You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by el...@apache.org on 2011/11/12 19:24:43 UTC
svn commit: r1201297 [6/9] - in /directory/apacheds/branches/apacheds-txns:
all/ apache-felix/ core-annotations/ core-api/
core-api/src/main/java/org/apache/directory/server/core/api/
core-api/src/main/java/org/apache/directory/server/core/api/intercep...
Modified: directory/apacheds/branches/apacheds-txns/interceptors/authz/src/main/java/org/apache/directory/server/core/authz/AciAuthorizationInterceptor.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/apacheds-txns/interceptors/authz/src/main/java/org/apache/directory/server/core/authz/AciAuthorizationInterceptor.java?rev=1201297&r1=1201296&r2=1201297&view=diff
==============================================================================
--- directory/apacheds/branches/apacheds-txns/interceptors/authz/src/main/java/org/apache/directory/server/core/authz/AciAuthorizationInterceptor.java (original)
+++ directory/apacheds/branches/apacheds-txns/interceptors/authz/src/main/java/org/apache/directory/server/core/authz/AciAuthorizationInterceptor.java Sat Nov 12 18:24:38 2011
@@ -31,21 +31,19 @@ import java.util.Set;
import javax.naming.directory.SearchControls;
import org.apache.directory.server.constants.ServerDNConstants;
-import org.apache.directory.server.core.shared.DefaultCoreSession;
-import org.apache.directory.server.core.api.subtree.SubentryUtils;
import org.apache.directory.server.core.api.CoreSession;
import org.apache.directory.server.core.api.DirectoryService;
+import org.apache.directory.server.core.api.InterceptorEnum;
import org.apache.directory.server.core.api.LdapPrincipal;
import org.apache.directory.server.core.api.entry.ClonedServerEntry;
import org.apache.directory.server.core.api.entry.ServerEntryUtils;
import org.apache.directory.server.core.api.filtering.EntryFilter;
import org.apache.directory.server.core.api.filtering.EntryFilteringCursor;
import org.apache.directory.server.core.api.interceptor.BaseInterceptor;
-import org.apache.directory.server.core.api.interceptor.NextInterceptor;
import org.apache.directory.server.core.api.interceptor.context.AddOperationContext;
import org.apache.directory.server.core.api.interceptor.context.CompareOperationContext;
import org.apache.directory.server.core.api.interceptor.context.DeleteOperationContext;
-import org.apache.directory.server.core.api.interceptor.context.EntryOperationContext;
+import org.apache.directory.server.core.api.interceptor.context.HasEntryOperationContext;
import org.apache.directory.server.core.api.interceptor.context.ListOperationContext;
import org.apache.directory.server.core.api.interceptor.context.LookupOperationContext;
import org.apache.directory.server.core.api.interceptor.context.ModifyOperationContext;
@@ -56,8 +54,10 @@ import org.apache.directory.server.core.
import org.apache.directory.server.core.api.interceptor.context.SearchOperationContext;
import org.apache.directory.server.core.api.interceptor.context.SearchingOperationContext;
import org.apache.directory.server.core.api.partition.PartitionNexus;
+import org.apache.directory.server.core.api.subtree.SubentryUtils;
import org.apache.directory.server.core.authz.support.ACDFEngine;
import org.apache.directory.server.core.authz.support.AciContext;
+import org.apache.directory.server.core.shared.DefaultCoreSession;
import org.apache.directory.server.i18n.I18n;
import org.apache.directory.shared.ldap.aci.ACIItem;
import org.apache.directory.shared.ldap.aci.ACIItemParser;
@@ -169,6 +169,15 @@ public class AciAuthorizationInterceptor
/** The SubentryUtils instance */
private static SubentryUtils subentryUtils;
+
+ /**
+ * Create a AciAuthorizationInterceptor instance
+ */
+ public AciAuthorizationInterceptor()
+ {
+ super( InterceptorEnum.ACI_AUTHORIZATION_INTERCEPTOR );
+ }
+
/**
* Load the Tuples into the cache
@@ -288,7 +297,7 @@ public class AciAuthorizationInterceptor
engine = new ACDFEngine( schemaManager );
// stuff for dealing with subentries (garbage for now)
- Value<?> subschemaSubentry = directoryService.getPartitionNexus().getRootDSE( null ).get(
+ Value<?> subschemaSubentry = directoryService.getPartitionNexus().getRootDse( null ).get(
SchemaConstants.SUBSCHEMA_SUBENTRY_AT ).get();
Dn subschemaSubentryDnName = directoryService.getDnFactory().create( subschemaSubentry.getString() );
subschemaSubentryDn = subschemaSubentryDnName.getNormName();
@@ -499,14 +508,16 @@ public class AciAuthorizationInterceptor
* operation.
* -------------------------------------------------------------------------------
*/
-
- public void add( NextInterceptor next, AddOperationContext addContext ) throws LdapException
+ /**
+ * {@inheritDoc}
+ */
+ public void add( AddOperationContext addContext ) throws LdapException
{
// bypass authz code if it was disabled
if ( !directoryService.isAccessControlEnabled() )
{
ACI_LOG.debug( "ACI interceptor disabled" );
- next.add( addContext );
+ next( addContext );
return;
}
@@ -525,7 +536,7 @@ public class AciAuthorizationInterceptor
{
ACI_LOG.debug( "Addition done by the administartor : no check" );
- next.add( addContext );
+ next( addContext );
tupleCache.subentryAdded( dn, serverEntry );
groupCache.groupAdded( dn, serverEntry );
return;
@@ -581,7 +592,7 @@ public class AciAuthorizationInterceptor
}
// if we've gotten this far then access has been granted
- next.add( addContext );
+ next( addContext );
// if the entry added is a subentry or a groupOf[Unique]Names we must
// update the ACITuple cache and the groups cache to keep them in sync
@@ -590,12 +601,63 @@ public class AciAuthorizationInterceptor
}
- private boolean isTheAdministrator( Dn normalizedDn )
+ /**
+ * {@inheritDoc}
+ */
+ public boolean compare( CompareOperationContext compareContext ) throws LdapException
{
- return normalizedDn.getNormName().equals( ServerDNConstants.ADMIN_SYSTEM_DN_NORMALIZED );
+ CoreSession session = compareContext.getSession();
+ Dn dn = compareContext.getDn();
+ String oid = compareContext.getOid();
+
+ Entry entry = compareContext.getOriginalEntry();
+
+ LdapPrincipal principal = session.getEffectivePrincipal();
+ Dn principalDn = principal.getDn();
+
+ if ( isPrincipalAnAdministrator( principalDn ) || !directoryService.isAccessControlEnabled() )
+ {
+ return next( compareContext );
+ }
+
+ Set<Dn> userGroups = groupCache.getGroups( principalDn.getNormName() );
+ Collection<ACITuple> tuples = new HashSet<ACITuple>();
+ addPerscriptiveAciTuples( compareContext, tuples, dn, entry );
+ addEntryAciTuples( tuples, entry );
+ addSubentryAciTuples( compareContext, tuples, dn, entry );
+
+ AciContext aciContext = new AciContext( schemaManager, compareContext );
+ aciContext.setUserGroupNames( userGroups );
+ aciContext.setUserDn( principalDn );
+ aciContext.setAuthenticationLevel( principal.getAuthenticationLevel() );
+ aciContext.setEntryDn( dn );
+ aciContext.setMicroOperations( READ_PERMS );
+ aciContext.setAciTuples( tuples );
+ aciContext.setEntry( entry );
+
+ engine.checkPermission( aciContext );
+
+ AttributeType attributeType = schemaManager.lookupAttributeTypeRegistry( oid );
+
+ aciContext = new AciContext( schemaManager, compareContext );
+ aciContext.setUserGroupNames( userGroups );
+ aciContext.setUserDn( principalDn );
+ aciContext.setAuthenticationLevel( principal.getAuthenticationLevel() );
+ aciContext.setEntryDn( dn );
+ aciContext.setAttributeType( attributeType );
+ aciContext.setMicroOperations( COMPARE_PERMS );
+ aciContext.setAciTuples( tuples );
+ aciContext.setEntry( entry );
+
+ engine.checkPermission( aciContext );
+
+ return next( compareContext );
}
+ /**
+ * {@inheritDoc}
+ */
public void delete( DeleteOperationContext deleteContext ) throws LdapException
{
CoreSession session = deleteContext.getSession();
@@ -650,9 +712,118 @@ public class AciAuthorizationInterceptor
}
- // False positive, we want to keep the comment
- @SuppressWarnings("PMD.CollapsibleIfStatements")
- public void modify( NextInterceptor next, ModifyOperationContext modifyContext ) throws LdapException
+ /**
+ * {@inheritDoc}
+ */
+ public boolean hasEntry( HasEntryOperationContext hasEntryContext ) throws LdapException
+ {
+ Dn dn = hasEntryContext.getDn();
+
+ if ( !directoryService.isAccessControlEnabled() )
+ {
+ return ( dn.isRootDse() || next( hasEntryContext ) );
+ }
+
+ boolean answer = next( hasEntryContext );
+
+ // no checks on the RootDSE
+ if ( dn.isRootDse() )
+ {
+ // No need to go down to the stack, if the dn is empty
+ // It's the rootDSE, and it exists !
