com.waveset.adapter
Class ActivCardResourceAdapter
java.lang.Object
com.waveset.adapter.ResourceAdapterBase
com.waveset.adapter.ActivCardResourceAdapter
- All Implemented Interfaces:
- ResourceAdapter
- public class ActivCardResourceAdapter
- extends ResourceAdapterBase
Fields inherited from class com.waveset.adapter.ResourceAdapterBase |
_cache, _context, _excludedAccountsRule, _excludedAccountsRuleInited, _listAllObjectsAttrParse, _listAllObjectsAttrParseName, _listUserAttrParse, _listUserAttrParseName, _listUserGroupsAttrParse, _listUserGroupsAttrParseName, _resource, _thread, _trace, displayInfoCode, RA_BLOCKCOUNT, RA_LOGIN_ACTION, RA_LOGOFF_ACTION, RA_MULTI_VALUED_ATTRS, RA_TEST_MODE |
Fields inherited from interface com.waveset.adapter.ResourceAdapter |
CHANGE_PASSWORD_LOCATION, DISABLE, ENABLE, EXPIRE_PASSWORD, GUID, IGNORE_ATTR, NEW_ACCOUNT_ID, OP_DAYS_INACTIVE, OP_DISABLED, OP_DORMANT, OP_EXPIRED, OP_EXPIREDPWD, OP_INACTIVE, OP_LOCKED, OP_NO_PASSWORD_SET, OP_NOOWNERSHIP, OP_NOPASSWORDREQ, OP_NUMINACTIVEDAYS, OP_NUMPWDAYS, OP_PWNUMDAYS, RA_BASE_CTX, RA_DISPLAY_NAME_ATTR, RA_NEW_OBJECT_ID, RA_NEW_OBJECT_NAME, RA_OBJECT_ATTRIBUTES, RA_OBJECT_CLASS, RA_OBJECT_ID, RA_OBJECT_TYPE, RA_OP_TYPE, RA_RENAME_OP, RA_REQUESTOR, RA_SAVEAS_OP, RA_SEARCH_ATTRIBUTE_NAMES, RA_SEARCH_ATTRS_TO_GET, RA_SEARCH_CONTEXT, RA_SEARCH_FILTER, RA_SEARCH_RUN_AS_PASSWORD, RA_SEARCH_RUN_AS_USER, RA_SEARCH_SCOPE, RA_SEARCH_SCOPE_OBJECT, RA_SEARCH_SCOPE_ONE_LEVEL, RA_SEARCH_SCOPE_SUBTREE, RA_SEARCH_TIME_LIMIT, RESET_PASSWORD, SYSTEM_ATTRIBUTES, UNLOCK, WS_USER_PASSWORD |
Methods inherited from class com.waveset.adapter.ResourceAdapterBase |
checkForNoPasswordInSchema, checkSyntax, createAccount, createAccounts, createIdentity, createObject, deleteAccount, deleteAccount, deleteAccounts, deleteObject, disableAccount, disableAccounts, dnsEqual, dnsEqual, enableAccount, enableAccounts, executeResourceAttributeJavascriptAction, fillInResourceInfo, fillInResourceInfo, getAccountAttributes, getAccountIterator, getAccountIterator, getAccountIterator, getAction, getActionNotFoundErrorMessage, getActionNotFoundMessage, getActionRunAsPassword, getActionRunAsUser, getActionTimeout, getActionType, getAdapter, getAdapter, getAdapter, getAdapterProxy, getAdapterProxy, getAllAccounts, getAttrNameFromMapName, getAttrNameFromMapName, getAttrParse, getAttrTypeFromMapName, getAttrTypeFromMapName, getAUserName, getBaseContextAttrName, getBaseContextObject, getBaseContexts, getBlockSize, getContext, getExcludedAccountsRule, getIdentity, getListAllObjectsAttrParse, getListUserAttrParse, getListUserGroupsAttrParse, getObject, getOptionalBooleanResAttrVal, getOptionalBooleanResAttrVal, getOptionalEncryptedResAttrVal, getOptionalResAttrVal, getOptionalStringResAttrVal, getRequiredResAttr, getRequiredResAttr, getRequiredResAttrVal, getRequiredResAttrVal, getRequiredResAttrVals, getRequiredUserAttributeNames, getResAttrValActionOnUser, getResAttrVals, getResource, getResourceAccounts, getResourceInfo, getResourceObjectAttrValNameAttr, getResourceObjectClassAttr, getResourceObjectTypePrefix, getSchemaMap, getUser, getWSAttrByMapName, getWSAttrByMapName, getWSAttrFromMap, handleActionResult, handleJavascriptActionResult, isAccountAttributeSecret, isExcludedAccount, isExcludedAccount, isFeatureEnabled, isSupported, isTestMode, listAllObjects, listObjects, listObjects, listObjectsOfType, lookupAction, lookupAction, lookupActions, namesEqual, objectClassesMatchType, println, restoreResourceObjectClassAttr, run, run, runResourceAttributeJavascriptAction, scan, setCache, setContext, setDisabled, setFromResource, setResource, setResourceObjectClassAttr, setResourceOptionAttrs, startConnectionWrapper, supportsAccountActions, supportsActions, supportsCaseInsensitiveAccountIds, supportsContainerObjectTypes, supportsExcludedAccounts, supportsResourceAccount, supportsScanning, updateAccount, updateAccounts, updateObject, updateResourceAccount, updateResourceIdentity, vmStoreBoot, vmStoreGet, vmStoreInit, vmStoreLatch, vmStorePut |
