occur one after the other. Also, note that the order in which plugins are called back is cannot pre-determined in any way.

• Since the methods of this class will be invoked by the Identity Server SDK and will control the flow of SDK, extreme caution should be taken while overriding these methods to avoid performance bottle necks.

• The exceptions thrown by the pre-processing methods of this class will be treated as a failure of external processing and the operation in progress will be halted by the SDK. The exception thrown should include a proper user specific localized error message which can be propagated back to the application using the SDK. The locale of the user should to be determined using token of the authenticated user while constructing such a localized message.

Constructor Summary

Constructors

Modifier	Constructor and Description
protected	AMCallBack() Deprecated.

Method Summary

Modifier and Type	Method and Description
Map	getAttributes(SSOToken token, String entryDN, Set attrNames) Deprecated. This method provides a mechanism for applications to obtain attributes external to the Access Manager data store.
void	postProcessAddUser(SSOToken token, String entryDN, Set members, int objectType) Deprecated. Method which gets invoked after users are added to a role/group.
void	postProcessCreate(SSOToken token, String entryDN, Map attributes, int objectType) Deprecated. Method which gets invoked after a entry create operation is performed.
void	postProcessDelete(SSOToken token, String entryDN, Map attributes, boolean softDelete, int objectType) Deprecated. Method which gets invoked after a entry entry is deleted.
void	postProcessModify(SSOToken token, String entryDN, Map oldAttributes, Map newAttributes, int objectType) Deprecated. Method which gets invoked after a entry is modified
void	postProcessRemoveUser(SSOToken token, String entryDN, Set members, int objectType) Deprecated. Method which gets invoked after users are removed from a role/group.
Set	preProcessAddUser(SSOToken token, String entryDN, Set members, int objectType) Deprecated. Method which gets called before users are added to a role/group.
Map	preProcessCreate(SSOToken token, String entryDN, Map attributes, int objectType) Deprecated. Method which gets invoked before a create operation is performed.
void	preProcessDelete(SSOToken token, String entryDN, Map attributes, boolean softDeleteEnabled, int objectType) Deprecated. Method which gets invoked before an entry is deleted.
Map	preProcessModify(SSOToken token, String entryDN, Map oldAttributes, Map newAttributes, int objectType) Deprecated. Method which gets invoked before a modify operation is performed.
Set	preProcessRemoveUser(SSOToken token, String entryDN, Set members, int objectType) Deprecated. Method which gets called before users are removed from a role/group.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

AMCallBack

protected AMCallBack()

Deprecated.

Method Detail

getAttributes

public Map getAttributes(SSOToken token,
                         String entryDN,
                         Set attrNames)

Deprecated.

This method provides a mechanism for applications to obtain attributes external to the Access Manager data store. This callback gets invoked when any of the AMObject.getAttributes() methods are called. When multiple plugins override this method, then attributes returned from each of them will be merged and returned. When the getAttribute() method that request specific attributes the call backs are made only for those attributes that are not found in the Access Manager's data store. If the getAttributes() which do not request any specific attributes is called, the call back will take place after obtaining all the attributes for the corresponding entry from the Access Manager's data store.
NOTE:

• This callback is not enabled by default. In order for this call back to be invoked, the organizational attribute: iplanet-am-admin-console-external-attribute-fetch-enabled of the iPlanetAMAdminConsoleService service should be set to enabled
• Overriding this method would cause significant performance impact. Hence, extreme caution should be taken while overriding this method to avoid processing overhead.
• The attributes returned by the plugins will not be cached by SDK. Hence, in order to avoid performance overheads, it is recommended that plugin's maintain a local cache of frequently attributes. Also, the cache needs to be in sync with any modifications made to those attributes.

Parameters:

token - the SSOToken

entryDN - the DN of the entry being added

attrNames - names of attributes that need to retrieved. If null, all attributes should be returned.

Returns:

a Map of attributes, where the key is the attribute name and the value is a Set of values. This map of attributes will be copied to the original map retrieved from the Access Manager data store and will be returned to the caller.

preProcessCreate

public Map preProcessCreate(SSOToken token,
                            String entryDN,
                            Map attributes,
                            int objectType)
                     throws AMPreCallBackException

Deprecated.

Method which gets invoked before a create operation is performed.

Parameters:

token - the SSOToken

entryDN - the DN of the entry being added

attributes - a map consisting of attribute names and a set of values for each of them. This map of attributes can be inspected, modified and sent back. Note, caution should be taken while performing modifications to avoid changing attributes that are used by Access Manager. If no modifications need to done, either the original map or null value can be returned.

objectType - represents the type of entry on which the operation is being performed. Types could be:

• AMObject.USER
• AMObject.ROLE
• AMObject.FILTERED_ROLE
• AMObject.ORGANIZATION
• AMObject.ORGANIZATIONAL_UNIT
• AMObject.GROUP
• AMObject.DYNAMIC_GROUP
• AMObject.ASSIGNABLE_DYNAMIC_GROUP

Returns:

Map of updated values for attributes or null. If this returned map is not null, then this map will be used while performing the operation.