+ return answer;
+ }
+
+ CoreSession session = hasEntryContext.getSession();
+
+ // TODO - eventually replace this with a check on session.isAnAdministrator()
+ LdapPrincipal principal = session.getEffectivePrincipal();
+ Dn principalDn = principal.getDn();
+
+ if ( isPrincipalAnAdministrator( principalDn ) )
+ {
+ return answer;
+ }
+
+ LookupOperationContext lookupContext = new LookupOperationContext( session, dn, SchemaConstants.ALL_ATTRIBUTES_ARRAY );
+ Entry entry = directoryService.getPartitionNexus().lookup( lookupContext );
+
+ Set<Dn> userGroups = groupCache.getGroups( principalDn.getNormName() );
+ Collection<ACITuple> tuples = new HashSet<ACITuple>();
+ addPerscriptiveAciTuples( hasEntryContext, tuples, dn, entry );
+ addEntryAciTuples( tuples, ( ( ClonedServerEntry ) entry ).getOriginalEntry() );
+ addSubentryAciTuples( hasEntryContext, tuples, dn, ( ( ClonedServerEntry ) entry ).getOriginalEntry() );
+
+ // check that we have browse access to the entry
+ AciContext aciContext = new AciContext( schemaManager, hasEntryContext );
+ aciContext.setUserGroupNames( userGroups );
+ aciContext.setUserDn( principalDn );
+ aciContext.setAuthenticationLevel( principal.getAuthenticationLevel() );
+ aciContext.setEntryDn( dn );
+ aciContext.setMicroOperations( BROWSE_PERMS );
+ aciContext.setAciTuples( tuples );
+ aciContext.setEntry( ((ClonedServerEntry)entry).getOriginalEntry() );
+
+ engine.checkPermission( aciContext );
+
+ return next( hasEntryContext );
+ }
+
+
+ /**
+ * {@inheritDoc}
+ */
+ public EntryFilteringCursor list( ListOperationContext listContext ) throws LdapException
+ {
+ LdapPrincipal user = listContext.getSession().getEffectivePrincipal();
+ EntryFilteringCursor cursor = next( listContext );
+
+ if ( isPrincipalAnAdministrator( user.getDn() )
+ || !directoryService.isAccessControlEnabled() )
+ {
+ return cursor;
+ }
+
+ AuthorizationFilter authzFilter = new AuthorizationFilter();
+ cursor.addEntryFilter( authzFilter );
+
+ return cursor;
+ }
+
+
+ /**
+ * {@inheritDoc}
+ */
+ public Entry lookup( LookupOperationContext lookupContext ) throws LdapException
+ {
+ CoreSession session = lookupContext.getSession();
+
+ LdapPrincipal principal = session.getEffectivePrincipal();
+ Dn principalDn = principal.getDn();
+
+ if ( !principalDn.isSchemaAware() )
+ {
+ principalDn.apply( schemaManager );
+ }
+
+ // Bypass this interceptor if we disabled the AC subsystem or if the principal is the admin
+ if ( isPrincipalAnAdministrator( principalDn ) || !directoryService.isAccessControlEnabled() )
+ {
+ return next( lookupContext );
+ }
+
+ Entry entry = directoryService.getPartitionNexus().lookup( lookupContext );
+
+ checkLookupAccess( lookupContext, entry );
+
+ return entry;
+ }
+
+
+ /**
+ * {@inheritDoc}
+ */
+ public void modify( ModifyOperationContext modifyContext ) throws LdapException
{
Dn dn = modifyContext.getDn();
@@ -665,7 +836,7 @@ public class AciAuthorizationInterceptor
// bypass authz code if we are disabled
if ( !directoryService.isAccessControlEnabled() )
{
- next.modify( modifyContext );
+ next( modifyContext );
return;
}
@@ -674,7 +845,7 @@ public class AciAuthorizationInterceptor
// bypass authz code but manage caches if operation is performed by the admin
if ( isPrincipalAnAdministrator( principalDn ) )
{
- next.modify( modifyContext );
+ next( modifyContext );
/**
* @TODO: A virtual entry can be created here for not hitting the backend again.
@@ -800,7 +971,7 @@ public class AciAuthorizationInterceptor
}
}
- next.modify( modifyContext );
+ next( modifyContext );
/**
* @TODO: A virtual entry can be created here for not hitting the backend again.
*/
@@ -816,217 +987,101 @@ public class AciAuthorizationInterceptor
/**
* {@inheritDoc}
*/
- public boolean hasEntry( EntryOperationContext hasEntryContext ) throws LdapException
+ public void move( MoveOperationContext moveContext ) throws LdapException
{
- Dn dn = hasEntryContext.getDn();
+ Dn oriChildName = moveContext.getDn();
- if ( !directoryService.isAccessControlEnabled() )
- {
- return ( dn.isRootDSE() || next( hasEntryContext ) );
- }
+ // Access the principal requesting the operation, and bypass checks if it is the admin
+ Entry entry = moveContext.getOriginalEntry();
+ CoreSession session = moveContext.getSession();
- boolean answer = next( hasEntryContext );
+ Dn newDn = moveContext.getNewDn();
- // no checks on the RootDSE
- if ( dn.isRootDSE() )
+ LdapPrincipal principal = session.getEffectivePrincipal();
+ Dn principalDn = principal.getDn();
+
+ // bypass authz code if we are disabled
+ if ( !directoryService.isAccessControlEnabled() )
{
- // No need to go down to the stack, if the dn is empty
- // It's the rootDSE, and it exists !
- return answer;
+ next( moveContext );
+ return;
}
- CoreSession session = hasEntryContext.getSession();
-
- // TODO - eventually replace this with a check on session.isAnAdministrator()
- LdapPrincipal principal = session.getEffectivePrincipal();
- Dn principalDn = principal.getDn();
+ protectCriticalEntries( moveContext, oriChildName );
+ // bypass authz code but manage caches if operation is performed by the admin
if ( isPrincipalAnAdministrator( principalDn ) )
{
- return answer;
+ next( moveContext );
+ tupleCache.subentryRenamed( oriChildName, newDn );
+ groupCache.groupRenamed( oriChildName, newDn );
+ return;
}
- LookupOperationContext lookupContext = new LookupOperationContext( session, dn, SchemaConstants.ALL_ATTRIBUTES_ARRAY );
- Entry entry = directoryService.getPartitionNexus().lookup( lookupContext );
-
Set<Dn> userGroups = groupCache.getGroups( principalDn.getNormName() );
Collection<ACITuple> tuples = new HashSet<ACITuple>();
- addPerscriptiveAciTuples( hasEntryContext, tuples, dn, entry );
- addEntryAciTuples( tuples, ( ( ClonedServerEntry ) entry ).getOriginalEntry() );
- addSubentryAciTuples( hasEntryContext, tuples, dn, ( ( ClonedServerEntry ) entry ).getOriginalEntry() );
+ addPerscriptiveAciTuples( moveContext, tuples, oriChildName, entry );
+ addEntryAciTuples( tuples, entry );
+ addSubentryAciTuples( moveContext, tuples, oriChildName, entry );
- // check that we have browse access to the entry
- AciContext aciContext = new AciContext( schemaManager, hasEntryContext );
+ AciContext aciContext = new AciContext( schemaManager, moveContext );
aciContext.setUserGroupNames( userGroups );
aciContext.setUserDn( principalDn );
aciContext.setAuthenticationLevel( principal.getAuthenticationLevel() );
- aciContext.setEntryDn( dn );
- aciContext.setMicroOperations( BROWSE_PERMS );
+ aciContext.setEntryDn( oriChildName );
+ aciContext.setMicroOperations( EXPORT_PERMS );
aciContext.setAciTuples( tuples );
- aciContext.setEntry( ((ClonedServerEntry)entry).getOriginalEntry() );
+ aciContext.setEntry( entry );
engine.checkPermission( aciContext );
- return next( hasEntryContext );
- }
+ // Get the entry again without operational attributes
+ // because access control subentry operational attributes
+ // will not be valid at the new location.
+ // This will certainly be fixed by the SubentryInterceptor,
+ // but after this service.
+ LookupOperationContext lookupContext = new LookupOperationContext( session, oriChildName, SchemaConstants.ALL_USER_ATTRIBUTES_ARRAY );
+ Entry importedEntry = directoryService.getPartitionNexus().lookup( lookupContext );
+ // As the target entry does not exist yet and so
+ // its subentry operational attributes are not there,
+ // we need to construct an entry to represent it
+ // at least with minimal requirements which are object class
+ // and access control subentry operational attributes.
+ Entry subentryAttrs = subentryUtils.getSubentryAttributes( newDn, importedEntry );
- /**
- * Checks if the READ permissions exist to the entry and to each attribute type and
- * value.
- *
- * @todo not sure if we should hide attribute types/values or throw an exception
- * instead. I think we're going to have to use a filter to restrict the return
- * of attribute types and values instead of throwing an exception. Lack of read
- * perms to attributes and their values results in their removal when returning
- * the entry.
- *
- * @param principal the user associated with the call
- * @param dn the name of the entry being looked up
- * @param entry the raw entry pulled from the nexus
- * @throws Exception if undlying access to the DIT fails
- */
- private void checkLookupAccess( LookupOperationContext lookupContext, Entry entry ) throws LdapException
- {
- Dn dn = lookupContext.getDn();
-
- // no permissions checks on the RootDSE
- if ( dn.isRootDSE() )
+ for ( Attribute attribute : importedEntry )
{
- return;
+ subentryAttrs.put( attribute );
}
- LdapPrincipal principal = lookupContext.getSession().getEffectivePrincipal();
- Dn userName = principal.getDn();
- Set<Dn> userGroups = groupCache.getGroups( userName.getNormName() );
- Collection<ACITuple> tuples = new HashSet<ACITuple>();
- addPerscriptiveAciTuples( lookupContext, tuples, dn, entry );
- addEntryAciTuples( tuples, entry );
- addSubentryAciTuples( lookupContext, tuples, dn, entry );
+ Collection<ACITuple> destTuples = new HashSet<ACITuple>();
+ // Import permission is only valid for prescriptive ACIs
+ addPerscriptiveAciTuples( moveContext, destTuples, newDn, subentryAttrs );
- // check that we have read access to the entry
- AciContext aciContext = new AciContext( schemaManager, lookupContext );
+ // Evaluate the target context to see whether it
+ // allows an entry named newName to be imported as a subordinate.
