AdministrativePointInterceptor

java.lang.Object
- org.apache.directory.server.core.api.interceptor.BaseInterceptor
- - org.apache.directory.server.core.admin.AdministrativePointInterceptor

All Implemented Interfaces:

Interceptor
```
public class AdministrativePointInterceptor
extends BaseInterceptor
```
An interceptor to manage the Administrative model

Field Summary

Fields
Modifier and Type	Field and Description
`private static java.util.Set<java.lang.String>`	`INNER_AREA_ROLES` The possible inner area roles
`private static boolean`	`IS_DEBUG` Speedup for logs
`private static org.slf4j.Logger`	`LOG` A `Logger` for this class
`private java.util.concurrent.locks.ReentrantReadWriteLock`	`mutex` A lock to guarantee the AP cache consistency
`private PartitionNexus`	`nexus` A reference to the nexus for direct backend operations
`private static java.util.Set<java.lang.String>`	`ROLES` The possible roles
`private static java.util.Map<java.lang.String,java.lang.String>`	`ROLES_OID` A Map to associate a role with it's OID
`private static java.util.Set<java.lang.String>`	`SPECIFIC_AREA_ROLES` The possible specific area roles

Fields inherited from class org.apache.directory.server.core.api.interceptor.BaseInterceptor
directoryService, dnFactory, PWD_POLICY_STATE_ATTRIBUTE_TYPES, schemaManager

Constructor Summary

Constructors
Constructor and Description

AdministrativePointInterceptor()
Creates a new instance of a AdministrativePointInterceptor.

Constructors
Constructor and Description
`AdministrativePointInterceptor()` Creates a new instance of a AdministrativePointInterceptor.

