You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by ak...@apache.org on 2008/06/08 04:15:44 UTC
svn commit: r664425 - in
/directory/apacheds/branches/bigbang/protocol-newldap: ./
src/main/java/org/apache/directory/server/newldap/
src/main/java/org/apache/directory/server/newldap/handlers/
src/main/java/org/apache/directory/server/newldap/handlers...
Author: akarasulu
Date: Sat Jun 7 19:15:44 2008
New Revision: 664425
URL: http://svn.apache.org/viewvc?rev=664425&view=rev
Log:
checkpointing some work on a new protocol-ldap module without JNDI
Added:
directory/apacheds/branches/bigbang/protocol-newldap/TODO.txt (with props)
directory/apacheds/branches/bigbang/protocol-newldap/src/main/java/org/apache/directory/server/newldap/handlers/NewBindHandler.java
directory/apacheds/branches/bigbang/protocol-newldap/src/main/java/org/apache/directory/server/newldap/handlers/NewCompareHandler.java (with props)
Removed:
directory/apacheds/branches/bigbang/protocol-newldap/src/main/java/org/apache/directory/server/newldap/SessionRegistry.java
directory/apacheds/branches/bigbang/protocol-newldap/src/main/java/org/apache/directory/server/newldap/handlers/AbandonHandler.java
directory/apacheds/branches/bigbang/protocol-newldap/src/main/java/org/apache/directory/server/newldap/handlers/AbstractLdapHandler.java
directory/apacheds/branches/bigbang/protocol-newldap/src/main/java/org/apache/directory/server/newldap/handlers/AddHandler.java
directory/apacheds/branches/bigbang/protocol-newldap/src/main/java/org/apache/directory/server/newldap/handlers/BindHandler.java
directory/apacheds/branches/bigbang/protocol-newldap/src/main/java/org/apache/directory/server/newldap/handlers/DefaultAbandonHandler.java
directory/apacheds/branches/bigbang/protocol-newldap/src/main/java/org/apache/directory/server/newldap/handlers/DefaultAddHandler.java
directory/apacheds/branches/bigbang/protocol-newldap/src/main/java/org/apache/directory/server/newldap/handlers/DefaultBindHandler.java
Modified:
directory/apacheds/branches/bigbang/protocol-newldap/src/main/java/org/apache/directory/server/newldap/ExtendedOperationHandler.java
directory/apacheds/branches/bigbang/protocol-newldap/src/main/java/org/apache/directory/server/newldap/LdapServer.java
directory/apacheds/branches/bigbang/protocol-newldap/src/main/java/org/apache/directory/server/newldap/LdapSession.java
directory/apacheds/branches/bigbang/protocol-newldap/src/main/java/org/apache/directory/server/newldap/handlers/LdapRequestHandler.java
directory/apacheds/branches/bigbang/protocol-newldap/src/main/java/org/apache/directory/server/newldap/handlers/NewAbandonHandler.java
directory/apacheds/branches/bigbang/protocol-newldap/src/main/java/org/apache/directory/server/newldap/handlers/NewAddHandler.java
directory/apacheds/branches/bigbang/protocol-newldap/src/main/java/org/apache/directory/server/newldap/handlers/bind/MechanismHandler.java
Added: directory/apacheds/branches/bigbang/protocol-newldap/TODO.txt
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/bigbang/protocol-newldap/TODO.txt?rev=664425&view=auto
==============================================================================
--- directory/apacheds/branches/bigbang/protocol-newldap/TODO.txt (added)
+++ directory/apacheds/branches/bigbang/protocol-newldap/TODO.txt Sat Jun 7 19:15:44 2008
@@ -0,0 +1,5 @@
+ o handle setting request and response controls
+ o bind is all messed up now with sasl handling - fix that
+ o need to add methods to CoreSession to build operations from requests?
+ or just add more parameters to set all options?
+ should operation context constructors take requests?
Propchange: directory/apacheds/branches/bigbang/protocol-newldap/TODO.txt
------------------------------------------------------------------------------
svn:eol-style = native
Modified: directory/apacheds/branches/bigbang/protocol-newldap/src/main/java/org/apache/directory/server/newldap/ExtendedOperationHandler.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/bigbang/protocol-newldap/src/main/java/org/apache/directory/server/newldap/ExtendedOperationHandler.java?rev=664425&r1=664424&r2=664425&view=diff
==============================================================================
--- directory/apacheds/branches/bigbang/protocol-newldap/src/main/java/org/apache/directory/server/newldap/ExtendedOperationHandler.java (original)
+++ directory/apacheds/branches/bigbang/protocol-newldap/src/main/java/org/apache/directory/server/newldap/ExtendedOperationHandler.java Sat Jun 7 19:15:44 2008
@@ -23,7 +23,6 @@
import java.util.Set;
import org.apache.directory.shared.ldap.message.ExtendedRequest;
-import org.apache.mina.common.IoSession;
/**
@@ -57,12 +56,12 @@
/**
* Handles the specified extended operation.
