/*
* CDDL HEADER START
*
* The contents of this file are subject to the terms of the
* Common Development and Distribution License, Version 1.0 only
* (the "License"). You may not use this file except in compliance
* with the License.
*
* You can obtain a copy of the license at legal-notices/CDDLv1_0.txt
* See the License for the specific language governing permissions
* and limitations under the License.
*
* When distributing Covered Code, include this CDDL HEADER in each
* file and include the License file at legal-notices/CDDLv1_0.txt.
* If applicable, add the following below this CDDL HEADER, with the
* fields enclosed by brackets "[]" replaced with your own identifying
* information:
* Portions Copyright [yyyy] [name of copyright owner]
*
* CDDL HEADER END
*
*
* Copyright 2008-2010 Sun Microsystems, Inc.
* Portions Copyright 2011-2014 ForgeRock AS
*/
/**
* This class defines a local backend workflow element; e-g an entity that
* handle the processing of an operation against a local backend.
*/
public class LocalBackendWorkflowElement extends
{
/**
* The tracer object for the debug logger.
*/
/** the backend associated with the local workflow element. */
/** the set of local backend workflow elements registered with the server. */
/**
* A lock to guarantee safe concurrent access to the registeredLocalBackends
* variable.
*/
/** A string indicating the type of the workflow element. */
/**
* Creates a new instance of the local backend workflow element.
*/
public LocalBackendWorkflowElement()
{
// There is nothing to do in this constructor.
}
/**
* Initializes a new instance of the local backend workflow element.
* This method is intended to be called by DirectoryServer when
* workflow configuration mode is auto as opposed to
* initializeWorkflowElement which is invoked when workflow
* configuration mode is manual.
*
* @param workflowElementID the workflow element identifier
* @param backend the backend associated to that workflow element
*/
{
{
}
}
/**
* Initializes a new instance of the local backend workflow element.
* This method is intended to be called by DirectoryServer when
* workflow configuration mode is manual as opposed to
* initialize(String,Backend) which is invoked when workflow
* configuration mode is auto.
*
* @param configuration The configuration for this local backend
* workflow element.
*
* @throws ConfigException If there is a problem with the provided
* configuration.
*
* @throws InitializationException If an error occurs while trying
* to initialize this workflow
* element that is not related to
* the provided configuration.
*/
public void initializeWorkflowElement(
) throws ConfigException, InitializationException
{
// Read configuration and apply changes.
}
/** {@inheritDoc} */
public void finalizeWorkflowElement()
{
// null all fields so that any use of the finalized object will raise a NPE
}
/** {@inheritDoc} */
public boolean isConfigurationChangeAcceptable(
)
{
return processWorkflowElementConfig(configuration, false);
}
/** {@inheritDoc} */
)
{
}
/**
* Parses the provided configuration and configure the workflow element.
*
* @param configuration The new configuration containing the changes.
* @param applyChanges If true then take into account the new configuration.
*
* @return <code>true</code> if the configuration is acceptable.
*/
private boolean processWorkflowElementConfig(
boolean applyChanges
)
{
// returned status
boolean isAcceptable = true;
// If the workflow element is disabled then do nothing. Note that the
// configuration manager could have finalized the object right before.
if (configuration.isEnabled())
{
// Read configuration.
// If the backend is null (i.e. not found in the list of
// registered backends, this is probably because we are looking
// for the config backend
if (newBackend == null) {
try {
}
// Unable to find the backend
newBackend = null;
}
}
// Get the new configuration
if (applyChanges)
{
super.initialize(
{
}
}
}
return isAcceptable;
}
/**
* Creates and registers a local backend with the server.
*
* @param workflowElementID the identifier of the workflow element to create
* @param backend the backend to associate with the local backend
* workflow element
*
* @return the existing local backend workflow element if it was
* already created or a newly created local backend workflow
* element.
*/
{
// If the requested workflow element does not exist then create one.
if (localBackend == null)
{
localBackend = new LocalBackendWorkflowElement();
// store the new local backend in the list of registered backends
}
return localBackend;
}
/**
* Removes a local backend that was registered with the server.
