Return-Path: 
 <commits-return-9505-apmail-directory-commits-archive=directory.apache.org@directory.apache.org>
Delivered-To: apmail-directory-commits-archive@www.apache.org
Received: (qmail 59295 invoked from network); 12 Jul 2006 23:49:17 -0000
Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199)
  by minotaur.apache.org with SMTP; 12 Jul 2006 23:49:17 -0000
Received: (qmail 24387 invoked by uid 500); 12 Jul 2006 23:49:17 -0000
Delivered-To: apmail-directory-commits-archive@directory.apache.org
Received: (qmail 24347 invoked by uid 500); 12 Jul 2006 23:49:17 -0000
Mailing-List: contact commits-help@directory.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:commits-help@directory.apache.org>
List-Unsubscribe: <mailto:commits-unsubscribe@directory.apache.org>
List-Post: <mailto:commits@directory.apache.org>
List-Id: <commits.directory.apache.org>
Reply-To: dev@directory.apache.org
Delivered-To: mailing list commits@directory.apache.org
Received: (qmail 24336 invoked by uid 99); 12 Jul 2006 23:49:17 -0000
Received: from asf.osuosl.org (HELO asf.osuosl.org) (140.211.166.49)
    by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 12 Jul 2006 16:49:17 -0700
X-ASF-Spam-Status: No, hits=-9.4 required=10.0
	tests=ALL_TRUSTED,NO_REAL_NAME
X-Spam-Check-By: apache.org
Received-SPF: pass (asf.osuosl.org: local policy)
Received: from [140.211.166.113] (HELO eris.apache.org) (140.211.166.113)
    by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 12 Jul 2006 16:49:15 -0700
Received: by eris.apache.org (Postfix, from userid 65534)
	id A8D5E1A981A; Wed, 12 Jul 2006 16:48:55 -0700 (PDT)
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Subject: svn commit: r421465 - in
 /directory/branches/apacheds/optimization/core/src/main/java/org/apache/directory/server/core:
 authn/ authz/
Date: Wed, 12 Jul 2006 23:48:54 -0000
To: commits@directory.apache.org
From: akarasulu@apache.org
X-Mailer: svnmailer-1.0.8
Message-Id: <20060712234855.A8D5E1A981A@eris.apache.org>
X-Virus-Checked: Checked by ClamAV on apache.org
X-Spam-Rating: minotaur.apache.org 1.6.2 0/1000/N

Author: akarasulu
Date: Wed Jul 12 16:48:53 2006
New Revision: 421465

URL: http://svn.apache.org/viewvc?rev=421465&view=rev
Log:
fixes for DIRSERVER-672: added extra LdapDN argument to Authenticator.authenticate() and cleanedup unnecesary normalization code

Modified:
    directory/branches/apacheds/optimization/core/src/main/java/org/apache/directory/server/core/authn/AbstractAuthenticator.java
    directory/branches/apacheds/optimization/core/src/main/java/org/apache/directory/server/core/authn/AnonymousAuthenticator.java
    directory/branches/apacheds/optimization/core/src/main/java/org/apache/directory/server/core/authn/AuthenticationService.java
    directory/branches/apacheds/optimization/core/src/main/java/org/apache/directory/server/core/authn/Authenticator.java
    directory/branches/apacheds/optimization/core/src/main/java/org/apache/directory/server/core/authn/LdapPrincipal.java
    directory/branches/apacheds/optimization/core/src/main/java/org/apache/directory/server/core/authn/SimpleAuthenticator.java
    directory/branches/apacheds/optimization/core/src/main/java/org/apache/directory/server/core/authz/AuthorizationService.java
    directory/branches/apacheds/optimization/core/src/main/java/org/apache/directory/server/core/authz/DefaultAuthorizationService.java

