Source code

001/*
002 * CDDL HEADER START
003 *
004 * The contents of this file are subject to the terms of the
005 * Common Development and Distribution License, Version 1.0 only
006 * (the "License").  You may not use this file except in compliance
007 * with the License.
008 *
009 * You can obtain a copy of the license at legal-notices/CDDLv1_0.txt
010 * or http://forgerock.org/license/CDDLv1.0.html.
011 * See the License for the specific language governing permissions
012 * and limitations under the License.
013 *
014 * When distributing Covered Code, include this CDDL HEADER in each
015 * file and include the License file at legal-notices/CDDLv1_0.txt.
016 * If applicable, add the following below this CDDL HEADER, with the
017 * fields enclosed by brackets "[]" replaced with your own identifying
018 * information:
019 *      Portions Copyright [yyyy] [name of copyright owner]
020 *
021 * CDDL HEADER END
022 *
023 *
024 *      Copyright 2008 Sun Microsystems, Inc.
025 */
026package org.forgerock.opendj.server.config.meta;
027
028
029
030import java.util.Collection;
031import java.util.SortedSet;
032import org.forgerock.opendj.config.AdministratorAction;
033import org.forgerock.opendj.config.client.ConcurrentModificationException;
034import org.forgerock.opendj.config.client.IllegalManagedObjectNameException;
035import org.forgerock.opendj.config.client.ManagedObject;
036import org.forgerock.opendj.config.client.ManagedObjectDecodingException;
037import org.forgerock.opendj.config.client.MissingMandatoryPropertiesException;
038import org.forgerock.opendj.config.client.OperationRejectedException;
039import org.forgerock.opendj.config.DefaultBehaviorProvider;
040import org.forgerock.opendj.config.DefinedDefaultBehaviorProvider;
041import org.forgerock.opendj.config.DefinitionDecodingException;
042import org.forgerock.opendj.config.EnumPropertyDefinition;
043import org.forgerock.opendj.config.InstantiableRelationDefinition;
044import org.forgerock.opendj.config.ManagedObjectAlreadyExistsException;
045import org.forgerock.opendj.config.ManagedObjectDefinition;
046import org.forgerock.opendj.config.ManagedObjectNotFoundException;
047import org.forgerock.opendj.config.PropertyException;
048import org.forgerock.opendj.config.PropertyOption;
049import org.forgerock.opendj.config.PropertyProvider;
050import org.forgerock.opendj.config.RelationOption;
051import org.forgerock.opendj.config.server.ConfigException;
052import org.forgerock.opendj.config.server.ConfigurationAddListener;
053import org.forgerock.opendj.config.server.ConfigurationChangeListener;
054import org.forgerock.opendj.config.server.ConfigurationDeleteListener;
055import org.forgerock.opendj.config.server.ServerManagedObject;
056import org.forgerock.opendj.config.Tag;
057import org.forgerock.opendj.config.TopCfgDefn;
058import org.forgerock.opendj.ldap.DN;
059import org.forgerock.opendj.ldap.LdapException;
060import org.forgerock.opendj.server.config.client.RootDNCfgClient;
061import org.forgerock.opendj.server.config.client.RootDNUserCfgClient;
062import org.forgerock.opendj.server.config.server.RootDNCfg;
063import org.forgerock.opendj.server.config.server.RootDNUserCfg;
064
065
066
067/**
068 * An interface for querying the Root DN managed object definition
069 * meta information.
070 * <p>
071 * The Root DN configuration contains all the Root DN Users defined in
072 * the directory server. In addition, it also defines the default set
073 * of privileges that Root DN Users automatically inherit.
074 */
075public final class RootDNCfgDefn extends ManagedObjectDefinition<RootDNCfgClient, RootDNCfg> {
076
077  /** The singleton configuration definition instance. */
078  private static final RootDNCfgDefn INSTANCE = new RootDNCfgDefn();
079
080
081
082  /**
083   * Defines the set of permissable values for the "default-root-privilege-name" property.
084   * <p>
085   * Specifies the names of the privileges that root users will be
086   * granted by default.
087   */
088  public static enum DefaultRootPrivilegeName {
089
090    /**
091     * Allows the user to request that the server process backup
092     * tasks.
093     */
094    BACKEND_BACKUP("backend-backup"),
095
096
097
098    /**
099     * Allows the user to request that the server process restore
100     * tasks.
101     */
102    BACKEND_RESTORE("backend-restore"),
103
104
105
106    /**
107     * Allows the associated user to bypass access control checks
108     * performed by the server.
109     */
110    BYPASS_ACL("bypass-acl"),
111
112
113
114    /**
115     * Allows the associated user to bypass server lockdown mode.
116     */
117    BYPASS_LOCKDOWN("bypass-lockdown"),
118
119
120
121    /**
122     * Allows the user to cancel operations in progress on other
123     * client connections.
