Added: directory/shared/trunk/ldap/src/main/antlr/ACIItemChecker.g
URL: http://svn.apache.org/viewvc/directory/shared/trunk/ldap/src/main/antlr/ACIItemChecker.g?rev=964361&view=auto
==============================================================================
--- directory/shared/trunk/ldap/src/main/antlr/ACIItemChecker.g (added)
+++ directory/shared/trunk/ldap/src/main/antlr/ACIItemChecker.g Thu Jul 15 10:04:06 2010
@@ -0,0 +1,780 @@
+header
+{
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+
+
+package org.apache.directory.shared.ldap.aci;
+
+
+import org.apache.directory.shared.ldap.name.NameComponentNormalizer;
+}
+
+
+// ----------------------------------------------------------------------------
+// parser class definition
+// ----------------------------------------------------------------------------
+
+/**
+ * The antlr generated ACIItem checker.
+ *
+ * @author Apache Directory Project
+ */
+class AntlrACIItemChecker extends Parser;
+
+
+// ----------------------------------------------------------------------------
+// parser options
+// ----------------------------------------------------------------------------
+
+options
+{
+ k = 1; // ;-)
+ defaultErrorHandler = false;
+}
+
+
+// ----------------------------------------------------------------------------
+// imaginary tokens
+// ----------------------------------------------------------------------------
+
+tokens
+{
+ ATTRIBUTE_VALUE_CANDIDATE;
+ RANGE_OF_VALUES_CANDIDATE;
+}
+
+
+// ----------------------------------------------------------------------------
+// parser initialization
+// ----------------------------------------------------------------------------
+
+{
+ NameComponentNormalizer normalizer;
+
+ /**
+ * Creates a (normalizing) subordinate DnParser for parsing Names.
+ * This method MUST be called for each instance while we cannot do
+ * constructor overloading for this class.
+ *
+ * @return the DnParser to be used for parsing Names
+ */
+ public void init()
+ {
+ }
+
+ /**
+ * Sets the NameComponentNormalizer for this parser's dnParser.
+ */
+ public void setNormalizer(NameComponentNormalizer normalizer)
+ {
+ this.normalizer = normalizer;
+ }
+}
+
+
+// ----------------------------------------------------------------------------
+// parser productions
+// ----------------------------------------------------------------------------
+
+wrapperEntryPoint
+ :
+ ( SP )* theACIItem ( SP )* EOF
+ ;
+
+theACIItem
+ :
+ OPEN_CURLY
+ ( SP )* mainACIItemComponent ( SP )*
+ ( SEP ( SP )* mainACIItemComponent ( SP )* )*
+ CLOSE_CURLY
+ ;
+
+mainACIItemComponent
+ :
+ aci_identificationTag
+ | aci_precedence
+ | aci_authenticationLevel
+ | aci_itemOrUserFirst
+ ;
+
+aci_identificationTag
+ :
+ ID_identificationTag ( SP )+ SAFEUTF8STRING
+ ;
+
+aci_precedence
+ :
+ precedence
+ ;
+
+precedence
+ :
+ ID_precedence ( SP )+ INTEGER
+ ;
+
+aci_authenticationLevel
+ :
+ ID_authenticationLevel ( SP )+ authenticationLevel
+ ;
+
+authenticationLevel
+ :
+ ID_none
+ |
+ ID_simple
+ |
+ ID_strong
+ ;
+
+aci_itemOrUserFirst
+ :
+ ID_itemOrUserFirst ( SP )+ itemOrUserFirst
+ ;
+
+itemOrUserFirst
+ :
+ itemFirst | userFirst
+ ;
+
+itemFirst
+ :
+ ID_itemFirst ( SP )* COLON ( SP )*
+ OPEN_CURLY ( SP )*
+ (
+ protectedItems ( SP )*
+ SEP ( SP )* itemPermissions
+ | // relaxing
+ itemPermissions ( SP )*
+ SEP ( SP )* protectedItems
+ )
+ ( SP )* CLOSE_CURLY
+ ;
+
+userFirst
+ :
+ ID_userFirst ( SP )* COLON ( SP )*
+ OPEN_CURLY ( SP )*
+ (
+ userClasses ( SP )*
+ SEP ( SP )* userPermissions
+ | // relaxing
+ userPermissions ( SP )*
+ SEP ( SP )* userClasses
+ )
+ ( SP )* CLOSE_CURLY
+ ;
+
+protectedItems
+ :
+ ID_protectedItems ( SP )*
+ OPEN_CURLY ( SP )*
+ (
+ protectedItem ( SP )*
+ ( SEP ( SP )* protectedItem ( SP )* )*
+ )?
+ CLOSE_CURLY
+ ;
+
+protectedItem
+ :
+ entry
+ | allUserAttributeTypes
+ | attributeType
+ | allAttributeValues
+ | allUserAttributeTypesAndValues
+ | attributeValue
+ | selfValue
+ | rangeOfValues
+ | maxValueCount
+ | maxImmSub
+ | restrictedBy
+ | classes
+ ;
+
+entry
+ :
+ ID_entry
+ ;
+
+allUserAttributeTypes
+ :
+ ID_allUserAttributeTypes
+ ;
+
+attributeType
+ :
+ ID_attributeType ( SP )+ attributeTypeSet
+ ;
+
+allAttributeValues
+ :
+ ID_allAttributeValues ( SP )+ attributeTypeSet
+ ;
+
+allUserAttributeTypesAndValues
+ :
+ ID_allUserAttributeTypesAndValues
+ ;
+
+attributeValue
+ :
+ ATTRIBUTE_VALUE_CANDIDATE // ate the identifier for subordinate dn parser workaround
+ ;
+
+selfValue
+ :
+ ID_selfValue ( SP )+ attributeTypeSet
+ ;
+
+rangeOfValues
+ :
+ RANGE_OF_VALUES_CANDIDATE
+ ;
+
+maxValueCount
+ :
+ ID_maxValueCount ( SP )+
+ OPEN_CURLY ( SP )*
+ aMaxValueCount ( SP )*
+ ( SEP ( SP )* aMaxValueCount ( SP )*
+ )*
+ CLOSE_CURLY
+ ;
+
+aMaxValueCount
+ :
+ OPEN_CURLY ( SP )*
+ (
+ ID_type ( SP )+ oid ( SP )* SEP ( SP )*
+ ID_maxCount ( SP )+ INTEGER
+ | // relaxing
+ ID_maxCount ( SP )+ INTEGER ( SP )* SEP ( SP )*
+ ID_type ( SP )+ oid
+ )
+ ( SP )* CLOSE_CURLY
+ ;
+
+maxImmSub
+ :
+ ID_maxImmSub ( SP )+ INTEGER
+ ;
+
+restrictedBy
+ :
+ ID_restrictedBy ( SP )+
+ OPEN_CURLY ( SP )*
+ restrictedValue ( SP )*
+ ( SEP ( SP )* restrictedValue ( SP )*
+ )*
+ CLOSE_CURLY
+ ;
+
+restrictedValue
+ :
+ OPEN_CURLY ( SP )*
+ (
+ ID_type ( SP )+ oid ( SP )* SEP ( SP )*
+ ID_valuesIn ( SP )+ oid
+ | // relaxing
+ ID_valuesIn ( SP )+ oid ( SP )* SEP ( SP )*
+ ID_type ( SP )+ oid
+ )
+ ( SP )* CLOSE_CURLY
+ ;
+
+attributeTypeSet
+ :
+ OPEN_CURLY ( SP )*
+ oid ( SP )*
+ ( SEP ( SP )* oid ( SP )*
+ )*
+ CLOSE_CURLY
+ ;
+
+classes
+ :
+ ID_classes ( SP )+ refinement
+ ;
+
+itemPermissions
+ :
+ ID_itemPermissions ( SP )+
+ OPEN_CURLY ( SP )*
+ ( itemPermission ( SP )*
+ ( SEP ( SP )* itemPermission ( SP )*
+ )*
+ )?
+ CLOSE_CURLY
+ ;
+
+itemPermission
+ :
+ OPEN_CURLY ( SP )*
+ anyItemPermission ( SP )*
+ ( SEP ( SP )* anyItemPermission ( SP )* )*
+ CLOSE_CURLY
+ ;
+
+anyItemPermission
+ :
+ precedence
+ | userClasses
+ | grantsAndDenials
+ ;
+
+grantsAndDenials
+ :
+ ID_grantsAndDenials ( SP )+
+ OPEN_CURLY ( SP )*
+ ( grantAndDenial ( SP )*
+ ( SEP ( SP )* grantAndDenial ( SP )*
+ )*
+ )?
+ CLOSE_CURLY
+ ;
+
+grantAndDenial
+ :
+ ID_grantAdd
+ | ID_denyAdd
+ | ID_grantDiscloseOnError
+ | ID_denyDiscloseOnError
+ | ID_grantRead
+ | ID_denyRead
+ | ID_grantRemove
+ | ID_denyRemove
+ //-- permissions that may be used only in conjunction
+ //-- with the entry component
+ | ID_grantBrowse
+ | ID_denyBrowse
+ | ID_grantExport
+ | ID_denyExport
+ | ID_grantImport
+ | ID_denyImport
+ | ID_grantModify
+ | ID_denyModify
+ | ID_grantRename
+ | ID_denyRename
+ | ID_grantReturnDN
+ | ID_denyReturnDN
+ //-- permissions that may be used in conjunction
+ //-- with any component, except entry, of ProtectedItems
+ | ID_grantCompare
+ | ID_denyCompare
+ | ID_grantFilterMatch
+ | ID_denyFilterMatch
+ | ID_grantInvoke
+ | ID_denyInvoke
+ ;
+
+userClasses
+ :
+ ID_userClasses ( SP )+
+ OPEN_CURLY ( SP )*
+ (
+ userClass ( SP )*
+ ( SEP ( SP )* userClass ( SP )* )*
+ )?
+ CLOSE_CURLY
+ ;
+
+userClass
+ :
+ allUsers
+ | thisEntry
+ | parentOfEntry
+ | name
+ | userGroup
+ | subtree
+ ;
+
+allUsers
+ :
+ ID_allUsers
+ ;
+
+thisEntry
+ :
+ ID_thisEntry
+ ;
+
+parentOfEntry
+ :
+ ID_parentOfEntry
+ ;
+
+name
+ :
+ ID_name ( SP )+
+ OPEN_CURLY ( SP )*
+ distinguishedName ( SP )*
+ ( SEP ( SP )* distinguishedName ( SP )*
+ )*
+ CLOSE_CURLY
+ ;
+
+userGroup
+ :
+ ID_userGroup ( SP )+
+ OPEN_CURLY ( SP )*
+ distinguishedName ( SP )*
+ ( SEP ( SP )* distinguishedName ( SP )* )*
+ CLOSE_CURLY
+ ;
+
+subtree
+ :
+ ID_subtree ( SP )+
+ OPEN_CURLY ( SP )*
+ subtreeSpecification ( SP )*
+ ( SEP ( SP )* subtreeSpecification ( SP )* )*
+ CLOSE_CURLY
+ ;
+
+userPermissions
+ :
+ ID_userPermissions ( SP )+
+ OPEN_CURLY ( SP )*
+ ( userPermission ( SP )*
+ ( SEP ( SP )* userPermission ( SP )* )*
+ )?
