001/* 002 * CDDL HEADER START 003 * 004 * The contents of this file are subject to the terms of the 005 * Common Development and Distribution License, Version 1.0 only 006 * (the "License"). You may not use this file except in compliance 007 * with the License. 008 * 009 * You can obtain a copy of the license at legal-notices/CDDLv1_0.txt 010 * or http://forgerock.org/license/CDDLv1.0.html. 011 * See the License for the specific language governing permissions 012 * and limitations under the License. 013 * 014 * When distributing Covered Code, include this CDDL HEADER in each 015 * file and include the License file at legal-notices/CDDLv1_0.txt. 016 * If applicable, add the following below this CDDL HEADER, with the 017 * fields enclosed by brackets "[]" replaced with your own identifying 018 * information: 019 * Portions Copyright [yyyy] [name of copyright owner] 020 * 021 * CDDL HEADER END 022 * 023 * 024 * Copyright 2008 Sun Microsystems, Inc. 025 */ 026package org.opends.server.admin.std.meta; 027 028 029 030import java.util.Collection; 031import java.util.SortedSet; 032import org.forgerock.opendj.config.server.ConfigException; 033import org.opends.server.admin.AdministratorAction; 034import org.opends.server.admin.client.AuthorizationException; 035import org.opends.server.admin.client.CommunicationException; 036import org.opends.server.admin.client.ConcurrentModificationException; 037import org.opends.server.admin.client.IllegalManagedObjectNameException; 038import org.opends.server.admin.client.ManagedObject; 039import org.opends.server.admin.client.ManagedObjectDecodingException; 040import org.opends.server.admin.client.MissingMandatoryPropertiesException; 041import org.opends.server.admin.client.OperationRejectedException; 042import org.opends.server.admin.DefaultBehaviorProvider; 043import org.opends.server.admin.DefinedDefaultBehaviorProvider; 044import org.opends.server.admin.DefinitionDecodingException; 045import org.opends.server.admin.EnumPropertyDefinition; 046import org.opends.server.admin.InstantiableRelationDefinition; 047import org.opends.server.admin.ManagedObjectAlreadyExistsException; 048import org.opends.server.admin.ManagedObjectDefinition; 049import org.opends.server.admin.ManagedObjectNotFoundException; 050import org.opends.server.admin.PropertyException; 051import org.opends.server.admin.PropertyOption; 052import org.opends.server.admin.PropertyProvider; 053import org.opends.server.admin.RelationOption; 054import org.opends.server.admin.server.ConfigurationAddListener; 055import org.opends.server.admin.server.ConfigurationChangeListener; 056import org.opends.server.admin.server.ConfigurationDeleteListener; 057import org.opends.server.admin.server.ServerManagedObject; 058import org.opends.server.admin.std.client.RootDNCfgClient; 059import org.opends.server.admin.std.client.RootDNUserCfgClient; 060import org.opends.server.admin.std.server.RootDNCfg; 061import org.opends.server.admin.std.server.RootDNUserCfg; 062import org.opends.server.admin.Tag; 063import org.opends.server.admin.TopCfgDefn; 064import org.opends.server.types.DN; 065 066 067 068/** 069 * An interface for querying the Root DN managed object definition 070 * meta information. 071 * <p> 072 * The Root DN configuration contains all the Root DN Users defined in 073 * the directory server. In addition, it also defines the default set 074 * of privileges that Root DN Users automatically inherit. 