directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From akaras...@apache.org
Subject svn commit: r379013 [7/45] - in /directory/trunks/apacheds: ./ core-plugin/ core-plugin/src/main/java/org/apache/directory/server/core/tools/schema/ core-plugin/src/test/java/org/apache/directory/server/core/tools/schema/ core-shared/ core-shared/src/m...
Date Mon, 20 Feb 2006 03:58:21 GMT
Modified: directory/trunks/apacheds/core/src/main/java/org/apache/directory/server/core/authz/AuthorizationService.java
URL: http://svn.apache.org/viewcvs/directory/trunks/apacheds/core/src/main/java/org/apache/directory/server/core/authz/AuthorizationService.java?rev=379013&r1=379012&r2=379013&view=diff
==============================================================================
--- directory/trunks/apacheds/core/src/main/java/org/apache/directory/server/core/authz/AuthorizationService.java (original)
+++ directory/trunks/apacheds/core/src/main/java/org/apache/directory/server/core/authz/AuthorizationService.java Sun Feb 19 19:57:02 2006
@@ -90,7 +90,6 @@
     private static final Collection IMPORT_PERMS;
     private static final Collection MOVERENAME_PERMS;
 
-
     static
     {
         HashSet set = new HashSet( 2 );
@@ -167,7 +166,8 @@
         enabled = factoryCfg.getStartupConfiguration().isAccessControlEnabled();
 
         // stuff for dealing with subentries (garbage for now)
-        String subschemaSubentry = ( String ) factoryCfg.getPartitionNexus().getRootDSE().get( "subschemaSubentry" ).get();
+        String subschemaSubentry = ( String ) factoryCfg.getPartitionNexus().getRootDSE().get( "subschemaSubentry" )
+            .get();
         subschemaSubentryDn = new LdapName( subschemaSubentry ).toString().toLowerCase();
     }
 
@@ -185,9 +185,8 @@
      * @param entry the target entry that access to is being controled
      * @throws NamingException if there are problems accessing attribute values
      */
-    private void addPerscriptiveAciTuples( DirectoryPartitionNexusProxy proxy, Collection tuples,
-                                           Name dn, Attributes entry )
-            throws NamingException
+    private void addPerscriptiveAciTuples( DirectoryPartitionNexusProxy proxy, Collection tuples, Name dn,
+        Attributes entry ) throws NamingException
     {
         /*
          * If the protected entry is a subentry, then the entry being evaluated
@@ -245,7 +244,7 @@
             }
             catch ( ParseException e )
             {
-                String msg = "failed to parse entryACI: " + aciString ;
+                String msg = "failed to parse entryACI: " + aciString;
                 log.error( msg, e );
                 throw new LdapNamingException( msg, ResultCodeEnum.OPERATIONSERROR );
             }
@@ -264,11 +263,11 @@
      * @param entry the target entry that access to is being regulated
      * @throws NamingException if there are problems accessing attribute values
      */
-    private void addSubentryAciTuples( DirectoryPartitionNexusProxy proxy, Collection tuples,
-                                       Name dn, Attributes entry ) throws NamingException
+    private void addSubentryAciTuples( DirectoryPartitionNexusProxy proxy, Collection tuples, Name dn, Attributes entry )
+        throws NamingException
     {
         // only perform this for subentries
-        if ( ! entry.get("objectClass").contains("subentry") )
+        if ( !entry.get( "objectClass" ).contains( "subentry" ) )
         {
             return;
         }
@@ -277,8 +276,8 @@
         // will contain the subentryACI attributes that effect subentries
         Name parentDn = ( Name ) dn.clone();
         parentDn.remove( dn.size() - 1 );
-        Attributes administrativeEntry = proxy.lookup( parentDn, new String[] { SUBENTRYACI_ATTR },
-                DirectoryPartitionNexusProxy.LOOKUP_BYPASS );
+        Attributes administrativeEntry = proxy.lookup( parentDn, new String[]
+            { SUBENTRYACI_ATTR }, DirectoryPartitionNexusProxy.LOOKUP_BYPASS );
         Attribute subentryAci = administrativeEntry.get( SUBENTRYACI_ATTR );
 
         if ( subentryAci == null )
@@ -297,7 +296,7 @@
             }
             catch ( ParseException e )
             {
-                String msg = "failed to parse subentryACI: " + aciString ;
+                String msg = "failed to parse subentryACI: " + aciString;
                 log.error( msg, e );
                 throw new LdapNamingException( msg, ResultCodeEnum.OPERATIONSERROR );
             }
@@ -336,7 +335,7 @@
         Name userName = dnParser.parse( principal.getName() );
 
         // bypass authz code if we are disabled
-        if ( ! enabled )
+        if ( !enabled )
         {
             next.add( upName, normName, entry );
             return;
@@ -355,7 +354,7 @@
         SubentryService subentryService = ( SubentryService ) chain.get( "subentryService" );
         Attributes subentryAttrs = subentryService.getSubentryAttributes( normName, entry );
         NamingEnumeration attrList = entry.getAll();
-        while( attrList.hasMore() )
+        while ( attrList.hasMore() )
         {
             subentryAttrs.put( ( Attribute ) attrList.next() );
         }
@@ -371,8 +370,8 @@
 
         // check if entry scope permission is granted
         DirectoryPartitionNexusProxy proxy = invocation.getProxy();
-        engine.checkPermission( proxy, userGroups, userName, principal.getAuthenticationLevel(),
-                normName, null, null, ADD_PERMS, tuples, subentryAttrs );
+        engine.checkPermission( proxy, userGroups, userName, principal.getAuthenticationLevel(), normName, null, null,
+            ADD_PERMS, tuples, subentryAttrs );
 
         // now we must check if attribute type and value scope permission is granted
         NamingEnumeration attributeList = entry.getAll();
@@ -381,9 +380,8 @@
             Attribute attr = ( Attribute ) attributeList.next();
             for ( int ii = 0; ii < attr.size(); ii++ )
             {
-                engine.checkPermission( proxy, userGroups, userName,
-                        principal.getAuthenticationLevel(), normName, attr.getID(),
-                        attr.get( ii ), ADD_PERMS, tuples, entry );
+                engine.checkPermission( proxy, userGroups, userName, principal.getAuthenticationLevel(), normName, attr
+                    .getID(), attr.get( ii ), ADD_PERMS, tuples, entry );
             }
         }
 
@@ -407,7 +405,7 @@
         Name userName = dnParser.parse( principal.getName() );
 
         // bypass authz code if we are disabled
-        if ( ! enabled )
+        if ( !enabled )
         {
             next.delete( name );
             return;
@@ -428,8 +426,8 @@
         addEntryAciTuples( tuples, entry );
         addSubentryAciTuples( proxy, tuples, name, entry );
 
-        engine.checkPermission( proxy, userGroups, userName, principal.getAuthenticationLevel(), name, null,
-                null, REMOVE_PERMS, tuples, entry );
+        engine.checkPermission( proxy, userGroups, userName, principal.getAuthenticationLevel(), name, null, null,
+            REMOVE_PERMS, tuples, entry );
 
         next.delete( name );
         tupleCache.subentryDeleted( name, entry );
@@ -447,7 +445,7 @@
         Name userName = dnParser.parse( principal.getName() );
 
         // bypass authz code if we are disabled
-        if ( ! enabled )
+        if ( !enabled )
         {
             next.modify( name, modOp, mods );
             return;
@@ -468,31 +466,31 @@
         addEntryAciTuples( tuples, entry );
         addSubentryAciTuples( proxy, tuples, name, entry );
 
-        engine.checkPermission( proxy, userGroups, userName, principal.getAuthenticationLevel(), name, null,
-                null, Collections.singleton( MicroOperation.MODIFY ), tuples, entry );
+        engine.checkPermission( proxy, userGroups, userName, principal.getAuthenticationLevel(), name, null, null,
+            Collections.singleton( MicroOperation.MODIFY ), tuples, entry );
 
         NamingEnumeration attrList = mods.getAll();
         Collection perms = null;
-        switch( modOp )
+        switch ( modOp )
         {
-            case( DirContext.ADD_ATTRIBUTE ):
+            case ( DirContext.ADD_ATTRIBUTE  ):
                 perms = ADD_PERMS;
                 break;
-            case( DirContext.REMOVE_ATTRIBUTE ):
+            case ( DirContext.REMOVE_ATTRIBUTE  ):
                 perms = REMOVE_PERMS;
                 break;
-            case( DirContext.REPLACE_ATTRIBUTE ):
+            case ( DirContext.REPLACE_ATTRIBUTE  ):
                 perms = REPLACE_PERMS;
                 break;
         }
 
-        while( attrList.hasMore() )
+        while ( attrList.hasMore() )
         {
             Attribute attr = ( Attribute ) attrList.next();
             for ( int ii = 0; ii < attr.size(); ii++ )
             {
-                engine.checkPermission( proxy, userGroups, userName, principal.getAuthenticationLevel(),
-                        name, attr.getID(), attr.get( ii ), perms, tuples, entry );
+                engine.checkPermission( proxy, userGroups, userName, principal.getAuthenticationLevel(), name, attr
+                    .getID(), attr.get( ii ), perms, tuples, entry );
             }
         }
 
@@ -512,7 +510,7 @@
         Name userName = dnParser.parse( principal.getName() );
 
         // bypass authz code if we are disabled
-        if ( ! enabled )
+        if ( !enabled )
         {
             next.modify( name, mods );
             return;
@@ -533,21 +531,21 @@
         addEntryAciTuples( tuples, entry );
         addSubentryAciTuples( proxy, tuples, name, entry );
 
-        engine.checkPermission( proxy, userGroups, userName, principal.getAuthenticationLevel(), name, null,
-                null, Collections.singleton( MicroOperation.MODIFY ), tuples, entry );
+        engine.checkPermission( proxy, userGroups, userName, principal.getAuthenticationLevel(), name, null, null,
+            Collections.singleton( MicroOperation.MODIFY ), tuples, entry );
 
