[Home] [Help]
PACKAGE BODY: APPS.FND_SSO_REGISTRATION
Source
1 PACKAGE BODY FND_SSO_REGISTRATION AS
2 /* $Header: AFSCORGB.pls 120.6.12000000.6 2007/07/06 20:57:42 rsantis ship $*/
3 -- package internal globals
4 G_MODULE_SOURCE constant varchar2(80) := 'fnd.plsql.oid.fnd_sso_registration.';
5
6 /* TDA */
7
8 type permited_operation is record (
9 enabled boolean,
10 identity_add varchar2(4000),
11 identity_update varchar2(4000),
12 identity_delete varchar2(4000),
13 subscription_add varchar2(10),
14 subscription_delete varchar2(10),
15 subscription_update varchar2(10) );
16
17 type realm_type is RECORD (
18 seq pls_integer ,
19 guid raw(16),
20 dn varchar2(4000) ,
21 loaded boolean,
22 appsToOiD permited_operation,
23 oidToApps permited_operation
24 )
25 ;
26
27 type realm_table_type is table of realm_type index by binary_integer;
28
29 realm_table realm_table_type;
30
31
32 /*
33 ** Name : getAttribute
34 ** Type : Private
35 ** Desc : returns the first value of an OiD attribute
36 ** Parameters :
37 ** ldap: ldap sesion
38 ** dn : OiD Entry
39 ** attrName: attributeName
40 ** filterExp: additional filter.
41 ** Exceptions: DBMS_LDAP exceptions
42 ** NOte that this DBMS_LDAP exception maybe risen by other reasons
43 **
44 */
45 function getAttribute(ldap in out nocopy dbms_ldap.session,dn in varchar2, attrName in varchar2, filterExp in varchar2 default 'objectclass=*')
46 return varchar2
47 is
48 result pls_integer;
49 l_attrs dbms_ldap.string_collection;
50 l_message dbms_ldap.message := NULL;
51 l_entry dbms_ldap.message := NULL;
52 l_result varchar2(4000);
53
54 BEGIN
55 l_attrs(0):= attrName;
56 result := dbms_ldap.search_s(ld => ldap
57 , base => dn
58 , scope => dbms_ldap.SCOPE_BASE
59 , filter => filterExp
60 , attrs => l_attrs
61 , attronly => 0
62 , res => l_message);
63 l_entry := dbms_ldap.first_entry(ldap, l_message);
64 if (l_entry is null ) then return null; end if;
65 l_attrs := dbms_ldap.get_values(ldap, l_entry, attrName);
66 l_result := l_attrs(0);
67 return l_result;
68 -- Bug 6129943
69 exception when dbms_ldap.general_error then
70 return null;
71 when others then
72 raise;
73 END getAttribute;
74
75
76 /*
77 ** Name : parse_ops
78 ** Type : Private
79 ** Desc : Retrive povisioning profile attributes and parse it into INTERNAL TDA.
80 ** Parameters :
81 ** ldap: ldap sesion
82 ** dn : OiD Entry
83 ** attrName: attributeName - multivalued
84 ** Exceptions: DBMS_LDAP exceptions
85 ** NOte that this DBMS_LDAP exception maybe risen by other reasons
86 **
87 */
88 function parse_ops(ldap in out nocopy dbms_ldap.session, dn in varchar2, attrname in varchar2)
89 return permited_operation
90 is
91 r permited_operation;
92 l_result pls_integer;
93 l_attrs dbms_ldap.string_collection;
94 l_entry dbms_ldap.message;
95 l_message dbms_ldap.message;
96 vals dbms_ldap.string_collection;
97 i pls_integer;
98 i1 pls_integer;
99 i2 pls_integer;
100 i3 pls_integer;
101 i4 pls_integer;
102 ent varchar2(100);
103 op varchar2(100);
104 lista varchar2(4000);
105 v2 varchar2(4000);
106 invalid_operation exception;
107 PRAGMA EXCEPTION_INIT (invalid_operation, -20002);
108
109 begin
110 r. identity_add :=null;
111 r. identity_update :=null;
112 r. identity_delete :=null;
113 r. subscription_add :=null;
114 r. subscription_delete :=null;
115 r. subscription_update:=null;
116 r.enabled := true; -- else this method shouldn't had been called
117 l_attrs(0) := attrname;
118 l_result := dbms_ldap.search_s(ld => ldap,
119 base => dn,
120 scope => dbms_ldap.SCOPE_BASE,
