001/* 002 * CDDL HEADER START 003 * 004 * The contents of this file are subject to the terms of the 005 * Common Development and Distribution License, Version 1.0 only 006 * (the "License"). You may not use this file except in compliance 007 * with the License. 008 * 009 * You can obtain a copy of the license at legal-notices/CDDLv1_0.txt 010 * or http://forgerock.org/license/CDDLv1.0.html. 011 * See the License for the specific language governing permissions 012 * and limitations under the License. 013 * 014 * When distributing Covered Code, include this CDDL HEADER in each 015 * file and include the License file at legal-notices/CDDLv1_0.txt. 016 * If applicable, add the following below this CDDL HEADER, with the 017 * fields enclosed by brackets "[]" replaced with your own identifying 018 * information: 019 * Portions Copyright [yyyy] [name of copyright owner] 020 * 021 * CDDL HEADER END 022 * 023 * 024 * Copyright 2008 Sun Microsystems, Inc. 025 */ 026package org.forgerock.opendj.server.config.meta; 027 028 029 030import java.util.Collection; 031import java.util.SortedSet; 032import org.forgerock.opendj.config.AdministratorAction; 033import org.forgerock.opendj.config.client.ConcurrentModificationException; 034import org.forgerock.opendj.config.client.IllegalManagedObjectNameException; 035import org.forgerock.opendj.config.client.ManagedObject; 036import org.forgerock.opendj.config.client.ManagedObjectDecodingException; 037import org.forgerock.opendj.config.client.MissingMandatoryPropertiesException; 038import org.forgerock.opendj.config.client.OperationRejectedException; 039import org.forgerock.opendj.config.DefaultBehaviorProvider; 040import org.forgerock.opendj.config.DefinedDefaultBehaviorProvider; 041import org.forgerock.opendj.config.DefinitionDecodingException; 042import org.forgerock.opendj.config.EnumPropertyDefinition; 043import org.forgerock.opendj.config.InstantiableRelationDefinition; 044import org.forgerock.opendj.config.ManagedObjectAlreadyExistsException; 045import org.forgerock.opendj.config.ManagedObjectDefinition; 046import org.forgerock.opendj.config.ManagedObjectNotFoundException; 047import org.forgerock.opendj.config.PropertyException; 048import org.forgerock.opendj.config.PropertyOption; 049import org.forgerock.opendj.config.PropertyProvider; 050import org.forgerock.opendj.config.RelationOption; 051import org.forgerock.opendj.config.server.ConfigException; 052import org.forgerock.opendj.config.server.ConfigurationAddListener; 053import org.forgerock.opendj.config.server.ConfigurationChangeListener; 054import org.forgerock.opendj.config.server.ConfigurationDeleteListener; 055import org.forgerock.opendj.config.server.ServerManagedObject; 056import org.forgerock.opendj.config.Tag; 057import org.forgerock.opendj.config.TopCfgDefn; 058import org.forgerock.opendj.ldap.DN; 059import org.forgerock.opendj.ldap.LdapException; 060import org.forgerock.opendj.server.config.client.RootDNCfgClient; 061import org.forgerock.opendj.server.config.client.RootDNUserCfgClient; 062import org.forgerock.opendj.server.config.server.RootDNCfg; 063import org.forgerock.opendj.server.config.server.RootDNUserCfg; 064 065 066 067/** 068 * An interface for querying the Root DN managed object definition 069 * meta information. 070 * <p> 071 * The Root DN configuration contains all the Root DN Users defined in 072 * the directory server. In addition, it also defines the default set 073 * of privileges that Root DN Users automatically inherit. 