Ejemplo n.º 1
  * Method to be called to validate the entry before any of the get/put/ remove methods are called.
  * @throws AMException if the entry does not exist in the DS
 private void validateEntry(SSOToken token, CacheBlock cb) throws AMException {
   if (!cb.hasExpiredAndUpdated() && !cb.isExists()) {
     // Entry does not exist in DS, invalid entry
     String params[] = {cb.getEntryDN()};
     boolean isPresent = super.doesEntryExists(token, params[0]);
     if (getDebug().messageEnabled()) {
                   + " DN"
                   + params[0]
                   + " got from DS & exists: "
                   + isPresent);
     if (isPresent) {
       // Intialize the CacheBlock based on isPresent
       // else throw '461' exception/error message.
       // This is for certain containers created dynamically.
       // eg. ou=agents,ou=container,ou=agents.
       String dn = MiscUtils.formatToRFC(params[0]);
       cb = new CacheBlock(params[0], isPresent);
       sdkCache.put(dn, cb);
     } else {
       String locale = MiscUtils.getUserLocale(token);
       throw new AMException(AMSDKBundle.getString("461", params, locale), "461", params);
   * Method to get search filter for the specified object type defined at the specified
   * Organization. If a search template corresponding to the AMObject, is not found at the specified
   * Organization, then one defined at global one will be returned.
   * @param objectType type of AMObject
   * @param orgDN the DN of the organization where the AMObject resides.
   * @param searchTemplateName name of the search template to be used. If this is null, then default
   *     search templates are used.
   * @param ignoreComplianceFilter if true then modify the compliance related search filters will
   *     not be applied. If false, compliance related filters will be applied.
   * @return a search filter String in lower case.
  public static String getSearchFilter(
      int objectType, String orgDN, String searchTemplateName, boolean ignoreComplianceFilter) {
    String filter;
    String organizationDN = new DN(orgDN).toRFCString();
    // Already in RFC
    String rootSuffixDN = AMStoreConnection.getAMSdkBaseDN();
    if (orgDN != null && organizationDN.equals(rootSuffixDN)) {
      orgDN = null;
    String cacheKey =
        (new Integer(objectType)).toString() + ":" + searchTemplateName + ":" + organizationDN;
    if ((filter = (String) searchfilterMap.get(cacheKey)) == null) {
      IDirectoryServices dsServices = AMDirectoryAccessFactory.getDirectoryServices();
      filter = dsServices.getSearchFilterFromTemplate(objectType, orgDN, searchTemplateName);
      searchfilterMap.put(cacheKey, filter);

    // Now modify the obtained search filter if necessary. Also, mostly
    // do the modification here, if you do not want the modified filter
    // to be cached. Applicable to cases where filter may change dynamically
    // Note: Always add lowercase filters, to guarantee a lowercase filter
    // String to be returned.
    filter = modifyFilter(filter, objectType);
    filter = addAdminGroupFilters(filter, orgDN, objectType);
    filter = addComplianceModeFilters(filter, objectType, ignoreComplianceFilter);
    return filter;
Ejemplo n.º 3
  * Renames an entry. Currently used for only user renaming.
  * @param token the sso token
  * @param objectType the type of entry
  * @param entryDN the entry DN
  * @param newName the new name (i.e., if RDN is cn=John, the value passed should be "John"
  * @param deleteOldName if true the old name is deleted otherwise it is retained.
  * @return new <code>DN</code> of the renamed entry
  * @throws AMException if the operation was not successful
 public String renameEntry(
     SSOToken token, int objectType, String entryDN, String newName, boolean deleteOldName)
     throws AMException {
   String newDN = super.renameEntry(token, objectType, entryDN, newName, deleteOldName);
   // Just rename the dn in the cache. Don't remove the entry. So when the
   // event notification happens, it won't find the entry as it is already
   // renamed. Chances are this cache rename operation may happen before
   // the notification thread trys clean up.
   // NOTE: We should have the code to remove the entry for rename
   // operation as the operation could have been performed by some other
   // process such as amadmin.
   String oldDN = MiscUtils.formatToRFC(entryDN);
   CacheBlock cb = (CacheBlock) sdkCache.remove(oldDN);
   newDN = MiscUtils.formatToRFC(newDN);
   sdkCache.put(newDN, cb);
   return newDN;
Ejemplo n.º 4
   * Gets the type of the object given its DN.
   * @param token token a valid SSOToken
   * @param dn DN of the object whose type is to be known.
   * @throws AMException if the data store is unavailable or if the objecttype is unknown
   * @throws SSOException if ssoToken is invalid or expired.
  public int getObjectType(SSOToken token, String dn) throws AMException, SSOException {
    int objectType = AMObject.UNDETERMINED_OBJECT_TYPE;
    String entryDN = MiscUtils.formatToRFC(dn);
    CacheBlock cb = (CacheBlock) sdkCache.get(entryDN);
    if (cb != null) {
      // Check if the entry exists, if not present throw an exception
      if (!doesEntryExists(token, dn)) {
        String locale = MiscUtils.getUserLocale(token);
        String params[] = {cb.getEntryDN()};
        throw new AMException(AMSDKBundle.getString("461", params, locale), "461", params);
      validateEntry(token, cb);
      objectType = cb.getObjectType();
      if (objectType != AMObject.UNDETERMINED_OBJECT_TYPE) {
        return objectType;

