You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by el...@apache.org on 2010/01/06 19:27:19 UTC
svn commit: r896599 [14/30] - in /directory/apacheds/trunk: ./
avl-partition/ avl-partition/src/ avl-partition/src/main/
avl-partition/src/main/java/ avl-partition/src/main/java/org/
avl-partition/src/main/java/org/apache/ avl-partition/src/main/java/o...
Modified: directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/AciAuthorizationInterceptor.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/AciAuthorizationInterceptor.java?rev=896599&r1=896598&r2=896599&view=diff
==============================================================================
--- directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/AciAuthorizationInterceptor.java (original)
+++ directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/AciAuthorizationInterceptor.java Wed Jan 6 18:26:43 2010
@@ -20,8 +20,6 @@
package org.apache.directory.server.core.authz;
-import javax.naming.directory.SearchControls;
-
import java.text.ParseException;
import java.util.ArrayList;
import java.util.Collection;
@@ -30,11 +28,13 @@
import java.util.List;
import java.util.Set;
+import javax.naming.directory.SearchControls;
+
import org.apache.directory.server.constants.ServerDNConstants;
import org.apache.directory.server.core.CoreSession;
import org.apache.directory.server.core.DefaultCoreSession;
import org.apache.directory.server.core.DirectoryService;
-import org.apache.directory.server.core.authn.LdapPrincipal;
+import org.apache.directory.server.core.LdapPrincipal;
import org.apache.directory.server.core.authz.support.ACDFEngine;
import org.apache.directory.server.core.entry.ClonedServerEntry;
import org.apache.directory.server.core.entry.ServerAttribute;
@@ -61,10 +61,6 @@
import org.apache.directory.server.core.interceptor.context.SearchingOperationContext;
import org.apache.directory.server.core.partition.ByPassConstants;
import org.apache.directory.server.core.subtree.SubentryInterceptor;
-import org.apache.directory.server.schema.ConcreteNameComponentNormalizer;
-import org.apache.directory.server.schema.registries.AttributeTypeRegistry;
-import org.apache.directory.server.schema.registries.OidRegistry;
-import org.apache.directory.server.schema.registries.Registries;
import org.apache.directory.shared.ldap.aci.ACIItem;
import org.apache.directory.shared.ldap.aci.ACIItemParser;
import org.apache.directory.shared.ldap.aci.ACITuple;
@@ -79,6 +75,8 @@
import org.apache.directory.shared.ldap.message.ResultCodeEnum;
import org.apache.directory.shared.ldap.name.LdapDN;
import org.apache.directory.shared.ldap.schema.AttributeType;
+import org.apache.directory.shared.ldap.schema.SchemaManager;
+import org.apache.directory.shared.ldap.schema.normalizers.ConcreteNameComponentNormalizer;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -97,7 +95,7 @@
private static final Logger LOG = LoggerFactory.getLogger( AciAuthorizationInterceptor.class );
/**
- * the multivalued op attr used to track the perscriptive access control
+ * the multivalued op attr used to track the prescriptive access control
* subentries that apply to an entry.
*/
private static final String AC_SUBENTRY_ATTR = "accessControlSubentries";
@@ -167,13 +165,7 @@
private InterceptorChain chain;
/** Global registries */
- private Registries registries;
-
- /** attribute type registry */
- private AttributeTypeRegistry atRegistry;
-
- /** whether or not this interceptor is activated */
- private boolean enabled;
+ private SchemaManager schemaManager;
/** the system wide subschemaSubentryDn */
private String subschemaSubentryDn;
@@ -203,36 +195,34 @@
super.init( directoryService );
LdapDN adminDn = new LdapDN( ServerDNConstants.ADMIN_SYSTEM_DN_NORMALIZED );
- adminDn.normalize( directoryService.getRegistries().getAttributeTypeRegistry().getNormalizerMapping() );
+ adminDn.normalize( directoryService.getSchemaManager().getNormalizerMapping() );
CoreSession adminSession = new DefaultCoreSession(
new LdapPrincipal( adminDn, AuthenticationLevel.STRONG ), directoryService );
tupleCache = new TupleCache( adminSession );
groupCache = new GroupCache( adminSession );
- registries = directoryService.getRegistries();
- atRegistry = registries.getAttributeTypeRegistry();
- OidRegistry oidRegistry = registries.getOidRegistry();
+ schemaManager = directoryService.getSchemaManager();
+ //ocRegistry = registries.getObjectClassRegistry();
// look up some constant information
- String objectClassOid = oidRegistry.getOid( SchemaConstants.OBJECT_CLASS_AT );
- subentryOid = oidRegistry.getOid( SchemaConstants.SUBENTRY_OC );
- String acSubentryOid = oidRegistry.getOid( AC_SUBENTRY_ATTR );
- objectClassType = atRegistry.lookup( objectClassOid );
- acSubentryType = atRegistry.lookup( acSubentryOid );
- entryAciType = atRegistry.lookup( SchemaConstants.ENTRY_ACI_AT_OID );
- subentryAciType = atRegistry.lookup( SchemaConstants.SUBENTRY_ACI_AT_OID );
+ String objectClassOid = schemaManager.getAttributeTypeRegistry().getOidByName( SchemaConstants.OBJECT_CLASS_AT );
+ subentryOid = schemaManager.getObjectClassRegistry().getOidByName( SchemaConstants.SUBENTRY_OC );
+ String acSubentryOid = schemaManager.getAttributeTypeRegistry().getOidByName( AC_SUBENTRY_ATTR );
+ objectClassType = schemaManager.lookupAttributeTypeRegistry( objectClassOid );
+ acSubentryType = schemaManager.lookupAttributeTypeRegistry( acSubentryOid );
+ entryAciType = schemaManager.lookupAttributeTypeRegistry( SchemaConstants.ENTRY_ACI_AT_OID );
+ subentryAciType = schemaManager.lookupAttributeTypeRegistry( SchemaConstants.SUBENTRY_ACI_AT_OID );
- aciParser = new ACIItemParser( new ConcreteNameComponentNormalizer( atRegistry, oidRegistry ), atRegistry.getNormalizerMapping() );
- engine = new ACDFEngine( registries.getOidRegistry(), atRegistry );
+ aciParser = new ACIItemParser( new ConcreteNameComponentNormalizer( schemaManager ), schemaManager.getNormalizerMapping() );
+ engine = new ACDFEngine( schemaManager.getGlobalOidRegistry(), schemaManager );
chain = directoryService.getInterceptorChain();
- enabled = directoryService.isAccessControlEnabled();
// stuff for dealing with subentries (garbage for now)
Value<?> subschemaSubentry =
directoryService.getPartitionNexus().getRootDSE( null ).
get( SchemaConstants.SUBSCHEMA_SUBENTRY_AT ).get();
LdapDN subschemaSubentryDnName = new LdapDN( subschemaSubentry.getString() );
- subschemaSubentryDnName.normalize( atRegistry.getNormalizerMapping() );
+ subschemaSubentryDnName.normalize( schemaManager.getNormalizerMapping() );
subschemaSubentryDn = subschemaSubentryDnName.toNormName();
}
@@ -250,10 +240,10 @@
if ( isTheAdministrator( dn ) )
{
- String msg = "User '" + principalDn.getUpName();
+ String msg = "User '" + principalDn.getName();
msg += "' does not have permission to move or rename the admin";
msg += " account. No one not even the admin can del, move or";
- msg += " rename " + dn.getUpName() + "!";
+ msg += " rename " + dn.getName() + "!";
LOG.error( msg );
throw new LdapNoPermissionException( msg );
}
@@ -443,7 +433,7 @@
LdapDN name = addContext.getDn();
// bypass authz code if we are disabled
- if ( !enabled )
+ if ( !addContext.getSession().getDirectoryService().isAccessControlEnabled() )
{
next.add( addContext );
return;
@@ -477,7 +467,7 @@
addSubentryAciTuples( addContext, tuples, name, subentryAttrs );
// check if entry scope permission is granted
- engine.checkPermission( registries, addContext, userGroups, principalDn, principal.getAuthenticationLevel(), name, null, null,
+ engine.checkPermission( schemaManager, addContext, userGroups, principalDn, principal.getAuthenticationLevel(), name, null, null,
ADD_PERMS, tuples, subentryAttrs, null );
// now we must check if attribute type and value scope permission is granted
@@ -485,7 +475,7 @@
{
for ( Value<?> value:attribute )
{
- engine.checkPermission( registries, addContext, userGroups, principalDn,
+ engine.checkPermission( schemaManager, addContext, userGroups, principalDn,
principal.getAuthenticationLevel(), name, attribute.getUpId(), value,
ADD_PERMS, tuples, serverEntry, null );
}
@@ -515,7 +505,7 @@
LdapDN principalDn = principal.getJndiName();
// bypass authz code if we are disabled
- if ( ! enabled )
+ if ( ! deleteContext.getSession().getDirectoryService().isAccessControlEnabled() )
{
next.delete( deleteContext );
return;
@@ -540,7 +530,7 @@
addEntryAciTuples( tuples, entry );
addSubentryAciTuples( deleteContext, tuples, name, entry );
- engine.checkPermission( registries, deleteContext, userGroups, principalDn,
+ engine.checkPermission( schemaManager, deleteContext, userGroups, principalDn,
principal.getAuthenticationLevel(), name, null, null, REMOVE_PERMS, tuples, entry, null );
next.delete( deleteContext );
@@ -560,7 +550,7 @@
LdapDN principalDn = principal.getJndiName();
// bypass authz code if we are disabled
- if ( !enabled )
+ if ( !opContext.getSession().getDirectoryService().isAccessControlEnabled() )
{
next.modify( opContext );
return;
@@ -577,7 +567,7 @@
*/
ServerEntry modifiedEntry = opContext.lookup( name, ByPassConstants.LOOKUP_BYPASS );
tupleCache.subentryModified( name, mods, modifiedEntry );
- groupCache.groupModified( name, mods, entry, registries );
+ groupCache.groupModified( name, mods, entry, schemaManager );
return;
}
@@ -587,7 +577,7 @@
addEntryAciTuples( tuples, entry );
addSubentryAciTuples( opContext, tuples, name, entry );
- engine.checkPermission( registries, opContext, userGroups, principalDn,
+ engine.checkPermission( schemaManager, opContext, userGroups, principalDn,
principal.getAuthenticationLevel(), name, null, null,
Collections.singleton( MicroOperation.MODIFY ), tuples, entry, null );
@@ -607,7 +597,7 @@
if ( entry.get( attr.getId() ) == null )
{
// ... we also need to check if adding the attribute is permitted
- engine.checkPermission( registries, opContext, userGroups, principalDn, principal.getAuthenticationLevel(), name,
+ engine.checkPermission( schemaManager, opContext, userGroups, principalDn, principal.getAuthenticationLevel(), name,
attr.getId(), null, perms, tuples, entry, null );
}
@@ -623,7 +613,7 @@
if ( entryAttr.size() == 1 )
{
// ... we also need to check if removing the attribute at all is permitted
- engine.checkPermission( registries, opContext, userGroups, principalDn,
+ engine.checkPermission( schemaManager, opContext, userGroups, principalDn,
principal.getAuthenticationLevel(), name, attr.getId(),
null, perms, tuples, entry, null );
}
@@ -649,11 +639,11 @@
* not the individual Value Additions) we just handle this when the first value of an
* attribute is being checked for relevant permissions below.
