示例#1
0
 /** {@inheritDoc} */
 @Override
 public boolean isAllowed(DN entryDN, Operation op, Control control) throws DirectoryException {
   boolean ret;
   if (!(ret = skipAccessCheck(op))) {
     Entry e = new Entry(entryDN, null, null, null);
     AciLDAPOperationContainer operationContainer =
         new AciLDAPOperationContainer(op, e, control, (ACI_READ | ACI_CONTROL));
     ret = accessAllowed(operationContainer);
   }
   if (control.getOID().equals(OID_PROXIED_AUTH_V2)
       || control.getOID().equals(OID_PROXIED_AUTH_V1)) {
     if (ret) {
       op.setAttachment(ORIG_AUTH_ENTRY, op.getAuthorizationEntry());
     }
   } else if (control.getOID().equals(OID_GET_EFFECTIVE_RIGHTS)) {
     if (ret) {
       GetEffectiveRightsRequestControl getEffectiveRightsControl;
       if (control instanceof LDAPControl) {
         getEffectiveRightsControl =
             GetEffectiveRightsRequestControl.DECODER.decode(
                 control.isCritical(), ((LDAPControl) control).getValue());
       } else {
         getEffectiveRightsControl = (GetEffectiveRightsRequestControl) control;
       }
       op.setAttachment(OID_GET_EFFECTIVE_RIGHTS, getEffectiveRightsControl);
     }
   }
   return ret;
 }
  /**
   * Handles request control processing for this bind operation.
   *
   * @throws DirectoryException If there is a problem with any of the controls.
   */
  private void handleRequestControls() throws DirectoryException {
    LocalBackendWorkflowElement.removeAllDisallowedControls(bindDN, this);

    List<Control> requestControls = getRequestControls();
    if (requestControls != null && !requestControls.isEmpty()) {
      for (Control c : requestControls) {
        final String oid = c.getOID();

        if (OID_AUTHZID_REQUEST.equals(oid)) {
          returnAuthzID = true;
        } else if (OID_PASSWORD_POLICY_CONTROL.equals(oid)) {
          pwPolicyControlRequested = true;
        }

        // NYI -- Add support for additional controls.
        else if (c.isCritical()) {
          throw new DirectoryException(
              ResultCode.UNAVAILABLE_CRITICAL_EXTENSION,
              ERR_BIND_UNSUPPORTED_CRITICAL_CONTROL.get(oid));
        }
      }
    }
  }