View Javadoc

1   /*
2    *   @(#) $Id: MostSpecificProtectedItemFilter.java 326050 2005-10-18 08:19:14Z akarasulu $
3    *   
4    *   Copyright 2004 The Apache Software Foundation
5    *
6    *   Licensed under the Apache License, Version 2.0 (the "License");
7    *   you may not use this file except in compliance with the License.
8    *   You may obtain a copy of the License at
9    *
10   *       http://www.apache.org/licenses/LICENSE-2.0
11   *
12   *   Unless required by applicable law or agreed to in writing, software
13   *   distributed under the License is distributed on an "AS IS" BASIS,
14   *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15   *   See the License for the specific language governing permissions and
16   *   limitations under the License.
17   *
18   */
19  package org.apache.ldap.server.authz.support;
20  
21  import java.util.ArrayList;
22  import java.util.Collection;
23  import java.util.Iterator;
24  
25  import javax.naming.Name;
26  import javax.naming.NamingException;
27  import javax.naming.directory.Attributes;
28  
29  import org.apache.ldap.common.aci.ACITuple;
30  import org.apache.ldap.common.aci.AuthenticationLevel;
31  import org.apache.ldap.common.aci.ProtectedItem;
32  import org.apache.ldap.server.partition.DirectoryPartitionNexusProxy;
33  
34  
35  /***
36   * An {@link ACITupleFilter} that chooses the tuples with the most specific
37   * protected item. (18.8.4.3, X.501)
38   * <p>
39   * If more than one tuple remains, choose the tuples with the most specific
40   * protected item. If the protected item is an attribute and there are tuples 
41   * that specify the attribute type explicitly, discard all other tuples. If
42   * the protected item is an attribute value, and there are tuples that specify
43   * the attribute value explicitly, discard all other tuples. A protected item
44   * which is a rangeOfValues is to be treated as specifying an attribute value
45   * explicitly.
46   * 
47   * @author The Apache Directory Project
48   * @version $Rev: 326050 $, $Date: 2005-10-18 04:19:14 -0400 (Tue, 18 Oct 2005) $
49   */
50  public class MostSpecificProtectedItemFilter implements ACITupleFilter
51  {
52      public Collection filter( Collection tuples, OperationScope scope, DirectoryPartitionNexusProxy proxy, Collection userGroupNames, Name userName, Attributes userEntry, AuthenticationLevel authenticationLevel, Name entryName, String attrId, Object attrValue, Attributes entry, Collection microOperations ) throws NamingException
53      {
54          if( tuples.size() <= 1 )
55          {
56              return tuples;
57          }
58  
59          Collection filteredTuples = new ArrayList();
60  
61          // If the protected item is an attribute and there are tuples that
62          // specify the attribute type explicitly, discard all other tuples.
63          for( Iterator i = tuples.iterator(); i.hasNext(); )
64          {
65              ACITuple tuple = ( ACITuple ) i.next();
66              for( Iterator j = tuple.getProtectedItems().iterator(); j.hasNext(); )
67              {
68                  ProtectedItem item = ( ProtectedItem ) j.next();
69                  if( item instanceof ProtectedItem.AttributeType ||
70                      item instanceof ProtectedItem.AllAttributeValues ||
71                      item instanceof ProtectedItem.SelfValue ||
72                      item instanceof ProtectedItem.AttributeValue )
73                  {
74                      filteredTuples.add( tuple );
75                      break;
76                  }
77              }
78          }
79  
80          if( filteredTuples.size() > 0 )
81          {
82              return filteredTuples;
83          }
84  
85          // If the protected item is an attribute value, and there are tuples
86          // that specify the attribute value explicitly, discard all other tuples.
87          // A protected item which is a rangeOfValues is to be treated as
88          // specifying an attribute value explicitly. 
89          for( Iterator i = tuples.iterator(); i.hasNext(); )
90          {
91              ACITuple tuple = ( ACITuple ) i.next();
92              for( Iterator j = tuple.getProtectedItems().iterator(); j.hasNext(); )
93              {
94                  ProtectedItem item = ( ProtectedItem ) j.next();
95                  if( item instanceof ProtectedItem.RangeOfValues )
96                  {
97                      filteredTuples.add( tuple );
98                  }
99              }
100         }
101 
102         if( filteredTuples.size() > 0 )
103         {
104             return filteredTuples;
105         }
106 
107         return tuples;
108     }
109 }