directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From elecha...@apache.org
Subject svn commit: r959029 [2/4] - in /directory/shared/trunk/ldap-aci: ./ .settings/ src/ src/main/ src/main/antlr/ src/main/java/ src/main/java/org/ src/main/java/org/apache/ src/main/java/org/apache/directory/ src/main/java/org/apache/directory/shared/ src...
Date Tue, 29 Jun 2010 16:56:09 GMT
Added: directory/shared/trunk/ldap-aci/src/main/java/org/apache/directory/shared/ldap/aci/ACITuple.java
URL: http://svn.apache.org/viewvc/directory/shared/trunk/ldap-aci/src/main/java/org/apache/directory/shared/ldap/aci/ACITuple.java?rev=959029&view=auto
==============================================================================
--- directory/shared/trunk/ldap-aci/src/main/java/org/apache/directory/shared/ldap/aci/ACITuple.java (added)
+++ directory/shared/trunk/ldap-aci/src/main/java/org/apache/directory/shared/ldap/aci/ACITuple.java Tue Jun 29 16:56:07 2010
@@ -0,0 +1,157 @@
+/*
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *  
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *  
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License. 
+ *  
+ */
+package org.apache.directory.shared.ldap.aci;
+
+
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.Collections;
+import java.util.HashSet;
+import java.util.Set;
+
+import org.apache.directory.shared.i18n.I18n;
+import org.apache.directory.shared.ldap.constants.AuthenticationLevel;
+
+
+/**
+ * A flatten entity which is converted from an {@link ACIItem}. The tuples are
+ * accepted by ACDF (Access Control Decision Function, 18.8, X.501)
+ * 
+ * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
+ */
+public class ACITuple
+{
+    /** The collection of {@link UserClass}es this tuple relates to **/
+    private final Collection<UserClass> userClasses;
+
+    /** The level of authentication required */
+    private final AuthenticationLevel authenticationLevel;
+
+    /** The collection of {@link ProtectedItem}s this tuple relates */
+    private final Collection<ProtectedItem> protectedItems;
+
+    /** The set of {@link MicroOperation}s this tuple relates */
+    private final Set<MicroOperation> microOperations;
+
+    /** Tells if this tuple grant some access */
+    private final boolean grant;
+
+    /** The precedence for this tuple */
+    private final Integer precedence;
+
+
+    /**
+     * Creates a new instance.
+     * 
+     * @param userClasses the collection of {@link UserClass}es this tuple relates to
+     * @param authenticationLevel the level of authentication required
+     * @param protectedItems the collection of {@link ProtectedItem}s this tuple relates
+     * @param microOperations the set of {@link MicroOperation}s this tuple relates
+     * @param grant <tt>true</tt> if and only if this tuple grants an access
+     * @param precedence the precedence of this tuple (<tt>0</tt>-<tt>255</tt>)
+     */
+    public ACITuple( 
+            Collection<UserClass> userClasses, 
+            AuthenticationLevel authenticationLevel, 
+            Collection<ProtectedItem> protectedItems,
+            Set<MicroOperation> microOperations, 
+            boolean grant, 
+            Integer precedence )
+    {
+        if ( authenticationLevel == null )
+        {
+            throw new IllegalArgumentException( I18n.err( I18n.ERR_04003_NULL_AUTHENTICATION_LEVEL ) );
+        }
+
+        if ( precedence < 0 || precedence > 255 )
+        {
+            throw new IllegalArgumentException( I18n.err( I18n.ERR_04002_BAD_PRECENDENCE, precedence ) );
+        }
+
+        this.userClasses = Collections.unmodifiableCollection( new ArrayList<UserClass>( userClasses ) );
+        this.authenticationLevel = authenticationLevel;
+        this.protectedItems = Collections.unmodifiableCollection( new ArrayList<ProtectedItem>( protectedItems ) );
+        this.microOperations = Collections.unmodifiableSet( new HashSet<MicroOperation>( microOperations ) );
+        this.grant = grant;
+        this.precedence = precedence;
+    }
+
+
+    /**
+     * Returns the collection of {@link UserClass}es this tuple relates to.
+     */
+    public Collection<UserClass> getUserClasses()
+    {
+        return userClasses;
+    }
+
+
+    /**
+     * Returns the level of authentication required.
+     */
+    public AuthenticationLevel getAuthenticationLevel()
+    {
+        return authenticationLevel;
+    }
+
+
+    /**
+     * Returns the collection of {@link ProtectedItem}s this tuple relates.
+     */
+    public Collection<ProtectedItem> getProtectedItems()
+    {
+        return protectedItems;
+    }
+
+
+    /**
+     * Returns the set of {@link MicroOperation}s this tuple relates.
+     */
+    public Set<MicroOperation> getMicroOperations()
+    {
+        return microOperations;
+    }
+
+
+    /**
+     * Returns <tt>true</tt> if and only if this tuple grants an access.
+     */
+    public boolean isGrant()
+    {
+        return grant;
+    }
+
+
+    /**
+     * Returns the precedence of this tuple (<tt>0</tt>-<tt>255</tt>).
+     */
+    public Integer getPrecedence()
+    {
+        return precedence;
+    }
+
+
+    public String toString()
+    {
+        return "ACITuple: userClasses=" + userClasses + ", " + "authenticationLevel=" + authenticationLevel + ", "
+            + "protectedItems=" + protectedItems + ", " + ( grant ? "grants=" : "denials=" ) + microOperations + ", "
+            + "precedence=" + precedence;
+    }
+}

Added: directory/shared/trunk/ldap-aci/src/main/java/org/apache/directory/shared/ldap/aci/GrantAndDenial.java
URL: http://svn.apache.org/viewvc/directory/shared/trunk/ldap-aci/src/main/java/org/apache/directory/shared/ldap/aci/GrantAndDenial.java?rev=959029&view=auto
==============================================================================
--- directory/shared/trunk/ldap-aci/src/main/java/org/apache/directory/shared/ldap/aci/GrantAndDenial.java (added)
+++ directory/shared/trunk/ldap-aci/src/main/java/org/apache/directory/shared/ldap/aci/GrantAndDenial.java Tue Jun 29 16:56:07 2010
@@ -0,0 +1,174 @@
+/*
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *  
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *  
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License. 
+ *  
+ */
+package org.apache.directory.shared.ldap.aci;
+
+
+/**
+ * An enumeration that represents grants or denials of {@link MicroOperation}s.
+ * 
+ * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
+ */
+public class GrantAndDenial
+{
+    // Permissions that may be used in conjunction with any component of
+    // <tt>ProtectedItem</tt>s.
+    /** Grant for {@link MicroOperation#ADD} */
+    public static final GrantAndDenial GRANT_ADD = new GrantAndDenial( MicroOperation.ADD, 0, true );
+
+    /** Denial for {@link MicroOperation#ADD} */
+    public static final GrantAndDenial DENY_ADD = new GrantAndDenial( MicroOperation.ADD, 1, false );
+
+    /** Grant for {@link MicroOperation#DISCLOSE_ON_ERROR} */
+    public static final GrantAndDenial GRANT_DISCLOSE_ON_ERROR = new GrantAndDenial( MicroOperation.DISCLOSE_ON_ERROR,
+        2, true );
+
+    /** Denial for {@link MicroOperation#DISCLOSE_ON_ERROR} */
+    public static final GrantAndDenial DENY_DISCLOSE_ON_ERROR = new GrantAndDenial( MicroOperation.DISCLOSE_ON_ERROR,
+        3, false );
+
+    /** Grant for {@link MicroOperation#READ} */
+    public static final GrantAndDenial GRANT_READ = new GrantAndDenial( MicroOperation.READ, 4, true );
+
+    /** Denial for {@link MicroOperation#READ} */
+    public static final GrantAndDenial DENY_READ = new GrantAndDenial( MicroOperation.READ, 5, false );
+
+    /** Grant for {@link MicroOperation#REMOVE} */
+    public static final GrantAndDenial GRANT_REMOVE = new GrantAndDenial( MicroOperation.REMOVE, 6, true );
+
+    /** Denial for {@link MicroOperation#REMOVE} */
+    public static final GrantAndDenial DENY_REMOVE = new GrantAndDenial( MicroOperation.REMOVE, 7, false );
+
+    // Permissions that may be used only in conjunction with the entry
+    // component.
+    /** Grant for {@link MicroOperation#BROWSE} */
+    public static final GrantAndDenial GRANT_BROWSE = new GrantAndDenial( MicroOperation.BROWSE, 8, true );
+
+    /** Denial for {@link MicroOperation#BROWSE} */
+    public static final GrantAndDenial DENY_BROWSE = new GrantAndDenial( MicroOperation.BROWSE, 9, false );
+
+    /** Grant for {@link MicroOperation#EXPORT} */
+    public static final GrantAndDenial GRANT_EXPORT = new GrantAndDenial( MicroOperation.EXPORT, 10, true );
+
+    /** Denial for {@link MicroOperation#EXPORT} */
+    public static final GrantAndDenial DENY_EXPORT = new GrantAndDenial( MicroOperation.EXPORT, 11, false );
+
+    /** Grant for {@link MicroOperation#IMPORT} */
+    public static final GrantAndDenial GRANT_IMPORT = new GrantAndDenial( MicroOperation.IMPORT, 12, true );
+
+    /** Denial for {@link MicroOperation#IMPORT} */
+    public static final GrantAndDenial DENY_IMPORT = new GrantAndDenial( MicroOperation.IMPORT, 13, false );
+
+    /** Grant for {@link MicroOperation#MODIFY} */
+    public static final GrantAndDenial GRANT_MODIFY = new GrantAndDenial( MicroOperation.MODIFY, 14, true );
+
+    /** Denial for {@link MicroOperation#MODIFY} */
+    public static final GrantAndDenial DENY_MODIFY = new GrantAndDenial( MicroOperation.MODIFY, 15, false );
+
+    /** Grant for {@link MicroOperation#RENAME} */
+    public static final GrantAndDenial GRANT_RENAME = new GrantAndDenial( MicroOperation.RENAME, 16, true );
+
+    /** Denial for {@link MicroOperation#RENAME} */
+    public static final GrantAndDenial DENY_RENAME = new GrantAndDenial( MicroOperation.RENAME, 17, false );
+
+    /** Grant for {@link MicroOperation#RETURN_DN} */
+    public static final GrantAndDenial GRANT_RETURN_DN = new GrantAndDenial( MicroOperation.RETURN_DN, 18, true );
+
+    /** Denial for {@link MicroOperation#RETURN_DN} */
+    public static final GrantAndDenial DENY_RETURN_DN = new GrantAndDenial( MicroOperation.RETURN_DN, 19, false );
+
+    // Permissions that may be used in conjunction with any component,
+    // except entry, of <tt>ProtectedItem</tt>s.
+    /** Grant for {@link MicroOperation#COMPARE} */
+    public static final GrantAndDenial GRANT_COMPARE = new GrantAndDenial( MicroOperation.COMPARE, 20, true );
+
+    /** Deny for {@link MicroOperation#COMPARE} */
+    public static final GrantAndDenial DENY_COMPARE = new GrantAndDenial( MicroOperation.COMPARE, 21, false );
+
+    /** Grant for {@link MicroOperation#FILTER_MATCH} */
+    public static final GrantAndDenial GRANT_FILTER_MATCH = new GrantAndDenial( MicroOperation.FILTER_MATCH, 22, true );
+
+    /** Denial for {@link MicroOperation#FILTER_MATCH} */
+    public static final GrantAndDenial DENY_FILTER_MATCH = new GrantAndDenial( MicroOperation.FILTER_MATCH, 23, false );
+
+    /** Grant for {@link MicroOperation#INVOKE} */
+    public static final GrantAndDenial GRANT_INVOKE = new GrantAndDenial( MicroOperation.INVOKE, 24, true );
+
+    /** Denial for {@link MicroOperation#INVOKE} */
+    public static final GrantAndDenial DENY_INVOKE = new GrantAndDenial( MicroOperation.INVOKE, 25, false );
+
+    private final MicroOperation microOperation;
+
+    private final int code;
+
+    private final String name;
+
+    private final boolean grant;
+
+
+    private GrantAndDenial(MicroOperation microOperation, int code, boolean grant)
+    {
+        this.microOperation = microOperation;
+        this.code = code;
+        this.name = ( grant ? "grant" : "deny" ) + microOperation.getName();
+        this.grant = grant;
+    }
+
+
+    /**
+     * Returns the {@link MicroOperation} related with this grant or denial.
+     */
+    public MicroOperation getMicroOperation()
+    {
+        return microOperation;
+    }
+
+
+    /**
+     * Return the code number of this grant or denial.
+     */
+    public int getCode()
+    {
+        return code;
+    }
+
+
+    /**
+     * Returns the name of this grant or denial.
+     */
+    public String getName()
+    {
+        return name;
+    }
+
+
+    /**
+     * Returns <tt>true</tt> if and only if this is grant.
+     */
+    public boolean isGrant()
+    {
+        return grant;
+    }
+
+
+    public String toString()
+    {
+        return name;
+    }
+}