+ aciContext = new AciContext( schemaManager, moveContext );
aciContext.setUserGroupNames( userGroups );
- aciContext.setUserDn( userName );
+ aciContext.setUserDn( principalDn );
aciContext.setAuthenticationLevel( principal.getAuthenticationLevel() );
- aciContext.setEntryDn( dn );
- aciContext.setMicroOperations( LOOKUP_PERMS );
- aciContext.setAciTuples( tuples );
- aciContext.setEntry( entry );
+ aciContext.setEntryDn( newDn );
+ aciContext.setMicroOperations( IMPORT_PERMS );
+ aciContext.setAciTuples( destTuples );
+ aciContext.setEntry( subentryAttrs );
engine.checkPermission( aciContext );
- // check that we have read access to every attribute type and value
- for ( Attribute attribute : entry )
- {
-
- for ( Value<?> value : attribute )
- {
- AciContext valueAciContext = new AciContext( schemaManager, lookupContext );
- valueAciContext.setUserGroupNames( userGroups );
- valueAciContext.setUserDn( userName );
- valueAciContext.setAuthenticationLevel( principal.getAuthenticationLevel() );
- valueAciContext.setEntryDn( dn );
- valueAciContext.setAttributeType( attribute.getAttributeType() );
- valueAciContext.setAttrValue( value );
- valueAciContext.setMicroOperations( READ_PERMS );
- valueAciContext.setAciTuples( tuples );
- valueAciContext.setEntry( entry );
-
- engine.checkPermission( valueAciContext );
- }
- }
+ next( moveContext );
+ tupleCache.subentryRenamed( oriChildName, newDn );
+ groupCache.groupRenamed( oriChildName, newDn );
}
/**
* {@inheritDoc}
*/
- public Entry lookup( LookupOperationContext lookupContext ) throws LdapException
- {
- CoreSession session = lookupContext.getSession();
-
- LdapPrincipal principal = session.getEffectivePrincipal();
- Dn principalDn = principal.getDn();
-
- if ( !principalDn.isSchemaAware() )
- {
- principalDn.apply( schemaManager );
- }
-
- // Bypass this interceptor if we disabled the AC subsystem or if the principal is the admin
- if ( isPrincipalAnAdministrator( principalDn ) || !directoryService.isAccessControlEnabled() )
- {
- return next( lookupContext );
- }
-
- Entry entry = directoryService.getPartitionNexus().lookup( lookupContext );
-
- checkLookupAccess( lookupContext, entry );
-
- return entry;
- }
-
-
- public void rename( NextInterceptor next, RenameOperationContext renameContext ) throws LdapException
- {
- Dn oldName = renameContext.getDn();
- Entry originalEntry = null;
-
- if ( renameContext.getEntry() != null )
- {
- originalEntry = ((ClonedServerEntry)renameContext.getEntry()).getOriginalEntry();
- }
-
- LdapPrincipal principal = renameContext.getSession().getEffectivePrincipal();
- Dn principalDn = principal.getDn();
- Dn newName = renameContext.getNewDn();
-
- // bypass authz code if we are disabled
- if ( !directoryService.isAccessControlEnabled() )
- {
- next.rename( renameContext );
- return;
- }
-
- protectCriticalEntries( renameContext, oldName );
-
- // bypass authz code but manage caches if operation is performed by the admin
- if ( isPrincipalAnAdministrator( principalDn ) )
- {
- next.rename( renameContext );
- tupleCache.subentryRenamed( oldName, newName );
-
- // TODO : this method returns a boolean : what should we do with the result ?
- groupCache.groupRenamed( oldName, newName );
-
- return;
- }
-
- Set<Dn> userGroups = groupCache.getGroups( principalDn.getNormName() );
- Collection<ACITuple> tuples = new HashSet<ACITuple>();
- addPerscriptiveAciTuples( renameContext, tuples, oldName, originalEntry );
- addEntryAciTuples( tuples, originalEntry );
- addSubentryAciTuples( renameContext, tuples, oldName, originalEntry );
-
- AciContext aciContext = new AciContext( schemaManager, renameContext );
- aciContext.setUserGroupNames( userGroups );
- aciContext.setUserDn( principalDn );
- aciContext.setAuthenticationLevel( principal.getAuthenticationLevel() );
- aciContext.setEntryDn( oldName );
- aciContext.setMicroOperations( RENAME_PERMS );
- aciContext.setAciTuples( tuples );
- aciContext.setEntry( originalEntry );
-
- engine.checkPermission( aciContext );
-
- next.rename( renameContext );
- tupleCache.subentryRenamed( oldName, newName );
- groupCache.groupRenamed( oldName, newName );
- }
-
-
- public void moveAndRename( NextInterceptor next, MoveAndRenameOperationContext moveAndRenameContext ) throws LdapException
+ public void moveAndRename( MoveAndRenameOperationContext moveAndRenameContext ) throws LdapException
{
Dn oldDn = moveAndRenameContext.getDn();
CoreSession session = moveAndRenameContext.getSession();
@@ -1040,7 +1095,8 @@ public class AciAuthorizationInterceptor
// bypass authz code if we are disabled
if ( !directoryService.isAccessControlEnabled() )
{
- next.moveAndRename( moveAndRenameContext );
+ next( moveAndRenameContext );
+
return;
}
@@ -1049,7 +1105,7 @@ public class AciAuthorizationInterceptor
// bypass authz code but manage caches if operation is performed by the admin
if ( isPrincipalAnAdministrator( principalDn ) )
{
- next.moveAndRename( moveAndRenameContext );
+ next( moveAndRenameContext );
tupleCache.subentryRenamed( oldDn, newDn );
groupCache.groupRenamed( oldDn, newDn );
@@ -1111,7 +1167,7 @@ public class AciAuthorizationInterceptor
engine.checkPermission( aciContext );
- next.moveAndRename( moveAndRenameContext );
+ next( moveAndRenameContext );
tupleCache.subentryRenamed( oldDn, newDn );
groupCache.groupRenamed( oldDn, newDn );
}
@@ -1120,131 +1176,80 @@ public class AciAuthorizationInterceptor
/**
* {@inheritDoc}
*/
- public void move( NextInterceptor next, MoveOperationContext moveContext ) throws LdapException
+ public void rename( RenameOperationContext renameContext ) throws LdapException
{
- Dn oriChildName = moveContext.getDn();
-
- // Access the principal requesting the operation, and bypass checks if it is the admin
- Entry entry = moveContext.getOriginalEntry();
- CoreSession session = moveContext.getSession();
+ Dn oldName = renameContext.getDn();
+ Entry originalEntry = null;
- Dn newDn = moveContext.getNewDn();
+ if ( renameContext.getEntry() != null )
+ {
+ originalEntry = ((ClonedServerEntry)renameContext.getEntry()).getOriginalEntry();
+ }
- LdapPrincipal principal = session.getEffectivePrincipal();
+ LdapPrincipal principal = renameContext.getSession().getEffectivePrincipal();
Dn principalDn = principal.getDn();
+ Dn newName = renameContext.getNewDn();
// bypass authz code if we are disabled
if ( !directoryService.isAccessControlEnabled() )
{
- next.move( moveContext );
+ next( renameContext );
return;
}
- protectCriticalEntries( moveContext, oriChildName );
+ protectCriticalEntries( renameContext, oldName );
// bypass authz code but manage caches if operation is performed by the admin
if ( isPrincipalAnAdministrator( principalDn ) )
{
- next.move( moveContext );
- tupleCache.subentryRenamed( oriChildName, newDn );
- groupCache.groupRenamed( oriChildName, newDn );
+ next( renameContext );
+ tupleCache.subentryRenamed( oldName, newName );
+
+ // TODO : this method returns a boolean : what should we do with the result ?
+ groupCache.groupRenamed( oldName, newName );
+
return;
}
Set<Dn> userGroups = groupCache.getGroups( principalDn.getNormName() );
Collection<ACITuple> tuples = new HashSet<ACITuple>();
- addPerscriptiveAciTuples( moveContext, tuples, oriChildName, entry );
- addEntryAciTuples( tuples, entry );
- addSubentryAciTuples( moveContext, tuples, oriChildName, entry );
+ addPerscriptiveAciTuples( renameContext, tuples, oldName, originalEntry );
+ addEntryAciTuples( tuples, originalEntry );
+ addSubentryAciTuples( renameContext, tuples, oldName, originalEntry );
- AciContext aciContext = new AciContext( schemaManager, moveContext );
+ AciContext aciContext = new AciContext( schemaManager, renameContext );
aciContext.setUserGroupNames( userGroups );
aciContext.setUserDn( principalDn );
aciContext.setAuthenticationLevel( principal.getAuthenticationLevel() );
- aciContext.setEntryDn( oriChildName );
- aciContext.setMicroOperations( EXPORT_PERMS );
+ aciContext.setEntryDn( oldName );
+ aciContext.setMicroOperations( RENAME_PERMS );
aciContext.setAciTuples( tuples );
- aciContext.setEntry( entry );
-
- engine.checkPermission( aciContext );
-
- // Get the entry again without operational attributes
- // because access control subentry operational attributes
- // will not be valid at the new location.
- // This will certainly be fixed by the SubentryInterceptor,
- // but after this service.
- LookupOperationContext lookupContext = new LookupOperationContext( session, oriChildName, SchemaConstants.ALL_USER_ATTRIBUTES_ARRAY );
- Entry importedEntry = directoryService.getPartitionNexus().lookup( lookupContext );
-
- // As the target entry does not exist yet and so
- // its subentry operational attributes are not there,
- // we need to construct an entry to represent it
- // at least with minimal requirements which are object class
- // and access control subentry operational attributes.
