You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by er...@apache.org on 2007/05/24 02:27:07 UTC
svn commit: r541123 [6/25] - in
/directory/apacheds/branches/apacheds-sasl-branch: ./ benchmarks/
bootstrap-extract/ bootstrap-extract/src/ bootstrap-extract/src/main/
bootstrap-extract/src/main/java/ bootstrap-extract/src/main/java/org/
bootstrap-extr...
Modified: directory/apacheds/branches/apacheds-sasl-branch/core/src/main/java/org/apache/directory/server/core/authz/DefaultAuthorizationService.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/apacheds-sasl-branch/core/src/main/java/org/apache/directory/server/core/authz/DefaultAuthorizationService.java?view=diff&rev=541123&r1=541122&r2=541123
==============================================================================
--- directory/apacheds/branches/apacheds-sasl-branch/core/src/main/java/org/apache/directory/server/core/authz/DefaultAuthorizationService.java (original)
+++ directory/apacheds/branches/apacheds-sasl-branch/core/src/main/java/org/apache/directory/server/core/authz/DefaultAuthorizationService.java Wed May 23 17:26:40 2007
@@ -41,15 +41,24 @@
import org.apache.directory.server.core.interceptor.BaseInterceptor;
import org.apache.directory.server.core.interceptor.Interceptor;
import org.apache.directory.server.core.interceptor.NextInterceptor;
+import org.apache.directory.server.core.interceptor.context.LookupOperationContext;
+import org.apache.directory.server.core.interceptor.context.OperationContext;
+import org.apache.directory.server.core.interceptor.context.SearchOperationContext;
import org.apache.directory.server.core.invocation.Invocation;
import org.apache.directory.server.core.invocation.InvocationStack;
import org.apache.directory.server.core.jndi.ServerContext;
import org.apache.directory.server.core.partition.PartitionNexus;
+import org.apache.directory.server.schema.registries.AttributeTypeRegistry;
+import org.apache.directory.shared.ldap.constants.SchemaConstants;
+import org.apache.directory.shared.ldap.constants.ServerDNConstants;
import org.apache.directory.shared.ldap.exception.LdapNoPermissionException;
-import org.apache.directory.shared.ldap.filter.ExprNode;
-import org.apache.directory.shared.ldap.message.ModificationItemImpl;
+import org.apache.directory.shared.ldap.message.ServerSearchResult;
import org.apache.directory.shared.ldap.name.LdapDN;
+import org.apache.directory.shared.ldap.schema.AttributeType;
import org.apache.directory.shared.ldap.schema.OidNormalizer;
+import org.apache.directory.shared.ldap.util.AttributeUtils;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
/**
@@ -63,23 +72,26 @@
*/
public class DefaultAuthorizationService extends BaseInterceptor
{
+ /** the logger for this class */
+ private static final Logger log = LoggerFactory.getLogger( DefaultAuthorizationService.class );
+
+ /** The service name */
+ public static final String NAME = "defaultAuthorizationService";
+
/**
* the base distinguished {@link Name} for all users
*/
private static LdapDN USER_BASE_DN;
- private static LdapDN USER_BASE_DN_NORMALIZED;
/**
* the base distinguished {@link Name} for all groups
*/
private static LdapDN GROUP_BASE_DN;
- private static LdapDN GROUP_BASE_DN_NORMALIZED;
/**
* the distinguished {@link Name} for the administrator group
*/
private static LdapDN ADMIN_GROUP_DN;
- private static LdapDN ADMIN_GROUP_DN_NORMALIZED;
/**
* the name parser used by this service
@@ -92,6 +104,13 @@
private Map<String, OidNormalizer> normalizerMapping;
private PartitionNexus nexus;
+
+ /** attribute type registry */
+ private AttributeTypeRegistry attrRegistry;
+
+ /** A starage for the uniqueMember attributeType */
+ private AttributeType uniqueMemberAT;
+
/**
* Creates a new instance.
@@ -110,14 +129,18 @@
enabled = !factoryCfg.getStartupConfiguration().isAccessControlEnabled();
USER_BASE_DN = PartitionNexus.getUsersBaseName();
- USER_BASE_DN_NORMALIZED = LdapDN.normalize( USER_BASE_DN, normalizerMapping );
+ USER_BASE_DN.normalize( normalizerMapping );
GROUP_BASE_DN = PartitionNexus.getGroupsBaseName();
- GROUP_BASE_DN_NORMALIZED = LdapDN.normalize( GROUP_BASE_DN, normalizerMapping );
+ GROUP_BASE_DN.normalize( normalizerMapping );
- ADMIN_GROUP_DN = new LdapDN( "cn=Administrators,ou=groups,ou=system" );
- ADMIN_GROUP_DN_NORMALIZED = ( LdapDN ) ADMIN_GROUP_DN.clone();
- ADMIN_GROUP_DN_NORMALIZED.normalize( normalizerMapping );
+ ADMIN_GROUP_DN = new LdapDN( ServerDNConstants.ADMINISTRATORS_GROUP_DN );
+ ADMIN_GROUP_DN.normalize( normalizerMapping );
+
+ attrRegistry = factoryCfg.getRegistries().getAttributeTypeRegistry();
+
+ uniqueMemberAT = attrRegistry.lookup( SchemaConstants.UNIQUE_MEMBER_AT_OID );
+
loadAdministrators();
}
@@ -126,20 +149,22 @@
{
// read in the administrators and cache their normalized names
Set<String> newAdministrators = new HashSet<String>( 2 );
- Attributes adminGroup = nexus.lookup( ADMIN_GROUP_DN_NORMALIZED );
+ Attributes adminGroup = nexus.lookup( new LookupOperationContext( ADMIN_GROUP_DN ) );
if ( adminGroup == null )
{
return;
}
- Attribute uniqueMember = adminGroup.get( "uniqueMember" );
+ Attribute uniqueMember = AttributeUtils.getAttribute( adminGroup, uniqueMemberAT );
+
for ( int ii = 0; ii < uniqueMember.size(); ii++ )
{
LdapDN memberDn = new LdapDN( ( String ) uniqueMember.get( ii ) );
memberDn.normalize( normalizerMapping );
- newAdministrators.add( memberDn.toNormName() );
+ newAdministrators.add( memberDn.getNormName() );
}
+
administrators = newAdministrators;
}
@@ -148,86 +173,86 @@
// Lookup, search and list operations need to be handled using a filter
// and so we need access to the filter service.
- public void delete( NextInterceptor nextInterceptor, LdapDN name ) throws NamingException
+ public void delete( NextInterceptor nextInterceptor, OperationContext opContext ) throws NamingException
{
+ LdapDN name = opContext.getDn();
+
if ( !enabled )
{
- nextInterceptor.delete( name );
+ nextInterceptor.delete( opContext );
return;
}
LdapDN principalDn = getPrincipal().getJndiName();
- if ( name.toString().equals( "" ) )
+ if ( name.isEmpty() )
{
String msg = "The rootDSE cannot be deleted!";
+ log.error( msg );
throw new LdapNoPermissionException( msg );
}
- if ( name.toNormName().equals( ADMIN_GROUP_DN_NORMALIZED.toNormName() ) )
+ if ( name.getNormName().equals( ADMIN_GROUP_DN.getNormName() ) )
{
String msg = "The Administrators group cannot be deleted!";
+ log.error( msg );
throw new LdapNoPermissionException( msg );
}
if ( isTheAdministrator( name ) )
{
- String msg = "User " + principalDn;
+ String msg = "User " + principalDn.getUpName();
msg += " does not have permission to delete the admin account.";
msg += " No one not even the admin can delete this account!";
+ log.error( msg );
throw new LdapNoPermissionException( msg );
}
- if ( name.size() > 2 && name.startsWith( USER_BASE_DN ) && !isAnAdministrator( principalDn ) )
- {
- String msg = "User " + principalDn;
- msg += " does not have permission to delete the user account: ";
- msg += name + ". Only the admin can delete user accounts.";
- throw new LdapNoPermissionException( msg );
- }
-
- if ( name.size() > 2 && name.startsWith( GROUP_BASE_DN ) && !isAnAdministrator( principalDn ) )
+ if ( name.size() > 2 )
{
- String msg = "User " + principalDn;
- msg += " does not have permission to delete the group entry: ";
- msg += name + ". Only the admin can delete groups.";
- throw new LdapNoPermissionException( msg );
+ if ( !isAnAdministrator( principalDn ) )
+ {
+ if ( name.startsWith( USER_BASE_DN ) )
+ {
+ String msg = "User " + principalDn.getUpName();
+ msg += " does not have permission to delete the user account: ";
+ msg += name.getUpName() + ". Only the admin can delete user accounts.";
+ log.error( msg );
+ throw new LdapNoPermissionException( msg );
+ }
+
+ if ( name.startsWith( GROUP_BASE_DN ) )
+ {
+ String msg = "User " + principalDn.getUpName();
+ msg += " does not have permission to delete the group entry: ";
+ msg += name.getUpName() + ". Only the admin can delete groups.";
+ log.error( msg );
+ throw new LdapNoPermissionException( msg );
+ }
+ }
}
- nextInterceptor.delete( name );
+ nextInterceptor.delete( opContext );
}
private final boolean isTheAdministrator( LdapDN normalizedDn )
{
- return normalizedDn.toNormName() == PartitionNexus.ADMIN_PRINCIPAL_NORMALIZED ||
- normalizedDn.toNormName().equals( PartitionNexus.ADMIN_PRINCIPAL_NORMALIZED );
+ return normalizedDn.getNormName().equals( PartitionNexus.ADMIN_PRINCIPAL_NORMALIZED );
}
- private final boolean isAnAdministrator( LdapDN normalizedDn ) throws NamingException
+ private final boolean isAnAdministrator( LdapDN normalizedDn )
{
if ( isTheAdministrator( normalizedDn ) )
{
return true;
}
- return administrators.contains( normalizedDn.toNormName() );
+ return administrators.contains( normalizedDn.getNormName() );
}
- /**
- * Note that we do nothing here. First because this is not an externally
- * exposed function via the JNDI interfaces. It is used internally by
- * the provider for optimization purposes so there is no reason for us to
- * start to constrain it.