Methods inherited from class java.lang.Object |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
code_id
public static final java.lang.String code_id
- See Also:
- Constant Field Values
CLASS
public static final java.lang.String CLASS
- See Also:
- Constant Field Values
ACTIVCARD_RESOURCE_TYPE
public static final java.lang.String ACTIVCARD_RESOURCE_TYPE
- See Also:
- Constant Field Values
ERROR_PREFIX
public static final java.lang.String ERROR_PREFIX
- See Also:
- Constant Field Values
RA_HOST
public static final java.lang.String RA_HOST
- Resource attributes are the internal names for resource parameters
that the user will enter during configuration.
The name of the host used to communicate with the resource.
- See Also:
- Constant Field Values
RA_PORT
public static final java.lang.String RA_PORT
- The port on which to communicate to the resource.
- See Also:
- Constant Field Values
RA_PROXY_HOST
public static final java.lang.String RA_PROXY_HOST
- Proxy Host and Port. Optional if outside a firewall.
todo Decide if/how this should be handled since global to the VM.
Note: Note yet implemented. See header comment for implementation
details.
- See Also:
- Constant Field Values
RA_PROXY_PORT
public static final java.lang.String RA_PROXY_PORT
- See Also:
- Constant Field Values
RA_PROXY_USER
public static final java.lang.String RA_PROXY_USER
- See Also:
- Constant Field Values
RA_PROXY_PASSWORD
public static final java.lang.String RA_PROXY_PASSWORD
- See Also:
- Constant Field Values
RA_KEYSTORE
public static final java.lang.String RA_KEYSTORE
- Keystore Information.
- See Also:
- Constant Field Values
RA_KEYSTORE_PASS
public static final java.lang.String RA_KEYSTORE_PASS
- See Also:
- Constant Field Values
RA_KEYSTORE_TYPE
public static final java.lang.String RA_KEYSTORE_TYPE
- See Also:
- Constant Field Values
RA_TRUSTED_CA
public static final java.lang.String RA_TRUSTED_CA
- Truststore Information.
- See Also:
- Constant Field Values
RA_BASE_NODE_DN
public static final java.lang.String RA_BASE_NODE_DN
- See Also:
- Constant Field Values
RA_USER_OBJECTCLASS
public static final java.lang.String RA_USER_OBJECTCLASS
- ActivCard server configuration information.
- See Also:
- Constant Field Values
RA_USER_ID_ATTR
public static final java.lang.String RA_USER_ID_ATTR
- See Also:
- Constant Field Values
RA_ENABLE_SELF_ENROLLMENT_ATTR
public static final java.lang.String RA_ENABLE_SELF_ENROLLMENT_ATTR
- See Also:
- Constant Field Values
ActivCardResourceAdapter
public ActivCardResourceAdapter(Resource res,
ObjectCache cache)
ActivCardResourceAdapter
public ActivCardResourceAdapter()
staticCreatePrototypeResource
public static Resource staticCreatePrototypeResource()
throws WavesetException
- Throws:
WavesetException
createPrototypeResource
public Resource createPrototypeResource()
throws WavesetException
- Specified by:
createPrototypeResource
in interface ResourceAdapter
- Specified by:
createPrototypeResource
in class ResourceAdapterBase
- Throws:
WavesetException
supportsAccountDisable
public boolean supportsAccountDisable()
- This method indicates to the server that this resource natively supports
account enable and disable. If the resource does not natively support
account enable and disable, then this method should be removed as the
default implementation, in ResourceAdapterBase, returns false.
