com.waveset.adapter
Class ActivCardResourceAdapter

java.lang.Object
  extended bycom.waveset.adapter.ResourceAdapterBase
      extended bycom.waveset.adapter.ActivCardResourceAdapter
All Implemented Interfaces:
ResourceAdapter

public class ActivCardResourceAdapter
extends ResourceAdapterBase


Nested Class Summary
 
Nested classes inherited from class com.waveset.adapter.ResourceAdapterBase
ResourceAdapterBase.SimpleAccountIterator
 
Nested classes inherited from class com.waveset.adapter.ResourceAdapter
ResourceAdapter.ActionResult, ResourceAdapter.Features, ResourceAdapter.ObjectType
 
Field Summary
static java.lang.String ACTIVCARD_RESOURCE_TYPE
           
static java.lang.String CLASS
           
static java.lang.String code_id
           
static java.lang.String ERROR_PREFIX
           
static java.lang.String RA_BASE_NODE_DN
           
static java.lang.String RA_ENABLE_SELF_ENROLLMENT_ATTR
           
static java.lang.String RA_HOST
          Resource attributes are the internal names for resource parameters that the user will enter during configuration.
static java.lang.String RA_KEYSTORE
          Keystore Information.
static java.lang.String RA_KEYSTORE_PASS
           
static java.lang.String RA_KEYSTORE_TYPE
           
static java.lang.String RA_PORT
          The port on which to communicate to the resource.
static java.lang.String RA_PROXY_HOST
          Proxy Host and Port.
static java.lang.String RA_PROXY_PASSWORD
           
static java.lang.String RA_PROXY_PORT
           
static java.lang.String RA_PROXY_USER
           
static java.lang.String RA_TRUSTED_CA
          Truststore Information.
static java.lang.String RA_USER_ID_ATTR
           
static java.lang.String RA_USER_OBJECTCLASS
          ActivCard server configuration information.
 
Fields inherited from class com.waveset.adapter.ResourceAdapterBase
_cache, _context, _excludedAccountsRule, _excludedAccountsRuleInited, _listAllObjectsAttrParse, _listAllObjectsAttrParseName, _listUserAttrParse, _listUserAttrParseName, _listUserGroupsAttrParse, _listUserGroupsAttrParseName, _resource, _thread, _trace, displayInfoCode, RA_BLOCKCOUNT, RA_LOGIN_ACTION, RA_LOGOFF_ACTION, RA_MULTI_VALUED_ATTRS, RA_TEST_MODE
 
Fields inherited from interface com.waveset.adapter.ResourceAdapter
CHANGE_PASSWORD_LOCATION, DISABLE, ENABLE, EXPIRE_PASSWORD, GUID, IGNORE_ATTR, NEW_ACCOUNT_ID, OP_DAYS_INACTIVE, OP_DISABLED, OP_DORMANT, OP_EXPIRED, OP_EXPIREDPWD, OP_INACTIVE, OP_LOCKED, OP_NO_PASSWORD_SET, OP_NOOWNERSHIP, OP_NOPASSWORDREQ, OP_NUMINACTIVEDAYS, OP_NUMPWDAYS, OP_PWNUMDAYS, RA_BASE_CTX, RA_DISPLAY_NAME_ATTR, RA_NEW_OBJECT_ID, RA_NEW_OBJECT_NAME, RA_OBJECT_ATTRIBUTES, RA_OBJECT_CLASS, RA_OBJECT_ID, RA_OBJECT_TYPE, RA_OP_TYPE, RA_RENAME_OP, RA_REQUESTOR, RA_SAVEAS_OP, RA_SEARCH_ATTRIBUTE_NAMES, RA_SEARCH_ATTRS_TO_GET, RA_SEARCH_CONTEXT, RA_SEARCH_FILTER, RA_SEARCH_RUN_AS_PASSWORD, RA_SEARCH_RUN_AS_USER, RA_SEARCH_SCOPE, RA_SEARCH_SCOPE_OBJECT, RA_SEARCH_SCOPE_ONE_LEVEL, RA_SEARCH_SCOPE_SUBTREE, RA_SEARCH_TIME_LIMIT, RESET_PASSWORD, SYSTEM_ATTRIBUTES, UNLOCK, WS_USER_PASSWORD
 