*/
- entryView = ServerEntryUtils.getTargetEntry( mod, entryView, registries );
+ entryView = ServerEntryUtils.getTargetEntry( mod, entryView, schemaManager );
for ( Value<?> value:attr )
{
- engine.checkPermission( registries, opContext, userGroups, principalDn,
+ engine.checkPermission( schemaManager, opContext, userGroups, principalDn,
principal.getAuthenticationLevel(), name, attr.getId(), value,
perms, tuples, entry, entryView );
}
@@ -667,14 +657,15 @@
*/
ServerEntry modifiedEntry = opContext.lookup( name, ByPassConstants.LOOKUP_BYPASS );
tupleCache.subentryModified( name, mods, modifiedEntry );
- groupCache.groupModified( name, mods, entry, registries );
+ groupCache.groupModified( name, mods, entry, schemaManager );
}
public boolean hasEntry( NextInterceptor next, EntryOperationContext entryContext ) throws Exception
{
LdapDN name = entryContext.getDn();
- if ( ! enabled )
+
+ if ( ! entryContext.getSession().getDirectoryService().isAccessControlEnabled() )
{
return name.size() == 0 || next.hasEntry( entryContext );
}
@@ -705,7 +696,7 @@
addSubentryAciTuples( entryContext, tuples, name, entry.getOriginalEntry() );
// check that we have browse access to the entry
- engine.checkPermission( registries, entryContext, userGroups, principalDn,
+ engine.checkPermission( schemaManager, entryContext, userGroups, principalDn,
principal.getAuthenticationLevel(), name, null, null,
BROWSE_PERMS, tuples, entry.getOriginalEntry(), null );
@@ -745,7 +736,7 @@
addSubentryAciTuples( lookupContext, tuples, lookupContext.getDn(), entry );
// check that we have read access to the entry
- engine.checkPermission( registries, lookupContext, userGroups, userName, principal.getAuthenticationLevel(),
+ engine.checkPermission( schemaManager, lookupContext, userGroups, userName, principal.getAuthenticationLevel(),
lookupContext.getDn(), null, null,
LOOKUP_PERMS, tuples, entry, null );
@@ -756,7 +747,7 @@
for ( Value<?> value:attribute )
{
engine.checkPermission(
- registries,
+ schemaManager,
lookupContext,
userGroups,
userName,
@@ -780,10 +771,10 @@
if ( !principalDn.isNormalized() )
{
- principalDn.normalize( atRegistry.getNormalizerMapping() );
+ principalDn.normalize( schemaManager.getNormalizerMapping() );
}
- if ( isPrincipalAnAdministrator( principalDn ) || !enabled )
+ if ( isPrincipalAnAdministrator( principalDn ) || !lookupContext.getSession().getDirectoryService().isAccessControlEnabled() )
{
return next.lookup( lookupContext );
}
@@ -799,51 +790,52 @@
public void rename( NextInterceptor next, RenameOperationContext renameContext ) throws Exception
{
- LdapDN name = renameContext.getDn();
-
- ClonedServerEntry entry = renameContext.lookup( name, ByPassConstants.LOOKUP_BYPASS );
+ LdapDN oldName = renameContext.getDn();
+ ServerEntry originalEntry = null;
+
+ if ( renameContext.getEntry() != null )
+ {
+ originalEntry = renameContext.getEntry().getOriginalEntry();
+ }
LdapPrincipal principal = renameContext.getSession().getEffectivePrincipal();
LdapDN principalDn = principal.getJndiName();
- LdapDN newName = ( LdapDN ) name.clone();
- newName.remove( name.size() - 1 );
-
- newName.add( renameContext.getNewRdn() );
+ LdapDN newName = renameContext.getNewDn();
// bypass authz code if we are disabled
- if ( !enabled )
+ if ( !renameContext.getSession().getDirectoryService().isAccessControlEnabled() )
{
next.rename( renameContext );
return;
}
- protectCriticalEntries( name );
+ protectCriticalEntries( oldName );
// bypass authz code but manage caches if operation is performed by the admin
if ( isPrincipalAnAdministrator( principalDn ) )
{
next.rename( renameContext );
- tupleCache.subentryRenamed( name, newName );
+ tupleCache.subentryRenamed( oldName, newName );
// TODO : this method returns a boolean : what should we do with the result ?
- groupCache.groupRenamed( name, newName );
+ groupCache.groupRenamed( oldName, newName );
return;
}
Set<LdapDN> userGroups = groupCache.getGroups( principalDn.toString() );
Collection<ACITuple> tuples = new HashSet<ACITuple>();
- addPerscriptiveAciTuples( renameContext, tuples, name, entry.getOriginalEntry() );
- addEntryAciTuples( tuples, entry );
- addSubentryAciTuples( renameContext, tuples, name, entry );
-
- engine.checkPermission( registries, renameContext, userGroups, principalDn,
- principal.getAuthenticationLevel(), name, null, null,
- RENAME_PERMS, tuples, entry, null );
+ addPerscriptiveAciTuples( renameContext, tuples, oldName, originalEntry );
+ addEntryAciTuples( tuples, originalEntry );
+ addSubentryAciTuples( renameContext, tuples, oldName, originalEntry );
+
+ engine.checkPermission( schemaManager, renameContext, userGroups, principalDn,
+ principal.getAuthenticationLevel(), oldName, null, null,
+ RENAME_PERMS, tuples, originalEntry, null );
next.rename( renameContext );
- tupleCache.subentryRenamed( name, newName );
- groupCache.groupRenamed( name, newName );
+ tupleCache.subentryRenamed( oldName, newName );
+ groupCache.groupRenamed( oldName, newName );
}
@@ -861,7 +853,7 @@
newName.add( moveAndRenameContext.getNewRdn().getUpName() );
// bypass authz code if we are disabled
- if ( !enabled )
+ if ( !moveAndRenameContext.getSession().getDirectoryService().isAccessControlEnabled() )
{
next.moveAndRename( moveAndRenameContext );
return;
@@ -884,7 +876,7 @@
addEntryAciTuples( tuples, entry );
addSubentryAciTuples( moveAndRenameContext, tuples, oriChildName, entry );
- engine.checkPermission( registries, moveAndRenameContext, userGroups,
+ engine.checkPermission( schemaManager, moveAndRenameContext, userGroups,
principalDn, principal.getAuthenticationLevel(), oriChildName, null,
null, MOVERENAME_PERMS, tuples, entry, null );
@@ -915,7 +907,7 @@
addPerscriptiveAciTuples( moveAndRenameContext, destTuples, newName, subentryAttrs );
// Evaluate the target context to see whether it
// allows an entry named newName to be imported as a subordinate.
- engine.checkPermission( registries, moveAndRenameContext, userGroups, principalDn,
+ engine.checkPermission( schemaManager, moveAndRenameContext, userGroups, principalDn,
principal.getAuthenticationLevel(), newName, null,
null, IMPORT_PERMS, destTuples, subentryAttrs, null );
@@ -940,7 +932,7 @@
LdapDN principalDn = principal.getJndiName();
// bypass authz code if we are disabled
- if ( !enabled )
+ if ( !moveContext.getSession().getDirectoryService().isAccessControlEnabled() )
{
next.move( moveContext );
return;
@@ -963,7 +955,7 @@
addEntryAciTuples( tuples, entry );
addSubentryAciTuples( moveContext, tuples, oriChildName, entry );
- engine.checkPermission( registries, moveContext, userGroups, principalDn,
+ engine.checkPermission( schemaManager, moveContext, userGroups, principalDn,
principal.getAuthenticationLevel(), oriChildName, null,
null, EXPORT_PERMS, tuples, entry, null );
@@ -994,7 +986,7 @@
addPerscriptiveAciTuples( moveContext, destTuples, newName, subentryAttrs );
// Evaluate the target context to see whether it
// allows an entry named newName to be imported as a subordinate.
