Search in sources :

Example 1 with GetEffectiveRightsRequestControl

use of com.unboundid.ldap.sdk.unboundidds.controls.GetEffectiveRightsRequestControl in project ldapsdk by pingidentity.

the class LDAPSearch method getSearchControls.

/**
 * Retrieves a list of the controls that should be used when processing search
 * operations.
 *
 * @return  A list of the controls that should be used when processing search
 *          operations.
 *
 * @throws  LDAPException  If a problem is encountered while generating the
 *                         controls for a search request.
 */
@NotNull()
private List<Control> getSearchControls() {
    final ArrayList<Control> controls = new ArrayList<>(10);
    if (searchControl.isPresent()) {
        controls.addAll(searchControl.getValues());
    }
    if (joinRequestControl != null) {
        controls.add(joinRequestControl);
    }
    if (matchedValuesRequestControl != null) {
        controls.add(matchedValuesRequestControl);
    }
    if (matchingEntryCountRequestControl != null) {
        controls.add(matchingEntryCountRequestControl);
    }
    if (overrideSearchLimitsRequestControl != null) {
        controls.add(overrideSearchLimitsRequestControl);
    }
    if (persistentSearchRequestControl != null) {
        controls.add(persistentSearchRequestControl);
    }
    if (sortRequestControl != null) {
        controls.add(sortRequestControl);
    }
    if (vlvRequestControl != null) {
        controls.add(vlvRequestControl);
    }
    controls.addAll(routeToBackendSetRequestControls);
    if (accountUsable.isPresent()) {
        controls.add(new AccountUsableRequestControl(true));
    }
    if (getBackendSetID.isPresent()) {
        controls.add(new GetBackendSetIDRequestControl(false));
    }
    if (getServerID.isPresent()) {
        controls.add(new GetServerIDRequestControl(false));
    }
    if (includeReplicationConflictEntries.isPresent()) {
        controls.add(new ReturnConflictEntriesRequestControl(true));
    }
    if (includeSoftDeletedEntries.isPresent()) {
        final String valueStr = StaticUtils.toLowerCase(includeSoftDeletedEntries.getValue());
        if (valueStr.equals("with-non-deleted-entries")) {
            controls.add(new SoftDeletedEntryAccessRequestControl(true, true, false));
        } else if (valueStr.equals("without-non-deleted-entries")) {
            controls.add(new SoftDeletedEntryAccessRequestControl(true, false, false));
        } else {
            controls.add(new SoftDeletedEntryAccessRequestControl(true, false, true));
        }
    }
    if (draftLDUPSubentries.isPresent()) {
        controls.add(new DraftLDUPSubentriesRequestControl(true));
    }
    if (rfc3672Subentries.isPresent()) {
        controls.add(new RFC3672SubentriesRequestControl(rfc3672Subentries.getValue()));
    }
    if (manageDsaIT.isPresent()) {
        controls.add(new ManageDsaITRequestControl(true));
    }
    if (realAttributesOnly.isPresent()) {
        controls.add(new RealAttributesOnlyRequestControl(true));
    }
    if (routeToServer.isPresent()) {
        controls.add(new RouteToServerRequestControl(false, routeToServer.getValue(), false, false, false));
    }
    if (virtualAttributesOnly.isPresent()) {
        controls.add(new VirtualAttributesOnlyRequestControl(true));
    }
    if (excludeBranch.isPresent()) {
        final ArrayList<String> dns = new ArrayList<>(excludeBranch.getValues().size());
        for (final DN dn : excludeBranch.getValues()) {
            dns.add(dn.toString());
        }
        controls.add(new ExcludeBranchRequestControl(true, dns));
    }
    if (assertionFilter.isPresent()) {
        controls.add(new AssertionRequestControl(assertionFilter.getValue(), true));
    }
    if (getEffectiveRightsAuthzID.isPresent()) {
        final String[] attributes;
        if (getEffectiveRightsAttribute.isPresent()) {
            attributes = new String[getEffectiveRightsAttribute.getValues().size()];
