use of com.unboundid.ldap.sdk.unboundidds.controls.GetEffectiveRightsRequestControl in project ldapsdk by pingidentity.
the class LDAPSearch method getSearchControls.
/**
* Retrieves a list of the controls that should be used when processing search
* operations.
*
* @return A list of the controls that should be used when processing search
* operations.
*
* @throws LDAPException If a problem is encountered while generating the
* controls for a search request.
*/
@NotNull()
private List<Control> getSearchControls() {
final ArrayList<Control> controls = new ArrayList<>(10);
if (searchControl.isPresent()) {
controls.addAll(searchControl.getValues());
}
if (joinRequestControl != null) {
controls.add(joinRequestControl);
}
if (matchedValuesRequestControl != null) {
controls.add(matchedValuesRequestControl);
}
if (matchingEntryCountRequestControl != null) {
controls.add(matchingEntryCountRequestControl);
}
if (overrideSearchLimitsRequestControl != null) {
controls.add(overrideSearchLimitsRequestControl);
}
if (persistentSearchRequestControl != null) {
controls.add(persistentSearchRequestControl);
}
if (sortRequestControl != null) {
controls.add(sortRequestControl);
}
if (vlvRequestControl != null) {
controls.add(vlvRequestControl);
}
controls.addAll(routeToBackendSetRequestControls);
if (accountUsable.isPresent()) {
controls.add(new AccountUsableRequestControl(true));
}
if (getBackendSetID.isPresent()) {
controls.add(new GetBackendSetIDRequestControl(false));
}
if (getServerID.isPresent()) {
controls.add(new GetServerIDRequestControl(false));
}
if (includeReplicationConflictEntries.isPresent()) {
controls.add(new ReturnConflictEntriesRequestControl(true));
}
if (includeSoftDeletedEntries.isPresent()) {
final String valueStr = StaticUtils.toLowerCase(includeSoftDeletedEntries.getValue());
if (valueStr.equals("with-non-deleted-entries")) {
controls.add(new SoftDeletedEntryAccessRequestControl(true, true, false));
} else if (valueStr.equals("without-non-deleted-entries")) {
controls.add(new SoftDeletedEntryAccessRequestControl(true, false, false));
} else {
controls.add(new SoftDeletedEntryAccessRequestControl(true, false, true));
}
}
if (draftLDUPSubentries.isPresent()) {
controls.add(new DraftLDUPSubentriesRequestControl(true));
}
if (rfc3672Subentries.isPresent()) {
controls.add(new RFC3672SubentriesRequestControl(rfc3672Subentries.getValue()));
}
if (manageDsaIT.isPresent()) {
controls.add(new ManageDsaITRequestControl(true));
}
if (realAttributesOnly.isPresent()) {
controls.add(new RealAttributesOnlyRequestControl(true));
}
if (routeToServer.isPresent()) {
controls.add(new RouteToServerRequestControl(false, routeToServer.getValue(), false, false, false));
}
if (virtualAttributesOnly.isPresent()) {
controls.add(new VirtualAttributesOnlyRequestControl(true));
}
if (excludeBranch.isPresent()) {
final ArrayList<String> dns = new ArrayList<>(excludeBranch.getValues().size());
for (final DN dn : excludeBranch.getValues()) {
dns.add(dn.toString());
}
controls.add(new ExcludeBranchRequestControl(true, dns));
}
if (assertionFilter.isPresent()) {
controls.add(new AssertionRequestControl(assertionFilter.getValue(), true));
}
if (getEffectiveRightsAuthzID.isPresent()) {
final String[] attributes;
if (getEffectiveRightsAttribute.isPresent()) {
