header
{
/*
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*
*/
package org.apache.directory.shared.ldap.aci;
import org.apache.directory.shared.ldap.model.name.NameComponentNormalizer;
}
// ----------------------------------------------------------------------------
// parser class definition
// ----------------------------------------------------------------------------
/**
* The antlr generated ACIItem checker.
*
* @author Apache Directory Project
*/
class AntlrACIItemChecker extends Parser;
// ----------------------------------------------------------------------------
// parser options
// ----------------------------------------------------------------------------
options
{
k = 1; // ;-)
defaultErrorHandler = false;
}
// ----------------------------------------------------------------------------
// imaginary tokens
// ----------------------------------------------------------------------------
tokens
{
ATTRIBUTE_VALUE_CANDIDATE;
RANGE_OF_VALUES_CANDIDATE;
}
// ----------------------------------------------------------------------------
// parser initialization
// ----------------------------------------------------------------------------
{
NameComponentNormalizer normalizer;
/**
* Creates a (normalizing) subordinate DnParser for parsing Names.
* This method MUST be called for each instance while we cannot do
* constructor overloading for this class.
*
* @return the DnParser to be used for parsing Names
*/
public void init()
{
}
/**
* Sets the NameComponentNormalizer for this parser's dnParser.
*/
public void setNormalizer(NameComponentNormalizer normalizer)
{
this.normalizer = normalizer;
}
}
// ----------------------------------------------------------------------------
// parser productions
// ----------------------------------------------------------------------------
wrapperEntryPoint
:
( SP )* theACIItem ( SP )* EOF
;
theACIItem
:
OPEN_CURLY
( SP )* mainACIItemComponent ( SP )*
( SEP ( SP )* mainACIItemComponent ( SP )* )*
CLOSE_CURLY
;
mainACIItemComponent
:
aci_identificationTag
| aci_precedence
| aci_authenticationLevel
| aci_itemOrUserFirst
;
aci_identificationTag
:
ID_identificationTag ( SP )+ SAFEUTF8STRING
;
aci_precedence
:
precedence
;
precedence
:
ID_precedence ( SP )+ INTEGER
;
aci_authenticationLevel
:
ID_authenticationLevel ( SP )+ authenticationLevel
;
authenticationLevel
:
ID_none
|
ID_simple
|
ID_strong
;
aci_itemOrUserFirst
:
ID_itemOrUserFirst ( SP )+ itemOrUserFirst
;
itemOrUserFirst
:
itemFirst | userFirst
;
itemFirst
:
ID_itemFirst ( SP )* COLON ( SP )*
OPEN_CURLY ( SP )*
(
protectedItems ( SP )*
SEP ( SP )* itemPermissions
| // relaxing
itemPermissions ( SP )*
SEP ( SP )* protectedItems
)
( SP )* CLOSE_CURLY
;
userFirst
:
ID_userFirst ( SP )* COLON ( SP )*
OPEN_CURLY ( SP )*
(
userClasses ( SP )*
SEP ( SP )* userPermissions
| // relaxing
userPermissions ( SP )*
SEP ( SP )* userClasses
)
( SP )* CLOSE_CURLY
;
protectedItems
:
ID_protectedItems ( SP )*
OPEN_CURLY ( SP )*
(
protectedItem ( SP )*
( SEP ( SP )* protectedItem ( SP )* )*
)?
