Package org.apache.directory.fortress.core.model

Class AuthZ

  • All Implemented Interfaces:
    Serializable
    public class AuthZ
extends FortEntity
implements Serializable
    This entity class contains OpenLDAP slapo-accesslog records that correspond to authorization attempts made to the directory.

    The auditCompare Structural object class is used by the slapo-accesslog overlay to store record of fortress authorization events. These events can later be pulled as audit trail using ldap protocol. The data pertaining to authZ events are stored in this entity record.

     ------------------------------------------
 objectclass (  1.3.6.1.4.1.4203.666.11.5.2.7
 NAME 'auditCompare'
 DESC 'Compare operation'
 SUP auditObject STRUCTURAL
 MUST reqAssertion )
 ------------------------------------------
    For the Compare operation the reqAssertion attribute carries the Attribute Value Assertion used in the compare request

    Note this class uses descriptions pulled from man pages on slapo-accesslog.

    Author:
    Apache Directory Project
    See Also:
    Serialized Form

    • Constructor Summary

      Constructors 
      Constructor Description
      AuthZ()  

    • Method Summary

      All Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      String getCreateTimestamp()
      Get the attribute that maps to 'reqStart' which provides the start time of the operation which is also the rDn for the node.
      String getCreatorsName()
      Return the user dn containing the identity of log user who added the audit record.
      String getEntryCSN()
      Return the Change Sequence Number (CSN) containing sequence number that is used for OpenLDAP synch replication functionality.
      String getEntryDN()
      Get the entry dn for bind object stored in directory.
      String getEntryUUID()
      Get the attribute that contains the Universally Unique ID (UUID) of the corresponding 'auditSearch' record.
      String getHasSubordinates()
      Get the attribute that corresponds to the boolean value hasSubordinates.
      String getModifiersName()
      Return the user dn containing the identity of log user who last modified the audit record.
      String getModifyTimestamp()
      Get the attribute that maps to 'modifyTimestamp' which provides the last time audit record was changed.
      String getObjectClass()
      Get the object class name of the audit record.
      String getReqAssertion()
      Get the Compare operation the reqAssertion attribute carries the Attribute Value Assertion used in the compare request.
      String getReqAttr()
      The reqAttr attribute lists the requested attributes if specific attributes were requested.
      String getReqAttrsOnly()
      The reqAttrsOnly attribute is a Boolean value showing TRUE if only attribute names were requested, or FALSE if attributes and their values were requested.
      String getReqAuthzID()
      The reqAuthzID attribute is the distinguishedName of the user that performed the operation.
      String getReqControls()
      The reqControls and reqRespControls attributes carry any controls sent by the client on the request and returned by the server in the response, respectively.
      String getReqDerefAliases()
      The reqDerefAliases attribute is on of never, finding, searching, or always, denoting how aliases will be processed during the search.
      String getReqDN()
      The reqDN attribute is the distinguishedName of the target of the operation.
      String getReqEnd()
      reqEnd provide the end time of the operation.
      String getReqEntries()
      The reqEntries attribute is the integer count of how many entries were returned by this search request.
      String getReqFilter()
      The reqFilter attribute carries the filter used in the search request.
      String getReqResult()
      The reqResult attribute is the numeric LDAP result code of the operation, indicating either success or a particular LDAP error code.
      String getReqScope()
      The reqScope attribute contains the scope of the original search request, using the values specified for the LDAP URL format.
      String getReqSession()
      The reqSession attribute is an implementation-specific identifier that is common to all the operations associated with the same LDAP session.
      String getReqSizeLimit()
      The reqSizeLimit attribute indicate what limits were requested on the search operation.
      String getReqStart()
      reqStart provide the start of the operation, They use generalizedTime syntax.
      String getReqTimeLimit()
      The reqTimeLimit attribute indicate what limits were requested on the search operation.
      String getReqType()
