appserver/ldapbp/src/main/java/com/sun/jndi/ldap/ctl/GetEffectiveRightsControl.java - glassfish - Git at Google

 /*
  * Copyright (c) 2002, 2018 Oracle and/or its affiliates. All rights reserved.
  *
  * This program and the accompanying materials are made available under the
  * terms of the Eclipse Public License v. 2.0, which is available at
  * http://www.eclipse.org/legal/epl-2.0.
  *
  * This Source Code may also be made available under the following Secondary
  * Licenses when the conditions for such availability set forth in the
  * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
  * version 2 with the GNU Classpath Exception, which is available at
  * https://www.gnu.org/software/classpath/license.html.
  *
  * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
  */

 package com.sun.jndi.ldap.ctl;

 import java.io.IOException;
 import javax.naming.ldap.BasicControl;
 import com.sun.jndi.ldap.Ber;
 import com.sun.jndi.ldap.BerEncoder;

 /**
  * This class implements the getEffectiveRights control to obtain the
  * access control rights in effect for a given user. This control may be
  * included in a LDAP search operation. In response to this control the
  * server sends effective rights for the entries and the attributes returned
  * in the search result response.
  * <p>
  * The JNDI context methods {@link javax.naming.directory.DirContext#getAttributes(String name, String[] attrIds) DirContext.getAttributes}
  * and {@link javax.naming.directory.DirContext#search(Name name, Attributes matchingAttributes, String[] attributesToReturn) DirContext.search}
  * can be used to retrieve the effective rights.
  *
  * <p>
  * The object identifier for the GetEffectiveRights control is
  * 1.3.6.1.4.1.42.2.27.9.5.2 and the control value consists of the
  * authorization identity of the user for whom the effective rights are being
  * requested and the additional attributes for which the user effective rights
  * are to be known.
  *
  * The control's value has the following ASN.1 definition:
  * <pre>
  *
  *     GetRightsControl ::= SEQUENCE {
  *          authzId  = authzId ; as defined in RFC 2829
  *                          ; NULL or empty string means get bound user's rights.
  *                          ; "dn:" means get anonymous user's rights.
  *          attributes  SEQUENCE OF AttributeType
  *                          ; additional attribute type for which rights
  *                information is requested.
  *                          ; NULL means just the ones returned with the
  *                search operation.
  *     }
  *
  * </pre>
  * The following code sample shows how the control may be used:
  * <pre>
  *     // create an initial context using the supplied environment properties
  *     LdapContext ctx = new InitialLdapContext(env, null);
  *
  *     // Get the effective rights for authzId
  *     String dn = "dn:" + authzId;
  *
  *    // create a GetEffectiveRights control to return effective
  *    // rights for authzId on the search result entries and attributes
  *    Control[] reqControls = new Control[] {
  *               new GetEffectiveRightsControl(dn, null, true)
  *    };
  *
  *    // activate the control
  *    ctx.setRequestControls(reqControls);
  *
  *    // The effective rights are returned in the aclRights operational
  *    // attribute.
  *    String[] attrsToReturn = new String[] {"aclRights"};
  *
  *    // Get the entry level effective rights for all the
  *    // entries in the search result
  *    NamingEnumeration results =
  *             ctx.search(entryName, null, attrsToReturn);
  *
  *    printEffectiveRights(results);
  *
  *
  * </pre>
  * @author Vincent Ryan
  */
 public class GetEffectiveRightsControl extends BasicControl {

     /**
      * The GetEffectiveRights control's assigned object identifier
      * is 1.3.6.1.4.1.42.2.27.9.5.2.
      */
     public static final String OID = "1.3.6.1.4.1.42.2.27.9.5.2";

     private static final long serialVersionUID = -6292851668254246648L;

     /**
      * Constructs a control to request the rights which are in effect
      * for the given user.
      *
      * @param    authzId The authorization identity.
      * @param    attributes Additional attributes for which rights information
      *         is requested.
      * @param    criticality The control's criticality setting.
      * @exception IOException If a BER encoding error occurs.
      */
     public GetEffectiveRightsControl(String authzId, String[] attributes,
         boolean criticality) throws IOException {

         super(OID, criticality, null);
         value = setEncodedValue(authzId, attributes);
     }


     private static byte[] setEncodedValue(String authzId, String[] attrs)
         throws IOException {