*
- * @param session the MINA session object related with current connection
+ * @param session the session object related with current connection
* @param req the LDAP Extended operation request
*
* @throws Exception if failed to handle the operation
*/
- void handleExtendedOperation( IoSession session, SessionRegistry registry, ExtendedRequest req ) throws Exception;
+ void handleExtendedOperation( LdapSession session, ExtendedRequest req ) throws Exception;
/**
Modified: directory/apacheds/branches/bigbang/protocol-newldap/src/main/java/org/apache/directory/server/newldap/LdapServer.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/bigbang/protocol-newldap/src/main/java/org/apache/directory/server/newldap/LdapServer.java?rev=664425&r1=664424&r2=664425&view=diff
==============================================================================
--- directory/apacheds/branches/bigbang/protocol-newldap/src/main/java/org/apache/directory/server/newldap/LdapServer.java (original)
+++ directory/apacheds/branches/bigbang/protocol-newldap/src/main/java/org/apache/directory/server/newldap/LdapServer.java Sat Jun 7 19:15:44 2008
@@ -26,21 +26,14 @@
import java.security.Provider;
import java.security.Security;
import java.util.*;
+import java.util.concurrent.ConcurrentHashMap;
-import javax.naming.Context;
-import javax.naming.NamingException;
import javax.naming.ldap.Control;
import org.apache.directory.server.core.DirectoryService;
import org.apache.directory.server.core.partition.PartitionNexus;
import org.apache.directory.server.core.security.CoreKeyStoreSpi;
-import org.apache.directory.server.newldap.handlers.AbandonHandler;
-import org.apache.directory.server.newldap.handlers.AddHandler;
-import org.apache.directory.server.newldap.handlers.BindHandler;
import org.apache.directory.server.newldap.handlers.CompareHandler;
-import org.apache.directory.server.newldap.handlers.DefaultAbandonHandler;
-import org.apache.directory.server.newldap.handlers.DefaultAddHandler;
-import org.apache.directory.server.newldap.handlers.DefaultBindHandler;
import org.apache.directory.server.newldap.handlers.DefaultCompareHandler;
import org.apache.directory.server.newldap.handlers.DefaultDeleteHandler;
import org.apache.directory.server.newldap.handlers.DefaultExtendedHandler;
@@ -50,8 +43,12 @@
import org.apache.directory.server.newldap.handlers.DefaultUnbindHandler;
import org.apache.directory.server.newldap.handlers.DeleteHandler;
import org.apache.directory.server.newldap.handlers.ExtendedHandler;
+import org.apache.directory.server.newldap.handlers.LdapRequestHandler;
import org.apache.directory.server.newldap.handlers.ModifyDnHandler;
import org.apache.directory.server.newldap.handlers.ModifyHandler;
+import org.apache.directory.server.newldap.handlers.NewAbandonHandler;
+import org.apache.directory.server.newldap.handlers.NewAddHandler;
+import org.apache.directory.server.newldap.handlers.NewBindHandler;
import org.apache.directory.server.newldap.handlers.SearchHandler;
import org.apache.directory.server.newldap.handlers.UnbindHandler;
import org.apache.directory.server.newldap.handlers.bind.*;
@@ -102,6 +99,7 @@
import org.apache.mina.filter.codec.ProtocolDecoder;
import org.apache.mina.filter.codec.ProtocolEncoder;
import org.apache.mina.handler.demux.DemuxingIoHandler;
+import org.apache.mina.handler.demux.MessageHandler;
import org.apache.mina.transport.socket.nio.SocketAcceptorConfig;
import org.apache.mina.util.SessionLog;
import org.slf4j.Logger;
@@ -129,14 +127,10 @@
/** The default maximum time limit. */
private static final int MAX_TIME_LIMIT_DEFAULT = 10000;
- /**
- * The default service pid.
- */
+ /** The default service pid. */
private static final String SERVICE_PID_DEFAULT = "org.apache.directory.server.newldap";
- /**
- * The default service name.
- */
+ /** The default service name. */
private static final String SERVICE_NAME_DEFAULT = "ApacheDS LDAP Service";
/** The default IP port. */
@@ -145,20 +139,28 @@
/** the constant service name of this ldap protocol provider **/
public static final String SERVICE_NAME = "ldap";
+
+
/** a set of supported controls */
private Set<String> supportedControls;
- /** The maximum size limit. */
- private int maxSizeLimit = MAX_SIZE_LIMIT_DEFAULT; // set to default value
+ /**
+ * The maximum size limit.
+ * @see {@link LdapServer#MAX_SIZE_LIMIT_DEFAULT }
+ */
+ private int maxSizeLimit = MAX_SIZE_LIMIT_DEFAULT;
- /** The maximum time limit. */
- private int maxTimeLimit = MAX_TIME_LIMIT_DEFAULT; // set to default value (milliseconds)
+ /**
+ * The maximum time limit.
+ * @see {@link LdapServer#MAX_TIME_LIMIT_DEFAULT }
+ */
+ private int maxTimeLimit = MAX_TIME_LIMIT_DEFAULT;
- /** Whether LDAPS is enabled. */
+ /** Whether LDAPS is enabled: disabled by default. */
private boolean enableLdaps;
- /** Whether to allow anonymous access. */
- private boolean allowAnonymousAccess = true; // allow by default
+ /** Whether to allow anonymous access: enabled by default. */
+ private boolean allowAnonymousAccess = true;
/** The extended operation handlers. */
private final Collection<ExtendedOperationHandler> extendedOperationHandlers =
@@ -181,9 +183,9 @@
/** The list of realms serviced by this host. */
private List<String> saslRealms;
- private AbandonHandler abandonHandler;
- private AddHandler addHandler;
- private BindHandler bindHandler;
+ private LdapRequestHandler<AbandonRequest> abandonHandler;
+ private LdapRequestHandler<AddRequest> addHandler;
+ private LdapRequestHandler<BindRequest> bindHandler;
private CompareHandler compareHandler;
private DeleteHandler deleteHandler;
private ExtendedHandler extendedHandler;
@@ -193,15 +195,13 @@
private UnbindHandler unbindHandler;
- private SessionRegistry registry;
-
/** the underlying provider codec factory */
private ProtocolCodecFactory codecFactory;
/** the MINA protocol handler */
private final LdapProtocolHandler handler = new LdapProtocolHandler();
- /** tracks state of the server */
+ /** tracks start state of the server */
private boolean started;
@@ -240,18 +240,17 @@
{
if ( getAbandonHandler() == null )
{
- setAbandonHandler( new DefaultAbandonHandler() );
+ setAbandonHandler( new NewAbandonHandler() );
}
if ( getAddHandler() == null )
{
- setAddHandler( new DefaultAddHandler() );
+ setAddHandler( new NewAddHandler() );
}
if ( getBindHandler() == null )
{
- DefaultBindHandler handler = new DefaultBindHandler();
- handler.setSessionRegistry( registry );
+ NewBindHandler handler = new NewBindHandler();
handler.setSaslMechanismHandlers( saslMechanismHandlers );
setBindHandler( handler );
}
@@ -842,11 +841,6 @@
{
super.setDirectoryService( directoryService );
this.codecFactory = new ProtocolCodecFactoryImpl( directoryService );
- Hashtable<String,Object> copy = new Hashtable<String,Object>();
- copy.put( Context.PROVIDER_URL, "" );
- copy.put( Context.INITIAL_CONTEXT_FACTORY, "org.apache.directory.server.core.jndi.CoreContextFactory" );
- copy.put( DirectoryService.JNDI_KEY, directoryService );
- this.registry = new SessionRegistry( this, copy );
}
@@ -862,51 +856,47 @@
}
- public AbandonHandler getAbandonHandler()
+ public MessageHandler<AbandonRequest> getAbandonHandler()
{
return abandonHandler;
}
- public void setAbandonHandler( AbandonHandler abandonHandler )
+ public void setAbandonHandler( LdapRequestHandler<AbandonRequest> abandonHandler )
{
this.handler.removeMessageHandler( AbandonRequest.class );
this.abandonHandler = abandonHandler;
- this.abandonHandler.setProtocolProvider( this );
- //noinspection unchecked
+ this.abandonHandler.setLdapServer( this );
this.handler.addMessageHandler( AbandonRequest.class, this.abandonHandler );