      The reqType attribute is a simple string containing the type of operation being logged, e.g.
      long getSequenceId()
      Sequence id is used internal to Fortress.
      String getStructuralObjectClass()
      Returns the name of the structural object class that is used to log the event.
      String getSubschemaSubentry()
      Return the subschemaSubentry attribute from the audit entry.
      void setCreateTimestamp​(String createTimestamp)
      Set the attribute that maps to 'reqStart' which provides the start time of the operation which is also the rDn for the node.
      void setCreatorsName​(String creatorsName)
      Set the user dn containing the identity of log user who added the audit record.
      void setEntryCSN​(String entryCSN)
      Set the Change Sequence Number (CSN) containing sequence number that is used for OpenLDAP synch replication functionality.
      void setEntryDN​(String entryDN)
      Set the entry dn for bind object stored in directory.
      void setEntryUUID​(String entryUUID)
      Set the attribute that contains the Universally Unique ID (UUID) of the corresponding 'auditSearch' record.
      void setHasSubordinates​(String hasSubordinates)
      Set the attribute that corresponds to the boolean value hasSubordinates.
      void setModifiersName​(String modifiersName)
      Set the user dn containing the identity of log user who modified the audit record.
      void setModifyTimestamp​(String modifyTimestamp)
      Set the attribute that maps to 'modifyTimestamp' which provides the last time audit record was changed.
      void setObjectClass​(String objectClass)
      Set the object class name of the audit record.
      void setReqAssertion​(String reqAssertion)
      Set the Compare operation the reqAssertion attribute carries the Attribute Value Assertion used in the compare request.
      void setReqAttr​(String reqAttr)
      The reqAttr attribute lists the requested attributes if specific attributes were requested.
      void setReqAttrsOnly​(String reqAttrsOnly)
      The reqAttrsOnly attribute is a Boolean value showing TRUE if only attribute names were requested, or FALSE if attributes and their values were requested.
      void setReqAuthzID​(String reqAuthzID)
      The reqAuthzID attribute is the distinguishedName of the user that performed the operation.
      void setReqControls​(String reqControls)
      The reqControls and reqRespControls attributes carry any controls sent by the client on the request and returned by the server in the response, respectively.
      void setReqDerefAliases​(String reqDerefAliases)
      The reqDerefAliases attribute is on of never, finding, searching, or always, denoting how aliases will be processed during the search.
      void setReqDN​(String reqDN)
      The reqDN attribute is the distinguishedName of the target of the operation.
      void setReqEnd​(String reqEnd)
      reqEnd provide the end time of the operation.
      void setReqEntries​(String reqEntries)
      The reqEntries attribute is the integer count of how many entries were returned by this search request.
      void setReqFilter​(String reqFilter)
      The reqFilter attribute carries the filter used in the search request.
      void setReqResult​(String reqResult)
      The reqResult attribute is the numeric LDAP result code of the operation, indicating either success or a particular LDAP error code.
      void setReqScope​(String reqScope)
      The reqScope attribute contains the scope of the original search request, using the values specified for the LDAP URL format.
      void setReqSession​(String reqSession)
      The reqSession attribute is an implementation-specific identifier that is common to all the operations associated with the same LDAP session.
      void setReqSizeLimit​(String reqSizeLimit)
      The reqSizeLimit attribute indicate what limits were requested on the search operation.
      void setReqStart​(String reqStart)
      reqStart provide the start of the operation, They use generalizedTime syntax.
      void setReqTimeLimit​(String reqTimeLimit)
      The reqTimeLimit attribute indicate what limits were requested on the search operation.
      void setReqType​(String reqType)
      The reqType attribute is a simple string containing the type of operation being logged, e.g.
      void setSequenceId​(long sequenceId)
      Sequence id is used internal to Fortress
      void setStructuralObjectClass​(String structuralObjectClass)
      Returns the name of the structural object class that is used to log the event.
      void setSubschemaSubentry​(String subschemaSubentry)
      Set the subschemaSubentry attribute from the audit entry.

