org.apache.directory.server.core.authz
Class DefaultAuthorizationService

java.lang.Object
  extended by org.apache.directory.server.core.interceptor.BaseInterceptor
      extended by org.apache.directory.server.core.authz.DefaultAuthorizationService
All Implemented Interfaces:
Interceptor

public class DefaultAuthorizationService
extends BaseInterceptor

An Interceptor that controls access to PartitionNexus. If a user tries to perform any operations that requires permission he or she doesn't have, NoPermissionException will be thrown and therefore the current invocation chain will terminate.

Version:
$Rev: 439118 $, $Date: 2006-08-31 20:29:40 -0400 (Thu, 31 Aug 2006) $
Author:
Apache Directory Project

Constructor Summary
DefaultAuthorizationService()
          Creates a new instance.
 
Method Summary
 void delete(NextInterceptor nextInterceptor, LdapDN name)
          Filters Partition#delete(org.apache.directory.shared.ldap.name.LdapDN) call.
 boolean hasEntry(NextInterceptor nextInterceptor, LdapDN name)
          Note that we do nothing here.
 void init(DirectoryServiceConfiguration factoryCfg, InterceptorConfiguration cfg)
          This method does nothing by default.
 javax.naming.NamingEnumeration list(NextInterceptor nextInterceptor, LdapDN base)
          Filters Partition#list(org.apache.directory.shared.ldap.name.LdapDN) call.
 javax.naming.directory.Attributes lookup(NextInterceptor nextInterceptor, LdapDN name)
          Filters Partition#lookup(org.apache.directory.shared.ldap.name.LdapDN) call.
 javax.naming.directory.Attributes lookup(NextInterceptor nextInterceptor, LdapDN name, java.lang.String[] attrIds)
          Filters Partition#lookup(org.apache.directory.shared.ldap.name.LdapDN,String[]) call.
 void modify(NextInterceptor nextInterceptor, LdapDN name, int modOp, javax.naming.directory.Attributes attrs)
          This policy needs to be really tight too because some attributes may take part in giving the user permissions to protected resources.
 void modify(NextInterceptor nextInterceptor, LdapDN name, javax.naming.directory.ModificationItem[] items)
          This policy needs to be really tight too because some attributes may take part in giving the user permissions to protected resources.
 void modifyRn(NextInterceptor nextInterceptor, LdapDN name, java.lang.String newRn, boolean deleteOldRn)
          Filters Partition#modifyRn(org.apache.directory.shared.ldap.name.LdapDN,String,boolean) call.
 void move(NextInterceptor nextInterceptor, LdapDN oriChildName, LdapDN newParentName)
          Filters Partition#move(org.apache.directory.shared.ldap.name.LdapDN,org.apache.directory.shared.ldap.name.LdapDN) call.
 void move(NextInterceptor nextInterceptor, LdapDN oriChildName, LdapDN newParentName, java.lang.String newRn, boolean deleteOldRn)
          Filters Partition#move(org.apache.directory.shared.ldap.name.LdapDN,org.apache.directory.shared.ldap.name.LdapDN,String,boolean) call.
 javax.naming.NamingEnumeration search(NextInterceptor nextInterceptor, LdapDN base, java.util.Map env, ExprNode filter, javax.naming.directory.SearchControls searchCtls)
          Filters Partition#search(org.apache.directory.shared.ldap.name.LdapDN,java.util.Map,org.apache.directory.shared.ldap.filter.ExprNode,javax.naming.directory.SearchControls) call.
 
Methods inherited from class org.apache.directory.server.core.interceptor.BaseInterceptor
add, addContextPartition, bind, compare, destroy, getContext, getMatchedName, getPrincipal, getRootDSE, getSuffix, isSuffix, listSuffixes, removeContextPartition, unbind
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

DefaultAuthorizationService

public DefaultAuthorizationService()
Creates a new instance.

Method Detail

init

public void init(DirectoryServiceConfiguration factoryCfg,
                 InterceptorConfiguration cfg)
          throws javax.naming.NamingException
Description copied from class: BaseInterceptor
This method does nothing by default.

Specified by:
init in interface Interceptor
Overrides:
init in class BaseInterceptor
Throws:
javax.naming.NamingException

delete

public void delete(NextInterceptor nextInterceptor,
                   LdapDN name)
            throws javax.naming.NamingException
Description copied from interface: Interceptor
Filters Partition#delete(org.apache.directory.shared.ldap.name.LdapDN) call.

Specified by:
delete in interface Interceptor
Overrides:
delete in class BaseInterceptor
Throws:
javax.naming.NamingException

hasEntry

public boolean hasEntry(NextInterceptor nextInterceptor,
                        LdapDN name)
                 throws javax.naming.NamingException
Note that we do nothing here. First because this is not an externally exposed function via the JNDI interfaces. It is used internally by the provider for optimization purposes so there is no reason for us to start to constrain it.

