directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From akaras...@apache.org
Subject svn commit: r376623 [3/38] - in /directory/sandbox/akarasulu/rc1/apacheds: core-plugin/src/main/java/org/apache/directory/server/core/tools/schema/ core-plugin/src/test/java/org/apache/directory/server/core/tools/schema/ core-shared/src/main/java/org/a...
Date Fri, 10 Feb 2006 10:49:57 GMT
Modified: directory/sandbox/akarasulu/rc1/apacheds/core-unit/src/test/java/org/apache/directory/server/core/authz/ModifyAuthorizationTest.java
URL: http://svn.apache.org/viewcvs/directory/sandbox/akarasulu/rc1/apacheds/core-unit/src/test/java/org/apache/directory/server/core/authz/ModifyAuthorizationTest.java?rev=376623&r1=376622&r2=376623&view=diff
==============================================================================
--- directory/sandbox/akarasulu/rc1/apacheds/core-unit/src/test/java/org/apache/directory/server/core/authz/ModifyAuthorizationTest.java (original)
+++ directory/sandbox/akarasulu/rc1/apacheds/core-unit/src/test/java/org/apache/directory/server/core/authz/ModifyAuthorizationTest.java Fri Feb 10 02:48:07 2006
@@ -55,7 +55,7 @@
      * @throws javax.naming.NamingException if there are problems conducting the test
      */
     public boolean checkCanModifyAs( String uid, String password, String entryRdn, ModificationItem[] mods )
-            throws NamingException
+        throws NamingException
     {
         // create the entry with the telephoneNumber attribute to modify
         Attributes testEntry = new BasicAttributes( "ou", "testou", true );
@@ -63,14 +63,14 @@
         testEntry.put( objectClass );
         objectClass.add( "top" );
         objectClass.add( "organizationalUnit" );
-        testEntry.put( "telephoneNumber", "867-5309" );  // jenny don't change your number
+        testEntry.put( "telephoneNumber", "867-5309" ); // jenny don't change your number
 
         DirContext adminContext = getContextAsAdmin();
 
         try
         {
             // create the entry as admin
-            LdapName userName = new LdapName( "uid="+uid+",ou=users,ou=system" );
+            LdapName userName = new LdapName( "uid=" + uid + ",ou=users,ou=system" );
             adminContext.createSubcontext( entryRdn, testEntry );
 
             // modify the entry as the user
@@ -111,7 +111,7 @@
      * @throws javax.naming.NamingException if there are problems conducting the test
      */
     public boolean checkCanModifyAs( String uid, String password, String entryRdn, int modOp, Attributes mods )
-            throws NamingException
+        throws NamingException
     {
         // create the entry with the telephoneNumber attribute to modify
         Attributes testEntry = new BasicAttributes( "ou", "testou", true );
@@ -119,14 +119,14 @@
         testEntry.put( objectClass );
         objectClass.add( "top" );
         objectClass.add( "organizationalUnit" );
-        testEntry.put( "telephoneNumber", "867-5309" );  // jenny don't change your number
+        testEntry.put( "telephoneNumber", "867-5309" ); // jenny don't change your number
 
         DirContext adminContext = getContextAsAdmin();
 
         try
         {
             // create the entry as admin
-            LdapName userName = new LdapName( "uid="+uid+",ou=users,ou=system" );
+            LdapName userName = new LdapName( "uid=" + uid + ",ou=users,ou=system" );
             adminContext.createSubcontext( entryRdn, testEntry );
 
             // modify the entry as the user
@@ -160,13 +160,12 @@
      * false otherwise.
      * @throws javax.naming.NamingException if there are problems conducting the test
      */
-    public boolean checkCanSelfModify( String uid, String password, int modOp, Attributes mods )
-            throws NamingException
+    public boolean checkCanSelfModify( String uid, String password, int modOp, Attributes mods ) throws NamingException
     {
         try
         {
             // modify the entry as the user
-            Name userEntry = new LdapName( "uid="+uid+",ou=users,ou=system" );
+            Name userEntry = new LdapName( "uid=" + uid + ",ou=users,ou=system" );
             DirContext userContext = getContextAs( userEntry, password, userEntry.toString() );
             userContext.modifyAttributes( "", modOp, mods );
             return true;
@@ -190,13 +189,12 @@
      * false otherwise.
      * @throws javax.naming.NamingException if there are problems conducting the test
      */
-    public boolean checkCanSelfModify( String uid, String password, ModificationItem[] mods )
-            throws NamingException
+    public boolean checkCanSelfModify( String uid, String password, ModificationItem[] mods ) throws NamingException
     {
         try
         {
             // modify the entry as the user
-            Name userEntry = new LdapName( "uid="+uid+",ou=users,ou=system" );
+            Name userEntry = new LdapName( "uid=" + uid + ",ou=users,ou=system" );
             DirContext userContext = getContextAs( userEntry, password, userEntry.toString() );
             userContext.modifyAttributes( "", mods );
             return true;
@@ -240,25 +238,20 @@
         createUser( "billyd", "billyd" );
 
         // create the password modification
-        ModificationItem[] mods = toItems( DirContext.REPLACE_ATTRIBUTE,
-                new BasicAttributes( "userPassword", "williams", true ) );
+        ModificationItem[] mods = toItems( DirContext.REPLACE_ATTRIBUTE, new BasicAttributes( "userPassword",
+            "williams", true ) );
 
         // try a modify operation which should fail without any ACI
         assertFalse( checkCanSelfModify( "billyd", "billyd", mods ) );
 
         // Gives grantModify, and grantRead perm to all users in the Administrators group for
         // entries and all attribute types and values
-        createAccessControlSubentry( "selfModifyUserPassword",
-                "{ " +
-                "identificationTag \"addAci\", " +
-                "precedence 14, " +
-                "authenticationLevel none, " +
-                "itemOrUserFirst userFirst: { " +
-                "userClasses { thisEntry }, " +
-                "userPermissions { " +
-                        "{ protectedItems {entry}, grantsAndDenials { grantModify, grantBrowse, grantRead } }, " +
-                        "{ protectedItems {allAttributeValues {userPassword}}, grantsAndDenials { grantAdd, grantRemove } } " +
-                        "} } }" );
+        createAccessControlSubentry( "selfModifyUserPassword", "{ " + "identificationTag \"addAci\", "
+            + "precedence 14, " + "authenticationLevel none, " + "itemOrUserFirst userFirst: { "
+            + "userClasses { thisEntry }, " + "userPermissions { "
+            + "{ protectedItems {entry}, grantsAndDenials { grantModify, grantBrowse, grantRead } }, "
+            + "{ protectedItems {allAttributeValues {userPassword}}, grantsAndDenials { grantAdd, grantRemove } } "
+            + "} } }" );
 
         // try a modify operation which should succeed with ACI
         assertTrue( checkCanSelfModify( "billyd", "billyd", mods ) );
@@ -278,8 +271,8 @@
         // ----------------------------------------------------------------------------------
 
         // create the add modifications
-        ModificationItem[] mods = toItems( DirContext.ADD_ATTRIBUTE,
-                new BasicAttributes( "registeredAddress", "100 Park Ave.", true ) );
+        ModificationItem[] mods = toItems( DirContext.ADD_ATTRIBUTE, new BasicAttributes( "registeredAddress",
+            "100 Park Ave.", true ) );
 
         // create the non-admin user
         createUser( "billyd", "billyd" );
@@ -289,17 +282,11 @@
 
         // Gives grantModify, and grantRead perm to all users in the Administrators group for
         // entries and all attribute types and values
-        createAccessControlSubentry( "administratorModifyAdd",
-                "{ " +
-                "identificationTag \"addAci\", " +
-                "precedence 14, " +
-                "authenticationLevel none, " +
-                "itemOrUserFirst userFirst: { " +
-                "userClasses { userGroup { \"cn=Administrators,ou=groups,ou=system\" } }, " +
-                "userPermissions { " +
-                        "{ protectedItems {entry}, grantsAndDenials { grantModify, grantBrowse } }, " +
-                        "{ protectedItems {allAttributeValues {registeredAddress}}, grantsAndDenials { grantAdd } } " +
-                        "} } }" );
+        createAccessControlSubentry( "administratorModifyAdd", "{ " + "identificationTag \"addAci\", "
+            + "precedence 14, " + "authenticationLevel none, " + "itemOrUserFirst userFirst: { "
+            + "userClasses { userGroup { \"cn=Administrators,ou=groups,ou=system\" } }, " + "userPermissions { "
+            + "{ protectedItems {entry}, grantsAndDenials { grantModify, grantBrowse } }, "
+            + "{ protectedItems {allAttributeValues {registeredAddress}}, grantsAndDenials { grantAdd } } " + "} } }" );
 
         // see if we can now add that test entry which we could not before
         // add op should still fail since billd is not in the admin group
@@ -317,24 +304,18 @@
         // ----------------------------------------------------------------------------------
 
         // now let's test to see if we can perform a modify with a delete op
-        mods = toItems( DirContext.REMOVE_ATTRIBUTE,
-                new BasicAttributes( "telephoneNumber", "867-5309", true ) );
+        mods = toItems( DirContext.REMOVE_ATTRIBUTE, new BasicAttributes( "telephoneNumber", "867-5309", true ) );
 
         // make sure we cannot remove the telephone number from the test entry
         assertFalse( checkCanModifyAs( "billyd", "billyd", "ou=testou", mods ) );
 
         // Gives grantModify, and grantRead perm to all users in the Administrators group for
         // entries and all attribute types and values
-        createAccessControlSubentry( "administratorModifyRemove", "{ " +
-                "identificationTag \"addAci\", " +
-                "precedence 14, " +
-                "authenticationLevel none, " +
-                "itemOrUserFirst userFirst: { " +
-                "userClasses { userGroup { \"cn=Administrators,ou=groups,ou=system\" } }, " +
-                "userPermissions { " +
-                        "{ protectedItems {entry}, grantsAndDenials { grantModify, grantBrowse } }, " +
-                        "{ protectedItems {allAttributeValues {telephoneNumber}}, grantsAndDenials { grantRemove } } " +
-                        "} } }" );
+        createAccessControlSubentry( "administratorModifyRemove", "{ " + "identificationTag \"addAci\", "
+            + "precedence 14, " + "authenticationLevel none, " + "itemOrUserFirst userFirst: { "
+            + "userClasses { userGroup { \"cn=Administrators,ou=groups,ou=system\" } }, " + "userPermissions { "
+            + "{ protectedItems {entry}, grantsAndDenials { grantModify, grantBrowse } }, "
+            + "{ protectedItems {allAttributeValues {telephoneNumber}}, grantsAndDenials { grantRemove } } " + "} } }" );
 