- Specified by:
supportsAccountDisable
in interface ResourceAdapter
- Overrides:
supportsAccountDisable
in class ResourceAdapterBase
getUser
public WSUser getUser(WSUser user)
throws WavesetException
- Retrieve information about an account, and package it as
a WSUser object.
Information required to identify the resource account is supplied
in another WSUser object.
The returned user object will resemble the source object, but
will have its account attribute list filled in.
Returns "null" if there is no account that corresponds to the user.
- Specified by:
getUser
in interface ResourceAdapter
- Overrides:
getUser
in class ResourceAdapterBase
- Throws:
WavesetException
getFeatures
public GenericObject getFeatures()
- Adjust the list of features to remove pass through authentication.
todo Go through all features and methods used in overwridden method to
todo (cont) ensure the feature list is correct for ActivCard.
- Specified by:
getFeatures
in interface ResourceAdapter
- Overrides:
getFeatures
in class ResourceAdapterBase
- Returns:
- Trimmed list of Features.
- See Also:
ResourceAdapter.Features
checkCreateAccount
public WavesetResult checkCreateAccount(WSUser user)
throws WavesetException
- Checks to see if an account can be created. Some of the things that
might be checked are as follows:
- can basic connectivity to the resource be established?
- Do the account attribute values comply with all (if any) resource
specific restrictions or policies that haven't been checked at a
higher level?
Currently there are 3 check methods: checkCreateAccount,
checkDeleteAccount and checkUpdate account. All three of these methods
could be performing similar actions, such as ensuring that the resource
is available. These common actions can be moved to a common function
such as doBasicCheck() which any/all check methods could call.
Then the individual check methods would do additional checks
to ensure that user accounts can be added, modified or deleted.
checkCreateAccount is not designed to ensure that the account
creation will succeed, only that the likelyhood of success is good.
checkCreateAccount does not need to check to see if the account already
exists. The provisioner method will follow checkCreateAccount with a
getUser call.
- Specified by:
checkCreateAccount
in interface ResourceAdapter
- Specified by:
checkCreateAccount
in class ResourceAdapterBase
- Throws:
WavesetException
testConfiguration
public WavesetResult testConfiguration()
throws WavesetException
- Test resource adapter configuration.
- Specified by:
testConfiguration
in interface ResourceAdapter
- Overrides:
testConfiguration
in class ResourceAdapterBase
- Throws:
WavesetException
realCreate
protected void realCreate(WSUser user,
WavesetResult result)
throws WavesetException
- Create a new user account on the resource
This method is called by createAccounts (the multiuser create method).
CreateAccounts will open a connection, call realCreate for each user
being created, then close the connection.
This method after calling the API to create a user also submits the
request to AIMS server to issue a card to the user by using the
request type 4 which stands for "Validated issuance card request".
ActivCard : Create a User
Description:
This function creates a new user in the user repository (LDAP) and
adds all the relevant user attributes.
If createRepository flag has a value Yes, then if the user does not
exist in the repository then it is created and the new attributes
are added. If the user already exists in the user repository then an
error is returned. If createRepository flag has a value No, then if
the user doesn't already exists in the user repository then an
error is returned. If the user already exists in the repository
then the new attributes are added. Trinity user attributes can
be initialized by either passing the user template (causing
all the other attributes to be set according to the template) or
passing in all of the trinity attributes individually.
Syntax:
https://:/aims/enterprise/batch?action=CreateUser&userDN=
&createRepository=&AIMSUserAttribute1=&AIMSUserAttribute2=&TrinityUser
Attribute1=&TrinityUserAttribute2=
Parameters:
userDN Distinguished Name of the user to be created.
createRepository Flag to specify whether user should be created in the
repository. Possible values are: Yes and No.
AIMS User Attributes AIMS-Enterprise supported user attributes. Format
should be like: mail=bruno@batisse.com, cn=bbatisse, sn=Batisse etc.
Trinity User Attributes Trinity supported user attributes. Format should be like:
userTemplate=template1 etc. This value is optional.
Return value:
UserID unique ID of the user created.
Pre-conditions:
The user is not already active in AIMS-Enterprise (device issued or Trinity attributes).
Post-conditions:
User is created in the user repository.
User is created in Trinity (if applicable).
User attributes are initialized.
