Package org.opends.server.authorization.dseecompat

Class AciList

java.lang.Object
org.opends.server.authorization.dseecompat.AciList
public final class AciList extends Object
The AciList class performs caching of the ACI attribute values using the entry DN as the key.

  • Constructor Details

    • AciList

      public AciList(Dn configDN)
      Constructor to create an ACI list to cache ACI attribute types.
      Parameters:
      configDN - The configuration entry DN.

  • Method Details

    • addNonGlobalAci

      public int addNonGlobalAci(Entry entry, List<LocalizableMessage> failedACIMsgs, ServerContext serverContext)
      Add all the ACI from an entry to the ACI list. There is no need to check for global ACIs since they are processed by the AciHandler at startup using the addACi single entry method.
      Parameters:
      entry - The entry containing the "aci" attribute values.
      failedACIMsgs - List that will hold error messages from ACI decode exceptions.
      serverContext - the server context
      Returns:
      The number of valid ACI attribute values added to the ACI list.

    • addAci

      public void addAci(Dn dn, SortedSet<Aci> acis)
      Add a set of ACIs to the ACI list. This is usually used a startup, when global ACIs are processed.
      Parameters:
      dn - The DN to add the ACIs under.
      acis - A set of ACIs to add to the ACI list.

    • addAci

      public void addAci(Entry entry, List<LocalizableMessage> failedACIMsgs, ServerContext serverContext)
      Add all of an entry's ACI (global or regular) attribute values to the ACI list.
      Parameters:
      entry - The entry containing the ACI attributes.
      failedACIMsgs - List that will hold error messages from ACI decode exceptions.
      serverContext - the server context

    • modAciOldNewEntry

      public void modAciOldNewEntry(Entry oldEntry, Entry newEntry, ServerContext serverContext)
      Remove all of the ACIs related to the old entry and then add all of the ACIs related to the new entry. This method locks/unlocks the list. In the case of global ACIs the DN of the entry is checked to make sure it is equal to the config DN. If not, the global ACI attribute type is silently skipped.
      Parameters:
      oldEntry - the old entry possibly containing old ACI attribute values.
      newEntry - the new entry possibly containing new ACI attribute values.
      serverContext - the server context

    • removeAci

      public void removeAci(Entry entry)
      Remove global and regular ACIs from the list. It's possible that an entry could have both attribute types (aci and ds-cfg-global-aci). Global ACIs use the NULL DN for the key. In the case of global ACIs the DN of the entry is checked to make sure it is equal to the config DN. If not, the global ACI attribute type is silently skipped.
      Parameters:
      entry - The entry containing the global ACIs.

    • renameAci

      public void renameAci(Dn oldDN, Dn newDN, ServerContext serverContext)
      Rename all ACIs under the specified old DN to the new DN. A simple interaction over the entire list is performed.
      Parameters:
      oldDN - the DN of the original entry that was moved.
      newDN - the DN of the new entry.
      serverContext - the server context