    • Constructor Detail

      • AuthZ

        public AuthZ()

    • Method Detail

      • getCreateTimestamp

        public String getCreateTimestamp()
        Get the attribute that maps to 'reqStart' which provides the start time of the operation which is also the rDn for the node. These time attributes use generalizedTime syntax. The reqStart attribute is also used as the RDN for each log entry.
        Returns:
        attribute that maps to 'reqStart' in 'auditSearch' object class.

      • setCreateTimestamp

        public void setCreateTimestamp​(String createTimestamp)
        Set the attribute that maps to 'reqStart' which provides the start time of the operation which is also the rDn for the node. These time attributes use generalizedTime syntax. The reqStart attribute is also used as the RDN for each log entry.
        Parameters:
        createTimestamp - attribute that maps to 'reqStart' in 'auditSearch' object class.

      • getCreatorsName

        public String getCreatorsName()
        Return the user dn containing the identity of log user who added the audit record. This will be the system user that is configured for performing slapd access log operations on behalf of Fortress.
        Returns:
        value that maps to 'creatorsName' attribute on 'auditSearch' object class.

      • setCreatorsName

        public void setCreatorsName​(String creatorsName)
        Set the user dn containing the identity of log user who added the audit record. This will be the system user that is configured for performing slapd access log operations on behalf of Fortress.
        Parameters:
        creatorsName - maps to 'creatorsName' attribute on 'auditSearch' object class.

      • getEntryCSN

        public String getEntryCSN()
        Return the Change Sequence Number (CSN) containing sequence number that is used for OpenLDAP synch replication functionality.
        Returns:
        attribute that maps to 'entryCSN' on 'auditSearch' object class.

      • setEntryCSN

        public void setEntryCSN​(String entryCSN)
        Set the Change Sequence Number (CSN) containing sequence number that is used for OpenLDAP synch replication functionality.
        Parameters:
        entryCSN - maps to 'entryCSN' attribute on 'auditSearch' object class.

      • getEntryDN

        public String getEntryDN()
        Get the entry dn for bind object stored in directory. This attribute uses the 'reqStart' along with suffix for log.
        Returns:
        attribute that maps to 'entryDN' on 'auditSearch' object class.

      • setEntryDN

        public void setEntryDN​(String entryDN)
        Set the entry dn for bind object stored in directory. This attribute uses the 'reqStart' along with suffix for log.
        Parameters:
        entryDN - attribute that maps to 'entryDN' on 'auditSearch' object class.

      • getEntryUUID

        public String getEntryUUID()
        Get the attribute that contains the Universally Unique ID (UUID) of the corresponding 'auditSearch' record.
        Returns:
        value that maps to 'entryUUID' attribute on 'auditSearch' object class.

      • setEntryUUID

        public void setEntryUUID​(String entryUUID)
        Set the attribute that contains the Universally Unique ID (UUID) of the corresponding 'auditSearch' record.
        Parameters:
        entryUUID - that maps to 'entryUUID' attribute on 'auditSearch' object class.

      • getHasSubordinates

        public String getHasSubordinates()
        Get the attribute that corresponds to the boolean value hasSubordinates.
        Returns:
        value that maps to 'hasSubordinates' attribute on 'auditSearch' object class.

      • setHasSubordinates

        public void setHasSubordinates​(String hasSubordinates)
        Set the attribute that corresponds to the boolean value hasSubordinates.
        Parameters:
        hasSubordinates - maps to same name on 'auditSearch' object class.

      • getModifiersName

        public String getModifiersName()
        Return the user dn containing the identity of log user who last modified the audit record. This will be the system user that is configured for performing slapd access log operations on behalf of Fortress.
        Returns:
        value that maps to 'modifiersName' attribute on 'auditSearch' object class.

      • setModifiersName

        public void setModifiersName​(String modifiersName)
        Set the user dn containing the identity of log user who modified the audit record. This will be the system user that is configured for performing slapd access log operations on behalf of Fortress.
        Parameters:
        modifiersName - maps to 'modifiersName' attribute on 'auditSearch' object class.

      • getModifyTimestamp

        public String getModifyTimestamp()
        Get the attribute that maps to 'modifyTimestamp' which provides the last time audit record was changed. The time attributes use generalizedTime syntax.
        Returns:
        attribute that maps to 'modifyTimestamp' in 'auditSearch' object class.

