Class AuthZ
- java.lang.Object
-
- org.apache.directory.fortress.core.model.FortEntity
-
- org.apache.directory.fortress.core.model.AuthZ
-
- All Implemented Interfaces:
Serializable
public class AuthZ extends FortEntity implements Serializable
This entity class contains OpenLDAP slapo-accesslog records that correspond to authorization attempts made to the directory.The auditCompare Structural object class is used by the slapo-accesslog overlay to store record of fortress authorization events. These events can later be pulled as audit trail using ldap protocol. The data pertaining to authZ events are stored in this entity record.
------------------------------------------ objectclass ( 1.3.6.1.4.1.4203.666.11.5.2.7 NAME 'auditCompare' DESC 'Compare operation' SUP auditObject STRUCTURAL MUST reqAssertion ) ------------------------------------------
For the Compare operation the reqAssertion attribute carries the Attribute Value Assertion used in the compare requestNote this class uses descriptions pulled from man pages on slapo-accesslog.
- Author:
- Apache Directory Project
- See Also:
- Serialized Form
-
-
Field Summary
-
Fields inherited from class org.apache.directory.fortress.core.model.FortEntity
adminSession, contextId, modCode, modId
-
-
Constructor Summary
Constructors Constructor Description AuthZ()
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description String
getCreateTimestamp()
Get the attribute that maps to 'reqStart' which provides the start time of the operation which is also the rDn for the node.String
getCreatorsName()
Return the user dn containing the identity of log user who added the audit record.String
getEntryCSN()
Return the Change Sequence Number (CSN) containing sequence number that is used for OpenLDAP synch replication functionality.String
getEntryDN()
Get the entry dn for bind object stored in directory.String
getEntryUUID()
Get the attribute that contains the Universally Unique ID (UUID) of the corresponding 'auditSearch' record.String
getHasSubordinates()
Get the attribute that corresponds to the boolean value hasSubordinates.String
getModifiersName()
Return the user dn containing the identity of log user who last modified the audit record.String
getModifyTimestamp()
Get the attribute that maps to 'modifyTimestamp' which provides the last time audit record was changed.String
getObjectClass()
Get the object class name of the audit record.String
getReqAssertion()
Get the Compare operation the reqAssertion attribute carries the Attribute Value Assertion used in the compare request.String
getReqAttr()
The reqAttr attribute lists the requested attributes if specific attributes were requested.String
getReqAttrsOnly()
The reqAttrsOnly attribute is a Boolean value showing TRUE if only attribute names were requested, or FALSE if attributes and their values were requested.String
getReqAuthzID()
The reqAuthzID attribute is the distinguishedName of the user that performed the operation.String
getReqControls()
The reqControls and reqRespControls attributes carry any controls sent by the client on the request and returned by the server in the response, respectively.String
getReqDerefAliases()
The reqDerefAliases attribute is on of never, finding, searching, or always, denoting how aliases will be processed during the search.String
getReqDN()
The reqDN attribute is the distinguishedName of the target of the operation.String
getReqEnd()
reqEnd provide the end time of the operation.String
getReqEntries()
The reqEntries attribute is the integer count of how many entries were returned by this search request.String
getReqFilter()
The reqFilter attribute carries the filter used in the search request.String
getReqResult()
The reqResult attribute is the numeric LDAP result code of the operation, indicating either success or a particular LDAP error code.String
getReqScope()
The reqScope attribute contains the scope of the original search request, using the values specified for the LDAP URL format.String
getReqSession()
The reqSession attribute is an implementation-specific identifier that is common to all the operations associated with the same LDAP session.String
getReqSizeLimit()
The reqSizeLimit attribute indicate what limits were requested on the search operation.String
getReqStart()
reqStart provide the start of the operation, They use generalizedTime syntax.String
getReqTimeLimit()
The reqTimeLimit attribute indicate what limits were requested on the search operation.String
getReqType()
The reqType attribute is a simple string containing the type of operation being logged, e.g.long
getSequenceId()
Sequence id is used internal to Fortress.String
