View Javadoc

1   /*
2    *  Licensed to the Apache Software Foundation (ASF) under one
3    *  or more contributor license agreements.  See the NOTICE file
4    *  distributed with this work for additional information
5    *  regarding copyright ownership.  The ASF licenses this file
6    *  to you under the Apache License, Version 2.0 (the
7    *  "License"); you may not use this file except in compliance
8    *  with the License.  You may obtain a copy of the License at
9    *  
10   *    http://www.apache.org/licenses/LICENSE-2.0
11   *  
12   *  Unless required by applicable law or agreed to in writing,
13   *  software distributed under the License is distributed on an
14   *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15   *  KIND, either express or implied.  See the License for the
16   *  specific language governing permissions and limitations
17   *  under the License. 
18   *  
19   */
20  package org.apache.directory.server.core.authz.support;
21  
22  
23  import java.util.Collection;  
24  import java.util.Iterator;
25  
26  import javax.naming.NamingException;
27  
28  import org.apache.directory.server.core.entry.ServerEntry;
29  import org.apache.directory.server.core.interceptor.context.OperationContext;
30  import org.apache.directory.server.schema.registries.Registries;
31  import org.apache.directory.shared.ldap.aci.ACITuple;
32  import org.apache.directory.shared.ldap.aci.MicroOperation;
33  import org.apache.directory.shared.ldap.constants.AuthenticationLevel;
34  import org.apache.directory.shared.ldap.entry.Value;
35  import org.apache.directory.shared.ldap.name.LdapDN;
36  
37  
38  /**
39   * An {@link ACITupleFilter} that discard tuples which doesn't contain any
40   * related {@link MicroOperation}s. (18.8.3.4, X.501) 
41   *
42   * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
43   * @version $Rev: 662440 $, $Date: 2008-06-02 16:00:23 +0200 (Mo, 02 Jun 2008) $
44   *
45   */
46  public class MicroOperationFilter implements ACITupleFilter
47  {
48      public Collection<ACITuple> filter( 
49              Registries registries, 
50              Collection<ACITuple> tuples, 
51              OperationScope scope, 
52              OperationContext opContext,
53              Collection<LdapDN> userGroupNames, 
54              LdapDN userName, 
55              ServerEntry userEntry, 
56              AuthenticationLevel authenticationLevel,
57              LdapDN entryName, 
58              String attrId, 
59              Value<?> attrValue, 
60              ServerEntry entry, 
61              Collection<MicroOperation> microOperations,
62              ServerEntry entryView )
63          throws NamingException
64      {
65          if ( tuples.size() == 0 )
66          {
67              return tuples;
68          }
69  
70          for ( Iterator<ACITuple> i = tuples.iterator(); i.hasNext(); )
71          {
72              ACITuple tuple = i.next();
73  
74              /*
75               * The ACITuple must contain all the MicroOperations specified within the
76               * microOperations argument.  Just matching a single microOperation is not
77               * enough.  All must be matched to retain the ACITuple.
78               */
79  
80              boolean retain = true;
81              
82              for ( MicroOperation microOp:microOperations )
83              {
84                  if ( !tuple.getMicroOperations().contains( microOp ) )
85                  {
86                      retain = false;
87                      break;
88                  }
89              }
90  
91              if ( !retain )
92              {
93                  i.remove();
94              }
95          }
96  
97          return tuples;
98      }
99  
100 }