         // try a modify operation which should succeed with ACI and group membership change
         assertTrue( checkCanModifyAs( "billyd", "billyd", "ou=testou", mods ) );
@@ -345,24 +326,19 @@
         // ----------------------------------------------------------------------------------
 
         // now let's test to see if we can perform a modify with a delete op
-        mods = toItems( DirContext.REPLACE_ATTRIBUTE,
-                new BasicAttributes( "telephoneNumber", "867-5309", true ) );
+        mods = toItems( DirContext.REPLACE_ATTRIBUTE, new BasicAttributes( "telephoneNumber", "867-5309", true ) );
 
         // make sure we cannot remove the telephone number from the test entry
         assertFalse( checkCanModifyAs( "billyd", "billyd", "ou=testou", mods ) );
 
         // Gives grantModify, and grantRead perm to all users in the Administrators group for
         // entries and all attribute types and values
-        createAccessControlSubentry( "administratorModifyReplace", "{ " +
-                "identificationTag \"addAci\", " +
-                "precedence 14, " +
-                "authenticationLevel none, " +
-                "itemOrUserFirst userFirst: { " +
-                "userClasses { userGroup { \"cn=Administrators,ou=groups,ou=system\" } }, " +
-                "userPermissions { " +
-                        "{ protectedItems {entry}, grantsAndDenials { grantModify, grantBrowse } }, " +
-                        "{ protectedItems {allAttributeValues {telephoneNumber}}, grantsAndDenials { grantAdd, grantRemove } } " +
-                        "} } }" );
+        createAccessControlSubentry( "administratorModifyReplace", "{ " + "identificationTag \"addAci\", "
+            + "precedence 14, " + "authenticationLevel none, " + "itemOrUserFirst userFirst: { "
+            + "userClasses { userGroup { \"cn=Administrators,ou=groups,ou=system\" } }, " + "userPermissions { "
+            + "{ protectedItems {entry}, grantsAndDenials { grantModify, grantBrowse } }, "
+            + "{ protectedItems {allAttributeValues {telephoneNumber}}, grantsAndDenials { grantAdd, grantRemove } } "
+            + "} } }" );
 
         // try a modify operation which should succeed with ACI and group membership change
         assertTrue( checkCanModifyAs( "billyd", "billyd", "ou=testou", mods ) );
@@ -375,7 +351,6 @@
         // ----------------------------------------------------------------------------------
         // Modify with Attribute Addition
         // ----------------------------------------------------------------------------------
-
         // create the add modifications
         Attributes changes = new BasicAttributes( "registeredAddress", "100 Park Ave.", true );
 
@@ -384,16 +359,11 @@
 
         // Gives grantModify, and grantRead perm to all users in the Administrators group for
         // entries and all attribute types and values
-        createAccessControlSubentry( "administratorModifyAdd", "{ " +
-                "identificationTag \"addAci\", " +
-                "precedence 14, " +
-                "authenticationLevel none, " +
-                "itemOrUserFirst userFirst: { " +
-                "userClasses { userGroup { \"cn=Administrators,ou=groups,ou=system\" } }, " +
-                "userPermissions { " +
-                        "{ protectedItems {entry}, grantsAndDenials { grantModify, grantBrowse } }, " +
-                        "{ protectedItems {allAttributeValues {registeredAddress}}, grantsAndDenials { grantAdd } } " +
-                        "} } }" );
+        createAccessControlSubentry( "administratorModifyAdd", "{ " + "identificationTag \"addAci\", "
+            + "precedence 14, " + "authenticationLevel none, " + "itemOrUserFirst userFirst: { "
+            + "userClasses { userGroup { \"cn=Administrators,ou=groups,ou=system\" } }, " + "userPermissions { "
+            + "{ protectedItems {entry}, grantsAndDenials { grantModify, grantBrowse } }, "
+            + "{ protectedItems {allAttributeValues {registeredAddress}}, grantsAndDenials { grantAdd } } " + "} } }" );
 
         // try a modify operation which should succeed with ACI and group membership change
         assertTrue( checkCanModifyAs( "billyd", "billyd", "ou=testou", DirContext.ADD_ATTRIBUTE, changes ) );
@@ -411,16 +381,11 @@
 
         // Gives grantModify, and grantRead perm to all users in the Administrators group for
         // entries and all attribute types and values
-        createAccessControlSubentry( "administratorModifyRemove", "{ " +
-                "identificationTag \"addAci\", " +
-                "precedence 14, " +
-                "authenticationLevel none, " +
-                "itemOrUserFirst userFirst: { " +
-                "userClasses { userGroup { \"cn=Administrators,ou=groups,ou=system\" } }, " +
-                "userPermissions { " +
-                        "{ protectedItems {entry}, grantsAndDenials { grantModify, grantBrowse } }, " +
-                        "{ protectedItems {allAttributeValues {telephoneNumber}}, grantsAndDenials { grantRemove } } " +
-                        "} } }" );
+        createAccessControlSubentry( "administratorModifyRemove", "{ " + "identificationTag \"addAci\", "
+            + "precedence 14, " + "authenticationLevel none, " + "itemOrUserFirst userFirst: { "
+            + "userClasses { userGroup { \"cn=Administrators,ou=groups,ou=system\" } }, " + "userPermissions { "
+            + "{ protectedItems {entry}, grantsAndDenials { grantModify, grantBrowse } }, "
+            + "{ protectedItems {allAttributeValues {telephoneNumber}}, grantsAndDenials { grantRemove } } " + "} } }" );
 
         // try a modify operation which should succeed with ACI and group membership change
         assertTrue( checkCanModifyAs( "billyd", "billyd", "ou=testou", DirContext.REMOVE_ATTRIBUTE, changes ) );
@@ -438,107 +403,102 @@
 
         // Gives grantModify, and grantRead perm to all users in the Administrators group for
         // entries and all attribute types and values
-        createAccessControlSubentry( "administratorModifyReplace", "{ " +
-                "identificationTag \"addAci\", " +
-                "precedence 14, " +
-                "authenticationLevel none, " +
-                "itemOrUserFirst userFirst: { " +
-                "userClasses { userGroup { \"cn=Administrators,ou=groups,ou=system\" } }, " +
-                "userPermissions { " +
-                        "{ protectedItems {entry}, grantsAndDenials { grantModify, grantBrowse } }, " +
-                        "{ protectedItems {allAttributeValues {telephoneNumber}}, grantsAndDenials { grantAdd, grantRemove } } " +
-                        "} } }" );
+        createAccessControlSubentry( "administratorModifyReplace", "{ " + "identificationTag \"addAci\", "
+            + "precedence 14, " + "authenticationLevel none, " + "itemOrUserFirst userFirst: { "
+            + "userClasses { userGroup { \"cn=Administrators,ou=groups,ou=system\" } }, " + "userPermissions { "
+            + "{ protectedItems {entry}, grantsAndDenials { grantModify, grantBrowse } }, "
+            + "{ protectedItems {allAttributeValues {telephoneNumber}}, grantsAndDenials { grantAdd, grantRemove } } "
+            + "} } }" );
 
         // try a modify operation which should succeed with ACI and group membership change
         assertTrue( checkCanModifyAs( "billyd", "billyd", "ou=testou", DirContext.REPLACE_ATTRIBUTE, changes ) );
         deleteAccessControlSubentry( "administratorModifyReplace" );
     }
 
