001/* 002* CDDL HEADER START 003 * 004 * The contents of this file are subject to the terms of the 005 * Common Development and Distribution License, Version 1.0 only 006 * (the "License"). You may not use this file except in compliance 007 * with the License. 008 * 009 * You can obtain a copy of the license at legal-notices/CDDLv1_0.txt 010 * or http://forgerock.org/license/CDDLv1.0.html. 011 * See the License for the specific language governing permissions 012 * and limitations under the License. 013 * 014 * When distributing Covered Code, include this CDDL HEADER in each 015 * file and include the License file at legal-notices/CDDLv1_0.txt. 016 * If applicable, add the following below this CDDL HEADER, with the 017 * fields enclosed by brackets "[]" replaced with your own identifying 018 * information: 019 * Portions Copyright [yyyy] [name of copyright owner] 020 * 021 * CDDL HEADER END 022 * 023 * 024 * Copyright 2008 Sun Microsystems, Inc. 025 * Portions copyright 2013 ForgeRock AS. 026 */ 027 028package org.forgerock.opendj.server.core; 029 030import java.net.InetSocketAddress; 031import java.util.Collection; 032 033import org.forgerock.opendj.ldap.Connection; 034import org.forgerock.opendj.ldap.Entry; 035import org.forgerock.opendj.ldap.RequestContext; 036import org.forgerock.opendj.ldap.requests.BindRequest; 037 038/** 039 * The context in which a request is to be processed. 040 * <p> 041 * Implementations may query the context in order to: 042 * <ul> 043 * <li>query the schema associated with the request (attribute types, decode 044 * DNs, etc) 045 * <li>perform internal operations 046 * <li>query information regarding client performing the request 047 * </ul> 048 * Context implementations take care of correctly routing internal requests. 049 * <p> 050 * In addition, the context acts as a transaction manager, coordinating any 051 * resources accessed during the processing of a request and any subsequent 052 * requests forming part of the same logical transaction. 053 * <p> 054 * FiXME: this interface should be split up into sub-components, such as network 055 * information (protocol, addresses), client information (auth ID, SSF, 056 * privileges). 057 */ 058public interface Operation extends RequestContext, AttachmentHolder { 059 /** 060 * Retrieves the entry for the user that should be considered the 061 * authorization identity for this operation. In many cases, it will be the 062 * same as the authorization entry for the underlying client connection, or 063 * {@code null} if no authentication has been performed on that connection. 064 * However, it may be some other value if special processing has been 065 * requested (e.g., the operation included a proxied authorization control). 066 * 067 * @return The entry for the user that should be considered the 068 * authorization identity for this operation, or {@code null} if the 069 * authorization identity should be the unauthenticated user. 070 */ 071 Entry getAuthorizationEntry(); 072 073 /** 074 * Returns a connection for performing internal operations. 075 * 076 * @return A connection for performing internal operations. 077 */ 078 Connection getConnection(); 079 080 /** 081 * Retrieves the operation ID for this operation. 082 * 083 * @return The operation ID for this operation. 084 */ 085 long getOperationID(); 086 087 /** 088 * Indicates whether the authenticate client has all of the specified 089 * privileges. 090 * 091 * @param privileges 092 * The array of privileges for which to make the determination. 093 * @return {@code true} if the authenticated client has all of the specified 094 * privileges, or {@code false} if not. 095 */ 096 boolean hasAllPrivileges(Collection<Privilege> privileges); 097 098 /** 099 * Indicates whether the authenticated client has the specified privilege. 100 * 101 * @param privilege 102 * The privilege for which to make the determination. 103 * @return {@code true} if the authenticated client has the specified 104 * privilege, or {@code false} if not. 105 */ 106 boolean hasPrivilege(Privilege privilege); 107 108 /** 109 * Sets the entry for the user that should be considered the authorization 110 * identity for this operation. 111 * 112 * @param authorizationEntry 113 * The entry for the user that should be considered the 114 * authorization identity for this operation, or {@code null} if 115 * it should be the unauthenticated user. 116 */ 117 void setAuthorizationEntry(Entry authorizationEntry); 118 119 /** 120 * Retrieves the entry for the user as whom the client is authenticated. 121 * 122 * @return The entry for the user as whom the client is authenticated, or 123 * {@code null} if the client is unauthenticated. 124 */ 125 Entry getAuthenticationEntry(); 126 127 /** 128 * Retrieves the last successful bind request from the client. 129 * 130 * @return The last successful bind request or {@code null} if the client 131 * have not yet successfully bind. 132 */ 133 BindRequest getBindRequest(); 134 135 /** 136 * Retrieves the unique identifier that is assigned to the client connection 137 * that submitted this operation. 138 * 139 * @return The unique identifier that is assigned to the client connection 140 * that submitted this operation. 141 */ 142 long getConnectionID(); 143 144 /** 145 * Returns the {@code InetSocketAddress} associated with the local system. 146 * 147 * @return The {@code InetSocketAddress} associated with the local system. 148 */ 149 InetSocketAddress getLocalAddress(); 150 151 /** 152 * Retrieves the default maximum number of entries that should checked for 153 * matches during a search. 154 * 155 * @return The default maximum number of entries that should checked for 156 * matches during a search. 157 */ 158 int getLookthroughLimit(); 159 160 /** 161 * Returns the {@code InetSocketAddress} associated with the remote system. 162 * 163 * @return The {@code InetSocketAddress} associated with the remote system. 164 */ 165 InetSocketAddress getPeerAddress(); 166 167 /** 168 * Retrieves the protocol that the client is using to communicate with the 169 * Directory Server. 170 * 171 * @return The protocol that the client is using to communicate with the 172 * Directory Server. 173 */ 174 String getProtocol(); 175 176 /** 177 * Returns the strongest cipher strength currently in use by the underlying 178 * connection. 179 * 180 * @return The strongest cipher strength currently in use by the underlying 181 * connection. 182 */ 183 int getSecurityStrengthFactor(); 184 185 /** 186 * Retrieves the size limit that will be enforced for searches performed 187 * using this client connection. 188 * 189 * @return The size limit that will be enforced for searches performed using 190 * this client connection. 191 */ 192 int getSizeLimit(); 193 194 /** 195 * Retrieves the time limit that will be enforced for searches performed 196 * using this client connection. 197 * 198 * @return The time limit that will be enforced for searches performed using 199 * this client connection. 200 */ 201 int getTimeLimit(); 202}