         Collection perms = null;
         for ( int ii = 0; ii < mods.length; ii++ )
         {
-            switch( mods[ii].getModificationOp() )
+            switch ( mods[ii].getModificationOp() )
             {
-                case( DirContext.ADD_ATTRIBUTE ):
+                case ( DirContext.ADD_ATTRIBUTE  ):
                     perms = ADD_PERMS;
                     break;
-                case( DirContext.REMOVE_ATTRIBUTE ):
+                case ( DirContext.REMOVE_ATTRIBUTE  ):
                     perms = REMOVE_PERMS;
                     break;
-                case( DirContext.REPLACE_ATTRIBUTE ):
+                case ( DirContext.REPLACE_ATTRIBUTE  ):
                     perms = REPLACE_PERMS;
                     break;
             }
@@ -555,8 +553,8 @@
             Attribute attr = mods[ii].getAttribute();
             for ( int jj = 0; jj < attr.size(); jj++ )
             {
-                engine.checkPermission( proxy, userGroups, userName, principal.getAuthenticationLevel(),
-                        name, attr.getID(), attr.get( jj ), perms, tuples, entry );
+                engine.checkPermission( proxy, userGroups, userName, principal.getAuthenticationLevel(), name, attr
+                    .getID(), attr.get( jj ), perms, tuples, entry );
             }
         }
 
@@ -574,8 +572,8 @@
         LdapPrincipal principal = ( ( ServerContext ) invocation.getCaller() ).getPrincipal();
         Name userName = dnParser.parse( principal.getName() );
 
-        if ( userName.toString().equalsIgnoreCase( DirectoryPartitionNexus.ADMIN_PRINCIPAL ) || ! enabled
-                || name.toString().trim().equals( "" ) ) // no checks on the rootdse
+        if ( userName.toString().equalsIgnoreCase( DirectoryPartitionNexus.ADMIN_PRINCIPAL ) || !enabled
+            || name.toString().trim().equals( "" ) ) // no checks on the rootdse
         {
             return next.hasEntry( name );
         }
@@ -587,8 +585,8 @@
         addSubentryAciTuples( proxy, tuples, name, entry );
 
         // check that we have browse access to the entry
-        engine.checkPermission( proxy, userGroups, userName, principal.getAuthenticationLevel(), name, null,
-                null, BROWSE_PERMS, tuples, entry );
+        engine.checkPermission( proxy, userGroups, userName, principal.getAuthenticationLevel(), name, null, null,
+            BROWSE_PERMS, tuples, entry );
 
         return next.hasEntry( name );
     }
@@ -609,8 +607,7 @@
      * @param entry the raw entry pulled from the nexus
      * @throws NamingException
      */
-    private void checkLookupAccess( LdapPrincipal principal, Name dn, Attributes entry )
-            throws NamingException
+    private void checkLookupAccess( LdapPrincipal principal, Name dn, Attributes entry ) throws NamingException
     {
         // no permissions checks on the RootDSE
         if ( dn.toString().trim().equals( "" ) )
@@ -627,8 +624,8 @@
         addSubentryAciTuples( proxy, tuples, dn, entry );
 
         // check that we have read access to the entry
-        engine.checkPermission( proxy, userGroups, userName, principal.getAuthenticationLevel(), dn, null,
-                null, LOOKUP_PERMS, tuples, entry );
+        engine.checkPermission( proxy, userGroups, userName, principal.getAuthenticationLevel(), dn, null, null,
+            LOOKUP_PERMS, tuples, entry );
 
         // check that we have read access to every attribute type and value
         NamingEnumeration attributeList = entry.getAll();
@@ -637,8 +634,8 @@
             Attribute attr = ( Attribute ) attributeList.next();
             for ( int ii = 0; ii < attr.size(); ii++ )
             {
-                engine.checkPermission( proxy, userGroups, userName, principal.getAuthenticationLevel(), dn,
-                        attr.getID(), attr.get( ii ), READ_PERMS, tuples, entry );
+                engine.checkPermission( proxy, userGroups, userName, principal.getAuthenticationLevel(), dn, attr
+                    .getID(), attr.get( ii ), READ_PERMS, tuples, entry );
             }
         }
     }
@@ -651,7 +648,7 @@
         Attributes entry = proxy.lookup( dn, DirectoryPartitionNexusProxy.LOOKUP_BYPASS );
         LdapPrincipal principal = ( ( ServerContext ) invocation.getCaller() ).getPrincipal();
 
-        if ( principal.getName().equalsIgnoreCase( DirectoryPartitionNexus.ADMIN_PRINCIPAL ) || ! enabled )
+        if ( principal.getName().equalsIgnoreCase( DirectoryPartitionNexus.ADMIN_PRINCIPAL ) || !enabled )
         {
             return next.lookup( dn, attrIds );
         }
@@ -668,7 +665,7 @@
         Attributes entry = proxy.lookup( name, DirectoryPartitionNexusProxy.LOOKUP_BYPASS );
         LdapPrincipal user = ( ( ServerContext ) invocation.getCaller() ).getPrincipal();
 
-        if ( user.getName().equalsIgnoreCase( DirectoryPartitionNexus.ADMIN_PRINCIPAL ) || ! enabled )
+        if ( user.getName().equalsIgnoreCase( DirectoryPartitionNexus.ADMIN_PRINCIPAL ) || !enabled )
         {
             return next.lookup( name );
         }
@@ -690,9 +687,8 @@
         newName.remove( name.size() - 1 );
         newName.add( dnParser.parse( newRn ).get( 0 ) );
 
-
         // bypass authz code if we are disabled
-        if ( ! enabled )
+        if ( !enabled )
         {
             next.modifyRn( name, newRn, deleteOldRn );
             return;
@@ -715,35 +711,35 @@
         addEntryAciTuples( tuples, entry );
         addSubentryAciTuples( proxy, tuples, name, entry );
 
-        engine.checkPermission( proxy, userGroups, userName, principal.getAuthenticationLevel(), name, null,
-                null, RENAME_PERMS, tuples, entry );
+        engine.checkPermission( proxy, userGroups, userName, principal.getAuthenticationLevel(), name, null, null,
+            RENAME_PERMS, tuples, entry );
 
-//        if ( deleteOldRn )
-//        {
-//            String oldRn = name.get( name.size() - 1 );
-//            if ( NamespaceTools.hasCompositeComponents( oldRn ) )
-//            {
-//                String[] comps = NamespaceTools.getCompositeComponents( oldRn );
-//                for ( int ii = 0; ii < comps.length; ii++ )
-//                {
-//                    String id = NamespaceTools.getRdnAttribute( comps[ii] );
-//                    String value = NamespaceTools.getRdnValue( comps[ii] );
-//                    engine.checkPermission( next, userGroups, user.getJndiName(),
-//                            user.getAuthenticationLevel(), name, id,
-//                            value, Collections.singleton( MicroOperation.REMOVE ),
-//                            tuples, entry );
-//                }
-//            }
-//            else
-//            {
-//                String id = NamespaceTools.getRdnAttribute( oldRn );
-//                String value = NamespaceTools.getRdnValue( oldRn );
-//                engine.checkPermission( next, userGroups, user.getJndiName(),
-//                        user.getAuthenticationLevel(), name, id,
-//                        value, Collections.singleton( MicroOperation.REMOVE ),
-//                        tuples, entry );
-//            }
-//        }
+        //        if ( deleteOldRn )
+        //        {
+        //            String oldRn = name.get( name.size() - 1 );
+        //            if ( NamespaceTools.hasCompositeComponents( oldRn ) )
+        //            {
+        //                String[] comps = NamespaceTools.getCompositeComponents( oldRn );
+        //                for ( int ii = 0; ii < comps.length; ii++ )
+        //                {
+        //                    String id = NamespaceTools.getRdnAttribute( comps[ii] );
+        //                    String value = NamespaceTools.getRdnValue( comps[ii] );
+        //                    engine.checkPermission( next, userGroups, user.getJndiName(),
+        //                            user.getAuthenticationLevel(), name, id,
+        //                            value, Collections.singleton( MicroOperation.REMOVE ),
+        //                            tuples, entry );
+        //                }
+        //            }
+        //            else
+        //            {
+        //                String id = NamespaceTools.getRdnAttribute( oldRn );
+        //                String value = NamespaceTools.getRdnValue( oldRn );
+        //                engine.checkPermission( next, userGroups, user.getJndiName(),
+        //                        user.getAuthenticationLevel(), name, id,
+        //                        value, Collections.singleton( MicroOperation.REMOVE ),
+        //                        tuples, entry );
+        //            }
+        //        }
 
         next.modifyRn( name, newRn, deleteOldRn );
         tupleCache.subentryRenamed( name, newName );
@@ -752,7 +748,7 @@
 
 
     public void move( NextInterceptor next, Name oriChildName, Name newParentName, String newRn, boolean deleteOldRn )
-            throws NamingException
+        throws NamingException
     {
         // Access the principal requesting the operation, and bypass checks if it is the admin
         Invocation invocation = InvocationStack.getInstance().peek();
@@ -764,7 +760,7 @@
         newName.add( newRn );
 
         // bypass authz code if we are disabled
-        if ( ! enabled )
+        if ( !enabled )
         {
             next.move( oriChildName, newParentName, newRn, deleteOldRn );
             return;
@@ -785,42 +781,42 @@
         addEntryAciTuples( tuples, entry );
         addSubentryAciTuples( proxy, tuples, oriChildName, entry );
 
-        engine.checkPermission( proxy, userGroups, userName, principal.getAuthenticationLevel(),
-                oriChildName, null, null, MOVERENAME_PERMS, tuples, entry );
+        engine.checkPermission( proxy, userGroups, userName, principal.getAuthenticationLevel(), oriChildName, null,
+            null, MOVERENAME_PERMS, tuples, entry );
 
         Collection destTuples = new HashSet();
         addPerscriptiveAciTuples( proxy, destTuples, oriChildName, entry );
         addEntryAciTuples( destTuples, entry );
         addSubentryAciTuples( proxy, destTuples, oriChildName, entry );
-        engine.checkPermission( proxy, userGroups, userName, principal.getAuthenticationLevel(),
-                oriChildName, null, null, IMPORT_PERMS, tuples, entry );
+        engine.checkPermission( proxy, userGroups, userName, principal.getAuthenticationLevel(), oriChildName, null,
+            null, IMPORT_PERMS, tuples, entry );
 
