001 /*
002 * CDDL HEADER START
003 *
004 * The contents of this file are subject to the terms of the
005 * Common Development and Distribution License, Version 1.0 only
006 * (the "License"). You may not use this file except in compliance
007 * with the License.
008 *
009 * You can obtain a copy of the license at
010 * trunk/opends/resource/legal-notices/OpenDS.LICENSE
011 * or https://OpenDS.dev.java.net/OpenDS.LICENSE.
012 * See the License for the specific language governing permissions
013 * and limitations under the License.
014 *
015 * When distributing Covered Code, include this CDDL HEADER in each
016 * file and include the License file at
017 * trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
018 * add the following below this CDDL HEADER, with the fields enclosed
019 * by brackets "[]" replaced with your own identifying information:
020 * Portions Copyright [yyyy] [name of copyright owner]
021 *
022 * CDDL HEADER END
023 *
024 *
025 * Copyright 2008 Sun Microsystems, Inc.
026 */
027 package org.opends.server.types;
028
029
030
031 import java.util.HashMap;
032 import java.util.HashSet;
033 import java.util.Set;
034
035 import static org.opends.server.util.StaticUtils.*;
036
037
038
039 /**
040 * This class implements an enumeration that defines the set of
041 * privileges available in the Directory Server.
042 */
043 @org.opends.server.types.PublicAPI(
044 stability=org.opends.server.types.StabilityLevel.UNCOMMITTED,
045 mayInstantiate=false,
046 mayExtend=false,
047 mayInvoke=true)
048 public enum Privilege
049 {
050 /**
051 * The privilege that provides the ability to bypass access control
052 * evaluation.
053 */
054 BYPASS_ACL("bypass-acl"),
055
056
057
058 /**
059 * The privilege that provides the ability to modify access control
060 * rules.
061 */
062 MODIFY_ACL("modify-acl"),
063
064
065
066 /**
067 * The privilege that provides the ability to read the server
068 * configuration.
069 */
070 CONFIG_READ("config-read"),
071
072
073
074 /**
075 * The privilege that provides the ability to update the server
076 * configuration.
077 */
078 CONFIG_WRITE("config-write"),
079
080
081
082 /**
083 * The privilege that provides the ability to perform read
084 * operations via JMX.
085 */
086 JMX_READ("jmx-read"),
087
088
089
090 /**
091 * The privilege that provides the ability to perform write
092 * operations via JMX.
093 */
094 JMX_WRITE("jmx-write"),
095
096
097
098 /**
099 * The privilege that provides the ability to subscribe to JMX
100 * notifications.
101 */
102 JMX_NOTIFY("jmx-notify"),
103
104
105
106 /**
107 * The privilege that provides the ability to perform LDIF import
108 * operations.
109 */
110 LDIF_IMPORT("ldif-import"),
111
112
113
114 /**
115 * The privilege that provides the ability to perform LDIF export
116 * operations.
117 */
118 LDIF_EXPORT("ldif-export"),
119
120
121
122 /**
123 * The privilege that provides the ability to perform backend backup
124 * operations.
125 */
126 BACKEND_BACKUP("backend-backup"),
127
128
129
130 /**
131 * The privilege that provides the ability to perform backend
132 * restore operations.
133 */
134 BACKEND_RESTORE("backend-restore"),
135
136
137
138 /**
139 * The privilege that provides the ability to request a server
140 * shutdown.
141 */
142 SERVER_SHUTDOWN("server-shutdown"),
143
144
145
146 /**
147 * The privilege that provides the ability to request a server
148 * restart.
149 */
150 SERVER_RESTART("server-restart"),
151
152
153
154 /**
155 * The privilege that provides the ability to perform proxied
156 * authorization or request an alternate authorization identity.
157 */
158 PROXIED_AUTH("proxied-auth"),
159
160
161
162 /**
163 * The privilege that provides the ability to terminate arbitrary
164 * client connections.
