org.apache.directory.api.ldap.model.filter.PresenceNode Java Examples

/**
 * Test parsing of a request with an Present Filter
 */
@Test
public void testRequestWithPresentFilter()
{
    Dsmlv2Parser parser = null;
    try
    {
        parser = newParser();

        parser.setInput( SearchRequestTest.class.getResource( "filters/request_with_present.xml" ).openStream(),
            "UTF-8" );

        parser.parse();
    }
    catch ( Exception e )
    {
        fail( e.getMessage() );
    }

    SearchRequest searchRequest = ( SearchRequest ) parser.getBatchRequest().getCurrentRequest();

    ExprNode filter = searchRequest.getFilter();

    assertTrue( filter instanceof PresenceNode );

    PresenceNode presentFilter = ( PresenceNode ) filter;

    assertEquals( "givenName", presentFilter.getAttribute() );
}
 

public EntryFilteringCursor list( Dn dn, AliasDerefMode aliasDerefMode,
    String... returningAttributes ) throws LdapException
{
    OperationManager operationManager = directoryService.getOperationManager();

    PresenceNode filter = new PresenceNode( OBJECT_CLASS_AT );
    SearchOperationContext searchContext = new SearchOperationContext( this, dn, SearchScope.ONELEVEL, filter,
        returningAttributes );
    searchContext.setAliasDerefMode( aliasDerefMode );

    return operationManager.search( searchContext );
}
 

public Cursor<Entry> list( Dn dn, AliasDerefMode aliasDerefMode,
    String... returningAttributes ) throws LdapException
{
    OperationManager operationManager = directoryService.getOperationManager();

    PresenceNode filter = new PresenceNode( OBJECT_CLASS_AT );
    SearchOperationContext searchContext = new SearchOperationContext( this, dn, SearchScope.ONELEVEL, filter,
        returningAttributes );
    searchContext.setAliasDerefMode( aliasDerefMode );

    return operationManager.search( searchContext );
}
 

/**
 * Generates a properly-escaped LDAP query which finds all objects which
 * match the given LDAP filter and which have at least one of the given
 * attributes set to the specified value.
 *
 * @param filter
 *     The LDAP filter to apply to reduce the results of the query in
 *     addition to testing the values of the given attributes.
 *
 * @param attributes
 *     A collection of all attributes to test for equivalence to the given
 *     value, in order of decreasing priority.
 *
 * @param attributeValue
 *     The value that the resulting LDAP query should search for within the
 *     attributes of objects within the LDAP directory. If null, the
 *     resulting LDAP query will search for the presence of at least one of
 *     the given attributes on each object, regardless of the value of
 *     those attributes.
 *
 * @return
 *     An LDAP query which will search for arbitrary LDAP objects having at
 *     least one of the given attributes set to the specified value.
 */
public ExprNode generateQuery(ExprNode filter,
        Collection<String> attributes, String attributeValue) {

    // Build LDAP query for objects having at least one attribute and with
    // the given search filter
    AndNode searchFilter = new AndNode();
    searchFilter.addNode(filter);

    // If no attributes provided, we're done.
    if (attributes.size() < 1)
        return searchFilter;

    // Include all attributes within OR clause
    OrNode attributeFilter = new OrNode();

    // If value is defined, check each attribute for that value.
    if (attributeValue != null) {
        attributes.forEach(attribute ->
            attributeFilter.addNode(new EqualityNode(attribute,
                    attributeValue))
        );
    }
    
    // If no value is defined, just check for presence of attribute.
    else {
        attributes.forEach(attribute ->
            attributeFilter.addNode(new PresenceNode(attribute))
        );            
    }

    searchFilter.addNode(attributeFilter);

    logger.trace("Sending LDAP filter: \"{}\"", searchFilter.toString());
    
    return searchFilter;

}
 

/**
 * Returns the base search filter which should be used to retrieve user
 * groups which do not represent Guacamole connections. As excluding the
 * guacConfigGroup object class may not work as expected if it is not
 * defined (may always return zero results), it should only be explicitly
 * excluded if it is expected to have been defined.
 *
 * @return
 *     The base search filter which should be used to retrieve user groups.
 *
 * @throws GuacamoleException
 *     If guacamole.properties cannot be parsed.
 */
private ExprNode getGroupSearchFilter() throws GuacamoleException {

