You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by el...@apache.org on 2012/01/24 17:37:30 UTC
svn commit: r1235340 [1/2] - in
/directory/apacheds/trunk/interceptors/authz/src:
main/java/org/apache/directory/server/core/authz/
main/java/org/apache/directory/server/core/authz/support/
test/java/org/apache/directory/server/core/authz/support/
Author: elecharny
Date: Tue Jan 24 16:37:29 2012
New Revision: 1235340
URL: http://svn.apache.org/viewvc?rev=1235340&view=rev
Log:
Formatted the code using Directory formatter
Modified:
directory/apacheds/trunk/interceptors/authz/src/main/java/org/apache/directory/server/core/authz/AciAuthorizationInterceptor.java
directory/apacheds/trunk/interceptors/authz/src/main/java/org/apache/directory/server/core/authz/GroupCache.java
directory/apacheds/trunk/interceptors/authz/src/main/java/org/apache/directory/server/core/authz/TupleCache.java
directory/apacheds/trunk/interceptors/authz/src/main/java/org/apache/directory/server/core/authz/support/ACDFEngine.java
directory/apacheds/trunk/interceptors/authz/src/main/java/org/apache/directory/server/core/authz/support/ACITupleFilter.java
directory/apacheds/trunk/interceptors/authz/src/main/java/org/apache/directory/server/core/authz/support/AciContext.java
directory/apacheds/trunk/interceptors/authz/src/main/java/org/apache/directory/server/core/authz/support/HighestPrecedenceFilter.java
directory/apacheds/trunk/interceptors/authz/src/main/java/org/apache/directory/server/core/authz/support/MaxImmSubFilter.java
directory/apacheds/trunk/interceptors/authz/src/main/java/org/apache/directory/server/core/authz/support/MaxValueCountFilter.java
directory/apacheds/trunk/interceptors/authz/src/main/java/org/apache/directory/server/core/authz/support/MicroOperationFilter.java
directory/apacheds/trunk/interceptors/authz/src/main/java/org/apache/directory/server/core/authz/support/MostSpecificProtectedItemFilter.java
directory/apacheds/trunk/interceptors/authz/src/main/java/org/apache/directory/server/core/authz/support/MostSpecificUserClassFilter.java
directory/apacheds/trunk/interceptors/authz/src/main/java/org/apache/directory/server/core/authz/support/OperationScope.java
directory/apacheds/trunk/interceptors/authz/src/main/java/org/apache/directory/server/core/authz/support/RelatedProtectedItemFilter.java
directory/apacheds/trunk/interceptors/authz/src/main/java/org/apache/directory/server/core/authz/support/RelatedUserClassFilter.java
directory/apacheds/trunk/interceptors/authz/src/main/java/org/apache/directory/server/core/authz/support/RestrictedByFilter.java
directory/apacheds/trunk/interceptors/authz/src/main/java/org/apache/directory/server/core/authz/support/package-info.java
directory/apacheds/trunk/interceptors/authz/src/test/java/org/apache/directory/server/core/authz/support/HighestPrecedenceFilterTest.java
directory/apacheds/trunk/interceptors/authz/src/test/java/org/apache/directory/server/core/authz/support/MaxValueCountFilterTest.java
directory/apacheds/trunk/interceptors/authz/src/test/java/org/apache/directory/server/core/authz/support/MicroOperationFilterTest.java
directory/apacheds/trunk/interceptors/authz/src/test/java/org/apache/directory/server/core/authz/support/MostSpecificProtectedItemFilterTest.java
directory/apacheds/trunk/interceptors/authz/src/test/java/org/apache/directory/server/core/authz/support/MostSpecificUserClassFilterTest.java
directory/apacheds/trunk/interceptors/authz/src/test/java/org/apache/directory/server/core/authz/support/RelatedProtectedItemFilterTest.java
directory/apacheds/trunk/interceptors/authz/src/test/java/org/apache/directory/server/core/authz/support/RelatedUserClassFilterTest.java
directory/apacheds/trunk/interceptors/authz/src/test/java/org/apache/directory/server/core/authz/support/RestrictedByFilterTest.java
Modified: directory/apacheds/trunk/interceptors/authz/src/main/java/org/apache/directory/server/core/authz/AciAuthorizationInterceptor.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/interceptors/authz/src/main/java/org/apache/directory/server/core/authz/AciAuthorizationInterceptor.java?rev=1235340&r1=1235339&r2=1235340&view=diff
==============================================================================
--- directory/apacheds/trunk/interceptors/authz/src/main/java/org/apache/directory/server/core/authz/AciAuthorizationInterceptor.java (original)
+++ directory/apacheds/trunk/interceptors/authz/src/main/java/org/apache/directory/server/core/authz/AciAuthorizationInterceptor.java Tue Jan 24 16:37:29 2012
@@ -169,7 +169,7 @@ public class AciAuthorizationInterceptor
/** The SubentryUtils instance */
private static SubentryUtils subentryUtils;
-
+
/**
* Create a AciAuthorizationInterceptor instance
*/
@@ -177,7 +177,7 @@ public class AciAuthorizationInterceptor
{
super( InterceptorEnum.ACI_AUTHORIZATION_INTERCEPTOR );
}
-
+
/**
* Load the Tuples into the cache
@@ -195,7 +195,8 @@ public class AciAuthorizationInterceptor
ExprNode filter =
new EqualityNode<String>( OBJECT_CLASS_AT, new StringValue( SchemaConstants.ACCESS_CONTROL_SUBENTRY_OC ) );
- CoreSession adminSession = new DefaultCoreSession( new LdapPrincipal( schemaManager, adminDn, AuthenticationLevel.STRONG ),
+ CoreSession adminSession = new DefaultCoreSession( new LdapPrincipal( schemaManager, adminDn,
+ AuthenticationLevel.STRONG ),
directoryService );
SearchOperationContext searchOperationContext = new SearchOperationContext( adminSession, Dn.ROOT_DSE, filter,
@@ -241,7 +242,8 @@ public class AciAuthorizationInterceptor
new EqualityNode<String>( OBJECT_CLASS_AT, new StringValue( SchemaConstants.GROUP_OF_NAMES_OC ) ),
new EqualityNode<String>( OBJECT_CLASS_AT, new StringValue( SchemaConstants.GROUP_OF_UNIQUE_NAMES_OC ) ) );
- CoreSession adminSession = new DefaultCoreSession( new LdapPrincipal( schemaManager, adminDn, AuthenticationLevel.STRONG ),
+ CoreSession adminSession = new DefaultCoreSession( new LdapPrincipal( schemaManager, adminDn,
+ AuthenticationLevel.STRONG ),
directoryService );
SearchOperationContext searchOperationContext = new SearchOperationContext( adminSession, Dn.ROOT_DSE, filter,
@@ -285,7 +287,8 @@ public class AciAuthorizationInterceptor
nexus = directoryService.getPartitionNexus();
Dn adminDn = directoryService.getDnFactory().create( ServerDNConstants.ADMIN_SYSTEM_DN );
- CoreSession adminSession = new DefaultCoreSession( new LdapPrincipal( schemaManager, adminDn, AuthenticationLevel.STRONG ),
+ CoreSession adminSession = new DefaultCoreSession( new LdapPrincipal( schemaManager, adminDn,
+ AuthenticationLevel.STRONG ),
directoryService );
// Create the caches
@@ -345,13 +348,14 @@ public class AciAuthorizationInterceptor
* @throws Exception if there are problems accessing attribute values
* @param proxy the partition nexus proxy object
*/
- private void addPerscriptiveAciTuples( OperationContext opContext, Collection<ACITuple> tuples, Dn dn, Entry entry ) throws LdapException
+ private void addPerscriptiveAciTuples( OperationContext opContext, Collection<ACITuple> tuples, Dn dn, Entry entry )
+ throws LdapException
{
Entry originalEntry = null;
if ( entry instanceof ClonedServerEntry )
{
- originalEntry = ((ClonedServerEntry)entry).getOriginalEntry();
+ originalEntry = ( ( ClonedServerEntry ) entry ).getOriginalEntry();
}
else
{
@@ -442,7 +446,8 @@ public class AciAuthorizationInterceptor
* @throws Exception if there are problems accessing attribute values
* @param proxy the partition nexus proxy object
*/
- private void addSubentryAciTuples( OperationContext opContext, Collection<ACITuple> tuples, Dn dn, Entry entry ) throws LdapException
+ private void addSubentryAciTuples( OperationContext opContext, Collection<ACITuple> tuples, Dn dn, Entry entry )
+ throws LdapException
{
// only perform this for subentries
if ( !entry.contains( SchemaConstants.OBJECT_CLASS_AT, SchemaConstants.SUBENTRY_OC ) )
@@ -455,9 +460,10 @@ public class AciAuthorizationInterceptor
Dn parentDn = dn.getParent();
CoreSession session = opContext.getSession();
- LookupOperationContext lookupContext = new LookupOperationContext( session, parentDn, SchemaConstants.ALL_ATTRIBUTES_ARRAY );
+ LookupOperationContext lookupContext = new LookupOperationContext( session, parentDn,
+ SchemaConstants.ALL_ATTRIBUTES_ARRAY );
- Entry administrativeEntry = (( ClonedServerEntry ) directoryService.getPartitionNexus().lookup( lookupContext ) )
+ Entry administrativeEntry = ( ( ClonedServerEntry ) directoryService.getPartitionNexus().lookup( lookupContext ) )
.getOriginalEntry();
Attribute subentryAci = administrativeEntry.get( SUBENTRY_ACI_AT );
@@ -745,7 +751,8 @@ public class AciAuthorizationInterceptor
return answer;
}
- LookupOperationContext lookupContext = new LookupOperationContext( session, dn, SchemaConstants.ALL_ATTRIBUTES_ARRAY );
+ LookupOperationContext lookupContext = new LookupOperationContext( session, dn,
+ SchemaConstants.ALL_ATTRIBUTES_ARRAY );
Entry entry = directoryService.getPartitionNexus().lookup( lookupContext );
Set<Dn> userGroups = groupCache.getGroups( principalDn.getNormName() );
@@ -762,7 +769,7 @@ public class AciAuthorizationInterceptor
aciContext.setEntryDn( dn );
aciContext.setMicroOperations( BROWSE_PERMS );
aciContext.setAciTuples( tuples );
- aciContext.setEntry( ((ClonedServerEntry)entry).getOriginalEntry() );
+ aciContext.setEntry( ( ( ClonedServerEntry ) entry ).getOriginalEntry() );
engine.checkPermission( aciContext );
@@ -851,7 +858,8 @@ public class AciAuthorizationInterceptor
* @TODO: A virtual entry can be created here for not hitting the backend again.
