org.apache.directory.server.core.schema

Class SchemaInterceptor

java.lang.Object

org.apache.directory.server.core.api.interceptor.BaseInterceptor

org.apache.directory.server.core.schema.SchemaInterceptor

All Implemented Interfaces:

Interceptor

public class SchemaInterceptor
extends BaseInterceptor

An Interceptor that manages and enforces schemas.

Nested Class Summary

Nested Classes

Modifier and Type	Class and Description
private class	SchemaInterceptor.TopFilter Filters objectClass attribute to inject top when not present.

Field Summary

Fields

Modifier and Type	Field and Description
private java.util.Map<java.lang.String,java.util.List<org.apache.directory.api.ldap.model.schema.AttributeType>>	allMay A map used to store all the objectClasses may attributes
private java.util.Map<java.lang.String,java.util.List<org.apache.directory.api.ldap.model.schema.AttributeType>>	allMust A map used to store all the objectClasses must
private java.util.Map<java.lang.String,java.util.List<org.apache.directory.api.ldap.model.schema.AttributeType>>	allowed A map used to store all the objectClasses allowed attributes (may + must)
private java.util.List<EntryFilter>	filters
private static boolean	IS_DEBUG Speedup for logs
private static org.slf4j.Logger	LOG The LoggerFactory used by this Interceptor
private PartitionNexus	nexus the root nexus to all database partitions
private org.apache.directory.api.ldap.model.name.Dn	schemaBaseDn the base Dn (normalized) of the schema partition
private org.apache.directory.api.ldap.model.name.Dn	schemaModificationAttributesDn The normalized name for the schema modification attributes
private SchemaSubentryManager	schemaSubEntryManager The schema manager
private org.apache.directory.api.ldap.model.name.Dn	subschemaSubentryDn The SubschemaSubentry Dn
private java.lang.String	subschemaSubentryDnNorm A normalized form for the SubschemaSubentry Dn
private java.util.Map<java.lang.String,java.util.List<org.apache.directory.api.ldap.model.schema.ObjectClass>>	superiors A map used to store all the objectClasses superiors
private SchemaInterceptor.TopFilter	topFilter

Fields inherited from class org.apache.directory.server.core.api.interceptor.BaseInterceptor

directoryService, dnFactory, PWD_POLICY_STATE_ATTRIBUTE_TYPES, schemaManager

Constructor Summary

Constructors

Constructor and Description
SchemaInterceptor() Creates a new instance of a SchemaInterceptor.

