You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by ak...@apache.org on 2006/02/10 11:49:57 UTC
svn commit: r376623 [3/38] - in /directory/sandbox/akarasulu/rc1/apacheds:
core-plugin/src/main/java/org/apache/directory/server/core/tools/schema/
core-plugin/src/test/java/org/apache/directory/server/core/tools/schema/
core-shared/src/main/java/org/a...
Modified: directory/sandbox/akarasulu/rc1/apacheds/core-unit/src/test/java/org/apache/directory/server/core/authz/ModifyAuthorizationTest.java
URL: http://svn.apache.org/viewcvs/directory/sandbox/akarasulu/rc1/apacheds/core-unit/src/test/java/org/apache/directory/server/core/authz/ModifyAuthorizationTest.java?rev=376623&r1=376622&r2=376623&view=diff
==============================================================================
--- directory/sandbox/akarasulu/rc1/apacheds/core-unit/src/test/java/org/apache/directory/server/core/authz/ModifyAuthorizationTest.java (original)
+++ directory/sandbox/akarasulu/rc1/apacheds/core-unit/src/test/java/org/apache/directory/server/core/authz/ModifyAuthorizationTest.java Fri Feb 10 02:48:07 2006
@@ -55,7 +55,7 @@
* @throws javax.naming.NamingException if there are problems conducting the test
*/
public boolean checkCanModifyAs( String uid, String password, String entryRdn, ModificationItem[] mods )
- throws NamingException
+ throws NamingException
{
// create the entry with the telephoneNumber attribute to modify
Attributes testEntry = new BasicAttributes( "ou", "testou", true );
@@ -63,14 +63,14 @@
testEntry.put( objectClass );
objectClass.add( "top" );
objectClass.add( "organizationalUnit" );
- testEntry.put( "telephoneNumber", "867-5309" ); // jenny don't change your number
+ testEntry.put( "telephoneNumber", "867-5309" ); // jenny don't change your number
DirContext adminContext = getContextAsAdmin();
try
{
// create the entry as admin
- LdapName userName = new LdapName( "uid="+uid+",ou=users,ou=system" );
+ LdapName userName = new LdapName( "uid=" + uid + ",ou=users,ou=system" );
adminContext.createSubcontext( entryRdn, testEntry );
// modify the entry as the user
@@ -111,7 +111,7 @@
* @throws javax.naming.NamingException if there are problems conducting the test
*/
public boolean checkCanModifyAs( String uid, String password, String entryRdn, int modOp, Attributes mods )
- throws NamingException
+ throws NamingException
{
// create the entry with the telephoneNumber attribute to modify
Attributes testEntry = new BasicAttributes( "ou", "testou", true );
@@ -119,14 +119,14 @@
testEntry.put( objectClass );
objectClass.add( "top" );
objectClass.add( "organizationalUnit" );
- testEntry.put( "telephoneNumber", "867-5309" ); // jenny don't change your number
+ testEntry.put( "telephoneNumber", "867-5309" ); // jenny don't change your number
DirContext adminContext = getContextAsAdmin();
try
{
// create the entry as admin
- LdapName userName = new LdapName( "uid="+uid+",ou=users,ou=system" );
+ LdapName userName = new LdapName( "uid=" + uid + ",ou=users,ou=system" );
adminContext.createSubcontext( entryRdn, testEntry );
// modify the entry as the user
@@ -160,13 +160,12 @@
* false otherwise.
* @throws javax.naming.NamingException if there are problems conducting the test
*/
- public boolean checkCanSelfModify( String uid, String password, int modOp, Attributes mods )
- throws NamingException
+ public boolean checkCanSelfModify( String uid, String password, int modOp, Attributes mods ) throws NamingException
{
try
{
// modify the entry as the user
- Name userEntry = new LdapName( "uid="+uid+",ou=users,ou=system" );
+ Name userEntry = new LdapName( "uid=" + uid + ",ou=users,ou=system" );
DirContext userContext = getContextAs( userEntry, password, userEntry.toString() );
userContext.modifyAttributes( "", modOp, mods );
return true;
@@ -190,13 +189,12 @@
* false otherwise.
* @throws javax.naming.NamingException if there are problems conducting the test
*/
- public boolean checkCanSelfModify( String uid, String password, ModificationItem[] mods )
- throws NamingException
+ public boolean checkCanSelfModify( String uid, String password, ModificationItem[] mods ) throws NamingException
{
try
{
// modify the entry as the user
- Name userEntry = new LdapName( "uid="+uid+",ou=users,ou=system" );
+ Name userEntry = new LdapName( "uid=" + uid + ",ou=users,ou=system" );
DirContext userContext = getContextAs( userEntry, password, userEntry.toString() );
userContext.modifyAttributes( "", mods );
return true;
@@ -240,25 +238,20 @@
createUser( "billyd", "billyd" );
// create the password modification
- ModificationItem[] mods = toItems( DirContext.REPLACE_ATTRIBUTE,
- new BasicAttributes( "userPassword", "williams", true ) );
+ ModificationItem[] mods = toItems( DirContext.REPLACE_ATTRIBUTE, new BasicAttributes( "userPassword",
+ "williams", true ) );
// try a modify operation which should fail without any ACI
assertFalse( checkCanSelfModify( "billyd", "billyd", mods ) );
// Gives grantModify, and grantRead perm to all users in the Administrators group for
// entries and all attribute types and values
- createAccessControlSubentry( "selfModifyUserPassword",
- "{ " +
- "identificationTag \"addAci\", " +
- "precedence 14, " +
- "authenticationLevel none, " +
- "itemOrUserFirst userFirst: { " +
- "userClasses { thisEntry }, " +
- "userPermissions { " +
- "{ protectedItems {entry}, grantsAndDenials { grantModify, grantBrowse, grantRead } }, " +
- "{ protectedItems {allAttributeValues {userPassword}}, grantsAndDenials { grantAdd, grantRemove } } " +
- "} } }" );
+ createAccessControlSubentry( "selfModifyUserPassword", "{ " + "identificationTag \"addAci\", "
+ + "precedence 14, " + "authenticationLevel none, " + "itemOrUserFirst userFirst: { "
+ + "userClasses { thisEntry }, " + "userPermissions { "
+ + "{ protectedItems {entry}, grantsAndDenials { grantModify, grantBrowse, grantRead } }, "
+ + "{ protectedItems {allAttributeValues {userPassword}}, grantsAndDenials { grantAdd, grantRemove } } "
+ + "} } }" );
// try a modify operation which should succeed with ACI
assertTrue( checkCanSelfModify( "billyd", "billyd", mods ) );
@@ -278,8 +271,8 @@
// ----------------------------------------------------------------------------------
// create the add modifications
- ModificationItem[] mods = toItems( DirContext.ADD_ATTRIBUTE,
- new BasicAttributes( "registeredAddress", "100 Park Ave.", true ) );
+ ModificationItem[] mods = toItems( DirContext.ADD_ATTRIBUTE, new BasicAttributes( "registeredAddress",
+ "100 Park Ave.", true ) );
// create the non-admin user
createUser( "billyd", "billyd" );
@@ -289,17 +282,11 @@
// Gives grantModify, and grantRead perm to all users in the Administrators group for
// entries and all attribute types and values
- createAccessControlSubentry( "administratorModifyAdd",
- "{ " +
- "identificationTag \"addAci\", " +
- "precedence 14, " +
- "authenticationLevel none, " +
- "itemOrUserFirst userFirst: { " +
- "userClasses { userGroup { \"cn=Administrators,ou=groups,ou=system\" } }, " +
- "userPermissions { " +
- "{ protectedItems {entry}, grantsAndDenials { grantModify, grantBrowse } }, " +
- "{ protectedItems {allAttributeValues {registeredAddress}}, grantsAndDenials { grantAdd } } " +
- "} } }" );
+ createAccessControlSubentry( "administratorModifyAdd", "{ " + "identificationTag \"addAci\", "
+ + "precedence 14, " + "authenticationLevel none, " + "itemOrUserFirst userFirst: { "
+ + "userClasses { userGroup { \"cn=Administrators,ou=groups,ou=system\" } }, " + "userPermissions { "
+ + "{ protectedItems {entry}, grantsAndDenials { grantModify, grantBrowse } }, "
+ + "{ protectedItems {allAttributeValues {registeredAddress}}, grantsAndDenials { grantAdd } } " + "} } }" );
// see if we can now add that test entry which we could not before
// add op should still fail since billd is not in the admin group
@@ -317,24 +304,18 @@
// ----------------------------------------------------------------------------------
// now let's test to see if we can perform a modify with a delete op
- mods = toItems( DirContext.REMOVE_ATTRIBUTE,
- new BasicAttributes( "telephoneNumber", "867-5309", true ) );
+ mods = toItems( DirContext.REMOVE_ATTRIBUTE, new BasicAttributes( "telephoneNumber", "867-5309", true ) );
// make sure we cannot remove the telephone number from the test entry
assertFalse( checkCanModifyAs( "billyd", "billyd", "ou=testou", mods ) );
// Gives grantModify, and grantRead perm to all users in the Administrators group for
// entries and all attribute types and values
- createAccessControlSubentry( "administratorModifyRemove", "{ " +
- "identificationTag \"addAci\", " +
- "precedence 14, " +
- "authenticationLevel none, " +
- "itemOrUserFirst userFirst: { " +
- "userClasses { userGroup { \"cn=Administrators,ou=groups,ou=system\" } }, " +
- "userPermissions { " +
- "{ protectedItems {entry}, grantsAndDenials { grantModify, grantBrowse } }, " +
- "{ protectedItems {allAttributeValues {telephoneNumber}}, grantsAndDenials { grantRemove } } " +
- "} } }" );
+ createAccessControlSubentry( "administratorModifyRemove", "{ " + "identificationTag \"addAci\", "