CLOSE_CURLY
;
protectedItem
:
entry
| allUserAttributeTypes
| attributeType
| allAttributeValues
| allUserAttributeTypesAndValues
| attributeValue
| selfValue
| rangeOfValues
| maxValueCount
| maxImmSub
| restrictedBy
| classes
;
entry
:
ID_entry
;
allUserAttributeTypes
:
ID_allUserAttributeTypes
;
attributeType
:
ID_attributeType ( SP )+ attributeTypeSet
;
allAttributeValues
:
ID_allAttributeValues ( SP )+ attributeTypeSet
;
allUserAttributeTypesAndValues
:
ID_allUserAttributeTypesAndValues
;
attributeValue
:
ATTRIBUTE_VALUE_CANDIDATE // ate the identifier for subordinate dn parser workaround
;
selfValue
:
ID_selfValue ( SP )+ attributeTypeSet
;
rangeOfValues
:
RANGE_OF_VALUES_CANDIDATE
;
maxValueCount
:
ID_maxValueCount ( SP )+
OPEN_CURLY ( SP )*
aMaxValueCount ( SP )*
( SEP ( SP )* aMaxValueCount ( SP )*
)*
CLOSE_CURLY
;
aMaxValueCount
:
OPEN_CURLY ( SP )*
(
ID_type ( SP )+ oid ( SP )* SEP ( SP )*
ID_maxCount ( SP )+ INTEGER
| // relaxing
ID_maxCount ( SP )+ INTEGER ( SP )* SEP ( SP )*
ID_type ( SP )+ oid
)
( SP )* CLOSE_CURLY
;
maxImmSub
:
ID_maxImmSub ( SP )+ INTEGER
;
restrictedBy
:
ID_restrictedBy ( SP )+
OPEN_CURLY ( SP )*
restrictedValue ( SP )*
( SEP ( SP )* restrictedValue ( SP )*
)*
CLOSE_CURLY
;
restrictedValue
:
OPEN_CURLY ( SP )*
(
ID_type ( SP )+ oid ( SP )* SEP ( SP )*
ID_valuesIn ( SP )+ oid
| // relaxing
ID_valuesIn ( SP )+ oid ( SP )* SEP ( SP )*
ID_type ( SP )+ oid
)
( SP )* CLOSE_CURLY
;
attributeTypeSet
:
OPEN_CURLY ( SP )*
oid ( SP )*
( SEP ( SP )* oid ( SP )*
)*
CLOSE_CURLY
;
classes
:
ID_classes ( SP )+ refinement
;
itemPermissions
:
ID_itemPermissions ( SP )+
OPEN_CURLY ( SP )*
( itemPermission ( SP )*
( SEP ( SP )* itemPermission ( SP )*
)*
)?
CLOSE_CURLY
;
itemPermission
:
OPEN_CURLY ( SP )*
anyItemPermission ( SP )*
( SEP ( SP )* anyItemPermission ( SP )* )*
CLOSE_CURLY
;
anyItemPermission
:
precedence
| userClasses
| grantsAndDenials
;
grantsAndDenials
:
ID_grantsAndDenials ( SP )+
OPEN_CURLY ( SP )*
( grantAndDenial ( SP )*
( SEP ( SP )* grantAndDenial ( SP )*
)*
)?
CLOSE_CURLY
;
grantAndDenial
:
ID_grantAdd
| ID_denyAdd
| ID_grantDiscloseOnError
| ID_denyDiscloseOnError
| ID_grantRead
| ID_denyRead
| ID_grantRemove
| ID_denyRemove
//-- permissions that may be used only in conjunction
//-- with the entry component
| ID_grantBrowse
| ID_denyBrowse
| ID_grantExport
| ID_denyExport
| ID_grantImport
| ID_denyImport
| ID_grantModify
| ID_denyModify
| ID_grantRename
| ID_denyRename
| ID_grantReturnDN
| ID_denyReturnDN
//-- permissions that may be used in conjunction
//-- with any component, except entry, of ProtectedItems
| ID_grantCompare
| ID_denyCompare
| ID_grantFilterMatch
| ID_denyFilterMatch
| ID_grantInvoke
| ID_denyInvoke
;
userClasses
:
ID_userClasses ( SP )+
OPEN_CURLY ( SP )*
(
userClass ( SP )*
( SEP ( SP )* userClass ( SP )* )*
)?
CLOSE_CURLY
;
userClass
:
allUsers
| thisEntry
| parentOfEntry
| name
| userGroup
| subtree
;
allUsers
:
ID_allUsers
;
thisEntry
:
ID_thisEntry
;
parentOfEntry
:
ID_parentOfEntry
;
name
:
ID_name ( SP )+
OPEN_CURLY ( SP )*
distinguishedName ( SP )*
( SEP ( SP )* distinguishedName ( SP )*
)*
CLOSE_CURLY
;
userGroup
:
ID_userGroup ( SP )+
OPEN_CURLY ( SP )*
distinguishedName ( SP )*
( SEP ( SP )* distinguishedName ( SP )* )*
CLOSE_CURLY
;
subtree
:
ID_subtree ( SP )+
OPEN_CURLY ( SP )*
subtreeSpecification ( SP )*
( SEP ( SP )* subtreeSpecification ( SP )* )*
CLOSE_CURLY
;
userPermissions
:
ID_userPermissions ( SP )+
OPEN_CURLY ( SP )*
( userPermission ( SP )*
( SEP ( SP )* userPermission ( SP )* )*
)?
