directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From elecha...@apache.org
Subject svn commit: r959029 [1/4] - in /directory/shared/trunk/ldap-aci: ./ .settings/ src/ src/main/ src/main/antlr/ src/main/java/ src/main/java/org/ src/main/java/org/apache/ src/main/java/org/apache/directory/ src/main/java/org/apache/directory/shared/ src...
Date Tue, 29 Jun 2010 16:56:09 GMT
Author: elecharny
Date: Tue Jun 29 16:56:07 2010
New Revision: 959029

URL: http://svn.apache.org/viewvc?rev=959029&view=rev
Log:
migrated the ACI code to a new module

Added:
    directory/shared/trunk/ldap-aci/   (with props)
    directory/shared/trunk/ldap-aci/.settings/
    directory/shared/trunk/ldap-aci/.settings/org.eclipse.jdt.core.prefs
    directory/shared/trunk/ldap-aci/pom.xml
    directory/shared/trunk/ldap-aci/src/
    directory/shared/trunk/ldap-aci/src/main/
    directory/shared/trunk/ldap-aci/src/main/antlr/
    directory/shared/trunk/ldap-aci/src/main/antlr/ACIItem.g
    directory/shared/trunk/ldap-aci/src/main/antlr/ACIItemChecker.g
    directory/shared/trunk/ldap-aci/src/main/java/
    directory/shared/trunk/ldap-aci/src/main/java/org/
    directory/shared/trunk/ldap-aci/src/main/java/org/apache/
    directory/shared/trunk/ldap-aci/src/main/java/org/apache/directory/
    directory/shared/trunk/ldap-aci/src/main/java/org/apache/directory/shared/
    directory/shared/trunk/ldap-aci/src/main/java/org/apache/directory/shared/ldap/
    directory/shared/trunk/ldap-aci/src/main/java/org/apache/directory/shared/ldap/aci/
    directory/shared/trunk/ldap-aci/src/main/java/org/apache/directory/shared/ldap/aci/ACIItem.java
    directory/shared/trunk/ldap-aci/src/main/java/org/apache/directory/shared/ldap/aci/ACIItemChecker.java
    directory/shared/trunk/ldap-aci/src/main/java/org/apache/directory/shared/ldap/aci/ACIItemParser.java
    directory/shared/trunk/ldap-aci/src/main/java/org/apache/directory/shared/ldap/aci/ACITuple.java
    directory/shared/trunk/ldap-aci/src/main/java/org/apache/directory/shared/ldap/aci/GrantAndDenial.java
    directory/shared/trunk/ldap-aci/src/main/java/org/apache/directory/shared/ldap/aci/ItemFirstACIItem.java
    directory/shared/trunk/ldap-aci/src/main/java/org/apache/directory/shared/ldap/aci/ItemPermission.java
    directory/shared/trunk/ldap-aci/src/main/java/org/apache/directory/shared/ldap/aci/MicroOperation.java
    directory/shared/trunk/ldap-aci/src/main/java/org/apache/directory/shared/ldap/aci/Permission.java
    directory/shared/trunk/ldap-aci/src/main/java/org/apache/directory/shared/ldap/aci/ProtectedItem.java
    directory/shared/trunk/ldap-aci/src/main/java/org/apache/directory/shared/ldap/aci/ReusableAntlrACIItemChecker.java
    directory/shared/trunk/ldap-aci/src/main/java/org/apache/directory/shared/ldap/aci/ReusableAntlrACIItemCheckerLexer.java
    directory/shared/trunk/ldap-aci/src/main/java/org/apache/directory/shared/ldap/aci/ReusableAntlrACIItemLexer.java
    directory/shared/trunk/ldap-aci/src/main/java/org/apache/directory/shared/ldap/aci/ReusableAntlrACIItemParser.java
    directory/shared/trunk/ldap-aci/src/main/java/org/apache/directory/shared/ldap/aci/UserClass.java
    directory/shared/trunk/ldap-aci/src/main/java/org/apache/directory/shared/ldap/aci/UserFirstACIItem.java
    directory/shared/trunk/ldap-aci/src/main/java/org/apache/directory/shared/ldap/aci/UserPermission.java
    directory/shared/trunk/ldap-aci/src/main/java/org/apache/directory/shared/ldap/aci/protectedItem/
    directory/shared/trunk/ldap-aci/src/main/java/org/apache/directory/shared/ldap/aci/protectedItem/AbstractAttributeTypeProtectedItem.java
    directory/shared/trunk/ldap-aci/src/main/java/org/apache/directory/shared/ldap/aci/protectedItem/AllAttributeValuesItem.java
    directory/shared/trunk/ldap-aci/src/main/java/org/apache/directory/shared/ldap/aci/protectedItem/AttributeTypeItem.java
    directory/shared/trunk/ldap-aci/src/main/java/org/apache/directory/shared/ldap/aci/protectedItem/AttributeValueItem.java
    directory/shared/trunk/ldap-aci/src/main/java/org/apache/directory/shared/ldap/aci/protectedItem/SelfValueItem.java
    directory/shared/trunk/ldap-aci/src/main/java/org/apache/directory/shared/ldap/schema/
    directory/shared/trunk/ldap-aci/src/main/java/org/apache/directory/shared/ldap/schema/syntaxCheckers/
    directory/shared/trunk/ldap-aci/src/main/java/org/apache/directory/shared/ldap/schema/syntaxCheckers/ACIItemSyntaxChecker.java
    directory/shared/trunk/ldap-aci/src/test/
    directory/shared/trunk/ldap-aci/src/test/java/
    directory/shared/trunk/ldap-aci/src/test/java/org/
    directory/shared/trunk/ldap-aci/src/test/java/org/apache/
    directory/shared/trunk/ldap-aci/src/test/java/org/apache/directory/
    directory/shared/trunk/ldap-aci/src/test/java/org/apache/directory/shared/
    directory/shared/trunk/ldap-aci/src/test/java/org/apache/directory/shared/ldap/
    directory/shared/trunk/ldap-aci/src/test/java/org/apache/directory/shared/ldap/aci/
    directory/shared/trunk/ldap-aci/src/test/java/org/apache/directory/shared/ldap/aci/ACIItemChekerTest.java
    directory/shared/trunk/ldap-aci/src/test/java/org/apache/directory/shared/ldap/aci/ACIItemParserTest.java
    directory/shared/trunk/ldap-aci/src/test/java/org/apache/directory/shared/ldap/aci/ProtectedItem_AllAttributeValuesTest.java
    directory/shared/trunk/ldap-aci/src/test/java/org/apache/directory/shared/ldap/aci/ProtectedItem_AttributeTypeTest.java
    directory/shared/trunk/ldap-aci/src/test/java/org/apache/directory/shared/ldap/aci/ProtectedItem_AttributeValueTest.java
    directory/shared/trunk/ldap-aci/src/test/java/org/apache/directory/shared/ldap/aci/ProtectedItem_ClassesTest.java
    directory/shared/trunk/ldap-aci/src/test/java/org/apache/directory/shared/ldap/aci/ProtectedItem_MaxImmSubTest.java
    directory/shared/trunk/ldap-aci/src/test/java/org/apache/directory/shared/ldap/aci/ProtectedItem_MaxValueCountTest.java
    directory/shared/trunk/ldap-aci/src/test/java/org/apache/directory/shared/ldap/aci/ProtectedItem_RangeOfValuesTest.java
    directory/shared/trunk/ldap-aci/src/test/java/org/apache/directory/shared/ldap/aci/ProtectedItem_RestrictedByTest.java
    directory/shared/trunk/ldap-aci/src/test/java/org/apache/directory/shared/ldap/aci/ProtectedItem_SelfValueTest.java
    directory/shared/trunk/ldap-aci/src/test/java/org/apache/directory/shared/ldap/aci/UserClass_NameTest.java
    directory/shared/trunk/ldap-aci/src/test/java/org/apache/directory/shared/ldap/aci/UserClass_SubtreeTest.java
    directory/shared/trunk/ldap-aci/src/test/java/org/apache/directory/shared/ldap/schema/
    directory/shared/trunk/ldap-aci/src/test/java/org/apache/directory/shared/ldap/schema/syntaxCheckers/
    directory/shared/trunk/ldap-aci/src/test/java/org/apache/directory/shared/ldap/schema/syntaxCheckers/ACIItemSyntaxCheckerTest.java

Propchange: directory/shared/trunk/ldap-aci/
------------------------------------------------------------------------------
--- svn:ignore (added)
+++ svn:ignore Tue Jun 29 16:56:07 2010
@@ -0,0 +1,4 @@
+target
+.project
+.classpath
+.settings

Added: directory/shared/trunk/ldap-aci/.settings/org.eclipse.jdt.core.prefs
URL: http://svn.apache.org/viewvc/directory/shared/trunk/ldap-aci/.settings/org.eclipse.jdt.core.prefs?rev=959029&view=auto
==============================================================================
--- directory/shared/trunk/ldap-aci/.settings/org.eclipse.jdt.core.prefs (added)
+++ directory/shared/trunk/ldap-aci/.settings/org.eclipse.jdt.core.prefs Tue Jun 29 16:56:07 2010
@@ -0,0 +1,9 @@
+#Tue Jun 29 17:23:13 CEST 2010
+encoding//src/test/java=ISO-8859-1
+org.eclipse.jdt.core.compiler.codegen.targetPlatform=1.5
+eclipse.preferences.version=1
+encoding//src/test/resources=ISO-8859-1
+org.eclipse.jdt.core.compiler.source=1.5
+encoding//src/main/java=ISO-8859-1
+encoding//src/main/resources=ISO-8859-1
+org.eclipse.jdt.core.compiler.compliance=1.5

Added: directory/shared/trunk/ldap-aci/pom.xml
URL: http://svn.apache.org/viewvc/directory/shared/trunk/ldap-aci/pom.xml?rev=959029&view=auto
==============================================================================
--- directory/shared/trunk/ldap-aci/pom.xml (added)
+++ directory/shared/trunk/ldap-aci/pom.xml Tue Jun 29 16:56:07 2010
@@ -0,0 +1,84 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  Licensed to the Apache Software Foundation (ASF) under one
+  or more contributor license agreements.  See the NOTICE file
+  distributed with this work for additional information
+  regarding copyright ownership.  The ASF licenses this file
+  to you under the Apache License, Version 2.0 (the
+  "License"); you may not use this file except in compliance
+  with the License.  You may obtain a copy of the License at
+  
+  http://www.apache.org/licenses/LICENSE-2.0
+  
+  Unless required by applicable law or agreed to in writing,
+  software distributed under the License is distributed on an
+  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+  KIND, either express or implied.  See the License for the
+  specific language governing permissions and limitations
+  under the License.