+ + "precedence 14, " + "authenticationLevel none, " + "itemOrUserFirst userFirst: { "
+ + "userClasses { userGroup { \"cn=Administrators,ou=groups,ou=system\" } }, " + "userPermissions { "
+ + "{ protectedItems {entry}, grantsAndDenials { grantModify, grantBrowse } }, "
+ + "{ protectedItems {allAttributeValues {telephoneNumber}}, grantsAndDenials { grantRemove } } " + "} } }" );
// try a modify operation which should succeed with ACI and group membership change
assertTrue( checkCanModifyAs( "billyd", "billyd", "ou=testou", mods ) );
@@ -345,24 +326,19 @@
// ----------------------------------------------------------------------------------
// now let's test to see if we can perform a modify with a delete op
- mods = toItems( DirContext.REPLACE_ATTRIBUTE,
- new BasicAttributes( "telephoneNumber", "867-5309", true ) );
+ mods = toItems( DirContext.REPLACE_ATTRIBUTE, new BasicAttributes( "telephoneNumber", "867-5309", true ) );
// make sure we cannot remove the telephone number from the test entry
assertFalse( checkCanModifyAs( "billyd", "billyd", "ou=testou", mods ) );
// Gives grantModify, and grantRead perm to all users in the Administrators group for
// entries and all attribute types and values
- createAccessControlSubentry( "administratorModifyReplace", "{ " +
- "identificationTag \"addAci\", " +
- "precedence 14, " +
- "authenticationLevel none, " +
- "itemOrUserFirst userFirst: { " +
- "userClasses { userGroup { \"cn=Administrators,ou=groups,ou=system\" } }, " +
- "userPermissions { " +
- "{ protectedItems {entry}, grantsAndDenials { grantModify, grantBrowse } }, " +
- "{ protectedItems {allAttributeValues {telephoneNumber}}, grantsAndDenials { grantAdd, grantRemove } } " +
- "} } }" );
+ createAccessControlSubentry( "administratorModifyReplace", "{ " + "identificationTag \"addAci\", "
+ + "precedence 14, " + "authenticationLevel none, " + "itemOrUserFirst userFirst: { "
+ + "userClasses { userGroup { \"cn=Administrators,ou=groups,ou=system\" } }, " + "userPermissions { "
+ + "{ protectedItems {entry}, grantsAndDenials { grantModify, grantBrowse } }, "
+ + "{ protectedItems {allAttributeValues {telephoneNumber}}, grantsAndDenials { grantAdd, grantRemove } } "
+ + "} } }" );
// try a modify operation which should succeed with ACI and group membership change
assertTrue( checkCanModifyAs( "billyd", "billyd", "ou=testou", mods ) );
@@ -375,7 +351,6 @@
// ----------------------------------------------------------------------------------
// Modify with Attribute Addition
// ----------------------------------------------------------------------------------
-
// create the add modifications
Attributes changes = new BasicAttributes( "registeredAddress", "100 Park Ave.", true );
@@ -384,16 +359,11 @@
// Gives grantModify, and grantRead perm to all users in the Administrators group for
// entries and all attribute types and values
- createAccessControlSubentry( "administratorModifyAdd", "{ " +
- "identificationTag \"addAci\", " +
- "precedence 14, " +
- "authenticationLevel none, " +
- "itemOrUserFirst userFirst: { " +
- "userClasses { userGroup { \"cn=Administrators,ou=groups,ou=system\" } }, " +
- "userPermissions { " +
- "{ protectedItems {entry}, grantsAndDenials { grantModify, grantBrowse } }, " +
- "{ protectedItems {allAttributeValues {registeredAddress}}, grantsAndDenials { grantAdd } } " +
- "} } }" );
+ createAccessControlSubentry( "administratorModifyAdd", "{ " + "identificationTag \"addAci\", "
+ + "precedence 14, " + "authenticationLevel none, " + "itemOrUserFirst userFirst: { "
+ + "userClasses { userGroup { \"cn=Administrators,ou=groups,ou=system\" } }, " + "userPermissions { "
+ + "{ protectedItems {entry}, grantsAndDenials { grantModify, grantBrowse } }, "
+ + "{ protectedItems {allAttributeValues {registeredAddress}}, grantsAndDenials { grantAdd } } " + "} } }" );
// try a modify operation which should succeed with ACI and group membership change
assertTrue( checkCanModifyAs( "billyd", "billyd", "ou=testou", DirContext.ADD_ATTRIBUTE, changes ) );
@@ -411,16 +381,11 @@
// Gives grantModify, and grantRead perm to all users in the Administrators group for
// entries and all attribute types and values
- createAccessControlSubentry( "administratorModifyRemove", "{ " +
- "identificationTag \"addAci\", " +
- "precedence 14, " +
- "authenticationLevel none, " +
- "itemOrUserFirst userFirst: { " +
- "userClasses { userGroup { \"cn=Administrators,ou=groups,ou=system\" } }, " +
- "userPermissions { " +
- "{ protectedItems {entry}, grantsAndDenials { grantModify, grantBrowse } }, " +
- "{ protectedItems {allAttributeValues {telephoneNumber}}, grantsAndDenials { grantRemove } } " +
- "} } }" );
+ createAccessControlSubentry( "administratorModifyRemove", "{ " + "identificationTag \"addAci\", "
+ + "precedence 14, " + "authenticationLevel none, " + "itemOrUserFirst userFirst: { "
+ + "userClasses { userGroup { \"cn=Administrators,ou=groups,ou=system\" } }, " + "userPermissions { "
+ + "{ protectedItems {entry}, grantsAndDenials { grantModify, grantBrowse } }, "
+ + "{ protectedItems {allAttributeValues {telephoneNumber}}, grantsAndDenials { grantRemove } } " + "} } }" );
// try a modify operation which should succeed with ACI and group membership change
assertTrue( checkCanModifyAs( "billyd", "billyd", "ou=testou", DirContext.REMOVE_ATTRIBUTE, changes ) );
@@ -438,107 +403,102 @@
// Gives grantModify, and grantRead perm to all users in the Administrators group for
// entries and all attribute types and values
- createAccessControlSubentry( "administratorModifyReplace", "{ " +
- "identificationTag \"addAci\", " +
- "precedence 14, " +
- "authenticationLevel none, " +
- "itemOrUserFirst userFirst: { " +
- "userClasses { userGroup { \"cn=Administrators,ou=groups,ou=system\" } }, " +
- "userPermissions { " +
- "{ protectedItems {entry}, grantsAndDenials { grantModify, grantBrowse } }, " +
- "{ protectedItems {allAttributeValues {telephoneNumber}}, grantsAndDenials { grantAdd, grantRemove } } " +
- "} } }" );
+ createAccessControlSubentry( "administratorModifyReplace", "{ " + "identificationTag \"addAci\", "
+ + "precedence 14, " + "authenticationLevel none, " + "itemOrUserFirst userFirst: { "
+ + "userClasses { userGroup { \"cn=Administrators,ou=groups,ou=system\" } }, " + "userPermissions { "
+ + "{ protectedItems {entry}, grantsAndDenials { grantModify, grantBrowse } }, "
+ + "{ protectedItems {allAttributeValues {telephoneNumber}}, grantsAndDenials { grantAdd, grantRemove } } "
+ + "} } }" );
// try a modify operation which should succeed with ACI and group membership change
assertTrue( checkCanModifyAs( "billyd", "billyd", "ou=testou", DirContext.REPLACE_ATTRIBUTE, changes ) );
deleteAccessControlSubentry( "administratorModifyReplace" );
}
-
-// /**
-// * Checks to make sure name based userClass works for modify operations.
-// *
-// * @throws javax.naming.NamingException if the test encounters an error
-// */
-// public void testGrantModifyByName() throws NamingException
-// {
-// // create the non-admin user
-// createUser( "billyd", "billyd" );
-//
-// // try an modify operation which should fail without any ACI
-// assertFalse( checkCanModifyAs( "billyd", "billyd", "ou=testou", "867-5309" ) );
-//
-// // now add a subentry that enables user billyd to modify an entry below ou=system
-// createAccessControlSubentry( "billydAdd", "{ " +
-// "identificationTag \"addAci\", " +
-// "precedence 14, " +
-// "authenticationLevel none, " +
-// "itemOrUserFirst userFirst: { " +
-// "userClasses { name { \"uid=billyd,ou=users,ou=system\" } }, " +
-// "userPermissions { { " +
-// "protectedItems {entry, allUserAttributeTypesAndValues}, " +
-// "grantsAndDenials { grantModify, grantRead, grantBrowse } } } } }" );
-//
-// // should work now that billyd is authorized by name
-// assertTrue( checkCanModifyAs( "billyd", "billyd", "ou=testou", "867-5309" ) );
-// }
-//
-//
-// /**
-// * Checks to make sure subtree based userClass works for modify operations.
-// *
-// * @throws javax.naming.NamingException if the test encounters an error
-// */
-// public void testGrantModifyBySubtree() throws NamingException
-// {
-// // create the non-admin user
-// createUser( "billyd", "billyd" );
-//
-// // try a modify operation which should fail without any ACI
-// assertFalse( checkCanModifyAs( "billyd", "billyd", "ou=testou", "867-5309" ) );
-//
-// // now add a subentry that enables user billyd to modify an entry below ou=system
-// createAccessControlSubentry( "billyAddBySubtree", "{ " +
-// "identificationTag \"addAci\", " +
-// "precedence 14, " +
-// "authenticationLevel none, " +
-// "itemOrUserFirst userFirst: { " +
-// "userClasses { subtree { { base \"ou=users,ou=system\" } } }, " +
-// "userPermissions { { " +
-// "protectedItems {entry, allUserAttributeTypesAndValues}, " +
-// "grantsAndDenials { grantModify, grantRead, grantBrowse } } } } }" );
-//
-// // should work now that billyd is authorized by the subtree userClass
-// assertTrue( checkCanModifyAs( "billyd", "billyd", "ou=testou", "867-5309" ) );
-// }
-//
-//
-// /**
-// * Checks to make sure <b>allUsers</b> userClass works for modify operations.
