Package org.opends.server.authorization.dseecompat

Class AciList

  • public class AciList
extends Object
    The AciList class performs caching of the ACI attribute values using the entry DN as the key.

    • Constructor Detail

      • AciList

        public AciList​(Dn configDN)
        Constructor to create an ACI list to cache ACI attribute types.
        Parameters:
        configDN - The configuration entry DN.

    • Method Detail

      • getCandidateAcis

        public List<Aci> getCandidateAcis​(Dn baseDN)
        Using the base DN, return a list of ACIs that are candidates for evaluation by walking up from the base DN towards the root of the DIT gathering ACIs on parents. Global ACIs use the NULL DN as the key and are included in the candidate set only if they have no "target" keyword rules, or if the target keyword rule matches for the specified base DN.
        Parameters:
        baseDN - The DN to check.
        Returns:
        A list of candidate ACIs that might be applicable.

      • addAci

        public int addAci​(List<? extends Entry> entries,
                  LinkedList<LocalizableMessage> failedACIMsgs)
        Add all the ACI from a set of entries to the ACI list. There is no need to check for global ACIs since they are processe by the AciHandler at startup using the addACi single entry method.
        Parameters:
        entries - The set of entries containing the "aci" attribute values.
        failedACIMsgs - List that will hold error messages from ACI decode exceptions.
        Returns:
        The number of valid ACI attribute values added to the ACI list.

      • addAci

        public void addAci​(Dn dn,
                   SortedSet<Aci> acis)
        Add a set of ACIs to the ACI list. This is usually used a startup, when global ACIs are processed.
        Parameters:
        dn - The DN to add the ACIs under.
        acis - A set of ACIs to add to the ACI list.

      • addAci

        public void addAci​(Entry entry,
                   List<LocalizableMessage> failedACIMsgs)
        Add all of an entry's ACI (global or regular) attribute values to the ACI list.
        Parameters:
        entry - The entry containing the ACI attributes.
        failedACIMsgs - List that will hold error messages from ACI decode exceptions.

      • modAciOldNewEntry

        public void modAciOldNewEntry​(Entry oldEntry,
                              Entry newEntry)
        Remove all of the ACIs related to the old entry and then add all of the ACIs related to the new entry. This method locks/unlocks the list. In the case of global ACIs the DN of the entry is checked to make sure it is equal to the config DN. If not, the global ACI attribute type is silently skipped.
        Parameters:
        oldEntry - The old entry possibly containing old ACI attribute values.
        newEntry - The new entry possibly containing new ACI attribute values.

      • removeAci

        public boolean removeAci​(Entry entry)
        Remove global and regular ACIs from the list. It's possible that an entry could have both attribute types (aci and ds-cfg-global-aci). Global ACIs use the NULL DN for the key. In the case of global ACIs the DN of the entry is checked to make sure it is equal to the config DN. If not, the global ACI attribute type is silently skipped.
        Parameters:
        entry - The entry containing the global ACIs.
        Returns:
        True if the ACI set was deleted.

      • removeAci

        public void removeAci​(LocalBackend<?> backend)
        Remove all ACIs related to a backend.
        Parameters:
        backend - The backend to check if each DN is handled by that backend.

      • renameAci

        public void renameAci​(Dn oldDN,
                      Dn newDN)
        Rename all ACIs under the specified old DN to the new DN. A simple interaction over the entire list is performed.
        Parameters:
        oldDN - The DN of the original entry that was moved.
        newDN - The DN of the new entry.