- */
- public boolean hasEntry( NextInterceptor nextInterceptor, LdapDN name ) throws NamingException
- {
- return super.hasEntry( nextInterceptor, name );
- }
-
-
// ------------------------------------------------------------------------
// Entry Modification Operations
// ------------------------------------------------------------------------
@@ -238,48 +263,26 @@
* users to self access these resources. As far as we're concerned no one but
* the admin needs access.
*/
- public void modify( NextInterceptor nextInterceptor, LdapDN name, int modOp, Attributes attrs )
+ public void modify( NextInterceptor nextInterceptor, OperationContext opContext )
throws NamingException
{
if ( enabled )
{
- protectModifyAlterations( name );
- nextInterceptor.modify( name, modOp, attrs );
+ LdapDN dn = opContext.getDn();
+
+ protectModifyAlterations( dn );
+ nextInterceptor.modify( opContext );
// update administrators if we change administrators group
- if ( name.toNormName().equals( ADMIN_GROUP_DN_NORMALIZED.toNormName() ) )
+ if ( dn.getNormName().equals( ADMIN_GROUP_DN.getNormName() ) )
{
loadAdministrators();
}
- return;
}
-
- nextInterceptor.modify( name, modOp, attrs );
- }
-
-
- /**
- * This policy needs to be really tight too because some attributes may take part
- * in giving the user permissions to protected resources. We do not want users to
- * self access these resources. As far as we're concerned no one but the admin
- * needs access.
- */
- public void modify( NextInterceptor nextInterceptor, LdapDN name, ModificationItemImpl[] items ) throws NamingException
- {
- if ( enabled )
+ else
{
- protectModifyAlterations( name );
- nextInterceptor.modify( name, items );
-
- // update administrators if we change administrators group
- if ( name.toNormName().equals( ADMIN_GROUP_DN_NORMALIZED.toNormName() ) )
- {
- loadAdministrators();
- }
- return;
+ nextInterceptor.modify( opContext );
}
-
- nextInterceptor.modify( name, items );
}
@@ -287,44 +290,51 @@
{
LdapDN principalDn = getPrincipal().getJndiName();
- if ( dn.size() == 0 )
+ if ( dn.isEmpty() )
{
String msg = "The rootDSE cannot be modified!";
+ log.error( msg );
throw new LdapNoPermissionException( msg );
}
if ( ! isAnAdministrator( principalDn ) )
{
// allow self modifications
- if ( dn.toNormName().equals( getPrincipal().getJndiName().toNormName() ) )
+ if ( dn.getNormName().equals( getPrincipal().getJndiName().getNormName() ) )
{
return;
}
- if ( dn.toNormName().equals( PartitionNexus.ADMIN_PRINCIPAL_NORMALIZED ) )
+ if ( dn.getNormName().equals( PartitionNexus.ADMIN_PRINCIPAL_NORMALIZED ) )
{
- String msg = "User " + principalDn;
+ String msg = "User " + principalDn.getUpName();
msg += " does not have permission to modify the account of the";
msg += " admin user.";
+ log.error( msg );
throw new LdapNoPermissionException( msg );
}
- if ( dn.size() > 2 && dn.startsWith( USER_BASE_DN_NORMALIZED ) )
- {
- String msg = "User " + principalDn;
- msg += " does not have permission to modify the account of the";
- msg += " user " + dn + ".\nEven the owner of an account cannot";
- msg += " modify it.\nUser accounts can only be modified by the";
- msg += " administrator.";
- throw new LdapNoPermissionException( msg );
- }
-
- if ( dn.size() > 2 && dn.startsWith( GROUP_BASE_DN_NORMALIZED ) )
- {
- String msg = "User " + principalDn;
- msg += " does not have permission to modify the group entry ";
- msg += dn.getUpName() + ".\nGroups can only be modified by the admin.";
- throw new LdapNoPermissionException( msg );
+ if ( dn.size() > 2 )
+ {
+ if ( dn.startsWith( USER_BASE_DN ) )
+ {
+ String msg = "User " + principalDn.getUpName();
+ msg += " does not have permission to modify the account of the";
+ msg += " user " + dn.getUpName() + ".\nEven the owner of an account cannot";
+ msg += " modify it.\nUser accounts can only be modified by the";
+ msg += " administrator.";
+ log.error( msg );
+ throw new LdapNoPermissionException( msg );
+ }
+
+ if ( dn.startsWith( GROUP_BASE_DN ) )
+ {
+ String msg = "User " + principalDn.getUpName();
+ msg += " does not have permission to modify the group entry ";
+ msg += dn.getUpName() + ".\nGroups can only be modified by the admin.";
+ log.error( msg );
+ throw new LdapNoPermissionException( msg );
+ }
}
}
}
@@ -339,35 +349,37 @@
// o The administrator entry cannot be moved or renamed by anyone
// ------------------------------------------------------------------------
- public void modifyRn( NextInterceptor nextInterceptor, LdapDN name, String newRn, boolean deleteOldRn )
+ public void rename( NextInterceptor nextInterceptor, OperationContext opContext )
throws NamingException
{
if ( enabled )
{
- protectDnAlterations( name );
+ protectDnAlterations( opContext.getDn() );
}
- nextInterceptor.modifyRn( name, newRn, deleteOldRn );
+
+ nextInterceptor.rename( opContext );
}
- public void move( NextInterceptor nextInterceptor, LdapDN oriChildName, LdapDN newParentName ) throws NamingException
+ public void move( NextInterceptor nextInterceptor, OperationContext opContext ) throws NamingException
{
if ( enabled )
{
- protectDnAlterations( oriChildName );
+ protectDnAlterations( opContext.getDn() );
}
- nextInterceptor.move( oriChildName, newParentName );
+
+ nextInterceptor.move( opContext );
}
- public void move( NextInterceptor nextInterceptor, LdapDN oriChildName, LdapDN newParentName, String newRn,
- boolean deleteOldRn ) throws NamingException
+ public void moveAndRename( NextInterceptor nextInterceptor, OperationContext opContext ) throws NamingException
{
if ( enabled )
{
- protectDnAlterations( oriChildName );
+ protectDnAlterations( opContext.getDn() );
}
- nextInterceptor.move( oriChildName, newParentName, newRn, deleteOldRn );
+
+ nextInterceptor.moveAndRename( opContext );
}
@@ -375,15 +387,18 @@
{
LdapDN principalDn = getPrincipal().getJndiName();
- if ( dn.toString().equals( "" ) )
+ if ( dn.isEmpty() )
{
String msg = "The rootDSE cannot be moved or renamed!";
+ log.error( msg );
throw new LdapNoPermissionException( msg );
}
- if ( dn.toNormName().equals( ADMIN_GROUP_DN_NORMALIZED.toNormName() ) )
+ if ( dn.getNormName().equals( ADMIN_GROUP_DN.getNormName() ) )
{
- throw new LdapNoPermissionException( "The Administrators group cannot be moved or renamed!" );
+ String msg = "The Administrators group cannot be moved or renamed!";
+ log.error( msg );
+ throw new LdapNoPermissionException( msg );
}
if ( isTheAdministrator( dn ) )
@@ -391,51 +406,41 @@
String msg = "User '" + principalDn.getUpName();
msg += "' does not have permission to move or rename the admin";
msg += " account. No one not even the admin can move or";
- msg += " rename " + dn + "!";
+ msg += " rename " + dn.getUpName() + "!";
+ log.error( msg );
throw new LdapNoPermissionException( msg );
}
- if ( dn.size() > 2 && dn.startsWith( USER_BASE_DN_NORMALIZED ) && !isAnAdministrator( principalDn ) )
+ if ( dn.size() > 2 && dn.startsWith( USER_BASE_DN ) && !isAnAdministrator( principalDn ) )
{
- String msg = "User '" + principalDn;
+ String msg = "User '" + principalDn.getUpName();
msg += "' does not have permission to move or rename the user";
- msg += " account: " + dn + ". Only the admin can move or";
+ msg += " account: " + dn.getUpName() + ". Only the admin can move or";
msg += " rename user accounts.";
+ log.error( msg );
throw new LdapNoPermissionException( msg );
}
- if ( dn.size() > 2 && dn.startsWith( GROUP_BASE_DN_NORMALIZED ) && !isAnAdministrator( principalDn ) )
+ if ( dn.size() > 2 && dn.startsWith( GROUP_BASE_DN ) && !isAnAdministrator( principalDn ) )
{
- String msg = "User " + principalDn;
+ String msg = "User " + principalDn.getUpName();
msg += " does not have permission to move or rename the group entry ";
- msg += dn + ".\nGroups can only be moved or renamed by the admin.";
+ msg += dn.getUpName() + ".\nGroups can only be moved or renamed by the admin.";
throw new LdapNoPermissionException( msg );
}
}
- public Attributes lookup( NextInterceptor nextInterceptor, LdapDN name ) throws NamingException
- {
- Attributes attributes = nextInterceptor.lookup( name );
- if ( !enabled || attributes == null )
- {
- return attributes;
- }
-
- protectLookUp( name );
- return attributes;
- }
-
-
- public Attributes lookup( NextInterceptor nextInterceptor, LdapDN name, String[] attrIds ) throws NamingException
+ public Attributes lookup( NextInterceptor nextInterceptor, OperationContext opContext ) throws NamingException
{
- Attributes attributes = nextInterceptor.lookup( name, attrIds );
- if ( !enabled || attributes == null )
+ Attributes attributes = nextInterceptor.lookup( opContext );
+
+ if ( !enabled || ( attributes == null ) )
{
return attributes;
}
- protectLookUp( name );
+ protectLookUp( ((LookupOperationContext)opContext).getDn() );
return attributes;
}
@@ -444,34 +449,40 @@
{
LdapContext ctx = ( LdapContext ) InvocationStack.getInstance().peek().getCaller();
LdapDN principalDn = ( ( ServerContext ) ctx ).getPrincipal().getJndiName();
+
if ( !isAnAdministrator( principalDn ) )
{
- if ( normalizedDn.size() > 2 && normalizedDn.startsWith( USER_BASE_DN_NORMALIZED ) )