124     */
125    CANCEL_REQUEST("cancel-request"),
126
127
128
129    /**
130     * Allows the user to perform read operations on the changelog
131     */
132    CHANGELOG_READ("changelog-read"),
133
134
135
136    /**
137     * Allows the associated user to read the server configuration.
138     */
139    CONFIG_READ("config-read"),
140
141
142
143    /**
144     * Allows the associated user to update the server configuration.
145     * The config-read privilege is also required.
146     */
147    CONFIG_WRITE("config-write"),
148
149
150
151    /**
152     * Allows the user to participate in data synchronization.
153     */
154    DATA_SYNC("data-sync"),
155
156
157
158    /**
159     * Allows the user to terminate other client connections.
160     */
161    DISCONNECT_CLIENT("disconnect-client"),
162
163
164
165    /**
166     * Allows the associated user to subscribe to receive JMX
167     * notifications.
168     */
169    JMX_NOTIFY("jmx-notify"),
170
171
172
173    /**
174     * Allows the associated user to perform JMX read operations.
175     */
176    JMX_READ("jmx-read"),
177
178
179
180    /**
181     * Allows the associated user to perform JMX write operations.
182     */
183    JMX_WRITE("jmx-write"),
184
185
186
187    /**
188     * Allows the user to request that the server process LDIF export
189     * tasks.
190     */
191    LDIF_EXPORT("ldif-export"),
192
193
194
195    /**
196     * Allows the user to request that the server process LDIF import
197     * tasks.
198     */
199    LDIF_IMPORT("ldif-import"),
200
201
202
203    /**
204     * Allows the associated user to modify the server's access
205     * control configuration.
206     */
207    MODIFY_ACL("modify-acl"),
208
209
210
211    /**
212     * Allows the user to reset user passwords.
213     */
214    PASSWORD_RESET("password-reset"),
215
216
217
218    /**
219     * Allows the user to make changes to the set of defined root
220     * privileges, as well as to grant and revoke privileges for users.
221     */
222    PRIVILEGE_CHANGE("privilege-change"),
223
224
225
226    /**
227     * Allows the user to use the proxied authorization control, or to
228     * perform a bind that specifies an alternate authorization
229     * identity.
230     */
231    PROXIED_AUTH("proxied-auth"),
232
233
234
235    /**
236     * Allows the user to place and bring the server of lockdown mode.
237     */
238    SERVER_LOCKDOWN("server-lockdown"),
239
240
241
242    /**
243     * Allows the user to request that the server perform an in-core
244     * restart.
245     */
246    SERVER_RESTART("server-restart"),
247
248
249
250    /**
251     * Allows the user to request that the server shut down.
252     */
253    SERVER_SHUTDOWN("server-shutdown"),
254
255
256
257    /**
258     * Allows the associated user to perform LDAP subentry write
259     * operations.
260     */
261    SUBENTRY_WRITE("subentry-write"),
262
263
264
265    /**
266     * Allows the user to request that the server process a search
267     * that cannot be optimized using server indexes.
268     */
269    UNINDEXED_SEARCH("unindexed-search"),
270
271
272
273    /**
274     * Allows the user to make changes to the server schema.
275     */
276    UPDATE_SCHEMA("update-schema");
277
278
279
280    /** String representation of the value. */
281    private final String name;
282
283
284
285    /** Private constructor. */
286    private DefaultRootPrivilegeName(String name) { this.name = name; }
287
288
289
290    /** {@inheritDoc} */
291    public String toString() { return name; }
292
293  }
294
295
296
297  /** The "default-root-privilege-name" property definition. */
298  private static final EnumPropertyDefinition<DefaultRootPrivilegeName> PD_DEFAULT_ROOT_PRIVILEGE_NAME;
299
300
301
302  /** The "root-dn-users" relation definition. */
303  private static final InstantiableRelationDefinition<RootDNUserCfgClient, RootDNUserCfg> RD_ROOT_DN_USERS;
304
305
306
307  /** Build the "default-root-privilege-name" property definition. */
308  static {
309      EnumPropertyDefinition.Builder<DefaultRootPrivilegeName> builder = EnumPropertyDefinition.createBuilder(INSTANCE, "default-root-privilege-name");
310      builder.setOption(PropertyOption.MULTI_VALUED);
311      builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "default-root-privilege-name"));
312      DefaultBehaviorProvider<DefaultRootPrivilegeName> provider = new DefinedDefaultBehaviorProvider<DefaultRootPrivilegeName>("bypass-lockdown", "bypass-acl", "modify-acl", "config-read", "config-write", "ldif-import", "ldif-export", "backend-backup", "backend-restore", "server-lockdown", "server-shutdown", "server-restart", "disconnect-client", "cancel-request", "password-reset", "update-schema", "privilege-change", "unindexed-search", "subentry-write", "changelog-read");
313      builder.setDefaultBehaviorProvider(provider);
314      builder.setEnumClass(DefaultRootPrivilegeName.class);
315      PD_DEFAULT_ROOT_PRIVILEGE_NAME = builder.getInstance();
316      INSTANCE.registerPropertyDefinition(PD_DEFAULT_ROOT_PRIVILEGE_NAME);
317  }
318
319
320
321  // Build the "root-dn-users" relation definition.
