Return-Path: Delivered-To: apmail-directory-commits-archive@www.apache.org Received: (qmail 73497 invoked from network); 23 May 2008 02:37:30 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 23 May 2008 02:37:30 -0000 Received: (qmail 30312 invoked by uid 500); 23 May 2008 02:37:31 -0000 Delivered-To: apmail-directory-commits-archive@directory.apache.org Received: (qmail 30271 invoked by uid 500); 23 May 2008 02:37:31 -0000 Mailing-List: contact commits-help@directory.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@directory.apache.org Delivered-To: mailing list commits@directory.apache.org Received: (qmail 30258 invoked by uid 99); 23 May 2008 02:37:31 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 22 May 2008 19:37:31 -0700 X-ASF-Spam-Status: No, hits=-2000.0 required=10.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.4] (HELO eris.apache.org) (140.211.11.4) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 23 May 2008 02:36:45 +0000 Received: by eris.apache.org (Postfix, from userid 65534) id 51DD623889FA; Thu, 22 May 2008 19:37:01 -0700 (PDT) Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: svn commit: r659374 - /directory/apacheds/branches/bigbang/core/src/main/java/org/apache/directory/server/core/authn/AuthenticationInterceptor.java Date: Fri, 23 May 2008 02:37:00 -0000 To: commits@directory.apache.org From: elecharny@apache.org X-Mailer: svnmailer-1.0.8 Message-Id: <20080523023701.51DD623889FA@eris.apache.org> X-Virus-Checked: Checked by ClamAV on apache.org Author: elecharny Date: Thu May 22 19:36:59 2008 New Revision: 659374 URL: http://svn.apache.org/viewvc?rev=659374&view=rev Log: Moved the OperationContext from the doAddOperation to the caller, in order to get ready for the JNDI removal Modified: directory/apacheds/branches/bigbang/core/src/main/java/org/apache/directory/server/core/authn/AuthenticationInterceptor.java Modified: directory/apacheds/branches/bigbang/core/src/main/java/org/apache/directory/server/core/authn/AuthenticationInterceptor.java URL: http://svn.apache.org/viewvc/directory/apacheds/branches/bigbang/core/src/main/java/org/apache/directory/server/core/authn/AuthenticationInterceptor.java?rev=659374&r1=659373&r2=659374&view=diff ============================================================================== --- directory/apacheds/branches/bigbang/core/src/main/java/org/apache/directory/server/core/authn/AuthenticationInterceptor.java (original) +++ directory/apacheds/branches/bigbang/core/src/main/java/org/apache/directory/server/core/authn/AuthenticationInterceptor.java Thu May 22 19:36:59 2008 @@ -48,13 +48,13 @@ import org.apache.directory.server.core.interceptor.context.ModifyOperationContext; import org.apache.directory.server.core.interceptor.context.MoveAndRenameOperationContext; import org.apache.directory.server.core.interceptor.context.MoveOperationContext; +import org.apache.directory.server.core.interceptor.context.OperationContext; import org.apache.directory.server.core.interceptor.context.RenameOperationContext; import org.apache.directory.server.core.interceptor.context.SearchOperationContext; import org.apache.directory.server.core.invocation.InvocationStack; import org.apache.directory.server.core.jndi.LdapJndiProperties; import org.apache.directory.server.core.jndi.ServerContext; import org.apache.directory.shared.ldap.exception.LdapAuthenticationException; -import org.apache.directory.shared.ldap.message.MessageTypeEnum; import org.apache.directory.shared.ldap.name.LdapDN; import org.apache.directory.shared.ldap.util.StringTools; import org.slf4j.Logger; @@ -198,7 +198,7 @@ " for DN = '" + opContext.getDn().getUpName() + "'" ); } - checkAuthenticated( MessageTypeEnum.ADD_REQUEST ); + checkAuthenticated( opContext ); next.add( opContext ); } @@ -210,7 +210,7 @@ LOG.debug( "Deleting name = '" + opContext.getDn().getUpName() + "'" ); } - checkAuthenticated( MessageTypeEnum.DEL_REQUEST ); + checkAuthenticated( opContext ); next.delete( opContext ); invalidateAuthenticatorCaches( opContext.getDn() ); } @@ -223,7 +223,7 @@ LOG.debug( "Matching name = '" + opContext.getDn().getUpName() + "'" ); } - checkAuthenticated(); + checkAuthenticated( opContext ); return next.getMatchedName( opContext ); } @@ -235,7 +235,7 @@ LOG.debug( "Getting root DSE" ); } - checkAuthenticated(); + checkAuthenticated( opContext ); return next.getRootDSE( opContext ); } @@ -247,7 +247,7 @@ LOG.debug( "Getting suffix for name = '" + opContext.getDn().getUpName() + "'" ); } - checkAuthenticated(); + checkAuthenticated( opContext ); return next.getSuffix( opContext ); } @@ -259,7 +259,7 @@ LOG.debug( "Testing if entry name = '" + opContext.getDn().getUpName() + "' exists" ); } - checkAuthenticated(); + checkAuthenticated( opContext ); return next.hasEntry( opContext ); } @@ -271,7 +271,7 @@ LOG.debug( "Listing base = '" + opContext.getDn().getUpName() + "'" ); } - checkAuthenticated(); + checkAuthenticated( opContext ); return next.list( opContext ); } @@ -283,7 +283,7 @@ LOG.debug( "Listing suffixes" ); } - checkAuthenticated(); + checkAuthenticated( opContext ); return next.listSuffixes( opContext ); } @@ -304,7 +304,7 @@ } } - checkAuthenticated(); + checkAuthenticated( opContext ); return next.lookup( opContext ); } @@ -330,7 +330,7 @@ LOG.debug( opContext.toString() ); } - checkAuthenticated( MessageTypeEnum.MODIFY_REQUEST ); + checkAuthenticated( opContext ); next.modify( opContext ); invalidateAuthenticatorCaches( opContext.getDn() ); } @@ -345,7 +345,7 @@ "oldRDN = '" + opContext.getDelOldDn() + "'" ); } - checkAuthenticated( MessageTypeEnum.MOD_DN_REQUEST ); + checkAuthenticated( opContext ); next.rename( opContext ); invalidateAuthenticatorCaches( opContext.getDn() ); } @@ -362,7 +362,7 @@ opContext.getDelOldDn() + "'" ); } - checkAuthenticated( MessageTypeEnum.MOD_DN_REQUEST ); + checkAuthenticated( opContext ); next.moveAndRename( opContext ); invalidateAuthenticatorCaches( opContext.getDn() ); } @@ -376,7 +376,7 @@ opContext.getParent().getUpName() + "'" ); } - checkAuthenticated( MessageTypeEnum.MOD_DN_REQUEST ); + checkAuthenticated( opContext ); next.move( opContext ); invalidateAuthenticatorCaches( opContext.getDn() ); } @@ -389,39 +389,27 @@ LOG.debug( "Search for base = '" + opContext.getDn().getUpName() + "'" ); } - checkAuthenticated( MessageTypeEnum.SEARCH_REQUEST ); + checkAuthenticated( opContext ); return next.search( opContext ); } - private void checkAuthenticated( MessageTypeEnum operation ) throws Exception - { - try - { - checkAuthenticated(); - } - catch ( IllegalStateException ise ) - { - LOG.error( "Attempted operation {} by unauthenticated caller.", operation.name() ); - - throw new IllegalStateException( "Attempted operation by unauthenticated caller." ); - } - } - - private void checkAuthenticated() throws Exception + /** + * Check if the curretn operation has a valid PrincipalDN or not. + * + * @param opContext the OperationContext for this operation + * @param operation the operation type + * @throws Exception + */ + private void checkAuthenticated( OperationContext opContext ) throws Exception { - ServerContext ctx = ( ServerContext ) InvocationStack.getInstance().peek().getCaller(); - - if ( ctx.getPrincipal() != null ) + if ( opContext.getPrincipalDN() != null ) { - if ( ctx.getEnvironment().containsKey( Context.SECURITY_CREDENTIALS ) ) - { - ctx.removeFromEnvironment( Context.SECURITY_CREDENTIALS ); - } - return; } + LOG.error( "Attempted operation '{}' by unauthenticated caller.", opContext.getName() ); + throw new IllegalStateException( "Attempted operation by unauthenticated caller." ); }