001 /* 002 * CDDL HEADER START 003 * 004 * The contents of this file are subject to the terms of the 005 * Common Development and Distribution License, Version 1.0 only 006 * (the "License"). You may not use this file except in compliance 007 * with the License. 008 * 009 * You can obtain a copy of the license at 010 * trunk/opends/resource/legal-notices/OpenDS.LICENSE 011 * or https://OpenDS.dev.java.net/OpenDS.LICENSE. 012 * See the License for the specific language governing permissions 013 * and limitations under the License. 014 * 015 * When distributing Covered Code, include this CDDL HEADER in each 016 * file and include the License file at 017 * trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable, 018 * add the following below this CDDL HEADER, with the fields enclosed 019 * by brackets "[]" replaced with your own identifying information: 020 * Portions Copyright [yyyy] [name of copyright owner] 021 * 022 * CDDL HEADER END 023 * 024 * 025 * Copyright 2008 Sun Microsystems, Inc. 026 */ 027 package org.opends.server.types; 028 029 030 031 import java.util.HashMap; 032 import java.util.HashSet; 033 import java.util.Set; 034 035 import static org.opends.server.util.StaticUtils.*; 036 037 038 039 /** 040 * This class implements an enumeration that defines the set of 041 * privileges available in the Directory Server. 042 */ 043 @org.opends.server.types.PublicAPI( 044 stability=org.opends.server.types.StabilityLevel.UNCOMMITTED, 045 mayInstantiate=false, 046 mayExtend=false, 047 mayInvoke=true) 048 public enum Privilege 049 { 050 /** 051 * The privilege that provides the ability to bypass access control 052 * evaluation. 053 */ 054 BYPASS_ACL("bypass-acl"), 055 056 057 058 /** 059 * The privilege that provides the ability to modify access control 060 * rules. 061 */ 062 MODIFY_ACL("modify-acl"), 063 064 065 066 /** 067 * The privilege that provides the ability to read the server 068 * configuration. 069 */ 070 CONFIG_READ("config-read"), 071 072 073 074 /** 075 * The privilege that provides the ability to update the server 076 * configuration. 077 */ 078 CONFIG_WRITE("config-write"), 079 080 081 082 /** 083 * The privilege that provides the ability to perform read 084 * operations via JMX. 085 */ 086 JMX_READ("jmx-read"), 087 088 089 090 /** 091 * The privilege that provides the ability to perform write 092 * operations via JMX. 093 */ 094 JMX_WRITE("jmx-write"), 095 096 097 098 /** 099 * The privilege that provides the ability to subscribe to JMX 100 * notifications. 101 */ 102 JMX_NOTIFY("jmx-notify"), 103 104 105 106 /** 107 * The privilege that provides the ability to perform LDIF import 108 * operations. 109 */ 110 LDIF_IMPORT("ldif-import"), 111 112 113 114 /** 115 * The privilege that provides the ability to perform LDIF export 116 * operations. 117 */ 118 LDIF_EXPORT("ldif-export"), 119 120 121 122 /** 123 * The privilege that provides the ability to perform backend backup 124 * operations. 125 */ 126 BACKEND_BACKUP("backend-backup"), 127 128 129 130 /** 131 * The privilege that provides the ability to perform backend 132 * restore operations. 133 */ 134 BACKEND_RESTORE("backend-restore"), 135 136 137 138 /** 139 * The privilege that provides the ability to request a server 140 * shutdown. 