directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From akaras...@apache.org
Subject svn commit: r375522 - in /directory/trunks: apacheds/core-unit/src/main/java/org/apache/ldap/server/unit/ apacheds/core-unit/src/test/java/org/apache/ldap/server/authz/ apacheds/core-unit/src/test/java/org/apache/ldap/server/core/schema/ apacheds/core-...
Date Tue, 07 Feb 2006 07:05:54 GMT
Author: akarasulu
Date: Mon Feb  6 23:05:51 2006
New Revision: 375522

URL: http://svn.apache.org/viewcvs?rev=375522&view=rev
Log:
Merging from private branch for RC1 fixes:

 o fixes for DIREVE-328
 o test cases to try to reproduce DIREVE-308


Added:
    directory/trunks/apacheds/core-unit/src/test/java/org/apache/ldap/server/normalization/
      - copied from r375521, directory/sandbox/akarasulu/rc1refactor/apacheds/core-unit/src/test/java/org/apache/ldap/server/normalization/
    directory/trunks/apacheds/core-unit/src/test/java/org/apache/ldap/server/normalization/NormalizationServiceTest.java
  (props changed)
      - copied unchanged from r375521, directory/sandbox/akarasulu/rc1refactor/apacheds/core-unit/src/test/java/org/apache/ldap/server/normalization/NormalizationServiceTest.java
    directory/trunks/apacheds/core-unit/src/test/java/org/apache/ldap/server/schema/
      - copied from r375521, directory/sandbox/akarasulu/rc1refactor/apacheds/core-unit/src/test/java/org/apache/ldap/server/schema/
    directory/trunks/apacheds/core-unit/src/test/java/org/apache/ldap/server/schema/SchemaServiceTest.java
  (props changed)
      - copied unchanged from r375521, directory/sandbox/akarasulu/rc1refactor/apacheds/core-unit/src/test/java/org/apache/ldap/server/schema/SchemaServiceTest.java
    directory/trunks/apacheds/core-unit/src/test/resources/org/apache/ldap/server/normalization/
      - copied from r375521, directory/sandbox/akarasulu/rc1refactor/apacheds/core-unit/src/test/resources/org/apache/ldap/server/normalization/
    directory/trunks/apacheds/core-unit/src/test/resources/org/apache/ldap/server/normalization/testDireve308Example.ldif
  (props changed)
      - copied unchanged from r375521, directory/sandbox/akarasulu/rc1refactor/apacheds/core-unit/src/test/resources/org/apache/ldap/server/normalization/testDireve308Example.ldif
    directory/trunks/apacheds/core-unit/src/test/resources/org/apache/ldap/server/schema/
      - copied from r375521, directory/sandbox/akarasulu/rc1refactor/apacheds/core-unit/src/test/resources/org/apache/ldap/server/schema/
    directory/trunks/apacheds/core-unit/src/test/resources/org/apache/ldap/server/schema/nonspecific.ldif
  (props changed)
      - copied unchanged from r375521, directory/sandbox/akarasulu/rc1refactor/apacheds/core-unit/src/test/resources/org/apache/ldap/server/schema/nonspecific.ldif
Removed:
    directory/trunks/apacheds/core-unit/src/test/java/org/apache/ldap/server/core/schema/
    directory/trunks/apacheds/core-unit/src/test/resources/org/apache/ldap/server/core/schema/
Modified:
    directory/trunks/apacheds/core-unit/src/main/java/org/apache/ldap/server/unit/AbstractTestCase.java
    directory/trunks/apacheds/core-unit/src/test/java/org/apache/ldap/server/authz/SearchAuthorizationTest.java
    directory/trunks/apacheds/core/src/main/java/org/apache/ldap/server/authz/AuthorizationService.java
    directory/trunks/apacheds/core/src/main/java/org/apache/ldap/server/authz/support/RelatedUserClassFilter.java
    directory/trunks/common/ldap/src/test/java/org/apache/ldap/common/name/DnParserTest.java
  (contents, props changed)

Modified: directory/trunks/apacheds/core-unit/src/main/java/org/apache/ldap/server/unit/AbstractTestCase.java
URL: http://svn.apache.org/viewcvs/directory/trunks/apacheds/core-unit/src/main/java/org/apache/ldap/server/unit/AbstractTestCase.java?rev=375522&r1=375521&r2=375522&view=diff
==============================================================================
--- directory/trunks/apacheds/core-unit/src/main/java/org/apache/ldap/server/unit/AbstractTestCase.java
(original)
+++ directory/trunks/apacheds/core-unit/src/main/java/org/apache/ldap/server/unit/AbstractTestCase.java
Mon Feb  6 23:05:51 2006
@@ -104,6 +104,7 @@
         this.username = username;
         this.password = password;
     }
+    
 