Modified: directory/branches/apacheds/optimization/core/src/main/java/org/apache/directory/server/core/authn/AbstractAuthenticator.java
URL: http://svn.apache.org/viewvc/directory/branches/apacheds/optimization/core/src/main/java/org/apache/directory/server/core/authn/AbstractAuthenticator.java?rev=421465&r1=421464&r2=421465&view=diff
==============================================================================
--- directory/branches/apacheds/optimization/core/src/main/java/org/apache/directory/server/core/authn/AbstractAuthenticator.java (original)
+++ directory/branches/apacheds/optimization/core/src/main/java/org/apache/directory/server/core/authn/AbstractAuthenticator.java Wed Jul 12 16:48:53 2006
@@ -127,7 +127,7 @@
     }
 
 
-    public abstract LdapPrincipal authenticate( ServerContext ctx ) throws NamingException;
+    public abstract LdapPrincipal authenticate( LdapDN bindDn, ServerContext ctx ) throws NamingException;
 
 
     /**

Modified: directory/branches/apacheds/optimization/core/src/main/java/org/apache/directory/server/core/authn/AnonymousAuthenticator.java
URL: http://svn.apache.org/viewvc/directory/branches/apacheds/optimization/core/src/main/java/org/apache/directory/server/core/authn/AnonymousAuthenticator.java?rev=421465&r1=421464&r2=421465&view=diff
==============================================================================
--- directory/branches/apacheds/optimization/core/src/main/java/org/apache/directory/server/core/authn/AnonymousAuthenticator.java (original)
+++ directory/branches/apacheds/optimization/core/src/main/java/org/apache/directory/server/core/authn/AnonymousAuthenticator.java Wed Jul 12 16:48:53 2006
@@ -21,6 +21,7 @@
 
 import org.apache.directory.server.core.jndi.ServerContext;
 import org.apache.directory.shared.ldap.exception.LdapNoPermissionException;
+import org.apache.directory.shared.ldap.name.LdapDN;
 
 
 /**
@@ -44,7 +45,7 @@
      * If the context is not configured to allow anonymous connections,
      * this method throws a {@link javax.naming.NoPermissionException}.
      */
-    public LdapPrincipal authenticate( ServerContext ctx ) throws NamingException
+    public LdapPrincipal authenticate( LdapDN bindDn, ServerContext ctx ) throws NamingException
     {
         if ( getFactoryConfiguration().getStartupConfiguration().isAllowAnonymousAccess() )
         {

Modified: directory/branches/apacheds/optimization/core/src/main/java/org/apache/directory/server/core/authn/AuthenticationService.java
URL: http://svn.apache.org/viewvc/directory/branches/apacheds/optimization/core/src/main/java/org/apache/directory/server/core/authn/AuthenticationService.java?rev=421465&r1=421464&r2=421465&view=diff
==============================================================================
--- directory/branches/apacheds/optimization/core/src/main/java/org/apache/directory/server/core/authn/AuthenticationService.java (original)
+++ directory/branches/apacheds/optimization/core/src/main/java/org/apache/directory/server/core/authn/AuthenticationService.java Wed Jul 12 16:48:53 2006
@@ -457,7 +457,7 @@
             try
             {
                 // perform the authentication
-                LdapPrincipal authorizationId = authenticator.authenticate( ctx );
+                LdapPrincipal authorizationId = authenticator.authenticate( bindDn, ctx );
                 // authentication was successful
                 ctx.setPrincipal( new TrustedPrincipalWrapper( authorizationId ) );
                 // remove creds so there is no security risk

Modified: directory/branches/apacheds/optimization/core/src/main/java/org/apache/directory/server/core/authn/Authenticator.java
URL: http://svn.apache.org/viewvc/directory/branches/apacheds/optimization/core/src/main/java/org/apache/directory/server/core/authn/Authenticator.java?rev=421465&r1=421464&r2=421465&view=diff
==============================================================================
--- directory/branches/apacheds/optimization/core/src/main/java/org/apache/directory/server/core/authn/Authenticator.java (original)
+++ directory/branches/apacheds/optimization/core/src/main/java/org/apache/directory/server/core/authn/Authenticator.java Wed Jul 12 16:48:53 2006
@@ -24,6 +24,7 @@
 import org.apache.directory.server.core.configuration.AuthenticatorConfiguration;
 import org.apache.directory.server.core.jndi.ServerContext;
 import org.apache.directory.server.core.partition.DirectoryPartitionNexus;
+import org.apache.directory.shared.ldap.name.LdapDN;
 
