org.apache.directory.server.core.authz

Class DefaultAuthorizationInterceptor

java.lang.Object

org.apache.directory.server.core.api.interceptor.BaseInterceptor

org.apache.directory.server.core.authz.DefaultAuthorizationInterceptor

All Implemented Interfaces:

Interceptor

public class DefaultAuthorizationInterceptor
extends BaseInterceptor

An Interceptor that controls access to DefaultPartitionNexus. If a user tries to perform any operations that requires permission he or she doesn't have, NoPermissionException will be thrown and therefore the current invocation chain will terminate.

Nested Class Summary

Nested Classes

Modifier and Type	Class and Description
private class	DefaultAuthorizationInterceptor.DefaultAuthorizationSearchFilter the search result filter to use for collective attribute injection

Field Summary

Fields

Modifier and Type	Field and Description
private org.apache.directory.api.ldap.model.name.Dn	adminGroupDn the distinguished Name for the administrator group
private java.util.Set<java.lang.String>	administrators
private org.apache.directory.api.ldap.model.name.Dn	adminSystemDn the base distinguished Name for the admin system
private org.apache.directory.api.ldap.model.name.Dn	groupsBaseDn the base distinguished Name for all groups
private static org.slf4j.Logger	LOG the logger for this class
private PartitionNexus	nexus
private org.apache.directory.api.ldap.model.name.Dn	usersBaseDn the base distinguished Name for all users

Fields inherited from class org.apache.directory.server.core.api.interceptor.BaseInterceptor

directoryService, dnFactory, PWD_POLICY_STATE_ATTRIBUTE_TYPES, schemaManager

Constructor Summary

Constructors

Constructor and Description
DefaultAuthorizationInterceptor() Creates a new instance of DefaultAuthorizationInterceptor.

Method Summary

Modifier and Type	Method and Description
void	delete(DeleteOperationContext deleteContext) Filters Partition#delete( DeleteOperationContext ) call.
void	init(DirectoryService directoryService) This method does nothing by default.
private boolean	isAnAdministrator(org.apache.directory.api.ldap.model.name.Dn dn)
private boolean	isSearchable(OperationContext opContext, org.apache.directory.api.ldap.model.entry.Entry entry)
private boolean	isTheAdministrator(org.apache.directory.api.ldap.model.name.Dn dn)
private void	loadAdministrators(DirectoryService directoryService)
org.apache.directory.api.ldap.model.entry.Entry	lookup(LookupOperationContext lookupContext) Filters Partition#lookup( LookupOperationContext ) call.
void	modify(ModifyOperationContext modifyContext) Filters Partition#modify( ModifyOperationContext ) call.
void	move(MoveOperationContext moveContext) Filters Partition#move( MoveOperationContext ) call.
void	moveAndRename(MoveAndRenameOperationContext moveAndRenameContext) Filters Partition#moveAndRename( MoveAndRenameOperationContext) call.
private void	protectDnAlterations(OperationContext opCtx, org.apache.directory.api.ldap.model.name.Dn dn)
private void	protectLookUp(org.apache.directory.api.ldap.model.name.Dn principalDn, org.apache.directory.api.ldap.model.name.Dn normalizedDn)
private void	protectModifyAlterations(OperationContext opCtx, org.apache.directory.api.ldap.model.name.Dn dn)
void	rename(RenameOperationContext renameContext) Filters Partition#rename( RenameOperationContext ) call.
EntryFilteringCursor	search(SearchOperationContext searchContext) Filters Partition#search( SearchOperationContext ) call.

Methods inherited from class org.apache.directory.server.core.api.interceptor.BaseInterceptor

add, bind, compare, destroy, getName, getNextInterceptor, getPrincipal, getRootDse, hasEntry, next, next, next, next, next, next, next, next, next, next, next, next, next, unbind

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

LOG

private static final org.slf4j.Logger LOG

the logger for this class

adminSystemDn

private org.apache.directory.api.ldap.model.name.Dn adminSystemDn

the base distinguished Name for the admin system

groupsBaseDn

private org.apache.directory.api.ldap.model.name.Dn groupsBaseDn

the base distinguished Name for all groups

usersBaseDn

private org.apache.directory.api.ldap.model.name.Dn usersBaseDn

the base distinguished Name for all users

adminGroupDn

private org.apache.directory.api.ldap.model.name.Dn adminGroupDn

the distinguished Name for the administrator group

administrators

private java.util.Set<java.lang.String> administrators

nexus

private PartitionNexus nexus

Constructor Detail

DefaultAuthorizationInterceptor

public DefaultAuthorizationInterceptor()

Creates a new instance of DefaultAuthorizationInterceptor.

Method Detail

init

public void init(DirectoryService directoryService)
          throws org.apache.directory.api.ldap.model.exception.LdapException

Description copied from class: BaseInterceptor

This method does nothing by default.

Specified by:

init in interface Interceptor

Overrides:

init in class BaseInterceptor

Throws:

org.apache.directory.api.ldap.model.exception.LdapException

loadAdministrators

private void loadAdministrators(DirectoryService directoryService)
                         throws org.apache.directory.api.ldap.model.exception.LdapException

Throws:

org.apache.directory.api.ldap.model.exception.LdapException

delete

public void delete(DeleteOperationContext deleteContext)
            throws org.apache.directory.api.ldap.model.exception.LdapException

Filters Partition#delete( DeleteOperationContext ) call.

Specified by:

delete in interface Interceptor

Overrides:

delete in class BaseInterceptor

Throws:

org.apache.directory.api.ldap.model.exception.LdapException

lookup

public org.apache.directory.api.ldap.model.entry.Entry lookup(LookupOperationContext lookupContext)
                                                       throws org.apache.directory.api.ldap.model.exception.LdapException

Filters Partition#lookup( LookupOperationContext ) call.

Specified by:

lookup in interface Interceptor

Overrides:

lookup in class BaseInterceptor

Throws:

org.apache.directory.api.ldap.model.exception.LdapException

modify

public void modify(ModifyOperationContext modifyContext)
            throws org.apache.directory.api.ldap.model.exception.LdapException

Filters Partition#modify( ModifyOperationContext ) call.

Specified by:

modify in interface Interceptor

Overrides:

modify in class BaseInterceptor

Throws:

org.apache.directory.api.ldap.model.exception.LdapException

move

public void move(MoveOperationContext moveContext)
          throws org.apache.directory.api.ldap.model.exception.LdapException

Filters Partition#move( MoveOperationContext ) call.

Specified by:

move in interface Interceptor

Overrides:

move in class BaseInterceptor

Throws:

org.apache.directory.api.ldap.model.exception.LdapException

moveAndRename

public void moveAndRename(MoveAndRenameOperationContext moveAndRenameContext)
                   throws org.apache.directory.api.ldap.model.exception.LdapException

Filters Partition#moveAndRename( MoveAndRenameOperationContext) call.

Specified by:

moveAndRename in interface Interceptor

Overrides:

moveAndRename in class BaseInterceptor

Throws:

org.apache.directory.api.ldap.model.exception.LdapException

rename

public void rename(RenameOperationContext renameContext)
            throws org.apache.directory.api.ldap.model.exception.LdapException

Filters Partition#rename( RenameOperationContext ) call.

Specified by:

rename in interface Interceptor

Overrides:

rename in class BaseInterceptor

Throws:

org.apache.directory.api.ldap.model.exception.LdapException

search

public EntryFilteringCursor search(SearchOperationContext searchContext)
                            throws org.apache.directory.api.ldap.model.exception.LdapException

Filters Partition#search( SearchOperationContext ) call.

Specified by:

search in interface Interceptor

Overrides:

search in class BaseInterceptor

Throws:

org.apache.directory.api.ldap.model.exception.LdapException

isTheAdministrator

private boolean isTheAdministrator(org.apache.directory.api.ldap.model.name.Dn dn)

isAnAdministrator

private boolean isAnAdministrator(org.apache.directory.api.ldap.model.name.Dn dn)

protectModifyAlterations

private void protectModifyAlterations(OperationContext opCtx,
                                      org.apache.directory.api.ldap.model.name.Dn dn)
                               throws org.apache.directory.api.ldap.model.exception.LdapException

Throws:

org.apache.directory.api.ldap.model.exception.LdapException

protectDnAlterations

private void protectDnAlterations(OperationContext opCtx,
                                  org.apache.directory.api.ldap.model.name.Dn dn)
                           throws org.apache.directory.api.ldap.model.exception.LdapException

Throws:

org.apache.directory.api.ldap.model.exception.LdapException

protectLookUp

private void protectLookUp(org.apache.directory.api.ldap.model.name.Dn principalDn,
                           org.apache.directory.api.ldap.model.name.Dn normalizedDn)
                    throws org.apache.directory.api.ldap.model.exception.LdapException

Throws:

org.apache.directory.api.ldap.model.exception.LdapException

isSearchable

private boolean isSearchable(OperationContext opContext,
                             org.apache.directory.api.ldap.model.entry.Entry entry)
                      throws org.apache.directory.api.ldap.model.exception.LdapException

Throws:

org.apache.directory.api.ldap.model.exception.LdapException