You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by el...@apache.org on 2011/11/11 14:15:40 UTC
svn commit: r1200870 [2/3] - in /directory/apacheds/trunk:
interceptor-kerberos/src/main/java/org/apache/directory/server/core/kerberos/
interceptors/admin/src/main/java/org/apache/directory/server/core/admin/
interceptors/authn/src/main/java/org/apach...
Modified: directory/apacheds/trunk/interceptors/authz/src/main/java/org/apache/directory/server/core/authz/AciAuthorizationInterceptor.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/interceptors/authz/src/main/java/org/apache/directory/server/core/authz/AciAuthorizationInterceptor.java?rev=1200870&r1=1200869&r2=1200870&view=diff
==============================================================================
--- directory/apacheds/trunk/interceptors/authz/src/main/java/org/apache/directory/server/core/authz/AciAuthorizationInterceptor.java (original)
+++ directory/apacheds/trunk/interceptors/authz/src/main/java/org/apache/directory/server/core/authz/AciAuthorizationInterceptor.java Fri Nov 11 13:15:39 2011
@@ -498,7 +498,9 @@ public class AciAuthorizationInterceptor
* operation.
* -------------------------------------------------------------------------------
*/
-
+ /**
+ * {@inheritDoc}
+ */
public void add( AddOperationContext addContext ) throws LdapException
{
// bypass authz code if it was disabled
@@ -589,12 +591,63 @@ public class AciAuthorizationInterceptor
}
- private boolean isTheAdministrator( Dn normalizedDn )
+ /**
+ * {@inheritDoc}
+ */
+ public boolean compare( CompareOperationContext compareContext ) throws LdapException
{
- return normalizedDn.getNormName().equals( ServerDNConstants.ADMIN_SYSTEM_DN_NORMALIZED );
+ CoreSession session = compareContext.getSession();
+ Dn dn = compareContext.getDn();
+ String oid = compareContext.getOid();
+
+ Entry entry = compareContext.getOriginalEntry();
+
+ LdapPrincipal principal = session.getEffectivePrincipal();
+ Dn principalDn = principal.getDn();
+
+ if ( isPrincipalAnAdministrator( principalDn ) || !directoryService.isAccessControlEnabled() )
+ {
+ return next( compareContext );
+ }
+
+ Set<Dn> userGroups = groupCache.getGroups( principalDn.getNormName() );
+ Collection<ACITuple> tuples = new HashSet<ACITuple>();
+ addPerscriptiveAciTuples( compareContext, tuples, dn, entry );
+ addEntryAciTuples( tuples, entry );
+ addSubentryAciTuples( compareContext, tuples, dn, entry );
+
+ AciContext aciContext = new AciContext( schemaManager, compareContext );
+ aciContext.setUserGroupNames( userGroups );
+ aciContext.setUserDn( principalDn );
+ aciContext.setAuthenticationLevel( principal.getAuthenticationLevel() );
+ aciContext.setEntryDn( dn );
+ aciContext.setMicroOperations( READ_PERMS );
+ aciContext.setAciTuples( tuples );
+ aciContext.setEntry( entry );
+
+ engine.checkPermission( aciContext );
+
+ AttributeType attributeType = schemaManager.lookupAttributeTypeRegistry( oid );
+
+ aciContext = new AciContext( schemaManager, compareContext );
+ aciContext.setUserGroupNames( userGroups );
+ aciContext.setUserDn( principalDn );
+ aciContext.setAuthenticationLevel( principal.getAuthenticationLevel() );
+ aciContext.setEntryDn( dn );
+ aciContext.setAttributeType( attributeType );
+ aciContext.setMicroOperations( COMPARE_PERMS );
+ aciContext.setAciTuples( tuples );
+ aciContext.setEntry( entry );
+
+ engine.checkPermission( aciContext );
+
+ return next( compareContext );
}
+ /**
+ * {@inheritDoc}
+ */
public void delete( DeleteOperationContext deleteContext ) throws LdapException
{
CoreSession session = deleteContext.getSession();
@@ -649,8 +702,117 @@ public class AciAuthorizationInterceptor
}
- // False positive, we want to keep the comment
- @SuppressWarnings("PMD.CollapsibleIfStatements")
+ /**
+ * {@inheritDoc}
+ */
+ public boolean hasEntry( EntryOperationContext hasEntryContext ) throws LdapException
+ {
+ Dn dn = hasEntryContext.getDn();
+
+ if ( !directoryService.isAccessControlEnabled() )
+ {
+ return ( dn.isRootDSE() || next( hasEntryContext ) );
+ }
+
+ boolean answer = next( hasEntryContext );
+
+ // no checks on the RootDSE
+ if ( dn.isRootDSE() )
+ {
+ // No need to go down to the stack, if the dn is empty
+ // It's the rootDSE, and it exists !
+ return answer;
+ }
+
+ CoreSession session = hasEntryContext.getSession();
+
+ // TODO - eventually replace this with a check on session.isAnAdministrator()
+ LdapPrincipal principal = session.getEffectivePrincipal();
+ Dn principalDn = principal.getDn();
+
+ if ( isPrincipalAnAdministrator( principalDn ) )
+ {
+ return answer;
+ }
+
+ LookupOperationContext lookupContext = new LookupOperationContext( session, dn, SchemaConstants.ALL_ATTRIBUTES_ARRAY );
+ Entry entry = directoryService.getPartitionNexus().lookup( lookupContext );
+
+ Set<Dn> userGroups = groupCache.getGroups( principalDn.getNormName() );
+ Collection<ACITuple> tuples = new HashSet<ACITuple>();
+ addPerscriptiveAciTuples( hasEntryContext, tuples, dn, entry );
+ addEntryAciTuples( tuples, ( ( ClonedServerEntry ) entry ).getOriginalEntry() );
+ addSubentryAciTuples( hasEntryContext, tuples, dn, ( ( ClonedServerEntry ) entry ).getOriginalEntry() );
+
+ // check that we have browse access to the entry
+ AciContext aciContext = new AciContext( schemaManager, hasEntryContext );
+ aciContext.setUserGroupNames( userGroups );
+ aciContext.setUserDn( principalDn );
+ aciContext.setAuthenticationLevel( principal.getAuthenticationLevel() );
+ aciContext.setEntryDn( dn );
+ aciContext.setMicroOperations( BROWSE_PERMS );
+ aciContext.setAciTuples( tuples );
+ aciContext.setEntry( ((ClonedServerEntry)entry).getOriginalEntry() );
+
+ engine.checkPermission( aciContext );
+
+ return next( hasEntryContext );
+ }
+
+
+ /**
+ * {@inheritDoc}
+ */
+ public EntryFilteringCursor list( ListOperationContext listContext ) throws LdapException
+ {
+ LdapPrincipal user = listContext.getSession().getEffectivePrincipal();
+ EntryFilteringCursor cursor = next( listContext );
+
+ if ( isPrincipalAnAdministrator( user.getDn() )
+ || !directoryService.isAccessControlEnabled() )
+ {
+ return cursor;
+ }
+
+ AuthorizationFilter authzFilter = new AuthorizationFilter();
+ cursor.addEntryFilter( authzFilter );
+
+ return cursor;
+ }
+
+
+ /**
+ * {@inheritDoc}
+ */
+ public Entry lookup( LookupOperationContext lookupContext ) throws LdapException
+ {
+ CoreSession session = lookupContext.getSession();
+
+ LdapPrincipal principal = session.getEffectivePrincipal();
+ Dn principalDn = principal.getDn();
+
+ if ( !principalDn.isSchemaAware() )
+ {
+ principalDn.apply( schemaManager );
+ }
+
+ // Bypass this interceptor if we disabled the AC subsystem or if the principal is the admin
+ if ( isPrincipalAnAdministrator( principalDn ) || !directoryService.isAccessControlEnabled() )
+ {
+ return next( lookupContext );
+ }
+
+ Entry entry = directoryService.getPartitionNexus().lookup( lookupContext );
+
+ checkLookupAccess( lookupContext, entry );
+
+ return entry;
+ }
+
+
+ /**
+ * {@inheritDoc}
+ */
public void modify( ModifyOperationContext modifyContext ) throws LdapException
{
Dn dn = modifyContext.getDn();
@@ -815,216 +977,100 @@ public class AciAuthorizationInterceptor
/**
* {@inheritDoc}
*/
- public boolean hasEntry( EntryOperationContext hasEntryContext ) throws LdapException
+ public void move( MoveOperationContext moveContext ) throws LdapException
{
- Dn dn = hasEntryContext.getDn();
+ Dn oriChildName = moveContext.getDn();
- if ( !directoryService.isAccessControlEnabled() )
- {
- return ( dn.isRootDSE() || next( hasEntryContext ) );
- }
+ // Access the principal requesting the operation, and bypass checks if it is the admin
+ Entry entry = moveContext.getOriginalEntry();
+ CoreSession session = moveContext.getSession();
- boolean answer = next( hasEntryContext );
+ Dn newDn = moveContext.getNewDn();
- // no checks on the RootDSE
- if ( dn.isRootDSE() )
+ LdapPrincipal principal = session.getEffectivePrincipal();
+ Dn principalDn = principal.getDn();
+
+ // bypass authz code if we are disabled
+ if ( !directoryService.isAccessControlEnabled() )
{
- // No need to go down to the stack, if the dn is empty
- // It's the rootDSE, and it exists !