Constructor Summary
ActivCardResourceAdapter()
           
ActivCardResourceAdapter(Resource res, ObjectCache cache)
           
 
Method Summary
 WavesetResult authenticate(java.util.HashMap hashMap)
          Authenticates the user against the resource.
 WavesetResult checkCreateAccount(WSUser user)
          Checks to see if an account can be created.
 WavesetResult checkDeleteAccount(WSUser user)
           
 WavesetResult checkUpdateAccount(WSUser user)
           
 Resource createPrototypeResource()
           
 GenericObject getFeatures()
          Adjust the list of features to remove pass through authentication.
 WSUser getUser(WSUser user)
          Retrieve information about an account, and package it as a WSUser object.
 java.util.ArrayList listAllObjects(java.lang.String objectType, java.util.Map options, java.lang.String runAsUser, EncryptedData runAsPassword)
          Used by the base implementation of getAccountIterator in ResourceAdapterBase.
protected  void realCreate(WSUser user, WavesetResult result)
          Create a new user account on the resource

This method is called by createAccounts (the multiuser create method).

protected  void realDelete(WSUser user, WavesetResult result)
          This calls two ActivCard APIs for terminateing the user and deleting.
protected  void realDisable(WSUser user, WavesetResult result)
          ActivCard: Suspend a Device Description: This function suspends the users active device.
protected  void realEnable(WSUser user, WavesetResult result)
          ActivCard: Resume a Device Description: This function resumes the users suspended device.
protected  void realUpdate(WSUser user, WavesetResult result)
          ActivCard: Update User Attributes Description: This function updates the list of attributes for a user given the list of attributes to modify.
protected  void startConnection()
          Overridden since default createAccounts() implementation is used.
static Resource staticCreatePrototypeResource()
           
protected  void stopConnection()
          Overridden since default createAccounts() implementation is used.
 boolean supportsAccountDisable()
          This method indicates to the server that this resource natively supports account enable and disable.
 WavesetResult testConfiguration()
          Test resource adapter configuration.
 
Methods inherited from class com.waveset.adapter.ResourceAdapterBase
checkForNoPasswordInSchema, checkSyntax, createAccount, createAccounts, createIdentity, createObject, deleteAccount, deleteAccount, deleteAccounts, deleteObject, disableAccount, disableAccounts, dnsEqual, dnsEqual, enableAccount, enableAccounts, executeResourceAttributeJavascriptAction, fillInResourceInfo, fillInResourceInfo, getAccountAttributes, getAccountIterator, getAccountIterator, getAccountIterator, getAction, getActionNotFoundErrorMessage, getActionNotFoundMessage, getActionRunAsPassword, getActionRunAsUser, getActionTimeout, getActionType, getAdapter, getAdapter, getAdapter, getAdapterProxy, getAdapterProxy, getAllAccounts, getAttrNameFromMapName, getAttrNameFromMapName, getAttrParse, getAttrTypeFromMapName, getAttrTypeFromMapName, getAUserName, getBaseContextAttrName, getBaseContextObject, getBaseContexts, getBlockSize, getContext, getExcludedAccountsRule, getIdentity, getListAllObjectsAttrParse, getListUserAttrParse, getListUserGroupsAttrParse, getObject, getOptionalBooleanResAttrVal, getOptionalBooleanResAttrVal, getOptionalEncryptedResAttrVal, getOptionalResAttrVal, getOptionalStringResAttrVal, getRequiredResAttr, getRequiredResAttr, getRequiredResAttrVal, getRequiredResAttrVal, getRequiredResAttrVals, getRequiredUserAttributeNames, getResAttrValActionOnUser, getResAttrVals, getResource, getResourceAccounts, getResourceInfo, getResourceObjectAttrValNameAttr, getResourceObjectClassAttr, getResourceObjectTypePrefix, getSchemaMap, getUser, getWSAttrByMapName, getWSAttrByMapName, getWSAttrFromMap, handleActionResult, handleJavascriptActionResult, isAccountAttributeSecret, isExcludedAccount, isExcludedAccount, isFeatureEnabled, isSupported, isTestMode, listAllObjects, listObjects, listObjects, listObjectsOfType, lookupAction, lookupAction, lookupActions, namesEqual, objectClassesMatchType, println, restoreResourceObjectClassAttr, run, run, runResourceAttributeJavascriptAction, scan, setCache, setContext, setDisabled, setFromResource, setResource, setResourceObjectClassAttr, setResourceOptionAttrs, startConnectionWrapper, supportsAccountActions, supportsActions, supportsCaseInsensitiveAccountIds, supportsContainerObjectTypes, supportsExcludedAccounts, supportsResourceAccount, supportsScanning, updateAccount, updateAccounts, updateObject, updateResourceAccount, updateResourceIdentity, vmStoreBoot, vmStoreGet, vmStoreInit, vmStoreLatch, vmStorePut
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

