AciEvalContext (OpenDJ Public API Javadoc 6.5.6 Documentation)

All Known Implementing Classes:

AciLDAPOperationContainer
```
public interface AciEvalContext
```
Interface that provides a view of the AciContainer that is used by the ACI evaluation code to evaluate an ACI.

Method Summary

All Methods Instance Methods Abstract Methods
Modifier and Type	Method and Description
`List<Aci>`	`getAllowList()` Get the list allow ACIs.
`Dn`	`getClientDN()` Get client DN.
`Entry`	`getClientEntry()` Get the client entry.
`AttributeType`	`getCurrentAttributeType()` Get the current attribute type being evaluated.
`int`	`getCurrentSSF()` Return the current SSF (Security Strength Factor) of the underlying connection.
`String`	`getDecidingAciName()` Return the name of the ACI that decided the last access evaluation.
`List<Aci>`	`getDenyList()` Get the list of deny ACIs.
`EnumEvalReason`	`getEvalReason()` Return the reason the last access evaluation was evaluated the way it was.
`String`	`getEvalSummary()` Return the access evaluation summary string.
`String`	`getHostName()` Get the hostname of the bound connection.
`InetAddress`	`getRemoteAddress()` Get the address of the bound connection.
`Dn`	`getResourceDN()` Get the resource DN.
`Entry`	`getResourceEntry()` Return the entry being evaluated .
`int`	`getRights()` Return the rights set for this container's LDAP operation.
`String`	`getTargAttrFiltersAciName()` Return the name of the ACI that last matched a targattrfilters rule.
`boolean`	`hasAuthenticationMethod(org.opends.server.authorization.dseecompat.EnumAuthMethod authMethod, String saslMech)` Determine whether the client connection has been authenticated using a specified authentication method.
`boolean`	`hasRights(int rights)` Check if an evaluation context contains a set of access rights.
`boolean`	`hasTargAttrFiltersMatchAci(Aci aci)` The context maintains a hashtable of ACIs that matched the targattrfilters keyword evaluation.
`boolean`	`hasTargAttrFiltersMatchOp(int flag)` Return true if an ACI that evaluated to deny or allow has an targattrfilters keyword.
`boolean`	`isAddOperation()` Return true if this is an add operation needed by the userattr USERDN parent inheritance level 0 processing.
`boolean`	`isAnonymousUser()` Check if the remote client is bound anonymously.
`boolean`	`isDenyEval()` Returns true if the deny list is being evaluated.
`boolean`	`isGetEffectiveRightsEval()` Returns `true` if the evaluation context is being used in a geteffectiverights control evaluation.
`boolean`	`isMemberOf(Group<?> group)` Return true if the operation associated with this evaluation context is a member of the specified group.
`boolean`	`isTargAttrFilterMatchAciEmpty()` Returns true if the hashtable of ACIs that matched the targattrfilters keyword evaluation is empty.
`String`	`rightToString()` Return a string representation of the current right being evaluated.
`void`	`setEvalSummary(String summary)` Set the value of the summary string to the specified string.
`void`	`setEvaluationResult(EnumEvalReason reason, Aci decidingAci)` Set the reason and the ACI that decided why the last access evaluation was evaluated the way it was.
`void`	`setTargAttrFiltersAciName(String name)` Set the name of the ACI that last matched a targattrfilters rule.
`void`	`setTargAttrFiltersMatchOp(int flag)` Set a flag that specifies that a ACI that evaluated to either deny or allow contains a targattrfilters keyword.

- Method Detail
  - getClientDN
```
Dn getClientDN()
```
    Get client DN. The client DN is the authorization DN.
    
    Returns:
    
    The client DN.
  - getClientEntry
```
Entry getClientEntry()
```
    Get the client entry. The client entry is the entry that corresponds to the client DN.
    
    Returns:
    
    The client entry corresponding to the client DN.
  - getResourceDN
```
Dn getResourceDN()
```
    Get the resource DN. The resource DN is the DN of the entry being evaluated.
    