+ CLOSE_CURLY
+ ;
+
+userPermission
+ :
+ OPEN_CURLY ( SP )*
+ anyUserPermission ( SP )*
+ ( SEP ( SP )* anyUserPermission ( SP )* )*
+ CLOSE_CURLY
+ ;
+
+anyUserPermission
+ :
+ precedence
+ | protectedItems
+ | grantsAndDenials
+ ;
+
+subtreeSpecification
+ :
+ OPEN_CURLY ( SP )*
+ ( subtreeSpecificationComponent ( SP )*
+ ( SEP ( SP )* subtreeSpecificationComponent ( SP )* )* )?
+ CLOSE_CURLY
+ ;
+
+subtreeSpecificationComponent
+ :
+ ss_base
+ | ss_specificExclusions
+ | ss_minimum
+ | ss_maximum
+ ;
+
+ss_base
+ :
+ ID_base ( SP )+ distinguishedName
+ ;
+
+ss_specificExclusions
+ :
+ ID_specificExclusions ( SP )+ specificExclusions
+ ;
+
+specificExclusions
+ :
+ OPEN_CURLY ( SP )*
+ ( specificExclusion ( SP )*
+ ( SEP ( SP )* specificExclusion ( SP )* )*
+ )?
+ CLOSE_CURLY
+ ;
+
+specificExclusion
+ :
+ chopBefore | chopAfter
+ ;
+
+chopBefore
+ :
+ ID_chopBefore ( SP )* COLON ( SP )* distinguishedName
+ ;
+
+chopAfter
+ :
+ ID_chopAfter ( SP )* COLON ( SP )* distinguishedName
+ ;
+
+ss_minimum
+ :
+ ID_minimum ( SP )+ baseDistance
+ ;
+
+ss_maximum
+ :
+ ID_maximum ( SP )+ baseDistance
+ ;
+
+distinguishedName
+ :
+ SAFEUTF8STRING
+ ;
+
+baseDistance
+ :
+ INTEGER
+ ;
+
+oid
+ :
+ ( DESCR | NUMERICOID )
+ ;
+
+refinement
+ :
+ item | and | or | not
+ ;
+
+item
+ :
+ ID_item ( SP )* COLON ( SP )* oid
+ ;
+
+and
+ :
+ ID_and ( SP )* COLON ( SP )* refinements
+ ;
+
+or
+ :
+ ID_or ( SP )* COLON ( SP )* refinements
+ ;
+
+not
+ :
+ ID_not ( SP )* COLON ( SP )* refinements
+ ;
+
+refinements
+ :
+ OPEN_CURLY ( SP )*
+ (
+ refinement ( SP )*
+ ( SEP ( SP )* refinement ( SP )* )*
+ )? CLOSE_CURLY
+ ;
+
+
+// ----------------------------------------------------------------------------
+// lexer class definition
+// ----------------------------------------------------------------------------
+
+/**
+ * The parser's primary lexer.
+ *
+ * @author Apache Directory Project
+ */
+class AntlrACIItemCheckerLexer extends Lexer;
+
+
+// ----------------------------------------------------------------------------
+// lexer options
+// ----------------------------------------------------------------------------
+
+options
+{
+ k = 2;
+ charVocabulary = '\3'..'\377';
+}
+
+
+//----------------------------------------------------------------------------
+// tokens
+//----------------------------------------------------------------------------
+
+tokens
+{
+ ID_identificationTag = "identificationTag";
+ ID_precedence = "precedence";
+ ID_FALSE = "FALSE";
+ ID_TRUE = "TRUE";
+ ID_none = "none";
+ ID_simple = "simple";
+ ID_strong = "strong";
+ ID_level = "level";
+ ID_basicLevels = "basicLevels";
+ ID_localQualifier = "localQualifier";
+ ID_signed = "signed";
+ ID_authenticationLevel = "authenticationLevel";
+ ID_itemOrUserFirst = "itemOrUserFirst";
+ ID_itemFirst = "itemFirst";
+ ID_userFirst = "userFirst";
+ ID_protectedItems = "protectedItems";
+ ID_classes = "classes";
+ ID_entry = "entry";
+ ID_allUserAttributeTypes = "allUserAttributeTypes";
+ ID_attributeType = "attributeType";
+ ID_allAttributeValues = "allAttributeValues";
+ ID_allUserAttributeTypesAndValues = "allUserAttributeTypesAndValues";
+ ID_selfValue = "selfValue";
+ ID_item = "item";
+ ID_and = "and";
+ ID_or = "or";
+ ID_not = "not";
+ ID_rangeOfValues = "rangeOfValues";
+ ID_maxValueCount = "maxValueCount";
+ ID_type = "type";
+ ID_maxCount = "maxCount";
+ ID_maxImmSub = "maxImmSub";
+ ID_restrictedBy = "restrictedBy";
+ ID_valuesIn = "valuesIn";
+ ID_userClasses = "userClasses";
+ ID_base = "base";
+ ID_specificExclusions = "specificExclusions";
+ ID_chopBefore = "chopBefore";
+ ID_chopAfter = "chopAfter";
+ ID_minimum = "minimum";
+ ID_maximum = "maximum";
+ ID_specificationFilter = "specificationFilter";
+ ID_grantsAndDenials = "grantsAndDenials";
+ ID_itemPermissions = "itemPermissions";
+ ID_userPermissions = "userPermissions";
+ ID_allUsers = "allUsers";
+ ID_thisEntry = "thisEntry";
+ ID_parentOfEntry = "parentOfEntry";
+ ID_subtree = "subtree";
+ ID_name = "name";
+ ID_userGroup = "userGroup";
+
+ ID_grantAdd = "grantAdd"; // (0),
+ ID_denyAdd = "denyAdd"; // (1),
+ ID_grantDiscloseOnError = "grantDiscloseOnError"; // (2),
+ ID_denyDiscloseOnError = "denyDiscloseOnError"; // (3),
+ ID_grantRead = "grantRead"; // (4),
+ ID_denyRead = "denyRead"; // (5),
+ ID_grantRemove = "grantRemove"; // (6),
+ ID_denyRemove = "denyRemove"; // (7),
+ //-- permissions that may be used only in conjunction
+ //-- with the entry component
+ ID_grantBrowse = "grantBrowse"; // (8),
+ ID_denyBrowse = "denyBrowse"; // (9),
+ ID_grantExport = "grantExport"; // (10),
+ ID_denyExport = "denyExport"; // (11),
+ ID_grantImport = "grantImport"; // (12),
+ ID_denyImport = "denyImport"; // (13),
+ ID_grantModify = "grantModify"; // (14),
+ ID_denyModify = "denyModify"; // (15),
+ ID_grantRename = "grantRename"; // (16),
+ ID_denyRename = "denyRename"; // (17),
+ ID_grantReturnDN = "grantReturnDN"; // (18),
+ ID_denyReturnDN = "denyReturnDN"; // (19),
+ //-- permissions that may be used in conjunction
+ //-- with any component, except entry, of ProtectedItems
+ ID_grantCompare = "grantCompare"; // (20),
+ ID_denyCompare = "denyCompare"; // (21),
+ ID_grantFilterMatch = "grantFilterMatch"; // (22),
+ ID_denyFilterMatch = "denyFilterMatch"; // (23),
+ ID_grantInvoke = "grantInvoke"; // (24),
+ ID_denyInvoke = "denyInvoke"; // (25)
+}
+
+
+// ----------------------------------------------------------------------------
+// lexer initialization
+// ----------------------------------------------------------------------------
+
+
+// ----------------------------------------------------------------------------
+// attribute description lexer rules from models
+// ----------------------------------------------------------------------------
+
+// This is all messed up - could not figure out how to get antlr to represent
+// the safe UTF-8 character set from RFC 3642 for production SafeUTF8Character
+
+protected SAFEUTF8CHAR :
+ '\u0001'..'\u0021' |
+ '\u0023'..'\u007F' |
+ '\u00c0'..'\u00d6' |
+ '\u00d8'..'\u00f6' |
+ '\u00f8'..'\u00ff' |
+ '\u0100'..'\u1fff' |
+ '\u3040'..'\u318f' |
+ '\u3300'..'\u337f' |
+ '\u3400'..'\u3d2d' |
+ '\u4e00'..'\u9fff' |
+ '\uf900'..'\ufaff' ;
+
+OPEN_CURLY : '{' ;
+
+CLOSE_CURLY : '}' ;
+
+SEP : ',' ;
+
+SP : ' ' | '\t' | '\n' { newline(); } | '\r' ;
+
+COLON : ':' ;
+
+protected DIGIT : '0' | LDIGIT ;
+
+protected LDIGIT : '1'..'9' ;
+
+protected ALPHA : 'A'..'Z' | 'a'..'z' ;
+
+protected INTEGER : DIGIT | ( LDIGIT ( DIGIT )+ ) ;
+
+protected HYPHEN : '-' ;
+
+protected NUMERICOID : INTEGER ( DOT INTEGER )+ ;
+
+protected DOT : '.' ;
+
+INTEGER_OR_NUMERICOID
+ :
+ ( INTEGER DOT ) => NUMERICOID
+ {
+ $setType( NUMERICOID );
+ }
+ |
+ INTEGER
+ {
+ $setType( INTEGER );
+ }
+ ;
+
+SAFEUTF8STRING : '"'! ( SAFEUTF8CHAR )* '"'! ;
+
+DESCR // THIS RULE ALSO STANDS FOR AN IDENTIFIER
+ :
+ ( "attributeValue" ( SP! )+ '{' ) =>
+ "attributeValue"! ( SP! )+ '{'! ( options { greedy = false; } : . )* '}'!
