You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by tr...@apache.org on 2005/10/01 13:04:13 UTC
svn commit: r292951 -
/directory/shared/ldap/trunk/common/src/java/org/apache/ldap/common/aci/
Author: trustin
Date: Sat Oct 1 04:04:03 2005
New Revision: 292951
URL: http://svn.apache.org/viewcvs?rev=292951&view=rev
Log:
Added JavaDoc to org.apache.ldap.common.aci package.
Added:
directory/shared/ldap/trunk/common/src/java/org/apache/ldap/common/aci/package.html (with props)
Modified:
directory/shared/ldap/trunk/common/src/java/org/apache/ldap/common/aci/ACIItem.java
directory/shared/ldap/trunk/common/src/java/org/apache/ldap/common/aci/ACITuple.java
directory/shared/ldap/trunk/common/src/java/org/apache/ldap/common/aci/AuthenticationLevel.java
directory/shared/ldap/trunk/common/src/java/org/apache/ldap/common/aci/GrantAndDenial.java
directory/shared/ldap/trunk/common/src/java/org/apache/ldap/common/aci/ItemFirstACIItem.java
directory/shared/ldap/trunk/common/src/java/org/apache/ldap/common/aci/ItemPermission.java
directory/shared/ldap/trunk/common/src/java/org/apache/ldap/common/aci/MicroOperation.java
directory/shared/ldap/trunk/common/src/java/org/apache/ldap/common/aci/Permission.java
directory/shared/ldap/trunk/common/src/java/org/apache/ldap/common/aci/ProtectedItem.java
directory/shared/ldap/trunk/common/src/java/org/apache/ldap/common/aci/UserClass.java
directory/shared/ldap/trunk/common/src/java/org/apache/ldap/common/aci/UserFirstACIItem.java
directory/shared/ldap/trunk/common/src/java/org/apache/ldap/common/aci/UserPermission.java
Modified: directory/shared/ldap/trunk/common/src/java/org/apache/ldap/common/aci/ACIItem.java
URL: http://svn.apache.org/viewcvs/directory/shared/ldap/trunk/common/src/java/org/apache/ldap/common/aci/ACIItem.java?rev=292951&r1=292950&r2=292951&view=diff
==============================================================================
--- directory/shared/ldap/trunk/common/src/java/org/apache/ldap/common/aci/ACIItem.java (original)
+++ directory/shared/ldap/trunk/common/src/java/org/apache/ldap/common/aci/ACIItem.java Sat Oct 1 04:04:03 2005
@@ -24,6 +24,14 @@
import java.util.Iterator;
import java.util.Set;
+/**
+ * An abstract class that provides common properties and operations for
+ * {@link ItemFirstACIItem} and {@link UserFirstACIItem} as specified X.501
+ * specification.
+ *
+ * @author The Apache Directory Project
+ * @version $Rev$, $Date$
+ */
public abstract class ACIItem implements Serializable
{
private String identificationTag;
@@ -31,6 +39,13 @@
private int precedence = 0;
private AuthenticationLevel authenticationLevel;
+ /**
+ * Creates a new instance
+ *
+ * @param identificationTag the id string of this item
+ * @param precedence the precedence of this item
+ * @param authenticationLevel the level of authentication required to this item
+ */
protected ACIItem(
String identificationTag,
int precedence,
@@ -54,23 +69,40 @@
this.authenticationLevel = authenticationLevel;
}
+ /**
+ * Returns the id string of this item.
+ */
public String getIdentificationTag()
{
return identificationTag;
}
+ /**
+ * Returns the precedence of this item.
+ */
public int getPrecedence()
{
return precedence;
}
+ /**
+ * Returns the level of authentication required to this item.
+ */
public AuthenticationLevel getAuthenticationLevel()
{
return authenticationLevel;
}
+ /**
+ * Converts this item into a collection of {@link ACITuple}s and
+ * returns it.
+ */
public abstract Collection toTuples();
+ /**
+ * Converts a set of {@link GrantAndDenial}s into a set of
+ * {@link MicroOperation}s and returns it.
+ */
protected static Set toMicroOperations( Set grantsAndDenials )
{
Set microOps = new HashSet();
Modified: directory/shared/ldap/trunk/common/src/java/org/apache/ldap/common/aci/ACITuple.java
URL: http://svn.apache.org/viewcvs/directory/shared/ldap/trunk/common/src/java/org/apache/ldap/common/aci/ACITuple.java?rev=292951&r1=292950&r2=292951&view=diff
==============================================================================
--- directory/shared/ldap/trunk/common/src/java/org/apache/ldap/common/aci/ACITuple.java (original)
+++ directory/shared/ldap/trunk/common/src/java/org/apache/ldap/common/aci/ACITuple.java Sat Oct 1 04:04:03 2005
@@ -26,6 +26,13 @@
import java.util.Iterator;
import java.util.Set;
+/**
+ * A flatten entity which is converted from an {@link ACIItem}.
+ * The tuples are accepted by ACDF (Access Control Decision Function, 18.8, X.501)
+ *
+ * @author The Apache Directory Project
+ * @version $Rev$, $Date$
+ */
public class ACITuple implements Serializable
{
private static final long serialVersionUID = 4353150626941232371L;
@@ -37,6 +44,16 @@
private final boolean grant;
private final int precedence;
+ /**
+ * Creates a new instance.
