You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by el...@apache.org on 2010/06/29 18:56:09 UTC
svn commit: r959029 [1/4] - in /directory/shared/trunk/ldap-aci: ./
.settings/ src/ src/main/ src/main/antlr/ src/main/java/ src/main/java/org/
src/main/java/org/apache/ src/main/java/org/apache/directory/
src/main/java/org/apache/directory/shared/ src...
Author: elecharny
Date: Tue Jun 29 16:56:07 2010
New Revision: 959029
URL: http://svn.apache.org/viewvc?rev=959029&view=rev
Log:
migrated the ACI code to a new module
Added:
directory/shared/trunk/ldap-aci/ (with props)
directory/shared/trunk/ldap-aci/.settings/
directory/shared/trunk/ldap-aci/.settings/org.eclipse.jdt.core.prefs
directory/shared/trunk/ldap-aci/pom.xml
directory/shared/trunk/ldap-aci/src/
directory/shared/trunk/ldap-aci/src/main/
directory/shared/trunk/ldap-aci/src/main/antlr/
directory/shared/trunk/ldap-aci/src/main/antlr/ACIItem.g
directory/shared/trunk/ldap-aci/src/main/antlr/ACIItemChecker.g
directory/shared/trunk/ldap-aci/src/main/java/
directory/shared/trunk/ldap-aci/src/main/java/org/
directory/shared/trunk/ldap-aci/src/main/java/org/apache/
directory/shared/trunk/ldap-aci/src/main/java/org/apache/directory/
directory/shared/trunk/ldap-aci/src/main/java/org/apache/directory/shared/
directory/shared/trunk/ldap-aci/src/main/java/org/apache/directory/shared/ldap/
directory/shared/trunk/ldap-aci/src/main/java/org/apache/directory/shared/ldap/aci/
directory/shared/trunk/ldap-aci/src/main/java/org/apache/directory/shared/ldap/aci/ACIItem.java
directory/shared/trunk/ldap-aci/src/main/java/org/apache/directory/shared/ldap/aci/ACIItemChecker.java
directory/shared/trunk/ldap-aci/src/main/java/org/apache/directory/shared/ldap/aci/ACIItemParser.java
directory/shared/trunk/ldap-aci/src/main/java/org/apache/directory/shared/ldap/aci/ACITuple.java
directory/shared/trunk/ldap-aci/src/main/java/org/apache/directory/shared/ldap/aci/GrantAndDenial.java
directory/shared/trunk/ldap-aci/src/main/java/org/apache/directory/shared/ldap/aci/ItemFirstACIItem.java
directory/shared/trunk/ldap-aci/src/main/java/org/apache/directory/shared/ldap/aci/ItemPermission.java
directory/shared/trunk/ldap-aci/src/main/java/org/apache/directory/shared/ldap/aci/MicroOperation.java
directory/shared/trunk/ldap-aci/src/main/java/org/apache/directory/shared/ldap/aci/Permission.java
directory/shared/trunk/ldap-aci/src/main/java/org/apache/directory/shared/ldap/aci/ProtectedItem.java
directory/shared/trunk/ldap-aci/src/main/java/org/apache/directory/shared/ldap/aci/ReusableAntlrACIItemChecker.java
directory/shared/trunk/ldap-aci/src/main/java/org/apache/directory/shared/ldap/aci/ReusableAntlrACIItemCheckerLexer.java
directory/shared/trunk/ldap-aci/src/main/java/org/apache/directory/shared/ldap/aci/ReusableAntlrACIItemLexer.java
directory/shared/trunk/ldap-aci/src/main/java/org/apache/directory/shared/ldap/aci/ReusableAntlrACIItemParser.java
directory/shared/trunk/ldap-aci/src/main/java/org/apache/directory/shared/ldap/aci/UserClass.java
directory/shared/trunk/ldap-aci/src/main/java/org/apache/directory/shared/ldap/aci/UserFirstACIItem.java
directory/shared/trunk/ldap-aci/src/main/java/org/apache/directory/shared/ldap/aci/UserPermission.java
directory/shared/trunk/ldap-aci/src/main/java/org/apache/directory/shared/ldap/aci/protectedItem/
directory/shared/trunk/ldap-aci/src/main/java/org/apache/directory/shared/ldap/aci/protectedItem/AbstractAttributeTypeProtectedItem.java
directory/shared/trunk/ldap-aci/src/main/java/org/apache/directory/shared/ldap/aci/protectedItem/AllAttributeValuesItem.java
directory/shared/trunk/ldap-aci/src/main/java/org/apache/directory/shared/ldap/aci/protectedItem/AttributeTypeItem.java
directory/shared/trunk/ldap-aci/src/main/java/org/apache/directory/shared/ldap/aci/protectedItem/AttributeValueItem.java
directory/shared/trunk/ldap-aci/src/main/java/org/apache/directory/shared/ldap/aci/protectedItem/SelfValueItem.java
directory/shared/trunk/ldap-aci/src/main/java/org/apache/directory/shared/ldap/schema/
directory/shared/trunk/ldap-aci/src/main/java/org/apache/directory/shared/ldap/schema/syntaxCheckers/
directory/shared/trunk/ldap-aci/src/main/java/org/apache/directory/shared/ldap/schema/syntaxCheckers/ACIItemSyntaxChecker.java
directory/shared/trunk/ldap-aci/src/test/
directory/shared/trunk/ldap-aci/src/test/java/
directory/shared/trunk/ldap-aci/src/test/java/org/
directory/shared/trunk/ldap-aci/src/test/java/org/apache/
directory/shared/trunk/ldap-aci/src/test/java/org/apache/directory/
directory/shared/trunk/ldap-aci/src/test/java/org/apache/directory/shared/
directory/shared/trunk/ldap-aci/src/test/java/org/apache/directory/shared/ldap/
directory/shared/trunk/ldap-aci/src/test/java/org/apache/directory/shared/ldap/aci/
directory/shared/trunk/ldap-aci/src/test/java/org/apache/directory/shared/ldap/aci/ACIItemChekerTest.java
directory/shared/trunk/ldap-aci/src/test/java/org/apache/directory/shared/ldap/aci/ACIItemParserTest.java
directory/shared/trunk/ldap-aci/src/test/java/org/apache/directory/shared/ldap/aci/ProtectedItem_AllAttributeValuesTest.java
directory/shared/trunk/ldap-aci/src/test/java/org/apache/directory/shared/ldap/aci/ProtectedItem_AttributeTypeTest.java
directory/shared/trunk/ldap-aci/src/test/java/org/apache/directory/shared/ldap/aci/ProtectedItem_AttributeValueTest.java
directory/shared/trunk/ldap-aci/src/test/java/org/apache/directory/shared/ldap/aci/ProtectedItem_ClassesTest.java
directory/shared/trunk/ldap-aci/src/test/java/org/apache/directory/shared/ldap/aci/ProtectedItem_MaxImmSubTest.java
directory/shared/trunk/ldap-aci/src/test/java/org/apache/directory/shared/ldap/aci/ProtectedItem_MaxValueCountTest.java
directory/shared/trunk/ldap-aci/src/test/java/org/apache/directory/shared/ldap/aci/ProtectedItem_RangeOfValuesTest.java
directory/shared/trunk/ldap-aci/src/test/java/org/apache/directory/shared/ldap/aci/ProtectedItem_RestrictedByTest.java
directory/shared/trunk/ldap-aci/src/test/java/org/apache/directory/shared/ldap/aci/ProtectedItem_SelfValueTest.java
directory/shared/trunk/ldap-aci/src/test/java/org/apache/directory/shared/ldap/aci/UserClass_NameTest.java
directory/shared/trunk/ldap-aci/src/test/java/org/apache/directory/shared/ldap/aci/UserClass_SubtreeTest.java
directory/shared/trunk/ldap-aci/src/test/java/org/apache/directory/shared/ldap/schema/
directory/shared/trunk/ldap-aci/src/test/java/org/apache/directory/shared/ldap/schema/syntaxCheckers/
directory/shared/trunk/ldap-aci/src/test/java/org/apache/directory/shared/ldap/schema/syntaxCheckers/ACIItemSyntaxCheckerTest.java
Propchange: directory/shared/trunk/ldap-aci/
------------------------------------------------------------------------------
--- svn:ignore (added)
+++ svn:ignore Tue Jun 29 16:56:07 2010
@@ -0,0 +1,4 @@
+target
+.project
+.classpath
+.settings
Added: directory/shared/trunk/ldap-aci/.settings/org.eclipse.jdt.core.prefs
URL: http://svn.apache.org/viewvc/directory/shared/trunk/ldap-aci/.settings/org.eclipse.jdt.core.prefs?rev=959029&view=auto
==============================================================================
--- directory/shared/trunk/ldap-aci/.settings/org.eclipse.jdt.core.prefs (added)
+++ directory/shared/trunk/ldap-aci/.settings/org.eclipse.jdt.core.prefs Tue Jun 29 16:56:07 2010
@@ -0,0 +1,9 @@
+#Tue Jun 29 17:23:13 CEST 2010
+encoding//src/test/java=ISO-8859-1
+org.eclipse.jdt.core.compiler.codegen.targetPlatform=1.5
+eclipse.preferences.version=1
+encoding//src/test/resources=ISO-8859-1
+org.eclipse.jdt.core.compiler.source=1.5
+encoding//src/main/java=ISO-8859-1
+encoding//src/main/resources=ISO-8859-1
+org.eclipse.jdt.core.compiler.compliance=1.5
Added: directory/shared/trunk/ldap-aci/pom.xml
URL: http://svn.apache.org/viewvc/directory/shared/trunk/ldap-aci/pom.xml?rev=959029&view=auto
==============================================================================
--- directory/shared/trunk/ldap-aci/pom.xml (added)
+++ directory/shared/trunk/ldap-aci/pom.xml Tue Jun 29 16:56:07 2010
@@ -0,0 +1,84 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+ <modelVersion>4.0.0</modelVersion>
+ <parent>
+ <groupId>org.apache.directory.shared</groupId>
+ <artifactId>shared-parent</artifactId>
+ <version>0.9.20-SNAPSHOT</version>
+ </parent>
+
+ <artifactId>shared-ldap-aci</artifactId>
+ <name>Apache Directory Shared LDAP ACI parser</name>
+
+ <description>ACI parser implementation bundle</description>
+
+ <dependencies>
+ <dependency>
+ <groupId>org.apache.directory.junit</groupId>
+ <artifactId>junit-addons</artifactId>
+ <scope>test</scope>
+ </dependency>
+
+ <dependency>
+ <groupId>${project.groupId}</groupId>
+ <artifactId>shared-i18n</artifactId>
+ </dependency>
+
+ <dependency>
+ <groupId>antlr</groupId>
+ <artifactId>antlr</artifactId>
+ </dependency>
+
+ <dependency>
+ <groupId>${project.groupId}</groupId>
+ <artifactId>shared-ldap</artifactId>
+ </dependency>
+ </dependencies>
+
+ <build>
+ <plugins>
+ <plugin>
+ <artifactId>maven-surefire-plugin</artifactId>
+ <groupId>org.apache.maven.plugins</groupId>
+ <configuration>
+ <systemPropertyVariables>
+ <workingDirectory>${basedir}/target</workingDirectory>
+ </systemPropertyVariables>
+ </configuration>
+ </plugin>
+
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-antlr-plugin</artifactId>
+ <configuration>
+ <grammars>ACIItem.g ACIItemChecker.g</grammars>
+ </configuration>
+ <executions>
+ <execution>
+ <goals>
+ <goal>generate</goal>
+ </goals>
+ </execution>
+ </executions>
+ </plugin>
+ </plugins>
+ </build>
+</project>
Added: directory/shared/trunk/ldap-aci/src/main/antlr/ACIItem.g
URL: http://svn.apache.org/viewvc/directory/shared/trunk/ldap-aci/src/main/antlr/ACIItem.g?rev=959029&view=auto
==============================================================================
--- directory/shared/trunk/ldap-aci/src/main/antlr/ACIItem.g (added)
+++ directory/shared/trunk/ldap-aci/src/main/antlr/ACIItem.g Tue Jun 29 16:56:07 2010
@@ -0,0 +1,1497 @@
+header
+{
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+
+
+package org.apache.directory.shared.ldap.aci;
+
+
+import java.util.List;
+import java.util.ArrayList;
+import java.util.HashSet;
+import java.util.Map;
+import java.util.Set;
+import java.util.Enumeration;
+
+import javax.naming.directory.Attribute;
+import javax.naming.directory.BasicAttribute;
+
+import org.apache.directory.shared.ldap.filter.BranchNode;
+import org.apache.directory.shared.ldap.filter.AndNode;
+import org.apache.directory.shared.ldap.filter.OrNode;
+import org.apache.directory.shared.ldap.filter.NotNode;
+import org.apache.directory.shared.ldap.filter.ExprNode;
+import org.apache.directory.shared.ldap.filter.LeafNode;
+import org.apache.directory.shared.ldap.filter.EqualityNode;
+import org.apache.directory.shared.ldap.filter.FilterParser;
+import org.apache.directory.shared.ldap.name.NameComponentNormalizer;
+import org.apache.directory.shared.ldap.subtree.SubtreeSpecification;
+import org.apache.directory.shared.ldap.subtree.SubtreeSpecificationModifier;
+import org.apache.directory.shared.ldap.util.ComponentsMonitor;
+import org.apache.directory.shared.ldap.util.MandatoryAndOptionalComponentsMonitor;
+import org.apache.directory.shared.ldap.util.MandatoryComponentsMonitor;
+import org.apache.directory.shared.ldap.util.NamespaceTools;
+import org.apache.directory.shared.ldap.util.NoDuplicateKeysMap;
+import org.apache.directory.shared.ldap.util.OptionalComponentsMonitor;
+import org.apache.directory.shared.ldap.name.DN;
+import org.apache.directory.shared.ldap.name.RDN;
+import org.apache.directory.shared.ldap.constants.SchemaConstants;
+import org.apache.directory.shared.ldap.constants.AuthenticationLevel;
+import org.apache.directory.shared.ldap.schema.normalizers.OidNormalizer;
+import org.apache.directory.shared.ldap.entry.StringValue;
+import org.apache.directory.shared.ldap.aci.protectedItem.AllAttributeValuesItem;
+import org.apache.directory.shared.ldap.aci.protectedItem.AttributeTypeItem;
+import org.apache.directory.shared.ldap.aci.protectedItem.AttributeValueItem;
+import org.apache.directory.shared.ldap.aci.protectedItem.SelfValueItem;
+import org.apache.directory.shared.ldap.entry.EntryAttribute;
+import org.apache.directory.shared.ldap.entry.DefaultEntryAttribute;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+}
+
+
+// ----------------------------------------------------------------------------
+// parser class definition
+// ----------------------------------------------------------------------------
+
+/**
+ * The antlr generated ACIItem parser.
