View Javadoc

1   /*
2    *   @(#) $Id: MaxImmSubFilter.java 326083 2005-10-18 10:59:38Z akarasulu $
3    *   
4    *   Copyright 2004 The Apache Software Foundation
5    *
6    *   Licensed under the Apache License, Version 2.0 (the "License");
7    *   you may not use this file except in compliance with the License.
8    *   You may obtain a copy of the License at
9    *
10   *       http://www.apache.org/licenses/LICENSE-2.0
11   *
12   *   Unless required by applicable law or agreed to in writing, software
13   *   distributed under the License is distributed on an "AS IS" BASIS,
14   *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15   *   See the License for the specific language governing permissions and
16   *   limitations under the License.
17   *
18   */
19  package org.apache.ldap.server.authz.support;
20  
21  import java.util.*;
22  
23  import javax.naming.Name;
24  import javax.naming.NamingEnumeration;
25  import javax.naming.NamingException;
26  import javax.naming.directory.Attributes;
27  import javax.naming.directory.SearchControls;
28  
29  import org.apache.ldap.common.aci.ACITuple;
30  import org.apache.ldap.common.aci.AuthenticationLevel;
31  import org.apache.ldap.common.aci.ProtectedItem;
32  import org.apache.ldap.common.filter.ExprNode;
33  import org.apache.ldap.common.filter.PresenceNode;
34  import org.apache.ldap.server.partition.DirectoryPartitionNexusProxy;
35  
36  
37  /***
38   * An {@link ACITupleFilter} that discards all tuples that doesn't satisfy
39   * {@link ProtectedItem.MaxImmSub} constraint if available. (18.8.3.3, X.501)
40   *
41   * @author The Apache Directory Project
42   * @version $Rev: 326083 $, $Date: 2005-10-18 06:59:38 -0400 (Tue, 18 Oct 2005) $
43   */
44  public class MaxImmSubFilter implements ACITupleFilter
45  {
46      private final ExprNode childrenFilter;
47      private final SearchControls childrenSearchControls;
48  
49      public MaxImmSubFilter()
50      {
51          childrenFilter = new PresenceNode( "objectClass" );
52          childrenSearchControls = new SearchControls();
53          childrenSearchControls.setSearchScope( SearchControls.ONELEVEL_SCOPE );
54      }
55  
56      public Collection filter( Collection tuples, OperationScope scope, DirectoryPartitionNexusProxy proxy, Collection userGroupNames, Name userName, Attributes userEntry, AuthenticationLevel authenticationLevel, Name entryName, String attrId, Object attrValue, Attributes entry, Collection microOperations ) throws NamingException
57      {
58          if( entryName.size() == 0 )
59          {
60              return tuples;
61          }
62  
63          if( tuples.size() == 0 )
64          {
65              return tuples;
66          }
67  
68          if( scope != OperationScope.ENTRY )
69          {
70              return tuples;
71          }
72  
73          int immSubCount = -1;
74  
75          for( Iterator i = tuples.iterator(); i.hasNext(); )
76          {
77              ACITuple tuple = ( ACITuple ) i.next();
78              if( !tuple.isGrant() )
79              {
80                  continue;
81              }
82  
83              for( Iterator j = tuple.getProtectedItems().iterator(); j.hasNext(); )
84              {
85                  ProtectedItem item = ( ProtectedItem ) j.next();
86                  if( item instanceof ProtectedItem.MaxImmSub )
87                  {
88                      if( immSubCount < 0 )
89                      {
90                          immSubCount = getImmSubCount( proxy, entryName );
91                      }
92  
93                      ProtectedItem.MaxImmSub mis = ( ProtectedItem.MaxImmSub ) item;
94                      if( immSubCount >= mis.getValue() )
95                      {
96                          i.remove();
97                          break;
98                      }
99                  }
100             }
101         }
102 
103         return tuples;
104     }
105 
106 
107     public static final Collection SEARCH_BYPASS;
108     static
109     {
110         Collection c = new HashSet();
111         c.add( "normalizationService" );
112         c.add( "authenticationService" );
113         c.add( "authorizationService" );
114         c.add( "oldAuthorizationService" );
115         c.add( "schemaService" );
116         c.add( "subentryService" );
117         c.add( "operationalAttributeService" );
118         c.add( "eventService" );
119         SEARCH_BYPASS = Collections.unmodifiableCollection( c );
120     }
121 
122 
123     private int getImmSubCount( DirectoryPartitionNexusProxy proxy, Name entryName ) throws NamingException
124     {
125         int cnt = 0;
126         NamingEnumeration e = null;
127         try
128         {
129             e = proxy.search(
130                 entryName.getPrefix( 1 ), new HashMap(),
131                 childrenFilter, childrenSearchControls, SEARCH_BYPASS );
132 
133             while( e.hasMore() )
134             {
135                 e.next();
136                 cnt ++;
137             }
138 
139         }
140         finally
141         {
142             if( e != null )
143             {
144                 e.close();
145             }
146         }
147 
148         return cnt;
149     }
150 
151 }