+ { $setType( ATTRIBUTE_VALUE_CANDIDATE ); }
+ | ( "rangeOfValues" ( SP! )+ '(' ) =>
+ "rangeOfValues"! ( SP! )+ FILTER
+ { $setType( RANGE_OF_VALUES_CANDIDATE ); }
+ | ALPHA ( ALPHA | DIGIT | HYPHEN )*
+ ;
+
+protected FILTER : '(' ( ( '&' (SP)* (FILTER)+ ) | ( '|' (SP)* (FILTER)+ ) | ( '!' (SP)* FILTER ) | FILTER_VALUE ) ')' (SP)* ;
+
+protected FILTER_VALUE : (options{greedy=true;}: ~( ')' | '(' | '&' | '|' | '!' ) ( ~(')') )* ) ;
+
+
\ No newline at end of file
Added: directory/shared/trunk/ldap/src/main/antlr/SubtreeSpecificationChecker.g
URL: http://svn.apache.org/viewvc/directory/shared/trunk/ldap/src/main/antlr/SubtreeSpecificationChecker.g?rev=964361&view=auto
==============================================================================
--- directory/shared/trunk/ldap/src/main/antlr/SubtreeSpecificationChecker.g (added)
+++ directory/shared/trunk/ldap/src/main/antlr/SubtreeSpecificationChecker.g Thu Jul 15 10:04:06 2010
@@ -0,0 +1,466 @@
+header
+{
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+
+
+package org.apache.directory.shared.ldap.subtree;
+
+import org.apache.directory.shared.ldap.name.DN;
+import org.apache.directory.shared.ldap.filter.ExprNode;
+import org.apache.directory.shared.ldap.filter.LeafNode;
+import org.apache.directory.shared.ldap.filter.BranchNode;
+import org.apache.directory.shared.ldap.filter.AndNode;
+import org.apache.directory.shared.ldap.filter.OrNode;
+import org.apache.directory.shared.ldap.filter.NotNode;
+import org.apache.directory.shared.ldap.filter.EqualityNode;
+import org.apache.directory.shared.ldap.filter.FilterParser;
+import org.apache.directory.shared.ldap.util.ComponentsMonitor;
+import org.apache.directory.shared.ldap.util.OptionalComponentsMonitor;
+import org.apache.directory.shared.ldap.schema.SchemaManager;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+}
+
+
+// ----------------------------------------------------------------------------
+// parser class definition
+// ----------------------------------------------------------------------------
+
+/**
+ * The antlr generated subtree specification parser.
+ *
+ * @see RFC 3672
+ * @author Apache Directory Project
+ */
+class AntlrSubtreeSpecificationChecker extends Parser;
+
+
+// ----------------------------------------------------------------------------
+// parser options
+// ----------------------------------------------------------------------------
+
+options
+{
+ k = 1;
+ defaultErrorHandler = false;
+}
+
+
+// ----------------------------------------------------------------------------
+// parser initialization
+// ----------------------------------------------------------------------------
+
+{
+ private static final Logger log = LoggerFactory.getLogger( AntlrSubtreeSpecificationChecker.class );
+
+ private ComponentsMonitor subtreeSpecificationComponentsMonitor = null;
+
+ /** The SchemaManager */
+ private SchemaManager schemaManager;
+
+ /**
+ * Initiaize the checker
+ */
+ public void init( SchemaManager schemaManager )
+ {
+ this.schemaManager = schemaManager;
+ }
+
+
+ private int token2Integer( Token token ) throws RecognitionException
+ {
+ int i = 0;
+
+ try
+ {
+ i = Integer.parseInt( token.getText());
+ }
+ catch ( NumberFormatException e )
+ {
+ throw new RecognitionException( "Value of INTEGER token " +
+ token.getText() +
+ " cannot be converted to an Integer" );
+ }
+
+ return i;
+ }
+}
+
+
+// ----------------------------------------------------------------------------
+// parser productions
+// ----------------------------------------------------------------------------
+
+wrapperEntryPoint
+{
+ log.debug( "entered wrapperEntryPoint()" );
+} :
+ subtreeSpecification "end"
+ ;
+
+subtreeSpecification
+{
+ log.debug( "entered subtreeSpecification()" );
+ subtreeSpecificationComponentsMonitor = new OptionalComponentsMonitor(
+ new String [] { "base", "specificExclusions", "minimum", "maximum", "specificationFilter" } );
+}
+ :
+ OPEN_CURLY ( SP )*
+ ( subtreeSpecificationComponent ( SP )*
+ ( SEP ( SP )* subtreeSpecificationComponent ( SP )* )* )?
+ CLOSE_CURLY
+ ;
+
+subtreeSpecificationComponent
+{
+ log.debug( "entered subtreeSpecification()" );
+}
+ :
+ ss_base
+ {
+ subtreeSpecificationComponentsMonitor.useComponent( "base" );
+ }
+ | ss_specificExclusions
+ {
+ subtreeSpecificationComponentsMonitor.useComponent( "specificExclusions" );
+ }
+ | ss_minimum
+ {
+ subtreeSpecificationComponentsMonitor.useComponent( "minimum" );
+ }
+ | ss_maximum
+ {
+ subtreeSpecificationComponentsMonitor.useComponent( "maximum" );
+ }
+ | ss_specificationFilter
+ {
+ subtreeSpecificationComponentsMonitor.useComponent( "specificationFilter" );
+ }
+ ;
+ exception
+ catch [IllegalArgumentException e]
+ {
+ throw new RecognitionException( e.getMessage() );
+ }
+
+ss_base
+{
+ log.debug( "entered ss_base()" );
+}
+ :
+ ID_base ( SP )+ distinguishedName
+ ;
+
+ss_specificExclusions
+{
+ log.debug( "entered ss_specificExclusions()" );
+}
+ :
+ ID_specificExclusions ( SP )+ specificExclusions
+ ;
+
+specificExclusions
+{
+ log.debug( "entered specificExclusions()" );
+}
+ :
+ OPEN_CURLY ( SP )*
+ ( specificExclusion ( SP )*
+ ( SEP ( SP )* specificExclusion ( SP )* )*
+ )?
+ CLOSE_CURLY
+ ;
+
+specificExclusion
+{
+ log.debug( "entered specificExclusion()" );
+}
+ :
+ chopBefore | chopAfter
+ ;
+
+chopBefore
+{
+ log.debug( "entered chopBefore()" );
+}
+ :
+ ID_chopBefore ( SP )* COLON ( SP )* distinguishedName
+ ;
+
+chopAfter
+{
+ log.debug( "entered chopAfter()" );
+}
+ :
+ ID_chopAfter ( SP )* COLON ( SP )* distinguishedName
+ ;
+
+ss_minimum
+{
+ log.debug( "entered ss_minimum()" );
+}
+ :
+ ID_minimum ( SP )+ baseDistance
+ ;
+
+ss_maximum
+{
+ log.debug( "entered ss_maximum()" );
+}
+ :
+ ID_maximum ( SP )+ baseDistance
+ ;
+
+ss_specificationFilter
+{
+ log.debug( "entered ss_specificationFilter()" );
+}
+ :
+ ID_specificationFilter
+ ( SP )+
+ (
+ ( refinement )
+ |
+ ( filter )
+ )
+ ;
+
+filter
+{
+ log.debug( "entered filter()" );
+}
+ :
+ ( filterToken:FILTER { FilterParser.parse( filterToken.getText() ); } )
+ ;
+ exception
+ catch [Exception e]
+ {
+ throw new RecognitionException( "filterParser failed. " + e.getMessage() );
+ }
+
+
+distinguishedName
+{
+ log.debug( "entered distinguishedName()" );
+}
+ :
+ token:SAFEUTF8STRING
+ {
+ new DN( token.getText() );
+ log.debug( "recognized a DistinguishedName: " + token.getText() );
+ }
+ ;
+ exception
+ catch [Exception e]
+ {
+ throw new RecognitionException( "dnParser failed for " + token.getText() + " " + e.getMessage() );
+ }
+
+baseDistance
+{
+ log.debug( "entered baseDistance()" );
+}
+ :
+ token:INTEGER
+ {
+ token2Integer(token);
+ }
+ ;
+
+oid
+{
+ log.debug( "entered oid()" );
+ Token token = null;
+}
+ :
+ { token = LT( 1 ); } // an interesting trick goes here ;-)
+ ( DESCR | NUMERICOID )
+ {
+ log.debug( "recognized an oid: " + token.getText() );
+ }
+ ;
+
+refinement
+{
+ log.debug( "entered refinement()" );
+}
+ :
+ item | and | or | not
+ ;
+
+item
+{
+ log.debug( "entered item()" );
+}
+ :
+ ID_item ( SP )* COLON ( SP )* oid
+ ;
+
+and
+{
+ log.debug( "entered and()" );
+}
+ :
+ ID_and ( SP )* COLON ( SP )* refinements
+ ;
+
+or
+{
+ log.debug( "entered or()" );
+}
+ :
+ ID_or ( SP )* COLON ( SP )* refinements
+ ;
+
+not
+{
+ log.debug( "entered not()" );
+}
+ :
+ ID_not ( SP )* COLON ( SP )* refinement
+ ;
+
+refinements
+{
+ log.debug( "entered refinements()" );
+}
+ :
+ OPEN_CURLY ( SP )*
+ (
+ refinement ( SP )*
+ ( SEP ( SP )* refinement ( SP )* )*
+ )? CLOSE_CURLY
+ ;
+
+
+// ----------------------------------------------------------------------------
+// lexer class definition
+// ----------------------------------------------------------------------------
+
+/**
+ * The parser's primary lexer.
