Package org.opends.server.authorization.policy

Contains the policy based access control handler implementation.

See: Description

Class Summary

Class	Description
PolicyBasedAccessControlHandler	Provides coarse grained access control for all operations, regardless of whether they are destined for local or proxy backends.

Enum Summary

Enum	Description
PolicyBasedAccessControlRequestFilter	A singleton RequestFilter which is always present in the global router and is responsible for delegating access control decisions to the policy based access control handler, PolicyBasedAccessControlHandler, if enabled, or simply forwarding requests if the handler is disabled.

Package org.opends.server.authorization.policy Description

Contains the policy based access control handler implementation.

The main entry point is PolicyBasedAccessControlHandler, which acts as a bridge between the server's configuration framework and the global RequestFilter, PolicyBasedAccessControlRequestFilter, which acts as the policy enforcement point. The filter creates a new AccessController for each request. The access controller is responsible for performing access control decisions, i.e. deciding whether a request is allowed as well as filtering out disallowed attributes from search results. Instances of GlobalPolicy represent a single global access control policy configuration entry. An access control decision proceeds by determining which global policies apply to the client, then the focus is further restricted by determining which of the remaining policies applies to the request. Finally, the effective access rights applicable to the request are computed as the union of the remaining policies' permissions.