getStructuralObjectClass()
Returns the name of the structural object class that is used to log the event.String
getSubschemaSubentry()
Return the subschemaSubentry attribute from the audit entry.void
setCreateTimestamp(String createTimestamp)
Set the attribute that maps to 'reqStart' which provides the start time of the operation which is also the rDn for the node.void
setCreatorsName(String creatorsName)
Set the user dn containing the identity of log user who added the audit record.void
setEntryCSN(String entryCSN)
Set the Change Sequence Number (CSN) containing sequence number that is used for OpenLDAP synch replication functionality.void
setEntryDN(String entryDN)
Set the entry dn for bind object stored in directory.void
setEntryUUID(String entryUUID)
Set the attribute that contains the Universally Unique ID (UUID) of the corresponding 'auditSearch' record.void
setHasSubordinates(String hasSubordinates)
Set the attribute that corresponds to the boolean value hasSubordinates.void
setModifiersName(String modifiersName)
Set the user dn containing the identity of log user who modified the audit record.void
setModifyTimestamp(String modifyTimestamp)
Set the attribute that maps to 'modifyTimestamp' which provides the last time audit record was changed.void
setObjectClass(String objectClass)
Set the object class name of the audit record.void
setReqAssertion(String reqAssertion)
Set the Compare operation the reqAssertion attribute carries the Attribute Value Assertion used in the compare request.void
setReqAttr(String reqAttr)
The reqAttr attribute lists the requested attributes if specific attributes were requested.void
setReqAttrsOnly(String reqAttrsOnly)
The reqAttrsOnly attribute is a Boolean value showing TRUE if only attribute names were requested, or FALSE if attributes and their values were requested.void
setReqAuthzID(String reqAuthzID)
The reqAuthzID attribute is the distinguishedName of the user that performed the operation.void
setReqControls(String reqControls)
The reqControls and reqRespControls attributes carry any controls sent by the client on the request and returned by the server in the response, respectively.void
setReqDerefAliases(String reqDerefAliases)
The reqDerefAliases attribute is on of never, finding, searching, or always, denoting how aliases will be processed during the search.void
setReqDN(String reqDN)
The reqDN attribute is the distinguishedName of the target of the operation.void
setReqEnd(String reqEnd)
reqEnd provide the end time of the operation.void
setReqEntries(String reqEntries)
The reqEntries attribute is the integer count of how many entries were returned by this search request.void
setReqFilter(String reqFilter)
The reqFilter attribute carries the filter used in the search request.void
setReqResult(String reqResult)
The reqResult attribute is the numeric LDAP result code of the operation, indicating either success or a particular LDAP error code.void
setReqScope(String reqScope)
The reqScope attribute contains the scope of the original search request, using the values specified for the LDAP URL format.void
setReqSession(String reqSession)
The reqSession attribute is an implementation-specific identifier that is common to all the operations associated with the same LDAP session.void
setReqSizeLimit(String reqSizeLimit)
The reqSizeLimit attribute indicate what limits were requested on the search operation.void
setReqStart(String reqStart)
reqStart provide the start of the operation, They use generalizedTime syntax.void
setReqTimeLimit(String reqTimeLimit)
The reqTimeLimit attribute indicate what limits were requested on the search operation.void
setReqType(String reqType)
The reqType attribute is a simple string containing the type of operation being logged, e.g.void
setSequenceId(long sequenceId)
Sequence id is used internal to Fortressvoid
setStructuralObjectClass(String structuralObjectClass)
Returns the name of the structural object class that is used to log the event.void
setSubschemaSubentry(String subschemaSubentry)
Set the subschemaSubentry attribute from the audit entry.-
Methods inherited from class org.apache.directory.fortress.core.model.FortEntity
getAdminSession, getContextId, getModCode, getModId, setAdminSession, setContextId, setModCode
-
-
-
-
Method Detail
-
getCreateTimestamp
public String getCreateTimestamp()
Get the attribute that maps to 'reqStart' which provides the start time of the operation which is also the rDn for the node. These time attributes use generalizedTime syntax. The reqStart attribute is also used as the RDN for each log entry.- Returns:
- attribute that maps to 'reqStart' in 'auditSearch' object class.