+ *
+ * @see RFC 3672
+ * @author Apache Directory Project
+ */
+class AntlrSubtreeSpecificationCheckerLexer extends Lexer;
+
+
+// ----------------------------------------------------------------------------
+// lexer options
+// ----------------------------------------------------------------------------
+
+options
+{
+ k = 2;
+
+ charVocabulary = '\u0001'..'\u0127';
+}
+
+tokens
+{
+ ID_base = "base";
+ ID_specificExclusions = "specificExclusions";
+ ID_chopBefore = "chopBefore";
+ ID_chopAfter = "chopAfter";
+ ID_minimum = "minimum";
+ ID_maximum = "maximum";
+ ID_specificationFilter = "specificationFilter";
+ ID_item = "item";
+ ID_and = "and";
+ ID_or = "or";
+ ID_not = "not";
+}
+
+
+//----------------------------------------------------------------------------
+// lexer initialization
+//----------------------------------------------------------------------------
+
+{
+ private static final Logger log = LoggerFactory.getLogger( AntlrSubtreeSpecificationLexer.class );
+}
+
+
+// ----------------------------------------------------------------------------
+// attribute description lexer rules from models
+// ----------------------------------------------------------------------------
+
+SP : ' ';
+
+COLON : ':' { log.debug( "matched COLON(':')" ); } ;
+
+OPEN_CURLY : '{' { log.debug( "matched LBRACKET('{')" ); } ;
+
+CLOSE_CURLY : '}' { log.debug( "matched RBRACKET('}')" ); } ;
+
+SEP : ',' { log.debug( "matched SEP(',')" ); } ;
+
+SAFEUTF8STRING : '"'! ( SAFEUTF8CHAR )* '"'! { log.debug( "matched SAFEUTF8CHAR: \"" + getText() + "\"" ); } ;
+
+DESCR : ALPHA ( ALPHA | DIGIT | '-' )* { log.debug( "matched DESCR" ); } ;
+
+INTEGER_OR_NUMERICOID
+ :
+ ( INTEGER DOT ) => NUMERICOID
+ {
+ $setType( NUMERICOID );
+ }
+ |
+ INTEGER
+ {
+ $setType( INTEGER );
+ }
+ ;
+
+protected INTEGER: DIGIT | ( LDIGIT ( DIGIT )+ ) { log.debug( "matched INTEGER: " + getText() ); } ;
+
+protected NUMERICOID: INTEGER ( DOT INTEGER )+ { log.debug( "matched NUMERICOID: " + getText() ); } ;
+
+protected DOT: '.' ;
+
+protected DIGIT: '0' | LDIGIT ;
+
+protected LDIGIT: '1'..'9' ;
+
+protected ALPHA: 'A'..'Z' | 'a'..'z' ;
+
+// This is all messed up - could not figure out how to get antlr to represent
+// the safe UTF-8 character set from RFC 3642 for production SafeUTF8Character
+
+protected SAFEUTF8CHAR:
+ '\u0001'..'\u0021' |
+ '\u0023'..'\u007F' |
+ '\u00c0'..'\u00d6' |
+ '\u00d8'..'\u00f6' |
+ '\u00f8'..'\u00ff' |
+ '\u0100'..'\u1fff' |
+ '\u3040'..'\u318f' |
+ '\u3300'..'\u337f' |
+ '\u3400'..'\u3d2d' |
+ '\u4e00'..'\u9fff' |
+ '\uf900'..'\ufaff' ;
+
+FILTER : '(' ( ( '&' (SP)* (FILTER)+ ) | ( '|' (SP)* (FILTER)+ ) | ( '!' (SP)* FILTER ) | FILTER_VALUE ) ')' (SP)* ;
+
+protected FILTER_VALUE : (options{greedy=true;}: ~( ')' | '(' | '&' | '|' | '!' ) ( ~(')') )* ) ;
+
\ No newline at end of file
Added: directory/shared/trunk/ldap/src/main/antlr/subtree-specification.g
URL: http://svn.apache.org/viewvc/directory/shared/trunk/ldap/src/main/antlr/subtree-specification.g?rev=964361&view=auto
==============================================================================
--- directory/shared/trunk/ldap/src/main/antlr/subtree-specification.g (added)
+++ directory/shared/trunk/ldap/src/main/antlr/subtree-specification.g Thu Jul 15 10:04:06 2010
@@ -0,0 +1,598 @@
+header
+{
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+
+
+package org.apache.directory.shared.ldap.subtree;
+
+import java.util.Set;
+import java.util.Map;
+import java.util.HashSet;
+import java.util.List;
+import java.util.ArrayList;
+
+import org.apache.directory.shared.ldap.name.DN;
+import org.apache.directory.shared.ldap.filter.ExprNode;
+import org.apache.directory.shared.ldap.filter.LeafNode;
+import org.apache.directory.shared.ldap.filter.BranchNode;
+import org.apache.directory.shared.ldap.filter.AndNode;
+import org.apache.directory.shared.ldap.filter.OrNode;
+import org.apache.directory.shared.ldap.filter.NotNode;
+import org.apache.directory.shared.ldap.filter.EqualityNode;
+import org.apache.directory.shared.ldap.filter.FilterParser;
+import org.apache.directory.shared.ldap.schema.ObjectClass;
+import org.apache.directory.shared.ldap.schema.SchemaManager;
+import org.apache.directory.shared.ldap.subtree.SubtreeSpecification;
+import org.apache.directory.shared.ldap.subtree.SubtreeSpecificationModifier;
+import org.apache.directory.shared.ldap.schema.NormalizerMappingResolver;
+import org.apache.directory.shared.ldap.schema.normalizers.OidNormalizer;
+import org.apache.directory.shared.ldap.util.ComponentsMonitor;
+import org.apache.directory.shared.ldap.util.OptionalComponentsMonitor;
+import org.apache.directory.shared.ldap.constants.SchemaConstants;
+import org.apache.directory.shared.ldap.entry.StringValue;
+import org.apache.directory.shared.ldap.exception.LdapException;
+import org.apache.directory.shared.ldap.schema.AttributeType;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+}
+
+
+// ----------------------------------------------------------------------------
+// parser class definition
+// ----------------------------------------------------------------------------
+
+/**
+ * The antlr generated subtree specification parser.
+ *
+ * @see RFC 3672
+ * @author Apache Directory Project
+ */
+class AntlrSubtreeSpecificationParser extends Parser;
+
+
+// ----------------------------------------------------------------------------
+// parser options
+// ----------------------------------------------------------------------------
+
+options
+{
+ k = 1;
+ defaultErrorHandler = false;
+}
+
+
+// ----------------------------------------------------------------------------
+// parser initialization
+// ----------------------------------------------------------------------------
+
+{
+ private static final Logger log = LoggerFactory.getLogger( AntlrSubtreeSpecificationParser.class );
+
+ private NormalizerMappingResolver resolver;
+
+ private Set chopBeforeExclusions = null;
+ private Set chopAfterExclusions = null;
+
+ private SubtreeSpecificationModifier ssModifier = null;
+
+ /** The schemaManager */
+ private SchemaManager schemaManager;
+
+ /** The ObjectClass AT */
+ AttributeType OBJECT_CLASS_AT;
+
+ private ComponentsMonitor subtreeSpecificationComponentsMonitor = null;
+
+
+
+ /**
+ * Does nothing.
+ */
+ public void init( SchemaManager schemaManager )
+ {
+ this.schemaManager = schemaManager;
+ OBJECT_CLASS_AT = schemaManager.getAttributeType( SchemaConstants.OBJECT_CLASS_AT );
+
+ }
+
+
+ public void setNormalizerMappingResolver( NormalizerMappingResolver resolver )
+ {
+ this.resolver = resolver;
+ }
+
+
+ public boolean isNormalizing()
+ {
+ return this.resolver != null;
+ }
+
+
+ private int token2Integer( Token token ) throws RecognitionException
+ {
+ int i = 0;
+
+ try
+ {
+ i = Integer.parseInt( token.getText());
+ }
+ catch ( NumberFormatException e )
+ {
+ throw new RecognitionException( "Value of INTEGER token " +
+ token.getText() +
+ " cannot be converted to an Integer" );
+ }
+
+ return i;
+ }
+}
+
+
+// ----------------------------------------------------------------------------
+// parser productions
+// ----------------------------------------------------------------------------
+
+wrapperEntryPoint returns [SubtreeSpecification ss]
+{
+ log.debug( "entered wrapperEntryPoint()" );
+ ss = null;
+ SubtreeSpecification tempSs = null;
+} :
+ tempSs=subtreeSpecification "end"
+ {
+ ss = tempSs;
+ }
+ ;
+
+subtreeSpecification returns [SubtreeSpecification ss]
+{
+ log.debug( "entered subtreeSpecification()" );
+ // clear out ss, ssModifier, subtreeSpecificationComponentsMonitor,
+ // chopBeforeExclusions and chopAfterExclusions
+ // in case something is left from the last parse
+ ss = null;
+ ssModifier = new SubtreeSpecificationModifier();
+ subtreeSpecificationComponentsMonitor = new OptionalComponentsMonitor(
+ new String [] { "base", "specificExclusions", "minimum", "maximum", "specificationFilter" } );
+ chopBeforeExclusions = new HashSet();
+ chopAfterExclusions = new HashSet();
+ // always create a new filter parser in case we may have some statefulness problems with it
+}
+ :
+ OPEN_CURLY ( SP )*
+ ( subtreeSpecificationComponent ( SP )*
+ ( SEP ( SP )* subtreeSpecificationComponent ( SP )* )* )?
+ CLOSE_CURLY
+ {
+ ss = ssModifier.getSubtreeSpecification();
+ }
+ ;
+
+subtreeSpecificationComponent
+{
+ log.debug( "entered subtreeSpecification()" );
+}
+ :
+ ss_base
+ {
+ subtreeSpecificationComponentsMonitor.useComponent( "base" );
+ }
+ | ss_specificExclusions
+ {
+ subtreeSpecificationComponentsMonitor.useComponent( "specificExclusions" );
+ }
+ | ss_minimum
+ {
+ subtreeSpecificationComponentsMonitor.useComponent( "minimum" );
+ }
+ | ss_maximum
+ {
+ subtreeSpecificationComponentsMonitor.useComponent( "maximum" );
+ }
+ | ss_specificationFilter
+ {
+ subtreeSpecificationComponentsMonitor.useComponent( "specificationFilter" );
+ }
+ ;
+ exception
+ catch [IllegalArgumentException e]
+ {
+ throw new RecognitionException( e.getMessage() );
+ }
+
+ss_base
+{
+ log.debug( "entered ss_base()" );
+ DN base = null;
+}
+ :
+ ID_base ( SP )+ base=distinguishedName
+ {
+ ssModifier.setBase( base );
+ }
+ ;
+
+ss_specificExclusions
+{
+ log.debug( "entered ss_specificExclusions()" );
+}
+ :
+ ID_specificExclusions ( SP )+ specificExclusions
+ {
+ ssModifier.setChopBeforeExclusions( chopBeforeExclusions );
+ ssModifier.setChopAfterExclusions( chopAfterExclusions );
+ }
+ ;
+
+specificExclusions
+{
+ log.debug( "entered specificExclusions()" );
+}
+ :
+ OPEN_CURLY ( SP )*
+ ( specificExclusion ( SP )*
+ ( SEP ( SP )* specificExclusion ( SP )* )*
+ )?
