directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From akaras...@apache.org
Subject svn commit: r664281 - in /directory/apacheds/branches/bigbang: core-integ/src/test/java/org/apache/directory/server/core/authz/ core/src/main/java/org/apache/directory/server/core/authn/ core/src/main/java/org/apache/directory/server/core/authz/ core/s...
Date Sat, 07 Jun 2008 05:01:25 GMT
Author: akarasulu
Date: Fri Jun  6 22:01:25 2008
New Revision: 664281

URL: http://svn.apache.org/viewvc?rev=664281&view=rev
Log:
changes to make all core integration tests pass ...

 o modified JNDI context to expose access to CoreSession
 o removed access to principal from JNDI Context - using getSession().getEffect
   ivePrincipal() instead
 o made changes to protocol-ldap handles to correctly access the effective 
   principal
 o fixed serious issue with lookup operation in EventInterceptor which was not
   using bypass instructions
 o fixed issues with properly setting the session in the ServerContext
 o added protections in ServerContext to make sure the user has access to the
   provider URL represented by the JNDI Context and making sure it exists in
   certain constructors that was missing this call
 o exposed public access to session and directoryService in ServerContext
 o using the proper principal within the ServerContext instead of old member
 o fixed test that was completely butchered by refactoring and not even set
   up to correctly do what it was intended to do: AuthorizationServiceAsNonAdmin
   IT.java was the test
 o fixed issue where new target entry calculations for rename operation was 
   failing since the new name that was constructed was having the rdn value 
   added rather than the whole RDN as it should have been


Modified:
    directory/apacheds/branches/bigbang/core-integ/src/test/java/org/apache/directory/server/core/authz/AuthorizationServiceAsNonAdminIT.java
    directory/apacheds/branches/bigbang/core/src/main/java/org/apache/directory/server/core/authn/SimpleAuthenticator.java
    directory/apacheds/branches/bigbang/core/src/main/java/org/apache/directory/server/core/authz/AciAuthorizationInterceptor.java
    directory/apacheds/branches/bigbang/core/src/main/java/org/apache/directory/server/core/event/EventInterceptor.java
    directory/apacheds/branches/bigbang/core/src/main/java/org/apache/directory/server/core/jndi/ServerContext.java
    directory/apacheds/branches/bigbang/core/src/main/java/org/apache/directory/server/core/jndi/ServerDirContext.java
    directory/apacheds/branches/bigbang/core/src/main/java/org/apache/directory/server/core/jndi/ServerLdapContext.java
    directory/apacheds/branches/bigbang/core/src/main/java/org/apache/directory/server/core/subtree/SubentryInterceptor.java
    directory/apacheds/branches/bigbang/protocol-ldap/src/main/java/org/apache/directory/server/ldap/SessionRegistry.java
    directory/apacheds/branches/bigbang/protocol-ldap/src/main/java/org/apache/directory/server/ldap/handlers/DefaultSearchHandler.java
    directory/apacheds/branches/bigbang/protocol-ldap/src/main/java/org/apache/directory/server/ldap/handlers/extended/GracefulShutdownHandler.java
    directory/apacheds/branches/bigbang/protocol-ldap/src/main/java/org/apache/directory/server/ldap/handlers/extended/LaunchDiagnosticUiHandler.java
    directory/apacheds/branches/bigbang/protocol-ldap/src/main/java/org/apache/directory/server/ldap/handlers/extended/StoredProcedureExtendedOperationHandler.java

Modified: directory/apacheds/branches/bigbang/core-integ/src/test/java/org/apache/directory/server/core/authz/AuthorizationServiceAsNonAdminIT.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/bigbang/core-integ/src/test/java/org/apache/directory/server/core/authz/AuthorizationServiceAsNonAdminIT.java?rev=664281&r1=664280&r2=664281&view=diff
==============================================================================
--- directory/apacheds/branches/bigbang/core-integ/src/test/java/org/apache/directory/server/core/authz/AuthorizationServiceAsNonAdminIT.java
(original)
+++ directory/apacheds/branches/bigbang/core-integ/src/test/java/org/apache/directory/server/core/authz/AuthorizationServiceAsNonAdminIT.java
Fri Jun  6 22:01:25 2008
@@ -34,14 +34,11 @@
 import org.junit.Test;
 import org.junit.runner.RunWith;
 