- engine.checkPermission( registries, moveContext, userGroups, principalDn,
+ engine.checkPermission( schemaManager, moveContext, userGroups, principalDn,
principal.getAuthenticationLevel(), newName, null,
null, IMPORT_PERMS, destTuples, subentryAttrs, null );
@@ -1009,7 +1001,7 @@
LdapPrincipal user = opContext.getSession().getEffectivePrincipal();
EntryFilteringCursor cursor = next.list( opContext );
- if ( isPrincipalAnAdministrator( user.getJndiName() ) || !enabled )
+ if ( isPrincipalAnAdministrator( user.getJndiName() ) || !opContext.getSession().getDirectoryService().isAccessControlEnabled() )
{
return cursor;
}
@@ -1030,7 +1022,7 @@
SearchControls searchCtls = opContext.getSearchControls();
boolean isRootDSELookup = opContext.getDn().size() == 0 && searchCtls.getSearchScope() == SearchControls.OBJECT_SCOPE;
- if ( isPrincipalAnAdministrator( principalDn ) || !enabled || isRootDSELookup || isSubschemaSubentryLookup )
+ if ( isPrincipalAnAdministrator( principalDn ) || !opContext.getSession().getDirectoryService().isAccessControlEnabled() || isRootDSELookup || isSubschemaSubentryLookup )
{
return cursor;
}
@@ -1057,7 +1049,7 @@
LdapPrincipal principal = opContext.getSession().getEffectivePrincipal();
LdapDN principalDn = principal.getJndiName();
- if ( isPrincipalAnAdministrator( principalDn ) || !enabled )
+ if ( isPrincipalAnAdministrator( principalDn ) || !opContext.getSession().getDirectoryService().isAccessControlEnabled() )
{
return next.compare( opContext );
}
@@ -1068,10 +1060,10 @@
addEntryAciTuples( tuples, entry );
addSubentryAciTuples( opContext, tuples, name, entry );
- engine.checkPermission( registries, opContext, userGroups, principalDn,
+ engine.checkPermission( schemaManager, opContext, userGroups, principalDn,
principal.getAuthenticationLevel(), name, null, null,
READ_PERMS, tuples, entry, null );
- engine.checkPermission( registries, opContext, userGroups, principalDn,
+ engine.checkPermission( schemaManager, opContext, userGroups, principalDn,
principal.getAuthenticationLevel(), name, oid, value,
COMPARE_PERMS, tuples, entry, null );
@@ -1085,7 +1077,7 @@
LdapPrincipal principal = opContext.getSession().getEffectivePrincipal();
LdapDN principalDn = principal.getJndiName();
- if ( isPrincipalAnAdministrator( principalDn ) || !enabled )
+ if ( isPrincipalAnAdministrator( principalDn ) || !opContext.getSession().getDirectoryService().isAccessControlEnabled() )
{
return next.getMatchedName( opContext );
}
@@ -1107,7 +1099,7 @@
addEntryAciTuples( tuples, entry );
addSubentryAciTuples( opContext, tuples, matched, entry );
- if ( engine.hasPermission( registries, opContext, userGroups, principalDn,
+ if ( engine.hasPermission( schemaManager, opContext, userGroups, principalDn,
principal.getAuthenticationLevel(), matched, null,
null, MATCHEDNAME_PERMS, tuples, entry, null ) )
{
@@ -1145,7 +1137,7 @@
addSubentryAciTuples( opContext, tuples, normName, clonedEntry.getOriginalEntry() );
if ( !engine.hasPermission(
- registries,
+ schemaManager,
opContext,
userGroups,
userDn,
@@ -1177,7 +1169,7 @@
EntryAttribute attr = clonedEntry.get( attributeType );
if ( !engine.hasPermission(
- registries,
+ schemaManager,
opContext,
userGroups,
userDn,
@@ -1201,7 +1193,7 @@
for ( Value<?> value:attr )
{
if ( !engine.hasPermission(
- registries,
+ schemaManager,
opContext,
userGroups,
userDn,
@@ -1246,7 +1238,7 @@
public boolean accept( SearchingOperationContext operationContext, ClonedServerEntry entry )
throws Exception
{
- LdapDN normName = entry.getDn().normalize( atRegistry.getNormalizerMapping() );
+ LdapDN normName = entry.getDn().normalize( schemaManager.getNormalizerMapping() );
return filter( operationContext, normName, entry );
}
}
Modified: directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/DefaultAuthorizationInterceptor.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/DefaultAuthorizationInterceptor.java?rev=896599&r1=896598&r2=896599&view=diff
==============================================================================
--- directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/DefaultAuthorizationInterceptor.java (original)
+++ directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/DefaultAuthorizationInterceptor.java Wed Jan 6 18:26:43 2010
@@ -20,17 +20,16 @@
package org.apache.directory.server.core.authz;
-import javax.naming.NoPermissionException;
-
import java.util.HashSet;
-import java.util.Map;
import java.util.Set;
+import javax.naming.NoPermissionException;
+
import org.apache.directory.server.constants.ServerDNConstants;
import org.apache.directory.server.core.CoreSession;
import org.apache.directory.server.core.DefaultCoreSession;
import org.apache.directory.server.core.DirectoryService;
-import org.apache.directory.server.core.authn.LdapPrincipal;
+import org.apache.directory.server.core.LdapPrincipal;
import org.apache.directory.server.core.entry.ClonedServerEntry;
import org.apache.directory.server.core.entry.ServerEntry;
import org.apache.directory.server.core.filtering.EntryFilter;
@@ -48,8 +47,8 @@
import org.apache.directory.server.core.interceptor.context.RenameOperationContext;
import org.apache.directory.server.core.interceptor.context.SearchOperationContext;
import org.apache.directory.server.core.interceptor.context.SearchingOperationContext;
+import org.apache.directory.server.core.partition.DefaultPartitionNexus;
import org.apache.directory.server.core.partition.PartitionNexus;
-import org.apache.directory.server.schema.registries.AttributeTypeRegistry;
import org.apache.directory.shared.ldap.constants.AuthenticationLevel;
import org.apache.directory.shared.ldap.constants.SchemaConstants;
import org.apache.directory.shared.ldap.entry.EntryAttribute;
@@ -57,13 +56,13 @@
import org.apache.directory.shared.ldap.exception.LdapNoPermissionException;
import org.apache.directory.shared.ldap.name.LdapDN;
import org.apache.directory.shared.ldap.schema.AttributeType;
-import org.apache.directory.shared.ldap.schema.normalizers.OidNormalizer;
+import org.apache.directory.shared.ldap.schema.SchemaManager;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
/**
- * An {@link Interceptor} that controls access to {@link PartitionNexus}.
+ * An {@link Interceptor} that controls access to {@link DefaultPartitionNexus}.
* If a user tries to perform any operations that requires
* permission he or she doesn't have, {@link NoPermissionException} will be
* thrown and therefore the current invocation chain will terminate.
