|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Objectorg.opends.server.authorization.dseecompat.AciContainer
public abstract class AciContainer
The AciContainer class contains all of the needed information to perform both target match and evaluate an ACI. Target matching is the process of testing if an ACI is applicable to an operation, and evaluation is the actual access evaluation of the ACI.
Constructor Summary | |
---|---|
protected |
AciContainer(Operation operation,
int rights,
Entry entry)
This constructor is used by all currently supported LDAP operations. |
Method Summary | |
---|---|
void |
addTargAttrFiltersMatchAci(Aci aci)
Add the specified ACI to a list of ACIs that have a targattrfilters rule that matched. |
void |
clearEvalAttributes(int v)
Used to clear the mask used to detect if access checking needs to be performed on individual attributes types. |
java.util.LinkedList<Aci> |
getAllowList()
Get the list allow ACIs. |
DN |
getClientDN()
Get client DN. |
Entry |
getClientEntry()
Get the client entry. |
java.lang.String |
getControlOID()
Return the OID (Object Identifier) string of the control being evaluated. |
AttributeType |
getCurrentAttributeType()
Get the current attribute type being evaluated. |
AttributeValue |
getCurrentAttributeValue()
The current attribute type value being evaluated. |
java.lang.String |
getDecidingAciName()
Return the name of the ACI that decided the last access evaluation. |
java.util.LinkedList<Aci> |
getDenyList()
Get the list of deny ACIs. |
EnumEvalReason |
getEvalReason()
Return the reason the last access evaluation was evaluated the way it was. |
java.lang.String |
getEvalSummary()
Return the access evaluation summary string. |
java.lang.String |
getExtOpOID()
Return The OID (Object Identifier) string of the extended operation being evaluated. |
java.lang.String |
getHostName()
Get the hostname of the bound connection. |
java.net.InetAddress |
getRemoteAddress()
Get the address of the bound connection. |
DN |
getResourceDN()
Get the resource DN. |
Entry |
getResourceEntry()
Get the entry being evaluated. |
int |
getRights()
Return the rights for this container's LDAP operation. |
java.util.List<AttributeType> |
getSpecificAttributes()
Return the list of additional attributes specified in the geteffectiveritghts control. |
java.lang.String |
getTargAttrFiltersAciName()
Return the name of the ACI that last matched a targattrfilters rule. |
boolean |
getTargAttrFiltersMatch()
Return the value of the targAttrFiltersMatch variable. |
boolean |
hasAllOpAttributes()
Return true if the evaluating ACI contained a targetattr all operational attributes rule match. |
boolean |
hasAllUserAttributes()
Return true if the evaluating ACI contained a targetattr all user attributes rule match. |
EnumEvalResult |
hasAuthenticationMethod(EnumAuthMethod authMethod,
java.lang.String saslMech)
Determine whether the client connection has been authenticated using a specified authentication method. |
boolean |
hasEntryTestRule()
True if an entry test rule was found. |
boolean |
hasEvalOpAttributes()
Return true if the evaluating ACI either contained an explicitly defined operational attribute type in a targeattr target rule or both a targetattr all operational attributes rule matched and a explictly defined targetattr target rule matched. |
boolean |
hasEvalUserAttributes()
Return true if the evaluating ACI either contained an explicitly defined user attribute type in a targeattr target rule or both a targetattr all user attributes rule matched and a explictly defined targetattr target rule matched. |
boolean |
hasGetEffectiveRightsControl()
Return true if the container is being used in a geteffectiverights evaluation. |
boolean |
hasRights(int rights)
Checks if the container's rights has the specified rights. |
boolean |
hasSeenEntry()
Returns true if an entry has already been processed by an access proxy check. |
boolean |
hasTargAttrFiltersMatchAci(Aci aci)
The context maintains a hashtable of ACIs that matched the targattrfilters keyword evaluation. |
boolean |
