com.waveset.adapter
Class SiteminderLDAPResourceAdapter

java.lang.Object
  extended bycom.waveset.adapter.ResourceAdapterBase
      extended bycom.waveset.adapter.LDAPResourceAdapterBase
          extended bycom.waveset.adapter.LDAPResourceAdapter
              extended bycom.waveset.adapter.SiteminderLDAPResourceAdapter
All Implemented Interfaces:
ActiveSync, ResourceAdapter

public class SiteminderLDAPResourceAdapter
extends LDAPResourceAdapter


Nested Class Summary
 
Nested classes inherited from class com.waveset.adapter.LDAPResourceAdapterBase
LDAPResourceAdapterBase.AcctIter, LDAPResourceAdapterBase.BlockAcctIter, LDAPResourceAdapterBase.UpdateRow, LDAPResourceAdapterBase.UpdateRows, LDAPResourceAdapterBase.VLVAcctIter
 
Nested classes inherited from class com.waveset.adapter.ResourceAdapterBase
ResourceAdapterBase.SimpleAccountIterator
 
Nested classes inherited from class com.waveset.adapter.ResourceAdapter
ResourceAdapter.ActionResult, ResourceAdapter.Features, ResourceAdapter.ObjectType
 
Field Summary
protected  SiteminderUtil _smu
           
static java.lang.String AA_STATUS_FLAGS
          Account Attribute name for the field used to get/set pwd expired/unexpired and enable/disable user
static java.lang.String code_id
           
static java.lang.String RA_ACCOUNTING_PORT
          Resource attribute name for the SM Authorization server port.
static java.lang.String RA_AUTH_VAR
          Resource attribute name for auth variable.
static java.lang.String RA_AUTHENT_PORT
          Resource attribute name for the SM Authentication server port.
static java.lang.String RA_AUTHOR_PORT
          Resource attribute name for the SM Authorization server port.
static java.lang.String RA_CONMAX
          Resource attribute name for the SM Connection Max.
static java.lang.String RA_CONMIN
          Resource attribute name for the SM Connection Min.
static java.lang.String RA_CONSTEP
          Resource attribute name for the SM Connection Step.
static java.lang.String RA_CUSTOM_AGENT
          Resource attribute name for the SM Authorization server port.
static java.lang.String RA_CUSTOM_AGENT_SHARED_SECRET
          Resource attribute name for the SM Authentication server port.
static java.lang.String RA_DISABLED_FLAG
           
static java.lang.String RA_POL_SERVER
          Resource attribute name for SM policy server ip.
static java.lang.String RA_SMADMIN
          Resource attribute name for admin account.
static java.lang.String RA_SMPASSWORD
          Resource attribute name for the admin password.
static java.lang.String RA_TIMEOUT
          Resource attribute name for the SM Authentication server port.
static java.lang.String SITE_MINDER_USERDN
           
 
Fields inherited from class com.waveset.adapter.LDAPResourceAdapter
RA_ENABLE_PASSWORD_SYNC, RA_FILTER_CHANGES_BY, RA_LDAP_ACTIVATION, RA_LDAP_ACTIVATION_PARM, RA_OR_SEARCH_PARAMS_FILTER, RA_PASSWORD_ENCRYPTION_IV, RA_PASSWORD_ENCRYPTION_KEY, RA_PASSWORD_HASH_ALG
 
Fields inherited from class com.waveset.adapter.LDAPResourceAdapterBase
_accountActivator, _ctx, _encodePwd, ALL_NON_OPERATIONAL_ATTRIBUTES, LDAP_GROUPS_ATTR_NAME, LDAP_SEARCH_ATTRIBUTE_NAMES, LDAP_SEARCH_END_DATE, LDAP_SEARCH_FILTER_STRING, LDAP_SEARCH_OBJECT_CLASSES, LDAP_SEARCH_START_DATE, MICROSOFT, NETSCAPE, OPENLDAP, POSIX_GROUPS_ATTR_NAME, RA_ACTIVE_SYNC_LDAP_FILTER, RA_ACTIVE_SYNC_OBJECT_CLASSES, RA_ATTRIBUTE_FILTER, RA_ENABLE_CONNECTION_POOLING, RA_GROUP_OBJCLASS, RA_GRP_MBR_ATTR, RA_HOST, RA_INCL_OBJCLASSES_IN_SEARCH_FILTER, RA_LDAP_SEARCH_FILTER, RA_MOD_NAMING_ATTR, RA_PASSWORD, RA_PORT, RA_PROCESS_NAME, RA_SSL, RA_USE_BLOCKS, RA_USERDN, RA_VLV_SORT_ATTRIBUTE, RA_WSNAME, SUN, UNDISCOVERED, UNKNOWN
 
