Package com.iplanet.ums
Class ManagedRole
- java.lang.Object
-
- com.iplanet.ums.PersistentObject
-
- com.iplanet.ums.BaseRole
-
- com.iplanet.ums.ManagedRole
-
- All Implemented Interfaces:
IAssignableMembership
,IMembership
,IRole
,ISearch
,IUMSConstants
,Serializable
public class ManagedRole extends BaseRole implements IAssignableMembership
ManagedRole is a role implementation of the membership interface IAssignableMembership. ManagedRole maps to nsManagedRoleDefinition of iPlanet Directory Server. Member objects added to the role should allow nsRoleDN attribute. When a member is added to the role, the DN of the role is added to the member's nsRoleDN attribute. When a member is removed from the role, the DN of the role is removed from the member's nsRoleDN attribute value.- See Also:
- Serialized Form
-
-
Field Summary
Fields Modifier and Type Field Description static String
COMPUTED_MEMBER_ATTR_NAME
Name of the computed member attribute, which would be computed by Directory server for role, when the member entry is read.static String[]
MANAGEDROLE_ATTRIBUTES
The attribute that is must for ManagedRole.static String[]
MANAGEDROLE_OBJECTCLASSES
LDAP object classes that define the nsManagedRoleDefinition, the iPlanet Directory Server object class, that maps to ManagedRolestatic String
MEMBER_ATTR_NAME
Name of the member attribute, which is modified when the member is added to/removed from the role.-
Fields inherited from interface com.iplanet.ums.IUMSConstants
ADD_NULL_OBJ, ATTR_NOT_ALLOWED, ATTRIBUTETYPE_NOT_FOUND, BAD_ATTRNAMES, BAD_CHILD_OBJ, BAD_CLASS, BAD_COS_ATTR_QUALIFIER, BAD_GUID, BAD_ID, BAD_NAMING_ATTR, BAD_OBJ_TO_ADD, BAD_PRINCIPAL_HDL, BAD_STRUCTURE_TEMPLATE_PRIORITY, BAD_TEMPLATE, BAD_TOKEN_HDL, COMPOSE_GUID_FAILED, CONFIG_MGR_ERROR, COS_DEF_OR_TARGET_OBJECT_NULL, COS_DEFINITION_NOT_FOUND, COS_DEFINITION_NOT_PERSISTENT, COS_TARGET_OBJECT_DIFFERENT_TREE, COS_TARGET_OBJECT_NOT_PERSISTENT, COS_TEMPLATE_NOT_FOUND, DATA_CONSTRAINT, DEFINITION_NOT_PERSISTENT, DEL_NULL_OBJ, DSCFG_CONNECTFAIL, DSCFG_CTRLERROR, DSCFG_DIRSERVER_NODE_EXPECTED, DSCFG_INVALID_BASE_DN, DSCFG_JSSSFFAIL, DSCFG_NO_FILE_PATH, DSCFG_NOCFGMGR, DSCFG_SERVER_NOT_FOUND, DSCFG_SERVERGROUP_NODE_EXPECTED, DSCFG_UNSUPPORTEDLSTNRTYPE, DSCFG_UNSUPPORTEDSERVERCTRL, ENTRY_ALREADY_EXISTS, ENTRY_NOT_FOUND, ERROR_CM, ERROR_CM_INITIATE, ILLEGAL_ADGROUP_SCOPE, ILLEGAL_GROUP_SCOPE, INSTANCE_FAILED, INSUFFICIENT_ACCESS_ADD, INSUFFICIENT_ACCESS_DELETE, INVALID_COS_ATTRIBUTE_QUALIFIER, INVALID_COSDEFINITION, INVALID_TOKEN, MISSING_TEMPL_NAME, MULTIPLE_ENTRY, NEW_INSTANCE_FAILED, NEXT_ENTRY_FAILED, NO_NAMING_ATTR, NO_POLICY_DOMAIN, NO_RECURSION_ALLOW, NO_REQUIRED, NO_VALUE, NULL_GUIDS, NULL_PRINCIPAL, NULL_SESSION, NULL_TOKEN, OBJECT_NOT_PERSISTENT, OBJECTCLASS_NOT_FOUND, PERSISTENT_OBJECT_PARAM_NULL, POLICIES_DO_NOT_MATCH_BY_NAME_RESOURCE_ACTION, POLICY_DOMAIN_NOT_FOUND, POLICY_EXISTS_FOR_NAME, POLICY_EXISTS_FOR_RESOURCE_ACTION, POLICY_NOT_FOUND, POLICY_ROOT_NOT_FOUND, READ_ATTRIBUTES_ERROR, READING_LDIF_FAILED, REPLACE_DEFINITION_NOT_PERSISTENT, ROLE_CONTAINED, SEARCH_FAILED, services_validator_initialize_failed, services_validator_invalid_attr_name, services_validator_invalid_attr_schema, services_validator_schema_does_not_exist, SMS_ADD_SUB_CONFIG_FAILED, SMS_ADMIN_LIMIT_EXCEEDED, SMS_ATTR_LIST_NEEDED, SMS_ATTR_NAME_NOT_FOUND, SMS_ATTR_OR_VAL_EXISTS, SMS_ATTR_SYNTAX_NOT_FOUND, SMS_AUTHENTICATION_ERROR, SMS_CAN_NOT_CONSTRUCT_SERVICE_MANAGER, SMS_CANNOT_CREATE_INSTANCE, SMS_CANNOT_CREATE_PLACE_HOLDER_NODE, SMS_EVENT_NOTIFICATION_FAILED, SMS_failed_to_get_schema_manager, SMS_INSUFFICIENT_ACCESS_RIGHTS, SMS_INVALID_ATTR_ENTRY, SMS_INVALID_ATTR_NAME, SMS_INVALID_CLASS_NAME, SMS_INVALID_CONFIG_NAME, SMS_INVALID_DN, SMS_INVALID_METHOD, SMS_INVALID_OP_VALUE, SMS_INVALID_PARAMETERS, SMS_INVALID_SEARCH_BASE, SMS_INVALID_SEARCH_ORDER_PARAMETER, SMS_INVALID_SEARCH_PATTERN, SMS_LDAP_NOT_SUPPORTED, SMS_LDAP_OPERATION_FAILED, SMS_LDAP_REFERRAL_EXCEPTION, SMS_LDAP_SERVER_BUSY, SMS_NO_ATTRIBUTE_IN_ENTRY, SMS_NO_SUCH_ATTRIBUTE, SMS_NO_SUCH_OBJECT, SMS_NODE_ALREADY_EXISTS, SMS_OC_NAME_NOT_FOUND, SMS_organization_already_exists_no_args, SMS_READONLY_OBJ, SMS_SERVER_DOWN, SMS_SERVER_INSTANCE_NOT_FOUND, SMS_service_already_exists, SMS_service_already_exists_no_args, SMS_service_does_not_exist, SMS_SERVICE_NAME_NOT_FOUND, SMS_SERVICE_NODE_NOT_FOUND, SMS_services_node_does_not_exist, SMS_SMSSchema_exception_message, SMS_SMSSchema_invalid_input_stream, SMS_SMSSchema_invalid_xml_document, SMS_SMSSchema_no_schema_element, SMS_SMSSchema_no_service_element, SMS_SMSSchema_parser_error, SMS_SMSSchema_service_notfound, SMS_SUB_CONFIG_DOES_NOT_EXIST, SMS_TIME_LIMIT_EXCEEDED, SMS_UNEXPECTED_LDAP_EXCEPTION, SMS_UNKNOWN_EXCEPTION_OCCURRED, SMS_VALIDATOR_CANNOT_INSTANTIATE_CLASS, SMS_VALUE_DOES_NOT_EXIST, SMS_xml_invalid_doc_type, SMS_XML_PARSER_EXCEPTION, SMSSCHEMA_SERVICE_NOTFOUND, SSO_ILLEGALACCESS, SSO_NOPROVIDERCLASS, SSO_NOPROVIDERINSTANCE, SSO_NOPROVIDERPROPERTY, STRUCTURE_TEMPLATE_ATTRSET_NULL, TEMPLATE_NO_ATTR, UMS_BUNDLE_NAME, UMS_DEBUG, UMS_PKG, UNABLE_TO_ADD_ENTRY, UNABLE_TO_DELETE_ENTRY, UNABLE_TO_READ_ENTRY, UNMATCHED_CLASS, USER_NOT_IN_GROUP_SCOPE
-
-
Constructor Summary
Constructors Constructor Description ManagedRole()
No argument constructorManagedRole(CreationTemplate template, AttrSet attrSet)
Constructs a ManagedRole object in memory with a given template.