+ *
+ * @param userClasses the collection of {@link UserClass}es this tuple relates to
+ * @param authenticationLevel the level of authentication required
+ * @param protectedItems the collection of {@link ProtectedItem}s this tuple relates
+ * @param microOperations the set of {@link MicroOperation}s this tuple relates
+ * @param grant <tt>true</tt> if and only if this tuple grants an access
+ * @param precedence the precedence of this tuple (<tt>0</tt>-<tt>255</tt>)
+ */
public ACITuple(
Collection userClasses, AuthenticationLevel authenticationLevel,
Collection protectedItems, Set microOperations, boolean grant, int precedence )
@@ -86,31 +103,49 @@
this.precedence = precedence;
}
+ /**
+ * Returns the collection of {@link UserClass}es this tuple relates to.
+ */
public Collection getUserClasses()
{
return userClasses;
}
+ /**
+ * Returns the level of authentication required.
+ */
public AuthenticationLevel getAuthenticationLevel()
{
return authenticationLevel;
}
+ /**
+ * Returns the collection of {@link ProtectedItem}s this tuple relates.
+ */
public Collection getProtectedItems()
{
return protectedItems;
}
+ /**
+ * Returns the set of {@link MicroOperation}s this tuple relates.
+ */
public Set getMicroOperations()
{
return microOperations;
}
-
+
+ /**
+ * Returns <tt>true</tt> if and only if this tuple grants an access.
+ */
public boolean isGrant()
{
return grant;
}
+ /**
+ * Returns the precedence of this tuple (<tt>0</tt>-<tt>255</tt>).
+ */
public int getPrecedence()
{
return precedence;
Modified: directory/shared/ldap/trunk/common/src/java/org/apache/ldap/common/aci/AuthenticationLevel.java
URL: http://svn.apache.org/viewcvs/directory/shared/ldap/trunk/common/src/java/org/apache/ldap/common/aci/AuthenticationLevel.java?rev=292951&r1=292950&r2=292951&view=diff
==============================================================================
--- directory/shared/ldap/trunk/common/src/java/org/apache/ldap/common/aci/AuthenticationLevel.java (original)
+++ directory/shared/ldap/trunk/common/src/java/org/apache/ldap/common/aci/AuthenticationLevel.java Sat Oct 1 04:04:03 2005
@@ -20,14 +20,30 @@
import java.io.Serializable;
+/**
+ * An enumeration that represents the level of authentication.
+ *
+ * @author The Apache Directory Project
+ * @version $Rev$, $Date$
+ */
public class AuthenticationLevel implements Comparable, Serializable
{
private static final long serialVersionUID = -6757937682267073130L;
+ /**
+ * No authentication (anonymous access)
+ */
public static final AuthenticationLevel NONE =
new AuthenticationLevel( 0, "none" );
+ /**
+ * Simple authentication (bound with plain-text credentials)
+ */
public static final AuthenticationLevel SIMPLE =
new AuthenticationLevel( 1, "simple" );
+
+ /**
+ * Strong authentication (bound with encrypted cerdentials)
+ */
public static final AuthenticationLevel STRONG =
new AuthenticationLevel( 2, "strong" );
@@ -40,11 +56,17 @@
this.name = name;
}
+ /**
+ * Returns the integet value of this level (greater value, stronger level).
+ */
public int getLevel()
{
return level;
}
+ /**
+ * Returns the name of this level.
+ */
public String getName()
{
return name;
Modified: directory/shared/ldap/trunk/common/src/java/org/apache/ldap/common/aci/GrantAndDenial.java
URL: http://svn.apache.org/viewcvs/directory/shared/ldap/trunk/common/src/java/org/apache/ldap/common/aci/GrantAndDenial.java?rev=292951&r1=292950&r2=292951&view=diff
==============================================================================
--- directory/shared/ldap/trunk/common/src/java/org/apache/ldap/common/aci/GrantAndDenial.java (original)
+++ directory/shared/ldap/trunk/common/src/java/org/apache/ldap/common/aci/GrantAndDenial.java Sat Oct 1 04:04:03 2005
@@ -18,40 +18,72 @@
*/
package org.apache.ldap.common.aci;
+/**
+ * An enumeration that represents grants or denials of {@link MicroOperation}s.
+ *
+ * @author The Apache Directory Project
+ * @version $Rev$, $Date$
+ */
public class GrantAndDenial
{
// Permissions that may be used in conjunction with any component of
// <tt>ProtectedItem</tt>s.
+ /** Grant for {@link MicroOperation#ADD} */
public static final GrantAndDenial GRANT_ADD = new GrantAndDenial( MicroOperation.ADD, 0, true );
+ /** Denial for {@link MicroOperation#ADD} */
public static final GrantAndDenial DENY_ADD = new GrantAndDenial( MicroOperation.ADD, 1, false );
+ /** Grant for {@link MicroOperation#DISCLOSE_ON_ERROR} */
public static final GrantAndDenial GRANT_DISCLOSE_ON_ERROR = new GrantAndDenial( MicroOperation.DISCLOSE_ON_ERROR, 2, true );
+ /** Denial for {@link MicroOperation#DISCLOSE_ON_ERROR} */
public static final GrantAndDenial DENY_DISCLOSE_ON_ERROR = new GrantAndDenial( MicroOperation.DISCLOSE_ON_ERROR, 3, false );
+ /** Grant for {@link MicroOperation#READ} */
public static final GrantAndDenial GRANT_READ = new GrantAndDenial( MicroOperation.READ, 4, true );
+ /** Denial for {@link MicroOperation#READ} */
public static final GrantAndDenial DENY_READ = new GrantAndDenial( MicroOperation.READ, 5, false );
+ /** Grant for {@link MicroOperation#REMOVE} */
public static final GrantAndDenial GRANT_REMOVE = new GrantAndDenial( MicroOperation.REMOVE, 6, true );
+ /** Denial for {@link MicroOperation#REMOVE} */
public static final GrantAndDenial DENY_REMOVE = new GrantAndDenial( MicroOperation.REMOVE, 7, false );
// Permissions that may be used only in conjunction with the entry component.