074 */ 075public final class RootDNCfgDefn extends ManagedObjectDefinition<RootDNCfgClient, RootDNCfg> { 076 077 // The singleton configuration definition instance. 078 private static final RootDNCfgDefn INSTANCE = new RootDNCfgDefn(); 079 080 081 082 /** 083 * Defines the set of permissable values for the "default-root-privilege-name" property. 084 * <p> 085 * Specifies the names of the privileges that root users will be 086 * granted by default. 087 */ 088 public static enum DefaultRootPrivilegeName { 089 090 /** 091 * Allows the user to request that the server process backup 092 * tasks. 093 */ 094 BACKEND_BACKUP("backend-backup"), 095 096 097 098 /** 099 * Allows the user to request that the server process restore 100 * tasks. 101 */ 102 BACKEND_RESTORE("backend-restore"), 103 104 105 106 /** 107 * Allows the associated user to bypass access control checks 108 * performed by the server. 109 */ 110 BYPASS_ACL("bypass-acl"), 111 112 113 114 /** 115 * Allows the associated user to bypass server lockdown mode. 116 */ 117 BYPASS_LOCKDOWN("bypass-lockdown"), 118 119 120 121 /** 122 * Allows the user to cancel operations in progress on other 123 * client connections. 124 */ 125 CANCEL_REQUEST("cancel-request"), 126 127 128 129 /** 130 * Allows the user to perform read operations on the changelog 131 */ 132 CHANGELOG_READ("changelog-read"), 133 134 135 136 /** 137 * Allows the associated user to read the server configuration. 138 */ 139 CONFIG_READ("config-read"), 140 141 142 143 /** 144 * Allows the associated user to update the server configuration. 145 * The config-read privilege is also required. 146 */ 147 CONFIG_WRITE("config-write"), 148 149 150 151 /** 152 * Allows the user to participate in data synchronization. 153 */ 154 DATA_SYNC("data-sync"), 155 156 157 158 /** 159 * Allows the user to terminate other client connections. 160 */ 161 DISCONNECT_CLIENT("disconnect-client"), 162 163 164 165 /** 166 * Allows the associated user to subscribe to receive JMX 167 * notifications. 168 */ 169 JMX_NOTIFY("jmx-notify"), 170 171 172 173 /** 174 * Allows the associated user to perform JMX read operations. 175 */ 176 JMX_READ("jmx-read"), 177 178 179 180 /** 181 * Allows the associated user to perform JMX write operations. 182 */ 183 JMX_WRITE("jmx-write"), 184 185 186 187 /** 188 * Allows the user to request that the server process LDIF export 189 * tasks. 190 */ 191 LDIF_EXPORT("ldif-export"), 192 193 194 195 /** 196 * Allows the user to request that the server process LDIF import 197 * tasks. 198 */ 199 LDIF_IMPORT("ldif-import"), 200 201 202 203 /** 204 * Allows the associated user to modify the server's access 205 * control configuration. 206 */ 207 MODIFY_ACL("modify-acl"), 208 209 210 211 /** 212 * Allows the user to reset user passwords. 213 */ 214 PASSWORD_RESET("password-reset"), 215 216 217 218 /** 219 * Allows the user to make changes to the set of defined root 220 * privileges, as well as to grant and revoke privileges for users. 221 */ 222 PRIVILEGE_CHANGE("privilege-change"), 223 224 225 226 /** 227 * Allows the user to use the proxied authorization control, or to 228 * perform a bind that specifies an alternate authorization 229 * identity. 230 */ 231 PROXIED_AUTH("proxied-auth"), 232 233 234 235 /** 236 * Allows the user to place and bring the server of lockdown mode. 237 */ 238 SERVER_LOCKDOWN("server-lockdown"), 239 240 241 242 /** 243 * Allows the user to request that the server perform an in-core 244 * restart. 