Author: akarasulu Date: Thu Apr 19 16:23:02 2007 New Revision: 530588 URL: http://svn.apache.org/viewvc?view=rev&rev=530588 Log: supplimental fix and test which was really fixed by elecharny for DIRSERVER-884 Added: directory/apacheds/trunk/core-unit/src/test/java/org/apache/directory/server/core/authz/GeneralAuthorizationITest.java Modified: directory/apacheds/trunk/constants/src/main/java/org/apache/directory/server/constants/ApacheSchemaConstants.java directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/TupleCache.java Modified: directory/apacheds/trunk/constants/src/main/java/org/apache/directory/server/constants/ApacheSchemaConstants.java URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/constants/src/main/java/org/apache/directory/server/constants/ApacheSchemaConstants.java?view=diff&rev=530588&r1=530587&r2=530588 ============================================================================== --- directory/apacheds/trunk/constants/src/main/java/org/apache/directory/server/constants/ApacheSchemaConstants.java (original) +++ directory/apacheds/trunk/constants/src/main/java/org/apache/directory/server/constants/ApacheSchemaConstants.java Thu Apr 19 16:23:02 2007 @@ -33,4 +33,5 @@ String SUBSCHEMA_SUBENTRY_NAME_AT = "subschemaSubentryName"; String SCHEMA_MODIFICATION_ATTRIBUTES_OC = "schemaModificationAttributes"; + String SCHEMA_NAME = "apache"; } Added: directory/apacheds/trunk/core-unit/src/test/java/org/apache/directory/server/core/authz/GeneralAuthorizationITest.java URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/core-unit/src/test/java/org/apache/directory/server/core/authz/GeneralAuthorizationITest.java?view=auto&rev=530588 ============================================================================== --- directory/apacheds/trunk/core-unit/src/test/java/org/apache/directory/server/core/authz/GeneralAuthorizationITest.java (added) +++ directory/apacheds/trunk/core-unit/src/test/java/org/apache/directory/server/core/authz/GeneralAuthorizationITest.java Thu Apr 19 16:23:02 2007 @@ -0,0 +1,59 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + * + */ +package org.apache.directory.server.core.authz; + + +import javax.naming.NamingException; + +import org.apache.directory.shared.ldap.exception.LdapInvalidAttributeValueException; +import org.apache.directory.shared.ldap.message.ResultCodeEnum; + + +/** + * Tests various authorization functionality without any specific operation. + * + * @author Apache Directory Project + * @version $Rev: 494176 $ + */ +public class GeneralAuthorizationITest extends AbstractAuthorizationITest +{ + /** + * Checks to make sure we cannot create a malformed ACI missing two + * last brackets. + * + * @throws NamingException if the test encounters an error + */ + public void testFailureToAddBadACI() throws NamingException + { + // add a subentry with malformed ACI + try + { + createAccessControlSubentry( "anybodyAdd", "{ " + "identificationTag \"addAci\", " + "precedence 14, " + + "authenticationLevel none, " + "itemOrUserFirst userFirst: { " + "userClasses { allUsers }, " + + "userPermissions { { " + "protectedItems {entry, allUserAttributeTypesAndValues}, " + + "grantsAndDenials { grantAdd, grantBrowse } } }" ); + fail( "should never get here due to failure to add bad ACIItem" ); + } + catch( LdapInvalidAttributeValueException e ) + { + assertEquals( ResultCodeEnum.INVALID_ATTRIBUTE_SYNTAX, e.getResultCode() ); + } + } +} Modified: directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/TupleCache.java URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/TupleCache.java?view=diff&rev=530588&r1=530587&r2=530588 ============================================================================== --- directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/TupleCache.java (original) +++ directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/TupleCache.java Thu Apr 19 16:23:02 2007 @@ -97,7 +97,7 @@ * * @param factoryCfg the context factory configuration for the server */ - public TupleCache(DirectoryServiceConfiguration factoryCfg) throws NamingException + public TupleCache( DirectoryServiceConfiguration factoryCfg ) throws NamingException { normalizerMap = factoryCfg.getRegistries().getAttributeTypeRegistry().getNormalizerMapping(); this.nexus = factoryCfg.getPartitionNexus(); @@ -199,8 +199,15 @@ } catch ( ParseException e ) { - String msg = "ACIItem parser failure on " + aciStr + ". Cannnot add ACITuples to TupleCache."; - log.warn( msg, e ); + String msg = "ACIItem parser failure on \n'" + item + "'\ndue to syntax error. " + + "Cannnot add ACITuples to TupleCache.\n" + + "Check that the syntax of the ACI item is correct. \nUntil this error " + + "is fixed your security settings will not be as expected."; + log.error( msg, e ); + + // do not process this ACI Item because it will be null + // continue on to process the next ACI item in the entry + continue; } }