You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by el...@apache.org on 2012/01/24 17:42:46 UTC
svn commit: r1235347 [2/5] - in /directory/apacheds/trunk/core-integ/src:
main/java/org/apache/directory/server/core/integ/
test/java/org/apache/directory/server/core/admin/
test/java/org/apache/directory/server/core/authn/
test/java/org/apache/directo...
Modified: directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authz/MoveRenameAuthorizationIT.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authz/MoveRenameAuthorizationIT.java?rev=1235347&r1=1235346&r2=1235347&view=diff
==============================================================================
--- directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authz/MoveRenameAuthorizationIT.java (original)
+++ directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authz/MoveRenameAuthorizationIT.java Tue Jan 24 16:42:44 2012
@@ -79,7 +79,7 @@ public class MoveRenameAuthorizationIT e
Dn entryDn = new Dn( entryRdn + ",ou=system" );
boolean result;
- Entry testEntry = new DefaultEntry(entryDn);
+ Entry testEntry = new DefaultEntry( entryDn );
testEntry.add( SchemaConstants.OBJECT_CLASS_AT, "organizationalUnit" );
testEntry.add( SchemaConstants.OU_AT, "testou" );
@@ -147,7 +147,7 @@ public class MoveRenameAuthorizationIT e
boolean isMoved = false;
String movedName = entryRdn + "," + newParentRdn + ",ou=system";
-
+
try
{
userConnection.move( entryDn.getName(), newParentRdn + ",ou=system" );
@@ -160,18 +160,18 @@ public class MoveRenameAuthorizationIT e
assertFalse( adminConnection.exists( movedName ) );
assertTrue( adminConnection.exists( entryDn ) );
adminConnection.delete( entryDn );
-
+
return false;
}
String renamedName = newNameRdn + ", " + newParentRdn + ",ou=system";
-
+
try
{
userConnection.rename( movedName, newNameRdn );
assertTrue( adminConnection.exists( renamedName ) );
assertFalse( adminConnection.exists( movedName ) );
-
+
adminConnection.delete( renamedName );
result = true;
}
@@ -215,26 +215,26 @@ public class MoveRenameAuthorizationIT e
assertFalse( checkCanRenameAs( "billyd", "billyd", "ou=testou", "ou=newname" ) );
// Gives grantRename perm to all users in the Administrators group for entries
- createAccessControlSubentry( "grantRenameByAdmin",
- "{ " +
- " identificationTag \"addAci\", " +
- " precedence 14, " +
- " authenticationLevel none, " +
- " itemOrUserFirst userFirst: " +
- " { " +
- " userClasses " +
- " { " +
- " userGroup { \"cn=Administrators,ou=groups,ou=system\" } " +
- " }, " +
- " userPermissions " +
- " { " +
- " { " +
- " protectedItems {entry}, " +
- " grantsAndDenials { grantRename, grantBrowse } " +
- " } " +
- " } " +
- " } " +
- "}" );
+ createAccessControlSubentry( "grantRenameByAdmin",
+ "{ " +
+ " identificationTag \"addAci\", " +
+ " precedence 14, " +
+ " authenticationLevel none, " +
+ " itemOrUserFirst userFirst: " +
+ " { " +
+ " userClasses " +
+ " { " +
+ " userGroup { \"cn=Administrators,ou=groups,ou=system\" } " +
+ " }, " +
+ " userPermissions " +
+ " { " +
+ " { " +
+ " protectedItems {entry}, " +
+ " grantsAndDenials { grantRename, grantBrowse } " +
+ " } " +
+ " } " +
+ " } " +
+ "}" );
// see if we can now rename that test entry which we could not before
// rename op should still fail since billyd is not in the admin group
@@ -263,26 +263,26 @@ public class MoveRenameAuthorizationIT e
// Gives grantRename, grantImport, grantExport perm to all users in the Administrators
// group for entries - browse is needed just to read navigate the tree at root
- createAccessControlSubentry( "grantRenameMoveByAdmin",
- "{ " +
- " identificationTag \"addAci\", " +
- " precedence 14, " +
- " authenticationLevel none, " +
- " itemOrUserFirst userFirst: " +
- " { " +
- " userClasses " +
- " { " +
- " userGroup { \"cn=Administrators,ou=groups,ou=system\" } " +
- " }, " +
- " userPermissions " +
- " { " +
- " { " +
- " protectedItems {entry}, " +
- " grantsAndDenials { grantExport, grantImport, grantRename, grantBrowse } " +
- " } " +
- " } " +
- " } " +
- "}" );
+ createAccessControlSubentry( "grantRenameMoveByAdmin",
+ "{ " +
+ " identificationTag \"addAci\", " +
+ " precedence 14, " +
+ " authenticationLevel none, " +
+ " itemOrUserFirst userFirst: " +
+ " { " +
+ " userClasses " +
+ " { " +
+ " userGroup { \"cn=Administrators,ou=groups,ou=system\" } " +
+ " }, " +
+ " userPermissions " +
+ " { " +
+ " { " +
+ " protectedItems {entry}, " +
+ " grantsAndDenials { grantExport, grantImport, grantRename, grantBrowse } " +
+ " } " +
+ " } " +
+ " } " +
+ "}" );
// see if we can move and rename the test entry which we could not before
// op should still fail since billyd is not in the admin group
@@ -310,26 +310,26 @@ public class MoveRenameAuthorizationIT e
assertFalse( checkCanMoveAndRenameAs( "billyd", "billyd", "ou=testou1", "ou=testou2", "ou=groups" ) );
// Gives grantImport, and grantExport perm to all users in the Administrators group for entries
- createAccessControlSubentry( "grantMoveByAdmin",
- "{ " +
- " identificationTag \"addAci\", "
- + " precedence 14, " +
- " authenticationLevel none, " +
- " itemOrUserFirst userFirst: " +
- " { " +
- " userClasses " +
- " { " +
- " userGroup { \"cn=Administrators,ou=groups,ou=system\" } " +
- " }, " +
- " userPermissions " +
- " { " +
- " { " +
- " protectedItems {entry}, " +
- " grantsAndDenials { grantExport, grantImport, grantBrowse } " +
- " } " +
- " } " +
- " } " +
- "}" );
+ createAccessControlSubentry( "grantMoveByAdmin",
+ "{ " +
+ " identificationTag \"addAci\", "
+ + " precedence 14, " +
+ " authenticationLevel none, " +
+ " itemOrUserFirst userFirst: " +
+ " { " +
+ " userClasses " +
+ " { " +
+ " userGroup { \"cn=Administrators,ou=groups,ou=system\" } " +
+ " }, " +
+ " userPermissions " +
+ " { " +
+ " { " +
+ " protectedItems {entry}, " +
+ " grantsAndDenials { grantExport, grantImport, grantBrowse } " +
+ " } " +
+ " } " +
+ " } " +
+ "}" );
// see if we can now move that test entry which we could not before
// op should still fail since billyd is not in the admin group
@@ -368,23 +368,23 @@ public class MoveRenameAuthorizationIT e
assertFalse( checkCanRenameAs( "billyd", "billyd", "ou=testou", "ou=newname" ) );
// Gives grantRename perm specifically to the billyd user
- createAccessControlSubentry( "grantRenameByName",
- "{ " +
- " identificationTag \"addAci\", " +
- " precedence 14, " +
- " authenticationLevel none, " +
- " itemOrUserFirst userFirst: " +
- " { " +
- " userClasses { name { \"uid=billyd,ou=users,ou=system\" } }, " +
- " userPermissions " +
- " { " +
- " { " +
- " protectedItems {entry}, " +
- " grantsAndDenials { grantRename, grantBrowse } " +
- " } " +
- " } " +
- " } " +
- "}" );
+ createAccessControlSubentry( "grantRenameByName",
+ "{ " +
+ " identificationTag \"addAci\", " +
+ " precedence 14, " +
+ " authenticationLevel none, " +
+ " itemOrUserFirst userFirst: " +
+ " { " +
+ " userClasses { name { \"uid=billyd,ou=users,ou=system\" } }, " +
+ " userPermissions " +
+ " { " +
+ " { " +
+ " protectedItems {entry}, " +
+ " grantsAndDenials { grantRename, grantBrowse } " +
+ " } " +
+ " } " +
+ " } " +
+ "}" );
// try a rename operation which should succeed with ACI
assertTrue( checkCanRenameAs( "billyd", "billyd", "ou=testou", "ou=newname" ) );
@@ -404,23 +404,23 @@ public class MoveRenameAuthorizationIT e
assertFalse( checkCanMoveAndRenameAs( "billyd", "billyd", "ou=testou,ou=users", "ou=newname", "ou=groups" ) );