+ *
+ * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
+ */
+class AntlrACIItemParser extends Parser;
+
+
+// ----------------------------------------------------------------------------
+// parser options
+// ----------------------------------------------------------------------------
+
+options
+{
+ k = 1; // ;-)
+ defaultErrorHandler = false;
+}
+
+
+// ----------------------------------------------------------------------------
+// imaginary tokens
+// ----------------------------------------------------------------------------
+
+tokens
+{
+ ATTRIBUTE_VALUE_CANDIDATE;
+ RANGE_OF_VALUES_CANDIDATE;
+}
+
+
+// ----------------------------------------------------------------------------
+// parser initialization
+// ----------------------------------------------------------------------------
+
+{
+ private static final Logger log = LoggerFactory.getLogger( AntlrACIItemParser.class );
+
+ NameComponentNormalizer normalizer;
+
+ // nonshared global data needed to avoid extensive pass/return stuff
+ // these are only used by three first order components
+ private String identificationTag;
+ private AuthenticationLevel authenticationLevel;
+ private Integer aciPrecedence = null;
+
+ private boolean isItemFirstACIItem;
+
+ // shared global data needed to avoid extensive pass/return stuff
+ private Set<ProtectedItem> protectedItems;
+ private Map<String, ProtectedItem> protectedItemsMap;
+ private Set<UserClass> userClasses;
+ private Map<String, UserClass> userClassesMap;
+ private Set<ItemPermission> itemPermissions;
+ private Integer precedence = null;
+ private Set<GrantAndDenial> grantsAndDenials;
+ private Set<UserPermission> userPermissions;
+ private Map<String, OidNormalizer> oidsMap;
+
+ private Set<DN> chopBeforeExclusions;
+ private Set<DN> chopAfterExclusions;
+ private SubtreeSpecificationModifier ssModifier = null;
+
+ private ComponentsMonitor mainACIItemComponentsMonitor;
+ private ComponentsMonitor itemPermissionComponentsMonitor;
+ private ComponentsMonitor userPermissionComponentsMonitor;
+ private ComponentsMonitor subtreeSpecificationComponentsMonitor;
+
+
+ /**
+ * Creates a (normalizing) subordinate DnParser for parsing Names.
+ * This method MUST be called for each instance while we cannot do
+ * constructor overloading for this class.
+ *
+ * @return the DnParser to be used for parsing Names
+ */
+ public void init( Map<String, OidNormalizer> oidsMap )
+ {
+ this.oidsMap = oidsMap;
+ }
+
+ /**
+ * Sets the NameComponentNormalizer for this parser's dnParser.
+ */
+ public void setNormalizer(NameComponentNormalizer normalizer)
+ {
+ this.normalizer = normalizer;
+ }
+
+ private int token2Integer( Token token ) throws RecognitionException
+ {
+ int i = 0;
+
+ try
+ {
+ i = Integer.parseInt( token.getText());
+ }
+ catch ( NumberFormatException e )
+ {
+ throw new RecognitionException( "Value of INTEGER token " +
+ token.getText() +
+ " cannot be converted to an Integer" );
+ }
+
+ return i;
+ }
+}
+
+
+// ----------------------------------------------------------------------------
+// parser productions
+// ----------------------------------------------------------------------------
+
+wrapperEntryPoint returns [ ACIItem aciItem ]
+{
+ log.debug( "entered wrapperEntryPoint()" );
+ aciItem = null;
+}
+ :
+ ( SP )* aciItem = theACIItem ( SP )* EOF
+ ;
+
+theACIItem returns [ ACIItem aciItem ]
+{
+ log.debug( "entered theACIItem()" );
+ aciItem = null;
+ mainACIItemComponentsMonitor = new MandatoryComponentsMonitor(
+ new String [] { "identificationTag", "precedence", "authenticationLevel", "itemOrUserFirst" } );
+}
+ :
+ OPEN_CURLY
+ ( SP )* mainACIItemComponent ( SP )*
+ ( SEP ( SP )* mainACIItemComponent ( SP )* )*
+ CLOSE_CURLY
+ {
+ if ( !mainACIItemComponentsMonitor.finalStateValid() )
+ {
+ throw new RecognitionException( "Missing mandatory ACIItem components: "
+ + mainACIItemComponentsMonitor.getRemainingComponents() );
+ }
+
+ if ( isItemFirstACIItem )
+ {
+ aciItem = new ItemFirstACIItem(
+ identificationTag,
+ aciPrecedence,
+ authenticationLevel,
+ protectedItems,
+ itemPermissions );
+ }
+ else
+ {
+ aciItem = new UserFirstACIItem(
+ identificationTag,
+ aciPrecedence,
+ authenticationLevel,
+ userClasses,
+ userPermissions );
+ }
+ }
+ ;
+
+mainACIItemComponent
+{
+ log.debug( "entered mainACIItemComponent()" );
+}
+ :
+ aci_identificationTag
+ {
+ mainACIItemComponentsMonitor.useComponent( "identificationTag" );
+ }
+ | aci_precedence
+ {
+ mainACIItemComponentsMonitor.useComponent( "precedence" );
+ }
+ | aci_authenticationLevel
+ {
+ mainACIItemComponentsMonitor.useComponent( "authenticationLevel" );
+ }
+ | aci_itemOrUserFirst
+ {
+ mainACIItemComponentsMonitor.useComponent( "itemOrUserFirst" );
+ }
+ ;
+ exception
+ catch [IllegalArgumentException e]
+ {
+ throw new RecognitionException( e.getMessage() );
+ }
+
+aci_identificationTag
+{
+ log.debug( "entered aci_identificationTag()" );
+}
+ :
+ ID_identificationTag ( SP )+ token:SAFEUTF8STRING
+ {
+ identificationTag = token.getText();
+ }
+ ;
+
+aci_precedence
+{
+ log.debug( "entered aci_precedence()" );
+}
+ :
+ precedence
+ {
+ aciPrecedence = Integer.valueOf( precedence );
+ precedence = null;
+ }
+ ;
+
+precedence
+{
+ log.debug( "entered precedence()" );
+}
+ :
+ ID_precedence ( SP )+ token:INTEGER
+ {
+ precedence = Integer.valueOf( token2Integer( token ) );
+
+ if ( ( precedence < 0 ) || ( precedence > 255 ) )
+ {
+ throw new RecognitionException( "Expecting INTEGER token having an Integer value between 0 and 255, found " + precedence );
+ }
+ }
+ ;
+
+aci_authenticationLevel
+{
+ log.debug( "entered aci_authenticationLevel()" );
+}
+ :
+ ID_authenticationLevel ( SP )+ authenticationLevel
+ ;
+
+authenticationLevel
+{
+ log.debug( "entered authenticationLevel()" );
+}
+ :
+ ID_none
+ {
+ authenticationLevel = AuthenticationLevel.NONE;
+ }
+ |
+ ID_simple
+ {
+ authenticationLevel = AuthenticationLevel.SIMPLE;
+ }
+ |
+ ID_strong
+ {
+ authenticationLevel = AuthenticationLevel.STRONG;
+ }
+ ;
+
+aci_itemOrUserFirst
+{
+ log.debug( "entered aci_itemOrUserFirst()" );
+}
+ :
+ ID_itemOrUserFirst ( SP )+ itemOrUserFirst
+ ;
+
+itemOrUserFirst
+{
+ log.debug( "entered itemOrUserFirst()" );
+}
+ :
+ itemFirst | userFirst
+ ;
+
+itemFirst
+{
+ log.debug( "entered itemFirst()" );
+}
+ :
+ ID_itemFirst ( SP )* COLON ( SP )*
+ OPEN_CURLY ( SP )*
+ protectedItems ( SP )* SEP ( SP )* itemPermissions
+ ( SP )* CLOSE_CURLY
+ {
+ isItemFirstACIItem = true;
+ }
+ ;
+
+userFirst
+{
+ log.debug( "entered userFirst()" );
+}
+ :
+ ID_userFirst ( SP )* COLON ( SP )*
+ OPEN_CURLY ( SP )*
+ userClasses ( SP )* SEP ( SP )* userPermissions
+ ( SP )* CLOSE_CURLY
+ {
+ isItemFirstACIItem = false;
+ }
+ ;
+
+protectedItems
+{
+ log.debug( "entered protectedItems()" );
+ protectedItemsMap = new NoDuplicateKeysMap();
+}
+ :
+ ID_protectedItems ( SP )*
+ OPEN_CURLY ( SP )*
+ (
+ protectedItem ( SP )*
+ ( SEP ( SP )* protectedItem ( SP )* )*
+ )?