}
- public AddHandler getAddHandler()
+ public LdapRequestHandler<AddRequest> getAddHandler()
{
return addHandler;
}
- public void setAddHandler( AddHandler addHandler )
+ public void setAddHandler( LdapRequestHandler<AddRequest> addHandler )
{
this.handler.removeMessageHandler( AddRequest.class );
this.addHandler = addHandler;
- this.addHandler.setProtocolProvider( this );
- //noinspection unchecked
+ this.addHandler.setLdapServer( this );
this.handler.addMessageHandler( AddRequest.class, this.addHandler );
}
- public BindHandler getBindHandler()
+ public LdapRequestHandler<BindRequest> getBindHandler()
{
return bindHandler;
}
- public void setBindHandler( BindHandler bindHandler )
+ public void setBindHandler( LdapRequestHandler<BindRequest> bindHandler )
{
this.handler.removeMessageHandler( BindRequest.class );
this.bindHandler = bindHandler;
- this.bindHandler.setProtocolProvider( this );
- this.bindHandler.setDirectoryService( getDirectoryService() );
- //noinspection unchecked
+ this.bindHandler.setLdapServer( this );
this.handler.addMessageHandler( BindRequest.class, this.bindHandler );
}
@@ -1023,12 +1013,6 @@
}
- public SessionRegistry getRegistry()
- {
- return registry;
- }
-
-
public boolean isStarted()
{
return started;
@@ -1073,7 +1057,7 @@
AttributeType type = attrRegistry.lookup( id );
return ! type.getSyntax().isHumanReadable();
}
- catch ( NamingException e )
+ catch ( Exception e )
{
return false;
}
@@ -1081,20 +1065,53 @@
}) );
}
}
+
+
+ Map<IoSession, LdapSession> ldapSessions = new ConcurrentHashMap<IoSession, LdapSession>( 100 );
+
+ public LdapSession removeLdapSession( IoSession session )
+ {
+ LdapSession ldapSession = null;
+
+ synchronized ( ldapSessions )
+ {
+ ldapSession = ldapSessions.remove( session );
+ }
+
+ if ( ldapSession != null )
+ {
+ ldapSession.abandonAllOutstandingRequests();
+ }
+
+ return ldapSession;
+ }
+
+
+ public LdapSession getLdapSession( IoSession session )
+ {
+ return ldapSessions.get( session );
+ }
+
+
private class LdapProtocolHandler extends DemuxingIoHandler
{
public void sessionCreated( IoSession session ) throws Exception
{
- session.setAttribute( LdapServer.class.toString(), LdapServer.this );
+ LdapSession ldapSession = new LdapSession( session );
IoFilterChain filters = session.getFilterChain();
filters.addLast( "codec", new ProtocolCodecFilter( codecFactory ) );
+
+ synchronized( ldapSessions )
+ {
+ ldapSessions.put( session, ldapSession );
+ }
}
public void sessionClosed( IoSession session )
{
- registry.remove( session );
+ removeLdapSession( session );
}
@@ -1159,7 +1176,7 @@
SessionLog.warn( session,
"Unexpected exception forcing session to close: sending disconnect notice to client.", cause );
session.write( NoticeOfDisconnect.PROTOCOLERROR );
- registry.remove( session );
+ removeLdapSession( session );
session.close();
}
}
Modified: directory/apacheds/branches/bigbang/protocol-newldap/src/main/java/org/apache/directory/server/newldap/LdapSession.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/bigbang/protocol-newldap/src/main/java/org/apache/directory/server/newldap/LdapSession.java?rev=664425&r1=664424&r2=664425&view=diff
==============================================================================
--- directory/apacheds/branches/bigbang/protocol-newldap/src/main/java/org/apache/directory/server/newldap/LdapSession.java (original)
+++ directory/apacheds/branches/bigbang/protocol-newldap/src/main/java/org/apache/directory/server/newldap/LdapSession.java Sat Jun 7 19:15:44 2008
@@ -24,7 +24,6 @@
import java.util.concurrent.ConcurrentHashMap;
import org.apache.directory.server.core.CoreSession;
-import org.apache.directory.shared.ldap.message.AbandonRequest;
import org.apache.directory.shared.ldap.message.AbandonableRequest;
import org.apache.mina.common.IoSession;
import org.slf4j.Logger;
@@ -41,7 +40,8 @@
public class LdapSession
{
private static final Logger LOG = LoggerFactory.getLogger( LdapSession.class );
- private static boolean IS_DEBUG = LOG.isDebugEnabled();
+ private static final AbandonableRequest[] EMPTY_ABANDONABLES = new AbandonableRequest[0];
+ private static final boolean IS_DEBUG = LOG.isDebugEnabled();
private final String outstandingLock;
private final IoSession ioSession;
@@ -63,6 +63,12 @@
}
+ public boolean isAuthenticated()
+ {
+ return coreSession != null;
+ }
+
+
/**
* Gets the MINA IoSession associated with this LdapSession.
*
@@ -96,36 +102,56 @@
this.coreSession = coreSession;
}
+
+ /**
+ * Abandons all outstanding requests associated with this session.
+ */
+ public void abandonAllOutstandingRequests()
+ {
+ synchronized ( outstandingLock )
+ {
+ AbandonableRequest[] abandonables = outstandingRequests.values().toArray( EMPTY_ABANDONABLES );
+
+ for ( AbandonableRequest abandonable : abandonables )
+ {
+ abandonOutstandingRequest( abandonable.getMessageId() );
+ }
+ }
+ }
+
- public boolean abandonOutstandingRequest( AbandonRequest abandonRequest )
+ /**
+ * Abandons a specific request by messageId.
+ */
+ public AbandonableRequest abandonOutstandingRequest( Integer messageId )
{
AbandonableRequest request = null;
synchronized ( outstandingLock )
{
- request = outstandingRequests.remove( abandonRequest.getMessageId() );
+ request = outstandingRequests.remove( messageId );
}
if ( request == null )
{
- LOG.warn( "AbandonableRequest not found in outstandingRequests: {}", abandonRequest );
- return false;
+ LOG.warn( "AbandonableRequest with messageId {} not found in outstandingRequests.", messageId );
+ return null;
}
if ( request.isAbandoned() )
{
- LOG.warn( "AbandonableRequest has already been abandoned: {}", abandonRequest );
- return false;
+ LOG.warn( "AbandonableRequest with messageId {} has already been abandoned", messageId );
+ return request;
}
request.abandon();
if ( IS_DEBUG )
{
- LOG.debug( "AbandonRequest successful: {}", abandonRequest );
+ LOG.debug( "AbandonRequest on AbandonableRequest wth messageId {} was successful.", messageId );
}
- return true;
+ return request;
}
Modified: directory/apacheds/branches/bigbang/protocol-newldap/src/main/java/org/apache/directory/server/newldap/handlers/LdapRequestHandler.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/bigbang/protocol-newldap/src/main/java/org/apache/directory/server/newldap/handlers/LdapRequestHandler.java?rev=664425&r1=664424&r2=664425&view=diff
==============================================================================
--- directory/apacheds/branches/bigbang/protocol-newldap/src/main/java/org/apache/directory/server/newldap/handlers/LdapRequestHandler.java (original)
+++ directory/apacheds/branches/bigbang/protocol-newldap/src/main/java/org/apache/directory/server/newldap/handlers/LdapRequestHandler.java Sat Jun 7 19:15:44 2008
@@ -20,28 +20,27 @@
package org.apache.directory.server.newldap.handlers;
-import java.util.HashMap;
-import java.util.Map;
-
import org.apache.directory.server.core.CoreSession;
-import org.apache.directory.server.newldap.LdapProtocolConstants;
import org.apache.directory.server.newldap.LdapServer;
-import org.apache.directory.shared.ldap.message.AbandonableRequest;
+import org.apache.directory.server.newldap.LdapSession;
+import org.apache.directory.shared.ldap.codec.bind.BindRequest;
import org.apache.directory.shared.ldap.message.Request;
+import org.apache.directory.shared.ldap.message.ResultCodeEnum;
+import org.apache.directory.shared.ldap.message.ResultResponse;
+import org.apache.directory.shared.ldap.message.ResultResponseRequest;
import org.apache.mina.common.IoSession;
import org.apache.mina.handler.demux.MessageHandler;
/**
- * A base class for all handlers.