    // Use admintoken to get object type, so that it can be cached
    SSOToken adminToken = (SSOToken) AccessController.doPrivileged(AdminTokenAction.getInstance());

    // The method below will throw an AMException if the entry does not
    // exist in the directory. If it exists, then create a cache entry for
    // this DN
    if (cb == null) {
      objectType = super.getObjectType(adminToken, entryDN);
      cb = new CacheBlock(entryDN, true);
      sdkCache.put(entryDN, cb);
    } else {
      objectType =
              adminToken, entryDN, cb.getAttributes(MiscUtils.getPrincipalDN(adminToken), false));
    if (objectType == AMObject.ORGANIZATION || objectType == AMObject.ORGANIZATIONAL_UNIT) {
    return objectType;
Ejemplo n.º 5
 private void setOrganizationDNs(String organizationDN, Set childDNSet) {
   Iterator itr = childDNSet.iterator();
   while (itr.hasNext()) {
     String cDN = (String) itr.next();
     CacheBlock cb = (CacheBlock) sdkCache.get(cDN);
     if (cb == null) {
       cb = new CacheBlock(cDN, organizationDN, true);
       sdkCache.put(cDN, cb);
     } else {
   if (getDebug().messageEnabled() && !childDNSet.isEmpty()) {
                 + "setOrganizationDNs(): Set org DNs as: "
                 + organizationDN
                 + " for children: "
                 + childDNSet);
Ejemplo n.º 6
 public boolean doesEntryExists(SSOToken token, String entryDN) {
   String dn = MiscUtils.formatToRFC(entryDN);
   CacheBlock cb = (CacheBlock) sdkCache.get(dn);
   if (cb != null && !cb.hasExpiredAndUpdated()) {
     if (getDebug().messageEnabled()) {
                   + "doesEntryExist(): entryDN: "
                   + entryDN
                   + " found in cache & exists: "
                   + cb.isExists());
     return cb.isExists();
   } else {
     boolean isPresent = super.doesEntryExists(token, dn);
     if (getDebug().messageEnabled()) {
                   + "doesEntryExist(): entryDN: "
                   + entryDN
                   + " got from DS & exists: "
                   + isPresent);
     // Intialize the CacheBock based on isPresent
     // Intialize the CacheBock based on isPresent
     if (cb == null) {
       cb = new CacheBlock(entryDN, isPresent);
       sdkCache.put(dn, cb);
     } else { // Cache Block might have just expired, just reset the
       // isExists flag once again
     return isPresent;
Ejemplo n.º 7
   * Gets the specific attributes corresponding to the entryDN. This method obtains the DC Tree node
   * attributes and also performs compliance related verification checks in compliance mode. Note:
   * In compliance mode you can skip the compliance checks by setting ignoreCompliance to "false".
   * @param token a valid SSOToken
   * @param entryDN the DN of the entry whose attributes need to retrieved
   * @param attrNames a Set of names of the attributes that need to be retrieved. The attrNames
   *     should not be null
   * @param ignoreCompliance a boolean value specificying if compliance related entries need to
   *     ignored or not. Ignored if true.
   * @return a Map containing attribute names as keys and Set of values corresponding to each key.
   * @throws AMException if an error is encountered in fetching the attributes
  public Map getAttributes(
      SSOToken token,
      String entryDN,
      Set attrNames,
      boolean ignoreCompliance,
      boolean byteValues,
      int profileType)
      throws AMException, SSOException {
    if (attrNames == null || attrNames.isEmpty()) {
      return getAttributes(token, entryDN, ignoreCompliance, byteValues, profileType);