Example:
https://moon:8100/aims/enterprise/batch?action=CreateUser&userDN=
uid%3dstummala,dc%3dactivcard,dc%3dco,dc%3din&createRepository=yes&mail=s
tummala@activcard.co.in&cn=SrinivasTummala&givenName=Srinivas&sn=Tummala
The response to the request is returned in an HTML page that contains the following:
userid=stummala
errorcode=0
message=
- Overrides:
realCreate
in class ResourceAdapterBase
- Throws:
WavesetException
checkUpdateAccount
public WavesetResult checkUpdateAccount(WSUser user)
throws WavesetException
- Specified by:
checkUpdateAccount
in interface ResourceAdapter
- Specified by:
checkUpdateAccount
in class ResourceAdapterBase
- Throws:
WavesetException
realUpdate
protected void realUpdate(WSUser user,
WavesetResult result)
throws WavesetException
- ActivCard: Update User Attributes
Description:
This function updates the list of attributes for a user given the
list of attributes to modify. If an attribute is not already
initialized, it will initialized. If an attribute is already
initialized, it will be modified.
Syntax:
https://:/aims/enterprise/batch?action=UpdateUserAttribut
es&userID=&userAttributeName1=&userAttributeV
alue1=&userAttributeName2=&userA
ttributeValue2=
Parameters:
userID ID of the user.
userAttributeName1 Name of the first attribute to update.
userAttributeValue1 Value of the first attribute to update
userAttributeName2 Name of the second attribute to retrieve.
userAttributeValue2 Value of the second attribute to update
Return value:
None.
Pre-conditions:
User exists in the user repository.
Post-conditions:
User attributes are set to their new values.
Example:
https://moon:8100/aims/enterprise/batch?action=UpdateUserAttributes&userI
D=stummala&userAttributeName1=mail&userAttributeValue1=stummala@activcard
.co.in&userAttributeName2=givenName&userAttributeValue2=Srinivas
The response to the request is returned in an HTML page that contains the following:
AIMS-Enterprise v3.6 - Lifecycle Management API
errorcode=0
message=
- Overrides:
realUpdate
in class ResourceAdapterBase
- Throws:
WavesetException
checkDeleteAccount
public WavesetResult checkDeleteAccount(WSUser user)
throws WavesetException
- Specified by:
checkDeleteAccount
in interface ResourceAdapter
- Specified by:
checkDeleteAccount
in class ResourceAdapterBase
- Throws:
WavesetException
realDelete
protected void realDelete(WSUser user,
WavesetResult result)
throws WavesetException
- This calls two ActivCard APIs for terminateing the user and deleting.
ActivCard: Terminate a User
Description:
This function terminates in one step all the cards associated with an
end user, including the cancellation of possible pending replacement
request (or other requests, such as, unlock). If the
user has a temporary card, the temporary card is cancelled and the
permanent card is terminated.
If there is a pending replacement card request, the request is
cancelled first.
If a card has been bound to the user, the binding is cancelled.
The assigned card is terminated; credentials are revoked and the
card is un-assigned.
Syntax:
https://:/aims/enterprise/batch?action=TerminateUser&userID=
Parameters:
userID ID of the user to terminate.
Return value:
None
Pre-conditions:
User exists and has a valid card.
One card is assigned to the user.
Post-conditions:
All credentials attached to the cards are revoked.
Cards are no longer bound to the user.
Status-reason for all the cards belonging to the user is ISSUED-UNASSIGNED.
Example:
https://moon:8100/aims/enterprise/batch?action=TerminateUser&userID=JSmith
The response to the request is returned in an HTML page that contains the following:
status=0;
errorcode=0;
message= devices terminated for user uid=JSmith;
ActivCard: Delete a User
Description:
This function deletes the user from the user repository (if the
deleteRepository flag is set). All AIMS-Enterprise and Trinity user
attributes will be deleted. Also performs deletion of all RSO
credentials.
If deleteRepository flag is set to Yes, then the user is deleted from
the user repository and all AIMS-Enterprise, Trinity attributes
and RSO credentials will be deleted.
If deleteRepository flag is set to No, then user will not be deleted
from the user repository but all AIMS-Enterprise, Trinity user
attributes and all RSO credentials will be deleted.
Syntax:
https://:/aims/enterprise/batch?action=DeleteUser&userID=
&deleteRepository=
Parameters:
userID ID of the user to be deleted from the repository.
deleteRepository Flag to specify whether the user should be deleted from the repository.
Possible values are: Yes and No.
Return value:
None.
Pre-conditions:
User exists in the user repository.