Fields inherited from class com.waveset.adapter.ResourceAdapterBase
_cache, _context, _excludedAccountsRule, _excludedAccountsRuleInited, _listAllObjectsAttrParse, _listAllObjectsAttrParseName, _listUserAttrParse, _listUserAttrParseName, _listUserGroupsAttrParse, _listUserGroupsAttrParseName, _resource, _thread, _trace, displayInfoCode, RA_BLOCKCOUNT, RA_LOGIN_ACTION, RA_LOGOFF_ACTION, RA_MULTI_VALUED_ATTRS, RA_TEST_MODE
 
Fields inherited from interface com.waveset.adapter.ActiveSync
ACTIVE_SYNC_EVENT_RES_ATTRS_XML, ACTIVE_SYNC_STD_RES_ATTRS_XML, ATTR_IS_DELETED, DATE_FORMAT, DATE_TIME_FORMAT, RA_APPLY_META_VIEW, RA_ASSIGN_SOURCE_ON_CREATE, RA_CONFIRMATION_RULE, RA_CORRELATION_RULE, RA_CREATE_UNMATCHED, RA_DELETE_RULE, RA_FORM, RA_ID, RA_IDM_NAME_RULE, RA_LEGACY_EVENT_GEN, RA_LOG_LEVEL, RA_LOG_PATH, RA_LOG_SIZE, RA_MAX_AGE_LENGTH, RA_MAX_AGE_UNIT, RA_MAX_ARCHIVES, RA_NAME, RA_PARAMETERIZED_INPUT_FORM, RA_POPULATE_GLOBAL, RA_POSTPOLL_WORKFLOW, RA_PREPOLL_WORKFLOW, RA_PROCESS_RULE, RA_PROXY_ADMINISTRATOR, RA_RESET_TO_TODAY, RA_RESOLVE_PROCESS_RULE, RA_SCHEDULE_INTERVAL, RA_SCHEDULE_INTERVAL_COUNT, RA_SCHEDULE_START_DATE, RA_SCHEDULE_START_TIME, RA_SYNC_CONFIG_MODE, RA_SYNC_POST_PROCESS_FORM, RA_UPDATE_IF_DELETE, RA_USE_INPUT_FORM, TIME_FORMAT, TRACE_LEVEL_DEBUG, TRACE_LEVEL_ERROR, TRACE_LEVEL_INFO, TRACE_LEVEL_NONE, TRACE_LEVEL_WARNING
 
Fields inherited from interface com.waveset.adapter.ResourceAdapter
CHANGE_PASSWORD_LOCATION, DISABLE, ENABLE, EXPIRE_PASSWORD, GUID, IGNORE_ATTR, NEW_ACCOUNT_ID, OP_DAYS_INACTIVE, OP_DISABLED, OP_DORMANT, OP_EXPIRED, OP_EXPIREDPWD, OP_INACTIVE, OP_LOCKED, OP_NO_PASSWORD_SET, OP_NOOWNERSHIP, OP_NOPASSWORDREQ, OP_NUMINACTIVEDAYS, OP_NUMPWDAYS, OP_PWNUMDAYS, RA_BASE_CTX, RA_DISPLAY_NAME_ATTR, RA_NEW_OBJECT_ID, RA_NEW_OBJECT_NAME, RA_OBJECT_ATTRIBUTES, RA_OBJECT_CLASS, RA_OBJECT_ID, RA_OBJECT_TYPE, RA_OP_TYPE, RA_RENAME_OP, RA_REQUESTOR, RA_SAVEAS_OP, RA_SEARCH_ATTRIBUTE_NAMES, RA_SEARCH_ATTRS_TO_GET, RA_SEARCH_CONTEXT, RA_SEARCH_FILTER, RA_SEARCH_RUN_AS_PASSWORD, RA_SEARCH_RUN_AS_USER, RA_SEARCH_SCOPE, RA_SEARCH_SCOPE_OBJECT, RA_SEARCH_SCOPE_ONE_LEVEL, RA_SEARCH_SCOPE_SUBTREE, RA_SEARCH_TIME_LIMIT, RESET_PASSWORD, SYSTEM_ATTRIBUTES, UNLOCK, WS_USER_PASSWORD
 