hasTargAttrFiltersMatchOp(int flag)
Return true if an ACI that evaluated to deny or allow has an targattrfilters keyword. |
boolean |
isAddOperation()
Return true if this is an add operation, needed by the userattr USERDN parent inheritance level 0 processing. |
boolean |
isAnonymousUser()
Check if the remote client is bound anonymously. |
boolean |
isAuthzidAuthorizationDN()
Returns true if the geteffectiverights control's authZid DN is equal to the authoritzation entry's DN. |
boolean |
isDenyEval()
Returns true if the deny list is being evaluated. |
boolean |
isFirstAttribute()
True if the first attribute of the resource entry is being evaluated. |
boolean |
isGetEffectiveRightsEval()
Returns true of a match context is performing a geteffectiverights evaluation. |
boolean |
isMemberOf(Group group)
Return true if the operation associated with this evaluation context is a member of the specified group. |
boolean |
isProxiedAuthorization()
Return true if a evaluation context is being used in proxied authorization evaluation. |
boolean |
isTargAttrFilterMatchAciEmpty()
Returns true if the hashtable of ACIs that matched the targattrfilters keyword evaluation is empty. |
void |
resetEffectiveRightsParams()
Reset the values used by the geteffectiverights evaluation to original values. |
java.lang.String |
rightToString()
Return a string representation of the current right being evaluated. |
void |
setAllowList(java.util.LinkedList<Aci> allows)
Set the allow ACI list. |
protected void |
setControlOID(java.lang.String oid)
Set the the controlOID value to the specified oid string. |
void |
setCurrentAttributeType(AttributeType type)
Set the attribute type to be evaluated. |
void |
setCurrentAttributeValue(AttributeValue value)
Set the attribute value to be evaluated. |
void |
setDecidingAci(Aci aci)
Set the ACI that decided that last access evaluation. |
void |
setDenyEval(boolean val)
Set when the deny list is being evaluated. |
void |
setDenyList(java.util.LinkedList<Aci> denys)
Set the deny ACI list. |
void |
setEntryTestRule(boolean val)
True if the target matching code found an entry test rule. |
void |
setEvalOpAttributes(int v)
This method toggles a mask that indicates that access checking of individual operational attributes may or may not be skipped depending on if there is a single ACI containing a targetattr all operational attributes rule (targetattr="+"). |
void |
setEvalReason(EnumEvalReason reason)
Set the reason the last access evaluation was evaluated the way it was. |
void |
setEvalSummary(java.lang.String summary)
Set the value of the summary string to the specified string. |
void |
setEvalUserAttributes(int v)
This method toggles a mask that indicates that access checking of individual user attributes may or may not be skipped depending on if there is a single ACI containing a targetattr all user attributes rule (targetattr="*"). |
protected void |
setExtOpOID(java.lang.String oid)
Set the extended operation OID value to the specified oid string. |
void |
setGetEffectiveRightsEval()
The container is going to be used in a geteffectiverights evaluation, set the flag isGetEffectiveRightsEval to true. |
void |
setIsFirstAttribute(boolean val)
Set to true if the first attribute of the resource entry is being evaluated. |
void |
setRights(int rights)
Set the rights of the container to the specified rights. |
void |
setSeenEntry(boolean val)
Set to true if an entry has already been processsed by an access proxy check. |
void |
setTargAttrFiltersAciName(java.lang.String name)
Save the name of the last ACI that matched a targattrfilters rule. |
void |
setTargAttrFiltersMatch(boolean v)
Set to true if the ACI had a targattrfilter rule that matched. |
void |
setTargAttrFiltersMatchOp(int flag)
Set a flag that specifies that a ACI that evaluated to either deny or allow contains a targattrfilters keyword. |
void |
useAuthzid(boolean v)
Use the DN from the geteffectiverights control's authzId as the client DN, rather than the authorization entry's DN. |
void |
useFullResourceEntry(boolean val)