165 */
166 DISCONNECT_CLIENT("disconnect-client"),
167
168
169
170 /**
171 * The privilege that provides the ability to cancel arbitrary
172 * client requests.
173 */
174 CANCEL_REQUEST("cancel-request"),
175
176
177
178 /**
179 * The privilege that provides the ability to reset user passwords.
180 */
181 PASSWORD_RESET("password-reset"),
182
183
184
185 /**
186 * The privilege that provides the ability to participate in a
187 * data synchronization environment.
188 */
189 DATA_SYNC("data-sync"),
190
191
192
193 /**
194 * The privilege that provides the ability to update the server
195 * schema.
196 */
197 UPDATE_SCHEMA("update-schema"),
198
199
200
201 /**
202 * The privilege that provides the ability to change the set of
203 * privileges for a user, or to change the set of privileges
204 * automatically assigned to a root user.
205 */
206 PRIVILEGE_CHANGE("privilege-change"),
207
208
209
210 /**
211 * The privilege that provides the ability to perform an unindexed
212 * search in the JE backend.
213 */
214 UNINDEXED_SEARCH("unindexed-search");
215
216
217
218 /**
219 * A map that will be used to hold a mapping between privilege names
220 * and enum values.
221 */
222 private static final HashMap<String,Privilege> PRIV_MAP =
223 new HashMap<String,Privilege>();
224
225
226
227 /**
228 * The set of privileges that will be automatically assigned to root
229 * users if the root privilege set is not specified in the
230 * configuration.
231 */
232 private static final HashSet<Privilege> DEFAULT_ROOT_PRIV_SET =
233 new HashSet<Privilege>();
234
235
236
237 /**
238 * The names of the available privileges defined in this class.
239 */
240 private static final HashSet<String> PRIV_NAMES =
241 new HashSet<String>();
242
243
244
245 // The human-readable name for this privilege.
246 private final String privilegeName;
247
248
249
250 static
251 {
252 PRIV_MAP.put("bypass-acl", BYPASS_ACL);
253 PRIV_MAP.put("modify-acl", MODIFY_ACL);
254 PRIV_MAP.put("config-read", CONFIG_READ);
255 PRIV_MAP.put("config-write", CONFIG_WRITE);
256 PRIV_MAP.put("jmx-read", JMX_READ);
257 PRIV_MAP.put("jmx-write", JMX_WRITE);
258 PRIV_MAP.put("jmx-notify", JMX_NOTIFY);
259 PRIV_MAP.put("ldif-import", LDIF_IMPORT);
260 PRIV_MAP.put("ldif-export", LDIF_EXPORT);
261 PRIV_MAP.put("backend-backup", BACKEND_BACKUP);
262 PRIV_MAP.put("backend-restore", BACKEND_RESTORE);
263 PRIV_MAP.put("server-shutdown", SERVER_SHUTDOWN);
264 PRIV_MAP.put("server-restart", SERVER_RESTART);
265 PRIV_MAP.put("proxied-auth", PROXIED_AUTH);
266 PRIV_MAP.put("disconnect-client", DISCONNECT_CLIENT);
267 PRIV_MAP.put("cancel-request", CANCEL_REQUEST);
268 PRIV_MAP.put("password-reset", PASSWORD_RESET);
269 PRIV_MAP.put("data-sync", DATA_SYNC);
270 PRIV_MAP.put("update-schema", UPDATE_SCHEMA);
271 PRIV_MAP.put("privilege-change", PRIVILEGE_CHANGE);
272 PRIV_MAP.put("unindexed-search", UNINDEXED_SEARCH);
273
274 PRIV_NAMES.add("bypass-acl");
275 PRIV_NAMES.add("modify-acl");
276 PRIV_NAMES.add("config-read");
277 PRIV_NAMES.add("config-write");
278 PRIV_NAMES.add("jmx-read");
279 PRIV_NAMES.add("jmx-write");
