001: /*
002: * Copyright 2001 Sun Microsystems, Inc. All rights reserved.
003: * PROPRIETARY/CONFIDENTIAL. Use of this product is subject to license terms.
004: */
005: package com.sun.portal.taskadmin.context;
006:
007: import java.util.Iterator;
008: import java.util.Map;
009: import java.util.HashMap;
010: import java.util.Set;
011: import java.util.HashSet;
012: import java.util.TreeSet;
013: import java.util.Locale;
014: import java.util.StringTokenizer;
015: import java.util.Collections;
016:
017: import javax.servlet.http.HttpServletRequest;
018:
019: import com.sun.portal.taskadmin.TaskAdminException;
020: import com.sun.portal.taskadmin.TaskAdminConstants;
021:
022: import com.sun.portal.desktop.context.ContextError;
023: import com.sun.portal.desktop.ROC;
024: import com.sun.portal.desktop.RequestThreadLocalizer;
025:
026: import com.iplanet.am.sdk.AMConstants;
027: import com.iplanet.am.sdk.AMObject;
028: import com.iplanet.am.sdk.AMOrganization;
029: import com.iplanet.am.sdk.AMPeopleContainer;
030: import com.iplanet.am.sdk.AMFilteredRole;
031: import com.iplanet.am.sdk.AMRole;
032: import com.iplanet.am.sdk.AMTemplate;
033: import com.iplanet.am.sdk.AMSearchControl;
034: import com.iplanet.am.sdk.AMSearchResults;
035: import com.iplanet.am.sdk.AMException;
036: import com.iplanet.am.sdk.AMUser;
037: import com.iplanet.am.sdk.AMPeopleContainer;
038:
039: import com.iplanet.sso.SSOException;
040: import com.iplanet.sso.SSOTokenListener;
041: import com.iplanet.sso.SSOToken;
042:
043: import com.sun.portal.desktop.context.DSAMEMultiPortalConstants;
044: import com.sun.portal.util.ResourceLoader;
045:
046: import com.sun.portal.taskadmin.TaskAdminConstants;
047:
048: public class ISUserTaskAdminContext implements UserTaskAdminContext {
049: private static final String USER_PASSWORD_ATTR = "userpassword";
050: private static final int MAX_RESULTS = 50;
051: private static final int TIMEOUT = 100;
052: private static final String USER_SERVICE_NAME = "iPlanetAMUserService";
053: private static final String ATTR_START_DN = "iplanet-am-user-admin-start-dn";
054:
055: protected TaskAdminContext taskAdminContext = null;
056: protected TaskAdminISConnection conn = null;
057: protected DSAMEMultiPortalConstants dmpc = null;
058: protected boolean ssoTokenListenerAdded = false;
059:
060: public void init(HttpServletRequest req) {
061: try {
062: conn = new TaskAdminISConnection(req);
063: taskAdminContext = TaskAdminContextFactoryManager
064: .getFactory().getTaskAdminContext(req);
065: dmpc = DSAMEMultiPortalConstants.getInstance(ResourceLoader
066: .getInstance(System.getProperties()).getPortalId());
067: } catch (TaskAdminException tae) {
068: throw new ContextError(
069: "ISTaskAdminContext.init(req):couldn't initialize TaskASdminContext",
070: tae);
071: }
072: }
073:
074: public Locale getLocale() {
075: return taskAdminContext.getLocale();
076: }
077:
078: public Set getBaseDNs() {
079: return taskAdminContext.getBaseDNs();
080: }
081:
082: public Set getAssignableRoles() {
083: return taskAdminContext.getAssignableRoles();
084: }
085:
086: public Set getUserRoleDNs(String userDN) {
087: Set set = null;
088: try {
089: set = conn.getConnection().getUser(userDN).getRoleDNs();
090: } catch (AMException ame) {
091: throw new ContextError(
092: "ISUserTaskAdminContext.getUserRoleDNs(): ", ame);
093: } catch (SSOException ssoe) {