+ /** Grant for {@link MicroOperation#BROWSE} */
public static final GrantAndDenial GRANT_BROWSE = new GrantAndDenial( MicroOperation.BROWSE, 8, true );
+ /** Denial for {@link MicroOperation#BROWSE} */
public static final GrantAndDenial DENY_BROWSE = new GrantAndDenial( MicroOperation.BROWSE, 9, false );
+ /** Grant for {@link MicroOperation#EXPORT} */
public static final GrantAndDenial GRANT_EXPORT = new GrantAndDenial( MicroOperation.EXPORT, 10, true );
+ /** Denial for {@link MicroOperation#EXPORT} */
public static final GrantAndDenial DENY_EXPORT = new GrantAndDenial( MicroOperation.EXPORT, 11, false );
+ /** Grant for {@link MicroOperation#IMPORT} */
public static final GrantAndDenial GRANT_IMPORT = new GrantAndDenial( MicroOperation.IMPORT, 12, true );
+ /** Denial for {@link MicroOperation#IMPORT} */
public static final GrantAndDenial DENY_IMPORT = new GrantAndDenial( MicroOperation.IMPORT, 13, false );
+ /** Grant for {@link MicroOperation#MODIFY} */
public static final GrantAndDenial GRANT_MODIFY = new GrantAndDenial( MicroOperation.MODIFY, 14, true );
+ /** Denial for {@link MicroOperation#MODIFY} */
public static final GrantAndDenial DENY_MODIFY = new GrantAndDenial( MicroOperation.MODIFY, 15, false );
+ /** Grant for {@link MicroOperation#RENAME} */
public static final GrantAndDenial GRANT_RENAME = new GrantAndDenial( MicroOperation.RENAME, 16, true );
+ /** Denial for {@link MicroOperation#RENAME} */
public static final GrantAndDenial DENY_RENAME = new GrantAndDenial( MicroOperation.RENAME, 17, false );
+ /** Grant for {@link MicroOperation#RETURN_DN} */
public static final GrantAndDenial GRANT_RETURN_DN = new GrantAndDenial( MicroOperation.RETURN_DN, 18, true );
+ /** Denial for {@link MicroOperation#RETURN_DN} */
public static final GrantAndDenial DENY_RETURN_DN = new GrantAndDenial( MicroOperation.RETURN_DN, 19, false );
// Permissions that may be used in conjunction with any component,
// except entry, of <tt>ProtectedItem</tt>s.
+ /** Grant for {@link MicroOperation#COMPARE} */
public static final GrantAndDenial GRANT_COMPARE = new GrantAndDenial( MicroOperation.COMPARE, 20, true );
+ /** Deny for {@link MicroOperation#COMPARE} */
public static final GrantAndDenial DENY_COMPARE = new GrantAndDenial( MicroOperation.COMPARE, 21, false );
+ /** Grant for {@link MicroOperation#FILTER_MATCH} */
public static final GrantAndDenial GRANT_FILTER_MATCH = new GrantAndDenial( MicroOperation.FILTER_MATCH, 22, true );
+ /** Denial for {@link MicroOperation#FILTER_MATCH} */
public static final GrantAndDenial DENY_FILTER_MATCH = new GrantAndDenial( MicroOperation.FILTER_MATCH, 23, false );
+ /** Grant for {@link MicroOperation#INVOKE} */
public static final GrantAndDenial GRANT_INVOKE = new GrantAndDenial( MicroOperation.INVOKE, 24, true );
+ /** Denial for {@link MicroOperation#INVOKE} */
public static final GrantAndDenial DENY_INVOKE = new GrantAndDenial( MicroOperation.INVOKE, 25, false );
private final MicroOperation microOperation;
@@ -67,21 +99,33 @@
this.grant = grant;
}
+ /**
+ * Returns the {@link MicroOperation} related with this grant or denial.
+ */
public MicroOperation getMicroOperation()
{
return microOperation;
}
-
+
+ /**
+ * Return the code number of this grant or denial.
+ */
public int getCode()
{
return code;
}
+ /**
+ * Returns the name of this grant or denial.
+ */
public String getName()
{
return name;
}
+ /**
+ * Returns <tt>true</tt> if and only if this is grant.
+ */
public boolean isGrant()
{
return grant;
Modified: directory/shared/ldap/trunk/common/src/java/org/apache/ldap/common/aci/ItemFirstACIItem.java
URL: http://svn.apache.org/viewcvs/directory/shared/ldap/trunk/common/src/java/org/apache/ldap/common/aci/ItemFirstACIItem.java?rev=292951&r1=292950&r2=292951&view=diff
==============================================================================
--- directory/shared/ldap/trunk/common/src/java/org/apache/ldap/common/aci/ItemFirstACIItem.java (original)
+++ directory/shared/ldap/trunk/common/src/java/org/apache/ldap/common/aci/ItemFirstACIItem.java Sat Oct 1 04:04:03 2005
@@ -24,6 +24,13 @@
import java.util.Iterator;
import java.util.Set;
+/**
+ * An {@link ACIItem} which specifies {@link ProtectedItem}s first and then
+ * {@link UserClass}es each {@link ProtectedItem} will have. (18.4.2.4. X.501)
+ *
+ * @author The Apache Directory Project
+ * @version $Rev$, $Date$
+ */
public class ItemFirstACIItem extends ACIItem
{
private static final long serialVersionUID = -8199453391060356463L;
@@ -31,6 +38,15 @@
private final Collection protectedItems;
private final Collection itemPermissions;
+ /**
+ * Creates a new instance.