+ if ( normalizedDn.size() > 2 )
{
- // allow for self reads
- if ( normalizedDn.getNormName().equals( principalDn.getNormName() ) )
+ if( normalizedDn.startsWith( USER_BASE_DN ) )
{
- return;
+ // allow for self reads
+ if ( normalizedDn.getNormName().equals( principalDn.getNormName() ) )
+ {
+ return;
+ }
+
+ String msg = "Access to user account '" + normalizedDn.getUpName() + "' not permitted";
+ msg += " for user '" + principalDn.getUpName() + "'. Only the admin can";
+ msg += " access user account information";
+ log.error( msg );
+ throw new LdapNoPermissionException( msg );
}
- String msg = "Access to user account '" + normalizedDn + "' not permitted";
- msg += " for user '" + principalDn + "'. Only the admin can";
- msg += " access user account information";
- throw new LdapNoPermissionException( msg );
- }
-
- if ( normalizedDn.size() > 2 && normalizedDn.startsWith( GROUP_BASE_DN_NORMALIZED ) )
- {
- // allow for self reads
- if ( normalizedDn.getNormName().equals( principalDn.getNormName() ) )
+ if ( normalizedDn.startsWith( GROUP_BASE_DN ) )
{
- return;
+ // allow for self reads
+ if ( normalizedDn.getNormName().equals( principalDn.getNormName() ) )
+ {
+ return;
+ }
+
+ String msg = "Access to group '" + normalizedDn.getUpName() + "' not permitted";
+ msg += " for user '" + principalDn.getUpName() + "'. Only the admin can";
+ msg += " access group information";
+ log.error( msg );
+ throw new LdapNoPermissionException( msg );
}
-
- String msg = "Access to group '" + normalizedDn + "' not permitted";
- msg += " for user '" + principalDn + "'. Only the admin can";
- msg += " access group information";
- throw new LdapNoPermissionException( msg );
}
if ( isTheAdministrator( normalizedDn ) )
@@ -483,48 +494,48 @@
}
String msg = "Access to admin account not permitted for user '";
- msg += principalDn + "'. Only the admin can";
+ msg += principalDn.getUpName() + "'. Only the admin can";
msg += " access admin account information";
+ log.error( msg );
throw new LdapNoPermissionException( msg );
}
}
}
- public NamingEnumeration search( NextInterceptor nextInterceptor, LdapDN base, Map env, ExprNode filter,
- SearchControls searchCtls ) throws NamingException
+ public NamingEnumeration<SearchResult> search( NextInterceptor nextInterceptor, OperationContext opContext ) throws NamingException
{
- NamingEnumeration e = nextInterceptor.search( base, env, filter, searchCtls );
+ NamingEnumeration<SearchResult> e = nextInterceptor.search( opContext );
+
if ( !enabled )
{
return e;
}
- //if ( searchCtls.getReturningAttributes() != null )
- //{
- // return null;
- //}
Invocation invocation = InvocationStack.getInstance().peek();
- return new SearchResultFilteringEnumeration( e, searchCtls, invocation, new SearchResultFilter()
+ return new SearchResultFilteringEnumeration( e, ((SearchOperationContext)opContext).getSearchControls(), invocation,
+ new SearchResultFilter()
{
public boolean accept( Invocation invocation, SearchResult result, SearchControls controls )
throws NamingException
{
return DefaultAuthorizationService.this.isSearchable( invocation, result );
}
- } );
+ }, "Search Default Authorization filter" );
}
- public NamingEnumeration list( NextInterceptor nextInterceptor, LdapDN base ) throws NamingException
+ public NamingEnumeration list( NextInterceptor nextInterceptor, OperationContext opContext ) throws NamingException
{
- NamingEnumeration e = nextInterceptor.list( base );
+ NamingEnumeration e = nextInterceptor.list( opContext );
+
if ( !enabled )
{
return e;
}
Invocation invocation = InvocationStack.getInstance().peek();
+
return new SearchResultFilteringEnumeration( e, null, invocation, new SearchResultFilter()
{
public boolean accept( Invocation invocation, SearchResult result, SearchControls controls )
@@ -532,16 +543,19 @@
{
return DefaultAuthorizationService.this.isSearchable( invocation, result );
}
- } );
+ }, "List Default Authorization filter" );
}
private boolean isSearchable( Invocation invocation, SearchResult result ) throws NamingException
{
LdapDN principalDn = ( ( ServerContext ) invocation.getCaller() ).getPrincipal().getJndiName();
- LdapDN dn;
- dn = new LdapDN( result.getName() );
- dn.normalize( normalizerMapping );
+ LdapDN dn = ((ServerSearchResult)result).getDn();
+
+ if ( !dn.isNormalized() )
+ {
+ dn.normalize( normalizerMapping );
+ }
// Admin users gets full access to all entries
if ( isAnAdministrator( principalDn ) )
@@ -550,7 +564,8 @@
}
// Users reading their own entries should be allowed to see all
- boolean isSelfRead = dn.toNormName().equals( principalDn.toNormName() );
+ boolean isSelfRead = dn.getNormName().equals( principalDn.getNormName() );
+
if ( isSelfRead )
{
return true;
@@ -562,8 +577,8 @@
// stuff this if in here instead of up in outer if to prevent
// constant needless reexecution for all entries in other depths
- if ( dn.toNormName().endsWith( USER_BASE_DN_NORMALIZED.toNormName() )
- || dn.toNormName().endsWith( GROUP_BASE_DN_NORMALIZED.toNormName() ) )
+ if ( dn.getNormName().endsWith( USER_BASE_DN.getNormName() )
+ || dn.getNormName().endsWith( GROUP_BASE_DN.getNormName() ) )
{
return false;
}
Modified: directory/apacheds/branches/apacheds-sasl-branch/core/src/main/java/org/apache/directory/server/core/authz/GroupCache.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/apacheds-sasl-branch/core/src/main/java/org/apache/directory/server/core/authz/GroupCache.java?view=diff&rev=541123&r1=541122&r2=541123
==============================================================================
--- directory/apacheds/branches/apacheds-sasl-branch/core/src/main/java/org/apache/directory/server/core/authz/GroupCache.java (original)
+++ directory/apacheds/branches/apacheds-sasl-branch/core/src/main/java/org/apache/directory/server/core/authz/GroupCache.java Wed May 23 17:26:40 2007
@@ -20,7 +20,6 @@
package org.apache.directory.server.core.authz;
-import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Hashtable;
@@ -29,23 +28,28 @@
import java.util.Set;
import org.apache.directory.server.core.DirectoryServiceConfiguration;
+import org.apache.directory.server.core.interceptor.context.SearchOperationContext;
import org.apache.directory.server.core.partition.PartitionNexus;
+import org.apache.directory.server.schema.registries.AttributeTypeRegistry;
+import org.apache.directory.shared.ldap.constants.SchemaConstants;
+import org.apache.directory.shared.ldap.constants.ServerDNConstants;
import org.apache.directory.shared.ldap.filter.AssertionEnum;
import org.apache.directory.shared.ldap.filter.BranchNode;
import org.apache.directory.shared.ldap.filter.SimpleNode;
import org.apache.directory.shared.ldap.message.ModificationItemImpl;
import org.apache.directory.shared.ldap.name.LdapDN;
+import org.apache.directory.shared.ldap.schema.AttributeType;
import org.apache.directory.shared.ldap.schema.OidNormalizer;
import org.apache.directory.shared.ldap.util.AttributeUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
-import javax.naming.Name;
import javax.naming.NamingException;
import javax.naming.NamingEnumeration;
import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
import javax.naming.directory.DirContext;
+import javax.naming.directory.ModificationItem;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
@@ -58,16 +62,6 @@
*/
public class GroupCache
{
- /** the attribute id for an object class: objectClass */
- private static final String OC_ATTR = "objectClass";
- /** the member attribute for a groupOfNames: member */
- private static final String MEMBER_ATTR = "member";
- /** the member attribute for a groupOfUniqueNames: uniqueMember */
- private static final String UNIQUEMEMBER_ATTR = "uniqueMember";
- /** the groupOfNames objectClass: groupOfNames */
- private static final String GROUPOFNAMES_OC = "groupOfNames";
- /** the groupOfUniqueNames objectClass: groupOfUniqueNames */
- private static final String GROUPOFUNIQUENAMES_OC = "groupOfUniqueNames";
/** the logger for this class */
private static final Logger log = LoggerFactory.getLogger( GroupCache.class );
@@ -76,18 +70,31 @@
/** String key for the DN of a group to a Set (HashSet) for the Strings of member DNs */
private final Map<String, Set<String>> groups = new HashMap<String, Set<String>>();
+
/** a handle on the partition nexus */
private final PartitionNexus nexus;
+
/** the env to use for searching */
private final Hashtable env;
+ /** Stores a reference to the AttributeType registry */
+ private AttributeTypeRegistry attributeTypeRegistry;
+
+ /** A storage for the member attributeType */
+ private AttributeType memberAT;
+
+ /** A storage for the uniqueMember attributeType */
+ private AttributeType uniqueMemberAT;
+
/**
* The OIDs normalizer map
*/
private Map<String, OidNormalizer> normalizerMap;
/** the normalized dn of the administrators group */
- LdapDN administratorsGroupDn;
+ private LdapDN administratorsGroupDn;
+
+ private static final Set<LdapDN> EMPTY_GROUPS = new HashSet<LdapDN>();
/**
* Creates a static group cache.