-// *
-// * @throws javax.naming.NamingException if the test encounters an error
-// */
-// public void testGrantModifyAllUsers() throws NamingException
-// {
-// // create the non-admin user
-// createUser( "billyd", "billyd" );
-//
-// // try an add operation which should fail without any ACI
-// assertFalse( checkCanModifyAs( "billyd", "billyd", "ou=testou", "867-5309" ) );
-//
-// // now add a subentry that enables anyone to add an entry below ou=system
-// createAccessControlSubentry( "anybodyAdd", "{ " +
-// "identificationTag \"addAci\", " +
-// "precedence 14, " +
-// "authenticationLevel none, " +
-// "itemOrUserFirst userFirst: { " +
-// "userClasses { allUsers }, " +
-// "userPermissions { { " +
-// "protectedItems {entry, allUserAttributeTypesAndValues}, " +
-// "grantsAndDenials { grantModify, grantRead, grantBrowse } } } } }" );
-//
-// // see if we can now modify that test entry's number which we could not before
-// // should work with billyd now that all users are authorized
-// assertTrue( checkCanModifyAs( "billyd", "billyd", "ou=testou", "867-5309" ) );
-// }
+ // /**
+ // * Checks to make sure name based userClass works for modify operations.
+ // *
+ // * @throws javax.naming.NamingException if the test encounters an error
+ // */
+ // public void testGrantModifyByName() throws NamingException
+ // {
+ // // create the non-admin user
+ // createUser( "billyd", "billyd" );
+ //
+ // // try an modify operation which should fail without any ACI
+ // assertFalse( checkCanModifyAs( "billyd", "billyd", "ou=testou", "867-5309" ) );
+ //
+ // // now add a subentry that enables user billyd to modify an entry below ou=system
+ // createAccessControlSubentry( "billydAdd", "{ " +
+ // "identificationTag \"addAci\", " +
+ // "precedence 14, " +
+ // "authenticationLevel none, " +
+ // "itemOrUserFirst userFirst: { " +
+ // "userClasses { name { \"uid=billyd,ou=users,ou=system\" } }, " +
+ // "userPermissions { { " +
+ // "protectedItems {entry, allUserAttributeTypesAndValues}, " +
+ // "grantsAndDenials { grantModify, grantRead, grantBrowse } } } } }" );
+ //
+ // // should work now that billyd is authorized by name
+ // assertTrue( checkCanModifyAs( "billyd", "billyd", "ou=testou", "867-5309" ) );
+ // }
+ //
+ //
+ // /**
+ // * Checks to make sure subtree based userClass works for modify operations.
+ // *
+ // * @throws javax.naming.NamingException if the test encounters an error
+ // */
+ // public void testGrantModifyBySubtree() throws NamingException
+ // {
+ // // create the non-admin user
+ // createUser( "billyd", "billyd" );
+ //
+ // // try a modify operation which should fail without any ACI
+ // assertFalse( checkCanModifyAs( "billyd", "billyd", "ou=testou", "867-5309" ) );
+ //
+ // // now add a subentry that enables user billyd to modify an entry below ou=system
+ // createAccessControlSubentry( "billyAddBySubtree", "{ " +
+ // "identificationTag \"addAci\", " +
+ // "precedence 14, " +
+ // "authenticationLevel none, " +
+ // "itemOrUserFirst userFirst: { " +
+ // "userClasses { subtree { { base \"ou=users,ou=system\" } } }, " +
+ // "userPermissions { { " +
+ // "protectedItems {entry, allUserAttributeTypesAndValues}, " +
+ // "grantsAndDenials { grantModify, grantRead, grantBrowse } } } } }" );
+ //
+ // // should work now that billyd is authorized by the subtree userClass
+ // assertTrue( checkCanModifyAs( "billyd", "billyd", "ou=testou", "867-5309" ) );
+ // }
+ //
+ //
+ // /**
+ // * Checks to make sure <b>allUsers</b> userClass works for modify operations.
+ // *
+ // * @throws javax.naming.NamingException if the test encounters an error
+ // */
+ // public void testGrantModifyAllUsers() throws NamingException
+ // {
+ // // create the non-admin user
+ // createUser( "billyd", "billyd" );
+ //
+ // // try an add operation which should fail without any ACI
+ // assertFalse( checkCanModifyAs( "billyd", "billyd", "ou=testou", "867-5309" ) );
+ //
+ // // now add a subentry that enables anyone to add an entry below ou=system
+ // createAccessControlSubentry( "anybodyAdd", "{ " +
+ // "identificationTag \"addAci\", " +
+ // "precedence 14, " +
+ // "authenticationLevel none, " +
+ // "itemOrUserFirst userFirst: { " +
+ // "userClasses { allUsers }, " +
+ // "userPermissions { { " +
+ // "protectedItems {entry, allUserAttributeTypesAndValues}, " +
+ // "grantsAndDenials { grantModify, grantRead, grantBrowse } } } } }" );
+ //
+ // // see if we can now modify that test entry's number which we could not before
+ // // should work with billyd now that all users are authorized
+ // assertTrue( checkCanModifyAs( "billyd", "billyd", "ou=testou", "867-5309" ) );
+ // }
}
Modified: directory/sandbox/akarasulu/rc1/apacheds/core-unit/src/test/java/org/apache/directory/server/core/authz/MoveRenameAuthorizationTest.java
URL: http://svn.apache.org/viewcvs/directory/sandbox/akarasulu/rc1/apacheds/core-unit/src/test/java/org/apache/directory/server/core/authz/MoveRenameAuthorizationTest.java?rev=376623&r1=376622&r2=376623&view=diff
==============================================================================
--- directory/sandbox/akarasulu/rc1/apacheds/core-unit/src/test/java/org/apache/directory/server/core/authz/MoveRenameAuthorizationTest.java (original)
+++ directory/sandbox/akarasulu/rc1/apacheds/core-unit/src/test/java/org/apache/directory/server/core/authz/MoveRenameAuthorizationTest.java Fri Feb 10 02:48:07 2006
@@ -48,7 +48,7 @@
* @throws javax.naming.NamingException if there are problems conducting the test
*/
public boolean checkCanRenameAs( String uid, String password, String entryRdn, String newRdn )
- throws NamingException
+ throws NamingException
{
Attributes testEntry = new BasicAttributes( "ou", "testou", true );
Attribute objectClass = new BasicAttribute( "objectClass" );
@@ -62,7 +62,7 @@
// create the new entry as the admin user
adminContext.createSubcontext( entryRdn, testEntry );
- LdapName userName = new LdapName( "uid="+uid+",ou=users,ou=system" );
+ LdapName userName = new LdapName( "uid=" + uid + ",ou=users,ou=system" );
DirContext userContext = getContextAs( userName, password );
userContext.rename( entryRdn, newRdn );
@@ -99,15 +99,10 @@
assertFalse( checkCanRenameAs( "billyd", "billyd", "ou=testou", "ou=newname" ) );
// Gives grantRename perm to all users in the Administrators group for entries
- createAccessControlSubentry( "grantRenameByAdmin", "{ " +
- "identificationTag \"addAci\", " +
- "precedence 14, " +
- "authenticationLevel none, " +
- "itemOrUserFirst userFirst: { " +
- "userClasses { userGroup { \"cn=Administrators,ou=groups,ou=system\" } }, " +
- "userPermissions { { " +
- "protectedItems {entry}, " +
- "grantsAndDenials { grantRename, grantBrowse } } } } }" );
+ createAccessControlSubentry( "grantRenameByAdmin", "{ " + "identificationTag \"addAci\", " + "precedence 14, "
+ + "authenticationLevel none, " + "itemOrUserFirst userFirst: { "
+ + "userClasses { userGroup { \"cn=Administrators,ou=groups,ou=system\" } }, " + "userPermissions { { "
+ + "protectedItems {entry}, " + "grantsAndDenials { grantRename, grantBrowse } } } } }" );
// see if we can now rename that test entry which we could not before
// rename op should still fail since billyd is not in the admin group
@@ -136,15 +131,11 @@
// Gives grantRename, grantImport, grantExport perm to all users in the Administrators
// group for entries - browse is needed just to read navigate the tree at root
- createAccessControlSubentry( "grantRenameMoveByAdmin", "{ " +
- "identificationTag \"addAci\", " +
- "precedence 14, " +
- "authenticationLevel none, " +
- "itemOrUserFirst userFirst: { " +
- "userClasses { userGroup { \"cn=Administrators,ou=groups,ou=system\" } }, " +
- "userPermissions { { " +
- "protectedItems {entry}, " +
- "grantsAndDenials { grantExport, grantImport, grantRename, grantBrowse } } } } }" );
+ createAccessControlSubentry( "grantRenameMoveByAdmin", "{ " + "identificationTag \"addAci\", "
+ + "precedence 14, " + "authenticationLevel none, " + "itemOrUserFirst userFirst: { "
+ + "userClasses { userGroup { \"cn=Administrators,ou=groups,ou=system\" } }, " + "userPermissions { { "
+ + "protectedItems {entry}, "
+ + "grantsAndDenials { grantExport, grantImport, grantRename, grantBrowse } } } } }" );
// see if we can move and rename the test entry which we could not before
// op should still fail since billyd is not in the admin group
@@ -172,15 +163,10 @@
assertFalse( checkCanRenameAs( "billyd", "billyd", "ou=testou,ou=users", "ou=testou,ou=groups" ) );
// Gives grantImport, and grantExport perm to all users in the Administrators group for entries
- createAccessControlSubentry( "grantMoveByAdmin", "{ " +
- "identificationTag \"addAci\", " +
- "precedence 14, " +
- "authenticationLevel none, " +
- "itemOrUserFirst userFirst: { " +
- "userClasses { userGroup { \"cn=Administrators,ou=groups,ou=system\" } }, " +
- "userPermissions { { " +
- "protectedItems {entry}, " +
- "grantsAndDenials { grantExport, grantImport, grantBrowse } } } } }" );
+ createAccessControlSubentry( "grantMoveByAdmin", "{ " + "identificationTag \"addAci\", " + "precedence 14, "
+ + "authenticationLevel none, " + "itemOrUserFirst userFirst: { "
+ + "userClasses { userGroup { \"cn=Administrators,ou=groups,ou=system\" } }, " + "userPermissions { { "
+ + "protectedItems {entry}, " + "grantsAndDenials { grantExport, grantImport, grantBrowse } } } } }" );
// see if we can now move that test entry which we could not before
// op should still fail since billyd is not in the admin group
@@ -218,15 +204,10 @@
assertFalse( checkCanRenameAs( "billyd", "billyd", "ou=testou", "ou=newname" ) );
// Gives grantRename perm specifically to the billyd user
- createAccessControlSubentry( "grantRenameByName", "{ " +
- "identificationTag \"addAci\", " +
- "precedence 14, " +
- "authenticationLevel none, " +
- "itemOrUserFirst userFirst: { " +
- "userClasses { name { \"uid=billyd,ou=users,ou=system\" } }, " +
- "userPermissions { { " +
- "protectedItems {entry}, " +
- "grantsAndDenials { grantRename, grantBrowse } } } } }" );
