public final class AciEffectiveRights extends Object
Modifier and Type | Method and Description |
---|---|
static void |
addRightsToEntry(AciHandler handler,
Set<String> searchAttributes,
AciLDAPOperationContainer container,
Entry e,
boolean skipCheck)
Attempts to add the geteffectiverights asked for in the search to the entry being returned.
|
static String |
createSummary(AciEvalContext evalCtx,
boolean evalRet)
Create the summary string used in the aclRightsInfo log string.
|
static void |
finalizeOnShutdown()
Finalizes static variables on shutdown so that we release the memory associated with them (for the unit tests)
and get fresh copies if we're doing an in-core restart.
|
static boolean |
setTargAttrAci(AciEvalContext evalCtx,
Aci aci,
boolean denyAci)
If the specified ACI is in the targattrfilters hashtable contained in the evaluation context, set the evaluation
context's targattrfilters match variable to either ACL_TARGATTR_DENY_MATCH or ACL_TARGATTR_ALLOW_MATCH depending
on the value of the variable denyAci.
|
public static void addRightsToEntry(AciHandler handler, Set<String> searchAttributes, AciLDAPOperationContainer container, Entry e, boolean skipCheck)
acl_summary(main): access_not_allowed(proxy) on entry/attr(uid=proxieduser,ou=acis,dc=example,dc=com, NULL)
to (uid=superuser,ou=acis,dc=example,dc=com) (not proxied) (reason: no acis matched the resource )
The aclRights attribute will return a simple string with the following format:
add:0,delete:0,read:1,write:?,proxy:0
A 0 represents access denied, 1 access allowed and ? that evaluation depends on a value of an attribute
(targattrfilter keyword present in ACI).
There are two levels of rights information:
handler
- The ACI handler to use in the evaluation.searchAttributes
- The attributes requested in the search.container
- The LDAP operation container to use in the evaluations.e
- The entry to add the rights attributes to.skipCheck
- True if ACI evaluation was skipped because bypass-acl privilege was found.public static String createSummary(AciEvalContext evalCtx, boolean evalRet)
evalCtx
- The evaluation context to gather information from.evalRet
- The value returned from the access evaluation.public static boolean setTargAttrAci(AciEvalContext evalCtx, Aci aci, boolean denyAci)
evalCtx
- The evaluation context to evaluate and save information to.aci
- The ACI to match.denyAci
- True if the evaluation was a allow, false if the evaluation was an deny or the ACI is not in the
table.public static void finalizeOnShutdown()
Copyright 2010-2022 ForgeRock AS.