org.apache.directory.api.ldap.model.filter.OrNode Java Examples

The following examples show how to use org.apache.directory.api.ldap.model.filter.OrNode. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: SearchRequestTest.java    From directory-ldap-api with Apache License 2.0 6 votes vote down vote up
/**
 * Test parsing of a request with an Or Filter
 */
@Test
public void testRequestWithOrFilter()
{
    Dsmlv2Parser parser = null;
    try
    {
        parser = newParser();

        parser
            .setInput( SearchRequestTest.class.getResource( "filters/request_with_or.xml" ).openStream(), "UTF-8" );

        parser.parse();
    }
    catch ( Exception e )
    {
        fail( e.getMessage() );
    }

    SearchRequest searchRequest = ( SearchRequest ) parser.getBatchRequest().getCurrentRequest();

    ExprNode filter = searchRequest.getFilter();

    assertTrue( filter instanceof OrNode );
}
 
Example #2
Source File: NormalizationInterceptor.java    From syncope with Apache License 2.0 6 votes vote down vote up
/**
 * Remove the (ObjectClass=*) node from an OrNode, if we have one.
 */
private ExprNode handleOrNode( ExprNode node )
{
    OrNode newOrNode = new OrNode();

    for ( ExprNode child : ( ( BranchNode ) node ).getChildren() )
    {
        ExprNode modifiedNode = removeObjectClass( child );

        if ( modifiedNode instanceof ObjectClassNode )
        {
            // We can return immediately with an ObjectClass node
            return ObjectClassNode.OBJECT_CLASS_NODE;
        }
        
        newOrNode.addNode( modifiedNode );
    }

    return newOrNode;
}
 
Example #3
Source File: ObjectQueryService.java    From guacamole-client with Apache License 2.0 5 votes vote down vote up
/**
 * Generates a properly-escaped LDAP query which finds all objects which
 * match the given LDAP filter and which have at least one of the given
 * attributes set to the specified value.
 *
 * @param filter
 *     The LDAP filter to apply to reduce the results of the query in
 *     addition to testing the values of the given attributes.
 *
 * @param attributes
 *     A collection of all attributes to test for equivalence to the given
 *     value, in order of decreasing priority.
 *
 * @param attributeValue
 *     The value that the resulting LDAP query should search for within the
 *     attributes of objects within the LDAP directory. If null, the
 *     resulting LDAP query will search for the presence of at least one of
 *     the given attributes on each object, regardless of the value of
 *     those attributes.
 *
 * @return
 *     An LDAP query which will search for arbitrary LDAP objects having at
 *     least one of the given attributes set to the specified value.
 */
public ExprNode generateQuery(ExprNode filter,
        Collection<String> attributes, String attributeValue) {

    // Build LDAP query for objects having at least one attribute and with
    // the given search filter
    AndNode searchFilter = new AndNode();
    searchFilter.addNode(filter);

    // If no attributes provided, we're done.
    if (attributes.size() < 1)
        return searchFilter;

    // Include all attributes within OR clause
    OrNode attributeFilter = new OrNode();

    // If value is defined, check each attribute for that value.
    if (attributeValue != null) {
        attributes.forEach(attribute ->
            attributeFilter.addNode(new EqualityNode(attribute,
                    attributeValue))
        );
    }
    
    // If no value is defined, just check for presence of attribute.
    else {
        attributes.forEach(attribute ->
            attributeFilter.addNode(new PresenceNode(attribute))
        );            
    }

    searchFilter.addNode(attributeFilter);

    logger.trace("Sending LDAP filter: \"{}\"", searchFilter.toString());
    
    return searchFilter;

}
 
Example #4
Source File: ConnectionService.java    From guacamole-client with Apache License 2.0 5 votes vote down vote up
/**
 * Returns an LDAP search filter which queries all connections accessible
 * by the user having the given DN.
 *
 * @param userDN
 *     DN of the user to search for associated guacConfigGroup connections.
 *
 * @param ldapConnection
 *     LDAP connection to use if additional information must be queried to
 *     produce the filter, such as groups driving RBAC.
 *
 * @return
 *     An LDAP search filter which queries all guacConfigGroup objects
 *     accessible by the user having the given DN.
 *
 * @throws LdapException
 *     If an error occurs preventing retrieval of user groups.
 *
 * @throws GuacamoleException
 *     If an error occurs retrieving the group base DN.
 */
private ExprNode getConnectionSearchFilter(Dn userDN,
        LdapNetworkConnection ldapConnection)
        throws LdapException, GuacamoleException {