During the geteffectiverights entrylevel read evaluation, an entry with all of the attributes used in the AciHandler's maysend method evaluation is needed to perform the evaluation over again. |
void |
useOrigAuthorizationEntry(boolean val)
If the specified value is true, then the original authorization entry, which is the entry before the switch performed by the proxied authorization control processing should be set to the current authorization entry. |
Methods inherited from class java.lang.Object |
---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Constructor Detail |
---|
protected AciContainer(Operation operation, int rights, Entry entry)
operation
- The Operation object being evaluated and target
matching.rights
- The rights array to use in evaluation and target matching.entry
- The current entry being evaluated and target matched.Method Detail |
---|
public boolean hasSeenEntry()
public void setSeenEntry(boolean val)
val
- The value to set the seenEntry boolean to.public boolean isProxiedAuthorization()
isProxiedAuthorization
in interface AciEvalContext
public boolean isGetEffectiveRightsEval()
isGetEffectiveRightsEval
in interface AciEvalContext
isGetEffectiveRightsEval
in interface AciTargetMatchContext
public void setGetEffectiveRightsEval()
public boolean hasGetEffectiveRightsControl()
public void useAuthzid(boolean v)
v
- The valued to set the useAuthzid to.public java.util.List<AttributeType> getSpecificAttributes()
public void useFullResourceEntry(boolean val)
useFullResourceEntry
in interface AciEvalContext
val
- Specifies if the saved entry should be used or not. True if it
should be used, false if the original resource entry should be used.public void addTargAttrFiltersMatchAci(Aci aci)
addTargAttrFiltersMatchAci
in interface AciTargetMatchContext
aci
- The ACI to save.public boolean hasTargAttrFiltersMatchAci(Aci aci)
hasTargAttrFiltersMatchAci
in interface AciEvalContext
aci
- The ACI that to evaluate if it contains a match during
targattrfilters keyword evaluation.
public boolean isTargAttrFilterMatchAciEmpty()
isTargAttrFilterMatchAciEmpty
in interface AciEvalContext
public void resetEffectiveRightsParams()
public void setTargAttrFiltersAciName(java.lang.String name)
setTargAttrFiltersAciName
in interface AciEvalContext
setTargAttrFiltersAciName
in interface AciTargetMatchContext
name
- The ACI's name to save.public java.lang.String getTargAttrFiltersAciName()
getTargAttrFiltersAciName
in interface AciEvalContext
public void setTargAttrFiltersMatchOp(int flag)
setTargAttrFiltersMatchOp
in interface AciEvalContext
flag
- Either the integer value representing an allow or a deny,
but not both.public boolean hasTargAttrFiltersMatchOp(int flag)
hasTargAttrFiltersMatchOp
in interface AciEvalContext
flag
- The integer value specifying either a deny or allow, but not
both.
public void setDecidingAci(Aci aci)
setDecidingAci
in interface AciEvalContext
aci
- The ACI that decided the last access evaluation.public java.lang.String getDecidingAciName()
getDecidingAciName
in interface AciEvalContext
public void setEvalReason(EnumEvalReason reason)
setEvalReason
in interface AciEvalContext
reason
- The enumeration representing the reason of the last access
evaluation.public EnumEvalReason getEvalReason()
getEvalReason
in interface AciEvalContext
public void setEvalSummary(java.lang.String summary)
setEvalSummary
in interface AciEvalContext
summary
- The string to set the summary string topublic java.lang.String getEvalSummary()
getEvalSummary
in interface AciEvalContext
public boolean isAuthzidAuthorizationDN()
public void useOrigAuthorizationEntry(boolean val)
val
- The value used to select the authorization entry to use.public void setDenyList(java.util.LinkedList<Aci> denys)
setDenyList
in interface AciTargetMatchContext
denys
- The deny ACI list.public void setAllowList(java.util.LinkedList<Aci> allows)
setAllowList
in interface AciTargetMatchContext
allows
- The list of allow ACIs.public AttributeType getCurrentAttributeType()
getCurrentAttributeType
in interface AciEvalContext
getCurrentAttributeType
in interface AciTargetMatchContext
public AttributeValue getCurrentAttributeValue()
getCurrentAttributeValue
in interface AciTargetMatchContext
public void setCurrentAttributeType(AttributeType type)
setCurrentAttributeType
in interface AciTargetMatchContext
type
- The attribute type to set to.public void setCurrentAttributeValue(AttributeValue value)
setCurrentAttributeValue
in interface AciTargetMatchContext
value
- The current attribute value to set to.public boolean isFirstAttribute()
isFirstAttribute
in interface AciTargetMatchContext
public void setIsFirstAttribute(boolean val)
setIsFirstAttribute
in interface AciTargetMatchContext
val
- True if this is the first attribute of the
resource entry being evaluated.public boolean hasEntryTestRule()
hasEntryTestRule
in interface AciTargetMatchContext
public void setEntryTestRule(boolean val)
setEntryTestRule
in interface AciTargetMatchContext
val
- True if an entry test rule was found.public Entry getResourceEntry()
getResourceEntry
in interface AciEvalContext
getResourceEntry
in interface AciTargetMatchContext
public Entry getClientEntry()
getClientEntry
in interface AciEvalContext
public java.util.LinkedList<Aci> getDenyList()
getDenyList
in interface AciEvalContext
public java.util.LinkedList<Aci> getAllowList()
getAllowList
in interface AciEvalContext
public boolean isDenyEval()
isDenyEval
in interface AciEvalContext
public boolean isAnonymousUser()
isAnonymousUser
in interface AciEvalContext
public void setDenyEval(boolean val)
setDenyEval
in interface AciEvalContext
val
- True if deny's are being evaluated.public DN getClientDN()
getClientDN
in interface AciEvalContext
public DN getResourceDN()
getResourceDN
in interface AciEvalContext
public boolean hasRights(int rights)
hasRights
in interface AciEvalContext
hasRights
in interface AciTargetMatchContext
rights
- The rights to check for.
public int getRights()
getRights
in interface AciEvalContext
getRights
in interface AciTargetMatchContext
public void setRights(int rights)
setRights
in interface AciTargetMatchContext
rights
- The rights to set the container's rights to.public java.lang.String getHostName()
getHostName
in interface AciEvalContext
public java.net.InetAddress getRemoteAddress()
getRemoteAddress
in interface AciEvalContext
public boolean isAddOperation()
isAddOperation
in interface AciEvalContext
public void setTargAttrFiltersMatch(boolean v)
setTargAttrFiltersMatch
in interface AciTargetMatchContext
v
- The value to use.public boolean getTargAttrFiltersMatch()
getTargAttrFiltersMatch
in interface AciTargetMatchContext
public java.lang.String getControlOID()
getControlOID
in interface AciTargetMatchContext
public java.lang.String getExtOpOID()
getExtOpOID
in interface AciTargetMatchContext
protected void setControlOID(java.lang.String oid)
oid
- The control oid string.protected void setExtOpOID(java.lang.String oid)
oid
- The extended operation oid string.public EnumEvalResult hasAuthenticationMethod(EnumAuthMethod authMethod, java.lang.String saslMech)
hasAuthenticationMethod
in interface AciEvalContext
authMethod
- The required authentication method.saslMech
- The required SASL mechanism if the authentication method
is SASL.
public boolean isMemberOf(Group group)
isMemberOf
in interface AciEvalContext
group
- The group to check membership in.
public java.lang.String rightToString()
rightToString
in interface AciEvalContext
public void setEvalUserAttributes(int v)
setEvalUserAttributes
in interface AciTargetMatchContext
v
- The mask to this value.public void setEvalOpAttributes(int v)
setEvalOpAttributes
in interface AciTargetMatchContext
v
- The mask to this value.public boolean hasEvalUserAttributes()
hasEvalUserAttributes
in interface AciTargetMatchContext
public boolean hasEvalOpAttributes()
hasEvalOpAttributes
in interface AciTargetMatchContext
public boolean hasAllUserAttributes()
public boolean hasAllOpAttributes()
public void clearEvalAttributes(int v)
clearEvalAttributes
in interface AciTargetMatchContext
v
- The flag to clear or 0 to set the mask to 0.
|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |