directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From erodrig...@apache.org
Subject svn commit: r541123 [6/25] - in /directory/apacheds/branches/apacheds-sasl-branch: ./ benchmarks/ bootstrap-extract/ bootstrap-extract/src/ bootstrap-extract/src/main/ bootstrap-extract/src/main/java/ bootstrap-extract/src/main/java/org/ bootstrap-extr...
Date Thu, 24 May 2007 00:27:07 GMT
Modified: directory/apacheds/branches/apacheds-sasl-branch/core/src/main/java/org/apache/directory/server/core/authz/DefaultAuthorizationService.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/apacheds-sasl-branch/core/src/main/java/org/apache/directory/server/core/authz/DefaultAuthorizationService.java?view=diff&rev=541123&r1=541122&r2=541123
==============================================================================
--- directory/apacheds/branches/apacheds-sasl-branch/core/src/main/java/org/apache/directory/server/core/authz/DefaultAuthorizationService.java (original)
+++ directory/apacheds/branches/apacheds-sasl-branch/core/src/main/java/org/apache/directory/server/core/authz/DefaultAuthorizationService.java Wed May 23 17:26:40 2007
@@ -41,15 +41,24 @@
 import org.apache.directory.server.core.interceptor.BaseInterceptor;
 import org.apache.directory.server.core.interceptor.Interceptor;
 import org.apache.directory.server.core.interceptor.NextInterceptor;
+import org.apache.directory.server.core.interceptor.context.LookupOperationContext;
+import org.apache.directory.server.core.interceptor.context.OperationContext;
+import org.apache.directory.server.core.interceptor.context.SearchOperationContext;
 import org.apache.directory.server.core.invocation.Invocation;
 import org.apache.directory.server.core.invocation.InvocationStack;
 import org.apache.directory.server.core.jndi.ServerContext;
 import org.apache.directory.server.core.partition.PartitionNexus;
+import org.apache.directory.server.schema.registries.AttributeTypeRegistry;
+import org.apache.directory.shared.ldap.constants.SchemaConstants;
+import org.apache.directory.shared.ldap.constants.ServerDNConstants;
 import org.apache.directory.shared.ldap.exception.LdapNoPermissionException;
-import org.apache.directory.shared.ldap.filter.ExprNode;
-import org.apache.directory.shared.ldap.message.ModificationItemImpl;
+import org.apache.directory.shared.ldap.message.ServerSearchResult;
 import org.apache.directory.shared.ldap.name.LdapDN;
+import org.apache.directory.shared.ldap.schema.AttributeType;
 import org.apache.directory.shared.ldap.schema.OidNormalizer;
+import org.apache.directory.shared.ldap.util.AttributeUtils;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 
 
 /**
@@ -63,23 +72,26 @@
  */
 public class DefaultAuthorizationService extends BaseInterceptor
 {
+    /** the logger for this class */
+    private static final Logger log = LoggerFactory.getLogger( DefaultAuthorizationService.class );
+    
+    /** The service name */
+    public static final String NAME = "defaultAuthorizationService";
+
     /**
      * the base distinguished {@link Name} for all users
      */
     private static LdapDN USER_BASE_DN;
-    private static LdapDN USER_BASE_DN_NORMALIZED;
 
     /**
      * the base distinguished {@link Name} for all groups
      */
     private static LdapDN GROUP_BASE_DN;
-    private static LdapDN GROUP_BASE_DN_NORMALIZED;
 
     /**
      * the distinguished {@link Name} for the administrator group
      */
     private static LdapDN ADMIN_GROUP_DN;
-    private static LdapDN ADMIN_GROUP_DN_NORMALIZED;
 
     /**
      * the name parser used by this service
@@ -92,6 +104,13 @@
     private Map<String, OidNormalizer> normalizerMapping;
     
     private PartitionNexus nexus;
+    
+    /** attribute type registry */
+    private AttributeTypeRegistry attrRegistry;
+
+    /** A starage for the uniqueMember attributeType */
+    private AttributeType uniqueMemberAT;
+
 
     /**
      * Creates a new instance.
@@ -110,14 +129,18 @@
         enabled = !factoryCfg.getStartupConfiguration().isAccessControlEnabled();
         
         USER_BASE_DN = PartitionNexus.getUsersBaseName();
-        USER_BASE_DN_NORMALIZED = LdapDN.normalize( USER_BASE_DN, normalizerMapping );
+        USER_BASE_DN.normalize( normalizerMapping );
         
         GROUP_BASE_DN = PartitionNexus.getGroupsBaseName();
-        GROUP_BASE_DN_NORMALIZED = LdapDN.normalize( GROUP_BASE_DN, normalizerMapping );
+        GROUP_BASE_DN.normalize( normalizerMapping );
      
-        ADMIN_GROUP_DN = new LdapDN( "cn=Administrators,ou=groups,ou=system" );
-        ADMIN_GROUP_DN_NORMALIZED = ( LdapDN ) ADMIN_GROUP_DN.clone();
-        ADMIN_GROUP_DN_NORMALIZED.normalize( normalizerMapping );
+        ADMIN_GROUP_DN = new LdapDN( ServerDNConstants.ADMINISTRATORS_GROUP_DN );
+        ADMIN_GROUP_DN.normalize( normalizerMapping );
+        
+        attrRegistry = factoryCfg.getRegistries().getAttributeTypeRegistry();
+        
+        uniqueMemberAT = attrRegistry.lookup( SchemaConstants.UNIQUE_MEMBER_AT_OID );
+        
         loadAdministrators();
     }
     
@@ -126,20 +149,22 @@
     {
         // read in the administrators and cache their normalized names
         Set<String> newAdministrators = new HashSet<String>( 2 );
-        Attributes adminGroup = nexus.lookup( ADMIN_GROUP_DN_NORMALIZED );
+        Attributes adminGroup = nexus.lookup( new LookupOperationContext( ADMIN_GROUP_DN ) );
         
         if ( adminGroup == null )
         {
             return;
         }
         
-        Attribute uniqueMember = adminGroup.get( "uniqueMember" );
+        Attribute uniqueMember = AttributeUtils.getAttribute( adminGroup, uniqueMemberAT );
+        
         for ( int ii = 0; ii < uniqueMember.size(); ii++ )
         {
             LdapDN memberDn = new LdapDN( ( String ) uniqueMember.get( ii ) );
             memberDn.normalize( normalizerMapping );
-            newAdministrators.add( memberDn.toNormName() );
+            newAdministrators.add( memberDn.getNormName() );
         }
+        
         administrators = newAdministrators;
     }
 
@@ -148,86 +173,86 @@
     //    Lookup, search and list operations need to be handled using a filter
     // and so we need access to the filter service.
 
-    public void delete( NextInterceptor nextInterceptor, LdapDN name ) throws NamingException
+    public void delete( NextInterceptor nextInterceptor, OperationContext opContext ) throws NamingException
     {
+    	LdapDN name = opContext.getDn();
+    	
         if ( !enabled )
         {
-            nextInterceptor.delete( name );
+            nextInterceptor.delete( opContext );
             return;
         }
 
         LdapDN principalDn = getPrincipal().getJndiName();
 
-        if ( name.toString().equals( "" ) )
+        if ( name.isEmpty() )
         {
             String msg = "The rootDSE cannot be deleted!";
+            log.error( msg );
             throw new LdapNoPermissionException( msg );
         }
 
-        if ( name.toNormName().equals( ADMIN_GROUP_DN_NORMALIZED.toNormName() ) )
+        if ( name.getNormName().equals( ADMIN_GROUP_DN.getNormName() ) )
         {
             String msg = "The Administrators group cannot be deleted!";
+            log.error( msg );
             throw new LdapNoPermissionException( msg );
         }
 
         if ( isTheAdministrator( name ) )
         {
-            String msg = "User " + principalDn;
+            String msg = "User " + principalDn.getUpName();
             msg += " does not have permission to delete the admin account.";
             msg += " No one not even the admin can delete this account!";
+            log.error( msg );
             throw new LdapNoPermissionException( msg );
         }
 
-        if ( name.size() > 2 && name.startsWith( USER_BASE_DN ) && !isAnAdministrator( principalDn ) )
-        {
-            String msg = "User " + principalDn;
-            msg += " does not have permission to delete the user account: ";
-            msg += name + ". Only the admin can delete user accounts.";
-            throw new LdapNoPermissionException( msg );
-        }
-
-        if ( name.size() > 2 && name.startsWith( GROUP_BASE_DN ) && !isAnAdministrator( principalDn ) )
+        if ( name.size() > 2 )
         {
-            String msg = "User " + principalDn;
-            msg += " does not have permission to delete the group entry: ";
-            msg += name + ". Only the admin can delete groups.";
-            throw new LdapNoPermissionException( msg );
+            if ( !isAnAdministrator( principalDn ) )
+            {
+                if ( name.startsWith( USER_BASE_DN ) )
+                {
+                    String msg = "User " + principalDn.getUpName();
+                    msg += " does not have permission to delete the user account: ";
+                    msg += name.getUpName() + ". Only the admin can delete user accounts.";
+                    log.error( msg );
+                    throw new LdapNoPermissionException( msg );
+                }
+        
+                if ( name.startsWith( GROUP_BASE_DN ) )
+                {
+                    String msg = "User " + principalDn.getUpName();
+                    msg += " does not have permission to delete the group entry: ";
+                    msg += name.getUpName() + ". Only the admin can delete groups.";
+                    log.error( msg );
+                    throw new LdapNoPermissionException( msg );
+                }
+            }
         }
 
-        nextInterceptor.delete( name );
+        nextInterceptor.delete( opContext );
     }
 
     
     private final boolean isTheAdministrator( LdapDN normalizedDn )
     {
-        return normalizedDn.toNormName() == PartitionNexus.ADMIN_PRINCIPAL_NORMALIZED || 
-             normalizedDn.toNormName().equals( PartitionNexus.ADMIN_PRINCIPAL_NORMALIZED );
+        return normalizedDn.getNormName().equals( PartitionNexus.ADMIN_PRINCIPAL_NORMALIZED );
     }
     
     
-    private final boolean isAnAdministrator( LdapDN normalizedDn ) throws NamingException
+    private final boolean isAnAdministrator( LdapDN normalizedDn )
     {
         if ( isTheAdministrator( normalizedDn ) )
         {
             return true;
         }
         
-        return administrators.contains( normalizedDn.toNormName() );
+        return administrators.contains( normalizedDn.getNormName() );
     }
     
 
-    /**
-     * Note that we do nothing here. First because this is not an externally
-     * exposed function via the JNDI interfaces.  It is used internally by
-     * the provider for optimization purposes so there is no reason for us to
-     * start to constrain it.
-     */
-    public boolean hasEntry( NextInterceptor nextInterceptor, LdapDN name ) throws NamingException
-    {
-        return super.hasEntry( nextInterceptor, name );
-    }
-
-
     // ------------------------------------------------------------------------
     // Entry Modification Operations
     // ------------------------------------------------------------------------
@@ -238,48 +263,26 @@
      * users to self access these resources.  As far as we're concerned no one but
      * the admin needs access.
      */
-    public void modify( NextInterceptor nextInterceptor, LdapDN name, int modOp, Attributes attrs )
+    public void modify( NextInterceptor nextInterceptor, OperationContext opContext )
         throws NamingException
     {
         if ( enabled )
         {
-            protectModifyAlterations( name );
-            nextInterceptor.modify( name, modOp, attrs );
+            LdapDN dn = opContext.getDn();
+            
+            protectModifyAlterations( dn );
+            nextInterceptor.modify( opContext );
 
             // update administrators if we change administrators group
-            if ( name.toNormName().equals( ADMIN_GROUP_DN_NORMALIZED.toNormName() ) )
+            if ( dn.getNormName().equals( ADMIN_GROUP_DN.getNormName() ) )
             {
                 loadAdministrators();
             }
-            return;
         }
-
-        nextInterceptor.modify( name, modOp, attrs );
-    }
-
-
-    /**
-     * This policy needs to be really tight too because some attributes may take part
-     * in giving the user permissions to protected resources.  We do not want users to
-     * self access these resources.  As far as we're concerned no one but the admin
-     * needs access.
-     */
-    public void modify( NextInterceptor nextInterceptor, LdapDN name, ModificationItemImpl[] items ) throws NamingException
-    {
-        if ( enabled )
+        else
         {
-            protectModifyAlterations( name );
-            nextInterceptor.modify( name, items );
-
-            // update administrators if we change administrators group
-            if ( name.toNormName().equals( ADMIN_GROUP_DN_NORMALIZED.toNormName() ) )
-            {
-                loadAdministrators();
-            }
-            return;
+            nextInterceptor.modify( opContext );
         }
-        
-        nextInterceptor.modify( name, items );
     }
 
 
@@ -287,44 +290,51 @@
     {
         LdapDN principalDn = getPrincipal().getJndiName();
 
-        if ( dn.size() == 0 )
+        if ( dn.isEmpty() )
         {
             String msg = "The rootDSE cannot be modified!";
+            log.error( msg );
             throw new LdapNoPermissionException( msg );
         }
 
         if ( ! isAnAdministrator( principalDn ) )
         {
             // allow self modifications 
-            if ( dn.toNormName().equals( getPrincipal().getJndiName().toNormName() ) )
+            if ( dn.getNormName().equals( getPrincipal().getJndiName().getNormName() ) )
             {
                 return;
             }
             
-            if ( dn.toNormName().equals( PartitionNexus.ADMIN_PRINCIPAL_NORMALIZED ) )
+            if ( dn.getNormName().equals( PartitionNexus.ADMIN_PRINCIPAL_NORMALIZED ) )
             {
-                String msg = "User " + principalDn;
+                String msg = "User " + principalDn.getUpName();
                 msg += " does not have permission to modify the account of the";
                 msg += " admin user.";
+                log.error( msg );
                 throw new LdapNoPermissionException( msg );
             }
 
-            if ( dn.size() > 2 && dn.startsWith( USER_BASE_DN_NORMALIZED ) )
-            {
-                String msg = "User " + principalDn;
-                msg += " does not have permission to modify the account of the";
-                msg += " user " + dn + ".\nEven the owner of an account cannot";
-                msg += " modify it.\nUser accounts can only be modified by the";
-                msg += " administrator.";
-                throw new LdapNoPermissionException( msg );
-            }
-
-            if ( dn.size() > 2 && dn.startsWith( GROUP_BASE_DN_NORMALIZED ) )
-            {
-                String msg = "User " + principalDn;
-                msg += " does not have permission to modify the group entry ";
-                msg += dn.getUpName() + ".\nGroups can only be modified by the admin.";
-                throw new LdapNoPermissionException( msg );
+            if ( dn.size() > 2 ) 
+                {
+                if ( dn.startsWith( USER_BASE_DN ) )
+                {
+                    String msg = "User " + principalDn.getUpName();
+                    msg += " does not have permission to modify the account of the";
+                    msg += " user " + dn.getUpName() + ".\nEven the owner of an account cannot";
+                    msg += " modify it.\nUser accounts can only be modified by the";
+                    msg += " administrator.";
+                    log.error( msg );
+                    throw new LdapNoPermissionException( msg );
+                }
+    
+                if ( dn.startsWith( GROUP_BASE_DN ) )
+                {
+                    String msg = "User " + principalDn.getUpName();
+                    msg += " does not have permission to modify the group entry ";
+                    msg += dn.getUpName() + ".\nGroups can only be modified by the admin.";
+                    log.error( msg );
+                    throw new LdapNoPermissionException( msg );
+                }
             }
         }
     }
@@ -339,35 +349,37 @@
     //  o The administrator entry cannot be moved or renamed by anyone
     // ------------------------------------------------------------------------
 
-    public void modifyRn( NextInterceptor nextInterceptor, LdapDN name, String newRn, boolean deleteOldRn )
+    public void rename( NextInterceptor nextInterceptor, OperationContext opContext )
         throws NamingException
     {
         if ( enabled )
         {
-            protectDnAlterations( name );
+            protectDnAlterations( opContext.getDn() );
         }
-        nextInterceptor.modifyRn( name, newRn, deleteOldRn );
+        
+        nextInterceptor.rename( opContext );
     }
 
 
-    public void move( NextInterceptor nextInterceptor, LdapDN oriChildName, LdapDN newParentName ) throws NamingException
+    public void move( NextInterceptor nextInterceptor, OperationContext opContext ) throws NamingException
     {
         if ( enabled )
         {
-            protectDnAlterations( oriChildName );
+            protectDnAlterations( opContext.getDn() );
         }
-        nextInterceptor.move( oriChildName, newParentName );
+        
+        nextInterceptor.move( opContext );
     }
 
 
-    public void move( NextInterceptor nextInterceptor, LdapDN oriChildName, LdapDN newParentName, String newRn,
-                      boolean deleteOldRn ) throws NamingException
+    public void moveAndRename( NextInterceptor nextInterceptor, OperationContext opContext ) throws NamingException
     {
         if ( enabled )
         {
-            protectDnAlterations( oriChildName );
+            protectDnAlterations( opContext.getDn() );
         }
-        nextInterceptor.move( oriChildName, newParentName, newRn, deleteOldRn );
+        
+        nextInterceptor.moveAndRename( opContext );
     }
 
 
@@ -375,15 +387,18 @@
     {
         LdapDN principalDn = getPrincipal().getJndiName();
 
-        if ( dn.toString().equals( "" ) )
+        if ( dn.isEmpty() )
         {
             String msg = "The rootDSE cannot be moved or renamed!";
+            log.error( msg );
             throw new LdapNoPermissionException( msg );
         }
 
-        if ( dn.toNormName().equals( ADMIN_GROUP_DN_NORMALIZED.toNormName() ) )
+        if ( dn.getNormName().equals( ADMIN_GROUP_DN.getNormName() ) )
         {
-            throw new LdapNoPermissionException( "The Administrators group cannot be moved or renamed!" );
+            String msg = "The Administrators group cannot be moved or renamed!";
+            log.error( msg );
+            throw new LdapNoPermissionException( msg );
         }
         
         if ( isTheAdministrator( dn ) )
@@ -391,51 +406,41 @@
             String msg = "User '" + principalDn.getUpName();
             msg += "' does not have permission to move or rename the admin";
             msg += " account.  No one not even the admin can move or";
-            msg += " rename " + dn + "!";
+            msg += " rename " + dn.getUpName() + "!";
+            log.error( msg );
             throw new LdapNoPermissionException( msg );
         }
 
-        if ( dn.size() > 2 && dn.startsWith( USER_BASE_DN_NORMALIZED ) && !isAnAdministrator( principalDn ) )
+        if ( dn.size() > 2 && dn.startsWith( USER_BASE_DN ) && !isAnAdministrator( principalDn ) )
         {
-            String msg = "User '" + principalDn;
+            String msg = "User '" + principalDn.getUpName();
             msg += "' does not have permission to move or rename the user";
-            msg += " account: " + dn + ". Only the admin can move or";
+            msg += " account: " + dn.getUpName() + ". Only the admin can move or";
             msg += " rename user accounts.";
+            log.error( msg );
             throw new LdapNoPermissionException( msg );
         }
 
-        if ( dn.size() > 2 && dn.startsWith( GROUP_BASE_DN_NORMALIZED ) && !isAnAdministrator( principalDn ) )
+        if ( dn.size() > 2 && dn.startsWith( GROUP_BASE_DN ) && !isAnAdministrator( principalDn ) )
         {
-            String msg = "User " + principalDn;
+            String msg = "User " + principalDn.getUpName();
             msg += " does not have permission to move or rename the group entry ";
-            msg += dn + ".\nGroups can only be moved or renamed by the admin.";
+            msg += dn.getUpName() + ".\nGroups can only be moved or renamed by the admin.";
             throw new LdapNoPermissionException( msg );
         }
     }
 
 
-    public Attributes lookup( NextInterceptor nextInterceptor, LdapDN name ) throws NamingException
-    {
-        Attributes attributes = nextInterceptor.lookup( name );
-        if ( !enabled || attributes == null )
-        {
-            return attributes;
-        }
-
-        protectLookUp( name );
-        return attributes;
-    }
-
-
-    public Attributes lookup( NextInterceptor nextInterceptor, LdapDN name, String[] attrIds ) throws NamingException
+    public Attributes lookup( NextInterceptor nextInterceptor, OperationContext opContext ) throws NamingException
     {
-        Attributes attributes = nextInterceptor.lookup( name, attrIds );
-        if ( !enabled || attributes == null )
+        Attributes attributes = nextInterceptor.lookup( opContext );
+        
+        if ( !enabled || ( attributes == null ) )
         {
             return attributes;
         }
 
-        protectLookUp( name );
+        protectLookUp( ((LookupOperationContext)opContext).getDn() );
         return attributes;
     }
 
@@ -444,34 +449,40 @@
     {
         LdapContext ctx = ( LdapContext ) InvocationStack.getInstance().peek().getCaller();
         LdapDN principalDn = ( ( ServerContext ) ctx ).getPrincipal().getJndiName();
+        
         if ( !isAnAdministrator( principalDn ) )
         {
-            if ( normalizedDn.size() > 2 && normalizedDn.startsWith( USER_BASE_DN_NORMALIZED ) )
+            if ( normalizedDn.size() > 2 )
             {
-                // allow for self reads
-                if ( normalizedDn.getNormName().equals( principalDn.getNormName() ) )
+                if( normalizedDn.startsWith( USER_BASE_DN ) )
                 {
-                    return;
+                    // allow for self reads
+                    if ( normalizedDn.getNormName().equals( principalDn.getNormName() ) )
+                    {
+                        return;
+                    }
+    
+                    String msg = "Access to user account '" + normalizedDn.getUpName() + "' not permitted";
+                    msg += " for user '" + principalDn.getUpName() + "'.  Only the admin can";
+                    msg += " access user account information";
+                    log.error( msg );
+                    throw new LdapNoPermissionException( msg );
                 }
 
-                String msg = "Access to user account '" + normalizedDn + "' not permitted";
-                msg += " for user '" + principalDn + "'.  Only the admin can";
-                msg += " access user account information";
-                throw new LdapNoPermissionException( msg );
-            }
-
-            if ( normalizedDn.size() > 2 && normalizedDn.startsWith( GROUP_BASE_DN_NORMALIZED ) )
-            {
-                // allow for self reads
-                if ( normalizedDn.getNormName().equals( principalDn.getNormName() ) )
+                if ( normalizedDn.startsWith( GROUP_BASE_DN ) )
                 {
-                    return;
+                    // allow for self reads
+                    if ( normalizedDn.getNormName().equals( principalDn.getNormName() ) )
+                    {
+                        return;
+                    }
+    
+                    String msg = "Access to group '" + normalizedDn.getUpName() + "' not permitted";
+                    msg += " for user '" + principalDn.getUpName() + "'.  Only the admin can";
+                    msg += " access group information";
+                    log.error( msg );
+                    throw new LdapNoPermissionException( msg );
                 }
-
-                String msg = "Access to group '" + normalizedDn + "' not permitted";
-                msg += " for user '" + principalDn + "'.  Only the admin can";
-                msg += " access group information";
-                throw new LdapNoPermissionException( msg );
             }
 
             if ( isTheAdministrator( normalizedDn ) )
@@ -483,48 +494,48 @@
                 }
 
                 String msg = "Access to admin account not permitted for user '";
-                msg += principalDn + "'.  Only the admin can";
+                msg += principalDn.getUpName() + "'.  Only the admin can";
                 msg += " access admin account information";
+                log.error( msg );
                 throw new LdapNoPermissionException( msg );
             }
         }
     }
 
 
-    public NamingEnumeration search( NextInterceptor nextInterceptor, LdapDN base, Map env, ExprNode filter,
-                                     SearchControls searchCtls ) throws NamingException
+    public NamingEnumeration<SearchResult> search( NextInterceptor nextInterceptor, OperationContext opContext ) throws NamingException
     {
-        NamingEnumeration e = nextInterceptor.search( base, env, filter, searchCtls );
+        NamingEnumeration<SearchResult> e = nextInterceptor.search( opContext );
+
         if ( !enabled )
         {
             return e;
         }
-        //if ( searchCtls.getReturningAttributes() != null )
-        //{
-        //    return null;
-        //}
 
         Invocation invocation = InvocationStack.getInstance().peek();
-        return new SearchResultFilteringEnumeration( e, searchCtls, invocation, new SearchResultFilter()
+        return new SearchResultFilteringEnumeration( e, ((SearchOperationContext)opContext).getSearchControls(), invocation, 
+            new SearchResultFilter()
         {
             public boolean accept( Invocation invocation, SearchResult result, SearchControls controls )
                 throws NamingException
             {
                 return DefaultAuthorizationService.this.isSearchable( invocation, result );
             }
-        } );
+        }, "Search Default Authorization filter" );
     }
 
 
-    public NamingEnumeration list( NextInterceptor nextInterceptor, LdapDN base ) throws NamingException
+    public NamingEnumeration list( NextInterceptor nextInterceptor, OperationContext opContext ) throws NamingException
     {
-        NamingEnumeration e = nextInterceptor.list( base );
+        NamingEnumeration e = nextInterceptor.list( opContext );
+        
         if ( !enabled )
         {
             return e;
         }
 
         Invocation invocation = InvocationStack.getInstance().peek();
+        
         return new SearchResultFilteringEnumeration( e, null, invocation, new SearchResultFilter()
         {
             public boolean accept( Invocation invocation, SearchResult result, SearchControls controls )
@@ -532,16 +543,19 @@
             {
                 return DefaultAuthorizationService.this.isSearchable( invocation, result );
             }
-        } );
+        }, "List Default Authorization filter" );
     }
 
 
     private boolean isSearchable( Invocation invocation, SearchResult result ) throws NamingException
     {
         LdapDN principalDn = ( ( ServerContext ) invocation.getCaller() ).getPrincipal().getJndiName();
-        LdapDN dn;
-        dn = new LdapDN( result.getName() );
-        dn.normalize( normalizerMapping );
+        LdapDN dn = ((ServerSearchResult)result).getDn();
+        
+        if ( !dn.isNormalized() )
+        {
+        	dn.normalize( normalizerMapping );
+        }
 
         // Admin users gets full access to all entries
         if ( isAnAdministrator( principalDn ) )
@@ -550,7 +564,8 @@
         }
         
         // Users reading their own entries should be allowed to see all
-        boolean isSelfRead = dn.toNormName().equals( principalDn.toNormName() );
+        boolean isSelfRead = dn.getNormName().equals( principalDn.getNormName() );
+        
         if ( isSelfRead )
         {
             return true;
@@ -562,8 +577,8 @@
             // stuff this if in here instead of up in outer if to prevent 
             // constant needless reexecution for all entries in other depths
             
-            if ( dn.toNormName().endsWith( USER_BASE_DN_NORMALIZED.toNormName() ) 
-                || dn.toNormName().endsWith( GROUP_BASE_DN_NORMALIZED.toNormName() ) )
+            if ( dn.getNormName().endsWith( USER_BASE_DN.getNormName() ) 
+                || dn.getNormName().endsWith( GROUP_BASE_DN.getNormName() ) )
             {
                 return false;
             }

Modified: directory/apacheds/branches/apacheds-sasl-branch/core/src/main/java/org/apache/directory/server/core/authz/GroupCache.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/apacheds-sasl-branch/core/src/main/java/org/apache/directory/server/core/authz/GroupCache.java?view=diff&rev=541123&r1=541122&r2=541123
==============================================================================
--- directory/apacheds/branches/apacheds-sasl-branch/core/src/main/java/org/apache/directory/server/core/authz/GroupCache.java (original)
+++ directory/apacheds/branches/apacheds-sasl-branch/core/src/main/java/org/apache/directory/server/core/authz/GroupCache.java Wed May 23 17:26:40 2007
@@ -20,7 +20,6 @@
 package org.apache.directory.server.core.authz;
 
 
-import java.util.Collections;
 import java.util.HashMap;
 import java.util.HashSet;
 import java.util.Hashtable;
@@ -29,23 +28,28 @@
 import java.util.Set;
 
 import org.apache.directory.server.core.DirectoryServiceConfiguration;
+import org.apache.directory.server.core.interceptor.context.SearchOperationContext;
 import org.apache.directory.server.core.partition.PartitionNexus;
+import org.apache.directory.server.schema.registries.AttributeTypeRegistry;
+import org.apache.directory.shared.ldap.constants.SchemaConstants;
+import org.apache.directory.shared.ldap.constants.ServerDNConstants;
 import org.apache.directory.shared.ldap.filter.AssertionEnum;
 import org.apache.directory.shared.ldap.filter.BranchNode;
 import org.apache.directory.shared.ldap.filter.SimpleNode;
 import org.apache.directory.shared.ldap.message.ModificationItemImpl;
 import org.apache.directory.shared.ldap.name.LdapDN;
+import org.apache.directory.shared.ldap.schema.AttributeType;
 import org.apache.directory.shared.ldap.schema.OidNormalizer;
 import org.apache.directory.shared.ldap.util.AttributeUtils;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
-import javax.naming.Name;
 import javax.naming.NamingException;
 import javax.naming.NamingEnumeration;
 import javax.naming.directory.Attribute;
 import javax.naming.directory.Attributes;
 import javax.naming.directory.DirContext;
+import javax.naming.directory.ModificationItem;
 import javax.naming.directory.SearchControls;
 import javax.naming.directory.SearchResult;
 
@@ -58,16 +62,6 @@
  */
 public class GroupCache
 {
-    /** the attribute id for an object class: objectClass */
-    private static final String OC_ATTR = "objectClass";
-    /** the member attribute for a groupOfNames: member */
-    private static final String MEMBER_ATTR = "member";
-    /** the member attribute for a groupOfUniqueNames: uniqueMember */
-    private static final String UNIQUEMEMBER_ATTR = "uniqueMember";
-    /** the groupOfNames objectClass: groupOfNames */
-    private static final String GROUPOFNAMES_OC = "groupOfNames";
-    /** the groupOfUniqueNames objectClass: groupOfUniqueNames */
-    private static final String GROUPOFUNIQUENAMES_OC = "groupOfUniqueNames";
     /** the logger for this class */
     private static final Logger log = LoggerFactory.getLogger( GroupCache.class );
 
@@ -76,18 +70,31 @@
 
     /** String key for the DN of a group to a Set (HashSet) for the Strings of member DNs */
     private final Map<String, Set<String>> groups = new HashMap<String, Set<String>>();
+    
     /** a handle on the partition nexus */
     private final PartitionNexus nexus;
+    
     /** the env to use for searching */
     private final Hashtable env;
 
+    /** Stores a reference to the AttributeType registry */ 
+    private AttributeTypeRegistry attributeTypeRegistry;
+    
+    /** A storage for the member attributeType */
+    private AttributeType memberAT;
+
+    /** A storage for the uniqueMember attributeType */
+    private AttributeType uniqueMemberAT;
+
     /**
      * The OIDs normalizer map
      */
     private Map<String, OidNormalizer> normalizerMap;
     
     /** the normalized dn of the administrators group */
-    LdapDN administratorsGroupDn;
+    private LdapDN administratorsGroupDn;
+    
+    private static final Set<LdapDN> EMPTY_GROUPS = new HashSet<LdapDN>();
     
     /**
      * Creates a static group cache.
@@ -97,12 +104,15 @@
     public GroupCache( DirectoryServiceConfiguration factoryCfg ) throws NamingException
     {
     	normalizerMap = factoryCfg.getRegistries().getAttributeTypeRegistry().getNormalizerMapping();
-        this.nexus = factoryCfg.getPartitionNexus();
-        this.env = ( Hashtable ) factoryCfg.getEnvironment().clone();
+        nexus = factoryCfg.getPartitionNexus();
+        env = ( Hashtable ) factoryCfg.getEnvironment().clone();
+        attributeTypeRegistry = factoryCfg.getRegistries().getAttributeTypeRegistry();
         
+        memberAT = attributeTypeRegistry.lookup( SchemaConstants.MEMBER_AT_OID ); 
+        uniqueMemberAT = attributeTypeRegistry.lookup( SchemaConstants.UNIQUE_MEMBER_AT_OID );
+
         // stuff for dealing with the admin group
-        administratorsGroupDn = new LdapDN( "cn=Administrators,ou=groups,ou=system" );
-        administratorsGroupDn.normalize( normalizerMap );
+        administratorsGroupDn = parseNormalized( ServerDNConstants.ADMINISTRATORS_GROUP_DN );
 
         initialize();
     }
@@ -122,42 +132,44 @@
         // normalized sets of members to cache within the map
 
         BranchNode filter = new BranchNode( AssertionEnum.OR );
-        filter.addNode( new SimpleNode( OC_ATTR, GROUPOFNAMES_OC, AssertionEnum.EQUALITY ) );
-        filter.addNode( new SimpleNode( OC_ATTR, GROUPOFUNIQUENAMES_OC, AssertionEnum.EQUALITY ) );
+        filter.addNode( new SimpleNode( SchemaConstants.OBJECT_CLASS_AT, SchemaConstants.GROUP_OF_NAMES_OC, AssertionEnum.EQUALITY ) );
+        filter.addNode( new SimpleNode( SchemaConstants.OBJECT_CLASS_AT, SchemaConstants.GROUP_OF_UNIQUE_NAMES_OC, AssertionEnum.EQUALITY ) );
 
-        Iterator suffixes = nexus.listSuffixes();
+        Iterator suffixes = nexus.listSuffixes( null );
+        
         while ( suffixes.hasNext() )
         {
             String suffix = ( String ) suffixes.next();
             LdapDN baseDn = new LdapDN( suffix );
             SearchControls ctls = new SearchControls();
             ctls.setSearchScope( SearchControls.SUBTREE_SCOPE );
-            NamingEnumeration results = nexus.search( baseDn, env, filter, ctls );
+            NamingEnumeration<SearchResult> results = 
+                nexus.search( new SearchOperationContext( baseDn, env, filter, ctls ) );
 
             while ( results.hasMore() )
             {
                 SearchResult result = ( SearchResult ) results.next();
-                String groupDn = result.getName();
-                groupDn = parseNormalized( groupDn ).toString();
+                LdapDN groupDn = parseNormalized( result.getName() );
                 Attribute members = getMemberAttribute( result.getAttributes() );
 
                 if ( members != null )
                 {
                     Set<String> memberSet = new HashSet<String>( members.size() );
                     addMembers( memberSet, members );
-                    groups.put( groupDn, memberSet );
+                    groups.put( groupDn.getNormName(), memberSet );
                 }
                 else
                 {
-                    log.warn( "Found group '" + groupDn + "' without any member or uniqueMember attributes" );
+                    log.warn( "Found group '{}' without any member or uniqueMember attributes", groupDn.getUpName() );
                 }
             }
+            
             results.close();
         }
 
         if ( IS_DEBUG )
         {
-            log.debug( "group cache contents on startup:\n" + groups );
+            log.debug( "group cache contents on startup:\n {}", groups );
         }
     }
 
@@ -171,31 +183,37 @@
      */
     private Attribute getMemberAttribute( Attributes entry )
     {
-        Attribute oc = entry.get( OC_ATTR );
+        Attribute oc = entry.get( SchemaConstants.OBJECT_CLASS_AT );
 
         if ( oc == null )
         {
-            if ( entry.get( MEMBER_ATTR ) != null )
+        	Attribute member = AttributeUtils.getAttribute( entry, memberAT );
+        	
+            if ( member != null )
             {
-                return entry.get( MEMBER_ATTR );
+                return member;
             }
 
-            if ( entry.get( UNIQUEMEMBER_ATTR ) != null )
+            Attribute uniqueMember = AttributeUtils.getAttribute(entry, uniqueMemberAT );
+            
+            if ( uniqueMember != null )
             {
-                return entry.get( UNIQUEMEMBER_ATTR );
+                return uniqueMember;
             }
 
             return null;
         }
 
-        if ( AttributeUtils.containsValueCaseIgnore( oc, GROUPOFNAMES_OC ) )
+        if ( AttributeUtils.containsValueCaseIgnore( oc, SchemaConstants.GROUP_OF_NAMES_OC ) ||
+        		AttributeUtils.containsValueCaseIgnore( oc, SchemaConstants.GROUP_OF_NAMES_OC_OID )	)
         {
-            return entry.get( MEMBER_ATTR );
+            return AttributeUtils.getAttribute( entry, memberAT );
         }
 
-        if ( AttributeUtils.containsValueCaseIgnore( oc, GROUPOFUNIQUENAMES_OC ) )
+        if ( AttributeUtils.containsValueCaseIgnore( oc, SchemaConstants.GROUP_OF_UNIQUE_NAMES_OC ) || 
+        		AttributeUtils.containsValueCaseIgnore( oc, SchemaConstants.GROUP_OF_UNIQUE_NAMES_OC_OID ))
         {
-            return entry.get( UNIQUEMEMBER_ATTR );
+            return AttributeUtils.getAttribute(entry, uniqueMemberAT );
         }
 
         return null;
@@ -267,7 +285,7 @@
      * @param entry the group entry's attributes
      * @throws NamingException if there are problems accessing the attr values
      */
-    public void groupAdded( String upName, Name normName, Attributes entry ) throws NamingException
+    public void groupAdded( LdapDN name, Attributes entry ) throws NamingException
     {
         Attribute members = getMemberAttribute( entry );
 
@@ -278,11 +296,11 @@
 
         Set<String> memberSet = new HashSet<String>( members.size() );
         addMembers( memberSet, members );
-        groups.put( normName.toString(), memberSet );
+        groups.put( name.getNormName(), memberSet );
         
         if ( IS_DEBUG )
         {
-            log.debug( "group cache contents after adding " + normName.toString() + ":\n" + groups );
+            log.debug( "group cache contents after adding '{}' :\n {}", name.getUpName(), groups );
         }
     }
 
@@ -294,7 +312,7 @@
      * @param name the normalized DN of the group entry
      * @param entry the attributes of entry being deleted
      */
-    public void groupDeleted( Name name, Attributes entry )
+    public void groupDeleted( LdapDN name, Attributes entry )
     {
         Attribute members = getMemberAttribute( entry );
 
@@ -303,11 +321,11 @@
             return;
         }
 
-        groups.remove( name.toString() );
+        groups.remove( name.getNormName() );
         
         if ( IS_DEBUG )
         {
-            log.debug( "group cache contents after deleting " + name.toString() + ":\n" + groups );
+            log.debug( "group cache contents after deleting '{}' :\n {}", name.getUpName(), groups );
         }
     }
 
@@ -329,16 +347,20 @@
             case ( DirContext.ADD_ATTRIBUTE  ):
                 addMembers( memberSet, members );
                 break;
+                
             case ( DirContext.REPLACE_ATTRIBUTE  ):
                 if ( members.size() > 0 )
                 {
                     memberSet.clear();
                     addMembers( memberSet, members );
                 }
+            
                 break;
+                
             case ( DirContext.REMOVE_ATTRIBUTE  ):
                 removeMembers( memberSet, members );
                 break;
+                
             default:
                 throw new InternalError( "Undefined modify operation value of " + modOp );
         }
@@ -354,22 +376,24 @@
      * @param entry the group entry being modified
      * @throws NamingException if there are problems accessing attribute  values
      */
-    public void groupModified( Name name, ModificationItemImpl[] mods, Attributes entry ) throws NamingException
+    public void groupModified( LdapDN name, ModificationItemImpl[] mods, Attributes entry ) throws NamingException
     {
         Attribute members = null;
         String memberAttrId = null;
-        Attribute oc = entry.get( OC_ATTR );
+        Attribute oc = entry.get( SchemaConstants.OBJECT_CLASS_AT );
 
-        if ( AttributeUtils.containsValueCaseIgnore( oc, GROUPOFNAMES_OC ) )
+        if ( AttributeUtils.containsValueCaseIgnore( oc, SchemaConstants.GROUP_OF_NAMES_OC ) ||
+        		AttributeUtils.containsValueCaseIgnore( oc, SchemaConstants.GROUP_OF_NAMES_OC_OID ))
         {
-            members = entry.get( MEMBER_ATTR );
-            memberAttrId = MEMBER_ATTR;
+            members = AttributeUtils.getAttribute( entry, memberAT );
+            memberAttrId = SchemaConstants.MEMBER_AT;
         }
 
-        if ( AttributeUtils.containsValueCaseIgnore( oc, GROUPOFUNIQUENAMES_OC ) )
+        if ( AttributeUtils.containsValueCaseIgnore( oc, SchemaConstants.GROUP_OF_UNIQUE_NAMES_OC ) ||
+        		AttributeUtils.containsValueCaseIgnore( oc, SchemaConstants.GROUP_OF_UNIQUE_NAMES_OC_OID ) )
         {
-            members = entry.get( UNIQUEMEMBER_ATTR );
-            memberAttrId = UNIQUEMEMBER_ATTR;
+            members = AttributeUtils.getAttribute(entry, uniqueMemberAT );
+            memberAttrId = SchemaConstants.UNIQUE_MEMBER_AT;
         }
 
         if ( members == null )
@@ -377,15 +401,15 @@
             return;
         }
 
-        for ( int ii = 0; ii < mods.length; ii++ )
+        for ( ModificationItem modification:mods )
         {
-            if ( memberAttrId.equalsIgnoreCase( mods[ii].getAttribute().getID() ) )
+            if ( memberAttrId.equalsIgnoreCase( modification.getAttribute().getID() ) )
             {
-                Set<String> memberSet = groups.get( name.toString() );
+                Set<String> memberSet = groups.get( name.getNormName() );
                 
                 if ( memberSet != null )
                 {
-                    modify( memberSet, mods[ii].getModificationOp(), mods[ii].getAttribute() );
+                    modify( memberSet, modification.getModificationOp(), modification.getAttribute() );
                 }
                 
                 break;
@@ -394,7 +418,7 @@
         
         if ( IS_DEBUG )
         {
-            log.debug( "group cache contents after modifying " + name.toString() + ":\n" + groups );
+            log.debug( "group cache contents after modifying '{}' :\n {}", name.getUpName(), groups );
         }
     }
 
@@ -409,7 +433,7 @@
      * @param entry the entry being modified
      * @throws NamingException if there are problems accessing attribute  values
      */
-    public void groupModified( Name name, int modOp, Attributes mods, Attributes entry ) throws NamingException
+    public void groupModified( LdapDN name, int modOp, Attributes mods, Attributes entry ) throws NamingException
     {
         Attribute members = getMemberAttribute( mods );
 
@@ -418,7 +442,7 @@
             return;
         }
 
-        Set<String> memberSet = groups.get( name.toString() );
+        Set<String> memberSet = groups.get( name.getNormName() );
         
         if ( memberSet != null )
         {
@@ -427,7 +451,7 @@
         
         if ( IS_DEBUG )
         {
-            log.debug( "group cache contents after modifying " + name.toString() + ":\n" + groups );
+            log.debug( "group cache contents after modifying '{}' :\n {}", name.getUpName(), groups );
         }
     }
 
@@ -441,12 +465,13 @@
      */
     public final boolean isPrincipalAnAdministrator( LdapDN principalDn )
     {
-        if ( principalDn.toNormName().equals( PartitionNexus.ADMIN_PRINCIPAL_NORMALIZED ) )
+        if ( principalDn.getNormName().equals( PartitionNexus.ADMIN_PRINCIPAL_NORMALIZED ) )
         {
             return true;
         }
         
-        Set members = ( Set ) groups.get( administratorsGroupDn.toNormName() );
+        Set members = ( Set ) groups.get( administratorsGroupDn.getNormName() );
+        
         if ( members == null )
         {
             log.warn( "What do you mean there is no administrators group? This is bad news." );
@@ -465,68 +490,67 @@
      * @return a Set of Name objects representing the groups
      * @throws NamingException if there are problems accessing attribute  values
      */
-    public Set getGroups( String member ) throws NamingException
+    public Set<LdapDN> getGroups( String member ) throws NamingException
     {
+    	LdapDN normMember = null;
+    	
         try
         {
-            member = parseNormalized( member ).toString();
+        	normMember = parseNormalized( member );
         }
         catch ( NamingException e )
         {
-            log
-                .warn(
-                    "Malformed member DN.  Could not find groups for member in GroupCache. Returning empty set for groups!",
-                    e );
-            return Collections.EMPTY_SET;
+            log.warn( "Malformed member DN.  Could not find groups for member '{}' in GroupCache. Returning empty set for groups!", member, e );
+            return EMPTY_GROUPS;
         }
 
-        Set<Name> memberGroups = null;
+        Set<LdapDN> memberGroups = null;
 
-        Iterator list = groups.keySet().iterator();
-        while ( list.hasNext() )
+        for ( String group:groups.keySet() )
         {
-            String group = ( String ) list.next();
-            Set members = ( Set ) groups.get( group );
+            Set<String> members = groups.get( group );
 
             if ( members == null )
             {
                 continue;
             }
 
-            if ( members.contains( member ) )
+            if ( members.contains( normMember.getNormName() ) )
             {
                 if ( memberGroups == null )
                 {
-                    memberGroups = new HashSet<Name>();
+                    memberGroups = new HashSet<LdapDN>();
                 }
 
-                memberGroups.add( new LdapDN( group ) );
+                memberGroups.add( parseNormalized( group ) );
             }
         }
 
         if ( memberGroups == null )
         {
-            return Collections.EMPTY_SET;
+            return EMPTY_GROUPS;
         }
 
         return memberGroups;
     }
 
 
-    public boolean groupRenamed( Name oldName, Name newName )
+    public boolean groupRenamed( LdapDN oldName, LdapDN newName )
     {
-        Set<String> members = groups.remove( oldName.toString() );
+        Set<String> members = groups.remove( oldName.getNormName() );
 
         if ( members != null )
         {
-            groups.put( newName.toString(), members );
+            groups.put( newName.getNormName(), members );
             
             if ( IS_DEBUG )
             {
-                log.debug( "group cache contents after renaming " + oldName.toString() + ":\n" + groups );
+                log.debug( "group cache contents after renaming '{}' :\n{}", oldName.getUpName(), groups );
             }
+            
             return true;
         }
+        
         return false;
     }
 }

Modified: directory/apacheds/branches/apacheds-sasl-branch/core/src/main/java/org/apache/directory/server/core/authz/TupleCache.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/apacheds-sasl-branch/core/src/main/java/org/apache/directory/server/core/authz/TupleCache.java?view=diff&rev=541123&r1=541122&r2=541123
==============================================================================
--- directory/apacheds/branches/apacheds-sasl-branch/core/src/main/java/org/apache/directory/server/core/authz/TupleCache.java (original)
+++ directory/apacheds/branches/apacheds-sasl-branch/core/src/main/java/org/apache/directory/server/core/authz/TupleCache.java Wed May 23 17:26:40 2007
@@ -38,6 +38,7 @@
 import javax.naming.directory.SearchResult;
 
 import org.apache.directory.server.core.DirectoryServiceConfiguration;
+import org.apache.directory.server.core.interceptor.context.SearchOperationContext;
 import org.apache.directory.server.core.partition.PartitionNexus;
 import org.apache.directory.server.schema.ConcreteNameComponentNormalizer;
 import org.apache.directory.server.schema.registries.AttributeTypeRegistry;
@@ -45,6 +46,7 @@
 import org.apache.directory.shared.ldap.aci.ACIItem;
 import org.apache.directory.shared.ldap.aci.ACIItemParser;
 import org.apache.directory.shared.ldap.aci.ACITuple;
+import org.apache.directory.shared.ldap.constants.SchemaConstants;
 import org.apache.directory.shared.ldap.exception.LdapSchemaViolationException;
 import org.apache.directory.shared.ldap.filter.AssertionEnum;
 import org.apache.directory.shared.ldap.filter.ExprNode;
@@ -53,6 +55,7 @@
 import org.apache.directory.shared.ldap.message.ResultCodeEnum;
 import org.apache.directory.shared.ldap.name.LdapDN;
 import org.apache.directory.shared.ldap.name.NameComponentNormalizer;
+import org.apache.directory.shared.ldap.schema.AttributeType;
 import org.apache.directory.shared.ldap.schema.OidNormalizer;
 import org.apache.directory.shared.ldap.util.AttributeUtils;
 import org.slf4j.Logger;
@@ -69,25 +72,27 @@
  */
 public class TupleCache
 {
-    /** the attribute id for prescriptive aci: prescriptiveACI */
-    private static final String ACI_ATTR = "prescriptiveACI";
-    /** the attribute id for an object class: objectClass */
-    private static final String OC_ATTR = "objectClass";
-    /** the object class for access control subentries: accessControlSubentry */
-    private static final String ACSUBENTRY_OC = "accessControlSubentry";
-
     /** the logger for this class */
     private static final Logger log = LoggerFactory.getLogger( TupleCache.class );
 
     /** cloned startup environment properties we use for subentry searching */
     private final Hashtable env;
+    
     /** a map of strings to ACITuple collections */
     private final Map<String,List> tuples = new HashMap<String,List>();
+    
     /** a handle on the partition nexus */
     private final PartitionNexus nexus;
+    
     /** a normalizing ACIItem parser */
     private final ACIItemParser aciParser;
 
+    /** Stores a reference to the AttributeType registry */ 
+    private AttributeTypeRegistry attributeTypeRegistry;
+    
+    /** A starage for the PrescriptiveACI attributeType */
+    private AttributeType prescriptiveAciAT;
+    
     /**
      * The OIDs normalizer map
      */
@@ -98,16 +103,17 @@
      *
      * @param factoryCfg the context factory configuration for the server
      */
-    public TupleCache(DirectoryServiceConfiguration factoryCfg) throws NamingException
+    public TupleCache( DirectoryServiceConfiguration factoryCfg ) throws NamingException
     {
     	normalizerMap = factoryCfg.getRegistries().getAttributeTypeRegistry().getNormalizerMapping();
         this.nexus = factoryCfg.getPartitionNexus();
-        AttributeTypeRegistry attributeRegistry = factoryCfg.getRegistries().getAttributeTypeRegistry();
+        attributeTypeRegistry = factoryCfg.getRegistries().getAttributeTypeRegistry();
         OidRegistry oidRegistry = factoryCfg.getRegistries().getOidRegistry();
-        NameComponentNormalizer ncn = new ConcreteNameComponentNormalizer( attributeRegistry, oidRegistry );
+        NameComponentNormalizer ncn = new ConcreteNameComponentNormalizer( attributeTypeRegistry, oidRegistry );
         aciParser = new ACIItemParser( ncn, normalizerMap );
         env = ( Hashtable ) factoryCfg.getEnvironment().clone();
         initialize();
+        prescriptiveAciAT = attributeTypeRegistry.lookup( SchemaConstants.PRESCRIPTIVE_ACI_AT ); 
     }
 
     
@@ -124,29 +130,34 @@
         // search all naming contexts for access control subentenries
         // generate ACITuple Arrays for each subentry
         // add that subentry to the hash
-        Iterator suffixes = nexus.listSuffixes();
+        Iterator suffixes = nexus.listSuffixes( null );
+        
         while ( suffixes.hasNext() )
         {
             String suffix = ( String ) suffixes.next();
             LdapDN baseDn = parseNormalized( suffix );
-            ExprNode filter = new SimpleNode( OC_ATTR, ACSUBENTRY_OC, AssertionEnum.EQUALITY );
+            ExprNode filter = new SimpleNode( SchemaConstants.OBJECT_CLASS_AT, SchemaConstants.ACCESS_CONTROL_SUBENTRY_OC, AssertionEnum.EQUALITY );
             SearchControls ctls = new SearchControls();
             ctls.setSearchScope( SearchControls.SUBTREE_SCOPE );
-            NamingEnumeration results = nexus.search( baseDn, env, filter, ctls );
+            NamingEnumeration<SearchResult> results = 
+                nexus.search( new SearchOperationContext( baseDn, env, filter, ctls ) );
+            
             while ( results.hasMore() )
             {
                 SearchResult result = ( SearchResult ) results.next();
                 String subentryDn = result.getName();
-                Attribute aci = result.getAttributes().get( ACI_ATTR );
+                Attribute aci = AttributeUtils.getAttribute( result.getAttributes(), prescriptiveAciAT );
+                
                 if ( aci == null )
                 {
-                    log.warn( "Found accessControlSubentry '" + subentryDn + "' without any " + ACI_ATTR );
+                    log.warn( "Found accessControlSubentry '" + subentryDn + "' without any " + SchemaConstants.PRESCRIPTIVE_ACI_AT );
                     continue;
                 }
 
                 LdapDN normName = parseNormalized( subentryDn );
                 subentryAdded( subentryDn, normName, result.getAttributes() );
             }
+            
             results.close();
         }
     }
@@ -155,11 +166,12 @@
     private boolean hasPrescriptiveACI( Attributes entry ) throws NamingException
     {
         // only do something if the entry contains prescriptiveACI
-        Attribute aci = entry.get( ACI_ATTR );
+        Attribute aci = AttributeUtils.getAttribute( entry, prescriptiveAciAT );
 
         if ( aci == null )
         {
-            if ( AttributeUtils.containsValueCaseIgnore( entry.get( OC_ATTR ), ACSUBENTRY_OC ) )
+            if ( AttributeUtils.containsValueCaseIgnore( entry.get( SchemaConstants.OBJECT_CLASS_AT ), SchemaConstants.ACCESS_CONTROL_SUBENTRY_OC ) ||
+                 AttributeUtils.containsValueCaseIgnore( entry.get( SchemaConstants.OBJECT_CLASS_AT ), SchemaConstants.ACCESS_CONTROL_SUBENTRY_OC_OID ))
             {
                 // should not be necessary because of schema interceptor but schema checking
                 // can be turned off and in this case we must protect against being able to
@@ -179,7 +191,8 @@
     public void subentryAdded( String upName, LdapDN normName, Attributes entry ) throws NamingException
     {
         // only do something if the entry contains prescriptiveACI
-        Attribute aci = entry.get( ACI_ATTR );
+        Attribute aci = AttributeUtils.getAttribute( entry, prescriptiveAciAT );
+        
         if ( !hasPrescriptiveACI( entry ) )
         {
             return;
@@ -199,8 +212,15 @@
             }
             catch ( ParseException e )
             {
-                String msg = "ACIItem parser failure on " + aciStr + ". Cannnot add ACITuples to TupleCache.";
-                log.warn( msg, e );
+                String msg = "ACIItem parser failure on \n'" + item + "'\ndue to syntax error. " +
+                        "Cannnot add ACITuples to TupleCache.\n" +
+                        "Check that the syntax of the ACI item is correct. \nUntil this error " +
+                        "is fixed your security settings will not be as expected.";
+                log.error( msg, e );
+                
+                // do not process this ACI Item because it will be null
+                // continue on to process the next ACI item in the entry
+                continue;
             }
         }
         
@@ -227,10 +247,14 @@
         }
 
         boolean isAciModified = false;
+        
         for ( int ii = 0; ii < mods.length; ii++ )
         {
-            isAciModified |= mods[ii].getAttribute().contains( ACI_ATTR );
+            // Check for the name and for the OID
+            isAciModified |= AttributeUtils.containsValueCaseIgnore( mods[ii].getAttribute(), SchemaConstants.PRESCRIPTIVE_ACI_AT );
+            isAciModified |= AttributeUtils.containsValueCaseIgnore( mods[ii].getAttribute(), SchemaConstants.PRESCRIPTIVE_ACI_AT_OID );
         }
+        
         if ( isAciModified )
         {
             subentryDeleted( normName, entry );
@@ -246,7 +270,7 @@
             return;
         }
 
-        if ( mods.get( ACI_ATTR ) != null )
+        if ( AttributeUtils.getAttribute( mods, prescriptiveAciAT ) != null )
         {
             subentryDeleted( normName, entry );
             subentryAdded( normName.getUpName(), normName, entry );

Modified: directory/apacheds/branches/apacheds-sasl-branch/core/src/main/java/org/apache/directory/server/core/authz/support/ACDFEngine.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/apacheds-sasl-branch/core/src/main/java/org/apache/directory/server/core/authz/support/ACDFEngine.java?view=diff&rev=541123&r1=541122&r2=541123
==============================================================================
--- directory/apacheds/branches/apacheds-sasl-branch/core/src/main/java/org/apache/directory/server/core/authz/support/ACDFEngine.java (original)
+++ directory/apacheds/branches/apacheds-sasl-branch/core/src/main/java/org/apache/directory/server/core/authz/support/ACDFEngine.java Wed May 23 17:26:40 2007
@@ -29,11 +29,20 @@
 import javax.naming.NamingException;
 import javax.naming.directory.Attributes;
 
+import org.apache.directory.server.core.authn.AuthenticationService;
+import org.apache.directory.server.core.authz.AuthorizationService;
+import org.apache.directory.server.core.authz.DefaultAuthorizationService;
 import org.apache.directory.server.core.event.Evaluator;
+import org.apache.directory.server.core.event.EventService;
 import org.apache.directory.server.core.event.ExpressionEvaluator;
+import org.apache.directory.server.core.interceptor.context.LookupOperationContext;
+import org.apache.directory.server.core.normalization.NormalizationService;
+import org.apache.directory.server.core.operational.OperationalAttributeService;
 import org.apache.directory.server.core.partition.PartitionNexusProxy;
+import org.apache.directory.server.core.schema.SchemaService;
 import org.apache.directory.server.core.subtree.RefinementEvaluator;
 import org.apache.directory.server.core.subtree.RefinementLeafEvaluator;
+import org.apache.directory.server.core.subtree.SubentryService;
 import org.apache.directory.server.core.subtree.SubtreeEvaluator;
 import org.apache.directory.server.schema.registries.AttributeTypeRegistry;
 import org.apache.directory.server.schema.registries.OidRegistry;
@@ -126,15 +135,15 @@
     public static final Collection USER_LOOKUP_BYPASS;
     static
     {
-        Collection c = new HashSet();
-        c.add( "normalizationService" );
-        c.add( "authenticationService" );
-        c.add( "authorizationService" );
-        c.add( "defaultAuthorizationService" );
-        c.add( "schemaService" );
-        c.add( "subentryService" );
-        c.add( "operationalAttributeService" );
-        c.add( "eventService" );
+        Collection<String> c = new HashSet<String>();
+        c.add( NormalizationService.NAME );
+        c.add( AuthenticationService.NAME );
+        c.add( AuthorizationService.NAME );
+        c.add( DefaultAuthorizationService.NAME );
+        c.add( SchemaService.NAME );
+        c.add( SubentryService.NAME );
+        c.add( OperationalAttributeService.NAME );
+        c.add( EventService.NAME );
         USER_LOOKUP_BYPASS = Collections.unmodifiableCollection( c );
     }
 
@@ -164,7 +173,7 @@
             throw new NullPointerException( "entryName" );
         }
 
-        Attributes userEntry = proxy.lookup( userName, USER_LOOKUP_BYPASS );
+        Attributes userEntry = proxy.lookup( new LookupOperationContext( userName ), USER_LOOKUP_BYPASS );
 
         // Determine the scope of the requested operation.
         OperationScope scope;

Modified: directory/apacheds/branches/apacheds-sasl-branch/core/src/main/java/org/apache/directory/server/core/authz/support/MaxImmSubFilter.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/apacheds-sasl-branch/core/src/main/java/org/apache/directory/server/core/authz/support/MaxImmSubFilter.java?view=diff&rev=541123&r1=541122&r2=541123
==============================================================================
--- directory/apacheds/branches/apacheds-sasl-branch/core/src/main/java/org/apache/directory/server/core/authz/support/MaxImmSubFilter.java (original)
+++ directory/apacheds/branches/apacheds-sasl-branch/core/src/main/java/org/apache/directory/server/core/authz/support/MaxImmSubFilter.java Wed May 23 17:26:40 2007
@@ -30,11 +30,22 @@
 import javax.naming.NamingException;
 import javax.naming.directory.Attributes;
 import javax.naming.directory.SearchControls;
+import javax.naming.directory.SearchResult;
 