    // Attributes are being requested; increment cache stats request counter

    // Load the whole attrset in the cache, if in DCTree mode
    // Not good for performance, but fix later TODO (Deepa)
    if (dcTreeServicesImpl.isRequired()) { // TODO: This needs to be fixed!
      getAttributes(token, entryDN, ignoreCompliance, byteValues, profileType);

    String principalDN = MiscUtils.getPrincipalDN(token);
    if (getDebug().messageEnabled()) {
              "In CachedRemoteServicesImpl.getAttributes("
                  + "SSOToken entryDN, attrNames, ignoreCompliance, "
                  + "byteValues) "
                  + "("
                  + principalDN
                  + ", "
                  + entryDN
                  + ", "
                  + attrNames
                  + ", "
                  + ignoreCompliance
                  + ", "
                  + byteValues
                  + " method.");

    String dn = MiscUtils.formatToRFC(entryDN);
    CacheBlock cb = (CacheBlock) sdkCache.get(dn);
    if (cb == null) { // Entry not present in cache
      if (getDebug().messageEnabled()) {
                    + "getAttributes():  NO entry found in Cache. Getting"
                    + " all these attributes from DS: "
                    + attrNames);

      // If the attributes returned here have an empty set as value, then
      // such attributes do not have a value or invalid attributes.
      // Internally keep track of these attributes.
      AMHashMap attributes =
                  token, entryDN, attrNames, ignoreCompliance, byteValues, profileType);

      // These attributes are either not present or not found in DS.
      // Try to check if they need to be fetched by external
      // plugins
      Set missAttrNames = attributes.getMissingAndEmptyKeys(attrNames);
      cb = new CacheBlock(dn, true);
      cb.putAttributes(principalDN, attributes, missAttrNames, false, byteValues);
      sdkCache.put(dn, cb);

      if (!missAttrNames.isEmpty()) {
        attributes =
      return attributes;
    } else { // Entry present in cache
      validateEntry(token, cb); // Entry may be an invalid entry
      AMHashMap attributes = (AMHashMap) cb.getAttributes(principalDN, attrNames, byteValues);

      // Find the missing attributes that need to be obtained from DS
      // Only find the missing keys as the ones with empty sets are not
      // found in DS
      Set missAttrNames = attributes.getMissingKeys(attrNames);
      if (!missAttrNames.isEmpty()) {
        boolean isComplete = cb.hasCompleteSet(principalDN);
        AMHashMap dsAttributes = null;
        if (!isComplete
            // Check for "nsRole" and "nsRoleDN" attributes
            || missAttrNames.contains(NSROLE_ATTR)) {
          if (getDebug().messageEnabled()) {
                        + "getAttributes(): Trying to get these missing"
                        + " attributes from DS: "
                        + missAttrNames);

          dsAttributes =
                      token, entryDN, missAttrNames, ignoreCompliance, byteValues, profileType);

          if (dsAttributes != null) {
            // Add these attributes, may be found in DS or just mark
            // as invalid (Attribute level Negative caching)
            Set newMissAttrNames = dsAttributes.getMissingAndEmptyKeys(missAttrNames);

