com.sun.jndi.ldap.ctl
Class GetEffectiveRightsControl

java.lang.Object
  extended by com.sun.jndi.ldap.BasicControl
      extended by com.sun.jndi.ldap.ctl.GetEffectiveRightsControl
All Implemented Interfaces:
java.io.Serializable, javax.naming.ldap.Control

public class GetEffectiveRightsControl
extends com.sun.jndi.ldap.BasicControl

This class implements the getEffectiveRights control to obtain the access control rights in effect for a given user. This control may be included in a LDAP search operation. In response to this control the server sends effective rights for the entries and the attributes returned in the search result response.

The JNDI context methods DirContext.getAttributes and DirContext.search can be used to retrieve the effective rights.

The object identifier for the GetEffectiveRights control is 1.3.6.1.4.1.42.2.27.9.5.2 and the control value consists of the authorization identity of the user for whom the effective rights are being requested and the additional attributes for which the user effective rights are to be known. The control's value has the following ASN.1 definition:


     GetRightsControl ::= SEQUENCE {
          authzId  = authzId ; as defined in RFC 2829
                          ; NULL or empty string means get bound user's rights.
                          ; "dn:" means get anonymous user's rights.
          attributes  SEQUENCE OF AttributeType
                          ; additional attribute type for which rights
                            information is requested.
                          ; NULL means just the ones returned with the
                            search operation.
     }

 
The following code sample shows how the control may be used:
     // create an initial context using the supplied environment properties
     LdapContext ctx = new InitialLdapContext(env, null);

     // Get the effective rights for authzId
     String dn = "dn:" + authzId;

    // create a GetEffectiveRights control to return effective
    // rights for authzId on the search result entries and attributes 
    Control[] reqControls = new Control[] {
               new GetEffectiveRightsControl(dn, null, true)
    };

    // activate the control
    ctx.setRequestControls(reqControls);

    // The effective rights are returned in the aclRights operational
    // attribute.
    String[] attrsToReturn = new String[] {"aclRights"};

    // Get the entry level effective rights for all the
    // entries in the search result
    NamingEnumeration results =
                        ctx.search(entryName, null, attrsToReturn);

    printEffectiveRights(results);


 

Author:
Vincent Ryan
See Also:
Serialized Form

Field Summary
static java.lang.String OID
          The GetEffectiveRights control's assigned object identifier is 1.3.6.1.4.1.42.2.27.9.5.2.
private static long serialVersionUID
           
 
Fields inherited from class com.sun.jndi.ldap.BasicControl
criticality, id, value
 
Fields inherited from interface javax.naming.ldap.Control
CRITICAL, NONCRITICAL
 
Constructor Summary
GetEffectiveRightsControl(java.lang.String authzId, java.lang.String[] attributes, boolean criticality)
          Constructs a control to request the rights which are in effect for the given user.
 
Method Summary
private static byte[] setEncodedValue(java.lang.String authzId, java.lang.String[] attrs)
           
 
Methods inherited from class com.sun.jndi.ldap.BasicControl
getEncodedValue, getID, isCritical
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

OID

public static final java.lang.String OID
The GetEffectiveRights control's assigned object identifier is 1.3.6.1.4.1.42.2.27.9.5.2.

See Also:
Constant Field Values

serialVersionUID

private static final long serialVersionUID
See Also:
Constant Field Values
Constructor Detail

GetEffectiveRightsControl

public GetEffectiveRightsControl(java.lang.String authzId,
                                 java.lang.String[] attributes,
                                 boolean criticality)
                          throws java.io.IOException
Constructs a control to request the rights which are in effect for the given user.

Parameters:
authzId - The authorization identity.
attributes - Additional attributes for which rights information is requested.
criticality - The control's criticality setting.
Throws:
java.io.IOException - If a BER encoding error occurs.
Method Detail

setEncodedValue

private static byte[] setEncodedValue(java.lang.String authzId,
                                      java.lang.String[] attrs)
                               throws java.io.IOException
Throws:
java.io.IOException