-import javax.naming.NamingEnumeration;
 import javax.naming.NamingException;
 import javax.naming.directory.Attributes;
 import javax.naming.directory.DirContext;
 import javax.naming.directory.SearchControls;
-import javax.naming.directory.SearchResult;
 import javax.naming.ldap.LdapContext;
-import java.util.HashSet;
 
 
 /**
@@ -91,11 +88,11 @@
     {
         LdifEntry akarasulu = getUserAddLdif();
         getRootContext( service ).createSubcontext( akarasulu.getDn(), akarasulu.getAttributes()
);
-        LdapContext sysRoot = getContext( akarasulu.getDn(), service, "ou=system" );
+        LdapContext rootDSE = getContext( akarasulu.getDn(), service, "" );
 
         try
         {
-            sysRoot.rename( "uid=admin", "uid=alex" );
+            rootDSE.rename( "uid=admin,ou=system", "uid=alex,ou=system" );
             fail( "admin should not be able to rename his account" );
         }
         catch ( LdapNoPermissionException e )
@@ -115,7 +112,7 @@
     {
         LdifEntry akarasulu = getUserAddLdif();
         getRootContext( service ).createSubcontext( akarasulu.getDn(), akarasulu.getAttributes()
);
-        LdapContext sysRoot = getContext( akarasulu.getDn(), service, "ou=system" );
+        LdapContext rootDSE = getContext( akarasulu.getDn(), service, "" );
 
         Attributes attributes = new AttributesImpl();
         attributes.put( "userPassword", "replaced" );
@@ -123,7 +120,7 @@
         //noinspection EmptyCatchBlock
         try
         {
-            sysRoot.modifyAttributes( "uid=admin", DirContext.REPLACE_ATTRIBUTE, attributes
);
+            rootDSE.modifyAttributes( "uid=admin,ou=system", DirContext.REPLACE_ATTRIBUTE,
attributes );
             fail( "User 'uid=admin,ou=system' should not be able to modify attributes on
admin" );
         }
         catch ( Exception e )
@@ -133,35 +130,27 @@
 
 
     /**
-     * Makes sure the admin can see all entries we know of on a subtree search.
+     * Makes sure non-admin cannot search under ou=system.
      *
      * @throws NamingException if there are problems
      */
     @Test
-    public void testSearchSubtreeByNonAdmin() throws Exception
+    public void testNoSearchByNonAdmin() throws Exception
     {
         LdifEntry akarasulu = getUserAddLdif();
         getRootContext( service ).createSubcontext( akarasulu.getDn(), akarasulu.getAttributes()
);
-        LdapContext sysRoot = getContext( akarasulu.getDn(), service, "ou=system" );
+        LdapContext rootDSE = getContext( akarasulu.getDn(), service, "" );
 
         SearchControls controls = new SearchControls();
         controls.setSearchScope( SearchControls.SUBTREE_SCOPE );
-
-        HashSet<String> set = new HashSet<String>();
-        NamingEnumeration<SearchResult> list = sysRoot.search( "", "(objectClass=*)",
controls );
         
-        while ( list.hasMore() )
+        try
         {
-            SearchResult result = list.next();
-            set.add( result.getName() );
+            rootDSE.search( "ou=system", "(objectClass=*)", controls );
+        }
+        catch ( LdapNoPermissionException e )
+        {
+            assertNotNull( e );
         }
-
-        // @todo this assertion fails now - is this the expected behavoir?
-//        assertTrue( set.contains( "ou=system" ) );
-//        assertTrue( set.contains( "ou=groups,ou=system" ) );
-//        assertFalse( set.contains( "cn=administrators,ou=groups,ou=system" ) );
-//        assertTrue( set.contains( "ou=users,ou=system" ) );
-//        assertFalse( set.contains( "uid=akarasulu,ou=users,ou=system" ) );
-//        assertFalse( set.contains( "uid=admin,ou=system" ) );
     }
 }

