You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by tr...@apache.org on 2005/09/30 06:45:50 UTC
svn commit: r292631 -
/directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/authz/support/
Author: trustin
Date: Thu Sep 29 21:45:42 2005
New Revision: 292631
URL: http://svn.apache.org/viewcvs?rev=292631&view=rev
Log:
Changed method signature to let users specify multiple user group names.
Modified:
directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/authz/support/ACDFEngine.java
directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/authz/support/ACITupleFilter.java
directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/authz/support/HighestPrecedenceFilter.java
directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/authz/support/MaxImmSubFilter.java
directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/authz/support/MaxValueCountFilter.java
directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/authz/support/MicroOperationFilter.java
directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/authz/support/MostSpecificProtectedItemFilter.java
directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/authz/support/MostSpecificUserClassFilter.java
directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/authz/support/RelatedProtectedItemFilter.java
directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/authz/support/RelatedUserClassFilter.java
directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/authz/support/RestrictedByFilter.java
Modified: directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/authz/support/ACDFEngine.java
URL: http://svn.apache.org/viewcvs/directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/authz/support/ACDFEngine.java?rev=292631&r1=292630&r2=292631&view=diff
==============================================================================
--- directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/authz/support/ACDFEngine.java (original)
+++ directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/authz/support/ACDFEngine.java Thu Sep 29 21:45:42 2005
@@ -70,7 +70,7 @@
* if the user doesn't have any permission to perform the specified grants.
*
* @param next the next interceptor to the current interceptor
- * @param userGroupName the DN of the group of the user who is trying to access the resource
+ * @param userGroupNames the DN of the group of the user who is trying to access the resource
* @param username the DN of the user who is trying to access the resource
* @param entryName the DN of the entry the user is trying to access
* @param attrId the attribute type of the attribute the user is trying to access.
@@ -83,13 +83,13 @@
*/
public void checkPermission(
NextInterceptor next,
- Name userGroupName, Name username, AuthenticationLevel authenticationLevel,
+ Collection userGroupNames, Name username, AuthenticationLevel authenticationLevel,
Name entryName, String attrId, Object attrValue,
Collection microOperations, Collection aciTuples ) throws NamingException
{
if( !hasPermission(
next,
- userGroupName, username, authenticationLevel,
+ userGroupNames, username, authenticationLevel,
entryName, attrId, attrValue,
microOperations, aciTuples ) )
{
@@ -103,7 +103,7 @@
* if the user doesn't have any permission to perform the specified grants.
*
* @param next the next interceptor to the current interceptor
- * @param userGroupName the DN of the group of the user who is trying to access the resource
+ * @param userGroupNames the DN of the group of the user who is trying to access the resource
* @param userName the DN of the user who is trying to access the resource
* @param entryName the DN of the entry the user is trying to access
* @param attrId the attribute type of the attribute the user is trying to access.
@@ -115,7 +115,7 @@
*/
public boolean hasPermission(
NextInterceptor next,
- Name userGroupName, Name userName, AuthenticationLevel authenticationLevel,
+ Collection userGroupNames, Name userName, AuthenticationLevel authenticationLevel,
Name entryName, String attrId, Object attrValue,
Collection microOperations, Collection aciTuples ) throws NamingException
{
@@ -151,7 +151,7 @@
ACITupleFilter filter = filters[ i ];
aciTuples = filter.filter(
aciTuples, scope, next,
- userGroupName, userName, userEntry, authenticationLevel,
+ userGroupNames, userName, userEntry, authenticationLevel,
entryName, attrId, attrValue, entry, microOperations );
}
Modified: directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/authz/support/ACITupleFilter.java
URL: http://svn.apache.org/viewcvs/directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/authz/support/ACITupleFilter.java?rev=292631&r1=292630&r2=292631&view=diff
==============================================================================
--- directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/authz/support/ACITupleFilter.java (original)
+++ directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/authz/support/ACITupleFilter.java Thu Sep 29 21:45:42 2005
@@ -31,7 +31,7 @@
{
Collection filter(
Collection tuples, OperationScope scope, NextInterceptor next,
- Name userGroupName, Name userName, Attributes userEntry,
+ Collection userGroupNames, Name userName, Attributes userEntry,
AuthenticationLevel authenticationLevel,
Name entryName, String attrId, Object attrValue, Attributes entry,
Collection microOperations ) throws NamingException;
Modified: directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/authz/support/HighestPrecedenceFilter.java
URL: http://svn.apache.org/viewcvs/directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/authz/support/HighestPrecedenceFilter.java?rev=292631&r1=292630&r2=292631&view=diff
==============================================================================
--- directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/authz/support/HighestPrecedenceFilter.java (original)
+++ directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/authz/support/HighestPrecedenceFilter.java Thu Sep 29 21:45:42 2005
@@ -31,7 +31,7 @@
public class HighestPrecedenceFilter implements ACITupleFilter
{
- public Collection filter( Collection tuples, OperationScope scope, NextInterceptor next, Name userGroupName, Name userName, Attributes userEntry, AuthenticationLevel authenticationLevel, Name entryName, String attrId, Object attrValue, Attributes entry, Collection microOperations ) throws NamingException
+ public Collection filter( Collection tuples, OperationScope scope, NextInterceptor next, Collection userGroupNames, Name userName, Attributes userEntry, AuthenticationLevel authenticationLevel, Name entryName, String attrId, Object attrValue, Attributes entry, Collection microOperations ) throws NamingException
{
if( tuples.size() <= 1 )
{
Modified: directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/authz/support/MaxImmSubFilter.java
URL: http://svn.apache.org/viewcvs/directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/authz/support/MaxImmSubFilter.java?rev=292631&r1=292630&r2=292631&view=diff
==============================================================================
--- directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/authz/support/MaxImmSubFilter.java (original)
+++ directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/authz/support/MaxImmSubFilter.java Thu Sep 29 21:45:42 2005
@@ -47,7 +47,7 @@
childrenSearchControls.setSearchScope( SearchControls.ONELEVEL_SCOPE );
}
- public Collection filter( Collection tuples, OperationScope scope, NextInterceptor next, Name userGroupName, Name userName, Attributes userEntry, AuthenticationLevel authenticationLevel, Name entryName, String attrId, Object attrValue, Attributes entry, Collection microOperations ) throws NamingException
+ public Collection filter( Collection tuples, OperationScope scope, NextInterceptor next, Collection userGroupNames, Name userName, Attributes userEntry, AuthenticationLevel authenticationLevel, Name entryName, String attrId, Object attrValue, Attributes entry, Collection microOperations ) throws NamingException
{
if( entryName.size() == 0 )
{
Modified: directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/authz/support/MaxValueCountFilter.java
URL: http://svn.apache.org/viewcvs/directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/authz/support/MaxValueCountFilter.java?rev=292631&r1=292630&r2=292631&view=diff
==============================================================================
--- directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/authz/support/MaxValueCountFilter.java (original)
+++ directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/authz/support/MaxValueCountFilter.java Thu Sep 29 21:45:42 2005
@@ -34,7 +34,7 @@
public class MaxValueCountFilter implements ACITupleFilter
{
- public Collection filter( Collection tuples, OperationScope scope, NextInterceptor next, Name userGroupName, Name userName, Attributes userEntry, AuthenticationLevel authenticationLevel, Name entryName, String attrId, Object attrValue, Attributes entry, Collection microOperations ) throws NamingException
+ public Collection filter( Collection tuples, OperationScope scope, NextInterceptor next, Collection userGroupNames, Name userName, Attributes userEntry, AuthenticationLevel authenticationLevel, Name entryName, String attrId, Object attrValue, Attributes entry, Collection microOperations ) throws NamingException
{
if( scope != OperationScope.ATTRIBUTE_TYPE_AND_VALUE )
{
Modified: directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/authz/support/MicroOperationFilter.java
