You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by el...@apache.org on 2011/10/17 14:51:02 UTC
svn commit: r1185134 [1/2] - in /directory/apacheds/trunk:
core-api/src/main/java/org/apache/directory/server/core/api/
core-api/src/main/java/org/apache/directory/server/core/api/event/
core-api/src/main/java/org/apache/directory/server/core/api/subtr...
Author: elecharny
Date: Mon Oct 17 12:51:01 2011
New Revision: 1185134
URL: http://svn.apache.org/viewvc?rev=1185134&view=rev
Log:
o Decoupling completely all the interceptors : none is actually depending on another one.
Added:
directory/apacheds/trunk/core-api/src/main/java/org/apache/directory/server/core/api/event/ExpressionEvaluator.java
directory/apacheds/trunk/core-api/src/main/java/org/apache/directory/server/core/api/event/LeafEvaluator.java
directory/apacheds/trunk/core-api/src/main/java/org/apache/directory/server/core/api/event/ScopeEvaluator.java
directory/apacheds/trunk/core-api/src/main/java/org/apache/directory/server/core/api/event/SubstringEvaluator.java
directory/apacheds/trunk/core-api/src/main/java/org/apache/directory/server/core/api/subtree/
directory/apacheds/trunk/core-api/src/main/java/org/apache/directory/server/core/api/subtree/Subentry.java
directory/apacheds/trunk/core-api/src/main/java/org/apache/directory/server/core/api/subtree/SubentryCache.java
directory/apacheds/trunk/core-api/src/main/java/org/apache/directory/server/core/api/subtree/SubtreeEvaluator.java
directory/apacheds/trunk/core-shared/src/main/java/org/apache/directory/server/core/shared/subtree/
directory/apacheds/trunk/core-shared/src/main/java/org/apache/directory/server/core/shared/subtree/RefinementEvaluator.java
directory/apacheds/trunk/core-shared/src/main/java/org/apache/directory/server/core/shared/subtree/RefinementLeafEvaluator.java
directory/apacheds/trunk/core-shared/src/main/java/org/apache/directory/server/core/shared/subtree/SubentryUtils.java
Removed:
directory/apacheds/trunk/core-api/src/main/java/org/apache/directory/server/core/schema/
directory/apacheds/trunk/core-shared/src/main/java/org/apache/directory/server/core/shared/event/ExpressionEvaluator.java
directory/apacheds/trunk/core-shared/src/main/java/org/apache/directory/server/core/shared/event/LeafEvaluator.java
directory/apacheds/trunk/interceptors/subtree/src/main/java/org/apache/directory/server/core/subtree/RefinementEvaluator.java
directory/apacheds/trunk/interceptors/subtree/src/main/java/org/apache/directory/server/core/subtree/RefinementLeafEvaluator.java
directory/apacheds/trunk/interceptors/subtree/src/main/java/org/apache/directory/server/core/subtree/Subentry.java
directory/apacheds/trunk/interceptors/subtree/src/main/java/org/apache/directory/server/core/subtree/SubentryCache.java
directory/apacheds/trunk/interceptors/subtree/src/main/java/org/apache/directory/server/core/subtree/SubtreeEvaluator.java
Modified:
directory/apacheds/trunk/core-api/src/main/java/org/apache/directory/server/core/api/DirectoryService.java
directory/apacheds/trunk/core-api/src/test/java/org/apache/directory/server/core/api/MockDirectoryService.java
directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/DefaultDirectoryService.java
directory/apacheds/trunk/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/AuthenticationInterceptor.java
directory/apacheds/trunk/interceptors/authz/pom.xml
directory/apacheds/trunk/interceptors/authz/src/main/java/org/apache/directory/server/core/authz/AciAuthorizationInterceptor.java
directory/apacheds/trunk/interceptors/authz/src/main/java/org/apache/directory/server/core/authz/support/ACDFEngine.java
directory/apacheds/trunk/interceptors/authz/src/main/java/org/apache/directory/server/core/authz/support/RelatedProtectedItemFilter.java
directory/apacheds/trunk/interceptors/authz/src/main/java/org/apache/directory/server/core/authz/support/RelatedUserClassFilter.java
directory/apacheds/trunk/interceptors/authz/src/test/java/org/apache/directory/server/core/authz/support/RelatedProtectedItemFilterTest.java
directory/apacheds/trunk/interceptors/authz/src/test/java/org/apache/directory/server/core/authz/support/RelatedUserClassFilterTest.java
directory/apacheds/trunk/interceptors/event/src/main/java/org/apache/directory/server/core/event/EventInterceptor.java
directory/apacheds/trunk/interceptors/subtree/src/main/java/org/apache/directory/server/core/subtree/SubentryInterceptor.java
directory/apacheds/trunk/interceptors/subtree/src/test/java/org/apache/directory/server/core/subtree/RefinementEvaluatorTest.java
directory/apacheds/trunk/interceptors/subtree/src/test/java/org/apache/directory/server/core/subtree/RefinementLeafEvaluatorTest.java
directory/apacheds/trunk/interceptors/subtree/src/test/java/org/apache/directory/server/core/subtree/SubtreeEvaluatorTest.java
directory/apacheds/trunk/interceptors/trigger/pom.xml
directory/apacheds/trunk/interceptors/trigger/src/main/java/org/apache/directory/server/core/trigger/TriggerInterceptor.java
Modified: directory/apacheds/trunk/core-api/src/main/java/org/apache/directory/server/core/api/DirectoryService.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/core-api/src/main/java/org/apache/directory/server/core/api/DirectoryService.java?rev=1185134&r1=1185133&r2=1185134&view=diff
==============================================================================
--- directory/apacheds/trunk/core-api/src/main/java/org/apache/directory/server/core/api/DirectoryService.java (original)
+++ directory/apacheds/trunk/core-api/src/main/java/org/apache/directory/server/core/api/DirectoryService.java Mon Oct 17 12:51:01 2011
@@ -37,6 +37,8 @@ import org.apache.directory.server.core.
import org.apache.directory.server.core.api.partition.Partition;
import org.apache.directory.server.core.api.partition.PartitionNexus;
import org.apache.directory.server.core.api.schema.SchemaPartition;
+import org.apache.directory.server.core.api.subtree.SubentryCache;
+import org.apache.directory.server.core.api.subtree.SubtreeEvaluator;
import org.apache.directory.shared.ldap.codec.api.LdapApiService;
import org.apache.directory.shared.ldap.model.csn.Csn;
import org.apache.directory.shared.ldap.model.entry.Entry;
@@ -186,6 +188,16 @@ public interface DirectoryService extend
CoreSession getAdminSession();
+ /**
+ * @return Returns the hash mapping the Dn of a subentry to its SubtreeSpecification/types
+ **/
+ SubentryCache getSubentryCache();
+
+ /**
+ * @return Returns the subentry evaluator
+ */
+ SubtreeEvaluator getEvaluator();
+
/**
* Gets a logical session to perform operations on this DirectoryService
* as the anonymous user. This bypasses authentication without
Added: directory/apacheds/trunk/core-api/src/main/java/org/apache/directory/server/core/api/event/ExpressionEvaluator.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/core-api/src/main/java/org/apache/directory/server/core/api/event/ExpressionEvaluator.java?rev=1185134&view=auto
==============================================================================
--- directory/apacheds/trunk/core-api/src/main/java/org/apache/directory/server/core/api/event/ExpressionEvaluator.java (added)
+++ directory/apacheds/trunk/core-api/src/main/java/org/apache/directory/server/core/api/event/ExpressionEvaluator.java Mon Oct 17 12:51:01 2011
@@ -0,0 +1,145 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.directory.server.core.api.event;
+
+
+import org.apache.directory.server.core.api.event.Evaluator;
+import org.apache.directory.server.i18n.I18n;
+import org.apache.directory.shared.ldap.model.entry.Entry;
+import org.apache.directory.shared.ldap.model.exception.LdapException;
+import org.apache.directory.shared.ldap.model.exception.LdapInvalidSearchFilterException;
+import org.apache.directory.shared.ldap.model.filter.AndNode;
+import org.apache.directory.shared.ldap.model.filter.BranchNode;
+import org.apache.directory.shared.ldap.model.filter.ExprNode;
+import org.apache.directory.shared.ldap.model.filter.NotNode;
+import org.apache.directory.shared.ldap.model.filter.OrNode;
+import org.apache.directory.shared.ldap.model.name.Dn;
+import org.apache.directory.shared.ldap.model.schema.SchemaManager;
+
+
+
+/**
+ * Top level filter expression evaluator implementation.
+ *
+ * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
+ */
+public class ExpressionEvaluator implements Evaluator
+{
+ /** Leaf Evaluator flyweight use for leaf filter assertions */
+ private LeafEvaluator leafEvaluator;
+
+
+ // ------------------------------------------------------------------------
+ // C O N S T R U C T O R S
+ // ------------------------------------------------------------------------
+ /**
+ * Creates a top level Evaluator where leaves are delegated to a leaf node
+ * evaluator which is already provided.
+ *
+ * @param leafEvaluator handles leaf node evaluation.
+ */
+ public ExpressionEvaluator( LeafEvaluator leafEvaluator )
+ {
+ this.leafEvaluator = leafEvaluator;
+ }
+
+
+ /**
+ * Creates a top level Evaluator where leaves are delegated to a leaf node
+ * evaluator which will be created.