075 */ 076public final class RootDNCfgDefn extends ManagedObjectDefinition<RootDNCfgClient, RootDNCfg> { 077 078 // The singleton configuration definition instance. 079 private static final RootDNCfgDefn INSTANCE = new RootDNCfgDefn(); 080 081 082 083 /** 084 * Defines the set of permissable values for the "default-root-privilege-name" property. 085 * <p> 086 * Specifies the names of the privileges that root users will be 087 * granted by default. 088 */ 089 public static enum DefaultRootPrivilegeName { 090 091 /** 092 * Allows the user to request that the server process backup 093 * tasks. 094 */ 095 BACKEND_BACKUP("backend-backup"), 096 097 098 099 /** 100 * Allows the user to request that the server process restore 101 * tasks. 102 */ 103 BACKEND_RESTORE("backend-restore"), 104 105 106 107 /** 108 * Allows the associated user to bypass access control checks 109 * performed by the server. 110 */ 111 BYPASS_ACL("bypass-acl"), 112 113 114 115 /** 116 * Allows the associated user to bypass server lockdown mode. 117 */ 118 BYPASS_LOCKDOWN("bypass-lockdown"), 119 120 121 122 /** 123 * Allows the user to cancel operations in progress on other 124 * client connections. 125 */ 126 CANCEL_REQUEST("cancel-request"), 127 128 129 130 /** 131 * Allows the user to perform read operations on the changelog 132 */ 133 CHANGELOG_READ("changelog-read"), 134 135 136 137 /** 138 * Allows the associated user to read the server configuration. 139 */ 140 CONFIG_READ("config-read"), 141 142 143 144 /** 145 * Allows the associated user to update the server configuration. 146 * The config-read privilege is also required. 147 */ 148 CONFIG_WRITE("config-write"), 149 150 151 152 /** 153 * Allows the user to participate in data synchronization. 154 */ 155 DATA_SYNC("data-sync"), 156 157 158 159 /** 160 * Allows the user to terminate other client connections. 161 */ 162 DISCONNECT_CLIENT("disconnect-client"), 163 164 165 166 /** 167 * Allows the associated user to subscribe to receive JMX 168 * notifications. 169 */ 170 JMX_NOTIFY("jmx-notify"), 171 172 173 174 /** 175 * Allows the associated user to perform JMX read operations. 176 */ 177 JMX_READ("jmx-read"), 178 179 180 181 /** 182 * Allows the associated user to perform JMX write operations. 183 */ 184 JMX_WRITE("jmx-write"), 185 186 187 188 /** 189 * Allows the user to request that the server process LDIF export 190 * tasks. 191 */ 192 LDIF_EXPORT("ldif-export"), 193 194 195 196 /** 197 * Allows the user to request that the server process LDIF import 198 * tasks. 199 */ 200 LDIF_IMPORT("ldif-import"), 201 202 203 204 /** 205 * Allows the associated user to modify the server's access 206 * control configuration. 207 */ 208 MODIFY_ACL("modify-acl"), 209 210 211 212 /** 213 * Allows the user to reset user passwords. 214 */ 215 PASSWORD_RESET("password-reset"), 216 217 218 219 /** 220 * Allows the user to make changes to the set of defined root 221 * privileges, as well as to grant and revoke privileges for users. 222 */ 223 PRIVILEGE_CHANGE("privilege-change"), 224 225 226 227 /** 228 * Allows the user to use the proxied authorization control, or to 229 * perform a bind that specifies an alternate authorization 230 * identity. 231 */ 232 PROXIED_AUTH("proxied-auth"), 233 234 235 236 /** 237 * Allows the user to place and bring the server of lockdown mode. 238 */ 239 SERVER_LOCKDOWN("server-lockdown"), 240 241 242 243 /** 244 * Allows the user to request that the server perform an in-core 245 * restart. 