*/
CoreSession session = modifyContext.getSession();
- LookupOperationContext lookupContext = new LookupOperationContext( session, dn, SchemaConstants.ALL_ATTRIBUTES_ARRAY );
+ LookupOperationContext lookupContext = new LookupOperationContext( session, dn,
+ SchemaConstants.ALL_ATTRIBUTES_ARRAY );
Entry modifiedEntry = directoryService.getPartitionNexus().lookup( lookupContext );
tupleCache.subentryModified( dn, mods, modifiedEntry );
groupCache.groupModified( dn, mods, entry, schemaManager );
@@ -976,7 +984,8 @@ public class AciAuthorizationInterceptor
* @TODO: A virtual entry can be created here for not hitting the backend again.
*/
CoreSession session = modifyContext.getSession();
- LookupOperationContext lookupContext = new LookupOperationContext( session, dn, SchemaConstants.ALL_ATTRIBUTES_ARRAY );
+ LookupOperationContext lookupContext = new LookupOperationContext( session, dn,
+ SchemaConstants.ALL_ATTRIBUTES_ARRAY );
Entry modifiedEntry = directoryService.getPartitionNexus().lookup( lookupContext );
tupleCache.subentryModified( dn, mods, modifiedEntry );
@@ -1040,7 +1049,8 @@ public class AciAuthorizationInterceptor
// will not be valid at the new location.
// This will certainly be fixed by the SubentryInterceptor,
// but after this service.
- LookupOperationContext lookupContext = new LookupOperationContext( session, oriChildName, SchemaConstants.ALL_USER_ATTRIBUTES_ARRAY );
+ LookupOperationContext lookupContext = new LookupOperationContext( session, oriChildName,
+ SchemaConstants.ALL_USER_ATTRIBUTES_ARRAY );
Entry importedEntry = directoryService.getPartitionNexus().lookup( lookupContext );
// As the target entry does not exist yet and so
@@ -1114,7 +1124,7 @@ public class AciAuthorizationInterceptor
Set<Dn> userGroups = groupCache.getGroups( principalDn.getNormName() );
Collection<ACITuple> tuples = new HashSet<ACITuple>();
- addPerscriptiveAciTuples( moveAndRenameContext, tuples, oldDn,entry );
+ addPerscriptiveAciTuples( moveAndRenameContext, tuples, oldDn, entry );
addEntryAciTuples( tuples, entry );
addSubentryAciTuples( moveAndRenameContext, tuples, oldDn, entry );
@@ -1135,7 +1145,8 @@ public class AciAuthorizationInterceptor
// This will certainly be fixed by the SubentryInterceptor,
// but after this service.
- LookupOperationContext lookupContext = new LookupOperationContext( session, oldDn, SchemaConstants.ALL_USER_ATTRIBUTES_ARRAY );
+ LookupOperationContext lookupContext = new LookupOperationContext( session, oldDn,
+ SchemaConstants.ALL_USER_ATTRIBUTES_ARRAY );
Entry importedEntry = directoryService.getPartitionNexus().lookup( lookupContext );
// As the target entry does not exist yet and so
@@ -1183,7 +1194,7 @@ public class AciAuthorizationInterceptor
if ( renameContext.getEntry() != null )
{
- originalEntry = ((ClonedServerEntry)renameContext.getEntry()).getOriginalEntry();
+ originalEntry = ( ( ClonedServerEntry ) renameContext.getEntry() ).getOriginalEntry();
}
LdapPrincipal principal = renameContext.getSession().getEffectivePrincipal();
@@ -1353,8 +1364,8 @@ public class AciAuthorizationInterceptor
Set<Dn> userGroups = groupCache.getGroups( userDn.getNormName() );
Collection<ACITuple> tuples = new HashSet<ACITuple>();
addPerscriptiveAciTuples( opContext, tuples, normName, clonedEntry );
- addEntryAciTuples( tuples, ((ClonedServerEntry)clonedEntry).getOriginalEntry() );
- addSubentryAciTuples( opContext, tuples, normName, ((ClonedServerEntry)clonedEntry).getOriginalEntry() );
+ addEntryAciTuples( tuples, ( ( ClonedServerEntry ) clonedEntry ).getOriginalEntry() );
+ addSubentryAciTuples( opContext, tuples, normName, ( ( ClonedServerEntry ) clonedEntry ).getOriginalEntry() );
AciContext aciContext = new AciContext( schemaManager, opContext );
aciContext.setUserGroupNames( userGroups );
@@ -1363,7 +1374,7 @@ public class AciAuthorizationInterceptor
aciContext.setEntryDn( normName );
aciContext.setMicroOperations( SEARCH_ENTRY_PERMS );
aciContext.setAciTuples( tuples );
- aciContext.setEntry( ((ClonedServerEntry)clonedEntry).getOriginalEntry() );
+ aciContext.setEntry( ( ( ClonedServerEntry ) clonedEntry ).getOriginalEntry() );
if ( !engine.hasPermission( aciContext ) )
{
@@ -1443,7 +1454,6 @@ public class AciAuthorizationInterceptor
return true;
}
-
/**
* WARNING: create one of these filters fresh every time for each new search.
*/
Modified: directory/apacheds/trunk/interceptors/authz/src/main/java/org/apache/directory/server/core/authz/GroupCache.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/interceptors/authz/src/main/java/org/apache/directory/server/core/authz/GroupCache.java?rev=1235340&r1=1235339&r2=1235340&view=diff
==============================================================================
--- directory/apacheds/trunk/interceptors/authz/src/main/java/org/apache/directory/server/core/authz/GroupCache.java (original)
+++ directory/apacheds/trunk/interceptors/authz/src/main/java/org/apache/directory/server/core/authz/GroupCache.java Tue Jan 24 16:37:29 2012
@@ -86,7 +86,7 @@ public class GroupCache
* the schema manager
*/
private SchemaManager schemaManager;
-
+
/** the Dn factory */
private DnFactory dnFactory;
@@ -98,6 +98,7 @@ public class GroupCache
/** String key for the Dn of a group to a Set (HashSet) for the Strings of member DNs */
private Cache ehCache;
+
/**
* Creates a static group cache.
*
@@ -117,7 +118,7 @@ public class GroupCache
administratorsGroupDn = parseNormalized( ServerDNConstants.ADMINISTRATORS_GROUP_DN );
this.ehCache = dirService.getCacheService().getCache( "groupCache" );
-
+
initialize( dirService.getAdminSession() );
}
@@ -136,7 +137,7 @@ public class GroupCache
Set<String> suffixes = nexus.listSuffixes();
- for ( String suffix:suffixes )
+ for ( String suffix : suffixes )
{
// moving the filter creation to inside loop to fix DIRSERVER-1121
// didn't use clone() cause it is creating List objects, which IMO is not worth calling
@@ -150,7 +151,8 @@ public class GroupCache
Dn baseDn = dnFactory.create( suffix );
SearchControls ctls = new SearchControls();
ctls.setSearchScope( SearchControls.SUBTREE_SCOPE );
- ctls.setReturningAttributes( new String[]{ "*", "+" } );
+ ctls.setReturningAttributes( new String[]
+ { "*", "+" } );
SearchOperationContext searchOperationContext = new SearchOperationContext( session,
baseDn, filter, ctls );
@@ -164,12 +166,12 @@ public class GroupCache
Entry result = results.get();
Dn groupDn = result.getDn().apply( schemaManager );
Attribute members = getMemberAttribute( result );
-
+
if ( members != null )
{
Set<String> memberSet = new HashSet<String>( members.size() );
addMembers( memberSet, members );
-
+
Element cacheElement = new Element( groupDn.getNormName(), memberSet );
ehCache.put( cacheElement );
}
@@ -178,7 +180,7 @@ public class GroupCache
LOG.warn( "Found group '{}' without any member or uniqueMember attributes", groupDn.getName() );
}
}
-
+
results.close();
}
catch ( Exception e )
@@ -299,13 +301,14 @@ public class GroupCache
Set<String> memberSet = new HashSet<String>( members.size() );
addMembers( memberSet, members );
-
+
Element cacheElement = new Element( name.getNormName(), memberSet );
ehCache.put( cacheElement );
if ( IS_DEBUG )
{
- LOG.debug( "group cache contents after adding '{}' :\n {}", name.getName(), ehCache.getAllWithLoader( ehCache.getKeys(), null ) );
+ LOG.debug( "group cache contents after adding '{}' :\n {}", name.getName(),
+ ehCache.getAllWithLoader( ehCache.getKeys(), null ) );
}
}
@@ -330,7 +333,8 @@ public class GroupCache
if ( IS_DEBUG )
{
- LOG.debug( "group cache contents after deleting '{}' :\n {}", name.getName(), ehCache.getAllWithLoader( ehCache.getKeys(), null ) );
+ LOG.debug( "group cache contents after deleting '{}' :\n {}", name.getName(),
+ ehCache.getAllWithLoader( ehCache.getKeys(), null ) );
}
}
@@ -411,7 +415,7 @@ public class GroupCache
if ( memberAttr.getOid() == modification.getAttribute().getId() )
{
Element memSetElement = ehCache.get( name.getNormName() );
-
+
if ( memSetElement != null )
{
Set<String> memberSet = ( Set<String> ) memSetElement.getValue();
@@ -424,7 +428,8 @@ public class GroupCache
if ( IS_DEBUG )
{
- LOG.debug( "group cache contents after modifying '{}' :\n {}", name.getName(), ehCache.getAllWithLoader( ehCache.getKeys(), null ) );
+ LOG.debug( "group cache contents after modifying '{}' :\n {}", name.getName(),
+ ehCache.getAllWithLoader( ehCache.getKeys(), null ) );
}
}
@@ -457,7 +462,8 @@ public class GroupCache
if ( IS_DEBUG )
{
- LOG.debug( "group cache contents after modifying '{}' :\n {}", name.getName(), ehCache.getAllWithLoader( ehCache.getKeys(), null ) );
+ LOG.debug( "group cache contents after modifying '{}' :\n {}", name.getName(),
+ ehCache.getAllWithLoader( ehCache.getKeys(), null ) );
}
}
@@ -477,7 +483,7 @@ public class GroupCache
}
Element cacheElement = ehCache.get( administratorsGroupDn.getNormName() );
-
+
