You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by el...@apache.org on 2010/07/30 12:29:21 UTC
svn commit: r980723 - in /directory/apacheds/trunk:
core-integ/src/test/java/org/apache/directory/server/core/admin/AdministrativePointServiceIT.java
core/src/main/java/org/apache/directory/server/core/admin/AdministrativePointInterceptor.java
Author: elecharny
Date: Fri Jul 30 10:29:21 2010
New Revision: 980723
URL: http://svn.apache.org/viewvc?rev=980723&view=rev
Log:
o Added some tests for the Modify Add and Replace operation
o Fixed the AdministrativePoint interceptor
Modified:
directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/admin/AdministrativePointServiceIT.java
directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/admin/AdministrativePointInterceptor.java
Modified: directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/admin/AdministrativePointServiceIT.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/admin/AdministrativePointServiceIT.java?rev=980723&r1=980722&r2=980723&view=diff
==============================================================================
--- directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/admin/AdministrativePointServiceIT.java (original)
+++ directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/admin/AdministrativePointServiceIT.java Fri Jul 30 10:29:21 2010
@@ -27,12 +27,17 @@ import static org.junit.Assert.assertTru
import org.apache.directory.ldap.client.api.LdapConnection;
import org.apache.directory.ldap.client.api.message.AddResponse;
import org.apache.directory.ldap.client.api.message.ModifyDnResponse;
+import org.apache.directory.ldap.client.api.message.ModifyResponse;
import org.apache.directory.ldap.client.api.message.SearchResponse;
import org.apache.directory.ldap.client.api.message.SearchResultEntry;
import org.apache.directory.server.core.integ.AbstractLdapTestUnit;
import org.apache.directory.server.core.integ.FrameworkRunner;
import org.apache.directory.server.core.integ.IntegrationUtils;
+import org.apache.directory.shared.ldap.entry.DefaultEntryAttribute;
+import org.apache.directory.shared.ldap.entry.DefaultModification;
import org.apache.directory.shared.ldap.entry.Entry;
+import org.apache.directory.shared.ldap.entry.Modification;
+import org.apache.directory.shared.ldap.entry.ModificationOperation;
import org.apache.directory.shared.ldap.ldif.LdifUtils;
import org.apache.directory.shared.ldap.message.ResultCodeEnum;
import org.junit.After;
@@ -67,6 +72,17 @@ public class AdministrativePointServiceI
}
+ private Entry getAdminRole( String dn ) throws Exception
+ {
+ SearchResponse lookup = connection.lookup( dn, "administrativeRole" );
+
+ assertTrue( lookup instanceof SearchResultEntry );
+
+ Entry entry = ((SearchResultEntry)lookup).getEntry();
+
+ return entry;
+ }
+
// -------------------------------------------------------------------
// Test the Add operation
// -------------------------------------------------------------------
@@ -91,17 +107,13 @@ public class AdministrativePointServiceI
assertEquals( ResultCodeEnum.SUCCESS, response.getLdapResult().getResultCode() );
// Check that the entry is containing all the roles
- SearchResponse lookup = connection.lookup( "ou=autonomousArea, ou=system", "administrativeRole" );
-
- assertTrue( lookup instanceof SearchResultEntry );
+ Entry entry = getAdminRole( "ou=autonomousArea, ou=system" );
- Entry result = ((SearchResultEntry)lookup).getEntry();
-
- assertTrue( result.contains( "administrativeRole", "autonomousArea" ) );
- assertFalse( result.contains( "administrativeRole", "accessControlSpecificArea" ) );
- assertFalse( result.contains( "administrativeRole", "collectiveAttributeSpecificArea" ) );
- assertFalse( result.contains( "administrativeRole", "2.5.23.4" ) );
- assertFalse( result.contains( "administrativeRole", "triggerExecutionSpecificArea" ) );