+ *
+ * @param schemaManager The server schemaManager
+ */
+ public ExpressionEvaluator( SchemaManager schemaManager )
+ {
+ SubstringEvaluator substringEvaluator = null;
+ substringEvaluator = new SubstringEvaluator();
+// leafEvaluator = new LeafEvaluator( schemaManager, substringEvaluator );
+ leafEvaluator = new LeafEvaluator( substringEvaluator );
+ }
+
+
+ /**
+ * Gets the leaf evaluator used by this top level expression evaluator.
+ *
+ * @return the leaf evaluator used by this top level expression evaluator
+ */
+ public LeafEvaluator getLeafEvaluator()
+ {
+ return leafEvaluator;
+ }
+
+
+ // ------------------------------------------------------------------------
+ // Evaluator.evaluate() implementation
+ // ------------------------------------------------------------------------
+ /**
+ * {@inheritDoc}
+ */
+ public boolean evaluate( ExprNode node, Dn dn, Entry entry ) throws LdapException
+ {
+ if ( node.isLeaf() )
+ {
+ return leafEvaluator.evaluate( node, dn, entry );
+ }
+
+ BranchNode bnode = ( BranchNode ) node;
+
+ if ( bnode instanceof OrNode )
+ {
+ for ( ExprNode child: bnode.getChildren() )
+ {
+ if ( evaluate( child, dn, entry ) )
+ {
+ return true;
+ }
+ }
+
+ return false;
+ }
+ else if ( bnode instanceof AndNode)
+ {
+ for ( ExprNode child: bnode.getChildren() )
+ {
+ boolean res = evaluate( child, dn, entry );
+
+ if ( !res )
+ {
+ return false;
+ }
+ }
+
+ return true;
+ }
+ else if ( bnode instanceof NotNode)
+ {
+ if ( null != bnode.getFirstChild() )
+ {
+ return !evaluate( bnode.getFirstChild(), dn, entry );
+ }
+
+ throw new LdapInvalidSearchFilterException( I18n.err( I18n.ERR_243, node ) );
+ }
+ else
+ {
+ throw new LdapInvalidSearchFilterException( I18n.err( I18n.ERR_244, bnode ) );
+ }
+ }
+}
Added: directory/apacheds/trunk/core-api/src/main/java/org/apache/directory/server/core/api/event/LeafEvaluator.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/core-api/src/main/java/org/apache/directory/server/core/api/event/LeafEvaluator.java?rev=1185134&view=auto
==============================================================================
--- directory/apacheds/trunk/core-api/src/main/java/org/apache/directory/server/core/api/event/LeafEvaluator.java (added)
+++ directory/apacheds/trunk/core-api/src/main/java/org/apache/directory/server/core/api/event/LeafEvaluator.java Mon Oct 17 12:51:01 2011
@@ -0,0 +1,392 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.directory.server.core.api.event;
+
+
+import java.util.Comparator;
+
+import org.apache.directory.server.core.api.event.Evaluator;
+import org.apache.directory.server.i18n.I18n;
+import org.apache.directory.shared.ldap.model.entry.Attribute;
+import org.apache.directory.shared.ldap.model.entry.Entry;
+import org.apache.directory.shared.ldap.model.entry.Value;
+import org.apache.directory.shared.ldap.model.exception.LdapException;
+import org.apache.directory.shared.ldap.model.exception.LdapInvalidSearchFilterException;
+import org.apache.directory.shared.ldap.model.filter.ApproximateNode;
+import org.apache.directory.shared.ldap.model.filter.EqualityNode;
+import org.apache.directory.shared.ldap.model.filter.ExprNode;
+import org.apache.directory.shared.ldap.model.filter.ExtensibleNode;
+import org.apache.directory.shared.ldap.model.filter.GreaterEqNode;
+import org.apache.directory.shared.ldap.model.filter.LessEqNode;
+import org.apache.directory.shared.ldap.model.filter.PresenceNode;
+import org.apache.directory.shared.ldap.model.filter.ScopeNode;
+import org.apache.directory.shared.ldap.model.filter.SimpleNode;
+import org.apache.directory.shared.ldap.model.filter.SubstringNode;
+import org.apache.directory.shared.ldap.model.name.Dn;
+import org.apache.directory.shared.ldap.model.schema.AttributeType;
+import org.apache.directory.shared.ldap.model.schema.LdapComparator;
+import org.apache.directory.shared.ldap.model.schema.MatchingRule;
+import org.apache.directory.shared.ldap.model.schema.Normalizer;
+import org.apache.directory.shared.util.exception.NotImplementedException;
+
+
+/**
+ * Evaluates LeafNode assertions on candidates using a database.
+ *
+ * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
+ */
+public class LeafEvaluator implements Evaluator
+{
+ /** equality matching type constant */
+ private static final int EQUALITY_MATCH = 0;
+
+ /** ordering matching type constant */
+ private static final int ORDERING_MATCH = 1;
+
+ /** substring matching type constant */
+ private static final int SUBSTRING_MATCH = 3;
+
+// /** SchemaManager needed for normalizing and comparing values */
+// private SchemaManager schemaManager;
+
+ /** Substring node evaluator we depend on */
+ private SubstringEvaluator substringEvaluator;
+
+ /** ScopeNode evaluator we depend on */
+ private ScopeEvaluator scopeEvaluator;
+
+ /** Constants used for comparisons */
+ private static final boolean COMPARE_GREATER = true;
+ private static final boolean COMPARE_LESSER = false;
+
+
+ /**
+ * Creates a leaf expression node evaluator.
+ *
+ * @param schemaManager The server schemaManager
+ */
+ public LeafEvaluator( SubstringEvaluator substringEvaluator )
+ {
+ this.scopeEvaluator = new ScopeEvaluator();
+ this.substringEvaluator = substringEvaluator;
+ }
+
+
+// /**
+// * Creates a leaf expression node evaluator.
+// *
+// * @param schemaManager The server schemaManager
+// */
+// public LeafEvaluator( SchemaManager schemaManager,
+// SubstringEvaluator substringEvaluator )
+// {
+// this.schemaManager = schemaManager;
+// this.scopeEvaluator = new ScopeEvaluator();
+// this.substringEvaluator = substringEvaluator;
+// }
+
+
+ public ScopeEvaluator getScopeEvaluator()
+ {
+ return scopeEvaluator;
+ }
+
+
+ public SubstringEvaluator getSubstringEvaluator()
+ {
+ return substringEvaluator;
+ }
+
+
+ /**
+ * {@inheritDoc}
+ */
+ public boolean evaluate( ExprNode node, Dn dn, Entry entry ) throws LdapException
+ {
+ if ( node instanceof ScopeNode )
+ {
+ return scopeEvaluator.evaluate( node, dn, entry );
+ }
+
+ if ( node instanceof PresenceNode )
+ {
+ return evalPresence( ( ( PresenceNode ) node ).getAttributeType(), entry );
+ }
+ else if ( ( node instanceof EqualityNode ) || ( node instanceof ApproximateNode ) )
+ {
+ return evalEquality( ( EqualityNode<?> ) node, entry );
+ }
+ else if ( node instanceof GreaterEqNode )
+ {
+ return evalGreaterOrLesser( ( GreaterEqNode<?> ) node, entry, COMPARE_GREATER );
+ }
+ else if ( node instanceof LessEqNode)
+ {
+ return evalGreaterOrLesser( ( LessEqNode<?> ) node, entry, COMPARE_LESSER );
+ }
+ else if ( node instanceof SubstringNode )
+ {
+ return substringEvaluator.evaluate( node, dn, entry );
+ }
+ else if ( node instanceof ExtensibleNode )
+ {
+ throw new NotImplementedException();
+ }
+ else
+ {
+ throw new LdapInvalidSearchFilterException( I18n.err( I18n.ERR_245, node ) );
+ }
+ }
+
+
+ /**
+ * Evaluates a simple greater than or less than attribute value assertion on
+ * a perspective candidate.
+ *
+ * @param node the greater than or less than node to evaluate
+ * @param entry the perspective candidate
+ * @param isGreater true if it is a greater than or equal to comparison,
+ * false if it is a less than or equal to comparison.
+ * @return the ava evaluation on the perspective candidate
+ * @throws LdapException if there is a database access failure
+ */
+ @SuppressWarnings("unchecked")
+ private boolean evalGreaterOrLesser( SimpleNode<?> node, Entry entry, boolean isGreaterOrLesser )
+ throws LdapException
+ {
+ AttributeType attributeType = node.getAttributeType();
+
+ // get the attribute associated with the node
+ Attribute attr = entry.get( node.getAttribute() );
+
+ // If we do not have the attribute just return false
+ if ( null == attr )
+ {
+ return false;
+ }
+
+ /*
+ * We need to iterate through all values and for each value we normalize
+ * and use the comparator to determine if a match exists.
+ */
+ Normalizer normalizer = getNormalizer( attributeType );
+ Comparator comparator = getComparator( attributeType );
+ Object filterValue = normalizer.normalize( node.getValue() );
+
+ /*
+ * Cheaper to not check isGreater in one loop - better to separate
+ * out into two loops which you choose to execute based on isGreater
+ */
+ if ( isGreaterOrLesser == COMPARE_GREATER )
+ {
+ for ( Value<?> value : attr )
+ {
+ Object normValue = normalizer.normalize( value );
+
+ // Found a value that is greater than or equal to the ava value
+ if ( comparator.compare( normValue, filterValue ) >= 0 )
+ {
+ return true;
+ }
+ }
+ }
+ else
+ {
+ for ( Value<?> value : attr )
+ {
+ Object normValue = normalizer.normalize( value );
+
+ // Found a value that is less than or equal to the ava value
+ if ( comparator.compare( normValue, filterValue ) <= 0 )
+ {
+ return true;
+ }
+ }
+ }
+
+ // no match so return false
+ return false;
+ }
+
+
+ /**
+ * Evaluates a simple presence attribute value assertion on a perspective
+ * candidate.
