issrg.utils.repository
Class LDAPRepository

java.lang.Object
  extended by issrg.utils.repository.DefaultRepository
      extended by issrg.utils.repository.LDAPRepository
All Implemented Interfaces:
AttributeRepository

public class LDAPRepository
extends DefaultRepository

This class is the implementation of the Attribute Repository for LDAP. It can be built out of an array of DirContext. Each of these contexts constitutes a root for LDAP searches. Each DirContext is obtained by establishing an LDAP connection with the directory concerned.

The object can be used for retrieving similar information from multiple directories simultaneously. For example, it is useful when retrieving X.509 Attribute Certificates for PMI entities that possess ACs issued by different issuers (therefore, stored in different directories available to these issuers).

The object uses MultiRepository to create multiple threads, and acts as a proxy object for backwards compatibility (earlier versions of this object had a constructor with an array of DirContext). It is better to use MultiRepository for multi-root clusters of LDAP repositories to be more efficient.

Version:
0.2
Author:
A Otenko

Field Summary
 
Fields inherited from interface issrg.utils.repository.AttributeRepository
FAILURE_STATUS, INHERENT_FAILURE_STATUS, PARTIAL_SUCCESS_STATUS, SUCCESS_STATUS
 
Constructor Summary
protected LDAPRepository()
           
  LDAPRepository(javax.naming.directory.DirContext Context)
          This creates an LDAPRepository with a single root context
  LDAPRepository(javax.naming.directory.DirContext[] Contexts)
          This constructor builds the LDAPRepository with a number of roots.
 
Method Summary
static java.lang.String dnWithoutBaseDN(javax.naming.directory.DirContext root, java.lang.String dn)
          This is a utility method that strips off the base DN from the DN, if it is present there.
 javax.naming.directory.Attributes getAttributes(java.security.Principal DN, java.lang.String[] AttributeNames)
          This method gets the set of named attributes from the entry with the DN.
 java.lang.Throwable getDiagnosis()
          This method returns the Throwable, representing the error, or null, if no error has been encountered (only if the repository is in SUCCESS_STATUS).
 int getStatus()
          This method returns the status of the repository.
 
Methods inherited from class issrg.utils.repository.DefaultRepository
getAllAttributes, getAttribute
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

LDAPRepository

protected LDAPRepository()

LDAPRepository

public LDAPRepository(javax.naming.directory.DirContext[] Contexts)
This constructor builds the LDAPRepository with a number of roots.

Parameters:
Contexts - - An array of DirContexts to use as the roots of LDAP searches

LDAPRepository

public LDAPRepository(javax.naming.directory.DirContext Context)
This creates an LDAPRepository with a single root context

Parameters:
Context - - A DirContext to be used as the root of LDAP searches
Method Detail

getAttributes

public javax.naming.directory.Attributes getAttributes(java.security.Principal DN,
                                                       java.lang.String[] AttributeNames)
                                                throws RepositoryException
This method gets the set of named attributes from the entry with the DN. It searches all ldap contexts simultaneously. If the DN and named attribute exist in more than one of the named contexts, then multiple attribute values will be returned.

Note that all attribute retrieval methods call this method, and they do not update the status or diagnosis set by this method, and they propagate the exceptions thrown by this method.

After calling the method the repository will be set into one of the states: FAILURE_STATUS, SUCCESS_STATUS or PARTIAL_SUCCESS_STATUS. Failure means there were no roots that succeeded. Success means that all of the roots succeeded (the entries were found and some or no attributes were retrieved). Partial success means that some of the roots failed, but some have succeeded, which may be in case some of the roots do not contain the required entry. The caller must find out himself what the cause is, and decide if the results are sufficiently successful.

Parameters:
DN - The distinguished name of the entry from which the attributes are requested
AttributeNames - The array of LDAP names for the attributes; can be null, if all available attributes and their values are to be retrieved
Returns:
the requested attributes; the Repository status reflects the status of retrieval, the diagnosis contains exceptions the underlying objects threw, if they failed
Throws:
RepositoryException, - if all of the repositories failed, in which case the embedded exception will be the Throwable returned by getDiagnosis method; FAILURE_STATUS will also be set
RepositoryException

getStatus

public int getStatus()
This method returns the status of the repository. It is set when returning attributes.

Returns:
the integer value corresponding to the status
See Also:
getAttributes(java.security.Principal,String[])

getDiagnosis

public java.lang.Throwable getDiagnosis()
This method returns the Throwable, representing the error, or null, if no error has been encountered (only if the repository is in SUCCESS_STATUS). The Throwable contains an error message and the stack trace of the error.

Returns:
Throwable object, representing the error, or null if there was no error during the last call
See Also:
AttributeRepository.getStatus()

dnWithoutBaseDN

public static java.lang.String dnWithoutBaseDN(javax.naming.directory.DirContext root,
                                               java.lang.String dn)
                                        throws javax.naming.NamingException
This is a utility method that strips off the base DN from the DN, if it is present there. Sometimes the DN is relative to the root, sometimes it is an absolute DN and includes the DN of the root DirContext. It is important to stranslate the DN into the DN without the base DN for successful searches.

Parameters:
root - - the DirContext of the search root
dn - - a DN with or without the base DN (the DN of the search root)
Returns:
a LDAP DN relative to the base DN (the DN of the search root)
Throws:
NamingException, - if the DN is not a valid DN
javax.naming.NamingException