You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by ak...@apache.org on 2007/08/15 21:48:33 UTC
svn commit: r566312 - in /directory/apacheds/trunk/core/src:
main/java/org/apache/directory/server/core/authz/
main/java/org/apache/directory/server/core/authz/support/
test/java/org/apache/directory/server/core/authz/support/
Author: akarasulu
Date: Wed Aug 15 12:48:31 2007
New Revision: 566312
URL: http://svn.apache.org/viewvc?view=rev&rev=566312
Log:
Reverting elecharny's commit on http://svn.apache.org/viewvc?view=rev&revision=566231
since it breaks tests and produces compilation errors.
Modified:
directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/AuthorizationService.java
directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/ACDFEngine.java
directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/ACITupleFilter.java
directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/HighestPrecedenceFilter.java
directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/MaxImmSubFilter.java
directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/MaxValueCountFilter.java
directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/MicroOperationFilter.java
directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/MostSpecificProtectedItemFilter.java
directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/MostSpecificUserClassFilter.java
directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/RelatedProtectedItemFilter.java
directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/RelatedUserClassFilter.java
directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/RestrictedByFilter.java
directory/apacheds/trunk/core/src/test/java/org/apache/directory/server/core/authz/support/HighestPrecedenceFilterTest.java
directory/apacheds/trunk/core/src/test/java/org/apache/directory/server/core/authz/support/RestrictedByFilterTest.java
Modified: directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/AuthorizationService.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/AuthorizationService.java?view=diff&rev=566312&r1=566311&r2=566312
==============================================================================
--- directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/AuthorizationService.java (original)
+++ directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/AuthorizationService.java Wed Aug 15 12:48:31 2007
@@ -429,7 +429,7 @@
}
// Assemble all the information required to make an access control decision
- Set<LdapDN> userGroups = groupCache.getGroups( principalDn.toNormName() );
+ Set userGroups = groupCache.getGroups( principalDn.toNormName() );
Collection<ACITuple> tuples = new HashSet<ACITuple>();
// Build the total collection of tuples to be considered for add rights
@@ -493,7 +493,7 @@
return;
}
- Set<LdapDN> userGroups = groupCache.getGroups( principalDn.toString() );
+ Set userGroups = groupCache.getGroups( principalDn.toString() );
Collection<ACITuple> tuples = new HashSet<ACITuple>();
addPerscriptiveAciTuples( proxy, tuples, name, entry );
addEntryAciTuples( tuples, entry );
@@ -542,7 +542,7 @@
return;
}
- Set<LdapDN> userGroups = groupCache.getGroups( principalDn.toString() );
+ Set userGroups = groupCache.getGroups( principalDn.toString() );
Collection<ACITuple> tuples = new HashSet<ACITuple>();
addPerscriptiveAciTuples( proxy, tuples, name, entry );
addEntryAciTuples( tuples, entry );
@@ -630,7 +630,7 @@
}
}
- Set<LdapDN> userGroups = groupCache.getGroups( principalDn.toNormName() );
+ Set userGroups = groupCache.getGroups( principalDn.toNormName() );
Collection<ACITuple> tuples = new HashSet<ACITuple>();
addPerscriptiveAciTuples( proxy, tuples, name, entry );
addEntryAciTuples( tuples, entry );
@@ -669,7 +669,7 @@
PartitionNexusProxy proxy = InvocationStack.getInstance().peek().getProxy();
LdapDN userName = principal.getJndiName();
- Set<LdapDN> userGroups = groupCache.getGroups( userName.toNormName() );
+ Set userGroups = groupCache.getGroups( userName.toNormName() );
Collection<ACITuple> tuples = new HashSet<ACITuple>();
addPerscriptiveAciTuples( proxy, tuples, dn, entry );
addEntryAciTuples( tuples, entry );
@@ -749,7 +749,7 @@
return;
}
- Set<LdapDN> userGroups = groupCache.getGroups( principalDn.toString() );
+ Set userGroups = groupCache.getGroups( principalDn.toString() );
Collection<ACITuple> tuples = new HashSet<ACITuple>();
addPerscriptiveAciTuples( proxy, tuples, name, entry );
addEntryAciTuples( tuples, entry );
@@ -796,7 +796,7 @@
return;
}
- Set<LdapDN> userGroups = groupCache.getGroups( principalDn.toString() );
+ Set userGroups = groupCache.getGroups( principalDn.toString() );
Collection<ACITuple> tuples = new HashSet<ACITuple>();
addPerscriptiveAciTuples( proxy, tuples, oriChildName, entry );
addEntryAciTuples( tuples, entry );
@@ -872,7 +872,7 @@
return;
}
- Set<LdapDN> userGroups = groupCache.getGroups( principalDn.toString() );
+ Set userGroups = groupCache.getGroups( principalDn.toString() );
Collection<ACITuple> tuples = new HashSet<ACITuple>();
addPerscriptiveAciTuples( proxy, tuples, oriChildName, entry );
addEntryAciTuples( tuples, entry );
@@ -982,7 +982,7 @@
return next.compare( opContext );
}
- Set<LdapDN> userGroups = groupCache.getGroups( principalDn.toNormName() );
+ Set userGroups = groupCache.getGroups( principalDn.toNormName() );
Collection<ACITuple> tuples = new HashSet<ACITuple>();
addPerscriptiveAciTuples( proxy, tuples, name, entry );
addEntryAciTuples( tuples, entry );