    // Explicitly exclude guacConfigGroup object class only if it should
    // be assumed to be defined (query may fail due to no such object
    // class existing otherwise)
    if (confService.getConfigurationBaseDN() != null)
        return new NotNode(new EqualityNode("objectClass","guacConfigGroup"));

    // Read any object as a group if LDAP is not being used for connection
    // storage (guacConfigGroup)
    return new PresenceNode("objectClass");

}
 

/**
 * Generates a properly-escaped LDAP query which finds all objects which
 * match the given LDAP filter and which have at least one of the given
 * attributes set to the specified value.
 *
 * @param filter
 *     The LDAP filter to apply to reduce the results of the query in
 *     addition to testing the values of the given attributes.
 *
 * @param attributes
 *     A collection of all attributes to test for equivalence to the given
 *     value, in order of decreasing priority.
 *
 * @param attributeValue
 *     The value that the resulting LDAP query should search for within the
 *     attributes of objects within the LDAP directory. If null, the
 *     resulting LDAP query will search for the presence of at least one of
 *     the given attributes on each object, regardless of the value of
 *     those attributes.
 *
 * @return
 *     An LDAP query which will search for arbitrary LDAP objects having at
 *     least one of the given attributes set to the specified value.
 */
public ExprNode generateQuery(ExprNode filter,
        Collection<String> attributes, String attributeValue) {

    // Build LDAP query for objects having at least one attribute and with
    // the given search filter
    AndNode searchFilter = new AndNode();
    searchFilter.addNode(filter);

    // If no attributes provided, we're done.
    if (attributes.size() < 1)
        return searchFilter;

    // Include all attributes within OR clause
    OrNode attributeFilter = new OrNode();

    // If value is defined, check each attribute for that value.
    if (attributeValue != null) {
        attributes.forEach(attribute ->
            attributeFilter.addNode(new EqualityNode(attribute,
                    attributeValue))
        );
    }
    
    // If no value is defined, just check for presence of attribute.
    else {
        attributes.forEach(attribute ->
            attributeFilter.addNode(new PresenceNode(attribute))
        );            
    }

    searchFilter.addNode(attributeFilter);

    logger.trace("Sending LDAP filter: \"{}\"", searchFilter.toString());
    
    return searchFilter;

}
 

/**
 * Returns the base search filter which should be used to retrieve user
 * groups which do not represent Guacamole connections. As excluding the
 * guacConfigGroup object class may not work as expected if it is not
 * defined (may always return zero results), it should only be explicitly
 * excluded if it is expected to have been defined.
 *
 * @return
 *     The base search filter which should be used to retrieve user groups.
 *
 * @throws GuacamoleException
 *     If guacamole.properties cannot be parsed.
 */
private ExprNode getGroupSearchFilter() throws GuacamoleException {

    // Explicitly exclude guacConfigGroup object class only if it should
    // be assumed to be defined (query may fail due to no such object
    // class existing otherwise)
    if (confService.getConfigurationBaseDN() != null)
        return new NotNode(new EqualityNode("objectClass","guacConfigGroup"));

    // Read any object as a group if LDAP is not being used for connection
    // storage (guacConfigGroup)
    return new PresenceNode("objectClass");

}
 

/**
 * Encode a Search Filter
 *
 * @param buffer The buffer where to put the PDU
 * @param node The top filter
 */
private void encodeFilter( Asn1Buffer buffer, ExprNode node )
{
    switch ( node.getClass().getSimpleName() )
    {
        case "AndNode" :
            encodeFilter( buffer, ( AndNode ) node, ( byte ) LdapCodecConstants.AND_FILTER_TAG );
            break;

        case "ApproximateNode" :
            encodeFilter( buffer, ( ApproximateNode<?> ) node, ( byte ) LdapCodecConstants.APPROX_MATCH_FILTER_TAG );
            break;

        case "EqualityNode" :
            encodeFilter( buffer, ( EqualityNode<?> ) node, ( byte ) LdapCodecConstants.EQUALITY_MATCH_FILTER_TAG );
            break;