+ createAccessControlSubentry( "grantRenameByName", "{ " + "identificationTag \"addAci\", " + "precedence 14, "
+ + "authenticationLevel none, " + "itemOrUserFirst userFirst: { "
+ + "userClasses { name { \"uid=billyd,ou=users,ou=system\" } }, " + "userPermissions { { "
+ + "protectedItems {entry}, " + "grantsAndDenials { grantRename, grantBrowse } } } } }" );
// try a rename operation which should succeed with ACI
assertTrue( checkCanRenameAs( "billyd", "billyd", "ou=testou", "ou=newname" ) );
@@ -246,15 +227,11 @@
assertFalse( checkCanRenameAs( "billyd", "billyd", "ou=testou,ou=users", "ou=newname,ou=groups" ) );
// Gives grantRename, grantImport, grantExport perm to billyd user on entries
- createAccessControlSubentry( "grantRenameMoveByName", "{ " +
- "identificationTag \"addAci\", " +
- "precedence 14, " +
- "authenticationLevel none, " +
- "itemOrUserFirst userFirst: { " +
- "userClasses { name { \"uid=billyd,ou=users,ou=system\" } }, " +
- "userPermissions { { " +
- "protectedItems {entry}, " +
- "grantsAndDenials { grantExport, grantImport, grantRename, grantBrowse } } } } }" );
+ createAccessControlSubentry( "grantRenameMoveByName", "{ " + "identificationTag \"addAci\", "
+ + "precedence 14, " + "authenticationLevel none, " + "itemOrUserFirst userFirst: { "
+ + "userClasses { name { \"uid=billyd,ou=users,ou=system\" } }, " + "userPermissions { { "
+ + "protectedItems {entry}, "
+ + "grantsAndDenials { grantExport, grantImport, grantRename, grantBrowse } } } } }" );
// try move w/ rdn change which should succeed with ACI
assertTrue( checkCanRenameAs( "billyd", "billyd", "ou=testou,ou=users", "ou=newname,ou=groups" ) );
@@ -274,15 +251,10 @@
assertFalse( checkCanRenameAs( "billyd", "billyd", "ou=testou,ou=users", "ou=testou,ou=groups" ) );
// Gives grantImport, and grantExport perm to billyd user for entries
- createAccessControlSubentry( "grantMoveByName", "{ " +
- "identificationTag \"addAci\", " +
- "precedence 14, " +
- "authenticationLevel none, " +
- "itemOrUserFirst userFirst: { " +
- "userClasses { name { \"uid=billyd,ou=users,ou=system\" } }, " +
- "userPermissions { { " +
- "protectedItems {entry}, " +
- "grantsAndDenials { grantExport, grantImport, grantBrowse } } } } }" );
+ createAccessControlSubentry( "grantMoveByName", "{ " + "identificationTag \"addAci\", " + "precedence 14, "
+ + "authenticationLevel none, " + "itemOrUserFirst userFirst: { "
+ + "userClasses { name { \"uid=billyd,ou=users,ou=system\" } }, " + "userPermissions { { "
+ + "protectedItems {entry}, " + "grantsAndDenials { grantExport, grantImport, grantBrowse } } } } }" );
// try move operation which should succeed with ACI
assertTrue( checkCanRenameAs( "billyd", "billyd", "ou=testou,ou=users", "ou=testou,ou=groups" ) );
@@ -312,15 +284,10 @@
assertFalse( checkCanRenameAs( "billyd", "billyd", "ou=testou", "ou=newname" ) );
// Gives grantRename perm for entries to those users selected by the subtree
- createAccessControlSubentry( "grantRenameByTree", "{ " +
- "identificationTag \"addAci\", " +
- "precedence 14, " +
- "authenticationLevel none, " +
- "itemOrUserFirst userFirst: { " +
- "userClasses { subtree { { base \"ou=users,ou=system\" } } }, " +
- "userPermissions { { " +
- "protectedItems {entry}, " +
- "grantsAndDenials { grantRename, grantBrowse } } } } }" );
+ createAccessControlSubentry( "grantRenameByTree", "{ " + "identificationTag \"addAci\", " + "precedence 14, "
+ + "authenticationLevel none, " + "itemOrUserFirst userFirst: { "
+ + "userClasses { subtree { { base \"ou=users,ou=system\" } } }, " + "userPermissions { { "
+ + "protectedItems {entry}, " + "grantsAndDenials { grantRename, grantBrowse } } } } }" );
// try a rename operation which should succeed with ACI
assertTrue( checkCanRenameAs( "billyd", "billyd", "ou=testou", "ou=newname" ) );
@@ -340,15 +307,11 @@
assertFalse( checkCanRenameAs( "billyd", "billyd", "ou=testou,ou=users", "ou=newname,ou=groups" ) );
// Gives grantRename, grantImport, grantExport for entries to users selected by subtree
- createAccessControlSubentry( "grantRenameMoveByTree", "{ " +
- "identificationTag \"addAci\", " +
- "precedence 14, " +
- "authenticationLevel none, " +
- "itemOrUserFirst userFirst: { " +
- "userClasses { subtree { { base \"ou=users,ou=system\" } } }, " +
- "userPermissions { { " +
- "protectedItems {entry}, " +
- "grantsAndDenials { grantExport, grantImport, grantRename, grantBrowse } } } } }" );
+ createAccessControlSubentry( "grantRenameMoveByTree", "{ " + "identificationTag \"addAci\", "
+ + "precedence 14, " + "authenticationLevel none, " + "itemOrUserFirst userFirst: { "
+ + "userClasses { subtree { { base \"ou=users,ou=system\" } } }, " + "userPermissions { { "
+ + "protectedItems {entry}, "
+ + "grantsAndDenials { grantExport, grantImport, grantRename, grantBrowse } } } } }" );
// try move w/ rdn change which should succeed with ACI
assertTrue( checkCanRenameAs( "billyd", "billyd", "ou=testou,ou=users", "ou=newname,ou=groups" ) );
@@ -368,15 +331,10 @@
assertFalse( checkCanRenameAs( "billyd", "billyd", "ou=testou,ou=users", "ou=testou,ou=groups" ) );
// Gives grantImport, and grantExport perm for entries to subtree selected users
- createAccessControlSubentry( "grantMoveByTree", "{ " +
- "identificationTag \"addAci\", " +
- "precedence 14, " +
- "authenticationLevel none, " +
- "itemOrUserFirst userFirst: { " +
- "userClasses { subtree { { base \"ou=users,ou=system\" } } }, " +
- "userPermissions { { " +
- "protectedItems {entry}, " +
- "grantsAndDenials { grantExport, grantImport, grantBrowse } } } } }" );
+ createAccessControlSubentry( "grantMoveByTree", "{ " + "identificationTag \"addAci\", " + "precedence 14, "
+ + "authenticationLevel none, " + "itemOrUserFirst userFirst: { "
+ + "userClasses { subtree { { base \"ou=users,ou=system\" } } }, " + "userPermissions { { "
+ + "protectedItems {entry}, " + "grantsAndDenials { grantExport, grantImport, grantBrowse } } } } }" );
// try move operation which should succeed with ACI
assertTrue( checkCanRenameAs( "billyd", "billyd", "ou=testou,ou=users", "ou=testou,ou=groups" ) );
@@ -406,15 +364,10 @@
assertFalse( checkCanRenameAs( "billyd", "billyd", "ou=testou", "ou=newname" ) );
// Gives grantRename perm for entries to any user
- createAccessControlSubentry( "grantRenameByAny", "{ " +
- "identificationTag \"addAci\", " +
- "precedence 14, " +
- "authenticationLevel none, " +
- "itemOrUserFirst userFirst: { " +
- "userClasses { allUsers }, " +
- "userPermissions { { " +
- "protectedItems {entry}, " +
- "grantsAndDenials { grantRename, grantBrowse } } } } }" );
+ createAccessControlSubentry( "grantRenameByAny", "{ " + "identificationTag \"addAci\", " + "precedence 14, "
+ + "authenticationLevel none, " + "itemOrUserFirst userFirst: { " + "userClasses { allUsers }, "
+ + "userPermissions { { " + "protectedItems {entry}, "
+ + "grantsAndDenials { grantRename, grantBrowse } } } } }" );
// try a rename operation which should succeed with ACI
assertTrue( checkCanRenameAs( "billyd", "billyd", "ou=testou", "ou=newname" ) );
@@ -434,15 +387,10 @@
assertFalse( checkCanRenameAs( "billyd", "billyd", "ou=testou,ou=users", "ou=newname,ou=groups" ) );
// Gives grantRename, grantImport, grantExport for entries to any user
- createAccessControlSubentry( "grantRenameMoveByAny", "{ " +
- "identificationTag \"addAci\", " +
- "precedence 14, " +
- "authenticationLevel none, " +
- "itemOrUserFirst userFirst: { " +
- "userClasses { allUsers }, " +
- "userPermissions { { " +
- "protectedItems {entry}, " +
- "grantsAndDenials { grantExport, grantImport, grantRename, grantBrowse } } } } }" );
+ createAccessControlSubentry( "grantRenameMoveByAny", "{ " + "identificationTag \"addAci\", "
+ + "precedence 14, " + "authenticationLevel none, " + "itemOrUserFirst userFirst: { "
+ + "userClasses { allUsers }, " + "userPermissions { { " + "protectedItems {entry}, "
+ + "grantsAndDenials { grantExport, grantImport, grantRename, grantBrowse } } } } }" );
// try move w/ rdn change which should succeed with ACI
assertTrue( checkCanRenameAs( "billyd", "billyd", "ou=testou,ou=users", "ou=newname,ou=groups" ) );
@@ -462,15 +410,10 @@
assertFalse( checkCanRenameAs( "billyd", "billyd", "ou=testou,ou=users", "ou=testou,ou=groups" ) );
// Gives grantImport, and grantExport perm for entries to any user
- createAccessControlSubentry( "grantMoveByAny", "{ " +
- "identificationTag \"addAci\", " +
- "precedence 14, " +
- "authenticationLevel none, " +
- "itemOrUserFirst userFirst: { " +
- "userClasses { allUsers }, " +
- "userPermissions { { " +
- "protectedItems {entry}, " +
- "grantsAndDenials { grantExport, grantImport, grantBrowse } } } } }" );
+ createAccessControlSubentry( "grantMoveByAny", "{ " + "identificationTag \"addAci\", " + "precedence 14, "
+ + "authenticationLevel none, " + "itemOrUserFirst userFirst: { " + "userClasses { allUsers }, "
+ + "userPermissions { { " + "protectedItems {entry}, "
+ + "grantsAndDenials { grantExport, grantImport, grantBrowse } } } } }" );
// try move operation which should succeed with ACI
assertTrue( checkCanRenameAs( "billyd", "billyd", "ou=testou,ou=users", "ou=testou,ou=groups" ) );
Modified: directory/sandbox/akarasulu/rc1/apacheds/core-unit/src/test/java/org/apache/directory/server/core/authz/SearchAuthorizationTest.java
URL: http://svn.apache.org/viewcvs/directory/sandbox/akarasulu/rc1/apacheds/core-unit/src/test/java/org/apache/directory/server/core/authz/SearchAuthorizationTest.java?rev=376623&r1=376622&r2=376623&view=diff
==============================================================================
--- directory/sandbox/akarasulu/rc1/apacheds/core-unit/src/test/java/org/apache/directory/server/core/authz/SearchAuthorizationTest.java (original)
+++ directory/sandbox/akarasulu/rc1/apacheds/core-unit/src/test/java/org/apache/directory/server/core/authz/SearchAuthorizationTest.java Fri Feb 10 02:48:07 2006
@@ -48,6 +48,7 @@
*/
private Map results = new HashMap();
+
/**
* Generates a set of simple organizationalUnit entries where the
* ou of the entry returned is the index of the entry in the array.
