public interface AciEvalContext
| Modifier and Type | Method and Description |
|---|---|
List<Aci> |
getAllowList()
Get the list allow ACIs.
|
DN |
getClientDN()
Get client DN.
|
Entry |
getClientEntry()
Get the client entry.
|
AttributeType |
getCurrentAttributeType()
Get the current attribute type being evaluated.
|
int |
getCurrentSSF()
Return the current SSF (Security Strength Factor) of the underlying
connection.
|
String |
getDecidingAciName()
Return the name of the ACI that decided the last access evaluation.
|
List<Aci> |
getDenyList()
Get the list of deny ACIs.
|
EnumEvalReason |
getEvalReason()
Return the reason the last access evaluation was evaluated the way it
was.
|
String |
getEvalSummary()
Return the access evaluation summary string.
|
String |
getHostName()
Get the hostname of the bound connection.
|
InetAddress |
getRemoteAddress()
Get the address of the bound connection.
|
DN |
getResourceDN()
Get the resource DN.
|
Entry |
getResourceEntry()
Return the entry being evaluated
.
|
int |
getRights()
Return the rights set for this container's LDAP operation.
|
String |
getTargAttrFiltersAciName()
Return the name of the ACI that last matched a targattrfilters rule.
|
EnumEvalResult |
hasAuthenticationMethod(EnumAuthMethod authMethod,
String saslMech)
Determine whether the client connection has been authenticated using
a specified authentication method.
|
boolean |
hasRights(int rights)
Check if an evaluation context contains a set of access rights.
|
boolean |
hasTargAttrFiltersMatchAci(Aci aci)
The context maintains a hashtable of ACIs that matched the targattrfilters
keyword evaluation.
|
boolean |
hasTargAttrFiltersMatchOp(int flag)
Return true if an ACI that evaluated to deny or allow has an
targattrfilters keyword.
|
boolean |
isAddOperation()
Return true if this is an add operation needed by the userattr
USERDN parent inheritance level 0 processing.
|
boolean |
isAnonymousUser()
Check if the remote client is bound anonymously.
|
boolean |
isDenyEval()
Returns true if the deny list is being evaluated.
|
boolean |
isGetEffectiveRightsEval()
Returns
true if the evaluation context is being used in a
geteffectiverights control evaluation. |
boolean |
isMemberOf(Group<?> group)
Return true if the operation associated with this evaluation
context is a member of the specified group.
|
boolean |
isProxiedAuthorization()
Return true if a evaluation context is being used in proxied authorization
control evaluation.
|
boolean |
isTargAttrFilterMatchAciEmpty()
Returns true if the hashtable of ACIs that matched the targattrfilters
keyword evaluation is empty.
|
String |
rightToString()
Return a string representation of the current right being evaluated.
|
void |
setEvalSummary(String summary)
Set the value of the summary string to the specified string.
|
void |
setEvaluationResult(EnumEvalReason reason,
Aci decidingAci)
Set the reason and the ACI that decided why the last access evaluation was
evaluated the way it was.
|
void |
setTargAttrFiltersAciName(String name)
Set the name of the ACI that last matched a targattrfilters rule.
|
void |
setTargAttrFiltersMatchOp(int flag)
Set a flag that specifies that a ACI that evaluated to either deny or
allow contains a targattrfilters keyword.
|
DN getClientDN()
Entry getClientEntry()
DN getResourceDN()
List<Aci> getDenyList()
List<Aci> getAllowList()
boolean isDenyEval()
boolean isAnonymousUser()
true if client is bound anonymously.int getRights()
Entry getResourceEntry()
String getHostName()
EnumEvalResult hasAuthenticationMethod(EnumAuthMethod authMethod, String saslMech)
authMethod - The required authentication method.saslMech - The required SASL mechanism if the authentication method
is SASL.InetAddress getRemoteAddress()
boolean isAddOperation()
true if this is an add operation.boolean isMemberOf(Group<?> group)
group - The group to check membership in.true if the authorization DN of the operation is a
member of the specified group.boolean isTargAttrFilterMatchAciEmpty()
true if there were not any ACIs that matched
targattrfilters keyword evaluation.boolean hasTargAttrFiltersMatchAci(Aci aci)
aci - The ACI that to evaluate if it contains a match during
targattrfilters keyword evaluation.true if a specified ACI matched targattrfilters evaluation.boolean hasTargAttrFiltersMatchOp(int flag)
flag - The integer value specifying either a deny or allow, but not
both.true if the ACI has an targattrfilters keyword.boolean isGetEffectiveRightsEval()
true if the evaluation context is being used in a
geteffectiverights control evaluation.true if the evaluation context is being used in a
geteffectiverights control evaluation.void setTargAttrFiltersAciName(String name)
name - The ACI name string matching the targattrfilters rule.void setTargAttrFiltersMatchOp(int flag)
flag - Either the integer value representing an allow or a deny,
but not both.void setEvaluationResult(EnumEvalReason reason, Aci decidingAci)
reason - The enumeration representing the reason of the last access
evaluation.decidingAci - The ACI that decided the last access evaluation.EnumEvalReason getEvalReason()
boolean hasRights(int rights)
rights - The rights mask to check.true if the evaluation context contains a access right set.String getDecidingAciName()
boolean isProxiedAuthorization()
true if evaluation context is being used in proxied
authorization control evaluation.AttributeType getCurrentAttributeType()
void setEvalSummary(String summary)
summary - The string to set the summary string toString getEvalSummary()
String rightToString()
String getTargAttrFiltersAciName()
int getCurrentSSF()
Copyright © 2010-2015 ForgeRock AS. All Rights Reserved.