-//        if ( deleteOldRn )
-//        {
-//            String oldRn = oriChildName.get( oriChildName.size() - 1 );
-//            if ( NamespaceTools.hasCompositeComponents( oldRn ) )
-//            {
-//                String[] comps = NamespaceTools.getCompositeComponents( oldRn );
-//                for ( int ii = 0; ii < comps.length; ii++ )
-//                {
-//                    String id = NamespaceTools.getRdnAttribute( comps[ii] );
-//                    String value = NamespaceTools.getRdnValue( comps[ii] );
-//                    engine.checkPermission( next, userGroups, user.getJndiName(),
-//                            user.getAuthenticationLevel(), oriChildName, id,
-//                            value, Collections.singleton( MicroOperation.REMOVE ),
-//                            tuples, entry );
-//                }
-//            }
-//            else
-//            {
-//                String id = NamespaceTools.getRdnAttribute( oldRn );
-//                String value = NamespaceTools.getRdnValue( oldRn );
-//                engine.checkPermission( next, userGroups, user.getJndiName(),
-//                        user.getAuthenticationLevel(), oriChildName, id,
-//                        value, Collections.singleton( MicroOperation.REMOVE ),
-//                        tuples, entry );
-//            }
-//        }
+        //        if ( deleteOldRn )
+        //        {
+        //            String oldRn = oriChildName.get( oriChildName.size() - 1 );
+        //            if ( NamespaceTools.hasCompositeComponents( oldRn ) )
+        //            {
+        //                String[] comps = NamespaceTools.getCompositeComponents( oldRn );
+        //                for ( int ii = 0; ii < comps.length; ii++ )
+        //                {
+        //                    String id = NamespaceTools.getRdnAttribute( comps[ii] );
+        //                    String value = NamespaceTools.getRdnValue( comps[ii] );
+        //                    engine.checkPermission( next, userGroups, user.getJndiName(),
+        //                            user.getAuthenticationLevel(), oriChildName, id,
+        //                            value, Collections.singleton( MicroOperation.REMOVE ),
+        //                            tuples, entry );
+        //                }
+        //            }
+        //            else
+        //            {
+        //                String id = NamespaceTools.getRdnAttribute( oldRn );
+        //                String value = NamespaceTools.getRdnValue( oldRn );
+        //                engine.checkPermission( next, userGroups, user.getJndiName(),
+        //                        user.getAuthenticationLevel(), oriChildName, id,
+        //                        value, Collections.singleton( MicroOperation.REMOVE ),
+        //                        tuples, entry );
+        //            }
+        //        }
 
         next.move( oriChildName, newParentName, newRn, deleteOldRn );
         tupleCache.subentryRenamed( oriChildName, newName );
@@ -840,7 +836,7 @@
         Name userName = dnParser.parse( principal.getName() );
 
         // bypass authz code if we are disabled
-        if ( ! enabled )
+        if ( !enabled )
         {
             next.move( oriChildName, newParentName );
             return;
@@ -861,31 +857,31 @@
         addEntryAciTuples( tuples, entry );
         addSubentryAciTuples( proxy, tuples, oriChildName, entry );
 
-        engine.checkPermission( proxy, userGroups, userName, principal.getAuthenticationLevel(),
-                oriChildName, null, null, EXPORT_PERMS, tuples, entry );
+        engine.checkPermission( proxy, userGroups, userName, principal.getAuthenticationLevel(), oriChildName, null,
+            null, EXPORT_PERMS, tuples, entry );
 
         Collection destTuples = new HashSet();
         addPerscriptiveAciTuples( proxy, destTuples, oriChildName, entry );
         addEntryAciTuples( destTuples, entry );
         addSubentryAciTuples( proxy, destTuples, oriChildName, entry );
-        engine.checkPermission( proxy, userGroups, userName, principal.getAuthenticationLevel(),
-                oriChildName, null, null, IMPORT_PERMS, tuples, entry );
+        engine.checkPermission( proxy, userGroups, userName, principal.getAuthenticationLevel(), oriChildName, null,
+            null, IMPORT_PERMS, tuples, entry );
 
         next.move( oriChildName, newParentName );
         tupleCache.subentryRenamed( oriChildName, newName );
         groupCache.groupRenamed( oriChildName, newName );
     }
 
-
     public static final SearchControls DEFUALT_SEARCH_CONTROLS = new SearchControls();
 
+
     public NamingEnumeration list( NextInterceptor next, Name base ) throws NamingException
     {
         Invocation invocation = InvocationStack.getInstance().peek();
         ServerLdapContext ctx = ( ServerLdapContext ) invocation.getCaller();
         LdapPrincipal user = ctx.getPrincipal();
         NamingEnumeration e = next.list( base );
-        if ( user.getName().equalsIgnoreCase( DirectoryPartitionNexus.ADMIN_PRINCIPAL ) || ! enabled )
+        if ( user.getName().equalsIgnoreCase( DirectoryPartitionNexus.ADMIN_PRINCIPAL ) || !enabled )
         {
             return e;
         }
@@ -895,7 +891,7 @@
 
 
     public NamingEnumeration search( NextInterceptor next, Name base, Map env, ExprNode filter,
-                                     SearchControls searchCtls ) throws NamingException
+        SearchControls searchCtls ) throws NamingException
     {
         Invocation invocation = InvocationStack.getInstance().peek();
         ServerLdapContext ctx = ( ServerLdapContext ) invocation.getCaller();
@@ -904,8 +900,8 @@
 
         boolean isSubschemaSubentryLookup = subschemaSubentryDn.equals( base.toString() );
         boolean isRootDSELookup = base.size() == 0 && searchCtls.getSearchScope() == SearchControls.OBJECT_SCOPE;
-        if ( user.getName().equalsIgnoreCase( DirectoryPartitionNexus.ADMIN_PRINCIPAL )
-                || ! enabled || isRootDSELookup || isSubschemaSubentryLookup )
+        if ( user.getName().equalsIgnoreCase( DirectoryPartitionNexus.ADMIN_PRINCIPAL ) || !enabled || isRootDSELookup
+            || isSubschemaSubentryLookup )
         {
             return e;
         }
@@ -923,7 +919,7 @@
         LdapPrincipal principal = ( ( ServerContext ) invocation.getCaller() ).getPrincipal();
         Name userName = dnParser.parse( principal.getName() );
 
-        if ( userName.toString().equalsIgnoreCase( DirectoryPartitionNexus.ADMIN_PRINCIPAL ) || ! enabled )
+        if ( userName.toString().equalsIgnoreCase( DirectoryPartitionNexus.ADMIN_PRINCIPAL ) || !enabled )
         {
             return next.compare( name, oid, value );
         }
@@ -934,10 +930,10 @@
         addEntryAciTuples( tuples, entry );
         addSubentryAciTuples( proxy, tuples, name, entry );
 
-        engine.checkPermission( proxy, userGroups, userName, principal.getAuthenticationLevel(), name, null,
-                null, READ_PERMS, tuples, entry );
-        engine.checkPermission( proxy, userGroups, userName, principal.getAuthenticationLevel(), name, oid,
-                value, COMPARE_PERMS, tuples, entry );
+        engine.checkPermission( proxy, userGroups, userName, principal.getAuthenticationLevel(), name, null, null,
+            READ_PERMS, tuples, entry );
+        engine.checkPermission( proxy, userGroups, userName, principal.getAuthenticationLevel(), name, oid, value,
+            COMPARE_PERMS, tuples, entry );
 
         return next.compare( name, oid, value );
     }
@@ -950,7 +946,7 @@
         DirectoryPartitionNexusProxy proxy = invocation.getProxy();
         LdapPrincipal principal = ( ( ServerContext ) invocation.getCaller() ).getPrincipal();
         Name userName = dnParser.parse( principal.getName() );
-        if ( userName.toString().equalsIgnoreCase( DirectoryPartitionNexus.ADMIN_PRINCIPAL ) || ! enabled )
+        if ( userName.toString().equalsIgnoreCase( DirectoryPartitionNexus.ADMIN_PRINCIPAL ) || !enabled )
         {
             return next.getMatchedName( dn, normalized );
         }
@@ -979,9 +975,8 @@
             addEntryAciTuples( tuples, entry );
             addSubentryAciTuples( proxy, tuples, matched, entry );
 
-            if ( engine.hasPermission( proxy, userGroups, userName,
-                    principal.getAuthenticationLevel(), matched, null, null,
-                    MATCHEDNAME_PERMS, tuples, entry ) )
+            if ( engine.hasPermission( proxy, userGroups, userName, principal.getAuthenticationLevel(), matched, null,
+                null, MATCHEDNAME_PERMS, tuples, entry ) )
             {
                 return matched;
             }
@@ -1001,11 +996,11 @@
 
     private boolean filter( Invocation invocation, Name normName, SearchResult result ) throws NamingException
     {
-       /*
-        * First call hasPermission() for entry level "Browse" and "ReturnDN" perm
-        * tests.  If we hasPermission() returns false we immediately short the
-        * process and return false.
-        */
+        /*
+         * First call hasPermission() for entry level "Browse" and "ReturnDN" perm
+         * tests.  If we hasPermission() returns false we immediately short the
+         * process and return false.
+         */
         Attributes entry = invocation.getProxy().lookup( normName, DirectoryPartitionNexusProxy.LOOKUP_BYPASS );
         ServerLdapContext ctx = ( ServerLdapContext ) invocation.getCaller();
         Name userDn = dnParser.parse( ctx.getPrincipal().getName() );
@@ -1015,9 +1010,8 @@
         addEntryAciTuples( tuples, entry );
         addSubentryAciTuples( invocation.getProxy(), tuples, normName, entry );
 
-        if ( ! engine.hasPermission( invocation.getProxy(), userGroups, userDn,
-                ctx.getPrincipal().getAuthenticationLevel(),
-                normName, null, null, SEARCH_ENTRY_PERMS, tuples, entry ) )
+        if ( !engine.hasPermission( invocation.getProxy(), userGroups, userDn, ctx.getPrincipal()
+            .getAuthenticationLevel(), normName, null, null, SEARCH_ENTRY_PERMS, tuples, entry ) )
         {
             return false;
         }
@@ -1035,9 +1029,8 @@
             // if attribute type scope access is not allowed then remove the attribute and continue
             String id = ( String ) idList.next();
             Attribute attr = result.getAttributes().get( id );
-            if ( ! engine.hasPermission( invocation.getProxy(), userGroups, userDn,
-                    ctx.getPrincipal().getAuthenticationLevel(),
-                    normName, attr.getID(), null, SEARCH_ATTRVAL_PERMS, tuples, entry ) )
+            if ( !engine.hasPermission( invocation.getProxy(), userGroups, userDn, ctx.getPrincipal()
+                .getAuthenticationLevel(), normName, attr.getID(), null, SEARCH_ATTRVAL_PERMS, tuples, entry ) )
             {
                 result.getAttributes().remove( attr.getID() );
 
