org.apache.ldap.server.authz
Class AuthorizationService

java.lang.Object
  extended byorg.apache.ldap.server.interceptor.BaseInterceptor
      extended byorg.apache.ldap.server.authz.AuthorizationService
All Implemented Interfaces:
Interceptor

public class AuthorizationService
extends BaseInterceptor

An Interceptor that controls access to ContextPartitionNexus. If a user tries to perform any operations that requires permission he or she doesn't have, NoPermissionException will be thrown and therefore the current invocation chain will terminate.

Version:
$Rev: 264732 $, $Date: 2005-08-30 04:04:51 -0400 (Tue, 30 Aug 2005) $
Author:
Apache Directory Project

Constructor Summary
AuthorizationService()
          Creates a new instance.
 
Method Summary
 void delete(NextInterceptor nextInterceptor, javax.naming.Name name)
          Filters ContextPartition#delete(Name) call.
 boolean hasEntry(NextInterceptor nextInterceptor, javax.naming.Name name)
          Note that we do nothing here.
 void init(ContextFactoryConfiguration factoryCfg, InterceptorConfiguration cfg)
          This method does nothing by default.
 javax.naming.NamingEnumeration list(NextInterceptor nextInterceptor, javax.naming.Name base)
          Filters ContextPartition#list(Name) call.
 javax.naming.directory.Attributes lookup(NextInterceptor nextInterceptor, javax.naming.Name name)
          Filters ContextPartition#lookup(Name) call.
 javax.naming.directory.Attributes lookup(NextInterceptor nextInterceptor, javax.naming.Name name, java.lang.String[] attrIds)
          Filters ContextPartition#lookup(Name, String[]) call.
 void modify(NextInterceptor nextInterceptor, javax.naming.Name name, int modOp, javax.naming.directory.Attributes attrs)
          This policy needs to be really tight too because some attributes may take part in giving the user permissions to protected resources.
 void modify(NextInterceptor nextInterceptor, javax.naming.Name name, javax.naming.directory.ModificationItem[] items)
          This policy needs to be really tight too because some attributes may take part in giving the user permissions to protected resources.
 void modifyRn(NextInterceptor nextInterceptor, javax.naming.Name name, java.lang.String newRn, boolean deleteOldRn)
          Filters ContextPartition#modifyRn(Name, String, boolean) call.
 void move(NextInterceptor nextInterceptor, javax.naming.Name oriChildName, javax.naming.Name newParentName)
          Filters ContextPartition#move(Name, Name) call.
 void move(NextInterceptor nextInterceptor, javax.naming.Name oriChildName, javax.naming.Name newParentName, java.lang.String newRn, boolean deleteOldRn)
          Filters ContextPartition#move(Name, Name, String, boolean) call.
 javax.naming.NamingEnumeration search(NextInterceptor nextInterceptor, javax.naming.Name base, java.util.Map env, org.apache.ldap.common.filter.ExprNode filter, javax.naming.directory.SearchControls searchCtls)
          Filters ContextPartition#search(Name, Map, ExprNode, SearchControls) call.
 
Methods inherited from class org.apache.ldap.server.interceptor.BaseInterceptor
add, addContextPartition, destroy, getContext, getMatchedName, getPrincipal, getRootDSE, getSuffix, isSuffix, listSuffixes, removeContextPartition
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

AuthorizationService

public AuthorizationService()
Creates a new instance.

Method Detail

init

public void init(ContextFactoryConfiguration factoryCfg,
                 InterceptorConfiguration cfg)
          throws javax.naming.NamingException
Description copied from class: BaseInterceptor
This method does nothing by default.

Specified by:
init in interface Interceptor
Overrides:
init in class BaseInterceptor
Throws:
javax.naming.NamingException

delete

public void delete(NextInterceptor nextInterceptor,
                   javax.naming.Name name)
            throws javax.naming.NamingException
Description copied from interface: Interceptor
Filters ContextPartition.delete(Name) call.

Specified by:
delete in interface Interceptor
Overrides:
delete in class BaseInterceptor
Throws:
javax.naming.NamingException

hasEntry

public boolean hasEntry(NextInterceptor nextInterceptor,
                        javax.naming.Name name)
                 throws javax.naming.NamingException
Note that we do nothing here. First because this is not an externally exposed function via the JNDI interfaces. It is used internally by the provider for optimization purposes so there is no reason for us to start to constrain it.