 
 /**
@@ -68,5 +69,5 @@
     /**
      * Performs authentication and returns the principal if succeeded.
      */
-    public LdapPrincipal authenticate( ServerContext ctx ) throws NamingException;
+    public LdapPrincipal authenticate( LdapDN bindDn, ServerContext ctx ) throws NamingException;
 }

Modified: directory/branches/apacheds/optimization/core/src/main/java/org/apache/directory/server/core/authn/LdapPrincipal.java
URL: http://svn.apache.org/viewvc/directory/branches/apacheds/optimization/core/src/main/java/org/apache/directory/server/core/authn/LdapPrincipal.java?rev=421465&r1=421464&r2=421465&view=diff
==============================================================================
--- directory/branches/apacheds/optimization/core/src/main/java/org/apache/directory/server/core/authn/LdapPrincipal.java (original)
+++ directory/branches/apacheds/optimization/core/src/main/java/org/apache/directory/server/core/authn/LdapPrincipal.java Wed Jul 12 16:48:53 2006
@@ -55,7 +55,7 @@
      * @param name the normalized distinguished name of the principal
      * @param authenticationLevel
      */
-    LdapPrincipal(Name name, AuthenticationLevel authenticationLevel)
+    LdapPrincipal( Name name, AuthenticationLevel authenticationLevel )
     {
         this.name = name;
         this.authenticationLevel = authenticationLevel;
@@ -79,9 +79,9 @@
      *
      * @return the normalized distinguished name of the principal as a JNDI {@link Name}
      */
-    public Name getJndiName()
+    public LdapDN getJndiName()
     {
-        return ( Name ) name.clone();
+        return ( LdapDN ) name.clone();
     }
 
 

Modified: directory/branches/apacheds/optimization/core/src/main/java/org/apache/directory/server/core/authn/SimpleAuthenticator.java
URL: http://svn.apache.org/viewvc/directory/branches/apacheds/optimization/core/src/main/java/org/apache/directory/server/core/authn/SimpleAuthenticator.java?rev=421465&r1=421464&r2=421465&view=diff
==============================================================================
--- directory/branches/apacheds/optimization/core/src/main/java/org/apache/directory/server/core/authn/SimpleAuthenticator.java (original)
+++ directory/branches/apacheds/optimization/core/src/main/java/org/apache/directory/server/core/authn/SimpleAuthenticator.java Wed Jul 12 16:48:53 2006
@@ -85,13 +85,8 @@
      * value of {@link Context#SECURITY_PRINCIPAL} environment variable, and
      * authenticates a user with the plain-text password.
      */
-    public LdapPrincipal authenticate( ServerContext ctx ) throws NamingException
+    public LdapPrincipal authenticate( LdapDN principalDn, ServerContext ctx ) throws NamingException
     {
-        /*
-         * OPTIMIZE
-         * @TODO pass already normalized LdapDN in as an argument to authenticate
-         */
-        
         // ---- extract password from JNDI environment
 
         Object creds = ctx.getEnvironment().get( Context.SECURITY_CREDENTIALS );
@@ -105,27 +100,8 @@
             creds = ( ( String ) creds ).getBytes();
         }
 
-        // ---- extract principal from JNDI environment
-
-        String principal;
-
-        if ( !ctx.getEnvironment().containsKey( Context.SECURITY_PRINCIPAL ) )
-        {
-            throw new LdapAuthenticationException();
-        }
-        else
-        {
-            principal = ( String ) ctx.getEnvironment().get( Context.SECURITY_PRINCIPAL );
-
-            if ( principal == null )
-            {
-                throw new LdapAuthenticationException();
-            }
-        }
-
         // ---- lookup the principal entry's userPassword attribute
 
-        LdapDN principalDn = new LdapDN( principal );
         Invocation invocation = InvocationStack.getInstance().peek();
         DirectoryPartitionNexusProxy proxy = invocation.getProxy();
         Attributes userEntry;
@@ -137,7 +113,7 @@
 
             if ( userEntry == null )
             {
-                throw new LdapAuthenticationException( "Failed to lookup user for authentication: " + principal );
+                throw new LdapAuthenticationException( "Failed to lookup user for authentication: " + principalDn );
             }
         }
         catch ( Exception cause )

Modified: directory/branches/apacheds/optimization/core/src/main/java/org/apache/directory/server/core/authz/AuthorizationService.java
URL: http://svn.apache.org/viewvc/directory/branches/apacheds/optimization/core/src/main/java/org/apache/directory/server/core/authz/AuthorizationService.java?rev=421465&r1=421464&r2=421465&view=diff
==============================================================================
--- directory/branches/apacheds/optimization/core/src/main/java/org/apache/directory/server/core/authz/AuthorizationService.java (original)
+++ directory/branches/apacheds/optimization/core/src/main/java/org/apache/directory/server/core/authz/AuthorizationService.java Wed Jul 12 16:48:53 2006
@@ -359,7 +359,7 @@
         // Access the principal requesting the operation, and bypass checks if it is the admin
         Invocation invocation = InvocationStack.getInstance().peek();
         LdapPrincipal principal = ( ( ServerContext ) invocation.getCaller() ).getPrincipal();
-        LdapDN userName = parseNormalized( principal.getName() );
+        LdapDN userName = principal.getJndiName();
 
         // bypass authz code if we are disabled
         if ( !enabled )
@@ -429,7 +429,7 @@
         DirectoryPartitionNexusProxy proxy = invocation.getProxy();
         Attributes entry = proxy.lookup( name, DirectoryPartitionNexusProxy.LOOKUP_BYPASS );
         LdapPrincipal principal = ( ( ServerContext ) invocation.getCaller() ).getPrincipal();
-        LdapDN userName = parseNormalized( principal.getName() );
+        LdapDN userName = principal.getJndiName();
 
         // bypass authz code if we are disabled
         if ( !enabled )
@@ -469,7 +469,7 @@
         DirectoryPartitionNexusProxy proxy = invocation.getProxy();
         Attributes entry = proxy.lookup( name, DirectoryPartitionNexusProxy.LOOKUP_BYPASS );
         LdapPrincipal principal = ( ( ServerContext ) invocation.getCaller() ).getPrincipal();
-        LdapDN userName = parseNormalized( principal.getName() );
+        LdapDN userName = principal.getJndiName();
 
         // bypass authz code if we are disabled
         if ( !enabled )
@@ -534,7 +534,7 @@
         DirectoryPartitionNexusProxy proxy = invocation.getProxy();
         Attributes entry = proxy.lookup( name, DirectoryPartitionNexusProxy.LOOKUP_BYPASS );
         LdapPrincipal principal = ( ( ServerContext ) invocation.getCaller() ).getPrincipal();
-        LdapDN userName = parseNormalized( principal.getName() );
+        LdapDN userName = principal.getJndiName();
 
         // bypass authz code if we are disabled
         if ( !enabled )
@@ -597,7 +597,7 @@
         DirectoryPartitionNexusProxy proxy = invocation.getProxy();
         Attributes entry = proxy.lookup( name, DirectoryPartitionNexusProxy.LOOKUP_BYPASS );
         LdapPrincipal principal = ( ( ServerContext ) invocation.getCaller() ).getPrincipal();
-        LdapDN userName = parseNormalized( principal.getName() );
+        LdapDN userName = principal.getJndiName();
 
         if ( userName.toNormName().equalsIgnoreCase( DirectoryPartitionNexus.ADMIN_PRINCIPAL_NORMALIZED ) || !enabled
             || name.toString().trim().equals( "" ) ) // no checks on the rootdse
@@ -643,7 +643,7 @@
         }
 
