001/*
002 * The contents of this file are subject to the terms of the Common Development and
003 * Distribution License (the License). You may not use this file except in compliance with the
004 * License.
005 *
006 * You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for the
007 * specific language governing permission and limitations under the License.
008 *
009 * When distributing Covered Software, include this CDDL Header Notice in each file and include
010 * the License file at legal/CDDLv1.0.txt. If applicable, add the following below the CDDL
011 * Header, with the fields enclosed by brackets [] replaced by your own identifying
012 * information: "Portions Copyright [year] [name of copyright owner]".
013 *
014 * Copyright 2008 Sun Microsystems, Inc.
015 */
016package org.forgerock.opendj.server.config.meta;
017
018
019
020import java.util.Collection;
021import java.util.SortedSet;
022import org.forgerock.opendj.config.AdministratorAction;
023import org.forgerock.opendj.config.client.ConcurrentModificationException;
024import org.forgerock.opendj.config.client.IllegalManagedObjectNameException;
025import org.forgerock.opendj.config.client.ManagedObject;
026import org.forgerock.opendj.config.client.ManagedObjectDecodingException;
027import org.forgerock.opendj.config.client.MissingMandatoryPropertiesException;
028import org.forgerock.opendj.config.client.OperationRejectedException;
029import org.forgerock.opendj.config.DefaultBehaviorProvider;
030import org.forgerock.opendj.config.DefinedDefaultBehaviorProvider;
031import org.forgerock.opendj.config.DefinitionDecodingException;
032import org.forgerock.opendj.config.EnumPropertyDefinition;
033import org.forgerock.opendj.config.InstantiableRelationDefinition;
034import org.forgerock.opendj.config.ManagedObjectAlreadyExistsException;
035import org.forgerock.opendj.config.ManagedObjectDefinition;
036import org.forgerock.opendj.config.ManagedObjectNotFoundException;
037import org.forgerock.opendj.config.PropertyException;
038import org.forgerock.opendj.config.PropertyOption;
039import org.forgerock.opendj.config.PropertyProvider;
040import org.forgerock.opendj.config.RelationOption;
041import org.forgerock.opendj.config.server.ConfigException;
042import org.forgerock.opendj.config.server.ConfigurationAddListener;
043import org.forgerock.opendj.config.server.ConfigurationChangeListener;
044import org.forgerock.opendj.config.server.ConfigurationDeleteListener;
045import org.forgerock.opendj.config.server.ServerManagedObject;
046import org.forgerock.opendj.config.Tag;
047import org.forgerock.opendj.config.TopCfgDefn;
048import org.forgerock.opendj.ldap.DN;
049import org.forgerock.opendj.ldap.LdapException;
050import org.forgerock.opendj.server.config.client.RootDNCfgClient;
051import org.forgerock.opendj.server.config.client.RootDNUserCfgClient;
052import org.forgerock.opendj.server.config.server.RootDNCfg;
053import org.forgerock.opendj.server.config.server.RootDNUserCfg;
054
055
056
057/**
058 * An interface for querying the Root DN managed object definition
059 * meta information.
060 * <p>
061 * The Root DN configuration contains all the Root DN Users defined in
062 * the directory server. In addition, it also defines the default set
063 * of privileges that Root DN Users automatically inherit.
064 */
065public final class RootDNCfgDefn extends ManagedObjectDefinition<RootDNCfgClient, RootDNCfg> {
066
067  /** The singleton configuration definition instance. */
068  private static final RootDNCfgDefn INSTANCE = new RootDNCfgDefn();
069
070
071
072  /**
073   * Defines the set of permissable values for the "default-root-privilege-name" property.
074   * <p>
075   * Specifies the names of the privileges that root users will be
076   * granted by default.
077   */
078  public static enum DefaultRootPrivilegeName {
079
080    /**
081     * Allows the user to request that the server process backup
082     * tasks.
083     */
084    BACKEND_BACKUP("backend-backup"),
085
086
087
088    /**
089     * Allows the user to request that the server process restore
090     * tasks.
091     */
092    BACKEND_RESTORE("backend-restore"),
093
094
095
096    /**
097     * Allows the associated user to bypass access control checks
098     * performed by the server.
099     */
100    BYPASS_ACL("bypass-acl"),
101
102
103
104    /**
105     * Allows the associated user to bypass server lockdown mode.
106     */
107    BYPASS_LOCKDOWN("bypass-lockdown"),
108
109
110
111    /**
112     * Allows the user to cancel operations in progress on other
113     * client connections.
114     */
115    CANCEL_REQUEST("cancel-request"),
116
117
118
119    /**
120     * Allows the user to perform read operations on the changelog
121     */
122    CHANGELOG_READ("changelog-read"),
123
124
125
126    /**
127     * Allows the associated user to read the server configuration.
