View Javadoc

1   /*
2    *  Licensed to the Apache Software Foundation (ASF) under one
3    *  or more contributor license agreements.  See the NOTICE file
4    *  distributed with this work for additional information
5    *  regarding copyright ownership.  The ASF licenses this file
6    *  to you under the Apache License, Version 2.0 (the
7    *  "License"); you may not use this file except in compliance
8    *  with the License.  You may obtain a copy of the License at
9    *  
10   *    http://www.apache.org/licenses/LICENSE-2.0
11   *  
12   *  Unless required by applicable law or agreed to in writing,
13   *  software distributed under the License is distributed on an
14   *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15   *  KIND, either express or implied.  See the License for the
16   *  specific language governing permissions and limitations
17   *  under the License. 
18   *  
19   */
20  package org.apache.directory.server.core.authz.support;
21  
22  
23  import java.util.Collection;
24  import java.util.Iterator;
25  
26  import javax.naming.NamingException;
27  
28  import org.apache.directory.server.core.entry.ServerEntry;
29  import org.apache.directory.server.core.interceptor.context.OperationContext;
30  import org.apache.directory.server.schema.registries.Registries;
31  import org.apache.directory.shared.ldap.aci.ACITuple;
32  import org.apache.directory.shared.ldap.aci.MicroOperation;
33  import org.apache.directory.shared.ldap.aci.ProtectedItem;
34  import org.apache.directory.shared.ldap.aci.ProtectedItem.MaxValueCountItem;
35  import org.apache.directory.shared.ldap.constants.AuthenticationLevel;
36  import org.apache.directory.shared.ldap.entry.EntryAttribute;
37  import org.apache.directory.shared.ldap.entry.Value;
38  import org.apache.directory.shared.ldap.name.LdapDN;
39  
40  
41  /**
42   * An {@link ACITupleFilter} that discards all tuples that doesn't satisfy
43   * {@link org.apache.directory.shared.ldap.aci.ProtectedItem.MaxValueCount} constraint if available. (18.8.3.3, X.501)
44   *
45   * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
46   * @version $Rev: 662440 $, $Date: 2008-06-02 16:00:23 +0200 (Mo, 02 Jun 2008) $
47   */
48  public class MaxValueCountFilter implements ACITupleFilter
49  {
50      public Collection<ACITuple> filter( 
51              Registries registries, 
52              Collection<ACITuple> tuples, 
53              OperationScope scope, 
54              OperationContext opContext,
55              Collection<LdapDN> userGroupNames, 
56              LdapDN userName, 
57              ServerEntry userEntry, 
58              AuthenticationLevel authenticationLevel,
59              LdapDN entryName, 
60              String attrId, 
61              Value<?> attrValue, 
62              ServerEntry entry, 
63              Collection<MicroOperation> microOperations,
64              ServerEntry entryView )
65          throws NamingException
66      {
67          if ( scope != OperationScope.ATTRIBUTE_TYPE_AND_VALUE )
68          {
69              return tuples;
70          }
71  
72          if ( tuples.size() == 0 )
73          {
74              return tuples;
75          }
76  
77          for ( Iterator<ACITuple> i = tuples.iterator(); i.hasNext(); )
78          {
79              ACITuple tuple = i.next();
80              
81              if ( !tuple.isGrant() )
82              {
83                  continue;
84              }
85  
86              for ( Iterator<ProtectedItem> j = tuple.getProtectedItems().iterator(); j.hasNext(); )
87              {
88                  ProtectedItem item = j.next();
89                  
90                  if ( item instanceof ProtectedItem.MaxValueCount )
91                  {
92                      ProtectedItem.MaxValueCount mvc = ( ProtectedItem.MaxValueCount ) item;
93                      
94                      if ( isRemovable( mvc, attrId, entryView ) )
95                      {
96                          i.remove();
97                          break;
98                      }
99                  }
100             }
101         }
102 
103         return tuples;
104     }
105 
106 
107     private boolean isRemovable( ProtectedItem.MaxValueCount mvc, String attrId, ServerEntry entryView ) throws NamingException
108     {
109         for ( Iterator<ProtectedItem.MaxValueCountItem> k = mvc.iterator(); k.hasNext(); )
110         {
111             MaxValueCountItem mvcItem = k.next();
112             if ( attrId.equalsIgnoreCase( mvcItem.getAttributeType() ) )
113             {
114                 EntryAttribute attr = entryView.get( attrId );
115                 int attrCount = attr == null ? 0 : attr.size();
116                 
117                 if ( attrCount > mvcItem.getMaxCount() )
118                 {
119                     return true;
120                 }
121             }
122         }
123 
124         return false;
125     }
126 
127 }