        case "ExtensibleNode" :
            encodeFilter( buffer, ( ExtensibleNode ) node );
            break;

        case "GreaterEqNode" :
            encodeFilter( buffer, ( GreaterEqNode<?> ) node, ( byte ) LdapCodecConstants.GREATER_OR_EQUAL_FILTER_TAG );
            break;

        case "LessEqNode" :
            encodeFilter( buffer, ( LessEqNode<?> ) node, ( byte ) LdapCodecConstants.LESS_OR_EQUAL_FILTER_TAG );
            break;

        case "NotNode" :
            encodeFilter( buffer, ( NotNode ) node, ( byte ) LdapCodecConstants.NOT_FILTER_TAG );
            break;

        case "OrNode" :
            encodeFilter( buffer, ( OrNode ) node, ( byte ) LdapCodecConstants.OR_FILTER_TAG );
            break;

        case "PresenceNode" :
            encodeFilter( buffer, ( PresenceNode ) node );
            break;

        case "SubstringNode" :
            encodeFilter( buffer, ( SubstringNode ) node );
            break;

        default:
            break;
    }
}
 

/**
 * Alters the filter expression based on the presence of the
 * ManageDsaIT decorator.  If the decorator is not present, the search
 * filter will be altered to become a disjunction with two terms.
 * The first term is the original filter.  The second term is a
 * (objectClass=referral) assertion.  When OR'd together these will
 * make sure we get all referrals so we can process continuations
 * properly without having the filter remove them from the result
 * set.
 *
 * NOTE: original filter is first since most entries are not referrals
 * so it has a higher probability on average of accepting and shorting
 * evaluation before having to waste cycles trying to evaluate if the
 * entry is a referral.
 *
 * @param session the session to use to construct the filter (schema access)
 * @param req the request to get the original filter from
 * @throws Exception if there are schema access problems
 */
private void modifyFilter( LdapSession session, SearchRequest req ) throws Exception
{
    if ( req.hasControl( ManageDsaIT.OID ) )
    {
        return;
    }

    /*
     * Most of the time the search filter is just (objectClass=*) and if
     * this is the case then there's no reason at all to OR this with an
     * (objectClass=referral).  If we detect this case then we leave it
     * as is to represent the OR condition:
     *
     *  (| (objectClass=referral)(objectClass=*)) == (objectClass=*)
     */
    if ( req.getFilter() instanceof PresenceNode )
    {
        PresenceNode presenceNode = ( PresenceNode ) req.getFilter();

        if ( presenceNode.isSchemaAware() )
        {
            AttributeType attributeType = presenceNode.getAttributeType();

            if ( attributeType.equals( OBJECT_CLASS_AT ) )
            {
                return;
            }
        }
        else
        {
            String attribute = presenceNode.getAttribute();

            if ( attribute.equalsIgnoreCase( SchemaConstants.OBJECT_CLASS_AT )
                || attribute.equalsIgnoreCase( SchemaConstants.OBJECT_CLASS_AT_OID ) )
            {
                return;
            }
        }
    }

    /*
     * Do not add the OR'd (objectClass=referral) expression if the user
     * searches for the subSchemaSubEntry as the SchemaIntercepter can't
     * handle an OR'd filter.
     */
    if ( isSubSchemaSubEntrySearch( session, req ) )
    {
        return;
    }

    // using varags to add two expressions to an OR node
    req.setFilter( new OrNode( req.getFilter(), newIsReferralEqualityNode( session ) ) );
}
 

/**
 * Handles the RootDSE and lookups searches
 */
private boolean handleLookupAndRootDse( LdapSession session, SearchRequest req ) throws Exception
{
    boolean isBaseScope = req.getScope() == SearchScope.OBJECT;
    boolean isObjectClassFilter = false;

    if ( req.getFilter() instanceof PresenceNode )
    {
        ExprNode filter = req.getFilter();

        if ( filter.isSchemaAware() )
        {
            AttributeType attributeType = ( ( PresenceNode ) req.getFilter() ).getAttributeType();
            isObjectClassFilter = attributeType.equals( OBJECT_CLASS_AT );
        }
        else
        {
            String attribute = ( ( PresenceNode ) req.getFilter() ).getAttribute();
            isObjectClassFilter = attribute.equalsIgnoreCase( SchemaConstants.OBJECT_CLASS_AT )
                || attribute.equals( SchemaConstants.OBJECT_CLASS_AT_OID );
        }
    }