245 */ 246 SERVER_RESTART("server-restart"), 247 248 249 250 /** 251 * Allows the user to request that the server shut down. 252 */ 253 SERVER_SHUTDOWN("server-shutdown"), 254 255 256 257 /** 258 * Allows the associated user to perform LDAP subentry write 259 * operations. 260 */ 261 SUBENTRY_WRITE("subentry-write"), 262 263 264 265 /** 266 * Allows the user to request that the server process a search 267 * that cannot be optimized using server indexes. 268 */ 269 UNINDEXED_SEARCH("unindexed-search"), 270 271 272 273 /** 274 * Allows the user to make changes to the server schema. 275 */ 276 UPDATE_SCHEMA("update-schema"); 277 278 279 280 // String representation of the value. 281 private final String name; 282 283 284 285 // Private constructor. 286 private DefaultRootPrivilegeName(String name) { this.name = name; } 287 288 289 290 /** 291 * {@inheritDoc} 292 */ 293 public String toString() { return name; } 294 295 } 296 297 298 299 // The "default-root-privilege-name" property definition. 300 private static final EnumPropertyDefinition<DefaultRootPrivilegeName> PD_DEFAULT_ROOT_PRIVILEGE_NAME; 301 302 303 304 // The "root-dn-users" relation definition. 305 private static final InstantiableRelationDefinition<RootDNUserCfgClient, RootDNUserCfg> RD_ROOT_DN_USERS; 306 307 308 309 // Build the "default-root-privilege-name" property definition. 310 static { 311 EnumPropertyDefinition.Builder<DefaultRootPrivilegeName> builder = EnumPropertyDefinition.createBuilder(INSTANCE, "default-root-privilege-name"); 312 builder.setOption(PropertyOption.MULTI_VALUED); 313 builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "default-root-privilege-name")); 314 DefaultBehaviorProvider<DefaultRootPrivilegeName> provider = new DefinedDefaultBehaviorProvider<DefaultRootPrivilegeName>("bypass-lockdown", "bypass-acl", "modify-acl", "config-read", "config-write", "ldif-import", "ldif-export", "backend-backup", "backend-restore", "server-lockdown", "server-shutdown", "server-restart", "disconnect-client", "cancel-request", "password-reset", "update-schema", "privilege-change", "unindexed-search", "subentry-write", "changelog-read"); 315 builder.setDefaultBehaviorProvider(provider); 316 builder.setEnumClass(DefaultRootPrivilegeName.class); 317 PD_DEFAULT_ROOT_PRIVILEGE_NAME = builder.getInstance(); 318 INSTANCE.registerPropertyDefinition(PD_DEFAULT_ROOT_PRIVILEGE_NAME); 319 } 320 321 322 323 // Build the "root-dn-users" relation definition. 324 static { 325 InstantiableRelationDefinition.Builder<RootDNUserCfgClient, RootDNUserCfg> builder = 326 new InstantiableRelationDefinition.Builder<RootDNUserCfgClient, RootDNUserCfg>(INSTANCE, "root-dn-user", "root-dn-users", RootDNUserCfgDefn.getInstance()); 327 builder.setOption(RelationOption.HIDDEN); 328 RD_ROOT_DN_USERS = builder.getInstance(); 329 INSTANCE.registerRelationDefinition(RD_ROOT_DN_USERS); 330 } 331 332 333 334 // Register the tags associated with this managed object definition. 335 static { 336 INSTANCE.registerTag(Tag.valueOf("core-server")); 337 } 338 339 340 341 /** 342 * Get the Root DN configuration definition singleton. 343 * 344 * @return Returns the Root DN configuration definition singleton. 345 */ 346 public static RootDNCfgDefn getInstance() { 347 return INSTANCE; 348 } 349 350 351 352 /** 353 * Private constructor. 