+ *
+ * @param attrId the name of the attribute tested for presence
+ * @param entry the perspective candidate
+ * @return the ava evaluation on the perspective candidate
+ */
+ private boolean evalPresence( AttributeType attributeType, Entry entry ) throws LdapException
+ {
+ if ( entry == null )
+ {
+ return false;
+ }
+
+ return null != entry.get( attributeType );
+ }
+
+
+ /**
+ * Evaluates a simple equality attribute value assertion on a perspective
+ * candidate.
+ *
+ * @param node the equality node to evaluate
+ * @param entry the perspective candidate
+ * @return the ava evaluation on the perspective candidate
+ * @throws org.apache.directory.shared.ldap.model.exception.LdapException if there is a database access failure
+ */
+ @SuppressWarnings("unchecked")
+ private boolean evalEquality( EqualityNode<?> node, Entry entry ) throws LdapException
+ {
+ Normalizer normalizer = getNormalizer( node.getAttributeType() );
+ Comparator comparator = getComparator( node.getAttributeType() );
+
+ // get the attribute associated with the node
+ Attribute attr = entry.get( node.getAttribute() );
+
+ // If we do not have the attribute just return false
+ if ( null == attr )
+ {
+ return false;
+ }
+
+ // check if Ava value exists in attribute
+ AttributeType attributeType = node.getAttributeType();
+ Value<?> value = null;
+
+ if ( attributeType.getSyntax().isHumanReadable() )
+ {
+ if ( node.getValue().isHumanReadable() )
+ {
+ value = node.getValue();
+ }
+ else
+ {
+ value = new org.apache.directory.shared.ldap.model.entry.StringValue( node.getValue().getString() );
+ }
+ }
+ else
+ {
+ value = node.getValue();
+ }
+
+ if ( attr.contains( value ) )
+ {
+ return true;
+ }
+
+ // get the normalized Ava filter value
+ Value<?> filterValue = normalizer.normalize( value );
+
+ // check if the normalized value is present
+ if ( attr.contains( filterValue ) )
+ {
+ return true;
+ }
+
+ /*
+ * We need to now iterate through all values because we could not get
+ * a lookup to work. For each value we normalize and use the comparator
+ * to determine if a match exists.
+ */
+ for ( Value<?> val : attr )
+ {
+ Value<?> normValue = normalizer.normalize( val );
+
+ if ( 0 == comparator.compare( normValue.getValue(), filterValue.getValue() ) )
+ {
+ return true;
+ }
+ }
+
+ // no match so return false
+ return false;
+ }
+
+
+ /**
+ * Gets the comparator for equality matching.
+ *
+ * @param attributeType the attributeType
+ * @return the comparator for equality matching
+ * @throws LdapException if there is a failure
+ */
+ private LdapComparator<? super Object> getComparator( AttributeType attributeType ) throws LdapException
+ {
+ MatchingRule mrule = getMatchingRule( attributeType, EQUALITY_MATCH );
+
+ return mrule.getLdapComparator();
+ }
+
+
+ /**
+ * Gets the normalizer for equality matching.
+ *
+ * @param attributeType the attributeType
+ * @return the normalizer for equality matching
+ * @throws LdapException if there is a failure
+ */
+ private Normalizer getNormalizer( AttributeType attributeType ) throws LdapException
+ {
+ MatchingRule mrule = getMatchingRule( attributeType, EQUALITY_MATCH );
+
+ return mrule.getNormalizer();
+ }
+
+
+ /**
+ * Gets the matching rule for an attributeType.
+ *
+ * @param attributeType the attributeType
+ * @return the matching rule
+ * @throws LdapException if there is a failure
+ */
+ private MatchingRule getMatchingRule( AttributeType attributeType, int matchType ) throws LdapException
+ {
+ MatchingRule mrule = null;
+
+ switch ( matchType )
+ {
+ case ( EQUALITY_MATCH ):
+ mrule = attributeType.getEquality();
+ break;
+
+ case ( SUBSTRING_MATCH ):
+ mrule = attributeType.getSubstring();
+ break;
+
+ case ( ORDERING_MATCH ):
+ mrule = attributeType.getOrdering();
+ break;
+
+ default:
+ throw new LdapException( I18n.err( I18n.ERR_246, matchType ) );
+ }
+
+ if ( ( mrule == null ) && ( matchType != EQUALITY_MATCH ) )
+ {
+ mrule = attributeType.getEquality();
+ }
+
+ return mrule;
+ }
+}
Added: directory/apacheds/trunk/core-api/src/main/java/org/apache/directory/server/core/api/event/ScopeEvaluator.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/core-api/src/main/java/org/apache/directory/server/core/api/event/ScopeEvaluator.java?rev=1185134&view=auto
==============================================================================
--- directory/apacheds/trunk/core-api/src/main/java/org/apache/directory/server/core/api/event/ScopeEvaluator.java (added)
+++ directory/apacheds/trunk/core-api/src/main/java/org/apache/directory/server/core/api/event/ScopeEvaluator.java Mon Oct 17 12:51:01 2011
@@ -0,0 +1,70 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.directory.server.core.api.event;
+
+
+import org.apache.directory.server.core.api.event.Evaluator;
+import org.apache.directory.server.i18n.I18n;
+import org.apache.directory.shared.ldap.model.entry.Entry;
+import org.apache.directory.shared.ldap.model.exception.LdapException;
+import org.apache.directory.shared.ldap.model.exception.LdapInvalidSearchFilterException;
+import org.apache.directory.shared.ldap.model.filter.ExprNode;
+import org.apache.directory.shared.ldap.model.filter.ScopeNode;
+import org.apache.directory.shared.ldap.model.name.Dn;
+
+
+/**
+ * Evaluates ScopeNode assertions on candidates.
+ *
+ * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
+ */
+public class ScopeEvaluator implements Evaluator
+{
+ public ScopeEvaluator()
+ {
+ }
+
+
+ /**
+ * {@inheritDoc}
+ */
+ public boolean evaluate( ExprNode node, Dn dn, Entry record ) throws LdapException
+ {
+ ScopeNode snode = ( ScopeNode ) node;
+
+ switch ( snode.getScope() )
+ {
+ case OBJECT:
+ return dn.equals( snode.getBaseDn() );
+
+ case ONELEVEL:
+ if ( dn.isDescendantOf( snode.getBaseDn() ) )
+ {
+ return ( snode.getBaseDn().size() + 1 ) == dn.size();
+ }
+
+ case SUBTREE:
+ return dn.isDescendantOf( snode.getBaseDn() );
+
+ default:
+ throw new LdapInvalidSearchFilterException( I18n.err( I18n.ERR_247 ) );
+ }
+ }
+}
Added: directory/apacheds/trunk/core-api/src/main/java/org/apache/directory/server/core/api/event/SubstringEvaluator.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/core-api/src/main/java/org/apache/directory/server/core/api/event/SubstringEvaluator.java?rev=1185134&view=auto
==============================================================================
--- directory/apacheds/trunk/core-api/src/main/java/org/apache/directory/server/core/api/event/SubstringEvaluator.java (added)
+++ directory/apacheds/trunk/core-api/src/main/java/org/apache/directory/server/core/api/event/SubstringEvaluator.java Mon Oct 17 12:51:01 2011
@@ -0,0 +1,117 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.directory.server.core.api.event;
+
+
+import java.util.regex.Pattern;
+import java.util.regex.PatternSyntaxException;
+
+import org.apache.directory.server.core.api.event.Evaluator;
+import org.apache.directory.server.i18n.I18n;
+import org.apache.directory.shared.ldap.model.entry.Entry;
+import org.apache.directory.shared.ldap.model.entry.Attribute;
+import org.apache.directory.shared.ldap.model.entry.Value;
+import org.apache.directory.shared.ldap.model.exception.LdapException;
+import org.apache.directory.shared.ldap.model.exception.LdapInvalidSearchFilterException;
+import org.apache.directory.shared.ldap.model.filter.ExprNode;
+import org.apache.directory.shared.ldap.model.filter.SubstringNode;
+import org.apache.directory.shared.ldap.model.name.Dn;
+import org.apache.directory.shared.ldap.model.schema.AttributeType;
+import org.apache.directory.shared.ldap.model.schema.MatchingRule;
+import org.apache.directory.shared.ldap.model.schema.Normalizer;
+
+
+/**
+ * Evaluates substring filter assertions on an entry.
+ *
+ * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
+ */
+public class SubstringEvaluator implements Evaluator
+{
+ /**
+ * Creates a new SubstringEvaluator for substring expressions.
+ */
+ public SubstringEvaluator()
+ {
+ }
+
+
+ /**
+ * {@inheritDoc}
+ */
+ public boolean evaluate( ExprNode node, Dn dn, Entry entry ) throws LdapException
+ {
+ Pattern regex = null;
+ SubstringNode snode = (SubstringNode)node;
+ AttributeType attributeType = snode.getAttributeType();
+ MatchingRule matchingRule = attributeType.getSubstring();
+
+ if ( matchingRule == null )
+ {
+ matchingRule = attributeType.getEquality();
+ }
+
+ Normalizer normalizer = matchingRule.getNormalizer();
+
+
+ // get the attribute
+ Attribute attr = entry.get( snode.getAttribute() );
+
+ // if the attribute does not exist just return false
+ if ( null == attr )
+ {
+ return false;
+ }
+
+ // compile the regular expression to search for a matching attribute
+ try
+ {
+ regex = snode.getRegex( normalizer );
+ }
+ catch ( PatternSyntaxException pse )
+ {
+ LdapInvalidSearchFilterException ne = new LdapInvalidSearchFilterException( I18n.err( I18n.ERR_248, node ) );
+ ne.initCause( pse );
+ throw ne;
+ }
+
+ /*
+ * Cycle through the attribute values testing normalized version
+ * obtained from using the substring matching rule's normalizer.