246 */ 247 SERVER_RESTART("server-restart"), 248 249 250 251 /** 252 * Allows the user to request that the server shut down. 253 */ 254 SERVER_SHUTDOWN("server-shutdown"), 255 256 257 258 /** 259 * Allows the associated user to perform LDAP subentry write 260 * operations. 261 */ 262 SUBENTRY_WRITE("subentry-write"), 263 264 265 266 /** 267 * Allows the user to request that the server process a search 268 * that cannot be optimized using server indexes. 269 */ 270 UNINDEXED_SEARCH("unindexed-search"), 271 272 273 274 /** 275 * Allows the user to make changes to the server schema. 276 */ 277 UPDATE_SCHEMA("update-schema"); 278 279 280 281 // String representation of the value. 282 private final String name; 283 284 285 286 // Private constructor. 287 private DefaultRootPrivilegeName(String name) { this.name = name; } 288 289 290 291 /** 292 * {@inheritDoc} 293 */ 294 public String toString() { return name; } 295 296 } 297 298 299 300 // The "default-root-privilege-name" property definition. 301 private static final EnumPropertyDefinition<DefaultRootPrivilegeName> PD_DEFAULT_ROOT_PRIVILEGE_NAME; 302 303 304 305 // The "root-dn-users" relation definition. 306 private static final InstantiableRelationDefinition<RootDNUserCfgClient, RootDNUserCfg> RD_ROOT_DN_USERS; 307 308 309 310 // Build the "default-root-privilege-name" property definition. 311 static { 312 EnumPropertyDefinition.Builder<DefaultRootPrivilegeName> builder = EnumPropertyDefinition.createBuilder(INSTANCE, "default-root-privilege-name"); 313 builder.setOption(PropertyOption.MULTI_VALUED); 314 builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "default-root-privilege-name")); 315 DefaultBehaviorProvider<DefaultRootPrivilegeName> provider = new DefinedDefaultBehaviorProvider<DefaultRootPrivilegeName>("bypass-lockdown", "bypass-acl", "modify-acl", "config-read", "config-write", "ldif-import", "ldif-export", "backend-backup", "backend-restore", "server-lockdown", "server-shutdown", "server-restart", "disconnect-client", "cancel-request", "password-reset", "update-schema", "privilege-change", "unindexed-search", "subentry-write", "changelog-read"); 316 builder.setDefaultBehaviorProvider(provider); 317 builder.setEnumClass(DefaultRootPrivilegeName.class); 318 PD_DEFAULT_ROOT_PRIVILEGE_NAME = builder.getInstance(); 319 INSTANCE.registerPropertyDefinition(PD_DEFAULT_ROOT_PRIVILEGE_NAME); 320 } 321 322 323 324 // Build the "root-dn-users" relation definition. 325 static { 326 InstantiableRelationDefinition.Builder<RootDNUserCfgClient, RootDNUserCfg> builder = 327 new InstantiableRelationDefinition.Builder<RootDNUserCfgClient, RootDNUserCfg>(INSTANCE, "root-dn-user", "root-dn-users", RootDNUserCfgDefn.getInstance()); 328 builder.setOption(RelationOption.HIDDEN); 329 RD_ROOT_DN_USERS = builder.getInstance(); 330 INSTANCE.registerRelationDefinition(RD_ROOT_DN_USERS); 331 } 332 333 334 335 // Register the tags associated with this managed object definition. 336 static { 337 INSTANCE.registerTag(Tag.valueOf("core-server")); 338 } 339 340 341 342 /** 343 * Get the Root DN configuration definition singleton. 344 * 345 * @return Returns the Root DN configuration definition singleton. 346 */ 347 public static RootDNCfgDefn getInstance() { 348 return INSTANCE; 349 } 350 351 352 353 /** 354 * Private constructor. 