You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by ak...@apache.org on 2005/09/20 20:04:54 UTC
svn commit: r290498 - in
/directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server: authz/
interceptor/ jndi/ normalization/ partition/
Author: akarasulu
Date: Tue Sep 20 11:04:43 2005
New Revision: 290498
URL: http://svn.apache.org/viewcvs?rev=290498&view=rev
Log:
changes to introduce new compare() operation into interceptor chain ...
o added compare() method to the ContextPartitionNexus, the default
implementation and the proxy
o added compare() method to Interceptor interface, it's implementations and
to the InterceptorChain itself
o introduced new compare() method in the ServerLdapContext which implemented
the JNDI LdapContext interface - this exposes a pathway into the compare()
processing by the core internals which includes effects by the interceptor
chain
o preparing authorization service for ACI guards on interceptor operations
Modified:
directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/authz/AuthorizationService.java
directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/interceptor/BaseInterceptor.java
directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/interceptor/Interceptor.java
directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/interceptor/InterceptorChain.java
directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/interceptor/NextInterceptor.java
directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/jndi/ContextPartitionNexusProxy.java
directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/jndi/ServerLdapContext.java
directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/normalization/NormalizationService.java
directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/partition/ContextPartitionNexus.java
directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/partition/DefaultContextPartitionNexus.java
Modified: directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/authz/AuthorizationService.java
URL: http://svn.apache.org/viewcvs/directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/authz/AuthorizationService.java?rev=290498&r1=290497&r2=290498&view=diff
==============================================================================
--- directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/authz/AuthorizationService.java (original)
+++ directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/authz/AuthorizationService.java Tue Sep 20 11:04:43 2005
@@ -22,11 +22,16 @@
import org.apache.ldap.server.jndi.ContextFactoryConfiguration;
import org.apache.ldap.server.configuration.InterceptorConfiguration;
import org.apache.ldap.server.partition.ContextPartitionNexus;
+import org.apache.ldap.common.filter.ExprNode;
import javax.naming.Name;
import javax.naming.NamingException;
+import javax.naming.NamingEnumeration;
import javax.naming.directory.Attributes;
import javax.naming.directory.ModificationItem;
+import javax.naming.directory.SearchControls;
+import java.util.Iterator;
+import java.util.Map;
/**
@@ -37,7 +42,9 @@
*/
public class AuthorizationService extends BaseInterceptor
{
+ /** the partition nexus */
private ContextPartitionNexus nexus;
+ /** a cache that responds to add, delete, and modify attempts */
private TupleCache cache;
@@ -78,5 +85,67 @@
Attributes entry = nexus.lookup( name );
next.modify( name, mods );
cache.subentryModified( name, mods, entry );
+ }
+
+
+ public Attributes getRootDSE( NextInterceptor next ) throws NamingException
+ {
+ return super.getRootDSE( next );
+ }
+
+
+ public boolean hasEntry( NextInterceptor next, Name name ) throws NamingException
+ {
+ return next.hasEntry( name );
+ }
+
+
+ public NamingEnumeration list( NextInterceptor next, Name base ) throws NamingException
+ {
+ return super.list( next, base );
+ }
+
+
+ public Iterator listSuffixes( NextInterceptor next, boolean normalized ) throws NamingException
+ {
+ return super.listSuffixes( next, normalized );
+ }
+
+
+ public Attributes lookup( NextInterceptor next, Name dn, String[] attrIds ) throws NamingException
+ {
+ return super.lookup( next, dn, attrIds );
+ }
+
+
+ public Attributes lookup( NextInterceptor next, Name name ) throws NamingException
+ {
+ return super.lookup( next, name );
+ }
+
+
+ public void modifyRn( NextInterceptor next, Name name, String newRn, boolean deleteOldRn ) throws NamingException
+ {
+ super.modifyRn( next, name, newRn, deleteOldRn );
+ }
+