Added: directory/shared/trunk/ldap-aci/src/main/java/org/apache/directory/shared/ldap/aci/ItemFirstACIItem.java
URL: http://svn.apache.org/viewvc/directory/shared/trunk/ldap-aci/src/main/java/org/apache/directory/shared/ldap/aci/ItemFirstACIItem.java?rev=959029&view=auto
==============================================================================
--- directory/shared/trunk/ldap-aci/src/main/java/org/apache/directory/shared/ldap/aci/ItemFirstACIItem.java (added)
+++ directory/shared/trunk/ldap-aci/src/main/java/org/apache/directory/shared/ldap/aci/ItemFirstACIItem.java Tue Jun 29 16:56:07 2010
@@ -0,0 +1,171 @@
+/*
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *  
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *  
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License. 
+ *  
+ */
+package org.apache.directory.shared.ldap.aci;
+
+
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.Collections;
+import java.util.Set;
+
+import org.apache.directory.shared.ldap.constants.AuthenticationLevel;
+
+
+/**
+ * An {@link ACIItem} which specifies {@link ProtectedItem}s first and then
+ * {@link UserClass}es each {@link ProtectedItem} will have. (18.4.2.4. X.501)
+ * 
+ * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
+ */
+public class ItemFirstACIItem extends ACIItem
+{
+    /** The list of protected items ( userClasses or userPermissions ) */
+    private final Collection<ProtectedItem> protectedItems;
+
+    /** The associated permissions */
+    private final Collection<ItemPermission> itemPermissions;
+
+
+    /**
+     * Creates a new instance.
+     * 
+     * @param identificationTag the id string of this item
+     * @param precedence the precedence of this item
+     * @param authenticationLevel the level of authentication required to this item
+     * @param protectedItems the collection of {@link ProtectedItem}s this item protects
+     * @param itemPermissions the collection of {@link ItemPermission}s each <tt>protectedItems</tt> will have
+     */
+    public ItemFirstACIItem( String identificationTag, int precedence, AuthenticationLevel authenticationLevel,
+        Collection<ProtectedItem> protectedItems, Collection<ItemPermission> itemPermissions )
+    {
+        super( identificationTag, precedence, authenticationLevel );
+
+        this.protectedItems = Collections.unmodifiableCollection( new ArrayList<ProtectedItem>( protectedItems ) );
+        this.itemPermissions = Collections.unmodifiableCollection( new ArrayList<ItemPermission>( itemPermissions ) );
+    }
+
+
+    /**
+     * Returns the collection of {@link ProtectedItem}s.
+     */
+    public Collection<ProtectedItem> getProtectedItems()
+    {
+        return protectedItems;
+    }
+
+
+    /**
+     * Returns the collection of {@link ItemPermission}s.
+     */
+    public Collection<ItemPermission> getItemPermissions()
+    {
+        return itemPermissions;
+    }
+
+
+    /**
+     * @see Object#toString()
+     */
+    public String toString()
+    {
+        StringBuilder buf = new StringBuilder();
+        
+        buf.append( "{" );
+        buf.append( super.toString() );
+        
+        // itemOrUserFirst
+        buf.append( ", itemOrUserFirst itemFirst: { " );
+        
+        // protectedItems
+        buf.append( "protectedItems { " );
+        
+        boolean isFirst = true;
+
+        for ( ProtectedItem item:protectedItems )
+        {
+            if ( isFirst )
+            {
+                isFirst = false;
+            }
+            else
+            {
+                buf.append( ", " );
+            }
+
+            buf.append( item.toString() );
+        }
+
+        // itemPermissions
+        buf.append( " }, itemPermissions { " );
+
+        isFirst = true;
+        
+        for ( ItemPermission permission:itemPermissions )
+        {
+            if ( isFirst )
+            {
+                isFirst = false;
+            }
+            else
+            {
+                buf.append( ", " );
+            }
+
+            buf.append( permission.toString() );
+        }
+
+        buf.append( " } } }" );
+        
+        return buf.toString();
+    }
+
+
+    /**
+     * Transform this protected Item and permissions to a set of Tuples
+     * 
+     * @return The list of created Tuples
+     */
+    public Collection<ACITuple> toTuples()
+    {
+        Collection<ACITuple> tuples = new ArrayList<ACITuple>();
+        
+        for ( ItemPermission itemPermission:itemPermissions )
+        {
+            Set<GrantAndDenial> grants = itemPermission.getGrants();
+            Set<GrantAndDenial> denials = itemPermission.getDenials();
+            int precedence = itemPermission.getPrecedence() != null ? 
+                itemPermission.getPrecedence() :
+                this.getPrecedence();
+
+            if ( grants.size() > 0 )
+            {
+                tuples.add( new ACITuple( itemPermission.getUserClasses(), getAuthenticationLevel(), protectedItems,
+                    toMicroOperations( grants ), true, precedence ) );
+            }
+            if ( denials.size() > 0 )
+            {
+                tuples.add( new ACITuple( itemPermission.getUserClasses(), getAuthenticationLevel(), protectedItems,
+                    toMicroOperations( denials ), false, precedence ) );
+            }
+        }
+        
+        return tuples;
+    }
+}