@@ -97,12 +104,15 @@
public GroupCache( DirectoryServiceConfiguration factoryCfg ) throws NamingException
{
normalizerMap = factoryCfg.getRegistries().getAttributeTypeRegistry().getNormalizerMapping();
- this.nexus = factoryCfg.getPartitionNexus();
- this.env = ( Hashtable ) factoryCfg.getEnvironment().clone();
+ nexus = factoryCfg.getPartitionNexus();
+ env = ( Hashtable ) factoryCfg.getEnvironment().clone();
+ attributeTypeRegistry = factoryCfg.getRegistries().getAttributeTypeRegistry();
+ memberAT = attributeTypeRegistry.lookup( SchemaConstants.MEMBER_AT_OID );
+ uniqueMemberAT = attributeTypeRegistry.lookup( SchemaConstants.UNIQUE_MEMBER_AT_OID );
+
// stuff for dealing with the admin group
- administratorsGroupDn = new LdapDN( "cn=Administrators,ou=groups,ou=system" );
- administratorsGroupDn.normalize( normalizerMap );
+ administratorsGroupDn = parseNormalized( ServerDNConstants.ADMINISTRATORS_GROUP_DN );
initialize();
}
@@ -122,42 +132,44 @@
// normalized sets of members to cache within the map
BranchNode filter = new BranchNode( AssertionEnum.OR );
- filter.addNode( new SimpleNode( OC_ATTR, GROUPOFNAMES_OC, AssertionEnum.EQUALITY ) );
- filter.addNode( new SimpleNode( OC_ATTR, GROUPOFUNIQUENAMES_OC, AssertionEnum.EQUALITY ) );
+ filter.addNode( new SimpleNode( SchemaConstants.OBJECT_CLASS_AT, SchemaConstants.GROUP_OF_NAMES_OC, AssertionEnum.EQUALITY ) );
+ filter.addNode( new SimpleNode( SchemaConstants.OBJECT_CLASS_AT, SchemaConstants.GROUP_OF_UNIQUE_NAMES_OC, AssertionEnum.EQUALITY ) );
- Iterator suffixes = nexus.listSuffixes();
+ Iterator suffixes = nexus.listSuffixes( null );
+
while ( suffixes.hasNext() )
{
String suffix = ( String ) suffixes.next();
LdapDN baseDn = new LdapDN( suffix );
SearchControls ctls = new SearchControls();
ctls.setSearchScope( SearchControls.SUBTREE_SCOPE );
- NamingEnumeration results = nexus.search( baseDn, env, filter, ctls );
+ NamingEnumeration<SearchResult> results =
+ nexus.search( new SearchOperationContext( baseDn, env, filter, ctls ) );
while ( results.hasMore() )
{
SearchResult result = ( SearchResult ) results.next();
- String groupDn = result.getName();
- groupDn = parseNormalized( groupDn ).toString();
+ LdapDN groupDn = parseNormalized( result.getName() );
Attribute members = getMemberAttribute( result.getAttributes() );
if ( members != null )
{
Set<String> memberSet = new HashSet<String>( members.size() );
addMembers( memberSet, members );
- groups.put( groupDn, memberSet );
+ groups.put( groupDn.getNormName(), memberSet );
}
else
{
- log.warn( "Found group '" + groupDn + "' without any member or uniqueMember attributes" );
+ log.warn( "Found group '{}' without any member or uniqueMember attributes", groupDn.getUpName() );
}
}
+
results.close();
}
if ( IS_DEBUG )
{
- log.debug( "group cache contents on startup:\n" + groups );
+ log.debug( "group cache contents on startup:\n {}", groups );
}
}
@@ -171,31 +183,37 @@
*/
private Attribute getMemberAttribute( Attributes entry )
{
- Attribute oc = entry.get( OC_ATTR );
+ Attribute oc = entry.get( SchemaConstants.OBJECT_CLASS_AT );
if ( oc == null )
{
- if ( entry.get( MEMBER_ATTR ) != null )
+ Attribute member = AttributeUtils.getAttribute( entry, memberAT );
+
+ if ( member != null )
{
- return entry.get( MEMBER_ATTR );
+ return member;
}
- if ( entry.get( UNIQUEMEMBER_ATTR ) != null )
+ Attribute uniqueMember = AttributeUtils.getAttribute(entry, uniqueMemberAT );
+
+ if ( uniqueMember != null )
{
- return entry.get( UNIQUEMEMBER_ATTR );
+ return uniqueMember;
}
return null;
}
- if ( AttributeUtils.containsValueCaseIgnore( oc, GROUPOFNAMES_OC ) )
+ if ( AttributeUtils.containsValueCaseIgnore( oc, SchemaConstants.GROUP_OF_NAMES_OC ) ||
+ AttributeUtils.containsValueCaseIgnore( oc, SchemaConstants.GROUP_OF_NAMES_OC_OID ) )
{
- return entry.get( MEMBER_ATTR );
+ return AttributeUtils.getAttribute( entry, memberAT );
}
- if ( AttributeUtils.containsValueCaseIgnore( oc, GROUPOFUNIQUENAMES_OC ) )
+ if ( AttributeUtils.containsValueCaseIgnore( oc, SchemaConstants.GROUP_OF_UNIQUE_NAMES_OC ) ||
+ AttributeUtils.containsValueCaseIgnore( oc, SchemaConstants.GROUP_OF_UNIQUE_NAMES_OC_OID ))
{
- return entry.get( UNIQUEMEMBER_ATTR );
+ return AttributeUtils.getAttribute(entry, uniqueMemberAT );
}
return null;
@@ -267,7 +285,7 @@
* @param entry the group entry's attributes
* @throws NamingException if there are problems accessing the attr values
*/
- public void groupAdded( String upName, Name normName, Attributes entry ) throws NamingException
+ public void groupAdded( LdapDN name, Attributes entry ) throws NamingException
{
Attribute members = getMemberAttribute( entry );
@@ -278,11 +296,11 @@
Set<String> memberSet = new HashSet<String>( members.size() );
addMembers( memberSet, members );
- groups.put( normName.toString(), memberSet );
+ groups.put( name.getNormName(), memberSet );
if ( IS_DEBUG )
{
- log.debug( "group cache contents after adding " + normName.toString() + ":\n" + groups );
+ log.debug( "group cache contents after adding '{}' :\n {}", name.getUpName(), groups );
}
}
@@ -294,7 +312,7 @@
* @param name the normalized DN of the group entry
* @param entry the attributes of entry being deleted
*/
- public void groupDeleted( Name name, Attributes entry )
+ public void groupDeleted( LdapDN name, Attributes entry )
{
Attribute members = getMemberAttribute( entry );
@@ -303,11 +321,11 @@
return;
}
- groups.remove( name.toString() );
+ groups.remove( name.getNormName() );
if ( IS_DEBUG )
{
- log.debug( "group cache contents after deleting " + name.toString() + ":\n" + groups );
+ log.debug( "group cache contents after deleting '{}' :\n {}", name.getUpName(), groups );
}
}
@@ -329,16 +347,20 @@
case ( DirContext.ADD_ATTRIBUTE ):
addMembers( memberSet, members );
break;
+
case ( DirContext.REPLACE_ATTRIBUTE ):
if ( members.size() > 0 )
{
memberSet.clear();
addMembers( memberSet, members );
}
+
break;
+
case ( DirContext.REMOVE_ATTRIBUTE ):
removeMembers( memberSet, members );
break;
+
default:
throw new InternalError( "Undefined modify operation value of " + modOp );
}
@@ -354,22 +376,24 @@
* @param entry the group entry being modified
* @throws NamingException if there are problems accessing attribute values
*/
- public void groupModified( Name name, ModificationItemImpl[] mods, Attributes entry ) throws NamingException
+ public void groupModified( LdapDN name, ModificationItemImpl[] mods, Attributes entry ) throws NamingException
{
Attribute members = null;
String memberAttrId = null;
- Attribute oc = entry.get( OC_ATTR );
+ Attribute oc = entry.get( SchemaConstants.OBJECT_CLASS_AT );
- if ( AttributeUtils.containsValueCaseIgnore( oc, GROUPOFNAMES_OC ) )
+ if ( AttributeUtils.containsValueCaseIgnore( oc, SchemaConstants.GROUP_OF_NAMES_OC ) ||
+ AttributeUtils.containsValueCaseIgnore( oc, SchemaConstants.GROUP_OF_NAMES_OC_OID ))
{
- members = entry.get( MEMBER_ATTR );
- memberAttrId = MEMBER_ATTR;
+ members = AttributeUtils.getAttribute( entry, memberAT );
+ memberAttrId = SchemaConstants.MEMBER_AT;
}
- if ( AttributeUtils.containsValueCaseIgnore( oc, GROUPOFUNIQUENAMES_OC ) )
+ if ( AttributeUtils.containsValueCaseIgnore( oc, SchemaConstants.GROUP_OF_UNIQUE_NAMES_OC ) ||
+ AttributeUtils.containsValueCaseIgnore( oc, SchemaConstants.GROUP_OF_UNIQUE_NAMES_OC_OID ) )
{
- members = entry.get( UNIQUEMEMBER_ATTR );
- memberAttrId = UNIQUEMEMBER_ATTR;
+ members = AttributeUtils.getAttribute(entry, uniqueMemberAT );
+ memberAttrId = SchemaConstants.UNIQUE_MEMBER_AT;
}
if ( members == null )
@@ -377,15 +401,15 @@
return;
}
- for ( int ii = 0; ii < mods.length; ii++ )
+ for ( ModificationItem modification:mods )
{
- if ( memberAttrId.equalsIgnoreCase( mods[ii].getAttribute().getID() ) )