    AndNode searchFilter = new AndNode();

    // Add the prefix to the search filter, prefix filter searches for guacConfigGroups with the userDN as the member attribute value
    searchFilter.addNode(new EqualityNode("objectClass","guacConfigGroup"));
    
    // Apply group filters
    OrNode groupFilter = new OrNode();
    groupFilter.addNode(new EqualityNode(confService.getMemberAttribute(),
        userDN.toString()));

    // Additionally filter by group membership if the current user is a
    // member of any user groups
    List<Entry> userGroups = userGroupService.getParentUserGroupEntries(ldapConnection, userDN);
    if (!userGroups.isEmpty()) {
        userGroups.forEach(entry ->
            groupFilter.addNode(new EqualityNode("seeAlso",entry.getDn().toString()))
        );
    }

    // Complete the search filter.
    searchFilter.addNode(groupFilter);

    return searchFilter;
}
 
Example #5
Source File: ObjectQueryService.java    From guacamole-client with Apache License 2.0 5 votes vote down vote up
/**
 * Generates a properly-escaped LDAP query which finds all objects which
 * match the given LDAP filter and which have at least one of the given
 * attributes set to the specified value.
 *
 * @param filter
 *     The LDAP filter to apply to reduce the results of the query in
 *     addition to testing the values of the given attributes.
 *
 * @param attributes
 *     A collection of all attributes to test for equivalence to the given
 *     value, in order of decreasing priority.
 *
 * @param attributeValue
 *     The value that the resulting LDAP query should search for within the
 *     attributes of objects within the LDAP directory. If null, the
 *     resulting LDAP query will search for the presence of at least one of
 *     the given attributes on each object, regardless of the value of
 *     those attributes.
 *
 * @return
 *     An LDAP query which will search for arbitrary LDAP objects having at
 *     least one of the given attributes set to the specified value.
 */
public ExprNode generateQuery(ExprNode filter,
        Collection<String> attributes, String attributeValue) {

    // Build LDAP query for objects having at least one attribute and with
    // the given search filter
    AndNode searchFilter = new AndNode();
    searchFilter.addNode(filter);

    // If no attributes provided, we're done.
    if (attributes.size() < 1)
        return searchFilter;

    // Include all attributes within OR clause
    OrNode attributeFilter = new OrNode();

    // If value is defined, check each attribute for that value.
    if (attributeValue != null) {
        attributes.forEach(attribute ->
            attributeFilter.addNode(new EqualityNode(attribute,
                    attributeValue))
        );
    }
    
    // If no value is defined, just check for presence of attribute.
    else {
        attributes.forEach(attribute ->
            attributeFilter.addNode(new PresenceNode(attribute))
        );            
    }

    searchFilter.addNode(attributeFilter);

    logger.trace("Sending LDAP filter: \"{}\"", searchFilter.toString());
    
    return searchFilter;

}
 
Example #6
Source File: ConnectionService.java    From guacamole-client with Apache License 2.0 5 votes vote down vote up
/**
 * Returns an LDAP search filter which queries all connections accessible
 * by the user having the given DN.
 *
 * @param userDN
 *     DN of the user to search for associated guacConfigGroup connections.
 *
 * @param ldapConnection
 *     LDAP connection to use if additional information must be queried to
 *     produce the filter, such as groups driving RBAC.
 *
 * @return
 *     An LDAP search filter which queries all guacConfigGroup objects
 *     accessible by the user having the given DN.
 *
 * @throws LdapException
 *     If an error occurs preventing retrieval of user groups.
 *
 * @throws GuacamoleException
 *     If an error occurs retrieving the group base DN.
 */
private ExprNode getConnectionSearchFilter(Dn userDN,
        LdapNetworkConnection ldapConnection)
        throws LdapException, GuacamoleException {

    AndNode searchFilter = new AndNode();

    // Add the prefix to the search filter, prefix filter searches for guacConfigGroups with the userDN as the member attribute value
    searchFilter.addNode(new EqualityNode("objectClass","guacConfigGroup"));
    
    // Apply group filters
    OrNode groupFilter = new OrNode();
    groupFilter.addNode(new EqualityNode(confService.getMemberAttribute(),
        userDN.toString()));

