You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by ak...@apache.org on 2006/02/10 11:49:57 UTC
svn commit: r376623 [6/38] - in /directory/sandbox/akarasulu/rc1/apacheds:
core-plugin/src/main/java/org/apache/directory/server/core/tools/schema/
core-plugin/src/test/java/org/apache/directory/server/core/tools/schema/
core-shared/src/main/java/org/a...
Modified: directory/sandbox/akarasulu/rc1/apacheds/core/src/main/java/org/apache/directory/server/core/authn/SimpleAuthenticator.java
URL: http://svn.apache.org/viewcvs/directory/sandbox/akarasulu/rc1/apacheds/core/src/main/java/org/apache/directory/server/core/authn/SimpleAuthenticator.java?rev=376623&r1=376622&r2=376623&view=diff
==============================================================================
--- directory/sandbox/akarasulu/rc1/apacheds/core/src/main/java/org/apache/directory/server/core/authn/SimpleAuthenticator.java (original)
+++ directory/sandbox/akarasulu/rc1/apacheds/core/src/main/java/org/apache/directory/server/core/authn/SimpleAuthenticator.java Fri Feb 10 02:48:07 2006
@@ -16,6 +16,7 @@
*/
package org.apache.directory.server.core.authn;
+
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.Collection;
@@ -40,6 +41,7 @@
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
+
/**
* A simple {@link Authenticator} that authenticates clear text passwords
* contained within the <code>userPassword</code> attribute in DIT. If the
@@ -71,7 +73,7 @@
/**
* Creates a new instance.
*/
- public SimpleAuthenticator( )
+ public SimpleAuthenticator()
{
super( "simple" );
}
@@ -101,7 +103,7 @@
String principal;
- if ( ! ctx.getEnvironment().containsKey( Context.SECURITY_PRINCIPAL ) )
+ if ( !ctx.getEnvironment().containsKey( Context.SECURITY_PRINCIPAL ) )
{
throw new LdapAuthenticationException();
}
@@ -124,14 +126,15 @@
try
{
- userEntry = proxy.lookup( principalDn, new String[] { "userPassword" }, USERLOOKUP_BYPASS );
+ userEntry = proxy.lookup( principalDn, new String[]
+ { "userPassword" }, USERLOOKUP_BYPASS );
if ( userEntry == null )
{
throw new LdapAuthenticationException( "Failed to lookup user for authentication: " + principal );
}
}
- catch( Exception cause )
+ catch ( Exception cause )
{
log.error( "Authentication error : " + cause.getMessage() );
LdapAuthenticationException e = new LdapAuthenticationException();
@@ -139,7 +142,6 @@
throw e;
}
-
Object userPassword;
Attribute userPasswordAttr = userEntry.get( "userPassword" );
@@ -148,42 +150,58 @@
boolean credentialsMatch = false;
- if (userPasswordAttr == null) {
+ if ( userPasswordAttr == null )
+ {
userPassword = ArrayUtils.EMPTY_BYTE_ARRAY;
- } else {
+ }
+ else
+ {
userPassword = userPasswordAttr.get();
- if (userPassword instanceof String) {
- userPassword = ((String) userPassword).getBytes();
+ if ( userPassword instanceof String )
+ {
+ userPassword = ( ( String ) userPassword ).getBytes();
}
}
// Check if password is stored as a message digest, i.e. one-way
// encrypted
- if (this.isPasswordOneWayEncrypted(userPassword)) {
- try {
+ if ( this.isPasswordOneWayEncrypted( userPassword ) )
+ {
+ try
+ {
// create a corresponding digested password from creds
- String algorithm = this.getAlgorithmForHashedPassword(userPassword);
- String digestedCredits = this.createDigestedPassword(algorithm, creds);
+ String algorithm = this.getAlgorithmForHashedPassword( userPassword );
+ String digestedCredits = this.createDigestedPassword( algorithm, creds );
- credentialsMatch = ArrayUtils.isEquals(digestedCredits.getBytes(), userPassword);
- } catch (NoSuchAlgorithmException nsae) {
- log.warn("Password stored with unknown algorithm.", nsae);
- } catch (IllegalArgumentException e) {
- log.warn("Exception during authentication", e);
+ credentialsMatch = ArrayUtils.isEquals( digestedCredits.getBytes(), userPassword );
+ }
+ catch ( NoSuchAlgorithmException nsae )
+ {
+ log.warn( "Password stored with unknown algorithm.", nsae );
}
- } else {
+ catch ( IllegalArgumentException e )
+ {
+ log.warn( "Exception during authentication", e );
+ }
+ }
+ else
+ {
// password is not stored one-way encrypted
- credentialsMatch = ArrayUtils.isEquals(creds, userPassword);
+ credentialsMatch = ArrayUtils.isEquals( creds, userPassword );
}
- if (credentialsMatch) {
- return new LdapPrincipal(principalDn, AuthenticationLevel.SIMPLE);
- } else {
+ if ( credentialsMatch )
+ {
+ return new LdapPrincipal( principalDn, AuthenticationLevel.SIMPLE );
+ }
+ else
+ {
throw new LdapAuthenticationException();
}
}
+
/**
* Checks if the argument is one-way encryped. If it is a string or a
* byte-array which looks like "{XYZ}...", and XYZ is a known lessage
@@ -194,17 +212,21 @@
* agument, either a string or a byte-array
* @return true, if the value is a digested password with algorithm included
*/
- protected boolean isPasswordOneWayEncrypted(Object password)
+ protected boolean isPasswordOneWayEncrypted( Object password )
{
boolean result = false;
- try {
- String algorithm = getAlgorithmForHashedPassword(password);
- result = (algorithm != null);
- } catch (IllegalArgumentException ignored) {
+ try
+ {
+ String algorithm = getAlgorithmForHashedPassword( password );
+ result = ( algorithm != null );
+ }
+ catch ( IllegalArgumentException ignored )
+ {
}
return result;
}
+
/**
* Get the algorithm of a password, which is stored in the form "{XYZ}...".
* The method returns null, if the argument is not in this form. It returns
@@ -215,34 +237,45 @@
* either a String or a byte[]
* @return included message digest alorithm, if any
*/
- protected String getAlgorithmForHashedPassword(Object password) throws IllegalArgumentException
+ protected String getAlgorithmForHashedPassword( Object password ) throws IllegalArgumentException
{
String result = null;
// Check if password arg is string or byte[]
String sPassword = null;
- if (password instanceof byte[]) {
- sPassword = new String((byte[]) password);
- } else if (password instanceof String) {
- sPassword = (String) password;
- } else {
- throw new IllegalArgumentException("password is neither a String nor a byte-Array.");
+ if ( password instanceof byte[] )
+ {
+ sPassword = new String( ( byte[] ) password );
+ }
+ else if ( password instanceof String )
+ {
+ sPassword = ( String ) password;
+ }
+ else
+ {
+ throw new IllegalArgumentException( "password is neither a String nor a byte-Array." );
}
- if (sPassword != null && sPassword.length() > 2 && sPassword.charAt(0) == '{' && sPassword.indexOf('}') > -1) {
- int algPosEnd = sPassword.indexOf('}');
- String algorithm = sPassword.substring(1, algPosEnd);
- try {
- MessageDigest.getInstance(algorithm);
+ if ( sPassword != null && sPassword.length() > 2 && sPassword.charAt( 0 ) == '{'
+ && sPassword.indexOf( '}' ) > -1 )
+ {
+ int algPosEnd = sPassword.indexOf( '}' );
+ String algorithm = sPassword.substring( 1, algPosEnd );
+ try
+ {
+ MessageDigest.getInstance( algorithm );
result = algorithm;
- } catch (NoSuchAlgorithmException e) {
- log.warn("Unknown message digest algorithm in password: " + algorithm, e);
+ }
+ catch ( NoSuchAlgorithmException e )
+ {
+ log.warn( "Unknown message digest algorithm in password: " + algorithm, e );
}
}
return result;
}
+
/**
* Creates a digested password. For a given hash algorithm and a password
* value, the algorithm is applied to the password, and the result is Base64
@@ -263,37 +296,45 @@
* if password is neither a String nor a byte[], or algorithm is
* not known to java.security.MessageDigest class
*/
- protected String createDigestedPassword(String algorithm, Object password) throws NoSuchAlgorithmException,
- IllegalArgumentException
+ protected String createDigestedPassword( String algorithm, Object password ) throws NoSuchAlgorithmException,
+ IllegalArgumentException
{
// Check if password arg is string or byte[]
byte[] data = null;
- if (password instanceof byte[]) {
- data = (byte[]) password;
- } else if (password instanceof String) {
- data = ((String) password).getBytes();
- } else {
- throw new IllegalArgumentException("password is neither a String nor a byte-Array.");
+ if ( password instanceof byte[] )
+ {
+ data = ( byte[] ) password;
+ }
+ else if ( password instanceof String )
+ {
+ data = ( ( String ) password ).getBytes();
+ }
+ else
+ {
+ throw new IllegalArgumentException( "password is neither a String nor a byte-Array." );
}
// create message digest object
MessageDigest digest = null;
- try {
- digest = MessageDigest.getInstance(algorithm);
- } catch (NoSuchAlgorithmException nsae) {
- throw new IllegalArgumentException(nsae.getMessage());
+ try
+ {
+ digest = MessageDigest.getInstance( algorithm );
+ }
+ catch ( NoSuchAlgorithmException nsae )
+ {
+ throw new IllegalArgumentException( nsae.getMessage() );
