You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by el...@apache.org on 2014/10/21 01:07:05 UTC
[48/50] git commit: FC-151 - UnboundID SDK removal preparations
FC-151 - UnboundID SDK removal preparations
Project: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/commit/6bf332f7
Tree: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/tree/6bf332f7
Diff: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/diff/6bf332f7
Branch: refs/heads/master
Commit: 6bf332f7448f8b7b2f6f329bd43fba34afaef882
Parents: 9d516b8
Author: Shawn McKinney <sh...@jts.us>
Authored: Sun Oct 19 11:28:38 2014 -0500
Committer: Shawn McKinney <sh...@jts.us>
Committed: Sun Oct 19 11:28:38 2014 -0500
----------------------------------------------------------------------
build.xml | 4 ++--
ivy.xml | 4 ++--
.../org/openldap/fortress/GlobalErrIds.java | 4 ++++
.../openldap/fortress/SecurityException.java | 17 ++++++++-------
.../fortress/ldap/ApacheDsDataProvider.java | 16 ++++++++++++++
.../fortress/rbac/dao/apache/PermDAO.java | 8 ++++++-
.../fortress/rbac/dao/apache/UserDAO.java | 5 +++++
.../fortress/rbac/dao/unboundid/PermDAO.java | 9 +++++++-
.../fortress/rbac/AccessMgrImplTest.java | 22 ++++++++++++++------
.../fortress/rbac/DelegatedMgrImplTest.java | 22 ++++++++++++++------
10 files changed, 85 insertions(+), 26 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/6bf332f7/build.xml
----------------------------------------------------------------------
diff --git a/build.xml b/build.xml
index 6a6f615..cc46a94 100644
--- a/build.xml
+++ b/build.xml
@@ -168,8 +168,8 @@
<property name="slf4j-log4j.jar" value="${lib.dir}/slf4j-log4j12-1.7.5.jar"/>
<property name="apacheJMeter_core.jar" value="${lib.dir}/ApacheJMeter_core-2.11.jar"/>
<property name="apacheJMeter_java.jar" value="${lib.dir}/ApacheJMeter_java-2.11.jar"/>
- <property name="apacheds-all.jar" value="${lib.dir}/apacheds-all-2.0.0-M16.jar"/>
- <property name="apacheds-api-all.jar" value="${lib.dir}/api-all-1.0.0-M22.jar"/>
+ <property name="apacheds-all.jar" value="${lib.dir}/apacheds-all-2.0.0-M17.jar"/>
+ <property name="apacheds-api-all.jar" value="${lib.dir}/api-all-1.0.0-M24.jar"/>
<property name="mina-core.jar" value="${lib.dir}/mina-core-2.0.7.jar"/>
<property name="opencsv.jar" value="${lib.dir}/opencsv-2.3.jar"/>
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/6bf332f7/ivy.xml
----------------------------------------------------------------------
diff --git a/ivy.xml b/ivy.xml
index 888149c..1713d75 100755
--- a/ivy.xml
+++ b/ivy.xml
@@ -44,8 +44,8 @@
<dependency org="org.slf4j" name="slf4j-api" rev="1.7.5" conf="default->master"/>
<dependency org="org.slf4j" name="slf4j-log4j12" rev="1.7.5" conf="default->master"/>
<dependency org="org.slf4j" name="slf4j-jcl" rev="1.7.5" conf="default->master"/>
- <dependency org="org.apache.directory.api" name="api-all" rev="1.0.0-M22" conf="default->master"/>
- <dependency org="org.apache.directory.server" name="apacheds-all" rev="2.0.0-M16" conf="default->master"/>
+ <dependency org="org.apache.directory.api" name="api-all" rev="1.0.0-M24" conf="default->master"/>
+ <dependency org="org.apache.directory.server" name="apacheds-all" rev="2.0.0-M17" conf="default->master"/>
<dependency org="net.sf.opencsv" name="opencsv" rev="2.3" conf="default->master" />
<dependency org="org.apache.jmeter" name="ApacheJMeter_core" rev="2.11" conf="default->master" />
<dependency org="org.apache.jmeter" name="ApacheJMeter_java" rev="2.11" conf="default->master" />
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/6bf332f7/src/main/java/org/openldap/fortress/GlobalErrIds.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/openldap/fortress/GlobalErrIds.java b/src/main/java/org/openldap/fortress/GlobalErrIds.java
index 4454d44..03d3055 100755
--- a/src/main/java/org/openldap/fortress/GlobalErrIds.java
+++ b/src/main/java/org/openldap/fortress/GlobalErrIds.java
@@ -614,6 +614,10 @@ public class GlobalErrIds
* The supplied Permission operation could not be read due to server failure.
