You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by ak...@apache.org on 2005/11/08 06:47:35 UTC
svn commit: r331695 - in
/directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server:
authz/AuthorizationService.java authz/GroupCache.java
subtree/SubentryService.java
Author: akarasulu
Date: Mon Nov 7 21:47:32 2005
New Revision: 331695
URL: http://svn.apache.org/viewcvs?rev=331695&view=rev
Log:
fixed bug where cache was not properly removing groups
Modified:
directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/authz/AuthorizationService.java
directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/authz/GroupCache.java
directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/subtree/SubentryService.java
Modified: directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/authz/AuthorizationService.java
URL: http://svn.apache.org/viewcvs/directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/authz/AuthorizationService.java?rev=331695&r1=331694&r2=331695&view=diff
==============================================================================
--- directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/authz/AuthorizationService.java (original)
+++ directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/authz/AuthorizationService.java Mon Nov 7 21:47:32 2005
@@ -36,12 +36,11 @@
import org.apache.ldap.server.schema.AttributeTypeRegistry;
import org.apache.ldap.server.subtree.SubentryService;
import org.apache.ldap.common.filter.ExprNode;
-import org.apache.ldap.common.aci.MicroOperation;
-import org.apache.ldap.common.aci.ACIItemParser;
-import org.apache.ldap.common.aci.ACIItem;
+import org.apache.ldap.common.aci.*;
import org.apache.ldap.common.exception.LdapNamingException;
import org.apache.ldap.common.message.ResultCodeEnum;
import org.apache.ldap.common.name.DnParser;
+import org.apache.ldap.common.name.LdapName;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -131,6 +130,8 @@
private GroupCache groupCache;
/** a normalizing ACIItem parser */
private ACIItemParser aciParser;
+ /** a normalizing DN parser */
+ private DnParser dnParser;
/** use and instance of the ACDF engine */
private ACDFEngine engine;
/** interceptor chain */
@@ -139,6 +140,8 @@
private AttributeTypeRegistry attrRegistry;
/** whether or not this interceptor is activated */
private boolean enabled = false;
+ /** the system wide subschemaSubentryDn */
+ private String subschemaSubentryDn;
/**
@@ -156,9 +159,14 @@
groupCache = new GroupCache( factoryCfg );
attrRegistry = factoryCfg.getGlobalRegistries().getAttributeTypeRegistry();
aciParser = new ACIItemParser( new ConcreteNameComponentNormalizer( attrRegistry ) );
+ dnParser = new DnParser( new ConcreteNameComponentNormalizer( attrRegistry ) );
engine = new ACDFEngine( factoryCfg.getGlobalRegistries().getOidRegistry(), attrRegistry );
chain = factoryCfg.getInterceptorChain();
enabled = factoryCfg.getStartupConfiguration().isAccessControlEnabled();
+
+ // stuff for dealing with subentries (garbage for now)
+ String subschemaSubentry = ( String ) factoryCfg.getPartitionNexus().getRootDSE().get( "subschemaSubentry" ).get();
+ subschemaSubentryDn = new LdapName( subschemaSubentry ).toString().toLowerCase();
}
@@ -673,7 +681,7 @@
LdapPrincipal user = ( ( ServerContext ) invocation.getCaller() ).getPrincipal();
Name newName = ( Name ) name.clone();
newName.remove( name.size() - 1 );
- newName.add( newRn );
+ newName.add( dnParser.parse( newRn ).get( 0 ) );
// bypass authz code if we are disabled
@@ -688,7 +696,12 @@
{
next.modifyRn( name, newRn, deleteOldRn );
tupleCache.subentryRenamed( name, newName );
- groupCache.groupRenamed( name, newName );
+ if ( groupCache.groupRenamed( name, newName ) )
+ {
+ ACITuple tup = null;
+ UserClass.UserGroup ug = null;
+
+ }
return;
}
@@ -883,8 +896,10 @@
LdapPrincipal user = ctx.getPrincipal();
NamingEnumeration e = next.search( base, env, filter, searchCtls );
+ boolean isSubschemaSubentryLookup = subschemaSubentryDn.equals( base.toString() );
boolean isRootDSELookup = base.size() == 0 && searchCtls.getSearchScope() == SearchControls.OBJECT_SCOPE;
- if ( user.getName().equalsIgnoreCase( DirectoryPartitionNexus.ADMIN_PRINCIPAL ) || ! enabled || isRootDSELookup )
+ if ( user.getName().equalsIgnoreCase( DirectoryPartitionNexus.ADMIN_PRINCIPAL )
+ || ! enabled || isRootDSELookup || isSubschemaSubentryLookup )
{
return e;
}
Modified: directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/authz/GroupCache.java
