/** {@inheritDoc} */ @Override public boolean isAllowed(DN entryDN, Operation op, Control control) throws DirectoryException { boolean ret; if (!(ret = skipAccessCheck(op))) { Entry e = new Entry(entryDN, null, null, null); AciLDAPOperationContainer operationContainer = new AciLDAPOperationContainer(op, e, control, (ACI_READ | ACI_CONTROL)); ret = accessAllowed(operationContainer); } if (control.getOID().equals(OID_PROXIED_AUTH_V2) || control.getOID().equals(OID_PROXIED_AUTH_V1)) { if (ret) { op.setAttachment(ORIG_AUTH_ENTRY, op.getAuthorizationEntry()); } } else if (control.getOID().equals(OID_GET_EFFECTIVE_RIGHTS)) { if (ret) { GetEffectiveRightsRequestControl getEffectiveRightsControl; if (control instanceof LDAPControl) { getEffectiveRightsControl = GetEffectiveRightsRequestControl.DECODER.decode( control.isCritical(), ((LDAPControl) control).getValue()); } else { getEffectiveRightsControl = (GetEffectiveRightsRequestControl) control; } op.setAttachment(OID_GET_EFFECTIVE_RIGHTS, getEffectiveRightsControl); } } return ret; }
/** {@inheritDoc} */ @Override public boolean maySend(Operation operation, SearchResultEntry entry) { if (skipAccessCheck(operation)) { return true; } AciLDAPOperationContainer operationContainer = new AciLDAPOperationContainer(operation, (ACI_SEARCH), entry); // Pre/post read controls are associated with other types of operation. if (operation instanceof SearchOperation) { try { if (!testFilter(operationContainer, ((SearchOperation) operation).getFilter())) { return false; } } catch (DirectoryException ex) { return false; } } operationContainer.clearEvalAttributes(ACI_NULL); operationContainer.setRights(ACI_READ); if (!accessAllowedEntry(operationContainer)) { return false; } if (!operationContainer.hasEvalUserAttributes()) { operation.setAttachment(ALL_USER_ATTRS_MATCHED, ALL_USER_ATTRS_MATCHED); } if (!operationContainer.hasEvalOpAttributes()) { operation.setAttachment(ALL_OP_ATTRS_MATCHED, ALL_OP_ATTRS_MATCHED); } return true; }