com.unboundid.scim.ldap.AttributeMapper Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of scim-ldap Show documentation
Show all versions of scim-ldap Show documentation
The UnboundID SCIM-LDAP module builds on the UnboundID SCIM-SDK to provide
classes that map SCIM resources to LDAP entries and vice versa. It also
contains several APIs that may be used to implement custom behaviors for
the mapping configuration file to extend its capabilities above and beyond
those provided out of the box. Each extension type varies in the amount of
control the implementation has over the mapping process and the amount of
effort required for implementation.
/*
* Copyright 2011-2012 UnboundID Corp.
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License (GPLv2 only)
* or the terms of the GNU Lesser General Public License (LGPLv2.1 only)
* as published by the Free Software Foundation.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, see .
*/
package com.unboundid.scim.ldap;
import com.unboundid.ldap.sdk.Attribute;
import com.unboundid.ldap.sdk.Entry;
import com.unboundid.ldap.sdk.Filter;
import com.unboundid.ldap.sdk.controls.ServerSideSortRequestControl;
import com.unboundid.ldap.sdk.schema.Schema;
import com.unboundid.scim.schema.AttributeDescriptor;
import com.unboundid.scim.sdk.InvalidResourceException;
import com.unboundid.scim.sdk.SCIMAttribute;
import com.unboundid.scim.sdk.SCIMConstants;
import com.unboundid.scim.sdk.SCIMException;
import com.unboundid.scim.sdk.SCIMFilter;
import com.unboundid.scim.sdk.SCIMObject;
import com.unboundid.scim.sdk.ServerErrorException;
import com.unboundid.scim.sdk.SortParameters;
import java.util.ArrayList;
import java.util.Collection;
import java.util.List;
import java.util.Set;
/**
* This abstract class defines an interface that may be implemented to perform
* a mapping between a SCIM attribute and LDAP attributes. There may be several
* attribute mapper instances defined for a single SCIM attribute type, in order
* to support, for example, different mappings for work addresses and home
* addresses.
*/
public abstract class AttributeMapper
{
/**
* OID of caseExactOrderingMatch.
*/
protected static final String CASE_EXACT_OMR_OID = "2.5.13.6";
/**
* OID for caseIgnoreOrderingMatch.
*/
protected static final String CASE_IGNORE_OMR_OID = "2.5.13.3";
/**
* The SCIM attribute type that is mapped by this attribute mapper.
*/
private final AttributeDescriptor attributeDescriptor;
/**
* Create a new instance of an attribute mapper.
*
* @param attributeDescriptor The SCIM attribute type that is mapped by this
* attribute mapper.
*/
protected AttributeMapper(final AttributeDescriptor attributeDescriptor)
{
this.attributeDescriptor = attributeDescriptor;
}
/**
* Retrieve the SCIM attribute type that is mapped by this attribute mapper.
*
* @return The SCIM attribute type that is mapped by this attribute mapper.
*/
public AttributeDescriptor getAttributeDescriptor()
{
return attributeDescriptor;
}
/**
* Retrieve the set of LDAP attribute types used by this attribute mapper.
*
* @return The set of LDAP attribute types used by this attribute mapper.
*/
public abstract Set getLDAPAttributeTypes();
/**
* Map the provided SCIM filter to an LDAP filter.
*
* @param filter The SCIM filter to be mapped. The filter identifies the
* SCIM attribute that is mapped by this attribute mapper,
* or one of its sub-attributes.
*
* @return An LDAP filter or nullif the SCIM filter could not
* be mapped and will not match anything.
* @throws InvalidResourceException if the SCIM filter contains an undefined
* attribute.
*/
public abstract Filter toLDAPFilter(final SCIMFilter filter)
throws InvalidResourceException;
/**
* Maps this SCIM attribute type to an LDAP attribute type that should be
* used as a sort key when the SCIM attribute type has been specified in
* sort parameters.
*
* @return The mapped server side sort request control or {@code null} if
* the SCIM attribute type cannot be mapped.
* @param sortParameters The SCIM sort parameters to be mapped.
* @throws InvalidResourceException if the SCIM attribute cannot be used in
* sort parameters.
*/
public abstract ServerSideSortRequestControl toLDAPSortControl(
SortParameters sortParameters) throws InvalidResourceException;
/**
* Map the SCIM attribute in the provided SCIM object to LDAP attributes.
*
* @param scimObject The SCIM object containing the attribute to be mapped.
* @param attributes A collection of LDAP attributes to hold any attributes
* created by this mapping.
* @throws InvalidResourceException if the mapping violates the schema.
*/
public abstract void toLDAPAttributes(
final SCIMObject scimObject,
final Collection attributes) throws InvalidResourceException;
/**
* Map the LDAP attributes in the provided LDAP entry to a SCIM attribute.
*
* @param entry The LDAP entry whose attributes are to be mapped.
*
* @return A SCIM attribute, or {@code null} if no attribute was created.
* @throws InvalidResourceException if the mapping violates the schema.
*/
public abstract SCIMAttribute toSCIMAttribute(final Entry entry)
throws InvalidResourceException;
/**
* Create an attribute mapper from an attribute definition.
*
* @param attributeDefinition The attribute definition.
* @param attributeDescriptor The attribute descriptor.
* @param ldapSchema An LDAP schema to validate the LDAP attribute mappings
* against. This parameter may be {@code null} if LDAP
* schema validation is not required.