URL: http://svn.apache.org/viewcvs/directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/authz/GroupCache.java?rev=331695&r1=331694&r2=331695&view=diff
==============================================================================
--- directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/authz/GroupCache.java (original)
+++ directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/authz/GroupCache.java Mon Nov 7 21:47:32 2005
@@ -118,6 +118,11 @@
}
results.close();
}
+
+ if ( log.isDebugEnabled() )
+ {
+ log.debug( "group cache contents on startup:\n" + groups );
+ }
}
@@ -238,6 +243,10 @@
Set memberSet = new HashSet( members.size() );
addMembers( memberSet, members );
groups.put( normName.toString(), memberSet );
+ if ( log.isDebugEnabled() )
+ {
+ log.debug( "group cache contents after adding " + normName.toString() + ":\n" + groups );
+ }
}
@@ -258,6 +267,10 @@
}
groups.remove( name.toString() );
+ if ( log.isDebugEnabled() )
+ {
+ log.debug( "group cache contents after deleting " + name.toString() + ":\n" + groups );
+ }
}
@@ -333,11 +346,15 @@
Set memberSet = ( Set ) groups.get( name.toString() );
if ( memberSet != null )
{
- modify( memberSet, mods[ii].getModificationOp(), members );
+ modify( memberSet, mods[ii].getModificationOp(), mods[ii].getAttribute() );
}
break;
}
}
+ if ( log.isDebugEnabled() )
+ {
+ log.debug( "group cache contents after modifying " + name.toString() + ":\n" + groups );
+ }
}
@@ -365,6 +382,10 @@
{
modify( memberSet, modOp, members );
}
+ if ( log.isDebugEnabled() )
+ {
+ log.debug( "group cache contents after modifying " + name.toString() + ":\n" + groups );
+ }
}
@@ -421,8 +442,19 @@
}
- public void groupRenamed( Name oldName, Name newName )
+ public boolean groupRenamed( Name oldName, Name newName )
{
- groups.put( newName.toString(), groups.remove( oldName.toString() ) );
+ Object members = groups.remove( oldName.toString() );
+
+ if ( members != null )
+ {
+ groups.put( newName.toString(), members );
+ if ( log.isDebugEnabled() )
+ {
+ log.debug( "group cache contents after renaming " + oldName.toString() + ":\n" + groups );
+ }
+ return true;
+ }
+ return false;
}
}
Modified: directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/subtree/SubentryService.java
URL: http://svn.apache.org/viewcvs/directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/subtree/SubentryService.java?rev=331695&r1=331694&r2=331695&view=diff
==============================================================================
--- directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/subtree/SubentryService.java (original)
+++ directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/subtree/SubentryService.java Mon Nov 7 21:47:32 2005
@@ -39,6 +39,8 @@
import org.apache.ldap.common.exception.LdapNoSuchAttributeException;
import org.apache.ldap.common.exception.LdapInvalidAttributeValueException;
import org.apache.ldap.common.exception.LdapSchemaViolationException;
+import org.apache.ldap.common.util.AttributeUtils;
+import org.apache.ldap.common.schema.AttributeType;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -103,6 +105,9 @@
return true;
}
+// String[] SUBENTRY_DESC = new String[] { SUBENTRY_OBJECTCLASS, SUBENTRY_OBJECTCLASS_OID };
+//
+// boolean isSubentry = AttributeUtils.containsAnyValues( objectClasses, SUBENTRY_DESC, type );
return !( objectClasses.contains(SUBENTRY_OBJECTCLASS) || objectClasses.contains(SUBENTRY_OBJECTCLASS_OID) );
}
};
@@ -443,7 +448,7 @@
}
else if ( role.equalsIgnoreCase( AC_AREA ) || role.equalsIgnoreCase( AC_INNERAREA ) )
{
- operational = ( Attribute ) entry.get( AC_SUBENTRY );
+ operational = entry.get( AC_SUBENTRY );
if ( operational == null )
{
operational = new LockableAttributeImpl( AC_SUBENTRY );
@@ -452,7 +457,7 @@
}
else if ( role.equalsIgnoreCase( SCHEMA_AREA ) )
{
- operational = ( Attribute ) entry.get( SCHEMA_AREA_SUBENTRY );
+ operational = entry.get( SCHEMA_AREA_SUBENTRY );
if ( operational == null )
{
operational = new LockableAttributeImpl( SCHEMA_AREA_SUBENTRY );
@@ -462,7 +467,7 @@
else if ( role.equalsIgnoreCase( COLLECTIVE_AREA ) ||
role.equalsIgnoreCase( COLLECTIVE_INNERAREA ) )
{
- operational = ( Attribute ) entry.get( COLLECTIVE_ATTRIBUTE_SUBENTRIES );
+ operational = entry.get( COLLECTIVE_ATTRIBUTE_SUBENTRIES );
if ( operational == null )
{
operational = new LockableAttributeImpl( COLLECTIVE_ATTRIBUTE_SUBENTRIES );