Added: directory/shared/trunk/ldap-aci/src/main/java/org/apache/directory/shared/ldap/aci/ItemPermission.java
URL: http://svn.apache.org/viewvc/directory/shared/trunk/ldap-aci/src/main/java/org/apache/directory/shared/ldap/aci/ItemPermission.java?rev=959029&view=auto
==============================================================================
--- directory/shared/trunk/ldap-aci/src/main/java/org/apache/directory/shared/ldap/aci/ItemPermission.java (added)
+++ directory/shared/trunk/ldap-aci/src/main/java/org/apache/directory/shared/ldap/aci/ItemPermission.java Tue Jun 29 16:56:07 2010
@@ -0,0 +1,122 @@
+/*
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *  
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *  
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License. 
+ *  
+ */
+package org.apache.directory.shared.ldap.aci;
+
+
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.Collections;
+
+
+/**
+ * Represents permissions to be applied to all {@link ProtectedItem}s in
+ * {@link ItemFirstACIItem}.
+ * 
+ * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
+ */
+public class ItemPermission extends Permission
+{
+    private static final long serialVersionUID = 3940100745409337694L;
+
+    private final Collection<UserClass> userClasses;
+
+
+    /**
+     * Creates a new instance
+     * 
+     * @param precedence
+     *            the precedence of this permission (<tt>-1</tt> to use the
+     *            default)
+     * @param grantsAndDenials
+     *            the set of {@link GrantAndDenial}s
+     * @param userClasses
+     *            the collection of {@link UserClass}es
+     */
+    public ItemPermission( Integer precedence, Collection<GrantAndDenial> grantsAndDenials, Collection<UserClass> userClasses )
+    {
+        super( precedence, grantsAndDenials );
+
+        this.userClasses = Collections.unmodifiableCollection( new ArrayList<UserClass>( userClasses ) );
+    }
+
+
+    /**
+     * Returns the collection of {@link UserClass}es.
+     */
+    public Collection<UserClass> getUserClasses()
+    {
+        return userClasses;
+    }
+
+
+    public String toString()
+    {
+        StringBuilder buffer = new StringBuilder();
+        
+        buffer.append( "{ " );
+
+        if ( getPrecedence() != null )
+        {
+            buffer.append( "precedence " );
+            buffer.append( getPrecedence() );
+            buffer.append( ", " );
+        }
+        
+        buffer.append( "userClasses { " );
+        
+        boolean isFirst = true;
+        
+        for ( UserClass userClass:userClasses )
+        {
+            if ( isFirst ) 
+            {
+                isFirst = false;
+            }
+            else
+            {
+                buffer.append( ", " );
+            }
+
+            buffer.append( userClass.toString() );
+        }
+        
+        buffer.append( " }, grantsAndDenials { " );
+        
+        isFirst = true;
+        
+        for ( GrantAndDenial grantAndDenial:getGrantsAndDenials() )
+        {
+            if ( isFirst )
+            {
+                isFirst = false;
+            }
+            else
+            {
+                buffer.append( ", " );
+            }
+
+            buffer.append( grantAndDenial.toString() );
+        }
+        
+        buffer.append( " } }" );
+        
+        return buffer.toString();
+    }
+}

Added: directory/shared/trunk/ldap-aci/src/main/java/org/apache/directory/shared/ldap/aci/MicroOperation.java
URL: http://svn.apache.org/viewvc/directory/shared/trunk/ldap-aci/src/main/java/org/apache/directory/shared/ldap/aci/MicroOperation.java?rev=959029&view=auto
==============================================================================
--- directory/shared/trunk/ldap-aci/src/main/java/org/apache/directory/shared/ldap/aci/MicroOperation.java (added)
+++ directory/shared/trunk/ldap-aci/src/main/java/org/apache/directory/shared/ldap/aci/MicroOperation.java Tue Jun 29 16:56:07 2010
@@ -0,0 +1,85 @@
+/*
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *  
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *  
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License. 
+ *  
+ */
+package org.apache.directory.shared.ldap.aci;
+
+
+/**
+ * An enumeration that represents all micro-operations that makes up LDAP
+ * operations.
+ * 
+ * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
+ */
+public enum MicroOperation
+{
+    // Permissions that may be used in conjunction with any component of
+    // <tt>ProtectedItem</tt>s.
+    ADD( "Add" ),
+
+    DISCLOSE_ON_ERROR( "DiscloseOnError" ),
+
+    READ( "Read" ),
+
+    REMOVE( "Remove" ),
+
+    // Permissions that may be used only in conjunction with the entry
+    // component.
+    BROWSE( "Browse" ),
+
+    EXPORT( "Export" ),
+
+    IMPORT( "Import" ),
+
+    MODIFY( "Modify" ),
+
+    RENAME ( "Rename" ),
+
+    RETURN_DN( "ReturnDN" ),
+
+    // Permissions that may be used in conjunction with any component,
+    // except entry, of <tt>ProtectedItem</tt>s.
+    COMPARE( "Compare" ),
+
+    FILTER_MATCH( "FilterMatch" ),
+
+    INVOKE( "Invoke" );
+
+    private final String name;
+
+
+    private MicroOperation(String name)
+    {
+        this.name = name;
+    }
+
+
+    /**
+     * Returns the name of this micro-operation.
+     */
+    public String getName()
+    {
+        return name;
+    }
+
+
+    public String toString()
+    {
+        return name;
+    }
+}

Added: directory/shared/trunk/ldap-aci/src/main/java/org/apache/directory/shared/ldap/aci/Permission.java
URL: http://svn.apache.org/viewvc/directory/shared/trunk/ldap-aci/src/main/java/org/apache/directory/shared/ldap/aci/Permission.java?rev=959029&view=auto
==============================================================================
--- directory/shared/trunk/ldap-aci/src/main/java/org/apache/directory/shared/ldap/aci/Permission.java (added)
+++ directory/shared/trunk/ldap-aci/src/main/java/org/apache/directory/shared/ldap/aci/Permission.java Tue Jun 29 16:56:07 2010
@@ -0,0 +1,117 @@
+/*
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *  
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *  
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License. 
+ *  
+ */
+package org.apache.directory.shared.ldap.aci;
+
+
+import java.io.Serializable;
+import java.util.Collection;
+import java.util.Collections;
+import java.util.HashSet;
+import java.util.Set;
+
+
+/**
+ * An abstract base class for {@link ItemPermission} and {@link UserPermission}.
+ * 
+ * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
+ */
+public abstract class Permission implements Serializable
+{
+    private final Integer precedence;
+
+    private final Set<GrantAndDenial> grantsAndDenials;
+
+    private final Set<GrantAndDenial> grants;
+
+    private final Set<GrantAndDenial> denials;
+
+
+    /**
+     * Creates a new instance
+     * 
+     * @param precedence
+     *            the precedence of this permission (<tt>-1</tt> to use the
+     *            default)
+     * @param grantsAndDenials
+     *            the set of {@link GrantAndDenial}s
+     */
+    protected Permission( Integer precedence, Collection<GrantAndDenial> grantsAndDenials)
+    {
+        this.precedence = precedence;
+
+        Set<GrantAndDenial> tmpGrantsAndDenials = new HashSet<GrantAndDenial>();
+        Set<GrantAndDenial> tmpGrants = new HashSet<GrantAndDenial>();
+        Set<GrantAndDenial> tmpDenials = new HashSet<GrantAndDenial>();
+        
+        for ( GrantAndDenial gad:grantsAndDenials )
+        {
+            if ( gad.isGrant() )
+            {
+                tmpGrants.add( gad );
+            }
+            else
+            {
+                tmpDenials.add( gad );
+            }
+
+            tmpGrantsAndDenials.add( gad );
+        }
+
+        this.grants = Collections.unmodifiableSet( tmpGrants );
+        this.denials = Collections.unmodifiableSet( tmpDenials );
+        this.grantsAndDenials = Collections.unmodifiableSet( tmpGrantsAndDenials );
+    }
+
+
+    /**
+     * Returns the precedence of this permission.
+     */
+    public Integer getPrecedence()
+    {
+        return precedence;
+    }
+
+
+    /**
+     * Returns the set of {@link GrantAndDenial}s.
+     */
+    public Set<GrantAndDenial> getGrantsAndDenials()
+    {
+        return grantsAndDenials;
+    }
+
+
+    /**
+     * Returns the set of grants only.
+     */
+    public Set<GrantAndDenial> getGrants()
+    {
+        return grants;
+    }
+
+
+    /**
+     * Returns the set of denials only.
+     */
+    public Set<GrantAndDenial> getDenials()
+    {
+        return denials;
+    }
+}

