Class GlobalAccessControlPolicyCfgDefn
- java.lang.Object
-
- org.forgerock.opendj.config.AbstractManagedObjectDefinition<C,S>
-
- org.forgerock.opendj.config.ManagedObjectDefinition<GlobalAccessControlPolicyCfgClient,GlobalAccessControlPolicyCfg>
-
- org.forgerock.opendj.server.config.meta.GlobalAccessControlPolicyCfgDefn
-
public final class GlobalAccessControlPolicyCfgDefn extends ManagedObjectDefinition<GlobalAccessControlPolicyCfgClient,GlobalAccessControlPolicyCfg>
An interface for querying the Global Access Control Policy managed object definition meta information.Provides coarse grained access control for all operations, regardless of whether they are destined for local or proxy backends. Global access control policies are applied in addition to ACIs and privileges.
-
-
Nested Class Summary
Nested Classes Modifier and Type Class Description static class
GlobalAccessControlPolicyCfgDefn.Permission
Defines the set of permissible values for the "permission" property.
-
Method Summary
-
Methods inherited from class org.forgerock.opendj.config.AbstractManagedObjectDefinition
getAggregationPropertyDefinition, getAggregationPropertyDefinitions, getAllAggregationPropertyDefinitions, getAllChildren, getAllConstraints, getAllPropertyDefinitions, getAllRelationDefinitions, getAllReverseAggregationPropertyDefinitions, getAllReverseRelationDefinitions, getAllTags, getChild, getChildren, getConstraints, getDescription, getDescription, getName, getParent, getPropertyDefinition, getPropertyDefinitions, getRelationDefinition, getRelationDefinitions, getReverseAggregationPropertyDefinitions, getReverseRelationDefinitions, getSynopsis, getSynopsis, getUserFriendlyName, getUserFriendlyName, getUserFriendlyPluralName, getUserFriendlyPluralName, hasChildren, hasOption, hasTag, initialize, isChildOf, isParentOf, isTop, registerConstraint, registerOption, registerPropertyDefinition, registerRelationDefinition, registerTag, resolveManagedObjectDefinition, toString, toString
-
-
-
-
Method Detail
-
getInstance
public static GlobalAccessControlPolicyCfgDefn getInstance()
Get the Global Access Control Policy configuration definition singleton.- Returns:
- Returns the Global Access Control Policy configuration definition singleton.
-
createClientConfiguration
public GlobalAccessControlPolicyCfgClient createClientConfiguration(ManagedObject<? extends GlobalAccessControlPolicyCfgClient> impl)
Description copied from class:ManagedObjectDefinition
Creates a client configuration view of the provided managed object. Modifications made to the underlying managed object will be reflected in the client configuration view and vice versa.- Specified by:
createClientConfiguration
in classManagedObjectDefinition<GlobalAccessControlPolicyCfgClient,GlobalAccessControlPolicyCfg>
- Parameters:
impl
- The managed object.- Returns:
- Returns a client configuration view of the provided managed object.
-
createServerConfiguration
public GlobalAccessControlPolicyCfg createServerConfiguration(ServerManagedObject<? extends GlobalAccessControlPolicyCfg> impl)
Description copied from class:ManagedObjectDefinition
Creates a server configuration view of the provided server managed object.- Specified by:
createServerConfiguration
in classManagedObjectDefinition<GlobalAccessControlPolicyCfgClient,GlobalAccessControlPolicyCfg>
- Parameters:
impl
- The server managed object.- Returns:
- Returns a server configuration view of the provided server managed object.
-
getServerConfigurationClass
public Class<GlobalAccessControlPolicyCfg> getServerConfigurationClass()
Description copied from class:ManagedObjectDefinition
Gets the server configuration class instance associated with this managed object definition.- Specified by:
getServerConfigurationClass
in classManagedObjectDefinition<GlobalAccessControlPolicyCfgClient,GlobalAccessControlPolicyCfg>
- Returns:
- Returns the server configuration class instance associated with this managed object definition.
