001/*
002 * The contents of this file are subject to the terms of the Common Development and
003 * Distribution License (the License). You may not use this file except in compliance with the
004 * License.
005 *
006 * You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for the
007 * specific language governing permission and limitations under the License.
008 *
009 * When distributing Covered Software, include this CDDL Header Notice in each file and include
010 * the License file at legal/CDDLv1.0.txt. If applicable, add the following below the CDDL
011 * Header, with the fields enclosed by brackets [] replaced by your own identifying
012 * information: "Portions Copyright [year] [name of copyright owner]".
013 *
014 * Copyright 2008 Sun Microsystems, Inc.
015 * Portions copyright 2013 ForgeRock AS.
016 */
017
018package org.forgerock.opendj.server.core;
019
020import java.net.InetSocketAddress;
021import java.util.Collection;
022
023import org.forgerock.opendj.ldap.Connection;
024import org.forgerock.opendj.ldap.Entry;
025import org.forgerock.opendj.ldap.RequestContext;
026import org.forgerock.opendj.ldap.requests.BindRequest;
027
028/**
029 * The context in which a request is to be processed.
030 * <p>
031 * Implementations may query the context in order to:
032 * <ul>
033 * <li>query the schema associated with the request (attribute types, decode
034 * DNs, etc)
035 * <li>perform internal operations
036 * <li>query information regarding client performing the request
037 * </ul>
038 * Context implementations take care of correctly routing internal requests.
039 * <p>
040 * In addition, the context acts as a transaction manager, coordinating any
041 * resources accessed during the processing of a request and any subsequent
042 * requests forming part of the same logical transaction.
043 * <p>
044 * FiXME: this interface should be split up into sub-components, such as network
045 * information (protocol, addresses), client information (auth ID, SSF,
046 * privileges).
047 */
048public interface Operation extends RequestContext, AttachmentHolder {
049    /**
050     * Retrieves the entry for the user that should be considered the
051     * authorization identity for this operation. In many cases, it will be the
052     * same as the authorization entry for the underlying client connection, or
053     * {@code null} if no authentication has been performed on that connection.
054     * However, it may be some other value if special processing has been
055     * requested (e.g., the operation included a proxied authorization control).
056     *
057     * @return The entry for the user that should be considered the
058     *         authorization identity for this operation, or {@code null} if the
059     *         authorization identity should be the unauthenticated user.
060     */
061    Entry getAuthorizationEntry();
062
063    /**
064     * Returns a connection for performing internal operations.
065     *
066     * @return A connection for performing internal operations.
067     */
068    Connection getConnection();
069
070    /**
071     * Retrieves the operation ID for this operation.
072     *
073     * @return The operation ID for this operation.
074     */
075    long getOperationID();
076
077    /**
078     * Indicates whether the authenticate client has all of the specified
079     * privileges.
080     *
081     * @param privileges
082     *            The array of privileges for which to make the determination.
083     * @return {@code true} if the authenticated client has all of the specified
084     *         privileges, or {@code false} if not.
085     */
086    boolean hasAllPrivileges(Collection<Privilege> privileges);
087
088    /**
089     * Indicates whether the authenticated client has the specified privilege.
090     *
091     * @param privilege
092     *            The privilege for which to make the determination.
093     * @return {@code true} if the authenticated client has the specified
094     *         privilege, or {@code false} if not.
095     */
096    boolean hasPrivilege(Privilege privilege);
097
098    /**
099     * Sets the entry for the user that should be considered the authorization
100     * identity for this operation.
101     *
102     * @param authorizationEntry
103     *            The entry for the user that should be considered the
104     *            authorization identity for this operation, or {@code null} if
105     *            it should be the unauthenticated user.
106     */
107    void setAuthorizationEntry(Entry authorizationEntry);
108
109    /**
110     * Retrieves the entry for the user as whom the client is authenticated.
111     *
112     * @return The entry for the user as whom the client is authenticated, or
113     *         {@code null} if the client is unauthenticated.
114     */
115    Entry getAuthenticationEntry();
116
117    /**
118     * Retrieves the last successful bind request from the client.
119     *
120     * @return The last successful bind request or {@code null} if the client
121     *         have not yet successfully bind.
122     */
123    BindRequest getBindRequest();
124
125    /**
126     * Retrieves the unique identifier that is assigned to the client connection
127     * that submitted this operation.
128     *
129     * @return The unique identifier that is assigned to the client connection
130     *         that submitted this operation.
131     */
132    long getConnectionID();
133
134    /**
135     * Returns the {@code InetSocketAddress} associated with the local system.
136     *
137     * @return The {@code InetSocketAddress} associated with the local system.
138     */
139    InetSocketAddress getLocalAddress();
140
141    /**
142     * Retrieves the default maximum number of entries that should checked for
143     * matches during a search.
144     *
145     * @return The default maximum number of entries that should checked for
146     *         matches during a search.
147     */
148    int getLookthroughLimit();
149
150    /**
151     * Returns the {@code InetSocketAddress} associated with the remote system.
152     *
153     * @return The {@code InetSocketAddress} associated with the remote system.
154     */
155    InetSocketAddress getPeerAddress();
156
157    /**
158     * Retrieves the protocol that the client is using to communicate with the
159     * Directory Server.
160     *
161     * @return The protocol that the client is using to communicate with the
162     *         Directory Server.
163     */
164    String getProtocol();
165
166    /**
167     * Returns the strongest cipher strength currently in use by the underlying
168     * connection.
169     *
170     * @return The strongest cipher strength currently in use by the underlying
171     *         connection.
172     */
173    int getSecurityStrengthFactor();
174
175    /**
176     * Retrieves the size limit that will be enforced for searches performed
177     * using this client connection.
178     *
179     * @return The size limit that will be enforced for searches performed using
180     *         this client connection.
181     */
182    int getSizeLimit();
183
184    /**
185     * Retrieves the time limit that will be enforced for searches performed
186     * using this client connection.
187     *
188     * @return The time limit that will be enforced for searches performed using
189     *         this client connection.
190     */
191    int getTimeLimit();
192}