+-->
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+  <modelVersion>4.0.0</modelVersion>
+  <parent>
+    <groupId>org.apache.directory.shared</groupId>
+    <artifactId>shared-parent</artifactId>
+    <version>0.9.20-SNAPSHOT</version>
+  </parent>
+  
+  <artifactId>shared-ldap-aci</artifactId>
+  <name>Apache Directory Shared LDAP ACI parser</name>
+
+  <description>ACI parser implementation bundle</description>
+  
+  <dependencies>
+    <dependency>
+      <groupId>org.apache.directory.junit</groupId>
+      <artifactId>junit-addons</artifactId>
+      <scope>test</scope>
+    </dependency>
+    
+    <dependency>
+      <groupId>${project.groupId}</groupId>
+      <artifactId>shared-i18n</artifactId>
+    </dependency>
+
+    <dependency>
+      <groupId>antlr</groupId>
+      <artifactId>antlr</artifactId>
+    </dependency>
+    
+    <dependency>
+      <groupId>${project.groupId}</groupId>
+      <artifactId>shared-ldap</artifactId>
+    </dependency>
+  </dependencies>
+
+  <build>
+    <plugins>
+      <plugin>
+        <artifactId>maven-surefire-plugin</artifactId>
+        <groupId>org.apache.maven.plugins</groupId>
+        <configuration>
+          <systemPropertyVariables>
+            <workingDirectory>${basedir}/target</workingDirectory>
+          </systemPropertyVariables>
+        </configuration>
+      </plugin>
+
+      <plugin>
+        <groupId>org.apache.maven.plugins</groupId>
+        <artifactId>maven-antlr-plugin</artifactId>
+        <configuration>
+          <grammars>ACIItem.g ACIItemChecker.g</grammars>
+        </configuration>
+        <executions>
+           <execution>
+              <goals>
+                 <goal>generate</goal>
+              </goals>
+           </execution>
+        </executions>
+      </plugin>
+    </plugins>
+  </build>
+</project>

Added: directory/shared/trunk/ldap-aci/src/main/antlr/ACIItem.g
URL: http://svn.apache.org/viewvc/directory/shared/trunk/ldap-aci/src/main/antlr/ACIItem.g?rev=959029&view=auto
==============================================================================
--- directory/shared/trunk/ldap-aci/src/main/antlr/ACIItem.g (added)
+++ directory/shared/trunk/ldap-aci/src/main/antlr/ACIItem.g Tue Jun 29 16:56:07 2010
@@ -0,0 +1,1497 @@
+header
+{
+/*
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *  
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *  
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License. 
+ *  
+ */
+
+
+package org.apache.directory.shared.ldap.aci;
+
+
+import java.util.List;
+import java.util.ArrayList;
+import java.util.HashSet;
+import java.util.Map;
+import java.util.Set;
+import java.util.Enumeration;
+
+import javax.naming.directory.Attribute;
+import javax.naming.directory.BasicAttribute;
+
+import org.apache.directory.shared.ldap.filter.BranchNode;
+import org.apache.directory.shared.ldap.filter.AndNode;
+import org.apache.directory.shared.ldap.filter.OrNode;
+import org.apache.directory.shared.ldap.filter.NotNode;
+import org.apache.directory.shared.ldap.filter.ExprNode;
+import org.apache.directory.shared.ldap.filter.LeafNode;
+import org.apache.directory.shared.ldap.filter.EqualityNode;
+import org.apache.directory.shared.ldap.filter.FilterParser;
+import org.apache.directory.shared.ldap.name.NameComponentNormalizer;
+import org.apache.directory.shared.ldap.subtree.SubtreeSpecification;
+import org.apache.directory.shared.ldap.subtree.SubtreeSpecificationModifier;
+import org.apache.directory.shared.ldap.util.ComponentsMonitor;
+import org.apache.directory.shared.ldap.util.MandatoryAndOptionalComponentsMonitor;
+import org.apache.directory.shared.ldap.util.MandatoryComponentsMonitor;
+import org.apache.directory.shared.ldap.util.NamespaceTools;
+import org.apache.directory.shared.ldap.util.NoDuplicateKeysMap;
+import org.apache.directory.shared.ldap.util.OptionalComponentsMonitor;
+import org.apache.directory.shared.ldap.name.DN;
+import org.apache.directory.shared.ldap.name.RDN;
+import org.apache.directory.shared.ldap.constants.SchemaConstants;
+import org.apache.directory.shared.ldap.constants.AuthenticationLevel;
+import org.apache.directory.shared.ldap.schema.normalizers.OidNormalizer;
+import org.apache.directory.shared.ldap.entry.StringValue;
+import org.apache.directory.shared.ldap.aci.protectedItem.AllAttributeValuesItem;
+import org.apache.directory.shared.ldap.aci.protectedItem.AttributeTypeItem;
+import org.apache.directory.shared.ldap.aci.protectedItem.AttributeValueItem;
+import org.apache.directory.shared.ldap.aci.protectedItem.SelfValueItem;
+import org.apache.directory.shared.ldap.entry.EntryAttribute;
+import org.apache.directory.shared.ldap.entry.DefaultEntryAttribute;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+}
+
+
+// ----------------------------------------------------------------------------
+// parser class definition
+// ----------------------------------------------------------------------------
+
+/**
+ * The antlr generated ACIItem parser.
+ *
+ * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
+ */
+class AntlrACIItemParser extends Parser;
+
+
+// ----------------------------------------------------------------------------
+// parser options
+// ----------------------------------------------------------------------------
+
+options
+{
+    k = 1; // ;-)
+    defaultErrorHandler = false;
+}
+
+
+// ----------------------------------------------------------------------------
+// imaginary tokens
+// ----------------------------------------------------------------------------
+
+tokens
+{
+    ATTRIBUTE_VALUE_CANDIDATE;
+    RANGE_OF_VALUES_CANDIDATE;
+}
+
+
+// ----------------------------------------------------------------------------
+// parser initialization
+// ----------------------------------------------------------------------------
+
+{
+    private static final Logger log = LoggerFactory.getLogger( AntlrACIItemParser.class );
+    
+    NameComponentNormalizer normalizer;
+    
+    // nonshared global data needed to avoid extensive pass/return stuff
+    // these are only used by three first order components
+    private String identificationTag;
+    private AuthenticationLevel authenticationLevel;
+    private Integer aciPrecedence = null;
+    
+    private boolean isItemFirstACIItem;
+    
+    // shared global data needed to avoid extensive pass/return stuff
+    private Set<ProtectedItem> protectedItems;
+    private Map<String, ProtectedItem> protectedItemsMap;
+    private Set<UserClass> userClasses;
+    private Map<String, UserClass> userClassesMap;
+    private Set<ItemPermission> itemPermissions;
+    private Integer precedence = null;
+    private Set<GrantAndDenial> grantsAndDenials;
+    private Set<UserPermission> userPermissions;
+    private Map<String, OidNormalizer> oidsMap;
+    
+    private Set<DN> chopBeforeExclusions;
+    private Set<DN> chopAfterExclusions;
+    private SubtreeSpecificationModifier ssModifier = null;
+    
+    private ComponentsMonitor mainACIItemComponentsMonitor;
+    private ComponentsMonitor itemPermissionComponentsMonitor;
+    private ComponentsMonitor userPermissionComponentsMonitor;
+    private ComponentsMonitor subtreeSpecificationComponentsMonitor;
+    
+    
+    /**
+     * Creates a (normalizing) subordinate DnParser for parsing Names.
+     * This method MUST be called for each instance while we cannot do
+     * constructor overloading for this class.
+     *
+     * @return the DnParser to be used for parsing Names
+     */
+    public void init( Map<String, OidNormalizer> oidsMap )
+    {
+        this.oidsMap = oidsMap;
+    }
+
+    /**
+     * Sets the NameComponentNormalizer for this parser's dnParser.
+     */
+    public void setNormalizer(NameComponentNormalizer normalizer)
+    {
+        this.normalizer = normalizer;
+    }
+
+    private int token2Integer( Token token ) throws RecognitionException
+    {
+        int i = 0;
+        
+        try
+        {
+            i = Integer.parseInt( token.getText());
+        }
+        catch ( NumberFormatException e )
+        {
+            throw new RecognitionException( "Value of INTEGER token " +
+                                            token.getText() +
+                                            " cannot be converted to an Integer" );
+        }
+        
+        return i;
+    }
+}
+
+
+// ----------------------------------------------------------------------------
+// parser productions
+// ----------------------------------------------------------------------------
+
+wrapperEntryPoint returns [ ACIItem aciItem ]
+{
+    log.debug( "entered wrapperEntryPoint()" );
+    aciItem = null;
+}
+    :
+    ( SP )* aciItem = theACIItem ( SP )* EOF
+    ;
+
+theACIItem returns [ ACIItem aciItem ]
+{
+    log.debug( "entered theACIItem()" );
+    aciItem = null;
+    mainACIItemComponentsMonitor = new MandatoryComponentsMonitor( 
+            new String [] { "identificationTag", "precedence", "authenticationLevel", "itemOrUserFirst" } );
+}
+    :
+    OPEN_CURLY
+        ( SP )* mainACIItemComponent ( SP )*
+            ( SEP ( SP )* mainACIItemComponent ( SP )* )*
+    CLOSE_CURLY
+    {
+        if ( !mainACIItemComponentsMonitor.finalStateValid() )
+        {
+            throw new RecognitionException( "Missing mandatory ACIItem components: " 
+                    + mainACIItemComponentsMonitor.getRemainingComponents() );
+        }
+        
+        if ( isItemFirstACIItem )
+        {
+            aciItem = new ItemFirstACIItem(
+                    identificationTag,
+                    aciPrecedence,
+                    authenticationLevel,
+                    protectedItems,
+                    itemPermissions );
+        }
+        else
+        {
+            aciItem = new UserFirstACIItem(
+                    identificationTag,
+                    aciPrecedence,
+                    authenticationLevel,
+                    userClasses,
+                    userPermissions );
+        }
+    }
+    ;
+    
+mainACIItemComponent
+{
+    log.debug( "entered mainACIItemComponent()" );
+}
+    :
+    aci_identificationTag
+    {
+        mainACIItemComponentsMonitor.useComponent( "identificationTag" );
+    }
+    | aci_precedence
+    {
+        mainACIItemComponentsMonitor.useComponent( "precedence" );
+    }
+    | aci_authenticationLevel
+    {
+        mainACIItemComponentsMonitor.useComponent( "authenticationLevel" );
+    }
+    | aci_itemOrUserFirst
+    {
+        mainACIItemComponentsMonitor.useComponent( "itemOrUserFirst" );
+    }
+    ;
+    exception
+    catch [IllegalArgumentException e]
+    {
+        throw new RecognitionException( e.getMessage() );
+    }
+    
+aci_identificationTag
+{
+    log.debug( "entered aci_identificationTag()" );
+}
+    :
+    ID_identificationTag ( SP )+ token:SAFEUTF8STRING
+    {
+        identificationTag = token.getText();
+    }
+    ;
+
+aci_precedence
+{
+    log.debug( "entered aci_precedence()" );
+}
+    :
+    precedence
+    {
+        aciPrecedence = Integer.valueOf( precedence );
+        precedence = null;
+    }
+    ;
+
+precedence
+{
+    log.debug( "entered precedence()" );
+}
+    :
+    ID_precedence ( SP )+ token:INTEGER
+    {
+        precedence = Integer.valueOf( token2Integer( token ) );
+        
+        if ( ( precedence < 0 ) || ( precedence > 255 ) )
+        {
+            throw new RecognitionException( "Expecting INTEGER token having an Integer value between 0 and 255, found " + precedence );
+        }
+    }
+    ;
+
+aci_authenticationLevel
+{
+    log.debug( "entered aci_authenticationLevel()" );
+}
+    :
+    ID_authenticationLevel ( SP )+ authenticationLevel
+    ;
+
+authenticationLevel
+{
+    log.debug( "entered authenticationLevel()" );
+}
+    :
+    ID_none
+    {
+        authenticationLevel = AuthenticationLevel.NONE;
+    }
+    |
+    ID_simple
+    {
+        authenticationLevel = AuthenticationLevel.SIMPLE;
+    }
+    |
+    ID_strong
+    {
+        authenticationLevel = AuthenticationLevel.STRONG;
+    }
+    ;
+
+aci_itemOrUserFirst
+{
+    log.debug( "entered aci_itemOrUserFirst()" );
+}
+    :
+    ID_itemOrUserFirst ( SP )+ itemOrUserFirst
+    ;
+
+itemOrUserFirst
+{
+    log.debug( "entered itemOrUserFirst()" );
+}
+    :
+    itemFirst | userFirst
+    ;
+
+itemFirst
+{
+    log.debug( "entered itemFirst()" );
+}
+    :
+    ID_itemFirst ( SP )* COLON ( SP )*
+        OPEN_CURLY ( SP )*
+          protectedItems ( SP )* SEP ( SP )* itemPermissions
+        ( SP )* CLOSE_CURLY
+    {
+        isItemFirstACIItem = true;
+    }
+    ;
+
+userFirst
+{
+    log.debug( "entered userFirst()" );
+}
+    :
+    ID_userFirst ( SP )* COLON ( SP )*
+        OPEN_CURLY ( SP )*
+              userClasses ( SP )* SEP ( SP )* userPermissions
+        ( SP )* CLOSE_CURLY
+    {
+        isItemFirstACIItem = false;
+    }
+    ;
+
+protectedItems
+{
+    log.debug( "entered protectedItems()" );
+    protectedItemsMap = new NoDuplicateKeysMap();
+}
+    :
+    ID_protectedItems ( SP )*
+        OPEN_CURLY ( SP )*
+            (
+                protectedItem ( SP )*
+                    ( SEP ( SP )* protectedItem ( SP )* )*
+            )?