         DirectoryPartitionNexusProxy proxy = InvocationStack.getInstance().peek().getProxy();
-        LdapDN userName = parseNormalized( principal.getName() );
+        LdapDN userName = principal.getJndiName();
         Set userGroups = groupCache.getGroups( userName.toNormName() );
         Collection tuples = new HashSet();
         addPerscriptiveAciTuples( proxy, tuples, dn, entry );
@@ -713,7 +713,7 @@
         DirectoryPartitionNexusProxy proxy = invocation.getProxy();
         Attributes entry = proxy.lookup( name, DirectoryPartitionNexusProxy.LOOKUP_BYPASS );
         LdapPrincipal principal = ( ( ServerContext ) invocation.getCaller() ).getPrincipal();
-        LdapDN userName = parseNormalized( principal.getName() );
+        LdapDN userName = principal.getJndiName();
         LdapDN newName = ( LdapDN ) name.clone();
         newName.remove( name.size() - 1 );
         newName.add( parseNormalized( newRn ).get( 0 ) );
@@ -786,7 +786,7 @@
         DirectoryPartitionNexusProxy proxy = invocation.getProxy();
         Attributes entry = proxy.lookup( oriChildName, DirectoryPartitionNexusProxy.LOOKUP_BYPASS );
         LdapPrincipal principal = ( ( ServerContext ) invocation.getCaller() ).getPrincipal();
-        LdapDN userName = parseNormalized( principal.getName() );
+        LdapDN userName = principal.getJndiName();
         LdapDN newName = ( LdapDN ) newParentName.clone();
         newName.add( newRn );
 
@@ -864,7 +864,7 @@
         LdapDN newName = ( LdapDN ) newParentName.clone();
         newName.add( oriChildName.get( oriChildName.size() - 1 ) );
         LdapPrincipal principal = ( ( ServerContext ) invocation.getCaller() ).getPrincipal();
-        LdapDN userName = parseNormalized( principal.getName() );
+        LdapDN userName = principal.getJndiName();
 
         // bypass authz code if we are disabled
         if ( !enabled )
@@ -951,7 +951,7 @@
         DirectoryPartitionNexusProxy proxy = invocation.getProxy();
         Attributes entry = proxy.lookup( name, DirectoryPartitionNexusProxy.LOOKUP_BYPASS );
         LdapPrincipal principal = ( ( ServerContext ) invocation.getCaller() ).getPrincipal();
-        LdapDN userName = parseNormalized( principal.getName() );
+        LdapDN userName = principal.getJndiName();
 
         if ( userName.toNormName().equals( DirectoryPartitionNexus.ADMIN_PRINCIPAL_NORMALIZED ) || !enabled )
         {
@@ -979,7 +979,7 @@
         Invocation invocation = InvocationStack.getInstance().peek();
         DirectoryPartitionNexusProxy proxy = invocation.getProxy();
         LdapPrincipal principal = ( ( ServerContext ) invocation.getCaller() ).getPrincipal();
-        LdapDN userName = parseNormalized( principal.getName() );
+        LdapDN userName = principal.getJndiName();
         if ( userName.toString().equalsIgnoreCase( DirectoryPartitionNexus.ADMIN_PRINCIPAL_NORMALIZED ) || !enabled )
         {
             return next.getMatchedName( dn );
@@ -1029,7 +1029,7 @@
          */
         Attributes entry = invocation.getProxy().lookup( normName, DirectoryPartitionNexusProxy.LOOKUP_BYPASS );
         ServerLdapContext ctx = ( ServerLdapContext ) invocation.getCaller();
-        LdapDN userDn = parseNormalized( ctx.getPrincipal().getName() );
+        LdapDN userDn = ctx.getPrincipal().getJndiName();
         Set userGroups = groupCache.getGroups( userDn.toNormName() );
         Collection tuples = new HashSet();
         addPerscriptiveAciTuples( invocation.getProxy(), tuples, normName, entry );