- return answer;
+ next( moveContext );
+ return;
}
- CoreSession session = hasEntryContext.getSession();
-
- // TODO - eventually replace this with a check on session.isAnAdministrator()
- LdapPrincipal principal = session.getEffectivePrincipal();
- Dn principalDn = principal.getDn();
+ protectCriticalEntries( moveContext, oriChildName );
+ // bypass authz code but manage caches if operation is performed by the admin
if ( isPrincipalAnAdministrator( principalDn ) )
{
- return answer;
+ next( moveContext );
+ tupleCache.subentryRenamed( oriChildName, newDn );
+ groupCache.groupRenamed( oriChildName, newDn );
+ return;
}
- LookupOperationContext lookupContext = new LookupOperationContext( session, dn, SchemaConstants.ALL_ATTRIBUTES_ARRAY );
- Entry entry = directoryService.getPartitionNexus().lookup( lookupContext );
-
Set<Dn> userGroups = groupCache.getGroups( principalDn.getNormName() );
Collection<ACITuple> tuples = new HashSet<ACITuple>();
- addPerscriptiveAciTuples( hasEntryContext, tuples, dn, entry );
- addEntryAciTuples( tuples, ( ( ClonedServerEntry ) entry ).getOriginalEntry() );
- addSubentryAciTuples( hasEntryContext, tuples, dn, ( ( ClonedServerEntry ) entry ).getOriginalEntry() );
+ addPerscriptiveAciTuples( moveContext, tuples, oriChildName, entry );
+ addEntryAciTuples( tuples, entry );
+ addSubentryAciTuples( moveContext, tuples, oriChildName, entry );
- // check that we have browse access to the entry
- AciContext aciContext = new AciContext( schemaManager, hasEntryContext );
+ AciContext aciContext = new AciContext( schemaManager, moveContext );
aciContext.setUserGroupNames( userGroups );
aciContext.setUserDn( principalDn );
aciContext.setAuthenticationLevel( principal.getAuthenticationLevel() );
- aciContext.setEntryDn( dn );
- aciContext.setMicroOperations( BROWSE_PERMS );
+ aciContext.setEntryDn( oriChildName );
+ aciContext.setMicroOperations( EXPORT_PERMS );
aciContext.setAciTuples( tuples );
- aciContext.setEntry( ((ClonedServerEntry)entry).getOriginalEntry() );
+ aciContext.setEntry( entry );
engine.checkPermission( aciContext );
- return next( hasEntryContext );
- }
+ // Get the entry again without operational attributes
+ // because access control subentry operational attributes
+ // will not be valid at the new location.
+ // This will certainly be fixed by the SubentryInterceptor,
+ // but after this service.
+ LookupOperationContext lookupContext = new LookupOperationContext( session, oriChildName, SchemaConstants.ALL_USER_ATTRIBUTES_ARRAY );
+ Entry importedEntry = directoryService.getPartitionNexus().lookup( lookupContext );
+ // As the target entry does not exist yet and so
+ // its subentry operational attributes are not there,
+ // we need to construct an entry to represent it
+ // at least with minimal requirements which are object class
+ // and access control subentry operational attributes.
+ Entry subentryAttrs = subentryUtils.getSubentryAttributes( newDn, importedEntry );
- /**
- * Checks if the READ permissions exist to the entry and to each attribute type and
- * value.
- *
- * @todo not sure if we should hide attribute types/values or throw an exception
- * instead. I think we're going to have to use a filter to restrict the return
- * of attribute types and values instead of throwing an exception. Lack of read
- * perms to attributes and their values results in their removal when returning
- * the entry.
- *
- * @param principal the user associated with the call
- * @param dn the name of the entry being looked up
- * @param entry the raw entry pulled from the nexus
- * @throws Exception if undlying access to the DIT fails
- */
- private void checkLookupAccess( LookupOperationContext lookupContext, Entry entry ) throws LdapException
- {
- Dn dn = lookupContext.getDn();
-
- // no permissions checks on the RootDSE
- if ( dn.isRootDSE() )
+ for ( Attribute attribute : importedEntry )
{
- return;
+ subentryAttrs.put( attribute );
}
- LdapPrincipal principal = lookupContext.getSession().getEffectivePrincipal();
- Dn userName = principal.getDn();
- Set<Dn> userGroups = groupCache.getGroups( userName.getNormName() );
- Collection<ACITuple> tuples = new HashSet<ACITuple>();
- addPerscriptiveAciTuples( lookupContext, tuples, dn, entry );
- addEntryAciTuples( tuples, entry );
- addSubentryAciTuples( lookupContext, tuples, dn, entry );
+ Collection<ACITuple> destTuples = new HashSet<ACITuple>();
+ // Import permission is only valid for prescriptive ACIs
+ addPerscriptiveAciTuples( moveContext, destTuples, newDn, subentryAttrs );
- // check that we have read access to the entry
- AciContext aciContext = new AciContext( schemaManager, lookupContext );
+ // Evaluate the target context to see whether it
+ // allows an entry named newName to be imported as a subordinate.
+ aciContext = new AciContext( schemaManager, moveContext );
aciContext.setUserGroupNames( userGroups );
- aciContext.setUserDn( userName );
+ aciContext.setUserDn( principalDn );
aciContext.setAuthenticationLevel( principal.getAuthenticationLevel() );
- aciContext.setEntryDn( dn );
- aciContext.setMicroOperations( LOOKUP_PERMS );
- aciContext.setAciTuples( tuples );
- aciContext.setEntry( entry );
+ aciContext.setEntryDn( newDn );
+ aciContext.setMicroOperations( IMPORT_PERMS );
+ aciContext.setAciTuples( destTuples );
+ aciContext.setEntry( subentryAttrs );
engine.checkPermission( aciContext );
- // check that we have read access to every attribute type and value
- for ( Attribute attribute : entry )
- {
-
- for ( Value<?> value : attribute )
- {
- AciContext valueAciContext = new AciContext( schemaManager, lookupContext );
- valueAciContext.setUserGroupNames( userGroups );
- valueAciContext.setUserDn( userName );
- valueAciContext.setAuthenticationLevel( principal.getAuthenticationLevel() );
- valueAciContext.setEntryDn( dn );
- valueAciContext.setAttributeType( attribute.getAttributeType() );
- valueAciContext.setAttrValue( value );
- valueAciContext.setMicroOperations( READ_PERMS );
- valueAciContext.setAciTuples( tuples );
- valueAciContext.setEntry( entry );
-
- engine.checkPermission( valueAciContext );
- }
- }
+ next( moveContext );
+ tupleCache.subentryRenamed( oriChildName, newDn );
+ groupCache.groupRenamed( oriChildName, newDn );
}
/**
* {@inheritDoc}
*/
- public Entry lookup( LookupOperationContext lookupContext ) throws LdapException
- {
- CoreSession session = lookupContext.getSession();
-
- LdapPrincipal principal = session.getEffectivePrincipal();
- Dn principalDn = principal.getDn();
-
- if ( !principalDn.isSchemaAware() )
- {
- principalDn.apply( schemaManager );
- }
-
- // Bypass this interceptor if we disabled the AC subsystem or if the principal is the admin
- if ( isPrincipalAnAdministrator( principalDn ) || !directoryService.isAccessControlEnabled() )
- {
- return next( lookupContext );
- }
-
- Entry entry = directoryService.getPartitionNexus().lookup( lookupContext );
-
- checkLookupAccess( lookupContext, entry );
-
- return entry;
- }
-
-
- public void rename( RenameOperationContext renameContext ) throws LdapException
- {
- Dn oldName = renameContext.getDn();
- Entry originalEntry = null;
-
- if ( renameContext.getEntry() != null )
- {
- originalEntry = ((ClonedServerEntry)renameContext.getEntry()).getOriginalEntry();
- }
-
- LdapPrincipal principal = renameContext.getSession().getEffectivePrincipal();
- Dn principalDn = principal.getDn();
- Dn newName = renameContext.getNewDn();
-
- // bypass authz code if we are disabled
- if ( !directoryService.isAccessControlEnabled() )
- {
- next( renameContext );
- return;
- }
-
- protectCriticalEntries( renameContext, oldName );
-
- // bypass authz code but manage caches if operation is performed by the admin
- if ( isPrincipalAnAdministrator( principalDn ) )
- {
- next( renameContext );
- tupleCache.subentryRenamed( oldName, newName );
-
- // TODO : this method returns a boolean : what should we do with the result ?
- groupCache.groupRenamed( oldName, newName );
-
- return;
- }
-
- Set<Dn> userGroups = groupCache.getGroups( principalDn.getNormName() );
- Collection<ACITuple> tuples = new HashSet<ACITuple>();
- addPerscriptiveAciTuples( renameContext, tuples, oldName, originalEntry );
- addEntryAciTuples( tuples, originalEntry );
- addSubentryAciTuples( renameContext, tuples, oldName, originalEntry );
-
- AciContext aciContext = new AciContext( schemaManager, renameContext );
- aciContext.setUserGroupNames( userGroups );
- aciContext.setUserDn( principalDn );
- aciContext.setAuthenticationLevel( principal.getAuthenticationLevel() );
- aciContext.setEntryDn( oldName );
- aciContext.setMicroOperations( RENAME_PERMS );
- aciContext.setAciTuples( tuples );
- aciContext.setEntry( originalEntry );
-
- engine.checkPermission( aciContext );
-
- next( renameContext );
- tupleCache.subentryRenamed( oldName, newName );
- groupCache.groupRenamed( oldName, newName );
- }
-
-
public void moveAndRename( MoveAndRenameOperationContext moveAndRenameContext ) throws LdapException
{
Dn oldDn = moveAndRenameContext.getDn();
@@ -1120,118 +1166,67 @@ public class AciAuthorizationInterceptor
/**
* {@inheritDoc}
*/
- public void move( MoveOperationContext moveContext ) throws LdapException
+ public void rename( RenameOperationContext renameContext ) throws LdapException
{
- Dn oriChildName = moveContext.getDn();
-
- // Access the principal requesting the operation, and bypass checks if it is the admin
- Entry entry = moveContext.getOriginalEntry();
- CoreSession session = moveContext.getSession();
+ Dn oldName = renameContext.getDn();
+ Entry originalEntry = null;
- Dn newDn = moveContext.getNewDn();
+ if ( renameContext.getEntry() != null )
+ {
+ originalEntry = ((ClonedServerEntry)renameContext.getEntry()).getOriginalEntry();
+ }
- LdapPrincipal principal = session.getEffectivePrincipal();
+ LdapPrincipal principal = renameContext.getSession().getEffectivePrincipal();
Dn principalDn = principal.getDn();
+ Dn newName = renameContext.getNewDn();
// bypass authz code if we are disabled
if ( !directoryService.isAccessControlEnabled() )
{
- next( moveContext );
+ next( renameContext );
return;
}
- protectCriticalEntries( moveContext, oriChildName );
+ protectCriticalEntries( renameContext, oldName );
// bypass authz code but manage caches if operation is performed by the admin
if ( isPrincipalAnAdministrator( principalDn ) )
{
- next( moveContext );
- tupleCache.subentryRenamed( oriChildName, newDn );
- groupCache.groupRenamed( oriChildName, newDn );
+ next( renameContext );
+ tupleCache.subentryRenamed( oldName, newName );
+
+ // TODO : this method returns a boolean : what should we do with the result ?
