You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by el...@apache.org on 2016/06/15 12:30:01 UTC
svn commit: r1748572 [14/23] - in
/directory/apacheds/branches/apacheds-value: ./
benchmarks/installers-maven-plugin/
benchmarks/installers-maven-plugin/.settings/
benchmarks/installers-maven-plugin/target/
benchmarks/installers-maven-plugin/target/cla...
Modified: directory/apacheds/branches/apacheds-value/interceptors/authz/src/main/java/org/apache/directory/server/core/authz/AciAuthorizationInterceptor.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/apacheds-value/interceptors/authz/src/main/java/org/apache/directory/server/core/authz/AciAuthorizationInterceptor.java?rev=1748572&r1=1748571&r2=1748572&view=diff
==============================================================================
--- directory/apacheds/branches/apacheds-value/interceptors/authz/src/main/java/org/apache/directory/server/core/authz/AciAuthorizationInterceptor.java (original)
+++ directory/apacheds/branches/apacheds-value/interceptors/authz/src/main/java/org/apache/directory/server/core/authz/AciAuthorizationInterceptor.java Wed Jun 15 12:29:57 2016
@@ -39,7 +39,6 @@ import org.apache.directory.api.ldap.mod
import org.apache.directory.api.ldap.model.entry.Attribute;
import org.apache.directory.api.ldap.model.entry.Entry;
import org.apache.directory.api.ldap.model.entry.Modification;
-import org.apache.directory.api.ldap.model.entry.StringValue;
import org.apache.directory.api.ldap.model.entry.Value;
import org.apache.directory.api.ldap.model.exception.LdapException;
import org.apache.directory.api.ldap.model.exception.LdapNoPermissionException;
@@ -112,22 +111,22 @@ public class AciAuthorizationInterceptor
static
{
- Set<MicroOperation> set = new HashSet<MicroOperation>( 2 );
+ Set<MicroOperation> set = new HashSet<>( 2 );
set.add( MicroOperation.BROWSE );
set.add( MicroOperation.RETURN_DN );
SEARCH_ENTRY_PERMS = Collections.unmodifiableCollection( set );
- set = new HashSet<MicroOperation>( 2 );
+ set = new HashSet<>( 2 );
set.add( MicroOperation.READ );
set.add( MicroOperation.BROWSE );
LOOKUP_PERMS = Collections.unmodifiableCollection( set );
- set = new HashSet<MicroOperation>( 2 );
+ set = new HashSet<>( 2 );
set.add( MicroOperation.ADD );
set.add( MicroOperation.REMOVE );
REPLACE_PERMS = Collections.unmodifiableCollection( set );
- set = new HashSet<MicroOperation>( 2 );
+ set = new HashSet<>( 2 );
set.add( MicroOperation.EXPORT );
set.add( MicroOperation.RENAME );
MOVERENAME_PERMS = Collections.unmodifiableCollection( set );
@@ -156,7 +155,7 @@ public class AciAuthorizationInterceptor
private ACDFEngine engine;
/** the system wide subschemaSubentryDn */
- private String subschemaSubentryDn;
+ private Dn subschemaSubentryDn;
/** A reference to the nexus for direct backend operations */
private PartitionNexus nexus;
@@ -182,15 +181,14 @@ public class AciAuthorizationInterceptor
private void initTupleCache() throws LdapException
{
// Load all the prescriptiveACI : they are stored in AccessControlSubentry entries
- Dn adminDn = new Dn( schemaManager, ServerDNConstants.ADMIN_SYSTEM_DN );
-
SearchControls controls = new SearchControls();
controls.setSearchScope( SearchControls.SUBTREE_SCOPE );
controls.setReturningAttributes( new String[]
{ SchemaConstants.PRESCRIPTIVE_ACI_AT } );
- ExprNode filter = new EqualityNode<String>( directoryService.getAtProvider().getObjectClass(), new StringValue(
- SchemaConstants.ACCESS_CONTROL_SUBENTRY_OC ) );
+ AttributeType ocAt = directoryService.getAtProvider().getObjectClass();
+ ExprNode filter = new EqualityNode<String>( ocAt,
+ new Value( ocAt, SchemaConstants.ACCESS_CONTROL_SUBENTRY_OC ) );
CoreSession adminSession = directoryService.getAdminSession();
@@ -225,19 +223,16 @@ public class AciAuthorizationInterceptor
private void initGroupCache() throws LdapException
{
// Load all the member/uniqueMember : they are stored in groupOfNames/groupOfUniqueName
- Dn adminDn = new Dn( schemaManager, ServerDNConstants.ADMIN_SYSTEM_DN );
-
SearchControls controls = new SearchControls();
controls.setSearchScope( SearchControls.SUBTREE_SCOPE );
controls.setReturningAttributes( new String[]
{ SchemaConstants.MEMBER_AT, SchemaConstants.UNIQUE_MEMBER_AT } );
+ AttributeType ocAt = directoryService.getAtProvider().getObjectClass();
ExprNode filter =
new OrNode(
- new EqualityNode<String>( directoryService.getAtProvider().getObjectClass(),
- new StringValue( SchemaConstants.GROUP_OF_NAMES_OC ) ),
- new EqualityNode<String>( directoryService.getAtProvider().getObjectClass(),
- new StringValue( SchemaConstants.GROUP_OF_UNIQUE_NAMES_OC ) ) );
+ new EqualityNode<String>( ocAt, new Value( ocAt, SchemaConstants.GROUP_OF_NAMES_OC ) ),
+ new EqualityNode<String>( ocAt, new Value( ocAt, SchemaConstants.GROUP_OF_UNIQUE_NAMES_OC ) ) );
CoreSession adminSession = directoryService.getAdminSession();
@@ -254,7 +249,7 @@ public class AciAuthorizationInterceptor
{
Entry entry = results.get();
- groupCache.groupAdded( entry.getDn(), entry );
+ groupCache.groupAdded( entry.getDn().getNormName(), entry );
}
results.close();
@@ -273,6 +268,7 @@ public class AciAuthorizationInterceptor
* @param directoryService the directory service core
* @throws Exception if there are problems during initialization
*/
+ @Override
public void init( DirectoryService directoryService ) throws LdapException
{
LOG.debug( "Initializing the AciAuthorizationInterceptor" );
@@ -292,10 +288,9 @@ public class AciAuthorizationInterceptor
engine = new ACDFEngine( schemaManager );
// stuff for dealing with subentries (garbage for now)
- Value<?> subschemaSubentry = directoryService.getPartitionNexus().getRootDseValue(
+ Value subschemaSubentry = directoryService.getPartitionNexus().getRootDseValue(
directoryService.getAtProvider().getSubschemaSubentry() );
- Dn subschemaSubentryDnName = dnFactory.create( subschemaSubentry.getString() );
- subschemaSubentryDn = subschemaSubentryDnName.getNormName();
+ subschemaSubentryDn = dnFactory.create( subschemaSubentry.getValue() );
// Init the caches now
initTupleCache();
@@ -343,7 +338,7 @@ public class AciAuthorizationInterceptor
private void addPerscriptiveAciTuples( OperationContext opContext, Collection<ACITuple> tuples, Dn dn, Entry entry )
throws LdapException
{
- Entry originalEntry = null;
+ Entry originalEntry;
if ( entry instanceof ClonedServerEntry )
{
@@ -382,10 +377,11 @@ public class AciAuthorizationInterceptor
return;
}
- for ( Value<?> value : subentries )
+ for ( Value value : subentries )
{
- String subentryDn = value.getString();
- tuples.addAll( tupleCache.getACITuples( subentryDn ) );
+ String subentryDnStr = value.getValue();
+ Dn subentryDn = dnFactory.create( subentryDnStr );
+ tuples.addAll( tupleCache.getACITuples( subentryDn.getNormName() ) );
}
}
@@ -407,9 +403,9 @@ public class AciAuthorizationInterceptor
return;
}
- for ( Value<?> value : entryAci )
+ for ( Value value : entryAci )
{
- String aciString = value.getString();
+ String aciString = value.getValue();
ACIItem item;
try
@@ -465,9 +461,9 @@ public class AciAuthorizationInterceptor
return;
}
- for ( Value<?> value : subentryAci )
+ for ( Value value : subentryAci )
{
- String aciString = value.getString();
+ String aciString = value.getValue();
ACIItem item;
try
@@ -509,6 +505,7 @@ public class AciAuthorizationInterceptor
/**
* {@inheritDoc}
*/
+ @Override
public void add( AddOperationContext addContext ) throws LdapException
{
// bypass authz code if it was disabled
@@ -536,7 +533,7 @@ public class AciAuthorizationInterceptor
next( addContext );
tupleCache.subentryAdded( dn, serverEntry );
- groupCache.groupAdded( dn, serverEntry );
+ groupCache.groupAdded( dn.getNormName(), serverEntry );
return;
}
@@ -549,8 +546,8 @@ public class AciAuthorizationInterceptor
}
// Assemble all the information required to make an access control decision
- Set<Dn> userGroups = groupCache.getGroups( principalDn.getNormName() );
- Collection<ACITuple> tuples = new HashSet<ACITuple>();
+ Set<String> userGroups = groupCache.getGroups( principalDn.getNormName() );
+ Collection<ACITuple> tuples = new HashSet<>();
// Build the total collection of tuples to be considered for add rights
// NOTE: entryACI are NOT considered in adds (it would be a security breech)
@@ -572,7 +569,7 @@ public class AciAuthorizationInterceptor
// now we must check if attribute type and value scope permission is granted
for ( Attribute attribute : serverEntry )
{
- for ( Value<?> value : attribute )
+ for ( Value value : attribute )
{
AciContext attrAciContext = new AciContext( schemaManager, addContext );
attrAciContext.setUserGroupNames( userGroups );
@@ -595,13 +592,14 @@ public class AciAuthorizationInterceptor