-
-//    /**
-//     * Checks to make sure name based userClass works for modify operations.
-//     *
-//     * @throws javax.naming.NamingException if the test encounters an error
-//     */
-//    public void testGrantModifyByName() throws NamingException
-//    {
-//        // create the non-admin user
-//        createUser( "billyd", "billyd" );
-//
-//        // try an modify operation which should fail without any ACI
-//        assertFalse( checkCanModifyAs( "billyd", "billyd", "ou=testou", "867-5309" ) );
-//
-//        // now add a subentry that enables user billyd to modify an entry below ou=system
-//        createAccessControlSubentry( "billydAdd", "{ " +
-//                "identificationTag \"addAci\", " +
-//                "precedence 14, " +
-//                "authenticationLevel none, " +
-//                "itemOrUserFirst userFirst: { " +
-//                "userClasses { name { \"uid=billyd,ou=users,ou=system\" } }, " +
-//                "userPermissions { { " +
-//                "protectedItems {entry, allUserAttributeTypesAndValues}, " +
-//                "grantsAndDenials { grantModify, grantRead, grantBrowse } } } } }" );
-//
-//        // should work now that billyd is authorized by name
-//        assertTrue( checkCanModifyAs( "billyd", "billyd", "ou=testou", "867-5309" ) );
-//    }
-//
-//
-//    /**
-//     * Checks to make sure subtree based userClass works for modify operations.
-//     *
-//     * @throws javax.naming.NamingException if the test encounters an error
-//     */
-//    public void testGrantModifyBySubtree() throws NamingException
-//    {
-//        // create the non-admin user
-//        createUser( "billyd", "billyd" );
-//
-//        // try a modify operation which should fail without any ACI
-//        assertFalse( checkCanModifyAs( "billyd", "billyd", "ou=testou", "867-5309" ) );
-//
-//        // now add a subentry that enables user billyd to modify an entry below ou=system
-//        createAccessControlSubentry( "billyAddBySubtree", "{ " +
-//                "identificationTag \"addAci\", " +
-//                "precedence 14, " +
-//                "authenticationLevel none, " +
-//                "itemOrUserFirst userFirst: { " +
-//                "userClasses { subtree { { base \"ou=users,ou=system\" } } }, " +
-//                "userPermissions { { " +
-//                "protectedItems {entry, allUserAttributeTypesAndValues}, " +
-//                "grantsAndDenials { grantModify, grantRead, grantBrowse } } } } }" );
-//
-//        // should work now that billyd is authorized by the subtree userClass
-//        assertTrue( checkCanModifyAs( "billyd", "billyd", "ou=testou", "867-5309" ) );
-//    }
-//
-//
-//    /**
-//     * Checks to make sure <b>allUsers</b> userClass works for modify operations.
-//     *
-//     * @throws javax.naming.NamingException if the test encounters an error
-//     */
-//    public void testGrantModifyAllUsers() throws NamingException
-//    {
-//        // create the non-admin user
-//        createUser( "billyd", "billyd" );
-//
-//        // try an add operation which should fail without any ACI
-//        assertFalse( checkCanModifyAs( "billyd", "billyd", "ou=testou", "867-5309" ) );
-//
-//        // now add a subentry that enables anyone to add an entry below ou=system
-//        createAccessControlSubentry( "anybodyAdd", "{ " +
-//                "identificationTag \"addAci\", " +
-//                "precedence 14, " +
-//                "authenticationLevel none, " +
-//                "itemOrUserFirst userFirst: { " +
-//                "userClasses { allUsers }, " +
-//                "userPermissions { { " +
-//                "protectedItems {entry, allUserAttributeTypesAndValues}, " +
-//                "grantsAndDenials { grantModify, grantRead, grantBrowse } } } } }" );
-//
-//        // see if we can now modify that test entry's number which we could not before
-//        // should work with billyd now that all users are authorized
-//        assertTrue( checkCanModifyAs( "billyd", "billyd", "ou=testou", "867-5309" ) );
-//    }
+    //    /**
+    //     * Checks to make sure name based userClass works for modify operations.
+    //     *
+    //     * @throws javax.naming.NamingException if the test encounters an error
+    //     */
+    //    public void testGrantModifyByName() throws NamingException
+    //    {
+    //        // create the non-admin user
+    //        createUser( "billyd", "billyd" );
+    //
+    //        // try an modify operation which should fail without any ACI
+    //        assertFalse( checkCanModifyAs( "billyd", "billyd", "ou=testou", "867-5309" ) );
+    //
+    //        // now add a subentry that enables user billyd to modify an entry below ou=system
+    //        createAccessControlSubentry( "billydAdd", "{ " +
+    //                "identificationTag \"addAci\", " +
+    //                "precedence 14, " +
+    //                "authenticationLevel none, " +
+    //                "itemOrUserFirst userFirst: { " +
+    //                "userClasses { name { \"uid=billyd,ou=users,ou=system\" } }, " +
+    //                "userPermissions { { " +
+    //                "protectedItems {entry, allUserAttributeTypesAndValues}, " +
+    //                "grantsAndDenials { grantModify, grantRead, grantBrowse } } } } }" );
+    //
+    //        // should work now that billyd is authorized by name
+    //        assertTrue( checkCanModifyAs( "billyd", "billyd", "ou=testou", "867-5309" ) );
+    //    }
+    //
+    //
+    //    /**
+    //     * Checks to make sure subtree based userClass works for modify operations.
+    //     *
+    //     * @throws javax.naming.NamingException if the test encounters an error
+    //     */
+    //    public void testGrantModifyBySubtree() throws NamingException
+    //    {
+    //        // create the non-admin user
+    //        createUser( "billyd", "billyd" );
+    //
+    //        // try a modify operation which should fail without any ACI
+    //        assertFalse( checkCanModifyAs( "billyd", "billyd", "ou=testou", "867-5309" ) );
+    //
+    //        // now add a subentry that enables user billyd to modify an entry below ou=system
+    //        createAccessControlSubentry( "billyAddBySubtree", "{ " +
+    //                "identificationTag \"addAci\", " +
+    //                "precedence 14, " +
+    //                "authenticationLevel none, " +
+    //                "itemOrUserFirst userFirst: { " +
+    //                "userClasses { subtree { { base \"ou=users,ou=system\" } } }, " +
+    //                "userPermissions { { " +
+    //                "protectedItems {entry, allUserAttributeTypesAndValues}, " +
+    //                "grantsAndDenials { grantModify, grantRead, grantBrowse } } } } }" );
+    //
+    //        // should work now that billyd is authorized by the subtree userClass
+    //        assertTrue( checkCanModifyAs( "billyd", "billyd", "ou=testou", "867-5309" ) );
+    //    }
+    //
+    //
+    //    /**
+    //     * Checks to make sure <b>allUsers</b> userClass works for modify operations.
+    //     *
+    //     * @throws javax.naming.NamingException if the test encounters an error
+    //     */
+    //    public void testGrantModifyAllUsers() throws NamingException
+    //    {
+    //        // create the non-admin user
+    //        createUser( "billyd", "billyd" );
+    //
+    //        // try an add operation which should fail without any ACI
+    //        assertFalse( checkCanModifyAs( "billyd", "billyd", "ou=testou", "867-5309" ) );
+    //
+    //        // now add a subentry that enables anyone to add an entry below ou=system
+    //        createAccessControlSubentry( "anybodyAdd", "{ " +
+    //                "identificationTag \"addAci\", " +
+    //                "precedence 14, " +
+    //                "authenticationLevel none, " +
+    //                "itemOrUserFirst userFirst: { " +
+    //                "userClasses { allUsers }, " +
+    //                "userPermissions { { " +
+    //                "protectedItems {entry, allUserAttributeTypesAndValues}, " +
+    //                "grantsAndDenials { grantModify, grantRead, grantBrowse } } } } }" );
+    //
+    //        // see if we can now modify that test entry's number which we could not before
+    //        // should work with billyd now that all users are authorized
+    //        assertTrue( checkCanModifyAs( "billyd", "billyd", "ou=testou", "867-5309" ) );
+    //    }
 }

Modified: directory/sandbox/akarasulu/rc1/apacheds/core-unit/src/test/java/org/apache/directory/server/core/authz/MoveRenameAuthorizationTest.java
URL: http://svn.apache.org/viewcvs/directory/sandbox/akarasulu/rc1/apacheds/core-unit/src/test/java/org/apache/directory/server/core/authz/MoveRenameAuthorizationTest.java?rev=376623&r1=376622&r2=376623&view=diff
==============================================================================
--- directory/sandbox/akarasulu/rc1/apacheds/core-unit/src/test/java/org/apache/directory/server/core/authz/MoveRenameAuthorizationTest.java (original)
+++ directory/sandbox/akarasulu/rc1/apacheds/core-unit/src/test/java/org/apache/directory/server/core/authz/MoveRenameAuthorizationTest.java Fri Feb 10 02:48:07 2006
@@ -48,7 +48,7 @@
      * @throws javax.naming.NamingException if there are problems conducting the test
      */
     public boolean checkCanRenameAs( String uid, String password, String entryRdn, String newRdn )
-            throws NamingException
+        throws NamingException
     {
         Attributes testEntry = new BasicAttributes( "ou", "testou", true );
         Attribute objectClass = new BasicAttribute( "objectClass" );
@@ -62,7 +62,7 @@
             // create the new entry as the admin user
             adminContext.createSubcontext( entryRdn, testEntry );
 
-            LdapName userName = new LdapName( "uid="+uid+",ou=users,ou=system" );
+            LdapName userName = new LdapName( "uid=" + uid + ",ou=users,ou=system" );
             DirContext userContext = getContextAs( userName, password );
             userContext.rename( entryRdn, newRdn );
 
@@ -99,15 +99,10 @@
         assertFalse( checkCanRenameAs( "billyd", "billyd", "ou=testou", "ou=newname" ) );
 
         // Gives grantRename perm to all users in the Administrators group for entries
-        createAccessControlSubentry( "grantRenameByAdmin", "{ " +
-                "identificationTag \"addAci\", " +
-                "precedence 14, " +
-                "authenticationLevel none, " +
-                "itemOrUserFirst userFirst: { " +
-                "userClasses { userGroup { \"cn=Administrators,ou=groups,ou=system\" } }, " +
-                "userPermissions { { " +
-                "protectedItems {entry}, " +
-                "grantsAndDenials { grantRename, grantBrowse } } } } }" );
+        createAccessControlSubentry( "grantRenameByAdmin", "{ " + "identificationTag \"addAci\", " + "precedence 14, "
+            + "authenticationLevel none, " + "itemOrUserFirst userFirst: { "
+            + "userClasses { userGroup { \"cn=Administrators,ou=groups,ou=system\" } }, " + "userPermissions { { "
+            + "protectedItems {entry}, " + "grantsAndDenials { grantRename, grantBrowse } } } } }" );
 
         // see if we can now rename that test entry which we could not before
         // rename op should still fail since billyd is not in the admin group
@@ -136,15 +131,11 @@
 
         // Gives grantRename, grantImport, grantExport perm to all users in the Administrators
         // group for entries - browse is needed just to read navigate the tree at root
-        createAccessControlSubentry( "grantRenameMoveByAdmin", "{ " +
-                "identificationTag \"addAci\", " +
-                "precedence 14, " +
-                "authenticationLevel none, " +
-                "itemOrUserFirst userFirst: { " +
-                "userClasses { userGroup { \"cn=Administrators,ou=groups,ou=system\" } }, " +
-                "userPermissions { { " +
-                "protectedItems {entry}, " +
-                "grantsAndDenials { grantExport, grantImport, grantRename, grantBrowse } } } } }" );
+        createAccessControlSubentry( "grantRenameMoveByAdmin", "{ " + "identificationTag \"addAci\", "
+            + "precedence 14, " + "authenticationLevel none, " + "itemOrUserFirst userFirst: { "
+            + "userClasses { userGroup { \"cn=Administrators,ou=groups,ou=system\" } }, " + "userPermissions { { "
+            + "protectedItems {entry}, "
+            + "grantsAndDenials { grantExport, grantImport, grantRename, grantBrowse } } } } }" );
 
         // see if we can move and rename the test entry which we could not before
         // op should still fail since billyd is not in the admin group
@@ -172,15 +163,10 @@
         assertFalse( checkCanRenameAs( "billyd", "billyd", "ou=testou,ou=users", "ou=testou,ou=groups" ) );
 
         // Gives grantImport, and grantExport perm to all users in the Administrators group for entries
-        createAccessControlSubentry( "grantMoveByAdmin", "{ " +
-                "identificationTag \"addAci\", " +
-                "precedence 14, " +
-                "authenticationLevel none, " +
-                "itemOrUserFirst userFirst: { " +
-                "userClasses { userGroup { \"cn=Administrators,ou=groups,ou=system\" } }, " +
-                "userPermissions { { " +
-                "protectedItems {entry}, " +
-                "grantsAndDenials { grantExport, grantImport, grantBrowse } } } } }" );
+        createAccessControlSubentry( "grantMoveByAdmin", "{ " + "identificationTag \"addAci\", " + "precedence 14, "
+            + "authenticationLevel none, " + "itemOrUserFirst userFirst: { "
+            + "userClasses { userGroup { \"cn=Administrators,ou=groups,ou=system\" } }, " + "userPermissions { { "
+            + "protectedItems {entry}, " + "grantsAndDenials { grantExport, grantImport, grantBrowse } } } } }" );
 