+ groupCache.groupRenamed( oldName, newName );
+
return;
}
Set<Dn> userGroups = groupCache.getGroups( principalDn.getNormName() );
Collection<ACITuple> tuples = new HashSet<ACITuple>();
- addPerscriptiveAciTuples( moveContext, tuples, oriChildName, entry );
- addEntryAciTuples( tuples, entry );
- addSubentryAciTuples( moveContext, tuples, oriChildName, entry );
+ addPerscriptiveAciTuples( renameContext, tuples, oldName, originalEntry );
+ addEntryAciTuples( tuples, originalEntry );
+ addSubentryAciTuples( renameContext, tuples, oldName, originalEntry );
- AciContext aciContext = new AciContext( schemaManager, moveContext );
+ AciContext aciContext = new AciContext( schemaManager, renameContext );
aciContext.setUserGroupNames( userGroups );
aciContext.setUserDn( principalDn );
aciContext.setAuthenticationLevel( principal.getAuthenticationLevel() );
- aciContext.setEntryDn( oriChildName );
- aciContext.setMicroOperations( EXPORT_PERMS );
+ aciContext.setEntryDn( oldName );
+ aciContext.setMicroOperations( RENAME_PERMS );
aciContext.setAciTuples( tuples );
- aciContext.setEntry( entry );
-
- engine.checkPermission( aciContext );
-
- // Get the entry again without operational attributes
- // because access control subentry operational attributes
- // will not be valid at the new location.
- // This will certainly be fixed by the SubentryInterceptor,
- // but after this service.
- LookupOperationContext lookupContext = new LookupOperationContext( session, oriChildName, SchemaConstants.ALL_USER_ATTRIBUTES_ARRAY );
- Entry importedEntry = directoryService.getPartitionNexus().lookup( lookupContext );
-
- // As the target entry does not exist yet and so
- // its subentry operational attributes are not there,
- // we need to construct an entry to represent it
- // at least with minimal requirements which are object class
- // and access control subentry operational attributes.
- Entry subentryAttrs = subentryUtils.getSubentryAttributes( newDn, importedEntry );
-
- for ( Attribute attribute : importedEntry )
- {
- subentryAttrs.put( attribute );
- }
-
- Collection<ACITuple> destTuples = new HashSet<ACITuple>();
- // Import permission is only valid for prescriptive ACIs
- addPerscriptiveAciTuples( moveContext, destTuples, newDn, subentryAttrs );
-
- // Evaluate the target context to see whether it
- // allows an entry named newName to be imported as a subordinate.
- aciContext = new AciContext( schemaManager, moveContext );
- aciContext.setUserGroupNames( userGroups );
- aciContext.setUserDn( principalDn );
- aciContext.setAuthenticationLevel( principal.getAuthenticationLevel() );
- aciContext.setEntryDn( newDn );
- aciContext.setMicroOperations( IMPORT_PERMS );
- aciContext.setAciTuples( destTuples );
- aciContext.setEntry( subentryAttrs );
+ aciContext.setEntry( originalEntry );
engine.checkPermission( aciContext );
- next( moveContext );
- tupleCache.subentryRenamed( oriChildName, newDn );
- groupCache.groupRenamed( oriChildName, newDn );
+ next( renameContext );
+ tupleCache.subentryRenamed( oldName, newName );
+ groupCache.groupRenamed( oldName, newName );
}
/**
* {@inheritDoc}
*/
- public EntryFilteringCursor list( ListOperationContext listContext ) throws LdapException
- {
- LdapPrincipal user = listContext.getSession().getEffectivePrincipal();
- EntryFilteringCursor cursor = next( listContext );
-
- if ( isPrincipalAnAdministrator( user.getDn() )
- || !directoryService.isAccessControlEnabled() )
- {
- return cursor;
- }
-
- AuthorizationFilter authzFilter = new AuthorizationFilter();
- cursor.addEntryFilter( authzFilter );
-
- return cursor;
- }
-
-
public EntryFilteringCursor search( SearchOperationContext searchContext ) throws LdapException
{
LdapPrincipal user = searchContext.getSession().getEffectivePrincipal();
@@ -1255,63 +1250,77 @@ public class AciAuthorizationInterceptor
}
- public final boolean isPrincipalAnAdministrator( Dn principalDn )
- {
- return groupCache.isPrincipalAnAdministrator( principalDn );
- }
-
-
/**
- * {@inheritDoc}
+ * Checks if the READ permissions exist to the entry and to each attribute type and
+ * value.
+ *
+ * @todo not sure if we should hide attribute types/values or throw an exception
+ * instead. I think we're going to have to use a filter to restrict the return
+ * of attribute types and values instead of throwing an exception. Lack of read
+ * perms to attributes and their values results in their removal when returning
+ * the entry.
+ *
+ * @param principal the user associated with the call
+ * @param dn the name of the entry being looked up
+ * @param entry the raw entry pulled from the nexus
+ * @throws Exception if undlying access to the DIT fails
*/
- public boolean compare( CompareOperationContext compareContext ) throws LdapException
+ private void checkLookupAccess( LookupOperationContext lookupContext, Entry entry ) throws LdapException
{
- CoreSession session = compareContext.getSession();
- Dn dn = compareContext.getDn();
- String oid = compareContext.getOid();
-
- Entry entry = compareContext.getOriginalEntry();
-
- LdapPrincipal principal = session.getEffectivePrincipal();
- Dn principalDn = principal.getDn();
+ Dn dn = lookupContext.getDn();
- if ( isPrincipalAnAdministrator( principalDn ) || !directoryService.isAccessControlEnabled() )
+ // no permissions checks on the RootDSE
+ if ( dn.isRootDSE() )
{
- return next( compareContext );
+ return;
}
- Set<Dn> userGroups = groupCache.getGroups( principalDn.getNormName() );
+ LdapPrincipal principal = lookupContext.getSession().getEffectivePrincipal();
+ Dn userName = principal.getDn();
+ Set<Dn> userGroups = groupCache.getGroups( userName.getNormName() );
Collection<ACITuple> tuples = new HashSet<ACITuple>();
- addPerscriptiveAciTuples( compareContext, tuples, dn, entry );
+ addPerscriptiveAciTuples( lookupContext, tuples, dn, entry );
addEntryAciTuples( tuples, entry );
- addSubentryAciTuples( compareContext, tuples, dn, entry );
+ addSubentryAciTuples( lookupContext, tuples, dn, entry );
- AciContext aciContext = new AciContext( schemaManager, compareContext );
+ // check that we have read access to the entry
+ AciContext aciContext = new AciContext( schemaManager, lookupContext );
aciContext.setUserGroupNames( userGroups );
- aciContext.setUserDn( principalDn );
+ aciContext.setUserDn( userName );
aciContext.setAuthenticationLevel( principal.getAuthenticationLevel() );
aciContext.setEntryDn( dn );
- aciContext.setMicroOperations( READ_PERMS );
+ aciContext.setMicroOperations( LOOKUP_PERMS );
aciContext.setAciTuples( tuples );
aciContext.setEntry( entry );
engine.checkPermission( aciContext );
- AttributeType attributeType = schemaManager.lookupAttributeTypeRegistry( oid );
+ // check that we have read access to every attribute type and value
+ for ( Attribute attribute : entry )
+ {
- aciContext = new AciContext( schemaManager, compareContext );
- aciContext.setUserGroupNames( userGroups );
- aciContext.setUserDn( principalDn );
- aciContext.setAuthenticationLevel( principal.getAuthenticationLevel() );
- aciContext.setEntryDn( dn );
- aciContext.setAttributeType( attributeType );
- aciContext.setMicroOperations( COMPARE_PERMS );
- aciContext.setAciTuples( tuples );
- aciContext.setEntry( entry );
+ for ( Value<?> value : attribute )
+ {
+ AciContext valueAciContext = new AciContext( schemaManager, lookupContext );
+ valueAciContext.setUserGroupNames( userGroups );
+ valueAciContext.setUserDn( userName );
+ valueAciContext.setAuthenticationLevel( principal.getAuthenticationLevel() );
+ valueAciContext.setEntryDn( dn );
+ valueAciContext.setAttributeType( attribute.getAttributeType() );
+ valueAciContext.setAttrValue( value );
+ valueAciContext.setMicroOperations( READ_PERMS );
+ valueAciContext.setAciTuples( tuples );
+ valueAciContext.setEntry( entry );
- engine.checkPermission( aciContext );
+ engine.checkPermission( valueAciContext );
+ }
+ }
+ }
- return next( compareContext );
+
+ public final boolean isPrincipalAnAdministrator( Dn principalDn )
+ {
+ return groupCache.isPrincipalAnAdministrator( principalDn );
}
@@ -1437,4 +1446,10 @@ public class AciAuthorizationInterceptor
return filter( searchContext, normName, entry );
}
}
+
+
+ private boolean isTheAdministrator( Dn normalizedDn )
+ {
+ return normalizedDn.getNormName().equals( ServerDNConstants.ADMIN_SYSTEM_DN_NORMALIZED );
+ }
}
Modified: directory/apacheds/trunk/interceptors/authz/src/main/java/org/apache/directory/server/core/authz/DefaultAuthorizationInterceptor.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/interceptors/authz/src/main/java/org/apache/directory/server/core/authz/DefaultAuthorizationInterceptor.java?rev=1200870&r1=1200869&r2=1200870&view=diff
==============================================================================
--- directory/apacheds/trunk/interceptors/authz/src/main/java/org/apache/directory/server/core/authz/DefaultAuthorizationInterceptor.java (original)
+++ directory/apacheds/trunk/interceptors/authz/src/main/java/org/apache/directory/server/core/authz/DefaultAuthorizationInterceptor.java Fri Nov 11 13:15:39 2011
@@ -150,7 +150,9 @@ public class DefaultAuthorizationInterce
// Note:
// Lookup, search and list operations need to be handled using a filter
// and so we need access to the filter service.