+ CLOSE_CURLY
+ {
+ protectedItems = new HashSet<ProtectedItem>( protectedItemsMap.values() );
+ }
+ ;
+ exception
+ catch [IllegalArgumentException e]
+ {
+ throw new RecognitionException( "Protected Items cannot be duplicated. " + e.getMessage() );
+ }
+
+protectedItem
+{
+ log.debug( "entered protectedItem()" );
+}
+ :
+ entry
+ | allUserAttributeTypes
+ | attributeType
+ | allAttributeValues
+ | allUserAttributeTypesAndValues
+ | attributeValue
+ | selfValue
+ | rangeOfValues
+ | maxValueCount
+ | maxImmSub
+ | restrictedBy
+ | classes
+ ;
+
+entry
+{
+ log.debug( "entered entry()" );
+}
+ :
+ ID_entry
+ {
+ protectedItemsMap.put( "entry", ProtectedItem.ENTRY );
+ }
+ ;
+
+allUserAttributeTypes
+{
+ log.debug( "entered allUserAttributeTypes()" );
+}
+ :
+ ID_allUserAttributeTypes
+ {
+ protectedItemsMap.put( "allUserAttributeTypes", ProtectedItem.ALL_USER_ATTRIBUTE_TYPES );
+ }
+ ;
+
+attributeType
+{
+ log.debug( "entered attributeType()" );
+ Set<String> attributeTypeSet = null;
+}
+ :
+ ID_attributeType ( SP )+ attributeTypeSet=attributeTypeSet
+ {
+ protectedItemsMap.put( "attributeType", new AttributeTypeItem(attributeTypeSet ) );
+ }
+ ;
+
+allAttributeValues
+{
+ log.debug( "entered allAttributeValues()" );
+ Set<String> attributeTypeSet = null;
+}
+ :
+ ID_allAttributeValues ( SP )+ attributeTypeSet=attributeTypeSet
+ {
+ protectedItemsMap.put( "allAttributeValues", new AllAttributeValuesItem( attributeTypeSet ) );
+ }
+ ;
+
+allUserAttributeTypesAndValues
+{
+ log.debug( "entered allUserAttributeTypesAndValues()" );
+}
+ :
+ ID_allUserAttributeTypesAndValues
+ {
+ protectedItemsMap.put( "allUserAttributeTypesAndValues", ProtectedItem.ALL_USER_ATTRIBUTE_TYPES_AND_VALUES );
+ }
+ ;
+
+attributeValue
+{
+ log.debug( "entered attributeValue()" );
+ String attributeTypeAndValue = null;
+ String attributeType = null;
+ String attributeValue = null;
+ Set<EntryAttribute> attributeSet = new HashSet<EntryAttribute>();
+}
+ :
+ token:ATTRIBUTE_VALUE_CANDIDATE // ate the identifier for subordinate dn parser workaround
+ {
+ // A Dn can be considered as a set of attributeTypeAndValues
+ // So, parse the set as a Dn and extract each attributeTypeAndValue
+ DN attributeTypeAndValueSetAsDn = new DN( token.getText() );
+
+ if ( oidsMap != null )
+ {
+ attributeTypeAndValueSetAsDn.normalize( oidsMap );
+ }
+
+ for ( RDN rdn :attributeTypeAndValueSetAsDn.getRdns() )
+ {
+ attributeTypeAndValue = rdn.getNormName();
+ attributeType = NamespaceTools.getRdnAttribute( attributeTypeAndValue );
+ attributeValue = NamespaceTools.getRdnValue( attributeTypeAndValue );
+
+ attributeSet.add( new DefaultEntryAttribute( attributeType, attributeValue ) );
+ log.debug( "An attributeTypeAndValue from the set: " + attributeType + "=" + attributeValue);
+ }
+
+ protectedItemsMap.put( "attributeValue", new AttributeValueItem( attributeSet ) );
+ }
+ ;
+ exception
+ catch [Exception e]
+ {
+ throw new RecognitionException( "dnParser failed for " + token.getText() + " , " + e.getMessage() );
+ }
+
+selfValue
+{
+ log.debug( "entered selfValue()" );
+ Set<String> attributeTypeSet = null;
+}
+ :
+ ID_selfValue ( SP )+ attributeTypeSet=attributeTypeSet
+ {
+ protectedItemsMap.put( "sefValue", new SelfValueItem( attributeTypeSet ) );
+ }
+ ;
+
+rangeOfValues
+{
+ log.debug( "entered rangeOfValues()" );
+}
+ :
+ token:RANGE_OF_VALUES_CANDIDATE
+ {
+ protectedItemsMap.put( "rangeOfValues",
+ new ProtectedItem.RangeOfValues(
+ FilterParser.parse( token.getText() ) ) );
+ log.debug( "filterParser parsed " + token.getText() );
+ }
+ ;
+ exception
+ catch [Exception e]
+ {
+ throw new RecognitionException( "filterParser failed. " + e.getMessage() );
+ }
+
+maxValueCount
+{
+ log.debug( "entered maxValueCount()" );
+ ProtectedItem.MaxValueCountItem maxValueCount = null;
+ Set<ProtectedItem.MaxValueCountItem> maxValueCountSet = new HashSet<ProtectedItem.MaxValueCountItem>();
+}
+ :
+ ID_maxValueCount ( SP )+
+ OPEN_CURLY ( SP )*
+ maxValueCount=aMaxValueCount ( SP )*
+ {
+ maxValueCountSet.add( maxValueCount );
+ }
+ ( SEP ( SP )* maxValueCount=aMaxValueCount ( SP )*
+ {
+ maxValueCountSet.add( maxValueCount );
+ }
+ )*
+ CLOSE_CURLY
+ {
+ protectedItemsMap.put( "maxValueCount", new ProtectedItem.MaxValueCount( maxValueCountSet ) );
+ }
+ ;
+
+aMaxValueCount returns [ ProtectedItem.MaxValueCountItem maxValueCount ]
+{
+ log.debug( "entered aMaxValueCount()" );
+ maxValueCount = null;
+ String oid = null;
+ Token token = null;
+}
+ :
+ OPEN_CURLY ( SP )*
+ (
+ ID_type ( SP )+ oid=oid ( SP )* SEP ( SP )*
+ ID_maxCount ( SP )+ token1:INTEGER
+ { token = token1; }
+ | // relaxing
+ ID_maxCount ( SP )+ token2:INTEGER ( SP )* SEP ( SP )*
+ ID_type ( SP )+ oid=oid
+ { token = token2; }
+ )
+ ( SP )* CLOSE_CURLY
+ {
+ maxValueCount = new ProtectedItem.MaxValueCountItem( oid, token2Integer( token ) );
+ }
+ ;
+
+maxImmSub
+{
+ log.debug( "entered maxImmSub()" );
+}
+ :
+ ID_maxImmSub ( SP )+ token:INTEGER
+ {
+
+ protectedItemsMap.put( "maxImmSub",
+ new ProtectedItem.MaxImmSub(
+ token2Integer( token ) ) );
+ }
+ ;
+
+restrictedBy
+{
+ log.debug( "entered restrictedBy()" );
+ ProtectedItem.RestrictedByItem restrictedValue = null;
+ Set<ProtectedItem.RestrictedByItem> restrictedBy = new HashSet<ProtectedItem.RestrictedByItem>();
+}
+ :
+ ID_restrictedBy ( SP )+
+ OPEN_CURLY ( SP )*
+ restrictedValue=restrictedValue ( SP )*
+ {
+ restrictedBy.add( restrictedValue );
+ }
+ ( SEP ( SP )* restrictedValue=restrictedValue ( SP )*
+ {
+ restrictedBy.add( restrictedValue );
+ }
+ )*
+ CLOSE_CURLY
+ {
+ protectedItemsMap.put( "restrictedBy", new ProtectedItem.RestrictedBy( restrictedBy ) );
+ }
+ ;
+
+restrictedValue returns [ ProtectedItem.RestrictedByItem restrictedValue ]
+{
+ log.debug( "entered restrictedValue()" );
+ String typeOid = null;
+ String valuesInOid = null;
+ restrictedValue = null;
+}
+ :
+ OPEN_CURLY ( SP )*
+ (
+ ID_type ( SP )+ typeOid=oid ( SP )* SEP ( SP )*
+ ID_valuesIn ( SP )+ valuesInOid=oid
+ | // relaxing
+ ID_valuesIn ( SP )+ valuesInOid=oid ( SP )* SEP ( SP )*
+ ID_type ( SP )+ typeOid=oid
+ )
+ ( SP )* CLOSE_CURLY
+ {
+ restrictedValue = new ProtectedItem.RestrictedByItem( typeOid, valuesInOid );
+ }
+ ;
+
+attributeTypeSet returns [ Set<String> attributeTypeSet ]
+{
+ log.debug( "entered attributeTypeSet()" );
+ String oid = null;
+ attributeTypeSet = new HashSet<String>();
+}
+ :
+ OPEN_CURLY ( SP )*
+ oid=oid ( SP )*
+ {
+ attributeTypeSet.add( oid );
+ }
+ ( SEP ( SP )* oid=oid ( SP )*
+ {
+ attributeTypeSet.add( oid );
+ }
+ )*
+ CLOSE_CURLY
+ ;
+
+classes
+{
+ log.debug( "entered classes()" );
+ ExprNode classes = null;
+}
+ :
+ ID_classes ( SP )+ classes=refinement
+ {
+ protectedItemsMap.put( "classes", new ProtectedItem.Classes( classes ) );
+ }
+ ;
+
+itemPermissions
+{
+ log.debug( "entered itemPermissions()" );
+ itemPermissions = new HashSet<ItemPermission>();
+ ItemPermission itemPermission = null;
+}
+ :
+ ID_itemPermissions ( SP )+
+ OPEN_CURLY ( SP )*
+ ( itemPermission=itemPermission ( SP )*
+ {
+ itemPermissions.add( itemPermission );
+ }
+ ( SEP ( SP )* itemPermission=itemPermission ( SP )*
+ {
+ itemPermissions.add( itemPermission );
+ }
+ )*
+ )?
+ CLOSE_CURLY
+ ;
+
+itemPermission returns [ ItemPermission itemPermission ]
+{
+ log.debug( "entered itemPermission()" );
+ itemPermission = null;
+ itemPermissionComponentsMonitor = new MandatoryAndOptionalComponentsMonitor(
+ new String [] { "userClasses", "grantsAndDenials" }, new String [] { "precedence" } );
+}
+ :
+ OPEN_CURLY ( SP )*
+ anyItemPermission ( SP )*
+ ( SEP ( SP )* anyItemPermission ( SP )* )*
+ CLOSE_CURLY
+ {
+ if ( !itemPermissionComponentsMonitor.finalStateValid() )
+ {
+ throw new RecognitionException( "Missing mandatory itemPermission components: "
+ + itemPermissionComponentsMonitor.getRemainingComponents() );
+ }
+
+ itemPermission = new ItemPermission( precedence, grantsAndDenials, userClasses );
+ precedence = null;
+ }
+ ;
+
+anyItemPermission
+ :
+ precedence
+ {
+ itemPermissionComponentsMonitor.useComponent( "precedence" );
+ }
+ | userClasses
+ {
+ itemPermissionComponentsMonitor.useComponent( "userClasses" );
+ }
+ | grantsAndDenials
+ {
+ itemPermissionComponentsMonitor.useComponent( "grantsAndDenials" );
+ }
+ ;
+ exception
+ catch [IllegalArgumentException e]
+ {
+ throw new RecognitionException( e.getMessage() );
+ }
+
+grantsAndDenials
+{
+ log.debug( "entered grantsAndDenials()" );
+ grantsAndDenials = new HashSet<GrantAndDenial>();
+ GrantAndDenial grantAndDenial = null;
+}
+ :
+ ID_grantsAndDenials ( SP )+
+ OPEN_CURLY ( SP )*
+ ( grantAndDenial = grantAndDenial ( SP )*
+ {
+ if ( !grantsAndDenials.add( grantAndDenial ))
+ {
+ throw new RecognitionException( "Duplicated GrantAndDenial bit: " + grantAndDenial );
+ }
+ }
+ ( SEP ( SP )* grantAndDenial = grantAndDenial ( SP )*
+ {
+ if ( !grantsAndDenials.add( grantAndDenial ))
+ {
+ throw new RecognitionException( "Duplicated GrantAndDenial bit: " + grantAndDenial );
+ }
+ }
+ )*
+ )?