Method Summary

All Methods Instance Methods Concrete Methods
Modifier and Type	Method and Description
`void`	`add(AddOperationContext addContext)` Add an administrative point into the DIT.
`private void`	`addAdminPointCache(java.util.List<org.apache.directory.api.ldap.model.entry.Entry> adminPointEntries)` Update The Administrative Points cache, adding the given AdminPoints
`private void`	`addRole(java.lang.String role, org.apache.directory.api.ldap.model.name.Dn dn, java.lang.String uuid, org.apache.directory.api.ldap.util.tree.DnNode<AccessControlAdministrativePoint> acapCache, org.apache.directory.api.ldap.util.tree.DnNode<CollectiveAttributeAdministrativePoint> caapCache, org.apache.directory.api.ldap.util.tree.DnNode<TriggerExecutionAdministrativePoint> teapCache, org.apache.directory.api.ldap.util.tree.DnNode<SubschemaAdministrativePoint> ssapCache)` Update the cache clones with the added roles
`private void`	`checkAddRole(org.apache.directory.api.ldap.model.entry.Value<?> role, org.apache.directory.api.ldap.model.entry.Attribute adminPoint, org.apache.directory.api.ldap.model.name.Dn dn)` Check if we can safely add a role.
`private void`	`checkDelRole(org.apache.directory.api.ldap.model.entry.Value<?> role, org.apache.directory.api.ldap.model.entry.Attribute adminPoint, org.apache.directory.api.ldap.model.name.Dn dn)` Check if we can safely delete a role
`private void`	`checkIAPHasParent(java.lang.String role, org.apache.directory.api.ldap.model.entry.Attribute adminPoint, org.apache.directory.api.ldap.model.name.Dn dn)` Check that the IAPs (if any) have a parent.
`private void`	`checkInnerSpecificMix(java.lang.String role, org.apache.directory.api.ldap.model.entry.Attribute adminPoint)` Check that we don't have an IAP and a SAP with the same family
`private void`	`createAdministrativePoints(org.apache.directory.api.ldap.model.entry.Attribute adminPoint, org.apache.directory.api.ldap.model.name.Dn dn, java.lang.String uuid)` Create the list of AP for a given entry
`void`	`delete(DeleteOperationContext deleteContext)` We have to check that we can remove the associated AdministrativePoint : if we remove an AAP, no descendant IAP should remain orphan If we remove a SAP, no descendant IAP should remain orphan Filters `Partition#delete( DeleteOperationContext )` call.
`private void`	`deleteAdminPointCache(org.apache.directory.api.ldap.model.entry.Attribute adminPoint, DeleteOperationContext deleteContext)` Update The Administrative Points cache, removing the given AdminPoint
`private void`	`delRole(java.lang.String role, org.apache.directory.api.ldap.model.name.Dn dn, java.lang.String uuid, org.apache.directory.api.ldap.util.tree.DnNode<AccessControlAdministrativePoint> acapCache, org.apache.directory.api.ldap.util.tree.DnNode<CollectiveAttributeAdministrativePoint> caapCache, org.apache.directory.api.ldap.util.tree.DnNode<TriggerExecutionAdministrativePoint> teapCache, org.apache.directory.api.ldap.util.tree.DnNode<SubschemaAdministrativePoint> ssapCache)` Update the cache clones with the added roles
`void`	`destroy()` This method does nothing by default.
`private AdministrativePoint`	`findParent(AdministrativePoint ap, org.apache.directory.api.ldap.util.tree.DnNode<java.util.List<AdministrativePoint>> currentNode)` Find the parent for the given administrative point.
`private java.util.List<org.apache.directory.api.ldap.model.entry.Entry>`	`getAdministrativePoints()`
`private AdministrativePoint`	`getParent(AdministrativePoint ap, java.util.List<AdministrativePoint> aps, org.apache.directory.api.ldap.model.subtree.AdministrativeRole role, org.apache.directory.api.ldap.util.tree.DnNode<java.util.List<AdministrativePoint>> currentNode)`
`private boolean`	`hasAccessControlSpecificRole(org.apache.directory.api.ldap.model.entry.Attribute adminPoint)`
`private boolean`	`hasCollectiveAttributeSpecificRole(org.apache.directory.api.ldap.model.entry.Attribute adminPoint)`
`private boolean`	`hasTriggerExecutionSpecificRole(org.apache.directory.api.ldap.model.entry.Attribute adminPoint)`
`void`	`init(DirectoryService directoryService)` Registers and initializes all `Authenticator`s to this service.
`private boolean`	`isAAP(org.apache.directory.api.ldap.model.entry.Attribute adminPoint)` Tells if the Administrative Point role is an AAP
`private boolean`	`isAccessControlInnerRole(java.lang.String role)` Tells if the role is an AC IAP
`private boolean`	`isAccessControlSpecificRole(java.lang.String role)` Tells if the role is an AC SAP
`private boolean`	`isAutonomousAreaRole(java.lang.String role)` Tells if the role is an AAP
`private boolean`	`isCollectiveAttributeInnerRole(java.lang.String role)` Tells if the role is a CA IAP
`private boolean`	`isCollectiveAttributeSpecificRole(java.lang.String role)` Tells if the role is a CA SAP
`private boolean`	`isIAP(java.lang.String role)`
`private boolean`	`isSubschemaSpecficRole(java.lang.String role)` Tells if the role is a SS SAP
`private boolean`	`isTriggerExecutionInnerRole(java.lang.String role)` Tells if the role is a TE IAP
`private boolean`	`isTriggerExecutionSpecificRole(java.lang.String role)` Tells if the role is a TE SAP
`private boolean`	`isValidRole(java.lang.String role)` Tells if a given role is a valid administrative role.
`void`	`lockRead()` Get a read-lock on the AP cache.
`void`	`lockWrite()` Get a write-lock on the AP cache.
`void`	`modify(ModifyOperationContext modifyContext)` Only the add and remove modifications are fully supported.
`void`	`move(MoveOperationContext moveContext)` Filters `Partition#move( MoveOperationContext )` call.
`void`	`moveAndRename(MoveAndRenameOperationContext moveAndRenameContext)` Filters `Partition#moveAndRename( MoveAndRenameOperationContext)` call.
`void`	`rename(RenameOperationContext renameContext)` Filters `Partition#rename( RenameOperationContext )` call.
`void`	`unlock()` Release the read-write lock on the AP cache.

