You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by ak...@apache.org on 2008/06/06 07:04:34 UTC
svn commit: r663824 - in /directory/apacheds/branches/bigbang/core/src:
main/java/org/apache/directory/server/core/authn/
main/java/org/apache/directory/server/core/interceptor/context/
test/java/org/apache/directory/server/core/authz/support/
Author: akarasulu
Date: Thu Jun 5 22:04:33 2008
New Revision: 663824
URL: http://svn.apache.org/viewvc?rev=663824&view=rev
Log:
Step to remove InvocationStack: adding ability to use OperationContexts as nodes of a linked list
Modified:
directory/apacheds/branches/bigbang/core/src/main/java/org/apache/directory/server/core/authn/AuthenticationInterceptor.java
directory/apacheds/branches/bigbang/core/src/main/java/org/apache/directory/server/core/interceptor/context/AbstractOperationContext.java
directory/apacheds/branches/bigbang/core/src/main/java/org/apache/directory/server/core/interceptor/context/BindOperationContext.java
directory/apacheds/branches/bigbang/core/src/main/java/org/apache/directory/server/core/interceptor/context/OperationContext.java
directory/apacheds/branches/bigbang/core/src/test/java/org/apache/directory/server/core/authz/support/MaxImmSubFilterTest.java
Modified: directory/apacheds/branches/bigbang/core/src/main/java/org/apache/directory/server/core/authn/AuthenticationInterceptor.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/bigbang/core/src/main/java/org/apache/directory/server/core/authn/AuthenticationInterceptor.java?rev=663824&r1=663823&r2=663824&view=diff
==============================================================================
--- directory/apacheds/branches/bigbang/core/src/main/java/org/apache/directory/server/core/authn/AuthenticationInterceptor.java (original)
+++ directory/apacheds/branches/bigbang/core/src/main/java/org/apache/directory/server/core/authn/AuthenticationInterceptor.java Thu Jun 5 22:04:33 2008
@@ -190,7 +190,8 @@
if ( ( result != null ) && ( result.size() > 0 ) )
{
return result;
- } else
+ }
+ else
{
return null;
}
@@ -201,9 +202,7 @@
{
if ( IS_DEBUG )
{
- LOG.debug( "Adding the entry " +
- opContext.getEntry() +
- " for DN = '" + opContext.getDn().getUpName() + "'" );
+ LOG.debug( "Adding the entry {} for DN = '{}'", opContext.getEntry(), opContext.getDn().getUpName() );
}
checkAuthenticated( opContext );
@@ -215,7 +214,7 @@
{
if ( IS_DEBUG )
{
- LOG.debug( "Deleting name = '" + opContext.getDn().getUpName() + "'" );
+ LOG.debug( "Deleting name = '{}'", opContext.getDn().getUpName() );
}
checkAuthenticated( opContext );
@@ -228,7 +227,7 @@
{
if ( IS_DEBUG )
{
- LOG.debug( "Matching name = '" + opContext.getDn().getUpName() + "'" );
+ LOG.debug( "Matching name = '{}'", opContext.getDn().getUpName() );
}
checkAuthenticated( opContext );
@@ -252,7 +251,7 @@
{
if ( IS_DEBUG )
{
- LOG.debug( "Getting suffix for name = '" + opContext.getDn().getUpName() + "'" );
+ LOG.debug( "Getting suffix for name = '{}'", opContext.getDn().getUpName() );
}
checkAuthenticated( opContext );
@@ -264,7 +263,7 @@
{
if ( IS_DEBUG )
{
- LOG.debug( "Testing if entry name = '" + opContext.getDn().getUpName() + "' exists" );
+ LOG.debug( "Testing if entry name = '{}' exists", opContext.getDn().getUpName() );
}
checkAuthenticated( opContext );
Modified: directory/apacheds/branches/bigbang/core/src/main/java/org/apache/directory/server/core/interceptor/context/AbstractOperationContext.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/bigbang/core/src/main/java/org/apache/directory/server/core/interceptor/context/AbstractOperationContext.java?rev=663824&r1=663823&r2=663824&view=diff
==============================================================================
--- directory/apacheds/branches/bigbang/core/src/main/java/org/apache/directory/server/core/interceptor/context/AbstractOperationContext.java (original)
+++ directory/apacheds/branches/bigbang/core/src/main/java/org/apache/directory/server/core/interceptor/context/AbstractOperationContext.java Thu Jun 5 22:04:33 2008