     /**
      * Sets the LDIF path as a relative resource path to use with the
@@ -115,7 +116,6 @@
     protected void setLdifPath( String ldifPath, Class loadClass )
     {
         this.loadClass = loadClass;
-
         this.ldifPath = ldifPath;
     }
 
@@ -147,9 +147,7 @@
         // -------------------------------------------------------------------
 
         Attributes attributes = new LockableAttributesImpl();
-
         LdifParserImpl parser = new LdifParserImpl();
-
         try
         {
             parser.parse( attributes, LDIF );
@@ -158,7 +156,6 @@
         {
             throw new NestableRuntimeException( e );
         }
-
         testEntries.add( attributes );
 
         // -------------------------------------------------------------------
@@ -166,11 +163,13 @@
         // -------------------------------------------------------------------
 
         InputStream in = null;
-
-        if ( loadClass == null && ldifPath != null )
+        if ( loadClass != null && ldifPath == null )
+        {
+            in = loadClass.getResourceAsStream( getName() + ".ldif" );
+        }
+        else if ( loadClass == null && ldifPath != null )
         {
             File ldifFile = new File( ldifPath );
-
             if ( ldifFile.exists() )
             {
                 in = new FileInputStream( ldifPath );
@@ -179,7 +178,6 @@
             {
                 in = getClass().getResourceAsStream( ldifPath );
             }
-
             throw new FileNotFoundException( ldifPath );
         }
         else if ( loadClass != null && ldifPath != null )
@@ -190,15 +188,11 @@
         if ( in != null )
         {
             LdifIterator list = new LdifIterator( in );
-
             while ( list.hasNext() )
             {
                 String ldif = ( String ) list.next();
-
                 attributes = new LockableAttributesImpl();
-
                 parser.parse( attributes, ldif );
-
                 testEntries.add( attributes );
             }
         }
@@ -319,21 +313,19 @@
         env.put( Context.SECURITY_AUTHENTICATION, "simple" );
 
         try { new InitialContext( env ); } catch( Exception e ) {}
-
         sysRoot = null;
-
         Runtime.getRuntime().gc();
-
         testEntries.clear();
-
         ldifPath = null;
-
         loadClass = null;
-        
         overrides.clear();
-        
         configuration = new MutableStartupConfiguration();
-        
         doDelete( configuration.getWorkingDirectory() );
+    }
+
+
+    protected void setLoadClass( Class loadClass )
+    {
+        this.loadClass = loadClass;
     }
 }

Modified: directory/trunks/apacheds/core-unit/src/test/java/org/apache/ldap/server/authz/SearchAuthorizationTest.java
URL: http://svn.apache.org/viewcvs/directory/trunks/apacheds/core-unit/src/test/java/org/apache/ldap/server/authz/SearchAuthorizationTest.java?rev=375522&r1=375521&r2=375522&view=diff
==============================================================================
--- directory/trunks/apacheds/core-unit/src/test/java/org/apache/ldap/server/authz/SearchAuthorizationTest.java
(original)
+++ directory/trunks/apacheds/core-unit/src/test/java/org/apache/ldap/server/authz/SearchAuthorizationTest.java
Mon Feb  6 23:05:51 2006
@@ -384,6 +384,36 @@
 
 
     /**
+     * Checks to make sure name based userClass works for search operations
+     * when we vary the case of the DN.
+     *
+     * @throws javax.naming.NamingException if the test encounters an error
+     */
+    public void testGrantSearchByNameUserDnCase() throws NamingException
+    {
+        // create the non-admin user
+        createUser( "billyd", "billyd" );
+
+        // try an add operation which should fail without any ACI
+        assertFalse( checkCanSearchAs( "BillyD", "billyd" ) );
+
+        // now add a subentry that enables user billyd to add an entry below ou=system
+        createAccessControlSubentry( "billydSearch", "{ " +
+                "identificationTag \"searchAci\", " +
+                "precedence 14, " +
+                "authenticationLevel none, " +
+                "itemOrUserFirst userFirst: { " +
+                "userClasses { name { \"uid=billyd,ou=users,ou=system\" } }, " +
+                "userPermissions { { " +
+                "protectedItems {entry, allUserAttributeTypesAndValues}, " +
+                "grantsAndDenials { grantRead, grantReturnDN, grantBrowse } } } } }" );
+
+        // should work now that billyd is authorized by name
+        assertTrue( checkCanSearchAs( "BillyD", "billyd" ) );
+    }
+
+
+    /**
      * Checks to make sure subtree based userClass works for search operations.
      *
      * @throws javax.naming.NamingException if the test encounters an error

Propchange: directory/trunks/apacheds/core-unit/src/test/java/org/apache/ldap/server/normalization/NormalizationServiceTest.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: directory/trunks/apacheds/core-unit/src/test/java/org/apache/ldap/server/schema/SchemaServiceTest.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: directory/trunks/apacheds/core-unit/src/test/resources/org/apache/ldap/server/normalization/testDireve308Example.ldif
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: directory/trunks/apacheds/core-unit/src/test/resources/org/apache/ldap/server/schema/nonspecific.ldif
------------------------------------------------------------------------------
    svn:eol-style = native

Modified: directory/trunks/apacheds/core/src/main/java/org/apache/ldap/server/authz/AuthorizationService.java
URL: http://svn.apache.org/viewcvs/directory/trunks/apacheds/core/src/main/java/org/apache/ldap/server/authz/AuthorizationService.java?rev=375522&r1=375521&r2=375522&view=diff
==============================================================================
--- directory/trunks/apacheds/core/src/main/java/org/apache/ldap/server/authz/AuthorizationService.java
(original)
+++ directory/trunks/apacheds/core/src/main/java/org/apache/ldap/server/authz/AuthorizationService.java
Mon Feb  6 23:05:51 2006
@@ -330,7 +330,8 @@
     {
         // Access the principal requesting the operation, and bypass checks if it is the
admin
         Invocation invocation = InvocationStack.getInstance().peek();
-        LdapPrincipal user = ( ( ServerContext ) invocation.getCaller() ).getPrincipal();
+        LdapPrincipal principal = ( ( ServerContext ) invocation.getCaller() ).getPrincipal();
+        Name userName = dnParser.parse( principal.getName() );
 
         // bypass authz code if we are disabled
         if ( ! enabled )
@@ -340,7 +341,7 @@
         }
 
         // bypass authz code but manage caches if operation is performed by the admin
-        if ( user.getName().equalsIgnoreCase( DirectoryPartitionNexus.ADMIN_PRINCIPAL ) )
+        if ( userName.toString().equalsIgnoreCase( DirectoryPartitionNexus.ADMIN_PRINCIPAL
) )
         {
             next.add( upName, normName, entry );
             tupleCache.subentryAdded( upName, normName, entry );
@@ -358,7 +359,7 @@
         }
 
         // Assemble all the information required to make an access control decision
-        Set userGroups = groupCache.getGroups( user.getName() );
+        Set userGroups = groupCache.getGroups( userName.toString() );
         Collection tuples = new HashSet();
 
         // Build the total collection of tuples to be considered for add rights
@@ -368,7 +369,7 @@
 
         // check if entry scope permission is granted
         DirectoryPartitionNexusProxy proxy = invocation.getProxy();
-        engine.checkPermission( proxy, userGroups, user.getJndiName(), user.getAuthenticationLevel(),
+        engine.checkPermission( proxy, userGroups, userName, principal.getAuthenticationLevel(),
                 normName, null, null, ADD_PERMS, tuples, subentryAttrs );
 
         // now we must check if attribute type and value scope permission is granted
@@ -378,8 +379,8 @@
             Attribute attr = ( Attribute ) attributeList.next();
             for ( int ii = 0; ii < attr.size(); ii++ )
             {
-                engine.checkPermission( proxy, userGroups, user.getJndiName(),
-                        user.getAuthenticationLevel(), normName, attr.getID(),
+                engine.checkPermission( proxy, userGroups, userName,
+                        principal.getAuthenticationLevel(), normName, attr.getID(),
                         attr.get( ii ), ADD_PERMS, tuples, entry );
             }
         }
@@ -400,7 +401,8 @@
         Invocation invocation = InvocationStack.getInstance().peek();
         DirectoryPartitionNexusProxy proxy = invocation.getProxy();
         Attributes entry = proxy.lookup( name, DirectoryPartitionNexusProxy.LOOKUP_BYPASS
);
-        LdapPrincipal user = ( ( ServerContext ) invocation.getCaller() ).getPrincipal();
+        LdapPrincipal principal = ( ( ServerContext ) invocation.getCaller() ).getPrincipal();
+        Name userName = dnParser.parse( principal.getName() );
 
         // bypass authz code if we are disabled
         if ( ! enabled )
@@ -410,7 +412,7 @@
         }
 
         // bypass authz code but manage caches if operation is performed by the admin
-        if ( user.getName().equalsIgnoreCase( DirectoryPartitionNexus.ADMIN_PRINCIPAL ) )
+        if ( userName.toString().equalsIgnoreCase( DirectoryPartitionNexus.ADMIN_PRINCIPAL
) )
         {
             next.delete( name );
             tupleCache.subentryDeleted( name, entry );
@@ -418,13 +420,13 @@
             return;
         }
 
-        Set userGroups = groupCache.getGroups( user.getName() );
+        Set userGroups = groupCache.getGroups( userName.toString() );
         Collection tuples = new HashSet();
         addPerscriptiveAciTuples( proxy, tuples, name, entry );
         addEntryAciTuples( tuples, entry );
         addSubentryAciTuples( proxy, tuples, name, entry );
 