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description void
addMember(Guid guid)
Adds a member to the role.void
addMember(PersistentObject member)
Adds a member to the role.void
addMembers(Guid[] guids)
Adds a list of members to the role.int
getMemberCount()
Gets the member count.Guid
getMemberIDAt(int index)
Gets the GUID of the member at the given index (zero-based).SearchResults
getMemberIDs()
Gets the members of the group.SearchResults
getMemberIDs(String filter)
Returns the members of the group meeting the filter condition.protected SearchResults
getMemberIDs(String[] attributes)
Gets the members of the role.protected SearchResults
getMemberIDs(String[] attributes, String filter)
Gets the members of the role meeting the filter condition.boolean
hasMember(Guid guid)
Checks if a given identifier is a member of the role.void
removeAllMembers()
Removes all members of the role.void
removeMember(Guid guid)
Removes a member from the group.void
removeMember(PersistentObject member)
Removes a member from the role.-
Methods inherited from class com.iplanet.ums.BaseRole
getAccessRight, hasMember, newAccessRight
-
Methods inherited from class com.iplanet.ums.PersistentObject
addACI, addAttributeValue, addChild, changePassword, deleteACI, getACI, getACI, getAttribute, getAttribute, getAttributeNames, getAttributes, getAttributes, getAttributes, getAttrSet, getChildren, getChildren, getChildren, getDN, getGuid, getNamingAttribute, getParentGuid, getParentObject, getRoles, idToDN, isMemberOf, isPersistent, modify, modify, modify, remove, removeAttribute, removeAttributeValue, removeChild, removeChild, rename, replaceACI, save, search, search, search, setAttribute, setAttribute, setAttrSet, setGuid, toString
-
-
-
-
Field Detail
-
MEMBER_ATTR_NAME
public static final String MEMBER_ATTR_NAME
Name of the member attribute, which is modified when the member is added to/removed from the role. To be added as a member of the role, the member object should allow this attribute.- See Also:
- Constant Field Values
-
COMPUTED_MEMBER_ATTR_NAME
public static final String COMPUTED_MEMBER_ATTR_NAME
Name of the computed member attribute, which would be computed by Directory server for role, when the member entry is read.- See Also:
- Constant Field Values
-
MANAGEDROLE_OBJECTCLASSES
public static final String[] MANAGEDROLE_OBJECTCLASSES
LDAP object classes that define the nsManagedRoleDefinition, the iPlanet Directory Server object class, that maps to ManagedRole
-
MANAGEDROLE_ATTRIBUTES
public static final String[] MANAGEDROLE_ATTRIBUTES
The attribute that is must for ManagedRole. Any creation template for ManagedRole should have this attribute
-
-
Constructor Detail
-
ManagedRole
public ManagedRole()
No argument constructor
-
ManagedRole
public ManagedRole(CreationTemplate template, AttrSet attrSet) throws UMSException
Constructs a ManagedRole object in memory with a given template. One needs to call save method to save the new object to persistent storage.- Parameters:
template
- Template for creating a groupattrSet
- Attribute/value set- Throws:
UMSException
- on failure to instantiate
-
-
Method Detail
-
addMember
public void addMember(PersistentObject member) throws UMSException
Adds a member to the role. The change is saved to persistent storage.- Specified by:
addMember
in interfaceIAssignableMembership
- Parameters:
member
- Object to be added as member- Throws:
UMSException
- on failure to save to persistent storage
-
addMember
public void addMember(Guid guid) throws UMSException
Adds a member to the role. The change is saved to persistent storage.- Specified by:
addMember
in interfaceIAssignableMembership
- Parameters:
guid
- Globally unique identifier for the member to be added.- Throws:
UMSException
- if fail to save to persistent storage.