+ *
+ * @param identificationTag the id string of this item
+ * @param precedence the precedence of this item
+ * @param authenticationLevel the level of authentication required to this item
+ * @param protectedItems the collection of {@link ProtectedItem}s this item protects
+ * @param itemPermissions the collection of {@link ItemPermission}s each <tt>protectedItems</tt> will have
+ */
public ItemFirstACIItem(
String identificationTag,
int precedence,
@@ -62,11 +78,17 @@
this.itemPermissions = Collections.unmodifiableCollection( new ArrayList( itemPermissions ) );
}
+ /**
+ * Returns the collection of {@link ProtectedItem}s.
+ */
public Collection getProtectedItems()
{
return protectedItems;
}
-
+
+ /**
+ * Returns the collection of {@link ItemPermission}s.
+ */
public Collection getItemPermissions()
{
return itemPermissions;
Modified: directory/shared/ldap/trunk/common/src/java/org/apache/ldap/common/aci/ItemPermission.java
URL: http://svn.apache.org/viewcvs/directory/shared/ldap/trunk/common/src/java/org/apache/ldap/common/aci/ItemPermission.java?rev=292951&r1=292950&r2=292951&view=diff
==============================================================================
--- directory/shared/ldap/trunk/common/src/java/org/apache/ldap/common/aci/ItemPermission.java (original)
+++ directory/shared/ldap/trunk/common/src/java/org/apache/ldap/common/aci/ItemPermission.java Sat Oct 1 04:04:03 2005
@@ -23,12 +23,26 @@
import java.util.Collections;
import java.util.Iterator;
+/**
+ * Represents permissions to be applied to all {@link ProtectedItem}s in
+ * {@link ItemFirstACIItem}.
+ *
+ * @author The Apache Directory Project
+ * @version $Rev$, $Date$
+ */
public class ItemPermission extends Permission
{
private static final long serialVersionUID = 3940100745409337694L;
private final Collection userClasses;
-
+
+ /**
+ * Creates a new instance
+ *
+ * @param precedence the precedence of this permission (<tt>-1</tt> to use the default)
+ * @param grantsAndDenials the set of {@link GrantAndDenial}s
+ * @param userClasses the collection of {@link UserClass}es
+ */
public ItemPermission( int precedence, Collection grantsAndDenials, Collection userClasses )
{
super( precedence, grantsAndDenials );
@@ -46,6 +60,9 @@
this.userClasses = Collections.unmodifiableCollection( new ArrayList( userClasses ) );
}
+ /**
+ * Returns the collection of {@link UserClass}es.
+ */
public Collection getUserClasses()
{
return userClasses;
Modified: directory/shared/ldap/trunk/common/src/java/org/apache/ldap/common/aci/MicroOperation.java
URL: http://svn.apache.org/viewcvs/directory/shared/ldap/trunk/common/src/java/org/apache/ldap/common/aci/MicroOperation.java?rev=292951&r1=292950&r2=292951&view=diff
==============================================================================
--- directory/shared/ldap/trunk/common/src/java/org/apache/ldap/common/aci/MicroOperation.java (original)
+++ directory/shared/ldap/trunk/common/src/java/org/apache/ldap/common/aci/MicroOperation.java Sat Oct 1 04:04:03 2005
@@ -18,6 +18,12 @@
*/
package org.apache.ldap.common.aci;
+/**
+ * An enumeration that represents all micro-operations that makes up LDAP operations.
+ *
+ * @author The Apache Directory Project
+ * @version $Rev$, $Date$
+ */
public class MicroOperation
{
// Permissions that may be used in conjunction with any component of
@@ -48,6 +54,9 @@
this.name = name;
}
+ /**
+ * Returns the name of this micro-operation.
+ */
public String getName()
{
return name;
Modified: directory/shared/ldap/trunk/common/src/java/org/apache/ldap/common/aci/Permission.java
URL: http://svn.apache.org/viewcvs/directory/shared/ldap/trunk/common/src/java/org/apache/ldap/common/aci/Permission.java?rev=292951&r1=292950&r2=292951&view=diff
==============================================================================
--- directory/shared/ldap/trunk/common/src/java/org/apache/ldap/common/aci/Permission.java (original)
+++ directory/shared/ldap/trunk/common/src/java/org/apache/ldap/common/aci/Permission.java Sat Oct 1 04:04:03 2005
@@ -25,13 +25,26 @@
import java.util.Iterator;
import java.util.Set;
+/**
+ * An abstract base class for {@link ItemPermission} and {@link UserPermission}.
+ *
+ * @author The Apache Directory Project
+ * @version $Rev$, $Date$
+ *
+ */
public abstract class Permission implements Serializable
{
private final int precedence;
private final Set grantsAndDenials;
private final Set grants;
private final Set denials;
-
+
+ /**
+ * Creates a new instance
+ *
+ * @param precedence the precedence of this permission (<tt>-1</tt> to use the default)
+ * @param grantsAndDenials the set of {@link GrantAndDenial}s
+ */
protected Permission( int precedence, Collection grantsAndDenials )
{
if( precedence < 0 || precedence > 255 )
@@ -70,21 +83,33 @@
this.grantsAndDenials = Collections.unmodifiableSet( tmpGrantsAndDenials );
}
+ /**
+ * Returns the precedence of this permission.