+ if ( memberAttrId.equalsIgnoreCase( modification.getAttribute().getID() ) )
{
- Set<String> memberSet = groups.get( name.toString() );
+ Set<String> memberSet = groups.get( name.getNormName() );
if ( memberSet != null )
{
- modify( memberSet, mods[ii].getModificationOp(), mods[ii].getAttribute() );
+ modify( memberSet, modification.getModificationOp(), modification.getAttribute() );
}
break;
@@ -394,7 +418,7 @@
if ( IS_DEBUG )
{
- log.debug( "group cache contents after modifying " + name.toString() + ":\n" + groups );
+ log.debug( "group cache contents after modifying '{}' :\n {}", name.getUpName(), groups );
}
}
@@ -409,7 +433,7 @@
* @param entry the entry being modified
* @throws NamingException if there are problems accessing attribute values
*/
- public void groupModified( Name name, int modOp, Attributes mods, Attributes entry ) throws NamingException
+ public void groupModified( LdapDN name, int modOp, Attributes mods, Attributes entry ) throws NamingException
{
Attribute members = getMemberAttribute( mods );
@@ -418,7 +442,7 @@
return;
}
- Set<String> memberSet = groups.get( name.toString() );
+ Set<String> memberSet = groups.get( name.getNormName() );
if ( memberSet != null )
{
@@ -427,7 +451,7 @@
if ( IS_DEBUG )
{
- log.debug( "group cache contents after modifying " + name.toString() + ":\n" + groups );
+ log.debug( "group cache contents after modifying '{}' :\n {}", name.getUpName(), groups );
}
}
@@ -441,12 +465,13 @@
*/
public final boolean isPrincipalAnAdministrator( LdapDN principalDn )
{
- if ( principalDn.toNormName().equals( PartitionNexus.ADMIN_PRINCIPAL_NORMALIZED ) )
+ if ( principalDn.getNormName().equals( PartitionNexus.ADMIN_PRINCIPAL_NORMALIZED ) )
{
return true;
}
- Set members = ( Set ) groups.get( administratorsGroupDn.toNormName() );
+ Set members = ( Set ) groups.get( administratorsGroupDn.getNormName() );
+
if ( members == null )
{
log.warn( "What do you mean there is no administrators group? This is bad news." );
@@ -465,68 +490,67 @@
* @return a Set of Name objects representing the groups
* @throws NamingException if there are problems accessing attribute values
*/
- public Set getGroups( String member ) throws NamingException
+ public Set<LdapDN> getGroups( String member ) throws NamingException
{
+ LdapDN normMember = null;
+
try
{
- member = parseNormalized( member ).toString();
+ normMember = parseNormalized( member );
}
catch ( NamingException e )
{
- log
- .warn(
- "Malformed member DN. Could not find groups for member in GroupCache. Returning empty set for groups!",
- e );
- return Collections.EMPTY_SET;
+ log.warn( "Malformed member DN. Could not find groups for member '{}' in GroupCache. Returning empty set for groups!", member, e );
+ return EMPTY_GROUPS;
}
- Set<Name> memberGroups = null;
+ Set<LdapDN> memberGroups = null;
- Iterator list = groups.keySet().iterator();
- while ( list.hasNext() )
+ for ( String group:groups.keySet() )
{
- String group = ( String ) list.next();
- Set members = ( Set ) groups.get( group );
+ Set<String> members = groups.get( group );
if ( members == null )
{
continue;
}
- if ( members.contains( member ) )
+ if ( members.contains( normMember.getNormName() ) )
{
if ( memberGroups == null )
{
- memberGroups = new HashSet<Name>();
+ memberGroups = new HashSet<LdapDN>();
}
- memberGroups.add( new LdapDN( group ) );
+ memberGroups.add( parseNormalized( group ) );
}
}
if ( memberGroups == null )
{
- return Collections.EMPTY_SET;
+ return EMPTY_GROUPS;
}
return memberGroups;
}
- public boolean groupRenamed( Name oldName, Name newName )
+ public boolean groupRenamed( LdapDN oldName, LdapDN newName )
{
- Set<String> members = groups.remove( oldName.toString() );
+ Set<String> members = groups.remove( oldName.getNormName() );
if ( members != null )
{
- groups.put( newName.toString(), members );
+ groups.put( newName.getNormName(), members );
if ( IS_DEBUG )
{
- log.debug( "group cache contents after renaming " + oldName.toString() + ":\n" + groups );
+ log.debug( "group cache contents after renaming '{}' :\n{}", oldName.getUpName(), groups );
}
+
return true;
}
+
return false;
}
}
Modified: directory/apacheds/branches/apacheds-sasl-branch/core/src/main/java/org/apache/directory/server/core/authz/TupleCache.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/apacheds-sasl-branch/core/src/main/java/org/apache/directory/server/core/authz/TupleCache.java?view=diff&rev=541123&r1=541122&r2=541123
==============================================================================
--- directory/apacheds/branches/apacheds-sasl-branch/core/src/main/java/org/apache/directory/server/core/authz/TupleCache.java (original)
+++ directory/apacheds/branches/apacheds-sasl-branch/core/src/main/java/org/apache/directory/server/core/authz/TupleCache.java Wed May 23 17:26:40 2007
@@ -38,6 +38,7 @@
import javax.naming.directory.SearchResult;
import org.apache.directory.server.core.DirectoryServiceConfiguration;
+import org.apache.directory.server.core.interceptor.context.SearchOperationContext;
import org.apache.directory.server.core.partition.PartitionNexus;
import org.apache.directory.server.schema.ConcreteNameComponentNormalizer;
import org.apache.directory.server.schema.registries.AttributeTypeRegistry;
@@ -45,6 +46,7 @@
import org.apache.directory.shared.ldap.aci.ACIItem;
import org.apache.directory.shared.ldap.aci.ACIItemParser;
import org.apache.directory.shared.ldap.aci.ACITuple;
+import org.apache.directory.shared.ldap.constants.SchemaConstants;
import org.apache.directory.shared.ldap.exception.LdapSchemaViolationException;
import org.apache.directory.shared.ldap.filter.AssertionEnum;
import org.apache.directory.shared.ldap.filter.ExprNode;
@@ -53,6 +55,7 @@
import org.apache.directory.shared.ldap.message.ResultCodeEnum;
import org.apache.directory.shared.ldap.name.LdapDN;
import org.apache.directory.shared.ldap.name.NameComponentNormalizer;
+import org.apache.directory.shared.ldap.schema.AttributeType;
import org.apache.directory.shared.ldap.schema.OidNormalizer;
import org.apache.directory.shared.ldap.util.AttributeUtils;
import org.slf4j.Logger;
@@ -69,25 +72,27 @@
*/
public class TupleCache
{
- /** the attribute id for prescriptive aci: prescriptiveACI */
- private static final String ACI_ATTR = "prescriptiveACI";
- /** the attribute id for an object class: objectClass */
- private static final String OC_ATTR = "objectClass";
- /** the object class for access control subentries: accessControlSubentry */
- private static final String ACSUBENTRY_OC = "accessControlSubentry";
-
/** the logger for this class */
private static final Logger log = LoggerFactory.getLogger( TupleCache.class );
/** cloned startup environment properties we use for subentry searching */
private final Hashtable env;
+
/** a map of strings to ACITuple collections */
private final Map<String,List> tuples = new HashMap<String,List>();
+
/** a handle on the partition nexus */
private final PartitionNexus nexus;
+
/** a normalizing ACIItem parser */
private final ACIItemParser aciParser;
+ /** Stores a reference to the AttributeType registry */
+ private AttributeTypeRegistry attributeTypeRegistry;
+
+ /** A starage for the PrescriptiveACI attributeType */
+ private AttributeType prescriptiveAciAT;
+
/**
* The OIDs normalizer map
*/
@@ -98,16 +103,17 @@
*
* @param factoryCfg the context factory configuration for the server
*/
- public TupleCache(DirectoryServiceConfiguration factoryCfg) throws NamingException
+ public TupleCache( DirectoryServiceConfiguration factoryCfg ) throws NamingException
{
normalizerMap = factoryCfg.getRegistries().getAttributeTypeRegistry().getNormalizerMapping();
this.nexus = factoryCfg.getPartitionNexus();
- AttributeTypeRegistry attributeRegistry = factoryCfg.getRegistries().getAttributeTypeRegistry();