+ CLOSE_CURLY
+ ;
+
+grantAndDenial returns [ GrantAndDenial l_grantAndDenial ]
+{
+ log.debug( "entered grantAndDenialsBit()" );
+ l_grantAndDenial = null;
+}
+ :
+ ID_grantAdd { l_grantAndDenial = GrantAndDenial.GRANT_ADD; }
+ | ID_denyAdd { l_grantAndDenial = GrantAndDenial.DENY_ADD; }
+ | ID_grantDiscloseOnError { l_grantAndDenial = GrantAndDenial.GRANT_DISCLOSE_ON_ERROR; }
+ | ID_denyDiscloseOnError { l_grantAndDenial = GrantAndDenial.DENY_DISCLOSE_ON_ERROR; }
+ | ID_grantRead { l_grantAndDenial = GrantAndDenial.GRANT_READ; }
+ | ID_denyRead { l_grantAndDenial = GrantAndDenial.DENY_READ; }
+ | ID_grantRemove { l_grantAndDenial = GrantAndDenial.GRANT_REMOVE; }
+ | ID_denyRemove { l_grantAndDenial = GrantAndDenial.DENY_REMOVE; }
+ //-- permissions that may be used only in conjunction
+ //-- with the entry component
+ | ID_grantBrowse { l_grantAndDenial = GrantAndDenial.GRANT_BROWSE; }
+ | ID_denyBrowse { l_grantAndDenial = GrantAndDenial.DENY_BROWSE; }
+ | ID_grantExport { l_grantAndDenial = GrantAndDenial.GRANT_EXPORT; }
+ | ID_denyExport { l_grantAndDenial = GrantAndDenial.DENY_EXPORT; }
+ | ID_grantImport { l_grantAndDenial = GrantAndDenial.GRANT_IMPORT; }
+ | ID_denyImport { l_grantAndDenial = GrantAndDenial.DENY_IMPORT; }
+ | ID_grantModify { l_grantAndDenial = GrantAndDenial.GRANT_MODIFY; }
+ | ID_denyModify { l_grantAndDenial = GrantAndDenial.DENY_MODIFY; }
+ | ID_grantRename { l_grantAndDenial = GrantAndDenial.GRANT_RENAME; }
+ | ID_denyRename { l_grantAndDenial = GrantAndDenial.DENY_RENAME; }
+ | ID_grantReturnDN { l_grantAndDenial = GrantAndDenial.GRANT_RETURN_DN; }
+ | ID_denyReturnDN { l_grantAndDenial = GrantAndDenial.DENY_RETURN_DN; }
+ //-- permissions that may be used in conjunction
+ //-- with any component, except entry, of ProtectedItems
+ | ID_grantCompare { l_grantAndDenial = GrantAndDenial.GRANT_COMPARE; }
+ | ID_denyCompare { l_grantAndDenial = GrantAndDenial.DENY_COMPARE; }
+ | ID_grantFilterMatch { l_grantAndDenial = GrantAndDenial.GRANT_FILTER_MATCH; }
+ | ID_denyFilterMatch { l_grantAndDenial = GrantAndDenial.DENY_FILTER_MATCH; }
+ | ID_grantInvoke { l_grantAndDenial = GrantAndDenial.GRANT_INVOKE; }
+ | ID_denyInvoke { l_grantAndDenial = GrantAndDenial.DENY_INVOKE; }
+ ;
+
+userClasses
+{
+ log.debug( "entered userClasses()" );
+ userClassesMap = new NoDuplicateKeysMap();
+}
+ :
+ ID_userClasses ( SP )+
+ OPEN_CURLY ( SP )*
+ (
+ userClass ( SP )*
+ ( SEP ( SP )* userClass ( SP )* )*
+ )?
+ CLOSE_CURLY
+ {
+ userClasses = new HashSet<UserClass>( userClassesMap.values() );
+ }
+ ;
+ exception
+ catch [IllegalArgumentException e]
+ {
+ throw new RecognitionException( "User Classes cannot be duplicated. " + e.getMessage() );
+ }
+
+userClass
+{
+ log.debug( "entered userClasses()" );
+}
+ :
+ allUsers
+ | thisEntry
+ | parentOfEntry
+ | name
+ | userGroup
+ | subtree
+ ;
+
+allUsers
+{
+ log.debug( "entered allUsers()" );
+}
+ :
+ ID_allUsers
+ {
+ userClassesMap.put( "allUsers", UserClass.ALL_USERS );
+ }
+ ;
+
+thisEntry
+{
+ log.debug( "entered thisEntry()" );
+}
+ :
+ ID_thisEntry
+ {
+ userClassesMap.put( "thisEntry", UserClass.THIS_ENTRY );
+ }
+ ;
+
+parentOfEntry
+{
+ log.debug( "entered parentOfEntry()" );
+}
+ :
+ ID_parentOfEntry
+ {
+ userClassesMap.put( "parentOfEntry", UserClass.PARENT_OF_ENTRY );
+ }
+ ;
+
+name
+{
+ log.debug( "entered name()" );
+ Set<DN> names = new HashSet<DN>();
+ DN distinguishedName = null;
+}
+ :
+ ID_name ( SP )+
+ OPEN_CURLY ( SP )*
+ distinguishedName=distinguishedName ( SP )*
+ {
+ names.add( distinguishedName );
+ }
+ ( SEP ( SP )* distinguishedName=distinguishedName ( SP )*
+ {
+ names.add( distinguishedName );
+ } )*
+ CLOSE_CURLY
+ {
+ userClassesMap.put( "name", new UserClass.Name( names ) );
+ }
+ ;
+
+userGroup
+{
+ log.debug( "entered userGroup()" );
+ Set<DN> userGroup = new HashSet<DN>();
+ DN distinguishedName = null;
+}
+ :
+ ID_userGroup ( SP )+
+ OPEN_CURLY ( SP )*
+ distinguishedName=distinguishedName ( SP )*
+ {
+ userGroup.add( distinguishedName );
+ }
+ ( SEP ( SP )* distinguishedName=distinguishedName ( SP )*
+ {
+ userGroup.add( distinguishedName );
+ } )*
+ CLOSE_CURLY
+ {
+ userClassesMap.put( "userGroup", new UserClass.UserGroup( userGroup ) );
+ }
+ ;
+
+subtree
+{
+ log.debug( "entered subtree()" );
+ Set<SubtreeSpecification> subtrees = new HashSet<SubtreeSpecification>();
+ SubtreeSpecification subtreeSpecification = null;
+}
+ :
+ ID_subtree ( SP )+
+ OPEN_CURLY ( SP )*
+ subtreeSpecification=subtreeSpecification ( SP )*
+ {
+ subtrees.add( subtreeSpecification );
+ }
+ ( SEP ( SP )* subtreeSpecification=subtreeSpecification ( SP )*
+ {
+ subtrees.add( subtreeSpecification );
+ } )*
+ CLOSE_CURLY
+ {
+ userClassesMap.put( "subtree", new UserClass.Subtree( subtrees ) );
+ }
+ ;
+
+userPermissions
+{
+ log.debug( "entered userPermissions()" );
+ userPermissions = new HashSet<UserPermission>();
+ UserPermission userPermission = null;
+}
+ :
+ ID_userPermissions ( SP )+
+ OPEN_CURLY ( SP )*
+ ( userPermission=userPermission ( SP )*
+ {
+ userPermissions.add( userPermission );
+ }
+ ( SEP ( SP )* userPermission=userPermission ( SP )*
+ {
+ userPermissions.add( userPermission );
+ }
+ )*
+ )?
+ CLOSE_CURLY
+ ;
+
+userPermission returns [ UserPermission userPermission ]
+{
+ log.debug( "entered userPermission()" );
+ userPermission = null;
+ userPermissionComponentsMonitor = new MandatoryAndOptionalComponentsMonitor(
+ new String [] { "protectedItems", "grantsAndDenials" }, new String [] { "precedence" } );
+}
+ :
+ OPEN_CURLY ( SP )*
+ anyUserPermission ( SP )*
+ ( SEP ( SP )* anyUserPermission ( SP )* )*
+ CLOSE_CURLY
+ {
+ if ( !userPermissionComponentsMonitor.finalStateValid() )
+ {
+ throw new RecognitionException( "Missing mandatory userPermission components: "
+ + userPermissionComponentsMonitor.getRemainingComponents() );
+ }
+
+ userPermission = new UserPermission( precedence, grantsAndDenials, protectedItems );
+ precedence = null;
+ }
+ ;
+
+anyUserPermission
+ :
+ precedence
+ {
+ userPermissionComponentsMonitor.useComponent( "precedence" );
+ }
+ | protectedItems
+ {
+ userPermissionComponentsMonitor.useComponent( "protectedItems" );
+ }
+ | grantsAndDenials
+ {
+ userPermissionComponentsMonitor.useComponent( "grantsAndDenials" );
+ }
+ ;
+ exception
+ catch [IllegalArgumentException e]
+ {
+ throw new RecognitionException( e.getMessage() );
+ }
+
+subtreeSpecification returns [SubtreeSpecification ss]
+{
+ log.debug( "entered subtreeSpecification()" );
+ // clear out ss, ssModifier, chopBeforeExclusions and chopAfterExclusions
+ // in case something is left from the last parse
+ ss = null;
+ ssModifier = new SubtreeSpecificationModifier();
+ chopBeforeExclusions = new HashSet<DN>();
+ chopAfterExclusions = new HashSet<DN>();
+ subtreeSpecificationComponentsMonitor = new OptionalComponentsMonitor(
+ new String [] { "base", "specificExclusions", "minimum", "maximum" } );
+}
+ :
+ OPEN_CURLY ( SP )*
+ ( subtreeSpecificationComponent ( SP )*
+ ( SEP ( SP )* subtreeSpecificationComponent ( SP )* )* )?
+ CLOSE_CURLY
+ {
+ ss = ssModifier.getSubtreeSpecification();
+ }
+ ;
+
+subtreeSpecificationComponent
+{
+ log.debug( "entered subtreeSpecification()" );
+}
+ :
+ ss_base
+ {
+ subtreeSpecificationComponentsMonitor.useComponent( "base" );
+ }
+ | ss_specificExclusions
+ {
+ subtreeSpecificationComponentsMonitor.useComponent( "specificExclusions" );
+ }
+ | ss_minimum
+ {
+ subtreeSpecificationComponentsMonitor.useComponent( "minimum" );
+ }
+ | ss_maximum
+ {
+ subtreeSpecificationComponentsMonitor.useComponent( "maximum" );
+ }
+ ;
+ exception
+ catch [IllegalArgumentException e]
+ {
+ throw new RecognitionException( e.getMessage() );
+ }
+
+ss_base
+{
+ log.debug( "entered ss_base()" );
+ DN base = null;
+}
+ :
+ ID_base ( SP )+ base=distinguishedName
+ {
+ ssModifier.setBase( base );
+ }
+ ;
+
+ss_specificExclusions
+{
+ log.debug( "entered ss_specificExclusions()" );
+}
+ :
+ ID_specificExclusions ( SP )+ specificExclusions
+ {
+ ssModifier.setChopBeforeExclusions( chopBeforeExclusions );
+ ssModifier.setChopAfterExclusions( chopAfterExclusions );
+ }
+ ;
+
+specificExclusions
+{
+ log.debug( "entered specificExclusions()" );
+}
+ :
+ OPEN_CURLY ( SP )*
+ ( specificExclusion ( SP )*
+ ( SEP ( SP )* specificExclusion ( SP )* )*
+ )?