code_id

public static final java.lang.String code_id
See Also:
Constant Field Values

CLASS

public static final java.lang.String CLASS
See Also:
Constant Field Values

ACTIVCARD_RESOURCE_TYPE

public static final java.lang.String ACTIVCARD_RESOURCE_TYPE
See Also:
Constant Field Values

ERROR_PREFIX

public static final java.lang.String ERROR_PREFIX
See Also:
Constant Field Values

RA_HOST

public static final java.lang.String RA_HOST
Resource attributes are the internal names for resource parameters that the user will enter during configuration.

The name of the host used to communicate with the resource.

See Also:
Constant Field Values

RA_PORT

public static final java.lang.String RA_PORT
The port on which to communicate to the resource.

See Also:
Constant Field Values

RA_PROXY_HOST

public static final java.lang.String RA_PROXY_HOST
Proxy Host and Port. Optional if outside a firewall. todo Decide if/how this should be handled since global to the VM. Note: Note yet implemented. See header comment for implementation details.

See Also:
Constant Field Values

RA_PROXY_PORT

public static final java.lang.String RA_PROXY_PORT
See Also:
Constant Field Values

RA_PROXY_USER

public static final java.lang.String RA_PROXY_USER
See Also:
Constant Field Values

RA_PROXY_PASSWORD

public static final java.lang.String RA_PROXY_PASSWORD
See Also:
Constant Field Values

RA_KEYSTORE

public static final java.lang.String RA_KEYSTORE
Keystore Information.

See Also:
Constant Field Values

RA_KEYSTORE_PASS

public static final java.lang.String RA_KEYSTORE_PASS
See Also:
Constant Field Values

RA_KEYSTORE_TYPE

public static final java.lang.String RA_KEYSTORE_TYPE
See Also:
Constant Field Values

RA_TRUSTED_CA

public static final java.lang.String RA_TRUSTED_CA
Truststore Information.

See Also:
Constant Field Values

RA_BASE_NODE_DN

public static final java.lang.String RA_BASE_NODE_DN
See Also:
Constant Field Values

RA_USER_OBJECTCLASS

public static final java.lang.String RA_USER_OBJECTCLASS
ActivCard server configuration information.

See Also:
Constant Field Values

RA_USER_ID_ATTR

public static final java.lang.String RA_USER_ID_ATTR
See Also:
Constant Field Values

RA_ENABLE_SELF_ENROLLMENT_ATTR

public static final java.lang.String RA_ENABLE_SELF_ENROLLMENT_ATTR
See Also:
Constant Field Values
Constructor Detail

ActivCardResourceAdapter

public ActivCardResourceAdapter(Resource res,
                                ObjectCache cache)

ActivCardResourceAdapter

public ActivCardResourceAdapter()
Method Detail

staticCreatePrototypeResource

public static Resource staticCreatePrototypeResource()
                                              throws WavesetException
Throws:
WavesetException

createPrototypeResource

public Resource createPrototypeResource()
                                 throws WavesetException
Specified by:
createPrototypeResource in interface ResourceAdapter
Specified by:
createPrototypeResource in class ResourceAdapterBase
Throws:
WavesetException

supportsAccountDisable

public boolean supportsAccountDisable()
This method indicates to the server that this resource natively supports account enable and disable. If the resource does not natively support account enable and disable, then this method should be removed as the default implementation, in ResourceAdapterBase, returns false.