121 filter => 'objectclass=*',
122 attrs => l_attrs,
123 attronly => 0,
124 res => l_message);
125 l_entry := dbms_ldap.first_entry(ldap,l_message);
126 vals := dbms_ldap.get_values(ldap,l_entry,attrname);
127 for i in vals.first..vals.last loop
128 v2:=vals(i);
129 i1 := instr(vals(i),':',1);
130 i2 := instr(vals(i),':',i1+1);
131 ent := substr(vals(i),1,i1-1);
132 v2 := substr(vals(i),i2+1);
133 i3 := instr(v2,'(',1);
134 if (i3=0) then
135 op := v2;
136 lista := '*';
137 else
138 op := substr(v2,1,i3-1);
139 i4 := instr(v2,')',i3);
140 lista := ','||replace(substr(v2,i3+1,i4-i3-1),' ','')||',';
141 if (lista=',*,') then lista:='*'; end if;
142 end if;
143 if (ent='IDENTITY') THEN
144 if (op='ADD') THEN r.identity_add:=lista;
145 elsif(op='MODIFY') then r.identity_update:=lista;
146 elsif (op='DELETE') then r.identity_delete:=lista;
147 else raise invalid_operation;
148 end if;
149 ELSIF (ent='SUBSCRIPTION') THEN
150 if (op='ADD') THEN r.subscription_add:=lista;
151 elsif(op='MODIFY') THEN r.subscription_update:=lista;
152 elsif (op='DELETE') THEN r.subscription_delete:=lista;
153 else raise invalid_operation;
154 end if;
155 else
156 raise invalid_operation;
157 END IF;
158 end loop;
159 return r;
160 end parse_ops;
161
162
163 /*
164 ** Name : load_realm
165 ** Type : Private
166 ** Desc : Load a realm pemited operations into cache
167 ** Parameters :
168 ** r : realm. The filed r.dn is used to start
169 ** dn : OiD Entry
170 ** attrName: attributeName - multivalued
171 ** Exceptions: DBMS_LDAP exceptions,
172 ** NO_DATA_FOUND : if the dn is not at realm.
173 **
174 */
175
176 procedure load_realm( r in out nocopy realm_type)
177
178 is
179 flag pls_integer;
180 ldap dbms_ldap.session;
181 appdn varchar2(4000);
182 appguid raw(16);
183 provProfileDn varchar2(4000);
184 guid raw(16);
185 provStatus varchar2(1000);
186 l_result pls_integer;
187 begin
188 ldap := fnd_ldap_util.c_get_oid_session(flag);
189 r.guid := fnd_ldap_util.get_guid_for_dn(ldap,r.dn);
190 if (r.guid is null) then raise no_data_found; end if;
191 appdn := fnd_ldap_util.get_orclappname;
192 appguid :=fnd_ldap_util.get_guid_for_dn(ldap,appdn);
193 provProfileDn := 'orclODIPProfileName='|| r.guid||'_'||appguid||',cn=Provisioning Profiles, cn=Changelog Subscriber, cn=Oracle Internet Directory';
194 -- does the provisioning profile exists
195 provStatus := getAttribute(ldap,provProfileDn,'orclStatus','objectclass=orclODIPProvisioningIntegrationProfileV2');
196 if (provStatus is null or provStatus<>'ENABLED')
197 then
198 r.appsToOiD.enabled := false;
199 r.oidToApps.enabled := false;
200 else
201 -- OID->Apps
202 provStatus := getAttribute(ldap,'cn=OIDToApplication,'||provProfileDn,'orclStatus');
203 if (provStatus is null or provStatus<>'ENABLED')
204 then
205 r.oidToApps.enabled := false;
206 else
207 r.oidToApps := parse_ops(ldap, 'cn=OIDToApplication,'||provProfileDn, 'orclodipprovisioningeventsubscription');
208 end if;
209 -- Apps->OiD
210 provStatus := getAttribute(ldap,'cn=ApplicationToOID,'||provProfileDn,'orclStatus');
211 if (provStatus is null or provStatus<>'ENABLED')
212 then
213 r.appsToOiD.enabled := false;
214 else
215 r.appsToOiD := parse_ops(ldap, 'cn=ApplicationToOID,'||provProfileDn, 'orclodipprovisioningeventpermittedoperations');
216 end if;
217 end if;
218 fnd_ldap_util.c_unbind(ldap,flag);
219 r.loaded := true;
220 end load_realm;
221
222 /*
223 ** Name : load_realm
224 ** Type : Private
225 ** Desc : Given a DN , try to load realm definitions, if it succeed then add is to the cache.
226 ** Parameters :
227 ** r : realm. The filed r.dn is used to start
228 ** dn : OiD Entry
229 ** attrName: attributeName - multivalued
230 ** Exceptions: DBMS_LDAP exceptions,
231 ** NO_DATA_FOUND : if the dn is not at realm.
232 **
233 */
234
235 function add_realm(dn in varchar2) return pls_integer
236 is
237 i pls_integer ;
238 r realm_type;
239 begin
240 i:= realm_table.count;
241 r.dn := dn;
242 r.seq := i;
243 r.guid :=null;
244 load_realm(r);
245 if (r.loaded) then
246 realm_table(i):=r;
247 end if;
248 return i;
249 end add_realm;
250
251
252
253 /*
254 ** Name : find_realm
255 ** Type : Private
256 ** Desc : Given a DN , returns its index in the cache realm_table.
257 ** If is not in the cache, will call add_realm.
258 ** Parameters :
259 ** dn : OiD Entry
260 ** Exceptions: DBMS_LDAP exceptions,
261 ** NO_DATA_FOUND : if the dn is not at realm.
262 **
263 */
264
265 function find_realm(dn in varchar2) return pls_integer
266 is
267 i pls_integer ;
268 begin
269 if (realm_table.count>0) then
270 for i in realm_table.first .. realm_table.last loop
271 if (realm_table(i).dn = dn) then
272 return i;
273 end if;
274 end loop;
275 end if;
276 return add_realm(dn);
277
278 end find_realm;
279
280
281
282 --
283 ---------------------------------------------
284
285 /*
286 ** Name : requestedRealm
287 ** Type : Private
288 ** Desc : a user_name anda realm_dn (maybe both null) returns the realm to use
289 ** requestedRealm
290 */
291 function requestedRealm(p_user_name in varchar2, p_realm_dn in varchar2) return varchar2
292 is
293 begin
294 if (p_user_name is not null)
295 then
296 return fnd_oid_plug.getRealmDN(p_user_name);
297 elsif (p_realm_dn is not null)
298 then
299 return p_realm_dn;
300 else
301 return fnd_oid_plug.get_default_realm;
302 end if;
303 end requestedRealm;
304 --
305 ----------------------------------------------------
306
307
308 /*
309 ** Name : check_operation
310 ** Type : Private
311 ** Desc : Old usage of is_operation_allowed, when no direction or entity is given.
312 */
313
314 function check_operation( allowed_op in out nocopy permited_operation, op in pls_integer )
315 return pls_integer
316 is
317 res boolean;
318 l_module_source varchar2(4000):= G_MODULE_SOURCE||'check_operation';
319 BEGIN
320
321 res := false;
322 if allowed_op.enabled then
323 case op
324 WHEN fnd_ldap_wrapper.G_CREATE THEN res:= (allowed_op.identity_add is not null ) and (allowed_op.subscription_add is not null) ;
325 WHEN fnd_ldap_wrapper.G_UPDATE THEN res:= (allowed_op.identity_update is not null ) and (allowed_op.subscription_update is not null) ;
326 WHEN fnd_ldap_wrapper.G_MODIFY THEN res:= (allowed_op.identity_update is not null ) and (allowed_op.subscription_update is not null) ;
327 WHEN fnd_ldap_wrapper.G_DELETE THEN res:= (allowed_op.identity_delete is not null ) and (allowed_op.subscription_delete is not null) ;
328 ELSE
329
330
331 if (fnd_log.LEVEL_UNEXPECTED >= fnd_log.G_CURRENT_RUNTIME_LEVEL)
