You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by el...@apache.org on 2011/11/10 17:21:16 UTC
svn commit: r1200408 [3/5] - in /directory/apacheds/branches/apacheds-txns:
core-api/ core-api/src/main/java/org/apache/directory/server/core/api/
core-api/src/main/java/org/apache/directory/server/core/api/interceptor/
core-api/src/main/java/org/apach...
Modified: directory/apacheds/branches/apacheds-txns/core-jndi/src/main/java/org/apache/directory/server/core/jndi/ServerLdapContext.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/apacheds-txns/core-jndi/src/main/java/org/apache/directory/server/core/jndi/ServerLdapContext.java?rev=1200408&r1=1200407&r2=1200408&view=diff
==============================================================================
--- directory/apacheds/branches/apacheds-txns/core-jndi/src/main/java/org/apache/directory/server/core/jndi/ServerLdapContext.java (original)
+++ directory/apacheds/branches/apacheds-txns/core-jndi/src/main/java/org/apache/directory/server/core/jndi/ServerLdapContext.java Thu Nov 10 16:21:12 2011
@@ -285,6 +285,7 @@ public class ServerLdapContext extends S
public void ldapUnbind() throws NamingException
{
UnbindOperationContext opCtx = new UnbindOperationContext( getSession() );
+
try
{
opCtx.addRequestControls( JndiUtils.fromJndiControls( getDirectoryService().getLdapCodecService(),
Modified: directory/apacheds/branches/apacheds-txns/core/src/main/java/org/apache/directory/server/core/DefaultDirectoryService.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/apacheds-txns/core/src/main/java/org/apache/directory/server/core/DefaultDirectoryService.java?rev=1200408&r1=1200407&r2=1200408&view=diff
==============================================================================
--- directory/apacheds/branches/apacheds-txns/core/src/main/java/org/apache/directory/server/core/DefaultDirectoryService.java (original)
+++ directory/apacheds/branches/apacheds-txns/core/src/main/java/org/apache/directory/server/core/DefaultDirectoryService.java Thu Nov 10 16:21:12 2011
@@ -26,14 +26,21 @@ import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.RandomAccessFile;
import java.io.StringReader;
+import java.lang.reflect.Method;
import java.nio.channels.FileLock;
import java.nio.channels.OverlappingFileLockException;
import java.util.ArrayList;
import java.util.Arrays;
+import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
+import java.util.Map;
import java.util.Set;
import java.util.UUID;
+import java.util.concurrent.ConcurrentHashMap;
+import java.util.concurrent.locks.Lock;
+import java.util.concurrent.locks.ReadWriteLock;
+import java.util.concurrent.locks.ReentrantReadWriteLock;
import javax.naming.directory.Attributes;
@@ -45,6 +52,7 @@ import org.apache.directory.server.core.
import org.apache.directory.server.core.api.DnFactory;
import org.apache.directory.server.core.api.InstanceLayout;
import org.apache.directory.server.core.api.LdapPrincipal;
+import org.apache.directory.server.core.api.OperationEnum;
import org.apache.directory.server.core.api.OperationManager;
import org.apache.directory.server.core.api.ReferralManager;
import org.apache.directory.server.core.api.administrative.AccessControlAdministrativePoint;
@@ -234,6 +242,17 @@ public class DefaultDirectoryService imp
/** The list of declared interceptors */
private List<Interceptor> interceptors;
+ private Map<String, Interceptor> interceptorNames;
+
+ /** A lock to protect the interceptors List */
+ private ReadWriteLock interceptorsLock = new ReentrantReadWriteLock();
+
+ /** The read and write locks */
+ private Lock readLock = interceptorsLock.readLock();
+ private Lock writeLock = interceptorsLock.writeLock();
+
+ /** A map associating a list of interceptor to each operation */
+ private Map<OperationEnum, List<String>> operationInterceptors;
/** The System partition */
private Partition systemPartition;
@@ -458,8 +477,174 @@ public class DefaultDirectoryService imp
public List<Interceptor> getInterceptors()
{
List<Interceptor> cloned = new ArrayList<Interceptor>();
- cloned.addAll( interceptors );
- return cloned;
+
+ try
+ {
+ readLock.lock();
+
+ cloned.addAll( interceptors );
+
+ return cloned;
+ }
+ finally
+ {
+ readLock.unlock();
+ }
+ }
+
+
+ /**
+ * Returns interceptors in the server for a given operation.
+ *
+ * @return the interceptors in the server for the given operation.
+ */
+ public List<String> getInterceptors( OperationEnum operation )
+ {
+ List<String> cloned = new ArrayList<String>();
+
+ try
+ {
+ readLock.lock();
+ cloned.addAll( operationInterceptors.get( operation ) );
+
+ return cloned;
+ }
+ finally
+ {
+ readLock.unlock();
+ }
+
+ }
+
+
+ /**
+ * Compute the list of to call for each operation
+ */
+ private void initOperationsList()
+ {
+ try
+ {
+ writeLock.lock();
+ operationInterceptors = new ConcurrentHashMap<OperationEnum, List<String>>();
+
+ for ( OperationEnum operation : OperationEnum.getOperations() )
+ {
+ List<String> operationList = new ArrayList<String>();
+
+ for ( Interceptor interceptor : interceptors )
+ {
+ Method[] methods = interceptor.getClass().getDeclaredMethods();
+
+ for ( Method method : methods )
+ {
+ if ( method.getName().equals( operation.getMethodName() ) )
+ {
+ operationList.add( interceptor.getName() );
+ break;
+ }
+ }
+ }
+
+ operationInterceptors.put( operation, operationList );
+ }
+ }
+ finally
+ {
+ writeLock.unlock();
+ }
+ }
+
+
+ /**
+ * Add an interceptor to the list of interceptors to call for each operation
+ * @throws LdapException
+ */
+ private void addInterceptor( Interceptor interceptor, int position ) throws LdapException
+ {
+ // First, init the interceptor
+ interceptor.init( this );
+
+ try
+ {
+ writeLock.lock();
+
+ for ( OperationEnum operation : OperationEnum.getOperations() )
+ {
+ List<String> operationList = operationInterceptors.get( operation );
+
+ Method[] methods = interceptor.getClass().getDeclaredMethods();
+
+ for ( Method method : methods )
+ {
+ if ( method.getName().equals( operation.getMethodName() ) )
+ {
+ if ( position == -1 )
+ {
+ operationList.add( interceptor.getName() );
+ }
+ else
+ {
+ operationList.add( position, interceptor.getName() );
+ }
+
+ break;
+ }
+ }
+ }
+
+ interceptorNames.put( interceptor.getName(), interceptor );
+
+ if ( position == -1 )
+ {
+ interceptors.add( interceptor );
+ }
+ else
+ {
+ interceptors.add( position, interceptor );
+ }
+ }
+ finally
+ {
+ writeLock.unlock();
+ }
+ }
+
+
+ /**
+ * Remove an interceptor to the list of interceptors to call for each operation
+ */
+ private void removeOperationsList( String interceptorName )
+ {
+ Interceptor interceptor = interceptorNames.get( interceptorName );
+
+ try
+ {
+ writeLock.lock();
+
+ for ( OperationEnum operation : OperationEnum.getOperations() )
+ {
+ List<String> operationList = operationInterceptors.get( operation );
+
+ Method[] methods = interceptor.getClass().getDeclaredMethods();
+
+ for ( Method method : methods )
+ {
+ if ( method.getName().equals( operation.getMethodName() ) )
+ {
+ operationList.remove( interceptor.getName() );
+
+ break;
+ }
+ }
+ }
+
+ interceptorNames.remove( interceptorName );
+ interceptors.remove( interceptor );
+ }
+ finally
+ {
+ writeLock.unlock();
+ }
}
@@ -470,19 +655,25 @@ public class DefaultDirectoryService imp
*/
public void setInterceptors( List<Interceptor> interceptors )
{
- Set<String> names = new HashSet<String>();
+ Map<String, Interceptor> interceptorNames = new HashMap<String, Interceptor>();
+ // Check if we don't have duplicate names in the interceptors list
for ( Interceptor interceptor : interceptors )
{
- if ( names.contains( interceptor.getName() ) )
+ if ( interceptorNames.containsKey( interceptor.getName() ) )
{
LOG.warn( "Encountered duplicate definitions for {} interceptor", interceptor.getName() );
+ continue;
}
- names.add( interceptor.getName() );
+ interceptorNames.put( interceptor.getName(), interceptor );
}
this.interceptors = interceptors;
+ this.interceptorNames = interceptorNames;
+
+ // Now update the Map that connect each operation with the list of interceptors.