+ assertTrue( entry.contains( "administrativeRole", "autonomousArea" ) );
+ assertFalse( entry.contains( "administrativeRole", "accessControlSpecificArea" ) );
+ assertFalse( entry.contains( "administrativeRole", "collectiveAttributeSpecificArea" ) );
+ assertFalse( entry.contains( "administrativeRole", "2.5.23.4" ) );
+ assertFalse( entry.contains( "administrativeRole", "triggerExecutionSpecificArea" ) );
autonomousArea = LdifUtils.createEntry(
"ou=autonomousArea2, ou=system",
@@ -143,17 +155,14 @@ public class AdministrativePointServiceI
assertEquals( ResultCodeEnum.SUCCESS, response.getLdapResult().getResultCode() );
// Check that the entry is containing all the roles
- SearchResponse lookup = connection.lookup( "ou=autonomousArea, ou=system", "administrativeRole" );
-
- assertTrue( lookup instanceof SearchResultEntry );
+ Entry entry = getAdminRole( "ou=autonomousArea, ou=system" );
- Entry result = ((SearchResultEntry)lookup).getEntry();
- assertFalse( result.contains( "administrativeRole", "autonomousArea" ) );
- assertTrue( result.contains( "administrativeRole", "accessControlSpecificArea" ) );
- assertFalse( result.contains( "administrativeRole", "collectiveAttributeSpecificArea" ) );
- assertFalse( result.contains( "administrativeRole", "2.5.23.4" ) );
- assertTrue( result.contains( "administrativeRole", "triggerExecutionSpecificArea" ) );
+ assertFalse( entry.contains( "administrativeRole", "autonomousArea" ) );
+ assertTrue( entry.contains( "administrativeRole", "accessControlSpecificArea" ) );
+ assertFalse( entry.contains( "administrativeRole", "collectiveAttributeSpecificArea" ) );
+ assertFalse( entry.contains( "administrativeRole", "2.5.23.4" ) );
+ assertTrue( entry.contains( "administrativeRole", "triggerExecutionSpecificArea" ) );
}
@@ -178,15 +187,11 @@ public class AdministrativePointServiceI
assertEquals( ResultCodeEnum.SUCCESS, response.getLdapResult().getResultCode() );
// Check that the entry is containing all the roles
- SearchResponse lookup = connection.lookup( "ou=autonomousArea, ou=system", "administrativeRole" );
+ Entry entry = getAdminRole( "ou=autonomousArea, ou=system" );
- assertTrue( lookup instanceof SearchResultEntry );
-
- Entry result = ((SearchResultEntry)lookup).getEntry();
-
- assertFalse( result.contains( "administrativeRole", "autonomousArea" ) );
- assertTrue( result.contains( "administrativeRole", "accessControlInnerArea" ) );
- assertTrue( result.contains( "administrativeRole", "triggerExecutionInnerArea" ) );
+ assertFalse( entry.contains( "administrativeRole", "autonomousArea" ) );
+ assertTrue( entry.contains( "administrativeRole", "accessControlInnerArea" ) );
+ assertTrue( entry.contains( "administrativeRole", "triggerExecutionInnerArea" ) );
}
@@ -237,6 +242,158 @@ public class AdministrativePointServiceI
// -------------------------------------------------------------------
// Test the Modify operation
// -------------------------------------------------------------------
+ /**
+ * Test the addition of a ACSA to a CASA
+ * @throws Exception
+ */
+ @Test
+ public void testModifyAddSpecificArea() throws Exception
+ {
+ // Inject an CASA
+ Entry caArea = LdifUtils.createEntry(
+ "ou=caArea, ou=system",
+ "ObjectClass: top",
+ "ObjectClass: organizationalUnit",
+ "ou: caArea",
+ "administrativeRole: collectiveAttributeSpecificArea"
+ );
+
+ connection.add( caArea );
+
+ // Add another specific area
+ Modification modification = new DefaultModification(
+ ModificationOperation.ADD_ATTRIBUTE,
+ new DefaultEntryAttribute( "administrativeRole", "accessControlSpecificArea" ) );
+ ModifyResponse response = connection.modify( "ou=caArea, ou=system", modification );
+
+ assertEquals( ResultCodeEnum.SUCCESS, response.getLdapResult().getResultCode() );
+ Entry entry = getAdminRole( "ou=caArea, ou=system" );
+
+ assertTrue( entry.contains( "administrativeRole", "accessControlSpecificArea" ) );
