/** * Process all ACIs under the "cn=config" naming context and adds them to the ACI list cache. It * also logs messages about the number of ACIs added to the cache. This method is called once at * startup. It will put the server in lockdown mode if needed. * * @throws InitializationException If there is an error searching for the ACIs in the naming * context. */ private void processConfigAcis() throws InitializationException { LinkedHashSet<String> requestAttrs = new LinkedHashSet<String>(1); requestAttrs.add("aci"); LinkedList<Message> failedACIMsgs = new LinkedList<Message>(); InternalClientConnection conn = InternalClientConnection.getRootConnection(); ConfigHandler configBackend = DirectoryServer.getConfigHandler(); for (DN baseDN : configBackend.getBaseDNs()) { try { if (!configBackend.entryExists(baseDN)) { continue; } } catch (Exception e) { if (debugEnabled()) { TRACER.debugCaught(DebugLogLevel.ERROR, e); } // FIXME -- Is there anything that we need to do here? continue; } try { InternalSearchOperation internalSearch = new InternalSearchOperation( conn, InternalClientConnection.nextOperationID(), InternalClientConnection.nextMessageID(), null, baseDN, SearchScope.WHOLE_SUBTREE, DereferencePolicy.NEVER_DEREF_ALIASES, 0, 0, false, SearchFilter.createFilterFromString("aci=*"), requestAttrs, null); LocalBackendSearchOperation localSearch = new LocalBackendSearchOperation(internalSearch); configBackend.search(localSearch); if (!internalSearch.getSearchEntries().isEmpty()) { int validAcis = aciList.addAci(internalSearch.getSearchEntries(), failedACIMsgs); if (!failedACIMsgs.isEmpty()) { aciListenerMgr.logMsgsSetLockDownMode(failedACIMsgs); } Message message = INFO_ACI_ADD_LIST_ACIS.get(Integer.toString(validAcis), String.valueOf(baseDN)); logError(message); } } catch (Exception e) { Message message = INFO_ACI_HANDLER_FAIL_PROCESS_ACI.get(); throw new InitializationException(message, e); } } }
/** {@inheritDoc} */ @Override() public void finalizeAccessControlHandler() { aciListenerMgr.finalizeListenerManager(); AciEffectiveRights.finalizeOnShutdown(); DirectoryServer.deregisterSupportedControl(OID_GET_EFFECTIVE_RIGHTS); }