public final class PolicyBasedAccessControlHandler extends AccessControlHandler<org.forgerock.opendj.server.config.server.PolicyBasedAccessControlHandlerCfg> implements RequestFilter
AccessController
.
Implementation notes: this class provides two policy enforcement points. Firstly, it inserts itself in the global
router filter chain by invoking PolicyBasedAccessControlRequestFilter.enable(RequestFilter)
, where it is
able to intercept all requests before they are processed by the global router. Secondly, as a side-effect of
implementing the AccessControlHandler
interface, it is also invoked at the local backend layer, after the
router. However, there is no additional access control performed - all of the AccessControlHandler
methods
are stubbed out.
Constructor and Description |
---|
PolicyBasedAccessControlHandler() |
Modifier and Type | Method and Description |
---|---|
io.reactivex.Flowable<org.forgerock.opendj.ldap.messages.Response> |
filter(org.forgerock.services.context.Context context,
org.forgerock.opendj.ldap.messages.Request request,
RequestHandler next)
Filters the request and/or response of an exchange.
|
void |
finalizeAccessControlHandler()
Performs any necessary finalization for the access control
handler implementation.
|
void |
initializeAccessControlHandler(org.forgerock.opendj.server.config.server.PolicyBasedAccessControlHandlerCfg configuration,
ServerContext serverContext)
Initializes the access control handler implementation based on
the information in the provided configuration entry.
|
boolean |
isConfigurationAcceptable(org.forgerock.opendj.server.config.server.AccessControlHandlerCfg configuration,
List<LocalizableMessage> unacceptableReasons,
ServerContext serverContext)
Indicates whether the provided configuration is acceptable for
this access control handler.
|
public PolicyBasedAccessControlHandler()
public void initializeAccessControlHandler(org.forgerock.opendj.server.config.server.PolicyBasedAccessControlHandlerCfg configuration, ServerContext serverContext) throws org.forgerock.opendj.config.server.ConfigException, InitializationException
AccessControlHandler
initializeAccessControlHandler
in class AccessControlHandler<org.forgerock.opendj.server.config.server.PolicyBasedAccessControlHandlerCfg>
configuration
- The configuration object that contains the information
to use to initialize this access control handler.serverContext
- the server context for this Directory Server instance.org.forgerock.opendj.config.server.ConfigException
- If an unrecoverable problem arises in the process of
performing the initialization.InitializationException
- If a problem occurs during initialization that is not
related to the server configuration.public boolean isConfigurationAcceptable(org.forgerock.opendj.server.config.server.AccessControlHandlerCfg configuration, List<LocalizableMessage> unacceptableReasons, ServerContext serverContext)
AccessControlHandler
isConfigurationAcceptable
in class AccessControlHandler<org.forgerock.opendj.server.config.server.PolicyBasedAccessControlHandlerCfg>
configuration
- The access control handler configuration for which to
make the determination.unacceptableReasons
- A list that may be used to hold the reasons that the
provided configuration is not acceptable.serverContext
- the server context for this Directory Server instance.true
if the provided configuration is acceptable
for this access control handler, or false
if not.public void finalizeAccessControlHandler()
AccessControlHandler
finalizeAccessControlHandler
in class AccessControlHandler<org.forgerock.opendj.server.config.server.PolicyBasedAccessControlHandlerCfg>
public io.reactivex.Flowable<org.forgerock.opendj.ldap.messages.Response> filter(org.forgerock.services.context.Context context, org.forgerock.opendj.ldap.messages.Request request, RequestHandler next) throws Exception
RequestFilter
next.handle(context, request)
.
This method may elect not to pass the request to the next filter or
handler, and instead handle the request itself. It can achieve this by
merely avoiding a call to next.handle(context, request)
and creating its own response object. The filter is also at liberty to
replace a response with another of its own by intercepting the response
returned by the next handler.
filter
in interface RequestFilter
context
- The request context.request
- The request.next
- The next filter or handler in the chain to handle the request.Flowable
representing the response to be returned to the
client.Exception
- If an error occurred during the processing of the request.Copyright © 2010-2017 ForgeRock AS. All Rights Reserved.