001/*
002 * CDDL HEADER START
003 *
004 * The contents of this file are subject to the terms of the
005 * Common Development and Distribution License, Version 1.0 only
006 * (the "License").  You may not use this file except in compliance
007 * with the License.
008 *
009 * You can obtain a copy of the license at legal-notices/CDDLv1_0.txt
010 * or http://forgerock.org/license/CDDLv1.0.html.
011 * See the License for the specific language governing permissions
012 * and limitations under the License.
013 *
014 * When distributing Covered Code, include this CDDL HEADER in each
015 * file and include the License file at legal-notices/CDDLv1_0.txt.
016 * If applicable, add the following below this CDDL HEADER, with the
017 * fields enclosed by brackets "[]" replaced with your own identifying
018 * information:
019 *      Portions Copyright [yyyy] [name of copyright owner]
020 *
021 * CDDL HEADER END
022 *
023 *
024 *      Copyright 2008 Sun Microsystems, Inc.
025 */
026package org.forgerock.opendj.server.config.meta;
027
028
029
030import java.util.Collection;
031import java.util.SortedSet;
032import org.forgerock.opendj.config.AdministratorAction;
033import org.forgerock.opendj.config.client.ConcurrentModificationException;
034import org.forgerock.opendj.config.client.IllegalManagedObjectNameException;
035import org.forgerock.opendj.config.client.ManagedObject;
036import org.forgerock.opendj.config.client.ManagedObjectDecodingException;
037import org.forgerock.opendj.config.client.MissingMandatoryPropertiesException;
038import org.forgerock.opendj.config.client.OperationRejectedException;
039import org.forgerock.opendj.config.DefaultBehaviorProvider;
040import org.forgerock.opendj.config.DefinedDefaultBehaviorProvider;
041import org.forgerock.opendj.config.DefinitionDecodingException;
042import org.forgerock.opendj.config.EnumPropertyDefinition;
043import org.forgerock.opendj.config.InstantiableRelationDefinition;
044import org.forgerock.opendj.config.ManagedObjectAlreadyExistsException;
045import org.forgerock.opendj.config.ManagedObjectDefinition;
046import org.forgerock.opendj.config.ManagedObjectNotFoundException;
047import org.forgerock.opendj.config.PropertyException;
048import org.forgerock.opendj.config.PropertyOption;
049import org.forgerock.opendj.config.PropertyProvider;
050import org.forgerock.opendj.config.RelationOption;
051import org.forgerock.opendj.config.server.ConfigException;
052import org.forgerock.opendj.config.server.ConfigurationAddListener;
053import org.forgerock.opendj.config.server.ConfigurationChangeListener;
054import org.forgerock.opendj.config.server.ConfigurationDeleteListener;
055import org.forgerock.opendj.config.server.ServerManagedObject;
056import org.forgerock.opendj.config.Tag;
057import org.forgerock.opendj.config.TopCfgDefn;
058import org.forgerock.opendj.ldap.DN;
059import org.forgerock.opendj.ldap.LdapException;
060import org.forgerock.opendj.server.config.client.RootDNCfgClient;
061import org.forgerock.opendj.server.config.client.RootDNUserCfgClient;
062import org.forgerock.opendj.server.config.server.RootDNCfg;
063import org.forgerock.opendj.server.config.server.RootDNUserCfg;
064
065
066
067/**
068 * An interface for querying the Root DN managed object definition
069 * meta information.
070 * <p>
071 * The Root DN configuration contains all the Root DN Users defined in
072 * the directory server. In addition, it also defines the default set
073 * of privileges that Root DN Users automatically inherit.
074 */
075public final class RootDNCfgDefn extends ManagedObjectDefinition<RootDNCfgClient, RootDNCfg> {
076
077  // The singleton configuration definition instance.
078  private static final RootDNCfgDefn INSTANCE = new RootDNCfgDefn();
079
080
081
082  /**
083   * Defines the set of permissable values for the "default-root-privilege-name" property.
