org.apache.directory.server.core.subtree

Class SubentryInterceptor

java.lang.Object

org.apache.directory.server.core.api.interceptor.BaseInterceptor

org.apache.directory.server.core.subtree.SubentryInterceptor

All Implemented Interfaces:

Interceptor

public class SubentryInterceptor
extends BaseInterceptor

The Subentry interceptor service which is responsible for filtering out subentries on search operations and injecting operational attributes

Nested Class Summary

Nested Classes

Modifier and Type	Class and Description
private class	SubentryInterceptor.HideEntriesFilter SearchResultFilter used to filter out normal entries but shows subentries based on objectClass values.
private class	SubentryInterceptor.HideSubentriesFilter SearchResultFilter used to filter out subentries based on objectClass values.
private static class	SubentryInterceptor.OperationEnum An enum used for the entries update

Field Summary

Fields

Modifier and Type	Field and Description
private static org.slf4j.Logger	LOG The logger for this class
private PartitionNexus	nexus A reference to the nexus for direct backend operations
private org.apache.directory.api.ldap.model.subtree.SubtreeSpecificationParser	ssParser The SubTree specification parser instance
private static java.lang.String	SUBENTRY_CONTROL the subentry control OID
private org.apache.directory.api.ldap.model.entry.Value<java.lang.String>	subentryOC

Fields inherited from class org.apache.directory.server.core.api.interceptor.BaseInterceptor

directoryService, dnFactory, PWD_POLICY_STATE_ATTRIBUTE_TYPES, schemaManager

Constructor Summary

Constructors

Constructor and Description
SubentryInterceptor() Creates a new instance of SubentryInterceptor

Method Summary

Modifier and Type	Method and Description
void	add(AddOperationContext addContext) Filters Partition#add( AddOperationContext ) call.
private void	checkAdministrativeRole(OperationContext opContext, org.apache.directory.api.ldap.model.name.Dn apDn) Get the administrativePoint role
void	delete(DeleteOperationContext deleteContext) Filters Partition#delete( DeleteOperationContext ) call.
private java.util.List<org.apache.directory.api.ldap.model.entry.Modification>	getModsOnEntryModification(org.apache.directory.api.ldap.model.name.Dn name, org.apache.directory.api.ldap.model.entry.Entry oldEntry, org.apache.directory.api.ldap.model.entry.Entry newEntry) Get the list of modification to apply to all the entries
private java.util.List<org.apache.directory.api.ldap.model.entry.Modification>	getModsOnEntryRdnChange(org.apache.directory.api.ldap.model.name.Dn oldName, org.apache.directory.api.ldap.model.name.Dn newName, org.apache.directory.api.ldap.model.entry.Entry entry)
private void	getOperationalModForReplace(boolean hasRole, org.apache.directory.api.ldap.model.schema.AttributeType attributeType, org.apache.directory.api.ldap.model.entry.Entry entry, org.apache.directory.api.ldap.model.name.Dn oldDn, org.apache.directory.api.ldap.model.name.Dn newDn, java.util.List<org.apache.directory.api.ldap.model.entry.Modification> modifications) Update the list of modifications with a modification associated with a specific role, if it's requested.
private java.util.List<org.apache.directory.api.ldap.model.entry.Modification>	getOperationalModsForAdd(org.apache.directory.api.ldap.model.entry.Entry entry, java.util.List<org.apache.directory.api.ldap.model.entry.Attribute> operationalAttributes) Calculates the subentry operational attributes to add or replace from a candidate entry selected by a subtree specification.
private java.util.List<org.apache.directory.api.ldap.model.entry.Modification>	getOperationalModsForRemove(org.apache.directory.api.ldap.model.name.Dn subentryDn, org.apache.directory.api.ldap.model.entry.Entry candidate) Calculates the subentry operational attributes to remove from a candidate entry selected by a subtreeSpecification.
private java.util.List<org.apache.directory.api.ldap.model.entry.Modification>	getOperationalModsForReplace(org.apache.directory.api.ldap.model.name.Dn oldDn, org.apache.directory.api.ldap.model.name.Dn newDn, org.apache.directory.api.ldap.model.subtree.Subentry subentry, org.apache.directory.api.ldap.model.entry.Entry entry) Get the list of modifications to be applied on an entry to inject the operational attributes associated with the administrative roles.
private java.util.Set<org.apache.directory.api.ldap.model.subtree.AdministrativeRole>	getSubentryAdminRoles(org.apache.directory.api.ldap.model.entry.Entry subentry) Return the list of AdministrativeRole for a subentry
private java.util.List<org.apache.directory.api.ldap.model.entry.Attribute>	getSubentryOperationalAttributes(org.apache.directory.api.ldap.model.name.Dn dn, org.apache.directory.api.ldap.model.subtree.Subentry subentry) Gets the subschema operational attributes to be added to or removed from an entry selected by a subentry's subtreeSpecification.
private java.util.Set<org.apache.directory.api.ldap.model.subtree.AdministrativeRole>	getSubentryTypes(org.apache.directory.api.ldap.model.entry.Entry entry, java.util.List<org.apache.directory.api.ldap.model.entry.Modification> mods)
private boolean	hasAdministrativeDescendant(OperationContext opContext, org.apache.directory.api.ldap.model.name.Dn name) Checks to see if an entry being renamed has a descendant that is an administrative point.
void	init(DirectoryService directoryService) Initialize the Subentry Interceptor
private boolean	isNamingContext(org.apache.directory.api.ldap.model.name.Dn dn) Checks if the given Dn is a namingContext
private boolean	isSubentryVisible(OperationContext opContext) Checks to see if subentries for the search and list operations should be made visible based on the availability of the search request control
void	modify(ModifyOperationContext modifyContext) Filters Partition#modify( ModifyOperationContext ) call.
void	move(MoveOperationContext moveContext) The Move operation for a Subentry will deal with different cases : 1) we move a normal entry 2) we move a subentry 3) we move an administrationPoint
void	moveAndRename(MoveAndRenameOperationContext moveAndRenameContext) Filters Partition#moveAndRename( MoveAndRenameOperationContext) call.
void	rename(RenameOperationContext renameContext) Filters Partition#rename( RenameOperationContext ) call.
EntryFilteringCursor	search(SearchOperationContext searchContext) Filters Partition#search( SearchOperationContext ) call.
private void	setOperationalAttribute(org.apache.directory.api.ldap.model.entry.Entry entry, org.apache.directory.api.ldap.model.name.Dn subentryDn, org.apache.directory.api.ldap.model.schema.AttributeType opAttr) Update the Operational Attribute with the reference to the subentry
private void	setSubtreeSpecification(org.apache.directory.api.ldap.model.subtree.Subentry subentry, org.apache.directory.api.ldap.model.entry.Entry entry) Get the SubtreeSpecification, parse it and stores it into the subentry
private void	updateEntries(SubentryInterceptor.OperationEnum operation, CoreSession session, org.apache.directory.api.ldap.model.name.Dn subentryDn, org.apache.directory.api.ldap.model.name.Dn apDn, org.apache.directory.api.ldap.model.subtree.SubtreeSpecification ss, org.apache.directory.api.ldap.model.name.Dn baseDn, java.util.List<org.apache.directory.api.ldap.model.entry.Attribute> operationalAttributes) Update all the entries under an AP adding the

Methods inherited from class org.apache.directory.server.core.api.interceptor.BaseInterceptor

bind, compare, destroy, getName, getNextInterceptor, getPrincipal, getRootDse, hasEntry, lookup, next, next, next, next, next, next, next, next, next, next, next, next, next, unbind

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

LOG

private static final org.slf4j.Logger LOG

The logger for this class

SUBENTRY_CONTROL

private static final java.lang.String SUBENTRY_CONTROL

the subentry control OID

See Also:

Constant Field Values

subentryOC

private org.apache.directory.api.ldap.model.entry.Value<java.lang.String> subentryOC

ssParser

private org.apache.directory.api.ldap.model.subtree.SubtreeSpecificationParser ssParser

The SubTree specification parser instance

nexus

private PartitionNexus nexus

A reference to the nexus for direct backend operations

Constructor Detail

SubentryInterceptor

public SubentryInterceptor()

Creates a new instance of SubentryInterceptor

Method Detail

init

public void init(DirectoryService directoryService)
          throws org.apache.directory.api.ldap.model.exception.LdapException

Initialize the Subentry Interceptor

Specified by:

init in interface Interceptor

Overrides:

init in class BaseInterceptor

Parameters:

directoryService - The DirectoryService instance

Throws:

org.apache.directory.api.ldap.model.exception.LdapException

getSubentryAdminRoles

private java.util.Set<org.apache.directory.api.ldap.model.subtree.AdministrativeRole> getSubentryAdminRoles(org.apache.directory.api.ldap.model.entry.Entry subentry)
                                                                                                     throws org.apache.directory.api.ldap.model.exception.LdapException

Return the list of AdministrativeRole for a subentry

Throws:

org.apache.directory.api.ldap.model.exception.LdapException

isSubentryVisible

private boolean isSubentryVisible(OperationContext opContext)
                           throws org.apache.directory.api.ldap.model.exception.LdapException

Checks to see if subentries for the search and list operations should be made visible based on the availability of the search request control

Parameters:

opContext - the invocation object to use for determining subentry visibility

Returns:

true if subentries should be visible, false otherwise

Throws:

java.lang.Exception - if there are problems accessing request controls

org.apache.directory.api.ldap.model.exception.LdapException

updateEntries

private void updateEntries(SubentryInterceptor.OperationEnum operation,
                           CoreSession session,
                           org.apache.directory.api.ldap.model.name.Dn subentryDn,
                           org.apache.directory.api.ldap.model.name.Dn apDn,
                           org.apache.directory.api.ldap.model.subtree.SubtreeSpecification ss,
                           org.apache.directory.api.ldap.model.name.Dn baseDn,
                           java.util.List<org.apache.directory.api.ldap.model.entry.Attribute> operationalAttributes)
                    throws org.apache.directory.api.ldap.model.exception.LdapException

Update all the entries under an AP adding the

Throws:

org.apache.directory.api.ldap.model.exception.LdapException

isNamingContext

private boolean isNamingContext(org.apache.directory.api.ldap.model.name.Dn dn)
                         throws org.apache.directory.api.ldap.model.exception.LdapException

Checks if the given Dn is a namingContext

Throws:

org.apache.directory.api.ldap.model.exception.LdapException

checkAdministrativeRole

private void checkAdministrativeRole(OperationContext opContext,
                                     org.apache.directory.api.ldap.model.name.Dn apDn)
                              throws org.apache.directory.api.ldap.model.exception.LdapException

Get the administrativePoint role

Throws:

org.apache.directory.api.ldap.model.exception.LdapException

setSubtreeSpecification

private void setSubtreeSpecification(org.apache.directory.api.ldap.model.subtree.Subentry subentry,
                                     org.apache.directory.api.ldap.model.entry.Entry entry)
                              throws org.apache.directory.api.ldap.model.exception.LdapException

Get the SubtreeSpecification, parse it and stores it into the subentry

Throws:

org.apache.directory.api.ldap.model.exception.LdapException

hasAdministrativeDescendant

private boolean hasAdministrativeDescendant(OperationContext opContext,
                                            org.apache.directory.api.ldap.model.name.Dn name)
                                     throws org.apache.directory.api.ldap.model.exception.LdapException

Checks to see if an entry being renamed has a descendant that is an administrative point.

Parameters:

name - the name of the entry which is used as the search base

Returns:

true if name is an administrative point or one of its descendants are, false otherwise

Throws:

java.lang.Exception - if there are errors while searching the directory

org.apache.directory.api.ldap.model.exception.LdapException

getModsOnEntryRdnChange

private java.util.List<org.apache.directory.api.ldap.model.entry.Modification> getModsOnEntryRdnChange(org.apache.directory.api.ldap.model.name.Dn oldName,
                                                                                                       org.apache.directory.api.ldap.model.name.Dn newName,
                                                                                                       org.apache.directory.api.ldap.model.entry.Entry entry)
                                                                                                throws org.apache.directory.api.ldap.model.exception.LdapException

Throws:

org.apache.directory.api.ldap.model.exception.LdapException

getSubentryTypes

private java.util.Set<org.apache.directory.api.ldap.model.subtree.AdministrativeRole> getSubentryTypes(org.apache.directory.api.ldap.model.entry.Entry entry,
                                                                                                       java.util.List<org.apache.directory.api.ldap.model.entry.Modification> mods)
                                                                                                throws org.apache.directory.api.ldap.model.exception.LdapException

Throws:

org.apache.directory.api.ldap.model.exception.LdapException

getOperationalModForReplace

private void getOperationalModForReplace(boolean hasRole,
                                         org.apache.directory.api.ldap.model.schema.AttributeType attributeType,
                                         org.apache.directory.api.ldap.model.entry.Entry entry,
                                         org.apache.directory.api.ldap.model.name.Dn oldDn,
                                         org.apache.directory.api.ldap.model.name.Dn newDn,
                                         java.util.List<org.apache.directory.api.ldap.model.entry.Modification> modifications)
                                  throws org.apache.directory.api.ldap.model.exception.LdapInvalidAttributeValueException

Update the list of modifications with a modification associated with a specific role, if it's requested.

Throws:

org.apache.directory.api.ldap.model.exception.LdapInvalidAttributeValueException

getOperationalModsForReplace

private java.util.List<org.apache.directory.api.ldap.model.entry.Modification> getOperationalModsForReplace(org.apache.directory.api.ldap.model.name.Dn oldDn,
                                                                                                            org.apache.directory.api.ldap.model.name.Dn newDn,
                                                                                                            org.apache.directory.api.ldap.model.subtree.Subentry subentry,
                                                                                                            org.apache.directory.api.ldap.model.entry.Entry entry)
                                                                                                     throws java.lang.Exception

Get the list of modifications to be applied on an entry to inject the operational attributes associated with the administrative roles.

Throws:

java.lang.Exception

getSubentryOperationalAttributes

private java.util.List<org.apache.directory.api.ldap.model.entry.Attribute> getSubentryOperationalAttributes(org.apache.directory.api.ldap.model.name.Dn dn,
                                                                                                             org.apache.directory.api.ldap.model.subtree.Subentry subentry)
                                                                                                      throws org.apache.directory.api.ldap.model.exception.LdapException

Gets the subschema operational attributes to be added to or removed from an entry selected by a subentry's subtreeSpecification.

Throws:

org.apache.directory.api.ldap.model.exception.LdapException

getOperationalModsForRemove

private java.util.List<org.apache.directory.api.ldap.model.entry.Modification> getOperationalModsForRemove(org.apache.directory.api.ldap.model.name.Dn subentryDn,
                                                                                                           org.apache.directory.api.ldap.model.entry.Entry candidate)
                                                                                                    throws org.apache.directory.api.ldap.model.exception.LdapException

Calculates the subentry operational attributes to remove from a candidate entry selected by a subtreeSpecification. When we remove a subentry we must remove the operational attributes in the entries that were once selected by the subtree specification of that subentry. To do so we must perform a modify operation with the set of modifications to perform. This method calculates those modifications.

Parameters:

subentryDn - the distinguished name of the subentry

candidate - the candidate entry to removed from the

Returns:

the set of modifications required to remove an entry's reference to a subentry

Throws:

org.apache.directory.api.ldap.model.exception.LdapException

getOperationalModsForAdd

private java.util.List<org.apache.directory.api.ldap.model.entry.Modification> getOperationalModsForAdd(org.apache.directory.api.ldap.model.entry.Entry entry,
                                                                                                        java.util.List<org.apache.directory.api.ldap.model.entry.Attribute> operationalAttributes)
                                                                                                 throws org.apache.directory.api.ldap.model.exception.LdapException

Calculates the subentry operational attributes to add or replace from a candidate entry selected by a subtree specification. When a subentry is added or it's specification is modified some entries must have new operational attributes added to it to point back to the associated subentry. To do so a modify operation must be performed on entries selected by the subtree specification. This method calculates the modify operation to be performed on the entry.

Throws:

org.apache.directory.api.ldap.model.exception.LdapException

getModsOnEntryModification

private java.util.List<org.apache.directory.api.ldap.model.entry.Modification> getModsOnEntryModification(org.apache.directory.api.ldap.model.name.Dn name,
                                                                                                          org.apache.directory.api.ldap.model.entry.Entry oldEntry,
                                                                                                          org.apache.directory.api.ldap.model.entry.Entry newEntry)
                                                                                                   throws org.apache.directory.api.ldap.model.exception.LdapException

Get the list of modification to apply to all the entries

Throws:

org.apache.directory.api.ldap.model.exception.LdapException

setOperationalAttribute

private void setOperationalAttribute(org.apache.directory.api.ldap.model.entry.Entry entry,
                                     org.apache.directory.api.ldap.model.name.Dn subentryDn,
                                     org.apache.directory.api.ldap.model.schema.AttributeType opAttr)
                              throws org.apache.directory.api.ldap.model.exception.LdapException

Update the Operational Attribute with the reference to the subentry

Throws:

org.apache.directory.api.ldap.model.exception.LdapException

add

public void add(AddOperationContext addContext)
         throws org.apache.directory.api.ldap.model.exception.LdapException

Filters Partition#add( AddOperationContext ) call.

Specified by:

add in interface Interceptor

Overrides:

add in class BaseInterceptor

Parameters:

addContext - The AddOperationContext instance

Throws:

org.apache.directory.api.ldap.model.exception.LdapException - If we had some error while processing the Add operation

delete

public void delete(DeleteOperationContext deleteContext)
            throws org.apache.directory.api.ldap.model.exception.LdapException

Filters Partition#delete( DeleteOperationContext ) call.

Specified by:

delete in interface Interceptor

Overrides:

delete in class BaseInterceptor

Throws:

org.apache.directory.api.ldap.model.exception.LdapException

modify

public void modify(ModifyOperationContext modifyContext)
            throws org.apache.directory.api.ldap.model.exception.LdapException

Filters Partition#modify( ModifyOperationContext ) call.

Specified by:

modify in interface Interceptor

Overrides:

modify in class BaseInterceptor

Throws:

org.apache.directory.api.ldap.model.exception.LdapException

move

public void move(MoveOperationContext moveContext)
          throws org.apache.directory.api.ldap.model.exception.LdapException

The Move operation for a Subentry will deal with different cases : 1) we move a normal entry 2) we move a subentry 3) we move an administrationPoint

Case 1 :
A normal entry (ie, not a subentry or an AP) may be part of some administrative areas. We have to remove the references to the associated areas if the entry gets out of them.
This entry can also be moved to some other administrative area, and it should then be updated to point to the associated subentries.

There is one preliminary condition : If the entry has a descendant which is an Administrative Point, then the move cannot be done.

Case 2 :
The subentry has to be moved under a new AP, otherwise this is an error. Once moved, we have to update all the entries selected by the old subtreeSpecification, removing the references to the subentry from all the selected entry, and update the entries selected by the new subtreeSpecification by adding a reference to the subentry into them.

Case 3 :

Specified by:

move in interface Interceptor

Overrides:

move in class BaseInterceptor

Parameters:

next - The next interceptor in the chain

moveContext - The context containing all the needed informations to proceed

Throws:

org.apache.directory.api.ldap.model.exception.LdapException - If the move failed

moveAndRename

public void moveAndRename(MoveAndRenameOperationContext moveAndRenameContext)
                   throws org.apache.directory.api.ldap.model.exception.LdapException

Filters Partition#moveAndRename( MoveAndRenameOperationContext) call.

Specified by:

moveAndRename in interface Interceptor

Overrides:

moveAndRename in class BaseInterceptor

Throws:

org.apache.directory.api.ldap.model.exception.LdapException

rename

public void rename(RenameOperationContext renameContext)
            throws org.apache.directory.api.ldap.model.exception.LdapException

Filters Partition#rename( RenameOperationContext ) call.

Specified by:

rename in interface Interceptor

Overrides:

rename in class BaseInterceptor

Throws:

org.apache.directory.api.ldap.model.exception.LdapException

search

public EntryFilteringCursor search(SearchOperationContext searchContext)
                            throws org.apache.directory.api.ldap.model.exception.LdapException

Filters Partition#search( SearchOperationContext ) call.

Specified by:

search in interface Interceptor

Overrides:

search in class BaseInterceptor

Throws:

org.apache.directory.api.ldap.model.exception.LdapException