280 PRIV_NAMES.add("jmx-notify");
281 PRIV_NAMES.add("ldif-import");
282 PRIV_NAMES.add("ldif-export");
283 PRIV_NAMES.add("backend-backup");
284 PRIV_NAMES.add("backend-restore");
285 PRIV_NAMES.add("server-shutdown");
286 PRIV_NAMES.add("server-restart");
287 PRIV_NAMES.add("proxied-auth");
288 PRIV_NAMES.add("disconnect-client");
289 PRIV_NAMES.add("cancel-request");
290 PRIV_NAMES.add("password-reset");
291 PRIV_NAMES.add("data-sync");
292 PRIV_NAMES.add("update-schema");
293 PRIV_NAMES.add("privilege-change");
294 PRIV_NAMES.add("unindexed-search");
295
296 DEFAULT_ROOT_PRIV_SET.add(BYPASS_ACL);
297 DEFAULT_ROOT_PRIV_SET.add(MODIFY_ACL);
298 DEFAULT_ROOT_PRIV_SET.add(CONFIG_READ);
299 DEFAULT_ROOT_PRIV_SET.add(CONFIG_WRITE);
300 DEFAULT_ROOT_PRIV_SET.add(LDIF_IMPORT);
301 DEFAULT_ROOT_PRIV_SET.add(LDIF_EXPORT);
302 DEFAULT_ROOT_PRIV_SET.add(BACKEND_BACKUP);
303 DEFAULT_ROOT_PRIV_SET.add(BACKEND_RESTORE);
304 DEFAULT_ROOT_PRIV_SET.add(SERVER_SHUTDOWN);
305 DEFAULT_ROOT_PRIV_SET.add(SERVER_RESTART);
306 DEFAULT_ROOT_PRIV_SET.add(DISCONNECT_CLIENT);
307 DEFAULT_ROOT_PRIV_SET.add(CANCEL_REQUEST);
308 DEFAULT_ROOT_PRIV_SET.add(PASSWORD_RESET);
309 DEFAULT_ROOT_PRIV_SET.add(UPDATE_SCHEMA);
310 DEFAULT_ROOT_PRIV_SET.add(PRIVILEGE_CHANGE);
311 DEFAULT_ROOT_PRIV_SET.add(UNINDEXED_SEARCH);
312 }
313
314
315
316 /**
317 * Creates a new privilege with the provided name.
318 *
319 * @param privilegeName The human-readable name for this policy.
320 */
321 private Privilege(String privilegeName)
322 {
323 this.privilegeName = privilegeName;
324 }
325
326
327
328 /**
329 * Retrieves the name for this privilege.
330 *
331 * @return The name for this privilege.
332 */
333 public String getName()
334 {
335 return privilegeName;
336 }
337
338
339
340 /**
341 * Retrieves the privilege with the specified name.
342 *
343 * @param lowerPrivName The name of the privilege to retrieve,
344 * formatted in all lowercase characters.
345 *
346 * @return The requested privilege, or {@code null} if the provided
347 * value is not the name of a valid privilege.
348 */
349 public static Privilege privilegeForName(String lowerPrivName)
350 {
351 return PRIV_MAP.get(lowerPrivName);
352 }
353
354
355
356 /**
357 * Retrieves the human-readable name for this privilege.
358 *
359 * @return The human-readable name for this privilege.
360 */
361 public String toString()
362 {
363 return privilegeName;
364 }
365
366
367
368 /**
369 * Retrieves the set of available privilege names.
370 *
371 * @return The set of available privilege names.
372 */
373 public static Set<String> getPrivilegeNames()
374 {
375 return PRIV_NAMES;
376 }
377
378
379
380 /**
381 * Retrieves the set of privileges that should be automatically
382 * granted to root users if the root privilege set is not specified
383 * in the configuration.
384 *
385 * @return The set of privileges that should be automatically
386 * granted to root users if the root privilege set is not
387 * specified in the configuration.
388 */
389 public static Set<Privilege> getDefaultRootPrivileges()
390 {
391 return DEFAULT_ROOT_PRIV_SET;
392 }
393 }
394