-
+ /**
+ * {@inheritDoc}
+ */
public void delete( DeleteOperationContext deleteContext ) throws LdapException
{
if ( deleteContext.getSession().getDirectoryService().isAccessControlEnabled() )
@@ -205,28 +207,55 @@ public class DefaultAuthorizationInterce
}
- private boolean isTheAdministrator( Dn dn )
+ /**
+ * {@inheritDoc}
+ */
+ public EntryFilteringCursor list( ListOperationContext listContext ) throws LdapException
{
- return dn.equals( ADMIN_SYSTEM_DN );
+ EntryFilteringCursor cursor = next( listContext );
+
+ if ( listContext.getSession().getDirectoryService().isAccessControlEnabled() )
+ {
+ return cursor;
+ }
+
+ cursor.addEntryFilter( new DefaultAuthorizationSearchFilter() );
+
+ return cursor;
}
- private boolean isAnAdministrator( Dn dn )
+ /**
+ * {@inheritDoc}
+ */
+ public Entry lookup( LookupOperationContext lookupContext ) throws LdapException
{
- return isTheAdministrator( dn ) || administrators.contains( dn.getNormName() );
+ CoreSession session = lookupContext.getSession();
+ Entry entry = next( lookupContext );
+
+ if ( session.getDirectoryService().isAccessControlEnabled() )
+ {
+ return entry;
+ }
+
+ protectLookUp( session.getEffectivePrincipal().getDn(), lookupContext.getDn() );
+
+ return entry;
}
// ------------------------------------------------------------------------
// Entry Modification Operations
// ------------------------------------------------------------------------
-
/**
* This policy needs to be really tight too because some attributes may take
* part in giving the user permissions to protected resources. We do not want
* users to self access these resources. As far as we're concerned no one but
* the admin needs access.
*/
+ /**
+ * {@inheritDoc}
+ */
public void modify( ModifyOperationContext modifyContext ) throws LdapException
{
if ( !modifyContext.getSession().getDirectoryService().isAccessControlEnabled() )
@@ -249,49 +278,31 @@ public class DefaultAuthorizationInterce
}
- private void protectModifyAlterations( OperationContext opCtx, Dn dn ) throws LdapException
+ /**
+ * {@inheritDoc}
+ */
+ public void move( MoveOperationContext moveContext ) throws LdapException
{
- Dn principalDn = getPrincipal( opCtx ).getDn();
-
- if ( dn.isEmpty() )
+ if ( !moveContext.getSession().getDirectoryService().isAccessControlEnabled() )
{
- String msg = I18n.err( I18n.ERR_17 );
- LOG.error( msg );
- throw new LdapNoPermissionException( msg );
+ protectDnAlterations( moveContext, moveContext.getDn() );
}
- if ( !isAnAdministrator( principalDn ) )
- {
- // allow self modifications
- if ( dn.equals( getPrincipal( opCtx ) ) )
- {
- return;
- }
-
- if ( dn.equals( ADMIN_SYSTEM_DN ) )
- {
- String msg = I18n.err( I18n.ERR_18, principalDn.getName() );
- LOG.error( msg );
- throw new LdapNoPermissionException( msg );
- }
+ next( moveContext );
+ }
- if ( dn.size() > 2 )
- {
- if ( dn.isDescendantOf( ADMIN_SYSTEM_DN ) )
- {
- String msg = I18n.err( I18n.ERR_19, principalDn.getName(), dn.getName() );
- LOG.error( msg );
- throw new LdapNoPermissionException( msg );
- }
- if ( dn.isDescendantOf( GROUP_BASE_DN ) )
- {
- String msg = I18n.err( I18n.ERR_20, principalDn.getName(), dn.getName() );
- LOG.error( msg );
- throw new LdapNoPermissionException( msg );
- }
- }
+ /**
+ * {@inheritDoc}
+ */
+ public void moveAndRename( MoveAndRenameOperationContext moveAndRenameContext ) throws LdapException
+ {
+ if ( !moveAndRenameContext.getSession().getDirectoryService().isAccessControlEnabled() )
+ {
+ protectDnAlterations( moveAndRenameContext, moveAndRenameContext.getDn() );
}
+
+ next( moveAndRenameContext );
}
@@ -303,7 +314,9 @@ public class DefaultAuthorizationInterce
// o Only the administrator can move or rename non-admin user entries
// o The administrator entry cannot be moved or renamed by anyone
// ------------------------------------------------------------------------
-
+ /**
+ * {@inheritDoc}
+ */
public void rename( RenameOperationContext renameContext ) throws LdapException
{
if ( !renameContext.getSession().getDirectoryService().isAccessControlEnabled() )
@@ -318,25 +331,76 @@ public class DefaultAuthorizationInterce
/**
* {@inheritDoc}
*/
- public void move( MoveOperationContext moveContext ) throws LdapException
+ public EntryFilteringCursor search( SearchOperationContext searchContext ) throws LdapException
{
- if ( !moveContext.getSession().getDirectoryService().isAccessControlEnabled() )
+ EntryFilteringCursor cursor = next( searchContext );
+
+ if ( searchContext.getSession().getDirectoryService().isAccessControlEnabled() )
{
- protectDnAlterations( moveContext, moveContext.getDn() );
+ return cursor;
}
- next( moveContext );
+ cursor.addEntryFilter( new DefaultAuthorizationSearchFilter() );
+
+ return cursor;
}
- public void moveAndRename( MoveAndRenameOperationContext moveAndRenameContext ) throws LdapException
+ private boolean isTheAdministrator( Dn dn )
{
- if ( !moveAndRenameContext.getSession().getDirectoryService().isAccessControlEnabled() )
+ return dn.equals( ADMIN_SYSTEM_DN );
+ }
+
+
+ private boolean isAnAdministrator( Dn dn )
+ {
+ return isTheAdministrator( dn ) || administrators.contains( dn.getNormName() );
+ }
+
+
+ private void protectModifyAlterations( OperationContext opCtx, Dn dn ) throws LdapException
+ {
+ Dn principalDn = getPrincipal( opCtx ).getDn();
+
+ if ( dn.isEmpty() )
{
- protectDnAlterations( moveAndRenameContext, moveAndRenameContext.getDn() );
+ String msg = I18n.err( I18n.ERR_17 );
+ LOG.error( msg );
+ throw new LdapNoPermissionException( msg );
}
- next( moveAndRenameContext );
+ if ( !isAnAdministrator( principalDn ) )
+ {
+ // allow self modifications
+ if ( dn.equals( getPrincipal( opCtx ) ) )
+ {
+ return;
+ }
+
+ if ( dn.equals( ADMIN_SYSTEM_DN ) )
+ {
+ String msg = I18n.err( I18n.ERR_18, principalDn.getName() );
+ LOG.error( msg );
+ throw new LdapNoPermissionException( msg );
+ }
+
+ if ( dn.size() > 2 )
+ {
+ if ( dn.isDescendantOf( ADMIN_SYSTEM_DN ) )
+ {
+ String msg = I18n.err( I18n.ERR_19, principalDn.getName(), dn.getName() );
+ LOG.error( msg );
+ throw new LdapNoPermissionException( msg );
+ }
+
+ if ( dn.isDescendantOf( GROUP_BASE_DN ) )
+ {
+ String msg = I18n.err( I18n.ERR_20, principalDn.getName(), dn.getName() );
+ LOG.error( msg );
+ throw new LdapNoPermissionException( msg );
+ }
+ }
+ }
}
@@ -381,22 +445,6 @@ public class DefaultAuthorizationInterce
}
- public Entry lookup( LookupOperationContext lookupContext ) throws LdapException
- {
- CoreSession session = lookupContext.getSession();
- Entry entry = next( lookupContext );
-
- if ( session.getDirectoryService().isAccessControlEnabled() )
- {
- return entry;
- }
-
- protectLookUp( session.getEffectivePrincipal().getDn(), lookupContext.getDn() );
-
- return entry;
- }
-
-
private void protectLookUp( Dn principalDn, Dn normalizedDn ) throws LdapException
{
if ( !isAnAdministrator( principalDn ) )
@@ -446,39 +494,6 @@ public class DefaultAuthorizationInterce
}
- public EntryFilteringCursor search( SearchOperationContext searchContext ) throws LdapException
- {
- EntryFilteringCursor cursor = next( searchContext );
-
- if ( searchContext.getSession().getDirectoryService().isAccessControlEnabled() )
- {
- return cursor;
- }
-
- cursor.addEntryFilter( new DefaultAuthorizationSearchFilter() );
-
- return cursor;
- }
-
-
- /**
- * {@inheritDoc}
- */
- public EntryFilteringCursor list( ListOperationContext listContext ) throws LdapException
- {
- EntryFilteringCursor cursor = next( listContext );
-
- if ( listContext.getSession().getDirectoryService().isAccessControlEnabled() )
- {
- return cursor;
- }
-
- cursor.addEntryFilter( new DefaultAuthorizationSearchFilter() );
-
- return cursor;
- }
-
-
// False positive, we want to keep the comment
@SuppressWarnings("PMD.CollapsibleIfStatements")
private boolean isSearchable( OperationContext opContext, Entry entry ) throws Exception
Modified: directory/apacheds/trunk/interceptors/changelog/src/main/java/org/apache/directory/server/core/changelog/ChangeLogInterceptor.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/interceptors/changelog/src/main/java/org/apache/directory/server/core/changelog/ChangeLogInterceptor.java?rev=1200870&r1=1200869&r2=1200870&view=diff
==============================================================================
--- directory/apacheds/trunk/interceptors/changelog/src/main/java/org/apache/directory/server/core/changelog/ChangeLogInterceptor.java (original)
+++ directory/apacheds/trunk/interceptors/changelog/src/main/java/org/apache/directory/server/core/changelog/ChangeLogInterceptor.java Fri Nov 11 13:15:39 2011
@@ -96,6 +96,9 @@ public class ChangeLogInterceptor extend
// -----------------------------------------------------------------------
// Overridden (only change inducing) intercepted methods
// -----------------------------------------------------------------------
+ /**
+ * {@inheritDoc}
+ */
public void add( AddOperationContext addContext ) throws LdapException
{
next( addContext );
@@ -132,6 +135,9 @@ public class ChangeLogInterceptor extend
* The delete operation has to be stored with a way to restore the deleted element.
* There is no way to do that but reading the entry and dump it into the LOG.
*/
+ /**
+ * {@inheritDoc}
+ */
public void delete( DeleteOperationContext deleteContext ) throws LdapException
{
// @todo make sure we're not putting in operational attributes that cannot be user modified
@@ -181,36 +187,7 @@ public class ChangeLogInterceptor extend
/**
- * Gets attributes required for modifications.
