/*
* CDDL HEADER START
*
* The contents of this file are subject to the terms of the
* Common Development and Distribution License, Version 1.0 only
* (the "License"). You may not use this file except in compliance
* with the License.
*
* You can obtain a copy of the license at
* See the License for the specific language governing permissions
* and limitations under the License.
*
* When distributing Covered Code, include this CDDL HEADER in each
* file and include the License file at
* trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
* add the following below this CDDL HEADER, with the fields enclosed
* by brackets "[]" replaced with your own identifying information:
* Portions Copyright [yyyy] [name of copyright owner]
*
* CDDL HEADER END
*
*
* Copyright 2008-2010 Sun Microsystems, Inc.
*/
/**
* The AciList class performs caching of the ACI attribute values
* using the entry DN as the key.
*/
public class AciList {
/*
* A map containing all the ACIs.
* We use the copy-on-write technique to avoid locking when reading.
*/
/*
* Lock to protect internal data structures.
*/
new ReentrantReadWriteLock();
/*
* The configuration DN used to compare against the global ACI entry DN.
*/
/**
* Constructor to create an ACI list to cache ACI attribute types.
* @param configDN The configuration entry DN.
*/
}
/**
* Using the base DN, return a list of ACIs that are candidates for
* evaluation by walking up from the base DN towards the root of the
* DIT gathering ACIs on parents. Global ACIs use the NULL DN as the key
* and are included in the candidate set only if they have no
* "target" keyword rules, or if the target keyword rule matches for
* the specified base DN.
*
* @param baseDN The DN to check.
* @return A list of candidate ACIs that might be applicable.
*/
{
return candidates;
}
try
{
//Save the baseDN in case we need to evaluate a global ACI.
//Check if there are global ACIs. Global ACI has a NULL DN.
//If there is a target, evaluate it to see if this ACI should
//be included in the candidate set.
entryDN);
if (ret) {
}
}
}
} else {
}
}
break;
}
} else {
}
}
}
finally
{
}
return candidates;
}
/**
* Add all the ACI from a set of entries to the ACI list. There is no need
* to check for global ACIs since they are processe by the AciHandler at
* startup using the addACi single entry method.
* @param entries The set of entries containing the "aci" attribute values.
* @param failedACIMsgs List that will hold error messages from ACI decode
* exceptions.
* @return The number of valid ACI attribute values added to the ACI list.
*/
{
int validAcis=0;
try
{
}
}
finally
{
}
return validAcis;
}
/**
* Add a set of ACIs to the ACI list. This is usually used a startup, when
* global ACIs are processed.
*
* @param dn The DN to add the ACIs under.
*
* @param acis A set of ACIs to add to the ACI list.
*
*/
try
{
}
finally
{
}
}
/**
* Add all of an entry's ACI (global or regular) attribute values to the
* ACI list.
* @param entry The entry containing the ACI attributes.
* @param hasAci True if the "aci" attribute type was seen in the entry.
* @param hasGlobalAci True if the "ds-cfg-global-aci" attribute type was
* seen in the entry.
* @param failedACIMsgs List that will hold error messages from ACI decode
* exceptions.
* @return The number of valid ACI attribute values added to the ACI list.
*/
boolean hasGlobalAci,
int validAcis=0;
try
{
//Process global "ds-cfg-global-aci" attribute type. The oldentry
//DN is checked to verify it is equal to the config DN. If not those
//attributes are skipped.
}
if(hasAci) {
}
}
finally
{
}
return validAcis;
}
/**
* Add an ACI's attribute type values to the ACI list. There is a chance that
* an ACI will throw an exception if it has an invalid syntax. If that
* happens a message will be logged and the ACI skipped. A count is
* returned of the number of valid ACIs added.
* @param aciList The ACI list to which the ACI is to be added.
* @param dn The DN to use as the key in the ACI list.
* @param configDN The DN of the configuration entry used to configure the
* ACI handler. Used if a global ACI has an decode exception.
* @param attributeList List of attributes containing the ACI attribute
* values.
* @param failedACIMsgs List that will hold error messages from ACI decode
* exceptions.
* @return The number of valid attribute values added to the ACI list.
*/
if (attributeList == null) {
return 0;
}
int validAcis=0;
try {
validAcis++;
} catch (AciException ex) {
}
ex.getMessage());
}
}
}
return validAcis;
}
/**
* Remove all of the ACIs related to the old entry and then add all of the
* In the case of global ACIs the DN of the entry is checked to make sure it
* is equal to the config DN. If not, the global ACI attribute type is
* silently skipped.
* @param oldEntry The old entry possibly containing old ACI attribute
* values.
* @param newEntry The new entry possibly containing new ACI attribute
* values.
* @param hasAci True if the "aci" attribute type was seen in the entry.
* @param hasGlobalAci True if the "ds-cfg-global-aci" attribute type was
* seen in the entry.
*/
boolean hasAci,
boolean hasGlobalAci) {
try
{
//Process "aci" attribute types.
if(hasAci) {
}
//Process global "ds-cfg-global-aci" attribute type. The oldentry
//DN is checked to verify it is equal to the config DN. If not those
//attributes are skipped.
}
}
finally
{
}
}
/**
* Add ACI using the DN as a key. If the DN already
* has ACI(s) on the list, then the new ACI is added to the
* end of the array.
* @param aciList The set of ACIs to which ACI is to be added.
* @param dn The DN to use as the key.
* @param acis The ACI to be added.
*/
{
} else {
}
}
/**
* Remove global and regular ACIs from the list. It's possible that an entry
* could have both attribute types (aci and ds-cfg-global-aci). Global ACIs
* use the NULL DN for the key. In the case of global ACIs the DN of the
* entry is checked to make sure it is equal to the config DN. If not, the
* global ACI attribute type is silently skipped.
* @param entry The entry containing the global ACIs.
* @param hasAci True if the "aci" attribute type was seen in the entry.
* @param hasGlobalAci True if the "ds-cfg-global-aci" attribute type was
* seen in the entry.
* @return True if the ACI set was deleted.
*/
boolean hasGlobalAci) {
try
{
{
return false;
}
{
return false;
}
if (!hasGlobalAci && !hasAci)
{
}
}
finally
{
}
return true;
}
/**
* Remove all ACIs related to a backend.
* @param backend The backend to check if each DN is handled by that
* backend.
*/
try
{
{
{
}
}
}
finally
{
}
}
/**
* Rename all ACIs under the specified old DN to the new DN. A simple
* interation over the entire list is performed.
* @param oldDN The DN of the original entry that was moved.
* @param newDN The DN of the new entry.
*/
try
{
for (int i=0; i < keepRDNCount; i++) {
}
}
try {
} catch (AciException ex) {
//This should never happen since only a copy of the
//ACI with a new DN is being made. Log a message if it does and
//keep going.
}
}
}
}
}
finally
{
}
}
}