141 */ 142 SERVER_SHUTDOWN("server-shutdown"), 143 144 145 146 /** 147 * The privilege that provides the ability to request a server 148 * restart. 149 */ 150 SERVER_RESTART("server-restart"), 151 152 153 154 /** 155 * The privilege that provides the ability to perform proxied 156 * authorization or request an alternate authorization identity. 157 */ 158 PROXIED_AUTH("proxied-auth"), 159 160 161 162 /** 163 * The privilege that provides the ability to terminate arbitrary 164 * client connections. 165 */ 166 DISCONNECT_CLIENT("disconnect-client"), 167 168 169 170 /** 171 * The privilege that provides the ability to cancel arbitrary 172 * client requests. 173 */ 174 CANCEL_REQUEST("cancel-request"), 175 176 177 178 /** 179 * The privilege that provides the ability to reset user passwords. 180 */ 181 PASSWORD_RESET("password-reset"), 182 183 184 185 /** 186 * The privilege that provides the ability to participate in a 187 * data synchronization environment. 188 */ 189 DATA_SYNC("data-sync"), 190 191 192 193 /** 194 * The privilege that provides the ability to update the server 195 * schema. 196 */ 197 UPDATE_SCHEMA("update-schema"), 198 199 200 201 /** 202 * The privilege that provides the ability to change the set of 203 * privileges for a user, or to change the set of privileges 204 * automatically assigned to a root user. 205 */ 206 PRIVILEGE_CHANGE("privilege-change"), 207 208 209 210 /** 211 * The privilege that provides the ability to perform an unindexed 212 * search in the JE backend. 213 */ 214 UNINDEXED_SEARCH("unindexed-search"); 215 216 217 218 /** 219 * A map that will be used to hold a mapping between privilege names 220 * and enum values. 221 */ 222 private static final HashMap<String,Privilege> PRIV_MAP = 223 new HashMap<String,Privilege>(); 224 225 226 227 /** 228 * The set of privileges that will be automatically assigned to root 229 * users if the root privilege set is not specified in the 230 * configuration. 231 */ 232 private static final HashSet<Privilege> DEFAULT_ROOT_PRIV_SET = 233 new HashSet<Privilege>(); 234 235 236 237 /** 238 * The names of the available privileges defined in this class. 239 */ 240 private static final HashSet<String> PRIV_NAMES = 241 new HashSet<String>(); 242 243 244 245 // The human-readable name for this privilege. 246 private final String privilegeName; 247 248 249 250 static 251 { 252 PRIV_MAP.put("bypass-acl", BYPASS_ACL); 253 PRIV_MAP.put("modify-acl", MODIFY_ACL); 254 PRIV_MAP.put("config-read", CONFIG_READ); 255 PRIV_MAP.put("config-write", CONFIG_WRITE); 256 PRIV_MAP.put("jmx-read", JMX_READ); 257 PRIV_MAP.put("jmx-write", JMX_WRITE); 258 PRIV_MAP.put("jmx-notify", JMX_NOTIFY); 259 PRIV_MAP.put("ldif-import", LDIF_IMPORT); 260 PRIV_MAP.put("ldif-export", LDIF_EXPORT); 261 PRIV_MAP.put("backend-backup", BACKEND_BACKUP); 262 PRIV_MAP.put("backend-restore", BACKEND_RESTORE); 263 PRIV_MAP.put("server-shutdown", SERVER_SHUTDOWN); 264 PRIV_MAP.put("server-restart", SERVER_RESTART); 265 PRIV_MAP.put("proxied-auth", PROXIED_AUTH); 266 PRIV_MAP.put("disconnect-client", DISCONNECT_CLIENT); 267 PRIV_MAP.put("cancel-request", CANCEL_REQUEST); 268 PRIV_MAP.put("password-reset", PASSWORD_RESET); 269 PRIV_MAP.put("data-sync", DATA_SYNC); 270 PRIV_MAP.put("update-schema", UPDATE_SCHEMA); 271 PRIV_MAP.put("privilege-change", PRIVILEGE_CHANGE); 272 PRIV_MAP.put("unindexed-search", UNINDEXED_SEARCH); 