*
* @param workflowElementID the identifier of the workflow element to remove
*/
{
}
/**
* Removes all the local backends that were registered with the server.
* This function is intended to be called when the server is shutting down.
*/
public static void removeAll()
{
synchronized (registeredLocalBackendsLock)
{
{
}
}
}
/**
* Removes all the disallowed request controls from the provided operation.
* <p>
* As per RFC 4511 4.1.11, if a disallowed request control is critical, then a
* DirectoryException is thrown with unavailableCriticalExtension. Otherwise,
* if the disallowed request control is non critical, it is removed because we
* do not want the backend to process it.
*
* @param targetDN
* the target DN on which the operation applies
* @param op
* the operation currently processed
* @throws DirectoryException
* If a disallowed request control is critical, thrown with
* unavailableCriticalExtension. If an error occurred while
* performing the access control check. For example, if an attribute
* could not be decoded. Care must be taken not to expose any
* potentially sensitive information in the exception.
*/
throws DirectoryException
{
{
{
{
// As per RFC 4511 4.1.11.
if (control.isCritical())
{
throw new DirectoryException(
}
// We do not want the backend to process this non-critical control, so
// remove it.
}
}
}
}
/**
* Returns a new {@link DirectoryException} built from the provided
* resultCodes and messages. Depending on whether ACIs prevent information
* disclosure, the provided resultCode and message will be masked and
* altResultCode and altMessage will be used instead.
*
* @param operation
* the operation for which to check if ACIs prevent information
* disclosure
* @param entry
* the entry for which to check if ACIs prevent information
* disclosure, if null, then a fake entry will be created from the
* entryDN parameter
* @param entryDN
* the entry dn for which to check if ACIs prevent information
* disclosure. Only used if entry is null.
* @param resultCode
* the result code to put on the DirectoryException if ACIs allow
* disclosure. Otherwise it will be put on the DirectoryException as
* a masked result code.
* @param message
* the message to put on the DirectoryException if ACIs allow
* disclosure. Otherwise it will be put on the DirectoryException as
* a masked message.
* @param altResultCode
* the result code to put on the DirectoryException if ACIs do not
* allow disclosing the resultCode.
* @param altMessage
* the result code to put on the DirectoryException if ACIs do not
* allow disclosing the message.
* @return a new DirectoryException containing the provided resultCodes and
* messages depending on ACI allowing disclosure or not
* @throws DirectoryException
* If an error occurred while performing the access control check.
*/
{
{
}
// replacement reason returned to the user
final DirectoryException ex =
// real underlying reason
return ex;
}
/**
* Sets the provided resultCodes and messages on the provided operation.
* Depending on whether ACIs prevent information disclosure, the provided
* resultCode and message will be masked and altResultCode and altMessage will
* be used instead.
*
* @param operation
* the operation for which to check if ACIs prevent information
* disclosure
* @param entry
* the entry for which to check if ACIs prevent information
* disclosure, if null, then a fake entry will be created from the
* entryDN parameter
* @param entryDN
* the entry dn for which to check if ACIs prevent information
* disclosure. Only used if entry is null.
* @param resultCode
* the result code to put on the DirectoryException if ACIs allow
* disclosure. Otherwise it will be put on the DirectoryException as
* a masked result code.
* @param message
* the message to put on the DirectoryException if ACIs allow
* disclosure. Otherwise it will be put on the DirectoryException as
* a masked message.
* @param altResultCode
* the result code to put on the DirectoryException if ACIs do not
* allow disclosing the resultCode.
* @param altMessage
* the result code to put on the DirectoryException if ACIs do not
* allow disclosing the message.
* @throws DirectoryException
* If an error occurred while performing the access control check.
*/
{
{
}
else
{
// replacement reason returned to the user
// real underlying reason
}
}
/**
* Removes the matchedDN from the supplied operation if ACIs prevent its
* disclosure.
*
* @param operation
* where to filter the matchedDN from
*/
{
{
return;
}
try
{
{
}
}
catch (DirectoryException de)
{
if (debugEnabled())
{
}
// At this point it is impossible to tell whether the matchedDN can be
// disclosed. It is probably safer to hide it by default.