Modified: directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/ACDFEngine.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/ACDFEngine.java?view=diff&rev=566312&r1=566311&r2=566312
==============================================================================
--- directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/ACDFEngine.java (original)
+++ directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/ACDFEngine.java Wed Aug 15 12:48:31 2007
@@ -37,11 +37,11 @@
import org.apache.directory.server.core.subtree.RefinementEvaluator;
import org.apache.directory.server.core.subtree.RefinementLeafEvaluator;
import org.apache.directory.server.core.subtree.SubtreeEvaluator;
+import org.apache.directory.server.core.trigger.TriggerService;
import org.apache.directory.server.schema.registries.AttributeTypeRegistry;
import org.apache.directory.server.schema.registries.OidRegistry;
import org.apache.directory.shared.ldap.aci.ACITuple;
import org.apache.directory.shared.ldap.aci.AuthenticationLevel;
-import org.apache.directory.shared.ldap.aci.MicroOperation;
import org.apache.directory.shared.ldap.exception.LdapNoPermissionException;
import org.apache.directory.shared.ldap.name.LdapDN;
@@ -118,9 +118,9 @@
* @param aciTuples {@link org.apache.directory.shared.ldap.aci.ACITuple}s translated from {@link org.apache.directory.shared.ldap.aci.ACIItem}s in the subtree entries
* @throws NamingException if failed to evaluate ACI items
*/
- public void checkPermission( PartitionNexusProxy proxy, Collection<LdapDN> userGroupNames, LdapDN username,
+ public void checkPermission( PartitionNexusProxy proxy, Collection userGroupNames, LdapDN username,
AuthenticationLevel authenticationLevel, LdapDN entryName, String attrId, Object attrValue,
- Collection<MicroOperation> microOperations, Collection<ACITuple> aciTuples, Attributes entry ) throws NamingException
+ Collection microOperations, Collection<ACITuple> aciTuples, Attributes entry ) throws NamingException
{
if ( !hasPermission( proxy, userGroupNames, username, authenticationLevel, entryName, attrId, attrValue,
microOperations, aciTuples, entry ) )
@@ -129,7 +129,7 @@
}
}
- public static final Collection<String> USER_LOOKUP_BYPASS;
+ public static final Collection USER_LOOKUP_BYPASS;
static
{
Collection<String> c = new HashSet<String>();
@@ -164,7 +164,7 @@
*/
public boolean hasPermission( PartitionNexusProxy proxy, Collection userGroupNames, LdapDN userName,
AuthenticationLevel authenticationLevel, LdapDN entryName, String attrId, Object attrValue,
- Collection<MicroOperation> microOperations, Collection<ACITuple> aciTuples, Attributes entry ) throws NamingException
+ Collection microOperations, Collection<ACITuple> aciTuples, Attributes entry ) throws NamingException
{
if ( entryName == null )
{
Modified: directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/ACITupleFilter.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/ACITupleFilter.java?view=diff&rev=566312&r1=566311&r2=566312
==============================================================================
--- directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/ACITupleFilter.java (original)
+++ directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/ACITupleFilter.java Wed Aug 15 12:48:31 2007
@@ -27,7 +27,6 @@
import javax.naming.directory.Attributes;
import org.apache.directory.server.core.partition.PartitionNexusProxy;
-import org.apache.directory.shared.ldap.aci.ACITuple;
import org.apache.directory.shared.ldap.aci.AuthenticationLevel;
import org.apache.directory.shared.ldap.aci.MicroOperation;
import org.apache.directory.shared.ldap.name.LdapDN;
@@ -63,18 +62,9 @@
* @return the collection of filtered tuples
* @throws NamingException if failed to filter the specifiec tuples
*/
- Collection<ACITuple> filter(
- Collection<ACITuple> tuples,
- OperationScope scope,
- PartitionNexusProxy proxy,
- Collection<LdapDN> userGroupNames,
- LdapDN userName,
- Attributes userEntry,
- AuthenticationLevel authenticationLevel,
- LdapDN entryName,
- String attrId,
- Object attrValue,
- Attributes entry,
- Collection<MicroOperation> microOperations )
+ Collection filter( Collection tuples, OperationScope scope, PartitionNexusProxy proxy,
+ Collection userGroupNames, LdapDN userName, Attributes userEntry,
+ AuthenticationLevel authenticationLevel, LdapDN entryName, String attrId,
+ Object attrValue, Attributes entry, Collection microOperations )
throws NamingException;
}
Modified: directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/HighestPrecedenceFilter.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/HighestPrecedenceFilter.java?view=diff&rev=566312&r1=566311&r2=566312
==============================================================================
--- directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/HighestPrecedenceFilter.java (original)
+++ directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/HighestPrecedenceFilter.java Wed Aug 15 12:48:31 2007
@@ -41,7 +41,7 @@
*/
public class HighestPrecedenceFilter implements ACITupleFilter
{
- public Collection<ACITuple> filter( Collection<ACITuple> tuples, OperationScope scope, PartitionNexusProxy proxy,
+ public Collection filter( Collection tuples, OperationScope scope, PartitionNexusProxy proxy,
Collection userGroupNames, LdapDN userName, Attributes userEntry, AuthenticationLevel authenticationLevel,
LdapDN entryName, String attrId, Object attrValue, Attributes entry, Collection microOperations )
throws NamingException
@@ -54,8 +54,9 @@
int maxPrecedence = -1;
// Find the maximum precedence for all tuples.
