001/* 002 * Licensed to the Apache Software Foundation (ASF) under one 003 * or more contributor license agreements. See the NOTICE file 004 * distributed with this work for additional information 005 * regarding copyright ownership. The ASF licenses this file 006 * to you under the Apache License, Version 2.0 (the 007 * "License"); you may not use this file except in compliance 008 * with the License. You may obtain a copy of the License at 009 * 010 * http://www.apache.org/licenses/LICENSE-2.0 011 * 012 * Unless required by applicable law or agreed to in writing, 013 * software distributed under the License is distributed on an 014 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 015 * KIND, either express or implied. See the License for the 016 * specific language governing permissions and limitations 017 * under the License. 018 * 019 */ 020package org.apache.directory.api.ldap.aci; 021 022 023import java.util.ArrayList; 024import java.util.Collection; 025import java.util.Collections; 026import java.util.HashSet; 027import java.util.Set; 028 029import org.apache.directory.api.i18n.I18n; 030import org.apache.directory.api.ldap.model.constants.AuthenticationLevel; 031 032 033/** 034 * A flatten entity which is converted from an {@link ACIItem}. The tuples are 035 * accepted by ACDF (Access Control Decision Function, 18.8, X.501) 036 * 037 * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a> 038 */ 039public class ACITuple 040{ 041 /** The collection of {@link UserClass}es this tuple relates to **/ 042 private final Collection<UserClass> userClasses; 043 044 /** The level of authentication required */ 045 private final AuthenticationLevel authenticationLevel; 046 047 /** The collection of {@link ProtectedItem}s this tuple relates */ 048 private final Collection<ProtectedItem> protectedItems; 049 050 /** The set of {@link MicroOperation}s this tuple relates */ 051 private final Set<MicroOperation> microOperations; 052 053 /** Tells if this tuple grant some access */ 054 private final boolean grant; 055 056 /** The precedence for this tuple */ 057 private final Integer precedence; 058 059 060 /** 061 * Creates a new instance. 062 * 063 * @param userClasses the collection of {@link UserClass}es this tuple relates to 064 * @param authenticationLevel the level of authentication required 065 * @param protectedItems the collection of {@link ProtectedItem}s this tuple relates 066 * @param microOperations the collection of {@link MicroOperation}s this tuple relates 067 * @param grant <tt>true</tt> if and only if this tuple grants an access 068 * @param precedence the precedence of this tuple (<tt>0</tt>-<tt>255</tt>) 069 */ 070 public ACITuple( 071 Collection<UserClass> userClasses, 072 AuthenticationLevel authenticationLevel, 073 Collection<ProtectedItem> protectedItems, 074 Collection<MicroOperation> microOperations, 075 boolean grant, 076 Integer precedence ) 077 { 078 if ( authenticationLevel == null ) 079 { 080 throw new IllegalArgumentException( I18n.err( I18n.ERR_04003_NULL_AUTHENTICATION_LEVEL ) ); 081 } 082 083 if ( precedence < 0 || precedence > 255 ) 084 { 085 throw new IllegalArgumentException( I18n.err( I18n.ERR_04002_BAD_PRECENDENCE, precedence ) ); 086 } 087 088 this.userClasses = Collections.unmodifiableCollection( new ArrayList<UserClass>( userClasses ) ); 089 this.authenticationLevel = authenticationLevel; 090 this.protectedItems = Collections.unmodifiableCollection( new ArrayList<ProtectedItem>( protectedItems ) ); 091 this.microOperations = Collections.unmodifiableSet( new HashSet<MicroOperation>( microOperations ) ); 092 this.grant = grant; 093 this.precedence = precedence; 094 } 095 096 097 /** 098 * Gets the collection of {@link UserClass}es this tuple relates to. 099 * 100 * @return the collection of {@link UserClass}es 101 */ 102 public Collection<UserClass> getUserClasses() 103 { 104 return userClasses; 105 } 106 107 108 /** 109 * Gets the level of authentication required. 110 * 111 * @return the authentication level 112 */ 113 public AuthenticationLevel getAuthenticationLevel() 114 { 115 return authenticationLevel; 116 } 117 118 119 /** 120 * Gets the collection of {@link ProtectedItem}s this tuple relates. 121 * 122 * @return the collection of {@link ProtectedItem}s 123 */ 124 public Collection<ProtectedItem> getProtectedItems() 125 { 126 return protectedItems; 127 } 128 129 130 /** 131 * Gets the collection of {@link MicroOperation}s this tuple relates. 132 * 133 * @return the collection of {@link MicroOperation}s 134 */ 135 public Collection<MicroOperation> getMicroOperations() 136 { 137 return microOperations; 138 } 139 140 141 /** 142 * Gets <tt>true</tt> if and only if this tuple grants an access. 143 * 144 * @return <tt>true</tt> if and only if this tuple grants an access 145 */ 146 public boolean isGrant() 147 { 148 return grant; 149 } 150 151 152 /** 153 * Gets the precedence of this tuple (<tt>0</tt>-<tt>255</tt>). 154 * 155 * @return the precedence 156 */ 157 public Integer getPrecedence() 158 { 159 return precedence; 160 } 161 162 163 /** 164 * {@inheritDoc} 165 */ 166 @Override 167 public String toString() 168 { 169 return "ACITuple: userClasses=" + userClasses + ", " + "authenticationLevel=" + authenticationLevel + ", " 170 + "protectedItems=" + protectedItems + ", " + ( grant ? "grants=" : "denials=" ) + microOperations + ", " 171 + "precedence=" + precedence; 172 } 173}