- Entry subentryAttrs = subentryUtils.getSubentryAttributes( newDn, importedEntry );
-
- for ( Attribute attribute : importedEntry )
- {
- subentryAttrs.put( attribute );
- }
-
- Collection<ACITuple> destTuples = new HashSet<ACITuple>();
- // Import permission is only valid for prescriptive ACIs
- addPerscriptiveAciTuples( moveContext, destTuples, newDn, subentryAttrs );
-
- // Evaluate the target context to see whether it
- // allows an entry named newName to be imported as a subordinate.
- aciContext = new AciContext( schemaManager, moveContext );
- aciContext.setUserGroupNames( userGroups );
- aciContext.setUserDn( principalDn );
- aciContext.setAuthenticationLevel( principal.getAuthenticationLevel() );
- aciContext.setEntryDn( newDn );
- aciContext.setMicroOperations( IMPORT_PERMS );
- aciContext.setAciTuples( destTuples );
- aciContext.setEntry( subentryAttrs );
+ aciContext.setEntry( originalEntry );
engine.checkPermission( aciContext );
- next.move( moveContext );
- tupleCache.subentryRenamed( oriChildName, newDn );
- groupCache.groupRenamed( oriChildName, newDn );
+ next( renameContext );
+ tupleCache.subentryRenamed( oldName, newName );
+ groupCache.groupRenamed( oldName, newName );
}
/**
* {@inheritDoc}
*/
- public EntryFilteringCursor list( ListOperationContext listContext ) throws LdapException
- {
- LdapPrincipal user = listContext.getSession().getEffectivePrincipal();
- EntryFilteringCursor cursor = next( listContext );
-
- if ( isPrincipalAnAdministrator( user.getDn() )
- || !directoryService.isAccessControlEnabled() )
- {
- return cursor;
- }
-
- AuthorizationFilter authzFilter = new AuthorizationFilter();
- cursor.addEntryFilter( authzFilter );
-
- return cursor;
- }
-
-
- public EntryFilteringCursor search( NextInterceptor next, SearchOperationContext searchContext ) throws LdapException
+ public EntryFilteringCursor search( SearchOperationContext searchContext ) throws LdapException
{
LdapPrincipal user = searchContext.getSession().getEffectivePrincipal();
Dn principalDn = user.getDn();
- EntryFilteringCursor cursor = next.search( searchContext );
+ EntryFilteringCursor cursor = next( searchContext );
boolean isSubschemaSubentryLookup = subschemaSubentryDn.equals( searchContext.getDn().getNormName() );
SearchControls searchCtls = searchContext.getSearchControls();
- boolean isRootDSELookup = searchContext.getDn().size() == 0
+ boolean isRootDseLookup = searchContext.getDn().size() == 0
&& searchCtls.getSearchScope() == SearchControls.OBJECT_SCOPE;
if ( isPrincipalAnAdministrator( principalDn )
- || !directoryService.isAccessControlEnabled() || isRootDSELookup
+ || !directoryService.isAccessControlEnabled() || isRootDseLookup
|| isSubschemaSubentryLookup )
{
return cursor;
@@ -1255,63 +1260,77 @@ public class AciAuthorizationInterceptor
}
- public final boolean isPrincipalAnAdministrator( Dn principalDn )
- {
- return groupCache.isPrincipalAnAdministrator( principalDn );
- }
-
-
/**
- * {@inheritDoc}
+ * Checks if the READ permissions exist to the entry and to each attribute type and
+ * value.
+ *
+ * @todo not sure if we should hide attribute types/values or throw an exception
+ * instead. I think we're going to have to use a filter to restrict the return
+ * of attribute types and values instead of throwing an exception. Lack of read
+ * perms to attributes and their values results in their removal when returning
+ * the entry.
+ *
+ * @param principal the user associated with the call
+ * @param dn the name of the entry being looked up
+ * @param entry the raw entry pulled from the nexus
+ * @throws Exception if undlying access to the DIT fails
*/
- public boolean compare( CompareOperationContext compareContext ) throws LdapException
+ private void checkLookupAccess( LookupOperationContext lookupContext, Entry entry ) throws LdapException
{
- CoreSession session = compareContext.getSession();
- Dn dn = compareContext.getDn();
- String oid = compareContext.getOid();
-
- Entry entry = compareContext.getOriginalEntry();
-
- LdapPrincipal principal = session.getEffectivePrincipal();
- Dn principalDn = principal.getDn();
+ Dn dn = lookupContext.getDn();
- if ( isPrincipalAnAdministrator( principalDn ) || !directoryService.isAccessControlEnabled() )
+ // no permissions checks on the RootDSE
+ if ( dn.isRootDse() )
{
- return next( compareContext );
+ return;
}
- Set<Dn> userGroups = groupCache.getGroups( principalDn.getNormName() );
+ LdapPrincipal principal = lookupContext.getSession().getEffectivePrincipal();
+ Dn userName = principal.getDn();
+ Set<Dn> userGroups = groupCache.getGroups( userName.getNormName() );
Collection<ACITuple> tuples = new HashSet<ACITuple>();
- addPerscriptiveAciTuples( compareContext, tuples, dn, entry );
+ addPerscriptiveAciTuples( lookupContext, tuples, dn, entry );
addEntryAciTuples( tuples, entry );
- addSubentryAciTuples( compareContext, tuples, dn, entry );
+ addSubentryAciTuples( lookupContext, tuples, dn, entry );
- AciContext aciContext = new AciContext( schemaManager, compareContext );
+ // check that we have read access to the entry
+ AciContext aciContext = new AciContext( schemaManager, lookupContext );
aciContext.setUserGroupNames( userGroups );
- aciContext.setUserDn( principalDn );
+ aciContext.setUserDn( userName );
aciContext.setAuthenticationLevel( principal.getAuthenticationLevel() );
aciContext.setEntryDn( dn );
- aciContext.setMicroOperations( READ_PERMS );
+ aciContext.setMicroOperations( LOOKUP_PERMS );
aciContext.setAciTuples( tuples );
aciContext.setEntry( entry );
engine.checkPermission( aciContext );
- AttributeType attributeType = schemaManager.lookupAttributeTypeRegistry( oid );
+ // check that we have read access to every attribute type and value
+ for ( Attribute attribute : entry )
+ {
- aciContext = new AciContext( schemaManager, compareContext );
- aciContext.setUserGroupNames( userGroups );
- aciContext.setUserDn( principalDn );
- aciContext.setAuthenticationLevel( principal.getAuthenticationLevel() );
- aciContext.setEntryDn( dn );
- aciContext.setAttributeType( attributeType );
- aciContext.setMicroOperations( COMPARE_PERMS );
- aciContext.setAciTuples( tuples );
- aciContext.setEntry( entry );
+ for ( Value<?> value : attribute )
+ {
+ AciContext valueAciContext = new AciContext( schemaManager, lookupContext );
+ valueAciContext.setUserGroupNames( userGroups );
+ valueAciContext.setUserDn( userName );
+ valueAciContext.setAuthenticationLevel( principal.getAuthenticationLevel() );
+ valueAciContext.setEntryDn( dn );
+ valueAciContext.setAttributeType( attribute.getAttributeType() );
+ valueAciContext.setAttrValue( value );
+ valueAciContext.setMicroOperations( READ_PERMS );
+ valueAciContext.setAciTuples( tuples );
+ valueAciContext.setEntry( entry );
- engine.checkPermission( aciContext );
+ engine.checkPermission( valueAciContext );
+ }
+ }
+ }
- return next( compareContext );
+
+ public final boolean isPrincipalAnAdministrator( Dn principalDn )
+ {
+ return groupCache.isPrincipalAnAdministrator( principalDn );
}
@@ -1437,4 +1456,10 @@ public class AciAuthorizationInterceptor
return filter( searchContext, normName, entry );
}
}
+
+
+ private boolean isTheAdministrator( Dn normalizedDn )
+ {
+ return normalizedDn.getNormName().equals( ServerDNConstants.ADMIN_SYSTEM_DN_NORMALIZED );
+ }
}
Modified: directory/apacheds/branches/apacheds-txns/interceptors/authz/src/main/java/org/apache/directory/server/core/authz/DefaultAuthorizationInterceptor.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/apacheds-txns/interceptors/authz/src/main/java/org/apache/directory/server/core/authz/DefaultAuthorizationInterceptor.java?rev=1201297&r1=1201296&r2=1201297&view=diff
==============================================================================
--- directory/apacheds/branches/apacheds-txns/interceptors/authz/src/main/java/org/apache/directory/server/core/authz/DefaultAuthorizationInterceptor.java (original)
+++ directory/apacheds/branches/apacheds-txns/interceptors/authz/src/main/java/org/apache/directory/server/core/authz/DefaultAuthorizationInterceptor.java Sat Nov 12 18:24:38 2011
@@ -29,12 +29,12 @@ import org.apache.directory.server.const
import org.apache.directory.server.core.shared.DefaultCoreSession;
import org.apache.directory.server.core.api.CoreSession;
import org.apache.directory.server.core.api.DirectoryService;
+import org.apache.directory.server.core.api.InterceptorEnum;
import org.apache.directory.server.core.api.LdapPrincipal;
import org.apache.directory.server.core.api.filtering.EntryFilter;
import org.apache.directory.server.core.api.filtering.EntryFilteringCursor;
import org.apache.directory.server.core.api.interceptor.BaseInterceptor;
import org.apache.directory.server.core.api.interceptor.Interceptor;
-import org.apache.directory.server.core.api.interceptor.NextInterceptor;
import org.apache.directory.server.core.api.interceptor.context.DeleteOperationContext;
import org.apache.directory.server.core.api.interceptor.context.ListOperationContext;
import org.apache.directory.server.core.api.interceptor.context.LookupOperationContext;
@@ -95,13 +95,12 @@ public class DefaultAuthorizationInterce
}
}
-
/**
- * Creates a new instance.