- for ( ACITuple tuple:tuples )
+ for ( Iterator i = tuples.iterator(); i.hasNext(); )
{
+ ACITuple tuple = ( ACITuple ) i.next();
if ( tuple.getPrecedence() > maxPrecedence )
{
maxPrecedence = tuple.getPrecedence();
@@ -66,7 +67,6 @@
for ( Iterator i = tuples.iterator(); i.hasNext(); )
{
ACITuple tuple = ( ACITuple ) i.next();
-
if ( tuple.getPrecedence() != maxPrecedence )
{
i.remove();
Modified: directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/MaxImmSubFilter.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/MaxImmSubFilter.java?view=diff&rev=566312&r1=566311&r2=566312
==============================================================================
--- directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/MaxImmSubFilter.java (original)
+++ directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/MaxImmSubFilter.java Wed Aug 15 12:48:31 2007
@@ -37,7 +37,6 @@
import org.apache.directory.server.core.partition.PartitionNexusProxy;
import org.apache.directory.shared.ldap.aci.ACITuple;
import org.apache.directory.shared.ldap.aci.AuthenticationLevel;
-import org.apache.directory.shared.ldap.aci.MicroOperation;
import org.apache.directory.shared.ldap.aci.ProtectedItem;
import org.apache.directory.shared.ldap.constants.SchemaConstants;
import org.apache.directory.shared.ldap.filter.ExprNode;
@@ -66,19 +65,9 @@
}
- public Collection<ACITuple> filter(
- Collection<ACITuple> tuples,
- OperationScope scope,
- PartitionNexusProxy proxy,
- Collection<LdapDN> userGroupNames,
- LdapDN userName,
- Attributes userEntry,
- AuthenticationLevel authenticationLevel,
- LdapDN entryName,
- String attrId,
- Object attrValue,
- Attributes entry,
- Collection<MicroOperation> microOperations )
+ public Collection filter( Collection tuples, OperationScope scope, PartitionNexusProxy proxy,
+ Collection userGroupNames, LdapDN userName, Attributes userEntry, AuthenticationLevel authenticationLevel,
+ LdapDN entryName, String attrId, Object attrValue, Attributes entry, Collection microOperations )
throws NamingException
{
if ( entryName.size() == 0 )
Modified: directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/MaxValueCountFilter.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/MaxValueCountFilter.java?view=diff&rev=566312&r1=566311&r2=566312
==============================================================================
--- directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/MaxValueCountFilter.java (original)
+++ directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/MaxValueCountFilter.java Wed Aug 15 12:48:31 2007
@@ -30,7 +30,6 @@
import org.apache.directory.server.core.partition.PartitionNexusProxy;
import org.apache.directory.shared.ldap.aci.ACITuple;
import org.apache.directory.shared.ldap.aci.AuthenticationLevel;
-import org.apache.directory.shared.ldap.aci.MicroOperation;
import org.apache.directory.shared.ldap.aci.ProtectedItem;
import org.apache.directory.shared.ldap.aci.ProtectedItem.MaxValueCountItem;
import org.apache.directory.shared.ldap.name.LdapDN;
@@ -45,19 +44,9 @@
*/
public class MaxValueCountFilter implements ACITupleFilter
{
- public Collection<ACITuple> filter(
- Collection<ACITuple> tuples,
- OperationScope scope,
- PartitionNexusProxy proxy,
- Collection<LdapDN> userGroupNames,
- LdapDN userName,
- Attributes userEntry,
- AuthenticationLevel authenticationLevel,
- LdapDN entryName,
- String attrId,
- Object attrValue,
- Attributes entry,
- Collection<MicroOperation> microOperations )
+ public Collection filter( Collection tuples, OperationScope scope, PartitionNexusProxy proxy,
+ Collection userGroupNames, LdapDN userName, Attributes userEntry, AuthenticationLevel authenticationLevel,
+ LdapDN entryName, String attrId, Object attrValue, Attributes entry, Collection microOperations )
throws NamingException
{
if ( scope != OperationScope.ATTRIBUTE_TYPE_AND_VALUE )
Modified: directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/MicroOperationFilter.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/MicroOperationFilter.java?view=diff&rev=566312&r1=566311&r2=566312