@@ -77,7 +78,7 @@
private void recursivelyAddSearchData( Name parent, Attributes[] children, final int sizeLimit, int[] count )
- throws NamingException
+ throws NamingException
{
Name[] childRdns = new Name[children.length];
for ( int ii = 0; ii < children.length && count[0] < sizeLimit; ii++ )
@@ -118,8 +119,9 @@
{
parent = ( Name ) parent.clone();
parent.add( "ou=tests" );
- sysRoot.createSubcontext( parent, getTestNodes(1)[0] );
- recursivelyAddSearchData( parent, getTestNodes( branchingFactor ), sizelimit, new int[] { 1 } );
+ sysRoot.createSubcontext( parent, getTestNodes( 1 )[0] );
+ recursivelyAddSearchData( parent, getTestNodes( branchingFactor ), sizelimit, new int[]
+ { 1 } );
return parent;
}
@@ -188,7 +190,7 @@
* @throws NamingException if there are problems conducting the search
*/
private boolean checkCanSearchAs( String uid, String password, SearchControls cons, int resultSetSz )
- throws NamingException
+ throws NamingException
{
return checkCanSearchAs( uid, password, "(objectClass=*)", cons, resultSetSz );
}
@@ -205,8 +207,8 @@
* @return true if the search succeeds as expected, false otherwise
* @throws NamingException if there are problems conducting the search
*/
- private boolean checkCanSearchAs( String uid, String password, String filter,
- SearchControls cons, int resultSetSz ) throws NamingException
+ private boolean checkCanSearchAs( String uid, String password, String filter, SearchControls cons, int resultSetSz )
+ throws NamingException
{
if ( cons == null )
{
@@ -214,7 +216,7 @@
}
Name base = addSearchData( new LdapName(), 3, 10 );
- Name userDn = new LdapName( "uid="+uid+",ou=users,ou=system" );
+ Name userDn = new LdapName( "uid=" + uid + ",ou=users,ou=system" );
try
{
results.clear();
@@ -249,9 +251,8 @@
* @return true if the search succeeds as expected, false otherwise
* @throws NamingException if there are problems conducting the search
*/
- private boolean checkSearchAsWithEntryACI( String uid, String password, SearchControls cons, Name rdn,
- String aci, int resultSetSz )
- throws NamingException
+ private boolean checkSearchAsWithEntryACI( String uid, String password, SearchControls cons, Name rdn, String aci,
+ int resultSetSz ) throws NamingException
{
if ( cons == null )
{
@@ -260,7 +261,7 @@
Name base = addSearchData( new LdapName(), 3, 10 );
addEntryACI( rdn, aci );
- Name userDn = new LdapName( "uid="+uid+",ou=users,ou=system" );
+ Name userDn = new LdapName( "uid=" + uid + ",ou=users,ou=system" );
try
{
results.clear();
@@ -308,7 +309,14 @@
assertEquals( 10, counter );
recursivelyDelete( base );
- try { sysRoot.lookup( base ); fail(); } catch ( LdapNameNotFoundException e ) {}
+ try
+ {
+ sysRoot.lookup( base );
+ fail();
+ }
+ catch ( LdapNameNotFoundException e )
+ {
+ }
}
@@ -316,7 +324,6 @@
// All or nothing search ACI rule tests
// -----------------------------------------------------------------------
-
/**
* Checks to make sure group membership based userClass works for add operations.
*
@@ -332,15 +339,11 @@
// Gives search perms to all users in the Administrators group for
// entries and all attribute types and values
- createAccessControlSubentry( "searchAdmin", "{ " +
- "identificationTag \"searchAci\", " +
- "precedence 14, " +
- "authenticationLevel none, " +
- "itemOrUserFirst userFirst: { " +
- "userClasses { userGroup { \"cn=Administrators,ou=groups,ou=system\" } }, " +
- "userPermissions { { " +
- "protectedItems {entry, allUserAttributeTypesAndValues}, " +
- "grantsAndDenials { grantRead, grantReturnDN, grantBrowse } } } } }" );
+ createAccessControlSubentry( "searchAdmin", "{ " + "identificationTag \"searchAci\", " + "precedence 14, "
+ + "authenticationLevel none, " + "itemOrUserFirst userFirst: { "
+ + "userClasses { userGroup { \"cn=Administrators,ou=groups,ou=system\" } }, " + "userPermissions { { "
+ + "protectedItems {entry, allUserAttributeTypesAndValues}, "
+ + "grantsAndDenials { grantRead, grantReturnDN, grantBrowse } } } } }" );
// see if we can now add that test entry which we could not before
// add op should still fail since billd is not in the admin group
@@ -368,15 +371,11 @@
assertFalse( checkCanSearchAs( "billyd", "billyd" ) );
// now add a subentry that enables user billyd to add an entry below ou=system
- createAccessControlSubentry( "billydSearch", "{ " +
- "identificationTag \"searchAci\", " +
- "precedence 14, " +
- "authenticationLevel none, " +
- "itemOrUserFirst userFirst: { " +
- "userClasses { name { \"uid=billyd,ou=users,ou=system\" } }, " +
- "userPermissions { { " +
- "protectedItems {entry, allUserAttributeTypesAndValues}, " +
- "grantsAndDenials { grantRead, grantReturnDN, grantBrowse } } } } }" );
+ createAccessControlSubentry( "billydSearch", "{ " + "identificationTag \"searchAci\", " + "precedence 14, "
+ + "authenticationLevel none, " + "itemOrUserFirst userFirst: { "
+ + "userClasses { name { \"uid=billyd,ou=users,ou=system\" } }, " + "userPermissions { { "
+ + "protectedItems {entry, allUserAttributeTypesAndValues}, "
+ + "grantsAndDenials { grantRead, grantReturnDN, grantBrowse } } } } }" );
// should work now that billyd is authorized by name
assertTrue( checkCanSearchAs( "billyd", "billyd" ) );
@@ -398,15 +397,11 @@
assertFalse( checkCanSearchAs( "BillyD", "billyd" ) );
// now add a subentry that enables user billyd to add an entry below ou=system
- createAccessControlSubentry( "billydSearch", "{ " +
- "identificationTag \"searchAci\", " +
- "precedence 14, " +
- "authenticationLevel none, " +
- "itemOrUserFirst userFirst: { " +
- "userClasses { name { \"uid=billyd,ou=users,ou=system\" } }, " +
- "userPermissions { { " +
- "protectedItems {entry, allUserAttributeTypesAndValues}, " +
- "grantsAndDenials { grantRead, grantReturnDN, grantBrowse } } } } }" );
+ createAccessControlSubentry( "billydSearch", "{ " + "identificationTag \"searchAci\", " + "precedence 14, "
+ + "authenticationLevel none, " + "itemOrUserFirst userFirst: { "
+ + "userClasses { name { \"uid=billyd,ou=users,ou=system\" } }, " + "userPermissions { { "
+ + "protectedItems {entry, allUserAttributeTypesAndValues}, "
+ + "grantsAndDenials { grantRead, grantReturnDN, grantBrowse } } } } }" );
// should work now that billyd is authorized by name
assertTrue( checkCanSearchAs( "BillyD", "billyd" ) );
@@ -427,15 +422,11 @@
assertFalse( checkCanSearchAs( "billyd", "billyd" ) );
// now add a subentry that enables user billyd to add an entry below ou=system
- createAccessControlSubentry( "billySearchBySubtree", "{ " +
- "identificationTag \"searchAci\", " +
- "precedence 14, " +
- "authenticationLevel none, " +
- "itemOrUserFirst userFirst: { " +
- "userClasses { subtree { { base \"ou=users,ou=system\" } } }, " +
- "userPermissions { { " +
- "protectedItems {entry, allUserAttributeTypesAndValues}, " +
- "grantsAndDenials { grantRead, grantReturnDN, grantBrowse } } } } }" );
+ createAccessControlSubentry( "billySearchBySubtree", "{ " + "identificationTag \"searchAci\", "
+ + "precedence 14, " + "authenticationLevel none, " + "itemOrUserFirst userFirst: { "
+ + "userClasses { subtree { { base \"ou=users,ou=system\" } } }, " + "userPermissions { { "
+ + "protectedItems {entry, allUserAttributeTypesAndValues}, "
+ + "grantsAndDenials { grantRead, grantReturnDN, grantBrowse } } } } }" );
// should work now that billyd is authorized by the subtree userClass
assertTrue( checkCanSearchAs( "billyd", "billyd" ) );
@@ -456,15 +447,10 @@
assertFalse( checkCanSearchAs( "billyd", "billyd" ) );
// now add a subentry that enables anyone to search an entry below ou=system
- createAccessControlSubentry( "anybodySearch", "{ " +
- "identificationTag \"searchAci\", " +
- "precedence 14, " +
- "authenticationLevel none, " +
- "itemOrUserFirst userFirst: { " +
- "userClasses { allUsers }, " +
- "userPermissions { { " +
- "protectedItems {entry, allUserAttributeTypesAndValues}, " +
- "grantsAndDenials { grantRead, grantReturnDN, grantBrowse } } } } }" );
+ createAccessControlSubentry( "anybodySearch", "{ " + "identificationTag \"searchAci\", " + "precedence 14, "
+ + "authenticationLevel none, " + "itemOrUserFirst userFirst: { " + "userClasses { allUsers }, "
+ + "userPermissions { { " + "protectedItems {entry, allUserAttributeTypesAndValues}, "
+ + "grantsAndDenials { grantRead, grantReturnDN, grantBrowse } } } } }" );
// see if we can now search that tree which we could not before
// should work now with billyd now that all users are authorized
@@ -476,7 +462,6 @@
//
// -----------------------------------------------------------------------
-
/**
* Checks to make sure search does not return entries not assigned the
* perscriptiveACI and that it does not fail with an exception.
