001 /*
002 * CDDL HEADER START
003 *
004 * The contents of this file are subject to the terms of the
005 * Common Development and Distribution License, Version 1.0 only
006 * (the "License"). You may not use this file except in compliance
007 * with the License.
008 *
009 * You can obtain a copy of the license at
010 * trunk/opends/resource/legal-notices/OpenDS.LICENSE
011 * or https://OpenDS.dev.java.net/OpenDS.LICENSE.
012 * See the License for the specific language governing permissions
013 * and limitations under the License.
014 *
015 * When distributing Covered Code, include this CDDL HEADER in each
016 * file and include the License file at
017 * trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
018 * add the following below this CDDL HEADER, with the fields enclosed
019 * by brackets "[]" replaced with your own identifying information:
020 * Portions Copyright [yyyy] [name of copyright owner]
021 *
022 * CDDL HEADER END
023 *
024 *
025 * Copyright 2008 Sun Microsystems, Inc.
026 */
027
028 package org.opends.server.authorization.dseecompat;
029 import org.opends.messages.Message;
030
031 import static org.opends.messages.AccessControlMessages.*;
032 import org.opends.server.types.DirectoryException;
033 import org.opends.server.types.Entry;
034 import org.opends.server.types.SearchFilter;
035
036 /**
037 * This class represents a targetfilter keyword of an aci.
038 *
039 */
040 public class TargetFilter {
041
042 /*
043 * Enumeration representing the targetfilter operation.
044 */
045 private EnumTargetOperator op = EnumTargetOperator.EQUALITY;
046
047 /*
048 * Filter parsed from the ACI used to match the resource entry.
049 */
050 private SearchFilter filter;
051
052 /*
053 * Class representing a targetfilter keyword.
054 * @param op The operation of the targetfilter expression (=, !=)
055 * @param filter The filter itself.
056 */
057 private TargetFilter(EnumTargetOperator op, SearchFilter filter) {
058 this.op=op;
059 this.filter=filter;
060 }
061
062 /**
063 * Decode a aci's targetfilter string.
064 * @param op The operation enumeration of the expression.
065 * @param expr A string representing the target filter.
066 * @return A TargetFilter class suitable for using in a match.
067 * @throws AciException If the expression string is invalid.
068 */
069 public static TargetFilter decode(EnumTargetOperator op, String expr)
070 throws AciException {
071 SearchFilter filter;
072 try {
073 filter = SearchFilter.createFilterFromString(expr);
074 } catch (DirectoryException ex) {
075 Message message =
076 WARN_ACI_SYNTAX_INVALID_TARGETFILTERKEYWORD_EXPRESSION.
077 get(expr);
078 throw new AciException(message);
079 }
080 return new TargetFilter(op, filter);
081 }
082
083 /**
084 * Checks if a targetfilter matches an evaluation context.
085 * @param matchCtx The evaluation context to use in the matching.
086 * @return True if the target filter matched the context.
087 */
088 public boolean isApplicable(AciTargetMatchContext matchCtx) {
089 boolean ret;
090 ret=matchesFilter(matchCtx.getResourceEntry());
091 if(op.equals(EnumTargetOperator.NOT_EQUALITY))
092 ret = !ret;
093 return ret;
094 }
095
096 /**
097 * Checks the filter against an entry taken from the match context.
098 * @param e The entry from the evaluation context above.
099 * @return True if the filter matches the entry.
100 */
101 private boolean matchesFilter(Entry e) {
102 boolean ret;
103 try {
104 ret=filter.matchesEntry(e);
105 } catch (DirectoryException ex) {
106 //TODO information message?
107 return false;
108 }
109 return ret;
110 }
111 }