==============================================================================
--- directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/MicroOperationFilter.java (original)
+++ directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/MicroOperationFilter.java Wed Aug 15 12:48:31 2007
@@ -43,19 +43,9 @@
*/
public class MicroOperationFilter implements ACITupleFilter
{
- public Collection<ACITuple> filter(
- Collection<ACITuple> tuples,
- OperationScope scope,
- PartitionNexusProxy proxy,
- Collection<LdapDN> userGroupNames,
- LdapDN userName,
- Attributes userEntry,
- AuthenticationLevel authenticationLevel,
- LdapDN entryName,
- String attrId,
- Object attrValue,
- Attributes entry,
- Collection<MicroOperation> microOperations )
+ public Collection filter( Collection tuples, OperationScope scope, PartitionNexusProxy proxy,
+ Collection userGroupNames, LdapDN userName, Attributes userEntry, AuthenticationLevel authenticationLevel,
+ LdapDN entryName, String attrId, Object attrValue, Attributes entry, Collection microOperations )
throws NamingException
{
if ( tuples.size() == 0 )
@@ -74,9 +64,9 @@
*/
boolean retain = true;
-
- for ( MicroOperation microOp:microOperations )
+ for ( Iterator j = microOperations.iterator(); j.hasNext(); )
{
+ MicroOperation microOp = ( MicroOperation ) j.next();
if ( !tuple.getMicroOperations().contains( microOp ) )
{
retain = false;
Modified: directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/MostSpecificProtectedItemFilter.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/MostSpecificProtectedItemFilter.java?view=diff&rev=566312&r1=566311&r2=566312
==============================================================================
--- directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/MostSpecificProtectedItemFilter.java (original)
+++ directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/MostSpecificProtectedItemFilter.java Wed Aug 15 12:48:31 2007
@@ -30,7 +30,6 @@
import org.apache.directory.server.core.partition.PartitionNexusProxy;
import org.apache.directory.shared.ldap.aci.ACITuple;
import org.apache.directory.shared.ldap.aci.AuthenticationLevel;
-import org.apache.directory.shared.ldap.aci.MicroOperation;
import org.apache.directory.shared.ldap.aci.ProtectedItem;
import org.apache.directory.shared.ldap.name.LdapDN;
@@ -52,19 +51,9 @@
*/
public class MostSpecificProtectedItemFilter implements ACITupleFilter
{
- public Collection<ACITuple> filter(
- Collection<ACITuple> tuples,
- OperationScope scope,
- PartitionNexusProxy proxy,
- Collection<LdapDN> userGroupNames,
- LdapDN userName,
- Attributes userEntry,
- AuthenticationLevel authenticationLevel,
- LdapDN entryName,
- String attrId,
- Object attrValue,
- Attributes entry,
- Collection<MicroOperation> microOperations )
+ public Collection filter( Collection tuples, OperationScope scope, PartitionNexusProxy proxy,
+ Collection userGroupNames, LdapDN userName, Attributes userEntry, AuthenticationLevel authenticationLevel,
+ LdapDN entryName, String attrId, Object attrValue, Attributes entry, Collection microOperations )
throws NamingException
{
if ( tuples.size() <= 1 )
@@ -72,14 +61,16 @@
return tuples;
}
- Collection<ACITuple> filteredTuples = new ArrayList<ACITuple>();
+ Collection filteredTuples = new ArrayList();
// If the protected item is an attribute and there are tuples that
// specify the attribute type explicitly, discard all other tuples.
- for ( ACITuple tuple:tuples )
+ for ( Iterator i = tuples.iterator(); i.hasNext(); )
{
- for ( ProtectedItem item:tuple.getProtectedItems() )
+ ACITuple tuple = ( ACITuple ) i.next();
+ for ( Iterator j = tuple.getProtectedItems().iterator(); j.hasNext(); )
{
+ ProtectedItem item = ( ProtectedItem ) j.next();
if ( item instanceof ProtectedItem.AttributeType || item instanceof ProtectedItem.AllAttributeValues
|| item instanceof ProtectedItem.SelfValue || item instanceof ProtectedItem.AttributeValue )
{
@@ -98,10 +89,12 @@
// that specify the attribute value explicitly, discard all other tuples.
// A protected item which is a rangeOfValues is to be treated as
// specifying an attribute value explicitly.
