View Javadoc

1   /*
2    *   @(#) $Id: MostSpecificUserClassFilter.java 326050 2005-10-18 08:19:14Z akarasulu $
3    *   
4    *   Copyright 2004 The Apache Software Foundation
5    *
6    *   Licensed under the Apache License, Version 2.0 (the "License");
7    *   you may not use this file except in compliance with the License.
8    *   You may obtain a copy of the License at
9    *
10   *       http://www.apache.org/licenses/LICENSE-2.0
11   *
12   *   Unless required by applicable law or agreed to in writing, software
13   *   distributed under the License is distributed on an "AS IS" BASIS,
14   *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15   *   See the License for the specific language governing permissions and
16   *   limitations under the License.
17   *
18   */
19  package org.apache.ldap.server.authz.support;
20  
21  import java.util.ArrayList;
22  import java.util.Collection;
23  import java.util.Iterator;
24  
25  import javax.naming.Name;
26  import javax.naming.NamingException;
27  import javax.naming.directory.Attributes;
28  
29  import org.apache.ldap.common.aci.ACITuple;
30  import org.apache.ldap.common.aci.AuthenticationLevel;
31  import org.apache.ldap.common.aci.UserClass;
32  import org.apache.ldap.server.partition.DirectoryPartitionNexusProxy;
33  
34  
35  /***
36   * An {@link ACITupleFilter} that chooses the tuples with the most specific user
37   * class. (18.8.4.2)
38   * <p>
39   * If more than one tuple remains, choose the tuples with the most specific user
40   * class. If there are any tuples matching the requestor with UserClasses element
41   * name or thisEntry, discard all other tuples. Otherwise if there are any tuples
42   * matching UserGroup, discard all other tuples. Otherwise if there are any tuples
43   * matching subtree, discard all other tuples.
44   *
45   * @author The Apache Directory Project
46   * @version $Rev: 326050 $, $Date: 2005-10-18 04:19:14 -0400 (Tue, 18 Oct 2005) $
47   */
48  public class MostSpecificUserClassFilter implements ACITupleFilter
49  {
50      public Collection filter( Collection tuples, OperationScope scope, DirectoryPartitionNexusProxy proxy, Collection userGroupNames, Name userName, Attributes userEntry, AuthenticationLevel authenticationLevel, Name entryName, String attrId, Object attrValue, Attributes entry, Collection microOperations ) throws NamingException
51      {
52          if( tuples.size() <= 1 )
53          {
54              return tuples;
55          }
56  
57          Collection filteredTuples = new ArrayList();
58  
59          // If there are any tuples matching the requestor with UserClasses
60          // element name or thisEntry, discard all other tuples.
61          for( Iterator i = tuples.iterator(); i.hasNext(); )
62          {
63              ACITuple tuple = ( ACITuple ) i.next();
64              for( Iterator j = tuple.getUserClasses().iterator(); j.hasNext(); )
65              {
66                  UserClass userClass = ( UserClass ) j.next();
67                  if( userClass instanceof UserClass.Name ||
68                      userClass instanceof UserClass.ThisEntry )
69                  {
70                      filteredTuples.add( tuple );
71                      break;
72                  }
73              }
74          }
75  
76          if( filteredTuples.size() > 0 )
77          {
78              return filteredTuples;
79          }
80  
81          // Otherwise if there are any tuples matching UserGroup,
82          // discard all other tuples.
83          for( Iterator i = tuples.iterator(); i.hasNext(); )
84          {
85              ACITuple tuple = ( ACITuple ) i.next();
86              for( Iterator j = tuple.getUserClasses().iterator(); j.hasNext(); )
87              {
88                  UserClass userClass = ( UserClass ) j.next();
89                  if( userClass instanceof UserClass.UserGroup )
90                  {
91                      filteredTuples.add( tuple );
92                      break;
93                  }
94              }
95          }
96  
97          if( filteredTuples.size() > 0 )
98          {
99              return filteredTuples;
100         }
101 
102         // Otherwise if there are any tuples matching subtree,
103         // discard all other tuples.
104         for( Iterator i = tuples.iterator(); i.hasNext(); )
105         {
106             ACITuple tuple = ( ACITuple ) i.next();
107             for( Iterator j = tuple.getUserClasses().iterator(); j.hasNext(); )
108             {
109                 UserClass userClass = ( UserClass ) j.next();
110                 if( userClass instanceof UserClass.Subtree )
111                 {
112                     filteredTuples.add( tuple );
113                     break;
114                 }
115             }
116         }
117 
118         if( filteredTuples.size() > 0 )
119         {
120             return filteredTuples;
121         }
122 
123         return tuples;
124     }
125 
126 }