332 then
333 fnd_log.string(fnd_log.LEVEL_UNEXPECTED, l_module_source, 'Invalid operation: op='||op);
334 if (fnd_log.LEVEL_STATEMENT >= fnd_log.G_CURRENT_RUNTIME_LEVEL) THEN
335 fnd_log.string(fnd_log.LEVEL_STATEMENT, l_module_source, 'Valid opertaion fnd_ldap_wrapper.G_CREATE ='||fnd_ldap_wrapper.G_CREATE );
336 fnd_log.string(fnd_log.LEVEL_STATEMENT, l_module_source, 'Valid opertaion fnd_ldap_wrapper.G_UPDATE ='||fnd_ldap_wrapper.G_UPDATE );
337 fnd_log.string(fnd_log.LEVEL_STATEMENT, l_module_source, 'Valid opertaion fnd_ldap_wrapper.G_MODIFY ='||fnd_ldap_wrapper.G_MODIFY );
338 fnd_log.string(fnd_log.LEVEL_STATEMENT, l_module_source, 'Valid opertaion fnd_ldap_wrapper.G_DELETE ='||fnd_ldap_wrapper.G_DELETE );
339
340 end if;
341 end if;
342
343 raise case_not_found;
344 END CASE;
345
346 END if;
347
348 if res then return fnd_ldap_util.G_SUCCESS;
349 else return fnd_ldap_util.G_FAILURE;
350 end if;
351
352 END check_operation;
353 --
354 -------------------------------------------------------------------------------
355 function is_in_list( atr in varchar2, at_list in varchar2)
356 return pls_integer
357 is
358 i pls_integer;
359 j pls_integer;
360 s varchar2(2000);
361 begin
362 if at_list is null then return fnd_ldap_util.G_FAILURE;end if;
363 if at_list='*' then return fnd_ldap_util.G_SUCCESS;end if;
364 i:= 1;
365 j:= instr(atr,',');
366 if (j=0) then
367 if instr(at_list,atr)>0 then return fnd_ldap_util.G_SUCCESS;
368 else return fnd_ldap_util.G_FAILURE;
369 end if;
370 else
371 s := substr(atr,i,j-i);
372 loop
373 if (instr(at_list,','||s||',')=0) then return fnd_ldap_util.G_FAILURE;
374 end if;
375 exit when j =0;
376 i:=j+1;
377 j:=instr(atr,',',i);
378 if (j=0) then s:= substr(atr,i);
379 else s := substr(atr,i,j-i);
380 end if;
381 end loop;
382 end if;
383 return fnd_ldap_util.G_SUCCESS;
384 END is_in_list;
385 --
386 -------------------------------------------------------------------------------
387 procedure is_operation_allowed(p_operation in pls_integer,
388 x_fnd_user out nocopy pls_integer,
389 x_oid out nocopy pls_integer,
390 p_user_name in varchar2 default null,
391 p_realm_dn in varchar2 default null
392 ) is
393 l_module_source varchar2(256);
394 l_realm_dn varchar2(4000);
395 l_index pls_integer;
396 begin
397 l_module_source := G_MODULE_SOURCE || 'is_operation_allowed: ';
398 if (fnd_log.LEVEL_PROCEDURE >= fnd_log.G_CURRENT_RUNTIME_LEVEL)
399 then
400 fnd_log.string(fnd_log.LEVEL_PROCEDURE, l_module_source, 'Begin');
401 end if;
402
403 l_realm_dn := requestedRealm(p_user_name,p_realm_dn);
404 if (fnd_log.LEVEL_STATEMENT >= fnd_log.G_CURRENT_RUNTIME_LEVEL)
405 then
406 fnd_log.string(fnd_log.LEVEL_STATEMENT, l_module_source, 'realm:'||l_realm_dn);
407 end if;
408
409 l_index := find_realm(l_realm_dn);
410
411 x_fnd_user := check_operation(realm_table(l_index).appsToOiD,p_operation);
412 x_oid := check_operation(realm_table(l_index).oidToApps,p_operation);
413
414
