directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From trus...@apache.org
Subject svn commit: r292631 - /directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/authz/support/
Date Fri, 30 Sep 2005 04:45:50 GMT
Author: trustin
Date: Thu Sep 29 21:45:42 2005
New Revision: 292631

URL: http://svn.apache.org/viewcvs?rev=292631&view=rev
Log:
Changed method signature to let users specify multiple user group names.

Modified:
    directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/authz/support/ACDFEngine.java
    directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/authz/support/ACITupleFilter.java
    directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/authz/support/HighestPrecedenceFilter.java
    directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/authz/support/MaxImmSubFilter.java
    directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/authz/support/MaxValueCountFilter.java
    directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/authz/support/MicroOperationFilter.java
    directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/authz/support/MostSpecificProtectedItemFilter.java
    directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/authz/support/MostSpecificUserClassFilter.java
    directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/authz/support/RelatedProtectedItemFilter.java
    directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/authz/support/RelatedUserClassFilter.java
    directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/authz/support/RestrictedByFilter.java

Modified: directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/authz/support/ACDFEngine.java
URL: http://svn.apache.org/viewcvs/directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/authz/support/ACDFEngine.java?rev=292631&r1=292630&r2=292631&view=diff
==============================================================================
--- directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/authz/support/ACDFEngine.java
(original)
+++ directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/authz/support/ACDFEngine.java
Thu Sep 29 21:45:42 2005
@@ -70,7 +70,7 @@
      * if the user doesn't have any permission to perform the specified grants.
      * 
      * @param next the next interceptor to the current interceptor
-     * @param userGroupName the DN of the group of the user who is trying to access the resource
+     * @param userGroupNames the DN of the group of the user who is trying to access the
resource
      * @param username the DN of the user who is trying to access the resource
      * @param entryName the DN of the entry the user is trying to access 
      * @param attrId the attribute type of the attribute the user is trying to access.
@@ -83,13 +83,13 @@
      */
     public void checkPermission(
             NextInterceptor next,
-            Name userGroupName, Name username, AuthenticationLevel authenticationLevel,
+            Collection userGroupNames, Name username, AuthenticationLevel authenticationLevel,
             Name entryName, String attrId, Object attrValue,
             Collection microOperations, Collection aciTuples ) throws NamingException 
     {
         if( !hasPermission(
                 next,
-                userGroupName, username, authenticationLevel,
+                userGroupNames, username, authenticationLevel,
                 entryName, attrId, attrValue,
                 microOperations, aciTuples ) )
         {
@@ -103,7 +103,7 @@
      * if the user doesn't have any permission to perform the specified grants.
      * 
      * @param next the next interceptor to the current interceptor 
-     * @param userGroupName the DN of the group of the user who is trying to access the resource
+     * @param userGroupNames the DN of the group of the user who is trying to access the
resource
      * @param userName the DN of the user who is trying to access the resource
      * @param entryName the DN of the entry the user is trying to access 
      * @param attrId the attribute type of the attribute the user is trying to access.
@@ -115,7 +115,7 @@
      */
     public boolean hasPermission(
             NextInterceptor next, 
-            Name userGroupName, Name userName, AuthenticationLevel authenticationLevel,
+            Collection userGroupNames, Name userName, AuthenticationLevel authenticationLevel,
             Name entryName, String attrId, Object attrValue,
             Collection microOperations, Collection aciTuples ) throws NamingException
     {
@@ -151,7 +151,7 @@
             ACITupleFilter filter = filters[ i ];
             aciTuples = filter.filter(
                     aciTuples, scope, next,
-                    userGroupName, userName, userEntry, authenticationLevel,
+                    userGroupNames, userName, userEntry, authenticationLevel,
                     entryName, attrId, attrValue, entry, microOperations );
         }
         

Modified: directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/authz/support/ACITupleFilter.java
URL: http://svn.apache.org/viewcvs/directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/authz/support/ACITupleFilter.java?rev=292631&r1=292630&r2=292631&view=diff
==============================================================================
--- directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/authz/support/ACITupleFilter.java
(original)
+++ directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/authz/support/ACITupleFilter.java
Thu Sep 29 21:45:42 2005
@@ -31,7 +31,7 @@
 {
     Collection filter(
             Collection tuples, OperationScope scope, NextInterceptor next,
-            Name userGroupName, Name userName, Attributes userEntry,
+            Collection userGroupNames, Name userName, Attributes userEntry,
             AuthenticationLevel authenticationLevel,
             Name entryName, String attrId, Object attrValue, Attributes entry,
             Collection microOperations ) throws NamingException;

Modified: directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/authz/support/HighestPrecedenceFilter.java
URL: http://svn.apache.org/viewcvs/directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/authz/support/HighestPrecedenceFilter.java?rev=292631&r1=292630&r2=292631&view=diff
==============================================================================
--- directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/authz/support/HighestPrecedenceFilter.java
(original)
+++ directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/authz/support/HighestPrecedenceFilter.java
Thu Sep 29 21:45:42 2005
@@ -31,7 +31,7 @@
 
 public class HighestPrecedenceFilter implements ACITupleFilter
 {
-    public Collection filter( Collection tuples, OperationScope scope, NextInterceptor next,
Name userGroupName, Name userName, Attributes userEntry, AuthenticationLevel authenticationLevel,
Name entryName, String attrId, Object attrValue, Attributes entry, Collection microOperations
) throws NamingException
+    public Collection filter( Collection tuples, OperationScope scope, NextInterceptor next,
Collection userGroupNames, Name userName, Attributes userEntry, AuthenticationLevel authenticationLevel,
Name entryName, String attrId, Object attrValue, Attributes entry, Collection microOperations
) throws NamingException
     {
         if( tuples.size() <= 1 )
         {

Modified: directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/authz/support/MaxImmSubFilter.java
URL: http://svn.apache.org/viewcvs/directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/authz/support/MaxImmSubFilter.java?rev=292631&r1=292630&r2=292631&view=diff
==============================================================================
--- directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/authz/support/MaxImmSubFilter.java
(original)
+++ directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/authz/support/MaxImmSubFilter.java
Thu Sep 29 21:45:42 2005
@@ -47,7 +47,7 @@
         childrenSearchControls.setSearchScope( SearchControls.ONELEVEL_SCOPE );
     }
     
-    public Collection filter( Collection tuples, OperationScope scope, NextInterceptor next,
Name userGroupName, Name userName, Attributes userEntry, AuthenticationLevel authenticationLevel,
Name entryName, String attrId, Object attrValue, Attributes entry, Collection microOperations
) throws NamingException
+    public Collection filter( Collection tuples, OperationScope scope, NextInterceptor next,
Collection userGroupNames, Name userName, Attributes userEntry, AuthenticationLevel authenticationLevel,
Name entryName, String attrId, Object attrValue, Attributes entry, Collection microOperations
) throws NamingException
     {
         if( entryName.size() == 0 )
         {

Modified: directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/authz/support/MaxValueCountFilter.java
URL: http://svn.apache.org/viewcvs/directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/authz/support/MaxValueCountFilter.java?rev=292631&r1=292630&r2=292631&view=diff
==============================================================================
--- directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/authz/support/MaxValueCountFilter.java
(original)
+++ directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/authz/support/MaxValueCountFilter.java
Thu Sep 29 21:45:42 2005
@@ -34,7 +34,7 @@
 
 public class MaxValueCountFilter implements ACITupleFilter
 {
-    public Collection filter( Collection tuples, OperationScope scope, NextInterceptor next,
Name userGroupName, Name userName, Attributes userEntry, AuthenticationLevel authenticationLevel,
Name entryName, String attrId, Object attrValue, Attributes entry, Collection microOperations
) throws NamingException
+    public Collection filter( Collection tuples, OperationScope scope, NextInterceptor next,
Collection userGroupNames, Name userName, Attributes userEntry, AuthenticationLevel authenticationLevel,
Name entryName, String attrId, Object attrValue, Attributes entry, Collection microOperations
) throws NamingException
     {
         if( scope != OperationScope.ATTRIBUTE_TYPE_AND_VALUE )
         {

Modified: directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/authz/support/MicroOperationFilter.java
URL: http://svn.apache.org/viewcvs/directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/authz/support/MicroOperationFilter.java?rev=292631&r1=292630&r2=292631&view=diff
==============================================================================
--- directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/authz/support/MicroOperationFilter.java
(original)
+++ directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/authz/support/MicroOperationFilter.java
Thu Sep 29 21:45:42 2005
@@ -32,7 +32,7 @@
 
 public class MicroOperationFilter implements ACITupleFilter
 {
-    public Collection filter( Collection tuples, OperationScope scope, NextInterceptor next,
Name userGroupName, Name userName, Attributes userEntry, AuthenticationLevel authenticationLevel,
Name entryName, String attrId, Object attrValue, Attributes entry, Collection microOperations
) throws NamingException
+    public Collection filter( Collection tuples, OperationScope scope, NextInterceptor next,
Collection userGroupNames, Name userName, Attributes userEntry, AuthenticationLevel authenticationLevel,
Name entryName, String attrId, Object attrValue, Attributes entry, Collection microOperations
) throws NamingException
     {
         if( tuples.size() == 0 )
         {

Modified: directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/authz/support/MostSpecificProtectedItemFilter.java
URL: http://svn.apache.org/viewcvs/directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/authz/support/MostSpecificProtectedItemFilter.java?rev=292631&r1=292630&r2=292631&view=diff
==============================================================================
--- directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/authz/support/MostSpecificProtectedItemFilter.java
(original)
+++ directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/authz/support/MostSpecificProtectedItemFilter.java
Thu Sep 29 21:45:42 2005
@@ -33,7 +33,7 @@
 
 public class MostSpecificProtectedItemFilter implements ACITupleFilter
 {
-    public Collection filter( Collection tuples, OperationScope scope, NextInterceptor next,
Name userGroupName, Name userName, Attributes userEntry, AuthenticationLevel authenticationLevel,
Name entryName, String attrId, Object attrValue, Attributes entry, Collection microOperations
) throws NamingException
+    public Collection filter( Collection tuples, OperationScope scope, NextInterceptor next,
Collection userGroupNames, Name userName, Attributes userEntry, AuthenticationLevel authenticationLevel,
Name entryName, String attrId, Object attrValue, Attributes entry, Collection microOperations
) throws NamingException
     {
         if( tuples.size() <= 1 )
         {

Modified: directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/authz/support/MostSpecificUserClassFilter.java
URL: http://svn.apache.org/viewcvs/directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/authz/support/MostSpecificUserClassFilter.java?rev=292631&r1=292630&r2=292631&view=diff
==============================================================================
--- directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/authz/support/MostSpecificUserClassFilter.java
(original)
+++ directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/authz/support/MostSpecificUserClassFilter.java
Thu Sep 29 21:45:42 2005
@@ -33,7 +33,7 @@
 
 public class MostSpecificUserClassFilter implements ACITupleFilter
 {
-    public Collection filter( Collection tuples, OperationScope scope, NextInterceptor next,
Name userGroupName, Name userName, Attributes userEntry, AuthenticationLevel authenticationLevel,
Name entryName, String attrId, Object attrValue, Attributes entry, Collection microOperations
) throws NamingException
+    public Collection filter( Collection tuples, OperationScope scope, NextInterceptor next,
Collection userGroupNames, Name userName, Attributes userEntry, AuthenticationLevel authenticationLevel,
Name entryName, String attrId, Object attrValue, Attributes entry, Collection microOperations
) throws NamingException
     {
         if( tuples.size() <= 1 )
         {

Modified: directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/authz/support/RelatedProtectedItemFilter.java
URL: http://svn.apache.org/viewcvs/directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/authz/support/RelatedProtectedItemFilter.java?rev=292631&r1=292630&r2=292631&view=diff
==============================================================================
--- directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/authz/support/RelatedProtectedItemFilter.java
(original)
+++ directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/authz/support/RelatedProtectedItemFilter.java
Thu Sep 29 21:45:42 2005
@@ -52,7 +52,7 @@
         this.entryEvaluator = entryEvaluator;
     }
 
-    public Collection filter( Collection tuples, OperationScope scope, NextInterceptor next,
Name userGroupName, Name userName, Attributes userEntry, AuthenticationLevel authenticationLevel,
Name entryName, String attrId, Object attrValue, Attributes entry, Collection microOperations
) throws NamingException
+    public Collection filter( Collection tuples, OperationScope scope, NextInterceptor next,
Collection userGroupNames, Name userName, Attributes userEntry, AuthenticationLevel authenticationLevel,
Name entryName, String attrId, Object attrValue, Attributes entry, Collection microOperations
) throws NamingException
     {
         if( tuples.size() == 0 )
         {

Modified: directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/authz/support/RelatedUserClassFilter.java
URL: http://svn.apache.org/viewcvs/directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/authz/support/RelatedUserClassFilter.java?rev=292631&r1=292630&r2=292631&view=diff
==============================================================================
--- directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/authz/support/RelatedUserClassFilter.java
(original)
+++ directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/authz/support/RelatedUserClassFilter.java
Thu Sep 29 21:45:42 2005
@@ -44,7 +44,7 @@
         this.subtreeEvaluator = subtreeEvaluator;
     }
     
-    public Collection filter( Collection tuples, OperationScope scope, NextInterceptor next,
Name userGroupName, Name userName, Attributes userEntry, AuthenticationLevel authenticationLevel,
Name entryName, String attrId, Object attrValue, Attributes entry, Collection microOperations
) throws NamingException
+    public Collection filter( Collection tuples, OperationScope scope, NextInterceptor next,
Collection userGroupNames, Name userName, Attributes userEntry, AuthenticationLevel authenticationLevel,
Name entryName, String attrId, Object attrValue, Attributes entry, Collection microOperations
) throws NamingException
     {
         if( tuples.size() == 0 )
         {
@@ -56,7 +56,7 @@
             ACITuple tuple = ( ACITuple ) i.next();
             if( tuple.isGrant() )
             {
-                if( !isRelated( userGroupName, userName, userEntry, entryName, tuple.getUserClasses()
) ||
+                if( !isRelated( userGroupNames, userName, userEntry, entryName, tuple.getUserClasses()
) ||
                         authenticationLevel.compareTo( tuple.getAuthenticationLevel() ) <
0 )
                 {
                     i.remove();
@@ -64,7 +64,7 @@
             }
             else // Denials
             {
-                if( !isRelated( userGroupName, userName, userEntry, entryName, tuple.getUserClasses()
) &&
+                if( !isRelated( userGroupNames, userName, userEntry, entryName, tuple.getUserClasses()
) &&
                         authenticationLevel.compareTo( tuple.getAuthenticationLevel() ) >=
0 )
                 {
                     i.remove();
@@ -75,7 +75,7 @@
         return tuples;
     }
     
-    private boolean isRelated( Name userGroupName, Name userName, Attributes userEntry, Name
entryName, Collection userClasses ) throws NamingException
+    private boolean isRelated( Collection userGroupNames, Name userName, Attributes userEntry,
Name entryName, Collection userClasses ) throws NamingException
     {
         for( Iterator i = userClasses.iterator(); i.hasNext(); )
         {
@@ -102,9 +102,13 @@
             else if( userClass instanceof UserClass.UserGroup )
             {
                 UserClass.UserGroup userGroupUserClass = ( UserClass.UserGroup ) userClass;
-                if( userGroupName != null && userGroupUserClass.getNames().contains(
userGroupName ) )
+                for( Iterator j = userGroupNames.iterator(); j.hasNext(); )
                 {
-                    return true;
+                    Name userGroupName = ( Name ) j.next();
+                    if( userGroupName != null && userGroupUserClass.getNames().contains(
userGroupName ) )
+                    {
+                        return true;
+                    }
                 }
             }
             else if( userClass instanceof UserClass.Subtree )

Modified: directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/authz/support/RestrictedByFilter.java
URL: http://svn.apache.org/viewcvs/directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/authz/support/RestrictedByFilter.java?rev=292631&r1=292630&r2=292631&view=diff
==============================================================================
--- directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/authz/support/RestrictedByFilter.java
(original)
+++ directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/authz/support/RestrictedByFilter.java
Thu Sep 29 21:45:42 2005
@@ -34,7 +34,7 @@
 
 public class RestrictedByFilter implements ACITupleFilter
 {
-    public Collection filter( Collection tuples, OperationScope scope, NextInterceptor next,
Name userGroupName, Name userName, Attributes userEntry, AuthenticationLevel authenticationLevel,
Name entryName, String attrId, Object attrValue, Attributes entry, Collection microOperations
) throws NamingException
+    public Collection filter( Collection tuples, OperationScope scope, NextInterceptor next,
Collection userGroupNames, Name userName, Attributes userEntry, AuthenticationLevel authenticationLevel,
Name entryName, String attrId, Object attrValue, Attributes entry, Collection microOperations
) throws NamingException
     {
         if( scope != OperationScope.ATTRIBUTE_TYPE_AND_VALUE )
         {



Mime
View raw message