*/
public final static int PERM_COMPARE_OP_FAILED = 3028;
+ /**
+ * The supplied Permission does not exist in LDAP DIT.
+ */
+ public final static int PERM_NOT_EXIST = 3029;
/**
* 4000's - Password Policy Entity
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/6bf332f7/src/main/java/org/openldap/fortress/SecurityException.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/openldap/fortress/SecurityException.java b/src/main/java/org/openldap/fortress/SecurityException.java
index e9338a4..80c467a 100755
--- a/src/main/java/org/openldap/fortress/SecurityException.java
+++ b/src/main/java/org/openldap/fortress/SecurityException.java
@@ -181,6 +181,7 @@ package org.openldap.fortress;
* <li> <code>{@link GlobalErrIds#PERM_OPERATION_NM_NULL} = 3026;</code>
* <li> <code>{@link GlobalErrIds#PERM_OBJECT_NM_NULL} = 3027;</code>
* <li> <code>{@link GlobalErrIds#PERM_COMPARE_OP_FAILED} = 3028;</code>
+ * <li> <code>{@link GlobalErrIds#PERM_NOT_EXIST} = 3029;</code>
* </ul>
* <h3>
* <p/>4000's - Password Policy Entity
@@ -416,26 +417,26 @@ package org.openldap.fortress;
* <li> <code>{@link GlobalErrIds#ACEL_DELETE_SESSION_ERR} = 10202;</code>
* <li> <code>{@link GlobalErrIds#ACEL_CHECK_ACCESS_ERR} = 10203;</code>
* <li> <code>{@link GlobalErrIds#ACEL_ADD_ROLE_ERR} = 10204;</code>
- * <li> <code>{@link GlobalErrIds#ACEL_DROP_ROLE_ERR} = 10205;</code>*
+ * <li> <code>{@link GlobalErrIds#ACEL_DROP_ROLE_ERR} = 10205;</code>
* </ul>
* <h3>
* <p/>10300's - LDAP Group operation Error Ids
* </h3>
* <ul>
* <li> <code>{@link GlobalErrIds#GROUP_SEARCH_FAILED} = 10300;</code>
- * <li> <code>{@link GlobalErrIds#GROUP_READ_FAILED} = 10301;</code> *
+ * <li> <code>{@link GlobalErrIds#GROUP_READ_FAILED} = 10301;</code>
* <li> <code>{@link GlobalErrIds#GROUP_ADD_FAILED} = 10302;</code>
- * <li> <code>{@link GlobalErrIds#GROUP_UPDATE_FAILED} = 10303;</code> *
+ * <li> <code>{@link GlobalErrIds#GROUP_UPDATE_FAILED} = 10303;</code>
* <li> <code>{@link GlobalErrIds#GROUP_DELETE_FAILED} = 10304;</code>
- * <li> <code>{@link GlobalErrIds#GROUP_ADD_PROPERTY_FAILED} = 10305;</code> *
+ * <li> <code>{@link GlobalErrIds#GROUP_ADD_PROPERTY_FAILED} = 10305;</code>
* <li> <code>{@link GlobalErrIds#GROUP_DELETE_PROPERTY_FAILED} = 10306;</code>
- * <li> <code>{@link GlobalErrIds#GROUP_NOT_FOUND} = 10307;</code> *
+ * <li> <code>{@link GlobalErrIds#GROUP_NOT_FOUND} = 10307;</code>
* <li> <code>{@link GlobalErrIds#GROUP_NULL} = 10308;</code>
- * <li> <code>{@link GlobalErrIds#GROUP_USER_ASSIGN_FAILED} = 10309;</code> *
+ * <li> <code>{@link GlobalErrIds#GROUP_USER_ASSIGN_FAILED} = 10309;</code>
* <li> <code>{@link GlobalErrIds#GROUP_USER_DEASSIGN_FAILED} = 10310;</code>
- * <li> <code>{@link GlobalErrIds#GROUP_NAME_NULL} = 10311;</code> *
+ * <li> <code>{@link GlobalErrIds#GROUP_NAME_NULL} = 10311;</code>
* <li> <code>{@link GlobalErrIds#GROUP_NAME_INVLD} = 10312;</code>
- * <li> <code>{@link GlobalErrIds#GROUP_PROTOCOL_INVLD} = 10313;</code> *