URL: http://svn.apache.org/viewcvs/directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/authz/support/MicroOperationFilter.java?rev=292631&r1=292630&r2=292631&view=diff
==============================================================================
--- directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/authz/support/MicroOperationFilter.java (original)
+++ directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/authz/support/MicroOperationFilter.java Thu Sep 29 21:45:42 2005
@@ -32,7 +32,7 @@
public class MicroOperationFilter implements ACITupleFilter
{
- public Collection filter( Collection tuples, OperationScope scope, NextInterceptor next, Name userGroupName, Name userName, Attributes userEntry, AuthenticationLevel authenticationLevel, Name entryName, String attrId, Object attrValue, Attributes entry, Collection microOperations ) throws NamingException
+ public Collection filter( Collection tuples, OperationScope scope, NextInterceptor next, Collection userGroupNames, Name userName, Attributes userEntry, AuthenticationLevel authenticationLevel, Name entryName, String attrId, Object attrValue, Attributes entry, Collection microOperations ) throws NamingException
{
if( tuples.size() == 0 )
{
Modified: directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/authz/support/MostSpecificProtectedItemFilter.java
URL: http://svn.apache.org/viewcvs/directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/authz/support/MostSpecificProtectedItemFilter.java?rev=292631&r1=292630&r2=292631&view=diff
==============================================================================
--- directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/authz/support/MostSpecificProtectedItemFilter.java (original)
+++ directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/authz/support/MostSpecificProtectedItemFilter.java Thu Sep 29 21:45:42 2005
@@ -33,7 +33,7 @@
public class MostSpecificProtectedItemFilter implements ACITupleFilter
{
- public Collection filter( Collection tuples, OperationScope scope, NextInterceptor next, Name userGroupName, Name userName, Attributes userEntry, AuthenticationLevel authenticationLevel, Name entryName, String attrId, Object attrValue, Attributes entry, Collection microOperations ) throws NamingException
+ public Collection filter( Collection tuples, OperationScope scope, NextInterceptor next, Collection userGroupNames, Name userName, Attributes userEntry, AuthenticationLevel authenticationLevel, Name entryName, String attrId, Object attrValue, Attributes entry, Collection microOperations ) throws NamingException
{
if( tuples.size() <= 1 )
{
Modified: directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/authz/support/MostSpecificUserClassFilter.java
URL: http://svn.apache.org/viewcvs/directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/authz/support/MostSpecificUserClassFilter.java?rev=292631&r1=292630&r2=292631&view=diff
==============================================================================
--- directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/authz/support/MostSpecificUserClassFilter.java (original)
+++ directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/authz/support/MostSpecificUserClassFilter.java Thu Sep 29 21:45:42 2005
@@ -33,7 +33,7 @@
public class MostSpecificUserClassFilter implements ACITupleFilter
{
- public Collection filter( Collection tuples, OperationScope scope, NextInterceptor next, Name userGroupName, Name userName, Attributes userEntry, AuthenticationLevel authenticationLevel, Name entryName, String attrId, Object attrValue, Attributes entry, Collection microOperations ) throws NamingException
+ public Collection filter( Collection tuples, OperationScope scope, NextInterceptor next, Collection userGroupNames, Name userName, Attributes userEntry, AuthenticationLevel authenticationLevel, Name entryName, String attrId, Object attrValue, Attributes entry, Collection microOperations ) throws NamingException
{
if( tuples.size() <= 1 )
{
Modified: directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/authz/support/RelatedProtectedItemFilter.java
URL: http://svn.apache.org/viewcvs/directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/authz/support/RelatedProtectedItemFilter.java?rev=292631&r1=292630&r2=292631&view=diff
==============================================================================
--- directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/authz/support/RelatedProtectedItemFilter.java (original)
+++ directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/authz/support/RelatedProtectedItemFilter.java Thu Sep 29 21:45:42 2005
@@ -52,7 +52,7 @@
this.entryEvaluator = entryEvaluator;
}