// if the entry added is a subentry or a groupOf[Unique]Names we must
// update the ACITuple cache and the groups cache to keep them in sync
tupleCache.subentryAdded( dn, serverEntry );
- groupCache.groupAdded( dn, serverEntry );
+ groupCache.groupAdded( dn.getNormName(), serverEntry );
}
/**
* {@inheritDoc}
*/
+ @Override
public boolean compare( CompareOperationContext compareContext ) throws LdapException
{
CoreSession session = compareContext.getSession();
@@ -618,8 +616,8 @@ public class AciAuthorizationInterceptor
return next( compareContext );
}
- Set<Dn> userGroups = groupCache.getGroups( principalDn.getNormName() );
- Collection<ACITuple> tuples = new HashSet<ACITuple>();
+ Set<String> userGroups = groupCache.getGroups( principalDn.getNormName() );
+ Collection<ACITuple> tuples = new HashSet<>();
addPerscriptiveAciTuples( compareContext, tuples, dn, entry );
addEntryAciTuples( tuples, entry );
addSubentryAciTuples( compareContext, tuples, dn, entry );
@@ -656,6 +654,7 @@ public class AciAuthorizationInterceptor
/**
* {@inheritDoc}
*/
+ @Override
public void delete( DeleteOperationContext deleteContext ) throws LdapException
{
CoreSession session = deleteContext.getSession();
@@ -686,8 +685,8 @@ public class AciAuthorizationInterceptor
return;
}
- Set<Dn> userGroups = groupCache.getGroups( principalDn.getNormName() );
- Collection<ACITuple> tuples = new HashSet<ACITuple>();
+ Set<String> userGroups = groupCache.getGroups( principalDn.getNormName() );
+ Collection<ACITuple> tuples = new HashSet<>();
addPerscriptiveAciTuples( deleteContext, tuples, dn, entry );
addEntryAciTuples( tuples, entry );
addSubentryAciTuples( deleteContext, tuples, dn, entry );
@@ -713,13 +712,14 @@ public class AciAuthorizationInterceptor
/**
* {@inheritDoc}
*/
+ @Override
public boolean hasEntry( HasEntryOperationContext hasEntryContext ) throws LdapException
{
Dn dn = hasEntryContext.getDn();
if ( !directoryService.isAccessControlEnabled() )
{
- return ( dn.isRootDse() || next( hasEntryContext ) );
+ return dn.isRootDse() || next( hasEntryContext );
}
boolean answer = next( hasEntryContext );
@@ -747,8 +747,8 @@ public class AciAuthorizationInterceptor
SchemaConstants.ALL_ATTRIBUTES_ARRAY );
Entry entry = directoryService.getPartitionNexus().lookup( lookupContext );
- Set<Dn> userGroups = groupCache.getGroups( principalDn.getNormName() );
- Collection<ACITuple> tuples = new HashSet<ACITuple>();
+ Set<String> userGroups = groupCache.getGroups( principalDn.getNormName() );
+ Collection<ACITuple> tuples = new HashSet<>();
addPerscriptiveAciTuples( hasEntryContext, tuples, dn, entry );
addEntryAciTuples( tuples, ( ( ClonedServerEntry ) entry ).getOriginalEntry() );
addSubentryAciTuples( hasEntryContext, tuples, dn, ( ( ClonedServerEntry ) entry ).getOriginalEntry() );
@@ -772,6 +772,7 @@ public class AciAuthorizationInterceptor
/**
* {@inheritDoc}
*/
+ @Override
public Entry lookup( LookupOperationContext lookupContext ) throws LdapException
{
CoreSession session = lookupContext.getSession();
@@ -780,8 +781,11 @@ public class AciAuthorizationInterceptor
LdapPrincipal principal = session.getEffectivePrincipal();
Dn principalDn = principal.getDn();
-
- principalDn.apply( schemaManager );
+
+ if ( !principalDn.isSchemaAware() )
+ {
+ principalDn = new Dn( schemaManager, principalDn );
+ }
// Bypass this interceptor if we disabled the AC subsystem or if the principal is the admin
if ( isPrincipalAnAdministrator( principalDn ) || !directoryService.isAccessControlEnabled() )
@@ -798,6 +802,7 @@ public class AciAuthorizationInterceptor
/**
* {@inheritDoc}
*/
+ @Override
public void modify( ModifyOperationContext modifyContext ) throws LdapException
{
Dn dn = modifyContext.getDn();
@@ -829,8 +834,8 @@ public class AciAuthorizationInterceptor
return;
}
- Set<Dn> userGroups = groupCache.getGroups( principalDn.getName() );
- Collection<ACITuple> tuples = new HashSet<ACITuple>();
+ Set<String> userGroups = groupCache.getGroups( principalDn.getNormName() );
+ Collection<ACITuple> tuples = new HashSet<>();
addPerscriptiveAciTuples( modifyContext, tuples, dn, entry );
addEntryAciTuples( tuples, entry );
addSubentryAciTuples( modifyContext, tuples, dn, entry );
@@ -846,7 +851,7 @@ public class AciAuthorizationInterceptor
engine.checkPermission( entryAciContext );
- Collection<MicroOperation> perms = null;
+ Collection<MicroOperation> perms;
Entry entryView = entry.clone();
for ( Modification mod : mods )
@@ -881,24 +886,21 @@ public class AciAuthorizationInterceptor
perms = REMOVE_PERMS;
Attribute entryAttr = entry.get( attr.getId() );
- if ( entryAttr != null )
+ if ( ( entryAttr != null ) && ( entryAttr.size() == 1 ) )
{
// If there is only one value remaining in the attribute ...
- if ( entryAttr.size() == 1 )
- {
- // ... we also need to check if removing the attribute at all is permitted
- AciContext aciContext = new AciContext( schemaManager, modifyContext );
- aciContext.setUserGroupNames( userGroups );
- aciContext.setUserDn( principalDn );
- aciContext.setAuthenticationLevel( principal.getAuthenticationLevel() );
- aciContext.setEntryDn( dn );
- aciContext.setAttributeType( attr.getAttributeType() );
- aciContext.setMicroOperations( perms );
- aciContext.setAciTuples( tuples );
- aciContext.setEntry( entry );
+ // ... we also need to check if removing the attribute at all is permitted
+ AciContext aciContext = new AciContext( schemaManager, modifyContext );
+ aciContext.setUserGroupNames( userGroups );
+ aciContext.setUserDn( principalDn );
+ aciContext.setAuthenticationLevel( principal.getAuthenticationLevel() );
+ aciContext.setEntryDn( dn );
+ aciContext.setAttributeType( attr.getAttributeType() );
+ aciContext.setMicroOperations( perms );
+ aciContext.setAciTuples( tuples );
+ aciContext.setEntry( entry );
- engine.checkPermission( aciContext );
- }
+ engine.checkPermission( aciContext );
}
break;
@@ -926,7 +928,7 @@ public class AciAuthorizationInterceptor
*/
entryView = ServerEntryUtils.getTargetEntry( mod, entryView, schemaManager );
- for ( Value<?> value : attr )
+ for ( Value value : attr )
{
AciContext aciContext = new AciContext( schemaManager, modifyContext );
aciContext.setUserGroupNames( userGroups );
@@ -955,6 +957,7 @@ public class AciAuthorizationInterceptor
/**
* {@inheritDoc}
*/
+ @Override
public void move( MoveOperationContext moveContext ) throws LdapException
{
Dn oriChildName = moveContext.getDn();
@@ -986,8 +989,8 @@ public class AciAuthorizationInterceptor
return;
}
- Set<Dn> userGroups = groupCache.getGroups( principalDn.getNormName() );
- Collection<ACITuple> tuples = new HashSet<ACITuple>();
+ Set<String> userGroups = groupCache.getGroups( principalDn.getNormName() );
+ Collection<ACITuple> tuples = new HashSet<>();
addPerscriptiveAciTuples( moveContext, tuples, oriChildName, entry );
addEntryAciTuples( tuples, entry );
addSubentryAciTuples( moveContext, tuples, oriChildName, entry );
@@ -1024,7 +1027,7 @@ public class AciAuthorizationInterceptor
subentryAttrs.put( attribute );
}
- Collection<ACITuple> destTuples = new HashSet<ACITuple>();
+ Collection<ACITuple> destTuples = new HashSet<>();
// Import permission is only valid for prescriptive ACIs
addPerscriptiveAciTuples( moveContext, destTuples, newDn, subentryAttrs );
@@ -1050,6 +1053,7 @@ public class AciAuthorizationInterceptor
/**
* {@inheritDoc}
*/
+ @Override
public void moveAndRename( MoveAndRenameOperationContext moveAndRenameContext ) throws LdapException
{
Dn oldDn = moveAndRenameContext.getDn();
@@ -1081,8 +1085,8 @@ public class AciAuthorizationInterceptor
return;
}
- Set<Dn> userGroups = groupCache.getGroups( principalDn.getNormName() );
- Collection<ACITuple> tuples = new HashSet<ACITuple>();
+ Set<String> userGroups = groupCache.getGroups( principalDn.getNormName() );
+ Collection<ACITuple> tuples = new HashSet<>();
addPerscriptiveAciTuples( moveAndRenameContext, tuples, oldDn, entry );
addEntryAciTuples( tuples, entry );
addSubentryAciTuples( moveAndRenameContext, tuples, oldDn, entry );
@@ -1120,7 +1124,7 @@ public class AciAuthorizationInterceptor
subentryAttrs.put( attribute );
}
- Collection<ACITuple> destTuples = new HashSet<ACITuple>();
+ Collection<ACITuple> destTuples = new HashSet<>();
// Import permission is only valid for prescriptive ACIs
addPerscriptiveAciTuples( moveAndRenameContext, destTuples, newDn, subentryAttrs );
@@ -1146,6 +1150,7 @@ public class AciAuthorizationInterceptor
/**
* {@inheritDoc}
*/
+ @Override
public void rename( RenameOperationContext renameContext ) throws LdapException
{
Dn oldName = renameContext.getDn();
@@ -1181,8 +1186,8 @@ public class AciAuthorizationInterceptor
return;
}