if ( cacheElement == null )
{
LOG.warn( "What do you mean there is no administrators group? This is bad news." );
@@ -485,7 +491,7 @@ public class GroupCache
}
else
{
- Set<String> members = ( Set<String> ) cacheElement.getValue();
+ Set<String> members = ( Set<String> ) cacheElement.getValue();
return members.contains( principalDn.getNormName() );
}
}
@@ -522,12 +528,12 @@ public class GroupCache
{
String group = ( String ) obj;
Element element = ehCache.get( group );
-
+
if ( element == null )
{
continue;
}
-
+
Set<String> members = ( Set<String> ) element.getValue();
if ( members == null )
@@ -558,19 +564,20 @@ public class GroupCache
public boolean groupRenamed( Dn oldName, Dn newName )
{
Element membersElement = ehCache.get( oldName.getNormName() );
-
+
if ( membersElement != null )
{
Set<String> members = ( Set<String> ) membersElement.getValue();
-
+
ehCache.remove( oldName.getNormName() );
-
+
Element cacheElement = new Element( newName.getNormName(), members );
ehCache.put( cacheElement );
if ( IS_DEBUG )
{
- LOG.debug( "group cache contents after renaming '{}' :\n{}", oldName.getName(), ehCache.getAllWithLoader( ehCache.getKeys(), null ) );
+ LOG.debug( "group cache contents after renaming '{}' :\n{}", oldName.getName(),
+ ehCache.getAllWithLoader( ehCache.getKeys(), null ) );
}
return true;
Modified: directory/apacheds/trunk/interceptors/authz/src/main/java/org/apache/directory/server/core/authz/TupleCache.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/interceptors/authz/src/main/java/org/apache/directory/server/core/authz/TupleCache.java?rev=1235340&r1=1235339&r2=1235340&view=diff
==============================================================================
--- directory/apacheds/trunk/interceptors/authz/src/main/java/org/apache/directory/server/core/authz/TupleCache.java (original)
+++ directory/apacheds/trunk/interceptors/authz/src/main/java/org/apache/directory/server/core/authz/TupleCache.java Tue Jan 24 16:37:29 2012
@@ -125,14 +125,15 @@ public class TupleCache
// add that subentry to the hash
Set<String> suffixes = nexus.listSuffixes();
- for ( String suffix:suffixes )
+ for ( String suffix : suffixes )
{
Dn baseDn = parseNormalized( suffix );
ExprNode filter = new EqualityNode<String>( OBJECT_CLASS_AT,
new StringValue( SchemaConstants.ACCESS_CONTROL_SUBENTRY_OC ) );
SearchControls ctls = new SearchControls();
ctls.setSearchScope( SearchControls.SUBTREE_SCOPE );
- ctls.setReturningAttributes( new String[]{ "*", "+" } );
+ ctls.setReturningAttributes( new String[]
+ { "*", "+" } );
SearchOperationContext searchOperationContext = new SearchOperationContext( session,
baseDn, filter, ctls );
@@ -282,12 +283,12 @@ public class TupleCache
public List<ACITuple> getACITuples( String subentryDn )
{
List<ACITuple> aciTuples = tuples.get( subentryDn );
-
+
if ( aciTuples == null )
{
return Collections.EMPTY_LIST;
}
-
+
return Collections.unmodifiableList( aciTuples );
}
Modified: directory/apacheds/trunk/interceptors/authz/src/main/java/org/apache/directory/server/core/authz/support/ACDFEngine.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/interceptors/authz/src/main/java/org/apache/directory/server/core/authz/support/ACDFEngine.java?rev=1235340&r1=1235339&r2=1235340&view=diff
==============================================================================
--- directory/apacheds/trunk/interceptors/authz/src/main/java/org/apache/directory/server/core/authz/support/ACDFEngine.java (original)
+++ directory/apacheds/trunk/interceptors/authz/src/main/java/org/apache/directory/server/core/authz/support/ACDFEngine.java Tue Jan 24 16:37:29 2012
@@ -80,16 +80,17 @@ public class ACDFEngine
SubtreeEvaluator subtreeEvaluator = new SubtreeEvaluator( schemaManager );
RefinementEvaluator refinementEvaluator = new RefinementEvaluator( new RefinementLeafEvaluator( schemaManager ) );
- filters = new ACITupleFilter[] {
- new RelatedUserClassFilter( subtreeEvaluator ),
- new RelatedProtectedItemFilter( refinementEvaluator, entryEvaluator, schemaManager ),
- new MaxValueCountFilter(),
- new MaxImmSubFilter( schemaManager ),
- new RestrictedByFilter(),
- new MicroOperationFilter(),
- new HighestPrecedenceFilter(),
- new MostSpecificUserClassFilter(),
- new MostSpecificProtectedItemFilter() };
+ filters = new ACITupleFilter[]
+ {
+ new RelatedUserClassFilter( subtreeEvaluator ),
+ new RelatedProtectedItemFilter( refinementEvaluator, entryEvaluator, schemaManager ),
+ new MaxValueCountFilter(),
+ new MaxImmSubFilter( schemaManager ),
+ new RestrictedByFilter(),
+ new MicroOperationFilter(),
+ new HighestPrecedenceFilter(),
+ new MostSpecificUserClassFilter(),
+ new MostSpecificProtectedItemFilter() };
}
@@ -101,7 +102,7 @@ public class ACDFEngine
* @param aciContext the container for ACI items
* @throws LdapException if failed to evaluate ACI items
*/
- public void checkPermission( AciContext aciContext )throws LdapException
+ public void checkPermission( AciContext aciContext ) throws LdapException
{
if ( !hasPermission( aciContext ) )
{
@@ -109,6 +110,7 @@ public class ACDFEngine
}
}
+
/**
* Returns <tt>true</tt> if the user with the specified name can access the specified resource
* (entry, attribute type, or attribute value) and throws {@link org.apache.directory.shared.ldap.model.exception.LdapNoPermissionException}
@@ -125,7 +127,8 @@ public class ACDFEngine
}
CoreSession session = aciContext.getOperationContext().getSession();
- LookupOperationContext lookupContext = new LookupOperationContext( session, aciContext.getUserDn(), SchemaConstants.ALL_ATTRIBUTES_ARRAY );
+ LookupOperationContext lookupContext = new LookupOperationContext( session, aciContext.getUserDn(),
+ SchemaConstants.ALL_ATTRIBUTES_ARRAY );
Entry userEntry = session.getDirectoryService().getPartitionNexus().lookup( lookupContext );
// Determine the scope of the requested operation.
Modified: directory/apacheds/trunk/interceptors/authz/src/main/java/org/apache/directory/server/core/authz/support/ACITupleFilter.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/interceptors/authz/src/main/java/org/apache/directory/server/core/authz/support/ACITupleFilter.java?rev=1235340&r1=1235339&r2=1235340&view=diff
==============================================================================
--- directory/apacheds/trunk/interceptors/authz/src/main/java/org/apache/directory/server/core/authz/support/ACITupleFilter.java (original)
+++ directory/apacheds/trunk/interceptors/authz/src/main/java/org/apache/directory/server/core/authz/support/ACITupleFilter.java Tue Jan 24 16:37:29 2012
@@ -42,6 +42,7 @@ public interface ACITupleFilter
/** the dedicated logger for ACI */
static final Logger ACI_LOG = LoggerFactory.getLogger( Loggers.ACI_LOG.getName() );
+
/**
* Returns the collection of the filtered tuples using the specified
* extra information.
Modified: directory/apacheds/trunk/interceptors/authz/src/main/java/org/apache/directory/server/core/authz/support/AciContext.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/interceptors/authz/src/main/java/org/apache/directory/server/core/authz/support/AciContext.java?rev=1235340&r1=1235339&r2=1235340&view=diff
==============================================================================
--- directory/apacheds/trunk/interceptors/authz/src/main/java/org/apache/directory/server/core/authz/support/AciContext.java (original)
+++ directory/apacheds/trunk/interceptors/authz/src/main/java/org/apache/directory/server/core/authz/support/AciContext.java Tue Jan 24 16:37:29 2012
@@ -19,6 +19,7 @@
*/
package org.apache.directory.server.core.authz.support;
+
import java.util.Collection;
import org.apache.directory.server.core.api.interceptor.context.OperationContext;
@@ -31,6 +32,7 @@ import org.apache.directory.shared.ldap.
import org.apache.directory.shared.ldap.model.schema.AttributeType;
import org.apache.directory.shared.ldap.model.schema.SchemaManager;
+
/**
* A container used to pass parameters to the ACDF engine
*
@@ -41,40 +43,41 @@ public class AciContext
{
/** The schema manager */
private SchemaManager schemaManager;
-
+
/** The operation context */
private OperationContext operationContext;
-
+
/** The Users belonging to a group */
private Collection<Dn> userGroupNames;
/** The user's Dn */
private Dn userDn;
-
+
/** The requested Authentication level (default to NONE) */
private AuthenticationLevel authenticationLevel = AuthenticationLevel.NONE;
-
+
/** the entry's Dn */
private Dn entryDn;
-
+
/** The AttributeType */
private AttributeType attributeType;
-
+
/** The attribute's values */
private Value<?> attrValue;
-
+
/** The allowed operations */
private Collection<MicroOperation> microOperations;
-
+
/** The resulting tuples */
private Collection<ACITuple> aciTuples;
-
+
/** The entry */
private Entry entry;
-
+
/** ??? */
private Entry entryView;
-
+
+
/**
* Creates a new instance of AciContext.