      • setModifyTimestamp

        public void setModifyTimestamp​(String modifyTimestamp)
        Set the attribute that maps to 'modifyTimestamp' which provides the last time audit record was changed. The time attributes use generalizedTime syntax.
        Parameters:
        modifyTimestamp - attribute that maps to same name in 'auditSearch' object class.

      • getObjectClass

        public String getObjectClass()
        Get the object class name of the audit record. For this entity, this value will always be 'auditSearch'.
        Returns:
        value that maps to 'objectClass' attribute on 'auditSearch' obejct class.

      • setObjectClass

        public void setObjectClass​(String objectClass)
        Set the object class name of the audit record. For this entity, this value will always be 'auditSearch'.
        Parameters:
        objectClass - value that maps to same name on 'auditSearch' obejct class.

      • getReqAuthzID

        public String getReqAuthzID()
        The reqAuthzID attribute is the distinguishedName of the user that performed the operation. This will usually be the same name as was established at the start of a session by a Bind request (if any) but may be altered in various circumstances. For Fortress bind operations this will map to User#userId
        Returns:
        value that maps to 'reqAuthzID' on 'auditSearch' object class.

      • setReqAuthzID

        public void setReqAuthzID​(String reqAuthzID)
        The reqAuthzID attribute is the distinguishedName of the user that performed the operation. This will usually be the same name as was established at the start of a session by a Bind request (if any) but may be altered in various circumstances. For Fortress bind operations this will map to User#userId

      • getReqControls

        public String getReqControls()
        The reqControls and reqRespControls attributes carry any controls sent by the client on the request and returned by the server in the response, respectively. The attribute values are just uninterpreted octet strings.
        Returns:
        value that maps to 'reqControls' attribute on 'auditSearch' object class.

      • setReqControls

        public void setReqControls​(String reqControls)
        The reqControls and reqRespControls attributes carry any controls sent by the client on the request and returned by the server in the response, respectively. The attribute values are just uninterpreted octet strings.
        Parameters:
        reqControls - maps to same name attribute on 'auditSearch' object class.

      • getReqDN

        public String getReqDN()
        The reqDN attribute is the distinguishedName of the target of the operation. E.g., for a Bind request, this is the Bind DN. For an Add request, this is the DN of the entry being added. For a Search request, this is the base DN of the search.
        Returns:
        value that map to 'reqDN' attribute on 'auditSearch' object class.

      • setReqDN

        public void setReqDN​(String reqDN)
        The reqDN attribute is the distinguishedName of the target of the operation. E.g., for a Bind request, this is the Bind DN. For an Add request, this is the DN of the entry being added. For a Search request, this is the base DN of the search.
        Parameters:
        reqDN - maps to 'reqDN' attribute on 'auditSearch' object class.

      • getReqEnd

        public String getReqEnd()
        reqEnd provide the end time of the operation. It uses generalizedTime syntax.
        Returns:
        value that maps to 'reqEnd' attribute on 'auditSearch' object class.

      • setReqEnd

        public void setReqEnd​(String reqEnd)
        reqEnd provide the end time of the operation. It uses generalizedTime syntax.
        Parameters:
        reqEnd - value that maps to same name on 'auditSearch' object class.

      • getReqResult

        public String getReqResult()
        The reqResult attribute is the numeric LDAP result code of the operation, indicating either success or a particular LDAP error code. An error code may be accompanied by a text error message which will be recorded in the reqMessage attribute.
        Returns:
        value that maps to 'reqResult' attribute on 'auditSearch' object class.

      • setReqResult

        public void setReqResult​(String reqResult)
        The reqResult attribute is the numeric LDAP result code of the operation, indicating either success or a particular LDAP error code. An error code may be accompanied by a text error message which will be recorded in the reqMessage attribute.
        Parameters:
        reqResult - maps to same name on 'auditSearch' object class.

