org.apache.directory.server.core.authz

Class GroupCache

java.lang.Object

org.apache.directory.server.core.authz.GroupCache

public class GroupCache
extends java.lang.Object

A cache for tracking static group membership.

Field Summary

Fields

Modifier and Type	Field and Description
private org.apache.directory.api.ldap.model.name.Dn	administratorsGroupDn the normalized dn of the administrators group
private DirectoryService	directoryService the directory service
private DnFactory	dnFactory the Dn factory
private net.sf.ehcache.Cache	ehCache String key for the Dn of a group to a Set (HashSet) for the Strings of member DNs
private static java.util.Set<org.apache.directory.api.ldap.model.name.Dn>	EMPTY_GROUPS
private static boolean	IS_DEBUG Speedup for logs
private static org.slf4j.Logger	LOG the logger for this class
private PartitionNexus	nexus a handle on the partition nexus
private org.apache.directory.api.ldap.model.schema.SchemaManager	schemaManager the schema manager

Constructor Summary

Constructors

Constructor and Description
GroupCache(DirectoryService dirService) Creates a static group cache.

Method Summary

Modifier and Type	Method and Description
private void	addMembers(java.util.Set<java.lang.String> memberSet, org.apache.directory.api.ldap.model.entry.Attribute members) Adds normalized member DNs to the set of normalized member names.
java.util.Set<org.apache.directory.api.ldap.model.name.Dn>	getGroups(java.lang.String member) Gets the set of groups a user is a member of.
private org.apache.directory.api.ldap.model.entry.Attribute	getMemberAttribute(org.apache.directory.api.ldap.model.entry.Entry entry) Gets the member attribute regardless of whether groupOfNames or groupOfUniqueNames is used.
void	groupAdded(org.apache.directory.api.ldap.model.name.Dn name, org.apache.directory.api.ldap.model.entry.Entry entry) Adds a groups members to the cache.
void	groupDeleted(org.apache.directory.api.ldap.model.name.Dn name, org.apache.directory.api.ldap.model.entry.Entry entry) Deletes a group's members from the cache.
void	groupModified(org.apache.directory.api.ldap.model.name.Dn name, java.util.List<org.apache.directory.api.ldap.model.entry.Modification> mods, org.apache.directory.api.ldap.model.entry.Entry entry, org.apache.directory.api.ldap.model.schema.SchemaManager schemaManager) Modifies the cache to reflect changes via modify operations to the group entries.
void	groupModified(org.apache.directory.api.ldap.model.name.Dn name, org.apache.directory.api.ldap.model.entry.ModificationOperation modOp, org.apache.directory.api.ldap.model.entry.Entry mods) Modifies the cache to reflect changes via modify operations to the group entries.
boolean	groupRenamed(org.apache.directory.api.ldap.model.name.Dn oldName, org.apache.directory.api.ldap.model.name.Dn newName)
private void	initialize(CoreSession session)
boolean	isPrincipalAnAdministrator(org.apache.directory.api.ldap.model.name.Dn principalDn) An optimization.
private void	modify(java.util.Set<java.lang.String> memberSet, org.apache.directory.api.ldap.model.entry.ModificationOperation modOp, org.apache.directory.api.ldap.model.entry.Attribute members) Utility method to modify a set of member names based on a modify operation that changes the members of a group.
private org.apache.directory.api.ldap.model.name.Dn	parseNormalized(java.lang.String name)
private void	removeMembers(java.util.Set<java.lang.String> memberSet, org.apache.directory.api.ldap.model.entry.Attribute members) Removes a set of member names from an existing set.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

LOG

private static final org.slf4j.Logger LOG

the logger for this class

IS_DEBUG

private static final boolean IS_DEBUG

Speedup for logs

nexus

private final PartitionNexus nexus

a handle on the partition nexus

directoryService

private final DirectoryService directoryService

the directory service

schemaManager

private org.apache.directory.api.ldap.model.schema.SchemaManager schemaManager

the schema manager

dnFactory

private DnFactory dnFactory

the Dn factory

administratorsGroupDn

private org.apache.directory.api.ldap.model.name.Dn administratorsGroupDn

the normalized dn of the administrators group

EMPTY_GROUPS

private static final java.util.Set<org.apache.directory.api.ldap.model.name.Dn> EMPTY_GROUPS

ehCache

private net.sf.ehcache.Cache ehCache

String key for the Dn of a group to a Set (HashSet) for the Strings of member DNs

Constructor Detail

GroupCache

public GroupCache(DirectoryService dirService)
           throws org.apache.directory.api.ldap.model.exception.LdapException

Creates a static group cache.

Parameters:

dirService - the directory service core

Throws:

org.apache.directory.api.ldap.model.exception.LdapException - if there are failures on initialization

Method Detail

parseNormalized

private org.apache.directory.api.ldap.model.name.Dn parseNormalized(java.lang.String name)
                                                             throws org.apache.directory.api.ldap.model.exception.LdapException

Throws:

org.apache.directory.api.ldap.model.exception.LdapException

initialize

private void initialize(CoreSession session)
                 throws org.apache.directory.api.ldap.model.exception.LdapException

Throws:

org.apache.directory.api.ldap.model.exception.LdapException

getMemberAttribute

private org.apache.directory.api.ldap.model.entry.Attribute getMemberAttribute(org.apache.directory.api.ldap.model.entry.Entry entry)
                                                                        throws org.apache.directory.api.ldap.model.exception.LdapException

Gets the member attribute regardless of whether groupOfNames or groupOfUniqueNames is used.