- *
- * @param dn the dn of the entry to get
- * @return the entry's attributes (may be immutable if the schema subentry)
- * @throws Exception on error accessing the entry's attributes
- */
- private Entry getAttributes( OperationContext opContext ) throws LdapException
- {
- Dn dn = opContext.getDn();
- Entry serverEntry;
-
- // @todo make sure we're not putting in operational attributes that cannot be user modified
- if ( dn.equals( ServerDNConstants.CN_SCHEMA_DN ) )
- {
- return SchemaService.getSubschemaEntryCloned( directoryService );
- }
- else
- {
- CoreSession session = opContext.getSession();
- LookupOperationContext lookupContext = new LookupOperationContext( session, dn );
- lookupContext.setAttrsId( SchemaConstants.ALL_ATTRIBUTES_ARRAY );
- serverEntry = directoryService.getPartitionNexus().lookup( lookupContext );
- }
-
- return serverEntry;
- }
-
-
- /**
- *
+ * {@inheritDoc}
*/
public void modify( ModifyOperationContext modifyContext ) throws LdapException
{
@@ -285,24 +262,12 @@ public class ChangeLogInterceptor extend
}
- // -----------------------------------------------------------------------
- // Though part left as an exercise (Not Any More!)
- // -----------------------------------------------------------------------
-
-
- public void rename ( RenameOperationContext renameContext ) throws LdapException
+ /**
+ * {@inheritDoc}
+ */
+ public void move( MoveOperationContext moveContext ) throws LdapException
{
- Entry serverEntry = null;
-
- if ( renameContext.getEntry() != null )
- {
- serverEntry = ((ClonedServerEntry)renameContext.getEntry()).getOriginalEntry();
- }
-
- next( renameContext );
-
- // After this point, the entry has been modified. The cloned entry contains
- // the modified entry, the originalEntry has changed
+ next( moveContext );
if ( !changeLog.isEnabled() )
{
@@ -310,18 +275,18 @@ public class ChangeLogInterceptor extend
}
LdifEntry forward = new LdifEntry();
- forward.setChangeType( ChangeType.ModRdn );
- forward.setDn( renameContext.getDn() );
- forward.setNewRdn( renameContext.getNewRdn().getName() );
- forward.setDeleteOldRdn( renameContext.getDeleteOldRdn() );
-
- List<LdifEntry> reverses = LdifRevertor.reverseRename(
- serverEntry, renameContext.getNewRdn(), renameContext.getDeleteOldRdn() );
+ forward.setChangeType( ChangeType.ModDn );
+ forward.setDn( moveContext.getDn() );
+ forward.setNewSuperior( moveContext.getNewSuperior().getName() );
- renameContext.setChangeLogEvent( changeLog.log( getPrincipal( renameContext ), forward, reverses ) );
+ LdifEntry reverse = LdifRevertor.reverseMove(moveContext.getNewSuperior(), moveContext.getDn());
+ moveContext.setChangeLogEvent( changeLog.log( getPrincipal( moveContext ), forward, reverse ) );
}
+ /**
+ * {@inheritDoc}
+ */
public void moveAndRename( MoveAndRenameOperationContext moveAndRenameContext ) throws LdapException
{
Entry serverEntry = null;
@@ -363,9 +328,19 @@ public class ChangeLogInterceptor extend
/**
* {@inheritDoc}
*/
- public void move( MoveOperationContext moveContext ) throws LdapException
+ public void rename( RenameOperationContext renameContext ) throws LdapException
{
- next( moveContext );
+ Entry serverEntry = null;
+
+ if ( renameContext.getEntry() != null )
+ {
+ serverEntry = ((ClonedServerEntry)renameContext.getEntry()).getOriginalEntry();
+ }
+
+ next( renameContext );
+
+ // After this point, the entry has been modified. The cloned entry contains
+ // the modified entry, the originalEntry has changed
if ( !changeLog.isEnabled() )
{
@@ -373,11 +348,43 @@ public class ChangeLogInterceptor extend
}
LdifEntry forward = new LdifEntry();
- forward.setChangeType( ChangeType.ModDn );
- forward.setDn( moveContext.getDn() );
- forward.setNewSuperior( moveContext.getNewSuperior().getName() );
+ forward.setChangeType( ChangeType.ModRdn );
+ forward.setDn( renameContext.getDn() );
+ forward.setNewRdn( renameContext.getNewRdn().getName() );
+ forward.setDeleteOldRdn( renameContext.getDeleteOldRdn() );
- LdifEntry reverse = LdifRevertor.reverseMove(moveContext.getNewSuperior(), moveContext.getDn());
- moveContext.setChangeLogEvent( changeLog.log( getPrincipal( moveContext ), forward, reverse ) );
+ List<LdifEntry> reverses = LdifRevertor.reverseRename(
+ serverEntry, renameContext.getNewRdn(), renameContext.getDeleteOldRdn() );
+
+ renameContext.setChangeLogEvent( changeLog.log( getPrincipal( renameContext ), forward, reverses ) );
+ }
+
+
+ /**
+ * Gets attributes required for modifications.
+ *
+ * @param dn the dn of the entry to get
+ * @return the entry's attributes (may be immutable if the schema subentry)
+ * @throws Exception on error accessing the entry's attributes
+ */
+ private Entry getAttributes( OperationContext opContext ) throws LdapException
+ {
+ Dn dn = opContext.getDn();
+ Entry serverEntry;
+
+ // @todo make sure we're not putting in operational attributes that cannot be user modified
+ if ( dn.equals( ServerDNConstants.CN_SCHEMA_DN ) )
+ {
+ return SchemaService.getSubschemaEntryCloned( directoryService );
+ }
+ else
+ {
+ CoreSession session = opContext.getSession();
+ LookupOperationContext lookupContext = new LookupOperationContext( session, dn );
+ lookupContext.setAttrsId( SchemaConstants.ALL_ATTRIBUTES_ARRAY );
+ serverEntry = directoryService.getPartitionNexus().lookup( lookupContext );
+ }
+
+ return serverEntry;
}
}
Modified: directory/apacheds/trunk/interceptors/event/src/main/java/org/apache/directory/server/core/event/EventInterceptor.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/interceptors/event/src/main/java/org/apache/directory/server/core/event/EventInterceptor.java?rev=1200870&r1=1200869&r2=1200870&view=diff
==============================================================================
--- directory/apacheds/trunk/interceptors/event/src/main/java/org/apache/directory/server/core/event/EventInterceptor.java (original)
+++ directory/apacheds/trunk/interceptors/event/src/main/java/org/apache/directory/server/core/event/EventInterceptor.java Fri Nov 11 13:15:39 2011
@@ -238,31 +238,23 @@ public class EventInterceptor extends Ba
/**
* {@inheritDoc}
*/
- public void rename( RenameOperationContext renameContext ) throws LdapException
+ public void move( MoveOperationContext moveContext ) throws LdapException
{
- Entry oriEntry = ((ClonedServerEntry)renameContext.getEntry()).getOriginalEntry();
- List<RegistrationEntry> selecting = getSelectingRegistrations( renameContext.getDn(), oriEntry );
+ Entry oriEntry = moveContext.getOriginalEntry();
+ List<RegistrationEntry> selecting = getSelectingRegistrations( moveContext.getDn(), oriEntry );
- next( renameContext );
+ next( moveContext );
if ( selecting.isEmpty() )
{
return;
}
- // Get the modifed entry
- CoreSession session = renameContext.getSession();
- LookupOperationContext lookupContext = new LookupOperationContext( session, renameContext.getNewDn() );
- lookupContext.setAttrsId( SchemaConstants.ALL_ATTRIBUTES_ARRAY );
-
- Entry alteredEntry = directoryService.getPartitionNexus().lookup( lookupContext );
- renameContext.setModifiedEntry( alteredEntry );
-
for ( final RegistrationEntry registration : selecting )
{
- if ( EventType.isRename( registration.getCriteria().getEventMask() ) )
+ if ( EventType.isMove( registration.getCriteria().getEventMask() ) )
{
- fire( renameContext, EventType.RENAME, registration.getListener() );
+ fire( moveContext, EventType.MOVE, registration.getListener() );
}
}
}
@@ -301,23 +293,31 @@ public class EventInterceptor extends Ba
/**
* {@inheritDoc}
*/
- public void move( MoveOperationContext moveContext ) throws LdapException
+ public void rename( RenameOperationContext renameContext ) throws LdapException
{
- Entry oriEntry = moveContext.getOriginalEntry();
- List<RegistrationEntry> selecting = getSelectingRegistrations( moveContext.getDn(), oriEntry );
+ Entry oriEntry = ((ClonedServerEntry)renameContext.getEntry()).getOriginalEntry();
+ List<RegistrationEntry> selecting = getSelectingRegistrations( renameContext.getDn(), oriEntry );
- next( moveContext );
+ next( renameContext );
if ( selecting.isEmpty() )
{
return;
}
+ // Get the modifed entry
+ CoreSession session = renameContext.getSession();
+ LookupOperationContext lookupContext = new LookupOperationContext( session, renameContext.getNewDn() );
+ lookupContext.setAttrsId( SchemaConstants.ALL_ATTRIBUTES_ARRAY );
+
+ Entry alteredEntry = directoryService.getPartitionNexus().lookup( lookupContext );
+ renameContext.setModifiedEntry( alteredEntry );
+
for ( final RegistrationEntry registration : selecting )
{
- if ( EventType.isMove( registration.getCriteria().getEventMask() ) )
+ if ( EventType.isRename( registration.getCriteria().getEventMask() ) )
{
- fire( moveContext, EventType.MOVE, registration.getListener() );
+ fire( renameContext, EventType.RENAME, registration.getListener() );
}
}
}
Modified: directory/apacheds/trunk/interceptors/exception/src/main/java/org/apache/directory/server/core/exception/ExceptionInterceptor.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/interceptors/exception/src/main/java/org/apache/directory/server/core/exception/ExceptionInterceptor.java?rev=1200870&r1=1200869&r2=1200870&view=diff
==============================================================================
--- directory/apacheds/trunk/interceptors/exception/src/main/java/org/apache/directory/server/core/exception/ExceptionInterceptor.java (original)
+++ directory/apacheds/trunk/interceptors/exception/src/main/java/org/apache/directory/server/core/exception/ExceptionInterceptor.java Fri Nov 11 13:15:39 2011
@@ -236,7 +236,7 @@ public class ExceptionInterceptor extend
/**
- * Checks to see the base being searched exists, otherwise throws the appropriate LdapException.
+ * {@inheritDoc}
*/
public Entry lookup( LookupOperationContext lookupContext ) throws LdapException
{
@@ -257,7 +257,7 @@ public class ExceptionInterceptor extend
/**
- * Checks to see the entry being modified exists, otherwise throws the appropriate LdapException.
+ * {@inheritDoc}
*/
public void modify( ModifyOperationContext modifyContext ) throws LdapException
{
@@ -294,93 +294,92 @@ public class ExceptionInterceptor extend
/**
- * Checks to see the entry being renamed exists, otherwise throws the appropriate LdapException.
