You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by el...@apache.org on 2010/07/07 17:31:05 UTC
svn commit: r961407 - in /directory/apacheds/trunk:
core-api/src/main/java/org/apache/directory/server/core/event/
core-integ/src/test/java/org/apache/directory/server/core/authz/
core-integ/src/test/java/org/apache/directory/server/core/operations/loo...
Author: elecharny
Date: Wed Jul 7 15:31:05 2010
New Revision: 961407
URL: http://svn.apache.org/viewvc?rev=961407&view=rev
Log:
Fixed the code accordingly to the modifications made in shared
Modified:
directory/apacheds/trunk/core-api/src/main/java/org/apache/directory/server/core/event/Evaluator.java
directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authz/LookupAuthorizationIT.java
directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/operations/lookup/LookupPerfIT.java
directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/RelatedProtectedItemFilter.java
directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/subtree/SubentryInterceptor.java
directory/apacheds/trunk/server-replication/pom.xml
Modified: directory/apacheds/trunk/core-api/src/main/java/org/apache/directory/server/core/event/Evaluator.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/core-api/src/main/java/org/apache/directory/server/core/event/Evaluator.java?rev=961407&r1=961406&r2=961407&view=diff
==============================================================================
--- directory/apacheds/trunk/core-api/src/main/java/org/apache/directory/server/core/event/Evaluator.java (original)
+++ directory/apacheds/trunk/core-api/src/main/java/org/apache/directory/server/core/event/Evaluator.java Wed Jul 7 15:31:05 2010
@@ -44,5 +44,5 @@ public interface Evaluator
* @return true if the filter selects the candidate false otherwise
* @throws LdapException if there is a database fault during evaluation
*/
- boolean evaluate( ExprNode node, DN dn, Entry entry ) throws LdapException;
+ boolean evaluate( ExprNode refinement, DN dn, Entry entry ) throws LdapException;
}
Modified: directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authz/LookupAuthorizationIT.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authz/LookupAuthorizationIT.java?rev=961407&r1=961406&r2=961407&view=diff
==============================================================================
--- directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authz/LookupAuthorizationIT.java (original)
+++ directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authz/LookupAuthorizationIT.java Wed Jul 7 15:31:05 2010
@@ -23,11 +23,13 @@ import static org.apache.directory.serve
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertNotNull;
import static org.junit.Assert.assertTrue;
+import static org.junit.Assert.fail;
import org.apache.directory.server.core.annotations.ApplyLdifs;
import org.apache.directory.server.core.integ.AbstractLdapTestUnit;
import org.apache.directory.server.core.integ.FrameworkRunner;
import org.apache.directory.shared.ldap.entry.Entry;
+import org.apache.directory.shared.ldap.exception.LdapNoPermissionException;
import org.apache.directory.shared.ldap.name.DN;
import org.junit.Before;
import org.junit.Test;
@@ -63,6 +65,17 @@ public class LookupAuthorizationIT exten
public void testLookupACIEnabled() throws Exception
{
service.setAccessControlEnabled( true );
+ DN dn = new DN( "cn=test,ou=system" );
+
+ try
+ {
+ Entry entry = service.getSession().lookup( dn );
+ fail();
+ }
+ catch ( LdapNoPermissionException lnpe )
+ {
+ System.out.println( lnpe.getMessage() );
+ }
createAccessControlSubentry(
"anybodySearch",
@@ -83,7 +96,6 @@ public class LookupAuthorizationIT exten
" } " +
"}" );
- DN dn = new DN( "cn=test,ou=system" );
Entry entry = service.getSession().lookup( dn );
assertNotNull( entry );
@@ -96,5 +108,4 @@ public class LookupAuthorizationIT exten
assertEquals( "sn_test", entry.get( "sn" ).getString() );
assertTrue( entry.contains( "objectClass", "top", "person" ) );
}
-
}
Modified: directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/operations/lookup/LookupPerfIT.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/operations/lookup/LookupPerfIT.java?rev=961407&r1=961406&r2=961407&view=diff
==============================================================================
--- directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/operations/lookup/LookupPerfIT.java (original)
+++ directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/operations/lookup/LookupPerfIT.java Wed Jul 7 15:31:05 2010
@@ -19,16 +19,22 @@
*/
package org.apache.directory.server.core.operations.lookup;
+import static org.apache.directory.server.core.authz.AutzIntegUtils.createAccessControlSubentry;
import static org.junit.Assert.assertNotNull;
import static org.junit.Assert.assertTrue;
import org.apache.directory.ldap.client.api.LdapConnection;
import org.apache.directory.ldap.client.api.message.SearchResponse;
import org.apache.directory.ldap.client.api.message.SearchResultEntry;
+import org.apache.directory.server.core.annotations.ApplyLdifs;
+import org.apache.directory.server.core.authz.AutzIntegUtils;
import org.apache.directory.server.core.integ.AbstractLdapTestUnit;
