com.sun.jndi.ldap.ctl
Class GetEffectiveRightsControl
java.lang.Object
com.sun.jndi.ldap.BasicControl
com.sun.jndi.ldap.ctl.GetEffectiveRightsControl
- All Implemented Interfaces:
- java.io.Serializable, javax.naming.ldap.Control
public class GetEffectiveRightsControl
- extends com.sun.jndi.ldap.BasicControl
This class implements the getEffectiveRights control to obtain the
access control rights in effect for a given user. This control may be
included in a LDAP search operation. In response to this control the
server sends effective rights for the entries and the attributes returned
in the search result response.
The JNDI context methods DirContext.getAttributes
and DirContext.search
can be used to retrieve the effective rights.
The object identifier for the GetEffectiveRights control is
1.3.6.1.4.1.42.2.27.9.5.2 and the control value consists of the
authorization identity of the user for whom the effective rights are being
requested and the additional attributes for which the user effective rights
are to be known.
The control's value has the following ASN.1 definition:
GetRightsControl ::= SEQUENCE {
authzId = authzId ; as defined in RFC 2829
; NULL or empty string means get bound user's rights.
; "dn:" means get anonymous user's rights.
attributes SEQUENCE OF AttributeType
; additional attribute type for which rights
information is requested.
; NULL means just the ones returned with the
search operation.
}
The following code sample shows how the control may be used:
// create an initial context using the supplied environment properties
LdapContext ctx = new InitialLdapContext(env, null);
// Get the effective rights for authzId
String dn = "dn:" + authzId;
// create a GetEffectiveRights control to return effective
// rights for authzId on the search result entries and attributes
Control[] reqControls = new Control[] {
new GetEffectiveRightsControl(dn, null, true)
};
// activate the control
ctx.setRequestControls(reqControls);
// The effective rights are returned in the aclRights operational
// attribute.
String[] attrsToReturn = new String[] {"aclRights"};
// Get the entry level effective rights for all the
// entries in the search result
NamingEnumeration results =
ctx.search(entryName, null, attrsToReturn);
printEffectiveRights(results);
- Author:
- Vincent Ryan
- See Also:
- Serialized Form
Field Summary |
static java.lang.String |
OID
The GetEffectiveRights control's assigned object identifier
is 1.3.6.1.4.1.42.2.27.9.5.2. |
private static long |
serialVersionUID
|
Fields inherited from class com.sun.jndi.ldap.BasicControl |
criticality, id, value |
Fields inherited from interface javax.naming.ldap.Control |
CRITICAL, NONCRITICAL |
Constructor Summary |
GetEffectiveRightsControl(java.lang.String authzId,
java.lang.String[] attributes,
boolean criticality)
Constructs a control to request the rights which are in effect
for the given user. |
Method Summary |
private static byte[] |
setEncodedValue(java.lang.String authzId,
java.lang.String[] attrs)
|
Methods inherited from class com.sun.jndi.ldap.BasicControl |
getEncodedValue, getID, isCritical |
Methods inherited from class java.lang.Object |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
OID
public static final java.lang.String OID
- The GetEffectiveRights control's assigned object identifier
is 1.3.6.1.4.1.42.2.27.9.5.2.
- See Also:
- Constant Field Values
serialVersionUID
private static final long serialVersionUID
- See Also:
- Constant Field Values
GetEffectiveRightsControl
public GetEffectiveRightsControl(java.lang.String authzId,
java.lang.String[] attributes,
boolean criticality)
throws java.io.IOException
- Constructs a control to request the rights which are in effect
for the given user.
- Parameters:
authzId
- The authorization identity.attributes
- Additional attributes for which rights information
is requested.criticality
- The control's criticality setting.
- Throws:
java.io.IOException
- If a BER encoding error occurs.
setEncodedValue
private static byte[] setEncodedValue(java.lang.String authzId,
java.lang.String[] attrs)
throws java.io.IOException
- Throws:
java.io.IOException