You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by ak...@apache.org on 2005/10/24 08:57:02 UTC
svn commit: r327983 - in
/directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server: authz/
enumeration/ normalization/ schema/
Author: akarasulu
Date: Sun Oct 23 23:56:43 2005
New Revision: 327983
URL: http://svn.apache.org/viewcvs?rev=327983&view=rev
Log:
changes ...
o fixed NCNs with change to NCN interace which added isDefined(String)
o made sure caches are not maintained when AuthorizationService is not
enabled
o made GroupCache avoid flipping out if a member DN is not constructed
properly: info about this is logged
o made TupleCache avoid blowing a stack trace if an ACIItem is not
properly constructed: info about this is logged
JIRA Issues
o Satisfied DIREVE-274
o Associiated with DIRLDAP-65
Modified:
directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/authz/AuthorizationService.java
directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/authz/GroupCache.java
directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/authz/TupleCache.java
directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/enumeration/SearchResultFilteringEnumeration.java
directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/normalization/NormalizationService.java
directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/schema/ConcreteNameComponentNormalizer.java
Modified: directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/authz/AuthorizationService.java
URL: http://svn.apache.org/viewcvs/directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/authz/AuthorizationService.java?rev=327983&r1=327982&r2=327983&view=diff
==============================================================================
--- directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/authz/AuthorizationService.java (original)
+++ directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/authz/AuthorizationService.java Sun Oct 23 23:56:43 2005
@@ -323,7 +323,16 @@
// Access the principal requesting the operation, and bypass checks if it is the admin
Invocation invocation = InvocationStack.getInstance().peek();
LdapPrincipal user = ( ( ServerContext ) invocation.getCaller() ).getPrincipal();
- if ( user.getName().equalsIgnoreCase( DirectoryPartitionNexus.ADMIN_PRINCIPAL ) || ! enabled )
+
+ // bypass authz code if we are disabled
+ if ( ! enabled )
+ {
+ next.add( upName, normName, entry );
+ return;
+ }
+
+ // bypass authz code but manage caches if operation is performed by the admin
+ if ( user.getName().equalsIgnoreCase( DirectoryPartitionNexus.ADMIN_PRINCIPAL ) )
{
next.add( upName, normName, entry );
tupleCache.subentryAdded( upName, normName, entry );
@@ -384,7 +393,16 @@
DirectoryPartitionNexusProxy proxy = invocation.getProxy();
Attributes entry = proxy.lookup( name, DirectoryPartitionNexusProxy.LOOKUP_BYPASS );
LdapPrincipal user = ( ( ServerContext ) invocation.getCaller() ).getPrincipal();
- if ( user.getName().equalsIgnoreCase( DirectoryPartitionNexus.ADMIN_PRINCIPAL ) || ! enabled )
+
+ // bypass authz code if we are disabled
+ if ( ! enabled )
+ {
+ next.delete( name );
+ return;
+ }
+
+ // bypass authz code but manage caches if operation is performed by the admin
+ if ( user.getName().equalsIgnoreCase( DirectoryPartitionNexus.ADMIN_PRINCIPAL ) )
{
next.delete( name );
tupleCache.subentryDeleted( name, entry );
@@ -414,7 +432,16 @@
DirectoryPartitionNexusProxy proxy = invocation.getProxy();
Attributes entry = proxy.lookup( name, DirectoryPartitionNexusProxy.LOOKUP_BYPASS );
LdapPrincipal user = ( ( ServerContext ) invocation.getCaller() ).getPrincipal();
- if ( user.getName().equalsIgnoreCase( DirectoryPartitionNexus.ADMIN_PRINCIPAL ) || ! enabled )
+
+ // bypass authz code if we are disabled
+ if ( ! enabled )
+ {
+ next.modify( name, modOp, mods );
+ return;
+ }
+
+ // bypass authz code but manage caches if operation is performed by the admin
+ if ( user.getName().equalsIgnoreCase( DirectoryPartitionNexus.ADMIN_PRINCIPAL ) )
{
next.modify( name, modOp, mods );
tupleCache.subentryModified( name, modOp, mods, entry );
@@ -469,7 +496,16 @@