-
setCreateTimestamp
public void setCreateTimestamp(String createTimestamp)
Set the attribute that maps to 'reqStart' which provides the start time of the operation which is also the rDn for the node. These time attributes use generalizedTime syntax. The reqStart attribute is also used as the RDN for each log entry.- Parameters:
createTimestamp
- attribute that maps to 'reqStart' in 'auditSearch' object class.
-
getCreatorsName
public String getCreatorsName()
Return the user dn containing the identity of log user who added the audit record. This will be the system user that is configured for performing slapd access log operations on behalf of Fortress.- Returns:
- value that maps to 'creatorsName' attribute on 'auditSearch' object class.
-
setCreatorsName
public void setCreatorsName(String creatorsName)
Set the user dn containing the identity of log user who added the audit record. This will be the system user that is configured for performing slapd access log operations on behalf of Fortress.- Parameters:
creatorsName
- maps to 'creatorsName' attribute on 'auditSearch' object class.
-
getEntryCSN
public String getEntryCSN()
Return the Change Sequence Number (CSN) containing sequence number that is used for OpenLDAP synch replication functionality.- Returns:
- attribute that maps to 'entryCSN' on 'auditSearch' object class.
-
setEntryCSN
public void setEntryCSN(String entryCSN)
Set the Change Sequence Number (CSN) containing sequence number that is used for OpenLDAP synch replication functionality.- Parameters:
entryCSN
- maps to 'entryCSN' attribute on 'auditSearch' object class.
-
getEntryDN
public String getEntryDN()
Get the entry dn for bind object stored in directory. This attribute uses the 'reqStart' along with suffix for log.- Returns:
- attribute that maps to 'entryDN' on 'auditSearch' object class.
-
setEntryDN
public void setEntryDN(String entryDN)
Set the entry dn for bind object stored in directory. This attribute uses the 'reqStart' along with suffix for log.- Parameters:
entryDN
- attribute that maps to 'entryDN' on 'auditSearch' object class.
-
getEntryUUID
public String getEntryUUID()
Get the attribute that contains the Universally Unique ID (UUID) of the corresponding 'auditSearch' record.- Returns:
- value that maps to 'entryUUID' attribute on 'auditSearch' object class.
-
setEntryUUID
public void setEntryUUID(String entryUUID)
Set the attribute that contains the Universally Unique ID (UUID) of the corresponding 'auditSearch' record.- Parameters:
entryUUID
- that maps to 'entryUUID' attribute on 'auditSearch' object class.
-
getHasSubordinates
public String getHasSubordinates()
Get the attribute that corresponds to the boolean value hasSubordinates.- Returns:
- value that maps to 'hasSubordinates' attribute on 'auditSearch' object class.
-
setHasSubordinates
public void setHasSubordinates(String hasSubordinates)
Set the attribute that corresponds to the boolean value hasSubordinates.- Parameters:
hasSubordinates
- maps to same name on 'auditSearch' object class.
-
getModifiersName
public String getModifiersName()
Return the user dn containing the identity of log user who last modified the audit record. This will be the system user that is configured for performing slapd access log operations on behalf of Fortress.- Returns:
- value that maps to 'modifiersName' attribute on 'auditSearch' object class.
-
setModifiersName
public void setModifiersName(String modifiersName)
Set the user dn containing the identity of log user who modified the audit record. This will be the system user that is configured for performing slapd access log operations on behalf of Fortress.- Parameters:
modifiersName
- maps to 'modifiersName' attribute on 'auditSearch' object class.