+ * A base class for all LDAP request handlers.
*
* @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
* @version $Rev: 541827 $
*/
-public abstract class LdapRequestHandler<T extends Request> implements MessageHandler<T>, LdapProtocolConstants
+public abstract class LdapRequestHandler<T extends Request> implements MessageHandler<T>
{
- private Object outstandingLock;
- private LdapServer ldapServer;
+ protected LdapServer ldapServer;
public final LdapServer getLdapServer()
@@ -50,72 +49,60 @@
}
- public final void setLdapServer( LdapServer provider )
- {
- this.ldapServer = provider;
- }
-
-
- public final CoreSession getCoreSession( IoSession session )
- {
- return ( CoreSession ) session.getAttribute( CORE_SESSION_KEY );
- }
-
-
- public final void setCoreSession( IoSession session, CoreSession coreSession )
+ public final void setLdapServer( LdapServer ldapServer )
{
- session.setAttribute( CORE_SESSION_KEY, coreSession );
+ this.ldapServer = ldapServer;
}
-
-
- @SuppressWarnings("unchecked")
- public final AbandonableRequest getOutstandingRequest( IoSession session, Integer id )
+
+
+ /**
+ * TODO - add notes about how this protects against unauthorized access
+ * and sets up the ldapSession's coreConte.
+ */
+ public final void messageReceived( IoSession session, T message ) throws Exception
{
- synchronized( outstandingLock )
+ LdapSession ldapSession = ldapServer.getLdapSession( session );
+
+ if ( ! ( message instanceof BindRequest ) )
{
- Map<Integer, AbandonableRequest> outstanding = ( Map<Integer, AbandonableRequest> ) session.getAttribute( OUTSTANDING_KEY );
+ CoreSession coreSession = null;
- if ( outstanding == null )
+ /*
+ * All requests except bind automatically presume the authentication
+ * is anonymous if the session has not been authenticated. Hence a
+ * default bind is presumed as the anonymous identity.
+ */
+ if ( ldapSession.isAuthenticated() )
{
- return null;
+ coreSession = ldapSession.getCoreSession();
}
-
- return outstanding.get( id );
- }
- }
-
-
- @SuppressWarnings("unchecked")
- public final AbandonableRequest removeOutstandingRequest( IoSession session, Integer id )
- {
- synchronized( outstandingLock )
- {
- Map<Integer, AbandonableRequest> outstanding = ( Map<Integer, AbandonableRequest> ) session.getAttribute( OUTSTANDING_KEY );
-
- if ( outstanding == null )
+ else
{
- return null;
+ coreSession = getLdapServer().getDirectoryService().getSession();
+ ldapSession.setCoreSession( coreSession );
}
- return outstanding.remove( id );
- }
- }
-
-
- @SuppressWarnings("unchecked")
- public void setOutstandingRequest( IoSession session, AbandonableRequest request )
- {
- synchronized( outstandingLock )
- {
- Map<Integer, AbandonableRequest> outstanding = ( Map<Integer, AbandonableRequest> ) session.getAttribute( OUTSTANDING_KEY );
-
- if ( outstanding == null )
+ /*
+ * Perform checks to see if anonymous access is allowed and enforce
+ * anonymous policy.
+ */
+ if ( coreSession.isAnonymous() && ! ldapServer.isAllowAnonymousAccess() )
{
- outstanding = new HashMap<Integer, AbandonableRequest>();
- session.setAttribute( OUTSTANDING_KEY, outstanding );
+ if ( message instanceof ResultResponseRequest )
+ {
+ ResultResponse response = ( ( ResultResponseRequest ) message ).getResultResponse();
+ response.getLdapResult().setErrorMessage( "Anonymous access disabled." );
+ response.getLdapResult().setResultCode( ResultCodeEnum.INSUFFICIENT_ACCESS_RIGHTS );
+ ldapSession.getIoSession().write( response );
+ }
+
+ return;
}
-
- outstanding.put( request.getMessageId(), request );
}
+
+ handle( ldapSession, message );
}
+
+
+ public abstract void handle( LdapSession session, T message ) throws Exception;
}
Modified: directory/apacheds/branches/bigbang/protocol-newldap/src/main/java/org/apache/directory/server/newldap/handlers/NewAbandonHandler.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/bigbang/protocol-newldap/src/main/java/org/apache/directory/server/newldap/handlers/NewAbandonHandler.java?rev=664425&r1=664424&r2=664425&view=diff
==============================================================================
--- directory/apacheds/branches/bigbang/protocol-newldap/src/main/java/org/apache/directory/server/newldap/handlers/NewAbandonHandler.java (original)
+++ directory/apacheds/branches/bigbang/protocol-newldap/src/main/java/org/apache/directory/server/newldap/handlers/NewAbandonHandler.java Sat Jun 7 19:15:44 2008
@@ -20,11 +20,8 @@
package org.apache.directory.server.newldap.handlers;
+import org.apache.directory.server.newldap.LdapSession;
import org.apache.directory.shared.ldap.message.AbandonRequest;
-import org.apache.directory.shared.ldap.message.AbandonableRequest;
-import org.apache.mina.common.IoSession;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
/**
@@ -35,17 +32,11 @@
*/
public class NewAbandonHandler extends LdapRequestHandler<AbandonRequest>
{
- private static final Logger LOG = LoggerFactory.getLogger( NewAbandonHandler.class );
-
- /** Speedup for logs */
- private static final boolean IS_DEBUG = LOG.isDebugEnabled();
-
-
- /* (non-Javadoc)
- * @see org.apache.mina.handler.demux.MessageHandler#messageReceived(
- * org.apache.mina.common.IoSession, java.lang.Object)
+ /**
+ * @see org.apache.directory.server.newldap.handlers.LdapRequestHandler#
+ * handle(org.apache.directory.server.newldap.LdapSession, org.apache.directory.shared.ldap.message.Request)
*/
- public void messageReceived( IoSession session, AbandonRequest request ) throws Exception
+ public void handle( LdapSession session, AbandonRequest request ) throws Exception
{
int abandonedId = request.getAbandoned();
@@ -54,23 +45,6 @@
return;
}
- AbandonableRequest abandonedRequest = getOutstandingRequest( session, abandonedId );
-
- if ( abandonedRequest == null )
- {
- if ( LOG.isWarnEnabled() )
- {
- LOG.warn( "{}: Cannot find outstanding request {} to abandon.", session, request.getAbandoned() );
- }
-
- return;
- }
-
- abandonedRequest.abandon();
-
- if ( IS_DEBUG )
- {
- LOG.debug( "{}: Request {} was successfully flagged as abandoned.", abandonedRequest );
- }
+ session.abandonOutstandingRequest( request.getMessageId() );
}
}
Modified: directory/apacheds/branches/bigbang/protocol-newldap/src/main/java/org/apache/directory/server/newldap/handlers/NewAddHandler.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/bigbang/protocol-newldap/src/main/java/org/apache/directory/server/newldap/handlers/NewAddHandler.java?rev=664425&r1=664424&r2=664425&view=diff
==============================================================================
--- directory/apacheds/branches/bigbang/protocol-newldap/src/main/java/org/apache/directory/server/newldap/handlers/NewAddHandler.java (original)