354 */ 355 private RootDNCfgDefn() { 356 super("root-dn", TopCfgDefn.getInstance()); 357 } 358 359 360 361 /** 362 * {@inheritDoc} 363 */ 364 public RootDNCfgClient createClientConfiguration( 365 ManagedObject<? extends RootDNCfgClient> impl) { 366 return new RootDNCfgClientImpl(impl); 367 } 368 369 370 371 /** 372 * {@inheritDoc} 373 */ 374 public RootDNCfg createServerConfiguration( 375 ServerManagedObject<? extends RootDNCfg> impl) { 376 return new RootDNCfgServerImpl(impl); 377 } 378 379 380 381 /** 382 * {@inheritDoc} 383 */ 384 public Class<RootDNCfg> getServerConfigurationClass() { 385 return RootDNCfg.class; 386 } 387 388 389 390 /** 391 * Get the "default-root-privilege-name" property definition. 392 * <p> 393 * Specifies the names of the privileges that root users will be 394 * granted by default. 395 * 396 * @return Returns the "default-root-privilege-name" property definition. 397 */ 398 public EnumPropertyDefinition<DefaultRootPrivilegeName> getDefaultRootPrivilegeNamePropertyDefinition() { 399 return PD_DEFAULT_ROOT_PRIVILEGE_NAME; 400 } 401 402 403 404 /** 405 * Get the "root-dn-users" relation definition. 406 * 407 * @return Returns the "root-dn-users" relation definition. 408 */ 409 public InstantiableRelationDefinition<RootDNUserCfgClient,RootDNUserCfg> getRootDNUsersRelationDefinition() { 410 return RD_ROOT_DN_USERS; 411 } 412 413 414 415 /** 416 * Managed object client implementation. 417 */ 418 private static class RootDNCfgClientImpl implements 419 RootDNCfgClient { 420 421 // Private implementation. 422 private ManagedObject<? extends RootDNCfgClient> impl; 423 424 425 426 // Private constructor. 427 private RootDNCfgClientImpl( 428 ManagedObject<? extends RootDNCfgClient> impl) { 429 this.impl = impl; 430 } 431 432 433 434 /** 435 * {@inheritDoc} 436 */ 437 public SortedSet<DefaultRootPrivilegeName> getDefaultRootPrivilegeName() { 438 return impl.getPropertyValues(INSTANCE.getDefaultRootPrivilegeNamePropertyDefinition()); 439 } 440 441 442 443 /** 444 * {@inheritDoc} 445 */ 446 public void setDefaultRootPrivilegeName(Collection<DefaultRootPrivilegeName> values) { 447 impl.setPropertyValues(INSTANCE.getDefaultRootPrivilegeNamePropertyDefinition(), values); 448 } 449 450 451 452 /** 453 * {@inheritDoc} 454 */ 455 public String[] listRootDNUsers() throws ConcurrentModificationException, 456 LdapException { 457 return impl.listChildren(INSTANCE.getRootDNUsersRelationDefinition()); 458 } 459 460 461 462 /** 463 * {@inheritDoc} 464 */ 465 public RootDNUserCfgClient getRootDNUser(String name) 466 throws DefinitionDecodingException, ManagedObjectDecodingException, 467 ManagedObjectNotFoundException, ConcurrentModificationException, 468 LdapException { 469 return impl.getChild(INSTANCE.getRootDNUsersRelationDefinition(), name).getConfiguration(); 470 } 471 472 473 474 /** 475 * {@inheritDoc} 476 */ 477 public <M extends RootDNUserCfgClient> M createRootDNUser( 478 ManagedObjectDefinition<M, ? extends RootDNUserCfg> d, String name, Collection<PropertyException> exceptions) throws IllegalManagedObjectNameException { 479 return impl.createChild(INSTANCE.getRootDNUsersRelationDefinition(), d, name, exceptions).getConfiguration(); 480 } 481 482 483 484 /** 485 * {@inheritDoc} 486 */ 487 public void removeRootDNUser(String name) 488 throws ManagedObjectNotFoundException, ConcurrentModificationException, 489 OperationRejectedException, LdapException { 490 impl.removeChild(INSTANCE.getRootDNUsersRelationDefinition(), name); 