+ */
public int getPrecedence()
{
return precedence;
}
+ /**
+ * Returns the set of {@link GrantAndDenial}s.
+ */
public Set getGrantsAndDenials()
{
return grantsAndDenials;
}
+ /**
+ * Returns the set of grants only.
+ */
public Set getGrants()
{
return grants;
}
+ /**
+ * Returns the set of denials only.
+ */
public Set getDenials()
{
return denials;
Modified: directory/shared/ldap/trunk/common/src/java/org/apache/ldap/common/aci/ProtectedItem.java
URL: http://svn.apache.org/viewcvs/directory/shared/ldap/trunk/common/src/java/org/apache/ldap/common/aci/ProtectedItem.java?rev=292951&r1=292950&r2=292951&view=diff
==============================================================================
--- directory/shared/ldap/trunk/common/src/java/org/apache/ldap/common/aci/ProtectedItem.java (original)
+++ directory/shared/ldap/trunk/common/src/java/org/apache/ldap/common/aci/ProtectedItem.java Sat Oct 1 04:04:03 2005
@@ -28,23 +28,63 @@
import org.apache.ldap.common.filter.ExprNode;
+/**
+ * Defines the items to which the access controls apply.
+ *
+ * @author The Apache Directory Project
+ * @version $Rev$, $Date$
+ */
public abstract class ProtectedItem implements Serializable
{
+ /**
+ * The entry contents as a whole. In case of a family member, it also means
+ * the entry content of each subordinate family member within the same
+ * compound attribute. It does not necessarily include the information in
+ * these entries. This element shall be ignored if the classes element is
+ * present, since this latter element selects protected entries (and
+ * subordinate family members) on the basis of their object class.
+ */
public static final Entry ENTRY = new Entry();
+
+ /**
+ * All user attribute type information associated with the entry, but not
+ * values associated with those attributes.
+ */
public static final AllUserAttributeTypes ALL_USER_ATTRIBUTE_TYPES = new AllUserAttributeTypes();
+
+ /**
+ * All user attribute information associated with the entry, including all
+ * values of all user attributes.
+ */
public static final AllUserAttributeTypesAndValues ALL_USER_ATTRIBUTE_TYPES_AND_VALUES = new AllUserAttributeTypesAndValues();
+ /**
+ * Creates a new instance.
+ */
protected ProtectedItem()
{
}
+ /**
+ * The contents of entries (possibly a family member) which are restricted
+ * to those that have object class values that satisfy the predicate defined
+ * by Refinement (see 12.3.5), together (in the case of an ancestor or other
+ * family member) with the entry contents as a whole of each subordinate
+ * family member entry; it does not necessarily include the information in
+ * these entries.
+ */
public static class Classes extends ProtectedItem
{
private static final long serialVersionUID = -8553151906617285325L;
private final ExprNode classes;
+ /**
+ * Creates a new instance.
+ *
+ * @param classes refinement
+ */
public Classes( ExprNode classes )
{
this.classes = classes;
@@ -72,6 +112,14 @@
}
}
+ /**
+ * The entry contents as a whole. In case of a family member, it also means
+ * the entry content of each subordinate family member within the same
+ * compound attribute. It does not necessarily include the information in
+ * these entries. This element shall be ignored if the classes element is
+ * present, since this latter element selects protected entries (and
+ * subordinate family members) on the basis of their object class.
+ */
public static class Entry extends ProtectedItem
{
private static final long serialVersionUID = -6971482229815999874L;
@@ -86,6 +134,10 @@
}
}
+ /**
+ * All user attribute type information associated with the entry,
+ * but not values associated with those attributes.
+ */
public static class AllUserAttributeTypes extends ProtectedItem
{
private static final long serialVersionUID = 3728652941148931359L;
@@ -100,6 +152,10 @@
}
}
+ /**
+ * All user attribute information associated with the entry,
+ * including all values of all user attributes.
+ */
public static class AllUserAttributeTypesAndValues extends ProtectedItem
{
private static final long serialVersionUID = 7250988885983604442L;
@@ -114,10 +170,18 @@
}
}
+ /**
+ * A base class for all items which protects attribute types (or its values)
+ */
private abstract static class AttributeTypeProtectedItem extends ProtectedItem
{
protected final Collection attributeTypes;
+ /**
+ * Creates a new instance.
+ *
+ * @param attributeTypes the collection of attirbute IDs
+ */
protected AttributeTypeProtectedItem( Collection attributeTypes )
{
Collection tmp = new ArrayList();
@@ -136,6 +200,9 @@
this.attributeTypes = Collections.unmodifiableCollection( tmp );
}
+ /**
+ * Returns an iterator of all attribute IDs.
+ */
public Iterator iterator()
{
return attributeTypes.iterator();
@@ -163,10 +230,19 @@
}
}
+ /**
+ * Attribute type information pertaining to specific attributes but not values
+ * associated with the type.
+ */
public static class AttributeType extends AttributeTypeProtectedItem
{
private static final long serialVersionUID = -9039274739078220203L;
+ /**
+ * Creates a new instance.
+ *
+ * @param attributeTypes the collection of attribute IDs.
+ */
public AttributeType( Collection attributeTypes )
{
super( attributeTypes );
@@ -178,10 +254,18 @@
}
}
+ /**
+ * All attribute value information pertaining to specific attributes.
