directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From djen...@apache.org
Subject svn commit: r586794 - in /directory/sandbox/djencks/triplesec-jacc2: guardian-api/src/main/java/org/apache/directory/triplesec/guardian/ guardian-ldap/src/main/java/org/apache/directory/triplesec/guardian/ldap/ itest-data/src/main/resources/
Date Sat, 20 Oct 2007 20:34:14 GMT
Author: djencks
Date: Sat Oct 20 13:34:14 2007
New Revision: 586794

URL: http://svn.apache.org/viewvc?rev=586794&view=rev
Log:
make application/role relationship work with app tree

Modified:
    directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/main/java/org/apache/directory/triplesec/guardian/EntryApplicationPolicy.java
    directory/sandbox/djencks/triplesec-jacc2/guardian-ldap/src/main/java/org/apache/directory/triplesec/guardian/ldap/LdapApplicationPolicy.java
    directory/sandbox/djencks/triplesec-jacc2/itest-data/src/main/resources/server.ldif

Modified: directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/main/java/org/apache/directory/triplesec/guardian/EntryApplicationPolicy.java
URL: http://svn.apache.org/viewvc/directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/main/java/org/apache/directory/triplesec/guardian/EntryApplicationPolicy.java?rev=586794&r1=586793&r2=586794&view=diff
==============================================================================
--- directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/main/java/org/apache/directory/triplesec/guardian/EntryApplicationPolicy.java
(original)
+++ directory/sandbox/djencks/triplesec-jacc2/guardian-api/src/main/java/org/apache/directory/triplesec/guardian/EntryApplicationPolicy.java
Sat Oct 20 13:34:14 2007
@@ -30,6 +30,7 @@
 import java.util.HashSet;
 import java.util.Map;
 import java.util.Set;
+import java.util.List;
 
 import javax.naming.NamingEnumeration;
 import javax.naming.NamingException;
@@ -158,7 +159,7 @@
         return permissions;
     }
 
-    protected Role addRole( String roleId, Map<String, Attributes> roleAttributes )
throws NamingException
+    protected Role addRole( String roleId, List<Map<String,Attributes>> appRoleAttributes
) throws NamingException
     {
         Role role = rolesById.get( roleId );
         if ( role != null )
@@ -169,11 +170,19 @@
         {
             throw new GuardianException( "Circular reference to role " + roleId );
         }
-        Attributes attrs = roleAttributes.get( roleId );
+        Attributes attrs = null;
+        for (Map<String,Attributes> roleAttributes: appRoleAttributes)
+        {
+            attrs = roleAttributes.get( roleId );
+            if (attrs != null)
+            {
+                break;
+            }
+        }
         if ( attrs == null )
         {
             return null;
-//            throw new GuardianException( "no role named " + roleId + " found" );
+//             throw new GuardianException( "no role named " + roleId + " found" );
         }
         //mark that we have started looking at this role name
         rolesById.put( roleId, null );
@@ -207,17 +216,17 @@
         }
 
         attributes = attrs.get( "grantedRoles" );
-        Collection<Role> grantedRoles = getRoles( attributes, roleAttributes );
+        Collection<Role> grantedRoles = getRoles( attributes, appRoleAttributes );
 
         attributes = attrs.get( "deniedRoles" );
-        Collection<Role> deniedRoles = getRoles( attributes, roleAttributes );
+        Collection<Role> deniedRoles = getRoles( attributes, appRoleAttributes );
 
         role = new Role( this, roleName, roleId, grants, denials, grantedRoles, deniedRoles,
getStringAttribute( attrs, "description" ) );
         rolesById.put( roleId, role );
         return role;
     }
 
-    private Collection<Role> getRoles( Attribute attributes, Map<String, Attributes>
roleAttributes )
+    private Collection<Role> getRoles( Attribute attributes, List<Map<String,
Attributes>> roleAttributes )
             throws NamingException
     {
         Collection<Role> roles = new ArrayList<Role>();

Modified: directory/sandbox/djencks/triplesec-jacc2/guardian-ldap/src/main/java/org/apache/directory/triplesec/guardian/ldap/LdapApplicationPolicy.java
URL: http://svn.apache.org/viewvc/directory/sandbox/djencks/triplesec-jacc2/guardian-ldap/src/main/java/org/apache/directory/triplesec/guardian/ldap/LdapApplicationPolicy.java?rev=586794&r1=586793&r2=586794&view=diff
==============================================================================
--- directory/sandbox/djencks/triplesec-jacc2/guardian-ldap/src/main/java/org/apache/directory/triplesec/guardian/ldap/LdapApplicationPolicy.java
(original)
+++ directory/sandbox/djencks/triplesec-jacc2/guardian-ldap/src/main/java/org/apache/directory/triplesec/guardian/ldap/LdapApplicationPolicy.java
Sat Oct 20 13:34:14 2007
@@ -28,6 +28,7 @@
 import java.util.List;
 import java.util.Map;
 import java.util.Set;
+import java.util.Collections;
 
 import javax.naming.NamingEnumeration;
 import javax.naming.NamingException;
@@ -69,6 +70,8 @@
     /** the profile for the admin user with all rights in all roles */
 //    private Profile adminProfile;
 