      • getReqSession

        public String getReqSession()
        The reqSession attribute is an implementation-specific identifier that is common to all the operations associated with the same LDAP session. Currently this is slapd's internal connection ID, stored in decimal.
        Returns:
        value that maps to 'reqSession' attribute on 'auditSearch' object class.

      • setReqSession

        public void setReqSession​(String reqSession)
        The reqSession attribute is an implementation-specific identifier that is common to all the operations associated with the same LDAP session. Currently this is slapd's internal connection ID, stored in decimal.
        Parameters:
        reqSession - maps to same name on 'auditSearch' object class.

      • getReqStart

        public String getReqStart()
        reqStart provide the start of the operation, They use generalizedTime syntax. The reqStart attribute is also used as the RDN for each log entry.
        Returns:
        value that maps to 'reqStart' attribute on 'auditSearch' object class.

      • setReqStart

        public void setReqStart​(String reqStart)
        reqStart provide the start of the operation, They use generalizedTime syntax. The reqStart attribute is also used as the RDN for each log entry.
        Parameters:
        reqStart - maps to same name on 'auditSearch' object class.

      • getReqType

        public String getReqType()
        The reqType attribute is a simple string containing the type of operation being logged, e.g. add, delete, search, etc. For extended operations, the type also includes the OID of the extended operation, e.g. extended(1.1.1.1)
        Returns:
        value that maps to 'reqType' attribute on 'auditSearch' object class.

      • setReqType

        public void setReqType​(String reqType)
        The reqType attribute is a simple string containing the type of operation being logged, e.g. add, delete, search, etc. For extended operations, the type also includes the OID of the extended operation, e.g. extended(1.1.1.1)
        Parameters:
        reqType - maps to same name on 'auditSearch' object class.

      • getReqAssertion

        public String getReqAssertion()
        Get the Compare operation the reqAssertion attribute carries the Attribute Value Assertion used in the compare request.
        Returns:
        value that maps to 'reqAssertion' attribute on 'auditCompare' object class.

      • setReqAssertion

        public void setReqAssertion​(String reqAssertion)
        Set the Compare operation the reqAssertion attribute carries the Attribute Value Assertion used in the compare request.
        Parameters:
        reqAssertion - value maps to 'reqAssertion' attribute contained in the 'auditCompare' object class.

      • getStructuralObjectClass

        public String getStructuralObjectClass()
        Returns the name of the structural object class that is used to log the event. For this entity this value will always be 'auditSearch'.
        Returns:
        value that maps to 'structuralObjectClass' attribute that contains the name 'auditSearch'.

      • setStructuralObjectClass

        public void setStructuralObjectClass​(String structuralObjectClass)
        Returns the name of the structural object class that is used to log the event. For this entity this value will always be 'auditSearch'.
        Parameters:
        structuralObjectClass - maps to same name on 'auditSearch' object class.

      • getReqEntries

        public String getReqEntries()
        The reqEntries attribute is the integer count of how many entries were returned by this search request.
        Returns:
        value that maps to 'reqEntries' attribute on 'auditSearch' object class

      • setReqEntries

        public void setReqEntries​(String reqEntries)
        The reqEntries attribute is the integer count of how many entries were returned by this search request.
        Parameters:
        reqEntries - maps to same name on 'auditSearch' object class

      • getReqAttr

        public String getReqAttr()
        The reqAttr attribute lists the requested attributes if specific attributes were requested.
        Returns:
        value maps to 'reqAttr' on 'auditSearch' object class.

      • setReqAttr

        public void setReqAttr​(String reqAttr)
        The reqAttr attribute lists the requested attributes if specific attributes were requested.
        Parameters:
        reqAttr - maps to same name on 'auditSearch' object class.

      • getReqAttrsOnly

        public String getReqAttrsOnly()
        The reqAttrsOnly attribute is a Boolean value showing TRUE if only attribute names were requested, or FALSE if attributes and their values were requested. For Fortress authorization requests this value will always be TRUE.
        Returns:
        value maps to 'reqAttrsOnly' on 'auditSearch' object class.

