From commits-return-14895-apmail-directory-commits-archive=directory.apache.org@directory.apache.org Wed Aug 15 19:49:10 2007 Return-Path: Delivered-To: apmail-directory-commits-archive@www.apache.org Received: (qmail 99833 invoked from network); 15 Aug 2007 19:49:07 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 15 Aug 2007 19:49:07 -0000 Received: (qmail 34636 invoked by uid 500); 15 Aug 2007 19:48:58 -0000 Delivered-To: apmail-directory-commits-archive@directory.apache.org Received: (qmail 34601 invoked by uid 500); 15 Aug 2007 19:48:58 -0000 Mailing-List: contact commits-help@directory.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@directory.apache.org Delivered-To: mailing list commits@directory.apache.org Received: (qmail 34587 invoked by uid 99); 15 Aug 2007 19:48:58 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 15 Aug 2007 12:48:58 -0700 X-ASF-Spam-Status: No, hits=-100.0 required=10.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.3] (HELO eris.apache.org) (140.211.11.3) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 15 Aug 2007 19:49:14 +0000 Received: by eris.apache.org (Postfix, from userid 65534) id BF02C1A981A; Wed, 15 Aug 2007 12:48:33 -0700 (PDT) Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: svn commit: r566312 - in /directory/apacheds/trunk/core/src: main/java/org/apache/directory/server/core/authz/ main/java/org/apache/directory/server/core/authz/support/ test/java/org/apache/directory/server/core/authz/support/ Date: Wed, 15 Aug 2007 19:48:33 -0000 To: commits@directory.apache.org From: akarasulu@apache.org X-Mailer: svnmailer-1.1.0 Message-Id: <20070815194833.BF02C1A981A@eris.apache.org> X-Virus-Checked: Checked by ClamAV on apache.org Author: akarasulu Date: Wed Aug 15 12:48:31 2007 New Revision: 566312 URL: http://svn.apache.org/viewvc?view=rev&rev=566312 Log: Reverting elecharny's commit on http://svn.apache.org/viewvc?view=rev&revision=566231 since it breaks tests and produces compilation errors. Modified: directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/AuthorizationService.java directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/ACDFEngine.java directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/ACITupleFilter.java directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/HighestPrecedenceFilter.java directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/MaxImmSubFilter.java directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/MaxValueCountFilter.java directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/MicroOperationFilter.java directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/MostSpecificProtectedItemFilter.java directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/MostSpecificUserClassFilter.java directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/RelatedProtectedItemFilter.java directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/RelatedUserClassFilter.java directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/RestrictedByFilter.java directory/apacheds/trunk/core/src/test/java/org/apache/directory/server/core/authz/support/HighestPrecedenceFilterTest.java directory/apacheds/trunk/core/src/test/java/org/apache/directory/server/core/authz/support/RestrictedByFilterTest.java Modified: directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/AuthorizationService.java URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/AuthorizationService.java?view=diff&rev=566312&r1=566311&r2=566312 ============================================================================== --- directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/AuthorizationService.java (original) +++ directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/AuthorizationService.java Wed Aug 15 12:48:31 2007 @@ -429,7 +429,7 @@ } // Assemble all the information required to make an access control decision - Set userGroups = groupCache.getGroups( principalDn.toNormName() ); + Set userGroups = groupCache.getGroups( principalDn.toNormName() ); Collection tuples = new HashSet(); // Build the total collection of tuples to be considered for add rights @@ -493,7 +493,7 @@ return; } - Set userGroups = groupCache.getGroups( principalDn.toString() ); + Set userGroups = groupCache.getGroups( principalDn.toString() ); Collection tuples = new HashSet(); addPerscriptiveAciTuples( proxy, tuples, name, entry ); addEntryAciTuples( tuples, entry ); @@ -542,7 +542,7 @@ return; } - Set userGroups = groupCache.getGroups( principalDn.toString() ); + Set userGroups = groupCache.getGroups( principalDn.toString() ); Collection tuples = new HashSet(); addPerscriptiveAciTuples( proxy, tuples, name, entry ); addEntryAciTuples( tuples, entry ); @@ -630,7 +630,7 @@ } } - Set userGroups = groupCache.getGroups( principalDn.toNormName() ); + Set userGroups = groupCache.getGroups( principalDn.toNormName() ); Collection tuples = new HashSet(); addPerscriptiveAciTuples( proxy, tuples, name, entry ); addEntryAciTuples( tuples, entry ); @@ -669,7 +669,7 @@ PartitionNexusProxy proxy = InvocationStack.getInstance().peek().getProxy(); LdapDN userName = principal.getJndiName(); - Set userGroups = groupCache.getGroups( userName.toNormName() ); + Set userGroups = groupCache.getGroups( userName.toNormName() ); Collection tuples = new HashSet(); addPerscriptiveAciTuples( proxy, tuples, dn, entry ); addEntryAciTuples( tuples, entry ); @@ -749,7 +749,7 @@ return; } - Set userGroups = groupCache.getGroups( principalDn.toString() ); + Set userGroups = groupCache.getGroups( principalDn.toString() ); Collection tuples = new HashSet(); addPerscriptiveAciTuples( proxy, tuples, name, entry ); addEntryAciTuples( tuples, entry ); @@ -796,7 +796,7 @@ return; } - Set userGroups = groupCache.getGroups( principalDn.toString() ); + Set userGroups = groupCache.getGroups( principalDn.toString() ); Collection tuples = new HashSet(); addPerscriptiveAciTuples( proxy, tuples, oriChildName, entry ); addEntryAciTuples( tuples, entry ); @@ -872,7 +872,7 @@ return; } - Set userGroups = groupCache.getGroups( principalDn.toString() ); + Set userGroups = groupCache.getGroups( principalDn.toString() ); Collection tuples = new HashSet(); addPerscriptiveAciTuples( proxy, tuples, oriChildName, entry ); addEntryAciTuples( tuples, entry ); @@ -982,7 +982,7 @@ return next.compare( opContext ); } - Set userGroups = groupCache.getGroups( principalDn.toNormName() ); + Set userGroups = groupCache.getGroups( principalDn.toNormName() ); Collection tuples = new HashSet(); addPerscriptiveAciTuples( proxy, tuples, name, entry ); addEntryAciTuples( tuples, entry ); Modified: directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/ACDFEngine.java URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/ACDFEngine.java?view=diff&rev=566312&r1=566311&r2=566312 ============================================================================== --- directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/ACDFEngine.java (original) +++ directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/ACDFEngine.java Wed Aug 15 12:48:31 2007 @@ -37,11 +37,11 @@ import org.apache.directory.server.core.subtree.RefinementEvaluator; import org.apache.directory.server.core.subtree.RefinementLeafEvaluator; import org.apache.directory.server.core.subtree.SubtreeEvaluator; +import org.apache.directory.server.core.trigger.TriggerService; import org.apache.directory.server.schema.registries.AttributeTypeRegistry; import org.apache.directory.server.schema.registries.OidRegistry; import org.apache.directory.shared.ldap.aci.ACITuple; import org.apache.directory.shared.ldap.aci.AuthenticationLevel; -import org.apache.directory.shared.ldap.aci.MicroOperation; import org.apache.directory.shared.ldap.exception.LdapNoPermissionException; import org.apache.directory.shared.ldap.name.LdapDN; @@ -118,9 +118,9 @@ * @param aciTuples {@link org.apache.directory.shared.ldap.aci.ACITuple}s translated from {@link org.apache.directory.shared.ldap.aci.ACIItem}s in the subtree entries * @throws NamingException if failed to evaluate ACI items */ - public void checkPermission( PartitionNexusProxy proxy, Collection userGroupNames, LdapDN username, + public void checkPermission( PartitionNexusProxy proxy, Collection userGroupNames, LdapDN username, AuthenticationLevel authenticationLevel, LdapDN entryName, String attrId, Object attrValue, - Collection microOperations, Collection aciTuples, Attributes entry ) throws NamingException + Collection microOperations, Collection aciTuples, Attributes entry ) throws NamingException { if ( !hasPermission( proxy, userGroupNames, username, authenticationLevel, entryName, attrId, attrValue, microOperations, aciTuples, entry ) ) @@ -129,7 +129,7 @@ } } - public static final Collection USER_LOOKUP_BYPASS; + public static final Collection USER_LOOKUP_BYPASS; static { Collection c = new HashSet(); @@ -164,7 +164,7 @@ */ public boolean hasPermission( PartitionNexusProxy proxy, Collection userGroupNames, LdapDN userName, AuthenticationLevel authenticationLevel, LdapDN entryName, String attrId, Object attrValue, - Collection microOperations, Collection aciTuples, Attributes entry ) throws NamingException + Collection microOperations, Collection aciTuples, Attributes entry ) throws NamingException { if ( entryName == null ) { Modified: directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/ACITupleFilter.java URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/ACITupleFilter.java?view=diff&rev=566312&r1=566311&r2=566312 ============================================================================== --- directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/ACITupleFilter.java (original) +++ directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/ACITupleFilter.java Wed Aug 15 12:48:31 2007 @@ -27,7 +27,6 @@ import javax.naming.directory.Attributes; import org.apache.directory.server.core.partition.PartitionNexusProxy; -import org.apache.directory.shared.ldap.aci.ACITuple; import org.apache.directory.shared.ldap.aci.AuthenticationLevel; import org.apache.directory.shared.ldap.aci.MicroOperation; import org.apache.directory.shared.ldap.name.LdapDN; @@ -63,18 +62,9 @@ * @return the collection of filtered tuples * @throws NamingException if failed to filter the specifiec tuples */ - Collection filter( - Collection tuples, - OperationScope scope, - PartitionNexusProxy proxy, - Collection userGroupNames, - LdapDN userName, - Attributes userEntry, - AuthenticationLevel authenticationLevel, - LdapDN entryName, - String attrId, - Object attrValue, - Attributes entry, - Collection microOperations ) + Collection filter( Collection tuples, OperationScope scope, PartitionNexusProxy proxy, + Collection userGroupNames, LdapDN userName, Attributes userEntry, + AuthenticationLevel authenticationLevel, LdapDN entryName, String attrId, + Object attrValue, Attributes entry, Collection microOperations ) throws NamingException; } Modified: directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/HighestPrecedenceFilter.java URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/HighestPrecedenceFilter.java?view=diff&rev=566312&r1=566311&r2=566312 ============================================================================== --- directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/HighestPrecedenceFilter.java (original) +++ directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/HighestPrecedenceFilter.java Wed Aug 15 12:48:31 2007 @@ -41,7 +41,7 @@ */ public class HighestPrecedenceFilter implements ACITupleFilter { - public Collection filter( Collection tuples, OperationScope scope, PartitionNexusProxy proxy, + public Collection filter( Collection tuples, OperationScope scope, PartitionNexusProxy proxy, Collection userGroupNames, LdapDN userName, Attributes userEntry, AuthenticationLevel authenticationLevel, LdapDN entryName, String attrId, Object attrValue, Attributes entry, Collection microOperations ) throws NamingException @@ -54,8 +54,9 @@ int maxPrecedence = -1; // Find the maximum precedence for all tuples. - for ( ACITuple tuple:tuples ) + for ( Iterator i = tuples.iterator(); i.hasNext(); ) { + ACITuple tuple = ( ACITuple ) i.next(); if ( tuple.getPrecedence() > maxPrecedence ) { maxPrecedence = tuple.getPrecedence(); @@ -66,7 +67,6 @@ for ( Iterator i = tuples.iterator(); i.hasNext(); ) { ACITuple tuple = ( ACITuple ) i.next(); - if ( tuple.getPrecedence() != maxPrecedence ) { i.remove(); Modified: directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/MaxImmSubFilter.java URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/MaxImmSubFilter.java?view=diff&rev=566312&r1=566311&r2=566312 ============================================================================== --- directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/MaxImmSubFilter.java (original) +++ directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/MaxImmSubFilter.java Wed Aug 15 12:48:31 2007 @@ -37,7 +37,6 @@ import org.apache.directory.server.core.partition.PartitionNexusProxy; import org.apache.directory.shared.ldap.aci.ACITuple; import org.apache.directory.shared.ldap.aci.AuthenticationLevel; -import org.apache.directory.shared.ldap.aci.MicroOperation; import org.apache.directory.shared.ldap.aci.ProtectedItem; import org.apache.directory.shared.ldap.constants.SchemaConstants; import org.apache.directory.shared.ldap.filter.ExprNode; @@ -66,19 +65,9 @@ } - public Collection filter( - Collection tuples, - OperationScope scope, - PartitionNexusProxy proxy, - Collection userGroupNames, - LdapDN userName, - Attributes userEntry, - AuthenticationLevel authenticationLevel, - LdapDN entryName, - String attrId, - Object attrValue, - Attributes entry, - Collection microOperations ) + public Collection filter( Collection tuples, OperationScope scope, PartitionNexusProxy proxy, + Collection userGroupNames, LdapDN userName, Attributes userEntry, AuthenticationLevel authenticationLevel, + LdapDN entryName, String attrId, Object attrValue, Attributes entry, Collection microOperations ) throws NamingException { if ( entryName.size() == 0 ) Modified: directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/MaxValueCountFilter.java URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/MaxValueCountFilter.java?view=diff&rev=566312&r1=566311&r2=566312 ============================================================================== --- directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/MaxValueCountFilter.java (original) +++ directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/MaxValueCountFilter.java Wed Aug 15 12:48:31 2007 @@ -30,7 +30,6 @@ import org.apache.directory.server.core.partition.PartitionNexusProxy; import org.apache.directory.shared.ldap.aci.ACITuple; import org.apache.directory.shared.ldap.aci.AuthenticationLevel; -import org.apache.directory.shared.ldap.aci.MicroOperation; import org.apache.directory.shared.ldap.aci.ProtectedItem; import org.apache.directory.shared.ldap.aci.ProtectedItem.MaxValueCountItem; import org.apache.directory.shared.ldap.name.LdapDN; @@ -45,19 +44,9 @@ */ public class MaxValueCountFilter implements ACITupleFilter { - public Collection filter( - Collection tuples, - OperationScope scope, - PartitionNexusProxy proxy, - Collection userGroupNames, - LdapDN userName, - Attributes userEntry, - AuthenticationLevel authenticationLevel, - LdapDN entryName, - String attrId, - Object attrValue, - Attributes entry, - Collection microOperations ) + public Collection filter( Collection tuples, OperationScope scope, PartitionNexusProxy proxy, + Collection userGroupNames, LdapDN userName, Attributes userEntry, AuthenticationLevel authenticationLevel, + LdapDN entryName, String attrId, Object attrValue, Attributes entry, Collection microOperations ) throws NamingException { if ( scope != OperationScope.ATTRIBUTE_TYPE_AND_VALUE ) Modified: directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/MicroOperationFilter.java URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/MicroOperationFilter.java?view=diff&rev=566312&r1=566311&r2=566312 ============================================================================== --- directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/MicroOperationFilter.java (original) +++ directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/MicroOperationFilter.java Wed Aug 15 12:48:31 2007 @@ -43,19 +43,9 @@ */ public class MicroOperationFilter implements ACITupleFilter { - public Collection filter( - Collection tuples, - OperationScope scope, - PartitionNexusProxy proxy, - Collection userGroupNames, - LdapDN userName, - Attributes userEntry, - AuthenticationLevel authenticationLevel, - LdapDN entryName, - String attrId, - Object attrValue, - Attributes entry, - Collection microOperations ) + public Collection filter( Collection tuples, OperationScope scope, PartitionNexusProxy proxy, + Collection userGroupNames, LdapDN userName, Attributes userEntry, AuthenticationLevel authenticationLevel, + LdapDN entryName, String attrId, Object attrValue, Attributes entry, Collection microOperations ) throws NamingException { if ( tuples.size() == 0 ) @@ -74,9 +64,9 @@ */ boolean retain = true; - - for ( MicroOperation microOp:microOperations ) + for ( Iterator j = microOperations.iterator(); j.hasNext(); ) { + MicroOperation microOp = ( MicroOperation ) j.next(); if ( !tuple.getMicroOperations().contains( microOp ) ) { retain = false; Modified: directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/MostSpecificProtectedItemFilter.java URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/MostSpecificProtectedItemFilter.java?view=diff&rev=566312&r1=566311&r2=566312 ============================================================================== --- directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/MostSpecificProtectedItemFilter.java (original) +++ directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/MostSpecificProtectedItemFilter.java Wed Aug 15 12:48:31 2007 @@ -30,7 +30,6 @@ import org.apache.directory.server.core.partition.PartitionNexusProxy; import org.apache.directory.shared.ldap.aci.ACITuple; import org.apache.directory.shared.ldap.aci.AuthenticationLevel; -import org.apache.directory.shared.ldap.aci.MicroOperation; import org.apache.directory.shared.ldap.aci.ProtectedItem; import org.apache.directory.shared.ldap.name.LdapDN; @@ -52,19 +51,9 @@ */ public class MostSpecificProtectedItemFilter implements ACITupleFilter { - public Collection filter( - Collection tuples, - OperationScope scope, - PartitionNexusProxy proxy, - Collection userGroupNames, - LdapDN userName, - Attributes userEntry, - AuthenticationLevel authenticationLevel, - LdapDN entryName, - String attrId, - Object attrValue, - Attributes entry, - Collection microOperations ) + public Collection filter( Collection tuples, OperationScope scope, PartitionNexusProxy proxy, + Collection userGroupNames, LdapDN userName, Attributes userEntry, AuthenticationLevel authenticationLevel, + LdapDN entryName, String attrId, Object attrValue, Attributes entry, Collection microOperations ) throws NamingException { if ( tuples.size() <= 1 ) @@ -72,14 +61,16 @@ return tuples; } - Collection filteredTuples = new ArrayList(); + Collection filteredTuples = new ArrayList(); // If the protected item is an attribute and there are tuples that // specify the attribute type explicitly, discard all other tuples. - for ( ACITuple tuple:tuples ) + for ( Iterator i = tuples.iterator(); i.hasNext(); ) { - for ( ProtectedItem item:tuple.getProtectedItems() ) + ACITuple tuple = ( ACITuple ) i.next(); + for ( Iterator j = tuple.getProtectedItems().iterator(); j.hasNext(); ) { + ProtectedItem item = ( ProtectedItem ) j.next(); if ( item instanceof ProtectedItem.AttributeType || item instanceof ProtectedItem.AllAttributeValues || item instanceof ProtectedItem.SelfValue || item instanceof ProtectedItem.AttributeValue ) { @@ -98,10 +89,12 @@ // that specify the attribute value explicitly, discard all other tuples. // A protected item which is a rangeOfValues is to be treated as // specifying an attribute value explicitly. - for ( ACITuple tuple:tuples ) + for ( Iterator i = tuples.iterator(); i.hasNext(); ) { - for ( ProtectedItem item:tuple.getProtectedItems() ) + ACITuple tuple = ( ACITuple ) i.next(); + for ( Iterator j = tuple.getProtectedItems().iterator(); j.hasNext(); ) { + ProtectedItem item = ( ProtectedItem ) j.next(); if ( item instanceof ProtectedItem.RangeOfValues ) { filteredTuples.add( tuple ); Modified: directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/MostSpecificUserClassFilter.java URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/MostSpecificUserClassFilter.java?view=diff&rev=566312&r1=566311&r2=566312 ============================================================================== --- directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/MostSpecificUserClassFilter.java (original) +++ directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/MostSpecificUserClassFilter.java Wed Aug 15 12:48:31 2007 @@ -22,6 +22,7 @@ import java.util.ArrayList; import java.util.Collection; +import java.util.Iterator; import javax.naming.NamingException; import javax.naming.directory.Attributes; @@ -29,7 +30,6 @@ import org.apache.directory.server.core.partition.PartitionNexusProxy; import org.apache.directory.shared.ldap.aci.ACITuple; import org.apache.directory.shared.ldap.aci.AuthenticationLevel; -import org.apache.directory.shared.ldap.aci.MicroOperation; import org.apache.directory.shared.ldap.aci.UserClass; import org.apache.directory.shared.ldap.name.LdapDN; @@ -49,19 +49,9 @@ */ public class MostSpecificUserClassFilter implements ACITupleFilter { - public Collection filter( - Collection tuples, - OperationScope scope, - PartitionNexusProxy proxy, - Collection userGroupNames, - LdapDN userName, - Attributes userEntry, - AuthenticationLevel authenticationLevel, - LdapDN entryName, - String attrId, - Object attrValue, - Attributes entry, - Collection microOperations ) + public Collection filter( Collection tuples, OperationScope scope, PartitionNexusProxy proxy, + Collection userGroupNames, LdapDN userName, Attributes userEntry, AuthenticationLevel authenticationLevel, + LdapDN entryName, String attrId, Object attrValue, Attributes entry, Collection microOperations ) throws NamingException { if ( tuples.size() <= 1 ) @@ -69,14 +59,16 @@ return tuples; } - Collection filteredTuples = new ArrayList(); + Collection filteredTuples = new ArrayList(); // If there are any tuples matching the requestor with UserClasses // element name or thisEntry, discard all other tuples. - for ( ACITuple tuple:tuples ) + for ( Iterator i = tuples.iterator(); i.hasNext(); ) { - for ( UserClass userClass:tuple.getUserClasses() ) + ACITuple tuple = ( ACITuple ) i.next(); + for ( Iterator j = tuple.getUserClasses().iterator(); j.hasNext(); ) { + UserClass userClass = ( UserClass ) j.next(); if ( userClass instanceof UserClass.Name || userClass instanceof UserClass.ThisEntry ) { filteredTuples.add( tuple ); @@ -92,10 +84,12 @@ // Otherwise if there are any tuples matching UserGroup, // discard all other tuples. - for ( ACITuple tuple:tuples ) + for ( Iterator i = tuples.iterator(); i.hasNext(); ) { - for ( UserClass userClass:tuple.getUserClasses() ) + ACITuple tuple = ( ACITuple ) i.next(); + for ( Iterator j = tuple.getUserClasses().iterator(); j.hasNext(); ) { + UserClass userClass = ( UserClass ) j.next(); if ( userClass instanceof UserClass.UserGroup ) { filteredTuples.add( tuple ); @@ -111,10 +105,12 @@ // Otherwise if there are any tuples matching subtree, // discard all other tuples. - for ( ACITuple tuple:tuples ) + for ( Iterator i = tuples.iterator(); i.hasNext(); ) { - for ( UserClass userClass:tuple.getUserClasses() ) + ACITuple tuple = ( ACITuple ) i.next(); + for ( Iterator j = tuple.getUserClasses().iterator(); j.hasNext(); ) { + UserClass userClass = ( UserClass ) j.next(); if ( userClass instanceof UserClass.Subtree ) { filteredTuples.add( tuple ); Modified: directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/RelatedProtectedItemFilter.java URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/RelatedProtectedItemFilter.java?view=diff&rev=566312&r1=566311&r2=566312 ============================================================================== --- directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/RelatedProtectedItemFilter.java (original) +++ directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/RelatedProtectedItemFilter.java Wed Aug 15 12:48:31 2007 @@ -34,7 +34,6 @@ import org.apache.directory.server.schema.registries.OidRegistry; import org.apache.directory.shared.ldap.aci.ACITuple; import org.apache.directory.shared.ldap.aci.AuthenticationLevel; -import org.apache.directory.shared.ldap.aci.MicroOperation; import org.apache.directory.shared.ldap.aci.ProtectedItem; import org.apache.directory.shared.ldap.aci.ProtectedItem.MaxValueCountItem; import org.apache.directory.shared.ldap.aci.ProtectedItem.RestrictedByItem; @@ -69,19 +68,10 @@ } - public Collection filter( - Collection tuples, - OperationScope scope, - PartitionNexusProxy proxy, - Collection userGroupNames, - LdapDN userName, - Attributes userEntry, - AuthenticationLevel authenticationLevel, - LdapDN entryName, - String attrId, - Object attrValue, - Attributes entry, - Collection microOperations ) + public Collection filter( Collection tuples, OperationScope scope, PartitionNexusProxy proxy, + Collection userGroupNames, LdapDN userName, Attributes userEntry, + AuthenticationLevel authenticationLevel, LdapDN entryName, String attrId, + Object attrValue, Attributes entry, Collection microOperations ) throws NamingException { if ( tuples.size() == 0 ) Modified: directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/RelatedUserClassFilter.java URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/RelatedUserClassFilter.java?view=diff&rev=566312&r1=566311&r2=566312 ============================================================================== --- directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/RelatedUserClassFilter.java (original) +++ directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/RelatedUserClassFilter.java Wed Aug 15 12:48:31 2007 @@ -30,7 +30,6 @@ import org.apache.directory.server.core.subtree.SubtreeEvaluator; import org.apache.directory.shared.ldap.aci.ACITuple; import org.apache.directory.shared.ldap.aci.AuthenticationLevel; -import org.apache.directory.shared.ldap.aci.MicroOperation; import org.apache.directory.shared.ldap.aci.UserClass; import org.apache.directory.shared.ldap.name.LdapDN; import org.apache.directory.shared.ldap.subtree.SubtreeSpecification; @@ -56,19 +55,9 @@ } - public Collection filter( - Collection tuples, - OperationScope scope, - PartitionNexusProxy proxy, - Collection userGroupNames, - LdapDN userName, - Attributes userEntry, - AuthenticationLevel authenticationLevel, - LdapDN entryName, - String attrId, - Object attrValue, - Attributes entry, - Collection microOperations ) + public Collection filter( Collection tuples, OperationScope scope, PartitionNexusProxy proxy, + Collection userGroupNames, LdapDN userName, Attributes userEntry, AuthenticationLevel authenticationLevel, + LdapDN entryName, String attrId, Object attrValue, Attributes entry, Collection microOperations ) throws NamingException { if ( tuples.size() == 0 ) Modified: directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/RestrictedByFilter.java URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/RestrictedByFilter.java?view=diff&rev=566312&r1=566311&r2=566312 ============================================================================== --- directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/RestrictedByFilter.java (original) +++ directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/RestrictedByFilter.java Wed Aug 15 12:48:31 2007 @@ -30,7 +30,6 @@ import org.apache.directory.server.core.partition.PartitionNexusProxy; import org.apache.directory.shared.ldap.aci.ACITuple; import org.apache.directory.shared.ldap.aci.AuthenticationLevel; -import org.apache.directory.shared.ldap.aci.MicroOperation; import org.apache.directory.shared.ldap.aci.ProtectedItem; import org.apache.directory.shared.ldap.aci.ProtectedItem.RestrictedByItem; import org.apache.directory.shared.ldap.name.LdapDN; @@ -45,19 +44,9 @@ */ public class RestrictedByFilter implements ACITupleFilter { - public Collection filter( - Collection tuples, - OperationScope scope, - PartitionNexusProxy proxy, - Collection userGroupNames, - LdapDN userName, - Attributes userEntry, - AuthenticationLevel authenticationLevel, - LdapDN entryName, - String attrId, - Object attrValue, - Attributes entry, - Collection microOperations ) + public Collection filter( Collection tuples, OperationScope scope, PartitionNexusProxy proxy, + Collection userGroupNames, LdapDN userName, Attributes userEntry, AuthenticationLevel authenticationLevel, + LdapDN entryName, String attrId, Object attrValue, Attributes entry, Collection microOperations ) throws NamingException { if ( scope != OperationScope.ATTRIBUTE_TYPE_AND_VALUE ) @@ -73,7 +62,6 @@ for ( Iterator i = tuples.iterator(); i.hasNext(); ) { ACITuple tuple = ( ACITuple ) i.next(); - if ( !tuple.isGrant() ) { continue; @@ -91,8 +79,10 @@ public boolean isRemovable( ACITuple tuple, String attrId, Object attrValue, Attributes entry ) { - for ( ProtectedItem item:tuple.getProtectedItems() ) + for ( Iterator i = tuple.getProtectedItems().iterator(); i.hasNext(); ) { + ProtectedItem item = ( ProtectedItem ) i.next(); + if ( item instanceof ProtectedItem.RestrictedBy ) { ProtectedItem.RestrictedBy rb = ( ProtectedItem.RestrictedBy ) item; @@ -101,13 +91,11 @@ { RestrictedByItem rbItem = ( RestrictedByItem ) k.next(); - // TODO Fix DIRSEVER-832 if ( attrId.equalsIgnoreCase( rbItem.getAttributeType() ) ) { Attribute attr = entry.get( rbItem.getValuesIn() ); - // TODO Fix DIRSEVER-832 - if ( ( attr == null ) || !attr.contains( attrValue ) ) + if ( attr == null || !attr.contains( attrValue ) ) { return true; } Modified: directory/apacheds/trunk/core/src/test/java/org/apache/directory/server/core/authz/support/HighestPrecedenceFilterTest.java URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/core/src/test/java/org/apache/directory/server/core/authz/support/HighestPrecedenceFilterTest.java?view=diff&rev=566312&r1=566311&r2=566312 ============================================================================== --- directory/apacheds/trunk/core/src/test/java/org/apache/directory/server/core/authz/support/HighestPrecedenceFilterTest.java (original) +++ directory/apacheds/trunk/core/src/test/java/org/apache/directory/server/core/authz/support/HighestPrecedenceFilterTest.java Wed Aug 15 12:48:31 2007 @@ -24,6 +24,7 @@ import java.util.Collection; import java.util.Collections; import java.util.HashSet; +import java.util.Iterator; import java.util.Set; import junit.framework.Assert; @@ -32,9 +33,6 @@ import org.apache.directory.server.core.authz.support.HighestPrecedenceFilter; import org.apache.directory.shared.ldap.aci.ACITuple; import org.apache.directory.shared.ldap.aci.AuthenticationLevel; -import org.apache.directory.shared.ldap.aci.MicroOperation; -import org.apache.directory.shared.ldap.aci.ProtectedItem; -import org.apache.directory.shared.ldap.aci.UserClass; /** @@ -46,16 +44,14 @@ */ public class HighestPrecedenceFilterTest extends TestCase { - private static final Collection PI_EMPTY_COLLECTION = Collections.unmodifiableCollection( new ArrayList() ); - private static final Collection UC_EMPTY_COLLECTION = Collections.unmodifiableCollection( new ArrayList() ); - private static final Collection AT_EMPTY_COLLECTION = Collections.unmodifiableCollection( new ArrayList() ); - private static final Set MO_EMPTY_SET = Collections.unmodifiableSet( new HashSet() ); + private static final Collection EMPTY_COLLECTION = Collections.unmodifiableCollection( new ArrayList() ); + private static final Set EMPTY_SET = Collections.unmodifiableSet( new HashSet() ); public void testZeroTuple() throws Exception { HighestPrecedenceFilter filter = new HighestPrecedenceFilter(); - Assert.assertEquals( 0, filter.filter( AT_EMPTY_COLLECTION, null, null, null, null, null, null, null, null, null, + Assert.assertEquals( 0, filter.filter( EMPTY_COLLECTION, null, null, null, null, null, null, null, null, null, null, null ).size() ); } @@ -63,11 +59,9 @@ public void testOneTuple() throws Exception { HighestPrecedenceFilter filter = new HighestPrecedenceFilter(); - Collection tuples = new ArrayList(); - - tuples.add( new ACITuple( UC_EMPTY_COLLECTION, AuthenticationLevel.NONE, PI_EMPTY_COLLECTION, MO_EMPTY_SET, true, 10 ) ); + Collection tuples = new ArrayList(); + tuples.add( new ACITuple( EMPTY_COLLECTION, AuthenticationLevel.NONE, EMPTY_COLLECTION, EMPTY_SET, true, 10 ) ); tuples = Collections.unmodifiableCollection( tuples ); - Assert.assertEquals( tuples, filter.filter( tuples, null, null, null, null, null, null, null, null, null, null, null ) ); } @@ -77,21 +71,21 @@ { final int MAX_PRECEDENCE = 10; HighestPrecedenceFilter filter = new HighestPrecedenceFilter(); - Collection tuples = new ArrayList(); - - tuples.add( new ACITuple( UC_EMPTY_COLLECTION, AuthenticationLevel.NONE, PI_EMPTY_COLLECTION, MO_EMPTY_SET, true, + Collection tuples = new ArrayList(); + tuples.add( new ACITuple( EMPTY_COLLECTION, AuthenticationLevel.NONE, EMPTY_COLLECTION, EMPTY_SET, true, MAX_PRECEDENCE ) ); - tuples.add( new