-
getModifyTimestamp
public String getModifyTimestamp()
Get the attribute that maps to 'modifyTimestamp' which provides the last time audit record was changed. The time attributes use generalizedTime syntax.- Returns:
- attribute that maps to 'modifyTimestamp' in 'auditSearch' object class.
-
setModifyTimestamp
public void setModifyTimestamp(String modifyTimestamp)
Set the attribute that maps to 'modifyTimestamp' which provides the last time audit record was changed. The time attributes use generalizedTime syntax.- Parameters:
modifyTimestamp
- attribute that maps to same name in 'auditSearch' object class.
-
getObjectClass
public String getObjectClass()
Get the object class name of the audit record. For this entity, this value will always be 'auditSearch'.- Returns:
- value that maps to 'objectClass' attribute on 'auditSearch' obejct class.
-
setObjectClass
public void setObjectClass(String objectClass)
Set the object class name of the audit record. For this entity, this value will always be 'auditSearch'.- Parameters:
objectClass
- value that maps to same name on 'auditSearch' obejct class.
-
getReqAuthzID
public String getReqAuthzID()
The reqAuthzID attribute is the distinguishedName of the user that performed the operation. This will usually be the same name as was established at the start of a session by a Bind request (if any) but may be altered in various circumstances. For Fortress bind operations this will map to User#userId- Returns:
- value that maps to 'reqAuthzID' on 'auditSearch' object class.
-
setReqAuthzID
public void setReqAuthzID(String reqAuthzID)
The reqAuthzID attribute is the distinguishedName of the user that performed the operation. This will usually be the same name as was established at the start of a session by a Bind request (if any) but may be altered in various circumstances. For Fortress bind operations this will map to User#userId
-
getReqControls
public String getReqControls()
The reqControls and reqRespControls attributes carry any controls sent by the client on the request and returned by the server in the response, respectively. The attribute values are just uninterpreted octet strings.- Returns:
- value that maps to 'reqControls' attribute on 'auditSearch' object class.
-
setReqControls
public void setReqControls(String reqControls)
The reqControls and reqRespControls attributes carry any controls sent by the client on the request and returned by the server in the response, respectively. The attribute values are just uninterpreted octet strings.- Parameters:
reqControls
- maps to same name attribute on 'auditSearch' object class.
-
getReqDN
public String getReqDN()
The reqDN attribute is the distinguishedName of the target of the operation. E.g., for a Bind request, this is the Bind DN. For an Add request, this is the DN of the entry being added. For a Search request, this is the base DN of the search.- Returns:
- value that map to 'reqDN' attribute on 'auditSearch' object class.
-
setReqDN
public void setReqDN(String reqDN)
The reqDN attribute is the distinguishedName of the target of the operation. E.g., for a Bind request, this is the Bind DN. For an Add request, this is the DN of the entry being added. For a Search request, this is the base DN of the search.- Parameters:
reqDN
- maps to 'reqDN' attribute on 'auditSearch' object class.
-
getReqEnd
public String getReqEnd()
reqEnd provide the end time of the operation. It uses generalizedTime syntax.- Returns:
- value that maps to 'reqEnd' attribute on 'auditSearch' object class.
-
setReqEnd
public void setReqEnd(String reqEnd)
reqEnd provide the end time of the operation. It uses generalizedTime syntax.- Parameters:
reqEnd
- value that maps to same name on 'auditSearch' object class.
-
getReqResult
public String getReqResult()
The reqResult attribute is the numeric LDAP result code of the operation, indicating either success or a particular LDAP error code. An error code may be accompanied by a text error message which will be recorded in the reqMessage attribute.- Returns:
- value that maps to 'reqResult' attribute on 'auditSearch' object class.
-
setReqResult
public void setReqResult(String reqResult)
The reqResult attribute is the numeric LDAP result code of the operation, indicating either success or a particular LDAP error code. An error code may be accompanied by a text error message which will be recorded in the reqMessage attribute.- Parameters:
reqResult
- maps to same name on 'auditSearch' object class.
