/** {@inheritDoc} */
@Override
public boolean isAllowed(DN entryDN, Operation op, Control control) throws DirectoryException {
boolean ret;
if (!(ret = skipAccessCheck(op))) {
Entry e = new Entry(entryDN, null, null, null);
AciLDAPOperationContainer operationContainer =
new AciLDAPOperationContainer(op, e, control, (ACI_READ | ACI_CONTROL));
ret = accessAllowed(operationContainer);
}
if (control.getOID().equals(OID_PROXIED_AUTH_V2)
|| control.getOID().equals(OID_PROXIED_AUTH_V1)) {
if (ret) {
op.setAttachment(ORIG_AUTH_ENTRY, op.getAuthorizationEntry());
}
} else if (control.getOID().equals(OID_GET_EFFECTIVE_RIGHTS)) {
if (ret) {
GetEffectiveRightsRequestControl getEffectiveRightsControl;
if (control instanceof LDAPControl) {
getEffectiveRightsControl =
GetEffectiveRightsRequestControl.DECODER.decode(
control.isCritical(), ((LDAPControl) control).getValue());
} else {
getEffectiveRightsControl = (GetEffectiveRightsRequestControl) control;
}
op.setAttachment(OID_GET_EFFECTIVE_RIGHTS, getEffectiveRightsControl);
}
}
return ret;
}
/**
* Handles request control processing for this bind operation.
*
* @throws DirectoryException If there is a problem with any of the controls.
*/
private void handleRequestControls() throws DirectoryException {
LocalBackendWorkflowElement.removeAllDisallowedControls(bindDN, this);
List<Control> requestControls = getRequestControls();
if (requestControls != null && !requestControls.isEmpty()) {
for (Control c : requestControls) {
final String oid = c.getOID();
if (OID_AUTHZID_REQUEST.equals(oid)) {
returnAuthzID = true;
} else if (OID_PASSWORD_POLICY_CONTROL.equals(oid)) {
pwPolicyControlRequested = true;
}
// NYI -- Add support for additional controls.
else if (c.isCritical()) {
throw new DirectoryException(
ResultCode.UNAVAILABLE_CRITICAL_EXTENSION,
ERR_BIND_UNSUPPORTED_CRITICAL_CONTROL.get(oid));
}
}
}
}