    Returns:
    
    The resource DN.
  - getDenyList
```
List<Aci> getDenyList()
```
    Get the list of deny ACIs.
    
    Returns:
    
    The deny ACI list.
  - getAllowList
```
List<Aci> getAllowList()
```
    Get the list allow ACIs.
    
    Returns:
    
    The allow ACI list.
  - isDenyEval
```
boolean isDenyEval()
```
    Returns true if the deny list is being evaluated.
    
    Returns:
    
    True if the deny list is being evaluated.
  - isAnonymousUser
```
boolean isAnonymousUser()
```
    Check if the remote client is bound anonymously.
    
    Returns:
    
    true if client is bound anonymously.
  - getRights
```
int getRights()
```
    Return the rights set for this container's LDAP operation.
    
    Returns:
    
    The rights set for the container's LDAP operation.
  - getResourceEntry
```
Entry getResourceEntry()
```
    Return the entry being evaluated .
    
    Returns:
    
    The evaluation entry.
  - getHostName
```
String getHostName()
```
    Get the hostname of the bound connection.
    
    Returns:
    
    The hostname of the connection.
  - hasAuthenticationMethod
```
boolean hasAuthenticationMethod(org.opends.server.authorization.dseecompat.EnumAuthMethod authMethod,
                                String saslMech)
```
    Determine whether the client connection has been authenticated using a specified authentication method. This method is used for the authmethod bind rule keyword.
    
    Parameters:
    
    authMethod - The required authentication method.
    
    saslMech - The required SASL mechanism if the authentication method is SASL.
    
    Returns:
    
    An evaluation result indicating whether the client connection has been authenticated using the required authentication method.
  - getRemoteAddress
```
InetAddress getRemoteAddress()
```
    Get the address of the bound connection.
    
    Returns:
    
    The address of the bound connection.
  - isAddOperation
```
boolean isAddOperation()
```
    Return true if this is an add operation needed by the userattr USERDN parent inheritance level 0 processing.
    
    Returns:
    
    true if this is an add operation.
  - isMemberOf
```
boolean isMemberOf(Group<?> group)
```
    Return true if the operation associated with this evaluation context is a member of the specified group. Calls the ClientConnection.isMemberOf() method, which checks authorization DN membership in the specified group.
    
    Parameters:
    
    group - The group to check membership in.
    
    Returns:
    
    true if the authorization DN of the operation is a member of the specified group.
  - isTargAttrFilterMatchAciEmpty
```
boolean isTargAttrFilterMatchAciEmpty()
```
    Returns true if the hashtable of ACIs that matched the targattrfilters keyword evaluation is empty. Used in a geteffectiverights control evaluation to determine the access value to put in the "write" rights evaluation field.
    
    Returns:
    
    true if there were not any ACIs that matched targattrfilters keyword evaluation.
  - hasTargAttrFiltersMatchAci
```
boolean hasTargAttrFiltersMatchAci(Aci aci)
```
    The context maintains a hashtable of ACIs that matched the targattrfilters keyword evaluation. The hasTargAttrFiltersMatchAci method returns true if the specified ACI is contained in that hashtable. Used in a geteffectiverights control evaluation to determine the access value to put in the "write" rights evaluation field.
    
    Parameters:
    
    aci - The ACI that to evaluate if it contains a match during targattrfilters keyword evaluation.
    
    Returns:
    
    true if a specified ACI matched targattrfilters evaluation.
  - hasTargAttrFiltersMatchOp
```
boolean hasTargAttrFiltersMatchOp(int flag)
```
    Return true if an ACI that evaluated to deny or allow has an targattrfilters keyword. Used by geteffectiverights control evaluation to determine the access value to put in the "write" rights evaluation field.
    
    Parameters:
    
    flag - The integer value specifying either a deny or allow, but not both.
    
    Returns:
    
    true if the ACI has an targattrfilters keyword.
  - isGetEffectiveRightsEval
```
boolean isGetEffectiveRightsEval()
```
    Returns true if the evaluation context is being used in a geteffectiverights control evaluation.
    