@@ -28,6 +28,7 @@
import javax.naming.ldap.Control;
import org.apache.directory.server.core.CoreSession;
+import org.apache.directory.server.core.authn.LdapPrincipal;
import org.apache.directory.server.core.entry.ClonedServerEntry;
import org.apache.directory.shared.ldap.name.LdapDN;
@@ -58,7 +59,13 @@
/** the Interceptors bypassed by this operation */
private Collection<String> bypassed;
+ private LdapPrincipal authorizedPrincipal;
+
private CoreSession session;
+
+ private OperationContext next;
+
+ private OperationContext previous;
/**
@@ -305,4 +312,60 @@
opContext.setByPassed( byPassed );
return session.getDirectoryService().getOperationManager().lookup( opContext );
}
+
+
+ public LdapPrincipal getEffectivePrincipal()
+ {
+ if ( authorizedPrincipal != null )
+ {
+ return authorizedPrincipal;
+ }
+
+ return session.getEffectivePrincipal();
+ }
+
+
+ // -----------------------------------------------------------------------
+ // OperationContext Linked List Methods
+ // -----------------------------------------------------------------------
+
+
+ public boolean isFirstOperation()
+ {
+ return previous == null;
+ }
+
+
+ public OperationContext getFirstOperation()
+ {
+ if ( previous == null )
+ {
+ return this;
+ }
+
+ return previous.getFirstOperation();
+ }
+
+
+ public OperationContext getLastOperation()
+ {
+ if ( next == null )
+ {
+ return this;
+ }
+
+ return next.getLastOperation();
+ }
+
+
+ public OperationContext getNextOperation()
+ {
+ return next;
+ }
+
+
+ public OperationContext getPreviousOperation()
+ {
+ return previous;
+ }
}
Modified: directory/apacheds/branches/bigbang/core/src/main/java/org/apache/directory/server/core/interceptor/context/BindOperationContext.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/bigbang/core/src/main/java/org/apache/directory/server/core/interceptor/context/BindOperationContext.java?rev=663824&r1=663823&r2=663824&view=diff
==============================================================================
--- directory/apacheds/branches/bigbang/core/src/main/java/org/apache/directory/server/core/interceptor/context/BindOperationContext.java (original)
+++ directory/apacheds/branches/bigbang/core/src/main/java/org/apache/directory/server/core/interceptor/context/BindOperationContext.java Thu Jun 5 22:04:33 2008
@@ -20,8 +20,18 @@
package org.apache.directory.server.core.interceptor.context;
+import java.util.Collection;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.Map;
+
+import javax.naming.ldap.Control;
+
import org.apache.directory.server.core.CoreSession;
+import org.apache.directory.server.core.authn.LdapPrincipal;
+import org.apache.directory.server.core.entry.ClonedServerEntry;
import org.apache.directory.shared.ldap.message.MessageTypeEnum;
+import org.apache.directory.shared.ldap.name.LdapDN;
import org.apache.directory.shared.ldap.util.StringTools;
@@ -32,7 +42,7 @@
* @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
* @version $Rev$, $Date$
*/
-public class BindOperationContext extends AbstractOperationContext
+public class BindOperationContext implements OperationContext
{
/** The password */
private byte[] credentials;
@@ -43,14 +53,38 @@
/** The SASL identifier */
private String saslAuthId;
+ private static final Control[] EMPTY_CONTROLS = new Control[0];
+
+ /** The DN associated with the context */
+ private LdapDN dn;
+
+ /** The associated request's controls */
+ private Map<String, Control> requestControls = new HashMap<String, Control>(4);
+
+ /** The associated response's controls */
+ private Map<String, Control> responseControls = new HashMap<String, Control>(4);
+
+ /** A flag to tell that this is a collateral operation */
+ private boolean collateralOperation;
+
+ /** the Interceptors bypassed by this operation */
+ private Collection<String> bypassed;
+
+ private CoreSession session;
+
+ private LdapPrincipal authorizedPrincipal;
+ private OperationContext next;
+
+ private OperationContext previous;
+
/**
* Creates a new instance of BindOperationContext.