+ initOperationsList();
}
@@ -496,6 +687,7 @@ public class DefaultDirectoryService imp
{
List<LdifEntry> cloned = new ArrayList<LdifEntry>();
cloned.addAll( testEntries );
+
return cloned;
}
@@ -768,6 +960,8 @@ public class DefaultDirectoryService imp
BindOperationContext bindContext = new BindOperationContext( null );
bindContext.setCredentials( credentials );
bindContext.setDn( principalDn );
+ bindContext.setInterceptors( getInterceptors( OperationEnum.BIND ) );
+
operationManager.bind( bindContext );
return bindContext.getSession();
@@ -786,6 +980,8 @@ public class DefaultDirectoryService imp
bindContext.setCredentials( credentials );
bindContext.setDn( principalDn );
bindContext.setSaslMechanism( saslMechanism );
+ bindContext.setInterceptors( getInterceptors( OperationEnum.BIND ) );
+
operationManager.bind( bindContext );
return bindContext.getSession();
@@ -1774,19 +1970,65 @@ public class DefaultDirectoryService imp
*/
public Interceptor getInterceptor( String interceptorName )
{
- for ( Interceptor interceptor:interceptors )
+ try
+ {
+ readLock.lock();
+
+ for ( Interceptor interceptor:interceptors )
+ {
+ if ( interceptor.getName().equalsIgnoreCase( interceptorName ) )
+ {
+ return interceptor;
+ }
+ }
+
+ return null;
+ }
+ finally
{
- if ( interceptor.getName().equalsIgnoreCase( interceptorName ) )
- {
- return interceptor;
- }
+ readLock.unlock();
}
-
- return null;
}
/**
+ * {@inheritDoc}
+ * @throws LdapException
+ */
+ public void addFirst( Interceptor interceptor ) throws LdapException
+ {
+ addInterceptor( interceptor, 0 );
+ }
+
+
+ /**
+ * {@inheritDoc}
+ * @throws LdapException
+ */
+ public void addLast( Interceptor interceptor ) throws LdapException
+ {
+ addInterceptor( interceptor, -1 );
+ }
+
+
+ /**
+ * {@inheritDoc}
+ */
+ public void addAfter( String interceptorName, Interceptor interceptor )
+ {
+ }
+
+
+ /**
+ * {@inheritDoc}
+ */
+ public void remove( String interceptorName )
+ {
+ removeOperationsList( interceptorName );
+ }
+
+
+ /**
* Get a new CSN
* @return The CSN generated for this directory service
*/
@@ -1988,5 +2230,4 @@ public class DefaultDirectoryService imp
{
return evaluator;
}
-
}
\ No newline at end of file
Modified: directory/apacheds/branches/apacheds-txns/core/src/main/java/org/apache/directory/server/core/DefaultOperationManager.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/apacheds-txns/core/src/main/java/org/apache/directory/server/core/DefaultOperationManager.java?rev=1200408&r1=1200407&r2=1200408&view=diff
==============================================================================
--- directory/apacheds/branches/apacheds-txns/core/src/main/java/org/apache/directory/server/core/DefaultOperationManager.java (original)
+++ directory/apacheds/branches/apacheds-txns/core/src/main/java/org/apache/directory/server/core/DefaultOperationManager.java Thu Nov 10 16:21:12 2011
@@ -23,10 +23,12 @@ package org.apache.directory.server.core
import java.util.ArrayList;
import java.util.List;
+import org.apache.directory.server.core.api.CoreSession;
import org.apache.directory.server.core.api.DirectoryService;
import org.apache.directory.server.core.api.OperationManager;
import org.apache.directory.server.core.api.ReferralManager;
import org.apache.directory.server.core.api.filtering.EntryFilteringCursor;
+import org.apache.directory.server.core.api.interceptor.Interceptor;
import org.apache.directory.server.core.api.interceptor.InterceptorChain;
import org.apache.directory.server.core.api.interceptor.context.AddOperationContext;
import org.apache.directory.server.core.api.interceptor.context.BindOperationContext;
@@ -51,6 +53,7 @@ import org.apache.directory.shared.ldap.
import org.apache.directory.shared.ldap.model.entry.Value;
import org.apache.directory.shared.ldap.model.exception.LdapAffectMultipleDsaException;
import org.apache.directory.shared.ldap.model.exception.LdapException;
+import org.apache.directory.shared.ldap.model.exception.LdapNoSuchObjectException;
import org.apache.directory.shared.ldap.model.exception.LdapOperationErrorException;
import org.apache.directory.shared.ldap.model.exception.LdapPartialResultException;
import org.apache.directory.shared.ldap.model.exception.LdapReferralException;
@@ -87,8 +90,68 @@ public class DefaultOperationManager imp
}
- private LdapReferralException buildReferralException( Entry parentEntry, Dn childDn )
- throws LdapException //, LdapURLEncodingException
+ /**
+ * Eagerly populates fields of operation contexts so multiple Interceptors
+ * in the processing pathway can reuse this value without performing a
+ * redundant lookup operation.
+ *
+ * @param opContext the operation context to populate with cached fields
+ */
+ private void eagerlyPopulateFields( OperationContext opContext ) throws LdapException
+ {
+ // If the entry field is not set for ops other than add for example
+ // then we set the entry but don't freak if we fail to do so since it
+ // may not exist in the first place
+
+ if ( opContext.getEntry() == null )
+ {
+ // We have to use the admin session here, otherwise we may have
+ // trouble reading the entry due to insufficient access rights
+ CoreSession adminSession = opContext.getSession().getDirectoryService().getAdminSession();
+
+ LookupOperationContext lookupContext = new LookupOperationContext( adminSession, opContext.getDn(), SchemaConstants.ALL_ATTRIBUTES_ARRAY );
+ Entry foundEntry = opContext.getSession().getDirectoryService().getPartitionNexus().lookup( lookupContext );
+
+ if ( foundEntry != null )
+ {
+ opContext.setEntry( foundEntry );
+ }
+ else
+ {
+ // This is an error : we *must* have an entry if we want to be able to rename.
+ LdapNoSuchObjectException ldnfe = new LdapNoSuchObjectException( I18n.err( I18n.ERR_256_NO_SUCH_OBJECT,
+ opContext.getDn() ) );
+
+ throw ldnfe;
+ }
+ }
+ }
+
+
+ private Entry getOriginalEntry( OperationContext opContext ) throws LdapException
+ {
+ // We have to use the admin session here, otherwise we may have
+ // trouble reading the entry due to insufficient access rights
+ CoreSession adminSession = opContext.getSession().getDirectoryService().getAdminSession();
+
+ Entry foundEntry = adminSession.lookup( opContext.getDn(), SchemaConstants.ALL_OPERATIONAL_ATTRIBUTES, SchemaConstants.ALL_USER_ATTRIBUTES );
+
+ if ( foundEntry != null )
+ {
+ return foundEntry;
+ }
+ else
+ {
+ // This is an error : we *must* have an entry if we want to be able to rename.
+ LdapNoSuchObjectException ldnfe = new LdapNoSuchObjectException( I18n.err( I18n.ERR_256_NO_SUCH_OBJECT,
+ opContext.getDn() ) );
+
+ throw ldnfe;
+ }
+ }
+
+
+ private LdapReferralException buildReferralException( Entry parentEntry, Dn childDn ) throws LdapException
{
// Get the Ref attributeType
Attribute refs = parentEntry.get( SchemaConstants.REF_AT );
@@ -102,14 +165,14 @@ public class DefaultOperationManager imp
{
// we have to replace the parent by the referral
LdapUrl ldapUrl = new LdapUrl( url.getString() );
-
+
// We have a problem with the Dn : we can't use the UpName,
// as we may have some spaces around the ',' and '+'.
// So we have to take the Rdn one by one, and create a
// new Dn with the type and value UP form
-
+
Dn urlDn = ldapUrl.getDn().add( childDn );
-
+
ldapUrl.setDn( urlDn );
urls.add( ldapUrl.toString() );
}
@@ -129,8 +192,7 @@ public class DefaultOperationManager imp
}
- private LdapReferralException buildReferralExceptionForSearch( Entry parentEntry, Dn childDn, SearchScope scope )
- throws LdapException
+ private LdapReferralException buildReferralExceptionForSearch( Entry parentEntry, Dn childDn, SearchScope scope ) throws LdapException
{
// Get the Ref attributeType
Attribute refs = parentEntry.get( SchemaConstants.REF_AT );
@@ -285,7 +347,10 @@ public class DefaultOperationManager imp
try
{
- directoryService.getInterceptorChain().bind( bindContext );
+ // Call the Delete method
+ Interceptor head = directoryService.getInterceptor( bindContext.getNextInterceptor() );
+
+ head.bind( bindContext );
}
finally
{
@@ -362,9 +427,13 @@ public class DefaultOperationManager imp
// Unlock the ReferralManager
directoryService.getReferralManager().unlock();
- // Call the Add method
- InterceptorChain interceptorChain = directoryService.getInterceptorChain();
- return interceptorChain.compare( compareContext );
+ // populate the context with the old entry
+ compareContext.setOriginalEntry( getOriginalEntry( compareContext ) );
+
+ // Call the Compare method
+ Interceptor head = directoryService.getInterceptor( compareContext.getNextInterceptor() );
+
+ return head.compare( compareContext );
}
finally
{
@@ -443,9 +512,13 @@ public class DefaultOperationManager imp
// Unlock the ReferralManager
directoryService.getReferralManager().unlock();
- // Call the Add method
- InterceptorChain interceptorChain = directoryService.getInterceptorChain();
- interceptorChain.delete( deleteContext );
+ // populate the context with the old entry
+ eagerlyPopulateFields( deleteContext );
+
+ // Call the Delete method
+ Interceptor head = directoryService.getInterceptor( deleteContext.getNextInterceptor() );
+
+ head.delete( deleteContext );
}
finally
{
@@ -469,8 +542,9 @@ public class DefaultOperationManager imp
try
{
- InterceptorChain chain = directoryService.getInterceptorChain();
- return chain.getRootDSE( getRootDseContext );
+ Interceptor head = directoryService.getInterceptor( getRootDseContext.getNextInterceptor() );
+
+ return head.getRootDSE( getRootDseContext );
}
finally
{
@@ -493,7 +567,9 @@ public class DefaultOperationManager imp
try
{
- return directoryService.getInterceptorChain().hasEntry( hasEntryContext );
+ Interceptor head = directoryService.getInterceptor( hasEntryContext.getNextInterceptor() );
+
+ return head.hasEntry( hasEntryContext );
}
finally
{
@@ -516,7 +592,9 @@ public class DefaultOperationManager imp
try
{
- return directoryService.getInterceptorChain().list( listContext );
+ Interceptor head = directoryService.getInterceptor( listContext.getNextInterceptor() );
+
+ return head.list( listContext );
}
finally
{
@@ -539,8 +617,9 @@ public class DefaultOperationManager imp
try
{
- InterceptorChain chain = directoryService.getInterceptorChain();
- return chain.lookup( lookupContext );
+ Interceptor head = directoryService.getInterceptor( lookupContext.getNextInterceptor() );
+
+ return head.lookup( lookupContext );
}
finally
{
@@ -1035,7 +1114,10 @@ public class DefaultOperationManager imp
try
{
- directoryService.getInterceptorChain().unbind( unbindContext );
+ // Call the Unbind method
+ Interceptor head = directoryService.getInterceptor( unbindContext.getNextInterceptor() );
+
+ head.unbind( unbindContext );
}
finally
{
Modified: directory/apacheds/branches/apacheds-txns/core/src/test/java/org/apache/directory/server/core/interceptor/InterceptorChainTest.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/apacheds-txns/core/src/test/java/org/apache/directory/server/core/interceptor/InterceptorChainTest.java?rev=1200408&r1=1200407&r2=1200408&view=diff
==============================================================================
--- directory/apacheds/branches/apacheds-txns/core/src/test/java/org/apache/directory/server/core/interceptor/InterceptorChainTest.java (original)
+++ directory/apacheds/branches/apacheds-txns/core/src/test/java/org/apache/directory/server/core/interceptor/InterceptorChainTest.java Thu Nov 10 16:21:12 2011
@@ -6,16 +6,16 @@
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
- *
+ *
* http://www.apache.org/licenses/LICENSE-2.0
- *
+ *
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
- * under the License.