-        engine.checkPermission( proxy, userGroups, user.getJndiName(), user.getAuthenticationLevel(),
name, null,
+        engine.checkPermission( proxy, userGroups, userName, principal.getAuthenticationLevel(),
name, null,
                 null, REMOVE_PERMS, tuples, entry );
 
         next.delete( name );
@@ -439,7 +441,8 @@
         Invocation invocation = InvocationStack.getInstance().peek();
         DirectoryPartitionNexusProxy proxy = invocation.getProxy();
         Attributes entry = proxy.lookup( name, DirectoryPartitionNexusProxy.LOOKUP_BYPASS
);
-        LdapPrincipal user = ( ( ServerContext ) invocation.getCaller() ).getPrincipal();
+        LdapPrincipal principal = ( ( ServerContext ) invocation.getCaller() ).getPrincipal();
+        Name userName = dnParser.parse( principal.getName() );
 
         // bypass authz code if we are disabled
         if ( ! enabled )
@@ -449,7 +452,7 @@
         }
 
         // bypass authz code but manage caches if operation is performed by the admin
-        if ( user.getName().equalsIgnoreCase( DirectoryPartitionNexus.ADMIN_PRINCIPAL ) )
+        if ( userName.toString().equalsIgnoreCase( DirectoryPartitionNexus.ADMIN_PRINCIPAL
) )
         {
             next.modify( name, modOp, mods );
             tupleCache.subentryModified( name, modOp, mods, entry );
@@ -457,13 +460,13 @@
             return;
         }
 
-        Set userGroups = groupCache.getGroups( user.getName() );
+        Set userGroups = groupCache.getGroups( userName.toString() );
         Collection tuples = new HashSet();
         addPerscriptiveAciTuples( proxy, tuples, name, entry );
         addEntryAciTuples( tuples, entry );
         addSubentryAciTuples( proxy, tuples, name, entry );
 
-        engine.checkPermission( proxy, userGroups, user.getJndiName(), user.getAuthenticationLevel(),
name, null,
+        engine.checkPermission( proxy, userGroups, userName, principal.getAuthenticationLevel(),
name, null,
                 null, Collections.singleton( MicroOperation.MODIFY ), tuples, entry );
 
         NamingEnumeration attrList = mods.getAll();
@@ -486,7 +489,7 @@
             Attribute attr = ( Attribute ) attrList.next();
             for ( int ii = 0; ii < attr.size(); ii++ )
             {
-                engine.checkPermission( proxy, userGroups, user.getJndiName(), user.getAuthenticationLevel(),
+                engine.checkPermission( proxy, userGroups, userName, principal.getAuthenticationLevel(),
                         name, attr.getID(), attr.get( ii ), perms, tuples, entry );
             }
         }
@@ -503,7 +506,8 @@
         Invocation invocation = InvocationStack.getInstance().peek();
         DirectoryPartitionNexusProxy proxy = invocation.getProxy();
         Attributes entry = proxy.lookup( name, DirectoryPartitionNexusProxy.LOOKUP_BYPASS
);
-        LdapPrincipal user = ( ( ServerContext ) invocation.getCaller() ).getPrincipal();
+        LdapPrincipal principal = ( ( ServerContext ) invocation.getCaller() ).getPrincipal();
+        Name userName = dnParser.parse( principal.getName() );
 
         // bypass authz code if we are disabled
         if ( ! enabled )
@@ -513,7 +517,7 @@
         }
 
         // bypass authz code but manage caches if operation is performed by the admin
-        if ( user.getName().equalsIgnoreCase( DirectoryPartitionNexus.ADMIN_PRINCIPAL ) )
+        if ( userName.toString().equalsIgnoreCase( DirectoryPartitionNexus.ADMIN_PRINCIPAL
) )
         {
             next.modify( name, mods );
             tupleCache.subentryModified( name, mods, entry );
@@ -521,13 +525,13 @@
             return;
         }
 
-        Set userGroups = groupCache.getGroups( user.getName() );
+        Set userGroups = groupCache.getGroups( userName.toString() );
         Collection tuples = new HashSet();
         addPerscriptiveAciTuples( proxy, tuples, name, entry );
         addEntryAciTuples( tuples, entry );
         addSubentryAciTuples( proxy, tuples, name, entry );
 
-        engine.checkPermission( proxy, userGroups, user.getJndiName(), user.getAuthenticationLevel(),
name, null,
+        engine.checkPermission( proxy, userGroups, userName, principal.getAuthenticationLevel(),
name, null,
                 null, Collections.singleton( MicroOperation.MODIFY ), tuples, entry );
 