322  static {
323    InstantiableRelationDefinition.Builder<RootDNUserCfgClient, RootDNUserCfg> builder =
324      new InstantiableRelationDefinition.Builder<RootDNUserCfgClient, RootDNUserCfg>(INSTANCE, "root-dn-user", "root-dn-users", RootDNUserCfgDefn.getInstance());
325    builder.setOption(RelationOption.HIDDEN);
326    RD_ROOT_DN_USERS = builder.getInstance();
327    INSTANCE.registerRelationDefinition(RD_ROOT_DN_USERS);
328  }
329
330
331
332  // Register the tags associated with this managed object definition.
333  static {
334    INSTANCE.registerTag(Tag.valueOf("core-server"));
335  }
336
337
338
339  /**
340   * Get the Root DN configuration definition singleton.
341   *
342   * @return Returns the Root DN configuration definition singleton.
343   */
344  public static RootDNCfgDefn getInstance() {
345    return INSTANCE;
346  }
347
348
349
350  /**
351   * Private constructor.
352   */
353  private RootDNCfgDefn() {
354    super("root-dn", TopCfgDefn.getInstance());
355  }
356
357
358
359  /** {@inheritDoc} */
360  public RootDNCfgClient createClientConfiguration(
361      ManagedObject<? extends RootDNCfgClient> impl) {
362    return new RootDNCfgClientImpl(impl);
363  }
364
365
366
367  /** {@inheritDoc} */
368  public RootDNCfg createServerConfiguration(
369      ServerManagedObject<? extends RootDNCfg> impl) {
370    return new RootDNCfgServerImpl(impl);
371  }
372
373
374
375  /** {@inheritDoc} */
376  public Class<RootDNCfg> getServerConfigurationClass() {
377    return RootDNCfg.class;
378  }
379
380
381
382  /**
383   * Get the "default-root-privilege-name" property definition.
384   * <p>
385   * Specifies the names of the privileges that root users will be
386   * granted by default.
387   *
388   * @return Returns the "default-root-privilege-name" property definition.
389   */
390  public EnumPropertyDefinition<DefaultRootPrivilegeName> getDefaultRootPrivilegeNamePropertyDefinition() {
391    return PD_DEFAULT_ROOT_PRIVILEGE_NAME;
392  }
393
394
395
396  /**
397   * Get the "root-dn-users" relation definition.
398   *
399   * @return Returns the "root-dn-users" relation definition.
400   */
401  public InstantiableRelationDefinition<RootDNUserCfgClient,RootDNUserCfg> getRootDNUsersRelationDefinition() {
402    return RD_ROOT_DN_USERS;
403  }
404
405
406
407  /**
408   * Managed object client implementation.
409   */
410  private static class RootDNCfgClientImpl implements
411    RootDNCfgClient {
412
413    /** Private implementation. */
414    private ManagedObject<? extends RootDNCfgClient> impl;
415
416
417
418    /** Private constructor. */
419    private RootDNCfgClientImpl(
420        ManagedObject<? extends RootDNCfgClient> impl) {
421      this.impl = impl;
422    }
423
424
425
426    /** {@inheritDoc} */
427    public SortedSet<DefaultRootPrivilegeName> getDefaultRootPrivilegeName() {
428      return impl.getPropertyValues(INSTANCE.getDefaultRootPrivilegeNamePropertyDefinition());
429    }
430
431
432
433    /** {@inheritDoc} */
434    public void setDefaultRootPrivilegeName(Collection<DefaultRootPrivilegeName> values) {
435      impl.setPropertyValues(INSTANCE.getDefaultRootPrivilegeNamePropertyDefinition(), values);
436    }
437
438
439
440    /** {@inheritDoc} */
441    public String[] listRootDNUsers() throws ConcurrentModificationException,
442        LdapException {
443      return impl.listChildren(INSTANCE.getRootDNUsersRelationDefinition());
444    }
445
446
447
448    /** {@inheritDoc} */
449    public RootDNUserCfgClient getRootDNUser(String name)
450        throws DefinitionDecodingException, ManagedObjectDecodingException,
451        ManagedObjectNotFoundException, ConcurrentModificationException,
452        LdapException {
453      return impl.getChild(INSTANCE.getRootDNUsersRelationDefinition(), name).getConfiguration();
454    }
455
456
457
458    /** {@inheritDoc} */
459    public <M extends RootDNUserCfgClient> M createRootDNUser(
460        ManagedObjectDefinition<M, ? extends RootDNUserCfg> d, String name, Collection<PropertyException> exceptions) throws IllegalManagedObjectNameException {
461      return impl.createChild(INSTANCE.getRootDNUsersRelationDefinition(), d, name, exceptions).getConfiguration();
