1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19 package org.apache.ldap.server.authz.support;
20
21 import java.util.ArrayList;
22 import java.util.Collection;
23 import java.util.Iterator;
24
25 import javax.naming.Name;
26 import javax.naming.NamingException;
27 import javax.naming.directory.Attributes;
28
29 import org.apache.ldap.common.aci.ACITuple;
30 import org.apache.ldap.common.aci.AuthenticationLevel;
31 import org.apache.ldap.common.aci.UserClass;
32 import org.apache.ldap.server.partition.DirectoryPartitionNexusProxy;
33
34
35 /***
36 * An {@link ACITupleFilter} that chooses the tuples with the most specific user
37 * class. (18.8.4.2)
38 * <p>
39 * If more than one tuple remains, choose the tuples with the most specific user
40 * class. If there are any tuples matching the requestor with UserClasses element
41 * name or thisEntry, discard all other tuples. Otherwise if there are any tuples
42 * matching UserGroup, discard all other tuples. Otherwise if there are any tuples
43 * matching subtree, discard all other tuples.
44 *
45 * @author The Apache Directory Project
46 * @version $Rev: 326050 $, $Date: 2005-10-18 04:19:14 -0400 (Tue, 18 Oct 2005) $
47 */
48 public class MostSpecificUserClassFilter implements ACITupleFilter
49 {
50 public Collection filter( Collection tuples, OperationScope scope, DirectoryPartitionNexusProxy proxy, Collection userGroupNames, Name userName, Attributes userEntry, AuthenticationLevel authenticationLevel, Name entryName, String attrId, Object attrValue, Attributes entry, Collection microOperations ) throws NamingException
51 {
52 if( tuples.size() <= 1 )
53 {
54 return tuples;
55 }
56
57 Collection filteredTuples = new ArrayList();
58
59
60
61 for( Iterator i = tuples.iterator(); i.hasNext(); )
62 {
63 ACITuple tuple = ( ACITuple ) i.next();
64 for( Iterator j = tuple.getUserClasses().iterator(); j.hasNext(); )
65 {
66 UserClass userClass = ( UserClass ) j.next();
67 if( userClass instanceof UserClass.Name ||
68 userClass instanceof UserClass.ThisEntry )
69 {
70 filteredTuples.add( tuple );
71 break;
72 }
73 }
74 }
75
76 if( filteredTuples.size() > 0 )
77 {
78 return filteredTuples;
79 }
80
81
82
83 for( Iterator i = tuples.iterator(); i.hasNext(); )
84 {
85 ACITuple tuple = ( ACITuple ) i.next();
86 for( Iterator j = tuple.getUserClasses().iterator(); j.hasNext(); )
87 {
88 UserClass userClass = ( UserClass ) j.next();
89 if( userClass instanceof UserClass.UserGroup )
90 {
91 filteredTuples.add( tuple );
92 break;
93 }
94 }
95 }
96
97 if( filteredTuples.size() > 0 )
98 {
99 return filteredTuples;
100 }
101
102
103
104 for( Iterator i = tuples.iterator(); i.hasNext(); )
105 {
106 ACITuple tuple = ( ACITuple ) i.next();
107 for( Iterator j = tuple.getUserClasses().iterator(); j.hasNext(); )
108 {
109 UserClass userClass = ( UserClass ) j.next();
110 if( userClass instanceof UserClass.Subtree )
111 {
112 filteredTuples.add( tuple );
113 break;
114 }
115 }
116 }
117
118 if( filteredTuples.size() > 0 )
119 {
120 return filteredTuples;
121 }
122
123 return tuples;
124 }
125
126 }