491 } 492 493 494 495 /** 496 * {@inheritDoc} 497 */ 498 public ManagedObjectDefinition<? extends RootDNCfgClient, ? extends RootDNCfg> definition() { 499 return INSTANCE; 500 } 501 502 503 504 /** 505 * {@inheritDoc} 506 */ 507 public PropertyProvider properties() { 508 return impl; 509 } 510 511 512 513 /** 514 * {@inheritDoc} 515 */ 516 public void commit() throws ManagedObjectAlreadyExistsException, 517 MissingMandatoryPropertiesException, ConcurrentModificationException, 518 OperationRejectedException, LdapException { 519 impl.commit(); 520 } 521 522 } 523 524 525 526 /** 527 * Managed object server implementation. 528 */ 529 private static class RootDNCfgServerImpl implements 530 RootDNCfg { 531 532 // Private implementation. 533 private ServerManagedObject<? extends RootDNCfg> impl; 534 535 // The value of the "default-root-privilege-name" property. 536 private final SortedSet<DefaultRootPrivilegeName> pDefaultRootPrivilegeName; 537 538 539 540 // Private constructor. 541 private RootDNCfgServerImpl(ServerManagedObject<? extends RootDNCfg> impl) { 542 this.impl = impl; 543 this.pDefaultRootPrivilegeName = impl.getPropertyValues(INSTANCE.getDefaultRootPrivilegeNamePropertyDefinition()); 544 } 545 546 547 548 /** 549 * {@inheritDoc} 550 */ 551 public void addChangeListener( 552 ConfigurationChangeListener<RootDNCfg> listener) { 553 impl.registerChangeListener(listener); 554 } 555 556 557 558 /** 559 * {@inheritDoc} 560 */ 561 public void removeChangeListener( 562 ConfigurationChangeListener<RootDNCfg> listener) { 563 impl.deregisterChangeListener(listener); 564 } 565 566 567 568 /** 569 * {@inheritDoc} 570 */ 571 public SortedSet<DefaultRootPrivilegeName> getDefaultRootPrivilegeName() { 572 return pDefaultRootPrivilegeName; 573 } 574 575 576 577 /** 578 * {@inheritDoc} 579 */ 580 public String[] listRootDNUsers() { 581 return impl.listChildren(INSTANCE.getRootDNUsersRelationDefinition()); 582 } 583 584 585 586 /** 587 * {@inheritDoc} 588 */ 589 public RootDNUserCfg getRootDNUser(String name) throws ConfigException { 590 return impl.getChild(INSTANCE.getRootDNUsersRelationDefinition(), name).getConfiguration(); 591 } 592 593 594 595 /** 596 * {@inheritDoc} 597 */ 598 public void addRootDNUserAddListener( 599 ConfigurationAddListener<RootDNUserCfg> listener) throws ConfigException { 600 impl.registerAddListener(INSTANCE.getRootDNUsersRelationDefinition(), listener); 601 } 602 603 604 605 /** 606 * {@inheritDoc} 607 */ 608 public void removeRootDNUserAddListener( 609 ConfigurationAddListener<RootDNUserCfg> listener) { 610 impl.deregisterAddListener(INSTANCE.getRootDNUsersRelationDefinition(), listener); 611 } 612 613 614 615 /** 616 * {@inheritDoc} 617 */ 618 public void addRootDNUserDeleteListener( 619 ConfigurationDeleteListener<RootDNUserCfg> listener) throws ConfigException { 620 impl.registerDeleteListener(INSTANCE.getRootDNUsersRelationDefinition(), listener); 621 } 622 623 624 625 /** 626 * {@inheritDoc} 627 */ 628 public void removeRootDNUserDeleteListener( 629 ConfigurationDeleteListener<RootDNUserCfg> listener) { 630 impl.deregisterDeleteListener(INSTANCE.getRootDNUsersRelationDefinition(), listener); 631 } 632 633 634 635 /** 636 * {@inheritDoc} 637 */ 638 public Class<? extends RootDNCfg> configurationClass() { 639 return RootDNCfg.class; 640 } 641 642 643 644 /** 645 * {@inheritDoc} 646 */ 647 public DN dn() { 648 return impl.getDN(); 649 } 650 651 } 652}