CLOSE_CURLY
;
userPermission
:
OPEN_CURLY ( SP )*
anyUserPermission ( SP )*
( SEP ( SP )* anyUserPermission ( SP )* )*
CLOSE_CURLY
;
anyUserPermission
:
precedence
| protectedItems
| grantsAndDenials
;
subtreeSpecification
:
OPEN_CURLY ( SP )*
( subtreeSpecificationComponent ( SP )*
( SEP ( SP )* subtreeSpecificationComponent ( SP )* )* )?
CLOSE_CURLY
;
subtreeSpecificationComponent
:
ss_base
| ss_specificExclusions
| ss_minimum
| ss_maximum
;
ss_base
:
ID_base ( SP )+ distinguishedName
;
ss_specificExclusions
:
ID_specificExclusions ( SP )+ specificExclusions
;
specificExclusions
:
OPEN_CURLY ( SP )*
( specificExclusion ( SP )*
( SEP ( SP )* specificExclusion ( SP )* )*
)?
CLOSE_CURLY
;
specificExclusion
:
chopBefore | chopAfter
;
chopBefore
:
ID_chopBefore ( SP )* COLON ( SP )* distinguishedName
;
chopAfter
:
ID_chopAfter ( SP )* COLON ( SP )* distinguishedName
;
ss_minimum
:
ID_minimum ( SP )+ baseDistance
;
ss_maximum
:
ID_maximum ( SP )+ baseDistance
;
distinguishedName
:
SAFEUTF8STRING
;
baseDistance
:
INTEGER
;
oid
:
( DESCR | NUMERICOID )
;
refinement
:
item | and | or | not
;
item
:
ID_item ( SP )* COLON ( SP )* oid
;
and
:
ID_and ( SP )* COLON ( SP )* refinements
;
or
:
ID_or ( SP )* COLON ( SP )* refinements
;
not
:
ID_not ( SP )* COLON ( SP )* refinements
;
refinements
:
OPEN_CURLY ( SP )*
(
refinement ( SP )*
( SEP ( SP )* refinement ( SP )* )*
)? CLOSE_CURLY
;
// ----------------------------------------------------------------------------
// lexer class definition
// ----------------------------------------------------------------------------
/**
* The parser's primary lexer.
*
* @author Apache Directory Project
*/
class AntlrACIItemCheckerLexer extends Lexer;
// ----------------------------------------------------------------------------
// lexer options
// ----------------------------------------------------------------------------
options
{
k = 2;
charVocabulary = '\3'..'\377';
}
//----------------------------------------------------------------------------
// tokens
//----------------------------------------------------------------------------
tokens
{
ID_identificationTag = "identificationTag";
ID_precedence = "precedence";
ID_FALSE = "FALSE";
ID_TRUE = "TRUE";
ID_none = "none";
ID_simple = "simple";
ID_strong = "strong";
ID_level = "level";
ID_basicLevels = "basicLevels";
ID_localQualifier = "localQualifier";
ID_signed = "signed";
ID_authenticationLevel = "authenticationLevel";
ID_itemOrUserFirst = "itemOrUserFirst";
ID_itemFirst = "itemFirst";
ID_userFirst = "userFirst";
ID_protectedItems = "protectedItems";
ID_classes = "classes";
ID_entry = "entry";
ID_allUserAttributeTypes = "allUserAttributeTypes";
ID_attributeType = "attributeType";
ID_allAttributeValues = "allAttributeValues";
ID_allUserAttributeTypesAndValues = "allUserAttributeTypesAndValues";
ID_selfValue = "selfValue";
ID_item = "item";
ID_and = "and";
ID_or = "or";
ID_not = "not";
ID_rangeOfValues = "rangeOfValues";
ID_maxValueCount = "maxValueCount";
ID_type = "type";
ID_maxCount = "maxCount";
ID_maxImmSub = "maxImmSub";
ID_restrictedBy = "restrictedBy";
ID_valuesIn = "valuesIn";
ID_userClasses = "userClasses";
ID_base = "base";
ID_specificExclusions = "specificExclusions";
ID_chopBefore = "chopBefore";
ID_chopAfter = "chopAfter";
ID_minimum = "minimum";
ID_maximum = "maximum";
ID_specificationFilter = "specificationFilter";
ID_grantsAndDenials = "grantsAndDenials";