- for ( ACITuple tuple:tuples )
+ for ( Iterator i = tuples.iterator(); i.hasNext(); )
{
- for ( ProtectedItem item:tuple.getProtectedItems() )
+ ACITuple tuple = ( ACITuple ) i.next();
+ for ( Iterator j = tuple.getProtectedItems().iterator(); j.hasNext(); )
{
+ ProtectedItem item = ( ProtectedItem ) j.next();
if ( item instanceof ProtectedItem.RangeOfValues )
{
filteredTuples.add( tuple );
Modified: directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/MostSpecificUserClassFilter.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/MostSpecificUserClassFilter.java?view=diff&rev=566312&r1=566311&r2=566312
==============================================================================
--- directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/MostSpecificUserClassFilter.java (original)
+++ directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/MostSpecificUserClassFilter.java Wed Aug 15 12:48:31 2007
@@ -22,6 +22,7 @@
import java.util.ArrayList;
import java.util.Collection;
+import java.util.Iterator;
import javax.naming.NamingException;
import javax.naming.directory.Attributes;
@@ -29,7 +30,6 @@
import org.apache.directory.server.core.partition.PartitionNexusProxy;
import org.apache.directory.shared.ldap.aci.ACITuple;
import org.apache.directory.shared.ldap.aci.AuthenticationLevel;
-import org.apache.directory.shared.ldap.aci.MicroOperation;
import org.apache.directory.shared.ldap.aci.UserClass;
import org.apache.directory.shared.ldap.name.LdapDN;
@@ -49,19 +49,9 @@
*/
public class MostSpecificUserClassFilter implements ACITupleFilter
{
- public Collection<ACITuple> filter(
- Collection<ACITuple> tuples,
- OperationScope scope,
- PartitionNexusProxy proxy,
- Collection<LdapDN> userGroupNames,
- LdapDN userName,
- Attributes userEntry,
- AuthenticationLevel authenticationLevel,
- LdapDN entryName,
- String attrId,
- Object attrValue,
- Attributes entry,
- Collection<MicroOperation> microOperations )
+ public Collection filter( Collection tuples, OperationScope scope, PartitionNexusProxy proxy,
+ Collection userGroupNames, LdapDN userName, Attributes userEntry, AuthenticationLevel authenticationLevel,
+ LdapDN entryName, String attrId, Object attrValue, Attributes entry, Collection microOperations )
throws NamingException
{
if ( tuples.size() <= 1 )
@@ -69,14 +59,16 @@
return tuples;
}
- Collection<ACITuple> filteredTuples = new ArrayList<ACITuple>();
+ Collection filteredTuples = new ArrayList();
// If there are any tuples matching the requestor with UserClasses
// element name or thisEntry, discard all other tuples.
- for ( ACITuple tuple:tuples )
+ for ( Iterator i = tuples.iterator(); i.hasNext(); )
{
- for ( UserClass userClass:tuple.getUserClasses() )
+ ACITuple tuple = ( ACITuple ) i.next();
+ for ( Iterator j = tuple.getUserClasses().iterator(); j.hasNext(); )
{
+ UserClass userClass = ( UserClass ) j.next();
if ( userClass instanceof UserClass.Name || userClass instanceof UserClass.ThisEntry )
{
filteredTuples.add( tuple );
@@ -92,10 +84,12 @@
// Otherwise if there are any tuples matching UserGroup,
// discard all other tuples.
- for ( ACITuple tuple:tuples )
+ for ( Iterator i = tuples.iterator(); i.hasNext(); )
{
- for ( UserClass userClass:tuple.getUserClasses() )
+ ACITuple tuple = ( ACITuple ) i.next();
+ for ( Iterator j = tuple.getUserClasses().iterator(); j.hasNext(); )
{
+ UserClass userClass = ( UserClass ) j.next();
if ( userClass instanceof UserClass.UserGroup )
{
filteredTuples.add( tuple );
@@ -111,10 +105,12 @@
// Otherwise if there are any tuples matching subtree,
// discard all other tuples.
- for ( ACITuple tuple:tuples )
+ for ( Iterator i = tuples.iterator(); i.hasNext(); )
{
- for ( UserClass userClass:tuple.getUserClasses() )
+ ACITuple tuple = ( ACITuple ) i.next();
+ for ( Iterator j = tuple.getUserClasses().iterator(); j.hasNext(); )
{
+ UserClass userClass = ( UserClass ) j.next();
if ( userClass instanceof UserClass.Subtree )
{
filteredTuples.add( tuple );
Modified: directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/RelatedProtectedItemFilter.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/RelatedProtectedItemFilter.java?view=diff&rev=566312&r1=566311&r2=566312
==============================================================================
--- directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/RelatedProtectedItemFilter.java (original)
+++ directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/RelatedProtectedItemFilter.java Wed Aug 15 12:48:31 2007
@@ -34,7 +34,6 @@
import org.apache.directory.server.schema.registries.OidRegistry;
import org.apache.directory.shared.ldap.aci.ACITuple;
import org.apache.directory.shared.ldap.aci.AuthenticationLevel;