import org.apache.directory.server.core.integ.FrameworkRunner;
import org.apache.directory.server.core.integ.IntegrationUtils;
import org.apache.directory.shared.ldap.entry.Entry;
+import org.apache.directory.shared.ldap.name.DN;
+import org.junit.Before;
+import org.junit.Ignore;
import org.junit.Test;
import org.junit.runner.RunWith;
@@ -39,17 +45,25 @@ import org.junit.runner.RunWith;
* @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
*/
@RunWith ( FrameworkRunner.class )
+@ApplyLdifs( {
+ // Entry # 1
+ "dn: cn=test,ou=system",
+ "objectClass: person",
+ "cn: test",
+ "sn: sn_test"
+})
public class LookupPerfIT extends AbstractLdapTestUnit
{
/**
* A lookup performance test
*/
@Test
+ @Ignore
public void testPerfLookup() throws Exception
{
LdapConnection connection = IntegrationUtils.getAdminConnection( service );
- SearchResponse response = connection.lookup( "uid=admin,ou=system", "+" );
+ SearchResponse response = connection.lookup( "cn=test,ou=system", "+" );
assertNotNull( response );
assertTrue( response instanceof SearchResultEntry );
@@ -70,7 +84,7 @@ public class LookupPerfIT extends Abstra
for ( int i = 0; i < nbIterations; i++ )
{
- if ( i % 1000 == 0 )
+ if ( i % 10000 == 0 )
{
long tt1 = System.currentTimeMillis();
@@ -83,7 +97,7 @@ public class LookupPerfIT extends Abstra
t00 = System.currentTimeMillis();
}
- connection.lookup( "uid=admin,ou=system", "+" );
+ connection.lookup( "cn=test,ou=system", "+" );
}
long t1 = System.currentTimeMillis();
@@ -92,4 +106,87 @@ public class LookupPerfIT extends Abstra
System.out.println( "Delta : " + deltaWarmed + "( " + ( ( ( nbIterations - 50000 ) * 1000 ) / deltaWarmed ) + " per s ) /" + ( t1 - t0 ) );
connection.close();
}
+
+
+ @Before
+ public void init()
+ {
+ AutzIntegUtils.service = service;
+ }
+
+
+ /**
+ * Test a lookup( DN ) operation with the ACI subsystem enabled
+ */
+ @Test
+ public void testLookupPerfACIEnabled() throws Exception
+ {
+ service.setAccessControlEnabled( true );
+ DN dn = new DN( "cn=test,ou=system" );
+ LdapConnection connection = IntegrationUtils.getAdminConnection( service );
+
+ createAccessControlSubentry(
+ "anybodySearch",
+ "{ " +
+ " identificationTag \"searchAci\", " +
+ " precedence 14, " +
+ " authenticationLevel none, " +
+ " itemOrUserFirst userFirst: " +
+ " { " +
+ " userClasses { allUsers }, " +
+ " userPermissions " +
+ " { " +
+ " { " +
+ " protectedItems {entry, allUserAttributeTypesAndValues}, " +
+ " grantsAndDenials { grantRead, grantReturnDN, grantBrowse } " +
+ " } " +
+ " } " +
+ " } " +
+ "}" );
+
+ SearchResponse response = connection.lookup( "cn=test,ou=system", "+" );
+
+ assertNotNull( response );
+ assertTrue( response instanceof SearchResultEntry );
+
+ SearchResultEntry result = (SearchResultEntry)response;
+
+ assertNotNull( result );
+
+ Entry entry = result.getEntry();
+
+ assertNotNull( entry );
+
+ int nbIterations = 1500000;
+
+ long t0 = System.currentTimeMillis();
+ long t00 = 0L;
+ long tt0 = System.currentTimeMillis();
+
+ for ( int i = 0; i < nbIterations; i++ )
+ {
+ if ( i % 10000 == 0 )
+ {
+ long tt1 = System.currentTimeMillis();
+
+ System.out.println( i + ", " + ( tt1 - tt0 ) );
+ tt0 = tt1;
+ }
+
+ if ( i == 50000 )
+ {
+ t00 = System.currentTimeMillis();
+ }
+
+ connection.lookup( "cn=test,ou=system", "+" );
+ }
+
+ assertNotNull( entry );
+
+ long t1 = System.currentTimeMillis();
+
+ Long deltaWarmed = ( t1 - t00 );
+ System.out.println( "Delta Authz : " + deltaWarmed + "( " + ( ( ( nbIterations - 50000 ) * 1000 ) / deltaWarmed ) + " per s ) /" + ( t1 - t0 ) );
+ connection.close();
+ }
}
Modified: directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/RelatedProtectedItemFilter.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/RelatedProtectedItemFilter.java?rev=961407&r1=961406&r2=961407&view=diff
==============================================================================
--- directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/RelatedProtectedItemFilter.java (original)
+++ directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/RelatedProtectedItemFilter.java Wed Jul 7 15:31:05 2010
@@ -237,7 +237,7 @@ public class RelatedProtectedItemFilter
{
RangeOfValuesItem rov = ( RangeOfValuesItem ) item;
- if ( entryEvaluator.evaluate( rov.getFilter(), entryName, entry ) )
+ if ( entryEvaluator.evaluate( rov.getRefinement(), entryName, entry ) )
{
return true;
}
Modified: directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/subtree/SubentryInterceptor.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/subtree/SubentryInterceptor.java?rev=961407&r1=961406&r2=961407&view=diff
==============================================================================
--- directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/subtree/SubentryInterceptor.java (original)
+++ directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/subtree/SubentryInterceptor.java Wed Jul 7 15:31:05 2010
@@ -23,7 +23,6 @@ package org.apache.directory.server.core
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
-import java.util.Map;
import java.util.Set;
import javax.naming.directory.SearchControls;
@@ -79,9 +78,7 @@ import org.apache.directory.shared.ldap.