Added: directory/shared/trunk/ldap-aci/src/main/java/org/apache/directory/shared/ldap/aci/ProtectedItem.java
URL: http://svn.apache.org/viewvc/directory/shared/trunk/ldap-aci/src/main/java/org/apache/directory/shared/ldap/aci/ProtectedItem.java?rev=959029&view=auto
==============================================================================
--- directory/shared/trunk/ldap-aci/src/main/java/org/apache/directory/shared/ldap/aci/ProtectedItem.java (added)
+++ directory/shared/trunk/ldap-aci/src/main/java/org/apache/directory/shared/ldap/aci/ProtectedItem.java Tue Jun 29 16:56:07 2010
@@ -0,0 +1,682 @@
+/*
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *  
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *  
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License. 
+ *  
+ */
+package org.apache.directory.shared.ldap.aci;
+
+
+import java.io.Serializable;
+import java.util.Collections;
+import java.util.Iterator;
+import java.util.Set;
+
+import org.apache.directory.shared.ldap.filter.ExprNode;
+
+
+/**
+ * Defines the items to which the access controls apply.  It's one of the
+ * following elements :
+ * 
+ * 
+ * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
+ */
+public abstract class ProtectedItem
+{
+    /**
+     * The entry contents as a whole. In case of a family member, it also means
+     * the entry content of each subordinate family member within the same
+     * compound attribute. It does not necessarily include the information in
+     * these entries. This element shall be ignored if the classes element is
+     * present, since this latter element selects protected entries (and
+     * subordinate family members) on the basis of their object class.
+     */
+    public static final Entry ENTRY = new Entry();
+
+    /**
+     * All user attribute type information associated with the entry, but not
+     * values associated with those attributes.
+     */
+    public static final AllUserAttributeTypes ALL_USER_ATTRIBUTE_TYPES = new AllUserAttributeTypes();
+
+    /**
+     * All user attribute information associated with the entry, including all
+     * values of all user attributes.
+     */
+    public static final AllUserAttributeTypesAndValues ALL_USER_ATTRIBUTE_TYPES_AND_VALUES = new AllUserAttributeTypesAndValues();
+
+
+    /**
+     * Creates a new instance.
+     */
+    protected ProtectedItem()
+    {
+    }
+
+    /**
+     * The contents of entries (possibly a family member) which are restricted
+     * to those that have object class values that satisfy the predicate defined
+     * by Refinement (see 12.3.5), together (in the case of an ancestor or other
+     * family member) with the entry contents as a whole of each subordinate
+     * family member entry; it does not necessarily include the information in
+     * these entries.
+     */
+    public static class Classes extends ProtectedItem
+    {
+        private static final long serialVersionUID = -8553151906617285325L;
+
+        private final ExprNode classes;
+
+
+        /**
+         * Creates a new instance.
+         * 
+         * @param classes
+         *            refinement
+         */
+        public Classes( ExprNode classes )
+        {
+            this.classes = classes;
+        }
+
+
+        public ExprNode getClasses()
+        {
+            return classes;
+        }
+
+
+        /**
+         * {@inheritDoc}
+         */
+        @Override
+        public int hashCode()
+        {
+            int hash = 37;
+            hash = hash * 17 + getClass().getName().hashCode();
+            return hash;
+        }
+
+
+        /**
+         * {@inheritDoc}
+         */
+        @Override
+        public boolean equals( Object o )
+        {
+            if ( this == o )
+            {
+                return true;
+            }
+
+            if ( o instanceof Classes )
+            {
+                Classes that = ( Classes ) o;
+                return this.classes.equals( that.classes );
+            }
+
+            return false;
+        }
+
+
+        /**
+         * @see Object#toString()
+         */
+        public String toString()
+        {
+            StringBuilder buf = new StringBuilder();
+
+            buf.append( "classes " );
+            classes.printRefinementToBuffer( buf );
+
+            return buf.toString();
+        }
+    }
+
+    /**
+     * The entry contents as a whole. In case of a family member, it also means
+     * the entry content of each subordinate family member within the same
+     * compound attribute. It does not necessarily include the information in
+     * these entries. This element shall be ignored if the classes element is
+     * present, since this latter element selects protected entries (and
+     * subordinate family members) on the basis of their object class.
+     */
+    public static class Entry extends ProtectedItem
+    {
+        private static final long serialVersionUID = -6971482229815999874L;
+
+
+        private Entry()
+        {
+        }
+
+
+        public String toString()
+        {
+            return "entry";
+        }
+    }
+
+    /**
+     * All user attribute type information associated with the entry, but not
+     * values associated with those attributes.
+     */
+    public static class AllUserAttributeTypes extends ProtectedItem
+    {
+        private static final long serialVersionUID = 3728652941148931359L;
+
+
+        private AllUserAttributeTypes()
+        {
+        }
+
+
+        public String toString()
+        {
+            return "allUserAttributeTypes";
+        }
+    }
+
+    /**
+     * All user attribute information associated with the entry, including all
+     * values of all user attributes.
+     */
+    public static class AllUserAttributeTypesAndValues extends ProtectedItem
+    {
+        private static final long serialVersionUID = 7250988885983604442L;
+
+
+        private AllUserAttributeTypesAndValues()
+        {
+        }
+
+
+        public String toString()
+        {
+            return "allUserAttributeTypesAndValues";
+        }
+    }
+
+
+    /**
+     * Restricts the maximum number of attribute values allowed for a specified
+     * attribute type. It is examined if the protected item is an attribute
+     * value of the specified type and the permission sought is add. Values of
+     * that attribute in the entry are counted without regard to context or
+     * access control and as though the operation which adds the values were
+     * successful. If the number of values in the attribute exceeds maxCount,
+     * the ACI item is treated as not granting add access.
+     */
+    public static class MaxValueCount extends ProtectedItem
+    {
+        private static final long serialVersionUID = 5261651541488944572L;
+
+        private final Set<ProtectedItem.MaxValueCountItem> items;
+
+
+        /**
+         * Creates a new instance.
+         * 
+         * @param items
+         *            the collection of {@link MaxValueCountItem}s.
+         */
+        public MaxValueCount( Set<MaxValueCountItem> items )
+        {
+            this.items = Collections.unmodifiableSet( items );
+        }
+
+
+        /**
+         * Returns an iterator of all {@link MaxValueCountItem}s.
+         */
+        public Iterator<MaxValueCountItem> iterator()
+        {
+            return items.iterator();
+        }
+
+
+        /**
+         * {@inheritDoc}
+         */
+        @Override
+        public int hashCode()
+        {
+            int hash = 37;
+            hash = hash * 17 + items.hashCode();
+            return hash;
+        }
+
+
+        /**
+         * {@inheritDoc}
+         */
+        @Override
+        public boolean equals( Object o )
+        {
+            if ( this == o )
+            {
+                return true;
+            }
+
+            if ( o == null )
+            {
+                return false;
+            }
+
+            if ( o instanceof MaxValueCount )
+            {
+                MaxValueCount that = ( MaxValueCount ) o;
+                return this.items.equals( that.items );
+            }
+
+            return false;
+        }
+
+
+        public String toString()
+        {
+            StringBuilder buf = new StringBuilder();
+
+            buf.append( "maxValueCount {" );
+
+            boolean isFirst = true;
+
+            for ( MaxValueCountItem item : items )
+            {
+                if ( isFirst )
+                {
+                    isFirst = false;
+                }
+                else
+                {
+                    buf.append( ", " );
+                }
+
+                buf.append( item.toString() );
+            }
+
+            buf.append( "}" );
+
+            return buf.toString();
+        }
+    }
+
+    /**
+     * Any attribute value which matches the specified filter, i.e. for which
+     * the specified filter evaluated on that attribute value would return TRUE.
+     */
+    public static class RangeOfValues extends ProtectedItem
+    {
+        private static final long serialVersionUID = -8553151906617285325L;
+
+        private final ExprNode filter;
+
+
+        /**
+         * Creates a new instance.
+         * 
+         * @param filter
+         *            the expression
+         */
+        public RangeOfValues( ExprNode filter )
+        {
+            if ( filter == null )
+            {
+                throw new IllegalArgumentException( "filter" );
+            }
+
+            this.filter = filter;
+        }
+
+
+        /**
+         * Returns the expression.
+         */
+        public ExprNode getFilter()
+        {
+            return filter;
+        }
+
+
+        /**
+         * {@inheritDoc}
+         */
+        @Override
+        public int hashCode()
+        {
+            int hash = 37;
+            hash = hash * 17 + filter.hashCode();
+            return hash;
+        }
+
+
+        /**
+         * {@inheritDoc}
+         */
+        @Override
+        public boolean equals( Object o )
+        {
+            if ( this == o )
+            {
+                return true;
+            }
+
+            if ( o instanceof RangeOfValues )
+            {
+                RangeOfValues that = ( RangeOfValues ) o;
+                return this.filter.equals( that.filter );
+            }
+
+            return false;
+        }
+
+
+        public String toString()
+        {
+            StringBuilder buf = new StringBuilder();
+
+            buf.append( "rangeOfValues " );
+            buf.append( filter.toString() );
+
+            return buf.toString();
+        }
+    }
+
+    /**
+     * Restricts the maximum number of immediate subordinates of the superior
+     * entry to an entry being added or imported. It is examined if the
+     * protected item is an entry, the permission sought is add or import, and
+     * the immediate superior entry is in the same DSA as the entry being added
+     * or imported. Immediate subordinates of the superior entry are counted
+     * without regard to context or access control as though the entry addition
+     * or importing were successful. If the number of subordinates exceeds
+     * maxImmSub, the ACI item is treated as not granting add or import access.
+     */
+    public static class MaxImmSub extends ProtectedItem
+    {
+        private static final long serialVersionUID = -8553151906617285325L;
+
+        private final int value;
+
+
+        /**
+         * Creates a new instance.
+         * 
+         * @param value
+         *            The maximum number of immediate subordinates
+         */
+        public MaxImmSub( int value )
+        {
+            this.value = value;
+        }
+
+
+        /**
+         * Returns the maximum number of immediate subordinates.
+         */
+        public int getValue()
+        {
+            return value;
+        }
+
+
+        /**
+         * {@inheritDoc}
+         */
+        @Override
+        public int hashCode()
+        {
+            int hash = 37;
+            hash = hash * 17 + value;
+            return hash;
+        }
+
+
+        /**
+         * {@inheritDoc}
+         */
+        @Override
+        public boolean equals( Object o )
+        {
+            if ( this == o )
+            {
+                return true;
+            }
+
+            if ( o instanceof MaxImmSub )
+            {
+                MaxImmSub that = ( MaxImmSub ) o;
+                return this.value == that.value;
+            }
+
+            return false;
+        }
+
+
+        public String toString()
+        {
+            return "maxImmSub " + value;
+        }
+    }
+
+    /**
+     * Restricts values added to the attribute type to being values that are
+     * already present in the same entry as values of the attribute valuesIn. It
+     * is examined if the protected item is an attribute value of the specified
+     * type and the permission sought is add. Values of the valuesIn attribute
+     * are checked without regard to context or access control and as though the
+     * operation which adds the values were successful. If the value to be added
+     * is not present in valuesIn the ACI item is treated as not granting add
+     * access.
+     */
+    public static class RestrictedBy extends ProtectedItem
+    {
+        private static final long serialVersionUID = -8157637446588058799L;
+        private final Set<RestrictedByItem> items;
+
+
+        /**
+         * Creates a new instance.
+         * 
+         * @param items the collection of {@link RestrictedByItem}s.
+         */
+        public RestrictedBy( Set<RestrictedByItem> items )
+        {
+            this.items = Collections.unmodifiableSet( items );
+        }
+
+
+        /**
+         * Returns an iterator of all {@link RestrictedByItem}s.
+         */
+        public Iterator<RestrictedByItem> iterator()
+        {
+            return items.iterator();
+        }
+
+
+        /**
+         * {@inheritDoc}
+         */
+        @Override
+        public int hashCode()
+        {
+            int hash = 37;
+            hash = hash * 17 + items.hashCode();
+            return hash;
+        }
+
+
+        /**
+         * {@inheritDoc}
+         */
+        @Override
+        public boolean equals( Object o )
+        {
+            if ( this == o )
+            {
+                return true;
+            }
+
+            if ( o == null )
+            {
+                return false;
+            }
+
+            if ( o instanceof RestrictedBy )
+            {
+                RestrictedBy that = ( RestrictedBy ) o;
+                return this.items.equals( that.items );
+            }
+
+            return false;
+        }
+
+
+        public String toString()
+        {
+            StringBuilder buf = new StringBuilder();
+
+            buf.append( "restrictedBy {" );
+
+            boolean isFirst = true;
+
+            for ( RestrictedByItem item : items )
+            {
+                if ( isFirst )
+                {
+                    isFirst = false;
+                }
+                else
+                {
+                    buf.append( ", " );
+                }
+
+                buf.append( item.toString() );
+            }
+
+            buf.append( '}' );
+
+            return buf.toString();
+        }
+    }
+
+    /**
+     * An element of {@link MaxValueCount}.
+     */
+    public static class MaxValueCountItem implements Serializable
+    {
+        private static final long serialVersionUID = 43697038363452113L;
+
+        private String attributeType;
+
+        private int maxCount;
+
+
+        /**
+         * Creates a new instance.
+         * 
+         * @param attributeType
+         *            the attribute ID to limit the maximum count
+         * @param maxCount
+         *            the maximum count of the attribute allowed
+         */
+
+        public MaxValueCountItem( String attributeType, int maxCount )
+        {
+            this.attributeType = attributeType;
+            this.maxCount = maxCount;
+        }
+
+
+        /**
+         * Returns the attribute ID to limit the maximum count.
+         */
+        public String getAttributeType()
+        {
+            return attributeType;
+        }
+
+
+        /**
+         * Returns the maximum count of the attribute allowed.
+         */
+        public int getMaxCount()
+        {
+            return maxCount;
+        }
+
+
+        public String toString()
+        {
+            return "{ type " + attributeType + ", maxCount " + maxCount + " }";
+        }
+    }
+
+    /**
+     * An element of {@link RestrictedBy}.
+     */
+    public static class RestrictedByItem implements Serializable
+    {
+        private static final long serialVersionUID = 4319052153538757099L;
+
+        private String attributeType;
+
+        private String valuesIn;
+
+
+        /**
+         * Creates a new instance.
+         * 
+         * @param attributeType
+         *            the attribute type to restrict
+         * @param valuesIn
+         *            the attribute type only whose values are allowed in
+         *            <tt>attributeType</tt>.
+         */
+        public RestrictedByItem( String attributeType, String valuesIn )
+        {
+            this.attributeType = attributeType;
+            this.valuesIn = valuesIn;
+        }
+
+
+        /**
+         * Returns the attribute type to restrict.
+         */
+        public String getAttributeType()
+        {
+            return attributeType;
+        }
+
+
+        /**
+         * Returns the attribute type only whose values are allowed in
+         * <tt>attributeType</tt>.
+         */
+        public String getValuesIn()
+        {
+            return valuesIn;
+        }
+
+
+        public String toString()
+        {
+            return "{ type " + attributeType + ", valuesIn " + valuesIn + " }";
+        }
+    }
+}