-import org.apache.directory.shared.ldap.aci.MicroOperation;
import org.apache.directory.shared.ldap.aci.ProtectedItem;
import org.apache.directory.shared.ldap.aci.ProtectedItem.MaxValueCountItem;
import org.apache.directory.shared.ldap.aci.ProtectedItem.RestrictedByItem;
@@ -69,19 +68,10 @@
}
- public Collection<ACITuple> filter(
- Collection<ACITuple> tuples,
- OperationScope scope,
- PartitionNexusProxy proxy,
- Collection<LdapDN> userGroupNames,
- LdapDN userName,
- Attributes userEntry,
- AuthenticationLevel authenticationLevel,
- LdapDN entryName,
- String attrId,
- Object attrValue,
- Attributes entry,
- Collection<MicroOperation> microOperations )
+ public Collection filter( Collection tuples, OperationScope scope, PartitionNexusProxy proxy,
+ Collection userGroupNames, LdapDN userName, Attributes userEntry,
+ AuthenticationLevel authenticationLevel, LdapDN entryName, String attrId,
+ Object attrValue, Attributes entry, Collection microOperations )
throws NamingException
{
if ( tuples.size() == 0 )
Modified: directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/RelatedUserClassFilter.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/RelatedUserClassFilter.java?view=diff&rev=566312&r1=566311&r2=566312
==============================================================================
--- directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/RelatedUserClassFilter.java (original)
+++ directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/RelatedUserClassFilter.java Wed Aug 15 12:48:31 2007
@@ -30,7 +30,6 @@
import org.apache.directory.server.core.subtree.SubtreeEvaluator;
import org.apache.directory.shared.ldap.aci.ACITuple;
import org.apache.directory.shared.ldap.aci.AuthenticationLevel;
-import org.apache.directory.shared.ldap.aci.MicroOperation;
import org.apache.directory.shared.ldap.aci.UserClass;
import org.apache.directory.shared.ldap.name.LdapDN;
import org.apache.directory.shared.ldap.subtree.SubtreeSpecification;
@@ -56,19 +55,9 @@
}
- public Collection<ACITuple> filter(
- Collection<ACITuple> tuples,
- OperationScope scope,
- PartitionNexusProxy proxy,
- Collection<LdapDN> userGroupNames,
- LdapDN userName,
- Attributes userEntry,
- AuthenticationLevel authenticationLevel,
- LdapDN entryName,
- String attrId,
- Object attrValue,
- Attributes entry,
- Collection<MicroOperation> microOperations )
+ public Collection filter( Collection tuples, OperationScope scope, PartitionNexusProxy proxy,
+ Collection userGroupNames, LdapDN userName, Attributes userEntry, AuthenticationLevel authenticationLevel,
+ LdapDN entryName, String attrId, Object attrValue, Attributes entry, Collection microOperations )
throws NamingException
{
if ( tuples.size() == 0 )
Modified: directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/RestrictedByFilter.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/RestrictedByFilter.java?view=diff&rev=566312&r1=566311&r2=566312
==============================================================================
--- directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/RestrictedByFilter.java (original)
+++ directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/RestrictedByFilter.java Wed Aug 15 12:48:31 2007
@@ -30,7 +30,6 @@
import org.apache.directory.server.core.partition.PartitionNexusProxy;
import org.apache.directory.shared.ldap.aci.ACITuple;
import org.apache.directory.shared.ldap.aci.AuthenticationLevel;
-import org.apache.directory.shared.ldap.aci.MicroOperation;
import org.apache.directory.shared.ldap.aci.ProtectedItem;
import org.apache.directory.shared.ldap.aci.ProtectedItem.RestrictedByItem;
import org.apache.directory.shared.ldap.name.LdapDN;
@@ -45,19 +44,9 @@
*/
public class RestrictedByFilter implements ACITupleFilter
{
- public Collection<ACITuple> filter(
- Collection<ACITuple> tuples,
- OperationScope scope,
- PartitionNexusProxy proxy,
- Collection<LdapDN> userGroupNames,
- LdapDN userName,
- Attributes userEntry,
- AuthenticationLevel authenticationLevel,
- LdapDN entryName,
- String attrId,
- Object attrValue,
- Attributes entry,
- Collection<MicroOperation> microOperations )
+ public Collection filter( Collection tuples, OperationScope scope, PartitionNexusProxy proxy,
+ Collection userGroupNames, LdapDN userName, Attributes userEntry, AuthenticationLevel authenticationLevel,
+ LdapDN entryName, String attrId, Object attrValue, Attributes entry, Collection microOperations )
throws NamingException
{
if ( scope != OperationScope.ATTRIBUTE_TYPE_AND_VALUE )
@@ -73,7 +62,6 @@
for ( Iterator i = tuples.iterator(); i.hasNext(); )
{
ACITuple tuple = ( ACITuple ) i.next();
-
if ( !tuple.isGrant() )
{
continue;
@@ -91,8 +79,10 @@