ACITuple( UC_EMPTY_COLLECTION, AuthenticationLevel.NONE, PI_EMPTY_COLLECTION, MO_EMPTY_SET, true, + tuples.add( new ACITuple( EMPTY_COLLECTION, AuthenticationLevel.NONE, EMPTY_COLLECTION, EMPTY_SET, true, MAX_PRECEDENCE / 2 ) ); - tuples.add( new ACITuple( UC_EMPTY_COLLECTION, AuthenticationLevel.NONE, PI_EMPTY_COLLECTION, MO_EMPTY_SET, true, + tuples.add( new ACITuple( EMPTY_COLLECTION, AuthenticationLevel.NONE, EMPTY_COLLECTION, EMPTY_SET, true, MAX_PRECEDENCE ) ); - tuples.add( new ACITuple( UC_EMPTY_COLLECTION, AuthenticationLevel.NONE, PI_EMPTY_COLLECTION, MO_EMPTY_SET, true, + tuples.add( new ACITuple( EMPTY_COLLECTION, AuthenticationLevel.NONE, EMPTY_COLLECTION, EMPTY_SET, true, MAX_PRECEDENCE / 3 ) ); tuples = filter.filter( tuples, null, null, null, null, null, null, null, null, null, null, null ); - for ( ACITuple tuple:tuples ) + for ( Iterator i = tuples.iterator(); i.hasNext(); ) { + ACITuple tuple = ( ACITuple ) i.next(); Assert.assertEquals( MAX_PRECEDENCE, tuple.getPrecedence() ); } } Modified: directory/apacheds/trunk/core/src/test/java/org/apache/directory/server/core/authz/support/RestrictedByFilterTest.java URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/core/src/test/java/org/apache/directory/server/core/authz/support/RestrictedByFilterTest.java?view=diff&rev=566312&r1=566311&r2=566312 ============================================================================== --- directory/apacheds/trunk/core/src/test/java/org/apache/directory/server/core/authz/support/RestrictedByFilterTest.java (original) +++ directory/apacheds/trunk/core/src/test/java/org/apache/directory/server/core/authz/support/RestrictedByFilterTest.java Wed Aug 15 12:48:31 2007 @@ -36,9 +36,7 @@ import org.apache.directory.server.core.authz.support.RestrictedByFilter; import org.apache.directory.shared.ldap.aci.ACITuple; import org.apache.directory.shared.ldap.aci.AuthenticationLevel; -import org.apache.directory.shared.ldap.aci.MicroOperation; import org.apache.directory.shared.ldap.aci.ProtectedItem; -import org.apache.directory.shared.ldap.aci.UserClass; import org.apache.directory.shared.ldap.aci.ProtectedItem.RestrictedByItem; import org.apache.directory.shared.ldap.message.AttributeImpl; import org.apache.directory.shared.ldap.message.AttributesImpl; @@ -52,12 +50,10 @@ */ public class RestrictedByFilterTest extends TestCase { - private static final Collection UC_EMPTY_COLLECTION = Collections.unmodifiableCollection( new ArrayList() ); - private static final Collection AT_EMPTY_COLLECTION = Collections.unmodifiableCollection( new ArrayList() ); - private static final Collection PI_EMPTY_COLLECTION = Collections.unmodifiableCollection( new ArrayList() ); - private static final Set MO_EMPTY_SET = Collections.unmodifiableSet( new HashSet() ); + private static final Collection EMPTY_COLLECTION = Collections.unmodifiableCollection( new ArrayList() ); + private static final Set EMPTY_SET = Collections.unmodifiableSet( new HashSet() ); - private static final Collection PROTECTED_ITEMS = new ArrayList(); + private static final Collection PROTECTED_ITEMS = new ArrayList(); private static final Attributes ENTRY = new AttributesImpl(); static @@ -78,7 +74,7 @@ { RestrictedByFilter filter = new RestrictedByFilter(); Collection tuples = new ArrayList(); - tuples.add( new ACITuple( UC_EMPTY_COLLECTION, AuthenticationLevel.NONE, PI_EMPTY_COLLECTION, MO_EMPTY_SET, true, 0 ) ); + tuples.add( new ACITuple( EMPTY_COLLECTION, AuthenticationLevel.NONE, EMPTY_COLLECTION, EMPTY_SET, true, 0 ) ); tuples = Collections.unmodifiableCollection( tuples ); @@ -94,7 +90,7 @@ { RestrictedByFilter filter = new RestrictedByFilter(); - Assert.assertEquals( 0, filter.filter( AT_EMPTY_COLLECTION, OperationScope.ATTRIBUTE_TYPE_AND_VALUE, null, null, + Assert.assertEquals( 0, filter.filter( EMPTY_COLLECTION, OperationScope.ATTRIBUTE_TYPE_AND_VALUE, null, null, null, null, null, null, null, null, null, null ).size() ); } @@ -103,7 +99,7 @@ { RestrictedByFilter filter = new RestrictedByFilter(); Collection tuples = new ArrayList(); - tuples.add( new ACITuple( UC_EMPTY_COLLECTION, AuthenticationLevel.NONE, PROTECTED_ITEMS, MO_EMPTY_SET, false, 0 ) ); + tuples.add( new ACITuple( EMPTY_COLLECTION, AuthenticationLevel.NONE, PROTECTED_ITEMS, EMPTY_SET, false, 0 ) ); tuples = Collections.unmodifiableCollection( tuples ); @@ -116,7 +112,7 @@ { RestrictedByFilter filter = new RestrictedByFilter(); Collection tuples = new ArrayList(); - tuples.add( new ACITuple( UC_EMPTY_COLLECTION, AuthenticationLevel.NONE, PROTECTED_ITEMS, MO_EMPTY_SET, true, 0 ) ); + tuples.add( new ACITuple( EMPTY_COLLECTION, AuthenticationLevel.NONE, PROTECTED_ITEMS, EMPTY_SET, true, 0 ) ); Assert.assertEquals( 1, filter.filter( tuples, OperationScope.ATTRIBUTE_TYPE_AND_VALUE, null, null, null, null, null, null, "choice", "1", ENTRY, null ).size() );