public interface AciEvalContext
Modifier and Type | Method and Description |
---|---|
List<Aci> |
getAllowList()
Get the list allow ACIs.
|
Dn |
getClientDN()
Get client DN.
|
Entry |
getClientEntry()
Get the client entry.
|
AttributeType |
getCurrentAttributeType()
Get the current attribute type being evaluated.
|
int |
getCurrentSSF()
Return the current SSF (Security Strength Factor) of the underlying connection.
|
String |
getDecidingAciName()
Return the name of the ACI that decided the last access evaluation.
|
List<Aci> |
getDenyList()
Get the list of deny ACIs.
|
EnumEvalReason |
getEvalReason()
Return the reason the last access evaluation was evaluated the way it was.
|
String |
getEvalSummary()
Return the access evaluation summary string.
|
String |
getHostName()
Get the hostname of the bound connection.
|
InetAddress |
getRemoteAddress()
Get the address of the bound connection.
|
Dn |
getResourceDN()
Get the resource DN.
|
Entry |
getResourceEntry()
Return the entry being evaluated .
|
int |
getRights()
Return the rights set for this container's LDAP operation.
|
String |
getTargAttrFiltersAciName()
Return the name of the ACI that last matched a targattrfilters rule.
|
boolean |
hasAuthenticationMethod(org.opends.server.authorization.dseecompat.EnumAuthMethod authMethod,
String saslMech)
Determine whether the client connection has been authenticated using a specified authentication method.
|
boolean |
hasRights(int rights)
Check if an evaluation context contains a set of access rights.
|
boolean |
hasTargAttrFiltersMatchAci(Aci aci)
The context maintains a hashtable of ACIs that matched the targattrfilters keyword evaluation.
|
boolean |
hasTargAttrFiltersMatchOp(int flag)
Return true if an ACI that evaluated to deny or allow has an targattrfilters keyword.
|
boolean |
isAddOperation()
Return true if this is an add operation needed by the userattr USERDN parent inheritance level 0 processing.
|
boolean |
isAnonymousUser()
Check if the remote client is bound anonymously.
|
boolean |
isDenyEval()
Returns true if the deny list is being evaluated.
|
boolean |
isGetEffectiveRightsEval()
Returns
true if the evaluation context is being used in a geteffectiverights control evaluation. |
boolean |
isMemberOf(Group<?> group)
Return true if the operation associated with this evaluation context is a member of the specified group.
|
boolean |
isTargAttrFilterMatchAciEmpty()
Returns true if the hashtable of ACIs that matched the targattrfilters keyword evaluation is empty.
|
String |
rightToString()
Return a string representation of the current right being evaluated.
|
void |
setEvalSummary(String summary)
Set the value of the summary string to the specified string.
|
void |
setEvaluationResult(EnumEvalReason reason,
Aci decidingAci)
Set the reason and the ACI that decided why the last access evaluation was evaluated the way it was.
|
void |
setTargAttrFiltersAciName(String name)
Set the name of the ACI that last matched a targattrfilters rule.
|
void |
setTargAttrFiltersMatchOp(int flag)
Set a flag that specifies that a ACI that evaluated to either deny or allow contains a targattrfilters keyword.
|
Dn getClientDN()
Entry getClientEntry()
Dn getResourceDN()
boolean isDenyEval()
boolean isAnonymousUser()
true
if client is bound anonymously.int getRights()
Entry getResourceEntry()
String getHostName()
boolean hasAuthenticationMethod(org.opends.server.authorization.dseecompat.EnumAuthMethod authMethod, String saslMech)
authMethod
- The required authentication method.saslMech
- The required SASL mechanism if the authentication method is SASL.InetAddress getRemoteAddress()
boolean isAddOperation()
true
if this is an add operation.boolean isMemberOf(Group<?> group)
group
- The group to check membership in.true
if the authorization DN of the operation is a member of the specified group.boolean isTargAttrFilterMatchAciEmpty()
true
if there were not any ACIs that matched targattrfilters keyword evaluation.boolean hasTargAttrFiltersMatchAci(Aci aci)
aci
- The ACI that to evaluate if it contains a match during targattrfilters keyword evaluation.true
if a specified ACI matched targattrfilters evaluation.boolean hasTargAttrFiltersMatchOp(int flag)
flag
- The integer value specifying either a deny or allow, but not both.true
if the ACI has an targattrfilters keyword.boolean isGetEffectiveRightsEval()
true
if the evaluation context is being used in a geteffectiverights control evaluation.true
if the evaluation context is being used in a geteffectiverights control evaluation.void setTargAttrFiltersAciName(String name)
name
- The ACI name string matching the targattrfilters rule.void setTargAttrFiltersMatchOp(int flag)
flag
- Either the integer value representing an allow or a deny, but not both.void setEvaluationResult(EnumEvalReason reason, Aci decidingAci)
reason
- The enumeration representing the reason of the last access evaluation.decidingAci
- The ACI that decided the last access evaluation.EnumEvalReason getEvalReason()
boolean hasRights(int rights)
rights
- The rights mask to check.true
if the evaluation context contains a access right set.String getDecidingAciName()
AttributeType getCurrentAttributeType()
void setEvalSummary(String summary)
summary
- The string to set the summary string toString getEvalSummary()
String rightToString()
String getTargAttrFiltersAciName()
int getCurrentSSF()
Copyright 2010-2022 ForgeRock AS.