/*
* CDDL HEADER START
*
* The contents of this file are subject to the terms of the
* Common Development and Distribution License, Version 1.0 only
* (the "License"). You may not use this file except in compliance
* with the License.
*
* You can obtain a copy of the license at legal-notices/CDDLv1_0.txt
* See the License for the specific language governing permissions
* and limitations under the License.
*
* When distributing Covered Code, include this CDDL HEADER in each
* file and include the License file at legal-notices/CDDLv1_0.txt.
* If applicable, add the following below this CDDL HEADER, with the
* fields enclosed by brackets "[]" replaced with your own identifying
* information:
* Portions Copyright [yyyy] [name of copyright owner]
*
* CDDL HEADER END
*
*
* Copyright 2008-2009 Sun Microsystems, Inc.
* Portions copyright 2011-2014 ForgeRock AS
*/
/**
* This class implements a virtual attribute provider that is meant to serve the
* isMemberOf operational attribute. This attribute will be used to provide a
* list of all groups in which the specified user is a member.
*/
public class IsMemberOfVirtualAttributeProvider
{
/**
* The tracer object for the debug logger.
*/
/**
* Creates a new instance of this entryDN virtual attribute provider.
*/
public IsMemberOfVirtualAttributeProvider()
{
super();
// All initialization should be performed in the
// initializeVirtualAttributeProvider method.
}
/** {@inheritDoc} */
@Override()
public boolean isMultiValued()
{
return true;
}
/** {@inheritDoc} */
@Override()
{
// FIXME -- This probably isn't the most efficient implementation.
{
try
{
{
{
}
{
}
else
{
}
}
}
catch (Exception e)
{
if (debugEnabled())
{
}
}
}
{
}
return Collections.emptySet();
}
/** {@inheritDoc} */
@Override()
{
// FIXME -- This probably isn't the most efficient implementation.
{
try
{
{
return true;
}
}
catch (Exception e)
{
if (debugEnabled())
{
}
}
}
return false;
}
/** {@inheritDoc} */
@Override()
{
try
{
}
catch (Exception e)
{
if (debugEnabled())
{
}
return false;
}
}
/** {@inheritDoc} */
@Override()
{
{
{
return true;
}
}
return false;
}
/** {@inheritDoc} */
@Override()
{
// DNs cannot be used in substring matching.
return ConditionResult.UNDEFINED;
}
/** {@inheritDoc} */
@Override()
{
// DNs cannot be used in ordering matching.
return ConditionResult.UNDEFINED;
}
/** {@inheritDoc} */
@Override()
{
// DNs cannot be used in ordering matching.
return ConditionResult.UNDEFINED;
}
/** {@inheritDoc} */
@Override()
{
// DNs cannot be used in approximate matching.
return ConditionResult.UNDEFINED;
}
/**
* {@inheritDoc}. This virtual attribute will support search operations only
* if one of the following is true about the search filter:
* <UL>
* <LI>It is an equality filter targeting the associated attribute
* type.</LI>
* <LI>It is an AND filter in which at least one of the components is an
* equality filter targeting the associated attribute type.</LI>
* </UL>
* Searching for this virtual attribute cannot be pre-indexed and thus,
* it should not be searchable when pre-indexed is required.
*/
@Override()
boolean isPreIndexed)
{
return !isPreIndexed &&
}
/**
* Indicates whether the provided search filter is one that may be used with
* this virtual attribute provider, optionally operating in a recursive manner
* to make the determination.
*
* @param attributeType The attribute type used to hold the entryDN value.
* @param filter The search filter for which to make the
* determination.
* @param depth The current recursion depth for this processing.
*
* @return {@code true} if the provided filter may be used with this virtual
* attribute provider, or {@code false} if not.
*/
int depth)
{
switch (filter.getFilterType())
{
case AND:
if (depth >= MAX_NESTED_FILTER_DEPTH)
{
return false;
}
{
{
return true;
}
}
return false;
case EQUALITY:
default:
return false;
}
}
/** {@inheritDoc} */
@Override()
{
{
return;
}
try
{
// Check for nested groups to see if we need to keep track of returned entries
if (!nestedGroupsDNs.isEmpty())
{
}
{
return;
}
// Now check members of nested groups
{
{
return;
}
}
}
catch (DirectoryException de)
{
}
}
/**
*
* @param searchOperation the search operation being processed.
* @param memberList the list of members of the group being processed.
* @param returnedDNs a set to store the DNs of entries already returned,
* null if there's no need to track for entries.
* @return <CODE>true</CODE> if the caller should continue processing the
* search request and sending additional entries and references, or
* <CODE>false</CODE> if not for some reason (e.g., the size limit
* has been reached or the search has been abandoned).
* @throws DirectoryException If a problem occurs while attempting to send
* the entry to the client and the search should be terminated.
*/
throws DirectoryException
{
while (memberList.hasMoreMembers())
{
try
{
filter.matchesEntry(e))
{
if (returnedDNs == null
{
{
return false;
}
}
}
}
catch (Exception e)
{
if (debugEnabled())
{
}
}
}
return true;
}
/**
* Extracts the first group DN encountered in the provided filter, operating
* recursively as necessary.
*
* @param attributeType The attribute type holding the entryDN value.
* @param filter The search filter to be processed.
*
* @return The first group encountered in the provided filter, or
* {@code null} if there is no match.
*/
{
switch (filter.getFilterType())
{
case AND:
{
if (g != null)
{
return g;
}
}
break;
case EQUALITY:
{
try
{
}
catch (Exception e)
{
if (debugEnabled())
{
}
}
}
break;
}
return null;
}
}