+++ directory/apacheds/branches/bigbang/protocol-newldap/src/main/java/org/apache/directory/server/newldap/handlers/NewAddHandler.java Sat Jun 7 19:15:44 2008
@@ -23,21 +23,19 @@
import javax.naming.NamingException;
import javax.naming.ReferralException;
-import org.apache.directory.server.core.CoreSession;
import org.apache.directory.server.core.entry.ServerEntry;
import org.apache.directory.server.core.entry.ServerEntryUtils;
import org.apache.directory.server.core.interceptor.context.AddOperationContext;
+import org.apache.directory.server.newldap.LdapSession;
import org.apache.directory.shared.ldap.exception.LdapException;
-import org.apache.directory.shared.ldap.exception.LdapNoPermissionException;
import org.apache.directory.shared.ldap.message.AddRequest;
import org.apache.directory.shared.ldap.message.LdapResult;
import org.apache.directory.shared.ldap.message.ReferralImpl;
-import org.apache.directory.shared.ldap.message.Request;
-import org.apache.directory.shared.ldap.message.Response;
import org.apache.directory.shared.ldap.message.ResultCodeEnum;
import org.apache.directory.shared.ldap.name.LdapDN;
import org.apache.directory.shared.ldap.util.ExceptionUtils;
-import org.apache.mina.common.IoSession;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
import static org.apache.directory.server.newldap.LdapProtocolUtils.*;
@@ -50,33 +48,25 @@
*/
public class NewAddHandler extends LdapRequestHandler<AddRequest>
{
- /* (non-Javadoc)
- * @see org.apache.mina.handler.demux.MessageHandler#messageReceived(org.apache.mina.common.IoSession,
- * java.lang.Object)
+ private static final Logger LOG = LoggerFactory.getLogger( NewAddHandler.class );
+
+
+ /**
+ * (non-Javadoc)
+ * @see org.apache.directory.server.newldap.handlers.LdapRequestHandler#
+ * handle(org.apache.directory.server.newldap.LdapSession, org.apache.directory.shared.ldap.message.Request)
*/
- public void messageReceived( IoSession session, AddRequest request ) throws Exception
+ public void handle( LdapSession session, AddRequest request ) throws Exception
{
LdapResult result = request.getResultResponse().getLdapResult();
- CoreSession coreSession = getCoreSession( session );
-
- if ( ! getLdapServer().isAllowAnonymousAccess() )
- {
- throw new LdapNoPermissionException( "Anonymous binds have been disabled!" );
- }
-
- if ( coreSession == null )
- {
- coreSession = getLdapServer().getDirectoryService().getSession();
- setCoreSession( session, coreSession );
- }
-
+
try
{
ServerEntry entry = ServerEntryUtils.toServerEntry( request.getAttributes(), request.getEntry(),
- coreSession.getDirectoryService().getRegistries() );
- AddOperationContext opContext = new AddOperationContext( coreSession, entry );
+ session.getCoreSession().getDirectoryService().getRegistries() );
+ AddOperationContext opContext = new AddOperationContext( session.getCoreSession(), entry );
setRequestControls( opContext, request );
- coreSession.getDirectoryService().getOperationManager().add( opContext );
+ session.getCoreSession().getDirectoryService().getOperationManager().add( opContext );
setResponseControls( opContext, request.getResultResponse() );
}
catch( ReferralException e )
@@ -97,7 +87,7 @@
}
while ( e.skipReferral() );
- session.write( request.getResultResponse() );
+ session.getIoSession().write( request.getResultResponse() );
}
catch ( Throwable t )
{
@@ -115,10 +105,10 @@
result.setResultCode( resultCode );
String msg = session + "failed to add entry " + request.getEntry() + ": " + t.getMessage();
-// if ( LOG.isDebugEnabled() )
-// {
-// msg += ":\n" + ExceptionUtils.getStackTrace( t );
-// }
+ if ( LOG.isDebugEnabled() )
+ {
+ msg += ":\n" + ExceptionUtils.getStackTrace( t );
+ }
result.setErrorMessage( msg );
result.setErrorMessage( msg );
@@ -138,18 +128,15 @@
{
result.setMatchedDn( ( LdapDN ) ne.getResolvedName() );
}
- else
- {
-// coreSession.getMatchedDn( request.getEntry() );
- }
}
else
{
-
+ // TODO - add ability to get the matched DN from the core via the session
+// coreSession.getMatchedDn( request.getEntry() );
}
}
- session.write( request.getResultResponse() );
+ session.getIoSession().write( request.getResultResponse() );
}
}
}
Added: directory/apacheds/branches/bigbang/protocol-newldap/src/main/java/org/apache/directory/server/newldap/handlers/NewBindHandler.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/bigbang/protocol-newldap/src/main/java/org/apache/directory/server/newldap/handlers/NewBindHandler.java?rev=664425&view=auto
==============================================================================
--- directory/apacheds/branches/bigbang/protocol-newldap/src/main/java/org/apache/directory/server/newldap/handlers/NewBindHandler.java (added)
+++ directory/apacheds/branches/bigbang/protocol-newldap/src/main/java/org/apache/directory/server/newldap/handlers/NewBindHandler.java Sat Jun 7 19:15:44 2008
@@ -0,0 +1,375 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.directory.server.newldap.handlers;
+
+
+import java.util.HashMap;
+import java.util.Map;
+import java.util.Set;
+
+import javax.security.auth.Subject;
+import javax.security.auth.kerberos.KerberosKey;
+import javax.security.auth.kerberos.KerberosPrincipal;
+import javax.security.sasl.Sasl;
+import javax.security.sasl.SaslException;
+import javax.security.sasl.SaslServer;
+
+import org.apache.commons.lang.NotImplementedException;
+import org.apache.directory.server.core.DirectoryService;
+import org.apache.directory.server.core.interceptor.context.BindOperationContext;
+import org.apache.directory.server.kerberos.shared.crypto.encryption.EncryptionType;
+import org.apache.directory.server.kerberos.shared.messages.value.EncryptionKey;
+import org.apache.directory.server.kerberos.shared.store.PrincipalStoreEntry;
+import org.apache.directory.server.kerberos.shared.store.operations.GetPrincipal;
+import org.apache.directory.server.newldap.LdapProtocolUtils;
+import org.apache.directory.server.newldap.LdapServer;
+import org.apache.directory.server.newldap.LdapSession;
+import org.apache.directory.server.newldap.handlers.bind.MechanismHandler;
+import org.apache.directory.server.protocol.shared.ServiceConfigurationException;
+import org.apache.directory.shared.ldap.constants.SupportedSaslMechanisms;
+import org.apache.directory.shared.ldap.message.BindRequest;
+import org.apache.directory.shared.ldap.message.BindResponse;
+import org.apache.directory.shared.ldap.message.LdapResult;
+import org.apache.directory.shared.ldap.message.ResultCodeEnum;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+
+/**
+ * A single reply handler for {@link BindRequest}s.