+        CLOSE_CURLY
+    {
+        protectedItems = new HashSet<ProtectedItem>( protectedItemsMap.values() );
+    }
+    ;
+    exception
+    catch [IllegalArgumentException e]
+    {
+        throw new RecognitionException( "Protected Items cannot be duplicated. " + e.getMessage() );
+    }
+
+protectedItem
+{
+    log.debug( "entered protectedItem()" );
+}
+    :
+    entry
+    | allUserAttributeTypes
+    | attributeType
+    | allAttributeValues 
+    | allUserAttributeTypesAndValues
+    | attributeValue
+    | selfValue
+    | rangeOfValues
+    | maxValueCount
+    | maxImmSub
+    | restrictedBy
+    | classes
+    ;
+
+entry
+{
+    log.debug( "entered entry()" );  
+}
+    :
+    ID_entry
+    {
+        protectedItemsMap.put( "entry", ProtectedItem.ENTRY );
+    }
+    ;
+
+allUserAttributeTypes
+{
+    log.debug( "entered allUserAttributeTypes()" );
+}
+    :
+    ID_allUserAttributeTypes
+    {
+        protectedItemsMap.put( "allUserAttributeTypes", ProtectedItem.ALL_USER_ATTRIBUTE_TYPES );
+    }
+    ;
+
+attributeType
+{
+    log.debug( "entered attributeType()" );
+    Set<String> attributeTypeSet = null;
+}
+    :
+    ID_attributeType ( SP )+ attributeTypeSet=attributeTypeSet
+    {
+        protectedItemsMap.put( "attributeType", new AttributeTypeItem(attributeTypeSet ) );
+    }
+    ;
+
+allAttributeValues
+{
+    log.debug( "entered allAttributeValues()" );
+    Set<String> attributeTypeSet = null;
+}
+    :
+    ID_allAttributeValues ( SP )+ attributeTypeSet=attributeTypeSet
+    {
+        protectedItemsMap.put( "allAttributeValues", new AllAttributeValuesItem( attributeTypeSet ) );
+    }
+    ;
+
+allUserAttributeTypesAndValues
+{
+    log.debug( "entered allUserAttributeTypesAndValues()" );
+}
+    :
+    ID_allUserAttributeTypesAndValues
+    {
+        protectedItemsMap.put( "allUserAttributeTypesAndValues", ProtectedItem.ALL_USER_ATTRIBUTE_TYPES_AND_VALUES );
+    }
+    ;
+
+attributeValue
+{
+    log.debug( "entered attributeValue()" );
+    String attributeTypeAndValue = null;
+    String attributeType = null;
+    String attributeValue = null;
+    Set<EntryAttribute> attributeSet = new HashSet<EntryAttribute>();
+}
+    :
+    token:ATTRIBUTE_VALUE_CANDIDATE // ate the identifier for subordinate dn parser workaround
+    {
+        // A Dn can be considered as a set of attributeTypeAndValues
+        // So, parse the set as a Dn and extract each attributeTypeAndValue
+        DN attributeTypeAndValueSetAsDn = new DN( token.getText() );
+        
+        if ( oidsMap != null )
+        {        
+            attributeTypeAndValueSetAsDn.normalize( oidsMap );
+        }
+        
+        for ( RDN rdn :attributeTypeAndValueSetAsDn.getRdns() )
+        {
+            attributeTypeAndValue = rdn.getNormName();
+            attributeType = NamespaceTools.getRdnAttribute( attributeTypeAndValue );
+            attributeValue = NamespaceTools.getRdnValue( attributeTypeAndValue );
+            
+            attributeSet.add( new DefaultEntryAttribute( attributeType, attributeValue ) );
+            log.debug( "An attributeTypeAndValue from the set: " + attributeType + "=" +  attributeValue);
+        }
+        
+        protectedItemsMap.put( "attributeValue", new AttributeValueItem( attributeSet ) );
+    }
+    ;
+    exception
+    catch [Exception e]
+    {
+        throw new RecognitionException( "dnParser failed for " + token.getText() + " , " + e.getMessage() );
+    }
+
+selfValue
+{
+    log.debug( "entered selfValue()" );
+    Set<String> attributeTypeSet = null;
+}
+    :
+    ID_selfValue ( SP )+ attributeTypeSet=attributeTypeSet
+    {
+        protectedItemsMap.put( "sefValue", new SelfValueItem( attributeTypeSet ) );
+    }
+    ;
+
+rangeOfValues
+{
+    log.debug( "entered rangeOfValues()" );
+}
+    :
+    token:RANGE_OF_VALUES_CANDIDATE
+    {
+        protectedItemsMap.put( "rangeOfValues",
+                new ProtectedItem.RangeOfValues(
+                        FilterParser.parse( token.getText() ) ) );
+        log.debug( "filterParser parsed " + token.getText() );
+    }
+    ;
+    exception
+    catch [Exception e]
+    {
+        throw new RecognitionException( "filterParser failed. " + e.getMessage() );
+    }   
+
+maxValueCount
+{
+    log.debug( "entered maxValueCount()" );
+    ProtectedItem.MaxValueCountItem maxValueCount = null;
+    Set<ProtectedItem.MaxValueCountItem> maxValueCountSet = new HashSet<ProtectedItem.MaxValueCountItem>();
+}
+    :
+    ID_maxValueCount ( SP )+
+    OPEN_CURLY ( SP )*
+        maxValueCount=aMaxValueCount ( SP )*
+        {
+            maxValueCountSet.add( maxValueCount );
+        }
+            ( SEP ( SP )* maxValueCount=aMaxValueCount ( SP )*
+            {
+                maxValueCountSet.add( maxValueCount );
+            }
+            )*
+    CLOSE_CURLY
+    {
+        protectedItemsMap.put( "maxValueCount", new ProtectedItem.MaxValueCount( maxValueCountSet ) );
+    }
+    ;
+
+aMaxValueCount returns [ ProtectedItem.MaxValueCountItem maxValueCount ]
+{
+    log.debug( "entered aMaxValueCount()" );
+    maxValueCount = null;
+    String oid = null;
+    Token token = null;
+}
+    :
+    OPEN_CURLY ( SP )*
+        (
+          ID_type ( SP )+ oid=oid ( SP )* SEP ( SP )*
+          ID_maxCount ( SP )+ token1:INTEGER
+          { token = token1; }
+        | // relaxing
+          ID_maxCount ( SP )+ token2:INTEGER ( SP )* SEP ( SP )*
+          ID_type ( SP )+ oid=oid
+          { token = token2; }
+        )
+    ( SP )* CLOSE_CURLY
+    {
+        maxValueCount = new ProtectedItem.MaxValueCountItem( oid, token2Integer( token ) );
+    }
+    ;
+
+maxImmSub
+{
+    log.debug( "entered maxImmSub()" );
+}
+    :
+    ID_maxImmSub ( SP )+ token:INTEGER
+    {
+        
+        protectedItemsMap.put( "maxImmSub",
+                new ProtectedItem.MaxImmSub(
+                        token2Integer( token ) ) );
+    }
+    ;
+
+restrictedBy
+{
+    log.debug( "entered restrictedBy()" );
+    ProtectedItem.RestrictedByItem restrictedValue = null;
+    Set<ProtectedItem.RestrictedByItem> restrictedBy = new HashSet<ProtectedItem.RestrictedByItem>();
+}
+    :
+    ID_restrictedBy ( SP )+
+        OPEN_CURLY ( SP )*
+            restrictedValue=restrictedValue ( SP )*
+            {
+                restrictedBy.add( restrictedValue );
+            }
+                    ( SEP ( SP )* restrictedValue=restrictedValue ( SP )*
+                    {
+                        restrictedBy.add( restrictedValue );
+                    }
+                    )*
+        CLOSE_CURLY
+    {
+        protectedItemsMap.put( "restrictedBy", new ProtectedItem.RestrictedBy( restrictedBy ) );
+    }
+    ;
+
+restrictedValue returns [ ProtectedItem.RestrictedByItem restrictedValue ]
+{
+    log.debug( "entered restrictedValue()" );
+    String typeOid = null;
+    String valuesInOid = null;
+    restrictedValue = null;
+}
+    :
+    OPEN_CURLY ( SP )*
+        (
+          ID_type ( SP )+ typeOid=oid ( SP )* SEP ( SP )*
+          ID_valuesIn ( SP )+ valuesInOid=oid
+        | // relaxing
+          ID_valuesIn ( SP )+ valuesInOid=oid ( SP )* SEP ( SP )*
+          ID_type ( SP )+ typeOid=oid
+        )
+    ( SP )* CLOSE_CURLY
+    {
+        restrictedValue = new ProtectedItem.RestrictedByItem( typeOid, valuesInOid );
+    }
+    ;
+
+attributeTypeSet returns [ Set<String> attributeTypeSet ]
+{
+    log.debug( "entered attributeTypeSet()" );
+    String oid = null;
+    attributeTypeSet = new HashSet<String>();
+}
+    :
+    OPEN_CURLY ( SP )*
+        oid=oid ( SP )*
+        {
+            attributeTypeSet.add( oid );
+        }
+            ( SEP ( SP )* oid=oid ( SP )*
+            {
+                attributeTypeSet.add( oid );
+            }
+            )*
+    CLOSE_CURLY
+    ;
+
+classes
+{
+    log.debug( "entered classes()" );
+    ExprNode classes = null;
+}
+    :
+    ID_classes ( SP )+ classes=refinement
+    {
+        protectedItemsMap.put( "classes", new ProtectedItem.Classes( classes ) );
+    }
+    ;
+
+itemPermissions
+{
+    log.debug( "entered itemPermissions()" );
+    itemPermissions = new HashSet<ItemPermission>();
+    ItemPermission itemPermission = null;
+}
+    :
+    ID_itemPermissions ( SP )+
+        OPEN_CURLY ( SP )*
+            ( itemPermission=itemPermission ( SP )*
+              {
+                  itemPermissions.add( itemPermission );
+              }
+                ( SEP ( SP )* itemPermission=itemPermission ( SP )*
+                  {
+                      itemPermissions.add( itemPermission );
+                  }
+                )*
+            )?