462    }
463
464
465
466    /** {@inheritDoc} */
467    public void removeRootDNUser(String name)
468        throws ManagedObjectNotFoundException, ConcurrentModificationException,
469        OperationRejectedException, LdapException {
470      impl.removeChild(INSTANCE.getRootDNUsersRelationDefinition(), name);
471    }
472
473
474
475    /** {@inheritDoc} */
476    public ManagedObjectDefinition<? extends RootDNCfgClient, ? extends RootDNCfg> definition() {
477      return INSTANCE;
478    }
479
480
481
482    /** {@inheritDoc} */
483    public PropertyProvider properties() {
484      return impl;
485    }
486
487
488
489    /** {@inheritDoc} */
490    public void commit() throws ManagedObjectAlreadyExistsException,
491        MissingMandatoryPropertiesException, ConcurrentModificationException,
492        OperationRejectedException, LdapException {
493      impl.commit();
494    }
495
496
497
498    /** {@inheritDoc} */
499    public String toString() {
500      return impl.toString();
501    }
502  }
503
504
505
506  /**
507   * Managed object server implementation.
508   */
509  private static class RootDNCfgServerImpl implements
510    RootDNCfg {
511
512    /** Private implementation. */
513    private ServerManagedObject<? extends RootDNCfg> impl;
514
515    /** The value of the "default-root-privilege-name" property. */
516    private final SortedSet<DefaultRootPrivilegeName> pDefaultRootPrivilegeName;
517
518
519
520    /** Private constructor. */
521    private RootDNCfgServerImpl(ServerManagedObject<? extends RootDNCfg> impl) {
522      this.impl = impl;
523      this.pDefaultRootPrivilegeName = impl.getPropertyValues(INSTANCE.getDefaultRootPrivilegeNamePropertyDefinition());
524    }
525
526
527
528    /** {@inheritDoc} */
529    public void addChangeListener(
530        ConfigurationChangeListener<RootDNCfg> listener) {
531      impl.registerChangeListener(listener);
532    }
533
534
535
536    /** {@inheritDoc} */
537    public void removeChangeListener(
538        ConfigurationChangeListener<RootDNCfg> listener) {
539      impl.deregisterChangeListener(listener);
540    }
541
542
543
544    /** {@inheritDoc} */
545    public SortedSet<DefaultRootPrivilegeName> getDefaultRootPrivilegeName() {
546      return pDefaultRootPrivilegeName;
547    }
548
549
550
551    /** {@inheritDoc} */
552    public String[] listRootDNUsers() {
553      return impl.listChildren(INSTANCE.getRootDNUsersRelationDefinition());
554    }
555
556
557
558    /** {@inheritDoc} */
559    public RootDNUserCfg getRootDNUser(String name) throws ConfigException {
560      return impl.getChild(INSTANCE.getRootDNUsersRelationDefinition(), name).getConfiguration();
561    }
562
563
564
565    /** {@inheritDoc} */
566    public void addRootDNUserAddListener(
567        ConfigurationAddListener<RootDNUserCfg> listener) throws ConfigException {
568      impl.registerAddListener(INSTANCE.getRootDNUsersRelationDefinition(), listener);
569    }
570
571
572
573    /** {@inheritDoc} */
574    public void removeRootDNUserAddListener(
575        ConfigurationAddListener<RootDNUserCfg> listener) {
576      impl.deregisterAddListener(INSTANCE.getRootDNUsersRelationDefinition(), listener);
577    }
578
579
580
581    /** {@inheritDoc} */
582    public void addRootDNUserDeleteListener(
583        ConfigurationDeleteListener<RootDNUserCfg> listener) throws ConfigException {
584      impl.registerDeleteListener(INSTANCE.getRootDNUsersRelationDefinition(), listener);
585    }
586
587
588
589    /** {@inheritDoc} */
590    public void removeRootDNUserDeleteListener(
591        ConfigurationDeleteListener<RootDNUserCfg> listener) {
592      impl.deregisterDeleteListener(INSTANCE.getRootDNUsersRelationDefinition(), listener);
593    }
594
595
596
597    /** {@inheritDoc} */
598    public Class<? extends RootDNCfg> configurationClass() {
599      return RootDNCfg.class;
600    }
601
602
603
604    /** {@inheritDoc} */
605    public DN dn() {
606      return impl.getDN();
607    }
608
609
610
611    /** {@inheritDoc} */
612    public String toString() {
613      return impl.toString();
614    }
615  }
616}