+ */
public static class AllAttributeValues extends AttributeTypeProtectedItem
{
private static final long serialVersionUID = -9039274739078220203L;
+ /**
+ * Creates a new instance.
+ *
+ * @param attributeTypes the collection of attribute IDs.
+ */
public AllAttributeValues( Collection attributeTypes )
{
super( attributeTypes );
@@ -193,10 +277,23 @@
}
}
+ /**
+ * The attribute value assertion corresponding to the current requestor.
+ * The protected item selfValue applies only when the access controls are
+ * to be applied with respect to a specific authenticated user. It can only
+ * apply in the specific case where the attribute specified is of DN and
+ * the attribute value within the specified attribute matches the DN of
+ * the originator of the operation.
+ */
public static class SelfValue extends AttributeTypeProtectedItem
{
private static final long serialVersionUID = -7788463918070206609L;
+ /**
+ * Creates a new instance.
+ *
+ * @param attributeTypes the collection of attribute IDs.
+ */
public SelfValue( Collection attributeTypes )
{
super( attributeTypes );
@@ -208,12 +305,20 @@
}
}
+ /**
+ * A specific value of specific attributes.
+ */
public static class AttributeValue extends ProtectedItem
{
private static final long serialVersionUID = -258318397837951363L;
private final Collection attributes;
+ /**
+ * Creates a new instance.
+ *
+ * @param attributes the collection of {@link Attribute}s.
+ */
public AttributeValue( Collection attributes )
{
for( Iterator i = attributes.iterator(); i.hasNext(); )
@@ -227,6 +332,9 @@
this.attributes = Collections.unmodifiableCollection( new ArrayList( attributes ) );
}
+ /**
+ * Returns an iterator of all {@link Attribute}s.
+ */
public Iterator iterator()
{
return attributes.iterator();
@@ -254,12 +362,26 @@
}
}
+ /**
+ * Restricts the maximum number of attribute values allowed for a specified
+ * attribute type. It is examined if the protected item is an attribute
+ * value of the specified type and the permission sought is add. Values of
+ * that attribute in the entry are counted without regard to context or
+ * access control and as though the operation which adds the values were
+ * successful. If the number of values in the attribute exceeds maxCount,
+ * the ACI item is treated as not granting add access.
+ */
public static class MaxValueCount extends ProtectedItem
{
private static final long serialVersionUID = 5261651541488944572L;
private final Collection items;
+ /**
+ * Creates a new instance.
+ *
+ * @param items the collection of {@link MaxValueCountItem}s.
+ */
public MaxValueCount( Collection items )
{
for( Iterator i = items.iterator(); i.hasNext(); )
@@ -274,6 +396,9 @@
this.items = Collections.unmodifiableCollection( new ArrayList( items ) );
}
+ /**
+ * Returns an iterator of all {@link MaxValueCountItem}s.
+ */
public Iterator iterator()
{
return items.iterator();
@@ -301,12 +426,21 @@
}
}
+ /**
+ * Any attribute value which matches the specified filter, i.e. for which
+ * the specified filter evaluated on that attribute value would return TRUE.
+ */
public static class RangeOfValues extends ProtectedItem
{
private static final long serialVersionUID = -8553151906617285325L;
private final ExprNode filter;
+ /**
+ * Creates a new instance.
+ *
+ * @param filter the expression
+ */
public RangeOfValues( ExprNode filter )
{
if( filter == null )
@@ -317,6 +451,9 @@
this.filter = filter;
}
+ /**
+ * Returns the expression.
+ */
public ExprNode getFilter()
{
return filter;
@@ -347,17 +484,35 @@
}
}
+ /**
+ * Restricts the maximum number of immediate subordinates of the superior
+ * entry to an entry being added or imported. It is examined if the protected
+ * item is an entry, the permission sought is add or import, and the immediate
+ * superior entry is in the same DSA as the entry being added or imported.
+ * Immediate subordinates of the superior entry are counted without regard to
+ * context or access control as though the entry addition or importing were
+ * successful. If the number of subordinates exceeds maxImmSub, the ACI item
+ * is treated as not granting add or import access.
+ */
public static class MaxImmSub extends ProtectedItem
{
private static final long serialVersionUID = -8553151906617285325L;
private final int value;
+ /**
+ * Creates a new instance.
+ *
+ * @param value The maximum number of immediate subordinates
+ */
public MaxImmSub( int value )
{
this.value = value;
}
+ /**
+ * Returns the maximum number of immediate subordinates.
+ */
public int getValue()
{
return value;
@@ -385,12 +540,27 @@
}
}
+ /**
+ * Restricts values added to the attribute type to being values that are
+ * already present in the same entry as values of the attribute valuesIn.
+ * It is examined if the protected item is an attribute value of the specified
+ * type and the permission sought is add. Values of the valuesIn attribute are
+ * checked without regard to context or access control and as though the
+ * operation which adds the values were successful. If the value to be added
+ * is not present in valuesIn the ACI item is treated as not granting add
+ * access.
+ */
public static class RestrictedBy extends ProtectedItem
{
private static final long serialVersionUID = -8157637446588058799L;
private final Collection items;
+ /**
+ * Creates a new instance.
+ *
+ * @param items the collection of {@link RestrictedByItem}s.
+ */
public RestrictedBy( Collection items )
{
for( Iterator i = items.iterator(); i.hasNext(); )
@@ -405,6 +575,9 @@
this.items = Collections.unmodifiableCollection( new ArrayList( items ) );
}
+ /**
+ * Returns an iterator of all {@link RestrictedByItem}s.