@@ -1051,9 +1044,9 @@
             // attribute type scope is ok now let's determine value level scope
             for ( int ii = 0; ii < attr.size(); ii++ )
             {
-                if ( ! engine.hasPermission( invocation.getProxy(), userGroups, userDn,
-                        ctx.getPrincipal().getAuthenticationLevel(), normName,
-                        attr.getID(), attr.get( ii ), SEARCH_ATTRVAL_PERMS, tuples, entry ) )
+                if ( !engine.hasPermission( invocation.getProxy(), userGroups, userDn, ctx.getPrincipal()
+                    .getAuthenticationLevel(), normName, attr.getID(), attr.get( ii ), SEARCH_ATTRVAL_PERMS, tuples,
+                    entry ) )
                 {
                     attr.remove( ii );
 
@@ -1068,7 +1061,6 @@
         return true;
     }
 
-
     /**
      * WARNING: create one of these filters fresh every time for each new search.
      */
@@ -1077,6 +1069,7 @@
         /** dedicated normalizing parser for this search - cheaper than synchronization */
         final DnParser parser;
 
+
         public AuthorizationFilter() throws NamingException
         {
             parser = new DnParser( new ConcreteNameComponentNormalizer( attrRegistry ) );
@@ -1084,18 +1077,18 @@
 
 
         public boolean accept( Invocation invocation, SearchResult result, SearchControls controls )
-                throws NamingException
+            throws NamingException
         {
             Name normName = parser.parse( result.getName() );
 
-// looks like isRelative returns true even when the names for results are absolute!!!!
-// @todo this is a big bug in JNDI provider
+            // looks like isRelative returns true even when the names for results are absolute!!!!
+            // @todo this is a big bug in JNDI provider
 
-//            if ( result.isRelative() )
-//            {
-//                Name base = parser.parse( ctx.getNameInNamespace() );
-//                normName = base.addAll( normName );
-//            }
+            //            if ( result.isRelative() )
+            //            {
+            //                Name base = parser.parse( ctx.getNameInNamespace() );
+            //                normName = base.addAll( normName );
+            //            }
 
             return filter( invocation, normName, result );
         }

Propchange: directory/trunks/apacheds/core/src/main/java/org/apache/directory/server/core/authz/AuthorizationService.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: directory/trunks/apacheds/core/src/main/java/org/apache/directory/server/core/authz/AuthorizationService.java
------------------------------------------------------------------------------
--- svn:keywords (original)
+++ svn:keywords Sun Feb 19 19:57:02 2006
@@ -1 +1,4 @@
-HeadURL Id LastChangedBy LastChangedDate LastChangedRevision
+Rev
+Revision
+Date
+Id

Modified: directory/trunks/apacheds/core/src/main/java/org/apache/directory/server/core/authz/GroupCache.java
URL: http://svn.apache.org/viewcvs/directory/trunks/apacheds/core/src/main/java/org/apache/directory/server/core/authz/GroupCache.java?rev=379013&r1=379012&r2=379013&view=diff
==============================================================================
--- directory/trunks/apacheds/core/src/main/java/org/apache/directory/server/core/authz/GroupCache.java (original)
+++ directory/trunks/apacheds/core/src/main/java/org/apache/directory/server/core/authz/GroupCache.java Sun Feb 19 19:57:02 2006
@@ -70,12 +70,12 @@
      *
      * @param factoryCfg the context factory configuration for the server
      */
-    public GroupCache( DirectoryServiceConfiguration factoryCfg ) throws NamingException
+    public GroupCache(DirectoryServiceConfiguration factoryCfg) throws NamingException
     {
         this.nexus = factoryCfg.getPartitionNexus();
         this.env = ( Hashtable ) factoryCfg.getEnvironment().clone();
-        this.parser = new DnParser( new ConcreteNameComponentNormalizer(
-                factoryCfg.getGlobalRegistries().getAttributeTypeRegistry() ) );
+        this.parser = new DnParser( new ConcreteNameComponentNormalizer( factoryCfg.getGlobalRegistries()
+            .getAttributeTypeRegistry() ) );
         initialize();
     }
 
@@ -288,17 +288,17 @@
 
         switch ( modOp )
         {
-            case ( DirContext.ADD_ATTRIBUTE ):
+            case ( DirContext.ADD_ATTRIBUTE  ):
                 addMembers( memberSet, members );
                 break;
-            case ( DirContext.REPLACE_ATTRIBUTE ):
+            case ( DirContext.REPLACE_ATTRIBUTE  ):
                 if ( members.size() > 0 )
                 {
                     memberSet.clear();
                     addMembers( memberSet, members );
                 }
                 break;
-            case ( DirContext.REMOVE_ATTRIBUTE ):
+            case ( DirContext.REMOVE_ATTRIBUTE  ):
                 removeMembers( memberSet, members );
                 break;
             default:
@@ -405,7 +405,10 @@
         }
         catch ( NamingException e )
         {
-            log.warn( "Malformed member DN.  Could not find groups for member in GroupCache. Returning empty set for groups!", e );
+            log
+                .warn(
+                    "Malformed member DN.  Could not find groups for member in GroupCache. Returning empty set for groups!",
+                    e );
             return Collections.EMPTY_SET;
         }
 

Propchange: directory/trunks/apacheds/core/src/main/java/org/apache/directory/server/core/authz/GroupCache.java
------------------------------------------------------------------------------
--- svn:keywords (added)
+++ svn:keywords Sun Feb 19 19:57:02 2006
@@ -0,0 +1,4 @@
+Rev
+Revision
+Date
+Id

Modified: directory/trunks/apacheds/core/src/main/java/org/apache/directory/server/core/authz/OldAuthorizationService.java
URL: http://svn.apache.org/viewcvs/directory/trunks/apacheds/core/src/main/java/org/apache/directory/server/core/authz/OldAuthorizationService.java?rev=379013&r1=379012&r2=379013&view=diff
==============================================================================
--- directory/trunks/apacheds/core/src/main/java/org/apache/directory/server/core/authz/OldAuthorizationService.java (original)
+++ directory/trunks/apacheds/core/src/main/java/org/apache/directory/server/core/authz/OldAuthorizationService.java Sun Feb 19 19:57:02 2006
@@ -54,7 +54,7 @@
  * thrown and therefore the current invocation chain will terminate.
  *
  * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
- * @version $Rev: 201550 $, $Date: 2005-06-23 23:08:31 -0400 (Thu, 23 Jun 2005) $
+ * @version $Rev$, $Date$
  */
 public class OldAuthorizationService extends BaseInterceptor
 {
@@ -80,7 +80,6 @@
     private boolean enabled = true;
 
 
-
     /**
      * Creates a new instance.
      */
@@ -95,7 +94,7 @@
         dnParser = new DnParser( new ConcreteNameComponentNormalizer( atr ) );
 
         // disable this static module if basic access control mechanisms are enabled
-        enabled = ! factoryCfg.getStartupConfiguration().isAccessControlEnabled();
+        enabled = !factoryCfg.getStartupConfiguration().isAccessControlEnabled();
     }
 
 
@@ -127,8 +126,7 @@
             throw new LdapNoPermissionException( msg );
         }
 
-        if ( name.size() > 2 && name.startsWith( USER_BASE_DN )
-                && !principalDn.equals( ADMIN_DN ) )
+        if ( name.size() > 2 && name.startsWith( USER_BASE_DN ) && !principalDn.equals( ADMIN_DN ) )
         {
             String msg = "User " + principalDn;
             msg += " does not have permission to delete the user account: ";
@@ -136,8 +134,7 @@
             throw new LdapNoPermissionException( msg );
         }
 
-        if ( name.size() > 2 && name.startsWith( GROUP_BASE_DN )
-                && !principalDn.equals( ADMIN_DN ) )
+        if ( name.size() > 2 && name.startsWith( GROUP_BASE_DN ) && !principalDn.equals( ADMIN_DN ) )
         {
             String msg = "User " + principalDn;
             msg += " does not have permission to delete the group entry: ";
@@ -165,14 +162,14 @@
     // Entry Modification Operations
     // ------------------------------------------------------------------------
 
-
     /**
      * This policy needs to be really tight too because some attributes may take
      * part in giving the user permissions to protected resources.  We do not want
      * users to self access these resources.  As far as we're concerned no one but
      * the admin needs access.
      */
-    public void modify( NextInterceptor nextInterceptor, Name name, int modOp, Attributes attrs ) throws NamingException
+    public void modify( NextInterceptor nextInterceptor, Name name, int modOp, Attributes attrs )
+        throws NamingException
     {
         if ( enabled )
         {
@@ -218,7 +215,7 @@
                 msg += " admin user.";
                 throw new LdapNoPermissionException( msg );
             }
-            
+
             if ( dn.size() > 2 && dn.startsWith( USER_BASE_DN ) )
             {
                 String msg = "User " + principalDn;
@@ -249,8 +246,8 @@
     //  o The administrator entry cannot be moved or renamed by anyone
     // ------------------------------------------------------------------------
 
-
-    public void modifyRn( NextInterceptor nextInterceptor, Name name, String newRn, boolean deleteOldRn ) throws NamingException
+    public void modifyRn( NextInterceptor nextInterceptor, Name name, String newRn, boolean deleteOldRn )
+        throws NamingException
     {
         if ( enabled )
         {
@@ -270,9 +267,8 @@
     }
 
 
-    public void move( NextInterceptor nextInterceptor,
-            Name oriChildName, Name newParentName, String newRn,
-            boolean deleteOldRn ) throws NamingException
+    public void move( NextInterceptor nextInterceptor, Name oriChildName, Name newParentName, String newRn,
+        boolean deleteOldRn ) throws NamingException
     {
         if ( enabled )
         {
@@ -323,7 +319,7 @@
     public Attributes lookup( NextInterceptor nextInterceptor, Name name ) throws NamingException
     {
         Attributes attributes = nextInterceptor.lookup( name );
-        if ( ! enabled || attributes == null )
+        if ( !enabled || attributes == null )
         {
             return attributes;
         }
@@ -336,7 +332,7 @@
     public Attributes lookup( NextInterceptor nextInterceptor, Name name, String[] attrIds ) throws NamingException
     {
         Attributes attributes = nextInterceptor.lookup( name, attrIds );
-        if ( ! enabled || attributes == null )
+        if ( !enabled || attributes == null )
         {
             return attributes;
         }
@@ -348,8 +344,7 @@
 
     private void protectLookUp( Name dn ) throws NamingException
     {
-        LdapContext ctx =
-            ( LdapContext ) InvocationStack.getInstance().peek().getCaller();
+        LdapContext ctx = ( LdapContext ) InvocationStack.getInstance().peek().getCaller();
         Name principalDn = ( ( ServerContext ) ctx ).getPrincipal().getJndiName();
 
         if ( !principalDn.equals( ADMIN_DN ) )
@@ -399,9 +394,8 @@
     }
 
 
-    public NamingEnumeration search( NextInterceptor nextInterceptor,
-            Name base, Map env, ExprNode filter,
-            SearchControls searchCtls ) throws NamingException
+    public NamingEnumeration search( NextInterceptor nextInterceptor, Name base, Map env, ExprNode filter,
+        SearchControls searchCtls ) throws NamingException
     {
         NamingEnumeration e = nextInterceptor.search( base, env, filter, searchCtls );
         if ( !enabled )
@@ -412,17 +406,16 @@
         //{
         //    return null;
         //}
-        
+
         Invocation invocation = InvocationStack.getInstance().peek();
-        return new SearchResultFilteringEnumeration( e, searchCtls, invocation,
-            new SearchResultFilter()
+        return new SearchResultFilteringEnumeration( e, searchCtls, invocation, new SearchResultFilter()
+        {
+            public boolean accept( Invocation invocation, SearchResult result, SearchControls controls )
+                throws NamingException
             {
-                public boolean accept( Invocation invocation, SearchResult result, SearchControls controls )
-                        throws NamingException
-                {
-                    return OldAuthorizationService.this.isSearchable( invocation, result );
-                }
-            });
+                return OldAuthorizationService.this.isSearchable( invocation, result );
+            }
+        } );
     }
 