*
@@ -86,8 +89,8 @@ public class AciContext
this.schemaManager = schemaManager;
this.operationContext = operationContext;
}
-
-
+
+
/**
* @return the schemaManager
*/
@@ -96,6 +99,7 @@ public class AciContext
return schemaManager;
}
+
/**
* @param schemaManager the schemaManager to set
*/
@@ -104,6 +108,7 @@ public class AciContext
this.schemaManager = schemaManager;
}
+
/**
* @return the operationContext
*/
@@ -112,6 +117,7 @@ public class AciContext
return operationContext;
}
+
/**
* @param operationContext the operationContext to set
*/
@@ -120,6 +126,7 @@ public class AciContext
this.operationContext = operationContext;
}
+
/**
* @return the userGroupNames
*/
@@ -128,6 +135,7 @@ public class AciContext
return userGroupNames;
}
+
/**
* @param userGroupNames the userGroupNames to set
*/
@@ -136,6 +144,7 @@ public class AciContext
this.userGroupNames = userGroupNames;
}
+
/**
* @return the user Dn
*/
@@ -144,6 +153,7 @@ public class AciContext
return userDn;
}
+
/**
* @param userDn the user Dn to set
*/
@@ -152,6 +162,7 @@ public class AciContext
this.userDn = userDn;
}
+
/**
* @return the authenticationLevel
*/
@@ -160,6 +171,7 @@ public class AciContext
return authenticationLevel;
}
+
/**
* @param authenticationLevel the authenticationLevel to set
*/
@@ -168,6 +180,7 @@ public class AciContext
this.authenticationLevel = authenticationLevel;
}
+
/**
* @return the entry Dn
*/
@@ -176,6 +189,7 @@ public class AciContext
return entryDn;
}
+
/**
* @param entryDn the entry Dn to set
*/
@@ -184,6 +198,7 @@ public class AciContext
this.entryDn = entryDn;
}
+
/**
* @return the attributeType
*/
@@ -192,6 +207,7 @@ public class AciContext
return attributeType;
}
+
/**
* @param attributeType the attributeType to set
*/
@@ -200,6 +216,7 @@ public class AciContext
this.attributeType = attributeType;
}
+
/**
* @return the attrValue
*/
@@ -208,6 +225,7 @@ public class AciContext
return attrValue;
}
+
/**
* @param attrValue the attrValue to set
*/
@@ -216,6 +234,7 @@ public class AciContext
this.attrValue = attrValue;
}
+
/**
* @return the microOperations
*/
@@ -224,6 +243,7 @@ public class AciContext
return microOperations;
}
+
/**
* @param microOperations the microOperations to set
*/
@@ -232,6 +252,7 @@ public class AciContext
this.microOperations = microOperations;
}
+
/**
* @return the aciTuples
*/
@@ -240,6 +261,7 @@ public class AciContext
return aciTuples;
}
+
/**
* @param aciTuples the aciTuples to set
*/
@@ -248,6 +270,7 @@ public class AciContext
this.aciTuples = aciTuples;
}
+
/**
* @return the entry
*/
@@ -256,6 +279,7 @@ public class AciContext
return entry;
}
+
/**
* @param entry the entry to set
*/
@@ -264,6 +288,7 @@ public class AciContext
this.entry = entry;
}
+
/**
* @return the entryView
*/
@@ -272,6 +297,7 @@ public class AciContext
return entryView;
}
+
/**
* @param entryView the entryView to set
*/
Modified: directory/apacheds/trunk/interceptors/authz/src/main/java/org/apache/directory/server/core/authz/support/HighestPrecedenceFilter.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/interceptors/authz/src/main/java/org/apache/directory/server/core/authz/support/HighestPrecedenceFilter.java?rev=1235340&r1=1235339&r2=1235340&view=diff
==============================================================================
--- directory/apacheds/trunk/interceptors/authz/src/main/java/org/apache/directory/server/core/authz/support/HighestPrecedenceFilter.java (original)
+++ directory/apacheds/trunk/interceptors/authz/src/main/java/org/apache/directory/server/core/authz/support/HighestPrecedenceFilter.java Tue Jan 24 16:37:29 2012
@@ -40,7 +40,7 @@ public class HighestPrecedenceFilter imp
throws LdapException
{
ACI_LOG.debug( "Filtering HighestPrecedence..." );
-
+
if ( aciContext.getAciTuples().size() <= 1 )
{
ACI_LOG.debug( "HighestPrecedence : nothing to do" );
@@ -50,7 +50,7 @@ public class HighestPrecedenceFilter imp
int maxPrecedence = -1;
// Find the maximum precedence for all tuples.
- for ( ACITuple tuple:aciContext.getAciTuples() )
+ for ( ACITuple tuple : aciContext.getAciTuples() )
{
if ( ( tuple.getPrecedence() != null ) && ( tuple.getPrecedence() > maxPrecedence ) )
{
@@ -62,7 +62,7 @@ public class HighestPrecedenceFilter imp
for ( Iterator<ACITuple> i = aciContext.getAciTuples().iterator(); i.hasNext(); )
{
ACITuple tuple = i.next();
-
+
if ( ( tuple.getPrecedence() != null ) && ( tuple.getPrecedence() != maxPrecedence ) )
{
i.remove();
Modified: directory/apacheds/trunk/interceptors/authz/src/main/java/org/apache/directory/server/core/authz/support/MaxImmSubFilter.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/interceptors/authz/src/main/java/org/apache/directory/server/core/authz/support/MaxImmSubFilter.java?rev=1235340&r1=1235339&r2=1235340&view=diff
==============================================================================
--- directory/apacheds/trunk/interceptors/authz/src/main/java/org/apache/directory/server/core/authz/support/MaxImmSubFilter.java (original)
+++ directory/apacheds/trunk/interceptors/authz/src/main/java/org/apache/directory/server/core/authz/support/MaxImmSubFilter.java Tue Jan 24 16:37:29 2012
@@ -46,7 +46,6 @@ import org.apache.directory.shared.ldap.
import org.apache.directory.shared.ldap.model.schema.SchemaManager;
-
/**
* An {@link ACITupleFilter} that discards all tuples that doesn't satisfy
* {@link org.apache.directory.shared.ldap.aci.protectedItem.MaxImmSubItem} constraint if available. (18.8.3.3, X.501)
@@ -140,7 +139,8 @@ public class MaxImmSubFilter implements
try
{
- Dn baseDn = new Dn( opContext.getSession().getDirectoryService().getSchemaManager(), entryName.getRdn( entryName.size() - 1 ) );
+ Dn baseDn = new Dn( opContext.getSession().getDirectoryService().getSchemaManager(),
+ entryName.getRdn( entryName.size() - 1 ) );
SearchOperationContext searchContext = new SearchOperationContext( opContext.getSession(),
baseDn, childrenFilter, childrenSearchControls );
searchContext.setAliasDerefMode( AliasDerefMode.DEREF_ALWAYS );
Modified: directory/apacheds/trunk/interceptors/authz/src/main/java/org/apache/directory/server/core/authz/support/MaxValueCountFilter.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/interceptors/authz/src/main/java/org/apache/directory/server/core/authz/support/MaxValueCountFilter.java?rev=1235340&r1=1235339&r2=1235340&view=diff
==============================================================================
--- directory/apacheds/trunk/interceptors/authz/src/main/java/org/apache/directory/server/core/authz/support/MaxValueCountFilter.java (original)
+++ directory/apacheds/trunk/interceptors/authz/src/main/java/org/apache/directory/server/core/authz/support/MaxValueCountFilter.java Tue Jan 24 16:37:29 2012
@@ -41,7 +41,8 @@ import org.apache.directory.shared.ldap.
*/
public class MaxValueCountFilter implements ACITupleFilter
{
- public Collection<ACITuple> filter( AciContext aciContext, OperationScope scope, Entry userEntry ) throws LdapException
+ public Collection<ACITuple> filter( AciContext aciContext, OperationScope scope, Entry userEntry )
+ throws LdapException
{
if ( scope != OperationScope.ATTRIBUTE_TYPE_AND_VALUE )
{
@@ -56,7 +57,7 @@ public class MaxValueCountFilter impleme
for ( Iterator<ACITuple> i = aciContext.getAciTuples().iterator(); i.hasNext(); )
{
ACITuple tuple = i.next();
-
+
if ( !tuple.isGrant() )
{
continue;
@@ -65,11 +66,11 @@ public class MaxValueCountFilter impleme
for ( Iterator<ProtectedItem> j = tuple.getProtectedItems().iterator(); j.hasNext(); )
{
ProtectedItem item = j.next();
-
+
if ( item instanceof MaxValueCountItem )
{
MaxValueCountItem mvc = ( MaxValueCountItem ) item;
-
+
if ( isRemovable( mvc, aciContext.getAttributeType(), aciContext.getEntryView() ) )
{
i.remove();
@@ -83,17 +84,18 @@ public class MaxValueCountFilter impleme
}
- private boolean isRemovable( MaxValueCountItem mvc, AttributeType attributeType, Entry entryView ) throws LdapException
+ private boolean isRemovable( MaxValueCountItem mvc, AttributeType attributeType, Entry entryView )
+ throws LdapException
{
for ( Iterator<MaxValueCountElem> k = mvc.iterator(); k.hasNext(); )
{
MaxValueCountElem mvcItem = k.next();
-
+
if ( attributeType.equals( mvcItem.getAttributeType() ) )
{
Attribute attr = entryView.get( attributeType );
int attrCount = attr == null ? 0 : attr.size();
-
+
if ( attrCount > mvcItem.getMaxCount() )
{
return true;
Modified: directory/apacheds/trunk/interceptors/authz/src/main/java/org/apache/directory/server/core/authz/support/MicroOperationFilter.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/interceptors/authz/src/main/java/org/apache/directory/server/core/authz/support/MicroOperationFilter.java?rev=1235340&r1=1235339&r2=1235340&view=diff
==============================================================================
--- directory/apacheds/trunk/interceptors/authz/src/main/java/org/apache/directory/server/core/authz/support/MicroOperationFilter.java (original)
+++ directory/apacheds/trunk/interceptors/authz/src/main/java/org/apache/directory/server/core/authz/support/MicroOperationFilter.java Tue Jan 24 16:37:29 2012
@@ -38,7 +38,8 @@ import org.apache.directory.shared.ldap.
*/
public class MicroOperationFilter implements ACITupleFilter
{
- public Collection<ACITuple> filter( AciContext aciContext, OperationScope scope, Entry userEntry ) throws LdapException
+ public Collection<ACITuple> filter( AciContext aciContext, OperationScope scope, Entry userEntry )
+ throws LdapException
{
if ( aciContext.getAciTuples().size() == 0 )
{
@@ -56,8 +57,8 @@ public class MicroOperationFilter implem
*/
boolean retain = true;
-
- for ( MicroOperation microOp:aciContext.getMicroOperations() )
+
+ for ( MicroOperation microOp : aciContext.getMicroOperations() )
{
if ( !tuple.getMicroOperations().contains( microOp ) )
{
Modified: directory/apacheds/trunk/interceptors/authz/src/main/java/org/apache/directory/server/core/authz/support/MostSpecificProtectedItemFilter.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/interceptors/authz/src/main/java/org/apache/directory/server/core/authz/support/MostSpecificProtectedItemFilter.java?rev=1235340&r1=1235339&r2=1235340&view=diff
==============================================================================
--- directory/apacheds/trunk/interceptors/authz/src/main/java/org/apache/directory/server/core/authz/support/MostSpecificProtectedItemFilter.java (original)
+++ directory/apacheds/trunk/interceptors/authz/src/main/java/org/apache/directory/server/core/authz/support/MostSpecificProtectedItemFilter.java Tue Jan 24 16:37:29 2012
@@ -50,7 +50,8 @@ import org.apache.directory.shared.ldap.