}
// calculate hashed value of password
- byte[] fingerPrint = digest.digest(data);
- char[] encoded = Base64.encode(fingerPrint);
+ byte[] fingerPrint = digest.digest( data );
+ char[] encoded = Base64.encode( fingerPrint );
// create return result of form "{alg}bbbbbbb"
StringBuffer result = new StringBuffer();
- result.append('{');
- result.append(algorithm);
- result.append('}');
- result.append(encoded);
+ result.append( '{' );
+ result.append( algorithm );
+ result.append( '}' );
+ result.append( encoded );
return result.toString();
}
Modified: directory/sandbox/akarasulu/rc1/apacheds/core/src/main/java/org/apache/directory/server/core/authz/AuthorizationService.java
URL: http://svn.apache.org/viewcvs/directory/sandbox/akarasulu/rc1/apacheds/core/src/main/java/org/apache/directory/server/core/authz/AuthorizationService.java?rev=376623&r1=376622&r2=376623&view=diff
==============================================================================
--- directory/sandbox/akarasulu/rc1/apacheds/core/src/main/java/org/apache/directory/server/core/authz/AuthorizationService.java (original)
+++ directory/sandbox/akarasulu/rc1/apacheds/core/src/main/java/org/apache/directory/server/core/authz/AuthorizationService.java Fri Feb 10 02:48:07 2006
@@ -90,7 +90,6 @@
private static final Collection IMPORT_PERMS;
private static final Collection MOVERENAME_PERMS;
-
static
{
HashSet set = new HashSet( 2 );
@@ -167,7 +166,8 @@
enabled = factoryCfg.getStartupConfiguration().isAccessControlEnabled();
// stuff for dealing with subentries (garbage for now)
- String subschemaSubentry = ( String ) factoryCfg.getPartitionNexus().getRootDSE().get( "subschemaSubentry" ).get();
+ String subschemaSubentry = ( String ) factoryCfg.getPartitionNexus().getRootDSE().get( "subschemaSubentry" )
+ .get();
subschemaSubentryDn = new LdapName( subschemaSubentry ).toString().toLowerCase();
}
@@ -185,9 +185,8 @@
* @param entry the target entry that access to is being controled
* @throws NamingException if there are problems accessing attribute values
*/
- private void addPerscriptiveAciTuples( DirectoryPartitionNexusProxy proxy, Collection tuples,
- Name dn, Attributes entry )
- throws NamingException
+ private void addPerscriptiveAciTuples( DirectoryPartitionNexusProxy proxy, Collection tuples, Name dn,
+ Attributes entry ) throws NamingException
{
/*
* If the protected entry is a subentry, then the entry being evaluated
@@ -245,7 +244,7 @@
}
catch ( ParseException e )
{
- String msg = "failed to parse entryACI: " + aciString ;
+ String msg = "failed to parse entryACI: " + aciString;
log.error( msg, e );
throw new LdapNamingException( msg, ResultCodeEnum.OPERATIONSERROR );
}
@@ -264,11 +263,11 @@
* @param entry the target entry that access to is being regulated
* @throws NamingException if there are problems accessing attribute values
*/
- private void addSubentryAciTuples( DirectoryPartitionNexusProxy proxy, Collection tuples,
- Name dn, Attributes entry ) throws NamingException
+ private void addSubentryAciTuples( DirectoryPartitionNexusProxy proxy, Collection tuples, Name dn, Attributes entry )
+ throws NamingException
{
// only perform this for subentries
- if ( ! entry.get("objectClass").contains("subentry") )
+ if ( !entry.get( "objectClass" ).contains( "subentry" ) )
{
return;
}
@@ -277,8 +276,8 @@
// will contain the subentryACI attributes that effect subentries
Name parentDn = ( Name ) dn.clone();
parentDn.remove( dn.size() - 1 );
- Attributes administrativeEntry = proxy.lookup( parentDn, new String[] { SUBENTRYACI_ATTR },
- DirectoryPartitionNexusProxy.LOOKUP_BYPASS );
+ Attributes administrativeEntry = proxy.lookup( parentDn, new String[]
+ { SUBENTRYACI_ATTR }, DirectoryPartitionNexusProxy.LOOKUP_BYPASS );
Attribute subentryAci = administrativeEntry.get( SUBENTRYACI_ATTR );
if ( subentryAci == null )
@@ -297,7 +296,7 @@
}
catch ( ParseException e )
{
- String msg = "failed to parse subentryACI: " + aciString ;
+ String msg = "failed to parse subentryACI: " + aciString;
log.error( msg, e );
throw new LdapNamingException( msg, ResultCodeEnum.OPERATIONSERROR );
}
@@ -336,7 +335,7 @@
Name userName = dnParser.parse( principal.getName() );
// bypass authz code if we are disabled
- if ( ! enabled )
+ if ( !enabled )
{
next.add( upName, normName, entry );
return;
@@ -355,7 +354,7 @@
SubentryService subentryService = ( SubentryService ) chain.get( "subentryService" );
Attributes subentryAttrs = subentryService.getSubentryAttributes( normName, entry );
NamingEnumeration attrList = entry.getAll();
- while( attrList.hasMore() )
+ while ( attrList.hasMore() )
{
subentryAttrs.put( ( Attribute ) attrList.next() );
}
@@ -371,8 +370,8 @@
// check if entry scope permission is granted
DirectoryPartitionNexusProxy proxy = invocation.getProxy();
- engine.checkPermission( proxy, userGroups, userName, principal.getAuthenticationLevel(),
- normName, null, null, ADD_PERMS, tuples, subentryAttrs );
+ engine.checkPermission( proxy, userGroups, userName, principal.getAuthenticationLevel(), normName, null, null,
+ ADD_PERMS, tuples, subentryAttrs );
// now we must check if attribute type and value scope permission is granted
NamingEnumeration attributeList = entry.getAll();
@@ -381,9 +380,8 @@
Attribute attr = ( Attribute ) attributeList.next();
for ( int ii = 0; ii < attr.size(); ii++ )
{
- engine.checkPermission( proxy, userGroups, userName,
- principal.getAuthenticationLevel(), normName, attr.getID(),
- attr.get( ii ), ADD_PERMS, tuples, entry );
+ engine.checkPermission( proxy, userGroups, userName, principal.getAuthenticationLevel(), normName, attr
+ .getID(), attr.get( ii ), ADD_PERMS, tuples, entry );
}
}
@@ -407,7 +405,7 @@
Name userName = dnParser.parse( principal.getName() );
// bypass authz code if we are disabled
- if ( ! enabled )
+ if ( !enabled )
{
next.delete( name );
return;
@@ -428,8 +426,8 @@
addEntryAciTuples( tuples, entry );
addSubentryAciTuples( proxy, tuples, name, entry );
- engine.checkPermission( proxy, userGroups, userName, principal.getAuthenticationLevel(), name, null,
- null, REMOVE_PERMS, tuples, entry );
+ engine.checkPermission( proxy, userGroups, userName, principal.getAuthenticationLevel(), name, null, null,
+ REMOVE_PERMS, tuples, entry );
next.delete( name );
tupleCache.subentryDeleted( name, entry );
@@ -447,7 +445,7 @@
Name userName = dnParser.parse( principal.getName() );
// bypass authz code if we are disabled
- if ( ! enabled )
+ if ( !enabled )
{
next.modify( name, modOp, mods );
return;
@@ -468,31 +466,31 @@
addEntryAciTuples( tuples, entry );
addSubentryAciTuples( proxy, tuples, name, entry );
- engine.checkPermission( proxy, userGroups, userName, principal.getAuthenticationLevel(), name, null,
- null, Collections.singleton( MicroOperation.MODIFY ), tuples, entry );
+ engine.checkPermission( proxy, userGroups, userName, principal.getAuthenticationLevel(), name, null, null,
+ Collections.singleton( MicroOperation.MODIFY ), tuples, entry );
NamingEnumeration attrList = mods.getAll();
Collection perms = null;
- switch( modOp )
+ switch ( modOp )
{
- case( DirContext.ADD_ATTRIBUTE ):
+ case ( DirContext.ADD_ATTRIBUTE ):
perms = ADD_PERMS;
break;
- case( DirContext.REMOVE_ATTRIBUTE ):
+ case ( DirContext.REMOVE_ATTRIBUTE ):
perms = REMOVE_PERMS;
break;
- case( DirContext.REPLACE_ATTRIBUTE ):
+ case ( DirContext.REPLACE_ATTRIBUTE ):
perms = REPLACE_PERMS;
break;
}
- while( attrList.hasMore() )
+ while ( attrList.hasMore() )
{
Attribute attr = ( Attribute ) attrList.next();
for ( int ii = 0; ii < attr.size(); ii++ )
{
- engine.checkPermission( proxy, userGroups, userName, principal.getAuthenticationLevel(),
- name, attr.getID(), attr.get( ii ), perms, tuples, entry );
+ engine.checkPermission( proxy, userGroups, userName, principal.getAuthenticationLevel(), name, attr
+ .getID(), attr.get( ii ), perms, tuples, entry );
}
}
@@ -512,7 +510,7 @@
Name userName = dnParser.parse( principal.getName() );
// bypass authz code if we are disabled
- if ( ! enabled )
+ if ( !enabled )
{
next.modify( name, mods );
return;
@@ -533,21 +531,21 @@
addEntryAciTuples( tuples, entry );
addSubentryAciTuples( proxy, tuples, name, entry );
- engine.checkPermission( proxy, userGroups, userName, principal.getAuthenticationLevel(), name, null,
- null, Collections.singleton( MicroOperation.MODIFY ), tuples, entry );
+ engine.checkPermission( proxy, userGroups, userName, principal.getAuthenticationLevel(), name, null, null,
+ Collections.singleton( MicroOperation.MODIFY ), tuples, entry );
Collection perms = null;
for ( int ii = 0; ii < mods.length; ii++ )
{
- switch( mods[ii].getModificationOp() )
+ switch ( mods[ii].getModificationOp() )
{
- case( DirContext.ADD_ATTRIBUTE ):
+ case ( DirContext.ADD_ATTRIBUTE ):
perms = ADD_PERMS;
break;
- case( DirContext.REMOVE_ATTRIBUTE ):
+ case ( DirContext.REMOVE_ATTRIBUTE ):
perms = REMOVE_PERMS;
break;
- case( DirContext.REPLACE_ATTRIBUTE ):
+ case ( DirContext.REPLACE_ATTRIBUTE ):
perms = REPLACE_PERMS;
break;
}
@@ -555,8 +553,8 @@
Attribute attr = mods[ii].getAttribute();
for ( int jj = 0; jj < attr.size(); jj++ )
{
- engine.checkPermission( proxy, userGroups, userName, principal.getAuthenticationLevel(),
- name, attr.getID(), attr.get( jj ), perms, tuples, entry );
+ engine.checkPermission( proxy, userGroups, userName, principal.getAuthenticationLevel(), name, attr
+ .getID(), attr.get( jj ), perms, tuples, entry );
}
}
@@ -574,8 +572,8 @@
LdapPrincipal principal = ( ( ServerContext ) invocation.getCaller() ).getPrincipal();
Name userName = dnParser.parse( principal.getName() );
- if ( userName.toString().equalsIgnoreCase( DirectoryPartitionNexus.ADMIN_PRINCIPAL ) || ! enabled
- || name.toString().trim().equals( "" ) ) // no checks on the rootdse
+ if ( userName.toString().equalsIgnoreCase( DirectoryPartitionNexus.ADMIN_PRINCIPAL ) || !enabled
+ || name.toString().trim().equals( "" ) ) // no checks on the rootdse
{
return next.hasEntry( name );
}
@@ -587,8 +585,8 @@
addSubentryAciTuples( proxy, tuples, name, entry );
// check that we have browse access to the entry
- engine.checkPermission( proxy, userGroups, userName, principal.getAuthenticationLevel(), name, null,
- null, BROWSE_PERMS, tuples, entry );
+ engine.checkPermission( proxy, userGroups, userName, principal.getAuthenticationLevel(), name, null, null,
+ BROWSE_PERMS, tuples, entry );
return next.hasEntry( name );
}
@@ -609,8 +607,7 @@
* @param entry the raw entry pulled from the nexus
* @throws NamingException
*/
- private void checkLookupAccess( LdapPrincipal principal, Name dn, Attributes entry )
- throws NamingException
+ private void checkLookupAccess( LdapPrincipal principal, Name dn, Attributes entry ) throws NamingException
{
// no permissions checks on the RootDSE
if ( dn.toString().trim().equals( "" ) )
@@ -627,8 +624,8 @@
addSubentryAciTuples( proxy, tuples, dn, entry );
// check that we have read access to the entry
- engine.checkPermission( proxy, userGroups, userName, principal.getAuthenticationLevel(), dn, null,
- null, LOOKUP_PERMS, tuples, entry );
+ engine.checkPermission( proxy, userGroups, userName, principal.getAuthenticationLevel(), dn, null, null,
+ LOOKUP_PERMS, tuples, entry );
// check that we have read access to every attribute type and value
NamingEnumeration attributeList = entry.getAll();
@@ -637,8 +634,8 @@
Attribute attr = ( Attribute ) attributeList.next();
for ( int ii = 0; ii < attr.size(); ii++ )
{
- engine.checkPermission( proxy, userGroups, userName, principal.getAuthenticationLevel(), dn,
- attr.getID(), attr.get( ii ), READ_PERMS, tuples, entry );
+ engine.checkPermission( proxy, userGroups, userName, principal.getAuthenticationLevel(), dn, attr
+ .getID(), attr.get( ii ), READ_PERMS, tuples, entry );
}
}
}
@@ -651,7 +648,7 @@
Attributes entry = proxy.lookup( dn, DirectoryPartitionNexusProxy.LOOKUP_BYPASS );
LdapPrincipal principal = ( ( ServerContext ) invocation.getCaller() ).getPrincipal();
- if ( principal.getName().equalsIgnoreCase( DirectoryPartitionNexus.ADMIN_PRINCIPAL ) || ! enabled )
+ if ( principal.getName().equalsIgnoreCase( DirectoryPartitionNexus.ADMIN_PRINCIPAL ) || !enabled )
{
return next.lookup( dn, attrIds );
}
@@ -668,7 +665,7 @@
Attributes entry = proxy.lookup( name, DirectoryPartitionNexusProxy.LOOKUP_BYPASS );
LdapPrincipal user = ( ( ServerContext ) invocation.getCaller() ).getPrincipal();
- if ( user.getName().equalsIgnoreCase( DirectoryPartitionNexus.ADMIN_PRINCIPAL ) || ! enabled )
+ if ( user.getName().equalsIgnoreCase( DirectoryPartitionNexus.ADMIN_PRINCIPAL ) || !enabled )
{
return next.lookup( name );
}
@@ -690,9 +687,8 @@
newName.remove( name.size() - 1 );
newName.add( dnParser.parse( newRn ).get( 0 ) );
-
// bypass authz code if we are disabled
- if ( ! enabled )
+ if ( !enabled )
{
next.modifyRn( name, newRn, deleteOldRn );
return;
@@ -715,35 +711,35 @@
addEntryAciTuples( tuples, entry );
addSubentryAciTuples( proxy, tuples, name, entry );
- engine.checkPermission( proxy, userGroups, userName, principal.getAuthenticationLevel(), name, null,
- null, RENAME_PERMS, tuples, entry );
+ engine.checkPermission( proxy, userGroups, userName, principal.getAuthenticationLevel(), name, null, null,
+ RENAME_PERMS, tuples, entry );
-// if ( deleteOldRn )
-// {
-// String oldRn = name.get( name.size() - 1 );
-// if ( NamespaceTools.hasCompositeComponents( oldRn ) )
-// {
-// String[] comps = NamespaceTools.getCompositeComponents( oldRn );
-// for ( int ii = 0; ii < comps.length; ii++ )
-// {
-// String id = NamespaceTools.getRdnAttribute( comps[ii] );
-// String value = NamespaceTools.getRdnValue( comps[ii] );
-// engine.checkPermission( next, userGroups, user.getJndiName(),
-// user.getAuthenticationLevel(), name, id,
-// value, Collections.singleton( MicroOperation.REMOVE ),
-// tuples, entry );
-// }
-// }
-// else
-// {
-// String id = NamespaceTools.getRdnAttribute( oldRn );
-// String value = NamespaceTools.getRdnValue( oldRn );
-// engine.checkPermission( next, userGroups, user.getJndiName(),
-// user.getAuthenticationLevel(), name, id,
-// value, Collections.singleton( MicroOperation.REMOVE ),
-// tuples, entry );
-// }
-// }
+ // if ( deleteOldRn )
+ // {
+ // String oldRn = name.get( name.size() - 1 );
+ // if ( NamespaceTools.hasCompositeComponents( oldRn ) )
+ // {
+ // String[] comps = NamespaceTools.getCompositeComponents( oldRn );
+ // for ( int ii = 0; ii < comps.length; ii++ )
+ // {
+ // String id = NamespaceTools.getRdnAttribute( comps[ii] );
+ // String value = NamespaceTools.getRdnValue( comps[ii] );
+ // engine.checkPermission( next, userGroups, user.getJndiName(),
+ // user.getAuthenticationLevel(), name, id,
+ // value, Collections.singleton( MicroOperation.REMOVE ),
+ // tuples, entry );
+ // }
+ // }
+ // else
+ // {
+ // String id = NamespaceTools.getRdnAttribute( oldRn );
+ // String value = NamespaceTools.getRdnValue( oldRn );
+ // engine.checkPermission( next, userGroups, user.getJndiName(),
+ // user.getAuthenticationLevel(), name, id,
+ // value, Collections.singleton( MicroOperation.REMOVE ),
+ // tuples, entry );
+ // }
+ // }
next.modifyRn( name, newRn, deleteOldRn );
tupleCache.subentryRenamed( name, newName );
@@ -752,7 +748,7 @@
public void move( NextInterceptor next, Name oriChildName, Name newParentName, String newRn, boolean deleteOldRn )
- throws NamingException
+ throws NamingException
{
// Access the principal requesting the operation, and bypass checks if it is the admin
Invocation invocation = InvocationStack.getInstance().peek();
@@ -764,7 +760,7 @@
newName.add( newRn );
// bypass authz code if we are disabled
- if ( ! enabled )
+ if ( !enabled )
{
next.move( oriChildName, newParentName, newRn, deleteOldRn );
return;
@@ -785,42 +781,42 @@
addEntryAciTuples( tuples, entry );
addSubentryAciTuples( proxy, tuples, oriChildName, entry );
- engine.checkPermission( proxy, userGroups, userName, principal.getAuthenticationLevel(),
- oriChildName, null, null, MOVERENAME_PERMS, tuples, entry );
+ engine.checkPermission( proxy, userGroups, userName, principal.getAuthenticationLevel(), oriChildName, null,
+ null, MOVERENAME_PERMS, tuples, entry );
Collection destTuples = new HashSet();
addPerscriptiveAciTuples( proxy, destTuples, oriChildName, entry );
addEntryAciTuples( destTuples, entry );
addSubentryAciTuples( proxy, destTuples, oriChildName, entry );
- engine.checkPermission( proxy, userGroups, userName, principal.getAuthenticationLevel(),
- oriChildName, null, null, IMPORT_PERMS, tuples, entry );
+ engine.checkPermission( proxy, userGroups, userName, principal.getAuthenticationLevel(), oriChildName, null,
+ null, IMPORT_PERMS, tuples, entry );
-// if ( deleteOldRn )
-// {
-// String oldRn = oriChildName.get( oriChildName.size() - 1 );
-// if ( NamespaceTools.hasCompositeComponents( oldRn ) )
-// {
-// String[] comps = NamespaceTools.getCompositeComponents( oldRn );
-// for ( int ii = 0; ii < comps.length; ii++ )
-// {
-// String id = NamespaceTools.getRdnAttribute( comps[ii] );
-// String value = NamespaceTools.getRdnValue( comps[ii] );
-// engine.checkPermission( next, userGroups, user.getJndiName(),
-// user.getAuthenticationLevel(), oriChildName, id,
-// value, Collections.singleton( MicroOperation.REMOVE ),
-// tuples, entry );
-// }
-// }
-// else
-// {
-// String id = NamespaceTools.getRdnAttribute( oldRn );
-// String value = NamespaceTools.getRdnValue( oldRn );
-// engine.checkPermission( next, userGroups, user.getJndiName(),
-// user.getAuthenticationLevel(), oriChildName, id,
-// value, Collections.singleton( MicroOperation.REMOVE ),
-// tuples, entry );
-// }
-// }
+ // if ( deleteOldRn )
+ // {
+ // String oldRn = oriChildName.get( oriChildName.size() - 1 );
+ // if ( NamespaceTools.hasCompositeComponents( oldRn ) )
+ // {
+ // String[] comps = NamespaceTools.getCompositeComponents( oldRn );
+ // for ( int ii = 0; ii < comps.length; ii++ )
+ // {
+ // String id = NamespaceTools.getRdnAttribute( comps[ii] );
+ // String value = NamespaceTools.getRdnValue( comps[ii] );
+ // engine.checkPermission( next, userGroups, user.getJndiName(),
+ // user.getAuthenticationLevel(), oriChildName, id,
+ // value, Collections.singleton( MicroOperation.REMOVE ),
+ // tuples, entry );
+ // }
+ // }
+ // else
+ // {
+ // String id = NamespaceTools.getRdnAttribute( oldRn );
+ // String value = NamespaceTools.getRdnValue( oldRn );
+ // engine.checkPermission( next, userGroups, user.getJndiName(),
+ // user.getAuthenticationLevel(), oriChildName, id,
+ // value, Collections.singleton( MicroOperation.REMOVE ),
+ // tuples, entry );
+ // }
+ // }
next.move( oriChildName, newParentName, newRn, deleteOldRn );
tupleCache.subentryRenamed( oriChildName, newName );
@@ -840,7 +836,7 @@
Name userName = dnParser.parse( principal.getName() );
// bypass authz code if we are disabled
- if ( ! enabled )
+ if ( !enabled )
{
next.move( oriChildName, newParentName );
return;
@@ -861,31 +857,31 @@
addEntryAciTuples( tuples, entry );
addSubentryAciTuples( proxy, tuples, oriChildName, entry );
- engine.checkPermission( proxy, userGroups, userName, principal.getAuthenticationLevel(),
- oriChildName, null, null, EXPORT_PERMS, tuples, entry );
+ engine.checkPermission( proxy, userGroups, userName, principal.getAuthenticationLevel(), oriChildName, null,
+ null, EXPORT_PERMS, tuples, entry );
Collection destTuples = new HashSet();
addPerscriptiveAciTuples( proxy, destTuples, oriChildName, entry );
addEntryAciTuples( destTuples, entry );
addSubentryAciTuples( proxy, destTuples, oriChildName, entry );
- engine.checkPermission( proxy, userGroups, userName, principal.getAuthenticationLevel(),
- oriChildName, null, null, IMPORT_PERMS, tuples, entry );
+ engine.checkPermission( proxy, userGroups, userName, principal.getAuthenticationLevel(), oriChildName, null,
+ null, IMPORT_PERMS, tuples, entry );
next.move( oriChildName, newParentName );
tupleCache.subentryRenamed( oriChildName, newName );
groupCache.groupRenamed( oriChildName, newName );
}
-
public static final SearchControls DEFUALT_SEARCH_CONTROLS = new SearchControls();
+
public NamingEnumeration list( NextInterceptor next, Name base ) throws NamingException
{
Invocation invocation = InvocationStack.getInstance().peek();
ServerLdapContext ctx = ( ServerLdapContext ) invocation.getCaller();
LdapPrincipal user = ctx.getPrincipal();
NamingEnumeration e = next.list( base );
- if ( user.getName().equalsIgnoreCase( DirectoryPartitionNexus.ADMIN_PRINCIPAL ) || ! enabled )
+ if ( user.getName().equalsIgnoreCase( DirectoryPartitionNexus.ADMIN_PRINCIPAL ) || !enabled )
{
return e;
}
@@ -895,7 +891,7 @@
public NamingEnumeration search( NextInterceptor next, Name base, Map env, ExprNode filter,
- SearchControls searchCtls ) throws NamingException
+ SearchControls searchCtls ) throws NamingException
{
Invocation invocation = InvocationStack.getInstance().peek();
ServerLdapContext ctx = ( ServerLdapContext ) invocation.getCaller();
@@ -904,8 +900,8 @@
boolean isSubschemaSubentryLookup = subschemaSubentryDn.equals( base.toString() );
boolean isRootDSELookup = base.size() == 0 && searchCtls.getSearchScope() == SearchControls.OBJECT_SCOPE;
- if ( user.getName().equalsIgnoreCase( DirectoryPartitionNexus.ADMIN_PRINCIPAL )
- || ! enabled || isRootDSELookup || isSubschemaSubentryLookup )
+ if ( user.getName().equalsIgnoreCase( DirectoryPartitionNexus.ADMIN_PRINCIPAL ) || !enabled || isRootDSELookup
+ || isSubschemaSubentryLookup )
{
return e;
}
@@ -923,7 +919,7 @@
LdapPrincipal principal = ( ( ServerContext ) invocation.getCaller() ).getPrincipal();
Name userName = dnParser.parse( principal.getName() );
- if ( userName.toString().equalsIgnoreCase( DirectoryPartitionNexus.ADMIN_PRINCIPAL ) || ! enabled )
+ if ( userName.toString().equalsIgnoreCase( DirectoryPartitionNexus.ADMIN_PRINCIPAL ) || !enabled )
{
return next.compare( name, oid, value );
}
@@ -934,10 +930,10 @@
addEntryAciTuples( tuples, entry );
addSubentryAciTuples( proxy, tuples, name, entry );
- engine.checkPermission( proxy, userGroups, userName, principal.getAuthenticationLevel(), name, null,
- null, READ_PERMS, tuples, entry );
- engine.checkPermission( proxy, userGroups, userName, principal.getAuthenticationLevel(), name, oid,
- value, COMPARE_PERMS, tuples, entry );
+ engine.checkPermission( proxy, userGroups, userName, principal.getAuthenticationLevel(), name, null, null,
+ READ_PERMS, tuples, entry );
+ engine.checkPermission( proxy, userGroups, userName, principal.getAuthenticationLevel(), name, oid, value,
+ COMPARE_PERMS, tuples, entry );
return next.compare( name, oid, value );
}
@@ -950,7 +946,7 @@
DirectoryPartitionNexusProxy proxy = invocation.getProxy();
LdapPrincipal principal = ( ( ServerContext ) invocation.getCaller() ).getPrincipal();
Name userName = dnParser.parse( principal.getName() );
- if ( userName.toString().equalsIgnoreCase( DirectoryPartitionNexus.ADMIN_PRINCIPAL ) || ! enabled )
+ if ( userName.toString().equalsIgnoreCase( DirectoryPartitionNexus.ADMIN_PRINCIPAL ) || !enabled )
{
return next.getMatchedName( dn, normalized );
}
@@ -979,9 +975,8 @@
addEntryAciTuples( tuples, entry );
addSubentryAciTuples( proxy, tuples, matched, entry );
- if ( engine.hasPermission( proxy, userGroups, userName,
- principal.getAuthenticationLevel(), matched, null, null,
- MATCHEDNAME_PERMS, tuples, entry ) )
+ if ( engine.hasPermission( proxy, userGroups, userName, principal.getAuthenticationLevel(), matched, null,
+ null, MATCHEDNAME_PERMS, tuples, entry ) )
{
return matched;
}
@@ -1001,11 +996,11 @@
private boolean filter( Invocation invocation, Name normName, SearchResult result ) throws NamingException
{
- /*
- * First call hasPermission() for entry level "Browse" and "ReturnDN" perm
- * tests. If we hasPermission() returns false we immediately short the
- * process and return false.
- */
+ /*
+ * First call hasPermission() for entry level "Browse" and "ReturnDN" perm
+ * tests. If we hasPermission() returns false we immediately short the
+ * process and return false.
+ */
Attributes entry = invocation.getProxy().lookup( normName, DirectoryPartitionNexusProxy.LOOKUP_BYPASS );
ServerLdapContext ctx = ( ServerLdapContext ) invocation.getCaller();
Name userDn = dnParser.parse( ctx.getPrincipal().getName() );
@@ -1015,9 +1010,8 @@
addEntryAciTuples( tuples, entry );
addSubentryAciTuples( invocation.getProxy(), tuples, normName, entry );
- if ( ! engine.hasPermission( invocation.getProxy(), userGroups, userDn,
- ctx.getPrincipal().getAuthenticationLevel(),
- normName, null, null, SEARCH_ENTRY_PERMS, tuples, entry ) )
+ if ( !engine.hasPermission( invocation.getProxy(), userGroups, userDn, ctx.getPrincipal()
+ .getAuthenticationLevel(), normName, null, null, SEARCH_ENTRY_PERMS, tuples, entry ) )
{
return false;
}
@@ -1035,9 +1029,8 @@
// if attribute type scope access is not allowed then remove the attribute and continue
String id = ( String ) idList.next();
Attribute attr = result.getAttributes().get( id );
- if ( ! engine.hasPermission( invocation.getProxy(), userGroups, userDn,
- ctx.getPrincipal().getAuthenticationLevel(),
- normName, attr.getID(), null, SEARCH_ATTRVAL_PERMS, tuples, entry ) )
+ if ( !engine.hasPermission( invocation.getProxy(), userGroups, userDn, ctx.getPrincipal()
+ .getAuthenticationLevel(), normName, attr.getID(), null, SEARCH_ATTRVAL_PERMS, tuples, entry ) )
{
result.getAttributes().remove( attr.getID() );
@@ -1051,9 +1044,9 @@
// attribute type scope is ok now let's determine value level scope
for ( int ii = 0; ii < attr.size(); ii++ )
{
- if ( ! engine.hasPermission( invocation.getProxy(), userGroups, userDn,
- ctx.getPrincipal().getAuthenticationLevel(), normName,
- attr.getID(), attr.get( ii ), SEARCH_ATTRVAL_PERMS, tuples, entry ) )
+ if ( !engine.hasPermission( invocation.getProxy(), userGroups, userDn, ctx.getPrincipal()
+ .getAuthenticationLevel(), normName, attr.getID(), attr.get( ii ), SEARCH_ATTRVAL_PERMS, tuples,
+ entry ) )
{
attr.remove( ii );
@@ -1068,7 +1061,6 @@
return true;
}
-
/**
* WARNING: create one of these filters fresh every time for each new search.
*/
@@ -1077,6 +1069,7 @@
/** dedicated normalizing parser for this search - cheaper than synchronization */
final DnParser parser;
+
public AuthorizationFilter() throws NamingException
{
parser = new DnParser( new ConcreteNameComponentNormalizer( attrRegistry ) );
@@ -1084,18 +1077,18 @@
public boolean accept( Invocation invocation, SearchResult result, SearchControls controls )
- throws NamingException
+ throws NamingException
{
Name normName = parser.parse( result.getName() );
-// looks like isRelative returns true even when the names for results are absolute!!!!
-// @todo this is a big bug in JNDI provider
+ // looks like isRelative returns true even when the names for results are absolute!!!!
+ // @todo this is a big bug in JNDI provider
-// if ( result.isRelative() )
-// {
-// Name base = parser.parse( ctx.getNameInNamespace() );
-// normName = base.addAll( normName );
-// }
+ // if ( result.isRelative() )
+ // {
+ // Name base = parser.parse( ctx.getNameInNamespace() );
+ // normName = base.addAll( normName );
+ // }
return filter( invocation, normName, result );
}
Modified: directory/sandbox/akarasulu/rc1/apacheds/core/src/main/java/org/apache/directory/server/core/authz/GroupCache.java
URL: http://svn.apache.org/viewcvs/directory/sandbox/akarasulu/rc1/apacheds/core/src/main/java/org/apache/directory/server/core/authz/GroupCache.java?rev=376623&r1=376622&r2=376623&view=diff
==============================================================================
--- directory/sandbox/akarasulu/rc1/apacheds/core/src/main/java/org/apache/directory/server/core/authz/GroupCache.java (original)
+++ directory/sandbox/akarasulu/rc1/apacheds/core/src/main/java/org/apache/directory/server/core/authz/GroupCache.java Fri Feb 10 02:48:07 2006
@@ -70,12 +70,12 @@
*
* @param factoryCfg the context factory configuration for the server
*/
- public GroupCache( DirectoryServiceConfiguration factoryCfg ) throws NamingException
+ public GroupCache(DirectoryServiceConfiguration factoryCfg) throws NamingException
{
this.nexus = factoryCfg.getPartitionNexus();
this.env = ( Hashtable ) factoryCfg.getEnvironment().clone();
- this.parser = new DnParser( new ConcreteNameComponentNormalizer(
- factoryCfg.getGlobalRegistries().getAttributeTypeRegistry() ) );
+ this.parser = new DnParser( new ConcreteNameComponentNormalizer( factoryCfg.getGlobalRegistries()
+ .getAttributeTypeRegistry() ) );
initialize();
}
@@ -288,17 +288,17 @@
switch ( modOp )
{
- case ( DirContext.ADD_ATTRIBUTE ):
+ case ( DirContext.ADD_ATTRIBUTE ):
addMembers( memberSet, members );
break;
- case ( DirContext.REPLACE_ATTRIBUTE ):
+ case ( DirContext.REPLACE_ATTRIBUTE ):
if ( members.size() > 0 )
{
memberSet.clear();
addMembers( memberSet, members );
}
break;
- case ( DirContext.REMOVE_ATTRIBUTE ):
+ case ( DirContext.REMOVE_ATTRIBUTE ):
removeMembers( memberSet, members );
break;
default:
@@ -405,7 +405,10 @@
}
catch ( NamingException e )
{
- log.warn( "Malformed member DN. Could not find groups for member in GroupCache. Returning empty set for groups!", e );
+ log
+ .warn(
+ "Malformed member DN. Could not find groups for member in GroupCache. Returning empty set for groups!",
+ e );
return Collections.EMPTY_SET;
}
Modified: directory/sandbox/akarasulu/rc1/apacheds/core/src/main/java/org/apache/directory/server/core/authz/OldAuthorizationService.java
URL: http://svn.apache.org/viewcvs/directory/sandbox/akarasulu/rc1/apacheds/core/src/main/java/org/apache/directory/server/core/authz/OldAuthorizationService.java?rev=376623&r1=376622&r2=376623&view=diff
==============================================================================
--- directory/sandbox/akarasulu/rc1/apacheds/core/src/main/java/org/apache/directory/server/core/authz/OldAuthorizationService.java (original)
+++ directory/sandbox/akarasulu/rc1/apacheds/core/src/main/java/org/apache/directory/server/core/authz/OldAuthorizationService.java Fri Feb 10 02:48:07 2006
@@ -80,7 +80,6 @@
private boolean enabled = true;
-
/**
* Creates a new instance.
*/
@@ -95,7 +94,7 @@
dnParser = new DnParser( new ConcreteNameComponentNormalizer( atr ) );
// disable this static module if basic access control mechanisms are enabled
- enabled = ! factoryCfg.getStartupConfiguration().isAccessControlEnabled();
+ enabled = !factoryCfg.getStartupConfiguration().isAccessControlEnabled();
}
@@ -127,8 +126,7 @@
throw new LdapNoPermissionException( msg );
}
- if ( name.size() > 2 && name.startsWith( USER_BASE_DN )
- && !principalDn.equals( ADMIN_DN ) )
+ if ( name.size() > 2 && name.startsWith( USER_BASE_DN ) && !principalDn.equals( ADMIN_DN ) )
{
String msg = "User " + principalDn;
msg += " does not have permission to delete the user account: ";
@@ -136,8 +134,7 @@
throw new LdapNoPermissionException( msg );
}
- if ( name.size() > 2 && name.startsWith( GROUP_BASE_DN )
- && !principalDn.equals( ADMIN_DN ) )
+ if ( name.size() > 2 && name.startsWith( GROUP_BASE_DN ) && !principalDn.equals( ADMIN_DN ) )
{
String msg = "User " + principalDn;
msg += " does not have permission to delete the group entry: ";
@@ -165,14 +162,14 @@
// Entry Modification Operations
// ------------------------------------------------------------------------
-
/**
* This policy needs to be really tight too because some attributes may take
* part in giving the user permissions to protected resources. We do not want
* users to self access these resources. As far as we're concerned no one but
* the admin needs access.
*/
- public void modify( NextInterceptor nextInterceptor, Name name, int modOp, Attributes attrs ) throws NamingException
+ public void modify( NextInterceptor nextInterceptor, Name name, int modOp, Attributes attrs )
+ throws NamingException
{
if ( enabled )
{
@@ -218,7 +215,7 @@
msg += " admin user.";
throw new LdapNoPermissionException( msg );
}
-
+
if ( dn.size() > 2 && dn.startsWith( USER_BASE_DN ) )
{
String msg = "User " + principalDn;
@@ -249,8 +246,8 @@
// o The administrator entry cannot be moved or renamed by anyone
// ------------------------------------------------------------------------
-
- public void modifyRn( NextInterceptor nextInterceptor, Name name, String newRn, boolean deleteOldRn ) throws NamingException
+ public void modifyRn( NextInterceptor nextInterceptor, Name name, String newRn, boolean deleteOldRn )
+ throws NamingException
{
if ( enabled )
{
@@ -270,9 +267,8 @@
}
- public void move( NextInterceptor nextInterceptor,
- Name oriChildName, Name newParentName, String newRn,
- boolean deleteOldRn ) throws NamingException
+ public void move( NextInterceptor nextInterceptor, Name oriChildName, Name newParentName, String newRn,
+ boolean deleteOldRn ) throws NamingException
{
if ( enabled )
{
@@ -323,7 +319,7 @@
public Attributes lookup( NextInterceptor nextInterceptor, Name name ) throws NamingException
{
Attributes attributes = nextInterceptor.lookup( name );
- if ( ! enabled || attributes == null )
+ if ( !enabled || attributes == null )
{
return attributes;
}
@@ -336,7 +332,7 @@
public Attributes lookup( NextInterceptor nextInterceptor, Name name, String[] attrIds ) throws NamingException
{
Attributes attributes = nextInterceptor.lookup( name, attrIds );
- if ( ! enabled || attributes == null )
+ if ( !enabled || attributes == null )
{
return attributes;
}
@@ -348,8 +344,7 @@
private void protectLookUp( Name dn ) throws NamingException
{
- LdapContext ctx =
- ( LdapContext ) InvocationStack.getInstance().peek().getCaller();
+ LdapContext ctx = ( LdapContext ) InvocationStack.getInstance().peek().getCaller();
Name principalDn = ( ( ServerContext ) ctx ).getPrincipal().getJndiName();
if ( !principalDn.equals( ADMIN_DN ) )
@@ -399,9 +394,8 @@
}
- public NamingEnumeration search( NextInterceptor nextInterceptor,
- Name base, Map env, ExprNode filter,
- SearchControls searchCtls ) throws NamingException
+ public NamingEnumeration search( NextInterceptor nextInterceptor, Name base, Map env, ExprNode filter,
+ SearchControls searchCtls ) throws NamingException
{
NamingEnumeration e = nextInterceptor.search( base, env, filter, searchCtls );
if ( !enabled )
@@ -412,17 +406,16 @@
//{
// return null;
//}
-
+
Invocation invocation = InvocationStack.getInstance().peek();
- return new SearchResultFilteringEnumeration( e, searchCtls, invocation,
- new SearchResultFilter()
+ return new SearchResultFilteringEnumeration( e, searchCtls, invocation, new SearchResultFilter()
+ {
+ public boolean accept( Invocation invocation, SearchResult result, SearchControls controls )
+ throws NamingException
{
- public boolean accept( Invocation invocation, SearchResult result, SearchControls controls )
- throws NamingException
- {
- return OldAuthorizationService.this.isSearchable( invocation, result );
- }
- });
+ return OldAuthorizationService.this.isSearchable( invocation, result );
+ }
+ } );
}