DirectoryPartitionNexusProxy proxy = invocation.getProxy();
Attributes entry = proxy.lookup( name, DirectoryPartitionNexusProxy.LOOKUP_BYPASS );
LdapPrincipal user = ( ( ServerContext ) invocation.getCaller() ).getPrincipal();
- if ( user.getName().equalsIgnoreCase( DirectoryPartitionNexus.ADMIN_PRINCIPAL ) || ! enabled )
+
+ // bypass authz code if we are disabled
+ if ( ! enabled )
+ {
+ next.modify( name, mods );
+ return;
+ }
+
+ // bypass authz code but manage caches if operation is performed by the admin
+ if ( user.getName().equalsIgnoreCase( DirectoryPartitionNexus.ADMIN_PRINCIPAL ) )
{
next.modify( name, mods );
tupleCache.subentryModified( name, mods, entry );
@@ -631,7 +667,17 @@
Name newName = ( Name ) name.clone();
newName.remove( name.size() - 1 );
newName.add( newRn );
- if ( user.getName().equalsIgnoreCase( DirectoryPartitionNexus.ADMIN_PRINCIPAL ) || ! enabled )
+
+
+ // bypass authz code if we are disabled
+ if ( ! enabled )
+ {
+ next.modifyRn( name, newRn, deleteOldRn );
+ return;
+ }
+
+ // bypass authz code but manage caches if operation is performed by the admin
+ if ( user.getName().equalsIgnoreCase( DirectoryPartitionNexus.ADMIN_PRINCIPAL ) )
{
next.modifyRn( name, newRn, deleteOldRn );
tupleCache.subentryRenamed( name, newName );
@@ -691,7 +737,16 @@
LdapPrincipal user = ( ( ServerContext ) invocation.getCaller() ).getPrincipal();
Name newName = ( Name ) newParentName.clone();
newName.add( newRn );
- if ( user.getName().equalsIgnoreCase( DirectoryPartitionNexus.ADMIN_PRINCIPAL ) || ! enabled )
+
+ // bypass authz code if we are disabled
+ if ( ! enabled )
+ {
+ next.move( oriChildName, newParentName, newRn, deleteOldRn );
+ return;
+ }
+
+ // bypass authz code but manage caches if operation is performed by the admin
+ if ( user.getName().equalsIgnoreCase( DirectoryPartitionNexus.ADMIN_PRINCIPAL ) )
{
next.move( oriChildName, newParentName, newRn, deleteOldRn );
tupleCache.subentryRenamed( oriChildName, newName );
@@ -757,7 +812,16 @@
Name newName = ( Name ) newParentName.clone();
newName.add( oriChildName.get( oriChildName.size() - 1 ) );
LdapPrincipal user = ( ( ServerContext ) invocation.getCaller() ).getPrincipal();
- if ( user.getName().equalsIgnoreCase( DirectoryPartitionNexus.ADMIN_PRINCIPAL ) || ! enabled )
+
+ // bypass authz code if we are disabled
+ if ( ! enabled )
+ {
+ next.move( oriChildName, newParentName );
+ return;
+ }
+
+ // bypass authz code but manage caches if operation is performed by the admin
+ if ( user.getName().equalsIgnoreCase( DirectoryPartitionNexus.ADMIN_PRINCIPAL ) )
{
next.move( oriChildName, newParentName );
tupleCache.subentryRenamed( oriChildName, newName );
Modified: directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/authz/GroupCache.java
URL: http://svn.apache.org/viewcvs/directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/authz/GroupCache.java?rev=327983&r1=327982&r2=327983&view=diff
==============================================================================
--- directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/authz/GroupCache.java (original)
+++ directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/authz/GroupCache.java Sun Oct 23 23:56:43 2005
@@ -174,7 +174,16 @@
{
// get and normalize the DN of the member
String memberDn = ( String ) members.get( ii );
- memberDn = parser.parse( memberDn ).toString();
+
+ try
+ {
+ memberDn = parser.parse( memberDn ).toString();
+ }
+ catch ( NamingException e )
+ {
+ log.warn( "Malformed member DN in groupOf[Unique]Names entry. Member not added to GroupCache.", e );
+ }
+
memberSet.add( memberDn );
}
}
@@ -193,7 +202,16 @@
{
// get and normalize the DN of the member
String memberDn = ( String ) members.get( ii );
- memberDn = parser.parse( memberDn ).toString();
+
+ try
+ {
+ memberDn = parser.parse( memberDn ).toString();
+ }
+ catch ( NamingException e )
+ {
+ log.warn( "Malformed member DN in groupOf[Unique]Names entry. Member not removed from GroupCache.", e );
+ }
+
memberSet.remove( memberDn );
}
}
@@ -360,7 +378,16 @@
*/
public Set getGroups( String member ) throws NamingException
{
- member = parser.parse( member ).toString();