+ * {@inheritDoc}
*/
- public void rename( RenameOperationContext renameContext ) throws LdapException
+ public void move( MoveOperationContext moveContext ) throws LdapException
{
- Dn dn = renameContext.getDn();
+ Dn oriChildName = moveContext.getDn();
- if ( dn.equals( subschemSubentryDn ) )
+ if ( oriChildName.equals( subschemSubentryDn ) )
{
- throw new LdapUnwillingToPerformException( ResultCodeEnum.UNWILLING_TO_PERFORM, I18n.err( I18n.ERR_255,
+ throw new LdapUnwillingToPerformException( ResultCodeEnum.UNWILLING_TO_PERFORM, I18n.err( I18n.ERR_258,
subschemSubentryDn, subschemSubentryDn ) );
}
- // check to see if target entry exists
- Dn newDn = renameContext.getNewDn();
-
- if ( nexus.hasEntry( new EntryOperationContext( renameContext.getSession(), newDn ) ) )
- {
- LdapEntryAlreadyExistsException e;
- e = new LdapEntryAlreadyExistsException( I18n.err( I18n.ERR_250_ENTRY_ALREADY_EXISTS, newDn.getName() ) );
- //e.setResolvedName( DNFactory.create( newDn.getName() ) );
- throw e;
- }
+ next( moveContext );
- // Remove the previous entry from the notAnAlias cache
+ // Remove the original entry from the NotAlias cache, if needed
synchronized ( notAliasCache )
{
- if ( notAliasCache.containsKey( dn.getNormName() ) )
+ if ( notAliasCache.containsKey( oriChildName.getNormName() ) )
{
- notAliasCache.remove( dn.getNormName() );
+ notAliasCache.remove( oriChildName.getNormName() );
}
}
-
- next( renameContext );
}
/**
* {@inheritDoc}
*/
- public void move( MoveOperationContext moveContext ) throws LdapException
+ public void moveAndRename( MoveAndRenameOperationContext moveAndRenameContext ) throws LdapException
{
- Dn oriChildName = moveContext.getDn();
+ Dn oldDn = moveAndRenameContext.getDn();
- if ( oriChildName.equals( subschemSubentryDn ) )
+ // Don't allow M&R in the SSSE
+ if ( oldDn.equals( subschemSubentryDn ) )
{
throw new LdapUnwillingToPerformException( ResultCodeEnum.UNWILLING_TO_PERFORM, I18n.err( I18n.ERR_258,
subschemSubentryDn, subschemSubentryDn ) );
}
- next( moveContext );
-
// Remove the original entry from the NotAlias cache, if needed
synchronized ( notAliasCache )
{
- if ( notAliasCache.containsKey( oriChildName.getNormName() ) )
+ if ( notAliasCache.containsKey( oldDn.getNormName() ) )
{
- notAliasCache.remove( oriChildName.getNormName() );
+ notAliasCache.remove( oldDn.getNormName() );
}
}
+
+ next( moveAndRenameContext );
}
/**
- * Checks to see the entry being moved exists, and so does its parent, otherwise throws the appropriate
- * LdapException.
+ * {@inheritDoc}
*/
- public void moveAndRename( MoveAndRenameOperationContext moveAndRenameContext ) throws LdapException
+ public void rename( RenameOperationContext renameContext ) throws LdapException
{
- Dn oldDn = moveAndRenameContext.getDn();
+ Dn dn = renameContext.getDn();
- // Don't allow M&R in the SSSE
- if ( oldDn.equals( subschemSubentryDn ) )
+ if ( dn.equals( subschemSubentryDn ) )
{
- throw new LdapUnwillingToPerformException( ResultCodeEnum.UNWILLING_TO_PERFORM, I18n.err( I18n.ERR_258,
+ throw new LdapUnwillingToPerformException( ResultCodeEnum.UNWILLING_TO_PERFORM, I18n.err( I18n.ERR_255,
subschemSubentryDn, subschemSubentryDn ) );
}
- // Remove the original entry from the NotAlias cache, if needed
+ // check to see if target entry exists
+ Dn newDn = renameContext.getNewDn();
+
+ if ( nexus.hasEntry( new EntryOperationContext( renameContext.getSession(), newDn ) ) )
+ {
+ LdapEntryAlreadyExistsException e;
+ e = new LdapEntryAlreadyExistsException( I18n.err( I18n.ERR_250_ENTRY_ALREADY_EXISTS, newDn.getName() ) );
+ //e.setResolvedName( DNFactory.create( newDn.getName() ) );
+ throw e;
+ }
+
+ // Remove the previous entry from the notAnAlias cache
synchronized ( notAliasCache )
{
- if ( notAliasCache.containsKey( oldDn.getNormName() ) )
+ if ( notAliasCache.containsKey( dn.getNormName() ) )
{
- notAliasCache.remove( oldDn.getNormName() );
+ notAliasCache.remove( dn.getNormName() );
}
}
- next( moveAndRenameContext );
+ next( renameContext );
}
Modified: directory/apacheds/trunk/interceptors/hash/src/main/java/org/apache/directory/server/core/hash/PasswordHashingInterceptor.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/interceptors/hash/src/main/java/org/apache/directory/server/core/hash/PasswordHashingInterceptor.java?rev=1200870&r1=1200869&r2=1200870&view=diff
==============================================================================
--- directory/apacheds/trunk/interceptors/hash/src/main/java/org/apache/directory/server/core/hash/PasswordHashingInterceptor.java (original)
+++ directory/apacheds/trunk/interceptors/hash/src/main/java/org/apache/directory/server/core/hash/PasswordHashingInterceptor.java Fri Nov 11 13:15:39 2011
@@ -63,7 +63,7 @@ public class PasswordHashingInterceptor
* Creates a new instance of PasswordHashingInterceptor which hashes the
* incoming non-hashed password using the given algorithm.
* If the password is found already hashed then it will skip hashing it.
- *
+ *
* @param algorithm the name of the algorithm to be used
*/
public PasswordHashingInterceptor( LdapSecurityConstants algorithm )
@@ -72,7 +72,9 @@ public class PasswordHashingInterceptor
}
- @Override
+ /**
+ * {@inheritDoc}
+ */
public void add( AddOperationContext addContext ) throws LdapException
{
if ( algorithm == null )
@@ -91,7 +93,9 @@ public class PasswordHashingInterceptor
}
- @Override
+ /**
+ * {@inheritDoc}
+ */
public void modify( ModifyOperationContext modifyContext ) throws LdapException
{
if ( algorithm == null )
@@ -106,7 +110,7 @@ public class PasswordHashingInterceptor
{
String oid = mod.getAttribute().getAttributeType().getOid();
- // check for modification on 'userPassword' AT
+ // check for modification on 'userPassword' AT
if ( SchemaConstants.USER_PASSWORD_AT_OID.equals( oid ) )
{
includeHashedPassword( mod.getAttribute() );
Modified: directory/apacheds/trunk/interceptors/journal/src/main/java/org/apache/directory/server/core/journal/JournalInterceptor.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/interceptors/journal/src/main/java/org/apache/directory/server/core/journal/JournalInterceptor.java?rev=1200870&r1=1200869&r2=1200870&view=diff
==============================================================================
--- directory/apacheds/trunk/interceptors/journal/src/main/java/org/apache/directory/server/core/journal/JournalInterceptor.java (original)
+++ directory/apacheds/trunk/interceptors/journal/src/main/java/org/apache/directory/server/core/journal/JournalInterceptor.java Fri Nov 11 13:15:39 2011
@@ -239,7 +239,7 @@ public class JournalInterceptor extends
/**
* {@inheritDoc}
*/
- public void rename ( RenameOperationContext renameContext ) throws LdapException
+ public void move( MoveOperationContext moveContext ) throws LdapException
{
long opRevision = 0;
@@ -247,19 +247,18 @@ public class JournalInterceptor extends
{
opRevision = revision.incrementAndGet();
- // Store the renamed entry
+ // Store the moved entry
LdifEntry ldif = new LdifEntry();
- ldif.setChangeType( ChangeType.ModRdn );
- ldif.setDn( renameContext.getDn() );
- ldif.setNewRdn( renameContext.getNewRdn().getNormName() );
- ldif.setDeleteOldRdn( renameContext.getDeleteOldRdn() );
+ ldif.setChangeType( ChangeType.ModDn );
+ ldif.setDn( moveContext.getDn() );
+ ldif.setNewSuperior( moveContext.getNewSuperior().getNormName() );
- journal.log( getPrincipal( renameContext ), opRevision, ldif );
+ journal.log( getPrincipal( moveContext ), opRevision, ldif );
}
try
{
- next( renameContext );
+ next( moveContext );
if ( journalEnabled )
{
@@ -328,7 +327,7 @@ public class JournalInterceptor extends
/**
* {@inheritDoc}
*/
- public void move( MoveOperationContext moveContext ) throws LdapException
+ public void rename( RenameOperationContext renameContext ) throws LdapException
{
long opRevision = 0;
@@ -336,18 +335,19 @@ public class JournalInterceptor extends
{
opRevision = revision.incrementAndGet();
- // Store the moved entry
+ // Store the renamed entry
LdifEntry ldif = new LdifEntry();
- ldif.setChangeType( ChangeType.ModDn );
- ldif.setDn( moveContext.getDn() );
- ldif.setNewSuperior( moveContext.getNewSuperior().getNormName() );
+ ldif.setChangeType( ChangeType.ModRdn );
+ ldif.setDn( renameContext.getDn() );
+ ldif.setNewRdn( renameContext.getNewRdn().getNormName() );
+ ldif.setDeleteOldRdn( renameContext.getDeleteOldRdn() );
- journal.log( getPrincipal( moveContext ), opRevision, ldif );
+ journal.log( getPrincipal( renameContext ), opRevision, ldif );
}
try
{
- next( moveContext );
+ next( renameContext );
if ( journalEnabled )
{
Modified: directory/apacheds/trunk/interceptors/logger/src/main/java/org/apache/directory/server/core/logger/TimerInterceptor.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/interceptors/logger/src/main/java/org/apache/directory/server/core/logger/TimerInterceptor.java?rev=1200870&r1=1200869&r2=1200870&view=diff
==============================================================================