+ attributeTypeRegistry = factoryCfg.getRegistries().getAttributeTypeRegistry();
OidRegistry oidRegistry = factoryCfg.getRegistries().getOidRegistry();
- NameComponentNormalizer ncn = new ConcreteNameComponentNormalizer( attributeRegistry, oidRegistry );
+ NameComponentNormalizer ncn = new ConcreteNameComponentNormalizer( attributeTypeRegistry, oidRegistry );
aciParser = new ACIItemParser( ncn, normalizerMap );
env = ( Hashtable ) factoryCfg.getEnvironment().clone();
initialize();
+ prescriptiveAciAT = attributeTypeRegistry.lookup( SchemaConstants.PRESCRIPTIVE_ACI_AT );
}
@@ -124,29 +130,34 @@
// search all naming contexts for access control subentenries
// generate ACITuple Arrays for each subentry
// add that subentry to the hash
- Iterator suffixes = nexus.listSuffixes();
+ Iterator suffixes = nexus.listSuffixes( null );
+
while ( suffixes.hasNext() )
{
String suffix = ( String ) suffixes.next();
LdapDN baseDn = parseNormalized( suffix );
- ExprNode filter = new SimpleNode( OC_ATTR, ACSUBENTRY_OC, AssertionEnum.EQUALITY );
+ ExprNode filter = new SimpleNode( SchemaConstants.OBJECT_CLASS_AT, SchemaConstants.ACCESS_CONTROL_SUBENTRY_OC, AssertionEnum.EQUALITY );
SearchControls ctls = new SearchControls();
ctls.setSearchScope( SearchControls.SUBTREE_SCOPE );
- NamingEnumeration results = nexus.search( baseDn, env, filter, ctls );
+ NamingEnumeration<SearchResult> results =
+ nexus.search( new SearchOperationContext( baseDn, env, filter, ctls ) );
+
while ( results.hasMore() )
{
SearchResult result = ( SearchResult ) results.next();
String subentryDn = result.getName();
- Attribute aci = result.getAttributes().get( ACI_ATTR );
+ Attribute aci = AttributeUtils.getAttribute( result.getAttributes(), prescriptiveAciAT );
+
if ( aci == null )
{
- log.warn( "Found accessControlSubentry '" + subentryDn + "' without any " + ACI_ATTR );
+ log.warn( "Found accessControlSubentry '" + subentryDn + "' without any " + SchemaConstants.PRESCRIPTIVE_ACI_AT );
continue;
}
LdapDN normName = parseNormalized( subentryDn );
subentryAdded( subentryDn, normName, result.getAttributes() );
}
+
results.close();
}
}
@@ -155,11 +166,12 @@
private boolean hasPrescriptiveACI( Attributes entry ) throws NamingException
{
// only do something if the entry contains prescriptiveACI
- Attribute aci = entry.get( ACI_ATTR );
+ Attribute aci = AttributeUtils.getAttribute( entry, prescriptiveAciAT );
if ( aci == null )
{
- if ( AttributeUtils.containsValueCaseIgnore( entry.get( OC_ATTR ), ACSUBENTRY_OC ) )
+ if ( AttributeUtils.containsValueCaseIgnore( entry.get( SchemaConstants.OBJECT_CLASS_AT ), SchemaConstants.ACCESS_CONTROL_SUBENTRY_OC ) ||
+ AttributeUtils.containsValueCaseIgnore( entry.get( SchemaConstants.OBJECT_CLASS_AT ), SchemaConstants.ACCESS_CONTROL_SUBENTRY_OC_OID ))
{
// should not be necessary because of schema interceptor but schema checking
// can be turned off and in this case we must protect against being able to
@@ -179,7 +191,8 @@
public void subentryAdded( String upName, LdapDN normName, Attributes entry ) throws NamingException
{
// only do something if the entry contains prescriptiveACI
- Attribute aci = entry.get( ACI_ATTR );
+ Attribute aci = AttributeUtils.getAttribute( entry, prescriptiveAciAT );
+
if ( !hasPrescriptiveACI( entry ) )
{
return;
@@ -199,8 +212,15 @@
}
catch ( ParseException e )
{
- String msg = "ACIItem parser failure on " + aciStr + ". Cannnot add ACITuples to TupleCache.";
- log.warn( msg, e );
+ String msg = "ACIItem parser failure on \n'" + item + "'\ndue to syntax error. " +
+ "Cannnot add ACITuples to TupleCache.\n" +
+ "Check that the syntax of the ACI item is correct. \nUntil this error " +
+ "is fixed your security settings will not be as expected.";
+ log.error( msg, e );
+
+ // do not process this ACI Item because it will be null
+ // continue on to process the next ACI item in the entry
+ continue;
}
}
@@ -227,10 +247,14 @@
}
boolean isAciModified = false;
+
for ( int ii = 0; ii < mods.length; ii++ )
{
- isAciModified |= mods[ii].getAttribute().contains( ACI_ATTR );
+ // Check for the name and for the OID
+ isAciModified |= AttributeUtils.containsValueCaseIgnore( mods[ii].getAttribute(), SchemaConstants.PRESCRIPTIVE_ACI_AT );
+ isAciModified |= AttributeUtils.containsValueCaseIgnore( mods[ii].getAttribute(), SchemaConstants.PRESCRIPTIVE_ACI_AT_OID );
}
+
if ( isAciModified )
{
subentryDeleted( normName, entry );
@@ -246,7 +270,7 @@
return;
}
- if ( mods.get( ACI_ATTR ) != null )
+ if ( AttributeUtils.getAttribute( mods, prescriptiveAciAT ) != null )
{
subentryDeleted( normName, entry );
subentryAdded( normName.getUpName(), normName, entry );
Modified: directory/apacheds/branches/apacheds-sasl-branch/core/src/main/java/org/apache/directory/server/core/authz/support/ACDFEngine.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/apacheds-sasl-branch/core/src/main/java/org/apache/directory/server/core/authz/support/ACDFEngine.java?view=diff&rev=541123&r1=541122&r2=541123
==============================================================================
--- directory/apacheds/branches/apacheds-sasl-branch/core/src/main/java/org/apache/directory/server/core/authz/support/ACDFEngine.java (original)
+++ directory/apacheds/branches/apacheds-sasl-branch/core/src/main/java/org/apache/directory/server/core/authz/support/ACDFEngine.java Wed May 23 17:26:40 2007
@@ -29,11 +29,20 @@
import javax.naming.NamingException;
import javax.naming.directory.Attributes;
+import org.apache.directory.server.core.authn.AuthenticationService;
+import org.apache.directory.server.core.authz.AuthorizationService;
+import org.apache.directory.server.core.authz.DefaultAuthorizationService;
import org.apache.directory.server.core.event.Evaluator;
+import org.apache.directory.server.core.event.EventService;
import org.apache.directory.server.core.event.ExpressionEvaluator;
+import org.apache.directory.server.core.interceptor.context.LookupOperationContext;
+import org.apache.directory.server.core.normalization.NormalizationService;
+import org.apache.directory.server.core.operational.OperationalAttributeService;
import org.apache.directory.server.core.partition.PartitionNexusProxy;
+import org.apache.directory.server.core.schema.SchemaService;
import org.apache.directory.server.core.subtree.RefinementEvaluator;
import org.apache.directory.server.core.subtree.RefinementLeafEvaluator;
+import org.apache.directory.server.core.subtree.SubentryService;
import org.apache.directory.server.core.subtree.SubtreeEvaluator;
import org.apache.directory.server.schema.registries.AttributeTypeRegistry;
import org.apache.directory.server.schema.registries.OidRegistry;
@@ -126,15 +135,15 @@
public static final Collection USER_LOOKUP_BYPASS;
static
{
- Collection c = new HashSet();
- c.add( "normalizationService" );
- c.add( "authenticationService" );
- c.add( "authorizationService" );
- c.add( "defaultAuthorizationService" );
- c.add( "schemaService" );
- c.add( "subentryService" );
- c.add( "operationalAttributeService" );
- c.add( "eventService" );
+ Collection<String> c = new HashSet<String>();
+ c.add( NormalizationService.NAME );
+ c.add( AuthenticationService.NAME );
+ c.add( AuthorizationService.NAME );
+ c.add( DefaultAuthorizationService.NAME );
+ c.add( SchemaService.NAME );
+ c.add( SubentryService.NAME );
+ c.add( OperationalAttributeService.NAME );
+ c.add( EventService.NAME );
USER_LOOKUP_BYPASS = Collections.unmodifiableCollection( c );
}
@@ -164,7 +173,7 @@
throw new NullPointerException( "entryName" );
}
- Attributes userEntry = proxy.lookup( userName, USER_LOOKUP_BYPASS );
+ Attributes userEntry = proxy.lookup( new LookupOperationContext( userName ), USER_LOOKUP_BYPASS );
// Determine the scope of the requested operation.