-
getAllowedAttributePropertyDefinition
public StringPropertyDefinition getAllowedAttributePropertyDefinition()
Get the "allowed-attribute" property definition.Allows clients to read or write the specified attributes, along with their sub-types.
Attributes that are subtypes of listed attributes are implicitly included. In addition, the list of attributes may include the wild-card '*', which represents all user attributes, or the wild-card '+', which represents all operational attributes, or the name of an object class prefixed with '@' to include all attributes defined by the object class.
- Returns:
- Returns the "allowed-attribute" property definition.
-
getAllowedAttributeExceptionPropertyDefinition
public StringPropertyDefinition getAllowedAttributeExceptionPropertyDefinition()
Get the "allowed-attribute-exception" property definition.Specifies zero or more attributes which, together with their sub-types, should not be included in the list of allowed attributes.
This property is typically used when the list of attributes specified by the allowed-attribute property is too broad. It is especially useful when creating policies which grant access to all user attributes (*) except certain sensitive attributes, such as userPassword.
- Returns:
- Returns the "allowed-attribute-exception" property definition.
-
getAllowedControlPropertyDefinition
public StringPropertyDefinition getAllowedControlPropertyDefinition()
Get the "allowed-control" property definition.Allows clients to use the specified LDAP controls.
- Returns:
- Returns the "allowed-control" property definition.
-
getAllowedExtendedOperationPropertyDefinition
public StringPropertyDefinition getAllowedExtendedOperationPropertyDefinition()
Get the "allowed-extended-operation" property definition.Allows clients to use the specified LDAP extended operations.
- Returns:
- Returns the "allowed-extended-operation" property definition.
-
getAuthenticationRequiredPropertyDefinition
public BooleanPropertyDefinition getAuthenticationRequiredPropertyDefinition()
Get the "authentication-required" property definition.Restricts the scope of the policy so that it only applies to authenticated users.
- Returns:
- Returns the "authentication-required" property definition.
-
getConnectionClientAddressEqualToPropertyDefinition
public IpAddressMaskPropertyDefinition getConnectionClientAddressEqualToPropertyDefinition()
Get the "connection-client-address-equal-to" property definition.Restricts the scope of the policy so that it only applies to connections which match at least one of the specified client host names or address masks.
Valid values include a host name, a fully qualified domain name, a domain name, an IP address, or a sub-network with sub-network mask.
- Returns:
- Returns the "connection-client-address-equal-to" property definition.
-
getConnectionClientAddressNotEqualToPropertyDefinition
public IpAddressMaskPropertyDefinition getConnectionClientAddressNotEqualToPropertyDefinition()
Get the "connection-client-address-not-equal-to" property definition.Restricts the scope of the policy so that it only applies to connections which match none of the specified client host names or address masks.
Valid values include a host name, a fully qualified domain name, a domain name, an IP address, or a sub-network with sub-network mask.
- Returns:
- Returns the "connection-client-address-not-equal-to" property definition.
-
getConnectionMinimumSsfPropertyDefinition
public IntegerPropertyDefinition getConnectionMinimumSsfPropertyDefinition()
Get the "connection-minimum-ssf" property definition.Restricts the scope of the policy so that it only applies to connections having the specified minimum security strength factor.
The security strength factor (ssf) pertains to the cipher key strength for connections using DIGEST-MD5, GSSAPI, SSL, or TLS. For example, to require that the connection must have a cipher strength of at least 256 bits, specify a value of 256.
- Returns:
- Returns the "connection-minimum-ssf" property definition.
-
getConnectionPortEqualToPropertyDefinition
public IntegerPropertyDefinition getConnectionPortEqualToPropertyDefinition()
Get the "connection-port-equal-to" property definition.Restricts the scope of the policy so that it only applies to connections to any of the specified ports, for example 1389.
