public final class GetEffectiveRightsRequestControl extends Object implements Control
GetRightsControl ::= SEQUENCE {
authzId authzId -- Only the "dn:DN" form is supported.
attributes SEQUENCE OF AttributeType
}
You can use the control to retrieve effective rights during a search:
String authDN = ...;
SearchRequest request =
Requests.newSearchRequest(
"dc=example,dc=com", SearchScope.WHOLE_SUBTREE,
"(uid=bjensen)", "cn", "aclRights", "aclRightsInfo")
.addControl(GetEffectiveRightsRequestControl.newControl(
true, authDN, "cn"));
ConnectionEntryReader reader = connection.search(request);
while (reader.hasNext()) {
if (!reader.isReference()) {
SearchResultEntry entry = reader.readEntry();
// Interpret aclRights and aclRightsInfo
}
}
The entries returned by the search hold the aclRights and
aclRightsInfo attributes with the effective rights information. You
must parse the attribute options and values to interpret the information.| Modifier and Type | Field and Description |
|---|---|
static ControlDecoder<GetEffectiveRightsRequestControl> |
DECODER
A decoder which can be used for decoding the get effective rights request
control.
|
static String |
OID
The OID for the get effective rights request control.
|
| Modifier and Type | Method and Description |
|---|---|
Collection<AttributeType> |
getAttributes()
Returns an unmodifiable list of attributes for which effective rights are
to be returned, which may be empty indicating that no attribute rights
are to be returned.
|
DN |
getAuthorizationName()
Returns the distinguished name of the user for which effective rights are
to be returned, or
null if the client's authentication ID is to
be used. |
String |
getOID()
Returns the numeric OID associated with this control.
|
ByteString |
getValue()
Returns the value, if any, associated with this control.
|
boolean |
hasValue()
Returns
true if this control has a value. |
boolean |
isCritical()
Returns
true if it is unacceptable to perform the operation
without applying the semantics of this control. |
static GetEffectiveRightsRequestControl |
newControl(boolean isCritical,
DN authorizationName,
Collection<AttributeType> attributes)
Creates a new get effective rights request control with the provided
criticality, optional authorization name and attribute list.
|
static GetEffectiveRightsRequestControl |
newControl(boolean isCritical,
String authorizationName,
String... attributes)
Creates a new get effective rights request control with the provided
criticality, optional authorization name and attribute list.
|
String |
toString() |
public static final String OID
public static final ControlDecoder<GetEffectiveRightsRequestControl> DECODER
public static GetEffectiveRightsRequestControl newControl(boolean isCritical, DN authorizationName, Collection<AttributeType> attributes)
isCritical - true if it is unacceptable to perform the operation
without applying the semantics of this control, or
false if it can be ignored.authorizationName - The distinguished name of the user for which effective rights
are to be returned, or null if the client's
authentication ID is to be used.attributes - The list of attributes for which effective rights are to be
returned, which may be empty indicating that no attribute
rights are to be returned.NullPointerException - If attributes was null.public static GetEffectiveRightsRequestControl newControl(boolean isCritical, String authorizationName, String... attributes)
isCritical - true if it is unacceptable to perform the operation
without applying the semantics of this control, or
false if it can be ignored.authorizationName - The distinguished name of the user for which effective rights
are to be returned, or null if the client's
authentication ID is to be used.attributes - The list of attributes for which effective rights are to be
returned, which may be empty indicating that no attribute
rights are to be returned.UnknownSchemaElementException - If the default schema is a strict schema and one or more of
the requested attribute types were not recognized.LocalizedIllegalArgumentException - If authorizationName is not a valid LDAP string
representation of a DN.NullPointerException - If attributes was null.public Collection<AttributeType> getAttributes()
public DN getAuthorizationName()
null if the client's authentication ID is to
be used.public ByteString getValue()
public boolean hasValue()
true if this control has a value. In some circumstances
it may be useful to determine if a control has a value, without actually
calculating the value and incurring any performance costs.public boolean isCritical()
true if it is unacceptable to perform the operation
without applying the semantics of this control.
The criticality field only has meaning in controls attached to request
messages (except UnbindRequest). For controls attached to response
messages and the UnbindRequest, the criticality field SHOULD be
false, and MUST be ignored by the receiving protocol peer. A
value of true indicates that it is unacceptable to perform the
operation without applying the semantics of the control.
isCritical in interface Controltrue if this control must be processed by the Directory
Server, or false if it can be ignored.Copyright © 2011-2015 ForgeRock AS. All Rights Reserved.