--- directory/apacheds/trunk/interceptors/logger/src/main/java/org/apache/directory/server/core/logger/TimerInterceptor.java (original)
+++ directory/apacheds/trunk/interceptors/logger/src/main/java/org/apache/directory/server/core/logger/TimerInterceptor.java Fri Nov 11 13:15:39 2011
@@ -142,6 +142,31 @@ public class TimerInterceptor extends Ba
/**
* {@inheritDoc}
*/
+ public void init( DirectoryService directoryService ) throws LdapException
+ {
+ }
+
+
+ /**
+ * {@inheritDoc}
+ */
+ public void destroy()
+ {
+ }
+
+
+ /**
+ * {@inheritDoc}
+ */
+ public String getName()
+ {
+ return name;
+ }
+
+
+ /**
+ * {@inheritDoc}
+ */
public void add( AddOperationContext addContext ) throws LdapException
{
long t0 = System.nanoTime();
@@ -256,23 +281,6 @@ public class TimerInterceptor extends Ba
/**
* {@inheritDoc}
*/
- public void destroy()
- {
- }
-
-
- /**
- * {@inheritDoc}
- */
- public String getName()
- {
- return name;
- }
-
-
- /**
- * {@inheritDoc}
- */
public Entry getRootDSE( GetRootDSEOperationContext getRootDseContext ) throws LdapException
{
long t0 = System.nanoTime();
@@ -333,14 +341,6 @@ public class TimerInterceptor extends Ba
/**
* {@inheritDoc}
*/
- public void init( DirectoryService directoryService ) throws LdapException
- {
- }
-
-
- /**
- * {@inheritDoc}
- */
public EntryFilteringCursor list( ListOperationContext listContext ) throws LdapException
{
long t0 = System.nanoTime();
Modified: directory/apacheds/trunk/interceptors/normalization/src/main/java/org/apache/directory/server/core/normalization/NormalizationInterceptor.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/interceptors/normalization/src/main/java/org/apache/directory/server/core/normalization/NormalizationInterceptor.java?rev=1200870&r1=1200869&r2=1200870&view=diff
==============================================================================
--- directory/apacheds/trunk/interceptors/normalization/src/main/java/org/apache/directory/server/core/normalization/NormalizationInterceptor.java (original)
+++ directory/apacheds/trunk/interceptors/normalization/src/main/java/org/apache/directory/server/core/normalization/NormalizationInterceptor.java Fri Nov 11 13:15:39 2011
@@ -118,6 +118,49 @@ public class NormalizationInterceptor ex
/**
* {@inheritDoc}
*/
+ public void bind( BindOperationContext bindContext ) throws LdapException
+ {
+ bindContext.getDn().apply( schemaManager );
+ next( bindContext );
+ }
+
+
+ /**
+ * {@inheritDoc}
+ */
+ public boolean compare( CompareOperationContext compareContext ) throws LdapException
+ {
+ if ( !compareContext.getDn().isSchemaAware() )
+ {
+ compareContext.getDn().apply( schemaManager );
+ }
+
+ // Get the attributeType from the OID
+ try
+ {
+ AttributeType attributeType = schemaManager.lookupAttributeTypeRegistry( compareContext.getOid() );
+
+ // Translate the value from binary to String if the AT is HR
+ if ( attributeType.getSyntax().isHumanReadable() && ( !compareContext.getValue().isHumanReadable() ) )
+ {
+ String value = compareContext.getValue().getString();
+ compareContext.setValue( new StringValue( value ) );
+ }
+
+ compareContext.setAttributeType( attributeType );
+ }
+ catch ( LdapException le )
+ {
+ throw new LdapInvalidAttributeTypeException( I18n.err( I18n.ERR_266, compareContext.getOid() ) );
+ }
+
+ return next( compareContext );
+ }
+
+
+ /**
+ * {@inheritDoc}
+ */
public void delete( DeleteOperationContext deleteContext ) throws LdapException
{
Dn dn = deleteContext.getDn();
@@ -134,47 +177,64 @@ public class NormalizationInterceptor ex
/**
* {@inheritDoc}
*/
- public void modify( ModifyOperationContext modifyContext ) throws LdapException
+ public boolean hasEntry( EntryOperationContext hasEntryContext ) throws LdapException
{
- if ( !modifyContext.getDn().isSchemaAware() )
- {
- modifyContext.getDn().apply( schemaManager );
- }
+ hasEntryContext.getDn().apply( schemaManager );
- if ( modifyContext.getModItems() != null )
- {
- for ( Modification modification : modifyContext.getModItems() )
- {
- AttributeType attributeType = schemaManager.getAttributeType( modification.getAttribute().getId() );
- modification.apply( attributeType );
- }
- }
+ return next( hasEntryContext );
+ }
- next( modifyContext );
+
+ /**
+ * {@inheritDoc}
+ */
+ public EntryFilteringCursor list( ListOperationContext listContext ) throws LdapException
+ {
+ listContext.getDn().apply( schemaManager );
+
+ return next( listContext );
}
/**
* {@inheritDoc}
*/
- public void rename( RenameOperationContext renameContext ) throws LdapException
+ public Entry lookup( LookupOperationContext lookupContext ) throws LdapException
{
- // Normalize the new Rdn and the Dn if needed
+ lookupContext.getDn().apply( schemaManager );
- if ( !renameContext.getDn().isSchemaAware() )
+ List<String> attrIds = lookupContext.getAttrsId();
+
+ if ( ( attrIds != null ) && ( attrIds.size() > 0 ) )
{
- renameContext.getDn().apply( schemaManager );
+ // We have to normalize the requested IDs
+ lookupContext.setAttrsId( normalizeAttrsId( lookupContext.getAttrsIdArray() ) );
}
- renameContext.getNewRdn().apply( schemaManager );
+ return next( lookupContext );
+ }
- if ( !renameContext.getNewDn().isSchemaAware() )
+
+ /**
+ * {@inheritDoc}
+ */
+ public void modify( ModifyOperationContext modifyContext ) throws LdapException
+ {
+ if ( !modifyContext.getDn().isSchemaAware() )
{
- renameContext.getNewDn().apply( schemaManager );
+ modifyContext.getDn().apply( schemaManager );
}
- // Push to the next interceptor
- next( renameContext );
+ if ( modifyContext.getModItems() != null )
+ {
+ for ( Modification modification : modifyContext.getModItems() )
+ {
+ AttributeType attributeType = schemaManager.getAttributeType( modification.getAttribute().getId() );
+ modification.apply( attributeType );
+ }
+ }
+
+ next( modifyContext );
}
@@ -244,6 +304,30 @@ public class NormalizationInterceptor ex
/**
* {@inheritDoc}
*/
+ public void rename( RenameOperationContext renameContext ) throws LdapException
+ {
+ // Normalize the new Rdn and the Dn if needed
+
+ if ( !renameContext.getDn().isSchemaAware() )
+ {
+ renameContext.getDn().apply( schemaManager );
+ }
+
+ renameContext.getNewRdn().apply( schemaManager );
+
+ if ( !renameContext.getNewDn().isSchemaAware() )
+ {
+ renameContext.getNewDn().apply( schemaManager );
+ }
+
+ // Push to the next interceptor
+ next( renameContext );
+ }
+
+
+ /**
+ * {@inheritDoc}
+ */
public EntryFilteringCursor search( SearchOperationContext searchContext ) throws LdapException
{
Dn dn = searchContext.getDn();
@@ -282,28 +366,6 @@ public class NormalizationInterceptor ex
/**
* {@inheritDoc}
*/
- public boolean hasEntry( EntryOperationContext hasEntryContext ) throws LdapException
- {
- hasEntryContext.getDn().apply( schemaManager );
-
- return next( hasEntryContext );
- }
-
-
- /**
- * {@inheritDoc}
- */
- public EntryFilteringCursor list( ListOperationContext listContext ) throws LdapException
- {
- listContext.getDn().apply( schemaManager );
-
- return next( listContext );
- }
-
-
- /**
- * {@inheritDoc}
- */
private String[] normalizeAttrsId( String[] attrIds ) throws LdapException
{
if ( attrIds == null )
@@ -324,72 +386,10 @@ public class NormalizationInterceptor ex
}
- /**
- * {@inheritDoc}
- */
- public Entry lookup( LookupOperationContext lookupContext ) throws LdapException
- {
- lookupContext.getDn().apply( schemaManager );
-
- List<String> attrIds = lookupContext.getAttrsId();
-
- if ( ( attrIds != null ) && ( attrIds.size() > 0 ) )
- {
- // We have to normalize the requested IDs
- lookupContext.setAttrsId( normalizeAttrsId( lookupContext.getAttrsIdArray() ) );
- }
-
- return next( lookupContext );
- }
-
-
// ------------------------------------------------------------------------
// Normalize all Name based arguments for other interface operations
// ------------------------------------------------------------------------
/**
- * {@inheritDoc}
- */
- public boolean compare( CompareOperationContext compareContext ) throws LdapException
- {
- if ( !compareContext.getDn().isSchemaAware() )
- {
- compareContext.getDn().apply( schemaManager );
- }
-
- // Get the attributeType from the OID
- try
- {
- AttributeType attributeType = schemaManager.lookupAttributeTypeRegistry( compareContext.getOid() );
-
- // Translate the value from binary to String if the AT is HR
- if ( attributeType.getSyntax().isHumanReadable() && ( !compareContext.getValue().isHumanReadable() ) )
- {
- String value = compareContext.getValue().getString();
- compareContext.setValue( new StringValue( value ) );
- }
-
- compareContext.setAttributeType( attributeType );
- }
- catch ( LdapException le )
- {
- throw new LdapInvalidAttributeTypeException( I18n.err( I18n.ERR_266, compareContext.getOid() ) );
- }
-
- return next( compareContext );
- }
-
-
- /**
- * {@inheritDoc}
- */
- public void bind( BindOperationContext bindContext ) throws LdapException
- {
- bindContext.getDn().apply( schemaManager );
- next( bindContext );
- }
-
-
- /**
* Adds missing Rdn's attributes and values to the entry.