*/
public class MostSpecificProtectedItemFilter implements ACITupleFilter
{
- public Collection<ACITuple> filter( AciContext aciContext, OperationScope scope, Entry userEntry ) throws LdapException
+ public Collection<ACITuple> filter( AciContext aciContext, OperationScope scope, Entry userEntry )
+ throws LdapException
{
if ( aciContext.getAciTuples().size() <= 1 )
{
@@ -61,9 +62,9 @@ public class MostSpecificProtectedItemFi
// If the protected item is an attribute and there are tuples that
// specify the attribute type explicitly, discard all other tuples.
- for ( ACITuple tuple:aciContext.getAciTuples() )
+ for ( ACITuple tuple : aciContext.getAciTuples() )
{
- for ( ProtectedItem item:tuple.getProtectedItems() )
+ for ( ProtectedItem item : tuple.getProtectedItems() )
{
if ( item instanceof AttributeTypeItem || item instanceof AllAttributeValuesItem
|| item instanceof SelfValueItem || item instanceof AttributeValueItem )
@@ -83,11 +84,11 @@ public class MostSpecificProtectedItemFi
// that specify the attribute value explicitly, discard all other tuples.
// A protected item which is a rangeOfValues is to be treated as
// specifying an attribute value explicitly.
- for ( ACITuple tuple:aciContext.getAciTuples() )
+ for ( ACITuple tuple : aciContext.getAciTuples() )
{
- for ( ProtectedItem item:tuple.getProtectedItems() )
+ for ( ProtectedItem item : tuple.getProtectedItems() )
{
- if ( item instanceof RangeOfValuesItem)
+ if ( item instanceof RangeOfValuesItem )
{
filteredTuples.add( tuple );
}
Modified: directory/apacheds/trunk/interceptors/authz/src/main/java/org/apache/directory/server/core/authz/support/MostSpecificUserClassFilter.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/interceptors/authz/src/main/java/org/apache/directory/server/core/authz/support/MostSpecificUserClassFilter.java?rev=1235340&r1=1235339&r2=1235340&view=diff
==============================================================================
--- directory/apacheds/trunk/interceptors/authz/src/main/java/org/apache/directory/server/core/authz/support/MostSpecificUserClassFilter.java (original)
+++ directory/apacheds/trunk/interceptors/authz/src/main/java/org/apache/directory/server/core/authz/support/MostSpecificUserClassFilter.java Tue Jan 24 16:37:29 2012
@@ -43,7 +43,8 @@ import org.apache.directory.shared.ldap.
*/
public class MostSpecificUserClassFilter implements ACITupleFilter
{
- public Collection<ACITuple> filter( AciContext aciContext, OperationScope scope, Entry userEntry ) throws LdapException
+ public Collection<ACITuple> filter( AciContext aciContext, OperationScope scope, Entry userEntry )
+ throws LdapException
{
if ( aciContext.getAciTuples().size() <= 1 )
{
@@ -54,9 +55,9 @@ public class MostSpecificUserClassFilter
// If there are any tuples matching the requestor with UserClasses
// element name or thisEntry, discard all other tuples.
- for ( ACITuple tuple:aciContext.getAciTuples() )
+ for ( ACITuple tuple : aciContext.getAciTuples() )
{
- for ( UserClass userClass:tuple.getUserClasses() )
+ for ( UserClass userClass : tuple.getUserClasses() )
{
if ( userClass instanceof UserClass.Name || userClass instanceof UserClass.ThisEntry )
{
@@ -73,9 +74,9 @@ public class MostSpecificUserClassFilter
// Otherwise if there are any tuples matching UserGroup,
// discard all other tuples.
- for ( ACITuple tuple:aciContext.getAciTuples() )
+ for ( ACITuple tuple : aciContext.getAciTuples() )
{
- for ( UserClass userClass:tuple.getUserClasses() )
+ for ( UserClass userClass : tuple.getUserClasses() )
{
if ( userClass instanceof UserClass.UserGroup )
{
@@ -92,9 +93,9 @@ public class MostSpecificUserClassFilter
// Otherwise if there are any tuples matching subtree,
// discard all other tuples.
- for ( ACITuple tuple:aciContext.getAciTuples() )
+ for ( ACITuple tuple : aciContext.getAciTuples() )
{
- for ( UserClass userClass:tuple.getUserClasses() )
+ for ( UserClass userClass : tuple.getUserClasses() )
{
if ( userClass instanceof UserClass.Subtree )
{
Modified: directory/apacheds/trunk/interceptors/authz/src/main/java/org/apache/directory/server/core/authz/support/OperationScope.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/interceptors/authz/src/main/java/org/apache/directory/server/core/authz/support/OperationScope.java?rev=1235340&r1=1235339&r2=1235340&view=diff
==============================================================================
--- directory/apacheds/trunk/interceptors/authz/src/main/java/org/apache/directory/server/core/authz/support/OperationScope.java (original)
+++ directory/apacheds/trunk/interceptors/authz/src/main/java/org/apache/directory/server/core/authz/support/OperationScope.java Tue Jan 24 16:37:29 2012
@@ -45,7 +45,7 @@ public class OperationScope
private final String name;
- private OperationScope(String name)
+ private OperationScope( String name )
{
this.name = name;
}
Modified: directory/apacheds/trunk/interceptors/authz/src/main/java/org/apache/directory/server/core/authz/support/RelatedProtectedItemFilter.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/interceptors/authz/src/main/java/org/apache/directory/server/core/authz/support/RelatedProtectedItemFilter.java?rev=1235340&r1=1235339&r2=1235340&view=diff
==============================================================================
--- directory/apacheds/trunk/interceptors/authz/src/main/java/org/apache/directory/server/core/authz/support/RelatedProtectedItemFilter.java (original)
+++ directory/apacheds/trunk/interceptors/authz/src/main/java/org/apache/directory/server/core/authz/support/RelatedProtectedItemFilter.java Tue Jan 24 16:37:29 2012
@@ -62,7 +62,8 @@ public class RelatedProtectedItemFilter
private final SchemaManager schemaManager;
- public RelatedProtectedItemFilter( RefinementEvaluator refinementEvaluator, Evaluator entryEvaluator, SchemaManager schemaManager )
+ public RelatedProtectedItemFilter( RefinementEvaluator refinementEvaluator, Evaluator entryEvaluator,
+ SchemaManager schemaManager )
{
this.refinementEvaluator = refinementEvaluator;
this.entryEvaluator = entryEvaluator;
@@ -70,7 +71,8 @@ public class RelatedProtectedItemFilter
}
- public Collection<ACITuple> filter( AciContext aciContext, OperationScope scope, Entry userEntry ) throws LdapException
+ public Collection<ACITuple> filter( AciContext aciContext, OperationScope scope, Entry userEntry )
+ throws LdapException
{
if ( aciContext.getAciTuples().size() == 0 )
{
@@ -80,8 +82,9 @@ public class RelatedProtectedItemFilter
for ( Iterator<ACITuple> i = aciContext.getAciTuples().iterator(); i.hasNext(); )
{
ACITuple tuple = i.next();
-
- if ( !isRelated( tuple, scope, aciContext.getUserDn(), aciContext.getEntryDn(), aciContext.getAttributeType(), aciContext.getAttrValue(), aciContext.getEntry() ) )
+
+ if ( !isRelated( tuple, scope, aciContext.getUserDn(), aciContext.getEntryDn(),
+ aciContext.getAttributeType(), aciContext.getAttrValue(), aciContext.getEntry() ) )
{
i.remove();
}
@@ -91,16 +94,17 @@ public class RelatedProtectedItemFilter
}
- private boolean isRelated( ACITuple tuple, OperationScope scope, Dn userName, Dn entryName, AttributeType attributeType,
- Value<?> attrValue, Entry entry ) throws LdapException, InternalError
+ private boolean isRelated( ACITuple tuple, OperationScope scope, Dn userName, Dn entryName,
+ AttributeType attributeType,
+ Value<?> attrValue, Entry entry ) throws LdapException, InternalError
{
String oid = null;
-
+
if ( attributeType != null )
{
oid = attributeType.getOid();
}
-
+
for ( ProtectedItem item : tuple.getProtectedItems() )
{
if ( item == ProtectedItem.ENTRY )
@@ -109,7 +113,7 @@ public class RelatedProtectedItemFilter
{
continue;
}
-
+
return true;
}
else if ( item == ProtectedItem.ALL_USER_ATTRIBUTE_TYPES )
@@ -142,7 +146,7 @@ public class RelatedProtectedItemFilter
for ( Iterator<AttributeType> iterator = aav.iterator(); iterator.hasNext(); )
{
AttributeType attr = iterator.next();
-
+
if ( oid.equals( attr.getOid() ) )
{
return true;
@@ -157,11 +161,11 @@ public class RelatedProtectedItemFilter
}
AttributeTypeItem at = ( AttributeTypeItem ) item;
-
+
for ( Iterator<AttributeType> iterator = at.iterator(); iterator.hasNext(); )
{
AttributeType attr = iterator.next();
-
+
if ( oid.equals( attr.getOid() ) )
{
return true;
@@ -176,14 +180,14 @@ public class RelatedProtectedItemFilter
}
AttributeValueItem av = ( AttributeValueItem ) item;
-
+
for ( Iterator<Attribute> j = av.iterator(); j.hasNext(); )
{
Attribute entryAttribute = j.next();
-
- AttributeType attr = entryAttribute.getAttributeType();