    // Additionally filter by group membership if the current user is a
    // member of any user groups
    List<Entry> userGroups = userGroupService.getParentUserGroupEntries(ldapConnection, userDN);
    if (!userGroups.isEmpty()) {
        userGroups.forEach(entry ->
            groupFilter.addNode(new EqualityNode("seeAlso",entry.getDn().toString()))
        );
    }

    // Complete the search filter.
    searchFilter.addNode(groupFilter);

    return searchFilter;
}
 
Example #7
Source File: SearchRequestFactory.java    From directory-ldap-api with Apache License 2.0 4 votes vote down vote up
/**
 * Encode a Search Filter
 *
 * @param buffer The buffer where to put the PDU
 * @param node The top filter
 */
private void encodeFilter( Asn1Buffer buffer, ExprNode node )
{
    switch ( node.getClass().getSimpleName() )
    {
        case "AndNode" :
            encodeFilter( buffer, ( AndNode ) node, ( byte ) LdapCodecConstants.AND_FILTER_TAG );
            break;

        case "ApproximateNode" :
            encodeFilter( buffer, ( ApproximateNode<?> ) node, ( byte ) LdapCodecConstants.APPROX_MATCH_FILTER_TAG );
            break;

        case "EqualityNode" :
            encodeFilter( buffer, ( EqualityNode<?> ) node, ( byte ) LdapCodecConstants.EQUALITY_MATCH_FILTER_TAG );
            break;

        case "ExtensibleNode" :
            encodeFilter( buffer, ( ExtensibleNode ) node );
            break;

        case "GreaterEqNode" :
            encodeFilter( buffer, ( GreaterEqNode<?> ) node, ( byte ) LdapCodecConstants.GREATER_OR_EQUAL_FILTER_TAG );
            break;

        case "LessEqNode" :
            encodeFilter( buffer, ( LessEqNode<?> ) node, ( byte ) LdapCodecConstants.LESS_OR_EQUAL_FILTER_TAG );
            break;

        case "NotNode" :
            encodeFilter( buffer, ( NotNode ) node, ( byte ) LdapCodecConstants.NOT_FILTER_TAG );
            break;

        case "OrNode" :
            encodeFilter( buffer, ( OrNode ) node, ( byte ) LdapCodecConstants.OR_FILTER_TAG );
            break;

        case "PresenceNode" :
            encodeFilter( buffer, ( PresenceNode ) node );
            break;

        case "SubstringNode" :
            encodeFilter( buffer, ( SubstringNode ) node );
            break;

        default:
            break;
    }
}
 
Example #8
Source File: SearchRequestHandler.java    From MyVirtualDirectory with Apache License 2.0 4 votes vote down vote up
/**
 * Alters the filter expression based on the presence of the
 * ManageDsaIT decorator.  If the decorator is not present, the search
 * filter will be altered to become a disjunction with two terms.
 * The first term is the original filter.  The second term is a
 * (objectClass=referral) assertion.  When OR'd together these will
 * make sure we get all referrals so we can process continuations
 * properly without having the filter remove them from the result
 * set.
 *
 * NOTE: original filter is first since most entries are not referrals
 * so it has a higher probability on average of accepting and shorting
 * evaluation before having to waste cycles trying to evaluate if the
 * entry is a referral.
 *
 * @param session the session to use to construct the filter (schema access)
 * @param req the request to get the original filter from
 * @throws Exception if there are schema access problems
 */
private void modifyFilter( LdapSession session, SearchRequest req ) throws Exception
{
    if ( req.hasControl( ManageDsaIT.OID ) )
    {
        return;
    }

    /*
     * Most of the time the search filter is just (objectClass=*) and if
     * this is the case then there's no reason at all to OR this with an
     * (objectClass=referral).  If we detect this case then we leave it
     * as is to represent the OR condition:
     *
     *  (| (objectClass=referral)(objectClass=*)) == (objectClass=*)
     */
    if ( req.getFilter() instanceof PresenceNode )
    {
        PresenceNode presenceNode = ( PresenceNode ) req.getFilter();

        if ( presenceNode.isSchemaAware() )
        {
            AttributeType attributeType = presenceNode.getAttributeType();

            if ( attributeType.equals( OBJECT_CLASS_AT ) )
            {
                return;
            }
        }
        else
        {
            String attribute = presenceNode.getAttribute();

            if ( attribute.equalsIgnoreCase( SchemaConstants.OBJECT_CLASS_AT )
                || attribute.equalsIgnoreCase( SchemaConstants.OBJECT_CLASS_AT_OID ) )
            {
                return;
            }
        }
    }