+ CLOSE_CURLY
+ ;
+
+specificExclusion
+{
+ log.debug( "entered specificExclusion()" );
+}
+ :
+ chopBefore | chopAfter
+ ;
+
+chopBefore
+{
+ log.debug( "entered chopBefore()" );
+ DN chopBeforeExclusion = null;
+}
+ :
+ ID_chopBefore ( SP )* COLON ( SP )* chopBeforeExclusion=distinguishedName
+ {
+ chopBeforeExclusions.add( chopBeforeExclusion );
+ }
+ ;
+
+chopAfter
+{
+ log.debug( "entered chopAfter()" );
+ DN chopAfterExclusion = null;
+}
+ :
+ ID_chopAfter ( SP )* COLON ( SP )* chopAfterExclusion=distinguishedName
+ {
+ chopAfterExclusions.add( chopAfterExclusion );
+ }
+ ;
+
+ss_minimum
+{
+ log.debug( "entered ss_minimum()" );
+ int minimum = 0;
+}
+ :
+ ID_minimum ( SP )+ minimum=baseDistance
+ {
+ ssModifier.setMinBaseDistance( minimum );
+ }
+ ;
+
+ss_maximum
+{
+ log.debug( "entered ss_maximum()" );
+ int maximum = 0;
+}
+ :
+ ID_maximum ( SP )+ maximum=baseDistance
+ {
+ ssModifier.setMaxBaseDistance( maximum );
+ }
+ ;
+
+ss_specificationFilter
+{
+ log.debug( "entered ss_specificationFilter()" );
+ ExprNode filterExpr = null;
+}
+ :
+ ID_specificationFilter
+ ( SP )+
+ (
+ ( filterExpr=refinement )
+ |
+ ( filterExpr=filter )
+ )
+ { ssModifier.setRefinement( filterExpr ); }
+ ;
+
+
+filter returns [ ExprNode filterExpr = null ]
+{
+ log.debug( "entered filter()" );
+}
+ :
+ ( filterToken:FILTER { filterExpr=FilterParser.parse( schemaManager, filterToken.getText() ); } )
+ ;
+ exception
+ catch [Exception e]
+ {
+ throw new RecognitionException( "filterParser failed. " + e.getMessage() );
+ }
+
+distinguishedName returns [ DN name ]
+{
+ log.debug( "entered distinguishedName()" );
+ name = null;
+}
+ :
+ token:SAFEUTF8STRING
+ {
+ name = new DN( token.getText() );
+ name.normalize( schemaManager.getNormalizerMapping() );
+
+ log.debug( "recognized a DistinguishedName: " + token.getText() );
+ }
+ ;
+ exception
+ catch [Exception e]
+ {
+ throw new RecognitionException( "dnParser failed for " + token.getText() + " " + e.getMessage() );
+ }
+
+baseDistance returns [ int distance ]
+{
+ log.debug( "entered baseDistance()" );
+ distance = 0;
+}
+ :
+ token:INTEGER
+ {
+ distance = token2Integer( token );
+ }
+ ;
+
+oid returns [ String result ]
+{
+ log.debug( "entered oid()" );
+ result = null;
+ Token token = null;
+}
+ :
+ { token = LT( 1 ); } // an interesting trick goes here ;-)
+ ( DESCR | NUMERICOID )
+ {
+ result = token.getText();
+ log.debug( "recognized an oid: " + result );
+ }
+ ;
+
+refinement returns [ ExprNode node ]
+{
+ log.debug( "entered refinement()" );
+ node = null;
+}
+ :
+ node=item | node=and | node=or | node=not
+ ;
+
+item returns [ LeafNode node ]
+{
+ log.debug( "entered item()" );
+ node = null;
+ String oid = null;
+ ObjectClass objectClass;
+}
+ :
+ ID_item ( SP )* COLON ( SP )* oid=oid
+ {
+ try
+ {
+ objectClass = schemaManager.lookupObjectClassRegistry( oid );
+ }
+ catch ( LdapException le )
+ {
+ // The oid does not exist
+ // TODO : deal with such an exception
+ }
+
+ node = new EqualityNode( OBJECT_CLASS_AT, new StringValue( oid ) );
+ }
+ ;
+
+and returns [ BranchNode node ]
+{
+ log.debug( "entered and()" );
+ node = null;
+ List children = null;
+}
+ :
+ ID_and ( SP )* COLON ( SP )* children=refinements
+ {
+ node = new AndNode( children );
+ }
+ ;
+
+or returns [ BranchNode node ]
+{
+ log.debug( "entered or()" );
+ node = null;
+ List children = null;
+}
+ :
+ ID_or ( SP )* COLON ( SP )* children=refinements
+ {
+ node = new OrNode( children );
+ }
+ ;
+
+not returns [ BranchNode node ]
+{
+ log.debug( "entered not()" );
+ node = null;
+ ExprNode child = null;
+}
+ :
+ ID_not ( SP )* COLON ( SP )* child=refinement
+ {
+ node = new NotNode( child );
+ }
+ ;
+
+refinements returns [ List children ]
+{
+ log.debug( "entered refinements()" );
+ children = null;
+ ExprNode child = null;
+ List tempChildren = new ArrayList();
+}
+ :
+ OPEN_CURLY ( SP )*
+ (
+ child=refinement ( SP )*
+ {
+ tempChildren.add( child );
+ }
+ ( SEP ( SP )* child=refinement ( SP )*
+ {
+ tempChildren.add( child );
+ } )*
+ )? CLOSE_CURLY
+ {
+ children = tempChildren;
+ }
+ ;
+
+
+// ----------------------------------------------------------------------------
+// lexer class definition
+// ----------------------------------------------------------------------------
+
+/**
+ * The parser's primary lexer.
+ *
+ * @see RFC 3672
+ * @author Apache Directory Project
+ */
+class AntlrSubtreeSpecificationLexer extends Lexer;
+
+
+// ----------------------------------------------------------------------------
+// lexer options
+// ----------------------------------------------------------------------------
+
+options
+{
+ k = 5;
+
+ charVocabulary = '\u0001'..'\u0127';
+}
+
+tokens
+{
+ ID_base = "base";
+ ID_specificExclusions = "specificExclusions";
+ ID_chopBefore = "chopBefore";
+ ID_chopAfter = "chopAfter";
+ ID_minimum = "minimum";
+ ID_maximum = "maximum";
+ ID_specificationFilter = "specificationFilter";
+ ID_item = "item";
+ ID_and = "and";
+ ID_or = "or";
+ ID_not = "not";
+}
+
+
+//----------------------------------------------------------------------------
+// lexer initialization
+//----------------------------------------------------------------------------
+
+{
+ private static final Logger log = LoggerFactory.getLogger( AntlrSubtreeSpecificationLexer.class );
+}
+
+
+// ----------------------------------------------------------------------------
+// attribute description lexer rules from models
+// ----------------------------------------------------------------------------
+
+SP : ' ';
+
+COLON : ':' { log.debug( "matched COLON(':')" ); } ;
+
+OPEN_CURLY : '{' { log.debug( "matched LBRACKET('{')" ); } ;
+
+CLOSE_CURLY : '}' { log.debug( "matched RBRACKET('}')" ); } ;
+
+SEP : ',' { log.debug( "matched SEP(',')" ); } ;
+
+SAFEUTF8STRING : '"'! ( SAFEUTF8CHAR )* '"'! { log.debug( "matched SAFEUTF8CHAR: \"" + getText() + "\"" ); } ;
+
+DESCR : ALPHA ( ALPHA | DIGIT | '-' )* { log.debug( "matched DESCR" ); } ;
+
+INTEGER_OR_NUMERICOID
+ :
+ ( INTEGER DOT ) => NUMERICOID
+ {
+ $setType( NUMERICOID );
+ }
+ |
+ INTEGER
+ {
+ $setType( INTEGER );
+ }
+ ;
+
+protected INTEGER: DIGIT | ( LDIGIT ( DIGIT )+ ) { log.debug( "matched INTEGER: " + getText() ); } ;
+
+protected NUMERICOID: INTEGER ( DOT INTEGER )+ { log.debug( "matched NUMERICOID: " + getText() ); } ;
+
+protected DOT: '.' ;
+
+protected DIGIT: '0' | LDIGIT ;
+
+protected LDIGIT: '1'..'9' ;
+
+protected ALPHA: 'A'..'Z' | 'a'..'z' ;
+
+// This is all messed up - could not figure out how to get antlr to represent
+// the safe UTF-8 character set from RFC 3642 for production SafeUTF8Character
+
+protected SAFEUTF8CHAR:
+ '\u0001'..'\u0021' |
+ '\u0023'..'\u007F' |
+ '\u00c0'..'\u00d6' |
+ '\u00d8'..'\u00f6' |
+ '\u00f8'..'\u00ff' |
+ '\u0100'..'\u1fff' |
+ '\u3040'..'\u318f' |
+ '\u3300'..'\u337f' |
+ '\u3400'..'\u3d2d' |
+ '\u4e00'..'\u9fff' |
+ '\uf900'..'\ufaff' ;
+
+FILTER : '(' ( ( '&' (SP)* (FILTER)+ ) | ( '|' (SP)* (FILTER)+ ) | ( '!' (SP)* FILTER ) | FILTER_VALUE ) ')' (SP)* ;
+
+protected FILTER_VALUE : (options{greedy=true;}: ~( ')' | '(' | '&' | '|' | '!' ) ( ~(')') )* ) ;
Added: directory/shared/trunk/ldap/src/main/java/org/apache/directory/shared/ldap/aci/ACIItem.java
URL: http://svn.apache.org/viewvc/directory/shared/trunk/ldap/src/main/java/org/apache/directory/shared/ldap/aci/ACIItem.java?rev=964361&view=auto
==============================================================================
--- directory/shared/trunk/ldap/src/main/java/org/apache/directory/shared/ldap/aci/ACIItem.java (added)
+++ directory/shared/trunk/ldap/src/main/java/org/apache/directory/shared/ldap/aci/ACIItem.java Thu Jul 15 10:04:06 2010
@@ -0,0 +1,152 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.directory.shared.ldap.aci;
+
+
+import java.util.Collection;
+import java.util.HashSet;
+import java.util.Set;
+
+import org.apache.directory.shared.i18n.I18n;
+import org.apache.directory.shared.ldap.constants.AuthenticationLevel;
+
+
+/**
+ * An abstract class that provides common properties and operations for
+ * {@link ItemFirstACIItem} and {@link UserFirstACIItem} as specified X.501
+ * specification.