Constructor Summary
SiteminderLDAPResourceAdapter()
           
SiteminderLDAPResourceAdapter(Resource res, ObjectCache cache)
           
 
Method Summary
 WavesetResult authenticate(java.util.HashMap loginInfo)
          Authenticates the user against the resource.
 Resource createPrototypeResource()
           
 WSUser getUser(WSUser user)
          To support returning password enable/disable attribute, need to get user and translate Siteminder flag
 java.util.List listObjects(java.lang.String objectType, java.util.Map options)
          Returns a list of objects matching the requested objectType and options
protected  void modifyDisabledFlag(WSUser user, java.lang.String action, WavesetResult result)
          Deprecated. replaced by modifyStatusFlags(WSUser,String,WavesetResult).
protected  void modifyStatusFlags(WSUser user, java.lang.String action, WavesetResult result)
          Modifies/Adds Siteminder User Disabled Flag Attribute
protected  void realCreate(WSUser user, WavesetResult result)
          Need to convert password expire attribute, if sent, before creation.
protected  void realDisable(WSUser user, WavesetResult result)
          Sets LDAP attribute that is mapped to Siteminder Disabled Flag and ResourceInfo Disabled 'true'
protected  void realEnable(WSUser user, WavesetResult result)
          Sets LDAP attribute that is mapped to Siteminder Disabled Flag and ResourceInfo Disabled 'false'
protected  void realUpdate(WSUser user, WavesetResult result)
          Need to convert password expire attribute, if sent, before update.
protected  void startConnection()
          Needs to be overridden by subclass if default createAccounts() implementation is used.
static Resource staticCreatePrototypeResource()
           
protected  void stopConnection()
          Needs to be overridden by subclass if default createAccounts() implementation is used.
 boolean supportsAccountDisable()
          Whether the resource can enable and disable accounts.
 
Methods inherited from class com.waveset.adapter.LDAPResourceAdapter
addAttributes, getAccountActivator
 
Methods inherited from class com.waveset.adapter.LDAPResourceAdapterBase
addUserToGroup, addUserToGroup, addUserToGroups, addUserToGroups, buildBaseUrl, buildBaseUrl, buildEvent, callCompleted, checkCreateAccount, checkDeleteAccount, checkUpdateAccount, closeConnection, constructAccountFilter, constructAccountFilter, constructObjectClassFilter, createAccounts, createObject, deleteAccounts, deleteObject, doCreateOrUpdateObjectRequest, doCreateOrUpdateObjectRequest, encodePwd, ensureObjectClassInSchemaMap, fetchUser, fetchUser, getAccountAttributes, getAccountIterator, getAccountIterator, getAttributeValue, getBaseContextAttrName, getBaseContexts, getContextEnv, getFeatures, getGroups, getGroups, getLdapAccountAttributeNames, getLdapAccountAttributeNamesForQuery, getLDAPAttributes, getLDAPAttributes, getLDAPAttributes, getLDIFAttributeValue, getObject, getrn, getRootDSE, getServerVendor, getUser, getUser, getUserCheckForDisabled, init, isAccountObjectType, isPoolingEnabled, listAllObjects, logUpdate, makeConnection, makeConnection, makeUnpooledConnection, mapLDAPAttributes, mapLDAPAttributes, mapLDAPAttributes, modifyObject, namesEqual, parseAttrValue, parseOutRDN, poll, processUpdates, realDelete, removeAttributeDelta, removeNameFromAttribute, removeNameFromAttribute, removeUserFromAllGroups, removeUserFromAllGroups, removeUserFromGroup, removeUserFromGroup, removeUserFromGroups, removeUserFromGroups, renameUserAcrossGroups, renameUserAcrossGroups, renameUserAcrossPosixGroups, setAttributeValue, setLdapObjectAttribute, setLdapObjectAttributeMultivalued, setLdapObjectAttributeMultivalued, shutdown, supportsExcludedAccounts, testConfiguration, updateAccounts, updateObject, userActivation
 