@@ -495,17 +480,11 @@
// now add a subentry that enables anyone to add an entry below ou=system
// down two more rdns for DNs of a max size of 3
- createAccessControlSubentry( "anybodySearch",
- "{ maximum 2 }",
- "{ " +
- "identificationTag \"searchAci\", " +
- "precedence 14, " +
- "authenticationLevel none, " +
- "itemOrUserFirst userFirst: { " +
- "userClasses { allUsers }, " +
- "userPermissions { { " +
- "protectedItems {entry, allUserAttributeTypesAndValues}, " +
- "grantsAndDenials { grantRead, grantReturnDN, grantBrowse } } } } }" );
+ createAccessControlSubentry( "anybodySearch", "{ maximum 2 }", "{ " + "identificationTag \"searchAci\", "
+ + "precedence 14, " + "authenticationLevel none, " + "itemOrUserFirst userFirst: { "
+ + "userClasses { allUsers }, " + "userPermissions { { "
+ + "protectedItems {entry, allUserAttributeTypesAndValues}, "
+ + "grantsAndDenials { grantRead, grantReturnDN, grantBrowse } } } } }" );
// see if we can now add that test entry which we could not before
// should work now with billyd now that all users are authorized
@@ -532,17 +511,11 @@
// now add a subentry that enables anyone to search an entry below ou=system
// down two more rdns for DNs of a max size of 3. It only grants access to
// the ou and objectClass attributes however.
- createAccessControlSubentry( "excluseTelephoneNumber",
- "{ maximum 2 }",
- "{ " +
- "identificationTag \"searchAci\", " +
- "precedence 14, " +
- "authenticationLevel none, " +
- "itemOrUserFirst userFirst: { " +
- "userClasses { allUsers }, " +
- "userPermissions { { " +
- "protectedItems {entry, allAttributeValues { ou, objectClass } }, " +
- "grantsAndDenials { grantRead, grantReturnDN, grantBrowse } } } } }" );
+ createAccessControlSubentry( "excluseTelephoneNumber", "{ maximum 2 }", "{ "
+ + "identificationTag \"searchAci\", " + "precedence 14, " + "authenticationLevel none, "
+ + "itemOrUserFirst userFirst: { " + "userClasses { allUsers }, " + "userPermissions { { "
+ + "protectedItems {entry, allAttributeValues { ou, objectClass } }, "
+ + "grantsAndDenials { grantRead, grantReturnDN, grantBrowse } } } } }" );
// see if we can now add that search and find 4 entries
assertTrue( checkCanSearchAs( "billyd", "billyd", cons, 4 ) );
@@ -561,17 +534,11 @@
// now add a subentry that enables anyone to search an entry below ou=system
// down two more rdns for DNs of a max size of 3. This time we should be able
// to see the telephoneNumber attribute
- createAccessControlSubentry( "includeAllAttributeTypesAndValues",
- "{ maximum 2 }",
- "{ " +
- "identificationTag \"searchAci\", " +
- "precedence 14, " +
- "authenticationLevel none, " +
- "itemOrUserFirst userFirst: { " +
- "userClasses { allUsers }, " +
- "userPermissions { { " +
- "protectedItems {entry, allUserAttributeTypesAndValues }, " +
- "grantsAndDenials { grantRead, grantReturnDN, grantBrowse } } } } }" );
+ createAccessControlSubentry( "includeAllAttributeTypesAndValues", "{ maximum 2 }", "{ "
+ + "identificationTag \"searchAci\", " + "precedence 14, " + "authenticationLevel none, "
+ + "itemOrUserFirst userFirst: { " + "userClasses { allUsers }, " + "userPermissions { { "
+ + "protectedItems {entry, allUserAttributeTypesAndValues }, "
+ + "grantsAndDenials { grantRead, grantReturnDN, grantBrowse } } } } }" );
// again we should find four entries
assertTrue( checkCanSearchAs( "billyd", "billyd", cons, 4 ) );
@@ -603,17 +570,18 @@
// now add a subentry that enables anyone to search an entry below ou=system
// down two more rdns for DNs of a max size of 3. It only grants access to
// the ou and objectClass attributes however.
- createAccessControlSubentry( "excluseOUValue",
- "{ maximum 2 }",
- "{ " +
- "identificationTag \"searchAci\", " +
- "precedence 14, " +
- "authenticationLevel none, " +
- "itemOrUserFirst userFirst: { " +
- "userClasses { allUsers }, " +
- "userPermissions { { " +
- "protectedItems {entry, attributeType { ou }, allAttributeValues { objectClass }, attributeValue { ou=0, ou=1, ou=2 } }, " +
- "grantsAndDenials { grantRead, grantReturnDN, grantBrowse } } } } }" );
+ createAccessControlSubentry(
+ "excluseOUValue",
+ "{ maximum 2 }",
+ "{ "
+ + "identificationTag \"searchAci\", "
+ + "precedence 14, "
+ + "authenticationLevel none, "
+ + "itemOrUserFirst userFirst: { "
+ + "userClasses { allUsers }, "
+ + "userPermissions { { "
+ + "protectedItems {entry, attributeType { ou }, allAttributeValues { objectClass }, attributeValue { ou=0, ou=1, ou=2 } }, "
+ + "grantsAndDenials { grantRead, grantReturnDN, grantBrowse } } } } }" );
// see if we can now add that search and find 4 entries
assertTrue( checkCanSearchAs( "billyd", "billyd", 3 ) );
@@ -632,17 +600,11 @@
// now add a subentry that enables anyone to search an entry below ou=system
// down two more rdns for DNs of a max size of 3. This time we should be able
// to see the telephoneNumber attribute
- createAccessControlSubentry( "includeAllAttributeTypesAndValues",
- "{ maximum 2 }",
- "{ " +
- "identificationTag \"searchAci\", " +
- "precedence 14, " +
- "authenticationLevel none, " +
- "itemOrUserFirst userFirst: { " +
- "userClasses { allUsers }, " +
- "userPermissions { { " +
- "protectedItems {entry, allUserAttributeTypesAndValues }, " +
- "grantsAndDenials { grantRead, grantReturnDN, grantBrowse } } } } }" );
+ createAccessControlSubentry( "includeAllAttributeTypesAndValues", "{ maximum 2 }", "{ "
+ + "identificationTag \"searchAci\", " + "precedence 14, " + "authenticationLevel none, "
+ + "itemOrUserFirst userFirst: { " + "userClasses { allUsers }, " + "userPermissions { { "
+ + "protectedItems {entry, allUserAttributeTypesAndValues }, "
+ + "grantsAndDenials { grantRead, grantReturnDN, grantBrowse } } } } }" );
// again we should find four entries
assertTrue( checkCanSearchAs( "billyd", "billyd", 3 ) );
@@ -670,15 +632,10 @@
createUser( "billyd", "billyd" );
// now add an entryACI denies browse, read and returnDN to a specific entry
- String aci = "{ " +
- "identificationTag \"denyAci\", " +
- "precedence 14, " +
- "authenticationLevel none, " +
- "itemOrUserFirst userFirst: { " +
- "userClasses { allUsers }, " +
- "userPermissions { { " +
- "protectedItems {entry, allUserAttributeTypesAndValues}, " +
- "grantsAndDenials { denyRead, denyReturnDN, denyBrowse } } } } }";
+ String aci = "{ " + "identificationTag \"denyAci\", " + "precedence 14, " + "authenticationLevel none, "
+ + "itemOrUserFirst userFirst: { " + "userClasses { allUsers }, " + "userPermissions { { "
+ + "protectedItems {entry, allUserAttributeTypesAndValues}, "
+ + "grantsAndDenials { denyRead, denyReturnDN, denyBrowse } } } } }";
// try a search operation which should fail without any prescriptive ACI
SearchControls cons = new SearchControls();
@@ -687,15 +644,10 @@
assertFalse( checkSearchAsWithEntryACI( "billyd", "billyd", cons, rdn, aci, 9 ) );
// now add a subentry that enables anyone to search below ou=system
- createAccessControlSubentry( "anybodySearch", "{ " +
- "identificationTag \"searchAci\", " +
- "precedence 14, " +
- "authenticationLevel none, " +
- "itemOrUserFirst userFirst: { " +
- "userClasses { allUsers }, " +
- "userPermissions { { " +
- "protectedItems {entry, allUserAttributeTypesAndValues}, " +
- "grantsAndDenials { grantRead, grantReturnDN, grantBrowse } } } } }" );
+ createAccessControlSubentry( "anybodySearch", "{ " + "identificationTag \"searchAci\", " + "precedence 14, "
+ + "authenticationLevel none, " + "itemOrUserFirst userFirst: { " + "userClasses { allUsers }, "
+ + "userPermissions { { " + "protectedItems {entry, allUserAttributeTypesAndValues}, "
+ + "grantsAndDenials { grantRead, grantReturnDN, grantBrowse } } } } }" );
// see if we can now search the tree which we could not before
// should work with billyd now that all users are authorized
@@ -723,15 +675,10 @@
createUser( "billyd", "billyd" );
// now add an entryACI denies browse, read and returnDN to a specific entry
- String aci = "{ " +
- "identificationTag \"denyAci\", " +
- "precedence 14, " +
- "authenticationLevel none, " +