         // see if we can now move that test entry which we could not before
         // op should still fail since billyd is not in the admin group
@@ -218,15 +204,10 @@
         assertFalse( checkCanRenameAs( "billyd", "billyd", "ou=testou", "ou=newname" ) );
 
         // Gives grantRename perm specifically to the billyd user
-        createAccessControlSubentry( "grantRenameByName", "{ " +
-                "identificationTag \"addAci\", " +
-                "precedence 14, " +
-                "authenticationLevel none, " +
-                "itemOrUserFirst userFirst: { " +
-                "userClasses { name { \"uid=billyd,ou=users,ou=system\" } }, " +
-                "userPermissions { { " +
-                "protectedItems {entry}, " +
-                "grantsAndDenials { grantRename, grantBrowse } } } } }" );
+        createAccessControlSubentry( "grantRenameByName", "{ " + "identificationTag \"addAci\", " + "precedence 14, "
+            + "authenticationLevel none, " + "itemOrUserFirst userFirst: { "
+            + "userClasses { name { \"uid=billyd,ou=users,ou=system\" } }, " + "userPermissions { { "
+            + "protectedItems {entry}, " + "grantsAndDenials { grantRename, grantBrowse } } } } }" );
 
         // try a rename operation which should succeed with ACI
         assertTrue( checkCanRenameAs( "billyd", "billyd", "ou=testou", "ou=newname" ) );
@@ -246,15 +227,11 @@
         assertFalse( checkCanRenameAs( "billyd", "billyd", "ou=testou,ou=users", "ou=newname,ou=groups" ) );
 
         // Gives grantRename, grantImport, grantExport perm to billyd user on entries
-        createAccessControlSubentry( "grantRenameMoveByName", "{ " +
-                "identificationTag \"addAci\", " +
-                "precedence 14, " +
-                "authenticationLevel none, " +
-                "itemOrUserFirst userFirst: { " +
-                "userClasses { name { \"uid=billyd,ou=users,ou=system\" } }, " +
-                "userPermissions { { " +
-                "protectedItems {entry}, " +
-                "grantsAndDenials { grantExport, grantImport, grantRename, grantBrowse } } } } }" );
+        createAccessControlSubentry( "grantRenameMoveByName", "{ " + "identificationTag \"addAci\", "
+            + "precedence 14, " + "authenticationLevel none, " + "itemOrUserFirst userFirst: { "
+            + "userClasses { name { \"uid=billyd,ou=users,ou=system\" } }, " + "userPermissions { { "
+            + "protectedItems {entry}, "
+            + "grantsAndDenials { grantExport, grantImport, grantRename, grantBrowse } } } } }" );
 
         // try move w/ rdn change which should succeed with ACI
         assertTrue( checkCanRenameAs( "billyd", "billyd", "ou=testou,ou=users", "ou=newname,ou=groups" ) );
@@ -274,15 +251,10 @@
         assertFalse( checkCanRenameAs( "billyd", "billyd", "ou=testou,ou=users", "ou=testou,ou=groups" ) );
 
         // Gives grantImport, and grantExport perm to billyd user for entries
-        createAccessControlSubentry( "grantMoveByName", "{ " +
-                "identificationTag \"addAci\", " +
-                "precedence 14, " +
-                "authenticationLevel none, " +
-                "itemOrUserFirst userFirst: { " +
-                "userClasses { name { \"uid=billyd,ou=users,ou=system\" } }, " +
-                "userPermissions { { " +
-                "protectedItems {entry}, " +
-                "grantsAndDenials { grantExport, grantImport, grantBrowse } } } } }" );
+        createAccessControlSubentry( "grantMoveByName", "{ " + "identificationTag \"addAci\", " + "precedence 14, "
+            + "authenticationLevel none, " + "itemOrUserFirst userFirst: { "
+            + "userClasses { name { \"uid=billyd,ou=users,ou=system\" } }, " + "userPermissions { { "
+            + "protectedItems {entry}, " + "grantsAndDenials { grantExport, grantImport, grantBrowse } } } } }" );
 
         // try move operation which should succeed with ACI
         assertTrue( checkCanRenameAs( "billyd", "billyd", "ou=testou,ou=users", "ou=testou,ou=groups" ) );
@@ -312,15 +284,10 @@
         assertFalse( checkCanRenameAs( "billyd", "billyd", "ou=testou", "ou=newname" ) );
 
         // Gives grantRename perm for entries to those users selected by the subtree
-        createAccessControlSubentry( "grantRenameByTree", "{ " +
-                "identificationTag \"addAci\", " +
-                "precedence 14, " +
-                "authenticationLevel none, " +
-                "itemOrUserFirst userFirst: { " +
-                "userClasses { subtree { { base \"ou=users,ou=system\" } } }, " +
-                "userPermissions { { " +
-                "protectedItems {entry}, " +
-                "grantsAndDenials { grantRename, grantBrowse } } } } }" );
+        createAccessControlSubentry( "grantRenameByTree", "{ " + "identificationTag \"addAci\", " + "precedence 14, "
+            + "authenticationLevel none, " + "itemOrUserFirst userFirst: { "
+            + "userClasses { subtree { { base \"ou=users,ou=system\" } } }, " + "userPermissions { { "
+            + "protectedItems {entry}, " + "grantsAndDenials { grantRename, grantBrowse } } } } }" );
 
         // try a rename operation which should succeed with ACI
         assertTrue( checkCanRenameAs( "billyd", "billyd", "ou=testou", "ou=newname" ) );
@@ -340,15 +307,11 @@
         assertFalse( checkCanRenameAs( "billyd", "billyd", "ou=testou,ou=users", "ou=newname,ou=groups" ) );
 
         // Gives grantRename, grantImport, grantExport for entries to users selected by subtree
-        createAccessControlSubentry( "grantRenameMoveByTree", "{ " +
-                "identificationTag \"addAci\", " +
-                "precedence 14, " +
-                "authenticationLevel none, " +
-                "itemOrUserFirst userFirst: { " +
-                "userClasses { subtree { { base \"ou=users,ou=system\" } } }, " +
-                "userPermissions { { " +
-                "protectedItems {entry}, " +
-                "grantsAndDenials { grantExport, grantImport, grantRename, grantBrowse } } } } }" );
+        createAccessControlSubentry( "grantRenameMoveByTree", "{ " + "identificationTag \"addAci\", "
+            + "precedence 14, " + "authenticationLevel none, " + "itemOrUserFirst userFirst: { "
+            + "userClasses { subtree { { base \"ou=users,ou=system\" } } }, " + "userPermissions { { "
+            + "protectedItems {entry}, "
+            + "grantsAndDenials { grantExport, grantImport, grantRename, grantBrowse } } } } }" );
 
         // try move w/ rdn change which should succeed with ACI
         assertTrue( checkCanRenameAs( "billyd", "billyd", "ou=testou,ou=users", "ou=newname,ou=groups" ) );
@@ -368,15 +331,10 @@
         assertFalse( checkCanRenameAs( "billyd", "billyd", "ou=testou,ou=users", "ou=testou,ou=groups" ) );
 
         // Gives grantImport, and grantExport perm for entries to subtree selected users
-        createAccessControlSubentry( "grantMoveByTree", "{ " +
-                "identificationTag \"addAci\", " +
-                "precedence 14, " +
-                "authenticationLevel none, " +
-                "itemOrUserFirst userFirst: { " +
-                "userClasses { subtree { { base \"ou=users,ou=system\" } } }, " +
-                "userPermissions { { " +
-                "protectedItems {entry}, " +
-                "grantsAndDenials { grantExport, grantImport, grantBrowse } } } } }" );
+        createAccessControlSubentry( "grantMoveByTree", "{ " + "identificationTag \"addAci\", " + "precedence 14, "
+            + "authenticationLevel none, " + "itemOrUserFirst userFirst: { "
+            + "userClasses { subtree { { base \"ou=users,ou=system\" } } }, " + "userPermissions { { "
+            + "protectedItems {entry}, " + "grantsAndDenials { grantExport, grantImport, grantBrowse } } } } }" );
 
         // try move operation which should succeed with ACI
         assertTrue( checkCanRenameAs( "billyd", "billyd", "ou=testou,ou=users", "ou=testou,ou=groups" ) );
@@ -406,15 +364,10 @@
         assertFalse( checkCanRenameAs( "billyd", "billyd", "ou=testou", "ou=newname" ) );
 
         // Gives grantRename perm for entries to any user
-        createAccessControlSubentry( "grantRenameByAny", "{ " +
-                "identificationTag \"addAci\", " +
-                "precedence 14, " +
-                "authenticationLevel none, " +
-                "itemOrUserFirst userFirst: { " +
-                "userClasses { allUsers }, " +
-                "userPermissions { { " +
-                "protectedItems {entry}, " +
-                "grantsAndDenials { grantRename, grantBrowse } } } } }" );
+        createAccessControlSubentry( "grantRenameByAny", "{ " + "identificationTag \"addAci\", " + "precedence 14, "
+            + "authenticationLevel none, " + "itemOrUserFirst userFirst: { " + "userClasses { allUsers }, "
+            + "userPermissions { { " + "protectedItems {entry}, "
+            + "grantsAndDenials { grantRename, grantBrowse } } } } }" );
 
         // try a rename operation which should succeed with ACI
         assertTrue( checkCanRenameAs( "billyd", "billyd", "ou=testou", "ou=newname" ) );
@@ -434,15 +387,10 @@
         assertFalse( checkCanRenameAs( "billyd", "billyd", "ou=testou,ou=users", "ou=newname,ou=groups" ) );
 
         // Gives grantRename, grantImport, grantExport for entries to any user
-        createAccessControlSubentry( "grantRenameMoveByAny", "{ " +
-                "identificationTag \"addAci\", " +
-                "precedence 14, " +
-                "authenticationLevel none, " +
-                "itemOrUserFirst userFirst: { " +
-                "userClasses { allUsers }, " +
-                "userPermissions { { " +
-                "protectedItems {entry}, " +
-                "grantsAndDenials { grantExport, grantImport, grantRename, grantBrowse } } } } }" );
+        createAccessControlSubentry( "grantRenameMoveByAny", "{ " + "identificationTag \"addAci\", "
+            + "precedence 14, " + "authenticationLevel none, " + "itemOrUserFirst userFirst: { "
+            + "userClasses { allUsers }, " + "userPermissions { { " + "protectedItems {entry}, "
+            + "grantsAndDenials { grantExport, grantImport, grantRename, grantBrowse } } } } }" );
 