094: throw new ContextError(
095: "ISUserTaskAdminContext.getUserRoleDNs: ", ssoe);
096: }
097: return set;
098: }
099:
100: public boolean assignRole(String userDN, String roleDN) {
101: boolean status = false;
102: try {
103: if (userDN != null && !userDN.trim().equals("")
104: && roleDN != null && !roleDN.trim().equals("")) {
105: AMUser tmpUser = conn.getConnection().getUser(userDN);
106: Iterator iterator = tmpUser.getRoleDNs().iterator();
107: boolean flag = true;
108: while (iterator.hasNext()) {
109: String str = (String) iterator.next();
110: if (str.equalsIgnoreCase(roleDN)) {
111: flag = false;
112: break;
113: }
114: }
115: if (flag) {
116: tmpUser.assignRole(roleDN);
117: }
118: status = true;
119: } else {
120: throw new ContextError(
121: "ISUserTaskAdminContext.assignRole(): Invalid userDN or roleDN");
122: }
123: } catch (AMException ame) {
124: throw new ContextError(
125: "ISUserTaskAdminContext.assignRole(): ", ame);
126: } catch (SSOException ssoe) {
127: throw new ContextError(
128: "ISUserTaskAdminContext.assignRole: ", ssoe);
129: }
130: return status;
131: }
132:
133: public boolean removeRole(String userDN, String roleDN) {
134: boolean status = false;
135: try {
136: if (userDN != null && !userDN.trim().equals("")
137: && roleDN != null && !roleDN.trim().equals("")) {
138: AMUser tmpUser = conn.getConnection().getUser(userDN);
139: Iterator iterator = tmpUser.getRoleDNs().iterator();
140: boolean flag = false;
141: while (iterator.hasNext()) {
142: String str = (String) iterator.next();
143: if (str.equalsIgnoreCase(roleDN)) {
144: flag = true;
145: break;
146: }
147: }
148: if (flag) {
149: tmpUser.removeRole(roleDN);
150: status = true;
151: } else {
152: status = false;
153: }
154: } else {
155: throw new ContextError(
156: "ISUserTaskAdminContext.removeRole(): Invalid userDN or roleDN");
157: }
158: } catch (AMException ame) {
159: throw new ContextError(
160: "ISUserTaskAdminContext.removeRole(): ", ame);
161: } catch (SSOException ssoe) {
162: throw new ContextError(
163: "ISUserTaskAdminContext.removeRole: ", ssoe);
164: }
165: return status;
166: }
167:
168: public String DNToName(String dn) {
169: return taskAdminContext.DNToName(dn);
170: }
171:
172: public boolean isValidDN(String dn) {
173: boolean valid = false;
174: try {
175: valid = conn.getConnection().isValidEntry(dn);
176: } catch (SSOException se) {
177: throw new ContextError(
178: "ISUserTaskAdminContext.isValidDN: ", se);
179: }
180: return valid;
181: }
182:
183: public boolean setUserStatus(String userDN, boolean activate) {
184: boolean status = false;
185: try {
186: AMUser user = conn.getConnection().getUser(userDN);
187: if (activate) {
188: user.activate();
189: } else {
190: user.deactivate();
191: }
192: status = user.isActivated();
193: } catch (AMException ame) {
194: throw new ContextError(
195: "ISUserTaskAdminContext.setUserStatus(): ", ame);
196: } catch (SSOException ssoe) {
197: throw new ContextError(
198: "ISUserTaskAdminContext.setuserStatus: ", ssoe);
199:
200: }
201: return status;
202: }
203:
204: public boolean resetPassword(String userDN, String newpasswd) {
205: boolean status = false;
206: try {
207: AMUser user = conn.getConnection().getUser(userDN);
208: Map map = new HashMap(1);
209: Set attribVals = new HashSet(1);
210: attribVals.add(newpasswd);
211: map.put(USER_PASSWORD_ATTR, attribVals);