// Gives grantRename, grantImport, grantExport perm to billyd user on entries
- createAccessControlSubentry( "grantRenameMoveByName",
- "{ " +
- " identificationTag \"addAci\", " +
- " precedence 14, " +
- " authenticationLevel none, " +
- " itemOrUserFirst userFirst: " +
- " { " +
- " userClasses { name { \"uid=billyd,ou=users,ou=system\" } }, " +
- " userPermissions " +
- " { " +
- " { " +
- " protectedItems {entry}, " +
- " grantsAndDenials { grantExport, grantImport, grantRename, grantBrowse } " +
- " } " +
- " } " +
- " } " +
- "}" );
+ createAccessControlSubentry( "grantRenameMoveByName",
+ "{ " +
+ " identificationTag \"addAci\", " +
+ " precedence 14, " +
+ " authenticationLevel none, " +
+ " itemOrUserFirst userFirst: " +
+ " { " +
+ " userClasses { name { \"uid=billyd,ou=users,ou=system\" } }, " +
+ " userPermissions " +
+ " { " +
+ " { " +
+ " protectedItems {entry}, " +
+ " grantsAndDenials { grantExport, grantImport, grantRename, grantBrowse } " +
+ " } " +
+ " } " +
+ " } " +
+ "}" );
// try move w/ rdn change which should succeed with ACI
assertTrue( checkCanMoveAndRenameAs( "billyd", "billyd", "ou=testou", "ou=newname", "ou=groups" ) );
@@ -440,23 +440,23 @@ public class MoveRenameAuthorizationIT e
assertFalse( checkCanMoveAndRenameAs( "billyd", "billyd", "ou=testou", "ou=testou", "ou=groups" ) );
// Gives grantImport, and grantExport perm to billyd user for entries
- createAccessControlSubentry( "grantMoveByName",
- "{ " +
- " identificationTag \"addAci\", " +
- " precedence 14, " +
- " authenticationLevel none, " +
- " itemOrUserFirst userFirst: " +
- " { " +
- " userClasses { name { \"uid=billyd,ou=users,ou=system\" } }, " +
- " userPermissions " +
- " { " +
- " { " +
- " protectedItems {entry}, " +
- " grantsAndDenials { grantExport, grantImport, grantRename, grantBrowse } " +
- " } " +
- " } " +
- " } " +
- "}" );
+ createAccessControlSubentry( "grantMoveByName",
+ "{ " +
+ " identificationTag \"addAci\", " +
+ " precedence 14, " +
+ " authenticationLevel none, " +
+ " itemOrUserFirst userFirst: " +
+ " { " +
+ " userClasses { name { \"uid=billyd,ou=users,ou=system\" } }, " +
+ " userPermissions " +
+ " { " +
+ " { " +
+ " protectedItems {entry}, " +
+ " grantsAndDenials { grantExport, grantImport, grantRename, grantBrowse } " +
+ " } " +
+ " } " +
+ " } " +
+ "}" );
// try move operation which should succeed with ACI
assertTrue( checkCanMoveAndRenameAs( "billyd", "billyd", "ou=testou1", "ou=testou2", "ou=groups" ) );
@@ -487,26 +487,26 @@ public class MoveRenameAuthorizationIT e
assertFalse( checkCanRenameAs( "billyd", "billyd", "ou=testou", "ou=newname" ) );
// Gives grantRename perm for entries to those users selected by the subtree
- createAccessControlSubentry( "grantRenameByTree",
- "{ " +
- " identificationTag \"addAci\", " +
- " precedence 14, " +
- " authenticationLevel none, " +
- " itemOrUserFirst userFirst: " +
- " { " +
- " userClasses " +
- " { " +
- " subtree { { base \"ou=users,ou=system\" } } " +
- " }, " +
- " userPermissions " +
- " { " +
- " { " +
- " protectedItems {entry}, " +
- " grantsAndDenials { grantRename, grantBrowse } " +
- " } " +
- " } " +
- " } " +
- "}" );
+ createAccessControlSubentry( "grantRenameByTree",
+ "{ " +
+ " identificationTag \"addAci\", " +
+ " precedence 14, " +
+ " authenticationLevel none, " +
+ " itemOrUserFirst userFirst: " +
+ " { " +
+ " userClasses " +
+ " { " +
+ " subtree { { base \"ou=users,ou=system\" } } " +
+ " }, " +
+ " userPermissions " +
+ " { " +
+ " { " +
+ " protectedItems {entry}, " +
+ " grantsAndDenials { grantRename, grantBrowse } " +
+ " } " +
+ " } " +
+ " } " +
+ "}" );
// try a rename operation which should succeed with ACI
assertTrue( checkCanRenameAs( "billyd", "billyd", "ou=testou", "ou=newname" ) );
@@ -526,25 +526,25 @@ public class MoveRenameAuthorizationIT e
assertFalse( checkCanMoveAndRenameAs( "billyd", "billyd", "ou=testou", "ou=newname", "ou=groups" ) );
// Gives grantRename, grantImport, grantExport for entries to users selected by subtree
- createAccessControlSubentry( "grantRenameMoveByTree",
- "{ " +
- " identificationTag \"addAci\", " +
- " precedence 14, " +
- " authenticationLevel none, " +
- " itemOrUserFirst userFirst: { " +
- " userClasses " +
- " { " +
- " subtree { { base \"ou=users,ou=system\" } } " +
- " }, " +
- " userPermissions " +
- " { " +
- " { " +
- " protectedItems {entry}, " +
- " grantsAndDenials { grantExport, grantImport, grantRename, grantBrowse } " +
- " } " +
- " } " +
- " } " +
- "}" );
+ createAccessControlSubentry( "grantRenameMoveByTree",
+ "{ " +
+ " identificationTag \"addAci\", " +
+ " precedence 14, " +
+ " authenticationLevel none, " +
+ " itemOrUserFirst userFirst: { " +
+ " userClasses " +
+ " { " +
+ " subtree { { base \"ou=users,ou=system\" } } " +
+ " }, " +
+ " userPermissions " +
+ " { " +
+ " { " +
+ " protectedItems {entry}, " +
+ " grantsAndDenials { grantExport, grantImport, grantRename, grantBrowse } " +
+ " } " +
+ " } " +
+ " } " +
+ "}" );
// try move w/ rdn change which should succeed with ACI
assertTrue( checkCanMoveAndRenameAs( "billyd", "billyd", "ou=testou", "ou=newname", "ou=groups" ) );
@@ -564,26 +564,26 @@ public class MoveRenameAuthorizationIT e
assertFalse( checkCanMoveAndRenameAs( "billyd", "billyd", "ou=testou1", "ou=testou2", "ou=groups" ) );
// Gives grantImport, and grantExport perm for entries to subtree selected users
- createAccessControlSubentry( "grantMoveByTree",
- "{ " +
- " identificationTag \"addAci\", " +
- " precedence 14, " +
- " authenticationLevel none, " +
- " itemOrUserFirst userFirst: " +
- " { " +
- " userClasses " +
- " { " +
- " subtree { { base \"ou=users,ou=system\" } } " +
- " }, " +
- " userPermissions " +
- " { " +
- " { " +
- " protectedItems {entry}, " +
- " grantsAndDenials { grantExport, grantImport, grantRename, grantBrowse } " +
- " } " +
- " } " +
- " } " +
- "}" );
+ createAccessControlSubentry( "grantMoveByTree",
+ "{ " +
+ " identificationTag \"addAci\", " +
+ " precedence 14, " +
+ " authenticationLevel none, " +
+ " itemOrUserFirst userFirst: " +
+ " { " +
+ " userClasses " +
+ " { " +
+ " subtree { { base \"ou=users,ou=system\" } } " +
+ " }, " +
+ " userPermissions " +
+ " { " +
+ " { " +
+ " protectedItems {entry}, " +
+ " grantsAndDenials { grantExport, grantImport, grantRename, grantBrowse } " +
+ " } " +
+ " } " +
+ " } " +
+ "}" );
// try move operation which should succeed with ACI
assertTrue( checkCanMoveAndRenameAs( "billyd", "billyd", "ou=testou1", "ou=testou2", "ou=groups" ) );
@@ -614,23 +614,23 @@ public class MoveRenameAuthorizationIT e
assertFalse( checkCanRenameAs( "billyd", "billyd", "ou=testou", "ou=newname" ) );
// Gives grantRename perm for entries to any user
- createAccessControlSubentry( "grantRenameByAny",
- "{ " +
- " identificationTag \"addAci\", " +
- " precedence 14, " +
- " authenticationLevel none, " +
- " itemOrUserFirst userFirst: " +
- " { " +
- " userClasses { allUsers }, " +
- " userPermissions " +
- " { " +
- " { " +
- " protectedItems {entry}, " +
- " grantsAndDenials { grantRename, grantBrowse } " +
- " } " +
- " } " +
- " } " +
- "}" );
+ createAccessControlSubentry( "grantRenameByAny",
+ "{ " +
+ " identificationTag \"addAci\", " +
+ " precedence 14, " +
+ " authenticationLevel none, " +
+ " itemOrUserFirst userFirst: " +
+ " { " +
+ " userClasses { allUsers }, " +
+ " userPermissions " +
+ " { " +
+ " { " +
+ " protectedItems {entry}, " +
+ " grantsAndDenials { grantRename, grantBrowse } " +
+ " } " +
+ " } " +
+ " } " +
+ "}" );
// try a rename operation which should succeed with ACI
assertTrue( checkCanRenameAs( "billyd", "billyd", "ou=testou", "ou=newname" ) );
@@ -650,23 +650,23 @@ public class MoveRenameAuthorizationIT e
assertFalse( checkCanMoveAndRenameAs( "billyd", "billyd", "ou=testou", "ou=newname", "ou=groups" ) );
// Gives grantRename, grantImport, grantExport for entries to any user
- createAccessControlSubentry( "grantRenameMoveByAny",
- "{ " +
- " identificationTag \"addAci\", " +
- " precedence 14, " +
- " authenticationLevel none, " +
- " itemOrUserFirst userFirst: " +
- " { " +
- " userClasses { allUsers }, " +
- " userPermissions " +
- " { " +
- " { " +
- " protectedItems {entry}, " +
- " grantsAndDenials { grantExport, grantImport, grantRename, grantBrowse } " +
- " } " +
- " } " +
- " } " +
- "}" );
+ createAccessControlSubentry( "grantRenameMoveByAny",
+ "{ " +
+ " identificationTag \"addAci\", " +
+ " precedence 14, " +
+ " authenticationLevel none, " +
+ " itemOrUserFirst userFirst: " +
+ " { " +
+ " userClasses { allUsers }, " +
+ " userPermissions " +
+ " { " +
+ " { " +
+ " protectedItems {entry}, " +
+ " grantsAndDenials { grantExport, grantImport, grantRename, grantBrowse } " +
+ " } " +
+ " } " +
+ " } " +
+ "}" );
// try move w/ rdn change which should succeed with ACI
assertTrue( checkCanMoveAndRenameAs( "billyd", "billyd", "ou=testou", "ou=newname", "ou=groups" ) );
@@ -686,23 +686,23 @@ public class MoveRenameAuthorizationIT e
assertFalse( checkCanMoveAndRenameAs( "billyd", "billyd", "ou=testou1", "ou=testou2", "ou=groups" ) );
// Gives grantImport, and grantExport perm for entries to any user
- createAccessControlSubentry( "grantMoveByAny",
- "{ " +
- " identificationTag \"addAci\", " +
- " precedence 14, " +
- " authenticationLevel none, " +
- " itemOrUserFirst userFirst: " +
- " { " +
- " userClasses { allUsers }, " +
- " userPermissions " +
- " { " +
- " { " +
- " protectedItems {entry}, " +
- " grantsAndDenials { grantExport, grantImport, grantRename, grantBrowse } " +
- " } " +
- " } " +
- " } " +
- "}" );
+ createAccessControlSubentry( "grantMoveByAny",
+ "{ " +
+ " identificationTag \"addAci\", " +
+ " precedence 14, " +
+ " authenticationLevel none, " +
+ " itemOrUserFirst userFirst: " +
+ " { " +
+ " userClasses { allUsers }, " +
+ " userPermissions " +
+ " { " +
+ " { " +
+ " protectedItems {entry}, " +
+ " grantsAndDenials { grantExport, grantImport, grantRename, grantBrowse } " +
+ " } " +
+ " } " +
+ " } " +
+ "}" );
// try move operation which should succeed with ACI
assertTrue( checkCanMoveAndRenameAs( "billyd", "billyd", "ou=testou1", "ou=testou2", "ou=groups" ) );
@@ -735,62 +735,62 @@ public class MoveRenameAuthorizationIT e
// Gives grantBrowse perm to all users in the Administrators
// group for entries
// It's is needed just to read navigate the tree at root
- createAccessControlSubentry( "grantBrowseForTheWholeNamingContext", "{ }",
+ createAccessControlSubentry( "grantBrowseForTheWholeNamingContext", "{ }",
"{ " +
- " identificationTag \"browseACI\", " +
- " precedence 14, " +
- " authenticationLevel none, " +
- " itemOrUserFirst userFirst: " +
- " { " +
- " userClasses { userGroup { \"cn=Administrators,ou=groups,ou=system\" } }, " +
- " userPermissions " +
- " { " +
- " { " +
- " protectedItems { entry }, " +
- " grantsAndDenials { grantBrowse } " +
- " } " +
- " } " +
- " } " +
- "}" );
+ " identificationTag \"browseACI\", " +
+ " precedence 14, " +
+ " authenticationLevel none, " +
+ " itemOrUserFirst userFirst: " +
+ " { " +
+ " userClasses { userGroup { \"cn=Administrators,ou=groups,ou=system\" } }, " +
+ " userPermissions " +
+ " { " +
+ " { " +
+ " protectedItems { entry }, " +
+ " grantsAndDenials { grantBrowse } " +
+ " } " +
+ " } " +
+ " } " +
+ "}" );
// Gives grantExport, grantRename perm to all users in the Administrators
// group for entries
- createAccessControlSubentry( "grantExportFromASubtree", "{ base \"ou=users\" }",
+ createAccessControlSubentry( "grantExportFromASubtree", "{ base \"ou=users\" }",
"{ " +
- " identificationTag \"exportACI\", " +
- " precedence 14, " +
- " authenticationLevel none, " +
- " itemOrUserFirst userFirst: " +
- " { " +
- " userClasses { userGroup { \"cn=Administrators,ou=groups,ou=system\" } }, " +
- " userPermissions " +
- " { " +
- " { " +
- " protectedItems { entry }, " +
- " grantsAndDenials { grantExport, grantRename } " +
- " } " +
- " } " +
- " } " +
- "}" );
+ " identificationTag \"exportACI\", " +
+ " precedence 14, " +
+ " authenticationLevel none, " +
+ " itemOrUserFirst userFirst: " +
+ " { " +
+ " userClasses { userGroup { \"cn=Administrators,ou=groups,ou=system\" } }, " +
+ " userPermissions " +
+ " { " +
+ " { " +
+ " protectedItems { entry }, " +
+ " grantsAndDenials { grantExport, grantRename } " +
+ " } " +
+ " } " +
+ " } " +
+ "}" );
// Gives grantImport perm to all users in the Administrators
// group for the target context
- createAccessControlSubentry( "grantImportToASubtree", "{ base \"ou=groups\" }",
+ createAccessControlSubentry( "grantImportToASubtree", "{ base \"ou=groups\" }",
"{ " +
- " identificationTag \"importACI\", " +
- " precedence 14, " +
- " authenticationLevel none, " +
- " itemOrUserFirst userFirst: " +
- " { " +
- " userClasses { userGroup { \"cn=Administrators,ou=groups,ou=system\" } }, " +
- " userPermissions " +
- " { " +
- " { " +
- " protectedItems { entry }, " +
- " grantsAndDenials { grantImport } " + " } " +
- " } " +
- " } " +
- "}" );
+ " identificationTag \"importACI\", " +
+ " precedence 14, " +
+ " authenticationLevel none, " +
+ " itemOrUserFirst userFirst: " +
+ " { " +
+ " userClasses { userGroup { \"cn=Administrators,ou=groups,ou=system\" } }, " +
+ " userPermissions " +
+ " { " +
+ " { " +
+ " protectedItems { entry }, " +
+ " grantsAndDenials { grantImport } " + " } " +
+ " } " +
+ " } " +
+ "}" );
// see if we can move and rename the test entry which we could not before
// op should still fail since billyd is not in the admin group
Modified: directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authz/SearchAuthorizationIT.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authz/SearchAuthorizationIT.java?rev=1235347&r1=1235346&r2=1235347&view=diff
==============================================================================
--- directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authz/SearchAuthorizationIT.java (original)
+++ directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authz/SearchAuthorizationIT.java Tue Jan 24 16:42:44 2012
@@ -377,26 +377,26 @@ public class SearchAuthorizationIT exten
// Gives search perms to all users in the Administrators group for
// entries and all attribute types and values
- createAccessControlSubentry( "searchAdmin",
- "{ " +
- " identificationTag \"searchAci\", " +
- " precedence 14, " +
- " authenticationLevel none, " +
- " itemOrUserFirst userFirst: " +
- " { " +
- " userClasses " +
- " { " +
- " userGroup { \"cn=Administrators,ou=groups,ou=system\" } " +
- " }, " +
- " userPermissions " +
- " { " +
- " { " +
- " protectedItems {entry, allUserAttributeTypesAndValues}, " +
- " grantsAndDenials { grantRead, grantReturnDN, grantBrowse } " +
- " } " +
- " } " +
- " } " +
- "}" );
+ createAccessControlSubentry( "searchAdmin",
+ "{ " +
+ " identificationTag \"searchAci\", " +
+ " precedence 14, " +
+ " authenticationLevel none, " +
+ " itemOrUserFirst userFirst: " +
+ " { " +
+ " userClasses " +
+ " { " +
+ " userGroup { \"cn=Administrators,ou=groups,ou=system\" } " +
+ " }, " +
+ " userPermissions " +
+ " { " +
+ " { " +
+ " protectedItems {entry, allUserAttributeTypesAndValues}, " +
+ " grantsAndDenials { grantRead, grantReturnDN, grantBrowse } " +
+ " } " +
+ " } " +
+ " } " +
+ "}" );
// see if we can now search that test entry which we could not before
// add or should still fail since billd is not in the admin group
@@ -425,26 +425,26 @@ public class SearchAuthorizationIT exten
assertFalse( checkCanSearchAs( "billyd", "billyd" ) );
// now add a subentry that enables user billyd to search an entry below ou=system
- createAccessControlSubentry( "billydSearch",
- "{ " +
- " identificationTag \"searchAci\", " +
- " precedence 14, " +
- " authenticationLevel none, " +
- " itemOrUserFirst userFirst: " +
- " { " +
- " userClasses " +
- " { " +
- " name { \"uid=billyd,ou=users,ou=system\" } " +
- " }, " +
- " userPermissions " +
- " { " +
- " { " +
- " protectedItems {entry, allUserAttributeTypesAndValues}, " +
- " grantsAndDenials { grantRead, grantReturnDN, grantBrowse } " +
- " } " +
- " }" +
- " } " +
- "}" );
+ createAccessControlSubentry( "billydSearch",
+ "{ " +
+ " identificationTag \"searchAci\", " +
+ " precedence 14, " +
+ " authenticationLevel none, " +
+ " itemOrUserFirst userFirst: " +
+ " { " +
+ " userClasses " +
+ " { " +
+ " name { \"uid=billyd,ou=users,ou=system\" } " +
+ " }, " +
+ " userPermissions " +
+ " { " +
+ " { " +
+ " protectedItems {entry, allUserAttributeTypesAndValues}, " +
+ " grantsAndDenials { grantRead, grantReturnDN, grantBrowse } " +
+ " } " +
+ " }" +
+ " } " +
+ "}" );
// should work now that billyd is authorized by name
assertTrue( checkCanSearchAs( "billyd", "billyd" ) );
@@ -467,26 +467,26 @@ public class SearchAuthorizationIT exten
assertFalse( checkCanSearchAs( "BillyD", "billyd" ) );
// now add a subentry that enables user billyd to search an entry below ou=system
- createAccessControlSubentry( "billydSearch",
- "{ " +
- " identificationTag \"searchAci\", " +
- " precedence 14, " +
- " authenticationLevel none, " +
- " itemOrUserFirst userFirst: " +
- " { " +
- " userClasses " +
- " { " +
- " name { \"uid=billyd,ou=users,ou=system\" } " +
- " }, " +
- " userPermissions " +
- " { " +
- " { " +
- " protectedItems {entry, allUserAttributeTypesAndValues}, " +
- " grantsAndDenials { grantRead, grantReturnDN, grantBrowse } " +
- " } " +
- " } " +
- " } " +
- "}" );
+ createAccessControlSubentry( "billydSearch",
+ "{ " +
+ " identificationTag \"searchAci\", " +
+ " precedence 14, " +
+ " authenticationLevel none, " +
+ " itemOrUserFirst userFirst: " +
+ " { " +
+ " userClasses " +
+ " { " +
+ " name { \"uid=billyd,ou=users,ou=system\" } " +
+ " }, " +
+ " userPermissions " +
+ " { " +
+ " { " +
+ " protectedItems {entry, allUserAttributeTypesAndValues}, " +
+ " grantsAndDenials { grantRead, grantReturnDN, grantBrowse } " +
+ " } " +
+ " } " +
+ " } " +
+ "}" );
// should work now that billyd is authorized by name
assertTrue( checkCanSearchAs( "BillyD", "billyd" ) );
@@ -508,29 +508,29 @@ public class SearchAuthorizationIT exten
assertFalse( checkCanSearchAs( "billyd", "billyd" ) );
// now add a subentry that enables user billyd to search an entry below ou=system
- createAccessControlSubentry( "billySearchBySubtree",
- "{ " +
- " identificationTag \"searchAci\", " +
- " precedence 14, " +
- " authenticationLevel none, " +
- " itemOrUserFirst userFirst: " +
- " { " +
- " userClasses " +
- " { " +
- " subtree " +
- " { " +
- " { base \"ou=users,ou=system\" } " +
- " } " +
- " }, " +
- " userPermissions " +
- " { " +
- " { " +
- " protectedItems {entry, allUserAttributeTypesAndValues}, " +
- " grantsAndDenials { grantRead, grantReturnDN, grantBrowse } " +
- " } " +
- " } " +
- " } " +
- "}" );
+ createAccessControlSubentry( "billySearchBySubtree",
+ "{ " +
+ " identificationTag \"searchAci\", " +
+ " precedence 14, " +
+ " authenticationLevel none, " +
+ " itemOrUserFirst userFirst: " +
+ " { " +
+ " userClasses " +
+ " { " +
+ " subtree " +
+ " { " +
+ " { base \"ou=users,ou=system\" } " +
+ " } " +
+ " }, " +
+ " userPermissions " +
+ " { " +
+ " { " +
+ " protectedItems {entry, allUserAttributeTypesAndValues}, " +
+ " grantsAndDenials { grantRead, grantReturnDN, grantBrowse } " +
+ " } " +
+ " } " +
+ " } " +
+ "}" );
// should work now that billyd is authorized by the subtree userClass
assertTrue( checkCanSearchAs( "billyd", "billyd" ) );
@@ -552,23 +552,23 @@ public class SearchAuthorizationIT exten
assertFalse( checkCanSearchAs( "billyd", "billyd" ) );
// now add a subentry that enables anyone to search an entry below ou=system
- createAccessControlSubentry( "anybodySearch",
- "{ " +
- " identificationTag \"searchAci\", " +
- " precedence 14, " +
- " authenticationLevel none, " +
- " itemOrUserFirst userFirst: " +
- " { " +
- " userClasses { allUsers }, " +
- " userPermissions " +
- " { " +
- " { " +
- " protectedItems {entry, allUserAttributeTypesAndValues}, " +
- " grantsAndDenials { grantRead, grantReturnDN, grantBrowse } " +
- " } " +
- " } " +
- " } " +
- "}" );
+ createAccessControlSubentry( "anybodySearch",
+ "{ " +
+ " identificationTag \"searchAci\", " +
+ " precedence 14, " +
+ " authenticationLevel none, " +
+ " itemOrUserFirst userFirst: " +
+ " { " +
+ " userClasses { allUsers }, " +
+ " userPermissions " +
+ " { " +
+ " { " +
+ " protectedItems {entry, allUserAttributeTypesAndValues}, " +
+ " grantsAndDenials { grantRead, grantReturnDN, grantBrowse } " +
+ " } " +
+ " } " +
+ " } " +
+ "}" );
// see if we can now search that tree which we could not before
// should work now with billyd now that all users are authorized
@@ -597,23 +597,23 @@ public class SearchAuthorizationIT exten
// now add a subentry that enables anyone to search an entry below ou=system
// down two more rdns for DNs of a max size of 3
- createAccessControlSubentry( "anybodySearch", "{ maximum 2 }",
- "{ " +
- " identificationTag \"searchAci\", " +
- " precedence 14, " +
- " authenticationLevel none, " +
- " itemOrUserFirst userFirst: " +
- " { " +
- " userClasses { allUsers }, " +
- " userPermissions " +
- " { " +
- " { " +
- " protectedItems {entry, allUserAttributeTypesAndValues}, " +
- " grantsAndDenials { grantRead, grantReturnDN, grantBrowse } " +
- " } " +
- " } " +
- " } " +
- "}" );
+ createAccessControlSubentry( "anybodySearch", "{ maximum 2 }",
+ "{ " +
+ " identificationTag \"searchAci\", " +
+ " precedence 14, " +
+ " authenticationLevel none, " +
+ " itemOrUserFirst userFirst: " +
+ " { " +
+ " userClasses { allUsers }, " +
+ " userPermissions " +
+ " { " +
+ " { " +
+ " protectedItems {entry, allUserAttributeTypesAndValues}, " +
+ " grantsAndDenials { grantRead, grantReturnDN, grantBrowse } " +
+ " } " +
+ " } " +
+ " } " +
+ "}" );
// see if we can now search that test entry which we could not before
// should work now with billyd now that all users are authorized
@@ -639,23 +639,23 @@ public class SearchAuthorizationIT exten
// now add a subentry that enables anyone to search an entry below ou=system
// down two more rdns for DNs of a max size of 3. It only grants access to
// the ou and objectClass attributes however.
- createAccessControlSubentry( "excludeTelephoneNumber", "{ maximum 2 }",
+ createAccessControlSubentry( "excludeTelephoneNumber", "{ maximum 2 }",
"{ " +
- " identificationTag \"searchAci\", " +
- " precedence 14, " +
- " authenticationLevel none, " +
- " itemOrUserFirst userFirst: " +
- " { " +
- " userClasses { allUsers }, " +
- " userPermissions " +
- " { " +
- " { " +
- " protectedItems {entry, allAttributeValues { ou, objectClass } }, " +
- " grantsAndDenials { grantRead, grantReturnDN, grantBrowse } " +
- " } " +
- " } " +
- " } " +
- "}" );
+ " identificationTag \"searchAci\", " +
+ " precedence 14, " +
+ " authenticationLevel none, " +
+ " itemOrUserFirst userFirst: " +
+ " { " +
+ " userClasses { allUsers }, " +
+ " userPermissions " +
+ " { " +
+ " { " +
+ " protectedItems {entry, allAttributeValues { ou, objectClass } }, " +
+ " grantsAndDenials { grantRead, grantReturnDN, grantBrowse } " +
+ " } " +
+ " } " +
+ " } " +
+ "}" );
// see if we can now search and find 4 entries
assertTrue( checkCanSearchAs( "billyd", "billyd", SearchScope.SUBTREE, 4 ) );
@@ -672,23 +672,23 @@ public class SearchAuthorizationIT exten
// now add a subentry that enables anyone to search an entry below ou=system
// down two more rdns for DNs of a max size of 3. This time we should be able
// to see the telephoneNumber attribute
- createAccessControlSubentry( "includeAllAttributeTypesAndValues", "{ maximum 2 }",
+ createAccessControlSubentry( "includeAllAttributeTypesAndValues", "{ maximum 2 }",
"{ " +
- " identificationTag \"searchAci\", " +
- " precedence 14, " +
- " authenticationLevel none, " +
- " itemOrUserFirst userFirst: " +
- " { " +
- " userClasses { allUsers }, " +
- " userPermissions " +
- " { " +
- " { " +
- " protectedItems {entry, allUserAttributeTypesAndValues }, " +
- " grantsAndDenials { grantRead, grantReturnDN, grantBrowse } " +
- " } " +
- " }" +
- " } " +
- "}" );
+ " identificationTag \"searchAci\", " +
+ " precedence 14, " +
+ " authenticationLevel none, " +
+ " itemOrUserFirst userFirst: " +
+ " { " +
+ " userClasses { allUsers }, " +
+ " userPermissions " +
+ " { " +
+ " { " +
+ " protectedItems {entry, allUserAttributeTypesAndValues }, " +
+ " grantsAndDenials { grantRead, grantReturnDN, grantBrowse } " +
+ " } " +
+ " }" +
+ " } " +
+ "}" );
// again we should find four entries
assertTrue( checkCanSearchAs( "billyd", "billyd", SearchScope.SUBTREE, 4 ) );
@@ -720,28 +720,28 @@ public class SearchAuthorizationIT exten
// down two more rdns for DNs of a max size of 3. It only grants access to
// the ou and objectClass attributes however.
createAccessControlSubentry( "excludeOUValue", "{ maximum 2 }",
- "{ " +
- " identificationTag \"searchAci\", " +
- " precedence 14, " +
- " authenticationLevel none, " +
- " itemOrUserFirst userFirst: " +
- " { " +
- " userClasses { allUsers }, " +
- " userPermissions " +
- " { " +
- " { " +
- " protectedItems " +
- " {" +
- " entry, " +
- " attributeType { ou }, " +
- " allAttributeValues { objectClass }, " +
- " attributeValue { ou=0, ou=1, ou=2 } " +
- " }, " +
- " grantsAndDenials { grantRead, grantReturnDN, grantBrowse } " +
- " } " +
- " } " +
- " } " +
- "}" );
+ "{ " +
+ " identificationTag \"searchAci\", " +
+ " precedence 14, " +
+ " authenticationLevel none, " +
+ " itemOrUserFirst userFirst: " +
+ " { " +
+ " userClasses { allUsers }, " +
+ " userPermissions " +
+ " { " +
+ " { " +
+ " protectedItems " +
+ " {" +
+ " entry, " +
+ " attributeType { ou }, " +
+ " allAttributeValues { objectClass }, " +
+ " attributeValue { ou=0, ou=1, ou=2 } " +
+ " }, " +
+ " grantsAndDenials { grantRead, grantReturnDN, grantBrowse } " +
+ " } " +
+ " } " +
+ " } " +
+ "}" );
// see if we can now search and find 4 entries
assertTrue( checkCanSearchAs( "billyd", "billyd", 3 ) );
@@ -758,23 +758,23 @@ public class SearchAuthorizationIT exten
// now add a subentry that enables anyone to search an entry below ou=system
// down two more rdns for DNs of a max size of 3. This time we should be able
// to see the telephoneNumber attribute
- createAccessControlSubentry( "includeAllAttributeTypesAndValues", "{ maximum 2 }",
+ createAccessControlSubentry( "includeAllAttributeTypesAndValues", "{ maximum 2 }",
"{ " +
- " identificationTag \"searchAci\", " +
- " precedence 14, " +
- " authenticationLevel none, " +
- " itemOrUserFirst userFirst: " +
- " { " +
- " userClasses { allUsers }, " +
- " userPermissions " +
- " { " +
- " { " +
- " protectedItems {entry, allUserAttributeTypesAndValues }, " +
- " grantsAndDenials { grantRead, grantReturnDN, grantBrowse } " +
- " } " +
- " } " +
- " }" +
- "}" );
+ " identificationTag \"searchAci\", " +
+ " precedence 14, " +
+ " authenticationLevel none, " +
+ " itemOrUserFirst userFirst: " +
+ " { " +
+ " userClasses { allUsers }, " +
+ " userPermissions " +
+ " { " +
+ " { " +
+ " protectedItems {entry, allUserAttributeTypesAndValues }, " +
+ " grantsAndDenials { grantRead, grantReturnDN, grantBrowse } " +
+ " } " +
+ " } " +
+ " }" +
+ "}" );
// again we should find four entries
assertTrue( checkCanSearchAs( "billyd", "billyd", 3 ) );
@@ -801,23 +801,23 @@ public class SearchAuthorizationIT exten
createUser( "billyd", "billyd" );
// now add an entryACI denies browse, read and returnDN to a specific entry
- String aci =
- "{ " +
- " identificationTag \"denyAci\", " +
- " precedence 14, " +
- " authenticationLevel none, " +
- " itemOrUserFirst userFirst: " +
- " { " +
- " userClasses { allUsers }, " +
- " userPermissions " +
- " { " +
- " { " +
- " protectedItems {entry, allUserAttributeTypesAndValues}, " +
- " grantsAndDenials { denyRead, denyReturnDN, denyBrowse } " +
- " } " +
- " } " +
- " } " +
- "}";
+ String aci =
+ "{ " +
+ " identificationTag \"denyAci\", " +
+ " precedence 14, " +
+ " authenticationLevel none, " +
+ " itemOrUserFirst userFirst: " +
+ " { " +
+ " userClasses { allUsers }, " +
+ " userPermissions " +
+ " { " +
+ " { " +
+ " protectedItems {entry, allUserAttributeTypesAndValues}, " +
+ " grantsAndDenials { denyRead, denyReturnDN, denyBrowse } " +
+ " } " +
+ " } " +
+ " } " +
+ "}";
// try a search operation which should fail without any prescriptive ACI
Dn testsDn = new Dn( "ou=system" );
@@ -825,23 +825,23 @@ public class SearchAuthorizationIT exten
assertFalse( checkSearchAsWithEntryACI( "billyd", "billyd", SearchScope.SUBTREE, testsDn, aci, 9 ) );
// now add a subentry that enables anyone to search below ou=system
- createAccessControlSubentry( "anybodySearch",
- "{ " +
- " identificationTag \"searchAci\", " +
- " precedence 14, " +
- " authenticationLevel none, " +
- " itemOrUserFirst userFirst: " +
- " { " +
- " userClasses { allUsers }, " +
- " userPermissions " +
- " { " +
- " { " +
- " protectedItems {entry, allUserAttributeTypesAndValues}, " +
- " grantsAndDenials { grantRead, grantReturnDN, grantBrowse } " +
- " } " +
- " } " +
- " } " +
- "}" );
+ createAccessControlSubentry( "anybodySearch",
+ "{ " +
+ " identificationTag \"searchAci\", " +
+ " precedence 14, " +
+ " authenticationLevel none, " +
+ " itemOrUserFirst userFirst: " +
+ " { " +
+ " userClasses { allUsers }, " +
+ " userPermissions " +
+ " { " +
+ " { " +
+ " protectedItems {entry, allUserAttributeTypesAndValues}, " +
+ " grantsAndDenials { grantRead, grantReturnDN, grantBrowse } " +
+ " } " +
+ " } " +
+ " } " +
+ "}" );
// see if we can now search the tree which we could not before
// should work with billyd now that all users are authorized
@@ -870,23 +870,23 @@ public class SearchAuthorizationIT exten
createUser( "billyd", "billyd" );
// now add an entryACI denying browse, read and returnDN to a specific entry
- String aci =
- "{ " +
- " identificationTag \"denyAci\", " +
- " precedence 14, " +
- " authenticationLevel none, " +
- " itemOrUserFirst userFirst: " +
- " { " +
- " userClasses { allUsers }, " +
- " userPermissions " +
- " { " +
- " { " +
- " protectedItems {entry, allUserAttributeTypesAndValues}, " +
- " grantsAndDenials { denyRead, denyReturnDN, denyBrowse } " +
- " } " +
- " } " +
- " } " +
- "}";
+ String aci =
+ "{ " +
+ " identificationTag \"denyAci\", " +
+ " precedence 14, " +
+ " authenticationLevel none, " +
+ " itemOrUserFirst userFirst: " +
+ " { " +
+ " userClasses { allUsers }, " +
+ " userPermissions " +
+ " { " +
+ " { " +
+ " protectedItems {entry, allUserAttributeTypesAndValues}, " +
+ " grantsAndDenials { denyRead, denyReturnDN, denyBrowse } " +
+ " } " +
+ " } " +
+ " } " +
+ "}";
// try a search operation which should fail without any prescriptive ACI
Dn testsDn = new Dn( "ou=system" );
@@ -894,23 +894,23 @@ public class SearchAuthorizationIT exten
assertFalse( checkSearchAsWithEntryACI( "billyd", "billyd", SearchScope.SUBTREE, testsDn, aci, 9 ) );
// now add a subentry that enables anyone to search below ou=system
- createAccessControlSubentry( "anybodySearch",
- "{ " +
- " identificationTag \"searchAci\", " +
- " precedence 15, " +
- " authenticationLevel none, " +
- " itemOrUserFirst userFirst: " +
- " { " +
- " userClasses { allUsers }, " +
- " userPermissions " +
- " { " +
- " { " +
- " protectedItems {entry, allUserAttributeTypesAndValues}, " +
- " grantsAndDenials { grantRead, grantReturnDN, grantBrowse } " +
- " } " +
- " } " +
- " } " +
- "}" );
+ createAccessControlSubentry( "anybodySearch",
+ "{ " +
+ " identificationTag \"searchAci\", " +
+ " precedence 15, " +
+ " authenticationLevel none, " +
+ " itemOrUserFirst userFirst: " +
+ " { " +
+ " userClasses { allUsers }, " +
+ " userPermissions " +
+ " { " +
+ " { " +
+ " protectedItems {entry, allUserAttributeTypesAndValues}, " +
+ " grantsAndDenials { grantRead, grantReturnDN, grantBrowse } " +
+ " } " +
+ " } " +
+ " } " +
+ "}" );
// see if we can now search the tree which we could not before
// should work with billyd now that all users are authorized
@@ -922,22 +922,22 @@ public class SearchAuthorizationIT exten
// now add an entryACI denies browse, read and returnDN to a specific entry
// but this time the precedence will be higher than that of the grant
- aci =
- "{ " +
- " identificationTag \"denyAci\", " +
- " precedence 16, " +
- " authenticationLevel none, " +
- " itemOrUserFirst userFirst: " + " { " +
- " userClasses { allUsers }, " +
- " userPermissions " +
- " { " +
- " { " +
- " protectedItems {entry, allUserAttributeTypesAndValues}, " +
- " grantsAndDenials { denyRead, denyReturnDN, denyBrowse } " +
- " } " +
- " } " +
- " } " +
- "}";
+ aci =
+ "{ " +
+ " identificationTag \"denyAci\", " +
+ " precedence 16, " +
+ " authenticationLevel none, " +
+ " itemOrUserFirst userFirst: " + " { " +
+ " userClasses { allUsers }, " +
+ " userPermissions " +
+ " { " +
+ " { " +
+ " protectedItems {entry, allUserAttributeTypesAndValues}, " +
+ " grantsAndDenials { denyRead, denyReturnDN, denyBrowse } " +
+ " } " +
+ " } " +
+ " } " +
+ "}";
// see if we can now search the tree which we could not before
// should work with billyd now that all users are authorized
@@ -965,7 +965,7 @@ public class SearchAuthorizationIT exten
EntryCursor list = null;
list = userCtx.search( dn.getName(), "(objectClass=*)", SearchScope.OBJECT, "*" );
-
+
if ( list.next() )
{
result = list.get();
@@ -984,44 +984,44 @@ public class SearchAuthorizationIT exten
createUser( "billyd", "billyd" );
// now add a subentry that enables anyone to search below ou=system
- createAccessControlSubentry( "anybodySearch",
- "{ " +
- " identificationTag \"searchAci\", " +
- " precedence 14, " +
- " authenticationLevel none, " +
- " itemOrUserFirst userFirst: " +
- " { " +
- " userClasses { allUsers }, " +
- " userPermissions " +
- " { " +
- " { " +
- " protectedItems {entry, allUserAttributeTypesAndValues}, " +
- " grantsAndDenials { grantRead, grantReturnDN, grantBrowse } " +
- " } " +
- " } " +
- " } " +
- "}" );
+ createAccessControlSubentry( "anybodySearch",
+ "{ " +
+ " identificationTag \"searchAci\", " +
+ " precedence 14, " +
+ " authenticationLevel none, " +
+ " itemOrUserFirst userFirst: " +
+ " { " +
+ " userClasses { allUsers }, " +
+ " userPermissions " +
+ " { " +
+ " { " +
+ " protectedItems {entry, allUserAttributeTypesAndValues}, " +
+ " grantsAndDenials { grantRead, grantReturnDN, grantBrowse } " +
+ " } " +
+ " } " +
+ " } " +
+ "}" );
// check and see if we can access the subentry now
assertNotNull( checkCanSearhSubentryAs( "billyd", "billyd", new Dn( "cn=anybodySearch,ou=system" ) ) );
// now add a denial to prevent all users except the admin from accessing the subentry
- addSubentryACI(
- "{ " +
- " identificationTag \"searchAci\", " +
+ addSubentryACI(
+ "{ " +
+ " identificationTag \"searchAci\", " +
" precedence 14, " +
- " authenticationLevel none, " +
- " itemOrUserFirst userFirst: " +
+ " authenticationLevel none, " +
+ " itemOrUserFirst userFirst: " +
" { " +
- " userClasses { allUsers }, " +
- " userPermissions " +
- " { " +
+ " userClasses { allUsers }, " +
+ " userPermissions " +
+ " { " +
" { " +
" protectedItems {entry, allUserAttributeTypesAndValues}, " +
- " grantsAndDenials { denyRead, denyReturnDN, denyBrowse } " +
- " } " +
- " } " +
- " } " +
+ " grantsAndDenials { denyRead, denyReturnDN, denyBrowse } " +
+ " } " +
+ " } " +
+ " } " +
"}" );
// now we should not be able to access the subentry with a search
@@ -1037,32 +1037,32 @@ public class SearchAuthorizationIT exten
// now add a subentry that enables anyone to search/lookup and disclose on error
// below ou=system, with the exclusion of ou=groups and everything below it
- createAccessControlSubentry( "selectiveDiscloseOnError",
+ createAccessControlSubentry( "selectiveDiscloseOnError",
"{ specificExclusions " +
- " { chopBefore:\"ou=groups\" } " +
- "}",
- "{ " +
- " identificationTag \"searchAci\", " +
- " precedence 14, " +
- " authenticationLevel none, " +
- " itemOrUserFirst userFirst:" +
- " { " +
- " userClasses { allUsers }, " +
- " userPermissions " +
- " { " +
- " { " +
- " protectedItems {entry, allUserAttributeTypesAndValues}, " +
- " grantsAndDenials " +
- " { " +
- " grantRead, " +
- " grantReturnDN, " +
- " grantBrowse, " +
- " grantDiscloseOnError " +
- " } " +
- " } " +
- " } " +
- " } " +
- "}" );
+ " { chopBefore:\"ou=groups\" } " +
+ "}",
+ "{ " +
+ " identificationTag \"searchAci\", " +
+ " precedence 14, " +
+ " authenticationLevel none, " +
+ " itemOrUserFirst userFirst:" +
+ " { " +
+ " userClasses { allUsers }, " +
+ " userPermissions " +
+ " { " +
+ " { " +
+ " protectedItems {entry, allUserAttributeTypesAndValues}, " +
+ " grantsAndDenials " +
+ " { " +
+ " grantRead, " +
+ " grantReturnDN, " +
+ " grantBrowse, " +
+ " grantDiscloseOnError " +
+ " } " +
+ " } " +
+ " } " +
+ " } " +
+ "}" );
// get a context as the user and try a lookup of a non-existant entry under ou=groups,ou=system
LdapConnection userCtx = getConnectionAs( "uid=billyd,ou=users,ou=system", "billyd" );
@@ -1073,29 +1073,29 @@ public class SearchAuthorizationIT exten
// now delete and replace subentry with one that does not excluse ou=groups,ou=system
deleteAccessControlSubentry( "selectiveDiscloseOnError" );
- createAccessControlSubentry( "selectiveDiscloseOnError",
- "{ " +
- " identificationTag \"searchAci\", " +
- " precedence 14, " +
- " authenticationLevel none, " +
- " itemOrUserFirst userFirst: " +
- " { " +
- " userClasses { allUsers }, " +
- " userPermissions " +
- " { " +
- " { " +
- " protectedItems {entry, allUserAttributeTypesAndValues}, " +
- " grantsAndDenials " +
- " { " +
- " grantRead, " +
- " grantReturnDN, " +
- " grantBrowse, " +
- " grantDiscloseOnError " +
- " } " +
- " } " +
- " } " +
- " } " +
- "}" );
+ createAccessControlSubentry( "selectiveDiscloseOnError",
+ "{ " +
+ " identificationTag \"searchAci\", " +
+ " precedence 14, " +
+ " authenticationLevel none, " +
+ " itemOrUserFirst userFirst: " +
+ " { " +
+ " userClasses { allUsers }, " +
+ " userPermissions " +
+ " { " +
+ " { " +
+ " protectedItems {entry, allUserAttributeTypesAndValues}, " +
+ " grantsAndDenials " +
+ " { " +
+ " grantRead, " +
+ " grantReturnDN, " +
+ " grantBrowse, " +
+ " grantDiscloseOnError " +
+ " } " +
+ " } " +
+ " } " +
+ " } " +
+ "}" );
// now try a lookup of a non-existant entry under ou=groups,ou=system again
entry = userCtx.lookup( "cn=blah,ou=groups" );
@@ -1117,46 +1117,46 @@ public class SearchAuthorizationIT exten
getAdminConnection().add( phoneBook );
// now add a subentry that enables anyone to search below their own entries
- createAccessControlSubentry( "anybodySearchTheirSubordinates",
- "{ " +
- " identificationTag \"searchAci\", " +
- " precedence 14, " +
- " authenticationLevel none, " +