Modified: directory/apacheds/branches/bigbang/core/src/main/java/org/apache/directory/server/core/authn/SimpleAuthenticator.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/bigbang/core/src/main/java/org/apache/directory/server/core/authn/SimpleAuthenticator.java?rev=664281&r1=664280&r2=664281&view=diff
==============================================================================
--- directory/apacheds/branches/bigbang/core/src/main/java/org/apache/directory/server/core/authn/SimpleAuthenticator.java
(original)
+++ directory/apacheds/branches/bigbang/core/src/main/java/org/apache/directory/server/core/authn/SimpleAuthenticator.java
Fri Jun  6 22:01:25 2008
@@ -42,7 +42,6 @@
 import org.apache.directory.server.core.authz.DefaultAuthorizationInterceptor;
 import org.apache.directory.server.core.exception.ExceptionInterceptor;
 import org.apache.directory.server.core.operational.OperationalAttributeInterceptor;
-import org.apache.directory.server.core.partition.PartitionNexus;
 import org.apache.directory.server.core.schema.SchemaInterceptor;
 import org.apache.directory.server.core.subtree.SubentryInterceptor;
 import org.apache.directory.server.core.collective.CollectiveAttributeInterceptor;

Modified: directory/apacheds/branches/bigbang/core/src/main/java/org/apache/directory/server/core/authz/AciAuthorizationInterceptor.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/bigbang/core/src/main/java/org/apache/directory/server/core/authz/AciAuthorizationInterceptor.java?rev=664281&r1=664280&r2=664281&view=diff
==============================================================================
--- directory/apacheds/branches/bigbang/core/src/main/java/org/apache/directory/server/core/authz/AciAuthorizationInterceptor.java
(original)
+++ directory/apacheds/branches/bigbang/core/src/main/java/org/apache/directory/server/core/authz/AciAuthorizationInterceptor.java
Fri Jun  6 22:01:25 2008
@@ -789,7 +789,7 @@
         LdapDN newName = ( LdapDN ) name.clone();
         newName.remove( name.size() - 1 );
 
-        newName.add( ( String ) renameContext.getNewRdn().getValue() );
+        newName.add( renameContext.getNewRdn() );
 
         // bypass authz code if we are disabled
         if ( !enabled )

Modified: directory/apacheds/branches/bigbang/core/src/main/java/org/apache/directory/server/core/event/EventInterceptor.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/bigbang/core/src/main/java/org/apache/directory/server/core/event/EventInterceptor.java?rev=664281&r1=664280&r2=664281&view=diff
==============================================================================
--- directory/apacheds/branches/bigbang/core/src/main/java/org/apache/directory/server/core/event/EventInterceptor.java
(original)
+++ directory/apacheds/branches/bigbang/core/src/main/java/org/apache/directory/server/core/event/EventInterceptor.java
Fri Jun  6 22:01:25 2008
@@ -345,7 +345,7 @@
 
     private void notifyOnNameChange( OperationContext opContext, LdapDN oldName, LdapDN newName
) throws Exception
     {
-        ClonedServerEntry entry = opContext.lookup( newName, null );
+        ClonedServerEntry entry = opContext.lookup( newName, ByPassConstants.LOOKUP_COLLECTIVE_BYPASS
);
         Set<EventSourceRecord> selecting = getSelectingSources( oldName, entry );
 
         if ( selecting.isEmpty() )