+ * <li> <code>{@link GlobalErrIds#GROUP_PROTOCOL_INVLD} = 10313;</code>
* </ul>
* <p/>
*
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/6bf332f7/src/main/java/org/openldap/fortress/ldap/ApacheDsDataProvider.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/openldap/fortress/ldap/ApacheDsDataProvider.java b/src/main/java/org/openldap/fortress/ldap/ApacheDsDataProvider.java
index 8594f69..1400370 100644
--- a/src/main/java/org/openldap/fortress/ldap/ApacheDsDataProvider.java
+++ b/src/main/java/org/openldap/fortress/ldap/ApacheDsDataProvider.java
@@ -911,6 +911,22 @@ public abstract class ApacheDsDataProvider
/**
+ * Given an ldap attribute name and a list of attribute values, construct an ldap attribute set to be added to directory.
+ *
+ * @param list list of type string containing attribute values to load into attribute set.
+ * @param entry contains ldap attribute set targeted for adding.
+ * @param attrName name of ldap attribute being added.
+ */
+ protected void loadAttrs( List<String> list, Entry entry, String attrName ) throws LdapException
+ {
+ if ( list != null && list.size() > 0 )
+ {
+ entry.add( attrName, list.toArray( new String[] {} ) );
+ }
+ }
+
+
+ /**
* Given an ldap attribute name and a list of attribute values, construct an ldap modification set to be updated
* in directory.
*
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/6bf332f7/src/main/java/org/openldap/fortress/rbac/dao/apache/PermDAO.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/openldap/fortress/rbac/dao/apache/PermDAO.java b/src/main/java/org/openldap/fortress/rbac/dao/apache/PermDAO.java
index a2a1261..3396cff 100755
--- a/src/main/java/org/openldap/fortress/rbac/dao/apache/PermDAO.java
+++ b/src/main/java/org/openldap/fortress/rbac/dao/apache/PermDAO.java
@@ -816,7 +816,7 @@ public final class PermDAO extends ApacheDsDataProvider implements org.openldap.
* record storage on ldap server but can be disabled.
*
* @param session contains {@link Session#getUserId()}, for rbac check {@link org.openldap.fortress.rbac.Session#getRoles()}, for arbac check: {@link org.openldap.fortress.rbac.Session#getAdminRoles()}.
- * @param inPerm must contain required attributes {@link Permission#objName} and {@link Permission#opName}. {@link Permission#objectId} is optional.
+ * @param inPerm must contain required attributes {@link Permission#objName} and {@link Permission#opName}. {@link Permission#objId} is optional.
* @return boolean containing result of check.
* @throws org.openldap.fortress.FinderException
* In the event system error occurs looking up data on ldap server.
@@ -836,6 +836,12 @@ public final class PermDAO extends ApacheDsDataProvider implements org.openldap.
// LDAP Operation #1: Read the targeted permission from ldap server
//LDAPEntry entry = read(ld, dn, PERMISSION_OP_ATRS, session.getUser().getDn());
Entry entry = read( ld, dn, PERMISSION_OP_ATRS );
+ if(entry == null)
+ {
+ // if permission not found, cannot continue.
+ String error = "checkPermission DOES NOT EXIST : obj name [" + inPerm.getObjName() + "], obj id [" + inPerm.getObjId() + "], op name [" + inPerm.getOpName() + "], idAdmin [" + inPerm.isAdmin() + "]";
+ throw new FinderException( GlobalErrIds.PERM_NOT_EXIST, error );
+ }
// load the permission entity with data retrieved from the permission node:
Permission outPerm = unloadPopLdapEntry( entry, 0, inPerm.isAdmin() );
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/6bf332f7/src/main/java/org/openldap/fortress/rbac/dao/apache/UserDAO.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/openldap/fortress/rbac/dao/apache/UserDAO.java b/src/main/java/org/openldap/fortress/rbac/dao/apache/UserDAO.java
index bc892fa..cf6e233 100755
--- a/src/main/java/org/openldap/fortress/rbac/dao/apache/UserDAO.java
+++ b/src/main/java/org/openldap/fortress/rbac/dao/apache/UserDAO.java
@@ -383,12 +383,17 @@ public final class UserDAO extends ApacheDsDataProvider implements org.openldap.
// These are multi-valued attributes, use the util function to load:
// These items are optional. The utility function will return quietly if no items are loaded into collection:
+ loadAttrs( entity.getPhones(), myEntry, TELEPHONE_NUMBER );
+ loadAttrs( entity.getMobiles(), myEntry, MOBILE );
+ loadAttrs( entity.getEmails(), myEntry, MAIL );
+/*
myEntry.add( TELEPHONE_NUMBER, entity.getPhones().toArray( new String[]
{} ) );
myEntry.add( MOBILE, entity.getMobiles().toArray( new String[]
{} ) );
myEntry.add( MAIL, entity.getEmails().toArray( new String[]
{} ) );
+*/
// The following attributes are optional:
if ( VUtil.isNotNullOrEmpty( entity.isSystem() ) )
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/6bf332f7/src/main/java/org/openldap/fortress/rbac/dao/unboundid/PermDAO.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/openldap/fortress/rbac/dao/unboundid/PermDAO.java b/src/main/java/org/openldap/fortress/rbac/dao/unboundid/PermDAO.java
index 2395d10..e39ac4f 100755
--- a/src/main/java/org/openldap/fortress/rbac/dao/unboundid/PermDAO.java
+++ b/src/main/java/org/openldap/fortress/rbac/dao/unboundid/PermDAO.java
@@ -782,7 +782,7 @@ public final class PermDAO extends UnboundIdDataProvider implements org.openldap
* record storage on ldap server but can be disabled.
*
* @param session contains {@link Session#getUserId()}, for rbac check {@link org.openldap.fortress.rbac.Session#getRoles()}, for arbac check: {@link org.openldap.fortress.rbac.Session#getAdminRoles()}.
- * @param inPerm must contain required attributes {@link Permission#objName} and {@link Permission#opName}. {@link Permission#objectId} is optional.
+ * @param inPerm must contain required attributes {@link Permission#objName} and {@link Permission#opName}. {@link Permission#objId} is optional.
* @return boolean containing result of check.
* @throws org.openldap.fortress.FinderException
* In the event system error occurs looking up data on ldap server.
@@ -800,6 +800,13 @@ public final class PermDAO extends UnboundIdDataProvider implements org.openldap
ld = getAdminConnection();
// LDAP Operation #1: Read the targeted permission from ldap server
LDAPEntry entry = read( ld, dn, PERMISSION_OP_ATRS );
+ if(entry == null)
+ {
+ // if permission not found, cannot continue.