Methods inherited from class org.apache.directory.server.core.api.interceptor.BaseInterceptor
bind, compare, getName, getNextInterceptor, getPrincipal, getRootDse, hasEntry, lookup, next, next, next, next, next, next, next, next, next, next, next, next, next, search, unbind

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

LOG

private static final org.slf4j.Logger LOG

A Logger for this class

IS_DEBUG
```
private static final boolean IS_DEBUG
```
Speedup for logs

nexus
```
private PartitionNexus nexus
```
A reference to the nexus for direct backend operations

ROLES

private static final java.util.Set<java.lang.String> ROLES

The possible roles

ROLES_OID

private static final java.util.Map<java.lang.String,java.lang.String> ROLES_OID

A Map to associate a role with it's OID

INNER_AREA_ROLES

private static final java.util.Set<java.lang.String> INNER_AREA_ROLES

The possible inner area roles

SPECIFIC_AREA_ROLES

private static final java.util.Set<java.lang.String> SPECIFIC_AREA_ROLES

The possible specific area roles

mutex

private java.util.concurrent.locks.ReentrantReadWriteLock mutex

A lock to guarantee the AP cache consistency

Constructor Detail
- AdministrativePointInterceptor
```
public AdministrativePointInterceptor()
```
  Creates a new instance of a AdministrativePointInterceptor.

Method Detail

lockRead
```
public void lockRead()
```
Get a read-lock on the AP cache. No read operation can be done on the AP cache if this method is not called before.

lockWrite
```
public void lockWrite()
```
Get a write-lock on the AP cache. No write operation can be done on the apCache if this method is not called before.

unlock
```
public void unlock()
```
Release the read-write lock on the AP cache. This method must be called after having read or modified the AP cache

createAdministrativePoints

private void createAdministrativePoints(org.apache.directory.api.ldap.model.entry.Attribute adminPoint,
                                        org.apache.directory.api.ldap.model.name.Dn dn,
                                        java.lang.String uuid)
                                 throws org.apache.directory.api.ldap.model.exception.LdapException

Create the list of AP for a given entry

Throws:: org.apache.directory.api.ldap.model.exception.LdapException

addRole

private void addRole(java.lang.String role,
                     org.apache.directory.api.ldap.model.name.Dn dn,
                     java.lang.String uuid,
                     org.apache.directory.api.ldap.util.tree.DnNode<AccessControlAdministrativePoint> acapCache,
                     org.apache.directory.api.ldap.util.tree.DnNode<CollectiveAttributeAdministrativePoint> caapCache,
                     org.apache.directory.api.ldap.util.tree.DnNode<TriggerExecutionAdministrativePoint> teapCache,
                     org.apache.directory.api.ldap.util.tree.DnNode<SubschemaAdministrativePoint> ssapCache)
              throws org.apache.directory.api.ldap.model.exception.LdapException

Update the cache clones with the added roles

Throws:: org.apache.directory.api.ldap.model.exception.LdapException

delRole

private void delRole(java.lang.String role,
                     org.apache.directory.api.ldap.model.name.Dn dn,
                     java.lang.String uuid,
                     org.apache.directory.api.ldap.util.tree.DnNode<AccessControlAdministrativePoint> acapCache,
                     org.apache.directory.api.ldap.util.tree.DnNode<CollectiveAttributeAdministrativePoint> caapCache,
                     org.apache.directory.api.ldap.util.tree.DnNode<TriggerExecutionAdministrativePoint> teapCache,
                     org.apache.directory.api.ldap.util.tree.DnNode<SubschemaAdministrativePoint> ssapCache)
              throws org.apache.directory.api.ldap.model.exception.LdapException

Update the cache clones with the added roles

Throws:: org.apache.directory.api.ldap.model.exception.LdapException

getParent

private AdministrativePoint getParent(AdministrativePoint ap,
                                      java.util.List<AdministrativePoint> aps,
                                      org.apache.directory.api.ldap.model.subtree.AdministrativeRole role,
                                      org.apache.directory.api.ldap.util.tree.DnNode<java.util.List<AdministrativePoint>> currentNode)

findParent

private AdministrativePoint findParent(AdministrativePoint ap,
                                       org.apache.directory.api.ldap.util.tree.DnNode<java.util.List<AdministrativePoint>> currentNode)

Find the parent for the given administrative point. If the AP is an AAP, the parent will be the closest AAP or the closest SAP. If we have a SAP between the added AAP and a AAP, then

checkAddRole

private void checkAddRole(org.apache.directory.api.ldap.model.entry.Value<?> role,
                          org.apache.directory.api.ldap.model.entry.Attribute adminPoint,
                          org.apache.directory.api.ldap.model.name.Dn dn)
                   throws org.apache.directory.api.ldap.model.exception.LdapException

Check if we can safely add a role. If it's an AAP, we have to be sure that it's the only role present in the AT.

Throws:: org.apache.directory.api.ldap.model.exception.LdapException

checkDelRole

private void checkDelRole(org.apache.directory.api.ldap.model.entry.Value<?> role,
                          org.apache.directory.api.ldap.model.entry.Attribute adminPoint,
                          org.apache.directory.api.ldap.model.name.Dn dn)
                   throws org.apache.directory.api.ldap.model.exception.LdapException

Check if we can safely delete a role

Throws:: org.apache.directory.api.ldap.model.exception.LdapException

getAdministrativePoints

private java.util.List<org.apache.directory.api.ldap.model.entry.Entry> getAdministrativePoints()
                                                                                         throws org.apache.directory.api.ldap.model.exception.LdapException

Throws:: org.apache.directory.api.ldap.model.exception.LdapException

isValidRole
```
private boolean isValidRole(java.lang.String role)
```
Tells if a given role is a valid administrative role. We check the lower cased and trimmed value, and also the OID value.

addAdminPointCache

private void addAdminPointCache(java.util.List<org.apache.directory.api.ldap.model.entry.Entry> adminPointEntries)
                         throws org.apache.directory.api.ldap.model.exception.LdapException

Update The Administrative Points cache, adding the given AdminPoints

Throws:: org.apache.directory.api.ldap.model.exception.LdapException

deleteAdminPointCache

private void deleteAdminPointCache(org.apache.directory.api.ldap.model.entry.Attribute adminPoint,
                                   DeleteOperationContext deleteContext)
                            throws org.apache.directory.api.ldap.model.exception.LdapException

Update The Administrative Points cache, removing the given AdminPoint

Throws:: org.apache.directory.api.ldap.model.exception.LdapException

isAccessControlInnerRole

private boolean isAccessControlInnerRole(java.lang.String role)

Tells if the role is an AC IAP

isAccessControlSpecificRole

private boolean isAccessControlSpecificRole(java.lang.String role)

Tells if the role is an AC SAP

isCollectiveAttributeInnerRole

private boolean isCollectiveAttributeInnerRole(java.lang.String role)

Tells if the role is a CA IAP

isCollectiveAttributeSpecificRole

private boolean isCollectiveAttributeSpecificRole(java.lang.String role)

Tells if the role is a CA SAP

isTriggerExecutionInnerRole

private boolean isTriggerExecutionInnerRole(java.lang.String role)

Tells if the role is a TE IAP

isTriggerExecutionSpecificRole

private boolean isTriggerExecutionSpecificRole(java.lang.String role)

Tells if the role is a TE SAP

isSubschemaSpecficRole

private boolean isSubschemaSpecficRole(java.lang.String role)

Tells if the role is a SS SAP

isAutonomousAreaRole

private boolean isAutonomousAreaRole(java.lang.String role)

Tells if the role is an AAP

isAAP

private boolean isAAP(org.apache.directory.api.ldap.model.entry.Attribute adminPoint)

Tells if the Administrative Point role is an AAP

hasAccessControlSpecificRole

private boolean hasAccessControlSpecificRole(org.apache.directory.api.ldap.model.entry.Attribute adminPoint)

isIAP

private boolean isIAP(java.lang.String role)

hasCollectiveAttributeSpecificRole

private boolean hasCollectiveAttributeSpecificRole(org.apache.directory.api.ldap.model.entry.Attribute adminPoint)

hasTriggerExecutionSpecificRole

private boolean hasTriggerExecutionSpecificRole(org.apache.directory.api.ldap.model.entry.Attribute adminPoint)

checkInnerSpecificMix

private void checkInnerSpecificMix(java.lang.String role,
                                   org.apache.directory.api.ldap.model.entry.Attribute adminPoint)
                            throws org.apache.directory.api.ldap.model.exception.LdapUnwillingToPerformException

Check that we don't have an IAP and a SAP with the same family

Throws:: org.apache.directory.api.ldap.model.exception.LdapUnwillingToPerformException

checkIAPHasParent

private void checkIAPHasParent(java.lang.String role,
                               org.apache.directory.api.ldap.model.entry.Attribute adminPoint,
                               org.apache.directory.api.ldap.model.name.Dn dn)
                        throws org.apache.directory.api.ldap.model.exception.LdapUnwillingToPerformException

Check that the IAPs (if any) have a parent. We will check for each kind or role : AC, CA and TE.

Throws:: org.apache.directory.api.ldap.model.exception.LdapUnwillingToPerformException

init
```
public void init(DirectoryService directoryService)
          throws org.apache.directory.api.ldap.model.exception.LdapException
```
Registers and initializes all Authenticators to this service.

Specified by:

init in interface Interceptor

Overrides:

init in class BaseInterceptor

Throws:

org.apache.directory.api.ldap.model.exception.LdapException

destroy
```
public void destroy()
```
This method does nothing by default.

Specified by:

destroy in interface Interceptor

Overrides:

destroy in class BaseInterceptor

add
```
public void add(AddOperationContext addContext)
         throws org.apache.directory.api.ldap.model.exception.LdapException
```
Add an administrative point into the DIT. We have to deal with some specific cases :
- If it's an AA, then the added role should be the only one
- It's not possible to add IA and SA at the same time
Specified by:

add in interface Interceptor

Overrides:

add in class BaseInterceptor

Parameters:

addContext - The AddOperationContext instance

Throws:

org.apache.directory.api.ldap.model.exception.LdapException - If we had some error while processing the Add operation

delete
```
public void delete(DeleteOperationContext deleteContext)
            throws org.apache.directory.api.ldap.model.exception.LdapException
```
We have to check that we can remove the associated AdministrativePoint :
- if we remove an AAP, no descendant IAP should remain orphan
- If we remove a SAP, no descendant IAP should remain orphan
Filters Partition#delete( DeleteOperationContext ) call.
Specified by:

delete in interface Interceptor

Overrides:

delete in class BaseInterceptor

Throws:

org.apache.directory.api.ldap.model.exception.LdapException

modify
```
public void modify(ModifyOperationContext modifyContext)
            throws org.apache.directory.api.ldap.model.exception.LdapException
```
Only the add and remove modifications are fully supported. We have to check that the underlying APs are still consistent. We first have to compute the final AdministrativeRole, then do a diff with the initial attribute, to determinate which roles have been added and which ones have been deleted. Once this is done, we have to check that when deleting or adding each of those roles the admin model remains consistent. Filters Partition#modify( ModifyOperationContext ) call.

Specified by:

modify in interface Interceptor

Overrides:

modify in class BaseInterceptor

Throws:

org.apache.directory.api.ldap.model.exception.LdapException

move
```
public void move(MoveOperationContext moveContext)
          throws org.apache.directory.api.ldap.model.exception.LdapException
```
Filters Partition#move( MoveOperationContext ) call.

Specified by:

move in interface Interceptor

Overrides:

move in class BaseInterceptor

Throws:

org.apache.directory.api.ldap.model.exception.LdapException

moveAndRename
```
public void moveAndRename(MoveAndRenameOperationContext moveAndRenameContext)
                   throws org.apache.directory.api.ldap.model.exception.LdapException
```
Filters Partition#moveAndRename( MoveAndRenameOperationContext) call.

Specified by:

moveAndRename in interface Interceptor

Overrides:

moveAndRename in class BaseInterceptor

Throws:

org.apache.directory.api.ldap.model.exception.LdapException

rename
```
public void rename(RenameOperationContext renameContext)
            throws org.apache.directory.api.ldap.model.exception.LdapException
```
Filters Partition#rename( RenameOperationContext ) call.

Specified by:

rename in interface Interceptor

Overrides:

rename in class BaseInterceptor

Throws:

org.apache.directory.api.ldap.model.exception.LdapException

Class AdministrativePointInterceptor

Field Summary

Fields inherited from class org.apache.directory.server.core.api.interceptor.BaseInterceptor

Constructor Summary

Method Summary

Methods inherited from class org.apache.directory.server.core.api.interceptor.BaseInterceptor

Methods inherited from class java.lang.Object