com.sun.identity.policy.plugins

Class SubjectReferentialIntegrityPlugin

java.lang.Object

com.iplanet.am.sdk.AMCallBack

com.sun.identity.policy.plugins.SubjectReferentialIntegrityPlugin

public class SubjectReferentialIntegrityPlugin
extends AMCallBack

The class SubjectReferentialIntegrityPlugin provides the implementation to preserve referential integrity between the subjects in policies to the corresponding objects in local directory.

Constructor Summary

Constructors

Constructor and Description
SubjectReferentialIntegrityPlugin()

Method Summary

Modifier and Type	Method and Description
void	postProcessDelete(SSOToken token, String entryDN, Map attributes, boolean softDeleteEnabled, int objectType) This implementation would visit all the subjects in policies across all orgs/sub-orgs and remove the subject values corresponding to the deleted entry DN.

Methods inherited from class com.iplanet.am.sdk.AMCallBack

getAttributes, postProcessAddUser, postProcessCreate, postProcessModify, postProcessRemoveUser, preProcessAddUser, preProcessCreate, preProcessDelete, preProcessModify, preProcessRemoveUser

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

SubjectReferentialIntegrityPlugin

public SubjectReferentialIntegrityPlugin()

Method Detail

postProcessDelete

public void postProcessDelete(SSOToken token,
                              String entryDN,
                              Map attributes,
                              boolean softDeleteEnabled,
                              int objectType)
                       throws AMPostCallBackException

This implementation would visit all the subjects in policies across all orgs/sub-orgs and remove the subject values corresponding to the deleted entry DN. After removing an entry from a subject, checks if that entry is the only one in the subject to remove the subject as well.

Overrides:

postProcessDelete in class AMCallBack

Parameters:

token - the SSOToken

entryDN - the DN of the entry being deleted

attributes - a map consisting of attribute names and a set of values for each of them

softDeleteEnabled - If true, this implies that the object is just being marked for deletion, if false, then it implies that the object is being removed from the data store.

objectType - represents the type of entry on which the operation is being performed. Types could be:

• AMObject.USER
• AMObject.ROLE
• AMObject.FILTERED_ROLE
• AMObject.ORGANIZATION
• AMObject.ORGANIZATIONAL_UNIT
• AMObject.GROUP
• AMObject.DYNAMIC_GROUP
• AMObject.ASSIGNABLE_DYNAMIC_GROUP

Throws:

AMPostCallBackException - if an error occurs during post processing. A user specific localized message should be sent as part of the exception message. The specific messages can be added to amProfile.properties file.