- *
+ * under the License.
+ *
*/
package org.apache.directory.server.core.interceptor;
@@ -35,7 +35,6 @@ import org.apache.directory.server.core.
import org.apache.directory.server.core.api.interceptor.InterceptorChain;
import org.apache.directory.server.core.api.interceptor.context.LookupOperationContext;
import org.apache.directory.server.core.api.invocation.InvocationStack;
-import org.apache.directory.server.core.api.partition.ByPassConstants;
import org.apache.directory.server.core.shared.DefaultCoreSession;
import org.apache.directory.shared.ldap.model.constants.AuthenticationLevel;
import org.apache.directory.shared.ldap.model.name.Dn;
@@ -44,11 +43,12 @@ import org.apache.directory.shared.ldap.
import org.junit.After;
import org.junit.Before;
import org.junit.BeforeClass;
+import org.junit.Ignore;
import org.junit.Test;
/**
- * Unit test cases for InterceptorChain methods which test bypass
+ * Unit test cases for InterceptorChain methods which test bypass
* instructions in the chain.
*
* @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
@@ -90,6 +90,7 @@ public class InterceptorChainTest
@Test
+ @Ignore
public void testNoBypass() throws Exception
{
Dn dn = new Dn( schemaManager, "ou=system" );
@@ -101,7 +102,7 @@ public class InterceptorChainTest
try
{
- chain.lookup( lookupContext );
+ //chain.lookup( lookupContext );
}
catch ( Exception e )
{
@@ -116,6 +117,7 @@ public class InterceptorChainTest
@Test
+ @Ignore
public void testSingleBypass() throws Exception
{
Dn dn = new Dn( schemaManager, "ou=system" );
@@ -128,7 +130,7 @@ public class InterceptorChainTest
try
{
- chain.lookup( lookupContext );
+ //chain.lookup( lookupContext );
}
catch ( Exception e )
{
@@ -143,6 +145,7 @@ public class InterceptorChainTest
@Test
+ @Ignore
public void testAdjacentDoubleBypass() throws Exception
{
Dn dn = new Dn( schemaManager, "ou=system" );
@@ -158,7 +161,7 @@ public class InterceptorChainTest
try
{
- chain.lookup( lookupContext );
+ //chain.lookup( lookupContext );
}
catch ( Exception e )
{
@@ -173,6 +176,7 @@ public class InterceptorChainTest
@Test
+ @Ignore
public void testFrontAndBackDoubleBypass() throws Exception
{
Dn dn = new Dn( schemaManager, "ou=system" );
@@ -188,7 +192,7 @@ public class InterceptorChainTest
try
{
- chain.lookup( lookupContext );
+ //chain.lookup( lookupContext );
}
catch ( Exception e )
{
@@ -202,6 +206,7 @@ public class InterceptorChainTest
@Test
+ @Ignore
public void testDoubleBypass() throws Exception
{
Dn dn = new Dn( schemaManager, "ou=system" );
@@ -217,7 +222,7 @@ public class InterceptorChainTest
try
{
- chain.lookup( lookupContext );
+ //chain.lookup( lookupContext );
}
catch ( Exception e )
{
@@ -228,27 +233,4 @@ public class InterceptorChainTest
assertEquals( "2", interceptors.get( 1 ).getName() );
assertEquals( "4", interceptors.get( 2 ).getName() );
}
-
-
- @Test
- public void testCompleteBypass() throws Exception
- {
- Dn dn = new Dn( schemaManager, "ou=system" );
- DirectoryService ds = new MockDirectoryService( 0 );
- DefaultCoreSession session = new DefaultCoreSession( new LdapPrincipal( schemaManager, new Dn( schemaManager ), AuthenticationLevel.STRONG ),
- ds );
- LookupOperationContext lookupContext = new LookupOperationContext( session, dn );
- lookupContext.setByPassed( ByPassConstants.BYPASS_ALL_COLLECTION );
- InvocationStack.getInstance().push( lookupContext );
-
- try
- {
- chain.lookup( lookupContext );
- }
- catch ( Exception e )
- {
- }
-
- assertEquals( 0, interceptors.size() );
- }
}
Propchange: directory/apacheds/branches/apacheds-txns/interceptors/admin/
------------------------------------------------------------------------------
svn:mergeinfo = /directory/apacheds/trunk/interceptors/admin:1183435-1200383
Modified: directory/apacheds/branches/apacheds-txns/interceptors/admin/src/main/java/org/apache/directory/server/core/admin/AdministrativePointInterceptor.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/apacheds-txns/interceptors/admin/src/main/java/org/apache/directory/server/core/admin/AdministrativePointInterceptor.java?rev=1200408&r1=1200407&r2=1200408&view=diff
==============================================================================
--- directory/apacheds/branches/apacheds-txns/interceptors/admin/src/main/java/org/apache/directory/server/core/admin/AdministrativePointInterceptor.java (original)
+++ directory/apacheds/branches/apacheds-txns/interceptors/admin/src/main/java/org/apache/directory/server/core/admin/AdministrativePointInterceptor.java Thu Nov 10 16:21:12 2011
@@ -1241,7 +1241,7 @@ public class AdministrativePointIntercep
* </ul>
* {@inheritDoc}
*/
- public void delete( NextInterceptor next, DeleteOperationContext deleteContext ) throws LdapException
+ public void delete( DeleteOperationContext deleteContext ) throws LdapException
{
LOG.debug( ">>> Entering into the Administrative Interceptor, delRequest" );
Entry entry = deleteContext.getEntry();
@@ -1253,7 +1253,7 @@ public class AdministrativePointIntercep
if ( adminPoint == null )
{
// Nope, go on.
- next.delete( deleteContext );
+ next( deleteContext );
LOG.debug( "Exit from Administrative Interceptor" );
@@ -1278,7 +1278,7 @@ public class AdministrativePointIntercep
}
// Ok, we can remove the AP
- next.delete( deleteContext );
+ next( deleteContext );
// Now, update the AdminPoint cache
deleteAdminPointCache( adminPoint, deleteContext );
Propchange: directory/apacheds/branches/apacheds-txns/interceptors/authn/
------------------------------------------------------------------------------
svn:mergeinfo = /directory/apacheds/trunk/interceptors/authn:1183435-1200383
Modified: directory/apacheds/branches/apacheds-txns/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/AuthenticationInterceptor.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/apacheds-txns/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/AuthenticationInterceptor.java?rev=1200408&r1=1200407&r2=1200408&view=diff
==============================================================================
--- directory/apacheds/branches/apacheds-txns/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/AuthenticationInterceptor.java (original)
+++ directory/apacheds/branches/apacheds-txns/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/AuthenticationInterceptor.java Thu Nov 10 16:21:12 2011
@@ -115,7 +115,7 @@ public class AuthenticationInterceptor e
/** A Set of all the existing Authenticator to be used by the bind operation */
private Set<Authenticator> authenticators = new HashSet<Authenticator>();
-
+
/** A map of authenticators associated with the authentication level required */
private final Map<AuthenticationLevel, Collection<Authenticator>> authenticatorsMapByType = new HashMap<AuthenticationLevel, Collection<Authenticator>>();
@@ -146,6 +146,7 @@ public class AuthenticationInterceptor e
/**
+<<<<<<< .working
* the set of interceptors we should *not* go through when pwdpolicy state information is being updated
*/
private static final Collection<String> BYPASS_INTERCEPTORS;
@@ -170,6 +171,8 @@ public class AuthenticationInterceptor e
/**
+=======
+>>>>>>> .merge-right.r1200383
* Creates an authentication service interceptor.
*/
public AuthenticationInterceptor()
@@ -191,7 +194,7 @@ public class AuthenticationInterceptor e
{
setDefaultAuthenticators();
}
-
+
// Register all authenticators
for ( Authenticator authenticator : authenticators )
{
@@ -211,7 +214,7 @@ public class AuthenticationInterceptor e
{
authenticators = new HashSet<Authenticator>();
}
-
+
authenticators.clear();
authenticators.add( new AnonymousAuthenticator() );
authenticators.add( new SimpleAuthenticator() );
@@ -250,16 +253,16 @@ public class AuthenticationInterceptor e
{
throw new IllegalArgumentException( "The given authenticators set is null" );
}
-
+
this.authenticators.clear();
- for (Authenticator authenticator : authenticators)
+ for (Authenticator authenticator : authenticators)
{
this.authenticators.add( authenticator );
}
}
-
-
+
+
/**
* Deinitializes and deregisters all {@link Authenticator}s from this service.