OperationScope scope;
Modified: directory/apacheds/branches/apacheds-sasl-branch/core/src/main/java/org/apache/directory/server/core/authz/support/MaxImmSubFilter.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/apacheds-sasl-branch/core/src/main/java/org/apache/directory/server/core/authz/support/MaxImmSubFilter.java?view=diff&rev=541123&r1=541122&r2=541123
==============================================================================
--- directory/apacheds/branches/apacheds-sasl-branch/core/src/main/java/org/apache/directory/server/core/authz/support/MaxImmSubFilter.java (original)
+++ directory/apacheds/branches/apacheds-sasl-branch/core/src/main/java/org/apache/directory/server/core/authz/support/MaxImmSubFilter.java Wed May 23 17:26:40 2007
@@ -30,11 +30,22 @@
import javax.naming.NamingException;
import javax.naming.directory.Attributes;
import javax.naming.directory.SearchControls;
+import javax.naming.directory.SearchResult;
+import org.apache.directory.server.core.authn.AuthenticationService;
+import org.apache.directory.server.core.authz.AuthorizationService;
+import org.apache.directory.server.core.authz.DefaultAuthorizationService;
+import org.apache.directory.server.core.event.EventService;
+import org.apache.directory.server.core.interceptor.context.SearchOperationContext;
+import org.apache.directory.server.core.normalization.NormalizationService;
+import org.apache.directory.server.core.operational.OperationalAttributeService;
import org.apache.directory.server.core.partition.PartitionNexusProxy;
+import org.apache.directory.server.core.schema.SchemaService;
+import org.apache.directory.server.core.subtree.SubentryService;
import org.apache.directory.shared.ldap.aci.ACITuple;
import org.apache.directory.shared.ldap.aci.AuthenticationLevel;
import org.apache.directory.shared.ldap.aci.ProtectedItem;
+import org.apache.directory.shared.ldap.constants.SchemaConstants;
import org.apache.directory.shared.ldap.filter.ExprNode;
import org.apache.directory.shared.ldap.filter.PresenceNode;
import org.apache.directory.shared.ldap.name.LdapDN;
@@ -55,7 +66,7 @@
public MaxImmSubFilter()
{
- childrenFilter = new PresenceNode( "objectClass" );
+ childrenFilter = new PresenceNode( SchemaConstants.OBJECT_CLASS_AT );
childrenSearchControls = new SearchControls();
childrenSearchControls.setSearchScope( SearchControls.ONELEVEL_SCOPE );
}
@@ -117,15 +128,15 @@
public static final Collection SEARCH_BYPASS;
static
{
- Collection c = new HashSet();
- c.add( "normalizationService" );
- c.add( "authenticationService" );
- c.add( "authorizationService" );
- c.add( "defaultAuthorizationService" );
- c.add( "schemaService" );
- c.add( "subentryService" );
- c.add( "operationalAttributeService" );
- c.add( "eventService" );
+ Collection<String> c = new HashSet<String>();
+ c.add( NormalizationService.NAME );
+ c.add( AuthenticationService.NAME );
+ c.add( AuthorizationService.NAME );
+ c.add( DefaultAuthorizationService.NAME );
+ c.add( SchemaService.NAME );
+ c.add( SubentryService.NAME );
+ c.add( OperationalAttributeService.NAME );
+ c.add( EventService.NAME );
SEARCH_BYPASS = Collections.unmodifiableCollection( c );
}
@@ -133,10 +144,12 @@
private int getImmSubCount( PartitionNexusProxy proxy, LdapDN entryName ) throws NamingException
{
int cnt = 0;
- NamingEnumeration e = null;
+ NamingEnumeration<SearchResult> e = null;
+
try
{
- e = proxy.search( ( LdapDN ) entryName.getPrefix( 1 ), new HashMap(), childrenFilter, childrenSearchControls,
+ e = proxy.search(
+ new SearchOperationContext( ( LdapDN ) entryName.getPrefix( 1 ), new HashMap(), childrenFilter, childrenSearchControls ),
SEARCH_BYPASS );
while ( e.hasMore() )
Modified: directory/apacheds/branches/apacheds-sasl-branch/core/src/main/java/org/apache/directory/server/core/authz/support/RelatedProtectedItemFilter.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/apacheds-sasl-branch/core/src/main/java/org/apache/directory/server/core/authz/support/RelatedProtectedItemFilter.java?view=diff&rev=541123&r1=541122&r2=541123
==============================================================================
--- directory/apacheds/branches/apacheds-sasl-branch/core/src/main/java/org/apache/directory/server/core/authz/support/RelatedProtectedItemFilter.java (original)
+++ directory/apacheds/branches/apacheds-sasl-branch/core/src/main/java/org/apache/directory/server/core/authz/support/RelatedProtectedItemFilter.java Wed May 23 17:26:40 2007
@@ -37,6 +37,7 @@
import org.apache.directory.shared.ldap.aci.ProtectedItem;
import org.apache.directory.shared.ldap.aci.ProtectedItem.MaxValueCountItem;
import org.apache.directory.shared.ldap.aci.ProtectedItem.RestrictedByItem;
+import org.apache.directory.shared.ldap.constants.SchemaConstants;
import org.apache.directory.shared.ldap.name.LdapDN;
import org.apache.directory.shared.ldap.schema.AttributeType;
import org.apache.directory.shared.ldap.util.AttributeUtils;
@@ -183,7 +184,7 @@
else if ( item instanceof ProtectedItem.Classes )
{
ProtectedItem.Classes c = ( ProtectedItem.Classes ) item;
- if ( refinementEvaluator.evaluate( c.getClasses(), entry.get( "objectClass" ) ) )
+ if ( refinementEvaluator.evaluate( c.getClasses(), entry.get( SchemaConstants.OBJECT_CLASS_AT ) ) )
{
return true;
}
@@ -249,7 +250,10 @@
{
AttributeType attrType = attrRegistry.lookup( oid );
Attribute attr = AttributeUtils.getAttribute( entry, attrType );
- if ( attr != null && ( ( attr.contains( userName.toNormName() ) || attr.contains( userName.getUpName() ) ) ) )
+
+ if ( ( attr != null ) &&
+ ( ( AttributeUtils.containsValue( attr, userName.toNormName(), attrType ) ||
+ ( AttributeUtils.containsValue( attr, userName.getUpName(), attrType ) ) ) ) )
{
return true;
}
Modified: directory/apacheds/branches/apacheds-sasl-branch/core/src/main/java/org/apache/directory/server/core/authz/support/RestrictedByFilter.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/apacheds-sasl-branch/core/src/main/java/org/apache/directory/server/core/authz/support/RestrictedByFilter.java?view=diff&rev=541123&r1=541122&r2=541123
==============================================================================
--- directory/apacheds/branches/apacheds-sasl-branch/core/src/main/java/org/apache/directory/server/core/authz/support/RestrictedByFilter.java (original)
+++ directory/apacheds/branches/apacheds-sasl-branch/core/src/main/java/org/apache/directory/server/core/authz/support/RestrictedByFilter.java Wed May 23 17:26:40 2007
@@ -82,15 +82,19 @@
for ( Iterator i = tuple.getProtectedItems().iterator(); i.hasNext(); )
{
ProtectedItem item = ( ProtectedItem ) i.next();
+
if ( item instanceof ProtectedItem.RestrictedBy )
{
ProtectedItem.RestrictedBy rb = ( ProtectedItem.RestrictedBy ) item;
+
for ( Iterator k = rb.iterator(); k.hasNext(); )
{
RestrictedByItem rbItem = ( RestrictedByItem ) k.next();
+
if ( attrId.equalsIgnoreCase( rbItem.getAttributeType() ) )
{
Attribute attr = entry.get( rbItem.getValuesIn() );
+
if ( attr == null || !attr.contains( attrValue ) )
{
return true;
Modified: directory/apacheds/branches/apacheds-sasl-branch/core/src/main/java/org/apache/directory/server/core/collective/CollectiveAttributeService.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/apacheds-sasl-branch/core/src/main/java/org/apache/directory/server/core/collective/CollectiveAttributeService.java?view=diff&rev=541123&r1=541122&r2=541123
==============================================================================
--- directory/apacheds/branches/apacheds-sasl-branch/core/src/main/java/org/apache/directory/server/core/collective/CollectiveAttributeService.java (original)
+++ directory/apacheds/branches/apacheds-sasl-branch/core/src/main/java/org/apache/directory/server/core/collective/CollectiveAttributeService.java Wed May 23 17:26:40 2007
@@ -22,7 +22,6 @@
import java.util.HashSet;
import java.util.Iterator;
-import java.util.Map;
import java.util.Set;
import javax.naming.NamingEnumeration;
@@ -38,15 +37,20 @@
import org.apache.directory.server.core.enumeration.SearchResultFilteringEnumeration;
import org.apache.directory.server.core.interceptor.BaseInterceptor;
import org.apache.directory.server.core.interceptor.NextInterceptor;
+import org.apache.directory.server.core.interceptor.context.AddOperationContext;
+import org.apache.directory.server.core.interceptor.context.LookupOperationContext;
+import org.apache.directory.server.core.interceptor.context.ModifyOperationContext;
+import org.apache.directory.server.core.interceptor.context.OperationContext;
+import org.apache.directory.server.core.interceptor.context.SearchOperationContext;
import org.apache.directory.server.core.invocation.Invocation;
import org.apache.directory.server.core.invocation.InvocationStack;
import org.apache.directory.server.core.partition.PartitionNexus;
import org.apache.directory.server.schema.registries.AttributeTypeRegistry;
-import org.apache.directory.shared.ldap.filter.ExprNode;
import org.apache.directory.shared.ldap.message.AttributeImpl;
-import org.apache.directory.shared.ldap.message.ModificationItemImpl;
+import org.apache.directory.shared.ldap.message.ServerSearchResult;
import org.apache.directory.shared.ldap.name.LdapDN;
import org.apache.directory.shared.ldap.schema.AttributeType;
+import org.apache.directory.shared.ldap.util.AttributeUtils;
/**
@@ -61,6 +65,9 @@
*/
public class CollectiveAttributeService extends BaseInterceptor
{
+ /** The service name */
+ public static final String NAME = "collectiveAttributeService";
+
public static final String COLLECTIVE_ATTRIBUTE_SUBENTRIES = "collectiveAttributeSubentries";
public static final String EXCLUDE_ALL_COLLECTIVE_ATTRIBUTES_OID = "2.5.18.0";
@@ -74,7 +81,7 @@
public boolean accept( Invocation invocation, SearchResult result, SearchControls controls )
throws NamingException
{
- LdapDN name = new LdapDN( result.getName() );
+ LdapDN name = ((ServerSearchResult)result).getDn();
name = LdapDN.normalize( name, attrTypeRegistry.getNormalizerMapping() );
Attributes entry = result.getAttributes();
String[] retAttrs = controls.getReturningAttributes();
