001    /*
002     * CDDL HEADER START
003     *
004     * The contents of this file are subject to the terms of the
005     * Common Development and Distribution License, Version 1.0 only
006     * (the "License").  You may not use this file except in compliance
007     * with the License.
008     *
009     * You can obtain a copy of the license at
010     * trunk/opends/resource/legal-notices/OpenDS.LICENSE
011     * or https://OpenDS.dev.java.net/OpenDS.LICENSE.
012     * See the License for the specific language governing permissions
013     * and limitations under the License.
014     *
015     * When distributing Covered Code, include this CDDL HEADER in each
016     * file and include the License file at
017     * trunk/opends/resource/legal-notices/OpenDS.LICENSE.  If applicable,
018     * add the following below this CDDL HEADER, with the fields enclosed
019     * by brackets "[]" replaced with your own identifying information:
020     *      Portions Copyright [yyyy] [name of copyright owner]
021     *
022     * CDDL HEADER END
023     *
024     *
025     *      Copyright 2008 Sun Microsystems, Inc.
026     */
027    package org.opends.server.types;
028    
029    
030    
031    import java.util.HashMap;
032    import java.util.HashSet;
033    import java.util.Set;
034    
035    import static org.opends.server.util.StaticUtils.*;
036    
037    
038    
039    /**
040     * This class implements an enumeration that defines the set of
041     * privileges available in the Directory Server.
042     */
043    @org.opends.server.types.PublicAPI(
044         stability=org.opends.server.types.StabilityLevel.UNCOMMITTED,
045         mayInstantiate=false,
046         mayExtend=false,
047         mayInvoke=true)
048    public enum Privilege
049    {
050      /**
051       * The privilege that provides the ability to bypass access control
052       * evaluation.
053       */
054      BYPASS_ACL("bypass-acl"),
055    
056    
057    
058      /**
059       * The privilege that provides the ability to modify access control
060       * rules.
061       */
062      MODIFY_ACL("modify-acl"),
063    
064    
065    
066      /**
067       * The privilege that provides the ability to read the server
068       * configuration.
069       */
070      CONFIG_READ("config-read"),
071    
072    
073    
074      /**
075       * The privilege that provides the ability to update the server
076       * configuration.
077       */
078      CONFIG_WRITE("config-write"),
079    
080    
081    
082      /**
083       * The privilege that provides the ability to perform read
084       * operations via JMX.
085       */
086      JMX_READ("jmx-read"),
087    
088    
089    
090      /**
091       * The privilege that provides the ability to perform write
092       * operations via JMX.
093       */
094      JMX_WRITE("jmx-write"),
095    
096    
097    
098      /**
099       * The privilege that provides the ability to subscribe to JMX
100       * notifications.
101       */
102      JMX_NOTIFY("jmx-notify"),
103    
104    
105    
106      /**
107       * The privilege that provides the ability to perform LDIF import
108       * operations.
109       */
110      LDIF_IMPORT("ldif-import"),
111    
112    
113    
114      /**
115       * The privilege that provides the ability to perform LDIF export
116       * operations.
117       */
118      LDIF_EXPORT("ldif-export"),
119    
120    
121    
122      /**
123       * The privilege that provides the ability to perform backend backup
124       * operations.
125       */
126      BACKEND_BACKUP("backend-backup"),
127    
128    
129    
130      /**
131       * The privilege that provides the ability to perform backend
132       * restore operations.
133       */
134      BACKEND_RESTORE("backend-restore"),
135    
136    
137    
138      /**
139       * The privilege that provides the ability to request a server
140       * shutdown.
141       */
142      SERVER_SHUTDOWN("server-shutdown"),
143    
144    
145    
146      /**
147       * The privilege that provides the ability to request a server
148       * restart.
149       */
150      SERVER_RESTART("server-restart"),
151    
152    
153    
154      /**
155       * The privilege that provides the ability to perform proxied
156       * authorization or request an alternate authorization identity.
157       */
158      PROXIED_AUTH("proxied-auth"),
159    
160    
161    
162      /**
163       * The privilege that provides the ability to terminate arbitrary
164       * client connections.