+ *
+ * @author Apache Directory Project
+ */
+public abstract class ACIItem
+{
+ /** The ACIItemComponet identifier */
+ private String identificationTag;
+
+ /** The precedence : a number in [0 - 255] */
+ private int precedence = 0;
+
+ /** The authentication level. One of 'none', 'simple' and 'strong' */
+ private AuthenticationLevel authenticationLevel;
+
+
+ /**
+ * Creates a new instance
+ *
+ * @param identificationTag the id string of this item
+ * @param precedence the precedence of this item
+ * @param authenticationLevel the level of authentication required to this item
+ */
+ protected ACIItem( String identificationTag, int precedence, AuthenticationLevel authenticationLevel )
+ {
+ if ( identificationTag == null )
+ {
+ throw new IllegalArgumentException( I18n.err( I18n.ERR_04001_NULL_IDENTIFICATION_TAG ) );
+ }
+
+ if ( ( precedence < 0 ) || ( precedence > 255 ) )
+ {
+ throw new IllegalArgumentException( I18n.err( I18n.ERR_04002_BAD_PRECENDENCE, precedence ) );
+ }
+
+ if ( authenticationLevel == null )
+ {
+ throw new IllegalArgumentException( I18n.err( I18n.ERR_04003_NULL_AUTHENTICATION_LEVEL ) );
+ }
+
+ this.identificationTag = identificationTag;
+ this.precedence = precedence;
+ this.authenticationLevel = authenticationLevel;
+ }
+
+
+ /**
+ * Returns the id string of this item.
+ */
+ public String getIdentificationTag()
+ {
+ return identificationTag;
+ }
+
+
+ /**
+ * Returns the precedence of this item.
+ */
+ public int getPrecedence()
+ {
+ return precedence;
+ }
+
+
+ /**
+ * Returns the level of authentication required to this item.
+ */
+ public AuthenticationLevel getAuthenticationLevel()
+ {
+ return authenticationLevel;
+ }
+
+
+ /**
+ * Converts this item into a collection of {@link ACITuple}s and returns
+ * it.
+ */
+ public abstract Collection toTuples();
+
+
+ /**
+ * Converts a set of {@link GrantAndDenial}s into a set of
+ * {@link MicroOperation}s and returns it.
+ */
+ protected static Set toMicroOperations( Set grantsAndDenials )
+ {
+ Set microOps = new HashSet();
+
+ for ( GrantAndDenial grantAndDenial:grantsAndDenials )
+ {
+ microOps.add( grantAndDenial.getMicroOperation() );
+ }
+
+ return microOps;
+ }
+
+
+ /**
+ * @see Object#toString()
+ */
+ public String toString()
+ {
+ StringBuilder buf = new StringBuilder();
+
+ // identificationTag
+ buf.append( "identificationTag \"" );
+ buf.append( getIdentificationTag() );
+
+ // precedence
+ buf.append( "\", precedence " );
+ buf.append( getPrecedence() );
+
+ // authenticationLevel
+ buf.append( ", authenticationLevel " );
+ buf.append( getAuthenticationLevel().getName() );
+
+ return buf.toString();
+ }
+}
Added: directory/shared/trunk/ldap/src/main/java/org/apache/directory/shared/ldap/aci/ACIItemChecker.java
URL: http://svn.apache.org/viewvc/directory/shared/trunk/ldap/src/main/java/org/apache/directory/shared/ldap/aci/ACIItemChecker.java?rev=964361&view=auto
==============================================================================
--- directory/shared/trunk/ldap/src/main/java/org/apache/directory/shared/ldap/aci/ACIItemChecker.java (added)
+++ directory/shared/trunk/ldap/src/main/java/org/apache/directory/shared/ldap/aci/ACIItemChecker.java Thu Jul 15 10:04:06 2010
@@ -0,0 +1,117 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+
+package org.apache.directory.shared.ldap.aci;
+
+
+import java.io.StringReader;
+import java.text.ParseException;
+
+import org.apache.directory.shared.i18n.I18n;
+import org.apache.directory.shared.ldap.schema.SchemaManager;
+
+import antlr.RecognitionException;
+import antlr.TokenStreamException;
+
+
+/**
+ * A reusable wrapper around the antlr generated parser for an ACIItem as
+ * defined by X.501. This class enables the reuse of the antlr parser/lexer pair
+ * without having to recreate them every time.
+ *
+ * @author Apache Directory Project
+ */
+public class ACIItemChecker
+{
+ /** the antlr generated parser being wrapped */
+ private ReusableAntlrACIItemParser checker;
+
+ /** the antlr generated lexer being wrapped */
+ private ReusableAntlrACIItemLexer lexer;
+
+ private final boolean isNormalizing;
+
+
+ /**
+ * Creates a ACIItem parser.
+ */
+ public ACIItemChecker( SchemaManager schemaManager )
+ {
+ this.lexer = new ReusableAntlrACIItemLexer( new StringReader( "" ) );
+ this.checker = new ReusableAntlrACIItemParser( lexer );
+ this.checker.init( schemaManager );
+ this.isNormalizing = false;
+ }
+
+
+ /**
+ * Initializes the plumbing by creating a pipe and coupling the parser/lexer
+ * pair with it. param spec the specification to be parsed
+ */
+ private synchronized void reset( String spec )
+ {
+ StringReader in = new StringReader( spec );
+ this.lexer.prepareNextInput( in );
+ this.checker.resetState();
+ }
+
+
+ /**
+ * Parses an ACIItem without exhausting the parser.
+ *
+ * @param spec
+ * the specification to be parsed
+ * @throws ParseException
+ * if there are any recognition errors (bad syntax)
+ */
+ public synchronized void parse( String spec ) throws ParseException
+ {
+ if ( spec == null || spec.trim().equals( "" ) )
+ {
+ return;
+ }
+
+ reset( spec ); // reset and initialize the parser / lexer pair
+
+ try
+ {
+ this.checker.wrapperEntryPoint();
+ }
+ catch ( TokenStreamException e )
+ {
+ throw new ParseException( I18n.err( I18n.ERR_00004, spec, e.getLocalizedMessage() ), 0 );
+ }
+ catch ( RecognitionException e )
+ {
+ throw new ParseException( I18n.err( I18n.ERR_00004, spec, e.getLocalizedMessage() ), e.getColumn() );
+ }
+ }
+
+
+ /**
+ * Tests to see if this parser is normalizing.
+ *
+ * @return true if it normalizes false otherwise
+ */
+ public boolean isNormizing()
+ {
+ return this.isNormalizing;
+ }
+}
Added: directory/shared/trunk/ldap/src/main/java/org/apache/directory/shared/ldap/aci/ACIItemParser.java
URL: http://svn.apache.org/viewvc/directory/shared/trunk/ldap/src/main/java/org/apache/directory/shared/ldap/aci/ACIItemParser.java?rev=964361&view=auto
==============================================================================
--- directory/shared/trunk/ldap/src/main/java/org/apache/directory/shared/ldap/aci/ACIItemParser.java (added)
+++ directory/shared/trunk/ldap/src/main/java/org/apache/directory/shared/ldap/aci/ACIItemParser.java Thu Jul 15 10:04:06 2010
@@ -0,0 +1,140 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+
+package org.apache.directory.shared.ldap.aci;
+
+
+import java.io.StringReader;
+import java.text.ParseException;
+
+import org.apache.directory.shared.i18n.I18n;
+import org.apache.directory.shared.ldap.name.NameComponentNormalizer;
+import org.apache.directory.shared.ldap.schema.SchemaManager;
+
+import antlr.RecognitionException;
+import antlr.TokenStreamException;
+
+
+/**
+ * A reusable wrapper around the antlr generated parser for an ACIItem as
+ * defined by X.501. This class enables the reuse of the antlr parser/lexer pair
+ * without having to recreate them every time.
+ *
+ * @author Apache Directory Project
+ */
+public class ACIItemParser
+{
+ /** the antlr generated parser being wrapped */
+ private ReusableAntlrACIItemParser parser;
+
+ /** the antlr generated lexer being wrapped */
+ private ReusableAntlrACIItemLexer lexer;
+
+ private final boolean isNormalizing;
+
+
+ /**
+ * Creates a ACIItem parser.
+ */
+ public ACIItemParser( SchemaManager schemaManager )
+ {
+ this.lexer = new ReusableAntlrACIItemLexer( new StringReader( "" ) );
+ this.parser = new ReusableAntlrACIItemParser( lexer );
+
+ this.parser.init( schemaManager ); // this method MUST be called while we cannot do
+ // constructor overloading for antlr generated parser
+ this.isNormalizing = false;
+ }
+
+
+ /**
+ * Creates a normalizing ACIItem parser.
+ */
+ public ACIItemParser( NameComponentNormalizer normalizer, SchemaManager schemaManager )
+ {
+ this.lexer = new ReusableAntlrACIItemLexer( new StringReader( "" ) );
+ this.parser = new ReusableAntlrACIItemParser( lexer );
+
+ this.parser.setNormalizer( normalizer );
+ this.parser.init( schemaManager ); // this method MUST be called while we cannot do
+ // constructor overloading for antlr generated parser
+ this.isNormalizing = true;
+ }
+
+
+ /**
+ * Initializes the plumbing by creating a pipe and coupling the parser/lexer
+ * pair with it. param spec the specification to be parsed
+ */
+ private synchronized void reset( String spec )
+ {
+ StringReader in = new StringReader( spec );
+ this.lexer.prepareNextInput( in );
+ this.parser.resetState();
+ }
+
+
+ /**
+ * Parses an ACIItem without exhausting the parser.
+ *
+ * @param spec
+ * the specification to be parsed
+ * @return the specification bean
+ * @throws ParseException
+ * if there are any recognition errors (bad syntax)
+ */
+ public synchronized ACIItem parse( String spec ) throws ParseException
+ {
+ ACIItem aCIItem = null;
+
+ if ( spec == null || spec.trim().equals( "" ) )
+ {
+ return null;
+ }
+
+ reset( spec ); // reset and initialize the parser / lexer pair
+
+ try
+ {
+ aCIItem = this.parser.wrapperEntryPoint();
+ }
+ catch ( TokenStreamException e )
+ {
+ throw new ParseException( I18n.err( I18n.ERR_00004, spec, e.getLocalizedMessage() ), 0 );
+ }
+ catch ( RecognitionException e )
+ {
+ throw new ParseException( I18n.err( I18n.ERR_00004, spec, e.getLocalizedMessage() ), e.getColumn() );
+ }
+
+ return aCIItem;
+ }
+
+
+ /**
+ * Tests to see if this parser is normalizing.