@@ -435,20 +428,18 @@
}
Invocation invocation = InvocationStack.getInstance().peek();
- return new SearchResultFilteringEnumeration( e, null, invocation,
- new SearchResultFilter()
+ return new SearchResultFilteringEnumeration( e, null, invocation, new SearchResultFilter()
+ {
+ public boolean accept( Invocation invocation, SearchResult result, SearchControls controls )
+ throws NamingException
{
- public boolean accept( Invocation invocation, SearchResult result, SearchControls controls )
- throws NamingException
- {
- return OldAuthorizationService.this.isSearchable( invocation, result );
- }
- } );
+ return OldAuthorizationService.this.isSearchable( invocation, result );
+ }
+ } );
}
- private boolean isSearchable( Invocation invocataion, SearchResult result )
- throws NamingException
+ private boolean isSearchable( Invocation invocataion, SearchResult result ) throws NamingException
{
Name dn;
Modified: directory/sandbox/akarasulu/rc1/apacheds/core/src/main/java/org/apache/directory/server/core/authz/TupleCache.java
URL: http://svn.apache.org/viewcvs/directory/sandbox/akarasulu/rc1/apacheds/core/src/main/java/org/apache/directory/server/core/authz/TupleCache.java?rev=376623&r1=376622&r2=376623&view=diff
==============================================================================
--- directory/sandbox/akarasulu/rc1/apacheds/core/src/main/java/org/apache/directory/server/core/authz/TupleCache.java (original)
+++ directory/sandbox/akarasulu/rc1/apacheds/core/src/main/java/org/apache/directory/server/core/authz/TupleCache.java Fri Feb 10 02:48:07 2006
@@ -83,7 +83,7 @@
*
* @param factoryCfg the context factory configuration for the server
*/
- public TupleCache( DirectoryServiceConfiguration factoryCfg ) throws NamingException
+ public TupleCache(DirectoryServiceConfiguration factoryCfg) throws NamingException
{
this.nexus = factoryCfg.getPartitionNexus();
AttributeTypeRegistry registry = factoryCfg.getGlobalRegistries().getAttributeTypeRegistry();
@@ -151,7 +151,7 @@
{
// only do something if the entry contains prescriptiveACI
Attribute aci = entry.get( ACI_ATTR );
- if ( ! hasPrescriptiveACI( entry ) )
+ if ( !hasPrescriptiveACI( entry ) )
{
return;
}
@@ -167,7 +167,7 @@
}
catch ( ParseException e )
{
- String msg = "ACIItem parser failure on '"+item+"'. Cannnot add ACITuples to TupleCache.";
+ String msg = "ACIItem parser failure on '" + item + "'. Cannnot add ACITuples to TupleCache.";
log.warn( msg, e );
}
@@ -178,8 +178,8 @@
public void subentryDeleted( Name normName, Attributes entry ) throws NamingException
- {
- if ( ! hasPrescriptiveACI( entry ) )
+ {
+ if ( !hasPrescriptiveACI( entry ) )
{
return;
}
@@ -190,7 +190,7 @@
public void subentryModified( Name normName, ModificationItem[] mods, Attributes entry ) throws NamingException
{
- if ( ! hasPrescriptiveACI( entry ) )
+ if ( !hasPrescriptiveACI( entry ) )
{
return;
}
@@ -210,7 +210,7 @@
public void subentryModified( Name normName, int modOp, Attributes mods, Attributes entry ) throws NamingException
{
- if ( ! hasPrescriptiveACI( entry ) )
+ if ( !hasPrescriptiveACI( entry ) )
{
return;
}
@@ -220,7 +220,7 @@
subentryDeleted( normName, entry );
subentryAdded( normName.toString(), normName, entry );
}
- }
+ }
public List getACITuples( String subentryDn )
Modified: directory/sandbox/akarasulu/rc1/apacheds/core/src/main/java/org/apache/directory/server/core/authz/support/ACDFEngine.java
URL: http://svn.apache.org/viewcvs/directory/sandbox/akarasulu/rc1/apacheds/core/src/main/java/org/apache/directory/server/core/authz/support/ACDFEngine.java?rev=376623&r1=376622&r2=376623&view=diff
==============================================================================
--- directory/sandbox/akarasulu/rc1/apacheds/core/src/main/java/org/apache/directory/server/core/authz/support/ACDFEngine.java (original)
+++ directory/sandbox/akarasulu/rc1/apacheds/core/src/main/java/org/apache/directory/server/core/authz/support/ACDFEngine.java Fri Feb 10 02:48:07 2006
@@ -18,6 +18,7 @@
*/
package org.apache.directory.server.core.authz.support;
+
import java.util.*;
import javax.naming.Name;
@@ -66,6 +67,7 @@
{
private final ACITupleFilter[] filters;
+
/**
* Creates a new instance.
*
@@ -74,26 +76,21 @@
*
* @throws NamingException if failed to initialize internal components
*/
- public ACDFEngine( OidRegistry oidRegistry, AttributeTypeRegistry attrTypeRegistry ) throws NamingException
+ public ACDFEngine(OidRegistry oidRegistry, AttributeTypeRegistry attrTypeRegistry) throws NamingException
{
Evaluator entryEvaluator = new ExpressionEvaluator( oidRegistry, attrTypeRegistry );
SubtreeEvaluator subtreeEvaluator = new SubtreeEvaluator( oidRegistry );
- RefinementEvaluator refinementEvaluator = new RefinementEvaluator(
- new RefinementLeafEvaluator( oidRegistry ) );
+ RefinementEvaluator refinementEvaluator = new RefinementEvaluator( new RefinementLeafEvaluator( oidRegistry ) );
- filters = new ACITupleFilter[] {
- new RelatedUserClassFilter( subtreeEvaluator ),
- new RelatedProtectedItemFilter( refinementEvaluator, entryEvaluator ),
- new MaxValueCountFilter(),
- new MaxImmSubFilter(),
- new RestrictedByFilter(),
- new MicroOperationFilter(),
- new HighestPrecedenceFilter(),
- new MostSpecificUserClassFilter(),
- new MostSpecificProtectedItemFilter(),
- };
+ filters = new ACITupleFilter[]
+ { new RelatedUserClassFilter( subtreeEvaluator ),
+ new RelatedProtectedItemFilter( refinementEvaluator, entryEvaluator ), new MaxValueCountFilter(),
+ new MaxImmSubFilter(), new RestrictedByFilter(), new MicroOperationFilter(),
+ new HighestPrecedenceFilter(), new MostSpecificUserClassFilter(),
+ new MostSpecificProtectedItemFilter(), };
}
+
/**
* Checks the user with the specified name can access the specified resource
* (entry, attribute type, or attribute value) and throws {@link LdapNoPermissionException}
@@ -111,23 +108,17 @@
* @param aciTuples {@link ACITuple}s translated from {@link ACIItem}s in the subtree entries
* @throws NamingException if failed to evaluate ACI items
*/
- public void checkPermission(
- DirectoryPartitionNexusProxy proxy,
- Collection userGroupNames, Name username, AuthenticationLevel authenticationLevel,
- Name entryName, String attrId, Object attrValue,
- Collection microOperations, Collection aciTuples, Attributes entry ) throws NamingException
+ public void checkPermission( DirectoryPartitionNexusProxy proxy, Collection userGroupNames, Name username,
+ AuthenticationLevel authenticationLevel, Name entryName, String attrId, Object attrValue,
+ Collection microOperations, Collection aciTuples, Attributes entry ) throws NamingException
{
- if( !hasPermission(
- proxy,
- userGroupNames, username, authenticationLevel,
- entryName, attrId, attrValue,
- microOperations, aciTuples, entry ) )
+ if ( !hasPermission( proxy, userGroupNames, username, authenticationLevel, entryName, attrId, attrValue,
+ microOperations, aciTuples, entry ) )
{
throw new LdapNoPermissionException();
}
}
-
public static final Collection USER_LOOKUP_BYPASS;
static
{
@@ -160,13 +151,11 @@
* @param microOperations the {@link MicroOperation}s to perform
* @param aciTuples {@link ACITuple}s translated from {@link ACIItem}s in the subtree entries
*/
- public boolean hasPermission(
- DirectoryPartitionNexusProxy proxy,
- Collection userGroupNames, Name userName, AuthenticationLevel authenticationLevel,
- Name entryName, String attrId, Object attrValue,
- Collection microOperations, Collection aciTuples, Attributes entry ) throws NamingException
+ public boolean hasPermission( DirectoryPartitionNexusProxy proxy, Collection userGroupNames, Name userName,
+ AuthenticationLevel authenticationLevel, Name entryName, String attrId, Object attrValue,
+ Collection microOperations, Collection aciTuples, Attributes entry ) throws NamingException
{
- if( entryName == null )
+ if ( entryName == null )
{
throw new NullPointerException( "entryName" );
}
@@ -175,11 +164,11 @@
// Determine the scope of the requested operation.
OperationScope scope;
- if( attrId == null )
+ if ( attrId == null )
{
scope = OperationScope.ENTRY;
}
- else if( attrValue == null )
+ else if ( attrValue == null )
{
scope = OperationScope.ATTRIBUTE_TYPE;
}
@@ -192,27 +181,25 @@
aciTuples = new ArrayList( aciTuples );
// Filter unrelated and invalid tuples
- for( int i = 0; i < filters.length; i++ )
+ for ( int i = 0; i < filters.length; i++ )
{
- ACITupleFilter filter = filters[ i ];
- aciTuples = filter.filter(
- aciTuples, scope, proxy,
- userGroupNames, userName, userEntry, authenticationLevel,
- entryName, attrId, attrValue, entry, microOperations );
+ ACITupleFilter filter = filters[i];
+ aciTuples = filter.filter( aciTuples, scope, proxy, userGroupNames, userName, userEntry,
+ authenticationLevel, entryName, attrId, attrValue, entry, microOperations );
}
// Deny access if no tuples left.