Specified by:
supportsAccountDisable in interface ResourceAdapter
Overrides:
supportsAccountDisable in class ResourceAdapterBase

getUser

public WSUser getUser(WSUser user)
               throws WavesetException
Retrieve information about an account, and package it as a WSUser object.

Information required to identify the resource account is supplied in another WSUser object.

The returned user object will resemble the source object, but will have its account attribute list filled in.

Returns "null" if there is no account that corresponds to the user.

Specified by:
getUser in interface ResourceAdapter
Overrides:
getUser in class ResourceAdapterBase
Throws:
WavesetException

getFeatures

public GenericObject getFeatures()
Adjust the list of features to remove pass through authentication. todo Go through all features and methods used in overwridden method to todo (cont) ensure the feature list is correct for ActivCard.

Specified by:
getFeatures in interface ResourceAdapter
Overrides:
getFeatures in class ResourceAdapterBase
Returns:
Trimmed list of Features.
See Also:
ResourceAdapter.Features

checkCreateAccount

public WavesetResult checkCreateAccount(WSUser user)
                                 throws WavesetException
Checks to see if an account can be created. Some of the things that might be checked are as follows:

- can basic connectivity to the resource be established? - Do the account attribute values comply with all (if any) resource specific restrictions or policies that haven't been checked at a higher level?

Currently there are 3 check methods: checkCreateAccount, checkDeleteAccount and checkUpdate account. All three of these methods could be performing similar actions, such as ensuring that the resource is available. These common actions can be moved to a common function such as doBasicCheck() which any/all check methods could call. Then the individual check methods would do additional checks to ensure that user accounts can be added, modified or deleted.

checkCreateAccount is not designed to ensure that the account creation will succeed, only that the likelyhood of success is good. checkCreateAccount does not need to check to see if the account already exists. The provisioner method will follow checkCreateAccount with a getUser call.

Specified by:
checkCreateAccount in interface ResourceAdapter
Specified by:
checkCreateAccount in class ResourceAdapterBase
Throws:
WavesetException

testConfiguration

public WavesetResult testConfiguration()
                                throws WavesetException
Test resource adapter configuration.

Specified by:
testConfiguration in interface ResourceAdapter
Overrides:
testConfiguration in class ResourceAdapterBase
Throws:
WavesetException

realCreate

protected void realCreate(WSUser user,
                          WavesetResult result)
                   throws WavesetException
Create a new user account on the resource

This method is called by createAccounts (the multiuser create method). CreateAccounts will open a connection, call realCreate for each user being created, then close the connection.

This method after calling the API to create a user also submits the request to AIMS server to issue a card to the user by using the request type 4 which stands for "Validated issuance card request".

ActivCard : Create a User Description: This function creates a new user in the user repository (LDAP) and adds all the relevant user attributes. If createRepository flag has a value Yes, then if the user does not exist in the repository then it is created and the new attributes are added. If the user already exists in the user repository then an error is returned. If createRepository flag has a value No, then if the user doesn't already exists in the user repository then an error is returned. If the user already exists in the repository then the new attributes are added. Trinity user attributes can be initialized by either passing the user template (causing all the other attributes to be set according to the template) or passing in all of the trinity attributes individually. Syntax: https://:/aims/enterprise/batch?action=CreateUser&userDN= &createRepository=&AIMSUserAttribute1=&AIMSUserAttribute2=&TrinityUser Attribute1=&TrinityUserAttribute2= Parameters: userDN Distinguished Name of the user to be created. createRepository Flag to specify whether user should be created in the repository. Possible values are: Yes and No. AIMS User Attributes AIMS-Enterprise supported user attributes. Format should be like: mail=bruno@batisse.com, cn=bbatisse, sn=Batisse etc. Trinity User Attributes Trinity supported user attributes. Format should be like: userTemplate=template1 etc. This value is optional. Return value: UserID unique ID of the user created. Pre-conditions: The user is not already active in AIMS-Enterprise (device issued or Trinity attributes). Post-conditions: User is created in the user repository. User is created in Trinity (if applicable). User attributes are initialized. Example: https://moon:8100/aims/enterprise/batch?action=CreateUser&userDN= uid%3dstummala,dc%3dactivcard,dc%3dco,dc%3din&createRepository=yes&mail=s tummala@activcard.co.in&cn=SrinivasTummala&givenName=Srinivas&sn=Tummala The response to the request is returned in an HTML page that contains the following: userid=stummala errorcode=0 message=