attributes = new String[getEffectiveRightsAttribute.getValues().size()];
for (int i = 0; i < attributes.length; i++) {
attributes[i] = getEffectiveRightsAttribute.getValues().get(i);
}
} else {
attributes = StaticUtils.NO_STRINGS;
}
controls.add(new GetEffectiveRightsRequestControl(true, getEffectiveRightsAuthzID.getValue(), attributes));
}
if (operationPurpose.isPresent()) {
controls.add(new OperationPurposeRequestControl(true, "ldapsearch", Version.NUMERIC_VERSION_STRING, "LDAPSearch.getSearchControls", operationPurpose.getValue()));
}
if (proxyAs.isPresent()) {
controls.add(new ProxiedAuthorizationV2RequestControl(proxyAs.getValue()));
}
if (proxyV1As.isPresent()) {
controls.add(new ProxiedAuthorizationV1RequestControl(proxyV1As.getValue()));
}
if (suppressOperationalAttributeUpdates.isPresent()) {
final EnumSet<SuppressType> suppressTypes = EnumSet.noneOf(SuppressType.class);
for (final String s : suppressOperationalAttributeUpdates.getValues()) {
if (s.equalsIgnoreCase("last-access-time")) {
suppressTypes.add(SuppressType.LAST_ACCESS_TIME);
} else if (s.equalsIgnoreCase("last-login-time")) {
suppressTypes.add(SuppressType.LAST_LOGIN_TIME);
} else if (s.equalsIgnoreCase("last-login-ip")) {
suppressTypes.add(SuppressType.LAST_LOGIN_IP);
}
}
controls.add(new SuppressOperationalAttributeUpdateRequestControl(suppressTypes));
}
if (rejectUnindexedSearch.isPresent()) {
controls.add(new RejectUnindexedSearchRequestControl());
}
if (permitUnindexedSearch.isPresent()) {
controls.add(new PermitUnindexedSearchRequestControl());
}
return controls;
}
use of com.unboundid.ldap.sdk.unboundidds.controls.GetEffectiveRightsRequestControl in project ldapsdk by pingidentity.
the class DSEETestCase method testGetEffectiveRights.
/**
* Tests the ability to use the get effective rights control against a Sun
* DSEE instance.
* <BR><BR>
* Access to a Sun DSEE instance is required for complete processing.
*
* @throws Exception If an unexpected problem occurs.
*/
@Test()
public void testGetEffectiveRights() throws Exception {
if (!available) {
return;
}
LDAPConnection conn = getAdminDSEEConnection();
try {
LinkedList<Attribute> attrList = new LinkedList<Attribute>();
attrList.addAll(Arrays.asList(getBaseEntryAttributes()));
attrList.add(new Attribute("aci", "(targetattr=\"*\")(version 3.0; acl \"Admin Rights\"; allow " + "(all) userdn=\"ldap:///uid=admin," + getTestBaseDN() + "\";)", "(targetattr=\"*\")(version 3.0; acl \"Proxy Rights\"; allow " + "(proxy) userdn=\"ldap:///uid=proxy," + getTestBaseDN() + "\";)"));
conn.add(getTestBaseDN(), attrList);
conn.add("dn: uid=admin," + getTestBaseDN(), "objectClass: top", "objectClass: person", "objectClass: organizationalPerson", "objectClass: inetOrgPerson", "uid: admin", "givenName: Admin", "sn: User", "cn: Admin User", "userPassword: password");
conn.add("dn: uid=proxy," + getTestBaseDN(), "objectClass: top", "objectClass: person", "objectClass: organizationalPerson", "objectClass: inetOrgPerson", "uid: proxy", "givenName: Proxy", "sn: User", "cn: Proxy User", "userPassword: password");
conn.add("dn: ou=test," + getTestBaseDN(), "objectClass: top", "objectClass: organizationalUnit", "ou: test", "description: foo");
// Test effective rights for the admin user without any attributes.