415 if (fnd_log.LEVEL_STATEMENT >= fnd_log.G_CURRENT_RUNTIME_LEVEL)
416 then
417 fnd_log.string(fnd_log.LEVEL_STATEMENT, l_module_source,
418 'out values x_fnd_user: '||x_fnd_user||' x_oid: '||x_oid);
419 end if;
420
421 if (fnd_log.LEVEL_PROCEDURE >= fnd_log.G_CURRENT_RUNTIME_LEVEL)
422 then
423 fnd_log.string(fnd_log.LEVEL_PROCEDURE, l_module_source, 'End');
424 end if;
425
426 exception
427 when others
428 then
429 if (fnd_log.LEVEL_ERROR >= fnd_log.G_CURRENT_RUNTIME_LEVEL)
430 then
431 fnd_log.string(fnd_log.LEVEL_ERROR, l_module_source, sqlerrm);
432 end if;
433 raise;
434 end is_operation_allowed;
435
436 procedure is_operation_allowed(p_direction in pls_integer default FND_LDAP_WRAPPER.G_EBIZ_TO_OID,
437 p_entity in pls_integer,
438 p_operation in pls_integer,
439 p_attribute in out nocopy varchar2,
440 x_fnd_user out nocopy pls_integer,
441 x_oid out nocopy pls_integer ,
442 p_user_name in varchar2 default null,
443 p_realm_dn in varchar2 default null) is
444 l_module_source varchar2(256);
445 l_attr_present boolean := FALSE;
446 l_list varchar2(4000);
447 l_realm_dn varchar2(4000);
448 l_index pls_integer;
449 l_allowed permited_operation;
450 begin
451 x_fnd_user :=fnd_ldap_util.G_SUCCESS;
452 x_oid := fnd_ldap_util.G_FAILURE;
453 l_module_source := G_MODULE_SOURCE || 'is_operation_allowed: ';
454 if (fnd_log.LEVEL_PROCEDURE >= fnd_log.G_CURRENT_RUNTIME_LEVEL)
455 then
456 fnd_log.string(fnd_log.LEVEL_PROCEDURE, l_module_source, 'Begin');
457 end if;
458
459 l_realm_dn := requestedRealm(p_user_name,p_realm_dn);
460 if (fnd_log.LEVEL_STATEMENT >= fnd_log.G_CURRENT_RUNTIME_LEVEL)
461 then
462 fnd_log.string(fnd_log.LEVEL_STATEMENT, l_module_source, 'realm:'||l_realm_dn);
463 end if;
464
465 l_index := find_realm(l_realm_dn);
466 CASE p_direction
467 WHEN fnd_ldap_wrapper.G_EBIZ_TO_OID then l_allowed := realm_table(l_index).appsToOiD;
468 WHEN fnd_ldap_wrapper.G_OID_TO_EBIZ then l_allowed := realm_table(l_index).OidToApps;
469 ELSE
470 if (fnd_log.LEVEL_UNEXPECTED >= fnd_log.G_CURRENT_RUNTIME_LEVEL)
471 then
472 fnd_log.string(fnd_log.LEVEL_UNEXPECTED, l_module_source, 'Invalid direction:'||p_direction);
473 if (fnd_log.LEVEL_STATEMENT >= fnd_log.G_CURRENT_RUNTIME_LEVEL) then
474 fnd_log.string(fnd_log.LEVEL_STATEMENT, l_module_source, 'Valid direction fnd_ldap_wrapper.G_EBIZ_TO_OID ='||fnd_ldap_wrapper.G_EBIZ_TO_OID );
475 fnd_log.string(fnd_log.LEVEL_STATEMENT, l_module_source, 'Valid opertaion fnd_ldap_wrapper.G_OID_TO_EBIZ ='||fnd_ldap_wrapper.G_OID_TO_EBIZ );
476
477 end if;
478 end if;
479 raise case_not_found;
480 END CASE;
481 if (NOT l_allowed.enabled) then
482 x_oid := fnd_ldap_util.G_FAILURE;
483 else
484 if(p_entity = fnd_ldap_wrapper.G_IDENTITY) THEN
485 CASE p_operation
486 WHEN fnd_ldap_wrapper.G_ADD THEN l_list := l_allowed.identity_add;
487 WHEN fnd_ldap_wrapper.G_UPDATE THEN l_list := l_allowed.identity_update;
488 WHEN fnd_ldap_wrapper.G_MODIFY THEN l_list := l_allowed.identity_update;