+ String error = "checkPermission DOES NOT EXIST : obj name [" + inPerm.getObjName() + "], obj id [" + inPerm.getObjId() + "], op name [" + inPerm.getOpName() + "], idAdmin [" + inPerm.isAdmin() + "]";
+ throw new FinderException( GlobalErrIds.PERM_NOT_EXIST, error );
+ }
+
// load the permission entity with data retrieved from the permission node:
Permission outPerm = unloadPopLdapEntry( entry, 0, inPerm.isAdmin() );
// The admin flag will be set to 'true' if this is an administrative permission:
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/6bf332f7/src/test/java/org/openldap/fortress/rbac/AccessMgrImplTest.java
----------------------------------------------------------------------
diff --git a/src/test/java/org/openldap/fortress/rbac/AccessMgrImplTest.java b/src/test/java/org/openldap/fortress/rbac/AccessMgrImplTest.java
index cbddd3f..721ae08 100755
--- a/src/test/java/org/openldap/fortress/rbac/AccessMgrImplTest.java
+++ b/src/test/java/org/openldap/fortress/rbac/AccessMgrImplTest.java
@@ -744,13 +744,23 @@ public class AccessMgrImplTest extends TestCase
.getObjId( opArray[j] ) ) ) );
// Call checkAccess method (this should fail):
- assertTrue(
- CLS_NM + ".checkAccess failed userId [" + user.getUserId() + "] Perm objName ["
+ try
+ {
+ boolean result = accessMgr.checkAccess( session, new Permission( PermTestData.getName( oArrayBad[i] ),
+ PermTestData.getName( opArrayBad[j] ), PermTestData.getObjId( opArrayBad[j] ) ) );
+ assertTrue(
+ CLS_NM + ".checkAccess failed userId [" + user.getUserId() + "] Perm objName ["
+ + PermTestData.getName( oArrayBad[i] ) + "] operationName ["
+ + PermTestData.getName( opArrayBad[j] ) + "]",
+ !result );
+ }
+ catch (SecurityException se)
+ {
+ // The expected condition is security exception perm not exist:
+ assertTrue( CLS_NM + ".checkAccess failed userId [" + user.getUserId() + "] Perm objName ["
+ PermTestData.getName( oArrayBad[i] ) + "] operationName ["
- + PermTestData.getName( opArrayBad[j] ) + "]",
- !accessMgr.checkAccess( session, new Permission( PermTestData.getName( oArrayBad[i] ),
- PermTestData.getName( opArrayBad[j] ), PermTestData.getObjId( opArrayBad[j] ) ) ) );
-
+ + PermTestData.getName( opArrayBad[j] ) + "], negative use case, incorrect exception id=" + se.getErrorId(), se.getErrorId() == GlobalErrIds.PERM_NOT_EXIST );
+ }
j++;
}
i++;
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/6bf332f7/src/test/java/org/openldap/fortress/rbac/DelegatedMgrImplTest.java
----------------------------------------------------------------------
diff --git a/src/test/java/org/openldap/fortress/rbac/DelegatedMgrImplTest.java b/src/test/java/org/openldap/fortress/rbac/DelegatedMgrImplTest.java
index 6e360aa..e72dfdb 100755
--- a/src/test/java/org/openldap/fortress/rbac/DelegatedMgrImplTest.java
+++ b/src/test/java/org/openldap/fortress/rbac/DelegatedMgrImplTest.java
@@ -548,13 +548,23 @@ public class DelegatedMgrImplTest extends TestCase
for ( String[] op : opArrayBad )
{
// Call checkAccess method (this should fail):
- assertTrue(
- CLS_NM + ".checkAccess failed userId [" + user.getUserId() + "] Perm objName ["
+ try
+ {
+ boolean result = dAccessMgr.checkAccess( session, new Permission( PermTestData.getName( oArrayBad[i] ),
+ PermTestData.getName( opArrayBad[j] ) ) );
+ assertTrue(
+ CLS_NM + ".checkAccess failed userId [" + user.getUserId() + "] Perm objName ["
+ + PermTestData.getName( oArrayBad[i] ) + "] operationName ["
+ + PermTestData.getName( opArrayBad[j] ) + "]",
+ !result );
+ }
+ catch (SecurityException se)
+ {
+ // The expected condition is security exception perm not exist:
+ assertTrue( CLS_NM + ".checkAccess failed userId [" + user.getUserId() + "] Perm objName ["
+ PermTestData.getName( oArrayBad[i] ) + "] operationName ["
- + PermTestData.getName( opArrayBad[j] ) + "]",
- !dAccessMgr.checkAccess( session, new Permission( PermTestData.getName( oArrayBad[i] ),
- PermTestData.getName( opArrayBad[j] ) ) ) );
-
+ + PermTestData.getName( opArrayBad[j] ) + "], negative use case, incorrect exception id=" + se.getErrorId(), se.getErrorId() == GlobalErrIds.PERM_NOT_EXIST );
+ }
j++;
}
i++;