SearchRequest searchRequest = new SearchRequest("ou=test," + getTestBaseDN(), SearchScope.BASE, "(objectClass=*)", "aclRights");
searchRequest.addControl(new GetEffectiveRightsRequestControl("dn:uid=admin," + getTestBaseDN()));
SearchResult searchResult = conn.search(searchRequest);
assertEquals(searchResult.getResultCode(), ResultCode.SUCCESS);
assertEquals(searchResult.getEntryCount(), 1);
EffectiveRightsEntry e = new EffectiveRightsEntry(searchResult.getSearchEntries().get(0));
assertNotNull(e);
Set<EntryRight> entryRights = e.getEntryRights();
assertTrue(entryRights.contains(EntryRight.ADD));
assertTrue(entryRights.contains(EntryRight.DELETE));
assertTrue(entryRights.contains(EntryRight.READ));
assertTrue(entryRights.contains(EntryRight.WRITE));
assertFalse(entryRights.contains(EntryRight.PROXY));
// Test effective rights for the admin user with an attribute.
searchRequest = new SearchRequest("ou=test," + getTestBaseDN(), SearchScope.BASE, "(objectClass=*)", "aclRights", "description");
searchRequest.addControl(new GetEffectiveRightsRequestControl("dn:uid=admin," + getTestBaseDN(), "description"));
searchResult = conn.search(searchRequest);
assertEquals(searchResult.getResultCode(), ResultCode.SUCCESS);
assertEquals(searchResult.getEntryCount(), 1);
e = new EffectiveRightsEntry(searchResult.getSearchEntries().get(0));
assertNotNull(e);
entryRights = e.getEntryRights();
assertTrue(entryRights.contains(EntryRight.ADD));
assertTrue(entryRights.contains(EntryRight.DELETE));
assertTrue(entryRights.contains(EntryRight.READ));
assertTrue(entryRights.contains(EntryRight.WRITE));
assertFalse(entryRights.contains(EntryRight.PROXY));
Set<AttributeRight> attrRights = e.getAttributeRights("description");
assertTrue(attrRights.contains(AttributeRight.READ));
assertTrue(attrRights.contains(AttributeRight.SEARCH));
assertTrue(attrRights.contains(AttributeRight.COMPARE));
assertTrue(attrRights.contains(AttributeRight.WRITE));
assertTrue(attrRights.contains(AttributeRight.SELFWRITE_ADD));
assertFalse(attrRights.contains(AttributeRight.PROXY));
// Test effective rights for the proxy user without any attributes.
searchRequest = new SearchRequest("ou=test," + getTestBaseDN(), SearchScope.BASE, "(objectClass=*)", "aclRights");
searchRequest.addControl(new GetEffectiveRightsRequestControl("dn:uid=proxy," + getTestBaseDN()));
searchResult = conn.search(searchRequest);
assertEquals(searchResult.getResultCode(), ResultCode.SUCCESS);
assertEquals(searchResult.getEntryCount(), 1);
e = new EffectiveRightsEntry(searchResult.getSearchEntries().get(0));
assertNotNull(e);
entryRights = e.getEntryRights();
assertTrue(entryRights.contains(EntryRight.PROXY));
// Test effective rights for the proxy user with an attribute.
searchRequest = new SearchRequest("ou=test," + getTestBaseDN(), SearchScope.BASE, "(objectClass=*)", "aclRights", "description");
searchRequest.addControl(new GetEffectiveRightsRequestControl("dn:uid=proxy," + getTestBaseDN(), "description"));
searchResult = conn.search(searchRequest);
assertEquals(searchResult.getResultCode(), ResultCode.SUCCESS);
assertEquals(searchResult.getEntryCount(), 1);
e = new EffectiveRightsEntry(searchResult.getSearchEntries().get(0));
assertNotNull(e);
entryRights = e.getEntryRights();
assertTrue(entryRights.contains(EntryRight.PROXY));
attrRights = e.getAttributeRights("description");
assertTrue(attrRights.contains(AttributeRight.PROXY));
conn.delete("uid=admin," + getTestBaseDN());
conn.delete("uid=proxy," + getTestBaseDN());
conn.delete("ou=test," + getTestBaseDN());
conn.delete(getTestBaseDN());
} finally {
conn.close();
}
}
Aggregations