+    private final List<String> appDns;
+
 
     /**
      * Creates an instance of the LDAP ApplicationPolicyStore.
@@ -88,7 +91,7 @@
 
         // extract the applicationRdn from the applicationPrincipalDN
         this.applicationRdn = applicationRdn;
-
+        appDns = getAppPath(applicationRdn);
         // load the set of permissions associated with this application
         loadPermissions();
 
@@ -121,6 +124,18 @@
         initializeNotifications();
     }
 
+    private List<String> getAppPath( String applicationRdn )
+    {
+        List<String> appDns = new ArrayList<String>();
+        while (applicationRdn.startsWith( "appName"))
+        {
+            appDns.add(0, applicationRdn);
+            applicationRdn = applicationRdn.substring( applicationRdn.indexOf( ',') + 1);
+        }
+
+        return appDns;
+    }
+
 
     private boolean initializeNotifications()
     {
@@ -150,24 +165,36 @@
     {
         SearchControls ctrls = new SearchControls();
         ctrls.setReturningAttributes( new String[] { "roleName", "roleId", "grants", "denials",
"grantedRoles", "deniedRoles" } );
-        ctrls.setSearchScope( SearchControls.SUBTREE_SCOPE );
+        ctrls.setSearchScope( SearchControls.ONELEVEL_SCOPE );
 
+        List<Map<String, Attributes>> appRoleAttributes = new ArrayList<Map<String,
Attributes>>();
         try
         {
-            Map<String, Attributes> roleAttributes = new HashMap<String, Attributes>();
-            NamingEnumeration<SearchResult> list = ctx.search( applicationRdn,
-                    "(objectClass=policyRole)", ctrls );
-            while ( list.hasMore() )
+            for ( String appDn: appDns )
             {
-                SearchResult result = list.next();
-                Attributes attributes = result.getAttributes();
-                String roleId = getStringAttribute(attributes, "roleId");
-                roleAttributes.put(roleId, attributes);
+                Map<String, Attributes> roleAttributes = new HashMap<String, Attributes>();
+                NamingEnumeration<SearchResult> list = ctx.search( "ou=roles," + appDn,
+                        "(objectClass=policyRole)", ctrls );
+                while ( list.hasMore() )
+                {
+                    SearchResult result = list.next();
+                    Attributes attributes = result.getAttributes();
+                    String roleId = getStringAttribute(attributes, "roleId");
+                    roleAttributes.put(roleId, attributes);
+                }
+                appRoleAttributes.add(roleAttributes);
             }
 
-            for (String roleId: roleAttributes.keySet())
+            int end = appRoleAttributes.size();
+            int pos = 0;
+            for ( Map<String, Attributes> roleAttributes: appRoleAttributes )
             {
-                addRole(roleId, roleAttributes);
+                List<Map<String, Attributes>> childRoleAttributes = appRoleAttributes.subList(
pos++, end);
+
+                for (String roleId: roleAttributes.keySet())
+                {
+                    addRole(roleId, childRoleAttributes);
+                }
             }
         }
         catch ( NamingException e )

Modified: directory/sandbox/djencks/triplesec-jacc2/itest-data/src/main/resources/server.ldif
URL: http://svn.apache.org/viewvc/directory/sandbox/djencks/triplesec-jacc2/itest-data/src/main/resources/server.ldif?rev=586794&r1=586793&r2=586794&view=diff
==============================================================================
--- directory/sandbox/djencks/triplesec-jacc2/itest-data/src/main/resources/server.ldif (original)
+++ directory/sandbox/djencks/triplesec-jacc2/itest-data/src/main/resources/server.ldif Sat
Oct 20 13:34:14 2007
@@ -454,6 +454,12 @@
 objectClass: policyPermission
 permName: mockPerm9
 
+dn: ou=roles,appName=mockApplication,ou=applications,dc=example,dc=com
+changetype: add
+objectClass: top
+objectClass: organizationalUnit
+ou: roles
+
 dn: ou=roles,appName=mockContext,appName=mockApplication,ou=applications,dc=example,dc=com
 changetype: add
 objectClass: top



Mime
View raw message