489 WHEN fnd_ldap_wrapper.G_DELETE THEN l_list := l_allowed.identity_delete;
490 ELSE
491 if (fnd_log.LEVEL_UNEXPECTED >= fnd_log.G_CURRENT_RUNTIME_LEVEL)
492 then
493 fnd_log.string(fnd_log.LEVEL_UNEXPECTED, l_module_source, 'Invalid operation:'||p_operation);
494 if (fnd_log.LEVEL_STATEMENT >= fnd_log.G_CURRENT_RUNTIME_LEVEL) then
495 fnd_log.string(fnd_log.LEVEL_STATEMENT, l_module_source, 'Valid direction fnd_ldap_wrapper.G_ADD ='||fnd_ldap_wrapper.G_ADD );
496 fnd_log.string(fnd_log.LEVEL_STATEMENT, l_module_source, 'Valid direction fnd_ldap_wrapper.G_UPDATE ='||fnd_ldap_wrapper.G_UPDATE );
497 fnd_log.string(fnd_log.LEVEL_STATEMENT, l_module_source, 'Valid direction fnd_ldap_wrapper.G_MODIFY ='||fnd_ldap_wrapper.G_MODIFY );
498 fnd_log.string(fnd_log.LEVEL_STATEMENT, l_module_source, 'Valid direction fnd_ldap_wrapper.G_DELETE ='||fnd_ldap_wrapper.G_DELETE );
499 end if;
500 end if;
501
502 raise case_not_found;
503 END CASE;
504
505 ELSIF (p_entity = fnd_ldap_wrapper.G_SUBSCRIPTION) THEN
506 CASE p_operation
507 WHEN fnd_ldap_wrapper.G_ADD THEN l_list := l_allowed.subscription_add;
508 WHEN fnd_ldap_wrapper.G_UPDATE THEN l_list := l_allowed.subscription_update;
509 WHEN fnd_ldap_wrapper.G_MODIFY THEN l_list := l_allowed.subscription_update;
510 WHEN fnd_ldap_wrapper.G_DELETE THEN l_list := l_allowed.subscription_delete;
511 ELSE
512 if (fnd_log.LEVEL_UNEXPECTED >= fnd_log.G_CURRENT_RUNTIME_LEVEL)
513 then
514 fnd_log.string(fnd_log.LEVEL_UNEXPECTED, l_module_source, 'Invalid operation:'||p_operation);
515 if (fnd_log.LEVEL_STATEMENT >= fnd_log.G_CURRENT_RUNTIME_LEVEL) then
516 fnd_log.string(fnd_log.LEVEL_STATEMENT, l_module_source, 'Valid direction fnd_ldap_wrapper.G_ADD ='||fnd_ldap_wrapper.G_ADD );
517 fnd_log.string(fnd_log.LEVEL_STATEMENT, l_module_source, 'Valid direction fnd_ldap_wrapper.G_UPDATE ='||fnd_ldap_wrapper.G_UPDATE );
518 fnd_log.string(fnd_log.LEVEL_STATEMENT, l_module_source, 'Valid direction fnd_ldap_wrapper.G_MODIFY ='||fnd_ldap_wrapper.G_MODIFY );
519 fnd_log.string(fnd_log.LEVEL_STATEMENT, l_module_source, 'Valid direction fnd_ldap_wrapper.G_DELETE ='||fnd_ldap_wrapper.G_DELETE );
520 end if;
521 end if;
522
523 raise case_not_found;
524 END CASE;
525
526 ELSE
527 raise case_not_found;
528 END IF;
529 x_oid := is_in_list(p_attribute, l_list);
530 end if;
531
532
533
534 if (fnd_log.LEVEL_STATEMENT >= fnd_log.G_CURRENT_RUNTIME_LEVEL)
535 then
536 fnd_log.string(fnd_log.LEVEL_STATEMENT, l_module_source,
537 'out values x_fnd_user: '||x_fnd_user||' x_oid: '||x_oid);
538 end if;
539
540
541 if (fnd_log.LEVEL_PROCEDURE >= fnd_log.G_CURRENT_RUNTIME_LEVEL)
542 then
543 fnd_log.string(fnd_log.LEVEL_PROCEDURE, l_module_source, 'End');
544 end if;
545
546
547 exception
548 when others
549 then
550 if (fnd_log.LEVEL_ERROR >= fnd_log.G_CURRENT_RUNTIME_LEVEL)
551 then
552 fnd_log.string(fnd_log.LEVEL_ERROR, l_module_source, sqlerrm);
553 end if;
554 raise;
555 end is_operation_allowed;
556
557
558 end FND_SSO_REGISTRATION;