1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19 package org.apache.ldap.server.authz.support;
20
21 import java.util.ArrayList;
22 import java.util.Collection;
23 import java.util.Iterator;
24
25 import javax.naming.Name;
26 import javax.naming.NamingException;
27 import javax.naming.directory.Attributes;
28
29 import org.apache.ldap.common.aci.ACITuple;
30 import org.apache.ldap.common.aci.AuthenticationLevel;
31 import org.apache.ldap.common.aci.ProtectedItem;
32 import org.apache.ldap.server.partition.DirectoryPartitionNexusProxy;
33
34
35 /***
36 * An {@link ACITupleFilter} that chooses the tuples with the most specific
37 * protected item. (18.8.4.3, X.501)
38 * <p>
39 * If more than one tuple remains, choose the tuples with the most specific
40 * protected item. If the protected item is an attribute and there are tuples
41 * that specify the attribute type explicitly, discard all other tuples. If
42 * the protected item is an attribute value, and there are tuples that specify
43 * the attribute value explicitly, discard all other tuples. A protected item
44 * which is a rangeOfValues is to be treated as specifying an attribute value
45 * explicitly.
46 *
47 * @author The Apache Directory Project
48 * @version $Rev: 326050 $, $Date: 2005-10-18 04:19:14 -0400 (Tue, 18 Oct 2005) $
49 */
50 public class MostSpecificProtectedItemFilter implements ACITupleFilter
51 {
52 public Collection filter( Collection tuples, OperationScope scope, DirectoryPartitionNexusProxy proxy, Collection userGroupNames, Name userName, Attributes userEntry, AuthenticationLevel authenticationLevel, Name entryName, String attrId, Object attrValue, Attributes entry, Collection microOperations ) throws NamingException
53 {
54 if( tuples.size() <= 1 )
55 {
56 return tuples;
57 }
58
59 Collection filteredTuples = new ArrayList();
60
61
62
63 for( Iterator i = tuples.iterator(); i.hasNext(); )
64 {
65 ACITuple tuple = ( ACITuple ) i.next();
66 for( Iterator j = tuple.getProtectedItems().iterator(); j.hasNext(); )
67 {
68 ProtectedItem item = ( ProtectedItem ) j.next();
69 if( item instanceof ProtectedItem.AttributeType ||
70 item instanceof ProtectedItem.AllAttributeValues ||
71 item instanceof ProtectedItem.SelfValue ||
72 item instanceof ProtectedItem.AttributeValue )
73 {
74 filteredTuples.add( tuple );
75 break;
76 }
77 }
78 }
79
80 if( filteredTuples.size() > 0 )
81 {
82 return filteredTuples;
83 }
84
85
86
87
88
89 for( Iterator i = tuples.iterator(); i.hasNext(); )
90 {
91 ACITuple tuple = ( ACITuple ) i.next();
92 for( Iterator j = tuple.getProtectedItems().iterator(); j.hasNext(); )
93 {
94 ProtectedItem item = ( ProtectedItem ) j.next();
95 if( item instanceof ProtectedItem.RangeOfValues )
96 {
97 filteredTuples.add( tuple );
98 }
99 }
100 }
101
102 if( filteredTuples.size() > 0 )
103 {
104 return filteredTuples;
105 }
106
107 return tuples;
108 }
109 }