org.opends.server.authorization.dseecompat
Class AciBody

java.lang.Object
  extended by org.opends.server.authorization.dseecompat.AciBody

public class AciBody
extends java.lang.Object

This class represents the body of an ACI. The body of the ACI is the version, name, and permission-bind rule pairs.


Field Summary
static java.lang.String bodyRegx
          Regular expression used to match the body of an ACI.
 
Method Summary
static AciBody decode(java.lang.String input)
          Decode an ACI string representing the ACI body.
 EnumEvalResult evaluate(AciEvalContext evalCtx)
          Performs an evaluation of the permission-bind rule pairs using the evaluation context.
 int getMatcherStartPos()
          Get the start position in the ACI string of the ACI body.
 java.lang.String getName()
          Returns the name string.
 java.lang.String getVersion()
          Return version string of the ACI.
 boolean hasAccessType(EnumAccessType accessType)
          Checks all of the permissions in this body for a specific access type.
 boolean hasRights(int rights)
          Search through each permission bind rule associated with this body and try and match a single right of the specified rights.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

bodyRegx

public static final java.lang.String bodyRegx
Regular expression used to match the body of an ACI. This pattern is a general verification check.

See Also:
Constant Field Values
Method Detail

decode

public static AciBody decode(java.lang.String input)
                      throws AciException
Decode an ACI string representing the ACI body.

Parameters:
input - String representation of the ACI body.
Returns:
An AciBody class representing the decoded ACI body string.
Throws:
AciException - If the provided string contains errors.

hasAccessType

public boolean hasAccessType(EnumAccessType accessType)
Checks all of the permissions in this body for a specific access type. Need to walk down each permission-bind rule pair and call it's hasAccessType method.

Parameters:
accessType - The access type enumeration to search for.
Returns:
True if the access type is found in a permission of a permission bind rule pair.

hasRights

public boolean hasRights(int rights)
Search through each permission bind rule associated with this body and try and match a single right of the specified rights.

Parameters:
rights - The rights that are used in the match.
Returns:
True if a one or more right of the specified rights matches a body's permission rights.

getMatcherStartPos

public int getMatcherStartPos()
Get the start position in the ACI string of the ACI body.

Returns:
Index into the ACI string of the ACI body.

evaluate

public EnumEvalResult evaluate(AciEvalContext evalCtx)
Performs an evaluation of the permission-bind rule pairs using the evaluation context. The method walks down each PermBindRulePair object and: 1. Skips a pair if the evaluation context rights don't apply to that ACI. For example, an LDAP search would skip an ACI pair that allows writes. 2. The pair's bind rule is evaluated using the evaluation context. 3. The result of the evaluation is itself evaluated. See comments below in the code.

Parameters:
evalCtx - The evaluation context to evaluate against.
Returns:
An enumeration result of the evaluation.

getName

public java.lang.String getName()
Returns the name string.

Returns:
The name string.

getVersion

public java.lang.String getVersion()
Return version string of the ACI.

Returns:
The ACI version string.