- Set<Dn> userGroups = groupCache.getGroups( principalDn.getNormName() );
- Collection<ACITuple> tuples = new HashSet<ACITuple>();
+ Set<String> userGroups = groupCache.getGroups( principalDn.getNormName() );
+ Collection<ACITuple> tuples = new HashSet<>();
addPerscriptiveAciTuples( renameContext, tuples, oldName, originalEntry );
addEntryAciTuples( tuples, originalEntry );
addSubentryAciTuples( renameContext, tuples, oldName, originalEntry );
@@ -1207,13 +1212,14 @@ public class AciAuthorizationInterceptor
/**
* {@inheritDoc}
*/
+ @Override
public EntryFilteringCursor search( SearchOperationContext searchContext ) throws LdapException
{
LdapPrincipal user = searchContext.getSession().getEffectivePrincipal();
Dn principalDn = user.getDn();
EntryFilteringCursor cursor = next( searchContext );
- boolean isSubschemaSubentryLookup = subschemaSubentryDn.equals( searchContext.getDn().getNormName() );
+ boolean isSubschemaSubentryLookup = subschemaSubentryDn.equals( searchContext.getDn() );
boolean isRootDseLookup = ( searchContext.getDn().size() == 0 )
&& ( searchContext.getScope() == SearchScope.OBJECT );
@@ -1257,8 +1263,8 @@ public class AciAuthorizationInterceptor
LdapPrincipal principal = lookupContext.getSession().getEffectivePrincipal();
Dn userName = principal.getDn();
- Set<Dn> userGroups = groupCache.getGroups( userName.getNormName() );
- Collection<ACITuple> tuples = new HashSet<ACITuple>();
+ Set<String> userGroups = groupCache.getGroups( userName.getNormName() );
+ Collection<ACITuple> tuples = new HashSet<>();
addPerscriptiveAciTuples( lookupContext, tuples, dn, entry );
addEntryAciTuples( tuples, entry );
addSubentryAciTuples( lookupContext, tuples, dn, entry );
@@ -1279,7 +1285,7 @@ public class AciAuthorizationInterceptor
for ( Attribute attribute : entry )
{
- for ( Value<?> value : attribute )
+ for ( Value value : attribute )
{
AciContext valueAciContext = new AciContext( schemaManager, lookupContext );
valueAciContext.setUserGroupNames( userGroups );
@@ -1300,11 +1306,11 @@ public class AciAuthorizationInterceptor
public final boolean isPrincipalAnAdministrator( Dn principalDn )
{
- return groupCache.isPrincipalAnAdministrator( principalDn );
+ return groupCache.isPrincipalAnAdministrator( principalDn.getNormName() );
}
- public void cacheNewGroup( Dn name, Entry entry ) throws Exception
+ public void cacheNewGroup( String name, Entry entry ) throws Exception
{
groupCache.groupAdded( name, entry );
}
@@ -1320,8 +1326,8 @@ public class AciAuthorizationInterceptor
LdapPrincipal principal = opContext.getSession().getEffectivePrincipal();
Dn userDn = principal.getDn();
- Set<Dn> userGroups = groupCache.getGroups( userDn.getNormName() );
- Collection<ACITuple> tuples = new HashSet<ACITuple>();
+ Set<String> userGroups = groupCache.getGroups( userDn.getNormName() );
+ Collection<ACITuple> tuples = new HashSet<>();
addPerscriptiveAciTuples( opContext, tuples, normName, clonedEntry );
addEntryAciTuples( tuples, ( ( ClonedServerEntry ) clonedEntry ).getOriginalEntry() );
addSubentryAciTuples( opContext, tuples, normName, ( ( ClonedServerEntry ) clonedEntry ).getOriginalEntry() );
@@ -1347,7 +1353,7 @@ public class AciAuthorizationInterceptor
* not allowed are removed from the attribute. If the attribute has no more
* values remaining then the entire attribute is removed.
*/
- List<AttributeType> attributeToRemove = new ArrayList<AttributeType>();
+ List<AttributeType> attributeToRemove = new ArrayList<>();
for ( Attribute attribute : clonedEntry.getAttributes() )
{
@@ -1372,10 +1378,10 @@ public class AciAuthorizationInterceptor
continue;
}
- List<Value<?>> valueToRemove = new ArrayList<Value<?>>();
+ List<Value> valueToRemove = new ArrayList<>();
// attribute type scope is ok now let's determine value level scope
- for ( Value<?> value : attr )
+ for ( Value value : attr )
{
aciContext = new AciContext( schemaManager, opContext );
aciContext.setUserGroupNames( userGroups );
@@ -1394,7 +1400,7 @@ public class AciAuthorizationInterceptor
}
}
- for ( Value<?> value : valueToRemove )
+ for ( Value value : valueToRemove )
{
attr.remove( value );
}
@@ -1421,17 +1427,22 @@ public class AciAuthorizationInterceptor
/**
* {@inheritDoc}
*/
+ @Override
public boolean accept( SearchOperationContext searchContext, Entry entry ) throws LdapException
{
- Dn normName = entry.getDn().apply( schemaManager );
+ if ( !entry.getDn().isSchemaAware() )
+ {
+ entry.setDn( new Dn( schemaManager, entry.getDn() ) );
+ }
- return filter( searchContext, normName, entry );
+ return filter( searchContext, entry.getDn(), entry );
}
/**
* {@inheritDoc}
*/
+ @Override
public String toString( String tabs )
{
return tabs + "AuthorizationFilter";
@@ -1441,6 +1452,6 @@ public class AciAuthorizationInterceptor
private boolean isTheAdministrator( Dn normalizedDn )
{
- return normalizedDn.getNormName().equals( ServerDNConstants.ADMIN_SYSTEM_DN_NORMALIZED );
+ return normalizedDn.equals( ServerDNConstants.ADMIN_SYSTEM_DN_NORMALIZED );
}
}
Modified: directory/apacheds/branches/apacheds-value/interceptors/authz/src/main/java/org/apache/directory/server/core/authz/DefaultAuthorizationInterceptor.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/apacheds-value/interceptors/authz/src/main/java/org/apache/directory/server/core/authz/DefaultAuthorizationInterceptor.java?rev=1748572&r1=1748571&r2=1748572&view=diff
==============================================================================
--- directory/apacheds/branches/apacheds-value/interceptors/authz/src/main/java/org/apache/directory/server/core/authz/DefaultAuthorizationInterceptor.java (original)
+++ directory/apacheds/branches/apacheds-value/interceptors/authz/src/main/java/org/apache/directory/server/core/authz/DefaultAuthorizationInterceptor.java Wed Jun 15 12:29:57 2016
@@ -75,7 +75,7 @@ public class DefaultAuthorizationInterce
/** the distinguished {@link Name} for the administrator group */
private Dn adminGroupDn;
- private Set<String> administrators = new HashSet<String>( 2 );
+ private Set<String> administrators = new HashSet<>( 2 );
private PartitionNexus nexus;
@@ -133,7 +133,7 @@ public class DefaultAuthorizationInterce
private void loadAdministrators( DirectoryService directoryService ) throws LdapException
{
// read in the administrators and cache their normalized names
- Set<String> newAdministrators = new HashSet<String>( 2 );
+ Set<String> newAdministrators = new HashSet<>( 2 );
CoreSession adminSession = directoryService.getAdminSession();
Entry adminGroup = nexus.lookup( new LookupOperationContext( adminSession, adminGroupDn ) );
@@ -145,9 +145,9 @@ public class DefaultAuthorizationInterce
Attribute uniqueMember = adminGroup.get( directoryService.getAtProvider().getUniqueMember() );
- for ( Value<?> value : uniqueMember )
+ for ( Value value : uniqueMember )
{
- Dn memberDn = dnFactory.create( value.getString() );
+ Dn memberDn = dnFactory.create( value.getValue() );
newAdministrators.add( memberDn.getNormName() );
}
@@ -263,7 +263,7 @@ public class DefaultAuthorizationInterce
next( modifyContext );
// update administrators if we change administrators group
- if ( dn.equals( adminGroupDn ) )
+ if ( dn.getNormName().equals( adminGroupDn.getNormName() ) )
{
loadAdministrators( modifyContext.getSession().getDirectoryService() );
}
@@ -345,7 +345,7 @@ public class DefaultAuthorizationInterce
private boolean isTheAdministrator( Dn dn )
{
- return dn.equals( adminSystemDn );
+ return dn.getNormName().equals( adminSystemDn.getNormName() );
}
@@ -468,7 +468,7 @@ public class DefaultAuthorizationInterce
if ( normalizedDn.isDescendantOf( adminSystemDn ) )
{
// allow for self reads
- if ( normalizedDn.getNormName().equals( principalDn.getNormName() ) )
+ if ( normalizedDn.equals( principalDn ) )
{
return;
}
@@ -495,7 +495,7 @@ public class DefaultAuthorizationInterce
if ( isTheAdministrator( normalizedDn ) )
{
// allow for self reads
- if ( normalizedDn.getNormName().equals( principalDn.getNormName() ) )
+ if ( normalizedDn.equals( principalDn ) )
{
return;
}
@@ -514,8 +514,11 @@ public class DefaultAuthorizationInterce
{
Dn principalDn = opContext.getSession().getEffectivePrincipal().getDn();
Dn dn = entry.getDn();
-
- dn.apply( schemaManager );
+
+ if ( !dn.isSchemaAware() )
+ {
+ dn = new Dn( schemaManager, dn );
+ }
// Admin users gets full access to all entries
if ( isAnAdministrator( principalDn ) )
Modified: directory/apacheds/branches/apacheds-value/interceptors/authz/src/main/java/org/apache/directory/server/core/authz/GroupCache.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/apacheds-value/interceptors/authz/src/main/java/org/apache/directory/server/core/authz/GroupCache.java?rev=1748572&r1=1748571&r2=1748572&view=diff