+ *
+ * @return true if it normalizes false otherwise
+ */
+ public boolean isNormizing()
+ {
+ return this.isNormalizing;
+ }
+}
Added: directory/shared/trunk/ldap/src/main/java/org/apache/directory/shared/ldap/aci/ACITuple.java
URL: http://svn.apache.org/viewvc/directory/shared/trunk/ldap/src/main/java/org/apache/directory/shared/ldap/aci/ACITuple.java?rev=964361&view=auto
==============================================================================
--- directory/shared/trunk/ldap/src/main/java/org/apache/directory/shared/ldap/aci/ACITuple.java (added)
+++ directory/shared/trunk/ldap/src/main/java/org/apache/directory/shared/ldap/aci/ACITuple.java Thu Jul 15 10:04:06 2010
@@ -0,0 +1,157 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.directory.shared.ldap.aci;
+
+
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.Collections;
+import java.util.HashSet;
+import java.util.Set;
+
+import org.apache.directory.shared.i18n.I18n;
+import org.apache.directory.shared.ldap.constants.AuthenticationLevel;
+
+
+/**
+ * A flatten entity which is converted from an {@link ACIItem}. The tuples are
+ * accepted by ACDF (Access Control Decision Function, 18.8, X.501)
+ *
+ * @author Apache Directory Project
+ */
+public class ACITuple
+{
+ /** The collection of {@link UserClass}es this tuple relates to **/
+ private final Collection userClasses;
+
+ /** The level of authentication required */
+ private final AuthenticationLevel authenticationLevel;
+
+ /** The collection of {@link ProtectedItem}s this tuple relates */
+ private final Collection protectedItems;
+
+ /** The set of {@link MicroOperation}s this tuple relates */
+ private final Set microOperations;
+
+ /** Tells if this tuple grant some access */
+ private final boolean grant;
+
+ /** The precedence for this tuple */
+ private final Integer precedence;
+
+
+ /**
+ * Creates a new instance.
+ *
+ * @param userClasses the collection of {@link UserClass}es this tuple relates to
+ * @param authenticationLevel the level of authentication required
+ * @param protectedItems the collection of {@link ProtectedItem}s this tuple relates
+ * @param microOperations the set of {@link MicroOperation}s this tuple relates
+ * @param grant true if and only if this tuple grants an access
+ * @param precedence the precedence of this tuple (0-255)
+ */
+ public ACITuple(
+ Collection userClasses,
+ AuthenticationLevel authenticationLevel,
+ Collection protectedItems,
+ Set microOperations,
+ boolean grant,
+ Integer precedence )
+ {
+ if ( authenticationLevel == null )
+ {
+ throw new IllegalArgumentException( I18n.err( I18n.ERR_04003_NULL_AUTHENTICATION_LEVEL ) );
+ }
+
+ if ( precedence < 0 || precedence > 255 )
+ {
+ throw new IllegalArgumentException( I18n.err( I18n.ERR_04002_BAD_PRECENDENCE, precedence ) );
+ }
+
+ this.userClasses = Collections.unmodifiableCollection( new ArrayList( userClasses ) );
+ this.authenticationLevel = authenticationLevel;
+ this.protectedItems = Collections.unmodifiableCollection( new ArrayList( protectedItems ) );
+ this.microOperations = Collections.unmodifiableSet( new HashSet( microOperations ) );
+ this.grant = grant;
+ this.precedence = precedence;
+ }
+
+
+ /**
+ * Returns the collection of {@link UserClass}es this tuple relates to.
+ */
+ public Collection getUserClasses()
+ {
+ return userClasses;
+ }
+
+
+ /**
+ * Returns the level of authentication required.
+ */
+ public AuthenticationLevel getAuthenticationLevel()
+ {
+ return authenticationLevel;
+ }
+
+
+ /**
+ * Returns the collection of {@link ProtectedItem}s this tuple relates.
+ */
+ public Collection getProtectedItems()
+ {
+ return protectedItems;
+ }
+
+
+ /**
+ * Returns the set of {@link MicroOperation}s this tuple relates.
+ */
+ public Set getMicroOperations()
+ {
+ return microOperations;
+ }
+
+
+ /**
+ * Returns true if and only if this tuple grants an access.
+ */
+ public boolean isGrant()
+ {
+ return grant;
+ }
+
+
+ /**
+ * Returns the precedence of this tuple (0-255).
+ */
+ public Integer getPrecedence()
+ {
+ return precedence;
+ }
+
+
+ public String toString()
+ {
+ return "ACITuple: userClasses=" + userClasses + ", " + "authenticationLevel=" + authenticationLevel + ", "
+ + "protectedItems=" + protectedItems + ", " + ( grant ? "grants=" : "denials=" ) + microOperations + ", "
+ + "precedence=" + precedence;
+ }
+}
Added: directory/shared/trunk/ldap/src/main/java/org/apache/directory/shared/ldap/aci/GrantAndDenial.java
URL: http://svn.apache.org/viewvc/directory/shared/trunk/ldap/src/main/java/org/apache/directory/shared/ldap/aci/GrantAndDenial.java?rev=964361&view=auto
==============================================================================
--- directory/shared/trunk/ldap/src/main/java/org/apache/directory/shared/ldap/aci/GrantAndDenial.java (added)
+++ directory/shared/trunk/ldap/src/main/java/org/apache/directory/shared/ldap/aci/GrantAndDenial.java Thu Jul 15 10:04:06 2010
@@ -0,0 +1,174 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.directory.shared.ldap.aci;
+
+
+/**
+ * An enumeration that represents grants or denials of {@link MicroOperation}s.
+ *
+ * @author Apache Directory Project
+ */
+public class GrantAndDenial
+{
+ // Permissions that may be used in conjunction with any component of
+ // ProtectedItems.
+ /** Grant for {@link MicroOperation#ADD} */
+ public static final GrantAndDenial GRANT_ADD = new GrantAndDenial( MicroOperation.ADD, 0, true );
+
+ /** Denial for {@link MicroOperation#ADD} */
+ public static final GrantAndDenial DENY_ADD = new GrantAndDenial( MicroOperation.ADD, 1, false );
+
+ /** Grant for {@link MicroOperation#DISCLOSE_ON_ERROR} */
+ public static final GrantAndDenial GRANT_DISCLOSE_ON_ERROR = new GrantAndDenial( MicroOperation.DISCLOSE_ON_ERROR,
+ 2, true );
+
+ /** Denial for {@link MicroOperation#DISCLOSE_ON_ERROR} */
+ public static final GrantAndDenial DENY_DISCLOSE_ON_ERROR = new GrantAndDenial( MicroOperation.DISCLOSE_ON_ERROR,
+ 3, false );
+
+ /** Grant for {@link MicroOperation#READ} */
+ public static final GrantAndDenial GRANT_READ = new GrantAndDenial( MicroOperation.READ, 4, true );
+
+ /** Denial for {@link MicroOperation#READ} */
+ public static final GrantAndDenial DENY_READ = new GrantAndDenial( MicroOperation.READ, 5, false );
+
+ /** Grant for {@link MicroOperation#REMOVE} */
+ public static final GrantAndDenial GRANT_REMOVE = new GrantAndDenial( MicroOperation.REMOVE, 6, true );
+
+ /** Denial for {@link MicroOperation#REMOVE} */
+ public static final GrantAndDenial DENY_REMOVE = new GrantAndDenial( MicroOperation.REMOVE, 7, false );
+
+ // Permissions that may be used only in conjunction with the entry
+ // component.
+ /** Grant for {@link MicroOperation#BROWSE} */
+ public static final GrantAndDenial GRANT_BROWSE = new GrantAndDenial( MicroOperation.BROWSE, 8, true );
+
+ /** Denial for {@link MicroOperation#BROWSE} */
+ public static final GrantAndDenial DENY_BROWSE = new GrantAndDenial( MicroOperation.BROWSE, 9, false );
+
+ /** Grant for {@link MicroOperation#EXPORT} */
+ public static final GrantAndDenial GRANT_EXPORT = new GrantAndDenial( MicroOperation.EXPORT, 10, true );
+
+ /** Denial for {@link MicroOperation#EXPORT} */
+ public static final GrantAndDenial DENY_EXPORT = new GrantAndDenial( MicroOperation.EXPORT, 11, false );
+
+ /** Grant for {@link MicroOperation#IMPORT} */
+ public static final GrantAndDenial GRANT_IMPORT = new GrantAndDenial( MicroOperation.IMPORT, 12, true );
+
+ /** Denial for {@link MicroOperation#IMPORT} */
+ public static final GrantAndDenial DENY_IMPORT = new GrantAndDenial( MicroOperation.IMPORT, 13, false );
+
+ /** Grant for {@link MicroOperation#MODIFY} */
+ public static final GrantAndDenial GRANT_MODIFY = new GrantAndDenial( MicroOperation.MODIFY, 14, true );
+
+ /** Denial for {@link MicroOperation#MODIFY} */
+ public static final GrantAndDenial DENY_MODIFY = new GrantAndDenial( MicroOperation.MODIFY, 15, false );
+
+ /** Grant for {@link MicroOperation#RENAME} */
+ public static final GrantAndDenial GRANT_RENAME = new GrantAndDenial( MicroOperation.RENAME, 16, true );
+
+ /** Denial for {@link MicroOperation#RENAME} */
+ public static final GrantAndDenial DENY_RENAME = new GrantAndDenial( MicroOperation.RENAME, 17, false );
+
+ /** Grant for {@link MicroOperation#RETURN_DN} */
+ public static final GrantAndDenial GRANT_RETURN_DN = new GrantAndDenial( MicroOperation.RETURN_DN, 18, true );
+
+ /** Denial for {@link MicroOperation#RETURN_DN} */
+ public static final GrantAndDenial DENY_RETURN_DN = new GrantAndDenial( MicroOperation.RETURN_DN, 19, false );
+
+ // Permissions that may be used in conjunction with any component,
+ // except entry, of ProtectedItems.
+ /** Grant for {@link MicroOperation#COMPARE} */
+ public static final GrantAndDenial GRANT_COMPARE = new GrantAndDenial( MicroOperation.COMPARE, 20, true );
+
+ /** Deny for {@link MicroOperation#COMPARE} */
+ public static final GrantAndDenial DENY_COMPARE = new GrantAndDenial( MicroOperation.COMPARE, 21, false );
+
+ /** Grant for {@link MicroOperation#FILTER_MATCH} */
+ public static final GrantAndDenial GRANT_FILTER_MATCH = new GrantAndDenial( MicroOperation.FILTER_MATCH, 22, true );
+
+ /** Denial for {@link MicroOperation#FILTER_MATCH} */
+ public static final GrantAndDenial DENY_FILTER_MATCH = new GrantAndDenial( MicroOperation.FILTER_MATCH, 23, false );
+
+ /** Grant for {@link MicroOperation#INVOKE} */
+ public static final GrantAndDenial GRANT_INVOKE = new GrantAndDenial( MicroOperation.INVOKE, 24, true );
+
+ /** Denial for {@link MicroOperation#INVOKE} */
+ public static final GrantAndDenial DENY_INVOKE = new GrantAndDenial( MicroOperation.INVOKE, 25, false );
+
+ private final MicroOperation microOperation;
+
+ private final int code;
+
+ private final String name;
+
+ private final boolean grant;
+
+
+ private GrantAndDenial(MicroOperation microOperation, int code, boolean grant)
+ {
+ this.microOperation = microOperation;
+ this.code = code;
+ this.name = ( grant ? "grant" : "deny" ) + microOperation.getName();
+ this.grant = grant;
+ }
+
+
+ /**
+ * Returns the {@link MicroOperation} related with this grant or denial.