+ * Creates a new instance of DefaultAuthorizationInterceptor.
*/
public DefaultAuthorizationInterceptor()
{
- // Nothing to do
+ super( InterceptorEnum.DEFAULT_AUTHORIZATION_INTERCEPTOR );
}
@@ -151,7 +150,9 @@ public class DefaultAuthorizationInterce
// Note:
// Lookup, search and list operations need to be handled using a filter
// and so we need access to the filter service.
-
+ /**
+ * {@inheritDoc}
+ */
public void delete( DeleteOperationContext deleteContext ) throws LdapException
{
if ( deleteContext.getSession().getDirectoryService().isAccessControlEnabled() )
@@ -206,36 +207,63 @@ public class DefaultAuthorizationInterce
}
- private boolean isTheAdministrator( Dn dn )
+ /**
+ * {@inheritDoc}
+ */
+ public EntryFilteringCursor list( ListOperationContext listContext ) throws LdapException
{
- return dn.equals( ADMIN_SYSTEM_DN );
+ EntryFilteringCursor cursor = next( listContext );
+
+ if ( listContext.getSession().getDirectoryService().isAccessControlEnabled() )
+ {
+ return cursor;
+ }
+
+ cursor.addEntryFilter( new DefaultAuthorizationSearchFilter() );
+
+ return cursor;
}
- private boolean isAnAdministrator( Dn dn )
+ /**
+ * {@inheritDoc}
+ */
+ public Entry lookup( LookupOperationContext lookupContext ) throws LdapException
{
- return isTheAdministrator( dn ) || administrators.contains( dn.getNormName() );
+ CoreSession session = lookupContext.getSession();
+ Entry entry = next( lookupContext );
+
+ if ( session.getDirectoryService().isAccessControlEnabled() )
+ {
+ return entry;
+ }
+
+ protectLookUp( session.getEffectivePrincipal().getDn(), lookupContext.getDn() );
+
+ return entry;
}
// ------------------------------------------------------------------------
// Entry Modification Operations
// ------------------------------------------------------------------------
-
/**
* This policy needs to be really tight too because some attributes may take
* part in giving the user permissions to protected resources. We do not want
* users to self access these resources. As far as we're concerned no one but
* the admin needs access.
*/
- public void modify( NextInterceptor nextInterceptor, ModifyOperationContext modifyContext ) throws LdapException
+ /**
+ * {@inheritDoc}
+ */
+ public void modify( ModifyOperationContext modifyContext ) throws LdapException
{
if ( !modifyContext.getSession().getDirectoryService().isAccessControlEnabled() )
{
Dn dn = modifyContext.getDn();
protectModifyAlterations( modifyContext, dn );
- nextInterceptor.modify( modifyContext );
+ next( modifyContext );
// update administrators if we change administrators group
if ( dn.equals( ADMIN_GROUP_DN ) )
@@ -245,8 +273,88 @@ public class DefaultAuthorizationInterce
}
else
{
- nextInterceptor.modify( modifyContext );
+ next( modifyContext );
+ }
+ }
+
+
+ /**
+ * {@inheritDoc}
+ */
+ public void move( MoveOperationContext moveContext ) throws LdapException
+ {
+ if ( !moveContext.getSession().getDirectoryService().isAccessControlEnabled() )
+ {
+ protectDnAlterations( moveContext, moveContext.getDn() );
+ }
+
+ next( moveContext );
+ }
+
+
+ /**
+ * {@inheritDoc}
+ */
+ public void moveAndRename( MoveAndRenameOperationContext moveAndRenameContext ) throws LdapException
+ {
+ if ( !moveAndRenameContext.getSession().getDirectoryService().isAccessControlEnabled() )
+ {
+ protectDnAlterations( moveAndRenameContext, moveAndRenameContext.getDn() );
+ }
+
+ next( moveAndRenameContext );
+ }
+
+
+ // ------------------------------------------------------------------------
+ // Dn altering operations are a no no for any user entry. Basically here
+ // are the rules of conduct to follow:
+ //
+ // o No user should have the ability to move or rename their entry
+ // o Only the administrator can move or rename non-admin user entries
+ // o The administrator entry cannot be moved or renamed by anyone
+ // ------------------------------------------------------------------------
+ /**
+ * {@inheritDoc}
+ */
+ public void rename( RenameOperationContext renameContext ) throws LdapException
+ {
+ if ( !renameContext.getSession().getDirectoryService().isAccessControlEnabled() )
+ {
+ protectDnAlterations( renameContext, renameContext.getDn() );
}
+
+ next( renameContext );
+ }
+
+
+ /**
+ * {@inheritDoc}
+ */
+ public EntryFilteringCursor search( SearchOperationContext searchContext ) throws LdapException
+ {
+ EntryFilteringCursor cursor = next( searchContext );
+
+ if ( searchContext.getSession().getDirectoryService().isAccessControlEnabled() )
+ {
+ return cursor;
+ }
+
+ cursor.addEntryFilter( new DefaultAuthorizationSearchFilter() );
+
+ return cursor;
+ }
+
+
+ private boolean isTheAdministrator( Dn dn )
+ {
+ return dn.equals( ADMIN_SYSTEM_DN );
+ }
+
+
+ private boolean isAnAdministrator( Dn dn )
+ {
+ return isTheAdministrator( dn ) || administrators.contains( dn.getNormName() );
}
@@ -296,51 +404,6 @@ public class DefaultAuthorizationInterce
}
- // ------------------------------------------------------------------------
- // Dn altering operations are a no no for any user entry. Basically here
- // are the rules of conduct to follow:
- //
- // o No user should have the ability to move or rename their entry
- // o Only the administrator can move or rename non-admin user entries
- // o The administrator entry cannot be moved or renamed by anyone
- // ------------------------------------------------------------------------
-
- public void rename( NextInterceptor nextInterceptor, RenameOperationContext renameContext ) throws LdapException
- {
- if ( !renameContext.getSession().getDirectoryService().isAccessControlEnabled() )
- {
- protectDnAlterations( renameContext, renameContext.getDn() );
- }
-
- nextInterceptor.rename( renameContext );
- }
-
-
- /**
- * {@inheritDoc}
- */
- public void move( NextInterceptor nextInterceptor, MoveOperationContext moveContext ) throws LdapException
- {
- if ( !moveContext.getSession().getDirectoryService().isAccessControlEnabled() )
- {
- protectDnAlterations( moveContext, moveContext.getDn() );
- }
-
- nextInterceptor.move( moveContext );
- }
-
-
- public void moveAndRename( NextInterceptor nextInterceptor, MoveAndRenameOperationContext moveAndRenameContext ) throws LdapException
- {
- if ( !moveAndRenameContext.getSession().getDirectoryService().isAccessControlEnabled() )
- {
- protectDnAlterations( moveAndRenameContext, moveAndRenameContext.getDn() );
- }
-
- nextInterceptor.moveAndRename( moveAndRenameContext );
- }
-
-
private void protectDnAlterations( OperationContext opCtx, Dn dn ) throws LdapException
{
Dn principalDn = getPrincipal( opCtx ).getDn();
@@ -382,22 +445,6 @@ public class DefaultAuthorizationInterce
}
- public Entry lookup( LookupOperationContext lookupContext ) throws LdapException
- {
- CoreSession session = lookupContext.getSession();
- Entry entry = next( lookupContext );
-
- if ( session.getDirectoryService().isAccessControlEnabled() )
- {
- return entry;
- }
-
- protectLookUp( session.getEffectivePrincipal().getDn(), lookupContext.getDn() );
-
- return entry;
- }
-
-
private void protectLookUp( Dn principalDn, Dn normalizedDn ) throws LdapException
{
if ( !isAnAdministrator( principalDn ) )
@@ -447,39 +494,6 @@ public class DefaultAuthorizationInterce
}
- public EntryFilteringCursor search( NextInterceptor nextInterceptor, SearchOperationContext searchContext ) throws LdapException
- {
- EntryFilteringCursor cursor = nextInterceptor.search( searchContext );
-
- if ( searchContext.getSession().getDirectoryService().isAccessControlEnabled() )
- {
- return cursor;
- }
-
- cursor.addEntryFilter( new DefaultAuthorizationSearchFilter() );
-
- return cursor;
- }
-
-
- /**
- * {@inheritDoc}
- */
- public EntryFilteringCursor list( ListOperationContext listContext ) throws LdapException
- {
- EntryFilteringCursor cursor = next( listContext );
-
- if ( listContext.getSession().getDirectoryService().isAccessControlEnabled() )
- {
- return cursor;
- }
-
- cursor.addEntryFilter( new DefaultAuthorizationSearchFilter() );
-
- return cursor;
- }
-
-
// False positive, we want to keep the comment
@SuppressWarnings("PMD.CollapsibleIfStatements")
private boolean isSearchable( OperationContext opContext, Entry entry ) throws Exception
Modified: directory/apacheds/branches/apacheds-txns/interceptors/authz/src/main/java/org/apache/directory/server/core/authz/support/MaxImmSubFilter.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/apacheds-txns/interceptors/authz/src/main/java/org/apache/directory/server/core/authz/support/MaxImmSubFilter.java?rev=1201297&r1=1201296&r2=1201297&view=diff
==============================================================================
--- directory/apacheds/branches/apacheds-txns/interceptors/authz/src/main/java/org/apache/directory/server/core/authz/support/MaxImmSubFilter.java (original)
+++ directory/apacheds/branches/apacheds-txns/interceptors/authz/src/main/java/org/apache/directory/server/core/authz/support/MaxImmSubFilter.java Sat Nov 12 18:24:38 2011
@@ -83,7 +83,7 @@ public class MaxImmSubFilter implements
{
ACI_LOG.debug( "Filtering MaxImmSub..." );
- if ( aciContext.getEntryDn().isRootDSE() )
+ if ( aciContext.getEntryDn().isRootDse() )
{
return aciContext.getAciTuples();
}
Propchange: directory/apacheds/branches/apacheds-txns/interceptors/changelog/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Sat Nov 12 18:24:38 2011
@@ -1 +1 @@
-/directory/apacheds/trunk/interceptors/changelog:1183435-1200383
+/directory/apacheds/trunk/interceptors/changelog:1183435-1201283
Modified: directory/apacheds/branches/apacheds-txns/interceptors/changelog/src/main/java/org/apache/directory/server/core/changelog/ChangeLogInterceptor.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/apacheds-txns/interceptors/changelog/src/main/java/org/apache/directory/server/core/changelog/ChangeLogInterceptor.java?rev=1201297&r1=1201296&r2=1201297&view=diff
==============================================================================
--- directory/apacheds/branches/apacheds-txns/interceptors/changelog/src/main/java/org/apache/directory/server/core/changelog/ChangeLogInterceptor.java (original)
+++ directory/apacheds/branches/apacheds-txns/interceptors/changelog/src/main/java/org/apache/directory/server/core/changelog/ChangeLogInterceptor.java Sat Nov 12 18:24:38 2011
@@ -26,11 +26,11 @@ import org.apache.directory.server.const
import org.apache.directory.server.constants.ServerDNConstants;
import org.apache.directory.server.core.api.CoreSession;
import org.apache.directory.server.core.api.DirectoryService;
+import org.apache.directory.server.core.api.InterceptorEnum;
import org.apache.directory.server.core.api.changelog.ChangeLog;
import org.apache.directory.server.core.api.entry.ClonedServerEntry;
import org.apache.directory.server.core.api.entry.ServerEntryUtils;
import org.apache.directory.server.core.api.interceptor.BaseInterceptor;
-import org.apache.directory.server.core.api.interceptor.NextInterceptor;
import org.apache.directory.server.core.api.interceptor.context.AddOperationContext;
import org.apache.directory.server.core.api.interceptor.context.DeleteOperationContext;
import org.apache.directory.server.core.api.interceptor.context.LookupOperationContext;
@@ -65,23 +65,31 @@ public class ChangeLogInterceptor extend
{
/** for debugging */
private static final Logger LOG = LoggerFactory.getLogger( ChangeLogInterceptor.class );
-
+
/** used to ignore modify operations to tombstone entries */
private AttributeType entryDeleted;
-
+
/** the changelog service to log changes to */
private ChangeLog changeLog;
-
+
/** OID of the 'rev' attribute used in changeLogEvent and tag objectclasses */
private static final String REV_AT_OID = "1.3.6.1.4.1.18060.0.4.1.2.47";
+
+
+ /**
+ * Creates a new instance of a ChangeLogInterceptor.