==============================================================================
--- directory/apacheds/branches/apacheds-value/interceptors/authz/src/main/java/org/apache/directory/server/core/authz/GroupCache.java (original)
+++ directory/apacheds/branches/apacheds-value/interceptors/authz/src/main/java/org/apache/directory/server/core/authz/GroupCache.java Wed Jun 15 12:29:57 2016
@@ -34,7 +34,6 @@ import org.apache.directory.api.ldap.mod
import org.apache.directory.api.ldap.model.entry.Entry;
import org.apache.directory.api.ldap.model.entry.Modification;
import org.apache.directory.api.ldap.model.entry.ModificationOperation;
-import org.apache.directory.api.ldap.model.entry.StringValue;
import org.apache.directory.api.ldap.model.entry.Value;
import org.apache.directory.api.ldap.model.exception.LdapException;
import org.apache.directory.api.ldap.model.exception.LdapOperationException;
@@ -86,11 +85,14 @@ public class GroupCache
/** the normalized dn of the administrators group */
private Dn administratorsGroupDn;
+
+ /** The Admin user DN */
+ private Dn adminSystemDn;
- private static final Set<Dn> EMPTY_GROUPS = new HashSet<Dn>();
+ private static final Set<String> EMPTY_GROUPS = new HashSet<>();
/** String key for the Dn of a group to a Set (HashSet) for the Strings of member DNs */
- private Cache ehCache;
+ private Cache groupCache;
@@ -110,7 +112,7 @@ public class GroupCache
// stuff for dealing with the admin group
administratorsGroupDn = parseNormalized( ServerDNConstants.ADMINISTRATORS_GROUP_DN );
- this.ehCache = dirService.getCacheService().getCache( "groupCache" );
+ groupCache = dirService.getCacheService().getCache( "groupCache" );
initialize( dirService.getAdminSession() );
}
@@ -118,8 +120,7 @@ public class GroupCache
private Dn parseNormalized( String name ) throws LdapException
{
- Dn dn = dnFactory.create( name );
- return dn;
+ return dnFactory.create( name );
}
@@ -136,10 +137,11 @@ public class GroupCache
// didn't use clone() cause it is creating List objects, which IMO is not worth calling
// in this initialization phase
BranchNode filter = new OrNode();
- filter.addNode( new EqualityNode<String>( directoryService.getAtProvider().getObjectClass(),
- new StringValue( SchemaConstants.GROUP_OF_NAMES_OC ) ) );
- filter.addNode( new EqualityNode<String>( directoryService.getAtProvider().getObjectClass(),
- new StringValue( SchemaConstants.GROUP_OF_UNIQUE_NAMES_OC ) ) );
+ AttributeType ocAt = directoryService.getAtProvider().getObjectClass();
+
+ filter.addNode( new EqualityNode<String>( ocAt, new Value( ocAt, SchemaConstants.GROUP_OF_NAMES_OC ) ) );
+ filter.addNode( new EqualityNode<String>( ocAt,
+ new Value( ocAt, SchemaConstants.GROUP_OF_UNIQUE_NAMES_OC ) ) );
Dn baseDn = dnFactory.create( suffix );
SearchControls ctls = new SearchControls();
@@ -157,16 +159,22 @@ public class GroupCache
while ( results.next() )
{
Entry result = results.get();
- Dn groupDn = result.getDn().apply( schemaManager );
+ Dn groupDn = result.getDn();
+
+ if ( !groupDn.isSchemaAware() )
+ {
+ groupDn = new Dn( schemaManager, groupDn );
+ }
+
Attribute members = getMemberAttribute( result );
if ( members != null )
{
- Set<String> memberSet = new HashSet<String>( members.size() );
+ Set<String> memberSet = new HashSet<>( members.size() );
addMembers( memberSet, members );
Element cacheElement = new Element( groupDn.getNormName(), memberSet );
- ehCache.put( cacheElement );
+ groupCache.put( cacheElement );
}
else
{
@@ -179,14 +187,15 @@ public class GroupCache
catch ( Exception e )
{
LOG.error( "Exception while initializing the groupCache: {}", e.getCause() );
- LdapOperationException le = new LdapOperationException( e.getMessage(), e );
- throw le;
+ throw new LdapOperationException( e.getMessage(), e );
}
}
+
+ adminSystemDn = new Dn( schemaManager, ServerDNConstants.ADMIN_SYSTEM_DN_NORMALIZED );
if ( IS_DEBUG )
{
- LOG.debug( "group cache contents on startup:\n {}", ehCache.getAllWithLoader( ehCache.getKeys(), null ) );
+ LOG.debug( "group cache contents on startup:\n {}", groupCache.getAllWithLoader( groupCache.getKeys(), null ) );
}
}
@@ -227,22 +236,23 @@ public class GroupCache
*/
private void addMembers( Set<String> memberSet, Attribute members ) throws LdapException
{
- for ( Value<?> value : members )
+ for ( Value value : members )
{
// get and normalize the Dn of the member
- String memberDn = value.getString();
+ String member = value.getValue();
+ Dn memberDn = null;
try
{
- memberDn = parseNormalized( memberDn ).getNormName();
+ memberDn = parseNormalized( member );
}
catch ( LdapException e )
{
LOG.warn( "Malformed member Dn in groupOf[Unique]Names entry. Member not added to GroupCache.", e );
}
- memberSet.add( memberDn );
+ memberSet.add( memberDn.getNormName() );
}
}
@@ -256,21 +266,22 @@ public class GroupCache
*/
private void removeMembers( Set<String> memberSet, Attribute members ) throws LdapException
{
- for ( Value<?> value : members )
+ for ( Value value : members )
{
// get and normalize the Dn of the member
- String memberDn = value.getString();
+ String member = value.getValue();
+ Dn memberDn = null;
try
{
- memberDn = parseNormalized( memberDn ).getNormName();
+ memberDn = parseNormalized( member );
}
catch ( LdapException e )
{
LOG.warn( "Malformed member Dn in groupOf[Unique]Names entry. Member not removed from GroupCache.", e );
}
- memberSet.remove( memberDn );
+ memberSet.remove( memberDn.getNormName() );
}
}
@@ -283,7 +294,7 @@ public class GroupCache
* @param entry the group entry's attributes
* @throws LdapException if there are problems accessing the attr values
*/
- public void groupAdded( Dn name, Entry entry ) throws LdapException
+ public void groupAdded( String name, Entry entry ) throws LdapException
{
Attribute members = getMemberAttribute( entry );
@@ -292,16 +303,16 @@ public class GroupCache
return;
}
- Set<String> memberSet = new HashSet<String>( members.size() );
+ Set<String> memberSet = new HashSet<>( members.size() );
addMembers( memberSet, members );
- Element cacheElement = new Element( name.getNormName(), memberSet );
- ehCache.put( cacheElement );
+ Element cacheElement = new Element( name, memberSet );
+ groupCache.put( cacheElement );
if ( IS_DEBUG )
{
- LOG.debug( "group cache contents after adding '{}' :\n {}", name.getName(),
- ehCache.getAllWithLoader( ehCache.getKeys(), null ) );
+ LOG.debug( "group cache contents after adding '{}' :\n {}", name,
+ groupCache.getAllWithLoader( groupCache.getKeys(), null ) );
}
}
@@ -322,12 +333,12 @@ public class GroupCache
return;
}
- ehCache.remove( name.getNormName() );
+ groupCache.remove( name.getNormName() );
if ( IS_DEBUG )
{
LOG.debug( "group cache contents after deleting '{}' :\n {}", name.getName(),
- ehCache.getAllWithLoader( ehCache.getKeys(), null ) );
+ groupCache.getAllWithLoader( groupCache.getKeys(), null ) );
}
}
@@ -407,11 +418,11 @@ public class GroupCache
{
if ( memberAttr.getOid() == modification.getAttribute().getId() )
{
- Element memSetElement = ehCache.get( name.getNormName() );
+ Element memSetElement = groupCache.get( name.getNormName() );
if ( memSetElement != null )
{
- Set<String> memberSet = ( Set<String> ) memSetElement.getValue();
+ Set<String> memberSet = ( Set<String> ) memSetElement.getObjectValue();
modify( memberSet, modification.getOperation(), modification.getAttribute() );
}
@@ -422,7 +433,7 @@ public class GroupCache
if ( IS_DEBUG )
{
LOG.debug( "group cache contents after modifying '{}' :\n {}", name.getName(),
- ehCache.getAllWithLoader( ehCache.getKeys(), null ) );
+ groupCache.getAllWithLoader( groupCache.getKeys(), null ) );
}
}
@@ -445,18 +456,18 @@ public class GroupCache
return;
}
- Element memSetElement = ehCache.get( name.getNormName() );
+ Element memSetElement = groupCache.get( name.getNormName() );
if ( memSetElement != null )
{
- Set<String> memberSet = ( Set<String> ) memSetElement.getValue();
+ Set<String> memberSet = ( Set<String> ) memSetElement.getObjectValue();
modify( memberSet, modOp, members );
}
if ( IS_DEBUG )
{
LOG.debug( "group cache contents after modifying '{}' :\n {}", name.getName(),
- ehCache.getAllWithLoader( ehCache.getKeys(), null ) );
+ groupCache.getAllWithLoader( groupCache.getKeys(), null ) );
}
}
@@ -468,14 +479,14 @@ public class GroupCache
* @param principalDn the normalized Dn of the user to check if they are an admin
* @return true if the principal is an admin or the admin
*/
- public final boolean isPrincipalAnAdministrator( Dn principalDn )
+ public final boolean isPrincipalAnAdministrator( String principalDn )
{
- if ( principalDn.getNormName().equals( ServerDNConstants.ADMIN_SYSTEM_DN_NORMALIZED ) )