+        CLOSE_CURLY
+    ;
+
+itemPermission returns [ ItemPermission itemPermission ]
+{
+    log.debug( "entered itemPermission()" );
+    itemPermission = null;
+    itemPermissionComponentsMonitor = new MandatoryAndOptionalComponentsMonitor( 
+            new String [] { "userClasses", "grantsAndDenials" }, new String [] { "precedence" } );
+}
+    :
+    OPEN_CURLY ( SP )*
+        anyItemPermission ( SP )*
+            ( SEP ( SP )* anyItemPermission ( SP )* )*
+    CLOSE_CURLY
+    {
+        if ( !itemPermissionComponentsMonitor.finalStateValid() )
+        {
+            throw new RecognitionException( "Missing mandatory itemPermission components: " 
+                    + itemPermissionComponentsMonitor.getRemainingComponents() );
+        }
+        
+        itemPermission = new ItemPermission( precedence, grantsAndDenials, userClasses );
+        precedence = null;
+    }
+    ;
+
+anyItemPermission
+    :
+    precedence
+    {
+        itemPermissionComponentsMonitor.useComponent( "precedence" );
+    }
+    | userClasses
+    {
+        itemPermissionComponentsMonitor.useComponent( "userClasses" );
+    }
+    | grantsAndDenials
+    {
+        itemPermissionComponentsMonitor.useComponent( "grantsAndDenials" );
+    }
+    ;
+    exception
+    catch [IllegalArgumentException e]
+    {
+        throw new RecognitionException( e.getMessage() );
+    }
+
+grantsAndDenials
+{
+    log.debug( "entered grantsAndDenials()" );
+    grantsAndDenials = new HashSet<GrantAndDenial>();
+    GrantAndDenial grantAndDenial = null;
+}
+    :
+    ID_grantsAndDenials ( SP )+
+    OPEN_CURLY ( SP )*
+        ( grantAndDenial = grantAndDenial ( SP )*
+          {
+              if ( !grantsAndDenials.add( grantAndDenial ))
+              {
+                  throw new RecognitionException( "Duplicated GrantAndDenial bit: " + grantAndDenial );
+              }
+          }
+            ( SEP ( SP )* grantAndDenial = grantAndDenial ( SP )*
+              {
+                  if ( !grantsAndDenials.add( grantAndDenial ))
+                  {
+                      throw new RecognitionException( "Duplicated GrantAndDenial bit: " + grantAndDenial );
+                  }
+              }
+            )*
+        )?
+    CLOSE_CURLY
+    ;
+
+grantAndDenial returns [ GrantAndDenial l_grantAndDenial ]
+{
+    log.debug( "entered grantAndDenialsBit()" );
+    l_grantAndDenial = null;
+}
+    :
+    ID_grantAdd { l_grantAndDenial = GrantAndDenial.GRANT_ADD; }
+    | ID_denyAdd { l_grantAndDenial = GrantAndDenial.DENY_ADD; }
+    | ID_grantDiscloseOnError { l_grantAndDenial = GrantAndDenial.GRANT_DISCLOSE_ON_ERROR; }
+    | ID_denyDiscloseOnError { l_grantAndDenial = GrantAndDenial.DENY_DISCLOSE_ON_ERROR; }
+    | ID_grantRead { l_grantAndDenial = GrantAndDenial.GRANT_READ; }
+    | ID_denyRead { l_grantAndDenial = GrantAndDenial.DENY_READ; }
+    | ID_grantRemove { l_grantAndDenial = GrantAndDenial.GRANT_REMOVE; }
+    | ID_denyRemove { l_grantAndDenial = GrantAndDenial.DENY_REMOVE; }
+    //-- permissions that may be used only in conjunction
+    //-- with the entry component
+    | ID_grantBrowse { l_grantAndDenial = GrantAndDenial.GRANT_BROWSE; }
+    | ID_denyBrowse { l_grantAndDenial = GrantAndDenial.DENY_BROWSE; }
+    | ID_grantExport { l_grantAndDenial = GrantAndDenial.GRANT_EXPORT; }
+    | ID_denyExport { l_grantAndDenial = GrantAndDenial.DENY_EXPORT; }
+    | ID_grantImport { l_grantAndDenial = GrantAndDenial.GRANT_IMPORT; }
+    | ID_denyImport { l_grantAndDenial = GrantAndDenial.DENY_IMPORT; }
+    | ID_grantModify { l_grantAndDenial = GrantAndDenial.GRANT_MODIFY; }
+    | ID_denyModify { l_grantAndDenial = GrantAndDenial.DENY_MODIFY; }
+    | ID_grantRename { l_grantAndDenial = GrantAndDenial.GRANT_RENAME; }
+    | ID_denyRename { l_grantAndDenial = GrantAndDenial.DENY_RENAME; }
+    | ID_grantReturnDN { l_grantAndDenial = GrantAndDenial.GRANT_RETURN_DN; }
+    | ID_denyReturnDN { l_grantAndDenial = GrantAndDenial.DENY_RETURN_DN; }
+    //-- permissions that may be used in conjunction
+    //-- with any component, except entry, of ProtectedItems
+    | ID_grantCompare { l_grantAndDenial = GrantAndDenial.GRANT_COMPARE; }
+    | ID_denyCompare { l_grantAndDenial = GrantAndDenial.DENY_COMPARE; }
+    | ID_grantFilterMatch { l_grantAndDenial = GrantAndDenial.GRANT_FILTER_MATCH; }
+    | ID_denyFilterMatch { l_grantAndDenial = GrantAndDenial.DENY_FILTER_MATCH; }
+    | ID_grantInvoke { l_grantAndDenial = GrantAndDenial.GRANT_INVOKE; }
+    | ID_denyInvoke { l_grantAndDenial = GrantAndDenial.DENY_INVOKE; }
+    ;
+
+userClasses
+{
+    log.debug( "entered userClasses()" );
+    userClassesMap = new NoDuplicateKeysMap();
+}
+    :
+    ID_userClasses ( SP )+
+    OPEN_CURLY ( SP )*
+        (
+            userClass ( SP )*
+                ( SEP ( SP )* userClass ( SP )* )*
+        )?
+    CLOSE_CURLY
+    {
+        userClasses  = new HashSet<UserClass>( userClassesMap.values() );
+    }
+    ;
+    exception
+    catch [IllegalArgumentException e]
+    {
+        throw new RecognitionException( "User Classes cannot be duplicated. " + e.getMessage() );
+    }
+
+userClass
+{
+    log.debug( "entered userClasses()" );
+}
+    :
+    allUsers
+    | thisEntry
+    | parentOfEntry
+    | name
+    | userGroup
+    | subtree
+    ;
+
+allUsers
+{
+    log.debug( "entered allUsers()" );
+}
+    :
+    ID_allUsers
+    {
+        userClassesMap.put( "allUsers", UserClass.ALL_USERS );
+    }
+    ;
+
+thisEntry
+{
+    log.debug( "entered thisEntry()" );
+}
+    :
+    ID_thisEntry
+    {
+        userClassesMap.put( "thisEntry", UserClass.THIS_ENTRY );
+    }
+    ;
+
+parentOfEntry
+{
+    log.debug( "entered parentOfEntry()" );
+}
+    :
+    ID_parentOfEntry
+    {
+        userClassesMap.put( "parentOfEntry", UserClass.PARENT_OF_ENTRY );
+    }
+    ;
+
+name
+{
+    log.debug( "entered name()" );
+    Set<DN> names = new HashSet<DN>();
+    DN distinguishedName = null;
+}
+    :
+    ID_name ( SP )+ 
+        OPEN_CURLY ( SP )*
+            distinguishedName=distinguishedName ( SP )*
+            {
+                names.add( distinguishedName );
+            }
+                ( SEP ( SP )* distinguishedName=distinguishedName ( SP )*
+                {
+                    names.add( distinguishedName );
+                } )*
+        CLOSE_CURLY
+    {
+        userClassesMap.put( "name", new UserClass.Name( names ) );
+    }
+    ;
+
+userGroup
+{
+    log.debug( "entered userGroup()" );
+    Set<DN> userGroup = new HashSet<DN>();
+    DN distinguishedName = null;
+}
+    :
+    ID_userGroup ( SP )+ 
+        OPEN_CURLY ( SP )*
+            distinguishedName=distinguishedName ( SP )*
+            {
+                userGroup.add( distinguishedName );
+            }
+                ( SEP ( SP )* distinguishedName=distinguishedName ( SP )*
+                {
+                    userGroup.add( distinguishedName );
+                } )*
+        CLOSE_CURLY
+    {
+        userClassesMap.put( "userGroup", new UserClass.UserGroup( userGroup ) );
+    }
+    ;
+
+subtree
+{
+    log.debug( "entered subtree()" );
+    Set<SubtreeSpecification> subtrees = new HashSet<SubtreeSpecification>();
+    SubtreeSpecification subtreeSpecification = null;    
+}
+    :
+    ID_subtree ( SP )+
+        OPEN_CURLY ( SP )*
+            subtreeSpecification=subtreeSpecification ( SP )*
+            {
+                subtrees.add( subtreeSpecification );
+            }
+                ( SEP ( SP )* subtreeSpecification=subtreeSpecification ( SP )*
+                {
+                    subtrees.add( subtreeSpecification );
+                } )*
+        CLOSE_CURLY
+    {
+        userClassesMap.put( "subtree", new UserClass.Subtree( subtrees ) );
+    }
+    ;
+
+userPermissions
+{
+    log.debug( "entered userPermissions()" );
+    userPermissions = new HashSet<UserPermission>();
+    UserPermission userPermission = null;
+}
+    :
+    ID_userPermissions ( SP )+
+        OPEN_CURLY ( SP )*
+            ( userPermission=userPermission ( SP )*
+              {
+                  userPermissions.add( userPermission );
+              }
+                ( SEP ( SP )* userPermission=userPermission ( SP )*
+                  {
+                      userPermissions.add( userPermission );
+                  }
+                )*
+            )?
+        CLOSE_CURLY
+    ;
+
+userPermission returns [ UserPermission userPermission ]
+{
+    log.debug( "entered userPermission()" );
+    userPermission = null;
+    userPermissionComponentsMonitor = new MandatoryAndOptionalComponentsMonitor( 
+             new String [] { "protectedItems", "grantsAndDenials" }, new String [] { "precedence" } );
+}
+     :
+     OPEN_CURLY ( SP )*
+         anyUserPermission ( SP )*
+             ( SEP ( SP )* anyUserPermission ( SP )* )*
+     CLOSE_CURLY
+     {
+         if ( !userPermissionComponentsMonitor.finalStateValid() )
+         {
+             throw new RecognitionException( "Missing mandatory userPermission components: " 
+                     + userPermissionComponentsMonitor.getRemainingComponents() );
+         }
+         
+         userPermission = new UserPermission( precedence, grantsAndDenials, protectedItems );
+         precedence = null;
+     }
+     ;
+
+anyUserPermission
+    :
+    precedence
+    {
+        userPermissionComponentsMonitor.useComponent( "precedence" );
+    }
+    | protectedItems
+    {
+        userPermissionComponentsMonitor.useComponent( "protectedItems" );
+    }
+    | grantsAndDenials
+    {
+        userPermissionComponentsMonitor.useComponent( "grantsAndDenials" );
+    }
+    ;
+    exception
+    catch [IllegalArgumentException e]
+    {
+        throw new RecognitionException( e.getMessage() );
+    }
+
+subtreeSpecification returns [SubtreeSpecification ss]
+{
+    log.debug( "entered subtreeSpecification()" );
+    // clear out ss, ssModifier, chopBeforeExclusions and chopAfterExclusions
+    // in case something is left from the last parse
+    ss = null;
+    ssModifier = new SubtreeSpecificationModifier();
+    chopBeforeExclusions = new HashSet<DN>();
+    chopAfterExclusions = new HashSet<DN>();
+    subtreeSpecificationComponentsMonitor = new OptionalComponentsMonitor( 
+            new String [] { "base", "specificExclusions", "minimum", "maximum" } );
+}
+    :
+    OPEN_CURLY ( SP )*
+        ( subtreeSpecificationComponent ( SP )*
+            ( SEP ( SP )* subtreeSpecificationComponent ( SP )* )* )?