+ assertTrue( entry.contains( "administrativeRole", "collectiveAttributeSpecificArea" ) );
+ }
+
+
+ /**
+ * Test the addition of a ACIA to a CASA
+ * @throws Exception
+ */
+ @Test
+ public void testModifyAddInnerArea() throws Exception
+ {
+ // Inject an CASA
+ Entry caArea = LdifUtils.createEntry(
+ "ou=caArea, ou=system",
+ "ObjectClass: top",
+ "ObjectClass: organizationalUnit",
+ "ou: caArea",
+ "administrativeRole: collectiveAttributeSpecificArea"
+ );
+
+ connection.add( caArea );
+
+ // Add another specific area
+ Modification modification = new DefaultModification(
+ ModificationOperation.ADD_ATTRIBUTE,
+ new DefaultEntryAttribute(
+ "administrativeRole", "accessControlInnerArea" ) );
+ ModifyResponse response = connection.modify( "ou=caArea, ou=system", modification );
+
+ assertEquals( ResultCodeEnum.SUCCESS, response.getLdapResult().getResultCode() );
+ Entry entry = getAdminRole( "ou=caArea, ou=system" );
+
+ assertTrue( entry.contains( "administrativeRole", "collectiveAttributeSpecificArea" ) );
+ assertTrue( entry.contains( "administrativeRole", "accessControlInnerArea" ) );
+ }
+
+
+ /**
+ * Test the addition of a CAIA to a CASA
+ * @throws Exception
+ */
+ @Test
+ public void testModifyAddInnerAreaToSameSpecificArea() throws Exception
+ {
+ // Inject an CASA
+ Entry caArea = LdifUtils.createEntry(
+ "ou=caArea, ou=system",
+ "ObjectClass: top",
+ "ObjectClass: organizationalUnit",
+ "ou: caArea",
+ "administrativeRole: collectiveAttributeSpecificArea"
+ );
+
+ connection.add( caArea );
+
+ // Add another specific area
+ Modification modification = new DefaultModification(
+ ModificationOperation.ADD_ATTRIBUTE,
+ new DefaultEntryAttribute(
+ "administrativeRole", "collectiveAttributeInnerArea" ) );
+ ModifyResponse response = connection.modify( "ou=caArea, ou=system", modification );
+
+ assertEquals( ResultCodeEnum.UNWILLING_TO_PERFORM, response.getLdapResult().getResultCode() );
+ }
+
+
+ /**
+ * Test the addition of the same CASA
+ * @throws Exception
+ */
+ @Test
+ public void testModifyAddSameSpecificArea() throws Exception
+ {
+ // Inject an CASA
+ Entry caArea = LdifUtils.createEntry(
+ "ou=caArea, ou=system",
+ "ObjectClass: top",
+ "ObjectClass: organizationalUnit",
+ "ou: caArea",
+ "administrativeRole: collectiveAttributeSpecificArea"
+ );
+
+ connection.add( caArea );
+
+ // Add another specific area
+ Modification modification = new DefaultModification(
+ ModificationOperation.ADD_ATTRIBUTE,
+ new DefaultEntryAttribute(
+ "administrativeRole", "collectiveAttributeSpecificArea" ) );
+ ModifyResponse response = connection.modify( "ou=caArea, ou=system", modification );
+
+ assertEquals( ResultCodeEnum.ATTRIBUTE_OR_VALUE_EXISTS, response.getLdapResult().getResultCode() );
+ }
+
+
+ /**
+ * Test the replace modification : it's not supported
+ * @throws Exception
+ */
+ @Test
+ public void testModifyReplace() throws Exception
+ {
+ // Inject an CASA
+ Entry caArea = LdifUtils.createEntry(
+ "ou=caArea, ou=system",
+ "ObjectClass: top",
+ "ObjectClass: organizationalUnit",
+ "ou: caArea",
+ "administrativeRole: collectiveAttributeSpecificArea"
+ );
+
+ connection.add( caArea );
+
+ // Try to modify it to an InnerArea
+ Modification modification = new DefaultModification(
+ ModificationOperation.REPLACE_ATTRIBUTE,
+ new DefaultEntryAttribute( "administrativeRole", "collectiveAttributeSpecificArea" ) );
+ ModifyResponse response = connection.modify( "ou=caArea, ou=system", modification );
+
+ // Should fail
+ assertEquals( ResultCodeEnum.UNWILLING_TO_PERFORM, response.getLdapResult().getResultCode() );
+ }
+
+
// -------------------------------------------------------------------
// Test the Move operation
// -------------------------------------------------------------------