- Returns:
- Returns the "connection-port-equal-to" property definition.
-
getConnectionProtocolEqualToPropertyDefinition
public StringPropertyDefinition getConnectionProtocolEqualToPropertyDefinition()
Get the "connection-protocol-equal-to" property definition.Restricts the scope of the policy so that it only applies to connections which match any of the specified protocols.
- Returns:
- Returns the "connection-protocol-equal-to" property definition.
-
getPermissionPropertyDefinition
public EnumPropertyDefinition<GlobalAccessControlPolicyCfgDefn.Permission> getPermissionPropertyDefinition()
Get the "permission" property definition.Specifies the type of access allowed by this policy.
- Returns:
- Returns the "permission" property definition.
-
getRequestTargetDnEqualToPropertyDefinition
public StringPropertyDefinition getRequestTargetDnEqualToPropertyDefinition()
Get the "request-target-dn-equal-to" property definition.Restricts the scope of the policy so that it only applies to requests which target entries matching at least one of the specified DN patterns.
Valid DN filters are strings composed of zero or more wildcards and RDN components. A double wildcard ** replaces one or more RDN components (as in uid=dmiller,**,dc=example,dc=com). A simple wildcard * replaces either a whole RDN, or a whole type, or a value substring (as in uid=bj*,ou=people,dc=example,dc=com).
- Returns:
- Returns the "request-target-dn-equal-to" property definition.
-
getRequestTargetDnEqualToUserDnPropertyDefinition
public BooleanPropertyDefinition getRequestTargetDnEqualToUserDnPropertyDefinition()
Get the "request-target-dn-equal-to-user-dn" property definition.Restricts the scope of the policy so that it only applies to requests sent by authenticated users where the request's target DN is the same as the DN of the authorized user.
- Returns:
- Returns the "request-target-dn-equal-to-user-dn" property definition.
-
getRequestTargetDnNotEqualToPropertyDefinition
public StringPropertyDefinition getRequestTargetDnNotEqualToPropertyDefinition()
Get the "request-target-dn-not-equal-to" property definition.Restricts the scope of the policy so that it only applies to requests which target entries matching none of the specified DN patterns.
Valid DN filters are strings composed of zero or more wildcards and RDN components. A double wildcard ** replaces one or more RDN components (as in uid=dmiller,**,dc=example,dc=com). A simple wildcard * replaces either a whole RDN, or a whole type, or a value substring (as in uid=bj*,ou=people,dc=example,dc=com).
- Returns:
- Returns the "request-target-dn-not-equal-to" property definition.
-
getUserDnEqualToPropertyDefinition
public StringPropertyDefinition getUserDnEqualToPropertyDefinition()
Get the "user-dn-equal-to" property definition.Restricts the scope of the policy so that it only applies to authenticated users whose authorization DN matches at least one of the specified DN patterns.
Valid DN filters are strings composed of zero or more wildcards and RDN components. A double wildcard ** replaces one or more RDN components (as in uid=dmiller,**,dc=example,dc=com). A simple wildcard * replaces either a whole RDN, or a whole type, or a value substring (as in uid=bj*,ou=people,dc=example,dc=com).
- Returns:
- Returns the "user-dn-equal-to" property definition.
-
getUserDnNotEqualToPropertyDefinition
public StringPropertyDefinition getUserDnNotEqualToPropertyDefinition()
Get the "user-dn-not-equal-to" property definition.Restricts the scope of the policy so that it only applies to authenticated users whose authorization DN matches none of the specified DN patterns.
Valid DN filters are strings composed of zero or more wildcards and RDN components. A double wildcard ** replaces one or more RDN components (as in uid=dmiller,**,dc=example,dc=com). A simple wildcard * replaces either a whole RDN, or a whole type, or a value substring (as in uid=bj*,ou=people,dc=example,dc=com).
- Returns:
- Returns the "user-dn-not-equal-to" property definition.
-
-