273 274 PRIV_NAMES.add("bypass-acl"); 275 PRIV_NAMES.add("modify-acl"); 276 PRIV_NAMES.add("config-read"); 277 PRIV_NAMES.add("config-write"); 278 PRIV_NAMES.add("jmx-read"); 279 PRIV_NAMES.add("jmx-write"); 280 PRIV_NAMES.add("jmx-notify"); 281 PRIV_NAMES.add("ldif-import"); 282 PRIV_NAMES.add("ldif-export"); 283 PRIV_NAMES.add("backend-backup"); 284 PRIV_NAMES.add("backend-restore"); 285 PRIV_NAMES.add("server-shutdown"); 286 PRIV_NAMES.add("server-restart"); 287 PRIV_NAMES.add("proxied-auth"); 288 PRIV_NAMES.add("disconnect-client"); 289 PRIV_NAMES.add("cancel-request"); 290 PRIV_NAMES.add("password-reset"); 291 PRIV_NAMES.add("data-sync"); 292 PRIV_NAMES.add("update-schema"); 293 PRIV_NAMES.add("privilege-change"); 294 PRIV_NAMES.add("unindexed-search"); 295 296 DEFAULT_ROOT_PRIV_SET.add(BYPASS_ACL); 297 DEFAULT_ROOT_PRIV_SET.add(MODIFY_ACL); 298 DEFAULT_ROOT_PRIV_SET.add(CONFIG_READ); 299 DEFAULT_ROOT_PRIV_SET.add(CONFIG_WRITE); 300 DEFAULT_ROOT_PRIV_SET.add(LDIF_IMPORT); 301 DEFAULT_ROOT_PRIV_SET.add(LDIF_EXPORT); 302 DEFAULT_ROOT_PRIV_SET.add(BACKEND_BACKUP); 303 DEFAULT_ROOT_PRIV_SET.add(BACKEND_RESTORE); 304 DEFAULT_ROOT_PRIV_SET.add(SERVER_SHUTDOWN); 305 DEFAULT_ROOT_PRIV_SET.add(SERVER_RESTART); 306 DEFAULT_ROOT_PRIV_SET.add(DISCONNECT_CLIENT); 307 DEFAULT_ROOT_PRIV_SET.add(CANCEL_REQUEST); 308 DEFAULT_ROOT_PRIV_SET.add(PASSWORD_RESET); 309 DEFAULT_ROOT_PRIV_SET.add(UPDATE_SCHEMA); 310 DEFAULT_ROOT_PRIV_SET.add(PRIVILEGE_CHANGE); 311 DEFAULT_ROOT_PRIV_SET.add(UNINDEXED_SEARCH); 312 } 313 314 315 316 /** 317 * Creates a new privilege with the provided name. 318 * 319 * @param privilegeName The human-readable name for this policy. 320 */ 321 private Privilege(String privilegeName) 322 { 323 this.privilegeName = privilegeName; 324 } 325 326 327 328 /** 329 * Retrieves the name for this privilege. 330 * 331 * @return The name for this privilege. 332 */ 333 public String getName() 334 { 335 return privilegeName; 336 } 337 338 339 340 /** 341 * Retrieves the privilege with the specified name. 342 * 343 * @param lowerPrivName The name of the privilege to retrieve, 344 * formatted in all lowercase characters. 345 * 346 * @return The requested privilege, or {@code null} if the provided 347 * value is not the name of a valid privilege. 348 */ 349 public static Privilege privilegeForName(String lowerPrivName) 350 { 351 return PRIV_MAP.get(lowerPrivName); 352 } 353 354 355 356 /** 357 * Retrieves the human-readable name for this privilege. 358 * 359 * @return The human-readable name for this privilege. 360 */ 361 public String toString() 362 { 363 return privilegeName; 364 } 365 366 367 368 /** 369 * Retrieves the set of available privilege names. 370 * 371 * @return The set of available privilege names. 372 */ 373 public static Set<String> getPrivilegeNames() 374 { 375 return PRIV_NAMES; 376 } 377 378 379 380 /** 381 * Retrieves the set of privileges that should be automatically 382 * granted to root users if the root privilege set is not specified 383 * in the configuration. 384 * 385 * @return The set of privileges that should be automatically 386 * granted to root users if the root privilege set is not 387 * specified in the configuration. 388 */ 389 public static Set<Privilege> getDefaultRootPrivileges() 390 { 391 return DEFAULT_ROOT_PRIV_SET; 392 } 393 } 394