+ */
+ public MicroOperation getMicroOperation()
+ {
+ return microOperation;
+ }
+
+
+ /**
+ * Return the code number of this grant or denial.
+ */
+ public int getCode()
+ {
+ return code;
+ }
+
+
+ /**
+ * Returns the name of this grant or denial.
+ */
+ public String getName()
+ {
+ return name;
+ }
+
+
+ /**
+ * Returns true if and only if this is grant.
+ */
+ public boolean isGrant()
+ {
+ return grant;
+ }
+
+
+ public String toString()
+ {
+ return name;
+ }
+}
Added: directory/shared/trunk/ldap/src/main/java/org/apache/directory/shared/ldap/aci/ItemFirstACIItem.java
URL: http://svn.apache.org/viewvc/directory/shared/trunk/ldap/src/main/java/org/apache/directory/shared/ldap/aci/ItemFirstACIItem.java?rev=964361&view=auto
==============================================================================
--- directory/shared/trunk/ldap/src/main/java/org/apache/directory/shared/ldap/aci/ItemFirstACIItem.java (added)
+++ directory/shared/trunk/ldap/src/main/java/org/apache/directory/shared/ldap/aci/ItemFirstACIItem.java Thu Jul 15 10:04:06 2010
@@ -0,0 +1,172 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.directory.shared.ldap.aci;
+
+
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.Collections;
+import java.util.Set;
+
+import org.apache.directory.shared.ldap.constants.AuthenticationLevel;
+
+
+/**
+ * An {@link ACIItem} which specifies {@link ProtectedItem}s first and then
+ * {@link UserClass}es each {@link ProtectedItem} will have. (18.4.2.4. X.501)
+ *
+ * @author Apache Directory Project
+ */
+public class ItemFirstACIItem extends ACIItem
+{
+ /** The list of protected items ( userClasses or userPermissions ) */
+ private final Collection protectedItems;
+
+ /** The associated permissions */
+ private final Collection itemPermissions;
+
+
+ /**
+ * Creates a new instance.
+ *
+ * @param identificationTag the id string of this item
+ * @param precedence the precedence of this item
+ * @param authenticationLevel the level of authentication required to this item
+ * @param protectedItems the collection of {@link ProtectedItem}s this item protects
+ * @param itemPermissions the collection of {@link ItemPermission}s each protectedItems will have
+ */
+ public ItemFirstACIItem( String identificationTag, int precedence, AuthenticationLevel authenticationLevel,
+ Collection protectedItems, Collection itemPermissions )
+ {
+ super( identificationTag, precedence, authenticationLevel );
+
+ this.protectedItems = Collections.unmodifiableCollection( new ArrayList( protectedItems ) );
+ this.itemPermissions = Collections.unmodifiableCollection( new ArrayList( itemPermissions ) );
+ }
+
+
+ /**
+ * Returns the collection of {@link ProtectedItem}s.
+ */
+ public Collection getProtectedItems()
+ {
+ return protectedItems;
+ }
+
+
+ /**
+ * Returns the collection of {@link ItemPermission}s.
+ */
+ public Collection getItemPermissions()
+ {
+ return itemPermissions;
+ }
+
+
+ /**
+ * @see Object#toString()
+ */
+ public String toString()
+ {
+ StringBuilder buf = new StringBuilder();
+
+ buf.append( "{" );
+ buf.append( super.toString() );
+
+ // itemOrUserFirst
+ buf.append( ", itemOrUserFirst itemFirst: { " );
+
+ // protectedItems
+ buf.append( "protectedItems { " );
+
+ boolean isFirst = true;
+
+ for ( ProtectedItem item:protectedItems )
+ {
+ if ( isFirst )
+ {
+ isFirst = false;
+ }
+ else
+ {
+ buf.append( ", " );
+ }
+
+ buf.append( item.toString() );
+ }
+
+ // itemPermissions
+ buf.append( " }, itemPermissions { " );
+
+ isFirst = true;
+
+ for ( ItemPermission permission:itemPermissions )
+ {
+ if ( isFirst )
+ {
+ isFirst = false;
+ }
+ else
+ {
+ buf.append( ", " );
+ }
+
+ buf.append( permission.toString() );
+ }
+
+ buf.append( " } } }" );
+
+ return buf.toString();
+ }
+
+
+ /**
+ * Transform this protected Item and permissions to a set of Tuples
+ *
+ * @return The list of created Tuples
+ */
+ public Collection toTuples()
+ {
+ Collection tuples = new ArrayList();
+
+ for ( ItemPermission itemPermission:itemPermissions )
+ {
+ Set grants = itemPermission.getGrants();
+ Set denials = itemPermission.getDenials();
+ int precedence = itemPermission.getPrecedence() != null ?
+ itemPermission.getPrecedence() :
+ this.getPrecedence();
+
+ if ( grants.size() > 0 )
+ {
+ tuples.add( new ACITuple( itemPermission.getUserClasses(), getAuthenticationLevel(), protectedItems,
+ toMicroOperations( grants ), true, precedence ) );
+ }
+
+ if ( denials.size() > 0 )
+ {
+ tuples.add( new ACITuple( itemPermission.getUserClasses(), getAuthenticationLevel(), protectedItems,
+ toMicroOperations( denials ), false, precedence ) );
+ }
+ }
+
+ return tuples;
+ }
+}
Added: directory/shared/trunk/ldap/src/main/java/org/apache/directory/shared/ldap/aci/ItemPermission.java
URL: http://svn.apache.org/viewvc/directory/shared/trunk/ldap/src/main/java/org/apache/directory/shared/ldap/aci/ItemPermission.java?rev=964361&view=auto
==============================================================================
--- directory/shared/trunk/ldap/src/main/java/org/apache/directory/shared/ldap/aci/ItemPermission.java (added)
+++ directory/shared/trunk/ldap/src/main/java/org/apache/directory/shared/ldap/aci/ItemPermission.java Thu Jul 15 10:04:06 2010
@@ -0,0 +1,120 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.directory.shared.ldap.aci;
+
+
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.Collections;
+
+
+/**
+ * Represents permissions to be applied to all {@link ProtectedItem}s in
+ * {@link ItemFirstACIItem}.
+ *
+ * @author Apache Directory Project
+ */
+public class ItemPermission extends Permission
+{
+ private final Collection userClasses;
+
+
+ /**
+ * Creates a new instance
+ *
+ * @param precedence
+ * the precedence of this permission (-1 to use the
+ * default)
+ * @param grantsAndDenials
+ * the set of {@link GrantAndDenial}s
+ * @param userClasses
+ * the collection of {@link UserClass}es
+ */
+ public ItemPermission( Integer precedence, Collection grantsAndDenials, Collection userClasses )
+ {
+ super( precedence, grantsAndDenials );
+
+ this.userClasses = Collections.unmodifiableCollection( new ArrayList( userClasses ) );
+ }
+
+
+ /**
+ * Returns the collection of {@link UserClass}es.
+ */
+ public Collection getUserClasses()
+ {
+ return userClasses;
+ }
+
+
+ public String toString()
+ {
+ StringBuilder buffer = new StringBuilder();
+
+ buffer.append( "{ " );
+
+ if ( getPrecedence() != null )
+ {
+ buffer.append( "precedence " );
+ buffer.append( getPrecedence() );
+ buffer.append( ", " );
+ }
+
+ buffer.append( "userClasses { " );
+
+ boolean isFirst = true;
+
+ for ( UserClass userClass:userClasses )
+ {
+ if ( isFirst )
+ {
+ isFirst = false;
+ }
+ else
+ {
+ buffer.append( ", " );
+ }
+
+ buffer.append( userClass.toString() );
+ }
+
+ buffer.append( " }, grantsAndDenials { " );
+
+ isFirst = true;
+
+ for ( GrantAndDenial grantAndDenial:getGrantsAndDenials() )
+ {
+ if ( isFirst )
+ {
+ isFirst = false;
+ }
+ else
+ {
+ buffer.append( ", " );
+ }
+
+ buffer.append( grantAndDenial.toString() );
+ }
+
+ buffer.append( " } }" );
+
+ return buffer.toString();
+ }
+}
Added: directory/shared/trunk/ldap/src/main/java/org/apache/directory/shared/ldap/aci/MicroOperation.java
URL: http://svn.apache.org/viewvc/directory/shared/trunk/ldap/src/main/java/org/apache/directory/shared/ldap/aci/MicroOperation.java?rev=964361&view=auto
==============================================================================
--- directory/shared/trunk/ldap/src/main/java/org/apache/directory/shared/ldap/aci/MicroOperation.java (added)
+++ directory/shared/trunk/ldap/src/main/java/org/apache/directory/shared/ldap/aci/MicroOperation.java Thu Jul 15 10:04:06 2010
@@ -0,0 +1,85 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.directory.shared.ldap.aci;
+
+
+/**
+ * An enumeration that represents all micro-operations that makes up LDAP
+ * operations.
+ *
+ * @author Apache Directory Project
+ */
+public enum MicroOperation
+{
+ // Permissions that may be used in conjunction with any component of
+ // ProtectedItems.
+ ADD( "Add" ),
+
+ DISCLOSE_ON_ERROR( "DiscloseOnError" ),
+
+ READ( "Read" ),
+
+ REMOVE( "Remove" ),
+
+ // Permissions that may be used only in conjunction with the entry
+ // component.
+ BROWSE( "Browse" ),
+
+ EXPORT( "Export" ),
+
+ IMPORT( "Import" ),
+
+ MODIFY( "Modify" ),
+
+ RENAME ( "Rename" ),
+
+ RETURN_DN( "ReturnDN" ),
+
+ // Permissions that may be used in conjunction with any component,
+ // except entry, of ProtectedItems.
+ COMPARE( "Compare" ),
+
+ FILTER_MATCH( "FilterMatch" ),
+
+ INVOKE( "Invoke" );
+
+ private final String name;
+
+
+ private MicroOperation(String name)
+ {
+ this.name = name;
+ }
+
+
+ /**
+ * Returns the name of this micro-operation.
+ */
+ public String getName()
+ {
+ return name;
+ }
+
+
+ public String toString()
+ {
+ return name;
+ }
+}