Modified: directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/admin/AdministrativePointInterceptor.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/admin/AdministrativePointInterceptor.java?rev=980723&r1=980722&r2=980723&view=diff
==============================================================================
--- directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/admin/AdministrativePointInterceptor.java (original)
+++ directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/admin/AdministrativePointInterceptor.java Fri Jul 30 10:29:21 2010
@@ -119,6 +119,85 @@ public class AdministrativePointIntercep
ROLES.add( SchemaConstants.TRIGGER_EXECUTION_INNER_AREA_OID );
}
+ /** The possible inner area roles */
+ private static final Set<String> INNER_AREA_ROLES = new HashSet<String>();
+
+ static
+ {
+ INNER_AREA_ROLES.add( SchemaConstants.ACCESS_CONTROL_INNER_AREA.toLowerCase() );
+ INNER_AREA_ROLES.add( SchemaConstants.ACCESS_CONTROL_INNER_AREA_OID );
+ INNER_AREA_ROLES.add( SchemaConstants.COLLECTIVE_ATTRIBUTE_INNER_AREA.toLowerCase() );
+ INNER_AREA_ROLES.add( SchemaConstants.COLLECTIVE_ATTRIBUTE_INNER_AREA_OID );
+ INNER_AREA_ROLES.add( SchemaConstants.TRIGGER_EXECUTION_INNER_AREA.toLowerCase() );
+ INNER_AREA_ROLES.add( SchemaConstants.TRIGGER_EXECUTION_INNER_AREA_OID );
+ }
+
+ /** The possible specific area roles */
+ private static final Set<String> SPECIFIC_AREA_ROLES = new HashSet<String>();
+
+ static
+ {
+ SPECIFIC_AREA_ROLES.add( SchemaConstants.ACCESS_CONTROL_SPECIFIC_AREA.toLowerCase() );
+ SPECIFIC_AREA_ROLES.add( SchemaConstants.ACCESS_CONTROL_SPECIFIC_AREA_OID );
+ SPECIFIC_AREA_ROLES.add( SchemaConstants.COLLECTIVE_ATTRIBUTE_SPECIFIC_AREA.toLowerCase() );
+ SPECIFIC_AREA_ROLES.add( SchemaConstants.COLLECTIVE_ATTRIBUTE_SPECIFIC_AREA_OID );
+ SPECIFIC_AREA_ROLES.add( SchemaConstants.SUB_SCHEMA_ADMIN_SPECIFIC_AREA.toLowerCase() );
+ SPECIFIC_AREA_ROLES.add( SchemaConstants.SUB_SCHEMA_ADMIN_SPECIFIC_AREA_OID );
+ SPECIFIC_AREA_ROLES.add( SchemaConstants.TRIGGER_EXECUTION_SPECIFIC_AREA.toLowerCase() );
+ SPECIFIC_AREA_ROLES.add( SchemaConstants.TRIGGER_EXECUTION_SPECIFIC_AREA_OID );
+ }
+
+
+ /**
+ * Tells if the given role is a InnerArea role
+ */
+ private boolean isInnerArea( String role )
+ {
+ return INNER_AREA_ROLES.contains( StringTools.toLowerCase( StringTools.trim( role ) ) );
+ }
+
+
+ /**
+ * Tells if the AdministrativeRole attribute contains the same Specific Area role
+ * than the given Inner Area role
+ */
+ private boolean hasSpecificArea( String role, EntryAttribute modifiedAdminRole )
+ {
+ // Check if the associated specific area role is already present
+ if ( role.equals( SchemaConstants.ACCESS_CONTROL_INNER_AREA.toLowerCase() ) ||
+ role.equals( SchemaConstants.ACCESS_CONTROL_INNER_AREA_OID ) )
+ {
+ if ( modifiedAdminRole.contains( SchemaConstants.ACCESS_CONTROL_SPECIFIC_AREA.toLowerCase() ) ||
+ modifiedAdminRole.contains( SchemaConstants.ACCESS_CONTROL_SPECIFIC_AREA_OID ) )
+ {
+ // Not a valid role : we will throw an exception
+ return true;
+ }
+ }
+ else if ( role.equals( SchemaConstants.COLLECTIVE_ATTRIBUTE_INNER_AREA.toLowerCase() ) ||
+ role.equals( SchemaConstants.COLLECTIVE_ATTRIBUTE_INNER_AREA_OID ) )
+ {
+ if ( modifiedAdminRole.contains( SchemaConstants.COLLECTIVE_ATTRIBUTE_SPECIFIC_AREA ) ||
+ modifiedAdminRole.contains( SchemaConstants.COLLECTIVE_ATTRIBUTE_SPECIFIC_AREA_OID ) )
+ {
+ // Not a valid role : we will throw an exception
+ return true;
+ }
+ }
+ else if ( role.equals( SchemaConstants.TRIGGER_EXECUTION_INNER_AREA.toLowerCase() ) ||
+ role.equals( SchemaConstants.TRIGGER_EXECUTION_INNER_AREA_OID ) )
+ {
+ if ( modifiedAdminRole.contains( SchemaConstants.TRIGGER_EXECUTION_SPECIFIC_AREA.toLowerCase() ) ||
+ modifiedAdminRole.contains( SchemaConstants.TRIGGER_EXECUTION_SPECIFIC_AREA_OID ) )
+ {
+ // Not a valid role : we will throw an exception
+ return true;
+ }
+ }
+
+ return false;
+ }
+
/**
* Creates an Administrative service interceptor.