public boolean isRemovable( ACITuple tuple, String attrId, Object attrValue, Attributes entry )
{
- for ( ProtectedItem item:tuple.getProtectedItems() )
+ for ( Iterator i = tuple.getProtectedItems().iterator(); i.hasNext(); )
{
+ ProtectedItem item = ( ProtectedItem ) i.next();
+
if ( item instanceof ProtectedItem.RestrictedBy )
{
ProtectedItem.RestrictedBy rb = ( ProtectedItem.RestrictedBy ) item;
@@ -101,13 +91,11 @@
{
RestrictedByItem rbItem = ( RestrictedByItem ) k.next();
- // TODO Fix DIRSEVER-832
if ( attrId.equalsIgnoreCase( rbItem.getAttributeType() ) )
{
Attribute attr = entry.get( rbItem.getValuesIn() );
- // TODO Fix DIRSEVER-832
- if ( ( attr == null ) || !attr.contains( attrValue ) )
+ if ( attr == null || !attr.contains( attrValue ) )
{
return true;
}
Modified: directory/apacheds/trunk/core/src/test/java/org/apache/directory/server/core/authz/support/HighestPrecedenceFilterTest.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/core/src/test/java/org/apache/directory/server/core/authz/support/HighestPrecedenceFilterTest.java?view=diff&rev=566312&r1=566311&r2=566312
==============================================================================
--- directory/apacheds/trunk/core/src/test/java/org/apache/directory/server/core/authz/support/HighestPrecedenceFilterTest.java (original)
+++ directory/apacheds/trunk/core/src/test/java/org/apache/directory/server/core/authz/support/HighestPrecedenceFilterTest.java Wed Aug 15 12:48:31 2007
@@ -24,6 +24,7 @@
import java.util.Collection;
import java.util.Collections;
import java.util.HashSet;
+import java.util.Iterator;
import java.util.Set;
import junit.framework.Assert;
@@ -32,9 +33,6 @@
import org.apache.directory.server.core.authz.support.HighestPrecedenceFilter;
import org.apache.directory.shared.ldap.aci.ACITuple;
import org.apache.directory.shared.ldap.aci.AuthenticationLevel;
-import org.apache.directory.shared.ldap.aci.MicroOperation;
-import org.apache.directory.shared.ldap.aci.ProtectedItem;
-import org.apache.directory.shared.ldap.aci.UserClass;
/**
@@ -46,16 +44,14 @@
*/
public class HighestPrecedenceFilterTest extends TestCase
{
- private static final Collection<ProtectedItem> PI_EMPTY_COLLECTION = Collections.unmodifiableCollection( new ArrayList<ProtectedItem>() );
- private static final Collection<UserClass> UC_EMPTY_COLLECTION = Collections.unmodifiableCollection( new ArrayList<UserClass>() );
- private static final Collection<ACITuple> AT_EMPTY_COLLECTION = Collections.unmodifiableCollection( new ArrayList<ACITuple>() );
- private static final Set<MicroOperation> MO_EMPTY_SET = Collections.unmodifiableSet( new HashSet<MicroOperation>() );
+ private static final Collection EMPTY_COLLECTION = Collections.unmodifiableCollection( new ArrayList() );
+ private static final Set EMPTY_SET = Collections.unmodifiableSet( new HashSet() );
public void testZeroTuple() throws Exception
{
HighestPrecedenceFilter filter = new HighestPrecedenceFilter();
- Assert.assertEquals( 0, filter.filter( AT_EMPTY_COLLECTION, null, null, null, null, null, null, null, null, null,
+ Assert.assertEquals( 0, filter.filter( EMPTY_COLLECTION, null, null, null, null, null, null, null, null, null,
null, null ).size() );
}
@@ -63,11 +59,9 @@
public void testOneTuple() throws Exception
{
HighestPrecedenceFilter filter = new HighestPrecedenceFilter();
- Collection<ACITuple> tuples = new ArrayList<ACITuple>();
-
- tuples.add( new ACITuple( UC_EMPTY_COLLECTION, AuthenticationLevel.NONE, PI_EMPTY_COLLECTION, MO_EMPTY_SET, true, 10 ) );
+ Collection tuples = new ArrayList();
+ tuples.add( new ACITuple( EMPTY_COLLECTION, AuthenticationLevel.NONE, EMPTY_COLLECTION, EMPTY_SET, true, 10 ) );
tuples = Collections.unmodifiableCollection( tuples );
-
Assert.assertEquals( tuples, filter.filter( tuples, null, null, null, null, null, null, null, null, null, null,
null ) );
}
@@ -77,21 +71,21 @@
{
final int MAX_PRECEDENCE = 10;
HighestPrecedenceFilter filter = new HighestPrecedenceFilter();
- Collection<ACITuple> tuples = new ArrayList<ACITuple>();
-
- tuples.add( new ACITuple( UC_EMPTY_COLLECTION, AuthenticationLevel.NONE, PI_EMPTY_COLLECTION, MO_EMPTY_SET, true,
+ Collection tuples = new ArrayList();
+ tuples.add( new ACITuple( EMPTY_COLLECTION, AuthenticationLevel.NONE, EMPTY_COLLECTION, EMPTY_SET, true,
MAX_PRECEDENCE ) );
- tuples.add( new ACITuple( UC_EMPTY_COLLECTION, AuthenticationLevel.NONE, PI_EMPTY_COLLECTION, MO_EMPTY_SET, true,
+ tuples.add( new ACITuple( EMPTY_COLLECTION, AuthenticationLevel.NONE, EMPTY_COLLECTION, EMPTY_SET, true,
MAX_PRECEDENCE / 2 ) );
- tuples.add( new ACITuple( UC_EMPTY_COLLECTION, AuthenticationLevel.NONE, PI_EMPTY_COLLECTION, MO_EMPTY_SET, true,
