org.opends.server.authorization.policy (OpenDJ Public API Javadoc 7.4.3-20241015115352-209ff3c0000cb208c40a9a5f707924f0af03b332 Documentation)

Contains the policy based access control handler implementation.

The main entry point is PolicyBasedAccessControlHandler, which acts as a bridge between the server's configuration framework and the global RequestFilter, PolicyBasedAccessControlRequestFilter, which acts as the policy enforcement point. The filter creates a new AccessController for each request. The access controller is responsible for performing access control decisions, i.e. deciding whether a request is allowed as well as filtering out disallowed attributes from search results. Instances of GlobalPolicy represent a single global access control policy configuration entry. An access control decision proceeds by determining which global policies apply to the client, then the focus is further restricted by determining which of the remaining policies applies to the request. Finally, the effective access rights applicable to the request are computed as the union of the remaining policies' permissions.

Class Summary
Class	Description
PolicyBasedAccessControlHandler	Provides coarse grained access control for all operations, regardless of whether they are destined for local or proxy backends.

Enum Summary
Enum	Description
PolicyBasedAccessControlRequestFilter	A singleton `RequestFilter` which is always present in the global router and is responsible for delegating access control decisions to the policy based access control handler, `PolicyBasedAccessControlHandler`, if enabled, or simply forwarding requests if the handler is disabled.

Package org.opends.server.authorization.policy