+import org.apache.directory.server.core.authn.AuthenticationService;
+import org.apache.directory.server.core.authz.AuthorizationService;
+import org.apache.directory.server.core.authz.DefaultAuthorizationService;
+import org.apache.directory.server.core.event.EventService;
+import org.apache.directory.server.core.interceptor.context.SearchOperationContext;
+import org.apache.directory.server.core.normalization.NormalizationService;
+import org.apache.directory.server.core.operational.OperationalAttributeService;
 import org.apache.directory.server.core.partition.PartitionNexusProxy;
+import org.apache.directory.server.core.schema.SchemaService;
+import org.apache.directory.server.core.subtree.SubentryService;
 import org.apache.directory.shared.ldap.aci.ACITuple;
 import org.apache.directory.shared.ldap.aci.AuthenticationLevel;
 import org.apache.directory.shared.ldap.aci.ProtectedItem;
+import org.apache.directory.shared.ldap.constants.SchemaConstants;
 import org.apache.directory.shared.ldap.filter.ExprNode;
 import org.apache.directory.shared.ldap.filter.PresenceNode;
 import org.apache.directory.shared.ldap.name.LdapDN;
@@ -55,7 +66,7 @@
 
     public MaxImmSubFilter()
     {
-        childrenFilter = new PresenceNode( "objectClass" );
+        childrenFilter = new PresenceNode( SchemaConstants.OBJECT_CLASS_AT );
         childrenSearchControls = new SearchControls();
         childrenSearchControls.setSearchScope( SearchControls.ONELEVEL_SCOPE );
     }
@@ -117,15 +128,15 @@
     public static final Collection SEARCH_BYPASS;
     static
     {
-        Collection c = new HashSet();
-        c.add( "normalizationService" );
-        c.add( "authenticationService" );
-        c.add( "authorizationService" );
-        c.add( "defaultAuthorizationService" );
-        c.add( "schemaService" );
-        c.add( "subentryService" );
-        c.add( "operationalAttributeService" );
-        c.add( "eventService" );
+        Collection<String> c = new HashSet<String>();
+        c.add( NormalizationService.NAME );
+        c.add( AuthenticationService.NAME );
+        c.add( AuthorizationService.NAME );
+        c.add( DefaultAuthorizationService.NAME );
+        c.add( SchemaService.NAME );
+        c.add( SubentryService.NAME );
+        c.add( OperationalAttributeService.NAME );
+        c.add( EventService.NAME );
         SEARCH_BYPASS = Collections.unmodifiableCollection( c );
     }
 
@@ -133,10 +144,12 @@
     private int getImmSubCount( PartitionNexusProxy proxy, LdapDN entryName ) throws NamingException
     {
         int cnt = 0;
-        NamingEnumeration e = null;
+        NamingEnumeration<SearchResult> e = null;
+        
         try
         {
-            e = proxy.search( ( LdapDN ) entryName.getPrefix( 1 ), new HashMap(), childrenFilter, childrenSearchControls,
+            e = proxy.search( 
+                new SearchOperationContext( ( LdapDN ) entryName.getPrefix( 1 ), new HashMap(), childrenFilter, childrenSearchControls ),
                 SEARCH_BYPASS );
 
             while ( e.hasMore() )

Modified: directory/apacheds/branches/apacheds-sasl-branch/core/src/main/java/org/apache/directory/server/core/authz/support/RelatedProtectedItemFilter.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/apacheds-sasl-branch/core/src/main/java/org/apache/directory/server/core/authz/support/RelatedProtectedItemFilter.java?view=diff&rev=541123&r1=541122&r2=541123
==============================================================================
--- directory/apacheds/branches/apacheds-sasl-branch/core/src/main/java/org/apache/directory/server/core/authz/support/RelatedProtectedItemFilter.java (original)
+++ directory/apacheds/branches/apacheds-sasl-branch/core/src/main/java/org/apache/directory/server/core/authz/support/RelatedProtectedItemFilter.java Wed May 23 17:26:40 2007
@@ -37,6 +37,7 @@
 import org.apache.directory.shared.ldap.aci.ProtectedItem;
 import org.apache.directory.shared.ldap.aci.ProtectedItem.MaxValueCountItem;
 import org.apache.directory.shared.ldap.aci.ProtectedItem.RestrictedByItem;
+import org.apache.directory.shared.ldap.constants.SchemaConstants;
 import org.apache.directory.shared.ldap.name.LdapDN;
 import org.apache.directory.shared.ldap.schema.AttributeType;
 import org.apache.directory.shared.ldap.util.AttributeUtils;
@@ -183,7 +184,7 @@
             else if ( item instanceof ProtectedItem.Classes )
             {
                 ProtectedItem.Classes c = ( ProtectedItem.Classes ) item;
-                if ( refinementEvaluator.evaluate( c.getClasses(), entry.get( "objectClass" ) ) )
+                if ( refinementEvaluator.evaluate( c.getClasses(), entry.get( SchemaConstants.OBJECT_CLASS_AT ) ) )
                 {
                     return true;
                 }
@@ -249,7 +250,10 @@
                     {
                         AttributeType attrType = attrRegistry.lookup( oid );
                         Attribute attr = AttributeUtils.getAttribute( entry, attrType );
-                        if ( attr != null && ( ( attr.contains( userName.toNormName() ) || attr.contains( userName.getUpName() ) ) ) )
+                        
+                        if ( ( attr != null ) && 
+                             ( ( AttributeUtils.containsValue( attr, userName.toNormName(), attrType ) || 
+                               ( AttributeUtils.containsValue( attr, userName.getUpName(), attrType ) ) ) ) )
                         {
                             return true;
                         }

Modified: directory/apacheds/branches/apacheds-sasl-branch/core/src/main/java/org/apache/directory/server/core/authz/support/RestrictedByFilter.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/apacheds-sasl-branch/core/src/main/java/org/apache/directory/server/core/authz/support/RestrictedByFilter.java?view=diff&rev=541123&r1=541122&r2=541123
==============================================================================
--- directory/apacheds/branches/apacheds-sasl-branch/core/src/main/java/org/apache/directory/server/core/authz/support/RestrictedByFilter.java (original)
+++ directory/apacheds/branches/apacheds-sasl-branch/core/src/main/java/org/apache/directory/server/core/authz/support/RestrictedByFilter.java Wed May 23 17:26:40 2007
@@ -82,15 +82,19 @@
         for ( Iterator i = tuple.getProtectedItems().iterator(); i.hasNext(); )
         {
             ProtectedItem item = ( ProtectedItem ) i.next();
+            
             if ( item instanceof ProtectedItem.RestrictedBy )
             {
                 ProtectedItem.RestrictedBy rb = ( ProtectedItem.RestrictedBy ) item;
+            
                 for ( Iterator k = rb.iterator(); k.hasNext(); )
                 {
                     RestrictedByItem rbItem = ( RestrictedByItem ) k.next();
+                
                     if ( attrId.equalsIgnoreCase( rbItem.getAttributeType() ) )
                     {
                         Attribute attr = entry.get( rbItem.getValuesIn() );
+                        
                         if ( attr == null || !attr.contains( attrValue ) )
                         {
                             return true;

Modified: directory/apacheds/branches/apacheds-sasl-branch/core/src/main/java/org/apache/directory/server/core/collective/CollectiveAttributeService.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/apacheds-sasl-branch/core/src/main/java/org/apache/directory/server/core/collective/CollectiveAttributeService.java?view=diff&rev=541123&r1=541122&r2=541123
==============================================================================
--- directory/apacheds/branches/apacheds-sasl-branch/core/src/main/java/org/apache/directory/server/core/collective/CollectiveAttributeService.java (original)
+++ directory/apacheds/branches/apacheds-sasl-branch/core/src/main/java/org/apache/directory/server/core/collective/CollectiveAttributeService.java Wed May 23 17:26:40 2007
@@ -22,7 +22,6 @@
 
 import java.util.HashSet;
 import java.util.Iterator;
-import java.util.Map;
 import java.util.Set;
 
 import javax.naming.NamingEnumeration;
@@ -38,15 +37,20 @@
 import org.apache.directory.server.core.enumeration.SearchResultFilteringEnumeration;
 import org.apache.directory.server.core.interceptor.BaseInterceptor;
 import org.apache.directory.server.core.interceptor.NextInterceptor;
+import org.apache.directory.server.core.interceptor.context.AddOperationContext;
+import org.apache.directory.server.core.interceptor.context.LookupOperationContext;
+import org.apache.directory.server.core.interceptor.context.ModifyOperationContext;
+import org.apache.directory.server.core.interceptor.context.OperationContext;
+import org.apache.directory.server.core.interceptor.context.SearchOperationContext;
 import org.apache.directory.server.core.invocation.Invocation;
 import org.apache.directory.server.core.invocation.InvocationStack;
 import org.apache.directory.server.core.partition.PartitionNexus;
 import org.apache.directory.server.schema.registries.AttributeTypeRegistry;
-import org.apache.directory.shared.ldap.filter.ExprNode;
 import org.apache.directory.shared.ldap.message.AttributeImpl;
-import org.apache.directory.shared.ldap.message.ModificationItemImpl;
+import org.apache.directory.shared.ldap.message.ServerSearchResult;
 import org.apache.directory.shared.ldap.name.LdapDN;
 import org.apache.directory.shared.ldap.schema.AttributeType;
+import org.apache.directory.shared.ldap.util.AttributeUtils;
 
 
 /**
@@ -61,6 +65,9 @@
  */
 public class CollectiveAttributeService extends BaseInterceptor
 {
+    /** The service name */
+    public static final String NAME = "collectiveAttributeService";
+
     public static final String COLLECTIVE_ATTRIBUTE_SUBENTRIES = "collectiveAttributeSubentries";
     
     public static final String EXCLUDE_ALL_COLLECTIVE_ATTRIBUTES_OID = "2.5.18.0";
@@ -74,7 +81,7 @@
         public boolean accept( Invocation invocation, SearchResult result, SearchControls controls )
             throws NamingException
         {
-            LdapDN name = new LdapDN( result.getName() );
+            LdapDN name = ((ServerSearchResult)result).getDn();
             name = LdapDN.normalize( name, attrTypeRegistry.getNormalizerMapping() );
             Attributes entry = result.getAttributes();
             String[] retAttrs = controls.getReturningAttributes();
@@ -111,7 +118,7 @@
      */
     private void addCollectiveAttributes( LdapDN normName, Attributes entry, String[] retAttrs ) throws NamingException
     {
-        Attributes entryWithCAS = nexus.lookup( normName, new String[] { COLLECTIVE_ATTRIBUTE_SUBENTRIES } );
+        Attributes entryWithCAS = nexus.lookup( new LookupOperationContext( normName, new String[] { COLLECTIVE_ATTRIBUTE_SUBENTRIES } ) );
         Attribute caSubentries = entryWithCAS.get( COLLECTIVE_ATTRIBUTE_SUBENTRIES );
 