Added: directory/shared/trunk/ldap-aci/src/main/java/org/apache/directory/shared/ldap/aci/ReusableAntlrACIItemChecker.java
URL: http://svn.apache.org/viewvc/directory/shared/trunk/ldap-aci/src/main/java/org/apache/directory/shared/ldap/aci/ReusableAntlrACIItemChecker.java?rev=959029&view=auto
==============================================================================
--- directory/shared/trunk/ldap-aci/src/main/java/org/apache/directory/shared/ldap/aci/ReusableAntlrACIItemChecker.java (added)
+++ directory/shared/trunk/ldap-aci/src/main/java/org/apache/directory/shared/ldap/aci/ReusableAntlrACIItemChecker.java Tue Jun 29 16:56:07 2010
@@ -0,0 +1,61 @@
+/*
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *  
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *  
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License. 
+ *  
+ */
+
+package org.apache.directory.shared.ldap.aci;
+
+
+
+import antlr.TokenStream;
+
+
+/**
+ * A reusable parser class extended from antlr generated parser for an LDAP
+ * subtree specification as defined by <a
+ * href="http://www.faqs.org/rfcs/rfc3672.html"> RFC 3672</a>. This class
+ * enables the reuse of the antlr parser without having to recreate the it every
+ * time as stated in <a
+ * href="http://www.antlr.org:8080/pipermail/antlr-interest/2003-April/003631.html">
+ * a Antlr Interest Group mail</a> .
+ * 
+ * @see <a href="http://www.faqs.org/rfcs/rfc3672.html">RFC 3672</a>
+ * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
+ */
+class ReusableAntlrACIItemChecker extends AntlrACIItemChecker
+{
+    /**
+     * Creates a ReusableAntlrACIItemChecker instance.
+     */
+    public ReusableAntlrACIItemChecker( TokenStream lexer )
+    {
+        super( lexer );
+    }
+
+
+    /**
+     * Resets the state of an antlr parser.
+     */
+    public void resetState()
+    {
+        // no set method for this protected field.
+        this.traceDepth = 0;
+
+        this.getInputState().reset();
+    }
+}

Added: directory/shared/trunk/ldap-aci/src/main/java/org/apache/directory/shared/ldap/aci/ReusableAntlrACIItemCheckerLexer.java
URL: http://svn.apache.org/viewvc/directory/shared/trunk/ldap-aci/src/main/java/org/apache/directory/shared/ldap/aci/ReusableAntlrACIItemCheckerLexer.java?rev=959029&view=auto
==============================================================================
--- directory/shared/trunk/ldap-aci/src/main/java/org/apache/directory/shared/ldap/aci/ReusableAntlrACIItemCheckerLexer.java (added)
+++ directory/shared/trunk/ldap-aci/src/main/java/org/apache/directory/shared/ldap/aci/ReusableAntlrACIItemCheckerLexer.java Tue Jun 29 16:56:07 2010
@@ -0,0 +1,80 @@
+/*
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *  
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *  
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License. 
+ *  
+ */
+
+package org.apache.directory.shared.ldap.aci;
+
+
+import java.io.Reader;
+
+import antlr.CharBuffer;
+import antlr.LexerSharedInputState;
+
+
+/**
+ * A reusable lexer class extended from antlr generated lexer for an LDAP
+ * subtree specification as defined by <a
+ * href="http://www.faqs.org/rfcs/rfc3672.html"> RFC 3672</a>. This class
+ * enables the reuse of the antlr lexer without having to recreate the it every
+ * time as stated in <a
+ * href="http://www.antlr.org:8080/pipermail/antlr-interest/2003-April/003631.html">
+ * a Antlr Interest Group mail</a> .
+ * 
+ * @see <a href="http://www.faqs.org/rfcs/rfc3672.html">RFC 3672</a>
+ * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
+ */
+class ReusableAntlrACIItemCheckerLexer extends AntlrACIItemCheckerLexer
+{
+    private boolean savedCaseSensitive;
+
+    private boolean savedCaseSensitiveLiterals;
+
+
+    /**
+     * Creates a ReusableAntlrACIItemCheckerLexer instance.
+     * 
+     * @param in
+     *            the input to the lexer
+     */
+    public ReusableAntlrACIItemCheckerLexer(Reader in)
+    {
+        super( in );
+        savedCaseSensitive = getCaseSensitive();
+        savedCaseSensitiveLiterals = getCaseSensitiveLiterals();
+    }
+
+
+    /**
+     * Resets the state of an antlr lexer and initializes it with new input.
+     * 
+     * @param in
+     *            the input to the lexer
+     */
+    public void prepareNextInput( Reader in )
+    {
+        CharBuffer buf = new CharBuffer( in );
+        LexerSharedInputState state = new LexerSharedInputState( buf );
+        this.setInputState( state );
+
+        this.setCaseSensitive( savedCaseSensitive );
+
+        // no set method for this protected field.
+        this.caseSensitiveLiterals = savedCaseSensitiveLiterals;
+    }
+}