@@ -93,16 +92,8 @@
*/
private static LdapDN ADMIN_GROUP_DN;
- /**
- * the name parser used by this service
- */
- private boolean enabled = true;
-
private Set<String> administrators = new HashSet<String>(2);
- /** The normalizer mapping containing a relation between an OID and a normalizer */
- private Map<String, OidNormalizer> normalizerMapping;
-
private PartitionNexus nexus;
/** A starage for the uniqueMember attributeType */
@@ -121,23 +112,18 @@
public void init( DirectoryService directoryService ) throws Exception
{
nexus = directoryService.getPartitionNexus();
- normalizerMapping = directoryService.getRegistries().getAttributeTypeRegistry().getNormalizerMapping();
+ SchemaManager schemaManager = directoryService.getSchemaManager();
- // disable this static module if basic access control mechanisms are enabled
- enabled = ! directoryService.isAccessControlEnabled();
+ USER_BASE_DN = new LdapDN( ServerDNConstants.ADMIN_SYSTEM_DN );
+ USER_BASE_DN.normalize( schemaManager.getNormalizerMapping() );
- USER_BASE_DN = PartitionNexus.getUsersBaseName();
- USER_BASE_DN.normalize( normalizerMapping );
-
- GROUP_BASE_DN = PartitionNexus.getGroupsBaseName();
- GROUP_BASE_DN.normalize( normalizerMapping );
+ GROUP_BASE_DN = new LdapDN( ServerDNConstants.GROUPS_SYSTEM_DN );
+ GROUP_BASE_DN.normalize( schemaManager.getNormalizerMapping() );
ADMIN_GROUP_DN = new LdapDN( ServerDNConstants.ADMINISTRATORS_GROUP_DN );
- ADMIN_GROUP_DN.normalize( normalizerMapping );
+ ADMIN_GROUP_DN.normalize( schemaManager.getNormalizerMapping() );
- AttributeTypeRegistry attrRegistry = directoryService.getRegistries().getAttributeTypeRegistry();
-
- uniqueMemberAT = attrRegistry.lookup( SchemaConstants.UNIQUE_MEMBER_AT_OID );
+ uniqueMemberAT = schemaManager.lookupAttributeTypeRegistry( SchemaConstants.UNIQUE_MEMBER_AT_OID );
loadAdministrators( directoryService );
}
@@ -148,7 +134,7 @@
// read in the administrators and cache their normalized names
Set<String> newAdministrators = new HashSet<String>( 2 );
LdapDN adminDn = new LdapDN( ServerDNConstants.ADMIN_SYSTEM_DN_NORMALIZED );
- adminDn.normalize( directoryService.getRegistries().getAttributeTypeRegistry().getNormalizerMapping() );
+ adminDn.normalize( directoryService.getSchemaManager().getNormalizerMapping() );
CoreSession adminSession = new DefaultCoreSession(
new LdapPrincipal( adminDn, AuthenticationLevel.STRONG ), directoryService );
@@ -164,7 +150,7 @@
for ( Value<?> value:uniqueMember )
{
LdapDN memberDn = new LdapDN( value.getString() );
- memberDn.normalize( normalizerMapping );
+ memberDn.normalize( directoryService.getSchemaManager().getNormalizerMapping() );
newAdministrators.add( memberDn.getNormName() );
}
@@ -180,7 +166,7 @@
{
LdapDN name = opContext.getDn();
- if ( !enabled )
+ if ( opContext.getSession().getDirectoryService().isAccessControlEnabled() )
{
nextInterceptor.delete( opContext );
return;
@@ -204,7 +190,7 @@
if ( isTheAdministrator( name ) )
{
- String msg = "User " + principalDn.getUpName();
+ String msg = "User " + principalDn.getName();
msg += " does not have permission to delete the admin account.";
msg += " No one not even the admin can delete this account!";
LOG.error( msg );
@@ -217,18 +203,18 @@
{
if ( name.startsWith( USER_BASE_DN ) )
{
- String msg = "User " + principalDn.getUpName();
+ String msg = "User " + principalDn.getName();
msg += " does not have permission to delete the user account: ";
- msg += name.getUpName() + ". Only the admin can delete user accounts.";
+ msg += name.getName() + ". Only the admin can delete user accounts.";
LOG.error( msg );
throw new LdapNoPermissionException( msg );
}
if ( name.startsWith( GROUP_BASE_DN ) )
{
- String msg = "User " + principalDn.getUpName();
+ String msg = "User " + principalDn.getName();
msg += " does not have permission to delete the group entry: ";
- msg += name.getUpName() + ". Only the admin can delete groups.";
+ msg += name.getName() + ". Only the admin can delete groups.";
LOG.error( msg );
throw new LdapNoPermissionException( msg );
}
@@ -265,7 +251,7 @@
public void modify( NextInterceptor nextInterceptor, ModifyOperationContext opContext )
throws Exception
{
- if ( enabled )
+ if ( !opContext.getSession().getDirectoryService().isAccessControlEnabled() )
{
LdapDN dn = opContext.getDn();
@@ -306,7 +292,7 @@
if ( dn.getNormName().equals( ServerDNConstants.ADMIN_SYSTEM_DN_NORMALIZED ) )
{
- String msg = "User " + principalDn.getUpName();
+ String msg = "User " + principalDn.getName();
msg += " does not have permission to modify the account of the";
msg += " admin user.";
LOG.error( msg );
@@ -317,9 +303,9 @@
{
if ( dn.startsWith( USER_BASE_DN ) )
{
- String msg = "User " + principalDn.getUpName();
+ String msg = "User " + principalDn.getName();
msg += " does not have permission to modify the account of the";
- msg += " user " + dn.getUpName() + ".\nEven the owner of an account cannot";
+ msg += " user " + dn.getName() + ".\nEven the owner of an account cannot";
msg += " modify it.\nUser accounts can only be modified by the";
msg += " administrator.";
LOG.error( msg );
@@ -328,9 +314,9 @@
if ( dn.startsWith( GROUP_BASE_DN ) )
{
- String msg = "User " + principalDn.getUpName();
+ String msg = "User " + principalDn.getName();
msg += " does not have permission to modify the group entry ";
- msg += dn.getUpName() + ".\nGroups can only be modified by the admin.";
+ msg += dn.getName() + ".\nGroups can only be modified by the admin.";
LOG.error( msg );
throw new LdapNoPermissionException( msg );
}
@@ -351,7 +337,7 @@
public void rename( NextInterceptor nextInterceptor, RenameOperationContext opContext )
throws Exception
{
- if ( enabled )
+ if ( !opContext.getSession().getDirectoryService().isAccessControlEnabled() )
{
protectDnAlterations( opContext.getDn() );
}
@@ -362,7 +348,7 @@
public void move( NextInterceptor nextInterceptor, MoveOperationContext opContext ) throws Exception
{
- if ( enabled )
+ if ( !opContext.getSession().getDirectoryService().isAccessControlEnabled() )
{
protectDnAlterations( opContext.getDn() );
}
@@ -373,7 +359,7 @@
public void moveAndRename( NextInterceptor nextInterceptor, MoveAndRenameOperationContext opContext ) throws Exception
{
- if ( enabled )
+ if ( !opContext.getSession().getDirectoryService().isAccessControlEnabled() )
{
protectDnAlterations( opContext.getDn() );
}
@@ -402,19 +388,19 @@
if ( isTheAdministrator( dn ) )
{
- String msg = "User '" + principalDn.getUpName();
+ String msg = "User '" + principalDn.getName();
msg += "' does not have permission to move or rename the admin";
msg += " account. No one not even the admin can move or";
- msg += " rename " + dn.getUpName() + "!";
+ msg += " rename " + dn.getName() + "!";
LOG.error( msg );
throw new LdapNoPermissionException( msg );
}
if ( dn.size() > 2 && dn.startsWith( USER_BASE_DN ) && !isAnAdministrator( principalDn ) )
{
- String msg = "User '" + principalDn.getUpName();
+ String msg = "User '" + principalDn.getName();
msg += "' does not have permission to move or rename the user";
- msg += " account: " + dn.getUpName() + ". Only the admin can move or";
+ msg += " account: " + dn.getName() + ". Only the admin can move or";
msg += " rename user accounts.";
LOG.error( msg );
throw new LdapNoPermissionException( msg );
@@ -422,9 +408,9 @@
if ( dn.size() > 2 && dn.startsWith( GROUP_BASE_DN ) && !isAnAdministrator( principalDn ) )
{
- String msg = "User " + principalDn.getUpName();
+ String msg = "User " + principalDn.getName();
msg += " does not have permission to move or rename the group entry ";
- msg += dn.getUpName() + ".\nGroups can only be moved or renamed by the admin.";
+ msg += dn.getName() + ".\nGroups can only be moved or renamed by the admin.";
throw new LdapNoPermissionException( msg );
}
}
@@ -434,7 +420,7 @@
{
ClonedServerEntry serverEntry = nextInterceptor.lookup( opContext );
- if ( !enabled || ( serverEntry == null ) )
+ if ( opContext.getSession().getDirectoryService().isAccessControlEnabled() || ( serverEntry == null ) )
{
return serverEntry;
}
@@ -458,8 +444,8 @@
return;
}
- String msg = "Access to user account '" + normalizedDn.getUpName() + "' not permitted";
- msg += " for user '" + principalDn.getUpName() + "'. Only the admin can";
+ String msg = "Access to user account '" + normalizedDn.getName() + "' not permitted";
+ msg += " for user '" + principalDn.getName() + "'. Only the admin can";
msg += " access user account information";
LOG.error( msg );
throw new LdapNoPermissionException( msg );
@@ -473,8 +459,8 @@
return;
}
- String msg = "Access to group '" + normalizedDn.getUpName() + "' not permitted";
- msg += " for user '" + principalDn.getUpName() + "'. Only the admin can";
+ String msg = "Access to group '" + normalizedDn.getName() + "' not permitted";
+ msg += " for user '" + principalDn.getName() + "'. Only the admin can";
msg += " access group information";
LOG.error( msg );
throw new LdapNoPermissionException( msg );
@@ -490,7 +476,7 @@
}
String msg = "Access to admin account not permitted for user '";
- msg += principalDn.getUpName() + "'. Only the admin can";
+ msg += principalDn.getName() + "'. Only the admin can";
msg += " access admin account information";
LOG.error( msg );
throw new LdapNoPermissionException( msg );
@@ -503,7 +489,7 @@
{
EntryFilteringCursor cursor = nextInterceptor.search( opContext );
- if ( !enabled )
+ if ( opContext.getSession().getDirectoryService().isAccessControlEnabled() )
{
return cursor;
}
@@ -522,7 +508,7 @@
{
EntryFilteringCursor cursor = nextInterceptor.list( opContext );
- if ( !enabled )
+ if ( opContext.getSession().getDirectoryService().isAccessControlEnabled() )
{
return cursor;
}
@@ -545,7 +531,7 @@
if ( !dn.isNormalized() )
{
- dn.normalize( normalizerMapping );
+ dn.normalize( opContext.getSession().getDirectoryService().getSchemaManager().getNormalizerMapping() );
}
// Admin users gets full access to all entries
Modified: directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/GroupCache.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/GroupCache.java?rev=896599&r1=896598&r2=896599&view=diff
==============================================================================
--- directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/GroupCache.java (original)
+++ directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/GroupCache.java Wed Jan 6 18:26:43 2010
@@ -20,15 +20,15 @@
package org.apache.directory.server.core.authz;
-import javax.naming.directory.SearchControls;
-import javax.naming.NamingException;
-
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
+import javax.naming.NamingException;
+import javax.naming.directory.SearchControls;
+
import org.apache.directory.server.constants.ServerDNConstants;
import org.apache.directory.server.core.CoreSession;
import org.apache.directory.server.core.entry.ServerAttribute;
@@ -36,8 +36,6 @@
import org.apache.directory.server.core.filtering.EntryFilteringCursor;
import org.apache.directory.server.core.interceptor.context.SearchOperationContext;
import org.apache.directory.server.core.partition.PartitionNexus;
-import org.apache.directory.server.schema.registries.AttributeTypeRegistry;
-import org.apache.directory.server.schema.registries.Registries;
import org.apache.directory.shared.ldap.constants.SchemaConstants;
import org.apache.directory.shared.ldap.entry.EntryAttribute;
import org.apache.directory.shared.ldap.entry.Modification;
@@ -50,6 +48,7 @@
import org.apache.directory.shared.ldap.message.AliasDerefMode;
import org.apache.directory.shared.ldap.name.LdapDN;
import org.apache.directory.shared.ldap.schema.AttributeType;
+import org.apache.directory.shared.ldap.schema.SchemaManager;
import org.apache.directory.shared.ldap.schema.normalizers.OidNormalizer;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -100,13 +99,11 @@
*/
public GroupCache( CoreSession session ) throws Exception
{
- normalizerMap = session.getDirectoryService().getRegistries().getAttributeTypeRegistry().getNormalizerMapping();
+ SchemaManager schemaManager = session.getDirectoryService().getSchemaManager();
+ normalizerMap = schemaManager.getNormalizerMapping();
nexus = session.getDirectoryService().getPartitionNexus();
- AttributeTypeRegistry attributeTypeRegistry = session.getDirectoryService()
- .getRegistries().getAttributeTypeRegistry();
-
- memberAT = attributeTypeRegistry.lookup( SchemaConstants.MEMBER_AT_OID );
- uniqueMemberAT = attributeTypeRegistry.lookup( SchemaConstants.UNIQUE_MEMBER_AT_OID );
+ memberAT = schemaManager.lookupAttributeTypeRegistry( SchemaConstants.MEMBER_AT_OID );
+ uniqueMemberAT = schemaManager.lookupAttributeTypeRegistry( SchemaConstants.UNIQUE_MEMBER_AT_OID );
// stuff for dealing with the admin group
administratorsGroupDn = parseNormalized( ServerDNConstants.ADMINISTRATORS_GROUP_DN );
@@ -138,7 +135,7 @@
for ( String suffix:suffixes )
{
- LdapDN baseDn = new LdapDN( suffix );
+ LdapDN baseDn = new LdapDN( suffix ).normalize( normalizerMap );
SearchControls ctls = new SearchControls();
ctls.setSearchScope( SearchControls.SUBTREE_SCOPE );
@@ -160,7 +157,7 @@
}
else
{
- LOG.warn( "Found group '{}' without any member or uniqueMember attributes", groupDn.getUpName() );
+ LOG.warn( "Found group '{}' without any member or uniqueMember attributes", groupDn.getName() );
}
}
@@ -299,7 +296,7 @@
if ( IS_DEBUG )
{
- LOG.debug( "group cache contents after adding '{}' :\n {}", name.getUpName(), groups );
+ LOG.debug( "group cache contents after adding '{}' :\n {}", name.getName(), groups );
}
}
@@ -324,7 +321,7 @@
if ( IS_DEBUG )
{
- LOG.debug( "group cache contents after deleting '{}' :\n {}", name.getUpName(), groups );
+ LOG.debug( "group cache contents after deleting '{}' :\n {}", name.getName(), groups );
}
}
@@ -376,7 +373,7 @@
* @param entry the group entry being modified
* @throws NamingException if there are problems accessing attribute values
*/
- public void groupModified( LdapDN name, List<Modification> mods, ServerEntry entry, Registries registries )
+ public void groupModified( LdapDN name, List<Modification> mods, ServerEntry entry, SchemaManager schemaManager )
throws NamingException
{
EntryAttribute members = null;
@@ -417,7 +414,7 @@
if ( IS_DEBUG )
{
- LOG.debug( "group cache contents after modifying '{}' :\n {}", name.getUpName(), groups );
+ LOG.debug( "group cache contents after modifying '{}' :\n {}", name.getName(), groups );
}
}
@@ -449,7 +446,7 @@
if ( IS_DEBUG )
{
- LOG.debug( "group cache contents after modifying '{}' :\n {}", name.getUpName(), groups );
+ LOG.debug( "group cache contents after modifying '{}' :\n {}", name.getName(), groups );
}
}
@@ -546,7 +543,7 @@
if ( IS_DEBUG )
{
- LOG.debug( "group cache contents after renaming '{}' :\n{}", oldName.getUpName(), groups );
+ LOG.debug( "group cache contents after renaming '{}' :\n{}", oldName.getName(), groups );
}
return true;
Modified: directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/TupleCache.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/TupleCache.java?rev=896599&r1=896598&r2=896599&view=diff
==============================================================================
--- directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/TupleCache.java (original)
+++ directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/TupleCache.java Wed Jan 6 18:26:43 2010
@@ -20,15 +20,23 @@
package org.apache.directory.server.core.authz;
+import java.text.ParseException;
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+import java.util.Set;
+
+import javax.naming.NamingException;
+import javax.naming.directory.SearchControls;
+
import org.apache.directory.server.core.CoreSession;
import org.apache.directory.server.core.entry.ServerAttribute;
import org.apache.directory.server.core.entry.ServerEntry;
import org.apache.directory.server.core.filtering.EntryFilteringCursor;
import org.apache.directory.server.core.interceptor.context.SearchOperationContext;
import org.apache.directory.server.core.partition.PartitionNexus;
-import org.apache.directory.server.schema.ConcreteNameComponentNormalizer;
-import org.apache.directory.server.schema.registries.AttributeTypeRegistry;
-import org.apache.directory.server.schema.registries.OidRegistry;
import org.apache.directory.shared.ldap.aci.ACIItem;
import org.apache.directory.shared.ldap.aci.ACIItemParser;
import org.apache.directory.shared.ldap.aci.ACITuple;
@@ -45,20 +53,11 @@
import org.apache.directory.shared.ldap.name.LdapDN;
import org.apache.directory.shared.ldap.name.NameComponentNormalizer;
import org.apache.directory.shared.ldap.schema.AttributeType;
-import org.apache.directory.shared.ldap.schema.normalizers.OidNormalizer;
+import org.apache.directory.shared.ldap.schema.SchemaManager;
+import org.apache.directory.shared.ldap.schema.normalizers.ConcreteNameComponentNormalizer;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
-import javax.naming.NamingException;
-import javax.naming.directory.SearchControls;
-import java.text.ParseException;
-import java.util.ArrayList;
-import java.util.Collections;
-import java.util.HashMap;
-import java.util.List;
-import java.util.Map;
-import java.util.Set;
-
/**
* A cache for tuple sets which responds to specific events to perform
@@ -82,14 +81,9 @@
/** a normalizing ACIItem parser */
private final ACIItemParser aciParser;
- /** A starage for the PrescriptiveACI attributeType */
+ /** A storage for the PrescriptiveACI attributeType */
private AttributeType prescriptiveAciAT;
- /**
- * The OIDs normalizer map
- */
- private Map<String, OidNormalizer> normalizerMap;
-
/**
* Creates a ACITuple cache.
@@ -99,23 +93,19 @@
*/
public TupleCache( CoreSession session ) throws Exception
{
- normalizerMap = session.getDirectoryService().getRegistries()
- .getAttributeTypeRegistry().getNormalizerMapping();
+ SchemaManager schemaManager = session.getDirectoryService().getSchemaManager();
this.nexus = session.getDirectoryService().getPartitionNexus();
- AttributeTypeRegistry attributeTypeRegistry = session.getDirectoryService()
- .getRegistries().getAttributeTypeRegistry();
- OidRegistry oidRegistry = session.getDirectoryService().getRegistries().getOidRegistry();
- NameComponentNormalizer ncn = new ConcreteNameComponentNormalizer( attributeTypeRegistry, oidRegistry );
- aciParser = new ACIItemParser( ncn, normalizerMap );
- prescriptiveAciAT = attributeTypeRegistry.lookup( SchemaConstants.PRESCRIPTIVE_ACI_AT );
+ NameComponentNormalizer ncn = new ConcreteNameComponentNormalizer( schemaManager );
+ aciParser = new ACIItemParser( ncn, schemaManager.getNormalizerMapping() );
+ prescriptiveAciAT = schemaManager.lookupAttributeTypeRegistry( SchemaConstants.PRESCRIPTIVE_ACI_AT );
initialize( session );
}
- private LdapDN parseNormalized( String name ) throws NamingException
+ private LdapDN parseNormalized( SchemaManager schemaManager, String name ) throws NamingException
{
LdapDN dn = new LdapDN( name );
- dn.normalize( normalizerMap );
+ dn.normalize( schemaManager.getNormalizerMapping() );
return dn;
}
@@ -129,7 +119,7 @@
for ( String suffix:suffixes )
{
- LdapDN baseDn = parseNormalized( suffix );
+ LdapDN baseDn = parseNormalized( session.getDirectoryService().getSchemaManager(), suffix );
ExprNode filter = new EqualityNode<String>( SchemaConstants.OBJECT_CLASS_AT,
new ClientStringValue( SchemaConstants.ACCESS_CONTROL_SUBENTRY_OC ) );
SearchControls ctls = new SearchControls();
@@ -140,7 +130,8 @@
while ( results.next() )
{
ServerEntry result = results.get();
- LdapDN subentryDn = result.getDn().normalize( normalizerMap );
+ LdapDN subentryDn = result.getDn().normalize( session.getDirectoryService().getSchemaManager().