+ */
public Iterator iterator()
{
return items.iterator();
@@ -432,6 +605,9 @@
}
}
+ /**
+ * An element of {@link MaxValueCount}.
+ */
public static class MaxValueCountItem implements Serializable
{
private static final long serialVersionUID = 43697038363452113L;
@@ -439,17 +615,30 @@
private String attributeType;
private int maxCount;
+ /**
+ * Creates a new instance.
+ *
+ * @param attributeType the attribute ID to limit the maximum count
+ * @param maxCount the maximum count of the attribute allowed
+ */
+
public MaxValueCountItem( String attributeType, int maxCount )
{
this.attributeType = attributeType;
this.maxCount = maxCount;
}
+ /**
+ * Returns the attribute ID to limit the maximum count.
+ */
public String getAttributeType()
{
return attributeType;
}
+ /**
+ * Returns the maximum count of the attribute allowed.
+ */
public int getMaxCount()
{
return maxCount;
@@ -461,6 +650,9 @@
}
}
+ /**
+ * An element of {@link RestrictedBy}.
+ */
public static class RestrictedByItem implements Serializable
{
private static final long serialVersionUID = 4319052153538757099L;
@@ -468,17 +660,30 @@
private String attributeType;
private String valuesIn;
+ /**
+ * Creates a new instance.
+ *
+ * @param attributeType the attribute type to restrict
+ * @param valuesIn the attribute type only whose values are allowed in <tt>attributeType</tt>.
+ */
public RestrictedByItem( String attributeType, String valuesIn )
{
this.attributeType = attributeType;
this.valuesIn = valuesIn;
}
+ /**
+ * Returns the attribute type to restrict.
+ */
public String getAttributeType()
{
return attributeType;
}
+ /**
+ * Returns the attribute type only whose values are allowed in
+ * <tt>attributeType</tt>.
+ */
public String getValuesIn()
{
return valuesIn;
Modified: directory/shared/ldap/trunk/common/src/java/org/apache/ldap/common/aci/UserClass.java
URL: http://svn.apache.org/viewcvs/directory/shared/ldap/trunk/common/src/java/org/apache/ldap/common/aci/UserClass.java?rev=292951&r1=292950&r2=292951&view=diff
==============================================================================
--- directory/shared/ldap/trunk/common/src/java/org/apache/ldap/common/aci/UserClass.java (original)
+++ directory/shared/ldap/trunk/common/src/java/org/apache/ldap/common/aci/UserClass.java Sat Oct 1 04:04:03 2005
@@ -28,15 +28,36 @@
import org.apache.ldap.common.subtree.SubtreeSpecification;
+/**
+ * Defines a set of zero or more users the permissions apply to.
+ *
+ * @author The Apache Directory Project
+ * @version $Rev$, $Date$
+ */
public abstract class UserClass implements Serializable
{
+ /**
+ * Every directory user (with possible requirements for authenticationLevel).
+ */
public static final AllUsers ALL_USERS = new AllUsers();
+
+ /**
+ * The user with the same distinguished name as the entry being accessed, or
+ * if the entry is a member of a family, then additionally the user with the
+ * distinguished name of the ancestor.
+ */
public static final ThisEntry THIS_ENTRY = new ThisEntry();
+ /**
+ * Creates a new instance.
+ */
protected UserClass()
{
}
+ /**
+ * Every directory user (with possible requirements for authenticationLevel).
+ */
public static class AllUsers extends UserClass
{
private static final long serialVersionUID = 8967984720792510292L;
@@ -51,6 +72,11 @@
}
}
+ /**
+ * The user with the same distinguished name as the entry being accessed, or
+ * if the entry is a member of a family, then additionally the user with the
+ * distinguished name of the ancestor.
+ */
public static class ThisEntry extends UserClass
{
private static final long serialVersionUID = -8189325270233754470L;
@@ -65,10 +91,18 @@
}
}
+ /**
+ * A base class for all user classes which has a set of DNs.
+ */
private static abstract class NamedUserClass extends UserClass
{
protected final Set names;
+ /**
+ * Creates a new instance.
+ *
+ * @param names a set of names
+ */
protected NamedUserClass( Set names )
{
for( Iterator i = names.iterator(); i.hasNext(); )
@@ -82,6 +116,9 @@
this.names = Collections.unmodifiableSet( new HashSet( names ) );
}
+ /**
+ * Returns the set of all names.
+ */
public Set getNames()
{
return names;
@@ -114,10 +151,18 @@
}
}
+ /**
+ * The user with the specified distinguished name.
+ */
public static class Name extends NamedUserClass
{
private static final long serialVersionUID = -4168412030168359882L;
+ /**
+ * Creates a new instance.
+ *
+ * @param usernames the set of user DNs.
+ */
public Name( Set usernames )
{
super( usernames );
@@ -129,10 +174,21 @@
}
}
+ /**
+ * The set of users who are members of the groupOfUniqueNames entry,
+ * identified by the specified distinguished name. Members of a group
+ * of unique names are treated as individual object names, and not as
+ * the names of other groups of unique names.
+ */
public static class UserGroup extends NamedUserClass
{
private static final long serialVersionUID = 8887107815072965807L;
+ /**
+ * Creates a new instance.
+ *
+ * @param groupNames the set of group DNs.
+ */
public UserGroup( Set groupNames )
{
super( groupNames );
@@ -144,12 +200,21 @@
}
}
+ /**
+ * The set of users whose distinguished names fall within the definition
+ * of the (unrefined) subtree.
