public class Aci extends Object implements Comparable<Aci>
Modifier and Type | Field and Description |
---|---|
static int |
ACI_ADD
ACI_ADD is used to set the container rights for a LDAP add operation.
|
static int |
ACI_ALL
ACI_ALL is used to as a mask for all of the above.
|
static int |
ACI_COMPARE
ACI_COMPARE is used to set the container rights for a LDAP
compare operation.
|
static int |
ACI_CONTROL
Used by the control evaluation access check.
|
static int |
ACI_DELETE
ACI_DELETE is used to set the container rights for a LDAP
delete operation.
|
static int |
ACI_EXPORT
ACI_EXPORT is used to set the container rights for a LDAP
modify dn operation.
|
static int |
ACI_EXT_OP
Used by the extended operation access check.
|
static int |
ACI_FOUND_OP_ATTR_RULE
ACI_FOUND_OP_ATTR_RULE is the flag set when the evaluation reason of a
AciHandler.maysend ACI_READ access evaluation was the result of an
ACI targetattr specific operational attribute expression
(targetattr="some operational attribute type") target match.
|
static int |
ACI_FOUND_USER_ATTR_RULE
ACI_FOUND_USER_ATTR_RULE is the flag set when the evaluation reason of a
AciHandler.maysend ACI_READ access evaluation was the result of an
ACI targetattr specific user attribute expression
(targetattr="some user attribute type") target match.
|
static int |
ACI_IMPORT
ACI_IMPORT is used to set the container rights for a LDAP
modify dn operation.
|
static int |
ACI_NULL
ACI_NULL is used to set the container rights to all zeros.
|
static int |
ACI_OP_ATTR_PLUS_MATCHED
ACI_OP_ATTR_PLUS_MATCHED is the flag set when the evaluation reason of a
AciHandler.maysend ACI_READ access evaluation was the result of an
ACI targetattr all operational attributes expression (targetattr="+")
target match.
|
static int |
ACI_PROXY
ACI_PROXY is used for the PROXY right.
|
static int |
ACI_READ
ACI_READ is used to set the container rights for a LDAP
search operation.
|
static int |
ACI_SEARCH
ACI_SEARCH is used to set the container rights a LDAP search operation.
|
static int |
ACI_SELF
ACI_SELF is used for the SELFWRITE right.
|
static int |
ACI_SKIP_PROXY_CHECK
ACI_SKIP_PROXY_CHECK is used to bypass the proxy access check.
|
static String |
ACI_STATEMENT_SEPARATOR
Regular expression matching a ACL statement separator.
|
static int |
ACI_USER_ATTR_STAR_MATCHED
ACI_ATTR_STAR_MATCHED is the flag set when the evaluation reason of a
AciHandler.maysend ACI_READ access evaluation was the result of an
ACI targetattr all attributes expression (targetattr="*") target match.
|
static int |
ACI_WRITE
ACI_WRITE is used to set the container rights for a LDAP
modify operation.
|
static int |
ACI_WRITE_ADD
ACI_WRITE_ADD is used by the LDAP modify operation.
|
static int |
ACI_WRITE_DELETE
ACI_WRITE_DELETE is used by the LDAP modify operation.
|
static String |
ALL_OP_ATTRS_WILD_CARD
Regular expression the matches "+".
|
static String |
ALL_USER_ATTRS_WILD_CARD
Regular expression the matches "*".
|
static String |
ATTR_NAME
Regular expression that graciously matches an attribute type name.
|
static String |
CLOSED_PAREN
Regular expression used to match a closed parenthesis.
|
static String |
EQUAL_SIGN
Regular expression used to match a single equal sign.
|
static String |
LDAP_URL
Regular expression matching a LDAP URL.
|
static String |
LOGICAL_OR
Regular expression used to match token that joins expressions (||).
|
static String |
NULL_LDAP_URL
String used to check for NULL ldap URL.
|
static String |
OPEN_PAREN
Regular expression used to match an open parenthesis.
|
static String |
supportedVersion
Version that we support.
|
static int |
TARGATTRFILTERS_ADD
TARGATTRFILTER_ADD is used to specify that a
targattrfilters ADD operation was seen in the ACI.
|
static int |
TARGATTRFILTERS_DELETE
TARGATTRFILTER_DELETE is used to specify that a
targattrfilters DELETE operation was seen in the ACI.
|
static String |
WORD_GROUP
Regular expression matching a word group.