            for (int i = 0; i < attributes.length; i++) {
                attributes[i] = getEffectiveRightsAttribute.getValues().get(i);
            }
        } else {
            attributes = StaticUtils.NO_STRINGS;
        }
        controls.add(new GetEffectiveRightsRequestControl(true, getEffectiveRightsAuthzID.getValue(), attributes));
    }
    if (operationPurpose.isPresent()) {
        controls.add(new OperationPurposeRequestControl(true, "ldapsearch", Version.NUMERIC_VERSION_STRING, "LDAPSearch.getSearchControls", operationPurpose.getValue()));
    }
    if (proxyAs.isPresent()) {
        controls.add(new ProxiedAuthorizationV2RequestControl(proxyAs.getValue()));
    }
    if (proxyV1As.isPresent()) {
        controls.add(new ProxiedAuthorizationV1RequestControl(proxyV1As.getValue()));
    }
    if (suppressOperationalAttributeUpdates.isPresent()) {
        final EnumSet<SuppressType> suppressTypes = EnumSet.noneOf(SuppressType.class);
        for (final String s : suppressOperationalAttributeUpdates.getValues()) {
            if (s.equalsIgnoreCase("last-access-time")) {
                suppressTypes.add(SuppressType.LAST_ACCESS_TIME);
            } else if (s.equalsIgnoreCase("last-login-time")) {
                suppressTypes.add(SuppressType.LAST_LOGIN_TIME);
            } else if (s.equalsIgnoreCase("last-login-ip")) {
                suppressTypes.add(SuppressType.LAST_LOGIN_IP);
            }
        }
        controls.add(new SuppressOperationalAttributeUpdateRequestControl(suppressTypes));
    }
    if (rejectUnindexedSearch.isPresent()) {
        controls.add(new RejectUnindexedSearchRequestControl());
    }
    if (permitUnindexedSearch.isPresent()) {
        controls.add(new PermitUnindexedSearchRequestControl());
    }
    return controls;
}
Also used : RouteToServerRequestControl(com.unboundid.ldap.sdk.unboundidds.controls.RouteToServerRequestControl) ArrayList(java.util.ArrayList) ProxiedAuthorizationV2RequestControl(com.unboundid.ldap.sdk.controls.ProxiedAuthorizationV2RequestControl) JoinBaseDN(com.unboundid.ldap.sdk.unboundidds.controls.JoinBaseDN) DN(com.unboundid.ldap.sdk.DN) ASN1OctetString(com.unboundid.asn1.ASN1OctetString) GetEffectiveRightsRequestControl(com.unboundid.ldap.sdk.unboundidds.controls.GetEffectiveRightsRequestControl) VirtualListViewRequestControl(com.unboundid.ldap.sdk.controls.VirtualListViewRequestControl) RouteToServerRequestControl(com.unboundid.ldap.sdk.unboundidds.controls.RouteToServerRequestControl) RFC3672SubentriesRequestControl(com.unboundid.ldap.sdk.controls.RFC3672SubentriesRequestControl) SimplePagedResultsControl(com.unboundid.ldap.sdk.controls.SimplePagedResultsControl) MatchingEntryCountRequestControl(com.unboundid.ldap.sdk.unboundidds.controls.MatchingEntryCountRequestControl) MatchedValuesRequestControl(com.unboundid.ldap.sdk.controls.MatchedValuesRequestControl) VirtualAttributesOnlyRequestControl(com.unboundid.ldap.sdk.unboundidds.controls.VirtualAttributesOnlyRequestControl) AccountUsableRequestControl(com.unboundid.ldap.sdk.unboundidds.controls.AccountUsableRequestControl) OverrideSearchLimitsRequestControl(com.unboundid.ldap.sdk.unboundidds.controls.OverrideSearchLimitsRequestControl) SuppressOperationalAttributeUpdateRequestControl(com.unboundid.ldap.sdk.unboundidds.controls.SuppressOperationalAttributeUpdateRequestControl) ProxiedAuthorizationV1RequestControl(com.unboundid.ldap.sdk.controls.ProxiedAuthorizationV1RequestControl) OperationPurposeRequestControl(com.unboundid.ldap.sdk.unboundidds.controls.OperationPurposeRequestControl) SoftDeletedEntryAccessRequestControl(com.unboundid.ldap.sdk.unboundidds.controls.SoftDeletedEntryAccessRequestControl) JoinRequestControl(com.unboundid.ldap.sdk.unboundidds.controls.JoinRequestControl) ReturnConflictEntriesRequestControl(com.unboundid.ldap.sdk.unboundidds.controls.ReturnConflictEntriesRequestControl) GetRecentLoginHistoryRequestControl(com.unboundid.ldap.sdk.unboundidds.controls.GetRecentLoginHistoryRequestControl) PermitUnindexedSearchRequestControl(com.unboundid.ldap.sdk.unboundidds.controls.PermitUnindexedSearchRequestControl) RejectUnindexedSearchRequestControl(com.unboundid.ldap.sdk.unboundidds.controls.RejectUnindexedSearchRequestControl) AuthorizationIdentityRequestControl(com.unboundid.ldap.sdk.controls.AuthorizationIdentityRequestControl) Control(com.unboundid.ldap.sdk.Control) GetUserResourceLimitsRequestControl(com.unboundid.ldap.sdk.unboundidds.controls.GetUserResourceLimitsRequestControl) GetBackendSetIDRequestControl(com.unboundid.ldap.sdk.unboundidds.controls.GetBackendSetIDRequestControl) GetAuthorizationEntryRequestControl(com.unboundid.ldap.sdk.unboundidds.controls.GetAuthorizationEntryRequestControl) RealAttributesOnlyRequestControl(com.unboundid.ldap.sdk.unboundidds.controls.RealAttributesOnlyRequestControl) ExcludeBranchRequestControl(com.unboundid.ldap.sdk.unboundidds.controls.ExcludeBranchRequestControl) ProxiedAuthorizationV2RequestControl(com.unboundid.ldap.sdk.controls.ProxiedAuthorizationV2RequestControl) ServerSideSortRequestControl(com.unboundid.ldap.sdk.controls.ServerSideSortRequestControl) GetServerIDRequestControl(com.unboundid.ldap.sdk.unboundidds.controls.GetServerIDRequestControl) PasswordPolicyRequestControl(com.unboundid.ldap.sdk.unboundidds.controls.PasswordPolicyRequestControl) AssertionRequestControl(com.unboundid.ldap.sdk.controls.AssertionRequestControl) RouteToBackendSetRequestControl(com.unboundid.ldap.sdk.unboundidds.controls.RouteToBackendSetRequestControl) ManageDsaITRequestControl(com.unboundid.ldap.sdk.controls.ManageDsaITRequestControl) PersistentSearchRequestControl(com.unboundid.ldap.sdk.controls.PersistentSearchRequestControl) GetEffectiveRightsRequestControl(com.unboundid.ldap.sdk.unboundidds.controls.GetEffectiveRightsRequestControl) DraftLDUPSubentriesRequestControl(com.unboundid.ldap.sdk.controls.DraftLDUPSubentriesRequestControl) AssertionRequestControl(com.unboundid.ldap.sdk.controls.AssertionRequestControl) DraftLDUPSubentriesRequestControl(com.unboundid.ldap.sdk.controls.DraftLDUPSubentriesRequestControl) SoftDeletedEntryAccessRequestControl(com.unboundid.ldap.sdk.unboundidds.controls.SoftDeletedEntryAccessRequestControl) GetServerIDRequestControl(com.unboundid.ldap.sdk.unboundidds.controls.GetServerIDRequestControl) ManageDsaITRequestControl(com.unboundid.ldap.sdk.controls.ManageDsaITRequestControl) AccountUsableRequestControl(com.unboundid.ldap.sdk.unboundidds.controls.AccountUsableRequestControl) PermitUnindexedSearchRequestControl(com.unboundid.ldap.sdk.unboundidds.controls.PermitUnindexedSearchRequestControl) ReturnConflictEntriesRequestControl(com.unboundid.ldap.sdk.unboundidds.controls.ReturnConflictEntriesRequestControl) RealAttributesOnlyRequestControl(com.unboundid.ldap.sdk.unboundidds.controls.RealAttributesOnlyRequestControl) SuppressType(com.unboundid.ldap.sdk.unboundidds.controls.SuppressType) SuppressOperationalAttributeUpdateRequestControl(com.unboundid.ldap.sdk.unboundidds.controls.SuppressOperationalAttributeUpdateRequestControl) OperationPurposeRequestControl(com.unboundid.ldap.sdk.unboundidds.controls.OperationPurposeRequestControl) ProxiedAuthorizationV1RequestControl(com.unboundid.ldap.sdk.controls.ProxiedAuthorizationV1RequestControl) RFC3672SubentriesRequestControl(com.unboundid.ldap.sdk.controls.RFC3672SubentriesRequestControl) GetBackendSetIDRequestControl(com.unboundid.ldap.sdk.unboundidds.controls.GetBackendSetIDRequestControl) ExcludeBranchRequestControl(com.unboundid.ldap.sdk.unboundidds.controls.ExcludeBranchRequestControl) RejectUnindexedSearchRequestControl(com.unboundid.ldap.sdk.unboundidds.controls.RejectUnindexedSearchRequestControl) VirtualAttributesOnlyRequestControl(com.unboundid.ldap.sdk.unboundidds.controls.VirtualAttributesOnlyRequestControl) NotNull(com.unboundid.util.NotNull)

