View Javadoc

1   /*
2    *   @(#) $Id: RestrictedByFilter.java 326050 2005-10-18 08:19:14Z akarasulu $
3    *   
4    *   Copyright 2004 The Apache Software Foundation
5    *
6    *   Licensed under the Apache License, Version 2.0 (the "License");
7    *   you may not use this file except in compliance with the License.
8    *   You may obtain a copy of the License at
9    *
10   *       http://www.apache.org/licenses/LICENSE-2.0
11   *
12   *   Unless required by applicable law or agreed to in writing, software
13   *   distributed under the License is distributed on an "AS IS" BASIS,
14   *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15   *   See the License for the specific language governing permissions and
16   *   limitations under the License.
17   *
18   */
19  package org.apache.ldap.server.authz.support;
20  
21  import java.util.Collection;
22  import java.util.Iterator;
23  
24  import javax.naming.Name;
25  import javax.naming.NamingException;
26  import javax.naming.directory.Attribute;
27  import javax.naming.directory.Attributes;
28  
29  import org.apache.ldap.common.aci.ACITuple;
30  import org.apache.ldap.common.aci.AuthenticationLevel;
31  import org.apache.ldap.common.aci.ProtectedItem;
32  import org.apache.ldap.common.aci.ProtectedItem.RestrictedByItem;
33  import org.apache.ldap.server.partition.DirectoryPartitionNexusProxy;
34  
35  
36  /***
37   * An {@link ACITupleFilter} that discards all tuples that doesn't satisfy
38   * {@link ProtectedItem.RestrictedBy} constraint if available. (18.8.3.3, X.501)
39   *
40   * @author The Apache Directory Proejct
41   * @version $Rev: 326050 $, $Date: 2005-10-18 04:19:14 -0400 (Tue, 18 Oct 2005) $
42   */
43  public class RestrictedByFilter implements ACITupleFilter
44  {
45      public Collection filter( Collection tuples, OperationScope scope, DirectoryPartitionNexusProxy proxy, Collection userGroupNames, Name userName, Attributes userEntry, AuthenticationLevel authenticationLevel, Name entryName, String attrId, Object attrValue, Attributes entry, Collection microOperations ) throws NamingException
46      {
47          if( scope != OperationScope.ATTRIBUTE_TYPE_AND_VALUE )
48          {
49              return tuples;
50          }
51  
52          if( tuples.size() == 0 )
53          {
54              return tuples;
55          }
56  
57          for( Iterator i = tuples.iterator(); i.hasNext(); )
58          {
59              ACITuple tuple = ( ACITuple ) i.next();
60              if( !tuple.isGrant() )
61              {
62                  continue;
63              }
64  
65              if( isRemovable( tuple, attrId, attrValue, entry ) )
66              {
67                  i.remove();
68              }
69          }
70  
71          return tuples;
72      }
73  
74      public boolean isRemovable( ACITuple tuple, String attrId, Object attrValue, Attributes entry )
75      {
76          for( Iterator i = tuple.getProtectedItems().iterator(); i.hasNext(); )
77          {
78              ProtectedItem item = ( ProtectedItem ) i.next();
79              if( item instanceof ProtectedItem.RestrictedBy )
80              {
81                  ProtectedItem.RestrictedBy rb = ( ProtectedItem.RestrictedBy ) item;
82                  for( Iterator k = rb.iterator(); k.hasNext(); )
83                  {
84                      RestrictedByItem rbItem = ( RestrictedByItem ) k.next();
85                      if( attrId.equalsIgnoreCase( rbItem.getAttributeType() ) )
86                      {
87                          Attribute attr = entry.get( rbItem.getValuesIn() );
88                          if( attr == null || !attr.contains( attrValue ) )
89                          {
90                              return true;
91                          }
92                      }
93                  }
94              }
95          }
96  
97          return false;
98      }
99  
100 }