+ tuples.add( new ACITuple( EMPTY_COLLECTION, AuthenticationLevel.NONE, EMPTY_COLLECTION, EMPTY_SET, true,
MAX_PRECEDENCE ) );
- tuples.add( new ACITuple( UC_EMPTY_COLLECTION, AuthenticationLevel.NONE, PI_EMPTY_COLLECTION, MO_EMPTY_SET, true,
+ tuples.add( new ACITuple( EMPTY_COLLECTION, AuthenticationLevel.NONE, EMPTY_COLLECTION, EMPTY_SET, true,
MAX_PRECEDENCE / 3 ) );
tuples = filter.filter( tuples, null, null, null, null, null, null, null, null, null, null, null );
- for ( ACITuple tuple:tuples )
+ for ( Iterator i = tuples.iterator(); i.hasNext(); )
{
+ ACITuple tuple = ( ACITuple ) i.next();
Assert.assertEquals( MAX_PRECEDENCE, tuple.getPrecedence() );
}
}
Modified: directory/apacheds/trunk/core/src/test/java/org/apache/directory/server/core/authz/support/RestrictedByFilterTest.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/core/src/test/java/org/apache/directory/server/core/authz/support/RestrictedByFilterTest.java?view=diff&rev=566312&r1=566311&r2=566312
==============================================================================
--- directory/apacheds/trunk/core/src/test/java/org/apache/directory/server/core/authz/support/RestrictedByFilterTest.java (original)
+++ directory/apacheds/trunk/core/src/test/java/org/apache/directory/server/core/authz/support/RestrictedByFilterTest.java Wed Aug 15 12:48:31 2007
@@ -36,9 +36,7 @@
import org.apache.directory.server.core.authz.support.RestrictedByFilter;
import org.apache.directory.shared.ldap.aci.ACITuple;
import org.apache.directory.shared.ldap.aci.AuthenticationLevel;
-import org.apache.directory.shared.ldap.aci.MicroOperation;
import org.apache.directory.shared.ldap.aci.ProtectedItem;
-import org.apache.directory.shared.ldap.aci.UserClass;
import org.apache.directory.shared.ldap.aci.ProtectedItem.RestrictedByItem;
import org.apache.directory.shared.ldap.message.AttributeImpl;
import org.apache.directory.shared.ldap.message.AttributesImpl;
@@ -52,12 +50,10 @@
*/
public class RestrictedByFilterTest extends TestCase
{
- private static final Collection<UserClass> UC_EMPTY_COLLECTION = Collections.unmodifiableCollection( new ArrayList<UserClass>() );
- private static final Collection<ACITuple> AT_EMPTY_COLLECTION = Collections.unmodifiableCollection( new ArrayList<ACITuple>() );
- private static final Collection<ProtectedItem> PI_EMPTY_COLLECTION = Collections.unmodifiableCollection( new ArrayList<ProtectedItem>() );
- private static final Set<MicroOperation> MO_EMPTY_SET = Collections.unmodifiableSet( new HashSet<MicroOperation>() );
+ private static final Collection EMPTY_COLLECTION = Collections.unmodifiableCollection( new ArrayList() );
+ private static final Set EMPTY_SET = Collections.unmodifiableSet( new HashSet() );
- private static final Collection<ProtectedItem> PROTECTED_ITEMS = new ArrayList<ProtectedItem>();
+ private static final Collection<ProtectedItem.RestrictedBy> PROTECTED_ITEMS = new ArrayList<ProtectedItem.RestrictedBy>();
private static final Attributes ENTRY = new AttributesImpl();
static
@@ -78,7 +74,7 @@
{
RestrictedByFilter filter = new RestrictedByFilter();
Collection<ACITuple> tuples = new ArrayList<ACITuple>();
- tuples.add( new ACITuple( UC_EMPTY_COLLECTION, AuthenticationLevel.NONE, PI_EMPTY_COLLECTION, MO_EMPTY_SET, true, 0 ) );
+ tuples.add( new ACITuple( EMPTY_COLLECTION, AuthenticationLevel.NONE, EMPTY_COLLECTION, EMPTY_SET, true, 0 ) );
tuples = Collections.unmodifiableCollection( tuples );
@@ -94,7 +90,7 @@
{
RestrictedByFilter filter = new RestrictedByFilter();
- Assert.assertEquals( 0, filter.filter( AT_EMPTY_COLLECTION, OperationScope.ATTRIBUTE_TYPE_AND_VALUE, null, null,
+ Assert.assertEquals( 0, filter.filter( EMPTY_COLLECTION, OperationScope.ATTRIBUTE_TYPE_AND_VALUE, null, null,
null, null, null, null, null, null, null, null ).size() );
}
@@ -103,7 +99,7 @@
{
RestrictedByFilter filter = new RestrictedByFilter();
Collection<ACITuple> tuples = new ArrayList<ACITuple>();
- tuples.add( new ACITuple( UC_EMPTY_COLLECTION, AuthenticationLevel.NONE, PROTECTED_ITEMS, MO_EMPTY_SET, false, 0 ) );
+ tuples.add( new ACITuple( EMPTY_COLLECTION, AuthenticationLevel.NONE, PROTECTED_ITEMS, EMPTY_SET, false, 0 ) );
tuples = Collections.unmodifiableCollection( tuples );
@@ -116,7 +112,7 @@
{
RestrictedByFilter filter = new RestrictedByFilter();
Collection<ACITuple> tuples = new ArrayList<ACITuple>();
- tuples.add( new ACITuple( UC_EMPTY_COLLECTION, AuthenticationLevel.NONE, PROTECTED_ITEMS, MO_EMPTY_SET, true, 0 ) );
+ tuples.add( new ACITuple( EMPTY_COLLECTION, AuthenticationLevel.NONE, PROTECTED_ITEMS, EMPTY_SET, true, 0 ) );
Assert.assertEquals( 1, filter.filter( tuples, OperationScope.ATTRIBUTE_TYPE_AND_VALUE, null, null, null, null,
null, null, "choice", "1", ENTRY, null ).size() );