165       */
166      DISCONNECT_CLIENT("disconnect-client"),
167    
168    
169    
170      /**
171       * The privilege that provides the ability to cancel arbitrary
172       * client requests.
173       */
174      CANCEL_REQUEST("cancel-request"),
175    
176    
177    
178      /**
179       * The privilege that provides the ability to reset user passwords.
180       */
181      PASSWORD_RESET("password-reset"),
182    
183    
184    
185      /**
186       * The privilege that provides the ability to participate in a
187       * data synchronization environment.
188       */
189      DATA_SYNC("data-sync"),
190    
191    
192    
193      /**
194       * The privilege that provides the ability to update the server
195       * schema.
196       */
197      UPDATE_SCHEMA("update-schema"),
198    
199    
200    
201      /**
202       * The privilege that provides the ability to change the set of
203       * privileges for a user, or to change the set of privileges
204       * automatically assigned to a root user.
205       */
206      PRIVILEGE_CHANGE("privilege-change"),
207    
208    
209    
210      /**
211       * The privilege that provides the ability to perform an unindexed
212       * search in the JE backend.
213       */
214      UNINDEXED_SEARCH("unindexed-search");
215    
216    
217    
218      /**
219       * A map that will be used to hold a mapping between privilege names
220       * and enum values.
221       */
222      private static final HashMap<String,Privilege> PRIV_MAP =
223           new HashMap<String,Privilege>();
224    
225    
226    
227      /**
228       * The set of privileges that will be automatically assigned to root
229       * users if the root privilege set is not specified in the
230       * configuration.
231       */
232      private static final HashSet<Privilege> DEFAULT_ROOT_PRIV_SET =
233           new HashSet<Privilege>();
234    
235    
236    
237      /**
238       * The names of the available privileges defined in this class.
239       */
240      private static final HashSet<String> PRIV_NAMES =
241           new HashSet<String>();
242    
243    
244    
245      // The human-readable name for this privilege.
246      private final String privilegeName;
247    
248    
249    
250      static
251      {
252        PRIV_MAP.put("bypass-acl", BYPASS_ACL);
253        PRIV_MAP.put("modify-acl", MODIFY_ACL);
254        PRIV_MAP.put("config-read", CONFIG_READ);
255        PRIV_MAP.put("config-write", CONFIG_WRITE);
256        PRIV_MAP.put("jmx-read", JMX_READ);
257        PRIV_MAP.put("jmx-write", JMX_WRITE);
258        PRIV_MAP.put("jmx-notify", JMX_NOTIFY);
259        PRIV_MAP.put("ldif-import", LDIF_IMPORT);
260        PRIV_MAP.put("ldif-export", LDIF_EXPORT);
261        PRIV_MAP.put("backend-backup", BACKEND_BACKUP);
262        PRIV_MAP.put("backend-restore", BACKEND_RESTORE);
263        PRIV_MAP.put("server-shutdown", SERVER_SHUTDOWN);
264        PRIV_MAP.put("server-restart", SERVER_RESTART);
265        PRIV_MAP.put("proxied-auth", PROXIED_AUTH);
266        PRIV_MAP.put("disconnect-client", DISCONNECT_CLIENT);
267        PRIV_MAP.put("cancel-request", CANCEL_REQUEST);
268        PRIV_MAP.put("password-reset", PASSWORD_RESET);
269        PRIV_MAP.put("data-sync", DATA_SYNC);
270        PRIV_MAP.put("update-schema", UPDATE_SCHEMA);
271        PRIV_MAP.put("privilege-change", PRIVILEGE_CHANGE);
272        PRIV_MAP.put("unindexed-search", UNINDEXED_SEARCH);
273    
274        PRIV_NAMES.add("bypass-acl");
275        PRIV_NAMES.add("modify-acl");
276        PRIV_NAMES.add("config-read");
277        PRIV_NAMES.add("config-write");
278        PRIV_NAMES.add("jmx-read");
279        PRIV_NAMES.add("jmx-write");
280        PRIV_NAMES.add("jmx-notify");