+ */
+ public ChangeLogInterceptor()
+ {
+ super( InterceptorEnum.CHANGE_LOG_INTERCEPTOR );
+ }
+
// -----------------------------------------------------------------------
// Overridden init() and destroy() methods
// -----------------------------------------------------------------------
-
-
/**
- * The init method will initialize the local variables and load the
+ * The init method will initialize the local variables and load the
* entryDeleted AttributeType.
*/
public void init( DirectoryService directoryService ) throws LdapException
@@ -90,16 +98,19 @@ public class ChangeLogInterceptor extend
changeLog = directoryService.getChangeLog();
entryDeleted = directoryService.getSchemaManager()
- .getAttributeType( ApacheSchemaConstants.ENTRY_DELETED_AT_OID );
+ .getAttributeType( ApacheSchemaConstants.ENTRY_DELETED_AT_OID );
}
// -----------------------------------------------------------------------
// Overridden (only change inducing) intercepted methods
// -----------------------------------------------------------------------
- public void add( NextInterceptor next, AddOperationContext addContext ) throws LdapException
+ /**
+ * {@inheritDoc}
+ */
+ public void add( AddOperationContext addContext ) throws LdapException
{
- next.add( addContext );
+ next( addContext );
if ( !changeLog.isEnabled() )
{
@@ -111,9 +122,9 @@ public class ChangeLogInterceptor extend
// we don't want to record addition of a tag as a change
if ( addEntry.get( REV_AT_OID ) != null )
{
- return;
+ return;
}
-
+
LdifEntry forward = new LdifEntry();
forward.setChangeType( ChangeType.Add );
forward.setDn( addContext.getDn() );
@@ -123,7 +134,7 @@ public class ChangeLogInterceptor extend
AttributeType attributeType = attribute.getAttributeType();
forward.addAttribute( addEntry.get( attributeType).clone() );
}
-
+
LdifEntry reverse = LdifRevertor.reverseAdd( addContext.getDn() );
addContext.setChangeLogEvent( changeLog.log( getPrincipal( addContext ), forward, reverse ) );
}
@@ -133,6 +144,9 @@ public class ChangeLogInterceptor extend
* The delete operation has to be stored with a way to restore the deleted element.
* There is no way to do that but reading the entry and dump it into the LOG.
*/
+ /**
+ * {@inheritDoc}
+ */
public void delete( DeleteOperationContext deleteContext ) throws LdapException
{
// @todo make sure we're not putting in operational attributes that cannot be user modified
@@ -154,22 +168,22 @@ public class ChangeLogInterceptor extend
// we don't want to record deleting a tag as a change
if( serverEntry.get( REV_AT_OID ) != null )
{
- return;
+ return;
}
LdifEntry forward = new LdifEntry();
forward.setChangeType( ChangeType.Delete );
forward.setDn( deleteContext.getDn() );
-
+
Entry reverseEntry = new DefaultEntry( serverEntry.getDn() );
-
+
boolean isCollectiveSubentry = serverEntry.hasObjectClass( SchemaConstants.COLLECTIVE_ATTRIBUTE_SUBENTRY_OC );
for ( Attribute attribute : serverEntry )
{
// filter collective attributes, they can't be added by the revert operation
AttributeType at = schemaManager.lookupAttributeTypeRegistry( attribute.getId() );
-
+
if ( !at.isCollective() || isCollectiveSubentry )
{
reverseEntry.add( attribute.clone() );
@@ -182,38 +196,9 @@ public class ChangeLogInterceptor extend
/**
- * Gets attributes required for modifications.
- *
- * @param dn the dn of the entry to get
- * @return the entry's attributes (may be immutable if the schema subentry)
- * @throws Exception on error accessing the entry's attributes
- */
- private Entry getAttributes( OperationContext opContext ) throws LdapException
- {
- Dn dn = opContext.getDn();
- Entry serverEntry;
-
- // @todo make sure we're not putting in operational attributes that cannot be user modified
- if ( dn.equals( ServerDNConstants.CN_SCHEMA_DN ) )
- {
- return SchemaService.getSubschemaEntryCloned( directoryService );
- }
- else
- {
- CoreSession session = opContext.getSession();
- LookupOperationContext lookupContext = new LookupOperationContext( session, dn );
- lookupContext.setAttrsId( SchemaConstants.ALL_ATTRIBUTES_ARRAY );
- serverEntry = directoryService.getPartitionNexus().lookup( lookupContext );
- }
-
- return serverEntry;
- }
-
-
- /**
- *
+ * {@inheritDoc}
*/
- public void modify( NextInterceptor next, ModifyOperationContext modifyContext ) throws LdapException
+ public void modify( ModifyOperationContext modifyContext ) throws LdapException
{
Entry serverEntry = null;
Modification modification = ServerEntryUtils.getModificationItem( modifyContext.getModItems(), entryDeleted );
@@ -224,9 +209,9 @@ public class ChangeLogInterceptor extend
// @todo make sure we're not putting in operational attributes that cannot be user modified
serverEntry = getAttributes( modifyContext );
}
-
+
// Duplicate modifications so that the reverse does not contain the operational attributes
- List<Modification> clonedMods = new ArrayList<Modification>();
+ List<Modification> clonedMods = new ArrayList<Modification>();
for ( Modification mod : modifyContext.getModItems() )
{
@@ -234,76 +219,64 @@ public class ChangeLogInterceptor extend
}
// Call the next interceptor
- next.modify( modifyContext );
+ next( modifyContext );
// @TODO: needs big consideration!!!
// NOTE: perhaps we need to log this as a system operation that cannot and should not be reapplied?
- if (
- isDelete ||
- ! changeLog.isEnabled() ||
-
- // if there are no modifications due to stripping out bogus non-
- // existing attributes then we will have no modification items and
- // should ignore not this without registering it with the changelog
-
- modifyContext.getModItems().size() == 0 )
+ if (
+ isDelete ||
+ ! changeLog.isEnabled() ||
+
+ // if there are no modifications due to stripping out bogus non-
+ // existing attributes then we will have no modification items and
+ // should ignore not this without registering it with the changelog
+
+ modifyContext.getModItems().size() == 0 )
{
if ( isDelete )
{
LOG.debug( "Bypassing changelog on modify of entryDeleted attribute." );
}
-
+
return;
}
LdifEntry forward = new LdifEntry();
forward.setChangeType( ChangeType.Modify );
forward.setDn( modifyContext.getDn() );
-
+
List<Modification> mods = new ArrayList<Modification>( clonedMods.size() );
-
+
for ( Modification modItem : clonedMods )
{
// TODO: handle correctly http://issues.apache.org/jira/browse/DIRSERVER-1198
mods.add( modItem );
-
+
forward.addModification( modItem );
}
-
+
Entry clientEntry = new DefaultEntry( serverEntry.getDn() );
-
+
for ( Attribute attribute:serverEntry )
{
clientEntry.add( attribute.clone() );
}
- LdifEntry reverse = LdifRevertor.reverseModify(
- modifyContext.getDn(),
- mods,
+ LdifEntry reverse = LdifRevertor.reverseModify(
+ modifyContext.getDn(),
+ mods,
clientEntry );
-
+
modifyContext.setChangeLogEvent( changeLog.log( getPrincipal( modifyContext ), forward, reverse ) );
}
- // -----------------------------------------------------------------------
- // Though part left as an exercise (Not Any More!)