Example 2 with GetEffectiveRightsRequestControl

use of com.unboundid.ldap.sdk.unboundidds.controls.GetEffectiveRightsRequestControl in project ldapsdk by pingidentity.

the class DSEETestCase method testGetEffectiveRights.

/**
 * Tests the ability to use the get effective rights control against a Sun
 * DSEE instance.
 * <BR><BR>
 * Access to a Sun DSEE instance is required for complete processing.
 *
 * @throws  Exception  If an unexpected problem occurs.
 */
@Test()
public void testGetEffectiveRights() throws Exception {
    if (!available) {
        return;
    }
    LDAPConnection conn = getAdminDSEEConnection();
    try {
        LinkedList<Attribute> attrList = new LinkedList<Attribute>();
        attrList.addAll(Arrays.asList(getBaseEntryAttributes()));
        attrList.add(new Attribute("aci", "(targetattr=\"*\")(version 3.0; acl \"Admin Rights\"; allow " + "(all) userdn=\"ldap:///uid=admin," + getTestBaseDN() + "\";)", "(targetattr=\"*\")(version 3.0; acl \"Proxy Rights\"; allow " + "(proxy) userdn=\"ldap:///uid=proxy," + getTestBaseDN() + "\";)"));
        conn.add(getTestBaseDN(), attrList);
        conn.add("dn: uid=admin," + getTestBaseDN(), "objectClass: top", "objectClass: person", "objectClass: organizationalPerson", "objectClass: inetOrgPerson", "uid: admin", "givenName: Admin", "sn: User", "cn: Admin User", "userPassword: password");
        conn.add("dn: uid=proxy," + getTestBaseDN(), "objectClass: top", "objectClass: person", "objectClass: organizationalPerson", "objectClass: inetOrgPerson", "uid: proxy", "givenName: Proxy", "sn: User", "cn: Proxy User", "userPassword: password");
        conn.add("dn: ou=test," + getTestBaseDN(), "objectClass: top", "objectClass: organizationalUnit", "ou: test", "description: foo");
        // Test effective rights for the admin user without any attributes.
        SearchRequest searchRequest = new SearchRequest("ou=test," + getTestBaseDN(), SearchScope.BASE, "(objectClass=*)", "aclRights");
        searchRequest.addControl(new GetEffectiveRightsRequestControl("dn:uid=admin," + getTestBaseDN()));
        SearchResult searchResult = conn.search(searchRequest);
        assertEquals(searchResult.getResultCode(), ResultCode.SUCCESS);
        assertEquals(searchResult.getEntryCount(), 1);
        EffectiveRightsEntry e = new EffectiveRightsEntry(searchResult.getSearchEntries().get(0));
        assertNotNull(e);
        Set<EntryRight> entryRights = e.getEntryRights();
        assertTrue(entryRights.contains(EntryRight.ADD));
        assertTrue(entryRights.contains(EntryRight.DELETE));
        assertTrue(entryRights.contains(EntryRight.READ));
        assertTrue(entryRights.contains(EntryRight.WRITE));
        assertFalse(entryRights.contains(EntryRight.PROXY));
        // Test effective rights for the admin user with an attribute.
        searchRequest = new SearchRequest("ou=test," + getTestBaseDN(), SearchScope.BASE, "(objectClass=*)", "aclRights", "description");
        searchRequest.addControl(new GetEffectiveRightsRequestControl("dn:uid=admin," + getTestBaseDN(), "description"));
        searchResult = conn.search(searchRequest);
        assertEquals(searchResult.getResultCode(), ResultCode.SUCCESS);
        assertEquals(searchResult.getEntryCount(), 1);
        e = new EffectiveRightsEntry(searchResult.getSearchEntries().get(0));
        assertNotNull(e);
        entryRights = e.getEntryRights();
        assertTrue(entryRights.contains(EntryRight.ADD));
        assertTrue(entryRights.contains(EntryRight.DELETE));
        assertTrue(entryRights.contains(EntryRight.READ));
        assertTrue(entryRights.contains(EntryRight.WRITE));
        assertFalse(entryRights.contains(EntryRight.PROXY));
        Set<AttributeRight> attrRights = e.getAttributeRights("description");
        assertTrue(attrRights.contains(AttributeRight.READ));
        assertTrue(attrRights.contains(AttributeRight.SEARCH));
        assertTrue(attrRights.contains(AttributeRight.COMPARE));
        assertTrue(attrRights.contains(AttributeRight.WRITE));
        assertTrue(attrRights.contains(AttributeRight.SELFWRITE_ADD));
        assertFalse(attrRights.contains(AttributeRight.PROXY));
        // Test effective rights for the proxy user without any attributes.
        searchRequest = new SearchRequest("ou=test," + getTestBaseDN(), SearchScope.BASE, "(objectClass=*)", "aclRights");
        searchRequest.addControl(new GetEffectiveRightsRequestControl("dn:uid=proxy," + getTestBaseDN()));
        searchResult = conn.search(searchRequest);
        assertEquals(searchResult.getResultCode(), ResultCode.SUCCESS);
        assertEquals(searchResult.getEntryCount(), 1);
        e = new EffectiveRightsEntry(searchResult.getSearchEntries().get(0));
        assertNotNull(e);
        entryRights = e.getEntryRights();
        assertTrue(entryRights.contains(EntryRight.PROXY));
        // Test effective rights for the proxy user with an attribute.
        searchRequest = new SearchRequest("ou=test," + getTestBaseDN(), SearchScope.BASE, "(objectClass=*)", "aclRights", "description");
        searchRequest.addControl(new GetEffectiveRightsRequestControl("dn:uid=proxy," + getTestBaseDN(), "description"));
        searchResult = conn.search(searchRequest);
        assertEquals(searchResult.getResultCode(), ResultCode.SUCCESS);
        assertEquals(searchResult.getEntryCount(), 1);
        e = new EffectiveRightsEntry(searchResult.getSearchEntries().get(0));
        assertNotNull(e);
        entryRights = e.getEntryRights();
        assertTrue(entryRights.contains(EntryRight.PROXY));
        attrRights = e.getAttributeRights("description");
        assertTrue(attrRights.contains(AttributeRight.PROXY));
        conn.delete("uid=admin," + getTestBaseDN());
        conn.delete("uid=proxy," + getTestBaseDN());
        conn.delete("ou=test," + getTestBaseDN());
        conn.delete(getTestBaseDN());
    } finally {
        conn.close();
    }
}
Also used : AttributeRight(com.unboundid.ldap.sdk.unboundidds.controls.AttributeRight) EffectiveRightsEntry(com.unboundid.ldap.sdk.unboundidds.controls.EffectiveRightsEntry) EntryRight(com.unboundid.ldap.sdk.unboundidds.controls.EntryRight) GetEffectiveRightsRequestControl(com.unboundid.ldap.sdk.unboundidds.controls.GetEffectiveRightsRequestControl) LinkedList(java.util.LinkedList) Test(org.testng.annotations.Test)

