Understanding the Chain System

Customizing Oracle Virtual Directory 18-7 the plug-in is skipped. Similarly, if the addonCreate option is set to false, the plug-in is skipped. Example 18–2 Example Method Checking for ignoreOnModify Option Determines if a plugin is available for the current chain param chain param base return True or False if available for a particular chain base public boolean availableChain chain, DirectoryString base { if chain.getOperationType == Chain.ADD_OP this.addOnCreate { return false; } else if chain.getOperationType == Chain.MOD_OP this.ignoreOnModify { return false; } else { return true; } } If the available method returns as true, the operation portion of the request will be executed.

18.3.3.3 Operation Plug-In Implementation Point

The final implementation point is operation implementations. Consider the following code implementation of a bind operation in Example 18–3 : Example 18–3 Example Bind Operation Implementation Moves through the bind operations chain param chain The current chain param dn The DN for the user param password The users password param result The result of the bind public void bindChain chain, Credentials creds, DirectoryString dn, BinarySyntax password, Bool result throws DirectoryException, ChainException { Pre-event processing calls the next plug-in in the chain or comment out if a handler try { chain.nextBindcreds, dn, password, result; } catch DirectoryException e { throw e; } Post-event processing 18-8 Oracle Fusion Middleware Administrators Guide for Oracle Virtual Directory if result.booleanValue { success, reset count setPasswordCountchain, creds, dn, 0; } else { Vector searchAttributes = new Vector; searchAttributes.addthis.countAttribute; ChainVector results = new ChainVector; chain.getVSI.getchain.getRequest, creds, dn, new Int8byte 0, ParseFilter.parseobjectClass=, new Boolfalse, searchAttributes, results; if results.size 0 { EntrySet es = EntrySet results.get0; Entry entry = es.getNext; Vector values = entry.getthis.countAttribute; Syntax value = Syntax values.get0; IntegerSyntax is = new IntegerSyntaxvalue.getValue; setPasswordCountchain, creds, dn, int is.getLongValue + 1; } else { setPasswordCountchain, creds, dn, 1; } } } private void setPasswordCountChain chain, Credentials creds, DirectoryString dn, int count throws DirectoryException, ChainException { Vector values = new Vector; values.addnew IntegerSyntaxcount; EntryChange modify = new EntryChangeEntryChange.MOD_REPLACE, this.countAttribute, values; Vector changes = new Vector; changes.addmodify; chain.getVSI.modifychain.getRequest, creds, dn, changes; } The method in Example 18–3 shows an example where password failure counts are being maintained within the directory as a form of password policy. Notice that the method does not perform any pre-processing of the operation, nor does it attempt to take over the bind operation. The plug-ins bind method immediately calls the chain.nextBind method and waits for the bind to complete before moving forward with its own logic. Once the bind is complete, that is, control is returned from chain.nextBind, the plug-in checks to see if the bind was successful or not. If the bind was successful, the plug-in sets the failure count attribute to zero for the user. If the bind failed, then the current failure count is retrieved and an increased value is set. The bind method uses the Virtual Services Interface VSI to modify records for the binding user. You can use the VSI interface throughout Oracle Virtual Directory as a consistent way to access directory information regardless of whether a plug-in is deployed globally or within the context of an adapter. VSI does this by always calling into Oracle Virtual Directory by starting with the next plug-in in the chain after the current plug-in. For example, if there is a mapper before the plug-in, and a cache after the plug-in, then the call to VSI only goes through the cache. Because the plug-in is now logically in charge of maintaining the bind failure count, the plug-in modify method must be implemented so that any attempt by an LDAP