      • setReqAttrsOnly

        public void setReqAttrsOnly​(String reqAttrsOnly)
        The reqAttrsOnly attribute is a Boolean value showing TRUE if only attribute names were requested, or FALSE if attributes and their values were requested. For Fortress authorization requests this value will always be TRUE.
        Parameters:
        reqAttrsOnly - maps to same name on 'auditSearch' object class.

      • getReqFilter

        public String getReqFilter()
        The reqFilter attribute carries the filter used in the search request.

        For Fortress authorization events this will contain the following:

        • userId: User#userId
        • activated roles: UserRole#name
        • object name: Permission#objName
        • operation name: Permission#opName
        Returns:
        value that maps to 'reqFilter' attribute on 'auditSearch' object class.

      • setReqFilter

        public void setReqFilter​(String reqFilter)
        The reqFilter attribute carries the filter used in the search request.

        For Fortress authorization events this will contain the following:

        • userId: User#userId
        • activated roles: UserRole#name
        • object name: Permission#objName
        • operation name: Permission#opName
        Parameters:
        reqFilter - maps to same name on 'auditSearch' object class.

      • getReqScope

        public String getReqScope()
        The reqScope attribute contains the scope of the original search request, using the values specified for the LDAP URL format. I.e. base, one, sub, or subord.
        Returns:
        value that maps to 'reqScope' attribute on 'auditSearch' object class.

      • setReqScope

        public void setReqScope​(String reqScope)
        The reqScope attribute contains the scope of the original search request, using the values specified for the LDAP URL format. I.e. base, one, sub, or subord.
        Parameters:
        reqScope - maps to same name on 'auditSearch' object class.

      • getReqSizeLimit

        public String getReqSizeLimit()
        The reqSizeLimit attribute indicate what limits were requested on the search operation.
        Returns:
        value that maps to 'reqSizeLimit' attribute on 'auditSearch' object class.

      • setReqSizeLimit

        public void setReqSizeLimit​(String reqSizeLimit)
        The reqSizeLimit attribute indicate what limits were requested on the search operation.
        Parameters:
        reqSizeLimit - maps to same name on 'auditSearch' object class.

      • getReqTimeLimit

        public String getReqTimeLimit()
        The reqTimeLimit attribute indicate what limits were requested on the search operation.
        Returns:
        value that maps to 'reqTimeLimit' attribute on 'auditSearch' object class.

      • setReqTimeLimit

        public void setReqTimeLimit​(String reqTimeLimit)
        The reqTimeLimit attribute indicate what limits were requested on the search operation.
        Parameters:
        reqTimeLimit - maps to same name on 'auditSearch' object class.

      • getSubschemaSubentry

        public String getSubschemaSubentry()
        Return the subschemaSubentry attribute from the audit entry.
        Returns:
        value that maps to 'subschemaSubentry' on 'auditSearch' object class.

      • setSubschemaSubentry

        public void setSubschemaSubentry​(String subschemaSubentry)
        Set the subschemaSubentry attribute from the audit entry.
        Parameters:
        subschemaSubentry - maps to same name on 'auditSearch' object class.

      • getReqDerefAliases

        public String getReqDerefAliases()
        The reqDerefAliases attribute is on of never, finding, searching, or always, denoting how aliases will be processed during the search.
        Returns:
        value that maps to 'reqDerefAliases' on 'auditSearch' object class.

      • setReqDerefAliases

        public void setReqDerefAliases​(String reqDerefAliases)
        The reqDerefAliases attribute is on of never, finding, searching, or always, denoting how aliases will be processed during the search.
        Parameters:
        reqDerefAliases - maps to same name on 'auditSearch' object class.

      • getSequenceId

        public long getSequenceId()
        Sequence id is used internal to Fortress.
        Overrides:
        getSequenceId in class FortEntity
        Returns:
        long value contains sequence id.

      • setSequenceId

        public void setSequenceId​(long sequenceId)
        Sequence id is used internal to Fortress
        Overrides:
        setSequenceId in class FortEntity
        Parameters:
        sequenceId - contains sequence to use.