Modified: directory/apacheds/branches/bigbang/core/src/main/java/org/apache/directory/server/core/jndi/ServerContext.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/bigbang/core/src/main/java/org/apache/directory/server/core/jndi/ServerContext.java?rev=664281&r1=664280&r2=664281&view=diff
==============================================================================
--- directory/apacheds/branches/bigbang/core/src/main/java/org/apache/directory/server/core/jndi/ServerContext.java
(original)
+++ directory/apacheds/branches/bigbang/core/src/main/java/org/apache/directory/server/core/jndi/ServerContext.java
Fri Jun  6 22:01:25 2008
@@ -110,9 +110,6 @@
     /** The set of registered NamingListeners */
     private final Set<NamingListener> listeners = new HashSet<NamingListener>();
 
-    /** The Principal associated with this context */
-    private LdapPrincipal principal;
-
     /** The request controls to set on operations before performing them */
     protected Control[] requestControls = EMPTY_CONTROLS;
 
@@ -157,14 +154,17 @@
         LdapJndiProperties props = LdapJndiProperties.getLdapJndiProperties( this.env );
         dn = props.getProviderDn();
 
-        // need to issue a bind operation here
-        doBindOperation( props.getBindDn(), props.getCredentials(), props.getSaslMechanism(),
props
-            .getSaslAuthId() );
+        /*
+         * Need do bind operation here, and opContext returned contains the 
+         * newly created session.
+         */
+        BindOperationContext opContext = doBindOperation( props.getBindDn(), props.getCredentials(),

+            props.getSaslMechanism(), props.getSaslAuthId() );
 
-        session = new DefaultCoreSession( principal, service );
+        session = opContext.getSession();
         setReferralHandlingMode( env );
         
-        if ( !nexusProxy.hasEntry( new EntryOperationContext( session, dn ) ) )
+        if ( ! nexusProxy.hasEntry( new EntryOperationContext( session, dn ) ) )
         {
             throw new NameNotFoundException( dn + " does not exist" );
         }
@@ -210,8 +210,12 @@
         this.env.put( PROVIDER_URL, dn.toString() );
         this.env.put( DirectoryService.JNDI_KEY, service );
         this.nexusProxy = new PartitionNexusProxy( service );
-        this.principal = principal;
         session = new DefaultCoreSession( principal, service );
+        
+        if ( ! nexusProxy.hasEntry( new EntryOperationContext( session, ( LdapDN ) dn ) )
)
+        {
+            throw new NameNotFoundException( dn + " does not exist" );
+        }
     }
 
 
@@ -223,8 +227,12 @@
         this.env.put( PROVIDER_URL, dn.toString() );
         this.env.put( DirectoryService.JNDI_KEY, service );
         this.nexusProxy = new PartitionNexusProxy( service );
-        this.principal = session.getEffectivePrincipal();
         this.session = session;
+        
+        if ( ! nexusProxy.hasEntry( new EntryOperationContext( session, ( LdapDN ) dn ) )
)
+        {
+            throw new NameNotFoundException( dn + " does not exist" );
+        }
     }
 
 
@@ -485,13 +493,13 @@
     }
 
     
-    protected CoreSession getSession()
+    public CoreSession getSession()
     {
         return session;
     }
     
     
-    protected DirectoryService getDirectoryService()
+    public DirectoryService getDirectoryService()
     {
         return service;
     }
@@ -521,37 +529,11 @@
     }
 
 
-    /**
-     * Gets the principal of the authenticated user which also happens to own
-     *
-     * @return the principal associated with this context
-     */
-    public LdapPrincipal getPrincipal()
-    {
-        return principal;
-    }
-
-
-    /**
-     * Sets the principal of the authenticated user which also happens to own.
-     * This method can be invoked only once to keep this property safe.  This
-     * method has been changed to be public but it can only be set by the
-     * AuthenticationInterceptor to prevent malicious code from changing the
-     * effective principal.
-     *
-     * @param wrapper the wrapper - has to go
-     * @todo get ride of using this wrapper and protect this call with a security manager
-     */
-    public void setPrincipal( LdapPrincipal principal )
-    {
-        this.principal = principal;
-    }
-
-
     // ------------------------------------------------------------------------
     // Protected Accessor Methods
     // ------------------------------------------------------------------------
 