+ try
+ {
+ member = parser.parse( member ).toString();
+ }
+ catch ( NamingException e )
+ {
+ log.warn( "Malformed member DN. Could not find groups for member in GroupCache. Returning empty set for groups!", e );
+ return Collections.EMPTY_SET;
+ }
+
Set memberGroups = null;
Iterator list = groups.keySet().iterator();
Modified: directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/authz/TupleCache.java
URL: http://svn.apache.org/viewcvs/directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/authz/TupleCache.java?rev=327983&r1=327982&r2=327983&view=diff
==============================================================================
--- directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/authz/TupleCache.java (original)
+++ directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/authz/TupleCache.java Sun Oct 23 23:56:43 2005
@@ -160,9 +160,8 @@
}
catch ( ParseException e )
{
- String msg = "ACIItem parser failure on '"+item+"': " + e.getMessage();
- log.error( msg, e );
- throw new LdapInvalidAttributeValueException( msg, ResultCodeEnum.INVALIDATTRIBUTESYNTAX );
+ String msg = "ACIItem parser failure on '"+item+"'. Cannnot add ACITuples to TupleCache.";
+ log.warn( msg, e );
}
entryTuples.addAll( item.toTuples() );
Modified: directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/enumeration/SearchResultFilteringEnumeration.java
URL: http://svn.apache.org/viewcvs/directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/enumeration/SearchResultFilteringEnumeration.java?rev=327983&r1=327982&r2=327983&view=diff
==============================================================================
--- directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/enumeration/SearchResultFilteringEnumeration.java (original)
+++ directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/enumeration/SearchResultFilteringEnumeration.java Sun Oct 23 23:56:43 2005
@@ -23,6 +23,7 @@
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
+import javax.naming.Context;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
Modified: directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/normalization/NormalizationService.java
URL: http://svn.apache.org/viewcvs/directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/normalization/NormalizationService.java?rev=327983&r1=327982&r2=327983&view=diff
==============================================================================
--- directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/normalization/NormalizationService.java (original)
+++ directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/normalization/NormalizationService.java Sun Oct 23 23:56:43 2005
@@ -285,7 +285,6 @@
public String normalizeByName( String name, String value ) throws NamingException
{
AttributeType type = registry.lookup( name );
-
return ( String ) type.getEquality().getNormalizer().normalize( value );
}
@@ -293,8 +292,13 @@
public String normalizeByOid( String oid, String value ) throws NamingException
{
AttributeType type = registry.lookup( oid );
-
return ( String ) type.getEquality().getNormalizer().normalize( value );
+ }
+
+
+ public boolean isDefined( String id )
+ {
+ return this.registry.hasAttributeType( id );
}
}
}
Modified: directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/schema/ConcreteNameComponentNormalizer.java
URL: http://svn.apache.org/viewcvs/directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/schema/ConcreteNameComponentNormalizer.java?rev=327983&r1=327982&r2=327983&view=diff
==============================================================================
--- directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/schema/ConcreteNameComponentNormalizer.java (original)
+++ directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/schema/ConcreteNameComponentNormalizer.java Sun Oct 23 23:56:43 2005
@@ -85,4 +85,13 @@
AttributeType type = registry.lookup( id );
return type.getEquality().getNormalizer();
}
+
+
+ /**
+ * @see NameComponentNormalizer#isDefined(String)
+ */
+ public boolean isDefined( String id )
+ {
+ return registry.hasAttributeType( id );
+ }
}