001/*
002* CDDL HEADER START
003 *
004 * The contents of this file are subject to the terms of the
005 * Common Development and Distribution License, Version 1.0 only
006 * (the "License").  You may not use this file except in compliance
007 * with the License.
008 *
009 * You can obtain a copy of the license at legal-notices/CDDLv1_0.txt
010 * or http://forgerock.org/license/CDDLv1.0.html.
011 * See the License for the specific language governing permissions
012 * and limitations under the License.
013 *
014 * When distributing Covered Code, include this CDDL HEADER in each
015 * file and include the License file at legal-notices/CDDLv1_0.txt.
016 * If applicable, add the following below this CDDL HEADER, with the
017 * fields enclosed by brackets "[]" replaced with your own identifying
018 * information:
019 *      Portions Copyright [yyyy] [name of copyright owner]
020 *
021 * CDDL HEADER END
022 *
023 *
024 *      Copyright 2008 Sun Microsystems, Inc.
025 *      Portions copyright 2013 ForgeRock AS.
026 */
027
028package org.forgerock.opendj.server.core;
029
030import java.net.InetSocketAddress;
031import java.util.Collection;
032
033import org.forgerock.opendj.ldap.Connection;
034import org.forgerock.opendj.ldap.Entry;
035import org.forgerock.opendj.ldap.RequestContext;
036import org.forgerock.opendj.ldap.requests.BindRequest;
037
038/**
039 * The context in which a request is to be processed.
040 * <p>
041 * Implementations may query the context in order to:
042 * <ul>
043 * <li>query the schema associated with the request (attribute types, decode
044 * DNs, etc)
045 * <li>perform internal operations
046 * <li>query information regarding client performing the request
047 * </ul>
048 * Context implementations take care of correctly routing internal requests.
049 * <p>
050 * In addition, the context acts as a transaction manager, coordinating any
051 * resources accessed during the processing of a request and any subsequent
052 * requests forming part of the same logical transaction.
053 * <p>
054 * FiXME: this interface should be split up into sub-components, such as network
055 * information (protocol, addresses), client information (auth ID, SSF,
056 * privileges).
057 */
058public interface Operation extends RequestContext, AttachmentHolder {
059    /**
060     * Retrieves the entry for the user that should be considered the
061     * authorization identity for this operation. In many cases, it will be the
062     * same as the authorization entry for the underlying client connection, or
063     * {@code null} if no authentication has been performed on that connection.
064     * However, it may be some other value if special processing has been
065     * requested (e.g., the operation included a proxied authorization control).
066     *
067     * @return The entry for the user that should be considered the
068     *         authorization identity for this operation, or {@code null} if the
069     *         authorization identity should be the unauthenticated user.
070     */
071    Entry getAuthorizationEntry();
072
073    /**
074     * Returns a connection for performing internal operations.
075     *
076     * @return A connection for performing internal operations.
077     */
078    Connection getConnection();
079
080    /**
081     * Retrieves the operation ID for this operation.
082     *
083     * @return The operation ID for this operation.
084     */
085    long getOperationID();
086
087    /**
088     * Indicates whether the authenticate client has all of the specified
089     * privileges.
090     *
091     * @param privileges
092     *            The array of privileges for which to make the determination.
093     * @return {@code true} if the authenticated client has all of the specified
094     *         privileges, or {@code false} if not.
095     */
096    boolean hasAllPrivileges(Collection<Privilege> privileges);
097
098    /**
099     * Indicates whether the authenticated client has the specified privilege.
100     *
101     * @param privilege
102     *            The privilege for which to make the determination.
103     * @return {@code true} if the authenticated client has the specified
104     *         privilege, or {@code false} if not.
105     */
106    boolean hasPrivilege(Privilege privilege);
107
108    /**
109     * Sets the entry for the user that should be considered the authorization
110     * identity for this operation.
111     *
112     * @param authorizationEntry
113     *            The entry for the user that should be considered the
114     *            authorization identity for this operation, or {@code null} if
115     *            it should be the unauthenticated user.
116     */
117    void setAuthorizationEntry(Entry authorizationEntry);
118
119    /**
120     * Retrieves the entry for the user as whom the client is authenticated.
121     *
122     * @return The entry for the user as whom the client is authenticated, or
123     *         {@code null} if the client is unauthenticated.
124     */
125    Entry getAuthenticationEntry();
126
127    /**
128     * Retrieves the last successful bind request from the client.
129     *
130     * @return The last successful bind request or {@code null} if the client
131     *         have not yet successfully bind.
132     */
133    BindRequest getBindRequest();
134
135    /**
136     * Retrieves the unique identifier that is assigned to the client connection
137     * that submitted this operation.
138     *
139     * @return The unique identifier that is assigned to the client connection
140     *         that submitted this operation.
141     */
142    long getConnectionID();
143
144    /**
145     * Returns the {@code InetSocketAddress} associated with the local system.
146     *
147     * @return The {@code InetSocketAddress} associated with the local system.
148     */
149    InetSocketAddress getLocalAddress();
150
151    /**
152     * Retrieves the default maximum number of entries that should checked for
153     * matches during a search.
154     *
155     * @return The default maximum number of entries that should checked for
156     *         matches during a search.
157     */
158    int getLookthroughLimit();
159
160    /**
161     * Returns the {@code InetSocketAddress} associated with the remote system.
162     *
163     * @return The {@code InetSocketAddress} associated with the remote system.
164     */
165    InetSocketAddress getPeerAddress();
166
167    /**
168     * Retrieves the protocol that the client is using to communicate with the
169     * Directory Server.
170     *
171     * @return The protocol that the client is using to communicate with the
172     *         Directory Server.
173     */
174    String getProtocol();
175
176    /**
177     * Returns the strongest cipher strength currently in use by the underlying
178     * connection.
179     *
180     * @return The strongest cipher strength currently in use by the underlying
181     *         connection.
182     */
183    int getSecurityStrengthFactor();
184
185    /**
186     * Retrieves the size limit that will be enforced for searches performed
187     * using this client connection.
188     *
189     * @return The size limit that will be enforced for searches performed using
190     *         this client connection.
191     */
192    int getSizeLimit();
193
194    /**
195     * Retrieves the time limit that will be enforced for searches performed
196     * using this client connection.
197     *
198     * @return The time limit that will be enforced for searches performed using
199     *         this client connection.
200     */
201    int getTimeLimit();
202}