281        PRIV_NAMES.add("ldif-import");
282        PRIV_NAMES.add("ldif-export");
283        PRIV_NAMES.add("backend-backup");
284        PRIV_NAMES.add("backend-restore");
285        PRIV_NAMES.add("server-shutdown");
286        PRIV_NAMES.add("server-restart");
287        PRIV_NAMES.add("proxied-auth");
288        PRIV_NAMES.add("disconnect-client");
289        PRIV_NAMES.add("cancel-request");
290        PRIV_NAMES.add("password-reset");
291        PRIV_NAMES.add("data-sync");
292        PRIV_NAMES.add("update-schema");
293        PRIV_NAMES.add("privilege-change");
294        PRIV_NAMES.add("unindexed-search");
295    
296        DEFAULT_ROOT_PRIV_SET.add(BYPASS_ACL);
297        DEFAULT_ROOT_PRIV_SET.add(MODIFY_ACL);
298        DEFAULT_ROOT_PRIV_SET.add(CONFIG_READ);
299        DEFAULT_ROOT_PRIV_SET.add(CONFIG_WRITE);
300        DEFAULT_ROOT_PRIV_SET.add(LDIF_IMPORT);
301        DEFAULT_ROOT_PRIV_SET.add(LDIF_EXPORT);
302        DEFAULT_ROOT_PRIV_SET.add(BACKEND_BACKUP);
303        DEFAULT_ROOT_PRIV_SET.add(BACKEND_RESTORE);
304        DEFAULT_ROOT_PRIV_SET.add(SERVER_SHUTDOWN);
305        DEFAULT_ROOT_PRIV_SET.add(SERVER_RESTART);
306        DEFAULT_ROOT_PRIV_SET.add(DISCONNECT_CLIENT);
307        DEFAULT_ROOT_PRIV_SET.add(CANCEL_REQUEST);
308        DEFAULT_ROOT_PRIV_SET.add(PASSWORD_RESET);
309        DEFAULT_ROOT_PRIV_SET.add(UPDATE_SCHEMA);
310        DEFAULT_ROOT_PRIV_SET.add(PRIVILEGE_CHANGE);
311        DEFAULT_ROOT_PRIV_SET.add(UNINDEXED_SEARCH);
312      }
313    
314    
315    
316      /**
317       * Creates a new privilege with the provided name.
318       *
319       * @param  privilegeName  The human-readable name for this policy.
320       */
321      private Privilege(String privilegeName)
322      {
323        this.privilegeName = privilegeName;
324      }
325    
326    
327    
328      /**
329       * Retrieves the name for this privilege.
330       *
331       * @return  The name for this privilege.
332       */
333      public String getName()
334      {
335        return privilegeName;
336      }
337    
338    
339    
340      /**
341       * Retrieves the privilege with the specified name.
342       *
343       * @param  lowerPrivName  The name of the privilege to retrieve,
344       *                        formatted in all lowercase characters.
345       *
346       * @return  The requested privilege, or {@code null} if the provided
347       *          value is not the name of a valid privilege.
348       */
349      public static Privilege privilegeForName(String lowerPrivName)
350      {
351        return PRIV_MAP.get(lowerPrivName);
352      }
353    
354    
355    
356      /**
357       * Retrieves the human-readable name for this privilege.
358       *
359       * @return  The human-readable name for this privilege.
360       */
361      public String toString()
362      {
363        return privilegeName;
364      }
365    
366    
367    
368      /**
369       * Retrieves the set of available privilege names.
370       *
371       * @return  The set of available privilege names.
372       */
373      public static Set<String> getPrivilegeNames()
374      {
375        return PRIV_NAMES;
376      }
377    
378    
379    
380      /**
381       * Retrieves the set of privileges that should be automatically
382       * granted to root users if the root privilege set is not specified
383       * in the configuration.
384       *
385       * @return  The set of privileges that should be automatically
386       *          granted to root users if the root privilege set is not
387       *          specified in the configuration.
388       */
389      public static Set<Privilege> getDefaultRootPrivileges()
390      {
391        return DEFAULT_ROOT_PRIV_SET;
392      }
393    }
394