001/* 002 * The contents of this file are subject to the terms of the Common Development and 003 * Distribution License (the License). You may not use this file except in compliance with the 004 * License. 005 * 006 * You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for the 007 * specific language governing permission and limitations under the License. 008 * 009 * When distributing Covered Software, include this CDDL Header Notice in each file and include 010 * the License file at legal/CDDLv1.0.txt. If applicable, add the following below the CDDL 011 * Header, with the fields enclosed by brackets [] replaced by your own identifying 012 * information: "Portions Copyright [year] [name of copyright owner]". 013 * 014 * Copyright 2008 Sun Microsystems, Inc. 015 */ 016package org.forgerock.opendj.server.config.meta; 017 018 019 020import java.util.Collection; 021import java.util.SortedSet; 022import org.forgerock.opendj.config.AdministratorAction; 023import org.forgerock.opendj.config.client.ConcurrentModificationException; 024import org.forgerock.opendj.config.client.IllegalManagedObjectNameException; 025import org.forgerock.opendj.config.client.ManagedObject; 026import org.forgerock.opendj.config.client.ManagedObjectDecodingException; 027import org.forgerock.opendj.config.client.MissingMandatoryPropertiesException; 028import org.forgerock.opendj.config.client.OperationRejectedException; 029import org.forgerock.opendj.config.DefaultBehaviorProvider; 030import org.forgerock.opendj.config.DefinedDefaultBehaviorProvider; 031import org.forgerock.opendj.config.DefinitionDecodingException; 032import org.forgerock.opendj.config.EnumPropertyDefinition; 033import org.forgerock.opendj.config.InstantiableRelationDefinition; 034import org.forgerock.opendj.config.ManagedObjectAlreadyExistsException; 035import org.forgerock.opendj.config.ManagedObjectDefinition; 036import org.forgerock.opendj.config.ManagedObjectNotFoundException; 037import org.forgerock.opendj.config.PropertyException; 038import org.forgerock.opendj.config.PropertyOption; 039import org.forgerock.opendj.config.PropertyProvider; 040import org.forgerock.opendj.config.RelationOption; 041import org.forgerock.opendj.config.server.ConfigException; 042import org.forgerock.opendj.config.server.ConfigurationAddListener; 043import org.forgerock.opendj.config.server.ConfigurationChangeListener; 044import org.forgerock.opendj.config.server.ConfigurationDeleteListener; 045import org.forgerock.opendj.config.server.ServerManagedObject; 046import org.forgerock.opendj.config.Tag; 047import org.forgerock.opendj.config.TopCfgDefn; 048import org.forgerock.opendj.ldap.DN; 049import org.forgerock.opendj.ldap.LdapException; 050import org.forgerock.opendj.server.config.client.RootDNCfgClient; 051import org.forgerock.opendj.server.config.client.RootDNUserCfgClient; 052import org.forgerock.opendj.server.config.server.RootDNCfg; 053import org.forgerock.opendj.server.config.server.RootDNUserCfg; 054 055 056 057/** 058 * An interface for querying the Root DN managed object definition 059 * meta information. 060 * <p> 061 * The Root DN configuration contains all the Root DN Users defined in 062 * the directory server. In addition, it also defines the default set 063 * of privileges that Root DN Users automatically inherit. 064 */ 065public final class RootDNCfgDefn extends ManagedObjectDefinition<RootDNCfgClient, RootDNCfg> { 066 067 /** The singleton configuration definition instance. */ 068 private static final RootDNCfgDefn INSTANCE = new RootDNCfgDefn(); 069 070 071 072 /** 073 * Defines the set of permissable values for the "default-root-privilege-name" property. 074 * <p> 075 * Specifies the names of the privileges that root users will be 076 * granted by default. 077 */ 078 public static enum DefaultRootPrivilegeName { 079 080 /** 081 * Allows the user to request that the server process backup 082 * tasks. 083 */ 084 BACKEND_BACKUP("backend-backup"), 085 086 087 088 /** 089 * Allows the user to request that the server process restore 090 * tasks. 091 */ 092 BACKEND_RESTORE("backend-restore"), 093 094 095 096 /** 097 * Allows the associated user to bypass access control checks 098 * performed by the server. 