+ *
+ * Implements server-side of RFC 2222, sections 4.2 and 4.3.
+ *
+ * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
+ * @version $Rev: 664302 $, $Date: 2008-06-07 04:44:00 -0400 (Sat, 07 Jun 2008) $
+ */
+public class NewBindHandler extends LdapRequestHandler<BindRequest>
+{
+ private static final Logger LOG = LoggerFactory.getLogger( NewBindHandler.class );
+
+ /** A Hashed Adapter mapping SASL mechanisms to their handlers. */
+ private Map<String, MechanismHandler> handlers;
+
+
+ /**
+ * Set the mechanisms handler map.
+ *
+ * @param handlers The associations btween a machanism and its handler
+ */
+ public void setSaslMechanismHandlers( Map<String, MechanismHandler> handlers )
+ {
+ this.handlers = handlers;
+ }
+
+
+ /**
+ * Handle the SASL authentication.
+ *
+ * @param session The associated Session
+ * @param message The BindRequest received
+ * @throws Exception If the authentication cannot be done
+ */
+ public void handleSaslAuth( LdapSession session, BindRequest message ) throws Exception
+ {
+ Map<String, String> saslProps = new HashMap<String, String>();
+ saslProps.put( Sasl.QOP, ldapServer.getSaslQopString() );
+ saslProps.put( "com.sun.security.sasl.digest.realm", getActiveRealms( ldapServer ) );
+ session.getIoSession().setAttribute( "saslProps", saslProps );
+
+ session.getIoSession().setAttribute( "saslHost", ldapServer.getSaslHost() );
+ session.getIoSession().setAttribute( "baseDn", ldapServer.getSearchBaseDn() );
+
+ Set<String> activeMechanisms = ldapServer.getSupportedMechanisms();
+
+ if ( activeMechanisms.contains( SupportedSaslMechanisms.GSSAPI ) )
+ {
+ try
+ {
+ Subject saslSubject = getSubject( ldapServer );
+ session.getIoSession().setAttribute( "saslSubject", saslSubject );
+ }
+ catch ( ServiceConfigurationException sce )
+ {
+ activeMechanisms.remove( "GSSAPI" );
+ LOG.warn( sce.getMessage() );
+ }
+ }
+
+ BindRequest bindRequest = ( BindRequest ) message;
+
+ // Guard clause: Reject unsupported SASL mechanisms.
+ if ( ! ldapServer.getSupportedMechanisms().contains( bindRequest.getSaslMechanism() ) )
+ {
+ LOG.error( "Bind error : {} mechanism not supported. Please check the server.xml " +
+ "configuration file (supportedMechanisms field)",
+ bindRequest.getSaslMechanism() );
+
+ LdapResult bindResult = bindRequest.getResultResponse().getLdapResult();
+ bindResult.setResultCode( ResultCodeEnum.AUTH_METHOD_NOT_SUPPORTED );
+ bindResult.setErrorMessage( bindRequest.getSaslMechanism() + " is not a supported mechanism." );
+ session.getIoSession().write( bindRequest.getResultResponse() );
+ return;
+ }
+
+ handleSasl( session, bindRequest );
+ }
+
+
+ /**
+ * Deal with a SASL bind request
+ *
+ * @param session The IoSession for this Bind Request
+ * @param bindRequest The BindRequest received
+ *
+ * @exception Exception if the mechanism cannot handle the authentication
+ */
+ public void handleSasl( LdapSession session, BindRequest bindRequest ) throws Exception
+ {
+ DirectoryService ds = getLdapServer().getDirectoryService();
+ String sessionMechanism = bindRequest.getSaslMechanism();
+
+ if ( sessionMechanism.equals( SupportedSaslMechanisms.PLAIN ) )
+ {
+ // TODO - figure out what to provide for the saslAuthId here
+ session.setCoreSession( ds.getSession( bindRequest.getName(), bindRequest.getCredentials(),
+ sessionMechanism, null ) );
+ }
+ else
+ {
+ MechanismHandler mechanismHandler = handlers.get( sessionMechanism );
+
+ if ( mechanismHandler == null )
+ {
+ LOG.error( "Handler unavailable for " + sessionMechanism );
+ throw new IllegalArgumentException( "Handler unavailable for " + sessionMechanism );
+ }
+
+ SaslServer ss = mechanismHandler.handleMechanism( session, bindRequest );
+ LdapResult result = bindRequest.getResultResponse().getLdapResult();
+
+ if ( ! ss.isComplete() )
+ {
+ try
+ {
+ /*
+ * SaslServer will throw an exception if the credentials are null.
+ */
+ if ( bindRequest.getCredentials() == null )
+ {
+ bindRequest.setCredentials( new byte[0] );
+ }
+
+ byte[] tokenBytes = ss.evaluateResponse( bindRequest.getCredentials() );
+
+ if ( ss.isComplete() )
+ {
+ if ( tokenBytes != null )
+ {
+ /*
+ * There may be a token to return to the client. We set it here
+ * so it will be returned in a SUCCESS message, after an LdapContext
+ * has been initialized for the client.
