Package org.forgerock.opendj.ldap.controls

Class GetEffectiveRightsRequestControl

java.lang.Object
org.forgerock.opendj.ldap.controls.GetEffectiveRightsRequestControl
All Implemented Interfaces:
Control
public final class GetEffectiveRightsRequestControl extends Object implements Control
A partial implementation of the get effective rights request control as defined in draft-ietf-ldapext-acl-model. The main differences are:
  • The response control is not supported. Instead the OpenDJ implementation creates attributes containing effective rights information with the entry being returned.
  • The attribute type names are dynamically created.
  • The set of attributes for which effective rights information is to be requested can be included in the control.
The get effective rights request control value has the following BER encoding: 
  GetRightsControl ::= SEQUENCE {
    authzId    authzId  -- Only the "dn:DN" form is supported.
    attributes  SEQUENCE OF AttributeType
  }
You can use the control to retrieve effective rights during a search: 
 String authDN = ...;

 SearchRequest request =
         Requests.newSearchRequest(
                     "dc=example,dc=com", SearchScope.WHOLE_SUBTREE,
                     "(uid=bjensen)", "cn", "aclRights", "aclRightsInfo")
                     .addControl(GetEffectiveRightsRequestControl.newControl(
                             true, authDN, "cn"));

 ConnectionEntryReader reader = connection.search(request);
 while (reader.hasNext()) {
      if (!reader.isReference()) {
          SearchResultEntry entry = reader.readEntry();
          // Interpret aclRights and aclRightsInfo
      }
 }
The entries returned by the search hold the aclRights and aclRightsInfo attributes with the effective rights information. You must parse the attribute options and values to interpret the information.
See Also:

  • Field Details

    • OID

      public static final String OID
      The OID for the get effective rights request control.
      See Also:

    • ALIASES

      public static final List<String> ALIASES
      The user-friendly aliases for the get effective rights request control.

    • DECODER

      public static final ControlDecoder<GetEffectiveRightsRequestControl> DECODER
      A decoder which can be used for decoding the get effective rights request control.

  • Method Details

    • newControl

      public static GetEffectiveRightsRequestControl newControl(boolean isCritical, Dn authorizationName, Collection<AttributeType> attributes)
      Creates a new get effective rights request control with the provided criticality, optional authorization name and attribute list.
      Parameters:
      isCritical - true if it is unacceptable to perform the operation without applying the semantics of this control, or false if it can be ignored.
      authorizationName - The distinguished name of the user for which effective rights are to be returned, or null if the client's authentication ID is to be used.
      attributes - The list of attributes for which effective rights are to be returned, which may be empty indicating that no attribute rights are to be returned.
      Returns:
      The new control.
      Throws:
      NullPointerException - If attributes was null.

    • newControl

      public static GetEffectiveRightsRequestControl newControl(boolean isCritical, String authorizationName, String... attributes)
      Creates a new get effective rights request control with the provided criticality, optional authorization name and attribute list. The authorization name and attributes, if provided, will be decoded using the default schema.
      Parameters:
      isCritical - true if it is unacceptable to perform the operation without applying the semantics of this control, or false if it can be ignored.
      authorizationName - The distinguished name of the user for which effective rights are to be returned, or null if the client's authentication ID is to be used.
      attributes - The list of attributes for which effective rights are to be returned, which may be empty indicating that no attribute rights are to be returned.
      Returns:
      The new control.
      Throws:
      UnknownSchemaElementException - If the default schema is a strict schema and one or more of the requested attribute types were not recognized.
      LocalizedIllegalArgumentException - If authorizationName is not a valid LDAP string representation of a DN.
      NullPointerException - If attributes was null.

    • getAttributes

      public Collection<AttributeType> getAttributes()
      Returns an unmodifiable list of attributes for which effective rights are to be returned, which may be empty indicating that no attribute rights are to be returned.
      Returns:
      The unmodifiable list of attributes for which effective rights are to be returned.

    • getAuthorizationName

      public Dn getAuthorizationName()
      Returns the distinguished name of the user for which effective rights are to be returned, or null if the client's authentication ID is to be used.
      Returns:
      The distinguished name of the user for which effective rights are to be returned.

    • getOid

      public String getOid()
      Description copied from interface: Control
      Returns the numeric OID associated with this control.
      Specified by:
      getOid in interface Control
      Returns:
      The numeric OID associated with this control.

    • getValue

      public ByteString getValue()
      Description copied from interface: Control
      Returns the value, if any, associated with this control. Its format is defined by the specification of this control.
      Specified by:
      getValue in interface Control
      Returns:
      The value associated with this control, or null if there is no value.

    • hasValue

      public boolean hasValue()
      Description copied from interface: Control
      Returns true if this control has a value. In some circumstances it may be useful to determine if a control has a value, without actually calculating the value and incurring any performance costs.
      Specified by:
      hasValue in interface Control
      Returns:
      true if this control has a value, or false if there is no value.

    • isCritical

      public boolean isCritical()
      Description copied from interface: Control
      Returns true if it is unacceptable to perform the operation without applying the semantics of this control.

      The criticality field only has meaning in controls attached to request messages (except UnbindRequest). For controls attached to response messages and the UnbindRequest, the criticality field SHOULD be false, and MUST be ignored by the receiving protocol peer. A value of true indicates that it is unacceptable to perform the operation without applying the semantics of the control.

      Specified by:
      isCritical in interface Control
      Returns:
      true if this control must be processed by the Directory Server, or false if it can be ignored.

    • toString

      public String toString()
      Overrides:
      toString in class Object

    • getAlias

      public String getAlias()
      Description copied from interface: Control
      Returns the control "friendly name" alias for the control.
      Specified by:
      getAlias in interface Control
      Returns:
      "Friendly name" alias for the control.