 
@@ -435,20 +428,18 @@
         }
 
         Invocation invocation = InvocationStack.getInstance().peek();
-        return new SearchResultFilteringEnumeration( e, null, invocation,
-            new SearchResultFilter()
+        return new SearchResultFilteringEnumeration( e, null, invocation, new SearchResultFilter()
+        {
+            public boolean accept( Invocation invocation, SearchResult result, SearchControls controls )
+                throws NamingException
             {
-                public boolean accept( Invocation invocation, SearchResult result, SearchControls controls )
-                        throws NamingException
-                {
-                    return OldAuthorizationService.this.isSearchable( invocation, result );
-                }
-            } );
+                return OldAuthorizationService.this.isSearchable( invocation, result );
+            }
+        } );
     }
 
 
-    private boolean isSearchable( Invocation invocataion, SearchResult result )
-            throws NamingException
+    private boolean isSearchable( Invocation invocataion, SearchResult result ) throws NamingException
     {
         Name dn;
 

Propchange: directory/trunks/apacheds/core/src/main/java/org/apache/directory/server/core/authz/OldAuthorizationService.java
------------------------------------------------------------------------------
--- svn:keywords (added)
+++ svn:keywords Sun Feb 19 19:57:02 2006
@@ -0,0 +1,4 @@
+Rev
+Revision
+Date
+Id

Modified: directory/trunks/apacheds/core/src/main/java/org/apache/directory/server/core/authz/TupleCache.java
URL: http://svn.apache.org/viewcvs/directory/trunks/apacheds/core/src/main/java/org/apache/directory/server/core/authz/TupleCache.java?rev=379013&r1=379012&r2=379013&view=diff
==============================================================================
--- directory/trunks/apacheds/core/src/main/java/org/apache/directory/server/core/authz/TupleCache.java (original)
+++ directory/trunks/apacheds/core/src/main/java/org/apache/directory/server/core/authz/TupleCache.java Sun Feb 19 19:57:02 2006
@@ -83,7 +83,7 @@
      *
      * @param factoryCfg the context factory configuration for the server
      */
-    public TupleCache( DirectoryServiceConfiguration factoryCfg ) throws NamingException
+    public TupleCache(DirectoryServiceConfiguration factoryCfg) throws NamingException
     {
         this.nexus = factoryCfg.getPartitionNexus();
         AttributeTypeRegistry registry = factoryCfg.getGlobalRegistries().getAttributeTypeRegistry();
@@ -151,7 +151,7 @@
     {
         // only do something if the entry contains prescriptiveACI
         Attribute aci = entry.get( ACI_ATTR );
-        if ( ! hasPrescriptiveACI( entry ) )
+        if ( !hasPrescriptiveACI( entry ) )
         {
             return;
         }
@@ -167,7 +167,7 @@
             }
             catch ( ParseException e )
             {
-                String msg = "ACIItem parser failure on '"+item+"'. Cannnot add ACITuples to TupleCache.";
+                String msg = "ACIItem parser failure on '" + item + "'. Cannnot add ACITuples to TupleCache.";
                 log.warn( msg, e );
             }
 
@@ -178,8 +178,8 @@
 
 
     public void subentryDeleted( Name normName, Attributes entry ) throws NamingException
-    {                                                                                      
-        if ( ! hasPrescriptiveACI( entry ) )
+    {
+        if ( !hasPrescriptiveACI( entry ) )
         {
             return;
         }
@@ -190,7 +190,7 @@
 
     public void subentryModified( Name normName, ModificationItem[] mods, Attributes entry ) throws NamingException
     {
-        if ( ! hasPrescriptiveACI( entry ) )
+        if ( !hasPrescriptiveACI( entry ) )
         {
             return;
         }
@@ -210,7 +210,7 @@
 
     public void subentryModified( Name normName, int modOp, Attributes mods, Attributes entry ) throws NamingException
     {
-        if ( ! hasPrescriptiveACI( entry ) )
+        if ( !hasPrescriptiveACI( entry ) )
         {
             return;
         }
@@ -220,7 +220,7 @@
             subentryDeleted( normName, entry );
             subentryAdded( normName.toString(), normName, entry );
         }
-    }                                                     
+    }
 
 
     public List getACITuples( String subentryDn )

Propchange: directory/trunks/apacheds/core/src/main/java/org/apache/directory/server/core/authz/TupleCache.java
------------------------------------------------------------------------------
--- svn:keywords (added)
+++ svn:keywords Sun Feb 19 19:57:02 2006
@@ -0,0 +1,4 @@
+Rev
+Revision
+Date
+Id