Added: directory/shared/trunk/ldap-aci/src/main/java/org/apache/directory/shared/ldap/aci/ReusableAntlrACIItemLexer.java
URL: http://svn.apache.org/viewvc/directory/shared/trunk/ldap-aci/src/main/java/org/apache/directory/shared/ldap/aci/ReusableAntlrACIItemLexer.java?rev=959029&view=auto
==============================================================================
--- directory/shared/trunk/ldap-aci/src/main/java/org/apache/directory/shared/ldap/aci/ReusableAntlrACIItemLexer.java (added)
+++ directory/shared/trunk/ldap-aci/src/main/java/org/apache/directory/shared/ldap/aci/ReusableAntlrACIItemLexer.java Tue Jun 29 16:56:07 2010
@@ -0,0 +1,80 @@
+/*
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *  
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *  
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License. 
+ *  
+ */
+
+package org.apache.directory.shared.ldap.aci;
+
+
+import java.io.Reader;
+
+import antlr.CharBuffer;
+import antlr.LexerSharedInputState;
+
+
+/**
+ * A reusable lexer class extended from antlr generated lexer for an LDAP
+ * subtree specification as defined by <a
+ * href="http://www.faqs.org/rfcs/rfc3672.html"> RFC 3672</a>. This class
+ * enables the reuse of the antlr lexer without having to recreate the it every
+ * time as stated in <a
+ * href="http://www.antlr.org:8080/pipermail/antlr-interest/2003-April/003631.html">
+ * a Antlr Interest Group mail</a> .
+ * 
+ * @see <a href="http://www.faqs.org/rfcs/rfc3672.html">RFC 3672</a>
+ * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
+ */
+class ReusableAntlrACIItemLexer extends AntlrACIItemLexer
+{
+    private boolean savedCaseSensitive;
+
+    private boolean savedCaseSensitiveLiterals;
+
+
+    /**
+     * Creates a ReusableAntlrSubtreeSpecificationLexer instance.
+     * 
+     * @param in
+     *            the input to the lexer
+     */
+    public ReusableAntlrACIItemLexer(Reader in)
+    {
+        super( in );
+        savedCaseSensitive = getCaseSensitive();
+        savedCaseSensitiveLiterals = getCaseSensitiveLiterals();
+    }
+
+
+    /**
+     * Resets the state of an antlr lexer and initializes it with new input.
+     * 
+     * @param in
+     *            the input to the lexer
+     */
+    public void prepareNextInput( Reader in )
+    {
+        CharBuffer buf = new CharBuffer( in );
+        LexerSharedInputState state = new LexerSharedInputState( buf );
+        this.setInputState( state );
+
+        this.setCaseSensitive( savedCaseSensitive );
+
+        // no set method for this protected field.
+        this.caseSensitiveLiterals = savedCaseSensitiveLiterals;
+    }
+}

Added: directory/shared/trunk/ldap-aci/src/main/java/org/apache/directory/shared/ldap/aci/ReusableAntlrACIItemParser.java
URL: http://svn.apache.org/viewvc/directory/shared/trunk/ldap-aci/src/main/java/org/apache/directory/shared/ldap/aci/ReusableAntlrACIItemParser.java?rev=959029&view=auto
==============================================================================
--- directory/shared/trunk/ldap-aci/src/main/java/org/apache/directory/shared/ldap/aci/ReusableAntlrACIItemParser.java (added)
+++ directory/shared/trunk/ldap-aci/src/main/java/org/apache/directory/shared/ldap/aci/ReusableAntlrACIItemParser.java Tue Jun 29 16:56:07 2010
@@ -0,0 +1,60 @@
+/*
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *  
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *  
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License. 
+ *  
+ */
+
+package org.apache.directory.shared.ldap.aci;
+
+
+import antlr.TokenStream;
+
+
+/**
+ * A reusable parser class extended from antlr generated parser for an LDAP
+ * subtree specification as defined by <a
+ * href="http://www.faqs.org/rfcs/rfc3672.html"> RFC 3672</a>. This class
+ * enables the reuse of the antlr parser without having to recreate the it every
+ * time as stated in <a
+ * href="http://www.antlr.org:8080/pipermail/antlr-interest/2003-April/003631.html">
+ * a Antlr Interest Group mail</a> .
+ * 
+ * @see <a href="http://www.faqs.org/rfcs/rfc3672.html">RFC 3672</a>
+ * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
+ */
+class ReusableAntlrACIItemParser extends AntlrACIItemParser
+{
+    /**
+     * Creates a ReusableAntlrSubtreeSpecificationParser instance.
+     */
+    public ReusableAntlrACIItemParser(TokenStream lexer)
+    {
+        super( lexer );
+    }
+
+
+    /**
+     * Resets the state of an antlr parser.
+     */
+    public void resetState()
+    {
+        // no set method for this protected field.
+        this.traceDepth = 0;
+
+        this.getInputState().reset();
+    }
+}

