001 /* 002 * Licensed to the Apache Software Foundation (ASF) under one 003 * or more contributor license agreements. See the NOTICE file 004 * distributed with this work for additional information 005 * regarding copyright ownership. The ASF licenses this file 006 * to you under the Apache License, Version 2.0 (the 007 * "License"); you may not use this file except in compliance 008 * with the License. You may obtain a copy of the License at 009 * 010 * http://www.apache.org/licenses/LICENSE-2.0 011 * 012 * Unless required by applicable law or agreed to in writing, 013 * software distributed under the License is distributed on an 014 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 015 * KIND, either express or implied. See the License for the 016 * specific language governing permissions and limitations 017 * under the License. 018 * 019 */ 020 package org.apache.directory.server.core.authz.support; 021 022 023 import java.util.Collection; 024 import java.util.Iterator; 025 026 import javax.naming.NamingException; 027 028 import org.apache.directory.server.core.interceptor.context.OperationContext; 029 import org.apache.directory.shared.ldap.aci.ACITuple; 030 import org.apache.directory.shared.ldap.aci.MicroOperation; 031 import org.apache.directory.shared.ldap.constants.AuthenticationLevel; 032 import org.apache.directory.shared.ldap.entry.ServerEntry; 033 import org.apache.directory.shared.ldap.entry.Value; 034 import org.apache.directory.shared.ldap.name.DN; 035 import org.apache.directory.shared.ldap.schema.SchemaManager; 036 037 038 /** 039 * An {@link ACITupleFilter} that discards all tuples having a precedence less 040 * than the highest remaining precedence. (18.8.4.1, X.501) 041 * 042 * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a> 043 * @version $Rev: 927146 $, $Date: 2010-03-24 19:39:54 +0100 (Wed, 24 Mar 2010) $ 044 */ 045 public class HighestPrecedenceFilter implements ACITupleFilter 046 { 047 public Collection<ACITuple> filter( 048 SchemaManager schemaManager, 049 Collection<ACITuple> tuples, 050 OperationScope scope, 051 OperationContext opContext, 052 Collection<DN> userGroupNames, 053 DN userName, 054 ServerEntry userEntry, 055 AuthenticationLevel authenticationLevel, 056 DN entryName, 057 String attrId, 058 Value<?> attrValue, 059 ServerEntry entry, 060 Collection<MicroOperation> microOperations, 061 ServerEntry entryView ) 062 throws NamingException 063 { 064 if ( tuples.size() <= 1 ) 065 { 066 return tuples; 067 } 068 069 int maxPrecedence = -1; 070 071 // Find the maximum precedence for all tuples. 072 for ( ACITuple tuple:tuples ) 073 { 074 if ( tuple.getPrecedence() > maxPrecedence ) 075 { 076 maxPrecedence = tuple.getPrecedence(); 077 } 078 } 079 080 // Remove all tuples whose precedences are not the maximum one. 081 for ( Iterator<ACITuple> i = tuples.iterator(); i.hasNext(); ) 082 { 083 ACITuple tuple = i.next(); 084 085 if ( tuple.getPrecedence() != maxPrecedence ) 086 { 087 i.remove(); 088 } 089 } 090 091 return tuples; 092 } 093 }