+
+ AttributeType attr = entryAttribute.getAttributeType();
String attrOid = null;
-
+
if ( attr != null )
{
attrOid = entryAttribute.getAttributeType().getOid();
@@ -194,7 +198,7 @@ public class RelatedProtectedItemFilter
attrOid = attr.getOid();
entryAttribute.apply( attr );
}
-
+
if ( oid.equals( attrOid ) && entryAttribute.contains( attrValue ) )
{
return true;
@@ -203,9 +207,10 @@ public class RelatedProtectedItemFilter
}
else if ( item instanceof ClassesItem )
{
- ClassesItem refinement = (ClassesItem ) item;
-
- if ( refinementEvaluator.evaluate( refinement.getClasses(), entry.get( SchemaConstants.OBJECT_CLASS_AT ) ) )
+ ClassesItem refinement = ( ClassesItem ) item;
+
+ if ( refinementEvaluator
+ .evaluate( refinement.getClasses(), entry.get( SchemaConstants.OBJECT_CLASS_AT ) ) )
{
return true;
}
@@ -222,11 +227,11 @@ public class RelatedProtectedItemFilter
}
MaxValueCountItem mvc = ( MaxValueCountItem ) item;
-
+
for ( Iterator<MaxValueCountElem> j = mvc.iterator(); j.hasNext(); )
{
MaxValueCountElem mvcItem = j.next();
-
+
if ( oid.equals( mvcItem.getAttributeType().getOid() ) )
{
return true;
@@ -236,7 +241,7 @@ public class RelatedProtectedItemFilter
else if ( item instanceof RangeOfValuesItem )
{
RangeOfValuesItem rov = ( RangeOfValuesItem ) item;
-
+
if ( entryEvaluator.evaluate( rov.getRefinement(), entryName, entry ) )
{
return true;
@@ -250,11 +255,11 @@ public class RelatedProtectedItemFilter
}
RestrictedByItem rb = ( RestrictedByItem ) item;
-
+
for ( Iterator<RestrictedByElem> j = rb.iterator(); j.hasNext(); )
{
RestrictedByElem rbItem = j.next();
-
+
if ( oid.equals( rbItem.getAttributeType().getOid() ) )
{
return true;
@@ -269,18 +274,18 @@ public class RelatedProtectedItemFilter
}
SelfValueItem sv = ( SelfValueItem ) item;
-
+
for ( Iterator<AttributeType> iterator = sv.iterator(); iterator.hasNext(); )
{
AttributeType attr = iterator.next();
-
+
if ( oid.equals( attr.getOid() ) )
{
Attribute entryAttribute = entry.get( oid );
-
- if ( ( entryAttribute != null ) &&
- ( ( entryAttribute.contains( userName.getNormName() ) ||
- ( entryAttribute.contains( userName.getName() ) ) ) ) )
+
+ if ( ( entryAttribute != null ) &&
+ ( ( entryAttribute.contains( userName.getNormName() ) ||
+ ( entryAttribute.contains( userName.getName() ) ) ) ) )
{
return true;
}
Modified: directory/apacheds/trunk/interceptors/authz/src/main/java/org/apache/directory/server/core/authz/support/RelatedUserClassFilter.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/interceptors/authz/src/main/java/org/apache/directory/server/core/authz/support/RelatedUserClassFilter.java?rev=1235340&r1=1235339&r2=1235340&view=diff
==============================================================================
--- directory/apacheds/trunk/interceptors/authz/src/main/java/org/apache/directory/server/core/authz/support/RelatedUserClassFilter.java (original)
+++ directory/apacheds/trunk/interceptors/authz/src/main/java/org/apache/directory/server/core/authz/support/RelatedUserClassFilter.java Tue Jan 24 16:37:29 2012
@@ -45,13 +45,14 @@ public class RelatedUserClassFilter impl
private final SubtreeEvaluator subtreeEvaluator;
- public RelatedUserClassFilter(SubtreeEvaluator subtreeEvaluator)
+ public RelatedUserClassFilter( SubtreeEvaluator subtreeEvaluator )
{
this.subtreeEvaluator = subtreeEvaluator;
}
- public Collection<ACITuple> filter( AciContext aciContext, OperationScope scope, Entry userEntry ) throws LdapException
+ public Collection<ACITuple> filter( AciContext aciContext, OperationScope scope, Entry userEntry )
+ throws LdapException
{
if ( aciContext.getAciTuples().size() == 0 )
{
@@ -61,14 +62,14 @@ public class RelatedUserClassFilter impl
for ( Iterator<ACITuple> ii = aciContext.getAciTuples().iterator(); ii.hasNext(); )
{
ACITuple tuple = ii.next();
-
+
if ( tuple.isGrant() )
{
- if ( !isRelated( aciContext.getUserGroupNames(),
- aciContext.getUserDn(),
- userEntry,
- aciContext.getEntryDn(),
- tuple.getUserClasses() )
+ if ( !isRelated( aciContext.getUserGroupNames(),
+ aciContext.getUserDn(),
+ userEntry,
+ aciContext.getEntryDn(),
+ tuple.getUserClasses() )
|| aciContext.getAuthenticationLevel().compareTo( tuple.getAuthenticationLevel() ) < 0 )
{
ii.remove();
@@ -77,11 +78,11 @@ public class RelatedUserClassFilter impl
else
// Denials
{
- if ( !isRelated( aciContext.getUserGroupNames(),
- aciContext.getUserDn(),
- userEntry,
- aciContext.getEntryDn(),
- tuple.getUserClasses() )
+ if ( !isRelated( aciContext.getUserGroupNames(),
+ aciContext.getUserDn(),
+ userEntry,
+ aciContext.getEntryDn(),
+ tuple.getUserClasses() )
&& aciContext.getAuthenticationLevel().compareTo( tuple.getAuthenticationLevel() ) >= 0 )
{
ii.remove();
@@ -127,11 +128,11 @@ public class RelatedUserClassFilter impl
else if ( userClass instanceof UserClass.UserGroup )
{
UserClass.UserGroup userGroupUserClass = ( UserClass.UserGroup ) userClass;
-
+
for ( Dn userGroupName : userGroupNames )
{
Set<Dn> dns = userGroupUserClass.getNames();
-
+
if ( userGroupName != null )
{
for ( Dn dn : dns )
Modified: directory/apacheds/trunk/interceptors/authz/src/main/java/org/apache/directory/server/core/authz/support/RestrictedByFilter.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/interceptors/authz/src/main/java/org/apache/directory/server/core/authz/support/RestrictedByFilter.java?rev=1235340&r1=1235339&r2=1235340&view=diff
==============================================================================
--- directory/apacheds/trunk/interceptors/authz/src/main/java/org/apache/directory/server/core/authz/support/RestrictedByFilter.java (original)
+++ directory/apacheds/trunk/interceptors/authz/src/main/java/org/apache/directory/server/core/authz/support/RestrictedByFilter.java Tue Jan 24 16:37:29 2012
@@ -42,7 +42,8 @@ import org.apache.directory.shared.ldap.
*/
public class RestrictedByFilter implements ACITupleFilter
{
- public Collection<ACITuple> filter( AciContext aciContext, OperationScope scope, Entry userEntry ) throws LdapException
+ public Collection<ACITuple> filter( AciContext aciContext, OperationScope scope, Entry userEntry )
+ throws LdapException
{
if ( scope != OperationScope.ATTRIBUTE_TYPE_AND_VALUE )
{
@@ -54,10 +55,10 @@ public class RestrictedByFilter implemen
return aciContext.getAciTuples();
}
- for ( Iterator<ACITuple> ii = aciContext.getAciTuples().iterator() ; ii.hasNext(); )
+ for ( Iterator<ACITuple> ii = aciContext.getAciTuples().iterator(); ii.hasNext(); )
{
ACITuple tuple = ii.next();
-
+
if ( !tuple.isGrant() )
{
continue;
@@ -73,23 +74,24 @@ public class RestrictedByFilter implemen
}
- public boolean isRemovable( ACITuple tuple, AttributeType attributeType, Value<?> attrValue, Entry entry ) throws LdapException
+ public boolean isRemovable( ACITuple tuple, AttributeType attributeType, Value<?> attrValue, Entry entry )
+ throws LdapException
{
for ( ProtectedItem item : tuple.getProtectedItems() )
{
if ( item instanceof RestrictedByItem )
{
RestrictedByItem rb = ( RestrictedByItem ) item;
-
+
for ( Iterator<RestrictedByElem> k = rb.iterator(); k.hasNext(); )
{
RestrictedByElem rbItem = k.next();
-
+
// TODO Fix DIRSEVER-832
if ( attributeType.equals( rbItem.getAttributeType() ) )
{
Attribute attr = entry.get( rbItem.getValuesIn() );
-
+
// TODO Fix DIRSEVER-832
if ( ( attr == null ) || !attr.contains( attrValue ) )
{
Modified: directory/apacheds/trunk/interceptors/authz/src/main/java/org/apache/directory/server/core/authz/support/package-info.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/interceptors/authz/src/main/java/org/apache/directory/server/core/authz/support/package-info.java?rev=1235340&r1=1235339&r2=1235340&view=diff
==============================================================================
--- directory/apacheds/trunk/interceptors/authz/src/main/java/org/apache/directory/server/core/authz/support/package-info.java (original)
+++ directory/apacheds/trunk/interceptors/authz/src/main/java/org/apache/directory/server/core/authz/support/package-info.java Tue Jan 24 16:37:29 2012
@@ -29,3 +29,5 @@
*/
package org.apache.directory.server.core.authz.support;
+
+
Modified: directory/apacheds/trunk/interceptors/authz/src/test/java/org/apache/directory/server/core/authz/support/HighestPrecedenceFilterTest.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/interceptors/authz/src/test/java/org/apache/directory/server/core/authz/support/HighestPrecedenceFilterTest.java?rev=1235340&r1=1235339&r2=1235340&view=diff
==============================================================================
