Package org.opends.server.authorization.dseecompat

Class AciBody

java.lang.Object

org.opends.server.authorization.dseecompat.AciBody

public final class AciBody
extends Object

This class represents the body of an ACI. The body of the ACI is the version, name, and permission-bind rule pairs.

Method Summary

Modifier and Type	Method	Description
static AciBody	decode(String input, ServerContext serverContext)	Decode an ACI string representing the ACI body.
EnumEvalResult	evaluate(AciEvalContext evalCtx)	Performs an evaluation of the permission-bind rule pairs using the evaluation context.
int	getMatcherStartPos()	Get the start position in the ACI string of the ACI body.
String	getName()	Returns the name string.
String	getVersion()	Return version string of the ACI.
boolean	hasAccessType(org.opends.server.authorization.dseecompat.EnumAccessType accessType)	Checks all of the permissions in this body for a specific access type.
boolean	hasRights(int rights)	Search through each permission bind rule associated with this body and try and match a single right of the specified rights.
String	toString()

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Method Details

decode

public static AciBody decode(String input,
 ServerContext serverContext)
                      throws AciException

Decode an ACI string representing the ACI body.

Parameters:

input - String representation of the ACI body.

serverContext - The server context

Returns:

An AciBody class representing the decoded ACI body string.

Throws:

AciException - If the provided string contains errors.

hasAccessType

public boolean hasAccessType(org.opends.server.authorization.dseecompat.EnumAccessType accessType)

Checks all of the permissions in this body for a specific access type. Need to walk down each permission-bind rule pair and call it's hasAccessType method.

Parameters:

accessType - The access type enumeration to search for.

Returns:

True if the access type is found in a permission of a permission bind rule pair.

hasRights

public boolean hasRights(int rights)

Search through each permission bind rule associated with this body and try and match a single right of the specified rights.

Parameters:

rights - The rights that are used in the match.

Returns:

True if a one or more right of the specified rights matches a body's permission rights.

getMatcherStartPos

public int getMatcherStartPos()

Get the start position in the ACI string of the ACI body.

Returns:

Index into the ACI string of the ACI body.

evaluate

public EnumEvalResult evaluate(AciEvalContext evalCtx)

Performs an evaluation of the permission-bind rule pairs using the evaluation context. The method walks down each PermBindRulePair object and: 1. Skips a pair if the evaluation context rights don't apply to that ACI. For example, an LDAP search would skip an ACI pair that allows writes. 2. The pair's bind rule is evaluated using the evaluation context. 3. The result of the evaluation is itself evaluated. See comments below in the code.

Parameters:

evalCtx - The evaluation context to evaluate against.

Returns:

An enumeration result of the evaluation.

getName

public String getName()

Returns the name string.

Returns:

The name string.

getVersion

public String getVersion()

Return version string of the ACI.

Returns:

The ACI version string.

toString

public String toString()

Overrides:

toString in class Object