/** {@inheritDoc} */ @Override public boolean isAllowed(DN entryDN, Operation op, Control control) throws DirectoryException { boolean ret; if (!(ret = skipAccessCheck(op))) { Entry e = new Entry(entryDN, null, null, null); AciLDAPOperationContainer operationContainer = new AciLDAPOperationContainer(op, e, control, (ACI_READ | ACI_CONTROL)); ret = accessAllowed(operationContainer); } if (control.getOID().equals(OID_PROXIED_AUTH_V2) || control.getOID().equals(OID_PROXIED_AUTH_V1)) { if (ret) { op.setAttachment(ORIG_AUTH_ENTRY, op.getAuthorizationEntry()); } } else if (control.getOID().equals(OID_GET_EFFECTIVE_RIGHTS)) { if (ret) { GetEffectiveRightsRequestControl getEffectiveRightsControl; if (control instanceof LDAPControl) { getEffectiveRightsControl = GetEffectiveRightsRequestControl.DECODER.decode( control.isCritical(), ((LDAPControl) control).getValue()); } else { getEffectiveRightsControl = (GetEffectiveRightsRequestControl) control; } op.setAttachment(OID_GET_EFFECTIVE_RIGHTS, getEffectiveRightsControl); } } return ret; }
/** * Handles request control processing for this bind operation. * * @throws DirectoryException If there is a problem with any of the controls. */ private void handleRequestControls() throws DirectoryException { LocalBackendWorkflowElement.removeAllDisallowedControls(bindDN, this); List<Control> requestControls = getRequestControls(); if (requestControls != null && !requestControls.isEmpty()) { for (Control c : requestControls) { final String oid = c.getOID(); if (OID_AUTHZID_REQUEST.equals(oid)) { returnAuthzID = true; } else if (OID_PASSWORD_POLICY_CONTROL.equals(oid)) { pwPolicyControlRequested = true; } // NYI -- Add support for additional controls. else if (c.isCritical()) { throw new DirectoryException( ResultCode.UNAVAILABLE_CRITICAL_EXTENSION, ERR_BIND_UNSUPPORTED_CRITICAL_CONTROL.get(oid)); } } } }