+ CLOSE_CURLY
+ ;
+
+specificExclusion
+{
+ log.debug( "entered specificExclusion()" );
+}
+ :
+ chopBefore | chopAfter
+ ;
+
+chopBefore
+{
+ log.debug( "entered chopBefore()" );
+ DN chopBeforeExclusion = null;
+}
+ :
+ ID_chopBefore ( SP )* COLON ( SP )* chopBeforeExclusion=distinguishedName
+ {
+ chopBeforeExclusions.add( chopBeforeExclusion );
+ }
+ ;
+
+chopAfter
+{
+ log.debug( "entered chopAfter()" );
+ DN chopAfterExclusion = null;
+}
+ :
+ ID_chopAfter ( SP )* COLON ( SP )* chopAfterExclusion=distinguishedName
+ {
+ chopAfterExclusions.add( chopAfterExclusion );
+ }
+ ;
+
+ss_minimum
+{
+ log.debug( "entered ss_minimum()" );
+ int minimum = 0;
+}
+ :
+ ID_minimum ( SP )+ minimum=baseDistance
+ {
+ ssModifier.setMinBaseDistance( minimum );
+ }
+ ;
+
+ss_maximum
+{
+ log.debug( "entered ss_maximum()" );
+ int maximum = 0;
+}
+ :
+ ID_maximum ( SP )+ maximum=baseDistance
+ {
+ ssModifier.setMaxBaseDistance( maximum );
+ }
+ ;
+
+distinguishedName returns [ DN name ]
+{
+ log.debug( "entered distinguishedName()" );
+ name = null;
+}
+ :
+ token:SAFEUTF8STRING
+ {
+ name = new DN( token.getText() );
+ if ( oidsMap != null )
+ {
+ name.normalize( oidsMap );
+ }
+ log.debug( "recognized a DistinguishedName: " + token.getText() );
+ }
+ ;
+ exception
+ catch [Exception e]
+ {
+ throw new RecognitionException( "dnParser failed for " + token.getText() + " " + e.getMessage() );
+ }
+
+baseDistance returns [ int distance ]
+{
+ log.debug( "entered baseDistance()" );
+ distance = 0;
+}
+ :
+ token:INTEGER
+ {
+ distance = token2Integer( token );
+ }
+ ;
+
+oid returns [ String result ]
+{
+ log.debug( "entered oid()" );
+ result = null;
+ Token token = null;
+}
+ :
+ { token = LT( 1 ); } // an interesting trick goes here ;-)
+ ( DESCR | NUMERICOID )
+ {
+ result = token.getText();
+ log.debug( "recognized an oid: " + result );
+ }
+ ;
+
+refinement returns [ ExprNode node ]
+{
+ log.debug( "entered refinement()" );
+ node = null;
+}
+ :
+ node=item | node=and | node=or | node=not
+ ;
+
+item returns [ LeafNode node ]
+{
+ log.debug( "entered item()" );
+ node = null;
+ String oid = null;
+}
+ :
+ ID_item ( SP )* COLON ( SP )* oid=oid
+ {
+ node = new EqualityNode( SchemaConstants.OBJECT_CLASS_AT , new StringValue( oid ) );
+ }
+ ;
+
+and returns [ BranchNode node ]
+{
+ log.debug( "entered and()" );
+ node = null;
+ List<ExprNode> children = null;
+}
+ :
+ ID_and ( SP )* COLON ( SP )* children=refinements
+ {
+ node = new AndNode( children );
+ }
+ ;
+
+or returns [ BranchNode node ]
+{
+ log.debug( "entered or()" );
+ node = null;
+ List<ExprNode> children = null;
+}
+ :
+ ID_or ( SP )* COLON ( SP )* children=refinements
+ {
+ node = new OrNode( children );
+ }
+ ;
+
+not returns [ BranchNode node ]
+{
+ log.debug( "entered not()" );
+ node = null;
+ List<ExprNode> children = null;
+}
+ :
+ ID_not ( SP )* COLON ( SP )* children=refinements
+ {
+ node = new NotNode( children );
+ }
+ ;
+
+refinements returns [ List<ExprNode> children ]
+{
+ log.debug( "entered refinements()" );
+ children = null;
+ ExprNode child = null;
+ List<ExprNode> tempChildren = new ArrayList<ExprNode>();
+}
+ :
+ OPEN_CURLY ( SP )*
+ (
+ child=refinement ( SP )*
+ {
+ tempChildren.add( child );
+ }
+ ( SEP ( SP )* child=refinement ( SP )*
+ {
+ tempChildren.add( child );
+ } )*
+ )? CLOSE_CURLY
+ {
+ children = tempChildren;
+ }
+ ;
+
+
+// ----------------------------------------------------------------------------
+// lexer class definition
+// ----------------------------------------------------------------------------
+
+/**
+ * The parser's primary lexer.
+ *
+ * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
+ */
+class AntlrACIItemLexer extends Lexer;
+
+
+// ----------------------------------------------------------------------------
+// lexer options
+// ----------------------------------------------------------------------------
+
+options
+{
+ k = 2;
+ charVocabulary = '\3'..'\377';
+}
+
+
+//----------------------------------------------------------------------------
+// tokens
+//----------------------------------------------------------------------------
+
+tokens
+{
+ ID_identificationTag = "identificationTag";
+ ID_precedence = "precedence";
+ ID_FALSE = "FALSE";
+ ID_TRUE = "TRUE";
+ ID_none = "none";
+ ID_simple = "simple";
+ ID_strong = "strong";
+ ID_level = "level";
+ ID_basicLevels = "basicLevels";
+ ID_localQualifier = "localQualifier";
+ ID_signed = "signed";
+ ID_authenticationLevel = "authenticationLevel";
+ ID_itemOrUserFirst = "itemOrUserFirst";
+ ID_itemFirst = "itemFirst";
+ ID_userFirst = "userFirst";
+ ID_protectedItems = "protectedItems";
+ ID_classes = "classes";
+ ID_entry = "entry";
+ ID_allUserAttributeTypes = "allUserAttributeTypes";
+ ID_attributeType = "attributeType";
+ ID_allAttributeValues = "allAttributeValues";
+ ID_allUserAttributeTypesAndValues = "allUserAttributeTypesAndValues";
+ ID_selfValue = "selfValue";
+ ID_item = "item";
+ ID_and = "and";
+ ID_or = "or";
+ ID_not = "not";
+ ID_rangeOfValues = "rangeOfValues";
+ ID_maxValueCount = "maxValueCount";
+ ID_type = "type";
+ ID_maxCount = "maxCount";
+ ID_maxImmSub = "maxImmSub";
+ ID_restrictedBy = "restrictedBy";
+ ID_valuesIn = "valuesIn";
+ ID_userClasses = "userClasses";
+ ID_base = "base";
+ ID_specificExclusions = "specificExclusions";
+ ID_chopBefore = "chopBefore";
+ ID_chopAfter = "chopAfter";
+ ID_minimum = "minimum";
+ ID_maximum = "maximum";
+ ID_specificationFilter = "specificationFilter";
+ ID_grantsAndDenials = "grantsAndDenials";
+ ID_itemPermissions = "itemPermissions";
+ ID_userPermissions = "userPermissions";
+ ID_allUsers = "allUsers";
+ ID_thisEntry = "thisEntry";
+ ID_parentOfEntry = "parentOfEntry";
+ ID_subtree = "subtree";
+ ID_name = "name";
+ ID_userGroup = "userGroup";
+
+ ID_grantAdd = "grantAdd"; // (0),
+ ID_denyAdd = "denyAdd"; // (1),
+ ID_grantDiscloseOnError = "grantDiscloseOnError"; // (2),
+ ID_denyDiscloseOnError = "denyDiscloseOnError"; // (3),
+ ID_grantRead = "grantRead"; // (4),
+ ID_denyRead = "denyRead"; // (5),
+ ID_grantRemove = "grantRemove"; // (6),
+ ID_denyRemove = "denyRemove"; // (7),
+ //-- permissions that may be used only in conjunction
+ //-- with the entry component
+ ID_grantBrowse = "grantBrowse"; // (8),
+ ID_denyBrowse = "denyBrowse"; // (9),
+ ID_grantExport = "grantExport"; // (10),
+ ID_denyExport = "denyExport"; // (11),
+ ID_grantImport = "grantImport"; // (12),
+ ID_denyImport = "denyImport"; // (13),
+ ID_grantModify = "grantModify"; // (14),
+ ID_denyModify = "denyModify"; // (15),
+ ID_grantRename = "grantRename"; // (16),
+ ID_denyRename = "denyRename"; // (17),
+ ID_grantReturnDN = "grantReturnDN"; // (18),
+ ID_denyReturnDN = "denyReturnDN"; // (19),
+ //-- permissions that may be used in conjunction
+ //-- with any component, except entry, of ProtectedItems
+ ID_grantCompare = "grantCompare"; // (20),
+ ID_denyCompare = "denyCompare"; // (21),
+ ID_grantFilterMatch = "grantFilterMatch"; // (22),
+ ID_denyFilterMatch = "denyFilterMatch"; // (23),
+ ID_grantInvoke = "grantInvoke"; // (24),
+ ID_denyInvoke = "denyInvoke"; // (25)
+}
+
+
+// ----------------------------------------------------------------------------
+// lexer initialization
+// ----------------------------------------------------------------------------
+
+{
+ private static final Logger log = LoggerFactory.getLogger( AntlrACIItemLexer.class );
+}
+
+
+// ----------------------------------------------------------------------------
+// attribute description lexer rules from models
+// ----------------------------------------------------------------------------
+
+// This is all messed up - could not figure out how to get antlr to represent
+// the safe UTF-8 character set from RFC 3642 for production SafeUTF8Character
+
+protected SAFEUTF8CHAR :
+ '\u0001'..'\u0021' |
+ '\u0023'..'\u007F' |
+ '\u00c0'..'\u00d6' |
+ '\u00d8'..'\u00f6' |
+ '\u00f8'..'\u00ff' |
+ '\u0100'..'\u1fff' |
+ '\u3040'..'\u318f' |
+ '\u3300'..'\u337f' |
+ '\u3400'..'\u3d2d' |
+ '\u4e00'..'\u9fff' |
+ '\uf900'..'\ufaff' ;
+
+OPEN_CURLY : '{' ;
+
+CLOSE_CURLY : '}' ;
+
+SEP : ',' ;
+
+SP : ' ' | '\t' | '\n' { newline(); } | '\r' ;
+
+COLON : ':' ;
+
+protected DIGIT : '0' | LDIGIT ;
+
+protected LDIGIT : '1'..'9' ;
+
+protected ALPHA : 'A'..'Z' | 'a'..'z' ;
+
+protected INTEGER : DIGIT | ( LDIGIT ( DIGIT )+ ) ;
+
+protected HYPHEN : '-' ;
+
+protected NUMERICOID : INTEGER ( DOT INTEGER )+ ;
+
+protected DOT : '.' ;
+
+INTEGER_OR_NUMERICOID
+ :
+ ( INTEGER DOT ) => NUMERICOID
+ {
+ $setType( NUMERICOID );
+ }
+ |
+ INTEGER
+ {
+ $setType( INTEGER );
+ }
+ ;
+
+SAFEUTF8STRING : '"'! ( SAFEUTF8CHAR )* '"'! ;
+
+DESCR // THIS RULE ALSO STANDS FOR AN IDENTIFIER
+ :
+ ( "attributeValue" ( SP! )+ '{' ) =>
+ "attributeValue"! ( SP! )+ '{'! ( options { greedy = false; } : . )* '}'!