--- directory/apacheds/trunk/interceptors/authz/src/test/java/org/apache/directory/server/core/authz/support/HighestPrecedenceFilterTest.java (original)
+++ directory/apacheds/trunk/interceptors/authz/src/test/java/org/apache/directory/server/core/authz/support/HighestPrecedenceFilterTest.java Tue Jan 24 16:37:29 2012
@@ -50,9 +50,12 @@ import org.junit.runner.RunWith;
@Concurrency()
public class HighestPrecedenceFilterTest
{
- private static final Collection<ProtectedItem> PI_EMPTY_COLLECTION = Collections.unmodifiableCollection( new ArrayList<ProtectedItem>() );
- private static final Collection<UserClass> UC_EMPTY_COLLECTION = Collections.unmodifiableCollection( new ArrayList<UserClass>() );
- private static final Collection<ACITuple> AT_EMPTY_COLLECTION = Collections.unmodifiableCollection( new ArrayList<ACITuple>() );
+ private static final Collection<ProtectedItem> PI_EMPTY_COLLECTION = Collections
+ .unmodifiableCollection( new ArrayList<ProtectedItem>() );
+ private static final Collection<UserClass> UC_EMPTY_COLLECTION = Collections
+ .unmodifiableCollection( new ArrayList<UserClass>() );
+ private static final Collection<ACITuple> AT_EMPTY_COLLECTION = Collections
+ .unmodifiableCollection( new ArrayList<ACITuple>() );
private static final Set<MicroOperation> MO_EMPTY_SET = Collections.unmodifiableSet( new HashSet<MicroOperation>() );
@@ -72,10 +75,11 @@ public class HighestPrecedenceFilterTest
{
HighestPrecedenceFilter filter = new HighestPrecedenceFilter();
Collection<ACITuple> tuples = new ArrayList<ACITuple>();
-
- tuples.add( new ACITuple( UC_EMPTY_COLLECTION, AuthenticationLevel.NONE, PI_EMPTY_COLLECTION, MO_EMPTY_SET, true, 10 ) );
+
+ tuples.add( new ACITuple( UC_EMPTY_COLLECTION, AuthenticationLevel.NONE, PI_EMPTY_COLLECTION, MO_EMPTY_SET,
+ true, 10 ) );
tuples = Collections.unmodifiableCollection( tuples );
-
+
AciContext aciContext = new AciContext( null, null );
aciContext.setAciTuples( tuples );
@@ -89,14 +93,18 @@ public class HighestPrecedenceFilterTest
final int MAX_PRECEDENCE = 10;
HighestPrecedenceFilter filter = new HighestPrecedenceFilter();
Collection<ACITuple> tuples = new ArrayList<ACITuple>();
-
- tuples.add( new ACITuple( UC_EMPTY_COLLECTION, AuthenticationLevel.NONE, PI_EMPTY_COLLECTION, MO_EMPTY_SET, true,
+
+ tuples.add( new ACITuple( UC_EMPTY_COLLECTION, AuthenticationLevel.NONE, PI_EMPTY_COLLECTION, MO_EMPTY_SET,
+ true,
MAX_PRECEDENCE ) );
- tuples.add( new ACITuple( UC_EMPTY_COLLECTION, AuthenticationLevel.NONE, PI_EMPTY_COLLECTION, MO_EMPTY_SET, true,
+ tuples.add( new ACITuple( UC_EMPTY_COLLECTION, AuthenticationLevel.NONE, PI_EMPTY_COLLECTION, MO_EMPTY_SET,
+ true,
MAX_PRECEDENCE / 2 ) );
- tuples.add( new ACITuple( UC_EMPTY_COLLECTION, AuthenticationLevel.NONE, PI_EMPTY_COLLECTION, MO_EMPTY_SET, true,
+ tuples.add( new ACITuple( UC_EMPTY_COLLECTION, AuthenticationLevel.NONE, PI_EMPTY_COLLECTION, MO_EMPTY_SET,
+ true,
MAX_PRECEDENCE ) );
- tuples.add( new ACITuple( UC_EMPTY_COLLECTION, AuthenticationLevel.NONE, PI_EMPTY_COLLECTION, MO_EMPTY_SET, true,
+ tuples.add( new ACITuple( UC_EMPTY_COLLECTION, AuthenticationLevel.NONE, PI_EMPTY_COLLECTION, MO_EMPTY_SET,
+ true,
MAX_PRECEDENCE / 3 ) );
AciContext aciContext = new AciContext( null, null );
@@ -104,7 +112,7 @@ public class HighestPrecedenceFilterTest
tuples = filter.filter( aciContext, null, null );
- for ( ACITuple tuple:tuples )
+ for ( ACITuple tuple : tuples )
{
assertNotNull( tuple.getPrecedence() );
assertEquals( MAX_PRECEDENCE, tuple.getPrecedence().intValue() );
Modified: directory/apacheds/trunk/interceptors/authz/src/test/java/org/apache/directory/server/core/authz/support/MaxValueCountFilterTest.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/interceptors/authz/src/test/java/org/apache/directory/server/core/authz/support/MaxValueCountFilterTest.java?rev=1235340&r1=1235339&r2=1235340&view=diff
==============================================================================
--- directory/apacheds/trunk/interceptors/authz/src/test/java/org/apache/directory/server/core/authz/support/MaxValueCountFilterTest.java (original)
+++ directory/apacheds/trunk/interceptors/authz/src/test/java/org/apache/directory/server/core/authz/support/MaxValueCountFilterTest.java Tue Jan 24 16:37:29 2012
@@ -58,11 +58,15 @@ import com.mycila.junit.concurrent.Concu
@Concurrency()
public class MaxValueCountFilterTest
{
- private static final Collection<ACITuple> EMPTY_ACI_TUPLE_COLLECTION = Collections.unmodifiableCollection( new ArrayList<ACITuple>() );
- private static final Collection<UserClass> EMPTY_USER_CLASS_COLLECTION = Collections.unmodifiableCollection( new ArrayList<UserClass>() );
- private static final Collection<ProtectedItem> EMPTY_PROTECTED_ITEM_COLLECTION = Collections.unmodifiableCollection( new ArrayList<ProtectedItem>() );
+ private static final Collection<ACITuple> EMPTY_ACI_TUPLE_COLLECTION = Collections
+ .unmodifiableCollection( new ArrayList<ACITuple>() );
+ private static final Collection<UserClass> EMPTY_USER_CLASS_COLLECTION = Collections
+ .unmodifiableCollection( new ArrayList<UserClass>() );
+ private static final Collection<ProtectedItem> EMPTY_PROTECTED_ITEM_COLLECTION = Collections
+ .unmodifiableCollection( new ArrayList<ProtectedItem>() );
- private static final Set<MicroOperation> EMPTY_MICRO_OPERATION_SET = Collections.unmodifiableSet( new HashSet<MicroOperation>() );
+ private static final Set<MicroOperation> EMPTY_MICRO_OPERATION_SET = Collections
+ .unmodifiableSet( new HashSet<MicroOperation>() );
private static final Collection<ProtectedItem> PROTECTED_ITEMS = new ArrayList<ProtectedItem>();
private static Entry ENTRY;
@@ -74,15 +78,16 @@ public class MaxValueCountFilterTest
/** A reference to the schemaManager */
private static SchemaManager schemaManager;
-
- @BeforeClass public static void init() throws Exception
+
+ @BeforeClass
+ public static void init() throws Exception
{
schemaManager = new DefaultSchemaManager();
Dn entryName = new Dn( schemaManager, "ou=test, ou=system" );
ENTRY = new DefaultEntry( schemaManager, entryName );
FULL_ENTRY = new DefaultEntry( schemaManager, entryName );
-
+
ENTRY.put( "cn", "1" );
FULL_ENTRY.put( "cn", "1", "2", "3" );
@@ -90,17 +95,18 @@ public class MaxValueCountFilterTest
AttributeType cn = schemaManager.lookupAttributeTypeRegistry( "cn" );
mvcItems.add( new MaxValueCountElem( cn, 2 ) );
PROTECTED_ITEMS.add( new MaxValueCountItem( mvcItems ) );
-
+
CN_AT = schemaManager.lookupAttributeTypeRegistry( "cn" );
}
-
-
- @Test
+
+
+ @Test
public void testWrongScope() throws Exception
{
MaxValueCountFilter filter = new MaxValueCountFilter();
Collection<ACITuple> tuples = new ArrayList<ACITuple>();
- tuples.add( new ACITuple( EMPTY_USER_CLASS_COLLECTION, AuthenticationLevel.NONE, EMPTY_PROTECTED_ITEM_COLLECTION,
+ tuples.add( new ACITuple( EMPTY_USER_CLASS_COLLECTION, AuthenticationLevel.NONE,
+ EMPTY_PROTECTED_ITEM_COLLECTION,
EMPTY_MICRO_OPERATION_SET, true, 0 ) );
tuples = Collections.unmodifiableCollection( tuples );
@@ -117,7 +123,7 @@ public class MaxValueCountFilterTest
}
- @Test
+ @Test
public void testZeroTuple() throws Exception
{
MaxValueCountFilter filter = new MaxValueCountFilter();
@@ -125,16 +131,16 @@ public class MaxValueCountFilterTest
AciContext aciContext = new AciContext( schemaManager, null );
aciContext.setAciTuples( EMPTY_ACI_TUPLE_COLLECTION );
- assertEquals( 0, filter.filter( aciContext, OperationScope.ATTRIBUTE_TYPE_AND_VALUE, null ).size() );
+ assertEquals( 0, filter.filter( aciContext, OperationScope.ATTRIBUTE_TYPE_AND_VALUE, null ).size() );
}
- @Test
+ @Test
public void testDenialTuple() throws Exception
{
MaxValueCountFilter filter = new MaxValueCountFilter();
Collection<ACITuple> tuples = new ArrayList<ACITuple>();
- tuples.add( new ACITuple( EMPTY_USER_CLASS_COLLECTION, AuthenticationLevel.NONE, PROTECTED_ITEMS,
+ tuples.add( new ACITuple( EMPTY_USER_CLASS_COLLECTION, AuthenticationLevel.NONE, PROTECTED_ITEMS,
EMPTY_MICRO_OPERATION_SET, false, 0 ) );
tuples = Collections.unmodifiableCollection( tuples );
@@ -151,24 +157,24 @@ public class MaxValueCountFilterTest
aciContext.setAttributeType( CN_AT );
aciContext.setEntry( FULL_ENTRY );
- assertEquals( tuples, filter.filter( aciContext, OperationScope.ATTRIBUTE_TYPE_AND_VALUE,null ) );
+ assertEquals( tuples, filter.filter( aciContext, OperationScope.ATTRIBUTE_TYPE_AND_VALUE, null ) );
}
- @Test
+ @Test
public void testGrantTuple() throws Exception
{
MaxValueCountFilter filter = new MaxValueCountFilter();
Collection<ACITuple> tuples = new ArrayList<ACITuple>();