- // -----------------------------------------------------------------------
-
-
- public void rename ( NextInterceptor next, RenameOperationContext renameContext ) throws LdapException
+ /**
+ * {@inheritDoc}
+ */
+ public void move( MoveOperationContext moveContext ) throws LdapException
{
- Entry serverEntry = null;
-
- if ( renameContext.getEntry() != null )
- {
- serverEntry = ((ClonedServerEntry)renameContext.getEntry()).getOriginalEntry();
- }
-
- next.rename( renameContext );
-
- // After this point, the entry has been modified. The cloned entry contains
- // the modified entry, the originalEntry has changed
+ next( moveContext );
if ( !changeLog.isEnabled() )
{
@@ -311,30 +284,29 @@ public class ChangeLogInterceptor extend
}
LdifEntry forward = new LdifEntry();
- forward.setChangeType( ChangeType.ModRdn );
- forward.setDn( renameContext.getDn() );
- forward.setNewRdn( renameContext.getNewRdn().getName() );
- forward.setDeleteOldRdn( renameContext.getDeleteOldRdn() );
+ forward.setChangeType( ChangeType.ModDn );
+ forward.setDn( moveContext.getDn() );
+ forward.setNewSuperior( moveContext.getNewSuperior().getName() );
- List<LdifEntry> reverses = LdifRevertor.reverseRename(
- serverEntry, renameContext.getNewRdn(), renameContext.getDeleteOldRdn() );
-
- renameContext.setChangeLogEvent( changeLog.log( getPrincipal( renameContext ), forward, reverses ) );
+ LdifEntry reverse = LdifRevertor.reverseMove(moveContext.getNewSuperior(), moveContext.getDn());
+ moveContext.setChangeLogEvent( changeLog.log( getPrincipal( moveContext ), forward, reverse ) );
}
- public void moveAndRename( NextInterceptor next, MoveAndRenameOperationContext moveAndRenameContext )
- throws LdapException
+ /**
+ * {@inheritDoc}
+ */
+ public void moveAndRename( MoveAndRenameOperationContext moveAndRenameContext ) throws LdapException
{
Entry serverEntry = null;
-
+
if ( changeLog.isEnabled() )
{
// @todo make sure we're not putting in operational attributes that cannot be user modified
serverEntry = moveAndRenameContext.getOriginalEntry();
}
- next.moveAndRename( moveAndRenameContext );
+ next( moveAndRenameContext );
if ( !changeLog.isEnabled() )
{
@@ -347,17 +319,17 @@ public class ChangeLogInterceptor extend
forward.setDeleteOldRdn( moveAndRenameContext.getDeleteOldRdn() );
forward.setNewRdn( moveAndRenameContext.getNewRdn().getName() );
forward.setNewSuperior( moveAndRenameContext.getNewSuperiorDn().getName() );
-
- List<LdifEntry> reverses = LdifRevertor.reverseMoveAndRename(
+
+ List<LdifEntry> reverses = LdifRevertor.reverseMoveAndRename(
serverEntry, moveAndRenameContext.getNewSuperiorDn(), moveAndRenameContext.getNewRdn(), false );
-
+
if ( moveAndRenameContext.isReferralIgnored() )
{
forward.addControl( new ManageDsaITImpl() );
LdifEntry reversedEntry = reverses.get( 0 );
reversedEntry.addControl( new ManageDsaITImpl() );
}
-
+
moveAndRenameContext.setChangeLogEvent( changeLog.log( getPrincipal( moveAndRenameContext ), forward, reverses ) );
}
@@ -365,9 +337,19 @@ public class ChangeLogInterceptor extend
/**
* {@inheritDoc}
*/
- public void move( NextInterceptor next, MoveOperationContext moveContext ) throws LdapException
+ public void rename( RenameOperationContext renameContext ) throws LdapException
{
- next.move( moveContext );
+ Entry serverEntry = null;
+
+ if ( renameContext.getEntry() != null )
+ {
+ serverEntry = ((ClonedServerEntry)renameContext.getEntry()).getOriginalEntry();
+ }
+
+ next( renameContext );
+
+ // After this point, the entry has been modified. The cloned entry contains
+ // the modified entry, the originalEntry has changed
if ( !changeLog.isEnabled() )
{
@@ -375,11 +357,43 @@ public class ChangeLogInterceptor extend
}
LdifEntry forward = new LdifEntry();
- forward.setChangeType( ChangeType.ModDn );
- forward.setDn( moveContext.getDn() );
- forward.setNewSuperior( moveContext.getNewSuperior().getName() );
+ forward.setChangeType( ChangeType.ModRdn );
+ forward.setDn( renameContext.getDn() );
+ forward.setNewRdn( renameContext.getNewRdn().getName() );
+ forward.setDeleteOldRdn( renameContext.getDeleteOldRdn() );
- LdifEntry reverse = LdifRevertor.reverseMove(moveContext.getNewSuperior(), moveContext.getDn());
- moveContext.setChangeLogEvent( changeLog.log( getPrincipal( moveContext ), forward, reverse ) );
+ List<LdifEntry> reverses = LdifRevertor.reverseRename(
+ serverEntry, renameContext.getNewRdn(), renameContext.getDeleteOldRdn() );
+
+ renameContext.setChangeLogEvent( changeLog.log( getPrincipal( renameContext ), forward, reverses ) );
+ }
+
+
+ /**
+ * Gets attributes required for modifications.
+ *
+ * @param dn the dn of the entry to get
+ * @return the entry's attributes (may be immutable if the schema subentry)
+ * @throws Exception on error accessing the entry's attributes
+ */
+ private Entry getAttributes( OperationContext opContext ) throws LdapException
+ {
+ Dn dn = opContext.getDn();
+ Entry serverEntry;
+
+ // @todo make sure we're not putting in operational attributes that cannot be user modified
+ if ( dn.equals( ServerDNConstants.CN_SCHEMA_DN ) )
+ {
+ return SchemaService.getSubschemaEntryCloned( directoryService );
+ }
+ else
+ {
+ CoreSession session = opContext.getSession();
+ LookupOperationContext lookupContext = new LookupOperationContext( session, dn );
+ lookupContext.setAttrsId( SchemaConstants.ALL_ATTRIBUTES_ARRAY );
+ serverEntry = directoryService.getPartitionNexus().lookup( lookupContext );
+ }
+
+ return serverEntry;
}
}
Propchange: directory/apacheds/branches/apacheds-txns/interceptors/collective/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Sat Nov 12 18:24:38 2011
@@ -1 +1 @@
-/directory/apacheds/trunk/interceptors/collective:1183435-1200383
+/directory/apacheds/trunk/interceptors/collective:1183435-1201283
Modified: directory/apacheds/branches/apacheds-txns/interceptors/collective/src/main/java/org/apache/directory/server/core/collective/CollectiveAttributeInterceptor.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/apacheds-txns/interceptors/collective/src/main/java/org/apache/directory/server/core/collective/CollectiveAttributeInterceptor.java?rev=1201297&r1=1201296&r2=1201297&view=diff
==============================================================================
--- directory/apacheds/branches/apacheds-txns/interceptors/collective/src/main/java/org/apache/directory/server/core/collective/CollectiveAttributeInterceptor.java (original)
+++ directory/apacheds/branches/apacheds-txns/interceptors/collective/src/main/java/org/apache/directory/server/core/collective/CollectiveAttributeInterceptor.java Sat Nov 12 18:24:38 2011
@@ -26,11 +26,11 @@ import java.util.Set;
import org.apache.directory.server.core.api.CoreSession;
import org.apache.directory.server.core.api.DirectoryService;
+import org.apache.directory.server.core.api.InterceptorEnum;
import org.apache.directory.server.core.api.entry.ClonedServerEntry;
import org.apache.directory.server.core.api.filtering.EntryFilter;
import org.apache.directory.server.core.api.filtering.EntryFilteringCursor;
import org.apache.directory.server.core.api.interceptor.BaseInterceptor;
-import org.apache.directory.server.core.api.interceptor.NextInterceptor;
import org.apache.directory.server.core.api.interceptor.context.AddOperationContext;
import org.apache.directory.server.core.api.interceptor.context.ListOperationContext;
import org.apache.directory.server.core.api.interceptor.context.LookupOperationContext;
@@ -72,6 +72,15 @@ public class CollectiveAttributeIntercep
private static Logger LOG = LoggerFactory.getLogger( CollectiveAttributeInterceptor.class );
/**
+ * Creates a new instance of a CollectiveAttributeInterceptor.