*/
@@ -341,6 +420,7 @@ public class AdministrativePointIntercep
/**
+ * Only the add and remove modifications are fully supported.
* {@inheritDoc}
*/
public void modify( NextInterceptor next, ModifyOperationContext modifyContext ) throws LdapException
@@ -373,10 +453,12 @@ public class AdministrativePointIntercep
for ( Value<?> value : attribute )
{
- if ( !isValidRole( value.getString() ) )
+ String role = StringTools.toLowerCase( StringTools.trim( value.getString() ) );
+
+ if ( !isValidRole( role ) )
{
// Not a valid role : we will throw an exception
- String msg = "Invalid role : " + value.getString();
+ String msg = "Invalid role : " + value;
LOG.error( msg );
throw new LdapInvalidAttributeValueException( ResultCodeEnum.INVALID_ATTRIBUTE_SYNTAX, msg );
}
@@ -392,6 +474,16 @@ public class AdministrativePointIntercep
throw new LdapAttributeInUseException( msg );
}
+ // Forbid the addition of an InnerArea if the same SpecificArea
+ // already exists
+ if ( isInnerArea( role ) && hasSpecificArea( role, modifiedAdminRole ) )
+ {
+ // Not a valid role : we will throw an exception
+ String msg = "Cannot add an Inner Area ole to an AdministrativePoint which already has the same Specific Area role " + value;
+ LOG.error( msg );
+ throw new LdapUnwillingToPerformException( msg );
+ }
+
// Add the role to the modified attribute
modifiedAdminRole.add( value );
}
@@ -440,48 +532,10 @@ public class AdministrativePointIntercep
break;
case REPLACE_ATTRIBUTE :
- if ( modifiedAdminRole == null )
- {
- // We have to create the attribute
- // We can't remove a value when the attribute does not exist.
- String msg = "Cannot remove the administrative role, it does not exist";
- LOG.error( msg );
- throw new LdapNoSuchAttributeException( msg );
- }
-
- // It may be a complete removal
- if ( attribute.size() == 0 )
- {
- // Complete removal
- modifiedAdminRole = null;
- break;
- }
-
- // Now replace the existing attributes with the new ones if they are valid
- modifiedAdminRole.clear();
-
- for ( Value<?> value : attribute )
- {
- if ( !isValidRole( value.getString() ) )
- {
- // Not a valid role : we will throw an exception
- String msg = "Invalid role : " + value.getString();
- LOG.error( msg );
- throw new LdapInvalidAttributeValueException( ResultCodeEnum.INVALID_ATTRIBUTE_SYNTAX, msg );
- }
-
- if ( modifiedAdminRole.contains( value ) )
- {
- // We can't add a value if it already exists !
- String msg = "Cannot add the administrative role value" + value + ", it already exists";
- LOG.error( msg );
- throw new LdapAttributeInUseException( msg );
- }
-
- modifiedAdminRole.add( value );
- }
-
- break;
+ // Not supported
+ String msg = "Cannot replace an administrative role, the opertion is not supported";
+ LOG.error( msg );
+ throw new LdapUnwillingToPerformException( msg );
}
}