com.iplanet.ums

Class ManagedRole

java.lang.Object

com.iplanet.ums.PersistentObject

com.iplanet.ums.BaseRole

com.iplanet.ums.ManagedRole

All Implemented Interfaces:

IAssignableMembership, IMembership, IRole, ISearch, IUMSConstants, Serializable

public class ManagedRole
extends BaseRole
implements IAssignableMembership

ManagedRole is a role implementation of the membership interface IAssignableMembership. ManagedRole maps to nsManagedRoleDefinition of iPlanet Directory Server. Member objects added to the role should allow nsRoleDN attribute. When a member is added to the role, the DN of the role is added to the member's nsRoleDN attribute. When a member is removed from the role, the DN of the role is removed from the member's nsRoleDN attribute value.

See Also:

Serialized Form

Field Summary

Fields

Modifier and Type	Field and Description
static String	COMPUTED_MEMBER_ATTR_NAME Name of the computed member attribute, which would be computed by Directory server for role, when the member entry is read.
static String[]	MANAGEDROLE_ATTRIBUTES The attribute that is must for ManagedRole.
static String[]	MANAGEDROLE_OBJECTCLASSES LDAP object classes that define the nsManagedRoleDefinition, the iPlanet Directory Server object class, that maps to ManagedRole
static String	MEMBER_ATTR_NAME Name of the member attribute, which is modified when the member is added to/removed from the role.