Methods inherited from class com.waveset.adapter.ResourceAdapterBase
checkForNoPasswordInSchema, checkSyntax, createAccount, createIdentity, deleteAccount, deleteAccount, disableAccount, disableAccounts, dnsEqual, dnsEqual, enableAccount, enableAccounts, executeResourceAttributeJavascriptAction, fillInResourceInfo, fillInResourceInfo, getAccountIterator, getAction, getActionNotFoundErrorMessage, getActionNotFoundMessage, getActionRunAsPassword, getActionRunAsUser, getActionTimeout, getActionType, getAdapter, getAdapter, getAdapter, getAdapterProxy, getAdapterProxy, getAllAccounts, getAttrNameFromMapName, getAttrNameFromMapName, getAttrParse, getAttrTypeFromMapName, getAttrTypeFromMapName, getAUserName, getBaseContextObject, getBlockSize, getContext, getExcludedAccountsRule, getIdentity, getListAllObjectsAttrParse, getListUserAttrParse, getListUserGroupsAttrParse, getOptionalBooleanResAttrVal, getOptionalBooleanResAttrVal, getOptionalEncryptedResAttrVal, getOptionalResAttrVal, getOptionalStringResAttrVal, getRequiredResAttr, getRequiredResAttr, getRequiredResAttrVal, getRequiredResAttrVal, getRequiredResAttrVals, getRequiredUserAttributeNames, getResAttrValActionOnUser, getResAttrVals, getResource, getResourceAccounts, getResourceInfo, getResourceObjectAttrValNameAttr, getResourceObjectClassAttr, getResourceObjectTypePrefix, getSchemaMap, getWSAttrByMapName, getWSAttrByMapName, getWSAttrFromMap, handleActionResult, handleJavascriptActionResult, isAccountAttributeSecret, isExcludedAccount, isExcludedAccount, isFeatureEnabled, isSupported, isTestMode, listAllObjects, listObjects, listObjectsOfType, lookupAction, lookupAction, lookupActions, objectClassesMatchType, println, restoreResourceObjectClassAttr, run, run, runResourceAttributeJavascriptAction, scan, setCache, setContext, setDisabled, setFromResource, setResource, setResourceObjectClassAttr, setResourceOptionAttrs, startConnectionWrapper, supportsAccountActions, supportsActions, supportsCaseInsensitiveAccountIds, supportsContainerObjectTypes, supportsResourceAccount, supportsScanning, updateAccount, updateResourceAccount, updateResourceIdentity, vmStoreBoot, vmStoreGet, vmStoreInit, vmStoreLatch, vmStorePut
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

code_id

public static final java.lang.String code_id
See Also:
Constant Field Values

RA_DISABLED_FLAG

public static final java.lang.String RA_DISABLED_FLAG
See Also:
Constant Field Values

SITE_MINDER_USERDN

public static final java.lang.String SITE_MINDER_USERDN
See Also:
Constant Field Values

_smu

protected SiteminderUtil _smu

RA_AUTH_VAR

public static final java.lang.String RA_AUTH_VAR
Resource attribute name for auth variable.

See Also:
Constant Field Values

RA_SMADMIN

public static final java.lang.String RA_SMADMIN
Resource attribute name for admin account.

See Also:
Constant Field Values

RA_SMPASSWORD

public static final java.lang.String RA_SMPASSWORD
Resource attribute name for the admin password.