+    CLOSE_CURLY
+    {
+        ss = ssModifier.getSubtreeSpecification();
+    }
+    ;
+
+subtreeSpecificationComponent
+{
+    log.debug( "entered subtreeSpecification()" );
+}
+    :
+    ss_base
+    {
+        subtreeSpecificationComponentsMonitor.useComponent( "base" );
+    }
+    | ss_specificExclusions
+    {
+        subtreeSpecificationComponentsMonitor.useComponent( "specificExclusions" );
+    }
+    | ss_minimum
+    {
+        subtreeSpecificationComponentsMonitor.useComponent( "minimum" );
+    }
+    | ss_maximum
+    {
+        subtreeSpecificationComponentsMonitor.useComponent( "maximum" );
+    }
+    ;
+    exception
+    catch [IllegalArgumentException e]
+    {
+        throw new RecognitionException( e.getMessage() );
+    }
+
+ss_base
+{
+    log.debug( "entered ss_base()" );
+    DN base = null;
+}
+    :
+    ID_base ( SP )+ base=distinguishedName
+    {
+        ssModifier.setBase( base );
+    }
+    ;
+
+ss_specificExclusions
+{
+    log.debug( "entered ss_specificExclusions()" );
+}
+    :
+    ID_specificExclusions ( SP )+ specificExclusions
+    {
+        ssModifier.setChopBeforeExclusions( chopBeforeExclusions );
+        ssModifier.setChopAfterExclusions( chopAfterExclusions );
+    }
+    ;
+
+specificExclusions
+{
+    log.debug( "entered specificExclusions()" );
+}
+    :
+    OPEN_CURLY ( SP )*
+        ( specificExclusion ( SP )*
+            ( SEP ( SP )* specificExclusion ( SP )* )*
+        )?
+    CLOSE_CURLY
+    ;
+
+specificExclusion
+{
+    log.debug( "entered specificExclusion()" );
+}
+    :
+    chopBefore | chopAfter
+    ;
+
+chopBefore
+{
+    log.debug( "entered chopBefore()" );
+    DN chopBeforeExclusion = null;
+}
+    :
+    ID_chopBefore ( SP )* COLON ( SP )* chopBeforeExclusion=distinguishedName
+    {
+        chopBeforeExclusions.add( chopBeforeExclusion );
+    }
+    ;
+
+chopAfter
+{
+    log.debug( "entered chopAfter()" );
+    DN chopAfterExclusion = null;
+}
+    :
+    ID_chopAfter ( SP )* COLON ( SP )* chopAfterExclusion=distinguishedName
+    {
+        chopAfterExclusions.add( chopAfterExclusion );
+    }
+    ;
+
+ss_minimum
+{
+    log.debug( "entered ss_minimum()" );
+    int minimum = 0;
+}
+    :
+    ID_minimum ( SP )+ minimum=baseDistance
+    {
+        ssModifier.setMinBaseDistance( minimum );
+    }
+    ;
+
+ss_maximum
+{
+    log.debug( "entered ss_maximum()" );
+    int maximum = 0;
+}
+    :
+    ID_maximum ( SP )+ maximum=baseDistance
+    {
+        ssModifier.setMaxBaseDistance( maximum );
+    }
+    ;
+
+distinguishedName returns [ DN name ] 
+{
+    log.debug( "entered distinguishedName()" );
+    name = null;
+}
+    :
+    token:SAFEUTF8STRING
+    {
+        name = new DN( token.getText() );
+        if ( oidsMap != null )
+        {
+            name.normalize( oidsMap );
+        }
+        log.debug( "recognized a DistinguishedName: " + token.getText() );
+    }
+    ;
+    exception
+    catch [Exception e]
+    {
+        throw new RecognitionException( "dnParser failed for " + token.getText() + " " + e.getMessage() );
+    }
+
+baseDistance returns [ int distance ]
+{
+    log.debug( "entered baseDistance()" );
+    distance = 0;
+}
+    :
+    token:INTEGER
+    {
+        distance = token2Integer( token );
+    }
+    ;
+
+oid returns [ String result ]
+{
+    log.debug( "entered oid()" );
+    result = null;
+    Token token = null;
+}
+    :
+    { token = LT( 1 ); } // an interesting trick goes here ;-)
+    ( DESCR | NUMERICOID )
+    {
+        result = token.getText();
+        log.debug( "recognized an oid: " + result );
+    }
+    ;
+
+refinement returns [ ExprNode node ]
+{
+    log.debug( "entered refinement()" );
+    node = null;
+}
+    :
+    node=item | node=and | node=or | node=not
+    ;
+
+item returns [ LeafNode node ]
+{
+    log.debug( "entered item()" );
+    node = null;
+    String oid = null;
+}
+    :
+    ID_item ( SP )* COLON ( SP )* oid=oid
+    {
+        node = new EqualityNode( SchemaConstants.OBJECT_CLASS_AT , new StringValue( oid ) );
+    }
+    ;
+
+and returns [ BranchNode node ]
+{
+    log.debug( "entered and()" );
+    node = null;
+    List<ExprNode> children = null; 
+}
+    :
+    ID_and ( SP )* COLON ( SP )* children=refinements
+    {
+        node = new AndNode( children );
+    }
+    ;
+
+or returns [ BranchNode node ]
+{
+    log.debug( "entered or()" );
+    node = null;
+    List<ExprNode> children = null; 
+}
+    :
+    ID_or ( SP )* COLON ( SP )* children=refinements
+    {
+        node = new OrNode( children );
+    }
+    ;
+
+not returns [ BranchNode node ]
+{
+    log.debug( "entered not()" );
+    node = null;
+    List<ExprNode> children = null;
+}
+    :
+    ID_not ( SP )* COLON ( SP )* children=refinements
+    {
+        node = new NotNode( children );
+    }
+    ;
+
+refinements returns [ List<ExprNode> children ]
+{
+    log.debug( "entered refinements()" );
+    children = null;
+    ExprNode child = null;
+    List<ExprNode> tempChildren = new ArrayList<ExprNode>();
+}
+    :
+    OPEN_CURLY ( SP )*
+    (
+        child=refinement ( SP )*
+        {
+            tempChildren.add( child );
+        }
+        ( SEP ( SP )* child=refinement ( SP )*
+        {
+            tempChildren.add( child );
+        } )*
+    )? CLOSE_CURLY
+    {
+        children = tempChildren;
+    }
+    ;
+
+    
+//  ----------------------------------------------------------------------------
+//  lexer class definition
+//  ----------------------------------------------------------------------------
+
+/**
+  * The parser's primary lexer.
+  *
+  * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
+  */
+class AntlrACIItemLexer extends Lexer;
+
+
+//  ----------------------------------------------------------------------------
+//  lexer options
+//  ----------------------------------------------------------------------------
+
+options
+{
+    k = 2;
+    charVocabulary = '\3'..'\377';
+}
+
+
+//----------------------------------------------------------------------------
+// tokens
+//----------------------------------------------------------------------------
+
+tokens
+{
+    ID_identificationTag = "identificationTag";
+    ID_precedence = "precedence";
+    ID_FALSE = "FALSE";
+    ID_TRUE = "TRUE";
+    ID_none = "none";
+    ID_simple = "simple";
+    ID_strong = "strong";
+    ID_level = "level";
+    ID_basicLevels = "basicLevels";
+    ID_localQualifier = "localQualifier";
+    ID_signed = "signed";
+    ID_authenticationLevel = "authenticationLevel";
+    ID_itemOrUserFirst = "itemOrUserFirst";
+    ID_itemFirst = "itemFirst";
+    ID_userFirst = "userFirst";
+    ID_protectedItems = "protectedItems";
+    ID_classes = "classes";
+    ID_entry = "entry";
+    ID_allUserAttributeTypes = "allUserAttributeTypes";
+    ID_attributeType = "attributeType";
+    ID_allAttributeValues = "allAttributeValues";
+    ID_allUserAttributeTypesAndValues = "allUserAttributeTypesAndValues";
+    ID_selfValue = "selfValue";
+    ID_item = "item";
+    ID_and = "and";
+    ID_or = "or";
+    ID_not = "not";
+    ID_rangeOfValues = "rangeOfValues";
+    ID_maxValueCount = "maxValueCount";
+    ID_type = "type";
+    ID_maxCount = "maxCount";
+    ID_maxImmSub = "maxImmSub";
+    ID_restrictedBy = "restrictedBy";
+    ID_valuesIn = "valuesIn";
+    ID_userClasses = "userClasses";
+    ID_base = "base";
+    ID_specificExclusions = "specificExclusions";
+    ID_chopBefore = "chopBefore";
+    ID_chopAfter = "chopAfter";
+    ID_minimum = "minimum";
+    ID_maximum = "maximum";
+    ID_specificationFilter = "specificationFilter";
+    ID_grantsAndDenials = "grantsAndDenials";
+    ID_itemPermissions = "itemPermissions";
+    ID_userPermissions = "userPermissions";
+    ID_allUsers = "allUsers";
+    ID_thisEntry = "thisEntry";
+    ID_parentOfEntry = "parentOfEntry";
+    ID_subtree = "subtree";
+    ID_name = "name";
+    ID_userGroup = "userGroup";
+
+    ID_grantAdd = "grantAdd"; // (0),
+    ID_denyAdd = "denyAdd";  // (1),
+    ID_grantDiscloseOnError = "grantDiscloseOnError";  // (2),
+    ID_denyDiscloseOnError = "denyDiscloseOnError";  // (3),
+    ID_grantRead = "grantRead";  // (4),
+    ID_denyRead = "denyRead";  // (5),
+    ID_grantRemove = "grantRemove";  // (6),
+    ID_denyRemove = "denyRemove";  // (7),
+    //-- permissions that may be used only in conjunction
+    //-- with the entry component
+    ID_grantBrowse = "grantBrowse";  // (8),
+    ID_denyBrowse = "denyBrowse";  // (9),
+    ID_grantExport = "grantExport";  // (10),
+    ID_denyExport = "denyExport";  // (11),
+    ID_grantImport = "grantImport";  // (12),
+    ID_denyImport = "denyImport";  // (13),
+    ID_grantModify = "grantModify";  // (14),
+    ID_denyModify = "denyModify";  // (15),
+    ID_grantRename = "grantRename";  // (16),
+    ID_denyRename = "denyRename";  // (17),
+    ID_grantReturnDN = "grantReturnDN";  // (18),
+    ID_denyReturnDN = "denyReturnDN";  // (19),
+    //-- permissions that may be used in conjunction
+    //-- with any component, except entry, of ProtectedItems
+    ID_grantCompare = "grantCompare";  // (20),
+    ID_denyCompare = "denyCompare";  // (21),
+    ID_grantFilterMatch = "grantFilterMatch";  // (22),
+    ID_denyFilterMatch = "denyFilterMatch";  // (23),
+    ID_grantInvoke = "grantInvoke";  // (24),
+    ID_denyInvoke = "denyInvoke";  // (25)
+}
+
+
+// ----------------------------------------------------------------------------
+//  lexer initialization
+// ----------------------------------------------------------------------------
+
+{
+    private static final Logger log = LoggerFactory.getLogger( AntlrACIItemLexer.class );
+}
+
+
+// ----------------------------------------------------------------------------
+// attribute description lexer rules from models
+// ----------------------------------------------------------------------------
+
+//  This is all messed up - could not figure out how to get antlr to represent
+//  the safe UTF-8 character set from RFC 3642 for production SafeUTF8Character
+
+protected SAFEUTF8CHAR :
+    '\u0001'..'\u0021' |
+    '\u0023'..'\u007F' |
+    '\u00c0'..'\u00d6' |
+    '\u00d8'..'\u00f6' |
+    '\u00f8'..'\u00ff' |
+    '\u0100'..'\u1fff' |
+    '\u3040'..'\u318f' |
+    '\u3300'..'\u337f' |
+    '\u3400'..'\u3d2d' |
+    '\u4e00'..'\u9fff' |
+    '\uf900'..'\ufaff' ;
+
+OPEN_CURLY : '{' ;
+
+CLOSE_CURLY : '}' ;
+
+SEP : ',' ;
+
+SP : ' ' | '\t' | '\n' { newline(); } | '\r' ;
+
+COLON : ':' ;
+
+protected DIGIT : '0' | LDIGIT ;
+
+protected LDIGIT : '1'..'9' ;
+
+protected ALPHA : 'A'..'Z' | 'a'..'z' ;
+
+protected INTEGER : DIGIT | ( LDIGIT ( DIGIT )+ ) ;
+
+protected HYPHEN : '-' ;
+
+protected NUMERICOID : INTEGER ( DOT INTEGER )+ ;
+
+protected DOT : '.' ;
+
+INTEGER_OR_NUMERICOID
+    :
+    ( INTEGER DOT ) => NUMERICOID
+    {
+        $setType( NUMERICOID );
+    }
+    |
+    INTEGER
+    {
+        $setType( INTEGER );
+    }
+    ;
+
+SAFEUTF8STRING : '"'! ( SAFEUTF8CHAR )* '"'! ;
+
+DESCR // THIS RULE ALSO STANDS FOR AN IDENTIFIER
+    :
+    ( "attributeValue" ( SP! )+ '{' ) =>
+      "attributeValue"! ( SP! )+ '{'! ( options { greedy = false; } : . )* '}'!