*/
@@ -330,14 +333,14 @@ public class AuthenticationInterceptor e
checkAuthenticated( addContext );
Entry entry = addContext.getEntry();
-
-
+
+
if ( !directoryService.isPwdPolicyEnabled() )
{
next.add( addContext );
return;
}
-
+
PasswordPolicyConfiguration policyConfig = getPwdPolicy( entry );
boolean isPPolicyReqCtrlPresent = addContext.hasRequestControl( PasswordPolicy.OID );
@@ -359,7 +362,7 @@ public class AuthenticationInterceptor e
{
if ( isPPolicyReqCtrlPresent )
{
- PasswordPolicyDecorator responseControl =
+ PasswordPolicyDecorator responseControl =
new PasswordPolicyDecorator( directoryService.getLdapCodecService(), true );
responseControl.getResponse().setPasswordPolicyError( PasswordPolicyErrorEnum.get( e.getErrorCode() ) );
addContext.addResponseControl( responseControl );
@@ -370,6 +373,7 @@ public class AuthenticationInterceptor e
}
String pwdChangedTime = DateUtils.getGeneralizedTime();
+
if ( ( policyConfig.getPwdMinAge() > 0 ) || ( policyConfig.getPwdMaxAge() > 0 ) )
{
Attribute pwdChangedTimeAt = new DefaultAttribute( AT_PWD_CHANGED_TIME );
@@ -397,7 +401,7 @@ public class AuthenticationInterceptor e
}
- public void delete( NextInterceptor next, DeleteOperationContext deleteContext ) throws LdapException
+ public void delete( DeleteOperationContext deleteContext ) throws LdapException
{
if ( IS_DEBUG )
{
@@ -406,12 +410,15 @@ public class AuthenticationInterceptor e
checkAuthenticated( deleteContext );
checkPwdReset( deleteContext );
- next.delete( deleteContext );
+ next( deleteContext );
invalidateAuthenticatorCaches( deleteContext.getDn() );
}
- public Entry getRootDSE( NextInterceptor next, GetRootDSEOperationContext getRootDseContext ) throws LdapException
+ /**
+ * {@inheritDoc}
+ */
+ public Entry getRootDSE( GetRootDSEOperationContext getRootDseContext ) throws LdapException
{
if ( IS_DEBUG )
{
@@ -420,11 +427,15 @@ public class AuthenticationInterceptor e
checkAuthenticated( getRootDseContext );
checkPwdReset( getRootDseContext );
- return next.getRootDSE( getRootDseContext );
+
+ return next( getRootDseContext );
}
- public boolean hasEntry( NextInterceptor next, EntryOperationContext hasEntryContext ) throws LdapException
+ /**
+ * {@inheritDoc}
+ */
+ public boolean hasEntry( EntryOperationContext hasEntryContext ) throws LdapException
{
if ( IS_DEBUG )
{
@@ -433,11 +444,15 @@ public class AuthenticationInterceptor e
checkAuthenticated( hasEntryContext );
checkPwdReset( hasEntryContext );
- return next.hasEntry( hasEntryContext );
+
+ return next( hasEntryContext );
}
- public EntryFilteringCursor list( NextInterceptor next, ListOperationContext listContext ) throws LdapException
+ /**
+ * {@inheritDoc}
+ */
+ public EntryFilteringCursor list( ListOperationContext listContext ) throws LdapException
{
if ( IS_DEBUG )
{
@@ -446,11 +461,12 @@ public class AuthenticationInterceptor e
checkAuthenticated( listContext );
checkPwdReset( listContext );
- return next.list( listContext );
+
+ return next( listContext );
}
- public Entry lookup( NextInterceptor next, LookupOperationContext lookupContext ) throws LdapException
+ public Entry lookup( LookupOperationContext lookupContext ) throws LdapException
{
if ( IS_DEBUG )
{
@@ -459,8 +475,8 @@ public class AuthenticationInterceptor e
checkAuthenticated( lookupContext );
checkPwdReset( lookupContext );
-
- return next.lookup( lookupContext );
+
+ return next( lookupContext );
}
@@ -488,7 +504,7 @@ public class AuthenticationInterceptor e
checkAuthenticated( modifyContext );
-
+
if ( ! directoryService.isPwdPolicyEnabled() )
{
next.modify( modifyContext );
@@ -498,12 +514,12 @@ public class AuthenticationInterceptor e
// handle the case where pwdPolicySubentry AT is about to be deleted in thid modify()
PasswordPolicyConfiguration policyConfig = getPwdPolicy( modifyContext.getEntry() );
-
+
boolean isPPolicyReqCtrlPresent = modifyContext.hasRequestControl( PasswordPolicy.OID );
Dn userDn = modifyContext.getSession().getAuthenticatedPrincipal().getDn();
PwdModDetailsHolder pwdModDetails = null;
-
+
pwdModDetails = getPwdModDetails( modifyContext, policyConfig );
if ( pwdModDetails.isPwdModPresent() )
@@ -514,7 +530,7 @@ public class AuthenticationInterceptor e
{
if ( isPPolicyReqCtrlPresent )
{
- PasswordPolicyDecorator responseControl =
+ PasswordPolicyDecorator responseControl =
new PasswordPolicyDecorator( directoryService.getLdapCodecService(), true );
responseControl.getResponse().setPasswordPolicyError( PasswordPolicyErrorEnum.CHANGE_AFTER_RESET );
modifyContext.addResponseControl( responseControl );
@@ -529,10 +545,10 @@ public class AuthenticationInterceptor e
if ( pwdModDetails.isAddOrReplace() && !pwdModDetails.isDelete() )
{
LOG.debug( "trying to update password attribute without the supplying the old password" );
-
+
if ( isPPolicyReqCtrlPresent )
{
- PasswordPolicyDecorator responseControl =
+ PasswordPolicyDecorator responseControl =
new PasswordPolicyDecorator( directoryService.getLdapCodecService(), true );
responseControl.getResponse().setPasswordPolicyError( PasswordPolicyErrorEnum.MUST_SUPPLY_OLD_PASSWORD );
modifyContext.addResponseControl( responseControl );
@@ -546,7 +562,7 @@ public class AuthenticationInterceptor e
{
if ( isPPolicyReqCtrlPresent )
{
- PasswordPolicyDecorator responseControl =
+ PasswordPolicyDecorator responseControl =
new PasswordPolicyDecorator( directoryService.getLdapCodecService(), true );
responseControl.getResponse().setPasswordPolicyError( PasswordPolicyErrorEnum.PASSWORD_MOD_NOT_ALLOWED );
modifyContext.addResponseControl( responseControl );
@@ -561,7 +577,7 @@ public class AuthenticationInterceptor e
{
if ( isPPolicyReqCtrlPresent )
{
- PasswordPolicyDecorator responseControl =
+ PasswordPolicyDecorator responseControl =
new PasswordPolicyDecorator( directoryService.getLdapCodecService(), true );
responseControl.getResponse().setPasswordPolicyError( PasswordPolicyErrorEnum.PASSWORD_TOO_YOUNG );
modifyContext.addResponseControl( responseControl );
@@ -572,11 +588,11 @@ public class AuthenticationInterceptor e
}
byte[] newPassword = null;
-
+
if ( ( pwdModDetails != null ) )
{
newPassword = pwdModDetails.getNewPwd();
-
+
try
{
String userName = entry.getDn().getRdn().getUpValue().getString();
@@ -586,7 +602,7 @@ public class AuthenticationInterceptor e
{
if ( isPPolicyReqCtrlPresent )
{
- PasswordPolicyDecorator responseControl =
+ PasswordPolicyDecorator responseControl =
new PasswordPolicyDecorator( directoryService.getLdapCodecService(), true );
responseControl.getResponse().setPasswordPolicyError( PasswordPolicyErrorEnum.get( e.getErrorCode() ) );
modifyContext.addResponseControl( responseControl );
@@ -605,12 +621,12 @@ public class AuthenticationInterceptor e
if ( histSize > 0 )
{
Attribute pwdHistoryAt = entry.get( PWD_HISTORY_AT );
-
+
if ( pwdHistoryAt == null )
{
pwdHistoryAt = new DefaultAttribute( AT_PWD_HISTORY );
}
-
+
List<PasswordHistory> pwdHistLst = new ArrayList<PasswordHistory>();
for ( Value<?> value : pwdHistoryAt )
@@ -623,7 +639,7 @@ public class AuthenticationInterceptor e
{
if ( isPPolicyReqCtrlPresent )
{
- PasswordPolicyDecorator responseControl =
+ PasswordPolicyDecorator responseControl =
new PasswordPolicyDecorator( directoryService.getLdapCodecService(), true );
responseControl.getResponse().setPasswordPolicyError( PasswordPolicyErrorEnum.PASSWORD_IN_HISTORY );
modifyContext.addResponseControl( responseControl );
@@ -640,14 +656,14 @@ public class AuthenticationInterceptor e
{
// see the javadoc of PasswordHistory
Collections.sort( pwdHistLst );
-
+
// remove the oldest value
PasswordHistory remPwdHist = ( PasswordHistory ) pwdHistLst.toArray()[histSize - 1];
Attribute tempAt = new DefaultAttribute( AT_PWD_HISTORY );
tempAt.add( remPwdHist.getHistoryValue() );
pwdRemHistMod = new DefaultModification( REMOVE_ATTRIBUTE, tempAt );
}
-
+
pwdHistoryAt.clear();
PasswordHistory newPwdHist = new PasswordHistory( pwdChangedTime, newPassword );
