public final class GetEffectiveRightsRequestControl extends Object implements Control
GetRightsControl ::= SEQUENCE { authzId authzId -- Only the "dn:DN" form is supported. attributes SEQUENCE OF AttributeType }You can use the control to retrieve effective rights during a search:
String authDN = ...; SearchRequest request = Requests.newSearchRequest( "dc=example,dc=com", SearchScope.WHOLE_SUBTREE, "(uid=bjensen)", "cn", "aclRights", "aclRightsInfo") .addControl(GetEffectiveRightsRequestControl.newControl( true, authDN, "cn")); ConnectionEntryReader reader = connection.search(request); while (reader.hasNext()) { if (!reader.isReference()) { SearchResultEntry entry = reader.readEntry(); // Interpret aclRights and aclRightsInfo } }The entries returned by the search hold the
aclRights
and
aclRightsInfo
attributes with the effective rights information. You
must parse the attribute options and values to interpret the information.Modifier and Type | Field and Description |
---|---|
static ControlDecoder<GetEffectiveRightsRequestControl> |
DECODER
A decoder which can be used for decoding the get effective rights request control.
|
static String |
OID
The OID for the get effective rights request control.
|
Modifier and Type | Method and Description |
---|---|
Collection<AttributeType> |
getAttributes()
Returns an unmodifiable list of attributes for which effective rights are
to be returned, which may be empty indicating that no attribute rights
are to be returned.
|
Dn |
getAuthorizationName()
Returns the distinguished name of the user for which effective rights are
to be returned, or
null if the client's authentication ID is to
be used. |
String |
getOid()
Returns the numeric OID associated with this control.
|
ByteString |
getValue()
Returns the value, if any, associated with this control.
|
boolean |
hasValue()
Returns
true if this control has a value. |
boolean |
isCritical()
Returns
true if it is unacceptable to perform the operation
without applying the semantics of this control. |
static GetEffectiveRightsRequestControl |
newControl(boolean isCritical,
Dn authorizationName,
Collection<AttributeType> attributes)
Creates a new get effective rights request control with the provided
criticality, optional authorization name and attribute list.
|
static GetEffectiveRightsRequestControl |
newControl(boolean isCritical,
String authorizationName,
String... attributes)
Creates a new get effective rights request control with the provided
criticality, optional authorization name and attribute list.
|
String |
toString() |
public static final String OID
public static final ControlDecoder<GetEffectiveRightsRequestControl> DECODER
public static GetEffectiveRightsRequestControl newControl(boolean isCritical, Dn authorizationName, Collection<AttributeType> attributes)
isCritical
- true
if it is unacceptable to perform the operation
without applying the semantics of this control, or
false
if it can be ignored.authorizationName
- The distinguished name of the user for which effective rights
are to be returned, or null
if the client's
authentication ID is to be used.attributes
- The list of attributes for which effective rights are to be
returned, which may be empty indicating that no attribute
rights are to be returned.NullPointerException
- If attributes
was null
.public static GetEffectiveRightsRequestControl newControl(boolean isCritical, String authorizationName, String... attributes)
isCritical
- true
if it is unacceptable to perform the operation
without applying the semantics of this control, or
false
if it can be ignored.authorizationName
- The distinguished name of the user for which effective rights
are to be returned, or null
if the client's
authentication ID is to be used.attributes
- The list of attributes for which effective rights are to be
returned, which may be empty indicating that no attribute
rights are to be returned.UnknownSchemaElementException
- If the default schema is a strict schema and one or more of
the requested attribute types were not recognized.LocalizedIllegalArgumentException
- If authorizationName
is not a valid LDAP string
representation of a DN.NullPointerException
- If attributes
was null
.public Collection<AttributeType> getAttributes()
public Dn getAuthorizationName()
null
if the client's authentication ID is to
be used.public String getOid()
Control
public ByteString getValue()
Control
public boolean hasValue()
Control
true
if this control has a value. In some circumstances
it may be useful to determine if a control has a value, without actually
calculating the value and incurring any performance costs.public boolean isCritical()
Control
true
if it is unacceptable to perform the operation
without applying the semantics of this control.
The criticality field only has meaning in controls attached to request
messages (except UnbindRequest). For controls attached to response
messages and the UnbindRequest, the criticality field SHOULD be
false
, and MUST be ignored by the receiving protocol peer. A
value of true
indicates that it is unacceptable to perform the
operation without applying the semantics of the control.
isCritical
in interface Control
true
if this control must be processed by the Directory
Server, or false
if it can be ignored.Copyright 2010-2022 ForgeRock AS.