Aggregations

GetEffectiveRightsRequestControl (com.unboundid.ldap.sdk.unboundidds.controls.GetEffectiveRightsRequestControl)2 ASN1OctetString (com.unboundid.asn1.ASN1OctetString)1 Control (com.unboundid.ldap.sdk.Control)1 DN (com.unboundid.ldap.sdk.DN)1 AssertionRequestControl (com.unboundid.ldap.sdk.controls.AssertionRequestControl)1 AuthorizationIdentityRequestControl (com.unboundid.ldap.sdk.controls.AuthorizationIdentityRequestControl)1 DraftLDUPSubentriesRequestControl (com.unboundid.ldap.sdk.controls.DraftLDUPSubentriesRequestControl)1 ManageDsaITRequestControl (com.unboundid.ldap.sdk.controls.ManageDsaITRequestControl)1 MatchedValuesRequestControl (com.unboundid.ldap.sdk.controls.MatchedValuesRequestControl)1 PersistentSearchRequestControl (com.unboundid.ldap.sdk.controls.PersistentSearchRequestControl)1 ProxiedAuthorizationV1RequestControl (com.unboundid.ldap.sdk.controls.ProxiedAuthorizationV1RequestControl)1 ProxiedAuthorizationV2RequestControl (com.unboundid.ldap.sdk.controls.ProxiedAuthorizationV2RequestControl)1 RFC3672SubentriesRequestControl (com.unboundid.ldap.sdk.controls.RFC3672SubentriesRequestControl)1 ServerSideSortRequestControl (com.unboundid.ldap.sdk.controls.ServerSideSortRequestControl)1 SimplePagedResultsControl (com.unboundid.ldap.sdk.controls.SimplePagedResultsControl)1 VirtualListViewRequestControl (com.unboundid.ldap.sdk.controls.VirtualListViewRequestControl)1 AccountUsableRequestControl (com.unboundid.ldap.sdk.unboundidds.controls.AccountUsableRequestControl)1 AttributeRight (com.unboundid.ldap.sdk.unboundidds.controls.AttributeRight)1 EffectiveRightsEntry (com.unboundid.ldap.sdk.unboundidds.controls.EffectiveRightsEntry)1 EntryRight (com.unboundid.ldap.sdk.unboundidds.controls.EntryRight)1