1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19 package org.apache.ldap.server.authz.support;
20
21 import java.util.Collection;
22 import java.util.Iterator;
23
24 import javax.naming.Name;
25 import javax.naming.NamingException;
26 import javax.naming.directory.Attribute;
27 import javax.naming.directory.Attributes;
28
29 import org.apache.ldap.common.aci.ACITuple;
30 import org.apache.ldap.common.aci.AuthenticationLevel;
31 import org.apache.ldap.common.aci.ProtectedItem;
32 import org.apache.ldap.common.aci.ProtectedItem.RestrictedByItem;
33 import org.apache.ldap.server.partition.DirectoryPartitionNexusProxy;
34
35
36 /***
37 * An {@link ACITupleFilter} that discards all tuples that doesn't satisfy
38 * {@link ProtectedItem.RestrictedBy} constraint if available. (18.8.3.3, X.501)
39 *
40 * @author The Apache Directory Proejct
41 * @version $Rev: 326050 $, $Date: 2005-10-18 04:19:14 -0400 (Tue, 18 Oct 2005) $
42 */
43 public class RestrictedByFilter implements ACITupleFilter
44 {
45 public Collection filter( Collection tuples, OperationScope scope, DirectoryPartitionNexusProxy proxy, Collection userGroupNames, Name userName, Attributes userEntry, AuthenticationLevel authenticationLevel, Name entryName, String attrId, Object attrValue, Attributes entry, Collection microOperations ) throws NamingException
46 {
47 if( scope != OperationScope.ATTRIBUTE_TYPE_AND_VALUE )
48 {
49 return tuples;
50 }
51
52 if( tuples.size() == 0 )
53 {
54 return tuples;
55 }
56
57 for( Iterator i = tuples.iterator(); i.hasNext(); )
58 {
59 ACITuple tuple = ( ACITuple ) i.next();
60 if( !tuple.isGrant() )
61 {
62 continue;
63 }
64
65 if( isRemovable( tuple, attrId, attrValue, entry ) )
66 {
67 i.remove();
68 }
69 }
70
71 return tuples;
72 }
73
74 public boolean isRemovable( ACITuple tuple, String attrId, Object attrValue, Attributes entry )
75 {
76 for( Iterator i = tuple.getProtectedItems().iterator(); i.hasNext(); )
77 {
78 ProtectedItem item = ( ProtectedItem ) i.next();
79 if( item instanceof ProtectedItem.RestrictedBy )
80 {
81 ProtectedItem.RestrictedBy rb = ( ProtectedItem.RestrictedBy ) item;
82 for( Iterator k = rb.iterator(); k.hasNext(); )
83 {
84 RestrictedByItem rbItem = ( RestrictedByItem ) k.next();
85 if( attrId.equalsIgnoreCase( rbItem.getAttributeType() ) )
86 {
87 Attribute attr = entry.get( rbItem.getValuesIn() );
88 if( attr == null || !attr.contains( attrValue ) )
89 {
90 return true;
91 }
92 }
93 }
94 }
95 }
96
97 return false;
98 }
99
100 }