+    
     /**
      * Gets the RootNexus proxy.
      *
@@ -714,7 +696,7 @@
         
         try
         {
-            ctx = new ServerLdapContext( service, principal, target );
+            ctx = new ServerLdapContext( service, session.getEffectivePrincipal(), target
);
         }
         catch ( Exception e )
         {
@@ -1115,7 +1097,7 @@
         
         try
         {
-            ctx = new ServerLdapContext( service, principal, target );
+            ctx = new ServerLdapContext( service, session.getEffectivePrincipal(), target
);
         }
         catch ( Exception e )
         {

Modified: directory/apacheds/branches/bigbang/core/src/main/java/org/apache/directory/server/core/jndi/ServerDirContext.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/bigbang/core/src/main/java/org/apache/directory/server/core/jndi/ServerDirContext.java?rev=664281&r1=664280&r2=664281&view=diff
==============================================================================
--- directory/apacheds/branches/bigbang/core/src/main/java/org/apache/directory/server/core/jndi/ServerDirContext.java
(original)
+++ directory/apacheds/branches/bigbang/core/src/main/java/org/apache/directory/server/core/jndi/ServerDirContext.java
Fri Jun  6 22:01:25 2008
@@ -556,7 +556,7 @@
         
         try
         {
-            ctx = new ServerLdapContext( getService(), getPrincipal(), target );
+            ctx = new ServerLdapContext( getService(), getSession().getEffectivePrincipal(),
target );
         }
         catch ( Exception e )
         {

Modified: directory/apacheds/branches/bigbang/core/src/main/java/org/apache/directory/server/core/jndi/ServerLdapContext.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/bigbang/core/src/main/java/org/apache/directory/server/core/jndi/ServerLdapContext.java?rev=664281&r1=664280&r2=664281&view=diff
==============================================================================
--- directory/apacheds/branches/bigbang/core/src/main/java/org/apache/directory/server/core/jndi/ServerLdapContext.java
(original)
+++ directory/apacheds/branches/bigbang/core/src/main/java/org/apache/directory/server/core/jndi/ServerLdapContext.java
Fri Jun  6 22:01:25 2008
@@ -111,7 +111,7 @@
         ServerLdapContext ctx = null;
         try
         {
-            ctx = new ServerLdapContext( getService(), getPrincipal(), ( LdapDN ) getDn()
);
+            ctx = new ServerLdapContext( getService(), getSession().getEffectivePrincipal(),
( LdapDN ) getDn() );
         }
         catch ( Exception e )
         {
@@ -255,7 +255,7 @@
      */
     public void ldapUnbind() throws NamingException
     {
-        LdapDN principalDn = super.getPrincipal().getJndiName();
+        LdapDN principalDn = getSession().getEffectivePrincipal().getJndiName();
         UnbindOperationContext opCtx = new UnbindOperationContext( getSession(), principalDn
);
         opCtx.addRequestControls( requestControls );
         try
@@ -301,7 +301,7 @@
         
         try
         {
-            ctx = new ServerLdapContext( getService(), getPrincipal(), new LdapDN() );
+            ctx = new ServerLdapContext( getService(), getSession().getEffectivePrincipal(),
new LdapDN() );
         }
         catch ( Exception e )
         {

Modified: directory/apacheds/branches/bigbang/core/src/main/java/org/apache/directory/server/core/subtree/SubentryInterceptor.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/bigbang/core/src/main/java/org/apache/directory/server/core/subtree/SubentryInterceptor.java?rev=664281&r1=664280&r2=664281&view=diff
==============================================================================
--- directory/apacheds/branches/bigbang/core/src/main/java/org/apache/directory/server/core/subtree/SubentryInterceptor.java
(original)
+++ directory/apacheds/branches/bigbang/core/src/main/java/org/apache/directory/server/core/subtree/SubentryInterceptor.java
Fri Jun  6 22:01:25 2008
@@ -40,7 +40,6 @@
 import org.apache.directory.server.core.interceptor.context.AddOperationContext;
 import org.apache.directory.server.core.interceptor.context.DeleteOperationContext;
 import org.apache.directory.server.core.interceptor.context.ListOperationContext;
-import org.apache.directory.server.core.interceptor.context.LookupOperationContext;
 import org.apache.directory.server.core.interceptor.context.ModifyOperationContext;
 import org.apache.directory.server.core.interceptor.context.MoveAndRenameOperationContext;
 import org.apache.directory.server.core.interceptor.context.MoveOperationContext;