         // try move w/ rdn change which should succeed with ACI
         assertTrue( checkCanRenameAs( "billyd", "billyd", "ou=testou,ou=users", "ou=newname,ou=groups" ) );
@@ -462,15 +410,10 @@
         assertFalse( checkCanRenameAs( "billyd", "billyd", "ou=testou,ou=users", "ou=testou,ou=groups" ) );
 
         // Gives grantImport, and grantExport perm for entries to any user
-        createAccessControlSubentry( "grantMoveByAny", "{ " +
-                "identificationTag \"addAci\", " +
-                "precedence 14, " +
-                "authenticationLevel none, " +
-                "itemOrUserFirst userFirst: { " +
-                "userClasses { allUsers }, " +
-                "userPermissions { { " +
-                "protectedItems {entry}, " +
-                "grantsAndDenials { grantExport, grantImport, grantBrowse } } } } }" );
+        createAccessControlSubentry( "grantMoveByAny", "{ " + "identificationTag \"addAci\", " + "precedence 14, "
+            + "authenticationLevel none, " + "itemOrUserFirst userFirst: { " + "userClasses { allUsers }, "
+            + "userPermissions { { " + "protectedItems {entry}, "
+            + "grantsAndDenials { grantExport, grantImport, grantBrowse } } } } }" );
 
         // try move operation which should succeed with ACI
         assertTrue( checkCanRenameAs( "billyd", "billyd", "ou=testou,ou=users", "ou=testou,ou=groups" ) );

Modified: directory/sandbox/akarasulu/rc1/apacheds/core-unit/src/test/java/org/apache/directory/server/core/authz/SearchAuthorizationTest.java
URL: http://svn.apache.org/viewcvs/directory/sandbox/akarasulu/rc1/apacheds/core-unit/src/test/java/org/apache/directory/server/core/authz/SearchAuthorizationTest.java?rev=376623&r1=376622&r2=376623&view=diff
==============================================================================
--- directory/sandbox/akarasulu/rc1/apacheds/core-unit/src/test/java/org/apache/directory/server/core/authz/SearchAuthorizationTest.java (original)
+++ directory/sandbox/akarasulu/rc1/apacheds/core-unit/src/test/java/org/apache/directory/server/core/authz/SearchAuthorizationTest.java Fri Feb 10 02:48:07 2006
@@ -48,6 +48,7 @@
      */
     private Map results = new HashMap();
 
+
     /**
      * Generates a set of simple organizationalUnit entries where the
      * ou of the entry returned is the index of the entry in the array.
@@ -77,7 +78,7 @@
 
 
     private void recursivelyAddSearchData( Name parent, Attributes[] children, final int sizeLimit, int[] count )
-            throws NamingException
+        throws NamingException
     {
         Name[] childRdns = new Name[children.length];
         for ( int ii = 0; ii < children.length && count[0] < sizeLimit; ii++ )
@@ -118,8 +119,9 @@
     {
         parent = ( Name ) parent.clone();
         parent.add( "ou=tests" );
-        sysRoot.createSubcontext( parent, getTestNodes(1)[0] );
-        recursivelyAddSearchData( parent, getTestNodes( branchingFactor ), sizelimit, new int[] { 1 } );
+        sysRoot.createSubcontext( parent, getTestNodes( 1 )[0] );
+        recursivelyAddSearchData( parent, getTestNodes( branchingFactor ), sizelimit, new int[]
+            { 1 } );
         return parent;
     }
 
@@ -188,7 +190,7 @@
      * @throws NamingException if there are problems conducting the search
      */
     private boolean checkCanSearchAs( String uid, String password, SearchControls cons, int resultSetSz )
-            throws NamingException
+        throws NamingException
     {
         return checkCanSearchAs( uid, password, "(objectClass=*)", cons, resultSetSz );
     }
@@ -205,8 +207,8 @@
      * @return true if the search succeeds as expected, false otherwise
      * @throws NamingException if there are problems conducting the search
      */
-    private boolean checkCanSearchAs( String uid, String password, String filter,
-                                      SearchControls cons, int resultSetSz ) throws NamingException
+    private boolean checkCanSearchAs( String uid, String password, String filter, SearchControls cons, int resultSetSz )
+        throws NamingException
     {
         if ( cons == null )
         {
@@ -214,7 +216,7 @@
         }
 
         Name base = addSearchData( new LdapName(), 3, 10 );
-        Name userDn = new LdapName( "uid="+uid+",ou=users,ou=system" );
+        Name userDn = new LdapName( "uid=" + uid + ",ou=users,ou=system" );
         try
         {
             results.clear();
@@ -249,9 +251,8 @@
      * @return true if the search succeeds as expected, false otherwise
      * @throws NamingException if there are problems conducting the search
      */
-    private boolean checkSearchAsWithEntryACI( String uid, String password, SearchControls cons, Name rdn,
-                                               String aci, int resultSetSz )
-            throws NamingException
+    private boolean checkSearchAsWithEntryACI( String uid, String password, SearchControls cons, Name rdn, String aci,
+        int resultSetSz ) throws NamingException
     {
         if ( cons == null )
         {
@@ -260,7 +261,7 @@
 
         Name base = addSearchData( new LdapName(), 3, 10 );
         addEntryACI( rdn, aci );
-        Name userDn = new LdapName( "uid="+uid+",ou=users,ou=system" );
+        Name userDn = new LdapName( "uid=" + uid + ",ou=users,ou=system" );
         try
         {
             results.clear();
@@ -308,7 +309,14 @@
 
         assertEquals( 10, counter );
         recursivelyDelete( base );
-        try { sysRoot.lookup( base ); fail(); } catch ( LdapNameNotFoundException e ) {}
+        try
+        {
+            sysRoot.lookup( base );
+            fail();
+        }
+        catch ( LdapNameNotFoundException e )
+        {
+        }
     }
 
 
@@ -316,7 +324,6 @@
     // All or nothing search ACI rule tests
     // -----------------------------------------------------------------------
 
-
     /**
      * Checks to make sure group membership based userClass works for add operations.
      *
@@ -332,15 +339,11 @@
 
         // Gives search perms to all users in the Administrators group for
         // entries and all attribute types and values
-        createAccessControlSubentry( "searchAdmin", "{ " +
-                "identificationTag \"searchAci\", " +
-                "precedence 14, " +
-                "authenticationLevel none, " +
-                "itemOrUserFirst userFirst: { " +
-                "userClasses { userGroup { \"cn=Administrators,ou=groups,ou=system\" } }, " +
-                "userPermissions { { " +
-                "protectedItems {entry, allUserAttributeTypesAndValues}, " +
-                "grantsAndDenials { grantRead, grantReturnDN, grantBrowse } } } } }" );
+        createAccessControlSubentry( "searchAdmin", "{ " + "identificationTag \"searchAci\", " + "precedence 14, "
+            + "authenticationLevel none, " + "itemOrUserFirst userFirst: { "
+            + "userClasses { userGroup { \"cn=Administrators,ou=groups,ou=system\" } }, " + "userPermissions { { "
+            + "protectedItems {entry, allUserAttributeTypesAndValues}, "
+            + "grantsAndDenials { grantRead, grantReturnDN, grantBrowse } } } } }" );
 
         // see if we can now add that test entry which we could not before
         // add op should still fail since billd is not in the admin group
@@ -368,15 +371,11 @@
         assertFalse( checkCanSearchAs( "billyd", "billyd" ) );
 
         // now add a subentry that enables user billyd to add an entry below ou=system
-        createAccessControlSubentry( "billydSearch", "{ " +
-                "identificationTag \"searchAci\", " +
-                "precedence 14, " +
-                "authenticationLevel none, " +
-                "itemOrUserFirst userFirst: { " +
-                "userClasses { name { \"uid=billyd,ou=users,ou=system\" } }, " +
-                "userPermissions { { " +
-                "protectedItems {entry, allUserAttributeTypesAndValues}, " +
-                "grantsAndDenials { grantRead, grantReturnDN, grantBrowse } } } } }" );
+        createAccessControlSubentry( "billydSearch", "{ " + "identificationTag \"searchAci\", " + "precedence 14, "
+            + "authenticationLevel none, " + "itemOrUserFirst userFirst: { "
+            + "userClasses { name { \"uid=billyd,ou=users,ou=system\" } }, " + "userPermissions { { "
+            + "protectedItems {entry, allUserAttributeTypesAndValues}, "
+            + "grantsAndDenials { grantRead, grantReturnDN, grantBrowse } } } } }" );
 
         // should work now that billyd is authorized by name
         assertTrue( checkCanSearchAs( "billyd", "billyd" ) );
@@ -398,15 +397,11 @@
         assertFalse( checkCanSearchAs( "BillyD", "billyd" ) );
 
         // now add a subentry that enables user billyd to add an entry below ou=system
-        createAccessControlSubentry( "billydSearch", "{ " +
-                "identificationTag \"searchAci\", " +
-                "precedence 14, " +
-                "authenticationLevel none, " +
-                "itemOrUserFirst userFirst: { " +
-                "userClasses { name { \"uid=billyd,ou=users,ou=system\" } }, " +
-                "userPermissions { { " +
-                "protectedItems {entry, allUserAttributeTypesAndValues}, " +
-                "grantsAndDenials { grantRead, grantReturnDN, grantBrowse } } } } }" );
+        createAccessControlSubentry( "billydSearch", "{ " + "identificationTag \"searchAci\", " + "precedence 14, "
+            + "authenticationLevel none, " + "itemOrUserFirst userFirst: { "
+            + "userClasses { name { \"uid=billyd,ou=users,ou=system\" } }, " + "userPermissions { { "
+            + "protectedItems {entry, allUserAttributeTypesAndValues}, "
+            + "grantsAndDenials { grantRead, grantReturnDN, grantBrowse } } } } }" );
 
         // should work now that billyd is authorized by name
         assertTrue( checkCanSearchAs( "BillyD", "billyd" ) );
@@ -427,15 +422,11 @@
         assertFalse( checkCanSearchAs( "billyd", "billyd" ) );
 