099 */ 100 BYPASS_ACL("bypass-acl"), 101 102 103 104 /** 105 * Allows the associated user to bypass server lockdown mode. 106 */ 107 BYPASS_LOCKDOWN("bypass-lockdown"), 108 109 110 111 /** 112 * Allows the user to cancel operations in progress on other 113 * client connections. 114 */ 115 CANCEL_REQUEST("cancel-request"), 116 117 118 119 /** 120 * Allows the user to perform read operations on the changelog 121 */ 122 CHANGELOG_READ("changelog-read"), 123 124 125 126 /** 127 * Allows the associated user to read the server configuration. 128 */ 129 CONFIG_READ("config-read"), 130 131 132 133 /** 134 * Allows the associated user to update the server configuration. 135 * The config-read privilege is also required. 136 */ 137 CONFIG_WRITE("config-write"), 138 139 140 141 /** 142 * Allows the user to participate in data synchronization. 143 */ 144 DATA_SYNC("data-sync"), 145 146 147 148 /** 149 * Allows the user to terminate other client connections. 150 */ 151 DISCONNECT_CLIENT("disconnect-client"), 152 153 154 155 /** 156 * Allows the associated user to subscribe to receive JMX 157 * notifications. 158 */ 159 JMX_NOTIFY("jmx-notify"), 160 161 162 163 /** 164 * Allows the associated user to perform JMX read operations. 165 */ 166 JMX_READ("jmx-read"), 167 168 169 170 /** 171 * Allows the associated user to perform JMX write operations. 172 */ 173 JMX_WRITE("jmx-write"), 174 175 176 177 /** 178 * Allows the user to request that the server process LDIF export 179 * tasks. 180 */ 181 LDIF_EXPORT("ldif-export"), 182 183 184 185 /** 186 * Allows the user to request that the server process LDIF import 187 * tasks. 188 */ 189 LDIF_IMPORT("ldif-import"), 190 191 192 193 /** 194 * Allows the associated user to modify the server's access 195 * control configuration. 196 */ 197 MODIFY_ACL("modify-acl"), 198 199 200 201 /** 202 * Allows the user to reset user passwords. 203 */ 204 PASSWORD_RESET("password-reset"), 205 206 207 208 /** 209 * Allows the user to make changes to the set of defined root 210 * privileges, as well as to grant and revoke privileges for users. 211 */ 212 PRIVILEGE_CHANGE("privilege-change"), 213 214 215 216 /** 217 * Allows the user to use the proxied authorization control, or to 218 * perform a bind that specifies an alternate authorization 219 * identity. 220 */ 221 PROXIED_AUTH("proxied-auth"), 222 223 224 225 /** 226 * Allows the user to place and bring the server of lockdown mode. 227 */ 228 SERVER_LOCKDOWN("server-lockdown"), 229 230 231 232 /** 233 * Allows the user to request that the server perform an in-core 234 * restart. 235 */ 236 SERVER_RESTART("server-restart"), 237 238 239 240 /** 241 * Allows the user to request that the server shut down. 242 */ 243 SERVER_SHUTDOWN("server-shutdown"), 244 245 246 247 /** 248 * Allows the associated user to perform LDAP subentry write 249 * operations. 250 */ 251 SUBENTRY_WRITE("subentry-write"), 252 253 254 255 /** 256 * Allows the user to request that the server process a search 257 * that cannot be optimized using server indexes. 258 */ 259 UNINDEXED_SEARCH("unindexed-search"), 260 261 262 263 /** 264 * Allows the user to make changes to the server schema. 265 */ 266 UPDATE_SCHEMA("update-schema"); 267 268 269 270 /** String representation of the value. */ 271 private final String name; 272 273 274 275 /** Private constructor. */ 276 private DefaultRootPrivilegeName(String name) { this.name = name; } 277 278 279 280 /** {@inheritDoc} */ 281 public String toString() { return name; } 282 283 } 284 285 286 287 /** The "default-root-privilege-name" property definition. */ 288 private static final EnumPropertyDefinition<DefaultRootPrivilegeName> PD_DEFAULT_ROOT_PRIVILEGE_NAME; 289 290 291 292 /** The "root-dn-users" relation definition. */ 293 private static final InstantiableRelationDefinition<RootDNUserCfgClient, RootDNUserCfg> RD_ROOT_DN_USERS; 294 295 296 297 /** Build the "default-root-privilege-name" property definition. */ 298 static { 299 EnumPropertyDefinition.Builder<DefaultRootPrivilegeName> builder = EnumPropertyDefinition.createBuilder(INSTANCE, "default-root-privilege-name"); 300 builder.setOption(PropertyOption.MULTI_VALUED); 301 builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "default-root-privilege-name")); 302 DefaultBehaviorProvider<DefaultRootPrivilegeName> provider = new DefinedDefaultBehaviorProvider<DefaultRootPrivilegeName>("bypass-lockdown", "bypass-acl", "modify-acl", "config-read", "config-write", "ldif-import", "ldif-export", "backend-backup", "backend-restore", "server-lockdown", "server-shutdown", "server-restart", "disconnect-client", "cancel-request", "password-reset", "update-schema", "privilege-change", "unindexed-search", "subentry-write", "changelog-read"); 303 builder.setDefaultBehaviorProvider(provider); 304 builder.setEnumClass(DefaultRootPrivilegeName.class); 305 PD_DEFAULT_ROOT_PRIVILEGE_NAME = builder.getInstance(); 306 INSTANCE.registerPropertyDefinition(PD_DEFAULT_ROOT_PRIVILEGE_NAME); 307 } 308 309 310 311 // Build the "root-dn-users" relation definition. 312 static { 313 InstantiableRelationDefinition.Builder<RootDNUserCfgClient, RootDNUserCfg> builder = 314 new InstantiableRelationDefinition.Builder<RootDNUserCfgClient, RootDNUserCfg>(INSTANCE, "root-dn-user", "root-dn-users", RootDNUserCfgDefn.getInstance()); 315 builder.setOption(RelationOption.HIDDEN); 316 RD_ROOT_DN_USERS = builder.getInstance(); 317 INSTANCE.registerRelationDefinition(RD_ROOT_DN_USERS); 318 } 319 320 321 322 // Register the tags associated with this managed object definition. 323 static { 324 INSTANCE.registerTag(Tag.valueOf("core-server")); 325 } 326 327 328 329 /** 330 * Get the Root DN configuration definition singleton. 331 * 332 * @return Returns the Root DN configuration definition singleton. 333 */ 334 public static RootDNCfgDefn getInstance() { 335 return INSTANCE; 336 } 337 338 339 340 /** 341 * Private constructor. 342 */ 343 private RootDNCfgDefn() { 344 super("root-dn", TopCfgDefn.getInstance()); 345 } 346 347 348 349 /** {@inheritDoc} */ 350 public RootDNCfgClient createClientConfiguration( 351 ManagedObject<? extends RootDNCfgClient> impl) { 352 return new RootDNCfgClientImpl(impl); 353 } 354 355 356 357 /** {@inheritDoc} */ 358 public RootDNCfg createServerConfiguration( 359 ServerManagedObject<? extends RootDNCfg> impl) { 360 return new RootDNCfgServerImpl(impl); 361 } 362 363 364 365 /** {@inheritDoc} */ 366 public Class<RootDNCfg> getServerConfigurationClass() { 367 return RootDNCfg.class; 368 } 369 370 371 372 /** 373 * Get the "default-root-privilege-name" property definition. 374 * <p> 375 * Specifies the names of the privileges that root users will be 376 * granted by default. 377 * 378 * @return Returns the "default-root-privilege-name" property definition. 379 */ 380 public EnumPropertyDefinition<DefaultRootPrivilegeName> getDefaultRootPrivilegeNamePropertyDefinition() { 381 return PD_DEFAULT_ROOT_PRIVILEGE_NAME; 382 } 383 384 385 386 /** 387 * Get the "root-dn-users" relation definition. 388 * 389 * @return Returns the "root-dn-users" relation definition. 390 */ 391 public InstantiableRelationDefinition<RootDNUserCfgClient,RootDNUserCfg> getRootDNUsersRelationDefinition() { 392 return RD_ROOT_DN_USERS; 393 } 394 395 396 397 /** 398 * Managed object client implementation. 399 */ 400 private static class RootDNCfgClientImpl implements 401 RootDNCfgClient { 402 403 /** Private implementation. */ 404 private ManagedObject<? extends RootDNCfgClient> impl; 405 406 407 408 /** Private constructor. */ 409 private RootDNCfgClientImpl( 410 ManagedObject<? extends RootDNCfgClient> impl) { 411 this.impl = impl; 412 } 413 414 415 416 /** {@inheritDoc} */ 417 public SortedSet<DefaultRootPrivilegeName> getDefaultRootPrivilegeName() { 418 return impl.getPropertyValues(INSTANCE.getDefaultRootPrivilegeNamePropertyDefinition()); 419 } 420 421 422 423 /** {@inheritDoc} */ 424 public void setDefaultRootPrivilegeName(Collection<DefaultRootPrivilegeName> values) { 425 impl.setPropertyValues(INSTANCE.getDefaultRootPrivilegeNamePropertyDefinition(), values); 426 } 427 428 429 430 /** {@inheritDoc} */ 431 public String[] listRootDNUsers() throws ConcurrentModificationException, 432 LdapException { 433 return impl.listChildren(INSTANCE.getRootDNUsersRelationDefinition()); 434 } 435 436 437 438 /** {@inheritDoc} */ 439 public RootDNUserCfgClient getRootDNUser(String name) 440 throws DefinitionDecodingException, ManagedObjectDecodingException, 441 ManagedObjectNotFoundException, ConcurrentModificationException, 442 LdapException { 443 return impl.getChild(INSTANCE.getRootDNUsersRelationDefinition(), name).getConfiguration(); 444 } 445 446 447 448 /** {@inheritDoc} */ 449 public <M extends RootDNUserCfgClient> M createRootDNUser( 450 ManagedObjectDefinition<M, ? extends RootDNUserCfg> d, String name, Collection<PropertyException> exceptions) throws IllegalManagedObjectNameException { 451 return impl.createChild(INSTANCE.getRootDNUsersRelationDefinition(), d, name, exceptions).getConfiguration(); 452 } 453 454 455 456 /** {@inheritDoc} */ 457 public void removeRootDNUser(String name) 458 throws ManagedObjectNotFoundException, ConcurrentModificationException, 459 OperationRejectedException, LdapException { 460 impl.removeChild(INSTANCE.getRootDNUsersRelationDefinition(), name); 461 } 462 463 464 465 /** {@inheritDoc} */ 466 public ManagedObjectDefinition<? extends RootDNCfgClient, ? extends RootDNCfg> definition() { 467 return INSTANCE; 468 } 469 470 471 472 /** {@inheritDoc} */ 473 public PropertyProvider properties() { 474 return impl; 475 } 476 477 478 479 /** {@inheritDoc} */ 480 public void commit() throws ManagedObjectAlreadyExistsException, 481 MissingMandatoryPropertiesException, ConcurrentModificationException, 482 OperationRejectedException, LdapException { 483 impl.commit(); 484 } 485 486 487 488 /** {@inheritDoc} */ 489 public String toString() { 490 return impl.toString(); 491 } 492 } 493 494 495 496 /** 497 * Managed object server implementation. 498 */ 499 private static class RootDNCfgServerImpl implements 500 RootDNCfg { 501 502 /** Private implementation. */ 503 private ServerManagedObject<? extends RootDNCfg> impl; 504 505 /** The value of the "default-root-privilege-name" property. */ 506 private final SortedSet<DefaultRootPrivilegeName> pDefaultRootPrivilegeName; 507 508 509 510 /** Private constructor. */ 511 private RootDNCfgServerImpl(ServerManagedObject<? extends RootDNCfg> impl) { 512 this.impl = impl; 513 this.pDefaultRootPrivilegeName = impl.getPropertyValues(INSTANCE.getDefaultRootPrivilegeNamePropertyDefinition()); 514 } 515 516 517 518 /** {@inheritDoc} */ 519 public void addChangeListener( 520 ConfigurationChangeListener<RootDNCfg> listener) { 521 impl.registerChangeListener(listener); 522 } 523 524 525 526 /** {@inheritDoc} */ 527 public void removeChangeListener( 528 ConfigurationChangeListener<RootDNCfg> listener) { 529 impl.deregisterChangeListener(listener); 530 } 531 532 533 534 /** {@inheritDoc} */ 535 public SortedSet<DefaultRootPrivilegeName> getDefaultRootPrivilegeName() { 536 return pDefaultRootPrivilegeName; 537 } 538 539 540 541 /** {@inheritDoc} */ 542 public String[] listRootDNUsers() { 543 return impl.listChildren(INSTANCE.getRootDNUsersRelationDefinition()); 544 } 545 546 547 548 /** {@inheritDoc} */ 549 public RootDNUserCfg getRootDNUser(String name) throws ConfigException { 550 return impl.getChild(INSTANCE.getRootDNUsersRelationDefinition(), name).getConfiguration(); 551 } 552 553 554 555 /** {@inheritDoc} */ 556 public void addRootDNUserAddListener( 557 ConfigurationAddListener<RootDNUserCfg> listener) throws ConfigException { 558 impl.registerAddListener(INSTANCE.getRootDNUsersRelationDefinition(), listener); 559 } 560 561 562 563 /** {@inheritDoc} */ 564 public void removeRootDNUserAddListener( 565 ConfigurationAddListener<RootDNUserCfg> listener) { 566 impl.deregisterAddListener(INSTANCE.getRootDNUsersRelationDefinition(), listener); 567 } 568 569 570 571 /** {@inheritDoc} */ 572 public void addRootDNUserDeleteListener( 573 ConfigurationDeleteListener<RootDNUserCfg> listener) throws ConfigException { 574 impl.registerDeleteListener(INSTANCE.getRootDNUsersRelationDefinition(), listener); 575 } 576 577 578 579 /** {@inheritDoc} */ 580 public void removeRootDNUserDeleteListener( 581 ConfigurationDeleteListener<RootDNUserCfg> listener) { 582 impl.deregisterDeleteListener(INSTANCE.getRootDNUsersRelationDefinition(), listener); 583 } 584 585 586 587 /** {@inheritDoc} */ 588 public Class<? extends RootDNCfg> configurationClass() { 589 return RootDNCfg.class; 590 } 591 592 593 594 /** {@inheritDoc} */ 595 public DN dn() { 596 return impl.getDN(); 597 } 598 599 600 601 /** {@inheritDoc} */ 602 public String toString() { 603 return impl.toString(); 604 } 605 } 606}