001    /*
002     *  Licensed to the Apache Software Foundation (ASF) under one
003     *  or more contributor license agreements.  See the NOTICE file
004     *  distributed with this work for additional information
005     *  regarding copyright ownership.  The ASF licenses this file
006     *  to you under the Apache License, Version 2.0 (the
007     *  "License"); you may not use this file except in compliance
008     *  with the License.  You may obtain a copy of the License at
009     *  
010     *    http://www.apache.org/licenses/LICENSE-2.0
011     *  
012     *  Unless required by applicable law or agreed to in writing,
013     *  software distributed under the License is distributed on an
014     *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
015     *  KIND, either express or implied.  See the License for the
016     *  specific language governing permissions and limitations
017     *  under the License. 
018     *  
019     */
020    package org.apache.directory.server.core.authz.support;
021    
022    
023    import java.util.Collection;
024    import java.util.Iterator;
025    
026    import javax.naming.NamingException;
027    
028    import org.apache.directory.server.core.interceptor.context.OperationContext;
029    import org.apache.directory.shared.ldap.aci.ACITuple;
030    import org.apache.directory.shared.ldap.aci.MicroOperation;
031    import org.apache.directory.shared.ldap.constants.AuthenticationLevel;
032    import org.apache.directory.shared.ldap.entry.ServerEntry;
033    import org.apache.directory.shared.ldap.entry.Value;
034    import org.apache.directory.shared.ldap.name.DN;
035    import org.apache.directory.shared.ldap.schema.SchemaManager;
036    
037    
038    /**
039     * An {@link ACITupleFilter} that discards all tuples having a precedence less
040     * than the highest remaining precedence. (18.8.4.1, X.501)
041     *
042     * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
043     * @version $Rev: 927146 $, $Date: 2010-03-24 19:39:54 +0100 (Wed, 24 Mar 2010) $
044     */
045    public class HighestPrecedenceFilter implements ACITupleFilter
046    {
047        public Collection<ACITuple> filter( 
048                SchemaManager schemaManager, 
049                Collection<ACITuple> tuples, 
050                OperationScope scope, 
051                OperationContext opContext,
052                Collection<DN> userGroupNames, 
053                DN userName, 
054                ServerEntry userEntry, 
055                AuthenticationLevel authenticationLevel,
056                DN entryName, 
057                String attrId, 
058                Value<?> attrValue, 
059                ServerEntry entry, 
060                Collection<MicroOperation> microOperations,
061                ServerEntry entryView )
062            throws NamingException
063        {
064            if ( tuples.size() <= 1 )
065            {
066                return tuples;
067            }
068    
069            int maxPrecedence = -1;
070    
071            // Find the maximum precedence for all tuples.
072            for ( ACITuple tuple:tuples )
073            {
074                if ( tuple.getPrecedence() > maxPrecedence )
075                {
076                    maxPrecedence = tuple.getPrecedence();
077                }
078            }
079    
080            // Remove all tuples whose precedences are not the maximum one.
081            for ( Iterator<ACITuple> i = tuples.iterator(); i.hasNext(); )
082            {
083                ACITuple tuple = i.next();
084                
085                if ( tuple.getPrecedence() != maxPrecedence )
086                {
087                    i.remove();
088                }
089            }
090    
091            return tuples;
092        }
093    }