Modified: directory/branches/apacheds/optimization/core/src/main/java/org/apache/directory/server/core/authz/DefaultAuthorizationService.java
URL: http://svn.apache.org/viewvc/directory/branches/apacheds/optimization/core/src/main/java/org/apache/directory/server/core/authz/DefaultAuthorizationService.java?rev=421465&r1=421464&r2=421465&view=diff
==============================================================================
--- directory/branches/apacheds/optimization/core/src/main/java/org/apache/directory/server/core/authz/DefaultAuthorizationService.java (original)
+++ directory/branches/apacheds/optimization/core/src/main/java/org/apache/directory/server/core/authz/DefaultAuthorizationService.java Wed Jul 12 16:48:53 2006
@@ -207,8 +207,7 @@
 
     private void protectModifyAlterations( LdapDN dn ) throws NamingException
     {
-        LdapDN principalDn = new LdapDN( getPrincipal().getJndiName() );
-        principalDn.normalize( oidsMap );
+        LdapDN principalDn = getPrincipal().getJndiName();
 
         if ( dn.size() == 0 )
         {
@@ -240,7 +239,7 @@
             {
                 String msg = "User " + principalDn;
                 msg += " does not have permission to modify the group entry ";
-                msg += dn + ".\nGroups can only be modified by the admin.";
+                msg += dn.getUpName() + ".\nGroups can only be modified by the admin.";
                 throw new LdapNoPermissionException( msg );
             }
         }
@@ -290,7 +289,7 @@
 
     private void protectDnAlterations( Name dn ) throws LdapNoPermissionException
     {
-        Name principalDn = getPrincipal().getJndiName();
+        LdapDN principalDn = getPrincipal().getJndiName();
 
         if ( dn.toString().equals( "" ) )
         {
@@ -300,7 +299,7 @@
 
         if ( dn == ADMIN_DN || dn.equals( ADMIN_DN ) )
         {
-            String msg = "User '" + principalDn;
+            String msg = "User '" + principalDn.getUpName();
             msg += "' does not have permission to move or rename the admin";
             msg += " account.  No one not even the admin can move or";
             msg += " rename " + dn + "!";
@@ -352,24 +351,16 @@
     }
 
 
-    private void protectLookUp( Name normalizedDn ) throws NamingException
+    private void protectLookUp( LdapDN normalizedDn ) throws NamingException
     {
         LdapContext ctx = ( LdapContext ) InvocationStack.getInstance().peek().getCaller();
-        
-        Name name = ( ( ServerContext ) ctx ).getPrincipal().getJndiName();
-        
-        // We want to avoid a creation of an object if it's not necessary
-        LdapDN principalDn = ( name instanceof LdapDN ? (LdapDN)name : new LdapDN( name ));
-        
-        // TODO : Why do we have to normalize this LdapDN ???
-        principalDn.normalize( oidsMap );
-
+        LdapDN principalDn = ( ( ServerContext ) ctx ).getPrincipal().getJndiName();
         if ( !principalDn.equals( ADMIN_DN ) )
         {
             if ( normalizedDn.size() > 2 && normalizedDn.startsWith( USER_BASE_DN ) )
             {
                 // allow for self reads
-                if ( normalizedDn.toString().equals( principalDn.toString() ) )
+                if ( normalizedDn.getNormName().equals( principalDn.getNormName() ) )
                 {
                     return;
                 }
@@ -383,7 +374,7 @@
             if ( normalizedDn.size() > 2 && normalizedDn.startsWith( GROUP_BASE_DN ) )
             {
                 // allow for self reads
-                if ( normalizedDn.toString().equals( principalDn.toString() ) )
+                if ( normalizedDn.getNormName().equals( principalDn.getNormName() ) )
                 {
                     return;
                 }
@@ -397,7 +388,7 @@
             if ( normalizedDn.equals( ADMIN_DN ) )
             {
                 // allow for self reads
-                if ( normalizedDn.toString().equals( principalDn.toString() ) )
+                if ( normalizedDn.getNormName().equals( principalDn.getNormName() ) )
                 {
                     return;
                 }
@@ -458,9 +449,7 @@
 
     private boolean isSearchable( Invocation invocation, SearchResult result ) throws NamingException
     {
-        LdapDN principalDn = ( LdapDN ) ( ( ServerContext ) invocation.getCaller() ).getPrincipal().getJndiName();
-        principalDn.normalize( oidsMap );
-
+        LdapDN principalDn = ( ( ServerContext ) invocation.getCaller() ).getPrincipal().getJndiName();
         LdapDN dn;
         dn = new LdapDN( result.getName() );
         dn.normalize( oidsMap );