+ * The test uses the comparator obtained from the appropriate
+ * substring matching rule.
+ */
+
+ for ( Value<?> value: attr )
+ {
+ String normValue = normalizer.normalize( value.getString() );
+
+ // Once match is found cleanup and return true
+
+ if ( regex.matcher( normValue ).matches() )
+ {
+ return true;
+ }
+ }
+
+ // we fell through so a match was not found - assertion was false.
+ return false;
+ }
+}
Added: directory/apacheds/trunk/core-api/src/main/java/org/apache/directory/server/core/api/subtree/Subentry.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/core-api/src/main/java/org/apache/directory/server/core/api/subtree/Subentry.java?rev=1185134&view=auto
==============================================================================
--- directory/apacheds/trunk/core-api/src/main/java/org/apache/directory/server/core/api/subtree/Subentry.java (added)
+++ directory/apacheds/trunk/core-api/src/main/java/org/apache/directory/server/core/api/subtree/Subentry.java Mon Oct 17 12:51:01 2011
@@ -0,0 +1,129 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.directory.server.core.api.subtree;
+
+
+import java.util.Set;
+
+import org.apache.directory.shared.ldap.model.subtree.AdministrativeRole;
+import org.apache.directory.shared.ldap.model.subtree.SubtreeSpecification;
+
+
+/**
+ * An operational view of a subentry within the system. A Subentry can have
+ * many types (Collective, Schema, AccessControl or Trigger) but only one
+ * Subtree Specification.
+ *
+ * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
+ */
+public class Subentry
+{
+ /** The Subtree Specification associated with this subentry */
+ private SubtreeSpecification ss;
+
+ /** The administratives roles */
+ private Set<AdministrativeRole> administrativeRoles;
+
+
+ /**
+ * Stores the subtree
+ *
+ * @param ss The subtree specification
+ */
+ public final void setSubtreeSpecification( SubtreeSpecification ss )
+ {
+ this.ss = ss;
+ }
+
+
+ /**
+ * @return The subtree specification
+ */
+ public final SubtreeSpecification getSubtreeSpecification()
+ {
+ return ss;
+ }
+
+
+ /**
+ *
+ * TODO setAdministrativeRoles.
+ *
+ * @param administrativeRoles
+ */
+ public final void setAdministrativeRoles( Set<AdministrativeRole> administrativeRoles )
+ {
+ this.administrativeRoles = administrativeRoles;
+ }
+
+
+ public final Set<AdministrativeRole> getAdministrativeRoles()
+ {
+ return administrativeRoles;
+ }
+
+
+ /**
+ * Tells if the type contains the Collective attribute Administrative Role
+ */
+ public final boolean isCollectiveAdminRole()
+ {
+ return administrativeRoles.contains( AdministrativeRole.CollectiveAttributeInnerArea ) ||
+ administrativeRoles.contains( AdministrativeRole.CollectiveAttributeSpecificArea );
+ }
+
+
+ /**
+ * Tells if the type contains the SubSchema Administrative Role
+ */
+ public final boolean isSchemaAdminRole()
+ {
+ return administrativeRoles.contains( AdministrativeRole.SubSchemaSpecificArea );
+ }
+
+
+ /**
+ * Tells if the type contains the Access Control Administrative Role
+ */
+ public final boolean isAccessControlAdminRole()
+ {
+ return administrativeRoles.contains( AdministrativeRole.AccessControlSpecificArea ) ||
+ administrativeRoles.contains( AdministrativeRole.AccessControlInnerArea );
+ }
+
+
+ /**
+ * Tells if the type contains the Triggers Administrative Role
+ */
+ public final boolean isTriggersAdminRole()
+ {
+ return administrativeRoles.contains( AdministrativeRole.TriggerExecutionSpecificArea ) ||
+ administrativeRoles.contains( AdministrativeRole.TriggerExecutionInnerArea );
+ }
+
+
+ /**
+ * @see Object#toString()
+ */
+ public String toString()
+ {
+ return "Subentry[" + administrativeRoles + ", " + ss + "]";
+ }
+}
Added: directory/apacheds/trunk/core-api/src/main/java/org/apache/directory/server/core/api/subtree/SubentryCache.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/core-api/src/main/java/org/apache/directory/server/core/api/subtree/SubentryCache.java?rev=1185134&view=auto
==============================================================================
--- directory/apacheds/trunk/core-api/src/main/java/org/apache/directory/server/core/api/subtree/SubentryCache.java (added)
+++ directory/apacheds/trunk/core-api/src/main/java/org/apache/directory/server/core/api/subtree/SubentryCache.java Mon Oct 17 12:51:01 2011
@@ -0,0 +1,159 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.directory.server.core.api.subtree;
+
+
+import java.util.Iterator;
+import java.util.Map;
+import java.util.concurrent.ConcurrentHashMap;
+import java.util.concurrent.atomic.AtomicInteger;
+
+import org.apache.directory.shared.ldap.model.name.Dn;
+
+
+/**
+ * A cache for subtree specifications. It associates a Subentry with a Dn,
+ * representing its position in the DIT.<br>
+ * This cache has a size limit set to 1000 at the moment. We should add a configuration
+ * parameter to manage its size.
+ *
+ * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
+ */
+public class SubentryCache implements Iterable<Dn>
+{
+ /** The default cache size limit */
+ private static final int DEFAULT_CACHE_MAX_SIZE = 1000;
+
+ /** The cache size limit */
+ private int cacheMaxSize = DEFAULT_CACHE_MAX_SIZE;
+
+ /** The current cache size */
+ private AtomicInteger cacheSize;
+
+ /** The Subentry cache */
+ private final Map<Dn, Subentry> cache;
+
+ /**
+ * Creates a new instance of SubentryCache with a default maximum size.
+ */
+ public SubentryCache()
+ {
+ cache = new ConcurrentHashMap<Dn, Subentry>();
+ cacheSize = new AtomicInteger( 0 );
+ }
+
+
+ /**
+ * Creates a new instance of SubentryCache with a specific maximum size.
+ */
+ public SubentryCache( int maxSize )
+ {
+ cache = new ConcurrentHashMap<Dn, Subentry>();
+ cacheSize = new AtomicInteger( 0 );
+ cacheMaxSize = maxSize;
+ }
+
+
+ /**
+ * Retrieve a Subentry given a Dn. If there is none, null will be returned.
+ *
+ * @param dn The Dn we want to get the Subentry for
+ * @return The found Subentry, or null
+ */
+ public final Subentry getSubentry( Dn dn )
+ {
+ return cache.get( dn );
+ }
+
+
+ /**
+ * Remove a Subentry for a given Dn
+ *
+ * @param dn The Dn for which we want to remove the
+ * associated Subentry
+ * @return The removed Subentry, if any
+ */
+ public final Subentry removeSubentry( Dn dn )
+ {
+ Subentry oldSubentry = cache.remove( dn );
+
+ if ( oldSubentry != null )
+ {
+ cacheSize.decrementAndGet();
+ }
+
+ return oldSubentry;
+ }
+
+
+ /**
+ * Stores a new Subentry into the cache, associated with a Dn
+ *
+ * @param dn The Subentry Dn
+ * @param ss The SubtreeSpecification
+ * @param adminRoles The administrative roles for this Subentry
+ * @return The old Subentry, if any
+ */
+ public Subentry addSubentry( Dn dn, Subentry subentry )
+ {
+ if ( cacheSize.get() > cacheMaxSize )
+ {
+ // TODO : Throw an exception here
+ }
+
+ Subentry oldSubentry = cache.put( dn, subentry );
+
+ if ( oldSubentry == null )
+ {
+ cacheSize.getAndIncrement();
+ }
+
+ return oldSubentry;
+ }
+
+
+ /**
+ * Tells if there is a Subentry associated with a Dn
+ * @param dn The Dn
+ * @return True if a Subentry is found
+ */
+ public boolean hasSubentry( Dn dn )
+ {
+ return cache.containsKey( dn );
+ }
+
+
+ /**
+ * @return An Iterator over the Subentry's DNs
+ */
+ public Iterator<Dn> iterator()
+ {
+ return cache.keySet().iterator();
+ }
+
+
+ /**
+ * @return The number of elements in the cache
+ */
+ public int getCacheSize()
+ {
+ return cacheSize.get();
+ }
+}
Added: directory/apacheds/trunk/core-api/src/main/java/org/apache/directory/server/core/api/subtree/SubtreeEvaluator.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/core-api/src/main/java/org/apache/directory/server/core/api/subtree/SubtreeEvaluator.java?rev=1185134&view=auto
==============================================================================
--- directory/apacheds/trunk/core-api/src/main/java/org/apache/directory/server/core/api/subtree/SubtreeEvaluator.java (added)
+++ directory/apacheds/trunk/core-api/src/main/java/org/apache/directory/server/core/api/subtree/SubtreeEvaluator.java Mon Oct 17 12:51:01 2011
@@ -0,0 +1,160 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.directory.server.core.api.subtree;
+
+
+import org.apache.directory.server.core.api.event.Evaluator;
+import org.apache.directory.server.core.api.event.ExpressionEvaluator;
+import org.apache.directory.shared.ldap.model.entry.Entry;
+import org.apache.directory.shared.ldap.model.exception.LdapException;
+import org.apache.directory.shared.ldap.model.name.Dn;
+import org.apache.directory.shared.ldap.model.schema.SchemaManager;
+import org.apache.directory.shared.ldap.model.subtree.SubtreeSpecification;
+
+
+/**
+ * An evaluator used to determine if an entry is included in the collection
+ * represented by a subtree specification.
+ *
+ * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
+ */
+public class SubtreeEvaluator
+{
+ /** A refinement filter evaluator */
+ private final Evaluator evaluator;
+
+
+ /**
+ * Creates a subtreeSpecification evaluatior which can be used to determine
+ * if an entry is included within the collection of a subtree.
+ *
+ * @param schemaManager The server schemaManager
+ */
+ public SubtreeEvaluator( SchemaManager schemaManager )
+ {
+ evaluator = new ExpressionEvaluator( schemaManager );
+ }
+
+
+ /**
+ * Determines if an entry is selected by a subtree specification.
+ *
+ * @param subtree the subtree specification
+ * @param apDn the distinguished name of the administrative point containing the subentry
+ * @param entryDn the distinguished name of the candidate entry
+ * @return true if the entry is selected by the specification, false if it is not
+ * @throws LdapException if errors are encountered while evaluating selection
+ */
+ public boolean evaluate( SubtreeSpecification subtree, Dn apDn, Dn entryDn, Entry entry )
+ throws LdapException
+ {
+ /* =====================================================================
+ * NOTE: Regarding the overall approach, we try to narrow down the
+ * possibilities by slowly pruning relative names off of the entryDn.
+ * For example we check first if the entry is a descendant of the AP.
+ * If so we use the relative name thereafter to calculate if it is
+ * a descendant of the base. This means shorter names to compare and
+ * less work to do while we continue to deduce inclusion by the subtree
+ * specification.
+ * =====================================================================
+ */
+ // First construct the subtree base, which is the concatenation of the
+ // AP Dn and the subentry base
+ Dn subentryBaseDn = apDn;
+ subentryBaseDn = subentryBaseDn.add( subtree.getBase() );
+
+ String s = subentryBaseDn.toString();
+
+ if ( !entryDn.isDescendantOf( subentryBaseDn ) )
+ {
+ // The entry Dn is not part of the subtree specification, get out
+ return false;
+ }
+
+ /*
+ * Evaluate based on minimum and maximum chop values. Here we simply
+ * need to compare the distances respectively with the size of the
+ * baseRelativeRdn. For the max distance entries with a baseRelativeRdn
+ * size greater than the max distance are rejected. For the min distance
+ * entries with a baseRelativeRdn size less than the minimum distance
+ * are rejected.
+ */
+ int entryRelativeDnSize = entryDn.size() - subentryBaseDn.size();
+
+ if ( ( subtree.getMaxBaseDistance() != SubtreeSpecification.UNBOUNDED_MAX ) &&
+ ( entryRelativeDnSize > subtree.getMaxBaseDistance() ) )
+ {
+ return false;
+ }
+
+ if ( ( subtree.getMinBaseDistance() > 0 ) && ( entryRelativeDnSize < subtree.getMinBaseDistance() ) )
+ {
+ return false;
+ }
+
+ /*
+ * For specific exclusions we must iterate through the set and check
+ * if the baseRelativeRdn is a descendant of the exclusion. The
+ * isDescendant() function will return true if the compared names
+ * are equal so for chopAfter exclusions we must check for equality
+ * as well and reject if the relative names are equal.
+ */
+ // Now, get the entry's relative part
+
+ if ( ( subtree.getChopBeforeExclusions().size() != 0 ) ||
+ ( subtree.getChopAfterExclusions().size() != 0 ) )
+ {
+ Dn entryRelativeDn = entryDn.getDescendantOf( apDn ).getDescendantOf( subtree.getBase() );
+
+ for ( Dn chopBeforeDn : subtree.getChopBeforeExclusions() )
+ {
+ if ( entryRelativeDn.isDescendantOf( chopBeforeDn ) )
+ {
+ return false;
+ }
+ }
+
+ for ( Dn chopAfterDn : subtree.getChopAfterExclusions() )
+ {
+ if ( entryRelativeDn.isDescendantOf( chopAfterDn ) && !chopAfterDn.equals( entryRelativeDn ) )
+ {
+ return false;
+ }
+ }
+ }
+
+ /*
+ * The last remaining step is to check and see if the refinement filter
+ * selects the entry candidate based on objectClass attribute values.
+ * To do this we invoke the refinement evaluator members evaluate() method.
+ */
+ if ( subtree.getRefinement() != null )
+ {
+ return evaluator.evaluate( subtree.getRefinement(), entryDn, entry );
+ }
+
+ /*
+ * If nothing has rejected the candidate entry and there is no refinement
+ * filter then the entry is included in the collection represented by the
+ * subtree specification so we return true.
+ */
+ return true;
+ }
+}
Modified: directory/apacheds/trunk/core-api/src/test/java/org/apache/directory/server/core/api/MockDirectoryService.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/core-api/src/test/java/org/apache/directory/server/core/api/MockDirectoryService.java?rev=1185134&r1=1185133&r2=1185134&view=diff
==============================================================================
--- directory/apacheds/trunk/core-api/src/test/java/org/apache/directory/server/core/api/MockDirectoryService.java (original)
+++ directory/apacheds/trunk/core-api/src/test/java/org/apache/directory/server/core/api/MockDirectoryService.java Mon Oct 17 12:51:01 2011
@@ -47,6 +47,8 @@ import org.apache.directory.server.core.
import org.apache.directory.server.core.api.partition.Partition;
import org.apache.directory.server.core.api.partition.PartitionNexus;
import org.apache.directory.server.core.api.schema.SchemaPartition;
+import org.apache.directory.server.core.api.subtree.SubentryCache;
+import org.apache.directory.server.core.api.subtree.SubtreeEvaluator;
import org.apache.directory.shared.ldap.codec.api.LdapApiService;
import org.apache.directory.shared.ldap.model.csn.Csn;
import org.apache.directory.shared.ldap.model.entry.Entry;
@@ -560,4 +562,20 @@ public class MockDirectoryService implem
{
return null;
}
+
+
+ @Override
+ public SubentryCache getSubentryCache()
+ {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+
+ @Override
+ public SubtreeEvaluator getEvaluator()
+ {
+ // TODO Auto-generated method stub
+ return null;
+ }
}
Added: directory/apacheds/trunk/core-shared/src/main/java/org/apache/directory/server/core/shared/subtree/RefinementEvaluator.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/core-shared/src/main/java/org/apache/directory/server/core/shared/subtree/RefinementEvaluator.java?rev=1185134&view=auto
==============================================================================
--- directory/apacheds/trunk/core-shared/src/main/java/org/apache/directory/server/core/shared/subtree/RefinementEvaluator.java (added)
+++ directory/apacheds/trunk/core-shared/src/main/java/org/apache/directory/server/core/shared/subtree/RefinementEvaluator.java Mon Oct 17 12:51:01 2011
@@ -0,0 +1,120 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.directory.server.core.shared.subtree;
+
+
+import org.apache.directory.server.i18n.I18n;
+import org.apache.directory.shared.ldap.model.constants.SchemaConstants;
+import org.apache.directory.shared.ldap.model.entry.Attribute;
+import org.apache.directory.shared.ldap.model.exception.LdapException;
+import org.apache.directory.shared.ldap.model.filter.AndNode;
+import org.apache.directory.shared.ldap.model.filter.BranchNode;
+import org.apache.directory.shared.ldap.model.filter.ExprNode;
+import org.apache.directory.shared.ldap.model.filter.NotNode;
+import org.apache.directory.shared.ldap.model.filter.OrNode;
+import org.apache.directory.shared.ldap.model.filter.SimpleNode;
+
+
+/**
+ * The top level evaluation node for a refinement.