Parameters:

entry - the entry inspected for member attributes

Returns:

the member attribute

Throws:

org.apache.directory.api.ldap.model.exception.LdapException

addMembers

private void addMembers(java.util.Set<java.lang.String> memberSet,
                        org.apache.directory.api.ldap.model.entry.Attribute members)
                 throws org.apache.directory.api.ldap.model.exception.LdapException

Adds normalized member DNs to the set of normalized member names.

Parameters:

memberSet - the set of member Dns (Strings)

members - the member attribute values being added

Throws:

org.apache.directory.api.ldap.model.exception.LdapException - if there are problems accessing the attr values

removeMembers

private void removeMembers(java.util.Set<java.lang.String> memberSet,
                           org.apache.directory.api.ldap.model.entry.Attribute members)
                    throws org.apache.directory.api.ldap.model.exception.LdapException

Removes a set of member names from an existing set.

Parameters:

memberSet - the set of normalized member DNs

members - the set of member values

Throws:

org.apache.directory.api.ldap.model.exception.LdapException - if there are problems accessing the attr values

groupAdded

public void groupAdded(org.apache.directory.api.ldap.model.name.Dn name,
                       org.apache.directory.api.ldap.model.entry.Entry entry)
                throws org.apache.directory.api.ldap.model.exception.LdapException

Adds a groups members to the cache. Called by interceptor to account for new group additions.

Parameters:

name - the user provided name for the group entry

entry - the group entry's attributes

Throws:

org.apache.directory.api.ldap.model.exception.LdapException - if there are problems accessing the attr values

groupDeleted

public void groupDeleted(org.apache.directory.api.ldap.model.name.Dn name,
                         org.apache.directory.api.ldap.model.entry.Entry entry)
                  throws org.apache.directory.api.ldap.model.exception.LdapException

Deletes a group's members from the cache. Called by interceptor to account for the deletion of groups.

Parameters:

name - the normalized Dn of the group entry

entry - the attributes of entry being deleted

Throws:

org.apache.directory.api.ldap.model.exception.LdapException

modify

private void modify(java.util.Set<java.lang.String> memberSet,
                    org.apache.directory.api.ldap.model.entry.ModificationOperation modOp,
                    org.apache.directory.api.ldap.model.entry.Attribute members)
             throws org.apache.directory.api.ldap.model.exception.LdapException

Utility method to modify a set of member names based on a modify operation that changes the members of a group.

Parameters:

memberSet - the set of members to be altered

modOp - the type of modify operation being performed

members - the members being added, removed or replaced

Throws:

org.apache.directory.api.ldap.model.exception.LdapException - if there are problems accessing attribute values

groupModified

public void groupModified(org.apache.directory.api.ldap.model.name.Dn name,
                          java.util.List<org.apache.directory.api.ldap.model.entry.Modification> mods,
                          org.apache.directory.api.ldap.model.entry.Entry entry,
                          org.apache.directory.api.ldap.model.schema.SchemaManager schemaManager)
                   throws org.apache.directory.api.ldap.model.exception.LdapException

Modifies the cache to reflect changes via modify operations to the group entries. Called by the interceptor to account for modify ops on groups.

Parameters:

name - the normalized name of the group entry modified

mods - the modification operations being performed

entry - the group entry being modified

Throws:

org.apache.directory.api.ldap.model.exception.LdapException - if there are problems accessing attribute values

groupModified

public void groupModified(org.apache.directory.api.ldap.model.name.Dn name,
                          org.apache.directory.api.ldap.model.entry.ModificationOperation modOp,
                          org.apache.directory.api.ldap.model.entry.Entry mods)
                   throws org.apache.directory.api.ldap.model.exception.LdapException

Modifies the cache to reflect changes via modify operations to the group entries. Called by the interceptor to account for modify ops on groups.

Parameters:

name - the normalized name of the group entry modified

modOp - the modify operation being performed

mods - the modifications being performed

Throws:

org.apache.directory.api.ldap.model.exception.LdapException - if there are problems accessing attribute values

isPrincipalAnAdministrator

public final boolean isPrincipalAnAdministrator(org.apache.directory.api.ldap.model.name.Dn principalDn)

An optimization. By having this method here we can directly access the group membership information and lookup to see if the principalDn is contained within.

Parameters:

principalDn - the normalized Dn of the user to check if they are an admin

Returns:

true if the principal is an admin or the admin

getGroups

public java.util.Set<org.apache.directory.api.ldap.model.name.Dn> getGroups(java.lang.String member)
                                                                     throws org.apache.directory.api.ldap.model.exception.LdapException

Gets the set of groups a user is a member of. The groups are returned as normalized Name objects within the set.

Parameters:

member - the member (user) to get the groups for

Returns:

a Set of Name objects representing the groups

Throws:

org.apache.directory.api.ldap.model.exception.LdapException - if there are problems accessing attribute values

groupRenamed

public boolean groupRenamed(org.apache.directory.api.ldap.model.name.Dn oldName,
                            org.apache.directory.api.ldap.model.name.Dn newName)