Specified by:
hasEntry in interface Interceptor
Overrides:
hasEntry in class BaseInterceptor
Throws:
javax.naming.NamingException

modify

public void modify(NextInterceptor nextInterceptor,
                   javax.naming.Name name,
                   int modOp,
                   javax.naming.directory.Attributes attrs)
            throws javax.naming.NamingException
This policy needs to be really tight too because some attributes may take part in giving the user permissions to protected resources. We do not want users to self access these resources. As far as we're concerned no one but the admin needs access.

Specified by:
modify in interface Interceptor
Overrides:
modify in class BaseInterceptor
Throws:
javax.naming.NamingException

modify

public void modify(NextInterceptor nextInterceptor,
                   javax.naming.Name name,
                   javax.naming.directory.ModificationItem[] items)
            throws javax.naming.NamingException
This policy needs to be really tight too because some attributes may take part in giving the user permissions to protected resources. We do not want users to self access these resources. As far as we're concerned no one but the admin needs access.

Specified by:
modify in interface Interceptor
Overrides:
modify in class BaseInterceptor
Throws:
javax.naming.NamingException

modifyRn

public void modifyRn(NextInterceptor nextInterceptor,
                     javax.naming.Name name,
                     java.lang.String newRn,
                     boolean deleteOldRn)
              throws javax.naming.NamingException
Description copied from interface: Interceptor
Filters ContextPartition.modifyRn(Name, String, boolean) call.

Specified by:
modifyRn in interface Interceptor
Overrides:
modifyRn in class BaseInterceptor
Throws:
javax.naming.NamingException

move

public void move(NextInterceptor nextInterceptor,
                 javax.naming.Name oriChildName,
                 javax.naming.Name newParentName)
          throws javax.naming.NamingException
Description copied from interface: Interceptor
Filters ContextPartition.move(Name, Name) call.

Specified by:
move in interface Interceptor
Overrides:
move in class BaseInterceptor
Throws:
javax.naming.NamingException

move

public void move(NextInterceptor nextInterceptor,
                 javax.naming.Name oriChildName,
                 javax.naming.Name newParentName,
                 java.lang.String newRn,
                 boolean deleteOldRn)
          throws javax.naming.NamingException
Description copied from interface: Interceptor
Filters ContextPartition.move(Name, Name, String, boolean) call.

Specified by:
move in interface Interceptor
Overrides:
move in class BaseInterceptor
Throws:
javax.naming.NamingException

lookup

public javax.naming.directory.Attributes lookup(NextInterceptor nextInterceptor,
                                                javax.naming.Name name)
                                         throws javax.naming.NamingException
Description copied from interface: Interceptor
Filters ContextPartition.lookup(Name) call.

Specified by:
lookup in interface Interceptor
Overrides:
lookup in class BaseInterceptor
Throws:
javax.naming.NamingException

lookup

public javax.naming.directory.Attributes lookup(NextInterceptor nextInterceptor,
                                                javax.naming.Name name,
                                                java.lang.String[] attrIds)
                                         throws javax.naming.NamingException
Description copied from interface: Interceptor
Filters ContextPartition.lookup(Name, String[]) call.

Specified by:
lookup in interface Interceptor
Overrides:
lookup in class BaseInterceptor
Throws:
javax.naming.NamingException

search

public javax.naming.NamingEnumeration search(NextInterceptor nextInterceptor,
                                             javax.naming.Name base,
                                             java.util.Map env,
                                             org.apache.ldap.common.filter.ExprNode filter,
                                             javax.naming.directory.SearchControls searchCtls)
                                      throws javax.naming.NamingException
Description copied from interface: Interceptor
Filters ContextPartition.search(Name, Map, ExprNode, SearchControls) call.

Specified by:
search in interface Interceptor
Overrides:
search in class BaseInterceptor
Throws:
javax.naming.NamingException

list

public javax.naming.NamingEnumeration list(NextInterceptor nextInterceptor,
                                           javax.naming.Name base)
                                    throws javax.naming.NamingException
Description copied from interface: Interceptor
Filters ContextPartition.list(Name) call.

Specified by:
list in interface Interceptor
Overrides:
list in class BaseInterceptor
Throws:
javax.naming.NamingException


Copyright © 2002-2005 . All Rights Reserved.