/*
* CDDL HEADER START
*
* The contents of this file are subject to the terms of the
* Common Development and Distribution License, Version 1.0 only
* (the "License"). You may not use this file except in compliance
* with the License.
*
* You can obtain a copy of the license at legal-notices/CDDLv1_0.txt
* or http://forgerock.org/license/CDDLv1.0.html.
* See the License for the specific language governing permissions
* and limitations under the License.
*
* When distributing Covered Code, include this CDDL HEADER in each
* file and include the License file at legal-notices/CDDLv1_0.txt.
* If applicable, add the following below this CDDL HEADER, with the
* fields enclosed by brackets "[]" replaced with your own identifying
* information:
* Portions Copyright [yyyy] [name of copyright owner]
*
* CDDL HEADER END
*
*
* Copyright 2008-2010 Sun Microsystems, Inc.
* Portions Copyright 2014-2015 ForgeRock AS
*/
package org.opends.server.extensions;
import java.util.Collections;
import java.util.Iterator;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Set;
import org.forgerock.i18n.LocalizableMessage;
import org.opends.server.admin.std.server.DynamicGroupImplementationCfg;
import org.opends.server.api.Group;
import org.opends.server.core.DirectoryServer;
import org.opends.server.core.ServerContext;
import org.forgerock.opendj.config.server.ConfigException;
import org.forgerock.i18n.slf4j.LocalizedLogger;
import org.opends.server.types.Attribute;
import org.opends.server.types.AttributeType;
import org.forgerock.opendj.ldap.ByteString;
import org.opends.server.types.DirectoryConfig;
import org.opends.server.types.DirectoryException;
import org.opends.server.types.DN;
import org.opends.server.types.Entry;
import org.opends.server.types.InitializationException;
import org.opends.server.types.LDAPURL;
import org.opends.server.types.MemberList;
import org.opends.server.types.ObjectClass;
import org.opends.server.types.SearchFilter;
import org.forgerock.opendj.ldap.SearchScope;
import static org.opends.messages.ExtensionMessages.*;
import static org.opends.server.config.ConfigConstants.*;
import static org.opends.server.util.ServerConstants.*;
import static org.forgerock.util.Reject.*;
/**
* This class provides a dynamic group implementation, in which
* membership is determined dynamically based on criteria provided
* in the form of one or more LDAP URLs. All dynamic groups should
* contain the groupOfURLs object class, with the memberURL attribute
* specifying the membership criteria.
*/
public class DynamicGroup
extends Group<DynamicGroupImplementationCfg>
{
private static final LocalizedLogger logger = LocalizedLogger.getLoggerForThisClass();
/** The DN of the entry that holds the definition for this group. */
private DN groupEntryDN;
/** The set of the LDAP URLs that define the membership criteria. */
private LinkedHashSet<LDAPURL> memberURLs;
/**
* Creates a new, uninitialized dynamic group instance. This is intended for
* internal use only.
*/
public DynamicGroup()
{
super();
// No initialization is required here.
}
/**
* Creates a new dynamic group instance with the provided information.
*
* @param groupEntryDN The DN of the entry that holds the definition for
* this group. It must not be {@code null}.
* @param memberURLs The set of LDAP URLs that define the membership
* criteria for this group. It must not be
* {@code null}.
*/
public DynamicGroup(DN groupEntryDN, LinkedHashSet<LDAPURL> memberURLs)
{
super();
ifNull(groupEntryDN, memberURLs);
this.groupEntryDN = groupEntryDN;
this.memberURLs = memberURLs;
}
/** {@inheritDoc} */
@Override
public void initializeGroupImplementation(
DynamicGroupImplementationCfg configuration)
throws ConfigException, InitializationException
{
// No additional initialization is required.
}
/** {@inheritDoc} */
@Override
public DynamicGroup newInstance(ServerContext serverContext, Entry groupEntry)
throws DirectoryException
{
ifNull(groupEntry);
// Get the memberURL attribute from the entry, if there is one, and parse
// out the LDAP URLs that it contains.
LinkedHashSet<LDAPURL> memberURLs = new LinkedHashSet<>();
AttributeType memberURLType = DirectoryServer.getAttributeTypeOrDefault(ATTR_MEMBER_URL_LC);
List<Attribute> attrList = groupEntry.getAttribute(memberURLType);
if (attrList != null)
{
for (Attribute a : attrList)
{
for (ByteString v : a)
{
try
{
memberURLs.add(LDAPURL.decode(v.toString(), true));
}
catch (DirectoryException de)
{
logger.traceException(de);
logger.error(ERR_DYNAMICGROUP_CANNOT_DECODE_MEMBERURL, v,
groupEntry.getName(), de.getMessageObject());
}
}
}
}
return new DynamicGroup(groupEntry.getName(), memberURLs);
}
/** {@inheritDoc} */
@Override
public SearchFilter getGroupDefinitionFilter()
throws DirectoryException
{
// FIXME -- This needs to exclude enhanced groups once we have support for
// them.
return SearchFilter.createFilterFromString("(" + ATTR_OBJECTCLASS + "=" +
OC_GROUP_OF_URLS + ")");
}
/** {@inheritDoc} */
@Override
public boolean isGroupDefinition(Entry entry)
{
ifNull(entry);
// FIXME -- This needs to exclude enhanced groups once we have support for
//them.