Overrides:
realCreate in class ResourceAdapterBase
Throws:
WavesetException

checkUpdateAccount

public WavesetResult checkUpdateAccount(WSUser user)
                                 throws WavesetException
Specified by:
checkUpdateAccount in interface ResourceAdapter
Specified by:
checkUpdateAccount in class ResourceAdapterBase
Throws:
WavesetException

realUpdate

protected void realUpdate(WSUser user,
                          WavesetResult result)
                   throws WavesetException
ActivCard: Update User Attributes Description: This function updates the list of attributes for a user given the list of attributes to modify. If an attribute is not already initialized, it will initialized. If an attribute is already initialized, it will be modified. Syntax: https://:/aims/enterprise/batch?action=UpdateUserAttribut es&userID=&userAttributeName1=&userAttributeV alue1=&userAttributeName2=&userA ttributeValue2= Parameters: userID ID of the user. userAttributeName1 Name of the first attribute to update. userAttributeValue1 Value of the first attribute to update userAttributeName2 Name of the second attribute to retrieve. userAttributeValue2 Value of the second attribute to update Return value: None. Pre-conditions: User exists in the user repository. Post-conditions: User attributes are set to their new values. Example: https://moon:8100/aims/enterprise/batch?action=UpdateUserAttributes&userI D=stummala&userAttributeName1=mail&userAttributeValue1=stummala@activcard .co.in&userAttributeName2=givenName&userAttributeValue2=Srinivas The response to the request is returned in an HTML page that contains the following: AIMS-Enterprise v3.6 - Lifecycle Management API errorcode=0 message=

Overrides:
realUpdate in class ResourceAdapterBase
Throws:
WavesetException

checkDeleteAccount

public WavesetResult checkDeleteAccount(WSUser user)
                                 throws WavesetException
Specified by:
checkDeleteAccount in interface ResourceAdapter
Specified by:
checkDeleteAccount in class ResourceAdapterBase
Throws:
WavesetException

realDelete

protected void realDelete(WSUser user,
                          WavesetResult result)
                   throws WavesetException
This calls two ActivCard APIs for terminateing the user and deleting.

ActivCard: Terminate a User Description: This function terminates in one step all the cards associated with an end user, including the cancellation of possible pending replacement request (or other requests, such as, unlock). If the user has a temporary card, the temporary card is cancelled and the permanent card is terminated. If there is a pending replacement card request, the request is cancelled first. If a card has been bound to the user, the binding is cancelled. The assigned card is terminated; credentials are revoked and the card is un-assigned. Syntax: https://:/aims/enterprise/batch?action=TerminateUser&userID= Parameters: userID ID of the user to terminate. Return value: None Pre-conditions: User exists and has a valid card. One card is assigned to the user. Post-conditions: All credentials attached to the cards are revoked. Cards are no longer bound to the user. Status-reason for all the cards belonging to the user is ISSUED-UNASSIGNED. Example: https://moon:8100/aims/enterprise/batch?action=TerminateUser&userID=JSmith The response to the request is returned in an HTML page that contains the following: status=0; errorcode=0; message= devices terminated for user uid=JSmith;

ActivCard: Delete a User Description: This function deletes the user from the user repository (if the deleteRepository flag is set). All AIMS-Enterprise and Trinity user attributes will be deleted. Also performs deletion of all RSO credentials. If deleteRepository flag is set to Yes, then the user is deleted from the user repository and all AIMS-Enterprise, Trinity attributes and RSO credentials will be deleted. If deleteRepository flag is set to No, then user will not be deleted from the user repository but all AIMS-Enterprise, Trinity user attributes and all RSO credentials will be deleted. Syntax: https://:/aims/enterprise/batch?action=DeleteUser&userID= &deleteRepository= Parameters: userID ID of the user to be deleted from the repository. deleteRepository Flag to specify whether the user should be deleted from the repository. Possible values are: Yes and No. Return value: None. Pre-conditions: User exists in the user repository. Post-conditions: User is deleted from the user repository (if the deleteRepository flag is set). All AIMS-Enterprise and Trinity user attributes are deleted. All RSO Credentials are deleted. Example: https://moon:8100/aims/enterprise/batch?action=DeleteUser&userid=stummala &deleteRepository=Yes AIMS-Enterprise v3.6 - Lifecycle Management API The response to the request is returned in an HTML page that contains the following: errorcode=0 message=