See Also:
Constant Field Values

RA_POL_SERVER

public static final java.lang.String RA_POL_SERVER
Resource attribute name for SM policy server ip.

See Also:
Constant Field Values

RA_AUTHOR_PORT

public static final java.lang.String RA_AUTHOR_PORT
Resource attribute name for the SM Authorization server port.

See Also:
Constant Field Values

RA_AUTHENT_PORT

public static final java.lang.String RA_AUTHENT_PORT
Resource attribute name for the SM Authentication server port.

See Also:
Constant Field Values

RA_ACCOUNTING_PORT

public static final java.lang.String RA_ACCOUNTING_PORT
Resource attribute name for the SM Authorization server port.

See Also:
Constant Field Values

RA_TIMEOUT

public static final java.lang.String RA_TIMEOUT
Resource attribute name for the SM Authentication server port.

See Also:
Constant Field Values

RA_CUSTOM_AGENT

public static final java.lang.String RA_CUSTOM_AGENT
Resource attribute name for the SM Authorization server port.

See Also:
Constant Field Values

RA_CUSTOM_AGENT_SHARED_SECRET

public static final java.lang.String RA_CUSTOM_AGENT_SHARED_SECRET
Resource attribute name for the SM Authentication server port.

See Also:
Constant Field Values

RA_CONMIN

public static final java.lang.String RA_CONMIN
Resource attribute name for the SM Connection Min.

See Also:
Constant Field Values

RA_CONMAX

public static final java.lang.String RA_CONMAX
Resource attribute name for the SM Connection Max.

See Also:
Constant Field Values

RA_CONSTEP

public static final java.lang.String RA_CONSTEP
Resource attribute name for the SM Connection Step.

See Also:
Constant Field Values

AA_STATUS_FLAGS

public static final java.lang.String AA_STATUS_FLAGS
Account Attribute name for the field used to get/set pwd expired/unexpired and enable/disable user

See Also:
Constant Field Values
Constructor Detail

SiteminderLDAPResourceAdapter

public SiteminderLDAPResourceAdapter(Resource res,
                                     ObjectCache cache)

SiteminderLDAPResourceAdapter

public SiteminderLDAPResourceAdapter()
Method Detail

staticCreatePrototypeResource

public static Resource staticCreatePrototypeResource()
                                              throws WavesetException
Throws:
WavesetException

createPrototypeResource

public Resource createPrototypeResource()
                                 throws WavesetException
Specified by:
createPrototypeResource in interface ResourceAdapter
Overrides:
createPrototypeResource in class LDAPResourceAdapter
Throws:
WavesetException

authenticate

public WavesetResult authenticate(java.util.HashMap loginInfo)
                           throws WavesetException
Description copied from interface: ResourceAdapter
Authenticates the user against the resource. If authentication is successful, the authenticated id will be returned. If more info is required to complete authentication the result will contain the required info

Specified by:
authenticate in interface ResourceAdapter
Overrides:
authenticate in class LDAPResourceAdapterBase
Throws:
WavesetException

getUser

public WSUser getUser(WSUser user)
               throws WavesetException
To support returning password enable/disable attribute, need to get user and translate Siteminder flag

Specified by:
getUser in interface ResourceAdapter
Overrides:
getUser in class LDAPResourceAdapterBase
Parameters:
user -
Returns:
WSUser
Throws:
WavesetException

realCreate

protected void realCreate(WSUser user,
                          WavesetResult result)
                   throws WavesetException
Need to convert password expire attribute, if sent, before creation.

Overrides:
realCreate in class LDAPResourceAdapterBase
Parameters:
user -
result -
Throws:
WavesetException

realUpdate

protected void realUpdate(WSUser user,
                          WavesetResult result)
                   throws WavesetException
Need to convert password expire attribute, if sent, before update.