         Collection perms = null;
@@ -549,7 +553,7 @@
             Attribute attr = mods[ii].getAttribute();
             for ( int jj = 0; jj < attr.size(); jj++ )
             {
-                engine.checkPermission( proxy, userGroups, user.getJndiName(), user.getAuthenticationLevel(),
+                engine.checkPermission( proxy, userGroups, userName, principal.getAuthenticationLevel(),
                         name, attr.getID(), attr.get( jj ), perms, tuples, entry );
             }
         }
@@ -565,22 +569,23 @@
         Invocation invocation = InvocationStack.getInstance().peek();
         DirectoryPartitionNexusProxy proxy = invocation.getProxy();
         Attributes entry = proxy.lookup( name, DirectoryPartitionNexusProxy.LOOKUP_BYPASS
);
-        LdapPrincipal user = ( ( ServerContext ) invocation.getCaller() ).getPrincipal();
+        LdapPrincipal principal = ( ( ServerContext ) invocation.getCaller() ).getPrincipal();
+        Name userName = dnParser.parse( principal.getName() );
 
-        if ( user.getName().equalsIgnoreCase( DirectoryPartitionNexus.ADMIN_PRINCIPAL ) ||
! enabled
+        if ( userName.toString().equalsIgnoreCase( DirectoryPartitionNexus.ADMIN_PRINCIPAL
) || ! enabled
                 || name.toString().trim().equals( "" ) ) // no checks on the rootdse
         {
             return next.hasEntry( name );
         }
 
-        Set userGroups = groupCache.getGroups( user.getName() );
+        Set userGroups = groupCache.getGroups( userName.toString() );
         Collection tuples = new HashSet();
         addPerscriptiveAciTuples( proxy, tuples, name, entry );
         addEntryAciTuples( tuples, entry );
         addSubentryAciTuples( proxy, tuples, name, entry );
 
         // check that we have browse access to the entry
-        engine.checkPermission( proxy, userGroups, user.getJndiName(), user.getAuthenticationLevel(),
name, null,
+        engine.checkPermission( proxy, userGroups, userName, principal.getAuthenticationLevel(),
name, null,
                 null, BROWSE_PERMS, tuples, entry );
 
         return next.hasEntry( name );
@@ -602,7 +607,7 @@
      * @param entry the raw entry pulled from the nexus
      * @throws NamingException
      */
-    private void checkLookupAccess( LdapPrincipal user, Name dn, Attributes entry )
+    private void checkLookupAccess( LdapPrincipal principal, Name dn, Attributes entry )
             throws NamingException
     {
         // no permissions checks on the RootDSE
@@ -612,14 +617,15 @@
         }
 
         DirectoryPartitionNexusProxy proxy = InvocationStack.getInstance().peek().getProxy();
-        Set userGroups = groupCache.getGroups( user.getName() );
+        Name userName = dnParser.parse( principal.getName() );
+        Set userGroups = groupCache.getGroups( userName.toString() );
         Collection tuples = new HashSet();
         addPerscriptiveAciTuples( proxy, tuples, dn, entry );
         addEntryAciTuples( tuples, entry );
         addSubentryAciTuples( proxy, tuples, dn, entry );
 
         // check that we have read access to the entry
-        engine.checkPermission( proxy, userGroups, user.getJndiName(), user.getAuthenticationLevel(),
dn, null,
+        engine.checkPermission( proxy, userGroups, userName, principal.getAuthenticationLevel(),
dn, null,
                 null, LOOKUP_PERMS, tuples, entry );
 
         // check that we have read access to every attribute type and value
@@ -629,7 +635,7 @@
             Attribute attr = ( Attribute ) attributeList.next();
             for ( int ii = 0; ii < attr.size(); ii++ )
             {
-                engine.checkPermission( proxy, userGroups, user.getJndiName(), user.getAuthenticationLevel(),
dn,
+                engine.checkPermission( proxy, userGroups, userName, principal.getAuthenticationLevel(),
dn,
                         attr.getID(), attr.get( ii ), READ_PERMS, tuples, entry );
             }
         }
@@ -641,15 +647,14 @@
         Invocation invocation = InvocationStack.getInstance().peek();
         DirectoryPartitionNexusProxy proxy = invocation.getProxy();
         Attributes entry = proxy.lookup( dn, DirectoryPartitionNexusProxy.LOOKUP_BYPASS );
-        LdapPrincipal user = ( ( ServerContext ) invocation.getCaller() ).getPrincipal();
+        LdapPrincipal principal = ( ( ServerContext ) invocation.getCaller() ).getPrincipal();
 
-        if ( user.getName().equalsIgnoreCase( DirectoryPartitionNexus.ADMIN_PRINCIPAL ) ||
! enabled )
+        if ( principal.getName().equalsIgnoreCase( DirectoryPartitionNexus.ADMIN_PRINCIPAL
) || ! enabled )
         {
             return next.lookup( dn, attrIds );
         }
 
-        checkLookupAccess( user, dn, entry );
-
+        checkLookupAccess( principal, dn, entry );
         return next.lookup( dn, attrIds );
     }
 
@@ -667,7 +672,6 @@
         }
 
         checkLookupAccess( user, name, entry );
-
         return next.lookup( name );
     }
 
@@ -678,7 +682,8 @@
         Invocation invocation = InvocationStack.getInstance().peek();
         DirectoryPartitionNexusProxy proxy = invocation.getProxy();
         Attributes entry = proxy.lookup( name, DirectoryPartitionNexusProxy.LOOKUP_BYPASS
);
-        LdapPrincipal user = ( ( ServerContext ) invocation.getCaller() ).getPrincipal();
+        LdapPrincipal principal = ( ( ServerContext ) invocation.getCaller() ).getPrincipal();
+        Name userName = dnParser.parse( principal.getName() );
         Name newName = ( Name ) name.clone();
         newName.remove( name.size() - 1 );
         newName.add( dnParser.parse( newRn ).get( 0 ) );
@@ -692,7 +697,7 @@
         }
 
         // bypass authz code but manage caches if operation is performed by the admin
-        if ( user.getName().equalsIgnoreCase( DirectoryPartitionNexus.ADMIN_PRINCIPAL ) )
+        if ( userName.toString().equalsIgnoreCase( DirectoryPartitionNexus.ADMIN_PRINCIPAL
) )
         {
             next.modifyRn( name, newRn, deleteOldRn );
             tupleCache.subentryRenamed( name, newName );
@@ -702,13 +707,13 @@
             return;
         }
 
-        Set userGroups = groupCache.getGroups( user.getName() );
+        Set userGroups = groupCache.getGroups( userName.toString() );
         Collection tuples = new HashSet();
         addPerscriptiveAciTuples( proxy, tuples, name, entry );
         addEntryAciTuples( tuples, entry );
         addSubentryAciTuples( proxy, tuples, name, entry );
 
-        engine.checkPermission( proxy, userGroups, user.getJndiName(), user.getAuthenticationLevel(),
name, null,
+        engine.checkPermission( proxy, userGroups, userName, principal.getAuthenticationLevel(),
name, null,
                 null, RENAME_PERMS, tuples, entry );
 
 //        if ( deleteOldRn )
@@ -751,7 +756,8 @@
         Invocation invocation = InvocationStack.getInstance().peek();
         DirectoryPartitionNexusProxy proxy = invocation.getProxy();
         Attributes entry = proxy.lookup( oriChildName, DirectoryPartitionNexusProxy.LOOKUP_BYPASS
);
-        LdapPrincipal user = ( ( ServerContext ) invocation.getCaller() ).getPrincipal();
+        LdapPrincipal principal = ( ( ServerContext ) invocation.getCaller() ).getPrincipal();
+        Name userName = dnParser.parse( principal.getName() );
         Name newName = ( Name ) newParentName.clone();
         newName.add( newRn );
 
@@ -763,7 +769,7 @@
         }
 
         // bypass authz code but manage caches if operation is performed by the admin
-        if ( user.getName().equalsIgnoreCase( DirectoryPartitionNexus.ADMIN_PRINCIPAL ) )
+        if ( userName.toString().equalsIgnoreCase( DirectoryPartitionNexus.ADMIN_PRINCIPAL
) )
         {
             next.move( oriChildName, newParentName, newRn, deleteOldRn );
             tupleCache.subentryRenamed( oriChildName, newName );
@@ -771,20 +777,20 @@
             return;
         }
 
-        Set userGroups = groupCache.getGroups( user.getName() );
+        Set userGroups = groupCache.getGroups( userName.toString() );
         Collection tuples = new HashSet();
         addPerscriptiveAciTuples( proxy, tuples, oriChildName, entry );
         addEntryAciTuples( tuples, entry );
         addSubentryAciTuples( proxy, tuples, oriChildName, entry );
 
-        engine.checkPermission( proxy, userGroups, user.getJndiName(), user.getAuthenticationLevel(),
+        engine.checkPermission( proxy, userGroups, userName, principal.getAuthenticationLevel(),
                 oriChildName, null, null, MOVERENAME_PERMS, tuples, entry );
 
         Collection destTuples = new HashSet();
         addPerscriptiveAciTuples( proxy, destTuples, oriChildName, entry );
         addEntryAciTuples( destTuples, entry );
         addSubentryAciTuples( proxy, destTuples, oriChildName, entry );
-        engine.checkPermission( proxy, userGroups, user.getJndiName(), user.getAuthenticationLevel(),
+        engine.checkPermission( proxy, userGroups, userName, principal.getAuthenticationLevel(),
                 oriChildName, null, null, IMPORT_PERMS, tuples, entry );
 