Modified: directory/trunks/apacheds/core/src/main/java/org/apache/directory/server/core/authz/support/ACDFEngine.java
URL: http://svn.apache.org/viewcvs/directory/trunks/apacheds/core/src/main/java/org/apache/directory/server/core/authz/support/ACDFEngine.java?rev=379013&r1=379012&r2=379013&view=diff
==============================================================================
--- directory/trunks/apacheds/core/src/main/java/org/apache/directory/server/core/authz/support/ACDFEngine.java (original)
+++ directory/trunks/apacheds/core/src/main/java/org/apache/directory/server/core/authz/support/ACDFEngine.java Sun Feb 19 19:57:02 2006
@@ -1,223 +1,210 @@
-/*
- *   @(#) $Id$
- *   
- *   Copyright 2004 The Apache Software Foundation
- *
- *   Licensed under the Apache License, Version 2.0 (the "License");
- *   you may not use this file except in compliance with the License.
- *   You may obtain a copy of the License at
- *
- *       http://www.apache.org/licenses/LICENSE-2.0
- *
- *   Unless required by applicable law or agreed to in writing, software
- *   distributed under the License is distributed on an "AS IS" BASIS,
- *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *   See the License for the specific language governing permissions and
- *   limitations under the License.
- *
- */
-package org.apache.directory.server.core.authz.support;
-
-import java.util.*;
-
-import javax.naming.Name;
-import javax.naming.NamingException;
-import javax.naming.directory.Attributes;
-
-import org.apache.directory.server.core.event.Evaluator;
-import org.apache.directory.server.core.event.ExpressionEvaluator;
-import org.apache.directory.server.core.partition.DirectoryPartitionNexusProxy;
-import org.apache.directory.server.core.schema.AttributeTypeRegistry;
-import org.apache.directory.server.core.schema.OidRegistry;
-import org.apache.directory.server.core.subtree.RefinementEvaluator;
-import org.apache.directory.server.core.subtree.RefinementLeafEvaluator;
-import org.apache.directory.server.core.subtree.SubtreeEvaluator;
-import org.apache.directory.shared.ldap.aci.ACIItem;
-import org.apache.directory.shared.ldap.aci.ACITuple;
-import org.apache.directory.shared.ldap.aci.AuthenticationLevel;
-import org.apache.directory.shared.ldap.aci.MicroOperation;
-import org.apache.directory.shared.ldap.exception.LdapNoPermissionException;
-
-
-/**
- * An implementation of Access Control Decision Function (18.8, X.501).
- * <p>
- * This engine simply filters the collection of tuples using the following
- * {@link ACITupleFilter}s sequentially:
- * <ol>
- * <li>{@link RelatedUserClassFilter}</li>
- * <li>{@link RelatedProtectedItemFilter}</li>
- * <li>{@link MaxValueCountFilter}</li>
- * <li>{@link MaxImmSubFilter}</li>
- * <li>{@link RestrictedByFilter}</li>
- * <li>{@link MicroOperationFilter}</li>
- * <li>{@link HighestPrecedenceFilter}</li>
- * <li>{@link MostSpecificUserClassFilter}</li>
- * <li>{@link MostSpecificProtectedItemFilter}</li>
- * </ol>
- * <p>
- * Operation is determined to be permitted if and only if there is at least one
- * tuple left and all of them grants the access. (18.8.4. X.501)
- * 
- * @author The Apache Directory Project
- * @version $Rev$, $Date$
- */
-public class ACDFEngine
-{
-    private final ACITupleFilter[] filters;
-
-    /**
-     * Creates a new instance.
-     * 
-     * @param oidRegistry an OID registry to be used by internal components
-     * @param attrTypeRegistry an attribute type registry to be used by internal components 
-     * 
-     * @throws NamingException if failed to initialize internal components
-     */
-    public ACDFEngine( OidRegistry oidRegistry, AttributeTypeRegistry attrTypeRegistry ) throws NamingException
-    {
-        Evaluator entryEvaluator = new ExpressionEvaluator( oidRegistry, attrTypeRegistry );
-        SubtreeEvaluator subtreeEvaluator = new SubtreeEvaluator( oidRegistry );
-        RefinementEvaluator refinementEvaluator = new RefinementEvaluator(
-                new RefinementLeafEvaluator( oidRegistry ) );
-
-        filters = new ACITupleFilter[] {
-                new RelatedUserClassFilter( subtreeEvaluator ),
-                new RelatedProtectedItemFilter( refinementEvaluator, entryEvaluator ),
-                new MaxValueCountFilter(),
-                new MaxImmSubFilter(),
-                new RestrictedByFilter(),
-                new MicroOperationFilter(),
-                new HighestPrecedenceFilter(),
-                new MostSpecificUserClassFilter(),
-                new MostSpecificProtectedItemFilter(),
-        };
-    }
-
-    /**
-     * Checks the user with the specified name can access the specified resource
-     * (entry, attribute type, or attribute value) and throws {@link LdapNoPermissionException}
-     * if the user doesn't have any permission to perform the specified grants.
-     * 
-     * @param proxy the proxy to the partition nexus
-     * @param userGroupNames the collection of the group DNs the user who is trying to access the resource belongs
-     * @param username the DN of the user who is trying to access the resource
-     * @param entryName the DN of the entry the user is trying to access 
-     * @param attrId the attribute type of the attribute the user is trying to access.
-     *               <tt>null</tt> if the user is not accessing a specific attribute type.
-     * @param attrValue the attribute value of the attribute the user is trying to access.
-     *                  <tt>null</tt> if the user is not accessing a specific attribute value.
-     * @param microOperations the {@link MicroOperation}s to perform
-     * @param aciTuples {@link ACITuple}s translated from {@link ACIItem}s in the subtree entries
-     * @throws NamingException if failed to evaluate ACI items
-     */
-    public void checkPermission(
-            DirectoryPartitionNexusProxy proxy,
-            Collection userGroupNames, Name username, AuthenticationLevel authenticationLevel,
-            Name entryName, String attrId, Object attrValue,
-            Collection microOperations, Collection aciTuples, Attributes entry ) throws NamingException
-    {
-        if( !hasPermission(
-                proxy,
-                userGroupNames, username, authenticationLevel,
-                entryName, attrId, attrValue,
-                microOperations, aciTuples, entry ) )
-        {
-            throw new LdapNoPermissionException();
-        }
-    }
-
-
-    public static final Collection USER_LOOKUP_BYPASS;
-    static
-    {
-        Collection c = new HashSet();
-        c.add( "normalizationService" );
-        c.add( "authenticationService" );
-        c.add( "authorizationService" );
-        c.add( "oldAuthorizationService" );
-        c.add( "schemaService" );
-        c.add( "subentryService" );
-        c.add( "operationalAttributeService" );
-        c.add( "eventService" );
-        USER_LOOKUP_BYPASS = Collections.unmodifiableCollection( c );
-    }
-
-
-    /**
-     * Returns <tt>true</tt> if the user with the specified name can access the specified resource
-     * (entry, attribute type, or attribute value) and throws {@link LdapNoPermissionException}
-     * if the user doesn't have any permission to perform the specified grants.
-     * 
-     * @param proxy the proxy to the partition nexus
-     * @param userGroupNames the collection of the group DNs the user who is trying to access the resource belongs
-     * @param userName the DN of the user who is trying to access the resource
-     * @param entryName the DN of the entry the user is trying to access 
-     * @param attrId the attribute type of the attribute the user is trying to access.
-     *               <tt>null</tt> if the user is not accessing a specific attribute type.
-     * @param attrValue the attribute value of the attribute the user is trying to access.
-     *                  <tt>null</tt> if the user is not accessing a specific attribute value.
-     * @param microOperations the {@link MicroOperation}s to perform
-     * @param aciTuples {@link ACITuple}s translated from {@link ACIItem}s in the subtree entries
-     */
-    public boolean hasPermission(
-            DirectoryPartitionNexusProxy proxy,
-            Collection userGroupNames, Name userName, AuthenticationLevel authenticationLevel,
-            Name entryName, String attrId, Object attrValue,
-            Collection microOperations, Collection aciTuples, Attributes entry ) throws NamingException
-    {
-        if( entryName == null )
-        {
-            throw new NullPointerException( "entryName" );
-        }
-
-        Attributes userEntry = proxy.lookup( userName, USER_LOOKUP_BYPASS );
-
-        // Determine the scope of the requested operation.
-        OperationScope scope;
-        if( attrId == null )
-        {
-            scope = OperationScope.ENTRY;
-        }
-        else if( attrValue == null )
-        {
-            scope = OperationScope.ATTRIBUTE_TYPE;
-        }
-        else
-        {
-            scope = OperationScope.ATTRIBUTE_TYPE_AND_VALUE;
-        }
-
-        // Clone aciTuples in case it is unmodifiable.
-        aciTuples = new ArrayList( aciTuples );
-
-        // Filter unrelated and invalid tuples
-        for( int i = 0; i < filters.length; i++ )
-        {
-            ACITupleFilter filter = filters[ i ];
-            aciTuples = filter.filter(
-                    aciTuples, scope, proxy,
-                    userGroupNames, userName, userEntry, authenticationLevel,
-                    entryName, attrId, attrValue, entry, microOperations );
-        }
-
-        // Deny access if no tuples left.
-        if( aciTuples.size() == 0 )
-        {
-            return false;
-        }
-
-        // Grant access if and only if one or more tuples remain and
-        // all grant access. Otherwise deny access.
-        for( Iterator i = aciTuples.iterator(); i.hasNext(); )
-        {
-            ACITuple tuple = ( ACITuple ) i.next();
-            if( !tuple.isGrant() )
-            {
-                return false;
-            }
-        }
-
-        return true;
-    }
-}
+/*
+ *   @(#) $Id$
+ *   
+ *   Copyright 2004 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+package org.apache.directory.server.core.authz.support;
+
+
+import java.util.*;
+
+import javax.naming.Name;
+import javax.naming.NamingException;
+import javax.naming.directory.Attributes;
+
+import org.apache.directory.server.core.event.Evaluator;
+import org.apache.directory.server.core.event.ExpressionEvaluator;
+import org.apache.directory.server.core.partition.DirectoryPartitionNexusProxy;
+import org.apache.directory.server.core.schema.AttributeTypeRegistry;
+import org.apache.directory.server.core.schema.OidRegistry;
+import org.apache.directory.server.core.subtree.RefinementEvaluator;
+import org.apache.directory.server.core.subtree.RefinementLeafEvaluator;
+import org.apache.directory.server.core.subtree.SubtreeEvaluator;
+import org.apache.directory.shared.ldap.aci.ACIItem;
+import org.apache.directory.shared.ldap.aci.ACITuple;
+import org.apache.directory.shared.ldap.aci.AuthenticationLevel;
+import org.apache.directory.shared.ldap.aci.MicroOperation;
+import org.apache.directory.shared.ldap.exception.LdapNoPermissionException;
+
+
+/**
+ * An implementation of Access Control Decision Function (18.8, X.501).
+ * <p>
+ * This engine simply filters the collection of tuples using the following
+ * {@link ACITupleFilter}s sequentially:
+ * <ol>
+ * <li>{@link RelatedUserClassFilter}</li>
+ * <li>{@link RelatedProtectedItemFilter}</li>
+ * <li>{@link MaxValueCountFilter}</li>
+ * <li>{@link MaxImmSubFilter}</li>
+ * <li>{@link RestrictedByFilter}</li>
+ * <li>{@link MicroOperationFilter}</li>
+ * <li>{@link HighestPrecedenceFilter}</li>
+ * <li>{@link MostSpecificUserClassFilter}</li>
+ * <li>{@link MostSpecificProtectedItemFilter}</li>
+ * </ol>
+ * <p>
+ * Operation is determined to be permitted if and only if there is at least one
+ * tuple left and all of them grants the access. (18.8.4. X.501)
+ * 
+ * @author The Apache Directory Project
+ * @version $Rev$, $Date$
+ */
+public class ACDFEngine
+{
+    private final ACITupleFilter[] filters;
+
+
+    /**
+     * Creates a new instance.
+     * 
+     * @param oidRegistry an OID registry to be used by internal components
+     * @param attrTypeRegistry an attribute type registry to be used by internal components 
+     * 
+     * @throws NamingException if failed to initialize internal components
+     */
+    public ACDFEngine(OidRegistry oidRegistry, AttributeTypeRegistry attrTypeRegistry) throws NamingException
+    {
+        Evaluator entryEvaluator = new ExpressionEvaluator( oidRegistry, attrTypeRegistry );
+        SubtreeEvaluator subtreeEvaluator = new SubtreeEvaluator( oidRegistry );
+        RefinementEvaluator refinementEvaluator = new RefinementEvaluator( new RefinementLeafEvaluator( oidRegistry ) );
+
+        filters = new ACITupleFilter[]
+            { new RelatedUserClassFilter( subtreeEvaluator ),
+                new RelatedProtectedItemFilter( refinementEvaluator, entryEvaluator ), new MaxValueCountFilter(),
+                new MaxImmSubFilter(), new RestrictedByFilter(), new MicroOperationFilter(),
+                new HighestPrecedenceFilter(), new MostSpecificUserClassFilter(),
+                new MostSpecificProtectedItemFilter(), };
+    }
+
+
+    /**
+     * Checks the user with the specified name can access the specified resource
+     * (entry, attribute type, or attribute value) and throws {@link LdapNoPermissionException}
+     * if the user doesn't have any permission to perform the specified grants.
+     * 
+     * @param proxy the proxy to the partition nexus
+     * @param userGroupNames the collection of the group DNs the user who is trying to access the resource belongs
+     * @param username the DN of the user who is trying to access the resource
+     * @param entryName the DN of the entry the user is trying to access 
+     * @param attrId the attribute type of the attribute the user is trying to access.
+     *               <tt>null</tt> if the user is not accessing a specific attribute type.
+     * @param attrValue the attribute value of the attribute the user is trying to access.
+     *                  <tt>null</tt> if the user is not accessing a specific attribute value.
+     * @param microOperations the {@link MicroOperation}s to perform
+     * @param aciTuples {@link ACITuple}s translated from {@link ACIItem}s in the subtree entries
+     * @throws NamingException if failed to evaluate ACI items
+     */
+    public void checkPermission( DirectoryPartitionNexusProxy proxy, Collection userGroupNames, Name username,
+        AuthenticationLevel authenticationLevel, Name entryName, String attrId, Object attrValue,
+        Collection microOperations, Collection aciTuples, Attributes entry ) throws NamingException
+    {
+        if ( !hasPermission( proxy, userGroupNames, username, authenticationLevel, entryName, attrId, attrValue,
+            microOperations, aciTuples, entry ) )
+        {
+            throw new LdapNoPermissionException();
+        }
+    }
+
+    public static final Collection USER_LOOKUP_BYPASS;
+    static
+    {
+        Collection c = new HashSet();
+        c.add( "normalizationService" );
+        c.add( "authenticationService" );
+        c.add( "authorizationService" );
+        c.add( "oldAuthorizationService" );
+        c.add( "schemaService" );
+        c.add( "subentryService" );
+        c.add( "operationalAttributeService" );
+        c.add( "eventService" );
+        USER_LOOKUP_BYPASS = Collections.unmodifiableCollection( c );
+    }
+
+
+    /**
+     * Returns <tt>true</tt> if the user with the specified name can access the specified resource
+     * (entry, attribute type, or attribute value) and throws {@link LdapNoPermissionException}
+     * if the user doesn't have any permission to perform the specified grants.
+     * 
+     * @param proxy the proxy to the partition nexus
+     * @param userGroupNames the collection of the group DNs the user who is trying to access the resource belongs
+     * @param userName the DN of the user who is trying to access the resource
+     * @param entryName the DN of the entry the user is trying to access 
+     * @param attrId the attribute type of the attribute the user is trying to access.
+     *               <tt>null</tt> if the user is not accessing a specific attribute type.
+     * @param attrValue the attribute value of the attribute the user is trying to access.
+     *                  <tt>null</tt> if the user is not accessing a specific attribute value.
+     * @param microOperations the {@link MicroOperation}s to perform
+     * @param aciTuples {@link ACITuple}s translated from {@link ACIItem}s in the subtree entries
+     */
+    public boolean hasPermission( DirectoryPartitionNexusProxy proxy, Collection userGroupNames, Name userName,
+        AuthenticationLevel authenticationLevel, Name entryName, String attrId, Object attrValue,
+        Collection microOperations, Collection aciTuples, Attributes entry ) throws NamingException
+    {
+        if ( entryName == null )
+        {
+            throw new NullPointerException( "entryName" );
+        }
+
+        Attributes userEntry = proxy.lookup( userName, USER_LOOKUP_BYPASS );
+
+        // Determine the scope of the requested operation.
+        OperationScope scope;
+        if ( attrId == null )
+        {
+            scope = OperationScope.ENTRY;
+        }
+        else if ( attrValue == null )
+        {
+            scope = OperationScope.ATTRIBUTE_TYPE;
+        }
+        else
+        {
+            scope = OperationScope.ATTRIBUTE_TYPE_AND_VALUE;
+        }
+
+        // Clone aciTuples in case it is unmodifiable.
+        aciTuples = new ArrayList( aciTuples );
+
+        // Filter unrelated and invalid tuples
+        for ( int i = 0; i < filters.length; i++ )
+        {
+            ACITupleFilter filter = filters[i];
+            aciTuples = filter.filter( aciTuples, scope, proxy, userGroupNames, userName, userEntry,
+                authenticationLevel, entryName, attrId, attrValue, entry, microOperations );
+        }
+
+        // Deny access if no tuples left.
+        if ( aciTuples.size() == 0 )
+        {
+            return false;
+        }
+
+        // Grant access if and only if one or more tuples remain and
+        // all grant access. Otherwise deny access.
+        for ( Iterator i = aciTuples.iterator(); i.hasNext(); )
+        {
+            ACITuple tuple = ( ACITuple ) i.next();
+            if ( !tuple.isGrant() )
+            {
+                return false;
+            }
+        }
+
+        return true;
+    }
+}