128     */
129    CONFIG_READ("config-read"),
130
131
132
133    /**
134     * Allows the associated user to update the server configuration.
135     * The config-read privilege is also required.
136     */
137    CONFIG_WRITE("config-write"),
138
139
140
141    /**
142     * Allows the user to participate in data synchronization.
143     */
144    DATA_SYNC("data-sync"),
145
146
147
148    /**
149     * Allows the user to terminate other client connections.
150     */
151    DISCONNECT_CLIENT("disconnect-client"),
152
153
154
155    /**
156     * Allows the associated user to subscribe to receive JMX
157     * notifications.
158     */
159    JMX_NOTIFY("jmx-notify"),
160
161
162
163    /**
164     * Allows the associated user to perform JMX read operations.
165     */
166    JMX_READ("jmx-read"),
167
168
169
170    /**
171     * Allows the associated user to perform JMX write operations.
172     */
173    JMX_WRITE("jmx-write"),
174
175
176
177    /**
178     * Allows the user to request that the server process LDIF export
179     * tasks.
180     */
181    LDIF_EXPORT("ldif-export"),
182
183
184
185    /**
186     * Allows the user to request that the server process LDIF import
187     * tasks.
188     */
189    LDIF_IMPORT("ldif-import"),
190
191
192
193    /**
194     * Allows the associated user to modify the server's access
195     * control configuration.
196     */
197    MODIFY_ACL("modify-acl"),
198
199
200
201    /**
202     * Allows the user to reset user passwords.
203     */
204    PASSWORD_RESET("password-reset"),
205
206
207
208    /**
209     * Allows the user to make changes to the set of defined root
210     * privileges, as well as to grant and revoke privileges for users.
211     */
212    PRIVILEGE_CHANGE("privilege-change"),
213
214
215
216    /**
217     * Allows the user to use the proxied authorization control, or to
218     * perform a bind that specifies an alternate authorization
219     * identity.
220     */
221    PROXIED_AUTH("proxied-auth"),
222
223
224
225    /**
226     * Allows the user to place and bring the server of lockdown mode.
227     */
228    SERVER_LOCKDOWN("server-lockdown"),
229
230
231
232    /**
233     * Allows the user to request that the server perform an in-core
234     * restart.
235     */
236    SERVER_RESTART("server-restart"),
237
238
239
240    /**
241     * Allows the user to request that the server shut down.
242     */
243    SERVER_SHUTDOWN("server-shutdown"),
244
245
246
247    /**
248     * Allows the associated user to perform LDAP subentry write
249     * operations.
250     */
251    SUBENTRY_WRITE("subentry-write"),
252
253
254
255    /**
256     * Allows the user to request that the server process a search
257     * that cannot be optimized using server indexes.
258     */
259    UNINDEXED_SEARCH("unindexed-search"),
260
261
262
263    /**
264     * Allows the user to make changes to the server schema.
265     */
266    UPDATE_SCHEMA("update-schema");
267
268
269
270    /** String representation of the value. */
271    private final String name;
272
273
274
275    /** Private constructor. */
276    private DefaultRootPrivilegeName(String name) { this.name = name; }
277
278
279
280    /** {@inheritDoc} */
281    public String toString() { return name; }
282
283  }
284
285
286
287  /** The "default-root-privilege-name" property definition. */
288  private static final EnumPropertyDefinition<DefaultRootPrivilegeName> PD_DEFAULT_ROOT_PRIVILEGE_NAME;
289
290
291
292  /** The "root-dn-users" relation definition. */
293  private static final InstantiableRelationDefinition<RootDNUserCfgClient, RootDNUserCfg> RD_ROOT_DN_USERS;
294
295
296
297  /** Build the "default-root-privilege-name" property definition. */
298  static {
299      EnumPropertyDefinition.Builder<DefaultRootPrivilegeName> builder = EnumPropertyDefinition.createBuilder(INSTANCE, "default-root-privilege-name");
300      builder.setOption(PropertyOption.MULTI_VALUED);
301      builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "default-root-privilege-name"));
302      DefaultBehaviorProvider<DefaultRootPrivilegeName> provider = new DefinedDefaultBehaviorProvider<DefaultRootPrivilegeName>("bypass-lockdown", "bypass-acl", "modify-acl", "config-read", "config-write", "ldif-import", "ldif-export", "backend-backup", "backend-restore", "server-lockdown", "server-shutdown", "server-restart", "disconnect-client", "cancel-request", "password-reset", "update-schema", "privilege-change", "unindexed-search", "subentry-write", "changelog-read");
303      builder.setDefaultBehaviorProvider(provider);
304      builder.setEnumClass(DefaultRootPrivilegeName.class);
305      PD_DEFAULT_ROOT_PRIVILEGE_NAME = builder.getInstance();
306      INSTANCE.registerPropertyDefinition(PD_DEFAULT_ROOT_PRIVILEGE_NAME);
307  }
308
309
310
311  // Build the "root-dn-users" relation definition.