+ if ( principalDn.equals( adminSystemDn.getNormName() ) )
{
return true;
}
- Element cacheElement = ehCache.get( administratorsGroupDn.getNormName() );
+ Element cacheElement = groupCache.get( administratorsGroupDn.getNormName() );
if ( cacheElement == null )
{
@@ -484,8 +495,9 @@ public class GroupCache
}
else
{
- Set<String> members = ( Set<String> ) cacheElement.getValue();
- return members.contains( principalDn.getNormName() );
+ Set<String> members = ( Set<String> ) cacheElement.getObjectValue();
+
+ return members.contains( principalDn );
}
}
@@ -498,50 +510,35 @@ public class GroupCache
* @return a Set of Name objects representing the groups
* @throws LdapException if there are problems accessing attribute values
*/
- public Set<Dn> getGroups( String member ) throws LdapException
+ public Set<String> getGroups( String memberDn ) throws LdapException
{
- Dn normMember;
-
- try
- {
- normMember = parseNormalized( member );
- }
- catch ( LdapException e )
- {
- LOG
- .warn(
- "Malformed member Dn. Could not find groups for member '{}' in GroupCache. Returning empty set for groups!",
- member, e );
- return EMPTY_GROUPS;
- }
-
- Set<Dn> memberGroups = null;
+ Set<String> memberGroups = null;
- for ( Object obj : ehCache.getKeys() )
+ for ( Object obj : groupCache.getKeys() )
{
String group = ( String ) obj;
- Element element = ehCache.get( group );
+ Element element = groupCache.get( group );
if ( element == null )
{
continue;
}
- Set<String> members = ( Set<String> ) element.getValue();
+ Set<String> members = ( Set<String> ) element.getObjectValue();
if ( members == null )
{
continue;
}
- if ( members.contains( normMember.getNormName() ) )
+ if ( members.contains( memberDn ) )
{
if ( memberGroups == null )
{
- memberGroups = new HashSet<Dn>();
+ memberGroups = new HashSet<>();
}
- memberGroups.add( parseNormalized( group ) );
+ memberGroups.add( group );
}
}
@@ -556,21 +553,21 @@ public class GroupCache
public boolean groupRenamed( Dn oldName, Dn newName )
{
- Element membersElement = ehCache.get( oldName.getNormName() );
+ Element membersElement = groupCache.get( oldName.getNormName() );
if ( membersElement != null )
{
- Set<String> members = ( Set<String> ) membersElement.getValue();
+ Set<String> members = ( Set<String> ) membersElement.getObjectValue();
- ehCache.remove( oldName.getNormName() );
+ groupCache.remove( oldName.getNormName() );
- Element cacheElement = new Element( newName.getNormName(), members );
- ehCache.put( cacheElement );
+ Element cacheElement = new Element( newName, members );
+ groupCache.put( cacheElement );
if ( IS_DEBUG )
{
LOG.debug( "group cache contents after renaming '{}' :\n{}", oldName.getName(),
- ehCache.getAllWithLoader( ehCache.getKeys(), null ) );
+ groupCache.getAllWithLoader( groupCache.getKeys(), null ) );
}
return true;
Modified: directory/apacheds/branches/apacheds-value/interceptors/authz/src/main/java/org/apache/directory/server/core/authz/TupleCache.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/apacheds-value/interceptors/authz/src/main/java/org/apache/directory/server/core/authz/TupleCache.java?rev=1748572&r1=1748571&r2=1748572&view=diff
==============================================================================
--- directory/apacheds/branches/apacheds-value/interceptors/authz/src/main/java/org/apache/directory/server/core/authz/TupleCache.java (original)
+++ directory/apacheds/branches/apacheds-value/interceptors/authz/src/main/java/org/apache/directory/server/core/authz/TupleCache.java Wed Jun 15 12:29:57 2016
@@ -37,7 +37,6 @@ import org.apache.directory.api.ldap.mod
import org.apache.directory.api.ldap.model.entry.Attribute;
import org.apache.directory.api.ldap.model.entry.Entry;
import org.apache.directory.api.ldap.model.entry.Modification;
-import org.apache.directory.api.ldap.model.entry.StringValue;
import org.apache.directory.api.ldap.model.entry.Value;
import org.apache.directory.api.ldap.model.exception.LdapException;
import org.apache.directory.api.ldap.model.exception.LdapOperationErrorException;
@@ -47,6 +46,7 @@ import org.apache.directory.api.ldap.mod
import org.apache.directory.api.ldap.model.message.AliasDerefMode;
import org.apache.directory.api.ldap.model.message.ResultCodeEnum;
import org.apache.directory.api.ldap.model.name.Dn;
+import org.apache.directory.api.ldap.model.schema.AttributeType;
import org.apache.directory.api.ldap.model.schema.SchemaManager;
import org.apache.directory.api.ldap.model.schema.normalizers.ConcreteNameComponentNormalizer;
import org.apache.directory.api.ldap.model.schema.normalizers.NameComponentNormalizer;
@@ -74,7 +74,7 @@ public class TupleCache
private static final Logger LOG = LoggerFactory.getLogger( TupleCache.class );
/** a map of strings to ACITuple collections */
- private final Map<String, List<ACITuple>> tuples = new HashMap<String, List<ACITuple>>();
+ private final Map<String, List<ACITuple>> tuples = new HashMap<>();
/** the directory service */
private final DirectoryService directoryService;
@@ -107,13 +107,6 @@ public class TupleCache
}
- private Dn parseNormalized( String name ) throws LdapException
- {
- Dn dn = dnFactory.create( name );
- return dn;
- }
-
-
private void initialize( CoreSession session ) throws LdapException
{
// search all naming contexts for access control subentenries
@@ -123,14 +116,17 @@ public class TupleCache
for ( String suffix : suffixes )
{
- Dn baseDn = parseNormalized( suffix );
- ExprNode filter = new EqualityNode<String>( directoryService.getAtProvider().getObjectClass(),
- new StringValue( SchemaConstants.ACCESS_CONTROL_SUBENTRY_OC ) );
+ AttributeType ocAt = directoryService.getAtProvider().getObjectClass();
+
+ ExprNode filter = new EqualityNode<String>( ocAt,
+ new Value( ocAt, SchemaConstants.ACCESS_CONTROL_SUBENTRY_OC ) );
SearchControls ctls = new SearchControls();
ctls.setSearchScope( SearchControls.SUBTREE_SCOPE );
ctls.setReturningAttributes( new String[]
{ SchemaConstants.ALL_USER_ATTRIBUTES, SchemaConstants.ALL_OPERATIONAL_ATTRIBUTES } );
+ Dn baseDn = dnFactory.create( suffix );
+
SearchOperationContext searchOperationContext = new SearchOperationContext( session,
baseDn, filter, ctls );
searchOperationContext.setAliasDerefMode( AliasDerefMode.NEVER_DEREF_ALIASES );
@@ -142,7 +138,14 @@ public class TupleCache
while ( results.next() )
{
Entry result = results.get();
- Dn subentryDn = result.getDn().apply( session.getDirectoryService().getSchemaManager() );
+
+ Dn subentryDn = result.getDn();
+
+ if ( !subentryDn.isSchemaAware() )
+ {
+ subentryDn = new Dn( session.getDirectoryService().getSchemaManager(), subentryDn );
+ }
+
Attribute aci = result.get( directoryService.getAtProvider().getPrescriptiveACI() );
if ( aci == null )
@@ -204,13 +207,13 @@ public class TupleCache
// Get the prescriptiveACI
Attribute prescriptiveAci = entry.get( directoryService.getAtProvider().getPrescriptiveACI() );
- List<ACITuple> entryTuples = new ArrayList<ACITuple>();
+ List<ACITuple> entryTuples = new ArrayList<>();
// Loop on all the ACI, parse each of them and
// store the associated tuples into the cache
- for ( Value<?> value : prescriptiveAci )
+ for ( Value value : prescriptiveAci )
{
- String aci = value.getString();
+ String aci = value.getValue();
ACIItem item = null;
try
@@ -232,14 +235,14 @@ public class TupleCache
}
- public void subentryDeleted( Dn normName, Entry entry ) throws LdapException
+ public void subentryDeleted( Dn dn, Entry entry ) throws LdapException
{
if ( !hasPrescriptiveACI( entry ) )
{
return;
}
- tuples.remove( normName.toString() );
+ tuples.remove( dn.getNormName().toString() );
}
Modified: directory/apacheds/branches/apacheds-value/interceptors/authz/src/main/java/org/apache/directory/server/core/authz/support/ACDFEngine.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/apacheds-value/interceptors/authz/src/main/java/org/apache/directory/server/core/authz/support/ACDFEngine.java?rev=1748572&r1=1748571&r2=1748572&view=diff
==============================================================================
--- directory/apacheds/branches/apacheds-value/interceptors/authz/src/main/java/org/apache/directory/server/core/authz/support/ACDFEngine.java (original)
+++ directory/apacheds/branches/apacheds-value/interceptors/authz/src/main/java/org/apache/directory/server/core/authz/support/ACDFEngine.java Wed Jun 15 12:29:57 2016
@@ -151,7 +151,7 @@ public class ACDFEngine
// Filter unrelated and invalid tuples
for ( ACITupleFilter filter : filters )
{
- if ( aciContext.getAciTuples().size() == 0 )
+ if ( aciContext.getAciTuples().isEmpty() )
{
// No need to continue filtering
return false;
@@ -162,7 +162,7 @@ public class ACDFEngine
}
// Deny access if no tuples left.