+
+ public void move( NextInterceptor next, Name oriChildName, Name newParentName, String newRn, boolean deleteOldRn )
+ throws NamingException
+ {
+ super.move( next, oriChildName, newParentName, newRn, deleteOldRn );
+ }
+
+
+ public void move( NextInterceptor next, Name oriChildName, Name newParentName ) throws NamingException
+ {
+ super.move( next, oriChildName, newParentName );
+ }
+
+
+ public NamingEnumeration search( NextInterceptor next, Name base, Map env, ExprNode filter,
+ SearchControls searchCtls ) throws NamingException
+ {
+ return super.search( next, base, env, filter, searchCtls );
}
}
Modified: directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/interceptor/BaseInterceptor.java
URL: http://svn.apache.org/viewcvs/directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/interceptor/BaseInterceptor.java?rev=290498&r1=290497&r2=290498&view=diff
==============================================================================
--- directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/interceptor/BaseInterceptor.java (original)
+++ directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/interceptor/BaseInterceptor.java Tue Sep 20 11:04:43 2005
@@ -204,4 +204,9 @@
{
next.removeContextPartition( suffix );
}
+
+ public boolean compare( NextInterceptor next, Name name, String oid, Object value ) throws NamingException
+ {
+ return next.compare( name, oid, value );
+ }
}
Modified: directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/interceptor/Interceptor.java
URL: http://svn.apache.org/viewcvs/directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/interceptor/Interceptor.java?rev=290498&r1=290497&r2=290498&view=diff
==============================================================================
--- directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/interceptor/Interceptor.java (original)
+++ directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/interceptor/Interceptor.java Tue Sep 20 11:04:43 2005
@@ -106,7 +106,6 @@
*/
void init( ContextFactoryConfiguration factoryCfg, InterceptorConfiguration cfg ) throws NamingException;
-
/**
* Deinitializes this interceptor. This is invoked by {@link InterceptorChain}
* when this intercepter is unloaded from interceptor chain.
@@ -117,46 +116,62 @@
* Filters {@link ContextPartitionNexus#getRootDSE()} call.
*/
Attributes getRootDSE( NextInterceptor next ) throws NamingException;
+
/**
* Filters {@link ContextPartitionNexus#getMatchedName(Name, boolean)} call.
*/
Name getMatchedName( NextInterceptor next, Name name, boolean normalized ) throws NamingException;
+
/**
* Filters {@link ContextPartitionNexus#getSuffix(Name, boolean)} call.
*/
Name getSuffix( NextInterceptor next, Name name, boolean normalized ) throws NamingException;
+
/**
* Filters {@link ContextPartitionNexus#listSuffixes(boolean)} call.
*/
Iterator listSuffixes( NextInterceptor next, boolean normalized ) throws NamingException;
+
/**
* Filters {@link ContextPartitionNexus#addContextPartition(ContextPartitionConfiguration)} call.
*/
void addContextPartition( NextInterceptor next, ContextPartitionConfiguration cfg ) throws NamingException;
+
/**
* Filters {@link ContextPartitionNexus#removeContextPartition(Name)} call.
*/
void removeContextPartition( NextInterceptor next, Name suffix ) throws NamingException;
+
+ /**
+ * Filters {@link ContextPartitionNexus#compare(Name,String,Object)} call.
+ */
+ boolean compare( NextInterceptor next, Name name, String oid, Object value ) throws NamingException;
+
/**
* Filters {@link ContextPartition#delete(Name)} call.
*/
void delete( NextInterceptor next, Name name ) throws NamingException;
+
/**
* Filters {@link ContextPartition#add(String, Name, Attributes)} call.
*/
void add( NextInterceptor next, String userProvidedName, Name normalizedName, Attributes entry ) throws NamingException;
+
/**
* Filters {@link ContextPartition#modify(Name, int, Attributes)} call.
*/
void modify( NextInterceptor next, Name name, int modOp, Attributes attributes ) throws NamingException;
+
/**
* Filters {@link ContextPartition#modify(Name, ModificationItem[])} call.
*/
void modify( NextInterceptor next, Name name, ModificationItem [] items ) throws NamingException;
+
/**
* Filters {@link ContextPartition#list(Name)} call.
*/
NamingEnumeration list( NextInterceptor next, Name baseName ) throws NamingException;
+
/**
* Filters {@link ContextPartition#search(Name, Map, ExprNode, SearchControls)} call.
*/
@@ -166,26 +181,32 @@
* Filters {@link ContextPartition#lookup(Name)} call.
*/
Attributes lookup( NextInterceptor next, Name name ) throws NamingException;
+
/**
* Filters {@link ContextPartition#lookup(Name, String[])} call.
*/
Attributes lookup( NextInterceptor next, Name dn, String [] attrIds ) throws NamingException;
+
/**
* Filters {@link ContextPartition#lookup(Name, String[])} call.
*/
boolean hasEntry( NextInterceptor next, Name name ) throws NamingException;
+
/**
* Filters {@link ContextPartition#isSuffix(Name)} call.
*/
boolean isSuffix( NextInterceptor next, Name name ) throws NamingException;
+
/**
* Filters {@link ContextPartition#modifyRn(Name, String, boolean)} call.
*/
void modifyRn( NextInterceptor next, Name name, String newRn, boolean deleteOldRn ) throws NamingException;
+
/**
* Filters {@link ContextPartition#move(Name, Name)} call.
*/
void move( NextInterceptor next, Name oldName, Name newParentName ) throws NamingException;
+
/**
* Filters {@link ContextPartition#move(Name, Name, String, boolean)} call.
*/
Modified: directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/interceptor/InterceptorChain.java
URL: http://svn.apache.org/viewcvs/directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/interceptor/InterceptorChain.java?rev=290498&r1=290497&r2=290498&view=diff
==============================================================================
--- directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/interceptor/InterceptorChain.java (original)
+++ directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/interceptor/InterceptorChain.java Tue Sep 20 11:04:43 2005
@@ -68,6 +68,12 @@
}
+ public boolean compare( NextInterceptor next, Name name, String oid, Object value ) throws NamingException
+ {
+ return nexus.compare( name, oid, value );
+ }
+
+
public Attributes getRootDSE( NextInterceptor next ) throws NamingException
{
return nexus.getRootDSE();
@@ -507,6 +513,26 @@
}
+ public boolean compare( Name name, String oid, Object value ) throws NamingException
+ {
+ Interceptor head = this.head.configuration.getInterceptor();
+ NextInterceptor next = this.head.nextInterceptor;
+ try
+ {
+ return head.compare( next, name, oid, value );
+ }
+ catch ( NamingException ne )
+ {
+ throw ne;
+ }
+ catch ( Throwable e )
+ {
+ throwInterceptorException( head, e );
+ throw new InternalError(); // Should be unreachable
+ }
+ }
+
+
public Iterator listSuffixes( boolean normalized ) throws NamingException
{
Interceptor head = this.head.configuration.getInterceptor();
@@ -844,6 +870,26 @@
this.configuration = configuration;
this.nextInterceptor = new NextInterceptor()
{
+ public boolean compare( Name name, String oid, Object value ) throws NamingException
+ {
+ Interceptor interceptor = Entry.this.nextEntry.configuration.getInterceptor();
+
+ try
+ {
+ return interceptor.compare( Entry.this.nextEntry.nextInterceptor, name, oid, value );
+ }
+ catch ( NamingException ne )
+ {
+ throw ne;
+ }
+ catch ( Throwable e )
+ {
+ throwInterceptorException( interceptor, e );
+ throw new InternalError(); // Should be unreachable
+ }
+ }
+
+
public Attributes getRootDSE() throws NamingException
{
Interceptor interceptor = Entry.this.nextEntry.configuration.getInterceptor();
Modified: directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/interceptor/NextInterceptor.java
URL: http://svn.apache.org/viewcvs/directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/interceptor/NextInterceptor.java?rev=290498&r1=290497&r2=290498&view=diff
==============================================================================
--- directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/interceptor/NextInterceptor.java (original)
+++ directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/interceptor/NextInterceptor.java Tue Sep 20 11:04:43 2005
@@ -43,6 +43,11 @@
public interface NextInterceptor
{
/**
+ * Calls the next interceptor's {@link Interceptor#compare(NextInterceptor,Name,String,Object)}.
+ */
+ boolean compare(Name name, String oid, Object value ) throws NamingException;
+
+ /**
* Calls the next interceptor's {@link Interceptor#getRootDSE(NextInterceptor)}.
*/
Attributes getRootDSE() throws NamingException;
Modified: directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/jndi/ContextPartitionNexusProxy.java
URL: http://svn.apache.org/viewcvs/directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/jndi/ContextPartitionNexusProxy.java?rev=290498&r1=290497&r2=290498&view=diff
==============================================================================
--- directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/jndi/ContextPartitionNexusProxy.java (original)
+++ directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/jndi/ContextPartitionNexusProxy.java Tue Sep 20 11:04:43 2005
@@ -153,6 +153,22 @@
}
}
+ public boolean compare( Name name, String oid, Object value ) throws NamingException
+ {
+ ensureStarted();
+ InvocationStack stack = InvocationStack.getInstance();
+ stack.push( new Invocation( caller, "compare", new Object[] { name, oid, value } ) );
+ try
+ {
+ return this.configuration.getInterceptorChain().compare( name, oid, value );
+ }
+ finally
+ {
+ stack.pop();
+ }
+ }
+
+
public void delete(Name name) throws NamingException {
ensureStarted();
InvocationStack stack = InvocationStack.getInstance();
Modified: directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/jndi/ServerLdapContext.java
URL: http://svn.apache.org/viewcvs/directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/jndi/ServerLdapContext.java?rev=290498&r1=290497&r2=290498&view=diff
==============================================================================
--- directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/jndi/ServerLdapContext.java (original)
+++ directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/jndi/ServerLdapContext.java Tue Sep 20 11:04:43 2005
@@ -142,4 +142,28 @@
{
return responseControls;
}
+
+
+ // ------------------------------------------------------------------------
+ // Additional ApacheDS Specific JNDI Functionality
+ // ------------------------------------------------------------------------
+
+
+ /**
+ * Explicitly exposes an LDAP compare operation which JNDI does not
+ * directly provide. All normalization and schema checking etcetera
+ * is handled by this call.
+ *
+ * @param name the name of the entri
+ * @param oid the name or object identifier for the attribute to compare
+ * @param value the value to compare the attribute to
+ * @return true if the entry has the value for the attribute, false otherwise
+ * @throws NamingException if the backing store cannot be accessed, or
+ * permission is not allowed for this operation or the oid is not recognized,
+ * or the attribute is not present in the entry ... you get the picture.
+ */
+ public boolean compare( Name name, String oid, Object value ) throws NamingException
+ {
+ return super.getNexusProxy().compare( name, oid, value );
+ }
}
Modified: directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/normalization/NormalizationService.java
URL: http://svn.apache.org/viewcvs/directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/normalization/NormalizationService.java?rev=290498&r1=290497&r2=290498&view=diff
==============================================================================
--- directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/normalization/NormalizationService.java (original)
+++ directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/normalization/NormalizationService.java Tue Sep 20 11:04:43 2005
@@ -247,6 +247,18 @@
}
+ public boolean compare( NextInterceptor next, Name name, String oid, Object value ) throws NamingException
+ {
+ Name normalized;
+
+ synchronized( parser )
+ {
+ normalized = parser.parse( name.toString() );
+ }
+
+ return next.compare( normalized, oid, value );
+ }
+
/**
* A normalizer that normalizes each name component specifically according to
Modified: directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/partition/ContextPartitionNexus.java
URL: http://svn.apache.org/viewcvs/directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/partition/ContextPartitionNexus.java?rev=290498&r1=290497&r2=290498&view=diff
==============================================================================
--- directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/partition/ContextPartitionNexus.java (original)
+++ directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/partition/ContextPartitionNexus.java Tue Sep 20 11:04:43 2005
@@ -134,7 +134,19 @@
* @return the attributes of the RootDSE
*/
public abstract Attributes getRootDSE() throws NamingException;
-
+
+ /**
+ * Performs a comparison check to see if an attribute of an entry has
+ * a specified value.