Modified: directory/apacheds/branches/bigbang/protocol-ldap/src/main/java/org/apache/directory/server/ldap/SessionRegistry.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/bigbang/protocol-ldap/src/main/java/org/apache/directory/server/ldap/SessionRegistry.java?rev=664281&r1=664280&r2=664281&view=diff
==============================================================================
--- directory/apacheds/branches/bigbang/protocol-ldap/src/main/java/org/apache/directory/server/ldap/SessionRegistry.java
(original)
+++ directory/apacheds/branches/bigbang/protocol-ldap/src/main/java/org/apache/directory/server/ldap/SessionRegistry.java
Fri Jun  6 22:01:25 2008
@@ -296,7 +296,7 @@
                 slc = ( ServerLdapContext ) ctx;
             }
             
-            boolean isAnonymousUser = slc.getPrincipal().getName().trim().equals( "" );
+            boolean isAnonymousUser = slc.getSession().getEffectivePrincipal().getName().trim().equals(
"" );
 
             // if the user principal is anonymous and the configuration does not allow anonymous
binds we
             // prevent the operation by blowing a NoPermissionsException

Modified: directory/apacheds/branches/bigbang/protocol-ldap/src/main/java/org/apache/directory/server/ldap/handlers/DefaultSearchHandler.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/bigbang/protocol-ldap/src/main/java/org/apache/directory/server/ldap/handlers/DefaultSearchHandler.java?rev=664281&r1=664280&r2=664281&view=diff
==============================================================================
--- directory/apacheds/branches/bigbang/protocol-ldap/src/main/java/org/apache/directory/server/ldap/handlers/DefaultSearchHandler.java
(original)
+++ directory/apacheds/branches/bigbang/protocol-ldap/src/main/java/org/apache/directory/server/ldap/handlers/DefaultSearchHandler.java
Fri Jun  6 22:01:25 2008
@@ -302,7 +302,7 @@
             // ===============================================================
 
             boolean allowAnonymousBinds = ldapServer.isAllowAnonymousAccess();
-            boolean isAnonymousUser = ctx.getPrincipal().getName().trim().equals( "" );
+            boolean isAnonymousUser = ctx.getSession().getEffectivePrincipal().getName().trim().equals(
"" );
 
             if ( isAnonymousUser && !allowAnonymousBinds && !isRootDSESearch
)
             {
@@ -328,7 +328,7 @@
             {
                 controls = getSearchControls( req, ids, false, maxSize, maxTime );
             }
-            else if ( ctx.getPrincipal().getName()
+            else if ( ctx.getSession().getEffectivePrincipal().getName()
                 .trim().equals( ServerDNConstants.ADMIN_SYSTEM_DN_NORMALIZED ) )
             {
                 controls = getSearchControls( req, ids, true, maxSize, maxTime );

Modified: directory/apacheds/branches/bigbang/protocol-ldap/src/main/java/org/apache/directory/server/ldap/handlers/extended/GracefulShutdownHandler.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/bigbang/protocol-ldap/src/main/java/org/apache/directory/server/ldap/handlers/extended/GracefulShutdownHandler.java?rev=664281&r1=664280&r2=664281&view=diff
==============================================================================
--- directory/apacheds/branches/bigbang/protocol-ldap/src/main/java/org/apache/directory/server/ldap/handlers/extended/GracefulShutdownHandler.java
(original)
+++ directory/apacheds/branches/bigbang/protocol-ldap/src/main/java/org/apache/directory/server/ldap/handlers/extended/GracefulShutdownHandler.java
Fri Jun  6 22:01:25 2008
@@ -101,12 +101,12 @@
 