+ getNormalizerMapping() );
EntryAttribute aci = result.get( prescriptiveAciAT );
if ( aci == null )
Modified: directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/ACDFEngine.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/ACDFEngine.java?rev=896599&r1=896598&r2=896599&view=diff
==============================================================================
--- directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/ACDFEngine.java (original)
+++ directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/ACDFEngine.java Wed Jan 6 18:26:43 2010
@@ -43,15 +43,14 @@
import org.apache.directory.server.core.subtree.SubentryInterceptor;
import org.apache.directory.server.core.subtree.SubtreeEvaluator;
import org.apache.directory.server.core.trigger.TriggerInterceptor;
-import org.apache.directory.server.schema.registries.AttributeTypeRegistry;
-import org.apache.directory.server.schema.registries.OidRegistry;
-import org.apache.directory.server.schema.registries.Registries;
import org.apache.directory.shared.ldap.aci.ACITuple;
import org.apache.directory.shared.ldap.aci.MicroOperation;
import org.apache.directory.shared.ldap.constants.AuthenticationLevel;
import org.apache.directory.shared.ldap.entry.Value;
import org.apache.directory.shared.ldap.exception.LdapNoPermissionException;
import org.apache.directory.shared.ldap.name.LdapDN;
+import org.apache.directory.shared.ldap.schema.SchemaManager;
+import org.apache.directory.shared.ldap.schema.registries.OidRegistry;
/**
@@ -90,15 +89,15 @@
*
* @throws NamingException if failed to initialize internal components
*/
- public ACDFEngine( OidRegistry oidRegistry, AttributeTypeRegistry attrTypeRegistry ) throws NamingException
+ public ACDFEngine( OidRegistry oidRegistry, SchemaManager schemaManager ) throws NamingException
{
- Evaluator entryEvaluator = new ExpressionEvaluator( oidRegistry, attrTypeRegistry );
- SubtreeEvaluator subtreeEvaluator = new SubtreeEvaluator( oidRegistry, attrTypeRegistry );
+ Evaluator entryEvaluator = new ExpressionEvaluator( oidRegistry, schemaManager );
+ SubtreeEvaluator subtreeEvaluator = new SubtreeEvaluator( oidRegistry, schemaManager );
RefinementEvaluator refinementEvaluator = new RefinementEvaluator( new RefinementLeafEvaluator( oidRegistry ) );
filters = new ACITupleFilter[] {
new RelatedUserClassFilter( subtreeEvaluator ),
- new RelatedProtectedItemFilter( refinementEvaluator, entryEvaluator, oidRegistry, attrTypeRegistry ),
+ new RelatedProtectedItemFilter( refinementEvaluator, entryEvaluator, oidRegistry, schemaManager ),
new MaxValueCountFilter(),
new MaxImmSubFilter(),
new RestrictedByFilter(),
@@ -128,7 +127,7 @@
* @throws NamingException if failed to evaluate ACI items
*/
public void checkPermission(
- Registries registries,
+ SchemaManager schemaManager,
OperationContext opContext,
Collection<LdapDN> userGroupNames,
LdapDN username,
@@ -141,7 +140,7 @@
ServerEntry entry,
ServerEntry entryView ) throws Exception
{
- if ( !hasPermission( registries, opContext, userGroupNames, username, authenticationLevel, entryName,
+ if ( !hasPermission( schemaManager, opContext, userGroupNames, username, authenticationLevel, entryName,
attrId, attrValue, microOperations, aciTuples, entry, entryView ) )
{
throw new LdapNoPermissionException();
@@ -186,7 +185,7 @@
* @param entryView in case of a Modify operation, view of the entry being modified as if the modification permitted and completed
*/
public boolean hasPermission(
- Registries registries,
+ SchemaManager schemaManager,
OperationContext opContext,
Collection<LdapDN> userGroupNames,
LdapDN userName,
@@ -229,7 +228,7 @@
for ( ACITupleFilter filter : filters )
{
aciTuples = filter.filter(
- registries,
+ schemaManager,
aciTuples,
scope,
opContext,
Modified: directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/ACITupleFilter.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/ACITupleFilter.java?rev=896599&r1=896598&r2=896599&view=diff
==============================================================================
--- directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/ACITupleFilter.java (original)
+++ directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/ACITupleFilter.java Wed Jan 6 18:26:43 2010
@@ -26,12 +26,12 @@
import org.apache.directory.server.core.entry.ServerEntry;
import org.apache.directory.server.core.interceptor.context.OperationContext;
-import org.apache.directory.server.schema.registries.Registries;
import org.apache.directory.shared.ldap.aci.ACITuple;
import org.apache.directory.shared.ldap.aci.MicroOperation;
import org.apache.directory.shared.ldap.constants.AuthenticationLevel;
import org.apache.directory.shared.ldap.entry.Value;
import org.apache.directory.shared.ldap.name.LdapDN;
+import org.apache.directory.shared.ldap.schema.SchemaManager;
/**
@@ -65,7 +65,7 @@
* @throws NamingException if failed to filter the specific tuples
*/
Collection<ACITuple> filter(
- Registries registries,
+ SchemaManager schemaManager,
Collection<ACITuple> tuples,
OperationScope scope,
OperationContext opContext,
Modified: directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/HighestPrecedenceFilter.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/HighestPrecedenceFilter.java?rev=896599&r1=896598&r2=896599&view=diff
==============================================================================
--- directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/HighestPrecedenceFilter.java (original)
+++ directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/HighestPrecedenceFilter.java Wed Jan 6 18:26:43 2010
@@ -27,12 +27,12 @@
import org.apache.directory.server.core.entry.ServerEntry;
import org.apache.directory.server.core.interceptor.context.OperationContext;
-import org.apache.directory.server.schema.registries.Registries;
import org.apache.directory.shared.ldap.aci.ACITuple;
import org.apache.directory.shared.ldap.aci.MicroOperation;
import org.apache.directory.shared.ldap.constants.AuthenticationLevel;
import org.apache.directory.shared.ldap.entry.Value;
import org.apache.directory.shared.ldap.name.LdapDN;
+import org.apache.directory.shared.ldap.schema.SchemaManager;
/**
@@ -45,7 +45,7 @@
public class HighestPrecedenceFilter implements ACITupleFilter
{
public Collection<ACITuple> filter(
- Registries registries,
+ SchemaManager schemaManager,
Collection<ACITuple> tuples,
OperationScope scope,
OperationContext opContext,
Modified: directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/MaxImmSubFilter.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/MaxImmSubFilter.java?rev=896599&r1=896598&r2=896599&view=diff
==============================================================================
--- directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/MaxImmSubFilter.java (original)
+++ directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/MaxImmSubFilter.java Wed Jan 6 18:26:43 2010
@@ -20,13 +20,13 @@
package org.apache.directory.server.core.authz.support;
-import javax.naming.directory.SearchControls;
-
import java.util.Collection;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
+import javax.naming.directory.SearchControls;
+
import org.apache.directory.server.core.authn.AuthenticationInterceptor;
import org.apache.directory.server.core.authz.AciAuthorizationInterceptor;
import org.apache.directory.server.core.authz.DefaultAuthorizationInterceptor;
@@ -39,7 +39,6 @@
import org.apache.directory.server.core.operational.OperationalAttributeInterceptor;
import org.apache.directory.server.core.schema.SchemaInterceptor;
import org.apache.directory.server.core.subtree.SubentryInterceptor;
-import org.apache.directory.server.schema.registries.Registries;
import org.apache.directory.shared.ldap.aci.ACITuple;
import org.apache.directory.shared.ldap.aci.MicroOperation;
import org.apache.directory.shared.ldap.aci.ProtectedItem;
@@ -50,6 +49,7 @@
import org.apache.directory.shared.ldap.filter.PresenceNode;
import org.apache.directory.shared.ldap.message.AliasDerefMode;
import org.apache.directory.shared.ldap.name.LdapDN;
+import org.apache.directory.shared.ldap.schema.SchemaManager;
@@ -75,7 +75,7 @@
public Collection<ACITuple> filter(
- Registries registries,
+ SchemaManager schemaManager,
Collection<ACITuple> tuples,
OperationScope scope,
OperationContext opContext,
@@ -122,7 +122,7 @@
{
if ( immSubCount < 0 )
{
- immSubCount = getImmSubCount( registries, opContext, entryName );
+ immSubCount = getImmSubCount( schemaManager, opContext, entryName );
}
ProtectedItem.MaxImmSub mis = ( ProtectedItem.MaxImmSub ) item;
@@ -154,7 +154,7 @@
}
- private int getImmSubCount( Registries registries, OperationContext opContext, LdapDN entryName ) throws Exception
+ private int getImmSubCount( SchemaManager schemaManager, OperationContext opContext, LdapDN entryName ) throws Exception
{
int cnt = 0;
EntryFilteringCursor results = null;
Modified: directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/MaxValueCountFilter.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/MaxValueCountFilter.java?rev=896599&r1=896598&r2=896599&view=diff
==============================================================================
--- directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/MaxValueCountFilter.java (original)
+++ directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/MaxValueCountFilter.java Wed Jan 6 18:26:43 2010
@@ -27,7 +27,6 @@
import org.apache.directory.server.core.entry.ServerEntry;
import org.apache.directory.server.core.interceptor.context.OperationContext;
-import org.apache.directory.server.schema.registries.Registries;
import org.apache.directory.shared.ldap.aci.ACITuple;
import org.apache.directory.shared.ldap.aci.MicroOperation;
import org.apache.directory.shared.ldap.aci.ProtectedItem;
@@ -36,6 +35,7 @@
import org.apache.directory.shared.ldap.entry.EntryAttribute;
import org.apache.directory.shared.ldap.entry.Value;
import org.apache.directory.shared.ldap.name.LdapDN;
+import org.apache.directory.shared.ldap.schema.SchemaManager;
/**
@@ -48,7 +48,7 @@
public class MaxValueCountFilter implements ACITupleFilter
{
public Collection<ACITuple> filter(
- Registries registries,
+ SchemaManager schemaManager,
Collection<ACITuple> tuples,
OperationScope scope,
OperationContext opContext,
Modified: directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/MicroOperationFilter.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/MicroOperationFilter.java?rev=896599&r1=896598&r2=896599&view=diff
==============================================================================
--- directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/MicroOperationFilter.java (original)
+++ directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/MicroOperationFilter.java Wed Jan 6 18:26:43 2010
@@ -20,19 +20,19 @@
package org.apache.directory.server.core.authz.support;
-import java.util.Collection;
+import java.util.Collection;
import java.util.Iterator;
import javax.naming.NamingException;
import org.apache.directory.server.core.entry.ServerEntry;
import org.apache.directory.server.core.interceptor.context.OperationContext;
-import org.apache.directory.server.schema.registries.Registries;
import org.apache.directory.shared.ldap.aci.ACITuple;
import org.apache.directory.shared.ldap.aci.MicroOperation;
import org.apache.directory.shared.ldap.constants.AuthenticationLevel;
import org.apache.directory.shared.ldap.entry.Value;
import org.apache.directory.shared.ldap.name.LdapDN;
+import org.apache.directory.shared.ldap.schema.SchemaManager;
/**
@@ -46,7 +46,7 @@
public class MicroOperationFilter implements ACITupleFilter
{
public Collection<ACITuple> filter(
- Registries registries,
+ SchemaManager schemaManager,
Collection<ACITuple> tuples,
OperationScope scope,
OperationContext opContext,
Modified: directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/MostSpecificProtectedItemFilter.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/MostSpecificProtectedItemFilter.java?rev=896599&r1=896598&r2=896599&view=diff
==============================================================================
--- directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/MostSpecificProtectedItemFilter.java (original)
+++ directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/MostSpecificProtectedItemFilter.java Wed Jan 6 18:26:43 2010
@@ -27,13 +27,13 @@
import org.apache.directory.server.core.entry.ServerEntry;
import org.apache.directory.server.core.interceptor.context.OperationContext;
-import org.apache.directory.server.schema.registries.Registries;
import org.apache.directory.shared.ldap.aci.ACITuple;
import org.apache.directory.shared.ldap.aci.MicroOperation;
import org.apache.directory.shared.ldap.aci.ProtectedItem;
import org.apache.directory.shared.ldap.constants.AuthenticationLevel;
import org.apache.directory.shared.ldap.entry.Value;
import org.apache.directory.shared.ldap.name.LdapDN;
+import org.apache.directory.shared.ldap.schema.SchemaManager;
/**
@@ -54,7 +54,7 @@
public class MostSpecificProtectedItemFilter implements ACITupleFilter
{
public Collection<ACITuple> filter(
- Registries registries,
+ SchemaManager schemaManager,
Collection<ACITuple> tuples,
OperationScope scope,
OperationContext opContext,
Modified: directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/MostSpecificUserClassFilter.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/MostSpecificUserClassFilter.java?rev=896599&r1=896598&r2=896599&view=diff
==============================================================================
--- directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/MostSpecificUserClassFilter.java (original)
+++ directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/MostSpecificUserClassFilter.java Wed Jan 6 18:26:43 2010
@@ -27,13 +27,13 @@
import org.apache.directory.server.core.entry.ServerEntry;
import org.apache.directory.server.core.interceptor.context.OperationContext;
-import org.apache.directory.server.schema.registries.Registries;
import org.apache.directory.shared.ldap.aci.ACITuple;
import org.apache.directory.shared.ldap.aci.MicroOperation;
import org.apache.directory.shared.ldap.aci.UserClass;
import org.apache.directory.shared.ldap.constants.AuthenticationLevel;
import org.apache.directory.shared.ldap.entry.Value;
import org.apache.directory.shared.ldap.name.LdapDN;
+import org.apache.directory.shared.ldap.schema.SchemaManager;
/**
@@ -52,7 +52,7 @@
public class MostSpecificUserClassFilter implements ACITupleFilter
{
public Collection<ACITuple> filter(
- Registries registries,
+ SchemaManager schemaManager,
Collection<ACITuple> tuples,
OperationScope scope,
OperationContext opContext,
Modified: directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/RelatedProtectedItemFilter.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/RelatedProtectedItemFilter.java?rev=896599&r1=896598&r2=896599&view=diff
==============================================================================
--- directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/RelatedProtectedItemFilter.java (original)
+++ directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/RelatedProtectedItemFilter.java Wed Jan 6 18:26:43 2010
@@ -30,9 +30,6 @@
import org.apache.directory.server.core.event.Evaluator;
import org.apache.directory.server.core.interceptor.context.OperationContext;
import org.apache.directory.server.core.subtree.RefinementEvaluator;
-import org.apache.directory.server.schema.registries.AttributeTypeRegistry;
-import org.apache.directory.server.schema.registries.OidRegistry;
-import org.apache.directory.server.schema.registries.Registries;
import org.apache.directory.shared.ldap.aci.ACITuple;
import org.apache.directory.shared.ldap.aci.MicroOperation;
import org.apache.directory.shared.ldap.aci.ProtectedItem;
@@ -44,6 +41,8 @@
import org.apache.directory.shared.ldap.entry.Value;
import org.apache.directory.shared.ldap.name.LdapDN;
import org.apache.directory.shared.ldap.schema.AttributeType;
+import org.apache.directory.shared.ldap.schema.SchemaManager;
+import org.apache.directory.shared.ldap.schema.registries.OidRegistry;
import org.apache.directory.shared.ldap.util.AttributeUtils;
@@ -58,22 +57,20 @@
{
private final RefinementEvaluator refinementEvaluator;
private final Evaluator entryEvaluator;
- private final OidRegistry oidRegistry;
- private final AttributeTypeRegistry attrRegistry;
+ private final SchemaManager schemaManager;
public RelatedProtectedItemFilter( RefinementEvaluator refinementEvaluator, Evaluator entryEvaluator,
- OidRegistry oidRegistry, AttributeTypeRegistry attrRegistry )
+ OidRegistry oidRegistry, SchemaManager schemaManager )
{
this.refinementEvaluator = refinementEvaluator;
this.entryEvaluator = entryEvaluator;
- this.oidRegistry = oidRegistry;
- this.attrRegistry = attrRegistry;
+ this.schemaManager = schemaManager;
}
public Collection<ACITuple> filter(
- Registries registries,
+ SchemaManager schemaManager,
Collection<ACITuple> tuples,
OperationScope scope,
OperationContext opContext,
@@ -115,7 +112,7 @@
if ( attrId != null )
{
- oid = oidRegistry.getOid( attrId );
+ oid = schemaManager.getAttributeTypeRegistry().getOidByName( attrId );
}
for ( ProtectedItem item : tuple.getProtectedItems() )
@@ -153,9 +150,10 @@
}
ProtectedItem.AllAttributeValues aav = ( ProtectedItem.AllAttributeValues ) item;
+
for ( Iterator<String> j = aav.iterator(); j.hasNext(); )
{
- if ( oid.equals( oidRegistry.getOid( j.next() ) ) )
+ if ( oid.equals( schemaManager.getAttributeTypeRegistry().getOidByName( j.next() ) ) )
{
return true;
}
@@ -169,9 +167,10 @@
}
ProtectedItem.AttributeType at = ( ProtectedItem.AttributeType ) item;
+
for ( Iterator<String> j = at.iterator(); j.hasNext(); )
{
- if ( oid.equals( oidRegistry.getOid( j.next() ) ) )
+ if ( oid.equals( schemaManager.getAttributeTypeRegistry().getOidByName( j.next() ) ) )
{
return true;
}
@@ -188,8 +187,8 @@
for ( Iterator<Attribute> j = av.iterator(); j.hasNext(); )
{
Attribute attr = j.next();
- String attrOid = oidRegistry.getOid( attr.getID() );
- AttributeType attrType = attrRegistry.lookup( attrOid );
+ String attrOid = schemaManager.getAttributeTypeRegistry().getOidByName( attr.getID() );
+ AttributeType attrType = schemaManager.lookupAttributeTypeRegistry( attrOid );
if ( oid.equals( attrOid ) && AttributeUtils.containsValue( attr, attrValue, attrType ) )
{
@@ -220,7 +219,8 @@
for ( Iterator<MaxValueCountItem> j = mvc.iterator(); j.hasNext(); )
{
MaxValueCountItem mvcItem = j.next();
- if ( oid.equals( oidRegistry.getOid( mvcItem.getAttributeType() ) ) )
+
+ if ( oid.equals( schemaManager.getAttributeTypeRegistry().getOidByName( mvcItem.getAttributeType() ) ) )
{
return true;
}
@@ -246,7 +246,7 @@
for ( Iterator<RestrictedByItem> j = rb.iterator(); j.hasNext(); )
{
RestrictedByItem rbItem = j.next();
- if ( oid.equals( oidRegistry.getOid( rbItem.getAttributeType() ) ) )
+ if ( oid.equals( schemaManager.getAttributeTypeRegistry().getOidByName( rbItem.getAttributeType() ) ) )
{
return true;
}
@@ -263,13 +263,14 @@
for ( Iterator<String> j = sv.iterator(); j.hasNext(); )
{
String svItem = j.next();
- if ( oid.equals( oidRegistry.getOid( svItem ) ) )
+
+ if ( oid.equals( schemaManager.getAttributeTypeRegistry().getOidByName( svItem ) ) )
{
EntryAttribute attr = entry.get( oid );
if ( ( attr != null ) &&
( ( attr.contains( userName.toNormName() ) ||
- ( attr.contains( userName.getUpName() ) ) ) ) )
+ ( attr.contains( userName.getName() ) ) ) ) )
{
return true;
}
Modified: directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/RelatedUserClassFilter.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/RelatedUserClassFilter.java?rev=896599&r1=896598&r2=896599&view=diff
==============================================================================
--- directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/RelatedUserClassFilter.java (original)
+++ directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/RelatedUserClassFilter.java Wed Jan 6 18:26:43 2010
@@ -28,13 +28,13 @@
import org.apache.directory.server.core.entry.ServerEntry;
import org.apache.directory.server.core.interceptor.context.OperationContext;
import org.apache.directory.server.core.subtree.SubtreeEvaluator;
-import org.apache.directory.server.schema.registries.Registries;
import org.apache.directory.shared.ldap.aci.ACITuple;
import org.apache.directory.shared.ldap.aci.MicroOperation;
import org.apache.directory.shared.ldap.aci.UserClass;
import org.apache.directory.shared.ldap.constants.AuthenticationLevel;
import org.apache.directory.shared.ldap.entry.Value;
import org.apache.directory.shared.ldap.name.LdapDN;
+import org.apache.directory.shared.ldap.schema.SchemaManager;
import org.apache.directory.shared.ldap.subtree.SubtreeSpecification;
@@ -59,7 +59,7 @@
public Collection<ACITuple> filter(
- Registries registries,
+ SchemaManager schemaManager,
Collection<ACITuple> tuples,
OperationScope scope,
OperationContext opContext,
Modified: directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/RestrictedByFilter.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/RestrictedByFilter.java?rev=896599&r1=896598&r2=896599&view=diff
==============================================================================
--- directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/RestrictedByFilter.java (original)
+++ directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/RestrictedByFilter.java Wed Jan 6 18:26:43 2010
@@ -27,7 +27,6 @@
import org.apache.directory.server.core.entry.ServerEntry;
import org.apache.directory.server.core.interceptor.context.OperationContext;
-import org.apache.directory.server.schema.registries.Registries;
import org.apache.directory.shared.ldap.aci.ACITuple;
import org.apache.directory.shared.ldap.aci.MicroOperation;
import org.apache.directory.shared.ldap.aci.ProtectedItem;
@@ -36,6 +35,7 @@
import org.apache.directory.shared.ldap.entry.EntryAttribute;
import org.apache.directory.shared.ldap.entry.Value;
import org.apache.directory.shared.ldap.name.LdapDN;
+import org.apache.directory.shared.ldap.schema.SchemaManager;
/**
@@ -48,7 +48,7 @@
public class RestrictedByFilter implements ACITupleFilter
{
public Collection<ACITuple> filter(
- Registries registries,
+ SchemaManager schemaManager,
Collection<ACITuple> tuples,
OperationScope scope,
OperationContext opContext,
Modified: directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/changelog/ChangeLogInterceptor.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/changelog/ChangeLogInterceptor.java?rev=896599&r1=896598&r2=896599&view=diff
==============================================================================
--- directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/changelog/ChangeLogInterceptor.java (original)
+++ directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/changelog/ChangeLogInterceptor.java Wed Jan 6 18:26:43 2010
@@ -94,8 +94,8 @@
changeLog = directoryService.getChangeLog();
schemaService = directoryService.getSchemaService();
- entryDeleted = directoryService.getRegistries().getAttributeTypeRegistry()
- .lookup( ApacheSchemaConstants.ENTRY_DELETED_AT_OID );
+ entryDeleted = directoryService.getSchemaManager()
+ .lookupAttributeTypeRegistry( ApacheSchemaConstants.ENTRY_DELETED_AT_OID );
}
@@ -221,7 +221,16 @@
// @todo make sure we're not putting in operational attributes that cannot be user modified
serverEntry = getAttributes( opContext );
}
+
+ // Duplicate modifications so that the reverse does not contain the operational attributes
+ List<Modification> clonedMods = new ArrayList<Modification>();
+
+ for ( Modification mod : opContext.getModItems() )
+ {
+ clonedMods.add( mod.clone() );
+ }
+ // Call the next interceptor
next.modify( opContext );
// @TODO: needs big consideration!!!
@@ -249,9 +258,9 @@
forward.setChangeType( ChangeType.Modify );
forward.setDn( opContext.getDn() );
- List<Modification> mods = new ArrayList<Modification>( opContext.getModItems().size() );
+ List<Modification> mods = new ArrayList<Modification>( clonedMods.size() );
- for ( Modification modItem : opContext.getModItems() )
+ for ( Modification modItem : clonedMods )
{
Modification mod = ((ServerModification)modItem).toClientModification();
@@ -287,13 +296,15 @@
{
ServerEntry serverEntry = null;
- if ( changeLog.isEnabled() && renameContext.isFirstOperation() )
+ if ( renameContext.getEntry() != null )
{
- // @todo make sure we're not putting in operational attributes that cannot be user modified
- serverEntry = getAttributes( renameContext );
+ serverEntry = renameContext.getEntry().getOriginalEntry();
}
-
+
next.rename( renameContext );
+
+ // After this point, the entry has been modified. The cloned entry contains
+ // the modified entry, the originalEntry has changed
if ( ! changeLog.isEnabled() || ! renameContext.isFirstOperation() )
{
@@ -336,7 +347,7 @@
forward.setDn( opCtx.getDn() );
forward.setDeleteOldRdn( opCtx.getDelOldDn() );
forward.setNewRdn( opCtx.getNewRdn().getUpName() );
- forward.setNewSuperior( opCtx.getParent().getUpName() );
+ forward.setNewSuperior( opCtx.getParent().getName() );
List<LdifEntry> reverses = LdifRevertor.reverseMoveAndRename(
serverEntry, opCtx.getParent(), new Rdn( opCtx.getNewRdn() ), false );
@@ -356,7 +367,7 @@
LdifEntry forward = new LdifEntry();
forward.setChangeType( ChangeType.ModDn );
forward.setDn( opCtx.getDn() );
- forward.setNewSuperior( opCtx.getParent().getUpName() );
+ forward.setNewSuperior( opCtx.getParent().getName() );
LdifEntry reverse = LdifRevertor.reverseMove( opCtx.getParent(), opCtx.getDn() );
opCtx.setChangeLogEvent( changeLog.log( getPrincipal(), forward, reverse ) );
Modified: directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/changelog/DefaultChangeLog.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/changelog/DefaultChangeLog.java?rev=896599&r1=896598&r2=896599&view=diff
==============================================================================
--- directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/changelog/DefaultChangeLog.java (original)
+++ directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/changelog/DefaultChangeLog.java Wed Jan 6 18:26:43 2010
@@ -22,7 +22,7 @@
import java.util.List;
import org.apache.directory.server.core.DirectoryService;
-import org.apache.directory.server.core.authn.LdapPrincipal;
+import org.apache.directory.server.core.LdapPrincipal;
import org.apache.directory.server.core.partition.Partition;
import org.apache.directory.shared.ldap.ldif.LdifEntry;
import org.slf4j.Logger;
@@ -312,7 +312,7 @@
tmp.createPartition( partitionSuffix, revContainerName, tagContainerName );
Partition partition = tmp.getPartition();
- partition.init( service );
+ partition.initialize( );
service.addPartition( partition );
}
Modified: directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/changelog/MemoryChangeLogStore.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/changelog/MemoryChangeLogStore.java?rev=896599&r1=896598&r2=896599&view=diff
==============================================================================
--- directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/changelog/MemoryChangeLogStore.java (original)
+++ directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/changelog/MemoryChangeLogStore.java Wed Jan 6 18:26:43 2010
@@ -36,7 +36,7 @@
import java.util.Properties;
import org.apache.directory.server.core.DirectoryService;
-import org.apache.directory.server.core.authn.LdapPrincipal;
+import org.apache.directory.server.core.LdapPrincipal;
import org.apache.directory.shared.ldap.cursor.Cursor;
import org.apache.directory.shared.ldap.cursor.ListCursor;
import org.apache.directory.shared.ldap.ldif.LdifEntry;