Package org.opends.server.api

Interface Group<T extends GroupImplementationCfg>

  • Type Parameters:
    T - The type of configuration handled by this group implementation.
    All Known Implementing Classes:
    DynamicGroup, StaticGroup, VirtualStaticGroup
    @PublicAPI(stability=VOLATILE,
           mayExtend=true,
           mayInvoke=true)
public interface Group<T extends GroupImplementationCfg>
    This interface defines the set of methods that must be implemented by a Directory Server group. It is expected that there will be a number of different types of groups (e.g., legacy static and dynamic groups, as well as enhanced groups and virtual static groups). The following operations may be performed on a group:
    • Determining whether a given user is a member of this group
    • Determining the set of members for this group, optionally filtered based on some set of criteria.
    • Retrieving or updating the set of nested groups for this group, if the underlying group type supports nesting).
    • Updating the set of members for this group, if the underlying group type provides the ability to explicitly add or remove members.

    • Nested Class Summary

      Nested Classes 
      Modifier and Type Interface Description
      static class  Group.ExaminedGroups
      Class holding the already visited groups.

    • Method Summary

      All Methods Instance Methods Abstract Methods Default Methods 
      Modifier and Type Method Description
      default void finalizeGroupImplementation()
      Performs any necessary finalization that may be needed whenever this group implementation is taken out of service within the Directory Server (e.g., if it is disabled or the server is shutting down).
      MemberList<Entry> getAllMembers​(Dn baseDN, SearchScope scope, Filter filter)
      Retrieves an iterator that may be used to cursor through the entries of the members contained in this group, or its nested groups.
      Filter getGroupDefinitionFilter()
      Retrieves a search filter that may be used to identify entries containing definitions for groups of this type in the Directory Server.
      Dn getGroupDN()
      Retrieves the DN of the entry that contains the definition for this group.
      MemberList<Dn> getMemberDns()
      Retrieves an iterator that may be used to cursor through the Dns of the members contained in this group.
      default void initializeGroupImplementation​(T configuration)
      Initializes a "shell" instance of this group implementation that may be used to identify and instantiate instances of this type of group in the directory data.
      default boolean isConfigurationAcceptable​(T configuration, List<LocalizableMessage> unacceptableReasons)
      Indicates whether the provided configuration is acceptable for this group implementation.
      boolean isGroupDefinition​(Entry entry)
      Indicates whether the provided entry contains a valid definition for this type of group.
      default boolean isMember​(Dn userDN)
      Indicates whether the user with the specified DN is a member of this group.
      boolean isMember​(Dn userDN, Group.ExaminedGroups examinedGroups)
      Indicates whether the user with the specified DN is a member of this group.
      default boolean isMember​(Entry userEntry)
      Indicates whether the user described by the provided user entry is a member of this group.
      boolean isMember​(Entry userEntry, Group.ExaminedGroups examinedGroups)
      Indicates whether the user described by the provided user entry is a member of this group.
      boolean mayAlterMemberList()
      Indicates whether it is possible to alter the member list for this group (e.g., in order to add members to the group or remove members from it).
      Group<T> newInstance​(ServerContext serverContext, Entry groupEntry)
      Creates a new group of this type based on the definition contained in the provided entry.
      void setGroupDN​(Dn groupDN)
      Sets the DN of the entry that contains the definition for this group.
      void updateMembers​(List<Modification> modifications)
      Attempt to make multiple changes to the group's member list.

    • Method Detail

      • initializeGroupImplementation

        default void initializeGroupImplementation​(T configuration)
                                    throws ConfigException,
                                           InitializationException
        Initializes a "shell" instance of this group implementation that may be used to identify and instantiate instances of this type of group in the directory data.
        Parameters:
        configuration - The configuration for this group implementation.
        Throws:
        ConfigException - If there is a problem with the provided configuration entry.
        InitializationException - If a problem occurs while attempting to initialize this group implementation that is not related to the server configuration.

      • isConfigurationAcceptable

        default boolean isConfigurationAcceptable​(T configuration,
                                          List<LocalizableMessage> unacceptableReasons)
        Indicates whether the provided configuration is acceptable for this group implementation. It should be possible to call this method on an uninitialized group implementation instance in order to determine whether the group implementation would be able to use the provided configuration.
        Parameters:
        configuration - The group implementation configuration for which to make the determination.
        unacceptableReasons - A list that may be used to hold the reasons that the provided configuration is not acceptable.
        Returns:
        true if the provided configuration is acceptable for this group implementation, or false if not.

      • finalizeGroupImplementation

        default void finalizeGroupImplementation()
        Performs any necessary finalization that may be needed whenever this group implementation is taken out of service within the Directory Server (e.g., if it is disabled or the server is shutting down).

      • newInstance

        Group<T> newInstance​(ServerContext serverContext,
                     Entry groupEntry)
              throws LdapException
        Creates a new group of this type based on the definition contained in the provided entry. This method must be designed so that it may be invoked on the "shell" instance created using the default constructor and initialized with the initializeGroupImplementation method.
        Parameters:
        serverContext - The server context.
        groupEntry - The entry containing the definition for the group to be created.
        Returns:
        The group instance created from the definition in the provided entry.
        Throws:
        LdapException - If a problem occurs while trying to create the group instance.