084   * <p>
085   * Specifies the names of the privileges that root users will be
086   * granted by default.
087   */
088  public static enum DefaultRootPrivilegeName {
089
090    /**
091     * Allows the user to request that the server process backup
092     * tasks.
093     */
094    BACKEND_BACKUP("backend-backup"),
095
096
097
098    /**
099     * Allows the user to request that the server process restore
100     * tasks.
101     */
102    BACKEND_RESTORE("backend-restore"),
103
104
105
106    /**
107     * Allows the associated user to bypass access control checks
108     * performed by the server.
109     */
110    BYPASS_ACL("bypass-acl"),
111
112
113
114    /**
115     * Allows the associated user to bypass server lockdown mode.
116     */
117    BYPASS_LOCKDOWN("bypass-lockdown"),
118
119
120
121    /**
122     * Allows the user to cancel operations in progress on other
123     * client connections.
124     */
125    CANCEL_REQUEST("cancel-request"),
126
127
128
129    /**
130     * Allows the user to perform read operations on the changelog
131     */
132    CHANGELOG_READ("changelog-read"),
133
134
135
136    /**
137     * Allows the associated user to read the server configuration.
138     */
139    CONFIG_READ("config-read"),
140
141
142
143    /**
144     * Allows the associated user to update the server configuration.
145     * The config-read privilege is also required.
146     */
147    CONFIG_WRITE("config-write"),
148
149
150
151    /**
152     * Allows the user to participate in data synchronization.
153     */
154    DATA_SYNC("data-sync"),
155
156
157
158    /**
159     * Allows the user to terminate other client connections.
160     */
161    DISCONNECT_CLIENT("disconnect-client"),
162
163
164
165    /**
166     * Allows the associated user to subscribe to receive JMX
167     * notifications.
168     */
169    JMX_NOTIFY("jmx-notify"),
170
171
172
173    /**
174     * Allows the associated user to perform JMX read operations.
175     */
176    JMX_READ("jmx-read"),
177
178
179
180    /**
181     * Allows the associated user to perform JMX write operations.
182     */
183    JMX_WRITE("jmx-write"),
184
185
186
187    /**
188     * Allows the user to request that the server process LDIF export
189     * tasks.
190     */
191    LDIF_EXPORT("ldif-export"),
192
193
194
195    /**
196     * Allows the user to request that the server process LDIF import
197     * tasks.
198     */
199    LDIF_IMPORT("ldif-import"),
200
201
202
203    /**
204     * Allows the associated user to modify the server's access
205     * control configuration.
206     */
207    MODIFY_ACL("modify-acl"),
208
209
210
211    /**
212     * Allows the user to reset user passwords.
213     */
214    PASSWORD_RESET("password-reset"),
215
216
217
218    /**
219     * Allows the user to make changes to the set of defined root
220     * privileges, as well as to grant and revoke privileges for users.
221     */
222    PRIVILEGE_CHANGE("privilege-change"),
223
224
225
226    /**
227     * Allows the user to use the proxied authorization control, or to
228     * perform a bind that specifies an alternate authorization
229     * identity.
230     */
231    PROXIED_AUTH("proxied-auth"),
232
233
234
235    /**
236     * Allows the user to place and bring the server of lockdown mode.
237     */
238    SERVER_LOCKDOWN("server-lockdown"),
239
240
241
242    /**
243     * Allows the user to request that the server perform an in-core
244     * restart.
245     */
246    SERVER_RESTART("server-restart"),
247
248
249
250    /**
251     * Allows the user to request that the server shut down.
252     */
253    SERVER_SHUTDOWN("server-shutdown"),
254
255
256
257    /**
258     * Allows the associated user to perform LDAP subentry write
259     * operations.
260     */
261    SUBENTRY_WRITE("subentry-write"),
262
263
264
265    /**
266     * Allows the user to request that the server process a search
267     * that cannot be optimized using server indexes.