Overrides:
realDelete in class ResourceAdapterBase
Throws:
WavesetException

realEnable

protected void realEnable(WSUser user,
                          WavesetResult result)
                   throws WavesetException
ActivCard: Resume a Device Description: This function resumes the users suspended device. This will activate all the credentials stored on the device. The input parameter can be either the user ID or the device ID and type. Syntax: https://:/aims/enterprise/batch?action=ResumeDevice&UserID= Parameters: userID ID of the user to whom the device belongs to. DeviceID Card Serial Number DeviceType Card Type (only OP_2.0 is supported in the current version) Return value: None. Pre-conditions: User exists and has a valid card. The card is assigned to the user. The card is suspended. Post-conditions: All the credentials attached to the card are activated. Card Status-Reason is ISSUED-ASSIGNED. The response to the request is returned in an HTML page that contains the following: AIMS-Enterprise v3.6 - Lifecycle Management API status=0 errorcode=0 message=device resumed for user stummala.

Overrides:
realEnable in class ResourceAdapterBase
Throws:
WavesetException

realDisable

protected void realDisable(WSUser user,
                           WavesetResult result)
                    throws WavesetException
ActivCard: Suspend a Device Description: This function suspends the users active device. This will suspend all the credentials stored on the device. The input parameter can be either the user ID or the device ID and type. Syntax: https://:/aims/enterprise/batch?action=SuspendDevice&UserID= Parameters: userID ID of the user to whom the device belongs to. Return value: None. Pre-conditions: User exists and has a valid card. The card is assigned to the user. The card is not suspended. Post-conditions: All the credentials attached to the card are suspended. Card Status-Reason is INVALID-ON_HOLD. The response to the request is returned in an HTML page that contains the following: AIMS-Enterprise v3.6 - Lifecycle Management API status=0 errorcode=0 message=device suspended for user stummala.

Overrides:
realDisable in class ResourceAdapterBase
Throws:
WavesetException

listAllObjects

public java.util.ArrayList listAllObjects(java.lang.String objectType,
                                          java.util.Map options,
                                          java.lang.String runAsUser,
                                          EncryptedData runAsPassword)
                                   throws WavesetException
Used by the base implementation of getAccountIterator in ResourceAdapterBase.

Specified by:
listAllObjects in interface ResourceAdapter
Overrides:
listAllObjects in class ResourceAdapterBase
Parameters:
objectType - - a type of object that is either well-known or is meaningful to the resource. Every resource is expected to recognize certain values. For example, listAllObjects(ObjectType.ACCOUNT, null, null, null) should return a list of all account names.
options - - a map of options
runAsUser - - (optional) if specified, connect as this user to list all objects of the specified type.
runAsPassword - - (optional) if specified, connect with this password to list all objects of the specified type.
Returns:
a list of all object names of a specified type.
Throws:
WavesetException

authenticate

public WavesetResult authenticate(java.util.HashMap hashMap)
                           throws WavesetException
Authenticates the user against the resource. Return the authenticated id if authentication succeeds.

The authenticate method is used to verify a user account and password are valid. If the user account name does not exist on the resource, the password does not match, or multiple matches exist, then throw an exception.

If the resource has multiple contexts (for example LDAP or NDS), the authenticate method should not stop when it finds the first match, instead it should continue through the entire list. If it finds more than one match, then an exception should be thrown.

Specified by:
authenticate in interface ResourceAdapter
Specified by:
authenticate in class ResourceAdapterBase
Throws:
WavesetException

startConnection

protected void startConnection()
                        throws WavesetException
Overridden since default createAccounts() implementation is used.

Overrides:
startConnection in class ResourceAdapterBase
Throws:
WavesetException

stopConnection

protected void stopConnection()
                       throws WavesetException
Overridden since default createAccounts() implementation is used.

Overrides:
stopConnection in class ResourceAdapterBase
Throws:
WavesetException