- if ( aciContext.getAciTuples().size() == 0 )
+ if ( aciContext.getAciTuples().isEmpty() )
{
return false;
}
Modified: directory/apacheds/branches/apacheds-value/interceptors/authz/src/main/java/org/apache/directory/server/core/authz/support/AciContext.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/apacheds-value/interceptors/authz/src/main/java/org/apache/directory/server/core/authz/support/AciContext.java?rev=1748572&r1=1748571&r2=1748572&view=diff
==============================================================================
--- directory/apacheds/branches/apacheds-value/interceptors/authz/src/main/java/org/apache/directory/server/core/authz/support/AciContext.java (original)
+++ directory/apacheds/branches/apacheds-value/interceptors/authz/src/main/java/org/apache/directory/server/core/authz/support/AciContext.java Wed Jun 15 12:29:57 2016
@@ -48,7 +48,7 @@ public class AciContext
private OperationContext operationContext;
/** The Users belonging to a group */
- private Collection<Dn> userGroupNames;
+ private Collection<String> userGroupNames;
/** The user's Dn */
private Dn userDn;
@@ -63,7 +63,7 @@ public class AciContext
private AttributeType attributeType;
/** The attribute's values */
- private Value<?> attrValue;
+ private Value attrValue;
/** The allowed operations */
private Collection<MicroOperation> microOperations;
@@ -130,7 +130,7 @@ public class AciContext
/**
* @return the userGroupNames
*/
- public Collection<Dn> getUserGroupNames()
+ public Collection<String> getUserGroupNames()
{
return userGroupNames;
}
@@ -139,7 +139,7 @@ public class AciContext
/**
* @param userGroupNames the userGroupNames to set
*/
- public void setUserGroupNames( Collection<Dn> userGroupNames )
+ public void setUserGroupNames( Collection<String> userGroupNames )
{
this.userGroupNames = userGroupNames;
}
@@ -220,7 +220,7 @@ public class AciContext
/**
* @return the attrValue
*/
- public Value<?> getAttrValue()
+ public Value getAttrValue()
{
return attrValue;
}
@@ -229,7 +229,7 @@ public class AciContext
/**
* @param attrValue the attrValue to set
*/
- public void setAttrValue( Value<?> attrValue )
+ public void setAttrValue( Value attrValue )
{
this.attrValue = attrValue;
}
Modified: directory/apacheds/branches/apacheds-value/interceptors/authz/src/main/java/org/apache/directory/server/core/authz/support/HighestPrecedenceFilter.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/apacheds-value/interceptors/authz/src/main/java/org/apache/directory/server/core/authz/support/HighestPrecedenceFilter.java?rev=1748572&r1=1748571&r2=1748572&view=diff
==============================================================================
--- directory/apacheds/branches/apacheds-value/interceptors/authz/src/main/java/org/apache/directory/server/core/authz/support/HighestPrecedenceFilter.java (original)
+++ directory/apacheds/branches/apacheds-value/interceptors/authz/src/main/java/org/apache/directory/server/core/authz/support/HighestPrecedenceFilter.java Wed Jun 15 12:29:57 2016
@@ -36,6 +36,10 @@ import org.apache.directory.api.ldap.mod
*/
public class HighestPrecedenceFilter implements ACITupleFilter
{
+ /**
+ * {@inheritDoc}
+ */
+ @Override
public Collection<ACITuple> filter( AciContext aciContext, OperationScope scope, Entry userEntry )
throws LdapException
{
Modified: directory/apacheds/branches/apacheds-value/interceptors/authz/src/main/java/org/apache/directory/server/core/authz/support/MaxImmSubFilter.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/apacheds-value/interceptors/authz/src/main/java/org/apache/directory/server/core/authz/support/MaxImmSubFilter.java?rev=1748572&r1=1748571&r2=1748572&view=diff
==============================================================================
--- directory/apacheds/branches/apacheds-value/interceptors/authz/src/main/java/org/apache/directory/server/core/authz/support/MaxImmSubFilter.java (original)
+++ directory/apacheds/branches/apacheds-value/interceptors/authz/src/main/java/org/apache/directory/server/core/authz/support/MaxImmSubFilter.java Wed Jun 15 12:29:57 2016
@@ -75,6 +75,10 @@ public class MaxImmSubFilter implements
}
+ /**
+ * {@inheritDoc}
+ */
+ @Override
public Collection<ACITuple> filter( AciContext aciContext, OperationScope scope, Entry userEntry )
throws LdapException
{
@@ -85,7 +89,7 @@ public class MaxImmSubFilter implements
return aciContext.getAciTuples();
}
- if ( aciContext.getAciTuples().size() == 0 )
+ if ( aciContext.getAciTuples().isEmpty() )
{
return aciContext.getAciTuples();
}
Modified: directory/apacheds/branches/apacheds-value/interceptors/authz/src/main/java/org/apache/directory/server/core/authz/support/MaxValueCountFilter.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/apacheds-value/interceptors/authz/src/main/java/org/apache/directory/server/core/authz/support/MaxValueCountFilter.java?rev=1748572&r1=1748571&r2=1748572&view=diff
==============================================================================
--- directory/apacheds/branches/apacheds-value/interceptors/authz/src/main/java/org/apache/directory/server/core/authz/support/MaxValueCountFilter.java (original)
+++ directory/apacheds/branches/apacheds-value/interceptors/authz/src/main/java/org/apache/directory/server/core/authz/support/MaxValueCountFilter.java Wed Jun 15 12:29:57 2016
@@ -41,6 +41,10 @@ import org.apache.directory.api.ldap.mod
*/
public class MaxValueCountFilter implements ACITupleFilter
{
+ /**
+ * {@inheritDoc}
+ */
+ @Override
public Collection<ACITuple> filter( AciContext aciContext, OperationScope scope, Entry userEntry )
throws LdapException
{
@@ -49,7 +53,7 @@ public class MaxValueCountFilter impleme
return aciContext.getAciTuples();
}
- if ( aciContext.getAciTuples().size() == 0 )
+ if ( aciContext.getAciTuples().isEmpty() )
{
return aciContext.getAciTuples();
}
Modified: directory/apacheds/branches/apacheds-value/interceptors/authz/src/main/java/org/apache/directory/server/core/authz/support/MicroOperationFilter.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/apacheds-value/interceptors/authz/src/main/java/org/apache/directory/server/core/authz/support/MicroOperationFilter.java?rev=1748572&r1=1748571&r2=1748572&view=diff
==============================================================================
--- directory/apacheds/branches/apacheds-value/interceptors/authz/src/main/java/org/apache/directory/server/core/authz/support/MicroOperationFilter.java (original)
+++ directory/apacheds/branches/apacheds-value/interceptors/authz/src/main/java/org/apache/directory/server/core/authz/support/MicroOperationFilter.java Wed Jun 15 12:29:57 2016
@@ -38,10 +38,14 @@ import org.apache.directory.api.ldap.mod
*/
public class MicroOperationFilter implements ACITupleFilter
{
+ /**
+ * {@inheritDoc}
+ */
+ @Override
public Collection<ACITuple> filter( AciContext aciContext, OperationScope scope, Entry userEntry )
throws LdapException
{
- if ( aciContext.getAciTuples().size() == 0 )
+ if ( aciContext.getAciTuples().isEmpty() )
{
return aciContext.getAciTuples();
}
Modified: directory/apacheds/branches/apacheds-value/interceptors/authz/src/main/java/org/apache/directory/server/core/authz/support/MostSpecificProtectedItemFilter.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/apacheds-value/interceptors/authz/src/main/java/org/apache/directory/server/core/authz/support/MostSpecificProtectedItemFilter.java?rev=1748572&r1=1748571&r2=1748572&view=diff
==============================================================================
--- directory/apacheds/branches/apacheds-value/interceptors/authz/src/main/java/org/apache/directory/server/core/authz/support/MostSpecificProtectedItemFilter.java (original)
+++ directory/apacheds/branches/apacheds-value/interceptors/authz/src/main/java/org/apache/directory/server/core/authz/support/MostSpecificProtectedItemFilter.java Wed Jun 15 12:29:57 2016
@@ -50,6 +50,10 @@ import org.apache.directory.api.ldap.mod
*/
public class MostSpecificProtectedItemFilter implements ACITupleFilter
{
+ /**
+ * {@inheritDoc}
+ */
+ @Override
public Collection<ACITuple> filter( AciContext aciContext, OperationScope scope, Entry userEntry )
throws LdapException
{
@@ -58,7 +62,7 @@ public class MostSpecificProtectedItemFi
return aciContext.getAciTuples();
}
- Collection<ACITuple> filteredTuples = new ArrayList<ACITuple>();
+ Collection<ACITuple> filteredTuples = new ArrayList<>();
// If the protected item is an attribute and there are tuples that
// specify the attribute type explicitly, discard all other tuples.
@@ -75,7 +79,7 @@ public class MostSpecificProtectedItemFi
}
}
- if ( filteredTuples.size() > 0 )
+ if ( !filteredTuples.isEmpty() )
{
return filteredTuples;
}
@@ -95,7 +99,7 @@ public class MostSpecificProtectedItemFi
}
}
- if ( filteredTuples.size() > 0 )
+ if ( !filteredTuples.isEmpty() )
{
return filteredTuples;
}
Modified: directory/apacheds/branches/apacheds-value/interceptors/authz/src/main/java/org/apache/directory/server/core/authz/support/MostSpecificUserClassFilter.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/apacheds-value/interceptors/authz/src/main/java/org/apache/directory/server/core/authz/support/MostSpecificUserClassFilter.java?rev=1748572&r1=1748571&r2=1748572&view=diff
==============================================================================
--- directory/apacheds/branches/apacheds-value/interceptors/authz/src/main/java/org/apache/directory/server/core/authz/support/MostSpecificUserClassFilter.java (original)
+++ directory/apacheds/branches/apacheds-value/interceptors/authz/src/main/java/org/apache/directory/server/core/authz/support/MostSpecificUserClassFilter.java Wed Jun 15 12:29:57 2016
@@ -43,6 +43,10 @@ import org.apache.directory.api.ldap.mod
*/
public class MostSpecificUserClassFilter implements ACITupleFilter
{
+ /**
+ * {@inheritDoc}
+ */
+ @Override
public Collection<ACITuple> filter( AciContext aciContext, OperationScope scope, Entry userEntry )
throws LdapException
{
@@ -51,7 +55,7 @@ public class MostSpecificUserClassFilter
return aciContext.getAciTuples();
}
- Collection<ACITuple> filteredTuples = new ArrayList<ACITuple>();
+ Collection<ACITuple> filteredTuples = new ArrayList<>();
// If there are any tuples matching the requestor with UserClasses
// element name or thisEntry, discard all other tuples.
@@ -67,7 +71,7 @@ public class MostSpecificUserClassFilter
}
}
- if ( filteredTuples.size() > 0 )
+ if ( !filteredTuples.isEmpty() )
{
return filteredTuples;
}
@@ -86,7 +90,7 @@ public class MostSpecificUserClassFilter
}
}
- if ( filteredTuples.size() > 0 )
+ if ( !filteredTuples.isEmpty() )
{
return filteredTuples;
}
@@ -105,7 +109,7 @@ public class MostSpecificUserClassFilter
}
}
- if ( filteredTuples.size() > 0 )
+ if ( !filteredTuples.isEmpty() )
{
return filteredTuples;
}
Modified: directory/apacheds/branches/apacheds-value/interceptors/authz/src/main/java/org/apache/directory/server/core/authz/support/OperationScope.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/apacheds-value/interceptors/authz/src/main/java/org/apache/directory/server/core/authz/support/OperationScope.java?rev=1748572&r1=1748571&r2=1748572&view=diff
==============================================================================
--- directory/apacheds/branches/apacheds-value/interceptors/authz/src/main/java/org/apache/directory/server/core/authz/support/OperationScope.java (original)
+++ directory/apacheds/branches/apacheds-value/interceptors/authz/src/main/java/org/apache/directory/server/core/authz/support/OperationScope.java Wed Jun 15 12:29:57 2016
@@ -63,6 +63,7 @@ public final class OperationScope
/**
* Returns the name of this scope.