    Returns:
    
    true if the evaluation context is being used in a geteffectiverights control evaluation.
  - setTargAttrFiltersAciName
```
void setTargAttrFiltersAciName(String name)
```
    Set the name of the ACI that last matched a targattrfilters rule. Used in geteffectiverights control targattrfilters "write" evaluation.
    
    Parameters:
    
    name - The ACI name string matching the targattrfilters rule.
  - setTargAttrFiltersMatchOp
```
void setTargAttrFiltersMatchOp(int flag)
```
    Set a flag that specifies that a ACI that evaluated to either deny or allow contains a targattrfilters keyword. Used by geteffectiverights control evaluation to determine the access value to put in the "write" rights evaluation field.
    
    Parameters:
    
    flag - Either the integer value representing an allow or a deny, but not both.
  - setEvaluationResult
```
void setEvaluationResult(EnumEvalReason reason,
                         Aci decidingAci)
```
    Set the reason and the ACI that decided why the last access evaluation was evaluated the way it was. Used by geteffectiverights control evaluation to eventually build the summary string.
    
    Parameters:
    
    reason - The enumeration representing the reason of the last access evaluation.
    
    decidingAci - The ACI that decided the last access evaluation.
  - getEvalReason
```
EnumEvalReason getEvalReason()
```
    Return the reason the last access evaluation was evaluated the way it was. Used by geteffectiverights control evaluation to build the summary string.
    
    Returns:
    
    The enumeration representing the reason of the last access evaluation.
  - hasRights
```
boolean hasRights(int rights)
```
    Check if an evaluation context contains a set of access rights.
    
    Parameters:
    
    rights - The rights mask to check.
    
    Returns:
    
    true if the evaluation context contains a access right set.
  - getDecidingAciName
```
String getDecidingAciName()
```
    Return the name of the ACI that decided the last access evaluation. Used by geteffectiverights control evaluation to build the summary string.
    
    Returns:
    
    The name of the ACI that decided the last access evaluation.
  - getCurrentAttributeType
```
AttributeType getCurrentAttributeType()
```
    Get the current attribute type being evaluated.
    
    Returns:
    
    The attribute type currently being evaluated.
  - setEvalSummary
```
void setEvalSummary(String summary)
```
    Set the value of the summary string to the specified string. Used in get effective rights evaluation to build summary string.
    
    Parameters:
    
    summary - The string to set the summary string to
  - getEvalSummary
```
String getEvalSummary()
```
    Return the access evaluation summary string. Used in a geteffectiverights control evaluation when an aclRightsInfo attribute was specified in a search request.
    
    Returns:
    
    The string describing the access evaluation.
  - rightToString
```
String rightToString()
```
    Return a string representation of the current right being evaluated. Used in geteffectiverights control evaluation to build summary string.
    
    Returns:
    
    String representation of the current right being evaluated.
  - getTargAttrFiltersAciName
```
String getTargAttrFiltersAciName()
```
    Return the name of the ACI that last matched a targattrfilters rule. Used in geteffectiverights control evaluation.
    
    Returns:
    
    The name of the ACI that last matched a targattrfilters rule.
  - getCurrentSSF
```
int getCurrentSSF()
```
    Return the current SSF (Security Strength Factor) of the underlying connection.
    
    Returns:
    
    The current SSF of the connection.

Interface AciEvalContext

Method Summary

Method Detail

getClientDN

getClientEntry

getResourceDN

getDenyList

getAllowList

isDenyEval

isAnonymousUser

getRights

getResourceEntry

getHostName

hasAuthenticationMethod

getRemoteAddress

isAddOperation

isMemberOf

isTargAttrFilterMatchAciEmpty

hasTargAttrFiltersMatchAci

hasTargAttrFiltersMatchOp

isGetEffectiveRightsEval

setTargAttrFiltersAciName

setTargAttrFiltersMatchOp

setEvaluationResult

getEvalReason

hasRights

getDecidingAciName

getCurrentAttributeType

setEvalSummary

getEvalSummary

rightToString

getTargAttrFiltersAciName

getCurrentSSF