|
static String |
WORD_GROUP_START_PATTERN
Regular expression matching a word group at the start of a
pattern.
|
static String |
ZERO_OR_MORE_WHITESPACE
Regular expression matching a white space.
|
static String |
ZERO_OR_MORE_WHITESPACE_START_PATTERN
Regular expression matching a white space at the start of a pattern.
|
Modifier and Type | Method and Description |
---|---|
int |
compareTo(Aci aci)
Compares this Aci with the provided Aci based on a natural order.
|
static Aci |
decode(org.forgerock.opendj.ldap.ByteSequence byteString,
DN dn)
Decode an ACI byte string.
|
static Set<String> |
decodeOID(String expr,
LocalizableMessage msg)
Decode an OIDs expression string.
|
static EnumEvalResult |
evaluate(AciEvalContext evalCtx,
Aci aci)
Static class used to evaluate an ACI and evaluation context.
|
DN |
getDN()
Return the DN of the entry containing the ACI.
|
String |
getName()
Returns the name string of this ACI.
|
AciTargets |
getTargets()
Returns the targets of the ACI.
|
boolean |
hasAccessType(EnumAccessType accessType)
Re-direct has access type to the body's hasAccessType method.
|
boolean |
hasRights(int rights)
Check if the body of the ACI matches the rights specified.
|
static boolean |
isApplicable(Aci aci,
AciTargetMatchContext matchCtx)
Test if the given ACI is applicable using the target match information
provided.
|
String |
toString()
Return the string representation of the ACI.
|
public static final String supportedVersion
public static final String WORD_GROUP
public static final String WORD_GROUP_START_PATTERN
public static final String ZERO_OR_MORE_WHITESPACE
public static final String ZERO_OR_MORE_WHITESPACE_START_PATTERN
public static final String ACI_STATEMENT_SEPARATOR
public static final String ATTR_NAME
public static final String LDAP_URL
public static final String NULL_LDAP_URL
public static final String LOGICAL_OR
public static final String OPEN_PAREN
public static final String CLOSED_PAREN
public static final String EQUAL_SIGN
public static final String ALL_USER_ATTRS_WILD_CARD
public static final String ALL_OP_ATTRS_WILD_CARD
public static final int ACI_ADD
public static final int ACI_DELETE
public static final int ACI_READ
public static final int ACI_WRITE
public static final int ACI_COMPARE
public static final int ACI_SEARCH
public static final int ACI_SELF
public static final int ACI_ALL
public static final int ACI_PROXY
public static final int ACI_IMPORT
public static final int ACI_EXPORT
public static final int ACI_WRITE_ADD
public static final int ACI_WRITE_DELETE
public static final int ACI_SKIP_PROXY_CHECK
public static final int TARGATTRFILTERS_ADD
public static final int TARGATTRFILTERS_DELETE
public static final int ACI_CONTROL
public static final int ACI_EXT_OP
public static final int ACI_USER_ATTR_STAR_MATCHED
public static final int ACI_FOUND_USER_ATTR_RULE
public static final int ACI_OP_ATTR_PLUS_MATCHED
public static final int ACI_FOUND_OP_ATTR_RULE
public static final int ACI_NULL
public static Aci decode(org.forgerock.opendj.ldap.ByteSequence byteString, DN dn) throws AciException
byteString
- The ByteString containing the ACI string.dn
- DN of the ACI entry.AciException
- If the parsing of the ACI string fails.public String toString()
public AciTargets getTargets()
public DN getDN()
public static boolean isApplicable(Aci aci, AciTargetMatchContext matchCtx)
aci
- The ACI to test.matchCtx
- The target matching context containing all the info
needed to match ACI targets.public boolean hasRights(int rights)
rights
- Bit mask representing the rights to match.public boolean hasAccessType(EnumAccessType accessType)
accessType
- The access type to match.public static EnumEvalResult evaluate(AciEvalContext evalCtx, Aci aci)
evalCtx
- The context to evaluate with.aci
- The ACI to evaluate.public static Set<String> decodeOID(String expr, LocalizableMessage msg) throws AciException
expr
- A string representing the OID expression.msg
- A message to be used if there is an exception.AciException
- If the specified expression string is invalid.public int compareTo(Aci aci)
compareTo
in interface Comparable<Aci>
aci
- The Aci against which to compare this Aci.Copyright © 2010-2016 ForgeRock AS. All Rights Reserved.