|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Objectorg.opends.server.api.AccessControlHandler<T>
T
- The type of access control configuration handled by
this access control provider implementation.@PublicAPI(stability=VOLATILE, mayInstantiate=false, mayExtend=true, mayInvoke=false) public abstract class AccessControlHandler<T extends AccessControlHandlerCfg>
This class defines the set of methods and structures that must be implemented by a Directory Server access control handler. All methods in this class should take the entire request into account when making the determination, including any request controls that might have been provided.
Constructor Summary | |
---|---|
AccessControlHandler()
|
Method Summary | |
---|---|
abstract SearchResultEntry |
filterEntry(SearchOperation searchOperation,
SearchResultEntry searchEntry)
Filter the contents of the provided entry such that it no longer contains any attributes or values that the client is not permitted to access. |
abstract void |
finalizeAccessControlHandler()
Performs any necessary finalization for the access control handler implementation. |
abstract void |
initializeAccessControlHandler(T configuration)
Initializes the access control handler implementation based on the information in the provided configuration entry. |
abstract boolean |
isAllowed(DN dn,
Operation op,
Control control)
Indicates whether the provided control is allowed based on the access control configuration and the specified operation. |
abstract boolean |
isAllowed(ExtendedOperation extendedOperation)
Indicates whether the provided extended operation is allowed based on the access control configuration. |
abstract boolean |
isAllowed(LocalBackendAddOperation addOperation)
Indicates whether the provided add operation is allowed based on the access control configuration. |
abstract boolean |
isAllowed(LocalBackendBindOperation bindOperation)
Indicates whether the provided bind operation is allowed based on the access control configuration. |
abstract boolean |
isAllowed(LocalBackendCompareOperation compareOperation)
Indicates whether the provided compare operation is allowed based on the access control configuration. |
abstract boolean |
isAllowed(LocalBackendDeleteOperation deleteOperation)
Indicates whether the provided delete operation is allowed based on the access control configuration. |
abstract boolean |
isAllowed(LocalBackendModifyDNOperation modifyDNOperation)
Indicates whether the provided modify DN operation is allowed based on the access control configuration. |
abstract boolean |
isAllowed(LocalBackendModifyOperation modifyOperation)
Indicates whether the provided modify operation is allowed based on the access control configuration. |
abstract boolean |
isAllowed(LocalBackendSearchOperation searchOperation)
Indicates whether the provided search operation is allowed based on the access control configuration. |
boolean |
isConfigurationAcceptable(AccessControlHandlerCfg configuration,
java.util.List<Message> unacceptableReasons)
Indicates whether the provided configuration is acceptable for this access control handler. |
abstract boolean |
maySend(DN dn,
SearchOperation searchOperation,
SearchResultReference searchReference)
Indicates whether the provided search result reference may be sent to the client based on the access control configuration. |
abstract boolean |
maySend(SearchOperation searchOperation,
SearchResultEntry searchEntry)
Indicates whether the provided search result entry may be sent to the client. |
Methods inherited from class java.lang.Object |
---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Constructor Detail |
---|
public AccessControlHandler()
Method Detail |
---|
public abstract void initializeAccessControlHandler(T configuration) throws ConfigException, InitializationException
configuration
- The configuration object that contains the
information to use to initialize this
access control handler.
ConfigException
- If an unrecoverable problem arises in
the process of performing the
initialization.
InitializationException
- If a problem occurs during
initialization that is not
related to the server
configuration.public boolean isConfigurationAcceptable(AccessControlHandlerCfg configuration, java.util.List<Message> unacceptableReasons)
configuration
- The access control handler
configuration for which to make the
determination.unacceptableReasons
- A list that may be used to hold the
reasons that the provided
configuration is not acceptable.
true
if the provided configuration is acceptable
for this access control handler, or false
if
not.public abstract void finalizeAccessControlHandler()
public abstract boolean isAllowed(LocalBackendAddOperation addOperation)
addOperation
- The operation for which to make the
determination.
true
if the operation should be allowed by the
access control configuration, or false
if not.public abstract boolean isAllowed(DN dn, Operation op, Control control)
dn
- A DN that can be used in the access determination.op
- The operation to use in the
determination.control
- The control for which to make the determination.
true
if the control should be allowed by the
access control configuration, or false
if not.public abstract boolean isAllowed(LocalBackendBindOperation bindOperation)
bindOperation
- The operation for which to make the
determination.
true
if the operation should be allowed by the
access control configuration, or false
if not.public abstract boolean isAllowed(LocalBackendCompareOperation compareOperation)
compareOperation
- The operation for which to make the
determination.
true
if the operation should be allowed by the
access control configuration, or false
if not.public abstract boolean isAllowed(LocalBackendDeleteOperation deleteOperation)
deleteOperation
- The operation for which to make the
determination.
true
if the operation should be allowed by the
access control configuration, or false
if not.public abstract boolean isAllowed(ExtendedOperation extendedOperation)
extendedOperation
- The operation for which to make the
determination.
true
if the operation should be allowed by the
access control configuration, or false
if not.public abstract boolean isAllowed(LocalBackendModifyOperation modifyOperation)
modifyOperation
- The operation for which to make the
determination.
true
if the operation should be allowed by the
access control configuration, or false
if not.public abstract boolean isAllowed(LocalBackendModifyDNOperation modifyDNOperation)
modifyDNOperation
- The operation for which to make the
determination.
true
if the operation should be allowed by the
access control configuration, or false
if not.public abstract boolean isAllowed(LocalBackendSearchOperation searchOperation)
searchOperation
- The operation for which to make the
determination.
true
if the operation should be allowed by the
access control configuration, or false
if not.public abstract boolean maySend(SearchOperation searchOperation, SearchResultEntry searchEntry)
searchOperation
- The search operation with which the
provided entry is associated.searchEntry
- The search result entry for which to
make the determination.
true
if the access control configuration allows
the entry to be returned to the client, or false
if not.public abstract SearchResultEntry filterEntry(SearchOperation searchOperation, SearchResultEntry searchEntry)
searchOperation
- The search operation with which the
provided entry is associated.searchEntry
- The search result entry to be filtered.
public abstract boolean maySend(DN dn, SearchOperation searchOperation, SearchResultReference searchReference)
dn
- A DN that can be used in the access
determination.searchOperation
- The search operation with which the
provided reference is associated.searchReference
- The search result reference for which to
make the determination.
true
if the access control configuration allows
the reference to be returned to the client, or
false
if not.
|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |