GetEffectiveRightsRequestControl.java revision 040cba63ba4af5bed76846f0edb63c853b009da9
/*
* CDDL HEADER START
*
* The contents of this file are subject to the terms of the
* Common Development and Distribution License, Version 1.0 only
* (the "License"). You may not use this file except in compliance
* with the License.
*
* You can obtain a copy of the license at legal-notices/CDDLv1_0.txt
* See the License for the specific language governing permissions
* and limitations under the License.
*
* When distributing Covered Code, include this CDDL HEADER in each
* file and include the License file at legal-notices/CDDLv1_0.txt.
* If applicable, add the following below this CDDL HEADER, with the
* fields enclosed by brackets "[]" replaced with your own identifying
* information:
* Portions Copyright [yyyy] [name of copyright owner]
*
* CDDL HEADER END
*
*
* Copyright 2009 Sun Microsystems, Inc.
* Portions Copyright 2014 ForgeRock AS
*/
/**
* This class partially implements the geteffectiverights control as defined
* in draft-ietf-ldapext-acl-model-08.txt. The main differences are:
*
* - The response control is not supported. Instead the dseecompat
* geteffectiverights control implementation creates attributes containing
* right information strings and adds those attributes to the
* entry being returned. The attribute type names are dynamically created;
* see the dseecompat's AciGetEffectiveRights class for details.
*
* - The dseecompat implementation allows additional attribute types
* in the request control for which rights information can be returned.
* These are known as the specified attribute types.
*
* The dseecompat request control value is the following:
*
* <BR>
* <PRE>
* GetRightsControl ::= SEQUENCE {
* authzId authzId
* attributes SEQUENCE OF AttributeType
* }
*
* -- Only the "dn:DN form is supported.
*
* </PRE>
*
**/
public class GetEffectiveRightsRequestControl extends Control
{
/**
* ControlDecoder implementation to decode this control from a ByteString.
*/
private static final class Decoder
implements ControlDecoder<GetEffectiveRightsRequestControl>
{
/**
* {@inheritDoc}
*/
{
// If the value is null create a GetEffectiveRightsRequestControl
// class with null authzDN and attribute list, else try to
// decode the value.
else
{
try {
//Make sure authzId starts with "dn:" and is a valid DN.
else {
}
//There is an sequence containing an attribute list, try to decode it.
if(reader.hasNextElement()) {
while(reader.hasNextElement()) {
//Decode as an octet string.
//Get an attribute type for it and add to the list.
}
}
}
} catch (IOException e) {
logger.traceException(e);
}
return new GetEffectiveRightsRequestControl(isCritical,
}
}
{
return OID_GET_EFFECTIVE_RIGHTS;
}
}
/**
* The Control Decoder that can be used to decode this control.
*/
new Decoder();
//The DN representing the authzId. May be null.
//The raw DN representing the authzId. May be null.
//The list of additional attribute types to return rights for. May be null.
//The raw DN representing the authzId. May be null.
/**
* Create a new geteffectiverights control with the specified authzDN and
* an attribute list.
*
* @param authzDN The authzDN.
*
* @param attrs The list of additional attributes to be returned.
*/
}
/**
* Create a new geteffectiverights control with the specified authzDN and
* an attribute list.
*
* @param isCritical Indicates whether this control should be
* considered critical in processing the
* request.
* @param authzDN The authzDN.
* @param attrs The list of additional attributes to be returned.
*/
super(OID_GET_EFFECTIVE_RIGHTS, isCritical);
}
/**
* Create a new geteffectiverights control with the specified raw
* authzDN and an attribute list.
*
* @param isCritical Indicates whether this control should be
* considered critical in processing the
* request.
* @param authzDN The authzDN.
* @param attrs The list of additional attributes to be returned.
*/
public GetEffectiveRightsRequestControl(boolean isCritical,
{
super(OID_GET_EFFECTIVE_RIGHTS, isCritical);
this.rawAuthzDN=authzDN;
}
/**
* Writes this control's value to an ASN.1 writer. The value (if any) must be
* written as an ASN1OctetString.
*
* @param writer The ASN.1 output stream to write to.
* @throws IOException If a problem occurs while writing to the stream.
*/
{
}
else if(rawAuthzDN != null)
{
}
{
{
}
}
{
{
}
}
}
/**
* Return the authzDN parsed from the control.
*
* @return The DN representing the authzId.
*/
public DN getAuthzDN () {
return authzDN;
// TODO: what if rawAuthzDN is not null?
}
/**
* Return the requested additional attributes parsed from the control. Known
* as the specified attributes.
*
* @return The list containing any additional attributes to return rights
* about.
*/
return attrs;
}
}