268     */
269    UNINDEXED_SEARCH("unindexed-search"),
270
271
272
273    /**
274     * Allows the user to make changes to the server schema.
275     */
276    UPDATE_SCHEMA("update-schema");
277
278
279
280    // String representation of the value.
281    private final String name;
282
283
284
285    // Private constructor.
286    private DefaultRootPrivilegeName(String name) { this.name = name; }
287
288
289
290    /**
291     * {@inheritDoc}
292     */
293    public String toString() { return name; }
294
295  }
296
297
298
299  // The "default-root-privilege-name" property definition.
300  private static final EnumPropertyDefinition<DefaultRootPrivilegeName> PD_DEFAULT_ROOT_PRIVILEGE_NAME;
301
302
303
304  // The "root-dn-users" relation definition.
305  private static final InstantiableRelationDefinition<RootDNUserCfgClient, RootDNUserCfg> RD_ROOT_DN_USERS;
306
307
308
309  // Build the "default-root-privilege-name" property definition.
310  static {
311      EnumPropertyDefinition.Builder<DefaultRootPrivilegeName> builder = EnumPropertyDefinition.createBuilder(INSTANCE, "default-root-privilege-name");
312      builder.setOption(PropertyOption.MULTI_VALUED);
313      builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "default-root-privilege-name"));
314      DefaultBehaviorProvider<DefaultRootPrivilegeName> provider = new DefinedDefaultBehaviorProvider<DefaultRootPrivilegeName>("bypass-lockdown", "bypass-acl", "modify-acl", "config-read", "config-write", "ldif-import", "ldif-export", "backend-backup", "backend-restore", "server-lockdown", "server-shutdown", "server-restart", "disconnect-client", "cancel-request", "password-reset", "update-schema", "privilege-change", "unindexed-search", "subentry-write", "changelog-read");
315      builder.setDefaultBehaviorProvider(provider);
316      builder.setEnumClass(DefaultRootPrivilegeName.class);
317      PD_DEFAULT_ROOT_PRIVILEGE_NAME = builder.getInstance();
318      INSTANCE.registerPropertyDefinition(PD_DEFAULT_ROOT_PRIVILEGE_NAME);
319  }
320
321
322
323  // Build the "root-dn-users" relation definition.
324  static {
325    InstantiableRelationDefinition.Builder<RootDNUserCfgClient, RootDNUserCfg> builder =
326      new InstantiableRelationDefinition.Builder<RootDNUserCfgClient, RootDNUserCfg>(INSTANCE, "root-dn-user", "root-dn-users", RootDNUserCfgDefn.getInstance());
327    builder.setOption(RelationOption.HIDDEN);
328    RD_ROOT_DN_USERS = builder.getInstance();
329    INSTANCE.registerRelationDefinition(RD_ROOT_DN_USERS);
330  }
331
332
333
334  // Register the tags associated with this managed object definition.
335  static {
336    INSTANCE.registerTag(Tag.valueOf("core-server"));
337  }
338
339
340
341  /**
342   * Get the Root DN configuration definition singleton.
343   *
344   * @return Returns the Root DN configuration definition singleton.
345   */
346  public static RootDNCfgDefn getInstance() {
347    return INSTANCE;
348  }
349
350
351
352  /**
353   * Private constructor.
354   */
355  private RootDNCfgDefn() {
356    super("root-dn", TopCfgDefn.getInstance());
357  }
358
359
360
361  /**
362   * {@inheritDoc}
363   */
364  public RootDNCfgClient createClientConfiguration(
365      ManagedObject<? extends RootDNCfgClient> impl) {
366    return new RootDNCfgClientImpl(impl);
367  }
368
369
370
371  /**
372   * {@inheritDoc}
373   */
374  public RootDNCfg createServerConfiguration(
375      ServerManagedObject<? extends RootDNCfg> impl) {
376    return new RootDNCfgServerImpl(impl);
377  }
378
379
380
381  /**
382   * {@inheritDoc}
383   */
384  public Class<RootDNCfg> getServerConfigurationClass() {
385    return RootDNCfg.class;
386  }
387
388
389
390  /**
391   * Get the "default-root-privilege-name" property definition.