+ { $setType( ATTRIBUTE_VALUE_CANDIDATE ); }
+ | ( "rangeOfValues" ( SP! )+ '(' ) =>
+ "rangeOfValues"! ( SP! )+ FILTER
+ { $setType( RANGE_OF_VALUES_CANDIDATE ); }
+ | ALPHA ( ALPHA | DIGIT | HYPHEN )*
+ ;
+
+protected FILTER : '(' ( ( '&' (SP)* (FILTER)+ ) | ( '|' (SP)* (FILTER)+ ) | ( '!' (SP)* FILTER ) | FILTER_VALUE ) ')' (SP)* ;
+
+protected FILTER_VALUE : (options{greedy=true;}: ~( ')' | '(' | '&' | '|' | '!' ) ( ~(')') )* ) ;
+
Added: directory/shared/trunk/ldap-aci/src/main/antlr/ACIItemChecker.g
URL: http://svn.apache.org/viewvc/directory/shared/trunk/ldap-aci/src/main/antlr/ACIItemChecker.g?rev=959029&view=auto
==============================================================================
--- directory/shared/trunk/ldap-aci/src/main/antlr/ACIItemChecker.g (added)
+++ directory/shared/trunk/ldap-aci/src/main/antlr/ACIItemChecker.g Tue Jun 29 16:56:07 2010
@@ -0,0 +1,780 @@
+header
+{
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+
+
+package org.apache.directory.shared.ldap.aci;
+
+
+import org.apache.directory.shared.ldap.name.NameComponentNormalizer;
+}
+
+
+// ----------------------------------------------------------------------------
+// parser class definition
+// ----------------------------------------------------------------------------
+
+/**
+ * The antlr generated ACIItem checker.
+ *
+ * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
+ */
+class AntlrACIItemChecker extends Parser;
+
+
+// ----------------------------------------------------------------------------
+// parser options
+// ----------------------------------------------------------------------------
+
+options
+{
+ k = 1; // ;-)
+ defaultErrorHandler = false;
+}
+
+
+// ----------------------------------------------------------------------------
+// imaginary tokens
+// ----------------------------------------------------------------------------
+
+tokens
+{
+ ATTRIBUTE_VALUE_CANDIDATE;
+ RANGE_OF_VALUES_CANDIDATE;
+}
+
+
+// ----------------------------------------------------------------------------
+// parser initialization
+// ----------------------------------------------------------------------------
+
+{
+ NameComponentNormalizer normalizer;
+
+ /**
+ * Creates a (normalizing) subordinate DnParser for parsing Names.
+ * This method MUST be called for each instance while we cannot do
+ * constructor overloading for this class.
+ *
+ * @return the DnParser to be used for parsing Names
+ */
+ public void init()
+ {
+ }
+
+ /**
+ * Sets the NameComponentNormalizer for this parser's dnParser.
+ */
+ public void setNormalizer(NameComponentNormalizer normalizer)
+ {
+ this.normalizer = normalizer;
+ }
+}
+
+
+// ----------------------------------------------------------------------------
+// parser productions
+// ----------------------------------------------------------------------------
+
+wrapperEntryPoint
+ :
+ ( SP )* theACIItem ( SP )* EOF
+ ;
+
+theACIItem
+ :
+ OPEN_CURLY
+ ( SP )* mainACIItemComponent ( SP )*
+ ( SEP ( SP )* mainACIItemComponent ( SP )* )*
+ CLOSE_CURLY
+ ;
+
+mainACIItemComponent
+ :
+ aci_identificationTag
+ | aci_precedence
+ | aci_authenticationLevel
+ | aci_itemOrUserFirst
+ ;
+
+aci_identificationTag
+ :
+ ID_identificationTag ( SP )+ SAFEUTF8STRING
+ ;
+
+aci_precedence
+ :
+ precedence
+ ;
+
+precedence
+ :
+ ID_precedence ( SP )+ INTEGER
+ ;
+
+aci_authenticationLevel
+ :
+ ID_authenticationLevel ( SP )+ authenticationLevel
+ ;
+
+authenticationLevel
+ :
+ ID_none
+ |
+ ID_simple
+ |
+ ID_strong
+ ;
+
+aci_itemOrUserFirst
+ :
+ ID_itemOrUserFirst ( SP )+ itemOrUserFirst
+ ;
+
+itemOrUserFirst
+ :
+ itemFirst | userFirst
+ ;
+
+itemFirst
+ :
+ ID_itemFirst ( SP )* COLON ( SP )*
+ OPEN_CURLY ( SP )*
+ (
+ protectedItems ( SP )*
+ SEP ( SP )* itemPermissions
+ | // relaxing
+ itemPermissions ( SP )*
+ SEP ( SP )* protectedItems
+ )
+ ( SP )* CLOSE_CURLY
+ ;
+
+userFirst
+ :
+ ID_userFirst ( SP )* COLON ( SP )*
+ OPEN_CURLY ( SP )*
+ (
+ userClasses ( SP )*
+ SEP ( SP )* userPermissions
+ | // relaxing
+ userPermissions ( SP )*
+ SEP ( SP )* userClasses
+ )
+ ( SP )* CLOSE_CURLY
+ ;
+
+protectedItems
+ :
+ ID_protectedItems ( SP )*
+ OPEN_CURLY ( SP )*
+ (
+ protectedItem ( SP )*
+ ( SEP ( SP )* protectedItem ( SP )* )*
+ )?
+ CLOSE_CURLY
+ ;
+
+protectedItem
+ :
+ entry
+ | allUserAttributeTypes
+ | attributeType
+ | allAttributeValues
+ | allUserAttributeTypesAndValues
+ | attributeValue
+ | selfValue
+ | rangeOfValues
+ | maxValueCount
+ | maxImmSub
+ | restrictedBy
+ | classes
+ ;
+
+entry
+ :
+ ID_entry
+ ;
+
+allUserAttributeTypes
+ :
+ ID_allUserAttributeTypes
+ ;
+
+attributeType
+ :
+ ID_attributeType ( SP )+ attributeTypeSet
+ ;
+
+allAttributeValues
+ :
+ ID_allAttributeValues ( SP )+ attributeTypeSet
+ ;
+
+allUserAttributeTypesAndValues
+ :
+ ID_allUserAttributeTypesAndValues
+ ;
+
+attributeValue
+ :
+ ATTRIBUTE_VALUE_CANDIDATE // ate the identifier for subordinate dn parser workaround
+ ;
+
+selfValue
+ :
+ ID_selfValue ( SP )+ attributeTypeSet
+ ;
+
+rangeOfValues
+ :
+ RANGE_OF_VALUES_CANDIDATE
+ ;
+
+maxValueCount
+ :
+ ID_maxValueCount ( SP )+
+ OPEN_CURLY ( SP )*
+ aMaxValueCount ( SP )*
+ ( SEP ( SP )* aMaxValueCount ( SP )*
+ )*
+ CLOSE_CURLY
+ ;
+
+aMaxValueCount
+ :
+ OPEN_CURLY ( SP )*
+ (
+ ID_type ( SP )+ oid ( SP )* SEP ( SP )*
+ ID_maxCount ( SP )+ INTEGER
+ | // relaxing
+ ID_maxCount ( SP )+ INTEGER ( SP )* SEP ( SP )*
+ ID_type ( SP )+ oid
+ )
+ ( SP )* CLOSE_CURLY
+ ;
+
+maxImmSub
+ :
+ ID_maxImmSub ( SP )+ INTEGER
+ ;
+
+restrictedBy
+ :
+ ID_restrictedBy ( SP )+
+ OPEN_CURLY ( SP )*
+ restrictedValue ( SP )*
+ ( SEP ( SP )* restrictedValue ( SP )*
+ )*
+ CLOSE_CURLY
+ ;
+
+restrictedValue
+ :
+ OPEN_CURLY ( SP )*
+ (
+ ID_type ( SP )+ oid ( SP )* SEP ( SP )*
+ ID_valuesIn ( SP )+ oid
+ | // relaxing
+ ID_valuesIn ( SP )+ oid ( SP )* SEP ( SP )*
+ ID_type ( SP )+ oid
+ )
+ ( SP )* CLOSE_CURLY
+ ;
+
+attributeTypeSet
+ :
+ OPEN_CURLY ( SP )*
+ oid ( SP )*
+ ( SEP ( SP )* oid ( SP )*
+ )*
+ CLOSE_CURLY
+ ;
+
+classes
+ :
+ ID_classes ( SP )+ refinement
+ ;
+
+itemPermissions
+ :
+ ID_itemPermissions ( SP )+
+ OPEN_CURLY ( SP )*
+ ( itemPermission ( SP )*
+ ( SEP ( SP )* itemPermission ( SP )*
+ )*
+ )?
+ CLOSE_CURLY
+ ;
+
+itemPermission
+ :
+ OPEN_CURLY ( SP )*
+ anyItemPermission ( SP )*
+ ( SEP ( SP )* anyItemPermission ( SP )* )*
+ CLOSE_CURLY
+ ;
+
+anyItemPermission
+ :
+ precedence
+ | userClasses
+ | grantsAndDenials
+ ;
+
+grantsAndDenials
+ :
+ ID_grantsAndDenials ( SP )+
+ OPEN_CURLY ( SP )*
+ ( grantAndDenial ( SP )*
+ ( SEP ( SP )* grantAndDenial ( SP )*
+ )*
+ )?
+ CLOSE_CURLY
+ ;
+
+grantAndDenial
+ :
+ ID_grantAdd
+ | ID_denyAdd
+ | ID_grantDiscloseOnError
+ | ID_denyDiscloseOnError
+ | ID_grantRead
+ | ID_denyRead
+ | ID_grantRemove
+ | ID_denyRemove
+ //-- permissions that may be used only in conjunction
+ //-- with the entry component
+ | ID_grantBrowse
+ | ID_denyBrowse
+ | ID_grantExport
+ | ID_denyExport
+ | ID_grantImport
+ | ID_denyImport
+ | ID_grantModify
+ | ID_denyModify
+ | ID_grantRename
+ | ID_denyRename
+ | ID_grantReturnDN
+ | ID_denyReturnDN
+ //-- permissions that may be used in conjunction
+ //-- with any component, except entry, of ProtectedItems
+ | ID_grantCompare
+ | ID_denyCompare
+ | ID_grantFilterMatch
+ | ID_denyFilterMatch
+ | ID_grantInvoke
+ | ID_denyInvoke
+ ;
+
+userClasses
+ :
+ ID_userClasses ( SP )+
+ OPEN_CURLY ( SP )*
+ (
+ userClass ( SP )*
+ ( SEP ( SP )* userClass ( SP )* )*
+ )?