-
getReqSession
public String getReqSession()
The reqSession attribute is an implementation-specific identifier that is common to all the operations associated with the same LDAP session. Currently this is slapd's internal connection ID, stored in decimal.- Returns:
- value that maps to 'reqSession' attribute on 'auditSearch' object class.
-
setReqSession
public void setReqSession(String reqSession)
The reqSession attribute is an implementation-specific identifier that is common to all the operations associated with the same LDAP session. Currently this is slapd's internal connection ID, stored in decimal.- Parameters:
reqSession
- maps to same name on 'auditSearch' object class.
-
getReqStart
public String getReqStart()
reqStart provide the start of the operation, They use generalizedTime syntax. The reqStart attribute is also used as the RDN for each log entry.- Returns:
- value that maps to 'reqStart' attribute on 'auditSearch' object class.
-
setReqStart
public void setReqStart(String reqStart)
reqStart provide the start of the operation, They use generalizedTime syntax. The reqStart attribute is also used as the RDN for each log entry.- Parameters:
reqStart
- maps to same name on 'auditSearch' object class.
-
getReqType
public String getReqType()
The reqType attribute is a simple string containing the type of operation being logged, e.g. add, delete, search, etc. For extended operations, the type also includes the OID of the extended operation, e.g. extended(1.1.1.1)- Returns:
- value that maps to 'reqType' attribute on 'auditSearch' object class.
-
setReqType
public void setReqType(String reqType)
The reqType attribute is a simple string containing the type of operation being logged, e.g. add, delete, search, etc. For extended operations, the type also includes the OID of the extended operation, e.g. extended(1.1.1.1)- Parameters:
reqType
- maps to same name on 'auditSearch' object class.
-
getReqAssertion
public String getReqAssertion()
Get the Compare operation the reqAssertion attribute carries the Attribute Value Assertion used in the compare request.- Returns:
- value that maps to 'reqAssertion' attribute on 'auditCompare' object class.
-
setReqAssertion
public void setReqAssertion(String reqAssertion)
Set the Compare operation the reqAssertion attribute carries the Attribute Value Assertion used in the compare request.- Parameters:
reqAssertion
- value maps to 'reqAssertion' attribute contained in the 'auditCompare' object class.
-
getStructuralObjectClass
public String getStructuralObjectClass()
Returns the name of the structural object class that is used to log the event. For this entity this value will always be 'auditSearch'.- Returns:
- value that maps to 'structuralObjectClass' attribute that contains the name 'auditSearch'.
-
setStructuralObjectClass
public void setStructuralObjectClass(String structuralObjectClass)
Returns the name of the structural object class that is used to log the event. For this entity this value will always be 'auditSearch'.- Parameters:
structuralObjectClass
- maps to same name on 'auditSearch' object class.
-
getReqEntries
public String getReqEntries()
The reqEntries attribute is the integer count of how many entries were returned by this search request.- Returns:
- value that maps to 'reqEntries' attribute on 'auditSearch' object class
-
setReqEntries
public void setReqEntries(String reqEntries)
The reqEntries attribute is the integer count of how many entries were returned by this search request.- Parameters:
reqEntries
- maps to same name on 'auditSearch' object class
-
getReqAttr
public String getReqAttr()
The reqAttr attribute lists the requested attributes if specific attributes were requested.- Returns:
- value maps to 'reqAttr' on 'auditSearch' object class.
-
setReqAttr
public void setReqAttr(String reqAttr)
The reqAttr attribute lists the requested attributes if specific attributes were requested.- Parameters:
reqAttr
- maps to same name on 'auditSearch' object class.
-
getReqAttrsOnly
public String getReqAttrsOnly()
The reqAttrsOnly attribute is a Boolean value showing TRUE if only attribute names were requested, or FALSE if attributes and their values were requested. For Fortress authorization requests this value will always be TRUE.- Returns:
- value maps to 'reqAttrsOnly' on 'auditSearch' object class.