+ */
+ session.getIoSession().setAttribute( "saslCreds", tokenBytes );
+ }
+
+ /*
+ * If we got here, we're ready to try getting a core session.
+ */
+ // TODO - figure out what to provide for the saslAuthId here
+ session.setCoreSession( ds.getSession( bindRequest.getName(), bindRequest.getCredentials(),
+ sessionMechanism, null ) );
+ }
+ else
+ {
+ LOG.info( "Continuation token had length " + tokenBytes.length );
+ result.setResultCode( ResultCodeEnum.SASL_BIND_IN_PROGRESS );
+ BindResponse resp = ( BindResponse ) bindRequest.getResultResponse();
+ resp.setServerSaslCreds( tokenBytes );
+ session.getIoSession().write( resp );
+ LOG.debug( "Returning final authentication data to client to complete context." );
+ }
+ }
+ catch ( SaslException se )
+ {
+ LOG.error( se.getMessage() );
+ result.setResultCode( ResultCodeEnum.INVALID_CREDENTIALS );
+ result.setErrorMessage( se.getMessage() );
+ session.getIoSession().write( bindRequest.getResultResponse() );
+ }
+ }
+ }
+ }
+
+
+ /**
+ * Create a list of all the configured realms.
+ *
+ * @param ldapServer the LdapServer for which we want to get the realms
+ * @return a list of relms, separated by spaces
+ */
+ private String getActiveRealms( LdapServer ldapServer )
+ {
+ StringBuilder realms = new StringBuilder();
+ boolean isFirst = true;
+
+ for ( String realm:ldapServer.getSaslRealms() )
+ {
+ if ( isFirst )
+ {
+ isFirst = false;
+ }
+ else
+ {
+ realms.append( ' ' );
+ }
+
+ realms.append( realm );
+ }
+
+ return realms.toString();
+ }
+
+
+ private Subject getSubject( LdapServer ldapServer ) throws Exception
+ {
+ String servicePrincipalName = ldapServer.getSaslPrincipal();
+
+ KerberosPrincipal servicePrincipal = new KerberosPrincipal( servicePrincipalName );
+ GetPrincipal getPrincipal = new GetPrincipal( servicePrincipal );
+
+ PrincipalStoreEntry entry = null;
+
+ try
+ {
+ entry = findPrincipal( ldapServer, getPrincipal );
+ }
+ catch ( ServiceConfigurationException sce )
+ {
+ String message = "Service principal " + servicePrincipalName + " not found at search base DN "
+ + ldapServer.getSearchBaseDn() + ".";
+ throw new ServiceConfigurationException( message, sce );
+ }
+
+ if ( entry == null )
+ {
+ String message = "Service principal " + servicePrincipalName + " not found at search base DN "
+ + ldapServer.getSearchBaseDn() + ".";
+ throw new ServiceConfigurationException( message );
+ }
+
+ Subject subject = new Subject();
+
+ for ( EncryptionType encryptionType:entry.getKeyMap().keySet() )
+ {
+ EncryptionKey key = entry.getKeyMap().get( encryptionType );
+
+ byte[] keyBytes = key.getKeyValue();
+ int type = key.getKeyType().getOrdinal();
+ int kvno = key.getKeyVersion();
+
+ KerberosKey serviceKey = new KerberosKey( servicePrincipal, keyBytes, type, kvno );
+
+ subject.getPrivateCredentials().add( serviceKey );
+ }
+
+ return subject;
+ }
+
+
+ private PrincipalStoreEntry findPrincipal( LdapServer ldapServer, GetPrincipal getPrincipal ) throws Exception
+ {
+// if ( ctx == null )
+// {
+// try
+// {
+// LdapDN adminDN = new LdapDN( ServerDNConstants.ADMIN_SYSTEM_DN );
+//
+// adminDN.normalize(
+// ldapServer.getDirectoryService().getRegistries().getAttributeTypeRegistry().getNormalizerMapping() );
+// LdapPrincipal principal = new LdapPrincipal( adminDN, AuthenticationLevel.SIMPLE );
+//
+// CoreSession adminSession = getLdapServer().getDirectoryService().getAdminSession();
+//
+// ctx = new ServerLdapContext( ldapServer.getDirectoryService(), principal,
+// new LdapDN( ldapServer.getSearchBaseDn() ) );
+// }
+// catch ( NamingException ne )
+// {
+// String message = "Failed to get initial context " + ldapServer.getSearchBaseDn();
+// throw new ServiceConfigurationException( message, ne );
+// }
+// }
+//
+// return ( PrincipalStoreEntry ) getPrincipal.execute( ctx, null );
+ throw new NotImplementedException();
+ }
+
+
+ /**
+ * Deal with a received BindRequest
+ *
+ * @param session The current session
+ * @param bindRequest The received BindRequest
+ * @throws Exception If the authentication cannot be handled
+ */
+ @Override
+ public void handle( LdapSession session, BindRequest bindRequest ) throws Exception
+ {
+ LOG.debug( "Received: {}", bindRequest );
+
+ // Guard clause: LDAP version 3
+ if ( ! bindRequest.getVersion3() )
+ {
+ LOG.error( "Bind error : Only LDAP v3 is supported." );
+ LdapResult bindResult = bindRequest.getResultResponse().getLdapResult();
+ bindResult.setResultCode( ResultCodeEnum.PROTOCOL_ERROR );
+ bindResult.setErrorMessage( "Only LDAP v3 is supported." );
+ session.getIoSession().write( bindRequest.getResultResponse() );
+ return;
+ }
+
+
+ // Deal with the two kinds of authentication :
+ // - if it's simple, handle it in this class for speed
+ // - for SASL, we go through a chain right now (but it may change in the near future)
+ if ( bindRequest.isSimple() )
+ {
+ BindOperationContext opContext = new BindOperationContext( null );
+ opContext.setCredentials( bindRequest.getCredentials() );
+ opContext.setDn( bindRequest.getName() );
+ LdapProtocolUtils.setRequestControls( opContext, bindRequest );
+ getLdapServer().getDirectoryService().getOperationManager().bind( opContext );
+ session.setCoreSession( opContext.getSession() );
+
+ BindResponse response = ( BindResponse ) bindRequest.getResultResponse();
+ response.getLdapResult().setResultCode( ResultCodeEnum.SUCCESS );
+ LdapProtocolUtils.setResponseControls( opContext, response );
+
+ session.getIoSession().write( response );
+ LOG.debug( "Returned SUCCESS message." );
+ }
+ else
+ {
+ handleSaslAuth( session, bindRequest );
+ }
+ }
+}
Added: directory/apacheds/branches/bigbang/protocol-newldap/src/main/java/org/apache/directory/server/newldap/handlers/NewCompareHandler.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/bigbang/protocol-newldap/src/main/java/org/apache/directory/server/newldap/handlers/NewCompareHandler.java?rev=664425&view=auto
==============================================================================
--- directory/apacheds/branches/bigbang/protocol-newldap/src/main/java/org/apache/directory/server/newldap/handlers/NewCompareHandler.java (added)
+++ directory/apacheds/branches/bigbang/protocol-newldap/src/main/java/org/apache/directory/server/newldap/handlers/NewCompareHandler.java Sat Jun 7 19:15:44 2008
@@ -0,0 +1,146 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.directory.server.newldap.handlers;
+
+
+import javax.naming.Context;
+import javax.naming.NamingException;
+import javax.naming.ReferralException;
+import javax.naming.ldap.LdapContext;
+
+import org.apache.directory.server.core.jndi.ServerLdapContext;
+import org.apache.directory.server.newldap.LdapSession;
+import org.apache.directory.shared.ldap.exception.LdapException;
+import org.apache.directory.shared.ldap.message.CompareRequest;
+import org.apache.directory.shared.ldap.message.LdapResult;
+import org.apache.directory.shared.ldap.message.ManageDsaITControl;
+import org.apache.directory.shared.ldap.message.ReferralImpl;
+import org.apache.directory.shared.ldap.message.ResultCodeEnum;
+import org.apache.directory.shared.ldap.name.LdapDN;
+import org.apache.directory.shared.ldap.util.ExceptionUtils;
+import org.apache.mina.common.IoSession;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+
+/**
+ * A single reply handler for {@link CompareRequest}s.