         // now add a subentry that enables user billyd to add an entry below ou=system
-        createAccessControlSubentry( "billySearchBySubtree", "{ " +
-                "identificationTag \"searchAci\", " +
-                "precedence 14, " +
-                "authenticationLevel none, " +
-                "itemOrUserFirst userFirst: { " +
-                "userClasses { subtree { { base \"ou=users,ou=system\" } } }, " +
-                "userPermissions { { " +
-                "protectedItems {entry, allUserAttributeTypesAndValues}, " +
-                "grantsAndDenials {  grantRead, grantReturnDN, grantBrowse } } } } }" );
+        createAccessControlSubentry( "billySearchBySubtree", "{ " + "identificationTag \"searchAci\", "
+            + "precedence 14, " + "authenticationLevel none, " + "itemOrUserFirst userFirst: { "
+            + "userClasses { subtree { { base \"ou=users,ou=system\" } } }, " + "userPermissions { { "
+            + "protectedItems {entry, allUserAttributeTypesAndValues}, "
+            + "grantsAndDenials {  grantRead, grantReturnDN, grantBrowse } } } } }" );
 
         // should work now that billyd is authorized by the subtree userClass
         assertTrue( checkCanSearchAs( "billyd", "billyd" ) );
@@ -456,15 +447,10 @@
         assertFalse( checkCanSearchAs( "billyd", "billyd" ) );
 
         // now add a subentry that enables anyone to search an entry below ou=system
-        createAccessControlSubentry( "anybodySearch", "{ " +
-                "identificationTag \"searchAci\", " +
-                "precedence 14, " +
-                "authenticationLevel none, " +
-                "itemOrUserFirst userFirst: { " +
-                "userClasses { allUsers }, " +
-                "userPermissions { { " +
-                "protectedItems {entry, allUserAttributeTypesAndValues}, " +
-                "grantsAndDenials { grantRead, grantReturnDN, grantBrowse } } } } }" );
+        createAccessControlSubentry( "anybodySearch", "{ " + "identificationTag \"searchAci\", " + "precedence 14, "
+            + "authenticationLevel none, " + "itemOrUserFirst userFirst: { " + "userClasses { allUsers }, "
+            + "userPermissions { { " + "protectedItems {entry, allUserAttributeTypesAndValues}, "
+            + "grantsAndDenials { grantRead, grantReturnDN, grantBrowse } } } } }" );
 
         // see if we can now search that tree which we could not before
         // should work now with billyd now that all users are authorized
@@ -476,7 +462,6 @@
     //
     // -----------------------------------------------------------------------
 
-
     /**
      * Checks to make sure search does not return entries not assigned the
      * perscriptiveACI and that it does not fail with an exception.
@@ -495,17 +480,11 @@
 
         // now add a subentry that enables anyone to add an entry below ou=system
         // down two more rdns for DNs of a max size of 3
-        createAccessControlSubentry( "anybodySearch",
-                "{ maximum 2 }",
-                "{ " +
-                "identificationTag \"searchAci\", " +
-                "precedence 14, " +
-                "authenticationLevel none, " +
-                "itemOrUserFirst userFirst: { " +
-                "userClasses { allUsers }, " +
-                "userPermissions { { " +
-                "protectedItems {entry, allUserAttributeTypesAndValues}, " +
-                "grantsAndDenials { grantRead, grantReturnDN, grantBrowse } } } } }" );
+        createAccessControlSubentry( "anybodySearch", "{ maximum 2 }", "{ " + "identificationTag \"searchAci\", "
+            + "precedence 14, " + "authenticationLevel none, " + "itemOrUserFirst userFirst: { "
+            + "userClasses { allUsers }, " + "userPermissions { { "
+            + "protectedItems {entry, allUserAttributeTypesAndValues}, "
+            + "grantsAndDenials { grantRead, grantReturnDN, grantBrowse } } } } }" );
 
         // see if we can now add that test entry which we could not before
         // should work now with billyd now that all users are authorized
@@ -532,17 +511,11 @@
         // now add a subentry that enables anyone to search an entry below ou=system
         // down two more rdns for DNs of a max size of 3.  It only grants access to
         // the ou and objectClass attributes however.
-        createAccessControlSubentry( "excluseTelephoneNumber",
-                "{ maximum 2 }",
-                "{ " +
-                "identificationTag \"searchAci\", " +
-                "precedence 14, " +
-                "authenticationLevel none, " +
-                "itemOrUserFirst userFirst: { " +
-                "userClasses { allUsers }, " +
-                "userPermissions { { " +
-                "protectedItems {entry, allAttributeValues { ou, objectClass } }, " +
-                "grantsAndDenials { grantRead, grantReturnDN, grantBrowse } } } } }" );
+        createAccessControlSubentry( "excluseTelephoneNumber", "{ maximum 2 }", "{ "
+            + "identificationTag \"searchAci\", " + "precedence 14, " + "authenticationLevel none, "
+            + "itemOrUserFirst userFirst: { " + "userClasses { allUsers }, " + "userPermissions { { "
+            + "protectedItems {entry, allAttributeValues { ou, objectClass } }, "
+            + "grantsAndDenials { grantRead, grantReturnDN, grantBrowse } } } } }" );
 
         // see if we can now add that search and find 4 entries
         assertTrue( checkCanSearchAs( "billyd", "billyd", cons, 4 ) );
@@ -561,17 +534,11 @@
         // now add a subentry that enables anyone to search an entry below ou=system
         // down two more rdns for DNs of a max size of 3.  This time we should be able
         // to see the telephoneNumber attribute
-        createAccessControlSubentry( "includeAllAttributeTypesAndValues",
-                "{ maximum 2 }",
-                "{ " +
-                "identificationTag \"searchAci\", " +
-                "precedence 14, " +
-                "authenticationLevel none, " +
-                "itemOrUserFirst userFirst: { " +
-                "userClasses { allUsers }, " +
-                "userPermissions { { " +
-                "protectedItems {entry, allUserAttributeTypesAndValues }, " +
-                "grantsAndDenials { grantRead, grantReturnDN, grantBrowse } } } } }" );
+        createAccessControlSubentry( "includeAllAttributeTypesAndValues", "{ maximum 2 }", "{ "
+            + "identificationTag \"searchAci\", " + "precedence 14, " + "authenticationLevel none, "
+            + "itemOrUserFirst userFirst: { " + "userClasses { allUsers }, " + "userPermissions { { "
+            + "protectedItems {entry, allUserAttributeTypesAndValues }, "
+            + "grantsAndDenials { grantRead, grantReturnDN, grantBrowse } } } } }" );
 
         // again we should find four entries
         assertTrue( checkCanSearchAs( "billyd", "billyd", cons, 4 ) );
@@ -603,17 +570,18 @@
         // now add a subentry that enables anyone to search an entry below ou=system
         // down two more rdns for DNs of a max size of 3.  It only grants access to
         // the ou and objectClass attributes however.
-        createAccessControlSubentry( "excluseOUValue",
-                "{ maximum 2 }",
-                "{ " +
-                "identificationTag \"searchAci\", " +
-                "precedence 14, " +
-                "authenticationLevel none, " +
-                "itemOrUserFirst userFirst: { " +
-                "userClasses { allUsers }, " +
-                "userPermissions { { " +
-                "protectedItems {entry, attributeType { ou }, allAttributeValues { objectClass }, attributeValue { ou=0, ou=1, ou=2 } }, " +
-                "grantsAndDenials { grantRead, grantReturnDN, grantBrowse } } } } }" );
+        createAccessControlSubentry(
+            "excluseOUValue",
+            "{ maximum 2 }",
+            "{ "
+                + "identificationTag \"searchAci\", "
+                + "precedence 14, "
+                + "authenticationLevel none, "
+                + "itemOrUserFirst userFirst: { "
+                + "userClasses { allUsers }, "
+                + "userPermissions { { "
+                + "protectedItems {entry, attributeType { ou }, allAttributeValues { objectClass }, attributeValue { ou=0, ou=1, ou=2 } }, "
+                + "grantsAndDenials { grantRead, grantReturnDN, grantBrowse } } } } }" );
 
         // see if we can now add that search and find 4 entries
         assertTrue( checkCanSearchAs( "billyd", "billyd", 3 ) );
@@ -632,17 +600,11 @@
         // now add a subentry that enables anyone to search an entry below ou=system
         // down two more rdns for DNs of a max size of 3.  This time we should be able
         // to see the telephoneNumber attribute
-        createAccessControlSubentry( "includeAllAttributeTypesAndValues",
-                "{ maximum 2 }",
-                "{ " +
-                "identificationTag \"searchAci\", " +
-                "precedence 14, " +
-                "authenticationLevel none, " +
-                "itemOrUserFirst userFirst: { " +
-                "userClasses { allUsers }, " +
-                "userPermissions { { " +
-                "protectedItems {entry, allUserAttributeTypesAndValues }, " +
-                "grantsAndDenials { grantRead, grantReturnDN, grantBrowse } } } } }" );
+        createAccessControlSubentry( "includeAllAttributeTypesAndValues", "{ maximum 2 }", "{ "
+            + "identificationTag \"searchAci\", " + "precedence 14, " + "authenticationLevel none, "
+            + "itemOrUserFirst userFirst: { " + "userClasses { allUsers }, " + "userPermissions { { "
+            + "protectedItems {entry, allUserAttributeTypesAndValues }, "
+            + "grantsAndDenials { grantRead, grantReturnDN, grantBrowse } } } } }" );
 
         // again we should find four entries
         assertTrue( checkCanSearchAs( "billyd", "billyd", 3 ) );
@@ -670,15 +632,10 @@
         createUser( "billyd", "billyd" );
 
         // now add an entryACI denies browse, read and returnDN to a specific entry
-        String aci = "{ " +
-                "identificationTag \"denyAci\", " +
-                "precedence 14, " +
-                "authenticationLevel none, " +
-                "itemOrUserFirst userFirst: { " +
-                "userClasses { allUsers }, " +
-                "userPermissions { { " +
-                "protectedItems {entry, allUserAttributeTypesAndValues}, " +
-                "grantsAndDenials { denyRead, denyReturnDN, denyBrowse } } } } }";
+        String aci = "{ " + "identificationTag \"denyAci\", " + "precedence 14, " + "authenticationLevel none, "
+            + "itemOrUserFirst userFirst: { " + "userClasses { allUsers }, " + "userPermissions { { "
+            + "protectedItems {entry, allUserAttributeTypesAndValues}, "
+            + "grantsAndDenials { denyRead, denyReturnDN, denyBrowse } } } } }";
 