+      { $setType( ATTRIBUTE_VALUE_CANDIDATE ); }
+    | ( "rangeOfValues" ( SP! )+ '(' ) =>
+      "rangeOfValues"! ( SP! )+ FILTER
+      { $setType( RANGE_OF_VALUES_CANDIDATE ); }
+    | ALPHA ( ALPHA | DIGIT | HYPHEN )*
+    ;
+
+protected FILTER : '(' ( ( '&' (SP)* (FILTER)+ ) | ( '|' (SP)* (FILTER)+ ) | ( '!' (SP)* FILTER ) | FILTER_VALUE ) ')' (SP)* ;
+
+protected FILTER_VALUE : (options{greedy=true;}: ~( ')' | '(' | '&' | '|' | '!' ) ( ~(')') )* ) ;
+

Added: directory/shared/trunk/ldap-aci/src/main/antlr/ACIItemChecker.g
URL: http://svn.apache.org/viewvc/directory/shared/trunk/ldap-aci/src/main/antlr/ACIItemChecker.g?rev=959029&view=auto
==============================================================================
--- directory/shared/trunk/ldap-aci/src/main/antlr/ACIItemChecker.g (added)
+++ directory/shared/trunk/ldap-aci/src/main/antlr/ACIItemChecker.g Tue Jun 29 16:56:07 2010
@@ -0,0 +1,780 @@
+header
+{
+/*
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *  
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *  
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License. 
+ *  
+ */
+
+
+package org.apache.directory.shared.ldap.aci;
+
+
+import org.apache.directory.shared.ldap.name.NameComponentNormalizer;
+}
+
+
+// ----------------------------------------------------------------------------
+// parser class definition
+// ----------------------------------------------------------------------------
+
+/**
+ * The antlr generated ACIItem checker.
+ *
+ * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
+ */
+class AntlrACIItemChecker extends Parser;
+
+
+// ----------------------------------------------------------------------------
+// parser options
+// ----------------------------------------------------------------------------
+
+options
+{
+    k = 1; // ;-)
+    defaultErrorHandler = false;
+}
+
+
+// ----------------------------------------------------------------------------
+// imaginary tokens
+// ----------------------------------------------------------------------------
+
+tokens
+{
+    ATTRIBUTE_VALUE_CANDIDATE;
+    RANGE_OF_VALUES_CANDIDATE;
+}
+
+
+// ----------------------------------------------------------------------------
+// parser initialization
+// ----------------------------------------------------------------------------
+
+{
+    NameComponentNormalizer normalizer;
+    
+    /**
+     * Creates a (normalizing) subordinate DnParser for parsing Names.
+     * This method MUST be called for each instance while we cannot do
+     * constructor overloading for this class.
+     *
+     * @return the DnParser to be used for parsing Names
+     */
+    public void init()
+    {
+    }
+
+    /**
+     * Sets the NameComponentNormalizer for this parser's dnParser.
+     */
+    public void setNormalizer(NameComponentNormalizer normalizer)
+    {
+        this.normalizer = normalizer;
+    }
+}
+
+
+// ----------------------------------------------------------------------------
+// parser productions
+// ----------------------------------------------------------------------------
+
+wrapperEntryPoint
+    :
+    ( SP )* theACIItem ( SP )* EOF
+    ;
+
+theACIItem
+    :
+    OPEN_CURLY
+        ( SP )* mainACIItemComponent ( SP )*
+            ( SEP ( SP )* mainACIItemComponent ( SP )* )*
+    CLOSE_CURLY
+    ;
+    
+mainACIItemComponent
+    :
+    aci_identificationTag
+    | aci_precedence
+    | aci_authenticationLevel
+    | aci_itemOrUserFirst
+    ;
+    
+aci_identificationTag
+    :
+    ID_identificationTag ( SP )+ SAFEUTF8STRING
+    ;
+
+aci_precedence
+    :
+    precedence
+    ;
+
+precedence
+    :
+    ID_precedence ( SP )+ INTEGER
+    ;
+
+aci_authenticationLevel
+    :
+    ID_authenticationLevel ( SP )+ authenticationLevel
+    ;
+
+authenticationLevel
+    :
+    ID_none
+    |
+    ID_simple
+    |
+    ID_strong
+    ;
+
+aci_itemOrUserFirst
+    :
+    ID_itemOrUserFirst ( SP )+ itemOrUserFirst
+    ;
+
+itemOrUserFirst
+    :
+    itemFirst | userFirst
+    ;
+
+itemFirst
+    :
+    ID_itemFirst ( SP )* COLON ( SP )*
+        OPEN_CURLY ( SP )*
+            ( 
+              protectedItems ( SP )*
+                SEP ( SP )* itemPermissions
+            | // relaxing
+              itemPermissions ( SP )*
+                SEP ( SP )* protectedItems
+            )
+        ( SP )* CLOSE_CURLY
+    ;
+
+userFirst
+    :
+    ID_userFirst ( SP )* COLON ( SP )*
+        OPEN_CURLY ( SP )*
+            (
+              userClasses ( SP )*
+                SEP ( SP )* userPermissions
+            | // relaxing
+              userPermissions ( SP )*
+                SEP ( SP )* userClasses
+            )
+        ( SP )* CLOSE_CURLY
+    ;
+
+protectedItems
+    :
+    ID_protectedItems ( SP )*
+        OPEN_CURLY ( SP )*
+            (
+                protectedItem ( SP )*
+                    ( SEP ( SP )* protectedItem ( SP )* )*
+            )?
+        CLOSE_CURLY
+    ;
+
+protectedItem
+    :
+    entry
+    | allUserAttributeTypes
+    | attributeType
+    | allAttributeValues 
+    | allUserAttributeTypesAndValues
+    | attributeValue
+    | selfValue
+    | rangeOfValues
+    | maxValueCount
+    | maxImmSub
+    | restrictedBy
+    | classes
+    ;
+
+entry
+    :
+    ID_entry
+    ;
+
+allUserAttributeTypes
+    :
+    ID_allUserAttributeTypes
+    ;
+
+attributeType
+    :
+    ID_attributeType ( SP )+ attributeTypeSet
+    ;
+
+allAttributeValues
+    :
+    ID_allAttributeValues ( SP )+ attributeTypeSet
+    ;
+
+allUserAttributeTypesAndValues
+    :
+    ID_allUserAttributeTypesAndValues
+    ;
+
+attributeValue
+    :
+    ATTRIBUTE_VALUE_CANDIDATE // ate the identifier for subordinate dn parser workaround
+    ;
+
+selfValue
+    :
+    ID_selfValue ( SP )+ attributeTypeSet
+    ;
+
+rangeOfValues
+    :
+    RANGE_OF_VALUES_CANDIDATE
+    ;
+
+maxValueCount
+    :
+    ID_maxValueCount ( SP )+
+    OPEN_CURLY ( SP )*
+        aMaxValueCount ( SP )*
+            ( SEP ( SP )* aMaxValueCount ( SP )*
+            )*
+    CLOSE_CURLY
+    ;
+
+aMaxValueCount
+    :
+    OPEN_CURLY ( SP )*
+        (
+          ID_type ( SP )+ oid ( SP )* SEP ( SP )*
+          ID_maxCount ( SP )+ INTEGER
+        | // relaxing
+          ID_maxCount ( SP )+ INTEGER ( SP )* SEP ( SP )*
+          ID_type ( SP )+ oid
+        )
+    ( SP )* CLOSE_CURLY
+    ;
+
+maxImmSub
+    :
+    ID_maxImmSub ( SP )+ INTEGER
+    ;
+
+restrictedBy
+    :
+    ID_restrictedBy ( SP )+
+        OPEN_CURLY ( SP )*
+            restrictedValue ( SP )*
+                    ( SEP ( SP )* restrictedValue ( SP )*
+                    )*
+        CLOSE_CURLY
+    ;
+
+restrictedValue
+    :
+    OPEN_CURLY ( SP )*
+        (
+          ID_type ( SP )+ oid ( SP )* SEP ( SP )*
+          ID_valuesIn ( SP )+ oid
+        | // relaxing
+          ID_valuesIn ( SP )+ oid ( SP )* SEP ( SP )*
+          ID_type ( SP )+ oid
+        )
+    ( SP )* CLOSE_CURLY
+    ;
+
+attributeTypeSet 
+    :
+    OPEN_CURLY ( SP )*
+        oid ( SP )*
+            ( SEP ( SP )* oid ( SP )*
+            )*
+    CLOSE_CURLY
+    ;
+
+classes
+    :
+    ID_classes ( SP )+ refinement
+    ;
+
+itemPermissions
+    :
+    ID_itemPermissions ( SP )+
+        OPEN_CURLY ( SP )*
+            ( itemPermission ( SP )*
+                ( SEP ( SP )* itemPermission ( SP )*
+                )*
+            )?
+        CLOSE_CURLY
+    ;
+
+itemPermission
+    :
+    OPEN_CURLY ( SP )*
+        anyItemPermission ( SP )*
+            ( SEP ( SP )* anyItemPermission ( SP )* )*
+    CLOSE_CURLY
+    ;
+
+anyItemPermission
+    :
+    precedence
+    | userClasses
+    | grantsAndDenials
+    ;
+
+grantsAndDenials
+    :
+    ID_grantsAndDenials ( SP )+
+    OPEN_CURLY ( SP )*
+        ( grantAndDenial ( SP )*
+            ( SEP ( SP )* grantAndDenial ( SP )*
+            )*
+        )?
+    CLOSE_CURLY
+    ;
+
+grantAndDenial
+    :
+    ID_grantAdd 
+    | ID_denyAdd
+    | ID_grantDiscloseOnError
+    | ID_denyDiscloseOnError 
+    | ID_grantRead
+    | ID_denyRead
+    | ID_grantRemove
+    | ID_denyRemove 
+    //-- permissions that may be used only in conjunction
+    //-- with the entry component
+    | ID_grantBrowse
+    | ID_denyBrowse
+    | ID_grantExport
+    | ID_denyExport
+    | ID_grantImport
+    | ID_denyImport
+    | ID_grantModify
+    | ID_denyModify
+    | ID_grantRename
+    | ID_denyRename
+    | ID_grantReturnDN
+    | ID_denyReturnDN
+    //-- permissions that may be used in conjunction
+    //-- with any component, except entry, of ProtectedItems
+    | ID_grantCompare
+    | ID_denyCompare
+    | ID_grantFilterMatch
+    | ID_denyFilterMatch
+    | ID_grantInvoke
+    | ID_denyInvoke
+    ;
+
+userClasses
+    :
+    ID_userClasses ( SP )+
+    OPEN_CURLY ( SP )*
+        (
+            userClass ( SP )*
+                ( SEP ( SP )* userClass ( SP )* )*
+        )?