312  static {
313    InstantiableRelationDefinition.Builder<RootDNUserCfgClient, RootDNUserCfg> builder =
314      new InstantiableRelationDefinition.Builder<RootDNUserCfgClient, RootDNUserCfg>(INSTANCE, "root-dn-user", "root-dn-users", RootDNUserCfgDefn.getInstance());
315    builder.setOption(RelationOption.HIDDEN);
316    RD_ROOT_DN_USERS = builder.getInstance();
317    INSTANCE.registerRelationDefinition(RD_ROOT_DN_USERS);
318  }
319
320
321
322  // Register the tags associated with this managed object definition.
323  static {
324    INSTANCE.registerTag(Tag.valueOf("core-server"));
325  }
326
327
328
329  /**
330   * Get the Root DN configuration definition singleton.
331   *
332   * @return Returns the Root DN configuration definition singleton.
333   */
334  public static RootDNCfgDefn getInstance() {
335    return INSTANCE;
336  }
337
338
339
340  /**
341   * Private constructor.
342   */
343  private RootDNCfgDefn() {
344    super("root-dn", TopCfgDefn.getInstance());
345  }
346
347
348
349  /** {@inheritDoc} */
350  public RootDNCfgClient createClientConfiguration(
351      ManagedObject<? extends RootDNCfgClient> impl) {
352    return new RootDNCfgClientImpl(impl);
353  }
354
355
356
357  /** {@inheritDoc} */
358  public RootDNCfg createServerConfiguration(
359      ServerManagedObject<? extends RootDNCfg> impl) {
360    return new RootDNCfgServerImpl(impl);
361  }
362
363
364
365  /** {@inheritDoc} */
366  public Class<RootDNCfg> getServerConfigurationClass() {
367    return RootDNCfg.class;
368  }
369
370
371
372  /**
373   * Get the "default-root-privilege-name" property definition.
374   * <p>
375   * Specifies the names of the privileges that root users will be
376   * granted by default.
377   *
378   * @return Returns the "default-root-privilege-name" property definition.
379   */
380  public EnumPropertyDefinition<DefaultRootPrivilegeName> getDefaultRootPrivilegeNamePropertyDefinition() {
381    return PD_DEFAULT_ROOT_PRIVILEGE_NAME;
382  }
383
384
385
386  /**
387   * Get the "root-dn-users" relation definition.
388   *
389   * @return Returns the "root-dn-users" relation definition.
390   */
391  public InstantiableRelationDefinition<RootDNUserCfgClient,RootDNUserCfg> getRootDNUsersRelationDefinition() {
392    return RD_ROOT_DN_USERS;
393  }
394
395
396
397  /**
398   * Managed object client implementation.
399   */
400  private static class RootDNCfgClientImpl implements
401    RootDNCfgClient {
402
403    /** Private implementation. */
404    private ManagedObject<? extends RootDNCfgClient> impl;
405
406
407
408    /** Private constructor. */
409    private RootDNCfgClientImpl(
410        ManagedObject<? extends RootDNCfgClient> impl) {
411      this.impl = impl;
412    }
413
414
415
416    /** {@inheritDoc} */
417    public SortedSet<DefaultRootPrivilegeName> getDefaultRootPrivilegeName() {
418      return impl.getPropertyValues(INSTANCE.getDefaultRootPrivilegeNamePropertyDefinition());
419    }
420
421
422
423    /** {@inheritDoc} */
424    public void setDefaultRootPrivilegeName(Collection<DefaultRootPrivilegeName> values) {
425      impl.setPropertyValues(INSTANCE.getDefaultRootPrivilegeNamePropertyDefinition(), values);
426    }
427
428
429
430    /** {@inheritDoc} */
431    public String[] listRootDNUsers() throws ConcurrentModificationException,
432        LdapException {
433      return impl.listChildren(INSTANCE.getRootDNUsersRelationDefinition());
434    }
435
436
437
438    /** {@inheritDoc} */
439    public RootDNUserCfgClient getRootDNUser(String name)
440        throws DefinitionDecodingException, ManagedObjectDecodingException,
441        ManagedObjectNotFoundException, ConcurrentModificationException,
442        LdapException {
443      return impl.getChild(INSTANCE.getRootDNUsersRelationDefinition(), name).getConfiguration();
444    }
445
446
447
448    /** {@inheritDoc} */
449    public <M extends RootDNUserCfgClient> M createRootDNUser(
450        ManagedObjectDefinition<M, ? extends RootDNUserCfg> d, String name, Collection<PropertyException> exceptions) throws IllegalManagedObjectNameException {
451      return impl.createChild(INSTANCE.getRootDNUsersRelationDefinition(), d, name, exceptions).getConfiguration();
452    }
453
454
455
456    /** {@inheritDoc} */
457    public void removeRootDNUser(String name)
458        throws ManagedObjectNotFoundException, ConcurrentModificationException,
459        OperationRejectedException, LdapException {
460      impl.removeChild(INSTANCE.getRootDNUsersRelationDefinition(), name);
461    }
462
463
464
465    /** {@inheritDoc} */
466    public ManagedObjectDefinition<? extends RootDNCfgClient, ? extends RootDNCfg> definition() {
467      return INSTANCE;
468    }
469
470
471
472    /** {@inheritDoc} */
473    public PropertyProvider properties() {
474      return impl;
475    }
476
477
478
479    /** {@inheritDoc} */
480    public void commit() throws ManagedObjectAlreadyExistsException,
481        MissingMandatoryPropertiesException, ConcurrentModificationException,
482        OperationRejectedException, LdapException {
483      impl.commit();
484    }
485
486
487
488    /** {@inheritDoc} */
489    public String toString() {
490      return impl.toString();
491    }
492  }
493
494
495
496  /**
497   * Managed object server implementation.