*/
public BindOperationContext( CoreSession session )
{
- super( session );
+ this.session = session;
}
@@ -124,10 +158,252 @@
( saslMechanism != null ? ", saslMechanism : <" + saslMechanism + ">" : "" ) +
( saslAuthId != null ? ", saslAuthId <" + saslAuthId + ">" : "" );
}
+
+
+ public CoreSession getSession()
+ {
+ return session;
+ }
public void setSession( CoreSession session )
{
- super.setSession( session );
+ this.session = session;
+ }
+
+
+ /**
+ * Tells if the current operation is considered a side effect of the
+ * current context
+ */
+ public boolean isCollateralOperation()
+ {
+ return collateralOperation;
+ }
+
+
+ public void setCollateralOperation( boolean collateralOperation )
+ {
+ this.collateralOperation = collateralOperation;
+ }
+
+
+ /**
+ * @return The associated DN
+ */
+ public LdapDN getDn()
+ {
+ return dn;
+ }
+
+
+ /**
+ * Set the context DN
+ *
+ * @param dn The DN to set
+ */
+ public void setDn( LdapDN dn )
+ {
+ this.dn = dn;
+ }
+
+
+ public void addRequestControl( Control requestControl )
+ {
+ requestControls.put( requestControl.getID(), requestControl );
+ }
+
+
+ public Control getRequestControl( String numericOid )
+ {
+ return requestControls.get( numericOid );
+ }
+
+
+ public boolean hasRequestControl( String numericOid )
+ {
+ return requestControls.containsKey( numericOid );
+ }
+
+
+ public boolean hasRequestControls()
+ {
+ return ! requestControls.isEmpty();
+ }
+
+
+ public void addResponseControl( Control responseControl )
+ {
+ responseControls.put( responseControl.getID(), responseControl );
+ }
+
+
+ public Control getResponseControl( String numericOid )
+ {
+ return responseControls.get( numericOid );
+ }
+
+
+ public boolean hasResponseControl( String numericOid )
+ {
+ return responseControls.containsKey( numericOid );
+ }
+
+
+ public Control[] getResponseControls()
+ {
+ if ( responseControls.isEmpty() )
+ {
+ return EMPTY_CONTROLS;
+ }
+
+ return responseControls.values().toArray( EMPTY_CONTROLS );
+ }
+
+
+ public boolean hasResponseControls()
+ {
+ return ! responseControls.isEmpty();
+ }
+
+
+ public int getResponseControlCount()
+ {
+ return responseControls.size();
+ }
+
+
+ public void addRequestControls( Control[] requestControls )
+ {
+ for ( Control c : requestControls )
+ {
+ this.requestControls.put( c.getID(), c );
+ }
+ }
+
+
+ /**
+ * Gets the set of bypassed Interceptors.
+ *
+ * @return the set of bypassed Interceptors
+ */
+ public Collection<String> getByPassed()
+ {
+ if ( bypassed == null )
+ {
+ return Collections.emptyList();
+ }
+
+ return Collections.unmodifiableCollection( bypassed );
+ }
+
+
+ /**
+ * Sets the set of bypassed Interceptors.
+ *
+ * @param byPassed the set of bypassed Interceptors
+ */
+ public void setByPassed( Collection<String> byPassed )
+ {
+ this.bypassed = byPassed;
+ }
+
+
+ /**
+ * Checks to see if an Interceptor is bypassed for this operation.
+ *
+ * @param interceptorName the interceptorName of the Interceptor to check for bypass
+ * @return true if the Interceptor should be bypassed, false otherwise
+ */
+ public boolean isBypassed( String interceptorName )
+ {
+ return bypassed != null && bypassed.contains( interceptorName );
+ }
+
+
+ /**
+ * Checks to see if any Interceptors are bypassed by this operation.
+ *
+ * @return true if at least one bypass exists
+ */
+ public boolean hasBypass()
+ {
+ return bypassed != null && !bypassed.isEmpty();
+ }
+
+
+ public LookupOperationContext newLookupContext( LdapDN dn )
+ {
+ return new LookupOperationContext( session, dn );
+ }
+
+
+ public ClonedServerEntry lookup( LookupOperationContext opContext ) throws Exception
+ {
+ return session.getDirectoryService().getOperationManager().lookup( opContext );
+ }
+
+
+ public ClonedServerEntry lookup( LdapDN dn, Collection<String> byPassed ) throws Exception
+ {
+ LookupOperationContext opContext = newLookupContext( dn );
+ opContext.setByPassed( byPassed );
+ return session.getDirectoryService().getOperationManager().lookup( opContext );
+ }
+
+
+ public LdapPrincipal getEffectivePrincipal()
+ {
+ if ( authorizedPrincipal != null )
+ {
+ return authorizedPrincipal;
+ }
+
+ return session.getEffectivePrincipal();
+ }
+
+
+ // -----------------------------------------------------------------------
+ // OperationContext Linked List Methods
+ // -----------------------------------------------------------------------
+
+
+ public boolean isFirstOperation()
+ {
+ return previous == null;
+ }
+
+
+ public OperationContext getFirstOperation()
+ {
+ if ( previous == null )
+ {
+ return this;
+ }
+
+ return previous.getFirstOperation();
+ }
+
+
+ public OperationContext getLastOperation()
+ {
+ if ( next == null )
+ {
+ return this;
+ }
+
+ return next.getLastOperation();
+ }
+
+
+ public OperationContext getNextOperation()
+ {
+ return next;
+ }
+
+
+ public OperationContext getPreviousOperation()
+ {
+ return previous;
}
}
Modified: directory/apacheds/branches/bigbang/core/src/main/java/org/apache/directory/server/core/interceptor/context/OperationContext.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/bigbang/core/src/main/java/org/apache/directory/server/core/interceptor/context/OperationContext.java?rev=663824&r1=663823&r2=663824&view=diff
==============================================================================
--- directory/apacheds/branches/bigbang/core/src/main/java/org/apache/directory/server/core/interceptor/context/OperationContext.java (original)
+++ directory/apacheds/branches/bigbang/core/src/main/java/org/apache/directory/server/core/interceptor/context/OperationContext.java Thu Jun 5 22:04:33 2008
@@ -25,7 +25,9 @@
import javax.naming.ldap.Control;
import org.apache.directory.server.core.CoreSession;
+import org.apache.directory.server.core.authn.LdapPrincipal;
import org.apache.directory.server.core.entry.ClonedServerEntry;
+import org.apache.directory.server.core.entry.ServerEntry;
import org.apache.directory.shared.ldap.name.LdapDN;
@@ -39,21 +41,61 @@
public interface OperationContext
{
/**
- * Checks to see if this operation is an indirect system issued operation.