Added: directory/shared/trunk/ldap-aci/src/main/java/org/apache/directory/shared/ldap/aci/UserClass.java
URL: http://svn.apache.org/viewvc/directory/shared/trunk/ldap-aci/src/main/java/org/apache/directory/shared/ldap/aci/UserClass.java?rev=959029&view=auto
==============================================================================
--- directory/shared/trunk/ldap-aci/src/main/java/org/apache/directory/shared/ldap/aci/UserClass.java (added)
+++ directory/shared/trunk/ldap-aci/src/main/java/org/apache/directory/shared/ldap/aci/UserClass.java Tue Jun 29 16:56:07 2010
@@ -0,0 +1,383 @@
+/*
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *  
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *  
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License. 
+ *  
+ */
+package org.apache.directory.shared.ldap.aci;
+
+
+import java.io.Serializable;
+import java.util.Collections;
+import java.util.HashSet;
+import java.util.Set;
+
+import org.apache.directory.shared.ldap.name.DN;
+import org.apache.directory.shared.ldap.subtree.SubtreeSpecification;
+
+
+/**
+ * Defines a set of zero or more users the permissions apply to.
+ * 
+ * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
+ */
+public abstract class UserClass implements Serializable
+{
+    private static final long serialVersionUID = -123919984184219893L;
+
+    /**
+     * Every directory user (with possible requirements for
+     * authenticationLevel).
+     */
+    public static final AllUsers ALL_USERS = new AllUsers();
+
+    /**
+     * The user with the same distinguished name as the entry being accessed, or
+     * if the entry is a member of a family, then additionally the user with the
+     * distinguished name of the ancestor.
+     */
+    public static final ThisEntry THIS_ENTRY = new ThisEntry();
+
+    /**
+     * The user as parent (ancestor) of accessed entry.
+     */
+    public static final ParentOfEntry PARENT_OF_ENTRY = new ParentOfEntry();
+
+
+    /**
+     * Creates a new instance.
+     */
+    protected UserClass()
+    {
+    }
+
+    /**
+     * Every directory user (with possible requirements for
+     * authenticationLevel).
+     */
+    public static class AllUsers extends UserClass
+    {
+        private static final long serialVersionUID = 8967984720792510292L;
+
+
+        private AllUsers()
+        {
+        }
+
+
+        public String toString()
+        {
+            return "allUsers";
+        }
+    }
+
+    /**
+     * The user with the same distinguished name as the entry being accessed, or
+     * if the entry is a member of a family, then additionally the user with the
+     * distinguished name of the ancestor.
+     */
+    public static class ThisEntry extends UserClass
+    {
+        private static final long serialVersionUID = -8189325270233754470L;
+
+
+        private ThisEntry()
+        {
+        }
+
+
+        public String toString()
+        {
+            return "thisEntry";
+        }
+    }
+
+    /**
+     * The user as parent (ancestor) of accessed entry.
+     */
+    public static class ParentOfEntry extends UserClass
+    {
+        private static final long serialVersionUID = 5247207736068086476L;
+
+
+        private ParentOfEntry()
+        {
+        }
+
+
+        public String toString()
+        {
+            return "parentOfEntry";
+        }
+
+    }
+
+    /**
+     * A base class for all user classes which has a set of DNs.
+     */
+    private static abstract class NamedUserClass extends UserClass
+    {
+        private static final long serialVersionUID = 8571875984468893621L;
+        protected final Set<DN> names;
+
+
+        /**
+         * Creates a new instance.
+         * 
+         * @param names a set of names
+         */
+        protected NamedUserClass( Set<DN> names )
+        {
+            if ( names == null )
+            {
+                this.names = Collections.unmodifiableSet( new HashSet<DN>() );
+            }
+            else
+            {
+                this.names = Collections.unmodifiableSet( new HashSet<DN>( names ) );
+            }
+        }
+
+
+        /**
+         * Returns the set of all names.
+         */
+        public Set<DN> getNames()
+        {
+            return names;
+        }
+
+
+        /**
+         * {@inheritDoc}
+         */
+        @Override
+        public boolean equals( Object o )
+        {
+            if ( this == o )
+            {
+                return true;
+            }
+
+            if ( o == null )
+            {
+                return false;
+            }
+
+            if ( getClass().isAssignableFrom( o.getClass() ) )
+            {
+                Name that = ( Name ) o;
+                return this.names.equals( that.names );
+            }
+
+            return false;
+        }
+
+
+        /**
+         * {@inheritDoc}
+         */
+        @Override
+        public int hashCode()
+        {
+            int result = 37;
+
+            for ( DN dn : this.names )
+            {
+                result = result * 17 + dn.hashCode();
+            }
+
+            return result;
+        }
+
+
+        public String toString()
+        {
+            StringBuilder buffer = new StringBuilder();
+
+            boolean isFirst = true;
+            buffer.append( "{ " );
+
+            for ( DN name : names )
+            {
+                if ( isFirst )
+                {
+                    isFirst = false;
+                }
+                else
+                {
+                    buffer.append( ", " );
+                }
+
+                buffer.append( '"' );
+                buffer.append( name.toString() );
+                buffer.append( '"' );
+            }
+
+            buffer.append( " }" );
+
+            return buffer.toString();
+        }
+    }
+
+    /**
+     * The user with the specified distinguished name.
+     */
+    public static class Name extends NamedUserClass
+    {
+        private static final long serialVersionUID = -4168412030168359882L;
+
+
+        /**
+         * Creates a new instance.
+         * 
+         * @param usernames
+         *            the set of user DNs.
+         */
+        public Name( Set<DN> usernames )
+        {
+            super( usernames );
+        }
+
+
+        public String toString()
+        {
+            return "name " + super.toString();
+        }
+    }
+
+    /**
+     * The set of users who are members of the groupOfUniqueNames entry,
+     * identified by the specified distinguished name. Members of a group of
+     * unique names are treated as individual object names, and not as the names
+     * of other groups of unique names.
+     */
+    public static class UserGroup extends NamedUserClass
+    {
+        private static final long serialVersionUID = 8887107815072965807L;
+
+
+        /**
+         * Creates a new instance.
+         * 
+         * @param groupNames
+         *            the set of group DNs.
+         */
+        public UserGroup( Set<DN> groupNames )
+        {
+            super( groupNames );
+        }
+
+
+        public String toString()
+        {
+            return "userGroup " + super.toString();
+        }
+    }
+
+    /**
+     * The set of users whose distinguished names fall within the definition of
+     * the (unrefined) subtree.
+     */
+    public static class Subtree extends UserClass
+    {
+        private static final long serialVersionUID = 3949337699049701332L;
+
+        protected final Set<SubtreeSpecification> subtreeSpecifications;
+
+
+        /**
+         * Creates a new instance.
+         * 
+         * @param subtreeSpecs
+         *            the collection of unrefined {@link SubtreeSpecification}s.
+         */
+        public Subtree( Set<SubtreeSpecification> subtreeSpecs )
+        {
+            this.subtreeSpecifications = Collections.unmodifiableSet( subtreeSpecs );
+        }
+
+
+        /**
+         * Returns the collection of unrefined {@link SubtreeSpecification}s.
+         */
+        public Set<SubtreeSpecification> getSubtreeSpecifications()
+        {
+            return subtreeSpecifications;
+        }
+
+
+        /**
+         * {@inheritDoc}
+         */
+        @Override
+        public int hashCode()
+        {
+            int hash = 37;
+            hash = hash * 17 + subtreeSpecifications.hashCode();
+
+            return hash;
+        }
+
+
+        /**
+         * {@inheritDoc}
+         */
+        @Override
+        public boolean equals( Object o )
+        {
+            if ( this == o )
+            {
+                return true;
+            }
+
+            if ( o instanceof Subtree )
+            {
+                Subtree that = ( Subtree ) o;
+                return this.subtreeSpecifications.equals( that.subtreeSpecifications );
+            }
+
+            return false;
+        }
+
+
+        public String toString()
+        {
+            StringBuilder buffer = new StringBuilder();
+
+            boolean isFirst = true;
+            buffer.append( "subtree { " );
+
+            for ( SubtreeSpecification ss : subtreeSpecifications )
+            {
+                if ( isFirst )
+                {
+                    isFirst = false;
+                }
+                else
+                {
+                    buffer.append( ", " );
+                }
+
+                ss.printToBuffer( buffer );
+            }
+
+            buffer.append( " }" );
+
+            return buffer.toString();
+        }
+    }
+}

Added: directory/shared/trunk/ldap-aci/src/main/java/org/apache/directory/shared/ldap/aci/UserFirstACIItem.java
URL: http://svn.apache.org/viewvc/directory/shared/trunk/ldap-aci/src/main/java/org/apache/directory/shared/ldap/aci/UserFirstACIItem.java?rev=959029&view=auto
==============================================================================
--- directory/shared/trunk/ldap-aci/src/main/java/org/apache/directory/shared/ldap/aci/UserFirstACIItem.java (added)
+++ directory/shared/trunk/ldap-aci/src/main/java/org/apache/directory/shared/ldap/aci/UserFirstACIItem.java Tue Jun 29 16:56:07 2010
@@ -0,0 +1,182 @@
+/*
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *  
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *  
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License. 
+ *  
+ */
+package org.apache.directory.shared.ldap.aci;
+
+
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.Collections;
+import java.util.Set;
+
+import org.apache.directory.shared.ldap.constants.AuthenticationLevel;
+
+
+/**
+ * An {@link ACIItem} which specifies {@link UserClass}es first and then
+ * {@link ProtectedItem}s each {@link UserClass} will have. (18.4.2.4. X.501)
+ * 
+ * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
+ */
+public class UserFirstACIItem extends ACIItem
+{
+    private static final long serialVersionUID = 5587483838404246148L;
+
+    private final Collection<UserClass> userClasses;
+
+    private final Collection<UserPermission> userPermissions;
+
+
+    /**
+     * Creates a new instance.
+     * 
+     * @param identificationTag
+     *            the id string of this item
+     * @param precedence
+     *            the precedence of this item
+     * @param authenticationLevel
+     *            the level of authentication required to this item
+     * @param userClasses
+     *            the collection of {@link UserClass}es this item protects
+     * @param userPermissions
+     *            the collection of {@link UserPermission}s each
+     *            <tt>protectedItems</tt> will have
+     */
+    public UserFirstACIItem(String identificationTag, int precedence, AuthenticationLevel authenticationLevel,
+        Collection<UserClass> userClasses, Collection<UserPermission> userPermissions)
+    {
+        super( identificationTag, precedence, authenticationLevel );
+
+        this.userClasses = Collections.unmodifiableCollection( new ArrayList<UserClass>( userClasses ) );
+        this.userPermissions = Collections.unmodifiableCollection( new ArrayList<UserPermission>( userPermissions ) );
+    }
+
+
+    /**
+     * Returns the set of {@link UserClass}es.
+     */
+    public Collection<UserClass> getUserClasses()
+    {
+        return userClasses;
+    }
+
+
+    /**
+     * Returns the set of {@link UserPermission}s.
+     */
+    public Collection<UserPermission> getUserPermission()
+    {
+        return userPermissions;
+    }
+
+
+    public String toString()
+    {
+        StringBuilder buf = new StringBuilder();
+        
+        // identificationTag
+        buf.append( "{ identificationTag \"" );
+        buf.append( getIdentificationTag() );
+        buf.append( "\", " );
+        
+        // precedence
+        buf.append( "precedence " );
+        buf.append( getPrecedence() );
+        buf.append( ", " );
+        
+        // authenticationLevel
+        buf.append( "authenticationLevel " );
+        buf.append( getAuthenticationLevel().getName() );
+        buf.append( ", " );
+        
+        // itemOrUserFirst
+        buf.append( "itemOrUserFirst userFirst: { " );
+        
+        // protectedItems
+        buf.append( "userClasses { " );
+
+        boolean isFirst = true;
+        
+        for ( UserClass userClass:userClasses )
+        {
+            if ( isFirst )
+            {
+                isFirst = false;
+            }
+            else
+            {
+                buf.append( ", " );
+            }
+            
+            buf.append( userClass.toString() );
+        }
+
+        buf.append( " }, " );
+        
+        // itemPermissions
+        buf.append( "userPermissions { " );
+
+        isFirst = true;
+        
+        for ( UserPermission permission:userPermissions )
+        {
+            if ( isFirst )
+            {
+                isFirst = false;
+            }
+            else
+            {
+                buf.append( ", " );
+            }
+            
+            buf.append( permission.toString() );
+        }
+        
+        buf.append( " } } }" );
+
+        return buf.toString();
+    }
+
+
+    public Collection<ACITuple> toTuples()
+    {
+        Collection<ACITuple> tuples = new ArrayList<ACITuple>();
+
+        for ( UserPermission userPermission:userPermissions )
+        {
+            Set<GrantAndDenial> grants = userPermission.getGrants();
+            Set<GrantAndDenial> denials = userPermission.getDenials();
+            int precedence = userPermission.getPrecedence() != null ? 
+                userPermission.getPrecedence() :
+                this.getPrecedence();
+
+            if ( grants.size() > 0 )
+            {
+                tuples.add( new ACITuple( getUserClasses(), getAuthenticationLevel(), userPermission
+                    .getProtectedItems(), toMicroOperations( grants ), true, precedence ) );
+            }
+            if ( denials.size() > 0 )
+            {
+                tuples.add( new ACITuple( getUserClasses(), getAuthenticationLevel(), userPermission
+                    .getProtectedItems(), toMicroOperations( denials ), false, precedence ) );
+            }
+        }
+        return tuples;
+    }
+}