         // make sue only the administrator can issue this shutdown request if 
         // not we respond to the requestor with with insufficientAccessRights(50)
-        if ( !slc.getPrincipal().getName().equalsIgnoreCase( ServerDNConstants.ADMIN_SYSTEM_DN_NORMALIZED
) )
+        if ( !slc.getSession().getEffectivePrincipal().getName().equalsIgnoreCase( ServerDNConstants.ADMIN_SYSTEM_DN_NORMALIZED
) )
         {
             if ( LOG.isInfoEnabled() )
             {
                 LOG.info( "Rejected with insufficientAccessRights to attempt for server shutdown
by "
-                    + slc.getPrincipal().getName() );
+                    + slc.getSession().getEffectivePrincipal().getName() );
             }
 
             requestor

Modified: directory/apacheds/branches/bigbang/protocol-ldap/src/main/java/org/apache/directory/server/ldap/handlers/extended/LaunchDiagnosticUiHandler.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/bigbang/protocol-ldap/src/main/java/org/apache/directory/server/ldap/handlers/extended/LaunchDiagnosticUiHandler.java?rev=664281&r1=664280&r2=664281&view=diff
==============================================================================
--- directory/apacheds/branches/bigbang/protocol-ldap/src/main/java/org/apache/directory/server/ldap/handlers/extended/LaunchDiagnosticUiHandler.java
(original)
+++ directory/apacheds/branches/bigbang/protocol-ldap/src/main/java/org/apache/directory/server/ldap/handlers/extended/LaunchDiagnosticUiHandler.java
Fri Jun  6 22:01:25 2008
@@ -90,7 +90,8 @@
             ServerLdapContext slc = ( ServerLdapContext ) ctx;
             DirectoryService service = slc.getService();
 
-            if ( !slc.getPrincipal().getName().equalsIgnoreCase( ServerDNConstants.ADMIN_SYSTEM_DN_NORMALIZED
) )
+            if ( !slc.getSession().getEffectivePrincipal().getName()
+                    .equalsIgnoreCase( ServerDNConstants.ADMIN_SYSTEM_DN_NORMALIZED ) )
             {
                 requestor.write( new LaunchDiagnosticUiResponse( req.getMessageId(),
                     ResultCodeEnum.INSUFFICIENT_ACCESS_RIGHTS ) );

Modified: directory/apacheds/branches/bigbang/protocol-ldap/src/main/java/org/apache/directory/server/ldap/handlers/extended/StoredProcedureExtendedOperationHandler.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/bigbang/protocol-ldap/src/main/java/org/apache/directory/server/ldap/handlers/extended/StoredProcedureExtendedOperationHandler.java?rev=664281&r1=664280&r2=664281&view=diff
==============================================================================
--- directory/apacheds/branches/bigbang/protocol-ldap/src/main/java/org/apache/directory/server/ldap/handlers/extended/StoredProcedureExtendedOperationHandler.java
(original)
+++ directory/apacheds/branches/bigbang/protocol-ldap/src/main/java/org/apache/directory/server/ldap/handlers/extended/StoredProcedureExtendedOperationHandler.java
Fri Jun  6 22:01:25 2008
@@ -101,7 +101,7 @@
         StoredProcedure spBean = decodeBean( req.getPayload() );
         
         String procedure = StringTools.utf8ToString( spBean.getProcedure() );
-        CoreSession coreSession = ctx.getService().getSession( ctx.getPrincipal() );
+        CoreSession coreSession = ctx.getSession();
         ClonedServerEntry spUnit = manager.findStoredProcUnit( coreSession, procedure );
         StoredProcEngine engine = manager.getStoredProcEngineInstance( spUnit );
         



Mime
View raw message