001/* 002 * CDDL HEADER START 003 * 004 * The contents of this file are subject to the terms of the 005 * Common Development and Distribution License, Version 1.0 only 006 * (the "License"). You may not use this file except in compliance 007 * with the License. 008 * 009 * You can obtain a copy of the license at legal-notices/CDDLv1_0.txt 010 * or http://forgerock.org/license/CDDLv1.0.html. 011 * See the License for the specific language governing permissions 012 * and limitations under the License. 013 * 014 * When distributing Covered Code, include this CDDL HEADER in each 015 * file and include the License file at legal-notices/CDDLv1_0.txt. 016 * If applicable, add the following below this CDDL HEADER, with the 017 * fields enclosed by brackets "[]" replaced with your own identifying 018 * information: 019 * Portions Copyright [yyyy] [name of copyright owner] 020 * 021 * CDDL HEADER END 022 * 023 * 024 * Copyright 2008 Sun Microsystems, Inc. 025 * Portions Copyright 2014-2015 ForgeRock AS 026 */ 027package org.opends.server.authorization.dseecompat; 028import org.forgerock.i18n.LocalizableMessage; 029 030import static org.opends.messages.AccessControlMessages.*; 031import org.opends.server.types.DirectoryException; 032import org.opends.server.types.Entry; 033import org.opends.server.types.SearchFilter; 034 035/** 036 * This class represents a targetfilter keyword of an aci. 037 */ 038public class TargetFilter { 039 040 /** Enumeration representing the targetfilter operation. */ 041 private EnumTargetOperator op = EnumTargetOperator.EQUALITY; 042 043 /** Filter parsed from the ACI used to match the resource entry. */ 044 private SearchFilter filter; 045 046 /** 047 * Class representing a targetfilter keyword. 048 * @param op The operation of the targetfilter expression (=, !=) 049 * @param filter The filter itself. 050 */ 051 private TargetFilter(EnumTargetOperator op, SearchFilter filter) { 052 this.op=op; 053 this.filter=filter; 054 } 055 056 /** 057 * Decode a aci's targetfilter string. 058 * @param op The operation enumeration of the expression. 059 * @param expr A string representing the target filter. 060 * @return A TargetFilter class suitable for using in a match. 061 * @throws AciException If the expression string is invalid. 062 */ 063 public static TargetFilter decode(EnumTargetOperator op, String expr) 064 throws AciException { 065 SearchFilter filter; 066 try { 067 filter = SearchFilter.createFilterFromString(expr); 068 } catch (DirectoryException ex) { 069 LocalizableMessage message = 070 WARN_ACI_SYNTAX_INVALID_TARGETFILTERKEYWORD_EXPRESSION. 071 get(expr); 072 throw new AciException(message); 073 } 074 return new TargetFilter(op, filter); 075 } 076 077 /** 078 * Checks if a targetfilter matches an evaluation context. 079 * @param matchCtx The evaluation context to use in the matching. 080 * @return True if the target filter matched the context. 081 */ 082 public boolean isApplicable(AciTargetMatchContext matchCtx) { 083 boolean ret; 084 ret=matchesFilter(matchCtx.getResourceEntry()); 085 if(op.equals(EnumTargetOperator.NOT_EQUALITY)) 086 { 087 ret = !ret; 088 } 089 return ret; 090 } 091 092 /** 093 * Checks the filter against an entry taken from the match context. 094 * @param e The entry from the evaluation context above. 095 * @return True if the filter matches the entry. 096 */ 097 private boolean matchesFilter(Entry e) { 098 boolean ret; 099 try { 100 ret=filter.matchesEntry(e); 101 } catch (DirectoryException ex) { 102 //TODO information message? 103 return false; 104 } 105 return ret; 106 } 107}