+ CLOSE_CURLY
+ ;
+
+userClass
+ :
+ allUsers
+ | thisEntry
+ | parentOfEntry
+ | name
+ | userGroup
+ | subtree
+ ;
+
+allUsers
+ :
+ ID_allUsers
+ ;
+
+thisEntry
+ :
+ ID_thisEntry
+ ;
+
+parentOfEntry
+ :
+ ID_parentOfEntry
+ ;
+
+name
+ :
+ ID_name ( SP )+
+ OPEN_CURLY ( SP )*
+ distinguishedName ( SP )*
+ ( SEP ( SP )* distinguishedName ( SP )*
+ )*
+ CLOSE_CURLY
+ ;
+
+userGroup
+ :
+ ID_userGroup ( SP )+
+ OPEN_CURLY ( SP )*
+ distinguishedName ( SP )*
+ ( SEP ( SP )* distinguishedName ( SP )* )*
+ CLOSE_CURLY
+ ;
+
+subtree
+ :
+ ID_subtree ( SP )+
+ OPEN_CURLY ( SP )*
+ subtreeSpecification ( SP )*
+ ( SEP ( SP )* subtreeSpecification ( SP )* )*
+ CLOSE_CURLY
+ ;
+
+userPermissions
+ :
+ ID_userPermissions ( SP )+
+ OPEN_CURLY ( SP )*
+ ( userPermission ( SP )*
+ ( SEP ( SP )* userPermission ( SP )* )*
+ )?
+ CLOSE_CURLY
+ ;
+
+userPermission
+ :
+ OPEN_CURLY ( SP )*
+ anyUserPermission ( SP )*
+ ( SEP ( SP )* anyUserPermission ( SP )* )*
+ CLOSE_CURLY
+ ;
+
+anyUserPermission
+ :
+ precedence
+ | protectedItems
+ | grantsAndDenials
+ ;
+
+subtreeSpecification
+ :
+ OPEN_CURLY ( SP )*
+ ( subtreeSpecificationComponent ( SP )*
+ ( SEP ( SP )* subtreeSpecificationComponent ( SP )* )* )?
+ CLOSE_CURLY
+ ;
+
+subtreeSpecificationComponent
+ :
+ ss_base
+ | ss_specificExclusions
+ | ss_minimum
+ | ss_maximum
+ ;
+
+ss_base
+ :
+ ID_base ( SP )+ distinguishedName
+ ;
+
+ss_specificExclusions
+ :
+ ID_specificExclusions ( SP )+ specificExclusions
+ ;
+
+specificExclusions
+ :
+ OPEN_CURLY ( SP )*
+ ( specificExclusion ( SP )*
+ ( SEP ( SP )* specificExclusion ( SP )* )*
+ )?
+ CLOSE_CURLY
+ ;
+
+specificExclusion
+ :
+ chopBefore | chopAfter
+ ;
+
+chopBefore
+ :
+ ID_chopBefore ( SP )* COLON ( SP )* distinguishedName
+ ;
+
+chopAfter
+ :
+ ID_chopAfter ( SP )* COLON ( SP )* distinguishedName
+ ;
+
+ss_minimum
+ :
+ ID_minimum ( SP )+ baseDistance
+ ;
+
+ss_maximum
+ :
+ ID_maximum ( SP )+ baseDistance
+ ;
+
+distinguishedName
+ :
+ SAFEUTF8STRING
+ ;
+
+baseDistance
+ :
+ INTEGER
+ ;
+
+oid
+ :
+ ( DESCR | NUMERICOID )
+ ;
+
+refinement
+ :
+ item | and | or | not
+ ;
+
+item
+ :
+ ID_item ( SP )* COLON ( SP )* oid
+ ;
+
+and
+ :
+ ID_and ( SP )* COLON ( SP )* refinements
+ ;
+
+or
+ :
+ ID_or ( SP )* COLON ( SP )* refinements
+ ;
+
+not
+ :
+ ID_not ( SP )* COLON ( SP )* refinements
+ ;
+
+refinements
+ :
+ OPEN_CURLY ( SP )*
+ (
+ refinement ( SP )*
+ ( SEP ( SP )* refinement ( SP )* )*
+ )? CLOSE_CURLY
+ ;
+
+
+// ----------------------------------------------------------------------------
+// lexer class definition
+// ----------------------------------------------------------------------------
+
+/**
+ * The parser's primary lexer.
+ *
+ * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
+ */
+class AntlrACIItemCheckerLexer extends Lexer;
+
+
+// ----------------------------------------------------------------------------
+// lexer options
+// ----------------------------------------------------------------------------
+
+options
+{
+ k = 2;
+ charVocabulary = '\3'..'\377';
+}
+
+
+//----------------------------------------------------------------------------
+// tokens
+//----------------------------------------------------------------------------
+
+tokens
+{
+ ID_identificationTag = "identificationTag";
+ ID_precedence = "precedence";
+ ID_FALSE = "FALSE";
+ ID_TRUE = "TRUE";
+ ID_none = "none";
+ ID_simple = "simple";
+ ID_strong = "strong";
+ ID_level = "level";
+ ID_basicLevels = "basicLevels";
+ ID_localQualifier = "localQualifier";
+ ID_signed = "signed";
+ ID_authenticationLevel = "authenticationLevel";
+ ID_itemOrUserFirst = "itemOrUserFirst";
+ ID_itemFirst = "itemFirst";
+ ID_userFirst = "userFirst";
+ ID_protectedItems = "protectedItems";
+ ID_classes = "classes";
+ ID_entry = "entry";
+ ID_allUserAttributeTypes = "allUserAttributeTypes";
+ ID_attributeType = "attributeType";
+ ID_allAttributeValues = "allAttributeValues";
+ ID_allUserAttributeTypesAndValues = "allUserAttributeTypesAndValues";
+ ID_selfValue = "selfValue";
+ ID_item = "item";
+ ID_and = "and";
+ ID_or = "or";
+ ID_not = "not";
+ ID_rangeOfValues = "rangeOfValues";
+ ID_maxValueCount = "maxValueCount";
+ ID_type = "type";
+ ID_maxCount = "maxCount";
+ ID_maxImmSub = "maxImmSub";
+ ID_restrictedBy = "restrictedBy";
+ ID_valuesIn = "valuesIn";
+ ID_userClasses = "userClasses";
+ ID_base = "base";
+ ID_specificExclusions = "specificExclusions";
+ ID_chopBefore = "chopBefore";
+ ID_chopAfter = "chopAfter";
+ ID_minimum = "minimum";
+ ID_maximum = "maximum";
+ ID_specificationFilter = "specificationFilter";
+ ID_grantsAndDenials = "grantsAndDenials";
+ ID_itemPermissions = "itemPermissions";
+ ID_userPermissions = "userPermissions";
+ ID_allUsers = "allUsers";
+ ID_thisEntry = "thisEntry";
+ ID_parentOfEntry = "parentOfEntry";
+ ID_subtree = "subtree";
+ ID_name = "name";
+ ID_userGroup = "userGroup";
+
+ ID_grantAdd = "grantAdd"; // (0),
+ ID_denyAdd = "denyAdd"; // (1),
+ ID_grantDiscloseOnError = "grantDiscloseOnError"; // (2),
+ ID_denyDiscloseOnError = "denyDiscloseOnError"; // (3),
+ ID_grantRead = "grantRead"; // (4),
+ ID_denyRead = "denyRead"; // (5),
+ ID_grantRemove = "grantRemove"; // (6),
+ ID_denyRemove = "denyRemove"; // (7),
+ //-- permissions that may be used only in conjunction
+ //-- with the entry component
+ ID_grantBrowse = "grantBrowse"; // (8),
+ ID_denyBrowse = "denyBrowse"; // (9),
+ ID_grantExport = "grantExport"; // (10),
+ ID_denyExport = "denyExport"; // (11),
+ ID_grantImport = "grantImport"; // (12),
+ ID_denyImport = "denyImport"; // (13),
+ ID_grantModify = "grantModify"; // (14),
+ ID_denyModify = "denyModify"; // (15),
+ ID_grantRename = "grantRename"; // (16),
+ ID_denyRename = "denyRename"; // (17),
+ ID_grantReturnDN = "grantReturnDN"; // (18),
+ ID_denyReturnDN = "denyReturnDN"; // (19),
+ //-- permissions that may be used in conjunction
+ //-- with any component, except entry, of ProtectedItems
+ ID_grantCompare = "grantCompare"; // (20),
+ ID_denyCompare = "denyCompare"; // (21),
+ ID_grantFilterMatch = "grantFilterMatch"; // (22),
+ ID_denyFilterMatch = "denyFilterMatch"; // (23),
+ ID_grantInvoke = "grantInvoke"; // (24),
+ ID_denyInvoke = "denyInvoke"; // (25)
+}
+
+
+// ----------------------------------------------------------------------------
+// lexer initialization
+// ----------------------------------------------------------------------------
+
+
+// ----------------------------------------------------------------------------
+// attribute description lexer rules from models
+// ----------------------------------------------------------------------------
+
+// This is all messed up - could not figure out how to get antlr to represent
+// the safe UTF-8 character set from RFC 3642 for production SafeUTF8Character
+
+protected SAFEUTF8CHAR :
+ '\u0001'..'\u0021' |
+ '\u0023'..'\u007F' |
+ '\u00c0'..'\u00d6' |
+ '\u00d8'..'\u00f6' |
+ '\u00f8'..'\u00ff' |
+ '\u0100'..'\u1fff' |
+ '\u3040'..'\u318f' |
+ '\u3300'..'\u337f' |
+ '\u3400'..'\u3d2d' |
+ '\u4e00'..'\u9fff' |
+ '\uf900'..'\ufaff' ;
+
+OPEN_CURLY : '{' ;
+
+CLOSE_CURLY : '}' ;
+
+SEP : ',' ;
+
+SP : ' ' | '\t' | '\n' { newline(); } | '\r' ;
+
+COLON : ':' ;
+
+protected DIGIT : '0' | LDIGIT ;
+
+protected LDIGIT : '1'..'9' ;
+
+protected ALPHA : 'A'..'Z' | 'a'..'z' ;
+
+protected INTEGER : DIGIT | ( LDIGIT ( DIGIT )+ ) ;
+
+protected HYPHEN : '-' ;
+
+protected NUMERICOID : INTEGER ( DOT INTEGER )+ ;
+
+protected DOT : '.' ;
+
+INTEGER_OR_NUMERICOID
+ :
+ ( INTEGER DOT ) => NUMERICOID
+ {
+ $setType( NUMERICOID );
+ }
+ |
+ INTEGER
+ {
+ $setType( INTEGER );
+ }
+ ;
+
+SAFEUTF8STRING : '"'! ( SAFEUTF8CHAR )* '"'! ;
+
+DESCR // THIS RULE ALSO STANDS FOR AN IDENTIFIER
+ :
+ ( "attributeValue" ( SP! )+ '{' ) =>
+ "attributeValue"! ( SP! )+ '{'! ( options { greedy = false; } : . )* '}'!
+ { $setType( ATTRIBUTE_VALUE_CANDIDATE ); }
+ | ( "rangeOfValues" ( SP! )+ '(' ) =>
+ "rangeOfValues"! ( SP! )+ FILTER
+ { $setType( RANGE_OF_VALUES_CANDIDATE ); }
+ | ALPHA ( ALPHA | DIGIT | HYPHEN )*
+ ;
+
+protected FILTER : '(' ( ( '&' (SP)* (FILTER)+ ) | ( '|' (SP)* (FILTER)+ ) | ( '!' (SP)* FILTER ) | FILTER_VALUE ) ')' (SP)* ;
+
+protected FILTER_VALUE : (options{greedy=true;}: ~( ')' | '(' | '&' | '|' | '!' ) ( ~(')') )* ) ;
+
+
\ No newline at end of file
Added: directory/shared/trunk/ldap-aci/src/main/java/org/apache/directory/shared/ldap/aci/ACIItem.java
URL: http://svn.apache.org/viewvc/directory/shared/trunk/ldap-aci/src/main/java/org/apache/directory/shared/ldap/aci/ACIItem.java?rev=959029&view=auto
==============================================================================
--- directory/shared/trunk/ldap-aci/src/main/java/org/apache/directory/shared/ldap/aci/ACIItem.java (added)
+++ directory/shared/trunk/ldap-aci/src/main/java/org/apache/directory/shared/ldap/aci/ACIItem.java Tue Jun 29 16:56:07 2010
@@ -0,0 +1,152 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.directory.shared.ldap.aci;
+
+
+import java.util.Collection;
+import java.util.HashSet;
+import java.util.Set;
+
+import org.apache.directory.shared.i18n.I18n;
+import org.apache.directory.shared.ldap.constants.AuthenticationLevel;
+
+
+/**
+ * An abstract class that provides common properties and operations for
+ * {@link ItemFirstACIItem} and {@link UserFirstACIItem} as specified X.501
+ * specification.