    /*
            if ( isBaseScope && isObjectClassFilter )
            {
                // This is a lookup
                handleLookup( session, req );

                return true;
            }
            else
            {
                // a standard search
                return false;
            }
    */
    boolean isBaseIsRoot = req.getBase().isEmpty();

    if ( isBaseScope && isObjectClassFilter )
    {
        if ( isBaseIsRoot )
        {
            // This is a rootDse lookup
            handleLookup( session, req );

            return true;
        }
        else
        {
            // This is a lookup
            //handleLookup( session, req );

            return false;
        }
    }
    else
    {
        // a standard search
        return false;
    }
}
 

/**
 * Alters the filter expression based on the presence of the
 * ManageDsaIT decorator.  If the decorator is not present, the search
 * filter will be altered to become a disjunction with two terms.
 * The first term is the original filter.  The second term is a
 * (objectClass=referral) assertion.  When OR'd together these will
 * make sure we get all referrals so we can process continuations
 * properly without having the filter remove them from the result
 * set.
 *
 * NOTE: original filter is first since most entries are not referrals
 * so it has a higher probability on average of accepting and shorting
 * evaluation before having to waste cycles trying to evaluate if the
 * entry is a referral.
 *
 * @param session the session to use to construct the filter (schema access)
 * @param req the request to get the original filter from
 * @throws Exception if there are schema access problems
 */
private void modifyFilter( LdapSession session, SearchRequest req ) throws Exception
{
    if ( req.hasControl( ManageDsaIT.OID ) )
    {
        return;
    }

    /*
     * Most of the time the search filter is just (objectClass=*) and if
     * this is the case then there's no reason at all to OR this with an
     * (objectClass=referral).  If we detect this case then we leave it
     * as is to represent the OR condition:
     *
     *  (| (objectClass=referral)(objectClass=*)) == (objectClass=*)
     */
    if ( req.getFilter() instanceof PresenceNode )
    {
        PresenceNode presenceNode = ( PresenceNode ) req.getFilter();

        if ( presenceNode.isSchemaAware() )
        {
            AttributeType attributeType = presenceNode.getAttributeType();

            if ( attributeType.equals( OBJECT_CLASS_AT ) )
            {
                return;
            }
        }
        else
        {
            String attribute = presenceNode.getAttribute();

            if ( attribute.equalsIgnoreCase( SchemaConstants.OBJECT_CLASS_AT )
                || attribute.equalsIgnoreCase( SchemaConstants.OBJECT_CLASS_AT_OID ) )
            {
                return;
            }
        }
    }

    /*
     * Do not add the OR'd (objectClass=referral) expression if the user
     * searches for the subSchemaSubEntry as the SchemaIntercepter can't
     * handle an OR'd filter.
     */
    if ( isSubSchemaSubEntrySearch( session, req ) )
    {
        return;
    }

    // using varags to add two expressions to an OR node
    req.setFilter( new OrNode( req.getFilter(), newIsReferralEqualityNode( session ) ) );
}
 

/**
 * Handles the RootDSE and lookups searches
 */
private boolean handleLookupAndRootDse( LdapSession session, SearchRequest req ) throws Exception
{
    boolean isBaseScope = req.getScope() == SearchScope.OBJECT;
    boolean isObjectClassFilter = false;

    if ( req.getFilter() instanceof PresenceNode )
    {
        ExprNode filter = req.getFilter();

        if ( filter.isSchemaAware() )
        {
            AttributeType attributeType = ( ( PresenceNode ) req.getFilter() ).getAttributeType();
            isObjectClassFilter = attributeType.equals( OBJECT_CLASS_AT );
        }
        else
        {
            String attribute = ( ( PresenceNode ) req.getFilter() ).getAttribute();
            isObjectClassFilter = attribute.equalsIgnoreCase( SchemaConstants.OBJECT_CLASS_AT )
                || attribute.equals( SchemaConstants.OBJECT_CLASS_AT_OID );
        }
    }