- " itemOrUserFirst userFirst: " +
- " { " +
- " userClasses { allUsers }, " +
- " userPermissions " +
- " { " +
- " { " +
- " protectedItems {entry, allUserAttributeTypesAndValues}, " +
- " grantsAndDenials { grantRead, grantReturnDN, grantBrowse } " +
- " } " +
- " } " +
- " } " +
- "}" );
+ createAccessControlSubentry( "anybodySearchTheirSubordinates",
+ "{ " +
+ " identificationTag \"searchAci\", " +
+ " precedence 14, " +
+ " authenticationLevel none, " +
+ " itemOrUserFirst userFirst: " +
+ " { " +
+ " userClasses { allUsers }, " +
+ " userPermissions " +
+ " { " +
+ " { " +
+ " protectedItems {entry, allUserAttributeTypesAndValues}, " +
+ " grantsAndDenials { grantRead, grantReturnDN, grantBrowse } " +
+ " } " +
+ " } " +
+ " } " +
+ "}" );
// check and see if we can access the subentry now
assertNotNull( checkCanSearhSubentryAs( "billyd", "billyd", new Dn(
"ou=phoneBook,uid=billyd,ou=users,ou=system" ) ) );
// now add a denial to prevent all users except the admin from accessing the subentry
- addPrescriptiveACI( "anybodySearchTheirSubordinates",
+ addPrescriptiveACI( "anybodySearchTheirSubordinates",
"{ " +
- " identificationTag \"anybodyDontSearchTheirSubordinates\", " +
- " precedence 14, " +
- " authenticationLevel none, " +
- " itemOrUserFirst userFirst: " +
- " { " +
- " userClasses { parentOfEntry }, " +
- " userPermissions " +
- " { " +
- " { " +
- " protectedItems {entry, allUserAttributeTypesAndValues}, " +
- " grantsAndDenials { denyRead, denyReturnDN, denyBrowse } " +
- " } " +
- " } " +
- " } " +
- "}" );
+ " identificationTag \"anybodyDontSearchTheirSubordinates\", " +
+ " precedence 14, " +
+ " authenticationLevel none, " +
+ " itemOrUserFirst userFirst: " +
+ " { " +
+ " userClasses { parentOfEntry }, " +
+ " userPermissions " +
+ " { " +
+ " { " +
+ " protectedItems {entry, allUserAttributeTypesAndValues}, " +
+ " grantsAndDenials { denyRead, denyReturnDN, denyBrowse } " +
+ " } " +
+ " } " +
+ " } " +
+ "}" );
// now we should not be able to access the subentry with a search
assertNull( checkCanSearhSubentryAs( "billyd", "billyd", new Dn( "ou=phoneBook,uid=billyd,ou=users,ou=system" ) ) );
@@ -1169,7 +1169,7 @@ public class SearchAuthorizationIT exten
* @throws Exception if the test encounters an error
*/
@Test
- @Ignore( "The test is currently failing" )
+ @Ignore("The test is currently failing")
public void testRangeOfValues() throws Exception
{
// create the non-admin user
@@ -1179,27 +1179,27 @@ public class SearchAuthorizationIT exten
assertFalse( checkCanSearchAs( "billyd", "billyd" ) );
// now add a subentry that allows a user to read the CN only
- createAccessControlSubentry( "rangeOfValues",
- "{ " +
- " identificationTag \"rangeOfValuesAci\", " +
- " precedence 14," +
- " authenticationLevel none, " +
- " itemOrUserFirst userFirst: " +
- " { " +
- " userClasses { allUsers }, " +
- " userPermissions " +
- " { " +
- " { " +
- " protectedItems { entry }, " +
- " grantsAndDenials { grantRead, grantReturnDN, grantBrowse } " +
- " }, " +
- " { " +
- " protectedItems { rangeOfValues (cn=billyd) }, " +
- " grantsAndDenials { grantRead, grantReturnDN, grantBrowse } " +
- " } " +
- " } " +
- " } " +
- "}" );
+ createAccessControlSubentry( "rangeOfValues",
+ "{ " +
+ " identificationTag \"rangeOfValuesAci\", " +
+ " precedence 14," +
+ " authenticationLevel none, " +
+ " itemOrUserFirst userFirst: " +
+ " { " +
+ " userClasses { allUsers }, " +
+ " userPermissions " +
+ " { " +
+ " { " +
+ " protectedItems { entry }, " +
+ " grantsAndDenials { grantRead, grantReturnDN, grantBrowse } " +
+ " }, " +
+ " { " +
+ " protectedItems { rangeOfValues (cn=billyd) }, " +
+ " grantsAndDenials { grantRead, grantReturnDN, grantBrowse } " +
+ " } " +
+ " } " +
+ " } " +
+ "}" );
// see if we can now search and find 4 entries
assertTrue( checkCanSearchAs( "billyd", "billyd" ) );
Modified: directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authz/support/MaxImmSubFilterTest.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authz/support/MaxImmSubFilterTest.java?rev=1235347&r1=1235346&r2=1235347&view=diff
==============================================================================
--- directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authz/support/MaxImmSubFilterTest.java (original)
+++ directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authz/support/MaxImmSubFilterTest.java Tue Jan 24 16:42:44 2012
@@ -54,7 +54,7 @@ import org.junit.runner.RunWith;
* @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
*/
@RunWith(FrameworkRunner.class)
-@CreateDS( name="MaxImmSubFilter-DS")
+@CreateDS(name = "MaxImmSubFilter-DS")
public class MaxImmSubFilterTest extends AbstractLdapTestUnit
{
private static final Collection<ACITuple> EMPTY_ACI_TUPLE_COLLECTION = Collections
@@ -167,7 +167,7 @@ public class MaxImmSubFilterTest extends
@Test
@Ignore("test is failing cause of incorrect results from MaxImmSubFilter.filter() method after " +
- "started using real OperationContext instead of MockOperationContext")
+ "started using real OperationContext instead of MockOperationContext")
public void testGrantTuple() throws Exception
{
MaxImmSubFilter filter = new MaxImmSubFilter( schemaManager );
Modified: directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/collective/CollectiveAttributeServiceIT.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/collective/CollectiveAttributeServiceIT.java?rev=1235347&r1=1235346&r2=1235347&view=diff
==============================================================================
--- directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/collective/CollectiveAttributeServiceIT.java (original)
+++ directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/collective/CollectiveAttributeServiceIT.java Tue Jan 24 16:42:44 2012
@@ -66,10 +66,10 @@ public class CollectiveAttributeServiceI
private Entry getTestEntry( String dn, String cn ) throws LdapLdifException, LdapException
{
- Entry subentry = new DefaultEntry(
- dn,
- "objectClass: top",
- "objectClass: person",
+ Entry subentry = new DefaultEntry(
+ dn,
+ "objectClass: top",
+ "objectClass: person",
"cn", cn,
"sn: testentry" );
@@ -79,13 +79,13 @@ public class CollectiveAttributeServiceI
private Entry getTestSubentry( String dn ) throws LdapLdifException, LdapException
{
- Entry subentry = new DefaultEntry(
- dn,
- "objectClass: top",
+ Entry subentry = new DefaultEntry(
+ dn,
+ "objectClass: top",
"objectClass: subentry",
- "objectClass: collectiveAttributeSubentry",
+ "objectClass: collectiveAttributeSubentry",
"c-ou: configuration",
- "subtreeSpecification: { base \"ou=configuration\" }",
+ "subtreeSpecification: { base \"ou=configuration\" }",
"cn: testsubentry" );
return subentry;
@@ -95,13 +95,13 @@ public class CollectiveAttributeServiceI
private Entry getTestSubentry2( String dn ) throws LdapLdifException, LdapException
{
Entry subentry = new DefaultEntry(
- dn,
- "objectClass: top",
+ dn,
+ "objectClass: top",
"objectClass: subentry",
- "objectClass: collectiveAttributeSubentry",
+ "objectClass: collectiveAttributeSubentry",
"c-ou: configuration2",
- "subtreeSpecification: { base \"ou=configuration\" }",
- "cn: testsubentry2");
+ "subtreeSpecification: { base \"ou=configuration\" }",
+ "cn: testsubentry2" );
return subentry;
}
@@ -109,13 +109,13 @@ public class CollectiveAttributeServiceI
private Entry getTestSubentry3( String dn ) throws LdapLdifException, LdapException
{
- Entry subentry = new DefaultEntry(
- dn,
- "objectClass: top",
+ Entry subentry = new DefaultEntry(
+ dn,
+ "objectClass: top",
"objectClass: subentry",
- "objectClass: collectiveAttributeSubentry",
+ "objectClass: collectiveAttributeSubentry",
"c-st: FL",
- "subtreeSpecification: { base \"ou=configuration\" }",
+ "subtreeSpecification: { base \"ou=configuration\" }",
"cn: testsubentry3" );
return subentry;
@@ -323,7 +323,7 @@ public class CollectiveAttributeServiceI
@Test
- @Ignore( "This test is failing until we fix the handling of collective attributes in filters" )
+ @Ignore("This test is failing until we fix the handling of collective attributes in filters")
public void testSearchFilterCollectiveAttribute() throws Exception
{
// -------------------------------------------------------------------
@@ -331,12 +331,12 @@ public class CollectiveAttributeServiceI
// -------------------------------------------------------------------
addAdministrativeRole( "collectiveAttributeSpecificArea" );
connection.add( getTestSubentry( "cn=testsubentry,ou=system" ) );
-
+
EntryCursor cursor = connection.search( "ou=system", "(c-ou=configuration)", SearchScope.SUBTREE, "+",
"*" );
boolean found = false;
-
+
while ( cursor.next() )
{
Entry entry = cursor.get();
@@ -344,7 +344,7 @@ public class CollectiveAttributeServiceI
found = true;
break;
}
-
+
assertTrue( found );
}
@@ -505,7 +505,7 @@ public class CollectiveAttributeServiceI
}
- @Test( expected = LdapSchemaViolationException.class )
+ @Test(expected = LdapSchemaViolationException.class)
public void testAddRegularEntryWithCollectiveAttribute() throws Exception
{
Entry entry = getTestEntry( "cn=Ersin Er,ou=system", "Ersin Er" );
@@ -515,7 +515,7 @@ public class CollectiveAttributeServiceI
}
- @Test( expected = LdapSchemaViolationException.class )
+ @Test(expected = LdapSchemaViolationException.class)
public void testModifyRegularEntryAddingCollectiveAttribute() throws Exception
{
Entry entry = getTestEntry( "cn=Ersin Er,ou=system", "Ersin Er" );
Modified: directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/configuration/PartitionConfigurationIT.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/configuration/PartitionConfigurationIT.java?rev=1235347&r1=1235346&r2=1235347&view=diff
==============================================================================
--- directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/configuration/PartitionConfigurationIT.java (original)
+++ directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/configuration/PartitionConfigurationIT.java Tue Jan 24 16:42:44 2012
@@ -58,16 +58,17 @@ public class PartitionConfigurationIT ex
{
DirectoryServiceFactory dsFactory = DefaultDirectoryServiceFactory.class.newInstance();
PartitionFactory partitionFactory = dsFactory.getPartitionFactory();
- Partition partition = partitionFactory.createPartition( getService().getSchemaManager(), "removable", "ou=removable", 100, getService()
- .getInstanceLayout().getPartitionsDirectory() );
+ Partition partition = partitionFactory.createPartition( getService().getSchemaManager(), "removable",
+ "ou=removable", 100, getService()
+ .getInstanceLayout().getPartitionsDirectory() );
// Test AddContextPartition
getService().addPartition( partition );
Dn suffixDn = new Dn( getService().getSchemaManager(), "ou=removable" );
- Entry ctxEntry = new DefaultEntry(
- getService().getSchemaManager(),
+ Entry ctxEntry = new DefaultEntry(
+ getService().getSchemaManager(),
suffixDn.toString(),
"objectClass: top",
"objectClass: organizationalUnit",
Modified: directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/event/EventServiceIT.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/event/EventServiceIT.java?rev=1235347&r1=1235346&r2=1235347&view=diff
==============================================================================
--- directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/event/EventServiceIT.java (original)
+++ directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/event/EventServiceIT.java Tue Jan 24 16:42:44 2012
@@ -49,7 +49,7 @@ import org.junit.runner.RunWith;
*
* @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
*/
-@RunWith ( FrameworkRunner.class )
+@RunWith(FrameworkRunner.class)
@CreateDS(name = "EventServiceIT")
public class EventServiceIT extends AbstractLdapTestUnit
{
@@ -67,9 +67,9 @@ public class EventServiceIT extends Abst
ctx.addNamingListener( "", SearchControls.SUBTREE_SCOPE, listener );
Attributes testEntry = LdifUtils.createJndiAttributes(
- "objectClass: top",
- "objectClass: organizationalUnit",
- "ou", "testentry");
+ "objectClass: top",
+ "objectClass: organizationalUnit",
+ "ou", "testentry" );
ctx.createSubcontext( "ou=testentry", testEntry );
@@ -94,7 +94,7 @@ public class EventServiceIT extends Abst
// read the entry once again just to make sure
ctx.createSubcontext( "ou=testentry", testEntry );
-
+
// Wait 1 second, as the process is asynchronous
Thread.sleep( 1000 );
@@ -118,7 +118,7 @@ public class EventServiceIT extends Abst
EventDirContext ctx = ( EventDirContext ) getSystemContext( getService() ).lookup( "" );
ctx.addNamingListener( "", SearchControls.SUBTREE_SCOPE, listener );
- Attributes testEntry = LdifUtils.createJndiAttributes(
+ Attributes testEntry = LdifUtils.createJndiAttributes(
"objectClass: top",
"objectClass: organizationalUnit",
"ou", "testentry" );
@@ -146,7 +146,7 @@ public class EventServiceIT extends Abst
// readd the entry once again just to make sure
ctx.createSubcontext( "ou=testentry", testEntry );
-
+
// Wait 1 second, as the process is asynchronous
Thread.sleep( 1000 );
@@ -155,7 +155,6 @@ public class EventServiceIT extends Abst
assertEquals( "objectAdded", rec.method );
}
-
public class TestListener implements ObjectChangeListener, NamespaceChangeListener
{
List<EventRecord> events = new ArrayList<EventRecord>();
@@ -203,7 +202,7 @@ public class EventServiceIT extends Abst
EventObject event;
- EventRecord(String method, EventObject event)
+ EventRecord( String method, EventObject event )
{
this.method = method;
this.event = event;
Modified: directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/exception/ExceptionServiceIT.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/exception/ExceptionServiceIT.java?rev=1235347&r1=1235346&r2=1235347&view=diff
==============================================================================
--- directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/exception/ExceptionServiceIT.java (original)
+++ directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/exception/ExceptionServiceIT.java Tue Jan 24 16:42:44 2012
@@ -87,7 +87,7 @@ public class ExceptionServiceIT extends
AddRequest addRequest = new AddRequestImpl();
addRequest.setEntry( entry );
addRequest.setEntryDn( dn );
-
+
AddResponse resp = getAdminConnection( getService() ).add( addRequest );
return resp;
@@ -154,13 +154,13 @@ public class ExceptionServiceIT extends
entry.add( SchemaConstants.OU_AT, "users" );
connection.add( entry );
-
+
try
{
connection.rename( entry.getDn(), new Rdn( "ou=users" ) );
fail();
}
- catch( LdapEntryAlreadyExistsException leaee )
+ catch ( LdapEntryAlreadyExistsException leaee )
{
assertTrue( true );
}
@@ -176,7 +176,7 @@ public class ExceptionServiceIT extends
connection.rename( "ou=userz,ou=groups,ou=system", "ou=users", true );
fail();
}
- catch( LdapEntryAlreadyExistsException leaee )
+ catch ( LdapEntryAlreadyExistsException leaee )
{
assertTrue( true );
}
@@ -244,7 +244,7 @@ public class ExceptionServiceIT extends
*
* @throws Exception on error
*/
- @Test( expected = LdapEntryAlreadyExistsException.class )
+ @Test(expected = LdapEntryAlreadyExistsException.class)
public void testFailModifyRdnEntryAlreadyExists() throws Exception
{
LdapConnection connection = getAdminConnection( getService() );
@@ -258,7 +258,7 @@ public class ExceptionServiceIT extends
*
* @throws Exception on error
*/
- @Test( expected = LdapNoSuchObjectException.class )
+ @Test(expected = LdapNoSuchObjectException.class)
public void testFailModifyRdnNoSuchObject() throws Exception
{
LdapConnection connection = getAdminConnection( getService() );
@@ -426,7 +426,7 @@ public class ExceptionServiceIT extends
*
* @throws Exception on error
*/
- @Test( expected = LdapAliasException.class )
+ @Test(expected = LdapAliasException.class)
public void testFailAddOnAlias() throws Exception
{
LdapConnection connection = getAdminConnection( getService() );
@@ -486,7 +486,7 @@ public class ExceptionServiceIT extends
*
* @throws Exception on error
*/
- @Test( expected = LdapContextNotEmptyException.class )
+ @Test(expected = LdapContextNotEmptyException.class)
public void testFailDeleteNotAllowedOnNonLeaf() throws Exception
{
LdapConnection connection = getAdminConnection( getService() );
@@ -504,7 +504,7 @@ public class ExceptionServiceIT extends
*
* @throws Exception on error
*/
- @Test( expected = LdapNoSuchObjectException.class )
+ @Test(expected = LdapNoSuchObjectException.class)
public void testFailDeleteNoSuchObject() throws Exception
{
LdapConnection connection = getAdminConnection( getService() );