+    CLOSE_CURLY
+    ;
+
+userClass
+    :
+    allUsers
+    | thisEntry
+    | parentOfEntry
+    | name
+    | userGroup
+    | subtree
+    ;
+
+allUsers
+    :
+    ID_allUsers
+    ;
+
+thisEntry
+    :
+    ID_thisEntry
+    ;
+
+parentOfEntry
+    :
+    ID_parentOfEntry
+    ;
+
+name
+    :
+    ID_name ( SP )+ 
+        OPEN_CURLY ( SP )*
+            distinguishedName ( SP )*
+                ( SEP ( SP )* distinguishedName ( SP )*
+            )*
+        CLOSE_CURLY
+    ;
+
+userGroup
+    :
+    ID_userGroup ( SP )+ 
+        OPEN_CURLY ( SP )*
+            distinguishedName ( SP )*
+                ( SEP ( SP )* distinguishedName ( SP )* )*
+        CLOSE_CURLY
+    ;
+
+subtree
+    :
+    ID_subtree ( SP )+
+        OPEN_CURLY ( SP )*
+            subtreeSpecification ( SP )*
+                ( SEP ( SP )* subtreeSpecification ( SP )* )*
+        CLOSE_CURLY
+    ;
+
+userPermissions
+    :
+    ID_userPermissions ( SP )+
+        OPEN_CURLY ( SP )*
+            ( userPermission ( SP )*
+                ( SEP ( SP )* userPermission ( SP )* )*
+            )?
+        CLOSE_CURLY
+    ;
+
+userPermission
+     :
+     OPEN_CURLY ( SP )*
+         anyUserPermission ( SP )*
+             ( SEP ( SP )* anyUserPermission ( SP )* )*
+     CLOSE_CURLY
+     ;
+
+anyUserPermission
+    :
+    precedence
+    | protectedItems
+    | grantsAndDenials
+    ;
+
+subtreeSpecification
+    :
+    OPEN_CURLY ( SP )*
+        ( subtreeSpecificationComponent ( SP )*
+            ( SEP ( SP )* subtreeSpecificationComponent ( SP )* )* )?
+    CLOSE_CURLY
+    ;
+
+subtreeSpecificationComponent
+    :
+    ss_base
+    | ss_specificExclusions
+    | ss_minimum
+    | ss_maximum
+    ;
+
+ss_base
+    :
+    ID_base ( SP )+ distinguishedName
+    ;
+
+ss_specificExclusions
+    :
+    ID_specificExclusions ( SP )+ specificExclusions
+    ;
+
+specificExclusions
+    :
+    OPEN_CURLY ( SP )*
+        ( specificExclusion ( SP )*
+            ( SEP ( SP )* specificExclusion ( SP )* )*
+        )?
+    CLOSE_CURLY
+    ;
+
+specificExclusion
+    :
+    chopBefore | chopAfter
+    ;
+
+chopBefore
+    :
+    ID_chopBefore ( SP )* COLON ( SP )* distinguishedName
+    ;
+
+chopAfter
+    :
+    ID_chopAfter ( SP )* COLON ( SP )* distinguishedName
+    ;
+
+ss_minimum
+    :
+    ID_minimum ( SP )+ baseDistance
+    ;
+
+ss_maximum
+    :
+    ID_maximum ( SP )+ baseDistance
+    ;
+
+distinguishedName
+    :
+    SAFEUTF8STRING
+    ;
+
+baseDistance
+    :
+    INTEGER
+    ;
+
+oid
+    :
+    ( DESCR | NUMERICOID )
+    ;
+
+refinement
+    :
+    item | and | or | not
+    ;
+
+item
+    :
+    ID_item ( SP )* COLON ( SP )* oid
+    ;
+
+and
+    :
+    ID_and ( SP )* COLON ( SP )* refinements
+    ;
+
+or
+    :
+    ID_or ( SP )* COLON ( SP )* refinements
+    ;
+
+not
+    :
+    ID_not ( SP )* COLON ( SP )* refinements
+    ;
+
+refinements
+    :
+    OPEN_CURLY ( SP )*
+    (
+        refinement ( SP )*
+        ( SEP ( SP )* refinement ( SP )* )*
+    )? CLOSE_CURLY
+    ;
+
+    
+//  ----------------------------------------------------------------------------
+//  lexer class definition
+//  ----------------------------------------------------------------------------
+
+/**
+  * The parser's primary lexer.
+  *
+  * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
+   */
+class AntlrACIItemCheckerLexer extends Lexer;
+
+
+//  ----------------------------------------------------------------------------
+//  lexer options
+//  ----------------------------------------------------------------------------
+
+options
+{
+    k = 2;
+    charVocabulary = '\3'..'\377';
+}
+
+
+//----------------------------------------------------------------------------
+// tokens
+//----------------------------------------------------------------------------
+
+tokens
+{
+    ID_identificationTag = "identificationTag";
+    ID_precedence = "precedence";
+    ID_FALSE = "FALSE";
+    ID_TRUE = "TRUE";
+    ID_none = "none";
+    ID_simple = "simple";
+    ID_strong = "strong";
+    ID_level = "level";
+    ID_basicLevels = "basicLevels";
+    ID_localQualifier = "localQualifier";
+    ID_signed = "signed";
+    ID_authenticationLevel = "authenticationLevel";
+    ID_itemOrUserFirst = "itemOrUserFirst";
+    ID_itemFirst = "itemFirst";
+    ID_userFirst = "userFirst";
+    ID_protectedItems = "protectedItems";
+    ID_classes = "classes";
+    ID_entry = "entry";
+    ID_allUserAttributeTypes = "allUserAttributeTypes";
+    ID_attributeType = "attributeType";
+    ID_allAttributeValues = "allAttributeValues";
+    ID_allUserAttributeTypesAndValues = "allUserAttributeTypesAndValues";
+    ID_selfValue = "selfValue";
+    ID_item = "item";
+    ID_and = "and";
+    ID_or = "or";
+    ID_not = "not";
+    ID_rangeOfValues = "rangeOfValues";
+    ID_maxValueCount = "maxValueCount";
+    ID_type = "type";
+    ID_maxCount = "maxCount";
+    ID_maxImmSub = "maxImmSub";
+    ID_restrictedBy = "restrictedBy";
+    ID_valuesIn = "valuesIn";
+    ID_userClasses = "userClasses";
+    ID_base = "base";
+    ID_specificExclusions = "specificExclusions";
+    ID_chopBefore = "chopBefore";
+    ID_chopAfter = "chopAfter";
+    ID_minimum = "minimum";
+    ID_maximum = "maximum";
+    ID_specificationFilter = "specificationFilter";
+    ID_grantsAndDenials = "grantsAndDenials";
+    ID_itemPermissions = "itemPermissions";
+    ID_userPermissions = "userPermissions";
+    ID_allUsers = "allUsers";
+    ID_thisEntry = "thisEntry";
+    ID_parentOfEntry = "parentOfEntry";
+    ID_subtree = "subtree";
+    ID_name = "name";
+    ID_userGroup = "userGroup";
+
+    ID_grantAdd = "grantAdd"; // (0),
+    ID_denyAdd = "denyAdd";  // (1),
+    ID_grantDiscloseOnError = "grantDiscloseOnError";  // (2),
+    ID_denyDiscloseOnError = "denyDiscloseOnError";  // (3),
+    ID_grantRead = "grantRead";  // (4),
+    ID_denyRead = "denyRead";  // (5),
+    ID_grantRemove = "grantRemove";  // (6),
+    ID_denyRemove = "denyRemove";  // (7),
+    //-- permissions that may be used only in conjunction
+    //-- with the entry component
+    ID_grantBrowse = "grantBrowse";  // (8),
+    ID_denyBrowse = "denyBrowse";  // (9),
+    ID_grantExport = "grantExport";  // (10),
+    ID_denyExport = "denyExport";  // (11),
+    ID_grantImport = "grantImport";  // (12),
+    ID_denyImport = "denyImport";  // (13),
+    ID_grantModify = "grantModify";  // (14),
+    ID_denyModify = "denyModify";  // (15),
+    ID_grantRename = "grantRename";  // (16),
+    ID_denyRename = "denyRename";  // (17),
+    ID_grantReturnDN = "grantReturnDN";  // (18),
+    ID_denyReturnDN = "denyReturnDN";  // (19),
+    //-- permissions that may be used in conjunction
+    //-- with any component, except entry, of ProtectedItems
+    ID_grantCompare = "grantCompare";  // (20),
+    ID_denyCompare = "denyCompare";  // (21),
+    ID_grantFilterMatch = "grantFilterMatch";  // (22),
+    ID_denyFilterMatch = "denyFilterMatch";  // (23),
+    ID_grantInvoke = "grantInvoke";  // (24),
+    ID_denyInvoke = "denyInvoke";  // (25)
+}
+
+
+// ----------------------------------------------------------------------------
+//  lexer initialization
+// ----------------------------------------------------------------------------
+
+
+// ----------------------------------------------------------------------------
+// attribute description lexer rules from models
+// ----------------------------------------------------------------------------
+
+//  This is all messed up - could not figure out how to get antlr to represent
+//  the safe UTF-8 character set from RFC 3642 for production SafeUTF8Character
+
+protected SAFEUTF8CHAR :
+    '\u0001'..'\u0021' |
+    '\u0023'..'\u007F' |
+    '\u00c0'..'\u00d6' |
+    '\u00d8'..'\u00f6' |
+    '\u00f8'..'\u00ff' |
+    '\u0100'..'\u1fff' |
+    '\u3040'..'\u318f' |
+    '\u3300'..'\u337f' |
+    '\u3400'..'\u3d2d' |
+    '\u4e00'..'\u9fff' |
+    '\uf900'..'\ufaff' ;
+
+OPEN_CURLY : '{' ;
+
+CLOSE_CURLY : '}' ;
+
+SEP : ',' ;
+
+SP : ' ' | '\t' | '\n' { newline(); } | '\r' ;
+
+COLON : ':' ;
+
+protected DIGIT : '0' | LDIGIT ;
+
+protected LDIGIT : '1'..'9' ;
+
+protected ALPHA : 'A'..'Z' | 'a'..'z' ;
+
+protected INTEGER : DIGIT | ( LDIGIT ( DIGIT )+ ) ;
+
+protected HYPHEN : '-' ;
+
+protected NUMERICOID : INTEGER ( DOT INTEGER )+ ;
+
+protected DOT : '.' ;
+
+INTEGER_OR_NUMERICOID
+    :
+    ( INTEGER DOT ) => NUMERICOID
+    {
+        $setType( NUMERICOID );
+    }
+    |
+    INTEGER
+    {
+        $setType( INTEGER );
+    }
+    ;
+
+SAFEUTF8STRING : '"'! ( SAFEUTF8CHAR )* '"'! ;
+
+DESCR // THIS RULE ALSO STANDS FOR AN IDENTIFIER
+    :
+    ( "attributeValue" ( SP! )+ '{' ) =>
+      "attributeValue"! ( SP! )+ '{'! ( options { greedy = false; } : . )* '}'!
+      { $setType( ATTRIBUTE_VALUE_CANDIDATE ); }
+    | ( "rangeOfValues" ( SP! )+ '(' ) =>
+      "rangeOfValues"! ( SP! )+ FILTER
+      { $setType( RANGE_OF_VALUES_CANDIDATE ); }
+    | ALPHA ( ALPHA | DIGIT | HYPHEN )*
+    ;
+
+protected FILTER : '(' ( ( '&' (SP)* (FILTER)+ ) | ( '|' (SP)* (FILTER)+ ) | ( '!' (SP)* FILTER ) | FILTER_VALUE ) ')' (SP)* ;
+
+protected FILTER_VALUE : (options{greedy=true;}: ~( ')' | '(' | '&' | '|' | '!' ) ( ~(')') )* ) ;
+
+    
\ No newline at end of file

Added: directory/shared/trunk/ldap-aci/src/main/java/org/apache/directory/shared/ldap/aci/ACIItem.java
URL: http://svn.apache.org/viewvc/directory/shared/trunk/ldap-aci/src/main/java/org/apache/directory/shared/ldap/aci/ACIItem.java?rev=959029&view=auto
==============================================================================
--- directory/shared/trunk/ldap-aci/src/main/java/org/apache/directory/shared/ldap/aci/ACIItem.java (added)
+++ directory/shared/trunk/ldap-aci/src/main/java/org/apache/directory/shared/ldap/aci/ACIItem.java Tue Jun 29 16:56:07 2010
@@ -0,0 +1,152 @@
+/*
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *  
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *  
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License. 