+ *
+ * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
+ */
+public class RefinementEvaluator
+{
+ /** Leaf Evaluator flyweight use for leaf filter assertions */
+ private RefinementLeafEvaluator leafEvaluator;
+
+
+ // ------------------------------------------------------------------------
+ // C O N S T R U C T O R S
+ // ------------------------------------------------------------------------
+
+ public RefinementEvaluator(RefinementLeafEvaluator leafEvaluator)
+ {
+ this.leafEvaluator = leafEvaluator;
+ }
+
+
+ public boolean evaluate( ExprNode node, Attribute objectClasses ) throws LdapException
+ {
+ if ( node == null )
+ {
+ throw new IllegalArgumentException( I18n.err( I18n.ERR_295 ) );
+ }
+
+ if ( objectClasses == null )
+ {
+ throw new IllegalArgumentException( I18n.err( I18n.ERR_296 ) );
+ }
+
+ if ( !( SchemaConstants.OBJECT_CLASS_AT_OID.equals( objectClasses.getAttributeType().getOid() ) ) )
+ {
+ throw new IllegalArgumentException( I18n.err( I18n.ERR_297 ) );
+ }
+
+ if ( node.isLeaf() )
+ {
+ return leafEvaluator.evaluate( ( SimpleNode ) node, objectClasses );
+ }
+
+ BranchNode bnode = (BranchNode) node;
+
+ if ( node instanceof OrNode )
+ {
+ for ( ExprNode child:bnode.getChildren() )
+ {
+ if ( evaluate( child, objectClasses ) )
+ {
+ return true;
+ }
+ }
+
+ return false;
+ }
+ else if ( node instanceof AndNode )
+ {
+ for ( ExprNode child:bnode.getChildren() )
+ {
+ if ( !evaluate( child, objectClasses ) )
+ {
+ return false;
+ }
+ }
+
+ return true;
+
+ }
+ else if ( node instanceof NotNode )
+ {
+ if ( null != bnode.getFirstChild() )
+ {
+ return !evaluate( bnode.getFirstChild(), objectClasses );
+ }
+
+ throw new IllegalArgumentException( I18n.err( I18n.ERR_243, node ) );
+
+ }
+ else
+ {
+ throw new IllegalArgumentException( I18n.err( I18n.ERR_244, bnode ) );
+ }
+ }
+}
Added: directory/apacheds/trunk/core-shared/src/main/java/org/apache/directory/server/core/shared/subtree/RefinementLeafEvaluator.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/core-shared/src/main/java/org/apache/directory/server/core/shared/subtree/RefinementLeafEvaluator.java?rev=1185134&view=auto
==============================================================================
--- directory/apacheds/trunk/core-shared/src/main/java/org/apache/directory/server/core/shared/subtree/RefinementLeafEvaluator.java (added)
+++ directory/apacheds/trunk/core-shared/src/main/java/org/apache/directory/server/core/shared/subtree/RefinementLeafEvaluator.java Mon Oct 17 12:51:01 2011
@@ -0,0 +1,136 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.directory.server.core.shared.subtree;
+
+
+import java.util.Iterator;
+
+import org.apache.directory.server.i18n.I18n;
+import org.apache.directory.shared.ldap.model.constants.SchemaConstants;
+import org.apache.directory.shared.ldap.model.entry.Attribute;
+import org.apache.directory.shared.ldap.model.exception.LdapException;
+import org.apache.directory.shared.ldap.model.filter.EqualityNode;
+import org.apache.directory.shared.ldap.model.filter.SimpleNode;
+import org.apache.directory.shared.ldap.model.schema.AttributeType;
+import org.apache.directory.shared.ldap.model.schema.SchemaManager;
+
+
+/**
+ * A refinement leaf node evaluator. This evaluator checks to see if the
+ * objectClass attribute of a candidate entry is matched by a leaf node in
+ * a refinement filter expression tree.
+ *
+ * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
+ */
+public class RefinementLeafEvaluator
+{
+ /** A SchemaManager instance */
+ private final SchemaManager schemaManager;
+
+ /** A storage for the ObjectClass attributeType */
+ private AttributeType OBJECT_CLASS_AT;
+
+
+ /**
+ * Creates a refinement filter's leaf node evaluator.
+ *
+ * @param schemaManager The server schemaManager
+ */
+ public RefinementLeafEvaluator( SchemaManager schemaManager)
+ {
+ this.schemaManager = schemaManager;
+ OBJECT_CLASS_AT = schemaManager.getAttributeType( SchemaConstants.OBJECT_CLASS_AT );
+ }
+
+
+ /**
+ * Evaluates whether or not a simple leaf node of a refinement filter selects an
+ * entry based on the entry's objectClass attribute values.
+ *
+ * @param node the leaf node of the refinement filter
+ * @param objectClasses the objectClass attribute's values
+ * @return true if the leaf node selects the entry based on objectClass values, false
+ * if it rejects the entry
+ * @throws LdapException
+ */
+ public boolean evaluate( SimpleNode node, Attribute objectClasses ) throws LdapException
+ {
+ if ( node == null )
+ {
+ throw new IllegalArgumentException( I18n.err( I18n.ERR_295 ) );
+ }
+
+ if ( !( node instanceof EqualityNode) )
+ {
+ throw new LdapException( I18n.err( I18n.ERR_301, node ) );
+ }
+
+ if ( node.isSchemaAware() )
+ {
+ if ( !node.getAttributeType().equals( OBJECT_CLASS_AT ) )
+ {
+ throw new IllegalArgumentException( I18n.err( I18n.ERR_302, node.getAttribute() ) );
+ }
+ }
+ else if ( !node.getAttribute().equalsIgnoreCase( SchemaConstants.OBJECT_CLASS_AT ) &&
+ !node.getAttribute().equalsIgnoreCase( SchemaConstants.OBJECT_CLASS_AT_OID ) )
+ {
+ throw new IllegalArgumentException( I18n.err( I18n.ERR_302, node.getAttribute() ) );
+ }
+
+
+ if ( null == objectClasses )
+ {
+ throw new IllegalArgumentException( I18n.err( I18n.ERR_303 ) );
+ }
+
+ if ( !( objectClasses.isInstanceOf( OBJECT_CLASS_AT ) ) )
+ {
+ throw new IllegalArgumentException( I18n.err( I18n.ERR_304 ) );
+ }
+
+ // check if Ava value exists in attribute
+ // If the filter value for the objectClass is an OID we need to resolve a name
+ String value = node.getValue().getString();
+
+ if ( objectClasses.contains( value ) )
+ {
+ return true;
+ }
+
+ if ( Character.isDigit( value.charAt( 0 ) ) )
+ {
+ Iterator<String> list = schemaManager.getGlobalOidRegistry().getNameSet( value ).iterator();
+
+ while ( list.hasNext() )
+ {
+ String objectClass = list.next();
+
+ if ( objectClasses.contains( objectClass ) )
+ {
+ return true;
+ }
+ }
+ }
+
+ // no match so return false
+ return false;
+ }
+}
Added: directory/apacheds/trunk/core-shared/src/main/java/org/apache/directory/server/core/shared/subtree/SubentryUtils.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/core-shared/src/main/java/org/apache/directory/server/core/shared/subtree/SubentryUtils.java?rev=1185134&view=auto
==============================================================================
--- directory/apacheds/trunk/core-shared/src/main/java/org/apache/directory/server/core/shared/subtree/SubentryUtils.java (added)
+++ directory/apacheds/trunk/core-shared/src/main/java/org/apache/directory/server/core/shared/subtree/SubentryUtils.java Mon Oct 17 12:51:01 2011
@@ -0,0 +1,144 @@
+package org.apache.directory.server.core.shared.subtree;
+
+import org.apache.directory.server.core.api.DirectoryService;
+import org.apache.directory.server.core.api.subtree.Subentry;
+import org.apache.directory.server.core.api.subtree.SubentryCache;
+import org.apache.directory.server.core.api.subtree.SubtreeEvaluator;
+import org.apache.directory.shared.ldap.model.constants.SchemaConstants;
+import org.apache.directory.shared.ldap.model.entry.Attribute;
+import org.apache.directory.shared.ldap.model.entry.DefaultAttribute;
+import org.apache.directory.shared.ldap.model.entry.DefaultEntry;
+import org.apache.directory.shared.ldap.model.entry.Entry;
+import org.apache.directory.shared.ldap.model.exception.LdapException;
+import org.apache.directory.shared.ldap.model.name.Dn;
+import org.apache.directory.shared.ldap.model.schema.AttributeType;
+import org.apache.directory.shared.ldap.model.schema.SchemaManager;
+import org.apache.directory.shared.ldap.model.subtree.SubtreeSpecification;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+public class SubentryUtils
+{
+ /** The logger for this class */
+ private static final Logger LOG = LoggerFactory.getLogger( SubentryUtils.class );
+
+ /** A reference to the DirectoryService instance */
+ protected DirectoryService directoryService;
+
+ /** A reference to the SchemaManager instance */
+ protected SchemaManager schemaManager;
+
+ /** The AccessControlSubentries AttributeType */
+ protected static AttributeType ACCESS_CONTROL_SUBENTRIES_AT;
+
+ /** The CollectiveAttributeSubentries AttributeType */
+ protected static AttributeType COLLECTIVE_ATTRIBUTE_SUBENTRIES_AT;
+
+ /** A reference to the AccessControlSubentries AT */
+ protected static AttributeType SUBSCHEMA_SUBENTRY_AT;
+
+ /** A reference to the TriggerExecutionSubentries AT */
+ protected static AttributeType TRIGGER_EXECUTION_SUBENTRIES_AT;
+
+ public SubentryUtils( DirectoryService directoryService )
+ {
+ this.directoryService = directoryService;
+ this.schemaManager = directoryService.getSchemaManager();
+
+ // Init the At we use locally
+ ACCESS_CONTROL_SUBENTRIES_AT = schemaManager.getAttributeType( SchemaConstants.ACCESS_CONTROL_SUBENTRIES_AT );
+ COLLECTIVE_ATTRIBUTE_SUBENTRIES_AT = schemaManager
+ .getAttributeType( SchemaConstants.COLLECTIVE_ATTRIBUTE_SUBENTRIES_AT );
+ SUBSCHEMA_SUBENTRY_AT = schemaManager.getAttributeType( SchemaConstants.SUBSCHEMA_SUBENTRY_AT );
+ TRIGGER_EXECUTION_SUBENTRIES_AT = schemaManager
+ .getAttributeType( SchemaConstants.TRIGGER_EXECUTION_SUBENTRIES_AT );
+ }
+
+
+ //-------------------------------------------------------------------------------------------
+ // Shared method
+ //-------------------------------------------------------------------------------------------
+ /**
+ * Evaluates the set of subentry subtrees upon an entry and returns the
+ * operational subentry attributes that will be added to the entry if
+ * added at the dn specified.