+ *
+ * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
+ * @version $Rev: 664302 $
+ */
+public class NewCompareHandler extends LdapRequestHandler<CompareRequest>
+{
+ private static final Logger LOG = LoggerFactory.getLogger( NewCompareHandler.class );
+
+
+ /** Speedup for logs */
+ private static final boolean IS_DEBUG = LOG.isDebugEnabled();
+
+
+ public void handle( LdapSession session, CompareRequest req ) throws Exception
+ {
+ LdapResult result = req.getResultResponse().getLdapResult();
+
+ try
+ {
+ LdapContext ctx = getSessionRegistry().getLdapContext( session, null, true );
+ ServerLdapContext newCtx = ( ServerLdapContext ) ctx.lookup( "" );
+
+ if ( req.getControls().containsKey( ManageDsaITControl.CONTROL_OID ) )
+ {
+ newCtx.addToEnvironment( Context.REFERRAL, "ignore" );
+ }
+ else
+ {
+ newCtx.addToEnvironment( Context.REFERRAL, "throw" );
+ }
+
+ // Inject controls into the context
+ setRequestControls( newCtx, req );
+
+ if ( newCtx.compare( req.getName(), req.getAttributeId(), req.getAssertionValue() ) )
+ {
+ result.setResultCode( ResultCodeEnum.COMPARE_TRUE );
+ }
+ else
+ {
+ result.setResultCode( ResultCodeEnum.COMPARE_FALSE );
+ }
+
+ result.setMatchedDn( req.getName() );
+ req.getResultResponse().addAll( newCtx.getResponseControls() );
+ session.write( req.getResultResponse() );
+ }
+ catch ( ReferralException e )
+ {
+ ReferralImpl refs = new ReferralImpl();
+ result.setReferral( refs );
+ result.setResultCode( ResultCodeEnum.REFERRAL );
+ result.setErrorMessage( "Encountered referral attempting to handle compare request." );
+
+ result.setMatchedDn( (LdapDN)e.getResolvedName() );
+
+ do
+ {
+ refs.addLdapUrl( ( String ) e.getReferralInfo() );
+ }
+ while ( e.skipReferral() );
+ session.write( req.getResultResponse() );
+ }
+ catch ( Exception e )
+ {
+ String msg = "failed to compare entry " + req.getName() + ": " + e.getMessage();
+
+ if ( IS_DEBUG )
+ {
+ msg += ":\n" + ExceptionUtils.getStackTrace( e );
+ }
+
+ ResultCodeEnum code;
+
+ if ( e instanceof LdapException )
+ {
+ code = ( ( LdapException ) e ).getResultCode();
+ }
+ else
+ {
+ code = ResultCodeEnum.getBestEstimate( e, req.getType() );
+ }
+
+ result.setResultCode( code );
+ result.setErrorMessage( msg );
+
+ if ( e instanceof NamingException )
+ {
+ NamingException ne = ( NamingException ) e;
+
+ if ( ( ne.getResolvedName() != null )
+ && ( ( code == ResultCodeEnum.NO_SUCH_OBJECT ) || ( code == ResultCodeEnum.ALIAS_PROBLEM )
+ || ( code == ResultCodeEnum.INVALID_DN_SYNTAX ) || ( code == ResultCodeEnum.ALIAS_DEREFERENCING_PROBLEM ) ) )
+ {
+ result.setMatchedDn( (LdapDN)ne.getResolvedName() );
+ }
+ }
+
+ session.write( req.getResultResponse() );
+ }
+ }
+}
\ No newline at end of file
Propchange: directory/apacheds/branches/bigbang/protocol-newldap/src/main/java/org/apache/directory/server/newldap/handlers/NewCompareHandler.java
------------------------------------------------------------------------------
svn:eol-style = native
Modified: directory/apacheds/branches/bigbang/protocol-newldap/src/main/java/org/apache/directory/server/newldap/handlers/bind/MechanismHandler.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/bigbang/protocol-newldap/src/main/java/org/apache/directory/server/newldap/handlers/bind/MechanismHandler.java?rev=664425&r1=664424&r2=664425&view=diff
==============================================================================
--- directory/apacheds/branches/bigbang/protocol-newldap/src/main/java/org/apache/directory/server/newldap/handlers/bind/MechanismHandler.java (original)
+++ directory/apacheds/branches/bigbang/protocol-newldap/src/main/java/org/apache/directory/server/newldap/handlers/bind/MechanismHandler.java Sat Jun 7 19:15:44 2008
@@ -22,8 +22,8 @@
import javax.security.sasl.SaslServer;
+import org.apache.directory.server.newldap.LdapSession;
import org.apache.directory.shared.ldap.message.BindRequest;
-import org.apache.mina.common.IoSession;
/**
@@ -50,5 +50,5 @@
* @return The {@link SaslServer} to use for the duration of the bound session.
* @throws Exception
*/
- public SaslServer handleMechanism( IoSession session, BindRequest bindRequest ) throws Exception;
+ public SaslServer handleMechanism( LdapSession session, BindRequest bindRequest ) throws Exception;
}