212: user.setAttributes(map);
213: user.store();
214: status = true;
215: } catch (AMException ame) {
216: throw new ContextError(
217: "ISUserTaskAdminContext.setUserStatus(): ", ame);
218: } catch (SSOException ssoe) {
219: throw new ContextError(
220: "ISUserTaskAdminContext.setuserStatus: ", ssoe);
221:
222: }
223: return status;
224: }
225:
226: public Map searchUsers(String wildcard) {
227: Map results = new HashMap();
228: Set users = new TreeSet();
229: try {
230: String orgDN = conn.getUser().getOrganizationDN();
231: if (orgDN != null && orgDN.length() > 0) {
232: AMOrganization org = conn.getConnection()
233: .getOrganization(orgDN);
234: Set s = org.getPeopleContainers(AMConstants.SCOPE_ONE);
235: AMSearchControl amsc = new AMSearchControl();
236: amsc.setTimeOut(TIMEOUT);
237: amsc.setMaxResults(MAX_RESULTS);
238: Iterator i = s.iterator();
239: while (i.hasNext()) {
240: String pcDN = (String) i.next();
241: if (conn.getConnection().isValidEntry(pcDN)) {
242: AMPeopleContainer pc = conn.getConnection()
243: .getPeopleContainer(pcDN);
244: amsc.setSearchScope(AMConstants.SCOPE_ONE);
245: AMSearchResults amsr = pc.searchUsers(wildcard,
246: amsc);
247:
248: if (amsr.getErrorCode() == amsr.SUCCESS) {
249: users.addAll(amsr.getSearchResults());
250: results.put("errorcode", new Integer(0));
251: results.put("users", users);
252: } else if (amsr.getErrorCode() == amsr.TIME_LIMIT_EXCEEDED) {
253: results.put("errorcode", new Integer(1));
254: results.put("users", users);
255: return results;
256: } else if (amsr.getErrorCode() == amsr.SIZE_LIMIT_EXCEEDED) {
257: results.put("errorcode", new Integer(2));
258: results.put("users", users);
259: return results;
260: }
261: }
262: }
263: results.put("errorcode", new Integer(0));
264: results.put("users", users);
265: }
266:
267: } catch (AMException ame) {
268: throw new ContextError(
269: "ISUserTaskAdminContext.searchUserDNs(): ", ame);
270: } catch (SSOException ssoe) {
271: throw new ContextError(
272: "ISUserTaskAdminContext.searchUserDN: ", ssoe);
273:
274: }
275: return results;
276:
277: }
278:
279: public void deleteUsers(Set userDNs) {
280: try {
281: String parentDN = conn.getUser().getParentDN();
282: if (parentDN != null && parentDN.length() > 0) {
283: AMPeopleContainer ampc = conn.getConnection()
284: .getPeopleContainer(parentDN);
285: ampc.deleteUsers(userDNs);
286: }
287:
288: } catch (AMException ame) {
289: throw new ContextError(
290: "ISUserTaskAdminContext.deleteUserDNs(): ", ame);
291: } catch (SSOException ssoe) {
292: throw new ContextError(
293: "ISUserTaskAdminContext.deleteUserDN:", ssoe);
294:
295: }
296: }
297:
298: public void createUser(String uid, String firstname,
299: String lastname, String fullname, String password) {
300: try {
301: String parentDN = conn.getUser().getParentDN();
302: if (parentDN != null && parentDN.length() > 0) {
303: AMPeopleContainer ampc = conn.getConnection()
304: .getPeopleContainer(parentDN);
305: Map userAttributeMap = new HashMap();
306: storeUserAttributes("uid", uid, userAttributeMap);
307: if (firstname != null && !firstname.trim().equals("")) {
308: storeUserAttributes("givenname", firstname,
309: userAttributeMap);
310: }
311: storeUserAttributes("sn", lastname, userAttributeMap);
312: storeUserAttributes("cn", fullname, userAttributeMap);
313: storeUserAttributes("userPassword", password,
