001 /* 002 * Licensed to the Apache Software Foundation (ASF) under one 003 * or more contributor license agreements. See the NOTICE file 004 * distributed with this work for additional information 005 * regarding copyright ownership. The ASF licenses this file 006 * to you under the Apache License, Version 2.0 (the 007 * "License"); you may not use this file except in compliance 008 * with the License. You may obtain a copy of the License at 009 * 010 * http://www.apache.org/licenses/LICENSE-2.0 011 * 012 * Unless required by applicable law or agreed to in writing, 013 * software distributed under the License is distributed on an 014 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 015 * KIND, either express or implied. See the License for the 016 * specific language governing permissions and limitations 017 * under the License. 018 * 019 */ 020 package org.apache.directory.server.core.authz.support; 021 022 023 import java.util.Collection; 024 import java.util.Iterator; 025 026 import javax.naming.NamingException; 027 028 import org.apache.directory.server.core.interceptor.context.OperationContext; 029 import org.apache.directory.shared.ldap.aci.ACITuple; 030 import org.apache.directory.shared.ldap.aci.MicroOperation; 031 import org.apache.directory.shared.ldap.constants.AuthenticationLevel; 032 import org.apache.directory.shared.ldap.entry.ServerEntry; 033 import org.apache.directory.shared.ldap.entry.Value; 034 import org.apache.directory.shared.ldap.name.DN; 035 import org.apache.directory.shared.ldap.schema.SchemaManager; 036 037 038 /** 039 * An {@link ACITupleFilter} that discard tuples which doesn't contain any 040 * related {@link MicroOperation}s. (18.8.3.4, X.501) 041 * 042 * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a> 043 * @version $Rev: 927146 $, $Date: 2010-03-24 19:39:54 +0100 (Wed, 24 Mar 2010) $ 044 * 045 */ 046 public class MicroOperationFilter implements ACITupleFilter 047 { 048 public Collection<ACITuple> filter( 049 SchemaManager schemaManager, 050 Collection<ACITuple> tuples, 051 OperationScope scope, 052 OperationContext opContext, 053 Collection<DN> userGroupNames, 054 DN userName, 055 ServerEntry userEntry, 056 AuthenticationLevel authenticationLevel, 057 DN entryName, 058 String attrId, 059 Value<?> attrValue, 060 ServerEntry entry, 061 Collection<MicroOperation> microOperations, 062 ServerEntry entryView ) 063 throws NamingException 064 { 065 if ( tuples.size() == 0 ) 066 { 067 return tuples; 068 } 069 070 for ( Iterator<ACITuple> i = tuples.iterator(); i.hasNext(); ) 071 { 072 ACITuple tuple = i.next(); 073 074 /* 075 * The ACITuple must contain all the MicroOperations specified within the 076 * microOperations argument. Just matching a single microOperation is not 077 * enough. All must be matched to retain the ACITuple. 078 */ 079 080 boolean retain = true; 081 082 for ( MicroOperation microOp:microOperations ) 083 { 084 if ( !tuple.getMicroOperations().contains( microOp ) ) 085 { 086 retain = false; 087 break; 088 } 089 } 090 091 if ( !retain ) 092 { 093 i.remove(); 094 } 095 } 096 097 return tuples; 098 } 099 100 }