You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by ak...@apache.org on 2007/04/20 01:23:02 UTC
svn commit: r530588 - in /directory/apacheds/trunk:
constants/src/main/java/org/apache/directory/server/constants/
core-unit/src/test/java/org/apache/directory/server/core/authz/
core/src/main/java/org/apache/directory/server/core/authz/
Author: akarasulu
Date: Thu Apr 19 16:23:02 2007
New Revision: 530588
URL: http://svn.apache.org/viewvc?view=rev&rev=530588
Log:
supplimental fix and test which was really fixed by elecharny for DIRSERVER-884
Added:
directory/apacheds/trunk/core-unit/src/test/java/org/apache/directory/server/core/authz/GeneralAuthorizationITest.java
Modified:
directory/apacheds/trunk/constants/src/main/java/org/apache/directory/server/constants/ApacheSchemaConstants.java
directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/TupleCache.java
Modified: directory/apacheds/trunk/constants/src/main/java/org/apache/directory/server/constants/ApacheSchemaConstants.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/constants/src/main/java/org/apache/directory/server/constants/ApacheSchemaConstants.java?view=diff&rev=530588&r1=530587&r2=530588
==============================================================================
--- directory/apacheds/trunk/constants/src/main/java/org/apache/directory/server/constants/ApacheSchemaConstants.java (original)
+++ directory/apacheds/trunk/constants/src/main/java/org/apache/directory/server/constants/ApacheSchemaConstants.java Thu Apr 19 16:23:02 2007
@@ -33,4 +33,5 @@
String SUBSCHEMA_SUBENTRY_NAME_AT = "subschemaSubentryName";
String SCHEMA_MODIFICATION_ATTRIBUTES_OC = "schemaModificationAttributes";
+ String SCHEMA_NAME = "apache";
}
Added: directory/apacheds/trunk/core-unit/src/test/java/org/apache/directory/server/core/authz/GeneralAuthorizationITest.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/core-unit/src/test/java/org/apache/directory/server/core/authz/GeneralAuthorizationITest.java?view=auto&rev=530588
==============================================================================
--- directory/apacheds/trunk/core-unit/src/test/java/org/apache/directory/server/core/authz/GeneralAuthorizationITest.java (added)
+++ directory/apacheds/trunk/core-unit/src/test/java/org/apache/directory/server/core/authz/GeneralAuthorizationITest.java Thu Apr 19 16:23:02 2007
@@ -0,0 +1,59 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.directory.server.core.authz;
+
+
+import javax.naming.NamingException;
+
+import org.apache.directory.shared.ldap.exception.LdapInvalidAttributeValueException;
+import org.apache.directory.shared.ldap.message.ResultCodeEnum;
+
+
+/**
+ * Tests various authorization functionality without any specific operation.
+ *
+ * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
+ * @version $Rev: 494176 $
+ */
+public class GeneralAuthorizationITest extends AbstractAuthorizationITest
+{
+ /**
+ * Checks to make sure we cannot create a malformed ACI missing two
+ * last brackets.
+ *
+ * @throws NamingException if the test encounters an error
+ */
+ public void testFailureToAddBadACI() throws NamingException
+ {
+ // add a subentry with malformed ACI
+ try
+ {
+ createAccessControlSubentry( "anybodyAdd", "{ " + "identificationTag \"addAci\", " + "precedence 14, "
+ + "authenticationLevel none, " + "itemOrUserFirst userFirst: { " + "userClasses { allUsers }, "
+ + "userPermissions { { " + "protectedItems {entry, allUserAttributeTypesAndValues}, "
+ + "grantsAndDenials { grantAdd, grantBrowse } } }" );
+ fail( "should never get here due to failure to add bad ACIItem" );
+ }
+ catch( LdapInvalidAttributeValueException e )
+ {
+ assertEquals( ResultCodeEnum.INVALID_ATTRIBUTE_SYNTAX, e.getResultCode() );
+ }
+ }
+}
Modified: directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/TupleCache.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/TupleCache.java?view=diff&rev=530588&r1=530587&r2=530588
==============================================================================
--- directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/TupleCache.java (original)
+++ directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/TupleCache.java Thu Apr 19 16:23:02 2007
@@ -97,7 +97,7 @@
*
* @param factoryCfg the context factory configuration for the server
*/
- public TupleCache(DirectoryServiceConfiguration factoryCfg) throws NamingException
+ public TupleCache( DirectoryServiceConfiguration factoryCfg ) throws NamingException
{
normalizerMap = factoryCfg.getRegistries().getAttributeTypeRegistry().getNormalizerMapping();
this.nexus = factoryCfg.getPartitionNexus();
@@ -199,8 +199,15 @@
}
catch ( ParseException e )
{
- String msg = "ACIItem parser failure on " + aciStr + ". Cannnot add ACITuples to TupleCache.";
- log.warn( msg, e );
+ String msg = "ACIItem parser failure on \n'" + item + "'\ndue to syntax error. " +
+ "Cannnot add ACITuples to TupleCache.\n" +
+ "Check that the syntax of the ACI item is correct. \nUntil this error " +
+ "is fixed your security settings will not be as expected.";
+ log.error( msg, e );
+
+ // do not process this ACI Item because it will be null
+ // continue on to process the next ACI item in the entry
+ continue;
}
}