+ *
+ * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
+ */
+public abstract class ACIItem
+{
+ /** The ACIItemComponet identifier */
+ private String identificationTag;
+
+ /** The precedence : a number in [0 - 255] */
+ private int precedence = 0;
+
+ /** The authentication level. One of 'none', 'simple' and 'strong' */
+ private AuthenticationLevel authenticationLevel;
+
+
+ /**
+ * Creates a new instance
+ *
+ * @param identificationTag the id string of this item
+ * @param precedence the precedence of this item
+ * @param authenticationLevel the level of authentication required to this item
+ */
+ protected ACIItem( String identificationTag, int precedence, AuthenticationLevel authenticationLevel )
+ {
+ if ( identificationTag == null )
+ {
+ throw new IllegalArgumentException( I18n.err( I18n.ERR_04001_NULL_IDENTIFICATION_TAG ) );
+ }
+
+ if ( ( precedence < 0 ) || ( precedence > 255 ) )
+ {
+ throw new IllegalArgumentException( I18n.err( I18n.ERR_04002_BAD_PRECENDENCE, precedence ) );
+ }
+
+ if ( authenticationLevel == null )
+ {
+ throw new IllegalArgumentException( I18n.err( I18n.ERR_04003_NULL_AUTHENTICATION_LEVEL ) );
+ }
+
+ this.identificationTag = identificationTag;
+ this.precedence = precedence;
+ this.authenticationLevel = authenticationLevel;
+ }
+
+
+ /**
+ * Returns the id string of this item.
+ */
+ public String getIdentificationTag()
+ {
+ return identificationTag;
+ }
+
+
+ /**
+ * Returns the precedence of this item.
+ */
+ public int getPrecedence()
+ {
+ return precedence;
+ }
+
+
+ /**
+ * Returns the level of authentication required to this item.
+ */
+ public AuthenticationLevel getAuthenticationLevel()
+ {
+ return authenticationLevel;
+ }
+
+
+ /**
+ * Converts this item into a collection of {@link ACITuple}s and returns
+ * it.
+ */
+ public abstract Collection<ACITuple> toTuples();
+
+
+ /**
+ * Converts a set of {@link GrantAndDenial}s into a set of
+ * {@link MicroOperation}s and returns it.
+ */
+ protected static Set<MicroOperation> toMicroOperations( Set<GrantAndDenial> grantsAndDenials )
+ {
+ Set<MicroOperation> microOps = new HashSet<MicroOperation>();
+
+ for ( GrantAndDenial grantAndDenial:grantsAndDenials )
+ {
+ microOps.add( grantAndDenial.getMicroOperation() );
+ }
+
+ return microOps;
+ }
+
+
+ /**
+ * @see Object#toString()
+ */
+ public String toString()
+ {
+ StringBuilder buf = new StringBuilder();
+
+ // identificationTag
+ buf.append( "identificationTag \"" );
+ buf.append( getIdentificationTag() );
+
+ // precedence
+ buf.append( "\", precedence " );
+ buf.append( getPrecedence() );
+
+ // authenticationLevel
+ buf.append( ", authenticationLevel " );
+ buf.append( getAuthenticationLevel().getName() );
+
+ return buf.toString();
+ }
+}
Added: directory/shared/trunk/ldap-aci/src/main/java/org/apache/directory/shared/ldap/aci/ACIItemChecker.java
URL: http://svn.apache.org/viewvc/directory/shared/trunk/ldap-aci/src/main/java/org/apache/directory/shared/ldap/aci/ACIItemChecker.java?rev=959029&view=auto
==============================================================================
--- directory/shared/trunk/ldap-aci/src/main/java/org/apache/directory/shared/ldap/aci/ACIItemChecker.java (added)
+++ directory/shared/trunk/ldap-aci/src/main/java/org/apache/directory/shared/ldap/aci/ACIItemChecker.java Tue Jun 29 16:56:07 2010
@@ -0,0 +1,115 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+
+package org.apache.directory.shared.ldap.aci;
+
+
+import java.io.StringReader;
+import java.text.ParseException;
+
+import org.apache.directory.shared.i18n.I18n;
+
+import antlr.RecognitionException;
+import antlr.TokenStreamException;
+
+
+/**
+ * A reusable wrapper around the antlr generated parser for an ACIItem as
+ * defined by X.501. This class enables the reuse of the antlr parser/lexer pair
+ * without having to recreate them every time.
+ *
+ * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
+ */
+public class ACIItemChecker
+{
+ /** the antlr generated parser being wrapped */
+ private ReusableAntlrACIItemParser checker;
+
+ /** the antlr generated lexer being wrapped */
+ private ReusableAntlrACIItemLexer lexer;
+
+ private final boolean isNormalizing;
+
+
+ /**
+ * Creates a ACIItem parser.
+ */
+ public ACIItemChecker()
+ {
+ this.lexer = new ReusableAntlrACIItemLexer( new StringReader( "" ) );
+ this.checker = new ReusableAntlrACIItemParser( lexer );
+ this.isNormalizing = false;
+ }
+
+
+ /**
+ * Initializes the plumbing by creating a pipe and coupling the parser/lexer
+ * pair with it. param spec the specification to be parsed
+ */
+ private synchronized void reset( String spec )
+ {
+ StringReader in = new StringReader( spec );
+ this.lexer.prepareNextInput( in );
+ this.checker.resetState();
+ }
+
+
+ /**
+ * Parses an ACIItem without exhausting the parser.
+ *
+ * @param spec
+ * the specification to be parsed
+ * @throws ParseException
+ * if there are any recognition errors (bad syntax)
+ */
+ public synchronized void parse( String spec ) throws ParseException
+ {
+ if ( spec == null || spec.trim().equals( "" ) )
+ {
+ return;
+ }
+
+ reset( spec ); // reset and initialize the parser / lexer pair
+
+ try
+ {
+ this.checker.wrapperEntryPoint();
+ }
+ catch ( TokenStreamException e )
+ {
+ throw new ParseException( I18n.err( I18n.ERR_00004, spec, e.getLocalizedMessage() ), 0 );
+ }
+ catch ( RecognitionException e )
+ {
+ throw new ParseException( I18n.err( I18n.ERR_00004, spec, e.getLocalizedMessage() ), e.getColumn() );
+ }
+ }
+
+
+ /**
+ * Tests to see if this parser is normalizing.
+ *
+ * @return true if it normalizes false otherwise
+ */
+ public boolean isNormizing()
+ {
+ return this.isNormalizing;
+ }
+}
Added: directory/shared/trunk/ldap-aci/src/main/java/org/apache/directory/shared/ldap/aci/ACIItemParser.java
URL: http://svn.apache.org/viewvc/directory/shared/trunk/ldap-aci/src/main/java/org/apache/directory/shared/ldap/aci/ACIItemParser.java?rev=959029&view=auto
==============================================================================
--- directory/shared/trunk/ldap-aci/src/main/java/org/apache/directory/shared/ldap/aci/ACIItemParser.java (added)
+++ directory/shared/trunk/ldap-aci/src/main/java/org/apache/directory/shared/ldap/aci/ACIItemParser.java Tue Jun 29 16:56:07 2010
@@ -0,0 +1,141 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+
+package org.apache.directory.shared.ldap.aci;
+
+
+import java.io.StringReader;
+import java.text.ParseException;
+import java.util.Map;
+
+import org.apache.directory.shared.i18n.I18n;
+import org.apache.directory.shared.ldap.name.NameComponentNormalizer;
+import org.apache.directory.shared.ldap.schema.normalizers.OidNormalizer;
+
+import antlr.RecognitionException;
+import antlr.TokenStreamException;
+
+
+/**
+ * A reusable wrapper around the antlr generated parser for an ACIItem as
+ * defined by X.501. This class enables the reuse of the antlr parser/lexer pair
+ * without having to recreate them every time.
+ *
+ * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
+ */
+public class ACIItemParser
+{
+ /** the antlr generated parser being wrapped */
+ private ReusableAntlrACIItemParser parser;
+
+ /** the antlr generated lexer being wrapped */
+ private ReusableAntlrACIItemLexer lexer;
+
+ private final boolean isNormalizing;
+
+
+ /**
+ * Creates a ACIItem parser.
+ */
+ public ACIItemParser( Map<String, OidNormalizer> oidsMap )
+ {
+ this.lexer = new ReusableAntlrACIItemLexer( new StringReader( "" ) );
+ this.parser = new ReusableAntlrACIItemParser( lexer );
+
+ this.parser.init( oidsMap ); // this method MUST be called while we cannot do
+ // constructor overloading for antlr generated parser
+ this.isNormalizing = false;
+ }
+
+
+ /**
+ * Creates a normalizing ACIItem parser.
+ */
+ public ACIItemParser( NameComponentNormalizer normalizer, Map<String, OidNormalizer> oidsMap )
+ {
+ this.lexer = new ReusableAntlrACIItemLexer( new StringReader( "" ) );
+ this.parser = new ReusableAntlrACIItemParser( lexer );
+
+ this.parser.setNormalizer( normalizer );
+ this.parser.init( oidsMap ); // this method MUST be called while we cannot do
+ // constructor overloading for antlr generated parser
+ this.isNormalizing = true;
+ }
+
+
+ /**
+ * Initializes the plumbing by creating a pipe and coupling the parser/lexer
+ * pair with it. param spec the specification to be parsed
+ */
+ private synchronized void reset( String spec )
+ {
+ StringReader in = new StringReader( spec );
+ this.lexer.prepareNextInput( in );
+ this.parser.resetState();
+ }
+
+
+ /**
+ * Parses an ACIItem without exhausting the parser.
+ *
+ * @param spec
+ * the specification to be parsed
+ * @return the specification bean
+ * @throws ParseException
+ * if there are any recognition errors (bad syntax)
+ */
+ public synchronized ACIItem parse( String spec ) throws ParseException
+ {
+ ACIItem aCIItem = null;
+
+ if ( spec == null || spec.trim().equals( "" ) )
+ {
+ return null;
+ }
+
+ reset( spec ); // reset and initialize the parser / lexer pair
+
+ try
+ {
+ aCIItem = this.parser.wrapperEntryPoint();
+ }
+ catch ( TokenStreamException e )
+ {
+ throw new ParseException( I18n.err( I18n.ERR_00004, spec, e.getLocalizedMessage() ), 0 );
+ }
+ catch ( RecognitionException e )
+ {
+ throw new ParseException( I18n.err( I18n.ERR_00004, spec, e.getLocalizedMessage() ), e.getColumn() );
+ }
+
+ return aCIItem;
+ }
+
+
+ /**
+ * Tests to see if this parser is normalizing.
+ *
+ * @return true if it normalizes false otherwise
+ */
+ public boolean isNormizing()
+ {
+ return this.isNormalizing;
+ }
+}