+ *  
+ */
+package org.apache.directory.shared.ldap.aci;
+
+
+import java.util.Collection;
+import java.util.HashSet;
+import java.util.Set;
+
+import org.apache.directory.shared.i18n.I18n;
+import org.apache.directory.shared.ldap.constants.AuthenticationLevel;
+
+
+/**
+ * An abstract class that provides common properties and operations for
+ * {@link ItemFirstACIItem} and {@link UserFirstACIItem} as specified X.501
+ * specification.
+ * 
+ * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
+ */
+public abstract class ACIItem
+{
+    /** The ACIItemComponet identifier */
+    private String identificationTag;
+
+    /** The precedence : a number in [0 - 255] */
+    private int precedence = 0;
+
+    /** The authentication level. One of 'none', 'simple' and 'strong' */
+    private AuthenticationLevel authenticationLevel;
+
+
+    /**
+     * Creates a new instance
+     * 
+     * @param identificationTag the id string of this item
+     * @param precedence the precedence of this item
+     * @param authenticationLevel the level of authentication required to this item
+     */
+    protected ACIItem( String identificationTag, int precedence, AuthenticationLevel authenticationLevel )
+    {
+        if ( identificationTag == null )
+        {
+            throw new IllegalArgumentException( I18n.err( I18n.ERR_04001_NULL_IDENTIFICATION_TAG ) );
+        }
+        
+        if ( ( precedence < 0 ) || ( precedence > 255 ) )
+        {
+            throw new IllegalArgumentException( I18n.err( I18n.ERR_04002_BAD_PRECENDENCE, precedence ) );
+        }
+        
+        if ( authenticationLevel == null )
+        {
+            throw new IllegalArgumentException( I18n.err( I18n.ERR_04003_NULL_AUTHENTICATION_LEVEL ) );
+        }
+
+        this.identificationTag = identificationTag;
+        this.precedence = precedence;
+        this.authenticationLevel = authenticationLevel;
+    }
+
+
+    /**
+     * Returns the id string of this item.
+     */
+    public String getIdentificationTag()
+    {
+        return identificationTag;
+    }
+
+
+    /**
+     * Returns the precedence of this item.
+     */
+    public int getPrecedence()
+    {
+        return precedence;
+    }
+
+
+    /**
+     * Returns the level of authentication required to this item.
+     */
+    public AuthenticationLevel getAuthenticationLevel()
+    {
+        return authenticationLevel;
+    }
+
+
+    /**
+     * Converts this item into a collection of {@link ACITuple}s and returns
+     * it.
+     */
+    public abstract Collection<ACITuple> toTuples();
+
+
+    /**
+     * Converts a set of {@link GrantAndDenial}s into a set of
+     * {@link MicroOperation}s and returns it.
+     */
+    protected static Set<MicroOperation> toMicroOperations( Set<GrantAndDenial> grantsAndDenials )
+    {
+        Set<MicroOperation> microOps = new HashSet<MicroOperation>();
+        
+        for ( GrantAndDenial grantAndDenial:grantsAndDenials )
+        {
+            microOps.add( grantAndDenial.getMicroOperation() );
+        }
+        
+        return microOps;
+    }
+
+
+    /**
+     * @see Object#toString()
+     */
+    public String toString()
+    {
+        StringBuilder buf = new StringBuilder();
+        
+        // identificationTag
+        buf.append( "identificationTag \"" );
+        buf.append( getIdentificationTag() );
+
+        // precedence
+        buf.append( "\", precedence " );
+        buf.append( getPrecedence() );
+        
+        // authenticationLevel
+        buf.append( ", authenticationLevel " );
+        buf.append( getAuthenticationLevel().getName() );
+        
+        return buf.toString();
+    }
+}

Added: directory/shared/trunk/ldap-aci/src/main/java/org/apache/directory/shared/ldap/aci/ACIItemChecker.java
URL: http://svn.apache.org/viewvc/directory/shared/trunk/ldap-aci/src/main/java/org/apache/directory/shared/ldap/aci/ACIItemChecker.java?rev=959029&view=auto
==============================================================================
--- directory/shared/trunk/ldap-aci/src/main/java/org/apache/directory/shared/ldap/aci/ACIItemChecker.java (added)
+++ directory/shared/trunk/ldap-aci/src/main/java/org/apache/directory/shared/ldap/aci/ACIItemChecker.java Tue Jun 29 16:56:07 2010
@@ -0,0 +1,115 @@
+/*
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *  
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *  
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License. 
+ *  
+ */
+
+package org.apache.directory.shared.ldap.aci;
+
+
+import java.io.StringReader;
+import java.text.ParseException;
+
+import org.apache.directory.shared.i18n.I18n;
+
+import antlr.RecognitionException;
+import antlr.TokenStreamException;
+
+
+/**
+ * A reusable wrapper around the antlr generated parser for an ACIItem as
+ * defined by X.501. This class enables the reuse of the antlr parser/lexer pair
+ * without having to recreate them every time.
+ * 
+ * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
+ */
+public class ACIItemChecker
+{
+    /** the antlr generated parser being wrapped */
+    private ReusableAntlrACIItemParser checker;
+
+    /** the antlr generated lexer being wrapped */
+    private ReusableAntlrACIItemLexer lexer;
+
+    private final boolean isNormalizing;
+
+
+    /**
+     * Creates a ACIItem parser.
+     */
+    public ACIItemChecker()
+    {
+        this.lexer = new ReusableAntlrACIItemLexer( new StringReader( "" ) );
+        this.checker = new ReusableAntlrACIItemParser( lexer );
+        this.isNormalizing = false;
+    }
+
+
+    /**
+     * Initializes the plumbing by creating a pipe and coupling the parser/lexer
+     * pair with it. param spec the specification to be parsed
+     */
+    private synchronized void reset( String spec )
+    {
+        StringReader in = new StringReader( spec );
+        this.lexer.prepareNextInput( in );
+        this.checker.resetState();
+    }
+
+
+    /**
+     * Parses an ACIItem without exhausting the parser.
+     * 
+     * @param spec
+     *            the specification to be parsed
+     * @throws ParseException
+     *             if there are any recognition errors (bad syntax)
+     */
+    public synchronized void parse( String spec ) throws ParseException
+    {
+        if ( spec == null || spec.trim().equals( "" ) )
+        {
+            return;
+        }
+
+        reset( spec ); // reset and initialize the parser / lexer pair
+
+        try
+        {
+            this.checker.wrapperEntryPoint();
+        }
+        catch ( TokenStreamException e )
+        {
+            throw new ParseException( I18n.err( I18n.ERR_00004, spec, e.getLocalizedMessage() ), 0 );
+        }
+        catch ( RecognitionException e )
+        {
+            throw new ParseException( I18n.err( I18n.ERR_00004, spec, e.getLocalizedMessage() ), e.getColumn() );
+        }
+    }
+
+
+    /**
+     * Tests to see if this parser is normalizing.
+     * 
+     * @return true if it normalizes false otherwise
+     */
+    public boolean isNormizing()
+    {
+        return this.isNormalizing;
+    }
+}

Added: directory/shared/trunk/ldap-aci/src/main/java/org/apache/directory/shared/ldap/aci/ACIItemParser.java
URL: http://svn.apache.org/viewvc/directory/shared/trunk/ldap-aci/src/main/java/org/apache/directory/shared/ldap/aci/ACIItemParser.java?rev=959029&view=auto
==============================================================================
--- directory/shared/trunk/ldap-aci/src/main/java/org/apache/directory/shared/ldap/aci/ACIItemParser.java (added)
+++ directory/shared/trunk/ldap-aci/src/main/java/org/apache/directory/shared/ldap/aci/ACIItemParser.java Tue Jun 29 16:56:07 2010
@@ -0,0 +1,141 @@
+/*
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *  
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *  
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License. 
+ *  
+ */
+
+package org.apache.directory.shared.ldap.aci;
+
+
+import java.io.StringReader;
+import java.text.ParseException;
+import java.util.Map;
+
+import org.apache.directory.shared.i18n.I18n;
+import org.apache.directory.shared.ldap.name.NameComponentNormalizer;
+import org.apache.directory.shared.ldap.schema.normalizers.OidNormalizer;
+
+import antlr.RecognitionException;
+import antlr.TokenStreamException;
+
+
+/**
+ * A reusable wrapper around the antlr generated parser for an ACIItem as
+ * defined by X.501. This class enables the reuse of the antlr parser/lexer pair
+ * without having to recreate them every time.
+ * 
+ * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
+ */
+public class ACIItemParser
+{
+    /** the antlr generated parser being wrapped */
+    private ReusableAntlrACIItemParser parser;
+
+    /** the antlr generated lexer being wrapped */
+    private ReusableAntlrACIItemLexer lexer;
+
+    private final boolean isNormalizing;
+
+
+    /**
+     * Creates a ACIItem parser.
+     */
+    public ACIItemParser( Map<String, OidNormalizer> oidsMap )
+    {
+        this.lexer = new ReusableAntlrACIItemLexer( new StringReader( "" ) );
+        this.parser = new ReusableAntlrACIItemParser( lexer );
+
+        this.parser.init( oidsMap ); // this method MUST be called while we cannot do
+        // constructor overloading for antlr generated parser
+        this.isNormalizing = false;
+    }
+
+
+    /**
+     * Creates a normalizing ACIItem parser.
+     */
+    public ACIItemParser( NameComponentNormalizer normalizer, Map<String, OidNormalizer> oidsMap )
+    {
+        this.lexer = new ReusableAntlrACIItemLexer( new StringReader( "" ) );
+        this.parser = new ReusableAntlrACIItemParser( lexer );
+
+        this.parser.setNormalizer( normalizer );
+        this.parser.init( oidsMap ); // this method MUST be called while we cannot do
+        // constructor overloading for antlr generated parser
+        this.isNormalizing = true;
+    }
+
+
+    /**
+     * Initializes the plumbing by creating a pipe and coupling the parser/lexer
+     * pair with it. param spec the specification to be parsed
+     */
+    private synchronized void reset( String spec )
+    {
+        StringReader in = new StringReader( spec );
+        this.lexer.prepareNextInput( in );
+        this.parser.resetState();
+    }
+
+
+    /**
+     * Parses an ACIItem without exhausting the parser.
+     * 
+     * @param spec
+     *            the specification to be parsed
+     * @return the specification bean
+     * @throws ParseException
+     *             if there are any recognition errors (bad syntax)
+     */
+    public synchronized ACIItem parse( String spec ) throws ParseException
+    {
+        ACIItem aCIItem = null;
+
+        if ( spec == null || spec.trim().equals( "" ) )
+        {
+            return null;
+        }
+
+        reset( spec ); // reset and initialize the parser / lexer pair
+
+        try
+        {
+            aCIItem = this.parser.wrapperEntryPoint();
+        }
+        catch ( TokenStreamException e )
+        {
+            throw new ParseException( I18n.err( I18n.ERR_00004, spec, e.getLocalizedMessage() ), 0 );
+        }
+        catch ( RecognitionException e )
+        {
+            throw new ParseException( I18n.err( I18n.ERR_00004, spec, e.getLocalizedMessage() ), e.getColumn() );
+        }
+
+        return aCIItem;
+    }
+
+
+    /**
+     * Tests to see if this parser is normalizing.
+     * 
+     * @return true if it normalizes false otherwise
+     */
+    public boolean isNormizing()
+    {
+        return this.isNormalizing;
+    }
+}



Mime
View raw message