 //        if ( deleteOldRn )
@@ -828,7 +834,8 @@
         Attributes entry = proxy.lookup( oriChildName, DirectoryPartitionNexusProxy.LOOKUP_BYPASS
);
         Name newName = ( Name ) newParentName.clone();
         newName.add( oriChildName.get( oriChildName.size() - 1 ) );
-        LdapPrincipal user = ( ( ServerContext ) invocation.getCaller() ).getPrincipal();
+        LdapPrincipal principal = ( ( ServerContext ) invocation.getCaller() ).getPrincipal();
+        Name userName = dnParser.parse( principal.getName() );
 
         // bypass authz code if we are disabled
         if ( ! enabled )
@@ -838,7 +845,7 @@
         }
 
         // bypass authz code but manage caches if operation is performed by the admin
-        if ( user.getName().equalsIgnoreCase( DirectoryPartitionNexus.ADMIN_PRINCIPAL ) )
+        if ( userName.toString().equalsIgnoreCase( DirectoryPartitionNexus.ADMIN_PRINCIPAL
) )
         {
             next.move( oriChildName, newParentName );
             tupleCache.subentryRenamed( oriChildName, newName );
@@ -846,20 +853,20 @@
             return;
         }
 
-        Set userGroups = groupCache.getGroups( user.getName() );
+        Set userGroups = groupCache.getGroups( userName.toString() );
         Collection tuples = new HashSet();
         addPerscriptiveAciTuples( proxy, tuples, oriChildName, entry );
         addEntryAciTuples( tuples, entry );
         addSubentryAciTuples( proxy, tuples, oriChildName, entry );
 
-        engine.checkPermission( proxy, userGroups, user.getJndiName(), user.getAuthenticationLevel(),
+        engine.checkPermission( proxy, userGroups, userName, principal.getAuthenticationLevel(),
                 oriChildName, null, null, EXPORT_PERMS, tuples, entry );
 
         Collection destTuples = new HashSet();
         addPerscriptiveAciTuples( proxy, destTuples, oriChildName, entry );
         addEntryAciTuples( destTuples, entry );
         addSubentryAciTuples( proxy, destTuples, oriChildName, entry );
-        engine.checkPermission( proxy, userGroups, user.getJndiName(), user.getAuthenticationLevel(),
+        engine.checkPermission( proxy, userGroups, userName, principal.getAuthenticationLevel(),
                 oriChildName, null, null, IMPORT_PERMS, tuples, entry );
 
         next.move( oriChildName, newParentName );
@@ -911,21 +918,23 @@
         Invocation invocation = InvocationStack.getInstance().peek();
         DirectoryPartitionNexusProxy proxy = invocation.getProxy();
         Attributes entry = proxy.lookup( name, DirectoryPartitionNexusProxy.LOOKUP_BYPASS
);
-        LdapPrincipal user = ( ( ServerContext ) invocation.getCaller() ).getPrincipal();
-        if ( user.getName().equalsIgnoreCase( DirectoryPartitionNexus.ADMIN_PRINCIPAL ) ||
! enabled )
+        LdapPrincipal principal = ( ( ServerContext ) invocation.getCaller() ).getPrincipal();
+        Name userName = dnParser.parse( principal.getName() );
+
+        if ( userName.toString().equalsIgnoreCase( DirectoryPartitionNexus.ADMIN_PRINCIPAL
) || ! enabled )
         {
             return next.compare( name, oid, value );
         }
 
-        Set userGroups = groupCache.getGroups( user.getName() );
+        Set userGroups = groupCache.getGroups( userName.toString() );
         Collection tuples = new HashSet();
         addPerscriptiveAciTuples( proxy, tuples, name, entry );
         addEntryAciTuples( tuples, entry );
         addSubentryAciTuples( proxy, tuples, name, entry );
 
-        engine.checkPermission( proxy, userGroups, user.getJndiName(), user.getAuthenticationLevel(),
name, null,
+        engine.checkPermission( proxy, userGroups, userName, principal.getAuthenticationLevel(),
name, null,
                 null, READ_PERMS, tuples, entry );
-        engine.checkPermission( proxy, userGroups, user.getJndiName(), user.getAuthenticationLevel(),
name, oid,
+        engine.checkPermission( proxy, userGroups, userName, principal.getAuthenticationLevel(),
name, oid,
                 value, COMPARE_PERMS, tuples, entry );
 
         return next.compare( name, oid, value );
@@ -937,8 +946,9 @@
         // Access the principal requesting the operation, and bypass checks if it is the
admin
         Invocation invocation = InvocationStack.getInstance().peek();
         DirectoryPartitionNexusProxy proxy = invocation.getProxy();
-        LdapPrincipal user = ( ( ServerContext ) invocation.getCaller() ).getPrincipal();
-        if ( user.getName().equalsIgnoreCase( DirectoryPartitionNexus.ADMIN_PRINCIPAL ) ||
! enabled )
+        LdapPrincipal principal = ( ( ServerContext ) invocation.getCaller() ).getPrincipal();
+        Name userName = dnParser.parse( principal.getName() );
+        if ( userName.toString().equalsIgnoreCase( DirectoryPartitionNexus.ADMIN_PRINCIPAL
) || ! enabled )
         {
             return next.getMatchedName( dn, normalized );
         }
@@ -961,14 +971,14 @@
                 entry = proxy.lookup( matched, DirectoryPartitionNexusProxy.LOOKUP_BYPASS
);
             }
 
-            Set userGroups = groupCache.getGroups( user.getName() );
+            Set userGroups = groupCache.getGroups( userName.toString() );
             Collection tuples = new HashSet();
             addPerscriptiveAciTuples( proxy, tuples, matched, entry );
             addEntryAciTuples( tuples, entry );
             addSubentryAciTuples( proxy, tuples, matched, entry );
 
-            if ( engine.hasPermission( proxy, userGroups, user.getJndiName(),
-                    user.getAuthenticationLevel(), matched, null, null,
+            if ( engine.hasPermission( proxy, userGroups, userName,
+                    principal.getAuthenticationLevel(), matched, null, null,
                     MATCHEDNAME_PERMS, tuples, entry ) )
             {
                 return matched;
@@ -996,7 +1006,7 @@
         */
         Attributes entry = invocation.getProxy().lookup( normName, DirectoryPartitionNexusProxy.LOOKUP_BYPASS
);
         ServerLdapContext ctx = ( ServerLdapContext ) invocation.getCaller();
-        Name userDn = ctx.getPrincipal().getJndiName();
+        Name userDn = dnParser.parse( ctx.getPrincipal().getName() );
         Set userGroups = groupCache.getGroups( userDn.toString() );
         Collection tuples = new HashSet();
         addPerscriptiveAciTuples( invocation.getProxy(), tuples, normName, entry );

Modified: directory/trunks/apacheds/core/src/main/java/org/apache/ldap/server/authz/support/RelatedUserClassFilter.java
URL: http://svn.apache.org/viewcvs/directory/trunks/apacheds/core/src/main/java/org/apache/ldap/server/authz/support/RelatedUserClassFilter.java?rev=375522&r1=375521&r2=375522&view=diff
==============================================================================
--- directory/trunks/apacheds/core/src/main/java/org/apache/ldap/server/authz/support/RelatedUserClassFilter.java
(original)
+++ directory/trunks/apacheds/core/src/main/java/org/apache/ldap/server/authz/support/RelatedUserClassFilter.java
Mon Feb  6 23:05:51 2006
@@ -43,7 +43,7 @@
  */
 public class RelatedUserClassFilter implements ACITupleFilter
 {
-    private static final LdapName ROOTDSE_NAME = new LdapName();
+    private static final LdapName ROOTDSE_NAME = LdapName.EMPTY_LDAP_NAME;
 
     private final SubtreeEvaluator subtreeEvaluator;
 

Modified: directory/trunks/common/ldap/src/test/java/org/apache/ldap/common/name/DnParserTest.java
URL: http://svn.apache.org/viewcvs/directory/trunks/common/ldap/src/test/java/org/apache/ldap/common/name/DnParserTest.java?rev=375522&r1=375521&r2=375522&view=diff
==============================================================================
--- directory/trunks/common/ldap/src/test/java/org/apache/ldap/common/name/DnParserTest.java
(original)
+++ directory/trunks/common/ldap/src/test/java/org/apache/ldap/common/name/DnParserTest.java
Mon Feb  6 23:05:51 2006
@@ -25,6 +25,7 @@
 import junit.framework.TestCase;
 
 import org.apache.ldap.common.schema.DnNormalizer;
+import org.apache.ldap.common.schema.Normalizer;
 
 
 /**
@@ -318,6 +319,25 @@
         
         assertEquals( cn, result.toString() );
 
+    }
+    
+    public void testDireve308Example() throws Exception
+    {
+        // seems to work without normalizers 
+        String dn = "ou=Corporate Category\\, Operations,ou=direct report view";
+        DnParser parser = new DnParser();
+        String result = parser.parse( dn ).toString();
+        assertEquals( dn, result );
+        
+        // now we try with normalization: simple as is normalizer
+        parser = new DnParser( new SimpleNameComponentNormalizer( new Normalizer() {
+            public Object normalize( Object value ) throws NamingException
+            {
+                return ( ( String ) value ).toLowerCase();
+            }
+        } ) );
+        result = parser.parse( dn ).toString();
+        assertEquals( dn.toLowerCase(), result.toString() );
     }
 
 }  // end class DnParserTest

Propchange: directory/trunks/common/ldap/src/test/java/org/apache/ldap/common/name/DnParserTest.java
------------------------------------------------------------------------------
    svn:eol-style = native



Mime
View raw message