|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Objectorg.opends.server.api.AccessControlHandler<DseeCompatAccessControlHandlerCfg>
org.opends.server.authorization.dseecompat.AciHandler
public class AciHandler
The AciHandler class performs the main processing for the dseecompat package.
Field Summary | |
---|---|
static java.lang.String |
ALL_ATTRS_RESOURCE_ENTRY
String used to save a resource entry containing all the attributes in the SearchOperation attachment list. |
static java.lang.String |
ALL_OP_ATTRS_MATCHED
String used to indicate that the evaluating ACI had a all operational attributes targetattr match (targetattr="+"). |
static java.lang.String |
ALL_USER_ATTRS_MATCHED
String used to indicate that the evaluating ACI had a all user attributes targetattr match (targetattr="*"). |
static java.lang.String |
ORIG_AUTH_ENTRY
String used to save the original authorization entry in an operation attachment if a proxied authorization control was seen. |
Constructor Summary | |
---|---|
AciHandler()
Creates a new DSEE-compatible access control handler. |
Method Summary | |
---|---|
SearchResultEntry |
filterEntry(SearchOperation operation,
SearchResultEntry entry)
Checks access on each attribute in an entry. |
void |
finalizeAccessControlHandler()
Performs any necessary finalization for the access control handler implementation. |
void |
initializeAccessControlHandler(DseeCompatAccessControlHandlerCfg configuration)
Initializes the access control handler implementation based on the information in the provided configuration entry. |
boolean |
isAllowed(DN entryDN,
Operation op,
Control control)
Indicates whether the provided control is allowed based on the access control configuration and the specified operation. |
boolean |
isAllowed(ExtendedOperation operation)
Indicates whether the provided extended operation is allowed based on the access control configuration. |
boolean |
isAllowed(LocalBackendAddOperation operation)
Check access on add operations. |
boolean |
isAllowed(LocalBackendBindOperation bindOperation)
Indicates whether the provided bind operation is allowed based on the access control configuration. |
boolean |
isAllowed(LocalBackendCompareOperation operation)
Check access on compare operations. |
boolean |
isAllowed(LocalBackendDeleteOperation operation)
Check access on delete operations. |
boolean |
isAllowed(LocalBackendModifyDNOperation operation)
Checks access on a modifyDN operation. |
boolean |
isAllowed(LocalBackendModifyOperation operation)
Check access on modify operations. |
boolean |
isAllowed(LocalBackendSearchOperation searchOperation)
Indicates whether the provided search operation is allowed based on the access control configuration. |
boolean |
maySend(DN dn,
SearchOperation operation,
SearchResultReference reference)
Indicates whether the provided search result reference may be sent to the client based on the access control configuration. |
boolean |
maySend(SearchOperation operation,
SearchResultEntry entry)
Checks access on a search operation. |
Methods inherited from class org.opends.server.api.AccessControlHandler |
---|
isConfigurationAcceptable |
Methods inherited from class java.lang.Object |
---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Field Detail |
---|
public static final java.lang.String ORIG_AUTH_ENTRY
public static final java.lang.String ALL_ATTRS_RESOURCE_ENTRY
public static final java.lang.String ALL_USER_ATTRS_MATCHED
public static final java.lang.String ALL_OP_ATTRS_MATCHED
Constructor Detail |
---|
public AciHandler()
Method Detail |
---|
public void initializeAccessControlHandler(DseeCompatAccessControlHandlerCfg configuration) throws ConfigException, InitializationException
initializeAccessControlHandler
in class AccessControlHandler<DseeCompatAccessControlHandlerCfg>
configuration
- The configuration object that contains the
information to use to initialize this
access control handler.
ConfigException
- If an unrecoverable problem arises in
the process of performing the
initialization.
InitializationException
- If a problem occurs during
initialization that is not
related to the server
configuration.public void finalizeAccessControlHandler()
finalizeAccessControlHandler
in class AccessControlHandler<DseeCompatAccessControlHandlerCfg>
public boolean isAllowed(LocalBackendAddOperation operation)
isAllowed
in class AccessControlHandler<DseeCompatAccessControlHandlerCfg>
operation
- The add operation to check access on.
public boolean isAllowed(LocalBackendCompareOperation operation)
isAllowed
in class AccessControlHandler<DseeCompatAccessControlHandlerCfg>
operation
- The compare operation to check access on.
public boolean isAllowed(LocalBackendDeleteOperation operation)
isAllowed
in class AccessControlHandler<DseeCompatAccessControlHandlerCfg>
operation
- The delete operation to check access on.
public boolean isAllowed(LocalBackendModifyOperation operation)
isAllowed
in class AccessControlHandler<DseeCompatAccessControlHandlerCfg>
operation
- The modify operation to check access on.
public boolean maySend(SearchOperation operation, SearchResultEntry entry)
maySend
in class AccessControlHandler<DseeCompatAccessControlHandlerCfg>
operation
- The search operation class containing information to
check the access on.entry
- The entry to evaluate access.
public SearchResultEntry filterEntry(SearchOperation operation, SearchResultEntry entry)
filterEntry
in class AccessControlHandler<DseeCompatAccessControlHandlerCfg>
operation
- The search operation class containing information to
check access on.entry
- The entry containing the attributes.
public boolean isAllowed(LocalBackendModifyDNOperation operation)
isAllowed
in class AccessControlHandler<DseeCompatAccessControlHandlerCfg>
operation
- The modifyDN operation to check access on.
public boolean isAllowed(DN entryDN, Operation op, Control control)
isAllowed
in class AccessControlHandler<DseeCompatAccessControlHandlerCfg>
entryDN
- A DN that can be used in the access determination.op
- The operation to use in the
determination.control
- The control for which to make the determination.
true
if the control should be allowed by the
access control configuration, or false
if not.public boolean isAllowed(ExtendedOperation operation)
isAllowed
in class AccessControlHandler<DseeCompatAccessControlHandlerCfg>
operation
- The operation for which to make the
determination.
true
if the operation should be allowed by the
access control configuration, or false
if not.public boolean maySend(DN dn, SearchOperation operation, SearchResultReference reference)
maySend
in class AccessControlHandler<DseeCompatAccessControlHandlerCfg>
dn
- A DN that can be used in the access
determination.operation
- The search operation with which the
provided reference is associated.reference
- The search result reference for which to
make the determination.
true
if the access control configuration allows
the reference to be returned to the client, or
false
if not.public boolean isAllowed(LocalBackendBindOperation bindOperation)
isAllowed
in class AccessControlHandler<DseeCompatAccessControlHandlerCfg>
bindOperation
- The operation for which to make the
determination.
true
if the operation should be allowed by the
access control configuration, or false
if not.public boolean isAllowed(LocalBackendSearchOperation searchOperation)
isAllowed
in class AccessControlHandler<DseeCompatAccessControlHandlerCfg>
searchOperation
- The operation for which to make the
determination.
true
if the operation should be allowed by the
access control configuration, or false
if not.
|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |