|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Objectcom.sun.jndi.ldap.obj.GroupOfURLs
public class GroupOfURLs
A representation of the LDAP groupOfURLs object class. This is a dynamic group: its membership is determined by evaluating the group's LDAP URLs.
Note that when a GroupOfURLs object is created by the application
program then most of its methods throw IllegalStateException
until the program binds the object in the directory. However, when a
GroupOfURLs object is returned to the application program then the
object is already bound in the directory and its methods function normally.
A GroupOfURLs instance is not synchronized against concurrent multithreaded access. Multiple threads trying to access and modify a GroupOfURLs should lock the object.
In order to bind a GroupOfURLs object in the directory, the following LDAP object class definition must be supported in the directory schema:
( 2.16.840.1.113730.3.2.33 NAME 'groupOfURLs' SUP top STRUCTURAL MUST cn MAY ( memberURL $ businessCategory $ description $ o $ ou $ owner $ seeAlso ) )See
DirContext.bind
for details on binding an object in the directory.
The following code sample shows how the class may be used:
// set the java.naming.factory.object property env.put(Context.OBJECT_FACTORIES, "com.sun.jndi.ldap.obj.LdapGroupFactory"); // set the java.naming.factory.state property env.put(Context.STATE_FACTORIES, "com.sun.jndi.ldap.obj.LdapGroupFactory"); // create an initial context using the supplied environment properties DirContext ctx = new InitialDirContext(env); // create a set of member URLs Set members = new HashSet(); members.add( "ldap:///" + ctx.getNameInNamespace() + "??sub?(title=Manager)"); Group managers = new GroupOfURLs(members); // bind the group in the directory ctx.bind("cn=managers,ou=groups", managers); // list all of the group's members listMembers(managers); ... // list the members of a group (subgroups are expanded, by default) void listMembers(Group group) { for (Enumeration members = group.members(); members.hasMoreElements(); ) { Object object = members.nextElement(); if (object instanceof Group) { System.out.println("+" + ((Group) object).getName()); } else if (object instanceof Principal) { System.out.println(" " + ((Principal) object).getName()); } } }
Nested Class Summary | |
---|---|
(package private) class |
GroupOfURLs.Members
The members of a dynamic group. |
Field Summary | |
---|---|
private javax.naming.directory.Attributes |
attributes
|
private javax.naming.directory.DirContext |
bindCtx
|
private java.lang.String |
bindDN
|
private javax.naming.Name |
bindName
|
private javax.naming.directory.DirContext |
ctx
|
private static boolean |
debug
|
private java.util.Hashtable |
env
|
private static java.lang.String |
EXPAND_GROUP
|
private boolean |
expandGroup
|
private java.lang.String |
groupDN
|
private static java.lang.String |
GROUPS_ONLY
|
private static java.lang.String |
MEMBER_ATTR_ID
|
private javax.naming.directory.Attribute |
memberAttr
|
private javax.naming.directory.ModificationItem[] |
modification
|
private javax.naming.Name |
name
|
private static java.lang.String |
OBJECT_CLASS
|
private static javax.naming.directory.Attribute |
OBJECT_CLASS_ATTR
|
private boolean |
objectIsBound
|
private javax.naming.directory.SearchControls |
objectSearch
|
private javax.naming.directory.DirContext |
rootCtx
|
private javax.naming.directory.SearchControls |
searchNoAttrs
|
Constructor Summary | |
---|---|
|
GroupOfURLs()
Create an empty group object. |
|
GroupOfURLs(java.util.Set memberURLs)
Create a group object with an initial set of member URLs. |
private |
GroupOfURLs(java.lang.String groupDN,
javax.naming.directory.DirContext ctx,
javax.naming.Name name,
java.util.Hashtable env,
javax.naming.directory.Attributes attributes)
|
Method Summary | |
---|---|
boolean |
addMember(java.security.Principal member)
A member cannot be added to the group directly. |
void |
addMembers(java.lang.String members)
Adds members to the group. |
private static java.lang.Object |
appendFilterComponent(java.lang.StringBuffer filterBuffer,
int filterIndex,
java.lang.String rdn,
boolean leastSignificantRdn)
|
void |
close()
Releases the naming context created by this group. |
(package private) javax.naming.directory.Attributes |
getAttributes()
Retrieves the group's attributes. |
java.lang.String |
getName()
Retrieves the distinguished name of the group. |
(package private) static java.lang.Object |
getObjectInstance(java.lang.String groupDN,
javax.naming.directory.DirContext ctx,
javax.naming.Name name,
java.util.Hashtable env,
javax.naming.directory.Attributes attributes)
Create a group object from its entry in the directory. |
private void |
initializeBoundState(java.lang.String groupDN,
javax.naming.directory.DirContext ctx,
javax.naming.Name name,
java.util.Hashtable env,
javax.naming.directory.Attributes attributes)
|
private boolean |
isBound()
|
boolean |
isMember(java.security.Principal member)
Checks if the supplied name is a member of the group. |
boolean |
isMember(java.lang.String dn)
Checks if the supplied name is a member of the group. |
private boolean |
isSubgroupMember(java.lang.String dn)
|
(package private) static boolean |
matches(javax.naming.directory.Attribute objectClass)
Determines whether the supplied LDAP objectClass attribute matches that of the group. |
java.util.Enumeration |
members()
Returns the members of the group. |
java.util.Enumeration |
members(java.lang.String filter)
Returns the members of the group that satisfy the search filter. |
private void |
modifyMembers(java.lang.String members,
int mod_op)
|
boolean |
removeMember(java.security.Principal member)
A member cannot be removed from the group directly. |
void |
removeMembers(java.lang.String members)
Removes members from the group. |
private static java.util.ArrayList |
restrictFilter(java.lang.String filter,
java.lang.String dn)
|
private javax.naming.NamingEnumeration |
searchUsingLdapUrl(java.lang.String memberUrl,
javax.naming.directory.SearchControls searchControls,
java.lang.String memberDn)
|
private javax.naming.NamingEnumeration |
searchUsingLdapUrl(java.lang.String memberUrl,
java.lang.String filter,
javax.naming.directory.SearchControls searchControls)
|
private javax.naming.NamingEnumeration |
searchUsingLdapUrl(java.lang.String memberDn,
java.lang.String memberUrl,
java.lang.String andFilter,
javax.naming.directory.SearchControls searchControls)
|
(package private) void |
setName(java.lang.String groupDN,
javax.naming.directory.DirContext ctx,
javax.naming.Name name)
Sets the distinguished name of the group. |
java.lang.String |
toString()
Creates a string representation of the group. |
Methods inherited from class java.lang.Object |
---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait |
Methods inherited from interface java.security.Principal |
---|
equals, hashCode |
Field Detail |
---|
private static final boolean debug
private static final java.lang.String OBJECT_CLASS
private static final java.lang.String MEMBER_ATTR_ID
private static final java.lang.String EXPAND_GROUP
private static final java.lang.String GROUPS_ONLY
private static final javax.naming.directory.Attribute OBJECT_CLASS_ATTR
private boolean objectIsBound
private boolean expandGroup
private javax.naming.directory.Attributes attributes
private javax.naming.directory.Attribute memberAttr
private javax.naming.directory.SearchControls searchNoAttrs
private javax.naming.directory.SearchControls objectSearch
private javax.naming.directory.ModificationItem[] modification
private java.lang.String groupDN
private java.lang.String bindDN
private javax.naming.directory.DirContext rootCtx
private javax.naming.directory.DirContext ctx
private javax.naming.directory.DirContext bindCtx
private javax.naming.Name name
private javax.naming.Name bindName
private java.util.Hashtable env
Constructor Detail |
---|
public GroupOfURLs()
Note that the newly constructed object does not represent a group in
the directory until it is bound by using
DirContext.bind
.
public GroupOfURLs(java.util.Set memberURLs)
Note that the newly constructed object does not represent a group in
the directory until it is bound by using
DirContext.bind
.
memberURLs
- The set of initial member URLs. It may be null.
Each element is a string LDAP URL (RFC 2255).private GroupOfURLs(java.lang.String groupDN, javax.naming.directory.DirContext ctx, javax.naming.Name name, java.util.Hashtable env, javax.naming.directory.Attributes attributes)
Method Detail |
---|
static java.lang.Object getObjectInstance(java.lang.String groupDN, javax.naming.directory.DirContext ctx, javax.naming.Name name, java.util.Hashtable env, javax.naming.directory.Attributes attributes)
LdapGroupFactory
.
groupDN
- The group's distinguished name.ctx
- An LDAP context.name
- The group's name relative to the context.env
- The context's environment properties.attributes
- The group's LDAP attributes.
public boolean addMember(java.security.Principal member)
addMembers(String)
addMember
in interface java.security.acl.Group
member
- The name of the member to be added.
java.lang.UnsupportedOperationException
- A member cannot be added directly.public void addMembers(java.lang.String members) throws javax.naming.NamingException
members
- The string LDAP URL describing the members to be added.
javax.naming.NamingException
- The exception is thrown if an error occurs
while performing LDAP modify.
java.lang.IllegalStateException
- The exception is thrown if the
group does not represent a group in the directory.public boolean isMember(java.security.Principal member)
By default, subgroups are also checked. As subgroup expansion is potentially an expensive activity the feature may be disabled by setting the environment property "com.sun.jndi.ldap.obj.expandGroup" to the string value "false.
isMember
in interface java.security.acl.Group
member
- The name of the member to be checked.
java.lang.IllegalStateException
- The exception is thrown if the
group does not represent a group in the directory.public boolean isMember(java.lang.String dn) throws javax.naming.NamingException
By default, subgroups are also checked. As subgroup expansion is potentially an expensive activity the feature may be disabled by setting the environment property "com.sun.jndi.ldap.obj.expandGroup" to the string value "false.
dn
- The distinguished name (RFC 2253) of the member to be checked.
javax.naming.NamingException
- The exception is thrown if an error occurs
while performing LDAP search.
java.lang.IllegalStateException
- The exception is thrown if the
group does not represent a group in the directory.public java.util.Enumeration members()
By default, subgroups and their members are also included. As subgroup expansion is potentially an expensive activity the feature may be disabled by setting the environment property "com.sun.jndi.ldap.obj.expandGroup" to the string value "false. When the feature is disabled only the group's direct members are returned.
members
in interface java.security.acl.Group
LdapGroupFactory
object factory is active
then each element in the enumeration is of class
Group
or
Principal
However, when additional
object factories are active then the enumeration may contain
elements of a different class.
java.lang.IllegalStateException
- The exception is thrown if the
group does not represent a group in the directory.public java.util.Enumeration members(java.lang.String filter) throws javax.naming.NamingException
By default, subgroups and their members are also included. As subgroup expansion is potentially an expensive activity the feature may be disabled by setting the environment property "com.sun.jndi.ldap.obj.expandGroup" to the string value "false. When the feature is disabled only the group's direct members are returned.
filter
- The string filter to apply to the members of the group.
If the argument is null then no filtering is performed.
LdapGroupFactory
object factory is active
then each element in the enumeration is of class
Group
or
Principal
However, when additional
object factories are active then the enumeration may contain
elements of a different class.
javax.naming.NamingException
- The exception is thrown if an error occurs
while performing LDAP search.
java.lang.IllegalStateException
- The exception is thrown if the
group does not represent a group in the directory.public boolean removeMember(java.security.Principal member)
removeMembers(String)
removeMember
in interface java.security.acl.Group
member
- The name of the member to be removed.
java.lang.UnsupportedOperationException
- A member cannot be removed
directly.public void removeMembers(java.lang.String members) throws javax.naming.NamingException
members
- The LDAP URL describing the members to be removed.
javax.naming.NamingException
- The exception is thrown if an error occurs
while performing LDAP modify.
java.lang.IllegalStateException
- The exception is thrown if the
group does not represent a group in the directory.public java.lang.String getName()
getName
in interface java.security.Principal
java.lang.IllegalStateException
- The exception is thrown if the
group does not represent a group in the directory.void setName(java.lang.String groupDN, javax.naming.directory.DirContext ctx, javax.naming.Name name)
LdapGroupFactory
groupDN
- The group's distinguished name.ctx
- An LDAP context.name
- The group's name relative to the context.public java.lang.String toString()
toString
in interface java.security.Principal
toString
in class java.lang.Object
BasicAttributes.toString()
for details. The name is omitted if the group is not bound in
the directory and null is returned if no attributes are
available.javax.naming.directory.Attributes getAttributes()
LdapGroupFactory
.
static boolean matches(javax.naming.directory.Attribute objectClass)
objectClass
- The non-null objectClass attribute to check against.
private boolean isBound()
public void close() throws javax.naming.NamingException
javax.naming.NamingException
- If a naming exception is encountered while
closing the root context.private void initializeBoundState(java.lang.String groupDN, javax.naming.directory.DirContext ctx, javax.naming.Name name, java.util.Hashtable env, javax.naming.directory.Attributes attributes)
private void modifyMembers(java.lang.String members, int mod_op) throws javax.naming.NamingException
javax.naming.NamingException
private boolean isSubgroupMember(java.lang.String dn) throws javax.naming.NamingException
javax.naming.NamingException
private javax.naming.NamingEnumeration searchUsingLdapUrl(java.lang.String memberUrl, javax.naming.directory.SearchControls searchControls, java.lang.String memberDn) throws javax.naming.NamingException
javax.naming.NamingException
private javax.naming.NamingEnumeration searchUsingLdapUrl(java.lang.String memberUrl, java.lang.String filter, javax.naming.directory.SearchControls searchControls) throws javax.naming.NamingException
javax.naming.NamingException
private javax.naming.NamingEnumeration searchUsingLdapUrl(java.lang.String memberDn, java.lang.String memberUrl, java.lang.String andFilter, javax.naming.directory.SearchControls searchControls) throws javax.naming.NamingException
javax.naming.NamingException
private static java.util.ArrayList restrictFilter(java.lang.String filter, java.lang.String dn) throws javax.naming.InvalidNameException
javax.naming.InvalidNameException
private static java.lang.Object appendFilterComponent(java.lang.StringBuffer filterBuffer, int filterIndex, java.lang.String rdn, boolean leastSignificantRdn)
|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |