You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@knox.apache.org by co...@apache.org on 2017/10/26 12:13:01 UTC
[1/2] knox git commit: KNOX-1088 - Remove LDAP BaseDirectoryService*
Repository: knox
Updated Branches:
refs/heads/master 994ac325d -> 41952dd33
http://git-wip-us.apache.org/repos/asf/knox/blob/41952dd3/gateway-demo-ldap/src/main/java/org/apache/hadoop/gateway/security/ldap/SimpleLdapDirectoryServer.java
----------------------------------------------------------------------
diff --git a/gateway-demo-ldap/src/main/java/org/apache/hadoop/gateway/security/ldap/SimpleLdapDirectoryServer.java b/gateway-demo-ldap/src/main/java/org/apache/hadoop/gateway/security/ldap/SimpleLdapDirectoryServer.java
index 12fe30d..b1685a1 100644
--- a/gateway-demo-ldap/src/main/java/org/apache/hadoop/gateway/security/ldap/SimpleLdapDirectoryServer.java
+++ b/gateway-demo-ldap/src/main/java/org/apache/hadoop/gateway/security/ldap/SimpleLdapDirectoryServer.java
@@ -25,12 +25,17 @@ import org.apache.directory.api.ldap.model.name.Dn;
import org.apache.directory.server.core.api.CoreSession;
import org.apache.directory.server.core.api.DirectoryService;
import org.apache.directory.server.core.api.partition.Partition;
+import org.apache.directory.server.core.factory.DefaultDirectoryServiceFactory;
import org.apache.directory.server.core.factory.DirectoryServiceFactory;
+import org.apache.directory.server.core.factory.JdbmPartitionFactory;
+import org.apache.directory.server.core.factory.PartitionFactory;
import org.apache.directory.server.ldap.LdapServer;
import org.apache.directory.server.protocol.shared.store.LdifFileLoader;
import org.apache.directory.server.protocol.shared.transport.TcpTransport;
import org.apache.directory.server.protocol.shared.transport.Transport;
import org.apache.log4j.PropertyConfigurator;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
import java.io.File;
import java.io.FileNotFoundException;
@@ -39,6 +44,8 @@ import java.util.UUID;
public class SimpleLdapDirectoryServer {
+ private static final Logger LOG = LoggerFactory.getLogger(SimpleLdapDirectoryServer.class);
+
private DirectoryServiceFactory factory;
private DirectoryService service;
@@ -50,7 +57,36 @@ public class SimpleLdapDirectoryServer {
throw new FileNotFoundException( usersLdif.getAbsolutePath() );
}
- factory = new SimpleDirectoryServiceFactory();
+ DirectoryService directoryService = null;
+ try {
+ // creating the instance here so that
+ // we we can set some properties like accesscontrol, anon access
+ // before starting up the service
+ directoryService = new SimpleDirectoryService();
+
+ // no need to register a shutdown hook during tests because this
+ // starts a lot of threads and slows down test execution
+ directoryService.setShutdownHookEnabled( false );
+ } catch ( Exception e ) {
+ throw new RuntimeException( e );
+ }
+
+ PartitionFactory partitionFactory = null;
+ try {
+ String typeName = System.getProperty( "apacheds.partition.factory" );
+
+ if ( typeName != null ) {
+ Class<? extends PartitionFactory> type = ( Class<? extends PartitionFactory> ) Class.forName( typeName );
+ partitionFactory = type.newInstance();
+ } else {
+ partitionFactory = new JdbmPartitionFactory();
+ }
+ } catch ( Exception e ) {
+ LOG.error( "Error instantiating custom partiton factory", e );
+ throw new RuntimeException( e );
+ }
+
+ factory = new DefaultDirectoryServiceFactory( directoryService, partitionFactory );
factory.init( UUID.randomUUID().toString() );
service = factory.getDirectoryService();
http://git-wip-us.apache.org/repos/asf/knox/blob/41952dd3/gateway-demo-ldap/src/test/java/org/apache/hadoop/gateway/security/ldap/SimpleLdapServerTest.java
----------------------------------------------------------------------
diff --git a/gateway-demo-ldap/src/test/java/org/apache/hadoop/gateway/security/ldap/SimpleLdapServerTest.java b/gateway-demo-ldap/src/test/java/org/apache/hadoop/gateway/security/ldap/SimpleLdapServerTest.java
index 33a367e..7d73219 100644
--- a/gateway-demo-ldap/src/test/java/org/apache/hadoop/gateway/security/ldap/SimpleLdapServerTest.java
+++ b/gateway-demo-ldap/src/test/java/org/apache/hadoop/gateway/security/ldap/SimpleLdapServerTest.java
@@ -23,14 +23,12 @@ import org.apache.directory.api.ldap.model.exception.LdapException;
import org.apache.directory.ldap.client.api.LdapConnection;
import org.apache.directory.ldap.client.api.LdapNetworkConnection;
import org.apache.directory.server.protocol.shared.transport.TcpTransport;
-import org.apache.directory.server.protocol.shared.transport.Transport;
import org.junit.AfterClass;
import org.junit.BeforeClass;
import org.junit.Test;
import java.io.File;
import java.io.IOException;
-import java.net.ServerSocket;
import static org.junit.Assert.fail;
http://git-wip-us.apache.org/repos/asf/knox/blob/41952dd3/gateway-test-release/pom.xml
----------------------------------------------------------------------
diff --git a/gateway-test-release/pom.xml b/gateway-test-release/pom.xml
index 3d4cbc5..81ccbe1 100644
--- a/gateway-test-release/pom.xml
+++ b/gateway-test-release/pom.xml
@@ -128,17 +128,6 @@
</dependency>
<dependency>
<groupId>org.apache.directory.server</groupId>
- <artifactId>apacheds-core-integ</artifactId>
- <version>${apacheds-version}</version>
- <exclusions>
- <exclusion>
- <groupId>org.apache.directory.api</groupId>
- <artifactId>api-ldap-schema-data</artifactId>
- </exclusion>
- </exclusions>
- </dependency>
- <dependency>
- <groupId>org.apache.directory.server</groupId>
<artifactId>apacheds-all</artifactId>
<exclusions>
<exclusion>
http://git-wip-us.apache.org/repos/asf/knox/blob/41952dd3/gateway-test/pom.xml
----------------------------------------------------------------------
diff --git a/gateway-test/pom.xml b/gateway-test/pom.xml
index 24e894b..f8576e6 100644
--- a/gateway-test/pom.xml
+++ b/gateway-test/pom.xml
@@ -109,20 +109,6 @@
<scope>test</scope>
</dependency>
- <!--
- <dependency>
- <groupId>org.apache.directory.server</groupId>
- <artifactId>apacheds-all</artifactId>
- <scope>test</scope>
- <exclusions>
- <exclusion>
- <groupId>org.apache.directory.shared</groupId>
- <artifactId>shared-ldap-schema</artifactId>
- </exclusion>
- </exclusions>
- </dependency>
- -->
-
<dependency>
<groupId>org.apache.velocity</groupId>
<artifactId>velocity</artifactId>
[2/2] knox git commit: KNOX-1088 - Remove LDAP BaseDirectoryService*
Posted by co...@apache.org.
KNOX-1088 - Remove LDAP BaseDirectoryService*
Project: http://git-wip-us.apache.org/repos/asf/knox/repo
Commit: http://git-wip-us.apache.org/repos/asf/knox/commit/41952dd3
Tree: http://git-wip-us.apache.org/repos/asf/knox/tree/41952dd3
Diff: http://git-wip-us.apache.org/repos/asf/knox/diff/41952dd3
Branch: refs/heads/master
Commit: 41952dd3344e2c83e35109bc778623017bc0ab73
Parents: 994ac32
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Wed Oct 25 15:42:21 2017 +0100
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Thu Oct 26 13:02:34 2017 +0100
----------------------------------------------------------------------
gateway-demo-ldap/pom.xml | 36 +-
.../security/ldap/BaseDirectoryService.java | 2323 ------------------
.../ldap/BaseDirectoryServiceFactory.java | 290 ---
.../security/ldap/SimpleDirectoryService.java | 6 +-
.../ldap/SimpleDirectoryServiceFactory.java | 34 -
.../ldap/SimpleLdapDirectoryServer.java | 38 +-
.../security/ldap/SimpleLdapServerTest.java | 2 -
gateway-test-release/pom.xml | 11 -
gateway-test/pom.xml | 14 -
9 files changed, 43 insertions(+), 2711 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/knox/blob/41952dd3/gateway-demo-ldap/pom.xml
----------------------------------------------------------------------
diff --git a/gateway-demo-ldap/pom.xml b/gateway-demo-ldap/pom.xml
index a1ddba5..55ab2b8 100644
--- a/gateway-demo-ldap/pom.xml
+++ b/gateway-demo-ldap/pom.xml
@@ -107,26 +107,6 @@
<dependencies>
- <!--
- <dependency>
- <groupId>org.apache.directory.server</groupId>
- <artifactId>apacheds-server-integ</artifactId>
- </dependency>
- <dependency>
- <groupId>org.apache.directory.server</groupId>
- <artifactId>apacheds-core-entry</artifactId>
- </dependency>
- <dependency>
- <groupId>org.apache.directory.shared</groupId>
- <artifactId>shared-ldap</artifactId>
- </dependency>
- -->
- <!--
- <dependency>
- <groupId>org.apache.directory.server</groupId>
- <artifactId>apacheds-jdbm</artifactId>
- </dependency>
- -->
<dependency>
<groupId>org.apache.directory.server</groupId>
<artifactId>apacheds-all</artifactId>
@@ -148,20 +128,6 @@
<artifactId>slf4j-log4j12</artifactId>
</dependency>
- <!--
- <dependency>
- <groupId>org.apache.directory.server</groupId>
- <artifactId>apacheds-all</artifactId>
- <version>1.5.5</version>
- <exclusions>
- <exclusion>
- <groupId>org.apache.directory.shared</groupId>
- <artifactId>shared-ldap-schema</artifactId>
- </exclusion>
- </exclusions>
- </dependency>
- -->
-
<dependency>
<groupId>junit</groupId>
<artifactId>junit</artifactId>
@@ -176,4 +142,4 @@
</dependencies>
-</project>
\ No newline at end of file
+</project>
http://git-wip-us.apache.org/repos/asf/knox/blob/41952dd3/gateway-demo-ldap/src/main/java/org/apache/hadoop/gateway/security/ldap/BaseDirectoryService.java
----------------------------------------------------------------------
diff --git a/gateway-demo-ldap/src/main/java/org/apache/hadoop/gateway/security/ldap/BaseDirectoryService.java b/gateway-demo-ldap/src/main/java/org/apache/hadoop/gateway/security/ldap/BaseDirectoryService.java
deleted file mode 100644
index b519f4b..0000000
--- a/gateway-demo-ldap/src/main/java/org/apache/hadoop/gateway/security/ldap/BaseDirectoryService.java
+++ /dev/null
@@ -1,2323 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- *
- */
-package org.apache.hadoop.gateway.security.ldap;
-
-
-import org.apache.directory.api.ldap.codec.api.LdapApiService;
-import org.apache.directory.api.ldap.codec.api.LdapApiServiceFactory;
-import org.apache.directory.api.ldap.model.constants.AuthenticationLevel;
-import org.apache.directory.api.ldap.model.constants.SchemaConstants;
-import org.apache.directory.api.ldap.model.csn.Csn;
-import org.apache.directory.api.ldap.model.csn.CsnFactory;
-import org.apache.directory.api.ldap.model.cursor.Cursor;
-import org.apache.directory.api.ldap.model.entry.Attribute;
-import org.apache.directory.api.ldap.model.entry.DefaultEntry;
-import org.apache.directory.api.ldap.model.entry.Entry;
-import org.apache.directory.api.ldap.model.entry.Modification;
-import org.apache.directory.api.ldap.model.entry.Value;
-import org.apache.directory.api.ldap.model.exception.LdapException;
-import org.apache.directory.api.ldap.model.exception.LdapNoPermissionException;
-import org.apache.directory.api.ldap.model.exception.LdapOperationException;
-import org.apache.directory.api.ldap.model.ldif.ChangeType;
-import org.apache.directory.api.ldap.model.ldif.LdifEntry;
-import org.apache.directory.api.ldap.model.ldif.LdifReader;
-import org.apache.directory.api.ldap.model.name.Dn;
-import org.apache.directory.api.ldap.model.name.DnUtils;
-import org.apache.directory.api.ldap.model.name.Rdn;
-import org.apache.directory.api.ldap.model.schema.SchemaManager;
-import org.apache.directory.api.ldap.util.tree.DnNode;
-import org.apache.directory.api.util.DateUtils;
-import org.apache.directory.api.util.Strings;
-import org.apache.directory.api.util.exception.NotImplementedException;
-import org.apache.directory.server.constants.ServerDNConstants;
-import org.apache.directory.server.core.DefaultOperationManager;
-import org.apache.directory.server.core.admin.AdministrativePointInterceptor;
-import org.apache.directory.server.core.api.*;
-import org.apache.directory.server.core.api.administrative.AccessControlAdministrativePoint;
-import org.apache.directory.server.core.api.administrative.CollectiveAttributeAdministrativePoint;
-import org.apache.directory.server.core.api.administrative.SubschemaAdministrativePoint;
-import org.apache.directory.server.core.api.administrative.TriggerExecutionAdministrativePoint;
-import org.apache.directory.server.core.api.changelog.ChangeLog;
-import org.apache.directory.server.core.api.changelog.ChangeLogEvent;
-import org.apache.directory.server.core.api.changelog.Tag;
-import org.apache.directory.server.core.api.changelog.TaggableSearchableChangeLogStore;
-import org.apache.directory.server.core.api.event.EventService;
-import org.apache.directory.server.core.api.interceptor.BaseInterceptor;
-import org.apache.directory.server.core.api.interceptor.Interceptor;
-import org.apache.directory.server.core.api.interceptor.context.AddOperationContext;
-import org.apache.directory.server.core.api.interceptor.context.BindOperationContext;
-import org.apache.directory.server.core.api.interceptor.context.HasEntryOperationContext;
-import org.apache.directory.server.core.api.interceptor.context.LookupOperationContext;
-import org.apache.directory.server.core.api.interceptor.context.OperationContext;
-import org.apache.directory.server.core.api.journal.Journal;
-import org.apache.directory.server.core.api.partition.Partition;
-import org.apache.directory.server.core.api.partition.PartitionNexus;
-import org.apache.directory.server.core.api.schema.SchemaPartition;
-import org.apache.directory.server.core.api.subtree.SubentryCache;
-import org.apache.directory.server.core.api.subtree.SubtreeEvaluator;
-import org.apache.directory.server.core.authn.AuthenticationInterceptor;
-import org.apache.directory.server.core.authn.ppolicy.PpolicyConfigContainer;
-import org.apache.directory.server.core.authz.AciAuthorizationInterceptor;
-import org.apache.directory.server.core.authz.DefaultAuthorizationInterceptor;
-import org.apache.directory.server.core.changelog.ChangeLogInterceptor;
-import org.apache.directory.server.core.changelog.DefaultChangeLog;
-import org.apache.directory.server.core.collective.CollectiveAttributeInterceptor;
-import org.apache.directory.server.core.event.EventInterceptor;
-import org.apache.directory.server.core.exception.ExceptionInterceptor;
-import org.apache.directory.server.core.journal.DefaultJournal;
-import org.apache.directory.server.core.journal.JournalInterceptor;
-import org.apache.directory.server.core.normalization.NormalizationInterceptor;
-import org.apache.directory.server.core.operational.OperationalAttributeInterceptor;
-import org.apache.directory.server.core.referral.ReferralInterceptor;
-import org.apache.directory.server.core.schema.SchemaInterceptor;
-import org.apache.directory.server.core.security.TlsKeyGenerator;
-import org.apache.directory.server.core.shared.DefaultCoreSession;
-import org.apache.directory.server.core.shared.DefaultDnFactory;
-import org.apache.directory.server.core.shared.partition.DefaultPartitionNexus;
-import org.apache.directory.server.core.subtree.SubentryInterceptor;
-import org.apache.directory.server.core.trigger.TriggerInterceptor;
-import org.apache.directory.server.i18n.I18n;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-import java.io.BufferedReader;
-import java.io.File;
-import java.io.FileNotFoundException;
-import java.io.IOException;
-import java.io.RandomAccessFile;
-import java.io.StringReader;
-import java.lang.reflect.Method;
-import java.nio.channels.FileLock;
-import java.nio.channels.OverlappingFileLockException;
-import java.util.ArrayList;
-import java.util.Arrays;
-import java.util.HashMap;
-import java.util.HashSet;
-import java.util.List;
-import java.util.Map;
-import java.util.Set;
-import java.util.UUID;
-import java.util.concurrent.ConcurrentHashMap;
-import java.util.concurrent.locks.Lock;
-import java.util.concurrent.locks.ReadWriteLock;
-import java.util.concurrent.locks.ReentrantReadWriteLock;
-
-
-/**
- * Base implementation of {@link DirectoryService}.
- * This is a copy of org.apache.directory.server.core.DefaultDirectoryService
- * created to make showSecurityWarnings protected. This can be removed
- * when http://svn.apache.org/r1546144 in ApacheDS 2.0.0-M16 is available.
- *
- * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
- */
-public class BaseDirectoryService implements DirectoryService
-{
- /** The logger */
- private static final Logger LOG = LoggerFactory.getLogger( BaseDirectoryService.class );
-
- private SchemaPartition schemaPartition;
-
- /** A reference on the SchemaManager */
- private SchemaManager schemaManager;
-
- /** The LDAP Codec Service */
- private LdapApiService ldapCodecService = LdapApiServiceFactory.getSingleton();
-
- /** the root nexus */
- private DefaultPartitionNexus partitionNexus;
-
- /** whether or not server is started for the first time */
- private boolean firstStart;
-
- /** whether or not this instance has been shutdown */
- private boolean started;
-
- /** the change log service */
- private ChangeLog changeLog;
-
- /** the journal service */
- private Journal journal;
-
- /**
- * the interface used to perform various operations on this
- * DirectoryService
- */
- private OperationManager operationManager = new DefaultOperationManager( this );
-
- /** the distinguished name of the administrative user */
- private Dn adminDn;
-
- /** session used as admin for internal operations */
- private CoreSession adminSession;
-
- /** The referral manager */
- private ReferralManager referralManager;
-
- /** A flag to tell if the userPassword attribute's value must be hidden */
- private boolean passwordHidden = false;
-
- /** The service's CSN factory */
- private CsnFactory csnFactory;
-
- /** The directory instance replication ID */
- private int replicaId;
-
- /** remove me after implementation is completed */
- private static final String PARTIAL_IMPL_WARNING =
- "WARNING: the changelog is only partially operational and will revert\n" +
- "state without consideration of who made the original change. All reverting " +
- "changes are made by the admin user.\n Furthermore the used controls are not at " +
- "all taken into account";
-
- /** The delay to wait between each sync on disk */
- private long syncPeriodMillis;
-
- /** The default delay to wait between sync on disk : 15 seconds */
- private static final long DEFAULT_SYNC_PERIOD = 15000;
-
- /** */
- private Thread workerThread;
-
- /** The default timeLimit : 100 entries */
- public static final int MAX_SIZE_LIMIT_DEFAULT = 100;
-
- /** The default timeLimit : 10 seconds */
- public static final int MAX_TIME_LIMIT_DEFAULT = 10000;
-
- /** The instance Id */
- private String instanceId;
-
- /** The server directory layout*/
- private InstanceLayout instanceLayout;
-
- /**
- * A flag used to shutdown the VM when stopping the server. Useful
- * when the server is standalone. If the server is embedded, we don't
- * want to shutdown the VM
- */
- private boolean exitVmOnShutdown = true; // allow by default
-
- /** A flag used to indicate that a shutdown hook has been installed */
- private boolean shutdownHookEnabled = true; // allow by default
-
- /** Manage anonymous access to entries other than the RootDSE */
- private boolean allowAnonymousAccess = false; // forbid by default
-
- /** Manage the basic access control checks */
- private boolean accessControlEnabled; // off by default
-
- /** Manage the operational attributes denormalization */
- private boolean denormalizeOpAttrsEnabled; // off by default
-
- /** The list of declared interceptors */
- private List<Interceptor> interceptors;
- private Map<String, Interceptor> interceptorNames;
-
- /** A lock to protect the interceptors List */
- private ReadWriteLock interceptorsLock = new ReentrantReadWriteLock();
-
- /** The read and write locks */
- private Lock readLock = interceptorsLock.readLock();
- private Lock writeLock = interceptorsLock.writeLock();
-
- /** A map associating a list of interceptor to each operation */
- private Map<OperationEnum, List<String>> operationInterceptors;
-
- /** The System partition */
- private Partition systemPartition;
-
- /** The set of all declared partitions */
- private Set<Partition> partitions = new HashSet<>();
-
- /** A list of LDIF entries to inject at startup */
- private List<? extends LdifEntry> testEntries = new ArrayList<LdifEntry>(); // List<Attributes>
-
- /** The event service */
- private EventService eventService;
-
- /** The maximum size for an incoming PDU */
- private int maxPDUSize = Integer.MAX_VALUE;
-
- /** the value of last successful add/update operation's CSN */
- private String contextCsn;
-
- /** lock file for directory service's working directory */
- private RandomAccessFile lockFile = null;
-
- private static final String LOCK_FILE_NAME = ".dirservice.lock";
-
- /** the ehcache based cache service */
- private CacheService cacheService;
-
- /** The AccessControl AdministrativePoint cache */
- private DnNode<AccessControlAdministrativePoint> accessControlAPCache;
-
- /** The CollectiveAttribute AdministrativePoint cache */
- private DnNode<CollectiveAttributeAdministrativePoint> collectiveAttributeAPCache;
-
- /** The Subschema AdministrativePoint cache */
- private DnNode<SubschemaAdministrativePoint> subschemaAPCache;
-
- /** The TriggerExecution AdministrativePoint cache */
- private DnNode<TriggerExecutionAdministrativePoint> triggerExecutionAPCache;
-
- /** The Dn factory */
- private DnFactory dnFactory;
-
- /** The Subentry cache */
- SubentryCache subentryCache = new SubentryCache();
-
- /** The Subtree evaluator instance */
- private SubtreeEvaluator evaluator;
-
-
- // ------------------------------------------------------------------------
- // Constructor
- // ------------------------------------------------------------------------
-
- /**
- * Creates a new instance of the directory service.
- */
- public BaseDirectoryService() throws Exception
- {
- changeLog = new DefaultChangeLog();
- journal = new DefaultJournal();
- syncPeriodMillis = DEFAULT_SYNC_PERIOD;
- csnFactory = new CsnFactory( replicaId );
- evaluator = new SubtreeEvaluator( schemaManager );
- setDefaultInterceptorConfigurations();
- }
-
-
- // ------------------------------------------------------------------------
- // C O N F I G U R A T I O N M E T H O D S
- // ------------------------------------------------------------------------
-
- public void setInstanceId( String instanceId )
- {
- this.instanceId = instanceId;
- }
-
-
- public String getInstanceId()
- {
- return instanceId;
- }
-
-
- /**
- * Gets the {@link Partition}s used by this DirectoryService.
- *
- * @return the set of partitions used
- */
- public Set<? extends Partition> getPartitions()
- {
- Set<Partition> cloned = new HashSet<>();
- cloned.addAll( partitions );
- return cloned;
- }
-
-
- /**
- * Sets {@link Partition}s used by this DirectoryService.
- *
- * @param partitions the partitions to used
- */
- public void setPartitions( Set<? extends Partition> partitions )
- {
- Set<Partition> cloned = new HashSet<>();
- cloned.addAll( partitions );
- Set<String> names = new HashSet<>();
-
- for ( Partition partition : cloned )
- {
- String id = partition.getId();
-
- if ( names.contains( id ) )
- {
- LOG.warn( "Encountered duplicate partition {} identifier.", id );
- }
-
- names.add( id );
- }
-
- this.partitions = cloned;
- }
-
-
- /**
- * Returns <tt>true</tt> if access control checks are enabled.
- *
- * @return true if access control checks are enabled, false otherwise
- */
- public boolean isAccessControlEnabled()
- {
- return accessControlEnabled;
- }
-
-
- /**
- * Sets whether to enable basic access control checks or not.
- *
- * @param accessControlEnabled true to enable access control checks, false otherwise
- */
- public void setAccessControlEnabled( boolean accessControlEnabled )
- {
- this.accessControlEnabled = accessControlEnabled;
- }
-
-
- /**
- * Returns <tt>true</tt> if anonymous access is allowed on entries besides the RootDSE.
- * If the access control subsystem is enabled then access to some entries may not be
- * allowed even when full anonymous access is enabled.
- *
- * @return true if anonymous access is allowed on entries besides the RootDSE, false
- * if anonymous access is allowed to all entries.
- */
- public boolean isAllowAnonymousAccess()
- {
- return allowAnonymousAccess;
- }
-
-
- /**
- * Sets whether to allow anonymous access to entries other than the RootDSE. If the
- * access control subsystem is enabled then access to some entries may not be allowed
- * even when full anonymous access is enabled.
- *
- * @param enableAnonymousAccess true to enable anonymous access, false to disable it
- */
- public void setAllowAnonymousAccess( boolean enableAnonymousAccess )
- {
- this.allowAnonymousAccess = enableAnonymousAccess;
- }
-
-
- /**
- * Returns interceptors in the server.
- *
- * @return the interceptors in the server.
- */
- public List<Interceptor> getInterceptors()
- {
- List<Interceptor> cloned = new ArrayList<Interceptor>();
-
- readLock.lock();
-
- try
- {
- cloned.addAll( interceptors );
-
- return cloned;
- }
- finally
- {
- readLock.unlock();
- }
- }
-
-
- /**
- * Returns interceptors in the server for a given operation.
- *
- * @return the interceptors in the server for the given operation.
- */
- public List<String> getInterceptors( OperationEnum operation )
- {
- List<String> cloned = new ArrayList<String>();
-
- readLock.lock();
-
- try
- {
- cloned.addAll( operationInterceptors.get( operation ) );
-
- return cloned;
- }
- finally
- {
- readLock.unlock();
- }
-
- }
-
-
- /**
- * Compute the list of to call for each operation
- */
- private void initOperationsList()
- {
- writeLock.lock();
-
- try
- {
- operationInterceptors = new ConcurrentHashMap<OperationEnum, List<String>>();
-
- for ( OperationEnum operation : OperationEnum.getOperations() )
- {
- List<String> operationList = new ArrayList<String>();
-
- for ( Interceptor interceptor : interceptors )
- {
- gatherInterceptors( interceptor, interceptor.getClass(), operation, operationList );
- }
-
- operationInterceptors.put( operation, operationList );
- }
- }
- finally
- {
- writeLock.unlock();
- }
- }
-
-
- /**
- * Recursively checks if the given interceptor can be added to the list of interceptors for a given
- * operation and adds to the list of interceptors if it implements the respective operation
- *
- * @param interceptor the instance of the interceptor
- * @param interceptorClz the class of the interceptor
- * @param operation type of operation
- * @param selectedInterceptorList the list of selected interceptors
- */
- private void gatherInterceptors( Interceptor interceptor, Class<?> interceptorClz, OperationEnum operation,
- List<String> selectedInterceptorList )
- {
- // We stop recursing when we reach the Base class
- if ( ( interceptorClz == null ) || ( interceptorClz == BaseInterceptor.class ) )
- {
- return;
- }
-
- // We don't call getMethods() because it would get back the default methods
- // from the BaseInterceptor, something we don't want.
- Method[] methods = interceptorClz.getDeclaredMethods();
-
- for ( Method method : methods )
- {
- Class<?>[] param = method.getParameterTypes();
- boolean hasCorrestSig = false;
-
- // check for the correct signature
- if ( ( param == null ) || ( param.length > 1 ) || ( param.length == 0 ) )
- {
- continue;
- }
-
- if ( OperationContext.class.isAssignableFrom( param[0] ) )
- {
- hasCorrestSig = true;
- }
- else
- {
- continue;
- }
-
- if ( hasCorrestSig && method.getName().equals( operation.getMethodName() ) )
- {
- if ( !selectedInterceptorList.contains( interceptor.getName() ) )
- {
- selectedInterceptorList.add( interceptor.getName() );
- }
-
- break;
- }
- }
-
- // Recurse on extended classes, as we have used getDeclaredMethods() instead of getmethods()
- gatherInterceptors( interceptor, interceptorClz.getSuperclass(), operation, selectedInterceptorList );
- }
-
-
- /**
- * Add an interceptor to the list of interceptors to call for each operation
- * @throws LdapException
- */
- private void addInterceptor( Interceptor interceptor, int position ) throws LdapException
- {
- // First, init the interceptor
- interceptor.init( this );
-
- writeLock.lock();
-
- try
- {
- for ( OperationEnum operation : OperationEnum.getOperations() )
- {
- List<String> operationList = operationInterceptors.get( operation );
-
- Method[] methods = interceptor.getClass().getDeclaredMethods();
-
- for ( Method method : methods )
- {
- if ( method.getName().equals( operation.getMethodName() ) )
- {
- if ( position == -1 )
- {
- operationList.add( interceptor.getName() );
- }
- else
- {
- operationList.add( position, interceptor.getName() );
- }
-
- break;
- }
- }
- }
-
- interceptorNames.put( interceptor.getName(), interceptor );
-
- if ( position == -1 )
- {
- interceptors.add( interceptor );
- }
- else
- {
- interceptors.add( position, interceptor );
- }
- }
- finally
- {
- writeLock.unlock();
- }
- }
-
-
- /**
- * Remove an interceptor to the list of interceptors to call for each operation
- */
- private void removeOperationsList( String interceptorName )
- {
- Interceptor interceptor = interceptorNames.get( interceptorName );
-
- writeLock.lock();
-
- try
- {
- for ( OperationEnum operation : OperationEnum.getOperations() )
- {
- List<String> operationList = operationInterceptors.get( operation );
-
- Method[] methods = interceptor.getClass().getDeclaredMethods();
-
- for ( Method method : methods )
- {
- if ( method.getName().equals( operation.getMethodName() ) )
- {
- operationList.remove( interceptor.getName() );
-
- break;
- }
- }
- }
-
- interceptorNames.remove( interceptorName );
- interceptors.remove( interceptor );
- }
- finally
- {
- writeLock.unlock();
- }
- }
-
-
- /**
- * Sets the interceptors in the server.
- *
- * @param interceptors the interceptors to be used in the server.
- */
- public void setInterceptors( List<Interceptor> interceptors )
- {
- Map<String, Interceptor> interceptorNames = new HashMap<>();
-
- // Check if we don't have duplicate names in the interceptors list
- for ( Interceptor interceptor : interceptors )
- {
- if ( interceptorNames.containsKey( interceptor.getName() ) )
- {
- LOG.warn( "Encountered duplicate definitions for {} interceptor", interceptor.getName() );
- continue;
- }
-
- interceptorNames.put( interceptor.getName(), interceptor );
- }
-
- this.interceptors = interceptors;
- this.interceptorNames = interceptorNames;
-
- // Now update the Map that connect each operation with the list of interceptors.
- initOperationsList();
- }
-
-
- /**
- * Initialize the interceptors
- */
- private void initInterceptors() throws LdapException
- {
- for ( Interceptor interceptor : interceptors )
- {
- interceptor.init( this );
- }
- }
-
-
- /**
- * Returns test directory entries({@link LdifEntry}) to be loaded while
- * bootstrapping.
- *
- * @return test entries to load during bootstrapping
- */
- public List<LdifEntry> getTestEntries()
- {
- List<LdifEntry> cloned = new ArrayList<LdifEntry>();
- cloned.addAll( testEntries );
-
- return cloned;
- }
-
-
- /**
- * Sets test directory entries({@link javax.naming.directory.Attributes}) to be loaded while
- * bootstrapping.
- *
- * @param testEntries the test entries to load while bootstrapping
- */
- public void setTestEntries( List<? extends LdifEntry> testEntries )
- {
- //noinspection MismatchedQueryAndUpdateOfCollection
- List<LdifEntry> cloned = new ArrayList<LdifEntry>();
- cloned.addAll( testEntries );
- this.testEntries = cloned;
- }
-
-
- /**
- * {@inheritDoc}
- */
- public InstanceLayout getInstanceLayout()
- {
- return instanceLayout;
- }
-
-
- /**
- * {@inheritDoc}
- */
- public void setInstanceLayout( InstanceLayout instanceLayout ) throws IOException
- {
- this.instanceLayout = instanceLayout;
-
- // Create the directories if they are missing
- if ( !instanceLayout.getInstanceDirectory().exists() )
- {
- if ( !instanceLayout.getInstanceDirectory().mkdirs() )
- {
- throw new IOException( I18n.err( I18n.ERR_112_COULD_NOT_CREATE_DIRECORY,
- instanceLayout.getInstanceDirectory() ) );
- }
- }
-
- if ( !instanceLayout.getLogDirectory().exists() )
- {
- if ( !instanceLayout.getLogDirectory().mkdirs() )
- {
- throw new IOException( I18n.err( I18n.ERR_112_COULD_NOT_CREATE_DIRECORY,
- instanceLayout.getLogDirectory() ) );
- }
- }
-
- if ( !instanceLayout.getRunDirectory().exists() )
- {
- if ( !instanceLayout.getRunDirectory().mkdirs() )
- {
- throw new IOException( I18n.err( I18n.ERR_112_COULD_NOT_CREATE_DIRECORY,
- instanceLayout.getRunDirectory() ) );
- }
- }
-
- if ( !instanceLayout.getPartitionsDirectory().exists() )
- {
- if ( !instanceLayout.getPartitionsDirectory().mkdirs() )
- {
- throw new IOException( I18n.err( I18n.ERR_112_COULD_NOT_CREATE_DIRECORY,
- instanceLayout.getPartitionsDirectory() ) );
- }
- }
-
- if ( !instanceLayout.getConfDirectory().exists() )
- {
- if ( !instanceLayout.getConfDirectory().mkdirs() )
- {
- throw new IOException( I18n.err( I18n.ERR_112_COULD_NOT_CREATE_DIRECORY,
- instanceLayout.getConfDirectory() ) );
- }
- }
- }
-
-
- public void setShutdownHookEnabled( boolean shutdownHookEnabled )
- {
- this.shutdownHookEnabled = shutdownHookEnabled;
- }
-
-
- public boolean isShutdownHookEnabled()
- {
- return shutdownHookEnabled;
- }
-
-
- public void setExitVmOnShutdown( boolean exitVmOnShutdown )
- {
- this.exitVmOnShutdown = exitVmOnShutdown;
- }
-
-
- public boolean isExitVmOnShutdown()
- {
- return exitVmOnShutdown;
- }
-
-
- public void setSystemPartition( Partition systemPartition )
- {
- this.systemPartition = systemPartition;
- }
-
-
- public Partition getSystemPartition()
- {
- return systemPartition;
- }
-
-
- /**
- * return true if the operational attributes must be normalized when returned
- */
- public boolean isDenormalizeOpAttrsEnabled()
- {
- return denormalizeOpAttrsEnabled;
- }
-
-
- /**
- * Sets whether the operational attributes are denormalized when returned
- * @param denormalizeOpAttrsEnabled The flag value
- */
- public void setDenormalizeOpAttrsEnabled( boolean denormalizeOpAttrsEnabled )
- {
- this.denormalizeOpAttrsEnabled = denormalizeOpAttrsEnabled;
- }
-
-
- /**
- * {@inheritDoc}
- */
- public ChangeLog getChangeLog()
- {
- return changeLog;
- }
-
-
- /**
- * {@inheritDoc}
- */
- public Journal getJournal()
- {
- return journal;
- }
-
-
- /**
- * {@inheritDoc}
- */
- public void setChangeLog( ChangeLog changeLog )
- {
- this.changeLog = changeLog;
- }
-
-
- /**
- * {@inheritDoc}
- */
- public void setJournal( Journal journal )
- {
- this.journal = journal;
- }
-
-
- public void addPartition( Partition partition ) throws Exception
- {
- partition.setSchemaManager( schemaManager );
-
- try
- {
- // can be null when called before starting up
- if ( partitionNexus != null )
- {
- partitionNexus.addContextPartition( partition );
- }
- }
- catch ( LdapException le )
- {
- // We've got an exception, we cannot add the partition to the partitions
- throw le;
- }
-
- // Now, add the partition to the set of managed partitions
- partitions.add( partition );
- }
-
-
- public void removePartition( Partition partition ) throws Exception
- {
- // Do the backend cleanup first
- try
- {
- // can be null when called before starting up
- if ( partitionNexus != null )
- {
- partitionNexus.removeContextPartition( partition.getSuffixDn() );
- }
- }
- catch ( LdapException le )
- {
- // Bad ! We can't go any further
- throw le;
- }
-
- // And update the set of managed partitions
- partitions.remove( partition );
- }
-
-
- // ------------------------------------------------------------------------
- // BackendSubsystem Interface Method Implementations
- // ------------------------------------------------------------------------
- /**
- * Define a default list of interceptors that has to be used if no other
- * configuration is defined.
- */
- private void setDefaultInterceptorConfigurations()
- {
- // Set default interceptor chains
- List<Interceptor> list = new ArrayList<Interceptor>();
-
- list.add( new NormalizationInterceptor() );
- list.add( new AuthenticationInterceptor() );
- list.add( new ReferralInterceptor() );
- list.add( new AciAuthorizationInterceptor() );
- list.add( new DefaultAuthorizationInterceptor() );
- list.add( new AdministrativePointInterceptor() );
- list.add( new ExceptionInterceptor() );
- list.add( new SchemaInterceptor() );
- list.add( new OperationalAttributeInterceptor() );
- list.add( new CollectiveAttributeInterceptor() );
- list.add( new SubentryInterceptor() );
- list.add( new EventInterceptor() );
- list.add( new TriggerInterceptor() );
- list.add( new ChangeLogInterceptor() );
- list.add( new JournalInterceptor() );
-
- setInterceptors( list );
- }
-
-
- public CoreSession getAdminSession()
- {
- return adminSession;
- }
-
-
- /**
- * Get back an anonymous session
- */
- public CoreSession getSession()
- {
- return new DefaultCoreSession( new LdapPrincipal( schemaManager ), this );
- }
-
-
- /**
- * Get back a session for a given principal
- */
- public CoreSession getSession( LdapPrincipal principal )
- {
- return new DefaultCoreSession( principal, this );
- }
-
-
- /**
- * Get back a session for the give user and credentials bound with Simple Bind
- */
- public CoreSession getSession( Dn principalDn, byte[] credentials ) throws LdapException
- {
- synchronized ( this )
- {
- if ( !started )
- {
- throw new IllegalStateException( "Service has not started." );
- }
- }
-
- BindOperationContext bindContext = new BindOperationContext( null );
- bindContext.setCredentials( credentials );
- bindContext.setDn( principalDn.apply( schemaManager ) );
- bindContext.setInterceptors( getInterceptors( OperationEnum.BIND ) );
-
- operationManager.bind( bindContext );
-
- return bindContext.getSession();
- }
-
-
- /**
- * Get back a session for a given user bound with SASL Bind
- */
- public CoreSession getSession( Dn principalDn, byte[] credentials, String saslMechanism, String saslAuthId )
- throws Exception
- {
- synchronized ( this )
- {
- if ( !started )
- {
- throw new IllegalStateException( "Service has not started." );
-
- }
- }
-
- BindOperationContext bindContext = new BindOperationContext( null );
- bindContext.setCredentials( credentials );
- bindContext.setDn( principalDn.apply( schemaManager ) );
- bindContext.setSaslMechanism( saslMechanism );
- bindContext.setInterceptors( getInterceptors( OperationEnum.BIND ) );
-
- operationManager.bind( bindContext );
-
- return bindContext.getSession();
- }
-
-
- public long revert() throws LdapException
- {
- if ( changeLog == null || !changeLog.isEnabled() )
- {
- throw new IllegalStateException( I18n.err( I18n.ERR_310 ) );
- }
-
- Tag latest = changeLog.getLatest();
-
- if ( null != latest )
- {
- if ( latest.getRevision() < changeLog.getCurrentRevision() )
- {
- return revert( latest.getRevision() );
- }
- else
- {
- LOG.info( "Ignoring request to revert without changes since the latest tag." );
- return changeLog.getCurrentRevision();
- }
- }
-
- throw new IllegalStateException( I18n.err( I18n.ERR_311 ) );
- }
-
-
- /**
- * We handle the ModDN/ModRDN operation for the revert here.
- */
- private void moddn( Dn oldDn, Dn newDn, boolean delOldRdn ) throws LdapException
- {
- if ( oldDn.size() == 0 )
- {
- throw new LdapNoPermissionException( I18n.err( I18n.ERR_312 ) );
- }
-
- // calculate parents
- Dn oldBase = oldDn.getParent();
- Dn newBase = newDn.getParent();
-
- // Compute the Rdn for each of the Dn
- Rdn newRdn = newDn.getRdn();
- Rdn oldRdn = oldDn.getRdn();
-
- /*
- * We need to determine if this rename operation corresponds to a simple
- * Rdn name change or a move operation. If the two names are the same
- * except for the Rdn then it is a simple modifyRdn operation. If the
- * names differ in size or have a different baseDN then the operation is
- * a move operation. Furthermore if the Rdn in the move operation
- * changes it is both an Rdn change and a move operation.
- */
- if ( ( oldDn.size() == newDn.size() ) && oldBase.equals( newBase ) )
- {
- adminSession.rename( oldDn, newRdn, delOldRdn );
- }
- else
- {
- Dn target = newDn.getParent();
-
- if ( newRdn.equals( oldRdn ) )
- {
- adminSession.move( oldDn, target );
- }
- else
- {
- adminSession.moveAndRename( oldDn, target, new Rdn( newRdn ), delOldRdn );
- }
- }
- }
-
-
- public long revert( long revision ) throws LdapException
- {
- if ( changeLog == null || !changeLog.isEnabled() )
- {
- throw new IllegalStateException( I18n.err( I18n.ERR_310 ) );
- }
-
- if ( revision < 0 )
- {
- throw new IllegalArgumentException( I18n.err( I18n.ERR_239 ) );
- }
-
- if ( revision >= changeLog.getChangeLogStore().getCurrentRevision() )
- {
- throw new IllegalArgumentException( I18n.err( I18n.ERR_314 ) );
- }
-
- Cursor<ChangeLogEvent> cursor = changeLog.getChangeLogStore().findAfter( revision );
-
- /*
- * BAD, BAD, BAD!!!
- *
- * No synchronization no nothing. Just getting this to work for now
- * so we can revert tests. Any production grade use of this feature
- * needs to synchronize on all changes while the revert is in progress.
- *
- * How about making this operation transactional?
- *
- * First of all just stop using JNDI and construct the operations to
- * feed into the interceptor pipeline.
- *
- * TODO review this code.
- */
-
- try
- {
- LOG.warn( PARTIAL_IMPL_WARNING );
- cursor.afterLast();
-
- while ( cursor.previous() ) // apply ldifs in reverse order
- {
- ChangeLogEvent event = cursor.get();
- List<LdifEntry> reverses = event.getReverseLdifs();
-
- for ( LdifEntry reverse : reverses )
- {
- switch ( reverse.getChangeType().getChangeType() )
- {
- case ChangeType.ADD_ORDINAL:
- adminSession.add(
- new DefaultEntry( schemaManager, reverse.getEntry() ), true );
- break;
-
- case ChangeType.DELETE_ORDINAL:
- adminSession.delete( reverse.getDn(), true );
- break;
-
- case ChangeType.MODIFY_ORDINAL:
- List<Modification> mods = reverse.getModifications();
-
- adminSession.modify( reverse.getDn(), mods, true );
- break;
-
- case ChangeType.MODDN_ORDINAL:
- // NO BREAK - both ModDN and ModRDN handling is the same
-
- case ChangeType.MODRDN_ORDINAL:
- Dn forwardDn = event.getForwardLdif().getDn();
- Dn reverseDn = reverse.getDn();
-
- moddn( reverseDn, forwardDn, reverse.isDeleteOldRdn() );
-
- break;
-
- default:
- LOG.error( I18n.err( I18n.ERR_75 ) );
- throw new NotImplementedException( I18n.err( I18n.ERR_76, reverse.getChangeType() ) );
- }
- }
- }
- }
- catch ( Exception e )
- {
- throw new LdapOperationException( e.getMessage(), e );
- }
- finally
- {
- try
- {
- cursor.close();
- }
- catch ( Exception e )
- {
- throw new LdapOperationException( e.getMessage(), e );
- }
- }
-
- return changeLog.getCurrentRevision();
- }
-
-
- public OperationManager getOperationManager()
- {
- return operationManager;
- }
-
-
- /**
- * @throws Exception if the LDAP server cannot be started
- */
- public synchronized void startup() throws Exception
- {
- if ( started )
- {
- return;
- }
-
- lockWorkDir();
-
- if ( shutdownHookEnabled )
- {
- Runtime.getRuntime().addShutdownHook( new Thread( new Runnable()
- {
- public void run()
- {
- try
- {
- shutdown();
- }
- catch ( Exception e )
- {
- LOG.warn( "Failed to shut down the directory service: "
- + BaseDirectoryService.this.instanceId, e );
- }
- }
- }, "ApacheDS Shutdown Hook (" + instanceId + ')' ) );
-
- LOG.info( "ApacheDS shutdown hook has been registered with the runtime." );
- }
- else if ( LOG.isWarnEnabled() )
- {
- LOG.warn( "ApacheDS shutdown hook has NOT been registered with the runtime."
- + " This default setting for standalone operation has been overriden." );
- }
-
- initialize();
- showSecurityWarnings();
-
- // load the last stored valid CSN value
- LookupOperationContext loc = new LookupOperationContext( getAdminSession(), systemPartition.getSuffixDn(),
- SchemaConstants.ALL_ATTRIBUTES_ARRAY );
-
- Entry entry = systemPartition.lookup( loc );
-
- Attribute cntextCsnAt = entry.get( SchemaConstants.CONTEXT_CSN_AT );
-
- if ( cntextCsnAt != null )
- {
- // this is a multivalued attribute but current syncrepl provider implementation stores only ONE value at ou=system
- contextCsn = cntextCsnAt.getString();
- }
-
- started = true;
-
- if ( !testEntries.isEmpty() )
- {
- createTestEntries();
- }
- }
-
-
- public synchronized void sync() throws Exception
- {
- if ( !started )
- {
- return;
- }
-
- this.changeLog.sync();
- this.partitionNexus.sync();
- }
-
-
- public synchronized void shutdown() throws Exception
- {
- LOG.debug( "+++ DirectoryService Shutdown required" );
-
- if ( !started )
- {
- return;
- }
-
- // --------------------------------------------------------------------
- // Shutdown the sync thread
- // --------------------------------------------------------------------
- LOG.debug( "--- Syncing the nexus " );
- partitionNexus.sync();
-
- // --------------------------------------------------------------------
- // Shutdown the changelog
- // --------------------------------------------------------------------
- LOG.debug( "--- Syncing the changeLog " );
- changeLog.sync();
- changeLog.destroy();
-
- // --------------------------------------------------------------------
- // Shutdown the journal if enabled
- // --------------------------------------------------------------------
- if ( journal.isEnabled() )
- {
- LOG.debug( "--- Destroying the journal " );
- journal.destroy();
- }
-
- // --------------------------------------------------------------------
- // Shutdown the partition
- // --------------------------------------------------------------------
-
- LOG.debug( "--- Destroying the nexus" );
- partitionNexus.destroy();
-
- // Last flush...
- LOG.debug( "--- Flushing everything before quitting" );
- getOperationManager().lockWrite();
- partitionNexus.sync();
- getOperationManager().unlockWrite();
-
- // --------------------------------------------------------------------
- // And shutdown the server
- // --------------------------------------------------------------------
- LOG.debug( "--- Deleting the cache service" );
- cacheService.destroy();
-
- LOG.debug( "---Deleting the DnCache" );
- dnFactory = null;
-
- if ( lockFile != null )
- {
- try
- {
- lockFile.close();
- // no need to delete the lock file
- }
- catch ( IOException e )
- {
- LOG.warn( "couldn't delete the lock file {}", LOCK_FILE_NAME );
- }
- }
-
- LOG.debug( "+++ DirectoryService stopped" );
- started = false;
- }
-
-
- /**
- * @return The referral manager
- */
- public ReferralManager getReferralManager()
- {
- return referralManager;
- }
-
-
- /**
- * Set the referralManager
- * @param referralManager The initialized referralManager
- */
- public void setReferralManager( ReferralManager referralManager )
- {
- this.referralManager = referralManager;
- }
-
-
- /**
- * @return the SchemaManager
- */
- public SchemaManager getSchemaManager()
- {
- return schemaManager;
- }
-
-
- /**
- * Set the SchemaManager instance.
- *
- * @param schemaManager The server schemaManager
- */
- public void setSchemaManager( SchemaManager schemaManager )
- {
- this.schemaManager = schemaManager;
- }
-
-
- public LdapApiService getLdapCodecService()
- {
- return ldapCodecService;
- }
-
-
- /**
- * {@inheritDoc}
- */
- public SchemaPartition getSchemaPartition()
- {
- return schemaPartition;
- }
-
-
- /**
- * {@inheritDoc}
- */
- public void setSchemaPartition( SchemaPartition schemaPartition )
- {
- this.schemaPartition = schemaPartition;
- }
-
-
- public DefaultPartitionNexus getPartitionNexus()
- {
- return partitionNexus;
- }
-
-
- public boolean isFirstStart()
- {
- return firstStart;
- }
-
-
- public synchronized boolean isStarted()
- {
- return started;
- }
-
-
- public Entry newEntry( Dn dn )
- {
- return new DefaultEntry( schemaManager, dn );
- }
-
-
- /**
- * Returns true if we had to create the bootstrap entries on the first
- * start of the server. Otherwise if all entries exist, meaning none
- * had to be created, then we are not starting for the first time.
- *
- * @return true if the bootstrap entries had to be created, false otherwise
- * @throws Exception if entries cannot be created
- */
- private boolean createBootstrapEntries() throws Exception
- {
- boolean firstStart = false;
-
- // -------------------------------------------------------------------
- // create admin entry
- // -------------------------------------------------------------------
-
- /*
- * If the admin entry is there, then the database was already created
- */
- if ( !partitionNexus.hasEntry( new HasEntryOperationContext( adminSession, adminDn ) ) )
- {
- firstStart = true;
-
- Entry serverEntry = new DefaultEntry( schemaManager, adminDn );
-
- serverEntry.put( SchemaConstants.OBJECT_CLASS_AT,
- SchemaConstants.TOP_OC,
- SchemaConstants.PERSON_OC,
- SchemaConstants.ORGANIZATIONAL_PERSON_OC,
- SchemaConstants.INET_ORG_PERSON_OC );
-
- serverEntry.put( SchemaConstants.UID_AT, PartitionNexus.ADMIN_UID );
- serverEntry.put( SchemaConstants.USER_PASSWORD_AT, PartitionNexus.ADMIN_PASSWORD_BYTES );
- serverEntry.put( SchemaConstants.DISPLAY_NAME_AT, "Directory Superuser" );
- serverEntry.put( SchemaConstants.CN_AT, "system administrator" );
- serverEntry.put( SchemaConstants.SN_AT, "administrator" );
- serverEntry.put( SchemaConstants.CREATORS_NAME_AT, ServerDNConstants.ADMIN_SYSTEM_DN_NORMALIZED );
- serverEntry.put( SchemaConstants.CREATE_TIMESTAMP_AT, DateUtils.getGeneralizedTime() );
- serverEntry.put( SchemaConstants.DISPLAY_NAME_AT, "Directory Superuser" );
- serverEntry.add( SchemaConstants.ENTRY_CSN_AT, getCSN().toString() );
- serverEntry.add( SchemaConstants.ENTRY_UUID_AT, UUID.randomUUID().toString() );
-
- TlsKeyGenerator.addKeyPair( serverEntry );
- partitionNexus.add( new AddOperationContext( adminSession, serverEntry ) );
- }
-
- // -------------------------------------------------------------------
- // create system users area
- // -------------------------------------------------------------------
-
- Dn userDn = getDnFactory().create( ServerDNConstants.USERS_SYSTEM_DN );
-
- if ( !partitionNexus.hasEntry( new HasEntryOperationContext( adminSession, userDn ) ) )
- {
- firstStart = true;
-
- Entry serverEntry = new DefaultEntry( schemaManager, userDn );
-
- serverEntry.put( SchemaConstants.OBJECT_CLASS_AT,
- SchemaConstants.TOP_OC,
- SchemaConstants.ORGANIZATIONAL_UNIT_OC );
-
- serverEntry.put( SchemaConstants.OU_AT, "users" );
- serverEntry.put( SchemaConstants.CREATORS_NAME_AT, ServerDNConstants.ADMIN_SYSTEM_DN_NORMALIZED );
- serverEntry.put( SchemaConstants.CREATE_TIMESTAMP_AT, DateUtils.getGeneralizedTime() );
- serverEntry.add( SchemaConstants.ENTRY_CSN_AT, getCSN().toString() );
- serverEntry.add( SchemaConstants.ENTRY_UUID_AT, UUID.randomUUID().toString() );
-
- partitionNexus.add( new AddOperationContext( adminSession, serverEntry ) );
- }
-
- // -------------------------------------------------------------------
- // create system groups area
- // -------------------------------------------------------------------
-
- Dn groupDn = getDnFactory().create( ServerDNConstants.GROUPS_SYSTEM_DN );
-
- if ( !partitionNexus.hasEntry( new HasEntryOperationContext( adminSession, groupDn ) ) )
- {
- firstStart = true;
-
- Entry serverEntry = new DefaultEntry( schemaManager, groupDn );
-
- serverEntry.put( SchemaConstants.OBJECT_CLASS_AT,
- SchemaConstants.TOP_OC,
- SchemaConstants.ORGANIZATIONAL_UNIT_OC );
-
- serverEntry.put( SchemaConstants.OU_AT, "groups" );
- serverEntry.put( SchemaConstants.CREATORS_NAME_AT, ServerDNConstants.ADMIN_SYSTEM_DN_NORMALIZED );
- serverEntry.put( SchemaConstants.CREATE_TIMESTAMP_AT, DateUtils.getGeneralizedTime() );
- serverEntry.add( SchemaConstants.ENTRY_CSN_AT, getCSN().toString() );
- serverEntry.add( SchemaConstants.ENTRY_UUID_AT, UUID.randomUUID().toString() );
-
- partitionNexus.add( new AddOperationContext( adminSession, serverEntry ) );
- }
-
- // -------------------------------------------------------------------
- // create administrator group
- // -------------------------------------------------------------------
-
- Dn name = getDnFactory().create( ServerDNConstants.ADMINISTRATORS_GROUP_DN );
-
- if ( !partitionNexus.hasEntry( new HasEntryOperationContext( adminSession, name ) ) )
- {
- firstStart = true;
-
- Entry serverEntry = new DefaultEntry( schemaManager, name );
-
- serverEntry.put( SchemaConstants.OBJECT_CLASS_AT,
- SchemaConstants.TOP_OC,
- SchemaConstants.GROUP_OF_UNIQUE_NAMES_OC );
-
- serverEntry.put( SchemaConstants.CN_AT, "Administrators" );
- serverEntry.put( SchemaConstants.UNIQUE_MEMBER_AT, ServerDNConstants.ADMIN_SYSTEM_DN_NORMALIZED );
- serverEntry.put( SchemaConstants.CREATORS_NAME_AT, ServerDNConstants.ADMIN_SYSTEM_DN_NORMALIZED );
- serverEntry.put( SchemaConstants.CREATE_TIMESTAMP_AT, DateUtils.getGeneralizedTime() );
- serverEntry.add( SchemaConstants.ENTRY_CSN_AT, getCSN().toString() );
- serverEntry.add( SchemaConstants.ENTRY_UUID_AT, UUID.randomUUID().toString() );
-
- partitionNexus.add( new AddOperationContext( adminSession, serverEntry ) );
- }
-
- // -------------------------------------------------------------------
- // create system configuration area
- // -------------------------------------------------------------------
-
- Dn configurationDn = getDnFactory().create( "ou=configuration,ou=system" );
-
- if ( !partitionNexus.hasEntry( new HasEntryOperationContext( adminSession, configurationDn ) ) )
- {
- firstStart = true;
-
- Entry serverEntry = new DefaultEntry( schemaManager, configurationDn );
- serverEntry.put( SchemaConstants.OBJECT_CLASS_AT, SchemaConstants.TOP_OC,
- SchemaConstants.ORGANIZATIONAL_UNIT_OC );
-
- serverEntry.put( SchemaConstants.OU_AT, "configuration" );
- serverEntry.put( SchemaConstants.CREATORS_NAME_AT, ServerDNConstants.ADMIN_SYSTEM_DN_NORMALIZED );
- serverEntry.put( SchemaConstants.CREATE_TIMESTAMP_AT, DateUtils.getGeneralizedTime() );
- serverEntry.add( SchemaConstants.ENTRY_CSN_AT, getCSN().toString() );
- serverEntry.add( SchemaConstants.ENTRY_UUID_AT, UUID.randomUUID().toString() );
-
- partitionNexus.add( new AddOperationContext( adminSession, serverEntry ) );
- }
-
- // -------------------------------------------------------------------
- // create system configuration area for partition information
- // -------------------------------------------------------------------
-
- Dn partitionsDn = getDnFactory().create( "ou=partitions,ou=configuration,ou=system" );
-
- if ( !partitionNexus.hasEntry( new HasEntryOperationContext( adminSession, partitionsDn ) ) )
- {
- firstStart = true;
-
- Entry serverEntry = new DefaultEntry( schemaManager, partitionsDn );
- serverEntry.put( SchemaConstants.OBJECT_CLASS_AT, SchemaConstants.TOP_OC,
- SchemaConstants.ORGANIZATIONAL_UNIT_OC );
- serverEntry.put( SchemaConstants.OU_AT, "partitions" );
- serverEntry.put( SchemaConstants.CREATORS_NAME_AT, ServerDNConstants.ADMIN_SYSTEM_DN_NORMALIZED );
- serverEntry.put( SchemaConstants.CREATE_TIMESTAMP_AT, DateUtils.getGeneralizedTime() );
- serverEntry.add( SchemaConstants.ENTRY_CSN_AT, getCSN().toString() );
- serverEntry.add( SchemaConstants.ENTRY_UUID_AT, UUID.randomUUID().toString() );
-
- partitionNexus.add( new AddOperationContext( adminSession, serverEntry ) );
- }
-
- // -------------------------------------------------------------------
- // create system configuration area for services
- // -------------------------------------------------------------------
-
- Dn servicesDn = getDnFactory().create( "ou=services,ou=configuration,ou=system" );
-
- if ( !partitionNexus.hasEntry( new HasEntryOperationContext( adminSession, servicesDn ) ) )
- {
- firstStart = true;
-
- Entry serverEntry = new DefaultEntry( schemaManager, servicesDn );
- serverEntry.put( SchemaConstants.OBJECT_CLASS_AT, SchemaConstants.TOP_OC,
- SchemaConstants.ORGANIZATIONAL_UNIT_OC );
-
- serverEntry.put( SchemaConstants.OU_AT, "services" );
- serverEntry.put( SchemaConstants.CREATORS_NAME_AT, ServerDNConstants.ADMIN_SYSTEM_DN_NORMALIZED );
- serverEntry.put( SchemaConstants.CREATE_TIMESTAMP_AT, DateUtils.getGeneralizedTime() );
- serverEntry.add( SchemaConstants.ENTRY_CSN_AT, getCSN().toString() );
- serverEntry.add( SchemaConstants.ENTRY_UUID_AT, UUID.randomUUID().toString() );
-
- partitionNexus.add( new AddOperationContext( adminSession, serverEntry ) );
- }
-
- // -------------------------------------------------------------------
- // create system configuration area for interceptors
- // -------------------------------------------------------------------
-
- Dn interceptorsDn = getDnFactory().create( "ou=interceptors,ou=configuration,ou=system" );
-
- if ( !partitionNexus.hasEntry( new HasEntryOperationContext( adminSession, interceptorsDn ) ) )
- {
- firstStart = true;
-
- Entry serverEntry = new DefaultEntry( schemaManager, interceptorsDn );
- serverEntry.put( SchemaConstants.OBJECT_CLASS_AT, SchemaConstants.TOP_OC,
- SchemaConstants.ORGANIZATIONAL_UNIT_OC );
-
- serverEntry.put( SchemaConstants.OU_AT, "interceptors" );
- serverEntry.put( SchemaConstants.CREATORS_NAME_AT, ServerDNConstants.ADMIN_SYSTEM_DN_NORMALIZED );
- serverEntry.put( SchemaConstants.CREATE_TIMESTAMP_AT, DateUtils.getGeneralizedTime() );
- serverEntry.add( SchemaConstants.ENTRY_CSN_AT, getCSN().toString() );
- serverEntry.add( SchemaConstants.ENTRY_UUID_AT, UUID.randomUUID().toString() );
-
- partitionNexus.add( new AddOperationContext( adminSession, serverEntry ) );
- }
-
- // -------------------------------------------------------------------
- // create system preferences area
- // -------------------------------------------------------------------
-
- Dn sysPrefRootDn = getDnFactory().create( ServerDNConstants.SYSPREFROOT_SYSTEM_DN );
-
- if ( !partitionNexus.hasEntry( new HasEntryOperationContext( adminSession, sysPrefRootDn ) ) )
- {
- firstStart = true;
-
- Entry serverEntry = new DefaultEntry( schemaManager, sysPrefRootDn );
- serverEntry.put( SchemaConstants.OBJECT_CLASS_AT,
- SchemaConstants.TOP_OC,
- SchemaConstants.ORGANIZATIONAL_UNIT_OC,
- SchemaConstants.EXTENSIBLE_OBJECT_OC );
-
- serverEntry.put( "prefNodeName", "sysPrefRoot" );
- serverEntry.put( SchemaConstants.CREATORS_NAME_AT, ServerDNConstants.ADMIN_SYSTEM_DN_NORMALIZED );
- serverEntry.put( SchemaConstants.CREATE_TIMESTAMP_AT, DateUtils.getGeneralizedTime() );
- serverEntry.add( SchemaConstants.ENTRY_CSN_AT, getCSN().toString() );
- serverEntry.add( SchemaConstants.ENTRY_UUID_AT, UUID.randomUUID().toString() );
-
- partitionNexus.add( new AddOperationContext( adminSession, serverEntry ) );
- }
-
- return firstStart;
- }
-
-
- /**
- * Displays security warning messages if any possible secutiry issue is found.
- * @throws Exception if there are failures parsing and accessing internal structures
- */
- protected void showSecurityWarnings() throws Exception
- {
- // Warn if the default password is not changed.
- boolean needToChangeAdminPassword = false;
-
- Dn adminDn = getDnFactory().create( ServerDNConstants.ADMIN_SYSTEM_DN );
-
- Entry adminEntry = partitionNexus.lookup( new LookupOperationContext( adminSession, adminDn ) );
- Value<?> userPassword = adminEntry.get( SchemaConstants.USER_PASSWORD_AT ).get();
- needToChangeAdminPassword = Arrays.equals( PartitionNexus.ADMIN_PASSWORD_BYTES, userPassword.getBytes() );
-
- if ( needToChangeAdminPassword )
- {
- LOG.warn( "You didn't change the admin password of directory service " + "instance '" + instanceId + "'. "
- + "Please update the admin password as soon as possible " + "to prevent a possible security breach." );
- }
- }
-
-
- /**
- * Adds test entries into the core.
- *
- * @todo this may no longer be needed when JNDI is not used for bootstrapping
- *
- * @throws Exception if the creation of test entries fails.
- */
- private void createTestEntries() throws Exception
- {
- for ( LdifEntry testEntry : testEntries )
- {
- try
- {
- LdifEntry ldifEntry = testEntry.clone();
- Entry entry = ldifEntry.getEntry();
- String dn = ldifEntry.getDn().getName();
-
- try
- {
- getAdminSession().add( new DefaultEntry( schemaManager, entry ) );
- }
- catch ( Exception e )
- {
- LOG.warn( dn + " test entry already exists.", e );
- }
- }
- catch ( CloneNotSupportedException cnse )
- {
- LOG.warn( "Cannot clone the entry ", cnse );
- }
- }
- }
-
-
- private void initializeSystemPartition() throws Exception
- {
- Partition system = getSystemPartition();
-
- // Add root context entry for system partition
- Dn systemSuffixDn = getDnFactory().create( ServerDNConstants.SYSTEM_DN );
- CoreSession adminSession = getAdminSession();
-
- if ( !system.hasEntry( new HasEntryOperationContext( adminSession, systemSuffixDn ) ) )
- {
- Entry systemEntry = new DefaultEntry( schemaManager, systemSuffixDn );
-
- // Add the ObjectClasses
- systemEntry.put( SchemaConstants.OBJECT_CLASS_AT, SchemaConstants.TOP_OC,
- SchemaConstants.ORGANIZATIONAL_UNIT_OC, SchemaConstants.EXTENSIBLE_OBJECT_OC );
-
- // Add some operational attributes
- systemEntry.put( SchemaConstants.CREATORS_NAME_AT, ServerDNConstants.ADMIN_SYSTEM_DN );
- systemEntry.put( SchemaConstants.CREATE_TIMESTAMP_AT, DateUtils.getGeneralizedTime() );
- systemEntry.add( SchemaConstants.ENTRY_CSN_AT, getCSN().toString() );
- systemEntry.add( SchemaConstants.ENTRY_UUID_AT, UUID.randomUUID().toString() );
- systemEntry.put( DnUtils.getRdnAttributeType( ServerDNConstants.SYSTEM_DN ), DnUtils
- .getRdnValue( ServerDNConstants.SYSTEM_DN ) );
-
- AddOperationContext addOperationContext = new AddOperationContext( adminSession, systemEntry );
- system.add( addOperationContext );
- }
- }
-
-
- /**
- * Kicks off the initialization of the entire system.
- *
- * @throws Exception if there are problems along the way
- */
- private void initialize() throws Exception
- {
- if ( LOG.isDebugEnabled() )
- {
- LOG.debug( "---> Initializing the DefaultDirectoryService " );
- }
-
- csnFactory.setReplicaId( replicaId );
-
- // If no interceptor list is defined, setup a default list
- if ( interceptors == null )
- {
- setDefaultInterceptorConfigurations();
- }
-
- if ( cacheService == null )
- {
- // Initialize a default cache service
- cacheService = new CacheService();
- }
-
- cacheService.initialize( instanceLayout );
-
- // Initialize the AP caches
- accessControlAPCache = new DnNode<AccessControlAdministrativePoint>();
- collectiveAttributeAPCache = new DnNode<CollectiveAttributeAdministrativePoint>();
- subschemaAPCache = new DnNode<SubschemaAdministrativePoint>();
- triggerExecutionAPCache = new DnNode<TriggerExecutionAdministrativePoint>();
-
- if ( dnFactory == null )
- {
- dnFactory = new DefaultDnFactory( schemaManager, cacheService.getCache( "dnCache" ) );
- }
-
- // triggers partition to load schema fully from schema partition
- schemaPartition.setCacheService( cacheService );
- schemaPartition.initialize();
- partitions.add( schemaPartition );
- systemPartition.setCacheService( cacheService );
- systemPartition.getSuffixDn().apply( schemaManager );
-
- adminDn = getDnFactory().create( ServerDNConstants.ADMIN_SYSTEM_DN );
- adminSession = new DefaultCoreSession( new LdapPrincipal( schemaManager, adminDn, AuthenticationLevel.STRONG ),
- this );
-
- // @TODO - NOTE: Need to find a way to instantiate without dependency on DPN
- partitionNexus = new DefaultPartitionNexus( new DefaultEntry( schemaManager, Dn.ROOT_DSE ) );
- partitionNexus.setDirectoryService( this );
- partitionNexus.initialize();
-
- initializeSystemPartition();
-
- // --------------------------------------------------------------------
- // Create all the bootstrap entries before initializing chain
- // --------------------------------------------------------------------
-
- firstStart = createBootstrapEntries();
-
- // Initialize the interceptors
- initInterceptors();
-
- // --------------------------------------------------------------------
- // Initialize the changeLog if it's enabled
- // --------------------------------------------------------------------
-
- if ( changeLog.isEnabled() )
- {
- changeLog.init( this );
-
- if ( changeLog.isExposed() && changeLog.isTagSearchSupported() )
- {
- String clSuffix = ( ( TaggableSearchableChangeLogStore ) changeLog.getChangeLogStore() ).getPartition()
- .getSuffixDn().getName();
- partitionNexus.getRootDse( null ).add( SchemaConstants.CHANGELOG_CONTEXT_AT, clSuffix );
- }
- }
-
- // --------------------------------------------------------------------
- // Initialize the journal if it's enabled
- // --------------------------------------------------------------------
- if ( journal.isEnabled() )
- {
- journal.init( this );
- }
-
- if ( LOG.isDebugEnabled() )
- {
- LOG.debug( "<--- DefaultDirectoryService initialized" );
- }
- }
-
-
- /**
- * Read an entry (without Dn)
- *
- * @param text The ldif format file
- * @return An entry.
- */
- // This will suppress PMD.EmptyCatchBlock warnings in this method
- @SuppressWarnings("PMD.EmptyCatchBlock")
- private Entry readEntry( String text )
- {
- StringReader strIn = new StringReader( text );
- BufferedReader in = new BufferedReader( strIn );
-
- String line = null;
- Entry entry = new DefaultEntry();
-
- try
- {
- while ( ( line = in.readLine() ) != null )
- {
- if ( line.length() == 0 )
- {
- continue;
- }
-
- String addedLine = line.trim();
-
- if ( Strings.isEmpty( addedLine ) )
- {
- continue;
- }
-
- Attribute attribute = LdifReader.parseAttributeValue( addedLine );
- Attribute oldAttribute = entry.get( attribute.getId() );
-
- if ( oldAttribute != null )
- {
- try
- {
- oldAttribute.add( attribute.get() );
- entry.put( oldAttribute );
- }
- catch ( LdapException ne )
- {
- // Do nothing
- }
- }
- else
- {
- try
- {
- entry.put( attribute );
- }
- catch ( LdapException ne )
- {
- // TODO do nothing ...
- }
- }
- }
- }
- catch ( IOException ioe )
- {
- // Do nothing : we can't reach this point !
- }
-
- return entry;
- }
-
-
- /**
- * Create a new Entry
- *
- * @param ldif The String representing the attributes, as a LDIF file
- * @param dn The Dn for this new entry
- */
- public Entry newEntry( String ldif, String dn )
- {
- try
- {
- Entry entry = readEntry( ldif );
- Dn newDn = getDnFactory().create( dn );
-
- entry.setDn( newDn );
-
- // TODO Let's get rid of this Attributes crap
- Entry serverEntry = new DefaultEntry( schemaManager, entry );
- return serverEntry;
- }
- catch ( Exception e )
- {
- LOG.error( I18n.err( I18n.ERR_78, ldif, dn ) );
- // do nothing
- return null;
- }
- }
-
-
- public EventService getEventService()
- {
- return eventService;
- }
-
-
- public void setEventService( EventService eventService )
- {
- this.eventService = eventService;
- }
-
-
- /**
- * {@inheritDoc}
- */
- public boolean isPasswordHidden()
- {
- return passwordHidden;
- }
-
-
- /**
- * {@inheritDoc}
- */
- public void setPasswordHidden( boolean passwordHidden )
- {
- this.passwordHidden = passwordHidden;
- }
-
-
- /**
- * @return The maximum allowed size for an incoming PDU
- */
- public int getMaxPDUSize()
- {
- return maxPDUSize;
- }
-
-
- /**
- * Set the maximum allowed size for an incoming PDU
- * @param maxPDUSize A positive number of bytes for the PDU. A negative or
- * null value will be transformed to {@link Integer#MAX_VALUE}
- */
- public void setMaxPDUSize( int maxPDUSize )
- {
- if ( maxPDUSize <= 0 )
- {
- maxPDUSize = Integer.MAX_VALUE;
- }
-
- this.maxPDUSize = maxPDUSize;
- }
-
-
- /**
- * {@inheritDoc}
- */
- public Interceptor getInterceptor( String interceptorName )
- {
- readLock.lock();
-
- try
- {
- return interceptorNames.get( interceptorName );
- }
- finally
- {
- readLock.unlock();
- }
- }
-
-
- /**
- * {@inheritDoc}
- * @throws LdapException
- */
- public void addFirst( Interceptor interceptor ) throws LdapException
- {
- addInterceptor( interceptor, 0 );
- }
-
-
- /**
- * {@inheritDoc}
- * @throws LdapException
- */
- public void addLast( Interceptor interceptor ) throws LdapException
- {
- addInterceptor( interceptor, -1 );
- }
-
-
- /**
- * {@inheritDoc}
- */
- public void addAfter( String interceptorName, Interceptor interceptor )
- {
- writeLock.lock();
-
- try
- {
- int position = 0;
-
- // Find the position
- for ( Interceptor inter : interceptors )
- {
- if ( interceptorName.equals( inter.getName() ) )
- {
- break;
- }
-
- position++;
- }
-
- if ( position == interceptors.size() )
- {
- interceptors.add( interceptor );
- }
- else
- {
- interceptors.add( position, interceptor );
- }
- }
- finally
- {
- writeLock.unlock();
- }
- }
-
-
- /**
- * {@inheritDoc}
- */
- public void remove( String interceptorName )
- {
- removeOperationsList( interceptorName );
- }
-
-
- /**
- * Get a new CSN
- * @return The CSN generated for this directory service
- */
- public Csn getCSN()
- {
- return csnFactory.newInstance();
- }
-
-
- /**
- * @return the replicaId
- */
- public int getReplicaId()
- {
- return replicaId;
- }
-
-
- /**
- * @param replicaId the replicaId to set
- */
- public void setReplicaId( int replicaId )
- {
- if ( ( replicaId < 0 ) || ( replicaId > 999 ) )
- {
- LOG.error( I18n.err( I18n.ERR_79 ) );
- this.replicaId = 0;
- }
- else
- {
- this.replicaId = replicaId;
- }
- }
-
-
- /**
- * {@inheritDoc}
- */
- public long getSyncPeriodMillis()
- {
- return syncPeriodMillis;
- }
-
-
- /**
- * {@inheritDoc}
- */
- public void setSyncPeriodMillis( long syncPeriodMillis )
- {
- this.syncPeriodMillis = syncPeriodMillis;
- }
-
-
- /**
- * {@inheritDoc}
- */
- public String getContextCsn()
- {
- return contextCsn;
- }
-
-
- /**
- * {@inheritDoc}
- */
- public void setContextCsn( String lastKnownCsn )
- {
- this.contextCsn = lastKnownCsn;
- }
-
-
- /**
- * checks if the working directory is already in use by some other directory service, if yes
- * then throws a runtime exception else will obtain the lock on the working directory
- */
- private void lockWorkDir()
- {
- FileLock fileLock = null;
-
- try
- {
- lockFile = new RandomAccessFile( new File( instanceLayout.getInstanceDirectory(), LOCK_FILE_NAME ), "rw" );
- try
- {
- fileLock = lockFile.getChannel().tryLock( 0, 1, false );
- }
- catch ( IOException e )
- {
- // shoudn't happen, but log
- LOG.error( "failed to lock the work directory", e );
- }
- catch ( OverlappingFileLockException e ) // thrown if we can't get a lock
- {
- fileLock = null;
- }
- }
- catch ( FileNotFoundException e )
- {
- // shouldn't happen, but log anyway
- LOG.error( "failed to lock the work directory", e );
- }
-
- if ( ( fileLock == null ) || ( !fileLock.isValid() ) )
- {
- String message = "the working directory " + instanceLayout.getRunDirectory()
- + " has been locked by another directory service.";
- LOG.error( message );
- throw new RuntimeException( message );
- }
-
- }
-
-
- /**
- * {@inheritDoc}
- */
- public CacheService getCacheService()
- {
- return cacheService;
- }
-
-
- /**
- * {@inheritDoc}
- */
- public DnNode<AccessControlAdministrativePoint> getAccessControlAPCache()
- {
- return accessControlAPCache;
- }
-
-
- /**
- * {@inheritDoc}
- */
- public DnNode<CollectiveAttributeAdministrativePoint> getCollectiveAttributeAPCache()
- {
- return collectiveAttributeAPCache;
- }
-
-
- /**
- * {@inheritDoc}
- */
- public DnNode<SubschemaAdministrativePoint> getSubschemaAPCache()
- {
- return subschemaAPCache;
- }
-
-
- /**
- * {@inheritDoc}
- */
- public DnNode<TriggerExecutionAdministrativePoint> getTriggerExecutionAPCache()
- {
- return triggerExecutionAPCache;
- }
-
-
- /**
- * {@inheritDoc}
- */
- public boolean isPwdPolicyEnabled()
- {
- AuthenticationInterceptor authenticationInterceptor = (AuthenticationInterceptor) getInterceptor( InterceptorEnum.AUTHENTICATION_INTERCEPTOR
- .getName() );
-
- if ( authenticationInterceptor == null )
- {
- return false;
- }
-
- PpolicyConfigContainer pwdPolicyContainer = authenticationInterceptor.getPwdPolicyContainer();
-
- return ( ( pwdPolicyContainer != null )
- && ( ( pwdPolicyContainer.getDefaultPolicy() != null )
- || ( pwdPolicyContainer.hasCustomConfigs() ) ) );
- }
-
-
- /**
- * {@inheritDoc}
- */
- public DnFactory getDnFactory()
- {
- return dnFactory;
- }
-
-
- /**
- * {@inheritDoc}
- */
- public void setDnFactory( DnFactory dnFactory )
- {
- this.dnFactory = dnFactory;
- }
-
-
- /**
- * {@inheritDoc}
- */
- public SubentryCache getSubentryCache()
- {
- return subentryCache;
- }
-
-
- /**
- * {@inheritDoc}
- */
- public SubtreeEvaluator getEvaluator()
- {
- return evaluator;
- }
-
-
- /**
- * {@inheritDoc}
- */
- public void setCacheService( CacheService cacheService )
- {
- this.cacheService = cacheService;
- }
-
-}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/knox/blob/41952dd3/gateway-demo-ldap/src/main/java/org/apache/hadoop/gateway/security/ldap/BaseDirectoryServiceFactory.java
----------------------------------------------------------------------
diff --git a/gateway-demo-ldap/src/main/java/org/apache/hadoop/gateway/security/ldap/BaseDirectoryServiceFactory.java b/gateway-demo-ldap/src/main/java/org/apache/hadoop/gateway/security/ldap/BaseDirectoryServiceFactory.java
deleted file mode 100644
index 2d2bc1f..0000000
--- a/gateway-demo-ldap/src/main/java/org/apache/hadoop/gateway/security/ldap/BaseDirectoryServiceFactory.java
+++ /dev/null
@@ -1,290 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.hadoop.gateway.security.ldap;
-
-import org.apache.commons.io.FileUtils;
-import org.apache.directory.api.ldap.model.constants.SchemaConstants;
-import org.apache.directory.api.ldap.model.schema.LdapComparator;
-import org.apache.directory.api.ldap.model.schema.SchemaManager;
-import org.apache.directory.api.ldap.model.schema.comparators.NormalizingComparator;
-import org.apache.directory.api.ldap.model.schema.registries.ComparatorRegistry;
-import org.apache.directory.api.ldap.model.schema.registries.SchemaLoader;
-import org.apache.directory.api.ldap.schemaextractor.SchemaLdifExtractor;
-import org.apache.directory.api.ldap.schemaextractor.impl.DefaultSchemaLdifExtractor;
-import org.apache.directory.api.ldap.schemaloader.LdifSchemaLoader;
-import org.apache.directory.api.ldap.schemamanager.impl.DefaultSchemaManager;
-import org.apache.directory.api.util.exception.Exceptions;
-import org.apache.directory.server.constants.ServerDNConstants;
-import org.apache.directory.server.core.DefaultDirectoryService;
-import org.apache.directory.server.core.api.CacheService;
-import org.apache.directory.server.core.api.DirectoryService;
-import org.apache.directory.server.core.api.InstanceLayout;
-import org.apache.directory.server.core.api.partition.Partition;
-import org.apache.directory.server.core.api.schema.SchemaPartition;
-import org.apache.directory.server.core.factory.DefaultDirectoryServiceFactory;
-import org.apache.directory.server.core.factory.DirectoryServiceFactory;
-import org.apache.directory.server.core.factory.JdbmPartitionFactory;
-import org.apache.directory.server.core.factory.PartitionFactory;
-import org.apache.directory.server.core.partition.ldif.LdifPartition;
-import org.apache.directory.server.i18n.I18n;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-import java.io.File;
-import java.io.IOException;
-import java.util.List;
-
-
-/**
- * A Default factory for DirectoryService.
- * This is a copy of org.apache.directory.server.core.factory.DefaultDirectoryServiceFactory
- * created to control how the DirectoryService is created. This can be removed
- * when http://svn.apache.org/r1546144 in ApacheDS 2.0.0-M16 is available.
- *
- * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
- */
-public class BaseDirectoryServiceFactory implements DirectoryServiceFactory
-{
- /** A logger for this class */
- private static final Logger LOG = LoggerFactory.getLogger( DefaultDirectoryServiceFactory.class );
-
- /** The directory service. */
- private DirectoryService directoryService;
-
- /** The partition factory. */
- private PartitionFactory partitionFactory;
-
-
- public BaseDirectoryServiceFactory()
- {
- directoryService = createDirectoryService();
- partitionFactory = createPartitionFactory();
- }
-
- protected DirectoryService createDirectoryService() {
- DirectoryService result;
- try
- {
- // Creating the instance here so that
- // we we can set some properties like accesscontrol, anon access
- // before starting up the service
- result = new DefaultDirectoryService();
-
- // No need to register a shutdown hook during tests because this
- // starts a lot of threads and slows down test execution
- result.setShutdownHookEnabled( false );
- }
- catch ( Exception e )
- {
- throw new RuntimeException( e );
- }
- return result;
- }
-
- protected PartitionFactory createPartitionFactory() {
- PartitionFactory result;
- try
- {
- String typeName = System.getProperty( "apacheds.partition.factory" );
- if ( typeName != null )
- {
- Class<? extends PartitionFactory> type = ( Class<? extends PartitionFactory> ) Class.forName( typeName );
- result = type.newInstance();
- }
- else
- {
- result = new JdbmPartitionFactory();
- }
- }
- catch ( Exception e )
- {
- LOG.error( "Error instantiating custom partition factory", e );
- throw new RuntimeException( e );
- }
- return result;
- }
-
- /**
- * {@inheritDoc}
- */
- public void init( String name ) throws Exception
- {
- if ( ( directoryService != null ) && directoryService.isStarted() )
- {
- return;
- }
-
- build( name );
- }
-
-
- /**
- * Build the working directory
- */
- private void buildInstanceDirectory( String name ) throws IOException
- {
- String instanceDirectory = System.getProperty( "workingDirectory" );
-
- if ( instanceDirectory == null )
- {
- instanceDirectory = System.getProperty( "java.io.tmpdir" ) + "/server-work-" + name;
- }
-
- InstanceLayout instanceLayout = new InstanceLayout( instanceDirectory );
-
- if ( instanceLayout.getInstanceDirectory().exists() )
- {
- try
- {
- FileUtils.deleteDirectory( instanceLayout.getInstanceDirectory() );
- }
- catch ( IOException e )
- {
- LOG.warn( "couldn't delete the instance directory before initializing the DirectoryService", e );
- }
- }
-
- directoryService.setInstanceLayout( instanceLayout );
- }
-
-
- /**
- * Inits the schema and schema partition.
- */
- private void initSchema() throws Exception
- {
- File workingDirectory = directoryService.getInstanceLayout().getPartitionsDirectory();
-
- // Extract the schema on disk (a brand new one) and load the registries
- File schemaRepository = new File( workingDirectory, "schema" );
- SchemaLdifExtractor extractor = new DefaultSchemaLdifExtractor( workingDirectory );
-
- try
- {
- extractor.extractOrCopy();
- }
- catch ( IOException ioe )
- {
- // The schema has already been extracted, bypass
- }
-
- SchemaLoader loader = new LdifSchemaLoader( schemaRepository );
- SchemaManager schemaManager = new DefaultSchemaManager( loader );
-
- // We have to load the schema now, otherwise we won't be able
- // to initialize the Partitions, as we won't be able to parse
- // and normalize their suffix Dn
- schemaManager.loadAllEnabled();
-
- // Tell all the normalizer comparators that they should not normalize anything
- ComparatorRegistry comparatorRegistry = schemaManager.getComparatorRegistry();
-
- for ( LdapComparator<?> comparator : comparatorRegistry )
- {
- if ( comparator instanceof NormalizingComparator )
- {
- ( ( NormalizingComparator ) comparator ).setOnServer();
- }
- }
-
- directoryService.setSchemaManager( schemaManager );
-
- // Init the LdifPartition
- LdifPartition ldifPartition = new LdifPartition( schemaManager, directoryService.getDnFactory() );
- ldifPartition.setPartitionPath( new File( workingDirectory, "schema" ).toURI() );
- SchemaPartition schemaPartition = new SchemaPartition( schemaManager );
- schemaPartition.setWrappedPartition( ldifPartition );
- directoryService.setSchemaPartition( schemaPartition );
-
- List<Throwable> errors = schemaManager.getErrors();
-
- if ( errors.size() != 0 )
- {
- throw new Exception( I18n.err( I18n.ERR_317, Exceptions.printErrors( errors ) ) );
- }
- }
-
-
- /**
- * Inits the system partition.
- *
- * @throws Exception the exception
- */
- private void initSystemPartition() throws Exception
- {
- // change the working directory to something that is unique
- // on the system and somewhere either under target directory
- // or somewhere in a temp area of the machine.
-
- // Inject the System Partition
- Partition systemPartition = partitionFactory.createPartition(
- directoryService.getSchemaManager(),
- directoryService.getDnFactory(),
- "system",
- ServerDNConstants.SYSTEM_DN,
- 500,
- new File( directoryService.getInstanceLayout().getPartitionsDirectory(), "system" ) );
- systemPartition.setSchemaManager( directoryService.getSchemaManager() );
-
- partitionFactory.addIndex( systemPartition, SchemaConstants.OBJECT_CLASS_AT, 100 );
-
- directoryService.setSystemPartition( systemPartition );
- }
-
-
- /**
- * Builds the directory server instance.
- *
- * @param name the instance name
- */
- private void build( String name ) throws Exception
- {
- directoryService.setInstanceId( name );
- buildInstanceDirectory( name );
-
- CacheService cacheService = new CacheService();
- cacheService.initialize( directoryService.getInstanceLayout() );
-
- directoryService.setCacheService( cacheService );
-
- // Init the service now
- initSchema();
- initSystemPartition();
-
- directoryService.startup();
- }
-
-
- /**
- * {@inheritDoc}
- */
- public DirectoryService getDirectoryService() throws Exception
- {
- return directoryService;
- }
-
-
- /**
- * {@inheritDoc}
- */
- public PartitionFactory getPartitionFactory() throws Exception
- {
- return partitionFactory;
- }
-}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/knox/blob/41952dd3/gateway-demo-ldap/src/main/java/org/apache/hadoop/gateway/security/ldap/SimpleDirectoryService.java
----------------------------------------------------------------------
diff --git a/gateway-demo-ldap/src/main/java/org/apache/hadoop/gateway/security/ldap/SimpleDirectoryService.java b/gateway-demo-ldap/src/main/java/org/apache/hadoop/gateway/security/ldap/SimpleDirectoryService.java
index 68fa1da..26c4937 100644
--- a/gateway-demo-ldap/src/main/java/org/apache/hadoop/gateway/security/ldap/SimpleDirectoryService.java
+++ b/gateway-demo-ldap/src/main/java/org/apache/hadoop/gateway/security/ldap/SimpleDirectoryService.java
@@ -17,11 +17,15 @@
*/
package org.apache.hadoop.gateway.security.ldap;
-public class SimpleDirectoryService extends BaseDirectoryService {
+import org.apache.directory.server.core.DefaultDirectoryService;
+
+public class SimpleDirectoryService extends DefaultDirectoryService {
public SimpleDirectoryService() throws Exception {
+ super();
}
+ @Override
protected void showSecurityWarnings() throws Exception {
// NoOp - This prevents confusing warnings from being output.
}
http://git-wip-us.apache.org/repos/asf/knox/blob/41952dd3/gateway-demo-ldap/src/main/java/org/apache/hadoop/gateway/security/ldap/SimpleDirectoryServiceFactory.java
----------------------------------------------------------------------
diff --git a/gateway-demo-ldap/src/main/java/org/apache/hadoop/gateway/security/ldap/SimpleDirectoryServiceFactory.java b/gateway-demo-ldap/src/main/java/org/apache/hadoop/gateway/security/ldap/SimpleDirectoryServiceFactory.java
deleted file mode 100644
index 72a05ff..0000000
--- a/gateway-demo-ldap/src/main/java/org/apache/hadoop/gateway/security/ldap/SimpleDirectoryServiceFactory.java
+++ /dev/null
@@ -1,34 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.hadoop.gateway.security.ldap;
-
-import org.apache.directory.server.core.api.DirectoryService;
-
-public class SimpleDirectoryServiceFactory extends BaseDirectoryServiceFactory {
-
- protected DirectoryService createDirectoryService() {
- DirectoryService result;
- try {
- result = new SimpleDirectoryService();
- } catch( Exception e ) {
- throw new RuntimeException( e );
- }
- return result;
- }
-
-}