    /*
     * Do not add the OR'd (objectClass=referral) expression if the user
     * searches for the subSchemaSubEntry as the SchemaIntercepter can't
     * handle an OR'd filter.
     */
    if ( isSubSchemaSubEntrySearch( session, req ) )
    {
        return;
    }

    // using varags to add two expressions to an OR node
    req.setFilter( new OrNode( req.getFilter(), newIsReferralEqualityNode( session ) ) );
}
 
Example #9
Source File: SearchRequestHandler.java    From MyVirtualDirectory with Apache License 2.0 4 votes vote down vote up
/**
 * Alters the filter expression based on the presence of the
 * ManageDsaIT decorator.  If the decorator is not present, the search
 * filter will be altered to become a disjunction with two terms.
 * The first term is the original filter.  The second term is a
 * (objectClass=referral) assertion.  When OR'd together these will
 * make sure we get all referrals so we can process continuations
 * properly without having the filter remove them from the result
 * set.
 *
 * NOTE: original filter is first since most entries are not referrals
 * so it has a higher probability on average of accepting and shorting
 * evaluation before having to waste cycles trying to evaluate if the
 * entry is a referral.
 *
 * @param session the session to use to construct the filter (schema access)
 * @param req the request to get the original filter from
 * @throws Exception if there are schema access problems
 */
private void modifyFilter( LdapSession session, SearchRequest req ) throws Exception
{
    if ( req.hasControl( ManageDsaIT.OID ) )
    {
        return;
    }

    /*
     * Most of the time the search filter is just (objectClass=*) and if
     * this is the case then there's no reason at all to OR this with an
     * (objectClass=referral).  If we detect this case then we leave it
     * as is to represent the OR condition:
     *
     *  (| (objectClass=referral)(objectClass=*)) == (objectClass=*)
     */
    if ( req.getFilter() instanceof PresenceNode )
    {
        PresenceNode presenceNode = ( PresenceNode ) req.getFilter();

        if ( presenceNode.isSchemaAware() )
        {
            AttributeType attributeType = presenceNode.getAttributeType();

            if ( attributeType.equals( OBJECT_CLASS_AT ) )
            {
                return;
            }
        }
        else
        {
            String attribute = presenceNode.getAttribute();

            if ( attribute.equalsIgnoreCase( SchemaConstants.OBJECT_CLASS_AT )
                || attribute.equalsIgnoreCase( SchemaConstants.OBJECT_CLASS_AT_OID ) )
            {
                return;
            }
        }
    }

    /*
     * Do not add the OR'd (objectClass=referral) expression if the user
     * searches for the subSchemaSubEntry as the SchemaIntercepter can't
     * handle an OR'd filter.
     */
    if ( isSubSchemaSubEntrySearch( session, req ) )
    {
        return;
    }

    // using varags to add two expressions to an OR node
    req.setFilter( new OrNode( req.getFilter(), newIsReferralEqualityNode( session ) ) );
}
 
Example #10
Source File: NormalizationInterceptor.java    From syncope with Apache License 2.0 4 votes vote down vote up
/**
 * Remove the (ObjectClass=*) and ( ObjectClass=top) nodes from the filter, if we have one.
 */
private ExprNode removeObjectClass( ExprNode node )
{
    if ( node instanceof LeafNode )
    {
        LeafNode leafNode = ( LeafNode ) node;

        if ( leafNode.getAttributeType() == directoryService.getAtProvider().getObjectClass() )
        {
            if ( leafNode instanceof PresenceNode )
            {
                // We can safely remove the node and return an undefined node
                return ObjectClassNode.OBJECT_CLASS_NODE;
            }
            else if ( leafNode instanceof EqualityNode )
            {
                Value value = ( ( EqualityNode<String> ) leafNode ).getValue();

                if ( value.equals( SchemaConstants.TOP_OC ) )
                {
                    // Here too we can safely remove the node and return an undefined node
                    return ObjectClassNode.OBJECT_CLASS_NODE;
                }
            }
        }
    }

    // --------------------------------------------------------------------
    //                 H A N D L E   B R A N C H   N O D E S
    // --------------------------------------------------------------------

    if ( node instanceof AndNode )
    {
        return handleAndNode( node );
    }
    else if ( node instanceof OrNode )
    {
        return handleOrNode( node );
    }
    else if ( node instanceof NotNode )
    {
        return handleNotNode( node );
    }
    else
    {
        // Failover : we return the initial node as is
        return node;
    }
}