Propchange: directory/trunks/apacheds/core/src/main/java/org/apache/directory/server/core/authz/support/ACDFEngine.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: directory/trunks/apacheds/core/src/main/java/org/apache/directory/server/core/authz/support/ACDFEngine.java
------------------------------------------------------------------------------
--- svn:keywords (original)
+++ svn:keywords Sun Feb 19 19:57:02 2006
@@ -1 +1,4 @@
-HeadURL Id LastChangedBy LastChangedDate LastChangedRevision
+Rev
+Revision
+Date
+Id

Modified: directory/trunks/apacheds/core/src/main/java/org/apache/directory/server/core/authz/support/ACITupleFilter.java
URL: http://svn.apache.org/viewcvs/directory/trunks/apacheds/core/src/main/java/org/apache/directory/server/core/authz/support/ACITupleFilter.java?rev=379013&r1=379012&r2=379013&view=diff
==============================================================================
--- directory/trunks/apacheds/core/src/main/java/org/apache/directory/server/core/authz/support/ACITupleFilter.java (original)
+++ directory/trunks/apacheds/core/src/main/java/org/apache/directory/server/core/authz/support/ACITupleFilter.java Sun Feb 19 19:57:02 2006
@@ -18,6 +18,7 @@
  */
 package org.apache.directory.server.core.authz.support;
 
+
 import java.util.Collection;
 
 import javax.naming.Name;
@@ -59,10 +60,8 @@
      * @return the collection of filtered tuples
      * @throws NamingException if failed to filter the specifiec tuples
      */
-    Collection filter(
-            Collection tuples, OperationScope scope, DirectoryPartitionNexusProxy proxy,
-            Collection userGroupNames, Name userName, Attributes userEntry,
-            AuthenticationLevel authenticationLevel,
-            Name entryName, String attrId, Object attrValue, Attributes entry,
-            Collection microOperations ) throws NamingException;
+    Collection filter( Collection tuples, OperationScope scope, DirectoryPartitionNexusProxy proxy,
+        Collection userGroupNames, Name userName, Attributes userEntry, AuthenticationLevel authenticationLevel,
+        Name entryName, String attrId, Object attrValue, Attributes entry, Collection microOperations )
+        throws NamingException;
 }

Propchange: directory/trunks/apacheds/core/src/main/java/org/apache/directory/server/core/authz/support/ACITupleFilter.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: directory/trunks/apacheds/core/src/main/java/org/apache/directory/server/core/authz/support/ACITupleFilter.java
------------------------------------------------------------------------------
--- svn:keywords (original)
+++ svn:keywords Sun Feb 19 19:57:02 2006
@@ -1 +1,4 @@
-HeadURL Id LastChangedBy LastChangedDate LastChangedRevision
+Rev
+Revision
+Date
+Id

Modified: directory/trunks/apacheds/core/src/main/java/org/apache/directory/server/core/authz/support/HighestPrecedenceFilter.java
URL: http://svn.apache.org/viewcvs/directory/trunks/apacheds/core/src/main/java/org/apache/directory/server/core/authz/support/HighestPrecedenceFilter.java?rev=379013&r1=379012&r2=379013&view=diff
==============================================================================
--- directory/trunks/apacheds/core/src/main/java/org/apache/directory/server/core/authz/support/HighestPrecedenceFilter.java (original)
+++ directory/trunks/apacheds/core/src/main/java/org/apache/directory/server/core/authz/support/HighestPrecedenceFilter.java Sun Feb 19 19:57:02 2006
@@ -18,6 +18,7 @@
  */
 package org.apache.directory.server.core.authz.support;
 
+
 import java.util.Collection;
 import java.util.Iterator;
 
@@ -39,9 +40,12 @@
  */
 public class HighestPrecedenceFilter implements ACITupleFilter
 {
-    public Collection filter( Collection tuples, OperationScope scope, DirectoryPartitionNexusProxy proxy, Collection userGroupNames, Name userName, Attributes userEntry, AuthenticationLevel authenticationLevel, Name entryName, String attrId, Object attrValue, Attributes entry, Collection microOperations ) throws NamingException
+    public Collection filter( Collection tuples, OperationScope scope, DirectoryPartitionNexusProxy proxy,
+        Collection userGroupNames, Name userName, Attributes userEntry, AuthenticationLevel authenticationLevel,
+        Name entryName, String attrId, Object attrValue, Attributes entry, Collection microOperations )
+        throws NamingException
     {
-        if( tuples.size() <= 1 )
+        if ( tuples.size() <= 1 )
         {
             return tuples;
         }
@@ -49,20 +53,20 @@
         int maxPrecedence = -1;
 
         // Find the maximum precedence for all tuples.
-        for( Iterator i = tuples.iterator(); i.hasNext(); )
+        for ( Iterator i = tuples.iterator(); i.hasNext(); )
         {
             ACITuple tuple = ( ACITuple ) i.next();
-            if( tuple.getPrecedence() > maxPrecedence )
+            if ( tuple.getPrecedence() > maxPrecedence )
             {
                 maxPrecedence = tuple.getPrecedence();
             }
         }
 
         // Remove all tuples whose precedences are not the maximum one.
-        for( Iterator i = tuples.iterator(); i.hasNext(); )
+        for ( Iterator i = tuples.iterator(); i.hasNext(); )
         {
             ACITuple tuple = ( ACITuple ) i.next();
-            if( tuple.getPrecedence() != maxPrecedence )
+            if ( tuple.getPrecedence() != maxPrecedence )
             {
                 i.remove();
             }

Propchange: directory/trunks/apacheds/core/src/main/java/org/apache/directory/server/core/authz/support/HighestPrecedenceFilter.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: directory/trunks/apacheds/core/src/main/java/org/apache/directory/server/core/authz/support/HighestPrecedenceFilter.java
------------------------------------------------------------------------------
--- svn:keywords (original)
+++ svn:keywords Sun Feb 19 19:57:02 2006
@@ -1 +1,4 @@
-HeadURL Id LastChangedBy LastChangedDate LastChangedRevision
+Rev
+Revision
+Date
+Id

Modified: directory/trunks/apacheds/core/src/main/java/org/apache/directory/server/core/authz/support/MaxImmSubFilter.java
URL: http://svn.apache.org/viewcvs/directory/trunks/apacheds/core/src/main/java/org/apache/directory/server/core/authz/support/MaxImmSubFilter.java?rev=379013&r1=379012&r2=379013&view=diff
==============================================================================
--- directory/trunks/apacheds/core/src/main/java/org/apache/directory/server/core/authz/support/MaxImmSubFilter.java (original)
+++ directory/trunks/apacheds/core/src/main/java/org/apache/directory/server/core/authz/support/MaxImmSubFilter.java Sun Feb 19 19:57:02 2006
@@ -18,6 +18,7 @@
  */
 package org.apache.directory.server.core.authz.support;
 
+
 import java.util.*;
 
 import javax.naming.Name;
@@ -46,6 +47,7 @@
     private final ExprNode childrenFilter;
     private final SearchControls childrenSearchControls;
 
+
     public MaxImmSubFilter()
     {
         childrenFilter = new PresenceNode( "objectClass" );
@@ -53,45 +55,49 @@
         childrenSearchControls.setSearchScope( SearchControls.ONELEVEL_SCOPE );
     }
 
-    public Collection filter( Collection tuples, OperationScope scope, DirectoryPartitionNexusProxy proxy, Collection userGroupNames, Name userName, Attributes userEntry, AuthenticationLevel authenticationLevel, Name entryName, String attrId, Object attrValue, Attributes entry, Collection microOperations ) throws NamingException
+
+    public Collection filter( Collection tuples, OperationScope scope, DirectoryPartitionNexusProxy proxy,
+        Collection userGroupNames, Name userName, Attributes userEntry, AuthenticationLevel authenticationLevel,
+        Name entryName, String attrId, Object attrValue, Attributes entry, Collection microOperations )
+        throws NamingException
     {
-        if( entryName.size() == 0 )
+        if ( entryName.size() == 0 )
         {
             return tuples;
         }
 