+ *
+ * @param dn the normalized distinguished name of the entry
+ * @param entryAttrs the entry attributes are generated for
+ * @return the set of subentry op attrs for an entry
+ * @throws Exception if there are problems accessing entry information
+ */
+ public Entry getSubentryAttributes( Dn dn, Entry entryAttrs ) throws LdapException
+ {
+ Entry subentryAttrs = new DefaultEntry( schemaManager, dn );
+
+ SubentryCache subentryCache = directoryService.getSubentryCache();
+ SubtreeEvaluator evaluator = directoryService.getEvaluator();
+
+ for ( Dn subentryDn : subentryCache )
+ {
+ Dn apDn = subentryDn.getParent();
+ Subentry subentry = subentryCache.getSubentry( subentryDn );
+ SubtreeSpecification ss = subentry.getSubtreeSpecification();
+
+ if ( evaluator.evaluate( ss, apDn, dn, entryAttrs ) )
+ {
+ Attribute operational;
+
+ if ( subentry.isAccessControlAdminRole() )
+ {
+ operational = subentryAttrs.get( ACCESS_CONTROL_SUBENTRIES_AT );
+
+ if ( operational == null )
+ {
+ operational = new DefaultAttribute( ACCESS_CONTROL_SUBENTRIES_AT );
+ subentryAttrs.put( operational );
+ }
+
+ operational.add( subentryDn.getNormName() );
+ }
+
+ if ( subentry.isSchemaAdminRole() )
+ {
+ operational = subentryAttrs.get( SUBSCHEMA_SUBENTRY_AT );
+
+ if ( operational == null )
+ {
+ operational = new DefaultAttribute( SUBSCHEMA_SUBENTRY_AT );
+ subentryAttrs.put( operational );
+ }
+
+ operational.add( subentryDn.getNormName() );
+ }
+
+ if ( subentry.isCollectiveAdminRole() )
+ {
+ operational = subentryAttrs.get( COLLECTIVE_ATTRIBUTE_SUBENTRIES_AT );
+
+ if ( operational == null )
+ {
+ operational = new DefaultAttribute( COLLECTIVE_ATTRIBUTE_SUBENTRIES_AT );
+ subentryAttrs.put( operational );
+ }
+
+ operational.add( subentryDn.getNormName() );
+ }
+
+ if ( subentry.isTriggersAdminRole() )
+ {
+ operational = subentryAttrs.get( TRIGGER_EXECUTION_SUBENTRIES_AT );
+
+ if ( operational == null )
+ {
+ operational = new DefaultAttribute( TRIGGER_EXECUTION_SUBENTRIES_AT );
+ subentryAttrs.put( operational );
+ }
+
+ operational.add( subentryDn.getNormName() );
+ }
+ }
+ }
+
+ return subentryAttrs;
+ }
+}
Modified: directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/DefaultDirectoryService.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/DefaultDirectoryService.java?rev=1185134&r1=1185133&r2=1185134&view=diff
==============================================================================
--- directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/DefaultDirectoryService.java (original)
+++ directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/DefaultDirectoryService.java Mon Oct 17 12:51:01 2011
@@ -66,6 +66,8 @@ import org.apache.directory.server.core.
import org.apache.directory.server.core.api.partition.Partition;
import org.apache.directory.server.core.api.partition.PartitionNexus;
import org.apache.directory.server.core.api.schema.SchemaPartition;
+import org.apache.directory.server.core.api.subtree.SubentryCache;
+import org.apache.directory.server.core.api.subtree.SubtreeEvaluator;
import org.apache.directory.server.core.authn.AuthenticationInterceptor;
import org.apache.directory.server.core.authn.ppolicy.PpolicyConfigContainer;
import org.apache.directory.server.core.authz.AciAuthorizationInterceptor;
@@ -272,6 +274,12 @@ public class DefaultDirectoryService imp
/** The Dn factory */
private DnFactory dnFactory;
+
+ /** The Subentry cache */
+ SubentryCache subentryCache = new SubentryCache();
+
+ /** The Subtree evaluator instance */
+ private SubtreeEvaluator evaluator;
/**
* The synchronizer thread. It flush data on disk periodically.
@@ -331,6 +339,7 @@ public class DefaultDirectoryService imp
journal = new DefaultJournal();
syncPeriodMillis = DEFAULT_SYNC_PERIOD;
csnFactory = new CsnFactory( replicaId );
+ evaluator = new SubtreeEvaluator( schemaManager );
}
@@ -1960,4 +1969,23 @@ public class DefaultDirectoryService imp
{
return dnFactory;
}
+
+
+ /**
+ * {@inheritDoc}
+ */
+ public SubentryCache getSubentryCache()
+ {
+ return subentryCache;
+ }
+
+
+ /**
+ * {@inheritDoc}
+ */
+ public SubtreeEvaluator getEvaluator()
+ {
+ return evaluator;
+ }
+
}
\ No newline at end of file
Modified: directory/apacheds/trunk/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/AuthenticationInterceptor.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/AuthenticationInterceptor.java?rev=1185134&r1=1185133&r2=1185134&view=diff
==============================================================================
--- directory/apacheds/trunk/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/AuthenticationInterceptor.java (original)
+++ directory/apacheds/trunk/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/AuthenticationInterceptor.java Mon Oct 17 12:51:01 2011
@@ -24,7 +24,6 @@ import static org.apache.directory.share
import static org.apache.directory.shared.ldap.extras.controls.ppolicy.PasswordPolicyErrorEnum.PASSWORD_TOO_SHORT;
import static org.apache.directory.shared.ldap.model.constants.PasswordPolicySchemaConstants.PWD_ACCOUNT_LOCKED_TIME_AT;
import static org.apache.directory.shared.ldap.model.constants.PasswordPolicySchemaConstants.PWD_CHANGED_TIME_AT;
-import static org.apache.directory.shared.ldap.model.constants.PasswordPolicySchemaConstants.PWD_EXPIRE_WARNING_AT;
import static org.apache.directory.shared.ldap.model.constants.PasswordPolicySchemaConstants.PWD_FAILURE_TIME_AT;
import static org.apache.directory.shared.ldap.model.constants.PasswordPolicySchemaConstants.PWD_GRACE_USE_TIME_AT;
import static org.apache.directory.shared.ldap.model.constants.PasswordPolicySchemaConstants.PWD_HISTORY_AT;
@@ -43,7 +42,6 @@ import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
-import java.util.TreeSet;
import org.apache.directory.server.core.shared.DefaultCoreSession;
import org.apache.directory.server.core.api.CoreSession;
Modified: directory/apacheds/trunk/interceptors/authz/pom.xml
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/interceptors/authz/pom.xml?rev=1185134&r1=1185133&r2=1185134&view=diff
==============================================================================
--- directory/apacheds/trunk/interceptors/authz/pom.xml (original)
+++ directory/apacheds/trunk/interceptors/authz/pom.xml Mon Oct 17 12:51:01 2011
@@ -65,11 +65,6 @@
</dependency>
<dependency>
- <groupId>${project.groupId}</groupId>
- <artifactId>apacheds-interceptors-subtree</artifactId>
- </dependency>
-
- <dependency>
<groupId>commons-collections</groupId>
<artifactId>commons-collections</artifactId>
</dependency>
Modified: directory/apacheds/trunk/interceptors/authz/src/main/java/org/apache/directory/server/core/authz/AciAuthorizationInterceptor.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/interceptors/authz/src/main/java/org/apache/directory/server/core/authz/AciAuthorizationInterceptor.java?rev=1185134&r1=1185133&r2=1185134&view=diff
==============================================================================
--- directory/apacheds/trunk/interceptors/authz/src/main/java/org/apache/directory/server/core/authz/AciAuthorizationInterceptor.java (original)
+++ directory/apacheds/trunk/interceptors/authz/src/main/java/org/apache/directory/server/core/authz/AciAuthorizationInterceptor.java Mon Oct 17 12:51:01 2011
@@ -32,6 +32,7 @@ import javax.naming.directory.SearchCont
import org.apache.directory.server.constants.ServerDNConstants;
import org.apache.directory.server.core.shared.DefaultCoreSession;
+import org.apache.directory.server.core.shared.subtree.SubentryUtils;
import org.apache.directory.server.core.api.CoreSession;
import org.apache.directory.server.core.api.DirectoryService;
import org.apache.directory.server.core.api.LdapPrincipal;
@@ -59,7 +60,6 @@ import org.apache.directory.server.core.
import org.apache.directory.server.core.api.partition.PartitionNexus;
import org.apache.directory.server.core.authz.support.ACDFEngine;
import org.apache.directory.server.core.authz.support.AciContext;
-import org.apache.directory.server.core.subtree.SubentryInterceptor;
import org.apache.directory.server.i18n.I18n;
import org.apache.directory.shared.ldap.aci.ACIItem;
import org.apache.directory.shared.ldap.aci.ACIItemParser;
@@ -170,6 +170,9 @@ public class AciAuthorizationInterceptor
private PartitionNexus nexus;
public static final SearchControls DEFAULT_SEARCH_CONTROLS = new SearchControls();
+
+ /** The SubentryUtils instance */
+ private static SubentryUtils subentryUtils;
/**
@@ -299,6 +302,9 @@ public class AciAuthorizationInterceptor
// Init the caches now
initTupleCache();
initGroupCache();
+
+ // Init the SubentryUtils instance
+ subentryUtils = new SubentryUtils( directoryService );
}
@@ -526,9 +532,7 @@ public class AciAuthorizationInterceptor
}
// perform checks below here for all non-admin users
- SubentryInterceptor subentryInterceptor = ( SubentryInterceptor ) chain.get( SubentryInterceptor.class
- .getSimpleName() );
- Entry subentry = subentryInterceptor.getSubentryAttributes( dn, serverEntry );
+ Entry subentry = subentryUtils.getSubentryAttributes( dn, serverEntry );
for ( Attribute attribute : serverEntry )
{
@@ -1071,9 +1075,7 @@ public class AciAuthorizationInterceptor
// we need to construct an entry to represent it
// at least with minimal requirements which are object class
// and access control subentry operational attributes.