         /*
@@ -134,7 +141,7 @@
         
         if ( collectiveExclusions != null )
         {
-            if ( collectiveExclusions.contains( EXCLUDE_ALL_COLLECTIVE_ATTRIBUTES_OID )
+            if ( AttributeUtils.containsValueCaseIgnore( collectiveExclusions, EXCLUDE_ALL_COLLECTIVE_ATTRIBUTES_OID )
                 || collectiveExclusions.contains( EXCLUDE_ALL_COLLECTIVE_ATTRIBUTES ) )
             {
                 /*
@@ -182,7 +189,7 @@
         {
             String subentryDnStr = ( String ) caSubentries.get( ii );
             LdapDN subentryDn = new LdapDN( subentryDnStr );
-            Attributes subentry = nexus.lookup( subentryDn );
+            Attributes subentry = nexus.lookup( new LookupOperationContext( subentryDn ) );
             NamingEnumeration attrIds = subentry.getIDs();
             
             while ( attrIds.hasMore() )
@@ -276,72 +283,60 @@
     // ------------------------------------------------------------------------
     // Interceptor Method Overrides
     // ------------------------------------------------------------------------
-
-    public Attributes lookup( NextInterceptor nextInterceptor, LdapDN name ) throws NamingException
+    public Attributes lookup( NextInterceptor nextInterceptor, OperationContext opContext ) throws NamingException
     {
-        Attributes result = nextInterceptor.lookup( name );
+        Attributes result = nextInterceptor.lookup( opContext );
         
         if ( result == null )
         {
             return null;
         }
         
-        addCollectiveAttributes( name, result, new String[] { "*" } );
-        return result;
-    }
-    
-
-    public Attributes lookup( NextInterceptor nextInterceptor, LdapDN name, String[] attrIds ) throws NamingException
-    {
-        Attributes result = nextInterceptor.lookup( name, attrIds );
+        LookupOperationContext ctx = (LookupOperationContext)opContext;
         
-        if ( result == null )
+        if ( ( ctx.getAttrsId() == null ) || ( ctx.getAttrsId().size() == 0 ) ) 
         {
-            return null;
+            addCollectiveAttributes( ctx.getDn(), result, new String[] { "*" } );
         }
-        
-        addCollectiveAttributes( name, result, attrIds );
+        else
+        {
+            addCollectiveAttributes( ctx.getDn(), result, ctx.getAttrsIdArray() );
+        }
+
         return result;
     }
 
 
-    public NamingEnumeration list( NextInterceptor nextInterceptor, LdapDN base ) throws NamingException
+    public NamingEnumeration list( NextInterceptor nextInterceptor, OperationContext opContext ) throws NamingException
     {
-        NamingEnumeration e = nextInterceptor.list( base );
+        NamingEnumeration e = nextInterceptor.list( opContext );
         Invocation invocation = InvocationStack.getInstance().peek();
-        return new SearchResultFilteringEnumeration( e, new SearchControls(), invocation, SEARCH_FILTER );
+        return new SearchResultFilteringEnumeration( e, new SearchControls(), invocation, SEARCH_FILTER, "List collective Filter" );
     }
 
 
-    public NamingEnumeration search( NextInterceptor nextInterceptor, LdapDN base, Map env, ExprNode filter,
-        SearchControls searchCtls ) throws NamingException
+    public NamingEnumeration<SearchResult> search( NextInterceptor nextInterceptor, OperationContext opContext ) throws NamingException
     {
-        NamingEnumeration e = nextInterceptor.search( base, env, filter, searchCtls );
+        NamingEnumeration<SearchResult> e = nextInterceptor.search( opContext );
         Invocation invocation = InvocationStack.getInstance().peek();
-        return new SearchResultFilteringEnumeration( e, searchCtls, invocation, SEARCH_FILTER );
+        return new SearchResultFilteringEnumeration( 
+            e, ((SearchOperationContext)opContext).getSearchControls(), invocation, SEARCH_FILTER, "Search collective Filter" );
     }
     
     // ------------------------------------------------------------------------
     // Partial Schema Checking
     // ------------------------------------------------------------------------
     
-    public void add( NextInterceptor next, LdapDN normName, Attributes entry ) throws NamingException
-    {
-        collectiveAttributesSchemaChecker.checkAdd( normName, entry );
-        super.add( next, normName, entry );
-    }
-
-
-    public void modify( NextInterceptor next, LdapDN normName, int modOp, Attributes mods ) throws NamingException
+    public void add( NextInterceptor next, OperationContext opContext ) throws NamingException
     {
-        collectiveAttributesSchemaChecker.checkModify( normName, modOp, mods );
-        super.modify( next, normName, modOp, mods );
+        collectiveAttributesSchemaChecker.checkAdd( opContext.getDn(), ((AddOperationContext)opContext).getEntry() );
+        super.add( next, opContext );
     }
 
 
-    public void modify( NextInterceptor next, LdapDN normName, ModificationItemImpl[] mods ) throws NamingException
+    public void modify( NextInterceptor next, OperationContext opContext ) throws NamingException
     {
-        collectiveAttributesSchemaChecker.checkModify( normName, mods );
-        super.modify( next, normName, mods );
+        collectiveAttributesSchemaChecker.checkModify( opContext.getDn(), ((ModifyOperationContext)opContext).getModItems() );
+        super.modify( next, opContext );
     }
 }

Modified: directory/apacheds/branches/apacheds-sasl-branch/core/src/main/java/org/apache/directory/server/core/collective/CollectiveAttributesSchemaChecker.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/apacheds-sasl-branch/core/src/main/java/org/apache/directory/server/core/collective/CollectiveAttributesSchemaChecker.java?view=diff&rev=541123&r1=541122&r2=541123
==============================================================================
--- directory/apacheds/branches/apacheds-sasl-branch/core/src/main/java/org/apache/directory/server/core/collective/CollectiveAttributesSchemaChecker.java (original)
+++ directory/apacheds/branches/apacheds-sasl-branch/core/src/main/java/org/apache/directory/server/core/collective/CollectiveAttributesSchemaChecker.java Wed May 23 17:26:40 2007
@@ -26,8 +26,10 @@
 import javax.naming.directory.Attributes;
 import javax.naming.directory.DirContext;
 
+import org.apache.directory.server.core.interceptor.context.LookupOperationContext;
 import org.apache.directory.server.core.partition.PartitionNexus;
 import org.apache.directory.server.schema.registries.AttributeTypeRegistry;
+import org.apache.directory.shared.ldap.constants.SchemaConstants;
 import org.apache.directory.shared.ldap.exception.LdapSchemaViolationException;
 import org.apache.directory.shared.ldap.message.ModificationItemImpl;
 import org.apache.directory.shared.ldap.message.ResultCodeEnum;
@@ -56,7 +58,7 @@
     
     public void checkAdd( LdapDN normName, Attributes entry ) throws LdapSchemaViolationException, NamingException
     {
-        Attribute objectClass = entry.get( "objectClass" );
+        Attribute objectClass = entry.get( SchemaConstants.OBJECT_CLASS_AT );
         
         if ( AttributeUtils.containsValueCaseIgnore( objectClass, "collectiveAttributeSubentry" ) )
         {
@@ -93,9 +95,9 @@
     
     public void checkModify( LdapDN normName, ModificationItemImpl[] mods ) throws NamingException
     {
-        Attributes originalEntry = nexus.lookup( normName );
+        Attributes originalEntry = nexus.lookup( new LookupOperationContext( normName ) );
         Attributes targetEntry = SchemaUtils.getTargetEntry( mods, originalEntry );
-        Attribute targetObjectClasses = targetEntry.get( "objectClass" );
+        Attribute targetObjectClasses = targetEntry.get( SchemaConstants.OBJECT_CLASS_AT );
         
         if ( AttributeUtils.containsValueCaseIgnore( targetObjectClasses, "collectiveAttributeSubentry" ) )
         {

Modified: directory/apacheds/branches/apacheds-sasl-branch/core/src/main/java/org/apache/directory/server/core/configuration/AuthenticatorConfiguration.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/apacheds-sasl-branch/core/src/main/java/org/apache/directory/server/core/configuration/AuthenticatorConfiguration.java?view=diff&rev=541123&r1=541122&r2=541123
==============================================================================
--- directory/apacheds/branches/apacheds-sasl-branch/core/src/main/java/org/apache/directory/server/core/configuration/AuthenticatorConfiguration.java (original)
+++ directory/apacheds/branches/apacheds-sasl-branch/core/src/main/java/org/apache/directory/server/core/configuration/AuthenticatorConfiguration.java Wed May 23 17:26:40 2007
@@ -60,6 +60,18 @@
         this.authenticator = authenticator;
     }
 
+    /**
+     * Sets the {@link Authenticator} to configure, with its name
+     * 
+     * @param name The authenticator name
+     * @param authenticator The authenticator to register
+     */
+    protected void setAuthenticator( String name, Authenticator authenticator )
+    {
+        this.authenticator = authenticator;
+        this.name = name;
+    }
+
 
     /**
      * Returns the user-defined name of the {@link Authenticator} that

Modified: directory/apacheds/branches/apacheds-sasl-branch/core/src/main/java/org/apache/directory/server/core/configuration/MutableAuthenticatorConfiguration.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/apacheds-sasl-branch/core/src/main/java/org/apache/directory/server/core/configuration/MutableAuthenticatorConfiguration.java?view=diff&rev=541123&r1=541122&r2=541123
==============================================================================
--- directory/apacheds/branches/apacheds-sasl-branch/core/src/main/java/org/apache/directory/server/core/configuration/MutableAuthenticatorConfiguration.java (original)
+++ directory/apacheds/branches/apacheds-sasl-branch/core/src/main/java/org/apache/directory/server/core/configuration/MutableAuthenticatorConfiguration.java Wed May 23 17:26:40 2007
@@ -39,12 +39,26 @@
     {
     }
 
+    /**
+     * Create and register an authenticator with its name
+     * 
+     * @param name The authenticator name
+     * @param authenticator The authenticator to register
+     */
+    public MutableAuthenticatorConfiguration( String name, Authenticator authenticator )
+    {
+        super.setAuthenticator( name, authenticator );
+    }
 
+    /**
+     * Register an authenticator
+     * 
+     * @param authenticator The authenticator to register
+     */
     public void setAuthenticator( Authenticator authenticator )
     {
         super.setAuthenticator( authenticator );
     }
-
 
     public void setName( String name )
     {



Mime
View raw message