*
* @param dn the Dn
Modified: directory/apacheds/trunk/interceptors/operational/src/main/java/org/apache/directory/server/core/operational/OperationalAttributeInterceptor.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/interceptors/operational/src/main/java/org/apache/directory/server/core/operational/OperationalAttributeInterceptor.java?rev=1200870&r1=1200869&r2=1200870&view=diff
==============================================================================
--- directory/apacheds/trunk/interceptors/operational/src/main/java/org/apache/directory/server/core/operational/OperationalAttributeInterceptor.java (original)
+++ directory/apacheds/trunk/interceptors/operational/src/main/java/org/apache/directory/server/core/operational/OperationalAttributeInterceptor.java Fri Nov 11 13:15:39 2011
@@ -79,6 +79,16 @@ public class OperationalAttributeInterce
/** The LoggerFactory used by this Interceptor */
private static Logger LOG = LoggerFactory.getLogger( OperationalAttributeInterceptor.class );
+ private final EntryFilter DENORMALIZING_SEARCH_FILTER = new OperationalAttributeDenormalizingSearchFilter();
+
+ private final EntryFilter SEARCH_FILTER = new OperationalAttributeSearchFilter();
+
+ /** The subschemasubentry Dn */
+ private Dn subschemaSubentryDn;
+
+ /** The admin Dn */
+ private Dn adminDn;
+
/**
* the search result filter to use for collective attribute injection
*/
@@ -94,8 +104,7 @@ public class OperationalAttributeInterce
return filterDenormalized( entry );
}
}
-
- private final EntryFilter DENORMALIZING_SEARCH_FILTER = new OperationalAttributeDenormalizingSearchFilter();
+
/**
* the database search result filter to register with filter service
@@ -108,15 +117,8 @@ public class OperationalAttributeInterce
|| filterOperationalAttributes( entry );
}
}
-
- private final EntryFilter SEARCH_FILTER = new OperationalAttributeSearchFilter();
-
- /** The subschemasubentry Dn */
- private Dn subschemaSubentryDn;
-
- /** The admin Dn */
- private Dn adminDn;
-
+
+
/**
* Creates the operational attribute management service interceptor.
*/
@@ -179,6 +181,9 @@ public class OperationalAttributeInterce
* - entryCSN
* - entryUUID
*/
+ /**
+ * {@inheritDoc}
+ */
public void add( AddOperationContext addContext ) throws LdapException
{
String principal = getPrincipal( addContext ).getName();
@@ -234,6 +239,40 @@ public class OperationalAttributeInterce
/**
* {@inheritDoc}
*/
+ public EntryFilteringCursor list( ListOperationContext listContext ) throws LdapException
+ {
+ EntryFilteringCursor cursor = next( listContext );
+ cursor.addEntryFilter( SEARCH_FILTER );
+
+ return cursor;
+ }
+
+
+ /**
+ * {@inheritDoc}
+ */
+ public Entry lookup( LookupOperationContext lookupContext ) throws LdapException
+ {
+ Entry result = next( lookupContext );
+
+ if ( lookupContext.getAttrsId() == null )
+ {
+ filterOperationalAttributes( result );
+ }
+ else if ( !lookupContext.hasAllOperational() )
+ {
+ filter( lookupContext, result );
+ }
+
+ denormalizeEntryOpAttrs( result );
+
+ return result;
+ }
+
+
+ /**
+ * {@inheritDoc}
+ */
public void modify( ModifyOperationContext modifyContext ) throws LdapException
{
// We must check that the user hasn't injected either the modifiersName
@@ -343,22 +382,6 @@ public class OperationalAttributeInterce
}
- public void rename( RenameOperationContext renameContext ) throws LdapException
- {
- Entry entry = ( ( ClonedServerEntry ) renameContext.getEntry() ).getClonedEntry();
- entry.put( SchemaConstants.MODIFIERS_NAME_AT, getPrincipal( renameContext ).getName() );
- entry.put( SchemaConstants.MODIFY_TIMESTAMP_AT, DateUtils.getGeneralizedTime() );
-
- Entry modifiedEntry = renameContext.getOriginalEntry().clone();
- modifiedEntry.put( SchemaConstants.MODIFIERS_NAME_AT, getPrincipal( renameContext ).getName() );
- modifiedEntry.put( SchemaConstants.MODIFY_TIMESTAMP_AT, DateUtils.getGeneralizedTime() );
- //modifiedEntry.setDn( renameContext.getNewDn() );
- renameContext.setModifiedEntry( modifiedEntry );
-
- next( renameContext );
- }
-
-
/**
* {@inheritDoc}
*/
@@ -374,6 +397,9 @@ public class OperationalAttributeInterce
}
+ /**
+ * {@inheritDoc}
+ */
public void moveAndRename( MoveAndRenameOperationContext moveAndRenameContext ) throws LdapException
{
Entry modifiedEntry = moveAndRenameContext.getOriginalEntry().clone();
@@ -386,34 +412,28 @@ public class OperationalAttributeInterce
}
- public Entry lookup( LookupOperationContext lookupContext ) throws LdapException
+ /**
+ * {@inheritDoc}
+ */
+ public void rename( RenameOperationContext renameContext ) throws LdapException
{
- Entry result = next( lookupContext );
-
- if ( lookupContext.getAttrsId() == null )
- {
- filterOperationalAttributes( result );
- }
- else if ( !lookupContext.hasAllOperational() )
- {
- filter( lookupContext, result );
- }
-
- denormalizeEntryOpAttrs( result );
-
- return result;
- }
-
+ Entry entry = ( ( ClonedServerEntry ) renameContext.getEntry() ).getClonedEntry();
+ entry.put( SchemaConstants.MODIFIERS_NAME_AT, getPrincipal( renameContext ).getName() );
+ entry.put( SchemaConstants.MODIFY_TIMESTAMP_AT, DateUtils.getGeneralizedTime() );
- public EntryFilteringCursor list( ListOperationContext listContext ) throws LdapException
- {
- EntryFilteringCursor cursor = next( listContext );
- cursor.addEntryFilter( SEARCH_FILTER );
+ Entry modifiedEntry = renameContext.getOriginalEntry().clone();
+ modifiedEntry.put( SchemaConstants.MODIFIERS_NAME_AT, getPrincipal( renameContext ).getName() );
+ modifiedEntry.put( SchemaConstants.MODIFY_TIMESTAMP_AT, DateUtils.getGeneralizedTime() );
+ //modifiedEntry.setDn( renameContext.getNewDn() );
+ renameContext.setModifiedEntry( modifiedEntry );
- return cursor;
+ next( renameContext );
}
+ /**
+ * {@inheritDoc}
+ */
public EntryFilteringCursor search( SearchOperationContext searchContext ) throws LdapException
{
EntryFilteringCursor cursor = next( searchContext );
Modified: directory/apacheds/trunk/interceptors/referral/src/main/java/org/apache/directory/server/core/referral/ReferralInterceptor.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/interceptors/referral/src/main/java/org/apache/directory/server/core/referral/ReferralInterceptor.java?rev=1200870&r1=1200869&r2=1200870&view=diff
==============================================================================
--- directory/apacheds/trunk/interceptors/referral/src/main/java/org/apache/directory/server/core/referral/ReferralInterceptor.java (original)
+++ directory/apacheds/trunk/interceptors/referral/src/main/java/org/apache/directory/server/core/referral/ReferralInterceptor.java Fri Nov 11 13:15:39 2011
@@ -224,6 +224,9 @@ public class ReferralInterceptor extends
* entryAlreadyExists error.
*
*/
+ /**
+ * {@inheritDoc}
+ */
public void add( AddOperationContext addContext ) throws LdapException
{
Entry entry = addContext.getEntry();
@@ -260,6 +263,9 @@ public class ReferralInterceptor extends
*
* If the entry does not exist in the server, we will get a NoSuchObject error
*/
+ /**
+ * {@inheritDoc}
+ */
public void delete( DeleteOperationContext deleteContext ) throws LdapException
{
// First delete the entry into the server
@@ -283,6 +289,52 @@ public class ReferralInterceptor extends
/**
* {@inheritDoc}
+ */
+ public void modify( ModifyOperationContext modifyContext ) throws LdapException
+ {
+ Dn dn = modifyContext.getDn();
+
+ // handle a normal modify without following referrals
+ next( modifyContext );
+
+ // Check if we are trying to modify the schema or the rootDSE,
+ // if so, we don't modify the referralManager
+ if ( dn.isEmpty() || dn.equals( subschemaSubentryDn ) )
+ {
+ // Do nothing
+ return;
+ }
+
+ // Update the referralManager. We have to read the entry again
+ // as it has been modified, before updating the ReferralManager
+ // TODO: this can be spare, as we already have the altered entry
+ // into the opContext, but for an unknow reason, this will fail
+ // on eferral tests...
+ LookupOperationContext lookupContext = new LookupOperationContext( modifyContext.getSession(), dn );
+ lookupContext.setAttrsId( SchemaConstants.ALL_ATTRIBUTES_ARRAY );
+
+ Entry newEntry = nexus.lookup( lookupContext );
+
+ // Update the referralManager.
+ // Check that we have the entry, just in case
+ // TODO : entries should be locked until the operation is done on it.
+ if ( newEntry != null )
+ {
+ referralManager.lockWrite();
+
+ if ( referralManager.isReferral( newEntry.getDn() ) )
+ {
+ referralManager.removeReferral( modifyContext.getEntry() );
+ referralManager.addReferral( newEntry );
+ }
+
+ referralManager.unlock();
+ }
+ }
+
+
+ /**
+ * {@inheritDoc}
**/
public void move( MoveOperationContext moveContext ) throws LdapException
{
@@ -358,50 +410,4 @@ public class ReferralInterceptor extends
referralManager.unlock();
}
}
-
-
- /**
- * Modify an entry in the server.
- */
- public void modify( ModifyOperationContext modifyContext ) throws LdapException
- {
- Dn dn = modifyContext.getDn();
-
- // handle a normal modify without following referrals
- next( modifyContext );
-
- // Check if we are trying to modify the schema or the rootDSE,
- // if so, we don't modify the referralManager
- if ( dn.isEmpty() || dn.equals( subschemaSubentryDn ) )
- {
- // Do nothing
- return;
- }
-
- // Update the referralManager. We have to read the entry again
- // as it has been modified, before updating the ReferralManager
- // TODO: this can be spare, as we already have the altered entry
- // into the opContext, but for an unknow reason, this will fail
- // on eferral tests...
- LookupOperationContext lookupContext = new LookupOperationContext( modifyContext.getSession(), dn );
- lookupContext.setAttrsId( SchemaConstants.ALL_ATTRIBUTES_ARRAY );
-
- Entry newEntry = nexus.lookup( lookupContext );
-
- // Update the referralManager.
- // Check that we have the entry, just in case
- // TODO : entries should be locked until the operation is done on it.
- if ( newEntry != null )
- {
- referralManager.lockWrite();
-
- if ( referralManager.isReferral( newEntry.getDn() ) )
- {
- referralManager.removeReferral( modifyContext.getEntry() );
- referralManager.addReferral( newEntry );
- }
-
- referralManager.unlock();
- }
- }
}