- "itemOrUserFirst userFirst: { " +
- "userClasses { allUsers }, " +
- "userPermissions { { " +
- "protectedItems {entry, allUserAttributeTypesAndValues}, " +
- "grantsAndDenials { denyRead, denyReturnDN, denyBrowse } } } } }";
+ String aci = "{ " + "identificationTag \"denyAci\", " + "precedence 14, " + "authenticationLevel none, "
+ + "itemOrUserFirst userFirst: { " + "userClasses { allUsers }, " + "userPermissions { { "
+ + "protectedItems {entry, allUserAttributeTypesAndValues}, "
+ + "grantsAndDenials { denyRead, denyReturnDN, denyBrowse } } } } }";
// try a search operation which should fail without any prescriptive ACI
SearchControls cons = new SearchControls();
@@ -740,15 +687,10 @@
assertFalse( checkSearchAsWithEntryACI( "billyd", "billyd", cons, rdn, aci, 9 ) );
// now add a subentry that enables anyone to search below ou=system
- createAccessControlSubentry( "anybodySearch", "{ " +
- "identificationTag \"searchAci\", " +
- "precedence 15, " +
- "authenticationLevel none, " +
- "itemOrUserFirst userFirst: { " +
- "userClasses { allUsers }, " +
- "userPermissions { { " +
- "protectedItems {entry, allUserAttributeTypesAndValues}, " +
- "grantsAndDenials { grantRead, grantReturnDN, grantBrowse } } } } }" );
+ createAccessControlSubentry( "anybodySearch", "{ " + "identificationTag \"searchAci\", " + "precedence 15, "
+ + "authenticationLevel none, " + "itemOrUserFirst userFirst: { " + "userClasses { allUsers }, "
+ + "userPermissions { { " + "protectedItems {entry, allUserAttributeTypesAndValues}, "
+ + "grantsAndDenials { grantRead, grantReturnDN, grantBrowse } } } } }" );
// see if we can now search the tree which we could not before
// should work with billyd now that all users are authorized
@@ -760,15 +702,10 @@
// now add an entryACI denies browse, read and returnDN to a specific entry
// but this time the precedence will be higher than that of the grant
- aci = "{ " +
- "identificationTag \"denyAci\", " +
- "precedence 16, " +
- "authenticationLevel none, " +
- "itemOrUserFirst userFirst: { " +
- "userClasses { allUsers }, " +
- "userPermissions { { " +
- "protectedItems {entry, allUserAttributeTypesAndValues}, " +
- "grantsAndDenials { denyRead, denyReturnDN, denyBrowse } } } } }";
+ aci = "{ " + "identificationTag \"denyAci\", " + "precedence 16, " + "authenticationLevel none, "
+ + "itemOrUserFirst userFirst: { " + "userClasses { allUsers }, " + "userPermissions { { "
+ + "protectedItems {entry, allUserAttributeTypesAndValues}, "
+ + "grantsAndDenials { denyRead, denyReturnDN, denyBrowse } } } } }";
// see if we can now search the tree which we could not before
// should work with billyd now that all users are authorized
@@ -791,7 +728,7 @@
*/
private SearchResult checkCanSearhSubentryAs( String uid, String password, Name rdn ) throws NamingException
{
- DirContext userCtx = getContextAs( new LdapName( "uid="+uid+",ou=users,ou=system" ), password );
+ DirContext userCtx = getContextAs( new LdapName( "uid=" + uid + ",ou=users,ou=system" ), password );
SearchControls cons = new SearchControls();
cons.setSearchScope( SearchControls.OBJECT_SCOPE );
SearchResult result = null;
@@ -812,7 +749,10 @@
}
finally
{
- if ( list != null ) { list.close(); }
+ if ( list != null )
+ {
+ list.close();
+ }
}
return result;
@@ -825,53 +765,37 @@
createUser( "billyd", "billyd" );
// now add a subentry that enables anyone to search below ou=system
- createAccessControlSubentry( "anybodySearch", "{ " +
- "identificationTag \"searchAci\", " +
- "precedence 14, " +
- "authenticationLevel none, " +
- "itemOrUserFirst userFirst: { " +
- "userClasses { allUsers }, " +
- "userPermissions { { " +
- "protectedItems {entry, allUserAttributeTypesAndValues}, " +
- "grantsAndDenials { grantRead, grantReturnDN, grantBrowse } } } } }" );
+ createAccessControlSubentry( "anybodySearch", "{ " + "identificationTag \"searchAci\", " + "precedence 14, "
+ + "authenticationLevel none, " + "itemOrUserFirst userFirst: { " + "userClasses { allUsers }, "
+ + "userPermissions { { " + "protectedItems {entry, allUserAttributeTypesAndValues}, "
+ + "grantsAndDenials { grantRead, grantReturnDN, grantBrowse } } } } }" );
// check and see if we can access the subentry now
assertNotNull( checkCanSearhSubentryAs( "billyd", "billyd", new LdapName( "cn=anybodySearch" ) ) );
// now add a denial to prevent all users except the admin from accessing the subentry
- addSubentryACI( "{ " +
- "identificationTag \"searchAci\", " +
- "precedence 14, " +
- "authenticationLevel none, " +
- "itemOrUserFirst userFirst: { " +
- "userClasses { allUsers }, " +
- "userPermissions { { " +
- "protectedItems {entry, allUserAttributeTypesAndValues}, " +
- "grantsAndDenials { denyRead, denyReturnDN, denyBrowse } } } } }" );
+ addSubentryACI( "{ " + "identificationTag \"searchAci\", " + "precedence 14, " + "authenticationLevel none, "
+ + "itemOrUserFirst userFirst: { " + "userClasses { allUsers }, " + "userPermissions { { "
+ + "protectedItems {entry, allUserAttributeTypesAndValues}, "
+ + "grantsAndDenials { denyRead, denyReturnDN, denyBrowse } } } } }" );
// now we should not be able to access the subentry with a search
assertNull( checkCanSearhSubentryAs( "billyd", "billyd", new LdapName( "cn=anybodySearch" ) ) );
}
- public void testGetMatchedName() throws NamingException
+ public void testGetMatchedName() throws NamingException
{
// create the non-admin user
createUser( "billyd", "billyd" );
// now add a subentry that enables anyone to search/lookup and disclose on error
// below ou=system, with the exclusion of ou=groups and everything below it
- createAccessControlSubentry( "selectiveDiscloseOnError",
- "{ specificExclusions { chopBefore:\"ou=groups\" } }",
- "{ " +
- "identificationTag \"searchAci\", " +
- "precedence 14, " +
- "authenticationLevel none, " +
- "itemOrUserFirst userFirst: { " +
- "userClasses { allUsers }, " +
- "userPermissions { { " +
- "protectedItems {entry, allUserAttributeTypesAndValues}, " +
- "grantsAndDenials { grantRead, grantReturnDN, grantBrowse, grantDiscloseOnError } } } } }" );
+ createAccessControlSubentry( "selectiveDiscloseOnError", "{ specificExclusions { chopBefore:\"ou=groups\" } }",
+ "{ " + "identificationTag \"searchAci\", " + "precedence 14, " + "authenticationLevel none, "
+ + "itemOrUserFirst userFirst: { " + "userClasses { allUsers }, " + "userPermissions { { "
+ + "protectedItems {entry, allUserAttributeTypesAndValues}, "
+ + "grantsAndDenials { grantRead, grantReturnDN, grantBrowse, grantDiscloseOnError } } } } }" );
// get a context as the user and try a lookup of a non-existant entry under ou=groups,ou=system
DirContext userCtx = getContextAs( new LdapName( "uid=billyd,ou=users,ou=system" ), "billyd" );
@@ -879,7 +803,7 @@
{
userCtx.lookup( "cn=blah,ou=groups" );
}
- catch( NamingException e )
+ catch ( NamingException e )
{
Name matched = e.getResolvedName();
@@ -889,23 +813,18 @@
// now delete and replace subentry with one that does not excluse ou=groups,ou=system
deleteAccessControlSubentry( "selectiveDiscloseOnError" );
- createAccessControlSubentry( "selectiveDiscloseOnError",
- "{ " +
- "identificationTag \"searchAci\", " +
- "precedence 14, " +
- "authenticationLevel none, " +
- "itemOrUserFirst userFirst: { " +
- "userClasses { allUsers }, " +
- "userPermissions { { " +
- "protectedItems {entry, allUserAttributeTypesAndValues}, " +
- "grantsAndDenials { grantRead, grantReturnDN, grantBrowse, grantDiscloseOnError } } } } }" );
+ createAccessControlSubentry( "selectiveDiscloseOnError", "{ " + "identificationTag \"searchAci\", "
+ + "precedence 14, " + "authenticationLevel none, " + "itemOrUserFirst userFirst: { "
+ + "userClasses { allUsers }, " + "userPermissions { { "
+ + "protectedItems {entry, allUserAttributeTypesAndValues}, "
+ + "grantsAndDenials { grantRead, grantReturnDN, grantBrowse, grantDiscloseOnError } } } } }" );
// now try a lookup of a non-existant entry under ou=groups,ou=system again
try
{
userCtx.lookup( "cn=blah,ou=groups" );
}
- catch( NamingException e )
+ catch ( NamingException e )
{