pwdHistoryAt.clear();
@@ -656,11 +672,11 @@ public class AuthenticationInterceptor e
}
next.modify( modifyContext );
-
+
invalidateAuthenticatorCaches( modifyContext.getDn() );
List<Modification> mods = new ArrayList<Modification>();
-
+
if ( ( policyConfig.getPwdMinAge() > 0 ) || ( policyConfig.getPwdMaxAge() > 0 ) )
{
Attribute pwdChangedTimeAt = new DefaultAttribute( AT_PWD_CHANGED_TIME );
@@ -680,7 +696,7 @@ public class AuthenticationInterceptor e
}
boolean removeFromPwdResetSet = false;
-
+
if ( policyConfig.isPwdMustChange() )
{
Attribute pwdMustChangeAt = new DefaultAttribute( AT_PWD_RESET );
@@ -701,14 +717,14 @@ public class AuthenticationInterceptor e
}
Attribute pwdFailureTimeAt = entry.get( PWD_FAILURE_TIME_AT );
-
+
if ( pwdFailureTimeAt != null )
{
mods.add( new DefaultModification( REMOVE_ATTRIBUTE, pwdFailureTimeAt ) );
}
Attribute pwdGraceUseTimeAt = entry.get( PWD_GRACE_USE_TIME_AT );
-
+
if ( pwdGraceUseTimeAt != null )
{
mods.add( new DefaultModification( REMOVE_ATTRIBUTE, pwdGraceUseTimeAt ) );
@@ -746,7 +762,7 @@ public class AuthenticationInterceptor e
/**
* {@inheritDoc}
*/
- public boolean compare( NextInterceptor next, CompareOperationContext compareContext ) throws LdapException
+ public boolean compare( CompareOperationContext compareContext ) throws LdapException
{
if ( IS_DEBUG )
{
@@ -755,7 +771,7 @@ public class AuthenticationInterceptor e
checkAuthenticated( compareContext );
checkPwdReset( compareContext );
- boolean result = next.compare( compareContext );
+ boolean result = next( compareContext );
invalidateAuthenticatorCaches( compareContext.getDn() );
return result;
@@ -764,7 +780,7 @@ public class AuthenticationInterceptor e
public void moveAndRename( NextInterceptor next, MoveAndRenameOperationContext moveAndRenameContext )
throws LdapException
- {
+ {
if ( IS_DEBUG )
{
LOG.debug( "Operation Context: {}", moveAndRenameContext );
@@ -774,7 +790,7 @@ public class AuthenticationInterceptor e
checkPwdReset( moveAndRenameContext );
next.moveAndRename( moveAndRenameContext );
invalidateAuthenticatorCaches( moveAndRenameContext.getDn() );
- }
+ }
/**
@@ -796,7 +812,7 @@ public class AuthenticationInterceptor e
public EntryFilteringCursor search( NextInterceptor next, SearchOperationContext searchContext )
throws LdapException
- {
+ {
if ( IS_DEBUG )
{
LOG.debug( "Operation Context: {}", searchContext );
@@ -804,8 +820,9 @@ public class AuthenticationInterceptor e
checkAuthenticated( searchContext );
checkPwdReset( searchContext );
+
return next.search( searchContext );
- }
+ }
/**
@@ -826,7 +843,7 @@ public class AuthenticationInterceptor e
}
- public void bind( NextInterceptor next, BindOperationContext bindContext ) throws LdapException
+ public void bind( BindOperationContext bindContext ) throws LdapException
{
if ( IS_DEBUG )
{
@@ -858,7 +875,7 @@ public class AuthenticationInterceptor e
LOG.debug( "No authenticators found, delegating bind to the nexus." );
// as a last resort try binding via the nexus
- next.bind( bindContext );
+ next( bindContext );
LOG.debug( "Nexus succeeded on bind operation." );
@@ -874,7 +891,7 @@ public class AuthenticationInterceptor e
}
boolean isPPolicyReqCtrlPresent = bindContext.hasRequestControl( PasswordPolicy.OID );
- PasswordPolicyDecorator pwdRespCtrl =
+ PasswordPolicyDecorator pwdRespCtrl =
new PasswordPolicyDecorator( directoryService.getLdapCodecService(), true );
boolean authenticated = false;
@@ -888,7 +905,7 @@ public class AuthenticationInterceptor e
{
// perform the authentication
LdapPrincipal principal = authenticator.authenticate( bindContext );
-
+
LdapPrincipal clonedPrincipal = ( LdapPrincipal ) ( principal.clone() );
// remove creds so there is no security risk
@@ -900,7 +917,7 @@ public class AuthenticationInterceptor e
bindContext.setSession( session );
authenticated = true;
-
+
// break out of the loop if the authentication succeeded
break;
}
@@ -940,12 +957,12 @@ public class AuthenticationInterceptor e
Dn dn = bindContext.getDn();
Entry userEntry = bindContext.getEntry();
-
+
PasswordPolicyConfiguration policyConfig = getPwdPolicy( userEntry );
-
+
// check if the user entry is null, it will be null
// in cases of anonymous bind
- if ( authenticated && ( userEntry == null ) && directoryService.isAllowAnonymousAccess() )
+ if ( authenticated && ( userEntry == null ) && directoryService.isAllowAnonymousAccess() )
{
return;
}
@@ -960,6 +977,7 @@ public class AuthenticationInterceptor e
if ( ( policyConfig != null ) && ( userEntry != null ) )
{
Attribute pwdFailTimeAt = userEntry.get( PWD_FAILURE_TIME_AT );
+
if ( pwdFailTimeAt == null )
{
pwdFailTimeAt = new DefaultAttribute( AT_PWD_FAILURE_TIME );
@@ -991,7 +1009,7 @@ public class AuthenticationInterceptor e
{
pwdAccountLockedTimeAt.add( failureTime );
}
-
+
Modification pwdAccountLockedMod = new DefaultModification( ADD_ATTRIBUTE, pwdAccountLockedTimeAt );
mods.add( pwdAccountLockedMod );
@@ -1020,10 +1038,9 @@ public class AuthenticationInterceptor e
//adminSession.modify( dn, Collections.singletonList( pwdFailTimeMod ) );
ModifyOperationContext bindModCtx = new ModifyOperationContext( adminSession );
- bindModCtx.setByPassed( BYPASS_INTERCEPTORS );
bindModCtx.setDn( dn );
bindModCtx.setModItems( mods );
- directoryService.getOperationManager().modify( bindModCtx );
+ directoryService.getPartitionNexus().modify( bindModCtx );
}
String upDn = ( dn == null ? "" : dn.getName() );
@@ -1042,6 +1059,7 @@ public class AuthenticationInterceptor e
}
Attribute pwdFailTimeAt = userEntry.get( AT_PWD_FAILURE_TIME );
+
if ( pwdFailTimeAt != null )
{
Modification pwdFailTimeMod = new DefaultModification( REMOVE_ATTRIBUTE, pwdFailTimeAt );
@@ -1049,6 +1067,7 @@ public class AuthenticationInterceptor e
}
Attribute pwdAccLockedTimeAt = userEntry.get( AT_PWD_ACCOUNT_LOCKED_TIME );
+
if ( pwdAccLockedTimeAt != null )
{
Modification pwdAccLockedTimeMod = new DefaultModification( REMOVE_ATTRIBUTE, pwdAccLockedTimeAt );
@@ -1059,17 +1078,17 @@ public class AuthenticationInterceptor e
if ( ( policyConfig.getPwdMaxAge() > 0 ) && ( policyConfig.getPwdGraceAuthNLimit() > 0 ) )
{
Attribute pwdChangeTimeAttr = userEntry.get( PWD_CHANGED_TIME_AT );
-
+
if ( pwdChangeTimeAttr != null )
{
boolean expired = PasswordUtil.isPwdExpired( pwdChangeTimeAttr.getString(),
policyConfig.getPwdMaxAge() );
-
+
if ( expired )
{
Attribute pwdGraceUseAttr = userEntry.get( PWD_GRACE_USE_TIME_AT );
int numGraceAuth = 0;
-
+
if ( pwdGraceUseAttr != null )
{
numGraceAuth = policyConfig.getPwdGraceAuthNLimit() - ( pwdGraceUseAttr.size() + 1 );
@@ -1079,7 +1098,7 @@ public class AuthenticationInterceptor e
pwdGraceUseAttr = new DefaultAttribute( AT_PWD_GRACE_USE_TIME );
numGraceAuth = policyConfig.getPwdGraceAuthNLimit() - 1;
}
-
+
pwdRespCtrl.getResponse().setGraceAuthNsRemaining( numGraceAuth );
pwdGraceUseAttr.add( DateUtils.getGeneralizedTime() );
@@ -1093,16 +1112,15 @@ public class AuthenticationInterceptor e
{
//adminSession.modify( dn, mods );
ModifyOperationContext bindModCtx = new ModifyOperationContext( adminSession );
- bindModCtx.setByPassed( BYPASS_INTERCEPTORS );
bindModCtx.setDn( dn );
bindModCtx.setModItems( mods );
- directoryService.getOperationManager().modify( bindModCtx );
+ directoryService.getPartitionNexus().modify( bindModCtx );
}
if ( isPPolicyReqCtrlPresent )
{
int expiryWarnTime = getPwdTimeBeforeExpiry( userEntry, policyConfig );
-
+
if ( expiryWarnTime > 0 )
{
pwdRespCtrl.getResponse().setTimeBeforeExpiration( expiryWarnTime );
@@ -1121,9 +1139,9 @@ public class AuthenticationInterceptor e
@Override
- public void unbind( NextInterceptor next, UnbindOperationContext unbindContext ) throws LdapException
+ public void unbind( UnbindOperationContext unbindContext ) throws LdapException
{
- super.unbind( next, unbindContext );
+ next( unbindContext );
// remove the Dn from the password reset Set
// we do not perform a check to see if the reset flag in the associated ppolicy is enabled
