View Javadoc

1   /*
2    *  Licensed to the Apache Software Foundation (ASF) under one
3    *  or more contributor license agreements.  See the NOTICE file
4    *  distributed with this work for additional information
5    *  regarding copyright ownership.  The ASF licenses this file
6    *  to you under the Apache License, Version 2.0 (the
7    *  "License"); you may not use this file except in compliance
8    *  with the License.  You may obtain a copy of the License at
9    *  
10   *    http://www.apache.org/licenses/LICENSE-2.0
11   *  
12   *  Unless required by applicable law or agreed to in writing,
13   *  software distributed under the License is distributed on an
14   *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15   *  KIND, either express or implied.  See the License for the
16   *  specific language governing permissions and limitations
17   *  under the License. 
18   *  
19   */
20  package org.apache.directory.server.core.authz.support;
21  
22  
23  import java.util.Collection;
24  import java.util.Iterator;
25  
26  import javax.naming.NamingException;
27  
28  import org.apache.directory.server.core.entry.ServerEntry;
29  import org.apache.directory.server.core.interceptor.context.OperationContext;
30  import org.apache.directory.server.schema.registries.Registries;
31  import org.apache.directory.shared.ldap.aci.ACITuple;
32  import org.apache.directory.shared.ldap.aci.MicroOperation;
33  import org.apache.directory.shared.ldap.constants.AuthenticationLevel;
34  import org.apache.directory.shared.ldap.entry.Value;
35  import org.apache.directory.shared.ldap.name.LdapDN;
36  
37  
38  /**
39   * An {@link ACITupleFilter} that discards all tuples having a precedence less
40   * than the highest remaining precedence. (18.8.4.1, X.501)
41   *
42   * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
43   * @version $Rev: 664295 $, $Date: 2008-06-07 09:48:16 +0200 (Sa, 07 Jun 2008) $
44   */
45  public class HighestPrecedenceFilter implements ACITupleFilter
46  {
47      public Collection<ACITuple> filter( 
48              Registries registries, 
49  	    Collection<ACITuple> tuples, 
50  	    OperationScope scope, 
51  	    OperationContext opContext,
52              Collection<LdapDN> userGroupNames, 
53              LdapDN userName, 
54              ServerEntry userEntry, 
55              AuthenticationLevel authenticationLevel,
56              LdapDN entryName, 
57              String attrId, 
58              Value<?> attrValue, 
59              ServerEntry entry, 
60              Collection<MicroOperation> microOperations,
61              ServerEntry entryView )
62          throws NamingException
63      {
64          if ( tuples.size() <= 1 )
65          {
66              return tuples;
67          }
68  
69          int maxPrecedence = -1;
70  
71          // Find the maximum precedence for all tuples.
72          for ( ACITuple tuple:tuples )
73          {
74              if ( tuple.getPrecedence() > maxPrecedence )
75              {
76                  maxPrecedence = tuple.getPrecedence();
77              }
78          }
79  
80          // Remove all tuples whose precedences are not the maximum one.
81          for ( Iterator<ACITuple> i = tuples.iterator(); i.hasNext(); )
82          {
83              ACITuple tuple = i.next();
84              
85              if ( tuple.getPrecedence() != maxPrecedence )
86              {
87                  i.remove();
88              }
89          }
90  
91          return tuples;
92      }
93  }