      • getGroupDefinitionFilter

        Filter getGroupDefinitionFilter()
                         throws LdapException
        Retrieves a search filter that may be used to identify entries containing definitions for groups of this type in the Directory Server. This method must be designed so that it may be invoked on the "shell" instance created using the default constructor and initialized with the initializeGroupImplementation method.
        Returns:
        A search filter that may be used to identify entries containing definitions for groups of this type in the Directory Server.
        Throws:
        LdapException - If a problem occurs while trying to locate all of the applicable group definition entries.

      • isGroupDefinition

        boolean isGroupDefinition​(Entry entry)
        Indicates whether the provided entry contains a valid definition for this type of group.
        Parameters:
        entry - The entry for which to make the determination.
        Returns:
        true if the provided entry does contain a valid definition for this type of group, or false if it does not.

      • getGroupDN

        Dn getGroupDN()
        Retrieves the DN of the entry that contains the definition for this group.
        Returns:
        The DN of the entry that contains the definition for this group.

      • setGroupDN

        void setGroupDN​(Dn groupDN)
        Sets the DN of the entry that contains the definition for this group.
        Parameters:
        groupDN - The DN of the entry that contains the definition for this group.

      • isMember

        default boolean isMember​(Dn userDN)
                  throws LdapException
        Indicates whether the user with the specified DN is a member of this group. Note that this is a point-in-time determination and the caller must not cache the result.
        Parameters:
        userDN - The DN of the user for which to make the determination.
        Returns:
        true if the specified user is currently a member of this group, or false if not.
        Throws:
        LdapException - If a problem occurs while attempting to make the determination.

      • isMember

        boolean isMember​(Dn userDN,
                 Group.ExaminedGroups examinedGroups)
          throws LdapException
        Indicates whether the user with the specified DN is a member of this group. Note that this is a point-in-time determination and the caller must not cache the result. Also note that group implementations that support nesting should use this version of the method rather than the version that does not take a set of DNs when attempting to determine whether a nested group includes the target member.
        Parameters:
        userDN - The DN of the user for which to make the determination.
        examinedGroups - A set of groups that have already been examined in the process of making the determination. This provides a mechanism to prevent infinite recursion due to circular references (e.g., two groups include each other as nested groups). Each time a group instance is checked, its DN should be added to the list, and any DN already contained in the list should be skipped. The use of an atomic reference allow to lazily create the Set to optimize memory when there is no nested groups.
        Returns:
        true if the specified user is currently a member of this group, or false if not.
        Throws:
        LdapException - If a problem occurs while attempting to make the determination.

      • isMember

        default boolean isMember​(Entry userEntry)
                  throws LdapException
        Indicates whether the user described by the provided user entry is a member of this group. Note that this is a point-in-time determination and the caller must not cache the result.
        Parameters:
        userEntry - The entry for the user for which to make the determination.
        Returns:
        true if the specified user is currently a member of this group, or false if not.
        Throws:
        LdapException - If a problem occurs while attempting to make the determination.

      • isMember

        boolean isMember​(Entry userEntry,
                 Group.ExaminedGroups examinedGroups)
          throws LdapException
        Indicates whether the user described by the provided user entry is a member of this group. Note that this is a point-in-time determination and the caller must not cache the result. Also note that group implementations that support nesting should use this version of the method rather than the version that does not take a set of DNs when attempting to determine whether a nested group includes the target member.
        Parameters:
        userEntry - The entry for the user for which to make the determination.
        examinedGroups - A set of groups that have already been examined in the process of making the determination. This provides a mechanism to prevent infinite recursion due to circular references (e.g., two groups include each other as nested groups). Each time a group instance is checked, its DN should be added to the list, and any DN already contained in the list should be skipped. The use of an atomic reference allow to lazily create the Set to optimize memory when there is no nested groups.
        Returns:
        true if the specified user is currently a member of this group, or false if not.
        Throws:
        LdapException - If a problem occurs while attempting to make the determination.

      • getMemberDns

        MemberList<Dn> getMemberDns()
                     throws LdapException
        Retrieves an iterator that may be used to cursor through the Dns of the members contained in this group. Note that this is a point-in-time determination, and the caller must not cache the result. Further, the determination should only include this group and not members from nested groups.
        Returns:
        An iterator that may be used to cursor through the entries of the members contained in this group.
        Throws:
        LdapException - If a problem occurs while attempting to retrieve the set of members.

      • getAllMembers

        MemberList<Entry> getAllMembers​(Dn baseDN,
                                SearchScope scope,
                                Filter filter)
                         throws LdapException
        Retrieves an iterator that may be used to cursor through the entries of the members contained in this group, or its nested groups. It may optionally retrieve a subset of the member entries based on a given set of criteria. Note that this is a point-in-time determination, and the caller must not cache the result.
        Parameters:
        baseDN - The base DN that should be used when determining whether a given entry will be returned. If this is null, then all entries will be considered in the scope of the criteria.
        scope - The scope that should be used when determining whether a given entry will be returned. It must not be null if the provided base DN is not null. The scope will be ignored if no base DN is provided.
        filter - The filter that should be used when determining whether a given entry will be returned. If this is null, then any entry in the scope of the criteria will be included in the results.
        Returns:
        An iterator that may be used to cursor through the entries of the members contained in this group.
        Throws:
        LdapException - If a problem occurs while attempting to retrieve the set of members.

      • mayAlterMemberList

        boolean mayAlterMemberList()
        Indicates whether it is possible to alter the member list for this group (e.g., in order to add members to the group or remove members from it).
        Returns:
        true if it is possible to add members to this group, or false if not.