+ */
+ public CollectiveAttributeInterceptor()
+ {
+ super( InterceptorEnum.COLLECTIVE_ATTRIBUTE_INTERCEPTOR );
+ }
+
+
+ /**
* the search result filter to use for collective attribute injection
*/
private class CollectiveAttributeFilter implements EntryFilter
@@ -109,11 +118,11 @@ public class CollectiveAttributeIntercep
/**
* {@inheritDoc}
*/
- public void add( NextInterceptor next, AddOperationContext addContext ) throws LdapException
+ public void add( AddOperationContext addContext ) throws LdapException
{
checkAdd( addContext.getDn(), addContext.getEntry() );
- next.add( addContext );
+ next( addContext );
}
@@ -154,20 +163,20 @@ public class CollectiveAttributeIntercep
/**
* {@inheritDoc}
*/
- public void modify( NextInterceptor next, ModifyOperationContext modifyContext ) throws LdapException
+ public void modify( ModifyOperationContext modifyContext ) throws LdapException
{
checkModify( modifyContext );
- next.modify( modifyContext );
+ next( modifyContext );
}
/**
* {@inheritDoc}
*/
- public EntryFilteringCursor search( NextInterceptor nextInterceptor, SearchOperationContext searchContext ) throws LdapException
+ public EntryFilteringCursor search( SearchOperationContext searchContext ) throws LdapException
{
- EntryFilteringCursor cursor = nextInterceptor.search( searchContext );
+ EntryFilteringCursor cursor = next( searchContext );
cursor.addEntryFilter( SEARCH_FILTER );
Propchange: directory/apacheds/branches/apacheds-txns/interceptors/event/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Sat Nov 12 18:24:38 2011
@@ -1 +1 @@
-/directory/apacheds/trunk/interceptors/event:1183435-1200383
+/directory/apacheds/trunk/interceptors/event:1183435-1201283
Modified: directory/apacheds/branches/apacheds-txns/interceptors/event/src/main/java/org/apache/directory/server/core/event/EventInterceptor.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/apacheds-txns/interceptors/event/src/main/java/org/apache/directory/server/core/event/EventInterceptor.java?rev=1201297&r1=1201296&r2=1201297&view=diff
==============================================================================
--- directory/apacheds/branches/apacheds-txns/interceptors/event/src/main/java/org/apache/directory/server/core/event/EventInterceptor.java (original)
+++ directory/apacheds/branches/apacheds-txns/interceptors/event/src/main/java/org/apache/directory/server/core/event/EventInterceptor.java Sat Nov 12 18:24:38 2011
@@ -30,6 +30,7 @@ import java.util.concurrent.TimeUnit;
import org.apache.directory.server.core.api.CoreSession;
import org.apache.directory.server.core.api.DirectoryService;
+import org.apache.directory.server.core.api.InterceptorEnum;
import org.apache.directory.server.core.api.entry.ClonedServerEntry;
import org.apache.directory.server.core.api.event.DirectoryListener;
import org.apache.directory.server.core.api.event.Evaluator;
@@ -38,7 +39,6 @@ import org.apache.directory.server.core.
import org.apache.directory.server.core.api.event.NotificationCriteria;
import org.apache.directory.server.core.api.event.RegistrationEntry;
import org.apache.directory.server.core.api.interceptor.BaseInterceptor;
-import org.apache.directory.server.core.api.interceptor.NextInterceptor;
import org.apache.directory.server.core.api.interceptor.context.AddOperationContext;
import org.apache.directory.server.core.api.interceptor.context.DeleteOperationContext;
import org.apache.directory.server.core.api.interceptor.context.LookupOperationContext;
@@ -67,11 +67,19 @@ public class EventInterceptor extends Ba
{
/** A logger for this class */
private final static Logger LOG = LoggerFactory.getLogger( EventInterceptor.class );
-
+
private Evaluator evaluator;
private ExecutorService executor;
-
+ /**
+ * Creates a new instance of a EventInterceptor.
+ */
+ public EventInterceptor()
+ {
+ super( InterceptorEnum.EVENT_INTERCEPTOR );
+ }
+
+
/**
* Initialize the event interceptor. It creates a pool of executor which will be used
* to call the listeners in separate threads.
@@ -105,9 +113,9 @@ public class EventInterceptor extends Ba
listener.entryAdded( ( AddOperationContext ) opContext );
}
} );
-
+
break;
-
+
case DELETE:
executor.execute( new Runnable()
{
@@ -116,9 +124,9 @@ public class EventInterceptor extends Ba
listener.entryDeleted( ( DeleteOperationContext ) opContext );
}
} );
-
+
break;
-
+
case MODIFY:
executor.execute( new Runnable()
{
@@ -127,9 +135,9 @@ public class EventInterceptor extends Ba
listener.entryModified( ( ModifyOperationContext ) opContext );
}
} );
-
+
break;
-
+
case MOVE:
executor.execute( new Runnable()
{
@@ -138,7 +146,7 @@ public class EventInterceptor extends Ba
listener.entryMoved( ( MoveOperationContext ) opContext );
}
} );
-
+
break;
case RENAME:
@@ -149,7 +157,7 @@ public class EventInterceptor extends Ba
listener.entryRenamed( ( RenameOperationContext ) opContext );
}
} );
-
+
break;
}
}
@@ -158,10 +166,10 @@ public class EventInterceptor extends Ba
/**
* {@inheritDoc}
*/
- public void add( NextInterceptor next, final AddOperationContext addContext ) throws LdapException
+ public void add( final AddOperationContext addContext ) throws LdapException
{
- next.add( addContext );
-
+ next( addContext );
+
List<RegistrationEntry> selecting = getSelectingRegistrations( addContext.getDn(), addContext.getEntry() );
if ( selecting.isEmpty() )
@@ -205,13 +213,13 @@ public class EventInterceptor extends Ba
/**
* {@inheritDoc}
*/
- public void modify( NextInterceptor next, final ModifyOperationContext modifyContext ) throws LdapException
+ public void modify( final ModifyOperationContext modifyContext ) throws LdapException
{
Entry oriEntry = modifyContext.getEntry();
List<RegistrationEntry> selecting = getSelectingRegistrations( modifyContext.getDn(), oriEntry );
- next.modify( modifyContext );
+ next( modifyContext );
if ( selecting.isEmpty() )
{
@@ -222,7 +230,7 @@ public class EventInterceptor extends Ba
CoreSession session = modifyContext.getSession();
LookupOperationContext lookupContext = new LookupOperationContext( session, modifyContext.getDn() );
lookupContext.setAttrsId( SchemaConstants.ALL_ATTRIBUTES_ARRAY );
-
+
Entry alteredEntry = directoryService.getPartitionNexus().lookup( lookupContext );
modifyContext.setAlteredEntry( alteredEntry );
@@ -239,31 +247,23 @@ public class EventInterceptor extends Ba
/**
* {@inheritDoc}
*/
- public void rename( NextInterceptor next, RenameOperationContext renameContext ) throws LdapException
+ public void move( MoveOperationContext moveContext ) throws LdapException
{
- Entry oriEntry = ((ClonedServerEntry)renameContext.getEntry()).getOriginalEntry();
- List<RegistrationEntry> selecting = getSelectingRegistrations( renameContext.getDn(), oriEntry );
+ Entry oriEntry = moveContext.getOriginalEntry();
+ List<RegistrationEntry> selecting = getSelectingRegistrations( moveContext.getDn(), oriEntry );
- next.rename( renameContext );
+ next( moveContext );
if ( selecting.isEmpty() )
{
return;
}
- // Get the modifed entry
- CoreSession session = renameContext.getSession();
- LookupOperationContext lookupContext = new LookupOperationContext( session, renameContext.getNewDn() );
- lookupContext.setAttrsId( SchemaConstants.ALL_ATTRIBUTES_ARRAY );
-
- Entry alteredEntry = directoryService.getPartitionNexus().lookup( lookupContext );
- renameContext.setModifiedEntry( alteredEntry );
-
for ( final RegistrationEntry registration : selecting )
{
- if ( EventType.isRename( registration.getCriteria().getEventMask() ) )
+ if ( EventType.isMove( registration.getCriteria().getEventMask() ) )
{
- fire( renameContext, EventType.RENAME, registration.getListener() );
+ fire( moveContext, EventType.MOVE, registration.getListener() );
}
}
}
@@ -272,11 +272,11 @@ public class EventInterceptor extends Ba
/**
* {@inheritDoc}
*/
- public void moveAndRename( NextInterceptor next, final MoveAndRenameOperationContext moveAndRenameContext ) throws LdapException
+ public void moveAndRename( final MoveAndRenameOperationContext moveAndRenameContext ) throws LdapException
{
Entry oriEntry = moveAndRenameContext.getOriginalEntry();
List<RegistrationEntry> selecting = getSelectingRegistrations( moveAndRenameContext.getDn(), oriEntry );
- next.moveAndRename( moveAndRenameContext );
+ next( moveAndRenameContext );
if ( selecting.isEmpty() )
{
@@ -302,23 +302,31 @@ public class EventInterceptor extends Ba
/**
* {@inheritDoc}
*/
- public void move( NextInterceptor next, MoveOperationContext moveContext ) throws LdapException
+ public void rename( RenameOperationContext renameContext ) throws LdapException
{
- Entry oriEntry = moveContext.getOriginalEntry();
- List<RegistrationEntry> selecting = getSelectingRegistrations( moveContext.getDn(), oriEntry );
+ Entry oriEntry = ((ClonedServerEntry)renameContext.getEntry()).getOriginalEntry();
+ List<RegistrationEntry> selecting = getSelectingRegistrations( renameContext.getDn(), oriEntry );
- next.move( moveContext );
+ next( renameContext );
if ( selecting.isEmpty() )
{
return;
}
+ // Get the modifed entry
+ CoreSession session = renameContext.getSession();
+ LookupOperationContext lookupContext = new LookupOperationContext( session, renameContext.getNewDn() );
+ lookupContext.setAttrsId( SchemaConstants.ALL_ATTRIBUTES_ARRAY );
+
+ Entry alteredEntry = directoryService.getPartitionNexus().lookup( lookupContext );
+ renameContext.setModifiedEntry( alteredEntry );
+
for ( final RegistrationEntry registration : selecting )
{
- if ( EventType.isMove( registration.getCriteria().getEventMask() ) )
+ if ( EventType.isRename( registration.getCriteria().getEventMask() ) )
{
- fire( moveContext, EventType.MOVE, registration.getListener() );
+ fire( renameContext, EventType.RENAME, registration.getListener() );
}
}
}
Propchange: directory/apacheds/branches/apacheds-txns/interceptors/exception/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Sat Nov 12 18:24:38 2011
@@ -1 +1 @@
-/directory/apacheds/trunk/interceptors/exception:1183435-1200383
+/directory/apacheds/trunk/interceptors/exception:1183435-1201283