*
* @return An attribute mapper, or {@code null} if the attribute definition
* contains no mappings.
*
* @throws SCIMException If the attribute definition is not valid.
*/
public static AttributeMapper create(
final AttributeDefinition attributeDefinition,
final AttributeDescriptor attributeDescriptor,
final Schema ldapSchema) throws SCIMException
{
if (attributeDefinition.getSimple() != null)
{
final SimpleAttributeDefinition simpleDefinition =
attributeDefinition.getSimple();
if (simpleDefinition.getMapping() == null)
{
return null;
}
if (ldapSchema != null)
{
final String ldapAttribute =
simpleDefinition.getMapping().getLdapAttribute();
if (ldapSchema.getAttributeType(ldapAttribute) == null)
{
throw new ServerErrorException(
"The LDAP attribute '" + ldapAttribute + "' referenced by " +
"SCIM attribute '" + attributeDefinition.getName() +
"' is not defined in the LDAP schema");
}
}
final AttributeTransformation t =
AttributeTransformation.create(simpleDefinition.getMapping());
if(attributeDescriptor.getSchema().equalsIgnoreCase(
SCIMConstants.SCHEMA_URI_CORE) &&
attributeDescriptor.getName().equalsIgnoreCase("password"))
{
return new PasswordAttributeMapper(attributeDescriptor, t);
}
else
{
return new SimpleAttributeMapper(attributeDescriptor, t);
}
}
else if (attributeDefinition.getComplex() != null)
{
final ComplexAttributeDefinition complexDefinition =
attributeDefinition.getComplex();
final List transformations =
new ArrayList();
for (final SubAttributeDefinition subAttributeDefinition :
complexDefinition.getSubAttribute())
{
if (subAttributeDefinition.getMapping() != null)
{
if (ldapSchema != null)
{
final String ldapAttribute =
subAttributeDefinition.getMapping().getLdapAttribute();
if (ldapSchema.getAttributeType(ldapAttribute) == null)
{
throw new ServerErrorException(
"The LDAP attribute '" + ldapAttribute +
"' referenced by SCIM attribute '" +
attributeDefinition.getName() + '.' +
subAttributeDefinition.getName() +
"' is not defined in the LDAP schema");
}
}
transformations.add(
SubAttributeTransformation.create(subAttributeDefinition));
}
}
if (transformations.isEmpty())
{
return null;
}
return new ComplexSingularAttributeMapper(attributeDescriptor,
transformations);
}
else if (attributeDefinition.getSimpleMultiValued() != null)
{
final SimpleMultiValuedAttributeDefinition simpleMultiValuedDefinition =
attributeDefinition.getSimpleMultiValued();
final List canonicalValueMappers =
new ArrayList();
for (final CanonicalValue canonicalValue :
simpleMultiValuedDefinition.getCanonicalValue())
{
if (ldapSchema != null)
{
for (final SubAttributeMapping m : canonicalValue.getSubMapping())
{
final String ldapAttribute = m.getLdapAttribute();
if (ldapSchema.getAttributeType(ldapAttribute) == null)
{
throw new ServerErrorException(
"The LDAP attribute '" + ldapAttribute +
"' referenced by SCIM attribute '" +
attributeDefinition.getName() + '.' + m.getName() +
"' is not defined in the LDAP schema");
}
}
}
final CanonicalValueMapper m =
CanonicalValueMapper.create(canonicalValue);
if (m != null)
{
canonicalValueMappers.add(m);
}
}
if (simpleMultiValuedDefinition.getMapping() != null)
{
if (ldapSchema != null)
{
final String ldapAttribute =
simpleMultiValuedDefinition.getMapping().getLdapAttribute();
if (ldapSchema.getAttributeType(ldapAttribute) == null)
{
throw new ServerErrorException(
"The LDAP attribute '" + ldapAttribute + "' referenced by " +
"SCIM attribute '" + attributeDefinition.getName() +
"' is not defined in the LDAP schema");
}
}
canonicalValueMappers.add(CanonicalValueMapper.create(
simpleMultiValuedDefinition.getMapping()));
}
if (canonicalValueMappers.isEmpty())
{
return null;
}
return new MultiValuedAttributeMapper(attributeDescriptor,
canonicalValueMappers);
}
else if (attributeDefinition.getComplexMultiValued() != null)
{
final ComplexMultiValuedAttributeDefinition complexMultiValuedDefinition =
attributeDefinition.getComplexMultiValued();
final List canonicalValueMappers =
new ArrayList();
for (final CanonicalValue canonicalValue :
complexMultiValuedDefinition.getCanonicalValue())
{
if (ldapSchema != null)
{
for (final SubAttributeMapping m : canonicalValue.getSubMapping())
{
final String ldapAttribute = m.getLdapAttribute();
if (ldapSchema.getAttributeType(ldapAttribute) == null)
{
throw new ServerErrorException(
"The LDAP attribute '" + ldapAttribute +
"' referenced by SCIM attribute '" +
attributeDefinition.getName() + '.' + m.getName() +
"' is not defined in the LDAP schema");
}
}
}
final CanonicalValueMapper m =
CanonicalValueMapper.create(canonicalValue);
if (m != null)
{
canonicalValueMappers.add(m);
}
}
if (canonicalValueMappers.isEmpty())
{
return null;
}
return new MultiValuedAttributeMapper(attributeDescriptor,
canonicalValueMappers);
}
else
{
return null;
}
}
}