+ */
public static class Subtree extends UserClass
{
private static final long serialVersionUID = 3949337699049701332L;
protected final Collection subtreeSpecifications;
+ /**
+ * Creates a new instance.
+ *
+ * @param subtreeSpecs the collection of unrefined {@link SubtreeSpecification}s.
+ */
public Subtree( Collection subtreeSpecs )
{
for( Iterator i = subtreeSpecs.iterator(); i.hasNext(); )
@@ -163,6 +228,9 @@
this.subtreeSpecifications = Collections.unmodifiableCollection( new ArrayList( subtreeSpecs ) );
}
+ /**
+ * Returns the collection of unrefined {@link SubtreeSpecification}s.
+ */
public Collection getSubtreeSpecifications()
{
return subtreeSpecifications;
Modified: directory/shared/ldap/trunk/common/src/java/org/apache/ldap/common/aci/UserFirstACIItem.java
URL: http://svn.apache.org/viewcvs/directory/shared/ldap/trunk/common/src/java/org/apache/ldap/common/aci/UserFirstACIItem.java?rev=292951&r1=292950&r2=292951&view=diff
==============================================================================
--- directory/shared/ldap/trunk/common/src/java/org/apache/ldap/common/aci/UserFirstACIItem.java (original)
+++ directory/shared/ldap/trunk/common/src/java/org/apache/ldap/common/aci/UserFirstACIItem.java Sat Oct 1 04:04:03 2005
@@ -24,6 +24,13 @@
import java.util.Iterator;
import java.util.Set;
+/**
+ * An {@link ACIItem} which specifies {@link UserClass}es first and then
+ * {@link ProtectedItem}s each {@link UserClass} will have. (18.4.2.4. X.501)
+ *
+ * @author The Apache Directory Project
+ * @version $Rev$, $Date$
+ */
public class UserFirstACIItem extends ACIItem
{
private static final long serialVersionUID = 5587483838404246148L;
@@ -31,6 +38,15 @@
private final Collection userClasses;
private final Collection userPermissions;
+ /**
+ * Creates a new instance.
+ *
+ * @param identificationTag the id string of this item
+ * @param precedence the precedence of this item
+ * @param authenticationLevel the level of authentication required to this item
+ * @param userClasses the collection of {@link UserClass}es this item protects
+ * @param userPermissions the collection of {@link UserPermission}s each <tt>protectedItems</tt> will have
+ */
public UserFirstACIItem(
String identificationTag,
int precedence,
@@ -62,11 +78,17 @@
this.userPermissions = Collections.unmodifiableCollection( new ArrayList( userPermissions ) );
}
+ /**
+ * Returns the set of {@link UserClass}es.
+ */
public Collection getUserClasses()
{
return userClasses;
}
-
+
+ /**
+ * Returns the set of {@link UserPermission}s.
+ */
public Collection getUserPermission()
{
return userPermissions;
Modified: directory/shared/ldap/trunk/common/src/java/org/apache/ldap/common/aci/UserPermission.java
URL: http://svn.apache.org/viewcvs/directory/shared/ldap/trunk/common/src/java/org/apache/ldap/common/aci/UserPermission.java?rev=292951&r1=292950&r2=292951&view=diff
==============================================================================
--- directory/shared/ldap/trunk/common/src/java/org/apache/ldap/common/aci/UserPermission.java (original)
+++ directory/shared/ldap/trunk/common/src/java/org/apache/ldap/common/aci/UserPermission.java Sat Oct 1 04:04:03 2005
@@ -22,12 +22,26 @@
import java.util.Collections;
import java.util.Iterator;
+/**
+ * Represents permissions to be applied to all {@link UserClass}es in
+ * {@link UserFirstACIItem}.
+ *
+ * @author The Apache Directory Project
+ * @version $Rev$, $Date$
+ */
public class UserPermission extends Permission
{
private static final long serialVersionUID = 3940100745409337694L;
private final Collection protectedItems;
+ /**
+ * Creates a new instance
+ *
+ * @param precedence the precedence of this permission (<tt>-1</tt> to use the default)
+ * @param grantsAndDenials the set of {@link GrantAndDenial}s
+ * @param protectedItems the collection of {@link ProtectedItem}s
+ */
public UserPermission( int precedence, Collection grantsAndDenials, Collection protectedItems )
{
super( precedence, grantsAndDenials );
@@ -45,6 +59,9 @@
this.protectedItems = Collections.unmodifiableCollection( protectedItems );
}
+ /**
+ * Returns the collection of {@link ProtectedItem}s.
+ */
public Collection getProtectedItems()
{
return protectedItems;
Added: directory/shared/ldap/trunk/common/src/java/org/apache/ldap/common/aci/package.html
URL: http://svn.apache.org/viewcvs/directory/shared/ldap/trunk/common/src/java/org/apache/ldap/common/aci/package.html?rev=292951&view=auto
==============================================================================
--- directory/shared/ldap/trunk/common/src/java/org/apache/ldap/common/aci/package.html (added)
+++ directory/shared/ldap/trunk/common/src/java/org/apache/ldap/common/aci/package.html Sat Oct 1 04:04:03 2005
@@ -0,0 +1,8 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
+<html>
+<head>
+</head>
+<body>
+ACI (Access Control Information) data model adopted from X.501 specification.
+</body>
+</html>
Propchange: directory/shared/ldap/trunk/common/src/java/org/apache/ldap/common/aci/package.html
------------------------------------------------------------------------------
svn:keywords = HeadURL Id LastChangedBy LastChangedDate LastChangedRevision