314: userAttributeMap);
315: Map userMap1 = new HashMap();
316: userMap1.put(uid, userAttributeMap);
317: ampc.createUsers(userMap1);
318: }
319:
320: } catch (AMException ame) {
321: throw new ContextError(
322: "ISUserTaskAdminContext.createUser():", ame);
323: } catch (SSOException ssoe) {
324: throw new ContextError(
325: "ISUserTaskAdminContext.createUser: ", ssoe);
326:
327: }
328: }
329:
330: public void createRole(String roleName, String description) {
331: try {
332: String orgDN = conn.getUser().getOrganizationDN();
333: if (orgDN != null && orgDN.length() > 0) {
334: AMOrganization org = conn.getConnection()
335: .getOrganization(orgDN);
336: Set roleSet = new HashSet();
337: if (description != null
338: && !description.trim().equals("")) {
339: roleSet.add(description);
340: }
341: Map attrValMap = new HashMap();
342: attrValMap.put("iplanet-am-role-description", roleSet);
343:
344: Set roleType = new HashSet();
345: roleType.add(String.valueOf(AMRole.USER_ROLE));
346: attrValMap.put("iplanet-am-role-type", roleType);
347:
348: Set rolePerm = new HashSet();
349: rolePerm.add("No Permission Description");
350: attrValMap.put("iplanet-am-role-aci-description",
351: rolePerm);
352:
353: Map roleMap = new HashMap();
354: roleMap.put(roleName, attrValMap);
355: Set roles = org.createRoles(roleMap);
356: Iterator iter = roles.iterator();
357: AMRole role = (AMRole) iter.next();
358:
359: AMTemplate dtTemp = org.getTemplate(
360: dmpc.MP_SUN_DESKTOP_SERVICE,
361: AMTemplate.DYNAMIC_TEMPLATE);
362: Set desktoptype = dtTemp
363: .getAttribute(dmpc.MP_ATTR_DESKTOP_TYPE);
364: Set defaultchannel = dtTemp
365: .getAttribute(dmpc.MP_ATTR_DEFAULTCHANNELNAME);
366: Set editchannel = dtTemp
367: .getAttribute(dmpc.MP_ATTR_EDITPROVIDERCONTAINERNAME);
368:
369: role.createTemplate(AMTemplate.DYNAMIC_TEMPLATE,
370: dmpc.MP_SUN_DESKTOP_SERVICE, null);
371:
372: AMTemplate dtRoleTemp = role.getTemplate(
373: dmpc.MP_SUN_DESKTOP_SERVICE,
374: AMTemplate.DYNAMIC_TEMPLATE);
375: Map attrVals = new HashMap();
376: attrVals.put(dmpc.MP_ATTR_DESKTOP_TYPE, desktoptype);
377: attrVals.put(dmpc.MP_ATTR_DEFAULTCHANNELNAME,
378: defaultchannel);
379: attrVals.put(dmpc.MP_ATTR_EDITPROVIDERCONTAINERNAME,
380: editchannel);
381: dtRoleTemp.setAttributes(attrVals);
382: dtRoleTemp.store();
383:
384: role.createTemplate(AMTemplate.DYNAMIC_TEMPLATE,
385: USER_SERVICE_NAME, null);
386: }
387:
388: } catch (AMException ame) {
389: throw new ContextError(
390: "ISUserTaskAdminContext.createRole():", ame);
391: } catch (SSOException ssoe) {
392: throw new ContextError(
393: "ISUserTaskAdminContext.createRole(): ", ssoe);
394:
395: }
396: }
397:
398: public void createAdministrativeRole(String roleName,
399: String description, String managedRoleDN,
400: boolean contentAdmin) {
401: try {
402: String orgDN = conn.getUser().getOrganizationDN();
403: if (orgDN != null && orgDN.length() > 0) {
404: AMOrganization org = conn.getConnection()
405: .getOrganization(orgDN);
406: Set roleSet = new HashSet();
407: if (description != null
408: && !description.trim().equals("")) {
409: roleSet.add(description);
410: }
411: Map attrValMap = new HashMap();
412: attrValMap.put("iplanet-am-role-description", roleSet);
413:
414: Set roleType = new HashSet();
415: roleType.add(String.valueOf(AMRole.GENERAL_ADMIN_ROLE));
416: attrValMap.put("iplanet-am-role-type", roleType);