Overrides:
realUpdate in class LDAPResourceAdapterBase
Parameters:
user -
result -
Throws:
WavesetException

realEnable

protected void realEnable(WSUser user,
                          WavesetResult result)
                   throws WavesetException
Sets LDAP attribute that is mapped to Siteminder Disabled Flag and ResourceInfo Disabled 'false'

Overrides:
realEnable in class LDAPResourceAdapterBase
Parameters:
user - the user to Enable
result -
Throws:
WavesetException - if ENABLED fails

realDisable

protected void realDisable(WSUser user,
                           WavesetResult result)
                    throws WavesetException
Sets LDAP attribute that is mapped to Siteminder Disabled Flag and ResourceInfo Disabled 'true'

Overrides:
realDisable in class LDAPResourceAdapterBase
Parameters:
user - the user to Disable
result -
Throws:
WavesetException - if DISABLED fails

modifyDisabledFlag

protected void modifyDisabledFlag(WSUser user,
                                  java.lang.String action,
                                  WavesetResult result)
                           throws WavesetException
Deprecated. replaced by modifyStatusFlags(WSUser,String,WavesetResult).

Modifies/Adds Siteminder User Disabled Flag Attribute

Parameters:
user - the user to Disable
action - (disable, enable, pwdExpire, pwdUnExp)
result -
Throws:
WavesetException

modifyStatusFlags

protected void modifyStatusFlags(WSUser user,
                                 java.lang.String action,
                                 WavesetResult result)
                          throws WavesetException
Modifies/Adds Siteminder User Disabled Flag Attribute

Parameters:
user - the user to Disable
action - (disable, enable, pwdExpire, pwdUnExp)
result -
Throws:
WavesetException

listObjects

public java.util.List listObjects(java.lang.String objectType,
                                  java.util.Map options)
                           throws WavesetException
Description copied from class: LDAPResourceAdapterBase
Returns a list of objects matching the requested objectType and options

Specified by:
listObjects in interface ResourceAdapter
Overrides:
listObjects in class LDAPResourceAdapterBase
Parameters:
objectType - - the name of a valid object class for this specified "resId".
options - - several options can be specified which control the behavior of the search. They include:
    "searchContext" - the value of this option determines within what context to perform search (ResourceAdapter.RA_SEARCH_CONTEXT). If not specified, will attempt to get a value from RA_BASE_CONTEXT. If no value, will assume search should be done from logical top.
  1. "searchFilter" - optional specification, in LDAP search filter format as specified in RFC 1558, of one or more object tuples either and'ed or or'ed together. If not specified, a filter will be constructed using the specified objectType. (ResourceAdapter.SEARCH_FILTER).
  2. "searchScope" - specifies whether the search should be done on the current object, only within the context of the specified "searchContext", or in all subcontext within the specified "searchContext" (ResourceAdapter.RA_SEARCH_SCOPE). Valid values are "object", "oneLevel", or "subTree" indicates that the search should be performed on all sub contexts within the specified "searchContext".
  3. "searchTimeLimit" - the timelimit in milliseconds a search should not exceed (ResourceAdapter.RA_SEARCH_TIME_LIMIT).
  4. "searchAttrsToGet" - the list of objectType specific attribute names to get per object
  5. "runAsUser" - user name this request is to be run as. If not specified, defaults to resource proxy admin user.
  6. "runAsPassword" - password of runAsUser. Required to authenticate with resource in order to run the list request as the specified user
Note: This method does not use the RA_LDAP_SEARCH_FILTER resource attribute when listing objects because the filter is explicitly passed in.
Throws:
WavesetException

supportsAccountDisable

public boolean supportsAccountDisable()
Whether the resource can enable and disable accounts.

Specified by:
supportsAccountDisable in interface ResourceAdapter
Overrides:
supportsAccountDisable in class LDAPResourceAdapterBase
Returns:
boolean if Account Disable supported

startConnection

protected void startConnection()
                        throws WavesetException
Description copied from class: ResourceAdapterBase
Needs to be overridden by subclass if default createAccounts() implementation is used.

Overrides:
startConnection in class LDAPResourceAdapterBase
Throws:
WavesetException

stopConnection

protected void stopConnection()
                       throws WavesetException
Description copied from class: ResourceAdapterBase
Needs to be overridden by subclass if default createAccounts() implementation is used.

Overrides:
stopConnection in class LDAPResourceAdapterBase
Throws:
WavesetException