001/* 002 * The contents of this file are subject to the terms of the Common Development and 003 * Distribution License (the License). You may not use this file except in compliance with the 004 * License. 005 * 006 * You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for the 007 * specific language governing permission and limitations under the License. 008 * 009 * When distributing Covered Software, include this CDDL Header Notice in each file and include 010 * the License file at legal/CDDLv1.0.txt. If applicable, add the following below the CDDL 011 * Header, with the fields enclosed by brackets [] replaced by your own identifying 012 * information: "Portions Copyright [year] [name of copyright owner]". 013 * 014 * Copyright 2008 Sun Microsystems, Inc. 015 * Portions Copyright 2014-2016 ForgeRock AS. 016 */ 017package org.opends.server.authorization.dseecompat; 018 019import static org.opends.messages.AccessControlMessages.*; 020 021import org.forgerock.i18n.LocalizableMessage; 022import org.opends.server.types.DirectoryException; 023import org.opends.server.types.Entry; 024import org.opends.server.types.SearchFilter; 025 026/** This class represents a targetfilter keyword of an aci. */ 027public class TargetFilter { 028 029 /** Enumeration representing the targetfilter operation. */ 030 private final EnumTargetOperator op; 031 /** Filter parsed from the ACI used to match the resource entry. */ 032 private final SearchFilter filter; 033 034 /** 035 * Class representing a targetfilter keyword. 036 * @param op The operation of the targetfilter expression (=, !=) 037 * @param filter The filter itself. 038 */ 039 private TargetFilter(EnumTargetOperator op, SearchFilter filter) { 040 this.op=op; 041 this.filter=filter; 042 } 043 044 /** 045 * Decode a aci's targetfilter string. 046 * @param op The operation enumeration of the expression. 047 * @param expr A string representing the target filter. 048 * @return A TargetFilter class suitable for using in a match. 049 * @throws AciException If the expression string is invalid. 050 */ 051 public static TargetFilter decode(EnumTargetOperator op, String expr) 052 throws AciException { 053 SearchFilter filter; 054 try { 055 filter = SearchFilter.createFilterFromString(expr); 056 } catch (DirectoryException ex) { 057 LocalizableMessage message = 058 WARN_ACI_SYNTAX_INVALID_TARGETFILTERKEYWORD_EXPRESSION.get(expr); 059 throw new AciException(message); 060 } 061 return new TargetFilter(op, filter); 062 } 063 064 /** 065 * Checks if a targetfilter matches an evaluation context. 066 * @param matchCtx The evaluation context to use in the matching. 067 * @return True if the target filter matched the context. 068 */ 069 public boolean isApplicable(AciTargetMatchContext matchCtx) { 070 boolean ret = matchesFilter(matchCtx.getResourceEntry()); 071 if(op.equals(EnumTargetOperator.NOT_EQUALITY)) 072 { 073 return !ret; 074 } 075 return ret; 076 } 077 078 /** 079 * Checks the filter against an entry taken from the match context. 080 * @param e The entry from the evaluation context above. 081 * @return True if the filter matches the entry. 082 */ 083 private boolean matchesFilter(Entry e) { 084 try { 085 return filter.matchesEntry(e); 086 } catch (DirectoryException ex) { 087 //TODO information message? 088 return false; 089 } 090 } 091}