+ *
+ * @param name the normalized name of the entry
+ * @param oid the attribute being compared
+ * @param value the value the attribute is compared to
+ * @return true if the entry contains an attribute with the value, false otherwise
+ * @throws NamingException if there is a problem accessing the entry and its values
+ */
+ public abstract boolean compare( Name name, String oid, Object value ) throws NamingException;
+
public abstract void addContextPartition( ContextPartitionConfiguration config ) throws NamingException;
public abstract void removeContextPartition( Name suffix ) throws NamingException;
Modified: directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/partition/DefaultContextPartitionNexus.java
URL: http://svn.apache.org/viewcvs/directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/partition/DefaultContextPartitionNexus.java?rev=290498&r1=290497&r2=290498&view=diff
==============================================================================
--- directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/partition/DefaultContextPartitionNexus.java (original)
+++ directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/partition/DefaultContextPartitionNexus.java Tue Sep 20 11:04:43 2005
@@ -42,12 +42,18 @@
import org.apache.ldap.common.MultiException;
import org.apache.ldap.common.NotImplementedException;
+import org.apache.ldap.common.schema.AttributeType;
+import org.apache.ldap.common.schema.Normalizer;
import org.apache.ldap.common.exception.LdapNameNotFoundException;
+import org.apache.ldap.common.exception.LdapSchemaViolationException;
+import org.apache.ldap.common.exception.LdapInvalidAttributeIdentifierException;
+import org.apache.ldap.common.exception.LdapNoSuchAttributeException;
import org.apache.ldap.common.filter.ExprNode;
import org.apache.ldap.common.filter.PresenceNode;
import org.apache.ldap.common.message.LockableAttributeImpl;
import org.apache.ldap.common.message.LockableAttributes;
import org.apache.ldap.common.message.LockableAttributesImpl;
+import org.apache.ldap.common.message.ResultCodeEnum;
import org.apache.ldap.common.name.LdapName;
import org.apache.ldap.common.util.DateUtils;
import org.apache.ldap.common.util.NamespaceTools;
@@ -56,6 +62,7 @@
import org.apache.ldap.server.configuration.MutableContextPartitionConfiguration;
import org.apache.ldap.server.jndi.ContextFactoryConfiguration;
import org.apache.ldap.server.partition.impl.btree.jdbm.JdbmContextPartition;
+import org.apache.ldap.server.schema.AttributeTypeRegistry;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -320,9 +327,56 @@
// ------------------------------------------------------------------------
- // ContextPartitionNexus Interface Method Implementations
+ // ContextPartitionNexus Method Implementations
// ------------------------------------------------------------------------
-
+
+
+ public boolean compare( Name name, String oid, Object value ) throws NamingException
+ {
+ ContextPartition partition = getBackend( name );
+ AttributeTypeRegistry registry = factoryCfg.getGlobalRegistries().getAttributeTypeRegistry();
+
+ // complain if we do not recognize the attribute being compared
+ if ( ! registry.hasAttributeType( oid ) )
+ {
+ throw new LdapInvalidAttributeIdentifierException( oid + " not found within the attributeType registry" );
+ }
+
+ AttributeType attrType = registry.lookup( oid );
+ Attribute attr = partition.lookup( name ).get( attrType.getName() );
+
+ // complain if the attribute being compared does not exist in the entry
+ if ( attr == null )
+ {
+ throw new LdapNoSuchAttributeException();
+ }
+
+ // see first if simple match without normalization succeeds
+ if ( attr.contains( value ) )
+ {
+ return true;
+ }
+
+ // now must apply normalization to all values (attr and in request) to compare
+
+ /*
+ * Get ahold of the normalizer for the attribute and normalize the request
+ * assertion value for comparisons with normalized attribute values. Loop
+ * through all values looking for a match.
+ */
+ Normalizer normalizer = attrType.getEquality().getNormalizer();
+ String reqVal = ( String ) normalizer.normalize( value );
+ for ( int ii = 0; ii < attr.size(); ii++ )
+ {
+ String attrVal = ( String ) normalizer.normalize( attr.get( ii ) );
+ if ( attrVal.equals( reqVal ) )
+ {
+ return true;
+ }
+ }
+
+ return false;
+ }
public synchronized void addContextPartition( ContextPartitionConfiguration config ) throws NamingException