392   * <p>
393   * Specifies the names of the privileges that root users will be
394   * granted by default.
395   *
396   * @return Returns the "default-root-privilege-name" property definition.
397   */
398  public EnumPropertyDefinition<DefaultRootPrivilegeName> getDefaultRootPrivilegeNamePropertyDefinition() {
399    return PD_DEFAULT_ROOT_PRIVILEGE_NAME;
400  }
401
402
403
404  /**
405   * Get the "root-dn-users" relation definition.
406   *
407   * @return Returns the "root-dn-users" relation definition.
408   */
409  public InstantiableRelationDefinition<RootDNUserCfgClient,RootDNUserCfg> getRootDNUsersRelationDefinition() {
410    return RD_ROOT_DN_USERS;
411  }
412
413
414
415  /**
416   * Managed object client implementation.
417   */
418  private static class RootDNCfgClientImpl implements
419    RootDNCfgClient {
420
421    // Private implementation.
422    private ManagedObject<? extends RootDNCfgClient> impl;
423
424
425
426    // Private constructor.
427    private RootDNCfgClientImpl(
428        ManagedObject<? extends RootDNCfgClient> impl) {
429      this.impl = impl;
430    }
431
432
433
434    /**
435     * {@inheritDoc}
436     */
437    public SortedSet<DefaultRootPrivilegeName> getDefaultRootPrivilegeName() {
438      return impl.getPropertyValues(INSTANCE.getDefaultRootPrivilegeNamePropertyDefinition());
439    }
440
441
442
443    /**
444     * {@inheritDoc}
445     */
446    public void setDefaultRootPrivilegeName(Collection<DefaultRootPrivilegeName> values) {
447      impl.setPropertyValues(INSTANCE.getDefaultRootPrivilegeNamePropertyDefinition(), values);
448    }
449
450
451
452    /**
453     * {@inheritDoc}
454     */
455    public String[] listRootDNUsers() throws ConcurrentModificationException,
456        LdapException {
457      return impl.listChildren(INSTANCE.getRootDNUsersRelationDefinition());
458    }
459
460
461
462    /**
463     * {@inheritDoc}
464     */
465    public RootDNUserCfgClient getRootDNUser(String name)
466        throws DefinitionDecodingException, ManagedObjectDecodingException,
467        ManagedObjectNotFoundException, ConcurrentModificationException,
468        LdapException {
469      return impl.getChild(INSTANCE.getRootDNUsersRelationDefinition(), name).getConfiguration();
470    }
471
472
473
474    /**
475     * {@inheritDoc}
476     */
477    public <M extends RootDNUserCfgClient> M createRootDNUser(
478        ManagedObjectDefinition<M, ? extends RootDNUserCfg> d, String name, Collection<PropertyException> exceptions) throws IllegalManagedObjectNameException {
479      return impl.createChild(INSTANCE.getRootDNUsersRelationDefinition(), d, name, exceptions).getConfiguration();
480    }
481
482
483
484    /**
485     * {@inheritDoc}
486     */
487    public void removeRootDNUser(String name)
488        throws ManagedObjectNotFoundException, ConcurrentModificationException,
489        OperationRejectedException, LdapException {
490      impl.removeChild(INSTANCE.getRootDNUsersRelationDefinition(), name);
491    }
492
493
494
495    /**
496     * {@inheritDoc}
497     */
498    public ManagedObjectDefinition<? extends RootDNCfgClient, ? extends RootDNCfg> definition() {
499      return INSTANCE;
500    }
501
502
503
504    /**
505     * {@inheritDoc}
506     */
507    public PropertyProvider properties() {
508      return impl;
509    }
510
511
512
513    /**
514     * {@inheritDoc}
515     */
516    public void commit() throws ManagedObjectAlreadyExistsException,
517        MissingMandatoryPropertiesException, ConcurrentModificationException,
518        OperationRejectedException, LdapException {
519      impl.commit();
520    }
521
522  }
523
524
525
526  /**
527   * Managed object server implementation.