@@ -1197,10 +1215,10 @@ public class AuthenticationInterceptor e
}
String strPassword = Strings.utf8ToString(password);
-
+
// perform the length validation
validatePasswordLength( strPassword, policyConfig );
-
+
policyConfig.getPwdValidator().validate( strPassword, username );
}
@@ -1243,7 +1261,7 @@ public class AuthenticationInterceptor e
}
int warningAge = policyConfig.getPwdExpireWarning();
-
+
if ( warningAge <= 0 )
{
return 0;
@@ -1254,14 +1272,14 @@ public class AuthenticationInterceptor e
long currentTime = DateUtils.getDate( DateUtils.getGeneralizedTime() ).getTime();
int pwdAge = ( int ) ( currentTime - changedTime ) / 1000;
-
+
if ( pwdAge > policyConfig.getPwdMaxAge() )
{
return 0;
}
warningAge = policyConfig.getPwdMaxAge() - warningAge;
-
+
if ( pwdAge >= warningAge )
{
return policyConfig.getPwdMaxAge() - pwdAge;
@@ -1286,14 +1304,14 @@ public class AuthenticationInterceptor e
}
Attribute pwdChangedTimeAt = userEntry.get( PWD_CHANGED_TIME_AT );
-
+
if ( pwdChangedTimeAt != null )
{
long changedTime = DateUtils.getDate( pwdChangedTimeAt.getString() ).getTime();
changedTime += policyConfig.getPwdMinAge() * 1000;
-
+
long currentTime = DateUtils.getDate( DateUtils.getGeneralizedTime() ).getTime();
-
+
if ( changedTime > currentTime )
{
return true;
@@ -1316,6 +1334,7 @@ public class AuthenticationInterceptor e
boolean mustChange = false;
Attribute pwdResetAt = userEntry.get( PWD_RESET_AT );
+
if ( pwdResetAt != null )
{
mustChange = Boolean.parseBoolean( pwdResetAt.getString() );
@@ -1330,6 +1349,7 @@ public class AuthenticationInterceptor e
PwdModDetailsHolder pwdModDetails = new PwdModDetailsHolder();
List<Modification> mods = modifyContext.getModItems();
+
for ( Modification m : mods )
{
Attribute at = m.getAttribute();
@@ -1380,7 +1400,7 @@ public class AuthenticationInterceptor e
.hasRequestControl( PasswordPolicy.OID );
if ( isPPolicyReqCtrlPresent )
{
- PasswordPolicyDecorator pwdRespCtrl =
+ PasswordPolicyDecorator pwdRespCtrl =
new PasswordPolicyDecorator( directoryService.getLdapCodecService(), true );
pwdRespCtrl.getResponse().setPasswordPolicyError( PasswordPolicyErrorEnum.CHANGE_AFTER_RESET );
opContext.addResponseControl( pwdRespCtrl );
@@ -1391,7 +1411,7 @@ public class AuthenticationInterceptor e
}
}
-
+
private static class PwdModDetailsHolder
{
private boolean pwdModPresent = false;
@@ -1464,10 +1484,10 @@ public class AuthenticationInterceptor e
this.newPwd = newPwd;
}
}
-
+
/**
- * Gets the effective password policy of the given entry.
+ * Gets the effective password policy of the given entry.
* If the entry has defined a custom password policy by setting "pwdPolicySubentry" attribute
* then the password policy associated with the Dn specified at the above attribute's value will be returned.
* Otherwise the default password policy will be returned (if present)
@@ -1482,27 +1502,27 @@ public class AuthenticationInterceptor e
{
return null;
}
-
+
if ( pwdPolicyContainer.hasCustomConfigs() )
{
Attribute pwdPolicySubentry = userEntry.get( pwdPolicySubentryAT );
-
+
if ( pwdPolicySubentry != null )
{
Dn configDn = adminSession.getDirectoryService().getDnFactory().create( pwdPolicySubentry.getString() );
-
+
return pwdPolicyContainer.getPolicyConfig( configDn );
}
}
-
+
return pwdPolicyContainer.getDefaultPolicy();
}
-
-
+
+
/**
* set all the password policies to be used by the server.
* This includes a default(i.e applicable to all entries) and custom(a.k.a per user) password policies
- *
+ *
* @param policyContainer the container holding all the password policies
*/
public void setPwdPolicies( PpolicyConfigContainer policyContainer )
@@ -1516,8 +1536,8 @@ public class AuthenticationInterceptor e
*/
public boolean isPwdPolicyEnabled()
{
- return ( ( pwdPolicyContainer != null )
- && ( ( pwdPolicyContainer.getDefaultPolicy() != null )
+ return ( ( pwdPolicyContainer != null )
+ && ( ( pwdPolicyContainer.getDefaultPolicy() != null )
|| ( pwdPolicyContainer.hasCustomConfigs() ) ) );
}
Modified: directory/apacheds/branches/apacheds-txns/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/SimpleAuthenticator.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/apacheds-txns/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/SimpleAuthenticator.java?rev=1200408&r1=1200407&r2=1200408&view=diff
==============================================================================
--- directory/apacheds/branches/apacheds-txns/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/SimpleAuthenticator.java (original)
+++ directory/apacheds/branches/apacheds-txns/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/SimpleAuthenticator.java Thu Nov 10 16:21:12 2011
@@ -91,31 +91,6 @@ public class SimpleAuthenticator extends
private static final int DEFAULT_CACHE_SIZE = 100;
/**
- * Define the interceptors we should *not* go through when we will have to request the backend
- * about a userPassword.
- */
- private static final Collection<String> USERLOOKUP_BYPASS;
-
- static
- {
- Set<String> c = new HashSet<String>();
- c.add( "NormalizationInterceptor" );
- c.add( "AuthenticationInterceptor" );
- c.add( "AciAuthorizationInterceptor" );
- c.add( "DefaultAuthorizationInterceptor" );
- c.add( "AdministrativePointInterceptor" );
- c.add( "ExceptionInterceptor" );
- c.add( "OperationalAttributeInterceptor" );
- c.add( "SchemaInterceptor" );
- c.add( "CollectiveAttributeInterceptor" );
- c.add( "SubentryInterceptor" );
- c.add( "EventInterceptor" );
- c.add( "TriggerInterceptor" );
- USERLOOKUP_BYPASS = Collections.unmodifiableCollection( c );
- }
-
-
- /**
* Creates a new instance.
* @see AbstractAuthenticator
*/
@@ -265,12 +240,11 @@ public class SimpleAuthenticator extends
*/
LookupOperationContext lookupContext = new LookupOperationContext( getDirectoryService().getAdminSession(),
bindContext.getDn() );
- lookupContext.setByPassed( USERLOOKUP_BYPASS );
lookupContext.addAttrsId( SchemaConstants.ALL_USER_ATTRIBUTES );
// OP attributes required for ppolicy
lookupContext.addAttrsId( SchemaConstants.ALL_OPERATIONAL_ATTRIBUTES );
- userEntry = getDirectoryService().getOperationManager().lookup( lookupContext );
+ userEntry = getDirectoryService().getPartitionNexus().lookup( lookupContext );
if ( userEntry == null )
{
Propchange: directory/apacheds/branches/apacheds-txns/interceptors/authz/
------------------------------------------------------------------------------
svn:mergeinfo = /directory/apacheds/trunk/interceptors/authz:1183435-1200383
Modified: directory/apacheds/branches/apacheds-txns/interceptors/authz/src/main/java/org/apache/directory/server/core/authz/AciAuthorizationInterceptor.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/apacheds-txns/interceptors/authz/src/main/java/org/apache/directory/server/core/authz/AciAuthorizationInterceptor.java?rev=1200408&r1=1200407&r2=1200408&view=diff
==============================================================================
--- directory/apacheds/branches/apacheds-txns/interceptors/authz/src/main/java/org/apache/directory/server/core/authz/AciAuthorizationInterceptor.java (original)
+++ directory/apacheds/branches/apacheds-txns/interceptors/authz/src/main/java/org/apache/directory/server/core/authz/AciAuthorizationInterceptor.java Thu Nov 10 16:21:12 2011
@@ -41,7 +41,6 @@ import org.apache.directory.server.core.
import org.apache.directory.server.core.api.filtering.EntryFilter;
import org.apache.directory.server.core.api.filtering.EntryFilteringCursor;
import org.apache.directory.server.core.api.interceptor.BaseInterceptor;
-import org.apache.directory.server.core.api.interceptor.InterceptorChain;
import org.apache.directory.server.core.api.interceptor.NextInterceptor;
import org.apache.directory.server.core.api.interceptor.context.AddOperationContext;
import org.apache.directory.server.core.api.interceptor.context.CompareOperationContext;
@@ -56,7 +55,6 @@ import org.apache.directory.server.core.