Post-conditions:
User is deleted from the user repository (if the deleteRepository flag is set).
All AIMS-Enterprise and Trinity user attributes are deleted.
All RSO Credentials are deleted.
Example:
https://moon:8100/aims/enterprise/batch?action=DeleteUser&userid=stummala
&deleteRepository=Yes
AIMS-Enterprise v3.6 - Lifecycle Management API
The response to the request is returned in an HTML page that contains the following:
errorcode=0
message=
- Overrides:
realDelete
in class ResourceAdapterBase
- Throws:
WavesetException
realEnable
protected void realEnable(WSUser user,
WavesetResult result)
throws WavesetException
- ActivCard: Resume a Device
Description:
This function resumes the users suspended device. This will
activate all the credentials stored on the device. The input
parameter can be either the user ID or the device ID and type.
Syntax:
https://:/aims/enterprise/batch?action=ResumeDevice&UserID=
Parameters:
userID ID of the user to whom the device belongs to.
DeviceID Card Serial Number
DeviceType Card Type (only OP_2.0 is supported in the current version)
Return value:
None.
Pre-conditions:
User exists and has a valid card.
The card is assigned to the user.
The card is suspended.
Post-conditions:
All the credentials attached to the card are activated.
Card Status-Reason is ISSUED-ASSIGNED.
The response to the request is returned in an HTML page that contains the following:
AIMS-Enterprise v3.6 - Lifecycle Management API
status=0
errorcode=0
message=device resumed for user stummala.
- Overrides:
realEnable
in class ResourceAdapterBase
- Throws:
WavesetException
realDisable
protected void realDisable(WSUser user,
WavesetResult result)
throws WavesetException
- ActivCard: Suspend a Device
Description:
This function suspends the users active device. This will suspend all the credentials stored on the
device. The input parameter can be either the user ID or the device ID and type.
Syntax:
https://:/aims/enterprise/batch?action=SuspendDevice&UserID=
Parameters:
userID ID of the user to whom the device belongs to.
Return value:
None.
Pre-conditions:
User exists and has a valid card.
The card is assigned to the user.
The card is not suspended.
Post-conditions:
All the credentials attached to the card are suspended.
Card Status-Reason is INVALID-ON_HOLD.
The response to the request is returned in an HTML page that contains the following:
AIMS-Enterprise v3.6 - Lifecycle Management API
status=0
errorcode=0
message=device suspended for user stummala.
- Overrides:
realDisable
in class ResourceAdapterBase
- Throws:
WavesetException
listAllObjects
public java.util.ArrayList listAllObjects(java.lang.String objectType,
java.util.Map options,
java.lang.String runAsUser,
EncryptedData runAsPassword)
throws WavesetException
- Used by the base implementation of getAccountIterator in ResourceAdapterBase.
- Specified by:
listAllObjects
in interface ResourceAdapter
- Overrides:
listAllObjects
in class ResourceAdapterBase
- Parameters:
objectType
- - a type of object
that is either well-known or is meaningful to the resource.
Every resource is expected to recognize certain values.
For example,
listAllObjects(ObjectType.ACCOUNT, null, null, null)
should return a list of all account names.options
- - a map of optionsrunAsUser
- - (optional) if specified, connect as this user
to list all objects of the specified type.runAsPassword
- - (optional) if specified, connect with this
password to list all objects of the specified type.
- Returns:
- a list of all object names of a specified type.
- Throws:
WavesetException
authenticate
public WavesetResult authenticate(java.util.HashMap hashMap)
throws WavesetException
- Authenticates the user against the resource. Return the authenticated id
if authentication succeeds.
The authenticate method is used to verify a user account and password are
valid. If the user account name does not exist on the resource, the
password does not match, or multiple matches exist, then throw an
exception.
If the resource has multiple contexts (for example LDAP or NDS), the
authenticate method should not stop when it finds the first match,
instead it should continue through the entire list. If it finds more
than one match, then an exception should be thrown.
- Specified by:
authenticate
in interface ResourceAdapter
- Specified by:
authenticate
in class ResourceAdapterBase
- Throws:
WavesetException
startConnection
protected void startConnection()
throws WavesetException
- Overridden since default createAccounts() implementation is used.
- Overrides:
startConnection
in class ResourceAdapterBase
- Throws:
WavesetException
stopConnection
protected void stopConnection()
throws WavesetException
- Overridden since default createAccounts() implementation is used.
- Overrides:
stopConnection
in class ResourceAdapterBase
- Throws:
WavesetException