ObjectClass groupOfURLsClass =
DirectoryConfig.getObjectClass(OC_GROUP_OF_URLS_LC, true);
return entry.hasObjectClass(groupOfURLsClass);
}
/** {@inheritDoc} */
@Override
public DN getGroupDN()
{
return groupEntryDN;
}
/** {@inheritDoc} */
@Override
public void setGroupDN(DN groupDN)
{
groupEntryDN = groupDN;
}
/**
* Retrieves the set of member URLs for this dynamic group. The returned set
* must not be altered by the caller.
*
* @return The set of member URLs for this dynamic group.
*/
public Set<LDAPURL> getMemberURLs()
{
return memberURLs;
}
/** {@inheritDoc} */
@Override
public boolean supportsNestedGroups()
{
// Dynamic groups don't support nesting.
return false;
}
/** {@inheritDoc} */
@Override
public List<DN> getNestedGroupDNs()
{
// Dynamic groups don't support nesting.
return Collections.<DN>emptyList();
}
/** {@inheritDoc} */
@Override
public void addNestedGroup(DN nestedGroupDN)
throws UnsupportedOperationException, DirectoryException
{
// Dynamic groups don't support nesting.
LocalizableMessage message = ERR_DYNAMICGROUP_NESTING_NOT_SUPPORTED.get();
throw new UnsupportedOperationException(message.toString());
}
/** {@inheritDoc} */
@Override
public void removeNestedGroup(DN nestedGroupDN)
throws UnsupportedOperationException, DirectoryException
{
// Dynamic groups don't support nesting.
LocalizableMessage message = ERR_DYNAMICGROUP_NESTING_NOT_SUPPORTED.get();
throw new UnsupportedOperationException(message.toString());
}
/** {@inheritDoc} */
@Override
public boolean isMember(DN userDN, Set<DN> examinedGroups)
throws DirectoryException
{
if (! examinedGroups.add(getGroupDN()))
{
return false;
}
Entry entry = DirectoryConfig.getEntry(userDN);
return entry != null && isMember(entry);
}
/** {@inheritDoc} */
@Override
public boolean isMember(Entry userEntry, Set<DN> examinedGroups)
throws DirectoryException
{
if (! examinedGroups.add(getGroupDN()))
{
return false;
}
for (LDAPURL memberURL : memberURLs)
{
if (memberURL.matchesEntry(userEntry))
{
return true;
}
}
return false;
}
/** {@inheritDoc} */
@Override
public MemberList getMembers()
throws DirectoryException
{
return new DynamicGroupMemberList(groupEntryDN, memberURLs);
}
/** {@inheritDoc} */
@Override
public MemberList getMembers(DN baseDN, SearchScope scope,
SearchFilter filter)
throws DirectoryException
{
if (baseDN == null && filter == null)
{
return new DynamicGroupMemberList(groupEntryDN, memberURLs);
}
else
{
return new DynamicGroupMemberList(groupEntryDN, memberURLs, baseDN, scope,
filter);
}
}
/** {@inheritDoc} */
@Override
public boolean mayAlterMemberList()
{
return false;
}
/** {@inheritDoc} */
@Override
public void addMember(Entry userEntry)
throws UnsupportedOperationException, DirectoryException
{
// Dynamic groups don't support altering the member list.
LocalizableMessage message = ERR_DYNAMICGROUP_ALTERING_MEMBERS_NOT_SUPPORTED.get();
throw new UnsupportedOperationException(message.toString());
}
/** {@inheritDoc} */
@Override
public void removeMember(DN userDN)
throws UnsupportedOperationException, DirectoryException
{
// Dynamic groups don't support altering the member list.
LocalizableMessage message = ERR_DYNAMICGROUP_ALTERING_MEMBERS_NOT_SUPPORTED.get();
throw new UnsupportedOperationException(message.toString());
}
/** {@inheritDoc} */
@Override
public void toString(StringBuilder buffer)
{
buffer.append("DynamicGroup(dn=");
buffer.append(groupEntryDN);
buffer.append(",urls={");
if (! memberURLs.isEmpty())
{
Iterator<LDAPURL> iterator = memberURLs.iterator();
buffer.append("\"");
iterator.next().toString(buffer, false);
while (iterator.hasNext())
{
buffer.append("\", ");
iterator.next().toString(buffer, false);
}
buffer.append("\"");
}
buffer.append("})");
}
}