Throws:

AMPreCallBackException - if an error that occurs during pre processing. The SDK will not proceed with the create operation, if any one of the implementation classes throws an exception. A user specific localized message should be sent as part of the exception message. The specific messages can be added to amProfile.properties file.

preProcessModify

public Map preProcessModify(SSOToken token,
                            String entryDN,
                            Map oldAttributes,
                            Map newAttributes,
                            int objectType)
                     throws AMPreCallBackException

Deprecated.

Method which gets invoked before a modify operation is performed.

Parameters:

token - the SSOToken

entryDN - the DN of the entry being modified

oldAttributes - a map consisting of attribute names and a set of values for each of them before modification

newAttributes - a map consisting of attribute names and a set of values for each of them after modification. This map of attributes can be inspected, modified and sent back. Note, caution should be taken while performing modifications to avoid changing attributes that are used by Access Manager. If no modifications need to done, either the original map or null value can be returned.

objectType - represents the type of entry on which the operation is being performed. Types could be:

• AMObject.USER
• AMObject.ROLE
• AMObject.FILTERED_ROLE
• AMObject.ORGANIZATION
• AMObject.ORGANIZATIONAL_UNIT
• AMObject.GROUP
• AMObject.DYNAMIC_GROUP
• AMObject.ASSIGNABLE_DYNAMIC_GROUP

Returns:

Map of updated values for newAttributes or null. If this returned map is not null, then this map will be used while performing the operation.

Throws:

AMPreCallBackException - if an error occurs pre processing. The SDK will not proceed with the modify operation, if any one of the implementation classes throws an exception. A user specific localized message should be sent as part of the exception message. The specific messages can be added to amProfile.properties file.

preProcessDelete

public void preProcessDelete(SSOToken token,
                             String entryDN,
                             Map attributes,
                             boolean softDeleteEnabled,
                             int objectType)
                      throws AMPreCallBackException

Deprecated.

Method which gets invoked before an entry is deleted. The deletion type configured in Sun Java System Access Manager is also passed as a parameter to this method.

Parameters:

token - the SSOToken

entryDN - the DN of the entry being deleted

attributes - a map consisting of attribute names and a set of values for each of them.

softDeleteEnabled - if true soft delete will be performed Otherwise hard delete will be performed.

objectType - represents the type of entry on which the operation is being performed. Types could be:

• AMObject.USER
• AMObject.ROLE
• AMObject.FILTERED_ROLE
• AMObject.ORGANIZATION
• AMObject.ORGANIZATIONAL_UNIT
• AMObject.GROUP
• AMObject.DYNAMIC_GROUP
• AMObject.ASSIGNABLE_DYNAMIC_GROUP

Throws:

AMPreCallBackException - if an error occurs during entry delete pre-processing. The SDK will not proceed with the delete operation, if any one of the implementation classes throws an exception. A user specific localized message should be sent as part of the exception message. The specific messages can be added to amProfile.properties file.

postProcessCreate

public void postProcessCreate(SSOToken token,
                              String entryDN,
                              Map attributes,
                              int objectType)
                       throws AMPostCallBackException

Deprecated.

Method which gets invoked after a entry create operation is performed.

Parameters:

token - the SSOToken

entryDN - the DN of the entry being added

attributes - a map consisting of attribute names and a set of values for each of them

objectType - represents the type of entry on which the operation is being performed. Types could be:

• AMObject.USER
• AMObject.ROLE
• AMObject.FILTERED_ROLE
• AMObject.ORGANIZATION
• AMObject.ORGANIZATIONAL_UNIT
• AMObject.GROUP
• AMObject.DYNAMIC_GROUP
• AMObject.ASSIGNABLE_DYNAMIC_GROUP

Throws:

AMPostCallBackException - if an error occurs during post processing. A user specific localized message should be sent as part of the exception message. The specific messages can be added to amProfile.properties file.

postProcessModify

public void postProcessModify(SSOToken token,
                              String entryDN,
                              Map oldAttributes,
                              Map newAttributes,
                              int objectType)
                       throws AMPostCallBackException

Deprecated.

Method which gets invoked after a entry is modified

Parameters:

token - the SSOToken

entryDN - the DN of the entry being modified

oldAttributes - a map consisting of attribute names and a set of values for each of them before modification

newAttributes - a map consisting of attribute names and a set of values for each of them after modification

objectType - represents the type of entry on which the operation is being performed. Types could be:

• AMObject.USER
• AMObject.ROLE
• AMObject.FILTERED_ROLE
• AMObject.ORGANIZATION
• AMObject.ORGANIZATIONAL_UNIT
• AMObject.GROUP
• AMObject.DYNAMIC_GROUP
• AMObject.ASSIGNABLE_DYNAMIC_GROUP

Throws:

AMPostCallBackException - if an error occurs during post processing. A user specific localized message should be sent as part of the exception message. The specific messages can be added to amProfile.properties file.

postProcessDelete

public void postProcessDelete(SSOToken token,
                              String entryDN,
                              Map attributes,
                              boolean softDelete,
                              int objectType)
                       throws AMPostCallBackException

Deprecated.