import org.apache.directory.shared.ldap.message.ResultCodeEnum;
import org.apache.directory.shared.ldap.name.DN;
import org.apache.directory.shared.ldap.schema.AttributeType;
-import org.apache.directory.shared.ldap.schema.NormalizerMappingResolver;
import org.apache.directory.shared.ldap.schema.SchemaManager;
-import org.apache.directory.shared.ldap.schema.normalizers.OidNormalizer;
import org.apache.directory.shared.ldap.subtree.SubtreeSpecification;
import org.apache.directory.shared.ldap.subtree.SubtreeSpecificationParser;
import org.slf4j.Logger;
@@ -139,13 +136,7 @@ public class SubentryInterceptor extends
objectClassType = schemaManager.lookupAttributeTypeRegistry( schemaManager.getAttributeTypeRegistry()
.getOidByName( SchemaConstants.OBJECT_CLASS_AT ) );
- ssParser = new SubtreeSpecificationParser( new NormalizerMappingResolver()
- {
- public Map<String, OidNormalizer> getNormalizerMapping() throws Exception
- {
- return schemaManager.getNormalizerMapping();
- }
- }, schemaManager.getNormalizerMapping() );
+ ssParser = new SubtreeSpecificationParser( schemaManager );
evaluator = new SubtreeEvaluator( schemaManager );
// prepare to find all subentries in all namingContexts
@@ -224,7 +215,7 @@ public class SubentryInterceptor extends
types |= Subentry.ACCESS_CONTROL_SUBENTRY;
}
- if ( oc.contains( "subschema" ) )
+ if ( oc.contains( SchemaConstants.SUBSCHEMA_OC ) )
{
types |= Subentry.SCHEMA_SUBENTRY;
}
@@ -430,7 +421,7 @@ public class SubentryInterceptor extends
/* ----------------------------------------------------------------
* Build the set of operational attributes to be injected into
- * entries that are contained within the subtree repesented by this
+ * entries that are contained within the subtree represented by this
* new subentry. In the process we make sure the proper roles are
* supported by the administrative point to allow the addition of
* this new subentry.
@@ -1334,6 +1325,7 @@ public class SubentryInterceptor extends
operational.get( SchemaConstants.ACCESS_CONTROL_SUBENTRIES_AT ).add( name.getNormName() );
}
}
+
if ( subentry.isSchemaSubentry() )
{
if ( operational.get( SchemaConstants.SUBSCHEMA_SUBENTRY_AT ) == null )
@@ -1345,6 +1337,7 @@ public class SubentryInterceptor extends
operational.get( SchemaConstants.SUBSCHEMA_SUBENTRY_AT ).add( name.getNormName() );
}
}
+
if ( subentry.isCollectiveSubentry() )
{
if ( operational.get( SchemaConstants.COLLECTIVE_ATTRIBUTE_SUBENTRIES_AT ) == null )
@@ -1356,6 +1349,7 @@ public class SubentryInterceptor extends
operational.get( SchemaConstants.COLLECTIVE_ATTRIBUTE_SUBENTRIES_AT ).add( name.getNormName() );
}
}
+
if ( subentry.isTriggerSubentry() )
{
if ( operational.get( SchemaConstants.TRIGGER_EXECUTION_SUBENTRIES_AT ) == null )
Modified: directory/apacheds/trunk/server-replication/pom.xml
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/server-replication/pom.xml?rev=961407&r1=961406&r2=961407&view=diff
==============================================================================
--- directory/apacheds/trunk/server-replication/pom.xml (original)
+++ directory/apacheds/trunk/server-replication/pom.xml Wed Jul 7 15:31:05 2010
@@ -43,5 +43,10 @@
<groupId>org.apache.directory.shared</groupId>
<artifactId>shared-ldap</artifactId>
</dependency>
+
+ <dependency>
+ <groupId>org.apache.directory.shared</groupId>
+ <artifactId>shared-ldap-aci</artifactId>
+ </dependency>
</dependencies>
</project>