Specified by:
hasEntry in interface Interceptor
Overrides:
hasEntry in class BaseInterceptor
Throws:
javax.naming.NamingException

modify

public void modify(NextInterceptor nextInterceptor,
                   LdapDN name,
                   int modOp,
                   javax.naming.directory.Attributes attrs)
            throws javax.naming.NamingException
This policy needs to be really tight too because some attributes may take part in giving the user permissions to protected resources. We do not want users to self access these resources. As far as we're concerned no one but the admin needs access.

Specified by:
modify in interface Interceptor
Overrides:
modify in class BaseInterceptor
Throws:
javax.naming.NamingException

modify

public void modify(NextInterceptor nextInterceptor,
                   LdapDN name,
                   javax.naming.directory.ModificationItem[] items)
            throws javax.naming.NamingException
This policy needs to be really tight too because some attributes may take part in giving the user permissions to protected resources. We do not want users to self access these resources. As far as we're concerned no one but the admin needs access.

Specified by:
modify in interface Interceptor
Overrides:
modify in class BaseInterceptor
Throws:
javax.naming.NamingException

modifyRn

public void modifyRn(NextInterceptor nextInterceptor,
                     LdapDN name,
                     java.lang.String newRn,
                     boolean deleteOldRn)
              throws javax.naming.NamingException
Description copied from interface: Interceptor
Filters Partition#modifyRn(org.apache.directory.shared.ldap.name.LdapDN,String,boolean) call.

Specified by:
modifyRn in interface Interceptor
Overrides:
modifyRn in class BaseInterceptor
Throws:
javax.naming.NamingException

move

public void move(NextInterceptor nextInterceptor,
                 LdapDN oriChildName,
                 LdapDN newParentName)
          throws javax.naming.NamingException
Description copied from interface: Interceptor
Filters Partition#move(org.apache.directory.shared.ldap.name.LdapDN,org.apache.directory.shared.ldap.name.LdapDN) call.

Specified by:
move in interface Interceptor
Overrides:
move in class BaseInterceptor
Throws:
javax.naming.NamingException

move

public void move(NextInterceptor nextInterceptor,
                 LdapDN oriChildName,
                 LdapDN newParentName,
                 java.lang.String newRn,
                 boolean deleteOldRn)
          throws javax.naming.NamingException
Description copied from interface: Interceptor
Filters Partition#move(org.apache.directory.shared.ldap.name.LdapDN,org.apache.directory.shared.ldap.name.LdapDN,String,boolean) call.

Specified by:
move in interface Interceptor
Overrides:
move in class BaseInterceptor
Throws:
javax.naming.NamingException

lookup

public javax.naming.directory.Attributes lookup(NextInterceptor nextInterceptor,
                                                LdapDN name)
                                         throws javax.naming.NamingException
Description copied from interface: Interceptor
Filters Partition#lookup(org.apache.directory.shared.ldap.name.LdapDN) call.

Specified by:
lookup in interface Interceptor
Overrides:
lookup in class BaseInterceptor
Throws:
javax.naming.NamingException

lookup

public javax.naming.directory.Attributes lookup(NextInterceptor nextInterceptor,
                                                LdapDN name,
                                                java.lang.String[] attrIds)
                                         throws javax.naming.NamingException
Description copied from interface: Interceptor
Filters Partition#lookup(org.apache.directory.shared.ldap.name.LdapDN,String[]) call.

Specified by:
lookup in interface Interceptor
Overrides:
lookup in class BaseInterceptor
Throws:
javax.naming.NamingException

search

public javax.naming.NamingEnumeration search(NextInterceptor nextInterceptor,
                                             LdapDN base,
                                             java.util.Map env,
                                             ExprNode filter,
                                             javax.naming.directory.SearchControls searchCtls)
                                      throws javax.naming.NamingException
Description copied from interface: Interceptor
Filters Partition#search(org.apache.directory.shared.ldap.name.LdapDN,java.util.Map,org.apache.directory.shared.ldap.filter.ExprNode,javax.naming.directory.SearchControls) call.

Specified by:
search in interface Interceptor
Overrides:
search in class BaseInterceptor
Throws:
javax.naming.NamingException

list

public javax.naming.NamingEnumeration list(NextInterceptor nextInterceptor,
                                           LdapDN base)
                                    throws javax.naming.NamingException
Description copied from interface: Interceptor
Filters Partition#list(org.apache.directory.shared.ldap.name.LdapDN) call.

Specified by:
list in interface Interceptor
Overrides:
list in class BaseInterceptor
Throws:
javax.naming.NamingException