Method which gets invoked after a entry entry is deleted. The deletion type configured in Sun Java System Access Manager is also passed as a parameter to this method.

Parameters:

token - the SSOToken

entryDN - the DN of the entry being deleted

attributes - a map consisting of attribute names and a set of values for each of them

softDelete - If true, this implies that the object is just being marked for deletion, if false, then it implies that the object is being removed from the data store.

objectType - represents the type of entry on which the operation is being performed. Types could be:

• AMObject.USER
• AMObject.ROLE
• AMObject.FILTERED_ROLE
• AMObject.ORGANIZATION
• AMObject.ORGANIZATIONAL_UNIT
• AMObject.GROUP
• AMObject.DYNAMIC_GROUP
• AMObject.ASSIGNABLE_DYNAMIC_GROUP

Throws:

AMPostCallBackException - if an error occurs during post processing. A user specific localized message should be sent as part of the exception message. The specific messages can be added to amProfile.properties file.

preProcessAddUser

public Set preProcessAddUser(SSOToken token,
                             String entryDN,
                             Set members,
                             int objectType)
                      throws AMPreCallBackException

Deprecated.

Method which gets called before users are added to a role/group.

Parameters:

token - the SSOToken

entryDN - the DN of the entry being added

members - a set consisting of user DN's. This set of members can be inspected, modified (users can be added/removed) and sent back. If no modifications need to done, either the original set or null value can be returned.

objectType - represents the type of entry on which the operation is being performed. Types could be:

• AMObject.ROLE
• AMObject.GROUP
• AMObject.ASSIGNABLE_DYNAMIC_GROUP

Returns:

Set of updated values for members or null. If null value or empty set is returned, no users will be added. Hence, if no modification is being performed to the original set, it needs to be back.

Throws:

AMPreCallBackException - if an error occurs during pre processing. The SDK will not proceed with the adding users to role/group operation, if any one of the implementation classes throws an exception. A user specific localized message should be sent as part of the exception message. The specific messages can be added to amProfile.properties file.

postProcessAddUser

public void postProcessAddUser(SSOToken token,
                               String entryDN,
                               Set members,
                               int objectType)
                        throws AMPostCallBackException

Deprecated.

Method which gets invoked after users are added to a role/group.

Parameters:

token - the SSOToken

entryDN - the DN of the entry being added

members - a Set consisting of user DN's which represent the users added to the role/group.

objectType - represents the type of entry on which the operation is being performed. Types could be:

• AMObject.ROLE
• AMObject.GROUP
• AMObject.ASSIGNABLE_DYNAMIC_GROUP

Throws:

AMPostCallBackException - if an error occurs during post processing. A user specific localized message should be sent as part of the exception message. The specific messages can be added to amProfile.properties file.

preProcessRemoveUser

public Set preProcessRemoveUser(SSOToken token,
                                String entryDN,
                                Set members,
                                int objectType)
                         throws AMPreCallBackException

Deprecated.

Method which gets called before users are removed from a role/group.

Parameters:

token - the SSOToken

entryDN - the DN of the entry being added

members - a set consisting of user DN's. This set of members can be inspected, modified (users can be added/removed) and sent back. If no modifications need to done, either the original set or null value can be returned.

objectType - represents the type of entry on which the operation is being performed. Types could be:

• AMObject.ROLE
• AMObject.GROUP
• AMObject.ASSIGNABLE_DYNAMIC_GROUP

Returns:

Set of updated values for members or null. If null value or empty set is returned, no users will be removed. Hence, if no modification is being performed to the original set, it needs to be back.

Throws:

AMPreCallBackException - if an error that occurs during pre processing. The SDK will not proceed with the removing users from role/group operation, if any one of the implementation classes throws an exception. A user specific localized message should be sent as part of the exception message. The specific messages can be added to amProfile.properties file.

postProcessRemoveUser

public void postProcessRemoveUser(SSOToken token,
                                  String entryDN,
                                  Set members,
                                  int objectType)
                           throws AMPostCallBackException

Deprecated.

Method which gets invoked after users are removed from a role/group.

Parameters:

token - the SSOToken

entryDN - the DN of the entry being added

members - a Set consisting of user DN's which represent the users added to the role/group.

objectType - represents the type of entry on which the operation is being performed. Types could be:

• AMObject.ROLE
• AMObject.GROUP
• AMObject.ASSIGNABLE_DYNAMIC_GROUP

Throws:

AMPostCallBackException - if an error occurs during post processing. A user specific localized message should be sent as part of the exception message. The specific messages can be added to amProfile.properties file.