417:
418: Set rolePerm = new HashSet();
419: rolePerm.add("No Permission Description");
420: attrValMap.put("iplanet-am-role-aci-description",
421: rolePerm);
422: //debugError("step1. Craeted description");
423:
424: Set roleAcis = org.getAttribute("aci");
425:
426: if (contentAdmin) {
427: roleAcis.addAll(getContentAdminACISet(orgDN,
428: roleName, managedRoleDN));
429: //debugError("step2. Craeted content acis");
430: } else {
431: roleAcis.addAll(getUserAdminACISet(orgDN, roleName,
432: managedRoleDN));
433: //debugError("step3. Craeted user acis");
434: }
435:
436: Map attrs = new HashMap();
437: attrs.put("aci", roleAcis);
438: //debugError("acis at org = " + roleAcis);
439: org.setAttributes(attrs);
440: org.store();
441: //debugError("step 4. set the acis in org");
442:
443: Map roleMap = new HashMap();
444: roleMap.put(roleName, attrValMap);
445: Set roles = org.createRoles(roleMap);
446: Iterator iter = roles.iterator();
447: AMRole role = (AMRole) iter.next();
448: //debugError("step 5. craeted the roles");
449:
450: AMTemplate dtTemp = org.getTemplate(
451: dmpc.MP_SUN_DESKTOP_SERVICE,
452: AMTemplate.DYNAMIC_TEMPLATE);
453: Set desktoptype = dtTemp
454: .getAttribute(dmpc.MP_ATTR_DESKTOP_TYPE);
455: Set defaultchannel = dtTemp
456: .getAttribute(dmpc.MP_ATTR_DEFAULTCHANNELNAME);
457: Set editchannel = dtTemp
458: .getAttribute(dmpc.MP_ATTR_EDITPROVIDERCONTAINERNAME);
459:
460: role.createTemplate(AMTemplate.DYNAMIC_TEMPLATE,
461: dmpc.MP_SUN_DESKTOP_SERVICE, null);
462: AMTemplate dtRoleTemp = role.getTemplate(
463: dmpc.MP_SUN_DESKTOP_SERVICE,
464: AMTemplate.DYNAMIC_TEMPLATE);
465: Map attrVals = new HashMap();
466: attrVals.put(dmpc.MP_ATTR_DESKTOP_TYPE, desktoptype);
467: attrVals.put(dmpc.MP_ATTR_DEFAULTCHANNELNAME,
468: defaultchannel);
469: attrVals.put(dmpc.MP_ATTR_EDITPROVIDERCONTAINERNAME,
470: editchannel);
471: dtRoleTemp.setAttributes(attrVals);
472: dtRoleTemp.store();
473:
474: role.createTemplate(AMTemplate.DYNAMIC_TEMPLATE,
475: USER_SERVICE_NAME, null);
476: if (contentAdmin) {
477: AMTemplate userRoleTemp = role.getTemplate(
478: USER_SERVICE_NAME,
479: AMTemplate.DYNAMIC_TEMPLATE);
480: Map userattrVals = new HashMap();
481: Set startDN = new HashSet();
482: startDN.add(managedRoleDN);
483: userattrVals.put(ATTR_START_DN, startDN);
484: userRoleTemp.setAttributes(userattrVals);
485: userRoleTemp.store();
486: }
487:
488: }
489:
490: } catch (AMException ame) {
491: throw new ContextError(
492: "ISUserTaskAdminContext.createRole():", ame);
493: } catch (SSOException ssoe) {
494: throw new ContextError(
495: "ISUserTaskAdminContext.createRole(): ", ssoe);
496:
497: }
498: }
499:
500: private Set getContentAdminACISet(String orgDN, String roleName,
501: String managedRoleDN) throws AMException {
502: Set roleAcis = new HashSet();
503: String rolenamingAttr = conn.getConnection()
504: .getNamingAttribute(AMObject.ROLE);
505: String contentAdminACI1 = "(target=\"ldap:///" + rolenamingAttr
506: + "=" + dmpc.MP_SUN_DESKTOP_SERVICE + "," + orgDN
507: + "\")(targetfilter=(" + rolenamingAttr + "="
508: + managedRoleDN
509: + "))(targetattr=\"*\")(version 3.0; acl \"Allow "
510: + roleName + " to edit display profile of "
511: + DNToName(managedRoleDN)
512: + " Role\"; allow (all) roledn=\"ldap:///"
513: + rolenamingAttr + "=" + roleName + "," + orgDN
514: + "\";)";