- SubentryInterceptor subentryInterceptor = ( SubentryInterceptor ) chain.get( SubentryInterceptor.class
- .getSimpleName() );
- Entry subentryAttrs = subentryInterceptor.getSubentryAttributes( newDn, importedEntry );
+ Entry subentryAttrs = subentryUtils.getSubentryAttributes( newDn, importedEntry );
for ( Attribute attribute : importedEntry )
{
@@ -1165,9 +1167,7 @@ public class AciAuthorizationInterceptor
// we need to construct an entry to represent it
// at least with minimal requirements which are object class
// and access control subentry operational attributes.
- SubentryInterceptor subentryInterceptor = ( SubentryInterceptor ) chain.get( SubentryInterceptor.class
- .getSimpleName() );
- Entry subentryAttrs = subentryInterceptor.getSubentryAttributes( newDn, importedEntry );
+ Entry subentryAttrs = subentryUtils.getSubentryAttributes( newDn, importedEntry );
for ( Attribute attribute : importedEntry )
{
Modified: directory/apacheds/trunk/interceptors/authz/src/main/java/org/apache/directory/server/core/authz/support/ACDFEngine.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/interceptors/authz/src/main/java/org/apache/directory/server/core/authz/support/ACDFEngine.java?rev=1185134&r1=1185133&r2=1185134&view=diff
==============================================================================
--- directory/apacheds/trunk/interceptors/authz/src/main/java/org/apache/directory/server/core/authz/support/ACDFEngine.java (original)
+++ directory/apacheds/trunk/interceptors/authz/src/main/java/org/apache/directory/server/core/authz/support/ACDFEngine.java Mon Oct 17 12:51:01 2011
@@ -26,10 +26,10 @@ import java.util.Collections;
import java.util.HashSet;
import org.apache.directory.server.core.api.event.Evaluator;
-import org.apache.directory.server.core.shared.event.ExpressionEvaluator;
-import org.apache.directory.server.core.subtree.RefinementEvaluator;
-import org.apache.directory.server.core.subtree.RefinementLeafEvaluator;
-import org.apache.directory.server.core.subtree.SubtreeEvaluator;
+import org.apache.directory.server.core.api.event.ExpressionEvaluator;
+import org.apache.directory.server.core.api.subtree.SubtreeEvaluator;
+import org.apache.directory.server.core.shared.subtree.RefinementEvaluator;
+import org.apache.directory.server.core.shared.subtree.RefinementLeafEvaluator;
import org.apache.directory.shared.ldap.aci.ACITuple;
import org.apache.directory.shared.ldap.model.constants.SchemaConstants;
import org.apache.directory.shared.ldap.model.entry.Entry;
Modified: directory/apacheds/trunk/interceptors/authz/src/main/java/org/apache/directory/server/core/authz/support/RelatedProtectedItemFilter.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/interceptors/authz/src/main/java/org/apache/directory/server/core/authz/support/RelatedProtectedItemFilter.java?rev=1185134&r1=1185133&r2=1185134&view=diff
==============================================================================
--- directory/apacheds/trunk/interceptors/authz/src/main/java/org/apache/directory/server/core/authz/support/RelatedProtectedItemFilter.java (original)
+++ directory/apacheds/trunk/interceptors/authz/src/main/java/org/apache/directory/server/core/authz/support/RelatedProtectedItemFilter.java Mon Oct 17 12:51:01 2011
@@ -24,7 +24,7 @@ import java.util.Collection;
import java.util.Iterator;
import org.apache.directory.server.core.api.event.Evaluator;
-import org.apache.directory.server.core.subtree.RefinementEvaluator;
+import org.apache.directory.server.core.shared.subtree.RefinementEvaluator;
import org.apache.directory.server.i18n.I18n;
import org.apache.directory.shared.ldap.aci.ACITuple;
import org.apache.directory.shared.ldap.aci.ProtectedItem;
Modified: directory/apacheds/trunk/interceptors/authz/src/main/java/org/apache/directory/server/core/authz/support/RelatedUserClassFilter.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/interceptors/authz/src/main/java/org/apache/directory/server/core/authz/support/RelatedUserClassFilter.java?rev=1185134&r1=1185133&r2=1185134&view=diff
==============================================================================
--- directory/apacheds/trunk/interceptors/authz/src/main/java/org/apache/directory/server/core/authz/support/RelatedUserClassFilter.java (original)
+++ directory/apacheds/trunk/interceptors/authz/src/main/java/org/apache/directory/server/core/authz/support/RelatedUserClassFilter.java Mon Oct 17 12:51:01 2011
@@ -24,7 +24,7 @@ import java.util.Collection;
import java.util.Iterator;
import java.util.Set;
-import org.apache.directory.server.core.subtree.SubtreeEvaluator;
+import org.apache.directory.server.core.api.subtree.SubtreeEvaluator;
import org.apache.directory.server.i18n.I18n;
import org.apache.directory.shared.ldap.aci.ACITuple;
import org.apache.directory.shared.ldap.aci.UserClass;
Modified: directory/apacheds/trunk/interceptors/authz/src/test/java/org/apache/directory/server/core/authz/support/RelatedProtectedItemFilterTest.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/interceptors/authz/src/test/java/org/apache/directory/server/core/authz/support/RelatedProtectedItemFilterTest.java?rev=1185134&r1=1185133&r2=1185134&view=diff
==============================================================================
--- directory/apacheds/trunk/interceptors/authz/src/test/java/org/apache/directory/server/core/authz/support/RelatedProtectedItemFilterTest.java (original)
+++ directory/apacheds/trunk/interceptors/authz/src/test/java/org/apache/directory/server/core/authz/support/RelatedProtectedItemFilterTest.java Mon Oct 17 12:51:01 2011
@@ -28,9 +28,9 @@ import java.util.Collections;
import java.util.HashSet;
import java.util.Set;
-import org.apache.directory.server.core.shared.event.ExpressionEvaluator;
-import org.apache.directory.server.core.subtree.RefinementEvaluator;
-import org.apache.directory.server.core.subtree.RefinementLeafEvaluator;
+import org.apache.directory.server.core.api.event.ExpressionEvaluator;
+import org.apache.directory.server.core.shared.subtree.RefinementEvaluator;
+import org.apache.directory.server.core.shared.subtree.RefinementLeafEvaluator;
import org.apache.directory.shared.ldap.aci.ACITuple;
import org.apache.directory.shared.ldap.aci.MicroOperation;
import org.apache.directory.shared.ldap.aci.ProtectedItem;
Modified: directory/apacheds/trunk/interceptors/authz/src/test/java/org/apache/directory/server/core/authz/support/RelatedUserClassFilterTest.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/interceptors/authz/src/test/java/org/apache/directory/server/core/authz/support/RelatedUserClassFilterTest.java?rev=1185134&r1=1185133&r2=1185134&view=diff
==============================================================================
--- directory/apacheds/trunk/interceptors/authz/src/test/java/org/apache/directory/server/core/authz/support/RelatedUserClassFilterTest.java (original)
+++ directory/apacheds/trunk/interceptors/authz/src/test/java/org/apache/directory/server/core/authz/support/RelatedUserClassFilterTest.java Mon Oct 17 12:51:01 2011
@@ -28,7 +28,7 @@ import java.util.Collections;
import java.util.HashSet;
import java.util.Set;
-import org.apache.directory.server.core.subtree.SubtreeEvaluator;
+import org.apache.directory.server.core.api.subtree.SubtreeEvaluator;
import org.apache.directory.shared.ldap.aci.ACITuple;
import org.apache.directory.shared.ldap.aci.MicroOperation;
import org.apache.directory.shared.ldap.aci.ProtectedItem;
Modified: directory/apacheds/trunk/interceptors/event/src/main/java/org/apache/directory/server/core/event/EventInterceptor.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/interceptors/event/src/main/java/org/apache/directory/server/core/event/EventInterceptor.java?rev=1185134&r1=1185133&r2=1185134&view=diff
==============================================================================
--- directory/apacheds/trunk/interceptors/event/src/main/java/org/apache/directory/server/core/event/EventInterceptor.java (original)
+++ directory/apacheds/trunk/interceptors/event/src/main/java/org/apache/directory/server/core/event/EventInterceptor.java Mon Oct 17 12:51:01 2011
@@ -33,6 +33,7 @@ import org.apache.directory.server.core.
import org.apache.directory.server.core.api.event.DirectoryListener;
import org.apache.directory.server.core.api.event.Evaluator;
import org.apache.directory.server.core.api.event.EventType;
+import org.apache.directory.server.core.api.event.ExpressionEvaluator;
import org.apache.directory.server.core.api.event.NotificationCriteria;
import org.apache.directory.server.core.api.event.RegistrationEntry;
import org.apache.directory.server.core.api.interceptor.BaseInterceptor;
@@ -45,7 +46,6 @@ import org.apache.directory.server.core.
import org.apache.directory.server.core.api.interceptor.context.OperationContext;
import org.apache.directory.server.core.api.interceptor.context.RenameOperationContext;
import org.apache.directory.server.core.api.partition.ByPassConstants;
-import org.apache.directory.server.core.shared.event.ExpressionEvaluator;
import org.apache.directory.shared.ldap.model.constants.SchemaConstants;
import org.apache.directory.shared.ldap.model.entry.Entry;
import org.apache.directory.shared.ldap.model.exception.LdapException;