1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19 package org.apache.ldap.server.authz.support;
20
21 import java.util.*;
22
23 import javax.naming.Name;
24 import javax.naming.NamingEnumeration;
25 import javax.naming.NamingException;
26 import javax.naming.directory.Attributes;
27 import javax.naming.directory.SearchControls;
28
29 import org.apache.ldap.common.aci.ACITuple;
30 import org.apache.ldap.common.aci.AuthenticationLevel;
31 import org.apache.ldap.common.aci.ProtectedItem;
32 import org.apache.ldap.common.filter.ExprNode;
33 import org.apache.ldap.common.filter.PresenceNode;
34 import org.apache.ldap.server.partition.DirectoryPartitionNexusProxy;
35
36
37 /***
38 * An {@link ACITupleFilter} that discards all tuples that doesn't satisfy
39 * {@link ProtectedItem.MaxImmSub} constraint if available. (18.8.3.3, X.501)
40 *
41 * @author The Apache Directory Project
42 * @version $Rev: 326083 $, $Date: 2005-10-18 06:59:38 -0400 (Tue, 18 Oct 2005) $
43 */
44 public class MaxImmSubFilter implements ACITupleFilter
45 {
46 private final ExprNode childrenFilter;
47 private final SearchControls childrenSearchControls;
48
49 public MaxImmSubFilter()
50 {
51 childrenFilter = new PresenceNode( "objectClass" );
52 childrenSearchControls = new SearchControls();
53 childrenSearchControls.setSearchScope( SearchControls.ONELEVEL_SCOPE );
54 }
55
56 public Collection filter( Collection tuples, OperationScope scope, DirectoryPartitionNexusProxy proxy, Collection userGroupNames, Name userName, Attributes userEntry, AuthenticationLevel authenticationLevel, Name entryName, String attrId, Object attrValue, Attributes entry, Collection microOperations ) throws NamingException
57 {
58 if( entryName.size() == 0 )
59 {
60 return tuples;
61 }
62
63 if( tuples.size() == 0 )
64 {
65 return tuples;
66 }
67
68 if( scope != OperationScope.ENTRY )
69 {
70 return tuples;
71 }
72
73 int immSubCount = -1;
74
75 for( Iterator i = tuples.iterator(); i.hasNext(); )
76 {
77 ACITuple tuple = ( ACITuple ) i.next();
78 if( !tuple.isGrant() )
79 {
80 continue;
81 }
82
83 for( Iterator j = tuple.getProtectedItems().iterator(); j.hasNext(); )
84 {
85 ProtectedItem item = ( ProtectedItem ) j.next();
86 if( item instanceof ProtectedItem.MaxImmSub )
87 {
88 if( immSubCount < 0 )
89 {
90 immSubCount = getImmSubCount( proxy, entryName );
91 }
92
93 ProtectedItem.MaxImmSub mis = ( ProtectedItem.MaxImmSub ) item;
94 if( immSubCount >= mis.getValue() )
95 {
96 i.remove();
97 break;
98 }
99 }
100 }
101 }
102
103 return tuples;
104 }
105
106
107 public static final Collection SEARCH_BYPASS;
108 static
109 {
110 Collection c = new HashSet();
111 c.add( "normalizationService" );
112 c.add( "authenticationService" );
113 c.add( "authorizationService" );
114 c.add( "oldAuthorizationService" );
115 c.add( "schemaService" );
116 c.add( "subentryService" );
117 c.add( "operationalAttributeService" );
118 c.add( "eventService" );
119 SEARCH_BYPASS = Collections.unmodifiableCollection( c );
120 }
121
122
123 private int getImmSubCount( DirectoryPartitionNexusProxy proxy, Name entryName ) throws NamingException
124 {
125 int cnt = 0;
126 NamingEnumeration e = null;
127 try
128 {
129 e = proxy.search(
130 entryName.getPrefix( 1 ), new HashMap(),
131 childrenFilter, childrenSearchControls, SEARCH_BYPASS );
132
133 while( e.hasMore() )
134 {
135 e.next();
136 cnt ++;
137 }
138
139 }
140 finally
141 {
142 if( e != null )
143 {
144 e.close();
145 }
146 }
147
148 return cnt;
149 }
150
151 }