Method Summary

Modifier and Type	Method and Description
void	add(AddOperationContext addContext) Filters Partition#add( AddOperationContext ) call.
private void	alterObjectClasses(org.apache.directory.api.ldap.model.entry.Attribute objectClassAttr) Given the objectClasses for an entry, this method adds missing ancestors in the hierarchy except for top which it removes.
private void	assertAllAttributesAllowed(org.apache.directory.api.ldap.model.name.Dn dn, org.apache.directory.api.ldap.model.entry.Entry entry, java.util.Set<java.lang.String> allowed) Checks to see if an attribute is required by as determined from an entry's set of objectClass attribute values.
private void	assertAttributeIsModifyable(ModifyOperationContext modifyContext, org.apache.directory.api.ldap.model.schema.AttributeType attributeType)
private void	assertHumanReadable(org.apache.directory.api.ldap.model.entry.Entry entry) Check that all the attribute's values which are Human Readable can be transformed to valid String if they are stored as byte[], and that non Human Readable attributes stored as String can be transformed to byte[]
private void	assertNumberOfAttributeValuesValid(org.apache.directory.api.ldap.model.entry.Attribute attribute) Checks to see numbers of values of attributes conforms to the schema
private void	assertNumberOfAttributeValuesValid(org.apache.directory.api.ldap.model.entry.Entry entry) Checks to see number of values of an attribute conforms to the schema
private void	assertObjectClasses(org.apache.directory.api.ldap.model.name.Dn dn, java.util.List<org.apache.directory.api.ldap.model.schema.ObjectClass> ocs) Checck that OC does not conflict : - we can't have more than one STRUCTURAL OC unless they are in the same inheritance tree - we must have at least one STRUCTURAL OC
private void	assertRdn(org.apache.directory.api.ldap.model.name.Dn dn, org.apache.directory.api.ldap.model.entry.Entry entry)
private void	assertRequiredAttributesPresent(org.apache.directory.api.ldap.model.name.Dn dn, org.apache.directory.api.ldap.model.entry.Entry entry, java.util.Set<java.lang.String> must) Checks to see the presence of all required attributes within an entry.
private void	assertSyntaxes(org.apache.directory.api.ldap.model.entry.Entry entry) Check the entry attributes syntax, using the syntaxCheckers
private void	check(org.apache.directory.api.ldap.model.name.Dn dn, org.apache.directory.api.ldap.model.entry.Entry entry) Check that all the attributes exist in the schema for this entry.
private void	checkFilter(org.apache.directory.api.ldap.model.filter.ExprNode filter) Check that the filter values are compatible with the AttributeType.
private boolean	checkHumanReadable(org.apache.directory.api.ldap.model.entry.Attribute attribute) Check a String attribute to see if there is some byte[] value in it.
private void	checkModifyEntry(ModifyOperationContext modifyContext) Modify an entry, applying the given modifications, and check if it's OK
private boolean	checkNotHumanReadable(org.apache.directory.api.ldap.model.entry.Attribute attribute) Check a binary attribute to see if there is some String value in it.
private void	checkOcSuperior(org.apache.directory.api.ldap.model.entry.Entry entry)
boolean	compare(CompareOperationContext compareContext) Filters DefaultPartitionNexus#compare( CompareOperationContext ) call.
private void	computeMayAttributes(org.apache.directory.api.ldap.model.schema.ObjectClass objectClass, java.util.Set<java.lang.String> atSeen) Compute the MAY attributes for an objectClass.
private void	computeMustAttributes(org.apache.directory.api.ldap.model.schema.ObjectClass objectClass, java.util.Set<java.lang.String> atSeen) Compute the MUST attributes for an objectClass.
private void	computeOCSuperiors(org.apache.directory.api.ldap.model.schema.ObjectClass objectClass, java.util.List<org.apache.directory.api.ldap.model.schema.ObjectClass> superiors, java.util.Set<java.lang.String> ocSeen) Recursively compute all the superiors of an object class.
private void	computeSuperior(org.apache.directory.api.ldap.model.schema.ObjectClass objectClass) Compute the superiors and MUST/MAY attributes for a specific ObjectClass
private void	computeSuperiors() Compute all ObjectClasses superiors, MAY and MUST attributes.
private org.apache.directory.api.ldap.model.entry.Value<?>	convert(org.apache.directory.api.ldap.model.schema.AttributeType attributeType, org.apache.directory.api.ldap.model.entry.Value<?> value)
private org.apache.directory.api.ldap.model.entry.Attribute	createNewAttribute(org.apache.directory.api.ldap.model.entry.Attribute attribute) Create a new attribute using the given values
private java.util.Set<java.lang.String>	getAllAllowed(org.apache.directory.api.ldap.model.entry.Attribute objectClasses, java.util.Set<java.lang.String> must)
private java.util.Set<java.lang.String>	getAllMust(org.apache.directory.api.ldap.model.entry.Attribute objectClasses)
private boolean	getObjectClasses(org.apache.directory.api.ldap.model.entry.Attribute objectClasses, java.util.List<org.apache.directory.api.ldap.model.schema.ObjectClass> result)
private java.lang.String	getSchemaName(org.apache.directory.api.ldap.model.name.Dn dn)
private void	getSuperiors(org.apache.directory.api.ldap.model.schema.ObjectClass oc, java.util.Set<java.lang.String> ocSeen, java.util.List<org.apache.directory.api.ldap.model.schema.ObjectClass> result)
void	init(DirectoryService directoryService) Initialize the Schema Service
org.apache.directory.api.ldap.model.entry.Entry	lookup(LookupOperationContext lookupContext) Filters Partition#lookup( LookupOperationContext ) call.
void	modify(ModifyOperationContext modifyContext) Filters Partition#modify( ModifyOperationContext ) call.
void	rename(RenameOperationContext renameContext) Filters Partition#rename( RenameOperationContext ) call.
EntryFilteringCursor	search(SearchOperationContext searchContext) Filters Partition#search( SearchOperationContext ) call.

Methods inherited from class org.apache.directory.server.core.api.interceptor.BaseInterceptor

bind, delete, destroy, getName, getNextInterceptor, getPrincipal, getRootDse, hasEntry, move, moveAndRename, next, next, next, next, next, next, next, next, next, next, next, next, next, unbind

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

LOG

private static final org.slf4j.Logger LOG

The LoggerFactory used by this Interceptor

IS_DEBUG

private static final boolean IS_DEBUG

Speedup for logs

nexus

private PartitionNexus nexus

the root nexus to all database partitions

topFilter

private SchemaInterceptor.TopFilter topFilter

filters

private java.util.List<EntryFilter> filters

subschemaSubentryDnNorm

private java.lang.String subschemaSubentryDnNorm

A normalized form for the SubschemaSubentry Dn

subschemaSubentryDn

private org.apache.directory.api.ldap.model.name.Dn subschemaSubentryDn

The SubschemaSubentry Dn

schemaModificationAttributesDn

private org.apache.directory.api.ldap.model.name.Dn schemaModificationAttributesDn

The normalized name for the schema modification attributes

schemaSubEntryManager

private SchemaSubentryManager schemaSubEntryManager

The schema manager

schemaBaseDn

private org.apache.directory.api.ldap.model.name.Dn schemaBaseDn

the base Dn (normalized) of the schema partition

superiors

private java.util.Map<java.lang.String,java.util.List<org.apache.directory.api.ldap.model.schema.ObjectClass>> superiors

A map used to store all the objectClasses superiors

allMay

private java.util.Map<java.lang.String,java.util.List<org.apache.directory.api.ldap.model.schema.AttributeType>> allMay

A map used to store all the objectClasses may attributes

allMust

private java.util.Map<java.lang.String,java.util.List<org.apache.directory.api.ldap.model.schema.AttributeType>> allMust

A map used to store all the objectClasses must

allowed

private java.util.Map<java.lang.String,java.util.List<org.apache.directory.api.ldap.model.schema.AttributeType>> allowed

A map used to store all the objectClasses allowed attributes (may + must)

Constructor Detail

SchemaInterceptor

public SchemaInterceptor()

Creates a new instance of a SchemaInterceptor.

Method Detail

init

public void init(DirectoryService directoryService)
          throws org.apache.directory.api.ldap.model.exception.LdapException

Initialize the Schema Service

Specified by:

init in interface Interceptor

Overrides:

init in class BaseInterceptor

Parameters:

directoryService - the directory service core

Throws:

java.lang.Exception - if there are problems during initialization

org.apache.directory.api.ldap.model.exception.LdapException

computeMustAttributes

private void computeMustAttributes(org.apache.directory.api.ldap.model.schema.ObjectClass objectClass,
                                   java.util.Set<java.lang.String> atSeen)
                            throws org.apache.directory.api.ldap.model.exception.LdapException

Compute the MUST attributes for an objectClass. This method gather all the MUST from all the objectClass and its superors.

Parameters:

atSeen - ???

objectClass - the object class to gather MUST attributes for

Throws:

java.lang.Exception - if there are problems resolving schema entitites

org.apache.directory.api.ldap.model.exception.LdapException

computeMayAttributes

private void computeMayAttributes(org.apache.directory.api.ldap.model.schema.ObjectClass objectClass,
                                  java.util.Set<java.lang.String> atSeen)
                           throws org.apache.directory.api.ldap.model.exception.LdapException

Compute the MAY attributes for an objectClass. This method gather all the MAY from all the objectClass and its superors. The allowed attributes is also computed, it's the union of MUST and MAY

Parameters:

atSeen - ???

objectClass - the object class to get all the MAY attributes for

Throws:

java.lang.Exception - with problems accessing registries

org.apache.directory.api.ldap.model.exception.LdapException

computeOCSuperiors

private void computeOCSuperiors(org.apache.directory.api.ldap.model.schema.ObjectClass objectClass,
                                java.util.List<org.apache.directory.api.ldap.model.schema.ObjectClass> superiors,
                                java.util.Set<java.lang.String> ocSeen)
                         throws org.apache.directory.api.ldap.model.exception.LdapException

Recursively compute all the superiors of an object class. For instance, considering 'inetOrgPerson', it's direct superior is 'organizationalPerson', which direct superior is 'Person', which direct superior is 'top'. As a result, we will gather all of these three ObjectClasses in 'inetOrgPerson' ObjectClasse superiors.

Throws:

org.apache.directory.api.ldap.model.exception.LdapException

computeSuperior

private void computeSuperior(org.apache.directory.api.ldap.model.schema.ObjectClass objectClass)
                      throws org.apache.directory.api.ldap.model.exception.LdapException

Compute the superiors and MUST/MAY attributes for a specific ObjectClass

Throws:

org.apache.directory.api.ldap.model.exception.LdapException

computeSuperiors

private void computeSuperiors()
                       throws org.apache.directory.api.ldap.model.exception.LdapException

Compute all ObjectClasses superiors, MAY and MUST attributes.

Throws:

java.lang.Exception

org.apache.directory.api.ldap.model.exception.LdapException

convert

private org.apache.directory.api.ldap.model.entry.Value<?> convert(org.apache.directory.api.ldap.model.schema.AttributeType attributeType,
                                                                   org.apache.directory.api.ldap.model.entry.Value<?> value)
                                                            throws org.apache.directory.api.ldap.model.exception.LdapException

Throws:

org.apache.directory.api.ldap.model.exception.LdapException

checkFilter

private void checkFilter(org.apache.directory.api.ldap.model.filter.ExprNode filter)
                  throws org.apache.directory.api.ldap.model.exception.LdapException

Check that the filter values are compatible with the AttributeType. Typically, a HumanReadible filter should have a String value. The substring filter should not be used with binary attributes.

Throws:

org.apache.directory.api.ldap.model.exception.LdapException

getSuperiors

private void getSuperiors(org.apache.directory.api.ldap.model.schema.ObjectClass oc,
                          java.util.Set<java.lang.String> ocSeen,
                          java.util.List<org.apache.directory.api.ldap.model.schema.ObjectClass> result)
                   throws org.apache.directory.api.ldap.model.exception.LdapException

Throws:

org.apache.directory.api.ldap.model.exception.LdapException

getObjectClasses

private boolean getObjectClasses(org.apache.directory.api.ldap.model.entry.Attribute objectClasses,
                                 java.util.List<org.apache.directory.api.ldap.model.schema.ObjectClass> result)
                          throws org.apache.directory.api.ldap.model.exception.LdapException

Throws:

org.apache.directory.api.ldap.model.exception.LdapException

getAllMust

private java.util.Set<java.lang.String> getAllMust(org.apache.directory.api.ldap.model.entry.Attribute objectClasses)
                                            throws org.apache.directory.api.ldap.model.exception.LdapException

Throws:

org.apache.directory.api.ldap.model.exception.LdapException

getAllAllowed

private java.util.Set<java.lang.String> getAllAllowed(org.apache.directory.api.ldap.model.entry.Attribute objectClasses,
                                                      java.util.Set<java.lang.String> must)
                                               throws org.apache.directory.api.ldap.model.exception.LdapException

Throws:

org.apache.directory.api.ldap.model.exception.LdapException

alterObjectClasses

private void alterObjectClasses(org.apache.directory.api.ldap.model.entry.Attribute objectClassAttr)
                         throws org.apache.directory.api.ldap.model.exception.LdapException

Given the objectClasses for an entry, this method adds missing ancestors in the hierarchy except for top which it removes. This is used for this solution to DIREVE-276. More information about this solution can be found here.

Parameters:

objectClassAttr - the objectClass attribute to modify

Throws:

java.lang.Exception - if there are problems

org.apache.directory.api.ldap.model.exception.LdapException

createNewAttribute

private org.apache.directory.api.ldap.model.entry.Attribute createNewAttribute(org.apache.directory.api.ldap.model.entry.Attribute attribute)
                                                                        throws org.apache.directory.api.ldap.model.exception.LdapException

Create a new attribute using the given values

Throws:

org.apache.directory.api.ldap.model.exception.LdapException

checkModifyEntry

private void checkModifyEntry(ModifyOperationContext modifyContext)
                       throws org.apache.directory.api.ldap.model.exception.LdapException

Modify an entry, applying the given modifications, and check if it's OK

Throws:

org.apache.directory.api.ldap.model.exception.LdapException

assertAttributeIsModifyable

private void assertAttributeIsModifyable(ModifyOperationContext modifyContext,
                                         org.apache.directory.api.ldap.model.schema.AttributeType attributeType)
                                  throws org.apache.directory.api.ldap.model.exception.LdapNoPermissionException

Throws:

org.apache.directory.api.ldap.model.exception.LdapNoPermissionException

check

private void check(org.apache.directory.api.ldap.model.name.Dn dn,
                   org.apache.directory.api.ldap.model.entry.Entry entry)
            throws org.apache.directory.api.ldap.model.exception.LdapException

Check that all the attributes exist in the schema for this entry. We also check the syntaxes

Throws:

org.apache.directory.api.ldap.model.exception.LdapException

checkOcSuperior

private void checkOcSuperior(org.apache.directory.api.ldap.model.entry.Entry entry)
                      throws org.apache.directory.api.ldap.model.exception.LdapException

Throws:

org.apache.directory.api.ldap.model.exception.LdapException

add

public void add(AddOperationContext addContext)
         throws org.apache.directory.api.ldap.model.exception.LdapException

Filters Partition#add( AddOperationContext ) call.

Specified by:

add in interface Interceptor

Overrides:

add in class BaseInterceptor

Parameters:

addContext - The AddOperationContext instance

Throws:

org.apache.directory.api.ldap.model.exception.LdapException - If we had some error while processing the Add operation

compare

public boolean compare(CompareOperationContext compareContext)
                throws org.apache.directory.api.ldap.model.exception.LdapException

Filters DefaultPartitionNexus#compare( CompareOperationContext ) call.

Specified by:

compare in interface Interceptor

Overrides:

compare in class BaseInterceptor

Throws:

org.apache.directory.api.ldap.model.exception.LdapException

lookup

public org.apache.directory.api.ldap.model.entry.Entry lookup(LookupOperationContext lookupContext)
                                                       throws org.apache.directory.api.ldap.model.exception.LdapException

Filters Partition#lookup( LookupOperationContext ) call.

Specified by:

lookup in interface Interceptor

Overrides:

lookup in class BaseInterceptor

Throws:

org.apache.directory.api.ldap.model.exception.LdapException

modify

public void modify(ModifyOperationContext modifyContext)
            throws org.apache.directory.api.ldap.model.exception.LdapException

Filters Partition#modify( ModifyOperationContext ) call.

Specified by:

modify in interface Interceptor

Overrides:

modify in class BaseInterceptor

Throws:

org.apache.directory.api.ldap.model.exception.LdapException

rename

public void rename(RenameOperationContext renameContext)
            throws org.apache.directory.api.ldap.model.exception.LdapException

Filters Partition#rename( RenameOperationContext ) call.

Specified by:

rename in interface Interceptor

Overrides:

rename in class BaseInterceptor

Throws:

org.apache.directory.api.ldap.model.exception.LdapException

search

public EntryFilteringCursor search(SearchOperationContext searchContext)
                            throws org.apache.directory.api.ldap.model.exception.LdapException

Filters Partition#search( SearchOperationContext ) call.

Specified by:

search in interface Interceptor

Overrides:

search in class BaseInterceptor

Throws:

org.apache.directory.api.ldap.model.exception.LdapException

getSchemaName

private java.lang.String getSchemaName(org.apache.directory.api.ldap.model.name.Dn dn)
                                throws org.apache.directory.api.ldap.model.exception.LdapException

Throws:

org.apache.directory.api.ldap.model.exception.LdapException

assertAllAttributesAllowed

private void assertAllAttributesAllowed(org.apache.directory.api.ldap.model.name.Dn dn,
                                        org.apache.directory.api.ldap.model.entry.Entry entry,
                                        java.util.Set<java.lang.String> allowed)
                                 throws org.apache.directory.api.ldap.model.exception.LdapException

Checks to see if an attribute is required by as determined from an entry's set of objectClass attribute values.

Throws:

java.lang.Exception - if the attribute is not recognized

org.apache.directory.api.ldap.model.exception.LdapException

assertNumberOfAttributeValuesValid

private void assertNumberOfAttributeValuesValid(org.apache.directory.api.ldap.model.entry.Entry entry)
                                         throws org.apache.directory.api.ldap.model.exception.LdapInvalidAttributeValueException

Checks to see number of values of an attribute conforms to the schema

Throws:

org.apache.directory.api.ldap.model.exception.LdapInvalidAttributeValueException

assertNumberOfAttributeValuesValid

private void assertNumberOfAttributeValuesValid(org.apache.directory.api.ldap.model.entry.Attribute attribute)
                                         throws org.apache.directory.api.ldap.model.exception.LdapInvalidAttributeValueException

Checks to see numbers of values of attributes conforms to the schema

Throws:

org.apache.directory.api.ldap.model.exception.LdapInvalidAttributeValueException

assertRequiredAttributesPresent

private void assertRequiredAttributesPresent(org.apache.directory.api.ldap.model.name.Dn dn,
                                             org.apache.directory.api.ldap.model.entry.Entry entry,
                                             java.util.Set<java.lang.String> must)
                                      throws org.apache.directory.api.ldap.model.exception.LdapException

Checks to see the presence of all required attributes within an entry.

Throws:

org.apache.directory.api.ldap.model.exception.LdapException

assertObjectClasses

private void assertObjectClasses(org.apache.directory.api.ldap.model.name.Dn dn,
                                 java.util.List<org.apache.directory.api.ldap.model.schema.ObjectClass> ocs)
                          throws org.apache.directory.api.ldap.model.exception.LdapException

Checck that OC does not conflict : - we can't have more than one STRUCTURAL OC unless they are in the same inheritance tree - we must have at least one STRUCTURAL OC

Throws:

org.apache.directory.api.ldap.model.exception.LdapException

assertSyntaxes

private void assertSyntaxes(org.apache.directory.api.ldap.model.entry.Entry entry)
                     throws org.apache.directory.api.ldap.model.exception.LdapException

Check the entry attributes syntax, using the syntaxCheckers

Throws:

org.apache.directory.api.ldap.model.exception.LdapException

assertRdn

private void assertRdn(org.apache.directory.api.ldap.model.name.Dn dn,
                       org.apache.directory.api.ldap.model.entry.Entry entry)
                throws org.apache.directory.api.ldap.model.exception.LdapException

Throws:

org.apache.directory.api.ldap.model.exception.LdapException

checkHumanReadable

private boolean checkHumanReadable(org.apache.directory.api.ldap.model.entry.Attribute attribute)
                            throws org.apache.directory.api.ldap.model.exception.LdapException

Check a String attribute to see if there is some byte[] value in it. If this is the case, try to change it to a String value.

Throws:

org.apache.directory.api.ldap.model.exception.LdapException

checkNotHumanReadable

private boolean checkNotHumanReadable(org.apache.directory.api.ldap.model.entry.Attribute attribute)
                               throws org.apache.directory.api.ldap.model.exception.LdapException

Check a binary attribute to see if there is some String value in it. If this is the case, try to change it to a binary value.

Throws:

org.apache.directory.api.ldap.model.exception.LdapException

assertHumanReadable

private void assertHumanReadable(org.apache.directory.api.ldap.model.entry.Entry entry)
                          throws org.apache.directory.api.ldap.model.exception.LdapException

Check that all the attribute's values which are Human Readable can be transformed to valid String if they are stored as byte[], and that non Human Readable attributes stored as String can be transformed to byte[]

Throws:

org.apache.directory.api.ldap.model.exception.LdapException