498   */
499  private static class RootDNCfgServerImpl implements
500    RootDNCfg {
501
502    /** Private implementation. */
503    private ServerManagedObject<? extends RootDNCfg> impl;
504
505    /** The value of the "default-root-privilege-name" property. */
506    private final SortedSet<DefaultRootPrivilegeName> pDefaultRootPrivilegeName;
507
508
509
510    /** Private constructor. */
511    private RootDNCfgServerImpl(ServerManagedObject<? extends RootDNCfg> impl) {
512      this.impl = impl;
513      this.pDefaultRootPrivilegeName = impl.getPropertyValues(INSTANCE.getDefaultRootPrivilegeNamePropertyDefinition());
514    }
515
516
517
518    /** {@inheritDoc} */
519    public void addChangeListener(
520        ConfigurationChangeListener<RootDNCfg> listener) {
521      impl.registerChangeListener(listener);
522    }
523
524
525
526    /** {@inheritDoc} */
527    public void removeChangeListener(
528        ConfigurationChangeListener<RootDNCfg> listener) {
529      impl.deregisterChangeListener(listener);
530    }
531
532
533
534    /** {@inheritDoc} */
535    public SortedSet<DefaultRootPrivilegeName> getDefaultRootPrivilegeName() {
536      return pDefaultRootPrivilegeName;
537    }
538
539
540
541    /** {@inheritDoc} */
542    public String[] listRootDNUsers() {
543      return impl.listChildren(INSTANCE.getRootDNUsersRelationDefinition());
544    }
545
546
547
548    /** {@inheritDoc} */
549    public RootDNUserCfg getRootDNUser(String name) throws ConfigException {
550      return impl.getChild(INSTANCE.getRootDNUsersRelationDefinition(), name).getConfiguration();
551    }
552
553
554
555    /** {@inheritDoc} */
556    public void addRootDNUserAddListener(
557        ConfigurationAddListener<RootDNUserCfg> listener) throws ConfigException {
558      impl.registerAddListener(INSTANCE.getRootDNUsersRelationDefinition(), listener);
559    }
560
561
562
563    /** {@inheritDoc} */
564    public void removeRootDNUserAddListener(
565        ConfigurationAddListener<RootDNUserCfg> listener) {
566      impl.deregisterAddListener(INSTANCE.getRootDNUsersRelationDefinition(), listener);
567    }
568
569
570
571    /** {@inheritDoc} */
572    public void addRootDNUserDeleteListener(
573        ConfigurationDeleteListener<RootDNUserCfg> listener) throws ConfigException {
574      impl.registerDeleteListener(INSTANCE.getRootDNUsersRelationDefinition(), listener);
575    }
576
577
578
579    /** {@inheritDoc} */
580    public void removeRootDNUserDeleteListener(
581        ConfigurationDeleteListener<RootDNUserCfg> listener) {
582      impl.deregisterDeleteListener(INSTANCE.getRootDNUsersRelationDefinition(), listener);
583    }
584
585
586
587    /** {@inheritDoc} */
588    public Class<? extends RootDNCfg> configurationClass() {
589      return RootDNCfg.class;
590    }
591
592
593
594    /** {@inheritDoc} */
595    public DN dn() {
596      return impl.getDN();
597    }
598
599
600
601    /** {@inheritDoc} */
602    public String toString() {
603      return impl.toString();
604    }
605  }
606}