         // build the ASN.1 encoding
         BerEncoder ber = new BerEncoder(256);

         ber.beginSeq(Ber.ASN_SEQUENCE | Ber.ASN_CONSTRUCTOR);
         ber.encodeString(authzId, true);
         ber.beginSeq(Ber.ASN_SEQUENCE | Ber.ASN_CONSTRUCTOR);
         ber.encodeStringArray(attrs, true);
         ber.endSeq();
         ber.endSeq();

         return ber.getTrimmedBuf();
     }
 }
	/*
	* Copyright (c) 2002, 2018 Oracle and/or its affiliates. All rights reserved.
	*
	* This program and the accompanying materials are made available under the
	* terms of the Eclipse Public License v. 2.0, which is available at
	* http://www.eclipse.org/legal/epl-2.0.
	*
	* This Source Code may also be made available under the following Secondary
	* Licenses when the conditions for such availability set forth in the
	* Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
	* version 2 with the GNU Classpath Exception, which is available at
	* https://www.gnu.org/software/classpath/license.html.
	*
	* SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
	*/

	package com.sun.jndi.ldap.ctl;

	import java.io.IOException;
	import javax.naming.ldap.BasicControl;
	import com.sun.jndi.ldap.Ber;
	import com.sun.jndi.ldap.BerEncoder;

	/**
	* This class implements the getEffectiveRights control to obtain the
	* access control rights in effect for a given user. This control may be
	* included in a LDAP search operation. In response to this control the
	* server sends effective rights for the entries and the attributes returned
	* in the search result response.
	* <p>
	* The JNDI context methods {@link javax.naming.directory.DirContext#getAttributes(String name, String[] attrIds) DirContext.getAttributes}
	* and {@link javax.naming.directory.DirContext#search(Name name, Attributes matchingAttributes, String[] attributesToReturn) DirContext.search}
	* can be used to retrieve the effective rights.
	*
	* <p>
	* The object identifier for the GetEffectiveRights control is
	* 1.3.6.1.4.1.42.2.27.9.5.2 and the control value consists of the
	* authorization identity of the user for whom the effective rights are being
	* requested and the additional attributes for which the user effective rights
	* are to be known.
	*
	* The control's value has the following ASN.1 definition:
	* <pre>
	*
	* GetRightsControl ::= SEQUENCE {
	* authzId = authzId ; as defined in RFC 2829
	* ; NULL or empty string means get bound user's rights.
	* ; "dn:" means get anonymous user's rights.
	* attributes SEQUENCE OF AttributeType
	* ; additional attribute type for which rights
	* information is requested.
	* ; NULL means just the ones returned with the
	* search operation.
	* }
	*
	* </pre>
	* The following code sample shows how the control may be used:
	* <pre>
	* // create an initial context using the supplied environment properties
	* LdapContext ctx = new InitialLdapContext(env, null);
	*
	* // Get the effective rights for authzId
	* String dn = "dn:" + authzId;
	*
	* // create a GetEffectiveRights control to return effective
	* // rights for authzId on the search result entries and attributes
	* Control[] reqControls = new Control[] {
	* new GetEffectiveRightsControl(dn, null, true)
	* };
	*
	* // activate the control
	* ctx.setRequestControls(reqControls);
	*
	* // The effective rights are returned in the aclRights operational
	* // attribute.
	* String[] attrsToReturn = new String[] {"aclRights"};
	*
	* // Get the entry level effective rights for all the
	* // entries in the search result
	* NamingEnumeration results =
	* ctx.search(entryName, null, attrsToReturn);
	*
	* printEffectiveRights(results);
	*
	*
	* </pre>
	* @author Vincent Ryan
	*/
	public class GetEffectiveRightsControl extends BasicControl {

	/**
	* The GetEffectiveRights control's assigned object identifier
	* is 1.3.6.1.4.1.42.2.27.9.5.2.
	*/
	public static final String OID = "1.3.6.1.4.1.42.2.27.9.5.2";

	private static final long serialVersionUID = -6292851668254246648L;

	/**
	* Constructs a control to request the rights which are in effect
	* for the given user.
	*
	* @param authzId The authorization identity.
	* @param attributes Additional attributes for which rights information
	* is requested.
	* @param criticality The control's criticality setting.
	* @exception IOException If a BER encoding error occurs.
	*/
	public GetEffectiveRightsControl(String authzId, String[] attributes,
	boolean criticality) throws IOException {

	super(OID, criticality, null);
	value = setEncodedValue(authzId, attributes);
	}


	private static byte[] setEncodedValue(String authzId, String[] attrs)
	throws IOException {

	// build the ASN.1 encoding
	BerEncoder ber = new BerEncoder(256);

	ber.beginSeq(Ber.ASN_SEQUENCE \| Ber.ASN_CONSTRUCTOR);
	ber.encodeString(authzId, true);
	ber.beginSeq(Ber.ASN_SEQUENCE \| Ber.ASN_CONSTRUCTOR);
	ber.encodeStringArray(attrs, true);
	ber.endSeq();
	ber.endSeq();

	return ber.getTrimmedBuf();
	}
	}