-        if( tuples.size() == 0 )
+        if ( tuples.size() == 0 )
         {
             return tuples;
         }
 
-        if( scope != OperationScope.ENTRY )
+        if ( scope != OperationScope.ENTRY )
         {
             return tuples;
         }
 
         int immSubCount = -1;
 
-        for( Iterator i = tuples.iterator(); i.hasNext(); )
+        for ( Iterator i = tuples.iterator(); i.hasNext(); )
         {
             ACITuple tuple = ( ACITuple ) i.next();
-            if( !tuple.isGrant() )
+            if ( !tuple.isGrant() )
             {
                 continue;
             }
 
-            for( Iterator j = tuple.getProtectedItems().iterator(); j.hasNext(); )
+            for ( Iterator j = tuple.getProtectedItems().iterator(); j.hasNext(); )
             {
                 ProtectedItem item = ( ProtectedItem ) j.next();
-                if( item instanceof ProtectedItem.MaxImmSub )
+                if ( item instanceof ProtectedItem.MaxImmSub )
                 {
-                    if( immSubCount < 0 )
+                    if ( immSubCount < 0 )
                     {
                         immSubCount = getImmSubCount( proxy, entryName );
                     }
 
                     ProtectedItem.MaxImmSub mis = ( ProtectedItem.MaxImmSub ) item;
-                    if( immSubCount >= mis.getValue() )
+                    if ( immSubCount >= mis.getValue() )
                     {
                         i.remove();
                         break;
@@ -103,7 +109,6 @@
         return tuples;
     }
 
-
     public static final Collection SEARCH_BYPASS;
     static
     {
@@ -126,20 +131,19 @@
         NamingEnumeration e = null;
         try
         {
-            e = proxy.search(
-                entryName.getPrefix( 1 ), new HashMap(),
-                childrenFilter, childrenSearchControls, SEARCH_BYPASS );
+            e = proxy.search( entryName.getPrefix( 1 ), new HashMap(), childrenFilter, childrenSearchControls,
+                SEARCH_BYPASS );
 
-            while( e.hasMore() )
+            while ( e.hasMore() )
             {
                 e.next();
-                cnt ++;
+                cnt++;
             }
 
         }
         finally
         {
-            if( e != null )
+            if ( e != null )
             {
                 e.close();
             }

Propchange: directory/trunks/apacheds/core/src/main/java/org/apache/directory/server/core/authz/support/MaxImmSubFilter.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: directory/trunks/apacheds/core/src/main/java/org/apache/directory/server/core/authz/support/MaxImmSubFilter.java
------------------------------------------------------------------------------
--- svn:keywords (original)
+++ svn:keywords Sun Feb 19 19:57:02 2006
@@ -1 +1,4 @@
-HeadURL Id LastChangedBy LastChangedDate LastChangedRevision
+Rev
+Revision
+Date
+Id

Modified: directory/trunks/apacheds/core/src/main/java/org/apache/directory/server/core/authz/support/MaxValueCountFilter.java
URL: http://svn.apache.org/viewcvs/directory/trunks/apacheds/core/src/main/java/org/apache/directory/server/core/authz/support/MaxValueCountFilter.java?rev=379013&r1=379012&r2=379013&view=diff
==============================================================================
--- directory/trunks/apacheds/core/src/main/java/org/apache/directory/server/core/authz/support/MaxValueCountFilter.java (original)
+++ directory/trunks/apacheds/core/src/main/java/org/apache/directory/server/core/authz/support/MaxValueCountFilter.java Sun Feb 19 19:57:02 2006
@@ -18,6 +18,7 @@
  */
 package org.apache.directory.server.core.authz.support;
 
+
 import java.util.Collection;
 import java.util.Iterator;
 
@@ -42,33 +43,36 @@
  */
 public class MaxValueCountFilter implements ACITupleFilter
 {
-    public Collection filter( Collection tuples, OperationScope scope, DirectoryPartitionNexusProxy proxy, Collection userGroupNames, Name userName, Attributes userEntry, AuthenticationLevel authenticationLevel, Name entryName, String attrId, Object attrValue, Attributes entry, Collection microOperations ) throws NamingException
+    public Collection filter( Collection tuples, OperationScope scope, DirectoryPartitionNexusProxy proxy,
+        Collection userGroupNames, Name userName, Attributes userEntry, AuthenticationLevel authenticationLevel,
+        Name entryName, String attrId, Object attrValue, Attributes entry, Collection microOperations )
+        throws NamingException
     {
-        if( scope != OperationScope.ATTRIBUTE_TYPE_AND_VALUE )
+        if ( scope != OperationScope.ATTRIBUTE_TYPE_AND_VALUE )
         {
             return tuples;
         }
 
-        if( tuples.size() == 0 )
+        if ( tuples.size() == 0 )
         {
             return tuples;
         }
 
-        for( Iterator i = tuples.iterator(); i.hasNext(); )
+        for ( Iterator i = tuples.iterator(); i.hasNext(); )
         {
             ACITuple tuple = ( ACITuple ) i.next();
-            if( !tuple.isGrant() )
+            if ( !tuple.isGrant() )
             {
                 continue;
             }
 
-            for( Iterator j = tuple.getProtectedItems().iterator(); j.hasNext(); )
+            for ( Iterator j = tuple.getProtectedItems().iterator(); j.hasNext(); )
             {
                 ProtectedItem item = ( ProtectedItem ) j.next();
-                if( item instanceof ProtectedItem.MaxValueCount )
+                if ( item instanceof ProtectedItem.MaxValueCount )
                 {
                     ProtectedItem.MaxValueCount mvc = ( ProtectedItem.MaxValueCount ) item;
-                    if( isRemovable( mvc, attrId, entry ) )
+                    if ( isRemovable( mvc, attrId, entry ) )
                     {
                         i.remove();
                         break;
@@ -80,16 +84,17 @@
         return tuples;
     }
 
+
     private boolean isRemovable( ProtectedItem.MaxValueCount mvc, String attrId, Attributes entry )
     {
-        for( Iterator k = mvc.iterator(); k.hasNext(); )
+        for ( Iterator k = mvc.iterator(); k.hasNext(); )
         {
             MaxValueCountItem mvcItem = ( MaxValueCountItem ) k.next();
-            if( attrId.equalsIgnoreCase( mvcItem.getAttributeType() ) )
+            if ( attrId.equalsIgnoreCase( mvcItem.getAttributeType() ) )
             {
                 Attribute attr = entry.get( attrId );
-                int attrCount = attr == null? 0 : attr.size();
-                if( attrCount >= mvcItem.getMaxCount() )
+                int attrCount = attr == null ? 0 : attr.size();
+                if ( attrCount >= mvcItem.getMaxCount() )
                 {
                     return true;
                 }

Propchange: directory/trunks/apacheds/core/src/main/java/org/apache/directory/server/core/authz/support/MaxValueCountFilter.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: directory/trunks/apacheds/core/src/main/java/org/apache/directory/server/core/authz/support/MaxValueCountFilter.java
------------------------------------------------------------------------------
--- svn:keywords (original)
+++ svn:keywords Sun Feb 19 19:57:02 2006
@@ -1 +1,4 @@
-HeadURL Id LastChangedBy LastChangedDate LastChangedRevision
+Rev
+Revision
+Date
+Id

Modified: directory/trunks/apacheds/core/src/main/java/org/apache/directory/server/core/authz/support/MicroOperationFilter.java
URL: http://svn.apache.org/viewcvs/directory/trunks/apacheds/core/src/main/java/org/apache/directory/server/core/authz/support/MicroOperationFilter.java?rev=379013&r1=379012&r2=379013&view=diff
==============================================================================
--- directory/trunks/apacheds/core/src/main/java/org/apache/directory/server/core/authz/support/MicroOperationFilter.java (original)
+++ directory/trunks/apacheds/core/src/main/java/org/apache/directory/server/core/authz/support/MicroOperationFilter.java Sun Feb 19 19:57:02 2006
@@ -18,6 +18,7 @@
  */
 package org.apache.directory.server.core.authz.support;
 
+
 import java.util.Collection;
 import java.util.Iterator;
 
@@ -42,17 +43,16 @@
 public class MicroOperationFilter implements ACITupleFilter
 {
     public Collection filter( Collection tuples, OperationScope scope, DirectoryPartitionNexusProxy proxy,
-                              Collection userGroupNames, Name userName, Attributes userEntry,
-                              AuthenticationLevel authenticationLevel, Name entryName, String attrId,
-                              Object attrValue, Attributes entry, Collection microOperations )
-            throws NamingException
+        Collection userGroupNames, Name userName, Attributes userEntry, AuthenticationLevel authenticationLevel,
+        Name entryName, String attrId, Object attrValue, Attributes entry, Collection microOperations )
+        throws NamingException
     {
-        if( tuples.size() == 0 )
+        if ( tuples.size() == 0 )
         {
             return tuples;
         }
 
-        for( Iterator i = tuples.iterator(); i.hasNext(); )
+        for ( Iterator i = tuples.iterator(); i.hasNext(); )
         {
             ACITuple tuple = ( ACITuple ) i.next();
 
@@ -63,17 +63,17 @@
              */
 
             boolean retain = true;
-            for( Iterator j = microOperations.iterator(); j.hasNext(); )
+            for ( Iterator j = microOperations.iterator(); j.hasNext(); )
             {
                 MicroOperation microOp = ( MicroOperation ) j.next();
-                if( ! tuple.getMicroOperations().contains( microOp ) )
+                if ( !tuple.getMicroOperations().contains( microOp ) )
                 {
                     retain = false;
                     break;
                 }
             }
 
-            if( !retain )
+            if ( !retain )
             {
                 i.remove();
             }

Propchange: directory/trunks/apacheds/core/src/main/java/org/apache/directory/server/core/authz/support/MicroOperationFilter.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: directory/trunks/apacheds/core/src/main/java/org/apache/directory/server/core/authz/support/MicroOperationFilter.java
------------------------------------------------------------------------------
--- svn:keywords (original)
+++ svn:keywords Sun Feb 19 19:57:02 2006
@@ -1 +1,4 @@
-HeadURL Id LastChangedBy LastChangedDate LastChangedRevision
+Rev
+Revision
+Date
+Id



Mime
View raw message