-
setReqAttrsOnly
public void setReqAttrsOnly(String reqAttrsOnly)
The reqAttrsOnly attribute is a Boolean value showing TRUE if only attribute names were requested, or FALSE if attributes and their values were requested. For Fortress authorization requests this value will always be TRUE.- Parameters:
reqAttrsOnly
- maps to same name on 'auditSearch' object class.
-
getReqFilter
public String getReqFilter()
The reqFilter attribute carries the filter used in the search request.For Fortress authorization events this will contain the following:
- userId: User#userId
- activated roles: UserRole#name
- object name: Permission#objName
- operation name: Permission#opName
- Returns:
- value that maps to 'reqFilter' attribute on 'auditSearch' object class.
-
setReqFilter
public void setReqFilter(String reqFilter)
The reqFilter attribute carries the filter used in the search request.For Fortress authorization events this will contain the following:
- userId: User#userId
- activated roles: UserRole#name
- object name: Permission#objName
- operation name: Permission#opName
- Parameters:
reqFilter
- maps to same name on 'auditSearch' object class.
-
getReqScope
public String getReqScope()
The reqScope attribute contains the scope of the original search request, using the values specified for the LDAP URL format. I.e. base, one, sub, or subord.- Returns:
- value that maps to 'reqScope' attribute on 'auditSearch' object class.
-
setReqScope
public void setReqScope(String reqScope)
The reqScope attribute contains the scope of the original search request, using the values specified for the LDAP URL format. I.e. base, one, sub, or subord.- Parameters:
reqScope
- maps to same name on 'auditSearch' object class.
-
getReqSizeLimit
public String getReqSizeLimit()
The reqSizeLimit attribute indicate what limits were requested on the search operation.- Returns:
- value that maps to 'reqSizeLimit' attribute on 'auditSearch' object class.
-
setReqSizeLimit
public void setReqSizeLimit(String reqSizeLimit)
The reqSizeLimit attribute indicate what limits were requested on the search operation.- Parameters:
reqSizeLimit
- maps to same name on 'auditSearch' object class.
-
getReqTimeLimit
public String getReqTimeLimit()
The reqTimeLimit attribute indicate what limits were requested on the search operation.- Returns:
- value that maps to 'reqTimeLimit' attribute on 'auditSearch' object class.
-
setReqTimeLimit
public void setReqTimeLimit(String reqTimeLimit)
The reqTimeLimit attribute indicate what limits were requested on the search operation.- Parameters:
reqTimeLimit
- maps to same name on 'auditSearch' object class.
-
getSubschemaSubentry
public String getSubschemaSubentry()
Return the subschemaSubentry attribute from the audit entry.- Returns:
- value that maps to 'subschemaSubentry' on 'auditSearch' object class.
-
setSubschemaSubentry
public void setSubschemaSubentry(String subschemaSubentry)
Set the subschemaSubentry attribute from the audit entry.- Parameters:
subschemaSubentry
- maps to same name on 'auditSearch' object class.
-
getReqDerefAliases
public String getReqDerefAliases()
The reqDerefAliases attribute is on of never, finding, searching, or always, denoting how aliases will be processed during the search.- Returns:
- value that maps to 'reqDerefAliases' on 'auditSearch' object class.
-
setReqDerefAliases
public void setReqDerefAliases(String reqDerefAliases)
The reqDerefAliases attribute is on of never, finding, searching, or always, denoting how aliases will be processed during the search.- Parameters:
reqDerefAliases
- maps to same name on 'auditSearch' object class.
-
getSequenceId
public long getSequenceId()
Sequence id is used internal to Fortress.- Overrides:
getSequenceId
in classFortEntity
- Returns:
- long value contains sequence id.
-
setSequenceId
public void setSequenceId(long sequenceId)
Sequence id is used internal to Fortress- Overrides:
setSequenceId
in classFortEntity
- Parameters:
sequenceId
- contains sequence to use.
-
-