528   */
529  private static class RootDNCfgServerImpl implements
530    RootDNCfg {
531
532    // Private implementation.
533    private ServerManagedObject<? extends RootDNCfg> impl;
534
535    // The value of the "default-root-privilege-name" property.
536    private final SortedSet<DefaultRootPrivilegeName> pDefaultRootPrivilegeName;
537
538
539
540    // Private constructor.
541    private RootDNCfgServerImpl(ServerManagedObject<? extends RootDNCfg> impl) {
542      this.impl = impl;
543      this.pDefaultRootPrivilegeName = impl.getPropertyValues(INSTANCE.getDefaultRootPrivilegeNamePropertyDefinition());
544    }
545
546
547
548    /**
549     * {@inheritDoc}
550     */
551    public void addChangeListener(
552        ConfigurationChangeListener<RootDNCfg> listener) {
553      impl.registerChangeListener(listener);
554    }
555
556
557
558    /**
559     * {@inheritDoc}
560     */
561    public void removeChangeListener(
562        ConfigurationChangeListener<RootDNCfg> listener) {
563      impl.deregisterChangeListener(listener);
564    }
565
566
567
568    /**
569     * {@inheritDoc}
570     */
571    public SortedSet<DefaultRootPrivilegeName> getDefaultRootPrivilegeName() {
572      return pDefaultRootPrivilegeName;
573    }
574
575
576
577    /**
578     * {@inheritDoc}
579     */
580    public String[] listRootDNUsers() {
581      return impl.listChildren(INSTANCE.getRootDNUsersRelationDefinition());
582    }
583
584
585
586    /**
587     * {@inheritDoc}
588     */
589    public RootDNUserCfg getRootDNUser(String name) throws ConfigException {
590      return impl.getChild(INSTANCE.getRootDNUsersRelationDefinition(), name).getConfiguration();
591    }
592
593
594
595    /**
596     * {@inheritDoc}
597     */
598    public void addRootDNUserAddListener(
599        ConfigurationAddListener<RootDNUserCfg> listener) throws ConfigException {
600      impl.registerAddListener(INSTANCE.getRootDNUsersRelationDefinition(), listener);
601    }
602
603
604
605    /**
606     * {@inheritDoc}
607     */
608    public void removeRootDNUserAddListener(
609        ConfigurationAddListener<RootDNUserCfg> listener) {
610      impl.deregisterAddListener(INSTANCE.getRootDNUsersRelationDefinition(), listener);
611    }
612
613
614
615    /**
616     * {@inheritDoc}
617     */
618    public void addRootDNUserDeleteListener(
619        ConfigurationDeleteListener<RootDNUserCfg> listener) throws ConfigException {
620      impl.registerDeleteListener(INSTANCE.getRootDNUsersRelationDefinition(), listener);
621    }
622
623
624
625    /**
626     * {@inheritDoc}
627     */
628    public void removeRootDNUserDeleteListener(
629        ConfigurationDeleteListener<RootDNUserCfg> listener) {
630      impl.deregisterDeleteListener(INSTANCE.getRootDNUsersRelationDefinition(), listener);
631    }
632
633
634
635    /**
636     * {@inheritDoc}
637     */
638    public Class<? extends RootDNCfg> configurationClass() {
639      return RootDNCfg.class;
640    }
641
642
643
644    /**
645     * {@inheritDoc}
646     */
647    public DN dn() {
648      return impl.getDN();
649    }
650
651  }
652}