*/
+ @Override
public String toString()
{
return name;
Modified: directory/apacheds/branches/apacheds-value/interceptors/authz/src/main/java/org/apache/directory/server/core/authz/support/RelatedProtectedItemFilter.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/apacheds-value/interceptors/authz/src/main/java/org/apache/directory/server/core/authz/support/RelatedProtectedItemFilter.java?rev=1748572&r1=1748571&r2=1748572&view=diff
==============================================================================
--- directory/apacheds/branches/apacheds-value/interceptors/authz/src/main/java/org/apache/directory/server/core/authz/support/RelatedProtectedItemFilter.java (original)
+++ directory/apacheds/branches/apacheds-value/interceptors/authz/src/main/java/org/apache/directory/server/core/authz/support/RelatedProtectedItemFilter.java Wed Jun 15 12:29:57 2016
@@ -71,10 +71,14 @@ public class RelatedProtectedItemFilter
}
+ /**
+ * {@inheritDoc}
+ */
+ @Override
public Collection<ACITuple> filter( AciContext aciContext, OperationScope scope, Entry userEntry )
throws LdapException
{
- if ( aciContext.getAciTuples().size() == 0 )
+ if ( aciContext.getAciTuples().isEmpty() )
{
return aciContext.getAciTuples();
}
@@ -95,8 +99,7 @@ public class RelatedProtectedItemFilter
private boolean isRelated( ACITuple tuple, OperationScope scope, Dn userName, Dn entryName,
- AttributeType attributeType,
- Value<?> attrValue, Entry entry ) throws LdapException, InternalError
+ AttributeType attributeType, Value attrValue, Entry entry ) throws LdapException, InternalError
{
String oid = null;
@@ -186,7 +189,7 @@ public class RelatedProtectedItemFilter
Attribute entryAttribute = j.next();
AttributeType attr = entryAttribute.getAttributeType();
- String attrOid = null;
+ String attrOid;
if ( attr != null )
{
@@ -283,9 +286,7 @@ public class RelatedProtectedItemFilter
{
Attribute entryAttribute = entry.get( oid );
- if ( ( entryAttribute != null )
- && ( ( entryAttribute.contains( userName.getNormName() )
- || ( entryAttribute.contains( userName.getName() ) ) ) ) )
+ if ( ( entryAttribute != null ) && entryAttribute.contains( userName.getNormName() ) )
{
return true;
}
Modified: directory/apacheds/branches/apacheds-value/interceptors/authz/src/main/java/org/apache/directory/server/core/authz/support/RelatedUserClassFilter.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/apacheds-value/interceptors/authz/src/main/java/org/apache/directory/server/core/authz/support/RelatedUserClassFilter.java?rev=1748572&r1=1748571&r2=1748572&view=diff
==============================================================================
--- directory/apacheds/branches/apacheds-value/interceptors/authz/src/main/java/org/apache/directory/server/core/authz/support/RelatedUserClassFilter.java (original)
+++ directory/apacheds/branches/apacheds-value/interceptors/authz/src/main/java/org/apache/directory/server/core/authz/support/RelatedUserClassFilter.java Wed Jun 15 12:29:57 2016
@@ -51,10 +51,14 @@ public class RelatedUserClassFilter impl
}
+ /**
+ * {@inheritDoc}
+ */
+ @Override
public Collection<ACITuple> filter( AciContext aciContext, OperationScope scope, Entry userEntry )
throws LdapException
{
- if ( aciContext.getAciTuples().size() == 0 )
+ if ( aciContext.getAciTuples().isEmpty() )
{
return aciContext.getAciTuples();
}
@@ -94,7 +98,7 @@ public class RelatedUserClassFilter impl
}
- private boolean isRelated( Collection<Dn> userGroupNames, Dn userName, Entry userEntry,
+ private boolean isRelated( Collection<String> userGroupNames, Dn userName, Entry userEntry,
Dn entryName, Collection<UserClass> userClasses ) throws LdapException
{
for ( UserClass userClass : userClasses )
@@ -120,7 +124,8 @@ public class RelatedUserClassFilter impl
else if ( userClass instanceof UserClass.Name )
{
UserClass.Name nameUserClass = ( UserClass.Name ) userClass;
- if ( nameUserClass.getNames().contains( userName ) )
+
+ if ( ( userName != null ) && nameUserClass.getNames().contains( userName.getNormName() ) )
{
return true;
}
@@ -129,15 +134,15 @@ public class RelatedUserClassFilter impl
{
UserClass.UserGroup userGroupUserClass = ( UserClass.UserGroup ) userClass;
- for ( Dn userGroupName : userGroupNames )
+ for ( String userGroupName : userGroupNames )
{
- Set<Dn> dns = userGroupUserClass.getNames();
+ Set<String> dns = userGroupUserClass.getNames();
if ( userGroupName != null )
{
- for ( Dn dn : dns )
+ for ( String dn : dns )
{
- if ( userGroupName.getNormName().equals( dn.getNormName() ) )
+ if ( userGroupName.equals( dn ) )
{
return true;
}
Modified: directory/apacheds/branches/apacheds-value/interceptors/authz/src/main/java/org/apache/directory/server/core/authz/support/RestrictedByFilter.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/apacheds-value/interceptors/authz/src/main/java/org/apache/directory/server/core/authz/support/RestrictedByFilter.java?rev=1748572&r1=1748571&r2=1748572&view=diff
==============================================================================
--- directory/apacheds/branches/apacheds-value/interceptors/authz/src/main/java/org/apache/directory/server/core/authz/support/RestrictedByFilter.java (original)
+++ directory/apacheds/branches/apacheds-value/interceptors/authz/src/main/java/org/apache/directory/server/core/authz/support/RestrictedByFilter.java Wed Jun 15 12:29:57 2016
@@ -50,7 +50,7 @@ public class RestrictedByFilter implemen
return aciContext.getAciTuples();
}
- if ( aciContext.getAciTuples().size() == 0 )
+ if ( aciContext.getAciTuples().isEmpty() )
{
return aciContext.getAciTuples();
}
@@ -74,7 +74,7 @@ public class RestrictedByFilter implemen
}
- public boolean isRemovable( ACITuple tuple, AttributeType attributeType, Value<?> attrValue, Entry entry )
+ public boolean isRemovable( ACITuple tuple, AttributeType attributeType, Value attrValue, Entry entry )
throws LdapException
{
for ( ProtectedItem item : tuple.getProtectedItems() )
Modified: directory/apacheds/branches/apacheds-value/interceptors/authz/src/test/java/org/apache/directory/server/core/authz/support/MostSpecificUserClassFilterTest.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/apacheds-value/interceptors/authz/src/test/java/org/apache/directory/server/core/authz/support/MostSpecificUserClassFilterTest.java?rev=1748572&r1=1748571&r2=1748572&view=diff
==============================================================================
--- directory/apacheds/branches/apacheds-value/interceptors/authz/src/test/java/org/apache/directory/server/core/authz/support/MostSpecificUserClassFilterTest.java (original)
+++ directory/apacheds/branches/apacheds-value/interceptors/authz/src/test/java/org/apache/directory/server/core/authz/support/MostSpecificUserClassFilterTest.java Wed Jun 15 12:29:57 2016
@@ -38,7 +38,6 @@ import org.apache.directory.api.ldap.aci
import org.apache.directory.api.ldap.aci.ProtectedItem;
import org.apache.directory.api.ldap.aci.UserClass;
import org.apache.directory.api.ldap.model.constants.AuthenticationLevel;
-import org.apache.directory.api.ldap.model.name.Dn;
import org.apache.directory.api.ldap.model.subtree.SubtreeSpecification;
import org.junit.Test;
import org.junit.runner.RunWith;
@@ -53,7 +52,7 @@ import org.junit.runner.RunWith;
@Concurrency()
public class MostSpecificUserClassFilterTest
{
- private static final Set<Dn> EMPTY_NAME_SET = Collections.unmodifiableSet( new HashSet<Dn>() );
+ private static final Set<String> EMPTY_NAME_SET = Collections.unmodifiableSet( new HashSet<String>() );
private static final Set<MicroOperation> EMPTY_MICRO_OPERATION_SET = Collections
.unmodifiableSet( new HashSet<MicroOperation>() );
private static final Collection<UserClass> EMPTY_USER_CLASS_COLLECTION = Collections
Modified: directory/apacheds/branches/apacheds-value/interceptors/authz/src/test/java/org/apache/directory/server/core/authz/support/RelatedProtectedItemFilterTest.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/apacheds-value/interceptors/authz/src/test/java/org/apache/directory/server/core/authz/support/RelatedProtectedItemFilterTest.java?rev=1748572&r1=1748571&r2=1748572&view=diff
==============================================================================
--- directory/apacheds/branches/apacheds-value/interceptors/authz/src/test/java/org/apache/directory/server/core/authz/support/RelatedProtectedItemFilterTest.java (original)
+++ directory/apacheds/branches/apacheds-value/interceptors/authz/src/test/java/org/apache/directory/server/core/authz/support/RelatedProtectedItemFilterTest.java Wed Jun 15 12:29:57 2016
@@ -46,7 +46,7 @@ import org.apache.directory.api.ldap.mod
import org.apache.directory.api.ldap.model.entry.DefaultAttribute;
import org.apache.directory.api.ldap.model.entry.DefaultEntry;
import org.apache.directory.api.ldap.model.entry.Entry;
-import org.apache.directory.api.ldap.model.entry.StringValue;
+import org.apache.directory.api.ldap.model.entry.Value;
import org.apache.directory.api.ldap.model.name.Dn;
import org.apache.directory.api.ldap.model.schema.AttributeType;
import org.apache.directory.api.ldap.model.schema.SchemaManager;
@@ -287,7 +287,7 @@ public class RelatedProtectedItemFilterT
aciContext.setAciTuples( tuples );
aciContext.setUserDn( USER_NAME );
aciContext.setAttributeType( CN_AT );
- aciContext.setAttrValue( new StringValue( "valueA" ) );