import org.apache.directory.server.core.api.interceptor.context.RenameOperationContext;
import org.apache.directory.server.core.api.interceptor.context.SearchOperationContext;
import org.apache.directory.server.core.api.interceptor.context.SearchingOperationContext;
-import org.apache.directory.server.core.api.partition.ByPassConstants;
import org.apache.directory.server.core.api.partition.PartitionNexus;
import org.apache.directory.server.core.authz.support.ACDFEngine;
import org.apache.directory.server.core.authz.support.AciContext;
@@ -160,9 +158,6 @@ public class AciAuthorizationInterceptor
/** use and instance of the ACDF engine */
private ACDFEngine engine;
- /** interceptor chain */
- private InterceptorChain chain;
-
/** the system wide subschemaSubentryDn */
private String subschemaSubentryDn;
@@ -170,7 +165,7 @@ public class AciAuthorizationInterceptor
private PartitionNexus nexus;
public static final SearchControls DEFAULT_SEARCH_CONTROLS = new SearchControls();
-
+
/** The SubentryUtils instance */
private static SubentryUtils subentryUtils;
@@ -189,7 +184,7 @@ public class AciAuthorizationInterceptor
{ SchemaConstants.PRESCRIPTIVE_ACI_AT } );
ExprNode filter =
- new EqualityNode<String>( OBJECT_CLASS_AT, new StringValue( SchemaConstants.ACCESS_CONTROL_SUBENTRY_OC ) );
+ new EqualityNode<String>( OBJECT_CLASS_AT, new StringValue( SchemaConstants.ACCESS_CONTROL_SUBENTRY_OC ) );
CoreSession adminSession = new DefaultCoreSession( new LdapPrincipal( schemaManager, adminDn, AuthenticationLevel.STRONG ),
directoryService );
@@ -283,7 +278,6 @@ public class AciAuthorizationInterceptor
Dn adminDn = directoryService.getDnFactory().create( ServerDNConstants.ADMIN_SYSTEM_DN );
CoreSession adminSession = new DefaultCoreSession( new LdapPrincipal( schemaManager, adminDn, AuthenticationLevel.STRONG ),
directoryService );
- chain = directoryService.getInterceptorChain();
// Create the caches
tupleCache = new TupleCache( adminSession );
@@ -302,15 +296,15 @@ public class AciAuthorizationInterceptor
// Init the caches now
initTupleCache();
initGroupCache();
-
+
// Init the SubentryUtils instance
subentryUtils = new SubentryUtils( directoryService );
}
- private void protectCriticalEntries( Dn dn ) throws LdapException
+ private void protectCriticalEntries( OperationContext opCtx, Dn dn ) throws LdapException
{
- Dn principalDn = getPrincipal().getDn();
+ Dn principalDn = getPrincipal( opCtx ).getDn();
if ( dn.isEmpty() )
{
@@ -342,8 +336,7 @@ public class AciAuthorizationInterceptor
* @throws Exception if there are problems accessing attribute values
* @param proxy the partition nexus proxy object
*/
- private void addPerscriptiveAciTuples( OperationContext opContext, Collection<ACITuple> tuples, Dn dn, Entry entry )
- throws LdapException
+ private void addPerscriptiveAciTuples( OperationContext opContext, Collection<ACITuple> tuples, Dn dn, Entry entry ) throws LdapException
{
Entry originalEntry = null;
@@ -370,7 +363,11 @@ public class AciAuthorizationInterceptor
if ( oc.contains( SchemaConstants.SUBENTRY_OC ) )
{
Dn parentDn = dn.getParent();
- originalEntry = opContext.lookup( parentDn, ByPassConstants.LOOKUP_BYPASS, SchemaConstants.ALL_ATTRIBUTES_ARRAY );
+ CoreSession session = opContext.getSession();
+ LookupOperationContext lookupContext = new LookupOperationContext( session, parentDn );
+ lookupContext.setAttrsId( SchemaConstants.ALL_ATTRIBUTES_ARRAY );
+
+ originalEntry = directoryService.getPartitionNexus().lookup( lookupContext );
}
Attribute subentries = originalEntry.get( ACCESS_CONTROL_SUBENTRIES_AT );
@@ -436,8 +433,7 @@ public class AciAuthorizationInterceptor
* @throws Exception if there are problems accessing attribute values
* @param proxy the partition nexus proxy object
*/
- private void addSubentryAciTuples( OperationContext opContext, Collection<ACITuple> tuples, Dn dn, Entry entry )
- throws LdapException
+ private void addSubentryAciTuples( OperationContext opContext, Collection<ACITuple> tuples, Dn dn, Entry entry ) throws LdapException
{
// only perform this for subentries
if ( !entry.contains( SchemaConstants.OBJECT_CLASS_AT, SchemaConstants.SUBENTRY_OC ) )
@@ -448,7 +444,11 @@ public class AciAuthorizationInterceptor
// get the parent or administrative entry for this subentry since it
// will contain the subentryACI attributes that effect subentries
Dn parentDn = dn.getParent();
- Entry administrativeEntry = ( ( ClonedServerEntry ) opContext.lookup( parentDn, ByPassConstants.LOOKUP_BYPASS, SchemaConstants.ALL_ATTRIBUTES_ARRAY ) )
+
+ CoreSession session = opContext.getSession();
+ LookupOperationContext lookupContext = new LookupOperationContext( session, parentDn, SchemaConstants.ALL_ATTRIBUTES_ARRAY );
+
+ Entry administrativeEntry = (( ClonedServerEntry ) directoryService.getPartitionNexus().lookup( lookupContext ) )
.getOriginalEntry();
Attribute subentryAci = administrativeEntry.get( SUBENTRY_ACI_AT );
@@ -503,7 +503,7 @@ public class AciAuthorizationInterceptor
public void add( NextInterceptor next, AddOperationContext addContext ) throws LdapException
{
// bypass authz code if it was disabled
- if ( !addContext.getSession().getDirectoryService().isAccessControlEnabled() )
+ if ( !directoryService.isAccessControlEnabled() )
{
ACI_LOG.debug( "ACI interceptor disabled" );
next.add( addContext );
@@ -596,14 +596,14 @@ public class AciAuthorizationInterceptor
}
- public void delete( NextInterceptor next, DeleteOperationContext deleteContext ) throws LdapException
+ public void delete( DeleteOperationContext deleteContext ) throws LdapException
{
CoreSession session = deleteContext.getSession();
// bypass authz code if we are disabled
- if ( !session.getDirectoryService().isAccessControlEnabled() )
+ if ( !directoryService.isAccessControlEnabled() )
{
- next.delete( deleteContext );
+ next( deleteContext );
return;
}
@@ -613,12 +613,12 @@ public class AciAuthorizationInterceptor
Entry entry = deleteContext.getEntry();
- protectCriticalEntries( dn );
+ protectCriticalEntries( deleteContext, dn );
// bypass authz code but manage caches if operation is performed by the admin
if ( isPrincipalAnAdministrator( principalDn ) )
{
- next.delete( deleteContext );
+ next( deleteContext );
tupleCache.subentryDeleted( dn, entry );
groupCache.groupDeleted( dn, entry );
@@ -643,7 +643,7 @@ public class AciAuthorizationInterceptor
engine.checkPermission( aciContext );
- next.delete( deleteContext );
+ next( deleteContext );
tupleCache.subentryDeleted( dn, entry );
groupCache.groupDeleted( dn, entry );
@@ -663,7 +663,7 @@ public class AciAuthorizationInterceptor
Dn principalDn = principal.getDn();
// bypass authz code if we are disabled
- if ( !modifyContext.getSession().getDirectoryService().isAccessControlEnabled() )
+ if ( !directoryService.isAccessControlEnabled() )
{
next.modify( modifyContext );
return;
@@ -679,9 +679,12 @@ public class AciAuthorizationInterceptor
/**
* @TODO: A virtual entry can be created here for not hitting the backend again.
*/
- Entry modifiedEntry = modifyContext.lookup( dn, ByPassConstants.LOOKUP_BYPASS, SchemaConstants.ALL_ATTRIBUTES_ARRAY );
+ CoreSession session = modifyContext.getSession();
+ LookupOperationContext lookupContext = new LookupOperationContext( session, dn, SchemaConstants.ALL_ATTRIBUTES_ARRAY );
+ Entry modifiedEntry = directoryService.getPartitionNexus().lookup( lookupContext );
tupleCache.subentryModified( dn, mods, modifiedEntry );
groupCache.groupModified( dn, mods, entry, schemaManager );
+
return;
}
@@ -801,22 +804,28 @@ public class AciAuthorizationInterceptor
/**
* @TODO: A virtual entry can be created here for not hitting the backend again.