- public Collection filter( Collection tuples, OperationScope scope, NextInterceptor next, Name userGroupName, Name userName, Attributes userEntry, AuthenticationLevel authenticationLevel, Name entryName, String attrId, Object attrValue, Attributes entry, Collection microOperations ) throws NamingException
+ public Collection filter( Collection tuples, OperationScope scope, NextInterceptor next, Collection userGroupNames, Name userName, Attributes userEntry, AuthenticationLevel authenticationLevel, Name entryName, String attrId, Object attrValue, Attributes entry, Collection microOperations ) throws NamingException
{
if( tuples.size() == 0 )
{
Modified: directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/authz/support/RelatedUserClassFilter.java
URL: http://svn.apache.org/viewcvs/directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/authz/support/RelatedUserClassFilter.java?rev=292631&r1=292630&r2=292631&view=diff
==============================================================================
--- directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/authz/support/RelatedUserClassFilter.java (original)
+++ directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/authz/support/RelatedUserClassFilter.java Thu Sep 29 21:45:42 2005
@@ -44,7 +44,7 @@
this.subtreeEvaluator = subtreeEvaluator;
}
- public Collection filter( Collection tuples, OperationScope scope, NextInterceptor next, Name userGroupName, Name userName, Attributes userEntry, AuthenticationLevel authenticationLevel, Name entryName, String attrId, Object attrValue, Attributes entry, Collection microOperations ) throws NamingException
+ public Collection filter( Collection tuples, OperationScope scope, NextInterceptor next, Collection userGroupNames, Name userName, Attributes userEntry, AuthenticationLevel authenticationLevel, Name entryName, String attrId, Object attrValue, Attributes entry, Collection microOperations ) throws NamingException
{
if( tuples.size() == 0 )
{
@@ -56,7 +56,7 @@
ACITuple tuple = ( ACITuple ) i.next();
if( tuple.isGrant() )
{
- if( !isRelated( userGroupName, userName, userEntry, entryName, tuple.getUserClasses() ) ||
+ if( !isRelated( userGroupNames, userName, userEntry, entryName, tuple.getUserClasses() ) ||
authenticationLevel.compareTo( tuple.getAuthenticationLevel() ) < 0 )
{
i.remove();
@@ -64,7 +64,7 @@
}
else // Denials
{
- if( !isRelated( userGroupName, userName, userEntry, entryName, tuple.getUserClasses() ) &&
+ if( !isRelated( userGroupNames, userName, userEntry, entryName, tuple.getUserClasses() ) &&
authenticationLevel.compareTo( tuple.getAuthenticationLevel() ) >= 0 )
{
i.remove();
@@ -75,7 +75,7 @@
return tuples;
}
- private boolean isRelated( Name userGroupName, Name userName, Attributes userEntry, Name entryName, Collection userClasses ) throws NamingException
+ private boolean isRelated( Collection userGroupNames, Name userName, Attributes userEntry, Name entryName, Collection userClasses ) throws NamingException
{
for( Iterator i = userClasses.iterator(); i.hasNext(); )
{
@@ -102,9 +102,13 @@
else if( userClass instanceof UserClass.UserGroup )
{
UserClass.UserGroup userGroupUserClass = ( UserClass.UserGroup ) userClass;
- if( userGroupName != null && userGroupUserClass.getNames().contains( userGroupName ) )
+ for( Iterator j = userGroupNames.iterator(); j.hasNext(); )
{
- return true;
+ Name userGroupName = ( Name ) j.next();
+ if( userGroupName != null && userGroupUserClass.getNames().contains( userGroupName ) )
+ {
+ return true;
+ }
}
}
else if( userClass instanceof UserClass.Subtree )
Modified: directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/authz/support/RestrictedByFilter.java
URL: http://svn.apache.org/viewcvs/directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/authz/support/RestrictedByFilter.java?rev=292631&r1=292630&r2=292631&view=diff
==============================================================================
--- directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/authz/support/RestrictedByFilter.java (original)
+++ directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/authz/support/RestrictedByFilter.java Thu Sep 29 21:45:42 2005
@@ -34,7 +34,7 @@
public class RestrictedByFilter implements ACITupleFilter
{
- public Collection filter( Collection tuples, OperationScope scope, NextInterceptor next, Name userGroupName, Name userName, Attributes userEntry, AuthenticationLevel authenticationLevel, Name entryName, String attrId, Object attrValue, Attributes entry, Collection microOperations ) throws NamingException
+ public Collection filter( Collection tuples, OperationScope scope, NextInterceptor next, Collection userGroupNames, Name userName, Attributes userEntry, AuthenticationLevel authenticationLevel, Name entryName, String attrId, Object attrValue, Attributes entry, Collection microOperations ) throws NamingException
{
if( scope != OperationScope.ATTRIBUTE_TYPE_AND_VALUE )
{