+ aciContext.setAttrValue( new Value( CN_AT, "valueA" ) );
assertEquals( 1, filterA.filter( aciContext, OperationScope.ATTRIBUTE_TYPE_AND_VALUE, null ).size() );
@@ -295,7 +295,7 @@ public class RelatedProtectedItemFilterT
aciContext.setAciTuples( tuples );
aciContext.setUserDn( USER_NAME );
aciContext.setAttributeType( CN_AT );
- aciContext.setAttrValue( new StringValue( "valueB" ) );
+ aciContext.setAttrValue( new Value( CN_AT, "valueB" ) );
assertEquals( 0, filterA.filter( aciContext, OperationScope.ATTRIBUTE_TYPE_AND_VALUE, null ).size() );
@@ -305,7 +305,7 @@ public class RelatedProtectedItemFilterT
aciContext.setAciTuples( tuples );
aciContext.setUserDn( USER_NAME );
aciContext.setAttributeType( SN_AT );
- aciContext.setAttrValue( new StringValue( "valueA" ) );
+ aciContext.setAttrValue( new Value( SN_AT, "valueA" ) );
assertEquals( 0, filterA.filter( aciContext, OperationScope.ATTRIBUTE_TYPE_AND_VALUE, null ).size() );
}
Modified: directory/apacheds/branches/apacheds-value/interceptors/authz/src/test/java/org/apache/directory/server/core/authz/support/RelatedUserClassFilterTest.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/apacheds-value/interceptors/authz/src/test/java/org/apache/directory/server/core/authz/support/RelatedUserClassFilterTest.java?rev=1748572&r1=1748571&r2=1748572&view=diff
==============================================================================
--- directory/apacheds/branches/apacheds-value/interceptors/authz/src/test/java/org/apache/directory/server/core/authz/support/RelatedUserClassFilterTest.java (original)
+++ directory/apacheds/branches/apacheds-value/interceptors/authz/src/test/java/org/apache/directory/server/core/authz/support/RelatedUserClassFilterTest.java Wed Jun 15 12:29:57 2016
@@ -65,8 +65,8 @@ public class RelatedUserClassFilterTest
private static Dn GROUP_NAME;
private static Dn USER_NAME;
- private static final Set<Dn> USER_NAMES = new HashSet<Dn>();
- private static final Set<Dn> GROUP_NAMES = new HashSet<Dn>();
+ private static final Set<String> USER_NAMES = new HashSet<>();
+ private static final Set<String> GROUP_NAMES = new HashSet<>();
private static SubtreeEvaluator SUBTREE_EVALUATOR;
@@ -91,8 +91,8 @@ public class RelatedUserClassFilterTest
throw new Error();
}
- USER_NAMES.add( USER_NAME );
- GROUP_NAMES.add( GROUP_NAME );
+ USER_NAMES.add( USER_NAME.getNormName() );
+ GROUP_NAMES.add( GROUP_NAME.getNormName() );
}
@@ -199,8 +199,8 @@ public class RelatedUserClassFilterTest
assertEquals( 1, filter.filter( aciContext, OperationScope.ENTRY, null ).size() );
- Set<Dn> wrongGroupNames = new HashSet<Dn>();
- wrongGroupNames.add( new Dn( schemaManager, "ou=unrelatedgroup" ) );
+ Set<String> wrongGroupNames = new HashSet<>();
+ wrongGroupNames.add( new Dn( schemaManager, "ou=unrelatedgroup" ).getNormName() );
aciContext = new AciContext( null, null );
aciContext.setAciTuples( tuples );
@@ -290,11 +290,11 @@ public class RelatedUserClassFilterTest
}
else
{
- Set<Dn> names = new HashSet<Dn>();
+ Set<String> names = new HashSet<>();
try
{
- names.add( new Dn( schemaManager, "cn=dummy" ) );
+ names.add( new Dn( schemaManager, "cn=dummy" ).getNormName() );
}
catch ( LdapInvalidDnException e )
{
Modified: directory/apacheds/branches/apacheds-value/interceptors/authz/src/test/java/org/apache/directory/server/core/authz/support/RestrictedByFilterTest.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/apacheds-value/interceptors/authz/src/test/java/org/apache/directory/server/core/authz/support/RestrictedByFilterTest.java?rev=1748572&r1=1748571&r2=1748572&view=diff
==============================================================================
--- directory/apacheds/branches/apacheds-value/interceptors/authz/src/test/java/org/apache/directory/server/core/authz/support/RestrictedByFilterTest.java (original)
+++ directory/apacheds/branches/apacheds-value/interceptors/authz/src/test/java/org/apache/directory/server/core/authz/support/RestrictedByFilterTest.java Wed Jun 15 12:29:57 2016
@@ -38,7 +38,7 @@ import org.apache.directory.api.ldap.aci
import org.apache.directory.api.ldap.model.constants.AuthenticationLevel;
import org.apache.directory.api.ldap.model.entry.DefaultEntry;
import org.apache.directory.api.ldap.model.entry.Entry;
-import org.apache.directory.api.ldap.model.entry.StringValue;
+import org.apache.directory.api.ldap.model.entry.Value;
import org.apache.directory.api.ldap.model.name.Dn;
import org.apache.directory.api.ldap.model.schema.AttributeType;
import org.apache.directory.api.ldap.model.schema.SchemaManager;
@@ -164,7 +164,7 @@ public class RestrictedByFilterTest
AciContext aciContext = new AciContext( null, null );
aciContext.setAciTuples( tuples );
aciContext.setAttributeType( SN_AT );
- aciContext.setAttrValue( new StringValue( "1" ) );
+ aciContext.setAttrValue( new Value( "1" ) );
aciContext.setEntry( ENTRY );
assertEquals( 1, filter.filter( aciContext, OperationScope.ATTRIBUTE_TYPE_AND_VALUE, null ).size() );
@@ -172,7 +172,7 @@ public class RestrictedByFilterTest
aciContext = new AciContext( null, null );
aciContext.setAciTuples( tuples );
aciContext.setAttributeType( SN_AT );
- aciContext.setAttrValue( new StringValue( "2" ) );
+ aciContext.setAttrValue( new Value( "2" ) );
aciContext.setEntry( ENTRY );
assertEquals( 1, filter.filter( aciContext, OperationScope.ATTRIBUTE_TYPE_AND_VALUE, null ).size() );
@@ -180,7 +180,7 @@ public class RestrictedByFilterTest
aciContext = new AciContext( null, null );
aciContext.setAciTuples( tuples );
aciContext.setAttributeType( SN_AT );
- aciContext.setAttrValue( new StringValue( "3" ) );
+ aciContext.setAttrValue( new Value( "3" ) );
aciContext.setEntry( ENTRY );
assertEquals( 0, filter.filter( aciContext, OperationScope.ATTRIBUTE_TYPE_AND_VALUE, null ).size() );
Modified: directory/apacheds/branches/apacheds-value/interceptors/changelog/src/main/java/org/apache/directory/server/core/changelog/ChangeLogInterceptor.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/apacheds-value/interceptors/changelog/src/main/java/org/apache/directory/server/core/changelog/ChangeLogInterceptor.java?rev=1748572&r1=1748571&r2=1748572&view=diff
==============================================================================
--- directory/apacheds/branches/apacheds-value/interceptors/changelog/src/main/java/org/apache/directory/server/core/changelog/ChangeLogInterceptor.java (original)
+++ directory/apacheds/branches/apacheds-value/interceptors/changelog/src/main/java/org/apache/directory/server/core/changelog/ChangeLogInterceptor.java Wed Jun 15 12:29:57 2016
@@ -92,6 +92,7 @@ public class ChangeLogInterceptor extend
* The init method will initialize the local variables and load the
* entryDeleted AttributeType.
*/
+ @Override
public void init( DirectoryService directoryService ) throws LdapException
{
super.init( directoryService );
@@ -108,6 +109,7 @@ public class ChangeLogInterceptor extend
/**
* {@inheritDoc}
*/
+ @Override
public void add( AddOperationContext addContext ) throws LdapException
{
next( addContext );
@@ -147,6 +149,7 @@ public class ChangeLogInterceptor extend
/**
* {@inheritDoc}
*/
+ @Override
public void delete( DeleteOperationContext deleteContext ) throws LdapException
{
// @todo make sure we're not putting in operational attributes that cannot be user modified
@@ -198,11 +201,12 @@ public class ChangeLogInterceptor extend
/**
* {@inheritDoc}
*/
+ @Override
public void modify( ModifyOperationContext modifyContext ) throws LdapException
{
Entry serverEntry = null;
Modification modification = ServerEntryUtils.getModificationItem( modifyContext.getModItems(), entryDeleted );
- boolean isDelete = ( modification != null );
+ boolean isDelete = modification != null;
if ( !isDelete && ( changeLog.isEnabled() ) )
{
@@ -211,7 +215,7 @@ public class ChangeLogInterceptor extend
}
// Duplicate modifications so that the reverse does not contain the operational attributes
- List<Modification> clonedMods = new ArrayList<Modification>();
+ List<Modification> clonedMods = new ArrayList<>();
for ( Modification mod : modifyContext.getModItems() )
{
@@ -230,7 +234,7 @@ public class ChangeLogInterceptor extend
// existing attributes then we will have no modification items and
// should ignore not this without registering it with the changelog
- || modifyContext.getModItems().size() == 0 )
+ || modifyContext.getModItems().isEmpty() )
{
if ( isDelete )
{
@@ -244,7 +248,7 @@ public class ChangeLogInterceptor extend
forward.setChangeType( ChangeType.Modify );
forward.setDn( modifyContext.getDn() );
- List<Modification> mods = new ArrayList<Modification>( clonedMods.size() );
+ List<Modification> mods = new ArrayList<>( clonedMods.size() );
for ( Modification modItem : clonedMods )
{
@@ -273,6 +277,7 @@ public class ChangeLogInterceptor extend
/**
* {@inheritDoc}
*/
+ @Override
public void move( MoveOperationContext moveContext ) throws LdapException
{
next( moveContext );
@@ -295,6 +300,7 @@ public class ChangeLogInterceptor extend
/**
* {@inheritDoc}
*/
+ @Override
public void moveAndRename( MoveAndRenameOperationContext moveAndRenameContext ) throws LdapException
{
Entry serverEntry = null;
@@ -337,6 +343,7 @@ public class ChangeLogInterceptor extend
/**
* {@inheritDoc}
*/
+ @Override
public void rename( RenameOperationContext renameContext ) throws LdapException
{
Entry serverEntry = null;