@@ -111,7 +118,7 @@
*/
private void addCollectiveAttributes( LdapDN normName, Attributes entry, String[] retAttrs ) throws NamingException
{
- Attributes entryWithCAS = nexus.lookup( normName, new String[] { COLLECTIVE_ATTRIBUTE_SUBENTRIES } );
+ Attributes entryWithCAS = nexus.lookup( new LookupOperationContext( normName, new String[] { COLLECTIVE_ATTRIBUTE_SUBENTRIES } ) );
Attribute caSubentries = entryWithCAS.get( COLLECTIVE_ATTRIBUTE_SUBENTRIES );
/*
@@ -134,7 +141,7 @@
if ( collectiveExclusions != null )
{
- if ( collectiveExclusions.contains( EXCLUDE_ALL_COLLECTIVE_ATTRIBUTES_OID )
+ if ( AttributeUtils.containsValueCaseIgnore( collectiveExclusions, EXCLUDE_ALL_COLLECTIVE_ATTRIBUTES_OID )
|| collectiveExclusions.contains( EXCLUDE_ALL_COLLECTIVE_ATTRIBUTES ) )
{
/*
@@ -182,7 +189,7 @@
{
String subentryDnStr = ( String ) caSubentries.get( ii );
LdapDN subentryDn = new LdapDN( subentryDnStr );
- Attributes subentry = nexus.lookup( subentryDn );
+ Attributes subentry = nexus.lookup( new LookupOperationContext( subentryDn ) );
NamingEnumeration attrIds = subentry.getIDs();
while ( attrIds.hasMore() )
@@ -276,72 +283,60 @@
// ------------------------------------------------------------------------
// Interceptor Method Overrides
// ------------------------------------------------------------------------
-
- public Attributes lookup( NextInterceptor nextInterceptor, LdapDN name ) throws NamingException
+ public Attributes lookup( NextInterceptor nextInterceptor, OperationContext opContext ) throws NamingException
{
- Attributes result = nextInterceptor.lookup( name );
+ Attributes result = nextInterceptor.lookup( opContext );
if ( result == null )
{
return null;
}
- addCollectiveAttributes( name, result, new String[] { "*" } );
- return result;
- }
-
-
- public Attributes lookup( NextInterceptor nextInterceptor, LdapDN name, String[] attrIds ) throws NamingException
- {
- Attributes result = nextInterceptor.lookup( name, attrIds );
+ LookupOperationContext ctx = (LookupOperationContext)opContext;
- if ( result == null )
+ if ( ( ctx.getAttrsId() == null ) || ( ctx.getAttrsId().size() == 0 ) )
{
- return null;
+ addCollectiveAttributes( ctx.getDn(), result, new String[] { "*" } );
}
-
- addCollectiveAttributes( name, result, attrIds );
+ else
+ {
+ addCollectiveAttributes( ctx.getDn(), result, ctx.getAttrsIdArray() );
+ }
+
return result;
}
- public NamingEnumeration list( NextInterceptor nextInterceptor, LdapDN base ) throws NamingException
+ public NamingEnumeration list( NextInterceptor nextInterceptor, OperationContext opContext ) throws NamingException
{
- NamingEnumeration e = nextInterceptor.list( base );
+ NamingEnumeration e = nextInterceptor.list( opContext );
Invocation invocation = InvocationStack.getInstance().peek();
- return new SearchResultFilteringEnumeration( e, new SearchControls(), invocation, SEARCH_FILTER );
+ return new SearchResultFilteringEnumeration( e, new SearchControls(), invocation, SEARCH_FILTER, "List collective Filter" );
}
- public NamingEnumeration search( NextInterceptor nextInterceptor, LdapDN base, Map env, ExprNode filter,
- SearchControls searchCtls ) throws NamingException
+ public NamingEnumeration<SearchResult> search( NextInterceptor nextInterceptor, OperationContext opContext ) throws NamingException
{
- NamingEnumeration e = nextInterceptor.search( base, env, filter, searchCtls );
+ NamingEnumeration<SearchResult> e = nextInterceptor.search( opContext );
Invocation invocation = InvocationStack.getInstance().peek();
- return new SearchResultFilteringEnumeration( e, searchCtls, invocation, SEARCH_FILTER );
+ return new SearchResultFilteringEnumeration(
+ e, ((SearchOperationContext)opContext).getSearchControls(), invocation, SEARCH_FILTER, "Search collective Filter" );
}
// ------------------------------------------------------------------------
// Partial Schema Checking
// ------------------------------------------------------------------------
- public void add( NextInterceptor next, LdapDN normName, Attributes entry ) throws NamingException
- {
- collectiveAttributesSchemaChecker.checkAdd( normName, entry );
- super.add( next, normName, entry );
- }
-
-
- public void modify( NextInterceptor next, LdapDN normName, int modOp, Attributes mods ) throws NamingException
+ public void add( NextInterceptor next, OperationContext opContext ) throws NamingException
{
- collectiveAttributesSchemaChecker.checkModify( normName, modOp, mods );
- super.modify( next, normName, modOp, mods );
+ collectiveAttributesSchemaChecker.checkAdd( opContext.getDn(), ((AddOperationContext)opContext).getEntry() );
+ super.add( next, opContext );
}
- public void modify( NextInterceptor next, LdapDN normName, ModificationItemImpl[] mods ) throws NamingException
+ public void modify( NextInterceptor next, OperationContext opContext ) throws NamingException
{
- collectiveAttributesSchemaChecker.checkModify( normName, mods );
- super.modify( next, normName, mods );
+ collectiveAttributesSchemaChecker.checkModify( opContext.getDn(), ((ModifyOperationContext)opContext).getModItems() );
+ super.modify( next, opContext );
}
}
Modified: directory/apacheds/branches/apacheds-sasl-branch/core/src/main/java/org/apache/directory/server/core/collective/CollectiveAttributesSchemaChecker.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/apacheds-sasl-branch/core/src/main/java/org/apache/directory/server/core/collective/CollectiveAttributesSchemaChecker.java?view=diff&rev=541123&r1=541122&r2=541123
==============================================================================
--- directory/apacheds/branches/apacheds-sasl-branch/core/src/main/java/org/apache/directory/server/core/collective/CollectiveAttributesSchemaChecker.java (original)
+++ directory/apacheds/branches/apacheds-sasl-branch/core/src/main/java/org/apache/directory/server/core/collective/CollectiveAttributesSchemaChecker.java Wed May 23 17:26:40 2007
@@ -26,8 +26,10 @@
import javax.naming.directory.Attributes;
import javax.naming.directory.DirContext;
+import org.apache.directory.server.core.interceptor.context.LookupOperationContext;
import org.apache.directory.server.core.partition.PartitionNexus;
import org.apache.directory.server.schema.registries.AttributeTypeRegistry;
+import org.apache.directory.shared.ldap.constants.SchemaConstants;
import org.apache.directory.shared.ldap.exception.LdapSchemaViolationException;
import org.apache.directory.shared.ldap.message.ModificationItemImpl;
import org.apache.directory.shared.ldap.message.ResultCodeEnum;
@@ -56,7 +58,7 @@
public void checkAdd( LdapDN normName, Attributes entry ) throws LdapSchemaViolationException, NamingException
{
- Attribute objectClass = entry.get( "objectClass" );
+ Attribute objectClass = entry.get( SchemaConstants.OBJECT_CLASS_AT );
if ( AttributeUtils.containsValueCaseIgnore( objectClass, "collectiveAttributeSubentry" ) )
{
@@ -93,9 +95,9 @@
public void checkModify( LdapDN normName, ModificationItemImpl[] mods ) throws NamingException
{
- Attributes originalEntry = nexus.lookup( normName );
+ Attributes originalEntry = nexus.lookup( new LookupOperationContext( normName ) );
Attributes targetEntry = SchemaUtils.getTargetEntry( mods, originalEntry );
- Attribute targetObjectClasses = targetEntry.get( "objectClass" );
+ Attribute targetObjectClasses = targetEntry.get( SchemaConstants.OBJECT_CLASS_AT );
if ( AttributeUtils.containsValueCaseIgnore( targetObjectClasses, "collectiveAttributeSubentry" ) )
{
Modified: directory/apacheds/branches/apacheds-sasl-branch/core/src/main/java/org/apache/directory/server/core/configuration/AuthenticatorConfiguration.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/apacheds-sasl-branch/core/src/main/java/org/apache/directory/server/core/configuration/AuthenticatorConfiguration.java?view=diff&rev=541123&r1=541122&r2=541123
==============================================================================
--- directory/apacheds/branches/apacheds-sasl-branch/core/src/main/java/org/apache/directory/server/core/configuration/AuthenticatorConfiguration.java (original)
+++ directory/apacheds/branches/apacheds-sasl-branch/core/src/main/java/org/apache/directory/server/core/configuration/AuthenticatorConfiguration.java Wed May 23 17:26:40 2007
@@ -60,6 +60,18 @@
this.authenticator = authenticator;
}
+ /**
+ * Sets the {@link Authenticator} to configure, with its name
+ *
+ * @param name The authenticator name
+ * @param authenticator The authenticator to register
+ */
+ protected void setAuthenticator( String name, Authenticator authenticator )
+ {
+ this.authenticator = authenticator;
+ this.name = name;
+ }
+
/**
* Returns the user-defined name of the {@link Authenticator} that
Modified: directory/apacheds/branches/apacheds-sasl-branch/core/src/main/java/org/apache/directory/server/core/configuration/MutableAuthenticatorConfiguration.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/apacheds-sasl-branch/core/src/main/java/org/apache/directory/server/core/configuration/MutableAuthenticatorConfiguration.java?view=diff&rev=541123&r1=541122&r2=541123
==============================================================================
--- directory/apacheds/branches/apacheds-sasl-branch/core/src/main/java/org/apache/directory/server/core/configuration/MutableAuthenticatorConfiguration.java (original)
+++ directory/apacheds/branches/apacheds-sasl-branch/core/src/main/java/org/apache/directory/server/core/configuration/MutableAuthenticatorConfiguration.java Wed May 23 17:26:40 2007
@@ -39,12 +39,26 @@
{
}
+ /**
+ * Create and register an authenticator with its name
+ *
+ * @param name The authenticator name
+ * @param authenticator The authenticator to register
+ */
+ public MutableAuthenticatorConfiguration( String name, Authenticator authenticator )
+ {
+ super.setAuthenticator( name, authenticator );
+ }
+ /**
+ * Register an authenticator
+ *
+ * @param authenticator The authenticator to register
+ */
public void setAuthenticator( Authenticator authenticator )
{
super.setAuthenticator( authenticator );
}
-
public void setName( String name )
{