*/
- Entry modifiedEntry = modifyContext.lookup( dn, ByPassConstants.LOOKUP_BYPASS, SchemaConstants.ALL_ATTRIBUTES_ARRAY );
+ CoreSession session = modifyContext.getSession();
+ LookupOperationContext lookupContext = new LookupOperationContext( session, dn, SchemaConstants.ALL_ATTRIBUTES_ARRAY );
+
+ Entry modifiedEntry = directoryService.getPartitionNexus().lookup( lookupContext );
tupleCache.subentryModified( dn, mods, modifiedEntry );
groupCache.groupModified( dn, mods, entry, schemaManager );
}
- public boolean hasEntry( NextInterceptor next, EntryOperationContext hasEntryContext ) throws LdapException
+ /**
+ * {@inheritDoc}
+ */
+ public boolean hasEntry( EntryOperationContext hasEntryContext ) throws LdapException
{
Dn dn = hasEntryContext.getDn();
- if ( !hasEntryContext.getSession().getDirectoryService().isAccessControlEnabled() )
+ if ( !directoryService.isAccessControlEnabled() )
{
- return ( dn.isRootDSE() || next.hasEntry( hasEntryContext ) );
+ return ( dn.isRootDSE() || next( hasEntryContext ) );
}
- boolean answer = next.hasEntry( hasEntryContext );
+ boolean answer = next( hasEntryContext );
// no checks on the RootDSE
if ( dn.isRootDSE() )
@@ -826,8 +835,10 @@ public class AciAuthorizationInterceptor
return answer;
}
+ CoreSession session = hasEntryContext.getSession();
+
// TODO - eventually replace this with a check on session.isAnAdministrator()
- LdapPrincipal principal = hasEntryContext.getSession().getEffectivePrincipal();
+ LdapPrincipal principal = session.getEffectivePrincipal();
Dn principalDn = principal.getDn();
if ( isPrincipalAnAdministrator( principalDn ) )
@@ -835,7 +846,9 @@ public class AciAuthorizationInterceptor
return answer;
}
- Entry entry = hasEntryContext.lookup( dn, ByPassConstants.HAS_ENTRY_BYPASS, SchemaConstants.ALL_ATTRIBUTES_ARRAY );
+ LookupOperationContext lookupContext = new LookupOperationContext( session, dn, SchemaConstants.ALL_ATTRIBUTES_ARRAY );
+ Entry entry = directoryService.getPartitionNexus().lookup( lookupContext );
+
Set<Dn> userGroups = groupCache.getGroups( principalDn.getNormName() );
Collection<ACITuple> tuples = new HashSet<ACITuple>();
addPerscriptiveAciTuples( hasEntryContext, tuples, dn, entry );
@@ -854,7 +867,7 @@ public class AciAuthorizationInterceptor
engine.checkPermission( aciContext );
- return next.hasEntry( hasEntryContext );
+ return next( hasEntryContext );
}
@@ -929,10 +942,9 @@ public class AciAuthorizationInterceptor
/**
* {@inheritDoc}
*/
- public Entry lookup( NextInterceptor next, LookupOperationContext lookupContext ) throws LdapException
+ public Entry lookup( LookupOperationContext lookupContext ) throws LdapException
{
CoreSession session = lookupContext.getSession();
- DirectoryService directoryService = session.getDirectoryService();
LdapPrincipal principal = session.getEffectivePrincipal();
Dn principalDn = principal.getDn();
@@ -945,11 +957,10 @@ public class AciAuthorizationInterceptor
// Bypass this interceptor if we disabled the AC subsystem or if the principal is the admin
if ( isPrincipalAnAdministrator( principalDn ) || !directoryService.isAccessControlEnabled() )
{
- return next.lookup( lookupContext );
+ return next( lookupContext );
}
- lookupContext.setByPassed( ByPassConstants.LOOKUP_BYPASS );
- Entry entry = directoryService.getOperationManager().lookup( lookupContext );
+ Entry entry = directoryService.getPartitionNexus().lookup( lookupContext );
checkLookupAccess( lookupContext, entry );
@@ -972,13 +983,13 @@ public class AciAuthorizationInterceptor
Dn newName = renameContext.getNewDn();
// bypass authz code if we are disabled
- if ( !renameContext.getSession().getDirectoryService().isAccessControlEnabled() )
+ if ( !directoryService.isAccessControlEnabled() )
{
next.rename( renameContext );
return;
}
- protectCriticalEntries( oldName );
+ protectCriticalEntries( renameContext, oldName );
// bypass authz code but manage caches if operation is performed by the admin
if ( isPrincipalAnAdministrator( principalDn ) )
@@ -1015,25 +1026,25 @@ public class AciAuthorizationInterceptor
}
- public void moveAndRename( NextInterceptor next, MoveAndRenameOperationContext moveAndRenameContext )
- throws LdapException
+ public void moveAndRename( NextInterceptor next, MoveAndRenameOperationContext moveAndRenameContext ) throws LdapException
{
Dn oldDn = moveAndRenameContext.getDn();
+ CoreSession session = moveAndRenameContext.getSession();
Entry entry = moveAndRenameContext.getOriginalEntry();
- LdapPrincipal principal = moveAndRenameContext.getSession().getEffectivePrincipal();
+ LdapPrincipal principal = session.getEffectivePrincipal();
Dn principalDn = principal.getDn();
Dn newDn = moveAndRenameContext.getNewDn();
// bypass authz code if we are disabled
- if ( !moveAndRenameContext.getSession().getDirectoryService().isAccessControlEnabled() )
+ if ( !directoryService.isAccessControlEnabled() )
{
next.moveAndRename( moveAndRenameContext );
return;
}
- protectCriticalEntries( oldDn );
+ protectCriticalEntries( moveAndRenameContext, oldDn );
// bypass authz code but manage caches if operation is performed by the admin
if ( isPrincipalAnAdministrator( principalDn ) )
@@ -1041,6 +1052,7 @@ public class AciAuthorizationInterceptor
next.moveAndRename( moveAndRenameContext );
tupleCache.subentryRenamed( oldDn, newDn );
groupCache.groupRenamed( oldDn, newDn );
+
return;
}
@@ -1067,8 +1079,8 @@ public class AciAuthorizationInterceptor
// This will certainly be fixed by the SubentryInterceptor,
// but after this service.
- Entry importedEntry = moveAndRenameContext.lookup( oldDn,
- ByPassConstants.LOOKUP_EXCLUDING_OPR_ATTRS_BYPASS, SchemaConstants.ALL_ATTRIBUTES_ARRAY );
+ LookupOperationContext lookupContext = new LookupOperationContext( session, oldDn, SchemaConstants.ALL_USER_ATTRIBUTES_ARRAY );
+ Entry importedEntry = directoryService.getPartitionNexus().lookup( lookupContext );
// As the target entry does not exist yet and so
// its subentry operational attributes are not there,
@@ -1114,20 +1126,21 @@ public class AciAuthorizationInterceptor
// Access the principal requesting the operation, and bypass checks if it is the admin
Entry entry = moveContext.getOriginalEntry();
+ CoreSession session = moveContext.getSession();
Dn newDn = moveContext.getNewDn();
- LdapPrincipal principal = moveContext.getSession().getEffectivePrincipal();
+ LdapPrincipal principal = session.getEffectivePrincipal();
Dn principalDn = principal.getDn();
// bypass authz code if we are disabled
- if ( !moveContext.getSession().getDirectoryService().isAccessControlEnabled() )
+ if ( !directoryService.isAccessControlEnabled() )
{
next.move( moveContext );
return;
}
- protectCriticalEntries( oriChildName );
+ protectCriticalEntries( moveContext, oriChildName );
// bypass authz code but manage caches if operation is performed by the admin
if ( isPrincipalAnAdministrator( principalDn ) )
@@ -1160,7 +1173,8 @@ public class AciAuthorizationInterceptor
// will not be valid at the new location.
// This will certainly be fixed by the SubentryInterceptor,
// but after this service.
- Entry importedEntry = moveContext.lookup( oriChildName, ByPassConstants.LOOKUP_EXCLUDING_OPR_ATTRS_BYPASS, SchemaConstants.ALL_ATTRIBUTES_ARRAY );
+ LookupOperationContext lookupContext = new LookupOperationContext( session, oriChildName, SchemaConstants.ALL_USER_ATTRIBUTES_ARRAY );
+ Entry importedEntry = directoryService.getPartitionNexus().lookup( lookupContext );
// As the target entry does not exist yet and so
// its subentry operational attributes are not there,
@@ -1197,19 +1211,23 @@ public class AciAuthorizationInterceptor
}
- public EntryFilteringCursor list( NextInterceptor next, ListOperationContext listContext ) throws LdapException
+ /**
+ * {@inheritDoc}
+ */
+ public EntryFilteringCursor list( ListOperationContext listContext ) throws LdapException
{
LdapPrincipal user = listContext.getSession().getEffectivePrincipal();
- EntryFilteringCursor cursor = next.list( listContext );
+ EntryFilteringCursor cursor = next( listContext );
if ( isPrincipalAnAdministrator( user.getDn() )
- || !listContext.getSession().getDirectoryService().isAccessControlEnabled() )
+ || !directoryService.isAccessControlEnabled() )
{
return cursor;
}
AuthorizationFilter authzFilter = new AuthorizationFilter();
cursor.addEntryFilter( authzFilter );
+
return cursor;
}
@@ -1226,7 +1244,7 @@ public class AciAuthorizationInterceptor
&& searchCtls.getSearchScope() == SearchControls.OBJECT_SCOPE;
if ( isPrincipalAnAdministrator( principalDn )
- || !searchContext.getSession().getDirectoryService().isAccessControlEnabled() || isRootDSELookup
+ || !directoryService.isAccessControlEnabled() || isRootDSELookup
|| isSubschemaSubentryLookup )
{
return cursor;
@@ -1246,21 +1264,20 @@ public class AciAuthorizationInterceptor
/**
* {@inheritDoc}
*/
- public boolean compare( NextInterceptor next, CompareOperationContext compareContext ) throws LdapException
+ public boolean compare( CompareOperationContext compareContext ) throws LdapException
{
CoreSession session = compareContext.getSession();
Dn dn = compareContext.getDn();
String oid = compareContext.getOid();
- Value<?> value = compareContext.getValue();
Entry entry = compareContext.getOriginalEntry();
LdapPrincipal principal = session.getEffectivePrincipal();
Dn principalDn = principal.getDn();
- if ( isPrincipalAnAdministrator( principalDn ) || !session.getDirectoryService().isAccessControlEnabled() )
+ if ( isPrincipalAnAdministrator( principalDn ) || !directoryService.isAccessControlEnabled() )
{
- return next.compare( compareContext );
+ return next( compareContext );
}
Set<Dn> userGroups = groupCache.getGroups( principalDn.getNormName() );
@@ -1294,7 +1311,7 @@ public class AciAuthorizationInterceptor
engine.checkPermission( aciContext );
- return next.compare( compareContext );
+ return next( compareContext );
}
@@ -1407,7 +1424,7 @@ public class AciAuthorizationInterceptor
return true;
}
-
+
/**
* WARNING: create one of these filters fresh every time for each new search.
*/
@@ -1416,7 +1433,7 @@ public class AciAuthorizationInterceptor
public boolean accept( SearchingOperationContext searchContext, Entry entry ) throws Exception
{
Dn normName = entry.getDn().apply( schemaManager );
-
+
return filter( searchContext, normName, entry );
}
}