Name matched = e.getResolvedName();
Modified: directory/sandbox/akarasulu/rc1/apacheds/core-unit/src/test/java/org/apache/directory/server/core/collective/CollectiveAttributeServiceTest.java
URL: http://svn.apache.org/viewcvs/directory/sandbox/akarasulu/rc1/apacheds/core-unit/src/test/java/org/apache/directory/server/core/collective/CollectiveAttributeServiceTest.java?rev=376623&r1=376622&r2=376623&view=diff
==============================================================================
--- directory/sandbox/akarasulu/rc1/apacheds/core-unit/src/test/java/org/apache/directory/server/core/collective/CollectiveAttributeServiceTest.java (original)
+++ directory/sandbox/akarasulu/rc1/apacheds/core-unit/src/test/java/org/apache/directory/server/core/collective/CollectiveAttributeServiceTest.java Fri Feb 10 02:48:07 2006
@@ -99,7 +99,8 @@
Attribute attribute = new LockableAttributeImpl( "administrativeRole" );
attribute.add( role );
ModificationItem item = new ModificationItem( DirContext.ADD_ATTRIBUTE, attribute );
- super.sysRoot.modifyAttributes( "", new ModificationItem[] { item } );
+ super.sysRoot.modifyAttributes( "", new ModificationItem[]
+ { item } );
}
@@ -108,7 +109,8 @@
Map resultMap = new HashMap();
SearchControls controls = new SearchControls();
controls.setSearchScope( SearchControls.SUBTREE_SCOPE );
- controls.setReturningAttributes( new String[] { "+", "*" } );
+ controls.setReturningAttributes( new String[]
+ { "+", "*" } );
NamingEnumeration results = super.sysRoot.search( "", "(objectClass=*)", controls );
while ( results.hasMore() )
{
@@ -124,7 +126,8 @@
Map resultMap = new HashMap();
SearchControls controls = new SearchControls();
controls.setSearchScope( SearchControls.SUBTREE_SCOPE );
- controls.setReturningAttributes( new String[] { "cn", "ou" } );
+ controls.setReturningAttributes( new String[]
+ { "cn", "ou" } );
NamingEnumeration results = super.sysRoot.search( "", "(objectClass=*)", controls );
while ( results.hasMore() )
{
@@ -165,9 +168,9 @@
// now modify entries included by the subentry to have collectiveExclusions
// -------------------------------------------------------------------
- ModificationItem[] items = new ModificationItem[] {
- new ModificationItem( DirContext.ADD_ATTRIBUTE,
- new LockableAttributeImpl( "collectiveExclusions", "c-ou" ) ) };
+ ModificationItem[] items = new ModificationItem[]
+ { new ModificationItem( DirContext.ADD_ATTRIBUTE,
+ new LockableAttributeImpl( "collectiveExclusions", "c-ou" ) ) };
super.sysRoot.modifyAttributes( "ou=services,ou=configuration", items );
// entry should not show the c-ou collective attribute anymore
@@ -221,9 +224,9 @@
// now modify an entry to exclude all collective attributes
// -------------------------------------------------------------------
- items = new ModificationItem[] {
- new ModificationItem( DirContext.REPLACE_ATTRIBUTE,
- new LockableAttributeImpl( "collectiveExclusions", "excludeAllCollectiveAttributes" ) ) };
+ items = new ModificationItem[]
+ { new ModificationItem( DirContext.REPLACE_ATTRIBUTE, new LockableAttributeImpl( "collectiveExclusions",
+ "excludeAllCollectiveAttributes" ) ) };
super.sysRoot.modifyAttributes( "ou=interceptors,ou=configuration", items );
// none of the attributes should appear any longer
@@ -272,9 +275,9 @@
// now modify entries included by the subentry to have collectiveExclusions
// -------------------------------------------------------------------
- ModificationItem[] items = new ModificationItem[] {
- new ModificationItem( DirContext.ADD_ATTRIBUTE,
- new LockableAttributeImpl( "collectiveExclusions", "c-ou" ) ) };
+ ModificationItem[] items = new ModificationItem[]
+ { new ModificationItem( DirContext.ADD_ATTRIBUTE,
+ new LockableAttributeImpl( "collectiveExclusions", "c-ou" ) ) };
super.sysRoot.modifyAttributes( "ou=services,ou=configuration", items );
entries = getAllEntries();
@@ -331,9 +334,9 @@
// now modify an entry to exclude all collective attributes
// -------------------------------------------------------------------
- items = new ModificationItem[] {
- new ModificationItem( DirContext.REPLACE_ATTRIBUTE,
- new LockableAttributeImpl( "collectiveExclusions", "excludeAllCollectiveAttributes" ) ) };
+ items = new ModificationItem[]
+ { new ModificationItem( DirContext.REPLACE_ATTRIBUTE, new LockableAttributeImpl( "collectiveExclusions",
+ "excludeAllCollectiveAttributes" ) ) };
super.sysRoot.modifyAttributes( "ou=interceptors,ou=configuration", items );
entries = getAllEntries();
Modified: directory/sandbox/akarasulu/rc1/apacheds/core-unit/src/test/java/org/apache/directory/server/core/configuration/DirectoryPartitionConfigurationTest.java
URL: http://svn.apache.org/viewcvs/directory/sandbox/akarasulu/rc1/apacheds/core-unit/src/test/java/org/apache/directory/server/core/configuration/DirectoryPartitionConfigurationTest.java?rev=376623&r1=376622&r2=376623&view=diff
==============================================================================
--- directory/sandbox/akarasulu/rc1/apacheds/core-unit/src/test/java/org/apache/directory/server/core/configuration/DirectoryPartitionConfigurationTest.java (original)
+++ directory/sandbox/akarasulu/rc1/apacheds/core-unit/src/test/java/org/apache/directory/server/core/configuration/DirectoryPartitionConfigurationTest.java Fri Feb 10 02:48:07 2006
@@ -48,10 +48,10 @@
{
}
+
public void testAddAndRemove() throws Exception
{
- MutableDirectoryPartitionConfiguration partitionCfg =
- new MutableDirectoryPartitionConfiguration();
+ MutableDirectoryPartitionConfiguration partitionCfg = new MutableDirectoryPartitionConfiguration();
partitionCfg.setName( "removable" );
partitionCfg.setSuffix( "ou=removable" );
Attributes ctxEntry = new BasicAttributes( true );
@@ -59,30 +59,28 @@
ctxEntry.put( "ou", "removable" );
partitionCfg.setContextEntry( ctxEntry );
partitionCfg.setContextPartition( new JdbmDirectoryPartition() );
-
+
// Test AddContextPartition
- AddDirectoryPartitionConfiguration addCfg =
- new AddDirectoryPartitionConfiguration( partitionCfg );
-
+ AddDirectoryPartitionConfiguration addCfg = new AddDirectoryPartitionConfiguration( partitionCfg );
+
Hashtable env = new Hashtable();
env.put( Context.INITIAL_CONTEXT_FACTORY, CoreContextFactory.class.getName() );
env.putAll( addCfg.toJndiEnvironment() );
-
+
Context ctx = new InitialContext( env );
Assert.assertNotNull( ctx.lookup( "ou=removable" ) );
-
+
// Test removeContextPartition
- RemoveDirectoryPartitionConfiguration removeCfg =
- new RemoveDirectoryPartitionConfiguration( "ou=removable" );
+ RemoveDirectoryPartitionConfiguration removeCfg = new RemoveDirectoryPartitionConfiguration( "ou=removable" );
env.putAll( removeCfg.toJndiEnvironment() );
-
+
ctx = new InitialContext( env );
try
{
ctx.lookup( "ou=removable" );
Assert.fail( "NameNotFoundException should be thrown." );
}
- catch( NameNotFoundException e )
+ catch ( NameNotFoundException e )
{
// Partition is removed.
}
Modified: directory/sandbox/akarasulu/rc1/apacheds/core-unit/src/test/java/org/apache/directory/server/core/event/EventServiceTest.java
URL: http://svn.apache.org/viewcvs/directory/sandbox/akarasulu/rc1/apacheds/core-unit/src/test/java/org/apache/directory/server/core/event/EventServiceTest.java?rev=376623&r1=376622&r2=376623&view=diff
==============================================================================
--- directory/sandbox/akarasulu/rc1/apacheds/core-unit/src/test/java/org/apache/directory/server/core/event/EventServiceTest.java (original)
+++ directory/sandbox/akarasulu/rc1/apacheds/core-unit/src/test/java/org/apache/directory/server/core/event/EventServiceTest.java Fri Feb 10 02:48:07 2006
@@ -107,7 +107,6 @@
assertEquals( "objectAdded", rec.method );
}
-
public class TestListener implements ObjectChangeListener, NamespaceChangeListener
{
List events = new ArrayList();
@@ -149,13 +148,13 @@
}
}
-
public class EventRecord
{
String method;
EventObject event;
- EventRecord( String method, EventObject event )
+
+ EventRecord(String method, EventObject event)
{
this.method = method;
this.event = event;