ID_itemPermissions = "itemPermissions";
ID_userPermissions = "userPermissions";
ID_allUsers = "allUsers";
ID_thisEntry = "thisEntry";
ID_parentOfEntry = "parentOfEntry";
ID_subtree = "subtree";
ID_name = "name";
ID_userGroup = "userGroup";
ID_grantAdd = "grantAdd"; // (0),
ID_denyAdd = "denyAdd"; // (1),
ID_grantDiscloseOnError = "grantDiscloseOnError"; // (2),
ID_denyDiscloseOnError = "denyDiscloseOnError"; // (3),
ID_grantRead = "grantRead"; // (4),
ID_denyRead = "denyRead"; // (5),
ID_grantRemove = "grantRemove"; // (6),
ID_denyRemove = "denyRemove"; // (7),
//-- permissions that may be used only in conjunction
//-- with the entry component
ID_grantBrowse = "grantBrowse"; // (8),
ID_denyBrowse = "denyBrowse"; // (9),
ID_grantExport = "grantExport"; // (10),
ID_denyExport = "denyExport"; // (11),
ID_grantImport = "grantImport"; // (12),
ID_denyImport = "denyImport"; // (13),
ID_grantModify = "grantModify"; // (14),
ID_denyModify = "denyModify"; // (15),
ID_grantRename = "grantRename"; // (16),
ID_denyRename = "denyRename"; // (17),
ID_grantReturnDN = "grantReturnDN"; // (18),
ID_denyReturnDN = "denyReturnDN"; // (19),
//-- permissions that may be used in conjunction
//-- with any component, except entry, of ProtectedItems
ID_grantCompare = "grantCompare"; // (20),
ID_denyCompare = "denyCompare"; // (21),
ID_grantFilterMatch = "grantFilterMatch"; // (22),
ID_denyFilterMatch = "denyFilterMatch"; // (23),
ID_grantInvoke = "grantInvoke"; // (24),
ID_denyInvoke = "denyInvoke"; // (25)
}
// ----------------------------------------------------------------------------
// lexer initialization
// ----------------------------------------------------------------------------
// ----------------------------------------------------------------------------
// attribute description lexer rules from models
// ----------------------------------------------------------------------------
// This is all messed up - could not figure out how to get antlr to represent
// the safe UTF-8 character set from RFC 3642 for production SafeUTF8Character
protected SAFEUTF8CHAR :
'\u0001'..'\u0021' |
'\u0023'..'\u007F' |
'\u00c0'..'\u00d6' |
'\u00d8'..'\u00f6' |
'\u00f8'..'\u00ff' |
'\u0100'..'\u1fff' |
'\u3040'..'\u318f' |
'\u3300'..'\u337f' |
'\u3400'..'\u3d2d' |
'\u4e00'..'\u9fff' |
'\uf900'..'\ufaff' ;
OPEN_CURLY : '{' ;
CLOSE_CURLY : '}' ;
SEP : ',' ;
SP : ' ' | '\t' | '\n' { newline(); } | '\r' ;
COLON : ':' ;
protected DIGIT : '0' | LDIGIT ;
protected LDIGIT : '1'..'9' ;
protected ALPHA : 'A'..'Z' | 'a'..'z' ;
protected INTEGER : DIGIT | ( LDIGIT ( DIGIT )+ ) ;
protected HYPHEN : '-' ;
protected NUMERICOID : INTEGER ( DOT INTEGER )+ ;
protected DOT : '.' ;
INTEGER_OR_NUMERICOID
:
( INTEGER DOT ) => NUMERICOID
{
$setType( NUMERICOID );
}
|
INTEGER
{
$setType( INTEGER );
}
;
SAFEUTF8STRING : '"'! ( SAFEUTF8CHAR )* '"'! ;
DESCR // THIS RULE ALSO STANDS FOR AN IDENTIFIER
:
( "attributeValue" ( SP! )+ '{' ) =>
"attributeValue"! ( SP! )+ '{'! ( options { greedy = false; } : . )* '}'!
{ $setType( ATTRIBUTE_VALUE_CANDIDATE ); }
| ( "rangeOfValues" ( SP! )+ '(' ) =>
"rangeOfValues"! ( SP! )+ FILTER
{ $setType( RANGE_OF_VALUES_CANDIDATE ); }
| ALPHA ( ALPHA | DIGIT | HYPHEN )*
;
protected FILTER : '(' ( ( '&' (SP)* (FILTER)+ ) | ( '|' (SP)* (FILTER)+ ) | ( '!' (SP)* FILTER ) | FILTER_VALUE ) ')' (SP)* ;
protected FILTER_VALUE : (options{greedy=true;}: ~( ')' | '(' | '&' | '|' | '!' ) ( ~(')') )* ) ;