Fields inherited from interface com.iplanet.ums.IUMSConstants

ADD_NULL_OBJ, ATTR_NOT_ALLOWED, ATTRIBUTETYPE_NOT_FOUND, BAD_ATTRNAMES, BAD_CHILD_OBJ, BAD_CLASS, BAD_COS_ATTR_QUALIFIER, BAD_GUID, BAD_ID, BAD_NAMING_ATTR, BAD_OBJ_TO_ADD, BAD_PRINCIPAL_HDL, BAD_STRUCTURE_TEMPLATE_PRIORITY, BAD_TEMPLATE, BAD_TOKEN_HDL, COMPOSE_GUID_FAILED, CONFIG_MGR_ERROR, COS_DEF_OR_TARGET_OBJECT_NULL, COS_DEFINITION_NOT_FOUND, COS_DEFINITION_NOT_PERSISTENT, COS_TARGET_OBJECT_DIFFERENT_TREE, COS_TARGET_OBJECT_NOT_PERSISTENT, COS_TEMPLATE_NOT_FOUND, DATA_CONSTRAINT, DEFINITION_NOT_PERSISTENT, DEL_NULL_OBJ, DSCFG_CONNECTFAIL, DSCFG_CTRLERROR, DSCFG_DIRSERVER_NODE_EXPECTED, DSCFG_INVALID_BASE_DN, DSCFG_JSSSFFAIL, DSCFG_NO_FILE_PATH, DSCFG_NOCFGMGR, DSCFG_SERVER_NOT_FOUND, DSCFG_SERVERGROUP_NODE_EXPECTED, DSCFG_UNSUPPORTEDLSTNRTYPE, DSCFG_UNSUPPORTEDSERVERCTRL, ENTRY_ALREADY_EXISTS, ENTRY_NOT_FOUND, ERROR_CM, ERROR_CM_INITIATE, ILLEGAL_ADGROUP_SCOPE, ILLEGAL_GROUP_SCOPE, INSTANCE_FAILED, INSUFFICIENT_ACCESS_ADD, INSUFFICIENT_ACCESS_DELETE, INVALID_COS_ATTRIBUTE_QUALIFIER, INVALID_COSDEFINITION, INVALID_TOKEN, MISSING_TEMPL_NAME, MULTIPLE_ENTRY, NEW_INSTANCE_FAILED, NEXT_ENTRY_FAILED, NO_NAMING_ATTR, NO_POLICY_DOMAIN, NO_RECURSION_ALLOW, NO_REQUIRED, NO_VALUE, NULL_GUIDS, NULL_PRINCIPAL, NULL_SESSION, NULL_TOKEN, OBJECT_NOT_PERSISTENT, OBJECTCLASS_NOT_FOUND, PERSISTENT_OBJECT_PARAM_NULL, POLICIES_DO_NOT_MATCH_BY_NAME_RESOURCE_ACTION, POLICY_DOMAIN_NOT_FOUND, POLICY_EXISTS_FOR_NAME, POLICY_EXISTS_FOR_RESOURCE_ACTION, POLICY_NOT_FOUND, POLICY_ROOT_NOT_FOUND, READ_ATTRIBUTES_ERROR, READING_LDIF_FAILED, REPLACE_DEFINITION_NOT_PERSISTENT, ROLE_CONTAINED, SEARCH_FAILED, services_validator_initialize_failed, services_validator_invalid_attr_name, services_validator_invalid_attr_schema, services_validator_schema_does_not_exist, SMS_ADD_SUB_CONFIG_FAILED, SMS_ADMIN_LIMIT_EXCEEDED, SMS_ATTR_LIST_NEEDED, SMS_ATTR_NAME_NOT_FOUND, SMS_ATTR_OR_VAL_EXISTS, SMS_ATTR_SYNTAX_NOT_FOUND, SMS_AUTHENTICATION_ERROR, SMS_CAN_NOT_CONSTRUCT_SERVICE_MANAGER, SMS_CANNOT_CREATE_INSTANCE, SMS_CANNOT_CREATE_PLACE_HOLDER_NODE, SMS_EVENT_NOTIFICATION_FAILED, SMS_failed_to_get_schema_manager, SMS_INSUFFICIENT_ACCESS_RIGHTS, SMS_INVALID_ATTR_ENTRY, SMS_INVALID_ATTR_NAME, SMS_INVALID_CLASS_NAME, SMS_INVALID_CONFIG_NAME, SMS_INVALID_DN, SMS_INVALID_METHOD, SMS_INVALID_OP_VALUE, SMS_INVALID_PARAMETERS, SMS_INVALID_SEARCH_BASE, SMS_INVALID_SEARCH_ORDER_PARAMETER, SMS_INVALID_SEARCH_PATTERN, SMS_LDAP_NOT_SUPPORTED, SMS_LDAP_OPERATION_FAILED, SMS_LDAP_REFERRAL_EXCEPTION, SMS_LDAP_SERVER_BUSY, SMS_NO_ATTRIBUTE_IN_ENTRY, SMS_NO_SUCH_ATTRIBUTE, SMS_NO_SUCH_OBJECT, SMS_NODE_ALREADY_EXISTS, SMS_OC_NAME_NOT_FOUND, SMS_organization_already_exists_no_args, SMS_READONLY_OBJ, SMS_SERVER_DOWN, SMS_SERVER_INSTANCE_NOT_FOUND, SMS_service_already_exists, SMS_service_already_exists_no_args, SMS_service_does_not_exist, SMS_SERVICE_NAME_NOT_FOUND, SMS_SERVICE_NODE_NOT_FOUND, SMS_services_node_does_not_exist, SMS_SMSSchema_exception_message, SMS_SMSSchema_invalid_input_stream, SMS_SMSSchema_invalid_xml_document, SMS_SMSSchema_no_schema_element, SMS_SMSSchema_no_service_element, SMS_SMSSchema_parser_error, SMS_SMSSchema_service_notfound, SMS_SUB_CONFIG_DOES_NOT_EXIST, SMS_TIME_LIMIT_EXCEEDED, SMS_UNEXPECTED_LDAP_EXCEPTION, SMS_UNKNOWN_EXCEPTION_OCCURRED, SMS_VALIDATOR_CANNOT_INSTANTIATE_CLASS, SMS_VALUE_DOES_NOT_EXIST, SMS_xml_invalid_doc_type, SMS_XML_PARSER_EXCEPTION, SMSSCHEMA_SERVICE_NOTFOUND, SSO_ILLEGALACCESS, SSO_NOPROVIDERCLASS, SSO_NOPROVIDERINSTANCE, SSO_NOPROVIDERPROPERTY, STRUCTURE_TEMPLATE_ATTRSET_NULL, TEMPLATE_NO_ATTR, UMS_BUNDLE_NAME, UMS_DEBUG, UMS_PKG, UNABLE_TO_ADD_ENTRY, UNABLE_TO_DELETE_ENTRY, UNABLE_TO_READ_ENTRY, UNMATCHED_CLASS, USER_NOT_IN_GROUP_SCOPE

Constructor Summary

Constructors

Constructor and Description
ManagedRole() No argument constructor
ManagedRole(CreationTemplate template, AttrSet attrSet) Constructs a ManagedRole object in memory with a given template.

Method Summary

Modifier and Type	Method and Description
void	addMember(Guid guid) Adds a member to the role.
void	addMember(PersistentObject member) Adds a member to the role.
void	addMembers(Guid[] guids) Adds a list of members to the role.
int	getMemberCount() Gets the member count.
Guid	getMemberIDAt(int index) Gets the GUID of the member at the given index (zero-based).
SearchResults	getMemberIDs() Gets the members of the group.
SearchResults	getMemberIDs(String filter) Returns the members of the group meeting the filter condition.
protected SearchResults	getMemberIDs(String[] attributes) Gets the members of the role.
protected SearchResults	getMemberIDs(String[] attributes, String filter) Gets the members of the role meeting the filter condition.
boolean	hasMember(Guid guid) Checks if a given identifier is a member of the role.
void	removeAllMembers() Removes all members of the role.
void	removeMember(Guid guid) Removes a member from the group.
void	removeMember(PersistentObject member) Removes a member from the role.

Methods inherited from class com.iplanet.ums.BaseRole

getAccessRight, hasMember, newAccessRight

Methods inherited from class com.iplanet.ums.PersistentObject

addACI, addAttributeValue, addChild, changePassword, deleteACI, getACI, getACI, getAttribute, getAttribute, getAttributeNames, getAttributes, getAttributes, getAttributes, getAttrSet, getChildren, getChildren, getChildren, getDN, getGuid, getNamingAttribute, getParentGuid, getParentObject, getRoles, idToDN, isMemberOf, isPersistent, modify, modify, modify, remove, removeAttribute, removeAttributeValue, removeChild, removeChild, rename, replaceACI, save, search, search, search, setAttribute, setAttribute, setAttrSet, setGuid, toString

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Methods inherited from interface com.iplanet.ums.IRole

getGuid

Field Detail

MEMBER_ATTR_NAME

public static final String MEMBER_ATTR_NAME

Name of the member attribute, which is modified when the member is added to/removed from the role. To be added as a member of the role, the member object should allow this attribute.

See Also:

Constant Field Values

COMPUTED_MEMBER_ATTR_NAME

public static final String COMPUTED_MEMBER_ATTR_NAME

Name of the computed member attribute, which would be computed by Directory server for role, when the member entry is read.

See Also:

Constant Field Values

MANAGEDROLE_OBJECTCLASSES

public static final String[] MANAGEDROLE_OBJECTCLASSES

LDAP object classes that define the nsManagedRoleDefinition, the iPlanet Directory Server object class, that maps to ManagedRole

MANAGEDROLE_ATTRIBUTES

public static final String[] MANAGEDROLE_ATTRIBUTES

The attribute that is must for ManagedRole. Any creation template for ManagedRole should have this attribute

Constructor Detail

ManagedRole

public ManagedRole()

No argument constructor

ManagedRole

public ManagedRole(CreationTemplate template,
                   AttrSet attrSet)
            throws UMSException

Constructs a ManagedRole object in memory with a given template. One needs to call save method to save the new object to persistent storage.

Parameters:

template - Template for creating a group

attrSet - Attribute/value set

Throws:

UMSException - on failure to instantiate

Method Detail

addMember

public void addMember(PersistentObject member)
               throws UMSException

Adds a member to the role. The change is saved to persistent storage.

Specified by:

addMember in interface IAssignableMembership

Parameters:

member - Object to be added as member

Throws:

UMSException - on failure to save to persistent storage

addMember

public void addMember(Guid guid)
               throws UMSException

Adds a member to the role. The change is saved to persistent storage.

Specified by:

addMember in interface IAssignableMembership

Parameters:

guid - Globally unique identifier for the member to be added.

Throws:

UMSException - if fail to save to persistent storage.

addMembers

public void addMembers(Guid[] guids)
                throws UMSException

Adds a list of members to the role. The change is saved to persistent storage.

Specified by:

addMembers in interface IAssignableMembership

Parameters:

guids - Array of member guids to be added as members to the role

Throws:

UMSException - on failure to save to persistent storage

getMemberIDs

protected SearchResults getMemberIDs(String[] attributes)
                              throws UMSException

Gets the members of the role.

Parameters:

attributes - Attributes to return

Returns:

SearchResults to iterate over members of the role

Throws:

UMSException - on failure to search

getMemberIDs

protected SearchResults getMemberIDs(String[] attributes,
                                     String filter)
                              throws InvalidSearchFilterException,
                                     UMSException

Gets the members of the role meeting the filter condition.

Parameters:

attributes - Attributes to return

filter - LDAP filter to select a subset of members

Returns:

SearchResults to iterate over members of the role

Throws:

InvalidSearchFilterException - on invalid search filter

UMSException - on failure to search

getMemberIDs

public SearchResults getMemberIDs()
                           throws UMSException

Gets the members of the group.

Specified by:

getMemberIDs in interface IMembership

Returns:

Iterator for unique identifiers for members of the role

Throws:

UMSException - on failure to search

getMemberIDs

public SearchResults getMemberIDs(String filter)
                           throws UMSException

Returns the members of the group meeting the filter condition.

Parameters:

filter - LDAP filter to select a subset of members

Returns:

SearchResults that can be used to iterate over the unique identifiers for members of the role.

Throws:

UMSException - if fail to search.

getMemberCount

public int getMemberCount()
                   throws UMSException

Gets the member count.

Specified by:

getMemberCount in interface IMembership

Returns:

Number of members of the role

Throws:

UMSException - on failure to search

getMemberIDAt

public Guid getMemberIDAt(int index)
                   throws UMSException

Gets the GUID of the member at the given index (zero-based).

Specified by:

getMemberIDAt in interface IMembership

Parameters:

index - Zero-based index into the group container

Returns:

Unique identifier for a member

Throws:

UMSException - on failure to search

removeMember

public void removeMember(PersistentObject member)
                  throws UMSException

Removes a member from the role. The change is saved to persistent storage.

Specified by:

removeMember in interface IAssignableMembership

Parameters:

member - member to be removed from the role

Throws:

UMSException - on failure to save to persistent storage

removeMember

public void removeMember(Guid guid)
                  throws UMSException

Removes a member from the group. The change is saved to persistent storage.

Specified by:

removeMember in interface IAssignableMembership

Parameters:

guid - Unique identifier for the member to be removed

Throws:

UMSException - on failure to save to persistent storage

removeAllMembers

public void removeAllMembers()
                      throws UMSException

Removes all members of the role.

Specified by:

removeAllMembers in interface IAssignableMembership

Throws:

UMSException - on failure to save to persistent storage

hasMember

public boolean hasMember(Guid guid)
                  throws UMSException

Checks if a given identifier is a member of the role.

Specified by:

hasMember in interface IMembership

Parameters:

guid - guid of the member to be checked for membership

Returns:

true if it is a member

Throws:

UMSException - on failure to read object for guid