-
addMembers
public void addMembers(Guid[] guids) throws UMSException
Adds a list of members to the role. The change is saved to persistent storage.- Specified by:
addMembers
in interfaceIAssignableMembership
- Parameters:
guids
- Array of member guids to be added as members to the role- Throws:
UMSException
- on failure to save to persistent storage
-
getMemberIDs
protected SearchResults getMemberIDs(String[] attributes) throws UMSException
Gets the members of the role.- Parameters:
attributes
- Attributes to return- Returns:
- SearchResults to iterate over members of the role
- Throws:
UMSException
- on failure to search
-
getMemberIDs
protected SearchResults getMemberIDs(String[] attributes, String filter) throws InvalidSearchFilterException, UMSException
Gets the members of the role meeting the filter condition.- Parameters:
attributes
- Attributes to returnfilter
- LDAP filter to select a subset of members- Returns:
- SearchResults to iterate over members of the role
- Throws:
InvalidSearchFilterException
- on invalid search filterUMSException
- on failure to search
-
getMemberIDs
public SearchResults getMemberIDs() throws UMSException
Gets the members of the group.- Specified by:
getMemberIDs
in interfaceIMembership
- Returns:
- Iterator for unique identifiers for members of the role
- Throws:
UMSException
- on failure to search
-
getMemberIDs
public SearchResults getMemberIDs(String filter) throws UMSException
Returns the members of the group meeting the filter condition.- Parameters:
filter
- LDAP filter to select a subset of members- Returns:
SearchResults
that can be used to iterate over the unique identifiers for members of the role.- Throws:
UMSException
- if fail to search.
-
getMemberCount
public int getMemberCount() throws UMSException
Gets the member count.- Specified by:
getMemberCount
in interfaceIMembership
- Returns:
- Number of members of the role
- Throws:
UMSException
- on failure to search
-
getMemberIDAt
public Guid getMemberIDAt(int index) throws UMSException
Gets the GUID of the member at the given index (zero-based).- Specified by:
getMemberIDAt
in interfaceIMembership
- Parameters:
index
- Zero-based index into the group container- Returns:
- Unique identifier for a member
- Throws:
UMSException
- on failure to search
-
removeMember
public void removeMember(PersistentObject member) throws UMSException
Removes a member from the role. The change is saved to persistent storage.- Specified by:
removeMember
in interfaceIAssignableMembership
- Parameters:
member
- member to be removed from the role- Throws:
UMSException
- on failure to save to persistent storage
-
removeMember
public void removeMember(Guid guid) throws UMSException
Removes a member from the group. The change is saved to persistent storage.- Specified by:
removeMember
in interfaceIAssignableMembership
- Parameters:
guid
- Unique identifier for the member to be removed- Throws:
UMSException
- on failure to save to persistent storage
-
removeAllMembers
public void removeAllMembers() throws UMSException
Removes all members of the role.- Specified by:
removeAllMembers
in interfaceIAssignableMembership
- Throws:
UMSException
- on failure to save to persistent storage
-
hasMember
public boolean hasMember(Guid guid) throws UMSException
Checks if a given identifier is a member of the role.- Specified by:
hasMember
in interfaceIMembership
- Parameters:
guid
- guid of the member to be checked for membership- Returns:
true
if it is a member- Throws:
UMSException
- on failure to read object for guid
-
-