org.opends.server.authorization.dseecompat
Class AciList

java.lang.Object
  extended by org.opends.server.authorization.dseecompat.AciList

public class AciList
extends java.lang.Object

The AciList class performs caching of the ACI attribute values using the entry DN as the key.


Constructor Summary
AciList(DN configDN)
          Constructor to create an ACI list to cache ACI attribute types.
 
Method Summary
 void addAci(DN dn, java.util.SortedSet<Aci> acis)
          Add a set of ACIs to the ACI list.
 int addAci(Entry entry, boolean hasAci, boolean hasGlobalAci, java.util.LinkedList<Message> failedACIMsgs)
          Add all of an entry's ACI (global or regular) attribute values to the ACI list.
 int addAci(java.util.List<? extends Entry> entries, java.util.LinkedList<Message> failedACIMsgs)
          Add all the ACI from a set of entries to the ACI list.
 java.util.LinkedList<Aci> getCandidateAcis(DN baseDN)
          Using the base DN, return a list of ACIs that are candidates for evaluation by walking up from the base DN towards the root of the DIT gathering ACIs on parents.
 void modAciOldNewEntry(Entry oldEntry, Entry newEntry, boolean hasAci, boolean hasGlobalAci)
          Remove all of the ACIs related to the old entry and then add all of the ACIs related to the new entry.
 void removeAci(Backend backend)
          Remove all ACIs related to a backend.
 boolean removeAci(Entry entry, boolean hasAci, boolean hasGlobalAci)
          Remove global and regular ACIs from the list.
 void renameAci(DN oldDN, DN newDN)
          Rename all ACIs under the specified old DN to the new DN.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

AciList

public AciList(DN configDN)
Constructor to create an ACI list to cache ACI attribute types.

Parameters:
configDN - The configuration entry DN.
Method Detail

getCandidateAcis

public java.util.LinkedList<Aci> getCandidateAcis(DN baseDN)
Using the base DN, return a list of ACIs that are candidates for evaluation by walking up from the base DN towards the root of the DIT gathering ACIs on parents. Global ACIs use the NULL DN as the key and are included in the candidate set only if they have no "target" keyword rules, or if the target keyword rule matches for the specified base DN.

Parameters:
baseDN - The DN to check.
Returns:
A list of candidate ACIs that might be applicable.

addAci

public int addAci(java.util.List<? extends Entry> entries,
                  java.util.LinkedList<Message> failedACIMsgs)
Add all the ACI from a set of entries to the ACI list. There is no need to check for global ACIs since they are processe by the AciHandler at startup using the addACi single entry method.

Parameters:
entries - The set of entries containing the "aci" attribute values.
failedACIMsgs - List that will hold error messages from ACI decode exceptions.
Returns:
The number of valid ACI attribute values added to the ACI list.

addAci

public void addAci(DN dn,
                   java.util.SortedSet<Aci> acis)
Add a set of ACIs to the ACI list. This is usually used a startup, when global ACIs are processed.

Parameters:
dn - The DN to add the ACIs under.
acis - A set of ACIs to add to the ACI list.

addAci

public int addAci(Entry entry,
                  boolean hasAci,
                  boolean hasGlobalAci,
                  java.util.LinkedList<Message> failedACIMsgs)
Add all of an entry's ACI (global or regular) attribute values to the ACI list.

Parameters:
entry - The entry containing the ACI attributes.
hasAci - True if the "aci" attribute type was seen in the entry.
hasGlobalAci - True if the "ds-cfg-global-aci" attribute type was seen in the entry.
failedACIMsgs - List that will hold error messages from ACI decode exceptions.
Returns:
The number of valid ACI attribute values added to the ACI list.

modAciOldNewEntry

public void modAciOldNewEntry(Entry oldEntry,
                              Entry newEntry,
                              boolean hasAci,
                              boolean hasGlobalAci)
Remove all of the ACIs related to the old entry and then add all of the ACIs related to the new entry. This method locks/unlocks the list. In the case of global ACIs the DN of the entry is checked to make sure it is equal to the config DN. If not, the global ACI attribute type is silently skipped.

Parameters:
oldEntry - The old entry possibly containing old ACI attribute values.
newEntry - The new entry possibly containing new ACI attribute values.
hasAci - True if the "aci" attribute type was seen in the entry.
hasGlobalAci - True if the "ds-cfg-global-aci" attribute type was seen in the entry.

removeAci

public boolean removeAci(Entry entry,
                         boolean hasAci,
                         boolean hasGlobalAci)
Remove global and regular ACIs from the list. It's possible that an entry could have both attribute types (aci and ds-cfg-global-aci). Global ACIs use the NULL DN for the key. In the case of global ACIs the DN of the entry is checked to make sure it is equal to the config DN. If not, the global ACI attribute type is silently skipped.

Parameters:
entry - The entry containing the global ACIs.
hasAci - True if the "aci" attribute type was seen in the entry.
hasGlobalAci - True if the "ds-cfg-global-aci" attribute type was seen in the entry.
Returns:
True if the ACI set was deleted.

removeAci

public void removeAci(Backend backend)
Remove all ACIs related to a backend.

Parameters:
backend - The backend to check if each DN is handled by that backend.

renameAci

public void renameAci(DN oldDN,
                      DN newDN)
Rename all ACIs under the specified old DN to the new DN. A simple interation over the entire list is performed.

Parameters:
oldDN - The DN of the original entry that was moved.
newDN - The DN of the new entry.