355 */ 356 private RootDNCfgDefn() { 357 super("root-dn", TopCfgDefn.getInstance()); 358 } 359 360 361 362 /** 363 * {@inheritDoc} 364 */ 365 public RootDNCfgClient createClientConfiguration( 366 ManagedObject<? extends RootDNCfgClient> impl) { 367 return new RootDNCfgClientImpl(impl); 368 } 369 370 371 372 /** 373 * {@inheritDoc} 374 */ 375 public RootDNCfg createServerConfiguration( 376 ServerManagedObject<? extends RootDNCfg> impl) { 377 return new RootDNCfgServerImpl(impl); 378 } 379 380 381 382 /** 383 * {@inheritDoc} 384 */ 385 public Class<RootDNCfg> getServerConfigurationClass() { 386 return RootDNCfg.class; 387 } 388 389 390 391 /** 392 * Get the "default-root-privilege-name" property definition. 393 * <p> 394 * Specifies the names of the privileges that root users will be 395 * granted by default. 396 * 397 * @return Returns the "default-root-privilege-name" property definition. 398 */ 399 public EnumPropertyDefinition<DefaultRootPrivilegeName> getDefaultRootPrivilegeNamePropertyDefinition() { 400 return PD_DEFAULT_ROOT_PRIVILEGE_NAME; 401 } 402 403 404 405 /** 406 * Get the "root-dn-users" relation definition. 407 * 408 * @return Returns the "root-dn-users" relation definition. 409 */ 410 public InstantiableRelationDefinition<RootDNUserCfgClient,RootDNUserCfg> getRootDNUsersRelationDefinition() { 411 return RD_ROOT_DN_USERS; 412 } 413 414 415 416 /** 417 * Managed object client implementation. 418 */ 419 private static class RootDNCfgClientImpl implements 420 RootDNCfgClient { 421 422 // Private implementation. 423 private ManagedObject<? extends RootDNCfgClient> impl; 424 425 426 427 // Private constructor. 428 private RootDNCfgClientImpl( 429 ManagedObject<? extends RootDNCfgClient> impl) { 430 this.impl = impl; 431 } 432 433 434 435 /** 436 * {@inheritDoc} 437 */ 438 public SortedSet<DefaultRootPrivilegeName> getDefaultRootPrivilegeName() { 439 return impl.getPropertyValues(INSTANCE.getDefaultRootPrivilegeNamePropertyDefinition()); 440 } 441 442 443 444 /** 445 * {@inheritDoc} 446 */ 447 public void setDefaultRootPrivilegeName(Collection<DefaultRootPrivilegeName> values) { 448 impl.setPropertyValues(INSTANCE.getDefaultRootPrivilegeNamePropertyDefinition(), values); 449 } 450 451 452 453 /** 454 * {@inheritDoc} 455 */ 456 public String[] listRootDNUsers() throws ConcurrentModificationException, 457 AuthorizationException, CommunicationException { 458 return impl.listChildren(INSTANCE.getRootDNUsersRelationDefinition()); 459 } 460 461 462 463 /** 464 * {@inheritDoc} 465 */ 466 public RootDNUserCfgClient getRootDNUser(String name) 467 throws DefinitionDecodingException, ManagedObjectDecodingException, 468 ManagedObjectNotFoundException, ConcurrentModificationException, 469 AuthorizationException, CommunicationException { 470 return impl.getChild(INSTANCE.getRootDNUsersRelationDefinition(), name).getConfiguration(); 471 } 472 473 474 475 /** 476 * {@inheritDoc} 477 */ 478 public <M extends RootDNUserCfgClient> M createRootDNUser( 479 ManagedObjectDefinition<M, ? extends RootDNUserCfg> d, String name, Collection<PropertyException> exceptions) throws IllegalManagedObjectNameException { 480 return impl.createChild(INSTANCE.getRootDNUsersRelationDefinition(), d, name, exceptions).getConfiguration(); 481 } 482 483 484 485 /** 486 * {@inheritDoc} 487 */ 488 public void removeRootDNUser(String name) 489 throws ManagedObjectNotFoundException, ConcurrentModificationException, 490 OperationRejectedException, AuthorizationException, CommunicationException { 491 impl.removeChild(INSTANCE.getRootDNUsersRelationDefinition(), name); 492 } 493 494 495 496 /** 497 * {@inheritDoc} 498 */ 499 public ManagedObjectDefinition<? extends RootDNCfgClient, ? extends RootDNCfg> definition() { 500 return INSTANCE; 501 } 502 503 504 505 /** 506 * {@inheritDoc} 507 */ 508 public PropertyProvider properties() { 509 return impl; 510 } 511 512 513 514 /** 515 * {@inheritDoc} 516 */ 517 public void commit() throws ManagedObjectAlreadyExistsException, 518 MissingMandatoryPropertiesException, ConcurrentModificationException, 519 OperationRejectedException, AuthorizationException, 520 CommunicationException { 521 impl.commit(); 522 } 523 524 525 526 /** {@inheritDoc} */ 527 public String toString() { 528 return impl.toString(); 529 } 530 } 531 532 533 534 /** 535 * Managed object server implementation. 536 */ 537 private static class RootDNCfgServerImpl implements 538 RootDNCfg { 539 540 // Private implementation. 541 private ServerManagedObject<? extends RootDNCfg> impl; 542 543 // The value of the "default-root-privilege-name" property. 544 private final SortedSet<DefaultRootPrivilegeName> pDefaultRootPrivilegeName; 545 546 547 548 // Private constructor. 549 private RootDNCfgServerImpl(ServerManagedObject<? extends RootDNCfg> impl) { 550 this.impl = impl; 551 this.pDefaultRootPrivilegeName = impl.getPropertyValues(INSTANCE.getDefaultRootPrivilegeNamePropertyDefinition()); 552 } 553 554 555 556 /** 557 * {@inheritDoc} 558 */ 559 public void addChangeListener( 560 ConfigurationChangeListener<RootDNCfg> listener) { 561 impl.registerChangeListener(listener); 562 } 563 564 565 566 /** 567 * {@inheritDoc} 568 */ 569 public void removeChangeListener( 570 ConfigurationChangeListener<RootDNCfg> listener) { 571 impl.deregisterChangeListener(listener); 572 } 573 574 575 576 /** 577 * {@inheritDoc} 578 */ 579 public SortedSet<DefaultRootPrivilegeName> getDefaultRootPrivilegeName() { 580 return pDefaultRootPrivilegeName; 581 } 582 583 584 585 /** 586 * {@inheritDoc} 587 */ 588 public String[] listRootDNUsers() { 589 return impl.listChildren(INSTANCE.getRootDNUsersRelationDefinition()); 590 } 591 592 593 594 /** 595 * {@inheritDoc} 596 */ 597 public RootDNUserCfg getRootDNUser(String name) throws ConfigException { 598 return impl.getChild(INSTANCE.getRootDNUsersRelationDefinition(), name).getConfiguration(); 599 } 600 601 602 603 /** 604 * {@inheritDoc} 605 */ 606 public void addRootDNUserAddListener( 607 ConfigurationAddListener<RootDNUserCfg> listener) throws ConfigException { 608 impl.registerAddListener(INSTANCE.getRootDNUsersRelationDefinition(), listener); 609 } 610 611 612 613 /** 614 * {@inheritDoc} 615 */ 616 public void removeRootDNUserAddListener( 617 ConfigurationAddListener<RootDNUserCfg> listener) { 618 impl.deregisterAddListener(INSTANCE.getRootDNUsersRelationDefinition(), listener); 619 } 620 621 622 623 /** 624 * {@inheritDoc} 625 */ 626 public void addRootDNUserDeleteListener( 627 ConfigurationDeleteListener<RootDNUserCfg> listener) throws ConfigException { 628 impl.registerDeleteListener(INSTANCE.getRootDNUsersRelationDefinition(), listener); 629 } 630 631 632 633 /** 634 * {@inheritDoc} 635 */ 636 public void removeRootDNUserDeleteListener( 637 ConfigurationDeleteListener<RootDNUserCfg> listener) { 638 impl.deregisterDeleteListener(INSTANCE.getRootDNUsersRelationDefinition(), listener); 639 } 640 641 642 643 /** 644 * {@inheritDoc} 645 */ 646 public Class<? extends RootDNCfg> configurationClass() { 647 return RootDNCfg.class; 648 } 649 650 651 652 /** 653 * {@inheritDoc} 654 */ 655 public DN dn() { 656 return impl.getDN(); 657 } 658 659 660 661 /** {@inheritDoc} */ 662 public String toString() { 663 return impl.toString(); 664 } 665 } 666}