         // try a search operation which should fail without any prescriptive ACI
         SearchControls cons = new SearchControls();
@@ -687,15 +644,10 @@
         assertFalse( checkSearchAsWithEntryACI( "billyd", "billyd", cons, rdn, aci, 9 ) );
 
         // now add a subentry that enables anyone to search below ou=system
-        createAccessControlSubentry( "anybodySearch", "{ " +
-                "identificationTag \"searchAci\", " +
-                "precedence 14, " +
-                "authenticationLevel none, " +
-                "itemOrUserFirst userFirst: { " +
-                "userClasses { allUsers }, " +
-                "userPermissions { { " +
-                "protectedItems {entry, allUserAttributeTypesAndValues}, " +
-                "grantsAndDenials { grantRead, grantReturnDN, grantBrowse } } } } }" );
+        createAccessControlSubentry( "anybodySearch", "{ " + "identificationTag \"searchAci\", " + "precedence 14, "
+            + "authenticationLevel none, " + "itemOrUserFirst userFirst: { " + "userClasses { allUsers }, "
+            + "userPermissions { { " + "protectedItems {entry, allUserAttributeTypesAndValues}, "
+            + "grantsAndDenials { grantRead, grantReturnDN, grantBrowse } } } } }" );
 
         // see if we can now search the tree which we could not before
         // should work with billyd now that all users are authorized
@@ -723,15 +675,10 @@
         createUser( "billyd", "billyd" );
 
         // now add an entryACI denies browse, read and returnDN to a specific entry
-        String aci = "{ " +
-                "identificationTag \"denyAci\", " +
-                "precedence 14, " +
-                "authenticationLevel none, " +
-                "itemOrUserFirst userFirst: { " +
-                "userClasses { allUsers }, " +
-                "userPermissions { { " +
-                "protectedItems {entry, allUserAttributeTypesAndValues}, " +
-                "grantsAndDenials { denyRead, denyReturnDN, denyBrowse } } } } }";
+        String aci = "{ " + "identificationTag \"denyAci\", " + "precedence 14, " + "authenticationLevel none, "
+            + "itemOrUserFirst userFirst: { " + "userClasses { allUsers }, " + "userPermissions { { "
+            + "protectedItems {entry, allUserAttributeTypesAndValues}, "
+            + "grantsAndDenials { denyRead, denyReturnDN, denyBrowse } } } } }";
 
         // try a search operation which should fail without any prescriptive ACI
         SearchControls cons = new SearchControls();
@@ -740,15 +687,10 @@
         assertFalse( checkSearchAsWithEntryACI( "billyd", "billyd", cons, rdn, aci, 9 ) );
 
         // now add a subentry that enables anyone to search below ou=system
-        createAccessControlSubentry( "anybodySearch", "{ " +
-                "identificationTag \"searchAci\", " +
-                "precedence 15, " +
-                "authenticationLevel none, " +
-                "itemOrUserFirst userFirst: { " +
-                "userClasses { allUsers }, " +
-                "userPermissions { { " +
-                "protectedItems {entry, allUserAttributeTypesAndValues}, " +
-                "grantsAndDenials { grantRead, grantReturnDN, grantBrowse } } } } }" );
+        createAccessControlSubentry( "anybodySearch", "{ " + "identificationTag \"searchAci\", " + "precedence 15, "
+            + "authenticationLevel none, " + "itemOrUserFirst userFirst: { " + "userClasses { allUsers }, "
+            + "userPermissions { { " + "protectedItems {entry, allUserAttributeTypesAndValues}, "
+            + "grantsAndDenials { grantRead, grantReturnDN, grantBrowse } } } } }" );
 
         // see if we can now search the tree which we could not before
         // should work with billyd now that all users are authorized
@@ -760,15 +702,10 @@
 
         // now add an entryACI denies browse, read and returnDN to a specific entry
         // but this time the precedence will be higher than that of the grant
-        aci = "{ " +
-                "identificationTag \"denyAci\", " +
-                "precedence 16, " +
-                "authenticationLevel none, " +
-                "itemOrUserFirst userFirst: { " +
-                "userClasses { allUsers }, " +
-                "userPermissions { { " +
-                "protectedItems {entry, allUserAttributeTypesAndValues}, " +
-                "grantsAndDenials { denyRead, denyReturnDN, denyBrowse } } } } }";
+        aci = "{ " + "identificationTag \"denyAci\", " + "precedence 16, " + "authenticationLevel none, "
+            + "itemOrUserFirst userFirst: { " + "userClasses { allUsers }, " + "userPermissions { { "
+            + "protectedItems {entry, allUserAttributeTypesAndValues}, "
+            + "grantsAndDenials { denyRead, denyReturnDN, denyBrowse } } } } }";
 
         // see if we can now search the tree which we could not before
         // should work with billyd now that all users are authorized
@@ -791,7 +728,7 @@
      */
     private SearchResult checkCanSearhSubentryAs( String uid, String password, Name rdn ) throws NamingException
     {
-        DirContext userCtx = getContextAs( new LdapName( "uid="+uid+",ou=users,ou=system" ), password );
+        DirContext userCtx = getContextAs( new LdapName( "uid=" + uid + ",ou=users,ou=system" ), password );
         SearchControls cons = new SearchControls();
         cons.setSearchScope( SearchControls.OBJECT_SCOPE );
         SearchResult result = null;
@@ -812,7 +749,10 @@
         }
         finally
         {
-            if ( list != null ) { list.close(); }
+            if ( list != null )
+            {
+                list.close();
+            }
         }
 
         return result;
@@ -825,53 +765,37 @@
         createUser( "billyd", "billyd" );
 
         // now add a subentry that enables anyone to search below ou=system
-        createAccessControlSubentry( "anybodySearch", "{ " +
-                "identificationTag \"searchAci\", " +
-                "precedence 14, " +
-                "authenticationLevel none, " +
-                "itemOrUserFirst userFirst: { " +
-                "userClasses { allUsers }, " +
-                "userPermissions { { " +
-                "protectedItems {entry, allUserAttributeTypesAndValues}, " +
-                "grantsAndDenials { grantRead, grantReturnDN, grantBrowse } } } } }" );
+        createAccessControlSubentry( "anybodySearch", "{ " + "identificationTag \"searchAci\", " + "precedence 14, "
+            + "authenticationLevel none, " + "itemOrUserFirst userFirst: { " + "userClasses { allUsers }, "
+            + "userPermissions { { " + "protectedItems {entry, allUserAttributeTypesAndValues}, "
+            + "grantsAndDenials { grantRead, grantReturnDN, grantBrowse } } } } }" );
 
         // check and see if we can access the subentry now
         assertNotNull( checkCanSearhSubentryAs( "billyd", "billyd", new LdapName( "cn=anybodySearch" ) ) );
 
         // now add a denial to prevent all users except the admin from accessing the subentry
-        addSubentryACI( "{ " +
-                "identificationTag \"searchAci\", " +
-                "precedence 14, " +
-                "authenticationLevel none, " +
-                "itemOrUserFirst userFirst: { " +
-                "userClasses { allUsers }, " +
-                "userPermissions { { " +
-                "protectedItems {entry, allUserAttributeTypesAndValues}, " +
-                "grantsAndDenials { denyRead, denyReturnDN, denyBrowse } } } } }" );
+        addSubentryACI( "{ " + "identificationTag \"searchAci\", " + "precedence 14, " + "authenticationLevel none, "
+            + "itemOrUserFirst userFirst: { " + "userClasses { allUsers }, " + "userPermissions { { "
+            + "protectedItems {entry, allUserAttributeTypesAndValues}, "
+            + "grantsAndDenials { denyRead, denyReturnDN, denyBrowse } } } } }" );
 
         // now we should not be able to access the subentry with a search
         assertNull( checkCanSearhSubentryAs( "billyd", "billyd", new LdapName( "cn=anybodySearch" ) ) );
     }
 
 
-    public void testGetMatchedName() throws  NamingException
+    public void testGetMatchedName() throws NamingException
     {
         // create the non-admin user
         createUser( "billyd", "billyd" );
 
         // now add a subentry that enables anyone to search/lookup and disclose on error
         // below ou=system, with the exclusion of ou=groups and everything below it
-        createAccessControlSubentry( "selectiveDiscloseOnError",
-                "{ specificExclusions { chopBefore:\"ou=groups\" } }",
-                "{ " +
-                "identificationTag \"searchAci\", " +
-                "precedence 14, " +
-                "authenticationLevel none, " +
-                "itemOrUserFirst userFirst: { " +
-                "userClasses { allUsers }, " +
-                "userPermissions { { " +
-                "protectedItems {entry, allUserAttributeTypesAndValues}, " +
-                "grantsAndDenials { grantRead, grantReturnDN, grantBrowse, grantDiscloseOnError } } } } }" );
+        createAccessControlSubentry( "selectiveDiscloseOnError", "{ specificExclusions { chopBefore:\"ou=groups\" } }",
+            "{ " + "identificationTag \"searchAci\", " + "precedence 14, " + "authenticationLevel none, "
+                + "itemOrUserFirst userFirst: { " + "userClasses { allUsers }, " + "userPermissions { { "
+                + "protectedItems {entry, allUserAttributeTypesAndValues}, "
+                + "grantsAndDenials { grantRead, grantReturnDN, grantBrowse, grantDiscloseOnError } } } } }" );
 
         // get a context as the user and try a lookup of a non-existant entry under ou=groups,ou=system
         DirContext userCtx = getContextAs( new LdapName( "uid=billyd,ou=users,ou=system" ), "billyd" );
@@ -879,7 +803,7 @@
         {
             userCtx.lookup( "cn=blah,ou=groups" );
         }
-        catch( NamingException e )
+        catch ( NamingException e )
         {
             Name matched = e.getResolvedName();
 