Added: directory/shared/trunk/ldap-aci/src/main/java/org/apache/directory/shared/ldap/aci/UserPermission.java
URL: http://svn.apache.org/viewvc/directory/shared/trunk/ldap-aci/src/main/java/org/apache/directory/shared/ldap/aci/UserPermission.java?rev=959029&view=auto
==============================================================================
--- directory/shared/trunk/ldap-aci/src/main/java/org/apache/directory/shared/ldap/aci/UserPermission.java (added)
+++ directory/shared/trunk/ldap-aci/src/main/java/org/apache/directory/shared/ldap/aci/UserPermission.java Tue Jun 29 16:56:07 2010
@@ -0,0 +1,121 @@
+/*
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *  
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *  
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License. 
+ *  
+ */
+package org.apache.directory.shared.ldap.aci;
+
+
+import java.util.Collection;
+import java.util.Collections;
+
+
+/**
+ * Represents permissions to be applied to all {@link UserClass}es in
+ * {@link UserFirstACIItem}.
+ * 
+ * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
+ */
+public class UserPermission extends Permission
+{
+    private static final long serialVersionUID = 3940100745409337694L;
+
+    private final Collection<ProtectedItem> protectedItems;
+
+
+    /**
+     * Creates a new instance
+     * 
+     * @param precedence
+     *            the precedence of this permission (<tt>-1</tt> to use the
+     *            default)
+     * @param grantsAndDenials
+     *            the set of {@link GrantAndDenial}s
+     * @param protectedItems
+     *            the collection of {@link ProtectedItem}s
+     */
+    public UserPermission( Integer precedence, Collection<GrantAndDenial> grantsAndDenials, Collection<ProtectedItem> protectedItems )
+    {
+        super( precedence, grantsAndDenials );
+
+        this.protectedItems = Collections.unmodifiableCollection( protectedItems );
+    }
+
+
+    /**
+     * Returns the collection of {@link ProtectedItem}s.
+     */
+    public Collection<ProtectedItem> getProtectedItems()
+    {
+        return protectedItems;
+    }
+
+
+    public String toString()
+    {
+        StringBuilder buf = new StringBuilder();
+        
+        buf.append( "{ " );
+
+        if ( getPrecedence() != null )
+        {
+            buf.append( "precedence " );
+            buf.append( getPrecedence() );
+            buf.append( ", " );
+        }
+        
+        buf.append( "protectedItems { " );
+        
+        boolean isFirst = true;
+        
+        for ( ProtectedItem item:protectedItems )
+        {
+            if ( isFirst )
+            {
+                isFirst = false;
+            }
+            else
+            {
+                buf.append( ", " );
+            }
+            
+            buf.append( item.toString() );
+        }
+        
+        buf.append( " }, grantsAndDenials { " );
+
+        isFirst = true;
+        
+        for ( GrantAndDenial grantAndDenial:getGrantsAndDenials() )
+        {
+            if ( isFirst )
+            {
+                isFirst = false;
+            }
+            else
+            {
+                buf.append( ", " );
+            }
+
+            buf.append( grantAndDenial.toString() );
+        }
+        
+        buf.append( " } }" );
+        
+        return buf.toString();
+    }
+}

Added: directory/shared/trunk/ldap-aci/src/main/java/org/apache/directory/shared/ldap/aci/protectedItem/AbstractAttributeTypeProtectedItem.java
URL: http://svn.apache.org/viewvc/directory/shared/trunk/ldap-aci/src/main/java/org/apache/directory/shared/ldap/aci/protectedItem/AbstractAttributeTypeProtectedItem.java?rev=959029&view=auto
==============================================================================
--- directory/shared/trunk/ldap-aci/src/main/java/org/apache/directory/shared/ldap/aci/protectedItem/AbstractAttributeTypeProtectedItem.java (added)
+++ directory/shared/trunk/ldap-aci/src/main/java/org/apache/directory/shared/ldap/aci/protectedItem/AbstractAttributeTypeProtectedItem.java Tue Jun 29 16:56:07 2010
@@ -0,0 +1,122 @@
+/*
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *  
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *  
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License. 
+ *  
+ */
+package org.apache.directory.shared.ldap.aci.protectedItem;
+
+import java.util.Collections;
+import java.util.Iterator;
+import java.util.Set;
+
+import org.apache.directory.shared.ldap.aci.ProtectedItem;
+
+/**
+ * A base class for all items which protects attribute types (or its values)
+ */
+public abstract class AbstractAttributeTypeProtectedItem extends ProtectedItem
+{
+    protected final Set<String> attributeTypes;
+
+
+    /**
+     * Creates a new instance.
+     * 
+     * @param attributeTypes the collection of attirbute IDs
+     */
+    protected AbstractAttributeTypeProtectedItem( Set<String> attributeTypes )
+    {
+        this.attributeTypes = Collections.unmodifiableSet( attributeTypes );
+    }
+
+
+    /**
+     * Returns an iterator of all attribute IDs.
+     */
+    public Iterator<String> iterator()
+    {
+        return attributeTypes.iterator();
+    }
+
+
+    /**
+     * {@inheritDoc}
+     */
+    @Override
+    public int hashCode()
+    {
+        int hash = 37;
+        hash = hash * 17 + attributeTypes.hashCode();
+        return hash;
+    }
+
+
+    /**
+     * {@inheritDoc}
+     */
+    @Override
+    public boolean equals( Object o )
+    {
+        if ( this == o )
+        {
+            return true;
+        }
+
+        if ( o == null )
+        {
+            return false;
+        }
+
+        if ( getClass().isAssignableFrom( o.getClass() ) )
+        {
+            AbstractAttributeTypeProtectedItem that = ( AbstractAttributeTypeProtectedItem ) o;
+            return this.attributeTypes.equals( that.attributeTypes );
+        }
+
+        return false;
+    }
+
+
+    /**
+     * @see Object#toString()
+     */
+    public String toString()
+    {
+        StringBuilder buf = new StringBuilder();
+
+        buf.append( "{ " );
+        boolean isFirst = true;
+
+        for ( String attributeType : attributeTypes )
+        {
+            if ( isFirst )
+            {
+                isFirst = false;
+            }
+            else
+            {
+                buf.append( ", " );
+            }
+
+            buf.append( attributeType );
+        }
+
+        buf.append( " }" );
+
+        return buf.toString();
+    }
+}

Added: directory/shared/trunk/ldap-aci/src/main/java/org/apache/directory/shared/ldap/aci/protectedItem/AllAttributeValuesItem.java
URL: http://svn.apache.org/viewvc/directory/shared/trunk/ldap-aci/src/main/java/org/apache/directory/shared/ldap/aci/protectedItem/AllAttributeValuesItem.java?rev=959029&view=auto
==============================================================================
--- directory/shared/trunk/ldap-aci/src/main/java/org/apache/directory/shared/ldap/aci/protectedItem/AllAttributeValuesItem.java (added)
+++ directory/shared/trunk/ldap-aci/src/main/java/org/apache/directory/shared/ldap/aci/protectedItem/AllAttributeValuesItem.java Tue Jun 29 16:56:07 2010
@@ -0,0 +1,45 @@
+/*
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *  
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *  
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License. 
+ *  
+ */
+package org.apache.directory.shared.ldap.aci.protectedItem;
+
+import java.util.Set;
+
+/**
+ * All attribute value information pertaining to specific attributes.
+ */
+public class AllAttributeValuesItem extends AbstractAttributeTypeProtectedItem
+{
+    /**
+     * Creates a new instance.
+     * 
+     * @param attributeTypes the collection of attribute IDs.
+     */
+    public AllAttributeValuesItem( Set<String> attributeTypes )
+    {
+        super( attributeTypes );
+    }
+
+
+    public String toString()
+    {
+        return "allAttributeValues " + super.toString();
+    }
+}
+

Added: directory/shared/trunk/ldap-aci/src/main/java/org/apache/directory/shared/ldap/aci/protectedItem/AttributeTypeItem.java
URL: http://svn.apache.org/viewvc/directory/shared/trunk/ldap-aci/src/main/java/org/apache/directory/shared/ldap/aci/protectedItem/AttributeTypeItem.java?rev=959029&view=auto
==============================================================================
--- directory/shared/trunk/ldap-aci/src/main/java/org/apache/directory/shared/ldap/aci/protectedItem/AttributeTypeItem.java (added)
+++ directory/shared/trunk/ldap-aci/src/main/java/org/apache/directory/shared/ldap/aci/protectedItem/AttributeTypeItem.java Tue Jun 29 16:56:07 2010
@@ -0,0 +1,45 @@
+/*
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *  
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *  
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License. 
+ *  
+ */
+package org.apache.directory.shared.ldap.aci.protectedItem;
+
+import java.util.Set;
+
+/**
+ * Attribute type information pertaining to specific attributes but not
+ * values associated with the type.
+ */
+public class AttributeTypeItem extends AbstractAttributeTypeProtectedItem
+{
+    /**
+     * Creates a new instance.
+     * 
+     * @param attributeTypes the collection of attribute IDs.
+     */
+    public AttributeTypeItem( Set<String> attributeTypes )
+    {
+        super( attributeTypes );
+    }
+
+
+    public String toString()
+    {
+        return "attributeType " + super.toString();
+    }
+}



Mime
View raw message