    /*
            if ( isBaseScope && isObjectClassFilter )
            {
                // This is a lookup
                handleLookup( session, req );

                return true;
            }
            else
            {
                // a standard search
                return false;
            }
    */
    boolean isBaseIsRoot = req.getBase().isEmpty();

    if ( isBaseScope && isObjectClassFilter )
    {
        if ( isBaseIsRoot )
        {
            // This is a rootDse lookup
            handleLookup( session, req );

            return true;
        }
        else
        {
            // This is a lookup
            //handleLookup( session, req );

            return false;
        }
    }
    else
    {
        // a standard search
        return false;
    }
}
 

/**
 * Remove the (ObjectClass=*) and ( ObjectClass=top) nodes from the filter, if we have one.
 */
private ExprNode removeObjectClass( ExprNode node )
{
    if ( node instanceof LeafNode )
    {
        LeafNode leafNode = ( LeafNode ) node;

        if ( leafNode.getAttributeType() == directoryService.getAtProvider().getObjectClass() )
        {
            if ( leafNode instanceof PresenceNode )
            {
                // We can safely remove the node and return an undefined node
                return ObjectClassNode.OBJECT_CLASS_NODE;
            }
            else if ( leafNode instanceof EqualityNode )
            {
                Value value = ( ( EqualityNode<String> ) leafNode ).getValue();

                if ( value.equals( SchemaConstants.TOP_OC ) )
                {
                    // Here too we can safely remove the node and return an undefined node
                    return ObjectClassNode.OBJECT_CLASS_NODE;
                }
            }
        }
    }

    // --------------------------------------------------------------------
    //                 H A N D L E   B R A N C H   N O D E S
    // --------------------------------------------------------------------

    if ( node instanceof AndNode )
    {
        return handleAndNode( node );
    }
    else if ( node instanceof OrNode )
    {
        return handleOrNode( node );
    }
    else if ( node instanceof NotNode )
    {
        return handleNotNode( node );
    }
    else
    {
        // Failover : we return the initial node as is
        return node;
    }
}
 

/**
 * Encode a PresenceNode.
 * <br>
 * PresentFilter :
 * <pre>
 * 0x87 L1 present
 * </pre>
 *
 * @param buffer The buffer where to put the PDU
 * @param node The Presence filter to encode
 */
private void encodeFilter( Asn1Buffer buffer, PresenceNode node )
{
    // The PresentFilter Tag
    BerValue.encodeOctetString( buffer, ( byte ) LdapCodecConstants.PRESENT_FILTER_TAG,
        Strings.getBytesUtf8( node.getAttribute() ) );
}
 

/**
 * Returns the search filter that should be used when querying the
 * LDAP server for Guacamole users.  If no filter is specified,
 * a default of "(objectClass=user)" is returned.
 *
 * @return
 *     The search filter that should be used when querying the
 *     LDAP server for users that are valid in Guacamole, or
 *     "(objectClass=user)" if not specified.
 *
 * @throws GuacamoleException
 *     If guacamole.properties cannot be parsed.
 */
public ExprNode getUserSearchFilter() throws GuacamoleException {
    return environment.getProperty(
        LDAPGuacamoleProperties.LDAP_USER_SEARCH_FILTER,
        new PresenceNode("objectClass")
    );
}
 

/**
 * Returns the search filter that should be used when querying the
 * LDAP server for Guacamole users.  If no filter is specified,
 * a default of "(objectClass=user)" is returned.
 *
 * @return
 *     The search filter that should be used when querying the
 *     LDAP server for users that are valid in Guacamole, or
 *     "(objectClass=user)" if not specified.
 *
 * @throws GuacamoleException
 *     If guacamole.properties cannot be parsed.
 */
public ExprNode getUserSearchFilter() throws GuacamoleException {
    return environment.getProperty(
        LDAPGuacamoleProperties.LDAP_USER_SEARCH_FILTER,
        new PresenceNode("objectClass")
    );
}