@@ -889,23 +813,18 @@
 
         // now delete and replace subentry with one that does not excluse ou=groups,ou=system
         deleteAccessControlSubentry( "selectiveDiscloseOnError" );
-        createAccessControlSubentry( "selectiveDiscloseOnError",
-                "{ " +
-                "identificationTag \"searchAci\", " +
-                "precedence 14, " +
-                "authenticationLevel none, " +
-                "itemOrUserFirst userFirst: { " +
-                "userClasses { allUsers }, " +
-                "userPermissions { { " +
-                "protectedItems {entry, allUserAttributeTypesAndValues}, " +
-                "grantsAndDenials { grantRead, grantReturnDN, grantBrowse, grantDiscloseOnError } } } } }" );
+        createAccessControlSubentry( "selectiveDiscloseOnError", "{ " + "identificationTag \"searchAci\", "
+            + "precedence 14, " + "authenticationLevel none, " + "itemOrUserFirst userFirst: { "
+            + "userClasses { allUsers }, " + "userPermissions { { "
+            + "protectedItems {entry, allUserAttributeTypesAndValues}, "
+            + "grantsAndDenials { grantRead, grantReturnDN, grantBrowse, grantDiscloseOnError } } } } }" );
 
         // now try a lookup of a non-existant entry under ou=groups,ou=system again
         try
         {
             userCtx.lookup( "cn=blah,ou=groups" );
         }
-        catch( NamingException e )
+        catch ( NamingException e )
         {
             Name matched = e.getResolvedName();
 

Modified: directory/sandbox/akarasulu/rc1/apacheds/core-unit/src/test/java/org/apache/directory/server/core/collective/CollectiveAttributeServiceTest.java
URL: http://svn.apache.org/viewcvs/directory/sandbox/akarasulu/rc1/apacheds/core-unit/src/test/java/org/apache/directory/server/core/collective/CollectiveAttributeServiceTest.java?rev=376623&r1=376622&r2=376623&view=diff
==============================================================================
--- directory/sandbox/akarasulu/rc1/apacheds/core-unit/src/test/java/org/apache/directory/server/core/collective/CollectiveAttributeServiceTest.java (original)
+++ directory/sandbox/akarasulu/rc1/apacheds/core-unit/src/test/java/org/apache/directory/server/core/collective/CollectiveAttributeServiceTest.java Fri Feb 10 02:48:07 2006
@@ -99,7 +99,8 @@
         Attribute attribute = new LockableAttributeImpl( "administrativeRole" );
         attribute.add( role );
         ModificationItem item = new ModificationItem( DirContext.ADD_ATTRIBUTE, attribute );
-        super.sysRoot.modifyAttributes( "", new ModificationItem[] { item } );
+        super.sysRoot.modifyAttributes( "", new ModificationItem[]
+            { item } );
     }
 
 
@@ -108,7 +109,8 @@
         Map resultMap = new HashMap();
         SearchControls controls = new SearchControls();
         controls.setSearchScope( SearchControls.SUBTREE_SCOPE );
-        controls.setReturningAttributes( new String[] { "+", "*" } );
+        controls.setReturningAttributes( new String[]
+            { "+", "*" } );
         NamingEnumeration results = super.sysRoot.search( "", "(objectClass=*)", controls );
         while ( results.hasMore() )
         {
@@ -124,7 +126,8 @@
         Map resultMap = new HashMap();
         SearchControls controls = new SearchControls();
         controls.setSearchScope( SearchControls.SUBTREE_SCOPE );
-        controls.setReturningAttributes( new String[] { "cn", "ou" } );
+        controls.setReturningAttributes( new String[]
+            { "cn", "ou" } );
         NamingEnumeration results = super.sysRoot.search( "", "(objectClass=*)", controls );
         while ( results.hasMore() )
         {
@@ -165,9 +168,9 @@
         // now modify entries included by the subentry to have collectiveExclusions
         // -------------------------------------------------------------------
 
-        ModificationItem[] items = new ModificationItem[] {
-            new ModificationItem( DirContext.ADD_ATTRIBUTE,
-                    new LockableAttributeImpl( "collectiveExclusions", "c-ou" ) ) };
+        ModificationItem[] items = new ModificationItem[]
+            { new ModificationItem( DirContext.ADD_ATTRIBUTE,
+                new LockableAttributeImpl( "collectiveExclusions", "c-ou" ) ) };
         super.sysRoot.modifyAttributes( "ou=services,ou=configuration", items );
 
         // entry should not show the c-ou collective attribute anymore
@@ -221,9 +224,9 @@
         // now modify an entry to exclude all collective attributes
         // -------------------------------------------------------------------
 
-        items = new ModificationItem[] {
-            new ModificationItem( DirContext.REPLACE_ATTRIBUTE,
-                    new LockableAttributeImpl( "collectiveExclusions", "excludeAllCollectiveAttributes" ) ) };
+        items = new ModificationItem[]
+            { new ModificationItem( DirContext.REPLACE_ATTRIBUTE, new LockableAttributeImpl( "collectiveExclusions",
+                "excludeAllCollectiveAttributes" ) ) };
         super.sysRoot.modifyAttributes( "ou=interceptors,ou=configuration", items );
 
         // none of the attributes should appear any longer
@@ -272,9 +275,9 @@
         // now modify entries included by the subentry to have collectiveExclusions
         // -------------------------------------------------------------------
 
-        ModificationItem[] items = new ModificationItem[] {
-            new ModificationItem( DirContext.ADD_ATTRIBUTE,
-                    new LockableAttributeImpl( "collectiveExclusions", "c-ou" ) ) };
+        ModificationItem[] items = new ModificationItem[]
+            { new ModificationItem( DirContext.ADD_ATTRIBUTE,
+                new LockableAttributeImpl( "collectiveExclusions", "c-ou" ) ) };
         super.sysRoot.modifyAttributes( "ou=services,ou=configuration", items );
         entries = getAllEntries();
 
@@ -331,9 +334,9 @@
         // now modify an entry to exclude all collective attributes
         // -------------------------------------------------------------------
 
-        items = new ModificationItem[] {
-            new ModificationItem( DirContext.REPLACE_ATTRIBUTE,
-                    new LockableAttributeImpl( "collectiveExclusions", "excludeAllCollectiveAttributes" ) ) };
+        items = new ModificationItem[]
+            { new ModificationItem( DirContext.REPLACE_ATTRIBUTE, new LockableAttributeImpl( "collectiveExclusions",
+                "excludeAllCollectiveAttributes" ) ) };
         super.sysRoot.modifyAttributes( "ou=interceptors,ou=configuration", items );
         entries = getAllEntries();
 

Modified: directory/sandbox/akarasulu/rc1/apacheds/core-unit/src/test/java/org/apache/directory/server/core/configuration/DirectoryPartitionConfigurationTest.java
URL: http://svn.apache.org/viewcvs/directory/sandbox/akarasulu/rc1/apacheds/core-unit/src/test/java/org/apache/directory/server/core/configuration/DirectoryPartitionConfigurationTest.java?rev=376623&r1=376622&r2=376623&view=diff
==============================================================================
--- directory/sandbox/akarasulu/rc1/apacheds/core-unit/src/test/java/org/apache/directory/server/core/configuration/DirectoryPartitionConfigurationTest.java (original)
+++ directory/sandbox/akarasulu/rc1/apacheds/core-unit/src/test/java/org/apache/directory/server/core/configuration/DirectoryPartitionConfigurationTest.java Fri Feb 10 02:48:07 2006
@@ -48,10 +48,10 @@
     {
     }
 
+
     public void testAddAndRemove() throws Exception
     {
-        MutableDirectoryPartitionConfiguration partitionCfg =
-            new MutableDirectoryPartitionConfiguration();
+        MutableDirectoryPartitionConfiguration partitionCfg = new MutableDirectoryPartitionConfiguration();
         partitionCfg.setName( "removable" );
         partitionCfg.setSuffix( "ou=removable" );
         Attributes ctxEntry = new BasicAttributes( true );
@@ -59,30 +59,28 @@
         ctxEntry.put( "ou", "removable" );
         partitionCfg.setContextEntry( ctxEntry );
         partitionCfg.setContextPartition( new JdbmDirectoryPartition() );
-        
+
         // Test AddContextPartition
-        AddDirectoryPartitionConfiguration addCfg =
-            new AddDirectoryPartitionConfiguration( partitionCfg );
-        
+        AddDirectoryPartitionConfiguration addCfg = new AddDirectoryPartitionConfiguration( partitionCfg );
+
         Hashtable env = new Hashtable();
         env.put( Context.INITIAL_CONTEXT_FACTORY, CoreContextFactory.class.getName() );
         env.putAll( addCfg.toJndiEnvironment() );
-        
+
         Context ctx = new InitialContext( env );
         Assert.assertNotNull( ctx.lookup( "ou=removable" ) );
-        
+
         // Test removeContextPartition
-        RemoveDirectoryPartitionConfiguration removeCfg =
-            new RemoveDirectoryPartitionConfiguration( "ou=removable" );
+        RemoveDirectoryPartitionConfiguration removeCfg = new RemoveDirectoryPartitionConfiguration( "ou=removable" );
         env.putAll( removeCfg.toJndiEnvironment() );
-        
+
         ctx = new InitialContext( env );
         try
         {
             ctx.lookup( "ou=removable" );
             Assert.fail( "NameNotFoundException should be thrown." );
         }
-        catch( NameNotFoundException e )
+        catch ( NameNotFoundException e )
         {
             // Partition is removed.
         }

Modified: directory/sandbox/akarasulu/rc1/apacheds/core-unit/src/test/java/org/apache/directory/server/core/event/EventServiceTest.java
URL: http://svn.apache.org/viewcvs/directory/sandbox/akarasulu/rc1/apacheds/core-unit/src/test/java/org/apache/directory/server/core/event/EventServiceTest.java?rev=376623&r1=376622&r2=376623&view=diff
==============================================================================
--- directory/sandbox/akarasulu/rc1/apacheds/core-unit/src/test/java/org/apache/directory/server/core/event/EventServiceTest.java (original)
+++ directory/sandbox/akarasulu/rc1/apacheds/core-unit/src/test/java/org/apache/directory/server/core/event/EventServiceTest.java Fri Feb 10 02:48:07 2006
@@ -107,7 +107,6 @@
         assertEquals( "objectAdded", rec.method );
     }
 
-
     public class TestListener implements ObjectChangeListener, NamespaceChangeListener
     {
         List events = new ArrayList();
@@ -149,13 +148,13 @@
         }
     }
 
-
     public class EventRecord
     {
         String method;
         EventObject event;
 
-        EventRecord( String method, EventObject event )
+
+        EventRecord(String method, EventObject event)
         {
             this.method = method;
             this.event = event;



Mime
View raw message