515: //debugError("admin aci1= " + contentAdminACI1);
516: roleAcis.add(contentAdminACI1);
517: String contentAdminACI2 = "(target=\"ldap:///" + orgDN
518: + "\") (targetfilter=\"(entrydn=" + managedRoleDN
519: + ")\")(targetattr=\"*\")(version 3.0; acl \"Allow "
520: + roleName + " Role to read and search "
521: + DNToName(managedRoleDN)
522: + " Role\";allow (read,search) roledn=\"ldap:///"
523: + rolenamingAttr + "=" + roleName + "," + orgDN
524: + "\";)";
525: //debugError("admin aci1= " + contentAdminACI2);
526: roleAcis.add(contentAdminACI2);
527: return roleAcis;
528:
529: }
530:
531: private Set getUserAdminACISet(String orgDN, String roleName,
532: String managedRoleDN) throws AMException, SSOException {
533: Set roleAcis = new HashSet();
534: String rolenamingAttr = conn.getConnection()
535: .getNamingAttribute(AMObject.ROLE);
536: String pcDN = conn.getUser().getParentDN();
537: String userAdminACI1 = "(target=\"ldap:///"
538: + pcDN
539: + "\") (targetattr=\"*\")(version 3.0; acl \"Allow "
540: + roleName
541: + " to read and search users\"; allow (read, search) roledn=\"ldap:///"
542: + rolenamingAttr + "=" + roleName + "," + orgDN
543: + "\";)";
544: //debugError("admin aci1= " + userAdminACI1);
545: roleAcis.add(userAdminACI1);
546: String userAdminACI2 = "(target=\"ldap:///" + orgDN
547: + "\") (targetfilter=\"(entrydn=" + managedRoleDN
548: + ")\")(targetattr=\"*\")(version 3.0; acl \"Allow "
549: + roleName + " Role to read and search "
550: + DNToName(managedRoleDN)
551: + " Role\";allow (read,search) roledn=\"ldap:///"
552: + rolenamingAttr + "=" + roleName + "," + orgDN
553: + "\";)";
554: //debugError("admin aci1= " + userAdminACI2);
555: roleAcis.add(userAdminACI2);
556: String userAdminACI3 = "(target=\"ldap:///"
557: + pcDN
558: + "\")(targetattr=\"nsroledn\")(targetfilter=\"(!(|(nsroledn="
559: + rolenamingAttr + "=Top-level Admin Role," + orgDN
560: + ")(nsroledn=" + rolenamingAttr
561: + "=Organization Admin Role," + orgDN + ")(nsroledn="
562: + rolenamingAttr + "=Top-level Policy Admin Role,"
563: + orgDN
564: + ")))\")(targattrfilters=\"add=nsroledn:(nsroledn="
565: + managedRoleDN + "),del=nsroledn:(nsroledn="
566: + managedRoleDN + ")\")(version 3.0; acl \"Allow "
567: + roleName + " to add/remove users to "
568: + DNToName(managedRoleDN)
569: + " Role\";allow (write)roleDN=\"ldap:///"
570: + rolenamingAttr + "=" + roleName + "," + orgDN
571: + "\";)";
572: //debugError("admin aci3=" + userAdminACI3);
573: roleAcis.add(userAdminACI3);
574: return roleAcis;
575:
576: }
577:
578: private void storeUserAttributes(String attribute, String value,
579: Map userMap) {
580: Set userSet = new HashSet();
581: userSet.add(value);
582: userMap.put(attribute, userSet);
583: }
584:
585: protected TaskAdminISConnection getISConnection() {
586: return conn;
587: }
588:
589: public void addSSOTokenListener(SSOTokenListener sl) {
590: SSOToken token = conn.getSSOToken();
591:
592: //
593: // only register as an SSO token listener
594: // once per session
595: //
596:
597: try {
598: if (!ssoTokenListenerAdded) {
599: synchronized (this ) {
600: if (!ssoTokenListenerAdded) {
601: token.addSSOTokenListener(sl);
602: ssoTokenListenerAdded = true;
603: }
604: }
605: }
606: } catch (SSOException ssoe) {
607: throw new ContextError(
608: "TaskAdminContext.addSSOTokenListener(): ", ssoe);
609: }
610: }
611:
612: }
|