- * Collateral operations often result from direct operations.
+ * Checks to see if this operation is the first operation in a chain of
+ * operations performed on the DirectoryService. The first operation in
+ * a sequence of operations, is not a byproduct of another operation
+ * unlike operations following in the sequence. The other operations
+ * following the first, occur as a side effect to complete this first
+ * operation.
+ *
+ * @return true if the operation is the first, false otherwise
+ */
+ boolean isFirstOperation();
+
+
+ /**
+ * Gets the first, direct operation issued against the DirectoryService.
+ *
+ * @return the first, direct operation issued
+ */
+ OperationContext getFirstOperation();
+
+
+ /**
+ * Gets the previous, operation issued on the DirectoryService.
+ *
+ * @return the previous, operation issued
+ */
+ OperationContext getPreviousOperation();
+
+
+ /**
+ * Gets the next, indirect operation issued on the DirectoryService.
+ *
+ * @return the next, indirect operation issued
+ */
+ OperationContext getNextOperation();
+
+
+ /**
+ * Gets the last, operation issued on the DirectoryService.
*
- * @return true if the operation represents a collateral request
+ * @return the last, operation issued
*/
- boolean isCollateralOperation();
+ OperationContext getLastOperation();
/**
- * Sets this operation context to represent an operation that results as a
- * byproduct of another directly issued request.
- *
- * @param collateralOperation true if this is collateral, false otherwise
+ * Gets the effective principal for this operation which may not be the
+ * same as the authenticated principal when the session for this context
+ * has an explicit authorization id, or this operation was applied with
+ * the proxy authorization control.
+ *
+ * @see CoreSession#getAuthenticatedPrincipal()
+ * @see CoreSession#getEffectivePrincipal()
+ * @return the effective principal for this operation
*/
- void setCollateralOperation( boolean collateralOperation );
+ LdapPrincipal getEffectivePrincipal();
/**
@@ -221,4 +263,13 @@
ClonedServerEntry lookup( LookupOperationContext lookupContext ) throws Exception;
+
+
+// AddOperationContext newAddContext( ServerEntry entry );
+//
+//
+// void add( ServerEntry entry, Collection<String> bypass ) throws Exception;
+//
+//
+// void add( AddOperationContext addContext ) throws Exception;
}
Modified: directory/apacheds/branches/bigbang/core/src/test/java/org/apache/directory/server/core/authz/support/MaxImmSubFilterTest.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/bigbang/core/src/test/java/org/apache/directory/server/core/authz/support/MaxImmSubFilterTest.java?rev=663824&r1=663823&r2=663824&view=diff
==============================================================================
--- directory/apacheds/branches/bigbang/core/src/test/java/org/apache/directory/server/core/authz/support/MaxImmSubFilterTest.java (original)
+++ directory/apacheds/branches/bigbang/core/src/test/java/org/apache/directory/server/core/authz/support/MaxImmSubFilterTest.java Thu Jun 5 22:04:33 2008
@@ -382,6 +382,48 @@
// TODO Auto-generated method stub
}
+
+
+ public LdapPrincipal getEffectivePrincipal()
+ {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+
+ public OperationContext getFirstOperation()
+ {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+
+ public OperationContext getLastOperation()
+ {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+
+ public OperationContext getNextOperation()
+ {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+
+ public OperationContext getPreviousOperation()
+ {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+
+ public boolean isFirstOperation()
+ {
+ // TODO Auto-generated method stub
+ return false;
+ }
}
class MockDirectoryService implements DirectoryService