            // Update dsAttributes with rest of the attributes
            // in cache
            dsAttributes.putAll(cb.getAttributes(principalDN, byteValues));

            // Update the cache
            cb.putAttributes(principalDN, dsAttributes, newMissAttrNames, isComplete, byteValues);
            missAttrNames = newMissAttrNames;
        } else {
          // Update cache with invalid attributes
              cb.getAttributes(principalDN, byteValues),
        if (!missAttrNames.isEmpty()) {
          attributes =
      } else { // All attributes found in cache
        if (getDebug().messageEnabled()) {
                      + "getAttributes():  found all attributes in "
                      + "Cache.");
      // Remove all the empty values from the return attributes
      return attributes;
Ejemplo n.º 8
   * Gets all attributes corresponding to the entryDN. This method obtains the DC Tree node
   * attributes and also performs compliance related verification checks in compliance mode. Note:
   * In compliance mode you can skip the compliance checks by setting ignoreCompliance to "false".
   * @param token a valid SSOToken
   * @param entryDN the DN of the entry whose attributes need to retrieved
   * @param ignoreCompliance a boolean value specificying if compliance related entries need to
   *     ignored or not. Ignored if true.
   * @param byteValues if false StringValues are fetched, if true byte values are fetched.
   * @param profileType the oject type of entryDN
   * @return a Map containing attribute names as keys and Set of values corresponding to each key.
   * @throws AMException if an error is encountered in fetching the attributes
  public Map getAttributes(
      SSOToken token, String entryDN, boolean ignoreCompliance, boolean byteValues, int profileType)
      throws AMException, SSOException {
    // Attributes are being requested; increment cache stats request counter

    String principalDN = MiscUtils.getPrincipalDN(token);
    String dn = MiscUtils.formatToRFC(entryDN);

    if (getDebug().messageEnabled()) {
              "In CachedRemoteServicesImpl.getAttributes("
                  + "SSOToken entryDN, ignoreCompliance) "
                  + "("
                  + principalDN
                  + ", "
                  + entryDN
                  + ", "
                  + ignoreCompliance
                  + " method.");

    CacheBlock cb = (CacheBlock) sdkCache.get(dn);
    AMHashMap attributes = null;
    if (cb != null) {
      validateEntry(token, cb);
      if (cb.hasCompleteSet(principalDN)) {
        if (getDebug().messageEnabled()) {
                      + "getAttributes(): found all attributes in "
                      + "Cache.");
        attributes = (AMHashMap) cb.getAttributes(principalDN, byteValues);
      } else { // Get the whole set from DS and store it;
        // ignore incomplete set
        if (getDebug().messageEnabled()) {
                      + "getAttributes():  complete attribute set NOT "
                      + "found in cache. Getting from DS.");

        attributes =
                super.getAttributes(token, entryDN, ignoreCompliance, byteValues, profileType);
        cb.putAttributes(principalDN, attributes, null, true, byteValues);
    } else { // Attributes not cached
      // Get all the attributes from DS and store them
      attributes =
              super.getAttributes(token, entryDN, ignoreCompliance, byteValues, profileType);
      cb = new CacheBlock(entryDN, true);
      cb.putAttributes(principalDN, attributes, null, true, byteValues);
      sdkCache.put(dn, cb);

      if (getDebug().messageEnabled()) {
                    + "getAttributes(): attributes NOT found in cache. "
                    + "Fetched from DS.");

    // Get all external DS attributes by calling plugin modules.
    // Note these attributes should not be cached.
    Map extAttributes = getExternalAttributes(token, entryDN, null, profileType);
    if (extAttributes != null && !extAttributes.isEmpty()) {
      // Note the attributes stored in the cache are already copied to a
      // new map. Hence modifying this attributes is okay.
      if (getDebug().messageEnabled()) {
                    + "getAttributes(): External attributes present. Adding"
                    + " them with original list");
    return attributes;