-
+
// Test with this ACI :
//
- tuples.add( new ACITuple(
- EMPTY_USER_CLASS_COLLECTION,
- AuthenticationLevel.NONE,
- PROTECTED_ITEMS,
- EMPTY_MICRO_OPERATION_SET,
- true,
+ tuples.add( new ACITuple(
+ EMPTY_USER_CLASS_COLLECTION,
+ AuthenticationLevel.NONE,
+ PROTECTED_ITEMS,
+ EMPTY_MICRO_OPERATION_SET,
+ true,
0 ) );
AciContext aciContext = new AciContext( schemaManager, null );
Modified: directory/apacheds/trunk/interceptors/authz/src/test/java/org/apache/directory/server/core/authz/support/MicroOperationFilterTest.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/interceptors/authz/src/test/java/org/apache/directory/server/core/authz/support/MicroOperationFilterTest.java?rev=1235340&r1=1235339&r2=1235340&view=diff
==============================================================================
--- directory/apacheds/trunk/interceptors/authz/src/test/java/org/apache/directory/server/core/authz/support/MicroOperationFilterTest.java (original)
+++ directory/apacheds/trunk/interceptors/authz/src/test/java/org/apache/directory/server/core/authz/support/MicroOperationFilterTest.java Tue Jan 24 16:37:29 2012
@@ -48,9 +48,12 @@ import org.junit.runner.RunWith;
@Concurrency()
public class MicroOperationFilterTest
{
- private static final Collection<ACITuple> EMPTY_ACI_TUPLE_COLLECTION = Collections.unmodifiableCollection( new ArrayList<ACITuple>() );
- private static final Collection<UserClass> EMPTY_USER_CLASS_COLLECTION = Collections.unmodifiableCollection( new ArrayList<UserClass>() );
- private static final Collection<ProtectedItem> EMPTY_PROTECTED_ITEM_COLLECTION = Collections.unmodifiableCollection( new ArrayList<ProtectedItem>() );
+ private static final Collection<ACITuple> EMPTY_ACI_TUPLE_COLLECTION = Collections
+ .unmodifiableCollection( new ArrayList<ACITuple>() );
+ private static final Collection<UserClass> EMPTY_USER_CLASS_COLLECTION = Collections
+ .unmodifiableCollection( new ArrayList<UserClass>() );
+ private static final Collection<ProtectedItem> EMPTY_PROTECTED_ITEM_COLLECTION = Collections
+ .unmodifiableCollection( new ArrayList<ProtectedItem>() );
private static final Set<MicroOperation> USER_OPERATIONS_A = new HashSet<MicroOperation>();
private static final Set<MicroOperation> USER_OPERATIONS_B = new HashSet<MicroOperation>();
@@ -85,8 +88,9 @@ public class MicroOperationFilterTest
{
MicroOperationFilter filter = new MicroOperationFilter();
Collection<ACITuple> tuples = new ArrayList<ACITuple>();
-
- tuples.add( new ACITuple( EMPTY_USER_CLASS_COLLECTION, AuthenticationLevel.NONE, EMPTY_PROTECTED_ITEM_COLLECTION,
+
+ tuples.add( new ACITuple( EMPTY_USER_CLASS_COLLECTION, AuthenticationLevel.NONE,
+ EMPTY_PROTECTED_ITEM_COLLECTION,
TUPLE_OPERATIONS, true, 0 ) );
AciContext aciContext = new AciContext( null, null );
Modified: directory/apacheds/trunk/interceptors/authz/src/test/java/org/apache/directory/server/core/authz/support/MostSpecificProtectedItemFilterTest.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/interceptors/authz/src/test/java/org/apache/directory/server/core/authz/support/MostSpecificProtectedItemFilterTest.java?rev=1235340&r1=1235339&r2=1235340&view=diff
==============================================================================
--- directory/apacheds/trunk/interceptors/authz/src/test/java/org/apache/directory/server/core/authz/support/MostSpecificProtectedItemFilterTest.java (original)
+++ directory/apacheds/trunk/interceptors/authz/src/test/java/org/apache/directory/server/core/authz/support/MostSpecificProtectedItemFilterTest.java Tue Jan 24 16:37:29 2012
@@ -59,7 +59,8 @@ import org.junit.runner.RunWith;
@Concurrency()
public class MostSpecificProtectedItemFilterTest
{
- private static final Set<AttributeType> EMPTY_STRING_COLLECTION = Collections.unmodifiableSet( new HashSet<AttributeType>() );
+ private static final Set<AttributeType> EMPTY_STRING_COLLECTION = Collections
+ .unmodifiableSet( new HashSet<AttributeType>() );
private static final Set<Attribute> EMPTY_ATTRIBUTE_COLLECTION = Collections
.unmodifiableSet( new HashSet<Attribute>() );
@@ -75,14 +76,14 @@ public class MostSpecificProtectedItemFi
private static final Set<MicroOperation> EMPTY_MICRO_OPERATION_SET = Collections
.unmodifiableSet( new HashSet<MicroOperation>() );
-
+
private static final List<ACITuple> TUPLES_A = new ArrayList<ACITuple>();
private static final List<ACITuple> TUPLES_B = new ArrayList<ACITuple>();
private static final List<ACITuple> TUPLES_C = new ArrayList<ACITuple>();
private static final List<ACITuple> TUPLES_D = new ArrayList<ACITuple>();
private static final List<ACITuple> TUPLES_E = new ArrayList<ACITuple>();
-
+
@BeforeClass
public static void init()
{
@@ -98,29 +99,33 @@ public class MostSpecificProtectedItemFi
allAttributeValues.add( new AllAttributeValuesItem( EMPTY_STRING_COLLECTION ) );
selfValue.add( new SelfValueItem( EMPTY_STRING_COLLECTION ) );
attributeValue.add( new AttributeValueItem( EMPTY_ATTRIBUTE_COLLECTION ) );
- rangeOfValues.add( new RangeOfValuesItem( new PresenceNode( (String)null ) ) );
+ rangeOfValues.add( new RangeOfValuesItem( new PresenceNode( ( String ) null ) ) );
allUserAttributeTypes.add( ProtectedItem.ALL_USER_ATTRIBUTE_TYPES );
allUserAttributeTypesAndValues.add( ProtectedItem.ALL_USER_ATTRIBUTE_TYPES_AND_VALUES );
- ACITuple attributeTypeTuple = new ACITuple( EMPTY_USER_CLASS_COLLECTION, AuthenticationLevel.NONE, attributeType,
+ ACITuple attributeTypeTuple = new ACITuple( EMPTY_USER_CLASS_COLLECTION, AuthenticationLevel.NONE,
+ attributeType,
EMPTY_MICRO_OPERATION_SET, true, 0 );
-
+
ACITuple allAttributeValuesTuple = new ACITuple( EMPTY_USER_CLASS_COLLECTION, AuthenticationLevel.NONE,
allAttributeValues, EMPTY_MICRO_OPERATION_SET, true, 0 );
-
- ACITuple selfValueTuple = new ACITuple( EMPTY_USER_CLASS_COLLECTION, AuthenticationLevel.NONE, selfValue,
- EMPTY_MICRO_OPERATION_SET, true, 0 );
-
- ACITuple attributeValueTuple = new ACITuple( EMPTY_USER_CLASS_COLLECTION, AuthenticationLevel.NONE, attributeValue,
- EMPTY_MICRO_OPERATION_SET, true, 0 );
-
- ACITuple rangeOfValuesTuple = new ACITuple( EMPTY_USER_CLASS_COLLECTION, AuthenticationLevel.NONE, rangeOfValues,
- EMPTY_MICRO_OPERATION_SET, true, 0 );
-
+
+ ACITuple selfValueTuple = new ACITuple( EMPTY_USER_CLASS_COLLECTION, AuthenticationLevel.NONE, selfValue,
+ EMPTY_MICRO_OPERATION_SET, true, 0 );
+
+ ACITuple attributeValueTuple = new ACITuple( EMPTY_USER_CLASS_COLLECTION, AuthenticationLevel.NONE,
+ attributeValue,
+ EMPTY_MICRO_OPERATION_SET, true, 0 );
+
+ ACITuple rangeOfValuesTuple = new ACITuple( EMPTY_USER_CLASS_COLLECTION, AuthenticationLevel.NONE,
+ rangeOfValues,
+ EMPTY_MICRO_OPERATION_SET, true, 0 );
+
ACITuple allUserAttributeTypesTuple = new ACITuple( EMPTY_USER_CLASS_COLLECTION, AuthenticationLevel.NONE,
allUserAttributeTypes, EMPTY_MICRO_OPERATION_SET, true, 0 );
-
- ACITuple allUserAttributeTypesAndValuesTuple = new ACITuple( EMPTY_USER_CLASS_COLLECTION, AuthenticationLevel.NONE,
+
+ ACITuple allUserAttributeTypesAndValuesTuple = new ACITuple( EMPTY_USER_CLASS_COLLECTION,
+ AuthenticationLevel.NONE,
allUserAttributeTypesAndValues, EMPTY_MICRO_OPERATION_SET, true, 0 );
TUPLES_A.add( attributeTypeTuple );
@@ -153,6 +158,7 @@ public class MostSpecificProtectedItemFi
TUPLES_E.add( allUserAttributeTypesAndValuesTuple );
}
+
@Test
public void testZeroOrOneTuple() throws Exception
{
@@ -164,7 +170,8 @@ public class MostSpecificProtectedItemFi
assertEquals( 0, filter.filter( aciContext, OperationScope.ATTRIBUTE_TYPE_AND_VALUE, null ).size() );
Collection<ACITuple> tuples = new ArrayList<ACITuple>();
- tuples.add( new ACITuple( EMPTY_USER_CLASS_COLLECTION, AuthenticationLevel.NONE, EMPTY_PROTECTED_ITEM_COLLECTION, EMPTY_MICRO_OPERATION_SET, false, 0 ) );
+ tuples.add( new ACITuple( EMPTY_USER_CLASS_COLLECTION, AuthenticationLevel.NONE,
+ EMPTY_PROTECTED_ITEM_COLLECTION, EMPTY_MICRO_OPERATION_SET, false, 0 ) );
aciContext = new AciContext( null, null );
aciContext.setAciTuples( tuples );
@@ -179,11 +186,11 @@ public class MostSpecificProtectedItemFi
MostSpecificProtectedItemFilter filter = new MostSpecificProtectedItemFilter();
List<ACITuple> tuples = new ArrayList<ACITuple>( TUPLES_A );
-
+
AciContext aciContext = new AciContext( null, null );
aciContext.setAciTuples( tuples );
- tuples = ( List<ACITuple> ) filter.filter( aciContext, OperationScope.ENTRY, null );
+ tuples = ( List<ACITuple> ) filter.filter( aciContext, OperationScope.ENTRY, null );
assertEquals( 4, tuples.size() );
assertSame( TUPLES_A.get( 0 ), tuples.get( 0 ) );