- if( aciTuples.size() == 0 )
+ if ( aciTuples.size() == 0 )
{
return false;
}
// Grant access if and only if one or more tuples remain and
// all grant access. Otherwise deny access.
- for( Iterator i = aciTuples.iterator(); i.hasNext(); )
+ for ( Iterator i = aciTuples.iterator(); i.hasNext(); )
{
ACITuple tuple = ( ACITuple ) i.next();
- if( !tuple.isGrant() )
+ if ( !tuple.isGrant() )
{
return false;
}
Modified: directory/sandbox/akarasulu/rc1/apacheds/core/src/main/java/org/apache/directory/server/core/authz/support/ACITupleFilter.java
URL: http://svn.apache.org/viewcvs/directory/sandbox/akarasulu/rc1/apacheds/core/src/main/java/org/apache/directory/server/core/authz/support/ACITupleFilter.java?rev=376623&r1=376622&r2=376623&view=diff
==============================================================================
--- directory/sandbox/akarasulu/rc1/apacheds/core/src/main/java/org/apache/directory/server/core/authz/support/ACITupleFilter.java (original)
+++ directory/sandbox/akarasulu/rc1/apacheds/core/src/main/java/org/apache/directory/server/core/authz/support/ACITupleFilter.java Fri Feb 10 02:48:07 2006
@@ -18,6 +18,7 @@
*/
package org.apache.directory.server.core.authz.support;
+
import java.util.Collection;
import javax.naming.Name;
@@ -59,10 +60,8 @@
* @return the collection of filtered tuples
* @throws NamingException if failed to filter the specifiec tuples
*/
- Collection filter(
- Collection tuples, OperationScope scope, DirectoryPartitionNexusProxy proxy,
- Collection userGroupNames, Name userName, Attributes userEntry,
- AuthenticationLevel authenticationLevel,
- Name entryName, String attrId, Object attrValue, Attributes entry,
- Collection microOperations ) throws NamingException;
+ Collection filter( Collection tuples, OperationScope scope, DirectoryPartitionNexusProxy proxy,
+ Collection userGroupNames, Name userName, Attributes userEntry, AuthenticationLevel authenticationLevel,
+ Name entryName, String attrId, Object attrValue, Attributes entry, Collection microOperations )
+ throws NamingException;
}
Modified: directory/sandbox/akarasulu/rc1/apacheds/core/src/main/java/org/apache/directory/server/core/authz/support/HighestPrecedenceFilter.java
URL: http://svn.apache.org/viewcvs/directory/sandbox/akarasulu/rc1/apacheds/core/src/main/java/org/apache/directory/server/core/authz/support/HighestPrecedenceFilter.java?rev=376623&r1=376622&r2=376623&view=diff
==============================================================================
--- directory/sandbox/akarasulu/rc1/apacheds/core/src/main/java/org/apache/directory/server/core/authz/support/HighestPrecedenceFilter.java (original)
+++ directory/sandbox/akarasulu/rc1/apacheds/core/src/main/java/org/apache/directory/server/core/authz/support/HighestPrecedenceFilter.java Fri Feb 10 02:48:07 2006
@@ -18,6 +18,7 @@
*/
package org.apache.directory.server.core.authz.support;
+
import java.util.Collection;
import java.util.Iterator;
@@ -39,9 +40,12 @@
*/
public class HighestPrecedenceFilter implements ACITupleFilter
{
- public Collection filter( Collection tuples, OperationScope scope, DirectoryPartitionNexusProxy proxy, Collection userGroupNames, Name userName, Attributes userEntry, AuthenticationLevel authenticationLevel, Name entryName, String attrId, Object attrValue, Attributes entry, Collection microOperations ) throws NamingException
+ public Collection filter( Collection tuples, OperationScope scope, DirectoryPartitionNexusProxy proxy,
+ Collection userGroupNames, Name userName, Attributes userEntry, AuthenticationLevel authenticationLevel,
+ Name entryName, String attrId, Object attrValue, Attributes entry, Collection microOperations )
+ throws NamingException
{
- if( tuples.size() <= 1 )
+ if ( tuples.size() <= 1 )
{
return tuples;
}
@@ -49,20 +53,20 @@
int maxPrecedence = -1;
// Find the maximum precedence for all tuples.
- for( Iterator i = tuples.iterator(); i.hasNext(); )
+ for ( Iterator i = tuples.iterator(); i.hasNext(); )
{
ACITuple tuple = ( ACITuple ) i.next();
- if( tuple.getPrecedence() > maxPrecedence )
+ if ( tuple.getPrecedence() > maxPrecedence )
{
maxPrecedence = tuple.getPrecedence();
}
}
// Remove all tuples whose precedences are not the maximum one.
- for( Iterator i = tuples.iterator(); i.hasNext(); )
+ for ( Iterator i = tuples.iterator(); i.hasNext(); )
{
ACITuple tuple = ( ACITuple ) i.next();
- if( tuple.getPrecedence() != maxPrecedence )
+ if ( tuple.getPrecedence() != maxPrecedence )
{
i.remove();
}
Modified: directory/sandbox/akarasulu/rc1/apacheds/core/src/main/java/org/apache/directory/server/core/authz/support/MaxImmSubFilter.java
URL: http://svn.apache.org/viewcvs/directory/sandbox/akarasulu/rc1/apacheds/core/src/main/java/org/apache/directory/server/core/authz/support/MaxImmSubFilter.java?rev=376623&r1=376622&r2=376623&view=diff
==============================================================================
--- directory/sandbox/akarasulu/rc1/apacheds/core/src/main/java/org/apache/directory/server/core/authz/support/MaxImmSubFilter.java (original)
+++ directory/sandbox/akarasulu/rc1/apacheds/core/src/main/java/org/apache/directory/server/core/authz/support/MaxImmSubFilter.java Fri Feb 10 02:48:07 2006
@@ -18,6 +18,7 @@
*/
package org.apache.directory.server.core.authz.support;
+
import java.util.*;
import javax.naming.Name;
@@ -46,6 +47,7 @@
private final ExprNode childrenFilter;
private final SearchControls childrenSearchControls;
+
public MaxImmSubFilter()
{
childrenFilter = new PresenceNode( "objectClass" );
@@ -53,45 +55,49 @@
childrenSearchControls.setSearchScope( SearchControls.ONELEVEL_SCOPE );
}
- public Collection filter( Collection tuples, OperationScope scope, DirectoryPartitionNexusProxy proxy, Collection userGroupNames, Name userName, Attributes userEntry, AuthenticationLevel authenticationLevel, Name entryName, String attrId, Object attrValue, Attributes entry, Collection microOperations ) throws NamingException
+
+ public Collection filter( Collection tuples, OperationScope scope, DirectoryPartitionNexusProxy proxy,
+ Collection userGroupNames, Name userName, Attributes userEntry, AuthenticationLevel authenticationLevel,
+ Name entryName, String attrId, Object attrValue, Attributes entry, Collection microOperations )
+ throws NamingException
{
- if( entryName.size() == 0 )
+ if ( entryName.size() == 0 )
{
return tuples;
}
- if( tuples.size() == 0 )
+ if ( tuples.size() == 0 )
{
return tuples;
}
- if( scope != OperationScope.ENTRY )
+ if ( scope != OperationScope.ENTRY )
{
return tuples;
}
int immSubCount = -1;
- for( Iterator i = tuples.iterator(); i.hasNext(); )
+ for ( Iterator i = tuples.iterator(); i.hasNext(); )
{
ACITuple tuple = ( ACITuple ) i.next();
- if( !tuple.isGrant() )
+ if ( !tuple.isGrant() )
{
continue;
}
- for( Iterator j = tuple.getProtectedItems().iterator(); j.hasNext(); )
+ for ( Iterator j = tuple.getProtectedItems().iterator(); j.hasNext(); )
{
ProtectedItem item = ( ProtectedItem ) j.next();
- if( item instanceof ProtectedItem.MaxImmSub )
+ if ( item instanceof ProtectedItem.MaxImmSub )
{
- if( immSubCount < 0 )
+ if ( immSubCount < 0 )
{
immSubCount = getImmSubCount( proxy, entryName );
}
ProtectedItem.MaxImmSub mis = ( ProtectedItem.MaxImmSub ) item;
- if( immSubCount >= mis.getValue() )
+ if ( immSubCount >= mis.getValue() )
{
i.remove();
break;
@@ -103,7 +109,6 @@
return tuples;
}
-
public static final Collection SEARCH_BYPASS;
static
{
@@ -126,20 +131,19 @@
NamingEnumeration e = null;
try
{
- e = proxy.search(
- entryName.getPrefix( 1 ), new HashMap(),
- childrenFilter, childrenSearchControls, SEARCH_BYPASS );
+ e = proxy.search( entryName.getPrefix( 1 ), new HashMap(), childrenFilter, childrenSearchControls,
+ SEARCH_BYPASS );
- while( e.hasMore() )
+ while ( e.hasMore() )
{
e.next();
- cnt ++;
+ cnt++;
}
}
finally
{
- if( e != null )
+ if ( e != null )
{
e.close();
}
Modified: directory/sandbox/akarasulu/rc1/apacheds/core/src/main/java/org/apache/directory/server/core/authz/support/MaxValueCountFilter.java
URL: http://svn.apache.org/viewcvs/directory/sandbox/akarasulu/rc1/apacheds/core/src/main/java/org/apache/directory/server/core/authz/support/MaxValueCountFilter.java?rev=376623&r1=376622&r2=376623&view=diff
==============================================================================
--- directory/sandbox/akarasulu/rc1/apacheds/core/src/main/java/org/apache/directory/server/core/authz/support/MaxValueCountFilter.java (original)