}
}
/**
* Adds the post-read response control to the response if requested.
*
* @param operation
* The update operation.
* @param postReadRequest
* The request control, if present.
* @param entry
* The post-update entry.
*/
{
if (postReadRequest == null)
{
return;
}
/*
* Virtual and collective attributes are only added to an entry when it is
* read from the backend, not before it is written, so we need to add them
* ourself.
*/
/*
* Even though the associated update succeeded, we should still check
* whether or not we should return the entry.
*/
{
// Filter the entry based on the control's attribute list.
postReadRequest.getRequestedAttributes(), false, false, false);
// Strip out any attributes which access control denies access to.
}
}
/**
* Adds the pre-read response control to the response if requested.
*
* @param operation
* The update operation.
* @param preReadRequest
* The request control, if present.
* @param entry
* The pre-update entry.
*/
{
if (preReadRequest == null)
{
return;
}
/*
* Even though the associated update succeeded, we should still check
* whether or not we should return the entry.
*/
{
// Filter the entry based on the control's attribute list.
preReadRequest.getRequestedAttributes(), false, false, false);
// Strip out any attributes which access control denies access to.
}
}
/**
* Registers a local backend with the server.
*
* @param localBackend the local backend to register with the server
*/
private static void registerLocalBackend(
{
synchronized (registeredLocalBackendsLock)
{
if (existingLocalBackend == null)
{
new TreeMap
}
}
}
/**
* Deregisters a local backend with the server.
*
* @param workflowElementID the identifier of the workflow element to remove
*/
{
synchronized (registeredLocalBackendsLock)
{
if (existingLocalBackend != null)
{
}
}
}
/** {@inheritDoc} */
switch (operation.getOperationType())
{
case BIND:
bindOperation.processLocalBind(this);
break;
case SEARCH:
break;
case ADD:
addOperation.processLocalAdd(this);
break;
case DELETE:
break;
case MODIFY:
break;
case MODIFY_DN:
break;
case COMPARE:
break;
case ABANDON:
// There is no processing for an abandon operation.
break;
default:
throw new AssertionError("Attempted to execute an invalid operation " +
}
}
/**
* Attaches the current local operation to the global operation so that
* operation runner can execute local operation post response later on.
*
* @param <O> subtype of Operation
* @param <L> subtype of LocalBackendOperation
* @param globalOperation the global operation to which local operation
* should be attached to
* @param currentLocalOperation the local operation to attach to the global
* operation
*/
@SuppressWarnings("unchecked")
public static <O extends Operation,L> void
{
List<?> existingAttachment =
if (existingAttachment != null)
{
// This line raises an unchecked conversion warning.
// There is nothing we can do to prevent this warning
// so let's get rid of it since we know the cast is safe.
}
}
/**
* Gets the backend associated with this local backend workflow
* element.
*
* @return The backend associated with this local backend workflow
* element.
*/
{
return backend;
}
/**
* Checks if an update operation can be performed against a backend. The
* operation will be rejected based on the server and backend writability
* modes.
*
* @param backend
* The backend handling the update.
* @param op
* The update operation.
* @param entryDN
* The name of the entry being updated.
* @param serverMsg
* The message to log if the update was rejected because the server
* is read-only.
* @param backendMsg
* The message to log if the update was rejected because the backend
* is read-only.
* @throws DirectoryException
* If the update operation has been rejected.
*/
throws DirectoryException
{
if (!backend.isPrivateBackend())
{
switch (DirectoryServer.getWritabilityMode())
{
case DISABLED:
case INTERNAL_ONLY:
{
}
}
switch (backend.getWritabilityMode())
{
case DISABLED:
case INTERNAL_ONLY:
{
}
}
}
}
/** {@inheritDoc} */
{
return getClass().getSimpleName()
+ " backend=" + backend
+ " workflowElementID=" + getWorkflowElementID()
+ " workflowElementTypeInfo=" + getWorkflowElementTypeInfo();
}
}