+++ directory/sandbox/akarasulu/rc1/apacheds/core/src/main/java/org/apache/directory/server/core/authz/support/MaxValueCountFilter.java Fri Feb 10 02:48:07 2006
@@ -18,6 +18,7 @@
*/
package org.apache.directory.server.core.authz.support;
+
import java.util.Collection;
import java.util.Iterator;
@@ -42,33 +43,36 @@
*/
public class MaxValueCountFilter implements ACITupleFilter
{
- public Collection filter( Collection tuples, OperationScope scope, DirectoryPartitionNexusProxy proxy, Collection userGroupNames, Name userName, Attributes userEntry, AuthenticationLevel authenticationLevel, Name entryName, String attrId, Object attrValue, Attributes entry, Collection microOperations ) throws NamingException
+ public Collection filter( Collection tuples, OperationScope scope, DirectoryPartitionNexusProxy proxy,
+ Collection userGroupNames, Name userName, Attributes userEntry, AuthenticationLevel authenticationLevel,
+ Name entryName, String attrId, Object attrValue, Attributes entry, Collection microOperations )
+ throws NamingException
{
- if( scope != OperationScope.ATTRIBUTE_TYPE_AND_VALUE )
+ if ( scope != OperationScope.ATTRIBUTE_TYPE_AND_VALUE )
{
return tuples;
}
- if( tuples.size() == 0 )
+ if ( tuples.size() == 0 )
{
return tuples;
}
- for( Iterator i = tuples.iterator(); i.hasNext(); )
+ for ( Iterator i = tuples.iterator(); i.hasNext(); )
{
ACITuple tuple = ( ACITuple ) i.next();
- if( !tuple.isGrant() )
+ if ( !tuple.isGrant() )
{
continue;
}
- for( Iterator j = tuple.getProtectedItems().iterator(); j.hasNext(); )
+ for ( Iterator j = tuple.getProtectedItems().iterator(); j.hasNext(); )
{
ProtectedItem item = ( ProtectedItem ) j.next();
- if( item instanceof ProtectedItem.MaxValueCount )
+ if ( item instanceof ProtectedItem.MaxValueCount )
{
ProtectedItem.MaxValueCount mvc = ( ProtectedItem.MaxValueCount ) item;
- if( isRemovable( mvc, attrId, entry ) )
+ if ( isRemovable( mvc, attrId, entry ) )
{
i.remove();
break;
@@ -80,16 +84,17 @@
return tuples;
}
+
private boolean isRemovable( ProtectedItem.MaxValueCount mvc, String attrId, Attributes entry )
{
- for( Iterator k = mvc.iterator(); k.hasNext(); )
+ for ( Iterator k = mvc.iterator(); k.hasNext(); )
{
MaxValueCountItem mvcItem = ( MaxValueCountItem ) k.next();
- if( attrId.equalsIgnoreCase( mvcItem.getAttributeType() ) )
+ if ( attrId.equalsIgnoreCase( mvcItem.getAttributeType() ) )
{
Attribute attr = entry.get( attrId );
- int attrCount = attr == null? 0 : attr.size();
- if( attrCount >= mvcItem.getMaxCount() )
+ int attrCount = attr == null ? 0 : attr.size();
+ if ( attrCount >= mvcItem.getMaxCount() )
{
return true;
}
Modified: directory/sandbox/akarasulu/rc1/apacheds/core/src/main/java/org/apache/directory/server/core/authz/support/MicroOperationFilter.java
URL: http://svn.apache.org/viewcvs/directory/sandbox/akarasulu/rc1/apacheds/core/src/main/java/org/apache/directory/server/core/authz/support/MicroOperationFilter.java?rev=376623&r1=376622&r2=376623&view=diff
==============================================================================
--- directory/sandbox/akarasulu/rc1/apacheds/core/src/main/java/org/apache/directory/server/core/authz/support/MicroOperationFilter.java (original)
+++ directory/sandbox/akarasulu/rc1/apacheds/core/src/main/java/org/apache/directory/server/core/authz/support/MicroOperationFilter.java Fri Feb 10 02:48:07 2006
@@ -18,6 +18,7 @@
*/
package org.apache.directory.server.core.authz.support;
+
import java.util.Collection;
import java.util.Iterator;
@@ -42,17 +43,16 @@
public class MicroOperationFilter implements ACITupleFilter
{
public Collection filter( Collection tuples, OperationScope scope, DirectoryPartitionNexusProxy proxy,
- Collection userGroupNames, Name userName, Attributes userEntry,
- AuthenticationLevel authenticationLevel, Name entryName, String attrId,
- Object attrValue, Attributes entry, Collection microOperations )
- throws NamingException
+ Collection userGroupNames, Name userName, Attributes userEntry, AuthenticationLevel authenticationLevel,
+ Name entryName, String attrId, Object attrValue, Attributes entry, Collection microOperations )
+ throws NamingException
{
- if( tuples.size() == 0 )
+ if ( tuples.size() == 0 )
{
return tuples;
}
- for( Iterator i = tuples.iterator(); i.hasNext(); )
+ for ( Iterator i = tuples.iterator(); i.hasNext(); )
{
ACITuple tuple = ( ACITuple ) i.next();
@@ -63,17 +63,17 @@
*/
boolean retain = true;
- for( Iterator j = microOperations.iterator(); j.hasNext(); )
+ for ( Iterator j = microOperations.iterator(); j.hasNext(); )
{
MicroOperation microOp = ( MicroOperation ) j.next();
- if( ! tuple.getMicroOperations().contains( microOp ) )
+ if ( !tuple.getMicroOperations().contains( microOp ) )
{
retain = false;
break;
}
}
- if( !retain )
+ if ( !retain )
{
i.remove();
}
Modified: directory/sandbox/akarasulu/rc1/apacheds/core/src/main/java/org/apache/directory/server/core/authz/support/MostSpecificProtectedItemFilter.java
URL: http://svn.apache.org/viewcvs/directory/sandbox/akarasulu/rc1/apacheds/core/src/main/java/org/apache/directory/server/core/authz/support/MostSpecificProtectedItemFilter.java?rev=376623&r1=376622&r2=376623&view=diff
==============================================================================
--- directory/sandbox/akarasulu/rc1/apacheds/core/src/main/java/org/apache/directory/server/core/authz/support/MostSpecificProtectedItemFilter.java (original)
+++ directory/sandbox/akarasulu/rc1/apacheds/core/src/main/java/org/apache/directory/server/core/authz/support/MostSpecificProtectedItemFilter.java Fri Feb 10 02:48:07 2006
@@ -18,6 +18,7 @@
*/
package org.apache.directory.server.core.authz.support;
+
import java.util.ArrayList;
import java.util.Collection;
import java.util.Iterator;
@@ -49,9 +50,12 @@
*/
public class MostSpecificProtectedItemFilter implements ACITupleFilter
{
- public Collection filter( Collection tuples, OperationScope scope, DirectoryPartitionNexusProxy proxy, Collection userGroupNames, Name userName, Attributes userEntry, AuthenticationLevel authenticationLevel, Name entryName, String attrId, Object attrValue, Attributes entry, Collection microOperations ) throws NamingException
+ public Collection filter( Collection tuples, OperationScope scope, DirectoryPartitionNexusProxy proxy,
+ Collection userGroupNames, Name userName, Attributes userEntry, AuthenticationLevel authenticationLevel,
+ Name entryName, String attrId, Object attrValue, Attributes entry, Collection microOperations )
+ throws NamingException
{
- if( tuples.size() <= 1 )
+ if ( tuples.size() <= 1 )
{
return tuples;
}
@@ -60,16 +64,14 @@
// If the protected item is an attribute and there are tuples that
// specify the attribute type explicitly, discard all other tuples.
- for( Iterator i = tuples.iterator(); i.hasNext(); )
+ for ( Iterator i = tuples.iterator(); i.hasNext(); )
{
ACITuple tuple = ( ACITuple ) i.next();
- for( Iterator j = tuple.getProtectedItems().iterator(); j.hasNext(); )
+ for ( Iterator j = tuple.getProtectedItems().iterator(); j.hasNext(); )
{
ProtectedItem item = ( ProtectedItem ) j.next();
- if( item instanceof ProtectedItem.AttributeType ||
- item instanceof ProtectedItem.AllAttributeValues ||
- item instanceof ProtectedItem.SelfValue ||
- item instanceof ProtectedItem.AttributeValue )
+ if ( item instanceof ProtectedItem.AttributeType || item instanceof ProtectedItem.AllAttributeValues
+ || item instanceof ProtectedItem.SelfValue || item instanceof ProtectedItem.AttributeValue )
{
filteredTuples.add( tuple );
break;
@@ -77,7 +79,7 @@
}
}
- if( filteredTuples.size() > 0 )
+ if ( filteredTuples.size() > 0 )
{
return filteredTuples;
}
@@ -86,20 +88,20 @@
// that specify the attribute value explicitly, discard all other tuples.
// A protected item which is a rangeOfValues is to be treated as
// specifying an attribute value explicitly.
- for( Iterator i = tuples.iterator(); i.hasNext(); )
+ for ( Iterator i = tuples.iterator(); i.hasNext(); )
{
ACITuple tuple = ( ACITuple ) i.next();
- for( Iterator j = tuple.getProtectedItems().iterator(); j.hasNext(); )
+ for ( Iterator j = tuple.getProtectedItems().iterator(); j.hasNext(); )
{
ProtectedItem item = ( ProtectedItem ) j.next();
- if( item instanceof ProtectedItem.RangeOfValues )
+ if ( item instanceof ProtectedItem.RangeOfValues )
{
filteredTuples.add( tuple );
}
}
}
- if( filteredTuples.size() > 0 )
+ if ( filteredTuples.size() > 0 )
{
return filteredTuples;
}